lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 10 Jul 2008 14:05:20 -0700
From:	"John Heffner" <johnwheffner@...il.com>
To:	"Dan Noé" <dnoe@...ebrokerage.com>
Cc:	"Rick Jones" <rick.jones2@...com>, netdev@...r.kernel.org
Subject: Re: Detecting TCP loss on the receiving side?

On Thu, Jul 10, 2008 at 1:19 PM, Dan Noé <dnoe@...ebrokerage.com> wrote:
> Rick Jones wrote:
>>
>> If this is just for troubleshooting, why not just take a tcpdump trace?
>
> We're pushing a lot of data.. several Mbps pretty much all day long.. and
> the (suspected) loss occurs sporadically.  Ideally we'd like to be able to
> easily correlate it with latency seen in our app.


Looking for loss at the receiver is a bit tricky.  It doesn't look
like struct tcp_info has enough information to do this easily.  If you
are able to install a custom kernel on this machine, the Web100 patch
would be able to gather enough information to figure it out.  The
basic idea would be to look for a difference between RcvNxt and
RcvMax.

On the other hand, several Mbps is not that much.  It's probably not
that hard to take tcpdumps split up every N minutes, and analyze
these.  One thing to look for would be sack blocks coming from the
receiver (assuming sack is enabled.)

  -John
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists