lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 02 Oct 2009 17:46:12 -0400
From:	William Allen Simpson <william.allen.simpson@...il.com>
To:	netdev@...r.kernel.org
Subject: Re: [PATCH] TCPCT-1: adding a sysctl

Andi Kleen wrote:
> William Allen Simpson <william.allen.simpson@...il.com> writes:
>> Any suggestions for improvement?  Or general approval?
> 
> The patch seems incomplete, can't find callers for most of the new functions.
> 
Ummm, I was following the suggested practice of breaking it into smaller
pieces for review.  This is just the control functions and headers.  I've
actually completed most of the port, and am champing at the bit.

I was hoping for concrete suggestions from the experienced Linux coders,
before submitting the rest of the code.


> In general cookies fell a bit out of favour because they don't support window
> scaling etc.  But you don't seem to fix that by putting that data into
> the new option.
> 
You mean DJB's "optionless" SYN cookies?  They saved everybody's bacon
back in the day, but that was when there were fewer options.  In 1996,
we all thought it was a quick hack on the way to a better solution.  But
the hack solved enough of the problem that nobody finished the work.

This option fixes (obviates and eventually obsoletes) SYN cookies, and
passes other options just fine.  That's one reason for doing it!

There should be a paper explaining in December's Usenix Login.  This is
the running code to go with the paper.


> My immediate gut reaction is that it will be likely challenging to 
> traverse many packet filters (which often have a tendency to drop
> anything they don't know) with this option on. That is also what killed
> ECN.
> 
Too true.  Not much we can do about it, but the various research surveys
suggest that an unknown option passes better....

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ