lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 25 Oct 2009 20:21:14 -0400
From:	Bill Fink <billfink@...dspring.com>
To:	Gilad Ben-Yossef <gilad@...efidence.com>
Cc:	Eric Dumazet <eric.dumazet@...il.com>,
	William Allen Simpson <william.allen.simpson@...il.com>,
	netdev@...r.kernel.org
Subject: Re: [PATCH v2 8/8] Document future removal of sysctl_tcp_* options

On Sun, 25 Oct 2009, Gilad Ben-Yossef wrote:

> Eric Dumazet wrote:
> 
> > Bill Fink a écrit :
> >
> >   
> >> And as mentioned previously, the global options can be quite useful
> >> in certain test scenarios.  I also agree the per route settings are
> >> a very useful addition.  I think the global and per route settings
> >> are complementary and shouldn't be thought of as in conflict with
> >> one another.
> >>     
> > Absolutely, global setting is a must when an admin wants a quick path.
> >
> > The more flexible would be to have two bits per route, plus
> > 2 bits on the global configuration.
> >
> > global conf:
> > 00 : timestamps OFF, unless a route setting is not 00
> > 01 : timestamps ON, unless a route setting is not 00
> > 10 : Force timestamps OFF, ignore route settings (emergency sysadmin request)
> > 11 : Force timestamps ON, ignore route settings 
> >
> > Route settings (used *only* if global setting is 0Y)
> > 00 : global conf is used
> > 01 : Force timestamps being OFF for this route
> > 10 : Force timestamps being ON for this route
> > 11 : complement global conf
> 
> Hey, I have no issue to re-spin the patch with this suggestion, if you 
> truly think this is valuable, but would you please consider the 
> nightmare of having to just explain this to someone?
> 
> It sounds to me way too complicated for what it does.
> 
> I still think having a global kill switch and per route options better 
> (basically use the exiting patch but not retire the global kill 
> switch|), but if you must Hgow about we leave the global sysctl as they 
> are and just have a two bit route option:
> 
> 0 Use global default
> 1 Off
> 2 On
> 
> It's kind of funny, because this is what the original patch from 
> Comsleep does and I thought it needlessly complicates things.
> 
> So, what do you say - which will it be?

I personally feel the 2-bit settings are overkill.  What i think
makes the most sense is for the global options to act as they always
have in the absence of any route specific settings, and for any
route specific settings to override the related global settings.
This is both simple and maintains backward compatibility.

						-Bill
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ