| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Oct 2009 15:22:29 +0100 From: Eric Dumazet <eric.dumazet@...il.com> To: Gilad Ben-Yossef <gilad@...efidence.com> CC: netdev@...r.kernel.org, ori@...sleep.com Subject: Re: [PATCHv4 0/7] Per route TCP options support kill switches Gilad Ben-Yossef a écrit : > Allow selectively turning off support for specific TCP options > on a per route basis. > > One normally want to disable SACK, DSACK, time stamp or window > scale if one got a piece of broken networking equipment somewhere > as a stop gap until you can bring a big enough hammer to deal with > the broken network equipment. It doesn't make sense to "punish" the > entire connections going through the machine to destinations not > related to the broken equipment. > > This is doubly true when one is dealing with network containers > used to isolate several virtual domains. > > Per route options implemented in free bits in the features route > entry property, which in some cases were reserved by name for these > options, so this does not inflate any structure. > > Global sysctls for these options are still preserved and retain > the exact original meaning (e.g. you have to have both the global > sysctl turned on and not turn off the TCP option parsing in the > specific route to have it proccessed). > > It is not possible to turn off globally an option but turn it on > per route, so as to not subtly change the meaning of current > establish sysctls (and this is a rare need anyway). > > Tested on x86 using Qemu/KVM. > > Working but crude matching patch to iproute2 sent earlier to the list. > > Patchset based on original work by Ori Finkelman and Yony Amit > from ComSleep Ltd. > > The author wishes to thank Eric Dumazaet, William Allen Simpson, > Bill Fink and Ilpo Jarvinen for their feedback. > > > Gilad Ben-Yossef (7): > Only parse time stamp TCP option in time wait sock > Allow tcp_parse_options to consult dst entry > Add dst_feature to query route entry features > Add the no SACK route option feature > Allow disabling TCP timestamp options per route > Allow to turn off TCP window scale opt per route > Allow disabling of DSACK TCP option per route > > include/linux/rtnetlink.h | 6 ++++-- > include/net/dst.h | 8 +++++++- > include/net/tcp.h | 3 ++- > net/ipv4/syncookies.c | 27 ++++++++++++++------------- > net/ipv4/tcp_input.c | 26 ++++++++++++++++++-------- > net/ipv4/tcp_ipv4.c | 21 ++++++++++++--------- > net/ipv4/tcp_minisocks.c | 9 ++++++--- > net/ipv4/tcp_output.c | 18 +++++++++++++----- > net/ipv6/syncookies.c | 28 +++++++++++++++------------- > net/ipv6/tcp_ipv6.c | 3 ++- > 10 files changed, 93 insertions(+), 56 deletions(-) > I am a bit lost. What exactly changed in this new version, versus v3 ? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists