| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Aug 2010 14:56:28 -0700 From: Jerry Chu <hkchu@...gle.com> To: Arnd Hannemann <hannemann@...s.rwth-aachen.de> Cc: Eric Dumazet <eric.dumazet@...il.com>, ilpo.jarvinen@...sinki.fi, davem@...emloft.net, netdev@...r.kernel.org Subject: Re: [PATCH] TCP_FAILFAST: a new socket option to timeout/abort a connection quicker On Tue, Aug 24, 2010 at 1:04 AM, Arnd Hannemann <hannemann@...s.rwth-aachen.de> wrote: > Am 24.08.2010 08:44, schrieb Eric Dumazet: >> Le lundi 23 août 2010 à 23:20 -0700, H.K. Jerry Chu a écrit : >>> From: Jerry Chu <hkchu@...gle.com> >>> >>> This is a TCP level socket option that takes an unsigned int to specify >>> how long in ms TCP should resend a lost data packet before giving up >>> and returning ETIMEDOUT. The normal TCP retry/abort timeout limit still >>> applies. In other words this option is only meant for those applications >>> that need to "fail faster" than the default TCP timeout. The latter >>> may take upto 20 minutes in a normal WAN environment. >>> >>> The option is disabled (by default) when set to 0. Also it does not >>> apply during the connection establishment phase. >>> >>> Signed-off-by: H.K. Jerry Chu <hkchu@...gle.com> >> >> TCP_FAILFAST might be misleading. It reads as a boolean option, while >> its an option to cap the timeout, with a time unit, instead of the usual >> "number of retransmits". > > Why not call it TCP_USERTIMEOUT? Sure, except that it was designed to shorten the system default user timeout, not lengthen it. (But perhaps it can be combined with TCP_UTO?) The current default user timeout of 13-20minutes in Linux may be adequate for some apps but too long for many others. A per connection socket option solves this problem. > Later you can also send it via the TCP user timeout option... (RFC5482) > Hmm... is the ms granularity really needed? Does it make sense to abort > a connection below a second? Yes I thought about that too, but decided it's better to allow the flexibility of sub- sec level timeout for possible future usage in HPC type of applications, rather than to regret later. > >> Its also funny you dont ask for a default value, given by a sysctl >> tunable ;) > > Well retries1/2 would be the tunables, no? The was my first thought, to allow tcp_retries2 to be reduced on a per connection basis. But I also see a need to reduce TCP_RTO_MAX in order to allow a reasonable # of retries, given a shorter timeout. I saw a patch submitted a couple of months ago to allow tcp_retries2 to be configured but haven't seen any forward progress on the patch. If people think letting apps configure tcp_retries2 and TCP_RTO_MAX directly is a better solution I'm for it too. Thanks, Jerry > > Best regards, > Arnd > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists