lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 29 Aug 2010 17:23:05 -0700
From:	Jerry Chu <hkchu@...gle.com>
To:	David Miller <davem@...emloft.net>
Cc:	eric.dumazet@...il.com, hannemann@...s.rwth-aachen.de,
	hagen@...u.net, lars.eggert@...ia.com, netdev@...r.kernel.org
Subject: Re: [PATCH] TCP_USER_TIMEOUT: a new socket option to specify max
 timeout before a TCP connection is aborted

On Sat, Aug 28, 2010 at 4:13 PM, David Miller <davem@...emloft.net> wrote:
>
> From: "H.K. Jerry Chu" <hkchu@...gle.com>
> Date: Fri, 27 Aug 2010 22:13:28 -0700
>
> > @@ -556,7 +559,14 @@ static void tcp_keepalive_timer (unsigned long data)
> >       elapsed = keepalive_time_elapsed(tp);
> >
> >       if (elapsed >= keepalive_time_when(tp)) {
> > -             if (icsk->icsk_probes_out >= keepalive_probes(tp)) {
> > +             /* If the TCP_USER_TIMEOUT option is enabled, use that
> > +              * to determine when to timeout instead.
> > +              */
> > +             if ((icsk->icsk_user_timeout != 0 &&
> > +                 elapsed >= icsk->icsk_user_timeout &&
> > +                 icsk->icsk_probes_out > 0) ||
> > +                 (icsk->icsk_user_timeout == 0 &&
> > +                 icsk->icsk_probes_out >= keepalive_probes(tp))) {
> >                       tcp_send_active_reset(sk, GFP_ATOMIC);
> >                       tcp_write_err(sk);
> >                       goto out;
>
> I think if we want to add a socket option which overrides, it makes
> more sense to provide overrides in the same units.  This
> transformation here is transforming a check against apples into a
> check against oranges.
>
> But if that's how this thing is specified, so be it... I guess. :-/

Correct.  It seems that there has been a bit of inconsistency regarding the
unit of "timeouts". RFC1122 says "R1 and R2 might be measured in time
units or as a count of retransmissions." Most of the OSes including Linux
seem to measure timeout in # of retries. But RFC5482 defines its "User
Timeout Option" in time units.

Personally I think as an API, it's easier for an application to grasp
the concept
of a time quantity than # of retransmissions. (E.g., how will an app
determine it
needs 10 retries vs 20 retries?)

Jerry
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ