lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 16 Dec 2013 10:45:13 -0800
From:	Yuchung Cheng <ycheng@...gle.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	Christoph Paasch <christoph.paasch@...ouvain.be>,
	netdev <netdev@...r.kernel.org>,
	David Miller <davem@...emloft.net>,
	Julian Anastasov <ja@....bg>
Subject: Re: [PATCH 0/4] Make tcp-metrics source-address aware

On Sun, Dec 15, 2013 at 10:40 AM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> On Sun, 2013-12-15 at 13:10 +0100, Christoph Paasch wrote:
>> Currently tcp-metrics only stores per-destination addresses. This brings
>> problems, when a host has multiple interfaces (e.g., a smartphone having
>> WiFi/3G):
>>
>> For example, a host contacting a server over WiFi will store the tcp-metrics
>> per destination IP. If then the host contacts the same server over 3G, the
>> same tcp-metrics will be used, although the path-characteristics are completly
>> different (e.g., the ssthresh is probably not the same).
>
> ssthresh caching is very problematic anyway.
>
> hystart is way better to probe the actual capacity, as the real network
> conditions change every seconds or so.
>
>>
>> The same holds for the fast-open cookie. The server will generate a cookie
>> based on our source-address. So, if we contact the same server with another
>> source-IP we should request a new cookie.
>
> Yuchung, what do you think ? I think this should already be handled
> gracefully, as client be behind a NAT device using a pool of external IP
> addresses ?
Right. Today the Fast Open attempt will fall back to regular TCP
gracefully with the new cookie in SYN-ACK. So if the source ip changed
when the public IP/nat remain the same (common case?), the proposed
change will reduce Fast Open success rate. So it likely has negative
impact only.

This reminds me to add this specific issue in the fast open ietf draft.

>
> Thanks Christoph !
>
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ