| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Sep 2007 23:49:30 +0300 (EEST) From: "Ilpo Järvinen" <ilpo.jarvinen@...sinki.fi> To: Cedric Le Goater <legoater@...e.fr> cc: Andrew Morton <akpm@...ux-foundation.org>, LKML <linux-kernel@...r.kernel.org>, Netdev <netdev@...r.kernel.org>, David Miller <davem@...emloft.net> Subject: Re: 2.6.23-rc8-mm2 - tcp_fastretrans_alert() WARNING On Sat, 29 Sep 2007, Cedric Le Goater wrote: > Ilpo Järvinen wrote: > > On Fri, 28 Sep 2007, Ilpo Järvinen wrote: > >> On Fri, 28 Sep 2007, Cedric Le Goater wrote: > >> > >>> I just found that warning in my logs. It seems that it's been > >>> happening since rc7-mm1 at least. > >>> > >>> WARNING: at /home/legoater/linux/2.6.23-rc8-mm2/net/ipv4/tcp_input.c:2314 tcp_fastretrans_alert() > >>> > >>> Call Trace: > >>> <IRQ> [<ffffffff8040fdc3>] tcp_ack+0xcd6/0x1894 > >>> ...snip... > >> ...Thanks for the report, I'll have look what could still break > >> fackets_out... > > > > I think this one is now clear to me, tcp_fragment/collapse adjusts > > fackets_out (incorrectly) also for reno flow when there were some dupACKs > > that made sacked_out != 0. Could you please try if patch below proves all > > them to be of non-SACK origin... In case that's true, it's rather > > harmless, I'll send a fix on Monday or so (this would anyway be needed)... > > If you find out that them occur with SACK enabled flow, that would be > > more interesting and requires more digging... > > I'm trying now to reproduce this WARNING. > > It seems that the n/w behaves differently during the week ends. Probably > taking a break. Thanks. Of course there are other means too to determine if TCP flows do negotiate SACK enabled or not. Depending on your test case (which is fully unknown to me) they may or may not be usable... At least the value of tcp_sack sysctl on both systems or tcpdump catching SYN packets should give that detail. ...If you know to which hosts TCP could be connected (and active) to, while the WARNING triggers, it's really easy to test what is being negotiated as it's unlikely to change at short notice and any TCP flow to that host will get us the same information though the WARNING would not be triggered with it at this time. Obviously if at least one of the remotes is not known or the set ends up being mixture of reno and SACK flows, then we'll just have to wait and see which fish we get... -- i.
Powered by blists - more mailing lists