lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 31 Jan 2022 11:17:32 -0600
From:   Jesse Hathaway <jesse@...ki-mvuki.org>
To:     ycheng@...gle.com
Cc:     davem@...emloft.net, edumazet@...gle.com,
        gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
        ncardwell@...gle.com, pavel@...x.de, sashal@...nel.org,
        soheil@...gle.com, stable@...r.kernel.org, weiwan@...gle.com,
        jesse@...ki-mvuki.org
Subject: Re: [PATCH 5.10 099/167] tcp: disable TFO blackhole logic by default

On Wed, Jul 28, 2021 at 09:32:42 -0700 Yuchung Cheng <ycheng@...gle.com> wrote:

> On the other hand maybe we do not hear middlebox issues because this
> mechanism is working. So I am okay to avoid applying to stable and
> keep in net-next to test this new policy.

This change did indeed break our mail servers at Wikimedia, causing
difficult to diagnose timeout errors on sending outgoing email. I
resorted to bisecting the kernel, which resulted in finding this commit.
I have verified that reverting the sysctl value for
tcp_fastopen_blackhole_timeout_sec to 3600 does resolve the timeouts.

Given that it is not clear how a user would discover that this sysctl
has changed, or know how to fix a middle box somewhere on a path to
their destination, I would love to see this change reverted.

Yours kindly, Jesse Hathaway

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ