lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CADVnQymirM10M95Hspk2KYrFDE7uBqQSM4PBYRqJJVbqmKCMsg@mail.gmail.com>
Date: Fri, 10 Jan 2025 11:24:42 -0500
From: Neal Cardwell <ncardwell@...gle.com>
To: lizhe <sensor1010@....com>
Cc: edumazet@...gle.com, davem@...emloft.net, dsahern@...nel.org, 
	kuba@...nel.org, pabeni@...hat.com, horms@...nel.org, netdev@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: Re: [PATCH] tcp: Add an extra check for consecutive failed
 keepalive probes

On Fri, Jan 10, 2025 at 10:58 AM lizhe <sensor1010@....com> wrote:
>
> Hi, Neal
>
>
> If the TCP_USER_TIMEOUT option is not enabled, and attempts to send TCP keepalive probes continuously fail,
>
> then who limits the number of increments to icsk->icsk_probes_out?

The code that I pasted in my previous message limits the number of
increments to icsk->icsk_probes_out. :-)

The code is right here in the lines surrounding line 809 of tcp_timer
in Linux v6.12, which can also be viewed here more conveniently:

https://elixir.bootlin.com/linux/v6.12/source/net/ipv4/tcp_timer.c#L809

> Adding this code is feasible. If not added, the system would continuously send keepalive probes without any limit.
>
> If these probes continually fail, the process would persist indefinitely because there would be no measure in place to restrict the increments of icsk->icsk_probes_out++.

It's not true that the system would continuously send keepalive probes
without any limit. The packetdrill test I pasted in my previous
message verifies that Linux TCP stops sending keepalives after the
number of probes configured by net.ipv4.tcp_keepalive_probes or
TCP_KEEPCNT. If you think I'm still missing something, please provide
a tcpdump trace or packetdrill test showing the behavior you are
claiming. :-)

thanks,
neal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ