lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 05 Feb 2007 15:08:15 -0800 (PST)
From:	David Miller <davem@...emloft.net>
To:	jheffner@....edu
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH] apply cwnd rules to FIN packets with data

From: John Heffner <jheffner@....edu>
Date: Mon, 05 Feb 2007 18:02:19 -0500

> David Miller wrote:
> > From: John Heffner <jheffner@....edu>
> > Date: Mon, 05 Feb 2007 16:58:18 -0500
> > 
> >> This is especially important with TSO enabled.  Currently, it will send 
> >> a burst of up to 64k at the end of a connection, even when cwnd is much 
> >> smaller than 64k.  This patch still lets out empty FIN packets, but does 
> >> not apply the special case to FINs carrying data.
> > 
> > Good catch John.
> > 
> > But I think the correct test on skb->len would be to just make
> > sure that it is <= REAL_MSS.
> > 
> > What do you think about that?  This would match the original intention
> > of the logic in the pre-TSO days.
> 
> What was the intention of that logic?

Because a packet is a packet is a packet.

If we let a FIN out it's basically equivalent to a FIN+data
as far as the routers are concerned.  Either they will drop
the packet or they won't.  And they will do this regardless
of whether data is attached to the FIN.

Getting FINs out fast is important for another reason, the
faster the session closes the faster "smart" intermediate
routers can teardown cached routing or firewall tracking
entries for the flow.

> Actually, I think it would be better to leave the Nagle test as it was 
> (which is implicitly < real_mss), because there is obviously no point in 
> doing the nagle test when you know there is no more data that will be 
> sent.

True.

> However, I can't think of any reason why the cwnd test should not 
> apply.

Care to elaborate here?  You can view the FIN special case as an off
by one error in the CWND test, it's not going to melt the internet.
:-)
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ