| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 08 Jan 2008 11:51:53 -0500 From: John Heffner <jheffner@....edu> To: David Miller <davem@...emloft.net> CC: ilpo.jarvinen@...sinki.fi, lachlan.andrew@...il.com, netdev@...r.kernel.org, quetchen@...tech.edu Subject: Re: SACK scoreboard David Miller wrote: > Ilpo, just trying to keep an old conversation from dying off. > > Did you happen to read a recent blog posting of mine? > > http://vger.kernel.org/~davem/cgi-bin/blog.cgi/2007/12/31#tcp_overhead > > I've been thinking more and more and I think we might be able > to get away with enforcing that SACKs are always increasing in > coverage. > > I doubt there are any real systems out there that drop out of order > packets that are properly formed and are in window, even though the > SACK specification (foolishly, in my opinion) allows this. > > If we could free packets as SACK blocks cover them, all the problems > go away. > > For one thing, this will allow the retransmit queue liberation during > loss recovery to be spread out over the event, instead of batched up > like crazy to the point where the cumulative ACK finally moves and > releases an entire window's worth of data. > > Next, it would simplify all of this scanning code trying to figure out > which holes to fill during recovery. > > And for SACK scoreboard marking, the RB trie would become very nearly > unecessary as far as I can tell. > > I would not even entertain this kind of crazy idea unless I thought > the fundamental complexity simplification payback was enormous. And > in this case I think it is. > > What we could do is put some experimental hack in there for developers > to start playing with, which would enforce that SACKs always increase > in coverage. If violated the connection reset and a verbose log > message is logged so we can analyze any cases that occur. > > Sounds crazy, but maybe has potential. What do you think? Linux has a code path where this can happen under memory over-commit, in tcp_prune_queue(). Also, I think one of the motivations for making SACK strictly advisory is there was some concern about buggy SACK implementations. Keeping data in your retransmit queue allows you to fall back to timeout and go-back-n if things completely fall apart. For better or worse, we have to deal with the spec the way it is. Even if you made this assumption of "hard" SACKs, you still have to worry about large ACKs if SACK is disabled, though I guess you could say people running with large windows without SACK deserve what they get. :) I haven't thought about this too hard, but can we approximate this by moving scaked data into a sacked queue, then if something bad happens merge this back into the retransmit queue? The code will have to deal with non-contiguous data in the retransmit queue; I'm not sure offhand if that violates any assumptions. You still have a single expensive ACK at the end of recovery, though I wonder how much this really hurts. If you want to ameliorate this, you could save this sacked queue to be batch processed later, in application context for instance. -John -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists