lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4831AD87.1040909@redhat.com>
Date:	Mon, 19 May 2008 12:40:39 -0400
From:	Chris Bredesen <cbredesen@...hat.com>
To:	Ilpo Järvinen <ilpo.jarvinen@...sinki.fi>
CC:	Netdev <netdev@...r.kernel.org>, johnwheffner@...il.com
Subject: Re: Debugging TCP: Treason Uncloaked

Ilpo Järvinen wrote:
> ...This report lacks kernel version (no I won't try to figure out what f8 
> or whatever is using on your box, just tell it :-)) (e.g., ...Some 
> 2.6.25-rc had this problem).
> 
> Tcp_window_scaling sysctl has nothing to do with window resizing. ...It 
> just decides if scaling factor can be used or not. It won't guarantee you 
> a constant window!
> 
> What happened while the window was shrunk is hard to know because the log 
> snippet doesn't have the point where the window was reduced.

John - thanks for the explanation - I understand the relationship 
between scaling and resizing now.  If my notes are correct, it happened 
with both these kernels on the client:

2.6.24.3-12.fc8.i686
2.6.24.3-34.fc8.i686

RHEL and CentOS guys are reporting this issue as well so I wonder if 
it's something specific to a RH kernel (not sure how close they are to 
upstream but my understanding is that Fedora kernels are pretty close, 
but this is *clearly* not my area of expertise).

Kernel on the NAS device is 2.6.9 AFAIK but the distro has proprietary 
bits in it so I'm not sure what's been done there.  It's a Netgear 
ReadyNAS appliance.

In any case, I'm attaching an archive of the whole tcpdump session so 
you can have a look.   Please let me know if you need more info.  I 
really *really* appreciate your help on this -- I'm paying the results 
of our findings forward so others won't get tripped up on this issue.

Best,

Chris

Download attachment "tcp.dump.filtered.tar.gz" of type "application/x-gzip" (106507 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ