lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.64.0807152312080.6254@wrl-59.cs.helsinki.fi>
Date:	Tue, 15 Jul 2008 23:17:47 +0300 (EEST)
From:	"Ilpo Järvinen" <ilpo.jarvinen@...sinki.fi>
To:	Thomas Jarosch <thomas.jarosch@...ra2net.com>
cc:	Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>,
	netdev@...r.kernel.org, Patrick McHardy <kaber@...sh.net>,
	Sven Riedel <sr@...urenet.de>,
	Netfilter Developer Mailing List 
	<netfilter-devel@...r.kernel.org>,
	"Dâniel Fraga" <fragabr@...il.com>
Subject: Re: TCP connection stalls under 2.6.24.7

On Tue, 15 Jul 2008, Thomas Jarosch wrote:

> > Luckily I'm able to reproduce the problem locally using an ADSL line from
> > the same provider, so I'll now bisect the kernel from 2.6.23.17 to 2.6.24.
> 
> After bisecting for hours, l only had ten revisions left to test.
> There was this commit that caught my eye:
> 
> ------------------------------
> commit c96fd3d461fa495400df24be3b3b66f0e0b152f9
> Author: Ilpo Järvinen <ilpo.jarvinen@...sinki.fi>
> Date:   Thu Sep 20 11:36:37 2007 -0700
> 
>     [TCP]: Enable SACK enhanced FRTO (RFC4138) by default
> ------------------------------
> 
> This change sets the value of "tcp_frto" to 2 by default.
> If I reset it to zero, the connection works immediately.
> @Dâniel Fraga: Does disabling tcp_frto work for you, too?
> 
> Disabling tcp_sack makes no difference. To summarize the situation,
> I had two different cases of stalling TCP connections, both connecting
> to busy SMTP relays servers which probably drop some packets here and there.
> 
> I can easily reproduce the problem, so how do we go from here?

FRTO in 2.6.24.y is broken, I recently fixed couple of things in FRTO, 
late 2.6.25.y or 2.6.26 should be used to have all the fixes. If you can 
reproce with either one, please tcpdump it (I just returned, was couple of 
weeks away, so I'm slowly catching up what has happened in between here). 
...I guess somebody had dumped at least 2.6.24.y but that's not 
interesting due to known (and fixed) bugs with FRTO.


-- 
 i.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ