lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 28 Aug 2008 19:48:52 +0300
From:	Denys Fedoryshchenko <denys@...p.net.lb>
To:	Andi Kleen <andi@...stfloor.org>
Cc:	Joe Malicki <jmalicki@...acarta.com>,
	David Miller <davem@...emloft.net>, johnpol@....mipt.ru,
	dada1@...mosbay.com, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org, juhlenko@...mai.com, sammy@...my.net
Subject: Re: loaded router, excessive getnstimeofday in oprofile

My small IMHO regarding SO_TIMESTAMP.

1)Right now i have 400-500 Mbps passing router. If i will run 
5 "pings" ,simultaneous ,under _USER_ privileges(i know ping is suid), 
instead of free 20% CPU time, i will have 1-2% free CPU time. Sure i know 
ping is suid program, but it is has been "like this" since long time. By 
security psychos it will be caled DoS.

2)Usefullness of this option. What is a difference if on almost idle machine 
timestamp retrieved on higher level or lower level? 
And why we need on highly loaded server so high precision timestamp (with 
expensive timer), if in my case enabling any socket with SO_TIMESTAMP 
creating delays more than 10ms(up to 100ms)?

3)Who is most users of SO_TIMESTAMP? iputils which is installed on almost 
_ANY_ linux machine? busybox which is using same option? Many others 
userspace multiplatform applications? Or banks? I dont take much in account 
dhcpd, who is maybe abusing this option.

So there is few good solutions available (IMHO):
1)Introduce some SO_REALTIMESTAMP (anyway even SO_TIMESTAMP not defined in any 
standard) for banks and ntp folks, who need them. And even give them timespec 
instead timeval, so they will be even more happy with resolution.
2)Provide sysctl,kernel boot, or even "build time" option for "banks" to have 
high resolution(and expensive) SO_TIMESTAMP.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ