| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Oct 2009 09:08:59 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Willy Tarreau <w@....eu> CC: Julian Anastasov <ja@....bg>, David Miller <davem@...emloft.net>, netdev@...r.kernel.org Subject: Re: TCP_DEFER_ACCEPT is missing counter update Willy Tarreau a écrit : > On Fri, Oct 16, 2009 at 08:05:19AM +0200, Eric Dumazet wrote: >>> Couldn't we just rely on the retrans vs rskq_defer_accept comparison ? >>> >> In this case, we lose TCP_DEFER_ACCEPT advantage in case one SYN-ACK was dropped >> by the network : We wakeup the listening server when first ACK comes from client, >> instead of really wait the request. >> >> I think being able to count pure-acks would be slighly better, and cost nothing. >> >> >> retrans is the number of SYN-RECV (re)sent, while req_acks would count number of >> pure ACK received. >> >> Those numbers, in an ideal world should be related, but could differ in real world ? > > Yes it could differ if a pure ACK is lost between the client and the server, > but in my opinion what is important is not to precisely account the number > of ACKs to ensure we wake up exactly after XXX ACKs received, but that in > most common situations we avoid to wake up too early. > We basically same thing, but you misundertood me. I was concerning about one lost (server -> client SYN-ACK), not a lost (client -> server ACK) which is fine (even without playing with TCP_DEFER_ACCEPT at all) In this case, if we do the retrans test, we'll accept the first (client -> server ACK) and wakeup the application, while most probably we'll receive the client request few milli second later. > Also, keep in mind that the TCP_DEFER_ACCEPT parameter is passed in number > of seconds by the application, which are in turn converted to a number of > retransmits based on our own timer, which means that our SYN-ACK counter > is what most closely matches the application's expected delay, even if an > ACK from the client gets lost in between or if a client's stack retransmits > pure ACKs very fast for any implementation-specific reason. > Well, this is why converting application delay (sockopt() argument) in second units to a number of SYN-ACK counter is subobptimal and error prone. This might be changed to be mapped to what documentation states : a number of seconds, or even better a number of milli seconds (new TCP_DEFER_ACCEPT_MS setsockopt cmd), because a high performance server wont play with > 1 sec values anyway. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists