| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Oct 2009 06:03:57 +0100 From: Eric Dumazet <eric.dumazet@...il.com> To: Bill Fink <billfink@...dspring.com> CC: Gilad Ben-Yossef <gilad@...efidence.com>, William Allen Simpson <william.allen.simpson@...il.com>, netdev@...r.kernel.org Subject: Re: [PATCH v2 8/8] Document future removal of sysctl_tcp_* options Bill Fink a écrit : > On Sun, 25 Oct 2009, Gilad Ben-Yossef wrote: > >> Eric Dumazet wrote: >> >>> Bill Fink a écrit : >>> >>> >>>> And as mentioned previously, the global options can be quite useful >>>> in certain test scenarios. I also agree the per route settings are >>>> a very useful addition. I think the global and per route settings >>>> are complementary and shouldn't be thought of as in conflict with >>>> one another. >>>> >>> Absolutely, global setting is a must when an admin wants a quick path. >>> >>> The more flexible would be to have two bits per route, plus >>> 2 bits on the global configuration. >>> >>> global conf: >>> 00 : timestamps OFF, unless a route setting is not 00 >>> 01 : timestamps ON, unless a route setting is not 00 >>> 10 : Force timestamps OFF, ignore route settings (emergency sysadmin request) >>> 11 : Force timestamps ON, ignore route settings >>> >>> Route settings (used *only* if global setting is 0Y) >>> 00 : global conf is used >>> 01 : Force timestamps being OFF for this route >>> 10 : Force timestamps being ON for this route >>> 11 : complement global conf >> Hey, I have no issue to re-spin the patch with this suggestion, if you >> truly think this is valuable, but would you please consider the >> nightmare of having to just explain this to someone? >> >> It sounds to me way too complicated for what it does. >> >> I still think having a global kill switch and per route options better >> (basically use the exiting patch but not retire the global kill >> switch|), but if you must Hgow about we leave the global sysctl as they >> are and just have a two bit route option: >> >> 0 Use global default >> 1 Off >> 2 On >> >> It's kind of funny, because this is what the original patch from >> Comsleep does and I thought it needlessly complicates things. >> >> So, what do you say - which will it be? > > I personally feel the 2-bit settings are overkill. What i think > makes the most sense is for the global options to act as they always > have in the absence of any route specific settings, and for any > route specific settings to override the related global settings. > This is both simple and maintains backward compatibility. Backward compatibility is important, very important, if not the most important thing. Then usability comes. I know some busy servers where adding/changing a single route makes them go crazy (because of ip route flush cache) So if a route is overriding a global conf, and the admin wants to make an emergency change during peak hours, he should do it by a global setting, or he wont use at all this new stuff, and stay conservative. Alternative would be to not trigger the flush of cache when changing features flags. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists