| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Jan 2010 13:13:18 +0100 From: Damian Lukowski <damian@....rwth-aachen.de> To: Denys Fedoryshchenko <denys@...p.net.lb> Cc: Ilpo Järvinen <ilpo.jarvinen@...sinki.fi>, Netdev <netdev@...r.kernel.org>, David Miller <davem@...emloft.net> Subject: Re: [PATCH] tcp: fix ICMP-RTO war Denys Fedoryshchenko schrieb: > On Wednesday 27 January 2010 14:36:18 you wrote: >> Unless they are for a different connection? We might have to print sk (%p) >> in all those printouts to be sure which maps to which. If a peer becomes >> unreachable, it may well have multiple connections open (this was a >> proxy, iirc?). >> > Ok i will try to do that today. > > Most probably different connections, on this proxy i have 10-15k established > connections at peak time. In total, there are probably multiple sockets involved, but for the pattern I mentioned, I doubt that. The pattern is all over the place; look at another sample: > [ 1497.679255] rto: 200 (0 >> 3 + 0, 21) time: 1197679 sent: 1197679 pen: 1 1198079 rem: 200 > [ 1497.679356] rto: 120000 (18111 >> 3 + 2633, 7) time: 1197679 sent: 1195423 pen: 1 1315423 rem: 117744 > [ 1501.113786] rto: 200 (0 >> 3 + 0, 24) time: 1201113 sent: 1200679 pen: 1 1203879 rem: 0 > [ 1501.116064] rto: 120000 (17704 >> 3 + 4426, 8) time: 1201116 sent: 1198638 pen: 1 1318638 rem: 117522 > [ 1501.116216] rto: 200 (0 >> 3 + 0, 24) time: 1201116 sent: 1201113 pen: 1 1201513 rem: 197 > [ 1504.165953] rto: 200 (0 >> 3 + 0, 27) time: 1204165 sent: 1204113 pen: 1 1207313 rem: 148 > [ 1504.168151] rto: 200 (0 >> 3 + 0, 26) time: 1204168 sent: 1204113 pen: 1 1204313 rem: 145 > [ 1504.168327] rto: 200 (0 >> 3 + 0, 25) time: 1204168 sent: 1204113 pen: 1 1204313 rem: 145 > [ 1507.280096] rto: 200 (0 >> 3 + 0, 28) time: 1207280 sent: 1207113 pen: 1 1210313 rem: 33 > [ 1507.280255] rto: 200 (0 >> 3 + 0, 27) time: 1207280 sent: 1207113 pen: 1 1207313 rem: 33 > [ 1510.974574] rto: 200 (0 >> 3 + 0, 30) time: 1210974 sent: 1210113 pen: 1 1213313 rem: 0 > [ 1510.974766] rto: 200 (0 >> 3 + 0, 30) time: 1210974 sent: 1210974 pen: 1 1211374 rem: 200 > [ 1514.436214] rto: 200 (0 >> 3 + 0, 33) time: 1214436 sent: 1213974 pen: 1 1217174 rem: 0 > [ 1514.436378] rto: 200 (0 >> 3 + 0, 33) time: 1214436 sent: 1214436 pen: 1 1214836 rem: 200 > [ 1514.436525] rto: 200 (0 >> 3 + 0, 32) time: 1214436 sent: 1214436 pen: 1 1214636 rem: 200 > [ 1517.516537] rto: 200 (0 >> 3 + 0, 35) time: 1217516 sent: 1217436 pen: 1 1220636 rem: 120 > [ 1517.520724] rto: 200 (0 >> 3 + 0, 34) time: 1217520 sent: 1217436 pen: 1 1217636 rem: 116 > [ 1517.520919] rto: 200 (0 >> 3 + 0, 33) time: 1217520 sent: 1217436 pen: 1 1217636 rem: 116 > [ 1520.580000] rto: 200 (0 >> 3 + 0, 36) time: 1220579 sent: 1220436 pen: 1 1223636 rem: 57 > [ 1520.580165] rto: 200 (0 >> 3 + 0, 35) time: 1220580 sent: 1220436 pen: 1 1220637 rem: 56 > [ 1520.580744] rto: 200 (0 >> 3 + 0, 34) time: 1220580 sent: 1220436 pen: 1 1220636 rem: 56 The two 120000ms RTOs are a different socket, but the rest is one socket, I believe. There is the sequence (N+2, N+1, N) for backoff, followed by 3 seconds silence, which I assume, are used for regular RTO retransmissions, and then again a burst of ICMPs. The three seconds are enough to fire backed-off retransmissions at t+0.2, t+0.6, t+1.4 and t+3.0. There is a slight deviation of this pattern when rem becomes 0. This pattern is too perfect to be triggered by different sockets, I think. But we will see, when Denys submits new test outputs. > > Also about estimating rtt, maybe there is something wrong in idea. Just what > will happen if ip visible for proxy have multiple people behind? It can be > small router for hotspot and 10-20 people behind it, some with very large > rtt, some with very small. > > And some of them getting disconnected (out of range from wireless, for > example), and thats most probably why host unreachable sent... at same time > proxy have established and running tcp connections with other people on same > router (means for proxy same ip). Sockets are identified on a (src-ip, src-port)::(dst-ip, dst-port) quadruple basis, so RTT calculation usually is independent even for same ip-pairs, unless with TCB interdependence. But I don't know if that is implemented and/or enabled by default. Regards Damian > Sorry, again to Ilpo Järvinen, by default i have reply, instead of reply all. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists