lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-id: <1285617608.9983.30.camel@nexus>
Date:	Mon, 27 Sep 2010 22:00:08 +0200
From:	Damian Lukowski <damian@....rwth-aachen.de>
To:	David Miller <davem@...emloft.net>
Cc:	yuri@...nteg.net, akpm@...ux-foundation.org,
	netdev@...r.kernel.org, bugzilla-daemon@...zilla.kernel.org,
	bugme-daemon@...zilla.kernel.org
Subject: Re: [Bugme-new] [Bug 18952] New: The mount of SYN retries is not equal
 to /proc/sys/net/ipv4/tcp_syn_retries

Ok, I see.

When I read your mail this morning, I was afraid, that this is another
bug in the calculation routine. However, the routine seems ok to me.

The problem is the high discrepancy between the RTO_MIN-based
calculation and TCP_TIMEOUT_INIT-based actual backoff in the SYN-case.

Yuris example did not reveal a conceptually new bug, as the same
behaviour can be observed on pre 2.6.32 kernels at higher values.
I tested wget on a 2.6.26 kernel with timeout values of 300 and above.
All runs did time out after 189 seconds, with the sysctl-value as their
hard limit.

My suggestion for solving this issue:
Introducing a third boolean parameter for retransmits_timed_out()
indicating whether the socket is in SYN state or not. In the SYN case, 
TCP_TIMEOUT_INIT will be used for the calculation instead of
TCP_RTO_MIN.

Is that ok?

Regards
 Damian


Am Montag, den 27.09.2010, 01:10 -0700 schrieb David Miller:
> From: Yuri Chislov <yuri@...nteg.net>
> Date: Mon, 27 Sep 2010 10:07:06 +0200
> 
> >   It looks like the behavior changed in 2.6.32. 2.6.32 and up, uses some 
> > calculation instead of a direct definition of the retries number, that makes it 
> > harder to achieve the necessary system behavior.
> > 
> >  The default behavior of the system changed completely
> > (the old default connect timeout was ~ 180 seconds, while the new one is ~21 
> > sec). 
> > 
> > The new behavior invalidates the kernel documentation and tcp man page.
> > 
> > It's not possible to set a connect timeout > 25 sec in the applications while 
> > using the default values in /proc. 
> > 
> > From my view point is regression.
> 
> Agreed, Damian you have to fix this.
> 
> Otherwise I'm reverting all of your Revert Backoff commits.


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ