lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100927060445.GO12373@1wt.eu>
Date:	Mon, 27 Sep 2010 08:04:45 +0200
From:	Willy Tarreau <w@....eu>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: TCP: orphans broken by RFC 2525 #2.17

On Mon, Sep 27, 2010 at 07:48:24AM +0200, Eric Dumazet wrote:
> Le lundi 27 septembre 2010 à 07:39 +0200, Willy Tarreau a écrit :
> > On Sun, Sep 26, 2010 at 06:12:02PM -0700, David Miller wrote:
> > > From: Willy Tarreau <w@....eu>
> > > Date: Mon, 27 Sep 2010 01:25:30 +0200
> > > 
> > > > Agreed. But that's not a reason for killing outgoing data that is
> > > > being sent when there are some data left in the rcv buffer.
> > > 
> > > What alternative notification to the peer do you suggest other than a
> > > reset, then?  TCP gives us no other.
> > 
> > I know, and I agree to send the reset, but after the data are correctly
> > transferred. This reset's purpose is only to inform the other side that
> > the data it sent were destroyed. It is not a requirement to tell it they
> > were destroyed earlier or later. What matters is that it's informed they
> > were destroyed.
> > 
> > That's why I think that it is perfectly reasonable to either destroy them
> > after the ACK or simply notify about their destruction after the ACK.
> > 
> > Instead of having :
> > 
> >         A                                               B
> > 
> >        --->     <SEQ=100><ACK=300>                     --->
> >        <---     <SEQ=300><ACK=100><DATA=10>            <---
> >        --->     <SEQ=100><ACK=310>                     --->
> >        send(100)
> >        shutdown()
> >        close()
> >        --->     <SEQ=100><CTL=RST>                     --->
> > 
> > We would just have :
> > 
> >         A                                               B
> > 
> >        --->     <SEQ=100><ACK=300>                     --->
> >        <---     <SEQ=300><ACK=100><DATA=10>            <---
> >        --->     <SEQ=100><ACK=310>                     --->
> >        send(100)
> >        shutdown()
> >        close()
> >        --->     <SEQ=100><ACK=310><DATA=100><CTL=FIN>  --->
> >        <---     <SEQ=300><ACK=111>                     <---
> >        --->     <SEQ=111><CTL=RST>                     --->
> > 
> > Note that the notification is exactly the same as if we wanted
> > to notify B about the destruction of data that were sent just
> > after the close, because the RST only carries a SEQ field and
> > no ACK indicating what it destroyed :
> > 
> >         A                                               B
> > 
> >        --->     <SEQ=100><ACK=300>                     --->
> >        send(100)
> >        shutdown()
> >        --->     <SEQ=100><ACK=310><DATA=100><CTL=FIN>  --->
> >        <---     <SEQ=300><ACK=111><DATA=10>            <---
> >        close()
> >        --->     <SEQ=111><CTL=RST>                     --->
> > 
> > In my opinion, last two examples are perfectly valid, they just mean
> > "after that, I close and don't want to hear about you again".
> > 
> > > That's the thing, data integrity is full duplex, thus once it has been
> > > compromised in one direction everything currently in flight must be
> > > zapped.
> > 
> > I'm well aware of that, and even though that's an annoying method, we
> > must live with it, it's probably one of the things that contribute TCP
> > its well known reliability. But I think that RFC 2525 abused the TCP
> > use based on traces showing a bad behaviour and overlooked all impacts
> > (nothing there talks about the case of data being sent or in flight at
> > the moment of the close).
> 
> If you can cook a patch that makes sure the RST is sent, just do so.
> 
> Your previous attempt was wrong, since the RST was sent only if client
> sent "req3".
> 
> If it sent "req1", "req2" only, req2 was unread and still no RST sent.
> 
> This is an RFC violation.

OK now I see your point and you're right. However, req3 is not required
in my tests. The simple fact of acknowledging the response causes the
RST to be emitted. However, if the client sends the FIN first, then it's
true that there won't be an RST.

> Its a bit tricky, because you cannot send the FIN flag on the last
> segment, but have to wait for the final ACK coming from client, to
> finally send an RST.

Yes, that's what I was initially looking for then I thought its was
OK to send the FIN too, but you're right, we don't want to send it
if the client had already sent one, otherwise it won't be informed
about the error.

So basically that means not to send the FIN when in CLOSE_WAIT or
LAST_ACK with unread data so that we can send it to the client once
it ACKs our data.

I'll think about it, thanks for the brainstorming.

Willy

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ