lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1300514604.2831.23.camel@edumazet-laptop>
Date:	Sat, 19 Mar 2011 07:03:24 +0100
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Jerry Chu <hkchu@...gle.com>
Cc:	Stephen Hemminger <shemminger@...tta.com>, netdev@...r.kernel.org
Subject: Re: [PATCH] Add useful per-connection TCP stats for diagnosis
 purpose.

Le vendredi 18 mars 2011 à 22:38 -0700, Jerry Chu a écrit :
> On Fri, Mar 18, 2011 at 10:02 PM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> > Le vendredi 18 mars 2011 à 21:33 -0700, Jerry Chu a écrit :
> >
> >> I'm well aware of the past, hideous O(n**2) problem of reading
> >> /proc/net/tcp but I
> >> thought the problem has been fixed by Tom Herbert a while back, no?
> >> (See http://marc.info/?l=linux-netdev&m=127588123429437&w=2)
> >>
> >
> > O(N) is still too slow, to gather stats for your socket, if you want to
> > gather stats once per second for example.
> 
> I don't see anyway around O(n). The netlink/inet_diag_dump() will take at
> best O(n) too.

1) netlink is extensible, without breaking old apps.

2) netlink is able to dump part of the information, while
whith /proc/net/tcp you have to cat all the file and grep the needed
info. O(1) is better than O(10)

Example :

I only want info of socket identified by dst ip 192.168.0.144 and dst
port 58196

# ss -emoi dst 192.168.20.144:58196
State       Recv-Q Send-Q     Local Address:Port         Peer Address:Port   
ESTAB       0      0         192.168.20.108:65111      192.168.20.144:58196    ino:3302 sk:ffff88011c278c80
	 mem:(r0,w0,f0,t0) sack cubic wscale:7,7 rto:201 rtt:1.75/0.75 cwnd:10 send 66.7Mbps rcv_space:14600

I want all sockets to remote 192.168.20.110
# ss -emoi dst 192.168.20.110
State       Recv-Q Send-Q     Local Address:Port         Peer Address:Port   
ESTAB       0      0      ::ffff:192.168.20.108:ssh     ::ffff:192.168.20.110:47633    timer:(keepalive,120min,0) ino:70342 sk:ffff88011c381500
	 mem:(r0,w0,f0,t0) ts sack ecn cubic wscale:8,7 rto:207 rtt:7.625/11.5 ato:40 cwnd:10 send 15.2Mbps rcv_rtt:1 rcv_space:14480



3) getsockopt(fd) is O(1)

> 
> >
> > AFAIK, I am not sure we want to allow any user to access all these data
> > for all tcp sockets on the machine. This might have security impacts.
> 
> This seems to be an orthogonal issue to netlink or /proc/net/tcp.

getsockopt(fd) only finds information about your own socket.

An application might want to log tcp information only right before
closing one socket. This sounds more practical than having a separate
spy thread.



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ