lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 05 Jun 2011 23:30:17 -0700
From:	Josh Lehan <linux@...llan.com>
To:	Ilpo Järvinen <ilpo.jarvinen@...sinki.fi>
CC:	Josh Lehan <linux@...llan.com>, netdev <netdev@...r.kernel.org>
Subject: Re: Skipping past TCP lost packet in userspace

On 06/03/2011 04:51 AM, Ilpo Järvinen wrote:
> And you'd send a cumulative ACK without the actual data segment...? 
> ...That's gonna break many middleboxes which would want to see that 
> data segment too ...And there goes your "viability" (though with luck it 
> will _sometimes_ work as rexmit of the data segment is already in flight). 

No, there would be no wire-visible change.  This idea was explored at
first, and then rejected.  As you mentioned, this would break many
middleboxes.  It would rightfully be considered an "optimistic ACK attack".

The late data segment would have to eventually arrive.  It would either
be dropped, if the userspace application had already skipped beyond that
point, or better yet, it could be re-inserted into the data stream (if
too late for live playback, then it could at least be saved into the
rewind buffer, or saved to disk if the user is doing that).

> In addition, such a non-legimite cumulative ACK probably violates number 
> of TCP RFCs or at least assumptions made in them... e.g., for starters, 
> please explain which timestamp you would be putting there into that 
> particular cumulative ACK?

It wouldn't change anything on the wire.  As you mentioned, timestamps
remain a good defense for guarding against optimistic ACK attacks.

Josh Lehan
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ