lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Jun 2011 15:06:26 -0700 From: Jerry Chu <hkchu@...gle.com> To: Hagen Paul Pfeifer <hagen@...u.net> Cc: David Miller <davem@...emloft.net>, Eric Dumazet <eric.dumazet@...il.com>, tsunanet@...il.com, "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: Re: [PATCH] RFC2988bis + taking RTT sample from 3WHS for the passive open side Hi Hagen, On Wed, Jun 8, 2011 at 2:16 PM, Hagen Paul Pfeifer <hagen@...u.net> wrote: > Hello Jerry > > * Jerry Chu | 2011-06-08 11:04:22 [-0700]: > >>+ /* Cut cwnd down to 1 per RFC5681 if SYN or SYN-ACK has been >>+ * retransmitted. In light of RFC2988bis' more aggressive 1sec >>+ * initRTO, we only reset cwnd when more than 1 SYN/SYN-ACK >>+ * retransmission has occurred. >>+ */ >>+ if (tp->total_retrans > 1) >>+ tp->snd_cwnd = 1; >>+ else >>+ tp->snd_cwnd = tcp_init_cwnd(tp, dst); > > Is this behavior somewhere documented? In RFC2988bis I cannot find something > similar. See my 5/20/11 mail on this subject. The short answer is, no, it's not part of RFC2988bis. The long answer is, when we (Vern, Mark and I) were working on RFC2988bis we shared a common design goal to minimize the negative impact to those paths with RTT > 1sec as much as possible. RFC3390 and later RFC5681 have the following clause: "... Further, if the SYN or SYN/ACK is lost, the initial window used by a sender after a correctly transmitted SYN MUST be one segment consisting of at most SMSS bytes." Unfortunately, with initRTO reduced to 1sec, unless the stack can reliably detect spurious retransmissions of SYN or SYN-ACK, the paths with RTT > 1sec may be penalized unnecessarily with initcwnd = 1 if the stack implementation follows the above clause faithfully. We can't really amend the clause as part of RFC2988bis because it doesn't belong there, as the latter only covers RTO computation, not the congestion control algorithm. In the end Vern/Mark suggested me to add the amendment to the IW10 proposal I was working on (now becomes draft-ietf-tcpm-initcwnd-01.txt) So I did, with following paragraph: "... Furthermore, RFC 3390 and RFC 5681 [RFC5681] state that "If the SYN or SYN/ACK is lost, the initial window used by a sender after a correctly transmitted SYN MUST be one segment consisting of MSS bytes." The proposed change to reduce the default RTO to 1 second [PACS11] increases the chance for spurious SYN or SYN/ACK retransmission, thus unnecessarily penalizing connections with RTT > 1 second if their initial window is reduced to 1 segment. For this reason, it is RECOMMENDED that implementations refrain from resetting the initial window to 1 segment, unless either there have been multiple SYN or SYN/ACK retransmissions, or true loss detection has been made." The patch follows the intent of the co-authors. It also moves the implementation closer to the spec. Without the patch the existing implementation will reduce ssthresh (active open side only), but not the cwnd upon SYN or SYN-ACK retransmission. Best, Jerry > > > Cheers, Hagen > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists