lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120204142823.GA7000@neilslaptop.think-freely.org>
Date:	Sat, 4 Feb 2012 09:28:23 -0500
From:	Neil Horman <nhorman@...driver.com>
To:	Satoru Moriya <satoru.moriya@....com>
Cc:	David Miller <davem@...emloft.net>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"tgraf@...radead.org" <tgraf@...radead.org>,
	"stephen.hemminger@...tta.com" <stephen.hemminger@...tta.com>,
	"hagen@...u.net" <hagen@...u.net>,
	"eric.dumazet@...il.com" <eric.dumazet@...il.com>,
	Seiji Aguchi <seiji.aguchi@....com>
Subject: Re: [PATCH v2 0/2] Tracepoint for tcp retransmission

On Fri, Feb 03, 2012 at 04:47:04PM -0500, Satoru Moriya wrote:
> On 01/20/2012 01:50 PM, David Miller wrote:
> > You were given an alternative way to trace these kinds of events, and 
> > you have yet to give us a solid reason why that cannot work for you.
> 
> OK. I'll try to explain it.
> 
> First of all, we'd like to use this tracepoint with our
> flight recorder.
> 
> tcpdump:
>  tcpdump captures all the packets and so its overhead is not
>  acceptable. Also we can't keep the data on memory but must
>  write the data to file for each time. It introduce other
>  overhead which we can't accept.
> 
So, I hadn't really considered this approach (missed the suggestion previously).
Its not really accurate to disregard this solution entirely.  While the overhead
of tcpdump (or libpcap more specifically) might be too much, it speaks to a
possible solution that doesn't require adding additional tracepoints: a
netfilter hook.  What about writing a kernel module to hook at various points
(I'd guess IP_PREROUTE would be best), to detect duplicate sequence numbers on a
particular connection.  You could export the information via a proc file, or do
it asynchronously with a netlink socket or some such.  Thats the sort of module
that pleasantly isolated (allow those not interested to not have to include it
in their builds or see it in the source), efficiently provides the information
you need, and can be expanded to other types of traffic should you need it in
the future.

Thoughts?
Neil

> 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ