lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 15 Apr 2012 11:33:38 -0700
From:	Jerry Chu <hkchu@...gle.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	David Miller <davem@...emloft.net>,
	netdev <netdev@...r.kernel.org>,
	Tom Herbert <therbert@...gle.com>
Subject: Re: [PATCH net-next] tcp: RFC6298 supersedes RFC2988bis

[send again - it looks like my previous comment was lost...]

On Thu, Apr 12, 2012 at 10:48 PM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> Updates some comments to track RFC6298
>
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Cc: H.K. Jerry Chu <hkchu@...gle.com>
> Cc: Tom Herbert <therbert@...gle.com>
> ---
> BTW, one side effect of the TCP_TIMEOUT_INIT change (3 -> 1) is
> () latency is 200% worse:

Or even worse - 300% (3/1)?

>
> It fires every 200ms and scans 40% of hash table each time, listener
> socket held.

If this becomes a real issue we could decrease TCP_SYNQ_INTERVAL,
essentially making the keepalive timer fire more often, but each time with
less work to do?

Also why is
budget = 2 * (lopt->nr_table_entries / (timeout / interval));
rather than
budget = (lopt->nr_table_entries / (timeout / interval)) + 1;
?

Acked-by: Jerry Chu <hkchu@...gle.com>

>
>  include/net/tcp.h               |    2 +-
>  net/ipv4/inet_connection_sock.c |    2 +-
>  net/ipv4/tcp_input.c            |    4 ++--
>  3 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/include/net/tcp.h b/include/net/tcp.h
> index f75a04d..057f016 100644
> --- a/include/net/tcp.h
> +++ b/include/net/tcp.h
> @@ -123,7 +123,7 @@ extern void tcp_time_wait(struct sock *sk, int state, int timeo);
>  #endif
>  #define TCP_RTO_MAX    ((unsigned)(120*HZ))
>  #define TCP_RTO_MIN    ((unsigned)(HZ/5))
> -#define TCP_TIMEOUT_INIT ((unsigned)(1*HZ))    /* RFC2988bis initial RTO value */
> +#define TCP_TIMEOUT_INIT ((unsigned)(1*HZ))    /* RFC6298 2.1 initial RTO value        */
>  #define TCP_TIMEOUT_FALLBACK ((unsigned)(3*HZ))        /* RFC 1122 initial RTO value, now
>                                                 * used as a fallback RTO for the
>                                                 * initial data transmission if no
> diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
> index 19d66ce..c12396f 100644
> --- a/net/ipv4/inet_connection_sock.c
> +++ b/net/ipv4/inet_connection_sock.c
> @@ -514,7 +514,7 @@ void inet_csk_reqsk_queue_prune(struct sock *parent,
>
>        /* Normally all the openreqs are young and become mature
>         * (i.e. converted to established socket) for first timeout.
> -        * If synack was not acknowledged for 3 seconds, it means
> +        * If synack was not acknowledged for 1 second, it means
>         * one of the following things: synack was lost, ack was lost,
>         * rtt is high or nobody planned to ack (i.e. synflood).
>         * When server is a bit loaded, queue is populated with old
> diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
> index e886e2f..9147c27 100644
> --- a/net/ipv4/tcp_input.c
> +++ b/net/ipv4/tcp_input.c
> @@ -933,7 +933,7 @@ static void tcp_init_metrics(struct sock *sk)
>        tcp_set_rto(sk);
>  reset:
>        if (tp->srtt == 0) {
> -               /* RFC2988bis: We've failed to get a valid RTT sample from
> +               /* RFC6298: 5.7 We've failed to get a valid RTT sample from
>                 * 3WHS. This is most likely due to retransmission,
>                 * including spurious one. Reset the RTO back to 3secs
>                 * from the more aggressive 1sec to avoid more spurious
> @@ -943,7 +943,7 @@ reset:
>                inet_csk(sk)->icsk_rto = TCP_TIMEOUT_FALLBACK;
>        }
>        /* Cut cwnd down to 1 per RFC5681 if SYN or SYN-ACK has been
> -        * retransmitted. In light of RFC2988bis' more aggressive 1sec
> +        * retransmitted. In light of RFC6298 more aggressive 1sec
>         * initRTO, we only reset cwnd when more than 1 SYN/SYN-ACK
>         * retransmission has occurred.
>         */
>
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ