lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 04 May 2012 13:20:19 -0700
From:	Rick Jones <rick.jones2@...com>
To:	Eric Dumazet <eric.dumazet@...il.com>
CC:	David Miller <davem@...emloft.net>,
	netdev <netdev@...r.kernel.org>,
	Perry Lorier <perryl@...gle.com>,
	Matt Mathis <mattmathis@...gle.com>,
	Yuchung Cheng <ycheng@...gle.com>,
	Neal Cardwell <ncardwell@...gle.com>,
	Tom Herbert <therbert@...gle.com>,
	Wilmer van der Gaast <wilmer@...gle.com>,
	Dave Täht <dave.taht@...ferbloat.net>,
	Ankur Jain <jankur@...gle.com>
Subject: Re: [PATCH net-next] tcp: be more strict before accepting ECN negociation

On 05/04/2012 12:05 PM, Eric Dumazet wrote:
> On Fri, 2012-05-04 at 11:48 -0700, Rick Jones wrote:
>> I'll fire-up tcpdump on netperf.org:
>>
>> tcpdump -i eth0 -vvv '(tcp[tcpflags]&  tcp-syn != 0)&&  (ip[1] != 0x0)'
>>
>> and see what appears.
>>
>> rick
>
> of (ip[1]&  3 != 0)

True, I'm looking at more than the ECN bits, but in the 90 minutes the 
tcpdump has been running there have been no packets with the any of the 
8 bits at ip[1] being 1 anyway :)  Netperf.org doesn't get a massive 
quantity of traffic.  It may go the entire week-end or longer without 
seeing such a packet.

> Note that you could catch SYNACK with this filter (if your machine
> initiates some active TCP sessions), since SYNACK might have ECT bits,
> if some stacks implemented :
>
> http://tools.ietf.org/html/draft-kuzmanovic-ecn-syn-00  ( Adding
> Explicit Congestion Notification (ECN) Capability to TCP's SYN/ACK
> Packets )
>
> http://tools.ietf.org/id/draft-ietf-tcpm-ecnsyn-04.txt

True.  I suspect that 99 times out of 10, the outbound connections 
established by netperf.org are in response to traffic to netperf-talk, 
which is itself a rather quiet list, so I'm not too worried about the 
output being cluttered with false hits.

rick
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists