lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 11 Dec 2012 22:59:02 +0530
From:	Ketan Kulkarni <>
Subject: [Query] TCP TFO Query

I am testing tcp tfo behavior with httping client and polipo server on 3.7rc-8

One observation from my TFO testing  -If for a connection server sends
a cookie to client, client always does TFO for subsequent connections.
This is ok.

If for some reason, server stops supporting TFO (either because server
got restarted without TFO support (in my case) or because path changed
and the nw node is dropping packet with unknown syn option or
stripping the option), client does not clear up its cookie cache. It
always sends data in syn and server never acks the syn-data and client

As per kernel code -if syn-data is not acked it is retransmitted
immediately - with the assumption first syn was dropped (but the
assumption server stopped supporting TFO might not have been

Will it be better to flush the cookie for this server and re-attempt
the cookie "negotiation" on subsequent connection than to retransmit
the data every time?

Your thoughts?

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists