| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAD6NSj5Qv3n+0a2rdTaiCtUtT5DXZEE4-K3qxaVX+XMK6Q=SFg@mail.gmail.com> Date: Tue, 11 Dec 2012 22:59:02 +0530 From: Ketan Kulkarni <ketkulka@...il.com> To: netdev@...r.kernel.org Subject: [Query] TCP TFO Query Hi, I am testing tcp tfo behavior with httping client and polipo server on 3.7rc-8 One observation from my TFO testing -If for a connection server sends a cookie to client, client always does TFO for subsequent connections. This is ok. If for some reason, server stops supporting TFO (either because server got restarted without TFO support (in my case) or because path changed and the nw node is dropping packet with unknown syn option or stripping the option), client does not clear up its cookie cache. It always sends data in syn and server never acks the syn-data and client retransmits. As per kernel code -if syn-data is not acked it is retransmitted immediately - with the assumption first syn was dropped (but the assumption server stopped supporting TFO might not have been considered) Will it be better to flush the cookie for this server and re-attempt the cookie "negotiation" on subsequent connection than to retransmit the data every time? Your thoughts? Thanks, Ketan -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists