| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1381881514.2045.82.camel@edumazet-glaptop.roam.corp.google.com> Date: Tue, 15 Oct 2013 16:58:34 -0700 From: Eric Dumazet <eric.dumazet@...il.com> To: Steffen Klassert <steffen.klassert@...unet.com> Cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org Subject: Re: [PATCH RFC 0/2] xfrm: Remove ancient sleeping code On Tue, 2013-10-15 at 09:30 +0200, Steffen Klassert wrote: > Right, that's why I've limited the queue to 100 packets. We can > queue the SYNs of up to 100 tcp connestions that want to use > this IPsec state. It surely can happen that we queue multiple > retransmitted SYNs if the IPsec resolution is slow. But the > queueing code tries at least to get the packets out before > the first tcp retransmit. I think there is still room for > optimizations, maybe reducing the queue lenght or the queue > timeout to avoid queueing retransmitted SYNs as much as possible. Note that its totally possible to avoid retransmitting SYN if original SYN is still in a host queue. We currently increment a SNMP counter when we detect this, we could do something else (like not queuing a copy of the packet) http://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git/commit/?id=0e280af026a5662ffd57c4e623b822df1f7f47ff Another work in progress is to delay RTO arming at the time TCP packet leaves the host queues, instead of at the enqueue time. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists