lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20131016094549.GZ7660@secunet.com>
Date:	Wed, 16 Oct 2013 11:45:49 +0200
From:	Steffen Klassert <steffen.klassert@...unet.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH RFC 0/2] xfrm: Remove ancient sleeping code

On Tue, Oct 15, 2013 at 04:58:34PM -0700, Eric Dumazet wrote:
> On Tue, 2013-10-15 at 09:30 +0200, Steffen Klassert wrote:
> 
> > Right, that's why I've limited the queue to 100 packets. We can
> > queue the SYNs of up to 100 tcp connestions that want to use
> > this IPsec state. It surely can happen that we queue multiple
> > retransmitted SYNs if the IPsec resolution is slow. But the
> > queueing code tries at least to get the packets out before
> > the first tcp retransmit. I think there is still room for
> > optimizations, maybe reducing the queue lenght or the queue
> > timeout to avoid queueing retransmitted SYNs as much as possible.
> 
> Note that its totally possible to avoid retransmitting SYN if original
> SYN is still in a host queue.
> 
> We currently increment a SNMP counter when we detect this, we could
> do something else (like not queuing a copy of the packet)
> 
> http://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git/commit/?id=0e280af026a5662ffd57c4e623b822df1f7f47ff

This is interesting, we could do the same check before we queue
the packet and drop it if the original packet is still in a host
queue.

I'll do a RFC patch.

> 
> Another work in progress is to delay RTO arming at the time TCP
> packet leaves the host queues, instead of at the enqueue time.
> 

That would be even better, are there already patches publicly
available?

Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ