| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1383876294.9412.136.camel@edumazet-glaptop2.roam.corp.google.com> Date: Thu, 07 Nov 2013 18:04:54 -0800 From: Eric Dumazet <eric.dumazet@...il.com> To: Rick Jones <rick.jones2@...com> Cc: David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org> Subject: Re: [RFC] tcp: randomize TCP source ports On Thu, 2013-11-07 at 17:07 -0800, Rick Jones wrote: > For perhaps most definitions of well deployed. There is at least one > load balancer which, while it offers TCP Window Scaling, does not also > offer TCP Time Stamps... > > By rights they should (must) be offering TCP Time Stamps, and they are, > I am told, "working on it." > > Is all going to be "well" when it is the (non-Linux) remote system which > has the TIME_WAIT endpoint? Hey, tell us why netperf does a bind(port=0, addr=ANY) and SO_REUSEADDR tricks before connect() It seems you do request randomization, but you do not want it for applications written by innocent people... Current implementation is lazy at best, as a single @hint variable is shared for all cpus, all users, so at moderate load there is actually no guarantee of sequential allocations. RFC 6056 has an interesting list of alternatives -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists