| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 May 2014 11:18:42 +0200
From: Florian Westphal <fw@...len.de>
To: Eric Dumazet <eric.dumazet@...il.com>
Cc: Florian Westphal <fw@...len.de>, netdev@...r.kernel.org,
Daniel Borkmann <dborkman@...hat.com>,
Glenn Judd <glenn.judd@...ganstanley.com>
Subject: Re: [PATCH 2/5] net: tcp: add flag for ca to indicate that ECN is
required
Eric Dumazet <eric.dumazet@...il.com> wrote:
> > +static inline bool tcp_ca_needs_ecn(const struct sock *sk)
> > +{
> > + const struct inet_connection_sock *icsk = inet_csk(sk);
> > +
> > + return icsk->icsk_ca_ops->flags & TCP_CONG_NEEDS_ECN;
> > +}
> > +
> > static inline void tcp_ca_event(struct sock *sk, const enum tcp_ca_event event)
> > {
> > const struct inet_connection_sock *icsk = inet_csk(sk);
> > @@ -856,6 +847,26 @@ static inline void tcp_ca_event(struct sock *sk, const enum tcp_ca_event event)
> > icsk->icsk_ca_ops->cwnd_event(sk, event);
> > }
> >
> > +/* RFC3168 : 6.1.1 SYN packets must not have ECT/ECN bits set
> > + *
> > + * If we receive a SYN packet with these bits set, it means a network is
> > + * playing bad games with TOS bits. In order to avoid possible false congestion
> > + * notifications, we disable TCP ECN negociation.
> > + */
>
> looks like comment needs a change.
Right, thanks for catching this.
> > diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
> > index 694711a..1f983dd 100644
> > --- a/net/ipv4/tcp_output.c
> > +++ b/net/ipv4/tcp_output.c
> > @@ -331,7 +331,8 @@ static inline void TCP_ECN_send_syn(struct sock *sk, struct sk_buff *skb)
> > struct tcp_sock *tp = tcp_sk(sk);
> >
> > tp->ecn_flags = 0;
> > - if (sock_net(sk)->ipv4.sysctl_tcp_ecn == 1) {
> > + if (sock_net(sk)->ipv4.sysctl_tcp_ecn == 1 ||
> > + tcp_ca_needs_ecn(sk)) {
> > TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_ECE | TCPHDR_CWR;
> > tp->ecn_flags = TCP_ECN_OK;
> > }
> > @@ -953,6 +954,9 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
> > if (likely((tcb->tcp_flags & TCPHDR_SYN) == 0))
> > TCP_ECN_send(sk, skb, tcp_header_size);
> >
> > + if (tcp_ca_needs_ecn(sk))
> > + INET_ECN_xmit(sk);
>
> Why do we need this every time we send a packet ?
Indeed... I'll change it.
> Its normally done in TCP_ECN_send(), where it probably makes sense to
> change the logic and add a comment why DCTCP sets ECT even for rtx
> packets ?
Sounds like an excellent suggestion, thanks Eric.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists