lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20140513091842.GB13945@breakpoint.cc>
Date:	Tue, 13 May 2014 11:18:42 +0200
From:	Florian Westphal <fw@...len.de>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	Florian Westphal <fw@...len.de>, netdev@...r.kernel.org,
	Daniel Borkmann <dborkman@...hat.com>,
	Glenn Judd <glenn.judd@...ganstanley.com>
Subject: Re: [PATCH 2/5] net: tcp: add flag for ca to indicate that ECN is
 required

Eric Dumazet <eric.dumazet@...il.com> wrote:
> > +static inline bool tcp_ca_needs_ecn(const struct sock *sk)
> > +{
> > +	const struct inet_connection_sock *icsk = inet_csk(sk);
> > +
> > +	return icsk->icsk_ca_ops->flags & TCP_CONG_NEEDS_ECN;
> > +}
> > +
> >  static inline void tcp_ca_event(struct sock *sk, const enum tcp_ca_event event)
> >  {
> >  	const struct inet_connection_sock *icsk = inet_csk(sk);
> > @@ -856,6 +847,26 @@ static inline void tcp_ca_event(struct sock *sk, const enum tcp_ca_event event)
> >  		icsk->icsk_ca_ops->cwnd_event(sk, event);
> >  }
> >  
> > +/* RFC3168 : 6.1.1 SYN packets must not have ECT/ECN bits set
> > + *
> > + * If we receive a SYN packet with these bits set, it means a network is
> > + * playing bad games with TOS bits. In order to avoid possible false congestion
> > + * notifications, we disable TCP ECN negociation.
> > + */
> 
> looks like comment needs a change.

Right, thanks for catching this.

> > diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
> > index 694711a..1f983dd 100644
> > --- a/net/ipv4/tcp_output.c
> > +++ b/net/ipv4/tcp_output.c
> > @@ -331,7 +331,8 @@ static inline void TCP_ECN_send_syn(struct sock *sk, struct sk_buff *skb)
> >  	struct tcp_sock *tp = tcp_sk(sk);
> >  
> >  	tp->ecn_flags = 0;
> > -	if (sock_net(sk)->ipv4.sysctl_tcp_ecn == 1) {
> > +	if (sock_net(sk)->ipv4.sysctl_tcp_ecn == 1 ||
> > +	    tcp_ca_needs_ecn(sk)) {
> >  		TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_ECE | TCPHDR_CWR;
> >  		tp->ecn_flags = TCP_ECN_OK;
> >  	}
> > @@ -953,6 +954,9 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
> >  	if (likely((tcb->tcp_flags & TCPHDR_SYN) == 0))
> >  		TCP_ECN_send(sk, skb, tcp_header_size);
> >  
> > +	if (tcp_ca_needs_ecn(sk))
> > +		INET_ECN_xmit(sk);
> 
> Why do we need this every time we send a packet ?

Indeed...  I'll change it.

> Its normally done in TCP_ECN_send(), where it probably makes sense to
> change the logic and add a comment why DCTCP sets ECT even for rtx
> packets ?

Sounds like an excellent suggestion, thanks Eric.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ