lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1408030715.6804.21.camel@edumazet-glaptop2.roam.corp.google.com>
Date:	Thu, 14 Aug 2014 08:38:35 -0700
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Hannes Frederic Sowa <hannes@...essinduktion.org>
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
	fw@...len.de
Subject: Re: [PATCH net] tcp: don't allow syn packets without timestamps to
 pass tcp_tw_recycle logic

On Thu, 2014-08-14 at 11:37 +0200, Hannes Frederic Sowa wrote:

> did you have a chance to look at this patch again?
> 
> I found this during code review. Non time stamped SYN packets could
> eventually trigger the completion of a 3WHS even though we had
> tw_recycle enabled and the SYN arrived in a TCP_PAWS_MSL of this host
> period.


> 
> I don't want to make this feature more general usable (without time
> stamps), they are absolutely required. It just adds protection against
> accidental 3WHS completion of 3WHS if a packet without time stamps
> arrived.
> 
> I don't have a strong opinion on that but it just seems to be natural,
> as we also conditional schedule the timeout for the tw buckets depending
> on if we saw time stamps on the prior connection.

I believe this patch gives a wrong sense of comfort, and honestly this
is caused by its changelog.

Sane people should not use tw_recycle, and eventually we should remove
its support.

Your changelog is misleading because it could give bad incentive about
_using_ tw_recycle.

Please rephrase it so that no doubt is possible.

Thanks

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ