lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1408041563.25187.1.camel@localhost>
Date:	Thu, 14 Aug 2014 20:39:23 +0200
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
	fw@...len.de
Subject: Re: [PATCH net] tcp: don't allow syn packets without timestamps to
 pass tcp_tw_recycle logic

On Do, 2014-08-14 at 08:38 -0700, Eric Dumazet wrote:
> On Thu, 2014-08-14 at 11:37 +0200, Hannes Frederic Sowa wrote:
> 
> > did you have a chance to look at this patch again?
> > 
> > I found this during code review. Non time stamped SYN packets could
> > eventually trigger the completion of a 3WHS even though we had
> > tw_recycle enabled and the SYN arrived in a TCP_PAWS_MSL of this host
> > period.
> 
> 
> > 
> > I don't want to make this feature more general usable (without time
> > stamps), they are absolutely required. It just adds protection against
> > accidental 3WHS completion of 3WHS if a packet without time stamps
> > arrived.
> > 
> > I don't have a strong opinion on that but it just seems to be natural,
> > as we also conditional schedule the timeout for the tw buckets depending
> > on if we saw time stamps on the prior connection.
> 
> I believe this patch gives a wrong sense of comfort, and honestly this
> is caused by its changelog.
> 
> Sane people should not use tw_recycle, and eventually we should remove
> its support.
> 
> Your changelog is misleading because it could give bad incentive about
> _using_ tw_recycle.
> 
> Please rephrase it so that no doubt is possible.

Yep, I also thought the changelog might be too poor after your response.
Will resend soon with updated changelog.

Thanks,
Hannes


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ