| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Oct 2014 15:59:58 -0400 (EDT) From: David Miller <davem@...emloft.net> To: fw@...len.de Cc: netdev@...r.kernel.org Subject: Re: [PATCH -next 0/2] net: allow setting ecn via routing table From: Florian Westphal <fw@...len.de> Date: Wed, 29 Oct 2014 13:23:07 +0100 > We could do that, if you prefer. > > I tried to come up with a scenario though, where sysctl_tcp_ecn=0, and > then we want to enable 'passive' ecn for incoming connections only on > a particular route without announcing ecn to the peer. I haven't been > able to find any -- I think if you deem 'route to x' safe for ecn it > might as well be enabled for both initiator and responder. The original > patch would be sufficient for that. > > IOW, is 'ecn from a to b but not b to a' a sensible requirement? I think you have to apply the same logic for the sysctl (there's a reason to only support ECN passively) as you do for the route feature because you can logically look at the sysctl as applying to the default route. > Unrelated to this patch, but I'd like to see sysctl_tcp_ecn=1 as a > default at one point (almost no routers set CE bit at this time, perhaps > that would change if ecn usage is more widespread). Now you're talking. So, either passive ECN support makes sense or it does not. To me, no matter what the argument, it doesn't matter what realm (whole system, specific routes) you apply that argument to. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists