| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1430752330.3711.180.camel@edumazet-glaptop2.roam.corp.google.com> Date: Mon, 04 May 2015 08:12:10 -0700 From: Eric Dumazet <eric.dumazet@...il.com> To: John Heffner <johnwheffner@...il.com> Cc: Eric B Munson <emunson@...mai.com>, Tom Herbert <tom@...bertland.com>, "David S. Miller" <davem@...emloft.net>, linux-api@...r.kernel.org, netdev <netdev@...r.kernel.org> Subject: Re: [PATCH net-next] tcp: provide SYN headers for passive connections On Mon, 2015-05-04 at 10:41 -0400, John Heffner wrote: > Nice idea, seems handy. But a couple (somewhat related) questions: > > * Other than convenience, are there reasons not use an existing, more > general-purpose and portable mechanism like pcap? (Permissions, I > guess?) Very hard to synchronize when say you have 32 listeners sharing a single port (SO_REUSEPORT), and receive one million SYN per second (when my TCP listener scaling work is finished). libpcap here would be a serious bottleneck, even with a clever FANIN support on the af_packet sockets, considering use of multiqueue NIC. > * Are there conditions where, for security purposes, you don't want an > application to have access to the raw SYNs? Not that we are aware of : We restrict the access to IP + TCP headers, for the passive part. All information that is available there was provided by the remote peer on a 'open way' anyway. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists