lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 4 May 2015 23:07:07 -0400
From:	John Heffner <>
To:	Eric Dumazet <>
Cc:	Eric B Munson <>,
	Tom Herbert <>,
	"David S. Miller" <>,,
	netdev <>
Subject: Re: [PATCH net-next] tcp: provide SYN headers for passive connections

On Mon, May 4, 2015 at 11:12 AM, Eric Dumazet <> wrote:
> On Mon, 2015-05-04 at 10:41 -0400, John Heffner wrote:
>> Nice idea, seems handy.  But a couple (somewhat related) questions:
>> * Other than convenience, are there reasons not use an existing, more
>> general-purpose and portable mechanism like pcap?  (Permissions, I
>> guess?)
> Very hard to synchronize when say you have 32 listeners sharing a single
> port (SO_REUSEPORT), and receive one million SYN per second (when my TCP
> listener scaling work is finished).
> libpcap here would be a serious bottleneck, even with a clever FANIN
> support on the af_packet sockets, considering use of multiqueue NIC.
>> * Are there conditions where, for security purposes, you don't want an
>> application to have access to the raw SYNs?
> Not that we are aware of : We restrict the access to IP + TCP headers,
> for the passive part. All information that is available there was
> provided by the remote peer on a 'open way' anyway.

Makes sense, thanks.

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists