lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20160315195709.GA16858@oracle.com>
Date:	Tue, 15 Mar 2016 15:57:09 -0400
From:	Sowmini Varadhan <sowmini.varadhan@...cle.com>
To:	Tom Herbert <tom@...bertland.com>
Cc:	Linux Kernel Network Developers <netdev@...r.kernel.org>,
	santosh.shilimkar@...cle.com,
	"David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH v2 net-next] rds-tcp: Add sysctl tunables for
 sndbuf/rcvbuf on rds-tcp socket

On (03/15/16 10:47), Tom Herbert wrote:
> Both sshd and nfsd and allow configurable listener port numbers. Any
> listener service will allow a configurable port number. An IANA port
> number is good as a default, but there are many reasons why people
> want or need to use a different port number. I don't see what makes
> RDS special in this regard.

Tom,

TCP is supposed to be the transparent infra for RDS-TCP.
If the server listens at something other than the well-known port,
the client kernel tcp socket has to know the value of the port to
connect to.  That means you also have to push down configuration
at each node, saying "client IP address X is to be connected at port Y"
etc. That is a lot of configuration information to manage in a cluster.
In addition to the volume of information that needs to be managed,
it also makes connectivity problems hard to trouble-shoot.

It has the danger of being a solution looking for a problem, because
we have not seen the use-case for this so far.

Thus to repeat what I said earlier,
 *if* some such need arises
and
 *if* there is absolutely no way to solve it with the existing infra,
there is nothing preventing a design extension to the daemon approach
in the future.

By itself, the sysctl support adds value and can co-exist with those
extensions.

--Sowmini

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ