lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 14 Aug 2016 01:05:38 +0200
From:	Piotr Jurkiewicz <piotr.jerzy.jurkiewicz@...il.com>
To:	netdev@...r.kernel.org
Subject: Issues related to TCP Fast Open flags: TFO_SERVER_COOKIE_NOT_CHKED
 and TFO_SERVER_WO_SOCKOPT2

1. Handling of TFO_SERVER_COOKIE_NOT_CHKED flag was removed back in 2014, but this flag is still mentioned in the documentation:

Documentation/networking/ip-sysctl.txt:
	0x100: Accept SYN data w/o validating the cookie.

2. There is no explanation how TFO_SERVER_WO_SOCKOPT1 and TFO_SERVER_WO_SOCKOPT2 differ, the docs only say:

Documentation/networking/ip-sysctl.txt:
	0x400/0x800: Enable Fast Open on all listeners regardless of the
	   TCP_FASTOPEN socket option. The two different flags designate two
	   different ways of setting max_qlen without the TCP_FASTOPEN socket
	   option.

3. When TFO_SERVER_WO_SOCKOPT2 flag is set, the fastopenq.max_qlen is set to the value of sysctl bitmap containing flags (sysctl_tcp_fastopen), what is (at least for me) completely irrational and I believe is a bug:

net/ipv4/af_inet.c:
225                         else if ((sysctl_tcp_fastopen &
226                                   TFO_SERVER_WO_SOCKOPT2) != 0)
227                                 fastopen_queue_tune(sk,
228                                     ((uint)sysctl_tcp_fastopen) >> 16);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ