| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <58f77827-c57c-0602-255f-a76fdd3cd472@gmail.com> Date: Sun, 14 Aug 2016 01:05:38 +0200 From: Piotr Jurkiewicz <piotr.jerzy.jurkiewicz@...il.com> To: netdev@...r.kernel.org Subject: Issues related to TCP Fast Open flags: TFO_SERVER_COOKIE_NOT_CHKED and TFO_SERVER_WO_SOCKOPT2 1. Handling of TFO_SERVER_COOKIE_NOT_CHKED flag was removed back in 2014, but this flag is still mentioned in the documentation: Documentation/networking/ip-sysctl.txt: 0x100: Accept SYN data w/o validating the cookie. 2. There is no explanation how TFO_SERVER_WO_SOCKOPT1 and TFO_SERVER_WO_SOCKOPT2 differ, the docs only say: Documentation/networking/ip-sysctl.txt: 0x400/0x800: Enable Fast Open on all listeners regardless of the TCP_FASTOPEN socket option. The two different flags designate two different ways of setting max_qlen without the TCP_FASTOPEN socket option. 3. When TFO_SERVER_WO_SOCKOPT2 flag is set, the fastopenq.max_qlen is set to the value of sysctl bitmap containing flags (sysctl_tcp_fastopen), what is (at least for me) completely irrational and I believe is a bug: net/ipv4/af_inet.c: 225 else if ((sysctl_tcp_fastopen & 226 TFO_SERVER_WO_SOCKOPT2) != 0) 227 fastopen_queue_tune(sk, 228 ((uint)sysctl_tcp_fastopen) >> 16);
Powered by blists - more mailing lists