| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAK6E8=cuTtOJfMH5sXM3LFKeq_30cqbZ6W8PoS1VXWBFs+FJmg@mail.gmail.com>
Date: Wed, 26 Oct 2016 12:42:43 -0700
From: Yuchung Cheng <ycheng@...gle.com>
To: Neal Cardwell <ncardwell@...gle.com>
Cc: Eric Dumazet <eric.dumazet@...il.com>,
David Miller <davem@...emloft.net>,
netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH net-next] tcp/dccp: drop SYN packets if accept queue is full
On Wed, Oct 26, 2016 at 11:39 AM, Neal Cardwell <ncardwell@...gle.com> wrote:
>
> On Wed, Oct 26, 2016 at 12:27 PM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> > From: Eric Dumazet <edumazet@...gle.com>
> >
> > Per listen(fd, backlog) rules, there is really no point accepting a SYN,
> > sending a SYNACK, and dropping the following ACK packet if accept queue
> > is full, because application is not draining accept queue fast enough.
> >
> > This behavior is fooling TCP clients that believe they established a
> > flow, while there is nothing at server side. They might then send about
> > 10 MSS (if using IW10) that will be dropped anyway while server is under
> > stress.
> >
> > Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> > ---
>
> Acked-by: Neal Cardwell <ncardwell@...gle.com>
Acked-by: Yuchung Cheng <ycheng@...gle.com>
It's too bad the git has no history of the extra young sockets check.
it seemed to be some kind bandaid fix before syn-cookie was invented?
>
> Great. Thanks, Eric!
>
> neal
Powered by blists - more mailing lists