lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Thu, 21 Feb 2019 08:30:39 -0800
From:   Eric Dumazet <edumazet@...gle.com>
To:     Devi Sandeep Endluri V V <dendluri@...eaurora.org>
Cc:     netdev <netdev@...r.kernel.org>,
        Subash Abhinov Kasiviswanathan <subashab@...eaurora.org>,
        sharathv@...eaurora.org, ssaha@...eaurora.org,
        stranche@...eaurora.org
Subject: Re: [PATCH v2] tcp: Reset tcp connections in SYN-SENT state

On Thu, Feb 21, 2019 at 3:07 AM Devi Sandeep Endluri V V
<dendluri@...eaurora.org> wrote:
>
> Userspace sends tcp connection (sock) destroy on network permission
> change. Kernel though doesn't send reset for the connections in
> SYN-SENT state and these connections continue to remain. Even as
> per RFC 793, there is no hard rule to not send RST on ABORT in
> this state. Change to make sure RST are send for connections in
> syn-sent state to avoid lingering connections on network switch.
>
> References from RFC 793
>
> ABORT Call
>
>         SYN-SENT STATE
>
>         All queued SENDs and RECEIVEs should be given "connection reset"
>         notification, delete the TCB, enter CLOSED state, and return.
>
> SEGMENT ARRIVES
>
>         If the state is SYN-SENT then
>         If the RST bit is set
>
>           If the ACK was acceptable then signal the user "error:
>           connection reset", drop the segment, enter CLOSED state,
>           delete TCB, and return.  Otherwise (no ACK) drop the segment
>           and return.


This patch and commit log is quite misleading.

It appears all you want to change is the stack behavior on the
tcp_abort() case (ss -K ..) for SYN_SENT sockets.

This patch _does_ not change the behavior for sockets that are closed
by the usual way (close(fd)) while on SYN_SENT state.

It would be really nice if you said so in the change log, instead of
citing an old RFC.

Otherwise I have to spend time deciphering the whole thing.

Thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ