lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Sep 2019 14:23:52 -0400 From: Neal Cardwell <ncardwell@...gle.com> To: Eric Dumazet <edumazet@...gle.com> Cc: Jason Baron <jbaron@...mai.com>, Thomas Higdon <tph@...com>, netdev <netdev@...r.kernel.org>, Jonathan Lemon <jonathan.lemon@...il.com>, Dave Jones <dsj@...com>, Yuchung Cheng <ycheng@...gle.com> Subject: Re: [PATCH v2] tcp: Add TCP_INFO counter for packets received out-of-order On Tue, Sep 17, 2019 at 1:22 PM Eric Dumazet <edumazet@...gle.com> wrote: > > Tue, Sep 17, 2019 at 10:13 AM Jason Baron <jbaron@...mai.com> wrote: > > > > > > Hi, > > > > I was interested in adding a field to tcp_info around the TFO state of a > > socket. So for the server side it would indicate if TFO was used to > > create the socket and on the client side it would report whether TFO > > worked and if not that it failed with maybe some additional states > > around why it failed. I'm thinking it would be maybe 3 bits. BTW, one aspect of that "did TFO work" info is available already in tcp_info in the tcpi_options field. Kernel side is: if (tp->syn_data_acked) info->tcpi_options |= TCPI_OPT_SYN_DATA; We use this bit in packetdrill tests on client and server side to check that the TFO data-in-SYN succeeded: +0 %{ assert (tcpi_options & TCPI_OPT_SYN_DATA) != 0, tcpi_options }% These TFO bits were added much later than the other bits, so IMHO it would be OK to add more bits somewhere unused in tcp_info to indicate reasons for TFO failure. Especially if, as you suggest, "0" as a code point could indicate that the code point is undefined, and all meaningful code points were non-zero. neal > > My question is whether its reasonable to use the unused bits of > > __u8 tcpi_delivery_rate_app_limited:1;. Or is this not good because > > the size hasn't changed? What if I avoided using 0 for the new field to > > avoid the possibility of not knowing if 0 because its the old kernel or > > 0 because that's now its a TFO state? IE the new field could always be > > > 0 for the new kernel. > > > > I guess that storing the 'why it has failed' would need more bits. > > I suggest maybe using an event for this, instead of TCP_INFO ? > > As of using the bits, maybe the monitoring application does not really care > if running on an old kernel where the bits would be zero. > > Commit eb8329e0a04db0061f714f033b4454326ba147f4 reserved a single > bit and did not bother about making sure the monitoring would detect if this > runs on an old kernel.
Powered by blists - more mailing lists