lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250408081930.2734169c@kernel.org>
Date: Tue, 8 Apr 2025 08:19:30 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: "Jiayuan Chen" <jiayuan.chen@...ux.dev>
Cc: "Eric Dumazet" <edumazet@...gle.com>, bpf@...r.kernel.org,
 mrpre@....com, "David S. Miller" <davem@...emloft.net>, "Paolo Abeni"
 <pabeni@...hat.com>, "Simon Horman" <horms@...nel.org>, "Jonathan Corbet"
 <corbet@....net>, "Neal Cardwell" <ncardwell@...gle.com>, "Kuniyuki
 Iwashima" <kuniyu@...zon.com>, "David Ahern" <dsahern@...nel.org>, "Steffen
 Klassert" <steffen.klassert@...unet.com>, "Sabrina Dubroca"
 <sd@...asysnail.net>, "Nicolas Dichtel" <nicolas.dichtel@...nd.com>,
 "Antony Antony" <antony.antony@...unet.com>, "Christian Hopps"
 <chopps@...n.net>, netdev@...r.kernel.org, linux-doc@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH RESEND net-next v3 2/2] tcp: add
 LINUX_MIB_PAWS_TW_REJECTED counter

On Tue, 08 Apr 2025 14:57:29 +0000 Jiayuan Chen wrote:
> > > When TCP is in TIME_WAIT state, PAWS verification uses
> > >  LINUX_PAWSESTABREJECTED, which is ambiguous and cannot be distinguished
> > >  from other PAWS verification processes.
> > >  Moreover, when PAWS occurs in TIME_WAIT, we typically need to pay special
> > >  attention to upstream network devices, so we added a new counter, like the
> > >  existing PAWS_OLD_ACK one.
> > >   
> > 
> > I really dislike the repetition of "upstream network devices".
> > Is it mentioned in some RFC ?  
> 
> I used this term to refer to devices that are located in the path of the
> TCP connection

Could we use some form of: "devices that are located in the path of the
TCP connection" ? Maybe just "devices in the networking path" ?
I hope that will be sufficiently clear in all contexts.
Upstream devices sounds a little like devices which have drivers in
upstream Linux kernel :(

> such as firewalls, NATs, or routers, which can perform
> SNAT or DNAT and these network devices use addresses from their own limited
> address pools to masquerade the source address during forwarding, this
> can cause PAWS verification to fail more easily.
> 
> You are right that this term is not mentioned in RFC but it's commonly used
> in IT infrastructure contexts. Sorry to have caused misunderstandings.
-- 
pw-bot: cr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ