| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a3e08ca65f86dac1f741ef002af2feac69537041@linux.dev> Date: Tue, 08 Apr 2025 15:49:59 +0000 From: "Jiayuan Chen" <jiayuan.chen@...ux.dev> To: "Jakub Kicinski" <kuba@...nel.org> Cc: "Eric Dumazet" <edumazet@...gle.com>, bpf@...r.kernel.org, mrpre@....com, "David S. Miller" <davem@...emloft.net>, "Paolo Abeni" <pabeni@...hat.com>, "Simon Horman" <horms@...nel.org>, "Jonathan Corbet" <corbet@....net>, "Neal Cardwell" <ncardwell@...gle.com>, "Kuniyuki Iwashima" <kuniyu@...zon.com>, "David Ahern" <dsahern@...nel.org>, "Steffen Klassert" <steffen.klassert@...unet.com>, "Sabrina Dubroca" <sd@...asysnail.net>, "Nicolas Dichtel" <nicolas.dichtel@...nd.com>, "Antony Antony" <antony.antony@...unet.com>, "Christian Hopps" <chopps@...n.net>, netdev@...r.kernel.org, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH RESEND net-next v3 2/2] tcp: add LINUX_MIB_PAWS_TW_REJECTED counter April 8, 2025 at 23:19, "Jakub Kicinski" <kuba@...nel.org> wrote: > > On Tue, 08 Apr 2025 14:57:29 +0000 Jiayuan Chen wrote: > > > > > When TCP is in TIME_WAIT state, PAWS verification uses > > > LINUX_PAWSESTABREJECTED, which is ambiguous and cannot be distinguished > > > from other PAWS verification processes. > > > Moreover, when PAWS occurs in TIME_WAIT, we typically need to pay special > > > attention to upstream network devices, so we added a new counter, like the > > > existing PAWS_OLD_ACK one. > > > > > > > > > I really dislike the repetition of "upstream network devices". > > Is it mentioned in some RFC ? > > > > I used this term to refer to devices that are located in the path of the > > TCP connection > > > > Could we use some form of: "devices that are located in the path of the > TCP connection" ? Maybe just "devices in the networking path" ? > I hope that will be sufficiently clear in all contexts. > > Upstream devices sounds a little like devices which have drivers in > > upstream Linux kernel :( That makes sense :). Thanks. > > > > such as firewalls, NATs, or routers, which can perform > > SNAT or DNAT and these network devices use addresses from their own limited > > address pools to masquerade the source address during forwarding, this > > can cause PAWS verification to fail more easily. > > > > You are right that this term is not mentioned in RFC but it's commonly used > > in IT infrastructure contexts. Sorry to have caused misunderstandings. > > -- > > pw-bot: cr >
Powered by blists - more mailing lists