| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0607b63a-7555-44e2-b040-949a34c07f12@exim.org> Date: Wed, 23 Apr 2025 12:48:34 +0100 From: jgh@...m.org To: Neal Cardwell <ncardwell@...gle.com>, Jeremy Harris <jgh@...m.org> Cc: netdev@...r.kernel.org, edumazet@...gle.com Subject: Re: [RESEND PATCH 2/2] TCP: pass accepted-TFO indication through getsockopt Thanks for the review. I'm preparing a v2, and a patch to "ss" in iproute2. On 2025/04/22 4:50 PM, Neal Cardwell wrote: > TCP: pass accepted-TFO indication through getsockopt > > Please use something more like: > > tcp: fastopen: pass TFO child indication through getsockopt Will change for v2. >> +#define TCPI_OPT_TFO_SEEN 128 /* we accepted a Fast Open option on SYN */ > > IMHO this bit name is slightly misleading, and does not match the comment. > > Sometimes when a SYN is received with a TFO option the server will > fail to create a child because the TFO cookie is incorrect. In such a > case, a TFO option is "seen", but TFO is not *used* because the TFO > cookie is incorrect; so this "TFO_SEEN" bit would be 0 even though a > TFO option was "seen". IMHO that is confusing/misleading. > > When this bit is set, we know not only that the "Received SYN includes > Fast Open option" (comment from the previous patch), but we also know > that the TFO cookie was correct and a child socket was created. > > So I would suggest a more specific bit name, something like: > > +#define TCPI_OPT_TFO_CHILD 128 /* child from a Fast Open option on SYN */ > > + if (tp->syn_fastopen_child) > + info->tcpi_options |= TCPI_OPT_TFO_CHILD; Done. -- Cheers, Jeremy
Powered by blists - more mailing lists