lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID:
 <PAXPR07MB7984E2D22D4337CA97EBB9CBA389A@PAXPR07MB7984.eurprd07.prod.outlook.com>
Date: Tue, 20 Jan 2026 18:11:39 +0000
From: "Chia-Yu Chang (Nokia)" <chia-yu.chang@...ia-bell-labs.com>
To: Eric Dumazet <edumazet@...gle.com>
CC: "pabeni@...hat.com" <pabeni@...hat.com>, "parav@...dia.com"
	<parav@...dia.com>, "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
	"corbet@....net" <corbet@....net>, "horms@...nel.org" <horms@...nel.org>,
	"dsahern@...nel.org" <dsahern@...nel.org>, "kuniyu@...gle.com"
	<kuniyu@...gle.com>, "bpf@...r.kernel.org" <bpf@...r.kernel.org>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>, "dave.taht@...il.com"
	<dave.taht@...il.com>, "jhs@...atatu.com" <jhs@...atatu.com>,
	"kuba@...nel.org" <kuba@...nel.org>, "stephen@...workplumber.org"
	<stephen@...workplumber.org>, "xiyou.wangcong@...il.com"
	<xiyou.wangcong@...il.com>, "jiri@...nulli.us" <jiri@...nulli.us>,
	"davem@...emloft.net" <davem@...emloft.net>, "andrew+netdev@...n.ch"
	<andrew+netdev@...n.ch>, "donald.hunter@...il.com" <donald.hunter@...il.com>,
	"ast@...erby.net" <ast@...erby.net>, "liuhangbin@...il.com"
	<liuhangbin@...il.com>, "shuah@...nel.org" <shuah@...nel.org>,
	"linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>,
	"ij@...nel.org" <ij@...nel.org>, "ncardwell@...gle.com"
	<ncardwell@...gle.com>, "Koen De Schepper (Nokia)"
	<koen.de_schepper@...ia-bell-labs.com>, "g.white@...lelabs.com"
	<g.white@...lelabs.com>, "ingemar.s.johansson@...csson.com"
	<ingemar.s.johansson@...csson.com>, "mirja.kuehlewind@...csson.com"
	<mirja.kuehlewind@...csson.com>, cheshire <cheshire@...le.com>,
	"rs.ietf@....at" <rs.ietf@....at>, "Jason_Livingood@...cast.com"
	<Jason_Livingood@...cast.com>, Vidhi Goel <vidhi_goel@...le.com>
Subject: RE: [PATCH v9 net-next 10/15] tcp: accecn: unset ECT if receive or
 send ACE=0 in AccECN negotiaion

> -----Original Message-----
> From: Eric Dumazet <edumazet@...gle.com> 
> Sent: Tuesday, January 20, 2026 12:05 PM
> To: Chia-Yu Chang (Nokia) <chia-yu.chang@...ia-bell-labs.com>
> Cc: pabeni@...hat.com; parav@...dia.com; linux-doc@...r.kernel.org; corbet@....net; horms@...nel.org; dsahern@...nel.org; kuniyu@...gle.com; bpf@...r.kernel.org; netdev@...r.kernel.org; dave.taht@...il.com; jhs@...atatu.com; kuba@...nel.org; stephen@...workplumber.org; xiyou.wangcong@...il.com; jiri@...nulli.us; davem@...emloft.net; andrew+netdev@...n.ch; donald.hunter@...il.com; ast@...erby.net; liuhangbin@...il.com; shuah@...nel.org; linux-kselftest@...r.kernel.org; ij@...nel.org; ncardwell@...gle.com; Koen De Schepper (Nokia) <koen.de_schepper@...ia-bell-labs.com>; g.white@...lelabs.com; ingemar.s.johansson@...csson.com; mirja.kuehlewind@...csson.com; cheshire <cheshire@...le.com>; rs.ietf@....at; Jason_Livingood@...cast.com; Vidhi Goel <vidhi_goel@...le.com>
> Subject: Re: [PATCH v9 net-next 10/15] tcp: accecn: unset ECT if receive or send ACE=0 in AccECN negotiaion
> 
> 
> CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information.
> 
> 
> 
> On Mon, Jan 19, 2026 at 7:59 PM <chia-yu.chang@...ia-bell-labs.com> wrote:
> >
> > From: Chia-Yu Chang <chia-yu.chang@...ia-bell-labs.com>
> >
> > Based on specification:
> >   https://tools.ietf.org/id/draft-ietf-tcpm-accurate-ecn-28.txt
> >
> > Based on Section 3.1.5 of AccECN spec (RFC9768), a TCP Server in 
> > AccECN mode MUST NOT set ECT on any packet for the rest of the 
> > connection, if it has received or sent at least one valid SYN or 
> > Acceptable SYN/ACK with (AE,CWR,ECE) = (0,0,0) during the handshake.
> >
> > In addition, a host in AccECN mode that is feeding back the IP-ECN 
> > field on a SYN or SYN/ACK MUST feed back the IP-ECN field on the 
> > latest valid SYN or acceptable SYN/ACK to arrive.
> >
> > Signed-off-by: Chia-Yu Chang <chia-yu.chang@...ia-bell-labs.com>
> >
> > ---
> > v8:
> > - Add new helper function tcp_accecn_ace_fail_send_set_retrans()
> >
> > v6:
> > - Do not cast const struct request_sock into struct request_sock
> > - Set tcp_accecn_fail_mode after calling tcp_rtx_synack().
> > ---
> >  include/net/tcp_ecn.h           |  7 +++++++
> >  net/ipv4/inet_connection_sock.c |  3 +++
> >  net/ipv4/tcp_input.c            |  2 ++
> >  net/ipv4/tcp_minisocks.c        | 36 ++++++++++++++++++++++++---------
> >  net/ipv4/tcp_output.c           |  3 ++-
> >  net/ipv4/tcp_timer.c            |  2 ++
> >  6 files changed, 42 insertions(+), 11 deletions(-)
> >
> > diff --git a/include/net/tcp_ecn.h b/include/net/tcp_ecn.h index 
> > 796c613b5ef3..f5e1f6b1bec3 100644
> > --- a/include/net/tcp_ecn.h
> > +++ b/include/net/tcp_ecn.h
> > @@ -97,6 +97,13 @@ static inline void tcp_accecn_fail_mode_set(struct tcp_sock *tp, u8 mode)
> >         tp->accecn_fail_mode |= mode;
> >  }
> >
> > +static inline void tcp_accecn_ace_fail_send_set_retrans(struct request_sock *req,
> > +                                                       struct 
> > +tcp_sock *tp) {
> > +       if (req->num_retrans > 1 && tcp_rsk(req)->accecn_ok)
> > +               tcp_accecn_fail_mode_set(tp, 
> > +TCP_ACCECN_ACE_FAIL_SEND); }
> > +
> >  #define TCP_ACCECN_OPT_NOT_SEEN                0x0
> >  #define TCP_ACCECN_OPT_EMPTY_SEEN      0x1
> >  #define TCP_ACCECN_OPT_COUNTER_SEEN    0x2
> > diff --git a/net/ipv4/inet_connection_sock.c 
> > b/net/ipv4/inet_connection_sock.c index 97d57c52b9ad..9d16cb9c3db4 
> > 100644
> > --- a/net/ipv4/inet_connection_sock.c
> > +++ b/net/ipv4/inet_connection_sock.c
> > @@ -20,6 +20,7 @@
> >  #include <net/tcp_states.h>
> >  #include <net/xfrm.h>
> >  #include <net/tcp.h>
> > +#include <net/tcp_ecn.h>
> >  #include <net/sock_reuseport.h>
> >  #include <net/addrconf.h>
> >
> > @@ -1103,6 +1104,8 @@ static void reqsk_timer_handler(struct timer_list *t)
> >             (!resend ||
> >              !tcp_rtx_synack(sk_listener, req) ||
> >              inet_rsk(req)->acked)) {
> > +               tcp_accecn_ace_fail_send_set_retrans(req,
> > +                                                    
> > + tcp_sk(sk_listener));
> 
> 
> Ouch.
> 
> I think you missed the fact that a listener is shared by many SYN_RECV requests.
> 
> Consider it as read-only here.

Hi Eric,

Thanks for the feedback.
Do you mean sk_listener here is read-only despite there is no const here?

Then, could you help to suggest the way please?
Beacuse for AccECN, here we need to set fail flag after retransmitting SYN/ACK > 1 time.
And this was done within tcp_make_synack(), but now move to every place where could retransmit SYN/ACK.

Thanks.
Chia-Yu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ