Re: [PATCH,RFC] explicit connection confirmation

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Lennert Buytenhek <buytenh@gnu.org>
To: bert hubert <ahu@ds9a.nl>, netdev@oss.sgi.com
Subject: Re: [PATCH,RFC] explicit connection confirmation
Date: Thu, 7 Nov 2002 09:30:02 -0500	[thread overview]
Message-ID: <20021107143002.GA23858@gnu.org> (raw)
In-Reply-To: <20021107134918.GA28329@outpost.ds9a.nl>


On Thu, Nov 07, 2002 at 02:49:18PM +0100, bert hubert wrote:

> > > I think this approach smells, btw - doesn't this mean that processes
> > > will now be woken up on receiving a SYN instead of after completion
> > > of the handshake?
> > 
> > Yes, it does mean this.  You are free to suggest alternatives.
> 
> I like having this ability - I dislike offering it to an unsuspecting
> userspace.

Userspace needs to turn on the option first, so your 'unsuspecting'
does not apply.


> > > Would make a synflood all the more interesting..
> > 
> > In case of a synflood, the TCP stack will fall back to sending
> > syncookies as it normally does.
> 
> Yes, but in your setup, a spoofable SYN packet will spawn a process for many
> daemons, unless they are modified to first try to read/write to the socket
> (which might block!) before forking/pthread_create()ing.

Again, if the app decides to turn on TCP_CONFIRM_CONNECT, then it's
up to the app to deal with it properly.  There are very good reasons
for not turning on TCP_CONFIRM_CONNECT by default, which is why it
is not on by default, and why grafting a setsockopt onto every daemon
there is out there is definitely not a good idea.


cheers,
Lennert

next prev parent reply	other threads:[~2002-11-07 14:30 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-11-07  9:32 [PATCH,RFC] explicit connection confirmation Lennert Buytenhek
2002-11-07 11:27 ` bert hubert
2002-11-07 12:09   ` Lennert Buytenhek
2002-11-07 13:36     ` jamal
2002-11-07 15:27       ` Lennert Buytenhek
2002-11-08 11:22         ` jamal
2002-11-08 11:52           ` bert hubert
2002-11-08 11:56             ` Marc Boucher
2002-11-08 18:28           ` Lennert Buytenhek
2002-11-07 13:49     ` bert hubert
2002-11-07 14:30       ` Lennert Buytenhek [this message]
2002-11-07 16:24         ` bert hubert
2003-08-14 13:11 ` Lennert Buytenhek
2003-08-25 11:09   ` Harald Welte

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021107143002.GA23858@gnu.org \
    --to=buytenh@gnu.org \
    --cc=ahu@ds9a.nl \
    --cc=netdev@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.