Re: [PATCH] TCP window tracking over-window handling

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Phil Oester <kernel@linuxace.com>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: Re: [PATCH] TCP window tracking over-window handling
Date: Mon, 7 Feb 2005 08:25:53 -0800	[thread overview]
Message-ID: <20050207162553.GA8788@linuxace.com> (raw)
In-Reply-To: <Pine.LNX.4.58.0502071036410.31326@blackhole.kfki.hu>

On Mon, Feb 07, 2005 at 11:32:27AM +0100, Jozsef Kadlecsik wrote:
> Actually the real governing rule is that packets must intersect the
> window: there may be segments before the left or after the right edge.
> Moreover, the receivers may keep the segments over the window for later
> processing, and your recording just proves it does happen.
> 
> So we can either follow the article and drop the assumption about
> receivers trimming the segments over the window or adjust the code to
> meet RFC793 and real life traffic patterns. I believe the second
> approach would be preferable because then conntrack wouldn't drop
> legitimate packets and there were less false alarms.
> 
> The first attached patch (your version with some modifications to
> complete it) implements the first variation.
> 
> The second one aims to implement the more RFC-compatible window tracking
> code. It is slightly tested using the first window tracking tests by
> nfsim. I'm working on writing more tests to cover as many cases as
> possible.

Both look good, but would it be best to merge the less intrusive alternative
#1 for 2.6.11, then update to alternative #2 early in 2.6.12 so it can receive
more testing?

Phil

     prev parent reply	other threads:[~2005-02-07 16:25 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-01-28 23:43 [PATCH] TCP window tracking over-window handling Phil Oester
2005-02-02  9:46 ` Jozsef Kadlecsik
2005-02-02 16:00   ` Phil Oester
2005-02-02 20:44     ` Jozsef Kadlecsik
2005-02-02 22:35       ` Phil Oester
2005-02-07 10:32       ` Jozsef Kadlecsik
2005-02-07 16:25         ` Phil Oester [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050207162553.GA8788@linuxace.com \
    --to=kernel@linuxace.com \
    --cc=kaber@trash.net \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.