From: Florian Westphal <fw@strlen.de>
To: David Miller <davem@davemloft.net>
Cc: soheil.kdev@gmail.com, netdev@vger.kernel.org, soheil@google.com,
edumazet@google.com, ncardwell@google.com, ycheng@google.com,
lvml@5t9.de, fw@strlen.de
Subject: Re: [PATCH net-next 1/2] tcp: remove per-destination timestamp cache
Date: Wed, 15 Mar 2017 23:57:26 +0100 [thread overview]
Message-ID: <20170315225726.GA28498@breakpoint.cc> (raw)
In-Reply-To: <20170315.154044.170788541865531834.davem@davemloft.net>
David Miller <davem@davemloft.net> wrote:
> From: Soheil Hassas Yeganeh <soheil.kdev@gmail.com>
> Date: Wed, 15 Mar 2017 16:30:45 -0400
>
> > Note that this cache was already broken for caching timestamps of
> > multiple machines behind a NAT sharing the same address.
>
> That's the documented, well established, limitation of time-wait
> recycling.
Sigh.
"don't enable this if you connect your machine to the internet".
We're not in the 1990s anymore. Even I am behind ipv4 CG-NAT nowadays.
So I disagree and would remove this thing.
> This limitation of the feature does not give us a reason to break the
> feature even further as a matter of convenience, or to remove it
> altogether for the same reason.
>
> Please, instead, fix the bug that was introduced.
AFAIU we only have two alternatives, removal of the randomization feature
or switch to a offset computed via hash(saddr, daddr, secret).
Unless there are more comments I'll look into doing the latter tomorrow.
next prev parent reply other threads:[~2017-03-15 22:57 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-15 20:30 [PATCH net-next 1/2] tcp: remove per-destination timestamp cache Soheil Hassas Yeganeh
2017-03-15 20:30 ` [PATCH net-next 2/2] tcp: remove tcp_tw_recycle Soheil Hassas Yeganeh
2017-03-15 22:40 ` [PATCH net-next 1/2] tcp: remove per-destination timestamp cache David Miller
2017-03-15 22:55 ` Willy Tarreau
2017-03-16 11:31 ` Lutz Vieweg
2017-03-16 15:40 ` Neal Cardwell
2017-03-16 16:05 ` Willy Tarreau
2017-03-16 17:30 ` Lutz Vieweg
2017-03-15 22:57 ` Florian Westphal [this message]
2017-03-15 23:45 ` David Miller
2017-03-15 22:59 ` Eric Dumazet
2017-03-15 23:45 ` David Miller
2017-03-16 0:06 ` Eric Dumazet
2017-03-19 7:53 ` Alexander Alemayhu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170315225726.GA28498@breakpoint.cc \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=lvml@5t9.de \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=soheil.kdev@gmail.com \
--cc=soheil@google.com \
--cc=ycheng@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.