From: John Heffner <johnwheffner-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Eric Dumazet <eric.dumazet-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: Eric B Munson <emunson-JqFfY2XvxFXQT0dZR+AlfA@public.gmane.org>,
Tom Herbert <tom-BjP2VixgY4xUbtYUoyoikg@public.gmane.org>,
"David S. Miller" <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
netdev <netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH net-next] tcp: provide SYN headers for passive connections
Date: Mon, 4 May 2015 23:07:07 -0400 [thread overview]
Message-ID: <CABrhC0mmH8LzD1GQo1ORWErdRM4-ZFhco+FZYvYoKHrUDckOFQ@mail.gmail.com> (raw)
In-Reply-To: <1430752330.3711.180.camel-XN9IlZ5yJG9HTL0Zs8A6p/gx64E7kk8eUsxypvmhUTTZJqsBc5GL+g@public.gmane.org>
On Mon, May 4, 2015 at 11:12 AM, Eric Dumazet <eric.dumazet-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> On Mon, 2015-05-04 at 10:41 -0400, John Heffner wrote:
>
>> Nice idea, seems handy. But a couple (somewhat related) questions:
>>
>> * Other than convenience, are there reasons not use an existing, more
>> general-purpose and portable mechanism like pcap? (Permissions, I
>> guess?)
>
> Very hard to synchronize when say you have 32 listeners sharing a single
> port (SO_REUSEPORT), and receive one million SYN per second (when my TCP
> listener scaling work is finished).
>
> libpcap here would be a serious bottleneck, even with a clever FANIN
> support on the af_packet sockets, considering use of multiqueue NIC.
>
>> * Are there conditions where, for security purposes, you don't want an
>> application to have access to the raw SYNs?
>
> Not that we are aware of : We restrict the access to IP + TCP headers,
> for the passive part. All information that is available there was
> provided by the remote peer on a 'open way' anyway.
Makes sense, thanks.
-John
next prev parent reply other threads:[~2015-05-05 3:07 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-01 17:43 [PATCH] Allow TCP connections to cache SYN packet for userspace inspection Eric B Munson
[not found] ` <1430502237-5619-1-git-send-email-emunson-JqFfY2XvxFXQT0dZR+AlfA@public.gmane.org>
2015-05-01 18:42 ` Eric Dumazet
[not found] ` <1430505777.3711.135.camel-XN9IlZ5yJG9HTL0Zs8A6p/gx64E7kk8eUsxypvmhUTTZJqsBc5GL+g@public.gmane.org>
2015-05-01 19:55 ` Tom Herbert
[not found] ` <CALx6S34ftz_wDoPwcJg_cMQu4QtnBJF-=d+gF5ieTA=d=r31-Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-01 20:14 ` Eric B Munson
[not found] ` <20150501201417.GB6113-JqFfY2XvxFXQT0dZR+AlfA@public.gmane.org>
2015-05-01 20:23 ` Eric Dumazet
[not found] ` <1430511800.3711.138.camel-XN9IlZ5yJG9HTL0Zs8A6p/gx64E7kk8eUsxypvmhUTTZJqsBc5GL+g@public.gmane.org>
2015-05-01 20:29 ` Eric B Munson
[not found] ` <20150501202908.GC6113-JqFfY2XvxFXQT0dZR+AlfA@public.gmane.org>
2015-05-01 20:41 ` Eric Dumazet
[not found] ` <1430512894.3711.140.camel-XN9IlZ5yJG9HTL0Zs8A6p/gx64E7kk8eUsxypvmhUTTZJqsBc5GL+g@public.gmane.org>
2015-05-04 4:34 ` [PATCH net-next] tcp: provide SYN headers for passive connections Eric Dumazet
[not found] ` <1430714086.3711.165.camel-XN9IlZ5yJG9HTL0Zs8A6p/gx64E7kk8eUsxypvmhUTTZJqsBc5GL+g@public.gmane.org>
2015-05-04 6:47 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkiUOkjsE96E1DN_zwJAjJGLWME7-XGnFDszic7p7C=g7g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-04 13:53 ` Eric Dumazet
2015-05-04 14:02 ` Neal Cardwell
2015-05-04 14:21 ` Eric B Munson
[not found] ` <20150504142155.GD6113-JqFfY2XvxFXQT0dZR+AlfA@public.gmane.org>
2015-05-04 14:31 ` Eric Dumazet
[not found] ` <1430749912.3711.173.camel-XN9IlZ5yJG9HTL0Zs8A6p/gx64E7kk8eUsxypvmhUTTZJqsBc5GL+g@public.gmane.org>
2015-05-04 14:36 ` Eric Dumazet
2015-05-04 14:41 ` John Heffner
[not found] ` <CABrhC0nmsfAyHgJX8zEBDBVfFN=2qXKy7cO0Kbp9R9UCeEYowg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-04 14:58 ` Eric B Munson
2015-05-04 15:12 ` Eric Dumazet
[not found] ` <1430752330.3711.180.camel-XN9IlZ5yJG9HTL0Zs8A6p/gx64E7kk8eUsxypvmhUTTZJqsBc5GL+g@public.gmane.org>
2015-05-05 3:07 ` John Heffner [this message]
2015-05-05 20:05 ` David Miller
[not found] ` <20150505.160535.1034497188259706110.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2015-05-05 21:02 ` Eric Dumazet
2015-05-01 19:27 ` [PATCH] Allow TCP connections to cache SYN packet for userspace inspection Andy Lutomirski
[not found] ` <CALCETrWi6h3DRu6Z8jJ_-MiWqRRyKZHntpJFNON=GpAjMDYXmQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-01 20:01 ` Eric B Munson
2015-05-01 20:28 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CABrhC0mmH8LzD1GQo1ORWErdRM4-ZFhco+FZYvYoKHrUDckOFQ@mail.gmail.com \
--to=johnwheffner-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=emunson-JqFfY2XvxFXQT0dZR+AlfA@public.gmane.org \
--cc=eric.dumazet-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=tom-BjP2VixgY4xUbtYUoyoikg@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).