From: Florian Westphal <fw@strlen.de>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Florian Westphal <fw@strlen.de>, netdev@vger.kernel.org
Subject: Re: [PATCH -next v2 1/2] syncookies: remove ecn_ok validation when decoding option timestamp
Date: Fri, 31 Oct 2014 15:15:03 +0100 [thread overview]
Message-ID: <20141031141503.GL10069@breakpoint.cc> (raw)
In-Reply-To: <1414764287.27538.1.camel@edumazet-glaptop2.roam.corp.google.com>
Eric Dumazet <eric.dumazet@gmail.com> wrote:
> On Fri, 2014-10-31 at 14:39 +0100, Florian Westphal wrote:
>
> > It would only get enabled if the echoed timestamp (ie the timestamp we
> > sent in the synack) indicates that ecn was enabled, i.e. the client or
> > a middlebox would have to munge/modify it to set the 'ecn on' bit in the
> > timestamp.
> >
> > If that is too fragile in your opinion I will respin the patch to include
> > the additional validation via dst. We already need to fetch the dst
> > object anyway to fetch certain route attributes not in the timestamp or
> > cookie, so its only a matter of reorganizing code first to avoid two lookups.
>
> Well, your changelog is so confusing, I have no idea what is your
> intent.
Sorry :-/
So if you have a per route ecn setting, and syncookies are used,
and tcp_ecn sysctl is 0:
1. we receive syn with ecn on and timestamps
2. we send cookie synack, with timestamp and ecn (route allowed it),
the lower bits of the timestamp have a "magic" bit set that allows
us to infer that ecn was negotiated successfully.
3. we drop the ack from the client, since timestamp decoding sees
"ecn is on according to timestamp, but the tcp_ecn sysctl is off".
So to fix this, step 3 either has to check the dst setting
in addition to the global sysctl, or to rely on the timestamp alone
that ecn was requested by the original client and allowed by our host
at the time synack timestamp was generated/sent.
I hope that explains the reason behind patch #1 up.
> I do not really understand why you need to change something.
Yes, unfortunately you're not the first person saying that my
changelogs are not precise enough sometimes, I hope to do
a better job next time around.
> Maybe this is because I have not yet took my coffee ;)
Oh, well, that could also explain it 8-)
next prev parent reply other threads:[~2014-10-31 14:15 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-31 12:13 [PATCH -next v2 0/2] net: allow setting ecn via routing table Florian Westphal
2014-10-31 12:13 ` [PATCH -next v2 1/2] syncookies: remove ecn_ok validation when decoding option timestamp Florian Westphal
2014-10-31 13:32 ` Eric Dumazet
2014-10-31 13:39 ` Florian Westphal
2014-10-31 14:04 ` Eric Dumazet
2014-10-31 14:15 ` Florian Westphal [this message]
2014-10-31 15:47 ` Eric Dumazet
2014-10-31 16:00 ` Florian Westphal
2014-10-31 12:13 ` [PATCH -next v2 2/2] net: allow setting ecn via routing table Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141031141503.GL10069@breakpoint.cc \
--to=fw@strlen.de \
--cc=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).