Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp681920pxb; Fri, 16 Apr 2021 15:46:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx5vg07RBnbbAZXCNPVxna+KVAXLfwxrDB9v442jHpAG7sBD0x1xKMyrFmQuQ5S5KppAp3v X-Received: by 2002:aa7:8593:0:b029:259:c31b:945b with SMTP id w19-20020aa785930000b0290259c31b945bmr5355079pfn.27.1618613208004; Fri, 16 Apr 2021 15:46:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618613207; cv=none; d=google.com; s=arc-20160816; b=RKLOeVzYs/3H9F69eoJI6vqi2OCYlVPGAj3P2WEL0PZawG897sOoDigOfNCMHB5Jph dIlqEqWgouPXM5NULWXXN1buSM+nJsq6xvsMekAdI6VGcQEGCbDt3zgumP0BCNrshIPy 2ZfpWwj2FLsbLXIpvJ7W8WVrYXz56NOPuQf9QGmdsRH9Oz6HkRqpRyK5+H+/uqM/UDOy YSERp5CHRLvH7KPun8Mwq/zHlXpdRieTByvrPTK5g3d81gYxVYHl3E/94FQf2y3Hl9mS RpTFKO9uCRMuOWr/jR4kLzzrM/E8r8W/IzLQ2BKCC3Qg85NTJ+rUqG9ZWkPdSAKrf+X5 yZ2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=EAc+sFWHuHmrU5lTSO9F5779cW2Dcf8sjmB9+TjApkI=; b=YZ1stj4bffODn6mBTmpunh2rAYd387VUsXrfdtVL3sryF+sLmPsa43M1C6TLvEHDCN ynH7yYRI5uNHIaUxG6HYTaJx+aokDLfl1Mzc15qKQ+4hUgvOxoDfdiE/jxY+Kup+D36I eitgebSdUujI3WPNAg/iTEl/JRDv4+NJbWN1iQy07Ei/2zwAR/qAZ0aESB2PtGgfpISv C/zVPD2E2i/6WIJXDySbHaTnQD8c8HNDVqxSxtXec/bq10rhcNYGcz5LMISyb8DFeZ1h LDsFRzFT8X4Q9FEE3f90nLZmI/QjheEYVxuKgKfdfqOoOTKpuYpQqNieaWm+Q4GMVzVg hxQw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@bytedance-com.20150623.gappssmtp.com header.s=20150623 header.b=ijndgSH6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v11si8154268plp.409.2021.04.16.15.46.35; Fri, 16 Apr 2021 15:46:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@bytedance-com.20150623.gappssmtp.com header.s=20150623 header.b=ijndgSH6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232353AbhDPWqO (ORCPT + 99 others); Fri, 16 Apr 2021 18:46:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41004 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231296AbhDPWqN (ORCPT ); Fri, 16 Apr 2021 18:46:13 -0400 Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 68D88C061756 for ; Fri, 16 Apr 2021 15:45:48 -0700 (PDT) Received: by mail-ej1-x635.google.com with SMTP id sd23so35644263ejb.12 for ; Fri, 16 Apr 2021 15:45:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EAc+sFWHuHmrU5lTSO9F5779cW2Dcf8sjmB9+TjApkI=; b=ijndgSH6LCAaK+E6nFzlV7hVCrKvErhpEXwTSyZoqKwxUJOVrOmXFyisIgcC5pLUAs YGyQwoK+OW2BJeNTkQMAZ35X2laLc0fQt97WCjwgRAQM6C4LOaWulag+Vf3Pc4tUzrde +bxlFNIYIF5i2ctTelaglTz1wdCyMkhs9x4vqWLT0KQ96AY1OnKb5Gf8t3Fmo4nTAOPg m2gUtJViLQ8lUtpDdQzGjLdJl4gX1fbOEUHIVA/XpKZ4WhaBhSp4EpdASjQaYKmsnTgw FzRhKjjE0Ad7eNoqpufTgqJmIMa41KqS2xA08NfxGFnhU/NBBva5zZ2zBH1lCoLrY3R2 c+jA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EAc+sFWHuHmrU5lTSO9F5779cW2Dcf8sjmB9+TjApkI=; b=j+AR6RLPuqURuuPvOtrhlRMNwJSMnPJcdP6HsA4J9pOEmOkKSWJFeMScBrywvzF5qF SuPip0t22EFXA2pBem11Ql1KWRc/L5ScyT8JrvWtwgr2e64eUBrOCB2AobImPOE9NbPk F9QuMkwNcFoUMzpuetNmQ9Mvv9NN/zG0mrGQd/evMPytLnOkqA0IxfDtTSX7XHn96SLj zsuym2k/2yyodYbVkXGouV0RO+aBIERnzgAM99NfU2dniFkl62c0pR3Y3LMmrFMjHdY3 OgqiFTfZcEHgeWKvqMJNzEYBAjq/ahX0fjhnzegeDf/sPWdB0K0/ZySTF4MDbO4jhoyX GtGQ== X-Gm-Message-State: AOAM532idHvGu1j5EaM6HsNhIcLISs6Xfm8efCV8FKMps/nUL+dJXtrx S9xvaad81AWCspF86TA5q21AChUc7Kt1pZkk1D7QGYc24CFuTA== X-Received: by 2002:a17:907:2485:: with SMTP id zg5mr10487112ejb.43.1618613147071; Fri, 16 Apr 2021 15:45:47 -0700 (PDT) MIME-Version: 1.0 References: <20210416105142.38149-1-zhaoya.gaius@bytedance.com> In-Reply-To: From: =?UTF-8?B?6LW15Lqa?= Date: Sat, 17 Apr 2021 06:45:35 +0800 Message-ID: Subject: Re: [External] Re: [PATCH] tcp: fix silent loss when syncookie is trigered To: Eric Dumazet Cc: David Miller , Hideaki YOSHIFUJI , netdev , LKML , Florian Westphal Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 16, 2021 at 7:52 PM Eric Dumazet wrote: > > On Fri, Apr 16, 2021 at 12:52 PM zhaoya wrote: > > > > When syncookie is triggered, since $MSSID is spliced into cookie and > > the legal index of msstab is 0,1,2,3, this gives client 3 bytes > > of freedom, resulting in at most 3 bytes of silent loss. > > > > C ------------seq=12345-------------> S > > C <------seq=cookie/ack=12346-------- S S generated the cookie > > [RFC4987 Appendix A] > > C ---seq=123456/ack=cookie+1-->X S The first byte was loss. > > C -----seq=123457/ack=cookie+1------> S The second byte was received and > > cookie-check was still okay and > > handshake was finished. > > C <--------seq=.../ack=12348--------- S acknowledge the second byte. > > > I think this has been discussed in the past : > https://kognitio.com/blog/syn-cookies-ate-my-dog-breaking-tcp-on-linux/ > > If I remember well, this can not be fixed "easily" > > I suspect you are trading one minor issue with another (which is > considered more practical these days) > Have you tried what happens if the server receives an out-of-order > packet after the SYN & SYN-ACK ? > The answer is : RST packet is sent, killing the session. > > That is the reason why sseq is not part of the hash key. Yes, I've tested this scenario. More sessions do get reset. If a client got an RST, it knew the session failed, which was clear. However, if the client send a character and it was acknowledged, but the server did not receive it, this could cause confusion. > > In practice, secure connexions are using a setup phase where more than > 3 bytes are sent in the first packet. > We recommend using secure protocols over TCP. (prefer HTTPS over HTTP, > SSL over plaintext) Yes, i agree with you. But the basis of practice is principle. Syncookie breaks the semantics of TCP. > > Your change would severely impair servers under DDOS ability to really > establish flows. Would you tell me more details. > > Now, if your patch is protected by a sysctl so that admins can choose > the preferred behavior, then why not... The sysctl in the POC is just for triggering problems easily. So the question is, when syncookie is triggered, which is more important, the practice or the principle?