On Wed, Nov 18, 2015, at 16:46, Eric Dumazet wrote: > On Wed, 2015-11-18 at 16:36 +0100, Florian Westphal wrote: > > > Yes, but we kill the socket. > > > > I should have added > > > > 0.400 `ss -nito state time-wait` > > > > as last line... > > > > Before patch: no output > > after patch: tw socket shown. > > > > The on-wire behavior doesn't change unless further packets arrive. > > Old behaviour: more RST > > New behaviour: acks+tw timer restart > > Just add few more incoming packets to the packetdrill test then ? > > Also, is your customer really _not_ using TCP timestamps ?
Windows mostly does not use TCP timestamps. Also we have cases were security folks tell customers to turn off timestamps as they enable attackers to guess uptime. :( > This is kind of a requirement for port reuse anyway. > > Anyway, having a TIMEWAIT setup after sending a RST makes little sense > to me. > > When a RST packet is sent, the remote peer will forget everything about > this previous connection, and another connect() might reuse the tuple > and I do not think we should forbid this. Normal PAWS checks were > invented for a good reason. Still, the RST packet can be dropped along the way. So the teardown of the socket on the other side might not happen. Bye, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
