Re: [aqm] ping loss "considered harmful"

Wes Felter <wmf@felter.org> Tue, 03 March 2015 05:54 UTC

Return-Path: <gnra-aqm@m.gmane.org>
X-Original-To: aqm@ietfa.amsl.com
Delivered-To: aqm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6C111A0149 for <aqm@ietfa.amsl.com>; Mon, 2 Mar 2015 21:54:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.612
X-Spam-Level:
X-Spam-Status: No, score=-2.612 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id otPqN8_pF3uz for <aqm@ietfa.amsl.com>; Mon, 2 Mar 2015 21:54:20 -0800 (PST)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BA3A1A0154 for <aqm@ietf.org>; Mon, 2 Mar 2015 21:54:19 -0800 (PST)
Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from <gnra-aqm@m.gmane.org>) id 1YSfma-00046h-U2 for aqm@ietf.org; Tue, 03 Mar 2015 06:54:17 +0100
Received: from cpe-68-203-19-116.austin.res.rr.com ([68.203.19.116]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <aqm@ietf.org>; Tue, 03 Mar 2015 06:54:16 +0100
Received: from wmf by cpe-68-203-19-116.austin.res.rr.com with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <aqm@ietf.org>; Tue, 03 Mar 2015 06:54:16 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: aqm@ietf.org
From: Wes Felter <wmf@felter.org>
Date: Mon, 02 Mar 2015 23:54:06 -0600
Lines: 18
Message-ID: <md3ia0$gof$1@ger.gmane.org>
References: <CAA93jw7KW=9PH002d3Via5ks6+mHScz5VDhpPVqLUGK2K=Mhew@mail.gmail.com> <md2fsa$o1s$1@ger.gmane.org> <E8355113905631478EFF04F5AA706E9830B5923E@wtl-exchp-2.sandvine.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: cpe-68-203-19-116.austin.res.rr.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
In-Reply-To: <E8355113905631478EFF04F5AA706E9830B5923E@wtl-exchp-2.sandvine.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/aqm/O5bdlprkSEUWBeoEOvMsVPKXbUk>
Cc: cerowrt-devel@lists.bufferbloat.net, bloat@lists.bufferbloat.net
Subject: Re: [aqm] ping loss "considered harmful"
X-BeenThere: aqm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for active queue management and flow isolation." <aqm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/aqm>, <mailto:aqm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/aqm/>
List-Post: <mailto:aqm@ietf.org>
List-Help: <mailto:aqm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/aqm>, <mailto:aqm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2015 05:54:21 -0000

On 3/2/15 2:33 PM, Dave Dolson wrote:
> Would you do that to TCP or UDP traffic?

No, so I see your point. If an ICMP scan was dropped an attacker could 
simply switch to another protocol.

> One may wish to rate-limit ICMP (or DNS or TCP) flows as a matter of network policy, but in my opinion this should be kept orthogonal to solving buffer bloat.

Keeping in mind the original context which was subnet scans, I agree. 
But is there a way to do this in Linux? I guess it would use conntrack 
rather than tc.

(As an aside, I got a chuckle from seeing someone from a DPI company 
advocate treating all protocols equally.)

-- 
Wes Felter