Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3ec21b65 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'tcp-fastopen-middlebox-fixes' 



Wei Wang says:

====================
net/tcp_fastopen: Fix for various TFO firewall issues

Currently there are still some firewall issues in the middlebox
which make the middlebox drop packets silently for TFO sockets.
This kind of issue is hard to be detected by the end client.

This patch series tries to detect such issues in the kernel and disable
TFO temporarily.
More details about the issues and the fixes are included in the following
patches.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents bc95cd8e 59450f8d

Documentation/networking/ip-sysctl.txt

+8 −0
Original line number Diff line number Diff line
@@ -602,6 +602,14 @@ tcp_fastopen - INTEGER 
	Note that that additional client or server features are only

	effective if the basic support (0x1 and 0x2) are enabled respectively.



tcp_fastopen_blackhole_timeout_sec - INTEGER

	Initial time period in second to disable Fastopen on active TCP sockets

	when a TFO firewall blackhole issue happens.

	This time period will grow exponentially when more blackhole issues

	get detected right after Fastopen is re-enabled and will reset to

	initial value when the blackhole issue goes away.

	By default, it is set to 1hr.



tcp_syn_retries - INTEGER

	Number of times initial SYNs for an active TCP connection attempt

	will be retransmitted. Should not be higher than 127. Default value

include/linux/tcp.h

+1 −0
Original line number Diff line number Diff line
@@ -233,6 +233,7 @@ struct tcp_sock { 
	u8	syn_data:1,	/* SYN includes data */

		syn_fastopen:1,	/* SYN includes Fast Open option */

		syn_fastopen_exp:1,/* SYN includes Fast Open exp. option */

		syn_fastopen_ch:1, /* Active TFO re-enabling probe */

		syn_data_acked:1,/* data in SYN is acked by SYN-ACK */

		save_syn:1,	/* Save headers of SYN packet */

		is_cwnd_limited:1;/* forward progress limited by snd_cwnd? */

include/net/tcp.h

+6 −0
Original line number Diff line number Diff line
@@ -1506,6 +1506,12 @@ struct tcp_fastopen_context { 
	struct rcu_head		rcu;

};



extern unsigned int sysctl_tcp_fastopen_blackhole_timeout;

void tcp_fastopen_active_disable(struct sock *sk);

bool tcp_fastopen_active_should_disable(struct sock *sk);

void tcp_fastopen_active_disable_ofo_check(struct sock *sk);

void tcp_fastopen_active_timeout_reset(void);



/* Latencies incurred by various limits for a sender. They are

 * chronograph-like stats that are mutually exclusive.

 */

include/uapi/linux/snmp.h

+1 −0
Original line number Diff line number Diff line
@@ -259,6 +259,7 @@ enum 
	LINUX_MIB_TCPFASTOPENPASSIVEFAIL,	/* TCPFastOpenPassiveFail */

	LINUX_MIB_TCPFASTOPENLISTENOVERFLOW,	/* TCPFastOpenListenOverflow */

	LINUX_MIB_TCPFASTOPENCOOKIEREQD,	/* TCPFastOpenCookieReqd */

	LINUX_MIB_TCPFASTOPENBLACKHOLE,		/* TCPFastOpenBlackholeDetect */

	LINUX_MIB_TCPSPURIOUS_RTX_HOSTQUEUES, /* TCPSpuriousRtxHostQueues */

	LINUX_MIB_BUSYPOLLRXPACKETS,		/* BusyPollRxPackets */

	LINUX_MIB_TCPAUTOCORKING,		/* TCPAutoCorking */

net/ipv4/proc.c

+1 −0
Original line number Diff line number Diff line
@@ -281,6 +281,7 @@ static const struct snmp_mib snmp4_net_list[] = { 
	SNMP_MIB_ITEM("TCPFastOpenPassiveFail", LINUX_MIB_TCPFASTOPENPASSIVEFAIL),

	SNMP_MIB_ITEM("TCPFastOpenListenOverflow", LINUX_MIB_TCPFASTOPENLISTENOVERFLOW),

	SNMP_MIB_ITEM("TCPFastOpenCookieReqd", LINUX_MIB_TCPFASTOPENCOOKIEREQD),

	SNMP_MIB_ITEM("TCPFastOpenBlackhole", LINUX_MIB_TCPFASTOPENBLACKHOLE),

	SNMP_MIB_ITEM("TCPSpuriousRtxHostQueues", LINUX_MIB_TCPSPURIOUS_RTX_HOSTQUEUES),

	SNMP_MIB_ITEM("BusyPollRxPackets", LINUX_MIB_BUSYPOLLRXPACKETS),

	SNMP_MIB_ITEM("TCPAutoCorking", LINUX_MIB_TCPAUTOCORKING),