From: Phil Oester <kernel@linuxace.com>
To: netfilter-devel@lists.netfilter.org
Subject: [PATCH] TCP window tracking retransmission handling
Date: Mon, 24 Jan 2005 22:07:05 -0800 [thread overview]
Message-ID: <20050125060705.GA32479@linuxace.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1084 bytes --]
Under certain circumstances (high latency WAN links for instance), ack
packets get stacked up and arrive in bulk. The current TCP window
tracking code interprets these numerous acks as retransmits, and
if there are >= 3 retransmits sequentially, it resets the timeout on
a conntrack to 5 minutes.
This is trivially reproducible on a high latency link by an 'ls -lR'
on a large-ish tree. In my test case, 8 ack packets arrived sequentially
at the end of the listing. While the seq numbers on those packets
were indeed identical (which the current code tests for), they were acking
unique packets, and thus clearly do not qualify as retransmissions.
The problem lies in the fact that the code currently only examines
the seq number of the arriving packet, but does not also look at the
seq number being acked. The patch below adds this additional check.
Unfortunately, it adds another int32 to ip_ct_tcp, but I could think
of no other fool-proof way of fixing it (short of ripping out the
retransmission test altogether).
Phil
Signed-off-by: Phil Oester <kernel@linuxace.com>
[-- Attachment #2: patch-ack --]
[-- Type: text/plain, Size: 1305 bytes --]
diff -ru linux-orig/include/linux/netfilter_ipv4/ip_conntrack_tcp.h linux-new/include/linux/netfilter_ipv4/ip_conntrack_tcp.h
--- linux-orig/include/linux/netfilter_ipv4/ip_conntrack_tcp.h 2004-12-24 16:34:31.000000000 -0500
+++ linux-new/include/linux/netfilter_ipv4/ip_conntrack_tcp.h 2005-01-25 00:31:46.772442512 -0500
@@ -41,6 +41,7 @@
u_int8_t retrans; /* Number of retransmitted packets */
u_int8_t last_index; /* Index of the last packet */
u_int32_t last_seq; /* Last sequence number seen in dir */
+ u_int32_t last_ack; /* Last sequence number seen in opposite dir */
u_int32_t last_end; /* Last seq + len */
};
diff -ru linux-orig/net/ipv4/netfilter/ip_conntrack_proto_tcp.c linux-new/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
--- linux-orig/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-01-25 00:46:13.192726608 -0500
+++ linux-new/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-01-25 00:43:35.340723760 -0500
@@ -665,11 +665,13 @@
if (*index == TCP_ACK_SET) {
if (state->last_dir == dir
&& state->last_seq == seq
+ && state->last_ack == ack
&& state->last_end == end)
state->retrans++;
else {
state->last_dir = dir;
state->last_seq = seq;
+ state->last_ack = ack;
state->last_end = end;
state->retrans = 0;
}
next reply other threads:[~2005-01-25 6:07 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-25 6:07 Phil Oester [this message]
2005-01-25 8:33 ` [PATCH] TCP window tracking retransmission handling Jozsef Kadlecsik
2005-01-25 9:47 ` Martin Josefsson
2005-01-25 10:09 ` Jozsef Kadlecsik
2005-01-27 3:06 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050125060705.GA32479@linuxace.com \
--to=kernel@linuxace.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.