slow tcp connect when using IPsec

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steffen Klassert <steffen.klassert@secunet.com>
To: David Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Subject: slow tcp connect when using IPsec
Date: Fri, 25 Mar 2011 07:41:16 +0100	[thread overview]
Message-ID: <20110325064116.GE1290@secunet.com> (raw)

I'm fighting with a strange behaviour since a some days.
When I try to send tcp data over an IPsec tunnel, the tcp connect hangs
for about 20 seconds before it finally sends out the SYN packet.
This happens just on tcp with IPsec. When I bind the connection to
a specific local port, everything works fine. After some time of 
unsuccessful debugging, I bisected this issue down to

commit 5e2b61f78411be25f0b84f97d5b5d312f184dfd1
Author: David S. Miller <davem@davemloft.net>
Date:   Fri Mar 4 21:47:09 2011 -0800

    ipv4: Remove flowi from struct rtable.

Some time and a lot of trace_printks later I found that we set up
the flow informations without source _and_ destination address in
ip_route_newports(). That is because we take the address informations
from the the rt_key_src and rt_key_dst fields of the rtable here
and they appear to be empty. If I restore the behaviour before the bisected
commit by taking the address informations from rt_src and rt_dst the issue
is gone. So now I know why it did not behave as expected, but unfortunately
I still don't know why it magically started to work after 20 seconds...

I'll send the patch that fixed the issue in replay to this mail.

Steffen

next             reply	other threads:[~2011-03-25  6:41 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-03-25  6:41 Steffen Klassert [this message]
2011-03-25  6:42 ` [PATCH] route: Take the right src and dst addresses in ip_route_newports Steffen Klassert
2011-03-25  8:29   ` David Miller
2011-03-25  8:27 ` slow tcp connect when using IPsec David Miller
2011-03-25  8:58   ` Steffen Klassert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110325064116.GE1290@secunet.com \
    --to=steffen.klassert@secunet.com \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.