From: Shaohua Li <shli@kernel.org>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: netdev@vger.kernel.org, davem@davemloft.net, Kernel-team@fb.com,
Florent Fourcot <flo@fourcot.fr>
Subject: Re: [RFC net 1/2] net: set skb hash for IP6 TCP reset packet
Date: Tue, 18 Jul 2017 11:59:05 -0700 [thread overview]
Message-ID: <20170718185905.d3erulmh3ns6ddfs@kernel.org> (raw)
In-Reply-To: <1500350577.5566.35.camel@edumazet-glaptop3.roam.corp.google.com>
On Mon, Jul 17, 2017 at 09:02:57PM -0700, Eric Dumazet wrote:
> On Mon, 2017-07-17 at 14:53 -0700, Shaohua Li wrote:
> > On Mon, Jul 17, 2017 at 01:51:51AM -0700, Eric Dumazet wrote:
> > > On Thu, 2017-07-13 at 10:56 -0700, Shaohua Li wrote:
> > > > From: Shaohua Li <shli@fb.com>
> > > >
> > > > Please see below tcpdump output:
> > >
> > > > The tcp reset packet has a different flowlabel, which causes our router
> > > > doesn't correctly close tcp connection.
> > >
> > > This looks a bug in your router, because (IPv6 only) flowlabel is not
> > > part of the tuple identifying a TCP flow.
> >
> > Actually it's for load balance between several routers.
>
> What happens then when flowlabel changes as I described ?
>
> See commit 3acf3ec3f4b0 ("tcp: Change txhash on every SYN and RTO
> retransmit")
Frankly I have no idea. People in the team do think this is a problem in some
corner cases. Didn't get any report yet though.
> > >
> > > > The reason is the normal packet
> > > > gets the skb->hash from sk->sk_txhash, which is generated randomly.
> > > > ip6_make_flowlabel then uses the hash to create a flowlabel. The reset
> > > > packet doesn't get assigned a hash, so the flowlabel is calculated with
> > > > flowi6.
> > > >
> > > > The solution is to save the hash value for timeout sock and use it for
> > > > reset packet.
> > >
> > > I am a bit unsure why we need to add yet another field in TCP timewait
> > > structure, since :
> > >
> > > 1) flowlabel can vary during a TCP flow lifetime.
> > > 2) flowlabel is different unde synflood (each syncookie gets a random
> > > flowlabel), and if 3rd packet comes back from the client to finish 3WHS,
> > > the flowlabel will again be different from the one that SYNACK used.
> >
> > Is it acceptable we reuse tw_flowlabel as Florent Fourcot suggested? It makes
> > no sense to change flowlabel for no reason.
>
> Sure, if you can find a way to keep storage as small as possible.
>
> Current size is dangerously approaching 256 bytes, so we might soon use
> one additional cache line (64 bytes)
Will send a new patch.
Thanks,
Shaohua
next prev parent reply other threads:[~2017-07-18 18:59 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-13 17:56 [RFC net 0/2] fix ipv6 tcp reset packet flowlabel issues Shaohua Li
2017-07-13 17:56 ` [RFC net 1/2] net: set skb hash for IP6 TCP reset packet Shaohua Li
2017-07-17 8:51 ` Eric Dumazet
2017-07-17 20:06 ` Florent Fourcot
2017-07-17 21:53 ` Shaohua Li
2017-07-18 4:02 ` Eric Dumazet
2017-07-18 18:59 ` Shaohua Li [this message]
2017-07-13 17:56 ` [RFC net 2/2] net: tcp_v6_send_reset should set flowlabel Shaohua Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170718185905.d3erulmh3ns6ddfs@kernel.org \
--to=shli@kernel.org \
--cc=Kernel-team@fb.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=flo@fourcot.fr \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.