From: Willy Tarreau <w@1wt.eu>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Klavs Klavsen <kl@vsen.dk>, netdev@vger.kernel.org
Subject: Re: TCP fast retransmit issues
Date: Wed, 26 Jul 2017 16:50:59 +0200 [thread overview]
Message-ID: <20170726145059.GE1737@1wt.eu> (raw)
In-Reply-To: <1501079532.12695.17.camel@edumazet-glaptop3.roam.corp.google.com>
On Wed, Jul 26, 2017 at 07:32:12AM -0700, Eric Dumazet wrote:
> On Wed, 2017-07-26 at 15:42 +0200, Willy Tarreau wrote:
> > On Wed, Jul 26, 2017 at 06:31:21AM -0700, Eric Dumazet wrote:
> > > On Wed, 2017-07-26 at 14:18 +0200, Klavs Klavsen wrote:
> > > > the 192.168.32.44 is a Centos 7 box.
> > >
> > > Could you grab a capture on this box, to see if the bogus packets are
> > > sent by it, or later mangled by a middle box ?
> >
> > Given the huge difference between the window and the ranges of the
> > values in the SACK field, I'm pretty sure there's a firewall doing
> > some sequence numbers randomization in the middle, not aware of SACK
> > and not converting these ones. I've had to disable such broken
> > features more than once in field after similar observations! Probably
> > that the Mac doesn't advertise SACK support and doesn't experience the
> > problem.
>
> We need to check RFC if such invalid SACK blocks should be ignored (DUP
> ACK would be processed and trigger fast retransmit anyway), or strongly
> validated (as I suspect we currently do), leading to a total freeze.
RFC2883 #4.3 talks about interaction with PAWS and only suggests that
since the sequence numbers can wrap the sender should be aware that a
reported segment can in fact relate to a value within the prior seq
number space before cycling, but that they don't expect any side effect.
So that more or less means to me "you should consider that some of these
segments might be old, meaningless and should be ignored". But as you
can see the recommendation lacks a bit of strength given that no issue
was expected in such a situation.
Willy
next prev parent reply other threads:[~2017-07-26 14:51 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-26 11:07 TCP fast retransmit issues Klavs Klavsen
2017-07-26 11:49 ` Eric Dumazet
2017-07-26 12:18 ` Klavs Klavsen
2017-07-26 13:31 ` Eric Dumazet
2017-07-26 13:42 ` Willy Tarreau
2017-07-26 14:32 ` Eric Dumazet
2017-07-26 14:50 ` Willy Tarreau [this message]
2017-07-26 16:43 ` Neal Cardwell
2017-07-26 17:06 ` Neal Cardwell
2017-07-26 18:38 ` Neal Cardwell
2017-07-26 19:02 ` Neal Cardwell
2017-07-28 22:54 ` Neal Cardwell
2017-08-01 3:17 ` Neal Cardwell
2017-07-28 6:53 ` Christoph Paasch
2017-07-26 14:08 ` Klavs Klavsen
2017-07-26 14:18 ` Willy Tarreau
2017-07-26 14:25 ` Klavs Klavsen
2017-07-26 14:38 ` Willy Tarreau
2017-07-28 6:36 ` Klavs Klavsen
2017-07-28 7:27 ` Willy Tarreau
2017-08-17 13:20 ` Jeremy Harris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170726145059.GE1737@1wt.eu \
--to=w@1wt.eu \
--cc=eric.dumazet@gmail.com \
--cc=kl@vsen.dk \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.