From: Eric Dumazet <eric.dumazet@gmail.com>
To: "Ilpo Järvinen" <ilpo.jarvinen@helsinki.fi>
Cc: Krzysztof Oledzki <ole@ans.pl>,
David Miller <davem@davemloft.net>,
Herbert Xu <herbert@gondor.apana.org.au>,
Linux Netdev List <netdev@vger.kernel.org>
Subject: Re: Problem with tcp (2.6.31) as first, http://bugzilla.kernel.org/show_bug.cgi?id=14580
Date: Fri, 27 Nov 2009 12:48:05 +0100 [thread overview]
Message-ID: <4B0FBC75.5060000@gmail.com> (raw)
In-Reply-To: <alpine.DEB.2.00.0911271246030.2459@melkinpaasi.cs.helsinki.fi>
Ilpo Järvinen a écrit :
> What would you expect to happen? If out-of-window stuff arrives we send
> dupacks. If we would send resets, that would introduce blind rst attacks.
> In theory we might be able to quench the loop by using pingpong thing but
> that needs very careful thought in order to not introduce other problems,
> and even then your connections will not be re-usable until either end
> times out so the gain is rather limited. We simply cannot rst the
> connection, that's not an option.
>
> I find this problem simply stem from the introduced loss of end-to-end
> connectivity. Would you really "lose" that server so that its TCP state is
> not maintained, you'd get resets etc (crash, scheduled reboot or
> whatever). Only real solution would be a kill switch for TCP connection
> when you break e-2-e connectivity (ie., switch servers so that the same IP
> is reacquired by somebody else). In theory you can "simulate" the kill
> switch by setting tcp_retries sysctls to small values to make the
> connections to timeout much faster, but still that might not be enough for
> you (and has other implications you might not like).
>
RST is not an option, sure, but ACK storms are unlikely good things too.
Could'nt we do something smart in presence of tcp timestamps ?
11:23:27.669910 IP 192.168.20.110.3434 > 192.168.200.200.333: . ack 2457299512 win 92 <nop,nop,timestamp 42408589 1506086404>
11:23:27.669991 IP 192.168.200.200.333 > 192.168.20.110.3434: . ack 11687 win 91 <nop,nop,timestamp 1704614538 42406583>
11:23:27.670000 IP 192.168.20.110.3434 > 192.168.200.200.333: . ack 2457299512 win 92 <nop,nop,timestamp 42408589 1506086404>
11:23:27.670093 IP 192.168.200.200.333 > 192.168.20.110.3434: . ack 11687 win 91 <nop,nop,timestamp 1704614538 42406583>
11:23:27.670099 IP 192.168.20.110.3434 > 192.168.200.200.333: . ack 2457299512 win 92 <nop,nop,timestamp 42408589 1506086404>
11:23:27.670175 IP 192.168.200.200.333 > 192.168.20.110.3434: . ack 11687 win 91 <nop,nop,timestamp 1704614538 42406583>
11:23:27.670183 IP 192.168.20.110.3434 > 192.168.200.200.333: . ack 2457299512 win 92 <nop,nop,timestamp 42408589 1506086404>
11:23:27.670268 IP 192.168.200.200.333 > 192.168.20.110.3434: . ack 11687 win 91 <nop,nop,timestamp 1704614538 42406583>
11:23:27.670276 IP 192.168.20.110.3434 > 192.168.200.200.333: . ack 2457299512 win 92 <nop,nop,timestamp 42408589 1506086404>
11:23:27.670359 IP 192.168.200.200.333 > 192.168.20.110.3434: . ack 11687 win 91 <nop,nop,timestamp 1704614538 42406583>
11:23:27.670368 IP 192.168.20.110.3434 > 192.168.200.200.333: . ack 2457299512 win 92 <nop,nop,timestamp 42408589 1506086404>
Or we could
Count number N of strange/bad acks we received from peer.
- At first one, send our ACK immediately
- For following, delay our ACK answer by N*100 ms, to reduce the flood.
(or if we have data in flight, only rely on retransmit timer and not sending acks)
next prev parent reply other threads:[~2009-11-27 11:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <alpine.LNX.1.10.0911251626500.13662@bizon.gios.gov.pl>
[not found] ` <4B0D83E8.3000009@gmail.com>
[not found] ` <4B0D86BD.4010902@ans.pl>
[not found] ` <4B0D8EC6.9050204@gmail.com>
[not found] ` <4B0D8FB2.1060606@ans.pl>
[not found] ` <4B0E1D1C.30000@gmail.com>
[not found] ` <4B0E6D50.1020906@ans.pl>
[not found] ` <4B0EAC4F.3080202@gmail.com>
[not found] ` <alpine.LNX.1.10.0911261749100.16993@bizon.gios.gov.pl>
[not found] ` <4B0EE958.7090607@gmail.com>
[not found] ` <4B0EECE5.5050406@ans.pl>
[not found] ` <4B0EEF76.1070803@gmail.com>
[not found] ` <4B0EF273.4030003@gmail.com>
[not found] ` <alpine.DEB.2.00.0911262327130.24189@melkinpaasi.cs.helsinki.fi>
[not found] ` <4B0F0466.8080006@gmail.com>
[not found] ` <alpine.LNX.1.10.0911271013330.24080@bizon.gios.gov.pl>
[not found] ` <alpine.DEB.2.00.0911271246030.2459@melkinpaasi.cs.helsinki.fi>
2009-11-27 11:43 ` Problem with tcp (2.6.31) as first, http://bugzilla.kernel.org/show_bug.cgi?id=14580 Krzysztof Olędzki
2009-11-27 11:48 ` Eric Dumazet [this message]
[not found] ` <20091129.233447.60856273.davem@davemloft.net>
2009-11-30 9:12 ` Problem with tcp (2.6.31) as first Eric Dumazet
2009-11-30 20:56 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B0FBC75.5060000@gmail.com \
--to=eric.dumazet@gmail.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=ilpo.jarvinen@helsinki.fi \
--cc=netdev@vger.kernel.org \
--cc=ole@ans.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.