From: Eric Dumazet <eric.dumazet@gmail.com>
To: Marek Majkowski <marek@cloudflare.com>, netdev@vger.kernel.org
Subject: Re: TCP_USER_TIMEOUT, SYN-SENT and tcp_syn_retries
Date: Thu, 26 Sep 2019 09:46:20 -0700 [thread overview]
Message-ID: <61e4c437-cb1e-bcd6-b978-e5317d1e76c3@gmail.com> (raw)
In-Reply-To: <c682fe41-c5ee-83b9-4807-66fcf76388a4@gmail.com>
On 9/26/19 8:05 AM, Eric Dumazet wrote:
>
>
> On 9/25/19 1:46 AM, Marek Majkowski wrote:
>> Hello my favorite mailing list!
>>
>> Recently I've been looking into TCP_USER_TIMEOUT and noticed some
>> strange behaviour on fresh sockets in SYN-SENT state. Full writeup:
>> https://blog.cloudflare.com/when-tcp-sockets-refuse-to-die/
>>
>> Here's a reproducer. It does a simple thing: sets TCP_USER_TIMEOUT and
>> does connect() to a blackholed IP:
>>
>> $ wget https://gist.githubusercontent.com/majek/b4ad53c5795b226d62fad1fa4a87151a/raw/cbb928cb99cd6c5aa9f73ba2d3bc0aef22fbc2bf/user-timeout-and-syn.py
>>
>> $ sudo python3 user-timeout-and-syn.py
>> 00:00.000000 IP 192.1.1.1.52974 > 244.0.0.1.1234: Flags [S]
>> 00:01.007053 IP 192.1.1.1.52974 > 244.0.0.1.1234: Flags [S]
>> 00:03.023051 IP 192.1.1.1.52974 > 244.0.0.1.1234: Flags [S]
>> 00:05.007096 IP 192.1.1.1.52974 > 244.0.0.1.1234: Flags [S]
>> 00:05.015037 IP 192.1.1.1.52974 > 244.0.0.1.1234: Flags [S]
>> 00:05.023020 IP 192.1.1.1.52974 > 244.0.0.1.1234: Flags [S]
>> 00:05.034983 IP 192.1.1.1.52974 > 244.0.0.1.1234: Flags [S]
>>
>> The connect() times out with ETIMEDOUT after 5 seconds - as intended.
>> But Linux (5.3.0-rc3) does something weird on the network - it sends
>> remaining tcp_syn_retries packets aligned to the 5s mark.
>>
>> In other words: with TCP_USER_TIMEOUT we are sending spurious SYN
>> packets on a timeout.
>>
>> For the record, the man page doesn't define what TCP_USER_TIMEOUT does
>> on SYN-SENT state.
>>
>
> Exactly, so far this option has only be used on established flows.
>
> Feel free to send patches if you need to override the stack behavior
> for connection establishment (Same remark for passive side...)
Also please take a look at TCP_SYNCNT, which predates TCP_USER_TIMEOUT
next prev parent reply other threads:[~2019-09-26 16:46 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-25 8:46 TCP_USER_TIMEOUT, SYN-SENT and tcp_syn_retries Marek Majkowski
2019-09-26 15:05 ` Eric Dumazet
2019-09-26 16:46 ` Eric Dumazet [this message]
2019-09-26 16:57 ` Eric Dumazet
2019-09-26 18:03 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=61e4c437-cb1e-bcd6-b978-e5317d1e76c3@gmail.com \
--to=eric.dumazet@gmail.com \
--cc=marek@cloudflare.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.