From: David Miller <davem@davemloft.net>
To: steffen.klassert@secunet.com
Cc: netdev@vger.kernel.org
Subject: Re: slow tcp connect when using IPsec
Date: Fri, 25 Mar 2011 01:27:49 -0700 (PDT) [thread overview]
Message-ID: <20110325.012749.235670347.davem@davemloft.net> (raw)
In-Reply-To: <20110325064116.GE1290@secunet.com>
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Fri, 25 Mar 2011 07:41:16 +0100
> commit 5e2b61f78411be25f0b84f97d5b5d312f184dfd1
> Author: David S. Miller <davem@davemloft.net>
> Date: Fri Mar 4 21:47:09 2011 -0800
>
> ipv4: Remove flowi from struct rtable.
>
> Some time and a lot of trace_printks later I found that we set up
> the flow informations without source _and_ destination address in
> ip_route_newports(). That is because we take the address informations
> from the the rt_key_src and rt_key_dst fields of the rtable here
> and they appear to be empty. If I restore the behaviour before the bisected
> commit by taking the address informations from rt_src and rt_dst the issue
> is gone.
Indeed, it is wrong to use the key values, since they can be
wildcards. Thanks for tracking this down.
> So now I know why it did not behave as expected, but unfortunately I
> still don't know why it magically started to work after 20
> seconds...
After some time, TCP will mark routing path as having trouble, then it
will relookup the route. At this point source and dest will no longer
be wildcarded in the socket, and thus neither will be the resulting
route keys in the relooked-up route.
Look for the dst_negative_advice() paths to see where this happens.
next prev parent reply other threads:[~2011-03-25 8:27 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-25 6:41 slow tcp connect when using IPsec Steffen Klassert
2011-03-25 6:42 ` [PATCH] route: Take the right src and dst addresses in ip_route_newports Steffen Klassert
2011-03-25 8:29 ` David Miller
2011-03-25 8:27 ` David Miller [this message]
2011-03-25 8:58 ` slow tcp connect when using IPsec Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110325.012749.235670347.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).