From: Steffen Klassert <steffen.klassert@secunet.com>
To: David Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Subject: Re: [PATCH RFC 0/2] xfrm: Remove ancient sleeping code
Date: Tue, 15 Oct 2013 09:30:20 +0200 [thread overview]
Message-ID: <20131015073020.GV7660@secunet.com> (raw)
In-Reply-To: <20131011.150124.527914076255487526.davem@davemloft.net>
On Fri, Oct 11, 2013 at 03:01:24PM -0400, David Miller wrote:
> From: Steffen Klassert <steffen.klassert@secunet.com>
> Date: Thu, 10 Oct 2013 08:33:01 +0200
>
> > The two RFC patches to remove the sleeping code are in reply to this
> > mail. I'd add this to the ipsec-next tree if there are no objections.
>
> The sleep path has the slight benefit that the TCP retransmit timers
> for the initial SYN packet will not be started until the IPSEC rule
> is resolved and the SYN actually goes out.
Yes, that's a slight advantage of the sleeping. But if the IPsec state
does not get resolved for whatever reason, the retransmit timer will
never start. The task will wake up but goes back to sleep immediately
because the needed state is not resolved.
>
> With the packet queue, if the IPSEC resolution is slow then we'll have
> spurious SYN retransmits.
>
> It makes no sense for TCP to keep queueing up SYNs if they will just
> all get stuck in the packet queue. The first one is enough.
Right, that's why I've limited the queue to 100 packets. We can
queue the SYNs of up to 100 tcp connestions that want to use
this IPsec state. It surely can happen that we queue multiple
retransmitted SYNs if the IPsec resolution is slow. But the
queueing code tries at least to get the packets out before
the first tcp retransmit. I think there is still room for
optimizations, maybe reducing the queue lenght or the queue
timeout to avoid queueing retransmitted SYNs as much as possible.
>
> On the other hand we do want TCP to timeout, we do want the user to
> be able to "Ctrl-C" (ie. send a SIGINT) during a connect, etc.
As mentioned above, tcp does not timeout if the state is not
getting resolved and the task that tried to open the tcp
conection hangs indefinitely.
We could fiddle something to get a terminating condition if the
state is not resolved after some time, but my plan was to disable
the larval_drop sysctl by default some day again. At best without
any notable change to userspace. That's why I would prefer to
remove the sleeping entirely.
next prev parent reply other threads:[~2013-10-15 7:30 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-10 6:33 [PATCH RFC 0/2] xfrm: Remove ancient sleeping code Steffen Klassert
2013-10-10 6:33 ` [PATCH RFC 1/2] xfrm: Remove ancient sleeping when the SA is in acquire state Steffen Klassert
2013-10-10 6:34 ` [PATCH RFC 2/2] net: Remove FLOWI_FLAG_CAN_SLEEP Steffen Klassert
2013-10-10 7:02 ` [PATCH RFC 0/2] xfrm: Remove ancient sleeping code Fan Du
2013-10-10 8:57 ` Steffen Klassert
2013-10-11 7:18 ` Fan Du
2013-10-11 9:21 ` Steffen Klassert
2013-10-11 19:01 ` David Miller
2013-10-15 7:30 ` Steffen Klassert [this message]
2013-10-15 23:14 ` David Miller
2013-10-15 23:58 ` Eric Dumazet
2013-10-16 9:45 ` Steffen Klassert
2013-10-16 11:42 ` [PATCH RFC] xfrm: Don't queue retransmitted packets if the original is still on the host Steffen Klassert
2013-10-18 20:19 ` David Miller
2013-10-18 20:23 ` Eric Dumazet
2013-10-18 20:34 ` David Miller
2013-10-21 14:51 ` Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131015073020.GV7660@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).