* [PATCH] net: sctp: Potentially-Failed state should not be reached from unconfirmed state
@ 2014-02-20 13:13 Matija Glavinic Pecotic
2014-02-20 17:58 ` Vlad Yasevich
2014-02-20 18:25 ` David Miller
0 siblings, 2 replies; 3+ messages in thread
From: Matija Glavinic Pecotic @ 2014-02-20 13:13 UTC (permalink / raw)
To: linux-sctp@vger.kernel.org; +Cc: netdev@vger.kernel.org
In current implementation it is possible to reach PF state from unconfirmed.
We can interpret sctp-failover-02 in a way that PF state is meant to be reached
only from active state, in the end, this is when entering PF state makes sense.
Here are few quotes from sctp-failover-02, but regardless of these, same
understanding can be reached from whole section 5:
Section 5.1, quickfailover guide:
"The PF state is an intermediate state between Active and Failed states."
"Each time the T3-rtx timer expires on an active or idle
destination, the error counter of that destination address will
be incremented. When the value in the error counter exceeds
PFMR, the endpoint should mark the destination transport address as PF."
There are several concrete reasons for such interpretation. For start, rfc4960
does not take into concern quickfailover algorithm. Therefore, quickfailover
must comply to 4960. Point where this compliance can be argued is following
behavior:
When PF is entered, association overall error counter is incremented for each
missed HB. This is contradictory to rfc4960, as address, while in unconfirmed
state, is subjected to probing, and while it is probed, it should not increment
association overall error counter. This has as a consequence that we might end
up in situation in which we drop association due path failure on unconfirmed
address, in case we have wrong configuration in a way:
Association.Max.Retrans == Path.Max.Retrans.
Another reason is that entering PF from unconfirmed will cause a loss of address
confirmed event when address is once (if) confirmed. This is fine from failover
guide point of view, but it is not consistent with behavior preceding failover
implementation and recommendation from 4960:
5.4. Path Verification
Whenever a path is confirmed, an indication MAY be given to the upper
layer.
Signed-off-by: Matija Glavinic Pecotic <matija.glavinic-pecotic.ext@nsn.com>
--- net-next.orig/net/sctp/sm_sideeffect.c
+++ net-next/net/sctp/sm_sideeffect.c
@@ -495,11 +495,12 @@ static void sctp_do_8_2_transport_strike
}
/* If the transport error count is greater than the pf_retrans
- * threshold, and less than pathmaxrtx, then mark this transport
- * as Partially Failed, ee SCTP Quick Failover Draft, secon 5.1,
- * point 1
+ * threshold, and less than pathmaxrtx, and if the current state
+ * is not SCTP_UNCONFIRMED, then mark this transport as Partially
+ * Failed, see SCTP Quick Failover Draft, section 5.1
*/
if ((transport->state != SCTP_PF) &&
+ (transport->state != SCTP_UNCONFIRMED) &&
(asoc->pf_retrans < transport->pathmaxrxt) &&
(transport->error_count > asoc->pf_retrans)) {
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] net: sctp: Potentially-Failed state should not be reached from unconfirmed state
2014-02-20 13:13 [PATCH] net: sctp: Potentially-Failed state should not be reached from unconfirmed state Matija Glavinic Pecotic
@ 2014-02-20 17:58 ` Vlad Yasevich
2014-02-20 18:25 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: Vlad Yasevich @ 2014-02-20 17:58 UTC (permalink / raw)
To: Matija Glavinic Pecotic, linux-sctp@vger.kernel.org
Cc: netdev@vger.kernel.org
On 02/20/2014 08:13 AM, Matija Glavinic Pecotic wrote:
> In current implementation it is possible to reach PF state from unconfirmed.
> We can interpret sctp-failover-02 in a way that PF state is meant to be reached
> only from active state, in the end, this is when entering PF state makes sense.
> Here are few quotes from sctp-failover-02, but regardless of these, same
> understanding can be reached from whole section 5:
>
> Section 5.1, quickfailover guide:
> "The PF state is an intermediate state between Active and Failed states."
>
> "Each time the T3-rtx timer expires on an active or idle
> destination, the error counter of that destination address will
> be incremented. When the value in the error counter exceeds
> PFMR, the endpoint should mark the destination transport address as PF."
>
> There are several concrete reasons for such interpretation. For start, rfc4960
> does not take into concern quickfailover algorithm. Therefore, quickfailover
> must comply to 4960. Point where this compliance can be argued is following
> behavior:
> When PF is entered, association overall error counter is incremented for each
> missed HB. This is contradictory to rfc4960, as address, while in unconfirmed
> state, is subjected to probing, and while it is probed, it should not increment
> association overall error counter. This has as a consequence that we might end
> up in situation in which we drop association due path failure on unconfirmed
> address, in case we have wrong configuration in a way:
> Association.Max.Retrans == Path.Max.Retrans.
>
> Another reason is that entering PF from unconfirmed will cause a loss of address
> confirmed event when address is once (if) confirmed. This is fine from failover
> guide point of view, but it is not consistent with behavior preceding failover
> implementation and recommendation from 4960:
>
> 5.4. Path Verification
> Whenever a path is confirmed, an indication MAY be given to the upper
> layer.
>
> Signed-off-by: Matija Glavinic Pecotic <matija.glavinic-pecotic.ext@nsn.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Thanks
-vlad
>
> --- net-next.orig/net/sctp/sm_sideeffect.c
> +++ net-next/net/sctp/sm_sideeffect.c
> @@ -495,11 +495,12 @@ static void sctp_do_8_2_transport_strike
> }
>
> /* If the transport error count is greater than the pf_retrans
> - * threshold, and less than pathmaxrtx, then mark this transport
> - * as Partially Failed, ee SCTP Quick Failover Draft, secon 5.1,
> - * point 1
> + * threshold, and less than pathmaxrtx, and if the current state
> + * is not SCTP_UNCONFIRMED, then mark this transport as Partially
> + * Failed, see SCTP Quick Failover Draft, section 5.1
> */
> if ((transport->state != SCTP_PF) &&
> + (transport->state != SCTP_UNCONFIRMED) &&
> (asoc->pf_retrans < transport->pathmaxrxt) &&
> (transport->error_count > asoc->pf_retrans)) {
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] net: sctp: Potentially-Failed state should not be reached from unconfirmed state
2014-02-20 13:13 [PATCH] net: sctp: Potentially-Failed state should not be reached from unconfirmed state Matija Glavinic Pecotic
2014-02-20 17:58 ` Vlad Yasevich
@ 2014-02-20 18:25 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2014-02-20 18:25 UTC (permalink / raw)
To: matija.glavinic-pecotic.ext; +Cc: linux-sctp, netdev
From: Matija Glavinic Pecotic <matija.glavinic-pecotic.ext@nsn.com>
Date: Thu, 20 Feb 2014 14:13:04 +0100
> In current implementation it is possible to reach PF state from unconfirmed.
> We can interpret sctp-failover-02 in a way that PF state is meant to be reached
> only from active state, in the end, this is when entering PF state makes sense.
> Here are few quotes from sctp-failover-02, but regardless of these, same
> understanding can be reached from whole section 5:
>
> Section 5.1, quickfailover guide:
> "The PF state is an intermediate state between Active and Failed states."
>
> "Each time the T3-rtx timer expires on an active or idle
> destination, the error counter of that destination address will
> be incremented. When the value in the error counter exceeds
> PFMR, the endpoint should mark the destination transport address as PF."
>
> There are several concrete reasons for such interpretation. For start, rfc4960
> does not take into concern quickfailover algorithm. Therefore, quickfailover
> must comply to 4960. Point where this compliance can be argued is following
> behavior:
> When PF is entered, association overall error counter is incremented for each
> missed HB. This is contradictory to rfc4960, as address, while in unconfirmed
> state, is subjected to probing, and while it is probed, it should not increment
> association overall error counter. This has as a consequence that we might end
> up in situation in which we drop association due path failure on unconfirmed
> address, in case we have wrong configuration in a way:
> Association.Max.Retrans == Path.Max.Retrans.
>
> Another reason is that entering PF from unconfirmed will cause a loss of address
> confirmed event when address is once (if) confirmed. This is fine from failover
> guide point of view, but it is not consistent with behavior preceding failover
> implementation and recommendation from 4960:
>
> 5.4. Path Verification
> Whenever a path is confirmed, an indication MAY be given to the upper
> layer.
>
> Signed-off-by: Matija Glavinic Pecotic <matija.glavinic-pecotic.ext@nsn.com>
Applied, thank you.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-02-20 18:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-20 13:13 [PATCH] net: sctp: Potentially-Failed state should not be reached from unconfirmed state Matija Glavinic Pecotic
2014-02-20 17:58 ` Vlad Yasevich
2014-02-20 18:25 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).