From: Wei Wang <weiwan@google.com>
To: netdev@vger.kernel.org, David Miller <davem@davemloft.net>
Cc: Yuchung Cheng <ycheng@google.com>,
Eric Dumazet <edumazet@google.com>, Wei Wang <weiwan@google.com>
Subject: [PATCH net-next 3/3] net/tcp_fastopen: Remove mss check in tcp_write_timeout()
Date: Thu, 20 Apr 2017 14:45:48 -0700 [thread overview]
Message-ID: <20170420214548.23666-4-tracywwnj@gmail.com> (raw)
In-Reply-To: <20170420214548.23666-3-tracywwnj@gmail.com>
From: Wei Wang <weiwan@google.com>
Christoph Paasch from Apple found another firewall issue for TFO:
After successful 3WHS using TFO, server and client starts to exchange
data. Afterwards, a 10s idle time occurs on this connection. After that,
firewall starts to drop every packet on this connection.
The fix for this issue is to extend existing firewall blackhole detection
logic in tcp_write_timeout() by removing the mss check.
Signed-off-by: Wei Wang <weiwan@google.com>
---
net/ipv4/tcp_timer.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index b2ab411c6d37..14672543cf0b 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -201,11 +201,10 @@ static int tcp_write_timeout(struct sock *sk)
if (retransmits_timed_out(sk, net->ipv4.sysctl_tcp_retries1, 0, 0)) {
/* Some middle-boxes may black-hole Fast Open _after_
* the handshake. Therefore we conservatively disable
- * Fast Open on this path on recurring timeouts with
- * few or zero bytes acked after Fast Open.
+ * Fast Open on this path on recurring timeouts after
+ * successful Fast Open.
*/
- if (tp->syn_data_acked &&
- tp->bytes_acked <= tp->rx_opt.mss_clamp) {
+ if (tp->syn_data_acked) {
tcp_fastopen_cache_set(sk, 0, NULL, true, 0);
if (icsk->icsk_retransmits == net->ipv4.sysctl_tcp_retries1)
NET_INC_STATS(sock_net(sk),
--
2.12.2.816.g2cccc81164-goog
next prev parent reply other threads:[~2017-04-20 21:47 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-20 21:45 [PATCH net-next 0/3] net/tcp_fastopen: Fix for various TFO firewall issues Wei Wang
2017-04-20 21:45 ` [PATCH net-next 1/3] net/tcp_fastopen: Disable active side TFO in certain scenarios Wei Wang
2017-04-20 21:45 ` [PATCH net-next 2/3] net/tcp_fastopen: Add snmp counter for blackhole detection Wei Wang
2017-04-20 21:45 ` Wei Wang [this message]
2017-04-21 0:29 ` [PATCH net-next 3/3] net/tcp_fastopen: Remove mss check in tcp_write_timeout() Yuchung Cheng
2017-04-21 3:06 ` Neal Cardwell
2017-04-21 0:30 ` [PATCH net-next 2/3] net/tcp_fastopen: Add snmp counter for blackhole detection Yuchung Cheng
2017-04-21 3:07 ` Neal Cardwell
2017-04-21 0:29 ` [PATCH net-next 1/3] net/tcp_fastopen: Disable active side TFO in certain scenarios Yuchung Cheng
2017-04-21 2:40 ` Neal Cardwell
2017-04-24 18:27 ` [PATCH net-next 0/3] net/tcp_fastopen: Fix for various TFO firewall issues David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170420214548.23666-4-tracywwnj@gmail.com \
--to=weiwan@google.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=netdev@vger.kernel.org \
--cc=ycheng@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).