netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jakub Kicinski <kuba@kernel.org>
To: Eric Dumazet <edumazet@google.com>,
	Paolo Abeni <pabeni@redhat.com>,
	ncardwell@google.com
Cc: netdev@vger.kernel.org
Subject: ICMP_PARAMETERPROB and ICMP_TIME_EXCEEDED during connect
Date: Tue, 26 Mar 2024 13:34:12 -0700	[thread overview]
Message-ID: <20240326133412.47cf6d99@kernel.org> (raw)

Hi!

I got a report from a user surprised/displeased that ICMP_TIME_EXCEEDED
breaks connect(), while TCP RFCs say it shouldn't. Even pointing a
finger at Linux, RFC5461:

   A number of TCP implementations have modified their reaction to all
   ICMP soft errors and treat them as hard errors when they are received
   for connections in the SYN-SENT or SYN-RECEIVED states.  For example,
   this workaround has been implemented in the Linux kernel since
   version 2.0.0 (released in 1996) [Linux].  However, it should be
   noted that this change violates section 4.2.3.9 of [RFC1122], which
   states that these ICMP error messages indicate soft error conditions
   and that, therefore, TCP MUST NOT abort the corresponding connection.

Is there any reason we continue with this behavior or is it just that
nobody ever sent a patch?

Somewhat related in tcp_v4_err() we do:

	switch (sk->sk_state) {
	case TCP_SYN_SENT:
	case TCP_SYN_RECV:
		[...]

		if (!sock_owned_by_user(sk)) {
			WRITE_ONCE(sk->sk_err, err);

			sk_error_report(sk);

			tcp_done(sk);
		} else {
			WRITE_ONCE(sk->sk_err_soft, err);
		}
		goto out;
	}

So the error is soft if socket is locked, and I can't find anything
in backlog processing which would pay attention. So it seems that 
under certain conditions we already ignore it.

Can we ignore it always, or perhaps conditionally based on IP_RECVERR?

             reply	other threads:[~2024-03-26 20:34 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-26 20:34 Jakub Kicinski [this message]
2024-03-26 22:03 ` ICMP_PARAMETERPROB and ICMP_TIME_EXCEEDED during connect Neal Cardwell
2024-03-26 23:55   ` Jakub Kicinski
2024-03-27 13:05     ` Eric Dumazet
2024-04-02 13:21       ` Leon Romanovsky
2024-04-02 13:31         ` Eric Dumazet
2024-04-02 14:17           ` Jason Xing
2024-04-02 17:32             ` Leon Romanovsky

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240326133412.47cf6d99@kernel.org \
    --to=kuba@kernel.org \
    --cc=edumazet@google.com \
    --cc=ncardwell@google.com \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).