From: Eric Dumazet <eric.dumazet@gmail.com>
To: "Ilpo Järvinen" <ilpo.jarvinen@helsinki.fi>
Cc: Krzysztof Oledzki <ole@ans.pl>,
David Miller <davem@davemloft.net>,
Herbert Xu <herbert@gondor.apana.org.au>,
Linux Netdev List <netdev@vger.kernel.org>
Subject: Re: Problem with tcp (2.6.31) as first, http://bugzilla.kernel.org/show_bug.cgi?id=14580
Date: Fri, 27 Nov 2009 12:48:05 +0100 [thread overview]
Message-ID: <4B0FBC75.5060000@gmail.com> (raw)
In-Reply-To: <alpine.DEB.2.00.0911271246030.2459@melkinpaasi.cs.helsinki.fi>
Ilpo Järvinen a écrit :
> What would you expect to happen? If out-of-window stuff arrives we send
> dupacks. If we would send resets, that would introduce blind rst attacks.
> In theory we might be able to quench the loop by using pingpong thing but
> that needs very careful thought in order to not introduce other problems,
> and even then your connections will not be re-usable until either end
> times out so the gain is rather limited. We simply cannot rst the
> connection, that's not an option.
>
> I find this problem simply stem from the introduced loss of end-to-end
> connectivity. Would you really "lose" that server so that its TCP state is
> not maintained, you'd get resets etc (crash, scheduled reboot or
> whatever). Only real solution would be a kill switch for TCP connection
> when you break e-2-e connectivity (ie., switch servers so that the same IP
> is reacquired by somebody else). In theory you can "simulate" the kill
> switch by setting tcp_retries sysctls to small values to make the
> connections to timeout much faster, but still that might not be enough for
> you (and has other implications you might not like).
>
RST is not an option, sure, but ACK storms are unlikely good things too.
Could'nt we do something smart in presence of tcp timestamps ?
11:23:27.669910 IP 192.168.20.110.3434 > 192.168.200.200.333: . ack 2457299512 win 92 <nop,nop,timestamp 42408589 1506086404>
11:23:27.669991 IP 192.168.200.200.333 > 192.168.20.110.3434: . ack 11687 win 91 <nop,nop,timestamp 1704614538 42406583>
11:23:27.670000 IP 192.168.20.110.3434 > 192.168.200.200.333: . ack 2457299512 win 92 <nop,nop,timestamp 42408589 1506086404>
11:23:27.670093 IP 192.168.200.200.333 > 192.168.20.110.3434: . ack 11687 win 91 <nop,nop,timestamp 1704614538 42406583>
11:23:27.670099 IP 192.168.20.110.3434 > 192.168.200.200.333: . ack 2457299512 win 92 <nop,nop,timestamp 42408589 1506086404>
11:23:27.670175 IP 192.168.200.200.333 > 192.168.20.110.3434: . ack 11687 win 91 <nop,nop,timestamp 1704614538 42406583>
11:23:27.670183 IP 192.168.20.110.3434 > 192.168.200.200.333: . ack 2457299512 win 92 <nop,nop,timestamp 42408589 1506086404>
11:23:27.670268 IP 192.168.200.200.333 > 192.168.20.110.3434: . ack 11687 win 91 <nop,nop,timestamp 1704614538 42406583>
11:23:27.670276 IP 192.168.20.110.3434 > 192.168.200.200.333: . ack 2457299512 win 92 <nop,nop,timestamp 42408589 1506086404>
11:23:27.670359 IP 192.168.200.200.333 > 192.168.20.110.3434: . ack 11687 win 91 <nop,nop,timestamp 1704614538 42406583>
11:23:27.670368 IP 192.168.20.110.3434 > 192.168.200.200.333: . ack 2457299512 win 92 <nop,nop,timestamp 42408589 1506086404>
Or we could
Count number N of strange/bad acks we received from peer.
- At first one, send our ACK immediately
- For following, delay our ACK answer by N*100 ms, to reduce the flood.
(or if we have data in flight, only rely on retransmit timer and not sending acks)
next prev parent reply other threads:[~2009-11-27 11:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <alpine.LNX.1.10.0911251626500.13662@bizon.gios.gov.pl>
[not found] ` <4B0D83E8.3000009@gmail.com>
[not found] ` <4B0D86BD.4010902@ans.pl>
[not found] ` <4B0D8EC6.9050204@gmail.com>
[not found] ` <4B0D8FB2.1060606@ans.pl>
[not found] ` <4B0E1D1C.30000@gmail.com>
[not found] ` <4B0E6D50.1020906@ans.pl>
[not found] ` <4B0EAC4F.3080202@gmail.com>
[not found] ` <alpine.LNX.1.10.0911261749100.16993@bizon.gios.gov.pl>
[not found] ` <4B0EE958.7090607@gmail.com>
[not found] ` <4B0EECE5.5050406@ans.pl>
[not found] ` <4B0EEF76.1070803@gmail.com>
[not found] ` <4B0EF273.4030003@gmail.com>
[not found] ` <alpine.DEB.2.00.0911262327130.24189@melkinpaasi.cs.helsinki.fi>
[not found] ` <4B0F0466.8080006@gmail.com>
[not found] ` <alpine.LNX.1.10.0911271013330.24080@bizon.gios.gov.pl>
[not found] ` <alpine.DEB.2.00.0911271246030.2459@melkinpaasi.cs.helsinki.fi>
2009-11-27 11:43 ` Problem with tcp (2.6.31) as first, http://bugzilla.kernel.org/show_bug.cgi?id=14580 Krzysztof Olędzki
2009-11-27 11:48 ` Eric Dumazet [this message]
[not found] ` <20091129.233447.60856273.davem@davemloft.net>
2009-11-30 9:12 ` Problem with tcp (2.6.31) as first Eric Dumazet
2009-11-30 20:56 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B0FBC75.5060000@gmail.com \
--to=eric.dumazet@gmail.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=ilpo.jarvinen@helsinki.fi \
--cc=netdev@vger.kernel.org \
--cc=ole@ans.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).