From: Corey Hickey <bugfood-ml@fatooh.org>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
Linux Netdev List <netdev@vger.kernel.org>,
netfilter-devel@vger.kernel.org
Subject: Re: NAT stops forwarding ACKs after PMTU discovery
Date: Mon, 19 Aug 2013 01:43:18 -0700 [thread overview]
Message-ID: <5211DAA6.1070302@fatooh.org> (raw)
In-Reply-To: <1376870592.4226.27.camel@edumazet-glaptop>
On 2013-08-18 17:03, Eric Dumazet wrote:
> On Sun, 2013-08-18 at 17:00 -0700, Eric Dumazet wrote:
>
>> Code like this seems very suspect to me :
>>
>> before(sack, receiver->td_end + 1)
>>
>
> My suggestion would be to try :
>
> diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
[...]
Thanks for all your suggestions--I really wasn't expecting so much on a
weekend. Here's all the data I have for tonight.
I tried the linux-next kernel, then linux-next with your patch applied.
Neither of them fix the problem, unfortunately. I have taken tcpdumps
for a working SSH and a failing SSH.
http://fatooh.org/files/tmp/linux-next-patch1.tar.bz2
[localhost]
sudo tcpdump -ni br0 -s 0 -w /tmp/local.pcap 'host 10.15.24.13 or icmp'
[router eth0]
tcpdump -ni eth0 -s 0 -w /tmp/eth0.pcap \
'host 10.15.24.13 or (icmp and host not 69.78.33.132)'
* the exclusion here is just to remove some unrelated clutter
[router tun0]
tcpdump -ni tun0 -s 0 -w /tmp/tun0.pcap -s 0 'host 10.15.24.13 or icmp'
[remote]
tcpdump -ni eth0 -s 0 -w remote.pcap 'host 192.168.61.56'
Some notes:
1. I tested the new kernels only on the Linux router, assuming that is
where it was intended.
2. I take back what I wrote earlier about every connection that involves
PMTU discovery failed; I may have been observing this wrong. For now,
the situation is that some connections stop forwarding packets from the
remote host immediately after the retransmit, while other work fine.
3. From local.pcap, you can see that my localhost doesn't actually
transmit a large packet, yet the router's eth0 sees a large packet come
in. I think this is due to TSO, but I'm not completely sure.
4. For some reason, I cannot reproduce this when SSHing to a host at
work that is running Debian sid with 3.10-1-amd64, but I can reproduce
it when SSHing to hosts running Centos 6.4 with
2.6.32-358.6.1.el6.x86_64 (which surely has a ton of patches applied,
for whatever that's worth).
5. I have only a vague understanding of SACK; I will be reading up on
this soon. I will also look into packetdrill for reproducing the
problem, if the SSH results aren't good enough.
6. If I reduce the MTU on localhost to match the path MTU, the problem
does go away.
Thanks again for all the help,
Corey
next prev parent reply other threads:[~2013-08-19 8:43 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <521061B4.1030508@fatooh.org>
2013-08-18 15:24 ` NAT stops forwarding ACKs after PMTU discovery Eric Dumazet
2013-08-18 16:59 ` Corey Hickey
2013-08-18 21:23 ` Jozsef Kadlecsik
2013-08-19 0:00 ` Eric Dumazet
2013-08-19 0:03 ` Eric Dumazet
2013-08-19 8:43 ` Corey Hickey [this message]
2013-08-19 12:33 ` Christoph Paasch
2013-08-19 13:24 ` Eric Dumazet
2013-08-19 13:49 ` Christoph Paasch
2013-08-19 13:58 ` Eric Dumazet
2013-08-19 14:35 ` Phil Oester
2013-08-19 15:32 ` Eric Dumazet
2013-08-19 15:33 ` Christoph Paasch
2013-08-19 16:00 ` Eric Dumazet
2013-08-19 17:15 ` Christoph Paasch
2013-08-19 18:00 ` Phil Oester
2013-08-19 18:10 ` Eric Dumazet
2013-08-19 14:43 ` Christoph Paasch
2013-08-19 20:13 ` Jozsef Kadlecsik
2013-08-19 20:43 ` Christoph Paasch
2013-08-19 21:08 ` Eric Dumazet
2013-08-19 22:07 ` Jozsef Kadlecsik
2013-08-20 4:18 ` Corey Hickey
2013-08-19 18:22 ` Corey Hickey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5211DAA6.1070302@fatooh.org \
--to=bugfood-ml@fatooh.org \
--cc=eric.dumazet@gmail.com \
--cc=kadlec@blackhole.kfki.hu \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).