Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp655847pxu; Fri, 11 Dec 2020 10:59:01 -0800 (PST) X-Google-Smtp-Source: ABdhPJzZ5Dc/b3X0H3tBtUwEXmcc7DtZh0S54DmSuYiQ+vqmEIHP2wXk3a421iX+24Ex9tzntm3e X-Received: by 2002:a17:906:8058:: with SMTP id x24mr11787819ejw.262.1607713140884; Fri, 11 Dec 2020 10:59:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607713140; cv=none; d=google.com; s=arc-20160816; b=yB5HjjX37glu64PKUmRiDavVIGU60rJgTQhTVN6tXds0m2xNeJIrZrWa3IDqRlm0sw ah6o4XkyMukt/hY17SFO4kWfmfDRuItH/7pvxGaCebxxYkT+aF1IRDrp7cnXEeVFr/s9 0Nskg+HCbj7ihuX2rcD1EmAqxauDwpELgoDdXEaNj8+E5TIlV4bR4tm1pw6mPJGGV6bv YViEI6ejWQFjqybZJmOY83qRoySUyxnktMx2/JLZzS4TpCP8Kgk+QSDYlvJ5oVr+mGWT SBW8yuZ87lAbDv71QFuse3j/SRsBYbGZyQCzKXplGRI7OlIt1b6VYOiwMwlNyB4YMn2m dpXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=w9pMnXNgeC3I2EqzptbTj1OeUgYzyw7z4b4B69c9CVQ=; b=n9Rxgtq58lK3gbu8OLuR9Ya9o+t5nY1fQSG9gEgZbQhWVbYJVytnez6TZeAdScUjLd 5OX3p1CXr52RQd6zk/H9AdggNoIMrFtvkgcBTx9HrZfWB7xELQM8qE3rEc77YLaPLE4A DU/txbMd8fgGz00Q2lD37j5r6NLem3usFX9zn0p9jy2FTIKrwQfNdHQQ8kES4yyMBqLJ +r22Mi2X46uCDxG05NTEJ9RdHZKpf7SQyjLDOd0m2qDxKigENsr3z6t5zYWmnPE0eEYy foCEilfZCFI1GrL6LTE+3Q50rdL1P0uIUkBrJGxgTePsYUEi7IiPnr3DmMRYxha5YgAP e4ig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kxc5ZymA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t19si4976090ejb.85.2020.12.11.10.58.37; Fri, 11 Dec 2020 10:59:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=kxc5ZymA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2395067AbgLKRRX (ORCPT + 99 others); Fri, 11 Dec 2020 12:17:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42230 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390169AbgLKRQi (ORCPT ); Fri, 11 Dec 2020 12:16:38 -0500 Received: from mail-il1-x144.google.com (mail-il1-x144.google.com [IPv6:2607:f8b0:4864:20::144]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D652BC0613CF; Fri, 11 Dec 2020 09:15:57 -0800 (PST) Received: by mail-il1-x144.google.com with SMTP id c18so9445715iln.10; Fri, 11 Dec 2020 09:15:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=w9pMnXNgeC3I2EqzptbTj1OeUgYzyw7z4b4B69c9CVQ=; b=kxc5ZymAQ+fGYHWnQrd+SqA/pWtI+9O2o2QOXKZD1NWgRC4i3GCKr9Ap5Wf6fzhwg+ 0foBPB5uSKtGefZ7FrkS86sjnPTPIG6Ewdf1R4VGTpgeEDI/M8T8rw1xdEEgFEvJd4Z3 7QOVnYrw1SNkWCQkzwHI/JQdO4Uq/eNX1qFDolXztfukj1enZVvg2h2g67JbWzw3Q0+s ZEtbjjiTQzCJj6YhErGyh22873EPv1YXOyyRv0KQBtuIpyKg5jwPjjokytwNa8XILJgI v3DnF3gcfToAWOnB9z2sjhvqJHPKsSXGLKOAlqs3NR3PqUh7RzR9AOr2Pgj8fPuv2gcT vfsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=w9pMnXNgeC3I2EqzptbTj1OeUgYzyw7z4b4B69c9CVQ=; b=J4CIeUqOqPls9fZ1mDR1rPlVjHCGE8SzB0GZhbW1mhIfi7WV0Uu/IDWhVTECZoz4cB rRBXxxsaoRG/B4QE1qaogtvadVpxUlybnTeFytEB79hnlIBWE5/FON33vFX5o37s4+h4 dGkPdMY3W2h+EjtyGR/et1COlnXhh9HO1PJ+rz+Y8J+gEWVtsvYjUtchv+8Zx2LbbOf7 AgKBNQHNxvblBmZg/yEXT0mxBspVI1ZMDwcGxekPwUUh2sEjBA4S5njTWiw5lKDVqHao iEGGPBKG5lhtUdX/mqBf05vzv66oHDu30PjMqaO9GrOAnRPznJRyeKIE9CFRGO2tdn9N X5uw== X-Gm-Message-State: AOAM532cynEKKXv1NqsUytL0eQCwhQx4VkkimxxYBqKqgWz2tLLn280s 0YHMarlJy5+j5uiyKVOr6rSSJvRiu4rLNvDG+uE= X-Received: by 2002:a05:6e02:929:: with SMTP id o9mr16725243ilt.42.1607706957044; Fri, 11 Dec 2020 09:15:57 -0800 (PST) MIME-Version: 1.0 References: <160765171921.6905.7897898635812579754.stgit@localhost.localdomain> In-Reply-To: From: Alexander Duyck Date: Fri, 11 Dec 2020 09:15:45 -0800 Message-ID: Subject: Re: [net PATCH] tcp: Mark fastopen SYN packet as lost when receiving ICMP_TOOBIG/ICMP_FRAG_NEEDED To: Eric Dumazet Cc: Yuchung Cheng , David Miller , Jakub Kicinski , Alexey Kuznetsov , Hideaki YOSHIFUJI , netdev , LKML , Martin KaFai Lau , kernel-team Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Dec 11, 2020 at 8:22 AM Eric Dumazet wrote: > > On Fri, Dec 11, 2020 at 5:03 PM Alexander Duyck > wrote: > > > That's fine. I can target this for net-next. I had just selected net > > since I had considered it a fix, but I suppose it could be considered > > a behavioral change. > > We are very late in the 5.10 cycle, and we never handled ICMP in this > state, so net-next is definitely better. > > Note that RFC 7413 states in 4.1.3 : > > The client MUST cache cookies from servers for later Fast Open > connections. For a multihomed client, the cookies are dependent on > the client and server IP addresses. Hence, the client should cache > at most one (most recently received) cookie per client and server IP > address pair. > > When caching cookies, we recommend that the client also cache the > Maximum Segment Size (MSS) advertised by the server. The client can > cache the MSS advertised by the server in order to determine the > maximum amount of data that the client can fit in the SYN packet in > subsequent TFO connections. Caching the server MSS is useful > because, with Fast Open, a client sends data in the SYN packet before > the server announces its MSS in the SYN-ACK packet. If the client > sends more data in the SYN packet than the server will accept, this > will likely require the client to retransmit some or all of the data. > Hence, caching the server MSS can enhance performance. > > Without a cached server MSS, the amount of data in the SYN packet is > limited to the default MSS of 536 bytes for IPv4 [RFC1122] and 1220 > bytes for IPv6 [RFC2460]. Even if the client complies with this > limit when sending the SYN, it is known that an IPv4 receiver > advertising an MSS less than 536 bytes can receive a segment larger > than it is expecting. > > If the cached MSS is larger than the typical size (1460 bytes for > IPv4 or 1440 bytes for IPv6), then the excess data in the SYN packet > may cause problems that offset the performance benefit of Fast Open. > For example, the unusually large SYN may trigger IP fragmentation and > may confuse firewalls or middleboxes, causing SYN retransmission and > other side effects. Therefore, the client MAY limit the cached MSS > to 1460 bytes for IPv4 or 1440 for IPv6. > > > Relying on ICMP is fragile, since they can be filtered in some way. In this case I am not relying on the ICMP, but thought that since I have it I should make use of it. WIthout the ICMP we would still just be waiting on the retransmit timer. The problem case has a v6-in-v6 tunnel between the client and the endpoint so both ends assume an MTU 1500 and advertise a 1440 MSS which works fine until they actually go to send a large packet between the two. At that point the tunnel is triggering an ICMP_TOOBIG and the endpoint is stalling since the MSS is dropped to 1400, but the SYN and data payload were already smaller than that so no retransmits are being triggered. This results in TFO being 1s slower than non-TFO because of the failure to trigger the retransmit for the frame that violated the PMTU. The patch is meant to get the two back into comparable times.