Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1547092pxu;
        Sat, 12 Dec 2020 17:13:58 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyxA+z2iHbHiZA5eYYAGMS8uRCcdsExihuG0QkK+5Tm0MkNK1m+A4qOPACPklPIELV8HSDG
X-Received: by 2002:a05:6402:1593:: with SMTP id c19mr2805327edv.269.1607822037917;
        Sat, 12 Dec 2020 17:13:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1607822037; cv=none;
        d=google.com; s=arc-20160816;
        b=zG2VyMCgEoUMtZui1YysFZOXDupeVc+VGL847+xcDA8nDIRYMcd4FNKX4b4WKwWhDQ
         KzOO/mi4JYb0lpnPypxFhRaFl8Hlf5yiiPt0kW1PmOj0cz9eYUsaqXGHC43CEouPDurt
         ikNG6J0UWk+Qicf2CCFmompiusl+w/GDI9BYvYeYwduRYwtV/fkGX1u73RVcmXASMrA8
         vOZSYRW6XrUnsakprhESrxiQz9q/rPgGrObonpcM4VcqqHHTbrxqeVAuzea3tk3d+K2G
         5qphBrGp8pNRI8pEUm5+5xFobF9m2XeA7/tiBIHgFdJqF5pQCtQj6BhmWFsDvfjtqltB
         OFKQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=TpL5j0wxilEj0YGcq7bQWSNpU6rX05pPXbA7fekSIe4=;
        b=gr1XGF7mZrAGlMWwTuawXMO8FtCJb+T164Uz0+VyRn4tYuncgK4KErsZrLljHW6f8S
         yDLhAYmsOxh4CdgI3FWurYpLZXN9/ZFGA9P7AnbPAgcftBGuPnJuiI2eZj0inXuVAC5a
         xpmt2I4awQ54e4wwiij25kuhqfpIzN+GhUfZ/PmWBuQJHj42idjcUwDDuteRwNmQ6hsc
         p+7xz155+edGo1Cfxur4WTeRkv1IHo/UyeE+pWH+M+sWRAkFmIYChCBXXvKG1UMNE+mZ
         4xicbjPTzWQhFxr7FI6k/7Upqi49C3gJf4ylBZmSiEMTxpkk5ISw7X9e9QzK8sVD6w9S
         VOHQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=JwcbZr45;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id dh5si7611584edb.122.2020.12.12.17.13.34;
        Sat, 12 Dec 2020 17:13:57 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=JwcbZr45;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2393414AbgLKTTH (ORCPT <rfc822;pokegacc141@gmail.com>
        + 99 others); Fri, 11 Dec 2020 14:19:07 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32798 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728058AbgLKTSl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 11 Dec 2020 14:18:41 -0500
Received: from mail-io1-xd42.google.com (mail-io1-xd42.google.com [IPv6:2607:f8b0:4864:20::d42])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A956EC0613CF
        for <linux-kernel@vger.kernel.org>; Fri, 11 Dec 2020 11:18:01 -0800 (PST)
Received: by mail-io1-xd42.google.com with SMTP id i18so10591841ioa.1
        for <linux-kernel@vger.kernel.org>; Fri, 11 Dec 2020 11:18:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=TpL5j0wxilEj0YGcq7bQWSNpU6rX05pPXbA7fekSIe4=;
        b=JwcbZr45xttGYQbhMTptTMZ/07mDTeri6lf9x9Lk3mqfsgwwv5uS8VaIm5S24E0vat
         zMdC+58pwzqMqUOo4njYD/apdJIgxTKMC//071b1m9fJvSxhgChEVR7YxzK2KCwAuFBo
         PvVaXZ7MadRfhzSsTVDHHzxvcWiJVSXYZMbdJgEfP54thgDOrm43X9pNx1zAHd6uNy4k
         1hswuxH2mSlJNG97ty3W0YyDe/Ink+NTgIXHZUswniaFADSoJkd53aSG6/Qe26aX9/yG
         WVuUzg6xjxrGLbeqD7tTCaiJhJ/Hrhi7pn9jbfhkqHQ/gwfDUrXq4mHWStp1Pqj3nug5
         LNMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=TpL5j0wxilEj0YGcq7bQWSNpU6rX05pPXbA7fekSIe4=;
        b=U1/nPjTcIvb5R/Vt3bnqIIQFzC3RW5PMnz29OGF/LdQPc+fJ/lfnOjo1h/TtBDYpiD
         HQ/zrYQOmx0XEHv352uqAzptykYTTc518SBKXZw56jQcBzSJ45w6N9leTduTl+o9VQGK
         ZrKiekE7GhijGKoPQYKLw6BjzA+kRRo5JDKb0tUcJQneU0BmW4//v5TCOw4Q88xwLKFy
         v07aMvtYi8eafNsNE3/N1X6HnMKpnj3kqAhMZ0+hPyTVt/Ke0Vt/qZh5KdYdiuBC/Qgw
         FD4hwjBv/JJjGOpUuYGHzcerks1zpX39v5avCwhMJdIOANR7oJxlAHoH4BCgPWnt+Vx0
         cKIw==
X-Gm-Message-State: AOAM530L3ywW96cYX2wSXihrvFMNPVilyWjl+/jUBGiiFeGcyGZdF0KE
        JlwbYF4kXYEuFqjsFJm4hxikTRh0OzOoTaC1QAXTaw==
X-Received: by 2002:a6b:d61a:: with SMTP id w26mr16643357ioa.117.1607714280769;
 Fri, 11 Dec 2020 11:18:00 -0800 (PST)
MIME-Version: 1.0
References: <160765171921.6905.7897898635812579754.stgit@localhost.localdomain>
 <CANn89iJ5HnJYv6eWb1jm6rK173DFkp2GRnfvi9vnYwXZPzE4LQ@mail.gmail.com>
 <CAKgT0Uf_q=FgMHd9_wq5Bx8rCC-kS0Qz563rE9dL2hpQ6Evppg@mail.gmail.com>
 <CANn89iJUT6aWm75ZpU_Ggmuqbb+cbLSGj0Bxysu9_wXRgNS8MQ@mail.gmail.com> <CAKgT0Uecuh3mcGRpDAZzzbnQtOusc++H4SXAv2Scd297Ha5AYQ@mail.gmail.com>
In-Reply-To: <CAKgT0Uecuh3mcGRpDAZzzbnQtOusc++H4SXAv2Scd297Ha5AYQ@mail.gmail.com>
From:   Eric Dumazet <edumazet@google.com>
Date:   Fri, 11 Dec 2020 20:17:49 +0100
Message-ID: <CANn89iKfqKpXgCv_Z4iSt5RpjxYUvkYSoZKF3FZs+Jgev3aDgw@mail.gmail.com>
Subject: Re: [net PATCH] tcp: Mark fastopen SYN packet as lost when receiving ICMP_TOOBIG/ICMP_FRAG_NEEDED
To:     Alexander Duyck <alexander.duyck@gmail.com>
Cc:     Yuchung Cheng <ycheng@google.com>,
        David Miller <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
        netdev <netdev@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Martin KaFai Lau <kafai@fb.com>,
        kernel-team <kernel-team@fb.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Dec 11, 2020 at 6:15 PM Alexander Duyck
<alexander.duyck@gmail.com> wrote:
>
> On Fri, Dec 11, 2020 at 8:22 AM Eric Dumazet <edumazet@google.com> wrote:
> >
> > On Fri, Dec 11, 2020 at 5:03 PM Alexander Duyck
> > <alexander.duyck@gmail.com> wrote:
> >
> > > That's fine. I can target this for net-next. I had just selected net
> > > since I had considered it a fix, but I suppose it could be considered
> > > a behavioral change.
> >
> > We are very late in the 5.10 cycle, and we never handled ICMP in this
> > state, so net-next is definitely better.
> >
> > Note that RFC 7413 states in 4.1.3 :
> >
> >  The client MUST cache cookies from servers for later Fast Open
> >    connections.  For a multihomed client, the cookies are dependent on
> >    the client and server IP addresses.  Hence, the client should cache
> >    at most one (most recently received) cookie per client and server IP
> >    address pair.
> >
> >    When caching cookies, we recommend that the client also cache the
> >    Maximum Segment Size (MSS) advertised by the server.  The client can
> >    cache the MSS advertised by the server in order to determine the
> >    maximum amount of data that the client can fit in the SYN packet in
> >    subsequent TFO connections.  Caching the server MSS is useful
> >    because, with Fast Open, a client sends data in the SYN packet before
> >    the server announces its MSS in the SYN-ACK packet.  If the client
> >    sends more data in the SYN packet than the server will accept, this
> >    will likely require the client to retransmit some or all of the data.
> >    Hence, caching the server MSS can enhance performance.
> >
> >    Without a cached server MSS, the amount of data in the SYN packet is
> >    limited to the default MSS of 536 bytes for IPv4 [RFC1122] and 1220
> >    bytes for IPv6 [RFC2460].  Even if the client complies with this
> >    limit when sending the SYN, it is known that an IPv4 receiver
> >    advertising an MSS less than 536 bytes can receive a segment larger
> >    than it is expecting.
> >
> >    If the cached MSS is larger than the typical size (1460 bytes for
> >    IPv4 or 1440 bytes for IPv6), then the excess data in the SYN packet
> >    may cause problems that offset the performance benefit of Fast Open.
> >    For example, the unusually large SYN may trigger IP fragmentation and
> >    may confuse firewalls or middleboxes, causing SYN retransmission and
> >    other side effects.  Therefore, the client MAY limit the cached MSS
> >    to 1460 bytes for IPv4 or 1440 for IPv6.
> >
> >
> > Relying on ICMP is fragile, since they can be filtered in some way.
>
> In this case I am not relying on the ICMP, but thought that since I
> have it I should make use of it. WIthout the ICMP we would still just
> be waiting on the retransmit timer.
>
> The problem case has a v6-in-v6 tunnel between the client and the
> endpoint so both ends assume an MTU 1500 and advertise a 1440 MSS
> which works fine until they actually go to send a large packet between
> the two. At that point the tunnel is triggering an ICMP_TOOBIG and the
> endpoint is stalling since the MSS is dropped to 1400, but the SYN and
> data payload were already smaller than that so no retransmits are
> being triggered. This results in TFO being 1s slower than non-TFO
> because of the failure to trigger the retransmit for the frame that
> violated the PMTU. The patch is meant to get the two back into
> comparable times.

Okay... Have you studied why tcp_v4_mtu_reduced() (and IPv6 equivalent)
code does not yet handle the retransmit in TCP_SYN_SENT state ?