Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3718513pxv; Mon, 26 Jul 2021 10:09:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzvZTf0/TDv+jembLWCIc/XeBz7m1Fl/7IfNCC0w013HeX1K0jDVjvfZxN2cWZT3NWzKyr4 X-Received: by 2002:aa7:dcd2:: with SMTP id w18mr22898593edu.145.1627319370517; Mon, 26 Jul 2021 10:09:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627319370; cv=none; d=google.com; s=arc-20160816; b=eyA403q+iBx6PRMVnWYuYXxcXlMgUeM6mDcpRPJ9v5OME09g0z8jSInoZnO3mC2rRl 8b7lpumOEt5MxSCGLjcn79HvFVlGC32xmDLg1luW170OccIEd4jnMnu22rmqWK6/524r PA/GwUZuAAxvkLFTsuXGU3akOMpUYVDTmaybH+1S9VGtb1KD67nsUnqnKzx5cNUlPhQU VqjpHiBJdkqFmBtaKTvJtyEUeLJp6KePGiTtZa7QbI/FbhNA5nf05Qtdz4D65dEGupmI fzgtY9xLmcB347bQBP+lazFOJuanOxhWmtEbR+Wkq5p28TUySfd6LlJP1ki3OvmUrj+f J84Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=g/AGnx2cOEAVfbHGI3rNphzo+OZm/TZxisM1sSxoBCQ=; b=abu12pdnFL0tQiGnfD+lrIKkJDYqojfu/M3WfoWjPyk1BPcrdOwfhik/r8TTdy80/j fp1zfsOB6V4uQW7Ct5hSMYXXZoxiDAeqQOUfTmPUYGLI2v5vgf76Ar6b9x9kqz4sXy02 WlodWOsNoisip5+GywCMuR+fvTaPkBQNvX4zSYeQagbh+woLx0XdLy5yhaAQH5osdxtx sO4adXq83eWxBhgH6+kAQRdHqjIleVdw0wGV4mU64eWDcGNBjKjnI5yaG7+Cw7V0a5gI v0JCY/YYluVcM2fex2SIwr6PnkbhG48Wg66XNlpm/bS0jwXn7aaiU5dqwaijZK0YDZJh ZrIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=gkdShWL3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hd12si469828ejc.121.2021.07.26.10.09.07; Mon, 26 Jul 2021 10:09:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=gkdShWL3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238310AbhGZPlV (ORCPT + 99 others); Mon, 26 Jul 2021 11:41:21 -0400 Received: from mail.kernel.org ([198.145.29.99]:38594 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237621AbhGZPXj (ORCPT ); Mon, 26 Jul 2021 11:23:39 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 2688260E09; Mon, 26 Jul 2021 16:04:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1627315447; bh=LOLFp2Jxe/nZf0/qwm3GMI4JtoZ1I5Bkwn4WyZWr6zs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gkdShWL3c2ndj9Dp3tLsSbVRP8yEhQ4p9OvR6HrTCQm2JjlXCjSgo7dW/o0kT4AmA 8/PMer2fYFhae9HNpR9R5Zy4PtfsilLxvMomZxoTDyaFnGf5bYqa0k/X5q0yGy0/3h h6hENy0koaDa0tdRnHRMpJk/Yp2KDtLosxdvu9cE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Wei Wang , Eric Dumazet , Neal Cardwell , Soheil Hassas Yeganeh , Yuchung Cheng , "David S. Miller" , Sasha Levin Subject: [PATCH 5.10 099/167] tcp: disable TFO blackhole logic by default Date: Mon, 26 Jul 2021 17:38:52 +0200 Message-Id: <20210726153842.719316961@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210726153839.371771838@linuxfoundation.org> References: <20210726153839.371771838@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Wei Wang [ Upstream commit 213ad73d06073b197a02476db3a4998e219ddb06 ] Multiple complaints have been raised from the TFO users on the internet stating that the TFO blackhole logic is too aggressive and gets falsely triggered too often. (e.g. https://blog.apnic.net/2021/07/05/tcp-fast-open-not-so-fast/) Considering that most middleboxes no longer drop TFO packets, we decide to disable the blackhole logic by setting /proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_set to 0 by default. Fixes: cf1ef3f0719b4 ("net/tcp_fastopen: Disable active side TFO in certain scenarios") Signed-off-by: Wei Wang Signed-off-by: Eric Dumazet Acked-by: Neal Cardwell Acked-by: Soheil Hassas Yeganeh Acked-by: Yuchung Cheng Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- Documentation/networking/ip-sysctl.rst | 2 +- net/ipv4/tcp_fastopen.c | 9 ++++++++- net/ipv4/tcp_ipv4.c | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst index 4abcfff15e38..4822a058a81d 100644 --- a/Documentation/networking/ip-sysctl.rst +++ b/Documentation/networking/ip-sysctl.rst @@ -751,7 +751,7 @@ tcp_fastopen_blackhole_timeout_sec - INTEGER initial value when the blackhole issue goes away. 0 to disable the blackhole detection. - By default, it is set to 1hr. + By default, it is set to 0 (feature is disabled). tcp_fastopen_key - list of comma separated 32-digit hexadecimal INTEGERs The list consists of a primary key and an optional backup key. The diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c index 08548ff23d83..d49709ba8e16 100644 --- a/net/ipv4/tcp_fastopen.c +++ b/net/ipv4/tcp_fastopen.c @@ -507,6 +507,9 @@ void tcp_fastopen_active_disable(struct sock *sk) { struct net *net = sock_net(sk); + if (!sock_net(sk)->ipv4.sysctl_tcp_fastopen_blackhole_timeout) + return; + /* Paired with READ_ONCE() in tcp_fastopen_active_should_disable() */ WRITE_ONCE(net->ipv4.tfo_active_disable_stamp, jiffies); @@ -526,10 +529,14 @@ void tcp_fastopen_active_disable(struct sock *sk) bool tcp_fastopen_active_should_disable(struct sock *sk) { unsigned int tfo_bh_timeout = sock_net(sk)->ipv4.sysctl_tcp_fastopen_blackhole_timeout; - int tfo_da_times = atomic_read(&sock_net(sk)->ipv4.tfo_active_disable_times); unsigned long timeout; + int tfo_da_times; int multiplier; + if (!tfo_bh_timeout) + return false; + + tfo_da_times = atomic_read(&sock_net(sk)->ipv4.tfo_active_disable_times); if (!tfo_da_times) return false; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 5212db9ea157..04e259a04443 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -2913,7 +2913,7 @@ static int __net_init tcp_sk_init(struct net *net) net->ipv4.sysctl_tcp_comp_sack_nr = 44; net->ipv4.sysctl_tcp_fastopen = TFO_CLIENT_ENABLE; spin_lock_init(&net->ipv4.tcp_fastopen_ctx_lock); - net->ipv4.sysctl_tcp_fastopen_blackhole_timeout = 60 * 60; + net->ipv4.sysctl_tcp_fastopen_blackhole_timeout = 0; atomic_set(&net->ipv4.tfo_active_disable_times, 0); /* Reno is always built in */ -- 2.30.2