Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3409641pxb; Mon, 4 Apr 2022 16:05:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzBm3lbEgm2GKOfcYd1EHN8s8W9+t038SaYiMLIC0bCd1soVPvGTXIV6Cr7Osu2hQNgGNm+ X-Received: by 2002:a17:902:d2c6:b0:156:2b2c:ab54 with SMTP id n6-20020a170902d2c600b001562b2cab54mr459198plc.52.1649113542925; Mon, 04 Apr 2022 16:05:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649113542; cv=none; d=google.com; s=arc-20160816; b=PV3eYKLEFsBAE3J7MLp2Dl/pzw1JMXVuPZP0Y3J9ywTiq3D+DNJroRQSCNTWdXvk05 2JXwwZ5gpB4duTQVBAT32G1s13tmztD7POp3U9J+G1z21Ss9DS5mtveeclOLLGXg7leD XiH2jWPpxknJbZKz/we4vQFDUfs+eZF9E4xA8h+qw/1K0u4zH20Ro5LBqzBcZ1MDYQqT /B9W4ppAveOmuHX7G5fF+CP9T2z4cWPCVDXWuf9bpDbkBAoBafpTh2H5b0sKrC689F+v mViwensnrIVS9K46D8qjCERWQPWVtOwc6MnmQU+phlm2UyUE0tnGQLOj1Vn5ljZcbOsw zKjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :organization:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id; bh=yOC6Zbla30f82edG8VjoUEoR6eLIG2tnYSX4XR43jPE=; b=yp2A4D/sgFZKoN64/SowQTsEewvljjk1n1XC4IHVTU4aTYD/kCMtNI95SNm5uW9dlC O2eKCcn2eHs4ZeIAKYOLfuCUKpAy21WTCCX2+Prt6ljOGzRKDPxzzGOcpcZTZUT6slsV i8+mzPLu8WZY0eGEq094Yyzu2OUKkjzhvcbRaeeL1MJvk3eH6aN8QfjpyFpEb14Jdnzw Y5MZUgIflQh8w2z7+jLOVcwdmVoV/IZEr+YGoTXct9Ilmapfkw4k2Zoe+Rarn7Vw7bJy 1zfSEZJo5d4XC3TA7ox3N88g2TUEiu7gSlVW0m6M0UCqcLc0d7Q94q/M/0Ql0dD4g/fh Hzkw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=uls.co.za Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e1-20020a631e01000000b003816043f0ffsi11283977pge.756.2022.04.04.16.05.10; Mon, 04 Apr 2022 16:05:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=uls.co.za Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347976AbiDBWEZ (ORCPT + 99 others); Sat, 2 Apr 2022 18:04:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52956 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349735AbiDBWEY (ORCPT ); Sat, 2 Apr 2022 18:04:24 -0400 Received: from uriel.iewc.co.za (uriel.iewc.co.za [IPv6:2c0f:f720:0:3:d6ae:52ff:feb8:f27b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4D5DA1104; Sat, 2 Apr 2022 15:02:31 -0700 (PDT) Received: from [2c0f:f720:fe16:c400::1] (helo=tauri.local.uls.co.za) by uriel.iewc.co.za with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nalpA-0001KM-Cw; Sun, 03 Apr 2022 00:02:24 +0200 Received: from [192.168.42.201] by tauri.local.uls.co.za with esmtp (Exim 4.94.2) (envelope-from ) id 1nalp7-0000Ow-Nr; Sun, 03 Apr 2022 00:02:22 +0200 Message-ID: <59762d2f-d4e3-c748-5d41-ef3be85537ed@uls.co.za> Date: Sun, 3 Apr 2022 00:02:20 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1 Subject: Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections Content-Language: en-GB To: Eric Dumazet Cc: Neal Cardwell , Florian Westphal , LKML , Netdev , Yuchung Cheng , Wei Wang , Pablo Neira Ayuso , Sven Auhagen References: <10c1e561-8f01-784f-c4f4-a7c551de0644@uls.co.za> <5f1bbeb2-efe4-0b10-bc76-37eff30ea905@uls.co.za> <429dd56b-8a6c-518f-ccb4-fa5beae30953@uls.co.za> From: Jaco Kroon Organization: Ultimate Linux Solutions (Pty) Ltd In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On 2022/04/02 15:20, Eric Dumazet wrote: > Great. This confirms our suspicions. > > Please try the following patch that landed in 5.18-rc > > f2dd495a8d589371289981d5ed33e6873df94ecc netfilter: nf_conntrack_tcp: > preserve liberal flag in tcp options Will track this down and deploy in the next day or two.  Thank you, Neal and Florian for all the assistance! As an aside, would really like to engage with someone that can assist on the known congestion w.r.t. Google services in JHB, so if you're willing - or can get me in contact with the right people, please do contact me direct off-list (we've alleviated the issue by upgrading out IPT but would like to understand what is going on, can provide ticket references). Kind Regards, Jaco > > CC netfilter folks. > > Condition triggering the bug : > before(seq, sender->td_maxend + 1), > > I took a look at the code, and it is not clear if td_maxend is > properly setup (or if td_scale is cleared at some point while it > should not) > > Alternatively, if conntracking does not know if the connection is > using wscale (or what is the scale), the "before(seq, > sender->td_maxend + 1)," > should not be evaluated/used. > > Also, I do not see where td_maxend is extended in tcp_init_sender() > > Probably wrong patch, just to point to the code I do not understand yet. > > diff --git a/net/netfilter/nf_conntrack_proto_tcp.c > b/net/netfilter/nf_conntrack_proto_tcp.c > index 8ec55cd72572e0cca076631e2cc1c11f0c2b86f6..950082785d61b7a2768559c7500d3aee3aaea7c2 > 100644 > --- a/net/netfilter/nf_conntrack_proto_tcp.c > +++ b/net/netfilter/nf_conntrack_proto_tcp.c > @@ -456,9 +456,10 @@ static void tcp_init_sender(struct ip_ct_tcp_state *sender, > /* SYN-ACK in reply to a SYN > * or SYN from reply direction in simultaneous open. > */ > - sender->td_end = > - sender->td_maxend = end; > - sender->td_maxwin = (win == 0 ? 1 : win); > + sender->td_end = end; > + sender->td_maxwin = max(win, 1U); > + /* WIN in SYN & SYNACK is not scaled */ > + sender->td_maxend = end + sender->td_maxwin; > > tcp_options(skb, dataoff, tcph, sender); > /* RFC 1323: