[PATCH 1/2] TCP: update ip_local_port_range documentation

[PATCH 1/2] TCP: update ip_local_port_range documentation

[fernando]

[-- Attachment #1: Type: text/plain, Size: 1 bytes --]



[-- Attachment #2: sysctl-ip_local_port_range-documentation.patch --]
[-- Type: text/plain, Size: 1867 bytes --]

Subject: [PATCH] TCP: update ip_local_port_range documentation

From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>

The explanation of ip_local_port_range in Documentation/networking/ip-sysctl.txt
contains several factual errors:

- The default value of ip_local_port_range does not depend on the amount of
  memory available in the system.
- tcp_tw_recycle is not enabled by default.
- 1024-4999 is not the default value.

Fix them.

Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
---

diff -urNp linux-3.4-rc1-orig/Documentation/networking/ip-sysctl.txt linux-3.4-rc1/Documentation/networking/ip-sysctl.txt
--- linux-3.4-rc1-orig/Documentation/networking/ip-sysctl.txt	2012-03-19 08:15:34.000000000 +0900
+++ linux-3.4-rc1/Documentation/networking/ip-sysctl.txt	2012-04-03 07:42:56.793550547 +0900
@@ -604,15 +604,12 @@ IP Variables:
 ip_local_port_range - 2 INTEGERS
 	Defines the local port range that is used by TCP and UDP to
 	choose the local port. The first number is the first, the
-	second the last local port number. Default value depends on
-	amount of memory available on the system:
-	> 128Mb 32768-61000
-	< 128Mb 1024-4999 or even less.
-	This number defines number of active connections, which this
-	system can issue simultaneously to systems not supporting
-	TCP extensions (timestamps). With tcp_tw_recycle enabled
-	(i.e. by default) range 1024-4999 is enough to issue up to
-	2000 connections per second to systems supporting timestamps.
+	second the last local port number. The default values are 
+	32768 and 61000 respectively.
+
+	These two numbers determine the number of active connections
+	which this system can issue simultaneously to systems not
+	supporting TCP extensions (timestamps).
 
 ip_local_reserved_ports - list of comma separated ranges
 	Specify the ports which are reserved for known third-party

[PATCH 2/2] TCP: Use 32768-65535 outgoing port range by default

[fernando]

[-- Attachment #1: Type: text/plain, Size: 1 bytes --]



[-- Attachment #2: sysctl-ip_local_port_range-change-default.patch --]
[-- Type: text/plain, Size: 2055 bytes --]

Subject: [PATCH] TCP: Use 32768-65535 outgoing port range by default

From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>

There was a time when the ip masquerading code reserved the 61000-65095
port range, which is the reason why the current default upper limit in
ip_local_port_range is 61000. However, the current iptables-based
masquerading and SNAT implementation does not have that restriction;
ipchains and the compatibilty mode that used the range over 61000
exclusively is lone gone.

Bump up the last local port number used by default to the maximum, i.e.
65535, so that we can have more connections in the system without
eating deeper into IANA assigned range.

Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
---

diff -urNp linux-3.4-rc1-orig/Documentation/networking/ip-sysctl.txt linux-3.4-rc1/Documentation/networking/ip-sysctl.txt
--- linux-3.4-rc1-orig/Documentation/networking/ip-sysctl.txt	2012-04-03 08:51:37.325983165 +0900
+++ linux-3.4-rc1/Documentation/networking/ip-sysctl.txt	2012-04-03 08:53:52.282652377 +0900
@@ -605,7 +605,7 @@ ip_local_port_range - 2 INTEGERS
 	Defines the local port range that is used by TCP and UDP to
 	choose the local port. The first number is the first, the
 	second the last local port number. The default values are 
-	32768 and 61000 respectively.
+	32768 and 65535 respectively.
 
 	These two numbers determine the number of active connections
 	which this system can issue simultaneously to systems not
diff -urNp linux-3.4-rc1-orig/net/ipv4/inet_connection_sock.c linux-3.4-rc1/net/ipv4/inet_connection_sock.c
--- linux-3.4-rc1-orig/net/ipv4/inet_connection_sock.c	2012-03-19 08:15:34.000000000 +0900
+++ linux-3.4-rc1/net/ipv4/inet_connection_sock.c	2012-04-03 08:52:15.350171717 +0900
@@ -34,7 +34,7 @@ EXPORT_SYMBOL(inet_csk_timer_bug_msg);
  */
 struct local_ports sysctl_local_ports __read_mostly = {
 	.lock = __SEQLOCK_UNLOCKED(sysctl_local_ports.lock),
-	.range = { 32768, 61000 },
+	.range = { 32768, 65535 },
 };
 
 unsigned long *sysctl_local_reserved_ports;

Re: [PATCH 2/2] TCP: Use 32768-65535 outgoing port range by default

[David Miller]

From: fernando@intellilink.co.jp
Date: Tue,  3 Apr 2012 09:50:18 +0900

> There was a time when the ip masquerading code reserved the
> 61000-65095 port range, which is the reason why the current default
> upper limit in ip_local_port_range is 61000. However, the current
> iptables-based masquerading and SNAT implementation does not have
> that restriction; ipchains and the compatibilty mode that used the
> range over 61000 exclusively is lone gone.

I don't think so, anyone out there using "--to-port 61000-65095"
or similar in their firewall setup will suddenly break with
your change.

I'm not applying this patch.

Re: [PATCH 1/2] TCP: update ip_local_port_range documentation

[David Miller]

From: fernando@intellilink.co.jp
Date: Tue,  3 Apr 2012 09:48:40 +0900

> +	These two numbers determine the number of active connections
> +	which this system can issue simultaneously to systems not
> +	supporting TCP extensions (timestamps).

This paragraph is false altogether, it's only true if we have
one configured IP address.

I'd remove it entirely, it doesn't help anyone and just adds
confusion.

Re: [PATCH 1/2] TCP: update ip_local_port_range documentation

[fernando]

Quoting David Miller <davem@davemloft.net>:

> From: fernando@intellilink.co.jp
> Date: Tue,  3 Apr 2012 09:48:40 +0900
>
>> +	These two numbers determine the number of active connections
>> +	which this system can issue simultaneously to systems not
>> +	supporting TCP extensions (timestamps).
>
> This paragraph is false altogether, it's only true if we have
> one configured IP address.
>
> I'd remove it entirely, it doesn't help anyone and just adds
> confusion.

I agree. I will remove that part too and resubmit.

Re: [PATCH 2/2] TCP: Use 32768-65535 outgoing port range by default

[fernando]

Quoting David Miller <davem@davemloft.net>:
> From: fernando@intellilink.co.jp
> Date: Tue,  3 Apr 2012 09:50:18 +0900
>
>> There was a time when the ip masquerading code reserved the
>> 61000-65095 port range, which is the reason why the current default
>> upper limit in ip_local_port_range is 61000. However, the current
>> iptables-based masquerading and SNAT implementation does not have
>> that restriction; ipchains and the compatibilty mode that used the
>> range over 61000 exclusively is lone gone.
>
> I don't think so, anyone out there using "--to-port 61000-65095"
> or similar in their firewall setup will suddenly break with
> your change.

Yes, I considered that. The thing is that certain non-linux hosts 
already use a superset of the 61000-65095 range and 61000 looks like a 
magic number to most users. I just thought that anyone using --to-ports 
would set ip_local_port_range accordingly. Do you want me to document 
where 61000 comes from instead?

Re: [PATCH 2/2] TCP: Use 32768-65535 outgoing port range by default

[David Miller]

From: fernando@intellilink.co.jp
Date: Tue,  3 Apr 2012 14:18:27 +0900

> The thing is that certain non-linux hosts already use a superset of
> the 61000-65095 range and 61000 looks like a magic number to most
> users.

Who cares what other systems usage, it's only an issue about local
port allocations and locally performed masquerading.

> Do you want me to document where 61000 comes from instead?

I think the current documentation on this is adequate.

Re: [PATCH 1/2] TCP: update ip_local_port_range documentation

[fernando]

Quoting David Miller <davem@davemloft.net>:

> From: fernando@intellilink.co.jp
> Date: Tue,  3 Apr 2012 09:48:40 +0900
>
>> +	These two numbers determine the number of active connections
>> +	which this system can issue simultaneously to systems not
>> +	supporting TCP extensions (timestamps).
>
> This paragraph is false altogether, it's only true if we have
> one configured IP address.
>
> I'd remove it entirely, it doesn't help anyone and just adds
> confusion.

Done. I will be replying to this email with an updated patch.

[PATCH] TCP: update ip_local_port_range documentation

[fernando]

[-- Attachment #1: Type: text/plain, Size: 1 bytes --]



[-- Attachment #2: sysctl-ip_local_port_range-documentation-v2.patch --]
[-- Type: text/plain, Size: 1187 bytes --]

diff -urNp linux-3.4-rc1-orig/Documentation/networking/ip-sysctl.txt linux-3.4-rc1/Documentation/networking/ip-sysctl.txt
--- linux-3.4-rc1-orig/Documentation/networking/ip-sysctl.txt	2012-03-19 08:15:34.000000000 +0900
+++ linux-3.4-rc1/Documentation/networking/ip-sysctl.txt	2012-04-03 19:08:59.554903584 +0900
@@ -604,15 +604,8 @@ IP Variables:
 ip_local_port_range - 2 INTEGERS
 	Defines the local port range that is used by TCP and UDP to
 	choose the local port. The first number is the first, the
-	second the last local port number. Default value depends on
-	amount of memory available on the system:
-	> 128Mb 32768-61000
-	< 128Mb 1024-4999 or even less.
-	This number defines number of active connections, which this
-	system can issue simultaneously to systems not supporting
-	TCP extensions (timestamps). With tcp_tw_recycle enabled
-	(i.e. by default) range 1024-4999 is enough to issue up to
-	2000 connections per second to systems supporting timestamps.
+	second the last local port number. The default values are 
+	32768 and 61000 respectively.
 
 ip_local_reserved_ports - list of comma separated ranges
 	Specify the ports which are reserved for known third-party

[PATCH v3] TCP: update ip_local_port_range documentation

[fernando]

[-- Attachment #1: Type: text/plain, Size: 111 bytes --]

I forgot to add my Signed-off-by and the patch explanation.
I am aosrry for the noise. Updated patch attached.

[-- Attachment #2: sysctl-ip_local_port_range-documentation-v3.patch --]
[-- Type: text/plain, Size: 1714 bytes --]

Subject: [PATCH] TCP: update ip_local_port_range documentation

From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>

The explanation of ip_local_port_range in
Documentation/networking/ip-sysctl.txtcontains several factual errors:

- The default value of ip_local_port_range does not depend on the amount of
  memory available in the system.
- tcp_tw_recycle is not enabled by default.
- 1024-4999 is not the default value.
- Etc.

Clean up the mess.

Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
---

diff -urNp linux-3.4-rc1-orig/Documentation/networking/ip-sysctl.txt linux-3.4-rc1/Documentation/networking/ip-sysctl.txt
--- linux-3.4-rc1-orig/Documentation/networking/ip-sysctl.txt	2012-03-19 08:15:34.000000000 +0900
+++ linux-3.4-rc1/Documentation/networking/ip-sysctl.txt	2012-04-03 19:08:59.554903584 +0900
@@ -604,15 +604,8 @@ IP Variables:
 ip_local_port_range - 2 INTEGERS
 	Defines the local port range that is used by TCP and UDP to
 	choose the local port. The first number is the first, the
-	second the last local port number. Default value depends on
-	amount of memory available on the system:
-	> 128Mb 32768-61000
-	< 128Mb 1024-4999 or even less.
-	This number defines number of active connections, which this
-	system can issue simultaneously to systems not supporting
-	TCP extensions (timestamps). With tcp_tw_recycle enabled
-	(i.e. by default) range 1024-4999 is enough to issue up to
-	2000 connections per second to systems supporting timestamps.
+	second the last local port number. The default values are 
+	32768 and 61000 respectively.
 
 ip_local_reserved_ports - list of comma separated ranges
 	Specify the ports which are reserved for known third-party

Re: [PATCH v3] TCP: update ip_local_port_range documentation

[David Miller]

From: fernando@intellilink.co.jp
Date: Wed,  4 Apr 2012 03:41:40 +0900

> I forgot to add my Signed-off-by and the patch explanation.
> I am aosrry for the noise. Updated patch attached.

Since you put this at the top of the message body, I had to
edit it out of the patch submission by hand.

Your commit message proper needed to be edited by hand as well
because there were missing spaces between the Documentation
file path and the word that came right afterwards.

Furthermore, you had trailing whitespace in your patch, which I also
had to fix up by hand.

You know, this wasn't exactly a rocket-science patch, I spent more
time fixing up your patch than I would have spend implementing
the patch myself.  That is _never_ a good sign.