From: Arnd Bergmann <arnd@arndb.de>
To: stable@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
Gerrit Renker <gerrit@erg.abdn.ac.uk>,
Eric Dumazet <edumazet@google.com>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Cc: Neal Cardwell <ncardwell@google.com>,
Yuchung Cheng <ycheng@google.com>, Arnd Bergmann <arnd@arndb.de>,
Wei Wang <weiwan@google.com>, Ilya Lesokhin <ilyal@mellanox.com>,
Priyaranjan Jha <priyarjha@google.com>,
Soheil Hassas Yeganeh <soheil@google.com>,
Yafang Shao <laoar.shao@gmail.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
dccp@vger.kernel.org
Subject: [BACKPORT 4.4.y 18/25] tcp/dccp: drop SYN packets if accept queue is full
Date: Fri, 22 Mar 2019 16:44:09 +0100 [thread overview]
Message-ID: <20190322154425.3852517-19-arnd@arndb.de> (raw)
In-Reply-To: <20190322154425.3852517-1-arnd@arndb.de>
From: Eric Dumazet <edumazet@google.com>
Per listen(fd, backlog) rules, there is really no point accepting a SYN,
sending a SYNACK, and dropping the following ACK packet if accept queue
is full, because application is not draining accept queue fast enough.
This behavior is fooling TCP clients that believe they established a
flow, while there is nothing at server side. They might then send about
10 MSS (if using IW10) that will be dropped anyway while server is under
stress.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 5ea8ea2cb7f1d0db15762c9b0bb9e7330425a071)
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
include/net/inet_connection_sock.h | 5 -----
net/dccp/ipv4.c | 8 +-------
net/dccp/ipv6.c | 2 +-
net/ipv4/tcp_input.c | 8 +-------
4 files changed, 3 insertions(+), 20 deletions(-)
diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h
index 49dcad4fe99e..72599bbc8255 100644
--- a/include/net/inet_connection_sock.h
+++ b/include/net/inet_connection_sock.h
@@ -289,11 +289,6 @@ static inline int inet_csk_reqsk_queue_len(const struct sock *sk)
return reqsk_queue_len(&inet_csk(sk)->icsk_accept_queue);
}
-static inline int inet_csk_reqsk_queue_young(const struct sock *sk)
-{
- return reqsk_queue_len_young(&inet_csk(sk)->icsk_accept_queue);
-}
-
static inline int inet_csk_reqsk_queue_is_full(const struct sock *sk)
{
return inet_csk_reqsk_queue_len(sk) >= sk->sk_max_ack_backlog;
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index 45fd82e61e79..b0a577a79a6a 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -592,13 +592,7 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
if (inet_csk_reqsk_queue_is_full(sk))
goto drop;
- /*
- * Accept backlog is full. If we have already queued enough
- * of warm entries in syn queue, drop request. It is better than
- * clogging syn queue with openreqs with exponentially increasing
- * timeout.
- */
- if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
+ if (sk_acceptq_is_full(sk))
goto drop;
req = inet_reqsk_alloc(&dccp_request_sock_ops, sk, true);
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 0bf41faeffc4..18bb2a42f0d1 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -324,7 +324,7 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
if (inet_csk_reqsk_queue_is_full(sk))
goto drop;
- if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
+ if (sk_acceptq_is_full(sk))
goto drop;
req = inet_reqsk_alloc(&dccp6_request_sock_ops, sk, true);
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 1aff93d76f24..b320fa9f834a 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -6305,13 +6305,7 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops,
goto drop;
}
-
- /* Accept backlog is full. If we have already queued enough
- * of warm entries in syn queue, drop request. It is better than
- * clogging syn queue with openreqs with exponentially increasing
- * timeout.
- */
- if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) {
+ if (sk_acceptq_is_full(sk)) {
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
goto drop;
}
--
2.20.0
next prev parent reply other threads:[~2019-03-22 15:48 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-22 15:43 [BACKPORT 4.4.y 00/25] candidates from spreadtrum 4.4 product kernel Arnd Bergmann
2019-03-22 15:43 ` [BACKPORT 4.4.y 01/25] mmc: pwrseq: constify mmc_pwrseq_ops structures Arnd Bergmann
2019-03-26 1:08 ` Greg KH
2019-03-26 6:44 ` Julia Lawall
2019-03-26 8:11 ` Arnd Bergmann
2019-03-22 15:43 ` [BACKPORT 4.4.y 02/25] ALSA: compress: add support for 32bit calls in a 64bit kernel Arnd Bergmann
2019-03-26 1:09 ` Greg KH
2019-03-26 7:55 ` Arnd Bergmann
2019-03-30 9:40 ` Greg KH
2019-03-22 15:43 ` [BACKPORT 4.4.y 03/25] mmc: pwrseq_simple: Make reset-gpios optional to match doc Arnd Bergmann
2019-03-22 15:43 ` [BACKPORT 4.4.y 04/25] USB: iowarrior: fix oops with malicious USB descriptors Arnd Bergmann
2019-03-26 1:13 ` Greg Kroah-Hartman
2019-03-26 8:20 ` Arnd Bergmann
2019-03-26 9:35 ` Baolin Wang
2019-03-26 9:47 ` 翟京 (Orson Zhai)
2019-03-22 15:43 ` [BACKPORT 4.4.y 05/25] mmc: debugfs: Add a restriction to mmc debugfs clock setting Arnd Bergmann
2019-03-22 15:43 ` [BACKPORT 4.4.y 06/25] mmc: make MAN_BKOPS_EN message a debug Arnd Bergmann
2019-03-22 15:43 ` [BACKPORT 4.4.y 07/25] mmc: sanitize 'bus width' in debug output Arnd Bergmann
2019-03-22 15:43 ` [BACKPORT 4.4.y 08/25] mmc: core: shut up "voltage-ranges unspecified" pr_info() Arnd Bergmann
2019-03-22 15:44 ` [BACKPORT 4.4.y 09/25] usb: dwc3: gadget: Fix suspend/resume during device mode Arnd Bergmann
2019-03-22 15:44 ` [BACKPORT 4.4.y 10/25] arm64: mm: Add trace_irqflags annotations to do_debug_exception() Arnd Bergmann
2019-03-22 15:44 ` [BACKPORT 4.4.y 11/25] mmc: core: fix using wrong io voltage if mmc_select_hs200 fails Arnd Bergmann
2019-03-22 15:44 ` [BACKPORT 4.4.y 12/25] mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON Arnd Bergmann
2019-03-22 15:44 ` [BACKPORT 4.4.y 13/25] extcon: usb-gpio: Don't miss event during suspend/resume Arnd Bergmann
2019-03-22 15:44 ` [BACKPORT 4.4.y 14/25] kbuild: setlocalversion: print error to STDERR Arnd Bergmann
2019-03-22 15:44 ` [BACKPORT 4.4.y 15/25] usb: gadget: composite: fix dereference after null check coverify warning Arnd Bergmann
2019-03-22 15:44 ` [BACKPORT 4.4.y 16/25] usb: gadget: Add the gserial port checking in gs_start_tx() Arnd Bergmann
2019-03-22 15:44 ` [BACKPORT 4.4.y 17/25] mmc: core: don't try to switch block size for dual rate mode Arnd Bergmann
2019-03-26 1:27 ` Greg KH
2019-03-26 8:14 ` Arnd Bergmann
2019-03-22 15:44 ` Arnd Bergmann [this message]
2019-03-26 1:21 ` [BACKPORT 4.4.y 18/25] tcp/dccp: drop SYN packets if accept queue is full Greg KH
2019-03-22 15:44 ` [BACKPORT 4.4.y 19/25] serial: sprd: adjust TIMEOUT to a big value Arnd Bergmann
2019-03-26 1:21 ` Greg KH
2019-03-22 15:44 ` [BACKPORT 4.4.y 20/25] Hang/soft lockup in d_invalidate with simultaneous calls Arnd Bergmann
2019-03-26 1:30 ` Greg KH
2019-03-22 15:44 ` [BACKPORT 4.4.y 21/25] arm64: traps: disable irq in die() Arnd Bergmann
2019-03-26 1:31 ` Greg KH
2019-03-22 15:44 ` [BACKPORT 4.4.y 22/25] usb: renesas_usbhs: gadget: fix unused-but-set-variable warning Arnd Bergmann
2019-03-22 15:44 ` [BACKPORT 4.4.y 23/25] serial: sprd: clear timeout interrupt only rather than all interrupts Arnd Bergmann
2019-03-26 1:34 ` Greg KH
2019-03-22 15:44 ` [BACKPORT 4.4.y 24/25] lib/int_sqrt: optimize small argument Arnd Bergmann
2019-03-26 1:36 ` Greg KH
2019-03-22 15:44 ` [BACKPORT 4.4.y 25/25] USB: core: only clean up what we allocated Arnd Bergmann
2019-03-26 1:36 ` Greg Kroah-Hartman
2019-03-26 2:18 ` [BACKPORT 4.4.y 00/25] candidates from spreadtrum 4.4 product kernel Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190322154425.3852517-19-arnd@arndb.de \
--to=arnd@arndb.de \
--cc=davem@davemloft.net \
--cc=dccp@vger.kernel.org \
--cc=edumazet@google.com \
--cc=gerrit@erg.abdn.ac.uk \
--cc=ilyal@mellanox.com \
--cc=kuznet@ms2.inr.ac.ru \
--cc=laoar.shao@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=priyarjha@google.com \
--cc=soheil@google.com \
--cc=stable@vger.kernel.org \
--cc=weiwan@google.com \
--cc=ycheng@google.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).