linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] tcp: Added check of destination specific CC before sending syn/ack
@ 2018-07-09 11:25 joakim.misund
  2018-07-09 11:54 ` Eric Dumazet
  0 siblings, 1 reply; 2+ messages in thread
From: joakim.misund @ 2018-07-09 11:25 UTC (permalink / raw)
  Cc: joakim.misund, Eric Dumazet, David S. Miller, Alexey Kuznetsov,
	Hideaki YOSHIFUJI, netdev, linux-kernel

From: Joakim Misund <joakim.misund@gmail.com>

Issue:
Currently TCP stack does not check for a destination specific CC before responding to a syn with a syn/ack.
The system wide default CC is used. If the default CC does not need ECN, but the destination specific does,
the syn/ack will not carry ECT(0) which makes it eligible to drop instead of being marked at routers.
In an ECN-based network ECN marks are frequent (likely) and packet not carrying ECT(0) are likely to be dropped.
This leads to slow connection establishment, and in worst case the establishment can fail.

Signed-off-by: Joakim Misund <joakim.misund@gmail.com>
---
 include/net/tcp.h     | 1 +
 net/ipv4/tcp_input.c  | 2 ++
 net/ipv4/tcp_output.c | 2 +-
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/net/tcp.h b/include/net/tcp.h
index af3ec72d5d41..347c59ac0a72 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -545,6 +545,7 @@ void tcp_send_loss_probe(struct sock *sk);
 bool tcp_schedule_loss_probe(struct sock *sk, bool advancing_rto);
 void tcp_skb_collapse_tstamp(struct sk_buff *skb,
 			     const struct sk_buff *next_skb);
+void tcp_ca_dst_init(struct sock *sk, const struct dst_entry *dst);
 
 /* tcp_input.c */
 void tcp_rearm_rto(struct sock *sk);
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 8e5522c6833a..973e3b5b0516 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -6401,6 +6401,8 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops,
 		isn = af_ops->init_seq(skb);
 	}
 
+	tcp_ca_dst_init(sk, dst);
+
 	tcp_ecn_create_request(req, skb, sk, dst);
 
 	if (want_cookie) {
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 8e08b409c71e..550597acd48c 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -3256,7 +3256,7 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst,
 }
 EXPORT_SYMBOL(tcp_make_synack);
 
-static void tcp_ca_dst_init(struct sock *sk, const struct dst_entry *dst)
+void tcp_ca_dst_init(struct sock *sk, const struct dst_entry *dst)
 {
 	struct inet_connection_sock *icsk = inet_csk(sk);
 	const struct tcp_congestion_ops *ca;
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] tcp: Added check of destination specific CC before sending syn/ack
  2018-07-09 11:25 [PATCH] tcp: Added check of destination specific CC before sending syn/ack joakim.misund
@ 2018-07-09 11:54 ` Eric Dumazet
  0 siblings, 0 replies; 2+ messages in thread
From: Eric Dumazet @ 2018-07-09 11:54 UTC (permalink / raw)
  To: joakim.misund, Florian Westphal
  Cc: Eric Dumazet, David S. Miller, Alexey Kuznetsov,
	Hideaki YOSHIFUJI, netdev, linux-kernel



On 07/09/2018 04:25 AM, joakim.misund@gmail.com wrote:
> From: Joakim Misund <joakim.misund@gmail.com>
> 
> Issue:
> Currently TCP stack does not check for a destination specific CC before responding to a syn with a syn/ack.
> The system wide default CC is used. If the default CC does not need ECN, but the destination specific does,
> the syn/ack will not carry ECT(0) which makes it eligible to drop instead of being marked at routers.
> In an ECN-based network ECN marks are frequent (likely) and packet not carrying ECT(0) are likely to be dropped.
> This leads to slow connection establishment, and in worst case the establishment can fail.
> 
> Signed-off-by: Joakim Misund <joakim.misund@gmail.com>
> ---
>  include/net/tcp.h     | 1 +
>  net/ipv4/tcp_input.c  | 2 ++
>  net/ipv4/tcp_output.c | 2 +-
>  3 files changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/include/net/tcp.h b/include/net/tcp.h
> index af3ec72d5d41..347c59ac0a72 100644
> --- a/include/net/tcp.h
> +++ b/include/net/tcp.h
> @@ -545,6 +545,7 @@ void tcp_send_loss_probe(struct sock *sk);
>  bool tcp_schedule_loss_probe(struct sock *sk, bool advancing_rto);
>  void tcp_skb_collapse_tstamp(struct sk_buff *skb,
>  			     const struct sk_buff *next_skb);
> +void tcp_ca_dst_init(struct sock *sk, const struct dst_entry *dst);
>  
>  /* tcp_input.c */
>  void tcp_rearm_rto(struct sock *sk);
> diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
> index 8e5522c6833a..973e3b5b0516 100644
> --- a/net/ipv4/tcp_input.c
> +++ b/net/ipv4/tcp_input.c
> @@ -6401,6 +6401,8 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops,
>  		isn = af_ops->init_seq(skb);
>  	}
>  
> +	tcp_ca_dst_init(sk, dst);


At this point sk is not locked (and will not be)

Multiple cpus can handle SYN packets in // so this would be racy.

You need to solve this problem in another way.

Thanks.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-07-09 11:55 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-09 11:25 [PATCH] tcp: Added check of destination specific CC before sending syn/ack joakim.misund
2018-07-09 11:54 ` Eric Dumazet

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).