| From 417a2ba2f5e341cb7a842132e7685d187c251675 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Wed, 21 Jul 2021 10:27:38 -0700 |
| Subject: tcp: disable TFO blackhole logic by default |
| |
| From: Wei Wang <weiwan@google.com> |
| |
| [ Upstream commit 213ad73d06073b197a02476db3a4998e219ddb06 ] |
| |
| Multiple complaints have been raised from the TFO users on the internet |
| stating that the TFO blackhole logic is too aggressive and gets falsely |
| triggered too often. |
| (e.g. https://blog.apnic.net/2021/07/05/tcp-fast-open-not-so-fast/) |
| Considering that most middleboxes no longer drop TFO packets, we decide |
| to disable the blackhole logic by setting |
| /proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_set to 0 by default. |
| |
| Fixes: cf1ef3f0719b4 ("net/tcp_fastopen: Disable active side TFO in certain scenarios") |
| Signed-off-by: Wei Wang <weiwan@google.com> |
| Signed-off-by: Eric Dumazet <edumazet@google.com> |
| Acked-by: Neal Cardwell <ncardwell@google.com> |
| Acked-by: Soheil Hassas Yeganeh <soheil@google.com> |
| Acked-by: Yuchung Cheng <ycheng@google.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| Documentation/networking/ip-sysctl.rst | 2 +- |
| net/ipv4/tcp_fastopen.c | 9 ++++++++- |
| net/ipv4/tcp_ipv4.c | 2 +- |
| 3 files changed, 10 insertions(+), 3 deletions(-) |
| |
| diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst |
| index c2ecc9894fd0..9a57e972dae4 100644 |
| --- a/Documentation/networking/ip-sysctl.rst |
| +++ b/Documentation/networking/ip-sysctl.rst |
| @@ -772,7 +772,7 @@ tcp_fastopen_blackhole_timeout_sec - INTEGER |
| initial value when the blackhole issue goes away. |
| 0 to disable the blackhole detection. |
| |
| - By default, it is set to 1hr. |
| + By default, it is set to 0 (feature is disabled). |
| |
| tcp_fastopen_key - list of comma separated 32-digit hexadecimal INTEGERs |
| The list consists of a primary key and an optional backup key. The |
| diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c |
| index 08548ff23d83..d49709ba8e16 100644 |
| --- a/net/ipv4/tcp_fastopen.c |
| +++ b/net/ipv4/tcp_fastopen.c |
| @@ -507,6 +507,9 @@ void tcp_fastopen_active_disable(struct sock *sk) |
| { |
| struct net *net = sock_net(sk); |
| |
| + if (!sock_net(sk)->ipv4.sysctl_tcp_fastopen_blackhole_timeout) |
| + return; |
| + |
| /* Paired with READ_ONCE() in tcp_fastopen_active_should_disable() */ |
| WRITE_ONCE(net->ipv4.tfo_active_disable_stamp, jiffies); |
| |
| @@ -526,10 +529,14 @@ void tcp_fastopen_active_disable(struct sock *sk) |
| bool tcp_fastopen_active_should_disable(struct sock *sk) |
| { |
| unsigned int tfo_bh_timeout = sock_net(sk)->ipv4.sysctl_tcp_fastopen_blackhole_timeout; |
| - int tfo_da_times = atomic_read(&sock_net(sk)->ipv4.tfo_active_disable_times); |
| unsigned long timeout; |
| + int tfo_da_times; |
| int multiplier; |
| |
| + if (!tfo_bh_timeout) |
| + return false; |
| + |
| + tfo_da_times = atomic_read(&sock_net(sk)->ipv4.tfo_active_disable_times); |
| if (!tfo_da_times) |
| return false; |
| |
| diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c |
| index e409f2de5dc4..8bb5f7f51dae 100644 |
| --- a/net/ipv4/tcp_ipv4.c |
| +++ b/net/ipv4/tcp_ipv4.c |
| @@ -2954,7 +2954,7 @@ static int __net_init tcp_sk_init(struct net *net) |
| net->ipv4.sysctl_tcp_comp_sack_nr = 44; |
| net->ipv4.sysctl_tcp_fastopen = TFO_CLIENT_ENABLE; |
| spin_lock_init(&net->ipv4.tcp_fastopen_ctx_lock); |
| - net->ipv4.sysctl_tcp_fastopen_blackhole_timeout = 60 * 60; |
| + net->ipv4.sysctl_tcp_fastopen_blackhole_timeout = 0; |
| atomic_set(&net->ipv4.tfo_active_disable_times, 0); |
| |
| /* Reno is always built in */ |
| -- |
| 2.30.2 |
| |