1. 08 5月, 2008 1 次提交
    • I
      tcp FRTO: SACK variant is errorneously used with NewReno · 62ab2227
      Ilpo Järvinen 提交于
      Note: there's actually another bug in FRTO's SACK variant, which
      is the causing failure in NewReno case because of the error
      that's fixed here. I'll fix the SACK case separately (it's
      a separate bug really, though related, but in order to fix that
      I need to audit tp->snd_nxt usage a bit).
      
      There were two places where SACK variant of FRTO is getting
      incorrectly used even if SACK wasn't negotiated by the TCP flow.
      This leads to incorrect setting of frto_highmark with NewReno
      if a previous recovery was interrupted by another RTO.
      
      An eventual fallback to conventional recovery then incorrectly
      considers one or couple of segments as forward transmissions
      though they weren't, which then are not LOST marked during
      fallback making them "non-retransmittable" until the next RTO.
      In a bad case, those segments are really lost and are the only
      one left in the window. Thus TCP needs another RTO to continue.
      The next FRTO, however, could again repeat the same events
      making the progress of the TCP flow extremely slow.
      
      In order for these events to occur at all, FRTO must occur
      again in FRTOs step 3 while the key segments must be lost as
      well, which is not too likely in practice. It seems to most
      frequently with some small devices such as network printers
      that *seem* to accept TCP segments only in-order. In cases
      were key segments weren't lost, things get automatically
      resolved because those wrongly marked segments don't need to be
      retransmitted in order to continue.
      
      I found a reproducer after digging up relevant reports (few
      reports in total, none at netdev or lkml I know of), some
      cases seemed to indicate middlebox issues which seems now
      to be a false assumption some people had made. Bugzilla
      #10063 _might_ be related. Damon L. Chesser <damon@damtek.com>
      had a reproducable case and was kind enough to tcpdump it
      for me. With the tcpdump log it was quite trivial to figure
      out.
      Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      62ab2227
  2. 05 5月, 2008 1 次提交
  3. 03 5月, 2008 1 次提交
  4. 28 4月, 2008 1 次提交
    • E
      tcp: Fix slab corruption with ipv6 and tcp6fuzz · 9ae27e0a
      Evgeniy Polyakov 提交于
      From: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
      
      This fixes a regression added by ec3c0982
      ("[TCP]: TCP_DEFER_ACCEPT updates - process as established")
      
      tcp_v6_do_rcv()->tcp_rcv_established(), the latter goes to step5, where
      eventually skb can be freed via tcp_data_queue() (drop: label), then if
      check for tcp_defer_accept_check() returns true and thus
      tcp_rcv_established() returns -1, which forces tcp_v6_do_rcv() to jump
      to reset: label, which in turn will pass through discard: label and free
      the same skb again.
      
      Tested by Eric Sesterhenn.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      Acked-By: NPatrick McManus <mcmanus@ducksong.com>
      9ae27e0a
  5. 22 4月, 2008 1 次提交
  6. 16 4月, 2008 1 次提交
  7. 15 4月, 2008 1 次提交
  8. 14 4月, 2008 3 次提交
  9. 08 4月, 2008 4 次提交
    • I
      [TCP]: Don't allow FRTO to take place while MTU is being probed · 6adb4f73
      Ilpo Järvinen 提交于
      MTU probe can cause some remedies for FRTO because the normal
      packet ordering may be violated allowing FRTO to make a wrong
      decision (it might not be that serious threat for anything
      though). Thus it's safer to not run FRTO while MTU probe is
      underway.
      
      It seems that the basic FRTO variant should also look for an
      skb at probe_seq.start to check if that's retransmitted one
      but I didn't implement it now (plain seqno in window check
      isn't robust against wraparounds).
      Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6adb4f73
    • I
      [TCP]: tcp_simple_retransmit can cause S+L · 882bebaa
      Ilpo Järvinen 提交于
      This fixes Bugzilla #10384
      
      tcp_simple_retransmit does L increment without any checking
      whatsoever for overflowing S+L when Reno is in use.
      
      The simplest scenario I can currently think of is rather
      complex in practice (there might be some more straightforward
      cases though). Ie., if mss is reduced during mtu probing, it
      may end up marking everything lost and if some duplicate ACKs
      arrived prior to that sacked_out will be non-zero as well,
      leading to S+L > packets_out, tcp_clean_rtx_queue on the next
      cumulative ACK or tcp_fastretrans_alert on the next duplicate
      ACK will fix the S counter.
      
      More straightforward (but questionable) solution would be to
      just call tcp_reset_reno_sack() in tcp_simple_retransmit but
      it would negatively impact the probe's retransmission, ie.,
      the retransmissions would not occur if some duplicate ACKs
      had arrived.
      
      So I had to add reno sacked_out reseting to CA_Loss state
      when the first cumulative ACK arrives (this stale sacked_out
      might actually be the explanation for the reports of left_out
      overflows in kernel prior to 2.6.23 and S+L overflow reports
      of 2.6.24). However, this alone won't be enough to fix kernel
      before 2.6.24 because it is building on top of the commit
      1b6d427b ([TCP]: Reduce sacked_out with reno when purging
      write_queue) to keep the sacked_out from overflowing.
      Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Reported-by: NAlessandro Suardi <alessandro.suardi@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      882bebaa
    • I
      [TCP]: Fix NewReno's fast rexmit/recovery problems with GSOed skb · c137f3dd
      Ilpo Järvinen 提交于
      Fixes a long-standing bug which makes NewReno recovery crippled.
      With GSO the whole head skb was marked as LOST which is in
      violation of NewReno procedure that only wants to mark one packet
      and ended up breaking our TCP code by causing counter overflow
      because our code was built on top of assumption about valid
      NewReno procedure. This manifested as triggering a WARN_ON for
      the overflow in a number of places.
      
      It seems relatively safe alternative to just do nothing if
      tcp_fragment fails due to oom because another duplicate ACK is
      likely to be received soon and the fragmentation will be retried.
      
      Special thanks goes to Soeren Sonnenburg <kernel@nn7.de> who was
      lucky enough to be able to reproduce this so that the warning
      for the overflow was hit. It's not as easy task as it seems even
      if this bug happens quite often because the amount of outstanding
      data is pretty significant for the mismarkings to lead to an
      overflow.
      
      Because it's very late in 2.6.25-rc cycle (if this even makes in
      time), I didn't want to touch anything with SACK enabled here.
      Fragmenting might be useful for it as well but it's more or less
      a policy decision rather than mandatory fix. Thus there's no need
      to rush and we can postpone considering tcp_fragment with SACK
      for 2.6.26.
      
      In 2.6.24 and earlier, this very same bug existed but the effect
      is slightly different because of a small changes in the if
      conditions that fit to the patch's context. With them nothing
      got lost marker and thus no retransmissions happened.
      Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c137f3dd
    • I
      [TCP]: Restore 2.6.24 mark_head_lost behavior for newreno/fack · 1b69d745
      Ilpo Järvinen 提交于
      The fast retransmission can be forced locally to the rfc3517
      branch in tcp_update_scoreboard instead of making such fragile
      constructs deeper in tcp_mark_head_lost.
      
      This is necessary for the next patch which must not have
      loopholes for cnt > packets check. As one can notice,
      readability got some improvements too because of this :-).
      Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1b69d745
  10. 22 3月, 2008 1 次提交
    • P
      [TCP]: TCP_DEFER_ACCEPT updates - process as established · ec3c0982
      Patrick McManus 提交于
      Change TCP_DEFER_ACCEPT implementation so that it transitions a
      connection to ESTABLISHED after handshake is complete instead of
      leaving it in SYN-RECV until some data arrvies. Place connection in
      accept queue when first data packet arrives from slow path.
      
      Benefits:
        - established connection is now reset if it never makes it
         to the accept queue
      
       - diagnostic state of established matches with the packet traces
         showing completed handshake
      
       - TCP_DEFER_ACCEPT timeouts are expressed in seconds and can now be
         enforced with reasonable accuracy instead of rounding up to next
         exponential back-off of syn-ack retry.
      Signed-off-by: NPatrick McManus <mcmanus@ducksong.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ec3c0982
  11. 06 3月, 2008 1 次提交
  12. 04 3月, 2008 2 次提交
  13. 01 2月, 2008 1 次提交
  14. 29 1月, 2008 21 次提交