From nobody Thu Sep 05 07:20:13 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WzrNZ0dWlz5VTfZ; Thu, 05 Sep 2024 07:20:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WzrNZ06cWz4T6F; Thu, 5 Sep 2024 07:20:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725520814; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EsrOXW1018mGniqb/b+6T6oDxgklDPPbm5StCFwClRg=; b=wnzSV4eYZWfgwubXcxvugwrOnTYZtPK/Wor2V3NNJgZrlwBM7pXcVlAyZ/oZv9Vzxn4dWc Z43muTdGrjJe/T1NBz9B1hb0pEg4IXk6KsobKBgz92i2UfoSGn8U5Dw03fzIG5OvoG93Ri Rg93kTMXY2X4bSAMJ50a/ozwu5PMiJwXdnsoDYU1BmH7tE4oPgzyJhIAku0HerJTS95VOA pCdjn2tofGvhCHANdZVm9Yya3yQJmWGLeceD4W372sICmcgzcwSRYsED52ZCcArlr5ko7f knnQ/kUUhJeCrV1qwaCNDWOxmj1uXs0XfGnysuAQdiT5xU7xCj+G22HSSGeAQQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725520814; a=rsa-sha256; cv=none; b=lr33buMPxf2Gqah53iLxbEqxm1M5zq6X0L9yOHP1JeQ14gbzVoYnPEl5g0AmgimzbORHMk w/nmjFZk34mvWFwc32b1LbD85yT8hLoKEVJOYRO3KBzWhNgHWovlt4V1nuIA3ymIiiWQqU VaXlkfpsNQWm7VenLAp1LK8/p4qYWD2FEKeSc3yJdTaBYxPgAMW1+yMdg85s1Cokcf8/zl ZsJae79UJ0bZSEzceZaEHW0dVynTiWdwI2E0aq+yHA3PGLyifx2lweCRCz09Wy7a9kAanw QuGNaRkvDl+9rXurTobmY0OXzeqfKXRTHYJVOx1Adb9xNP9I6ZmJSow16QO2lA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725520814; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EsrOXW1018mGniqb/b+6T6oDxgklDPPbm5StCFwClRg=; b=yhIAaL6c91e/eMjVZPc3JQ6JFin1Wg4GCLSfnot5SOLLwduXBrQEk+fgunShwQxGnOVvn8 IAHDrIN1DIZjpfPqdrFZN4vm9VYpeR2K1itreslAyQQzdpG357U3Hr50Kdxwy5e6am75Xv 7dBh4E4F3ctMRoLkL71jsHm/foC0LmBpjOzWQqMpA1O7hqPAOZXJRXEUUs1UGrTjR8Jav7 hOQzqio7+Jw1k6y+65kbwyLfWRJNZxaRAadlCB7/VuXQkoDh/rIGBYfYCDhhaZVQYUT8Cd XhGJyqjg0nXE/aEWEcAtBJuR4k8eNJEeSOCmEvzITzktrQ1TqZCNle+u0/xGiw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WzrNY6X3BzyY7; Thu, 5 Sep 2024 07:20:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4857KD7j010487; Thu, 5 Sep 2024 07:20:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4857KDFU010483; Thu, 5 Sep 2024 07:20:13 GMT (envelope-from git) Date: Thu, 5 Sep 2024 07:20:13 GMT Message-Id: <202409050720.4857KDFU010483@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Michael Tuexen Subject: git: ef438f7706be - main - tcp: improve consistency of syncache_respond() failure handling List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ef438f7706be48f1cf7fd4c8a60329e1619cfe30 Auto-Submitted: auto-generated The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=ef438f7706be48f1cf7fd4c8a60329e1619cfe30 commit ef438f7706be48f1cf7fd4c8a60329e1619cfe30 Author: Michael Tuexen AuthorDate: 2024-09-05 01:33:13 +0000 Commit: Michael Tuexen CommitDate: 2024-09-05 01:33:13 +0000 tcp: improve consistency of syncache_respond() failure handling When the initial sending of the SYN ACK segment using syncache_respond() fails, it is handled as a permanent error. To improve consistency, apply this policy in all cases, where syncache_respond() is called. These include * timer based retransmissions of the SYN ACK * retransmitting a SYN ACK in response to a SYN retransmission * sending of challenge ACKs in response to received RST segments In these cases, fall back to SYN cookies, if enabled. While there, also improve consistency of the TCP stats counters. Reviewed by: cc, glebius (earlier version) MFC after: 1 week Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D46428 --- sys/netinet/tcp_syncache.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 33a6a66b7138..d0a7690256f4 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -527,10 +527,16 @@ syncache_timer(void *xsch) } NET_EPOCH_ENTER(et); - syncache_respond(sc, NULL, TH_SYN|TH_ACK); + if (syncache_respond(sc, NULL, TH_SYN|TH_ACK) == 0) { + syncache_timeout(sc, sch, 0); + TCPSTAT_INC(tcps_sndacks); + TCPSTAT_INC(tcps_sndtotal); + TCPSTAT_INC(tcps_sc_retransmitted); + } else { + syncache_drop(sc, sch); + TCPSTAT_INC(tcps_sc_dropped); + } NET_EPOCH_EXIT(et); - TCPSTAT_INC(tcps_sc_retransmitted); - syncache_timeout(sc, sch, 0); } if (!TAILQ_EMPTY(&(sch)->sch_bucket)) callout_reset(&(sch)->sch_timer, (sch)->sch_nextc - tick, @@ -688,7 +694,13 @@ syncache_chkrst(struct in_conninfo *inc, struct tcphdr *th, struct mbuf *m, "sending challenge ACK\n", s, __func__, th->th_seq, sc->sc_irs + 1, sc->sc_wnd); - syncache_respond(sc, m, TH_ACK); + if (syncache_respond(sc, m, TH_ACK) == 0) { + TCPSTAT_INC(tcps_sndacks); + TCPSTAT_INC(tcps_sndtotal); + } else { + syncache_drop(sc, sch); + TCPSTAT_INC(tcps_sc_dropped); + } } } else { if ((s = tcp_log_addrs(inc, th, NULL, NULL))) @@ -1549,6 +1561,9 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, syncache_timeout(sc, sch, 1); TCPSTAT_INC(tcps_sndacks); TCPSTAT_INC(tcps_sndtotal); + } else { + syncache_drop(sc, sch); + TCPSTAT_INC(tcps_sc_dropped); } SCH_UNLOCK(sch); goto donenoprobe;