From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=g6+El5l6; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id B08325A026F for ; Thu, 25 Sep 2025 08:05:37 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758780336; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9VF3dspsgnFuBryY27qwdPZk4n0AS96HkkcJgbVd66s=; b=g6+El5l6oJ+01PCSAAXH2ZGMJL1gyBmTempzqA1wUTZ0AjfpU6n1vbf7yGkSN8YXqMajnm 9zCYobWYHYMNyBFLf5ML43hixE5Jve7tDunFdYdBSAjAWgLGAs7B1FsRub6pIdSQQ8+haf 9fgdzNQPUmOGj7mAlzidk2BrI+UjFtA= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-318-c6yMCjJLMsCvN7x20GW5XQ-1; Thu, 25 Sep 2025 02:05:34 -0400 X-MC-Unique: c6yMCjJLMsCvN7x20GW5XQ-1 X-Mimecast-MFC-AGG-ID: c6yMCjJLMsCvN7x20GW5XQ_1758780333 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-3ece14b9231so457900f8f.0 for ; Wed, 24 Sep 2025 23:05:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758780333; x=1759385133; h=content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=k8j6/KOSknGJ2wY8BrStry5kix+LimUp8VN7O6DLjbQ=; b=Zq5uICRe90BTwA+9pVA0WrXmho4IHqEjP/7JXojcJVk5gh7SKkJY1uHrL0A1oMSURF SkiLTeOMLNDj7oAo0H5JHjCPNmxoqd8U5NLxT6fcZ0/oZpu0GqgjNULpT0gtCCvQibJ4 /aG03XSFLHuN0pCP8qq9+4u7jAESZa5wGZNNJtwmrBT+tmWzj047cS748YECDizPqPo2 vU4aNF735JxB9TqZbx0zTPI6X/d47bmrlZ8FVr2BLYj8LIY9TYvNArT9KBB1KW0c/hwi VofoZKK3YPE+g748xCd79Bbuiv2JdlP3KFvY2jBwF6GE21T5t039SnhMCdM2LOvDrh08 RJjQ== X-Forwarded-Encrypted: i=1; AJvYcCV7vkz04j8g74OyG77r9HLJdFUEPhKrprP5da46wTSar2i3lC0flzXwPULZ9vLqLZoWXlzgTomMLXg=@passt.top X-Gm-Message-State: AOJu0YyiOhL3pjn5INf8aZCmdB5XkbBo77ZLF86QzhpB9YVHQVZvyCcJ +ETa9tZAZgk/IuLJvoL5aL7sxsidg/uqLpMrzr7FyyqtOqV5+nTn/krNnT0ERuwTbZTqvSeub+o tlikD6ub97s3UG8NjQ+H24bXH0JIoFHMljxxfM9eVi89H8+TxM9BAOH7pFSusjw== X-Gm-Gg: ASbGncvaeM9BazmdNy7XHR4lKB+AP5e/TTJAktMEAE+DEyDACj1zP4weyi1SZTGCHmh HnT5oiNeF+y3shcCGkl/Z49IhBHiTAdCWJwY8u2V9jlPYvYt6Tky78k3Z98FiF15Ea28XWeswOO J3PM8OGHPj+9iL8csInKDFHeb7oCu8Tar8DaBOPYHqHHXmsWzhXgV96/QEq4HaIVyun1Z6jclxX f0zZfZEtbsXZ3z9fZ70GLLxmlZaCS2/WITJU4i6g3IIdqdvM6Vd58FQouL644vna/Gi2Z4o1Igf nZ1BPbY3gKfmtJraYKLatlB5zUckjEUFvHvlz50vqZ45MEWZX1I= X-Received: by 2002:a05:6000:401e:b0:3ea:6680:8fce with SMTP id ffacd0b85a97d-40e4ff19db6mr1726861f8f.48.1758780332848; Wed, 24 Sep 2025 23:05:32 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG53rW3PS41LQHU5bJxt3T99kq/J4nvYIFI0Hazb6Ia4bTdi1iAxpVjJJjxpklIANUqHKMvNw== X-Received: by 2002:a05:6000:401e:b0:3ea:6680:8fce with SMTP id ffacd0b85a97d-40e4ff19db6mr1726822f8f.48.1758780332309; Wed, 24 Sep 2025 23:05:32 -0700 (PDT) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-40fc82f2ff6sm1421986f8f.56.2025.09.24.23.05.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Sep 2025 23:05:31 -0700 (PDT) Date: Thu, 25 Sep 2025 08:05:30 +0200 From: Stefano Brivio To: Yumei Huang Subject: Re: [PATCH] tap: Drop frames if no client connected Message-ID: <20250925080530.53d7307c@elisabeth> In-Reply-To: References: <20250915081319.00e72e53@elisabeth> <20250918091714.77192b00@elisabeth> <20250922220330.436e2b6f@elisabeth> <20250923130039.41e8ef8d@elisabeth> <20250924015609.58c1987a@elisabeth> <20250924115633.01368e9a@elisabeth> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: vNdC-WkKNpuhCv3BrWKybjR6dxKkVhTEdoD_MaZKJjo_1758780333 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: MPASRN7MHGYONF5Q2P2W73QH7FZTO2RJ X-Message-ID-Hash: MPASRN7MHGYONF5Q2P2W73QH7FZTO2RJ X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson , passt-dev@passt.top, lvivier@redhat.com X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Thu, 25 Sep 2025 13:08:35 +0800 Yumei Huang wrote: > On Wed, Sep 24, 2025 at 5:56=E2=80=AFPM Stefano Brivio wrote: > > > > On Wed, 24 Sep 2025 11:49:28 +1000 > > David Gibson wrote: > > =20 > > > So... summarising. As I see it, we have two main cases to consider: > > > the one where the guest comes online pretty soon, and the one where i= t > > > doesn't. Here's what I think the behaviour would be for these two > > > cases with a variety of ways of handling it. This is more-or-less > > > from the peer's perspective. > > > > > > (0) Physicaly disconnected guest (bridged network, no passt involved) > > > > > > (0a) Guest online never > > > SYN ... SYN ... SYN ... > > > > > > (0b) Guest online soonish > > > SYN ... SYN ... SYN-ACK, ACK > > > > > > (1) Status quo > > > > > > Passt doesn't resend SYNs, and will time out the connection after 10s= . > > > > > > (1a) Guest online never > > > SYN, SYN-ACK, ACK ... ... ... ... RST > > > > > > (0b) Guest online soonish > > > SYN, SYN-ACK, ACK ... ... ... ... RST > > > > > > (2) Yumei's patch > > > > > > As (1), but without EBADFs > > > > > > (3) passt resends SYNs > > > > > > (3a) Guest online never > > > SYN, SYN-ACK, ACK ... ... ... ... ... RST > > > > > > (3b) Guest online soonish > > > SYN, SYN-ACK, ACK ... ... ... ... > > > > > > (4) Passt resends SYNs + Yumei's patch > > > > > > As (3), but without EBADFs > > > > > > (5) passt explicitly resets when guest is not present > > > > > > (6a) Guest online never > > > SYN, SYN-ACK, ACK, RST > > > > > > (6b) Guest online soonish > > > SYN, SYN-ACK, ACK, RST > > > > > > (6) Delayed listen() > > > > > > (6a) Guest online never > > > SYN, RST > > > > > > (6b) Guest online soonish > > > SYN, RST > > > > > > (99) Bridged guest isn't listening (no passt) > > > > > > (99a) Guest online never > > > SYN, RST > > > > > > (99b) Guest online soonish > > > SYN, RST > > > > > > =3D=3D=3D=3D=3D =20 > > > > It all makes sense, thanks for summarising those. > > =20 > > > So, if (99) is our model, we can match it pretty exactly with delayed > > > listen(). But if (0) is our model, the closest we can get is (3) or > > > (4), which I think will look fairly similar to peer application, even > > > though it looks different to the peer TCP stack. > > > > > > I think (0) is a better model, because it means we won't reset > > > connections if they happen to land when a still running guest has its > > > connection to passt temporarily interrupted. > > > > > > Which brings me, I think, to the same conclusion you had: we should > > > resend SYNs. > > > > > > Suggested next steps: > > > - Apply Yumei's patch, it doesn't change behaviour and removes the > > > odd EBADFs > > > - Yumei investigates implementing SYN resends =20 > > > > Right, that also makes sense to me. =20 >=20 > Glad we reached an agreement here. BTW, in case you missed it, the v2 > patch was sent as > https://archives.passt.top/passt-dev/20250912081705.20796-1-yuhuang@redha= t.com/T/#u. I never miss patches. :) No worries, I just got a few interruptions in a row but I plan to apply it soon. > > For the second part, we could probably reuse a mechanism similar to > > what we do for re-transmits, and perhaps rename 'retrans' in struct > > tcp_tap_conn to 'retries', so that we can use it for both (we're a bit > > tight on space there). =20 >=20 > I got an initial thought about calling tcp_send_flag() in > tcp_flow_defer(). But it seems not working. Trying to figure that > out.. That might work, even though, I guess, the most natural alternative would be to change the handling of an expired SYN_TIMEOUT in tcp_timer_handler(). Look at this case: =09} else if (conn->flags & ACK_FROM_TAP_DUE) { =09=09if (!(conn->events & ESTABLISHED)) { =09=09=09flow_dbg(conn, "handshake timeout"); ...it should become a bit more like this one: =09=09} else { =09=09=09flow_dbg(conn, "ACK timeout, retry"); =09=09=09conn->retrans++; =09=09=09... where we retry for a few times, before resetting the connection. With timers, you already have timed triggers, as opposed to trying things out periodically from tcp_flow_defer(). --=20 Stefano