From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202510 header.b=Bjad7rqX; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id DB6B55A061A for ; Wed, 08 Oct 2025 03:22:54 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202510; t=1759886571; bh=+zVnhK+vcbuDFNzU/neCke3oOl8nlR1wQRTmFBBw3v4=; h=From:To:Cc:Subject:Date:From; b=Bjad7rqXLT0jMEAa5RPyMM1yG4mWSGOkjuxtSlMdT/R2d/cb8xCKRrLG5uj8jV67x dwGmRvNJDdqjYu5dAg/XU8078ZlWTftyqiS+sW7HL+lRjLyU6o93pYauCrZXPjuqK4 gwqr1yzMxEIgXoLkrSGJyOnpmqZs+8pCSX3ZVGrRlp8sIbC9tbiJcRCTGHeYr4Bdae ucFMPhj4gk5GQVwUNKqnbBjEqsrTsFEgsqbqJd9aAJ5xeNp4FsnyneCP7hqRW6CIFB g93m7xdHv4+MmxYP5R2gGPJb37yNPl55gJlCumaF/XelW4g2+cW4YhvWAhBFt7Fcb0 7zUJISiXCqIKA== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4chFcW3F46z4wCX; Wed, 8 Oct 2025 12:22:51 +1100 (AEDT) From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH v2] tcp: Clarify logic calculating how much guest data to ack Date: Wed, 8 Oct 2025 12:22:49 +1100 Message-ID: <20251008012249.115243-1-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.51.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: Q6GB6PJOM5AP7HHT3755OYADJZ4ZXMAJ X-Message-ID-Hash: Q6GB6PJOM5AP7HHT3755OYADJZ4ZXMAJ X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This is fairly complex, because we have a method we prefer but we need to fall back to a simpler one in a bunch of cases. Slightly reorganise the code to make the flow clearer, and add a large comment giving the rationale. Signed-off-by: David Gibson --- tcp.c | 72 ++++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 46 insertions(+), 26 deletions(-) diff --git a/tcp.c b/tcp.c index 91aa3301..0f9e9b3f 100644 --- a/tcp.c +++ b/tcp.c @@ -1014,35 +1014,55 @@ int tcp_update_seqack_wnd(const struct ctx *c, struct tcp_tap_conn *conn, uint32_t new_wnd_to_tap = prev_wnd_to_tap; int s = conn->sock; - if (!bytes_acked_cap) { - conn->seq_ack_to_tap = conn->seq_from_tap; - if (SEQ_LT(conn->seq_ack_to_tap, prev_ack_to_tap)) - conn->seq_ack_to_tap = prev_ack_to_tap; - } else { - if ((unsigned)SNDBUF_GET(conn) < SNDBUF_SMALL || - tcp_rtt_dst_low(conn) || CONN_IS_CLOSING(conn) || - (conn->flags & LOCAL) || force_seq) { - conn->seq_ack_to_tap = conn->seq_from_tap; - } else if (conn->seq_ack_to_tap != conn->seq_from_tap) { - if (!tinfo) { - tinfo = &tinfo_new; - if (getsockopt(s, SOL_TCP, TCP_INFO, tinfo, &sl)) - return 0; - } - - /* This trips a cppcheck bug in some versions, including - * cppcheck 2.18.3. - * https://sourceforge.net/p/cppcheck/discussion/general/thread/fecde59085/ - */ - /* cppcheck-suppress [uninitvar,unmatchedSuppression] */ - conn->seq_ack_to_tap = tinfo->tcpi_bytes_acked + - conn->seq_init_from_tap; - - if (SEQ_LT(conn->seq_ack_to_tap, prev_ack_to_tap)) - conn->seq_ack_to_tap = prev_ack_to_tap; + /* At this point we could ack all the data we've accepted for forwarding + * (seq_from_tap). When possible, however, we want to only acknowledge + * what the peer has acknowledged. This makes it appear to the guest + * more like a direct connection to the peer, and may improve flow + * control behaviour. + * + * For it to be possible and worth it we need: + * - The TCP_INFO Linux extension which gives us the peer acked bytes + * - Not to be told not to (force_seq) + * - Not half-closed in the peer->guest direction + * With no data coming from the peer, we might not get events which + * would prompt us to recheck bytes_acked. We could poll on a + * timer, but that's more trouble than it's worth. + * - Not a host local connection + * Data goes from socket to socket, with nothing meaningfully "in + * flight". + * - Not a pseudo-local connection (e.g. to a VM on the same host) + * - Large enough send buffer + * In these cases, there's not enough in flight to bother. + */ + if (bytes_acked_cap && !force_seq && + !CONN_IS_CLOSING(conn) && + !(conn->flags & LOCAL) && !tcp_rtt_dst_low(conn) && + (unsigned)SNDBUF_GET(conn) >= SNDBUF_SMALL) { + if (!tinfo) { + tinfo = &tinfo_new; + if (getsockopt(s, SOL_TCP, TCP_INFO, tinfo, &sl)) + return 0; } + + /* This trips a cppcheck bug in some versions, including + * cppcheck 2.18.3. + * https://sourceforge.net/p/cppcheck/discussion/general/thread/fecde59085/ + */ + /* cppcheck-suppress [uninitvar,unmatchedSuppression] */ + conn->seq_ack_to_tap = tinfo->tcpi_bytes_acked + + conn->seq_init_from_tap; + } else { + /* Fall back to acknowledging everything we got */ + conn->seq_ack_to_tap = conn->seq_from_tap; } + /* It's occasionally possible for us to go from using the fallback above + * to the tcpi_bytes_acked method. In that case, we must be careful not + * to let our ACKed sequence go backwards. + */ + if (SEQ_LT(conn->seq_ack_to_tap, prev_ack_to_tap)) + conn->seq_ack_to_tap = prev_ack_to_tap; + if (!snd_wnd_cap) { tcp_get_sndbuf(conn); new_wnd_to_tap = MIN(SNDBUF_GET(conn), MAX_WINDOW); -- 2.51.0