From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202410 header.b=YFXBGgLU;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 982AB5A061D
	for <passt-dev@passt.top>; Thu, 21 Nov 2024 03:38:39 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202410; t=1732156699;
	bh=BNeP/gkreygmr0zuwLibdx0QXjtgoolNlkR7Y0fx0Ak=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=YFXBGgLUtpmfja6qGRWYQYgjfp26Fz6OZ+Y97TSqGptxX3skhJFl6rIPnA9Pl/iAE
	 AsKEK4kLSZiOym7122a3FDTbDipTXFA5+B6BPtDfyO3JB9kxsJfy5+9MJjM0Hu9Qq6
	 Xf3ItoaakSCAqe3UYp++6kR40FD9hJirHqtBuDoorMyH9s8OcTBWalknllRIuIkDDv
	 mXyw7H20dJ7i/gJNNyHSGW3IezZU8sCAi6DYhB34tLmz4KJthDlEc8kF1TlOnb3419
	 agXVSFyg83VdoPAHaRT5V8uhzNhzEG+qalnc+BZUrlzVt2338fhBXGqHua1UkWvFdr
	 Ua57lsx29qVJw==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4Xv2Tl4WcNz4x4w; Thu, 21 Nov 2024 13:38:19 +1100 (AEDT)
Date: Thu, 21 Nov 2024 13:38:09 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH 2/2] tcp: Acknowledge keep-alive segments, ignore them
 for the rest
Message-ID: <Zz6dEREhXfRvsBOT@zatzit>
References: <20241119195344.3056010-1-sbrivio@redhat.com>
 <20241119195344.3056010-3-sbrivio@redhat.com>
 <Zz01CDMNyFN-Ze68@zatzit>
 <20241120074344.705523be@elisabeth>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="FQodqC7ucRCa0pT0"
Content-Disposition: inline
In-Reply-To: <20241120074344.705523be@elisabeth>
Message-ID-Hash: DFYC6YY57VM7C3U4CYOZBSM5QXN7TR2A
X-Message-ID-Hash: DFYC6YY57VM7C3U4CYOZBSM5QXN7TR2A
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, Tim Besard <tim.besard@gmail.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Zz6dEREhXfRvsBOT@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/DFYC6YY57VM7C3U4CYOZBSM5QXN7TR2A/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--FQodqC7ucRCa0pT0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Nov 20, 2024 at 07:43:44AM +0100, Stefano Brivio wrote:
> On Wed, 20 Nov 2024 12:02:00 +1100
> David Gibson <david@gibson.dropbear.id.au> wrote:
>=20
> > On Tue, Nov 19, 2024 at 08:53:44PM +0100, Stefano Brivio wrote:
> > > RFC 9293, 3.8.4 says:
> > >=20
> > >    Implementers MAY include "keep-alives" in their TCP implementations
> > >    (MAY-5), although this practice is not universally accepted.  Some
> > >    TCP implementations, however, have included a keep-alive mechanism.
> > >    To confirm that an idle connection is still active, these
> > >    implementations send a probe segment designed to elicit a response
> > >    from the TCP peer.  Such a segment generally contains SEG.SEQ =3D
> > >    SND.NXT-1 and may or may not contain one garbage octet of data.  If
> > >    keep-alives are included, the application MUST be able to turn them
> > >    on or off for each TCP connection (MUST-24), and they MUST default=
 to
> > >    off (MUST-25).
> > >=20
> > > but currently, tcp_data_from_tap() is not aware of this and will
> > > schedule a fast re-transmit on the second keep-alive (because it's
> > > also a duplicate ACK), ignoring the fact that the sequence number was
> > > rewinded to SND.NXT-1.
> > >=20
> > > ACK these keep-alive segments, reset the activity timeout, and ignore
> > > them for the rest.
> > >=20
> > > At some point, we could think of implementing an approximation of
> > > keep-alive segments on outbound sockets, for example by setting
> > > TCP_KEEPIDLE to 1, and a large TCP_KEEPINTVL, so that we send a single
> > > keep-alive segment at approximately the same time, and never reset the
> > > connection. That's beyond the scope of this fix, though.
> > >=20
> > > Reported-by: Tim Besard <tim.besard@gmail.com>
> > > Link: https://github.com/containers/podman/discussions/24572
> > > Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
> > > ---
> > >  tcp.c | 14 ++++++++++++++
> > >  1 file changed, 14 insertions(+)
> > >=20
> > > diff --git a/tcp.c b/tcp.c
> > > index f357920..1eb85bb 100644
> > > --- a/tcp.c
> > > +++ b/tcp.c
> > > @@ -1763,6 +1763,20 @@ static int tcp_data_from_tap(const struct ctx =
*c, struct tcp_tap_conn *conn,
> > >  			continue;
> > > =20
> > >  		seq =3D ntohl(th->seq);
> > > +		if (SEQ_LT(seq, conn->seq_from_tap) && len <=3D 1) {
> > > +			flow_trace(conn,
> > > +				   "keep-alive sequence: %u, previous: %u",
> > > +				   seq, conn->seq_from_tap);
> > > +
> > > +			tcp_send_flag(c, conn, ACK);
> > > +			tcp_timer_ctl(c, conn);
> > > +
> > > +			if (p->count =3D=3D 1)
> > > +				return 1; =20
> >=20
> > I'm not sure what this test is for.  Shouldn't the continue be sufficie=
nt?
>=20
> I don't think we want to go through tcp_update_seqack_from_tap(),
> tcp_tap_window_update() and the like on a keep-alive segment.

Ah, I see.  But that is an optimisation, right?  It shouldn't be
necessary for correctness.

> But if we receive something else in this batch, that's going to be a
> data segment that happened to arrive just after the keep-alive, so, in
> that case, we have to do the normal processing, by ignoring just this
> segment and hitting 'continue'.
>=20
> Strictly speaking, the 'continue' is enough and correct, but I think
> that returning early in the obviously common case is simpler and more
> robust.

Hrm.  Doesn't seem simpler to me, but I can see the point of the
change so,

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--FQodqC7ucRCa0pT0
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmc+nRAACgkQzQJF27ox
2Gd8Gg/+NQagTohEM4FzJZUi5s/yYa1GHJ2euXgH/l/jnGWVVVQuImxW1ANJlUjw
LKytgOaTw/uY8S5Fj51UhWYyYSmnmOlzUEBvpQDL0f6sxwXCO8cn0XuMO5wY1bVO
cftHHOT738XSvYKfDT7brgRTsoqnn5GQ5w03jH08apUjtM+zcFVUPFJ2RJvOKFMG
IM4C+G9P3Ui1NOzUj7me8vaiQNZLbRLS0W1HEdCjx5TzAQG6l8E2vN/tO/XXn3cy
LbXxNh+c5wn2ATbJqejqzLX8zSmv38HEu0tbyX+CCcXQAAX5Fi50FV5vGGmFuGOE
LLy/v+zmy/5Sq4MGr5U0zMuJJnUlPmrBi7tU1+W+D8bD2WiTW/HlLb8zVHZl6+oz
jqmC/ZziNerCwG5ZQ76Y1pw30cts2k1wd4YJcuaauGbOx4SQCaYWO2YB5B9k8kyI
W0N9+rwEm8YgjPopaiqQoOzt0b2H+uGSK/4eMBpYFJ7nnm3EhhVmnsTbsgXSjqVs
r5Puk4SC+41plyCgWbvqadwhKJjUhmkCVMwJXUvd6s543wqIylKtsdlnJn7wl6ii
9fVJcGUqvFP6rC5FbJ8oa71gX1Nr7Brtfh9S+/KKOQTZ8QWQxTqwLCywRLCG03X8
TLGtf1960ny5TLaIw4kyLz2poFbGY0z2b7cPFxC9jfi1fQxHTlY=
=E3iM
-----END PGP SIGNATURE-----

--FQodqC7ucRCa0pT0--