From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202508 header.b=M5icvbmx; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id EFE265A0272 for ; Mon, 29 Sep 2025 08:25:50 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202508; t=1759127148; bh=v9/3r9+B7qrb7bfA0E+wVqDqqTjbOaLGilbTkrX9Y9Y=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=M5icvbmx4ZaZxQNpAZOMxJE7AYH1INepfK3YTQqQMXqR+UddGPTxKj5P3oRLPOySC f7b+qxbXpO8ocTIBuhVfAiqsgZb4whyjLDuPbAgPw+3A/tm0Mti0JpM5+uyg1INAnI +GxXBtGdFDBMZwZ4DfD8R7HIOVHIKg9mHSa480TI1OqoFbEeLXz3pqkkHgKe9q7/l7 WANp9nkJ2palsb/hMoUOxNEhe8ggADZ7GryrYdnTGMnuC02aVzFhDAs/XYCiJBhYQT mxFIh1RPNYCO0Y+Gc7Ik4mmjzaylLiF/uDthY4721Gf77gpxJuvjq23agiUTLv8jEi yhzBSNV5r3QyA== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4cZrmD6bZzz4w9Q; Mon, 29 Sep 2025 16:25:48 +1000 (AEST) Date: Mon, 29 Sep 2025 16:25:39 +1000 From: David Gibson To: Yumei Huang Subject: Re: [PATCH 2/2] tcp: Resend SYN for inbound connections Message-ID: References: <20250928072946.15284-1-yuhuang@redhat.com> <20250928072946.15284-3-yuhuang@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ftNuBwlDPhefEh3M" Content-Disposition: inline In-Reply-To: <20250928072946.15284-3-yuhuang@redhat.com> Message-ID-Hash: SJUNHRTWJM5N2AGSNICOR2G62UTFDRZT X-Message-ID-Hash: SJUNHRTWJM5N2AGSNICOR2G62UTFDRZT X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, sbrivio@redhat.com X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --ftNuBwlDPhefEh3M Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Sep 28, 2025 at 03:29:46PM +0800, Yumei Huang wrote: > If a client connects while guest is not connected or ready yet, > resend SYN instead of just resetting connection after SYN_TIMEOUT. >=20 > Signed-off-by: Yumei Huang Simpler than I thought. Nice. However, I think now that we're retrying we probably want to adjust SYN_TIMEOUT. I suspect the 10s was a generous amount to mitigate the fact we didn't retry. However, AFAICT most OSes resend SYNs faster than that (after 1-3s initially). They also typically slow down the resents on subsequent retries. I'm not sure if that last is important in our case - since we're talking directly to a guest, we're unlikely to flood the link this way. In fact, I haven't read closely enough to be sure, but there was some language in RFC 6298 and RFC 1122 that suggested to me maybe we should be using the same backoff calculation for SYN retries as for regular retransmits. Which as a bonus might simplify our logic a little bit. Documentation/networking/ip-sysctl.rst has some information on how Linux handles this (tcp_syn_retries and tcp_syn_linear_timeouts in particular). I guess we could configure ourselves to match the host's settings - we do something similar to determine what we consider ephemeral ports. Stefano, thoughts? > --- > tcp.c | 11 +++++++++-- > 1 file changed, 9 insertions(+), 2 deletions(-) >=20 > diff --git a/tcp.c b/tcp.c > index 21b75a5..6fe8678 100644 > --- a/tcp.c > +++ b/tcp.c > @@ -2378,8 +2378,15 @@ void tcp_timer_handler(const struct ctx *c, union = epoll_ref ref) > tcp_timer_ctl(c, conn); > } else if (conn->flags & ACK_FROM_TAP_DUE) { > if (!(conn->events & ESTABLISHED)) { > - flow_dbg(conn, "handshake timeout"); > - tcp_rst(c, conn); > + if (conn->retries =3D=3D TCP_MAX_RETRANS){ > + flow_dbg(conn, "handshake timeout"); > + tcp_rst(c, conn); > + } else { > + flow_dbg(conn, "SYN timeout, retry"); > + tcp_send_flag(c, conn, SYN); > + conn->retries++; > + tcp_timer_ctl(c, conn); > + } > } else if (CONN_HAS(conn, SOCK_FIN_SENT | TAP_FIN_ACKED)) { > flow_dbg(conn, "FIN timeout"); > tcp_rst(c, conn); > --=20 > 2.47.0 >=20 --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --ftNuBwlDPhefEh3M Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmjaJmMACgkQzQJF27ox 2GfrAhAAjvFv9t9V+YrPOxCYiivK/UavxaRGtPCGLKrGbZylwGM6o1hyL+eN3Ujc n46qR2kIyTm3C8tsRpH4EwOY4yHGWlH3kQSbRwe9dE8uyANrDihKrq0x3O2wi/NG 2JNWw22cvEyaW58RhkJ2wGxfKN2iWC9pOapL9Mod0JbOuyjbnMAZjOU0L7CxKgGm 1Mu/OvFpB9/f5jWefcxDtLvD4b7vsI5+wbctoEzO73qPsdKaS9TnSB9B2T0hdNQj H9Q2CqwHaLNmkrh9oR/tfJm12YlBRarepsDHB446PetJXE7DGjzlMsEsbJSW+93/ VnWWaMlXUWz1SuVlN1tBALqaN5Zg3Qg+nZAeQHPgZW6fJddzncdByDd+77l/nypk KVhU4+Sic9Qmia9tFC51mTWp2pwewb2ExaBFJ5nc+yPA39F5SvwB3bq1RBV3qCKI qyyxEmvpcHY9CS1/ycJFaJzOIG6EkVrAI+BSgXaAYB7jMPw1RW9OcS9RhAdyafG6 D8jYgNcS4uo/eq/FtDFEpUPFbL4xX929Whz0n/QK19iX5J2yGtSp1n5qZJ1xf8tI 3EpLJEkBALk1tgyO+Yrbe2Z0BwgsMRKrACWXg4aWJItlADaj+9gMtyv0K2y0BNUM 3t0704O1BJwVU2JQrjBYuV5bpOrMDjlKW8BOcZG8u70pUI9Me1U= =y7sq -----END PGP SIGNATURE----- --ftNuBwlDPhefEh3M--