Re: [PATCH v7 4/5] tcp: Update data retransmission timeout

[David Gibson <david@gibson.dropbear.id.au>]

[-- Attachment #1: Type: text/plain, Size: 5809 bytes --]

On Mon, Nov 03, 2025 at 10:57:27AM +0800, Yumei Huang wrote:
> On Mon, Nov 3, 2025 at 9:38 AM David Gibson <david@gibson.dropbear.id.au> wrote:
> >
> > On Fri, Oct 31, 2025 at 01:42:41PM +0800, Yumei Huang wrote:
> > > Use an exponential backoff timeout for data retransmission according
> > > to RFC 2988 and RFC 6298. Set the initial RTO to one second as discussed
> > > in Appendix A of RFC 6298.
> > >
> > > Also combine the macros defining the initial RTO for both SYN and ACK.
> > >
> > > Signed-off-by: Yumei Huang <yuhuang@redhat.com>
> > > Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
> >
> > As reported, the carried over R-b was a minor mistake, since the code
> > has changed, but here's a new one:
> >
> > Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
> >
> > Small comment below, though.
> >
> > > ---
> > >  tcp.c | 30 ++++++++++++------------------
> > >  1 file changed, 12 insertions(+), 18 deletions(-)
> > >
> > > diff --git a/tcp.c b/tcp.c
> > > index bada88a..96ee56a 100644
> > > --- a/tcp.c
> > > +++ b/tcp.c
> > > @@ -179,16 +179,13 @@
> > >   *
> > >   * Timeouts are implemented by means of timerfd timers, set based on flags:
> > >   *
> > > - * - SYN_TIMEOUT_INIT: if no ACK is received from tap/guest during handshake
> > > - *   (flag ACK_FROM_TAP_DUE without ESTABLISHED event) within this time, resend
> > > - *   SYN. It's the starting timeout for the first SYN retry. Retry for
> > > - *   TCP_MAX_RETRIES or (tcp_syn_retries + tcp_syn_linear_timeouts) times,
> > > - *   reset the connection
> > > - *
> > > - * - ACK_TIMEOUT: if no ACK segment was received from tap/guest, after sending
> > > - *   data (flag ACK_FROM_TAP_DUE with ESTABLISHED event), re-send data from the
> > > - *   socket and reset sequence to what was acknowledged. If this persists for
> > > - *   more than TCP_MAX_RETRIES times in a row, reset the connection
> > > + * - RTO_INIT: if no ACK segment was received from tap/guest, either during
> > > + *   handshake (flag ACK_FROM_TAP_DUE without ESTABLISHED event) or after
> > > + *   sending data (flag ACK_FROM_TAP_DUE with ESTABLISHED event), re-send data
> > > + *   from the socket and reset sequence to what was acknowledged. This is the
> > > + *   timeout for the first retry, in seconds. Retry for TCP_MAX_RETRIES times
> > > + *   for established connections, or (tcp_syn_retries +
> > > + *   tcp_syn_linear_timeouts) times during the handshake, reset the connection
> > >   *
> > >   * - FIN_TIMEOUT: if a FIN segment was sent to tap/guest (flag ACK_FROM_TAP_DUE
> > >   *   with TAP_FIN_SENT event), and no ACK is received within this time, reset
> > > @@ -342,8 +339,7 @@ enum {
> > >  #define WINDOW_DEFAULT                       14600           /* RFC 6928 */
> > >
> > >  #define ACK_INTERVAL                 10              /* ms */
> > > -#define SYN_TIMEOUT_INIT             1               /* s, RFC 6928 */
> > > -#define ACK_TIMEOUT                  2
> > > +#define RTO_INIT                     1               /* s, RFC 6298 */
> > >  #define FIN_TIMEOUT                  60
> > >  #define ACT_TIMEOUT                  7200
> > >
> > > @@ -589,12 +585,10 @@ static void tcp_timer_ctl(const struct ctx *c, struct tcp_tap_conn *conn)
> > >       if (conn->flags & ACK_TO_TAP_DUE) {
> > >               it.it_value.tv_nsec = (long)ACK_INTERVAL * 1000 * 1000;
> > >       } else if (conn->flags & ACK_FROM_TAP_DUE) {
> > > -             if (!(conn->events & ESTABLISHED)) {
> > > -                     int exp = conn->retries - c->tcp.syn_linear_timeouts;
> >
> > I didn't spot it in the previous patch, but this is (theoretically)
> > buggy.  conn->retries is unsigned, so the subtraction will be
> > performed unsigned and only then cast to signed.  I think that will
> > probably do the right thing in practice, but I don't think that's
> > guaranteed by the C standard (and might even be UB).
> 
> I'm not sure, but I just googled it. IIUC, the uint8_t (conn->retries
> and c->tcp.syn_linear_timeouts) will go through integer promotion
> before subtraction. So the line is like:
> 
>     int exp = (int) conn->retries - (int) c->tcp.syn_linear_timeouts;
> 
> Please correct me if I'm wrong.

Huh, I thought it would only be promoted if one of the operands was an
int.  But C promotion rules are really confusing, so I could well be
wrong.

> 
> >
> > > -                     it.it_value.tv_sec = SYN_TIMEOUT_INIT << MAX(exp, 0);
> > > -             }
> > > -             else
> > > -                     it.it_value.tv_sec = ACK_TIMEOUT;
> > > +             int exp = conn->retries;
> >
> > This change fixes it, by forcing the cast to a signed int before the
> > subtraction.  It also removes the minor style error I noted in the
> > previous patch.  Given that, I don't think we need to worry about
> > either of them.
> >
> > > +             if (!(conn->events & ESTABLISHED))
> > > +                     exp -= c->tcp.syn_linear_timeouts;
> > > +             it.it_value.tv_sec = RTO_INIT << MAX(exp, 0);
> > >       } else if (CONN_HAS(conn, SOCK_FIN_SENT | TAP_FIN_ACKED)) {
> > >               it.it_value.tv_sec = FIN_TIMEOUT;
> > >       } else {
> > > --
> > > 2.49.0
> > >
> >
> > --
> > David Gibson (he or they)       | I'll have my music baroque, and my code
> > david AT gibson.dropbear.id.au  | minimalist, thank you, not the other way
> >                                 | around.
> > http://www.ozlabs.org/~dgibson
> 
> 
> 
> -- 
> Thanks,
> 
> Yumei Huang
> 

-- 
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]