From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202510 header.b=qcn7jnHE;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 0F5D75A061A
	for <passt-dev@passt.top>; Tue, 02 Dec 2025 04:20:38 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202510; t=1764645633;
	bh=hvfWanC0FL3pLz3oeV6eLOQvW3iDMZnRCPDKV+UhzMA=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=qcn7jnHEoO26HZJP9kkzLvTBUazzCBtz6yQhJJFv9N6Tu+BhMJP9k2UYjPcv1sksB
	 +DvAQBYsES802nA6QyBQbZVYMgstN75nSNBXaDu61J9XxvGrpluGYEgoSGb35PKJyB
	 ARDobpO3Rp+smvwHlb0p8+L50yU7b5wzZatjchN4s4Ekj7iWN99br3nmBx0tIwebOI
	 A3+F/ZqesFRjajwU9r7SsA8devYwi285l1n4cuhZVWMTTKMHOkucXwiwc4V9ATtbOL
	 zjavwUNQrcnm4xrLCTTAAxrqWDHLBzYqIbBfKmIqvFFzAxJB2TOr64SmriTm6y5Ywc
	 qa55iZq1TbIDg==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4dL5cx748cz4wQL; Tue, 02 Dec 2025 14:20:33 +1100 (AEDT)
Date: Tue, 2 Dec 2025 14:20:28 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Yumei Huang <yuhuang@redhat.com>
Subject: Re: [PATCH v10 5/5] tcp: Clamp the retry timeout
Message-ID: <aS5a_DMMB1k2LEAm@zatzit>
References: <20251202030007.23581-1-yuhuang@redhat.com>
 <20251202030007.23581-6-yuhuang@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="KLpeAZ4MxBNO6QYw"
Content-Disposition: inline
In-Reply-To: <20251202030007.23581-6-yuhuang@redhat.com>
Message-ID-Hash: WA5ZD4PGO443V5RUOB2RJVLDZTBMMPMT
X-Message-ID-Hash: WA5ZD4PGO443V5RUOB2RJVLDZTBMMPMT
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, sbrivio@redhat.com
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/aS5a_DMMB1k2LEAm@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/WA5ZD4PGO443V5RUOB2RJVLDZTBMMPMT/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--KLpeAZ4MxBNO6QYw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 02, 2025 at 11:00:07AM +0800, Yumei Huang wrote:
> Clamp the TCP retry timeout as Linux kernel does. If a retry occurs
> during the handshake and the RTO is below 3 seconds, re-initialise
> it to 3 seconds for data retransmissions according to RFC 6298.
>=20
> Suggested-by: Stefano Brivio <sbrivio@redhat.com>
> Signed-off-by: Yumei Huang <yuhuang@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  tcp.c      | 25 ++++++++++++++++++++-----
>  tcp.h      |  2 ++
>  tcp_conn.h |  1 +
>  3 files changed, 23 insertions(+), 5 deletions(-)
>=20
> diff --git a/tcp.c b/tcp.c
> index cff23d1..3418705 100644
> --- a/tcp.c
> +++ b/tcp.c
> @@ -187,6 +187,9 @@
>   *   established connections, or (syn_retries + syn_linear_timeouts) tim=
es
>   *   during the handshake, then reset the connection
>   *
> + * - RTO_INIT_AFTER_SYN_RETRIES: if SYN retries happened during handshak=
e and
> + *   RTO is less than this, re-initialise RTO to this for data retransmi=
ssions
> + *
>   * - FIN_TIMEOUT: if a FIN segment was sent to tap/guest (flag ACK_FROM_=
TAP_DUE
>   *   with TAP_FIN_SENT event), and no ACK is received within this time, =
reset
>   *   the connection
> @@ -340,6 +343,7 @@ enum {
> =20
>  #define ACK_INTERVAL			10		/* ms */
>  #define RTO_INIT			1		/* s, RFC 6298 */
> +#define RTO_INIT_AFTER_SYN_RETRIES	3		/* s, RFC 6298 */
>  #define FIN_TIMEOUT			60
>  #define ACT_TIMEOUT			7200
> =20
> @@ -365,9 +369,11 @@ uint8_t tcp_migrate_rcv_queue		[TCP_MIGRATE_RCV_QUEU=
E_MAX];
> =20
>  #define SYN_RETRIES		"/proc/sys/net/ipv4/tcp_syn_retries"
>  #define SYN_LINEAR_TIMEOUTS	"/proc/sys/net/ipv4/tcp_syn_linear_timeouts"
> +#define RTO_MAX_MS		"/proc/sys/net/ipv4/tcp_rto_max_ms"
> =20
>  #define SYN_RETRIES_DEFAULT		6
>  #define SYN_LINEAR_TIMEOUTS_DEFAULT	4
> +#define RTO_MAX_DEFAULT		120 /* s */
>  #define MAX_SYNCNT			127 /* derived from kernel's limit */
> =20
>  /* "Extended" data (not stored in the flow table) for TCP flow migration=
 */
> @@ -392,7 +398,7 @@ static const char *tcp_state_str[] __attribute((__unu=
sed__)) =3D {
> =20
>  static const char *tcp_flag_str[] __attribute((__unused__)) =3D {
>  	"STALLED", "LOCAL", "ACTIVE_CLOSE", "ACK_TO_TAP_DUE",
> -	"ACK_FROM_TAP_DUE", "ACK_FROM_TAP_BLOCKS",
> +	"ACK_FROM_TAP_DUE", "ACK_FROM_TAP_BLOCKS", "SYN_RETRIED",
>  };
> =20
>  /* Listening sockets, used for automatic port forwarding in pasta mode o=
nly */
> @@ -590,10 +596,13 @@ static void tcp_timer_ctl(const struct ctx *c, stru=
ct tcp_tap_conn *conn)
>  	if (conn->flags & ACK_TO_TAP_DUE) {
>  		it.it_value.tv_nsec =3D (long)ACK_INTERVAL * 1000 * 1000;
>  	} else if (conn->flags & ACK_FROM_TAP_DUE) {
> -		int exp =3D conn->retries;
> +		int exp =3D conn->retries, timeout =3D RTO_INIT;
>  		if (!(conn->events & ESTABLISHED))
>  			exp -=3D c->tcp.syn_linear_timeouts;
> -		it.it_value.tv_sec =3D RTO_INIT << MAX(exp, 0);
> +		else if (conn->flags & SYN_RETRIED)
> +			timeout =3D MAX(timeout, RTO_INIT_AFTER_SYN_RETRIES);
> +		timeout <<=3D MAX(exp, 0);
> +		it.it_value.tv_sec =3D MIN(timeout, c->tcp.rto_max);
>  	} else if (CONN_HAS(conn, SOCK_FIN_SENT | TAP_FIN_ACKED)) {
>  		it.it_value.tv_sec =3D FIN_TIMEOUT;
>  	} else {
> @@ -2441,6 +2450,7 @@ void tcp_timer_handler(const struct ctx *c, union e=
poll_ref ref)
>  				flow_trace(conn, "SYN timeout, retry");
>  				tcp_send_flag(c, conn, SYN);
>  				conn->retries++;
> +				conn_flag(c, conn, SYN_RETRIED);
>  				tcp_timer_ctl(c, conn);
>  			}
>  		} else if (CONN_HAS(conn, SOCK_FIN_SENT | TAP_FIN_ACKED)) {
> @@ -2812,10 +2822,15 @@ static void tcp_get_rto_params(struct ctx *c)
>  	v =3D read_file_integer(SYN_LINEAR_TIMEOUTS, SYN_LINEAR_TIMEOUTS_DEFAUL=
T);
>  	c->tcp.syn_linear_timeouts =3D MIN(v, MAX_SYNCNT);
> =20
> +	v =3D read_file_integer(RTO_MAX_MS, (intmax_t)(RTO_MAX_DEFAULT * 1000));
> +	c->tcp.rto_max =3D MIN(DIV_ROUND_UP(v, 1000), INT_MAX);
> +
>  	debug("Using TCP RTO parameters, syn_retries: %"PRIu8
> -	      ", syn_linear_timeouts: %"PRIu8,
> +	      ", syn_linear_timeouts: %"PRIu8
> +	      ", rto_max: %d",
>  	      c->tcp.syn_retries,
> -	      c->tcp.syn_linear_timeouts);
> +	      c->tcp.syn_linear_timeouts,
> +	      c->tcp.rto_max);
>  }
> =20
>  /**
> diff --git a/tcp.h b/tcp.h
> index 37d7758..6fb6f92 100644
> --- a/tcp.h
> +++ b/tcp.h
> @@ -60,6 +60,7 @@ union tcp_listen_epoll_ref {
>   * @fwd_out:		Port forwarding configuration for outbound packets
>   * @timer_run:		Timestamp of most recent timer run
>   * @pipe_size:		Size of pipes for spliced connections
> + * @rto_max:		Maximum retry timeout (in s)
>   * @syn_retries:	SYN retries using exponential backoff timeout
>   * @syn_linear_timeouts: SYN retries before using exponential backoff ti=
meout
>   */
> @@ -68,6 +69,7 @@ struct tcp_ctx {
>  	struct fwd_ports fwd_out;
>  	struct timespec timer_run;
>  	size_t pipe_size;
> +	int rto_max;
>  	uint8_t syn_retries;
>  	uint8_t syn_linear_timeouts;
>  };
> diff --git a/tcp_conn.h b/tcp_conn.h
> index 923af36..e36910c 100644
> --- a/tcp_conn.h
> +++ b/tcp_conn.h
> @@ -77,6 +77,7 @@ struct tcp_tap_conn {
>  #define ACK_TO_TAP_DUE		BIT(3)
>  #define ACK_FROM_TAP_DUE	BIT(4)
>  #define ACK_FROM_TAP_BLOCKS	BIT(5)
> +#define SYN_RETRIED		BIT(6)
> =20
>  #define SNDBUF_BITS		24
>  	unsigned int	sndbuf		:SNDBUF_BITS;
> --=20
> 2.51.1
>=20

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--KLpeAZ4MxBNO6QYw
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmkuWvwACgkQzQJF27ox
2GfHCQ//UlhnHKy0M09rdeTT8kZ37ZNifgxCsIHWAY6NEzrX6e4LvvErdNiJdlu8
ftKAi7sjTz6b9+topqtmzJNGgneVWSiIVdmDjOpUrh7d9z8AS+qxmNwLEag/0jjq
E+Ydv5zWBrP+GE12KQHO6upH/Deo1wa4P25PjG/NLDKCOgQi2IqBuuImBtWTM9X/
S/wBslGfvk8GdFioge0aNsXL/l2+V40hKNOpp9Ck6eOCbee/F8VOqtM5Kpkhuzq3
YFG7RnawG4DXelBUwChxgBCUrlbjF/Zkt8SAYJwSiXpm2mut0Ev4bv3QlttzKP8b
JvFQ7OoLQ6kSUPQuR4hGiMzShySfR5DOe2gtLzVw3e3LTNO0hR5LhMDG8UIg7rq+
fv0dRStwcMyvWA6mq/ztjNSE5RQV8XIaLbiLj2vlupfpI/NSSJhnq8YGmo19eD4R
nmo/IOrSNzh1STRxRmcXXJz3pBeT0sVPNR58sExNzuqBnzMGqpt+TTv50y8aH4Nf
MG+EqI4P4FgzoxSEWpmw3vtzFwR6k2NPDnqGOe1+SMuZ3kwfu3hRIM7WMdJtQwK7
AMSy5PUmjmcZw3Ts7gKMhdm/G5Ugj+Bjfn40u9uoswF3wVSr7J6GIAIzO/pauNbE
HAxF0nm7xI82/edEbaULkYQ+G/uNEld5hwYZnlpnDl5VsgPCQ38=
=M7SJ
-----END PGP SIGNATURE-----

--KLpeAZ4MxBNO6QYw--