From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202512 header.b=An/wycPJ; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id AEB3C5A061A for ; Sat, 06 Dec 2025 06:49:35 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202512; t=1765000171; bh=irirt4E26LkL4ocw9oITl4ypWiojKBtE4M5ClHWmeXY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=An/wycPJB9UVPxoDcFIpUAGLmwcRqMFJZ21UihJoNVbpDODcnsBEwn+5SRhQNYoH9 U4WYLVfrMfFoqihvM7YOz/41WfeBOwcjSBkyktCYxp9DxjCToSr2SBgauA6Otvvb2V qfHUSn9ceKoBB68iCo7HzyYwPGLZD0tNNrhYoTcbOwpUwFsjY3u3lYTu6sgMK2oxr5 z0pNSsemEfL0pXtARlms2ciovTHmSRAJ/gg3QQELORGMnBNNrz3FhzHR+M77naaBEn swBg3UI5NqA5Cp7WqqRO+lOpX6a/o7GIkPrKs4NaKoQf0aXwFhqjp8gHotIRU41T+0 62xg0jvkuMRug== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4dNckz67n0z4wDR; Sat, 06 Dec 2025 16:49:31 +1100 (AEDT) Date: Sat, 6 Dec 2025 16:49:03 +1100 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH v2] tcp: Enable SO_KEEPALIVE if we see keep-alive segments from container / guest Message-ID: References: <20251205143623.3469334-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Ywc1IcCbFNj+ejUt" Content-Disposition: inline In-Reply-To: <20251205143623.3469334-1-sbrivio@redhat.com> Message-ID-Hash: JBL5VPUYUU7SZLMNS72V5BWAV7GHV77C X-Message-ID-Hash: JBL5VPUYUU7SZLMNS72V5BWAV7GHV77C X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, Dominic Kohls X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --Ywc1IcCbFNj+ejUt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 05, 2025 at 03:36:23PM +0100, Stefano Brivio wrote: > This is an approximation, as enabling SO_KEEPALIVE doesn't mean that > a keep-alive segment will be sent right away, rather that keep-alive > segments will start being sent if the connection is idle. >=20 > On the other hand, we don't have direct control over the host-side > TCP, so this is probably the best approximation we can get. >=20 > By default, namespaces inherit keep-alive parameters from their parent > namespace, so we can assume that, in case of a container, we'll wait > for the same interval it took for the container to start sending us > keep-alives, effectively doubling that interval. >=20 > To keep this simple, set SO_KEEPALIVE whenever we see a keep-alive > segment, instead of tracking its state. Keep-alive segments are > relatively infrequent, so we don't expect any substantial cost from > doing that. >=20 > Reported-by: Dominic Kohls > Signed-off-by: Stefano Brivio Reviewed-by: David Gibson > --- > v2: Coverity Scan just reminded me that we shouldn't ignore > setsockopt() return codes. It doesn't really matter if this fails > as we can't do much else in that case, but a trace-level message > is a good idea anyway (not that I've ever seen this failing). >=20 > tcp.c | 4 ++++ > 1 file changed, 4 insertions(+) >=20 > diff --git a/tcp.c b/tcp.c > index 8357c0e..d6a5337 100644 > --- a/tcp.c > +++ b/tcp.c > @@ -1838,6 +1838,10 @@ static int tcp_data_from_tap(const struct ctx *c, = struct tcp_tap_conn *conn, > tcp_send_flag(c, conn, ACK); > tcp_timer_ctl(c, conn); > =20 > + if (setsockopt(conn->sock, SOL_SOCKET, SO_KEEPALIVE, > + &((int){ 1 }), sizeof(int))) > + flow_trace(conn, "failed to set SO_KEEPALIVE"); > + > if (p->count =3D=3D 1) { > tcp_tap_window_update(c, conn, > ntohs(th->window)); > --=20 > 2.43.0 >=20 --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --Ywc1IcCbFNj+ejUt Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmkzw8QACgkQzQJF27ox 2GdFOQ//ZSAF/UEnGEMZFs6GY4FFYTp4Z9uv7YvBcABolp2zEPMGyEErsrOk506v prOW4X5tw8mLOirc03pF4+v4Wf5GvdUcHxOY6TiH0z3pbbtcKxLpdufoyGIHGDP5 jdUBmS3rdN/cdo3FIKwWcYffBMgXVIZeZn5tkW3sEmQnXq2wwg4kJpxAkFzjpdDF oteUP7qskkAIKfLqNjenoM+j7nAHQ8O2MJOni/MCjCEmsYYDpzvUhqv0TrGYA6HS lfmA/PEs/uPfFgtBLD/hO5kb24jDN+l1L19foZAc9NDe8Ed2xAnZnpHIU9piJlQy VgmD2vn/ddmZAxfxTfbodJ0+bN9NNKtBQE1O4NUEde4m+nvUOk8KkxMxja4Zy3bO 0i8gvl6dXYMqII6G7C9tzKixN/mUjRsZEGM86HtcgOJ7XeOkB8gdcwDwsrws7wRH OVf7E3El/qQdyyQO0RDSQHtvmAGiDgXV0/dJgXN+Niw5fRtLJhBf2LV5es2/PR34 E5RJG5pLQBqvcl9UgGnLEZqDwwuTEnS8GgizBmd2kdNpZ8A9PEjm6pTTtIjCjTnp i5Nc6Tv0GuTWctMNvBHfGYqqmBv+dfnEd6shKx152xKUIrJF8jZlKToZF3IsZc7n BaNb9J3ckQSsXT6b7pkhZ76QZL4b486I13hWkE1y+YoKKxh+KtE= =GCzC -----END PGP SIGNATURE----- --Ywc1IcCbFNj+ejUt--