From patchwork Tue Oct 29 17:09:05 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yuchung Cheng <ycheng@google.com>
X-Patchwork-Id: 286910
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 804612C0369
	for <patchwork-incoming@ozlabs.org>;
	Wed, 30 Oct 2013 04:09:17 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932176Ab3J2RJO (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Tue, 29 Oct 2013 13:09:14 -0400
Received: from mail-pa0-f73.google.com ([209.85.220.73]:35390 "EHLO
	mail-pa0-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1757850Ab3J2RJM (ORCPT
	<rfc822;netdev@vger.kernel.org>); Tue, 29 Oct 2013 13:09:12 -0400
Received: by mail-pa0-f73.google.com with SMTP id kp14so44890pab.0
	for <netdev@vger.kernel.org>; Tue, 29 Oct 2013 10:09:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=kNQLHd1jB1iVyJI4l4u/xt+U0U4Z8n/kLK4Fo3qJ50s=;
	b=H5PgP9YQt7BI9s81X47LdXPluj2tsemNx59KUo9qU6XKaysI1wpwqODnIst3kz2GgQ
	8i8tCxGYmEoKgYh82NzvWuZWPO5PLya26u3OpZ/4dIpfPrfJuZtBzXUzgHgDRTwznnXd
	911McF1yxG1rVPMnQDPlHaCwi8BrNdp+Y3LB4dzs9WoSAhEH09vhbSfsKBm3MzkD2RR7
	v1ldXNtinzPBmwHgOjzRkC0DR3z9KMUiM/MirmAWBWBMFiw3CHhUvr4IwN3aYPtlwtyw
	/tw4AGrGbmR0ftjdHiJkY23x+wcGMbbqTgJBK7jDMt3YDSxXDR6Lx5HKBEXuzW5pyBbb
	D5Qg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=kNQLHd1jB1iVyJI4l4u/xt+U0U4Z8n/kLK4Fo3qJ50s=;
	b=VkkigEeGczA7YQyTEFJfk9gh5vkFbEO/ykpknqqE3A4+56hPjykyq1VI9xecAJGf35
	50JkCPuhMGTYtcBF3kgCpw+aZb7ZAAdJPTZfq7YgRe7fl/X6sAPzT7uzrGLXlgwwXLlP
	td35T0sSYtmuz8YxeYSL5wcIZEY2RmZ0HW50igTyms2jNTF8rHYxtVqblupo0t+wjS/r
	Vs+3ETUykX0WfwAGV8X0Qd+9K94xc0nFro+5ztCBdlkDAo5OGnVXuFx1tSnijdrsPXYd
	7o196T1QnuAZL8/Wd+WWNBSvqrPCgydZnzU8/9/55AcWgOP0l+eykIFrJ/v7buLKaAi9
	WBZQ==
X-Gm-Message-State: 
 ALoCoQnkTWrOUCk58+Y7bw9G82WZIL/+ow4znai4hjsmeojh6nn7+biGKjAPD1DoTAfic1PTju9PpURAZeqwYXz3C9AxX3Zm27iY2eyiMqThpTBg9dWtxrGAiYjshXpK0luY0b1YYa9XUdBFaz0HTEpMZT5flbQFFyoyrluPVcBoXMHE+823c7tZpg5ZwgTwLS9BD0HoaiuPGpB60/WP55TMAvjGyw7kKQ==
X-Received: by 10.67.3.34 with SMTP id bt2mr535932pad.41.1383066550087;
	Tue, 29 Oct 2013 10:09:10 -0700 (PDT)
Received: from corp2gmr1-2.hot.corp.google.com
	(corp2gmr1-2.hot.corp.google.com [172.24.189.93])
	by gmr-mx.google.com with ESMTPS id
	k47si1487645yha.2.2013.10.29.10.09.10 for <multiple recipients>
	(version=TLSv1.1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Tue, 29 Oct 2013 10:09:10 -0700 (PDT)
Received: from blast2.mtv.corp.google.com (blast2.mtv.corp.google.com
	[172.17.132.164])
	by corp2gmr1-2.hot.corp.google.com (Postfix) with ESMTP id
	D63FD5A42D6; Tue, 29 Oct 2013 10:09:09 -0700 (PDT)
Received: by blast2.mtv.corp.google.com (Postfix, from userid 5463)
	id 71A98220E42; Tue, 29 Oct 2013 10:09:09 -0700 (PDT)
From: Yuchung Cheng <ycheng@google.com>
To: davem@davemloft.net, ncardwell@google.com, edumazet@google.com
Cc: netdev@vger.kernel.org, Yuchung Cheng <ycheng@google.com>
Subject: [PATCH net-next] tcp: temporarily disable Fast Open on SYN timeout
Date: Tue, 29 Oct 2013 10:09:05 -0700
Message-Id: <1383066545-27348-1-git-send-email-ycheng@google.com>
X-Mailer: git-send-email 1.8.4.1
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Fast Open currently has a fall back feature to address SYN-data
being dropped by but it requires the middle-box to pass on regular
SYN retry after SYN-data. This is implemented in commit aab487435
("net-tcp: Fast Open client - detecting SYN-data drops")

However some NAT boxes will drop all subsequent packets after first
SYN-data and blackholes the entire connections.  An example is incommit
356d7d8 "netfilter: nf_conntrack: fix tcp_in_window for Fast Open".

The sender should note such incidents and falls back to use regular
TCP handshake on subsequent attempt temporarily as well: after the
second SYN timeouts the original Fast Open SYN is most likely lost.
When such an event recurs Fast Open is disabled based on the number
of recurrences exponentially.

Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
---
 net/ipv4/tcp_metrics.c | 5 +++--
 net/ipv4/tcp_timer.c   | 6 +++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
index 4a2a841..2ab09cb 100644
--- a/net/ipv4/tcp_metrics.c
+++ b/net/ipv4/tcp_metrics.c
@@ -671,8 +671,9 @@ void tcp_fastopen_cache_set(struct sock *sk, u16 mss,
 		struct tcp_fastopen_metrics *tfom = &tm->tcpm_fastopen;
 
 		write_seqlock_bh(&fastopen_seqlock);
-		tfom->mss = mss;
-		if (cookie->len > 0)
+		if (mss)
+			tfom->mss = mss;
+		if (cookie && cookie->len > 0)
 			tfom->cookie = *cookie;
 		if (syn_lost) {
 			++tfom->syn_loss;
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index af07b5b..64f0354 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -156,12 +156,16 @@ static bool retransmits_timed_out(struct sock *sk,
 static int tcp_write_timeout(struct sock *sk)
 {
 	struct inet_connection_sock *icsk = inet_csk(sk);
+	struct tcp_sock *tp = tcp_sk(sk);
 	int retry_until;
 	bool do_reset, syn_set = false;
 
 	if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) {
-		if (icsk->icsk_retransmits)
+		if (icsk->icsk_retransmits) {
 			dst_negative_advice(sk);
+			if (tp->syn_fastopen || tp->syn_data)
+				tcp_fastopen_cache_set(sk, 0, NULL, true);
+		}
 		retry_until = icsk->icsk_syn_retries ? : sysctl_tcp_syn_retries;
 		syn_set = true;
 	} else {