From owner-freebsd-net@freebsd.org Fri Jul 6 17:50:33 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B3F86103FCC3 for ; Fri, 6 Jul 2018 17:50:33 +0000 (UTC) (envelope-from pieter@degoeje.nl) Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de [IPv6:2a01:238:20a:202:5300::7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.smtp.rzone.de", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2EF478E20E for ; Fri, 6 Jul 2018 17:50:32 +0000 (UTC) (envelope-from pieter@degoeje.nl) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1530899430; s=strato-dkim-0002; d=degoeje.nl; h=In-Reply-To:Date:Message-ID:From:References:Cc:To:Subject: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=ZrjuK9WJe8aobo8pqx9xcLIT+107YeZBHSdg/jmf1P0=; b=qonty2p8wqMGCrrfM2fclnpQMK03rdj5NuauwNRtIWhI1SyCgB6tYppC1hlOZCvw87 4+uoQOfEF1hKRS2LdzTRhNkGDf5367ILM8RvQvPBWLrtNMUqoWYXlor99WYv6O2OvKJs WapKe5/ZkML5iztJ0a232jyHQcBt6bi4q0RW35WG0rTxPIx8uxZugc8xq6h5txTVZgcv rAnd8I38nzpXm0f+ruQ1sdOvN1xbI6kEGVOiL8yzbamu2Wc9fKzl2KjEPwRcFDMawmUE wIdvYWulAKPsSkWeIN4MDXp69j+cZ2hHxkzADfdIPF6uao5ZNSYn6v7EteWrb0sFrW2i 0LyQ== X-RZG-AUTH: ":PGUBYUW6W/vjKUwSpXdHbXp/KlnzhfjpGaq9ccFSB01ZbYSz0XXyHEnBMb8k5m4K" X-RZG-CLASS-ID: mo00 Received: from [192.168.1.95] by smtp.strato.com (RZmta 43.12 AUTH) with ESMTPSA id j0271eu66HoSArx (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate); Fri, 6 Jul 2018 19:50:28 +0200 (CEST) Subject: Re: Does TCP_FASTOPEN actually work? To: Michael Tuexen Cc: freebsd-net@freebsd.org References: <8f67a706-a650-bba2-a7dc-c25e676e1c97@degoeje.nl> <9B19385C-CBD4-4C12-9E84-E12CAAF23092@lurchi.franken.de> From: Pieter de Goeje Message-ID: Date: Fri, 6 Jul 2018 19:50:28 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <9B19385C-CBD4-4C12-9E84-E12CAAF23092@lurchi.franken.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: nl Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2018 17:50:33 -0000 Op 2018-07-05 om 20:33 schreef Michael Tuexen: >> On 5. Jul 2018, at 17:23, Pieter de Goeje wrote: >> >> I'm trying to test this new feature, but I have trouble getting the client to actually send a cached cookie. It keeps requesting new ones and as a consequence it never sends data in the initial SYN packet. Tcpdump shows that the server correctly replies to a cookie request with a cookie. > Can you provide a tracefile? See http://lux.student.utwente.nl/~pyotr/dump/tfo.pcap which was taken on the client host, by running tfo-client 3 times in quick succession. >> >> Or am I misunderstanding how it should work and is the cookie cache per-process instead of system wide? > No, the cache is system wide. You can use > https://reviews.freebsd.org/D14554 > to see the entries. No entries appear in the cache. I've verified that the kernel actually does receive the cookie by adding a printf() to tcp_input.c just before tcp_fastopen_update_cache() is called. The kernel finds the cookie and attempts to update the cache, and then it is apparently black-holed. >> >> I'm using the test programs from https://people.freebsd.org/~pkelsey/tfo-tools/ for this purpose. > How are you using the client and server? On the server I run tfo-srv without arguments, on the client I run "tfo-client $host 22222" multiple times in quick succession. My expectation is that after the first run the cookie is retrieved and used. >> >> Server and client run on r335760 or later, with no changes to net.inet.tcp.fastopen except that server_enable was set to 1. > Is client_enable = 1? Yes (by default). - Pieter