From owner-freebsd-net@freebsd.org  Fri Jul  6 22:18:09 2018
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B8CA51033D2D
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Fri,  6 Jul 2018 22:18:09 +0000 (UTC)
 (envelope-from Michael.Tuexen@lurchi.franken.de)
Received: from drew.franken.de (mail-n.franken.de [193.175.24.27])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.franken.de",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 53A527244E
 for <freebsd-net@freebsd.org>; Fri,  6 Jul 2018 22:18:09 +0000 (UTC)
 (envelope-from Michael.Tuexen@lurchi.franken.de)
Received: from [IPv6:2003:cd:6f1a:9700:b5c6:bf04:2e47:716d]
 (p200300CD6F1A9700B5C6BF042E47716D.dip0.t-ipconnect.de
 [IPv6:2003:cd:6f1a:9700:b5c6:bf04:2e47:716d])
 (Authenticated sender: lurchi)
 by mail-n.franken.de (Postfix) with ESMTPSA id C8825721E2823;
 Sat,  7 Jul 2018 00:17:59 +0200 (CEST)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
Subject: Re: Does TCP_FASTOPEN actually work?
From: Michael Tuexen <Michael.Tuexen@lurchi.franken.de>
In-Reply-To: <b85877d5-e783-6e2b-253e-3e755df28af7@degoeje.nl>
Date: Sat, 7 Jul 2018 00:17:58 +0200
Cc: freebsd-net@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <E6408317-3AD0-489B-AF43-88605006121A@lurchi.franken.de>
References: <8f67a706-a650-bba2-a7dc-c25e676e1c97@degoeje.nl>
 <9B19385C-CBD4-4C12-9E84-E12CAAF23092@lurchi.franken.de>
 <b85877d5-e783-6e2b-253e-3e755df28af7@degoeje.nl>
To: Pieter de Goeje <pieter@degoeje.nl>
X-Mailer: Apple Mail (2.3445.8.2)
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
 autolearn=disabled version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jul 2018 22:18:09 -0000

> On 6. Jul 2018, at 19:50, Pieter de Goeje <pieter@degoeje.nl> wrote:
>=20
> Op 2018-07-05 om 20:33 schreef Michael Tuexen:
>>> On 5. Jul 2018, at 17:23, Pieter de Goeje <pieter@degoeje.nl> wrote:
>>>=20
>>> I'm trying to test this new feature, but I have trouble getting the =
client to actually send a cached cookie. It keeps requesting new ones =
and as a consequence it never sends data in the initial SYN packet. =
Tcpdump shows that the server correctly replies to a cookie request with =
a cookie.
>> Can you provide a tracefile?
>=20
> See http://lux.student.utwente.nl/~pyotr/dump/tfo.pcap which was taken =
on the client host, by running tfo-client 3 times in quick succession.
OK. This tracefile indicates that there is a bug somewhere...
>=20
>>>=20
>>> Or am I misunderstanding how it should work and is the cookie cache =
per-process instead of system wide?
>> No, the cache is system wide. You can use
>> https://reviews.freebsd.org/D14554
>> to see the entries.
>=20
> No entries appear in the cache.
> I've verified that the kernel actually does receive the cookie by =
adding a printf() to tcp_input.c just before tcp_fastopen_update_cache() =
is called. The kernel finds the cookie and attempts to update the cache, =
and then it is apparently black-holed.
OK, that is consistent, at least.

I think I can reproduce that problem.

I tested it with http://bsd5.fh-muenster.de/tcp_fastopen.c using
tcp_fastopen 212.201.121.85 80

The server (bsd5) runs a version of thttpd =
(https://github.com/nplab/thttpdwith)
fastopen being enabled.

Let me look into it...
>=20
>>>=20
>>> I'm using the test programs from =
https://people.freebsd.org/~pkelsey/tfo-tools/ for this purpose.
>> How are you using the client and server?
>=20
> On the server I run tfo-srv without arguments, on the client I run =
"tfo-client $host 22222" multiple times in quick succession. My =
expectation is that after the first run the cookie is retrieved and =
used.
That expectation is correct.
>=20
>>>=20
>>> Server and client run on r335760 or later, with no changes to =
net.inet.tcp.fastopen except that server_enable was set to 1.
>> Is client_enable =3D 1?
>=20
> Yes (by default).
OK. The default change some time ago, but was too lazy to look the =
revision number up.

Best regards
Michael
>=20
> - Pieter