From owner-freebsd-net@freebsd.org Sat Jul 7 11:29:11 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8748D1037961 for ; Sat, 7 Jul 2018 11:29:11 +0000 (UTC) (envelope-from Michael.Tuexen@lurchi.franken.de) Received: from drew.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.franken.de", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1F39D7113F for ; Sat, 7 Jul 2018 11:29:11 +0000 (UTC) (envelope-from Michael.Tuexen@lurchi.franken.de) Received: from [IPv6:2003:cd:6f1a:9700:d914:b1f:78f6:e141] (p200300CD6F1A9700D9140B1F78F6E141.dip0.t-ipconnect.de [IPv6:2003:cd:6f1a:9700:d914:b1f:78f6:e141]) (Authenticated sender: lurchi) by mail-n.franken.de (Postfix) with ESMTPSA id E19AF721E2822; Sat, 7 Jul 2018 13:29:06 +0200 (CEST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\)) Subject: Re: Does TCP_FASTOPEN actually work? From: Michael Tuexen In-Reply-To: Date: Sat, 7 Jul 2018 13:29:05 +0200 Cc: freebsd-net@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <8f67a706-a650-bba2-a7dc-c25e676e1c97@degoeje.nl> <9B19385C-CBD4-4C12-9E84-E12CAAF23092@lurchi.franken.de> To: Pieter de Goeje X-Mailer: Apple Mail (2.3445.8.2) X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jul 2018 11:29:11 -0000 > On 6. Jul 2018, at 19:50, Pieter de Goeje wrote: >=20 > Op 2018-07-05 om 20:33 schreef Michael Tuexen: >>> On 5. Jul 2018, at 17:23, Pieter de Goeje wrote: >>>=20 >>> I'm trying to test this new feature, but I have trouble getting the = client to actually send a cached cookie. It keeps requesting new ones = and as a consequence it never sends data in the initial SYN packet. = Tcpdump shows that the server correctly replies to a cookie request with = a cookie. >> Can you provide a tracefile? >=20 > See http://lux.student.utwente.nl/~pyotr/dump/tfo.pcap which was taken = on the client host, by running tfo-client 3 times in quick succession. >=20 >>>=20 >>> Or am I misunderstanding how it should work and is the cookie cache = per-process instead of system wide? >> No, the cache is system wide. You can use >> https://reviews.freebsd.org/D14554 >> to see the entries. >=20 > No entries appear in the cache. > I've verified that the kernel actually does receive the cookie by = adding a printf() to tcp_input.c just before tcp_fastopen_update_cache() = is called. The kernel finds the cookie and attempts to update the cache, = and then it is apparently black-holed. >=20 >>>=20 >>> I'm using the test programs from = https://people.freebsd.org/~pkelsey/tfo-tools/ for this purpose. >> How are you using the client and server? >=20 > On the server I run tfo-srv without arguments, on the client I run = "tfo-client $host 22222" multiple times in quick succession. My = expectation is that after the first run the cookie is retrieved and = used. >=20 >>>=20 >>> Server and client run on r335760 or later, with no changes to = net.inet.tcp.fastopen except that server_enable was set to 1. >> Is client_enable =3D 1? >=20 > Yes (by default). I can confirm that there was a bug. It was unmasked by https://svnweb.freebsd.org/changeset/base/335610 which enabled the TCP FO handling on the client side per default. I have committed a fix in https://svnweb.freebsd.org/changeset/base/336057 Thanks a lot for reporting the issue. I'm aware of some other issues, but please report any issues you find! Best regards Michael >=20 > - Pieter