From owner-svn-src-stable@freebsd.org Mon Dec 28 03:45:42 2015 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 204B6A5230C; Mon, 28 Dec 2015 03:45:42 +0000 (UTC) (envelope-from pkelsey@gmail.com) Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D53871EF9; Mon, 28 Dec 2015 03:45:41 +0000 (UTC) (envelope-from pkelsey@gmail.com) Received: by mail-qk0-x22e.google.com with SMTP id k189so192234934qkc.0; Sun, 27 Dec 2015 19:45:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=zxS82ymUfGhvlvOOtC7lW326GKP8kddpBsx/TDsLCUE=; b=y1Zp+ZpZpJSFRHH6J2rgJKdE35xioLABNJrha5veUoajNJHsx6imKlw/psGMabNDIm FIt00l19tBEZVvZ+IBX7ev+2EWPKuFfWujtY6IDzP/RgxmqrGKSG1Oorl0EMiHtN7a4f HUeCWn4J+MmeAMUVk1zHqSdHp7+nkSoNvl8d4TeS7PhcUrl8D2mMEr2tThIw3owjaT4s 7jDEUULJDN8Io8U/gBokmSr0VfXr+oKvCEnJKryC3F3DDhv3Rt7ijHOlxAcjvBm1aL7N IPCZKiAsdDxEja9bgMiOM9agmJuutMxDwuYAubKL7lg0l5VCzX0OM+MzSNMiyttWx/zk /k+Q== X-Received: by 10.55.73.74 with SMTP id w71mr68909099qka.60.1451274340888; Sun, 27 Dec 2015 19:45:40 -0800 (PST) Received: from [172.16.0.133] (c-174-59-104-177.hsd1.pa.comcast.net. [174.59.104.177]) by smtp.gmail.com with ESMTPSA id x76sm26462315qhb.48.2015.12.27.19.45.40 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 27 Dec 2015 19:45:40 -0800 (PST) Sender: Patrick Kelsey Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: svn commit: r292823 - in stable/10/sys: conf netinet From: Patrick Kelsey X-Mailer: iPhone Mail (13C75) In-Reply-To: <5680ABD5.7030206@freebsd.org> Date: Sun, 27 Dec 2015 22:45:39 -0500 Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <201512280243.tBS2hD7X008202@repo.freebsd.org> <5680A574.9050002@freebsd.org> <5680ABD5.7030206@freebsd.org> To: Andrey Chernov X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Dec 2015 03:45:42 -0000 > On Dec 27, 2015, at 10:26 PM, Andrey Chernov wrote: >=20 >> On 28.12.2015 6:15, Patrick Kelsey wrote: >> This is explained in the top comment in sys/netinet/tcp_fastopen.c, but >> I will repeat it here and elaborate a little. It is disabled by default >> in the kernel build as a conservative measure until it is exercised more >> widely, given the modifications it introduces to the TCP state machine >> code, syncache code, etc. When you do enable it in the kernel build >> (and after some point in the future when it is enabled by default), >> there is still a sysctl that governs its availability in the system that >> must be enabled before it can be used. >>=20 >> -Patrick >=20 > Thanx, if I understand it correctly, is not ready for real use yet but > just for experiments. See my other comment about TCP_RFC7413_MAX_KEYS >=20 It is a serious implementation that is believed to be complete, however I d= o not see much evidence that TFO is currently widely deployed and used*, and= I consider the changes I made to the rest of the TCP stack, which is widely= deployed and used, to be intrusive enough to warrant being conservative in p= utting these changes into the default kernel build at this point. I responded to your other message regarding TCP_RFC7413_MAX_KEYS. -Patrick *For example, the current Linux TFO client appears to be surprisingly weak i= n that it does not ACK data in a TFO SYN|ACK, forcing a retransmit of fast T= FO server responses, which kind of defeats the purpose.=