From owner-svn-src-stable@freebsd.org Thu Sep 10 12:52:52 2020 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1DFD63D65A5; Thu, 10 Sep 2020 12:52:52 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BnJhM72mLz3yR2; Thu, 10 Sep 2020 12:52:51 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BADF11313A; Thu, 10 Sep 2020 12:52:51 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 08ACqpJ3056833; Thu, 10 Sep 2020 12:52:51 GMT (envelope-from tuexen@FreeBSD.org) Received: (from tuexen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 08ACqpBK056831; Thu, 10 Sep 2020 12:52:51 GMT (envelope-from tuexen@FreeBSD.org) Message-Id: <202009101252.08ACqpBK056831@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tuexen set sender to tuexen@FreeBSD.org using -f From: Michael Tuexen Date: Thu, 10 Sep 2020 12:52:51 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r365568 - in stable/12: share/man/man4 sys/netinet sys/netinet/tcp_stacks X-SVN-Group: stable-12 X-SVN-Commit-Author: tuexen X-SVN-Commit-Paths: in stable/12: share/man/man4 sys/netinet sys/netinet/tcp_stacks X-SVN-Commit-Revision: 365568 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Sep 2020 12:52:52 -0000 Author: tuexen Date: Thu Sep 10 12:52:50 2020 New Revision: 365568 URL: https://svnweb.freebsd.org/changeset/base/365568 Log: MFC r359487: Allow the TCP backhole detection to be disabled at all, enabled only for IPv4, enabled only for IPv6, and enabled for IPv4 and IPv6. The current blackhole detection might classify a temporary outage as an MTU issue and reduces permanently the MSS. Since the consequences of such a reduction due to a misclassification are much more drastically for IPv4 than for IPv6, allow the administrator to enable it for IPv6 only. Manually resolve conflict for BBR, which does not exist in stable/12 Modified: stable/12/share/man/man4/tcp.4 stable/12/sys/netinet/tcp_stacks/rack.c stable/12/sys/netinet/tcp_timer.c Directory Properties: stable/12/ (props changed) Modified: stable/12/share/man/man4/tcp.4 ============================================================================== --- stable/12/share/man/man4/tcp.4 Thu Sep 10 12:49:16 2020 (r365567) +++ stable/12/share/man/man4/tcp.4 Thu Sep 10 12:52:50 2020 (r365568) @@ -34,7 +34,7 @@ .\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd March 29, 2020 +.Dd March 31, 2020 .Dt TCP 4 .Os .Sh NAME @@ -573,21 +573,31 @@ specific connection. This is needed to help with connection establishment when a broken firewall is in the network path. .It Va pmtud_blackhole_detection -Turn on automatic path MTU blackhole detection. -In case of retransmits OS will -lower the MSS to check if it's MTU problem. -If current MSS is greater than -configured value to try +Enable automatic path MTU blackhole detection. +In case of retransmits of MSS sized segments, +the OS will lower the MSS to check if it's an MTU problem. +If the current MSS is greater than the configured value to try .Po Va net.inet.tcp.pmtud_blackhole_mss and .Va net.inet.tcp.v6pmtud_blackhole_mss .Pc , it will be set to this value, otherwise, -MSS will be set to default values +the MSS will be set to the default values .Po Va net.inet.tcp.mssdflt and .Va net.inet.tcp.v6mssdflt .Pc . +Settings: +.Bl -tag -compact +.It 0 +Disable path MTU blackhole detection. +.It 1 +Enable path MTU blackhole detection for IPv4 and IPv6. +.It 2 +Enable path MTU blackhole detection only for IPv4. +.It 3 +Enable path MTU blackhole detection only for IPv6. +.El .It Va pmtud_blackhole_mss MSS to try for IPv4 if PMTU blackhole detection is turned on. .It Va v6pmtud_blackhole_mss Modified: stable/12/sys/netinet/tcp_stacks/rack.c ============================================================================== --- stable/12/sys/netinet/tcp_stacks/rack.c Thu Sep 10 12:49:16 2020 (r365567) +++ stable/12/sys/netinet/tcp_stacks/rack.c Thu Sep 10 12:52:50 2020 (r365568) @@ -2934,6 +2934,7 @@ rack_timeout_rxt(struct tcpcb *tp, struct tcp_rack *ra int32_t rexmt; struct inpcb *inp; int32_t retval = 0; + bool isipv6; inp = tp->t_inpcb; if (tp->t_timers->tt_flags & TT_STOPPED) { @@ -3010,11 +3011,16 @@ rack_timeout_rxt(struct tcpcb *tp, struct tcp_rack *ra * of packets and process straight to FIN. In that case we won't * catch ESTABLISHED state. */ - if (V_tcp_pmtud_blackhole_detect && (((tp->t_state == TCPS_ESTABLISHED)) - || (tp->t_state == TCPS_FIN_WAIT_1))) { #ifdef INET6 - int32_t isipv6; + isipv6 = (tp->t_inpcb->inp_vflag & INP_IPV6) ? true : false; +#else + isipv6 = false; #endif + if (((V_tcp_pmtud_blackhole_detect == 1) || + (V_tcp_pmtud_blackhole_detect == 2 && !isipv6) || + (V_tcp_pmtud_blackhole_detect == 3 && isipv6)) && + ((tp->t_state == TCPS_ESTABLISHED) || + (tp->t_state == TCPS_FIN_WAIT_1))) { /* * Idea here is that at each stage of mtu probe (usually, @@ -3044,7 +3050,6 @@ rack_timeout_rxt(struct tcpcb *tp, struct tcp_rack *ra * default in an attempt to retransmit. */ #ifdef INET6 - isipv6 = (tp->t_inpcb->inp_vflag & INP_IPV6) ? 1 : 0; if (isipv6 && tp->t_maxseg > V_tcp_v6pmtud_blackhole_mss) { /* Use the sysctl tuneable blackhole MSS. */ Modified: stable/12/sys/netinet/tcp_timer.c ============================================================================== --- stable/12/sys/netinet/tcp_timer.c Thu Sep 10 12:49:16 2020 (r365567) +++ stable/12/sys/netinet/tcp_timer.c Thu Sep 10 12:52:50 2020 (r365568) @@ -589,6 +589,7 @@ tcp_timer_rexmt(void * xtp) int rexmt; struct inpcb *inp; struct epoch_tracker et; + bool isipv6; #ifdef TCPDEBUG int ostate; @@ -687,12 +688,16 @@ tcp_timer_rexmt(void * xtp) * packets and process straight to FIN. In that case we won't catch * ESTABLISHED state. */ - if (V_tcp_pmtud_blackhole_detect && (((tp->t_state == TCPS_ESTABLISHED)) - || (tp->t_state == TCPS_FIN_WAIT_1))) { #ifdef INET6 - int isipv6; + isipv6 = (tp->t_inpcb->inp_vflag & INP_IPV6) ? true : false; +#else + isipv6 = false; #endif - + if (((V_tcp_pmtud_blackhole_detect == 1) || + (V_tcp_pmtud_blackhole_detect == 2 && !isipv6) || + (V_tcp_pmtud_blackhole_detect == 3 && isipv6)) && + ((tp->t_state == TCPS_ESTABLISHED) || + (tp->t_state == TCPS_FIN_WAIT_1))) { /* * Idea here is that at each stage of mtu probe (usually, 1448 * -> 1188 -> 524) should be given 2 chances to recover before @@ -721,7 +726,6 @@ tcp_timer_rexmt(void * xtp) * in an attempt to retransmit. */ #ifdef INET6 - isipv6 = (tp->t_inpcb->inp_vflag & INP_IPV6) ? 1 : 0; if (isipv6 && tp->t_maxseg > V_tcp_v6pmtud_blackhole_mss) { /* Use the sysctl tuneable blackhole MSS. */