From patchwork Tue Jan 14 17:37:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 13939024 X-Patchwork-Delegate: mat@martineau.name Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0A7901C1F0C for ; Tue, 14 Jan 2025 17:37:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736876275; cv=none; b=L6/nTvwT7tv8wfF/6jfA3qVyo14KUQpONh6dCO0R5Alm4hQURI2vUrebZ7dpn+dW4HD4SopUs8qKhfTNtNVDJ1k8eIWhnNrKNj0yt2EGU06B6fkJvAxP4QqosQRK346pE7Ewe3QvF2Oop5CDOHJbRzv+UXdQU/Ej+VSrAYotIW8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736876275; c=relaxed/simple; bh=ETylZ3YEIc3Hm3eh/nLzjNeczaR4uQGObKYnIfCS+BE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=LiE8MIvpUX+choQ+KExVbsJcmqVnkaOZmBdHwe8PnOCzGdvwsfhBA6L1gU6/L41jBYkqlCtE3CtwrtCKgLcP2+Sw8na9TM0MV3r/p7nhZaVLJ/ip+6FSCYBtTRkJjwsAk/rNXqbwTK1k68mqYZJz46Q37ahSkcBYOm2UKrbkGV4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lfCucUYi; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lfCucUYi" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0454AC4CEDD; Tue, 14 Jan 2025 17:37:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736876274; bh=ETylZ3YEIc3Hm3eh/nLzjNeczaR4uQGObKYnIfCS+BE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lfCucUYiW5upRm3T6LboHn1EByGxITYb48IK79Rao7FM8m20lu19WdXLNdJroq8R4 HuUgpZjqrEMhtdA67I6qk5u99d0uT1q+V5N9DDNoV4knDHyTkSl8cOwLGGPXefmUUG xXRMLVltoMngFB/XyS0Jnf5bzOLwmHA+cmuSdhKJ83zFFc/HsEm4/lxbpIjC1uB0XQ o45qkEMFpfurEpaRsSaw0mpkBQfV64aweF4/7Pis+ZKrfsLnNO5Dp+ySrizliOwRTB 74rAE9N9RSKjA19u6IlEqEufByDN6Uc1gu679yhyw3e0WSQdRfLc1COuukWz7ZipHF Tnvn4CBh1pZJg== From: "Matthieu Baerts (NGI0)" Date: Tue, 14 Jan 2025 18:37:47 +0100 Subject: [PATCH mptcp-next 1/3] doc: mptcp: sysctl: blackhole_timeout is per-netns Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250114-mpc-no-blackhole-v1-1-994bd2a357fb@kernel.org> References: <20250114-mpc-no-blackhole-v1-0-994bd2a357fb@kernel.org> In-Reply-To: <20250114-mpc-no-blackhole-v1-0-994bd2a357fb@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=945; i=matttbe@kernel.org; h=from:subject:message-id; bh=ETylZ3YEIc3Hm3eh/nLzjNeczaR4uQGObKYnIfCS+BE=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnhqDwQKEQpTupu7rW80q3TXKiZ/7FH6ekYC51N lZdo26f+oWJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ4ag8AAKCRD2t4JPQmmg c4noD/9Tzt6gH0ATlzHqxmtswYZNhoKeknZm4iFwq8q/yGXFy0jxVQF5ao3IiE6mLLplfzwNAro sCTuUQRJwAU0avJ4F189cjLLqLq+v7eMHIQRCF4Wgw543gt7DoyMVmm6l4fNqWlMM4YID3jr5Kn SS97fpTT+1YuEXgp14pLpWefjeewaNbWrxJvzv0/J8abM74glUpRm3NJLemZvdghZi+UAkzONLg aaR53Mf/28UwOW0kiiEE2ji4/z3mFiwdUJDnGnyXJLk1O+59Osm9j/ZUwI9UscQXnb+tn4OyoZL GAsAHdxGhs+q9nLEzctvqKkEYNZ3f8pl8yUu+dt18E6Sil4zvrHTIMDOvNwTAs8Y/SYcvF6WzA8 +CBYztHw0pQ2QdepOy+pl+2x8neYAQFTNJ3W9kf4a3k2+mHUOY8rbxiBc3dVrdWAL6k9KpCAxGo nfqrXVdB0HgsxsnIHflgg15Uf5ozXD5LTVnHP7hdzxjTRZbuXdO092Zoy4B82haA4iAovYxtPpf hH3sN46qQGK+ZghjGaXKWjns8h4d7orzVymxg3202rPrVaBES6Skg+vf7BcBBq6GILBXOQScbWs OmyFOhUmVdiXGGlci+S8IibhsW2ubBZhW4dfRBhpzRtXPqryZan3jHzDPoLjI3z6CZi6W6beGKE O2yxRar4KQjsMEA== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 All other sysctl entries mention it, and it is a per-namespace sysctl. So mention it as well. Fixes: 27069e7cb3d1 ("mptcp: disable active MPTCP in case of blackhole") Signed-off-by: Matthieu Baerts (NGI0) --- Documentation/networking/mptcp-sysctl.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/networking/mptcp-sysctl.rst b/Documentation/networking/mptcp-sysctl.rst index 95598c21fc8e8782533bbc6a36de63bb465c297c..4ce31a2ac85be2daeb84c5447f06f69aabd18ef7 100644 --- a/Documentation/networking/mptcp-sysctl.rst +++ b/Documentation/networking/mptcp-sysctl.rst @@ -41,7 +41,7 @@ blackhole_timeout - INTEGER (seconds) MPTCP is re-enabled and will reset to the initial value when the blackhole issue goes away. - 0 to disable the blackhole detection. + 0 to disable the blackhole detection. This is a per-namespace sysctl. Default: 3600 From patchwork Tue Jan 14 17:37:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 13939025 X-Patchwork-Delegate: mat@martineau.name Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CCB401C1F0C for ; Tue, 14 Jan 2025 17:37:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736876275; cv=none; b=P8VUmEZKC0h0iFTT/YMYXDTe7ie1NcDgp/gz3pZwWyVAyLmMPMxBIdhPxXqibjCC0vuJ6j5aIdLiGpmqnss0Nd7gRCdkAtc72l3HBZ7xclNKH1LyU7/J/aF+W5Tg8h0xVVe5xiwx5F8/2FyRfEfki27Jell9v3K/ufJOKAqnCJc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736876275; c=relaxed/simple; bh=MSjCygcl9xLxQiPI2nHHiYd4fjpdhHUVkG+AnWEq9G4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=aem8GNUNMvIMJphmllkXEGSU+/75yJ2FAIaFK8U/INXeEf603OpsLGdVE+Wt0w+yABgTlYQ6Y3TvwHIMcE0/ltCgayUXpOjpheWuCGhZSE9FME6vKUJ5bf9Z1bm/vLCtytJeVMi1GRJz2r+q3AgXS2TcyQDLqDNW6SKLayTUQFs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=UpGfCn8O; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="UpGfCn8O" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 16972C4CEE3; Tue, 14 Jan 2025 17:37:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736876275; bh=MSjCygcl9xLxQiPI2nHHiYd4fjpdhHUVkG+AnWEq9G4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=UpGfCn8OOBs0RE8Z+exVSLId5yCBbUmRLw/P3znHNpgQmQ6VmncF17JGjAp4pkwWA RvtXEaub/SawSU9YAqCBcwx/cZ6GYrbN08xfNfeJWjNswLe2X7dFlgwgV7fbzOuzCt lN0jXSwGdOFEwgBNePWTct88DD342PsvTKd2MJjB/7ijmuNwb938dklVIqGr0sHImj JSgjDcw+2QMbMYQSDwGYuoom8+1F38RHwyTAg1pctsCmLuuitVR6yJdDVgjDoU9xGu w5spi+bDHCszQaO8BPkU7ih70zZFKj+4BJOOQGGfyvcNNTkUrZIVbAEdwJ3gUTpdZE +xE95tkOpEcog== From: "Matthieu Baerts (NGI0)" Date: Tue, 14 Jan 2025 18:37:48 +0100 Subject: [PATCH mptcp-next 2/3] mptcp: sysctl: add syn_retrans_before_tcp_fallback Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250114-mpc-no-blackhole-v1-2-994bd2a357fb@kernel.org> References: <20250114-mpc-no-blackhole-v1-0-994bd2a357fb@kernel.org> In-Reply-To: <20250114-mpc-no-blackhole-v1-0-994bd2a357fb@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=5069; i=matttbe@kernel.org; h=from:subject:message-id; bh=MSjCygcl9xLxQiPI2nHHiYd4fjpdhHUVkG+AnWEq9G4=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnhqDwnNkqDQvJSp8LaPeO11jm9FTsr7/4cCQrZ kqIMBOGmSSJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ4ag8AAKCRD2t4JPQmmg c42WD/wPGCrkCbcxPXubPaLZ+8Wkls2oJciFl6ZHTGUaR7dtiMyHJxmAow88Pv0U7TMOc71ECUz cMEXAqGL62ppV+7eLdfQKXyo5whxjwldaFdzzPnfuT/uYgi+Dh+R6Zc8+WEFdNS2d7PyQ/bwGdI 4k333fnkwslg6DR8ms1DBy7a/fxZGuDX476KDt3+P8XR8hnjW/6glZjMnAgGAgFhcKorJfA4Tos 8JnD0st8siBcukMEX+B4cpV5ZZAOjVCSu+eT3af1RSqC/y+BT7Uz28Y1a9hHNdzfMmm2mcMBQwc hVguyfL/p6b1C8wF+l7crfQCMGest4YjOPWAgeRhHRlIqsZr1UbgWtagw2Ztsa91e/oXE4aNVWL eJiRzwCfgerXTKhKhQ8m5iJRmbKw4tsJBUk07mXz3tbS6s65dPlKW7CHu8amyFaGBNKhPxLb6kN NZupOGBsV1CbTaABeFhO0X844EI0eJEZvm2EqVE5Ve39QiMHQWUGWKIQS2CH2Sqe23nvQ8SqYWY jEhbuKeQtNT5fXoUd1IomOGEYnseThM1xqONBLsnpUnZeU6D990psqdLhv+BEKxg8m6PL4cGx/T Mc7q8lh0XzT7Pz21+TEiD+6ekqAJ0TRMvi1FeV+EFSFkCc8vL7pOWCxjI8CMO+hFOGqXoVbvS/p Tgs7xMc2NokLeAA== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 The number of SYN + MPC retransmissions before falling back to TCP was fixed to 2. This is certainly a good default value, but having a fixed number can be problem in some environments. The current behaviour means that if all packets are dropped, there will be: - The initial SYN + MPC - 2 retransmissions with MPC - The next ones will be without MPTCP. So typically ~3 seconds before falling back to TCP. In some networks where some temporally blackholes are unfortunately frequent, or when a client tries to initiate connections while the network is not ready yet, this can cause new connections not to have MPTCP connections. In such environments, it is now possible to increase the number of SYN retransmissions with MPTCP options to make sure MPTCP is used. Interesting values are: - 0: the first retransmission will be done without MPTCP options: quite aggressive, but also a higher risk of detecting false-positive MPTCP blackholes. - >= 128: all SYN retransmissions will keep the MPTCP options: back to the < 6.12 behaviour. The default behaviour is not changed here. Signed-off-by: Matthieu Baerts (NGI0) --- Documentation/networking/mptcp-sysctl.rst | 16 ++++++++++++++++ net/mptcp/ctrl.c | 21 +++++++++++++++++---- 2 files changed, 33 insertions(+), 4 deletions(-) diff --git a/Documentation/networking/mptcp-sysctl.rst b/Documentation/networking/mptcp-sysctl.rst index 4ce31a2ac85be2daeb84c5447f06f69aabd18ef7..03e1d3610333e29423b0f40591c9e914dc2d0366 100644 --- a/Documentation/networking/mptcp-sysctl.rst +++ b/Documentation/networking/mptcp-sysctl.rst @@ -108,3 +108,19 @@ stale_loss_cnt - INTEGER This is a per-namespace sysctl. Default: 4 + +syn_retrans_before_tcp_fallback - INTEGER + The number of SYN + MP_CAPABLE retransmissions before falling back to + TCP, i.e. dropping the MPTCP options. In other words, if all the packets + are dropped on the way, there will be: + + * The initial SYN with MPTCP support + * This number of SYN retransmitted with MPTCP support + * The next SYN retransmissions will be without MPTCP support + + 0 means the first retransmission will be done without MPTCP options. + >= 128 means that all SYN retransmissions will keep the MPTCP options. A + lower number might increase false-positive MPTCP blackholes detections. + This is a per-namespace sysctl. + + Default: 2 diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index b0dd008e2114bce65ee3906bbdc19a5a4316cefa..3999e0ba2c35b50c36ce32277e0b8bfb24197946 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -32,6 +32,7 @@ struct mptcp_pernet { unsigned int close_timeout; unsigned int stale_loss_cnt; atomic_t active_disable_times; + u8 syn_retrans_before_tcp_fallback; unsigned long active_disable_stamp; u8 mptcp_enabled; u8 checksum_enabled; @@ -92,6 +93,7 @@ static void mptcp_pernet_set_defaults(struct mptcp_pernet *pernet) pernet->mptcp_enabled = 1; pernet->add_addr_timeout = TCP_RTO_MAX; pernet->blackhole_timeout = 3600; + pernet->syn_retrans_before_tcp_fallback = 2; atomic_set(&pernet->active_disable_times, 0); pernet->close_timeout = TCP_TIMEWAIT_LEN; pernet->checksum_enabled = 0; @@ -245,6 +247,12 @@ static struct ctl_table mptcp_sysctl_table[] = { .proc_handler = proc_blackhole_detect_timeout, .extra1 = SYSCTL_ZERO, }, + { + .procname = "syn_retrans_before_tcp_fallback", + .maxlen = sizeof(u8), + .mode = 0644, + .proc_handler = proc_dou8vec_minmax, + }, }; static int mptcp_pernet_new_table(struct net *net, struct mptcp_pernet *pernet) @@ -269,6 +277,7 @@ static int mptcp_pernet_new_table(struct net *net, struct mptcp_pernet *pernet) /* table[7] is for available_schedulers which is read-only info */ table[8].data = &pernet->close_timeout; table[9].data = &pernet->blackhole_timeout; + table[10].data = &pernet->syn_retrans_before_tcp_fallback; hdr = register_net_sysctl_sz(net, MPTCP_SYSCTL_PATH, table, ARRAY_SIZE(mptcp_sysctl_table)); @@ -392,17 +401,21 @@ void mptcp_active_enable(struct sock *sk) void mptcp_active_detect_blackhole(struct sock *ssk, bool expired) { struct mptcp_subflow_context *subflow; - u32 timeouts; if (!sk_is_mptcp(ssk)) return; - timeouts = inet_csk(ssk)->icsk_retransmits; subflow = mptcp_subflow_ctx(ssk); if (subflow->request_mptcp && ssk->sk_state == TCP_SYN_SENT) { - if (timeouts == 2 || (timeouts < 2 && expired)) { - MPTCP_INC_STATS(sock_net(ssk), MPTCP_MIB_MPCAPABLEACTIVEDROP); + struct net *net = sock_net(ssk); + u8 timeouts, to_max; + + timeouts = inet_csk(ssk)->icsk_retransmits; + to_max = mptcp_get_pernet(net)->syn_retrans_before_tcp_fallback; + + if (timeouts == to_max || (timeouts < to_max && expired)) { + MPTCP_INC_STATS(net, MPTCP_MIB_MPCAPABLEACTIVEDROP); subflow->mpc_drop = 1; mptcp_subflow_early_fallback(mptcp_sk(subflow->conn), subflow); } else { From patchwork Tue Jan 14 17:37:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 13939026 X-Patchwork-Delegate: mat@martineau.name Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3A5171C1F0C for ; Tue, 14 Jan 2025 17:37:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736876277; cv=none; b=QLYmEORpPN849S/JSJ6vJQqGxfxeYudkQou7xtPlAYU+JAGobshnNfAXMYHhm/T75dk9H0IQP163bf/MqeHxQaP04sT0555zzaQxICL3rxWo9Tvu8DzTbaKebCNVUWWlfGK2fvQMnFS76OpgEudFU+AMJHnqQ8DInqzhAFgBgjw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736876277; c=relaxed/simple; bh=Em9k5uZjvJ5p2xnj3pQfXEVSs5SlJfKXpNgQMl4lmAM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=m05M3/KQNZ+t0vjKRfexxy1T6yneXUfomNzrlC5IaC69TRDCV71x6+Hu7SVIVw1j/tbmKgBTEBJnu7MxGL1bT3594A1KGJyR9d2i7nNa0e3MbA48AKIMYO2BMox7+fxAZe+lPHcxJB9Zl+pfuqWYt6Wc8LgmDqEd15r/kCQy58Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=PhVh4lKB; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="PhVh4lKB" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 27853C4CEDD; Tue, 14 Jan 2025 17:37:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736876276; bh=Em9k5uZjvJ5p2xnj3pQfXEVSs5SlJfKXpNgQMl4lmAM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=PhVh4lKBgJdKCqpbgZdEk9w6yr0TRjVbq2H2P35yPa4aQ5/EqYeYTczk8AnJ81dqc j1pNZhKAt9g7ZQH/tk14htzIpv02Ehk3NidUYMIJ6BUun6RtK8GfzLP87KOEGx0yXg L6U3WWYdNd43w+WlDHKOrYj9WWWSEbPnwAl5rT9GO5HEDdKWtJ01eX6TqZWaKGSSht EZ698hqa8l0xIDSYN89gGuNzJ/pQBsxJTvyZM12E0VsAslIcxrYk6YYYEO6HVySEgA tWriQRqKIeK483ztvx3/aqGT+KEqHD39B4Mrlasg3LLQXxIBhwL9X8Kki2uZwakULC gNNqqPo2eRVxg== From: "Matthieu Baerts (NGI0)" Date: Tue, 14 Jan 2025 18:37:49 +0100 Subject: [PATCH mptcp-next 3/3] mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250114-mpc-no-blackhole-v1-3-994bd2a357fb@kernel.org> References: <20250114-mpc-no-blackhole-v1-0-994bd2a357fb@kernel.org> In-Reply-To: <20250114-mpc-no-blackhole-v1-0-994bd2a357fb@kernel.org> To: mptcp@lists.linux.dev Cc: "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1495; i=matttbe@kernel.org; h=from:subject:message-id; bh=Em9k5uZjvJ5p2xnj3pQfXEVSs5SlJfKXpNgQMl4lmAM=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnhqDwV33WjQ2+avVUA4xioRTQ+sSoJWrasv++0 a/IWYdsj2GJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ4ag8AAKCRD2t4JPQmmg cyCgEADkd138zjxOOoCnnwSNzqV1A8TuggKZ3qcm8BAx5i6pVtbV9OGtqCsUpUJElKaTCHhjiTA jO2d/PnmeKoJGUjH54LeJNFsqF84wjJ3mlb6dhIy6TqEa+u1fxRro7wtpTrV2zQNNoKiTAhuuLF Dlb8zDAQ08qhUBm/dggBfrhQot7bO+mFJpF75xNy8szavX7ZItC1Qjtpn+EV4hKU4eDvJ9NafP8 j3N0kSYdeHxDFXm8/TIT716Dt7lGIaU6E5iTd796JD9CaMpW+y6bbernPlzL2A8oInY3JhCPmQ1 RzKITIhj0biCen9+Kphv3lllmREId2dQiYcajDw3VBw0SFMB/7AVkry5/vZ24SDCmV9beL8R/2T LPELwTT5l0MwEipKBJABXNsNqlxGJMXI9c1fDqhDQ9KN8BUR8HaZdg6ZwoNP5jQCG8KXH6acSMY BPZbgdRXtrn8FI9+ZTfO/vv3ihp88uEcTK5f/G0CDilsBSIVh1/fMGnCejzXUgCO2aZxabz9Via RqS+dp/lxb2Yl9njVmWRzwX2JWHdjcfomVvKPQgw75sGABgsrG/iD7G/GvZJC22vGSfBDfjSO/J wAb9Gh7z+WIQ43TEp+ZVjFKC7gqnKhXUxOYxFggrQ42k4MdmUGN1h5YjN0tJ7+4GQGcddnlf7O6 bu4vDluIgATKloA== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 The Fixes commit mentioned this: > An MPTCP firewall blackhole can be detected if the following SYN > retransmission after a fallback to "plain" TCP is accepted. But in fact, this blackhole was detected if any following SYN retransmissions after a fallback to TCP was accepted. That's because 'mptcp_subflow_early_fallback()' will set 'request_mptcp' to 0, and 'mpc_drop' will never be reset to 0 after. This is an issue, because some not so unusual situations might cause the kernel to detect a false-positive blackhole, e.g. a client trying to connect to a server while the network is not ready yet, causing a few SYN retransmissions, before reaching the end server. Fixes: 27069e7cb3d1 ("mptcp: disable active MPTCP in case of blackhole") Signed-off-by: Matthieu Baerts (NGI0) --- net/mptcp/ctrl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index 3999e0ba2c35b50c36ce32277e0b8bfb24197946..2dd81e6c26bdb5220abed68e26d70d2dc3ab14fb 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -418,9 +418,9 @@ void mptcp_active_detect_blackhole(struct sock *ssk, bool expired) MPTCP_INC_STATS(net, MPTCP_MIB_MPCAPABLEACTIVEDROP); subflow->mpc_drop = 1; mptcp_subflow_early_fallback(mptcp_sk(subflow->conn), subflow); - } else { - subflow->mpc_drop = 0; } + } else if (ssk->sk_state == TCP_SYN_SENT) { + subflow->mpc_drop = 0; } }