From patchwork Wed Jan 29 12:24:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 13953717 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DDED1DE2A6; Wed, 29 Jan 2025 12:24:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738153491; cv=none; b=bRM5mnoNEevk+PyrnX1BOoWNJcWi8qQxhU2dumXqyF0vgbm8bm5MIoziN85poGn/7F+n9qNhlbkD9TSkIyAIkfPAMfiEAMpEAj45rdPW2zD45XOfi9LoZFAfoXQ6sS4QICQsOyBzh+/NcC+Bv8oWUxsdLr8w6gzwgyoj7NfzTTM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738153491; c=relaxed/simple; bh=UXyvtuE/CKBndTT3gNNBA7RzFyEwhwYl9+yICjuKZpQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=mvdXDzERPGd3iVdVqJs6bzcb2QTiknTVZKwgoFC1ui9oJrQYAI9knuu8g7d4dsbQvN7dbQLP6EjpPJay9G2UplPmOs3dgpuSTVAvyUVzTU2ooqJP7QSH1X3D4AjWYwACUBi7iIZGPelXVkjoK+S/l5fHVAy7UXmHNiNDu3Us5Nc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lffxxIQe; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lffxxIQe" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 68893C4CEDF; Wed, 29 Jan 2025 12:24:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1738153491; bh=UXyvtuE/CKBndTT3gNNBA7RzFyEwhwYl9+yICjuKZpQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lffxxIQefayAgHoWfgYwMoMQo/H7OeF7HFFZD74hjwOlXrYY53qUA+N0aTDCLhtGG DQ0AdRUskqoAt6GyTJOviIK9xWo/51/dFJzMTfK8xmTXGFDjIiZ96TYXEGg4bIE5rP hoorgx3vbtv/K36lA6+54qFTE2swPMEpmAK4oObdhm4T2Dw2MKW1/obu1HA5q/7u8M 0Fi8/YTc7NCARdLlZx6Mfjvlz1ONcVTLDu5urA4eXHBSaWXWwJC1a3zWncZKESUjpM OFRyLOU1ZfzgVv74ZoF8PIqMay7DNIx4ze7D9uykycwjrGVF7sPx5SM7I9P+zV3qoE b0WFREc9sUDLQ== From: "Matthieu Baerts (NGI0)" Date: Wed, 29 Jan 2025 13:24:32 +0100 Subject: [PATCH net 1/2] mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250129-net-mptcp-blackhole-fix-v1-1-afe88e5a6d2c@kernel.org> References: <20250129-net-mptcp-blackhole-fix-v1-0-afe88e5a6d2c@kernel.org> In-Reply-To: <20250129-net-mptcp-blackhole-fix-v1-0-afe88e5a6d2c@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Jonathan Corbet Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, "Matthieu Baerts (NGI0)" , stable@vger.kernel.org X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1574; i=matttbe@kernel.org; h=from:subject:message-id; bh=UXyvtuE/CKBndTT3gNNBA7RzFyEwhwYl9+yICjuKZpQ=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnmh4MBPxBfqaQRw5pGyO4MBmx46jbJ4MA1sbaW 2JRJ+zv9IuJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ5oeDAAKCRD2t4JPQmmg c/cuD/9dJfOZ0STBMl7Z934pnJjO4Ljdz/RamDilVeS6fC/i1tIYIM4XIgzV6RULiZD+vz/gQmg 6Pd8OX38okF/8DR3VnxGkTb6RvRR7Xl47wIKPOU78DD1fnYPdCqksDkz1NWIxdQZYmTLI6kEEIC oQSn4gHw9nEKPtwF8WiC62BiVrbBCjOybYmhaY0ROhIUx0uWBE8NzWwOLytWX/7y13Vxf93f1A/ Kk10++mB2igb3jAocuEHJQMc9zaILgLDbTH9ntmG//bCNjm008kVWDzMeblQI3Ekp6SBfkzNcUq GM9VTscGsIwSA01HgiFHoX7fMEbdKf2oUjOpkJ4DwBzzuueuJLZb+b7XnZjBBgGonHb3+OSRoBJ AZ/acCgBEQ6zqhFrwpKbtzY2jfYHm58ieZVYwpZJ58P5hJ+HrPPH4fK/PskgtgA5vPc8yqmrM/x lia9ReraT+6WTMOf2FngwFcnGXvUqRqVeSK5+gREh3VEEs0vuVp42oILJYTGnjthmWRujIEkCQ/ rttsU+8C1popo+TY2VHnt1+Z66u1N9b8pNEEicGKH7gmdyaCMnO3IxV053E1YSYSFHE9A2T3LAt 8683igp+pj8R2+xuvmdK/FTk1CSfji5Mxevx7+BNck2kztI77OQj4JXH0JsDqke/TaYNDTI7vVr +cISZJzqVOh7xNQ== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 X-Patchwork-Delegate: kuba@kernel.org The Fixes commit mentioned this: > An MPTCP firewall blackhole can be detected if the following SYN > retransmission after a fallback to "plain" TCP is accepted. But in fact, this blackhole was detected if any following SYN retransmissions after a fallback to TCP was accepted. That's because 'mptcp_subflow_early_fallback()' will set 'request_mptcp' to 0, and 'mpc_drop' will never be reset to 0 after. This is an issue, because some not so unusual situations might cause the kernel to detect a false-positive blackhole, e.g. a client trying to connect to a server while the network is not ready yet, causing a few SYN retransmissions, before reaching the end server. Fixes: 27069e7cb3d1 ("mptcp: disable active MPTCP in case of blackhole") Cc: stable@vger.kernel.org Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts (NGI0) --- net/mptcp/ctrl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index 3999e0ba2c35b50c36ce32277e0b8bfb24197946..2dd81e6c26bdb5220abed68e26d70d2dc3ab14fb 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -418,9 +418,9 @@ void mptcp_active_detect_blackhole(struct sock *ssk, bool expired) MPTCP_INC_STATS(net, MPTCP_MIB_MPCAPABLEACTIVEDROP); subflow->mpc_drop = 1; mptcp_subflow_early_fallback(mptcp_sk(subflow->conn), subflow); - } else { - subflow->mpc_drop = 0; } + } else if (ssk->sk_state == TCP_SYN_SENT) { + subflow->mpc_drop = 0; } } From patchwork Wed Jan 29 12:24:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthieu Baerts X-Patchwork-Id: 13953718 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7B0B11DE4C7; Wed, 29 Jan 2025 12:24:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738153494; cv=none; b=K2l0xXrcdf09cjZ+c/J5Pet8ZlDAdHVUZvIQpBLnIyXOeffbDprSDKeaynxro695W7/sUe5TCVTK1/86o0JRK+5SwK8/TH+lk5c28GY9wmKdWvAWFUMWoif/5FHOPH1VM+6q4ptRVfw7ztRCgAEMZDLMImQQJePRM3qwttGb1ug= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738153494; c=relaxed/simple; bh=PNHY7pB1yKJQHDLat1IUY4AfzP0lAmqKb7O2GOovptA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Cz/bcRUjFX/hSBlI/4Cfav89rzGqHNqwTRdf1KtcENyyz189jGGCVagO73Vu6Th8u+L4nk7ZSaMG+za2gUMjhkABfvisg1vfAN7c5NU1WljkTI7GfKWV969fzLqcQFH3XJj28VcG2KaLC1rGaPgTVTyFmqXly99krpd/sMskGeQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=GDpzv0hu; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="GDpzv0hu" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 77842C4CEE1; Wed, 29 Jan 2025 12:24:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1738153493; bh=PNHY7pB1yKJQHDLat1IUY4AfzP0lAmqKb7O2GOovptA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=GDpzv0hucxjEmCnM++SlsajNodToTDyCP0DrCgdwv2Eb8vy71EAVsv9W7RCV4oOQh gfAtxn2U/bZ5EH17jhJ21MjV/rfLlaZZDtMFzEX5p8sDrMxBU3xYVGkyOk0zi0XyX0 Bdts+9kdG8zI5OLWLdMOijTJ4j27US5KkyEY3aOnX8G8UP/mCkpEfv8gv0100OiaVv 8pBBB9fNaWowYq8ABEUJouuRjei8u104nFT7edDD2HcRXLZekUnKXrUivsuui6ZFxs q+7auiWpOo764wK+tDALsgjZd1Go9tH8lWK1a/i4S5toJBGhkyEwiy0h8wNhCZ2YaE /ClSimOhqgPgg== From: "Matthieu Baerts (NGI0)" Date: Wed, 29 Jan 2025 13:24:33 +0100 Subject: [PATCH net 2/2] doc: mptcp: sysctl: blackhole_timeout is per-netns Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250129-net-mptcp-blackhole-fix-v1-2-afe88e5a6d2c@kernel.org> References: <20250129-net-mptcp-blackhole-fix-v1-0-afe88e5a6d2c@kernel.org> In-Reply-To: <20250129-net-mptcp-blackhole-fix-v1-0-afe88e5a6d2c@kernel.org> To: mptcp@lists.linux.dev, Mat Martineau , Geliang Tang , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Jonathan Corbet Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, "Matthieu Baerts (NGI0)" X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=996; i=matttbe@kernel.org; h=from:subject:message-id; bh=PNHY7pB1yKJQHDLat1IUY4AfzP0lAmqKb7O2GOovptA=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBnmh4NjdaqXeG6Olh1zwAq7kCKEUnSBTmJ0EThN Rt+ZIkUSkuJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCZ5oeDQAKCRD2t4JPQmmg czrYEACXdgOMfYqlMN7DuMm4EYnPr+T7lV4HhBoy1KHrrcuhBOU6vf6l/Olx0MBZd3QehJvGroh 651B4IdK6X7CQ91e9mEe/Cu7SmDKW/zLHbobk7cedycc3KxVybPtNMMtsiBRsb8+hFOL3l63QCX Ff/X4cThCatY3DMY2uLymA8vPu0XrxhTBnTrO60L7yj1tHxyx1WSF8Kb0E2cGARd7+Z80lF7lqS Yf+Z80AnX8su6/G71as0Xc86b55RYinF1uw/SiZSlamyNackIOvCI6VIU4Yk0WB+ss7dWoZduT8 kFG4I1ryIW098vv2SYRyhQqhg/9bDRqgvZR6CC+tpsmDXx+06cXgv85R9/R4Sh1KjjaR5x6VpG8 lGCR1y+y81QFD6Nr1vaHr9jyctuTQv61kY2M7ceGXdd+5OBjM5Nnr3a789920n7XqIStceqjxkl 2Efde/2Efvp6MiI9zJrROlTrJ9qiiVTabAu5hbR0diAud+869VozKFdqzF5qIz1+SKFkyuZTNKh E/bUEFjECm3BBGblEgO9yAqibOU+ZN06PT56Lt0B8ixG/1vpRHJ6QSzRsoaf5OjTkVtEYrxn/Dd VICm9VKAa5we+aCPB5ezbX20SHv9wYPeaHj56m0S1iReFmiimtNyYnZ8VL+KYwHKzoNAOjmq/zd YcVBD1MlNZpaEOg== X-Developer-Key: i=matttbe@kernel.org; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 X-Patchwork-Delegate: kuba@kernel.org All other sysctl entries mention it, and it is a per-namespace sysctl. So mention it as well. Fixes: 27069e7cb3d1 ("mptcp: disable active MPTCP in case of blackhole") Reviewed-by: Mat Martineau Signed-off-by: Matthieu Baerts (NGI0) --- Documentation/networking/mptcp-sysctl.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/networking/mptcp-sysctl.rst b/Documentation/networking/mptcp-sysctl.rst index dc45c02113537b98dff76a6ed431c0449b5217f8..03e1d3610333e29423b0f40591c9e914dc2d0366 100644 --- a/Documentation/networking/mptcp-sysctl.rst +++ b/Documentation/networking/mptcp-sysctl.rst @@ -41,7 +41,7 @@ blackhole_timeout - INTEGER (seconds) MPTCP is re-enabled and will reset to the initial value when the blackhole issue goes away. - 0 to disable the blackhole detection. + 0 to disable the blackhole detection. This is a per-namespace sysctl. Default: 3600