net/tcp_fastopen: Remove mss check in tcp_write_timeout()

Christoph Paasch from Apple found another firewall issue for TFO: After successful 3WHS using TFO, server and client starts to exchange data. Afterwards, a 10s idle time occurs on this connection. After that, firewall starts to drop every packet on this connection. The fix for this issue is to extend existing firewall blackhole detection logic in tcp_write_timeout() by removing the mss check. Signed-off-by: Wei Wang <weiwan@google.com> Acked-by: Yuchung Cheng <ycheng@google.com> Acked-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>

net/tcp_fastopen: Remove mss check in tcp_write_timeout()
Christoph Paasch from Apple found another firewall issue for TFO: After successful 3WHS using TFO, server and client starts to exchange data. Afterwards, a 10s idle time occurs on this connection. After that, firewall starts to drop every packet on this connection. The fix for this issue is to extend existing firewall blackhole detection logic in tcp_write_timeout() by removing the mss check. Signed-off-by: Wei Wang <weiwan@google.com> Acked-by: Yuchung Cheng <ycheng@google.com> Acked-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Wei Wang · David S. Miller
1 parent 46c2fa3987
Showing 1 changed file with 3 additions and 4 deletions Side-by-side Diff
net/ipv4/tcp_timer.c
@@ -201,11 +201,10 @@
 		if (retransmits_timed_out(sk, net->ipv4.sysctl_tcp_retries1, 0, 0)) {
 			/* Some middle-boxes may black-hole Fast Open _after_
 			 * the handshake. Therefore we conservatively disable
-			 * Fast Open on this path on recurring timeouts with
-			 * few or zero bytes acked after Fast Open.
+			 * Fast Open on this path on recurring timeouts after
+			 * successful Fast Open.
 			 */
-			if (tp->syn_data_acked &&
-			    tp->bytes_acked <= tp->rx_opt.mss_clamp) {
+			if (tp->syn_data_acked) {
 				tcp_fastopen_cache_set(sk, 0, NULL, true, 0);
 				if (icsk->icsk_retransmits == net->ipv4.sysctl_tcp_retries1)
 					NET_INC_STATS(sock_net(sk),
...	...	@@ -201,11 +201,10 @@
201	201	if (retransmits_timed_out(sk, net->ipv4.sysctl_tcp_retries1, 0, 0)) {
202	202	/* Some middle-boxes may black-hole Fast Open _after_
203	203	* the handshake. Therefore we conservatively disable
204		- * Fast Open on this path on recurring timeouts with
205		- * few or zero bytes acked after Fast Open.
	204	+ * Fast Open on this path on recurring timeouts after
	205	+ * successful Fast Open.
206	206	*/
207		- if (tp->syn_data_acked &&
208		- tp->bytes_acked <= tp->rx_opt.mss_clamp) {
	207	+ if (tp->syn_data_acked) {
209	208	tcp_fastopen_cache_set(sk, 0, NULL, true, 0);
210	209	if (icsk->icsk_retransmits == net->ipv4.sysctl_tcp_retries1)
211	210	NET_INC_STATS(sock_net(sk),