Here are two small fixes for issues introduced in v6.12.
- Patch 1: reset the mpc_drop mark for other SYN retransmits, to only consider an MPTCP blackhole when the first SYN retransmitted without the MPTCP options is accepted, as initially intended.
- Patch 2: also mention in the doc that the blackhole_timeout sysctl knob is per-netns, like all the others.
Signed-off-by: Matthieu Baerts (NGI0) matttbe@kernel.org --- Notes: - The Cc stable tag has only been added to the first patch, I don't think it is usually added on fixes related to the doc, right? - A Fixes tag is present in both patches: I hope that's also OK for the one modifying the doc. It can be removed if preferred.
--- Matthieu Baerts (NGI0) (2): mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted doc: mptcp: sysctl: blackhole_timeout is per-netns
Documentation/networking/mptcp-sysctl.rst | 2 +- net/mptcp/ctrl.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) --- base-commit: 9e6c4e6b605c1fa3e24f74ee0b641e95f090188a change-id: 20250128-net-mptcp-blackhole-fix-363f098fe726
Best regards,
The Fixes commit mentioned this:
An MPTCP firewall blackhole can be detected if the following SYN retransmission after a fallback to "plain" TCP is accepted.
But in fact, this blackhole was detected if any following SYN retransmissions after a fallback to TCP was accepted.
That's because 'mptcp_subflow_early_fallback()' will set 'request_mptcp' to 0, and 'mpc_drop' will never be reset to 0 after.
This is an issue, because some not so unusual situations might cause the kernel to detect a false-positive blackhole, e.g. a client trying to connect to a server while the network is not ready yet, causing a few SYN retransmissions, before reaching the end server.
Fixes: 27069e7cb3d1 ("mptcp: disable active MPTCP in case of blackhole") Cc: stable@vger.kernel.org Reviewed-by: Mat Martineau martineau@kernel.org Signed-off-by: Matthieu Baerts (NGI0) matttbe@kernel.org --- net/mptcp/ctrl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index 3999e0ba2c35b50c36ce32277e0b8bfb24197946..2dd81e6c26bdb5220abed68e26d70d2dc3ab14fb 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -418,9 +418,9 @@ void mptcp_active_detect_blackhole(struct sock *ssk, bool expired) MPTCP_INC_STATS(net, MPTCP_MIB_MPCAPABLEACTIVEDROP); subflow->mpc_drop = 1; mptcp_subflow_early_fallback(mptcp_sk(subflow->conn), subflow); - } else { - subflow->mpc_drop = 0; } + } else if (ssk->sk_state == TCP_SYN_SENT) { + subflow->mpc_drop = 0; } }
Hello:
This series was applied to netdev/net.git (main) by Paolo Abeni pabeni@redhat.com:
On Wed, 29 Jan 2025 13:24:31 +0100 you wrote:
Here are two small fixes for issues introduced in v6.12.
Patch 1: reset the mpc_drop mark for other SYN retransmits, to only consider an MPTCP blackhole when the first SYN retransmitted without the MPTCP options is accepted, as initially intended.
Patch 2: also mention in the doc that the blackhole_timeout sysctl knob is per-netns, like all the others.
[...]
Here is the summary with links: - [net,1/2] mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted https://git.kernel.org/netdev/net/c/e598d8981fd3 - [net,2/2] doc: mptcp: sysctl: blackhole_timeout is per-netns https://git.kernel.org/netdev/net/c/18da4b5d1232
You are awesome, thank you!
linux-stable-mirror@lists.linaro.org
-
Matthieu Baerts (NGI0) -
patchwork-bot+netdevbpf@kernel.org