tcp: horizontal scaling improvments
- do not scale syn-ack window
- fix the max number of outstanding syns in builtin client
- fix syn-sent ack validation to use modulo arithmetic
- improve retransmit timer handler
- fix output buffer allocator leakeage
- improved debugging
Change-Id: Iac3bc0eadf7d0b494a93e22d210a3153b61b3273
Signed-off-by: Florin Coras <fcoras@cisco.com>
diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c
index 1d90345..841e72a 100644
--- a/src/vnet/tcp/tcp_input.c
+++ b/src/vnet/tcp/tcp_input.c
@@ -275,6 +275,7 @@
if (PREDICT_FALSE (tcp_options_parse (th0, &tc0->rcv_opts)))
{
+ clib_warning ("options parse error");
return -1;
}
@@ -350,9 +351,12 @@
if (tcp_syn (th0))
{
/* TODO implement RFC 5961 */
- tcp_make_ack (tc0, b0);
+ if (tc0->state != TCP_STATE_SYN_RCVD)
+ tcp_make_ack (tc0, b0);
+ else
+ tcp_make_synack (tc0, b0);
*next0 = tcp_next_output (tc0->c_is_ip4);
- TCP_EVT_DBG (TCP_EVT_SYN_RCVD, tc0);
+ TCP_EVT_DBG (TCP_EVT_SYN_RCVD, tc0, 0);
return -1;
}
@@ -1842,6 +1846,74 @@
vlib_node_registration_t tcp4_syn_sent_node;
vlib_node_registration_t tcp6_syn_sent_node;
+static u8
+tcp_lookup_is_valid (tcp_connection_t * tc, tcp_header_t * hdr)
+{
+ transport_connection_t *tmp;
+ if (!tc)
+ return 1;
+
+ u8 is_valid = (tc->c_lcl_port == hdr->dst_port
+ && (tc->state == TCP_STATE_LISTEN
+ || tc->c_rmt_port == hdr->src_port));
+
+ if (!is_valid)
+ {
+ if ((tmp =
+ stream_session_half_open_lookup (&tc->c_lcl_ip, &tc->c_rmt_ip,
+ tc->c_lcl_port, tc->c_rmt_port,
+ tc->c_transport_proto)))
+ {
+ if (tmp->lcl_port == hdr->dst_port
+ && tmp->rmt_port == hdr->src_port)
+ {
+ clib_warning ("half-open is valid!");
+ }
+ }
+ }
+ return is_valid;
+}
+
+/**
+ * Lookup transport connection
+ */
+static tcp_connection_t *
+tcp_lookup_connection (vlib_buffer_t * b, u8 thread_index, u8 is_ip4)
+{
+ tcp_header_t *tcp;
+ transport_connection_t *tconn;
+ tcp_connection_t *tc;
+ if (is_ip4)
+ {
+ ip4_header_t *ip4;
+ ip4 = vlib_buffer_get_current (b);
+ tcp = ip4_next_header (ip4);
+ tconn = stream_session_lookup_transport_wt4 (&ip4->dst_address,
+ &ip4->src_address,
+ tcp->dst_port,
+ tcp->src_port,
+ SESSION_TYPE_IP4_TCP,
+ thread_index);
+ tc = tcp_get_connection_from_transport (tconn);
+ ASSERT (tcp_lookup_is_valid (tc, tcp));
+ }
+ else
+ {
+ ip6_header_t *ip6;
+ ip6 = vlib_buffer_get_current (b);
+ tcp = ip6_next_header (ip6);
+ tconn = stream_session_lookup_transport_wt6 (&ip6->dst_address,
+ &ip6->src_address,
+ tcp->dst_port,
+ tcp->src_port,
+ SESSION_TYPE_IP6_TCP,
+ thread_index);
+ tc = tcp_get_connection_from_transport (tconn);
+ ASSERT (tcp_lookup_is_valid (tc, tcp));
+ }
+ return tc;
+}
+
always_inline uword
tcp46_syn_sent_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
vlib_frame_t * from_frame, int is_ip4)
@@ -1888,6 +1960,15 @@
goto drop;
}
+ /* Half-open completed recently but the connection was't removed
+ * yet by the owning thread */
+ if (PREDICT_FALSE (tc0->flags & TCP_CONN_HALF_OPEN_DONE))
+ {
+ /* Make sure the connection actually exists */
+ ASSERT (tcp_lookup_connection (b0, my_thread_index, is_ip4));
+ goto drop;
+ }
+
ack0 = vnet_buffer (b0)->tcp.ack_number;
seq0 = vnet_buffer (b0)->tcp.seq_number;
tcp0 = tcp_buffer_hdr (b0);
@@ -1914,16 +1995,20 @@
*/
if (tcp_ack (tcp0))
{
- if (ack0 <= tc0->iss || ack0 > tc0->snd_nxt)
+ if (seq_leq (ack0, tc0->iss) || seq_gt (ack0, tc0->snd_nxt))
{
+ clib_warning ("ack not in rcv wnd");
if (!tcp_rst (tcp0))
tcp_send_reset_w_pkt (tc0, b0, is_ip4);
goto drop;
}
/* Make sure ACK is valid */
- if (tc0->snd_una > ack0)
- goto drop;
+ if (seq_gt (tc0->snd_una, ack0))
+ {
+ clib_warning ("ack invalid");
+ goto drop;
+ }
}
/*
@@ -1949,11 +2034,17 @@
/* No SYN flag. Drop. */
if (!tcp_syn (tcp0))
- goto drop;
+ {
+ clib_warning ("not synack");
+ goto drop;
+ }
/* Parse options */
if (tcp_options_parse (tcp0, &tc0->rcv_opts))
- goto drop;
+ {
+ clib_warning ("options parse fail");
+ goto drop;
+ }
/* Valid SYN or SYN-ACK. Move connection from half-open pool to
* current thread pool. */
@@ -1981,8 +2072,8 @@
if (tcp_opts_wscale (&new_tc0->rcv_opts))
new_tc0->snd_wscale = new_tc0->rcv_opts.wscale;
- new_tc0->snd_wnd = clib_net_to_host_u16 (tcp0->window)
- << new_tc0->snd_wscale;
+ /* RFC1323: SYN and SYN-ACK wnd not scaled */
+ new_tc0->snd_wnd = clib_net_to_host_u16 (tcp0->window);
new_tc0->snd_wl1 = seq0;
new_tc0->snd_wl2 = ack0;
@@ -2004,6 +2095,7 @@
* allocate session send reset */
if (stream_session_connect_notify (&new_tc0->connection, 0))
{
+ clib_warning ("connect notify fail");
tcp_send_reset_w_pkt (new_tc0, b0, is_ip4);
tcp_connection_cleanup (new_tc0);
goto drop;
@@ -2032,6 +2124,7 @@
}
tc0->rtt_ts = 0;
+ tcp_init_snd_vars (tc0);
tcp_make_synack (new_tc0, b0);
next0 = tcp_next_output (is_ip4);
@@ -2196,6 +2289,18 @@
+ tcp_is_syn (tcp0) + tcp_is_fin (tcp0)
+ vnet_buffer (b0)->tcp.data_len;
+ if (CLIB_DEBUG)
+ {
+ tcp_connection_t *tmp;
+ tmp = tcp_lookup_connection (b0, my_thread_index, is_ip4);
+ if (tmp->state != tc0->state)
+ {
+ clib_warning ("state changed");
+ ASSERT (0);
+ goto drop;
+ }
+ }
+
/*
* Special treatment for CLOSED
*/
@@ -2211,8 +2316,8 @@
*/
/* 1-4: check SEQ, RST, SYN */
- if (PREDICT_FALSE
- (tcp_segment_validate (vm, tc0, b0, tcp0, &next0)))
+ if (PREDICT_FALSE (tcp_segment_validate (vm, tc0, b0, tcp0,
+ &next0)))
{
error0 = TCP_ERROR_SEGMENT_INVALID;
goto drop;
@@ -2230,6 +2335,7 @@
*/
if (!tcp_rcv_ack_is_acceptable (tc0, b0))
{
+ clib_warning ("connection not accepted");
tcp_send_reset_w_pkt (tc0, b0, is_ip4);
goto drop;
}
@@ -2252,6 +2358,7 @@
/* Reset SYN-ACK retransmit and SYN_RCV establish timers */
tcp_retransmit_timer_reset (tc0);
tcp_timer_reset (tc0, TCP_TIMER_ESTABLISH);
+ TCP_EVT_DBG (TCP_EVT_STATE_CHANGE, tc0);
break;
case TCP_STATE_ESTABLISHED:
/* We can get packets in established state here because they
@@ -2400,6 +2507,7 @@
/* Send FIN-ACK notify app and enter CLOSE-WAIT */
tcp_connection_timers_reset (tc0);
tcp_make_fin (tc0, b0);
+ tc0->snd_nxt += 1;
next0 = tcp_next_output (tc0->c_is_ip4);
stream_session_disconnect_notify (&tc0->connection);
tc0->state = TCP_STATE_CLOSE_WAIT;
@@ -2598,6 +2706,14 @@
/* 3. check for a SYN (did that already) */
+ /* Make sure connection wasn't just created */
+ child0 = tcp_lookup_connection (b0, my_thread_index, is_ip4);
+ if (PREDICT_FALSE (child0->state != TCP_STATE_LISTEN))
+ {
+ error0 = TCP_ERROR_CREATE_EXISTS;
+ goto drop;
+ }
+
/* Create child session and send SYN-ACK */
child0 = tcp_connection_new (my_thread_index);
child0->c_lcl_port = lc0->c_lcl_port;
@@ -2621,12 +2737,15 @@
if (stream_session_accept (&child0->connection, lc0->c_s_index, sst,
0 /* notify */ ))
{
+ clib_warning ("session accept fail");
+ tcp_connection_cleanup (child0);
error0 = TCP_ERROR_CREATE_SESSION_FAIL;
goto drop;
}
if (tcp_options_parse (th0, &child0->rcv_opts))
{
+ clib_warning ("options parse fail");
goto drop;
}
@@ -2651,7 +2770,7 @@
child0->snd_wl2 = vnet_buffer (b0)->tcp.ack_number;
tcp_connection_init_vars (child0);
- TCP_EVT_DBG (TCP_EVT_SYN_RCVD, child0);
+ TCP_EVT_DBG (TCP_EVT_SYN_RCVD, child0, 1);
/* Reuse buffer to make syn-ack and send */
tcp_make_synack (child0, b0);
@@ -2768,34 +2887,6 @@
#define filter_flags (TCP_FLAG_SYN|TCP_FLAG_ACK|TCP_FLAG_RST|TCP_FLAG_FIN)
-static u8
-tcp_lookup_is_valid (tcp_connection_t * tc, tcp_header_t * hdr)
-{
- transport_connection_t *tmp;
- if (!tc)
- return 1;
-
- u8 is_valid = (tc->c_lcl_port == hdr->dst_port
- && (tc->state == TCP_STATE_LISTEN
- || tc->c_rmt_port == hdr->src_port));
-
- if (!is_valid)
- {
- if ((tmp =
- stream_session_half_open_lookup (&tc->c_lcl_ip, &tc->c_rmt_ip,
- tc->c_lcl_port, tc->c_rmt_port,
- tc->c_transport_proto)))
- {
- if (tmp->lcl_port == hdr->dst_port
- && tmp->rmt_port == hdr->src_port)
- {
- clib_warning ("half-open is valid!");
- }
- }
- }
- return is_valid;
-}
-
always_inline uword
tcp46_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
vlib_frame_t * from_frame, int is_ip4)
@@ -2822,6 +2913,7 @@
vlib_buffer_t *b0;
tcp_header_t *tcp0 = 0;
tcp_connection_t *tc0;
+ transport_connection_t *tconn;
ip4_header_t *ip40;
ip6_header_t *ip60;
u32 error0 = TCP_ERROR_NO_LISTENER, next0 = TCP_INPUT_NEXT_DROP;
@@ -2847,15 +2939,13 @@
+ tcp_header_bytes (tcp0));
n_data_bytes0 = clib_net_to_host_u16 (ip40->length)
- n_advance_bytes0;
-
- tc0 =
- (tcp_connection_t *)
- stream_session_lookup_transport_wt4 (&ip40->dst_address,
- &ip40->src_address,
- tcp0->dst_port,
- tcp0->src_port,
- SESSION_TYPE_IP4_TCP,
- my_thread_index);
+ tconn = stream_session_lookup_transport_wt4 (&ip40->dst_address,
+ &ip40->src_address,
+ tcp0->dst_port,
+ tcp0->src_port,
+ SESSION_TYPE_IP4_TCP,
+ my_thread_index);
+ tc0 = tcp_get_connection_from_transport (tconn);
ASSERT (tcp_lookup_is_valid (tc0, tcp0));
}
else
@@ -2866,15 +2956,13 @@
n_data_bytes0 = clib_net_to_host_u16 (ip60->payload_length)
- n_advance_bytes0;
n_advance_bytes0 += sizeof (ip60[0]);
-
- tc0 =
- (tcp_connection_t *)
- stream_session_lookup_transport_wt6 (&ip60->dst_address,
- &ip60->src_address,
- tcp0->dst_port,
- tcp0->src_port,
- SESSION_TYPE_IP6_TCP,
- my_thread_index);
+ tconn = stream_session_lookup_transport_wt6 (&ip60->dst_address,
+ &ip60->src_address,
+ tcp0->dst_port,
+ tcp0->src_port,
+ SESSION_TYPE_IP6_TCP,
+ my_thread_index);
+ tc0 = tcp_get_connection_from_transport (tconn);
ASSERT (tcp_lookup_is_valid (tc0, tcp0));
}