• Florian Westphal's avatar
    tcp: do not restart timewait timer on rst reception · d9dcadeb
    Florian Westphal authored
    BugLink: https://bugs.launchpad.net/bugs/1797563
    
    [ Upstream commit 63cc357f ]
    
    RFC 1337 says:
     ''Ignore RST segments in TIME-WAIT state.
       If the 2 minute MSL is enforced, this fix avoids all three hazards.''
    
    So with net.ipv4.tcp_rfc1337=1, expected behaviour is to have TIME-WAIT sk
    expire rather than removing it instantly when a reset is received.
    
    However, Linux will also re-start the TIME-WAIT timer.
    
    This causes connect to fail when tying to re-use ports or very long
    delays (until syn retry interval exceeds MSL).
    
    packetdrill test case:
    // Demonstrate bogus rearming of TIME-WAIT timer in rfc1337 mode.
    `sysctl net.ipv4.tcp_rfc1337=1`
    
    0.000 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
    0.000 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
    0.000 bind(3, ..., ...) = 0
    0.000 listen(3, 1) = 0
    
    0.100 < S 0:0(0) win 29200 <mss 1460,nop,nop,sackOK,nop,wscale 7>
    0.100 > S. 0:0(0) ack 1 <mss 1460,nop,nop,sackOK,nop,wscale 7>
    0.200 < . 1:1(0) ack 1 win 257
    0.200 accept(3, ..., ...) = 4
    
    // Receive first segment
    0.310 < P. 1:1001(1000) ack 1 win 46
    
    // Send one ACK
    0.310 > . 1:1(0) ack 1001
    
    // read 1000 byte
    0.310 read(4, ..., 1000) = 1000
    
    // Application writes 100 bytes
    0.350 write(4, ..., 100) = 100
    0.350 > P. 1:101(100) ack 1001
    
    // ACK
    0.500 < . 1001:1001(0) ack 101 win 257
    
    // close the connection
    0.600 close(4) = 0
    0.600 > F. 101:101(0) ack 1001 win 244
    
    // Our side is in FIN_WAIT_1 & waits for ack to fin
    0.7 < . 1001:1001(0) ack 102 win 244
    
    // Our side is in FIN_WAIT_2 with no outstanding data.
    0.8 < F. 1001:1001(0) ack 102 win 244
    0.8 > . 102:102(0) ack 1002 win 244
    
    // Our side is now in TIME_WAIT state, send ack for fin.
    0.9 < F. 1002:1002(0) ack 102 win 244
    0.9 > . 102:102(0) ack 1002 win 244
    
    // Peer reopens with in-window SYN:
    1.000 < S 1000:1000(0) win 9200 <mss 1460,nop,nop,sackOK,nop,wscale 7>
    
    // Therefore, reply with ACK.
    1.000 > . 102:102(0) ack 1002 win 244
    
    // Peer sends RST for this ACK.  Normally this RST results
    // in tw socket removal, but rfc1337=1 setting prevents this.
    1.100 < R 1002:1002(0) win 244
    
    // second syn. Due to rfc1337=1 expect another pure ACK.
    31.0 < S 1000:1000(0) win 9200 <mss 1460,nop,nop,sackOK,nop,wscale 7>
    31.0 > . 102:102(0) ack 1002 win 244
    
    // .. and another RST from peer.
    31.1 < R 1002:1002(0) win 244
    31.2 `echo no timer restart;ss -m -e -a -i -n -t -o state TIME-WAIT`
    
    // third syn after one minute.  Time-Wait socket should have expired by now.
    63.0 < S 1000:1000(0) win 9200 <mss 1460,nop,nop,sackOK,nop,wscale 7>
    
    // so we expect a syn-ack & 3whs to proceed from here on.
    63.0 > S. 0:0(0) ack 1 <mss 1460,nop,nop,sackOK,nop,wscale 7>
    
    Without this patch, 'ss' shows restarts of tw timer and last packet is
    thus just another pure ack, more than one minute later.
    
    This restores the original code from commit 283fd6cf0be690a83
    ("Merge in ANK networking jumbo patch") in netdev-vger-cvs.git .
    
    For some reason the else branch was removed/lost in 1f28b683339f7
    ("Merge in TCP/UDP optimizations and [..]") and timer restart became
    unconditional.
    Reported-by: default avatarMichal Tesar <mtesar@redhat.com>
    Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
    Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
    d9dcadeb
tcp_minisocks.c 26.2 KB