mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-12-28 16:56:26 +00:00
27069e7cb3
An MPTCP firewall blackhole can be detected if the following SYN retransmission after a fallback to "plain" TCP is accepted. In case of blackhole, a similar technique to the one in place with TFO is now used: MPTCP can be disabled for a certain period of time, 1h by default. This time period will grow exponentially when more blackhole issues get detected right after MPTCP is re-enabled and will reset to the initial value when the blackhole issue goes away. The blackhole period can be modified thanks to a new sysctl knob: blackhole_timeout. Two new MIB counters help understanding what's happening: - 'Blackhole', incremented when a blackhole is detected. - 'MPCapableSYNTXDisabled', incremented when an MPTCP connection directly falls back to TCP during the blackhole period. Because the technique is inspired by the one used by TFO, an important part of the new code is similar to what can find in tcp_fastopen.c, with some adaptations to the MPTCP case. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/57 Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org> Link: https://patch.msgid.link/20240909-net-next-mptcp-fallback-x-mpc-v1-3-da7ebb4cd2a3@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
111 lines
3.2 KiB
ReStructuredText
111 lines
3.2 KiB
ReStructuredText
.. SPDX-License-Identifier: GPL-2.0
|
|
|
|
=====================
|
|
MPTCP Sysfs variables
|
|
=====================
|
|
|
|
/proc/sys/net/mptcp/* Variables
|
|
===============================
|
|
|
|
add_addr_timeout - INTEGER (seconds)
|
|
Set the timeout after which an ADD_ADDR control message will be
|
|
resent to an MPTCP peer that has not acknowledged a previous
|
|
ADD_ADDR message.
|
|
|
|
The default value matches TCP_RTO_MAX. This is a per-namespace
|
|
sysctl.
|
|
|
|
Default: 120
|
|
|
|
allow_join_initial_addr_port - BOOLEAN
|
|
Allow peers to send join requests to the IP address and port number used
|
|
by the initial subflow if the value is 1. This controls a flag that is
|
|
sent to the peer at connection time, and whether such join requests are
|
|
accepted or denied.
|
|
|
|
Joins to addresses advertised with ADD_ADDR are not affected by this
|
|
value.
|
|
|
|
This is a per-namespace sysctl.
|
|
|
|
Default: 1
|
|
|
|
available_schedulers - STRING
|
|
Shows the available schedulers choices that are registered. More packet
|
|
schedulers may be available, but not loaded.
|
|
|
|
blackhole_timeout - INTEGER (seconds)
|
|
Initial time period in second to disable MPTCP on active MPTCP sockets
|
|
when a MPTCP firewall blackhole issue happens. This time period will
|
|
grow exponentially when more blackhole issues get detected right after
|
|
MPTCP is re-enabled and will reset to the initial value when the
|
|
blackhole issue goes away.
|
|
|
|
0 to disable the blackhole detection.
|
|
|
|
Default: 3600
|
|
|
|
checksum_enabled - BOOLEAN
|
|
Control whether DSS checksum can be enabled.
|
|
|
|
DSS checksum can be enabled if the value is nonzero. This is a
|
|
per-namespace sysctl.
|
|
|
|
Default: 0
|
|
|
|
close_timeout - INTEGER (seconds)
|
|
Set the make-after-break timeout: in absence of any close or
|
|
shutdown syscall, MPTCP sockets will maintain the status
|
|
unchanged for such time, after the last subflow removal, before
|
|
moving to TCP_CLOSE.
|
|
|
|
The default value matches TCP_TIMEWAIT_LEN. This is a per-namespace
|
|
sysctl.
|
|
|
|
Default: 60
|
|
|
|
enabled - BOOLEAN
|
|
Control whether MPTCP sockets can be created.
|
|
|
|
MPTCP sockets can be created if the value is 1. This is a
|
|
per-namespace sysctl.
|
|
|
|
Default: 1 (enabled)
|
|
|
|
pm_type - INTEGER
|
|
Set the default path manager type to use for each new MPTCP
|
|
socket. In-kernel path management will control subflow
|
|
connections and address advertisements according to
|
|
per-namespace values configured over the MPTCP netlink
|
|
API. Userspace path management puts per-MPTCP-connection subflow
|
|
connection decisions and address advertisements under control of
|
|
a privileged userspace program, at the cost of more netlink
|
|
traffic to propagate all of the related events and commands.
|
|
|
|
This is a per-namespace sysctl.
|
|
|
|
* 0 - In-kernel path manager
|
|
* 1 - Userspace path manager
|
|
|
|
Default: 0
|
|
|
|
scheduler - STRING
|
|
Select the scheduler of your choice.
|
|
|
|
Support for selection of different schedulers. This is a per-namespace
|
|
sysctl.
|
|
|
|
Default: "default"
|
|
|
|
stale_loss_cnt - INTEGER
|
|
The number of MPTCP-level retransmission intervals with no traffic and
|
|
pending outstanding data on a given subflow required to declare it stale.
|
|
The packet scheduler ignores stale subflows.
|
|
A low stale_loss_cnt value allows for fast active-backup switch-over,
|
|
an high value maximize links utilization on edge scenarios e.g. lossy
|
|
link with high BER or peer pausing the data processing.
|
|
|
|
This is a per-namespace sysctl.
|
|
|
|
Default: 4
|