From 506552bef7f9813d1cf6722ce25d2d46aa79b92f Mon Sep 17 00:00:00 2001

From: Ladi Prosek <lprosek@redhat.com>

Date: Wed, 13 Jul 2016 11:42:16 +0200

Subject: [PATCH 1/2] Send TCP keepalives on idle established connections

RH-Author: Ladi Prosek <lprosek@redhat.com>

Message-id: <1468410136-5607-1-git-send-email-lprosek@redhat.com>

Patchwork-id: 71165

O-Subject: [RHEL7.3 ipxe PATCH] [tcp] Send TCP keepalives on idle established connections

Bugzilla: 1322056

RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>

RH-Acked-by: Laszlo Ersek <lersek@redhat.com>

From: Michael Brown <mcb30@ipxe.org>

In some circumstances, intermediate devices may lose state in a way

that temporarily prevents the successful delivery of packets from a

TCP peer.  For example, a firewall may drop a NAT forwarding table

entry.

Since iPXE spends most of its time downloading files (and hence purely

receiving data, sending only TCP ACKs), this can easily happen in a

situation in which there is no reason for iPXE's TCP stack to generate

any retransmissions.  The temporary loss of connectivity can therefore

effectively become permanent.

Work around this problem by sending TCP keepalives after a period of

inactivity on an established connection.

TCP keepalives usually send a single garbage byte in sequence number

space that has already been ACKed by the peer.  Since we do not need

to elicit a response from the peer, we instead send pure ACKs (with no

garbage data) in order to keep the transmit code path simple.

Originally-implemented-by: Ladi Prosek <lprosek@redhat.com>

Debugged-by: Ladi Prosek <lprosek@redhat.com>

Signed-off-by: Michael Brown <mcb30@ipxe.org>

(cherry picked from commit 188789eb3cb83496bd48847da59c74e3f06d413e)

Signed-off-by: Ladi Prosek <lprosek@redhat.com>

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1322056

Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=11343040

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>

---

 src/include/ipxe/tcp.h |  8 ++++++++

 src/net/tcp.c          | 38 ++++++++++++++++++++++++++++++++++++++

 2 files changed, 46 insertions(+)

diff --git a/src/include/ipxe/tcp.h b/src/include/ipxe/tcp.h

index 063ebaa..faf4154 100644

--- a/src/include/ipxe/tcp.h

+++ b/src/include/ipxe/tcp.h

@@ -381,6 +381,14 @@ struct tcp_options {

 #define TCP_MSL ( 2 * 60 * TICKS_PER_SEC )

 /**

+ * TCP keepalive period

+ *

+ * We send keepalive ACKs after this period of inactivity has elapsed

+ * on an established connection.

+ */

+#define TCP_KEEPALIVE_DELAY ( 15 * TICKS_PER_SEC )

+

+/**

  * TCP maximum header length

  *

  */

diff --git a/src/net/tcp.c b/src/net/tcp.c

index c69c83b..77a7d8e 100644

--- a/src/net/tcp.c

+++ b/src/net/tcp.c

@@ -113,6 +113,8 @@ struct tcp_connection {

 	struct process process;

 	/** Retransmission timer */

 	struct retry_timer timer;

+	/** Keepalive timer */

+	struct retry_timer keepalive;

 	/** Shutdown (TIME_WAIT) timer */

 	struct retry_timer wait;

@@ -177,6 +179,7 @@ static struct profiler tcp_xfer_profiler __profiler = { .name = "tcp.xfer" };

 static struct process_descriptor tcp_process_desc;

 static struct interface_descriptor tcp_xfer_desc;

 static void tcp_expired ( struct retry_timer *timer, int over );

+static void tcp_keepalive_expired ( struct retry_timer *timer, int over );

 static void tcp_wait_expired ( struct retry_timer *timer, int over );

 static struct tcp_connection * tcp_demux ( unsigned int local_port );

 static int tcp_rx_ack ( struct tcp_connection *tcp, uint32_t ack,

@@ -284,6 +287,7 @@ static int tcp_open ( struct interface *xfer, struct sockaddr *peer,

 	intf_init ( &tcp->xfer, &tcp_xfer_desc, &tcp->refcnt );

 	process_init_stopped ( &tcp->process, &tcp_process_desc, &tcp->refcnt );

 	timer_init ( &tcp->timer, tcp_expired, &tcp->refcnt );

+	timer_init ( &tcp->keepalive, tcp_keepalive_expired, &tcp->refcnt );

 	timer_init ( &tcp->wait, tcp_wait_expired, &tcp->refcnt );

 	tcp->prev_tcp_state = TCP_CLOSED;

 	tcp->tcp_state = TCP_STATE_SENT ( TCP_SYN );

@@ -380,6 +384,7 @@ static void tcp_close ( struct tcp_connection *tcp, int rc ) {

 		/* Remove from list and drop reference */

 		process_del ( &tcp->process );

 		stop_timer ( &tcp->timer );

+		stop_timer ( &tcp->keepalive );

 		stop_timer ( &tcp->wait );

 		list_del ( &tcp->list );

 		ref_put ( &tcp->refcnt );

@@ -394,6 +399,9 @@ static void tcp_close ( struct tcp_connection *tcp, int rc ) {

 	if ( ! ( tcp->tcp_state & TCP_STATE_ACKED ( TCP_SYN ) ) )

 		tcp_rx_ack ( tcp, ( tcp->snd_seq + 1 ), 0 );

+	/* Stop keepalive timer */

+	stop_timer ( &tcp->keepalive );

+

 	/* If we have no data remaining to send, start sending FIN */

 	if ( list_empty ( &tcp->tx_queue ) &&

 	     ! ( tcp->tcp_state & TCP_STATE_SENT ( TCP_FIN ) ) ) {

@@ -802,6 +810,32 @@ static void tcp_expired ( struct retry_timer *timer, int over ) {

 }

 /**

+ * Keepalive timer expired

+ *

+ * @v timer		Keepalive timer

+ * @v over		Failure indicator

+ */

+static void tcp_keepalive_expired ( struct retry_timer *timer,

+				    int over __unused ) {

+	struct tcp_connection *tcp =

+		container_of ( timer, struct tcp_connection, keepalive );

+

+	DBGC ( tcp, "TCP %p sending keepalive\n", tcp );

+

+	/* Reset keepalive timer */

+	start_timer_fixed ( &tcp->keepalive, TCP_KEEPALIVE_DELAY );

+

+	/* Send keepalive.  We do this only to preserve or restore

+	 * state in intermediate devices (e.g. firewall NAT tables);

+	 * we don't actually care about eliciting a response to verify

+	 * that the peer is still alive.  We therefore send just a

+	 * pure ACK, to keep our transmit path simple.

+	 */

+	tcp->flags |= TCP_ACK_PENDING;

+	tcp_xmit ( tcp );

+}

+

+/**

  * Shutdown timer expired

  *

  * @v timer		Shutdown timer

@@ -1063,6 +1097,10 @@ static int tcp_rx_ack ( struct tcp_connection *tcp, uint32_t ack,

 	/* Update window size */

 	tcp->snd_win = win;

+	/* Hold off (or start) the keepalive timer, if applicable */

+	if ( ! ( tcp->tcp_state & TCP_STATE_SENT ( TCP_FIN ) ) )

+		start_timer_fixed ( &tcp->keepalive, TCP_KEEPALIVE_DELAY );

+

 	/* Ignore ACKs that don't actually acknowledge any new data.

 	 * (In particular, do not stop the retransmission timer; this

 	 * avoids creating a sorceror's apprentice syndrome when a

-- 

1.8.3.1