Commit f9ac779f authored by Kuniyuki Iwashima's avatar Kuniyuki Iwashima Committed by Daniel Borkmann
Browse files

net: Introduce net.ipv4.tcp_migrate_req. 



This commit adds a new sysctl option: net.ipv4.tcp_migrate_req. If this
option is enabled or eBPF program is attached, we will be able to migrate
child sockets from a listener to another in the same reuseport group after
close() or shutdown() syscalls.

Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.co.jp>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Reviewed-by: default avatarBenjamin Herrenschmidt <benh@amazon.com>
Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
Acked-by: default avatarMartin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/20210612123224.12525-2-kuniyu@amazon.co.jp
parent bbf29d3a

Documentation/networking/ip-sysctl.rst

+25 −0
Original line number Diff line number Diff line
@@ -761,6 +761,31 @@ tcp_syncookies - INTEGER 
	network connections you can set this knob to 2 to enable

	unconditionally generation of syncookies.



tcp_migrate_req - BOOLEAN

	The incoming connection is tied to a specific listening socket when

	the initial SYN packet is received during the three-way handshake.

	When a listener is closed, in-flight request sockets during the

	handshake and established sockets in the accept queue are aborted.



	If the listener has SO_REUSEPORT enabled, other listeners on the

	same port should have been able to accept such connections. This

	option makes it possible to migrate such child sockets to another

	listener after close() or shutdown().



	The BPF_SK_REUSEPORT_SELECT_OR_MIGRATE type of eBPF program should

	usually be used to define the policy to pick an alive listener.

	Otherwise, the kernel will randomly pick an alive listener only if

	this option is enabled.



	Note that migration between listeners with different settings may

	crash applications. Let's say migration happens from listener A to

	B, and only B has TCP_SAVE_SYN enabled. B cannot read SYN data from

	the requests migrated from A. To avoid such a situation, cancel

	migration by returning SK_DROP in the type of eBPF program, or

	disable this option.



	Default: 0



tcp_fastopen - INTEGER

	Enable TCP Fast Open (RFC7413) to send and accept data in the opening

	SYN packet.

include/net/netns/ipv4.h

+1 −0
Original line number Diff line number Diff line
@@ -126,6 +126,7 @@ struct netns_ipv4 { 
	u8 sysctl_tcp_syn_retries;

	u8 sysctl_tcp_synack_retries;

	u8 sysctl_tcp_syncookies;

	u8 sysctl_tcp_migrate_req;

	int sysctl_tcp_reordering;

	u8 sysctl_tcp_retries1;

	u8 sysctl_tcp_retries2;

net/ipv4/sysctl_net_ipv4.c

+9 −0
Original line number Diff line number Diff line
@@ -960,6 +960,15 @@ static struct ctl_table ipv4_net_table[] = { 
		.proc_handler	= proc_dou8vec_minmax,

	},

#endif

	{

		.procname	= "tcp_migrate_req",

		.data		= &init_net.ipv4.sysctl_tcp_migrate_req,

		.maxlen		= sizeof(u8),

		.mode		= 0644,

		.proc_handler	= proc_dou8vec_minmax,

		.extra1		= SYSCTL_ZERO,

		.extra2		= SYSCTL_ONE

	},

	{

		.procname	= "tcp_reordering",

		.data		= &init_net.ipv4.sysctl_tcp_reordering,