Re: [PATCH v7 4/5] tcp: Update data retransmission timeout

On Mon, 3 Nov 2025 20:32:14 +1100 David Gibson wrote:

On Mon, Nov 03, 2025 at 10:57:27AM +0800, Yumei Huang wrote:

...

On Mon, Nov 3, 2025 at 9:38 AM David Gibson wrote:

...

On Fri, Oct 31, 2025 at 01:42:41PM +0800, Yumei Huang wrote:

...

Use an exponential backoff timeout for data retransmission according to RFC 2988 and RFC 6298. Set the initial RTO to one second as discussed in Appendix A of RFC 6298.

Also combine the macros defining the initial RTO for both SYN and ACK.

Signed-off-by: Yumei Huang Reviewed-by: David Gibson

As reported, the carried over R-b was a minor mistake, since the code has changed, but here's a new one:

Reviewed-by: David Gibson

Small comment below, though.

...

--- tcp.c | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-)

diff --git a/tcp.c b/tcp.c index bada88a..96ee56a 100644 --- a/tcp.c +++ b/tcp.c @@ -179,16 +179,13 @@ * * Timeouts are implemented by means of timerfd timers, set based on flags: * - * - SYN_TIMEOUT_INIT: if no ACK is received from tap/guest during handshake - * (flag ACK_FROM_TAP_DUE without ESTABLISHED event) within this time, resend - * SYN. It's the starting timeout for the first SYN retry. Retry for - * TCP_MAX_RETRIES or (tcp_syn_retries + tcp_syn_linear_timeouts) times, - * reset the connection - * - * - ACK_TIMEOUT: if no ACK segment was received from tap/guest, after sending - * data (flag ACK_FROM_TAP_DUE with ESTABLISHED event), re-send data from the - * socket and reset sequence to what was acknowledged. If this persists for - * more than TCP_MAX_RETRIES times in a row, reset the connection + * - RTO_INIT: if no ACK segment was received from tap/guest, either during + * handshake (flag ACK_FROM_TAP_DUE without ESTABLISHED event) or after + * sending data (flag ACK_FROM_TAP_DUE with ESTABLISHED event), re-send data + * from the socket and reset sequence to what was acknowledged. This is the + * timeout for the first retry, in seconds. Retry for TCP_MAX_RETRIES times + * for established connections, or (tcp_syn_retries + + * tcp_syn_linear_timeouts) times during the handshake, reset the connection * * - FIN_TIMEOUT: if a FIN segment was sent to tap/guest (flag ACK_FROM_TAP_DUE * with TAP_FIN_SENT event), and no ACK is received within this time, reset @@ -342,8 +339,7 @@ enum { #define WINDOW_DEFAULT 14600 /* RFC 6928 */

#define ACK_INTERVAL 10 /* ms */ -#define SYN_TIMEOUT_INIT 1 /* s, RFC 6928 */ -#define ACK_TIMEOUT 2 +#define RTO_INIT 1 /* s, RFC 6298 */ #define FIN_TIMEOUT 60 #define ACT_TIMEOUT 7200

@@ -589,12 +585,10 @@ static void tcp_timer_ctl(const struct ctx *c, struct tcp_tap_conn *conn) if (conn->flags & ACK_TO_TAP_DUE) { it.it_value.tv_nsec = (long)ACK_INTERVAL * 1000 * 1000; } else if (conn->flags & ACK_FROM_TAP_DUE) { - if (!(conn->events & ESTABLISHED)) { - int exp = conn->retries - c->tcp.syn_linear_timeouts;

I didn't spot it in the previous patch, but this is (theoretically) buggy. conn->retries is unsigned, so the subtraction will be performed unsigned and only then cast to signed. I think that will probably do the right thing in practice, but I don't think that's guaranteed by the C standard (and might even be UB).

I'm not sure, but I just googled it. IIUC, the uint8_t (conn->retries and c->tcp.syn_linear_timeouts) will go through integer promotion before subtraction. So the line is like:

int exp = (int) conn->retries - (int) c->tcp.syn_linear_timeouts;

Please correct me if I'm wrong.

Huh, I thought it would only be promoted if one of the operands was an int.

I thought and I think so too, yes.

But C promotion rules are really confusing, so I could well be wrong.

Some references linked at: https://archives.passt.top/passt-dev/20240103080834.24fa0a7a@elisabeth/ and here, it's about paragraph 6.3.1.8, "Usual arithmetic conversions" of C11 (that's what passt uses right now). No double or float here, so this is the relevant text: Otherwise, the integer promotions are performed on both operands. Then the following rules are applied to the promoted operands: If both operands have the same type, then no further conversion is needed now, are they really the same type? The standard doesn't define uint8_t. If we see it as an unsigned int, with storage limited to 8 bits, then I would call them the same type. If we see c->tcp.syn_linear_timeouts as a character type instead (6.3.1.1, "Boolean, characters, and integers"), then the integer conversion rank of unsigned int (conn->retries) is greater than the rank of char, and the same text applies (promotion of char to unsigned int). But I'm fairly sure that's not the case. We used uint8_t, not short, and not char. All in all I don't think there's any possibility of promotion to a signed int: for that, you would need one of the operands to be signed. Or two unsigned chars/shorts (see examples below). If the operation is performed unsigned, and that's what gcc appears to do here, promoting both operands to unsigned int (32-bit): --- $ cat pro_uh_oh_motion.c #include #include int main() { uint8_t a = 0; struct { unsigned b:3; } x = { 7 }; printf("%u %i\n", a - x.b, a - x.b); } $ gcc -o pro_uh_oh_motion{,.c} $ ./pro_uh_oh_motion 4294967289 -7 --- ...do we really have a problem with that? To me it looks like the behaviour is defined, and it's what we want. These pages: https://wiki.sei.cmu.edu/confluence/display/c/INT02-C.+Understand+integer+co... https://wiki.sei.cmu.edu/confluence/display/c/EXP14-C.+Beware+of+integer+pro... show some problematic examples. This one is close to our case: unsigned short x = 45000, y = 50000; unsigned int z = x * y; but there we have implicit promotion of the unsigned shorts to int, which doesn't happen in our case, because we already have an unsigned int. See also the examples with two unsigned shorts from: https://cryptoservices.github.io/fde/2018/11/30/undefined-behavior.html and there the operation would be performed as signed int. On top of that, you have the fact that the original types can't store the result of the operation. Here it's not the case. -- Stefano