Does TCP_FASTOPEN actually work?

Michael Tuexen Michael.Tuexen at lurchi.franken.de
Fri Jul 6 22:18:09 UTC 2018 

> On 6. Jul 2018, at 19:50, Pieter de Goeje <pieter at degoeje.nl> wrote:
> 
> Op 2018-07-05 om 20:33 schreef Michael Tuexen:
>>> On 5. Jul 2018, at 17:23, Pieter de Goeje <pieter at degoeje.nl> wrote:
>>> 
>>> I'm trying to test this new feature, but I have trouble getting the client to actually send a cached cookie. It keeps requesting new ones and as a consequence it never sends data in the initial SYN packet. Tcpdump shows that the server correctly replies to a cookie request with a cookie.
>> Can you provide a tracefile?
> 
> See http://lux.student.utwente.nl/~pyotr/dump/tfo.pcap which was taken on the client host, by running tfo-client 3 times in quick succession.
OK. This tracefile indicates that there is a bug somewhere...
> 
>>> 
>>> Or am I misunderstanding how it should work and is the cookie cache per-process instead of system wide?
>> No, the cache is system wide. You can use
>> https://reviews.freebsd.org/D14554
>> to see the entries.
> 
> No entries appear in the cache.
> I've verified that the kernel actually does receive the cookie by adding a printf() to tcp_input.c just before tcp_fastopen_update_cache() is called. The kernel finds the cookie and attempts to update the cache, and then it is apparently black-holed.
OK, that is consistent, at least.

I think I can reproduce that problem.

I tested it with http://bsd5.fh-muenster.de/tcp_fastopen.c using
tcp_fastopen 212.201.121.85 80

The server (bsd5) runs a version of thttpd (https://github.com/nplab/thttpdwith)
fastopen being enabled.

Let me look into it...
> 
>>> 
>>> I'm using the test programs from https://people.freebsd.org/~pkelsey/tfo-tools/ for this purpose.
>> How are you using the client and server?
> 
> On the server I run tfo-srv without arguments, on the client I run "tfo-client $host 22222" multiple times in quick succession. My expectation is that after the first run the cookie is retrieved and used.
That expectation is correct.
> 
>>> 
>>> Server and client run on r335760 or later, with no changes to net.inet.tcp.fastopen except that server_enable was set to 1.
>> Is client_enable = 1?
> 
> Yes (by default).
OK. The default change some time ago, but was too lazy to look the revision number up.

Best regards
Michael
> 
> - Pieter

More information about the freebsd-net mailing list