gvisor icon indicating copy to clipboard operation
gvisor copied to clipboard
verified publisher icon google

Netstack should retransmit a SYN immediately after a challenge ACK from peer.

Open hbhasker opened this issue 3 years ago • 0 comments

Description

Linux always retransmits the SYN immediately when a peer sends a challenge ACK. This makes sense since the peer by issuing a challenge ACK is letting us know of a TIME-WAIT socket on its end. Sending a RST will clear the state and retransmitting the SYN shortly thereafter will complete the connection. There is no reason to wait for a full 1s initial timeout in this case as the original SYN wasn't lost.

Not doing it just incurs additional latency as we wait for the connect retransmit timer to fire which can take upto a second.

Specifically the RST sent here should be followed by a SYN retransmit after a short time. https://github.com/google/gvisor/blob/ad8960f60401953f9d57809bc3add378487bf039/pkg/tcpip/transport/tcp/connect.go#L293

and the equivalent linux code is here

https://github.com/torvalds/linux/blob/249aca0d3d631660aa3583c6a3559b75b6e971b4/net/ipv4/tcp_input.c#L6170

Steps to reproduce

No response

runsc version

No response

docker version (if using docker)

No response

uname

No response

kubectl (if using Kubernetes)

No response

repo state (if built from source)

No response

runsc debug logs (if available)

No response

hbhasker avatar May 20 '22 19:05 hbhasker