Re: linux 5.17.1 disregarding ACK values resulting in stalled TCP connections

From: Neal Cardwell
Date: Fri Apr 01 2022 - 12:22:45 EST

On Fri, Apr 1, 2022 at 11:39 AM Neal Cardwell <ncardwell@xxxxxxxxxx> wrote:
> Jaco, to provide some evidence for this hypothesis, can you please
> re-enable fastopen but also enable the TFO blackhole detection that
> was disabled in v5.14 (213ad73d0607), with something like:
> sysctl -w net.ipv4.tcp_fastopen=1
> sysctl -w tcp_fastopen_blackhole_timeout=3600

I would also suggest using Florian's suggestion to log invalid
packets, so perhaps we can get a clue as to why netfilter thinks these
packets are invalid:

sysctl net.netfilter.nf_conntrack_log_invalid=6

> And then after a few hours, check to see if this blackholing behavior
> has been detected:
> nstat -az | grep -i blackhole
> And see if TFO FastOpenActive attempts have been cut to a super-low rate:
> nstat -az | grep -i fastopenactive

Then I would correspondingly echo Florian's suggestion to check
dmesg/syslog/nflog to learn more about the drops.