Re: Re: [PATCH] tcp: Add an extra check for consecutive failed keepalive probes

[Neal Cardwell]

On Fri, Jan 10, 2025 at 10:58 AM lizhe <sensor1010@xxxxxxx> wrote:
>
> Hi, Neal
>
>
> If the TCP_USER_TIMEOUT option is not enabled, and attempts to send TCP keepalive probes continuously fail,
>
> then who limits the number of increments to icsk->icsk_probes_out?

The code that I pasted in my previous message limits the number of
increments to icsk->icsk_probes_out. :-)

The code is right here in the lines surrounding line 809 of tcp_timer
in Linux v6.12, which can also be viewed here more conveniently:

https://elixir.bootlin.com/linux/v6.12/source/net/ipv4/tcp_timer.c#L809

> Adding this code is feasible. If not added, the system would continuously send keepalive probes without any limit.
>
> If these probes continually fail, the process would persist indefinitely because there would be no measure in place to restrict the increments of icsk->icsk_probes_out++.

It's not true that the system would continuously send keepalive probes
without any limit. The packetdrill test I pasted in my previous
message verifies that Linux TCP stops sending keepalives after the
number of probes configured by net.ipv4.tcp_keepalive_probes or
TCP_KEEPCNT. If you think I'm still missing something, please provide
a tcpdump trace or packetdrill test showing the behavior you are
claiming. :-)

thanks,
neal