[PATCH net-next v3 0/2] tcp: add a new TW_PAWS drop reason

From: Jiayuan Chen
Date: Tue Mar 25 2025 - 10:47:41 EST


PAWS is a long-standing issue, especially when there are upstream network
devices, making it more prone to occur.

Currently, packet loss statistics for PAWS can only be viewed through MIB,
which is a global metric and cannot be precisely obtained through tracing
to get the specific 4-tuple of the dropped packet. In the past, we had to
use kprobe ret to retrieve relevant skb information from
tcp_timewait_state_process().

---
v2 -> v3: use new SNMP counter and drop reason suggested by Eric.
https://lore.kernel.org/netdev/5cdc1bdd9caee92a6ae932638a862fd5c67630e8@xxxxxxxxx/T/#t

I didn't provide a packetdrill script.
I struggled for a long time to get packetdrill to fix the client port, but
ultimately failed to do so...

Instead, I wrote my own program to trigger PAWS, which can be found at
https://github.com/mrpre/nettrigger/tree/main
'''
//assume nginx running on 172.31.75.114:9999, current host is 172.31.75.115
iptables -t filter -I OUTPUT -p tcp --sport 12345 --tcp-flags RST RST -j DROP
./nettrigger -i eth0 -s 172.31.75.115:12345 -d 172.31.75.114:9999 -action paws
'''


Jiayuan Chen (2):
tcp: add TCP_RFC7323_TW_PAWS drop reason
tcp: add LINUX_MIB_PAWS_TW_REJECTED counter

Documentation/networking/net_cachelines/snmp.rst | 2 ++
include/net/dropreason-core.h | 7 +++++++
include/net/tcp.h | 3 ++-
include/uapi/linux/snmp.h | 1 +
net/ipv4/proc.c | 1 +
net/ipv4/tcp_ipv4.c | 3 ++-
net/ipv4/tcp_minisocks.c | 9 ++++++---
net/ipv6/tcp_ipv6.c | 3 ++-
8 files changed, 23 insertions(+), 6 deletions(-)

--
2.47.1