Bug 688989 - [5.6] sysctl tcp_syn_retries is not honored
Summary: [5.6] sysctl tcp_syn_retries is not honored
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.6
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Flavio Leitner
QA Contact: Boris Ranto
: 691550 (view as bug list)
Depends On:
Blocks: 769073
TreeView+ depends on / blocked
Reported: 2011-03-18 18:11 UTC by Flavio Leitner
Modified: 2018-12-06 14:38 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 769073 (view as bug list)
Last Closed: 2011-07-21 10:18:53 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1065 0 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 5.7 kernel security and bug fix update 2011-07-21 09:21:37 UTC

Description Flavio Leitner 2011-03-18 18:11:59 UTC
Created attachment 486296 [details]
backported patch based on 2.6.18-249.el5 (git latest)

Description of problem:
The sysctl tcp_syn_retries is not honored

Kernel version: 2.6.18-249.el5

$ telnet 7799
telnet: connect to address Connection timed out
telnet: Unable to connect to remote host: Connection timed out

# tcpdump -i host0 port 7799                                     
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode      
listening on host0, link-type EN10MB (Ethernet), capture size 96 bytes          
14:22:48.056276 IP r5dell.rh.59127 > S 126881366:126881366(0)>
14:22:51.056254 IP r5dell.rh.59127 > S 126881366:126881366(0)>
14:22:57.056244 IP r5dell.rh.59127 > S 126881366:126881366(0)>

$ cat /proc/sys/net/ipv4/tcp_syn_retries 

This happens because there is a calculation problem fixed by the upstream commit:

commit 4d22f7d372f5769c6c0149e427ed6353e2dcfe61
Author: Damian Lukowski <damian@tvk.rwth-aachen.de>
Date:   Tue Sep 28 13:08:32 2010 -0700

    net-2.6: SYN retransmits: Add new parameter to retransmits_timed_out()
    Fixes kernel Bugzilla Bug 18952
    This patch adds a syn_set parameter to the retransmits_timed_out()
    routine and updates its callers. If not set, TCP_RTO_MIN is taken
    as the calculation basis as before. If set, TCP_TIMEOUT_INIT is
    used instead, so that sysctl_syn_retries represents the actual
    amount of SYN retransmissions in case no SYNACKs are received when
    establishing a new connection.
    Signed-off-by: Damian Lukowski <damian@tvk.rwth-aachen.de>
    Signed-off-by: David S. Miller <davem@davemloft.net>

After applying the patch, the sysctl works properly:
# cat /proc/sys/net/ipv4/tcp_syn_retries 
# tcpdump -i host0 port 7799                                     
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode      
listening on host0, link-type EN10MB (Ethernet), capture size 96 bytes          
14:27:31.117344 IP r5dell.rh.36989 > S 414032993:414032993(0)>
14:27:34.117716 IP r5dell.rh.36989 > S 414032993:414032993(0)>
14:27:40.117707 IP r5dell.rh.36989 > S 414032993:414032993(0)>
14:27:52.117693 IP r5dell.rh.36989 > S 414032993:414032993(0)>
14:28:16.117655 IP r5dell.rh.36989 > S 414032993:414032993(0)>
14:29:04.117586 IP r5dell.rh.36989 > S 414032993:414032993(0)>

How reproducible:

Steps to Reproduce:
1. open a connection to a unreachable host 
2. check the traffic dump the amount of SYN retries attempts

Comment 11 RHEL Program Management 2011-04-01 17:19:38 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update

Comment 13 Jarod Wilson 2011-04-08 16:26:50 UTC
Patch(es) available in kernel-2.6.18-256.el5
You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5
Detailed testing feedback is always welcomed.

Comment 16 Jiri Pirko 2011-06-07 21:23:05 UTC
*** Bug 691550 has been marked as a duplicate of this bug. ***

Comment 17 errata-xmlrpc 2011-07-21 10:18:53 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.