Created attachment 486296 [details] backported patch based on 2.6.18-249.el5 (git latest) Description of problem: The sysctl tcp_syn_retries is not honored Kernel version: 2.6.18-249.el5 $ telnet 192.168.1.1 7799 Trying 192.168.1.1... telnet: connect to address 192.168.1.1: Connection timed out telnet: Unable to connect to remote host: Connection timed out # tcpdump -i host0 port 7799 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on host0, link-type EN10MB (Ethernet), capture size 96 bytes 14:22:48.056276 IP r5dell.rh.59127 > 192.168.1.1.7799: S 126881366:126881366(0)> 14:22:51.056254 IP r5dell.rh.59127 > 192.168.1.1.7799: S 126881366:126881366(0)> 14:22:57.056244 IP r5dell.rh.59127 > 192.168.1.1.7799: S 126881366:126881366(0)> $ cat /proc/sys/net/ipv4/tcp_syn_retries 5 This happens because there is a calculation problem fixed by the upstream commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=4d22f7d372f5769c6c0149e427ed6353e2dcfe61 commit 4d22f7d372f5769c6c0149e427ed6353e2dcfe61 Author: Damian Lukowski <damian.de> Date: Tue Sep 28 13:08:32 2010 -0700 net-2.6: SYN retransmits: Add new parameter to retransmits_timed_out() Fixes kernel Bugzilla Bug 18952 This patch adds a syn_set parameter to the retransmits_timed_out() routine and updates its callers. If not set, TCP_RTO_MIN is taken as the calculation basis as before. If set, TCP_TIMEOUT_INIT is used instead, so that sysctl_syn_retries represents the actual amount of SYN retransmissions in case no SYNACKs are received when establishing a new connection. Signed-off-by: Damian Lukowski <damian.de> Signed-off-by: David S. Miller <davem> After applying the patch, the sysctl works properly: # cat /proc/sys/net/ipv4/tcp_syn_retries 5 # tcpdump -i host0 port 7799 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on host0, link-type EN10MB (Ethernet), capture size 96 bytes 14:27:31.117344 IP r5dell.rh.36989 > 192.168.1.1.7799: S 414032993:414032993(0)> 14:27:34.117716 IP r5dell.rh.36989 > 192.168.1.1.7799: S 414032993:414032993(0)> 14:27:40.117707 IP r5dell.rh.36989 > 192.168.1.1.7799: S 414032993:414032993(0)> 14:27:52.117693 IP r5dell.rh.36989 > 192.168.1.1.7799: S 414032993:414032993(0)> 14:28:16.117655 IP r5dell.rh.36989 > 192.168.1.1.7799: S 414032993:414032993(0)> 14:29:04.117586 IP r5dell.rh.36989 > 192.168.1.1.7799: S 414032993:414032993(0)> How reproducible: Always Steps to Reproduce: 1. open a connection to a unreachable host 2. check the traffic dump the amount of SYN retries attempts
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Patch(es) available in kernel-2.6.18-256.el5 You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5 Detailed testing feedback is always welcomed.
*** Bug 691550 has been marked as a duplicate of this bug. ***
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-1065.html