On Thu, Nov 19, 2020 at 1:00 PM Eric Dumazet <eric.duma...@gmail.com> wrote:
>
>
>
> On 11/19/20 4:49 PM, Tom Herbert wrote:
> > HI,
> >
> > A potential issue came up on v6ops list in IETF that Linux stack
> > changes the flow label for a connection at every RTO, this is the
> > feature where we change the txhash on a failing connection to try to
> > find a route (the flow label is derived from the txhash). The problem
> > with changing the flow label for a connection is that it may cause
> > problems when stateful middleboxes are in the path, for instance if a
> > flow label change causes packets for a connection to take a different
> > route they might be forwarded to a different stateful firewall that
> > didn't see the 3WHS so don't have any flow state and hence drop the
> > packets.
> >
> > I was under the assumption that we had a sysctl that would enable
> > changing the txhash for a connection and the default was off so that
> > flow labels would be persistent for the life of the connection.
> > Looking at the code now, I don't see that safety net, it looks like
> > the defauly behavior allows changing the hash. Am I missing something?
Were you thinking of the net.ipv6.auto_flowlabels sysctl that can turn
off the entire feature (but not manually reserved flowlabels):
if (flowlabel ||
net->ipv6.sysctl.auto_flowlabels == IP6_AUTO_FLOW_LABEL_OFF ||
(!autolabel &&
net->ipv6.sysctl.auto_flowlabels != IP6_AUTO_FLOW_LABEL_FORCED))
return flowlabel;
hash = skb_get_hash_flowi6(skb, fl6);
