From patchwork Wed Mar 31 07:03:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maximilian Fillinger X-Patchwork-Id: 1679 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id eHPHJJG+ZGC7SgAAIUCqbw (envelope-from ) for ; Wed, 31 Mar 2021 14:25:21 -0400 Received: from proxy2.mail.ord1d.rsapps.net ([172.30.191.6]) by director13.mail.ord1d.rsapps.net with LMTP id sDeKJJG+ZGB1LgAA91zNiA (envelope-from ) for ; Wed, 31 Mar 2021 14:25:21 -0400 Received: from smtp28.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.ord1d.rsapps.net with LMTPS id aBkUJJG+ZGCqFgAAfawv4w (envelope-from ) for ; Wed, 31 Mar 2021 14:25:21 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp28.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (key not found in DNS) header.d=foxcrypto.com; dmarc=fail (p=none; dis=none) header.from=foxcrypto.com X-Suspicious-Flag: YES X-Classification-ID: 737192b0-924e-11eb-81da-525400ea129b-1-1 Received: from [216.105.38.7] ([216.105.38.7:49442] helo=lists.sourceforge.net) by smtp28.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 00/73-02292-19EB4606; Wed, 31 Mar 2021 14:25:21 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lRfW3-0001sy-Te; Wed, 31 Mar 2021 18:24:31 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lRfQm-0001fV-O7 for openvpn-devel@lists.sourceforge.net; Wed, 31 Mar 2021 18:19:04 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:MIME-Version:References:In-Reply-To: Date:Subject:To:From:Sender:Reply-To:Message-ID:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ZkuaVDl1Y+UrKPznKQmejNTuUIepET4EWMH8l3O5hV8=; b=INKFS+ta9olbn54RZcVsEUZyCW 9d6IcKmCLvgChN6zc7nMKthhehRPKT0Jd9YzAYRiXDlZn9dj9RRhaRYzrVu1nalyaxwPICw022HIx KVCmTInMWAk4DPaqHo8YNPTdRoRUSOwCGigBVzYzHDGCTqqD2pEQh6oCJsIPb2Z+3CFo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:MIME-Version:References:In-Reply-To:Date:Subject:To:From: Sender:Reply-To:Message-ID:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ZkuaVDl1Y+UrKPznKQmejNTuUIepET4EWMH8l3O5hV8=; b=ZB6Sj5iXlRxktKVyk14FG0d9wJ 5vfiGC4HN8rOBuezChfZg4+CGE++pxAOXTfCzB9yJiZnac9LFG4oBH6+o3m7CWQEdGPi1NCjHU6uS rCyGFQVKzLQPhgs65GgbR/xm6vSu7EEssyp57x12yX8HnSdlx9FGgpeERk63skPaz+ik=; Received: from nl-dft-mx-01.fox-it.com ([178.250.144.135]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1lRfQd-0005iP-Al for openvpn-devel@lists.sourceforge.net; Wed, 31 Mar 2021 18:19:04 +0000 From: Max Fillinger To: Date: Wed, 31 Mar 2021 20:03:23 +0200 X-Mailer: git-send-email 2.11.0 In-Reply-To: <20210331180323.19222-1-maximilian.fillinger@foxcrypto.com> References: <20210331180323.19222-1-maximilian.fillinger@foxcrypto.com> MIME-Version: 1.0 X-ClientProxiedBy: FOXDFT1EX01.FOX.local (10.0.0.129) To FOXDFT1EX01.FOX.local (10.0.0.129) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=foxcrypto.com; s=NL-DFT-MX-01; c=relaxed/relaxed; h=from:to:subject:date:references:mime-version:content-type; bh=ZkuaVDl1Y+UrKPznKQmejNTuUIepET4EWMH8l3O5hV8=; b=5aAuYhW6/MtaIqkGiek/rUgWNlicXRuSAsm87nJUBVQ4DrSgwONuOxcfLWu4rldMp598AozLPqab pVh8aHH9RtcJNj6MbZ0VIr2RBlxv6VK9xkOAiPtpwI48myOWZtNCAoLlJkNJR4qUTa6gMZ2NGVGJ bRq96xOzpm60WKpSxJbXK/xDRP+jmzvfviAGYfMbpBT4Z+YaY9FnGgc+CCFz7lhUYkvDYaLQKkC3 TTt0pAhu1mzgCX3JAJV48m/0vgWx2Y3c4GRZvBotoLKDVO5JonpwzuXXrjttM/otUYjRZAqACBx0 nnNaTeusI2zbv3Qt67SLbS5sWyIji/O33Ns3NA== X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: fox-it.com] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 1.0 MISSING_MID Missing Message-Id: header 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid X-Headers-End: 1lRfQd-0005iP-Al Subject: [Openvpn-devel] [PATCH 1/1] reliable: retransmit if 3 follow-up ACKs are received X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net Message-Id: X-getmail-retrieved-from-mailbox: Inbox From: Steffan Karger To improve the control channel performance under packet loss conditions, add a more aggressive retransmit policy similar to what many TCP implementations do: retransmit a packet if the ACK timeout expires (like we already do), *or* if three ACKs for follow-up packets are received. The rationale behind this is that if follow-up packets *are* received, the connection is apparently functional and we should be able to retransmit immediately. This significantly improves performance for connections with low (up to a few percent) packet loss. Acked-By: Arne Schwabe --- src/openvpn/reliable.c | 20 +++++++++++++++++--- src/openvpn/reliable.h | 7 +++++++ 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c index 6c1f2da1..15b90fbe 100644 --- a/src/openvpn/reliable.c +++ b/src/openvpn/reliable.c @@ -382,7 +382,14 @@ reliable_send_purge(struct reliable *rel, const struct reliable_ack *ack) } #endif e->active = false; - break; + } + else if (e->active && e->packet_id < pid) + { + /* We have received an ACK for a packet with a higher PID. Either + * we have received ACKs out of or order or the packet has been + * lost. We count the number of ACKs to determine if we should + * resend it early. */ + e->n_acks++; } } } @@ -555,7 +562,7 @@ reliable_can_send(const struct reliable *rel) if (e->active) { ++n_active; - if (now >= e->next_try) + if (now >= e->next_try || e->n_acks >= N_ACK_RETRANSMIT) { ++n_current; } @@ -581,7 +588,12 @@ reliable_send(struct reliable *rel, int *opcode) for (i = 0; i < rel->size; ++i) { struct reliable_entry *e = &rel->array[i]; - if (e->active && local_now >= e->next_try) + + /* If N_ACK_RETRANSMIT later packets have received ACKs, we assume + * that the packet was lost and resend it even if the timeout has + * not expired yet. */ + if (e->active + && (e->n_acks >= N_ACK_RETRANSMIT || local_now >= e->next_try)) { if (!best || reliable_pid_min(e->packet_id, best->packet_id)) { @@ -599,6 +611,7 @@ reliable_send(struct reliable *rel, int *opcode) /* constant timeout, no backoff */ best->next_try = local_now + best->timeout; #endif + best->n_acks = 0; *opcode = best->opcode; dmsg(D_REL_DEBUG, "ACK reliable_send ID " packet_id_format " (size=%d to=%d)", (packet_id_print_type)best->packet_id, best->buf.len, @@ -686,6 +699,7 @@ reliable_mark_active_incoming(struct reliable *rel, struct buffer *buf, e->opcode = opcode; e->next_try = 0; e->timeout = 0; + e->n_acks = 0; dmsg(D_REL_DEBUG, "ACK mark active incoming ID " packet_id_format, (packet_id_print_type)e->packet_id); return; } diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h index a84d4290..97e6dce7 100644 --- a/src/openvpn/reliable.h +++ b/src/openvpn/reliable.h @@ -52,6 +52,10 @@ * the reliability layer for one VPN * tunnel in one direction can store. */ +#define N_ACK_RETRANSMIT 3 /**< We retry sending a packet early if + * this many later packets have been + * ACKed. */ + /** * The acknowledgment structure in which packet IDs are stored for later * acknowledgment. @@ -72,6 +76,9 @@ struct reliable_entry interval_t timeout; time_t next_try; packet_id_type packet_id; + size_t n_acks; /* Number of acks received for packets with higher PID. + * Used for fast retransmission when there were at least + * N_ACK_RETRANSMIT. */ int opcode; struct buffer buf; };