1 files changed, 16 insertions, 20 deletions
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index e1880959614a..7c1bde3cd6cb 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -119,8 +119,10 @@ static int tcp_orphan_retries(struct sock *sk, int alive)
 /* A write timeout has occurred. Process the after effects. */
 static int tcp_write_timeout(struct sock *sk)
 {
-        const struct inet_connection_sock *icsk = inet_csk(sk);
+        struct inet_connection_sock *icsk = inet_csk(sk);
+        struct tcp_sock *tp = tcp_sk(sk);
        int retry_until;
+        int mss;
        if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) {
                if (icsk->icsk_retransmits)
@@ -128,25 +130,19 @@ static int tcp_write_timeout(struct sock *sk)
                retry_until = icsk->icsk_syn_retries ? : sysctl_tcp_syn_retries;
        } else {
                if (icsk->icsk_retransmits >= sysctl_tcp_retries1) {
-                        /* NOTE. draft-ietf-tcpimpl-pmtud-01.txt requires pmtu black
+                        /* Black hole detection */
-                           hole detection. :-(
+                        if (sysctl_tcp_mtu_probing) {
+                                if (!icsk->icsk_mtup.enabled) {
-                           It is place to make it. It is not made. I do not want
+                                        icsk->icsk_mtup.enabled = 1;
-                           to make it. It is disgusting. It does not work in any
+                                        tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
-                           case. Let me to cite the same draft, which requires for
+                                } else {
-                           us to implement this:
+                                        mss = min(sysctl_tcp_base_mss,
+                                                  tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low)/2);
-   "The one security concern raised by this memo is that ICMP black holes
+                                        mss = max(mss, 68 - tp->tcp_header_len);
-   are often caused by over-zealous security administrators who block
+                                        icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss);
-   all ICMP messages.  It is vitally important that those who design and
+                                        tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
-   deploy security systems understand the impact of strict filtering on
+                                }
-   upper-layer protocols.  The safest web site in the world is worthless
+                        }
-   if most TCP implementations cannot transfer data from it.  It would
-   be far nicer to have all of the black holes fixed rather than fixing
-   all of the TCP implementations."
-                           Golden words :-).
-                   */
                        dst_negative_advice(&sk->sk_dst_cache);
                }

diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c index e1880959614a..7c1bde3cd6cb 100644 --- a/net/ipv4/tcp_timer.c +++ b/net/ipv4/tcp_timer.c
@@ -119,8 +119,10 @@ static int tcp_orphan_retries(struct sock *sk, int alive)
119	/* A write timeout has occurred. Process the after effects. */	119	/* A write timeout has occurred. Process the after effects. */
120	static int tcp_write_timeout(struct sock *sk)	120	static int tcp_write_timeout(struct sock *sk)
121	{	121	{
122	const struct inet_connection_sock *icsk = inet_csk(sk);	122	struct inet_connection_sock *icsk = inet_csk(sk);
		123	struct tcp_sock *tp = tcp_sk(sk);
123	int retry_until;	124	int retry_until;
		125	int mss;
124		126
125	if ((1 << sk->sk_state) & (TCPF_SYN_SENT \| TCPF_SYN_RECV)) {	127	if ((1 << sk->sk_state) & (TCPF_SYN_SENT \| TCPF_SYN_RECV)) {
126	if (icsk->icsk_retransmits)	128	if (icsk->icsk_retransmits)
@@ -128,25 +130,19 @@ static int tcp_write_timeout(struct sock *sk)
128	retry_until = icsk->icsk_syn_retries ? : sysctl_tcp_syn_retries;	130	retry_until = icsk->icsk_syn_retries ? : sysctl_tcp_syn_retries;
129	} else {	131	} else {
130	if (icsk->icsk_retransmits >= sysctl_tcp_retries1) {	132	if (icsk->icsk_retransmits >= sysctl_tcp_retries1) {
131	/* NOTE. draft-ietf-tcpimpl-pmtud-01.txt requires pmtu black	133	/* Black hole detection */
132	hole detection. :-(	134	if (sysctl_tcp_mtu_probing) {
133		135	if (!icsk->icsk_mtup.enabled) {
134	It is place to make it. It is not made. I do not want	136	icsk->icsk_mtup.enabled = 1;
135	to make it. It is disgusting. It does not work in any	137	tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
136	case. Let me to cite the same draft, which requires for	138	} else {
137	us to implement this:	139	mss = min(sysctl_tcp_base_mss,
138		140	tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low)/2);
139	"The one security concern raised by this memo is that ICMP black holes	141	mss = max(mss, 68 - tp->tcp_header_len);
140	are often caused by over-zealous security administrators who block	142	icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss);
141	all ICMP messages. It is vitally important that those who design and	143	tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
142	deploy security systems understand the impact of strict filtering on	144	}
143	upper-layer protocols. The safest web site in the world is worthless	145	}
144	if most TCP implementations cannot transfer data from it. It would
145	be far nicer to have all of the black holes fixed rather than fixing
146	all of the TCP implementations."
147
148	Golden words :-).
149	*/
150		146
151	dst_negative_advice(&sk->sk_dst_cache);	147	dst_negative_advice(&sk->sk_dst_cache);
152	}	148	}