Increase retry cooldown only when connection was active

hack3ric · Oct 8, 2024 · 713fdbe · 713fdbe
1 parent 4548fda
commit 713fdbe
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 12 deletions.
diff --git a/bpf/egress.c b/bpf/egress.c
@@ -144,6 +144,7 @@ int egress_handler(struct __sk_buff* skb) {
       conn->seq += 1;
       ack_seq = conn->ack_seq = 0;
       conn->retry_tstamp = conn->reset_tstamp = tstamp;
+      conn->initiator = true;
       bpf_spin_unlock(&conn->lock);
       log_conn(LOG_CONN_INIT, &conn_key);
       send_ctrl_packet(&conn_key, TCP_FLAG_SYN, seq, ack_seq, 0xffff);

diff --git a/bpf/ingress.c b/bpf/ingress.c
@@ -151,8 +151,8 @@ int ingress_handler(struct xdp_md* xdp) {
       __u32 cooldown;
       bpf_spin_lock(&conn->lock);
       swap(pktbuf, conn->pktbuf);
-      conn_reset(conn, tstamp, true);
-      cooldown = conn_cooldown(conn);
+      conn_reset(conn, tstamp);
+      cooldown = conn_cooldown_display(conn);
       bpf_spin_unlock(&conn->lock);
       use_pktbuf(RB_ITEM_FREE_PKTBUF, pktbuf);
       if (tcp->rst) {
@@ -192,6 +192,7 @@ int ingress_handler(struct xdp_md* xdp) {
     case CONN_IDLE:
       if (likely(tcp->syn && !tcp->ack)) {
         conn->state = CONN_SYN_RECV;
+        conn->initiator = false;
         flags |= TCP_FLAG_SYN | TCP_FLAG_ACK;
         seq = conn->seq = random;
         ack_seq = conn->ack_seq = next_ack_seq(tcp, payload_len);
@@ -283,8 +284,8 @@ int ingress_handler(struct xdp_md* xdp) {
     fsm_error:
       flags |= TCP_FLAG_RST;
       swap(pktbuf, conn->pktbuf);
-      conn_reset(conn, tstamp, true);
-      cooldown = conn_cooldown(conn);
+      conn_reset(conn, tstamp);
+      cooldown = conn_cooldown_display(conn);
       seq = conn->seq;
       break;
   }

diff --git a/bpf/main.h b/bpf/main.h
@@ -160,8 +160,8 @@ static inline bool ipv6_is_ext(__u8 nexthdr) {
 // HACK: make verifier happy
 // Probably related:
 // https://lore.kernel.org/bpf/[email protected]/T/
-#define bpf_gt0_hack1(val)              \
-  ({                                    \
+#define bpf_gt0_hack1(val)    \
+  ({                          \
     if ((val) < 2) (val) = 1; \
   })
 #define bpf_gt0_hack2(val) \

diff --git a/common/defs.h b/common/defs.h
@@ -267,9 +267,10 @@ struct connection {
       CONN_SYN_RECV,
       CONN_ESTABLISHED,
     } state : 3;
-    bool keepalive_sent : 1;
     __u8 cooldown_mul : 4;
-    __u32 : 24;
+    bool keepalive_sent : 1;
+    bool initiator : 1;
+    __u32 : 23;
   };
   struct {
     struct filter_settings settings;
@@ -287,21 +288,25 @@ static __always_inline struct connection conn_init(struct filter_settings* setti
   return conn;
 }
 
-static __always_inline void conn_reset(struct connection* conn, __u64 tstamp, bool inc_cd) {
+static __always_inline void conn_reset(struct connection* conn, __u64 tstamp) {
   conn->state = CONN_IDLE;
   conn->seq = conn->ack_seq = 0;
   // conn->pktbuf should be swapped out prior
   conn->cwnd = INIT_CWND;
   conn->peer_mss = 0;
   conn->keepalive_sent = false;
-  if (inc_cd && conn->cooldown_mul < 11) conn->cooldown_mul += 1;
+  if (conn->initiator && conn->cooldown_mul < 11) conn->cooldown_mul += 1;
   conn->retry_tstamp = conn->reset_tstamp = conn->stale_tstamp = tstamp;
 }
 
 static __always_inline __u32 conn_cooldown(struct connection* conn) {
   return conn->cooldown_mul ? DEFAULT_COOLDOWN * (1 << (conn->cooldown_mul - 1)) : 0;
 }
 
+static __always_inline __u32 conn_cooldown_display(struct connection* conn) {
+  return conn->initiator ? conn_cooldown(conn) : 0;
+}
+
 static __always_inline int time_diff_sec(__u64 a, __u64 b) {
   if (a <= b) return 0;
   if ((a - b) % SECOND < SECOND / 2)

diff --git a/src/run.c b/src/run.c
@@ -383,11 +383,11 @@ static int do_routine(int conns_fd, const char* ifname) {
       if (!remove) {
         struct packet_buf* orig_pktbuf = (typeof(orig_pktbuf))(uintptr_t)conn.pktbuf;
         conn.pktbuf = 0;
-        conn_reset(&conn, tstamp, true);
+        conn_reset(&conn, tstamp);
         bpf_map_update_elem(conns_fd, &key, &conn, BPF_EXIST | BPF_F_LOCK);
         packet_buf_free(orig_pktbuf);
       }
-      log_destroy(LOG_WARN, &key, DESTROY_TIMED_OUT, conn_cooldown(&conn));
+      log_destroy(LOG_WARN, &key, DESTROY_TIMED_OUT, conn_cooldown_display(&conn));
       send_ctrl_packet(&key, TCP_FLAG_RST, conn.seq, 0, 0, ifname);
     }
     if (remove) {