s.setFastOpenConnect();
}
catch (const NetworkError& e) {
- g_log << Logger::Error << "tcp-fast-connect enabled but returned error: " << e.what() << endl;
+ // Ignore error, we did a pre-check in pdns_recursor.cc:checkTFOconnect()
}
}
}
}
else {
- g_log << Logger::Error << "Cannot determine if kernel setting allow fast-open" << endl;
+ g_log << Logger::Notice << "Cannot determine if kernel settings allow fast-open" << endl;
}
#else
- g_log << Logger::Error << "Cannot determine if kernel setting allow fast-open" << endl;
+ g_log << Logger::Notice << "Cannot determine if kernel settings allow fast-open" << endl;
#endif
}
+static void checkTFOconnect()
+{
+ try {
+ Socket s(AF_INET, SOCK_STREAM);
+ s.setNonBlocking();
+ s.setFastOpenConnect();
+ }
+ catch (const NetworkError& e) {
+ g_log << Logger::Error << "tcp-fast-open-connect enabled but returned error: " << e.what() << endl;
+ }
+}
+
static void makeTCPServerSockets(deferredAdd_t& deferredAdds, std::set<int>& tcpSockets)
{
int fd;
if (SyncRes::s_tcp_fast_open_connect) {
checkFastOpenSysctl(true);
+ checkTFOconnect();
}
if(SyncRes::s_serverID.empty()) {
TCP Fast Open allows the initial SYN packet to carry data, saving one network round-trip.
For details, consult `:rfc:7413`.
-To enable TCP Fast Open, it might be need change the value of the ``net.ipv4.tcp_fastopen`` sysctl.
+To enable TCP Fast Open, it might be needed to change the value of the ``net.ipv4.tcp_fastopen`` sysctl.
Value 0 means Fast Open is disabled, 1 is only use Fast Open for active connections, 2 is only for passive connections and 3 is for both.
The operation of TCP Fast Open can be monitored by looking at these kernel metrics::
At the moment of writing, the Google operated nameservers (both recursive and authoritative) indicate Fast Open support in the TCP handshake, but do not accept the cookie they sent previously and send a new one for each connection.
We can only hope Google will fix this issue soon.
-If you operate an anycast pool of machines, make them share the TCP Fast Open Key by setting the ``net.ipv4.tcp_fastopen_key`` sysctl, otherwise you wil create a similar issue the Google servers have.
+If you operate an anycast pool of machines, make them share the TCP Fast Open Key by setting the ``net.ipv4.tcp_fastopen_key`` sysctl, otherwise you will create a similar issue the Google servers have.
To determine a good value for the :ref:`setting-tcp-fast-open` setting, watch the ``TCPFastOpenListenOverflow`` metric.
If this value increases often, the value might be too low for your traffic, but note that increasing it will use kernel resources.
- Boolean
- Default: no (disabled)
-Enable TCP Fast Open Connect support, if available, on the outgoing connections to authoritatively servers. See :ref:`tcp-fast-open-support`.
+Enable TCP Fast Open Connect support, if available, on the outgoing connections to authoritative servers. See :ref:`tcp-fast-open-support`.
.. _setting-threads:
projects / thirdparty / pdns.git / commitdiff
