knotd: remove TCP Fast Open support

This technology didn’t prove to be helpful.

doc/introduction.rst

@@ -73,7 +73,6 @@ Remarkable module extensions:
 
 Remarkable supported networking features:
 
-* TCP Fast Open (client and server)
 * Opportunistic, strict, and mutual authentication profiles over TLS 1.3 or QUIC
 * High-performance UDP, TCP, and QUIC through AF_XDP processing (on Linux 4.18+)
 * SO_REUSEPORT (on Linux) or SO_REUSEPORT_LB (on FreeBSD 12.0+) on UDP and by choice on TCP

doc/reference.rst

@@ -197,7 +197,6 @@ General options related to the server.
      tcp-remote-io-timeout: INT
      tcp-max-clients: INT
      tcp-reuseport: BOOL
-     tcp-fastopen: BOOL
      quic-max-clients: INT
      quic-outbuf-max-size: SIZE
      quic-idle-close-timeout: TIME
@@ -404,28 +403,6 @@ Change of this parameter requires restart of the Knot server to take effect.
 
 *Default:* ``off``
 
-.. _server_tcp-fastopen:
-
-tcp-fastopen
-------------
-
-If enabled, use TCP Fast Open for outbound TCP communication (client side):
-incoming zone transfers, sending NOTIFY, and DDNS forwarding. This mode simplifies
-TCP handshake and can result in better networking performance. TCP Fast Open
-for inbound TCP communication (server side) isn't affected by this
-configuration as it's enabled automatically if supported by OS.
-
-.. NOTE::
-   The TCP Fast Open support must also be enabled on the OS level:
-
-   * Linux/macOS: ensure kernel parameter ``net.ipv4.tcp_fastopen`` is ``2`` or
-     ``3`` for server side, and ``1`` or ``3`` for client side.
-   * FreeBSD: ensure kernel parameter ``net.inet.tcp.fastopen.server_enable``
-     is ``1`` for server side, and ``net.inet.tcp.fastopen.client_enable`` is
-     ``1`` for client side.
-
-*Default:* ``off``
-
 .. _server_quic-max-clients:
 
 quic-max-clients

src/contrib/net.c

@@ -7,7 +7,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <sys/types.h>   // OpenBSD
-#include <netinet/tcp.h> // TCP_FASTOPEN
+#include <netinet/tcp.h>
 #include <netinet/in.h>
 #include <poll.h>
 #include <stdbool.h>
@@ -232,30 +232,8 @@ int net_bound_socket(int type, const struct sockaddr_storage *addr,
 	return sock;
 }
 
-static int tfo_connect(int sock, const struct sockaddr_storage *addr)
-{
-#if defined(__linux__)
-	/* connect() will be called implicitly with sendmsg(). */
-	return KNOT_EOK;
-#elif defined(__FreeBSD__)
-	return sockopt_enable(sock, IPPROTO_TCP, TCP_FASTOPEN);
-#elif defined(__APPLE__)
-	/* Connection is performed lazily when first data is sent. */
-	sa_endpoints_t ep = {
-		.sae_dstaddr = (const struct sockaddr *)addr,
-		.sae_dstaddrlen = sockaddr_len(addr)
-	};
-	int flags =  CONNECT_DATA_IDEMPOTENT | CONNECT_RESUME_ON_READ_WRITE;
-
-	int ret = connectx(sock, &ep, SAE_ASSOCID_ANY, flags, NULL, 0, NULL, NULL);
-	return (ret == 0 ? KNOT_EOK : knot_map_errno());
-#else
-	return KNOT_ENOTSUP;
-#endif
-}
-
 int net_connected_socket(int type, const struct sockaddr_storage *dst_addr,
-                         const struct sockaddr_storage *src_addr, bool tfo)
+                         const struct sockaddr_storage *src_addr)
 {
 	if (dst_addr == NULL) {
 		return KNOT_EINVAL;
@@ -278,42 +256,17 @@ int net_connected_socket(int type, const struct sockaddr_storage *dst_addr,
 	}
 
 	/* Connect to destination. */
-	if (tfo && net_is_stream(sock)) {
-		int ret = tfo_connect(sock, dst_addr);
-		if (ret != KNOT_EOK) {
-			close(sock);
-			return ret;
-		}
-	} else {
-		int ret = connect(sock, (const struct sockaddr *)dst_addr,
-		                  sockaddr_len(dst_addr));
-		if (ret != 0 && errno != EINPROGRESS) {
-			ret = knot_map_errno();
-			close(sock);
-			return ret;
-		}
+	int ret = connect(sock, (const struct sockaddr *)dst_addr,
+	                  sockaddr_len(dst_addr));
+	if (ret != 0 && errno != EINPROGRESS) {
+		ret = knot_map_errno();
+		close(sock);
+		return ret;
 	}
 
 	return sock;
 }
 
-int net_bound_tfo(int sock, int backlog)
-{
-#if defined(TCP_FASTOPEN)
-#if defined(__APPLE__)
-	if (backlog > 0) {
-		backlog = 1; // just on-off switch on macOS
-	}
-#endif
-	if (setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &backlog, sizeof(backlog)) != 0) {
-		return knot_map_errno();
-	}
-
-	return KNOT_EOK;
-#endif
-	return KNOT_ENOTSUP;
-}
-
 int net_cmsg_ecn_enable(int sock, int family)
 {
 	switch (family) {
@@ -635,23 +588,6 @@ static ssize_t recv_data(int sock, struct msghdr *msg, bool oneshot, int *timeou
 	return io_exec(&RECV_IO, sock, msg, oneshot, timeout_ptr);
 }
 
-static ssize_t send_process_tfo(int fd, struct msghdr *msg, int timeout_ms)
-{
-#if defined(__linux__)
-	int ret = sendmsg(fd, msg, MSG_FASTOPEN);
-	if (ret != 0 && errno == EINPROGRESS) {
-		if (poll_one(fd, POLLOUT, timeout_ms) != 1) {
-			errno = ETIMEDOUT;
-			return -1;
-		}
-		ret = sendmsg(fd, msg, MSG_NOSIGNAL);
-	}
-	return ret;
-#else
-	return sendmsg(fd, msg, MSG_NOSIGNAL);
-#endif
-}
-
 static ssize_t send_process(int fd, struct msghdr *msg, int timeout_ms)
 {
 	return sendmsg(fd, msg, MSG_NOSIGNAL);
@@ -662,18 +598,14 @@ static int send_wait(int fd, int timeout_ms)
 	return poll_one(fd, POLLOUT, timeout_ms);
 }
 
-static ssize_t send_data(int sock, struct msghdr *msg, int *timeout_ptr, bool tfo)
+static ssize_t send_data(int sock, struct msghdr *msg, int *timeout_ptr)
 {
 	static const struct io SEND_IO = {
 		.process = send_process,
 		.wait = send_wait
 	};
-	static const struct io SEND_IO_TFO = {
-		.process = send_process_tfo,
-		.wait = send_wait
-	};
 
-	return io_exec(tfo ? &SEND_IO_TFO : &SEND_IO, sock, msg, false, timeout_ptr);
+	return io_exec(&SEND_IO, sock, msg, false, timeout_ptr);
 }
 
 /* -- generic stream and datagram I/O -------------------------------------- */
@@ -696,7 +628,7 @@ ssize_t net_base_send(int sock, const uint8_t *buffer, size_t size,
 		.msg_iovlen = 1
 	};
 
-	int ret = send_data(sock, &msg, &timeout_ms, false);
+	int ret = send_data(sock, &msg, &timeout_ms);
 	if (ret < 0) {
 		return ret;
 	} else if (ret != size) {
@@ -732,7 +664,7 @@ ssize_t net_msg_send(int sock, struct msghdr *msg, int timeout_ms)
 	if (msg->msg_iovlen != 1) {
 		return KNOT_EINVAL;
 	}
-	int ret = send_data(sock, msg, &timeout_ms, false);
+	int ret = send_data(sock, msg, &timeout_ms);
 	if (ret < 0) {
 		return ret;
 	} else if (ret != msg->msg_iov->iov_len) {
@@ -770,8 +702,7 @@ ssize_t net_stream_recv(int sock, uint8_t *buffer, size_t size, int timeout_ms)
 
 /* -- DNS specific I/O ----------------------------------------------------- */
 
-ssize_t net_dns_tcp_send(int sock, const uint8_t *buffer, size_t size, int timeout_ms,
-                         struct sockaddr_storage *tfo_addr)
+ssize_t net_dns_tcp_send(int sock, const uint8_t *buffer, size_t size, int timeout_ms)
 {
 	if (sock < 0 || buffer == NULL || size > UINT16_MAX) {
 		return KNOT_EINVAL;
@@ -789,13 +720,11 @@ ssize_t net_dns_tcp_send(int sock, const uint8_t *buffer, size_t size, int timeo
 	}
 	};
 	struct msghdr msg = {
-		.msg_name = (void *)tfo_addr,
-		.msg_namelen = tfo_addr ? sizeof(*tfo_addr) : 0,
 		.msg_iov = iov,
 		.msg_iovlen = 2
 	};
 
-	ssize_t ret = send_data(sock, &msg, &timeout_ms, tfo_addr != NULL);
+	ssize_t ret = send_data(sock, &msg, &timeout_ms);
 	if (ret < 0) {
 		return ret;
 	}

src/contrib/net.h

@@ -56,21 +56,11 @@ int net_bound_socket(int type, const struct sockaddr_storage *addr,
  * \param type      Socket transport type (SOCK_STREAM, SOCK_DGRAM).
  * \param dst_addr  Destination address.
  * \param src_addr  Source address (can be NULL).
- * \param tfo       Enable TCP Fast Open.
  *
  * \return socket or error code
  */
 int net_connected_socket(int type, const struct sockaddr_storage *dst_addr,
-                         const struct sockaddr_storage *src_addr, bool tfo);
-
-/*!
- * \brief Enables TCP Fast Open on a bound socket.
- *
- * \param sock  Socket.
- *
- * \return KNOT_EOK or error code
- */
-int net_bound_tfo(int sock, int backlog);
+                         const struct sockaddr_storage *src_add);
 
 /*!
  * \brief Tell kernel to send ECN bits thru CMSG on packet receival.
@@ -234,12 +224,9 @@ ssize_t net_stream_recv(int sock, uint8_t *buffer, size_t size, int timeout_ms);
  * message size according to the specification. These two bytes are not
  * reflected in the return value.
  *
- * \param[in]  tfo_addr  If not NULL, send using TCP Fast Open to this address.
- *
  * \see net_base_send
  */
-ssize_t net_dns_tcp_send(int sock, const uint8_t *buffer, size_t size, int timeout_ms,
-                         struct sockaddr_storage *tfo_addr);
+ssize_t net_dns_tcp_send(int sock, const uint8_t *buffer, size_t size, int timeout_ms);
 
 /*!
  * \brief Receive a DNS message from a TCP socket.

src/knot/conf/base.c

@@ -175,9 +175,6 @@ static void init_cache(
 	val = conf_get(conf, C_SRV, C_TCP_RMT_IO_TIMEOUT);
 	conf->cache.srv_tcp_remote_io_timeout = infinite_adjust(conf_int(&val));
 
-	val = conf_get(conf, C_SRV, C_TCP_FASTOPEN);
-	conf->cache.srv_tcp_fastopen = conf_bool(&val);
-
 	conf->cache.srv_quic_max_clients = running_quic_clients;
 
 	conf->cache.srv_quic_idle_close = running_quic_idle;

src/knot/conf/base.h

@@ -167,7 +167,6 @@ typedef struct {
 		bool xdp_tcp;
 		bool xdp_route_check;
 		bool srv_tcp_reuseport;
-		bool srv_tcp_fastopen;
 		bool srv_socket_affinity;
 		bool srv_ecs;
 		bool srv_ans_rotate;

src/knot/conf/schema.c

@@ -223,7 +223,6 @@ static const yp_item_t desc_server[] = {
 	{ C_TCP_RMT_IO_TIMEOUT,   YP_TINT,  YP_VINT = { 0, INT32_MAX, 5000 } },
 	{ C_TCP_MAX_CLIENTS,      YP_TINT,  YP_VINT = { 0, INT32_MAX, YP_NIL } },
 	{ C_TCP_REUSEPORT,        YP_TBOOL, YP_VNONE },
-	{ C_TCP_FASTOPEN,         YP_TBOOL, YP_VNONE },
 	{ C_QUIC_MAX_CLIENTS,     YP_TINT,  YP_VINT = { 128, INT32_MAX, 10000 } },
 	{ C_QUIC_OUTBUF_MAX_SIZE, YP_TINT,  YP_VINT = { MEGA(1), SSIZE_MAX, MEGA(100), YP_SSIZE } },
 	{ C_QUIC_IDLE_CLOSE,      YP_TINT,  YP_VINT = { 1, INT32_MAX, 4, YP_STIME } },
@@ -253,6 +252,8 @@ static const yp_item_t desc_server[] = {
 	{ C_LISTEN_QUIC,          YP_TADDR, YP_VADDR = { CONF_DNS_TLS_PORT }, YP_FMULTI, { check_listen } },
 	{ C_LISTEN_TLS,           YP_TADDR, YP_VADDR = { CONF_DNS_TLS_PORT }, YP_FMULTI, { check_listen } },
 	{ C_COMMENT,              YP_TSTR,  YP_VNONE },
+	/* Legacy items.*/
+	{ C_TCP_FASTOPEN,         YP_TBOOL, YP_VNONE, YP_FNONE, { legacy_item } },
 	{ NULL }
 };
 

src/knot/conf/schema.h

@@ -153,7 +153,6 @@
 #define C_STORAGE		"\x07""storage"
 #define C_TARGET		"\x06""target"
 #define C_TCP			"\x03""tcp"
-#define C_TCP_FASTOPEN		"\x0C""tcp-fastopen"
 #define C_TCP_IDLE_CLOSE	"\x16""tcp-idle-close-timeout"
 #define C_TCP_IDLE_RESET	"\x16""tcp-idle-reset-timeout"
 #define C_TCP_IDLE_TIMEOUT	"\x10""tcp-idle-timeout"
@@ -204,6 +203,9 @@
 #define C_ZSK_LIFETIME		"\x0C""zsk-lifetime"
 #define C_ZSK_SIZE		"\x08""zsk-size"
 
+// Legacy items.
+#define C_TCP_FASTOPEN		"\x0C""tcp-fastopen"
+
 #define CONF_DNS_PORT		53
 #define CONF_DNS_TLS_PORT	853
 #define CONF_REDIS_PORT		6379

src/knot/events/handlers/notify.c

@@ -95,7 +95,7 @@ static int send_notify(conf_t *conf, zone_t *zone, const knot_rrset_t *soa,
 		return KNOT_ENOMEM;
 	}
 
-	knot_request_flag_t flags = conf->cache.srv_tcp_fastopen ? KNOT_REQUEST_TFO : 0;
+	knot_request_flag_t flags = 0;
 	knot_request_t *req = knot_request_make(NULL, slave, pkt,
 	                                        zone->server->quic_creds, &data.edns, flags);
 	if (req == NULL) {

src/knot/events/handlers/refresh.c

@@ -1412,7 +1412,7 @@ static int try_refresh(conf_t *conf, zone_t *zone, const conf_remote_t *master,
 		return KNOT_ENOMEM;
 	}
 
-	knot_request_flag_t flags = conf->cache.srv_tcp_fastopen ? KNOT_REQUEST_TFO : 0;
+	knot_request_flag_t flags = 0;
 	if (data.edns.no_edns) {
 		flags |= KNOT_REQUEST_NEW;
 	}

src/knot/events/handlers/update.c

@@ -287,7 +287,7 @@ static int remote_forward(conf_t *conf, knot_request_t *request, conf_remote_t *
 	}
 
 	/* Create a request. */
-	knot_request_flag_t flags = conf->cache.srv_tcp_fastopen ? KNOT_REQUEST_TFO : 0;
+	knot_request_flag_t flags = 0;
 	if (request->query->tsig_rr != NULL && request->sign.tsig_key.secret.size == 0) {
 		// Put the TSIG back on the wire as it was removed when parsing in pkt copy.
 		knot_tsig_append(query->wire, &query->size, query->max_size, query->tsig_rr);
@@ -392,7 +392,7 @@ static void send_update_response(conf_t *conf, zone_t *zone, knot_request_t *req
 			knot_tls_conn_block(req->tls_req_ctx.conn, false);
 		} else {
 			(void)net_dns_tcp_send(req->fd, req->resp->wire, req->resp->size,
-			                       conf->cache.srv_tcp_remote_io_timeout, NULL);
+			                       conf->cache.srv_tcp_remote_io_timeout);
 		}
 	} else {
 		if (req->quic_conn != NULL) {

src/knot/modules/dnsproxy/dnsproxy.c

@@ -44,7 +44,6 @@ typedef struct {
 	knotd_conf_t via;
 	knotd_conf_t addr;
 	bool fallback;
-	bool tfo;
 	bool catch_nxdomain;
 	int timeout;
 } dnsproxy_t;
@@ -90,8 +89,6 @@ static int fwd(dnsproxy_t *proxy, knot_pkt_t *pkt, knotd_qdata_t *qdata, int add
 	knot_request_flag_t flags = KNOT_REQUEST_NONE;
 	if (udp) {
 		flags = KNOT_REQUEST_UDP;
-	} else if (proxy->tfo) {
-		flags = KNOT_REQUEST_TFO;
 	}
 
 	if (query->tsig_rr != NULL) {
@@ -188,7 +185,9 @@ int dnsproxy_load(knotd_mod_t *mod)
 	proxy->fallback = conf.single.boolean;
 
 	conf = knotd_conf_mod(mod, MOD_TCP_FASTOPEN);
-	proxy->tfo = conf.single.boolean;
+	if (conf.count > 0) {
+		knotd_mod_log(mod, LOG_NOTICE, "'tcp-fastopen' is obsolete and has no effect");
+	}
 
 	conf = knotd_conf_mod(mod, MOD_CATCH_NXDOMAIN);
 	proxy->catch_nxdomain = conf.single.boolean;

src/knot/modules/dnsproxy/dnsproxy.rst

@@ -54,7 +54,6 @@ Module reference
      timeout: INT
      address: ADDR[/INT] | ADDR-ADDR | STR ...
      fallback: BOOL
-     tcp-fastopen: BOOL
      catch-nxdomain: BOOL
 
 .. _mod-dnsproxy_id:
@@ -111,15 +110,6 @@ to resolve them.
 
 *Default:* ``on``
 
-.. _mod-dnsproxy_tcp-fastopen:
-
-tcp-fastopen
-............
-
-If enabled, TCP Fast Open is used when forwarding TCP queries.
-
-*Default:* ``off``
-
 .. _mod-dnsproxy_catch-nxdomain:
 
 catch-nxdomain

src/knot/query/requestor.c

@@ -67,8 +67,7 @@ static int request_ensure_connected(knot_request_t *request, bool *reused_fd, in
 
 	request->fd = net_connected_socket(sock_type,
 	                                   &request->remote,
-	                                   &request->source,
-	                                   request->flags & KNOT_REQUEST_TFO);
+	                                   &request->source);
 	if (request->fd < 0) {
 		if (request->fd == KNOT_ETIMEOUT) {
 			knot_unreachable_add(global_unreachables, &request->remote,
@@ -128,8 +127,6 @@ static int request_send(knot_request_t *request, int timeout_ms, bool *reused_fd
 	knot_pkt_t *query = request->query;
 	uint8_t *wire = query->wire;
 	size_t wire_len = query->size;
-	struct sockaddr_storage *tfo_addr = (request->flags & KNOT_REQUEST_TFO) ?
-	                                    &request->remote : NULL;
 
 	/* Send query. */
 	if (use_tls(request)) {
@@ -143,8 +140,7 @@ static int request_send(knot_request_t *request, int timeout_ms, bool *reused_fd
 		assert(0);
 #endif // ENABLE_QUIC
 	} else if (use_tcp(request)) {
-		ret = net_dns_tcp_send(request->fd, wire, wire_len, timeout_ms,
-		                       tfo_addr);
+		ret = net_dns_tcp_send(request->fd, wire, wire_len, timeout_ms);
 		if (ret == KNOT_ETIMEOUT) { // Includes establishing conn which times out.
 			knot_unreachable_add(global_unreachables, &request->remote,
 			                     &request->source);

src/knot/query/requestor.h

@@ -19,12 +19,11 @@
 typedef enum {
 	KNOT_REQUEST_NONE = 0,       /*!< Empty flag. */
 	KNOT_REQUEST_UDP  = 1 << 0,  /*!< Use UDP for requests. */
-	KNOT_REQUEST_TFO  = 1 << 1,  /*!< Enable TCP Fast Open for requests. */
-	KNOT_REQUEST_KEEP = 1 << 2,  /*!< Keep upstream TCP connection in pool for later reuse. */
-	KNOT_REQUEST_QUIC = 1 << 3,  /*!< Use QUIC/UDP for requests. */
-	KNOT_REQUEST_TLS  = 1 << 4,  /*!< Use DoT for requests. */
-	KNOT_REQUEST_FWD  = 1 << 5,  /*!< Forwarded message, don't modify (TSIG, PADDING). */
-	KNOT_REQUEST_NEW  = 1 << 6,  /*!< Ensure a new TCP connection is established. */
+	KNOT_REQUEST_KEEP = 1 << 1,  /*!< Keep upstream TCP connection in pool for later reuse. */
+	KNOT_REQUEST_QUIC = 1 << 2,  /*!< Use QUIC/UDP for requests. */
+	KNOT_REQUEST_TLS  = 1 << 3,  /*!< Use DoT for requests. */
+	KNOT_REQUEST_FWD  = 1 << 4,  /*!< Forwarded message, don't modify (TSIG, PADDING). */
+	KNOT_REQUEST_NEW  = 1 << 5,  /*!< Ensure a new TCP connection is established. */
 } knot_request_flag_t;
 
 typedef enum {

src/knot/server/server.c

@@ -11,7 +11,6 @@
 #include <gnutls/x509.h>
 #include <string.h>
 #include <sys/types.h>   // OpenBSD
-#include <netinet/tcp.h> // TCP_FASTOPEN
 #include <sys/resource.h>
 
 #include "libknot/libknot.h"
@@ -511,14 +510,6 @@ static iface_t *server_init_iface(struct sockaddr_storage *addr, bool tls,
 				warn_cbpf = false;
 			}
 		}
-
-		/* Try to enable TCP Fast Open. */
-		ret = net_bound_tfo(sock, TCP_BACKLOG_SIZE);
-		if (ret != KNOT_EOK && ret != KNOT_ENOTSUP && warn_flag_misc) {
-			log_warning("failed to enable TCP Fast Open on %s (%s)",
-			            addr_str, knot_strerror(ret));
-			warn_flag_misc = false;
-		}
 	}
 
 	return new_if;
@@ -536,16 +527,6 @@ static void log_sock_conf(conf_t *conf)
 	if (conf->cache.srv_socket_affinity) {
 		strlcat(buf, ", socket affinity", sizeof(buf));
 	}
-#endif
-#if defined(TCP_FASTOPEN)
-	if (buf[0] != '\0') {
-		strlcat(buf, ", ", sizeof(buf));
-	}
-	strlcat(buf, "incoming", sizeof(buf));
-	if (conf->cache.srv_tcp_fastopen) {
-		strlcat(buf, "/outgoing", sizeof(buf));
-	}
-	strlcat(buf, " TCP Fast Open", sizeof(buf));
 #endif
 	if (buf[0] != '\0') {
 		log_info("using %s", buf);

src/knot/server/tcp-handler.c

@@ -202,7 +202,7 @@ static int tcp_handle(tcp_context_t *tcp, knotd_qdata_params_t *params,
 				sent = knot_tls_send(params->tls_conn, ans->wire, ans->size);
 			} else {
 				sent = net_dns_tcp_send(params->socket, ans->wire, ans->size,
-				                        tcp->io_timeout, NULL);
+				                        tcp->io_timeout);
 			}
 			if (sent != ans->size) {
 				tcp_log_error(params->remote, "send", sent, tcp->server);

src/libknot/control/control.c

@@ -285,7 +285,7 @@ int knot_ctl_connect(knot_ctl_t *ctx, const char *path)
 	}
 
 	// Connect to socket.
-	ctx->sock = net_connected_socket(SOCK_STREAM, &addr, NULL, false);
+	ctx->sock = net_connected_socket(SOCK_STREAM, &addr, NULL);
 	if (ctx->sock < 0) {
 		return ctx->sock;
 	}

tests-extra/tests/config/schema/data/complete.yaml

@@ -6,7 +6,6 @@ server:
   udp-workers: 1
   async-start: off
   tcp-reuseport: false
-  tcp-fastopen: "true"
   socket-affinity: on
   tcp-idle-timeout: 1
   quic-idle-close-timeout: 1s
@@ -25,6 +24,7 @@ server:
 xdp:
   listen: ::1
   listen: lo
+  tcp: "true"
   tcp-idle-close-timeout: 1d
   tcp-inbuf-max-size: 1G
 log:

tests/contrib/test_net.c

@@ -202,7 +202,7 @@ static void test_connected_one(const struct sockaddr_storage *server_addr,
 {
 	int r;
 
-	int client = net_connected_socket(type, server_addr, source_addr, false);
+	int client = net_connected_socket(type, server_addr, source_addr);
 	ok(client >= 0, "%s, %s: client, create connected socket", name, addr_name);
 
 	const uint8_t out[] = "test message";
@@ -355,7 +355,7 @@ static void test_refused(void)
 	r = listen(server, LISTEN_BACKLOG);
 	is_int(0, r, "server, start listening");
 
-	client = net_connected_socket(SOCK_STREAM, &addr, NULL, false);
+	client = net_connected_socket(SOCK_STREAM, &addr, NULL);
 	ok(client >= 0, "client, connect");
 
 	r = net_stream_send(client, (uint8_t *)"", 1, TIMEOUT);
@@ -368,7 +368,7 @@ static void test_refused(void)
 
 	// listening, closed immediately
 
-	client = net_connected_socket(SOCK_STREAM, &addr, NULL, false);
+	client = net_connected_socket(SOCK_STREAM, &addr, NULL);
 	ok(client >= 0, "client, connect");
 
 	r = close(server);
@@ -432,7 +432,7 @@ static void handler_dns(int sock, void *_ctx)
 
 static void dns_send_hello(int sock)
 {
-	net_dns_tcp_send(sock, (uint8_t *)"wimbgunts", 9, TIMEOUT, NULL);
+	net_dns_tcp_send(sock, (uint8_t *)"wimbgunts", 9, TIMEOUT);
 }
 
 static void dns_send_fragmented(int sock)
@@ -500,7 +500,7 @@ static void test_dns_tcp(void)
 		ok(r, "%s, server, start handler", t->name);
 
 		addr = addr_from_socket(server);
-		int client = net_connected_socket(SOCK_STREAM, &addr, NULL, false);
+		int client = net_connected_socket(SOCK_STREAM, &addr, NULL);
 		ok(client >= 0, "%s, client, create connected socket", t->name);
 
 		r = sync_wait(client);
@@ -540,7 +540,7 @@ static void test_nonblocking_mode(int type)
 	}
 
 	struct sockaddr_storage server_addr = addr_from_socket(server);
-	client = net_connected_socket(type, &server_addr, NULL, false);
+	client = net_connected_socket(type, &server_addr, NULL);
 	ok(client >= 0, "%s: connected, create", name);
 	ok(!socket_is_blocking(client), "%s: connected, nonblocking mode", name);
 
@@ -566,7 +566,7 @@ static void test_nonblocking_accept(void)
 
 	// create client
 
-	int client = net_connected_socket(SOCK_STREAM, &addr_server, NULL, false);
+	int client = net_connected_socket(SOCK_STREAM, &addr_server, NULL);
 	ok(client >= 0, "client, create connected socket");
 
 	struct sockaddr_storage addr_client = addr_from_socket(client);
@@ -590,7 +590,7 @@ static void test_nonblocking_accept(void)
 	// client reconnect
 
 	close(client);
-	client = net_connected_socket(SOCK_STREAM, &addr_server, NULL, false);
+	client = net_connected_socket(SOCK_STREAM, &addr_server, NULL);
 	ok(client >= 0, "client, reconnect");
 
 	r = poll_read(server);

tests/contrib/test_net_shortwrite.c

@@ -87,7 +87,7 @@ int main(int argc, char *argv[])
 
 	// create TCP client
 
-	int client = net_connected_socket(SOCK_STREAM, &addr, NULL, false);
+	int client = net_connected_socket(SOCK_STREAM, &addr, NULL);
 	ok(client >= 0, "client: connect to server");
 
 	int optval = 8192;
@@ -114,7 +114,7 @@ int main(int argc, char *argv[])
 	for (size_t i = 0; i < sizeof(sndbuf); i++) {
 		sndbuf[i] = i;
 	}
-	r = net_dns_tcp_send(client, sndbuf, sizeof(sndbuf), TIMEOUT, NULL);
+	r = net_dns_tcp_send(client, sndbuf, sizeof(sndbuf), TIMEOUT);
 	ok(r == sizeof(sndbuf), "client: net_dns_tcp_send() with short-write");
 
 	// receive message

tests/knot/test_confio.c

@@ -901,7 +901,6 @@ static void test_conf_io_list(void)
 	      "server.tcp-remote-io-timeout\n"
 	      "server.tcp-max-clients\n"
 	      "server.tcp-reuseport\n"
-	      "server.tcp-fastopen\n"
 	      "server.quic-max-clients\n"
 	      "server.quic-idle-close-timeout\n"
 	      "server.quic-outbuf-max-size\n"
@@ -968,7 +967,6 @@ static const yp_item_t desc_server[] = {
 	{ C_TCP_RMT_IO_TIMEOUT,	  YP_TINT,  YP_VNONE },
 	{ C_TCP_MAX_CLIENTS,	  YP_TINT,  YP_VNONE },
 	{ C_TCP_REUSEPORT,	  YP_TBOOL, YP_VNONE },
-	{ C_TCP_FASTOPEN,	  YP_TBOOL, YP_VNONE },
 	{ C_QUIC_MAX_CLIENTS,	  YP_TINT,  YP_VNONE },
 	{ C_QUIC_IDLE_CLOSE,	  YP_TINT,  YP_VNONE },
 	{ C_QUIC_OUTBUF_MAX_SIZE, YP_TINT,  YP_VNONE },

tests/knot/test_requestor.c

@@ -20,8 +20,6 @@
 #include "contrib/sockaddr.h"
 #include "contrib/ucw/mempool.h"
 
-bool TFO = false;
-
 /* @note Purpose of this test is not to verify process_answer functionality,
  *       but simply if the requesting/receiving works, so mirror is okay. */
 static int reset(knot_layer_t *ctx) { return KNOT_STATE_PRODUCE; }
@@ -61,7 +59,7 @@ static void *responder_thread(void *arg)
 			break;
 		}
 		knot_wire_set_qr(buf);
-		net_dns_tcp_send(client, buf, len, -1, NULL);
+		net_dns_tcp_send(client, buf, len, -1);
 		close(client);
 	}
 
@@ -79,7 +77,7 @@ static knot_request_t *make_query(knot_requestor_t *requestor,
 	static const knot_dname_t *root = (uint8_t *)"";
 	knot_pkt_put_question(pkt, root, KNOT_CLASS_IN, KNOT_RRTYPE_SOA);
 
-	knot_request_flag_t flags = TFO ? KNOT_REQUEST_TFO: KNOT_REQUEST_NONE;
+	knot_request_flag_t flags = KNOT_REQUEST_NONE;
 
 	return knot_request_make_generic(requestor->mm, dst, src, pkt, NULL,
 	                                 NULL, NULL, NULL, NULL, flags);
@@ -111,18 +109,6 @@ static void test_connected(knot_requestor_t *requestor,
 
 int main(int argc, char *argv[])
 {
-#if defined(__linux__)
-	FILE *fd = fopen("/proc/sys/net/ipv4/tcp_fastopen", "r");
-	if (fd != NULL) {
-		int val = fgetc(fd);
-		fclose(fd);
-		// 0 - disabled, 1 - server TFO (client fallbacks),
-		// 2 - client TFO, 3 - both
-		if (val == '1' || val == '3') {
-			TFO = true;
-		}
-	}
-#endif
 	plan_lazy();
 
 	knot_mm_t mm;
@@ -152,11 +138,6 @@ int main(int argc, char *argv[])
 	ret = listen(responder_fd, 10);
 	ok(ret == 0, "check listen return");
 
-	if (TFO) {
-		ret = net_bound_tfo(responder_fd, 10);
-		ok(ret == KNOT_EOK, "check bound TFO return");
-	}
-
 	pthread_t thread;
 	pthread_create(&thread, 0, responder_thread, &responder_fd);
 
@@ -164,9 +145,9 @@ int main(int argc, char *argv[])
 	test_connected(&requestor, &server, &client);
 
 	/* Terminate responder. */
-	int conn = net_connected_socket(SOCK_STREAM, &server, NULL, false);
+	int conn = net_connected_socket(SOCK_STREAM, &server, NULL);
 	assert(conn > 0);
-	conn = net_dns_tcp_send(conn, (uint8_t *)"", 1, TIMEOUT, NULL);
+	conn = net_dns_tcp_send(conn, (uint8_t *)"", 1, TIMEOUT);
 	assert(conn > 0);
 	pthread_join(thread, NULL);
 	close(responder_fd);