Improve tcp_congestion_control frobbing

Previously it had to be "cubic" and we changed it to "reno". Now, we pick any other available alg. This actually uncovered yet another bug (in Linux v5.12-12733-g9f67672a817e): When /proc/sys/net/ipv4/tcp_congestion_control is written, proc_tcp_congestion_control() is called, which calls tcp_set_default_congestion_control() to handle the write. That function properly operates on &net->ipv4.tcp_congestion_control, but it *also* sets ca->flags |= TCP_CONG_NON_RESTRICTED which is global. This has the unintended side-effect of /proc/sys/net/ipv4/tcp_allowed_congestion_control changing, even though 97684f0970f6e made it read-only in the child netns. While we're in here... tcp_ca_find_autoload() will try to load a module, if capable(CAP_NET_ADMIN). But what if we're in a userns?
JonathonReinhart · May 1, 2021 · 9e9e148 · 9e9e148
1 parent dcfd611
commit 9e9e148
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/verify.py b/verify.py
@@ -60,9 +60,22 @@ def dict_compare(d1, d2):
     same = set(o for o in shared_keys if d1[o] == d2[o])
     return added, removed, modified, same
 
+
+def get_avail_tcp_cong():
+    path = SYSCTL_PATH / "net/ipv4/tcp_available_congestion_control"
+    return set(path.read_text().strip().split())
+
+
+def frob_tcp_cong(path, val):
+    avail = get_avail_tcp_cong()
+    avail.remove(val)
+    res = avail.pop()   # arbitrary
+    return res
+
+
 special_sysctls = {
     '/proc/sys/net/ipv4/ip_local_reserved_ports':   ("", "69-6969"),
-    '/proc/sys/net/ipv4/tcp_congestion_control':    ("cubic", "reno"),
+    '/proc/sys/net/ipv4/tcp_congestion_control':    frob_tcp_cong,
     '/proc/sys/net/ipv4/tcp_allowed_congestion_control': ("reno bbr cubic", "reno cubic"),
     '/proc/sys/net/ipv4/tcp_fastopen_key': ("00000000-00000000-00000000-00000000", "11111111-22222222-33333333-44444444"),
     '/proc/sys/net/ipv6/icmp/ratemask':                 ("0-1,3-127", "0-1,6-69"),