small writeups, mostly for myself
Hit a weird one tracing latency on a busy box: SO_RCVBUF was being clamped well below the configured value because the autotuner got confused by a burst of tiny RST replies from a broken peer. Pinning the buffer at setsockopt time wasn’t enough — the kernel still let it shrink. Workaround in the end was just disabling auto-tuning per-socket, which has its own tradeoffs but at least the floor stays where I put it.
kTLS keeps showing up in answers to “why is this proxy slow.” Quick refresher: once you’ve done the userspace handshake, you can hand the cipher state to the kernel and let splice() carry the bytes. Saves the userspace round-trip on every read/write. The catch is the kernel falls back to userspace on any record it doesn’t recognise (alerts, key updates, post-handshake auth) — so anything that flows mid-stream needs handling on the control side or you get desync. Boring point but it bites.
fq_codel vs fq matters more than I expected on a host running a QUIC server with a
handful of long-lived flows. Default Debian vs default Ubuntu disagree by enough that I
spent an hour chasing a phantom bug before checking tc qdisc show. Setting
the qdisc explicitly in the deploy script saved this from ever being an issue again.