From owner-svn-src-stable@freebsd.org Wed Jan 13 15:16:52 2021 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BBC534E04AE; Wed, 13 Jan 2021 15:16:52 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DG9yr4k2Zz4p5w; Wed, 13 Jan 2021 15:16:52 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from mail-qk1-f182.google.com (mail-qk1-f182.google.com [209.85.222.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id 8ECD0291EC; Wed, 13 Jan 2021 15:16:52 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-qk1-f182.google.com with SMTP id f26so1991445qka.0; Wed, 13 Jan 2021 07:16:52 -0800 (PST) X-Gm-Message-State: AOAM530srO0pTns83vLgPPv/wb5zY3g1D2jgFqT0s/kCAMxfzMEdlVU7 WM/LoeQPF65wJSPmXpVON1xyXmncjkLWQFR4+Ng= X-Google-Smtp-Source: ABdhPJw9Z0QDLNKgZVLbAIhGWd/PiLpHRwi+4QuFRWCU/RdKIRtx+/cX8MDrT3DkZcGeXrGERMhr4h1R4SYH2VtxH8M= X-Received: by 2002:a05:620a:14a:: with SMTP id e10mr2408744qkn.103.1610551011725; Wed, 13 Jan 2021 07:16:51 -0800 (PST) MIME-Version: 1.0 References: <202011300945.0AU9jilR008960@repo.freebsd.org> In-Reply-To: From: Kyle Evans Date: Wed, 13 Jan 2021 09:16:38 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r368181 - in stable/12/sys/netinet: . tcp_stacks To: Michael Tuexen Cc: src-committers , svn-src-all , svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org, dmgk@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jan 2021 15:16:52 -0000 On Wed, Jan 6, 2021 at 9:01 AM Kyle Evans wrote: > > On Mon, Nov 30, 2020 at 3:45 AM Michael Tuexen wrote: > > > > Author: tuexen > > Date: Mon Nov 30 09:45:44 2020 > > New Revision: 368181 > > URL: https://svnweb.freebsd.org/changeset/base/368181 > > > > Log: > > MFC r367530: > > RFC 7323 specifies that: > > * TCP segments without timestamps should be dropped when support for > > the timestamp option has been negotiated. > > * TCP segments with timestamps should be processed normally if support > > for the timestamp option has not been negotiated. > > This patch enforces the above. > > Manually resolved merge conflicts. > > > > MFC 367891: > > Fix an issue I introuced in r367530: tcp_twcheck() can be called > > with to == NULL for SYN segments. So don't assume tp != NULL. > > Thanks to jhb@ for reporting and suggesting a fix. > > > > MFC r367946: > > Fix two occurences of a typo in a comment introduced in r367530. > > Thanks to lstewart@ for reporting them. > > > > Hi Michael, > > Dmitri (CC'd) spotted a regression in the golang test suite along > stable/12 and bisected it back to this MFC (reported via > efnet#bsdports). The test puts up a local HTTP server and attempts to > close the read-side while the write-side is still going, hopefully > observing a write failure on the write-side in the process (but it > never does). > > I minimized it to this (rough) reproducer, which shows the write side > hanging around in CLOSE_WAIT and successfully writing the msg > repeatedly on recent -CURRENT while 12.2 observes an EPIPE almost > immediately: https://people.freebsd.org/~kevans/tcpr.c > > root@viper:~/grep# sockstat -s | grep 8993 > root a.out 80831 4 tcp4 127.0.0.1:8993 *:* > LISTEN > root a.out 80831 5 tcp4 127.0.0.1:8993 > 127.0.0.1:40319 CLOSE_WAIT > root@viper:~/grep# > Ping? > > > > Modified: > > stable/12/sys/netinet/tcp_input.c > > stable/12/sys/netinet/tcp_stacks/rack.c > > stable/12/sys/netinet/tcp_syncache.c > > stable/12/sys/netinet/tcp_timewait.c > > Directory Properties: > > stable/12/ (props changed) > > > > Modified: stable/12/sys/netinet/tcp_input.c > > ============================================================================== > > --- stable/12/sys/netinet/tcp_input.c Mon Nov 30 09:22:33 2020 (r368180) > > +++ stable/12/sys/netinet/tcp_input.c Mon Nov 30 09:45:44 2020 (r368181) > > @@ -975,8 +975,8 @@ findpcb: > > } > > INP_INFO_RLOCK_ASSERT(&V_tcbinfo); > > > > - if (thflags & TH_SYN) > > - tcp_dooptions(&to, optp, optlen, TO_SYN); > > + tcp_dooptions(&to, optp, optlen, > > + (thflags & TH_SYN) ? TO_SYN : 0); > > /* > > * NB: tcp_twcheck unlocks the INP and frees the mbuf. > > */ > > @@ -1706,20 +1706,29 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, stru > > } > > > > /* > > - * If timestamps were negotiated during SYN/ACK they should > > - * appear on every segment during this session and vice versa. > > + * If timestamps were negotiated during SYN/ACK and a > > + * segment without a timestamp is received, silently drop > > + * the segment. > > + * See section 3.2 of RFC 7323. > > */ > > if ((tp->t_flags & TF_RCVD_TSTMP) && !(to.to_flags & TOF_TS)) { > > if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { > > log(LOG_DEBUG, "%s; %s: Timestamp missing, " > > - "no action\n", s, __func__); > > + "segment silently dropped\n", s, __func__); > > free(s, M_TCPLOG); > > } > > + goto drop; > > } > > + /* > > + * If timestamps were not negotiated during SYN/ACK and a > > + * segment with a timestamp is received, ignore the > > + * timestamp and process the packet normally. > > + * See section 3.2 of RFC 7323. > > + */ > > if (!(tp->t_flags & TF_RCVD_TSTMP) && (to.to_flags & TOF_TS)) { > > if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { > > log(LOG_DEBUG, "%s; %s: Timestamp not expected, " > > - "no action\n", s, __func__); > > + "segment processed normally\n", s, __func__); > > free(s, M_TCPLOG); > > } > > } > > > > Modified: stable/12/sys/netinet/tcp_stacks/rack.c > > ============================================================================== > > --- stable/12/sys/netinet/tcp_stacks/rack.c Mon Nov 30 09:22:33 2020 (r368180) > > +++ stable/12/sys/netinet/tcp_stacks/rack.c Mon Nov 30 09:45:44 2020 (r368181) > > @@ -6708,7 +6708,27 @@ rack_hpts_do_segment(struct mbuf *m, struct tcphdr *th > > TCP_LOG_EVENT(tp, th, &so->so_rcv, &so->so_snd, TCP_LOG_IN, 0, > > tlen, &log, true); > > } > > + > > /* > > + * Parse options on any incoming segment. > > + */ > > + tcp_dooptions(&to, (u_char *)(th + 1), > > + (th->th_off << 2) - sizeof(struct tcphdr), > > + (thflags & TH_SYN) ? TO_SYN : 0); > > + > > + /* > > + * If timestamps were negotiated during SYN/ACK and a > > + * segment without a timestamp is received, silently drop > > + * the segment. > > + * See section 3.2 of RFC 7323. > > + */ > > + if ((tp->t_flags & TF_RCVD_TSTMP) && !(to.to_flags & TOF_TS)) { > > + way_out = 5; > > + retval = 0; > > + goto done_with_input; > > + } > > + > > + /* > > * Segment received on connection. Reset idle time and keep-alive > > * timer. XXX: This should be done after segment validation to > > * ignore broken/spoofed segs. > > @@ -6761,12 +6781,6 @@ rack_hpts_do_segment(struct mbuf *m, struct tcphdr *th > > rack_cong_signal(tp, th, CC_ECN); > > } > > } > > - /* > > - * Parse options on any incoming segment. > > - */ > > - tcp_dooptions(&to, (u_char *)(th + 1), > > - (th->th_off << 2) - sizeof(struct tcphdr), > > - (thflags & TH_SYN) ? TO_SYN : 0); > > > > /* > > * If echoed timestamp is later than the current time, fall back to > > @@ -6898,6 +6912,7 @@ rack_hpts_do_segment(struct mbuf *m, struct tcphdr *th > > rack_timer_audit(tp, rack, &so->so_snd); > > way_out = 2; > > } > > + done_with_input: > > rack_log_doseg_done(rack, cts, nxt_pkt, did_out, way_out); > > if (did_out) > > rack->r_wanted_output = 0; > > > > Modified: stable/12/sys/netinet/tcp_syncache.c > > ============================================================================== > > --- stable/12/sys/netinet/tcp_syncache.c Mon Nov 30 09:22:33 2020 (r368180) > > +++ stable/12/sys/netinet/tcp_syncache.c Mon Nov 30 09:45:44 2020 (r368181) > > @@ -1142,6 +1142,40 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt > > } > > > > /* > > + * If timestamps were not negotiated during SYN/ACK and a > > + * segment with a timestamp is received, ignore the > > + * timestamp and process the packet normally. > > + * See section 3.2 of RFC 7323. > > + */ > > + if (!(sc->sc_flags & SCF_TIMESTAMP) && > > + (to->to_flags & TOF_TS)) { > > + if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { > > + log(LOG_DEBUG, "%s; %s: Timestamp not " > > + "expected, segment processed normally\n", > > + s, __func__); > > + free(s, M_TCPLOG); > > + s = NULL; > > + } > > + } > > + > > + /* > > + * If timestamps were negotiated during SYN/ACK and a > > + * segment without a timestamp is received, silently drop > > + * the segment. > > + * See section 3.2 of RFC 7323. > > + */ > > + if ((sc->sc_flags & SCF_TIMESTAMP) && > > + !(to->to_flags & TOF_TS)) { > > + SCH_UNLOCK(sch); > > + if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { > > + log(LOG_DEBUG, "%s; %s: Timestamp missing, " > > + "segment silently dropped\n", s, __func__); > > + free(s, M_TCPLOG); > > + } > > + return (-1); /* Do not send RST */ > > + } > > + > > + /* > > * Pull out the entry to unlock the bucket row. > > * > > * NOTE: We must decrease TCPS_SYN_RECEIVED count here, not > > @@ -1184,32 +1218,6 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt > > log(LOG_DEBUG, "%s; %s: SEQ %u != IRS+1 %u, segment " > > "rejected\n", s, __func__, th->th_seq, sc->sc_irs); > > goto failed; > > - } > > - > > - /* > > - * If timestamps were not negotiated during SYN/ACK they > > - * must not appear on any segment during this session. > > - */ > > - if (!(sc->sc_flags & SCF_TIMESTAMP) && (to->to_flags & TOF_TS)) { > > - if ((s = tcp_log_addrs(inc, th, NULL, NULL))) > > - log(LOG_DEBUG, "%s; %s: Timestamp not expected, " > > - "segment rejected\n", s, __func__); > > - goto failed; > > - } > > - > > - /* > > - * If timestamps were negotiated during SYN/ACK they should > > - * appear on every segment during this session. > > - * XXXAO: This is only informal as there have been unverified > > - * reports of non-compliants stacks. > > - */ > > - if ((sc->sc_flags & SCF_TIMESTAMP) && !(to->to_flags & TOF_TS)) { > > - if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { > > - log(LOG_DEBUG, "%s; %s: Timestamp missing, " > > - "no action\n", s, __func__); > > - free(s, M_TCPLOG); > > - s = NULL; > > - } > > } > > > > *lsop = syncache_socket(sc, *lsop, m); > > > > Modified: stable/12/sys/netinet/tcp_timewait.c > > ============================================================================== > > --- stable/12/sys/netinet/tcp_timewait.c Mon Nov 30 09:22:33 2020 (r368180) > > +++ stable/12/sys/netinet/tcp_timewait.c Mon Nov 30 09:45:44 2020 (r368181) > > @@ -373,9 +373,10 @@ tcp_twstart(struct tcpcb *tp) > > /* > > * Returns 1 if the TIME_WAIT state was killed and we should start over, > > * looking for a pcb in the listen state. Returns 0 otherwise. > > + * It be called with to == NULL only for pure SYN-segments. > > */ > > int > > -tcp_twcheck(struct inpcb *inp, struct tcpopt *to __unused, struct tcphdr *th, > > +tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th, > > struct mbuf *m, int tlen) > > { > > struct tcptw *tw; > > @@ -396,6 +397,8 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to __unu > > goto drop; > > > > thflags = th->th_flags; > > + KASSERT(to != NULL || (thflags & (TH_SYN | TH_ACK)) == TH_SYN, > > + ("tcp_twcheck: called without options on a non-SYN segment")); > > > > /* > > * NOTE: for FIN_WAIT_2 (to be added later), > > @@ -443,6 +446,16 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to __unu > > */ > > if ((thflags & TH_ACK) == 0) > > goto drop; > > + > > + /* > > + * If timestamps were negotiated during SYN/ACK and a > > + * segment without a timestamp is received, silently drop > > + * the segment. > > + * See section 3.2 of RFC 7323. > > + */ > > + if (((to->to_flags & TOF_TS) == 0) && (tw->t_recent != 0)) { > > + goto drop; > > + } > > > > /* > > * Reset the 2MSL timer if this is a duplicate FIN. From owner-svn-src-stable@freebsd.org Wed Jan 13 15:31:00 2021 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0E3E64E06B1; Wed, 13 Jan 2021 15:31:00 +0000 (UTC) (envelope-from tuexen@freebsd.org) Received: from drew.franken.de (mail-n.franken.de [193.175.24.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.franken.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DGBH75xdQz4pQg; Wed, 13 Jan 2021 15:30:59 +0000 (UTC) (envelope-from tuexen@freebsd.org) Received: from [IPv6:2a02:8109:1140:c3d:7988:47cb:edef:6bb9] (unknown [IPv6:2a02:8109:1140:c3d:7988:47cb:edef:6bb9]) (Authenticated sender: macmic) by mail-n.franken.de (Postfix) with ESMTPSA id 9F035721BE01D; Wed, 13 Jan 2021 16:30:55 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.40.0.2.32\)) Subject: Re: svn commit: r368181 - in stable/12/sys/netinet: . tcp_stacks From: Michael Tuexen In-Reply-To: Date: Wed, 13 Jan 2021 16:30:53 +0100 Cc: src-committers , svn-src-all , svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org, dmgk@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <202011300945.0AU9jilR008960@repo.freebsd.org> To: Kyle Evans X-Mailer: Apple Mail (2.3654.40.0.2.32) X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de X-Rspamd-Queue-Id: 4DGBH75xdQz4pQg X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jan 2021 15:31:00 -0000 > On 13. Jan 2021, at 16:16, Kyle Evans wrote: >=20 > On Wed, Jan 6, 2021 at 9:01 AM Kyle Evans wrote: >>=20 >> On Mon, Nov 30, 2020 at 3:45 AM Michael Tuexen = wrote: >>>=20 >>> Author: tuexen >>> Date: Mon Nov 30 09:45:44 2020 >>> New Revision: 368181 >>> URL: https://svnweb.freebsd.org/changeset/base/368181 >>>=20 >>> Log: >>> MFC r367530: >>> RFC 7323 specifies that: >>> * TCP segments without timestamps should be dropped when support = for >>> the timestamp option has been negotiated. >>> * TCP segments with timestamps should be processed normally if = support >>> for the timestamp option has not been negotiated. >>> This patch enforces the above. >>> Manually resolved merge conflicts. >>>=20 >>> MFC 367891: >>> Fix an issue I introuced in r367530: tcp_twcheck() can be called >>> with to =3D=3D NULL for SYN segments. So don't assume tp !=3D NULL. >>> Thanks to jhb@ for reporting and suggesting a fix. >>>=20 >>> MFC r367946: >>> Fix two occurences of a typo in a comment introduced in r367530. >>> Thanks to lstewart@ for reporting them. >>>=20 >>=20 >> Hi Michael, >>=20 >> Dmitri (CC'd) spotted a regression in the golang test suite along >> stable/12 and bisected it back to this MFC (reported via >> efnet#bsdports). The test puts up a local HTTP server and attempts to >> close the read-side while the write-side is still going, hopefully >> observing a write failure on the write-side in the process (but it >> never does). >>=20 >> I minimized it to this (rough) reproducer, which shows the write side >> hanging around in CLOSE_WAIT and successfully writing the msg >> repeatedly on recent -CURRENT while 12.2 observes an EPIPE almost >> immediately: https://people.freebsd.org/~kevans/tcpr.c >>=20 >> root@viper:~/grep# sockstat -s | grep 8993 >> root a.out 80831 4 tcp4 127.0.0.1:8993 *:* >> LISTEN >> root a.out 80831 5 tcp4 127.0.0.1:8993 >> 127.0.0.1:40319 CLOSE_WAIT >> root@viper:~/grep# >>=20 >=20 > Ping? Hi Kyle, thanks for pinging. I missed your original mail (not sure why it did not = end up in the correct mailbox). Will look into it later today/tomorrow. Thanks for providing a reproducer. Just to get it crystal clear: You say = that the programs runs fine on CURRENT but not on stable/12. Is that correct? Best regards Michael >=20 >>>=20 >>> Modified: >>> stable/12/sys/netinet/tcp_input.c >>> stable/12/sys/netinet/tcp_stacks/rack.c >>> stable/12/sys/netinet/tcp_syncache.c >>> stable/12/sys/netinet/tcp_timewait.c >>> Directory Properties: >>> stable/12/ (props changed) >>>=20 >>> Modified: stable/12/sys/netinet/tcp_input.c >>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>> --- stable/12/sys/netinet/tcp_input.c Mon Nov 30 09:22:33 2020 = (r368180) >>> +++ stable/12/sys/netinet/tcp_input.c Mon Nov 30 09:45:44 2020 = (r368181) >>> @@ -975,8 +975,8 @@ findpcb: >>> } >>> INP_INFO_RLOCK_ASSERT(&V_tcbinfo); >>>=20 >>> - if (thflags & TH_SYN) >>> - tcp_dooptions(&to, optp, optlen, TO_SYN); >>> + tcp_dooptions(&to, optp, optlen, >>> + (thflags & TH_SYN) ? TO_SYN : 0); >>> /* >>> * NB: tcp_twcheck unlocks the INP and frees the = mbuf. >>> */ >>> @@ -1706,20 +1706,29 @@ tcp_do_segment(struct mbuf *m, struct tcphdr = *th, stru >>> } >>>=20 >>> /* >>> - * If timestamps were negotiated during SYN/ACK they should >>> - * appear on every segment during this session and vice = versa. >>> + * If timestamps were negotiated during SYN/ACK and a >>> + * segment without a timestamp is received, silently drop >>> + * the segment. >>> + * See section 3.2 of RFC 7323. >>> */ >>> if ((tp->t_flags & TF_RCVD_TSTMP) && !(to.to_flags & TOF_TS)) = { >>> if ((s =3D tcp_log_addrs(inc, th, NULL, NULL))) { >>> log(LOG_DEBUG, "%s; %s: Timestamp missing, " >>> - "no action\n", s, __func__); >>> + "segment silently dropped\n", s, = __func__); >>> free(s, M_TCPLOG); >>> } >>> + goto drop; >>> } >>> + /* >>> + * If timestamps were not negotiated during SYN/ACK and a >>> + * segment with a timestamp is received, ignore the >>> + * timestamp and process the packet normally. >>> + * See section 3.2 of RFC 7323. >>> + */ >>> if (!(tp->t_flags & TF_RCVD_TSTMP) && (to.to_flags & TOF_TS)) = { >>> if ((s =3D tcp_log_addrs(inc, th, NULL, NULL))) { >>> log(LOG_DEBUG, "%s; %s: Timestamp not = expected, " >>> - "no action\n", s, __func__); >>> + "segment processed normally\n", s, = __func__); >>> free(s, M_TCPLOG); >>> } >>> } >>>=20 >>> Modified: stable/12/sys/netinet/tcp_stacks/rack.c >>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>> --- stable/12/sys/netinet/tcp_stacks/rack.c Mon Nov 30 09:22:33 = 2020 (r368180) >>> +++ stable/12/sys/netinet/tcp_stacks/rack.c Mon Nov 30 09:45:44 = 2020 (r368181) >>> @@ -6708,7 +6708,27 @@ rack_hpts_do_segment(struct mbuf *m, struct = tcphdr *th >>> TCP_LOG_EVENT(tp, th, &so->so_rcv, &so->so_snd, = TCP_LOG_IN, 0, >>> tlen, &log, true); >>> } >>> + >>> /* >>> + * Parse options on any incoming segment. >>> + */ >>> + tcp_dooptions(&to, (u_char *)(th + 1), >>> + (th->th_off << 2) - sizeof(struct tcphdr), >>> + (thflags & TH_SYN) ? TO_SYN : 0); >>> + >>> + /* >>> + * If timestamps were negotiated during SYN/ACK and a >>> + * segment without a timestamp is received, silently drop >>> + * the segment. >>> + * See section 3.2 of RFC 7323. >>> + */ >>> + if ((tp->t_flags & TF_RCVD_TSTMP) && !(to.to_flags & = TOF_TS)) { >>> + way_out =3D 5; >>> + retval =3D 0; >>> + goto done_with_input; >>> + } >>> + >>> + /* >>> * Segment received on connection. Reset idle time and = keep-alive >>> * timer. XXX: This should be done after segment validation = to >>> * ignore broken/spoofed segs. >>> @@ -6761,12 +6781,6 @@ rack_hpts_do_segment(struct mbuf *m, struct = tcphdr *th >>> rack_cong_signal(tp, th, CC_ECN); >>> } >>> } >>> - /* >>> - * Parse options on any incoming segment. >>> - */ >>> - tcp_dooptions(&to, (u_char *)(th + 1), >>> - (th->th_off << 2) - sizeof(struct tcphdr), >>> - (thflags & TH_SYN) ? TO_SYN : 0); >>>=20 >>> /* >>> * If echoed timestamp is later than the current time, fall = back to >>> @@ -6898,6 +6912,7 @@ rack_hpts_do_segment(struct mbuf *m, struct = tcphdr *th >>> rack_timer_audit(tp, rack, &so->so_snd); >>> way_out =3D 2; >>> } >>> + done_with_input: >>> rack_log_doseg_done(rack, cts, nxt_pkt, did_out, = way_out); >>> if (did_out) >>> rack->r_wanted_output =3D 0; >>>=20 >>> Modified: stable/12/sys/netinet/tcp_syncache.c >>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>> --- stable/12/sys/netinet/tcp_syncache.c Mon Nov 30 09:22:33 = 2020 (r368180) >>> +++ stable/12/sys/netinet/tcp_syncache.c Mon Nov 30 09:45:44 = 2020 (r368181) >>> @@ -1142,6 +1142,40 @@ syncache_expand(struct in_conninfo *inc, = struct tcpopt >>> } >>>=20 >>> /* >>> + * If timestamps were not negotiated during SYN/ACK = and a >>> + * segment with a timestamp is received, ignore the >>> + * timestamp and process the packet normally. >>> + * See section 3.2 of RFC 7323. >>> + */ >>> + if (!(sc->sc_flags & SCF_TIMESTAMP) && >>> + (to->to_flags & TOF_TS)) { >>> + if ((s =3D tcp_log_addrs(inc, th, NULL, = NULL))) { >>> + log(LOG_DEBUG, "%s; %s: Timestamp = not " >>> + "expected, segment processed = normally\n", >>> + s, __func__); >>> + free(s, M_TCPLOG); >>> + s =3D NULL; >>> + } >>> + } >>> + >>> + /* >>> + * If timestamps were negotiated during SYN/ACK and = a >>> + * segment without a timestamp is received, silently = drop >>> + * the segment. >>> + * See section 3.2 of RFC 7323. >>> + */ >>> + if ((sc->sc_flags & SCF_TIMESTAMP) && >>> + !(to->to_flags & TOF_TS)) { >>> + SCH_UNLOCK(sch); >>> + if ((s =3D tcp_log_addrs(inc, th, NULL, = NULL))) { >>> + log(LOG_DEBUG, "%s; %s: Timestamp = missing, " >>> + "segment silently dropped\n", s, = __func__); >>> + free(s, M_TCPLOG); >>> + } >>> + return (-1); /* Do not send RST */ >>> + } >>> + >>> + /* >>> * Pull out the entry to unlock the bucket row. >>> * >>> * NOTE: We must decrease TCPS_SYN_RECEIVED count = here, not >>> @@ -1184,32 +1218,6 @@ syncache_expand(struct in_conninfo *inc, = struct tcpopt >>> log(LOG_DEBUG, "%s; %s: SEQ %u !=3D IRS+1 %u, = segment " >>> "rejected\n", s, __func__, th->th_seq, = sc->sc_irs); >>> goto failed; >>> - } >>> - >>> - /* >>> - * If timestamps were not negotiated during SYN/ACK they >>> - * must not appear on any segment during this session. >>> - */ >>> - if (!(sc->sc_flags & SCF_TIMESTAMP) && (to->to_flags & = TOF_TS)) { >>> - if ((s =3D tcp_log_addrs(inc, th, NULL, NULL))) >>> - log(LOG_DEBUG, "%s; %s: Timestamp not = expected, " >>> - "segment rejected\n", s, __func__); >>> - goto failed; >>> - } >>> - >>> - /* >>> - * If timestamps were negotiated during SYN/ACK they should >>> - * appear on every segment during this session. >>> - * XXXAO: This is only informal as there have been = unverified >>> - * reports of non-compliants stacks. >>> - */ >>> - if ((sc->sc_flags & SCF_TIMESTAMP) && !(to->to_flags & = TOF_TS)) { >>> - if ((s =3D tcp_log_addrs(inc, th, NULL, NULL))) { >>> - log(LOG_DEBUG, "%s; %s: Timestamp missing, " >>> - "no action\n", s, __func__); >>> - free(s, M_TCPLOG); >>> - s =3D NULL; >>> - } >>> } >>>=20 >>> *lsop =3D syncache_socket(sc, *lsop, m); >>>=20 >>> Modified: stable/12/sys/netinet/tcp_timewait.c >>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>> --- stable/12/sys/netinet/tcp_timewait.c Mon Nov 30 09:22:33 = 2020 (r368180) >>> +++ stable/12/sys/netinet/tcp_timewait.c Mon Nov 30 09:45:44 = 2020 (r368181) >>> @@ -373,9 +373,10 @@ tcp_twstart(struct tcpcb *tp) >>> /* >>> * Returns 1 if the TIME_WAIT state was killed and we should start = over, >>> * looking for a pcb in the listen state. Returns 0 otherwise. >>> + * It be called with to =3D=3D NULL only for pure SYN-segments. >>> */ >>> int >>> -tcp_twcheck(struct inpcb *inp, struct tcpopt *to __unused, struct = tcphdr *th, >>> +tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr = *th, >>> struct mbuf *m, int tlen) >>> { >>> struct tcptw *tw; >>> @@ -396,6 +397,8 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to = __unu >>> goto drop; >>>=20 >>> thflags =3D th->th_flags; >>> + KASSERT(to !=3D NULL || (thflags & (TH_SYN | TH_ACK)) =3D=3D = TH_SYN, >>> + ("tcp_twcheck: called without options on a non-SYN = segment")); >>>=20 >>> /* >>> * NOTE: for FIN_WAIT_2 (to be added later), >>> @@ -443,6 +446,16 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt = *to __unu >>> */ >>> if ((thflags & TH_ACK) =3D=3D 0) >>> goto drop; >>> + >>> + /* >>> + * If timestamps were negotiated during SYN/ACK and a >>> + * segment without a timestamp is received, silently drop >>> + * the segment. >>> + * See section 3.2 of RFC 7323. >>> + */ >>> + if (((to->to_flags & TOF_TS) =3D=3D 0) && (tw->t_recent !=3D = 0)) { >>> + goto drop; >>> + } >>>=20 >>> /* >>> * Reset the 2MSL timer if this is a duplicate FIN. From owner-svn-src-stable@freebsd.org Wed Jan 13 15:33:16 2021 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A55804E0B49; Wed, 13 Jan 2021 15:33:16 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DGBKm4Ft6z4qGd; Wed, 13 Jan 2021 15:33:16 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from mail-qv1-f42.google.com (mail-qv1-f42.google.com [209.85.219.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id 7FAA429683; Wed, 13 Jan 2021 15:33:16 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-qv1-f42.google.com with SMTP id l7so918420qvt.4; Wed, 13 Jan 2021 07:33:16 -0800 (PST) X-Gm-Message-State: AOAM532Rf2Cfs233EV6CRnifxJgN80L5mC8pmuhRivuCkBh52iogSWPd D/NiCzTfTxjTLJ/FjmBLBpqz+ZiiR5YkTMKVWCs= X-Google-Smtp-Source: ABdhPJxpoWU273hdtjyUxf/GRpRP5dv4Cb3HgmsXzOabKqKWiHcxJJXR6rR2uAca9i9IzZJm7BzTT6UJLyTUXf03HtQ= X-Received: by 2002:a0c:b59a:: with SMTP id g26mr2640939qve.26.1610551995859; Wed, 13 Jan 2021 07:33:15 -0800 (PST) MIME-Version: 1.0 References: <202011300945.0AU9jilR008960@repo.freebsd.org> In-Reply-To: From: Kyle Evans Date: Wed, 13 Jan 2021 09:33:02 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r368181 - in stable/12/sys/netinet: . tcp_stacks To: Michael Tuexen Cc: src-committers , svn-src-all , svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org, dmgk@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jan 2021 15:33:16 -0000 On Wed, Jan 13, 2021 at 9:31 AM Michael Tuexen wrote: > > > On 13. Jan 2021, at 16:16, Kyle Evans wrote: > > > > On Wed, Jan 6, 2021 at 9:01 AM Kyle Evans wrote: > >> > >> On Mon, Nov 30, 2020 at 3:45 AM Michael Tuexen wrote: > >>> > >>> Author: tuexen > >>> Date: Mon Nov 30 09:45:44 2020 > >>> New Revision: 368181 > >>> URL: https://svnweb.freebsd.org/changeset/base/368181 > >>> > >>> Log: > >>> MFC r367530: > >>> RFC 7323 specifies that: > >>> * TCP segments without timestamps should be dropped when support for > >>> the timestamp option has been negotiated. > >>> * TCP segments with timestamps should be processed normally if support > >>> for the timestamp option has not been negotiated. > >>> This patch enforces the above. > >>> Manually resolved merge conflicts. > >>> > >>> MFC 367891: > >>> Fix an issue I introuced in r367530: tcp_twcheck() can be called > >>> with to == NULL for SYN segments. So don't assume tp != NULL. > >>> Thanks to jhb@ for reporting and suggesting a fix. > >>> > >>> MFC r367946: > >>> Fix two occurences of a typo in a comment introduced in r367530. > >>> Thanks to lstewart@ for reporting them. > >>> > >> > >> Hi Michael, > >> > >> Dmitri (CC'd) spotted a regression in the golang test suite along > >> stable/12 and bisected it back to this MFC (reported via > >> efnet#bsdports). The test puts up a local HTTP server and attempts to > >> close the read-side while the write-side is still going, hopefully > >> observing a write failure on the write-side in the process (but it > >> never does). > >> > >> I minimized it to this (rough) reproducer, which shows the write side > >> hanging around in CLOSE_WAIT and successfully writing the msg > >> repeatedly on recent -CURRENT while 12.2 observes an EPIPE almost > >> immediately: https://people.freebsd.org/~kevans/tcpr.c > >> > >> root@viper:~/grep# sockstat -s | grep 8993 > >> root a.out 80831 4 tcp4 127.0.0.1:8993 *:* > >> LISTEN > >> root a.out 80831 5 tcp4 127.0.0.1:8993 > >> 127.0.0.1:40319 CLOSE_WAIT > >> root@viper:~/grep# > >> > > > > Ping? > Hi Kyle, > > thanks for pinging. I missed your original mail (not sure why it did not end up in the > correct mailbox). Will look into it later today/tomorrow. > > Thanks for providing a reproducer. Just to get it crystal clear: You say that the > programs runs fine on CURRENT but not on stable/12. Is that correct? > Excellent, thanks! It runs fine on 12.2, but not on an up-to-date -CURRENT or stable/12 after this MFC. > Best regards > Michael > > > >>> > >>> Modified: > >>> stable/12/sys/netinet/tcp_input.c > >>> stable/12/sys/netinet/tcp_stacks/rack.c > >>> stable/12/sys/netinet/tcp_syncache.c > >>> stable/12/sys/netinet/tcp_timewait.c > >>> Directory Properties: > >>> stable/12/ (props changed) > >>> > >>> Modified: stable/12/sys/netinet/tcp_input.c > >>> ============================================================================== > >>> --- stable/12/sys/netinet/tcp_input.c Mon Nov 30 09:22:33 2020 (r368180) > >>> +++ stable/12/sys/netinet/tcp_input.c Mon Nov 30 09:45:44 2020 (r368181) > >>> @@ -975,8 +975,8 @@ findpcb: > >>> } > >>> INP_INFO_RLOCK_ASSERT(&V_tcbinfo); > >>> > >>> - if (thflags & TH_SYN) > >>> - tcp_dooptions(&to, optp, optlen, TO_SYN); > >>> + tcp_dooptions(&to, optp, optlen, > >>> + (thflags & TH_SYN) ? TO_SYN : 0); > >>> /* > >>> * NB: tcp_twcheck unlocks the INP and frees the mbuf. > >>> */ > >>> @@ -1706,20 +1706,29 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, stru > >>> } > >>> > >>> /* > >>> - * If timestamps were negotiated during SYN/ACK they should > >>> - * appear on every segment during this session and vice versa. > >>> + * If timestamps were negotiated during SYN/ACK and a > >>> + * segment without a timestamp is received, silently drop > >>> + * the segment. > >>> + * See section 3.2 of RFC 7323. > >>> */ > >>> if ((tp->t_flags & TF_RCVD_TSTMP) && !(to.to_flags & TOF_TS)) { > >>> if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { > >>> log(LOG_DEBUG, "%s; %s: Timestamp missing, " > >>> - "no action\n", s, __func__); > >>> + "segment silently dropped\n", s, __func__); > >>> free(s, M_TCPLOG); > >>> } > >>> + goto drop; > >>> } > >>> + /* > >>> + * If timestamps were not negotiated during SYN/ACK and a > >>> + * segment with a timestamp is received, ignore the > >>> + * timestamp and process the packet normally. > >>> + * See section 3.2 of RFC 7323. > >>> + */ > >>> if (!(tp->t_flags & TF_RCVD_TSTMP) && (to.to_flags & TOF_TS)) { > >>> if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { > >>> log(LOG_DEBUG, "%s; %s: Timestamp not expected, " > >>> - "no action\n", s, __func__); > >>> + "segment processed normally\n", s, __func__); > >>> free(s, M_TCPLOG); > >>> } > >>> } > >>> > >>> Modified: stable/12/sys/netinet/tcp_stacks/rack.c > >>> ============================================================================== > >>> --- stable/12/sys/netinet/tcp_stacks/rack.c Mon Nov 30 09:22:33 2020 (r368180) > >>> +++ stable/12/sys/netinet/tcp_stacks/rack.c Mon Nov 30 09:45:44 2020 (r368181) > >>> @@ -6708,7 +6708,27 @@ rack_hpts_do_segment(struct mbuf *m, struct tcphdr *th > >>> TCP_LOG_EVENT(tp, th, &so->so_rcv, &so->so_snd, TCP_LOG_IN, 0, > >>> tlen, &log, true); > >>> } > >>> + > >>> /* > >>> + * Parse options on any incoming segment. > >>> + */ > >>> + tcp_dooptions(&to, (u_char *)(th + 1), > >>> + (th->th_off << 2) - sizeof(struct tcphdr), > >>> + (thflags & TH_SYN) ? TO_SYN : 0); > >>> + > >>> + /* > >>> + * If timestamps were negotiated during SYN/ACK and a > >>> + * segment without a timestamp is received, silently drop > >>> + * the segment. > >>> + * See section 3.2 of RFC 7323. > >>> + */ > >>> + if ((tp->t_flags & TF_RCVD_TSTMP) && !(to.to_flags & TOF_TS)) { > >>> + way_out = 5; > >>> + retval = 0; > >>> + goto done_with_input; > >>> + } > >>> + > >>> + /* > >>> * Segment received on connection. Reset idle time and keep-alive > >>> * timer. XXX: This should be done after segment validation to > >>> * ignore broken/spoofed segs. > >>> @@ -6761,12 +6781,6 @@ rack_hpts_do_segment(struct mbuf *m, struct tcphdr *th > >>> rack_cong_signal(tp, th, CC_ECN); > >>> } > >>> } > >>> - /* > >>> - * Parse options on any incoming segment. > >>> - */ > >>> - tcp_dooptions(&to, (u_char *)(th + 1), > >>> - (th->th_off << 2) - sizeof(struct tcphdr), > >>> - (thflags & TH_SYN) ? TO_SYN : 0); > >>> > >>> /* > >>> * If echoed timestamp is later than the current time, fall back to > >>> @@ -6898,6 +6912,7 @@ rack_hpts_do_segment(struct mbuf *m, struct tcphdr *th > >>> rack_timer_audit(tp, rack, &so->so_snd); > >>> way_out = 2; > >>> } > >>> + done_with_input: > >>> rack_log_doseg_done(rack, cts, nxt_pkt, did_out, way_out); > >>> if (did_out) > >>> rack->r_wanted_output = 0; > >>> > >>> Modified: stable/12/sys/netinet/tcp_syncache.c > >>> ============================================================================== > >>> --- stable/12/sys/netinet/tcp_syncache.c Mon Nov 30 09:22:33 2020 (r368180) > >>> +++ stable/12/sys/netinet/tcp_syncache.c Mon Nov 30 09:45:44 2020 (r368181) > >>> @@ -1142,6 +1142,40 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt > >>> } > >>> > >>> /* > >>> + * If timestamps were not negotiated during SYN/ACK and a > >>> + * segment with a timestamp is received, ignore the > >>> + * timestamp and process the packet normally. > >>> + * See section 3.2 of RFC 7323. > >>> + */ > >>> + if (!(sc->sc_flags & SCF_TIMESTAMP) && > >>> + (to->to_flags & TOF_TS)) { > >>> + if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { > >>> + log(LOG_DEBUG, "%s; %s: Timestamp not " > >>> + "expected, segment processed normally\n", > >>> + s, __func__); > >>> + free(s, M_TCPLOG); > >>> + s = NULL; > >>> + } > >>> + } > >>> + > >>> + /* > >>> + * If timestamps were negotiated during SYN/ACK and a > >>> + * segment without a timestamp is received, silently drop > >>> + * the segment. > >>> + * See section 3.2 of RFC 7323. > >>> + */ > >>> + if ((sc->sc_flags & SCF_TIMESTAMP) && > >>> + !(to->to_flags & TOF_TS)) { > >>> + SCH_UNLOCK(sch); > >>> + if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { > >>> + log(LOG_DEBUG, "%s; %s: Timestamp missing, " > >>> + "segment silently dropped\n", s, __func__); > >>> + free(s, M_TCPLOG); > >>> + } > >>> + return (-1); /* Do not send RST */ > >>> + } > >>> + > >>> + /* > >>> * Pull out the entry to unlock the bucket row. > >>> * > >>> * NOTE: We must decrease TCPS_SYN_RECEIVED count here, not > >>> @@ -1184,32 +1218,6 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt > >>> log(LOG_DEBUG, "%s; %s: SEQ %u != IRS+1 %u, segment " > >>> "rejected\n", s, __func__, th->th_seq, sc->sc_irs); > >>> goto failed; > >>> - } > >>> - > >>> - /* > >>> - * If timestamps were not negotiated during SYN/ACK they > >>> - * must not appear on any segment during this session. > >>> - */ > >>> - if (!(sc->sc_flags & SCF_TIMESTAMP) && (to->to_flags & TOF_TS)) { > >>> - if ((s = tcp_log_addrs(inc, th, NULL, NULL))) > >>> - log(LOG_DEBUG, "%s; %s: Timestamp not expected, " > >>> - "segment rejected\n", s, __func__); > >>> - goto failed; > >>> - } > >>> - > >>> - /* > >>> - * If timestamps were negotiated during SYN/ACK they should > >>> - * appear on every segment during this session. > >>> - * XXXAO: This is only informal as there have been unverified > >>> - * reports of non-compliants stacks. > >>> - */ > >>> - if ((sc->sc_flags & SCF_TIMESTAMP) && !(to->to_flags & TOF_TS)) { > >>> - if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { > >>> - log(LOG_DEBUG, "%s; %s: Timestamp missing, " > >>> - "no action\n", s, __func__); > >>> - free(s, M_TCPLOG); > >>> - s = NULL; > >>> - } > >>> } > >>> > >>> *lsop = syncache_socket(sc, *lsop, m); > >>> > >>> Modified: stable/12/sys/netinet/tcp_timewait.c > >>> ============================================================================== > >>> --- stable/12/sys/netinet/tcp_timewait.c Mon Nov 30 09:22:33 2020 (r368180) > >>> +++ stable/12/sys/netinet/tcp_timewait.c Mon Nov 30 09:45:44 2020 (r368181) > >>> @@ -373,9 +373,10 @@ tcp_twstart(struct tcpcb *tp) > >>> /* > >>> * Returns 1 if the TIME_WAIT state was killed and we should start over, > >>> * looking for a pcb in the listen state. Returns 0 otherwise. > >>> + * It be called with to == NULL only for pure SYN-segments. > >>> */ > >>> int > >>> -tcp_twcheck(struct inpcb *inp, struct tcpopt *to __unused, struct tcphdr *th, > >>> +tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th, > >>> struct mbuf *m, int tlen) > >>> { > >>> struct tcptw *tw; > >>> @@ -396,6 +397,8 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to __unu > >>> goto drop; > >>> > >>> thflags = th->th_flags; > >>> + KASSERT(to != NULL || (thflags & (TH_SYN | TH_ACK)) == TH_SYN, > >>> + ("tcp_twcheck: called without options on a non-SYN segment")); > >>> > >>> /* > >>> * NOTE: for FIN_WAIT_2 (to be added later), > >>> @@ -443,6 +446,16 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to __unu > >>> */ > >>> if ((thflags & TH_ACK) == 0) > >>> goto drop; > >>> + > >>> + /* > >>> + * If timestamps were negotiated during SYN/ACK and a > >>> + * segment without a timestamp is received, silently drop > >>> + * the segment. > >>> + * See section 3.2 of RFC 7323. > >>> + */ > >>> + if (((to->to_flags & TOF_TS) == 0) && (tw->t_recent != 0)) { > >>> + goto drop; > >>> + } > >>> > >>> /* > >>> * Reset the 2MSL timer if this is a duplicate FIN. > From owner-svn-src-stable@freebsd.org Wed Jan 13 22:57:04 2021 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0D7204EA848; Wed, 13 Jan 2021 22:57:04 +0000 (UTC) (envelope-from tuexen@freebsd.org) Received: from drew.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.franken.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DGN9q60M7z3t3y; Wed, 13 Jan 2021 22:57:03 +0000 (UTC) (envelope-from tuexen@freebsd.org) Received: from [IPv6:2a02:8109:1140:c3d:85b:64f5:2460:6915] (unknown [IPv6:2a02:8109:1140:c3d:85b:64f5:2460:6915]) (Authenticated sender: macmic) by mail-n.franken.de (Postfix) with ESMTPSA id 17961721BE01D; Wed, 13 Jan 2021 23:56:58 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.40.0.2.32\)) Subject: Re: svn commit: r368181 - in stable/12/sys/netinet: . tcp_stacks From: Michael Tuexen In-Reply-To: Date: Wed, 13 Jan 2021 23:56:54 +0100 Cc: src-committers , svn-src-all , svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org, dmgk@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <202011300945.0AU9jilR008960@repo.freebsd.org> To: Kyle Evans X-Mailer: Apple Mail (2.3654.40.0.2.32) X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de X-Rspamd-Queue-Id: 4DGN9q60M7z3t3y X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jan 2021 22:57:04 -0000 > On 13. Jan 2021, at 16:33, Kyle Evans wrote: >=20 > On Wed, Jan 13, 2021 at 9:31 AM Michael Tuexen = wrote: >>=20 >>> On 13. Jan 2021, at 16:16, Kyle Evans wrote: >>>=20 >>> On Wed, Jan 6, 2021 at 9:01 AM Kyle Evans = wrote: >>>>=20 >>>> On Mon, Nov 30, 2020 at 3:45 AM Michael Tuexen = wrote: >>>>>=20 >>>>> Author: tuexen >>>>> Date: Mon Nov 30 09:45:44 2020 >>>>> New Revision: 368181 >>>>> URL: https://svnweb.freebsd.org/changeset/base/368181 >>>>>=20 >>>>> Log: >>>>> MFC r367530: >>>>> RFC 7323 specifies that: >>>>> * TCP segments without timestamps should be dropped when support = for >>>>> the timestamp option has been negotiated. >>>>> * TCP segments with timestamps should be processed normally if = support >>>>> for the timestamp option has not been negotiated. >>>>> This patch enforces the above. >>>>> Manually resolved merge conflicts. >>>>>=20 >>>>> MFC 367891: >>>>> Fix an issue I introuced in r367530: tcp_twcheck() can be called >>>>> with to =3D=3D NULL for SYN segments. So don't assume tp !=3D = NULL. >>>>> Thanks to jhb@ for reporting and suggesting a fix. >>>>>=20 >>>>> MFC r367946: >>>>> Fix two occurences of a typo in a comment introduced in r367530. >>>>> Thanks to lstewart@ for reporting them. >>>>>=20 >>>>=20 >>>> Hi Michael, >>>>=20 >>>> Dmitri (CC'd) spotted a regression in the golang test suite along >>>> stable/12 and bisected it back to this MFC (reported via >>>> efnet#bsdports). The test puts up a local HTTP server and attempts = to >>>> close the read-side while the write-side is still going, hopefully >>>> observing a write failure on the write-side in the process (but it >>>> never does). >>>>=20 >>>> I minimized it to this (rough) reproducer, which shows the write = side >>>> hanging around in CLOSE_WAIT and successfully writing the msg >>>> repeatedly on recent -CURRENT while 12.2 observes an EPIPE almost >>>> immediately: https://people.freebsd.org/~kevans/tcpr.c >>>>=20 >>>> root@viper:~/grep# sockstat -s | grep 8993 >>>> root a.out 80831 4 tcp4 127.0.0.1:8993 *:* >>>> LISTEN >>>> root a.out 80831 5 tcp4 127.0.0.1:8993 >>>> 127.0.0.1:40319 CLOSE_WAIT >>>> root@viper:~/grep# >>>>=20 >>>=20 >>> Ping? >> Hi Kyle, >>=20 >> thanks for pinging. I missed your original mail (not sure why it did = not end up in the >> correct mailbox). Will look into it later today/tomorrow. >>=20 >> Thanks for providing a reproducer. Just to get it crystal clear: You = say that the >> programs runs fine on CURRENT but not on stable/12. Is that correct? >>=20 >=20 > Excellent, thanks! It runs fine on 12.2, but not on an up-to-date > -CURRENT or stable/12 after this MFC. The issue should be fixed by https://reviews.freebsd.org/D28143 With that patch your reproducer terminates immediately, sometimes = reporting tuexen@head:~ % ./tcpr waiting for server attempting to connect got client connected, closing waiting write fail (bad!): 54 and sometimes reporting tuexen@head:~ % ./tcpr waiting for server attempting to connect connected, closing waiting got client pipe gone (good!) but that depends on the timing. Thanks for reporting the issue! Best regards Michael >> Best regards >> Michael >>>=20 >>>>>=20 >>>>> Modified: >>>>> stable/12/sys/netinet/tcp_input.c >>>>> stable/12/sys/netinet/tcp_stacks/rack.c >>>>> stable/12/sys/netinet/tcp_syncache.c >>>>> stable/12/sys/netinet/tcp_timewait.c >>>>> Directory Properties: >>>>> stable/12/ (props changed) >>>>>=20 >>>>> Modified: stable/12/sys/netinet/tcp_input.c >>>>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>>>> --- stable/12/sys/netinet/tcp_input.c Mon Nov 30 09:22:33 2020 = (r368180) >>>>> +++ stable/12/sys/netinet/tcp_input.c Mon Nov 30 09:45:44 2020 = (r368181) >>>>> @@ -975,8 +975,8 @@ findpcb: >>>>> } >>>>> INP_INFO_RLOCK_ASSERT(&V_tcbinfo); >>>>>=20 >>>>> - if (thflags & TH_SYN) >>>>> - tcp_dooptions(&to, optp, optlen, TO_SYN); >>>>> + tcp_dooptions(&to, optp, optlen, >>>>> + (thflags & TH_SYN) ? TO_SYN : 0); >>>>> /* >>>>> * NB: tcp_twcheck unlocks the INP and frees the = mbuf. >>>>> */ >>>>> @@ -1706,20 +1706,29 @@ tcp_do_segment(struct mbuf *m, struct = tcphdr *th, stru >>>>> } >>>>>=20 >>>>> /* >>>>> - * If timestamps were negotiated during SYN/ACK they = should >>>>> - * appear on every segment during this session and vice = versa. >>>>> + * If timestamps were negotiated during SYN/ACK and a >>>>> + * segment without a timestamp is received, silently drop >>>>> + * the segment. >>>>> + * See section 3.2 of RFC 7323. >>>>> */ >>>>> if ((tp->t_flags & TF_RCVD_TSTMP) && !(to.to_flags & = TOF_TS)) { >>>>> if ((s =3D tcp_log_addrs(inc, th, NULL, NULL))) { >>>>> log(LOG_DEBUG, "%s; %s: Timestamp missing, " >>>>> - "no action\n", s, __func__); >>>>> + "segment silently dropped\n", s, = __func__); >>>>> free(s, M_TCPLOG); >>>>> } >>>>> + goto drop; >>>>> } >>>>> + /* >>>>> + * If timestamps were not negotiated during SYN/ACK and a >>>>> + * segment with a timestamp is received, ignore the >>>>> + * timestamp and process the packet normally. >>>>> + * See section 3.2 of RFC 7323. >>>>> + */ >>>>> if (!(tp->t_flags & TF_RCVD_TSTMP) && (to.to_flags & = TOF_TS)) { >>>>> if ((s =3D tcp_log_addrs(inc, th, NULL, NULL))) { >>>>> log(LOG_DEBUG, "%s; %s: Timestamp not = expected, " >>>>> - "no action\n", s, __func__); >>>>> + "segment processed normally\n", s, = __func__); >>>>> free(s, M_TCPLOG); >>>>> } >>>>> } >>>>>=20 >>>>> Modified: stable/12/sys/netinet/tcp_stacks/rack.c >>>>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>>>> --- stable/12/sys/netinet/tcp_stacks/rack.c Mon Nov 30 = 09:22:33 2020 (r368180) >>>>> +++ stable/12/sys/netinet/tcp_stacks/rack.c Mon Nov 30 = 09:45:44 2020 (r368181) >>>>> @@ -6708,7 +6708,27 @@ rack_hpts_do_segment(struct mbuf *m, struct = tcphdr *th >>>>> TCP_LOG_EVENT(tp, th, &so->so_rcv, &so->so_snd, = TCP_LOG_IN, 0, >>>>> tlen, &log, true); >>>>> } >>>>> + >>>>> /* >>>>> + * Parse options on any incoming segment. >>>>> + */ >>>>> + tcp_dooptions(&to, (u_char *)(th + 1), >>>>> + (th->th_off << 2) - sizeof(struct tcphdr), >>>>> + (thflags & TH_SYN) ? TO_SYN : 0); >>>>> + >>>>> + /* >>>>> + * If timestamps were negotiated during SYN/ACK and a >>>>> + * segment without a timestamp is received, silently drop >>>>> + * the segment. >>>>> + * See section 3.2 of RFC 7323. >>>>> + */ >>>>> + if ((tp->t_flags & TF_RCVD_TSTMP) && !(to.to_flags & = TOF_TS)) { >>>>> + way_out =3D 5; >>>>> + retval =3D 0; >>>>> + goto done_with_input; >>>>> + } >>>>> + >>>>> + /* >>>>> * Segment received on connection. Reset idle time and = keep-alive >>>>> * timer. XXX: This should be done after segment validation = to >>>>> * ignore broken/spoofed segs. >>>>> @@ -6761,12 +6781,6 @@ rack_hpts_do_segment(struct mbuf *m, struct = tcphdr *th >>>>> rack_cong_signal(tp, th, CC_ECN); >>>>> } >>>>> } >>>>> - /* >>>>> - * Parse options on any incoming segment. >>>>> - */ >>>>> - tcp_dooptions(&to, (u_char *)(th + 1), >>>>> - (th->th_off << 2) - sizeof(struct tcphdr), >>>>> - (thflags & TH_SYN) ? TO_SYN : 0); >>>>>=20 >>>>> /* >>>>> * If echoed timestamp is later than the current time, fall = back to >>>>> @@ -6898,6 +6912,7 @@ rack_hpts_do_segment(struct mbuf *m, struct = tcphdr *th >>>>> rack_timer_audit(tp, rack, &so->so_snd); >>>>> way_out =3D 2; >>>>> } >>>>> + done_with_input: >>>>> rack_log_doseg_done(rack, cts, nxt_pkt, did_out, = way_out); >>>>> if (did_out) >>>>> rack->r_wanted_output =3D 0; >>>>>=20 >>>>> Modified: stable/12/sys/netinet/tcp_syncache.c >>>>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>>>> --- stable/12/sys/netinet/tcp_syncache.c Mon Nov 30 = 09:22:33 2020 (r368180) >>>>> +++ stable/12/sys/netinet/tcp_syncache.c Mon Nov 30 = 09:45:44 2020 (r368181) >>>>> @@ -1142,6 +1142,40 @@ syncache_expand(struct in_conninfo *inc, = struct tcpopt >>>>> } >>>>>=20 >>>>> /* >>>>> + * If timestamps were not negotiated during = SYN/ACK and a >>>>> + * segment with a timestamp is received, ignore = the >>>>> + * timestamp and process the packet normally. >>>>> + * See section 3.2 of RFC 7323. >>>>> + */ >>>>> + if (!(sc->sc_flags & SCF_TIMESTAMP) && >>>>> + (to->to_flags & TOF_TS)) { >>>>> + if ((s =3D tcp_log_addrs(inc, th, NULL, = NULL))) { >>>>> + log(LOG_DEBUG, "%s; %s: Timestamp = not " >>>>> + "expected, segment processed = normally\n", >>>>> + s, __func__); >>>>> + free(s, M_TCPLOG); >>>>> + s =3D NULL; >>>>> + } >>>>> + } >>>>> + >>>>> + /* >>>>> + * If timestamps were negotiated during SYN/ACK = and a >>>>> + * segment without a timestamp is received, = silently drop >>>>> + * the segment. >>>>> + * See section 3.2 of RFC 7323. >>>>> + */ >>>>> + if ((sc->sc_flags & SCF_TIMESTAMP) && >>>>> + !(to->to_flags & TOF_TS)) { >>>>> + SCH_UNLOCK(sch); >>>>> + if ((s =3D tcp_log_addrs(inc, th, NULL, = NULL))) { >>>>> + log(LOG_DEBUG, "%s; %s: Timestamp = missing, " >>>>> + "segment silently dropped\n", = s, __func__); >>>>> + free(s, M_TCPLOG); >>>>> + } >>>>> + return (-1); /* Do not send RST */ >>>>> + } >>>>> + >>>>> + /* >>>>> * Pull out the entry to unlock the bucket row. >>>>> * >>>>> * NOTE: We must decrease TCPS_SYN_RECEIVED count = here, not >>>>> @@ -1184,32 +1218,6 @@ syncache_expand(struct in_conninfo *inc, = struct tcpopt >>>>> log(LOG_DEBUG, "%s; %s: SEQ %u !=3D IRS+1 = %u, segment " >>>>> "rejected\n", s, __func__, th->th_seq, = sc->sc_irs); >>>>> goto failed; >>>>> - } >>>>> - >>>>> - /* >>>>> - * If timestamps were not negotiated during SYN/ACK they >>>>> - * must not appear on any segment during this session. >>>>> - */ >>>>> - if (!(sc->sc_flags & SCF_TIMESTAMP) && (to->to_flags & = TOF_TS)) { >>>>> - if ((s =3D tcp_log_addrs(inc, th, NULL, NULL))) >>>>> - log(LOG_DEBUG, "%s; %s: Timestamp not = expected, " >>>>> - "segment rejected\n", s, __func__); >>>>> - goto failed; >>>>> - } >>>>> - >>>>> - /* >>>>> - * If timestamps were negotiated during SYN/ACK they = should >>>>> - * appear on every segment during this session. >>>>> - * XXXAO: This is only informal as there have been = unverified >>>>> - * reports of non-compliants stacks. >>>>> - */ >>>>> - if ((sc->sc_flags & SCF_TIMESTAMP) && !(to->to_flags & = TOF_TS)) { >>>>> - if ((s =3D tcp_log_addrs(inc, th, NULL, NULL))) { >>>>> - log(LOG_DEBUG, "%s; %s: Timestamp missing, = " >>>>> - "no action\n", s, __func__); >>>>> - free(s, M_TCPLOG); >>>>> - s =3D NULL; >>>>> - } >>>>> } >>>>>=20 >>>>> *lsop =3D syncache_socket(sc, *lsop, m); >>>>>=20 >>>>> Modified: stable/12/sys/netinet/tcp_timewait.c >>>>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>>>> --- stable/12/sys/netinet/tcp_timewait.c Mon Nov 30 = 09:22:33 2020 (r368180) >>>>> +++ stable/12/sys/netinet/tcp_timewait.c Mon Nov 30 = 09:45:44 2020 (r368181) >>>>> @@ -373,9 +373,10 @@ tcp_twstart(struct tcpcb *tp) >>>>> /* >>>>> * Returns 1 if the TIME_WAIT state was killed and we should start = over, >>>>> * looking for a pcb in the listen state. Returns 0 otherwise. >>>>> + * It be called with to =3D=3D NULL only for pure SYN-segments. >>>>> */ >>>>> int >>>>> -tcp_twcheck(struct inpcb *inp, struct tcpopt *to __unused, struct = tcphdr *th, >>>>> +tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr = *th, >>>>> struct mbuf *m, int tlen) >>>>> { >>>>> struct tcptw *tw; >>>>> @@ -396,6 +397,8 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt = *to __unu >>>>> goto drop; >>>>>=20 >>>>> thflags =3D th->th_flags; >>>>> + KASSERT(to !=3D NULL || (thflags & (TH_SYN | TH_ACK)) =3D=3D= TH_SYN, >>>>> + ("tcp_twcheck: called without options on a non-SYN = segment")); >>>>>=20 >>>>> /* >>>>> * NOTE: for FIN_WAIT_2 (to be added later), >>>>> @@ -443,6 +446,16 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt = *to __unu >>>>> */ >>>>> if ((thflags & TH_ACK) =3D=3D 0) >>>>> goto drop; >>>>> + >>>>> + /* >>>>> + * If timestamps were negotiated during SYN/ACK and a >>>>> + * segment without a timestamp is received, silently drop >>>>> + * the segment. >>>>> + * See section 3.2 of RFC 7323. >>>>> + */ >>>>> + if (((to->to_flags & TOF_TS) =3D=3D 0) && (tw->t_recent !=3D= 0)) { >>>>> + goto drop; >>>>> + } >>>>>=20 >>>>> /* >>>>> * Reset the 2MSL timer if this is a duplicate FIN. >>=20 From owner-svn-src-stable@freebsd.org Wed Jan 13 23:00:45 2021 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 29FDC4EAAE3; Wed, 13 Jan 2021 23:00:45 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DGNG50cRQz3tDS; Wed, 13 Jan 2021 23:00:45 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from mail-vs1-f43.google.com (mail-vs1-f43.google.com [209.85.217.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id 07E0F2CEE4; Wed, 13 Jan 2021 23:00:45 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-vs1-f43.google.com with SMTP id b23so2068709vsp.9; Wed, 13 Jan 2021 15:00:45 -0800 (PST) X-Gm-Message-State: AOAM532gw7dXijpLDFfa4Rg513A+xjSWyFAPxIs7WqvonTmpTRF9qiY5 kN3nipfzPLMj6iByaJfvR6bKjZQorbAYlemLTBE= X-Google-Smtp-Source: ABdhPJx06d/YFtkvr+lKD8EVlUhDG4PQw67fIQiaBzaEfX4aAani/Cr4Ff/L9A4W0ASwFPOZCGP23HmknBtCBvaT6MA= X-Received: by 2002:a05:6102:3205:: with SMTP id r5mr4386030vsf.36.1610578844543; Wed, 13 Jan 2021 15:00:44 -0800 (PST) MIME-Version: 1.0 References: <202011300945.0AU9jilR008960@repo.freebsd.org> In-Reply-To: From: Kyle Evans Date: Wed, 13 Jan 2021 17:00:30 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r368181 - in stable/12/sys/netinet: . tcp_stacks To: Michael Tuexen Cc: src-committers , svn-src-all , svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org, dmgk@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jan 2021 23:00:45 -0000 On Wed, Jan 13, 2021 at 4:57 PM Michael Tuexen wrote: > > > On 13. Jan 2021, at 16:33, Kyle Evans wrote: > > > > On Wed, Jan 13, 2021 at 9:31 AM Michael Tuexen wrote: > >> > >>> On 13. Jan 2021, at 16:16, Kyle Evans wrote: > >>> > >>> On Wed, Jan 6, 2021 at 9:01 AM Kyle Evans wrote: > >>>> > >>>> On Mon, Nov 30, 2020 at 3:45 AM Michael Tuexen wrote: > >>>>> > >>>>> Author: tuexen > >>>>> Date: Mon Nov 30 09:45:44 2020 > >>>>> New Revision: 368181 > >>>>> URL: https://svnweb.freebsd.org/changeset/base/368181 > >>>>> > >>>>> Log: > >>>>> MFC r367530: > >>>>> RFC 7323 specifies that: > >>>>> * TCP segments without timestamps should be dropped when support for > >>>>> the timestamp option has been negotiated. > >>>>> * TCP segments with timestamps should be processed normally if support > >>>>> for the timestamp option has not been negotiated. > >>>>> This patch enforces the above. > >>>>> Manually resolved merge conflicts. > >>>>> > >>>>> MFC 367891: > >>>>> Fix an issue I introuced in r367530: tcp_twcheck() can be called > >>>>> with to == NULL for SYN segments. So don't assume tp != NULL. > >>>>> Thanks to jhb@ for reporting and suggesting a fix. > >>>>> > >>>>> MFC r367946: > >>>>> Fix two occurences of a typo in a comment introduced in r367530. > >>>>> Thanks to lstewart@ for reporting them. > >>>>> > >>>> > >>>> Hi Michael, > >>>> > >>>> Dmitri (CC'd) spotted a regression in the golang test suite along > >>>> stable/12 and bisected it back to this MFC (reported via > >>>> efnet#bsdports). The test puts up a local HTTP server and attempts to > >>>> close the read-side while the write-side is still going, hopefully > >>>> observing a write failure on the write-side in the process (but it > >>>> never does). > >>>> > >>>> I minimized it to this (rough) reproducer, which shows the write side > >>>> hanging around in CLOSE_WAIT and successfully writing the msg > >>>> repeatedly on recent -CURRENT while 12.2 observes an EPIPE almost > >>>> immediately: https://people.freebsd.org/~kevans/tcpr.c > >>>> > >>>> root@viper:~/grep# sockstat -s | grep 8993 > >>>> root a.out 80831 4 tcp4 127.0.0.1:8993 *:* > >>>> LISTEN > >>>> root a.out 80831 5 tcp4 127.0.0.1:8993 > >>>> 127.0.0.1:40319 CLOSE_WAIT > >>>> root@viper:~/grep# > >>>> > >>> > >>> Ping? > >> Hi Kyle, > >> > >> thanks for pinging. I missed your original mail (not sure why it did not end up in the > >> correct mailbox). Will look into it later today/tomorrow. > >> > >> Thanks for providing a reproducer. Just to get it crystal clear: You say that the > >> programs runs fine on CURRENT but not on stable/12. Is that correct? > >> > > > > Excellent, thanks! It runs fine on 12.2, but not on an up-to-date > > -CURRENT or stable/12 after this MFC. > The issue should be fixed by https://reviews.freebsd.org/D28143 > > With that patch your reproducer terminates immediately, sometimes reporting > tuexen@head:~ % ./tcpr > waiting for server > attempting to connect > got client > connected, closing > waiting > write fail (bad!): 54 > > and sometimes reporting > > tuexen@head:~ % ./tcpr > waiting for server > attempting to connect > connected, closing > waiting > got client > pipe gone (good!) > > but that depends on the timing. > A-ha, thanks! I can't imagine why I slapped a huge "bad!" blanket label on errors since ECONNRESET is exceedingly reasonable; thanks for the speedy resolution! :-) From owner-svn-src-stable@freebsd.org Thu Jan 14 14:18:14 2021 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 96B004E402E; Thu, 14 Jan 2021 14:18:14 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DGmcj4sNkz3wSW; Thu, 14 Jan 2021 14:18:13 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from mail-qk1-f170.google.com (mail-qk1-f170.google.com [209.85.222.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id 7C7273F13; Thu, 14 Jan 2021 14:18:12 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-qk1-f170.google.com with SMTP id c7so7982717qke.1; Thu, 14 Jan 2021 06:18:12 -0800 (PST) X-Gm-Message-State: AOAM530DcRpxwVEP5ConkurLiU/4M8y1ub5FXPCV8R9Tn2bYYoK1tVq6 AYSA66aWTHLKkpd5jYbkrvSXBxplEi8yGUf0f74= X-Google-Smtp-Source: ABdhPJxNgb2TKxzFQr4JvfX/6i0JVxE2VtLBRkEvwWBloRH/6EVDS30YtK3DYPENRPe93ItZKVBMOG0wkSJKxUzrKqs= X-Received: by 2002:a05:620a:14a:: with SMTP id e10mr7060681qkn.103.1610633891880; Thu, 14 Jan 2021 06:18:11 -0800 (PST) MIME-Version: 1.0 References: <202009110004.08B04NNO072373@repo.freebsd.org> In-Reply-To: <202009110004.08B04NNO072373@repo.freebsd.org> From: Kyle Evans Date: Thu, 14 Jan 2021 08:17:59 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r365619 - in stable/12/sys: conf sys To: Glen Barber Cc: src-committers , svn-src-all , svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org, FreeBSD Release Engineering Team Content-Type: text/plain; charset="UTF-8" X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2021 14:18:14 -0000 On Thu, Sep 10, 2020 at 7:04 PM Glen Barber wrote: > > Author: gjb > Date: Fri Sep 11 00:04:23 2020 > New Revision: 365619 > URL: https://svnweb.freebsd.org/changeset/base/365619 > > Log: > Rename stable/12 to -STABLE, and bump __FreeBSD_version after > releng/12.2 had been created. > I had wondered this before, and now I wonder again after a recent pkgbase discussion about versioning schemes. Why do we rename stable to -PRERELEASE at all? It's decidedly a (minor) downgrade to try to go from -PRERELEASE to -RELEASE since anyone that manages to get a -PRERELEASE build is still along -STABLE. Thanks, Kyle Evans > Modified: > stable/12/sys/conf/newvers.sh > stable/12/sys/sys/param.h > > Modified: stable/12/sys/conf/newvers.sh > ============================================================================== > --- stable/12/sys/conf/newvers.sh Thu Sep 10 23:56:59 2020 (r365618) > +++ stable/12/sys/conf/newvers.sh Fri Sep 11 00:04:23 2020 (r365619) > @@ -49,7 +49,7 @@ > > TYPE="FreeBSD" > REVISION="12.2" > -BRANCH=${BRANCH_OVERRIDE:-PRERELEASE} > +BRANCH=${BRANCH_OVERRIDE:-STABLE} > RELEASE="${REVISION}-${BRANCH}" > VERSION="${TYPE} ${RELEASE}" > > > Modified: stable/12/sys/sys/param.h > ============================================================================== > --- stable/12/sys/sys/param.h Thu Sep 10 23:56:59 2020 (r365618) > +++ stable/12/sys/sys/param.h Fri Sep 11 00:04:23 2020 (r365619) > @@ -60,7 +60,7 @@ > * in the range 5 to 9. > */ > #undef __FreeBSD_version > -#define __FreeBSD_version 1201526 /* Master, propagated to newvers */ > +#define __FreeBSD_version 1202500 /* Master, propagated to newvers */ > > /* > * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, From owner-svn-src-stable@freebsd.org Thu Jan 14 17:56:53 2021 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BA5114E9744; Thu, 14 Jan 2021 17:56:53 +0000 (UTC) (envelope-from gjb@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DGsT14ypJz4hcJ; Thu, 14 Jan 2021 17:56:53 +0000 (UTC) (envelope-from gjb@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1610647013; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=pOPZ5IPA9TW2/SR3K7Wr90JL6ZOMqJHbLABB2oZXep8=; b=TQlYsh66VdngJM2byP+3HT+HohvvGEVaJe9m0ZxWalU2ITiFrEM/XJf54XGa4gzirgyHP0 GlT/3eSSbMKE+rvW/piiYSPcS8/gSruM1XWdQhHaDXYNsDJWRaWpjKqDnMcEXsjQ9Jfio4 St+ORvBeMFTTgBjwXK06iqcC47jJ0DI1r4CBbQ/a4ezo0m76LJti0Vcq2aB/E/kWdlrRVJ PMMHichj6ulOinsVkUPg8kIErWq+5BsuxNDp3OM9F0uwjcyq7PRuc2tdpvtxkyxnsUEjFE SMaPohO3VLIEzlBKYmgYEbXnLW695LqVqAxRBiVU/kN/hBnBFie9+f7nwj9C5w== Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id 278DD15490; Thu, 14 Jan 2021 17:56:53 +0000 (UTC) (envelope-from gjb@freebsd.org) Date: Thu, 14 Jan 2021 17:56:50 +0000 From: Glen Barber To: Kyle Evans Cc: src-committers , svn-src-all , svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org, FreeBSD Release Engineering Team Subject: Re: svn commit: r365619 - in stable/12/sys: conf sys Message-ID: <20210114175650.GA5896@FreeBSD.org> References: <202009110004.08B04NNO072373@repo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="UugvWAfsgieZRqgk" Content-Disposition: inline In-Reply-To: ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1610647013; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=pOPZ5IPA9TW2/SR3K7Wr90JL6ZOMqJHbLABB2oZXep8=; b=xV/VpQzia0LR+l/Vwl8n+ybApgPFlQtHVNGGrUvkQgu5PxBu91xwQTfvriF7qKQuwXYgaE vEi0D/u/KI1xrZ8/tkcuDr/p/PK8cImpWIFSmpFUmMne6l147CkD6fxWvgSzNUoclA3vQ5 HLhx1I4zb5bTJRBAgDxO/oj5ntfFl8NED4YvMMULz9yEpDKPu0HYpmqTJUcuTR7+O+9Yyr +5/vL+p2jkKZ75eFtDRtp6MXOAo/hrG+hjEFwHEcqKzVW7iYkvdgvOO0oCbXSZIqd01Ikc okcxdsmWobmWc4ps4sqJjwn6Cb0liCRVAYVWnjvob+Xlv0mqJG+JBE/YHIdKcQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1610647013; a=rsa-sha256; cv=none; b=yHddp2ykc4ULXtxMfo5jW8x+PqHUOWrElN17LUjXK2hI+yjOdf8cc/v9OKs3DqM2s3COYB ZCIghHXCfxkilFnu1+2cF48gQBFVn9o2euA07Y+dIyQu0bWaf8nMXlaoj9Pgdu27XTFZDx TFPkUprs8KCeHC5rfF7QVW7vKT31RRPfeidLsB9xLR3WdhC65OI8GnepH7vr/6x08wN1Lj mj/ReFRnBRUmYeL+7+CNwWbM5cENKHMUyNVwKAnEuBx5HzhmObsIG4iIZFSxbulGd6IOEO 2gTsnl7sHcgSAw6vGpiqRWeyHRE+uf5/WgjqQSjYhQAii56/UwQsHRLXasYSyQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2021 17:56:53 -0000 --UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 14, 2021 at 08:17:59AM -0600, Kyle Evans wrote: > On Thu, Sep 10, 2020 at 7:04 PM Glen Barber wrote: > > > > Author: gjb > > Date: Fri Sep 11 00:04:23 2020 > > New Revision: 365619 > > URL: https://svnweb.freebsd.org/changeset/base/365619 > > > > Log: > > Rename stable/12 to -STABLE, and bump __FreeBSD_version after > > releng/12.2 had been created. > > >=20 > I had wondered this before, and now I wonder again after a recent > pkgbase discussion about versioning schemes. Why do we rename stable > to -PRERELEASE at all? It's decidedly a (minor) downgrade to try to go > from -PRERELEASE to -RELEASE since anyone that manages to get a > -PRERELEASE build is still along -STABLE. >=20 I believe the rationale here was to avoid calling the branch -STABLE until (at least) the -RELEASE or -RC* came out. But, we do not have code freezes on head/main or stable branches anymore, so -PRERELEASE is a marker for "the cycle is in progress, but the releng branch has not necessarily been created yet." For 13.0, there will not be a -PRERELEASE. Glen --UugvWAfsgieZRqgk Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAmAAhd4ACgkQAxRYpUeP 4pOJTA//bBeK4qjlsFAhFEgFLxyEFdWbn81vYsUvXh63tyTya2RFezxkZXnKVDQn yECIN32IJznAzW9RoKOMLPvPuKjC9jmUTTRCoIJh3PEGKuxg1v1nRqARBy/CkC/C gGlT+AD/EHWq11bjvnse+Sz73Epx6tdUyT+yyLEJr44Zee1F1VVfaLbtk57dQA6r hdBCNldOAAmyBkOcGIReqNG++as6oFl5habbzPYe72DfLoBzzTkOPuJyVFsXaBVS XwCp2GWqCFCvWVCpwjNtPFHjNOxYTEwQ+ihhv3tUxTAUJaiDs4X8iDxeRyLl+1vi phT42bzhZK+yrO3vURhY5cMEMRo0J3XxTgREG+gyWdABTiSlg+BJHZryCOfJZfrF 8J9I2/ev3NM9xlJsVCuZgBsGJezy4nWHcu7ICaw0p/JVvOe6A6q/10ekdVS1I/9+ u5/wNjZqcbxnqVQ1UqwDz/7EFcJBV+f3/3VLq2b7yw9RB6COh+lzUmlATIzOjZSh pD7Z7BfR7X4dm9u+x/jGZYewFXxU+bvCSTOmtmbEugdJGtEqWKSwq3rz8s0htuMP +p9RJfHfdKZnPdoOqtw8KgcDSzlxt/NGDvj+6VdJXg3xpMpZVU+Zqkd+w+P+l2DQ iocUWppxznaF6O1IrIcliJxkH6RNv17JSM+fQE8YObrkgvYNwmE= =Fx+8 -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk-- From owner-svn-src-stable@freebsd.org Thu Jan 14 18:04:32 2021 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E4CCA4E9A4D; Thu, 14 Jan 2021 18:04:32 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "anubis.delphij.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DGsdr5Nb3z4jcf; Thu, 14 Jan 2021 18:04:32 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from odin.corp.delphij.net (unknown [IPv6:2601:646:8601:f4a:74d3:a0b1:3bf:5e91]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id A2C92485FD; Thu, 14 Jan 2021 10:04:25 -0800 (PST) Reply-To: d@delphij.net To: Kyle Evans , Glen Barber Cc: src-committers , svn-src-all , svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org, FreeBSD Release Engineering Team References: <202009110004.08B04NNO072373@repo.freebsd.org> From: Xin Li Subject: Re: svn commit: r365619 - in stable/12/sys: conf sys Message-ID: Date: Thu, 14 Jan 2021 10:04:23 -0800 User-Agent: Thunderbird MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="4BDPcQYiutpqNLDjPkPW4qMZofX6sIhQC" X-Rspamd-Queue-Id: 4DGsdr5Nb3z4jcf X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2021 18:04:33 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --4BDPcQYiutpqNLDjPkPW4qMZofX6sIhQC Content-Type: multipart/mixed; boundary="VRQlL7GFsRSkb1C4tOFqwWbaVZBXiewU3"; protected-headers="v1" From: Xin Li Reply-To: d@delphij.net To: Kyle Evans , Glen Barber Cc: src-committers , svn-src-all , svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org, FreeBSD Release Engineering Team Message-ID: Subject: Re: svn commit: r365619 - in stable/12/sys: conf sys References: <202009110004.08B04NNO072373@repo.freebsd.org> In-Reply-To: --VRQlL7GFsRSkb1C4tOFqwWbaVZBXiewU3 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 1/14/21 06:17, Kyle Evans wrote: > On Thu, Sep 10, 2020 at 7:04 PM Glen Barber wrote: >> >> Author: gjb >> Date: Fri Sep 11 00:04:23 2020 >> New Revision: 365619 >> URL: https://svnweb.freebsd.org/changeset/base/365619 >> >> Log: >> Rename stable/12 to -STABLE, and bump __FreeBSD_version after >> releng/12.2 had been created. >> >=20 > I had wondered this before, and now I wonder again after a recent > pkgbase discussion about versioning schemes. Why do we rename stable > to -PRERELEASE at all? It's decidedly a (minor) downgrade to try to go > from -PRERELEASE to -RELEASE since anyone that manages to get a > -PRERELEASE build is still along -STABLE. -PRERELEASE indicates that the stable branch is currently in code freeze in preparation of a release. The expectation here is that whatever you are seeing in the build would end up in an upcoming release (X.Y), unless they were reverted (for -STABLE, they would go to the next release, or X.Y+1, or never, if X.Y is the last release). I believe traditionally we also bump __FreeBSD_version when -STABLE become -PRERELEASE, which typically happens when we enter a code freeze, but more recent -STABLE branches seems to have moved to doing __FreeBSD_version bumps at the time of -BETA, but technically I think we do want to bump __FreeBSD_version as early as we promoted -STABLE to -PRERELEASE to match the hardcoded version number... Cheers, --VRQlL7GFsRSkb1C4tOFqwWbaVZBXiewU3-- --4BDPcQYiutpqNLDjPkPW4qMZofX6sIhQC Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEceNg5NEMZIki80nQQHl/fJX0g08FAmAAh6cFAwAAAAAACgkQQHl/fJX0g085 nQ//fgqs0jl/xUT01chfoaxjePtHiQfQYgUeeK6Fq+bV8tLc6yaANq4QsGui/B7ShTs1GfJvECxo GrxtlTTt3yviBBxi1cYORVyH9np6gxFmsVAX6NGuSqSFM1hYSGmhb2Gr/UlI1/uzE+AMiMrAdhxc p24jMKwTuLkyb5bHiVYGtnfYxOHeTwtQ1EnXz4+qVFXvY4Z0kWHWZD6q+ltktEdZPaXeei3140vb iRYiukerj6bLBFW3W7CXAVW3IzTNYhg+Myq+xRu1MTeP44W72T0OTWE4MxZg9ZdTA6Juu/VHSNHA ZV8OB1qg/ESOLS6XdHp4FE9sNOscG/Nm7BRQnGAFVlL1LdrnSK5Q1JVU9jhk+ywAtRT1/rrcfkzZ BWbewDm8m/IDN5g4VmnwAG2BUHJ4ci4RDQRqtk6NRgy2Er4bcmwy2FzO+Ph7RqZgL5ndzYq7d6lh C4R2Qgg69Or52yQrL7y+4wtE4/LdrneOaI8UhoBwFLYaEZWRITMy4QzB59bhExLMGt7wSwofpZRl R6f5eO/9KAKmmWLMoj8Ok9n3enoBQ++TjayJ4cF9HJgByA47mWQ4q8q440lmiKhNnL32C6q4tS3Q UfQATvJUQx93bBdJe0r+nVDY6tcf18ULGMZqGRx45FjKs7OTZ43fAQETm3oM74NpI26kbcbpylfs P8o= =fpVm -----END PGP SIGNATURE----- --4BDPcQYiutpqNLDjPkPW4qMZofX6sIhQC-- From owner-svn-src-stable@freebsd.org Thu Jan 14 18:25:14 2021 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 50D4C4EA55F; Thu, 14 Jan 2021 18:25:14 +0000 (UTC) (envelope-from gjb@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DGt5k1mlgz4lKy; Thu, 14 Jan 2021 18:25:14 +0000 (UTC) (envelope-from gjb@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1610648714; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QCwQtjaNQhYynvrfrM2ANEnnssiqTLLmuOrLvNWK0/o=; b=K6D5AcGEfjWSNztgyHEpwKPfXTB1u2xgBJxadjgvB+f/WgVt7WaAD8Db77yB2nkFnwj1yL 42IXoCxGFslYc4FXp+sSDSL87AF9KGe7lpvxTnWadWQfy/FxEBcSTBElSqItF3xa360/Sl y27wT3RYJfBF8DDOTwFPHm3Dx7KOtMusuUESCoPVMC2ts4vDxhl735bOTKg3P2rXTaTaBl 7YqxuXfHcHmelC+LZYyd/X59lQWiTwpX1z076lxxrJCRuvHXDA+ww0Z2jSTTfpodx4vzlD KMMBZRFRlSefHagw4zCrv4UVmAYSip7wvFIQysQp0GJa+Acd3FEtxeyjxtjHPg== Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id A6818160C2; Thu, 14 Jan 2021 18:25:13 +0000 (UTC) (envelope-from gjb@freebsd.org) Date: Thu, 14 Jan 2021 18:25:11 +0000 From: Glen Barber To: d@delphij.net Cc: Kyle Evans , src-committers , svn-src-all , svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org, FreeBSD Release Engineering Team Subject: Re: svn commit: r365619 - in stable/12/sys: conf sys Message-ID: <20210114182511.GB5896@FreeBSD.org> References: <202009110004.08B04NNO072373@repo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="pvezYHf7grwyp3Bc" Content-Disposition: inline In-Reply-To: ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1610648714; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QCwQtjaNQhYynvrfrM2ANEnnssiqTLLmuOrLvNWK0/o=; b=E8bM9y7FheiYYwtfORWeaty1Smb6eILWADgiS0QAxFyxlK/XTTK3QTvof9Yun2WnNfobJe IYsJW4LBZq8bvnz6x/FCbfw7eJG2M0JvrUt69wggD/3nXA+OaccqnklfRb3JF1yuMXCCkX +jlbdUOxqp0ojtG9v0Q7BoC+EKxC65j8bs97bHfx07xTObN1iSjnWTzwXneUPovws9FdUv PwEM1kGXB2dihQP37fWjgjYBZTNM4RO4BujNw3+wM5uo4gH8/449bPWr+FTn6GCtJMtr2w iJvjZNjQSteAnsfPv0pwFCDU0tMpSXjuKtjc7nVO8cgongIXuWdhYFXy2/st/g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1610648714; a=rsa-sha256; cv=none; b=a/8PQhOJyeLJfmfAKV9BvnZV3ga+Q/3onpu9gqtV1ZUhJMG9BoRwrQcBKjJLJy1iI0NdY+ hpIcNMQeKwd6rkwMOGccmyW8NoAgv8XSfxXE/WbtNFUZRspPBgKvJJcPTIyuOSHUaY5ZrI 35Be1YwThy4G2LD2bYNypk3iYHCtkV+kOl/OLwc/3g8LeQO/Ds0ZV/pT4MG/ZWu7aOjqiA cUW/ayX6x+j9wrdxcIZ8gtzn4hj18V8AlEZl93DRr9CIZuIjEt0RjfYNvSHXd1sfRYCUTQ H9vSdIHILPzd2ZfYp7uIbwwYH0zvCufwPt/+B9xdBijpKSkAyzCa7dSq9cj9Yg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2021 18:25:14 -0000 --pvezYHf7grwyp3Bc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 14, 2021 at 10:04:23AM -0800, Xin Li wrote: > I believe traditionally we also bump __FreeBSD_version when -STABLE > become -PRERELEASE, which typically happens when we enter a code freeze, > but more recent -STABLE branches seems to have moved to doing > __FreeBSD_version bumps at the time of -BETA, but technically I think we > do want to bump __FreeBSD_version as early as we promoted -STABLE to > -PRERELEASE to match the hardcoded version number... >=20 The __FreeBSD_version bump happens when the stable branch is created, correct. The problem with statically setting it earlier is if a change happens that warrants bumping the __FreeBSD_version (similarly to why we do not bump it for SAs/ENs). Glen --pvezYHf7grwyp3Bc Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAmAAjIcACgkQAxRYpUeP 4pM6Iw//f6otghuFUAqDu3j7bFg88WYPz5Gqa9qoaxTlvUs1DFNWajTTMG9SBgPo R7IwBVAbIB6GDLgYigmW9OVBrUQKAZb1pWnvWvdo4l0mtnGyfyOx4mVVcBCnKjBR SPuxqGFqCMxHZOtITsp/Bcahps87L2kQ2UD8JP7pkXieDM8rknsCPGXsjGFzVSvB wOhjWhSVLogFXQxx7Fx00CXVuB7EQffUqKQ93clndnn/WJT3pbreq/kfS25JjNBd jzFFoP2rJ2qLwo+tDyHXdi6hf393BPbq3fYsMw2TSOa9joLVAV6ZU7MNHQoRBX/1 P4jaKLpEhDsX8C6R77mMhpyMl4bNbPu0PfFMs4scgsqLJXiEt6zZJNuUpYq29zHJ sDLPt0IR5BX5ytIB5vpUyYAp1XrnSZTTrvbM+YXxbe5UQVvZPfKZlALUCcoBwZJ6 pFm2WyZfU5C0fbzbeyf89qg1PJzHNGYEhw+4FnRupByfiVWe5PjMzs2gafJ0VOk9 eXoMUGaYBSBrjPBktz75z29ZZxAho1lqD63mvguz0CyAp72iG7yRWHlOXsJrqjPY ueNWw/egFWtCRReHYLz1VDtrQXLi1nMbodl7/rVCM0Hf3J2S1PYOPLSUKd6AevNV HAQYabaJVGw2/OUXhTpmAhMIREgtl+hKxS4f74Smi3V/ntEOB3Y= =MyB6 -----END PGP SIGNATURE----- --pvezYHf7grwyp3Bc-- From owner-svn-src-stable@freebsd.org Thu Jan 14 21:19:14 2021 Return-Path: Delivered-To: svn-src-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 982654EE0FA; Thu, 14 Jan 2021 21:19:14 +0000 (UTC) (envelope-from tuexen@freebsd.org) Received: from drew.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.franken.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DGxyV1ZWxz3FHv; Thu, 14 Jan 2021 21:19:13 +0000 (UTC) (envelope-from tuexen@freebsd.org) Received: from [IPv6:2a02:8109:1140:c3d:85b:64f5:2460:6915] (unknown [IPv6:2a02:8109:1140:c3d:85b:64f5:2460:6915]) (Authenticated sender: macmic) by mail-n.franken.de (Postfix) with ESMTPSA id 3CEF27220CCE2; Thu, 14 Jan 2021 22:19:01 +0100 (CET) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.40.0.2.32\)) Subject: Re: svn commit: r368181 - in stable/12/sys/netinet: . tcp_stacks From: Michael Tuexen In-Reply-To: Date: Thu, 14 Jan 2021 22:18:57 +0100 Cc: src-committers , svn-src-all , svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org, dmgk@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <6FFD1F25-2298-407B-A222-D8D8E893E382@freebsd.org> References: <202011300945.0AU9jilR008960@repo.freebsd.org> To: Kyle Evans X-Mailer: Apple Mail (2.3654.40.0.2.32) X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de X-Rspamd-Queue-Id: 4DGxyV1ZWxz3FHv X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.00 / 15.00]; local_wl_from(0.00)[freebsd.org]; ASN(0.00)[asn:680, ipnet:2001:638::/32, country:DE] X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2021 21:19:14 -0000 > On 13. Jan 2021, at 16:33, Kyle Evans wrote: >=20 > On Wed, Jan 13, 2021 at 9:31 AM Michael Tuexen = wrote: >>=20 >>> On 13. Jan 2021, at 16:16, Kyle Evans wrote: >>>=20 >>> On Wed, Jan 6, 2021 at 9:01 AM Kyle Evans = wrote: >>>>=20 >>>> On Mon, Nov 30, 2020 at 3:45 AM Michael Tuexen = wrote: >>>>>=20 >>>>> Author: tuexen >>>>> Date: Mon Nov 30 09:45:44 2020 >>>>> New Revision: 368181 >>>>> URL: https://svnweb.freebsd.org/changeset/base/368181 >>>>>=20 >>>>> Log: >>>>> MFC r367530: >>>>> RFC 7323 specifies that: >>>>> * TCP segments without timestamps should be dropped when support = for >>>>> the timestamp option has been negotiated. >>>>> * TCP segments with timestamps should be processed normally if = support >>>>> for the timestamp option has not been negotiated. >>>>> This patch enforces the above. >>>>> Manually resolved merge conflicts. >>>>>=20 >>>>> MFC 367891: >>>>> Fix an issue I introuced in r367530: tcp_twcheck() can be called >>>>> with to =3D=3D NULL for SYN segments. So don't assume tp !=3D = NULL. >>>>> Thanks to jhb@ for reporting and suggesting a fix. >>>>>=20 >>>>> MFC r367946: >>>>> Fix two occurences of a typo in a comment introduced in r367530. >>>>> Thanks to lstewart@ for reporting them. >>>>>=20 >>>>=20 >>>> Hi Michael, >>>>=20 >>>> Dmitri (CC'd) spotted a regression in the golang test suite along >>>> stable/12 and bisected it back to this MFC (reported via >>>> efnet#bsdports). The test puts up a local HTTP server and attempts = to >>>> close the read-side while the write-side is still going, hopefully >>>> observing a write failure on the write-side in the process (but it >>>> never does). >>>>=20 >>>> I minimized it to this (rough) reproducer, which shows the write = side >>>> hanging around in CLOSE_WAIT and successfully writing the msg >>>> repeatedly on recent -CURRENT while 12.2 observes an EPIPE almost >>>> immediately: https://people.freebsd.org/~kevans/tcpr.c >>>>=20 >>>> root@viper:~/grep# sockstat -s | grep 8993 >>>> root a.out 80831 4 tcp4 127.0.0.1:8993 *:* >>>> LISTEN >>>> root a.out 80831 5 tcp4 127.0.0.1:8993 >>>> 127.0.0.1:40319 CLOSE_WAIT >>>> root@viper:~/grep# >>>>=20 >>>=20 >>> Ping? >> Hi Kyle, >>=20 >> thanks for pinging. I missed your original mail (not sure why it did = not end up in the >> correct mailbox). Will look into it later today/tomorrow. >>=20 >> Thanks for providing a reproducer. Just to get it crystal clear: You = say that the >> programs runs fine on CURRENT but not on stable/12. Is that correct? >>=20 >=20 > Excellent, thanks! It runs fine on 12.2, but not on an up-to-date > -CURRENT or stable/12 after this MFC. Fixed in = https://cgit.FreeBSD.org/src/commit/?id=3Dcc3c34859eab1b317d0f38731355b53f= 7d978c97 Thanks again for the report! Best regards Michael >=20 >> Best regards >> Michael >>>=20 >>>>>=20 >>>>> Modified: >>>>> stable/12/sys/netinet/tcp_input.c >>>>> stable/12/sys/netinet/tcp_stacks/rack.c >>>>> stable/12/sys/netinet/tcp_syncache.c >>>>> stable/12/sys/netinet/tcp_timewait.c >>>>> Directory Properties: >>>>> stable/12/ (props changed) >>>>>=20 >>>>> Modified: stable/12/sys/netinet/tcp_input.c >>>>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>>>> --- stable/12/sys/netinet/tcp_input.c Mon Nov 30 09:22:33 2020 = (r368180) >>>>> +++ stable/12/sys/netinet/tcp_input.c Mon Nov 30 09:45:44 2020 = (r368181) >>>>> @@ -975,8 +975,8 @@ findpcb: >>>>> } >>>>> INP_INFO_RLOCK_ASSERT(&V_tcbinfo); >>>>>=20 >>>>> - if (thflags & TH_SYN) >>>>> - tcp_dooptions(&to, optp, optlen, TO_SYN); >>>>> + tcp_dooptions(&to, optp, optlen, >>>>> + (thflags & TH_SYN) ? TO_SYN : 0); >>>>> /* >>>>> * NB: tcp_twcheck unlocks the INP and frees the = mbuf. >>>>> */ >>>>> @@ -1706,20 +1706,29 @@ tcp_do_segment(struct mbuf *m, struct = tcphdr *th, stru >>>>> } >>>>>=20 >>>>> /* >>>>> - * If timestamps were negotiated during SYN/ACK they = should >>>>> - * appear on every segment during this session and vice = versa. >>>>> + * If timestamps were negotiated during SYN/ACK and a >>>>> + * segment without a timestamp is received, silently drop >>>>> + * the segment. >>>>> + * See section 3.2 of RFC 7323. >>>>> */ >>>>> if ((tp->t_flags & TF_RCVD_TSTMP) && !(to.to_flags & = TOF_TS)) { >>>>> if ((s =3D tcp_log_addrs(inc, th, NULL, NULL))) { >>>>> log(LOG_DEBUG, "%s; %s: Timestamp missing, " >>>>> - "no action\n", s, __func__); >>>>> + "segment silently dropped\n", s, = __func__); >>>>> free(s, M_TCPLOG); >>>>> } >>>>> + goto drop; >>>>> } >>>>> + /* >>>>> + * If timestamps were not negotiated during SYN/ACK and a >>>>> + * segment with a timestamp is received, ignore the >>>>> + * timestamp and process the packet normally. >>>>> + * See section 3.2 of RFC 7323. >>>>> + */ >>>>> if (!(tp->t_flags & TF_RCVD_TSTMP) && (to.to_flags & = TOF_TS)) { >>>>> if ((s =3D tcp_log_addrs(inc, th, NULL, NULL))) { >>>>> log(LOG_DEBUG, "%s; %s: Timestamp not = expected, " >>>>> - "no action\n", s, __func__); >>>>> + "segment processed normally\n", s, = __func__); >>>>> free(s, M_TCPLOG); >>>>> } >>>>> } >>>>>=20 >>>>> Modified: stable/12/sys/netinet/tcp_stacks/rack.c >>>>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>>>> --- stable/12/sys/netinet/tcp_stacks/rack.c Mon Nov 30 = 09:22:33 2020 (r368180) >>>>> +++ stable/12/sys/netinet/tcp_stacks/rack.c Mon Nov 30 = 09:45:44 2020 (r368181) >>>>> @@ -6708,7 +6708,27 @@ rack_hpts_do_segment(struct mbuf *m, struct = tcphdr *th >>>>> TCP_LOG_EVENT(tp, th, &so->so_rcv, &so->so_snd, = TCP_LOG_IN, 0, >>>>> tlen, &log, true); >>>>> } >>>>> + >>>>> /* >>>>> + * Parse options on any incoming segment. >>>>> + */ >>>>> + tcp_dooptions(&to, (u_char *)(th + 1), >>>>> + (th->th_off << 2) - sizeof(struct tcphdr), >>>>> + (thflags & TH_SYN) ? TO_SYN : 0); >>>>> + >>>>> + /* >>>>> + * If timestamps were negotiated during SYN/ACK and a >>>>> + * segment without a timestamp is received, silently drop >>>>> + * the segment. >>>>> + * See section 3.2 of RFC 7323. >>>>> + */ >>>>> + if ((tp->t_flags & TF_RCVD_TSTMP) && !(to.to_flags & = TOF_TS)) { >>>>> + way_out =3D 5; >>>>> + retval =3D 0; >>>>> + goto done_with_input; >>>>> + } >>>>> + >>>>> + /* >>>>> * Segment received on connection. Reset idle time and = keep-alive >>>>> * timer. XXX: This should be done after segment validation = to >>>>> * ignore broken/spoofed segs. >>>>> @@ -6761,12 +6781,6 @@ rack_hpts_do_segment(struct mbuf *m, struct = tcphdr *th >>>>> rack_cong_signal(tp, th, CC_ECN); >>>>> } >>>>> } >>>>> - /* >>>>> - * Parse options on any incoming segment. >>>>> - */ >>>>> - tcp_dooptions(&to, (u_char *)(th + 1), >>>>> - (th->th_off << 2) - sizeof(struct tcphdr), >>>>> - (thflags & TH_SYN) ? TO_SYN : 0); >>>>>=20 >>>>> /* >>>>> * If echoed timestamp is later than the current time, fall = back to >>>>> @@ -6898,6 +6912,7 @@ rack_hpts_do_segment(struct mbuf *m, struct = tcphdr *th >>>>> rack_timer_audit(tp, rack, &so->so_snd); >>>>> way_out =3D 2; >>>>> } >>>>> + done_with_input: >>>>> rack_log_doseg_done(rack, cts, nxt_pkt, did_out, = way_out); >>>>> if (did_out) >>>>> rack->r_wanted_output =3D 0; >>>>>=20 >>>>> Modified: stable/12/sys/netinet/tcp_syncache.c >>>>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>>>> --- stable/12/sys/netinet/tcp_syncache.c Mon Nov 30 = 09:22:33 2020 (r368180) >>>>> +++ stable/12/sys/netinet/tcp_syncache.c Mon Nov 30 = 09:45:44 2020 (r368181) >>>>> @@ -1142,6 +1142,40 @@ syncache_expand(struct in_conninfo *inc, = struct tcpopt >>>>> } >>>>>=20 >>>>> /* >>>>> + * If timestamps were not negotiated during = SYN/ACK and a >>>>> + * segment with a timestamp is received, ignore = the >>>>> + * timestamp and process the packet normally. >>>>> + * See section 3.2 of RFC 7323. >>>>> + */ >>>>> + if (!(sc->sc_flags & SCF_TIMESTAMP) && >>>>> + (to->to_flags & TOF_TS)) { >>>>> + if ((s =3D tcp_log_addrs(inc, th, NULL, = NULL))) { >>>>> + log(LOG_DEBUG, "%s; %s: Timestamp = not " >>>>> + "expected, segment processed = normally\n", >>>>> + s, __func__); >>>>> + free(s, M_TCPLOG); >>>>> + s =3D NULL; >>>>> + } >>>>> + } >>>>> + >>>>> + /* >>>>> + * If timestamps were negotiated during SYN/ACK = and a >>>>> + * segment without a timestamp is received, = silently drop >>>>> + * the segment. >>>>> + * See section 3.2 of RFC 7323. >>>>> + */ >>>>> + if ((sc->sc_flags & SCF_TIMESTAMP) && >>>>> + !(to->to_flags & TOF_TS)) { >>>>> + SCH_UNLOCK(sch); >>>>> + if ((s =3D tcp_log_addrs(inc, th, NULL, = NULL))) { >>>>> + log(LOG_DEBUG, "%s; %s: Timestamp = missing, " >>>>> + "segment silently dropped\n", = s, __func__); >>>>> + free(s, M_TCPLOG); >>>>> + } >>>>> + return (-1); /* Do not send RST */ >>>>> + } >>>>> + >>>>> + /* >>>>> * Pull out the entry to unlock the bucket row. >>>>> * >>>>> * NOTE: We must decrease TCPS_SYN_RECEIVED count = here, not >>>>> @@ -1184,32 +1218,6 @@ syncache_expand(struct in_conninfo *inc, = struct tcpopt >>>>> log(LOG_DEBUG, "%s; %s: SEQ %u !=3D IRS+1 = %u, segment " >>>>> "rejected\n", s, __func__, th->th_seq, = sc->sc_irs); >>>>> goto failed; >>>>> - } >>>>> - >>>>> - /* >>>>> - * If timestamps were not negotiated during SYN/ACK they >>>>> - * must not appear on any segment during this session. >>>>> - */ >>>>> - if (!(sc->sc_flags & SCF_TIMESTAMP) && (to->to_flags & = TOF_TS)) { >>>>> - if ((s =3D tcp_log_addrs(inc, th, NULL, NULL))) >>>>> - log(LOG_DEBUG, "%s; %s: Timestamp not = expected, " >>>>> - "segment rejected\n", s, __func__); >>>>> - goto failed; >>>>> - } >>>>> - >>>>> - /* >>>>> - * If timestamps were negotiated during SYN/ACK they = should >>>>> - * appear on every segment during this session. >>>>> - * XXXAO: This is only informal as there have been = unverified >>>>> - * reports of non-compliants stacks. >>>>> - */ >>>>> - if ((sc->sc_flags & SCF_TIMESTAMP) && !(to->to_flags & = TOF_TS)) { >>>>> - if ((s =3D tcp_log_addrs(inc, th, NULL, NULL))) { >>>>> - log(LOG_DEBUG, "%s; %s: Timestamp missing, = " >>>>> - "no action\n", s, __func__); >>>>> - free(s, M_TCPLOG); >>>>> - s =3D NULL; >>>>> - } >>>>> } >>>>>=20 >>>>> *lsop =3D syncache_socket(sc, *lsop, m); >>>>>=20 >>>>> Modified: stable/12/sys/netinet/tcp_timewait.c >>>>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>>>> --- stable/12/sys/netinet/tcp_timewait.c Mon Nov 30 = 09:22:33 2020 (r368180) >>>>> +++ stable/12/sys/netinet/tcp_timewait.c Mon Nov 30 = 09:45:44 2020 (r368181) >>>>> @@ -373,9 +373,10 @@ tcp_twstart(struct tcpcb *tp) >>>>> /* >>>>> * Returns 1 if the TIME_WAIT state was killed and we should start = over, >>>>> * looking for a pcb in the listen state. Returns 0 otherwise. >>>>> + * It be called with to =3D=3D NULL only for pure SYN-segments. >>>>> */ >>>>> int >>>>> -tcp_twcheck(struct inpcb *inp, struct tcpopt *to __unused, struct = tcphdr *th, >>>>> +tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr = *th, >>>>> struct mbuf *m, int tlen) >>>>> { >>>>> struct tcptw *tw; >>>>> @@ -396,6 +397,8 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt = *to __unu >>>>> goto drop; >>>>>=20 >>>>> thflags =3D th->th_flags; >>>>> + KASSERT(to !=3D NULL || (thflags & (TH_SYN | TH_ACK)) =3D=3D= TH_SYN, >>>>> + ("tcp_twcheck: called without options on a non-SYN = segment")); >>>>>=20 >>>>> /* >>>>> * NOTE: for FIN_WAIT_2 (to be added later), >>>>> @@ -443,6 +446,16 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt = *to __unu >>>>> */ >>>>> if ((thflags & TH_ACK) =3D=3D 0) >>>>> goto drop; >>>>> + >>>>> + /* >>>>> + * If timestamps were negotiated during SYN/ACK and a >>>>> + * segment without a timestamp is received, silently drop >>>>> + * the segment. >>>>> + * See section 3.2 of RFC 7323. >>>>> + */ >>>>> + if (((to->to_flags & TOF_TS) =3D=3D 0) && (tw->t_recent !=3D= 0)) { >>>>> + goto drop; >>>>> + } >>>>>=20 >>>>> /* >>>>> * Reset the 2MSL timer if this is a duplicate FIN. >>=20