From owner-svn-src-stable-11@freebsd.org Mon Dec 5 06:20:28 2016 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7513DC67CAE; Mon, 5 Dec 2016 06:20:28 +0000 (UTC) (envelope-from hiren@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 410401E36; Mon, 5 Dec 2016 06:20:28 +0000 (UTC) (envelope-from hiren@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id uB56KR12025640; Mon, 5 Dec 2016 06:20:27 GMT (envelope-from hiren@FreeBSD.org) Received: (from hiren@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id uB56KRuO025639; Mon, 5 Dec 2016 06:20:27 GMT (envelope-from hiren@FreeBSD.org) Message-Id: <201612050620.uB56KRuO025639@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: hiren set sender to hiren@FreeBSD.org using -f From: Hiren Panchasara Date: Mon, 5 Dec 2016 06:20:27 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r309548 - stable/11/sys/netinet X-SVN-Group: stable-11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2016 06:20:28 -0000 Author: hiren Date: Mon Dec 5 06:20:27 2016 New Revision: 309548 URL: https://svnweb.freebsd.org/changeset/base/309548 Log: MFC r308943 For RTT calculations mid-session, we explicitly ignore ACKs with tsecr of 0 as many borken middle-boxes tend to do that. But during 3whs, in syncache_expand(), we don't do that which causes us to send a RST to such a client. Relax this constraint by only using tsecr to compare against timestamp that we sent when it is not 0. As a result, we'd now accept the final ACK of 3whs with tsecr of 0. Sponsored by: Limelight Networks Modified: stable/11/sys/netinet/tcp_syncache.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/tcp_syncache.c ============================================================================== --- stable/11/sys/netinet/tcp_syncache.c Mon Dec 5 03:11:52 2016 (r309547) +++ stable/11/sys/netinet/tcp_syncache.c Mon Dec 5 06:20:27 2016 (r309548) @@ -1069,10 +1069,17 @@ syncache_expand(struct in_conninfo *inc, } /* - * If timestamps were negotiated the reflected timestamp - * must be equal to what we actually sent in the SYN|ACK. + * If timestamps were negotiated, the reflected timestamp + * must be equal to what we actually sent in the SYN|ACK + * except in the case of 0. Some boxes are known for sending + * broken timestamp replies during the 3whs (and potentially + * during the connection also). + * + * Accept the final ACK of 3whs with reflected timestamp of 0 + * instead of sending a RST and deleting the syncache entry. */ - if ((to->to_flags & TOF_TS) && to->to_tsecr != sc->sc_ts) { + if ((to->to_flags & TOF_TS) && to->to_tsecr && + to->to_tsecr != sc->sc_ts) { if ((s = tcp_log_addrs(inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: TSECR %u != TS %u, " "segment rejected\n",