From owner-freebsd-net@FreeBSD.ORG Sat Mar 26 22:43:41 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A49EB106566B for ; Sat, 26 Mar 2011 22:43:41 +0000 (UTC) (envelope-from sec@42.org) Received: from ice.42.org (v6.42.org [IPv6:2001:608:9::1]) by mx1.freebsd.org (Postfix) with ESMTP id 588998FC0A for ; Sat, 26 Mar 2011 22:43:41 +0000 (UTC) Received: by ice.42.org (Postfix, from userid 1000) id 8A0C828419; Sat, 26 Mar 2011 23:43:40 +0100 (CET) Date: Sat, 26 Mar 2011 23:43:40 +0100 From: Stefan `Sec` Zehl To: freebsd-net@freebsd.org Message-ID: <20110326224340.GB23803@ice.42.org> Mail-Followup-To: freebsd-net@freebsd.org References: <4D8B99B4.4070404@FreeBSD.org> <201103250825.10674.jhb@freebsd.org> <20110325194109.GB25392@ice.42.org> <201103251640.16147.jhb@freebsd.org> <20110326140212.GB45402@ice.42.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20110326140212.GB45402@ice.42.org> User-Agent: Mutt/1.4.2.3i I-love-doing-this: really X-Modeline: vim:set ts=8 sw=4 smarttab tw=72 si noic notitle: Accept-Languages: de, en X-URL: http://sec.42.org/ Subject: Re: The tale of a TCP bug X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Mar 2011 22:43:41 -0000 Hi, > On Fri, Mar 25, 2011 at 16:40 -0400, John Baldwin wrote: > > And the problem is that the code that uses 'adv' to determine if it > > sound send a window update to the remote end is falsely succeeding due > > to the overflow causing tcp_output() to 'goto send' but that it then > > fails to send any data because it thinks the remote window is full? On a whim I wanted to find out, how often that overflow is triggered in normal operation, and whipped up a quick counter-sysctl. --- sys/netinet/tcp_output.c.org 2011-01-04 19:27:00.000000000 +0100 +++ sys/netinet/tcp_output.c 2011-03-26 18:49:30.000000000 +0100 @@ -87,6 +87,11 @@ extern struct mbuf *m_copypack(); #endif +VNET_DEFINE(int, adv_neg) = 0; +SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, adv_neg, CTLFLAG_RD, + &VNET_NAME(adv_neg), 1, + "How many times adv got negative"); + VNET_DEFINE(int, path_mtu_discovery) = 1; SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, path_mtu_discovery, CTLFLAG_RW, &VNET_NAME(path_mtu_discovery), 1, @@ -573,6 +578,10 @@ long adv = min(recwin, (long)TCP_MAXWIN << tp->rcv_scale) - (tp->rcv_adv - tp->rcv_nxt); + if(min(recwin, (long)TCP_MAXWIN << tp->rcv_scale) < + (tp->rcv_adv - tp->rcv_nxt)) + adv_neg++; + if (adv >= (long) (2 * tp->t_maxseg)) goto send; if (2 * adv >= (long) so->so_rcv.sb_hiwat) I booted my main (web/shell) box with (only) this patch: 11:36PM up 3:50, 1 user, load averages: 2.29, 1.51, 0.73 net.inet.tcp.adv_neg: 2466 That's approximately once every 5 seconds. That's way more often than I suspected. CU, Sec -- I wish there was a knob on the TV to turn up the intelligence. There's a knob called "brightness", but it doesn't seem to work.