From owner-freebsd-net@FreeBSD.ORG Mon Oct 15 06:52:56 2012 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C25D64AE; Mon, 15 Oct 2012 06:52:56 +0000 (UTC) (envelope-from christian@errxtx.net) Received: from stakka.errxtx.net (stakka.errxtx.net [94.23.249.66]) by mx1.freebsd.org (Postfix) with ESMTP id 83AEF8FC08; Mon, 15 Oct 2012 06:52:56 +0000 (UTC) Received: from ip-109-84-0-66.web.vodafone.de ([109.84.0.66] helo=[10.70.99.66]) by stakka.errxtx.net with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1TNe8O-0000sg-SN; Mon, 15 Oct 2012 08:26:46 +0200 References: <201210121213.11152.jhb@freebsd.org> Mime-Version: 1.0 (1.0) In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: X-Mailer: iPhone Mail (10A403) From: Christian Meutes Subject: Re: Dropping TCP options from retransmitted SYNs considered harmful Date: Mon, 15 Oct 2012 08:26:36 +0200 To: Jason Wolfe Cc: John Baldwin , "net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Oct 2012 06:52:56 -0000 I find the "hack" more than just strange. Because of other OSes bugs FreeBSD= breaks it's own stack. Don't want to know how many connections suffered fro= m this. (Sorry for top-posting) -- Christian On 14.10.2012, at 00:19, Jason Wolfe wrote: > On Fri, Oct 12, 2012 at 9:13 AM, John Baldwin wrote: >> Back in 2001 FreeBSD added a hack to strip TCP options from retransmitted= SYNs >> starting with the 3rd SYN in this block in tcp_timer.c: >>=20 >> /* >> * Disable rfc1323 if we haven't got any response to >> * our third SYN to work-around some broken terminal servers >> * (most of which have hopefully been retired) that have bad VJ >> * header compression code which trashes TCP segments containing >> * unknown-to-them TCP options. >> */ >> if ((tp->t_state =3D=3D TCPS_SYN_SENT) && (tp->t_rxtshift =3D=3D 3= )) >> tp->t_flags &=3D ~(TF_REQ_SCALE|TF_REQ_TSTMP); >>=20 >> There is even a PR for the original bug report: kern/1689 >>=20 >> [..snip..] >>=20 >> The original motivation of this change is to work around broken terminal >> servers that were old when this change was added in 2001. Over 10 years l= ater >> I think we should at least have an option to turn this work-around off, a= nd >> possibly disable it by default. >>=20 >> Thoughts? >>=20 >> -- >> John Baldwin >=20 > Not that it alone merits keeping the code in, but there are some cases > where this comes in handy. I ran into an issue with heavily > trafficked Linux <-> FBSD boxes here - > http://lists.freebsd.org/pipermail/freebsd-net/2012-March/031881.html. >=20 > Linux would deny the connection because in FBSD ithe n and outbound > timestamp randomization isn't sync'd to the same base, so when FBSD > would hit a 2MSL connection Linux would simply ignore the SYN. After > the 3rd SYN FBSD would drop support, and Linux would finally honor the > request. I doubt this is too widespread, but it would probably break > things for a few folks. >=20 > Jason > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"