Date: Mon, 15 Oct 2012 08:26:36 +0200 From: Christian Meutes <christian@errxtx.net> To: Jason Wolfe <nitroboost@gmail.com> Cc: John Baldwin <jhb@freebsd.org>, "net@freebsd.org" <net@freebsd.org> Subject: Re: Dropping TCP options from retransmitted SYNs considered harmful Message-ID: <CF46ABB9-23A4-43E8-A2BB-DE42E993B551@errxtx.net> In-Reply-To: <CAAAm0r3JGv3n8fX-GUpoS8CD2k9_mUBJxJ398__EH-y7SX_xrw@mail.gmail.com> References: <201210121213.11152.jhb@freebsd.org> <CAAAm0r3JGv3n8fX-GUpoS8CD2k9_mUBJxJ398__EH-y7SX_xrw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I find the "hack" more than just strange. Because of other OSes bugs FreeBSD= breaks it's own stack. Don't want to know how many connections suffered fro= m this. (Sorry for top-posting) -- Christian On 14.10.2012, at 00:19, Jason Wolfe <nitroboost@gmail.com> wrote: > On Fri, Oct 12, 2012 at 9:13 AM, John Baldwin <jhb@freebsd.org> wrote: >> Back in 2001 FreeBSD added a hack to strip TCP options from retransmitted= SYNs >> starting with the 3rd SYN in this block in tcp_timer.c: >>=20 >> /* >> * Disable rfc1323 if we haven't got any response to >> * our third SYN to work-around some broken terminal servers >> * (most of which have hopefully been retired) that have bad VJ >> * header compression code which trashes TCP segments containing >> * unknown-to-them TCP options. >> */ >> if ((tp->t_state =3D=3D TCPS_SYN_SENT) && (tp->t_rxtshift =3D=3D 3= )) >> tp->t_flags &=3D ~(TF_REQ_SCALE|TF_REQ_TSTMP); >>=20 >> There is even a PR for the original bug report: kern/1689 >>=20 >> [..snip..] >>=20 >> The original motivation of this change is to work around broken terminal >> servers that were old when this change was added in 2001. Over 10 years l= ater >> I think we should at least have an option to turn this work-around off, a= nd >> possibly disable it by default. >>=20 >> Thoughts? >>=20 >> -- >> John Baldwin >=20 > Not that it alone merits keeping the code in, but there are some cases > where this comes in handy. I ran into an issue with heavily > trafficked Linux <-> FBSD boxes here - > http://lists.freebsd.org/pipermail/freebsd-net/2012-March/031881.html. >=20 > Linux would deny the connection because in FBSD ithe n and outbound > timestamp randomization isn't sync'd to the same base, so when FBSD > would hit a 2MSL connection Linux would simply ignore the SYN. After > the 3rd SYN FBSD would drop support, and Linux would finally honor the > request. I doubt this is too widespread, but it would probably break > things for a few folks. >=20 > Jason > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CF46ABB9-23A4-43E8-A2BB-DE42E993B551>