From owner-freebsd-bugs@FreeBSD.ORG Mon Jul 4 05:20:19 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3E8E16A41F for ; Mon, 4 Jul 2005 05:20:19 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D51743D49 for ; Mon, 4 Jul 2005 05:20:19 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j645KJ9B064550 for ; Mon, 4 Jul 2005 05:20:19 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j645KJnt064549; Mon, 4 Jul 2005 05:20:19 GMT (envelope-from gnats) Resent-Date: Mon, 4 Jul 2005 05:20:19 GMT Resent-Message-Id: <200507040520.j645KJnt064549@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Noritoshi Demizu Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4629F16A41C for ; Mon, 4 Jul 2005 05:16:08 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2536E43D46 for ; Mon, 4 Jul 2005 05:16:08 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j645G725055058 for ; Mon, 4 Jul 2005 05:16:07 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id j645G7eC055057; Mon, 4 Jul 2005 05:16:07 GMT (envelope-from nobody) Message-Id: <200507040516.j645G7eC055057@www.freebsd.org> Date: Mon, 4 Jul 2005 05:16:07 GMT From: Noritoshi Demizu To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: kern/82963: TCP MD5 disables rfc1323 options on passive connections X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jul 2005 05:20:19 -0000 >Number: 82963 >Category: kern >Synopsis: TCP MD5 disables rfc1323 options on passive connections >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jul 04 05:20:18 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Noritoshi Demizu >Release: FreeBSD 6.0 current (as of July 4, 2005) >Organization: >Environment: FreeBSD kodaira4.koganei.wide.ad.jp 6.0-CURRENT FreeBSD 6.0-CURRENT #0: Mon Jul 4 12:16:45 JST 2005 noritosi@kodaira4.koganei.wide.ad.jp:/home/src/os/FreeBSD-current/src/sys/i386/compile/GENERIC i386 >Description: When the TCP MD5 Signature option is used on a TCP connection, both the TCP Timestamps option and the TCP Window Scale option are turned off. Below is an example of such scenario. # tcpdump -nXi lo0 tcp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo0, link-type NULL (BSD loopback), capture size 96 bytes 14:06:22.577329 IP 127.0.0.1.54072 > 127.0.0.1.58851: S 3668653428:3668653428(0) win 65535 0x0000: 4500 0050 06bf 4000 4006 35e7 7f00 0001 E..P..@.@.5..... 0x0010: 7f00 0001 d338 e5e3 daab 3574 0000 0000 .....8....5t.... 0x0020: f002 ffff a8cd 0000 0204 3fd8 0103 0301 ..........?..... 0x0030: 0101 080a 0003 39ab 0000 0000 1312 0000 ......9......... 0x0040: 0000 0000 0000 0000 0000 0000 0000 0402 ................ 14:06:22.577774 IP 127.0.0.1.58851 > 127.0.0.1.54072: S 1998295442:1998295442(0) ack 3668653429 win 65535 0x0000: 4500 0040 06c0 4000 4006 35f6 7f00 0001 E..@..@.@.5..... 0x0010: 7f00 0001 e5e3 d338 771b 9192 daab 3575 .......8w.....5u 0x0020: b012 ffff 26dc 0000 0204 3fd8 1312 0000 ....&.....?..... 0x0030: 0000 0000 0000 0000 0000 0000 0000 0402 ................ 14:06:22.591606 IP 127.0.0.1.54072 > 127.0.0.1.58851: . ack 1 win 65535 0x0000: 4500 003c 06c1 4000 4006 35f9 7f00 0001 E..<..@.@.5..... 0x0010: 7f00 0001 d338 e5e3 daab 3575 771b 9193 .....8....5uw... 0x0020: a010 ffff 7cbf 0000 1312 0000 0000 0000 ....|........... 0x0030: 0000 0000 0000 0000 0000 0000 ............ (snip) This problem was reported in http://lists.freebsd.org/pipermail/freebsd-net/2005-April/006973.html >How-To-Repeat: 1. Prepare a FreeBSD current box. Turn on the TCP MD5 option, the TCP Timestamps option, and the TCP Window Scale option. 2. On that box, start a server program that accepts a TCP connection. 3. Try to establish a TCP connection with the server program. The incoming SYN should include the TCP MD5 option, the TCP Timestamps option and the TCP Window Scale option. 4. The outgoing SYN+ACK inclues the TCP MD5 option. But it does not include the TCP Timestamps option and the TCP Window Scale option. >Fix: I think the cause and the fix are as following: At line 987 in tcp_syncache.c 1.74, sc->sc_flags is overwritten by SCF_SIGNATURE. By this line, SCF_TIMESTAMP and SCF_WINSCALE are turned off. I think the operator "=" should be "|=". 986: if (to->to_flags & TOF_SIGNATURE) - 987: sc->sc_flags = SCF_SIGNATURE; + 987: sc->sc_flags |= SCF_SIGNATURE; With this change, the problem does not occur in my environment. >Release-Note: >Audit-Trail: >Unformatted: