Date: Thu, 25 Feb 2021 17:58:22 +0000 From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 253476] ipfw keepalive: tcp_do_segment: Timestamp missing, segment silently dropped Message-ID: <bug-253476-8303-tqfiSU5OlQ@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-253476-8303@https.bugs.freebsd.org/bugzilla/> References: <bug-253476-8303@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253476 --- Comment #12 from Richard Scheffenegger <rscheff@freebsd.org> --- We discussed this behavior in the #transport call today. The stack behaves according to RFC73232 with the default options. The consensus of the groups was that the TCP stack default should not be changed. The current behavior of ipfw with the injected keepalive would bre= ak with other (non-fbsd) stacks which adhere to RFC7323 just the same. Two other remediation options were discussed:=20 a) retain more state in ipfw when a timestamp option is present, and use the most recent TSval / ecr combination observed when injecting the keepalive b) intercept the 3WHS and remove the timestamp option there. Option a) was preferred heavily - option b) fails when the firewall only ge= ts to see an ongoing session (e.g. rerouting events) but not the syn, and redu= ces the information available to the TCP endpoints to run a number of mechanisms designed to improve performance and enhance data integrity at high speeds. option a) could still fail, for example if ipfw does not see the most recent segment in the direction, where the keepalive is to be injected - as per RFC7323, old timestamp values render the segment not acceptable. But in the vast majority of instances, that approach will make ipfw compliant with RFC7323. --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253476-8303-tqfiSU5OlQ>