From nobody Sun May 24 16:15:09 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gNkcy6xQCz6g74y for ; Sun, 24 May 2026 16:15:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gNkcy6HCPz3MRd for ; Sun, 24 May 2026 16:15:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1779639314; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YvKc5ZLrZy7HuPir1sddBfNca4QyT6DPjNFGLwIO388=; b=ba5NuLbwYpIP5/PmGfEEQegov/cWZUL9kXY8e1kC2PgmwOS+ykgM9vb5TRvkrAuHE7YFxH pLEM0eTxToRihBJ7saW8Ju5tkdDCJ01IpRBqrIWZW5+yzExvlk7BH/CwyKkQrbQPRkxoFC 0wJbUTqukaB67VQMdLNUR71UBlGe5VKSpIHyXgIokmCJY52hRBnyofj/HCvagiex9rtjWJ OM7Dd4vrgfAfah0cMnrH4oX03Ss40Eu5HC9pBM4mn2wgbP2TFo4YfxF6UWn73LtfawwsQt 0jEzTrl+g+h07W7pIkVOatt7ABdI9tS3bRifSxYQ4doC0nVD7Pi7K8ME1YHxjQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1779639314; a=rsa-sha256; cv=none; b=nY9rwVt2QMqvdVprG552zfpdxoxpJ/cJTSVVOBodDhDPCE9Mzmyueaf+KsSPzQvWi7y02A ZLEeTcEpZEoqMb1R65WJUSHdDBVs0xAHH8ycVU7b3j3qmyrp7Y1e539xVOlvX6FwI7DeB4 uBfFhcLnU5Yk+CqS8vZUPJE4CB+ifmMfWdtURLXAQ3Bhp4C+bgjgR1iXfbRhCfaI06qYeZ ezth762I6aYDVtaD5WpldaVgg16jGT1P/JQbTgjkPEt+vV428RCMV7145EFHlk2FWt+oYP a8ecIWmPn18fVmGFpuoQ3eNG4n/Bs/ZQIXjQ6dcevM2oysJVERU+Au0WQCR5jQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1779639314; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YvKc5ZLrZy7HuPir1sddBfNca4QyT6DPjNFGLwIO388=; b=BNJOGpU1XHn+ohyfk9SBdJBpXPK84A2Vg/1B2RmMW3h0C/eT9M8XC2spHhFxFLqNbvMGzo K23+VjPIre0kpcBzbN7Q1H+nO+WQ0vkfjZQDKwAmEVYy53ryeMnFt2FUlcrEdxjgybfiNJ mKMH4S29GfxZlSnJvLaSgAehFKdQTh6ODs979ZUMitRo7e/dd7RmHR9GeT2kXEckCFAUym y4b14fAWHfdflwC+to67K8ZoIpSI7tjzOZlL6n+s15gL4h1BJ4ey/QIQM3KyMfOUMPmgJv Zn9Yq5MhhFySfWGHp8r6wDVO8OwGxOzDYQeWfdAH+g7vBp7lr1HcZIUUHqbyAg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gNkcy5csnz11ws for ; Sun, 24 May 2026 16:15:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 279cb by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Sun, 24 May 2026 16:15:09 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav Subject: git: f3ded0fbacfc - stable/15 - tcp: Make RFC 6191 support configurable List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: f3ded0fbacfc24789bd9e22cada6e0d6b6b88b50 Auto-Submitted: auto-generated Date: Sun, 24 May 2026 16:15:09 +0000 Message-Id: <6a13240d.279cb.38668b1@gitrepo.freebsd.org> The branch stable/15 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=f3ded0fbacfc24789bd9e22cada6e0d6b6b88b50 commit f3ded0fbacfc24789bd9e22cada6e0d6b6b88b50 Author: Dag-Erling Smørgrav AuthorDate: 2026-05-18 14:50:14 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2026-05-24 16:14:39 +0000 tcp: Make RFC 6191 support configurable Add a default-on per-VIMAGE sysctl for RFC 6191 connection recycling. This makes it possible to merge the change to older branches where it can be switched off by default to minimize risk. MFC after: 1 week Sponsored by: Klara, Inc. Sponsored by: Modirum MDPay Reviewed by: pouria, marius.h_lden.org, tuexen Differential Revision: https://reviews.freebsd.org/D57045 (cherry picked from commit 2af70d7a384934cee497fb6d75678e04f1416287) tcp: Fix typo in RFC 6191 sysctl Fixes: 2af70d7a3849 ("tcp: Make RFC 6191 support configurable") MFC after: 1 week Sponsored by: Klara, Inc. Sponsored by: Modirum MDPay (cherry picked from commit 78074011acee4c3e859ffd37009abb56cc6c8c56) --- share/man/man4/tcp.4 | 11 ++++++++- sys/netinet/tcp_timewait.c | 58 +++++++++++++++++++++++++++++----------------- sys/netinet/tcp_var.h | 2 ++ 3 files changed, 49 insertions(+), 22 deletions(-) diff --git a/share/man/man4/tcp.4 b/share/man/man4/tcp.4 index 4c01daf4e14e..8bc1eb858a07 100644 --- a/share/man/man4/tcp.4 +++ b/share/man/man4/tcp.4 @@ -31,7 +31,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd May 7, 2026 +.Dd May 17, 2026 .Dt TCP 4 .Os .Sh NAME @@ -940,6 +940,10 @@ maximum segment size. This helps throughput in general, but particularly affects short transfers and high-bandwidth large propagation-delay connections. +.It Va rfc6191 +Enable RFC 6191 connection recycling, which allows faster connection +recycling in certain circumstances when the new connection has TCP +timestamps enabled. .It Va sack.enable Enable support for RFC 2018, TCP Selective Acknowledgment option, which allows the receiver to inform the sender about all successfully @@ -1145,6 +1149,11 @@ when trying to use a TCP function block that is not available; .%T "Improving TCP's Robustness to Blind In-Window Attacks" .%O "RFC 5961" .Re +.Rs +.%A "F. Gont" +.%T "Reducing the TIME-WAIT State Using TCP Timestamps" +.%O "RFC 6191" +.Re .Sh HISTORY The .Tn TCP diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index d90178ee03ec..de367b0786ae 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -112,6 +112,11 @@ SYSCTL_PROC(_net_inet_tcp, OID_AUTO, nolocaltimewait, &VNET_NAME(nolocaltimewait), 0, sysctl_net_inet_tcp_nolocaltimewait, "CU", "Do not create TCP TIME_WAIT state for local connections"); +VNET_DEFINE(int, tcp_do_rfc6191) = 1; +SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc6191, CTLFLAG_VNET | CTLFLAG_RW, + &VNET_NAME(tcp_do_rfc6191), 0, + "Enable RFC 6191 (Reduced TIME-WAIT State)"); + static u_int tcp_eff_msl(struct tcpcb *tp) { @@ -259,29 +264,40 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th, } /* - * If a new connection request is received - * while in TIME_WAIT, drop the old connection - * and start over if allowed by RFC 6191. + * If a new connection request is received while in TIME_WAIT, + * drop the old connection and start over if appropriate. + * + * The original rule is to start over if and only if the sequence + * number of the new connection is greater than the last sequence + * number seen on the old connection. + * + * Additionally, RFC 6191 allows restarting if the new connection + * has TCP timestamps enabled and either the old one didn't, or it + * did but the timestamp on the incoming SYN is greater than the + * last timestamp seen on the old connection. + * * Allow UDP port number changes in this case. */ - if (((thflags & (TH_SYN | TH_ACK)) == TH_SYN) && - ((((tp->t_flags & TF_RCVD_TSTMP) != 0) && - ((to->to_flags & TOF_TS) != 0) && - TSTMP_LT(tp->ts_recent, to->to_tsval)) || - (((tp->t_flags & TF_RCVD_TSTMP) == 0) && - ((to->to_flags & TOF_TS) != 0) && - (V_tcp_tolerate_missing_ts == 0)) || - SEQ_GT(th->th_seq, tp->rcv_nxt))) { - /* - * In case we can't upgrade our lock just pretend we have - * lost this packet. - */ - if (INP_TRY_UPGRADE(inp) == 0) - goto drop; - if ((tp = tcp_close(tp)) != NULL) - INP_WUNLOCK(inp); - TCPSTAT_INC(tcps_tw_recycles); - return (true); + if ((thflags & (TH_SYN | TH_ACK)) == TH_SYN) { + bool rfc6191 = false; + + if ((to->to_flags & TOF_TS) != 0 && V_tcp_do_rfc6191) { + rfc6191 = (tp->t_flags & TF_RCVD_TSTMP) != 0 ? + TSTMP_LT(tp->ts_recent, to->to_tsval) : + V_tcp_tolerate_missing_ts == 0; + } + if (rfc6191 || SEQ_GT(th->th_seq, tp->rcv_nxt)) { + /* + * In case we can't upgrade our lock just pretend + * we have lost this packet. + */ + if (INP_TRY_UPGRADE(inp) == 0) + goto drop; + if ((tp = tcp_close(tp)) != NULL) + INP_WUNLOCK(inp); + TCPSTAT_INC(tcps_tw_recycles); + return (true); + } } /* diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index 9d1d2bd31674..cdc1a3deb86a 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -1308,6 +1308,7 @@ VNET_DECLARE(int, tcp_tolerate_missing_ts); VNET_DECLARE(int, tcp_do_rfc3042); VNET_DECLARE(int, tcp_do_rfc3390); VNET_DECLARE(int, tcp_do_rfc3465); +VNET_DECLARE(int, tcp_do_rfc6191); VNET_DECLARE(int, tcp_do_newsack); VNET_DECLARE(int, tcp_do_sack); VNET_DECLARE(int, tcp_do_tso); @@ -1359,6 +1360,7 @@ VNET_DECLARE(struct inpcbinfo, tcbinfo); #define V_tcp_do_rfc3042 VNET(tcp_do_rfc3042) #define V_tcp_do_rfc3390 VNET(tcp_do_rfc3390) #define V_tcp_do_rfc3465 VNET(tcp_do_rfc3465) +#define V_tcp_do_rfc6191 VNET(tcp_do_rfc6191) #define V_tcp_do_newsack VNET(tcp_do_newsack) #define V_tcp_do_sack VNET(tcp_do_sack) #define V_tcp_do_tso VNET(tcp_do_tso)