Date: Wed, 7 Mar 2007 23:21:59 +0000 (UTC) From: Qing Li <qingli@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet tcp_input.c Message-ID: <200703072321.l27NLxB2076173@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
qingli 2007-03-07 23:21:59 UTC
FreeBSD src repository
Modified files:
sys/netinet tcp_input.c
Log:
This patch is provided to fix a couple of deployment issues observed
in the field. In one situation, one end of the TCP connection sends
a back-to-back RST packet, with delayed ack, the last_ack_sent variable
has not been update yet. When tcp_insecure_rst is turned off, the code
treats the RST as invalid because last_ack_sent instead of rcv_nxt is
compared against th_seq. Apparently there is some kind of firewall that
sits in between the two ends and that RST packet is the only RST
packet received. With short lived HTTP connections, the symptom is
a large accumulation of connections over a short period of time .
The +/-(1) factor is to take care of implementations out there that
generate RST packets with these types of sequence numbers. This
behavior has also been observed in live environments.
Reviewed by: silby, Mike Karels
MFC after: 1 week
Revision Changes Path
1.316 +7 -5 src/sys/netinet/tcp_input.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703072321.l27NLxB2076173>