Date: Fri, 1 Feb 2013 17:05:51 -0500 From: Ed Maste <emaste@freebsd.org> To: Kevin Day <kevin@your.org> Cc: freebsd-net@freebsd.org Subject: Re: Syncookies break with Windows 8 Message-ID: <CAPyFy2BF43X%2BKF0MCvQHNxatHzYoCSVCtQyJdxy2bSf0-4Mr3Q@mail.gmail.com> In-Reply-To: <CA61E725-8370-4ED2-BBA7-F6FAFF93A553@your.org> References: <CA61E725-8370-4ED2-BBA7-F6FAFF93A553@your.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1 February 2013 16:21, Kevin Day <kevin@your.org> wrote: > We've got a large cluster of HTTP servers, each server handling >10,000re= q/sec. Occasionally, and during periods of heavy load, we'd get complaints = from some users that downloads were working but going EXTREMELY slowly. Aft= er a whole lot of debugging, we narrowed it down to being only Windows 8 cl= ients experiencing this problem. It turns out that FreeBSD's implementation= of syncookies is likely violating RFC1323. Kevin, Thanks for the thorough analysis and report, although I didn't see mention of which FreeBSD version you're running. It looks like andre@ added storage of the window scale option in the timestamp many years ago in r162277[1], so I'm curious if you have an old version or there's an issue with this implementation. > This implementation extends the orginal idea and first implementation > of FreeBSD by using not only the initial sequence number field to store > information but also the timestamp field if present. This way we can > keep track of the entire state we need to know to recreate the session in > its original form. Almost all TCP speakers implement RFC1323 timestamps > these days. For those that do not we still have to live with the known > shortcomings of the ISN only SYN cookies. The use of the timestamp field > causes the timestamps to be randomized if syncookies are enabled. -Ed [1] http://svnweb.freebsd.org/base?view=3Drevision&revision=3D162277
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2BF43X%2BKF0MCvQHNxatHzYoCSVCtQyJdxy2bSf0-4Mr3Q>