From owner-freebsd-net@FreeBSD.ORG Fri Feb 1 22:05:53 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 0FC15B7E for ; Fri, 1 Feb 2013 22:05:53 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-ob0-f170.google.com (mail-ob0-f170.google.com [209.85.214.170]) by mx1.freebsd.org (Postfix) with ESMTP id D4F0D12A for ; Fri, 1 Feb 2013 22:05:52 +0000 (UTC) Received: by mail-ob0-f170.google.com with SMTP id wc20so4619233obb.15 for ; Fri, 01 Feb 2013 14:05:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=uUfSExXB6yfoWAY4nBsGKhlcAQ+7Qt8R0xoMluLevS0=; b=LJ1NRkPGxHRWg8zLsBPeIvAnBDbzzMNjLCLO1FiWHXzWbVpNWXkC4IDxWgX9hc0EB6 sQOwqV95JECl/PLOgcRKPH5swPIXl5UjVkJrnYXMsSKLOr/TDZjCIGFAB3x3mM+ZQSCN nQlvTpfPrCrtZujUt0vsFeAorO3GbQSy7YHq5CvnEkMOarxbzlhFdLPn1YydvdOJTekI SHSh62MloSM6xvGpHTm2Ihab456OeXfM5wGLDiHjTt6soY5Paz+nsMuIt/p3n1vTOTkS 36S1x0jUqA5XB/eTpETiJOl9zHauwb6xxkCqGMjTloMdihlhDs5I+TKzrlF1i8jtmyy4 OdOA== MIME-Version: 1.0 X-Received: by 10.60.27.161 with SMTP id u1mr10934946oeg.1.1359756351901; Fri, 01 Feb 2013 14:05:51 -0800 (PST) Sender: carpeddiem@gmail.com Received: by 10.60.150.239 with HTTP; Fri, 1 Feb 2013 14:05:51 -0800 (PST) In-Reply-To: References: Date: Fri, 1 Feb 2013 17:05:51 -0500 X-Google-Sender-Auth: uWPEyF0dEytSHvKd1rAQxIN7wX8 Message-ID: Subject: Re: Syncookies break with Windows 8 From: Ed Maste To: Kevin Day Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Feb 2013 22:05:53 -0000 On 1 February 2013 16:21, Kevin Day wrote: > We've got a large cluster of HTTP servers, each server handling >10,000re= q/sec. Occasionally, and during periods of heavy load, we'd get complaints = from some users that downloads were working but going EXTREMELY slowly. Aft= er a whole lot of debugging, we narrowed it down to being only Windows 8 cl= ients experiencing this problem. It turns out that FreeBSD's implementation= of syncookies is likely violating RFC1323. Kevin, Thanks for the thorough analysis and report, although I didn't see mention of which FreeBSD version you're running. It looks like andre@ added storage of the window scale option in the timestamp many years ago in r162277[1], so I'm curious if you have an old version or there's an issue with this implementation. > This implementation extends the orginal idea and first implementation > of FreeBSD by using not only the initial sequence number field to store > information but also the timestamp field if present. This way we can > keep track of the entire state we need to know to recreate the session in > its original form. Almost all TCP speakers implement RFC1323 timestamps > these days. For those that do not we still have to live with the known > shortcomings of the ISN only SYN cookies. The use of the timestamp field > causes the timestamps to be randomized if syncookies are enabled. -Ed [1] http://svnweb.freebsd.org/base?view=3Drevision&revision=3D162277