Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 10 Feb 2002 19:34:12 +0000
From:      AMAKAWA Shuhei <sa264@cam.ac.uk>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/34801: TCP window size bug (afflicting IP Filter keep state)
Message-ID:  <E16Zzjo-0006YJ-00@m218-3.phy.cam.ac.uk>
next in thread | raw e-mail | index | archive | help 


>Number:         34801
>Category:       kern
>Synopsis:       TCP window size bug (afflicting IP Filter keep state)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 10 11:40:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     AMAKAWA Shuhei
>Release:        FreeBSD 4.5-STABLE i386
>Organization:
>Environment:
System: FreeBSD m218-3.phy.cam.ac.uk 4.5-STABLE FreeBSD 4.5-STABLE #4: Fri Feb 1 20:30:18 GMT 2002 sa264@m218-3.phy.cam.ac.uk:/usr/obj/usr/src/sys/KERNCONF i386


	
>Description:

The default value of net.inet.tcp.recvspace was raised to 65536 a
few months ago.  So, the max TCP window size is 65536 now.  But this
amounts to 0 in the 16-bit world.  The valid max window size is
65535 (forget about RFC 1323 here).

Apparently a number of IP Filter users have been afflicted by this.
IP Filter's stateful inspection code uses the window size
information to decide whether a packet can be regarded as valid or
not.  IP Filter's state entry treats the window size as 16-bit.

>How-To-Repeat:

tcpdump.

Use IP Filter, keep state flags S.
Then transfer a big file.
Packet loss will lead to the following valid packets being blocked
and the connection will be lost.

>Fix:

Workaround:

sysctl net.inet.tcp.recvspace=65535
or less.

Fix:

--- /usr/src/sys/netinet/tcp_usrreq.c	Sun Dec 16 18:16:51 2001
+++ tcp_usrreq.c	Sun Feb 10 18:43:44 2002
@@ -995,7 +995,7 @@
 u_long	tcp_sendspace = 1024*32;
 SYSCTL_INT(_net_inet_tcp, TCPCTL_SENDSPACE, sendspace, CTLFLAG_RW, 
     &tcp_sendspace , 0, "Maximum outgoing TCP datagram size");
-u_long	tcp_recvspace = 1024*64;
+u_long	tcp_recvspace = 1024*64-1;
 SYSCTL_INT(_net_inet_tcp, TCPCTL_RECVSPACE, recvspace, CTLFLAG_RW, 
     &tcp_recvspace , 0, "Maximum incoming TCP datagram size");
 
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E16Zzjo-0006YJ-00>