From owner-freebsd-bugs Sun Feb 10 11:40: 8 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D0E1737B41A for ; Sun, 10 Feb 2002 11:40:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g1AJe1I87047; Sun, 10 Feb 2002 11:40:01 -0800 (PST) (envelope-from gnats) Received: from lilac.csi.cam.ac.uk (lilac.csi.cam.ac.uk [131.111.8.44]) by hub.freebsd.org (Postfix) with ESMTP id E66DD37B404 for ; Sun, 10 Feb 2002 11:34:12 -0800 (PST) Received: from m218-3.phy.cam.ac.uk ([131.111.79.217]) by lilac.csi.cam.ac.uk with esmtp (Exim 3.34 #1) id 16Zzjo-0000Gb-00 for FreeBSD-gnats-submit@freebsd.org; Sun, 10 Feb 2002 19:34:12 +0000 Received: from sa264 by m218-3.phy.cam.ac.uk with local (Exim 3.34 #1) id 16Zzjo-0006YJ-00 for FreeBSD-gnats-submit@freebsd.org; Sun, 10 Feb 2002 19:34:12 +0000 Message-Id: Date: Sun, 10 Feb 2002 19:34:12 +0000 From: AMAKAWA Shuhei Reply-To: AMAKAWA Shuhei To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: kern/34801: TCP window size bug (afflicting IP Filter keep state) Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 34801 >Category: kern >Synopsis: TCP window size bug (afflicting IP Filter keep state) >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Feb 10 11:40:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: AMAKAWA Shuhei >Release: FreeBSD 4.5-STABLE i386 >Organization: >Environment: System: FreeBSD m218-3.phy.cam.ac.uk 4.5-STABLE FreeBSD 4.5-STABLE #4: Fri Feb 1 20:30:18 GMT 2002 sa264@m218-3.phy.cam.ac.uk:/usr/obj/usr/src/sys/KERNCONF i386 >Description: The default value of net.inet.tcp.recvspace was raised to 65536 a few months ago. So, the max TCP window size is 65536 now. But this amounts to 0 in the 16-bit world. The valid max window size is 65535 (forget about RFC 1323 here). Apparently a number of IP Filter users have been afflicted by this. IP Filter's stateful inspection code uses the window size information to decide whether a packet can be regarded as valid or not. IP Filter's state entry treats the window size as 16-bit. >How-To-Repeat: tcpdump. Use IP Filter, keep state flags S. Then transfer a big file. Packet loss will lead to the following valid packets being blocked and the connection will be lost. >Fix: Workaround: sysctl net.inet.tcp.recvspace=65535 or less. Fix: --- /usr/src/sys/netinet/tcp_usrreq.c Sun Dec 16 18:16:51 2001 +++ tcp_usrreq.c Sun Feb 10 18:43:44 2002 @@ -995,7 +995,7 @@ u_long tcp_sendspace = 1024*32; SYSCTL_INT(_net_inet_tcp, TCPCTL_SENDSPACE, sendspace, CTLFLAG_RW, &tcp_sendspace , 0, "Maximum outgoing TCP datagram size"); -u_long tcp_recvspace = 1024*64; +u_long tcp_recvspace = 1024*64-1; SYSCTL_INT(_net_inet_tcp, TCPCTL_RECVSPACE, recvspace, CTLFLAG_RW, &tcp_recvspace , 0, "Maximum incoming TCP datagram size"); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message