From owner-dev-commits-src-branches@freebsd.org Wed Mar 3 09:51:19 2021 Return-Path: Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 828F3564D43; Wed, 3 Mar 2021 09:51:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Dr8Qb39xTz3DPq; Wed, 3 Mar 2021 09:51:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5EA4527739; Wed, 3 Mar 2021 09:51:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1239pJwN022063; Wed, 3 Mar 2021 09:51:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1239pJUA022062; Wed, 3 Mar 2021 09:51:19 GMT (envelope-from git) Date: Wed, 3 Mar 2021 09:51:19 GMT Message-Id: <202103030951.1239pJUA022062@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Hans Petter Selasky Subject: git: 25858ea74b07 - stable/12 - MFC 9febbc454190: Fix for natd(8) sending wrong sequence number after TCP retransmission, terminating a TCP connection. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: hselasky X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 25858ea74b07383145d91773635107ceddf7ca33 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-branches@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commits to the stable branches of the FreeBSD src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2021 09:51:19 -0000 The branch stable/12 has been updated by hselasky: URL: https://cgit.FreeBSD.org/src/commit/?id=25858ea74b07383145d91773635107ceddf7ca33 commit 25858ea74b07383145d91773635107ceddf7ca33 Author: Hans Petter Selasky AuthorDate: 2021-02-22 10:58:46 +0000 Commit: Hans Petter Selasky CommitDate: 2021-03-03 09:50:11 +0000 MFC 9febbc454190: Fix for natd(8) sending wrong sequence number after TCP retransmission, terminating a TCP connection. If a TCP packet must be retransmitted and the data length has changed in the retransmitted packet, due to the internal workings of TCP, typically when ACK packets are lost, then there is a 30% chance that the logic in GetDeltaSeqOut() will find the correct length, which is the last length received. This can be explained as follows: If a "227 Entering Passive Mode" packet must be retransmittet and the length changes from 51 to 50 bytes, for example, then we have three cases for the list scan in GetDeltaSeqOut(), depending on how many prior packets were received modulus N_LINK_TCP_DATA=3: case 1: index 0: original packet 51 index 1: retransmitted packet 50 index 2: not relevant case 2: index 0: not relevant index 1: original packet 51 index 2: retransmitted packet 50 case 3: index 0: retransmitted packet 50 index 1: not relevant index 2: original packet 51 This patch simply changes the searching order for TCP packets, always starting at the last received packet instead of any received packet, in GetDeltaAckIn() and GetDeltaSeqOut(). Else no functional changes. Discussed with: rscheff@ Submitted by: Andreas Longwitz PR: 230755 Sponsored by: Mellanox Technologies // NVIDIA Networking (cherry picked from commit 9febbc4541903bb8e6b0f1c84988c98b2f7c96ef) --- sys/netinet/libalias/alias_db.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/sys/netinet/libalias/alias_db.c b/sys/netinet/libalias/alias_db.c index b3792c748c56..9eb6901ed5bc 100644 --- a/sys/netinet/libalias/alias_db.c +++ b/sys/netinet/libalias/alias_db.c @@ -1998,14 +1998,18 @@ TCP packet. To do this, a circular list of ACK numbers where the TCP packet size was altered is searched. */ - int i; + int i, j; int delta, ack_diff_min; delta = 0; ack_diff_min = -1; - for (i = 0; i < N_LINK_TCP_DATA; i++) { + i = lnk->data.tcp->state.index; + for (j = 0; j < N_LINK_TCP_DATA; j++) { struct ack_data_record x; + if (i == 0) + i = N_LINK_TCP_DATA; + i--; x = lnk->data.tcp->ack[i]; if (x.active == 1) { int ack_diff; @@ -2037,14 +2041,18 @@ TCP packet. To do this, a circular list of ACK numbers where the TCP packet size was altered is searched. */ - int i; + int i, j; int delta, seq_diff_min; delta = 0; seq_diff_min = -1; - for (i = 0; i < N_LINK_TCP_DATA; i++) { + i = lnk->data.tcp->state.index; + for (j = 0; j < N_LINK_TCP_DATA; j++) { struct ack_data_record x; + if (i == 0) + i = N_LINK_TCP_DATA; + i--; x = lnk->data.tcp->ack[i]; if (x.active == 1) { int seq_diff;