Site Navigation

Date:      Thu, 3 Nov 2022 15:50:27 +0800
From:      Zhenlei Huang <zlei@FreeBSD.org>
To:        freebsd-stable@freebsd.org
Cc:        FreeBSD Errata Notices <errata-notices@freebsd.org>
Subject:   Re: FreeBSD Errata Notice FreeBSD-EN-22:25.tcp
Message-ID:  <48265C2A-9D68-489A-8EFD-663D48B3F0A9@FreeBSD.org>
In-Reply-To: <20221101222105.267AA3A06@freefall.freebsd.org>
References:  <20221101222105.267AA3A06@freefall.freebsd.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--Apple-Mail=_763D795E-DD0C-47B7-AF9A-72CD113BE0A4
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Hi,

This fix an annoying issue I encountered when I updated one of my build =
box
from 12.3 to 13.1.

When remote copying large files from the build box to my local laptop =
(MBP),
sometimes the pipe broke and end up with 'lost connection'.

```
zlei@Zhenleis-MacBook-Pro:/tmp % scp xx.xx.xx.xx:~/stable12/kernel.txz =
./
Enter passphrase for key '/Users/zlei/.ssh/id_rsa':
kernel.txz                                                               =
                                                                         =
  38%   17MB   2.0MB/s   00:13 ETA
ssh_dispatch_run_fatal: Connection to xx.xx.xx.xx port 22: message =
authentication code incorrect
lost connection
```

Sometimes the ssh session to the build box interrupts, commonly  when =
there're
a lot of output from terminal. make buildkernel e.g.

Thanks for the fix!


Best regards,
Zhenlei

> On Nov 2, 2022, at 6:21 AM, FreeBSD Errata Notices =
<errata-notices@freebsd.org> wrote:
>=20
> Signed PGP part
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
> FreeBSD-EN-22:25.tcp                                      Errata =
Notice
>                                                           The FreeBSD =
Project
>=20
> Topic:          Possible data corruption with TCP SACK retransmissions
>=20
> Category:       core
> Module:         tcp
> Announced:      2022-08-28
> Credits:	Richard Scheffenegger
> Affects:        FreeBSD 13.1
> Corrected:      2022-09-14 01:28:03 UTC (stable/13, 13.1-STABLE)
>                 2022-11-01 13:28:11 UTC (releng/13.1, 13.1-RELEASE-p3)
>=20
> For general information regarding FreeBSD Errata Notices and Security
> Advisories, including descriptions of the fields above, security
> branches, and the following sections, please visit
> <URL:https://security.FreeBSD.org/>.
>=20
> I.   Background
>=20
> TCP supports an enhancement that allows faster recovery and =
retransmission of
> data when loss is discovered called Selected Acknowledgements (SACK).
>=20
> SACK allows a TCP sender to communicate more information about which =
segments
> are lost. During a SACK episode a TCP sender will reduce its rate to =
avoid
> causing congestion on the network.
>=20
> II.  Problem Description
>=20
> A change made to make TCP more resilient and effective when handling =
loss
> recovery by SACK, could lead to connection interruption when incoming =
ACKs
> suddenly no longer contain SACK blocks.
>=20
> III. Impact
>=20
> This can lead to correct data being placed at the wrong offset in the
> stream in a non-deterministic manner. This can result in termination =
of
> the TCP connection by the application or in the worst case silent data
> corruption.
>=20
> IV.  Workaround
>=20
> Disable SACK globally by setting the net.inet.tcp.sack.enable sysctl =
to 0:
>=20
>     # sysctl net.inet.tcp.sack.enable=3D0
>=20
> Note that this will only affect new connections. Thus, either persist =
the
> setting in /etc/sysctl.conf and reboot, or ensure that any critical =
connections
> are restarted after modifying the sysctl setting.
>=20
> V.   Solution
>=20
> Upgrade your system to a supported FreeBSD stable or release / =
security
> branch (releng) dated after the correction date.
>=20
> A reboot is required for these changes to be applied.
>=20
> Perform one of the following:
>=20
> 1) To update your system via a binary patch:
>=20
> Systems running a RELEASE version of FreeBSD on the amd64, i386, or
> (on FreeBSD 13 and later) arm64 platforms can be updated via the
> freebsd-update(8) utility:
>=20
> # freebsd-update fetch
> # freebsd-update install
>=20
> A reboot is required for these changes to be applied.
>=20
> 2) To update your system via a source code patch:
>=20
> The following patches have been verified to apply to the applicable
> FreeBSD release branches.
>=20
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>=20
> # fetch https://security.FreeBSD.org/patches/EN-22:25/tcp.patch
> # fetch https://security.FreeBSD.org/patches/EN-22:25/tcp.patch.asc
> # gpg --verify tcp.patch.asc
>=20
> b) Apply the patch.  Execute the following commands as root:
>=20
> # cd /usr/src
> # patch < /path/to/patch
>=20
> c) Recompile your kernel as described in
> <URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot =
the
> system.
>=20
> VI.  Correction details
>=20
> This issue is corrected by the corresponding Git commit hash or =
Subversion
> revision number in the following stable and release branches:
>=20
> Branch/path                             Hash                     =
Revision
> =
-------------------------------------------------------------------------
> stable/13/                              2b8ee332b938  =
stable/13-n252399
> releng/13.1/                            dd35207e2025  =
releng/13.1-n250162
> =
-------------------------------------------------------------------------
>=20
> Run the following command to see which files were modified by a
> particular commit:
>=20
> # git show --stat <commit hash>
>=20
> Or visit the following URL, replacing NNNNNN with the hash:
>=20
> <URL:https://cgit.freebsd.org/src/commit/?id=3DNNNNNN>;
>=20
> To determine the commit count in a working tree (for comparison =
against
> nNNNNNN in the table above), run:
>=20
> # git rev-list --count --first-parent HEAD
>=20
> VII. References
>=20
> The latest revision of this advisory is available at
> <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:25.tcp.asc>;
>=20
>=20


--Apple-Mail=_763D795E-DD0C-47B7-AF9A-72CD113BE0A4
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQRj28YmNowGX1isJg7GJJ6Jgbd0XwUCY2Nyw18UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NjNE
QkM2MjYzNjhDMDY1RjU4QUMyNjBFQzYyNDlFODk4MUI3NzQ1RgAKCRDGJJ6Jgbd0
X5D7AP4z7emTox2zO4Q6Qpld18h59kRTI+NssbXlFNpBeRlN2AD/Zte1outjUokC
D0v2fi9X02/hETib6Rpa6BYQP5EVEwg=
=Dkjc
-----END PGP SIGNATURE-----

--Apple-Mail=_763D795E-DD0C-47B7-AF9A-72CD113BE0A4--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48265C2A-9D68-489A-8EFD-663D48B3F0A9>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact