From owner-freebsd-net@FreeBSD.ORG Fri Oct 12 18:15:05 2012 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B8F06123; Fri, 12 Oct 2012 18:15:05 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from vps.hungerhost.com (vps.hungerhost.com [216.38.53.176]) by mx1.freebsd.org (Postfix) with ESMTP id 6EC898FC12; Fri, 12 Oct 2012 18:15:05 +0000 (UTC) Received: from [209.249.190.124] (port=60501 helo=gnnmac.hudson-trading.com) by vps.hungerhost.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80) (envelope-from ) id 1TMjlI-0006qs-2k; Fri, 12 Oct 2012 14:15:04 -0400 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) Subject: Re: Dropping TCP options from retransmitted SYNs considered harmful From: George Neville-Neil In-Reply-To: <201210121213.11152.jhb@freebsd.org> Date: Fri, 12 Oct 2012 14:15:04 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <3DBAA027-B5D9-44AA-A00D-0496985D4FEA@neville-neil.com> References: <201210121213.11152.jhb@freebsd.org> To: John Baldwin X-Mailer: Apple Mail (2.1499) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.hungerhost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - neville-neil.com Cc: net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Oct 2012 18:15:05 -0000 On Oct 12, 2012, at 12:13 , John Baldwin wrote: > Back in 2001 FreeBSD added a hack to strip TCP options from = retransmitted SYNs=20 > starting with the 3rd SYN in this block in tcp_timer.c: >=20 > /* > * Disable rfc1323 if we haven't got any response to > * our third SYN to work-around some broken terminal servers > * (most of which have hopefully been retired) that have bad VJ > * header compression code which trashes TCP segments containing > * unknown-to-them TCP options. > */ > if ((tp->t_state =3D=3D TCPS_SYN_SENT) && (tp->t_rxtshift =3D=3D = 3)) > tp->t_flags &=3D ~(TF_REQ_SCALE|TF_REQ_TSTMP); >=20 > There is even a PR for the original bug report: kern/1689 >=20 > However, there is an unintended consequence of this change that can be=20= > disastrous. Specifically, suppose you have a FreeBSD client = connecting to a=20 > server, and that the SYNs are arriving at the server successfully, but = the=20 > first few return SYN/ACKs are dropped. Eventually a SYN/ACK makes it = through=20 > and the connection is established. >=20 > The server (based on the first SYN it saw) believes it has negotiated = window=20 > scaling with the client. The client, however, has broken what it = promised in=20 > that first SYN and believes it is not using any window scaling at all. = This=20 > causes two forms of breakage: >=20 > 1) When the server advertises a scaled window (e.g. '8' for a 64k = window > scaled at 13), the client thinks it is an unscaled window ('8') and > sends data to the server very slowly. >=20 > 2) When the client advertises an unscaled window (e.g. '65535' for a = 64k > window), the server thinks it has a huge window (65535 << 13 =3D=3D = 511MB) > to send into. >=20 > I'm not sure that 2) is a problem per se, but I have definitely seen = instances=20 > of 1) (and examined the 'struct tcpcb' in kgdb on both the server and = client=20 > end of the connections to verify they disagreed on the scaling). >=20 > The original motivation of this change is to work around broken = terminal=20 > servers that were old when this change was added in 2001. Over 10 = years later=20 > I think we should at least have an option to turn this work-around = off, and=20 > possibly disable it by default. >=20 > Thoughts? >=20 I'm all for taking that code out. Best, George