From owner-freebsd-net@FreeBSD.ORG Sat Oct 13 22:19:10 2012 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3BE609BF; Sat, 13 Oct 2012 22:19:10 +0000 (UTC) (envelope-from nitroboost@gmail.com) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id A13298FC1B; Sat, 13 Oct 2012 22:19:09 +0000 (UTC) Received: by mail-ee0-f54.google.com with SMTP id c50so2546700eek.13 for ; Sat, 13 Oct 2012 15:19:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=IdUAstOnprM6jCZyjNrKpwVR8wwTSEwxqSAZB7o+Vpg=; b=ufvChC1rsSa+jeCSYkAcfvvjbDVVOsChKCed3+b3YTjn6nUPCd9jWE4mcnhXrvgtp3 XWk1nHLhfpsmOHmUn9HlzBRTfFkptbfI/mPk7ylHsLVJTuIIrO4n1p00+5zb0goaLL7D MCRHj8awWC5+Zei3XwxMJ12a6QHJTklpFa1TgtKdhEMVwyhSEs4LqFP9vgp3vSbz61+n M27YgIyratvfivsI263CK1aae/McvnS9gzRrphvO8teSM4qqqLR6YnCUWu7fg6XdM5Sa ArioO/c/ug0tun9uQ9FcJEcAtWxH4uvZVyaUESzJO8QavoTUACUAriOU0R05kcqNKxl4 3o9A== MIME-Version: 1.0 Received: by 10.14.212.72 with SMTP id x48mr10929379eeo.40.1350166748411; Sat, 13 Oct 2012 15:19:08 -0700 (PDT) Received: by 10.14.218.133 with HTTP; Sat, 13 Oct 2012 15:19:08 -0700 (PDT) In-Reply-To: <201210121213.11152.jhb@freebsd.org> References: <201210121213.11152.jhb@freebsd.org> Date: Sat, 13 Oct 2012 15:19:08 -0700 Message-ID: Subject: Re: Dropping TCP options from retransmitted SYNs considered harmful From: Jason Wolfe To: John Baldwin Content-Type: text/plain; charset=ISO-8859-1 Cc: net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Oct 2012 22:19:10 -0000 On Fri, Oct 12, 2012 at 9:13 AM, John Baldwin wrote: > Back in 2001 FreeBSD added a hack to strip TCP options from retransmitted SYNs > starting with the 3rd SYN in this block in tcp_timer.c: > > /* > * Disable rfc1323 if we haven't got any response to > * our third SYN to work-around some broken terminal servers > * (most of which have hopefully been retired) that have bad VJ > * header compression code which trashes TCP segments containing > * unknown-to-them TCP options. > */ > if ((tp->t_state == TCPS_SYN_SENT) && (tp->t_rxtshift == 3)) > tp->t_flags &= ~(TF_REQ_SCALE|TF_REQ_TSTMP); > > There is even a PR for the original bug report: kern/1689 > > [..snip..] > > The original motivation of this change is to work around broken terminal > servers that were old when this change was added in 2001. Over 10 years later > I think we should at least have an option to turn this work-around off, and > possibly disable it by default. > > Thoughts? > > -- > John Baldwin Not that it alone merits keeping the code in, but there are some cases where this comes in handy. I ran into an issue with heavily trafficked Linux <-> FBSD boxes here - http://lists.freebsd.org/pipermail/freebsd-net/2012-March/031881.html. Linux would deny the connection because in FBSD ithe n and outbound timestamp randomization isn't sync'd to the same base, so when FBSD would hit a 2MSL connection Linux would simply ignore the SYN. After the 3rd SYN FBSD would drop support, and Linux would finally honor the request. I doubt this is too widespread, but it would probably break things for a few folks. Jason