Date: Sun, 1 Jul 2001 21:45:47 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Jonathan Lemon <jlemon@flugsvamp.com> Cc: Glenn Johnson <gjohnson@srrc.ars.usda.gov>, <net@freebsd.org>, <kris@freebsd.org>, Gilbert Gong <ggong@cal.alumni.berkeley.edu> Subject: Re: select fails to return incoming connect on FreeBSD-4.3 Message-ID: <20010701214104.V1087-200000@achilles.silby.com> In-Reply-To: <20010627220031.B10008@prism.flugsvamp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-1989767161-994041947=:1087 Content-Type: TEXT/PLAIN; charset=US-ASCII On Wed, 27 Jun 2001, Jonathan Lemon wrote: > I don't object; while the security provided by the new scheme is nice, > breaking TIME_WAIT assassination is a serious bug in some environments, > and there should be a way to work around it now. > -- > Jonathan Ok, attached is a patch for 4.3-stable which makes the generation scheme sysctl selectable. You use the sysctl net.inet.tcp.tcp_seq_genscheme to set which scheme you want. 0 is the old random positive increments scheme, 1 is the more random OpenBSD scheme. 1 is the default setting, so those encountering the TIME_WAIT problem will have to put something in a boot script to set the variable to 0. There's one slight difference in this implementation of the old scheme versus the old implementation of it. Before, we used TCP_ISSINCR/2 for outgoing incrementations, and /4 for incoming. We use /2 in both cases now, for simplicity's sake. Please review, especially if you're experiencing the TIME_WAIT problem. Thanks, Mike "Silby" Silbersack --0-1989767161-994041947=:1087 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="multiple_isn_schemes.patch" Content-Transfer-Encoding: BASE64 Content-ID: <20010701214547.P1087@achilles.silby.com> Content-Description: Content-Disposition: attachment; filename="multiple_isn_schemes.patch" ZGlmZiAtdSAtciBuZXRpbmV0Lm9sZC90Y3BfaW5wdXQuYyBuZXRpbmV0L3Rj cF9pbnB1dC5jDQotLS0gbmV0aW5ldC5vbGQvdGNwX2lucHV0LmMJU3VuIEp1 bCAgMSAyMDo0NDo1MCAyMDAxDQorKysgbmV0aW5ldC90Y3BfaW5wdXQuYwlT dW4gSnVsICAxIDIxOjE3OjU4IDIwMDENCkBAIC0xMDgwLDcgKzEwODAsNyBA QA0KIAkJaWYgKGlzcykNCiAJCQl0cC0+aXNzID0gaXNzOw0KIAkJZWxzZSB7 DQotCQkJdHAtPmlzcyA9IHRjcF9ybmRpc3NfbmV4dCgpOw0KKwkJCXRwLT5p c3MgPSB0Y3BfbmV3X2lzbigpOw0KICAJCX0NCiAJCXRwLT5pcnMgPSB0aC0+ dGhfc2VxOw0KIAkJdGNwX3NlbmRzZXFpbml0KHRwKTsNCkBAIC0xNjEyLDcg KzE2MTIsNyBAQA0KIAkJCWlmICh0aGZsYWdzICYgVEhfU1lOICYmDQogCQkJ ICAgIHRwLT50X3N0YXRlID09IFRDUFNfVElNRV9XQUlUICYmDQogCQkJICAg IFNFUV9HVCh0aC0+dGhfc2VxLCB0cC0+cmN2X254dCkpIHsNCi0JCQkJaXNz ID0gdGNwX3JuZGlzc19uZXh0KCk7DQorCQkJCWlzcyA9IHRjcF9uZXdfaXNu KCk7DQogCQkJCXRwID0gdGNwX2Nsb3NlKHRwKTsNCiAJCQkJZ290byBmaW5k cGNiOw0KIAkJCX0NCmRpZmYgLXUgLXIgbmV0aW5ldC5vbGQvdGNwX3NlcS5o IG5ldGluZXQvdGNwX3NlcS5oDQotLS0gbmV0aW5ldC5vbGQvdGNwX3NlcS5o CVN1biBKdWwgIDEgMjA6NDQ6NTAgMjAwMQ0KKysrIG5ldGluZXQvdGNwX3Nl cS5oCVN1biBKdWwgIDEgMjE6MDg6MDIgMjAwMQ0KQEAgLTgxLDYgKzgxLDI0 IEBADQogI2lmZGVmIF9LRVJORUwNCiBleHRlcm4gdGNwX2NjCXRjcF9jY2dl bjsJCS8qIGdsb2JhbCBjb25uZWN0aW9uIGNvdW50ICovDQogDQorLyoNCisg KiBJbmNyZW1lbnQgZm9yIHRjcF9pc3MgZWFjaCBzZWNvbmQuDQorICogVGhp cyBpcyBkZXNpZ25lZCB0byBpbmNyZW1lbnQgYXQgdGhlIHN0YW5kYXJkIDI1 MCBLQi9zLA0KKyAqIGJ1dCB3aXRoIGEgcmFuZG9tIGNvbXBvbmVudCBhdmVy YWdpbmcgMTI4IEtCLg0KKyAqIFdlIGFsc28gaW5jcmVtZW50IHRjcF9pc3Mg YnkgYSBxdWFydGVyIG9mIHRoaXMgYW1vdW50DQorICogZWFjaCB0aW1lIHdl IHVzZSB0aGUgdmFsdWUgZm9yIGEgbmV3IGNvbm5lY3Rpb24uDQorICogSWYg ZGVmaW5lZCwgdGhlIHRjcF9yYW5kb20xOCgpIG1hY3JvIHNob3VsZCBwcm9k dWNlIGENCisgKiBudW1iZXIgaW4gdGhlIHJhbmdlIFswLTB4M2ZmZmZdIHRo YXQgaXMgaGFyZCB0byBwcmVkaWN0Lg0KKyAqIA0KKyAqIFRoZSB2YXJpYWJs ZSB0Y3BfaXNzIGFuZCB0Y3BfcmFuZG9tMTgoKSBhcmUgb25seSB1c2VkDQor ICogYnkgc2VxdWVuY2UgbnVtYmVyIGdlbmVyYXRpb24gc2NoZW1lIDAuDQor ICovDQorI2lmbmRlZiB0Y3BfcmFuZG9tMTgNCisjZGVmaW5lCXRjcF9yYW5k b20xOCgpCShhcmM0cmFuZG9tKCkgJiAweDNmZmZmKQ0KKyNlbmRpZg0KKyNk ZWZpbmUJVENQX0lTU0lOQ1IJKDEyMioxMDI0ICsgdGNwX3JhbmRvbTE4KCkp DQorDQorZXh0ZXJuIHRjcF9zZXEJdGNwX2lzczsNCiAjZWxzZQ0KICNkZWZp bmUJVENQX0lTU0lOQ1IJKDI1MCoxMDI0KQkvKiBpbmNyZW1lbnQgZm9yIHRj cF9pc3MgZWFjaCBzZWNvbmQgKi8NCiAjZW5kaWYgLyogX0tFUk5FTCAqLw0K ZGlmZiAtdSAtciBuZXRpbmV0Lm9sZC90Y3Bfc3Vici5jIG5ldGluZXQvdGNw X3N1YnIuYw0KLS0tIG5ldGluZXQub2xkL3RjcF9zdWJyLmMJU3VuIEp1bCAg MSAyMDo0NDo1MCAyMDAxDQorKysgbmV0aW5ldC90Y3Bfc3Vici5jCVN1biBK dWwgIDEgMjE6MzU6MTQgMjAwMQ0KQEAgLTEzOSw2ICsxMzksMTAgQEANCiBT WVNDVExfSU5UKF9uZXRfaW5ldF90Y3AsIE9JRF9BVVRPLCBpY21wX21heV9y c3QsIENUTEZMQUdfUlcsICZpY21wX21heV9yc3QsIDAsIA0KICAgICAiQ2Vy dGFpbiBJQ01QIHVucmVhY2hhYmxlIG1lc3NhZ2VzIG1heSBhYm9ydCBjb25u ZWN0aW9ucyBpbiBTWU5fU0VOVCIpOw0KIA0KK3N0YXRpYyBpbnQJdGNwX3Nl cV9nZW5zY2hlbWUgPSAxOw0KK1NZU0NUTF9JTlQoX25ldF9pbmV0X3RjcCwg T0lEX0FVVE8sIHRjcF9zZXFfZ2Vuc2NoZW1lLCBDVExGTEFHX1JXLA0KKyAg ICAmdGNwX3NlcV9nZW5zY2hlbWUsIDAsICJUQ1AgSVNOIGdlbmVyYXRpb24g c2NoZW1lIik7DQorDQogc3RhdGljIHZvaWQJdGNwX2NsZWFydGFvY2FjaGUg X19QKCh2b2lkKSk7DQogc3RhdGljIHZvaWQJdGNwX25vdGlmeSBfX1AoKHN0 cnVjdCBpbnBjYiAqLCBpbnQpKTsNCiANCkBAIC0xODIsNiArMTg2LDcgQEAN CiB7DQogCWludCBoYXNoc2l6ZTsNCiAJDQorCXRjcF9pc3MgPSBhcmM0cmFu ZG9tKCk7CS8qIHdyb25nLCBidXQgYmV0dGVyIHRoYW4gYSBjb25zdGFudCAq Lw0KIAl0Y3BfY2NnZW4gPSAxOw0KIAl0Y3BfY2xlYXJ0YW9jYWNoZSgpOw0K IA0KQEAgLTEwODYsNiArMTA5MSwyNiBAQA0KIAkJCSAgICAgIDAsIGNtZCwg bm90aWZ5KTsNCiB9DQogI2VuZGlmIC8qIElORVQ2ICovDQorDQordGNwX3Nl cQ0KK3RjcF9uZXdfaXNuKCkNCit7DQorCWlmICgodGNwX3NlcV9nZW5zY2hl bWUgPiAxKSB8fCAodGNwX3NlcV9nZW5zY2hlbWUgPCAwKSkNCisJCXRjcF9z ZXFfZ2Vuc2NoZW1lID0gMTsNCisNCisJc3dpdGNoICh0Y3Bfc2VxX2dlbnNj aGVtZSkgew0KKwkJY2FzZSAwOgkvKg0KKwkJCSAqIFJhbmRvbSBwb3NpdGl2 ZSBpbmNyZW1lbnRzDQorCQkJICovDQorCQkJdGNwX2lzcyArPSBUQ1BfSVNT SU5DUi8yOw0KKwkJCXJldHVybiB0Y3BfaXNzOw0KKwkJY2FzZSAxOgkvKg0K KwkJCSAqIE9wZW1CU0QgcmFuZG9taXplZCBzY2hlbWUNCisJCQkgKi8NCisJ CQlyZXR1cm4gdGNwX3JuZGlzc19uZXh0KCk7DQorCX0NCisNCit9DQogDQog I2RlZmluZSBUQ1BfUk5ESVNTX1JPVU5EUwkxNg0KICNkZWZpbmUgVENQX1JO RElTU19PVVQJNzIwMA0KZGlmZiAtdSAtciBuZXRpbmV0Lm9sZC90Y3BfdGlt ZXIuYyBuZXRpbmV0L3RjcF90aW1lci5jDQotLS0gbmV0aW5ldC5vbGQvdGNw X3RpbWVyLmMJU3VuIEp1bCAgMSAyMDo0NDo1MCAyMDAxDQorKysgbmV0aW5l dC90Y3BfdGltZXIuYwlTdW4gSnVsICAxIDIxOjEyOjE2IDIwMDENCkBAIC0x MzIsNiArMTMyLDggQEANCiANCiAJdGNwX21heGlkbGUgPSB0Y3Bfa2VlcGNu dCAqIHRjcF9rZWVwaW50dmw7DQogDQorCXRjcF9pc3MgKz0gVENQX0lTU0lO Q1IvUFJfU0xPV0haOw0KKw0KIAlzcGx4KHMpOw0KIH0NCiANCmRpZmYgLXUg LXIgbmV0aW5ldC5vbGQvdGNwX3VzcnJlcS5jIG5ldGluZXQvdGNwX3VzcnJl cS5jDQotLS0gbmV0aW5ldC5vbGQvdGNwX3VzcnJlcS5jCVN1biBKdWwgIDEg MjA6NDQ6NTAgMjAwMQ0KKysrIG5ldGluZXQvdGNwX3VzcnJlcS5jCVN1biBK dWwgIDEgMjE6MTg6MjAgMjAwMQ0KQEAgLTc1OSw3ICs3NTksNyBAQA0KIAl0 Y3BzdGF0LnRjcHNfY29ubmF0dGVtcHQrKzsNCiAJdHAtPnRfc3RhdGUgPSBU Q1BTX1NZTl9TRU5UOw0KIAljYWxsb3V0X3Jlc2V0KHRwLT50dF9rZWVwLCB0 Y3Bfa2VlcGluaXQsIHRjcF90aW1lcl9rZWVwLCB0cCk7DQotCXRwLT5pc3Mg PSB0Y3Bfcm5kaXNzX25leHQoKTsNCisJdHAtPmlzcyA9IHRjcF9uZXdfaXNu KCk7DQogCXRjcF9zZW5kc2VxaW5pdCh0cCk7DQogDQogCS8qDQpAQCAtODUx LDcgKzg1MSw3IEBADQogCXRjcHN0YXQudGNwc19jb25uYXR0ZW1wdCsrOw0K IAl0cC0+dF9zdGF0ZSA9IFRDUFNfU1lOX1NFTlQ7DQogCWNhbGxvdXRfcmVz ZXQodHAtPnR0X2tlZXAsIHRjcF9rZWVwaW5pdCwgdGNwX3RpbWVyX2tlZXAs IHRwKTsNCi0JdHAtPmlzcyA9IHRjcF9ybmRpc3NfbmV4dCgpOw0KKwl0cC0+ aXNzID0gdGNwX25ld19pc24oKTsNCiAJdGNwX3NlbmRzZXFpbml0KHRwKTsN CiANCiAJLyoNCmRpZmYgLXUgLXIgbmV0aW5ldC5vbGQvdGNwX3Zhci5oIG5l dGluZXQvdGNwX3Zhci5oDQotLS0gbmV0aW5ldC5vbGQvdGNwX3Zhci5oCVN1 biBKdWwgIDEgMjA6NDQ6NTAgMjAwMQ0KKysrIG5ldGluZXQvdGNwX3Zhci5o CVN1biBKdWwgIDEgMjE6MTM6MjUgMjAwMQ0KQEAgLTQxMyw2ICs0MTMsNyBA QA0KIHRjcF9zZXEJdGNwX3JuZGlzc19uZXh0IF9fUCgodm9pZCkpOw0KIHVf aW50MTZfdA0KIAl0Y3Bfcm5kaXNzX2VuY3J5cHQgX19QKCh1X2ludDE2X3Qp KTsNCit0Y3Bfc2VxIHRjcF9uZXdfaXNuIF9fUCgodm9pZCkpOw0KIA0KICNl bmRpZiAvKiBfS0VSTkVMICovDQogDQo= --0-1989767161-994041947=:1087-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010701214104.V1087-200000>