From owner-freebsd-bugs Sun Dec 31 12:30:17 2000 From owner-freebsd-bugs@FreeBSD.ORG Sun Dec 31 12:30:08 2000 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id C620637B69B for ; Sun, 31 Dec 2000 12:30:04 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id eBVKU4r02449; Sun, 31 Dec 2000 12:30:04 -0800 (PST) (envelope-from gnats) Resent-Date: Sun, 31 Dec 2000 12:30:04 -0800 (PST) Resent-Message-Id: <200012312030.eBVKU4r02449@freefall.freebsd.org> Resent-From: gnats-admin@FreeBSD.org (GNATS Management) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: gnats-admin@FreeBSD.org, Jesper Skriver Received: from tam.skriver.dk (tam.skriver.dk [193.162.74.6]) by hub.freebsd.org (Postfix) with ESMTP id 1AAA237B400 for ; Sun, 31 Dec 2000 12:26:05 -0800 (PST) Received: (from root@localhost) by tam.skriver.dk (8.11.1/8.11.1) id eBVKQ1c00576; Sun, 31 Dec 2000 21:26:01 +0100 (CET) (envelope-from jesper) Message-Id: <200012312026.eBVKQ1c00576@tam.skriver.dk> Date: Sun, 31 Dec 2000 21:26:01 +0100 (CET) From: Jesper Skriver Sender: jesper@tam.skriver.dk Reply-To: Jesper Skriver To: FreeBSD-gnats-submit@freebsd.org Cc: Jesper Skriver X-Send-Pr-Version: 3.113 Subject: kern/23986: Update of "react to ICMP unreachables" code Resent-Sender: gnats@FreeBSD.org Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 23986 >Category: kern >Synopsis: Update of "react to ICMP unreachables" code >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Dec 31 12:30:04 PST 2000 >Closed-Date: >Last-Modified: >Originator: Jesper Skriver >Release: FreeBSD 5.0-CURRENT i386 >Organization: none >Environment: System: FreeBSD tam 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Sun Dec 31 20:37:53 CET 2000 root@tam:/usr/obj/usr/src/sys/TAM2 i386 >Description: Update of the code to react on ICMP unreachables. PHK has previously committed this code, see kern/23086 & kern/23655 We now let ICMP unreachables kill TCP sessions regardless of state, and all other unreachables (except "need to fragment, but DF bit set") will kill sessions in SYN-SENT state. Broken down the changes are: - remove unneeded loop increment in src/sys/netinet/in_pcb.c:in_pcbnotify - add new PRC_UNREACH_ADMIN_PROHIB in sys/sys/protosw.h - remove condition on TCP in src/sys/netinet/ip_icmp.c:icmp_input - in src/sys/netinet/ip_icmp.c:icmp_input set code = PRC_UNREACH_ADMIN_PROHIB or PRC_UNREACH_HOST for all unreachables except ICMP_UNREACH_NEEDFRAG - rename sysctl icmp_admin_prohib_like_rst to icmp_unreach_like_rst to reflect the fact that we also react on ICMP unreachables that are not administrative prohibited. Also update the comments to reflect this. - in sys/netinet/tcp_subr.c:tcp_ctlinput add code to treat PRC_UNREACH_ADMIN_PROHIB and PRC_UNREACH_HOST different. >How-To-Repeat: >Fix: Apply this diff: diff -ru sys/sys.old/protosw.h sys/sys/protosw.h --- sys/sys.old/protosw.h Sun Dec 31 18:45:14 2000 +++ sys/sys/protosw.h Sun Dec 31 20:05:52 2000 @@ -275,8 +275,9 @@ #define PRC_TIMXCEED_INTRANS 18 /* packet lifetime expired in transit */ #define PRC_TIMXCEED_REASS 19 /* lifetime expired on reass q */ #define PRC_PARAMPROB 20 /* header incorrect */ +#define PRC_UNREACH_ADMIN_PROHIB 21 /* packet administrativly prohibited */ -#define PRC_NCMDS 21 +#define PRC_NCMDS 22 #define PRC_IS_REDIRECT(cmd) \ ((cmd) >= PRC_REDIRECT_NET && (cmd) <= PRC_REDIRECT_TOSHOST) @@ -288,7 +289,7 @@ "NET-UNREACH", "HOST-UNREACH", "PROTO-UNREACH", "PORT-UNREACH", "#12", "SRCFAIL-UNREACH", "NET-REDIRECT", "HOST-REDIRECT", "TOSNET-REDIRECT", "TOSHOST-REDIRECT", "TX-INTRANS", "TX-REASS", - "PARAMPROB" + "PARAMPROB", "ADMIN-UNREACH" }; #endif diff -ru sys/netinet.old/in_pcb.c sys/netinet/in_pcb.c --- sys/netinet.old/in_pcb.c Sun Dec 31 16:07:05 2000 +++ sys/netinet/in_pcb.c Sun Dec 31 21:10:25 2000 @@ -732,7 +732,6 @@ * and TCP port numbers. */ if ((tcp_seq_check == 1) && (tcp_seq_vs_sess(inp, tcp_sequence) == 0)) { - inp = inp->inp_list.le_next; break; } oinp = inp; diff -ru sys/netinet.old/ip_icmp.c sys/netinet/ip_icmp.c --- sys/netinet.old/ip_icmp.c Sun Dec 31 16:07:05 2000 +++ sys/netinet/ip_icmp.c Sun Dec 31 19:58:31 2000 @@ -315,11 +315,23 @@ case ICMP_UNREACH: switch (code) { case ICMP_UNREACH_NET: + code = PRC_UNREACH_HOST; + break; + case ICMP_UNREACH_HOST: + code = PRC_UNREACH_HOST; + break; + case ICMP_UNREACH_PROTOCOL: + code = PRC_UNREACH_HOST; + break; + case ICMP_UNREACH_PORT: + code = PRC_UNREACH_HOST; + break; + case ICMP_UNREACH_SRCFAIL: - code += PRC_UNREACH_NET; + code = PRC_UNREACH_HOST; break; case ICMP_UNREACH_NEEDFRAG: @@ -327,37 +339,43 @@ break; case ICMP_UNREACH_NET_UNKNOWN: + code = PRC_UNREACH_HOST; + break; + case ICMP_UNREACH_NET_PROHIB: - if (icp->icmp_ip.ip_p == IPPROTO_TCP) { - code = PRC_UNREACH_PORT; - break; - } + code = PRC_UNREACH_ADMIN_PROHIB; + break; case ICMP_UNREACH_TOSNET: - code = PRC_UNREACH_NET; + code = PRC_UNREACH_HOST; break; case ICMP_UNREACH_HOST_UNKNOWN: + code = PRC_UNREACH_HOST; + break; + case ICMP_UNREACH_ISOLATED: + code = PRC_UNREACH_HOST; + break; + case ICMP_UNREACH_HOST_PROHIB: - if (icp->icmp_ip.ip_p == IPPROTO_TCP) { - code = PRC_UNREACH_PORT; - break; - } + code = PRC_UNREACH_ADMIN_PROHIB; + break; case ICMP_UNREACH_TOSHOST: code = PRC_UNREACH_HOST; break; case ICMP_UNREACH_FILTER_PROHIB: - if (icp->icmp_ip.ip_p == IPPROTO_TCP) { - code = PRC_UNREACH_PORT; - break; - } + code = PRC_UNREACH_ADMIN_PROHIB; + break; case ICMP_UNREACH_HOST_PRECEDENCE: + code = PRC_UNREACH_HOST; + break; + case ICMP_UNREACH_PRECEDENCE_CUTOFF: - code = PRC_UNREACH_PORT; + code = PRC_UNREACH_HOST; break; default: diff -ru sys/netinet.old/tcp_subr.c sys/netinet/tcp_subr.c --- sys/netinet.old/tcp_subr.c Sun Dec 31 16:07:04 2000 +++ sys/netinet/tcp_subr.c Sun Dec 31 20:18:15 2000 @@ -135,24 +135,31 @@ &tcbinfo.ipi_count, 0, "Number of active PCBs"); /* - * Treat ICMP administratively prohibited like a TCP RST - * as required by rfc1122 section 3.2.2.1 + * Treat ICMP unreachables like a TCP RST as required by rfc1122 section 3.2.2.1 + * + * Administatively prohibited kill's sessions regardless of + * their current state, other unreachable by default only kill + * sessions if they are in SYN-SENT state, this ensure temporary + * routing problems doesn't kill existing TCP sessions. + * This can be overridden by icmp_like_rst_syn_sent_only. */ -static int icmp_admin_prohib_like_rst = 1; -SYSCTL_INT(_net_inet_tcp, OID_AUTO, icmp_admin_prohib_like_rst, CTLFLAG_RW, - &icmp_admin_prohib_like_rst, 0, - "Treat ICMP administratively prohibited messages like TCP RST, rfc1122 section 3.2.2.1"); +static int icmp_unreach_like_rst = 1; +SYSCTL_INT(_net_inet_tcp, OID_AUTO, icmp_unreach_like_rst, CTLFLAG_RW, + &icmp_unreach_like_rst, 0, + "Treat ICMP unreachable messages like TCP RST, rfc1122 section 3.2.2.1"); /* - * When icmp_admin_prohib_like_rst is enabled, only act on - * sessions in SYN-SENT state + * Control if ICMP unreachable messages other that administratively prohibited + * ones will kill sessions not in SYN-SENT state. + * + * Has no effect unless icmp_unreach_like_rst is enabled. */ static int icmp_like_rst_syn_sent_only = 1; SYSCTL_INT(_net_inet_tcp, OID_AUTO, icmp_like_rst_syn_sent_only, CTLFLAG_RW, &icmp_like_rst_syn_sent_only, 0, - "When icmp_admin_prohib_like_rst is enabled, only act on sessions in SYN-SENT state"); + "When icmp_unreach_like_rst is enabled, only act on sessions in SYN-SENT state"); static void tcp_cleartaocache __P((void)); static void tcp_notify __P((struct inpcb *, int)); @@ -983,17 +990,27 @@ if (cmd == PRC_QUENCH) notify = tcp_quench; - else if ((icmp_admin_prohib_like_rst == 1) && (cmd == PRC_UNREACH_PORT) && - (ip) && ((IP_VHL_HL(ip->ip_vhl) << 2) == sizeof(struct ip))) { + else if ((icmp_unreach_like_rst == 1) && ((cmd == PRC_UNREACH_HOST) || + (cmd == PRC_UNREACH_ADMIN_PROHIB)) && (ip) && + ((IP_VHL_HL(ip->ip_vhl) << 2) == sizeof(struct ip))) { /* * Only go here if the length of the IP header in the ICMP packet * is 20 bytes, that is it doesn't have options, if it does have * options, we will not have the first 8 bytes of the TCP header, * and thus we cannot match against TCP source/destination port * numbers and TCP sequence number. + * + * If PRC_UNREACH_ADMIN_PROHIB drop session regardsless of current + * state, else we check the sysctl icmp_like_rst_syn_sent_only to + * see if we should drop the session only in SYN-SENT state, or + * in all states. */ tcp_seq_check = 1; - notify = tcp_drop_syn_sent; + if (cmd == PRC_UNREACH_ADMIN_PROHIB) { + notify = tcp_drop_all_states; + } else { + notify = tcp_drop_syn_sent; + } } else if (cmd == PRC_MSGSIZE) notify = tcp_mtudisc; else if (!PRC_IS_REDIRECT(cmd) && @@ -1146,6 +1163,20 @@ struct tcpcb *tp = intotcpcb(inp); if((tp) && ((icmp_like_rst_syn_sent_only == 0) || (tp->t_state == TCPS_SYN_SENT))) + tcp_drop(tp, errno); +} + +/* + * When a ICMP unreachable is recieved, drop the + * TCP connection, regardless of the state. + */ +void +tcp_drop_all_states(inp, errno) + struct inpcb *inp; + int errno; +{ + struct tcpcb *tp = intotcpcb(inp); + if(tp) tcp_drop(tp, errno); } diff -ru sys/netinet.old/tcp_var.h sys/netinet/tcp_var.h --- sys/netinet.old/tcp_var.h Sun Dec 31 16:07:04 2000 +++ sys/netinet/tcp_var.h Sun Dec 31 20:30:12 2000 @@ -388,6 +388,7 @@ void tcp_mss __P((struct tcpcb *, int)); int tcp_mssopt __P((struct tcpcb *)); void tcp_drop_syn_sent __P((struct inpcb *, int)); +void tcp_drop_all_states __P((struct inpcb *, int)); void tcp_mtudisc __P((struct inpcb *, int)); struct tcpcb * tcp_newtcpcb __P((struct inpcb *)); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message From owner-freebsd-bugs Sun Dec 31 13: 0: 4 2000 From owner-freebsd-bugs@FreeBSD.ORG Sun Dec 31 13:00:01 2000 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D199337B402 for ; Sun, 31 Dec 2000 13:00:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id eBVL01M04452; Sun, 31 Dec 2000 13:00:01 -0800 (PST) (envelope-from gnats) Resent-Date: Sun, 31 Dec 2000 13:00:01 -0800 (PST) Resent-Message-Id: <200012312100.eBVL01M04452@freefall.freebsd.org> Resent-From: gnats-admin@FreeBSD.org (GNATS Management) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: gnats-admin@FreeBSD.org, sthg@hotmail.com Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 0644C37B400 for ; Sun, 31 Dec 2000 12:50:24 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id eBVKoNu03852; Sun, 31 Dec 2000 12:50:23 -0800 (PST) (envelope-from nobody) Message-Id: <200012312050.eBVKoNu03852@freefall.freebsd.org> Date: Sun, 31 Dec 2000 12:50:23 -0800 (PST) From: sthg@hotmail.com Sender: nobody@FreeBSD.org To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: kern/23987: Debug string typo Resent-Sender: gnats@FreeBSD.org Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 23987 >Category: kern >Synopsis: Debug string typo >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Dec 31 13:00:01 PST 2000 >Closed-Date: >Last-Modified: >Originator: Stephen Grau >Release: 4.1-RELEASE >Organization: >Environment: FreeBSD xanadu.limgrau.org 4.1-RELEASE FreeBSD 4.1-RELEASE #1: Sun Dec 31 20:45:19 EST 2000 stg@xanadu.limgrau.org:/usr/src/sys/compile/FIREWALL9 i386 >Description: When having problems with microuptime going backwards, the symptoms look worse due to a typo in the debug message. Instead of a period, the second time is printed with a comma (in /usr/src/sys/kern/kern_synch.c). For example: Dec 31 23:01:37 xanadu /kernel: microuptime() went backwards (688450.094451 -> 688450,-695028036) Dec 31 23:01:37 xanadu /kernel: microuptime() went backwards (6884ckwards (688451.905274 -> 688451,885155) Dec 31 23:01:37 xanadu /kernel: microuptime() went backwards (688451.905274 -> 688451,899963) Dec 31 23:01:37 xanadu /kernel: microuptime() went backwards (688451.942972 -> 688451,923447) Also note that there is at least one other bug resulting in a negative usec value, probably subtracting when it should be adding, that I was not able to find. This comma has been a problem since 4.0 and still exists in 4.2. >How-To-Repeat: >Fix: Sorry, I don't know how to do a useful diff. /usr/src/sys/kern/$ diff kern_synch.c* 825c825 < printf("microuptime() went backwards (%ld.%06ld -> %ld.%06ld)\n", --- > printf("microuptime() went backwards (%ld.%06ld -> %ld,%06ld)\n", >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message From owner-freebsd-bugs Sun Dec 31 13:10: 5 2000 From owner-freebsd-bugs@FreeBSD.ORG Sun Dec 31 13:10:04 2000 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D975537B400 for ; Sun, 31 Dec 2000 13:10:03 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id eBVLA3Q07221; Sun, 31 Dec 2000 13:10:03 -0800 (PST) (envelope-from gnats) Date: Sun, 31 Dec 2000 13:10:03 -0800 (PST) Message-Id: <200012312110.eBVLA3Q07221@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Garrett Wollman Subject: kern/23986: Update of "react to ICMP unreachables" code Reply-To: Garrett Wollman Sender: gnats@FreeBSD.org Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR kern/23986; it has been noted by GNATS. From: Garrett Wollman To: Jesper Skriver Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: kern/23986: Update of "react to ICMP unreachables" code Date: Sun, 31 Dec 2000 16:02:15 -0500 (EST) < said: > We now let ICMP unreachables kill TCP sessions regardless of state, and all Cool! Bringing back a famous bug from 4.2BSD! -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message From owner-freebsd-bugs Sun Dec 31 14:11:41 2000 From owner-freebsd-bugs@FreeBSD.ORG Sun Dec 31 14:11:39 2000 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id B4B8837B400; Sun, 31 Dec 2000 14:11:39 -0800 (PST) Received: (from billf@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id eBVMBdI12706; Sun, 31 Dec 2000 14:11:39 -0800 (PST) (envelope-from billf) Date: Sun, 31 Dec 2000 14:11:39 -0800 (PST) From: Message-Id: <200012312211.eBVMBdI12706@freefall.freebsd.org> To: sthg@hotmail.com, billf@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: kern/23987: Debug string typo Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Synopsis: Debug string typo State-Changed-From-To: open->closed State-Changed-By: billf State-Changed-When: Sun Dec 31 14:11:05 PST 2000 State-Changed-Why: This was already fixed in rev1.91 of kern_synch.c, but never merged: Checking in kern_synch.c; /home/ncvs/src/sys/kern/kern_synch.c,v <-- kern_synch.c new revision: 1.87.2.3; previous revision: 1.87.2.2 done ... so I merged it. http://www.freebsd.org/cgi/query-pr.cgi?pr=23987 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message