Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 24 May 2008 07:56:02 GMT
From:      wang jin <wangjin@myhexin.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/123950: TH_RST packet sended if received out-of-order data (ACK) in SYN_RECEIVED state 
Message-ID:  <200805240756.m4O7u2BP008147@www.freebsd.org>
Resent-Message-ID: <200805240800.m4O802OX058558@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         123950
>Category:       kern
>Synopsis:       TH_RST packet sended if received out-of-order data (ACK) in SYN_RECEIVED state
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat May 24 08:00:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     wang jin
>Release:        FreeBSD 7.0
>Organization:
Hexin
>Environment:
FreeBSD cachemd 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Fri Mar 28 02:16:39 CST 2008     root@cachemd:/usr/src/sys/i386/compile/mykernel  i386
>Description:
TH_RST packet sended if received out-of-order data (ACK) in SYN_RECEIVED state:

tcpdump -iem0 -n host 211.1.1.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes
15:35:55.354254 IP 211.1.1.1.6056 > 192.168.0.199.80: S 891246588:891246588(0) win 32768 <mss 1380,wscale 0,nop>
15:35:55.354503 IP 192.168.0.199.80 > 211.1.1.1.6056: S 2752342465:2752342465(0) ack 891246589 win 65535 <mss 1380>
15:35:56.359624 IP 211.1.1.1.6056 > 192.168.0.199.80: P 1381:1481(100) ack 1 win 32768
15:35:56.359806 IP 192.168.0.199.80 > 211.1.1.1.6056: R 2752342466:2752342466(0) win 0
15:35:57.366606 IP 211.1.1.1.6056 > 192.168.0.199.80: P 1:1381(1380) ack 1 win 32768
15:35:57.466694 IP 192.168.0.199.80 > 211.1.1.1.6056: . ack 1381 win 65535

Although TH_RST packet is sended, the connection state is ESTABLISHED
netstat -n | grep 211.1.1.1
tcp4       0      0  192.168.0.199.80       211.1.1.1.6056         ESTABLISHED



>How-To-Repeat:
the problem occurs when the first packet contained ACK from client is lost, or is out of order
>Fix:
the problem is caused by the following code(line 892,tcp_syncache.c):

        /*
         * The SEQ must match the received initial receive sequence
         * number + 1 (the SYN) because we didn't ACK any data that
         * may have come with the SYN.
         */
        if (th->th_seq != sc->sc_irs + 1) {
                if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
                        log(LOG_DEBUG, "%s; %s: SEQ %u != IRS+1 %u, segment "
                            "rejected\n", s, __func__, th->th_seq, sc->sc_irs);
                goto failed;
        }



>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805240756.m4O7u2BP008147>