Date: Sat, 13 Oct 2012 15:19:08 -0700 From: Jason Wolfe <nitroboost@gmail.com> To: John Baldwin <jhb@freebsd.org> Cc: net@freebsd.org Subject: Re: Dropping TCP options from retransmitted SYNs considered harmful Message-ID: <CAAAm0r3JGv3n8fX-GUpoS8CD2k9_mUBJxJ398__EH-y7SX_xrw@mail.gmail.com> In-Reply-To: <201210121213.11152.jhb@freebsd.org> References: <201210121213.11152.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 12, 2012 at 9:13 AM, John Baldwin <jhb@freebsd.org> wrote: > Back in 2001 FreeBSD added a hack to strip TCP options from retransmitted SYNs > starting with the 3rd SYN in this block in tcp_timer.c: > > /* > * Disable rfc1323 if we haven't got any response to > * our third SYN to work-around some broken terminal servers > * (most of which have hopefully been retired) that have bad VJ > * header compression code which trashes TCP segments containing > * unknown-to-them TCP options. > */ > if ((tp->t_state == TCPS_SYN_SENT) && (tp->t_rxtshift == 3)) > tp->t_flags &= ~(TF_REQ_SCALE|TF_REQ_TSTMP); > > There is even a PR for the original bug report: kern/1689 > > [..snip..] > > The original motivation of this change is to work around broken terminal > servers that were old when this change was added in 2001. Over 10 years later > I think we should at least have an option to turn this work-around off, and > possibly disable it by default. > > Thoughts? > > -- > John Baldwin Not that it alone merits keeping the code in, but there are some cases where this comes in handy. I ran into an issue with heavily trafficked Linux <-> FBSD boxes here - http://lists.freebsd.org/pipermail/freebsd-net/2012-March/031881.html. Linux would deny the connection because in FBSD ithe n and outbound timestamp randomization isn't sync'd to the same base, so when FBSD would hit a 2MSL connection Linux would simply ignore the SYN. After the 3rd SYN FBSD would drop support, and Linux would finally honor the request. I doubt this is too widespread, but it would probably break things for a few folks. Jason
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAAm0r3JGv3n8fX-GUpoS8CD2k9_mUBJxJ398__EH-y7SX_xrw>