From nobody@FreeBSD.org Mon Feb 4 13:58:52 2002 Return-Path: Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9E8F237B41D for ; Mon, 4 Feb 2002 13:58:51 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g14LwpU00886; Mon, 4 Feb 2002 13:58:51 -0800 (PST) (envelope-from nobody) Message-Id: <200202042158.g14LwpU00886@freefall.freebsd.org> Date: Mon, 4 Feb 2002 13:58:51 -0800 (PST) From: Joseph Ishac To: freebsd-gnats-submit@FreeBSD.org Subject: TCP - FINs with different sequence numbers X-Send-Pr-Version: www-1.0 >Number: 34619 >Category: kern >Synopsis: TCP - FINs with different sequence numbers >Confidential: no >Severity: serious >Priority: high >Responsible: bms >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Feb 04 14:00:02 PST 2002 >Closed-Date: Sun Jul 31 12:13:35 GMT 2005 >Last-Modified: Sun Jul 31 12:13:35 GMT 2005 >Originator: Joseph Ishac >Release: >Organization: NASA Glenn Research Center >Environment: >Description: Problem (below) discovered on OpenBSD. The problem code exists in the current (1.39.2.14) version of src/sys/netinet/tcp_output.c. However, the problem has not been verified on a FreeBSD box. OpenBSD fix by Niels Provos. After loosing a packet in the final window of data, the resulting retransmission carries the FIN bit erroneously (it is not the final packet and carries a different sequence number). See: OpenBSD PR number 2368 (http://cvs.openbsd.org/cgi-bin/wwwgnats.pl/full/2368) for sample output. >How-To-Repeat: >Fix: OpenBSD solution from Niels Provos Index: tcp_output.c =================================================================== --- tcp_output.c 14 Jan 2002 19:58:18 -0000 1.46 +++ tcp_output.c 2 Feb 2002 01:01:37 -0000 len = tp->t_maxseg; sendalot = 1; } - if (SEQ_LT(tp->snd_nxt + len, tp->snd_una + so->so_snd.sb_cc)) + if (off + len < so->so_snd.sb_cc) flags &= ~TH_FIN; win = sbspace(&so->so_rcv); >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-bugs->bms Responsible-Changed-By: bms Responsible-Changed-When: Fri Jun 18 02:26:51 GMT 2004 Responsible-Changed-Why: I'll take this. Fix in question can be found at: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_output.c.diff?r1=1.46&r2=1.47 It looks like this can go in as-is, but I'm going to ask silby if he can review it also. http://www.freebsd.org/cgi/query-pr.cgi?pr=34619 State-Changed-From-To: open->patched State-Changed-By: bms State-Changed-When: Fri Jun 18 02:48:03 GMT 2004 State-Changed-Why: Committed to HEAD http://www.freebsd.org/cgi/query-pr.cgi?pr=34619 From: Matteo Riondato To: Gnats PR Database Cc: bms@FreeBSD.org, jishac@grc.nasa.gov Subject: Re: kern/34619 TCP - FINs with different sequence numbers Date: Mon, 11 Apr 2005 13:55:56 +0200 This is fixed in RELENG_5 too, but not in RELENG_4. It seems that it is possible to merge to RELENG_4 but I'm not sure..If it's not, then this PR can be closed (or suspended) Thank you Best Regards --=20 Rionda aka Matteo Riondato Disinformato per default G.U.F.I. Staff Member (http://www.gufi.org) FreeSBIE Developer (http://www.freesbie.org) From: Joseph Ishac To: Matteo Riondato Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: kern/34619 TCP - FINs with different sequence numbers Date: Mon, 11 Apr 2005 14:21:49 -0400 This fix was inserted with revision 1.92 (B: MAIN) http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_output.c.diff?r1=1.91&r2=1.92&f=h It looks like the fix was _reversed_ with revision 1.99 (B: MAIN) in order to address a Sack issue. http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_output.c.diff?r1=1.98&r2=1.99&f=h Without looking at it in detail, it seems to me that the "else" block of the change in 1.99 should be identical to the block in rev 1.98 -Joseph On Mon, Apr 11, 2005 at 02:16:16PM +0200, Matteo Riondato wrote: > This is fixed in RELENG_5 too, but not in RELENG_4. > It seems that it is possible to merge to RELENG_4 but I'm not > sure..If it's not, then this PR can be closed (or suspended) > Thank you > Best Regards > -- > Rionda aka Matteo Riondato > Disinformato per default > G.U.F.I. Staff Member (http://www.gufi.org) > FreeSBIE Developer (http://www.freesbie.org) State-Changed-From-To: patched->closed State-Changed-By: matteo State-Changed-When: Sun Jul 31 12:12:43 GMT 2005 State-Changed-Why: Fixed, but won't be MFCed to RELENG_4 http://www.freebsd.org/cgi/query-pr.cgi?pr=34619 >Unformatted: