kern/123950: TH_RST packet sended if received out-of-order data
(ACK) in SYN_RECEIVED state
wang jin
wangjin at myhexin.com
Sat May 24 08:00:02 UTC 2008
>Number: 123950
>Category: kern
>Synopsis: TH_RST packet sended if received out-of-order data (ACK) in SYN_RECEIVED state
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat May 24 08:00:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: wang jin
>Release: FreeBSD 7.0
>Organization:
Hexin
>Environment:
FreeBSD cachemd 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Fri Mar 28 02:16:39 CST 2008 root at cachemd:/usr/src/sys/i386/compile/mykernel i386
>Description:
TH_RST packet sended if received out-of-order data (ACK) in SYN_RECEIVED state:
tcpdump -iem0 -n host 211.1.1.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes
15:35:55.354254 IP 211.1.1.1.6056 > 192.168.0.199.80: S 891246588:891246588(0) win 32768 <mss 1380,wscale 0,nop>
15:35:55.354503 IP 192.168.0.199.80 > 211.1.1.1.6056: S 2752342465:2752342465(0) ack 891246589 win 65535 <mss 1380>
15:35:56.359624 IP 211.1.1.1.6056 > 192.168.0.199.80: P 1381:1481(100) ack 1 win 32768
15:35:56.359806 IP 192.168.0.199.80 > 211.1.1.1.6056: R 2752342466:2752342466(0) win 0
15:35:57.366606 IP 211.1.1.1.6056 > 192.168.0.199.80: P 1:1381(1380) ack 1 win 32768
15:35:57.466694 IP 192.168.0.199.80 > 211.1.1.1.6056: . ack 1381 win 65535
Although TH_RST packet is sended, the connection state is ESTABLISHED
netstat -n | grep 211.1.1.1
tcp4 0 0 192.168.0.199.80 211.1.1.1.6056 ESTABLISHED
>How-To-Repeat:
the problem occurs when the first packet contained ACK from client is lost, or is out of order
>Fix:
the problem is caused by the following code(line 892,tcp_syncache.c):
/*
* The SEQ must match the received initial receive sequence
* number + 1 (the SYN) because we didn't ACK any data that
* may have come with the SYN.
*/
if (th->th_seq != sc->sc_irs + 1) {
if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
log(LOG_DEBUG, "%s; %s: SEQ %u != IRS+1 %u, segment "
"rejected\n", s, __func__, th->th_seq, sc->sc_irs);
goto failed;
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list