FreeBSD 7 TCP syncache fix: request for testers
Robert Watson
rwatson at FreeBSD.org
Wed Jul 25 08:31:46 UTC 2007
On Wed, 25 Jul 2007, Mike Silbersack wrote:
> On Fri, 20 Jul 2007, Peter Wemm wrote:
>
>> TCP: [127.0.0.1]:52446 to [127.0.0.1]:1128 tcpflags 0x10<ACK>;
>> syncache_expand: Segment failed SYNCOOKIE authentication, segment
>> rejected (probably spoofed)
>> [...]
>>
>> How on earth can localhost be spoofing itself? This is getting quite
>> absurd. :-(
>
> Any extra ACK that arrives is probably being processed by the syncookie code
> is my guess. So, I think that the problem is probably anywhere except in
> the syncookie code.
>
>> I'll give your patch a shot and see if it improves things at all.
>
> It won't, not for this case. :(
>
> But I'll get it committed ASAP, because it fixes other cases. Unless, that
> is, things IRL keep interrupting me.
FYI, I received an informal report a few days ago that the SYN cache was
ignoring RSTs, and kept transmitting SYN/ACK's even though a RST had been
sent. This was during some local network testing where a host sends SYN
packets out to a large number of other hosts, then quickly resets the
connections after getting SYN/ACK's. Given that your previous work suggests
that the syncache timer never fires at all, I'm not quite sure what to make of
this report, but once your patches are in I can ask them to rerun it on one of
my hosts and see.
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-current
mailing list