SACK broken in HEAD/RELENG_7

James Healy jhealy at
Sun Nov 25 18:29:44 PST 2007

Hash: SHA1

While monitoring a data transfer between two 7-beta3 hosts with tcpdump
and SIFTR[1] last week, we noticed that SACK was not being negotiated as

The SACK option was sent in the SYN, but the option wasn't sent back in
the SYNACK, despite SACK being enabled on both hosts.

The problem seems to have been caused during some refactoring of
tcp_syncache.c back in march (r1.105), and is fixed by the single line
patch attached.

While investigating the issue, the comments relating to TOF_SACKPERM and
TOF_SACK in tcp_var.h made it a little harder to understand what was
going on. We interpreted the comment for TOF_SACK to imply that it was
used during the handshake. The attached patch only fixes the code, but
it might be worth tweaking these comments as well. Maybe something like:

#define TOF_SACKPERM  0x0004 /* SACK permitted */
#define TOF_SACK  0x0080     /* SACK hole data */

In our opinion, it might also be worth renaming SCF_SACK to SCF_SACKPERM
in tcp_syncache.c to semantically align it with the TOF defines in

James Healy and Lawrence Stewart

Version: GnuPG v1.4.7 (FreeBSD)
Comment: Using GnuPG with Mozilla -


Swinburne University of Technology
CRICOS Provider Code: 00111D

This e-mail and any attachments are confidential and intended only for the use of the addressee. They may contain information that is privileged or protected by copyright. If you are not the intended recipient, any dissemination, distribution, printing, copying or use is strictly prohibited. The University does not warrant that this e-mail and any attachments are secure and there is also a risk that it may be corrupted in transmission. It is your responsibility to check any attachments for viruses or defects before opening them. If you have received this transmission in error, please contact us on +61 3 9214 8000 and delete it immediately from your system. We do not accept liability in connection with computer virus, data corruption, delay, interruption, unauthorised access or unauthorised amendment.

Please consider the environment before printing this email.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freebsd7beta3_syncache_sack_fix.patch
Type: text/x-patch
Size: 328 bytes
Desc: not available
Url :

More information about the freebsd-current mailing list