Syncookies break with Windows 8
Ed Maste
emaste at freebsd.org
Fri Feb 1 22:05:53 UTC 2013
On 1 February 2013 16:21, Kevin Day <kevin at your.org> wrote:
> We've got a large cluster of HTTP servers, each server handling >10,000req/sec. Occasionally, and during periods of heavy load, we'd get complaints from some users that downloads were working but going EXTREMELY slowly. After a whole lot of debugging, we narrowed it down to being only Windows 8 clients experiencing this problem. It turns out that FreeBSD's implementation of syncookies is likely violating RFC1323.
Kevin,
Thanks for the thorough analysis and report, although I didn't see
mention of which FreeBSD version you're running. It looks like andre@
added storage of the window scale option in the timestamp many years
ago in r162277[1], so I'm curious if you have an old version or
there's an issue with this implementation.
> This implementation extends the orginal idea and first implementation
> of FreeBSD by using not only the initial sequence number field to store
> information but also the timestamp field if present. This way we can
> keep track of the entire state we need to know to recreate the session in
> its original form. Almost all TCP speakers implement RFC1323 timestamps
> these days. For those that do not we still have to live with the known
> shortcomings of the ISN only SYN cookies. The use of the timestamp field
> causes the timestamps to be randomized if syncookies are enabled.
-Ed
[1] http://svnweb.freebsd.org/base?view=revision&revision=162277
More information about the freebsd-net
mailing list