250357 – [tcp] RFC 5961 is not implemented completely

Bug 250357 - [tcp] RFC 5961 is not implemented completely

Summary: [tcp] RFC 5961 is not implemented completely

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	Unspecified
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Michael Tuexen

URL:
Keywords:	needs-qa

Depends on:
Blocks:

Reported:	2020-10-15 03:49 UTC by Yonghao Zou
Modified:	2024-08-03 23:23 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
dmesg.boot (18.70 KB, text/plain) 2020-10-16 02:56 UTC, Yonghao Zou	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yonghao Zou 2020-10-15 03:49:32 UTC

It seems that RFC 5961 is not implemented completely, the following packetdrill script cannot get a same result as Linux.

```
0  socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
+0 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
+0 bind(3, ..., ...) = 0
+0 listen(3, 1) = 0

+0 < S 0:0(0) win 12336 <TS val 100 ecr 0,eol,mss 14705,eol>
+0 ~ +1  > S. 0:0(0) ack 1 <...>

+.1 < . 1:1(0) ack 1 win 32792 <mss 1000,sackOK,nop,wscale 7, nop, nop>
+0.2 accept(3, ..., ...) = 4
+0 fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0

+0 < . 1:2833(2832) ack 1 win 25726 
+0 < . 1:7999(7998) ack 1 win 25198 
+0 < . 7999:13219(5220) ack 1 win 13129 
+0 < . 7999:8760(761) ack 1 win 30256 
+0 < . 8760:14656(5896) ack 892600372 win 36462 
+0.1 read(4, ..., 20000) =  13218

+0 < . 8760:9769(1009) ack 1 win 14709 <sackOK,eol,eol>
+0 < . 9769:17706(7937) ack 1 win 30540 <nop,eol,eol,eol>
+0.1 read(4, ..., 20000) =  4487

+0 < . 17706:26874(9168) ack 2560098456 win 28277 
// f-stack got 9168
+0.1 read(4, ..., 20000) =  -1
```

Comment 1 Kubilay Kocak freebsd_committer

2020-10-16 01:35:29 UTC

@Reporter Can you please provide additional information:

- What is the expected behaviour and what is the actual/current behaviour?
- What FreeBSD version? (uname -a output)
- /var/run/dmesg.boot output (as an attachment)

Comment 2 Yonghao Zou 2020-10-16 02:56:57 UTC

Created attachment 218783 [details]
dmesg.boot

Comment 3 Yonghao Zou 2020-10-16 02:57:17 UTC

(In reply to Kubilay Kocak from comment #1)

1. The last "read" in the script should return -1 because the ack value of the packet before this read is out of range, but currently FreeBSD accept this packet and the read return 9168.

2. FreeBSD freebsd 12.1-RELEASE FreeBSD 12.1-RELEASE r354233 GENERIC  amd64

3. see attachment

Comment 4 Michael Tuexen freebsd_committer

2024-07-05 23:08:43 UTC

A patch is under review D45894.

Comment 5 commit-hook freebsd_committer

2024-07-21 18:44:12 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=646c28ea80cb0f9258386626297495b5a0e56db5

commit 646c28ea80cb0f9258386626297495b5a0e56db5
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2024-07-21 09:37:35 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2024-07-21 09:37:35 +0000

    tcp: improve SEG.ACK validation

    Implement the improved SEG.ACK validation described in RFC 5961.
    In addition to that, also detect ghost ACKs, which are ACKs for data
    that has never been sent.
    The additional checks are enabled by default, but can be disabled
    by setting the sysctl-variable net.inet.tcp.insecure_ack to a
    non-zero value.

    PR:                     250357
    Reviewed by:            Peter Lei, rscheff (older version)
    MFC after:              1 week
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D45894

 share/man/man4/tcp.4          |  5 ++++-
 sys/netinet/in_kdtrace.c      |  2 ++
 sys/netinet/in_kdtrace.h      |  3 +++
 sys/netinet/tcp_input.c       | 44 +++++++++++++++++++++++++++++++++++++++++++
 sys/netinet/tcp_stacks/bbr.c  | 37 ++++++++++++++++++++++++++++++++++++
 sys/netinet/tcp_stacks/rack.c | 39 ++++++++++++++++++++++++++++++++++++++
 sys/netinet/tcp_var.h         |  9 ++++++++-
 usr.bin/netstat/inet.c        |  8 ++++++--
 8 files changed, 143 insertions(+), 4 deletions(-)

Comment 6 commit-hook freebsd_committer

2024-08-03 23:06:32 UTC

A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=1ce8cf6f7bdf5e9f8e497be5e3c54767fa0a7cf8

commit 1ce8cf6f7bdf5e9f8e497be5e3c54767fa0a7cf8
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2024-07-21 09:37:35 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2024-08-03 23:05:13 +0000

    tcp: improve SEG.ACK validation

    Implement the improved SEG.ACK validation described in RFC 5961.
    In addition to that, also detect ghost ACKs, which are ACKs for data
    that has never been sent.
    The additional checks are enabled by default, but can be disabled
    by setting the sysctl-variable net.inet.tcp.insecure_ack to a
    non-zero value.

    PR:                     250357
    Reviewed by:            Peter Lei, rscheff (older version)
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D45894

    (cherry picked from commit 646c28ea80cb0f9258386626297495b5a0e56db5)

 share/man/man4/tcp.4          |  5 ++++-
 sys/netinet/tcp_input.c       | 44 +++++++++++++++++++++++++++++++++++++++++++
 sys/netinet/tcp_stacks/bbr.c  | 37 ++++++++++++++++++++++++++++++++++++
 sys/netinet/tcp_stacks/rack.c | 39 ++++++++++++++++++++++++++++++++++++++
 sys/netinet/tcp_var.h         |  8 +++++++-
 usr.bin/netstat/inet.c        |  8 ++++++--
 6 files changed, 137 insertions(+), 4 deletions(-)