Bug 82963
| Summary: | [patch] TCP MD5 disables rfc1323 options on passive connections | ||
|---|---|---|---|
| Product: | Base System | Reporter: | Noritoshi Demizu <demizu> |
| Component: | kern | Assignee: | Andre Oppermann <andre> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Unspecified | ||
| Hardware: | Any | ||
| OS: | Any | ||
Responsible Changed From-To: freebsd-bugs->andre Look into this. State Changed From-To: open->patched Patch committed in netinet/tcp_syncache.c rev. 1.77. MFC pending. State Changed From-To: patched->closed MFC to RELENG_6 and RELENG_5 done. |
When the TCP MD5 Signature option is used on a TCP connection, both the TCP Timestamps option and the TCP Window Scale option are turned off. Below is an example of such scenario. # tcpdump -nXi lo0 tcp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo0, link-type NULL (BSD loopback), capture size 96 bytes 14:06:22.577329 IP 127.0.0.1.54072 > 127.0.0.1.58851: S 3668653428:3668653428(0) win 65535 <mss 16344,nop,wscale 1,nop,nop,timestamp 211371 0,opt-19:00000000000000000000000000000000,sackOK> 0x0000: 4500 0050 06bf 4000 4006 35e7 7f00 0001 E..P..@.@.5..... 0x0010: 7f00 0001 d338 e5e3 daab 3574 0000 0000 .....8....5t.... 0x0020: f002 ffff a8cd 0000 0204 3fd8 0103 0301 ..........?..... 0x0030: 0101 080a 0003 39ab 0000 0000 1312 0000 ......9......... 0x0040: 0000 0000 0000 0000 0000 0000 0000 0402 ................ 14:06:22.577774 IP 127.0.0.1.58851 > 127.0.0.1.54072: S 1998295442:1998295442(0) ack 3668653429 win 65535 <mss 16344,opt-19:00000000000000000000000000000000,sackOK> 0x0000: 4500 0040 06c0 4000 4006 35f6 7f00 0001 E..@..@.@.5..... 0x0010: 7f00 0001 e5e3 d338 771b 9192 daab 3575 .......8w.....5u 0x0020: b012 ffff 26dc 0000 0204 3fd8 1312 0000 ....&.....?..... 0x0030: 0000 0000 0000 0000 0000 0000 0000 0402 ................ 14:06:22.591606 IP 127.0.0.1.54072 > 127.0.0.1.58851: . ack 1 win 65535 <opt-19:00000000000000000000000000000000,eol> 0x0000: 4500 003c 06c1 4000 4006 35f9 7f00 0001 E..<..@.@.5..... 0x0010: 7f00 0001 d338 e5e3 daab 3575 771b 9193 .....8....5uw... 0x0020: a010 ffff 7cbf 0000 1312 0000 0000 0000 ....|........... 0x0030: 0000 0000 0000 0000 0000 0000 ............ (snip) This problem was reported in http://lists.freebsd.org/pipermail/freebsd-net/2005-April/006973.html Fix: I think the cause and the fix are as following: At line 987 in tcp_syncache.c 1.74, sc->sc_flags is overwritten by SCF_SIGNATURE. By this line, SCF_TIMESTAMP and SCF_WINSCALE are turned off. I think the operator "=" should be "|=". 986: if (to->to_flags & TOF_SIGNATURE) - 987: sc->sc_flags = SCF_SIGNATURE; + 987: sc->sc_flags |= SCF_SIGNATURE; With this change, the problem does not occur in my environment. How-To-Repeat: 1. Prepare a FreeBSD current box. Turn on the TCP MD5 option, the TCP Timestamps option, and the TCP Window Scale option. 2. On that box, start a server program that accepts a TCP connection. 3. Try to establish a TCP connection with the server program. The incoming SYN should include the TCP MD5 option, the TCP Timestamps option and the TCP Window Scale option. 4. The outgoing SYN+ACK inclues the TCP MD5 option. But it does not include the TCP Timestamps option and the TCP Window Scale option.