From nobody@FreeBSD.org  Sat May 24 07:57:32 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B85ED106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 24 May 2008 07:57:32 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id BF7438FC15
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 24 May 2008 07:57:32 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m4O7u2Ev008148
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 24 May 2008 07:56:02 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m4O7u2BP008147;
	Sat, 24 May 2008 07:56:02 GMT
	(envelope-from nobody)
Message-Id: <200805240756.m4O7u2BP008147@www.freebsd.org>
Date: Sat, 24 May 2008 07:56:02 GMT
From: wang jin <wangjin@myhexin.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: TH_RST packet sended if received out-of-order data (ACK) in SYN_RECEIVED state 
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         123950
>Category:       kern
>Synopsis:       [tcp] TH_RST packet sended if received out-of-order data (ACK) in SYN_RECEIVED state
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    ups
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat May 24 08:00:01 UTC 2008
>Closed-Date:    Tue Aug 05 22:08:17 UTC 2008
>Last-Modified:  Tue Aug 05 22:08:17 UTC 2008
>Originator:     wang jin
>Release:        FreeBSD 7.0
>Organization:
Hexin
>Environment:
FreeBSD cachemd 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Fri Mar 28 02:16:39 CST 2008     root@cachemd:/usr/src/sys/i386/compile/mykernel  i386
>Description:
TH_RST packet sended if received out-of-order data (ACK) in SYN_RECEIVED state:

tcpdump -iem0 -n host 211.1.1.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes
15:35:55.354254 IP 211.1.1.1.6056 > 192.168.0.199.80: S 891246588:891246588(0) win 32768 <mss 1380,wscale 0,nop>
15:35:55.354503 IP 192.168.0.199.80 > 211.1.1.1.6056: S 2752342465:2752342465(0) ack 891246589 win 65535 <mss 1380>
15:35:56.359624 IP 211.1.1.1.6056 > 192.168.0.199.80: P 1381:1481(100) ack 1 win 32768
15:35:56.359806 IP 192.168.0.199.80 > 211.1.1.1.6056: R 2752342466:2752342466(0) win 0
15:35:57.366606 IP 211.1.1.1.6056 > 192.168.0.199.80: P 1:1381(1380) ack 1 win 32768
15:35:57.466694 IP 192.168.0.199.80 > 211.1.1.1.6056: . ack 1381 win 65535

Although TH_RST packet is sended, the connection state is ESTABLISHED
netstat -n | grep 211.1.1.1
tcp4       0      0  192.168.0.199.80       211.1.1.1.6056         ESTABLISHED



>How-To-Repeat:
the problem occurs when the first packet contained ACK from client is lost, or is out of order
>Fix:
the problem is caused by the following code(line 892,tcp_syncache.c):

        /*
         * The SEQ must match the received initial receive sequence
         * number + 1 (the SYN) because we didn't ACK any data that
         * may have come with the SYN.
         */
        if (th->th_seq != sc->sc_irs + 1) {
                if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
                        log(LOG_DEBUG, "%s; %s: SEQ %u != IRS+1 %u, segment "
                            "rejected\n", s, __func__, th->th_seq, sc->sc_irs);
                goto failed;
        }



>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sat May 24 15:39:30 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123950 
Responsible-Changed-From-To: freebsd-net->ups 
Responsible-Changed-By: ups 
Responsible-Changed-When: Thu Jun 12 18:47:47 UTC 2008 
Responsible-Changed-Why:  
Currently working on the syn cache and have encountered the same problem. 
Fix should be checked in in a few days. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123950 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/123950: commit references a PR
Date: Mon, 16 Jun 2008 19:57:14 +0000 (UTC)

 ups         2008-06-16 19:56:59 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/netinet          tcp_syncache.c 
   Log:
   SVN rev 179832 on 2008-06-16 19:56:59Z by ups
   
   Fix a check in SYN cache expansion (syncache_expand()) to accept packets that arrive in the receive window instead of just on the left edge of the receive window.
   This is needed for correct behavior when packets are lost or reordered.
   
   PR:     kern/123950
   Reviewed by:    andre@, silby@
   Reported by:    Yahoo!, Wang Jin
   MFC after:      1 week
   
   Revision  Changes    Path
   1.146     +7 -4      src/sys/netinet/tcp_syncache.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: jhb 
State-Changed-When: Tue Aug 5 22:07:15 UTC 2008 
State-Changed-Why:  
Fix merged to RELENG_7 and HEAD. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123950 
>Unformatted:
