FreeBSD TCP ignores zero window size

Jason Hellenthal jhellenthal at dataix.net
Fri Mar 30 16:01:01 UTC 2012 


On Sat, Mar 31, 2012 at 01:22:27AM +1100, Darren Reed wrote:
> I've been tracking down some problems with FreeBSD's sending
> of TCP packets and seem to have come to the conclusion that
> in FreeBSD 8.2-RELEASE, when the system is working with a
> TCP connection that has a moderate delay in it, FreeBSD's
> TCP ignores the other end telling it that the window size
> is now 0 and continues to send data. I suspect that this is
> meant to make sense because it is expecting that the ACK
> that will open up the window is already in transit. But that
> only accounts for the condition where the TCP on FreeBSD can
> compute and decide that the remote TCP will have its buffer
> full. What I find harder to accept is that when FreeBSD's
> TCP receives a TCP packet from the remote end advertising
> a window of 0, FreeBSD's response is to send more data and
> not a window probe or is that now the expected behaviour?
> And whilst you might say "ok" for a packet of data, I'm
> somewhat hard pressed to explain why FreeBSD's TCP sends
> multiple packets with data in them after receiving a TCP
> packet from the other end advertising a zero window size.
> 
> However this causes a problem with firewalls (;_) that are
> close to the FreeBSD end because for them, it appears that
> FreeBSD is sending data outside of its window.
> 
> Is this a known problem?
> If so, has it been fixed in a later version of FreeBSD?
> (No, I haven't tested anything other than 8.2)
> 
> In the packet flow below, 192.168.1.1 is FreeBSD and 10.1.1.1
> is the other end.
> 
> Darren

Hi Darren,

I do believe this is the following bug at first glance that was patched
after 8.2-RELEASE. and has to do more with x64 systems more than x32.

See: "A Tale of a TCP Bug" for details...

http://blogmal.42.org/tidbits/tcp-bug.story

http://lists.freebsd.org/pipermail/freebsd-net/2011-April/028466.html




> 
> --------------
> DATA(1440):seq(5f665916|5f665eb6) ack(9349a95d)+4096=9349b95d
> pass ip #48089 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(1240):seq(9349b485|9349b95d) ack(5f664296)+66240=5f674556
> pass ip #57457 1304(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1440):seq(5f665eb6|5f666456) ack(9349a95d)+4096=9349b95d
> pass ip #48149 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556
> pass ip #57459 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1440):seq(5f666456|5f6669f6) ack(9349a95d)+4096=9349b95d
> UFD2:td_end(5f6669f6) maxend(5f674556)
> pass ip #48150 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556
> pass ip #57460 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1440):seq(5f6669f6|5f666f96) ack(9349a95d)+4096=9349b95d
> pass ip #48178 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556
> pass ip #57461 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1440):seq(5f666f96|5f667536) ack(9349a95d)+4096=9349b95d
> pass ip #48181 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556
> pass ip #57462 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1440):seq(5f667536|5f667ad6) ack(9349a95d)+4096=9349b95d
> pass ip #48182 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556
> pass ip #57463 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1440):seq(5f667ad6|5f668076) ack(9349a95d)+4096=9349b95d
> pass ip #48183 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(0):seq(5f668076|5f668076) ack(9349a95d)+8192=9349c95d
> ack(9349a95d)+win(8192)
> pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(0):seq(9349b95d|9349b95d) ack(5f664296)+66240=5f674556
> pass ip #57464 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1428):seq(9349b95d|9349bef1) ack(5f664296)+66240=5f674556
> pass ip #57465 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1428):seq(9349bef1|9349c485) ack(5f664296)+66240=5f674556
> pass ip #57466 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1440):seq(5f668076|5f668616) ack(9349a95d)+8192=9349c95d
> pass ip #48184 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(0):seq(5f668bb6|5f668bb6) ack(9349a95d)+12288=9349d95d
> ack(9349a95d)+win(12288)
> pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(1240):seq(9349c485|9349c95d) ack(5f664296)+66240=5f674556
> pass ip #57467 1304(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1428):seq(9349c95d|9349cef1) ack(5f664296)+66240=5f674556
> pass ip #57468 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1428):seq(9349cef1|9349d485) ack(5f664296)+66240=5f674556
> pass ip #57469 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1440):seq(5f668bb6|5f669156) ack(9349a95d)+12288=9349d95d
> pass ip #48186 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(1240):seq(9349d485|9349d95d) ack(5f664296)+66240=5f674556
> pass ip #57470 1312(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1440):seq(5f664296|5f664836) ack(9349a95d)+12288=9349d95d
> pass ip #48193 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+48960=5f674556
> pass ip #57471 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+54088=5f67595e
> ack(5f668616)+win(54088)
> pass ip #57476 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+60632=5f6772ee
> ack(5f668616)+win(60632)
> pass ip #57489 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(0):seq(9349d95d|9349d95d) ack(5f668616)+64728=5f6782ee
> ack(5f668616)+win(64728)
> pass ip #57491 64(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(0):seq(5f6696f6|5f6696f6) ack(9349b485)+9408=9349d945
> pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(0):seq(5f6696f6|5f6696f6) ack(9349bef1)+6752=9349d951
> pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(0):seq(5f6696f6|5f6696f6) ack(9349c95d)+4096=9349d95d
> pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(0):seq(5f6696f6|5f6696f6) ack(9349d485)+1216=9349d945
> pass ip #0 52(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> win==0
> DATA(1440):seq(5f668616|5f668bb6) ack(9349d95d)+1=9349d95e
> pass ip #48360 1492(20) 6 10.1.1.1,22 > 192.168.1.1,28808 A
> --------------
> DATA(1440):seq(9349d95d|9349defd) ack(5f669156)+63360=5f6788d6
> ack(5f669156) seq(9349d95d)
> block ip #57494 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1440):seq(9349defd|9349e49d) ack(5f669156)+63360=5f6788d6
> ackskew 1440
> ack(5f669156) seq(9349defd)
> block ip #57495 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1440):seq(9349e49d|9349ea3d) ack(5f669156)+63360=5f6788d6
> ackskew 1440
> ack(5f669156) seq(9349e49d)
> block ip #57496 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1440):seq(9349ea3d|9349efdd) ack(5f669156)+63360=5f6788d6
> ackskew 1440
> ack(5f669156) seq(9349ea3d)
> block ip #57497 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> DATA(1440):seq(9349efdd|9349f57d) ack(5f669156)+63360=5f6788d6
> ackskew 1440
> ack(5f669156) seq(9349efdd)
> block ip #57498 1492(20) 6 192.168.1.1,28808 > 10.1.1.1,22 A
> --------------
> 
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

-- 
;s =;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20120330/27d0444f/attachment.pgp

More information about the freebsd-net mailing list