DragonFly-2.3.2.195.gefca2 master sys/netinet tcp_input.c tcp_timer.c tcp_var.h

Matthew Dillon dillon at crater.dragonflybsd.org
Mon Jul 27 21:32:02 PDT 2009


commit efca2b8eccb027904b939aab35fde8c191acfc03
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Mon Jul 27 21:22:10 2009 -0700

    TCP - Fix re-establishment issues if a client reboots
    
    When the machine hosting the client side of a TCP connection
    reboots without clearing the connection, the server side will
    continue to believe that the connection is in an established
    state.  If the client attempts to reconnect using the same
    port pair (after rebooting, typically), the sequence space checks
    against DOS attacks on the server side will cause the SYN
    packets to be dropped.
    
    A dandy solution to this problem is to force a keep-alive within
    half a second of receiving a SYN on an ESTABLISHED socket.  The
    server will revalidate the connection and, since the client is
    actually alive, will get an immediately Reset.  The the next
    SYN attempt from the client will then succeed.
    
    A SYN sent as part of a DOS attack has little effect other then
    to cause the server to probe the established connection within
    half a second of receiving the bogus SYN.
    
    In particular, this fixes issues with TCP NFS connections.  NFS
    clients are often unable to umount the NFS mounts and the TCP
    connection is left established through the reboot.  Instead of
    hanging on SYNs being simply dropped by the server, the server
    now properly detects that the connection is in fact dead after
    the first SYN and properly reestablishes it on the next one.

Summary of changes:
 sys/netinet/tcp_input.c |   26 +++++++++++++++++++++-----
 sys/netinet/tcp_timer.c |    4 ++--
 sys/netinet/tcp_var.h   |    1 +
 3 files changed, 24 insertions(+), 7 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/efca2b8eccb027904b939aab35fde8c191acfc03


-- 
DragonFly BSD source repository





More information about the Commits mailing list