Disallow broken ECN TCP stacks from using ECN
ClosedPublic
Actions

Authored by rscheff on Jan 28 2019, 1:56 AM.

Details

Reviewers

tuexen

Group Reviewers

transport

Commits

rS347081: MFC r343525:
rS343525: Fix the detection of ECN-setup SYN-ACK packets.

Summary

RFC3168 specifies on page 15, how to correctly negotiate for a TCP session with ECN support.

There are a (diminishing) number of middleboxes reflecting reserved TCP header bits. Simultaneously an increasing interest in deploying ECN, may lead to
the incorrect behavior for TCP sessions.

On a SYN, both CWR and ECE have to be set, while on the SYN,ACK only the ECE must be set, and CWR must be clear.

Test Plan

Simulating a non-compliant ECN client, injecting ECE-marked ACKs should not result in a reduction of cwnd (and no packets with the CWR bit set).

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

rscheff created this revision.Jan 28 2019, 1:56 AM

Herald added a reviewer: transport. · View Herald TranscriptJan 28 2019, 1:56 AM

Harbormaster completed remote builds in B22202: Diff 53286.Jan 28 2019, 1:56 AM

rscheff added a reviewer: tuexen.Jan 28 2019, 10:33 AM

rscheff set the repository for this revision to rS FreeBSD src repository - subversion.

Herald added a subscriber: imp. · View Herald TranscriptJan 28 2019, 10:33 AM

Here are two test scripts to validate both the proper behavior of ECN as a client, against a conformant RFC3168 client, as well as a non-conformant client which reflects back all header flags as received:

ecn-connect-test-client.pkt2 KBDownload

invalid-ecn-connect-test.pkt2 KBDownload

tuexen accepted this revision.Jan 28 2019, 12:04 PM

This revision is now accepted and ready to land.Jan 28 2019, 12:04 PM

Please apply the same fix to tcp_stacks/rack.c.

This revision now requires changes to proceed.Jan 28 2019, 12:23 PM