tcp: improve SEG.ACK validation
ClosedPublic
Actions

Authored by tuexen on Jul 5 2024, 11:07 PM.

Details

Reviewers

jtl
peter.lei_ieee.org
lstewart
rrs
rscheff
gnn

Group Reviewers

transport

Commits

rG1ce8cf6f7bdf: tcp: improve SEG.ACK validation
rG646c28ea80cb: tcp: improve SEG.ACK validation

Summary

Implement the improved SEG.ACK validation described in RFC 5961. In addition to that, also detect ghost ACKs, which are ACKs for data that has never been sent.

The additional checks are enabled by default, but can be disabled by setting the sysctl-variable net.inet.tcp.insecure-ack to a non-zero value.

This issue was reported in PR 250357.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

tuexen created this revision.Jul 5 2024, 11:07 PM

Herald added a reviewer: gnn. · View Herald TranscriptJul 5 2024, 11:07 PM

Herald added a reviewer: transport. · View Herald Transcript

Herald added subscribers: glebius, melifaro, imp. · View Herald Transcript

tuexen requested review of this revision.Jul 5 2024, 11:07 PM

Improve output of netstat -sptcp.

rscheff accepted this revision.Jul 11 2024, 3:38 PM

This revision is now accepted and ready to land.Jul 11 2024, 3:38 PM

After reading the paper and IETF slides, it looks good to me on top of the general view. Just some small concerns below.

sys/netinet/tcp_input.c
2244	At the server side (listening side), I am thinking if we move the secure ACK check here and above the TOF_TS check, it would save cycles on checking these timestamps.
2447–2448	code style: As there are two lines, recommend using a pair of `{}` for readability.
sys/netinet/tcp_stacks/bbr.c
7715–7716	code style: Same here. As there are two lines, recommend using a pair of `{}` for readability.
sys/netinet/tcp_stacks/rack.c
12476–12477	code style: Same here. As there are two lines, recommend using a pair of `{}` for readability.

tuexen added inline comments.Jul 19 2024, 1:57 PM

sys/netinet/tcp_input.c
2244	This patch is only about improving the input validation, not about changing the sequence of checks. Please note that RFC 7323 requires to perform the timestamp checks before the `SEG.ACK` number checks.

tuexen marked an inline comment as done.Jul 19 2024, 1:58 PM

Always use the stricter check and address style issues reported by cc@.

This revision now requires review to proceed.Jul 19 2024, 3:00 PM

tuexen marked 3 inline comments as done.Jul 19 2024, 3:02 PM

tuexen added inline comments.

sys/netinet/tcp_input.c
2447–2448	Fixed.
sys/netinet/tcp_stacks/bbr.c
7715–7716	Fixed.
sys/netinet/tcp_stacks/rack.c
12476–12477	Fixed.

peter.lei_ieee.org accepted this revision.Jul 20 2024, 4:49 PM

This revision is now accepted and ready to land.Jul 20 2024, 4:49 PM

Thanks for the update. Looks better and just a small concern about TCP_MAXWIN for 65535.

sys/netinet/tcp_input.c
2244	I see, in the section `5.3. Basic PAWS Algorithm` from RFC7323 claims `Also, PAWS processing MUST take precedence over the regular TCP acceptability check (Section 3.3 in [RFC0793]), which is performed after verification of the received Timestamps option...`
2446	Can use `TCP_MAXWIN` instead of `65535`.