From 870af3f4dc57a6bbfc03f6a49ca0d5b7ff1b975a Mon Sep 17 00:00:00 2001 From: Michael Tuexen Date: Fri, 11 Jun 2021 20:14:34 +0200 Subject: [PATCH] tcp: tolerate missing timestamps Some TCP stacks negotiate TS support, but do not send TS at all or not for keep-alive segments. Since this includes modern widely deployed stacks, tolerate the violation of RFC 7323 per default. Reviewed by: rgrimes, rrs, rscheff MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D30740 Sponsored by: Netflix, Inc. --- share/man/man4/tcp.4 | 6 ++++-- sys/netinet/tcp_subr.c | 9 ++++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/share/man/man4/tcp.4 b/share/man/man4/tcp.4 index 93d1e075e92d..1ff1ee28420f 100644 --- a/share/man/man4/tcp.4 +++ b/share/man/man4/tcp.4 @@ -34,7 +34,7 @@ .\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd April 24, 2021 +.Dd June 27, 2021 .Dt TCP 4 .Os .Sh NAME @@ -382,7 +382,9 @@ segments belonging to connections for which support of .Tn TCP timestamps has been negotiated. -(default is 0, i.e., the missing of timestamps is not tolerated). +As of June 2021, several TCP stacks are known to violate RFC 7323, including +modern widely deployed ones. +Therefore the default is 1, i.e., the missing of timestamps is tolerated. .It Dv TCPCTL_MSSDFLT .Pq Va mssdflt The default value used for the maximum segment size diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index a1531ea8d2f3..fbd84e763c0f 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -268,7 +268,14 @@ SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(tcp_do_rfc1323), 0, "Enable rfc1323 (high performance TCP) extensions"); -VNET_DEFINE(int, tcp_tolerate_missing_ts) = 0; +/* + * As of June 2021, several TCP stacks violate RFC 7323 from September 2014. + * Some stacks negotiate TS, but never send them after connection setup. Some + * stacks negotiate TS, but don't send them when sending keep-alive segments. + * These include modern widely deployed TCP stacks. + * Therefore tolerating violations for now... + */ +VNET_DEFINE(int, tcp_tolerate_missing_ts) = 1; SYSCTL_INT(_net_inet_tcp, OID_AUTO, tolerate_missing_ts, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(tcp_tolerate_missing_ts), 0, "Tolerate missing TCP timestamps");