From 1b67beea1343270e729c7049dfd4c6892a6304c3 Mon Sep 17 00:00:00 2001 From: Mike Silbersack Date: Tue, 20 Nov 2007 06:56:04 +0000 Subject: [PATCH] Comment out the syncache's test which ensures that hosts which negotiate TCP timestamps in the initial SYN packet actually use them in the rest of the connection. Unfortunately, during the 7.0 testing cycle users have already found network devices that violate this constraint. RFC 1323 states 'and may send a TSopt in other segments' rather than 'and MUST send', so we must allow it. Discovered by: Rob Zietlow Tracked down by: Kip Macy PR: bin/118005 --- sys/netinet/tcp_syncache.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 738d8e7ba6c..0ff86323bc6 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -887,10 +887,15 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, "rejected\n", s, __func__, th->th_seq, sc->sc_irs); goto failed; } +#if 0 /* * If timestamps were present in the SYN and we accepted * them in our SYN|ACK we require them to be present from * now on. And vice versa. + * + * Unfortunately, during testing of 7.0 some users found + * network devices that violate this constraint, so it must + * be disabled. */ if ((sc->sc_flags & SCF_TIMESTAMP) && !(to->to_flags & TOF_TS)) { if ((s = tcp_log_addrs(inc, th, NULL, NULL))) @@ -898,6 +903,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, "segment rejected\n", s, __func__); goto failed; } +#endif if (!(sc->sc_flags & SCF_TIMESTAMP) && (to->to_flags & TOF_TS)) { if ((s = tcp_log_addrs(inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: Timestamp not expected, "