[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-09:03.fxp
From: FreeBSD Errata Notices <
Date: Wed, 24 Jun 2009 05:44:27 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-09:03.fxp Errata Notice The FreeBSD Project Topic: Poor TCP performance of fxp(4) Category: core Module: sys/dev Announced: 2009-06-24 Credits: Bjoern Koenig <This email address is being protected from spambots. You need JavaScript enabled to view it. > Pyun YongHyeon <This email address is being protected from spambots. You need JavaScript enabled to view it. > Affects: FreeBSD 7.2 Corrected: 2009-05-07 01:14:59 (RELENG_7, 7.2-STABLE) 2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p3) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.freebsd.org/>. I. Background fxp(4) is a network device driver which provides support for Ethernet adapters based on the Intel i82557, i82558, i82559, i82550, and i82562 chips. It supports TCP segmentation offload (TSO) for IPv4 on i82550 and i82551. II. Problem Description When a TSO option is enabled, fxp(4) always sets the length of outgoing IP packets as the interface MTU (Maximum Transmission Unit). This could could cause the packet to be lost when the TCP receiver advertises a smaller MSS (Maximum Segment Size) than the interface MTU on the sender side. III. Impact TCP connections via fxp(4) can cause significantly poor performance when the TSO option is enabled due to packet loss. Note that the loss depends on the receiver side's MSS. IV. Workaround Disable TSO of fxp(4) interfaces on your system. There are two ways to do this: (disable TSO of a specific interface; "fxp0" in the below example) # ifconfig fxp0 -tso (disable TSO of all interfaces on the system) # sysctl net.inet.tcp.tso=0 V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 7.2 system. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-09:03/fxp.patch # fetch http://security.FreeBSD.org/patches/EN-09:03/fxp.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/sys/dev/fxp/if_fxp.c 1.266.2.15 RELENG_7_2 src/UPDATING 1.507.2.23.2.5 src/sys/conf/newvers.sh 1.72.2.11.2.6 src/sys/dev/fxp/if_fxp.c 1.266.2.14.2.2 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r191867 releng/7.2/ r194808 - ------------------------------------------------------------------------- VII. References The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-09:03.fxp.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkpBvA0ACgkQFdaIBMps37IKbACfdnwjftNf/f/3c+hvxOKGz7eg osQAmwRaCBV/a2A3Pdxt/FxGwg+bHXM7 =rUkc -----END PGP SIGNATURE----- _______________________________________________This email address is being protected from spambots. You need JavaScript enabled to view it. mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-announce To unsubscribe, send any mail to "This email address is being protected from spambots. You need JavaScript enabled to view it. "
| Powered by: | MHonArc  |