133 lines
5.2 KiB
Text
133 lines
5.2 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-EN-19:01.cc_cubic Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: Connection stalls with CUBIC congestion control
|
|
|
|
Category: core
|
|
Module: tcp
|
|
Announced: 2019-01-09
|
|
Credits: Matt Garber, Hiren Panchasara
|
|
Affects: FreeBSD 12.0
|
|
Corrected: 2018-12-17 21:46:42 UTC (stable/12, 12.0-STABLE)
|
|
2019-01-09 18:38:35 UTC (releng/12.0, 12.0-RELEASE-p2)
|
|
|
|
For general information regarding FreeBSD Errata Notices and Security
|
|
Advisories, including descriptions of the fields above, security
|
|
branches, and the following sections, please visit
|
|
<URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
CUBIC is a modern congestion control algorithm for the Transmission Control
|
|
Protocol (TCP), which along with its predecessor BIC TCP is specifically
|
|
optimized for high bandwidth, high latency networks. It is widely
|
|
implemented across a variety of operating systems, and is the default TCP
|
|
implementation or enabled by default in recent versions of Linux and
|
|
Microsoft Windows. CUBIC is available as an alternate congestion control
|
|
algorithm since FreeBSD 9.0 using the cc_cubic module.
|
|
|
|
II. Problem Description
|
|
|
|
Changes to the cc_cubic module in FreeBSD 12.0 can cause network stuttering
|
|
or connection stalls when loaded and enabled as default.
|
|
|
|
III. Impact
|
|
|
|
FreeBSD 12.0 systems loading cc_cubic and setting non-default sysctl value
|
|
net.inet.tcp.cc.algorithm=cubic exhibit stuttering and complete stalls of
|
|
network connections. Under certain conditions, this may cause loss of system
|
|
availability over the network or service unreachability.
|
|
|
|
IV. Workaround
|
|
|
|
Disabling cc_cubic and selecting one of the alternate included congestion
|
|
control algorithms (e.g., newreno, htcp) will restore normal network
|
|
connectivity and alleviate stuttering and stalls. Note that disabling CUBIC
|
|
may cause a reduction in expected performance based on specific, unique
|
|
network condition characteristics and the module used as a workaround.
|
|
|
|
V. Solution
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your system to a supported FreeBSD stable or release / security
|
|
branch (releng) dated after the correction date, and reboot the system.
|
|
|
|
2) To update your system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
# shutdown -r +30 "Rebooting for FreeBSD errata update"
|
|
|
|
3) To update your system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
[FreeBSD 12.0]
|
|
# fetch https://security.FreeBSD.org/patches/EN-19:01/cc_cubic.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-19:01/cc_cubic.patch.asc
|
|
# gpg --verify cc_cubic.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile your kernel as described in
|
|
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
|
system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/12/ r342181
|
|
releng/12.0/ r342893
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:01.cc_cubic.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlw2Rb5fFIAAAAAALgAo
|
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
|
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
|
5cJGyRAAnpturBqU4XIZMdvInaVHOXA5P6KemeFuJkwz/aMtIbgefm49lvZVS4q6
|
|
RO8/GytONX1OHaoJQDdincVfRbe9x+ID+ulCJfSLuZMhjLYpxDQJo9d4NWZtvpBn
|
|
3wJNEQEXB0AjrYUOrebiT7yd3zA4f+7zSHu0Uvq4k5Tk0Xxsqxsx3/MG5ezEmdxx
|
|
IWub1RnYvgmUVJBKn/C5A4v17dE12VnZtLrnfhZ4K3U3mVZYc3cJxF34wSscVqYd
|
|
iAsntF786FV+hAXBX7wHa3JIqe+uXE2uemrquNmxgup+zrbVWPWPirgku2TVcvsm
|
|
m9aQILNc9RvJ/XkViLV8+ypqCymBFsl3VhO3dzmOnsbL72G9rqjQtgdYWT2dp69p
|
|
VyU4EWsTULXIbIBNxyrYhinT+DAqyt8bdrtyT3AhcVJaVk5B5APWnXiwjgS4mPN9
|
|
hf2mCjZw10tJgsqYYrBlTERomgHU/pyliu0Rt2sof5+iGArbe7ZhEorHrM7YhD9n
|
|
Hc+3oNzA0dYDStJQpEb4rJ7dEKP/mpppwIosMhPbku6u3ViafCJVq2dIGNQpDope
|
|
Mh00Kk7cY0o3Rukw2lGNc9vDbIyUSqT/jV4lBDhp4k5ilQynvkMZETLlynI+KQUH
|
|
J2uOOvYzkIZLzZyXtaQfkmrkV6DxzmjxDsqwiMz5DB7o70w/M54=
|
|
=e8Wg
|
|
-----END PGP SIGNATURE-----
|