os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/advisories/FreeBSD-EN-09:03.fxp.asc
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their 
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

117 lines
3.7 KiB
Text
Raw Blame History

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-EN-09:03.fxp Errata Notice
The FreeBSD Project
Topic: Poor TCP performance of fxp(4)
Category: core
Module: sys/dev
Announced: 2009-06-24
Credits: Bjoern Koenig <bkoenig@alpha-tierchen.de>
Pyun YongHyeon <yongari@FreeBSD.org>
Affects: FreeBSD 7.2
Corrected: 2009-05-07 01:14:59 (RELENG_7, 7.2-STABLE)
2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p2)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.
I. Background
fxp(4) is a network device driver which provides support for Ethernet
adapters based on the Intel i82557, i82558, i82559, i82550, and i82562
chips. It supports TCP segmentation offload (TSO) for IPv4 on i82550
and i82551.
II. Problem Description
When a TSO option is enabled, fxp(4) always sets the length of outgoing IP
packets as the interface MTU (Maximum Transmission Unit). This could
could cause the packet to be lost when the TCP receiver advertises a smaller
MSS (Maximum Segment Size) than the interface MTU on the sender side.
III. Impact
TCP connections via fxp(4) can cause significantly poor performance
when the TSO option is enabled due to packet loss. Note that the loss
depends on the receiver side's MSS.
IV. Workaround
Disable TSO of fxp(4) interfaces on your system. There are two ways
to do this:
(disable TSO of a specific interface; "fxp0" in the below example)
# ifconfig fxp0 -tso
(disable TSO of all interfaces on the system)
# sysctl net.inet.tcp.tso=0
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2
security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 7.2 system.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-09:03/fxp.patch
# fetch http://security.FreeBSD.org/patches/EN-09:03/fxp.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot
the system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_7
src/sys/dev/fxp/if_fxp.c 1.266.2.15
RELENG_7_2
src/UPDATING 1.507.2.23.2.5
src/sys/conf/newvers.sh 1.72.2.11.2.6
src/sys/dev/fxp/if_fxp.c 1.266.2.14.2.2
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/7/ r191867
releng/7.2/ r194808
- -------------------------------------------------------------------------
VII. References
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-09:03.fxp.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAkpB3kwACgkQFdaIBMps37IjxwCgkw+SiBKPWl/VV5dudLRZEi/2
upMAn2CNg1EOpeM4FCuS+C5KaXwIehh2
=sX1l
-----END PGP SIGNATURE-----
Reference in a new issue View git blame Copy permalink