Bug #3869

tcp anon port calculation wrong

Added by Arne Jansen about 4 years ago. Updated about 4 years ago.

Status:ResolvedStart date:2013-07-04
Priority:NormalDue date:
Assignee:Dan McDonald% Done:

100%

Category:networking
Target version:-
Difficulty:Bite-size Tags:needs-triage

Description

If tcp_largest_anon_port gets tuned down from the default of 65536, some percentage of all source ports for outgoing tcp connections are chosen as tcp_smallest_anon_port. E.g., if you tune down tcp_largest_anon_port to 49152, 1/4 of all connections will use port 32768 as source port. If you make several successive connections to the same peer, some connections will be rejected with RST, as the tuple is still in use on the peer.

The problem is here:
[[http://src.illumos.org/source/xref/illumos-gate/usr/src/uts/common/inet/tcp/tcp_bind.c#230]]
The test has to be expanded to also check for port > largest_anon_port.

Workarounds:
a) don't tune down
b) disable random anon port

History

#1 Updated by Dan McDonald about 4 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 30
  • Assignee set to Dan McDonald

Filer is correct in diagnosing the problem.

We have a summer intern here for a while, this is a perfect first Illumos bug for him. I'll be "assigned" to it, but its his to fix.

#2 Updated by Dan McDonald about 4 years ago

  • % Done changed from 30 to 80

Matt (our intern) has it under test now. We used this DTrace one-liner:

dtrace -n 'tcp_update_next_port:return / arg1 != 0 / { @lports = lquantize(arg1, 32768, 32783, 1);}'

where 32768 and 32783 are the values of tcp_lowest_anon_port and tcp_highest_anon_port on the test box. If you try this at home, keep them close, or change the last argument to be something less granular (e.g. 10, 20, 100), lest you get a lot of output.

This bug will manifest with lowest_anon_port getting the lion's share of hits, with the graph to show it. With this bug fixed, the distribution will be nearly flat across all buckets.

#3 Updated by Dan McDonald about 4 years ago

  • % Done changed from 80 to 100
  • Status changed from In Progress to Pending RTI

#4 Updated by Dan McDonald about 4 years ago

  • Status changed from Pending RTI to Resolved

Also available in: Atom