deadsimple BSD Security Advisories and Announcements

FreeBSD Errata Notice FreeBSD-EN-19:01.cc_cubic

Hash: SHA512

FreeBSD-EN-19:01.cc_cubic                                       Errata Notice
                                                          The FreeBSD Project

Topic:          Connection stalls with CUBIC congestion control

Category:       core
Module:         tcp
Announced:      2019-01-09
Credits:        Matt Garber, Hiren Panchasara
Affects:        FreeBSD 12.0
Corrected:      2018-12-17 21:46:42 UTC (stable/12, 12.0-STABLE)
                2019-01-09 18:38:35 UTC (releng/12.0, 12.0-RELEASE-p2)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit

I.   Background

CUBIC is a modern congestion control algorithm for the Transmission Control
Protocol (TCP), which along with its predecessor BIC TCP is specifically
optimized for high bandwidth, high latency networks.  It is widely
implemented across a variety of operating systems, and is the default TCP
implementation or enabled by default in recent versions of Linux and
Microsoft Windows.  CUBIC is available as an alternate congestion control
algorithm since FreeBSD 9.0 using the cc_cubic module.

II.  Problem Description

Changes to the cc_cubic module in FreeBSD 12.0 can cause network stuttering
or connection stalls when loaded and enabled as default.

III. Impact

FreeBSD 12.0 systems loading cc_cubic and setting non-default sysctl value exhibit stuttering and complete stalls of
network connections.  Under certain conditions, this may cause loss of system
availability over the network or service unreachability.

IV.  Workaround

Disabling cc_cubic and selecting one of the alternate included congestion
control algorithms (e.g., newreno, htcp) will restore normal network
connectivity and alleviate stuttering and stalls.  Note that disabling CUBIC
may cause a reduction in expected performance based on specific, unique
network condition characteristics and the module used as a workaround.

V.   Solution

Perform one of the following:

1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date, and reboot the system.

2) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install
# shutdown -r +30 "Rebooting for FreeBSD errata update"

3) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 12.0]
# fetch
# fetch
# gpg --verify cc_cubic.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:> and reboot the

VI.  Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path                                                      Revision
- -------------------------------------------------------------------------
stable/12/                                                        r342181
releng/12.0/                                                      r342893
- -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://

Or visit the following URL, replacing NNNNNN with the revision number:


VII. References

The latest revision of this advisory is available at

_______________________________________________ mailing list
To unsubscribe, send any mail to ""