diff options
| author | Michael Tuexen <tuexen@FreeBSD.org> | 2025-10-06 20:39:31 +0000 |
|---|---|---|
| committer | Michael Tuexen <tuexen@FreeBSD.org> | 2025-10-06 20:43:11 +0000 |
| commit | 8af2f06a99b10c0d3ab9021949e750852662672a (patch) | |
| tree | 59001018b938e87906b41d028052dfdf12fbf062 | |
| parent | 2d184465e8bb77d4620f509b04f19ea22656f28e (diff) | |
tcp: improve SEG.ACK validation in SYN-RECEIVED
According to the fifth step in SEGMENT ARRIVES, send a RST segment in
response to an ACK segment which fails the SEG.ACK check, but leave
the endpoint state unchanged.
FreeBSD handles this correctly when entering the SYN-RECEIVED state via
the SYN-SENT state, but not in the SYN-cache code, which handles the
SYN-RECEIVED state via the LISTEN state.
This also fixes a panic reported by Alexander Leidinger.
Reviewed by: jtl, glebius
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D52934
| -rw-r--r-- | sys/netinet/tcp_syncache.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 2bb99596f965..1fb6104a2944 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1285,7 +1285,8 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, "segment rejected\n", s, __func__, th->th_ack, sc->sc_iss + 1); SCH_UNLOCK(sch); - goto failed; + free(s, M_TCPLOG); + return (0); /* Do send RST, do not free sc. */; } TAILQ_REMOVE(&sch->sch_bucket, sc, sc_hash); |