diff options
| author | Michael Tuexen <tuexen@FreeBSD.org> | 2022-10-03 10:48:30 +0000 |
|---|---|---|
| committer | Michael Tuexen <tuexen@FreeBSD.org> | 2023-02-01 23:37:21 +0000 |
| commit | e52b662a3b5f509c3b4b6676b38beaa620b8c1a5 (patch) | |
| tree | 077dac05989dc333876e78f59f978f481d4c9c1c | |
| parent | a18afeac4902f8e50f2ce3ab78705de7e7ae8a59 (diff) | |
| download | src-e52b662a3b5f509c3b4b6676b38beaa620b8c1a5.tar.gz src-e52b662a3b5f509c3b4b6676b38beaa620b8c1a5.zip | |
tcp: honor drop_synfin sysctl variable in TIME-WAIT
Reviewed by: rrs@
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D36862
(cherry picked from commit f8b5681094dd752604bfa0603ba0be2873698f46)
| -rw-r--r-- | sys/netinet/tcp_timewait.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index 970f46274791..f15cf6dae762 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -50,9 +50,7 @@ __FBSDID("$FreeBSD$"); #include <sys/proc.h> #include <sys/socket.h> #include <sys/socketvar.h> -#ifndef INVARIANTS #include <sys/syslog.h> -#endif #include <sys/protosw.h> #include <sys/random.h> @@ -389,6 +387,7 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th, struct mbuf *m, int tlen) { struct tcptw *tw; + char *s; int thflags; tcp_seq seq; @@ -439,6 +438,17 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th, */ #endif + /* Honor the drop_synfin sysctl variable. */ + if ((thflags & TH_SYN) && (thflags & TH_FIN) && V_drop_synfin) { + if ((s = tcp_log_addrs(&inp->inp_inc, th, NULL, NULL))) { + log(LOG_DEBUG, "%s; %s: " + "SYN|FIN segment ignored (based on " + "sysctl setting)\n", s, __func__); + free(s, M_TCPLOG); + } + goto drop; + } + /* * If a new connection request is received * while in TIME_WAIT, drop the old connection |