svn commit: r367891 - head/sys/netinet
Michael Tuexen
tuexen at FreeBSD.org
Fri Nov 20 13:00:29 UTC 2020
Author: tuexen
Date: Fri Nov 20 13:00:28 2020
New Revision: 367891
URL: https://svnweb.freebsd.org/changeset/base/367891
Log:
Fix an issue I introuced in r367530: tcp_twcheck() can be called
with to == NULL for SYN segments. So don't assume tp != NULL.
Thanks to jhb@ for reporting and suggesting a fix.
PR: 250499
MFC after: 1 week
XMFC-with: r367530
Sponsored by: Netflix, Inc.
Modified:
head/sys/netinet/tcp_timewait.c
Modified: head/sys/netinet/tcp_timewait.c
==============================================================================
--- head/sys/netinet/tcp_timewait.c Fri Nov 20 12:31:02 2020 (r367890)
+++ head/sys/netinet/tcp_timewait.c Fri Nov 20 13:00:28 2020 (r367891)
@@ -374,6 +374,7 @@ tcp_twstart(struct tcpcb *tp)
/*
* Returns 1 if the TIME_WAIT state was killed and we should start over,
* looking for a pcb in the listen state. Returns 0 otherwise.
+ * It be called with to == NULL only for pure SYN-segments.
*/
int
tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th,
@@ -397,6 +398,8 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, stru
goto drop;
thflags = th->th_flags;
+ KASSERT(to != NULL || (thflags & (TH_SYN | TH_ACK)) == TH_SYN,
+ ("tcp_twcheck: called without options on a non-SYN segment"));
/*
* NOTE: for FIN_WAIT_2 (to be added later),
@@ -411,16 +414,6 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, stru
if (thflags & TH_RST)
goto drop;
- /*
- * If timestamps were negotiated during SYN/ACK and a
- * segment without a timestamp is received, silently drop
- * the segment.
- * See section 3.2 of RFC 7323.
- */
- if (((to->to_flags & TOF_TS) == 0) && (tw->t_recent != 0)) {
- goto drop;
- }
-
#if 0
/* PAWS not needed at the moment */
/*
@@ -454,6 +447,16 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, stru
*/
if ((thflags & TH_ACK) == 0)
goto drop;
+
+ /*
+ * If timestamps were negotiated during SYN/ACK and a
+ * segment without a timestamp is received, silently drop
+ * the segment.
+ * See section 3.2 of RFC 7323.
+ */
+ if (((to->to_flags & TOF_TS) == 0) && (tw->t_recent != 0)) {
+ goto drop;
+ }
/*
* Reset the 2MSL timer if this is a duplicate FIN.
More information about the svn-src-head
mailing list