git: af700f430fd8 - main - tcp: no data on SYN segments unless doing TFO

The branch main has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=af700f430fd86ba3eae63e587985a12436db8f69

commit af700f430fd86ba3eae63e587985a12436db8f69
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2024-03-22 10:12:56 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2024-03-22 10:12:56 +0000

    tcp: no data on SYN segments unless doing TFO
    
    Ensure that there is no data on SYN segments unless doing TFO.
    This check is already in RACK and BBR.
    
    Reported by:            glebius
    Reviewed by:            rscheff
    MFC after:              1 week
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D44384
---
 sys/netinet/tcp_output.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c
index 6f7bf6f8b029..2bbc9414197c 100644
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@@ -470,6 +470,12 @@ after_sack_rexmit:
 	      (tp->t_tfo_client_cookie_len == 0)) ||
 	     (flags & TH_RST)))
 		len = 0;
+
+	/* Without fast-open there should never be data sent on a SYN. */
+	if ((flags & TH_SYN) && !(tp->t_flags & TF_FASTOPEN)) {
+		len = 0;
+	}
+
 	if (len <= 0) {
 		/*
 		 * If FIN has been sent but not acked,