git: b7b48ba8420f - stable/14 - tcp: keep SYN-cache entry when sending of challenge ACK fails

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Michael Tuexen <tuexen_at_FreeBSD.org>
Date: Sun, 05 Oct 2025 13:20:14 UTC
The branch stable/14 has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=b7b48ba8420f6203ac7165b6b07c62929bb759e8

commit b7b48ba8420f6203ac7165b6b07c62929bb759e8
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2025-10-02 06:57:14 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2025-10-05 13:19:37 +0000

    tcp: keep SYN-cache entry when sending of challenge ACK fails
    
    Don't drop a SYN-cache entry just because a challenge ACK couldn't
    be sent. This might only be a temporary failure.
    
    Reviewed by:            Nick Banks, glebius, jtl
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D52840
    
    (cherry picked from commit 7841b44f8491d69c75207d0f3a1eb34501d99edd)
---
 sys/netinet/tcp_syncache.c | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index 012240f46ffb..ce2ab29f4008 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -130,7 +130,7 @@ static void	 syncache_drop(struct syncache *, struct syncache_head *);
 static void	 syncache_free(struct syncache *);
 static void	 syncache_insert(struct syncache *, struct syncache_head *);
 static int	 syncache_respond(struct syncache *, const struct mbuf *, int);
-static int	 syncache_send_challenge_ack(struct syncache *, struct mbuf *);
+static void	 syncache_send_challenge_ack(struct syncache *, struct mbuf *);
 static struct	 socket *syncache_socket(struct syncache *, struct socket *,
 		    struct mbuf *m);
 static void	 syncache_timeout(struct syncache *sc, struct syncache_head *sch,
@@ -703,10 +703,7 @@ syncache_chkrst(struct in_conninfo *inc, struct tcphdr *th, struct mbuf *m,
 				    "sending challenge ACK\n",
 				    s, __func__,
 				    th->th_seq, sc->sc_irs + 1, sc->sc_wnd);
-			if (syncache_send_challenge_ack(sc, m) != 0) {
-				syncache_drop(sc, sch);
-				TCPSTAT_INC(tcps_sc_dropped);
-			}
+			syncache_send_challenge_ack(sc, m);
 		}
 	} else {
 		if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
@@ -2062,22 +2059,16 @@ syncache_respond(struct syncache *sc, const struct mbuf *m0, int flags)
 	return (error);
 }
 
-static int
+static void
 syncache_send_challenge_ack(struct syncache *sc, struct mbuf *m)
 {
-	int error;
-
 	if (tcp_challenge_ack_check(&sc->sc_challenge_ack_end,
 	    &sc->sc_challenge_ack_cnt)) {
-		error = syncache_respond(sc, m, TH_ACK);
-		if (error == 0) {
+		if (syncache_respond(sc, m, TH_ACK) == 0) {
 			TCPSTAT_INC(tcps_sndacks);
 			TCPSTAT_INC(tcps_sndtotal);
 		}
-	} else {
-		error = 0;
 	}
-	return (error);
 }
 
 /*