git: 1728dae25358 - stable/14 - tcp: improve SEG.ACK validation in SYN-RECEIVED
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 09 Oct 2025 07:54:35 UTC
The branch stable/14 has been updated by tuexen:
URL: https://cgit.FreeBSD.org/src/commit/?id=1728dae2535836111ebb65dd4e8a6c7cba29254d
commit 1728dae2535836111ebb65dd4e8a6c7cba29254d
Author: Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2025-10-06 20:39:31 +0000
Commit: Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2025-10-09 07:54:13 +0000
tcp: improve SEG.ACK validation in SYN-RECEIVED
According to the fifth step in SEGMENT ARRIVES, send a RST segment in
response to an ACK segment which fails the SEG.ACK check, but leave
the endpoint state unchanged.
FreeBSD handles this correctly when entering the SYN-RECEIVED state via
the SYN-SENT state, but not in the SYN-cache code, which handles the
SYN-RECEIVED state via the LISTEN state.
This also fixes a panic reported by Alexander Leidinger.
Reviewed by: jtl, glebius
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D52934
(cherry picked from commit 8af2f06a99b10c0d3ab9021949e750852662672a)
---
sys/netinet/tcp_syncache.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index 4e747d3dcf61..d36abc9f9815 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -1292,7 +1292,8 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
"segment rejected\n",
s, __func__, th->th_ack, sc->sc_iss + 1);
SCH_UNLOCK(sch);
- goto failed;
+ free(s, M_TCPLOG);
+ return (0); /* Do send RST, do not free sc. */;
}
TAILQ_REMOVE(&sch->sch_bucket, sc, sc_hash);