git: 8af2f06a99b1 - main - tcp: improve SEG.ACK validation in SYN-RECEIVED
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 06 Oct 2025 20:43:26 UTC
The branch main has been updated by tuexen:
URL: https://cgit.FreeBSD.org/src/commit/?id=8af2f06a99b10c0d3ab9021949e750852662672a
commit 8af2f06a99b10c0d3ab9021949e750852662672a
Author: Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2025-10-06 20:39:31 +0000
Commit: Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2025-10-06 20:43:11 +0000
tcp: improve SEG.ACK validation in SYN-RECEIVED
According to the fifth step in SEGMENT ARRIVES, send a RST segment in
response to an ACK segment which fails the SEG.ACK check, but leave
the endpoint state unchanged.
FreeBSD handles this correctly when entering the SYN-RECEIVED state via
the SYN-SENT state, but not in the SYN-cache code, which handles the
SYN-RECEIVED state via the LISTEN state.
This also fixes a panic reported by Alexander Leidinger.
Reviewed by: jtl, glebius
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D52934
---
sys/netinet/tcp_syncache.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index 2bb99596f965..1fb6104a2944 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -1285,7 +1285,8 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
"segment rejected\n",
s, __func__, th->th_ack, sc->sc_iss + 1);
SCH_UNLOCK(sch);
- goto failed;
+ free(s, M_TCPLOG);
+ return (0); /* Do send RST, do not free sc. */;
}
TAILQ_REMOVE(&sch->sch_bucket, sc, sc_hash);