diff options
Diffstat (limited to 'freebsd/sys/netinet/tcp_syncache.c')
-rw-r--r-- | freebsd/sys/netinet/tcp_syncache.c | 51 |
1 files changed, 35 insertions, 16 deletions
diff --git a/freebsd/sys/netinet/tcp_syncache.c b/freebsd/sys/netinet/tcp_syncache.c index d7da3a01..453d5ba4 100644 --- a/freebsd/sys/netinet/tcp_syncache.c +++ b/freebsd/sys/netinet/tcp_syncache.c @@ -928,8 +928,6 @@ syncache_socket(struct syncache *sc, struct socket *lso, struct mbuf *m) tp->t_keepcnt = sototcpcb(lso)->t_keepcnt; tcp_timer_activate(tp, TT_KEEP, TP_KEEPINIT(tp)); - soisconnected(so); - TCPSTAT_INC(tcps_accepts); return (so); @@ -1081,10 +1079,17 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, } /* - * If timestamps were negotiated the reflected timestamp - * must be equal to what we actually sent in the SYN|ACK. + * If timestamps were negotiated, the reflected timestamp + * must be equal to what we actually sent in the SYN|ACK + * except in the case of 0. Some boxes are known for sending + * broken timestamp replies during the 3whs (and potentially + * during the connection also). + * + * Accept the final ACK of 3whs with reflected timestamp of 0 + * instead of sending a RST and deleting the syncache entry. */ - if ((to->to_flags & TOF_TS) && to->to_tsecr != sc->sc_ts) { + if ((to->to_flags & TOF_TS) && to->to_tsecr && + to->to_tsecr != sc->sc_ts) { if ((s = tcp_log_addrs(inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: TSECR %u != TS %u, " "segment rejected\n", @@ -1159,11 +1164,10 @@ syncache_tfo_expand(struct syncache *sc, struct socket **lsop, struct mbuf *m, * the data, we avoid this DoS scenario. * * The exception to the above is when a SYN with a valid TCP Fast Open (TFO) - * cookie is processed, V_tcp_fastopen_enabled set to true, and the - * TCP_FASTOPEN socket option is set. In this case, a new socket is created - * and returned via lsop, the mbuf is not freed so that tcp_input() can - * queue its data to the socket, and 1 is returned to indicate the - * TFO-socket-creation path was taken. + * cookie is processed and a new socket is created. In this case, any data + * accompanying the SYN will be queued to the socket by tcp_input() and will + * be ACKed either when the application sends response data or the delayed + * ACK timer expires, whichever comes first. */ int syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, @@ -1189,6 +1193,7 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, struct ucred *cred; #ifdef TCP_RFC7413 uint64_t tfo_response_cookie; + unsigned int *tfo_pending = NULL; int tfo_cookie_valid = 0; int tfo_response_cookie_valid = 0; #endif @@ -1217,7 +1222,7 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, ltflags = (tp->t_flags & (TF_NOOPT | TF_SIGNATURE)); #ifdef TCP_RFC7413 - if (V_tcp_fastopen_enabled && (tp->t_flags & TF_FASTOPEN) && + if (V_tcp_fastopen_enabled && IS_FASTOPEN(tp->t_flags) && (tp->t_tfo_pending != NULL) && (to->to_flags & TOF_FASTOPEN)) { /* * Limit the number of pending TFO connections to @@ -1234,8 +1239,13 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, &tfo_response_cookie); tfo_cookie_valid = (result > 0); tfo_response_cookie_valid = (result >= 0); - } else - atomic_subtract_int(tp->t_tfo_pending, 1); + } + + /* + * Remember the TFO pending counter as it will have to be + * decremented below if we don't make it to syncache_tfo_expand(). + */ + tfo_pending = tp->t_tfo_pending; } #endif @@ -1476,9 +1486,9 @@ skip_alloc: #ifdef TCP_RFC7413 if (tfo_cookie_valid) { syncache_tfo_expand(sc, lsop, m, tfo_response_cookie); - /* INP_WUNLOCK(inp) will be performed by the called */ + /* INP_WUNLOCK(inp) will be performed by the caller */ rv = 1; - goto tfo_done; + goto tfo_expanded; } #endif @@ -1504,7 +1514,16 @@ done: m_freem(m); } #ifdef TCP_RFC7413 -tfo_done: + /* + * If tfo_pending is not NULL here, then a TFO SYN that did not + * result in a new socket was processed and the associated pending + * counter has not yet been decremented. All such TFO processing paths + * transit this point. + */ + if (tfo_pending != NULL) + tcp_fastopen_decrement_counter(tfo_pending); + +tfo_expanded: #endif if (cred != NULL) crfree(cred); |