Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 1 Feb 2023 23:37:51 GMT
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: e52b662a3b5f - stable/13 - tcp: honor drop_synfin sysctl variable in TIME-WAIT
Message-ID:  <202302012337.311NbpFh076707@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/13 has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=e52b662a3b5f509c3b4b6676b38beaa620b8c1a5

commit e52b662a3b5f509c3b4b6676b38beaa620b8c1a5
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2022-10-03 10:48:30 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2023-02-01 23:37:21 +0000

    tcp: honor drop_synfin sysctl variable in TIME-WAIT
    
    Reviewed by:            rrs@
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D36862
    
    (cherry picked from commit f8b5681094dd752604bfa0603ba0be2873698f46)
---
 sys/netinet/tcp_timewait.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c
index 970f46274791..f15cf6dae762 100644
--- a/sys/netinet/tcp_timewait.c
+++ b/sys/netinet/tcp_timewait.c
@@ -50,9 +50,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/proc.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
-#ifndef INVARIANTS
 #include <sys/syslog.h>
-#endif
 #include <sys/protosw.h>
 #include <sys/random.h>
 
@@ -389,6 +387,7 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th,
     struct mbuf *m, int tlen)
 {
 	struct tcptw *tw;
+	char *s;
 	int thflags;
 	tcp_seq seq;
 
@@ -439,6 +438,17 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th,
 	 */
 #endif
 
+	/* Honor the drop_synfin sysctl variable. */
+	if ((thflags & TH_SYN) && (thflags & TH_FIN) && V_drop_synfin) {
+		if ((s = tcp_log_addrs(&inp->inp_inc, th, NULL, NULL))) {
+			log(LOG_DEBUG, "%s; %s: "
+			    "SYN|FIN segment ignored (based on "
+			    "sysctl setting)\n", s, __func__);
+			free(s, M_TCPLOG);
+		}
+		goto drop;
+	}
+
 	/*
 	 * If a new connection request is received
 	 * while in TIME_WAIT, drop the old connection

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202302012337.311NbpFh076707>