Date: Wed, 1 Oct 2025 19:17:32 GMT From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 3034fa3d4321 - main - tcp: cleanup syncache_expand() Message-ID: <202510011917.591JHW5u019837@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=3034fa3d4321fdc487428c9050711de9ce234567 commit 3034fa3d4321fdc487428c9050711de9ce234567 Author: Michael Tuexen <tuexen@FreeBSD.org> AuthorDate: 2025-10-01 19:14:23 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2025-10-01 19:14:23 +0000 tcp: cleanup syncache_expand() Only validate SEG.SEQ and SEG.ACK when processing a real SYN-cache entry. In the SYN-cookie case, these conditions are always true, since the SYN-cache entry on the stack is constructed from the incoming TCP segment. While there, fix the logging messages. Reviewed by: Nick Banks MFC after: 3 days Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52816 --- sys/netinet/tcp_syncache.c | 52 ++++++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 72e9dccea9a5..518cef66e7fa 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1260,6 +1260,35 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, return (-1); /* Do not send RST */ } } + + /* + * SEG.ACK validation: + * SEG.ACK must match our initial send sequence number + 1. + */ + if (th->th_ack != sc->sc_iss + 1) { + SCH_UNLOCK(sch); + if ((s = tcp_log_addrs(inc, th, NULL, NULL))) + log(LOG_DEBUG, "%s; %s: ACK %u != ISS+1 %u, " + "segment rejected\n", + s, __func__, th->th_ack, sc->sc_iss + 1); + goto failed; + } + + /* + * SEG.SEQ validation: + * The SEG.SEQ must be in the window starting at our + * initial receive sequence number + 1. + */ + if (SEQ_LEQ(th->th_seq, sc->sc_irs) || + SEQ_GT(th->th_seq, sc->sc_irs + sc->sc_wnd)) { + SCH_UNLOCK(sch); + if ((s = tcp_log_addrs(inc, th, NULL, NULL))) + log(LOG_DEBUG, "%s; %s: SEQ %u != IRS+1 %u, " + "segment rejected\n", + s, __func__, th->th_seq, sc->sc_irs + 1); + goto failed; + } + TAILQ_REMOVE(&sch->sch_bucket, sc, sc_hash); sch->sch_length--; #ifdef TCP_OFFLOAD @@ -1272,29 +1301,6 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, SCH_UNLOCK(sch); } - /* - * Segment validation: - * ACK must match our initial sequence number + 1 (the SYN|ACK). - */ - if (th->th_ack != sc->sc_iss + 1) { - if ((s = tcp_log_addrs(inc, th, NULL, NULL))) - log(LOG_DEBUG, "%s; %s: ACK %u != ISS+1 %u, segment " - "rejected\n", s, __func__, th->th_ack, sc->sc_iss); - goto failed; - } - - /* - * The SEQ must fall in the window starting at the received - * initial receive sequence number + 1 (the SYN). - */ - if (SEQ_LEQ(th->th_seq, sc->sc_irs) || - SEQ_GT(th->th_seq, sc->sc_irs + sc->sc_wnd)) { - if ((s = tcp_log_addrs(inc, th, NULL, NULL))) - log(LOG_DEBUG, "%s; %s: SEQ %u != IRS+1 %u, segment " - "rejected\n", s, __func__, th->th_seq, sc->sc_irs); - goto failed; - } - *lsop = syncache_socket(sc, *lsop, m); if (__predict_false(*lsop == NULL)) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202510011917.591JHW5u019837>