Date: Mon, 6 Oct 2025 20:43:26 GMT From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 8af2f06a99b1 - main - tcp: improve SEG.ACK validation in SYN-RECEIVED Message-ID: <202510062043.596KhQcu050882@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=8af2f06a99b10c0d3ab9021949e750852662672a commit 8af2f06a99b10c0d3ab9021949e750852662672a Author: Michael Tuexen <tuexen@FreeBSD.org> AuthorDate: 2025-10-06 20:39:31 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2025-10-06 20:43:11 +0000 tcp: improve SEG.ACK validation in SYN-RECEIVED According to the fifth step in SEGMENT ARRIVES, send a RST segment in response to an ACK segment which fails the SEG.ACK check, but leave the endpoint state unchanged. FreeBSD handles this correctly when entering the SYN-RECEIVED state via the SYN-SENT state, but not in the SYN-cache code, which handles the SYN-RECEIVED state via the LISTEN state. This also fixes a panic reported by Alexander Leidinger. Reviewed by: jtl, glebius MFC after: 3 days Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52934 --- sys/netinet/tcp_syncache.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 2bb99596f965..1fb6104a2944 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1285,7 +1285,8 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, "segment rejected\n", s, __func__, th->th_ack, sc->sc_iss + 1); SCH_UNLOCK(sch); - goto failed; + free(s, M_TCPLOG); + return (0); /* Do send RST, do not free sc. */; } TAILQ_REMOVE(&sch->sch_bucket, sc, sc_hash);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202510062043.596KhQcu050882>