From owner-svn-src-stable@freebsd.org  Sat May  4 09:07:55 2019
Return-Path: <owner-svn-src-stable@freebsd.org>
Delivered-To: svn-src-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1148B158757F;
 Sat,  4 May 2019 09:07:55 +0000 (UTC)
 (envelope-from tuexen@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9C117801CF;
 Sat,  4 May 2019 09:07:54 +0000 (UTC)
 (envelope-from tuexen@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 712506295;
 Sat,  4 May 2019 09:07:54 +0000 (UTC)
 (envelope-from tuexen@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x4497s4m065223;
 Sat, 4 May 2019 09:07:54 GMT (envelope-from tuexen@FreeBSD.org)
Received: (from tuexen@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x4497seb065221;
 Sat, 4 May 2019 09:07:54 GMT (envelope-from tuexen@FreeBSD.org)
Message-Id: <201905040907.x4497seb065221@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: tuexen set sender to
 tuexen@FreeBSD.org using -f
From: Michael Tuexen <tuexen@FreeBSD.org>
Date: Sat, 4 May 2019 09:07:54 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject: svn commit: r347081 - in stable/12/sys/netinet: . tcp_stacks
X-SVN-Group: stable-12
X-SVN-Commit-Author: tuexen
X-SVN-Commit-Paths: in stable/12/sys/netinet: . tcp_stacks
X-SVN-Commit-Revision: 347081
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 9C117801CF
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.95 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_SHORT(-0.95)[-0.953,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
 NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
 <svn-src-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable>, 
 <mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable/>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
 <mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 04 May 2019 09:07:55 -0000

Author: tuexen
Date: Sat May  4 09:07:53 2019
New Revision: 347081
URL: https://svnweb.freebsd.org/changeset/base/347081

Log:
  MFC r343525:
  Fix the detection of ECN-setup SYN-ACK packets.
  
  RFC 3168 defines an ECN-setup SYN-ACK packet as on with the ECE flags
  set and the CWR flags not set. The code was only checking if ECE flag
  is set. This patch adds the check to verify that the CWR flags is not
  set.
  
  Submitted by:		Richard Scheffenegger
  Reviewed by:		tuexen@
  Differential Revision:	https://reviews.freebsd.org/D18996

Modified:
  stable/12/sys/netinet/tcp_input.c
  stable/12/sys/netinet/tcp_stacks/rack.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/netinet/tcp_input.c
==============================================================================
--- stable/12/sys/netinet/tcp_input.c	Sat May  4 09:01:56 2019	(r347080)
+++ stable/12/sys/netinet/tcp_input.c	Sat May  4 09:07:53 2019	(r347081)
@@ -2027,7 +2027,8 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, stru
 			else
 				tp->t_flags |= TF_ACKNOW;
 
-			if ((thflags & TH_ECE) && V_tcp_do_ecn) {
+			if (((thflags & (TH_CWR | TH_ECE)) == TH_ECE) &&
+			    V_tcp_do_ecn) {
 				tp->t_flags |= TF_ECN_PERMIT;
 				TCPSTAT_INC(tcps_ecn_shs);
 			}

Modified: stable/12/sys/netinet/tcp_stacks/rack.c
==============================================================================
--- stable/12/sys/netinet/tcp_stacks/rack.c	Sat May  4 09:01:56 2019	(r347080)
+++ stable/12/sys/netinet/tcp_stacks/rack.c	Sat May  4 09:07:53 2019	(r347081)
@@ -5245,7 +5245,8 @@ rack_do_syn_sent(struct mbuf *m, struct tcphdr *th, st
 			tp->t_flags |= TF_ACKNOW;
 		}
 
-		if ((thflags & TH_ECE) && V_tcp_do_ecn) {
+		if (((thflags & (TH_CWR | TH_ECE)) == TH_ECE) &&
+		    V_tcp_do_ecn) {
 			tp->t_flags |= TF_ECN_PERMIT;
 			TCPSTAT_INC(tcps_ecn_shs);
 		}