From owner-p4-projects@FreeBSD.ORG Sun Jun 21 20:31:43 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 4B48C10656AD; Sun, 21 Jun 2009 20:31:43 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E613B10656A8 for ; Sun, 21 Jun 2009 20:31:42 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id D2E318FC1B for ; Sun, 21 Jun 2009 20:31:42 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5LKVgBp064953 for ; Sun, 21 Jun 2009 20:31:42 GMT (envelope-from andre@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5LKVgQA064951 for perforce@freebsd.org; Sun, 21 Jun 2009 20:31:42 GMT (envelope-from andre@freebsd.org) Date: Sun, 21 Jun 2009 20:31:42 GMT Message-Id: <200906212031.n5LKVgQA064951@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to andre@freebsd.org using -f From: Andre Oppermann To: Perforce Change Reviews Cc: Subject: PERFORCE change 164829 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Jun 2009 20:31:45 -0000 http://perforce.freebsd.org/chv.cgi?CH=164829 Change 164829 by andre@andre_t61 on 2009/06/21 20:31:09 Merge in some fixes to head after the branch point of tcp_new: svn r178862 jhb Always bump tcpstat.tcps_badrst if we get a RST for a connection in the syncache that has an invalid SEQ instead of only doing it when we suceed in mallocing space for the log message. svn r179832 ups Fix a check in SYN cache expansion (syncache_expand()) to accept packets that arrive in the receive window instead of just on the left edge of the receive window. This is needed for correct behavior when packets are lost or reordered. svn r179833 ups Change incorrect stale cookie detection in syncookie_lookup() that prematurely declared a cookie as expired. Affected files ... .. //depot/projects/tcp_new/netinet/tcp_syncache.c#2 edit Differences ... ==== //depot/projects/tcp_new/netinet/tcp_syncache.c#2 (text+ko) ==== @@ -567,10 +567,11 @@ "connection attempt aborted by remote endpoint\n", s, __func__); tcpstat.tcps_sc_reset++; - } else if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { - log(LOG_DEBUG, "%s; %s: RST with invalid SEQ %u != IRS %u " - "(+WND %u), segment ignored\n", - s, __func__, th->th_seq, sc->sc_irs, sc->sc_wnd); + } else { + if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { + log(LOG_DEBUG, "%s; %s: RST with invalid SEQ %u != " + "IRS %u (+WND %u), segment ignored\n", + s, __func__, th->th_seq, sc->sc_irs, sc->sc_wnd); tcpstat.tcps_badrst++; } @@ -902,12 +903,14 @@ "rejected\n", s, __func__, th->th_ack, sc->sc_iss); goto failed; } + /* - * The SEQ must match the received initial receive sequence - * number + 1 (the SYN) because we didn't ACK any data that - * may have come with the SYN. + * The SEQ must fall in the window starting at the received + * initial receive sequence number + 1 (the SYN). */ - if (th->th_seq != sc->sc_irs + 1 && !TOEPCB_ISSET(sc)) { + if ((SEQ_LEQ(th->th_seq, sc->sc_irs) || + SEQ_GT(th->th_seq, sc->sc_irs + sc->sc_wnd) && + !TOEPCB_ISSET(sc)) { if ((s = tcp_log_addrs(inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: SEQ %u != IRS+1 %u, segment " "rejected\n", s, __func__, th->th_seq, sc->sc_irs); @@ -1607,7 +1610,7 @@ * The secret wasn't updated for the lifetime of a syncookie, * so this SYN-ACK/ACK is either too old (replay) or totally bogus. */ - if (sch->sch_reseed < time_uptime) { + if (sch->sch_reseed + SYNCOOKIE_LIFETIME < time_uptime) { return (NULL); }