From owner-svn-src-head@freebsd.org Wed Apr 26 06:20:59 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D0D95D507FA; Wed, 26 Apr 2017 06:20:59 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AD56E951; Wed, 26 Apr 2017 06:20:59 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v3Q6KwfD005066; Wed, 26 Apr 2017 06:20:58 GMT (envelope-from tuexen@FreeBSD.org) Received: (from tuexen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v3Q6Kwlb005064; Wed, 26 Apr 2017 06:20:58 GMT (envelope-from tuexen@FreeBSD.org) Message-Id: <201704260620.v3Q6Kwlb005064@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tuexen set sender to tuexen@FreeBSD.org using -f From: Michael Tuexen Date: Wed, 26 Apr 2017 06:20:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r317435 - in head/sys/netinet: . tcp_stacks X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 06:20:59 -0000 Author: tuexen Date: Wed Apr 26 06:20:58 2017 New Revision: 317435 URL: https://svnweb.freebsd.org/changeset/base/317435 Log: When a SYN-ACK is received in SYN-SENT state, RFC 793 requires the validation of SEG.ACK as the first step. If the ACK is not acceptable, a RST segment should be sent and the segment should be dropped. Up to now, the segment was partially processed. This patch moves the check for the SEG.ACK validation up to the front as required. Reviewed by: hiren, gnn MFC after: 1 week Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D10424 Modified: head/sys/netinet/tcp_input.c head/sys/netinet/tcp_stacks/fastpath.c Modified: head/sys/netinet/tcp_input.c ============================================================================== --- head/sys/netinet/tcp_input.c Wed Apr 26 02:37:25 2017 (r317434) +++ head/sys/netinet/tcp_input.c Wed Apr 26 06:20:58 2017 (r317435) @@ -1624,6 +1624,16 @@ tcp_do_segment(struct mbuf *m, struct tc } /* + * If a segment with the ACK-bit set arrives in the SYN-SENT state + * check SEQ.ACK first. + */ + if ((tp->t_state == TCPS_SYN_SENT) && (thflags & TH_ACK) && + (SEQ_LEQ(th->th_ack, tp->iss) || SEQ_GT(th->th_ack, tp->snd_max))) { + rstreason = BANDLIM_UNLIMITED; + goto dropwithreset; + } + + /* * Segment received on connection. * Reset idle time and keep-alive timer. * XXX: This should be done after segment @@ -2001,7 +2011,6 @@ tcp_do_segment(struct mbuf *m, struct tc /* * If the state is SYN_SENT: - * if seg contains an ACK, but not for our SYN, drop the input. * if seg contains a RST, then drop the connection. * if seg does not contain SYN, then drop it. * Otherwise this is an acceptable SYN segment @@ -2014,12 +2023,6 @@ tcp_do_segment(struct mbuf *m, struct tc * continue processing rest of data/controls, beginning with URG */ case TCPS_SYN_SENT: - if ((thflags & TH_ACK) && - (SEQ_LEQ(th->th_ack, tp->iss) || - SEQ_GT(th->th_ack, tp->snd_max))) { - rstreason = BANDLIM_UNLIMITED; - goto dropwithreset; - } if ((thflags & (TH_ACK|TH_RST)) == (TH_ACK|TH_RST)) { TCP_PROBE5(connect__refused, NULL, tp, m, tp, th); Modified: head/sys/netinet/tcp_stacks/fastpath.c ============================================================================== --- head/sys/netinet/tcp_stacks/fastpath.c Wed Apr 26 02:37:25 2017 (r317434) +++ head/sys/netinet/tcp_stacks/fastpath.c Wed Apr 26 06:20:58 2017 (r317435) @@ -497,7 +497,6 @@ tcp_do_slowpath(struct mbuf *m, struct t /* * If the state is SYN_SENT: - * if seg contains an ACK, but not for our SYN, drop the input. * if seg contains a RST, then drop the connection. * if seg does not contain SYN, then drop it. * Otherwise this is an acceptable SYN segment @@ -510,12 +509,6 @@ tcp_do_slowpath(struct mbuf *m, struct t * continue processing rest of data/controls, beginning with URG */ case TCPS_SYN_SENT: - if ((thflags & TH_ACK) && - (SEQ_LEQ(th->th_ack, tp->iss) || - SEQ_GT(th->th_ack, tp->snd_max))) { - rstreason = BANDLIM_UNLIMITED; - goto dropwithreset; - } if ((thflags & (TH_ACK|TH_RST)) == (TH_ACK|TH_RST)) { TCP_PROBE5(connect__refused, NULL, tp, m, tp, th); tp = tcp_drop(tp, ECONNREFUSED); @@ -1775,6 +1768,20 @@ tcp_do_segment_fastslow(struct mbuf *m, m_freem(m); return; } + + /* + * If a segment with the ACK-bit set arrives in the SYN-SENT state + * check SEQ.ACK first. + */ + if ((tp->t_state == TCPS_SYN_SENT) && (thflags & TH_ACK) && + (SEQ_LEQ(th->th_ack, tp->iss) || SEQ_GT(th->th_ack, tp->snd_max))) { + tcp_dropwithreset(m, th, tp, tlen, BANDLIM_UNLIMITED); + if (ti_locked == TI_RLOCKED) { + INP_INFO_RUNLOCK(&V_tcbinfo); + } + INP_WUNLOCK(tp->t_inpcb); + return; + } tp->sackhint.last_sack_ack = 0; @@ -2237,6 +2244,20 @@ tcp_do_segment_fastack(struct mbuf *m, s return; } + /* + * If a segment with the ACK-bit set arrives in the SYN-SENT state + * check SEQ.ACK first. + */ + if ((tp->t_state == TCPS_SYN_SENT) && (thflags & TH_ACK) && + (SEQ_LEQ(th->th_ack, tp->iss) || SEQ_GT(th->th_ack, tp->snd_max))) { + tcp_dropwithreset(m, th, tp, tlen, BANDLIM_UNLIMITED); + if (ti_locked == TI_RLOCKED) { + INP_INFO_RUNLOCK(&V_tcbinfo); + } + INP_WUNLOCK(tp->t_inpcb); + return; + } + tp->sackhint.last_sack_ack = 0; /*