Date: Sun, 5 Oct 2025 13:25:03 GMT From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: b0501abb4cfb - stable/14 - tcp: cleanup syncache_expand() Message-ID: <202510051325.595DP3pI094058@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=b0501abb4cfb8ffee7a7245ca197d290df912e22 commit b0501abb4cfb8ffee7a7245ca197d290df912e22 Author: Michael Tuexen <tuexen@FreeBSD.org> AuthorDate: 2025-10-01 19:14:23 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2025-10-05 13:24:37 +0000 tcp: cleanup syncache_expand() Only validate SEG.SEQ and SEG.ACK when processing a real SYN-cache entry. In the SYN-cookie case, these conditions are always true, since the SYN-cache entry on the stack is constructed from the incoming TCP segment. While there, fix the logging messages. Reviewed by: Nick Banks Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52816 (cherry picked from commit 3034fa3d4321fdc487428c9050711de9ce234567) --- sys/netinet/tcp_syncache.c | 52 ++++++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index ce2ab29f4008..4ab0d251698c 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1264,6 +1264,35 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, return (-1); /* Do not send RST */ } } + + /* + * SEG.ACK validation: + * SEG.ACK must match our initial send sequence number + 1. + */ + if (th->th_ack != sc->sc_iss + 1) { + SCH_UNLOCK(sch); + if ((s = tcp_log_addrs(inc, th, NULL, NULL))) + log(LOG_DEBUG, "%s; %s: ACK %u != ISS+1 %u, " + "segment rejected\n", + s, __func__, th->th_ack, sc->sc_iss + 1); + goto failed; + } + + /* + * SEG.SEQ validation: + * The SEG.SEQ must be in the window starting at our + * initial receive sequence number + 1. + */ + if (SEQ_LEQ(th->th_seq, sc->sc_irs) || + SEQ_GT(th->th_seq, sc->sc_irs + sc->sc_wnd)) { + SCH_UNLOCK(sch); + if ((s = tcp_log_addrs(inc, th, NULL, NULL))) + log(LOG_DEBUG, "%s; %s: SEQ %u != IRS+1 %u, " + "segment rejected\n", + s, __func__, th->th_seq, sc->sc_irs + 1); + goto failed; + } + TAILQ_REMOVE(&sch->sch_bucket, sc, sc_hash); sch->sch_length--; #ifdef TCP_OFFLOAD @@ -1276,29 +1305,6 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, SCH_UNLOCK(sch); } - /* - * Segment validation: - * ACK must match our initial sequence number + 1 (the SYN|ACK). - */ - if (th->th_ack != sc->sc_iss + 1) { - if ((s = tcp_log_addrs(inc, th, NULL, NULL))) - log(LOG_DEBUG, "%s; %s: ACK %u != ISS+1 %u, segment " - "rejected\n", s, __func__, th->th_ack, sc->sc_iss); - goto failed; - } - - /* - * The SEQ must fall in the window starting at the received - * initial receive sequence number + 1 (the SYN). - */ - if (SEQ_LEQ(th->th_seq, sc->sc_irs) || - SEQ_GT(th->th_seq, sc->sc_irs + sc->sc_wnd)) { - if ((s = tcp_log_addrs(inc, th, NULL, NULL))) - log(LOG_DEBUG, "%s; %s: SEQ %u != IRS+1 %u, segment " - "rejected\n", s, __func__, th->th_seq, sc->sc_irs); - goto failed; - } - *lsop = syncache_socket(sc, *lsop, m); if (__predict_false(*lsop == NULL)) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202510051325.595DP3pI094058>