From owner-svn-src-head@freebsd.org Wed Jun 3 14:07:32 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 53C2A338489; Wed, 3 Jun 2020 14:07:32 +0000 (UTC) (envelope-from rrs@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49cW2D1dw0z4S1R; Wed, 3 Jun 2020 14:07:32 +0000 (UTC) (envelope-from rrs@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 33828F1CC; Wed, 3 Jun 2020 14:07:32 +0000 (UTC) (envelope-from rrs@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 053E7Wov099311; Wed, 3 Jun 2020 14:07:32 GMT (envelope-from rrs@FreeBSD.org) Received: (from rrs@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 053E7Vp5099307; Wed, 3 Jun 2020 14:07:31 GMT (envelope-from rrs@FreeBSD.org) Message-Id: <202006031407.053E7Vp5099307@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rrs set sender to rrs@FreeBSD.org using -f From: Randall Stewart Date: Wed, 3 Jun 2020 14:07:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r361751 - in head/sys/netinet: . tcp_stacks X-SVN-Group: head X-SVN-Commit-Author: rrs X-SVN-Commit-Paths: in head/sys/netinet: . tcp_stacks X-SVN-Commit-Revision: 361751 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jun 2020 14:07:32 -0000 Author: rrs Date: Wed Jun 3 14:07:31 2020 New Revision: 361751 URL: https://svnweb.freebsd.org/changeset/base/361751 Log: This fixes a couple of skyzaller crashes. Most of them have to do with TFO. Even the default stack had one of the issues: 1) We need to make sure for rack that we don't advance snd_nxt beyond iss when we are not doing fast open. We otherwise can get a bunch of SYN's sent out incorrectly with the seq number advancing. 2) When we complete the 3-way handshake we should not ever append to reassembly if the tlen is 0, if TFO is enabled prior to this fix we could still call the reasemmbly. Note this effects all three stacks. 3) Rack like its cousin BBR should track if a SYN is on a send map entry. 4) Both bbr and rack need to only consider len incremented on a SYN if the starting seq is iss, otherwise we don't increment len which may mean we return without adding a sendmap entry. This work was done in collaberation with Michael Tuexen, thanks for all the testing! Sponsored by: Netflix Inc Differential Revision: https://reviews.freebsd.org/D25000 Modified: head/sys/netinet/tcp_input.c head/sys/netinet/tcp_stacks/bbr.c head/sys/netinet/tcp_stacks/rack.c head/sys/netinet/tcp_stacks/tcp_rack.h Modified: head/sys/netinet/tcp_input.c ============================================================================== --- head/sys/netinet/tcp_input.c Wed Jun 3 13:51:53 2020 (r361750) +++ head/sys/netinet/tcp_input.c Wed Jun 3 14:07:31 2020 (r361751) @@ -2989,7 +2989,7 @@ dodata: /* XXX */ */ tfo_syn = ((tp->t_state == TCPS_SYN_RECEIVED) && IS_FASTOPEN(tp->t_flags)); - if ((tlen || (thflags & TH_FIN) || tfo_syn) && + if ((tlen || (thflags & TH_FIN) || (tfo_syn && tlen > 0)) && TCPS_HAVERCVDFIN(tp->t_state) == 0) { tcp_seq save_start = th->th_seq; tcp_seq save_rnxt = tp->rcv_nxt; Modified: head/sys/netinet/tcp_stacks/bbr.c ============================================================================== --- head/sys/netinet/tcp_stacks/bbr.c Wed Jun 3 13:51:53 2020 (r361750) +++ head/sys/netinet/tcp_stacks/bbr.c Wed Jun 3 14:07:31 2020 (r361751) @@ -6028,7 +6028,7 @@ bbr_log_output(struct tcp_bbr *bbr, struct tcpcb *tp, * or FIN if seq_out is adding more on and a FIN is present * (and we are not resending). */ - if (th_flags & TH_SYN) + if ((th_flags & TH_SYN) && (tp->iss == seq_out)) len++; if (th_flags & TH_FIN) len++; @@ -8369,7 +8369,7 @@ bbr_process_data(struct mbuf *m, struct tcphdr *th, st */ tfo_syn = ((tp->t_state == TCPS_SYN_RECEIVED) && IS_FASTOPEN(tp->t_flags)); - if ((tlen || (thflags & TH_FIN) || tfo_syn) && + if ((tlen || (thflags & TH_FIN) || (tfo_syn && tlen > 0)) && TCPS_HAVERCVDFIN(tp->t_state) == 0) { tcp_seq save_start = th->th_seq; tcp_seq save_rnxt = tp->rcv_nxt; Modified: head/sys/netinet/tcp_stacks/rack.c ============================================================================== --- head/sys/netinet/tcp_stacks/rack.c Wed Jun 3 13:51:53 2020 (r361750) +++ head/sys/netinet/tcp_stacks/rack.c Wed Jun 3 14:07:31 2020 (r361751) @@ -6237,7 +6237,7 @@ rack_log_output(struct tcpcb *tp, struct tcpopt *to, i * or FIN if seq_out is adding more on and a FIN is present * (and we are not resending). */ - if (th_flags & TH_SYN) + if ((th_flags & TH_SYN) && (seq_out == tp->iss)) len++; if (th_flags & TH_FIN) len++; @@ -6280,6 +6280,7 @@ again: rsm->usec_orig_send = us_cts; if (th_flags & TH_SYN) { /* The data space is one beyond snd_una */ + rsm->r_flags |= RACK_HAS_SIN; rsm->r_start = seq_out + 1; rsm->r_end = rsm->r_start + (len - 1); } else { @@ -8724,7 +8725,7 @@ rack_process_data(struct mbuf *m, struct tcphdr *th, s */ tfo_syn = ((tp->t_state == TCPS_SYN_RECEIVED) && IS_FASTOPEN(tp->t_flags)); - if ((tlen || (thflags & TH_FIN) || tfo_syn) && + if ((tlen || (thflags & TH_FIN) || (tfo_syn && tlen > 0)) && TCPS_HAVERCVDFIN(tp->t_state) == 0) { tcp_seq save_start = th->th_seq; tcp_seq save_rnxt = tp->rcv_nxt; @@ -12563,8 +12564,10 @@ again: len = 0; } /* Without fast-open there should never be data sent on a SYN */ - if ((flags & TH_SYN) && (!IS_FASTOPEN(tp->t_flags))) + if ((flags & TH_SYN) && (!IS_FASTOPEN(tp->t_flags))) { + tp->snd_nxt = tp->iss; len = 0; + } orig_len = len; if (len <= 0) { /* Modified: head/sys/netinet/tcp_stacks/tcp_rack.h ============================================================================== --- head/sys/netinet/tcp_stacks/tcp_rack.h Wed Jun 3 13:51:53 2020 (r361750) +++ head/sys/netinet/tcp_stacks/tcp_rack.h Wed Jun 3 14:07:31 2020 (r361751) @@ -39,6 +39,7 @@ #define RACK_RWND_COLLAPSED 0x0100/* The peer collapsed the rwnd on the segment */ #define RACK_APP_LIMITED 0x0200/* We went app limited after this send */ #define RACK_WAS_ACKED 0x0400/* a RTO undid the ack, but it already had a rtt calc done */ +#define RACK_HAS_SIN 0x0800/* SIN is on this guy */ #define RACK_NUM_OF_RETRANS 3 #define RACK_INITIAL_RTO 1000 /* 1 second in milli seconds */