Date: Sun, 21 Jun 2009 20:31:42 GMT From: Andre Oppermann <andre@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 164829 for review Message-ID: <200906212031.n5LKVgQA064951@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=164829 Change 164829 by andre@andre_t61 on 2009/06/21 20:31:09 Merge in some fixes to head after the branch point of tcp_new: svn r178862 jhb Always bump tcpstat.tcps_badrst if we get a RST for a connection in the syncache that has an invalid SEQ instead of only doing it when we suceed in mallocing space for the log message. svn r179832 ups Fix a check in SYN cache expansion (syncache_expand()) to accept packets that arrive in the receive window instead of just on the left edge of the receive window. This is needed for correct behavior when packets are lost or reordered. svn r179833 ups Change incorrect stale cookie detection in syncookie_lookup() that prematurely declared a cookie as expired. Affected files ... .. //depot/projects/tcp_new/netinet/tcp_syncache.c#2 edit Differences ... ==== //depot/projects/tcp_new/netinet/tcp_syncache.c#2 (text+ko) ==== @@ -567,10 +567,11 @@ "connection attempt aborted by remote endpoint\n", s, __func__); tcpstat.tcps_sc_reset++; - } else if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { - log(LOG_DEBUG, "%s; %s: RST with invalid SEQ %u != IRS %u " - "(+WND %u), segment ignored\n", - s, __func__, th->th_seq, sc->sc_irs, sc->sc_wnd); + } else { + if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { + log(LOG_DEBUG, "%s; %s: RST with invalid SEQ %u != " + "IRS %u (+WND %u), segment ignored\n", + s, __func__, th->th_seq, sc->sc_irs, sc->sc_wnd); tcpstat.tcps_badrst++; } @@ -902,12 +903,14 @@ "rejected\n", s, __func__, th->th_ack, sc->sc_iss); goto failed; } + /* - * The SEQ must match the received initial receive sequence - * number + 1 (the SYN) because we didn't ACK any data that - * may have come with the SYN. + * The SEQ must fall in the window starting at the received + * initial receive sequence number + 1 (the SYN). */ - if (th->th_seq != sc->sc_irs + 1 && !TOEPCB_ISSET(sc)) { + if ((SEQ_LEQ(th->th_seq, sc->sc_irs) || + SEQ_GT(th->th_seq, sc->sc_irs + sc->sc_wnd) && + !TOEPCB_ISSET(sc)) { if ((s = tcp_log_addrs(inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: SEQ %u != IRS+1 %u, segment " "rejected\n", s, __func__, th->th_seq, sc->sc_irs); @@ -1607,7 +1610,7 @@ * The secret wasn't updated for the lifetime of a syncookie, * so this SYN-ACK/ACK is either too old (replay) or totally bogus. */ - if (sch->sch_reseed < time_uptime) { + if (sch->sch_reseed + SYNCOOKIE_LIFETIME < time_uptime) { return (NULL); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906212031.n5LKVgQA064951>