CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2025/02/10 08:06:57
Modified files:
sys/netinet : tcp_input.c
Log message:
Fix TCP maximum segment size with IPsec.
When IPsec is used, if_get(m->m_pkthdr.ph_ifidx) returns enc0. Its
if_mtu is 0 which results in negative mss. After fixing a signed
integer comparison bug with imax(), tcp_mss_adv() used mssdflt,
which is 512. So the TCP SYN cache sent packets with a small maximum
TCP segment number.
The underlying problem is, that SYN cache used the incoming interface
m->m_pkthdr.ph_ifidx for the outgoing MTU. The correct way is to
use the route of the destination address like tcp_mss() does it.
The SYN cache has a struct route which can be used. An additional
route lookup does not happen as the route is cached and will
be reused by ip_output().
OK mvs@
