Author: tuexen Date: Thu May 30 13:51:11 2019 New Revision: 348415 URL: https://svnweb.freebsd.org/changeset/base/348415
Log: MFC r348290: When an ACK segment as the third message of the three way handshake is received and support for time stamps was negotiated in the SYN/SYNACK exchange, perform the PAWS check and only expand the syn cache entry if the check is passed. Without this check, endpoints may get stuck on the incomplete queue. Reviewed by: jtl@ Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D20374 Modified: stable/12/sys/netinet/tcp_syncache.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netinet/tcp_syncache.c ============================================================================== --- stable/12/sys/netinet/tcp_syncache.c Thu May 30 13:50:45 2019 (r348414) +++ stable/12/sys/netinet/tcp_syncache.c Thu May 30 13:51:11 2019 (r348415) @@ -1139,6 +1139,28 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt } } #endif /* TCP_SIGNATURE */ + + /* + * RFC 7323 PAWS: If we have a timestamp on this segment and + * it's less than ts_recent, drop it. + * XXXMT: RFC 7323 also requires to send an ACK. + * In tcp_input.c this is only done for TCP segments + * with user data, so be consistent here and just drop + * the segment. + */ + if (sc->sc_flags & SCF_TIMESTAMP && to->to_flags & TOF_TS && + TSTMP_LT(to->to_tsval, sc->sc_tsreflect)) { + SCH_UNLOCK(sch); + if ((s = tcp_log_addrs(inc, th, NULL, NULL))) { + log(LOG_DEBUG, + "%s; %s: SEG.TSval %u < TS.Recent %u, " + "segment dropped\n", s, __func__, + to->to_tsval, sc->sc_tsreflect); + free(s, M_TCPLOG); + } + return (-1); /* Do not send RST */ + } + /* * Pull out the entry to unlock the bucket row. * _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
