mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-14 10:09:48 +00:00
When an ACK segment as the third message of the three way handshake is
received and support for time stamps was negotiated in the SYN/SYNACK exchange, perform the PAWS check and only expand the syn cache entry if the check is passed. Without this check, endpoints may get stuck on the incomplete queue. Reviewed by: jtl@ MFC after: 3 days Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D20374
This commit is contained in:
parent
0b30b98f26
commit
bc35229fad
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=348290
@ -1142,6 +1142,28 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
|
||||
}
|
||||
}
|
||||
#endif /* TCP_SIGNATURE */
|
||||
|
||||
/*
|
||||
* RFC 7323 PAWS: If we have a timestamp on this segment and
|
||||
* it's less than ts_recent, drop it.
|
||||
* XXXMT: RFC 7323 also requires to send an ACK.
|
||||
* In tcp_input.c this is only done for TCP segments
|
||||
* with user data, so be consistent here and just drop
|
||||
* the segment.
|
||||
*/
|
||||
if (sc->sc_flags & SCF_TIMESTAMP && to->to_flags & TOF_TS &&
|
||||
TSTMP_LT(to->to_tsval, sc->sc_tsreflect)) {
|
||||
SCH_UNLOCK(sch);
|
||||
if ((s = tcp_log_addrs(inc, th, NULL, NULL))) {
|
||||
log(LOG_DEBUG,
|
||||
"%s; %s: SEG.TSval %u < TS.Recent %u, "
|
||||
"segment dropped\n", s, __func__,
|
||||
to->to_tsval, sc->sc_tsreflect);
|
||||
free(s, M_TCPLOG);
|
||||
}
|
||||
return (-1); /* Do not send RST */
|
||||
}
|
||||
|
||||
/*
|
||||
* Pull out the entry to unlock the bucket row.
|
||||
*
|
||||
|
Loading…
Reference in New Issue
Block a user