diff options
| author | Michael Tuexen <tuexen@FreeBSD.org> | 2025-10-02 14:51:09 +0000 |
|---|---|---|
| committer | Michael Tuexen <tuexen@FreeBSD.org> | 2025-10-05 13:25:35 +0000 |
| commit | a7dcd4c2a9fb35cac756db04326827efbaa4589b (patch) | |
| tree | 32aed1090437540471e9ddd33382d16d5eb09c81 /sys/netinet | |
| parent | b0501abb4cfb8ffee7a7245ca197d290df912e22 (diff) | |
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/tcp_syncache.c | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 4ab0d251698c..ee3b9b4994c9 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1266,30 +1266,32 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, } /* - * SEG.ACK validation: - * SEG.ACK must match our initial send sequence number + 1. - */ - if (th->th_ack != sc->sc_iss + 1) { - SCH_UNLOCK(sch); - if ((s = tcp_log_addrs(inc, th, NULL, NULL))) - log(LOG_DEBUG, "%s; %s: ACK %u != ISS+1 %u, " - "segment rejected\n", - s, __func__, th->th_ack, sc->sc_iss + 1); - goto failed; - } - - /* * SEG.SEQ validation: * The SEG.SEQ must be in the window starting at our * initial receive sequence number + 1. */ if (SEQ_LEQ(th->th_seq, sc->sc_irs) || SEQ_GT(th->th_seq, sc->sc_irs + sc->sc_wnd)) { - SCH_UNLOCK(sch); if ((s = tcp_log_addrs(inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: SEQ %u != IRS+1 %u, " - "segment rejected\n", + "sending challenge ACK\n", s, __func__, th->th_seq, sc->sc_irs + 1); + syncache_send_challenge_ack(sc, m); + SCH_UNLOCK(sch); + free(s, M_TCPLOG); + return (-1); /* Do not send RST */; + } + + /* + * SEG.ACK validation: + * SEG.ACK must match our initial send sequence number + 1. + */ + if (th->th_ack != sc->sc_iss + 1) { + SCH_UNLOCK(sch); + if ((s = tcp_log_addrs(inc, th, NULL, NULL))) + log(LOG_DEBUG, "%s; %s: ACK %u != ISS+1 %u, " + "segment rejected\n", + s, __func__, th->th_ack, sc->sc_iss + 1); goto failed; } |