git: f8b5681094dd - main - tcp: honor drop_synfin sysctl variable in TIME-WAIT
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 03 Oct 2022 11:38:06 UTC
The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=f8b5681094dd752604bfa0603ba0be2873698f46 commit f8b5681094dd752604bfa0603ba0be2873698f46 Author: Michael Tuexen <tuexen@FreeBSD.org> AuthorDate: 2022-10-03 10:48:30 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2022-10-03 10:48:30 +0000 tcp: honor drop_synfin sysctl variable in TIME-WAIT Reviewed by: rrs@ MFC after: 1 week Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D36862 --- sys/netinet/tcp_timewait.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index 2ea57e0b3397..ad97e2d3bed6 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -50,9 +50,7 @@ __FBSDID("$FreeBSD$"); #include <sys/proc.h> #include <sys/socket.h> #include <sys/socketvar.h> -#ifndef INVARIANTS #include <sys/syslog.h> -#endif #include <sys/protosw.h> #include <sys/random.h> @@ -389,6 +387,7 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th, struct mbuf *m, int tlen) { struct tcptw *tw; + char *s; int thflags; tcp_seq seq; @@ -447,6 +446,17 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th, */ #endif + /* Honor the drop_synfin sysctl variable. */ + if ((thflags & TH_SYN) && (thflags & TH_FIN) && V_drop_synfin) { + if ((s = tcp_log_addrs(&inp->inp_inc, th, NULL, NULL))) { + log(LOG_DEBUG, "%s; %s: " + "SYN|FIN segment ignored (based on " + "sysctl setting)\n", s, __func__); + free(s, M_TCPLOG); + } + goto drop; + } + /* * If a new connection request is received * while in TIME_WAIT, drop the old connection