From nobody Thu Oct 31 16:37:10 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XfV5L52PLz5c0pw;
	Thu, 31 Oct 2024 16:37:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XfV5L478Pz4h5M;
	Thu, 31 Oct 2024 16:37:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1730392630;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7PAsrQ8eJo+T0YBNk3bVoRFi/vTOcS3mCj3otA5k5+k=;
	b=RJGdmau2geyvZESvPW0nQWPIU/lTBraNNMfxCMDH7X9TTZOwpGgY+3n88xtR2pwSMEh1e2
	D+gbkeTrJcr0b5v3Te9bfDn95cfICCRAfvRwj0snj/DCCJK21rK/SWj7gpzq80HhrINWmx
	OsK2VGCLXj/gPl28mdUmKdrtFEZTkHpIZ/GSwobu0CJgBL0cvGBsty3wWIQmHHROh9YSeG
	2bls+K/LcHNYZFJpQKVRzv2+k0SsPlFsVWk1W7vJc1R4uU7XrEw66zEtFgD48z7WBAQm/Z
	Mg858WtB/8++8/iGqtmgRcxLQPnbd9+phkM9jxA0BeS/Nxj30yKA/3+jG8e6Mw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1730392630;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7PAsrQ8eJo+T0YBNk3bVoRFi/vTOcS3mCj3otA5k5+k=;
	b=SzgWcipsxLDszFz+R57ld646DQIQ1padqNj6cFqah+cALvkhDrBcPsaNp/hLQ3moFyrTNK
	EBk9WfKb1ltpfgrZVOvkG61iufryPEX4XObosYfGfGF61iwNQWiGuSZ2r0slwbWukgp8Fb
	42HXnZYmD6cBiW8Visy3ygy0T1q9SQZoEF26IJ+B0OEnF9Mel9Y3Q4B6VH7DoWeFFyXL0R
	7/9+H6ify5Kn//njBVBzc6/uVdbMI34ktd7Y5pff1zD6VluhhKOGAUAeNc/b8PPyLx9rJm
	MvJKsxyLcjFF7lbWfXx6t1Z+DH4LY2IN/Xw1i200mBC8xnKCcnxBZF1MkOBYDw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1730392630; a=rsa-sha256; cv=none;
	b=FmuZed1HD+0bK96O1mDya4gUpl8eBQa16yEdoYA6MjTKwM8P+7A2gu0WHrfPoaoKAE5vZB
	aD5dOOOK07AQo6vKyW7H17KPXP3JmdSihXXRH1+4dxfuEpsF71hiR1D0+vP4OQNXFzy2Ud
	eF+UOba3aqr3YOfJqNFxz2c49EurqwpOuCjo8LZOq43z1QVILbU57ESx2WZ2+k/oKTTkN+
	YxosuynrLsVCLk51paNI+dDH/lA9T1FH8Id3HO+TuIPHO/ODvWMlWAYugUgC3+oEh8l6J+
	o0bht2k1qDEoC9dm8VZBaBpWDHiTkDqu1Q8Zj4dVXhBysQ5RbNNqQD03ZJ2ZXQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XfV5L310kzjhP;
	Thu, 31 Oct 2024 16:37:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 49VGbAkQ033396;
	Thu, 31 Oct 2024 16:37:10 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 49VGbAgx033391;
	Thu, 31 Oct 2024 16:37:10 GMT
	(envelope-from git)
Date: Thu, 31 Oct 2024 16:37:10 GMT
Message-Id: <202410311637.49VGbAgx033391@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Michael Tuexen <tuexen@FreeBSD.org>
Subject: git: 0567f7cc1a46 - stable/13 - tcp: improve consistency
  of syncache_respond() failure handling
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: tuexen
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 0567f7cc1a4669085f29a8d8e9175eaf83f9877d
Auto-Submitted: auto-generated

The branch stable/13 has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=0567f7cc1a4669085f29a8d8e9175eaf83f9877d

commit 0567f7cc1a4669085f29a8d8e9175eaf83f9877d
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2024-09-05 01:33:13 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2024-10-31 16:36:46 +0000

    tcp: improve consistency of syncache_respond() failure handling
    
    When the initial sending of the SYN ACK segment using
    syncache_respond() fails, it is handled as a permanent error.
    To improve consistency, apply this policy in all cases, where
    syncache_respond() is called. These include
    * timer based retransmissions of the SYN ACK
    * retransmitting a SYN ACK in response to a SYN retransmission
    * sending of challenge ACKs in response to received RST segments
    In these cases, fall back to SYN cookies, if enabled.
    While there, also improve consistency of the TCP stats counters.
    
    Reviewed by:            cc, glebius (earlier version)
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D46428
    
    (cherry picked from commit ef438f7706be48f1cf7fd4c8a60329e1619cfe30)
---
 sys/netinet/tcp_syncache.c | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index 86df6c747ea4..111f591c5851 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -531,10 +531,16 @@ syncache_timer(void *xsch)
 		}
 
 		NET_EPOCH_ENTER(et);
-		syncache_respond(sc, NULL, TH_SYN|TH_ACK);
+		if (syncache_respond(sc, NULL, TH_SYN|TH_ACK) == 0) {
+			syncache_timeout(sc, sch, 0);
+			TCPSTAT_INC(tcps_sndacks);
+			TCPSTAT_INC(tcps_sndtotal);
+			TCPSTAT_INC(tcps_sc_retransmitted);
+		} else {
+			syncache_drop(sc, sch);
+			TCPSTAT_INC(tcps_sc_dropped);
+		}
 		NET_EPOCH_EXIT(et);
-		TCPSTAT_INC(tcps_sc_retransmitted);
-		syncache_timeout(sc, sch, 0);
 	}
 	if (!TAILQ_EMPTY(&(sch)->sch_bucket))
 		callout_reset(&(sch)->sch_timer, (sch)->sch_nextc - tick,
@@ -692,7 +698,13 @@ syncache_chkrst(struct in_conninfo *inc, struct tcphdr *th, struct mbuf *m,
 				    "sending challenge ACK\n",
 				    s, __func__,
 				    th->th_seq, sc->sc_irs + 1, sc->sc_wnd);
-			syncache_respond(sc, m, TH_ACK);
+			if (syncache_respond(sc, m, TH_ACK) == 0) {
+				TCPSTAT_INC(tcps_sndacks);
+				TCPSTAT_INC(tcps_sndtotal);
+			} else {
+				syncache_drop(sc, sch);
+				TCPSTAT_INC(tcps_sc_dropped);
+			}
 		}
 	} else {
 		if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
@@ -1589,6 +1601,9 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
 			syncache_timeout(sc, sch, 1);
 			TCPSTAT_INC(tcps_sndacks);
 			TCPSTAT_INC(tcps_sndtotal);
+		} else {
+			syncache_drop(sc, sch);
+			TCPSTAT_INC(tcps_sc_dropped);
 		}
 		SCH_UNLOCK(sch);
 		goto donenoprobe;