From nobody Thu Oct 31 13:39:35 2024
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XfQ8R5qvvz5bjFp;
	Thu, 31 Oct 2024 13:39:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XfQ8R5KH1z4s8L;
	Thu, 31 Oct 2024 13:39:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1730381975;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uCSRSDgYoWVdsUTM9QvM2Lug43i94hdURfjS13RxwvU=;
	b=m95eVMLCLmHltDc5oTj6xKUMLkTiH9l/DUdROPixHWA7NRvZqO7/J79szsbr0Zx8Nbc2UQ
	KqVRZNNAujoGjvnjRsOitReGmhOtCAG9Ng8mGnuhkVHHXIhGVpWorrggkF4Q6Xtq2jQBp7
	hC7lTUwdKxdyDZFd2E1TCCUoiwYyeawg46TJqsogNXJfSm6bazfhmgb3N/5BBczT1ieK8V
	hdPOMfn2mDS7P2vrcJKVvL80Ze9t+e9DtpiU1czicHFbdin3m/Q6WtBb0UmmYC1dSQU1lh
	kyfOv1P8qVpmD98TTE6LMu1XQLAua6v8Ds44bB169uvi0QrbbA/ltsWOH7HdQQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1730381975;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uCSRSDgYoWVdsUTM9QvM2Lug43i94hdURfjS13RxwvU=;
	b=A0z2DslryY9CjB9Cg7R9LdzFmKthpbd7qqbAGryzaoVhbYkEGhYu+rG2UQlBLeSz9fzyIV
	lsz/qkTu72FWSfCxigoW1eyqPjYvqtCAoxWuutnkLYpL4ntqP6wQoYJnGn/qIGNpNtnV4Y
	pjQ5YIwza3JTT4HZ/p5RA8LEZ2ricXlID4vADk1liAf//aO8OHrgXxJDfEp+yJENf14D4E
	0HI4GwWoK0VFJDKypKNzuoJbw+NOQWMlXEtjjarbMZTmuahBo0G2JFCGEPI0TlAPTmxXkg
	+hy2VJFexeXgvV5/m29Ob5j2Wqrxe5Xkc2LvuxBBnQptuPiBz9REXl+AfeMK6w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1730381975; a=rsa-sha256; cv=none;
	b=ImPmZjBM3gr/cScJxt0DYH8gzZZv8e0OfFdS7xlwp63hLqZ5WRUyBgKAkL9nM7XYnHYfE4
	j5dSwD2OOrj76kbUwRL5pyoqjDlwv2MORR8qbZe/n1m//XNzW9PlVPvCmrSWGjklDoGE28
	PxmThS8EbXEyVIf1qMmAm/Ia0rtecXWJPbvRSBNwv5k6V04wHZoknnpcVDC5+NlGg0IN6A
	ALPimd6mAENApXVFnP/6mGPOPR18ypJphqgXsbG2eu4YY5x8CSnoStTBccQKU1tk5A7VO5
	c92mnR85W6lbpOZPd8IeCUvIEC9/3oMbGN2ieipDF9KzMey1VNFIaUfTpnSioQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XfQ8R4cwjzf3V;
	Thu, 31 Oct 2024 13:39:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 49VDdZ3R092804;
	Thu, 31 Oct 2024 13:39:35 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 49VDdZxI092801;
	Thu, 31 Oct 2024 13:39:35 GMT
	(envelope-from git)
Date: Thu, 31 Oct 2024 13:39:35 GMT
Message-Id: <202410311339.49VDdZxI092801@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Michael Tuexen <tuexen@FreeBSD.org>
Subject: git: 003f1ebcbce1 - stable/14 - tcp: improve consistency
  of syncache_respond() failure handling
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: tuexen
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 003f1ebcbce10775ae7d4dd631946f9bfec983ab
Auto-Submitted: auto-generated

The branch stable/14 has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=003f1ebcbce10775ae7d4dd631946f9bfec983ab

commit 003f1ebcbce10775ae7d4dd631946f9bfec983ab
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2024-09-05 01:33:13 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2024-10-31 11:17:53 +0000

    tcp: improve consistency of syncache_respond() failure handling
    
    When the initial sending of the SYN ACK segment using
    syncache_respond() fails, it is handled as a permanent error.
    To improve consistency, apply this policy in all cases, where
    syncache_respond() is called. These include
    * timer based retransmissions of the SYN ACK
    * retransmitting a SYN ACK in response to a SYN retransmission
    * sending of challenge ACKs in response to received RST segments
    In these cases, fall back to SYN cookies, if enabled.
    While there, also improve consistency of the TCP stats counters.
    
    Reviewed by:            cc, glebius (earlier version)
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D46428
    
    (cherry picked from commit ef438f7706be48f1cf7fd4c8a60329e1619cfe30)
---
 sys/netinet/tcp_syncache.c | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index 6e71d14196f5..b6318ec23556 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -535,10 +535,16 @@ syncache_timer(void *xsch)
 		}
 
 		NET_EPOCH_ENTER(et);
-		syncache_respond(sc, NULL, TH_SYN|TH_ACK);
+		if (syncache_respond(sc, NULL, TH_SYN|TH_ACK) == 0) {
+			syncache_timeout(sc, sch, 0);
+			TCPSTAT_INC(tcps_sndacks);
+			TCPSTAT_INC(tcps_sndtotal);
+			TCPSTAT_INC(tcps_sc_retransmitted);
+		} else {
+			syncache_drop(sc, sch);
+			TCPSTAT_INC(tcps_sc_dropped);
+		}
 		NET_EPOCH_EXIT(et);
-		TCPSTAT_INC(tcps_sc_retransmitted);
-		syncache_timeout(sc, sch, 0);
 	}
 	if (!TAILQ_EMPTY(&(sch)->sch_bucket))
 		callout_reset(&(sch)->sch_timer, (sch)->sch_nextc - tick,
@@ -696,7 +702,13 @@ syncache_chkrst(struct in_conninfo *inc, struct tcphdr *th, struct mbuf *m,
 				    "sending challenge ACK\n",
 				    s, __func__,
 				    th->th_seq, sc->sc_irs + 1, sc->sc_wnd);
-			syncache_respond(sc, m, TH_ACK);
+			if (syncache_respond(sc, m, TH_ACK) == 0) {
+				TCPSTAT_INC(tcps_sndacks);
+				TCPSTAT_INC(tcps_sndtotal);
+			} else {
+				syncache_drop(sc, sch);
+				TCPSTAT_INC(tcps_sc_dropped);
+			}
 		}
 	} else {
 		if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
@@ -1559,6 +1571,9 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
 			syncache_timeout(sc, sch, 1);
 			TCPSTAT_INC(tcps_sndacks);
 			TCPSTAT_INC(tcps_sndtotal);
+		} else {
+			syncache_drop(sc, sch);
+			TCPSTAT_INC(tcps_sc_dropped);
 		}
 		SCH_UNLOCK(sch);
 		goto donenoprobe;