git: ab65c64bc402 - main - tcp: fix handling of <RST,ACK> segments in SYN-RCVD for RACK and BBR

From: Michael Tuexen <tuexen_at_FreeBSD.org>
Date: Wed, 26 Jul 2023 23:26:19 UTC
The branch main has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=ab65c64bc40270b032f575c5733ea276b006d2ba

commit ab65c64bc40270b032f575c5733ea276b006d2ba
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2023-07-26 14:22:13 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2023-07-26 14:22:13 +0000

    tcp: fix handling of <RST,ACK> segments in SYN-RCVD for RACK and BBR
    
    This deals with TCP endpoints in the SYN-RCVD state coming from the
    SYN-SENT state.
    
    Reviewed by:            rscheff
    MFC after:              3 days
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D41203
---
 sys/netinet/tcp_stacks/bbr.c  |  6 +++---
 sys/netinet/tcp_stacks/rack.c | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/sys/netinet/tcp_stacks/bbr.c b/sys/netinet/tcp_stacks/bbr.c
index 1bc20de9e503..229f895b0285 100644
--- a/sys/netinet/tcp_stacks/bbr.c
+++ b/sys/netinet/tcp_stacks/bbr.c
@@ -8928,6 +8928,9 @@ bbr_do_syn_recv(struct mbuf *m, struct tcphdr *th, struct socket *so,
 
 	bbr = (struct tcp_bbr *)tp->t_fb_ptr;
 	ctf_calc_rwin(so, tp);
+	if ((thflags & TH_RST) ||
+	    (tp->t_fin_is_rst && (thflags & TH_FIN)))
+		return (ctf_process_rst(m, th, so, tp));
 	if ((thflags & TH_ACK) &&
 	    (SEQ_LEQ(th->th_ack, tp->snd_una) ||
 	     SEQ_GT(th->th_ack, tp->snd_max))) {
@@ -8959,9 +8962,6 @@ bbr_do_syn_recv(struct mbuf *m, struct tcphdr *th, struct socket *so,
 			return (0);
 		}
 	}
-	if ((thflags & TH_RST) ||
-	    (tp->t_fin_is_rst && (thflags & TH_FIN)))
-		return (ctf_process_rst(m, th, so, tp));
 	/*
 	 * RFC 1323 PAWS: If we have a timestamp reply on this segment and
 	 * it's less than ts_recent, drop it.
diff --git a/sys/netinet/tcp_stacks/rack.c b/sys/netinet/tcp_stacks/rack.c
index 59dd113c03d5..5bfca4e3a687 100644
--- a/sys/netinet/tcp_stacks/rack.c
+++ b/sys/netinet/tcp_stacks/rack.c
@@ -13405,7 +13405,13 @@ rack_do_syn_recv(struct mbuf *m, struct tcphdr *th, struct socket *so,
 	int32_t ret_val = 0;
 	int32_t ourfinisacked = 0;
 
+	rack = (struct tcp_rack *)tp->t_fb_ptr;
 	ctf_calc_rwin(so, tp);
+	if ((thflags & TH_RST) ||
+	    (tp->t_fin_is_rst && (thflags & TH_FIN)))
+		return (__ctf_process_rst(m, th, so, tp,
+					  &rack->r_ctl.challenge_ack_ts,
+					  &rack->r_ctl.challenge_ack_cnt));
 	if ((thflags & TH_ACK) &&
 	    (SEQ_LEQ(th->th_ack, tp->snd_una) ||
 	    SEQ_GT(th->th_ack, tp->snd_max))) {
@@ -13413,7 +13419,6 @@ rack_do_syn_recv(struct mbuf *m, struct tcphdr *th, struct socket *so,
 		ctf_do_dropwithreset(m, tp, th, BANDLIM_RST_OPENPORT, tlen);
 		return (1);
 	}
-	rack = (struct tcp_rack *)tp->t_fb_ptr;
 	if (IS_FASTOPEN(tp->t_flags)) {
 		/*
 		 * When a TFO connection is in SYN_RECEIVED, the
@@ -13440,11 +13445,6 @@ rack_do_syn_recv(struct mbuf *m, struct tcphdr *th, struct socket *so,
 		}
 	}
 
-	if ((thflags & TH_RST) ||
-	    (tp->t_fin_is_rst && (thflags & TH_FIN)))
-		return (__ctf_process_rst(m, th, so, tp,
-					  &rack->r_ctl.challenge_ack_ts,
-					  &rack->r_ctl.challenge_ack_cnt));
 	/*
 	 * RFC 1323 PAWS: If we have a timestamp reply on this segment and
 	 * it's less than ts_recent, drop it.