PERFORCE change 164829 for review

Sun Jun 21 20:31:45 UTC 2009

http://perforce.freebsd.org/chv.cgi?CH=164829

Change 164829 by andre at andre_t61 on 2009/06/21 20:31:09

	Merge in some fixes to head after the branch point of tcp_new:
	
	svn r178862 jhb
	Always bump tcpstat.tcps_badrst if we get a RST for a connection in the
	syncache that has an invalid SEQ instead of only doing it when we suceed
	in mallocing space for the log message.
	
	svn r179832 ups
	Fix a check in SYN cache expansion (syncache_expand()) to accept packets
	that arrive in the receive window instead of just on the left edge of the
	receive window.
	This is needed for correct behavior when packets are lost or reordered.
	
	svn r179833 ups
	Change incorrect stale cookie detection in syncookie_lookup() that prematurely
	declared a cookie as expired.

Affected files ...

.. //depot/projects/tcp_new/netinet/tcp_syncache.c#2 edit

Differences ...

==== //depot/projects/tcp_new/netinet/tcp_syncache.c#2 (text+ko) ====

@@ -567,10 +567,11 @@
 			    "connection attempt aborted by remote endpoint\n",
 			    s, __func__);
 		tcpstat.tcps_sc_reset++;
-	} else if ((s = tcp_log_addrs(inc, th, NULL, NULL))) {
-		log(LOG_DEBUG, "%s; %s: RST with invalid SEQ %u != IRS %u "
-		    "(+WND %u), segment ignored\n",
-		    s, __func__, th->th_seq, sc->sc_irs, sc->sc_wnd);
+	} else {
+		if ((s = tcp_log_addrs(inc, th, NULL, NULL))) {
+			log(LOG_DEBUG, "%s; %s: RST with invalid SEQ %u != "
+			    "IRS %u (+WND %u), segment ignored\n",
+			    s, __func__, th->th_seq, sc->sc_irs, sc->sc_wnd);
 		tcpstat.tcps_badrst++;
 	}
 
@@ -902,12 +903,14 @@
 			    "rejected\n", s, __func__, th->th_ack, sc->sc_iss);
 		goto failed;
 	}
+
 	/*
-	 * The SEQ must match the received initial receive sequence
-	 * number + 1 (the SYN) because we didn't ACK any data that
-	 * may have come with the SYN.
+	 * The SEQ must fall in the window starting at the received
+	 * initial receive sequence number + 1 (the SYN).
 	 */
-	if (th->th_seq != sc->sc_irs + 1 && !TOEPCB_ISSET(sc)) {
+	if ((SEQ_LEQ(th->th_seq, sc->sc_irs) ||
+	     SEQ_GT(th->th_seq, sc->sc_irs + sc->sc_wnd) &&
+	    !TOEPCB_ISSET(sc)) {
 		if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
 			log(LOG_DEBUG, "%s; %s: SEQ %u != IRS+1 %u, segment "
 			    "rejected\n", s, __func__, th->th_seq, sc->sc_irs);
@@ -1607,7 +1610,7 @@
 	 * The secret wasn't updated for the lifetime of a syncookie,
 	 * so this SYN-ACK/ACK is either too old (replay) or totally bogus.
 	 */
-	if (sch->sch_reseed < time_uptime) {
+	if (sch->sch_reseed + SYNCOOKIE_LIFETIME < time_uptime) {
 		return (NULL);
 	}
 
