Page MenuHomeFreeBSD

tcp: fix counter leak for SYN_RCVD state when syncache_socket() fails
ClosedPublic

Authored by glebius on Dec 5 2022, 10:23 PM.
Tags
None
Referenced Files
F131948178: D37610.diff
Sun, Oct 12, 10:32 AM
Unknown Object (File)
Wed, Oct 8, 2:02 AM
Unknown Object (File)
Fri, Sep 19, 3:52 AM
Unknown Object (File)
Sep 11 2025, 8:43 PM
Unknown Object (File)
Sep 10 2025, 11:54 AM
Unknown Object (File)
Sep 10 2025, 11:54 AM
Unknown Object (File)
Sep 8 2025, 8:06 PM
Unknown Object (File)
Aug 15 2025, 6:21 AM
Subscribers

Details

Summary

The SYN_RCVD state count is tricky here due to default code path and TFO
being so different. In the default case the count is incremented when a
syncache entry is added to the the database in syncache_insert(). Later
when connection transitions from syncache entry to a socket in
syncache_expand(), this counter is inherited by the tcpcb. If socket or
tcpcb allocation failed in syncache_socket() failed the syncache_expand()
is responsible for decrement. In the TFO case the syncache entry is not
inserted into database and count of SYN_RCVD is first incremented in the
syncache_tfo_expand() after successful socket allocation. Thus, inside
syncache_socket() we can't tell whether we need to decrement in a case of
a failure or not. The caller is responsible for this book keeping.

Fixes: 07285bb4c22c026a50f69149d5dae03169b15fe4

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This revision was not accepted when it landed; it landed in state Needs Review.Dec 14 2022, 3:32 AM
This revision was automatically updated to reflect the committed changes.