tcp: improve mbuf handling when processing SYN
ClosedPublic
Actions

Authored by tuexen on Sep 28 2024, 8:38 PM.

Details

Reviewers

markj
cc
rrs
rscheff
peter.lei_ieee.org
lstewart

Group Reviewers

transport

Commits

rG7174ef705c03: tcp: improve mbuf handling when processing SYN segments
rG67e469299821: tcp: improve mbuf handling when processing SYN segments
rG01eb635d1295: tcp: improve mbuf handling when processing SYN segments

Summary

When the sysctl-variable net.inet.ip.accept_sourceroute is non-zero, an mbuf would be leaked when processing a SYN-segment containing an IPv4 strict or loose source routing option, when
the on-stack syncache entry is used or there is an error related to processing TCP MD5 options.

Fix this by freeing the mbuf whenever an error occurred or the on-stack syncache entry is used.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

tuexen created this revision.Sep 28 2024, 8:38 PM

Herald added a reviewer: transport. · View Herald TranscriptSep 28 2024, 8:38 PM

Herald added subscribers: glebius, melifaro, imp. · View Herald Transcript

tuexen requested review of this revision.Sep 28 2024, 8:38 PM

markj accepted this revision.Sep 30 2024, 8:35 AM

markj added inline comments.

sys/netinet/tcp_syncache.c
1585	Mostly unrelated, but this if-statement can be indented such that it applies only to the uma_zalloc() case. It's a minor thing but the control flow in this function is so complicated. :(
1777

rscheff accepted this revision.Sep 30 2024, 10:34 AM

This revision is now accepted and ready to land.Sep 30 2024, 10:34 AM

tuexen marked 2 inline comments as done.Sep 30 2024, 12:01 PM

tuexen added inline comments.

sys/netinet/tcp_syncache.c
1585	I agree. Had the same observation, but did not want to intermix a the fix with a code cleanup with no functional change. Will do this as a follow-up.
1777	Will change it. But this is used multiple time this way in this file. Maybe this should be cleaned up first.