Page MenuHomeFreeBSD

tcp: improve mbuf handling when processing SYN
ClosedPublic

Authored by tuexen on Sep 28 2024, 8:38 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Oct 18, 9:31 PM
Unknown Object (File)
Wed, Oct 15, 7:00 AM
Unknown Object (File)
Sun, Sep 28, 1:33 PM
Unknown Object (File)
Tue, Sep 23, 12:19 PM
Unknown Object (File)
Sep 17 2025, 11:45 PM
Unknown Object (File)
Sep 15 2025, 10:36 AM
Unknown Object (File)
Sep 13 2025, 10:13 PM
Unknown Object (File)
Sep 13 2025, 2:02 AM

Details

Summary

When the sysctl-variable net.inet.ip.accept_sourceroute is non-zero, an mbuf would be leaked when processing a SYN-segment containing an IPv4 strict or loose source routing option, when
the on-stack syncache entry is used or there is an error related to processing TCP MD5 options.

Fix this by freeing the mbuf whenever an error occurred or the on-stack syncache entry is used.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj added inline comments.
sys/netinet/tcp_syncache.c
1585

Mostly unrelated, but this if-statement can be indented such that it applies only to the uma_zalloc() case. It's a minor thing but the control flow in this function is so complicated. :(

1777
This revision is now accepted and ready to land.Sep 30 2024, 10:34 AM
tuexen added inline comments.
sys/netinet/tcp_syncache.c
1585

I agree. Had the same observation, but did not want to intermix a the fix with a code cleanup with no functional change. Will do this as a follow-up.

1777

Will change it. But this is used multiple time this way in this file. Maybe this should be cleaned up first.