tcp: improve segment validation in SYN-RECEIVED
ClosedPublic
Actions

Authored by tuexen on Oct 2 2025, 7:59 AM.

Details

Reviewers

cc
rscheff
rrs
nickbanks_netflix.com
peter.lei_ieee.org
lstewart

Group Reviewers

transport

Commits

rGf846f0cc6002: tcp: improve segment validation in SYN-RECEIVED
rGa7dcd4c2a9fb: tcp: improve segment validation in SYN-RECEIVED
rGb7118461f909: tcp: improve segment validation in SYN-RECEIVED

Summary

There validation of SEG.SEQ (first step in SEGMENT ARRIVES) should be done before the validation of SEG.ACK (fifth step in SEGMENT ARRIVES). Furthermore, when the SEG.SEQ validation fails, a challenge ACK should be sent instead of sending a RST-segment and moving the endpoint to CLOSED.

Thanks to Tilnel for reporting the issue on freebsd-net@.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

tuexen created this revision.Oct 2 2025, 7:59 AM

Herald added a reviewer: transport. · View Herald TranscriptOct 2 2025, 7:59 AM

Herald added subscribers: glebius, melifaro, imp. · View Herald Transcript

tuexen requested review of this revision.Oct 2 2025, 7:59 AM

nickbanks_netflix.com accepted this revision.Oct 2 2025, 1:57 PM

This revision is now accepted and ready to land.Oct 2 2025, 1:57 PM

Closed by commit rGb7118461f909: tcp: improve segment validation in SYN-RECEIVED (authored by tuexen). · Explain WhyOct 2 2025, 2:54 PM

This revision was automatically updated to reflect the committed changes.

tuexen added a commit: rGb7118461f909: tcp: improve segment validation in SYN-RECEIVED.

jtl added a subscriber: jtl.Oct 2 2025, 4:33 PM

jtl added inline comments.

sys/netinet/tcp_syncache.c
1284	This has a race condition in that it reads from sc after unlocking sch. IIUC, that means sc could have been freed by another thread by the time we run the log line. I think this same race is present on line 1209.