Index: sys/netinet/tcp_input.c =================================================================== --- sys/netinet/tcp_input.c +++ sys/netinet/tcp_input.c @@ -1024,7 +1024,7 @@ #endif if (!((tp->t_state == TCPS_ESTABLISHED && (thflags & TH_SYN) == 0) || (tp->t_state == TCPS_LISTEN && (thflags & TH_SYN) && - !(tp->t_flags & TF_FASTOPEN)))) { + !IS_FASTOPEN(tp->t_flags)))) { if (ti_locked == TI_UNLOCKED) { if (INP_INFO_TRY_RLOCK(&V_tcbinfo) == 0) { in_pcbref(inp); @@ -1502,7 +1502,9 @@ struct in_conninfo *inc; struct mbuf *mfree; struct tcpopt to; +#ifdef TCP_RFC7413 int tfo_syn; +#endif #ifdef TCPDEBUG /* @@ -1958,7 +1960,7 @@ goto dropwithreset; } #ifdef TCP_RFC7413 - if (tp->t_flags & TF_FASTOPEN) { + if (IS_FASTOPEN(tp->t_flags)) { /* * When a TFO connection is in SYN_RECEIVED, the * only valid packets are the initial SYN, a @@ -2392,7 +2394,7 @@ (tp->t_flags & TF_NEEDSYN)) { #ifdef TCP_RFC7413 if (tp->t_state == TCPS_SYN_RECEIVED && - tp->t_flags & TF_FASTOPEN) { + IS_FASTOPEN(tp->t_flags)) { tp->snd_wnd = tiwin; cc_conn_init(tp); } @@ -2455,7 +2457,7 @@ * snd_cwnd reduction that occurs when a TFO SYN|ACK * is retransmitted. */ - if (!(tp->t_flags & TF_FASTOPEN)) + if (!IS_FASTOPEN(tp->t_flags)) #endif cc_conn_init(tp); tcp_timer_activate(tp, TT_KEEP, TP_KEEPIDLE(tp)); @@ -3020,8 +3022,12 @@ * case PRU_RCVD). If a FIN has already been received on this * connection then we just ignore the text. */ +#ifdef TCP_RFC7413 tfo_syn = ((tp->t_state == TCPS_SYN_RECEIVED) && - (tp->t_flags & TF_FASTOPEN)); + IS_FASTOPEN(tp->t_flags)); +#else +#define tfo_syn (false) +#endif if ((tlen || (thflags & TH_FIN) || tfo_syn) && TCPS_HAVERCVDFIN(tp->t_state) == 0) { tcp_seq save_start = th->th_seq; @@ -3245,6 +3251,9 @@ if (tp != NULL) INP_WUNLOCK(tp->t_inpcb); m_freem(m); +#ifndef TCP_RFC7413 +#undef tfo_syn +#endif } /* Index: sys/netinet/tcp_output.c =================================================================== --- sys/netinet/tcp_output.c +++ sys/netinet/tcp_output.c @@ -224,7 +224,7 @@ * For TFO connections in SYN_RECEIVED, only allow the initial * SYN|ACK and those sent by the retransmit timer. */ - if ((tp->t_flags & TF_FASTOPEN) && + if (IS_FASTOPEN(tp->t_flags) && (tp->t_state == TCPS_SYN_RECEIVED) && SEQ_GT(tp->snd_max, tp->snd_una) && /* initial SYN|ACK sent */ (tp->snd_nxt != tp->snd_una)) /* not a retransmit */ @@ -420,7 +420,7 @@ * When sending additional segments following a TFO SYN|ACK, * do not include the SYN bit. */ - if ((tp->t_flags & TF_FASTOPEN) && + if (IS_FASTOPEN(tp->t_flags) && (tp->t_state == TCPS_SYN_RECEIVED)) flags &= ~TH_SYN; #endif @@ -443,7 +443,7 @@ * don't include data, as the presence of data may have caused the * original SYN|ACK to have been dropped by a middlebox. */ - if ((tp->t_flags & TF_FASTOPEN) && + if (IS_FASTOPEN(tp->t_flags) && (((tp->t_state == TCPS_SYN_RECEIVED) && (tp->t_rxtshift > 0)) || (flags & TH_RST))) len = 0; @@ -780,7 +780,7 @@ * the TFO option may have caused the original * SYN|ACK to have been dropped by a middlebox. */ - if ((tp->t_flags & TF_FASTOPEN) && + if (IS_FASTOPEN(tp->t_flags) && (tp->t_state == TCPS_SYN_RECEIVED) && (tp->t_rxtshift == 0)) { to.to_tfo_len = TCP_FASTOPEN_COOKIE_LEN; Index: sys/netinet/tcp_syncache.c =================================================================== --- sys/netinet/tcp_syncache.c +++ sys/netinet/tcp_syncache.c @@ -1209,7 +1209,7 @@ ltflags = (tp->t_flags & (TF_NOOPT | TF_SIGNATURE)); #ifdef TCP_RFC7413 - if (V_tcp_fastopen_enabled && (tp->t_flags & TF_FASTOPEN) && + if (V_tcp_fastopen_enabled && IS_FASTOPEN(tp->t_flags) && (tp->t_tfo_pending != NULL) && (to->to_flags & TOF_FASTOPEN)) { /* * Limit the number of pending TFO connections to Index: sys/netinet/tcp_usrreq.c =================================================================== --- sys/netinet/tcp_usrreq.c +++ sys/netinet/tcp_usrreq.c @@ -410,7 +410,7 @@ SOCK_UNLOCK(so); #ifdef TCP_RFC7413 - if (tp->t_flags & TF_FASTOPEN) + if (IS_FASTOPEN(tp->t_flags)) tp->t_tfo_pending = tcp_fastopen_alloc_counter(); #endif out: @@ -460,7 +460,7 @@ SOCK_UNLOCK(so); #ifdef TCP_RFC7413 - if (tp->t_flags & TF_FASTOPEN) + if (IS_FASTOPEN(tp->t_flags)) tp->t_tfo_pending = tcp_fastopen_alloc_counter(); #endif out: @@ -826,7 +826,7 @@ * application response data, or failing that, when the DELACK timer * expires. */ - if ((tp->t_flags & TF_FASTOPEN) && + if (IS_FASTOPEN(tp->t_flags) && (tp->t_state == TCPS_SYN_RECEIVED)) goto out; #endif Index: sys/netinet/tcp_var.h =================================================================== --- sys/netinet/tcp_var.h +++ sys/netinet/tcp_var.h @@ -349,6 +349,12 @@ #define ENTER_RECOVERY(t_flags) t_flags |= (TF_CONGRECOVERY | TF_FASTRECOVERY) #define EXIT_RECOVERY(t_flags) t_flags &= ~(TF_CONGRECOVERY | TF_FASTRECOVERY) +#if defined(_KERNEL) && !defined(TCP_RFC7413) +#define IS_FASTOPEN(t_flags) (false) +#else +#define IS_FASTOPEN(t_flags) (t_flags & TF_FASTOPEN) +#endif + #define BYTES_THIS_ACK(tp, th) (th->th_ack - tp->snd_una) /*