Page MenuHomeFreeBSD
Files F143519539

D10272.id27052.diff
No OneTemporary
Actions

D10272.id27052.diff
View Options

Index: sys/netinet/tcp_syncache.h
===================================================================
--- sys/netinet/tcp_syncache.h
+++ sys/netinet/tcp_syncache.h
@@ -99,6 +99,7 @@
int sch_nextc;
u_int sch_length;
struct tcp_syncache *sch_sc;
+ time_t sch_last_overflow;
};
#define SYNCOOKIE_SECRET_SIZE 16
Index: sys/netinet/tcp_syncache.c
===================================================================
--- sys/netinet/tcp_syncache.c
+++ sys/netinet/tcp_syncache.c
@@ -260,6 +260,7 @@
&V_tcp_syncache.hashbase[i].sch_mtx, 0);
V_tcp_syncache.hashbase[i].sch_length = 0;
V_tcp_syncache.hashbase[i].sch_sc = &V_tcp_syncache;
+ V_tcp_syncache.hashbase[i].sch_last_overflow = INT64_MIN;
}
/* Create the syncache entry zone. */
@@ -335,6 +336,7 @@
KASSERT(!TAILQ_EMPTY(&sch->sch_bucket),
("sch->sch_length incorrect"));
sc2 = TAILQ_LAST(&sch->sch_bucket, sch_head);
+ sch->sch_last_overflow = time_uptime;
syncache_drop(sc2, sch);
TCPSTAT_INC(tcps_sc_bucketoverflow);
}
@@ -974,10 +976,13 @@
/*
* There is no syncache entry, so see if this ACK is
* a returning syncookie. To do this, first:
- * A. See if this socket has had a syncache entry dropped in
- * the past. We don't want to accept a bogus syncookie
- * if we've never received a SYN.
- * B. check that the syncookie is valid. If it is, then
+ * A. Check if syncookies are used in case of syncache
+ * overflows
+ * B. See if this socket has had a syncache entry dropped in
+ * the recent past. We don't want to accept a bogus
+ * syncookie if we've never received a SYN or accept it
+ * twice.
+ * C. check that the syncookie is valid. If it is, then
* cobble up a fake syncache entry, and return.
*/
if (!V_tcp_syncookies) {
@@ -988,6 +993,15 @@
s, __func__);
goto failed;
}
+ if (!V_tcp_syncookiesonly &&
+ sch->sch_last_overflow < time_uptime - SYNCOOKIE_LIFETIME) {
+ SCH_UNLOCK(sch);
+ if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
+ log(LOG_DEBUG, "%s; %s: Spurious ACK, "
+ "segment rejected (no syncache entry)\n",
+ s, __func__);
+ goto failed;
+ }
bzero(&scs, sizeof(scs));
sc = syncookie_lookup(inc, sch, &scs, th, to, *lsop);
SCH_UNLOCK(sch);
@@ -1411,8 +1425,10 @@
* entry and insert the new one.
*/
TCPSTAT_INC(tcps_sc_zonefail);
- if ((sc = TAILQ_LAST(&sch->sch_bucket, sch_head)) != NULL)
+ if ((sc = TAILQ_LAST(&sch->sch_bucket, sch_head)) != NULL) {
+ sch->sch_last_overflow = time_uptime;
syncache_drop(sc, sch);
+ }
sc = uma_zalloc(V_tcp_syncache.zone, M_NOWAIT | M_ZERO);
if (sc == NULL) {
if (V_tcp_syncookies) {

File Metadata

Mime Type
text/plain
Expires
Sat, Jan 31, 7:59 PM (21 h, 21 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
28171367
Default Alt Text
D10272.id27052.diff (2 KB)

Event Timeline