Paths

Table of Contentst

Differential D52754

tcp: apply rate limits to challenge ACKs
ClosedPublic
Actions

Authored by tuexen on Sep 26 2025, 8:02 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Tue, Jun 2, 9:41 PM

	Unknown Object (File)
	Sat, May 30, 10:50 PM

	Unknown Object (File)
	Thu, May 28, 10:51 PM

	Unknown Object (File)
	Wed, May 27, 12:08 PM

	Unknown Object (File)
	Tue, May 26, 2:19 AM

	Unknown Object (File)
	Fri, May 22, 2:25 AM

	Unknown Object (File)
	Thu, May 21, 5:42 PM

	Unknown Object (File)
	Fri, May 15, 12:58 AM

View All 75 Files

Subscribers

Details

Reviewers

rscheff
cc
nickbanks_netflix.com
peter.lei_ieee.org
lstewart
rrs

Group Reviewers

Commits

rG0cd22970019e: tcp: apply rate limits to challenge ACKs
rGc55c8a899edc: tcp: apply rate limits to challenge ACKs
rGc2900b6e8255: tcp: apply rate limits to challenge ACKs

Summary

When sending challenge ACKs from the SYN-cache, apply the same rate limiting as in other states.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

tuexen created this revision.Sep 26 2025, 8:02 PM

Herald added a reviewer: transport. · View Herald TranscriptSep 26 2025, 8:02 PM

Herald added subscribers: glebius, melifaro, imp. · View Herald Transcript

tuexen requested review of this revision.Sep 26 2025, 8:02 PM

cc added inline comments.Sep 30 2025, 1:33 PM

sys/netinet/tcp_syncache.c
1658	I think the two new members of `struct syncache` shall be initialized around here.
2070–2072	Can remove the else clause by initialize the `error` first. Like this: static int syncache_send_challenge_ack(struct syncache sc, struct mbuf m) { int error = 0; if (...) { ... } return (error); } Just my two cents if it is just a coding style.

tuexen marked 2 inline comments as done.Sep 30 2025, 5:26 PM

tuexen added inline comments.

sys/netinet/tcp_syncache.c
1658	I think the two new members of `struct syncache` shall be initialized around here. `sc` is initialized to zero either using `uma_zalloc(..., ...\| M_ZERO)` or by `bzero()`. So we don't need to explicitly zero fields. Both new fields are therefore initialized to 0 as intended.
2070–2072	Can remove the else clause by initialize the `error` first. Like this: static int syncache_send_challenge_ack(struct syncache sc, struct mbuf m) { int error = 0; if (...) { ... } return (error); } Just my two cents if it is just a coding style. I actually prefer the style I used. I someone adds another branch, the person has to write an explicit initialization of `error`. If this is forgotten, it is detected by the compiler or a static code analyzer. If you unconditionally initialize it to 0, this bug is not catched (assuming you want a non-zero `error` value). But I am flexible on this, since this is a style question.

rrs accepted this revision.Sep 30 2025, 5:57 PM

This revision is now accepted and ready to land.Sep 30 2025, 5:57 PM

cc accepted this revision.Sep 30 2025, 6:29 PM

Closed by commit rGc2900b6e8255: tcp: apply rate limits to challenge ACKs (authored by tuexen). · Explain WhySep 30 2025, 8:09 PM

This revision was automatically updated to reflect the committed changes.

tuexen marked 2 inline comments as done.

tuexen added a commit: rGc2900b6e8255: tcp: apply rate limits to challenge ACKs.

tuexen added a commit: rGc55c8a899edc: tcp: apply rate limits to challenge ACKs.Oct 3 2025, 8:32 AM

tuexen added a commit: rG0cd22970019e: tcp: apply rate limits to challenge ACKs.Oct 3 2025, 8:38 AM

Revision Contents
Changeset List

Path

Size

sys/

netinet/

2 lines

28 lines

Diff 163144

sys/netinet/tcp_syncache.h

Loading...

sys/netinet/tcp_syncache.c

Loading...