Improve the ECN negotiation when the TCP SYN-cache is used by making

sure that * ECN is disabled if the client sends an non-ECN-setup SYN segment. * ECN is disabled is the ECN-setup SYN-ACK segment is retransmitted more than net.inet.tcp.ecn.maxretries times. Reviewed by: rscheff MFC after: 1 week Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D26008
svn path=/head/; revision=364054
2020-08-08 19:39:38 +00:00 · 2020-08-08 19:39:38 +00:00 · 1bea15e601 · 2020-12-20 02:59:44 +00:00
commit 1bea15e601
parent d7c8186d67
1 changed files with 10 additions and 0 deletions
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@ -510,6 +510,9 @@ syncache_timer(void *xsch)
 				sch->sch_nextc = sc->sc_rxttime;
 			continue;
 		}
+		if (sc->sc_rxmits > V_tcp_ecn_maxretries) {
+			sc->sc_flags &= ~SCF_ECN;
+		}
 		if (sc->sc_rxmits > V_tcp_syncache.rexmt_limit) {
 			if ((s = tcp_log_addrs(&sc->sc_inc, NULL, NULL, NULL))) {
 				log(LOG_DEBUG, "%s; %s: Retransmits exhausted, "
@ -1505,6 +1508,13 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
 			sc->sc_tsreflect = to->to_tsval;
 		else
 			sc->sc_flags &= ~SCF_TIMESTAMP;
+		/*
+		 * Disable ECN if needed.
+		 */
+		if ((sc->sc_flags & SCF_ECN) &&
+		    ((th->th_flags & (TH_ECE|TH_CWR)) != (TH_ECE|TH_CWR))) {
+			sc->sc_flags &= ~SCF_ECN;
+		}
 #ifdef MAC
 		/*
 		 * Since we have already unconditionally allocated label