tcp: honor drop_synfin sysctl variable in TIME-WAIT

Reviewed by: rrs@ MFC after: 1 week Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D36862
2022-10-03 12:48:30 +02:00 · 2022-10-03 12:48:30 +02:00 · f8b5681094
commit f8b5681094
parent ffbc2a58b1
1 changed files with 12 additions and 2 deletions
--- a/sys/netinet/tcp_timewait.c
+++ b/sys/netinet/tcp_timewait.c
@ -50,9 +50,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/proc.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
-#ifndef INVARIANTS
 #include <sys/syslog.h>
-#endif
 #include <sys/protosw.h>
 #include <sys/random.h>

@ -389,6 +387,7 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th,
    struct mbuf *m, int tlen)
 {
 	struct tcptw *tw;
+	char *s;
 	int thflags;
 	tcp_seq seq;

@ -447,6 +446,17 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th,
 	 */
 #endif

+	/* Honor the drop_synfin sysctl variable. */
+	if ((thflags & TH_SYN) && (thflags & TH_FIN) && V_drop_synfin) {
+		if ((s = tcp_log_addrs(&inp->inp_inc, th, NULL, NULL))) {
+			log(LOG_DEBUG, "%s; %s: "
+			    "SYN|FIN segment ignored (based on "
+			    "sysctl setting)\n", s, __func__);
+			free(s, M_TCPLOG);
+		}
+		goto drop;
+	}
+
 	/*
 	 * If a new connection request is received
 	 * while in TIME_WAIT, drop the old connection