For the INP_TIMEWAIT case, there is no valid tcpcb object tied to the
inpcb object. Skip the TCP_SIGNATURE check in that case as it is consistent with the output path (no TCP_SIGNATURE for outcoming packets in TIMEWAIT state) and also because for TIMEWAIT state the verify may be less effective. Sponsored by: Sandvine Incorporated Reported by: rwatson No objections by: rwatson MFC after: 3 days
This commit is contained in:
Attilio Rao
parent
ab9a96be12
commit
4af309c810
@ -948,24 +948,8 @@ tcp_input(struct mbuf *m, int off0)
|
||||
}
|
||||
INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
|
||||
|
||||
#ifdef TCP_SIGNATURE
|
||||
tcp_dooptions(&to, optp, optlen,
|
||||
(thflags & TH_SYN) ? TO_SYN : 0);
|
||||
if (sig_checked == 0) {
|
||||
tp = intotcpcb(inp);
|
||||
if (tp == NULL || tp->t_state == TCPS_CLOSED) {
|
||||
rstreason = BANDLIM_RST_CLOSEDPORT;
|
||||
goto dropwithreset;
|
||||
}
|
||||
if (!tcp_signature_verify_input(m, off0, tlen, optlen,
|
||||
&to, th, tp->t_flags))
|
||||
goto dropunlock;
|
||||
sig_checked = 1;
|
||||
}
|
||||
#else
|
||||
if (thflags & TH_SYN)
|
||||
tcp_dooptions(&to, optp, optlen, TO_SYN);
|
||||
#endif
|
||||
/*
|
||||
* NB: tcp_twcheck unlocks the INP and frees the mbuf.
|
||||
*/
|
||||
|
||||
Loading…
Reference in New Issue
Block a user