From a026a53a76055b86ee658e002db94ae12755cc8f Mon Sep 17 00:00:00 2001 From: Michael Tuexen Date: Tue, 10 Jul 2018 10:42:48 +0000 Subject: [PATCH] Use appropriate MSS value when populating the TCP FO client cookie cache When a client receives a SYN-ACK segment with a TFP fast open cookie, but without an MSS option, an MSS value from uninitialised stack memory is used. This patch ensures that in case no MSS option is included in the SYN-ACK, the appropriate value as given in RFC 7413 is used. Reviewed by: kbowling@ Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D16175 --- sys/netinet/tcp_input.c | 15 ++++++++++++--- sys/netinet/tcp_stacks/fastpath.c | 30 ++++++++++++++++++++++++------ sys/netinet/tcp_stacks/rack.c | 15 ++++++++++++--- 3 files changed, 48 insertions(+), 12 deletions(-) diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 44008740d103..3b5002a997ef 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1674,10 +1674,19 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so, (to.to_flags & TOF_SACKPERM) == 0) tp->t_flags &= ~TF_SACK_PERMIT; if (IS_FASTOPEN(tp->t_flags)) { - if (to.to_flags & TOF_FASTOPEN) - tcp_fastopen_update_cache(tp, to.to_mss, + if (to.to_flags & TOF_FASTOPEN) { + uint16_t mss; + + if (to.to_flags & TOF_MSS) + mss = to.to_mss; + else + if ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0) + mss = TCP6_MSS; + else + mss = TCP_MSS; + tcp_fastopen_update_cache(tp, mss, to.to_tfo_len, to.to_tfo_cookie); - else + } else tcp_fastopen_disable_path(tp); } } diff --git a/sys/netinet/tcp_stacks/fastpath.c b/sys/netinet/tcp_stacks/fastpath.c index 4d9ec59c2e8a..973f253bef7e 100644 --- a/sys/netinet/tcp_stacks/fastpath.c +++ b/sys/netinet/tcp_stacks/fastpath.c @@ -1763,10 +1763,19 @@ tcp_do_segment_fastslow(struct mbuf *m, struct tcphdr *th, struct socket *so, (to.to_flags & TOF_SACKPERM) == 0) tp->t_flags &= ~TF_SACK_PERMIT; if (IS_FASTOPEN(tp->t_flags)) { - if (to.to_flags & TOF_FASTOPEN) - tcp_fastopen_update_cache(tp, to.to_mss, + if (to.to_flags & TOF_FASTOPEN) { + uint16_t mss; + + if (to.to_flags & TOF_MSS) + mss = to.to_mss; + else + if ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0) + mss = TCP6_MSS; + else + mss = TCP_MSS; + tcp_fastopen_update_cache(tp, mss, to.to_tfo_len, to.to_tfo_cookie); - else + } else tcp_fastopen_disable_path(tp); } } @@ -2220,10 +2229,19 @@ tcp_do_segment_fastack(struct mbuf *m, struct tcphdr *th, struct socket *so, (to.to_flags & TOF_SACKPERM) == 0) tp->t_flags &= ~TF_SACK_PERMIT; if (IS_FASTOPEN(tp->t_flags)) { - if (to.to_flags & TOF_FASTOPEN) - tcp_fastopen_update_cache(tp, to.to_mss, + if (to.to_flags & TOF_FASTOPEN) { + uint16_t mss; + + if (to.to_flags & TOF_MSS) + mss = to.to_mss; + else + if ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0) + mss = TCP6_MSS; + else + mss = TCP_MSS; + tcp_fastopen_update_cache(tp, mss, to.to_tfo_len, to.to_tfo_cookie); - else + } else tcp_fastopen_disable_path(tp); } } diff --git a/sys/netinet/tcp_stacks/rack.c b/sys/netinet/tcp_stacks/rack.c index 38f1f44402f7..c614b5b379cb 100644 --- a/sys/netinet/tcp_stacks/rack.c +++ b/sys/netinet/tcp_stacks/rack.c @@ -6657,10 +6657,19 @@ rack_hpts_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so, (to.to_flags & TOF_SACKPERM) == 0) tp->t_flags &= ~TF_SACK_PERMIT; if (IS_FASTOPEN(tp->t_flags)) { - if (to.to_flags & TOF_FASTOPEN) - tcp_fastopen_update_cache(tp, to.to_mss, + if (to.to_flags & TOF_FASTOPEN) { + uint16_t mss; + + if (to.to_flags & TOF_MSS) + mss = to.to_mss; + else + if ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0) + mss = TCP6_MSS; + else + mss = TCP_MSS; + tcp_fastopen_update_cache(tp, mss, to.to_tfo_len, to.to_tfo_cookie); - else + } else tcp_fastopen_disable_path(tp); } }