For the INP_TIMEWAIT case, there is no valid tcpcb object tied to the

inpcb object.
Skip the TCP_SIGNATURE check in that case as it is consistent with the
output path (no TCP_SIGNATURE for outcoming packets in TIMEWAIT state)
and also because for TIMEWAIT state the verify may be less effective.

Sponsored by:		Sandvine Incorporated
Reported by:		rwatson
No objections by:	rwatson
MFC after:		3 days
This commit is contained in:
attilio 2011-10-06 14:29:38 +00:00
parent 09d49031a0
commit c4edda3ba9

View File

@ -948,24 +948,8 @@ relocked:
}
INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
#ifdef TCP_SIGNATURE
tcp_dooptions(&to, optp, optlen,
(thflags & TH_SYN) ? TO_SYN : 0);
if (sig_checked == 0) {
tp = intotcpcb(inp);
if (tp == NULL || tp->t_state == TCPS_CLOSED) {
rstreason = BANDLIM_RST_CLOSEDPORT;
goto dropwithreset;
}
if (!tcp_signature_verify_input(m, off0, tlen, optlen,
&to, th, tp->t_flags))
goto dropunlock;
sig_checked = 1;
}
#else
if (thflags & TH_SYN)
tcp_dooptions(&to, optp, optlen, TO_SYN);
#endif
/*
* NB: tcp_twcheck unlocks the INP and frees the mbuf.
*/