Sat Jun 20 17:29:31 2009 UTC ()

Follow exactly the recommendation of draft-ietf-tcpm-tcpsecure-11.txt:
Don't check gainst the last ack received, but the expected sequence number.
This makes RST handling independent of delayed ACK. From Joanne M Mikkelson.


(christos)

diff -r1.295 -r1.296 src/sys/netinet/tcp_input.c

--- src/sys/netinet/tcp_input.c 2009/03/18 16:00:22	1.295
+++ src/sys/netinet/tcp_input.c 2009/06/20 17:29:31	1.296

 @@ -1,14 +1,14 @@
-/*	$NetBSD: tcp_input.c,v 1.295 2009/03/18 16:00:22 cegger Exp $	*/
+/*	$NetBSD: tcp_input.c,v 1.296 2009/06/20 17:29:31 christos Exp $	*/
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -135,27 +135,27 @@
  */
 /*
  *	TODO list for SYN cache stuff:
+ *
  *	Find room for a "state" field, which is needed to keep a
  *	compressed state for TIME_WAIT TCBs.  It's been noted already
  *	that this is fairly important for very high-volume web and
  *	mail servers, which use a large number of short-lived
  *	connections.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.295 2009/03/18 16:00:22 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.296 2009/06/20 17:29:31 christos Exp $");
 #include "opt_inet.h"
 #include "opt_ipsec.h"
 #include "opt_inet_csum.h"
 #include "opt_tcp_debug.h"
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/protosw.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 @@ -2094,27 +2094,27 @@ after_listen:
 			tiflags &= ~(TH_FIN|TH_RST);
 			/*
 			 * Send an ACK to resynchronize and drop any data.
 			 * But keep on processing for RST or ACK.
 			 */
 			tp->t_flags |= TF_ACKNOW;
 			todrop = tlen;
 			dupseg = true;
 			tcps = TCP_STAT_GETREF();
 			tcps[TCP_STAT_RCVDUPPACK]++;
 			tcps[TCP_STAT_RCVDUPBYTE] += todrop;
 			TCP_STAT_PUTREF();
 		} else if ((tiflags & TH_RST) &&
-			   th->th_seq != tp->last_ack_sent) {
+			   th->th_seq != tp->rcv_nxt) {
 			/*
 			 * Test for reset before adjusting the sequence
 			 * number for overlapping data.
 			 */
 			goto dropafterack_ratelim;
 		} else {
 			tcps = TCP_STAT_GETREF();
 			tcps[TCP_STAT_RCVPARTDUPPACK]++;
 			tcps[TCP_STAT_RCVPARTDUPBYTE] += todrop;
 			TCP_STAT_PUTREF();
+		}
 		tcp_new_dsack(tp, th->th_seq, todrop);
 		hdroptlen += todrop;	/*drop from head afterwards*/
 @@ -2220,27 +2220,27 @@ after_listen:
+	}
 	/*
 	 * If the RST bit is set examine the state:
 	 *    SYN_RECEIVED STATE:
 	 *	If passive open, return to LISTEN state.
 	 *	If active open, inform user that connection was refused.
 	 *    ESTABLISHED, FIN_WAIT_1, FIN_WAIT2, CLOSE_WAIT STATES:
 	 *	Inform user that connection was reset, and close tcb.
 	 *    CLOSING, LAST_ACK, TIME_WAIT STATES
 	 *	Close the tcb.
 	 */
 	if (tiflags & TH_RST) {
-		if (th->th_seq != tp->last_ack_sent)
+		if (th->th_seq != tp->rcv_nxt)
 			goto dropafterack_ratelim;
 		switch (tp->t_state) {
 		case TCPS_SYN_RECEIVED:
 			so->so_error = ECONNREFUSED;
 			goto close;
 		case TCPS_ESTABLISHED:
 		case TCPS_FIN_WAIT_1:
 		case TCPS_FIN_WAIT_2:
 		case TCPS_CLOSE_WAIT:
 			so->so_error = ECONNRESET;
 		close: