tcp: no data on SYN segments unless doing TFO

Ensure that there is no data on SYN segments unless doing TFO. This check is already in RACK and BBR. Reported by: glebius Reviewed by: rscheff MFC after: 1 week Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D44384
2024-10-15 12:54:27 +00:00 · 2024-03-22 11:12:56 +01:00 · 2024-03-22 11:12:56 +01:00 · af700f430f
parent 88f557a2a9
commit af700f430f
1 changed files with 6 additions and 0 deletions
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@ -470,6 +470,12 @@ tcp_default_output(struct tcpcb *tp)
 	      (tp->t_tfo_client_cookie_len == 0)) ||
 	     (flags & TH_RST)))
 		len = 0;
+
+	/* Without fast-open there should never be data sent on a SYN. */
+	if ((flags & TH_SYN) && !(tp->t_flags & TF_FASTOPEN)) {
+		len = 0;
+	}
+
 	if (len <= 0) {
 		/*
 		 * If FIN has been sent but not acked,