From: Vitaliy Makkoveev <otto@bsdbox.dev>
Subject: Re: call tcp_drop() from syn_cache_get()
To: Alexander Bluhm <bluhm@openbsd.org>
Cc: tech@openbsd.org
Date: Sun, 26 Jan 2025 03:10:49 +0300

> On 26 Jan 2025, at 02:26, Alexander Bluhm <bluhm@openbsd.org> wrote:
> 
> Hi,
> 
> Instead of calling socket layer soabort() and then down to tcp_abort()
> which ends in tcp_drop(), we can call tcp_drop() directly from the
> TCP syn cache.  The errno is not relevant as the new socket is
> dropped before it can be reached from userland.
> 
> ok?
> 

ok mvs

> bluhm
> 
> Index: netinet/tcp_input.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_input.c,v
> diff -u -p -r1.424 tcp_input.c
> --- netinet/tcp_input.c	25 Jan 2025 22:06:41 -0000	1.424
> +++ netinet/tcp_input.c	25 Jan 2025 23:18:33 -0000
> @@ -3581,6 +3581,7 @@ syn_cache_get(struct sockaddr *src, stru
> 	soassertlocked(so);
> 	soref(so);
> 	inp = sotoinpcb(so);
> +	tp = intotcpcb(inp);
> 
> #ifdef IPSEC
> 	/*
> @@ -3639,7 +3640,6 @@ syn_cache_get(struct sockaddr *src, stru
> 	}
> 	(void) m_free(am);
> 
> -	tp = intotcpcb(inp);
> 	tp->t_flags = sototcpcb(oldso)->t_flags & (TF_NOPUSH|TF_NODELAY);
> 	if (sc->sc_request_r_scale != 15) {
> 		tp->requested_s_scale = sc->sc_requested_s_scale;
> @@ -3650,10 +3650,8 @@ syn_cache_get(struct sockaddr *src, stru
> 		tp->t_flags |= TF_REQ_TSTMP|TF_RCVD_TSTMP;
> 
> 	tp->t_template = tcp_template(tp);
> -	if (tp->t_template == 0) {
> -		tp = tcp_drop(tp, ENOBUFS);	/* destroys socket */
> +	if (tp->t_template == NULL)
> 		goto abort;
> -	}
> 	tp->sack_enable = ISSET(sc->sc_fixflags, SCF_SACK_PERMIT);
> 	tp->ts_modulate = sc->sc_modulate;
> 	tp->ts_recent = sc->sc_timestamp;
> @@ -3710,9 +3708,9 @@ syn_cache_get(struct sockaddr *src, stru
> resetandabort:
> 	tcp_respond(NULL, mtod(m, caddr_t), th, (tcp_seq)0, th->th_ack, TH_RST,
> 	    m->m_pkthdr.ph_rtableid, now);
> -	if (so != NULL)
> -		soabort(so);
> abort:
> +	if (tp != NULL)
> +		tp = tcp_drop(tp, ECONNABORTED);	/* destroys socket */
> 	m_freem(m);
> 	in_pcbsounlock_rele(inp, so);
> 	syn_cache_put(sc);
>