The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=af700f430fd86ba3eae63e587985a12436db8f69
commit af700f430fd86ba3eae63e587985a12436db8f69 Author: Michael Tuexen <[email protected]> AuthorDate: 2024-03-22 10:12:56 +0000 Commit: Michael Tuexen <[email protected]> CommitDate: 2024-03-22 10:12:56 +0000 tcp: no data on SYN segments unless doing TFO Ensure that there is no data on SYN segments unless doing TFO. This check is already in RACK and BBR. Reported by: glebius Reviewed by: rscheff MFC after: 1 week Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D44384 --- sys/netinet/tcp_output.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index 6f7bf6f8b029..2bbc9414197c 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -470,6 +470,12 @@ after_sack_rexmit: (tp->t_tfo_client_cookie_len == 0)) || (flags & TH_RST))) len = 0; + + /* Without fast-open there should never be data sent on a SYN. */ + if ((flags & TH_SYN) && !(tp->t_flags & TF_FASTOPEN)) { + len = 0; + } + if (len <= 0) { /* * If FIN has been sent but not acked,
