BACKPORT: netfilter: nf_conntrack: fix tcp_in_window for Fast Open
Currently the conntrack checks if the ending sequence of a packet
falls within the observed receive window. However it does so even
if it has not observe any packet from the remote yet and uses an
uninitialized receive window (td_maxwin).
If a connection uses Fast Open to send a SYN-data packet which is
dropped afterward in the network. The subsequent SYNs retransmits
will all fail this check and be discarded, leading to a connection
timeout. This is because the SYN retransmit does not contain data
payload so
end == initial sequence number (isn) + 1
sender->td_end == isn + syn_data_len
receiver->td_maxwin == 0
The fix is to only apply this check after td_maxwin is initialized.
Reported-by: Michael Chan <mcfchan@stanford.edu>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
currently accepted on patchwork:
http://patchwork.ozlabs.org/patch/266243/
BUG=chromium:271766
TEST=enable tcp-fast open in about:flags and verify there aren't hangs
on google.com
Change-Id: Ib6519bc715d7db114d8294c34ee4f94a548aa322
Reviewed-on: https://gerrit.chromium.org/gerrit/65637
Reviewed-by: Yuchung Cheng <ycheng@google.com>
Reviewed-by: Paul Stewart <pstew@chromium.org>
Commit-Queue: Sonny Rao <sonnyrao@chromium.org>
Tested-by: Sonny Rao <sonnyrao@chromium.org>
1 file changed
