1// SPDX-License-Identifier: GPL-2.0 2// 3// Send an ICMP host_unreachable pkt to a pending SYN_RECV req. 4// 5// If it's a TFO req, the ICMP error will cause it to switch 6// to TCP_CLOSE state but remains in the acceptor queue. 7 8--ip_version=ipv4 9 10`./defaults.sh` 11 12 0 socket(..., SOCK_STREAM|SOCK_NONBLOCK, IPPROTO_TCP) = 3 13 +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 14 +0 bind(3, ..., ...) = 0 15 +0 listen(3, 1) = 0 16 +0 setsockopt(3, SOL_TCP, TCP_FASTOPEN, [1], 4) = 0 17 18 +0 < S 0:10(10) win 32792 <mss 1460,sackOK,nop,nop,FO TFO_COOKIE,nop,nop> 19 +0 > S. 0:0(0) ack 11 <mss 1460,nop,nop,sackOK> 20 21// Out-of-window icmp is ignored but accounted. 22 +0 `nstat > /dev/null` 23 +0 < icmp unreachable [5000:6000(1000)] 24 +0 `nstat | grep TcpExtOutOfWindowIcmps > /dev/null` 25 26// Valid ICMP unreach. 27 +0 < icmp unreachable host_unreachable [0:10(10)] 28 29// Unlike the non-TFO case, the req is still there to be accepted. 30 +0 accept(3, ..., ...) = 4 31 +0 %{ assert (tcpi_options & TCPI_OPT_SYN_DATA) != 0, tcpi_options }% 32 33// tcp_done_with_error() in tcp_v4_err() sets sk->sk_state 34// to TCP_CLOSE 35 +0 %{ assert tcpi_state == TCP_CLOSE, tcpi_state }% 36 37// The 1st read will succeed and return the data in SYN 38 +0 read(4, ..., 512) = 10 39 40// The 2nd read will fail. 41 +0 read(4, ..., 512) = -1 EHOSTUNREACH (No route to host) 42 43// But is no longer writable because it's in TCP_CLOSE state. 44 +0 write(4, ..., 100) = -1 EPIPE (Broken Pipe) 45 46// inbound pkt will trigger RST because the socket has been moved 47// off the TCP hash tables. 48 +0 < . 1:1(0) ack 1 win 32792 49 +0 > R 1:1(0) 50