| Index: sys/netinet/tcp_reass.c |
| =================================================================== |
| --- sys/netinet/tcp_reass.c (revision 264836) |
| +++ sys/netinet/tcp_reass.c (working copy) |
| @@ -211,7 +211,7 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int |
| * Investigate why and re-evaluate the below limit after the behaviour |
| * is understood. |
| */ |
| - if (th->th_seq != tp->rcv_nxt && |
| + if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) && |
| tp->t_segqlen >= (so->so_rcv.sb_hiwat / tp->t_maxseg) + 1) { |
| V_tcp_reass_overflows++; |
| TCPSTAT_INC(tcps_rcvmemdrop); |
| @@ -234,7 +234,7 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int |
| */ |
| te = uma_zalloc(V_tcp_reass_zone, M_NOWAIT); |
| if (te == NULL) { |
| - if (th->th_seq != tp->rcv_nxt) { |
| + if (th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) { |
| TCPSTAT_INC(tcps_rcvmemdrop); |
| m_freem(m); |
| *tlenp = 0; |
| @@ -282,7 +282,8 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int |
| TCPSTAT_INC(tcps_rcvduppack); |
| TCPSTAT_ADD(tcps_rcvdupbyte, *tlenp); |
| m_freem(m); |
| - uma_zfree(V_tcp_reass_zone, te); |
| + if (te != &tqs) |
| + uma_zfree(V_tcp_reass_zone, te); |
| tp->t_segqlen--; |
| /* |
| * Try to present any queued data |
