Remove bogus check for accept queue length and associated failure handling

from the incoming SYN handling section of tcp_input().

Enforcement of the accept queue limits is done by sonewconn() after the
3WHS is completed.  It is not necessary to have an earlier check before a
connection request enters the SYN cache awaiting the full handshake.  It
rather limits the effectiveness of the syncache by preventing legit and
illegit connections from entering it and having them shaken out before we
hit the real limit which may have vanished by then.

Change return value of syncache_add() to void.  No status communication
is required.

4 files changed, 23 insertions, 35 deletions

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index bf8df6a..62ccb3b 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -966,24 +966,18 @@ findpcb:
 		 * SYN appears to be valid.  Create compressed TCP state
 		 * for syncache.
 		 */
-		if (so->so_qlen <= so->so_qlimit) {
 #ifdef TCPDEBUG
-			if (so->so_options & SO_DEBUG)
-				tcp_trace(TA_INPUT, ostate, tp,
-				    (void *)tcp_saveipgen, &tcp_savetcp, 0);
+		if (so->so_options & SO_DEBUG)
+			tcp_trace(TA_INPUT, ostate, tp,
+			    (void *)tcp_saveipgen, &tcp_savetcp, 0);
 #endif
-			tcp_dooptions(&to, optp, optlen, TO_SYN);
-			if (!syncache_add(&inc, &to, th, inp, &so, m))
-				goto dropunlock;
-			/*
-			 * Entry added to syncache, mbuf used to
-			 * send SYN-ACK packet.  Everything unlocked
-			 * already.
-			 */
-			return;
-		}
-		/* Catch all.  Everthing that makes it down here is junk. */
-		goto dropunlock;
+		tcp_dooptions(&to, optp, optlen, TO_SYN);
+		syncache_add(&inc, &to, th, inp, &so, m);
+		/*
+		 * Entry added to syncache and mbuf consumed.
+		 * Everything unlocked already by syncache_add().
+		 */
+		return;
 	}
 
 	/*
diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c
index bf8df6a..62ccb3b 100644
--- a/sys/netinet/tcp_reass.c
+++ b/sys/netinet/tcp_reass.c
@@ -966,24 +966,18 @@ findpcb:
 		 * SYN appears to be valid.  Create compressed TCP state
 		 * for syncache.
 		 */
-		if (so->so_qlen <= so->so_qlimit) {
 #ifdef TCPDEBUG
-			if (so->so_options & SO_DEBUG)
-				tcp_trace(TA_INPUT, ostate, tp,
-				    (void *)tcp_saveipgen, &tcp_savetcp, 0);
+		if (so->so_options & SO_DEBUG)
+			tcp_trace(TA_INPUT, ostate, tp,
+			    (void *)tcp_saveipgen, &tcp_savetcp, 0);
 #endif
-			tcp_dooptions(&to, optp, optlen, TO_SYN);
-			if (!syncache_add(&inc, &to, th, inp, &so, m))
-				goto dropunlock;
-			/*
-			 * Entry added to syncache, mbuf used to
-			 * send SYN-ACK packet.  Everything unlocked
-			 * already.
-			 */
-			return;
-		}
-		/* Catch all.  Everthing that makes it down here is junk. */
-		goto dropunlock;
+		tcp_dooptions(&to, optp, optlen, TO_SYN);
+		syncache_add(&inc, &to, th, inp, &so, m);
+		/*
+		 * Entry added to syncache and mbuf consumed.
+		 * Everything unlocked already by syncache_add().
+		 */
+		return;
 	}
 
 	/*
diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index 6d1d1a2..881495a 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -832,7 +832,7 @@ failed:
  * consume all available buffer space if it were ACKed.  By not ACKing
  * the data, we avoid this DoS scenario.
  */
-int
+void
 syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
     struct inpcb *inp, struct socket **lsop, struct mbuf *m)
 {
@@ -1079,7 +1079,7 @@ done:
 #endif
 	*lsop = NULL;
 	m_freem(m);
-	return (1);
+	return;
 }
 
 static int
diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h
index 5752da9..fad4cf4 100644
--- a/sys/netinet/tcp_var.h
+++ b/sys/netinet/tcp_var.h
@@ -542,7 +542,7 @@ void	 syncache_init(void);
 void	 syncache_unreach(struct in_conninfo *, struct tcphdr *);
 int	 syncache_expand(struct in_conninfo *, struct tcpopt *,
 	     struct tcphdr *, struct socket **, struct mbuf *);
-int	 syncache_add(struct in_conninfo *, struct tcpopt *,
+void	 syncache_add(struct in_conninfo *, struct tcpopt *,
 	     struct tcphdr *, struct inpcb *, struct socket **, struct mbuf *);
 void	 syncache_chkrst(struct in_conninfo *, struct tcphdr *);
 void	 syncache_badack(struct in_conninfo *);