OPNSense/src b276e4fsys/netinet tcp_output.c, sys/netinet/tcp_stacks rack.c

MFS r352673:

When the RACK stack computes the space for user data in a TCP segment,
it wasn't taking the IP level options into account. This patch fixes this.
In addition, it also corrects a KASSERT and adds protection code to assure
that the IP header chain and the TCP head fit in the first fragment as
required by RFC 7112.

MFS: r353035:

RFC 7112 requires a host to put the complete IP header chain
including the TCP header in the first IP packet.
Enforce this in tcp_output(). In addition make sure that at least
one byte payload fits in the TCP segement to allow making progress.
Without this check, a kernel with INVARIANTS will panic.
This issue was found by running an instance of syzkaller.

Approved by:            re (kib@)
Reviewed by:            rrs@ (r352673), jtl@ (r353035)
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D21665
Differential Revision:  https://reviews.freebsd.org/D21666
DeltaFile
+27-10sys/netinet/tcp_stacks/rack.c
+14-0sys/netinet/tcp_output.c
+41-102 files

UnifiedSplitRaw