From 66605ff791b12a2c3bb4570379db0e14d29fca4c Mon Sep 17 00:00:00 2001
From: Richard Scheffenegger <rscheff@FreeBSD.org>
Date: Thu, 14 Jul 2022 02:49:10 +0200
Subject: [PATCH] tcp: Undo the increase in sequence number by 1 due to the FIN
 flag in case of a transient error.

If an error occurs while processing a TCP segment with some data and the FIN
flag, the back out of the sequence number advance does not take into account the
increase by 1 due to the FIN flag.

Reviewed By: jch, gnn, #transport, tuexen
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D2970
---
 sys/netinet/tcp_output.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c
index cd6238f10401..d2f946034c60 100644
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@@ -1681,8 +1681,13 @@ timer:
 				tp->sackhint.sack_bytes_rexmit -= len;
 				KASSERT(tp->sackhint.sack_bytes_rexmit >= 0,
 				    ("sackhint bytes rtx >= 0"));
-			} else
+				KASSERT((flags & TH_FIN) == 0,
+				    ("error while FIN with SACK rxmit"));
+			} else {
 				tp->snd_nxt -= len;
+				if (flags & TH_FIN)
+					tp->snd_nxt--;
+			}
 		}
 		SOCKBUF_UNLOCK_ASSERT(&so->so_snd);	/* Check gotos. */
 		switch (error) {