git: tcp/sack: Cleanup the SACK related bits when return from tcp_input slow path
sephe at crater.dragonflybsd.org
Tue Apr 10 18:44:36 PDT 2012
Author: Sepherosa Ziehau <sephe at dragonflybsd.org>
Date: Fri Apr 6 09:47:36 2012 +0800
tcp/sack: Cleanup the SACK related bits when return from tcp_input slow path
When the code path that could generate the invalid SACK block on out-of-order
FIN segment was walked through, it turned out that some SACK related bits
could be leftover from the previous input segment, e.g. SACKLEFT.
Since the observed invalid SACK option contains only one SACK block and the
block's right edge is same as its left edge, the code which can generate that
SACK block could be run only if SACKLEFT is turned on and reportblk's start
and end are same.
- If SACKLEFT is on then reportblk's start and end must not be same, so the
SACKLEFT is leftover from the previous input segment.
- If KASSERTs about the clearance of the SACK bits are added immediately
before returning from the tcp_input slow path, the KASSERTs could fail due
to SACKLEFT are still on.
Obviously the SACK related bits are never intended to be inheritted from one
input segment to another input segment, so we just clear them before returning
from the tcp_input slow path.
Summary of changes:
sys/netinet/tcp_input.c | 6 ++++++
sys/netinet/tcp_sack.c | 10 ++++++++++
sys/netinet/tcp_var.h | 1 +
3 files changed, 17 insertions(+), 0 deletions(-)
DragonFly BSD source repository
More information about the Commits