The tale of a TCP bug
John Baldwin
jhb at freebsd.org
Thu Mar 24 20:15:59 UTC 2011
On Thursday, March 24, 2011 3:51:14 pm John Baldwin wrote:
> On Thursday, March 24, 2011 3:21:24 pm Doug Barton wrote:
> > http://blogmal.42.org/tidbits/tcp-bug.story
> >
> > $someone really needs to take a look at this. :)
>
> This is the same bug I reported back in February in this e-mail:
>
> http://lists.freebsd.org/pipermail/freebsd-net/2011-February/027892.html
>
> His patch may be the more correct fix though. I have two other TCP bugs also
> awaiting review that I posted on the same day.
Actually, I retract that a bit. I saw the problem with window updates for an
established connection and his proposed change doesn't cover that. Also, I
think the root problem is that tp->rcv_wnd is calculated incorrectly in this
case. However, I'd be curious to see if the patch from my original e-mail
fixes the issue first. Otherwise, something like this may apply instead:
Index: tcp_input.c
===================================================================
--- tcp_input.c (revision 219911)
+++ tcp_input.c (working copy)
@@ -1694,7 +1694,10 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th,
win = sbspace(&so->so_rcv);
if (win < 0)
win = 0;
- tp->rcv_wnd = imax(win, (int)(tp->rcv_adv - tp->rcv_nxt));
+ if (SEQ_GEQ(tp->rcv_adv, tp->rcv_nxt))
+ tp->rcv_wnd = imax(win, (int)(tp->rcv_adv - tp->rcv_nxt));
+ else
+ tp->rcv_wnd = win;
/* Reset receive buffer auto scaling when not in bulk receive mode. */
tp->rfbuf_ts = 0;
I think that will fix tp->rcv_wnd to be correct in this case thus fixing
further uses of it.
--
John Baldwin
More information about the freebsd-net
mailing list