A small window-related bug in tcp_input.c?
Yar Tikhiy
yar at comp.chem.msu.su
Fri Jun 8 15:05:16 UTC 2007
On Fri, Jun 08, 2007 at 06:26:41PM +0400, Yar Tikhiy wrote:
> There is the following code in tcp_input.c (I "underlined" two
> questionable lines):
>
> /*
> * Process options only when we get SYN/ACK back. The SYN case
> * for incoming connections is handled in tcp_syncache.
> * XXX this is traditional behavior, may need to be cleaned up.
> */
> if (tp->t_state == TCPS_SYN_SENT && (thflags & TH_SYN)) {
> if ((to.to_flags & TOF_SCALE) &&
> (tp->t_flags & TF_REQ_SCALE)) {
> tp->t_flags |= TF_RCVD_SCALE;
> tp->snd_scale = to.to_wscale;
> tp->snd_wnd = th->th_win << tp->snd_scale;
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> tiwin = tp->snd_wnd;
> }
> if (to.to_flags & TOF_TS) {
> tp->t_flags |= TF_RCVD_TSTMP;
> tp->ts_recent = to.to_tsval;
> tp->ts_recent_age = ticks;
> }
> /* Initial send window, already scaled. */
> tp->snd_wnd = th->th_win;
> ^^^^^^^^^^^^^^^^^^^^^^^^^
> if (to.to_flags & TOF_MSS)
> tcp_mss(tp, to.to_mss);
> if ((tp->t_flags & TF_SACK_PERMIT) &&
> (to.to_flags & TOF_SACKPERM) == 0)
> tp->t_flags &= ~TF_SACK_PERMIT;
> }
>
> Is it correct that the scaled value in tp->snd_wnd is later overwritten
> with the unscaled value from th->th_win?
In addition, the first underlined line and the comment above the
second underlined line seem to contradict RFC 1323:
The Window field in a SYN (i.e., a <SYN> or <SYN,ACK>)
segment itself is never scaled.
Perhaps tp->snd_scale should be set but no scaling done for a <SYN,ACK>?
--
Yar
More information about the freebsd-net
mailing list