git: cbf3575aa3c2 - main - tcp: filter small SACK blocks
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 08 May 2024 12:31:22 UTC
The branch main has been updated by rscheff: URL: https://cgit.FreeBSD.org/src/commit/?id=cbf3575aa3c2e3d0d9eb7fafb445c783489ab9d9 commit cbf3575aa3c2e3d0d9eb7fafb445c783489ab9d9 Author: Richard Scheffenegger <rscheff@FreeBSD.org> AuthorDate: 2024-05-04 19:47:29 +0000 Commit: Richard Scheffenegger <rscheff@FreeBSD.org> CommitDate: 2024-05-08 12:00:10 +0000 tcp: filter small SACK blocks While the SACK Scoreboard in the base stack limits the number of holes by default to only 128 per connection in order to prevent CPU load attacks by splitting SACKs, filtering out SACK blocks of unusually small size can further improve the actual processing of SACK loss recovery. Reviewed By: tuexen, #transport Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D45075 --- sys/netinet/tcp_sack.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sys/netinet/tcp_sack.c b/sys/netinet/tcp_sack.c index f59cc5fe0d0b..a8cc84397d34 100644 --- a/sys/netinet/tcp_sack.c +++ b/sys/netinet/tcp_sack.c @@ -558,6 +558,7 @@ tcp_sack_doack(struct tcpcb *tp, struct tcpopt *to, tcp_seq th_ack) int i, j, num_sack_blks; sackstatus_t sack_changed; int delivered_data, left_edge_delta; + int maxseg = tp->t_maxseg - MAX_TCPOPTLEN; tcp_seq loss_hiack = 0; int loss_thresh = 0; @@ -604,7 +605,9 @@ tcp_sack_doack(struct tcpcb *tp, struct tcpopt *to, tcp_seq th_ack) SEQ_GT(sack.start, th_ack) && SEQ_LT(sack.start, tp->snd_max) && SEQ_GT(sack.end, tp->snd_una) && - SEQ_LEQ(sack.end, tp->snd_max)) { + SEQ_LEQ(sack.end, tp->snd_max) && + ((sack.end - sack.start) >= maxseg || + SEQ_GEQ(sack.end, tp->snd_max))) { sack_blocks[num_sack_blks++] = sack; } else if (SEQ_LEQ(sack.start, th_ack) && SEQ_LEQ(sack.end, th_ack)) {