A small window-related bug in tcp_input.c?
Yar Tikhiy
yar at comp.chem.msu.su
Fri Jun 8 15:03:24 UTC 2007
There is the following code in tcp_input.c (I "underlined" two
questionable lines):
/*
* Process options only when we get SYN/ACK back. The SYN case
* for incoming connections is handled in tcp_syncache.
* XXX this is traditional behavior, may need to be cleaned up.
*/
if (tp->t_state == TCPS_SYN_SENT && (thflags & TH_SYN)) {
if ((to.to_flags & TOF_SCALE) &&
(tp->t_flags & TF_REQ_SCALE)) {
tp->t_flags |= TF_RCVD_SCALE;
tp->snd_scale = to.to_wscale;
tp->snd_wnd = th->th_win << tp->snd_scale;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
tiwin = tp->snd_wnd;
}
if (to.to_flags & TOF_TS) {
tp->t_flags |= TF_RCVD_TSTMP;
tp->ts_recent = to.to_tsval;
tp->ts_recent_age = ticks;
}
/* Initial send window, already scaled. */
tp->snd_wnd = th->th_win;
^^^^^^^^^^^^^^^^^^^^^^^^^
if (to.to_flags & TOF_MSS)
tcp_mss(tp, to.to_mss);
if ((tp->t_flags & TF_SACK_PERMIT) &&
(to.to_flags & TOF_SACKPERM) == 0)
tp->t_flags &= ~TF_SACK_PERMIT;
}
Is it correct that the scaled value in tp->snd_wnd is later overwritten
with the unscaled value from th->th_win?
--
Yar
More information about the freebsd-net
mailing list