diff options
| author | Fu Siyuan <siyuan.fu@intel.com> | 2017-05-03 14:20:56 +0800 |
|---|---|---|
| committer | Fu Siyuan <siyuan.fu@intel.com> | 2017-05-09 08:45:21 +0800 |
| commit | 2d5afbdad1bbe2663917c0b3ad06753bbf128c6c (patch) | |
| tree | 0272ca0fe6e06fc3393b3190a81a17a247b0b0e1 /NetworkPkg/TcpDxe | |
| parent | 3654c4623c9b37ddc64426995fa399d8626b7ced (diff) | |
| download | edk2-2d5afbdad1bbe2663917c0b3ad06753bbf128c6c.tar.gz edk2-2d5afbdad1bbe2663917c0b3ad06753bbf128c6c.tar.bz2 edk2-2d5afbdad1bbe2663917c0b3ad06753bbf128c6c.zip | |
NetworkPkg: Add wnd scale check before shrinking window.
Moving Right window edge to the left on sender side without additional check
can lead to the TCP deadlock, when receiver ACKs proper segment, while sender
discards it for future ACK. To prevent this add check if usable window (or
shrink amount in this case) is bigger then receiver's window scale factor.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Andrey Tepin <atepin@kraftway.ru>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Diffstat (limited to 'NetworkPkg/TcpDxe')
| -rw-r--r-- | NetworkPkg/TcpDxe/TcpInput.c | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c index 04c8a8269e..f8845dca47 100644 --- a/NetworkPkg/TcpDxe/TcpInput.c +++ b/NetworkPkg/TcpDxe/TcpInput.c @@ -1,7 +1,7 @@ /** @file
TCP input process routines.
- Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -738,6 +738,7 @@ TcpInput ( TCP_SEQNO Right;
TCP_SEQNO Urg;
UINT16 Checksum;
+ INT32 Usable;
ASSERT ((Version == IP_VERSION_4) || (Version == IP_VERSION_6));
@@ -1306,9 +1307,27 @@ TcpInput ( }
if (TCP_SEQ_LT (Right, Tcb->SndNxt)) {
-
- Tcb->SndNxt = Right;
-
+ //
+ // Check for Window Retraction in RFC7923 section 2.4.
+ // The lower n bits of the peer's actual receive window is wiped out if TCP
+ // window scale is enabled, it will look like the peer is shrinking the window.
+ // Check whether the SndNxt is out of the advertised receive window by more than
+ // 2^Rcv.Wind.Shift before moving the SndNxt to the left.
+ //
+ DEBUG (
+ (EFI_D_WARN,
+ "TcpInput: peer advise negative useable window for connected TCB %p\n",
+ Tcb)
+ );
+ Usable = TCP_SUB_SEQ (Tcb->SndNxt, Right);
+ if ((Usable >> Tcb->SndWndScale) > 0) {
+ DEBUG (
+ (EFI_D_WARN,
+ "TcpInput: SndNxt is out of window by more than window scale for TCB %p\n",
+ Tcb)
+ );
+ Tcb->SndNxt = Right;
+ }
if (Right == Tcb->SndUna) {
TcpClearTimer (Tcb, TCP_TIMER_REXMIT);
|