From owner-freebsd-net@FreeBSD.ORG Fri Mar 25 12:25:14 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3EA9C1065675; Fri, 25 Mar 2011 12:25:14 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id CCC208FC2D; Fri, 25 Mar 2011 12:25:13 +0000 (UTC) Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net [66.111.2.69]) by cyrus.watson.org (Postfix) with ESMTPSA id 8205846B59; Fri, 25 Mar 2011 08:25:13 -0400 (EDT) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id BD9BB8A02A; Fri, 25 Mar 2011 08:25:12 -0400 (EDT) From: John Baldwin To: "Stefan `Sec` Zehl" Date: Fri, 25 Mar 2011 08:25:10 -0400 User-Agent: KMail/1.13.5 (FreeBSD/8.2-CBSD-20110311; KDE/4.5.5; amd64; ; ) References: <4D8B99B4.4070404@FreeBSD.org> <201103241615.57852.jhb@freebsd.org> <20110324230235.GB90901@ice.42.org> In-Reply-To: <20110324230235.GB90901@ice.42.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201103250825.10674.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (bigwig.baldwin.cx); Fri, 25 Mar 2011 08:25:12 -0400 (EDT) Cc: freebsd-net@freebsd.org, Doug Barton Subject: Re: The tale of a TCP bug X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Mar 2011 12:25:14 -0000 On Thursday, March 24, 2011 7:02:35 pm Stefan `Sec` Zehl wrote: > Hi, > > I just subscribed to this list, so sorry if I missed some previous > discussion on this. > > On Thu, Mar 24, 2011 at 16:15 -0400, John Baldwin wrote: > [...] > > Otherwise, something like this may apply instead: > > > > Index: tcp_input.c > > =================================================================== > > --- tcp_input.c (revision 219911) > > +++ tcp_input.c (working copy) > > @@ -1694,7 +1694,10 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, > > win = sbspace(&so->so_rcv); > > if (win < 0) > > win = 0; > > - tp->rcv_wnd = imax(win, (int)(tp->rcv_adv - tp->rcv_nxt)); > > + if (SEQ_GEQ(tp->rcv_adv, tp->rcv_nxt)) > > + tp->rcv_wnd = imax(win, (int)(tp->rcv_adv - tp->rcv_nxt)); > > + else > > + tp->rcv_wnd = win; > > > > /* Reset receive buffer auto scaling when not in bulk receive mode. */ > > tp->rfbuf_ts = 0; > > > > I think that will fix tp->rcv_wnd to be correct in this case thus fixing > > further uses of it. > > I just quickly tested it on my bug scenario, and it still generates > adv=-1 in tcp_output > > That is because win=65536, which is bigger than the actually advertised > window (65535, the max that can be advertised without window scaling). Ah, ok. Can you try this patch first (without the other)? If it doesn't work then we can refine the patch above further. Index: tcp_output.c =================================================================== --- tcp_output.c (revision 215582) +++ tcp_output.c (working copy) @@ -928,7 +928,8 @@ if (recwin < (long)(so->so_rcv.sb_hiwat / 4) && recwin < (long)tp->t_maxseg) recwin = 0; - if (recwin < (long)(tp->rcv_adv - tp->rcv_nxt)) + if (SEQ_GT(tp->rcv_adv, tp->rcv_nxt) && + recwin < (long)(tp->rcv_adv - tp->rcv_nxt)) recwin = (long)(tp->rcv_adv - tp->rcv_nxt); if (recwin > (long)TCP_MAXWIN << tp->rcv_scale) recwin = (long)TCP_MAXWIN << tp->rcv_scale; -- John Baldwin