Date: Sat, 15 Jan 2011 02:45:52 +0100 From: Stefan `Sec` Zehl <sec@42.org> To: freebsd-hackers@freebsd.org Subject: tcp_output.c:560 - is this code correct? Message-ID: <20110115014551.GA24844@ice.42.org>
next in thread | raw e-mail | index | archive | help
Hi,
I just found a bug in FreeBSD amd64 -- (see the PR#kern/154006)
a missing "(long)" cast in tcp_output.c.
I have a question about this code (around line 560) where adv is
calculated:
| if (recwin > 0 && !(tp->t_flags & TF_NEEDSYN) &&
| !TCPS_HAVERCVDFIN(tp->t_state)) {
| /*
| * "adv" is the amount we can increase the window,
| * taking into account that we are limited by
| * TCP_MAXWIN << tp->rcv_scale.
| */
| long adv = min(recwin, (long)TCP_MAXWIN << tp->rcv_scale) -
| (tp->rcv_adv - tp->rcv_nxt);
| [...]
adv is getting negative in my case (receiver window size == 0) because
recwin == (tp->rcv_adv - tp->rcv_nxt), but
recwin is bigger than (TCP_MAXWIN << tp->rcv_scale)
>From the comment above it seems that adv shouldn't be negative ever. So
I wonder if that code was meant to be:
long adv = min(recwin - (tp->rcv_adv - tp->rcv_nxt) ,
(long)TCP_MAXWIN << tp->rcv_scale);
instead?
At least as far as I understand the code, that would make more sense.
Thanks,
Sec
--
The problem with troubleshooting is that trouble shoots back.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110115014551.GA24844>