Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
tcp: fix use-after-free
[vpp.git]
/
src
/
vnet
/
tcp
/
tcp_bt.c
diff --git
a/src/vnet/tcp/tcp_bt.c
b/src/vnet/tcp/tcp_bt.c
index
b3f4e6a
..
eaec147
100644
(file)
--- a/
src/vnet/tcp/tcp_bt.c
+++ b/
src/vnet/tcp/tcp_bt.c
@@
-16,7
+16,9
@@
* draft-cheng-iccrg-delivery-rate-estimation-00
*/
* draft-cheng-iccrg-delivery-rate-estimation-00
*/
+#include <vnet/tcp/tcp_bt.h>
#include <vnet/tcp/tcp.h>
#include <vnet/tcp/tcp.h>
+#include <vnet/tcp/tcp_inlines.h>
static tcp_bt_sample_t *
bt_get_sample (tcp_byte_tracker_t * bt, u32 bts_index)
static tcp_bt_sample_t *
bt_get_sample (tcp_byte_tracker_t * bt, u32 bts_index)
@@
-275,6
+277,8
@@
tcp_bt_alloc_tx_sample (tcp_connection_t * tc, u32 min_seq, u32 max_seq)
bts->tx_time = tcp_time_now_us (tc->c_thread_index);
bts->first_tx_time = tc->first_tx_time;
bts->flags |= tc->app_limited ? TCP_BTS_IS_APP_LIMITED : 0;
bts->tx_time = tcp_time_now_us (tc->c_thread_index);
bts->first_tx_time = tc->first_tx_time;
bts->flags |= tc->app_limited ? TCP_BTS_IS_APP_LIMITED : 0;
+ bts->tx_in_flight = tcp_flight_size (tc);
+ bts->tx_lost = tc->lost;
return bts;
}
return bts;
}
@@
-362,12
+366,18
@@
tcp_bt_track_rxt (tcp_connection_t * tc, u32 start, u32 end)
/* Head overlap */
if (bts->min_seq == start)
{
/* Head overlap */
if (bts->min_seq == start)
{
+ /* bts can be freed by bt_fix_overlapped() below */
+ tcp_bts_flags_t bts_flags = bts->flags;
+
prev_index = bts->prev;
next = bt_fix_overlapped (bt, bts, end, is_end);
prev_index = bts->prev;
next = bt_fix_overlapped (bt, bts, end, is_end);
+ /* bts is no longer valid from here */
next_index = bt_sample_index (bt, next);
cur = tcp_bt_alloc_tx_sample (tc, start, end);
cur->flags |= TCP_BTS_IS_RXT;
next_index = bt_sample_index (bt, next);
cur = tcp_bt_alloc_tx_sample (tc, start, end);
cur->flags |= TCP_BTS_IS_RXT;
+ if (bts_flags & TCP_BTS_IS_RXT)
+ cur->flags |= TCP_BTS_IS_RXT_LOST;
cur->next = next_index;
cur->prev = prev_index;
cur->next = next_index;
cur->prev = prev_index;
@@
-400,7
+410,7
@@
tcp_bt_track_rxt (tcp_connection_t * tc, u32 start, u32 end)
bts_index = bt_sample_index (bt, bts);
next = bt_next_sample (bt, bts);
if (next)
bts_index = bt_sample_index (bt, bts);
next = bt_next_sample (bt, bts);
if (next)
-
next =
bt_fix_overlapped (bt, next, end, is_end);
+ bt_fix_overlapped (bt, next, end, is_end);
max_seq = bts->max_seq;
ASSERT (seq_lt (start, max_seq));
max_seq = bts->max_seq;
ASSERT (seq_lt (start, max_seq));
@@
-408,6
+418,8
@@
tcp_bt_track_rxt (tcp_connection_t * tc, u32 start, u32 end)
/* Have to split or tail overlap */
cur = tcp_bt_alloc_tx_sample (tc, start, end);
cur->flags |= TCP_BTS_IS_RXT;
/* Have to split or tail overlap */
cur = tcp_bt_alloc_tx_sample (tc, start, end);
cur->flags |= TCP_BTS_IS_RXT;
+ if (bts->flags & TCP_BTS_IS_RXT)
+ cur->flags |= TCP_BTS_IS_RXT_LOST;
cur->prev = bts_index;
cur_index = bt_sample_index (bt, cur);
cur->prev = bts_index;
cur_index = bt_sample_index (bt, cur);
@@
-471,6
+483,8
@@
tcp_bt_sample_to_rate_sample (tcp_connection_t * tc, tcp_bt_sample_t * bts,
rs->interval_time = bts->tx_time - bts->first_tx_time;
rs->rtt_time = tc->delivered_time - bts->tx_time;
rs->flags = bts->flags;
rs->interval_time = bts->tx_time - bts->first_tx_time;
rs->rtt_time = tc->delivered_time - bts->tx_time;
rs->flags = bts->flags;
+ rs->tx_in_flight = bts->tx_in_flight;
+ rs->tx_lost = bts->tx_lost;
tc->first_tx_time = bts->tx_time;
}
tc->first_tx_time = bts->tx_time;
}
@@
-582,6
+596,8
@@
tcp_bt_sample_delivery_rate (tcp_connection_t * tc, tcp_rate_sample_t * rs)
if (PREDICT_FALSE (tc->flags & TCP_CONN_FINSNT))
return;
if (PREDICT_FALSE (tc->flags & TCP_CONN_FINSNT))
return;
+ tc->lost += tc->sack_sb.last_lost_bytes;
+
delivered = tc->bytes_acked + tc->sack_sb.last_sacked_bytes;
if (!delivered || tc->bt->head == TCP_BTS_INVALID_INDEX)
return;
delivered = tc->bytes_acked + tc->sack_sb.last_sacked_bytes;
if (!delivered || tc->bt->head == TCP_BTS_INVALID_INDEX)
return;
@@
-603,7
+619,8
@@
tcp_bt_sample_delivery_rate (tcp_connection_t * tc, tcp_rate_sample_t * rs)
rs->interval_time);
rs->delivered = tc->delivered - rs->prior_delivered;
rs->acked_and_sacked = delivered;
rs->interval_time);
rs->delivered = tc->delivered - rs->prior_delivered;
rs->acked_and_sacked = delivered;
- rs->lost = tc->sack_sb.last_lost_bytes;
+ rs->last_lost = tc->sack_sb.last_lost_bytes;
+ rs->lost = tc->lost - rs->tx_lost;
}
void
}
void