Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
tcp: properly validate acks between snd_nxt and una_max
[vpp.git]
/
src
/
vnet
/
tcp
/
tcp_input.c
diff --git
a/src/vnet/tcp/tcp_input.c
b/src/vnet/tcp/tcp_input.c
index
4927031
..
e0139a4
100644
(file)
--- a/
src/vnet/tcp/tcp_input.c
+++ b/
src/vnet/tcp/tcp_input.c
@@
-411,7
+411,8
@@
tcp_rcv_ack_no_cc (tcp_connection_t * tc, vlib_buffer_t * b, u32 * error)
if (!(seq_leq (tc->snd_una, vnet_buffer (b)->tcp.ack_number)
&& seq_leq (vnet_buffer (b)->tcp.ack_number, tc->snd_nxt)))
{
if (!(seq_leq (tc->snd_una, vnet_buffer (b)->tcp.ack_number)
&& seq_leq (vnet_buffer (b)->tcp.ack_number, tc->snd_nxt)))
{
- if (seq_leq (vnet_buffer (b)->tcp.ack_number, tc->snd_una_max))
+ if (seq_leq (vnet_buffer (b)->tcp.ack_number, tc->snd_una_max)
+ && seq_gt (vnet_buffer (b)->tcp.ack_number, tc->snd_una))
{
tc->snd_nxt = vnet_buffer (b)->tcp.ack_number;
goto acceptable;
{
tc->snd_nxt = vnet_buffer (b)->tcp.ack_number;
goto acceptable;
@@
-1580,7
+1581,8
@@
tcp_rcv_ack (tcp_worker_ctx_t * wrk, tcp_connection_t * tc, vlib_buffer_t * b,
{
/* We've probably entered recovery and the peer still has some
* of the data we've sent. Update snd_nxt and accept the ack */
{
/* We've probably entered recovery and the peer still has some
* of the data we've sent. Update snd_nxt and accept the ack */
- if (seq_leq (vnet_buffer (b)->tcp.ack_number, tc->snd_una_max))
+ if (seq_leq (vnet_buffer (b)->tcp.ack_number, tc->snd_una_max)
+ && seq_gt (vnet_buffer (b)->tcp.ack_number, tc->snd_una))
{
tc->snd_nxt = vnet_buffer (b)->tcp.ack_number;
goto process_ack;
{
tc->snd_nxt = vnet_buffer (b)->tcp.ack_number;
goto process_ack;