diff options
| author | rrs <rrs@FreeBSD.org> | 2010-03-23 01:36:50 +0000 |
|---|---|---|
| committer | rrs <rrs@FreeBSD.org> | 2010-03-23 01:36:50 +0000 |
| commit | a4998a854d601c5a59c9f51479188de6d29c8919 (patch) | |
| tree | 1bd08e49380a68b6bbc59a7e433fa27e9f05ca72 /sys/netinet/sctp_indata.c | |
| parent | 3a86d13e80538b80fe3c15581dde6988c3656138 (diff) | |
| download | FreeBSD-src-a4998a854d601c5a59c9f51479188de6d29c8919.zip FreeBSD-src-a4998a854d601c5a59c9f51479188de6d29c8919.tar.gz | |
Fixes a bug where SACKs in the face of
mapping_array expansion would break. Basically
once we expanded the array we no longer had both
mapping arrays in sync which the sack processing code depends on.
This would mean we were randomly referring to memory that was probably
not there. This mostly just gave us bad sack results going back to the peer.
If INVARIENTS was on of course we would hit the panic routine in the sack_check
call.
We also add a print routine for the place where one would panic in
invarients so one can see what the main mapping array holds.
Reviewed by: tuexen@freebsd.org
MFC after: 2 weeks
Diffstat (limited to 'sys/netinet/sctp_indata.c')
| -rw-r--r-- | sys/netinet/sctp_indata.c | 36 |
1 files changed, 1 insertions, 35 deletions
diff --git a/sys/netinet/sctp_indata.c b/sys/netinet/sctp_indata.c index cdb78af..65eb086 100644 --- a/sys/netinet/sctp_indata.c +++ b/sys/netinet/sctp_indata.c @@ -2540,15 +2540,7 @@ sctp_sack_check(struct sctp_tcb *stcb, int ok_to_sack, int was_a_gap, int *abort /* int nr_at; */ /* int nr_last_all_ones = 0; */ /* int nr_slide_from, nr_slide_end, nr_lgap, nr_distance; */ - uint32_t old_cumack, old_base, old_highest; - unsigned char aux_array[64]; - - /* - * EY! Don't think this is required but I am immitating the code for - * map just to make sure - */ - unsigned char nr_aux_array[64]; asoc = &stcb->asoc; at = 0; @@ -2556,33 +2548,6 @@ sctp_sack_check(struct sctp_tcb *stcb, int ok_to_sack, int was_a_gap, int *abort old_cumack = asoc->cumulative_tsn; old_base = asoc->mapping_array_base_tsn; old_highest = asoc->highest_tsn_inside_map; - if (asoc->mapping_array_size < 64) - memcpy(aux_array, asoc->mapping_array, - asoc->mapping_array_size); - else - memcpy(aux_array, asoc->mapping_array, 64); - /* EY do the same for nr_mapping_array */ - if (SCTP_BASE_SYSCTL(sctp_nr_sack_on_off) && asoc->peer_supports_nr_sack) { - if (asoc->nr_mapping_array_size != asoc->mapping_array_size) { - /* - * printf("\nEY-IN sack_check method: \nEY-" "The - * size of map and nr_map are inconsitent") - */ ; - } - if (asoc->nr_mapping_array_base_tsn != asoc->mapping_array_base_tsn) { - /* - * printf("\nEY-IN sack_check method VERY CRUCIAL - * error: \nEY-" "The base tsns of map and nr_map - * are inconsitent") - */ ; - } - /* EY! just immitating the above code */ - if (asoc->nr_mapping_array_size < 64) - memcpy(nr_aux_array, asoc->nr_mapping_array, - asoc->nr_mapping_array_size); - else - memcpy(aux_array, asoc->nr_mapping_array, 64); - } /* * We could probably improve this a small bit by calculating the * offset of the current cum-ack as the starting point. @@ -2618,6 +2583,7 @@ sctp_sack_check(struct sctp_tcb *stcb, int ok_to_sack, int was_a_gap, int *abort #else SCTP_PRINTF("huh, cumack 0x%x greater than high-tsn 0x%x in map - should panic?\n", asoc->cumulative_tsn, asoc->highest_tsn_inside_map); + sctp_print_mapping_array(asoc); if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_MAP_LOGGING_ENABLE) { sctp_log_map(0, 6, asoc->highest_tsn_inside_map, SCTP_MAP_SLIDE_RESULT); } |
