From 68f7f9c44de5e560da0a17f76220eba3c4c7bc5d Mon Sep 17 00:00:00 2001 From: rrs Date: Mon, 14 Apr 2008 14:34:29 +0000 Subject: Protection against errant sender sending a stream seq number out of order with no missing TSN's (a cisco box has this problem which will make a ssn be held forever). MFC after: 1 week --- sys/netinet/sctp_indata.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'sys/netinet/sctp_indata.c') diff --git a/sys/netinet/sctp_indata.c b/sys/netinet/sctp_indata.c index 1c9c385..bb74b7b 100644 --- a/sys/netinet/sctp_indata.c +++ b/sys/netinet/sctp_indata.c @@ -582,6 +582,7 @@ sctp_queue_data_to_stream(struct sctp_tcb *stcb, struct sctp_association *asoc, /* The incoming sseq is behind where we last delivered? */ SCTPDBG(SCTP_DEBUG_INDATA1, "Duplicate S-SEQ:%d delivered:%d from peer, Abort association\n", control->sinfo_ssn, strm->last_sequence_delivered); +protocol_error: /* * throw it in the stream so it gets cleaned up in * association destruction @@ -659,6 +660,11 @@ sctp_queue_data_to_stream(struct sctp_tcb *stcb, struct sctp_association *asoc, * Ok, we did not deliver this guy, find the correct place * to put it on the queue. */ + if ((compare_with_wrap(asoc->cumulative_tsn, + control->sinfo_tsn, MAX_TSN)) || + (control->sinfo_tsn == asoc->cumulative_tsn)) { + goto protocol_error; + } if (TAILQ_EMPTY(&strm->inqueue)) { /* Empty queue */ if (sctp_logging_level & SCTP_STR_LOGGING_ENABLE) { @@ -3343,7 +3349,7 @@ sctp_strike_gap_ack_chunks(struct sctp_tcb *stcb, struct sctp_association *asoc, tp1->sent++; } } - } else if (tp1->rec.data.doing_fast_retransmit) { + } else if ((tp1->rec.data.doing_fast_retransmit) && (sctp_cmt_on_off == 0)) { /* * For those that have done a FR we must take * special consideration if we strike. I.e the -- cgit v1.1