diff options
author | Gerrit Renker <gerrit@erg.abdn.ac.uk> | 2006-12-09 21:06:32 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-11 17:34:51 -0500 |
commit | de553c189e3faa0d0c38f366f73379b46587b80e (patch) | |
tree | 0fbc7bd2c042518383ee07287812453176ae8b0d | |
parent | fe0499ae95f5f636bda1f6e0bdba5b7b023ea827 (diff) |
[DCCP] ccid3: Sanity-check RTT samples
CCID3 performance depends much on the accuracy of RTT samples. If RTT
samples grow too large, performance can be catastrophically poor.
To limit the amount of possible damage in such cases, the patch
* introduces an upper limit which identifies a maximum `sane' RTT value;
* uses a macro to enforce this upper limit.
Using a macro was given preference, since it is necessary to identify the
calling function in the warning message. Since exceeding this threshold
identifies a critical condition, DCCP_CRIT is used and not DCCP_WARN.
Many thanks to Ian McDonald for collaboration on this issue.
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Acked-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
-rw-r--r-- | net/dccp/ccids/ccid3.c | 4 | ||||
-rw-r--r-- | net/dccp/ccids/ccid3.h | 10 |
2 files changed, 13 insertions, 1 deletions
diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c index 7618d51aa2d2..122a716eb877 100644 --- a/net/dccp/ccids/ccid3.c +++ b/net/dccp/ccids/ccid3.c | |||
@@ -456,8 +456,9 @@ static void ccid3_hc_tx_packet_recv(struct sock *sk, struct sk_buff *skb) | |||
456 | r_sample, t_elapsed); | 456 | r_sample, t_elapsed); |
457 | else | 457 | else |
458 | r_sample -= t_elapsed; | 458 | r_sample -= t_elapsed; |
459 | CCID3_RTT_SANITY_CHECK(r_sample); | ||
459 | 460 | ||
460 | /* Update RTT estimate by | 461 | /* Update RTT estimate by |
461 | * If (No feedback recv) | 462 | * If (No feedback recv) |
462 | * R = R_sample; | 463 | * R = R_sample; |
463 | * Else | 464 | * Else |
@@ -1000,6 +1001,7 @@ static void ccid3_hc_rx_packet_recv(struct sock *sk, struct sk_buff *skb) | |||
1000 | r_sample, t_elapsed); | 1001 | r_sample, t_elapsed); |
1001 | else | 1002 | else |
1002 | r_sample -= t_elapsed; | 1003 | r_sample -= t_elapsed; |
1004 | CCID3_RTT_SANITY_CHECK(r_sample); | ||
1003 | 1005 | ||
1004 | if (hcrx->ccid3hcrx_state == TFRC_RSTATE_NO_DATA) | 1006 | if (hcrx->ccid3hcrx_state == TFRC_RSTATE_NO_DATA) |
1005 | hcrx->ccid3hcrx_rtt = r_sample; | 1007 | hcrx->ccid3hcrx_rtt = r_sample; |
diff --git a/net/dccp/ccids/ccid3.h b/net/dccp/ccids/ccid3.h index da0ca3c0a7b3..3fa0f69ed320 100644 --- a/net/dccp/ccids/ccid3.h +++ b/net/dccp/ccids/ccid3.h | |||
@@ -51,6 +51,16 @@ | |||
51 | /* Parameter t_mbi from [RFC 3448, 4.3]: backoff interval in seconds */ | 51 | /* Parameter t_mbi from [RFC 3448, 4.3]: backoff interval in seconds */ |
52 | #define TFRC_T_MBI 64 | 52 | #define TFRC_T_MBI 64 |
53 | 53 | ||
54 | /* What we think is a reasonable upper limit on RTT values */ | ||
55 | #define CCID3_SANE_RTT_MAX (4 * USEC_PER_SEC) | ||
56 | |||
57 | #define CCID3_RTT_SANITY_CHECK(rtt) do { \ | ||
58 | if (rtt > CCID3_SANE_RTT_MAX) { \ | ||
59 | DCCP_CRIT("RTT (%ld) too large, substituting %ld", \ | ||
60 | rtt, CCID3_SANE_RTT_MAX); \ | ||
61 | rtt = CCID3_SANE_RTT_MAX; \ | ||
62 | } } while (0) | ||
63 | |||
54 | enum ccid3_options { | 64 | enum ccid3_options { |
55 | TFRC_OPT_LOSS_EVENT_RATE = 192, | 65 | TFRC_OPT_LOSS_EVENT_RATE = 192, |
56 | TFRC_OPT_LOSS_INTERVALS = 193, | 66 | TFRC_OPT_LOSS_INTERVALS = 193, |