aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGerrit Renker <gerrit@erg.abdn.ac.uk>2006-12-09 21:06:32 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2006-12-11 17:34:51 -0500
commitde553c189e3faa0d0c38f366f73379b46587b80e (patch)
tree0fbc7bd2c042518383ee07287812453176ae8b0d
parentfe0499ae95f5f636bda1f6e0bdba5b7b023ea827 (diff)
[DCCP] ccid3: Sanity-check RTT samples
CCID3 performance depends much on the accuracy of RTT samples. If RTT samples grow too large, performance can be catastrophically poor. To limit the amount of possible damage in such cases, the patch * introduces an upper limit which identifies a maximum `sane' RTT value; * uses a macro to enforce this upper limit. Using a macro was given preference, since it is necessary to identify the calling function in the warning message. Since exceeding this threshold identifies a critical condition, DCCP_CRIT is used and not DCCP_WARN. Many thanks to Ian McDonald for collaboration on this issue. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> Acked-by: Ian McDonald <ian.mcdonald@jandi.co.nz> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
-rw-r--r--net/dccp/ccids/ccid3.c4
-rw-r--r--net/dccp/ccids/ccid3.h10
2 files changed, 13 insertions, 1 deletions
diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c
index 7618d51aa2d2..122a716eb877 100644
--- a/net/dccp/ccids/ccid3.c
+++ b/net/dccp/ccids/ccid3.c
@@ -456,8 +456,9 @@ static void ccid3_hc_tx_packet_recv(struct sock *sk, struct sk_buff *skb)
456 r_sample, t_elapsed); 456 r_sample, t_elapsed);
457 else 457 else
458 r_sample -= t_elapsed; 458 r_sample -= t_elapsed;
459 CCID3_RTT_SANITY_CHECK(r_sample);
459 460
460 /* Update RTT estimate by 461 /* Update RTT estimate by
461 * If (No feedback recv) 462 * If (No feedback recv)
462 * R = R_sample; 463 * R = R_sample;
463 * Else 464 * Else
@@ -1000,6 +1001,7 @@ static void ccid3_hc_rx_packet_recv(struct sock *sk, struct sk_buff *skb)
1000 r_sample, t_elapsed); 1001 r_sample, t_elapsed);
1001 else 1002 else
1002 r_sample -= t_elapsed; 1003 r_sample -= t_elapsed;
1004 CCID3_RTT_SANITY_CHECK(r_sample);
1003 1005
1004 if (hcrx->ccid3hcrx_state == TFRC_RSTATE_NO_DATA) 1006 if (hcrx->ccid3hcrx_state == TFRC_RSTATE_NO_DATA)
1005 hcrx->ccid3hcrx_rtt = r_sample; 1007 hcrx->ccid3hcrx_rtt = r_sample;
diff --git a/net/dccp/ccids/ccid3.h b/net/dccp/ccids/ccid3.h
index da0ca3c0a7b3..3fa0f69ed320 100644
--- a/net/dccp/ccids/ccid3.h
+++ b/net/dccp/ccids/ccid3.h
@@ -51,6 +51,16 @@
51/* Parameter t_mbi from [RFC 3448, 4.3]: backoff interval in seconds */ 51/* Parameter t_mbi from [RFC 3448, 4.3]: backoff interval in seconds */
52#define TFRC_T_MBI 64 52#define TFRC_T_MBI 64
53 53
54/* What we think is a reasonable upper limit on RTT values */
55#define CCID3_SANE_RTT_MAX (4 * USEC_PER_SEC)
56
57#define CCID3_RTT_SANITY_CHECK(rtt) do { \
58 if (rtt > CCID3_SANE_RTT_MAX) { \
59 DCCP_CRIT("RTT (%ld) too large, substituting %ld", \
60 rtt, CCID3_SANE_RTT_MAX); \
61 rtt = CCID3_SANE_RTT_MAX; \
62 } } while (0)
63
54enum ccid3_options { 64enum ccid3_options {
55 TFRC_OPT_LOSS_EVENT_RATE = 192, 65 TFRC_OPT_LOSS_EVENT_RATE = 192,
56 TFRC_OPT_LOSS_INTERVALS = 193, 66 TFRC_OPT_LOSS_INTERVALS = 193,