aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4/tcp_output.c
diff options
context:
space:
mode:
authorIlpo Järvinen <ilpo.jarvinen@helsinki.fi>2007-02-13 15:42:11 -0500
committerDavid S. Miller <davem@davemloft.net>2007-02-13 15:42:11 -0500
commit600ff0c24bb71482e7f0da948a931d5c5d72838a (patch)
tree503ea2d8891a383ad6cd2d6ccdc064e596cb4c53 /net/ipv4/tcp_output.c
parent3d50f23108ff01457d1ca6fb2b5f2da8214e83e4 (diff)
[TCP]: Prevent pseudo garbage in SYN's advertized window
TCP may advertize up to 16-bits window in SYN packets (no window scaling allowed). At the same time, TCP may have rcv_wnd (32-bits) that does not fit to 16-bits without window scaling resulting in pseudo garbage into advertized window from the low-order bits of rcv_wnd. This can happen at least when mss <= (1<<wscale) (see tcp_select_initial_window). This patch fixes the handling of SYN advertized windows (compile tested only). In worst case (which is unlikely to occur though), the receiver advertized window could be just couple of bytes. I'm not sure that such situation would be handled very well at all by the receiver!? Fortunately, the situation normalizes after the first non-SYN ACK is received because it has the correct, scaled window. Alternatively, tcp_select_initial_window could be changed to prevent too large rcv_wnd in the first place. [ tcp_make_synack() has the same bug, and I've added a fix for that to this patch -DaveM ] Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/tcp_output.c')
-rw-r--r--net/ipv4/tcp_output.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index cebe9aa918a3..dc151139b5af 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -481,7 +481,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
481 /* RFC1323: The window in SYN & SYN/ACK segments 481 /* RFC1323: The window in SYN & SYN/ACK segments
482 * is never scaled. 482 * is never scaled.
483 */ 483 */
484 th->window = htons(tp->rcv_wnd); 484 th->window = htons(min(tp->rcv_wnd, 65535U));
485 } else { 485 } else {
486 th->window = htons(tcp_select_window(sk)); 486 th->window = htons(tcp_select_window(sk));
487 } 487 }
@@ -2160,7 +2160,7 @@ struct sk_buff * tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2160 } 2160 }
2161 2161
2162 /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */ 2162 /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */
2163 th->window = htons(req->rcv_wnd); 2163 th->window = htons(min(req->rcv_wnd, 65535U));
2164 2164
2165 TCP_SKB_CB(skb)->when = tcp_time_stamp; 2165 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2166 tcp_syn_build_options((__be32 *)(th + 1), dst_metric(dst, RTAX_ADVMSS), ireq->tstamp_ok, 2166 tcp_syn_build_options((__be32 *)(th + 1), dst_metric(dst, RTAX_ADVMSS), ireq->tstamp_ok,