aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4/tcp_output.c
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2005-09-14 23:50:35 -0400
committerDavid S. Miller <davem@davemloft.net>2005-09-14 23:50:35 -0400
commit3c05d92ed49f644d1f5a960fa48637d63b946016 (patch)
tree4882f2b114f7bb497e9844e21fe8bff4f8160def /net/ipv4/tcp_output.c
parent1619cca2921f6927f4240e03f413d4165c7002fc (diff)
[TCP]: Compute in_sacked properly when we split up a TSO frame.
The problem is that the SACK fragmenting code may incorrectly call tcp_fragment() with a length larger than the skb->len. This happens when the skb on the transmit queue completely falls to the LHS of the SACK. And add a BUG() check to tcp_fragment() so we can spot this kind of error more quickly in the future. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/tcp_output.c')
-rw-r--r--net/ipv4/tcp_output.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index c10e4435e3b1..b018e31b6530 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -435,6 +435,8 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
435 int nsize, old_factor; 435 int nsize, old_factor;
436 u16 flags; 436 u16 flags;
437 437
438 BUG_ON(len >= skb->len);
439
438 nsize = skb_headlen(skb) - len; 440 nsize = skb_headlen(skb) - len;
439 if (nsize < 0) 441 if (nsize < 0)
440 nsize = 0; 442 nsize = 0;