Просмотр исходного кода

[tls] Keep cipherstream window open until TLS negotiation is complete

When performing a SAN boot, the plainstream window size will be zero
(since this is the mechanism used internally to indicate that no data
should be fetched via the initial request).  This zero value currently
propagates to the advertised TCP window size, which prevents the TLS
negotiation from completing.

Fix by ensuring that the cipherstream window is held open until TLS
negotiation is complete, and only then falling back to passing through
the plainstream window size.

Reported-by: John Wigley <johnwigley#ipxe@acorna.co.uk>
Tested-by: John Wigley <johnwigley#ipxe@acorna.co.uk>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 7 лет назад
Родитель
Сommit
2f12690455
1 измененных файлов: 16 добавлений и 0 удалений
  1. 16
    0
      src/net/tls.c

+ 16
- 0
src/net/tls.c Просмотреть файл

@@ -2328,6 +2328,21 @@ static int tls_newdata_process_data ( struct tls_session *tls ) {
2328 2328
 	return 0;
2329 2329
 }
2330 2330
 
2331
+/**
2332
+ * Check flow control window
2333
+ *
2334
+ * @v tls		TLS session
2335
+ * @ret len		Length of window
2336
+ */
2337
+static size_t tls_cipherstream_window ( struct tls_session *tls ) {
2338
+
2339
+	/* Open window until we are ready to accept data */
2340
+	if ( ! tls_ready ( tls ) )
2341
+		return -1UL;
2342
+
2343
+	return xfer_window ( &tls->plainstream );
2344
+}
2345
+
2331 2346
 /**
2332 2347
  * Receive new ciphertext
2333 2348
  *
@@ -2390,6 +2405,7 @@ static int tls_cipherstream_deliver ( struct tls_session *tls,
2390 2405
 static struct interface_operation tls_cipherstream_ops[] = {
2391 2406
 	INTF_OP ( xfer_deliver, struct tls_session *,
2392 2407
 		  tls_cipherstream_deliver ),
2408
+	INTF_OP ( xfer_window, struct tls_session *, tls_cipherstream_window ),
2393 2409
 	INTF_OP ( xfer_window_changed, struct tls_session *, tls_tx_resume ),
2394 2410
 	INTF_OP ( intf_close, struct tls_session *, tls_close ),
2395 2411
 };

Загрузка…
Отмена
Сохранить