Procházet zdrojové kódy

[tcp] Allow sufficient headroom for TCP headers

TCP currently neglects to allow sufficient space for its own headers
when allocating I/O buffers.  This problem is masked by the fact that
the maximum link-layer header size (802.11) is substantially larger
than the common Ethernet link-layer header.

Fix by allowing sufficient space for any TCP headers, as well as the
network-layer and link-layer headers.

Reported-by: Scott K Logan <logans@cottsay.net>
Debugged-by: Scott K Logan <logans@cottsay.net>
Tested-by: Scott K Logan <logans@cottsay.net>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown před 13 roky
rodič
revize
469bd11f39
2 změnil soubory, kde provedl 14 přidání a 4 odebrání
  1. 10
    0
      src/include/ipxe/tcp.h
  2. 4
    4
      src/net/tcp.c

+ 10
- 0
src/include/ipxe/tcp.h Zobrazit soubor

@@ -308,6 +308,16 @@ struct tcp_options {
308 308
  */
309 309
 #define TCP_MSL ( 2 * 60 * TICKS_PER_SEC )
310 310
 
311
+/**
312
+ * TCP maximum header length
313
+ *
314
+ */
315
+#define TCP_MAX_HEADER_LEN					\
316
+	( MAX_LL_NET_HEADER_LEN +				\
317
+	  sizeof ( struct tcp_header ) +			\
318
+	  sizeof ( struct tcp_mss_option ) +			\
319
+	  sizeof ( struct tcp_timestamp_padded_option ) )
320
+
311 321
 /**
312 322
  * Compare TCP sequence numbers
313 323
  *

+ 4
- 4
src/net/tcp.c Zobrazit soubor

@@ -509,14 +509,14 @@ static int tcp_xmit ( struct tcp_connection *tcp ) {
509 509
 		start_timer ( &tcp->timer );
510 510
 
511 511
 	/* Allocate I/O buffer */
512
-	iobuf = alloc_iob ( len + MAX_LL_NET_HEADER_LEN );
512
+	iobuf = alloc_iob ( len + TCP_MAX_HEADER_LEN );
513 513
 	if ( ! iobuf ) {
514 514
 		DBGC ( tcp, "TCP %p could not allocate iobuf for %08x..%08x "
515 515
 		       "%08x\n", tcp, tcp->snd_seq, ( tcp->snd_seq + seq_len ),
516 516
 		       tcp->rcv_ack );
517 517
 		return -ENOMEM;
518 518
 	}
519
-	iob_reserve ( iobuf, MAX_LL_NET_HEADER_LEN );
519
+	iob_reserve ( iobuf, TCP_MAX_HEADER_LEN );
520 520
 
521 521
 	/* Fill data payload from transmit queue */
522 522
 	tcp_process_tx_queue ( tcp, len, iobuf, 0 );
@@ -653,14 +653,14 @@ static int tcp_xmit_reset ( struct tcp_connection *tcp,
653 653
 	int rc;
654 654
 
655 655
 	/* Allocate space for dataless TX buffer */
656
-	iobuf = alloc_iob ( MAX_LL_NET_HEADER_LEN );
656
+	iobuf = alloc_iob ( TCP_MAX_HEADER_LEN );
657 657
 	if ( ! iobuf ) {
658 658
 		DBGC ( tcp, "TCP %p could not allocate iobuf for RST "
659 659
 		       "%08x..%08x %08x\n", tcp, ntohl ( in_tcphdr->ack ),
660 660
 		       ntohl ( in_tcphdr->ack ), ntohl ( in_tcphdr->seq ) );
661 661
 		return -ENOMEM;
662 662
 	}
663
-	iob_reserve ( iobuf, MAX_LL_NET_HEADER_LEN );
663
+	iob_reserve ( iobuf, TCP_MAX_HEADER_LEN );
664 664
 
665 665
 	/* Construct RST response */
666 666
 	tcphdr = iob_push ( iobuf, sizeof ( *tcphdr ) );

Načítá se…
Zrušit
Uložit