Commit 81204c49 authored by Jon Paul Maloy's avatar Jon Paul Maloy Committed by David S. Miller

tipc: improve sequence number checking

The sequence number of an incoming packet is currently only checked
for less than, equality to, or bigger than the next expected number,
meaning that the receive window in practice becomes one half sequence
number cycle, or U16_MAX/2. This does not make sense, and may not even
be safe if there are extreme delays in the network. Any packet sent by
the peer during the ongoing cycle must belong inside his current send
window, or should otherwise be dropped if possible.

Since a link endpoint cannot know its peer's current send window, it
has to base this sanity check on a worst-case assumption, i.e., that
the peer is using a maximum sized window of 8191 packets. Using this
assumption, we now add a check that the sequence number is not bigger
than next_expected + TIPC_MAX_LINK_WIN. We also re-order the checks
done, so that the receive window test is performed before the gap test.
This way, we are guaranteed that no packet with illegal sequence numbers
are ever added to the deferred queue.
Signed-off-by: default avatarJon Maloy <jon.maloy@ericsson.com>
Acked-by: default avatarYing Xue <ying.xue@windriver.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f9aa358a
...@@ -1077,13 +1077,14 @@ int tipc_link_rcv(struct tipc_link *l, struct sk_buff *skb, ...@@ -1077,13 +1077,14 @@ int tipc_link_rcv(struct tipc_link *l, struct sk_buff *skb,
{ {
struct sk_buff_head *defq = &l->deferdq; struct sk_buff_head *defq = &l->deferdq;
struct tipc_msg *hdr; struct tipc_msg *hdr;
u16 seqno, rcv_nxt; u16 seqno, rcv_nxt, win_lim;
int rc = 0; int rc = 0;
do { do {
hdr = buf_msg(skb); hdr = buf_msg(skb);
seqno = msg_seqno(hdr); seqno = msg_seqno(hdr);
rcv_nxt = l->rcv_nxt; rcv_nxt = l->rcv_nxt;
win_lim = rcv_nxt + TIPC_MAX_LINK_WIN;
/* Verify and update link state */ /* Verify and update link state */
if (unlikely(msg_user(hdr) == LINK_PROTOCOL)) if (unlikely(msg_user(hdr) == LINK_PROTOCOL))
...@@ -1098,6 +1099,12 @@ int tipc_link_rcv(struct tipc_link *l, struct sk_buff *skb, ...@@ -1098,6 +1099,12 @@ int tipc_link_rcv(struct tipc_link *l, struct sk_buff *skb,
/* Don't send probe at next timeout expiration */ /* Don't send probe at next timeout expiration */
l->silent_intv_cnt = 0; l->silent_intv_cnt = 0;
/* Drop if outside receive window */
if (unlikely(less(seqno, rcv_nxt) || more(seqno, win_lim))) {
l->stats.duplicates++;
goto drop;
}
/* Forward queues and wake up waiting users */ /* Forward queues and wake up waiting users */
if (likely(tipc_link_release_pkts(l, msg_ack(hdr)))) { if (likely(tipc_link_release_pkts(l, msg_ack(hdr)))) {
tipc_link_advance_backlog(l, xmitq); tipc_link_advance_backlog(l, xmitq);
...@@ -1105,29 +1112,20 @@ int tipc_link_rcv(struct tipc_link *l, struct sk_buff *skb, ...@@ -1105,29 +1112,20 @@ int tipc_link_rcv(struct tipc_link *l, struct sk_buff *skb,
link_prepare_wakeup(l); link_prepare_wakeup(l);
} }
/* Defer reception if there is a gap in the sequence */ /* Defer delivery if sequence gap */
if (unlikely(less(rcv_nxt, seqno))) { if (unlikely(seqno != rcv_nxt)) {
__tipc_skb_queue_sorted(defq, skb); __tipc_skb_queue_sorted(defq, skb);
tipc_link_build_nack_msg(l, xmitq); tipc_link_build_nack_msg(l, xmitq);
break; break;
} }
/* Drop if packet already received */ /* Deliver packet */
if (unlikely(more(rcv_nxt, seqno))) {
l->stats.duplicates++;
goto drop;
}
/* Packet can be delivered */
l->rcv_nxt++; l->rcv_nxt++;
l->stats.recv_info++; l->stats.recv_info++;
if (!tipc_data_input(l, skb, l->inputq)) if (!tipc_data_input(l, skb, l->inputq))
rc = tipc_link_input(l, skb, l->inputq); rc = tipc_link_input(l, skb, l->inputq);
if (rc) if (unlikely(rc))
break; break;
/* Ack at regular intervals */
if (unlikely(++l->rcv_unacked >= TIPC_MIN_LINK_WIN)) if (unlikely(++l->rcv_unacked >= TIPC_MIN_LINK_WIN))
tipc_link_build_ack_msg(l, xmitq); tipc_link_build_ack_msg(l, xmitq);
......
...@@ -185,7 +185,7 @@ struct tipc_link { ...@@ -185,7 +185,7 @@ struct tipc_link {
} backlog[5]; } backlog[5];
u16 snd_nxt; u16 snd_nxt;
u16 last_retransm; u16 last_retransm;
u32 window; u16 window;
u32 stale_count; u32 stale_count;
/* Reception */ /* Reception */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment