MFC: Fixes an edge case bug in timewait handling where ticks rolling over causing

the timewait expiry to be exactly 0 corrupts the timewait queues (and that entry).
2006-09-05 19:16:10 +00:00 · 2006-09-05 19:16:10 +00:00 · b3099c61f7
commit b3099c61f7
parent 768d92741c
4 changed files with 6 additions and 7 deletions
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@ -3226,7 +3226,7 @@ tcp_timewait(tw, to, th, m, tlen)
 	if (thflags & TH_FIN) {
 		seq = th->th_seq + tlen + (thflags & TH_SYN ? 1 : 0);
 		if (seq + 1 == tw->rcv_nxt)
-			tcp_timer_2msl_reset(tw, 2 * tcp_msl);
+			tcp_timer_2msl_reset(tw, 2 * tcp_msl, 1);
 	}

 	/*
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@ -1729,7 +1729,7 @@ tcp_twstart(tp)
 		tcp_twrespond(tw, TH_ACK);
 	inp->inp_ppcb = (caddr_t)tw;
 	inp->inp_vflag |= INP_TIMEWAIT;
-	tcp_timer_2msl_reset(tw, tw_time);
+	tcp_timer_2msl_reset(tw, tw_time, 0);
 	INP_UNLOCK(inp);
 }

--- a/sys/netinet/tcp_timer.c
+++ b/sys/netinet/tcp_timer.c
@ -232,14 +232,14 @@ tcp_timer_init(void)
 }

 void
-tcp_timer_2msl_reset(struct tcptw *tw, int timeo)
+tcp_timer_2msl_reset(struct tcptw *tw, int timeo, int rearm)
 {
 	int i;
 	struct tcptw *tw_tail;

 	INP_INFO_WLOCK_ASSERT(&tcbinfo);
 	INP_LOCK_ASSERT(tw->tw_inpcb);
-	if (tw->tw_time != 0)
+	if (rearm)
 		LIST_REMOVE(tw, tw_2msl);
 	tw->tw_time = timeo + ticks;
 	i = timeo > tcp_msl ? 1 : 0;
@ -252,8 +252,7 @@ tcp_timer_2msl_stop(struct tcptw *tw)
 {

 	INP_INFO_WLOCK_ASSERT(&tcbinfo);
-	if (tw->tw_time != 0)
-		LIST_REMOVE(tw, tw_2msl);
+	LIST_REMOVE(tw, tw_2msl);
 }

 struct tcptw *
--- a/sys/netinet/tcp_timer.h
+++ b/sys/netinet/tcp_timer.h
@ -156,7 +156,7 @@ void	tcp_timer_init(void);
 void	tcp_timer_2msl(void *xtp);
 struct tcptw *
 	tcp_timer_2msl_tw(int _reuse);		/* XXX temporary */
-void	tcp_timer_2msl_reset(struct tcptw *_tw, int _timeo);
+void	tcp_timer_2msl_reset(struct tcptw *_tw, int _timeo, int rearm);
 void	tcp_timer_2msl_stop(struct tcptw *_tw);
 void	tcp_timer_keep(void *xtp);
 void	tcp_timer_persist(void *xtp);