From b3099c61f716c0669fe4cba9bbba901de363caf3 Mon Sep 17 00:00:00 2001 From: mohans Date: Tue, 5 Sep 2006 19:16:10 +0000 Subject: [PATCH] MFC: Fixes an edge case bug in timewait handling where ticks rolling over causing the timewait expiry to be exactly 0 corrupts the timewait queues (and that entry). --- sys/netinet/tcp_input.c | 2 +- sys/netinet/tcp_subr.c | 2 +- sys/netinet/tcp_timer.c | 7 +++---- sys/netinet/tcp_timer.h | 2 +- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index f5ed623fabdc..c70c06a24b75 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -3226,7 +3226,7 @@ tcp_timewait(tw, to, th, m, tlen) if (thflags & TH_FIN) { seq = th->th_seq + tlen + (thflags & TH_SYN ? 1 : 0); if (seq + 1 == tw->rcv_nxt) - tcp_timer_2msl_reset(tw, 2 * tcp_msl); + tcp_timer_2msl_reset(tw, 2 * tcp_msl, 1); } /* diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index c27923cc9b9a..bce003807a64 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1729,7 +1729,7 @@ tcp_twstart(tp) tcp_twrespond(tw, TH_ACK); inp->inp_ppcb = (caddr_t)tw; inp->inp_vflag |= INP_TIMEWAIT; - tcp_timer_2msl_reset(tw, tw_time); + tcp_timer_2msl_reset(tw, tw_time, 0); INP_UNLOCK(inp); } diff --git a/sys/netinet/tcp_timer.c b/sys/netinet/tcp_timer.c index 45808afa6f5b..4cd4652caa6a 100644 --- a/sys/netinet/tcp_timer.c +++ b/sys/netinet/tcp_timer.c @@ -232,14 +232,14 @@ tcp_timer_init(void) } void -tcp_timer_2msl_reset(struct tcptw *tw, int timeo) +tcp_timer_2msl_reset(struct tcptw *tw, int timeo, int rearm) { int i; struct tcptw *tw_tail; INP_INFO_WLOCK_ASSERT(&tcbinfo); INP_LOCK_ASSERT(tw->tw_inpcb); - if (tw->tw_time != 0) + if (rearm) LIST_REMOVE(tw, tw_2msl); tw->tw_time = timeo + ticks; i = timeo > tcp_msl ? 1 : 0; @@ -252,8 +252,7 @@ tcp_timer_2msl_stop(struct tcptw *tw) { INP_INFO_WLOCK_ASSERT(&tcbinfo); - if (tw->tw_time != 0) - LIST_REMOVE(tw, tw_2msl); + LIST_REMOVE(tw, tw_2msl); } struct tcptw * diff --git a/sys/netinet/tcp_timer.h b/sys/netinet/tcp_timer.h index d3d7c94ff3b0..815a75732402 100644 --- a/sys/netinet/tcp_timer.h +++ b/sys/netinet/tcp_timer.h @@ -156,7 +156,7 @@ void tcp_timer_init(void); void tcp_timer_2msl(void *xtp); struct tcptw * tcp_timer_2msl_tw(int _reuse); /* XXX temporary */ -void tcp_timer_2msl_reset(struct tcptw *_tw, int _timeo); +void tcp_timer_2msl_reset(struct tcptw *_tw, int _timeo, int rearm); void tcp_timer_2msl_stop(struct tcptw *_tw); void tcp_timer_keep(void *xtp); void tcp_timer_persist(void *xtp);