[lwip-devel] [bug #48839] Possible bug with snd

lwip-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #48839] Possible bug with snd_wnd semantics

From:	Ambroz Bizjak
Subject:	[lwip-devel] [bug #48839] Possible bug with snd_wnd semantics
Date:	Sun, 21 Aug 2016 12:02:53 +0000 (UTC)
User-agent:	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36

URL:
  <http://savannah.nongnu.org/bugs/?48839>

                 Summary: Possible bug with snd_wnd semantics
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: abizjak
            Submitted on: Sun 21 Aug 2016 12:02:51 PM GMT
                Category: TCP
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: git head

    _______________________________________________________

Details:

Hi,
(I report this as a theoretical bug only based reading the code/specs)

The window value in a segment is relative to its ACK number. Consequently
pcb->snd_wnd is relative to pcb->snd_wl1. But tcp_output seems to assume it is
relative to pcb->lastack.

I suppose a discrepancy between lastack and snd_wl1 can occur when a segment
is received that:
- Is recognized as a window update but not a valid acknowledgement.
- Is recognized as a valid acknowledgement but not a window update.

(I have not done any more detailed analysis when this can occur)

Depending on the case snd_wl1 may become smaller or larger than lastack.
Effectively tcp_output may end up transmitting more data than the advertised
window allows, or limit the amount of transmitted data unnecessarily,
respectively.

Note, I also think there is a similar spec bug in RFC 793 p72, in "If SND.UNA
< SEG.ACK =< SND.NXT then, set SND.UNA <- SEG.ACK." (SND.UNA is lastack,
updated due to newly acked data). Here it is not considered that SND.WND is
relative to SND.UNA, so by increasing SND.UNA without a corresponding decrease
of SND.WND, the effective send window could now be larger than the remote
permits.

I see two approaches to fix this in lwIP:
1. Change tcp_output to consider snd_wnd relative to snd_wl1 instead of
lastack.
2. Change any relevant code to always keep snd_wnd relative to lastack (e.g.
window update and lastack update).
... but I'm not comfortable implementing anything specific due to possible
ripple effects, and also I'm currently writing my own new TCP/IP stack :)




    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?48839>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-devel] [bug #48839] Possible bug with snd_wnd semantics, Ambroz Bizjak <=
- [lwip-devel] [bug #48839] Possible bug with snd_wnd semantics, Ambroz Bizjak, 2016/08/21
  - [lwip-devel] [bug #48839] Possible bug with snd_wnd semantics, Simon Goldschmidt, 2016/08/22
    - [lwip-devel] [bug #48839] Possible bug with snd_wnd semantics, Ambroz Bizjak, 2016/08/22

Prev by Date: [lwip-devel] [bug #48328] Fatal RST/ACK loop caused by commit "fixed bug #48170"
Next by Date: [lwip-devel] [bug #48839] Possible bug with snd_wnd semantics
Previous by thread: [lwip-devel] [bug #48328] Fatal RST/ACK loop caused by commit "fixed bug #48170"
Next by thread: [lwip-devel] [bug #48839] Possible bug with snd_wnd semantics
Index(es):
- Date
- Thread