/** @file\r
TCP input process routines.\r
\r
- Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
IN TCP_SEG *Seg\r
)\r
{\r
- return (TCP_SEQ_LEQ (Tcb->RcvWl2, Seg->End) &&\r
+ return (TCP_SEQ_LEQ (Tcb->RcvNxt, Seg->End) &&\r
TCP_SEQ_LT (Seg->Seq, Tcb->RcvWl2 + Tcb->RcvWnd));\r
}\r
\r
Tcb->CWnd = Tcb->Ssthresh + 3 * Tcb->SndMss;\r
\r
DEBUG (\r
- (EFI_D_INFO,\r
+ (EFI_D_NET,\r
"TcpFastRecover: enter fast retransmission for TCB %p, recover point is %d\n",\r
Tcb,\r
Tcb->Recover)\r
//\r
Tcb->CWnd += Tcb->SndMss;\r
DEBUG (\r
- (EFI_D_INFO,\r
+ (EFI_D_NET,\r
"TcpFastRecover: received another duplicated ACK (%d) for TCB %p\n",\r
Seg->Ack,\r
Tcb)\r
\r
Tcb->CongestState = TCP_CONGEST_OPEN;\r
DEBUG (\r
- (EFI_D_INFO,\r
+ (EFI_D_NET,\r
"TcpFastRecover: received a full ACK(%d) for TCB %p, exit fast recovery\n",\r
Seg->Ack,\r
Tcb)\r
Tcb->CWnd -= Acked;\r
\r
DEBUG (\r
- (EFI_D_INFO,\r
+ (EFI_D_NET,\r
"TcpFastRecover: received a partial ACK(%d) for TCB %p\n",\r
Seg->Ack,\r
Tcb)\r
Tcb->CongestState = TCP_CONGEST_OPEN;\r
\r
DEBUG (\r
- (EFI_D_INFO,\r
+ (EFI_D_NET,\r
"TcpFastLossRecover: received a full ACK(%d) for TCB %p\n",\r
Seg->Ack,\r
Tcb)\r
//\r
TcpRetransmit (Tcb, Seg->Ack);\r
DEBUG (\r
- (EFI_D_INFO,\r
+ (EFI_D_NET,\r
"TcpFastLossRecover: received a partial ACK(%d) for TCB %p\n",\r
Seg->Ack,\r
Tcb)\r
}\r
\r
DEBUG (\r
- (EFI_D_INFO,\r
+ (EFI_D_NET,\r
"TcpComputeRtt: new RTT for TCB %p computed SRTT: %d RTTVAR: %d RTO: %d\n",\r
Tcb,\r
Tcb->SRtt,\r
}\r
\r
DEBUG (\r
- (EFI_D_INFO,\r
+ (EFI_D_NET,\r
"TcpDeliverData: processing FIN from peer of TCB %p\n",\r
Tcb)\r
);\r
TCP_SEQNO Right;\r
TCP_SEQNO Urg;\r
UINT16 Checksum;\r
+ INT32 Usable;\r
\r
ASSERT ((Version == IP_VERSION_4) || (Version == IP_VERSION_6));\r
\r
\r
Head = (TCP_HEAD *) NetbufGetByte (Nbuf, 0, NULL);\r
ASSERT (Head != NULL);\r
+ \r
+ if (Nbuf->TotalSize < sizeof (TCP_HEAD)) {\r
+ DEBUG ((EFI_D_NET, "TcpInput: received a malformed packet\n"));\r
+ goto DISCARD;\r
+ }\r
+ \r
Len = Nbuf->TotalSize - (Head->HeadLen << 2);\r
\r
if ((Head->HeadLen < 5) || (Len < 0)) {\r
\r
- DEBUG ((EFI_D_INFO, "TcpInput: received a malformed packet\n"));\r
+ DEBUG ((EFI_D_NET, "TcpInput: received a malformed packet\n"));\r
+ \r
goto DISCARD;\r
}\r
\r
);\r
\r
if ((Tcb == NULL) || (Tcb->State == TCP_CLOSED)) {\r
- DEBUG ((EFI_D_INFO, "TcpInput: send reset because no TCB found\n"));\r
+ DEBUG ((EFI_D_NET, "TcpInput: send reset because no TCB found\n"));\r
\r
Tcb = NULL;\r
goto SEND_RESET;\r
}\r
\r
DEBUG (\r
- (EFI_D_INFO,\r
+ (EFI_D_NET,\r
"TcpInput: create a child for TCB %p in listening\n",\r
Tcb)\r
);\r
TCP_SET_FLG (Tcb->CtrlFlag, TCP_CTRL_ACK_NOW);\r
\r
DEBUG (\r
- (EFI_D_INFO,\r
+ (EFI_D_NET,\r
"TcpInput: connection established for TCB %p in SYN_SENT\n",\r
Tcb)\r
);\r
TcpDeliverData (Tcb);\r
\r
DEBUG (\r
- (EFI_D_INFO,\r
+ (EFI_D_NET,\r
"TcpInput: connection established for TCB %p in SYN_RCVD\n",\r
Tcb)\r
);\r
}\r
\r
if (TCP_SEQ_LT (Right, Tcb->SndNxt)) {\r
-\r
- Tcb->SndNxt = Right;\r
-\r
+ //\r
+ // Check for Window Retraction in RFC7923 section 2.4.\r
+ // The lower n bits of the peer's actual receive window is wiped out if TCP\r
+ // window scale is enabled, it will look like the peer is shrinking the window.\r
+ // Check whether the SndNxt is out of the advertised receive window by more than\r
+ // 2^Rcv.Wind.Shift before moving the SndNxt to the left.\r
+ //\r
+ DEBUG (\r
+ (EFI_D_WARN,\r
+ "TcpInput: peer advise negative useable window for connected TCB %p\n",\r
+ Tcb)\r
+ );\r
+ Usable = TCP_SUB_SEQ (Tcb->SndNxt, Right);\r
+ if ((Usable >> Tcb->SndWndScale) > 0) {\r
+ DEBUG (\r
+ (EFI_D_WARN,\r
+ "TcpInput: SndNxt is out of window by more than window scale for TCB %p\n",\r
+ Tcb)\r
+ );\r
+ Tcb->SndNxt = Right;\r
+ }\r
if (Right == Tcb->SndUna) {\r
\r
TcpClearTimer (Tcb, TCP_TIMER_REXMIT);\r
{\r
\r
DEBUG (\r
- (EFI_D_INFO,\r
+ (EFI_D_NET,\r
"TcpInput: local FIN is ACKed by peer for connected TCB %p\n",\r
Tcb)\r
);\r
if (TCP_FLG_ON (Seg->Flag, TCP_FLG_URG) && !TCP_FIN_RCVD (Tcb->State)) {\r
\r
DEBUG (\r
- (EFI_D_INFO,\r
+ (EFI_D_NET,\r
"TcpInput: received urgent data from peer for connected TCB %p\n",\r
Tcb)\r
);\r
BOOLEAN IcmpErrIsHard;\r
BOOLEAN IcmpErrNotify;\r
\r
+ if (Nbuf->TotalSize < sizeof (TCP_HEAD)) {\r
+ goto CLEAN_EXIT;\r
+ }\r
+ \r
Head = (TCP_HEAD *) NetbufGetByte (Nbuf, 0, NULL);\r
ASSERT (Head != NULL);\r
\r