From: Gerrit Renker <[EMAIL PROTECTED]> Date: Thu, 14 Dec 2006 15:07:06 +0000
> While looking at DCCP sequence numbers, I stumbled over a problem with > the following definition of before in tcp.h: > > static inline int before(__u32 seq1, __u32 seq2) > { > return (__s32)(seq1-seq2) < 0; > } > > Problem: This definition suffers from an an ambiguity, i.e. always > > before(a, (a + 2^31) % 2^32)) = 1 > before((a + 2^31) % 2^32), a) = 1 > > In text: when the difference between a and b amounts to 2^31, > a is always considered `before' b, the function can not decide. > The reason is that implicitly 0 is `before' 1 ... 2^31-1 ... 2^31 > > Solution: There is a simple fix, by defining before in such a way that > 0 is no longer `before' 2^31, i.e. 0 `before' 1 ... 2^31-1 > By not using the middle between 0 and 2^32, before can be made > unambiguous. > This is achieved by testing whether seq2-seq1 > 0 (using signed > 32-bit arithmetic). > > I attach a patch to codify this. Also the `after' relation is basically > a redefinition of `before', it is now defined as a macro after before. > > Signed-off-by: Gerrit Renker <[EMAIL PROTECTED]> Applied, thanks Gerrit. I went over this patch and analysis a dozen times, because I couldn't believe something like this has been broken for so long :-) Even BSD suffers of this issue, since the beginning. See SEQ_LT() in tcp_seq.h, and it seems that BSD's timestamp sequence checking has the issue too (see TSTMP_LT() macro in OpenBSD's tcp_input.c) It seems that our PAWS timestamp checks are ok because we do: (s32)(tp->rx_opt.ts_recent - tp->rx_opt.rcv_tsval) > TCP_PAWS_WINDOW and (s32)(tp->rx_opt.rcv_tsval - tp->rx_opt.ts_recent) >= 0 Thanks again Gerrit. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html