From 9ba9dee2aa809624eda0e96c96abd8abff29539e Mon Sep 17 00:00:00 2001 From: David van Moolenbroek Date: Mon, 19 Sep 2016 11:33:34 +0000 Subject: [PATCH] tcp: advance next seq nr for zero window probes It is possible that the byte sent as a zero window probe is accepted and acknowledged by the receiver side without the window being opened. In that case, the stream has effectively advanced by one byte, and since lwIP did not take this into account on the sender side, the result was a desynchronization between the sender and the receiver. That situation could occur even on a lwIP loopback device, after filling up the receiver side's receive buffer, and resulted in an ACK storm. This patch corrects the problem by advancing the sender's next sequence number by one as needed when sending a zero window probe. --- src/core/tcp_out.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/core/tcp_out.c b/src/core/tcp_out.c index 70bdfea5..78ff0a1a 100644 --- a/src/core/tcp_out.c +++ b/src/core/tcp_out.c @@ -1537,6 +1537,7 @@ tcp_zero_window_probe(struct tcp_pcb *pcb) struct tcp_seg *seg; u16_t len; u8_t is_fin; + u32_t snd_nxt; struct netif *netif; LWIP_DEBUGF(TCP_DEBUG, ("tcp_zero_window_probe: sending ZERO WINDOW probe to ")); @@ -1581,6 +1582,12 @@ tcp_zero_window_probe(struct tcp_pcb *pcb) pbuf_copy_partial(seg->p, d, 1, seg->p->tot_len - seg->len); } + /* The byte may be acknowledged without the window being opened. */ + snd_nxt = ntohl(seg->tcphdr->seqno) + 1; + if (TCP_SEQ_LT(pcb->snd_nxt, snd_nxt)) { + pcb->snd_nxt = snd_nxt; + } + netif = ip_route(&pcb->local_ip, &pcb->remote_ip); if (netif == NULL) { err = ERR_RTE;