不论是18版,还是37版,一开始都会从TCP的控制块中取出SACK选项的起始地址。
SACK选项的起始地址是保存在tcp_skb_cb结构的sacked项中的,那么这是在什么时候做的呢?
SACK块并不是总是合法的,非法的SACK块可能会引起处理错误,所以还需要进行SACK块的合法性检查。
本文主要内容:TCP首部中SACK选项的解析和地址的获取,SACK块的合法性检查。
Author:zhangskd @ csdn
SACK选项的地址
TCP_SKB_CB(skb)->sacked is initialized to offset corresponding to the start of the SACK option in the
TCP header for the segment received.
处理时机为:
tcp_rcv_established(),进入慢速路径时调用
| --> tcp_validate_incoming()
| --> tcp_fast_parse_options()
| --> tcp_parse_options()
在慢速路径中,有可能只带有TIMESTAMP选项,因此先用tcp_fast_parse_options()快速解析。
/* Fast parse options. This hopes to only see timestamps. * If it is wrong it falls back on tcp_parse_options(). */ static int tcp_fast_parse_options(struct sk_buff *skb, struct tcphdr *th, struct tcp_sock *tp, u8 **hvpp) { /* In the spirit of fast parsing, compare doff directly to constant values. * Because equality is used, short doff can be ignored here. */ if (th->doff == (sizeof(*th) / 4)) { /* 没有带选项 */ tp->rx_opt.saw_tstamp = 0; return 0; } else if (tp->rx_opt.tstamp_ok && th->doff == ((sizeof(*th) + TCPOLEN_TSTAMP_ALIGNED) / 4)) { /* 只带有时间戳选项 */ if (tcp_parse_aligned_timestamp(tp, th)) return 1; } /* 如果以上的快速解析失败,则进行全面解析 */ tcp_parse_options(skb, &tp->rx_opt, hvpp, 1); return 1; }
static int tcp_parse_aligned_timestamp(struct tcp_sock *tp, struct tcphdr *th) { __be32 *ptr = (__be32 *) (th + 1); /* 指向选项部分 */ /* 如果选项部分的前4个字节分别为:0x 01 01 08 0A */ if (*ptr == htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP)) { tp->rx_opt.saw_tstamp = 1; ++ptr; tp->rx_opt.rcv_tsval = ntohl(*ptr); /* 提取接收包的时间戳*/ ++ptr; tp->rx_opt.rcv_tsecr = ntohl(*ptr); /* 提取接收包的回显值*/ return 1; } return 0; }
在慢速路径中,如果tcp_fast_parse_options()失败,则调用tcp_parse_options()全面解析TCP选项。
/* Look for tcp options. Normally only called on SYN and SYNACK packets. * But, this can also be called on packets in the established flow when the fast version * below fails. */ void tcp_parse_options(struct sk_buff *skb, struct tcp_options_received *opt_rx, u8 **hvpp, int estab) { unsigned char *ptr; struct tcphdr *th = tcp_hdr(skb); int length = (th->doff * 4) - sizeof(struct tcphdr); /* 选项总长度 */ ptr = (unsigned char *) (th + 1); /* 选项起始地址 */ opt_rx->saw_tstamp = 0; /* 此ACK有没有带时间戳接下来才知道 */ while (length > 0) { int opcode = *ptr++; /* 选项kind */ int opsize; switch (opcode) { case TCPOPT_EOL: /* 结束选项,不常见到 */ return; case TCPOPT_NOP: /* 填充选项 */ length--; /* 此选项只占一个字节 */ continue; default: opsize = *ptr++; /* 此选项长度 */ if (opsize < 2) /* "silly options" */ return; /* 选项长度过小 */ if (opsize > length) return; /* don't parse partial options */ switch (opcode) { ... case TCPOPT_SACK_PERM: if (opsize == TCPOLEN_SACK_PERM && th->syn && !estab && sysctl_tcp_sack) { opt_rx->sack_ok = 1; /* SYN包中显示支持SACK */ tcp_sack_reset(opt_rx); /* 清空dsack和num_sacks */ } break; case TCPOPT_SACK: if ((opsize >= (TCPOLEN_SACK_BASE + TCPOLEN_SACK_PERBLOCK)) && !((opsize - TCPOLEN_SACK_BASE) % TCPOLEN_SACK_PERBLOCK) && opt_rx->sack_ok) { /*保存SACK选项的起始地址偏移*/ TCP_SKB_CB(skb)->sacked = (ptr - 2) - (unsigned char *) th; } break; ... } } } }
/* TCP options */ #define TCPOPT_NOP 1 /* Padding */ #define TCPOPT_EOL 0 /* End of options */ #define TCPOPT_MSS 2 /* Segment size negotiating */ #define TCPOPT_WINDOW 3 /* Window Scaling */ #define TCPOPT_SACK_PERM 4 /* SACK Permitted */ #define TCPOPT_SACK 5 /* SACK Block */ #define TCPOPT_TIMESTAMP 8 /* Better RTT estimations/PAWS */ static inline void tcp_sack_reset(struct tcp_options_received *rx_opt) { rx_opt->dsack = 0; rx_opt->num_sacks = 0; } /* This is the max number of SACKS that we'll generate and process. * It's safe to increase this, although since: * size = TCPOLEN_SACK_BASE_ALIGNED(4) + n * TCPOLEN_SACK_PERBLOCK(8) * only four options will fit in a standard TCP header */ #define TCP_NUM_SACKS 4 /* SACK块数最多为4 */
SACK块合法性检查
检查SACK块或者DSACK块是否合法。
2.6.24之前的版本没有检查SACK块的合法性,而某些非法的SACK块可能会触发空指针的引用。
在3.1版本之前有一个小bug,处理DSACK时会产生问题,修复非常简单:
@if (! after(end_seq, tp->snd_una)),把非去掉。
符合以下任一条件的SACK块是合法的:
1. sack块和dsack块:snd_una < start_seq < end_seq <= snd_nxt
2. dsack块:undo_marker <= start_seq < end_seq <= snd_una
3. dsack块:start_seq < undo_marker < end_seq <= snd_una 且 end_seq - start_seq <= max_window
/* SACK block range validation checks that the received SACK block fits to the * expected sequence limits, i.e., it is between SND.UNA and SND.NXT. */ static int tcp_is_sackblock_valid(struct tcp_sock *tp, int is_dsack, u32 start_seq, u32 end_seq) { /* Too far in future, or reversed (interpretation is ambiguous) * end_seq超过了snd_nxt,或者start_seq >= end_seq,那么不合法 */ if (after(end_seq, tp->snd_nxt) || ! before(start_seq, end_seq)) return 0; /* Nasty start_seq wrap-around check (see comments above) */ * start_seq超过了snd_nxt */ if (! before(start_seq, tp->snd_nxt)) return 0; /* In outstanding window? This is valid exit for D-SACKs too. * start_seq == snd_una is non-sensical (see comments above) */ if (after(start_seq, tp->snd_una)) return 1; /* 合法 */ if (! is_dsack || ! tp->undo_marker) return 0; /* Then it's D-SACK, and must reside below snd_una completely. * 注意在3.1以前这里是:! after(end_seq, tp->snd_una),是一个bug */ if (after(end_seq, tp->snd_una)) return 0; if (! before(start_seq, tp->undo_marker)) return 1; /* dsack块合法 */ /* Too old,DSACK块太旧了*/ if (! after(end_seq, tp->undo_marker)) return 0; /* Undo_marker boundary crossing */ return !before(start_seq, end_seq - tp->max_window); }