[RFC PATCH net-next 28/33] tcp: Check for filled TCP option space before SACK

Mat Martineau Mon, 17 Jun 2019 15:59:58 -0700

The SACK code would potentially add four bytes to the expected
TCP option size even if all option space was already used.


Signed-off-by: Mat Martineau <mathew.j.martin...@linux.intel.com>
---
 net/ipv4/tcp_output.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 5fe9459bbd6a..e980546e330a 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -805,6 +805,9 @@ static unsigned int tcp_established_options(struct sock 
*sk, struct sk_buff *skb
                }
        }
 
+       if (size + TCPOLEN_SACK_BASE_ALIGNED >= MAX_TCP_OPTION_SPACE)
+               return size;
+
        eff_sacks = tp->rx_opt.num_sacks + tp->rx_opt.dsack;
        if (unlikely(eff_sacks)) {
                const unsigned int remaining = MAX_TCP_OPTION_SPACE - size;
-- 
2.22.0

[RFC PATCH net-next 28/33] tcp: Check for filled TCP option space before SACK

Reply via email to