Index: sys/netinet/tcp_output.c =================================================================== --- sys/netinet/tcp_output.c +++ sys/netinet/tcp_output.c @@ -60,6 +60,7 @@ #include #include #include +#include #include #include @@ -1569,6 +1570,15 @@ tp->snd_nxt += len; if (SEQ_GT(tp->snd_nxt, tp->snd_max)) { tp->snd_max = tp->snd_nxt; + struct socket *so = tp->t_inpcb->inp_socket; + tcp_seq top = tp->snd_una + sbused(&so->so_snd); + KASSERT(SEQ_LEQ(tp->snd_max, top+1), + ("%s: snd_max beyond so_snd", __func__)); + if (SEQ_GT(tp->snd_max, top + 1)) { + log(LOG_CRIT,"%s#%d: snd_max %u > so_snd+1 %u adjusting.\n", + __func__, __LINE__, tp->snd_max, top + 1); + tp->snd_max = top + 1; + } /* * Time this transmission if not a retransmission and * not currently timing anything. @@ -1644,8 +1654,18 @@ ++xlen; tp->t_flags |= TF_SENTFIN; } - if (SEQ_GT(tp->snd_nxt + xlen, tp->snd_max)) + if (SEQ_GT(tp->snd_nxt + xlen, tp->snd_max)) { tp->snd_max = tp->snd_nxt + xlen; + struct socket *so = tp->t_inpcb->inp_socket; + tcp_seq top = tp->snd_una + sbused(&so->so_snd); + KASSERT(SEQ_LEQ(tp->snd_max, top + 1), + ("%s: snd_max beyond so_snd", __func__)); + if (SEQ_GT(tp->snd_max, top + 1)) { + log(LOG_CRIT,"%s#%d: snd_max %u > so_snd+1 %u adjusting.\n", + __func__, __LINE__, tp->snd_max, top + 1); + tp->snd_max = top + 1; + } + } } if ((error == 0) && (TCPS_HAVEESTABLISHED(tp->t_state) && Index: sys/netinet/tcp_sack.c =================================================================== --- sys/netinet/tcp_sack.c +++ sys/netinet/tcp_sack.c @@ -898,8 +898,20 @@ highdata--; if (th->th_ack != highdata) { tp->snd_fack = th->th_ack; - (void)tcp_sackhole_insert(tp, SEQ_MAX(th->th_ack, - highdata - maxseg), highdata, NULL); + struct socket *so = tp->t_inpcb->inp_socket; + tcp_seq top = tp->snd_una + sbused(&so->so_snd); + KASSERT(SEQ_LEQ(highdata, top), + ("%s: rescue.end > so_snd, NEEDFIN:%d SENTFIN:%d\n", + __func__, (tp->t_flags & TF_NEEDFIN) != 0, + (tp->t_flags & TF_SENTFIN) != 0)); + if (SEQ_GT(highdata, top)) { + log(LOG_CRIT,"%s#%d: rescue (%u-%u) > so_snd %u skipping.\n", + __func__, __LINE__, + SEQ_MAX(th->th_ack, highdata - maxseg), + highdata, top); + } else + (void)tcp_sackhole_insert(tp, SEQ_MAX(th->th_ack, + highdata - maxseg), highdata, NULL); } } (void) tcp_output(tp); @@ -969,17 +981,19 @@ } } } - KASSERT(SEQ_LT(hole->start, hole->end), ("%s: hole.start >= hole.end", __func__)); - if (!(V_tcp_do_newsack)) { - KASSERT(SEQ_LT(hole->start, tp->snd_fack), ("%s: hole.start >= snd.fack", __func__)); - KASSERT(SEQ_LT(hole->end, tp->snd_fack), ("%s: hole.end >= snd.fack", __func__)); - KASSERT(SEQ_LT(hole->rxmit, tp->snd_fack), ("%s: hole.rxmit >= snd.fack", __func__)); + { + struct socket *so = tp->t_inpcb->inp_socket; + tcp_seq top = tp->snd_una + sbused(&so->so_snd); + KASSERT(SEQ_LT(hole->start, hole->end), ("%s: hole.start >= hole.end", __func__)); + KASSERT(SEQ_LEQ(hole->start, top), ("%s: hole.start >= so_snd", __func__)); + KASSERT(SEQ_LEQ(hole->end, top), ("%s: hole.end >= so_snd", __func__)); + KASSERT(SEQ_LEQ(hole->rxmit, top), ("%s: hole.rxmit >= so_snd", __func__)); if (SEQ_GEQ(hole->start, hole->end) || - SEQ_GEQ(hole->start, tp->snd_fack) || - SEQ_GEQ(hole->end, tp->snd_fack) || - SEQ_GEQ(hole->rxmit, tp->snd_fack)) { - log(LOG_CRIT,"tcp: invalid SACK hole (%u-%u,%u) vs fwd ack %u, ignoring.\n", - hole->start, hole->end, hole->rxmit, tp->snd_fack); + SEQ_GT(hole->start, top) || + SEQ_GT(hole->end, top) || + SEQ_GT(hole->rxmit, top)) { + log(LOG_CRIT,"%s#%d: invalid SACK hole (%u-%u,%u) vs so_snd %u ignoring.\n", + __func__, __LINE__, hole->start, hole->end, hole->rxmit, top); return (NULL); } }