[Midnightbsd-cvs] src: sys/netinet: fix incorrect tcp padding on options

[laffer1 at midnightbsd.org]

Log Message:
-----------
fix incorrect tcp padding on options

Modified Files:
--------------
    src/sys/netinet:
        tcp.h (r1.3 -> r1.4)
        tcp_output.c (r1.5 -> r1.6)

-------------- next part --------------
Index: tcp_output.c
===================================================================
RCS file: /home/cvs/src/sys/netinet/tcp_output.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -L sys/netinet/tcp_output.c -L sys/netinet/tcp_output.c -u -r1.5 -r1.6
--- sys/netinet/tcp_output.c
+++ sys/netinet/tcp_output.c
@@ -1281,12 +1281,16 @@
 	for (mask = 1; mask < TOF_MAXOPT; mask <<= 1) {
 		if ((to->to_flags & mask) != mask)
 			continue;
+		if (optlen == TCP_MAXOLEN)
+			break;
 		switch (to->to_flags & mask) {
 		case TOF_MSS:
 			while (optlen % 4) {
 				optlen += TCPOLEN_NOP;
 				*optp++ = TCPOPT_NOP;
 			}
+			if (TCP_MAXOLEN - optlen < TCPOLEN_MAXSEG)
+				continue;
 			optlen += TCPOLEN_MAXSEG;
 			*optp++ = TCPOPT_MAXSEG;
 			*optp++ = TCPOLEN_MAXSEG;
@@ -1299,6 +1303,8 @@
 				optlen += TCPOLEN_NOP;
 				*optp++ = TCPOPT_NOP;
 			}
+			if (TCP_MAXOLEN - optlen < TCPOLEN_WINDOW)
+				continue;
 			optlen += TCPOLEN_WINDOW;
 			*optp++ = TCPOPT_WINDOW;
 			*optp++ = TCPOLEN_WINDOW;
@@ -1309,6 +1315,8 @@
 				optlen += TCPOLEN_NOP;
 				*optp++ = TCPOPT_NOP;
 			}
+			if (TCP_MAXOLEN - optlen < TCPOLEN_SACK_PERMITTED)
+				continue;
 			optlen += TCPOLEN_SACK_PERMITTED;
 			*optp++ = TCPOPT_SACK_PERMITTED;
 			*optp++ = TCPOLEN_SACK_PERMITTED;
@@ -1318,6 +1326,8 @@
 				optlen += TCPOLEN_NOP;
 				*optp++ = TCPOPT_NOP;
 			}
+			if (TCP_MAXOLEN - optlen < TCPOLEN_TIMESTAMP)
+				continue;
 			optlen += TCPOLEN_TIMESTAMP;
 			*optp++ = TCPOPT_TIMESTAMP;
 			*optp++ = TCPOLEN_TIMESTAMP;
@@ -1356,7 +1366,7 @@
 				optlen += TCPOLEN_NOP;
 				*optp++ = TCPOPT_NOP;
 			}
-			if (TCP_MAXOLEN - optlen < 2 + TCPOLEN_SACK)
+			if (TCP_MAXOLEN - optlen < TCPOLEN_SACKHDR + TCPOLEN_SACK)
 				continue;
 			optlen += TCPOLEN_SACKHDR;
 			*optp++ = TCPOPT_SACK;
@@ -1387,9 +1397,15 @@
 		optlen += TCPOLEN_EOL;
 		*optp++ = TCPOPT_EOL;
 	}
+	/*
+	 * According to RFC 793 (STD0007):
+	 *   "The content of the header beyond the End-of-Option option
+	 *    must be header padding (i.e., zero)."
+	 *   and later: "The padding is composed of zeros."
+	 */
 	while (optlen % 4) {
-		optlen += TCPOLEN_NOP;
-		*optp++ = TCPOPT_NOP;
+		optlen += TCPOLEN_PAD;
+		*optp++ = TCPOPT_PAD;
 	}
 
 	KASSERT(optlen <= TCP_MAXOLEN, ("%s: TCP options too long", __func__));
Index: tcp.h
===================================================================
RCS file: /home/cvs/src/sys/netinet/tcp.h,v
retrieving revision 1.3
retrieving revision 1.4
diff -L sys/netinet/tcp.h -L sys/netinet/tcp.h -u -r1.3 -r1.4
--- sys/netinet/tcp.h
+++ sys/netinet/tcp.h
@@ -79,6 +79,8 @@
 
 #define	TCPOPT_EOL		0
 #define	   TCPOLEN_EOL			1
+#define	TCPOPT_PAD		0		/* padding after EOL */
+#define	   TCPOLEN_PAD			1
 #define	TCPOPT_NOP		1
 #define	   TCPOLEN_NOP			1
 #define	TCPOPT_MAXSEG		2