Tải bản đầy đủ - 0 (trang)
7 PAWS: Protection Against Wrapped Sequence Numbers

7 PAWS: Protection Against Wrapped Sequence Numbers

Tải bản đầy đủ - 0trang

BasicPAWStest

602-613

ts_presentwassetbytcp_dooptionsifa

timestampoptionwaspresent.Ifthe

followingthreeconditionsarealltrue,the

segmentisdropped:

1. theRSTflagisnotset(Exercise

28.8),

TCPhasreceivedavalidtimestampfrom



thispeer(ts_recentisnonzero),and

thereceivedtimestampinthissegment

(ts_val)islessthanthepreviously

receivedtimestampfromthispeer.

PAWSisbuiltonthepremisethatthe32bittimestampvalueswraparoundata

muchlowerfrequencythanthe32-bit

sequencenumbers,onahigh-speed

connection.Exercise28.6showsthateven

atthehighestpossibletimestampcounter

frequency(incrementingby1bitevery

millisecond),thesignbitofthetimestamp

wrapsaroundonlyevery24days.Ona

high-speednetworksuchasagigabit

network,thesequencenumbercanwrap

in17seconds(Section24.3ofVolume1).

Therefore,ifthereceivedtimestampvalue

islessthanthemostrecentonefromthis

peer,thissegmentisoldandmustbe

discarded(subjecttotheoutdated

timestamptestthatfollows).Thepacket

mightbediscardedlaterintheinput

processingbecausethesequencenumber

is"old,"butPAWSisintendedforhighspeedconnectionswherethesequence

numberscanwrapquickly.



NoticethatthePAWSalgorithmis

symmetric:itnotonlydiscardsduplicate

datasegmentsbutalsodiscardsduplicate

ACKs.Allreceivedsegmentsaresubjectto

PAWS.Recallthattheheaderprediction

codealsoappliedthePAWStest(Figure

28.11).



Checkforoutdatedtimestamp





614-627

Thereisasmallpossibilitythatthereason

thePAWStestfailsisbecausethe

connectionhasbeenidleforalongtime.

Thereceivedsegmentisnotaduplicate;it

isjustthatbecausetheconnectionhas

beenidleforsolong,thepeer'stimestamp

valuehaswrappedaroundwhencompared

tothemostrecenttimestampfromthat

peer.

Wheneverts_recentiscopiedfromthe

timestampinareceivedsegment,

ts_recent_agerecordsthecurrenttime

(tcp_now).Ifthetimeatwhichts_recent

wassavedismorethan24daysago,itis



setto0toinvalidateit.Theconstant

TCP_PAWS_IDLEisdefinedtobe

(24x24x60x60x2),thefinal2beingthe

numberoftickspersecond.Thereceived

segmentisnotdroppedinthiscase,since

theproblemisnotaduplicatedsegment,

butanoutdatedtimestamp.Seealso

Exercises28.6and28.7.

Figure28.23showsanexampleofan

outdatedtimestamp.Thesystemonthe

leftisanon-Net/3systemthatincrements

itstimestampclockatthehighest

frequencyallowedbyRFC1323:once

everymillisecond.Thesystemontheright

isaNet/3system.



Figure28.23.Exampleofoutdated

timestamp.



Whenthedatasegmentarriveswitha

timestampof1,thatvalueissavedin

ts_recentandts_recent_ageissettothe

currenttime(tcp_now),asshownin

Figures28.11and28.35.Theconnection

isthenidlefor25days,duringwhichtime

tcp_nowwillincreaseby4,320,000

(25x24x60x60x2).Duringthese25days

theotherend'stimestampclockwill

increaseby2,160,000,000

(25x24x60x60x1000).Duringthisinterval

thetimestamp"changessign"withregard

tothevalue1,thatis,2,147,483,649is

greaterthan1,but2,147,483,650isless

than1(recallFigure24.26).Therefore,

whenthedatasegmentisreceivedwitha

timestampof2,160,000,001,thisvalueis

lessthants_recent(1),whencompared

usingtheTSTMP_LTmacro,sothePAWS

testfails.Butsincetcp_nowminus

ts_recent_ageisgreaterthan24days,the

reasonforthefailureisthatthe

connectionhasbeenidleformorethan24

days,andthesegmentisaccepted.



Dropduplicatesegment



628-633

Thesegmentisdeterminedtobea

duplicatebasedonthePAWSalgorithm,

andthetimestampisnotoutdated.Itis

dropped,afterbeingacknowledged(since

allduplicatesegmentsareacknowledged).

Figure24.5showsamuchsmallervalue

fortcps_pawsdrop(22)thanfor

tcps_rcvduppack(46,953).Thisis

probablybecausefewersystems

supportthetimestampoptiontoday,

causingmostduplicatepacketstobe

discardedbylatertestsinTCP'sinput

processinginsteadofbyPAWS.



Team-Fly









Top



Team-Fly











TCP/IPIllustrated,Volume2:The

ImplementationByGaryR.Wright,

W.RichardStevens

TableofContents



Chapter28.TCPInput



28.8TrimSegmentsoDatais

WithinWindow

Thissectiontrimsthereceivedsegmentso

thatitcontainsonlydatathatiswithinthe

advertisedwindow:

duplicatedataatthebeginningofthe

receivedsegmentisdiscarded,and

datathatisbeyondtheendofthe

windowisdiscardedfromtheendofthe

segment.

Whatremainsisnewdatawithinthe

window.ThecodeshowninFigure28.24

checksifthereisanyduplicatedataatthe

beginningofthesegment.



Figure28.24.tcp_inputfunction:check

forduplicatedataatbeginningof

segment.



Checkifanyduplicatedataatfrontof

segment

635-636

Ifthestartingsequencenumberofthe

receivedsegment(ti_seq)islessthanthe

nextreceivesequencenumberexpected

(rcv_nxt),dataatthebeginningofthe

segmentisoldandtodropwillbegreater

than0.Thesedatabyteshavealready

beenacknowledgedandpassedtothe

application(Figure24.18).



RemoveduplicateSYN



637-645

IftheSYNflagisset,itreferstothefirst

sequencenumberinthesegment,whichis

knowntobeold.TheSYNflagiscleared

andthestartingsequencenumberofthe

segmentisincrementedby1toskipover

theduplicateSYN.Furthermore,ifthe

urgentoffsetinthereceivedsegment

(ti_urp)isgreaterthan1,itmustbe

decrementedby1,sincetheurgentoffset

isrelativetothestartingsequence

number,whichwasjustincremented.If

theurgentoffsetis0or1,itisleftalone,

butincaseitwas1,theURGflagis

cleared.Finallytodropisdecrementedby

1(sincetheSYNoccupiesasequence

number).

Thehandlingofduplicatedataatthefront

ofthesegmentcontinuesinFigure28.25.



Figure28.25.tcp_inputfunction:handle

completelyduplicatesegment.



Checkforentireduplicatepacket

646-648

Iftheamountofduplicatedataatthefront

ofthesegmentisgreaterthanorequalto

thesizeofthesegment,theentire

segmentisaduplicate.



CheckforduplicateFIN

649-663

ThenextcheckiswhethertheFINis

duplicated.Figure28.26showsan

exampleofthis.



Figure28.26.Exampleofduplicate

packetwithFINflagset.



Inthisexampletodropequals5,whichis

greaterthanorequaltoti_len(4).Since

theFINflagissetandtodropequalsti_len

plus1,todropissetto4,theFINflagis

cleared,andtheTF_ACKNOWflagisset,

forcinganimmediateACKtobesentat

theendofthisfunction.Thisexamplealso

worksforothersegmentsifti_seqplus

ti_lenequals10.



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

7 PAWS: Protection Against Wrapped Sequence Numbers

Tải bản đầy đủ ngay(0 tr)

×