Add support for rate limiting out of window ACKs.

Netstack today will send dupACK's with no rate limit for incoming out of window segments. This can result in ACK loops for example if a TCP socket connects to itself (actually permitted by TCP). Where the ACK sent in response to packets being out of order itself gets considered as an out of window segment resulting in another ACK being generated. PiperOrigin-RevId: 355206877
author: Bhasker Hariharan <bhaskerh@google.com> 2021-02-02 11:03:37 -0800
committer: gVisor bot <gvisor-bot@google.com> 2021-02-02 11:05:28 -0800
commit: 8c7c5abafbd8a72a43105cc352b42e48c12a99e8 (patch)
tree: 99949c5fb992f8af16e686241840ed13683df5a8 /pkg/tcpip/transport/tcp/rcv.go
parent: 3817c7349de2dde950fd65dcab1f4859c095eeaf (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/pkg/tcpip/transport/tcp/rcv.go b/pkg/tcpip/transport/tcp/rcv.go
index 7a7c402c4..a5c82b8fa 100644
--- a/pkg/tcpip/transport/tcp/rcv.go
+++ b/pkg/tcpip/transport/tcp/rcv.go
@@ -385,7 +385,7 @@ func (r *receiver) handleRcvdSegmentClosing(s *segment, state EndpointState, clo
 		// fails, we ignore the packet:
 		// https://github.com/torvalds/linux/blob/v5.8/net/ipv4/tcp_input.c#L5591
 		if r.ep.snd.sndNxt.LessThan(s.ackNumber) {
-			r.ep.snd.sendAck()
+			r.ep.snd.maybeSendOutOfWindowAck(s)
 			return true, nil
 		}
 
@@ -454,7 +454,7 @@ func (r *receiver) handleRcvdSegment(s *segment) (drop bool, err tcpip.Error) {
 	// send an ACK and stop further processing of the segment.
 	// This is according to RFC 793, page 68.
 	if !r.acceptable(segSeq, segLen) {
-		r.ep.snd.sendAck()
+		r.ep.snd.maybeSendOutOfWindowAck(s)
 		return true, nil
 	}
author	Bhasker Hariharan <bhaskerh@google.com>	2021-02-02 11:03:37 -0800
committer	gVisor bot <gvisor-bot@google.com>	2021-02-02 11:05:28 -0800
commit	8c7c5abafbd8a72a43105cc352b42e48c12a99e8 (patch)
tree	99949c5fb992f8af16e686241840ed13683df5a8 /pkg/tcpip/transport/tcp/rcv.go
parent	3817c7349de2dde950fd65dcab1f4859c095eeaf (diff)