summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar David Benjamin <davidben@mit.edu>2013-07-14 13:23:11 -0400
committerGravatar Karl Ramm <kcr@1ts.org>2013-08-08 00:24:58 -0400
commitb9ec2cdc23b77fd86b69ba884c5513f3f71cf025 (patch)
treec032cb5663a00ead030dec9e48ddb790a328dd7b
parent4ebc7e98991e3aea45e950fa5485ddf3157d39bb (diff)
Add fudge factor in subscription sharding
Header lengths are not constant-size because Zcode escapes bytes 0xFF and 0x00 into two bytes. If we end up filling up close to all the space we have and Z_SendFragmentedNotice then computes a header length larger than ours by enough, the message gets fragmented. Getting it fragmented is especially unfortunate because only the first of a fragmented notice ever has a SERVACK survive. (They all get SERVACKs, but libzephyr kindly drops all but the first on the floor.) This isn't a watertight fix; we may get really really unlucky and blow up 13 bytes in the authenticator and checksum. But that's not likely, and a proper fix would involve either computing based on the maximum possible authenticator size (wasteful and hard to bound tightly) or changing to protocol to use a less inappropriate encoding.
-rw-r--r--lib/ZSubs.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/ZSubs.c b/lib/ZSubs.c
index a3d0b78..e0d39ee 100644
--- a/lib/ZSubs.c
+++ b/lib/ZSubs.c
@@ -85,8 +85,11 @@ ZSubscriptions(register ZSubscription_t *sublist,
char **list;
char *recip;
int hdrlen;
- int size_avail = Z_MAXPKTLEN-Z_FRAGFUDGE; /* space avail for data,
- adjusted below */
+ /* Space available for data, adjusted below. Take off Z_FRAGFUDGE twice.
+ The first is to account for Z_SendFragmentedNotice's space. The second
+ to account for hdrlen not being constant. Zcode escapes bytes 0x00 and
+ 0xFF, so some bytes are encoded as two bytes. */
+ int size_avail = Z_MAXPKTLEN-Z_FRAGFUDGE-Z_FRAGFUDGE;
int size, start, numok;
/* nitems = 0 means cancel all subscriptions; still need to allocate a */