FreeBSD kernel IPv4 code
tcp_input.c
Go to the documentation of this file.
1/*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994, 1995
5 * The Regents of the University of California. All rights reserved.
6 * Copyright (c) 2007-2008,2010
7 * Swinburne University of Technology, Melbourne, Australia.
8 * Copyright (c) 2009-2010 Lawrence Stewart <lstewart@freebsd.org>
9 * Copyright (c) 2010 The FreeBSD Foundation
10 * Copyright (c) 2010-2011 Juniper Networks, Inc.
11 * All rights reserved.
12 *
13 * Portions of this software were developed at the Centre for Advanced Internet
14 * Architectures, Swinburne University of Technology, by Lawrence Stewart,
15 * James Healy and David Hayes, made possible in part by a grant from the Cisco
16 * University Research Program Fund at Community Foundation Silicon Valley.
17 *
18 * Portions of this software were developed at the Centre for Advanced
19 * Internet Architectures, Swinburne University of Technology, Melbourne,
20 * Australia by David Hayes under sponsorship from the FreeBSD Foundation.
21 *
22 * Portions of this software were developed by Robert N. M. Watson under
23 * contract to Juniper Networks, Inc.
24 *
25 * Redistribution and use in source and binary forms, with or without
26 * modification, are permitted provided that the following conditions
27 * are met:
28 * 1. Redistributions of source code must retain the above copyright
29 * notice, this list of conditions and the following disclaimer.
30 * 2. Redistributions in binary form must reproduce the above copyright
31 * notice, this list of conditions and the following disclaimer in the
32 * documentation and/or other materials provided with the distribution.
33 * 3. Neither the name of the University nor the names of its contributors
34 * may be used to endorse or promote products derived from this software
35 * without specific prior written permission.
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
38 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
40 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
41 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
42 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
43 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
45 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
46 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47 * SUCH DAMAGE.
48 *
49 * @(#)tcp_input.c 8.12 (Berkeley) 5/24/95
50 */
51
52#include <sys/cdefs.h>
53__FBSDID("$FreeBSD$");
54
55#include "opt_inet.h"
56#include "opt_inet6.h"
57#include "opt_ipsec.h"
58#include "opt_tcpdebug.h"
59
60#include <sys/param.h>
61#include <sys/arb.h>
62#include <sys/kernel.h>
63#ifdef TCP_HHOOK
64#include <sys/hhook.h>
65#endif
66#include <sys/malloc.h>
67#include <sys/mbuf.h>
68#include <sys/proc.h> /* for proc0 declaration */
69#include <sys/protosw.h>
70#include <sys/qmath.h>
71#include <sys/sdt.h>
72#include <sys/signalvar.h>
73#include <sys/socket.h>
74#include <sys/socketvar.h>
75#include <sys/sysctl.h>
76#include <sys/syslog.h>
77#include <sys/systm.h>
78#include <sys/stats.h>
79
80#include <machine/cpu.h> /* before tcp_seq.h, for tcp_random18() */
81
82#include <vm/uma.h>
83
84#include <net/if.h>
85#include <net/if_var.h>
86#include <net/route.h>
87#include <net/vnet.h>
88
89#define TCPSTATES /* for logging */
90
91#include <netinet/in.h>
92#include <netinet/in_kdtrace.h>
93#include <netinet/in_pcb.h>
94#include <netinet/in_systm.h>
95#include <netinet/ip.h>
96#include <netinet/ip_icmp.h> /* required for icmp_var.h */
97#include <netinet/icmp_var.h> /* for ICMP_BANDLIM */
98#include <netinet/ip_var.h>
99#include <netinet/ip_options.h>
100#include <netinet/ip6.h>
101#include <netinet/icmp6.h>
102#include <netinet6/in6_pcb.h>
103#include <netinet6/in6_var.h>
104#include <netinet6/ip6_var.h>
105#include <netinet6/nd6.h>
106#include <netinet/tcp.h>
107#include <netinet/tcp_fsm.h>
108#include <netinet/tcp_log_buf.h>
109#include <netinet/tcp_seq.h>
110#include <netinet/tcp_timer.h>
111#include <netinet/tcp_var.h>
112#include <netinet6/tcp6_var.h>
113#include <netinet/tcpip.h>
114#include <netinet/cc/cc.h>
115#include <netinet/tcp_fastopen.h>
116#ifdef TCPPCAP
117#include <netinet/tcp_pcap.h>
118#endif
119#include <netinet/tcp_syncache.h>
120#ifdef TCPDEBUG
121#include <netinet/tcp_debug.h>
122#endif /* TCPDEBUG */
123#ifdef TCP_OFFLOAD
124#include <netinet/tcp_offload.h>
125#endif
126#include <netinet/tcp_ecn.h>
127#include <netinet/udp.h>
128
129#include <netipsec/ipsec_support.h>
130
131#include <machine/in_cksum.h>
132
133#include <security/mac/mac_framework.h>
134
135const int tcprexmtthresh = 3;
136
137VNET_DEFINE(int, tcp_log_in_vain) = 0;
138SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_VNET | CTLFLAG_RW,
139 &VNET_NAME(tcp_log_in_vain), 0,
140 "Log all incoming TCP segments to closed ports");
141
142VNET_DEFINE(int, blackhole) = 0;
143#define V_blackhole VNET(blackhole)
144SYSCTL_INT(_net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_VNET | CTLFLAG_RW,
145 &VNET_NAME(blackhole), 0,
146 "Do not send RST on segments to closed ports");
147
148VNET_DEFINE(bool, blackhole_local) = false;
149#define V_blackhole_local VNET(blackhole_local)
150SYSCTL_BOOL(_net_inet_tcp, OID_AUTO, blackhole_local, CTLFLAG_VNET |
151 CTLFLAG_RW, &VNET_NAME(blackhole_local), false,
152 "Enforce net.inet.tcp.blackhole for locally originated packets");
153
154VNET_DEFINE(int, tcp_delack_enabled) = 1;
155SYSCTL_INT(_net_inet_tcp, OID_AUTO, delayed_ack, CTLFLAG_VNET | CTLFLAG_RW,
156 &VNET_NAME(tcp_delack_enabled), 0,
157 "Delay ACK to try and piggyback it onto a data packet");
158
159VNET_DEFINE(int, drop_synfin) = 0;
160SYSCTL_INT(_net_inet_tcp, OID_AUTO, drop_synfin, CTLFLAG_VNET | CTLFLAG_RW,
161 &VNET_NAME(drop_synfin), 0,
162 "Drop TCP packets with SYN+FIN set");
163
164VNET_DEFINE(int, tcp_do_prr_conservative) = 0;
165SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_prr_conservative, CTLFLAG_VNET | CTLFLAG_RW,
166 &VNET_NAME(tcp_do_prr_conservative), 0,
167 "Do conservative Proportional Rate Reduction");
168
169VNET_DEFINE(int, tcp_do_prr) = 1;
170SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_prr, CTLFLAG_VNET | CTLFLAG_RW,
171 &VNET_NAME(tcp_do_prr), 1,
172 "Enable Proportional Rate Reduction per RFC 6937");
173
174VNET_DEFINE(int, tcp_do_lrd) = 0;
175SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_lrd, CTLFLAG_VNET | CTLFLAG_RW,
176 &VNET_NAME(tcp_do_lrd), 1,
177 "Perform Lost Retransmission Detection");
178
179VNET_DEFINE(int, tcp_do_newcwv) = 0;
180SYSCTL_INT(_net_inet_tcp, OID_AUTO, newcwv, CTLFLAG_VNET | CTLFLAG_RW,
181 &VNET_NAME(tcp_do_newcwv), 0,
182 "Enable New Congestion Window Validation per RFC7661");
183
184VNET_DEFINE(int, tcp_do_rfc3042) = 1;
185SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3042, CTLFLAG_VNET | CTLFLAG_RW,
186 &VNET_NAME(tcp_do_rfc3042), 0,
187 "Enable RFC 3042 (Limited Transmit)");
188
189VNET_DEFINE(int, tcp_do_rfc3390) = 1;
190SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3390, CTLFLAG_VNET | CTLFLAG_RW,
191 &VNET_NAME(tcp_do_rfc3390), 0,
192 "Enable RFC 3390 (Increasing TCP's Initial Congestion Window)");
193
194VNET_DEFINE(int, tcp_initcwnd_segments) = 10;
195SYSCTL_INT(_net_inet_tcp, OID_AUTO, initcwnd_segments,
196 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(tcp_initcwnd_segments), 0,
197 "Slow-start flight size (initial congestion window) in number of segments");
198
199VNET_DEFINE(int, tcp_do_rfc3465) = 1;
200SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3465, CTLFLAG_VNET | CTLFLAG_RW,
201 &VNET_NAME(tcp_do_rfc3465), 0,
202 "Enable RFC 3465 (Appropriate Byte Counting)");
203
204VNET_DEFINE(int, tcp_abc_l_var) = 2;
205SYSCTL_INT(_net_inet_tcp, OID_AUTO, abc_l_var, CTLFLAG_VNET | CTLFLAG_RW,
206 &VNET_NAME(tcp_abc_l_var), 2,
207 "Cap the max cwnd increment during slow-start to this number of segments");
208
209static SYSCTL_NODE(_net_inet_tcp, OID_AUTO, ecn,
210 CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
211 "TCP ECN");
212
213VNET_DEFINE(int, tcp_do_ecn) = 2;
214SYSCTL_INT(_net_inet_tcp_ecn, OID_AUTO, enable, CTLFLAG_VNET | CTLFLAG_RW,
215 &VNET_NAME(tcp_do_ecn), 0,
216 "TCP ECN support");
217
218VNET_DEFINE(int, tcp_ecn_maxretries) = 1;
219SYSCTL_INT(_net_inet_tcp_ecn, OID_AUTO, maxretries, CTLFLAG_VNET | CTLFLAG_RW,
220 &VNET_NAME(tcp_ecn_maxretries), 0,
221 "Max retries before giving up on ECN");
222
223VNET_DEFINE(int, tcp_insecure_syn) = 0;
224SYSCTL_INT(_net_inet_tcp, OID_AUTO, insecure_syn, CTLFLAG_VNET | CTLFLAG_RW,
225 &VNET_NAME(tcp_insecure_syn), 0,
226 "Follow RFC793 instead of RFC5961 criteria for accepting SYN packets");
227
228VNET_DEFINE(int, tcp_insecure_rst) = 0;
229SYSCTL_INT(_net_inet_tcp, OID_AUTO, insecure_rst, CTLFLAG_VNET | CTLFLAG_RW,
230 &VNET_NAME(tcp_insecure_rst), 0,
231 "Follow RFC793 instead of RFC5961 criteria for accepting RST packets");
232
233VNET_DEFINE(int, tcp_recvspace) = 1024*64;
234#define V_tcp_recvspace VNET(tcp_recvspace)
235SYSCTL_INT(_net_inet_tcp, TCPCTL_RECVSPACE, recvspace, CTLFLAG_VNET | CTLFLAG_RW,
236 &VNET_NAME(tcp_recvspace), 0, "Initial receive socket buffer size");
237
238VNET_DEFINE(int, tcp_do_autorcvbuf) = 1;
239SYSCTL_INT(_net_inet_tcp, OID_AUTO, recvbuf_auto, CTLFLAG_VNET | CTLFLAG_RW,
240 &VNET_NAME(tcp_do_autorcvbuf), 0,
241 "Enable automatic receive buffer sizing");
242
243VNET_DEFINE(int, tcp_autorcvbuf_max) = 2*1024*1024;
244SYSCTL_INT(_net_inet_tcp, OID_AUTO, recvbuf_max, CTLFLAG_VNET | CTLFLAG_RW,
245 &VNET_NAME(tcp_autorcvbuf_max), 0,
246 "Max size of automatic receive buffer");
247
248VNET_DEFINE(struct inpcbinfo, tcbinfo);
249
250/*
251 * TCP statistics are stored in an array of counter(9)s, which size matches
252 * size of struct tcpstat. TCP running connection count is a regular array.
253 */
254VNET_PCPUSTAT_DEFINE(struct tcpstat, tcpstat);
255SYSCTL_VNET_PCPUSTAT(_net_inet_tcp, TCPCTL_STATS, stats, struct tcpstat,
256 tcpstat, "TCP statistics (struct tcpstat, netinet/tcp_var.h)");
257VNET_DEFINE(counter_u64_t, tcps_states[TCP_NSTATES]);
258SYSCTL_COUNTER_U64_ARRAY(_net_inet_tcp, TCPCTL_STATES, states, CTLFLAG_RD |
259 CTLFLAG_VNET, &VNET_NAME(tcps_states)[0], TCP_NSTATES,
260 "TCP connection counts by TCP state");
261
262/*
263 * Kernel module interface for updating tcpstat. The first argument is an index
264 * into tcpstat treated as an array.
265 */
266void
267kmod_tcpstat_add(int statnum, int val)
268{
269
270 counter_u64_add(VNET(tcpstat)[statnum], val);
271}
272
273#ifdef TCP_HHOOK
274/*
275 * Wrapper for the TCP established input helper hook.
276 */
277void
278hhook_run_tcp_est_in(struct tcpcb *tp, struct tcphdr *th, struct tcpopt *to)
279{
280 struct tcp_hhook_data hhook_data;
281
282 if (V_tcp_hhh[HHOOK_TCP_EST_IN]->hhh_nhooks > 0) {
283 hhook_data.tp = tp;
284 hhook_data.th = th;
285 hhook_data.to = to;
286
287 hhook_run_hooks(V_tcp_hhh[HHOOK_TCP_EST_IN], &hhook_data,
288 tp->osd);
289 }
290}
291#endif
292
293/*
294 * CC wrapper hook functions
295 */
296void
297cc_ack_received(struct tcpcb *tp, struct tcphdr *th, uint16_t nsegs,
298 uint16_t type)
299{
300#ifdef STATS
301 int32_t gput;
302#endif
303
304 INP_WLOCK_ASSERT(tp->t_inpcb);
305
306 tp->ccv->nsegs = nsegs;
307 tp->ccv->bytes_this_ack = BYTES_THIS_ACK(tp, th);
308 if ((!V_tcp_do_newcwv && (tp->snd_cwnd <= tp->snd_wnd)) ||
309 (V_tcp_do_newcwv && (tp->snd_cwnd <= tp->snd_wnd) &&
310 (tp->snd_cwnd < (tcp_compute_pipe(tp) * 2))))
311 tp->ccv->flags |= CCF_CWND_LIMITED;
312 else
313 tp->ccv->flags &= ~CCF_CWND_LIMITED;
314
315 if (type == CC_ACK) {
316#ifdef STATS
317 stats_voi_update_abs_s32(tp->t_stats, VOI_TCP_CALCFRWINDIFF,
318 ((int32_t)tp->snd_cwnd) - tp->snd_wnd);
319 if (!IN_RECOVERY(tp->t_flags))
320 stats_voi_update_abs_u32(tp->t_stats, VOI_TCP_ACKLEN,
321 tp->ccv->bytes_this_ack / (tcp_maxseg(tp) * nsegs));
322 if ((tp->t_flags & TF_GPUTINPROG) &&
323 SEQ_GEQ(th->th_ack, tp->gput_ack)) {
324 /*
325 * Compute goodput in bits per millisecond.
326 */
327 gput = (((int64_t)(th->th_ack - tp->gput_seq)) << 3) /
328 max(1, tcp_ts_getticks() - tp->gput_ts);
329 stats_voi_update_abs_u32(tp->t_stats, VOI_TCP_GPUT,
330 gput);
331 /*
332 * XXXLAS: This is a temporary hack, and should be
333 * chained off VOI_TCP_GPUT when stats(9) grows an API
334 * to deal with chained VOIs.
335 */
336 if (tp->t_stats_gput_prev > 0)
337 stats_voi_update_abs_s32(tp->t_stats,
338 VOI_TCP_GPUT_ND,
339 ((gput - tp->t_stats_gput_prev) * 100) /
340 tp->t_stats_gput_prev);
341 tp->t_flags &= ~TF_GPUTINPROG;
342 tp->t_stats_gput_prev = gput;
343 }
344#endif /* STATS */
345 if (tp->snd_cwnd > tp->snd_ssthresh) {
346 tp->t_bytes_acked += tp->ccv->bytes_this_ack;
347 if (tp->t_bytes_acked >= tp->snd_cwnd) {
348 tp->t_bytes_acked -= tp->snd_cwnd;
349 tp->ccv->flags |= CCF_ABC_SENTAWND;
350 }
351 } else {
352 tp->ccv->flags &= ~CCF_ABC_SENTAWND;
353 tp->t_bytes_acked = 0;
354 }
355 }
356
357 if (CC_ALGO(tp)->ack_received != NULL) {
358 /* XXXLAS: Find a way to live without this */
359 tp->ccv->curack = th->th_ack;
360 CC_ALGO(tp)->ack_received(tp->ccv, type);
361 }
362#ifdef STATS
363 stats_voi_update_abs_ulong(tp->t_stats, VOI_TCP_LCWIN, tp->snd_cwnd);
364#endif
365}
366
367void
368cc_conn_init(struct tcpcb *tp)
369{
370 struct hc_metrics_lite metrics;
371 struct inpcb *inp = tp->t_inpcb;
372 u_int maxseg;
373 int rtt;
374
375 INP_WLOCK_ASSERT(tp->t_inpcb);
376
377 tcp_hc_get(&inp->inp_inc, &metrics);
378 maxseg = tcp_maxseg(tp);
379
380 if (tp->t_srtt == 0 && (rtt = metrics.rmx_rtt)) {
381 tp->t_srtt = rtt;
382 tp->t_rttbest = tp->t_srtt + TCP_RTT_SCALE;
383 TCPSTAT_INC(tcps_usedrtt);
384 if (metrics.rmx_rttvar) {
385 tp->t_rttvar = metrics.rmx_rttvar;
386 TCPSTAT_INC(tcps_usedrttvar);
387 } else {
388 /* default variation is +- 1 rtt */
389 tp->t_rttvar =
390 tp->t_srtt * TCP_RTTVAR_SCALE / TCP_RTT_SCALE;
391 }
392 TCPT_RANGESET(tp->t_rxtcur,
393 ((tp->t_srtt >> 2) + tp->t_rttvar) >> 1,
394 tp->t_rttmin, TCPTV_REXMTMAX);
395 }
396 if (metrics.rmx_ssthresh) {
397 /*
398 * There's some sort of gateway or interface
399 * buffer limit on the path. Use this to set
400 * the slow start threshold, but set the
401 * threshold to no less than 2*mss.
402 */
403 tp->snd_ssthresh = max(2 * maxseg, metrics.rmx_ssthresh);
404 TCPSTAT_INC(tcps_usedssthresh);
405 }
406
407 /*
408 * Set the initial slow-start flight size.
409 *
410 * If a SYN or SYN/ACK was lost and retransmitted, we have to
411 * reduce the initial CWND to one segment as congestion is likely
412 * requiring us to be cautious.
413 */
414 if (tp->snd_cwnd == 1)
415 tp->snd_cwnd = maxseg; /* SYN(-ACK) lost */
416 else
417 tp->snd_cwnd = tcp_compute_initwnd(maxseg);
418
419 if (CC_ALGO(tp)->conn_init != NULL)
420 CC_ALGO(tp)->conn_init(tp->ccv);
421}
422
423void inline
424cc_cong_signal(struct tcpcb *tp, struct tcphdr *th, uint32_t type)
425{
426 INP_WLOCK_ASSERT(tp->t_inpcb);
427
428#ifdef STATS
429 stats_voi_update_abs_u32(tp->t_stats, VOI_TCP_CSIG, type);
430#endif
431
432 switch(type) {
433 case CC_NDUPACK:
434 if (!IN_FASTRECOVERY(tp->t_flags)) {
435 tp->snd_recover = tp->snd_max;
436 if (tp->t_flags2 & TF2_ECN_PERMIT)
437 tp->t_flags2 |= TF2_ECN_SND_CWR;
438 }
439 break;
440 case CC_ECN:
441 if (!IN_CONGRECOVERY(tp->t_flags) ||
442 /*
443 * Allow ECN reaction on ACK to CWR, if
444 * that data segment was also CE marked.
445 */
446 SEQ_GEQ(th->th_ack, tp->snd_recover)) {
447 EXIT_CONGRECOVERY(tp->t_flags);
448 TCPSTAT_INC(tcps_ecn_rcwnd);
449 tp->snd_recover = tp->snd_max + 1;
450 if (tp->t_flags2 & TF2_ECN_PERMIT)
451 tp->t_flags2 |= TF2_ECN_SND_CWR;
452 }
453 break;
454 case CC_RTO:
455 tp->t_dupacks = 0;
456 tp->t_bytes_acked = 0;
457 EXIT_RECOVERY(tp->t_flags);
458 if (tp->t_flags2 & TF2_ECN_PERMIT)
459 tp->t_flags2 |= TF2_ECN_SND_CWR;
460 break;
461 case CC_RTO_ERR:
462 TCPSTAT_INC(tcps_sndrexmitbad);
463 /* RTO was unnecessary, so reset everything. */
464 tp->snd_cwnd = tp->snd_cwnd_prev;
465 tp->snd_ssthresh = tp->snd_ssthresh_prev;
466 tp->snd_recover = tp->snd_recover_prev;
467 if (tp->t_flags & TF_WASFRECOVERY)
468 ENTER_FASTRECOVERY(tp->t_flags);
469 if (tp->t_flags & TF_WASCRECOVERY)
470 ENTER_CONGRECOVERY(tp->t_flags);
471 tp->snd_nxt = tp->snd_max;
472 tp->t_flags &= ~TF_PREVVALID;
473 tp->t_badrxtwin = 0;
474 break;
475 }
476
477 if (CC_ALGO(tp)->cong_signal != NULL) {
478 if (th != NULL)
479 tp->ccv->curack = th->th_ack;
480 CC_ALGO(tp)->cong_signal(tp->ccv, type);
481 }
482}
483
484void inline
485cc_post_recovery(struct tcpcb *tp, struct tcphdr *th)
486{
487 INP_WLOCK_ASSERT(tp->t_inpcb);
488
489 /* XXXLAS: KASSERT that we're in recovery? */
490
491 if (CC_ALGO(tp)->post_recovery != NULL) {
492 tp->ccv->curack = th->th_ack;
493 CC_ALGO(tp)->post_recovery(tp->ccv);
494 }
495 /* XXXLAS: EXIT_RECOVERY ? */
496 tp->t_bytes_acked = 0;
497 tp->sackhint.delivered_data = 0;
498 tp->sackhint.prr_out = 0;
499}
500
501/*
502 * Indicate whether this ack should be delayed. We can delay the ack if
503 * following conditions are met:
504 * - There is no delayed ack timer in progress.
505 * - Our last ack wasn't a 0-sized window. We never want to delay
506 * the ack that opens up a 0-sized window.
507 * - LRO wasn't used for this segment. We make sure by checking that the
508 * segment size is not larger than the MSS.
509 */
510#define DELAY_ACK(tp, tlen) \
511 ((!tcp_timer_active(tp, TT_DELACK) && \
512 (tp->t_flags & TF_RXWIN0SENT) == 0) && \
513 (tlen <= tp->t_maxseg) && \
514 (V_tcp_delack_enabled || (tp->t_flags & TF_NEEDSYN)))
515
516void inline
517cc_ecnpkt_handler_flags(struct tcpcb *tp, uint16_t flags, uint8_t iptos)
518{
519 INP_WLOCK_ASSERT(tp->t_inpcb);
520
521 if (CC_ALGO(tp)->ecnpkt_handler != NULL) {
522 switch (iptos & IPTOS_ECN_MASK) {
523 case IPTOS_ECN_CE:
524 tp->ccv->flags |= CCF_IPHDR_CE;
525 break;
526 case IPTOS_ECN_ECT0:
527 /* FALLTHROUGH */
528 case IPTOS_ECN_ECT1:
529 /* FALLTHROUGH */
530 case IPTOS_ECN_NOTECT:
531 tp->ccv->flags &= ~CCF_IPHDR_CE;
532 break;
533 }
534
535 if (flags & TH_CWR)
536 tp->ccv->flags |= CCF_TCPHDR_CWR;
537 else
538 tp->ccv->flags &= ~CCF_TCPHDR_CWR;
539
540 CC_ALGO(tp)->ecnpkt_handler(tp->ccv);
541
542 if (tp->ccv->flags & CCF_ACKNOW) {
543 tcp_timer_activate(tp, TT_DELACK, tcp_delacktime);
544 tp->t_flags |= TF_ACKNOW;
545 }
546 }
547}
548
549void inline
550cc_ecnpkt_handler(struct tcpcb *tp, struct tcphdr *th, uint8_t iptos)
551{
552 cc_ecnpkt_handler_flags(tp, tcp_get_flags(th), iptos);
553}
554
555/*
556 * TCP input handling is split into multiple parts:
557 * tcp6_input is a thin wrapper around tcp_input for the extended
558 * ip6_protox[] call format in ip6_input
559 * tcp_input handles primary segment validation, inpcb lookup and
560 * SYN processing on listen sockets
561 * tcp_do_segment processes the ACK and text of the segment for
562 * establishing, established and closing connections
563 */
564#ifdef INET6
565int
566tcp6_input_with_port(struct mbuf **mp, int *offp, int proto, uint16_t port)
567{
568 struct mbuf *m;
569 struct in6_ifaddr *ia6;
570 struct ip6_hdr *ip6;
571
572 m = *mp;
573 if (m->m_len < *offp + sizeof(struct tcphdr)) {
574 m = m_pullup(m, *offp + sizeof(struct tcphdr));
575 if (m == NULL) {
576 *mp = m;
577 TCPSTAT_INC(tcps_rcvshort);
578 return (IPPROTO_DONE);
579 }
580 }
581
582 /*
583 * draft-itojun-ipv6-tcp-to-anycast
584 * better place to put this in?
585 */
586 ip6 = mtod(m, struct ip6_hdr *);
587 ia6 = in6ifa_ifwithaddr(&ip6->ip6_dst, 0 /* XXX */, false);
588 if (ia6 && (ia6->ia6_flags & IN6_IFF_ANYCAST)) {
589 icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADDR,
590 (caddr_t)&ip6->ip6_dst - (caddr_t)ip6);
591 *mp = NULL;
592 return (IPPROTO_DONE);
593 }
594
595 *mp = m;
596 return (tcp_input_with_port(mp, offp, proto, port));
597}
598
599int
600tcp6_input(struct mbuf **mp, int *offp, int proto)
601{
602
603 return(tcp6_input_with_port(mp, offp, proto, 0));
604}
605#endif /* INET6 */
606
607int
608tcp_input_with_port(struct mbuf **mp, int *offp, int proto, uint16_t port)
609{
610 struct mbuf *m = *mp;
611 struct tcphdr *th = NULL;
612 struct ip *ip = NULL;
613 struct inpcb *inp = NULL;
614 struct tcpcb *tp = NULL;
615 struct socket *so = NULL;
616 u_char *optp = NULL;
617 int off0;
618 int optlen = 0;
619#ifdef INET
620 int len;
621 uint8_t ipttl;
622#endif
623 int tlen = 0, off;
624 int drop_hdrlen;
625 int thflags;
626 int rstreason = 0; /* For badport_bandlim accounting purposes */
627 int lookupflag;
628 uint8_t iptos;
629 struct m_tag *fwd_tag = NULL;
630#ifdef INET6
631 struct ip6_hdr *ip6 = NULL;
632 int isipv6;
633#else
634 const void *ip6 = NULL;
635#endif /* INET6 */
636 struct tcpopt to; /* options in this segment */
637 char *s = NULL; /* address and port logging */
638#ifdef TCPDEBUG
639 /*
640 * The size of tcp_saveipgen must be the size of the max ip header,
641 * now IPv6.
642 */
643 u_char tcp_saveipgen[IP6_HDR_LEN];
644 struct tcphdr tcp_savetcp;
645 short ostate = 0;
646#endif
647
648 NET_EPOCH_ASSERT();
649
650#ifdef INET6
651 isipv6 = (mtod(m, struct ip *)->ip_v == 6) ? 1 : 0;
652#endif
653
654 off0 = *offp;
655 m = *mp;
656 *mp = NULL;
657 to.to_flags = 0;
658 TCPSTAT_INC(tcps_rcvtotal);
659
660#ifdef INET6
661 if (isipv6) {
662 ip6 = mtod(m, struct ip6_hdr *);
663 th = (struct tcphdr *)((caddr_t)ip6 + off0);
664 tlen = sizeof(*ip6) + ntohs(ip6->ip6_plen) - off0;
665 if (port)
666 goto skip6_csum;
667 if (m->m_pkthdr.csum_flags & CSUM_DATA_VALID_IPV6) {
668 if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR)
669 th->th_sum = m->m_pkthdr.csum_data;
670 else
671 th->th_sum = in6_cksum_pseudo(ip6, tlen,
672 IPPROTO_TCP, m->m_pkthdr.csum_data);
673 th->th_sum ^= 0xffff;
674 } else
675 th->th_sum = in6_cksum(m, IPPROTO_TCP, off0, tlen);
676 if (th->th_sum) {
677 TCPSTAT_INC(tcps_rcvbadsum);
678 goto drop;
679 }
680 skip6_csum:
681 /*
682 * Be proactive about unspecified IPv6 address in source.
683 * As we use all-zero to indicate unbounded/unconnected pcb,
684 * unspecified IPv6 address can be used to confuse us.
685 *
686 * Note that packets with unspecified IPv6 destination is
687 * already dropped in ip6_input.
688 */
689 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
690 /* XXX stat */
691 goto drop;
692 }
693 iptos = IPV6_TRAFFIC_CLASS(ip6);
694 }
695#endif
696#if defined(INET) && defined(INET6)
697 else
698#endif
699#ifdef INET
700 {
701 /*
702 * Get IP and TCP header together in first mbuf.
703 * Note: IP leaves IP header in first mbuf.
704 */
705 if (off0 > sizeof (struct ip)) {
706 ip_stripoptions(m);
707 off0 = sizeof(struct ip);
708 }
709 if (m->m_len < sizeof (struct tcpiphdr)) {
710 if ((m = m_pullup(m, sizeof (struct tcpiphdr)))
711 == NULL) {
712 TCPSTAT_INC(tcps_rcvshort);
713 return (IPPROTO_DONE);
714 }
715 }
716 ip = mtod(m, struct ip *);
717 th = (struct tcphdr *)((caddr_t)ip + off0);
718 tlen = ntohs(ip->ip_len) - off0;
719
720 iptos = ip->ip_tos;
721 if (port)
722 goto skip_csum;
723 if (m->m_pkthdr.csum_flags & CSUM_DATA_VALID) {
724 if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR)
725 th->th_sum = m->m_pkthdr.csum_data;
726 else
727 th->th_sum = in_pseudo(ip->ip_src.s_addr,
728 ip->ip_dst.s_addr,
729 htonl(m->m_pkthdr.csum_data + tlen +
730 IPPROTO_TCP));
731 th->th_sum ^= 0xffff;
732 } else {
733 struct ipovly *ipov = (struct ipovly *)ip;
734
735 /*
736 * Checksum extended TCP header and data.
737 */
738 len = off0 + tlen;
739 ipttl = ip->ip_ttl;
740 bzero(ipov->ih_x1, sizeof(ipov->ih_x1));
741 ipov->ih_len = htons(tlen);
742 th->th_sum = in_cksum(m, len);
743 /* Reset length for SDT probes. */
744 ip->ip_len = htons(len);
745 /* Reset TOS bits */
746 ip->ip_tos = iptos;
747 /* Re-initialization for later version check */
748 ip->ip_ttl = ipttl;
749 ip->ip_v = IPVERSION;
750 ip->ip_hl = off0 >> 2;
751 }
752 skip_csum:
753 if (th->th_sum && (port == 0)) {
754 TCPSTAT_INC(tcps_rcvbadsum);
755 goto drop;
756 }
757 }
758#endif /* INET */
759
760 /*
761 * Check that TCP offset makes sense,
762 * pull out TCP options and adjust length. XXX
763 */
764 off = th->th_off << 2;
765 if (off < sizeof (struct tcphdr) || off > tlen) {
766 TCPSTAT_INC(tcps_rcvbadoff);
767 goto drop;
768 }
769 tlen -= off; /* tlen is used instead of ti->ti_len */
770 if (off > sizeof (struct tcphdr)) {
771#ifdef INET6
772 if (isipv6) {
773 if (m->m_len < off0 + off) {
774 m = m_pullup(m, off0 + off);
775 if (m == NULL) {
776 TCPSTAT_INC(tcps_rcvshort);
777 return (IPPROTO_DONE);
778 }
779 }
780 ip6 = mtod(m, struct ip6_hdr *);
781 th = (struct tcphdr *)((caddr_t)ip6 + off0);
782 }
783#endif
784#if defined(INET) && defined(INET6)
785 else
786#endif
787#ifdef INET
788 {
789 if (m->m_len < sizeof(struct ip) + off) {
790 if ((m = m_pullup(m, sizeof (struct ip) + off))
791 == NULL) {
792 TCPSTAT_INC(tcps_rcvshort);
793 return (IPPROTO_DONE);
794 }
795 ip = mtod(m, struct ip *);
796 th = (struct tcphdr *)((caddr_t)ip + off0);
797 }
798 }
799#endif
800 optlen = off - sizeof (struct tcphdr);
801 optp = (u_char *)(th + 1);
802 }
803 thflags = tcp_get_flags(th);
804
805 /*
806 * Convert TCP protocol specific fields to host format.
807 */
808 tcp_fields_to_host(th);
809
810 /*
811 * Delay dropping TCP, IP headers, IPv6 ext headers, and TCP options.
812 */
813 drop_hdrlen = off0 + off;
814
815 /*
816 * Grab info from PACKET_TAG_IPFORWARD tag prepended to the chain.
817 */
818 if (
819#ifdef INET6
820 (isipv6 && (m->m_flags & M_IP6_NEXTHOP))
821#ifdef INET
822 || (!isipv6 && (m->m_flags & M_IP_NEXTHOP))
823#endif
824#endif
825#if defined(INET) && !defined(INET6)
826 (m->m_flags & M_IP_NEXTHOP)
827#endif
828 )
829 fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL);
830
831 /*
832 * For initial SYN packets we don't need write lock on matching
833 * PCB, be it a listening one or a synchronized one. The packet
834 * shall not modify its state.
835 */
836 lookupflag = (thflags & (TH_ACK|TH_SYN)) == TH_SYN ?
837 INPLOOKUP_RLOCKPCB : INPLOOKUP_WLOCKPCB;
838findpcb:
839#ifdef INET6
840 if (isipv6 && fwd_tag != NULL) {
841 struct sockaddr_in6 *next_hop6;
842
843 next_hop6 = (struct sockaddr_in6 *)(fwd_tag + 1);
844 /*
845 * Transparently forwarded. Pretend to be the destination.
846 * Already got one like this?
847 */
848 inp = in6_pcblookup_mbuf(&V_tcbinfo,
849 &ip6->ip6_src, th->th_sport, &ip6->ip6_dst, th->th_dport,
850 lookupflag, m->m_pkthdr.rcvif, m);
851 if (!inp) {
852 /*
853 * It's new. Try to find the ambushing socket.
854 * Because we've rewritten the destination address,
855 * any hardware-generated hash is ignored.
856 */
857 inp = in6_pcblookup(&V_tcbinfo, &ip6->ip6_src,
858 th->th_sport, &next_hop6->sin6_addr,
859 next_hop6->sin6_port ? ntohs(next_hop6->sin6_port) :
860 th->th_dport, INPLOOKUP_WILDCARD | lookupflag,
861 m->m_pkthdr.rcvif);
862 }
863 } else if (isipv6) {
864 inp = in6_pcblookup_mbuf(&V_tcbinfo, &ip6->ip6_src,
865 th->th_sport, &ip6->ip6_dst, th->th_dport,
866 INPLOOKUP_WILDCARD | lookupflag, m->m_pkthdr.rcvif, m);
867 }
868#endif /* INET6 */
869#if defined(INET6) && defined(INET)
870 else
871#endif
872#ifdef INET
873 if (fwd_tag != NULL) {
874 struct sockaddr_in *next_hop;
875
876 next_hop = (struct sockaddr_in *)(fwd_tag+1);
877 /*
878 * Transparently forwarded. Pretend to be the destination.
879 * already got one like this?
880 */
881 inp = in_pcblookup_mbuf(&V_tcbinfo, ip->ip_src, th->th_sport,
882 ip->ip_dst, th->th_dport, lookupflag, m->m_pkthdr.rcvif, m);
883 if (!inp) {
884 /*
885 * It's new. Try to find the ambushing socket.
886 * Because we've rewritten the destination address,
887 * any hardware-generated hash is ignored.
888 */
889 inp = in_pcblookup(&V_tcbinfo, ip->ip_src,
890 th->th_sport, next_hop->sin_addr,
891 next_hop->sin_port ? ntohs(next_hop->sin_port) :
892 th->th_dport, INPLOOKUP_WILDCARD | lookupflag,
893 m->m_pkthdr.rcvif);
894 }
895 } else
896 inp = in_pcblookup_mbuf(&V_tcbinfo, ip->ip_src,
897 th->th_sport, ip->ip_dst, th->th_dport,
898 INPLOOKUP_WILDCARD | lookupflag, m->m_pkthdr.rcvif, m);
899#endif /* INET */
900
901 /*
902 * If the INPCB does not exist then all data in the incoming
903 * segment is discarded and an appropriate RST is sent back.
904 * XXX MRT Send RST using which routing table?
905 */
906 if (inp == NULL) {
907 /*
908 * Log communication attempts to ports that are not
909 * in use.
910 */
911 if ((V_tcp_log_in_vain == 1 && (thflags & TH_SYN)) ||
912 V_tcp_log_in_vain == 2) {
913 if ((s = tcp_log_vain(NULL, th, (void *)ip, ip6)))
914 log(LOG_INFO, "%s; %s: Connection attempt "
915 "to closed port\n", s, __func__);
916 }
917 /*
918 * When blackholing do not respond with a RST but
919 * completely ignore the segment and drop it.
920 */
921 if (((V_blackhole == 1 && (thflags & TH_SYN)) ||
922 V_blackhole == 2) && (V_blackhole_local ||
923#ifdef INET6
924 isipv6 ? !in6_localaddr(&ip6->ip6_src) :
925#endif
926#ifdef INET
927 !in_localip(ip->ip_src)
928#else
929 true
930#endif
931 ))
932 goto dropunlock;
933
934 rstreason = BANDLIM_RST_CLOSEDPORT;
935 goto dropwithreset;
936 }
937 INP_LOCK_ASSERT(inp);
938 /*
939 * While waiting for inp lock during the lookup, another thread
940 * can have dropped the inpcb, in which case we need to loop back
941 * and try to find a new inpcb to deliver to.
942 */
943 if (inp->inp_flags & INP_DROPPED) {
944 INP_UNLOCK(inp);
945 inp = NULL;
946 goto findpcb;
947 }
948 if ((inp->inp_flowtype == M_HASHTYPE_NONE) &&
949 (M_HASHTYPE_GET(m) != M_HASHTYPE_NONE) &&
950 ((inp->inp_socket == NULL) || !SOLISTENING(inp->inp_socket))) {
951 inp->inp_flowid = m->m_pkthdr.flowid;
952 inp->inp_flowtype = M_HASHTYPE_GET(m);
953 }
954#if defined(IPSEC) || defined(IPSEC_SUPPORT)
955#ifdef INET6
956 if (isipv6 && IPSEC_ENABLED(ipv6) &&
957 IPSEC_CHECK_POLICY(ipv6, m, inp) != 0) {
958 goto dropunlock;
959 }
960#ifdef INET
961 else
962#endif
963#endif /* INET6 */
964#ifdef INET
965 if (IPSEC_ENABLED(ipv4) &&
966 IPSEC_CHECK_POLICY(ipv4, m, inp) != 0) {
967 goto dropunlock;
968 }
969#endif /* INET */
970#endif /* IPSEC */
971
972 /*
973 * Check the minimum TTL for socket.
974 */
975 if (inp->inp_ip_minttl != 0) {
976#ifdef INET6
977 if (isipv6) {
978 if (inp->inp_ip_minttl > ip6->ip6_hlim)
979 goto dropunlock;
980 } else
981#endif
982 if (inp->inp_ip_minttl > ip->ip_ttl)
983 goto dropunlock;
984 }
985
986 /*
987 * A previous connection in TIMEWAIT state is supposed to catch stray
988 * or duplicate segments arriving late. If this segment was a
989 * legitimate new connection attempt, the old INPCB gets removed and
990 * we can try again to find a listening socket.
991 */
992 if (inp->inp_flags & INP_TIMEWAIT) {
993 tcp_dooptions(&to, optp, optlen,
994 (thflags & TH_SYN) ? TO_SYN : 0);
995 /*
996 * NB: tcp_twcheck unlocks the INP and frees the mbuf.
997 */
998 if (tcp_twcheck(inp, &to, th, m, tlen))
999 goto findpcb;
1000 return (IPPROTO_DONE);
1001 }
1002 /*
1003 * The TCPCB may no longer exist if the connection is winding
1004 * down or it is in the CLOSED state. Either way we drop the
1005 * segment and send an appropriate response.
1006 */
1007 tp = intotcpcb(inp);
1008 if (tp == NULL || tp->t_state == TCPS_CLOSED) {
1009 rstreason = BANDLIM_RST_CLOSEDPORT;
1010 goto dropwithreset;
1011 }
1012
1013 if ((tp->t_port != port) && (tp->t_state > TCPS_LISTEN)) {
1014 rstreason = BANDLIM_RST_CLOSEDPORT;
1015 goto dropwithreset;
1016 }
1017
1018#ifdef TCP_OFFLOAD
1019 if (tp->t_flags & TF_TOE) {
1020 tcp_offload_input(tp, m);
1021 m = NULL; /* consumed by the TOE driver */
1022 goto dropunlock;
1023 }
1024#endif
1025
1026#ifdef MAC
1027 if (mac_inpcb_check_deliver(inp, m))
1028 goto dropunlock;
1029#endif
1030 so = inp->inp_socket;
1031 KASSERT(so != NULL, ("%s: so == NULL", __func__));
1032#ifdef TCPDEBUG
1033 if (so->so_options & SO_DEBUG) {
1034 ostate = tp->t_state;
1035#ifdef INET6
1036 if (isipv6) {
1037 bcopy((char *)ip6, (char *)tcp_saveipgen, sizeof(*ip6));
1038 } else
1039#endif
1040 bcopy((char *)ip, (char *)tcp_saveipgen, sizeof(*ip));
1041 tcp_savetcp = *th;
1042 }
1043#endif /* TCPDEBUG */
1044 /*
1045 * When the socket is accepting connections (the INPCB is in LISTEN
1046 * state) we look into the SYN cache if this is a new connection
1047 * attempt or the completion of a previous one.
1048 */
1049 KASSERT(tp->t_state == TCPS_LISTEN || !SOLISTENING(so),
1050 ("%s: so accepting but tp %p not listening", __func__, tp));
1051 if (tp->t_state == TCPS_LISTEN && SOLISTENING(so)) {
1052 struct in_conninfo inc;
1053
1054 bzero(&inc, sizeof(inc));
1055#ifdef INET6
1056 if (isipv6) {
1057 inc.inc_flags |= INC_ISIPV6;
1058 if (inp->inp_inc.inc_flags & INC_IPV6MINMTU)
1059 inc.inc_flags |= INC_IPV6MINMTU;
1060 inc.inc6_faddr = ip6->ip6_src;
1061 inc.inc6_laddr = ip6->ip6_dst;
1062 } else
1063#endif
1064 {
1065 inc.inc_faddr = ip->ip_src;
1066 inc.inc_laddr = ip->ip_dst;
1067 }
1068 inc.inc_fport = th->th_sport;
1069 inc.inc_lport = th->th_dport;
1070 inc.inc_fibnum = so->so_fibnum;
1071
1072 /*
1073 * Check for an existing connection attempt in syncache if
1074 * the flag is only ACK. A successful lookup creates a new
1075 * socket appended to the listen queue in SYN_RECEIVED state.
1076 */
1077 if ((thflags & (TH_RST|TH_ACK|TH_SYN)) == TH_ACK) {
1078 /*
1079 * Parse the TCP options here because
1080 * syncookies need access to the reflected
1081 * timestamp.
1082 */
1083 tcp_dooptions(&to, optp, optlen, 0);
1084 /*
1085 * NB: syncache_expand() doesn't unlock
1086 * inp and tcpinfo locks.
1087 */
1088 rstreason = syncache_expand(&inc, &to, th, &so, m, port);
1089 if (rstreason < 0) {
1090 /*
1091 * A failing TCP MD5 signature comparison
1092 * must result in the segment being dropped
1093 * and must not produce any response back
1094 * to the sender.
1095 */
1096 goto dropunlock;
1097 } else if (rstreason == 0) {
1098 /*
1099 * No syncache entry or ACK was not
1100 * for our SYN/ACK. Send a RST.
1101 * NB: syncache did its own logging
1102 * of the failure cause.
1103 */
1104 rstreason = BANDLIM_RST_OPENPORT;
1105 goto dropwithreset;
1106 }
1107tfo_socket_result:
1108 if (so == NULL) {
1109 /*
1110 * We completed the 3-way handshake
1111 * but could not allocate a socket
1112 * either due to memory shortage,
1113 * listen queue length limits or
1114 * global socket limits. Send RST
1115 * or wait and have the remote end
1116 * retransmit the ACK for another
1117 * try.
1118 */
1119 if ((s = tcp_log_addrs(&inc, th, NULL, NULL)))
1120 log(LOG_DEBUG, "%s; %s: Listen socket: "
1121 "Socket allocation failed due to "
1122 "limits or memory shortage, %s\n",
1123 s, __func__,
1124 V_tcp_sc_rst_sock_fail ?
1125 "sending RST" : "try again");
1126 if (V_tcp_sc_rst_sock_fail) {
1127 rstreason = BANDLIM_UNLIMITED;
1128 goto dropwithreset;
1129 } else
1130 goto dropunlock;
1131 }
1132 /*
1133 * Socket is created in state SYN_RECEIVED.
1134 * Unlock the listen socket, lock the newly
1135 * created socket and update the tp variable.
1136 * If we came here via jump to tfo_socket_result,
1137 * then listening socket is read-locked.
1138 */
1139 INP_UNLOCK(inp); /* listen socket */
1140 inp = sotoinpcb(so);
1141 /*
1142 * New connection inpcb is already locked by
1143 * syncache_expand().
1144 */
1145 INP_WLOCK_ASSERT(inp);
1146 tp = intotcpcb(inp);
1147 KASSERT(tp->t_state == TCPS_SYN_RECEIVED,
1148 ("%s: ", __func__));
1149 /*
1150 * Process the segment and the data it
1151 * contains. tcp_do_segment() consumes
1152 * the mbuf chain and unlocks the inpcb.
1153 */
1154 TCP_PROBE5(receive, NULL, tp, m, tp, th);
1155 tp->t_fb->tfb_tcp_do_segment(m, th, so, tp, drop_hdrlen, tlen,
1156 iptos);
1157 return (IPPROTO_DONE);
1158 }
1159 /*
1160 * Segment flag validation for new connection attempts:
1161 *
1162 * Our (SYN|ACK) response was rejected.
1163 * Check with syncache and remove entry to prevent
1164 * retransmits.
1165 *
1166 * NB: syncache_chkrst does its own logging of failure
1167 * causes.
1168 */
1169 if (thflags & TH_RST) {
1170 syncache_chkrst(&inc, th, m, port);
1171 goto dropunlock;
1172 }
1173 /*
1174 * We can't do anything without SYN.
1175 */
1176 if ((thflags & TH_SYN) == 0) {
1177 if ((s = tcp_log_addrs(&inc, th, NULL, NULL)))
1178 log(LOG_DEBUG, "%s; %s: Listen socket: "
1179 "SYN is missing, segment ignored\n",
1180 s, __func__);
1181 TCPSTAT_INC(tcps_badsyn);
1182 goto dropunlock;
1183 }
1184 /*
1185 * (SYN|ACK) is bogus on a listen socket.
1186 */
1187 if (thflags & TH_ACK) {
1188 if ((s = tcp_log_addrs(&inc, th, NULL, NULL)))
1189 log(LOG_DEBUG, "%s; %s: Listen socket: "
1190 "SYN|ACK invalid, segment rejected\n",
1191 s, __func__);
1192 syncache_badack(&inc, port); /* XXX: Not needed! */
1193 TCPSTAT_INC(tcps_badsyn);
1194 rstreason = BANDLIM_RST_OPENPORT;
1195 goto dropwithreset;
1196 }
1197 /*
1198 * If the drop_synfin option is enabled, drop all
1199 * segments with both the SYN and FIN bits set.
1200 * This prevents e.g. nmap from identifying the
1201 * TCP/IP stack.
1202 * XXX: Poor reasoning. nmap has other methods
1203 * and is constantly refining its stack detection
1204 * strategies.
1205 * XXX: This is a violation of the TCP specification
1206 * and was used by RFC1644.
1207 */
1208 if ((thflags & TH_FIN) && V_drop_synfin) {
1209 if ((s = tcp_log_addrs(&inc, th, NULL, NULL)))
1210 log(LOG_DEBUG, "%s; %s: Listen socket: "
1211 "SYN|FIN segment ignored (based on "
1212 "sysctl setting)\n", s, __func__);
1213 TCPSTAT_INC(tcps_badsyn);
1214 goto dropunlock;
1215 }
1216 /*
1217 * Segment's flags are (SYN) or (SYN|FIN).
1218 *
1219 * TH_PUSH, TH_URG, TH_ECE, TH_CWR are ignored
1220 * as they do not affect the state of the TCP FSM.
1221 * The data pointed to by TH_URG and th_urp is ignored.
1222 */
1223 KASSERT((thflags & (TH_RST|TH_ACK)) == 0,
1224 ("%s: Listen socket: TH_RST or TH_ACK set", __func__));
1225 KASSERT(thflags & (TH_SYN),
1226 ("%s: Listen socket: TH_SYN not set", __func__));
1227 INP_RLOCK_ASSERT(inp);
1228#ifdef INET6
1229 /*
1230 * If deprecated address is forbidden,
1231 * we do not accept SYN to deprecated interface
1232 * address to prevent any new inbound connection from
1233 * getting established.
1234 * When we do not accept SYN, we send a TCP RST,
1235 * with deprecated source address (instead of dropping
1236 * it). We compromise it as it is much better for peer
1237 * to send a RST, and RST will be the final packet
1238 * for the exchange.
1239 *
1240 * If we do not forbid deprecated addresses, we accept
1241 * the SYN packet. RFC2462 does not suggest dropping
1242 * SYN in this case.
1243 * If we decipher RFC2462 5.5.4, it says like this:
1244 * 1. use of deprecated addr with existing
1245 * communication is okay - "SHOULD continue to be
1246 * used"
1247 * 2. use of it with new communication:
1248 * (2a) "SHOULD NOT be used if alternate address
1249 * with sufficient scope is available"
1250 * (2b) nothing mentioned otherwise.
1251 * Here we fall into (2b) case as we have no choice in
1252 * our source address selection - we must obey the peer.
1253 *
1254 * The wording in RFC2462 is confusing, and there are
1255 * multiple description text for deprecated address
1256 * handling - worse, they are not exactly the same.
1257 * I believe 5.5.4 is the best one, so we follow 5.5.4.
1258 */
1259 if (isipv6 && !V_ip6_use_deprecated) {
1260 struct in6_ifaddr *ia6;
1261
1262 ia6 = in6ifa_ifwithaddr(&ip6->ip6_dst, 0 /* XXX */, false);
1263 if (ia6 != NULL &&
1264 (ia6->ia6_flags & IN6_IFF_DEPRECATED)) {
1265 if ((s = tcp_log_addrs(&inc, th, NULL, NULL)))
1266 log(LOG_DEBUG, "%s; %s: Listen socket: "
1267 "Connection attempt to deprecated "
1268 "IPv6 address rejected\n",
1269 s, __func__);
1270 rstreason = BANDLIM_RST_OPENPORT;
1271 goto dropwithreset;
1272 }
1273 }
1274#endif /* INET6 */
1275 /*
1276 * Basic sanity checks on incoming SYN requests:
1277 * Don't respond if the destination is a link layer
1278 * broadcast according to RFC1122 4.2.3.10, p. 104.
1279 * If it is from this socket it must be forged.
1280 * Don't respond if the source or destination is a
1281 * global or subnet broad- or multicast address.
1282 * Note that it is quite possible to receive unicast
1283 * link-layer packets with a broadcast IP address. Use
1284 * in_broadcast() to find them.
1285 */
1286 if (m->m_flags & (M_BCAST|M_MCAST)) {
1287 if ((s = tcp_log_addrs(&inc, th, NULL, NULL)))
1288 log(LOG_DEBUG, "%s; %s: Listen socket: "
1289 "Connection attempt from broad- or multicast "
1290 "link layer address ignored\n", s, __func__);
1291 goto dropunlock;
1292 }
1293#ifdef INET6
1294 if (isipv6) {
1295 if (th->th_dport == th->th_sport &&
1296 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &ip6->ip6_src)) {
1297 if ((s = tcp_log_addrs(&inc, th, NULL, NULL)))
1298 log(LOG_DEBUG, "%s; %s: Listen socket: "
1299 "Connection attempt to/from self "
1300 "ignored\n", s, __func__);
1301 goto dropunlock;
1302 }
1303 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
1304 IN6_IS_ADDR_MULTICAST(&ip6->ip6_src)) {
1305 if ((s = tcp_log_addrs(&inc, th, NULL, NULL)))
1306 log(LOG_DEBUG, "%s; %s: Listen socket: "
1307 "Connection attempt from/to multicast "
1308 "address ignored\n", s, __func__);
1309 goto dropunlock;
1310 }
1311 }
1312#endif
1313#if defined(INET) && defined(INET6)
1314 else
1315#endif
1316#ifdef INET
1317 {
1318 if (th->th_dport == th->th_sport &&
1319 ip->ip_dst.s_addr == ip->ip_src.s_addr) {
1320 if ((s = tcp_log_addrs(&inc, th, NULL, NULL)))
1321 log(LOG_DEBUG, "%s; %s: Listen socket: "
1322 "Connection attempt from/to self "
1323 "ignored\n", s, __func__);
1324 goto dropunlock;
1325 }
1326 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) ||
1327 IN_MULTICAST(ntohl(ip->ip_src.s_addr)) ||
1328 ip->ip_src.s_addr == htonl(INADDR_BROADCAST) ||
1329 in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif)) {
1330 if ((s = tcp_log_addrs(&inc, th, NULL, NULL)))
1331 log(LOG_DEBUG, "%s; %s: Listen socket: "
1332 "Connection attempt from/to broad- "
1333 "or multicast address ignored\n",
1334 s, __func__);
1335 goto dropunlock;
1336 }
1337 }
1338#endif
1339 /*
1340 * SYN appears to be valid. Create compressed TCP state
1341 * for syncache.
1342 */
1343#ifdef TCPDEBUG
1344 if (so->so_options & SO_DEBUG)
1345 tcp_trace(TA_INPUT, ostate, tp,
1346 (void *)tcp_saveipgen, &tcp_savetcp, 0);
1347#endif
1348 TCP_PROBE3(debug__input, tp, th, m);
1349 tcp_dooptions(&to, optp, optlen, TO_SYN);
1350 if ((so = syncache_add(&inc, &to, th, inp, so, m, NULL, NULL,
1351 iptos, port)) != NULL)
1352 goto tfo_socket_result;
1353
1354 /*
1355 * Entry added to syncache and mbuf consumed.
1356 * Only the listen socket is unlocked by syncache_add().
1357 */
1358 return (IPPROTO_DONE);
1359 } else if (tp->t_state == TCPS_LISTEN) {
1360 /*
1361 * When a listen socket is torn down the SO_ACCEPTCONN
1362 * flag is removed first while connections are drained
1363 * from the accept queue in a unlock/lock cycle of the
1364 * ACCEPT_LOCK, opening a race condition allowing a SYN
1365 * attempt go through unhandled.
1366 */
1367 goto dropunlock;
1368 }
1369#if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
1370 if (tp->t_flags & TF_SIGNATURE) {
1371 tcp_dooptions(&to, optp, optlen, thflags);
1372 if ((to.to_flags & TOF_SIGNATURE) == 0) {
1373 TCPSTAT_INC(tcps_sig_err_nosigopt);
1374 goto dropunlock;
1375 }
1376 if (!TCPMD5_ENABLED() ||
1377 TCPMD5_INPUT(m, th, to.to_signature) != 0)
1378 goto dropunlock;
1379 }
1380#endif
1381 TCP_PROBE5(receive, NULL, tp, m, tp, th);
1382
1383 /*
1384 * Segment belongs to a connection in SYN_SENT, ESTABLISHED or later
1385 * state. tcp_do_segment() always consumes the mbuf chain, unlocks
1386 * the inpcb, and unlocks pcbinfo.
1387 *
1388 * XXXGL: in case of a pure SYN arriving on existing connection
1389 * TCP stacks won't need to modify the PCB, they would either drop
1390 * the segment silently, or send a challenge ACK. However, we try
1391 * to upgrade the lock, because calling convention for stacks is
1392 * write-lock on PCB. If upgrade fails, drop the SYN.
1393 */
1394 if (lookupflag == INPLOOKUP_RLOCKPCB && INP_TRY_UPGRADE(inp) == 0)
1395 goto dropunlock;
1396
1397 tp->t_fb->tfb_tcp_do_segment(m, th, so, tp, drop_hdrlen, tlen, iptos);
1398 return (IPPROTO_DONE);
1399
1400dropwithreset:
1401 TCP_PROBE5(receive, NULL, tp, m, tp, th);
1402
1403 if (inp != NULL) {
1404 tcp_dropwithreset(m, th, tp, tlen, rstreason);
1405 INP_UNLOCK(inp);
1406 } else
1407 tcp_dropwithreset(m, th, NULL, tlen, rstreason);
1408 m = NULL; /* mbuf chain got consumed. */
1409 goto drop;
1410
1411dropunlock:
1412 if (m != NULL)
1413 TCP_PROBE5(receive, NULL, tp, m, tp, th);
1414
1415 if (inp != NULL)
1416 INP_UNLOCK(inp);
1417
1418drop:
1419 if (s != NULL)
1420 free(s, M_TCPLOG);
1421 if (m != NULL)
1422 m_freem(m);
1423 return (IPPROTO_DONE);
1424}
1425
1426/*
1427 * Automatic sizing of receive socket buffer. Often the send
1428 * buffer size is not optimally adjusted to the actual network
1429 * conditions at hand (delay bandwidth product). Setting the
1430 * buffer size too small limits throughput on links with high
1431 * bandwidth and high delay (eg. trans-continental/oceanic links).
1432 *
1433 * On the receive side the socket buffer memory is only rarely
1434 * used to any significant extent. This allows us to be much
1435 * more aggressive in scaling the receive socket buffer. For
1436 * the case that the buffer space is actually used to a large
1437 * extent and we run out of kernel memory we can simply drop
1438 * the new segments; TCP on the sender will just retransmit it
1439 * later. Setting the buffer size too big may only consume too
1440 * much kernel memory if the application doesn't read() from
1441 * the socket or packet loss or reordering makes use of the
1442 * reassembly queue.
1443 *
1444 * The criteria to step up the receive buffer one notch are:
1445 * 1. Application has not set receive buffer size with
1446 * SO_RCVBUF. Setting SO_RCVBUF clears SB_AUTOSIZE.
1447 * 2. the number of bytes received during 1/2 of an sRTT
1448 * is at least 3/8 of the current socket buffer size.
1449 * 3. receive buffer size has not hit maximal automatic size;
1450 *
1451 * If all of the criteria are met we increaset the socket buffer
1452 * by a 1/2 (bounded by the max). This allows us to keep ahead
1453 * of slow-start but also makes it so our peer never gets limited
1454 * by our rwnd which we then open up causing a burst.
1455 *
1456 * This algorithm does two steps per RTT at most and only if
1457 * we receive a bulk stream w/o packet losses or reorderings.
1458 * Shrinking the buffer during idle times is not necessary as
1459 * it doesn't consume any memory when idle.
1460 *
1461 * TODO: Only step up if the application is actually serving
1462 * the buffer to better manage the socket buffer resources.
1463 */
1464int
1465tcp_autorcvbuf(struct mbuf *m, struct tcphdr *th, struct socket *so,
1466 struct tcpcb *tp, int tlen)
1467{
1468 int newsize = 0;
1469
1470 if (V_tcp_do_autorcvbuf && (so->so_rcv.sb_flags & SB_AUTOSIZE) &&
1471 tp->t_srtt != 0 && tp->rfbuf_ts != 0 &&
1472 TCP_TS_TO_TICKS(tcp_ts_getticks() - tp->rfbuf_ts) >
1473 ((tp->t_srtt >> TCP_RTT_SHIFT)/2)) {
1474 if (tp->rfbuf_cnt > ((so->so_rcv.sb_hiwat / 2)/ 4 * 3) &&
1475 so->so_rcv.sb_hiwat < V_tcp_autorcvbuf_max) {
1476 newsize = min((so->so_rcv.sb_hiwat + (so->so_rcv.sb_hiwat/2)), V_tcp_autorcvbuf_max);
1477 }
1478 TCP_PROBE6(receive__autoresize, NULL, tp, m, tp, th, newsize);
1479
1480 /* Start over with next RTT. */
1481 tp->rfbuf_ts = 0;
1482 tp->rfbuf_cnt = 0;
1483 } else {
1484 tp->rfbuf_cnt += tlen; /* add up */
1485 }
1486 return (newsize);
1487}
1488
1489int
1490tcp_input(struct mbuf **mp, int *offp, int proto)
1491{
1492 return(tcp_input_with_port(mp, offp, proto, 0));
1493}
1494
1495void
1496tcp_handle_wakeup(struct tcpcb *tp, struct socket *so)
1497{
1498 /*
1499 * Since tp might be gone if the session entered
1500 * the TIME_WAIT state before coming here, we need
1501 * to check if the socket is still connected.
1502 */
1503 if (tp == NULL) {
1504 return;
1505 }
1506 if (so == NULL) {
1507 return;
1508 }
1509 INP_LOCK_ASSERT(tp->t_inpcb);
1510 if (tp->t_flags & TF_WAKESOR) {
1511 tp->t_flags &= ~TF_WAKESOR;
1512 SOCKBUF_LOCK_ASSERT(&so->so_rcv);
1513 sorwakeup_locked(so);
1514 }
1515}
1516
1517void
1518tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so,
1519 struct tcpcb *tp, int drop_hdrlen, int tlen, uint8_t iptos)
1520{
1521 uint16_t thflags;
1522 int acked, ourfinisacked, needoutput = 0, sack_changed;
1523 int rstreason, todrop, win, incforsyn = 0;
1524 uint32_t tiwin;
1525 uint16_t nsegs;
1526 char *s;
1527 struct in_conninfo *inc;
1528 struct mbuf *mfree;
1529 struct tcpopt to;
1530 int tfo_syn;
1531 u_int maxseg;
1532
1533#ifdef TCPDEBUG
1534 /*
1535 * The size of tcp_saveipgen must be the size of the max ip header,
1536 * now IPv6.
1537 */
1538 u_char tcp_saveipgen[IP6_HDR_LEN];
1539 struct tcphdr tcp_savetcp;
1540 short ostate = 0;
1541#endif
1542 thflags = tcp_get_flags(th);
1543 inc = &tp->t_inpcb->inp_inc;
1544 tp->sackhint.last_sack_ack = 0;
1545 sack_changed = 0;
1546 nsegs = max(1, m->m_pkthdr.lro_nsegs);
1547
1548 NET_EPOCH_ASSERT();
1549 INP_WLOCK_ASSERT(tp->t_inpcb);
1550 KASSERT(tp->t_state > TCPS_LISTEN, ("%s: TCPS_LISTEN",
1551 __func__));
1552 KASSERT(tp->t_state != TCPS_TIME_WAIT, ("%s: TCPS_TIME_WAIT",
1553 __func__));
1554
1555#ifdef TCPPCAP
1556 /* Save segment, if requested. */
1557 tcp_pcap_add(th, m, &(tp->t_inpkts));
1558#endif
1559 TCP_LOG_EVENT(tp, th, &so->so_rcv, &so->so_snd, TCP_LOG_IN, 0,
1560 tlen, NULL, true);
1561
1562 if ((thflags & TH_SYN) && (thflags & TH_FIN) && V_drop_synfin) {
1563 if ((s = tcp_log_addrs(inc, th, NULL, NULL))) {
1564 log(LOG_DEBUG, "%s; %s: "
1565 "SYN|FIN segment ignored (based on "
1566 "sysctl setting)\n", s, __func__);
1567 free(s, M_TCPLOG);
1568 }
1569 goto drop;
1570 }
1571
1572 /*
1573 * If a segment with the ACK-bit set arrives in the SYN-SENT state
1574 * check SEQ.ACK first.
1575 */
1576 if ((tp->t_state == TCPS_SYN_SENT) && (thflags & TH_ACK) &&
1577 (SEQ_LEQ(th->th_ack, tp->iss) || SEQ_GT(th->th_ack, tp->snd_max))) {
1578 rstreason = BANDLIM_UNLIMITED;
1579 goto dropwithreset;
1580 }
1581
1582 /*
1583 * Segment received on connection.
1584 * Reset idle time and keep-alive timer.
1585 * XXX: This should be done after segment
1586 * validation to ignore broken/spoofed segs.
1587 */
1588 tp->t_rcvtime = ticks;
1589
1590 /*
1591 * Scale up the window into a 32-bit value.
1592 * For the SYN_SENT state the scale is zero.
1593 */
1594 tiwin = th->th_win << tp->snd_scale;
1595#ifdef STATS
1596 stats_voi_update_abs_ulong(tp->t_stats, VOI_TCP_FRWIN, tiwin);
1597#endif
1598
1599 /*
1600 * TCP ECN processing.
1601 */
1602 if (tcp_ecn_input_segment(tp, thflags, iptos))
1603 cc_cong_signal(tp, th, CC_ECN);
1604
1605 /*
1606 * Parse options on any incoming segment.
1607 */
1608 tcp_dooptions(&to, (u_char *)(th + 1),
1609 (th->th_off << 2) - sizeof(struct tcphdr),
1610 (thflags & TH_SYN) ? TO_SYN : 0);
1611
1612#if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
1613 if ((tp->t_flags & TF_SIGNATURE) != 0 &&
1614 (to.to_flags & TOF_SIGNATURE) == 0) {
1615 TCPSTAT_INC(tcps_sig_err_sigopt);
1616 /* XXX: should drop? */
1617 }
1618#endif
1619 /*
1620 * If echoed timestamp is later than the current time,
1621 * fall back to non RFC1323 RTT calculation. Normalize
1622 * timestamp if syncookies were used when this connection
1623 * was established.
1624 */
1625 if ((to.to_flags & TOF_TS) && (to.to_tsecr != 0)) {
1626 to.to_tsecr -= tp->ts_offset;
1627 if (TSTMP_GT(to.to_tsecr, tcp_ts_getticks()))
1628 to.to_tsecr = 0;
1629 else if (tp->t_rxtshift == 1 &&
1630 tp->t_flags & TF_PREVVALID &&
1631 tp->t_badrxtwin != 0 &&
1632 TSTMP_LT(to.to_tsecr, tp->t_badrxtwin))
1633 cc_cong_signal(tp, th, CC_RTO_ERR);
1634 }
1635 /*
1636 * Process options only when we get SYN/ACK back. The SYN case
1637 * for incoming connections is handled in tcp_syncache.
1638 * According to RFC1323 the window field in a SYN (i.e., a <SYN>
1639 * or <SYN,ACK>) segment itself is never scaled.
1640 * XXX this is traditional behavior, may need to be cleaned up.
1641 */
1642 if (tp->t_state == TCPS_SYN_SENT && (thflags & TH_SYN)) {
1643 /* Handle parallel SYN for ECN */
1644 tcp_ecn_input_parallel_syn(tp, thflags, iptos);
1645 if ((to.to_flags & TOF_SCALE) &&
1646 (tp->t_flags & TF_REQ_SCALE) &&
1647 !(tp->t_flags & TF_NOOPT)) {
1648 tp->t_flags |= TF_RCVD_SCALE;
1649 tp->snd_scale = to.to_wscale;
1650 } else
1651 tp->t_flags &= ~TF_REQ_SCALE;
1652 /*
1653 * Initial send window. It will be updated with
1654 * the next incoming segment to the scaled value.
1655 */
1656 tp->snd_wnd = th->th_win;
1657 if ((to.to_flags & TOF_TS) &&
1658 (tp->t_flags & TF_REQ_TSTMP) &&
1659 !(tp->t_flags & TF_NOOPT)) {
1660 tp->t_flags |= TF_RCVD_TSTMP;
1661 tp->ts_recent = to.to_tsval;
1662 tp->ts_recent_age = tcp_ts_getticks();
1663 } else
1664 tp->t_flags &= ~TF_REQ_TSTMP;
1665 if (to.to_flags & TOF_MSS)
1666 tcp_mss(tp, to.to_mss);
1667 if ((tp->t_flags & TF_SACK_PERMIT) &&
1668 (!(to.to_flags & TOF_SACKPERM) ||
1669 (tp->t_flags & TF_NOOPT)))
1670 tp->t_flags &= ~TF_SACK_PERMIT;
1671 if (IS_FASTOPEN(tp->t_flags)) {
1672 if ((to.to_flags & TOF_FASTOPEN) &&
1673 !(tp->t_flags & TF_NOOPT)) {
1674 uint16_t mss;
1675
1676 if (to.to_flags & TOF_MSS)
1677 mss = to.to_mss;
1678 else
1679 if ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0)
1680 mss = TCP6_MSS;
1681 else
1682 mss = TCP_MSS;
1683 tcp_fastopen_update_cache(tp, mss,
1684 to.to_tfo_len, to.to_tfo_cookie);
1685 } else
1686 tcp_fastopen_disable_path(tp);
1687 }
1688 }
1689
1690 /*
1691 * If timestamps were negotiated during SYN/ACK and a
1692 * segment without a timestamp is received, silently drop
1693 * the segment, unless it is a RST segment or missing timestamps are
1694 * tolerated.
1695 * See section 3.2 of RFC 7323.
1696 */
1697 if ((tp->t_flags & TF_RCVD_TSTMP) && !(to.to_flags & TOF_TS)) {
1698 if (((thflags & TH_RST) != 0) || V_tcp_tolerate_missing_ts) {
1699 if ((s = tcp_log_addrs(inc, th, NULL, NULL))) {
1700 log(LOG_DEBUG, "%s; %s: Timestamp missing, "
1701 "segment processed normally\n",
1702 s, __func__);
1703 free(s, M_TCPLOG);
1704 }
1705 } else {
1706 if ((s = tcp_log_addrs(inc, th, NULL, NULL))) {
1707 log(LOG_DEBUG, "%s; %s: Timestamp missing, "
1708 "segment silently dropped\n", s, __func__);
1709 free(s, M_TCPLOG);
1710 }
1711 goto drop;
1712 }
1713 }
1714 /*
1715 * If timestamps were not negotiated during SYN/ACK and a
1716 * segment with a timestamp is received, ignore the
1717 * timestamp and process the packet normally.
1718 * See section 3.2 of RFC 7323.
1719 */
1720 if (!(tp->t_flags & TF_RCVD_TSTMP) && (to.to_flags & TOF_TS)) {
1721 if ((s = tcp_log_addrs(inc, th, NULL, NULL))) {
1722 log(LOG_DEBUG, "%s; %s: Timestamp not expected, "
1723 "segment processed normally\n", s, __func__);
1724 free(s, M_TCPLOG);
1725 }
1726 }
1727
1728 /*
1729 * Header prediction: check for the two common cases
1730 * of a uni-directional data xfer. If the packet has
1731 * no control flags, is in-sequence, the window didn't
1732 * change and we're not retransmitting, it's a
1733 * candidate. If the length is zero and the ack moved
1734 * forward, we're the sender side of the xfer. Just
1735 * free the data acked & wake any higher level process
1736 * that was blocked waiting for space. If the length
1737 * is non-zero and the ack didn't move, we're the
1738 * receiver side. If we're getting packets in-order
1739 * (the reassembly queue is empty), add the data to
1740 * the socket buffer and note that we need a delayed ack.
1741 * Make sure that the hidden state-flags are also off.
1742 * Since we check for TCPS_ESTABLISHED first, it can only
1743 * be TH_NEEDSYN.
1744 */
1745 if (tp->t_state == TCPS_ESTABLISHED &&
1746 th->th_seq == tp->rcv_nxt &&
1747 (thflags & (TH_SYN|TH_FIN|TH_RST|TH_URG|TH_ACK)) == TH_ACK &&
1748 tp->snd_nxt == tp->snd_max &&
1749 tiwin && tiwin == tp->snd_wnd &&
1750 ((tp->t_flags & (TF_NEEDSYN|TF_NEEDFIN)) == 0) &&
1751 SEGQ_EMPTY(tp) &&
1752 ((to.to_flags & TOF_TS) == 0 ||
1753 TSTMP_GEQ(to.to_tsval, tp->ts_recent)) ) {
1754 /*
1755 * If last ACK falls within this segment's sequence numbers,
1756 * record the timestamp.
1757 * NOTE that the test is modified according to the latest
1758 * proposal of the tcplw@cray.com list (Braden 1993/04/26).
1759 */
1760 if ((to.to_flags & TOF_TS) != 0 &&
1761 SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
1762 tp->ts_recent_age = tcp_ts_getticks();
1763 tp->ts_recent = to.to_tsval;
1764 }
1765
1766 if (tlen == 0) {
1767 if (SEQ_GT(th->th_ack, tp->snd_una) &&
1768 SEQ_LEQ(th->th_ack, tp->snd_max) &&
1769 !IN_RECOVERY(tp->t_flags) &&
1770 (to.to_flags & TOF_SACK) == 0 &&
1771 TAILQ_EMPTY(&tp->snd_holes)) {
1772 /*
1773 * This is a pure ack for outstanding data.
1774 */
1775 TCPSTAT_INC(tcps_predack);
1776
1777 /*
1778 * "bad retransmit" recovery without timestamps.
1779 */
1780 if ((to.to_flags & TOF_TS) == 0 &&
1781 tp->t_rxtshift == 1 &&
1782 tp->t_flags & TF_PREVVALID &&
1783 tp->t_badrxtwin != 0 &&
1784 TSTMP_LT(ticks, tp->t_badrxtwin)) {
1785 cc_cong_signal(tp, th, CC_RTO_ERR);
1786 }
1787
1788 /*
1789 * Recalculate the transmit timer / rtt.
1790 *
1791 * Some boxes send broken timestamp replies
1792 * during the SYN+ACK phase, ignore
1793 * timestamps of 0 or we could calculate a
1794 * huge RTT and blow up the retransmit timer.
1795 */
1796 if ((to.to_flags & TOF_TS) != 0 &&
1797 to.to_tsecr) {
1798 uint32_t t;
1799
1800 t = tcp_ts_getticks() - to.to_tsecr;
1801 if (!tp->t_rttlow || tp->t_rttlow > t)
1802 tp->t_rttlow = t;
1803 tcp_xmit_timer(tp,
1804 TCP_TS_TO_TICKS(t) + 1);
1805 } else if (tp->t_rtttime &&
1806 SEQ_GT(th->th_ack, tp->t_rtseq)) {
1807 if (!tp->t_rttlow ||
1808 tp->t_rttlow > ticks - tp->t_rtttime)
1809 tp->t_rttlow = ticks - tp->t_rtttime;
1810 tcp_xmit_timer(tp,
1811 ticks - tp->t_rtttime);
1812 }
1813 acked = BYTES_THIS_ACK(tp, th);
1814
1815#ifdef TCP_HHOOK
1816 /* Run HHOOK_TCP_ESTABLISHED_IN helper hooks. */
1817 hhook_run_tcp_est_in(tp, th, &to);
1818#endif
1819
1820 TCPSTAT_ADD(tcps_rcvackpack, nsegs);
1821 TCPSTAT_ADD(tcps_rcvackbyte, acked);
1822 sbdrop(&so->so_snd, acked);
1823 if (SEQ_GT(tp->snd_una, tp->snd_recover) &&
1824 SEQ_LEQ(th->th_ack, tp->snd_recover))
1825 tp->snd_recover = th->th_ack - 1;
1826
1827 /*
1828 * Let the congestion control algorithm update
1829 * congestion control related information. This
1830 * typically means increasing the congestion
1831 * window.
1832 */
1833 cc_ack_received(tp, th, nsegs, CC_ACK);
1834
1835 tp->snd_una = th->th_ack;
1836 /*
1837 * Pull snd_wl2 up to prevent seq wrap relative
1838 * to th_ack.
1839 */
1840 tp->snd_wl2 = th->th_ack;
1841 tp->t_dupacks = 0;
1842 m_freem(m);
1843
1844 /*
1845 * If all outstanding data are acked, stop
1846 * retransmit timer, otherwise restart timer
1847 * using current (possibly backed-off) value.
1848 * If process is waiting for space,
1849 * wakeup/selwakeup/signal. If data
1850 * are ready to send, let tcp_output
1851 * decide between more output or persist.
1852 */
1853#ifdef TCPDEBUG
1854 if (so->so_options & SO_DEBUG)
1855 tcp_trace(TA_INPUT, ostate, tp,
1856 (void *)tcp_saveipgen,
1857 &tcp_savetcp, 0);
1858#endif
1859 TCP_PROBE3(debug__input, tp, th, m);
1860 if (tp->snd_una == tp->snd_max)
1861 tcp_timer_activate(tp, TT_REXMT, 0);
1862 else if (!tcp_timer_active(tp, TT_PERSIST))
1863 tcp_timer_activate(tp, TT_REXMT,
1864 tp->t_rxtcur);
1865 sowwakeup(so);
1866 if (sbavail(&so->so_snd))
1867 (void) tcp_output(tp);
1868 goto check_delack;
1869 }
1870 } else if (th->th_ack == tp->snd_una &&
1871 tlen <= sbspace(&so->so_rcv)) {
1872 int newsize = 0; /* automatic sockbuf scaling */
1873
1874 /*
1875 * This is a pure, in-sequence data packet with
1876 * nothing on the reassembly queue and we have enough
1877 * buffer space to take it.
1878 */
1879 /* Clean receiver SACK report if present */
1880 if ((tp->t_flags & TF_SACK_PERMIT) && tp->rcv_numsacks)
1881 tcp_clean_sackreport(tp);
1882 TCPSTAT_INC(tcps_preddat);
1883 tp->rcv_nxt += tlen;
1884 if (tlen &&
1885 ((tp->t_flags2 & TF2_FBYTES_COMPLETE) == 0) &&
1886 (tp->t_fbyte_in == 0)) {
1887 tp->t_fbyte_in = ticks;
1888 if (tp->t_fbyte_in == 0)
1889 tp->t_fbyte_in = 1;
1890 if (tp->t_fbyte_out && tp->t_fbyte_in)
1891 tp->t_flags2 |= TF2_FBYTES_COMPLETE;
1892 }
1893 /*
1894 * Pull snd_wl1 up to prevent seq wrap relative to
1895 * th_seq.
1896 */
1897 tp->snd_wl1 = th->th_seq;
1898 /*
1899 * Pull rcv_up up to prevent seq wrap relative to
1900 * rcv_nxt.
1901 */
1902 tp->rcv_up = tp->rcv_nxt;
1903 TCPSTAT_ADD(tcps_rcvpack, nsegs);
1904 TCPSTAT_ADD(tcps_rcvbyte, tlen);
1905#ifdef TCPDEBUG
1906 if (so->so_options & SO_DEBUG)
1907 tcp_trace(TA_INPUT, ostate, tp,
1908 (void *)tcp_saveipgen, &tcp_savetcp, 0);
1909#endif
1910 TCP_PROBE3(debug__input, tp, th, m);
1911
1912 newsize = tcp_autorcvbuf(m, th, so, tp, tlen);
1913
1914 /* Add data to socket buffer. */
1915 SOCKBUF_LOCK(&so->so_rcv);
1916 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
1917 m_freem(m);
1918 } else {
1919 /*
1920 * Set new socket buffer size.
1921 * Give up when limit is reached.
1922 */
1923 if (newsize)
1924 if (!sbreserve_locked(&so->so_rcv,
1925 newsize, so, NULL))
1926 so->so_rcv.sb_flags &= ~SB_AUTOSIZE;
1927 m_adj(m, drop_hdrlen); /* delayed header drop */
1928 sbappendstream_locked(&so->so_rcv, m, 0);
1929 }
1930 /* NB: sorwakeup_locked() does an implicit unlock. */
1931 sorwakeup_locked(so);
1932 if (DELAY_ACK(tp, tlen)) {
1933 tp->t_flags |= TF_DELACK;
1934 } else {
1935 tp->t_flags |= TF_ACKNOW;
1936 tcp_output(tp);
1937 }
1938 goto check_delack;
1939 }
1940 }
1941
1942 /*
1943 * Calculate amount of space in receive window,
1944 * and then do TCP input processing.
1945 * Receive window is amount of space in rcv queue,
1946 * but not less than advertised window.
1947 */
1948 win = sbspace(&so->so_rcv);
1949 if (win < 0)
1950 win = 0;
1951 tp->rcv_wnd = imax(win, (int)(tp->rcv_adv - tp->rcv_nxt));
1952
1953 switch (tp->t_state) {
1954 /*
1955 * If the state is SYN_RECEIVED:
1956 * if seg contains an ACK, but not for our SYN/ACK, send a RST.
1957 */
1958 case TCPS_SYN_RECEIVED:
1959 if ((thflags & TH_ACK) &&
1960 (SEQ_LEQ(th->th_ack, tp->snd_una) ||
1961 SEQ_GT(th->th_ack, tp->snd_max))) {
1962 rstreason = BANDLIM_RST_OPENPORT;
1963 goto dropwithreset;
1964 }
1965 if (IS_FASTOPEN(tp->t_flags)) {
1966 /*
1967 * When a TFO connection is in SYN_RECEIVED, the
1968 * only valid packets are the initial SYN, a
1969 * retransmit/copy of the initial SYN (possibly with
1970 * a subset of the original data), a valid ACK, a
1971 * FIN, or a RST.
1972 */
1973 if ((thflags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)) {
1974 rstreason = BANDLIM_RST_OPENPORT;
1975 goto dropwithreset;
1976 } else if (thflags & TH_SYN) {
1977 /* non-initial SYN is ignored */
1978 if ((tcp_timer_active(tp, TT_DELACK) ||
1979 tcp_timer_active(tp, TT_REXMT)))
1980 goto drop;
1981 } else if (!(thflags & (TH_ACK|TH_FIN|TH_RST))) {
1982 goto drop;
1983 }
1984 }
1985 break;
1986
1987 /*
1988 * If the state is SYN_SENT:
1989 * if seg contains a RST with valid ACK (SEQ.ACK has already
1990 * been verified), then drop the connection.
1991 * if seg contains a RST without an ACK, drop the seg.
1992 * if seg does not contain SYN, then drop the seg.
1993 * Otherwise this is an acceptable SYN segment
1994 * initialize tp->rcv_nxt and tp->irs
1995 * if seg contains ack then advance tp->snd_una
1996 * if seg contains an ECE and ECN support is enabled, the stream
1997 * is ECN capable.
1998 * if SYN has been acked change to ESTABLISHED else SYN_RCVD state
1999 * arrange for segment to be acked (eventually)
2000 * continue processing rest of data/controls, beginning with URG
2001 */
2002 case TCPS_SYN_SENT:
2003 if ((thflags & (TH_ACK|TH_RST)) == (TH_ACK|TH_RST)) {
2004 TCP_PROBE5(connect__refused, NULL, tp,
2005 m, tp, th);
2006 tp = tcp_drop(tp, ECONNREFUSED);
2007 }
2008 if (thflags & TH_RST)
2009 goto drop;
2010 if (!(thflags & TH_SYN))
2011 goto drop;
2012
2013 tp->irs = th->th_seq;
2014 tcp_rcvseqinit(tp);
2015 if (thflags & TH_ACK) {
2016 int tfo_partial_ack = 0;
2017
2018 TCPSTAT_INC(tcps_connects);
2019 soisconnected(so);
2020#ifdef MAC
2021 mac_socketpeer_set_from_mbuf(m, so);
2022#endif
2023 /* Do window scaling on this connection? */
2024 if ((tp->t_flags & (TF_RCVD_SCALE|TF_REQ_SCALE)) ==
2025 (TF_RCVD_SCALE|TF_REQ_SCALE)) {
2026 tp->rcv_scale = tp->request_r_scale;
2027 }
2028 tp->rcv_adv += min(tp->rcv_wnd,
2029 TCP_MAXWIN << tp->rcv_scale);
2030 tp->snd_una++; /* SYN is acked */
2031 /*
2032 * If not all the data that was sent in the TFO SYN
2033 * has been acked, resend the remainder right away.
2034 */
2035 if (IS_FASTOPEN(tp->t_flags) &&
2036 (tp->snd_una != tp->snd_max)) {
2037 tp->snd_nxt = th->th_ack;
2038 tfo_partial_ack = 1;
2039 }
2040 /*
2041 * If there's data, delay ACK; if there's also a FIN
2042 * ACKNOW will be turned on later.
2043 */
2044 if (DELAY_ACK(tp, tlen) && tlen != 0 && !tfo_partial_ack)
2045 tcp_timer_activate(tp, TT_DELACK,
2046 tcp_delacktime);
2047 else
2048 tp->t_flags |= TF_ACKNOW;
2049
2050 tcp_ecn_input_syn_sent(tp, thflags, iptos);
2051
2052 /*
2053 * Received <SYN,ACK> in SYN_SENT[*] state.
2054 * Transitions:
2055 * SYN_SENT --> ESTABLISHED
2056 * SYN_SENT* --> FIN_WAIT_1
2057 */
2058 tp->t_starttime = ticks;
2059 if (tp->t_flags & TF_NEEDFIN) {
2060 tcp_state_change(tp, TCPS_FIN_WAIT_1);
2061 tp->t_flags &= ~TF_NEEDFIN;
2062 thflags &= ~TH_SYN;
2063 } else {
2064 tcp_state_change(tp, TCPS_ESTABLISHED);
2065 TCP_PROBE5(connect__established, NULL, tp,
2066 m, tp, th);
2067 cc_conn_init(tp);
2068 tcp_timer_activate(tp, TT_KEEP,
2069 TP_KEEPIDLE(tp));
2070 }
2071 } else {
2072 /*
2073 * Received initial SYN in SYN-SENT[*] state =>
2074 * simultaneous open.
2075 * If it succeeds, connection is * half-synchronized.
2076 * Otherwise, do 3-way handshake:
2077 * SYN-SENT -> SYN-RECEIVED
2078 * SYN-SENT* -> SYN-RECEIVED*
2079 */
2080 tp->t_flags |= (TF_ACKNOW | TF_NEEDSYN);
2081 tcp_timer_activate(tp, TT_REXMT, 0);
2082 tcp_state_change(tp, TCPS_SYN_RECEIVED);
2083 }
2084
2085 INP_WLOCK_ASSERT(tp->t_inpcb);
2086
2087 /*
2088 * Advance th->th_seq to correspond to first data byte.
2089 * If data, trim to stay within window,
2090 * dropping FIN if necessary.
2091 */
2092 th->th_seq++;
2093 if (tlen > tp->rcv_wnd) {
2094 todrop = tlen - tp->rcv_wnd;
2095 m_adj(m, -todrop);
2096 tlen = tp->rcv_wnd;
2097 thflags &= ~TH_FIN;
2098 TCPSTAT_INC(tcps_rcvpackafterwin);
2099 TCPSTAT_ADD(tcps_rcvbyteafterwin, todrop);
2100 }
2101 tp->snd_wl1 = th->th_seq - 1;
2102 tp->rcv_up = th->th_seq;
2103 /*
2104 * Client side of transaction: already sent SYN and data.
2105 * If the remote host used T/TCP to validate the SYN,
2106 * our data will be ACK'd; if so, enter normal data segment
2107 * processing in the middle of step 5, ack processing.
2108 * Otherwise, goto step 6.
2109 */
2110 if (thflags & TH_ACK)
2111 goto process_ACK;
2112
2113 goto step6;
2114
2115 /*
2116 * If the state is LAST_ACK or CLOSING or TIME_WAIT:
2117 * do normal processing.
2118 *
2119 * NB: Leftover from RFC1644 T/TCP. Cases to be reused later.
2120 */
2121 case TCPS_LAST_ACK:
2122 case TCPS_CLOSING:
2123 break; /* continue normal processing */
2124 }
2125
2126 /*
2127 * States other than LISTEN or SYN_SENT.
2128 * First check the RST flag and sequence number since reset segments
2129 * are exempt from the timestamp and connection count tests. This
2130 * fixes a bug introduced by the Stevens, vol. 2, p. 960 bugfix
2131 * below which allowed reset segments in half the sequence space
2132 * to fall though and be processed (which gives forged reset
2133 * segments with a random sequence number a 50 percent chance of
2134 * killing a connection).
2135 * Then check timestamp, if present.
2136 * Then check the connection count, if present.
2137 * Then check that at least some bytes of segment are within
2138 * receive window. If segment begins before rcv_nxt,
2139 * drop leading data (and SYN); if nothing left, just ack.
2140 */
2141 if (thflags & TH_RST) {
2142 /*
2143 * RFC5961 Section 3.2
2144 *
2145 * - RST drops connection only if SEG.SEQ == RCV.NXT.
2146 * - If RST is in window, we send challenge ACK.
2147 *
2148 * Note: to take into account delayed ACKs, we should
2149 * test against last_ack_sent instead of rcv_nxt.
2150 * Note 2: we handle special case of closed window, not
2151 * covered by the RFC.
2152 */
2153 if ((SEQ_GEQ(th->th_seq, tp->last_ack_sent) &&
2154 SEQ_LT(th->th_seq, tp->last_ack_sent + tp->rcv_wnd)) ||
2155 (tp->rcv_wnd == 0 && tp->last_ack_sent == th->th_seq)) {
2156 KASSERT(tp->t_state != TCPS_SYN_SENT,
2157 ("%s: TH_RST for TCPS_SYN_SENT th %p tp %p",
2158 __func__, th, tp));
2159
2160 if (V_tcp_insecure_rst ||
2161 tp->last_ack_sent == th->th_seq) {
2162 TCPSTAT_INC(tcps_drops);
2163 /* Drop the connection. */
2164 switch (tp->t_state) {
2165 case TCPS_SYN_RECEIVED:
2166 so->so_error = ECONNREFUSED;
2167 goto close;
2168 case TCPS_ESTABLISHED:
2169 case TCPS_FIN_WAIT_1:
2170 case TCPS_FIN_WAIT_2:
2171 case TCPS_CLOSE_WAIT:
2172 case TCPS_CLOSING:
2173 case TCPS_LAST_ACK:
2174 so->so_error = ECONNRESET;
2175 close:
2176 /* FALLTHROUGH */
2177 default:
2178 tp = tcp_close(tp);
2179 }
2180 } else {
2181 TCPSTAT_INC(tcps_badrst);
2182 /* Send challenge ACK. */
2183 tcp_respond(tp, mtod(m, void *), th, m,
2184 tp->rcv_nxt, tp->snd_nxt, TH_ACK);
2185 tp->last_ack_sent = tp->rcv_nxt;
2186 m = NULL;
2187 }
2188 }
2189 goto drop;
2190 }
2191
2192 /*
2193 * RFC5961 Section 4.2
2194 * Send challenge ACK for any SYN in synchronized state.
2195 */
2196 if ((thflags & TH_SYN) && tp->t_state != TCPS_SYN_SENT &&
2197 tp->t_state != TCPS_SYN_RECEIVED) {
2198 TCPSTAT_INC(tcps_badsyn);
2199 if (V_tcp_insecure_syn &&
2200 SEQ_GEQ(th->th_seq, tp->last_ack_sent) &&
2201 SEQ_LT(th->th_seq, tp->last_ack_sent + tp->rcv_wnd)) {
2202 tp = tcp_drop(tp, ECONNRESET);
2203 rstreason = BANDLIM_UNLIMITED;
2204 } else {
2205 /* Send challenge ACK. */
2206 tcp_respond(tp, mtod(m, void *), th, m, tp->rcv_nxt,
2207 tp->snd_nxt, TH_ACK);
2208 tp->last_ack_sent = tp->rcv_nxt;
2209 m = NULL;
2210 }
2211 goto drop;
2212 }
2213
2214 /*
2215 * RFC 1323 PAWS: If we have a timestamp reply on this segment
2216 * and it's less than ts_recent, drop it.
2217 */
2218 if ((to.to_flags & TOF_TS) != 0 && tp->ts_recent &&
2219 TSTMP_LT(to.to_tsval, tp->ts_recent)) {
2220 /* Check to see if ts_recent is over 24 days old. */
2221 if (tcp_ts_getticks() - tp->ts_recent_age > TCP_PAWS_IDLE) {
2222 /*
2223 * Invalidate ts_recent. If this segment updates
2224 * ts_recent, the age will be reset later and ts_recent
2225 * will get a valid value. If it does not, setting
2226 * ts_recent to zero will at least satisfy the
2227 * requirement that zero be placed in the timestamp
2228 * echo reply when ts_recent isn't valid. The
2229 * age isn't reset until we get a valid ts_recent
2230 * because we don't want out-of-order segments to be
2231 * dropped when ts_recent is old.
2232 */
2233 tp->ts_recent = 0;
2234 } else {
2235 TCPSTAT_INC(tcps_rcvduppack);
2236 TCPSTAT_ADD(tcps_rcvdupbyte, tlen);
2237 TCPSTAT_INC(tcps_pawsdrop);
2238 if (tlen)
2239 goto dropafterack;
2240 goto drop;
2241 }
2242 }
2243
2244 /*
2245 * In the SYN-RECEIVED state, validate that the packet belongs to
2246 * this connection before trimming the data to fit the receive
2247 * window. Check the sequence number versus IRS since we know
2248 * the sequence numbers haven't wrapped. This is a partial fix
2249 * for the "LAND" DoS attack.
2250 */
2251 if (tp->t_state == TCPS_SYN_RECEIVED && SEQ_LT(th->th_seq, tp->irs)) {
2252 rstreason = BANDLIM_RST_OPENPORT;
2253 goto dropwithreset;
2254 }
2255
2256 todrop = tp->rcv_nxt - th->th_seq;
2257 if (todrop > 0) {
2258 if (thflags & TH_SYN) {
2259 thflags &= ~TH_SYN;
2260 th->th_seq++;
2261 if (th->th_urp > 1)
2262 th->th_urp--;
2263 else
2264 thflags &= ~TH_URG;
2265 todrop--;
2266 }
2267 /*
2268 * Following if statement from Stevens, vol. 2, p. 960.
2269 */
2270 if (todrop > tlen
2271 || (todrop == tlen && (thflags & TH_FIN) == 0)) {
2272 /*
2273 * Any valid FIN must be to the left of the window.
2274 * At this point the FIN must be a duplicate or out
2275 * of sequence; drop it.
2276 */
2277 thflags &= ~TH_FIN;
2278
2279 /*
2280 * Send an ACK to resynchronize and drop any data.
2281 * But keep on processing for RST or ACK.
2282 */
2283 tp->t_flags |= TF_ACKNOW;
2284 todrop = tlen;
2285 TCPSTAT_INC(tcps_rcvduppack);
2286 TCPSTAT_ADD(tcps_rcvdupbyte, todrop);
2287 } else {
2288 TCPSTAT_INC(tcps_rcvpartduppack);
2289 TCPSTAT_ADD(tcps_rcvpartdupbyte, todrop);
2290 }
2291 /*
2292 * DSACK - add SACK block for dropped range
2293 */
2294 if ((todrop > 0) && (tp->t_flags & TF_SACK_PERMIT)) {
2295 tcp_update_sack_list(tp, th->th_seq,
2296 th->th_seq + todrop);
2297 /*
2298 * ACK now, as the next in-sequence segment
2299 * will clear the DSACK block again
2300 */
2301 tp->t_flags |= TF_ACKNOW;
2302 }
2303 drop_hdrlen += todrop; /* drop from the top afterwards */
2304 th->th_seq += todrop;
2305 tlen -= todrop;
2306 if (th->th_urp > todrop)
2307 th->th_urp -= todrop;
2308 else {
2309 thflags &= ~TH_URG;
2310 th->th_urp = 0;
2311 }
2312 }
2313
2314 /*
2315 * If new data are received on a connection after the
2316 * user processes are gone, then RST the other end.
2317 */
2318 if ((so->so_state & SS_NOFDREF) &&
2319 tp->t_state > TCPS_CLOSE_WAIT && tlen) {
2320 if ((s = tcp_log_addrs(inc, th, NULL, NULL))) {
2321 log(LOG_DEBUG, "%s; %s: %s: Received %d bytes of data "
2322 "after socket was closed, "
2323 "sending RST and removing tcpcb\n",
2324 s, __func__, tcpstates[tp->t_state], tlen);
2325 free(s, M_TCPLOG);
2326 }
2327 tp = tcp_close(tp);
2328 TCPSTAT_INC(tcps_rcvafterclose);
2329 rstreason = BANDLIM_UNLIMITED;
2330 goto dropwithreset;
2331 }
2332
2333 /*
2334 * If segment ends after window, drop trailing data
2335 * (and PUSH and FIN); if nothing left, just ACK.
2336 */
2337 todrop = (th->th_seq + tlen) - (tp->rcv_nxt + tp->rcv_wnd);
2338 if (todrop > 0) {
2339 TCPSTAT_INC(tcps_rcvpackafterwin);
2340 if (todrop >= tlen) {
2341 TCPSTAT_ADD(tcps_rcvbyteafterwin, tlen);
2342 /*
2343 * If window is closed can only take segments at
2344 * window edge, and have to drop data and PUSH from
2345 * incoming segments. Continue processing, but
2346 * remember to ack. Otherwise, drop segment
2347 * and ack.
2348 */
2349 if (tp->rcv_wnd == 0 && th->th_seq == tp->rcv_nxt) {
2350 tp->t_flags |= TF_ACKNOW;
2351 TCPSTAT_INC(tcps_rcvwinprobe);
2352 } else
2353 goto dropafterack;
2354 } else
2355 TCPSTAT_ADD(tcps_rcvbyteafterwin, todrop);
2356 m_adj(m, -todrop);
2357 tlen -= todrop;
2358 thflags &= ~(TH_PUSH|TH_FIN);
2359 }
2360
2361 /*
2362 * If last ACK falls within this segment's sequence numbers,
2363 * record its timestamp.
2364 * NOTE:
2365 * 1) That the test incorporates suggestions from the latest
2366 * proposal of the tcplw@cray.com list (Braden 1993/04/26).
2367 * 2) That updating only on newer timestamps interferes with
2368 * our earlier PAWS tests, so this check should be solely
2369 * predicated on the sequence space of this segment.
2370 * 3) That we modify the segment boundary check to be
2371 * Last.ACK.Sent <= SEG.SEQ + SEG.Len
2372 * instead of RFC1323's
2373 * Last.ACK.Sent < SEG.SEQ + SEG.Len,
2374 * This modified check allows us to overcome RFC1323's
2375 * limitations as described in Stevens TCP/IP Illustrated
2376 * Vol. 2 p.869. In such cases, we can still calculate the
2377 * RTT correctly when RCV.NXT == Last.ACK.Sent.
2378 */
2379 if ((to.to_flags & TOF_TS) != 0 &&
2380 SEQ_LEQ(th->th_seq, tp->last_ack_sent) &&
2381 SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen +
2382 ((thflags & (TH_SYN|TH_FIN)) != 0))) {
2383 tp->ts_recent_age = tcp_ts_getticks();
2384 tp->ts_recent = to.to_tsval;
2385 }
2386
2387 /*
2388 * If the ACK bit is off: if in SYN-RECEIVED state or SENDSYN
2389 * flag is on (half-synchronized state), then queue data for
2390 * later processing; else drop segment and return.
2391 */
2392 if ((thflags & TH_ACK) == 0) {
2393 if (tp->t_state == TCPS_SYN_RECEIVED ||
2394 (tp->t_flags & TF_NEEDSYN)) {
2395 if (tp->t_state == TCPS_SYN_RECEIVED &&
2396 IS_FASTOPEN(tp->t_flags)) {
2397 tp->snd_wnd = tiwin;
2398 cc_conn_init(tp);
2399 }
2400 goto step6;
2401 } else if (tp->t_flags & TF_ACKNOW)
2402 goto dropafterack;
2403 else
2404 goto drop;
2405 }
2406
2407 /*
2408 * Ack processing.
2409 */
2410 switch (tp->t_state) {
2411 /*
2412 * In SYN_RECEIVED state, the ack ACKs our SYN, so enter
2413 * ESTABLISHED state and continue processing.
2414 * The ACK was checked above.
2415 */
2416 case TCPS_SYN_RECEIVED:
2417
2418 TCPSTAT_INC(tcps_connects);
2419 soisconnected(so);
2420 /* Do window scaling? */
2421 if ((tp->t_flags & (TF_RCVD_SCALE|TF_REQ_SCALE)) ==
2422 (TF_RCVD_SCALE|TF_REQ_SCALE)) {
2423 tp->rcv_scale = tp->request_r_scale;
2424 }
2425 tp->snd_wnd = tiwin;
2426 /*
2427 * Make transitions:
2428 * SYN-RECEIVED -> ESTABLISHED
2429 * SYN-RECEIVED* -> FIN-WAIT-1
2430 */
2431 tp->t_starttime = ticks;
2432 if (IS_FASTOPEN(tp->t_flags) && tp->t_tfo_pending) {
2433 tcp_fastopen_decrement_counter(tp->t_tfo_pending);
2434 tp->t_tfo_pending = NULL;
2435 }
2436 if (tp->t_flags & TF_NEEDFIN) {
2437 tcp_state_change(tp, TCPS_FIN_WAIT_1);
2438 tp->t_flags &= ~TF_NEEDFIN;
2439 } else {
2440 tcp_state_change(tp, TCPS_ESTABLISHED);
2441 TCP_PROBE5(accept__established, NULL, tp,
2442 m, tp, th);
2443 /*
2444 * TFO connections call cc_conn_init() during SYN
2445 * processing. Calling it again here for such
2446 * connections is not harmless as it would undo the
2447 * snd_cwnd reduction that occurs when a TFO SYN|ACK
2448 * is retransmitted.
2449 */
2450 if (!IS_FASTOPEN(tp->t_flags))
2451 cc_conn_init(tp);
2452 tcp_timer_activate(tp, TT_KEEP, TP_KEEPIDLE(tp));
2453 }
2454 /*
2455 * Account for the ACK of our SYN prior to
2456 * regular ACK processing below, except for
2457 * simultaneous SYN, which is handled later.
2458 */
2459 if (SEQ_GT(th->th_ack, tp->snd_una) && !(tp->t_flags & TF_NEEDSYN))
2460 incforsyn = 1;
2461 /*
2462 * If segment contains data or ACK, will call tcp_reass()
2463 * later; if not, do so now to pass queued data to user.
2464 */
2465 if (tlen == 0 && (thflags & TH_FIN) == 0) {
2466 (void) tcp_reass(tp, (struct tcphdr *)0, NULL, 0,
2467 (struct mbuf *)0);
2468 tcp_handle_wakeup(tp, so);
2469 }
2470 tp->snd_wl1 = th->th_seq - 1;
2471 /* FALLTHROUGH */
2472
2473 /*
2474 * In ESTABLISHED state: drop duplicate ACKs; ACK out of range
2475 * ACKs. If the ack is in the range
2476 * tp->snd_una < th->th_ack <= tp->snd_max
2477 * then advance tp->snd_una to th->th_ack and drop
2478 * data from the retransmission queue. If this ACK reflects
2479 * more up to date window information we update our window information.
2480 */
2481 case TCPS_ESTABLISHED:
2482 case TCPS_FIN_WAIT_1:
2483 case TCPS_FIN_WAIT_2:
2484 case TCPS_CLOSE_WAIT:
2485 case TCPS_CLOSING:
2486 case TCPS_LAST_ACK:
2487 if (SEQ_GT(th->th_ack, tp->snd_max)) {
2488 TCPSTAT_INC(tcps_rcvacktoomuch);
2489 goto dropafterack;
2490 }
2491 if ((tp->t_flags & TF_SACK_PERMIT) &&
2492 ((to.to_flags & TOF_SACK) ||
2493 !TAILQ_EMPTY(&tp->snd_holes))) {
2494 if (((sack_changed = tcp_sack_doack(tp, &to, th->th_ack)) != 0) &&
2495 (tp->t_flags & TF_LRD)) {
2496 tcp_sack_lost_retransmission(tp, th);
2497 }
2498 } else
2499 /*
2500 * Reset the value so that previous (valid) value
2501 * from the last ack with SACK doesn't get used.
2502 */
2503 tp->sackhint.sacked_bytes = 0;
2504
2505#ifdef TCP_HHOOK
2506 /* Run HHOOK_TCP_ESTABLISHED_IN helper hooks. */
2507 hhook_run_tcp_est_in(tp, th, &to);
2508#endif
2509
2510 if (SEQ_LEQ(th->th_ack, tp->snd_una)) {
2511 maxseg = tcp_maxseg(tp);
2512 if (tlen == 0 &&
2513 (tiwin == tp->snd_wnd ||
2514 (tp->t_flags & TF_SACK_PERMIT))) {
2515 /*
2516 * If this is the first time we've seen a
2517 * FIN from the remote, this is not a
2518 * duplicate and it needs to be processed
2519 * normally. This happens during a
2520 * simultaneous close.
2521 */
2522 if ((thflags & TH_FIN) &&
2523 (TCPS_HAVERCVDFIN(tp->t_state) == 0)) {
2524 tp->t_dupacks = 0;
2525 break;
2526 }
2527 TCPSTAT_INC(tcps_rcvdupack);
2528 /*
2529 * If we have outstanding data (other than
2530 * a window probe), this is a completely
2531 * duplicate ack (ie, window info didn't
2532 * change and FIN isn't set),
2533 * the ack is the biggest we've
2534 * seen and we've seen exactly our rexmt
2535 * threshold of them, assume a packet
2536 * has been dropped and retransmit it.
2537 * Kludge snd_nxt & the congestion
2538 * window so we send only this one
2539 * packet.
2540 *
2541 * We know we're losing at the current
2542 * window size so do congestion avoidance
2543 * (set ssthresh to half the current window
2544 * and pull our congestion window back to
2545 * the new ssthresh).
2546 *
2547 * Dup acks mean that packets have left the
2548 * network (they're now cached at the receiver)
2549 * so bump cwnd by the amount in the receiver
2550 * to keep a constant cwnd packets in the
2551 * network.
2552 *
2553 * When using TCP ECN, notify the peer that
2554 * we reduced the cwnd.
2555 */
2556 /*
2557 * Following 2 kinds of acks should not affect
2558 * dupack counting:
2559 * 1) Old acks
2560 * 2) Acks with SACK but without any new SACK
2561 * information in them. These could result from
2562 * any anomaly in the network like a switch
2563 * duplicating packets or a possible DoS attack.
2564 */
2565 if (th->th_ack != tp->snd_una ||
2566 ((tp->t_flags & TF_SACK_PERMIT) &&
2567 (to.to_flags & TOF_SACK) &&
2568 !sack_changed))
2569 break;
2570 else if (!tcp_timer_active(tp, TT_REXMT))
2571 tp->t_dupacks = 0;
2572 else if (++tp->t_dupacks > tcprexmtthresh ||
2573 IN_FASTRECOVERY(tp->t_flags)) {
2574 cc_ack_received(tp, th, nsegs,
2575 CC_DUPACK);
2576 if (V_tcp_do_prr &&
2577 IN_FASTRECOVERY(tp->t_flags)) {
2578 tcp_do_prr_ack(tp, th, &to);
2579 } else if ((tp->t_flags & TF_SACK_PERMIT) &&
2580 (to.to_flags & TOF_SACK) &&
2581 IN_FASTRECOVERY(tp->t_flags)) {
2582 int awnd;
2583
2584 /*
2585 * Compute the amount of data in flight first.
2586 * We can inject new data into the pipe iff
2587 * we have less than 1/2 the original window's
2588 * worth of data in flight.
2589 */
2590 if (V_tcp_do_newsack)
2591 awnd = tcp_compute_pipe(tp);
2592 else
2593 awnd = (tp->snd_nxt - tp->snd_fack) +
2594 tp->sackhint.sack_bytes_rexmit;
2595
2596 if (awnd < tp->snd_ssthresh) {
2597 tp->snd_cwnd += maxseg;
2598 if (tp->snd_cwnd > tp->snd_ssthresh)
2599 tp->snd_cwnd = tp->snd_ssthresh;
2600 }
2601 } else
2602 tp->snd_cwnd += maxseg;
2603 (void) tcp_output(tp);
2604 goto drop;
2605 } else if (tp->t_dupacks == tcprexmtthresh ||
2606 (tp->t_flags & TF_SACK_PERMIT &&
2607 V_tcp_do_newsack &&
2608 tp->sackhint.sacked_bytes >
2609 (tcprexmtthresh - 1) * maxseg)) {
2610enter_recovery:
2611 /*
2612 * Above is the RFC6675 trigger condition of
2613 * more than (dupthresh-1)*maxseg sacked data.
2614 * If the count of holes in the
2615 * scoreboard is >= dupthresh, we could
2616 * also enter loss recovery, but don't
2617 * have that value readily available.
2618 */
2619 tp->t_dupacks = tcprexmtthresh;
2620 tcp_seq onxt = tp->snd_nxt;
2621
2622 /*
2623 * If we're doing sack, or prr, check
2624 * to see if we're already in sack
2625 * recovery. If we're not doing sack,
2626 * check to see if we're in newreno
2627 * recovery.
2628 */
2629 if (V_tcp_do_prr ||
2630 (tp->t_flags & TF_SACK_PERMIT)) {
2631 if (IN_FASTRECOVERY(tp->t_flags)) {
2632 tp->t_dupacks = 0;
2633 break;
2634 }
2635 } else {
2636 if (SEQ_LEQ(th->th_ack,
2637 tp->snd_recover)) {
2638 tp->t_dupacks = 0;
2639 break;
2640 }
2641 }
2642 /* Congestion signal before ack. */
2643 cc_cong_signal(tp, th, CC_NDUPACK);
2644 cc_ack_received(tp, th, nsegs,
2645 CC_DUPACK);
2646 tcp_timer_activate(tp, TT_REXMT, 0);
2647 tp->t_rtttime = 0;
2648 if (V_tcp_do_prr) {
2649 /*
2650 * snd_ssthresh is already updated by
2651 * cc_cong_signal.
2652 */
2653 if ((tp->t_flags & TF_SACK_PERMIT) &&
2654 (to.to_flags & TOF_SACK)) {
2655 tp->sackhint.prr_delivered =
2656 tp->sackhint.sacked_bytes;
2657 } else {
2658 tp->sackhint.prr_delivered =
2659 imin(tp->snd_max - tp->snd_una,
2660 imin(INT_MAX / 65536,
2661 tp->t_dupacks) * maxseg);
2662 }
2663 tp->sackhint.recover_fs = max(1,
2664 tp->snd_nxt - tp->snd_una);
2665 }
2666 if ((tp->t_flags & TF_SACK_PERMIT) &&
2667 (to.to_flags & TOF_SACK)) {
2668 TCPSTAT_INC(
2669 tcps_sack_recovery_episode);
2670 tp->snd_recover = tp->snd_nxt;
2671 tp->snd_cwnd = maxseg;
2672 (void) tcp_output(tp);
2673 if (SEQ_GT(th->th_ack, tp->snd_una))
2674 goto resume_partialack;
2675 goto drop;
2676 }
2677 tp->snd_nxt = th->th_ack;
2678 tp->snd_cwnd = maxseg;
2679 (void) tcp_output(tp);
2680 KASSERT(tp->snd_limited <= 2,
2681 ("%s: tp->snd_limited too big",
2682 __func__));
2683 tp->snd_cwnd = tp->snd_ssthresh +
2684 maxseg *
2685 (tp->t_dupacks - tp->snd_limited);
2686 if (SEQ_GT(onxt, tp->snd_nxt))
2687 tp->snd_nxt = onxt;
2688 goto drop;
2689 } else if (V_tcp_do_rfc3042) {
2690 /*
2691 * Process first and second duplicate
2692 * ACKs. Each indicates a segment
2693 * leaving the network, creating room
2694 * for more. Make sure we can send a
2695 * packet on reception of each duplicate
2696 * ACK by increasing snd_cwnd by one
2697 * segment. Restore the original
2698 * snd_cwnd after packet transmission.
2699 */
2700 cc_ack_received(tp, th, nsegs,
2701 CC_DUPACK);
2702 uint32_t oldcwnd = tp->snd_cwnd;
2703 tcp_seq oldsndmax = tp->snd_max;
2704 u_int sent;
2705 int avail;
2706
2707 KASSERT(tp->t_dupacks == 1 ||
2708 tp->t_dupacks == 2,
2709 ("%s: dupacks not 1 or 2",
2710 __func__));
2711 if (tp->t_dupacks == 1)
2712 tp->snd_limited = 0;
2713 tp->snd_cwnd =
2714 (tp->snd_nxt - tp->snd_una) +
2715 (tp->t_dupacks - tp->snd_limited) *
2716 maxseg;
2717 /*
2718 * Only call tcp_output when there
2719 * is new data available to be sent.
2720 * Otherwise we would send pure ACKs.
2721 */
2722 SOCKBUF_LOCK(&so->so_snd);
2723 avail = sbavail(&so->so_snd) -
2724 (tp->snd_nxt - tp->snd_una);
2725 SOCKBUF_UNLOCK(&so->so_snd);
2726 if (avail > 0)
2727 (void) tcp_output(tp);
2728 sent = tp->snd_max - oldsndmax;
2729 if (sent > maxseg) {
2730 KASSERT((tp->t_dupacks == 2 &&
2731 tp->snd_limited == 0) ||
2732 (sent == maxseg + 1 &&
2733 tp->t_flags & TF_SENTFIN),
2734 ("%s: sent too much",
2735 __func__));
2736 tp->snd_limited = 2;
2737 } else if (sent > 0)
2738 ++tp->snd_limited;
2739 tp->snd_cwnd = oldcwnd;
2740 goto drop;
2741 }
2742 }
2743 break;
2744 } else {
2745 /*
2746 * This ack is advancing the left edge, reset the
2747 * counter.
2748 */
2749 tp->t_dupacks = 0;
2750 /*
2751 * If this ack also has new SACK info, increment the
2752 * counter as per rfc6675. The variable
2753 * sack_changed tracks all changes to the SACK
2754 * scoreboard, including when partial ACKs without
2755 * SACK options are received, and clear the scoreboard
2756 * from the left side. Such partial ACKs should not be
2757 * counted as dupacks here.
2758 */
2759 if ((tp->t_flags & TF_SACK_PERMIT) &&
2760 (to.to_flags & TOF_SACK) &&
2761 sack_changed) {
2762 tp->t_dupacks++;
2763 /* limit overhead by setting maxseg last */
2764 if (!IN_FASTRECOVERY(tp->t_flags) &&
2765 (tp->sackhint.sacked_bytes >
2766 ((tcprexmtthresh - 1) *
2767 (maxseg = tcp_maxseg(tp))))) {
2768 goto enter_recovery;
2769 }
2770 }
2771 }
2772
2773resume_partialack:
2774 KASSERT(SEQ_GT(th->th_ack, tp->snd_una),
2775 ("%s: th_ack <= snd_una", __func__));
2776
2777 /*
2778 * If the congestion window was inflated to account
2779 * for the other side's cached packets, retract it.
2780 */
2781 if (IN_FASTRECOVERY(tp->t_flags)) {
2782 if (SEQ_LT(th->th_ack, tp->snd_recover)) {
2783 if (tp->t_flags & TF_SACK_PERMIT)
2784 if (V_tcp_do_prr && to.to_flags & TOF_SACK) {
2785 tcp_timer_activate(tp, TT_REXMT, 0);
2786 tp->t_rtttime = 0;
2787 tcp_do_prr_ack(tp, th, &to);
2788 tp->t_flags |= TF_ACKNOW;
2789 (void) tcp_output(tp);
2790 } else
2791 tcp_sack_partialack(tp, th);
2792 else
2793 tcp_newreno_partial_ack(tp, th);
2794 } else
2795 cc_post_recovery(tp, th);
2796 } else if (IN_CONGRECOVERY(tp->t_flags)) {
2797 if (SEQ_LT(th->th_ack, tp->snd_recover)) {
2798 if (V_tcp_do_prr) {
2799 tp->sackhint.delivered_data = BYTES_THIS_ACK(tp, th);
2800 tp->snd_fack = th->th_ack;
2801 tcp_do_prr_ack(tp, th, &to);
2802 (void) tcp_output(tp);
2803 }
2804 } else
2805 cc_post_recovery(tp, th);
2806 }
2807 /*
2808 * If we reach this point, ACK is not a duplicate,
2809 * i.e., it ACKs something we sent.
2810 */
2811 if (tp->t_flags & TF_NEEDSYN) {
2812 /*
2813 * T/TCP: Connection was half-synchronized, and our
2814 * SYN has been ACK'd (so connection is now fully
2815 * synchronized). Go to non-starred state,
2816 * increment snd_una for ACK of SYN, and check if
2817 * we can do window scaling.
2818 */
2819 tp->t_flags &= ~TF_NEEDSYN;
2820 tp->snd_una++;
2821 /* Do window scaling? */
2822 if ((tp->t_flags & (TF_RCVD_SCALE|TF_REQ_SCALE)) ==
2823 (TF_RCVD_SCALE|TF_REQ_SCALE)) {
2824 tp->rcv_scale = tp->request_r_scale;
2825 /* Send window already scaled. */
2826 }
2827 }
2828
2829process_ACK:
2830 INP_WLOCK_ASSERT(tp->t_inpcb);
2831
2832 /*
2833 * Adjust for the SYN bit in sequence space,
2834 * but don't account for it in cwnd calculations.
2835 * This is for the SYN_RECEIVED, non-simultaneous
2836 * SYN case. SYN_SENT and simultaneous SYN are
2837 * treated elsewhere.
2838 */
2839 if (incforsyn)
2840 tp->snd_una++;
2841 acked = BYTES_THIS_ACK(tp, th);
2842 KASSERT(acked >= 0, ("%s: acked unexepectedly negative "
2843 "(tp->snd_una=%u, th->th_ack=%u, tp=%p, m=%p)", __func__,
2844 tp->snd_una, th->th_ack, tp, m));
2845 TCPSTAT_ADD(tcps_rcvackpack, nsegs);
2846 TCPSTAT_ADD(tcps_rcvackbyte, acked);
2847
2848 /*
2849 * If we just performed our first retransmit, and the ACK
2850 * arrives within our recovery window, then it was a mistake
2851 * to do the retransmit in the first place. Recover our
2852 * original cwnd and ssthresh, and proceed to transmit where
2853 * we left off.
2854 */
2855 if (tp->t_rxtshift == 1 &&
2856 tp->t_flags & TF_PREVVALID &&
2857 tp->t_badrxtwin != 0 &&
2858 to.to_flags & TOF_TS &&
2859 to.to_tsecr != 0 &&
2860 TSTMP_LT(to.to_tsecr, tp->t_badrxtwin))
2861 cc_cong_signal(tp, th, CC_RTO_ERR);
2862
2863 /*
2864 * If we have a timestamp reply, update smoothed
2865 * round trip time. If no timestamp is present but
2866 * transmit timer is running and timed sequence
2867 * number was acked, update smoothed round trip time.
2868 * Since we now have an rtt measurement, cancel the
2869 * timer backoff (cf., Phil Karn's retransmit alg.).
2870 * Recompute the initial retransmit timer.
2871 *
2872 * Some boxes send broken timestamp replies
2873 * during the SYN+ACK phase, ignore
2874 * timestamps of 0 or we could calculate a
2875 * huge RTT and blow up the retransmit timer.
2876 */
2877 if ((to.to_flags & TOF_TS) != 0 && to.to_tsecr) {
2878 uint32_t t;
2879
2880 t = tcp_ts_getticks() - to.to_tsecr;
2881 if (!tp->t_rttlow || tp->t_rttlow > t)
2882 tp->t_rttlow = t;
2883 tcp_xmit_timer(tp, TCP_TS_TO_TICKS(t) + 1);
2884 } else if (tp->t_rtttime && SEQ_GT(th->th_ack, tp->t_rtseq)) {
2885 if (!tp->t_rttlow || tp->t_rttlow > ticks - tp->t_rtttime)
2886 tp->t_rttlow = ticks - tp->t_rtttime;
2887 tcp_xmit_timer(tp, ticks - tp->t_rtttime);
2888 }
2889
2890 /*
2891 * If all outstanding data is acked, stop retransmit
2892 * timer and remember to restart (more output or persist).
2893 * If there is more data to be acked, restart retransmit
2894 * timer, using current (possibly backed-off) value.
2895 */
2896 if (th->th_ack == tp->snd_max) {
2897 tcp_timer_activate(tp, TT_REXMT, 0);
2898 needoutput = 1;
2899 } else if (!tcp_timer_active(tp, TT_PERSIST))
2900 tcp_timer_activate(tp, TT_REXMT, tp->t_rxtcur);
2901
2902 /*
2903 * If no data (only SYN) was ACK'd,
2904 * skip rest of ACK processing.
2905 */
2906 if (acked == 0)
2907 goto step6;
2908
2909 /*
2910 * Let the congestion control algorithm update congestion
2911 * control related information. This typically means increasing
2912 * the congestion window.
2913 */
2914 cc_ack_received(tp, th, nsegs, CC_ACK);
2915
2916 SOCKBUF_LOCK(&so->so_snd);
2917 if (acked > sbavail(&so->so_snd)) {
2918 if (tp->snd_wnd >= sbavail(&so->so_snd))
2919 tp->snd_wnd -= sbavail(&so->so_snd);
2920 else
2921 tp->snd_wnd = 0;
2922 mfree = sbcut_locked(&so->so_snd,
2923 (int)sbavail(&so->so_snd));
2924 ourfinisacked = 1;
2925 } else {
2926 mfree = sbcut_locked(&so->so_snd, acked);
2927 if (tp->snd_wnd >= (uint32_t) acked)
2928 tp->snd_wnd -= acked;
2929 else
2930 tp->snd_wnd = 0;
2931 ourfinisacked = 0;
2932 }
2933 /* NB: sowwakeup_locked() does an implicit unlock. */
2934 sowwakeup_locked(so);
2935 m_freem(mfree);
2936 /* Detect una wraparound. */
2937 if (!IN_RECOVERY(tp->t_flags) &&
2938 SEQ_GT(tp->snd_una, tp->snd_recover) &&
2939 SEQ_LEQ(th->th_ack, tp->snd_recover))
2940 tp->snd_recover = th->th_ack - 1;
2941 /* XXXLAS: Can this be moved up into cc_post_recovery? */
2942 if (IN_RECOVERY(tp->t_flags) &&
2943 SEQ_GEQ(th->th_ack, tp->snd_recover)) {
2944 EXIT_RECOVERY(tp->t_flags);
2945 }
2946 tp->snd_una = th->th_ack;
2947 if (tp->t_flags & TF_SACK_PERMIT) {
2948 if (SEQ_GT(tp->snd_una, tp->snd_recover))
2949 tp->snd_recover = tp->snd_una;
2950 }
2951 if (SEQ_LT(tp->snd_nxt, tp->snd_una))
2952 tp->snd_nxt = tp->snd_una;
2953
2954 switch (tp->t_state) {
2955 /*
2956 * In FIN_WAIT_1 STATE in addition to the processing
2957 * for the ESTABLISHED state if our FIN is now acknowledged
2958 * then enter FIN_WAIT_2.
2959 */
2960 case TCPS_FIN_WAIT_1:
2961 if (ourfinisacked) {
2962 /*
2963 * If we can't receive any more
2964 * data, then closing user can proceed.
2965 * Starting the timer is contrary to the
2966 * specification, but if we don't get a FIN
2967 * we'll hang forever.
2968 *
2969 * XXXjl:
2970 * we should release the tp also, and use a
2971 * compressed state.
2972 */
2973 if (so->so_rcv.sb_state & SBS_CANTRCVMORE) {
2974 soisdisconnected(so);
2975 tcp_timer_activate(tp, TT_2MSL,
2976 (tcp_fast_finwait2_recycle ?
2977 tcp_finwait2_timeout :
2978 TP_MAXIDLE(tp)));
2979 }
2980 tcp_state_change(tp, TCPS_FIN_WAIT_2);
2981 }
2982 break;
2983
2984 /*
2985 * In CLOSING STATE in addition to the processing for
2986 * the ESTABLISHED state if the ACK acknowledges our FIN
2987 * then enter the TIME-WAIT state, otherwise ignore
2988 * the segment.
2989 */
2990 case TCPS_CLOSING:
2991 if (ourfinisacked) {
2992 tcp_twstart(tp);
2993 m_freem(m);
2994 return;
2995 }
2996 break;
2997
2998 /*
2999 * In LAST_ACK, we may still be waiting for data to drain
3000 * and/or to be acked, as well as for the ack of our FIN.
3001 * If our FIN is now acknowledged, delete the TCB,
3002 * enter the closed state and return.
3003 */
3004 case TCPS_LAST_ACK:
3005 if (ourfinisacked) {
3006 tp = tcp_close(tp);
3007 goto drop;
3008 }
3009 break;
3010 }
3011 }
3012
3013step6:
3014 INP_WLOCK_ASSERT(tp->t_inpcb);
3015
3016 /*
3017 * Update window information.
3018 * Don't look at window if no ACK: TAC's send garbage on first SYN.
3019 */
3020 if ((thflags & TH_ACK) &&
3021 (SEQ_LT(tp->snd_wl1, th->th_seq) ||
3022 (tp->snd_wl1 == th->th_seq && (SEQ_LT(tp->snd_wl2, th->th_ack) ||
3023 (tp->snd_wl2 == th->th_ack && tiwin > tp->snd_wnd))))) {
3024 /* keep track of pure window updates */
3025 if (tlen == 0 &&
3026 tp->snd_wl2 == th->th_ack && tiwin > tp->snd_wnd)
3027 TCPSTAT_INC(tcps_rcvwinupd);
3028 tp->snd_wnd = tiwin;
3029 tp->snd_wl1 = th->th_seq;
3030 tp->snd_wl2 = th->th_ack;
3031 if (tp->snd_wnd > tp->max_sndwnd)
3032 tp->max_sndwnd = tp->snd_wnd;
3033 needoutput = 1;
3034 }
3035
3036 /*
3037 * Process segments with URG.
3038 */
3039 if ((thflags & TH_URG) && th->th_urp &&
3040 TCPS_HAVERCVDFIN(tp->t_state) == 0) {
3041 /*
3042 * This is a kludge, but if we receive and accept
3043 * random urgent pointers, we'll crash in
3044 * soreceive. It's hard to imagine someone
3045 * actually wanting to send this much urgent data.
3046 */
3047 SOCKBUF_LOCK(&so->so_rcv);
3048 if (th->th_urp + sbavail(&so->so_rcv) > sb_max) {
3049 th->th_urp = 0; /* XXX */
3050 thflags &= ~TH_URG; /* XXX */
3051 SOCKBUF_UNLOCK(&so->so_rcv); /* XXX */
3052 goto dodata; /* XXX */
3053 }
3054 /*
3055 * If this segment advances the known urgent pointer,
3056 * then mark the data stream. This should not happen
3057 * in CLOSE_WAIT, CLOSING, LAST_ACK or TIME_WAIT STATES since
3058 * a FIN has been received from the remote side.
3059 * In these states we ignore the URG.
3060 *
3061 * According to RFC961 (Assigned Protocols),
3062 * the urgent pointer points to the last octet
3063 * of urgent data. We continue, however,
3064 * to consider it to indicate the first octet
3065 * of data past the urgent section as the original
3066 * spec states (in one of two places).
3067 */
3068 if (SEQ_GT(th->th_seq+th->th_urp, tp->rcv_up)) {
3069 tp->rcv_up = th->th_seq + th->th_urp;
3070 so->so_oobmark = sbavail(&so->so_rcv) +
3071 (tp->rcv_up - tp->rcv_nxt) - 1;
3072 if (so->so_oobmark == 0)
3073 so->so_rcv.sb_state |= SBS_RCVATMARK;
3074 sohasoutofband(so);
3075 tp->t_oobflags &= ~(TCPOOB_HAVEDATA | TCPOOB_HADDATA);
3076 }
3077 SOCKBUF_UNLOCK(&so->so_rcv);
3078 /*
3079 * Remove out of band data so doesn't get presented to user.
3080 * This can happen independent of advancing the URG pointer,
3081 * but if two URG's are pending at once, some out-of-band
3082 * data may creep in... ick.
3083 */
3084 if (th->th_urp <= (uint32_t)tlen &&
3085 !(so->so_options & SO_OOBINLINE)) {
3086 /* hdr drop is delayed */
3087 tcp_pulloutofband(so, th, m, drop_hdrlen);
3088 }
3089 } else {
3090 /*
3091 * If no out of band data is expected,
3092 * pull receive urgent pointer along
3093 * with the receive window.
3094 */
3095 if (SEQ_GT(tp->rcv_nxt, tp->rcv_up))
3096 tp->rcv_up = tp->rcv_nxt;
3097 }
3098dodata: /* XXX */
3099 INP_WLOCK_ASSERT(tp->t_inpcb);
3100
3101 /*
3102 * Process the segment text, merging it into the TCP sequencing queue,
3103 * and arranging for acknowledgment of receipt if necessary.
3104 * This process logically involves adjusting tp->rcv_wnd as data
3105 * is presented to the user (this happens in tcp_usrreq.c,
3106 * case PRU_RCVD). If a FIN has already been received on this
3107 * connection then we just ignore the text.
3108 */
3109 tfo_syn = ((tp->t_state == TCPS_SYN_RECEIVED) &&
3110 IS_FASTOPEN(tp->t_flags));
3111 if ((tlen || (thflags & TH_FIN) || (tfo_syn && tlen > 0)) &&
3112 TCPS_HAVERCVDFIN(tp->t_state) == 0) {
3113 tcp_seq save_start = th->th_seq;
3114 tcp_seq save_rnxt = tp->rcv_nxt;
3115 int save_tlen = tlen;
3116 m_adj(m, drop_hdrlen); /* delayed header drop */
3117 /*
3118 * Insert segment which includes th into TCP reassembly queue
3119 * with control block tp. Set thflags to whether reassembly now
3120 * includes a segment with FIN. This handles the common case
3121 * inline (segment is the next to be received on an established
3122 * connection, and the queue is empty), avoiding linkage into
3123 * and removal from the queue and repetition of various
3124 * conversions.
3125 * Set DELACK for segments received in order, but ack
3126 * immediately when segments are out of order (so
3127 * fast retransmit can work).
3128 */
3129 if (th->th_seq == tp->rcv_nxt &&
3130 SEGQ_EMPTY(tp) &&
3131 (TCPS_HAVEESTABLISHED(tp->t_state) ||
3132 tfo_syn)) {
3133 if (DELAY_ACK(tp, tlen) || tfo_syn)
3134 tp->t_flags |= TF_DELACK;
3135 else
3136 tp->t_flags |= TF_ACKNOW;
3137 tp->rcv_nxt += tlen;
3138 if (tlen &&
3139 ((tp->t_flags2 & TF2_FBYTES_COMPLETE) == 0) &&
3140 (tp->t_fbyte_in == 0)) {
3141 tp->t_fbyte_in = ticks;
3142 if (tp->t_fbyte_in == 0)
3143 tp->t_fbyte_in = 1;
3144 if (tp->t_fbyte_out && tp->t_fbyte_in)
3145 tp->t_flags2 |= TF2_FBYTES_COMPLETE;
3146 }
3147 thflags = tcp_get_flags(th) & TH_FIN;
3148 TCPSTAT_INC(tcps_rcvpack);
3149 TCPSTAT_ADD(tcps_rcvbyte, tlen);
3150 SOCKBUF_LOCK(&so->so_rcv);
3151 if (so->so_rcv.sb_state & SBS_CANTRCVMORE)
3152 m_freem(m);
3153 else
3154 sbappendstream_locked(&so->so_rcv, m, 0);
3155 tp->t_flags |= TF_WAKESOR;
3156 } else {
3157 /*
3158 * XXX: Due to the header drop above "th" is
3159 * theoretically invalid by now. Fortunately
3160 * m_adj() doesn't actually frees any mbufs
3161 * when trimming from the head.
3162 */
3163 tcp_seq temp = save_start;
3164
3165 thflags = tcp_reass(tp, th, &temp, &tlen, m);
3166 tp->t_flags |= TF_ACKNOW;
3167 }
3168 if ((tp->t_flags & TF_SACK_PERMIT) &&
3169 (save_tlen > 0) &&
3170 TCPS_HAVEESTABLISHED(tp->t_state)) {
3171 if ((tlen == 0) && (SEQ_LT(save_start, save_rnxt))) {
3172 /*
3173 * DSACK actually handled in the fastpath
3174 * above.
3175 */
3176 tcp_update_sack_list(tp, save_start,
3177 save_start + save_tlen);
3178 } else if ((tlen > 0) && SEQ_GT(tp->rcv_nxt, save_rnxt)) {
3179 if ((tp->rcv_numsacks >= 1) &&
3180 (tp->sackblks[0].end == save_start)) {
3181 /*
3182 * Partial overlap, recorded at todrop
3183 * above.
3184 */
3185 tcp_update_sack_list(tp,
3186 tp->sackblks[0].start,
3187 tp->sackblks[0].end);
3188 } else {
3189 tcp_update_dsack_list(tp, save_start,
3190 save_start + save_tlen);
3191 }
3192 } else if (tlen >= save_tlen) {
3193 /* Update of sackblks. */
3194 tcp_update_dsack_list(tp, save_start,
3195 save_start + save_tlen);
3196 } else if (tlen > 0) {
3197 tcp_update_dsack_list(tp, save_start,
3198 save_start + tlen);
3199 }
3200 }
3201 tcp_handle_wakeup(tp, so);
3202#if 0
3203 /*
3204 * Note the amount of data that peer has sent into
3205 * our window, in order to estimate the sender's
3206 * buffer size.
3207 * XXX: Unused.
3208 */
3209 if (SEQ_GT(tp->rcv_adv, tp->rcv_nxt))
3210 len = so->so_rcv.sb_hiwat - (tp->rcv_adv - tp->rcv_nxt);
3211 else
3212 len = so->so_rcv.sb_hiwat;
3213#endif
3214 } else {
3215 m_freem(m);
3216 thflags &= ~TH_FIN;
3217 }
3218
3219 /*
3220 * If FIN is received ACK the FIN and let the user know
3221 * that the connection is closing.
3222 */
3223 if (thflags & TH_FIN) {
3224 if (TCPS_HAVERCVDFIN(tp->t_state) == 0) {
3225 /* The socket upcall is handled by socantrcvmore. */
3226 socantrcvmore(so);
3227 /*
3228 * If connection is half-synchronized
3229 * (ie NEEDSYN flag on) then delay ACK,
3230 * so it may be piggybacked when SYN is sent.
3231 * Otherwise, since we received a FIN then no
3232 * more input can be expected, send ACK now.
3233 */
3234 if (tp->t_flags & TF_NEEDSYN)
3235 tp->t_flags |= TF_DELACK;
3236 else
3237 tp->t_flags |= TF_ACKNOW;
3238 tp->rcv_nxt++;
3239 }
3240 switch (tp->t_state) {
3241 /*
3242 * In SYN_RECEIVED and ESTABLISHED STATES
3243 * enter the CLOSE_WAIT state.
3244 */
3245 case TCPS_SYN_RECEIVED:
3246 tp->t_starttime = ticks;
3247 /* FALLTHROUGH */
3248 case TCPS_ESTABLISHED:
3249 tcp_state_change(tp, TCPS_CLOSE_WAIT);
3250 break;
3251
3252 /*
3253 * If still in FIN_WAIT_1 STATE FIN has not been acked so
3254 * enter the CLOSING state.
3255 */
3256 case TCPS_FIN_WAIT_1:
3257 tcp_state_change(tp, TCPS_CLOSING);
3258 break;
3259
3260 /*
3261 * In FIN_WAIT_2 state enter the TIME_WAIT state,
3262 * starting the time-wait timer, turning off the other
3263 * standard timers.
3264 */
3265 case TCPS_FIN_WAIT_2:
3266 tcp_twstart(tp);
3267 return;
3268 }
3269 }
3270#ifdef TCPDEBUG
3271 if (so->so_options & SO_DEBUG)
3272 tcp_trace(TA_INPUT, ostate, tp, (void *)tcp_saveipgen,
3273 &tcp_savetcp, 0);
3274#endif
3275 TCP_PROBE3(debug__input, tp, th, m);
3276
3277 /*
3278 * Return any desired output.
3279 */
3280 if (needoutput || (tp->t_flags & TF_ACKNOW))
3281 (void) tcp_output(tp);
3282
3283check_delack:
3284 INP_WLOCK_ASSERT(tp->t_inpcb);
3285
3286 if (tp->t_flags & TF_DELACK) {
3287 tp->t_flags &= ~TF_DELACK;
3288 tcp_timer_activate(tp, TT_DELACK, tcp_delacktime);
3289 }
3290 INP_WUNLOCK(tp->t_inpcb);
3291 return;
3292
3293dropafterack:
3294 /*
3295 * Generate an ACK dropping incoming segment if it occupies
3296 * sequence space, where the ACK reflects our state.
3297 *
3298 * We can now skip the test for the RST flag since all
3299 * paths to this code happen after packets containing
3300 * RST have been dropped.
3301 *
3302 * In the SYN-RECEIVED state, don't send an ACK unless the
3303 * segment we received passes the SYN-RECEIVED ACK test.
3304 * If it fails send a RST. This breaks the loop in the
3305 * "LAND" DoS attack, and also prevents an ACK storm
3306 * between two listening ports that have been sent forged
3307 * SYN segments, each with the source address of the other.
3308 */
3309 if (tp->t_state == TCPS_SYN_RECEIVED && (thflags & TH_ACK) &&
3310 (SEQ_GT(tp->snd_una, th->th_ack) ||
3311 SEQ_GT(th->th_ack, tp->snd_max)) ) {
3312 rstreason = BANDLIM_RST_OPENPORT;
3313 goto dropwithreset;
3314 }
3315#ifdef TCPDEBUG
3316 if (so->so_options & SO_DEBUG)
3317 tcp_trace(TA_DROP, ostate, tp, (void *)tcp_saveipgen,
3318 &tcp_savetcp, 0);
3319#endif
3320 TCP_PROBE3(debug__input, tp, th, m);
3321 tp->t_flags |= TF_ACKNOW;
3322 (void) tcp_output(tp);
3323 INP_WUNLOCK(tp->t_inpcb);
3324 m_freem(m);
3325 return;
3326
3327dropwithreset:
3328 if (tp != NULL) {
3329 tcp_dropwithreset(m, th, tp, tlen, rstreason);
3330 INP_WUNLOCK(tp->t_inpcb);
3331 } else
3332 tcp_dropwithreset(m, th, NULL, tlen, rstreason);
3333 return;
3334
3335drop:
3336 /*
3337 * Drop space held by incoming segment and return.
3338 */
3339#ifdef TCPDEBUG
3340 if (tp == NULL || (tp->t_inpcb->inp_socket->so_options & SO_DEBUG))
3341 tcp_trace(TA_DROP, ostate, tp, (void *)tcp_saveipgen,
3342 &tcp_savetcp, 0);
3343#endif
3344 TCP_PROBE3(debug__input, tp, th, m);
3345 if (tp != NULL) {
3346 INP_WUNLOCK(tp->t_inpcb);
3347 }
3348 m_freem(m);
3349}
3350
3351/*
3352 * Issue RST and make ACK acceptable to originator of segment.
3353 * The mbuf must still include the original packet header.
3354 * tp may be NULL.
3355 */
3356void
3357tcp_dropwithreset(struct mbuf *m, struct tcphdr *th, struct tcpcb *tp,
3358 int tlen, int rstreason)
3359{
3360#ifdef INET
3361 struct ip *ip;
3362#endif
3363#ifdef INET6
3364 struct ip6_hdr *ip6;
3365#endif
3366
3367 if (tp != NULL) {
3368 INP_LOCK_ASSERT(tp->t_inpcb);
3369 }
3370
3371 /* Don't bother if destination was broadcast/multicast. */
3372 if ((tcp_get_flags(th) & TH_RST) || m->m_flags & (M_BCAST|M_MCAST))
3373 goto drop;
3374#ifdef INET6
3375 if (mtod(m, struct ip *)->ip_v == 6) {
3376 ip6 = mtod(m, struct ip6_hdr *);
3377 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
3378 IN6_IS_ADDR_MULTICAST(&ip6->ip6_src))
3379 goto drop;
3380 /* IPv6 anycast check is done at tcp6_input() */
3381 }
3382#endif
3383#if defined(INET) && defined(INET6)
3384 else
3385#endif
3386#ifdef INET
3387 {
3388 ip = mtod(m, struct ip *);
3389 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) ||
3390 IN_MULTICAST(ntohl(ip->ip_src.s_addr)) ||
3391 ip->ip_src.s_addr == htonl(INADDR_BROADCAST) ||
3392 in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
3393 goto drop;
3394 }
3395#endif
3396
3397 /* Perform bandwidth limiting. */
3398 if (badport_bandlim(rstreason) < 0)
3399 goto drop;
3400
3401 /* tcp_respond consumes the mbuf chain. */
3402 if (tcp_get_flags(th) & TH_ACK) {
3403 tcp_respond(tp, mtod(m, void *), th, m, (tcp_seq)0,
3404 th->th_ack, TH_RST);
3405 } else {
3406 if (tcp_get_flags(th) & TH_SYN)
3407 tlen++;
3408 if (tcp_get_flags(th) & TH_FIN)
3409 tlen++;
3410 tcp_respond(tp, mtod(m, void *), th, m, th->th_seq+tlen,
3411 (tcp_seq)0, TH_RST|TH_ACK);
3412 }
3413 return;
3414drop:
3415 m_freem(m);
3416}
3417
3418/*
3419 * Parse TCP options and place in tcpopt.
3420 */
3421void
3422tcp_dooptions(struct tcpopt *to, u_char *cp, int cnt, int flags)
3423{
3424 int opt, optlen;
3425
3426 to->to_flags = 0;
3427 for (; cnt > 0; cnt -= optlen, cp += optlen) {
3428 opt = cp[0];
3429 if (opt == TCPOPT_EOL)
3430 break;
3431 if (opt == TCPOPT_NOP)
3432 optlen = 1;
3433 else {
3434 if (cnt < 2)
3435 break;
3436 optlen = cp[1];
3437 if (optlen < 2 || optlen > cnt)
3438 break;
3439 }
3440 switch (opt) {
3441 case TCPOPT_MAXSEG:
3442 if (optlen != TCPOLEN_MAXSEG)
3443 continue;
3444 if (!(flags & TO_SYN))
3445 continue;
3446 to->to_flags |= TOF_MSS;
3447 bcopy((char *)cp + 2,
3448 (char *)&to->to_mss, sizeof(to->to_mss));
3449 to->to_mss = ntohs(to->to_mss);
3450 break;
3451 case TCPOPT_WINDOW:
3452 if (optlen != TCPOLEN_WINDOW)
3453 continue;
3454 if (!(flags & TO_SYN))
3455 continue;
3456 to->to_flags |= TOF_SCALE;
3457 to->to_wscale = min(cp[2], TCP_MAX_WINSHIFT);
3458 break;
3459 case TCPOPT_TIMESTAMP:
3460 if (optlen != TCPOLEN_TIMESTAMP)
3461 continue;
3462 to->to_flags |= TOF_TS;
3463 bcopy((char *)cp + 2,
3464 (char *)&to->to_tsval, sizeof(to->to_tsval));
3465 to->to_tsval = ntohl(to->to_tsval);
3466 bcopy((char *)cp + 6,
3467 (char *)&to->to_tsecr, sizeof(to->to_tsecr));
3468 to->to_tsecr = ntohl(to->to_tsecr);
3469 break;
3470 case TCPOPT_SIGNATURE:
3471 /*
3472 * In order to reply to a host which has set the
3473 * TCP_SIGNATURE option in its initial SYN, we have
3474 * to record the fact that the option was observed
3475 * here for the syncache code to perform the correct
3476 * response.
3477 */
3478 if (optlen != TCPOLEN_SIGNATURE)
3479 continue;
3480 to->to_flags |= TOF_SIGNATURE;
3481 to->to_signature = cp + 2;
3482 break;
3483 case TCPOPT_SACK_PERMITTED:
3484 if (optlen != TCPOLEN_SACK_PERMITTED)
3485 continue;
3486 if (!(flags & TO_SYN))
3487 continue;
3488 if (!V_tcp_do_sack)
3489 continue;
3490 to->to_flags |= TOF_SACKPERM;
3491 break;
3492 case TCPOPT_SACK:
3493 if (optlen <= 2 || (optlen - 2) % TCPOLEN_SACK != 0)
3494 continue;
3495 if (flags & TO_SYN)
3496 continue;
3497 to->to_flags |= TOF_SACK;
3498 to->to_nsacks = (optlen - 2) / TCPOLEN_SACK;
3499 to->to_sacks = cp + 2;
3500 TCPSTAT_INC(tcps_sack_rcv_blocks);
3501 break;
3502 case TCPOPT_FAST_OPEN:
3503 /*
3504 * Cookie length validation is performed by the
3505 * server side cookie checking code or the client
3506 * side cookie cache update code.
3507 */
3508 if (!(flags & TO_SYN))
3509 continue;
3510 if (!V_tcp_fastopen_client_enable &&
3511 !V_tcp_fastopen_server_enable)
3512 continue;
3513 to->to_flags |= TOF_FASTOPEN;
3514 to->to_tfo_len = optlen - 2;
3515 to->to_tfo_cookie = to->to_tfo_len ? cp + 2 : NULL;
3516 break;
3517 default:
3518 continue;
3519 }
3520 }
3521}
3522
3523/*
3524 * Pull out of band byte out of a segment so
3525 * it doesn't appear in the user's data queue.
3526 * It is still reflected in the segment length for
3527 * sequencing purposes.
3528 */
3529void
3530tcp_pulloutofband(struct socket *so, struct tcphdr *th, struct mbuf *m,
3531 int off)
3532{
3533 int cnt = off + th->th_urp - 1;
3534
3535 while (cnt >= 0) {
3536 if (m->m_len > cnt) {
3537 char *cp = mtod(m, caddr_t) + cnt;
3538 struct tcpcb *tp = sototcpcb(so);
3539
3540 INP_WLOCK_ASSERT(tp->t_inpcb);
3541
3542 tp->t_iobc = *cp;
3543 tp->t_oobflags |= TCPOOB_HAVEDATA;
3544 bcopy(cp+1, cp, (unsigned)(m->m_len - cnt - 1));
3545 m->m_len--;
3546 if (m->m_flags & M_PKTHDR)
3547 m->m_pkthdr.len--;
3548 return;
3549 }
3550 cnt -= m->m_len;
3551 m = m->m_next;
3552 if (m == NULL)
3553 break;
3554 }
3555 panic("tcp_pulloutofband");
3556}
3557
3558/*
3559 * Collect new round-trip time estimate
3560 * and update averages and current timeout.
3561 */
3562void
3563tcp_xmit_timer(struct tcpcb *tp, int rtt)
3564{
3565 int delta;
3566
3567 INP_WLOCK_ASSERT(tp->t_inpcb);
3568
3569 TCPSTAT_INC(tcps_rttupdated);
3570 tp->t_rttupdated++;
3571#ifdef STATS
3572 stats_voi_update_abs_u32(tp->t_stats, VOI_TCP_RTT,
3573 imax(0, rtt * 1000 / hz));
3574#endif
3575 if ((tp->t_srtt != 0) && (tp->t_rxtshift <= TCP_RTT_INVALIDATE)) {
3576 /*
3577 * srtt is stored as fixed point with 5 bits after the
3578 * binary point (i.e., scaled by 8). The following magic
3579 * is equivalent to the smoothing algorithm in rfc793 with
3580 * an alpha of .875 (srtt = rtt/8 + srtt*7/8 in fixed
3581 * point). Adjust rtt to origin 0.
3582 */
3583 delta = ((rtt - 1) << TCP_DELTA_SHIFT)
3584 - (tp->t_srtt >> (TCP_RTT_SHIFT - TCP_DELTA_SHIFT));
3585
3586 if ((tp->t_srtt += delta) <= 0)
3587 tp->t_srtt = 1;
3588
3589 /*
3590 * We accumulate a smoothed rtt variance (actually, a
3591 * smoothed mean difference), then set the retransmit
3592 * timer to smoothed rtt + 4 times the smoothed variance.
3593 * rttvar is stored as fixed point with 4 bits after the
3594 * binary point (scaled by 16). The following is
3595 * equivalent to rfc793 smoothing with an alpha of .75
3596 * (rttvar = rttvar*3/4 + |delta| / 4). This replaces
3597 * rfc793's wired-in beta.
3598 */
3599 if (delta < 0)
3600 delta = -delta;
3601 delta -= tp->t_rttvar >> (TCP_RTTVAR_SHIFT - TCP_DELTA_SHIFT);
3602 if ((tp->t_rttvar += delta) <= 0)
3603 tp->t_rttvar = 1;
3604 if (tp->t_rttbest > tp->t_srtt + tp->t_rttvar)
3605 tp->t_rttbest = tp->t_srtt + tp->t_rttvar;
3606 } else {
3607 /*
3608 * No rtt measurement yet - use the unsmoothed rtt.
3609 * Set the variance to half the rtt (so our first
3610 * retransmit happens at 3*rtt).
3611 */
3612 tp->t_srtt = rtt << TCP_RTT_SHIFT;
3613 tp->t_rttvar = rtt << (TCP_RTTVAR_SHIFT - 1);
3614 tp->t_rttbest = tp->t_srtt + tp->t_rttvar;
3615 }
3616 tp->t_rtttime = 0;
3617 tp->t_rxtshift = 0;
3618
3619 /*
3620 * the retransmit should happen at rtt + 4 * rttvar.
3621 * Because of the way we do the smoothing, srtt and rttvar
3622 * will each average +1/2 tick of bias. When we compute
3623 * the retransmit timer, we want 1/2 tick of rounding and
3624 * 1 extra tick because of +-1/2 tick uncertainty in the
3625 * firing of the timer. The bias will give us exactly the
3626 * 1.5 tick we need. But, because the bias is
3627 * statistical, we have to test that we don't drop below
3628 * the minimum feasible timer (which is 2 ticks).
3629 */
3630 TCPT_RANGESET(tp->t_rxtcur, TCP_REXMTVAL(tp),
3631 max(tp->t_rttmin, rtt + 2), TCPTV_REXMTMAX);
3632
3633 /*
3634 * We received an ack for a packet that wasn't retransmitted;
3635 * it is probably safe to discard any error indications we've
3636 * received recently. This isn't quite right, but close enough
3637 * for now (a route might have failed after we sent a segment,
3638 * and the return path might not be symmetrical).
3639 */
3640 tp->t_softerror = 0;
3641}
3642
3643/*
3644 * Determine a reasonable value for maxseg size.
3645 * If the route is known, check route for mtu.
3646 * If none, use an mss that can be handled on the outgoing interface
3647 * without forcing IP to fragment. If no route is found, route has no mtu,
3648 * or the destination isn't local, use a default, hopefully conservative
3649 * size (usually 512 or the default IP max size, but no more than the mtu
3650 * of the interface), as we can't discover anything about intervening
3651 * gateways or networks. We also initialize the congestion/slow start
3652 * window to be a single segment if the destination isn't local.
3653 * While looking at the routing entry, we also initialize other path-dependent
3654 * parameters from pre-set or cached values in the routing entry.
3655 *
3656 * NOTE that resulting t_maxseg doesn't include space for TCP options or
3657 * IP options, e.g. IPSEC data, since length of this data may vary, and
3658 * thus it is calculated for every segment separately in tcp_output().
3659 *
3660 * NOTE that this routine is only called when we process an incoming
3661 * segment, or an ICMP need fragmentation datagram. Outgoing SYN/ACK MSS
3662 * settings are handled in tcp_mssopt().
3663 */
3664void
3665tcp_mss_update(struct tcpcb *tp, int offer, int mtuoffer,
3666 struct hc_metrics_lite *metricptr, struct tcp_ifcap *cap)
3667{
3668 int mss = 0;
3669 uint32_t maxmtu = 0;
3670 struct inpcb *inp = tp->t_inpcb;
3671 struct hc_metrics_lite metrics;
3672#ifdef INET6
3673 int isipv6 = ((inp->inp_vflag & INP_IPV6) != 0) ? 1 : 0;
3674 size_t min_protoh = isipv6 ?
3675 sizeof (struct ip6_hdr) + sizeof (struct tcphdr) :
3676 sizeof (struct tcpiphdr);
3677#else
3678 size_t min_protoh = sizeof(struct tcpiphdr);
3679#endif
3680
3681 INP_WLOCK_ASSERT(tp->t_inpcb);
3682
3683 if (tp->t_port)
3684 min_protoh += V_tcp_udp_tunneling_overhead;
3685 if (mtuoffer != -1) {
3686 KASSERT(offer == -1, ("%s: conflict", __func__));
3687 offer = mtuoffer - min_protoh;
3688 }
3689
3690 /* Initialize. */
3691#ifdef INET6
3692 if (isipv6) {
3693 maxmtu = tcp_maxmtu6(&inp->inp_inc, cap);
3694 tp->t_maxseg = V_tcp_v6mssdflt;
3695 }
3696#endif
3697#if defined(INET) && defined(INET6)
3698 else
3699#endif
3700#ifdef INET
3701 {
3702 maxmtu = tcp_maxmtu(&inp->inp_inc, cap);
3703 tp->t_maxseg = V_tcp_mssdflt;
3704 }
3705#endif
3706
3707 /*
3708 * No route to sender, stay with default mss and return.
3709 */
3710 if (maxmtu == 0) {
3711 /*
3712 * In case we return early we need to initialize metrics
3713 * to a defined state as tcp_hc_get() would do for us
3714 * if there was no cache hit.
3715 */
3716 if (metricptr != NULL)
3717 bzero(metricptr, sizeof(struct hc_metrics_lite));
3718 return;
3719 }
3720
3721 /* What have we got? */
3722 switch (offer) {
3723 case 0:
3724 /*
3725 * Offer == 0 means that there was no MSS on the SYN
3726 * segment, in this case we use tcp_mssdflt as
3727 * already assigned to t_maxseg above.
3728 */
3729 offer = tp->t_maxseg;
3730 break;
3731
3732 case -1:
3733 /*
3734 * Offer == -1 means that we didn't receive SYN yet.
3735 */
3736 /* FALLTHROUGH */
3737
3738 default:
3739 /*
3740 * Prevent DoS attack with too small MSS. Round up
3741 * to at least minmss.
3742 */
3743 offer = max(offer, V_tcp_minmss);
3744 }
3745
3746 /*
3747 * rmx information is now retrieved from tcp_hostcache.
3748 */
3749 tcp_hc_get(&inp->inp_inc, &metrics);
3750 if (metricptr != NULL)
3751 bcopy(&metrics, metricptr, sizeof(struct hc_metrics_lite));
3752
3753 /*
3754 * If there's a discovered mtu in tcp hostcache, use it.
3755 * Else, use the link mtu.
3756 */
3757 if (metrics.rmx_mtu)
3758 mss = min(metrics.rmx_mtu, maxmtu) - min_protoh;
3759 else {
3760#ifdef INET6
3761 if (isipv6) {
3762 mss = maxmtu - min_protoh;
3763 if (!V_path_mtu_discovery &&
3764 !in6_localaddr(&inp->in6p_faddr))
3765 mss = min(mss, V_tcp_v6mssdflt);
3766 }
3767#endif
3768#if defined(INET) && defined(INET6)
3769 else
3770#endif
3771#ifdef INET
3772 {
3773 mss = maxmtu - min_protoh;
3774 if (!V_path_mtu_discovery &&
3775 !in_localaddr(inp->inp_faddr))
3776 mss = min(mss, V_tcp_mssdflt);
3777 }
3778#endif
3779 /*
3780 * XXX - The above conditional (mss = maxmtu - min_protoh)
3781 * probably violates the TCP spec.
3782 * The problem is that, since we don't know the
3783 * other end's MSS, we are supposed to use a conservative
3784 * default. But, if we do that, then MTU discovery will
3785 * never actually take place, because the conservative
3786 * default is much less than the MTUs typically seen
3787 * on the Internet today. For the moment, we'll sweep
3788 * this under the carpet.
3789 *
3790 * The conservative default might not actually be a problem
3791 * if the only case this occurs is when sending an initial
3792 * SYN with options and data to a host we've never talked
3793 * to before. Then, they will reply with an MSS value which
3794 * will get recorded and the new parameters should get
3795 * recomputed. For Further Study.
3796 */
3797 }
3798 mss = min(mss, offer);
3799
3800 /*
3801 * Sanity check: make sure that maxseg will be large
3802 * enough to allow some data on segments even if the
3803 * all the option space is used (40bytes). Otherwise
3804 * funny things may happen in tcp_output.
3805 *
3806 * XXXGL: shouldn't we reserve space for IP/IPv6 options?
3807 */
3808 mss = max(mss, 64);
3809
3810 tp->t_maxseg = mss;
3811}
3812
3813void
3814tcp_mss(struct tcpcb *tp, int offer)
3815{
3816 int mss;
3817 uint32_t bufsize;
3818 struct inpcb *inp;
3819 struct socket *so;
3820 struct hc_metrics_lite metrics;
3821 struct tcp_ifcap cap;
3822
3823 KASSERT(tp != NULL, ("%s: tp == NULL", __func__));
3824
3825 bzero(&cap, sizeof(cap));
3826 tcp_mss_update(tp, offer, -1, &metrics, &cap);
3827
3828 mss = tp->t_maxseg;
3829 inp = tp->t_inpcb;
3830
3831 /*
3832 * If there's a pipesize, change the socket buffer to that size,
3833 * don't change if sb_hiwat is different than default (then it
3834 * has been changed on purpose with setsockopt).
3835 * Make the socket buffers an integral number of mss units;
3836 * if the mss is larger than the socket buffer, decrease the mss.
3837 */
3838 so = inp->inp_socket;
3839 SOCKBUF_LOCK(&so->so_snd);
3840 if ((so->so_snd.sb_hiwat == V_tcp_sendspace) && metrics.rmx_sendpipe)
3841 bufsize = metrics.rmx_sendpipe;
3842 else
3843 bufsize = so->so_snd.sb_hiwat;
3844 if (bufsize < mss)
3845 mss = bufsize;
3846 else {
3847 bufsize = roundup(bufsize, mss);
3848 if (bufsize > sb_max)
3849 bufsize = sb_max;
3850 if (bufsize > so->so_snd.sb_hiwat)
3851 (void)sbreserve_locked(&so->so_snd, bufsize, so, NULL);
3852 }
3853 SOCKBUF_UNLOCK(&so->so_snd);
3854 /*
3855 * Sanity check: make sure that maxseg will be large
3856 * enough to allow some data on segments even if the
3857 * all the option space is used (40bytes). Otherwise
3858 * funny things may happen in tcp_output.
3859 *
3860 * XXXGL: shouldn't we reserve space for IP/IPv6 options?
3861 */
3862 tp->t_maxseg = max(mss, 64);
3863
3864 SOCKBUF_LOCK(&so->so_rcv);
3865 if ((so->so_rcv.sb_hiwat == V_tcp_recvspace) && metrics.rmx_recvpipe)
3866 bufsize = metrics.rmx_recvpipe;
3867 else
3868 bufsize = so->so_rcv.sb_hiwat;
3869 if (bufsize > mss) {
3870 bufsize = roundup(bufsize, mss);
3871 if (bufsize > sb_max)
3872 bufsize = sb_max;
3873 if (bufsize > so->so_rcv.sb_hiwat)
3874 (void)sbreserve_locked(&so->so_rcv, bufsize, so, NULL);
3875 }
3876 SOCKBUF_UNLOCK(&so->so_rcv);
3877
3878 /* Check the interface for TSO capabilities. */
3879 if (cap.ifcap & CSUM_TSO) {
3880 tp->t_flags |= TF_TSO;
3881 tp->t_tsomax = cap.tsomax;
3882 tp->t_tsomaxsegcount = cap.tsomaxsegcount;
3883 tp->t_tsomaxsegsize = cap.tsomaxsegsize;
3884 }
3885}
3886
3887/*
3888 * Determine the MSS option to send on an outgoing SYN.
3889 */
3890int
3891tcp_mssopt(struct in_conninfo *inc)
3892{
3893 int mss = 0;
3894 uint32_t thcmtu = 0;
3895 uint32_t maxmtu = 0;
3896 size_t min_protoh;
3897
3898 KASSERT(inc != NULL, ("tcp_mssopt with NULL in_conninfo pointer"));
3899
3900#ifdef INET6
3901 if (inc->inc_flags & INC_ISIPV6) {
3902 mss = V_tcp_v6mssdflt;
3903 maxmtu = tcp_maxmtu6(inc, NULL);
3904 min_protoh = sizeof(struct ip6_hdr) + sizeof(struct tcphdr);
3905 }
3906#endif
3907#if defined(INET) && defined(INET6)
3908 else
3909#endif
3910#ifdef INET
3911 {
3912 mss = V_tcp_mssdflt;
3913 maxmtu = tcp_maxmtu(inc, NULL);
3914 min_protoh = sizeof(struct tcpiphdr);
3915 }
3916#endif
3917#if defined(INET6) || defined(INET)
3918 thcmtu = tcp_hc_getmtu(inc); /* IPv4 and IPv6 */
3919#endif
3920
3921 if (maxmtu && thcmtu)
3922 mss = min(maxmtu, thcmtu) - min_protoh;
3923 else if (maxmtu || thcmtu)
3924 mss = max(maxmtu, thcmtu) - min_protoh;
3925
3926 return (mss);
3927}
3928
3929void
3930tcp_do_prr_ack(struct tcpcb *tp, struct tcphdr *th, struct tcpopt *to)
3931{
3932 int snd_cnt = 0, limit = 0, del_data = 0, pipe = 0;
3933 int maxseg = tcp_maxseg(tp);
3934
3935 INP_WLOCK_ASSERT(tp->t_inpcb);
3936
3937 /*
3938 * Compute the amount of data that this ACK is indicating
3939 * (del_data) and an estimate of how many bytes are in the
3940 * network.
3941 */
3942 if (((tp->t_flags & TF_SACK_PERMIT) &&
3943 (to->to_flags & TOF_SACK)) ||
3944 (IN_CONGRECOVERY(tp->t_flags) &&
3945 !IN_FASTRECOVERY(tp->t_flags))) {
3946 del_data = tp->sackhint.delivered_data;
3947 if (V_tcp_do_newsack)
3948 pipe = tcp_compute_pipe(tp);
3949 else
3950 pipe = (tp->snd_nxt - tp->snd_fack) +
3951 tp->sackhint.sack_bytes_rexmit;
3952 } else {
3953 if (tp->sackhint.prr_delivered < (tcprexmtthresh * maxseg +
3954 tp->snd_recover - tp->snd_una))
3955 del_data = maxseg;
3956 pipe = imax(0, tp->snd_max - tp->snd_una -
3957 imin(INT_MAX / 65536, tp->t_dupacks) * maxseg);
3958 }
3959 tp->sackhint.prr_delivered += del_data;
3960 /*
3961 * Proportional Rate Reduction
3962 */
3963 if (pipe >= tp->snd_ssthresh) {
3964 if (tp->sackhint.recover_fs == 0)
3965 tp->sackhint.recover_fs =
3966 imax(1, tp->snd_nxt - tp->snd_una);
3967 snd_cnt = howmany((long)tp->sackhint.prr_delivered *
3968 tp->snd_ssthresh, tp->sackhint.recover_fs) -
3969 tp->sackhint.prr_out;
3970 } else {
3971 if (V_tcp_do_prr_conservative || (del_data == 0))
3972 limit = tp->sackhint.prr_delivered -
3973 tp->sackhint.prr_out;
3974 else
3975 limit = imax(tp->sackhint.prr_delivered -
3976 tp->sackhint.prr_out, del_data) +
3977 maxseg;
3978 snd_cnt = imin((tp->snd_ssthresh - pipe), limit);
3979 }
3980 snd_cnt = imax(snd_cnt, 0) / maxseg;
3981 /*
3982 * Send snd_cnt new data into the network in response to this ack.
3983 * If there is going to be a SACK retransmission, adjust snd_cwnd
3984 * accordingly.
3985 */
3986 if (IN_FASTRECOVERY(tp->t_flags)) {
3987 if ((tp->t_flags & TF_SACK_PERMIT) &&
3988 (to->to_flags & TOF_SACK)) {
3989 tp->snd_cwnd = tp->snd_nxt - tp->snd_recover +
3990 tp->sackhint.sack_bytes_rexmit +
3991 (snd_cnt * maxseg);
3992 } else {
3993 tp->snd_cwnd = (tp->snd_max - tp->snd_una) +
3994 (snd_cnt * maxseg);
3995 }
3996 } else if (IN_CONGRECOVERY(tp->t_flags))
3997 tp->snd_cwnd = pipe - del_data + (snd_cnt * maxseg);
3998 tp->snd_cwnd = imax(maxseg, tp->snd_cwnd);
3999}
4000
4001/*
4002 * On a partial ack arrives, force the retransmission of the
4003 * next unacknowledged segment. Do not clear tp->t_dupacks.
4004 * By setting snd_nxt to ti_ack, this forces retransmission timer to
4005 * be started again.
4006 */
4007void
4008tcp_newreno_partial_ack(struct tcpcb *tp, struct tcphdr *th)
4009{
4010 tcp_seq onxt = tp->snd_nxt;
4011 uint32_t ocwnd = tp->snd_cwnd;
4012 u_int maxseg = tcp_maxseg(tp);
4013
4014 INP_WLOCK_ASSERT(tp->t_inpcb);
4015
4016 tcp_timer_activate(tp, TT_REXMT, 0);
4017 tp->t_rtttime = 0;
4018 tp->snd_nxt = th->th_ack;
4019 /*
4020 * Set snd_cwnd to one segment beyond acknowledged offset.
4021 * (tp->snd_una has not yet been updated when this function is called.)
4022 */
4023 tp->snd_cwnd = maxseg + BYTES_THIS_ACK(tp, th);
4024 tp->t_flags |= TF_ACKNOW;
4025 (void) tcp_output(tp);
4026 tp->snd_cwnd = ocwnd;
4027 if (SEQ_GT(onxt, tp->snd_nxt))
4028 tp->snd_nxt = onxt;
4029 /*
4030 * Partial window deflation. Relies on fact that tp->snd_una
4031 * not updated yet.
4032 */
4033 if (tp->snd_cwnd > BYTES_THIS_ACK(tp, th))
4034 tp->snd_cwnd -= BYTES_THIS_ACK(tp, th);
4035 else
4036 tp->snd_cwnd = 0;
4037 tp->snd_cwnd += maxseg;
4038}
4039
4040int
4041tcp_compute_pipe(struct tcpcb *tp)
4042{
4043 return (tp->snd_max - tp->snd_una +
4044 tp->sackhint.sack_bytes_rexmit -
4045 tp->sackhint.sacked_bytes);
4046}
4047
4048uint32_t
4049tcp_compute_initwnd(uint32_t maxseg)
4050{
4051 /*
4052 * Calculate the Initial Window, also used as Restart Window
4053 *
4054 * RFC5681 Section 3.1 specifies the default conservative values.
4055 * RFC3390 specifies slightly more aggressive values.
4056 * RFC6928 increases it to ten segments.
4057 * Support for user specified value for initial flight size.
4058 */
4059 if (V_tcp_initcwnd_segments)
4060 return min(V_tcp_initcwnd_segments * maxseg,
4061 max(2 * maxseg, V_tcp_initcwnd_segments * 1460));
4062 else if (V_tcp_do_rfc3390)
4063 return min(4 * maxseg, max(2 * maxseg, 4380));
4064 else {
4065 /* Per RFC5681 Section 3.1 */
4066 if (maxseg > 2190)
4067 return (2 * maxseg);
4068 else if (maxseg > 1095)
4069 return (3 * maxseg);
4070 else
4071 return (4 * maxseg);
4072 }
4073}
CC_NDUPACK
#define CC_NDUPACK
Definition: cc.h:137
CCF_CWND_LIMITED
#define CCF_CWND_LIMITED
Definition: cc.h:109
CCF_IPHDR_CE
#define CCF_IPHDR_CE
Definition: cc.h:112
CCF_TCPHDR_CWR
#define CCF_TCPHDR_CWR
Definition: cc.h:113
CC_ECN
#define CC_ECN
Definition: cc.h:134
CC_ALGO
#define CC_ALGO(tp)
Definition: cc.h:210
CCF_ABC_SENTAWND
#define CCF_ABC_SENTAWND
Definition: cc.h:108
CC_DUPACK
#define CC_DUPACK
Definition: cc.h:124
CC_ACK
#define CC_ACK
Definition: cc.h:123
CC_RTO
#define CC_RTO
Definition: cc.h:135
CCF_ACKNOW
#define CCF_ACKNOW
Definition: cc.h:111
CC_RTO_ERR
#define CC_RTO_ERR
Definition: cc.h:136
icmp6_error
void icmp6_error(struct mbuf *, int, int, int)
ICMP6_DST_UNREACH
#define ICMP6_DST_UNREACH
Definition: icmp6.h:91
ICMP6_DST_UNREACH_ADDR
#define ICMP6_DST_UNREACH_ADDR
Definition: icmp6.h:146
icmp_var.h
BANDLIM_UNLIMITED
#define BANDLIM_UNLIMITED
Definition: icmp_var.h:92
badport_bandlim
int badport_bandlim(int)
Definition: ip_icmp.c:1115
BANDLIM_RST_CLOSEDPORT
#define BANDLIM_RST_CLOSEDPORT
Definition: icmp_var.h:96
BANDLIM_RST_OPENPORT
#define BANDLIM_RST_OPENPORT
Definition: icmp_var.h:97
in_localip
bool in_localip(struct in_addr in)
Definition: in.c:131
in_localaddr
int in_localaddr(struct in_addr in)
Definition: in.c:111
in_broadcast
int in_broadcast(struct in_addr in, struct ifnet *ifp)
Definition: in.c:1213
uint32_t
__uint32_t uint32_t
Definition: in.h:62
uint16_t
__uint16_t uint16_t
Definition: in.h:57
uint8_t
__uint8_t uint8_t
Definition: in.h:52
INADDR_BROADCAST
#define INADDR_BROADCAST
Definition: in.h:49
IPPROTO_TCP
#define IPPROTO_TCP
Definition: in.h:45
in_pseudo
u_short in_pseudo(u_int32_t a, u_int32_t b, u_int32_t c)
Definition: in_cksum.c:197
in_kdtrace.h
TCP_PROBE5
#define TCP_PROBE5(probe, arg0, arg1, arg2, arg3, arg4)
Definition: in_kdtrace.h:47
TCP_PROBE6
#define TCP_PROBE6(probe, arg0, arg1, arg2, arg3, arg4, arg5)
Definition: in_kdtrace.h:49
TCP_PROBE3
#define TCP_PROBE3(probe, arg0, arg1, arg2)
Definition: in_kdtrace.h:43
in_pcb.h
INP_TRY_UPGRADE
#define INP_TRY_UPGRADE(inp)
Definition: in_pcb.h:524
INP_LOCK_ASSERT
#define INP_LOCK_ASSERT(inp)
Definition: in_pcb.h:527
INC_IPV6MINMTU
#define INC_IPV6MINMTU
Definition: in_pcb.h:125
INC_ISIPV6
#define INC_ISIPV6
Definition: in_pcb.h:124
in_pcblookup
struct inpcb * in_pcblookup(struct inpcbinfo *, struct in_addr, u_int, struct in_addr, u_int, int, struct ifnet *)
sotoinpcb
#define sotoinpcb(so)
Definition: in_pcb.h:701
INP_WLOCK_ASSERT
#define INP_WLOCK_ASSERT(inp)
Definition: in_pcb.h:529
INP_TIMEWAIT
#define INP_TIMEWAIT
Definition: in_pcb.h:644
in_pcblookup_mbuf
struct inpcb * in_pcblookup_mbuf(struct inpcbinfo *, struct in_addr, u_int, struct in_addr, u_int, int, struct ifnet *, struct mbuf *)
INP_DROPPED
#define INP_DROPPED
Definition: in_pcb.h:646
INP_WUNLOCK
#define INP_WUNLOCK(inp)
Definition: in_pcb.h:522
INPLOOKUP_RLOCKPCB
@ INPLOOKUP_RLOCKPCB
Definition: in_pcb.h:693
INPLOOKUP_WLOCKPCB
@ INPLOOKUP_WLOCKPCB
Definition: in_pcb.h:694
INPLOOKUP_WILDCARD
@ INPLOOKUP_WILDCARD
Definition: in_pcb.h:692
INP_UNLOCK
#define INP_UNLOCK(inp)
Definition: in_pcb.h:523
INP_RLOCK_ASSERT
#define INP_RLOCK_ASSERT(inp)
Definition: in_pcb.h:528
INP_IPV6
#define INP_IPV6
Definition: in_pcb.h:614
in_systm.h
IPV6_TRAFFIC_CLASS
#define IPV6_TRAFFIC_CLASS(ip6)
Definition: ip6.h:109
IPTOS_ECN_MASK
#define IPTOS_ECN_MASK
Definition: ip.h:135
IPTOS_ECN_ECT1
#define IPTOS_ECN_ECT1
Definition: ip.h:132
IPTOS_ECN_CE
#define IPTOS_ECN_CE
Definition: ip.h:134
IPTOS_ECN_ECT0
#define IPTOS_ECN_ECT0
Definition: ip.h:133
ip_v
u_char ip_v
Definition: ip.h:2
IPVERSION
#define IPVERSION
Definition: ip.h:46
IPTOS_ECN_NOTECT
#define IPTOS_ECN_NOTECT
Definition: ip.h:131
ip_icmp.h
ip_stripoptions
void ip_stripoptions(struct mbuf *m)
Definition: ip_options.c:483
ip_options.h
ip_var.h
cc_var::bytes_this_ack
int bytes_this_ack
Definition: cc.h:95
cc_var::nsegs
uint16_t nsegs
Definition: cc.h:103
cc_var::curack
tcp_seq curack
Definition: cc.h:96
cc_var::flags
uint32_t flags
Definition: cc.h:97
hc_metrics_lite
Definition: tcp_var.h:604
hc_metrics_lite::rmx_sendpipe
uint32_t rmx_sendpipe
Definition: tcp_var.h:610
hc_metrics_lite::rmx_recvpipe
uint32_t rmx_recvpipe
Definition: tcp_var.h:611
hc_metrics_lite::rmx_rtt
uint32_t rmx_rtt
Definition: tcp_var.h:607
hc_metrics_lite::rmx_mtu
uint32_t rmx_mtu
Definition: tcp_var.h:605
hc_metrics_lite::rmx_rttvar
uint32_t rmx_rttvar
Definition: tcp_var.h:608
hc_metrics_lite::rmx_ssthresh
uint32_t rmx_ssthresh
Definition: tcp_var.h:606
in_addr::s_addr
in_addr_t s_addr
Definition: in.h:84
in_conninfo
Definition: in_pcb.h:113
in_conninfo::inc_flags
u_int8_t inc_flags
Definition: in_pcb.h:114
in_conninfo::inc_fibnum
u_int16_t inc_fibnum
Definition: in_pcb.h:116
inpcb
Definition: in_pcb.h:217
inpcb::inp_socket
struct socket * inp_socket
Definition: in_pcb.h:254
inpcb::inp_ip_minttl
u_char inp_ip_minttl
Definition: in_pcb.h:263
inpcb::inp_flags
int inp_flags
Definition: in_pcb.h:246
inpcb::inp_vflag
u_char inp_vflag
Definition: in_pcb.h:260
inpcb::inp_flowtype
uint32_t inp_flowtype
Definition: in_pcb.h:266
inpcb::inp_flowid
uint32_t inp_flowid
Definition: in_pcb.h:264
inpcb::inp_inc
struct in_conninfo inp_inc
Definition: in_pcb.h:270
ip6_hdr
Definition: ip6.h:74
ip6_hdr::ip6_dst
struct in6_addr ip6_dst
Definition: ip6.h:85
ip6_hdr::ip6_src
struct in6_addr ip6_src
Definition: ip6.h:84
ip
Definition: ip.h:51
ip::ip_dst
struct in_addr ip_src ip_dst
Definition: ip.h:71
ip::ip_tos
u_char ip_tos
Definition: ip.h:60
ip::ip_hl
u_char ip_hl
Definition: ip.h:53
ip::ip_len
u_short ip_len
Definition: ip.h:61
ip::ip_v
u_char ip_v
Definition: ip.h:54
ip::ip_ttl
u_char ip_ttl
Definition: ip.h:68
ipovly
Definition: ip_var.h:47
ipovly::ih_len
u_short ih_len
Definition: ip_var.h:50
ipovly::ih_x1
u_char ih_x1[9]
Definition: ip_var.h:48
sackblk::end
tcp_seq end
Definition: tcp_var.h:98
sackblk::start
tcp_seq start
Definition: tcp_var.h:97
sackhint::prr_out
uint32_t prr_out
Definition: tcp_var.h:120
sackhint::prr_delivered
uint32_t prr_delivered
Definition: tcp_var.h:119
sackhint::last_sack_ack
tcp_seq last_sack_ack
Definition: tcp_var.h:111
sackhint::sack_bytes_rexmit
int32_t sack_bytes_rexmit
Definition: tcp_var.h:110
sackhint::recover_fs
uint32_t recover_fs
Definition: tcp_var.h:118
sackhint::delivered_data
int32_t delivered_data
Definition: tcp_var.h:113
sackhint::sacked_bytes
int32_t sacked_bytes
Definition: tcp_var.h:115
sockaddr_in
Definition: in.h:97
sockaddr_in::sin_addr
struct in_addr sin_addr
Definition: in.h:101
sockaddr_in::sin_port
in_port_t sin_port
Definition: in.h:100
tcp_function_block::tfb_tcp_do_segment
void(* tfb_tcp_do_segment)(struct mbuf *, struct tcphdr *, struct socket *, struct tcpcb *, int, int, uint8_t)
Definition: tcp_var.h:351
tcp_hhook_data
Definition: tcp_var.h:867
tcp_hhook_data::to
struct tcpopt * to
Definition: tcp_var.h:870
tcp_hhook_data::tp
struct tcpcb * tp
Definition: tcp_var.h:868
tcp_hhook_data::th
struct tcphdr * th
Definition: tcp_var.h:869
tcp_ifcap
Definition: tcp_var.h:618
tcp_ifcap::tsomax
u_int tsomax
Definition: tcp_var.h:620
tcp_ifcap::ifcap
int ifcap
Definition: tcp_var.h:619
tcp_ifcap::tsomaxsegcount
u_int tsomaxsegcount
Definition: tcp_var.h:621
tcp_ifcap::tsomaxsegsize
u_int tsomaxsegsize
Definition: tcp_var.h:622
tcpcb
Definition: tcp_var.h:132
tcpcb::last_ack_sent
tcp_seq last_ack_sent
Definition: tcp_var.h:174
tcpcb::iss
tcp_seq iss
Definition: tcp_var.h:194
tcpcb::snd_recover
tcp_seq snd_recover
Definition: tcp_var.h:198
tcpcb::t_rcvtime
u_int t_rcvtime
Definition: tcp_var.h:175
tcpcb::sackhint
struct sackhint sackhint
Definition: tcp_var.h:233
tcpcb::rcv_up
tcp_seq rcv_up
Definition: tcp_var.h:177
tcpcb::snd_nxt
tcp_seq snd_nxt
Definition: tcp_var.h:151
tcpcb::t_dupacks
int t_dupacks
Definition: tcp_var.h:249
tcpcb::t_softerror
int t_softerror
Definition: tcp_var.h:219
tcpcb::t_starttime
u_int t_starttime
Definition: tcp_var.h:208
tcpcb::t_tsomaxsegsize
u_int t_tsomaxsegsize
Definition: tcp_var.h:162
tcpcb::t_tfo_pending
unsigned int * t_tfo_pending
Definition: tcp_var.h:276
tcpcb::snd_fack
tcp_seq snd_fack
Definition: tcp_var.h:231
tcpcb::gput_seq
tcp_seq gput_seq
Definition: tcp_var.h:262
tcpcb::sackblks
struct sackblk sackblks[MAX_SACK_BLKS]
Definition: tcp_var.h:232
tcpcb::snd_scale
u_char snd_scale
Definition: tcp_var.h:170
tcpcb::t_badrxtwin
u_int t_badrxtwin
Definition: tcp_var.h:228
tcpcb::osd
struct osd * osd
Definition: tcp_var.h:242
tcpcb::t_tsomax
u_int t_tsomax
Definition: tcp_var.h:160
tcpcb::request_r_scale
u_char request_r_scale
Definition: tcp_var.h:173
tcpcb::snd_wnd
uint32_t snd_wnd
Definition: tcp_var.h:153
tcpcb::rfbuf_cnt
int rfbuf_cnt
Definition: tcp_var.h:235
tcpcb::t_rtseq
tcp_seq t_rtseq
Definition: tcp_var.h:207
tcpcb::ccv
struct cc_var * ccv
Definition: tcp_var.h:241
tcpcb::snd_max
tcp_seq snd_max
Definition: tcp_var.h:148
tcpcb::snd_cwnd_prev
uint32_t snd_cwnd_prev
Definition: tcp_var.h:222
tcpcb::gput_ack
tcp_seq gput_ack
Definition: tcp_var.h:263
tcpcb::snd_una
tcp_seq snd_una
Definition: tcp_var.h:147
tcpcb::t_state
uint32_t t_state
Definition: tcp_var.h:140
tcpcb::gput_ts
uint32_t gput_ts
Definition: tcp_var.h:261
tcpcb::rfbuf_ts
u_int32_t rfbuf_ts
Definition: tcp_var.h:158
tcpcb::t_rttmin
u_int t_rttmin
Definition: tcp_var.h:215
tcpcb::t_rttbest
u_int t_rttbest
Definition: tcp_var.h:217
tcpcb::rcv_scale
u_char rcv_scale
Definition: tcp_var.h:171
tcpcb::t_rttupdated
u_long t_rttupdated
Definition: tcp_var.h:226
tcpcb::t_stats_gput_prev
int32_t t_stats_gput_prev
Definition: tcp_var.h:264
tcpcb::t_rttvar
int t_rttvar
Definition: tcp_var.h:168
tcpcb::snd_recover_prev
tcp_seq snd_recover_prev
Definition: tcp_var.h:224
tcpcb::t_fbyte_in
u_int t_fbyte_in
Definition: tcp_var.h:209
tcpcb::snd_ssthresh
uint32_t snd_ssthresh
Definition: tcp_var.h:185
tcpcb::t_stats
struct statsblob * t_stats
Definition: tcp_var.h:259
tcpcb::snd_wl2
tcp_seq snd_wl2
Definition: tcp_var.h:191
tcpcb::rcv_wnd
uint32_t rcv_wnd
Definition: tcp_var.h:165
tcpcb::ts_recent
u_int32_t ts_recent
Definition: tcp_var.h:169
tcpcb::t_srtt
int t_srtt
Definition: tcp_var.h:167
tcpcb::ts_recent_age
u_int ts_recent_age
Definition: tcp_var.h:197
tcpcb::snd_ssthresh_prev
uint32_t snd_ssthresh_prev
Definition: tcp_var.h:223
tcpcb::t_oobflags
char t_oobflags
Definition: tcp_var.h:200
tcpcb::ts_offset
u_int32_t ts_offset
Definition: tcp_var.h:157
tcpcb::snd_wl1
tcp_seq snd_wl1
Definition: tcp_var.h:189
tcpcb::t_tsomaxsegcount
u_int t_tsomaxsegcount
Definition: tcp_var.h:161
tcpcb::t_iobc
char t_iobc
Definition: tcp_var.h:201
tcpcb::irs
tcp_seq irs
Definition: tcp_var.h:193
tcpcb::t_fbyte_out
u_int t_fbyte_out
Definition: tcp_var.h:210
tcpcb::t_rxtcur
int t_rxtcur
Definition: tcp_var.h:202
tcpcb::t_rxtshift
int t_rxtshift
Definition: tcp_var.h:204
tcpcb::t_flags2
u_int t_flags2
Definition: tcp_var.h:166
tcpcb::rcv_nxt
tcp_seq rcv_nxt
Definition: tcp_var.h:163
tcpcb::t_flags
u_int t_flags
Definition: tcp_var.h:146
tcpcb::t_rtttime
u_int t_rtttime
Definition: tcp_var.h:205
tcpcb::t_port
uint32_t t_port
Definition: tcp_var.h:139
tcpcb::t_bytes_acked
int t_bytes_acked
Definition: tcp_var.h:243
tcpcb::t_maxseg
uint32_t t_maxseg
Definition: tcp_var.h:137
tcpcb::max_sndwnd
uint32_t max_sndwnd
Definition: tcp_var.h:220
tcpcb::snd_cwnd
uint32_t snd_cwnd
Definition: tcp_var.h:154
tcpcb::t_fb
struct tcp_function_block * t_fb
Definition: tcp_var.h:135
tcpcb::t_rttlow
int t_rttlow
Definition: tcp_var.h:234
tcpcb::rcv_numsacks
int rcv_numsacks
Definition: tcp_var.h:159
tcpcb::t_inpcb
struct inpcb * t_inpcb
Definition: tcp_var.h:134
tcpcb::snd_limited
u_char snd_limited
Definition: tcp_var.h:172
tcpcb::rcv_adv
tcp_seq rcv_adv
Definition: tcp_var.h:164
tcpiphdr
Definition: tcpip.h:41
tcpopt::to_tfo_len
u_int8_t to_tfo_len
Definition: tcp_var.h:595
tcpopt::to_signature
u_char * to_signature
Definition: tcp_var.h:590
tcpopt::to_tsval
u_int32_t to_tsval
Definition: tcp_var.h:587
tcpopt::to_nsacks
u_int8_t to_nsacks
Definition: tcp_var.h:594
tcpopt::to_sacks
u_char * to_sacks
Definition: tcp_var.h:589
tcpopt::to_mss
u_int16_t to_mss
Definition: tcp_var.h:592
tcpopt::to_flags
u_int32_t to_flags
Definition: tcp_var.h:578
tcpopt::to_wscale
u_int8_t to_wscale
Definition: tcp_var.h:593
tcpopt::to_tfo_cookie
u_int8_t * to_tfo_cookie
Definition: tcp_var.h:591
tcpopt::to_tsecr
u_int32_t to_tsecr
Definition: tcp_var.h:588
VOI_TCP_FRWIN
#define VOI_TCP_FRWIN
Definition: tcp.h:430
VOI_TCP_GPUT_ND
#define VOI_TCP_GPUT_ND
Definition: tcp.h:436
VOI_TCP_CSIG
#define VOI_TCP_CSIG
Definition: tcp.h:433
VOI_TCP_CALCFRWINDIFF
#define VOI_TCP_CALCFRWINDIFF
Definition: tcp.h:435
VOI_TCP_LCWIN
#define VOI_TCP_LCWIN
Definition: tcp.h:431
VOI_TCP_ACKLEN
#define VOI_TCP_ACKLEN
Definition: tcp.h:437
VOI_TCP_GPUT
#define VOI_TCP_GPUT
Definition: tcp.h:434
VOI_TCP_RTT
#define VOI_TCP_RTT
Definition: tcp.h:432
tcp_trace
void tcp_trace(short act, short ostate, struct tcpcb *tp, void *ipgen, struct tcphdr *th, int req)
Definition: tcp_debug.c:99
tcp_debug.h
IP6_HDR_LEN
#define IP6_HDR_LEN
Definition: tcp_debug.h:50
TA_INPUT
#define TA_INPUT
Definition: tcp_debug.h:63
TA_DROP
#define TA_DROP
Definition: tcp_debug.h:67
tcp_ecn_input_segment
int tcp_ecn_input_segment(struct tcpcb *tp, uint16_t thflags, int iptos)
Definition: tcp_ecn.c:145
tcp_ecn_input_syn_sent
void tcp_ecn_input_syn_sent(struct tcpcb *tp, uint16_t thflags, int iptos)
Definition: tcp_ecn.c:110
tcp_ecn_input_parallel_syn
void tcp_ecn_input_parallel_syn(struct tcpcb *tp, uint16_t thflags, int iptos)
Definition: tcp_ecn.c:125
tcp_ecn.h
tcp_fastopen_disable_path
void tcp_fastopen_disable_path(struct tcpcb *tp)
Definition: tcp_fastopen.c:956
tcp_fastopen_decrement_counter
void tcp_fastopen_decrement_counter(unsigned int *counter)
Definition: tcp_fastopen.c:479
tcp_fastopen_update_cache
void tcp_fastopen_update_cache(struct tcpcb *tp, uint16_t mss, uint8_t cookie_len, uint8_t *cookie)
Definition: tcp_fastopen.c:981
tcp_fastopen.h
V_tcp_fastopen_server_enable
#define V_tcp_fastopen_server_enable
Definition: tcp_fastopen.h:46
V_tcp_fastopen_client_enable
#define V_tcp_fastopen_client_enable
Definition: tcp_fastopen.h:45
tcp_fsm.h
TCPS_CLOSING
#define TCPS_CLOSING
Definition: tcp_fsm.h:56
TCPS_FIN_WAIT_1
#define TCPS_FIN_WAIT_1
Definition: tcp_fsm.h:55
TCPS_TIME_WAIT
#define TCPS_TIME_WAIT
Definition: tcp_fsm.h:60
TCPS_HAVERCVDFIN
#define TCPS_HAVERCVDFIN(s)
Definition: tcp_fsm.h:64
TCPS_ESTABLISHED
#define TCPS_ESTABLISHED
Definition: tcp_fsm.h:52
TCPS_SYN_SENT
#define TCPS_SYN_SENT
Definition: tcp_fsm.h:49
TCPS_SYN_RECEIVED
#define TCPS_SYN_RECEIVED
Definition: tcp_fsm.h:50
TCPS_LAST_ACK
#define TCPS_LAST_ACK
Definition: tcp_fsm.h:57
TCPS_CLOSE_WAIT
#define TCPS_CLOSE_WAIT
Definition: tcp_fsm.h:53
TCPS_LISTEN
#define TCPS_LISTEN
Definition: tcp_fsm.h:48
TCPS_FIN_WAIT_2
#define TCPS_FIN_WAIT_2
Definition: tcp_fsm.h:59
TCPS_HAVEESTABLISHED
#define TCPS_HAVEESTABLISHED(s)
Definition: tcp_fsm.h:63
TCP_NSTATES
#define TCP_NSTATES
Definition: tcp_fsm.h:45
TCPS_CLOSED
#define TCPS_CLOSED
Definition: tcp_fsm.h:47
tcp_hc_getmtu
uint32_t tcp_hc_getmtu(struct in_conninfo *inc)
Definition: tcp_hostcache.c:416
tcp_hc_get
void tcp_hc_get(struct in_conninfo *inc, struct hc_metrics_lite *hc_metrics_lite)
Definition: tcp_hostcache.c:377
VNET_PCPUSTAT_DEFINE
VNET_PCPUSTAT_DEFINE(struct tcpstat, tcpstat)
tcp_do_prr_ack
void tcp_do_prr_ack(struct tcpcb *tp, struct tcphdr *th, struct tcpopt *to)
Definition: tcp_input.c:3930
tcp_input_with_port
int tcp_input_with_port(struct mbuf **mp, int *offp, int proto, uint16_t port)
Definition: tcp_input.c:608
SYSCTL_INT
SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_VNET|CTLFLAG_RW, &VNET_NAME(tcp_log_in_vain), 0, "Log all incoming TCP segments to closed ports")
tcp_pulloutofband
void tcp_pulloutofband(struct socket *so, struct tcphdr *th, struct mbuf *m, int off)
Definition: tcp_input.c:3530
tcp_newreno_partial_ack
void tcp_newreno_partial_ack(struct tcpcb *tp, struct tcphdr *th)
Definition: tcp_input.c:4008
tcp_dropwithreset
void tcp_dropwithreset(struct mbuf *m, struct tcphdr *th, struct tcpcb *tp, int tlen, int rstreason)
Definition: tcp_input.c:3357
VNET_DEFINE
VNET_DEFINE(int, tcp_log_in_vain)=0
tcp_autorcvbuf
int tcp_autorcvbuf(struct mbuf *m, struct tcphdr *th, struct socket *so, struct tcpcb *tp, int tlen)
Definition: tcp_input.c:1465
cc_ecnpkt_handler
void cc_ecnpkt_handler(struct tcpcb *tp, struct tcphdr *th, uint8_t iptos)
Definition: tcp_input.c:550
SYSCTL_VNET_PCPUSTAT
SYSCTL_VNET_PCPUSTAT(_net_inet_tcp, TCPCTL_STATS, stats, struct tcpstat, tcpstat, "TCP statistics (struct tcpstat, netinet/tcp_var.h)")
cc_ecnpkt_handler_flags
void cc_ecnpkt_handler_flags(struct tcpcb *tp, uint16_t flags, uint8_t iptos)
Definition: tcp_input.c:517
V_tcp_recvspace
#define V_tcp_recvspace
Definition: tcp_input.c:234
cc_post_recovery
void cc_post_recovery(struct tcpcb *tp, struct tcphdr *th)
Definition: tcp_input.c:485
tcp_compute_initwnd
uint32_t tcp_compute_initwnd(uint32_t maxseg)
Definition: tcp_input.c:4049
SYSCTL_NODE
static SYSCTL_NODE(_net_inet_tcp, OID_AUTO, ecn, CTLFLAG_RW|CTLFLAG_MPSAFE, 0, "TCP ECN")
tcp_dooptions
void tcp_dooptions(struct tcpopt *to, u_char *cp, int cnt, int flags)
Definition: tcp_input.c:3422
__FBSDID
__FBSDID("$FreeBSD$")
cc_cong_signal
void cc_cong_signal(struct tcpcb *tp, struct tcphdr *th, uint32_t type)
Definition: tcp_input.c:424
cc_conn_init
void cc_conn_init(struct tcpcb *tp)
Definition: tcp_input.c:368
tcp_do_segment
void tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so, struct tcpcb *tp, int drop_hdrlen, int tlen, uint8_t iptos)
Definition: tcp_input.c:1518
V_blackhole
#define V_blackhole
Definition: tcp_input.c:143
SYSCTL_BOOL
SYSCTL_BOOL(_net_inet_tcp, OID_AUTO, blackhole_local, CTLFLAG_VNET|CTLFLAG_RW, &VNET_NAME(blackhole_local), false, "Enforce net.inet.tcp.blackhole for locally originated packets")
DELAY_ACK
#define DELAY_ACK(tp, tlen)
Definition: tcp_input.c:510
tcp_handle_wakeup
void tcp_handle_wakeup(struct tcpcb *tp, struct socket *so)
Definition: tcp_input.c:1496
SYSCTL_COUNTER_U64_ARRAY
SYSCTL_COUNTER_U64_ARRAY(_net_inet_tcp, TCPCTL_STATES, states, CTLFLAG_RD|CTLFLAG_VNET, &VNET_NAME(tcps_states)[0], TCP_NSTATES, "TCP connection counts by TCP state")
tcp_mssopt
int tcp_mssopt(struct in_conninfo *inc)
Definition: tcp_input.c:3891
tcp_mss
void tcp_mss(struct tcpcb *tp, int offer)
Definition: tcp_input.c:3814
tcp_xmit_timer
void tcp_xmit_timer(struct tcpcb *tp, int rtt)
Definition: tcp_input.c:3563
tcp_mss_update
void tcp_mss_update(struct tcpcb *tp, int offer, int mtuoffer, struct hc_metrics_lite *metricptr, struct tcp_ifcap *cap)
Definition: tcp_input.c:3665
tcp_input
int tcp_input(struct mbuf **mp, int *offp, int proto)
Definition: tcp_input.c:1490
tcp_compute_pipe
int tcp_compute_pipe(struct tcpcb *tp)
Definition: tcp_input.c:4041
tcprexmtthresh
const int tcprexmtthresh
Definition: tcp_input.c:135
kmod_tcpstat_add
void kmod_tcpstat_add(int statnum, int val)
Definition: tcp_input.c:267
V_blackhole_local
#define V_blackhole_local
Definition: tcp_input.c:149
cc_ack_received
void cc_ack_received(struct tcpcb *tp, struct tcphdr *th, uint16_t nsegs, uint16_t type)
Definition: tcp_input.c:297
tcp_log_buf.h
TCP_LOG_EVENT
#define TCP_LOG_EVENT(tp, th, rxbuf, txbuf, eventid, errornum, len, stackinfo, th_hostorder)
Definition: tcp_log_buf.h:334
TCP_LOG_IN
@ TCP_LOG_IN
Definition: tcp_log_buf.h:174
tcp_offload_input
void tcp_offload_input(struct tcpcb *tp, struct mbuf *m)
Definition: tcp_offload.c:132
tcp_offload.h
V_tcp_sendspace
#define V_tcp_sendspace
Definition: tcp_output.c:123
tcp_pcap_add
void tcp_pcap_add(struct tcphdr *th, struct mbuf *m, struct mbufq *queue)
Definition: tcp_pcap.c:264
tcp_pcap.h
delayed_ack
uint8_t delayed_ack
Definition: tcp_rack.h:99
tcp_reass
int tcp_reass(struct tcpcb *tp, struct tcphdr *th, tcp_seq *seq_start, int *tlenp, struct mbuf *m)
Definition: tcp_reass.c:526
tcp_update_dsack_list
void tcp_update_dsack_list(struct tcpcb *tp, tcp_seq rcv_start, tcp_seq rcv_end)
Definition: tcp_sack.c:176
tcp_clean_sackreport
void tcp_clean_sackreport(struct tcpcb *tp)
Definition: tcp_sack.c:451
tcp_sack_partialack
void tcp_sack_partialack(struct tcpcb *tp, struct tcphdr *th)
Definition: tcp_sack.c:853
tcp_sack_doack
int tcp_sack_doack(struct tcpcb *tp, struct tcpopt *to, tcp_seq th_ack)
Definition: tcp_sack.c:558
tcp_update_sack_list
void tcp_update_sack_list(struct tcpcb *tp, tcp_seq rcv_start, tcp_seq rcv_end)
Definition: tcp_sack.c:272
tcp_sack_lost_retransmission
void tcp_sack_lost_retransmission(struct tcpcb *tp, struct tcphdr *th)
Definition: tcp_sack.c:1013
tcp_seq.h
SEQ_GEQ
#define SEQ_GEQ(a, b)
Definition: tcp_seq.h:45
TSTMP_GEQ
#define TSTMP_GEQ(a, b)
Definition: tcp_seq.h:61
SEQ_GT
#define SEQ_GT(a, b)
Definition: tcp_seq.h:44
tcp_ts_getticks
static __inline uint32_t tcp_ts_getticks(void)
Definition: tcp_seq.h:89
TSTMP_LT
#define TSTMP_LT(a, b)
Definition: tcp_seq.h:59
SEQ_LEQ
#define SEQ_LEQ(a, b)
Definition: tcp_seq.h:43
tcp_rcvseqinit
#define tcp_rcvseqinit(tp)
Definition: tcp_seq.h:68
TSTMP_GT
#define TSTMP_GT(a, b)
Definition: tcp_seq.h:60
TCP_PAWS_IDLE
#define TCP_PAWS_IDLE
Definition: tcp_seq.h:82
SEQ_LT
#define SEQ_LT(a, b)
Definition: tcp_seq.h:42
TCP_TS_TO_TICKS
#define TCP_TS_TO_TICKS(_t)
Definition: tcp_seq.h:79
tcp_log_addrs
char * tcp_log_addrs(struct in_conninfo *inc, struct tcphdr *th, void *ip4hdr, const void *ip6hdr)
Definition: tcp_subr.c:3901
tcp_drop
struct tcpcb * tcp_drop(struct tcpcb *tp, int errno)
Definition: tcp_subr.c:2283
tcp_log_vain
char * tcp_log_vain(struct in_conninfo *inc, struct tcphdr *th, void *ip4hdr, const void *ip6hdr)
Definition: tcp_subr.c:3889
tcp_maxseg
u_int tcp_maxseg(const struct tcpcb *tp)
Definition: tcp_subr.c:3538
tcp_state_change
void tcp_state_change(struct tcpcb *tp, int newstate)
Definition: tcp_subr.c:3999
tcp_close
struct tcpcb * tcp_close(struct tcpcb *tp)
Definition: tcp_subr.c:2471
tcp_respond
void tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m, tcp_seq ack, tcp_seq seq, int flags)
Definition: tcp_subr.c:1728
syncache_add
struct socket * syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, struct inpcb *inp, struct socket *so, struct mbuf *m, void *tod, void *todctx, uint8_t iptos, uint16_t port)
Definition: tcp_syncache.c:1402
syncache_chkrst
void syncache_chkrst(struct in_conninfo *inc, struct tcphdr *th, struct mbuf *m, uint16_t port)
Definition: tcp_syncache.c:615
syncache_expand
int syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, struct socket **lsop, struct mbuf *m, uint16_t port)
Definition: tcp_syncache.c:1090
syncache_badack
void syncache_badack(struct in_conninfo *inc, uint16_t port)
Definition: tcp_syncache.c:732
tcp_syncache.h
tcp_timer_active
int tcp_timer_active(struct tcpcb *tp, uint32_t timer_type)
Definition: tcp_timer.c:905
tcp_delacktime
int tcp_delacktime
Definition: tcp_timer.c:114
tcp_timer_activate
void tcp_timer_activate(struct tcpcb *tp, uint32_t timer_type, u_int delta)
Definition: tcp_timer.c:854
tcp_finwait2_timeout
int tcp_finwait2_timeout
Definition: tcp_timer.c:154
tcp_fast_finwait2_recycle
int tcp_fast_finwait2_recycle
Definition: tcp_timer.c:149
tcp_timer.h
TP_MAXIDLE
#define TP_MAXIDLE(tp)
Definition: tcp_timer.h:184
TP_KEEPIDLE
#define TP_KEEPIDLE(tp)
Definition: tcp_timer.h:181
TT_KEEP
#define TT_KEEP
Definition: tcp_timer.h:164
TCPT_RANGESET
#define TCPT_RANGESET(tv, value, tvmin, tvmax)
Definition: tcp_timer.h:136
TCPTV_REXMTMAX
#define TCPTV_REXMTMAX
Definition: tcp_timer.h:113
TT_2MSL
#define TT_2MSL
Definition: tcp_timer.h:165
TCP_RTT_INVALIDATE
#define TCP_RTT_INVALIDATE
Definition: tcp_timer.h:126
TT_DELACK
#define TT_DELACK
Definition: tcp_timer.h:161
TT_PERSIST
#define TT_PERSIST
Definition: tcp_timer.h:163
TT_REXMT
#define TT_REXMT
Definition: tcp_timer.h:162
tcp_twstart
void tcp_twstart(struct tcpcb *tp)
Definition: tcp_timewait.c:236
tcp_twcheck
int tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th, struct mbuf *m, int tlen)
Definition: tcp_timewait.c:392
tcp_var.h
TOF_MSS
#define TOF_MSS
Definition: tcp_var.h:579
V_tcp_do_rfc3042
#define V_tcp_do_rfc3042
Definition: tcp_var.h:1042
TF_SIGNATURE
#define TF_SIGNATURE
Definition: tcp_var.h:519
TF_ACKNOW
#define TF_ACKNOW
Definition: tcp_var.h:497
tcp_maxmtu6
uint32_t tcp_maxmtu6(struct in_conninfo *, struct tcp_ifcap *)
TOF_SIGNATURE
#define TOF_SIGNATURE
Definition: tcp_var.h:583
tcp_get_flags
static uint16_t tcp_get_flags(const struct tcphdr *th)
Definition: tcp_var.h:1265
SEGQ_EMPTY
#define SEGQ_EMPTY(tp)
Definition: tcp_var.h:123
TOF_FASTOPEN
#define TOF_FASTOPEN
Definition: tcp_var.h:585
TCP_DELTA_SHIFT
#define TCP_DELTA_SHIFT
Definition: tcp_var.h:662
IN_CONGRECOVERY
#define IN_CONGRECOVERY(t_flags)
Definition: tcp_var.h:534
TF2_ECN_PERMIT
#define TF2_ECN_PERMIT
Definition: tcp_var.h:564
IN_FASTRECOVERY
#define IN_FASTRECOVERY(t_flags)
Definition: tcp_var.h:530
TF_RCVD_SCALE
#define TF_RCVD_SCALE
Definition: tcp_var.h:503
V_tcp_autorcvbuf_max
#define V_tcp_autorcvbuf_max
Definition: tcp_var.h:1032
V_tcp_insecure_rst
#define V_tcp_insecure_rst
Definition: tcp_var.h:1050
V_tcp_udp_tunneling_overhead
#define V_tcp_udp_tunneling_overhead
Definition: tcp_var.h:1066
sototcpcb
#define sototcpcb(so)
Definition: tcp_var.h:647
TF_NEEDFIN
#define TF_NEEDFIN
Definition: tcp_var.h:508
TOF_SACKPERM
#define TOF_SACKPERM
Definition: tcp_var.h:581
TCPCTL_RECVSPACE
#define TCPCTL_RECVSPACE
Definition: tcp_var.h:957
TCPCTL_STATS
#define TCPCTL_STATS
Definition: tcp_var.h:952
TF_WAKESOR
#define TF_WAKESOR
Definition: tcp_var.h:511
TCPSTAT_ADD
#define TCPSTAT_ADD(name, val)
Definition: tcp_var.h:840
V_tcp_do_newcwv
#define V_tcp_do_newcwv
Definition: tcp_var.h:1027
intotcpcb
#define intotcpcb(ip)
Definition: tcp_var.h:645
TO_SYN
#define TO_SYN
Definition: tcp_var.h:602
TF_TSO
#define TF_TSO
Definition: tcp_var.h:521
V_tcp_mssdflt
#define V_tcp_mssdflt
Definition: tcp_var.h:1055
TF2_ECN_SND_CWR
#define TF2_ECN_SND_CWR
Definition: tcp_var.h:565
TF2_FBYTES_COMPLETE
#define TF2_FBYTES_COMPLETE
Definition: tcp_var.h:568
V_tcp_do_prr
#define V_tcp_do_prr
Definition: tcp_var.h:1025
TF_LRD
#define TF_LRD
Definition: tcp_var.h:525
TF_REQ_SCALE
#define TF_REQ_SCALE
Definition: tcp_var.h:502
TCPCTL_STATES
#define TCPCTL_STATES
Definition: tcp_var.h:964
TF_NOOPT
#define TF_NOOPT
Definition: tcp_var.h:500
TCP_REXMTVAL
#define TCP_REXMTVAL(tp)
Definition: tcp_var.h:680
TF_DELACK
#define TF_DELACK
Definition: tcp_var.h:498
TF_WASFRECOVERY
#define TF_WASFRECOVERY
Definition: tcp_var.h:518
TF_SENTFIN
#define TF_SENTFIN
Definition: tcp_var.h:501
TF_PREVVALID
#define TF_PREVVALID
Definition: tcp_var.h:510
tcp_fields_to_host
static void tcp_fields_to_host(struct tcphdr *th)
Definition: tcp_var.h:1245
TOF_SCALE
#define TOF_SCALE
Definition: tcp_var.h:580
V_tcp_initcwnd_segments
#define V_tcp_initcwnd_segments
Definition: tcp_var.h:1049
TF_TOE
#define TF_TOE
Definition: tcp_var.h:522
TF_GPUTINPROG
#define TF_GPUTINPROG
Definition: tcp_var.h:512
TCP_RTT_SCALE
#define TCP_RTT_SCALE
Definition: tcp_var.h:658
V_tcp_log_in_vain
#define V_tcp_log_in_vain
Definition: tcp_var.h:974
TF_RCVD_TSTMP
#define TF_RCVD_TSTMP
Definition: tcp_var.h:505
TCPOOB_HAVEDATA
#define TCPOOB_HAVEDATA
Definition: tcp_var.h:553
tcp_maxmtu
uint32_t tcp_maxmtu(struct in_conninfo *, struct tcp_ifcap *)
TOF_SACK
#define TOF_SACK
Definition: tcp_var.h:584
TCPOOB_HADDATA
#define TCPOOB_HADDATA
Definition: tcp_var.h:554
EXIT_CONGRECOVERY
#define EXIT_CONGRECOVERY(t_flags)
Definition: tcp_var.h:536
IN_RECOVERY
#define IN_RECOVERY(t_flags)
Definition: tcp_var.h:538
V_tcp_insecure_syn
#define V_tcp_insecure_syn
Definition: tcp_var.h:1051
V_tcp_tolerate_missing_ts
#define V_tcp_tolerate_missing_ts
Definition: tcp_var.h:1040
BYTES_THIS_ACK
#define BYTES_THIS_ACK(tp, th)
Definition: tcp_var.h:548
TF_WASCRECOVERY
#define TF_WASCRECOVERY
Definition: tcp_var.h:527
V_tcp_do_newsack
#define V_tcp_do_newsack
Definition: tcp_var.h:1045
V_tcp_sc_rst_sock_fail
#define V_tcp_sc_rst_sock_fail
Definition: tcp_var.h:1064
V_tcp_do_autorcvbuf
#define V_tcp_do_autorcvbuf
Definition: tcp_var.h:1036
V_tcp_do_sack
#define V_tcp_do_sack
Definition: tcp_var.h:1046
TCPSTAT_INC
#define TCPSTAT_INC(name)
Definition: tcp_var.h:842
IS_FASTOPEN
#define IS_FASTOPEN(t_flags)
Definition: tcp_var.h:543
TCP_RTTVAR_SHIFT
#define TCP_RTTVAR_SHIFT
Definition: tcp_var.h:661
ENTER_FASTRECOVERY
#define ENTER_FASTRECOVERY(t_flags)
Definition: tcp_var.h:531
TF_NEEDSYN
#define TF_NEEDSYN
Definition: tcp_var.h:507
TF_SACK_PERMIT
#define TF_SACK_PERMIT
Definition: tcp_var.h:506
V_path_mtu_discovery
#define V_path_mtu_discovery
Definition: tcp_var.h:1029
V_tcp_minmss
#define V_tcp_minmss
Definition: tcp_var.h:1054
V_tcbinfo
#define V_tcbinfo
Definition: tcp_var.h:1030
TCP_RTTVAR_SCALE
#define TCP_RTTVAR_SCALE
Definition: tcp_var.h:660
TF_REQ_TSTMP
#define TF_REQ_TSTMP
Definition: tcp_var.h:504
V_tcp_do_rfc3390
#define V_tcp_do_rfc3390
Definition: tcp_var.h:1043
TOF_TS
#define TOF_TS
Definition: tcp_var.h:582
EXIT_RECOVERY
#define EXIT_RECOVERY(t_flags)
Definition: tcp_var.h:540
ENTER_CONGRECOVERY
#define ENTER_CONGRECOVERY(t_flags)
Definition: tcp_var.h:535
V_tcp_do_prr_conservative
#define V_tcp_do_prr_conservative
Definition: tcp_var.h:1026
HHOOK_TCP_EST_IN
#define HHOOK_TCP_EST_IN
Definition: tcp_var.h:863
V_drop_synfin
#define V_drop_synfin
Definition: tcp_var.h:1028
TCP_RTT_SHIFT
#define TCP_RTT_SHIFT
Definition: tcp_var.h:659