FreeBSD kernel IPv4 code
tcp_subr.c
Go to the documentation of this file.
1/*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95
32 */
33
34#include <sys/cdefs.h>
35__FBSDID("$FreeBSD$");
36
37#include "opt_inet.h"
38#include "opt_inet6.h"
39#include "opt_ipsec.h"
40#include "opt_kern_tls.h"
41#include "opt_tcpdebug.h"
42
43#include <sys/param.h>
44#include <sys/systm.h>
45#include <sys/arb.h>
46#include <sys/callout.h>
47#include <sys/eventhandler.h>
48#ifdef TCP_HHOOK
49#include <sys/hhook.h>
50#endif
51#include <sys/kernel.h>
52#ifdef TCP_HHOOK
53#include <sys/khelp.h>
54#endif
55#ifdef KERN_TLS
56#include <sys/ktls.h>
57#endif
58#include <sys/qmath.h>
59#include <sys/stats.h>
60#include <sys/sysctl.h>
61#include <sys/jail.h>
62#include <sys/malloc.h>
63#include <sys/refcount.h>
64#include <sys/mbuf.h>
65#ifdef INET6
66#include <sys/domain.h>
67#endif
68#include <sys/priv.h>
69#include <sys/proc.h>
70#include <sys/sdt.h>
71#include <sys/socket.h>
72#include <sys/socketvar.h>
73#include <sys/protosw.h>
74#include <sys/random.h>
75
76#include <vm/uma.h>
77
78#include <net/route.h>
79#include <net/route/nhop.h>
80#include <net/if.h>
81#include <net/if_var.h>
82#include <net/vnet.h>
83
84#include <netinet/in.h>
85#include <netinet/in_fib.h>
86#include <netinet/in_kdtrace.h>
87#include <netinet/in_pcb.h>
88#include <netinet/in_systm.h>
89#include <netinet/in_var.h>
90#include <netinet/ip.h>
91#include <netinet/ip_icmp.h>
92#include <netinet/ip_var.h>
93#ifdef INET6
94#include <netinet/icmp6.h>
95#include <netinet/ip6.h>
96#include <netinet6/in6_fib.h>
97#include <netinet6/in6_pcb.h>
98#include <netinet6/ip6_var.h>
99#include <netinet6/scope6_var.h>
100#include <netinet6/nd6.h>
101#endif
102
103#include <netinet/tcp.h>
104#ifdef INVARIANTS
105#define TCPSTATES
106#endif
107#include <netinet/tcp_fsm.h>
108#include <netinet/tcp_seq.h>
109#include <netinet/tcp_timer.h>
110#include <netinet/tcp_var.h>
111#include <netinet/tcp_log_buf.h>
112#include <netinet/tcp_syncache.h>
113#include <netinet/tcp_hpts.h>
114#include <netinet/cc/cc.h>
115#ifdef INET6
116#include <netinet6/tcp6_var.h>
117#endif
118#include <netinet/tcpip.h>
119#include <netinet/tcp_fastopen.h>
120#ifdef TCPPCAP
121#include <netinet/tcp_pcap.h>
122#endif
123#ifdef TCPDEBUG
124#include <netinet/tcp_debug.h>
125#endif
126#ifdef INET6
127#include <netinet6/ip6protosw.h>
128#endif
129#ifdef TCP_OFFLOAD
130#include <netinet/tcp_offload.h>
131#endif
132#include <netinet/udp.h>
133#include <netinet/udp_var.h>
134
135#include <netipsec/ipsec_support.h>
136
137#include <machine/in_cksum.h>
138#include <crypto/siphash/siphash.h>
139
140#include <security/mac/mac_framework.h>
141
142VNET_DEFINE(int, tcp_mssdflt) = TCP_MSS;
143#ifdef INET6
144VNET_DEFINE(int, tcp_v6mssdflt) = TCP6_MSS;
145#endif
146
147#ifdef NETFLIX_EXP_DETECTION
148/* Sack attack detection thresholds and such */
149SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack_attack,
150 CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
151 "Sack Attack detection thresholds");
152int32_t tcp_force_detection = 0;
153SYSCTL_INT(_net_inet_tcp_sack_attack, OID_AUTO, force_detection,
154 CTLFLAG_RW,
155 &tcp_force_detection, 0,
156 "Do we force detection even if the INP has it off?");
157int32_t tcp_sack_to_ack_thresh = 700; /* 70 % */
158SYSCTL_INT(_net_inet_tcp_sack_attack, OID_AUTO, sack_to_ack_thresh,
159 CTLFLAG_RW,
160 &tcp_sack_to_ack_thresh, 700,
161 "Percentage of sacks to acks we must see above (10.1 percent is 101)?");
162int32_t tcp_sack_to_move_thresh = 600; /* 60 % */
163SYSCTL_INT(_net_inet_tcp_sack_attack, OID_AUTO, move_thresh,
164 CTLFLAG_RW,
165 &tcp_sack_to_move_thresh, 600,
166 "Percentage of sack moves we must see above (10.1 percent is 101)");
167int32_t tcp_restoral_thresh = 650; /* 65 % (sack:2:ack -5%) */
168SYSCTL_INT(_net_inet_tcp_sack_attack, OID_AUTO, restore_thresh,
169 CTLFLAG_RW,
170 &tcp_restoral_thresh, 550,
171 "Percentage of sack to ack percentage we must see below to restore(10.1 percent is 101)");
172int32_t tcp_sad_decay_val = 800;
173SYSCTL_INT(_net_inet_tcp_sack_attack, OID_AUTO, decay_per,
174 CTLFLAG_RW,
175 &tcp_sad_decay_val, 800,
176 "The decay percentage (10.1 percent equals 101 )");
177int32_t tcp_map_minimum = 500;
178SYSCTL_INT(_net_inet_tcp_sack_attack, OID_AUTO, nummaps,
179 CTLFLAG_RW,
180 &tcp_map_minimum, 500,
181 "Number of Map enteries before we start detection");
182int32_t tcp_attack_on_turns_on_logging = 0;
183SYSCTL_INT(_net_inet_tcp_sack_attack, OID_AUTO, attacks_logged,
184 CTLFLAG_RW,
185 &tcp_attack_on_turns_on_logging, 0,
186 "When we have a positive hit on attack, do we turn on logging?");
187int32_t tcp_sad_pacing_interval = 2000;
188SYSCTL_INT(_net_inet_tcp_sack_attack, OID_AUTO, sad_pacing_int,
189 CTLFLAG_RW,
190 &tcp_sad_pacing_interval, 2000,
191 "What is the minimum pacing interval for a classified attacker?");
192
193int32_t tcp_sad_low_pps = 100;
194SYSCTL_INT(_net_inet_tcp_sack_attack, OID_AUTO, sad_low_pps,
195 CTLFLAG_RW,
196 &tcp_sad_low_pps, 100,
197 "What is the input pps that below which we do not decay?");
198#endif
199uint32_t tcp_ack_war_time_window = 1000;
200SYSCTL_UINT(_net_inet_tcp, OID_AUTO, ack_war_timewindow,
201 CTLFLAG_RW,
202 &tcp_ack_war_time_window, 1000,
203 "If the tcp_stack does ack-war prevention how many milliseconds are in its time window?");
204uint32_t tcp_ack_war_cnt = 5;
205SYSCTL_UINT(_net_inet_tcp, OID_AUTO, ack_war_cnt,
206 CTLFLAG_RW,
207 &tcp_ack_war_cnt, 5,
208 "If the tcp_stack does ack-war prevention how many acks can be sent in its time window?");
209
210struct rwlock tcp_function_lock;
211
212static int
213sysctl_net_inet_tcp_mss_check(SYSCTL_HANDLER_ARGS)
214{
215 int error, new;
216
217 new = V_tcp_mssdflt;
218 error = sysctl_handle_int(oidp, &new, 0, req);
219 if (error == 0 && req->newptr) {
220 if (new < TCP_MINMSS)
221 error = EINVAL;
222 else
223 V_tcp_mssdflt = new;
224 }
225 return (error);
226}
227
228SYSCTL_PROC(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt,
229 CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
230 &VNET_NAME(tcp_mssdflt), 0, &sysctl_net_inet_tcp_mss_check, "I",
231 "Default TCP Maximum Segment Size");
232
233#ifdef INET6
234static int
235sysctl_net_inet_tcp_mss_v6_check(SYSCTL_HANDLER_ARGS)
236{
237 int error, new;
238
239 new = V_tcp_v6mssdflt;
240 error = sysctl_handle_int(oidp, &new, 0, req);
241 if (error == 0 && req->newptr) {
242 if (new < TCP_MINMSS)
243 error = EINVAL;
244 else
245 V_tcp_v6mssdflt = new;
246 }
247 return (error);
248}
249
250SYSCTL_PROC(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt,
251 CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
252 &VNET_NAME(tcp_v6mssdflt), 0, &sysctl_net_inet_tcp_mss_v6_check, "I",
253 "Default TCP Maximum Segment Size for IPv6");
254#endif /* INET6 */
255
256/*
257 * Minimum MSS we accept and use. This prevents DoS attacks where
258 * we are forced to a ridiculous low MSS like 20 and send hundreds
259 * of packets instead of one. The effect scales with the available
260 * bandwidth and quickly saturates the CPU and network interface
261 * with packet generation and sending. Set to zero to disable MINMSS
262 * checking. This setting prevents us from sending too small packets.
263 */
264VNET_DEFINE(int, tcp_minmss) = TCP_MINMSS;
265SYSCTL_INT(_net_inet_tcp, OID_AUTO, minmss, CTLFLAG_VNET | CTLFLAG_RW,
266 &VNET_NAME(tcp_minmss), 0,
267 "Minimum TCP Maximum Segment Size");
268
269VNET_DEFINE(int, tcp_do_rfc1323) = 1;
270SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_VNET | CTLFLAG_RW,
271 &VNET_NAME(tcp_do_rfc1323), 0,
272 "Enable rfc1323 (high performance TCP) extensions");
273
274/*
275 * As of June 2021, several TCP stacks violate RFC 7323 from September 2014.
276 * Some stacks negotiate TS, but never send them after connection setup. Some
277 * stacks negotiate TS, but don't send them when sending keep-alive segments.
278 * These include modern widely deployed TCP stacks.
279 * Therefore tolerating violations for now...
280 */
281VNET_DEFINE(int, tcp_tolerate_missing_ts) = 1;
282SYSCTL_INT(_net_inet_tcp, OID_AUTO, tolerate_missing_ts, CTLFLAG_VNET | CTLFLAG_RW,
283 &VNET_NAME(tcp_tolerate_missing_ts), 0,
284 "Tolerate missing TCP timestamps");
285
286VNET_DEFINE(int, tcp_ts_offset_per_conn) = 1;
287SYSCTL_INT(_net_inet_tcp, OID_AUTO, ts_offset_per_conn, CTLFLAG_VNET | CTLFLAG_RW,
288 &VNET_NAME(tcp_ts_offset_per_conn), 0,
289 "Initialize TCP timestamps per connection instead of per host pair");
290
291/* How many connections are pacing */
292static volatile uint32_t number_of_tcp_connections_pacing = 0;
293static uint32_t shadow_num_connections = 0;
294
295static int tcp_pacing_limit = 10000;
296SYSCTL_INT(_net_inet_tcp, OID_AUTO, pacing_limit, CTLFLAG_RW,
297 &tcp_pacing_limit, 1000,
298 "If the TCP stack does pacing, is there a limit (-1 = no, 0 = no pacing N = number of connections)");
299
300SYSCTL_UINT(_net_inet_tcp, OID_AUTO, pacing_count, CTLFLAG_RD,
301 &shadow_num_connections, 0, "Number of TCP connections being paced");
302
303static int tcp_log_debug = 0;
304SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_debug, CTLFLAG_RW,
305 &tcp_log_debug, 0, "Log errors caused by incoming TCP segments");
306
307static int tcp_tcbhashsize;
308SYSCTL_INT(_net_inet_tcp, OID_AUTO, tcbhashsize, CTLFLAG_RDTUN | CTLFLAG_NOFETCH,
309 &tcp_tcbhashsize, 0, "Size of TCP control-block hashtable");
310
311static int do_tcpdrain = 1;
312SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, &do_tcpdrain, 0,
313 "Enable tcp_drain routine for extra help when low on mbufs");
314
315SYSCTL_UINT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_VNET | CTLFLAG_RD,
316 &VNET_NAME(tcbinfo.ipi_count), 0, "Number of active PCBs");
317
318VNET_DEFINE_STATIC(int, icmp_may_rst) = 1;
319#define V_icmp_may_rst VNET(icmp_may_rst)
320SYSCTL_INT(_net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_VNET | CTLFLAG_RW,
321 &VNET_NAME(icmp_may_rst), 0,
322 "Certain ICMP unreachable messages may abort connections in SYN_SENT");
323
324VNET_DEFINE_STATIC(int, tcp_isn_reseed_interval) = 0;
325#define V_tcp_isn_reseed_interval VNET(tcp_isn_reseed_interval)
326SYSCTL_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_VNET | CTLFLAG_RW,
327 &VNET_NAME(tcp_isn_reseed_interval), 0,
328 "Seconds between reseeding of ISN secret");
329
330static int tcp_soreceive_stream;
331SYSCTL_INT(_net_inet_tcp, OID_AUTO, soreceive_stream, CTLFLAG_RDTUN,
332 &tcp_soreceive_stream, 0, "Using soreceive_stream for TCP sockets");
333
334VNET_DEFINE(uma_zone_t, sack_hole_zone);
335#define V_sack_hole_zone VNET(sack_hole_zone)
336VNET_DEFINE(uint32_t, tcp_map_entries_limit) = 0; /* unlimited */
337static int
338sysctl_net_inet_tcp_map_limit_check(SYSCTL_HANDLER_ARGS)
339{
340 int error;
341 uint32_t new;
342
343 new = V_tcp_map_entries_limit;
344 error = sysctl_handle_int(oidp, &new, 0, req);
345 if (error == 0 && req->newptr) {
346 /* only allow "0" and value > minimum */
347 if (new > 0 && new < TCP_MIN_MAP_ENTRIES_LIMIT)
348 error = EINVAL;
349 else
350 V_tcp_map_entries_limit = new;
351 }
352 return (error);
353}
354SYSCTL_PROC(_net_inet_tcp, OID_AUTO, map_limit,
355 CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
356 &VNET_NAME(tcp_map_entries_limit), 0,
357 &sysctl_net_inet_tcp_map_limit_check, "IU",
358 "Total sendmap entries limit");
359
360VNET_DEFINE(uint32_t, tcp_map_split_limit) = 0; /* unlimited */
361SYSCTL_UINT(_net_inet_tcp, OID_AUTO, split_limit, CTLFLAG_VNET | CTLFLAG_RW,
362 &VNET_NAME(tcp_map_split_limit), 0,
363 "Total sendmap split entries limit");
364
365#ifdef TCP_HHOOK
366VNET_DEFINE(struct hhook_head *, tcp_hhh[HHOOK_TCP_LAST+1]);
367#endif
368
369#define TS_OFFSET_SECRET_LENGTH SIPHASH_KEY_LENGTH
370VNET_DEFINE_STATIC(u_char, ts_offset_secret[TS_OFFSET_SECRET_LENGTH]);
371#define V_ts_offset_secret VNET(ts_offset_secret)
372
373static int tcp_default_fb_init(struct tcpcb *tp);
374static void tcp_default_fb_fini(struct tcpcb *tp, int tcb_is_purged);
375static int tcp_default_handoff_ok(struct tcpcb *tp);
376static struct inpcb *tcp_notify(struct inpcb *, int);
377static struct inpcb *tcp_mtudisc_notify(struct inpcb *, int);
378static struct inpcb *tcp_mtudisc(struct inpcb *, int);
379static char * tcp_log_addr(struct in_conninfo *inc, struct tcphdr *th,
380 void *ip4hdr, const void *ip6hdr);
381
382static struct tcp_function_block tcp_def_funcblk = {
383 .tfb_tcp_block_name = "freebsd",
384 .tfb_tcp_output = tcp_default_output,
385 .tfb_tcp_do_segment = tcp_do_segment,
386 .tfb_tcp_ctloutput = tcp_default_ctloutput,
387 .tfb_tcp_handoff_ok = tcp_default_handoff_ok,
388 .tfb_tcp_fb_init = tcp_default_fb_init,
389 .tfb_tcp_fb_fini = tcp_default_fb_fini,
390};
391
392static int tcp_fb_cnt = 0;
393struct tcp_funchead t_functions;
394static struct tcp_function_block *tcp_func_set_ptr = &tcp_def_funcblk;
395
396void
397tcp_record_dsack(struct tcpcb *tp, tcp_seq start, tcp_seq end, int tlp)
398{
399 TCPSTAT_INC(tcps_dsack_count);
400 tp->t_dsack_pack++;
401 if (tlp == 0) {
402 if (SEQ_GT(end, start)) {
403 tp->t_dsack_bytes += (end - start);
404 TCPSTAT_ADD(tcps_dsack_bytes, (end - start));
405 } else {
406 tp->t_dsack_tlp_bytes += (start - end);
407 TCPSTAT_ADD(tcps_dsack_bytes, (start - end));
408 }
409 } else {
410 if (SEQ_GT(end, start)) {
411 tp->t_dsack_bytes += (end - start);
412 TCPSTAT_ADD(tcps_dsack_tlp_bytes, (end - start));
413 } else {
414 tp->t_dsack_tlp_bytes += (start - end);
415 TCPSTAT_ADD(tcps_dsack_tlp_bytes, (start - end));
416 }
417 }
418}
419
420static struct tcp_function_block *
421find_tcp_functions_locked(struct tcp_function_set *fs)
422{
423 struct tcp_function *f;
424 struct tcp_function_block *blk=NULL;
425
426 TAILQ_FOREACH(f, &t_functions, tf_next) {
427 if (strcmp(f->tf_name, fs->function_set_name) == 0) {
428 blk = f->tf_fb;
429 break;
430 }
431 }
432 return(blk);
433}
434
435static struct tcp_function_block *
436find_tcp_fb_locked(struct tcp_function_block *blk, struct tcp_function **s)
437{
438 struct tcp_function_block *rblk=NULL;
439 struct tcp_function *f;
440
441 TAILQ_FOREACH(f, &t_functions, tf_next) {
442 if (f->tf_fb == blk) {
443 rblk = blk;
444 if (s) {
445 *s = f;
446 }
447 break;
448 }
449 }
450 return (rblk);
451}
452
453struct tcp_function_block *
454find_and_ref_tcp_functions(struct tcp_function_set *fs)
455{
456 struct tcp_function_block *blk;
457
458 rw_rlock(&tcp_function_lock);
459 blk = find_tcp_functions_locked(fs);
460 if (blk)
461 refcount_acquire(&blk->tfb_refcnt);
462 rw_runlock(&tcp_function_lock);
463 return(blk);
464}
465
466struct tcp_function_block *
467find_and_ref_tcp_fb(struct tcp_function_block *blk)
468{
469 struct tcp_function_block *rblk;
470
471 rw_rlock(&tcp_function_lock);
472 rblk = find_tcp_fb_locked(blk, NULL);
473 if (rblk)
474 refcount_acquire(&rblk->tfb_refcnt);
475 rw_runlock(&tcp_function_lock);
476 return(rblk);
477}
478
479/* Find a matching alias for the given tcp_function_block. */
480int
481find_tcp_function_alias(struct tcp_function_block *blk,
482 struct tcp_function_set *fs)
483{
484 struct tcp_function *f;
485 int found;
486
487 found = 0;
488 rw_rlock(&tcp_function_lock);
489 TAILQ_FOREACH(f, &t_functions, tf_next) {
490 if ((f->tf_fb == blk) &&
491 (strncmp(f->tf_name, blk->tfb_tcp_block_name,
492 TCP_FUNCTION_NAME_LEN_MAX) != 0)) {
493 /* Matching function block with different name. */
494 strncpy(fs->function_set_name, f->tf_name,
495 TCP_FUNCTION_NAME_LEN_MAX);
496 found = 1;
497 break;
498 }
499 }
500 /* Null terminate the string appropriately. */
501 if (found) {
502 fs->function_set_name[TCP_FUNCTION_NAME_LEN_MAX - 1] = '\0';
503 } else {
504 fs->function_set_name[0] = '\0';
505 }
506 rw_runlock(&tcp_function_lock);
507 return (found);
508}
509
510static struct tcp_function_block *
511find_and_ref_tcp_default_fb(void)
512{
513 struct tcp_function_block *rblk;
514
515 rw_rlock(&tcp_function_lock);
516 rblk = tcp_func_set_ptr;
517 refcount_acquire(&rblk->tfb_refcnt);
518 rw_runlock(&tcp_function_lock);
519 return (rblk);
520}
521
522void
523tcp_switch_back_to_default(struct tcpcb *tp)
524{
525 struct tcp_function_block *tfb;
526
527 KASSERT(tp->t_fb != &tcp_def_funcblk,
528 ("%s: called by the built-in default stack", __func__));
529
530 /*
531 * Release the old stack. This function will either find a new one
532 * or panic.
533 */
534 if (tp->t_fb->tfb_tcp_fb_fini != NULL)
535 (*tp->t_fb->tfb_tcp_fb_fini)(tp, 0);
536 refcount_release(&tp->t_fb->tfb_refcnt);
537
538 /*
539 * Now, we'll find a new function block to use.
540 * Start by trying the current user-selected
541 * default, unless this stack is the user-selected
542 * default.
543 */
544 tfb = find_and_ref_tcp_default_fb();
545 if (tfb == tp->t_fb) {
546 refcount_release(&tfb->tfb_refcnt);
547 tfb = NULL;
548 }
549 /* Does the stack accept this connection? */
550 if (tfb != NULL && tfb->tfb_tcp_handoff_ok != NULL &&
551 (*tfb->tfb_tcp_handoff_ok)(tp)) {
552 refcount_release(&tfb->tfb_refcnt);
553 tfb = NULL;
554 }
555 /* Try to use that stack. */
556 if (tfb != NULL) {
557 /* Initialize the new stack. If it succeeds, we are done. */
558 tp->t_fb = tfb;
559 if (tp->t_fb->tfb_tcp_fb_init == NULL ||
560 (*tp->t_fb->tfb_tcp_fb_init)(tp) == 0)
561 return;
562
563 /*
564 * Initialization failed. Release the reference count on
565 * the stack.
566 */
567 refcount_release(&tfb->tfb_refcnt);
568 }
569
570 /*
571 * If that wasn't feasible, use the built-in default
572 * stack which is not allowed to reject anyone.
573 */
574 tfb = find_and_ref_tcp_fb(&tcp_def_funcblk);
575 if (tfb == NULL) {
576 /* there always should be a default */
577 panic("Can't refer to tcp_def_funcblk");
578 }
579 if (tfb->tfb_tcp_handoff_ok != NULL) {
580 if ((*tfb->tfb_tcp_handoff_ok) (tp)) {
581 /* The default stack cannot say no */
582 panic("Default stack rejects a new session?");
583 }
584 }
585 tp->t_fb = tfb;
586 if (tp->t_fb->tfb_tcp_fb_init != NULL &&
587 (*tp->t_fb->tfb_tcp_fb_init)(tp)) {
588 /* The default stack cannot fail */
589 panic("Default stack initialization failed");
590 }
591}
592
593static void
594tcp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *inp,
595 const struct sockaddr *sa, void *ctx)
596{
597 struct ip *iph;
598#ifdef INET6
599 struct ip6_hdr *ip6;
600#endif
601 struct udphdr *uh;
602 struct tcphdr *th;
603 int thlen;
604 uint16_t port;
605
606 TCPSTAT_INC(tcps_tunneled_pkts);
607 if ((m->m_flags & M_PKTHDR) == 0) {
608 /* Can't handle one that is not a pkt hdr */
609 TCPSTAT_INC(tcps_tunneled_errs);
610 goto out;
611 }
612 thlen = sizeof(struct tcphdr);
613 if (m->m_len < off + sizeof(struct udphdr) + thlen &&
614 (m = m_pullup(m, off + sizeof(struct udphdr) + thlen)) == NULL) {
615 TCPSTAT_INC(tcps_tunneled_errs);
616 goto out;
617 }
618 iph = mtod(m, struct ip *);
619 uh = (struct udphdr *)((caddr_t)iph + off);
620 th = (struct tcphdr *)(uh + 1);
621 thlen = th->th_off << 2;
622 if (m->m_len < off + sizeof(struct udphdr) + thlen) {
623 m = m_pullup(m, off + sizeof(struct udphdr) + thlen);
624 if (m == NULL) {
625 TCPSTAT_INC(tcps_tunneled_errs);
626 goto out;
627 } else {
628 iph = mtod(m, struct ip *);
629 uh = (struct udphdr *)((caddr_t)iph + off);
630 th = (struct tcphdr *)(uh + 1);
631 }
632 }
633 m->m_pkthdr.tcp_tun_port = port = uh->uh_sport;
634 bcopy(th, uh, m->m_len - off);
635 m->m_len -= sizeof(struct udphdr);
636 m->m_pkthdr.len -= sizeof(struct udphdr);
637 /*
638 * We use the same algorithm for
639 * both UDP and TCP for c-sum. So
640 * the code in tcp_input will skip
641 * the checksum. So we do nothing
642 * with the flag (m->m_pkthdr.csum_flags).
643 */
644 switch (iph->ip_v) {
645#ifdef INET
646 case IPVERSION:
647 iph->ip_len = htons(ntohs(iph->ip_len) - sizeof(struct udphdr));
648 tcp_input_with_port(&m, &off, IPPROTO_TCP, port);
649 break;
650#endif
651#ifdef INET6
652 case IPV6_VERSION >> 4:
653 ip6 = mtod(m, struct ip6_hdr *);
654 ip6->ip6_plen = htons(ntohs(ip6->ip6_plen) - sizeof(struct udphdr));
655 tcp6_input_with_port(&m, &off, IPPROTO_TCP, port);
656 break;
657#endif
658 default:
659 goto out;
660 break;
661 }
662 return;
663out:
664 m_freem(m);
665}
666
667static int
668sysctl_net_inet_default_tcp_functions(SYSCTL_HANDLER_ARGS)
669{
670 int error=ENOENT;
671 struct tcp_function_set fs;
672 struct tcp_function_block *blk;
673
674 memset(&fs, 0, sizeof(fs));
675 rw_rlock(&tcp_function_lock);
676 blk = find_tcp_fb_locked(tcp_func_set_ptr, NULL);
677 if (blk) {
678 /* Found him */
679 strcpy(fs.function_set_name, blk->tfb_tcp_block_name);
680 fs.pcbcnt = blk->tfb_refcnt;
681 }
682 rw_runlock(&tcp_function_lock);
683 error = sysctl_handle_string(oidp, fs.function_set_name,
684 sizeof(fs.function_set_name), req);
685
686 /* Check for error or no change */
687 if (error != 0 || req->newptr == NULL)
688 return(error);
689
690 rw_wlock(&tcp_function_lock);
691 blk = find_tcp_functions_locked(&fs);
692 if ((blk == NULL) ||
693 (blk->tfb_flags & TCP_FUNC_BEING_REMOVED)) {
694 error = ENOENT;
695 goto done;
696 }
697 tcp_func_set_ptr = blk;
698done:
699 rw_wunlock(&tcp_function_lock);
700 return (error);
701}
702
703SYSCTL_PROC(_net_inet_tcp, OID_AUTO, functions_default,
704 CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_NEEDGIANT,
705 NULL, 0, sysctl_net_inet_default_tcp_functions, "A",
706 "Set/get the default TCP functions");
707
708static int
709sysctl_net_inet_list_available(SYSCTL_HANDLER_ARGS)
710{
711 int error, cnt, linesz;
712 struct tcp_function *f;
713 char *buffer, *cp;
714 size_t bufsz, outsz;
715 bool alias;
716
717 cnt = 0;
718 rw_rlock(&tcp_function_lock);
719 TAILQ_FOREACH(f, &t_functions, tf_next) {
720 cnt++;
721 }
722 rw_runlock(&tcp_function_lock);
723
724 bufsz = (cnt+2) * ((TCP_FUNCTION_NAME_LEN_MAX * 2) + 13) + 1;
725 buffer = malloc(bufsz, M_TEMP, M_WAITOK);
726
727 error = 0;
728 cp = buffer;
729
730 linesz = snprintf(cp, bufsz, "\n%-32s%c %-32s %s\n", "Stack", 'D',
731 "Alias", "PCB count");
732 cp += linesz;
733 bufsz -= linesz;
734 outsz = linesz;
735
736 rw_rlock(&tcp_function_lock);
737 TAILQ_FOREACH(f, &t_functions, tf_next) {
738 alias = (f->tf_name != f->tf_fb->tfb_tcp_block_name);
739 linesz = snprintf(cp, bufsz, "%-32s%c %-32s %u\n",
740 f->tf_fb->tfb_tcp_block_name,
741 (f->tf_fb == tcp_func_set_ptr) ? '*' : ' ',
742 alias ? f->tf_name : "-",
743 f->tf_fb->tfb_refcnt);
744 if (linesz >= bufsz) {
745 error = EOVERFLOW;
746 break;
747 }
748 cp += linesz;
749 bufsz -= linesz;
750 outsz += linesz;
751 }
752 rw_runlock(&tcp_function_lock);
753 if (error == 0)
754 error = sysctl_handle_string(oidp, buffer, outsz + 1, req);
755 free(buffer, M_TEMP);
756 return (error);
757}
758
759SYSCTL_PROC(_net_inet_tcp, OID_AUTO, functions_available,
760 CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_NEEDGIANT,
761 NULL, 0, sysctl_net_inet_list_available, "A",
762 "list available TCP Function sets");
763
764VNET_DEFINE(int, tcp_udp_tunneling_port) = TCP_TUNNELING_PORT_DEFAULT;
765
766#ifdef INET
767VNET_DEFINE(struct socket *, udp4_tun_socket) = NULL;
768#define V_udp4_tun_socket VNET(udp4_tun_socket)
769#endif
770#ifdef INET6
771VNET_DEFINE(struct socket *, udp6_tun_socket) = NULL;
772#define V_udp6_tun_socket VNET(udp6_tun_socket)
773#endif
774
775static void
776tcp_over_udp_stop(void)
777{
778 /*
779 * This function assumes sysctl caller holds inp_rinfo_lock()
780 * for writing!
781 */
782#ifdef INET
783 if (V_udp4_tun_socket != NULL) {
784 soclose(V_udp4_tun_socket);
785 V_udp4_tun_socket = NULL;
786 }
787#endif
788#ifdef INET6
789 if (V_udp6_tun_socket != NULL) {
790 soclose(V_udp6_tun_socket);
791 V_udp6_tun_socket = NULL;
792 }
793#endif
794}
795
796static int
797tcp_over_udp_start(void)
798{
799 uint16_t port;
800 int ret;
801#ifdef INET
802 struct sockaddr_in sin;
803#endif
804#ifdef INET6
805 struct sockaddr_in6 sin6;
806#endif
807 /*
808 * This function assumes sysctl caller holds inp_info_rlock()
809 * for writing!
810 */
811 port = V_tcp_udp_tunneling_port;
812 if (ntohs(port) == 0) {
813 /* Must have a port set */
814 return (EINVAL);
815 }
816#ifdef INET
817 if (V_udp4_tun_socket != NULL) {
818 /* Already running -- must stop first */
819 return (EALREADY);
820 }
821#endif
822#ifdef INET6
823 if (V_udp6_tun_socket != NULL) {
824 /* Already running -- must stop first */
825 return (EALREADY);
826 }
827#endif
828#ifdef INET
829 if ((ret = socreate(PF_INET, &V_udp4_tun_socket,
830 SOCK_DGRAM, IPPROTO_UDP,
831 curthread->td_ucred, curthread))) {
832 tcp_over_udp_stop();
833 return (ret);
834 }
835 /* Call the special UDP hook. */
836 if ((ret = udp_set_kernel_tunneling(V_udp4_tun_socket,
837 tcp_recv_udp_tunneled_packet,
838 tcp_ctlinput_viaudp,
839 NULL))) {
840 tcp_over_udp_stop();
841 return (ret);
842 }
843 /* Ok, we have a socket, bind it to the port. */
844 memset(&sin, 0, sizeof(struct sockaddr_in));
845 sin.sin_len = sizeof(struct sockaddr_in);
846 sin.sin_family = AF_INET;
847 sin.sin_port = htons(port);
848 if ((ret = sobind(V_udp4_tun_socket,
849 (struct sockaddr *)&sin, curthread))) {
850 tcp_over_udp_stop();
851 return (ret);
852 }
853#endif
854#ifdef INET6
855 if ((ret = socreate(PF_INET6, &V_udp6_tun_socket,
856 SOCK_DGRAM, IPPROTO_UDP,
857 curthread->td_ucred, curthread))) {
858 tcp_over_udp_stop();
859 return (ret);
860 }
861 /* Call the special UDP hook. */
862 if ((ret = udp_set_kernel_tunneling(V_udp6_tun_socket,
863 tcp_recv_udp_tunneled_packet,
864 tcp6_ctlinput_viaudp,
865 NULL))) {
866 tcp_over_udp_stop();
867 return (ret);
868 }
869 /* Ok, we have a socket, bind it to the port. */
870 memset(&sin6, 0, sizeof(struct sockaddr_in6));
871 sin6.sin6_len = sizeof(struct sockaddr_in6);
872 sin6.sin6_family = AF_INET6;
873 sin6.sin6_port = htons(port);
874 if ((ret = sobind(V_udp6_tun_socket,
875 (struct sockaddr *)&sin6, curthread))) {
876 tcp_over_udp_stop();
877 return (ret);
878 }
879#endif
880 return (0);
881}
882
883static int
884sysctl_net_inet_tcp_udp_tunneling_port_check(SYSCTL_HANDLER_ARGS)
885{
886 int error;
887 uint32_t old, new;
888
889 old = V_tcp_udp_tunneling_port;
890 new = old;
891 error = sysctl_handle_int(oidp, &new, 0, req);
892 if ((error == 0) &&
893 (req->newptr != NULL)) {
894 if ((new < TCP_TUNNELING_PORT_MIN) ||
895 (new > TCP_TUNNELING_PORT_MAX)) {
896 error = EINVAL;
897 } else {
898 V_tcp_udp_tunneling_port = new;
899 if (old != 0) {
900 tcp_over_udp_stop();
901 }
902 if (new != 0) {
903 error = tcp_over_udp_start();
904 }
905 }
906 }
907 return (error);
908}
909
910SYSCTL_PROC(_net_inet_tcp, OID_AUTO, udp_tunneling_port,
911 CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
912 &VNET_NAME(tcp_udp_tunneling_port),
913 0, &sysctl_net_inet_tcp_udp_tunneling_port_check, "IU",
914 "Tunneling port for tcp over udp");
915
916VNET_DEFINE(int, tcp_udp_tunneling_overhead) = TCP_TUNNELING_OVERHEAD_DEFAULT;
917
918static int
919sysctl_net_inet_tcp_udp_tunneling_overhead_check(SYSCTL_HANDLER_ARGS)
920{
921 int error, new;
922
923 new = V_tcp_udp_tunneling_overhead;
924 error = sysctl_handle_int(oidp, &new, 0, req);
925 if (error == 0 && req->newptr) {
926 if ((new < TCP_TUNNELING_OVERHEAD_MIN) ||
927 (new > TCP_TUNNELING_OVERHEAD_MAX))
928 error = EINVAL;
929 else
930 V_tcp_udp_tunneling_overhead = new;
931 }
932 return (error);
933}
934
935SYSCTL_PROC(_net_inet_tcp, OID_AUTO, udp_tunneling_overhead,
936 CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
937 &VNET_NAME(tcp_udp_tunneling_overhead),
938 0, &sysctl_net_inet_tcp_udp_tunneling_overhead_check, "IU",
939 "MSS reduction when using tcp over udp");
940
941/*
942 * Exports one (struct tcp_function_info) for each alias/name.
943 */
944static int
945sysctl_net_inet_list_func_info(SYSCTL_HANDLER_ARGS)
946{
947 int cnt, error;
948 struct tcp_function *f;
949 struct tcp_function_info tfi;
950
951 /*
952 * We don't allow writes.
953 */
954 if (req->newptr != NULL)
955 return (EINVAL);
956
957 /*
958 * Wire the old buffer so we can directly copy the functions to
959 * user space without dropping the lock.
960 */
961 if (req->oldptr != NULL) {
962 error = sysctl_wire_old_buffer(req, 0);
963 if (error)
964 return (error);
965 }
966
967 /*
968 * Walk the list and copy out matching entries. If INVARIANTS
969 * is compiled in, also walk the list to verify the length of
970 * the list matches what we have recorded.
971 */
972 rw_rlock(&tcp_function_lock);
973
974 cnt = 0;
975#ifndef INVARIANTS
976 if (req->oldptr == NULL) {
977 cnt = tcp_fb_cnt;
978 goto skip_loop;
979 }
980#endif
981 TAILQ_FOREACH(f, &t_functions, tf_next) {
982#ifdef INVARIANTS
983 cnt++;
984#endif
985 if (req->oldptr != NULL) {
986 bzero(&tfi, sizeof(tfi));
987 tfi.tfi_refcnt = f->tf_fb->tfb_refcnt;
988 tfi.tfi_id = f->tf_fb->tfb_id;
989 (void)strlcpy(tfi.tfi_alias, f->tf_name,
990 sizeof(tfi.tfi_alias));
991 (void)strlcpy(tfi.tfi_name,
992 f->tf_fb->tfb_tcp_block_name, sizeof(tfi.tfi_name));
993 error = SYSCTL_OUT(req, &tfi, sizeof(tfi));
994 /*
995 * Don't stop on error, as that is the
996 * mechanism we use to accumulate length
997 * information if the buffer was too short.
998 */
999 }
1000 }
1001 KASSERT(cnt == tcp_fb_cnt,
1002 ("%s: cnt (%d) != tcp_fb_cnt (%d)", __func__, cnt, tcp_fb_cnt));
1003#ifndef INVARIANTS
1004skip_loop:
1005#endif
1006 rw_runlock(&tcp_function_lock);
1007 if (req->oldptr == NULL)
1008 error = SYSCTL_OUT(req, NULL,
1009 (cnt + 1) * sizeof(struct tcp_function_info));
1010
1011 return (error);
1012}
1013
1014SYSCTL_PROC(_net_inet_tcp, OID_AUTO, function_info,
1015 CTLTYPE_OPAQUE | CTLFLAG_SKIP | CTLFLAG_RD | CTLFLAG_MPSAFE,
1016 NULL, 0, sysctl_net_inet_list_func_info, "S,tcp_function_info",
1017 "List TCP function block name-to-ID mappings");
1018
1019/*
1020 * tfb_tcp_handoff_ok() function for the default stack.
1021 * Note that we'll basically try to take all comers.
1022 */
1023static int
1024tcp_default_handoff_ok(struct tcpcb *tp)
1025{
1026
1027 return (0);
1028}
1029
1030/*
1031 * tfb_tcp_fb_init() function for the default stack.
1032 *
1033 * This handles making sure we have appropriate timers set if you are
1034 * transitioning a socket that has some amount of setup done.
1035 *
1036 * The init() fuction from the default can *never* return non-zero i.e.
1037 * it is required to always succeed since it is the stack of last resort!
1038 */
1039static int
1040tcp_default_fb_init(struct tcpcb *tp)
1041{
1042
1043 struct socket *so;
1044
1045 INP_WLOCK_ASSERT(tp->t_inpcb);
1046
1047 KASSERT(tp->t_state >= 0 && tp->t_state < TCPS_TIME_WAIT,
1048 ("%s: connection %p in unexpected state %d", __func__, tp,
1049 tp->t_state));
1050
1051 /*
1052 * Nothing to do for ESTABLISHED or LISTEN states. And, we don't
1053 * know what to do for unexpected states (which includes TIME_WAIT).
1054 */
1055 if (tp->t_state <= TCPS_LISTEN || tp->t_state >= TCPS_TIME_WAIT)
1056 return (0);
1057
1058 /*
1059 * Make sure some kind of transmission timer is set if there is
1060 * outstanding data.
1061 */
1062 so = tp->t_inpcb->inp_socket;
1063 if ((!TCPS_HAVEESTABLISHED(tp->t_state) || sbavail(&so->so_snd) ||
1064 tp->snd_una != tp->snd_max) && !(tcp_timer_active(tp, TT_REXMT) ||
1065 tcp_timer_active(tp, TT_PERSIST))) {
1066 /*
1067 * If the session has established and it looks like it should
1068 * be in the persist state, set the persist timer. Otherwise,
1069 * set the retransmit timer.
1070 */
1071 if (TCPS_HAVEESTABLISHED(tp->t_state) && tp->snd_wnd == 0 &&
1072 (int32_t)(tp->snd_nxt - tp->snd_una) <
1073 (int32_t)sbavail(&so->so_snd))
1074 tcp_setpersist(tp);
1075 else
1076 tcp_timer_activate(tp, TT_REXMT, tp->t_rxtcur);
1077 }
1078
1079 /* All non-embryonic sessions get a keepalive timer. */
1080 if (!tcp_timer_active(tp, TT_KEEP))
1081 tcp_timer_activate(tp, TT_KEEP,
1082 TCPS_HAVEESTABLISHED(tp->t_state) ? TP_KEEPIDLE(tp) :
1083 TP_KEEPINIT(tp));
1084
1085 /*
1086 * Make sure critical variables are initialized
1087 * if transitioning while in Recovery.
1088 */
1089 if IN_FASTRECOVERY(tp->t_flags) {
1090 if (tp->sackhint.recover_fs == 0)
1091 tp->sackhint.recover_fs = max(1,
1092 tp->snd_nxt - tp->snd_una);
1093 }
1094
1095 return (0);
1096}
1097
1098/*
1099 * tfb_tcp_fb_fini() function for the default stack.
1100 *
1101 * This changes state as necessary (or prudent) to prepare for another stack
1102 * to assume responsibility for the connection.
1103 */
1104static void
1105tcp_default_fb_fini(struct tcpcb *tp, int tcb_is_purged)
1106{
1107
1108 INP_WLOCK_ASSERT(tp->t_inpcb);
1109 return;
1110}
1111
1112/*
1113 * Target size of TCP PCB hash tables. Must be a power of two.
1114 *
1115 * Note that this can be overridden by the kernel environment
1116 * variable net.inet.tcp.tcbhashsize
1117 */
1118#ifndef TCBHASHSIZE
1119#define TCBHASHSIZE 0
1120#endif
1121
1122/*
1123 * XXX
1124 * Callouts should be moved into struct tcp directly. They are currently
1125 * separate because the tcpcb structure is exported to userland for sysctl
1126 * parsing purposes, which do not know about callouts.
1127 */
1128struct tcpcb_mem {
1129 struct tcpcb tcb;
1130 struct tcp_timer tt;
1131 struct cc_var ccv;
1132#ifdef TCP_HHOOK
1133 struct osd osd;
1134#endif
1135};
1136
1137VNET_DEFINE_STATIC(uma_zone_t, tcpcb_zone);
1138#define V_tcpcb_zone VNET(tcpcb_zone)
1139
1140MALLOC_DEFINE(M_TCPLOG, "tcplog", "TCP address and flags print buffers");
1141MALLOC_DEFINE(M_TCPFUNCTIONS, "tcpfunc", "TCP function set memory");
1142
1143static struct mtx isn_mtx;
1144
1145#define ISN_LOCK_INIT() mtx_init(&isn_mtx, "isn_mtx", NULL, MTX_DEF)
1146#define ISN_LOCK() mtx_lock(&isn_mtx)
1147#define ISN_UNLOCK() mtx_unlock(&isn_mtx)
1148
1149INPCBSTORAGE_DEFINE(tcpcbstor, "tcpinp", "tcp_inpcb", "tcp", "tcphash");
1150
1151/*
1152 * Take a value and get the next power of 2 that doesn't overflow.
1153 * Used to size the tcp_inpcb hash buckets.
1154 */
1155static int
1156maketcp_hashsize(int size)
1157{
1158 int hashsize;
1159
1160 /*
1161 * auto tune.
1162 * get the next power of 2 higher than maxsockets.
1163 */
1164 hashsize = 1 << fls(size);
1165 /* catch overflow, and just go one power of 2 smaller */
1166 if (hashsize < size) {
1167 hashsize = 1 << (fls(size) - 1);
1168 }
1169 return (hashsize);
1170}
1171
1172static volatile int next_tcp_stack_id = 1;
1173
1174/*
1175 * Register a TCP function block with the name provided in the names
1176 * array. (Note that this function does NOT automatically register
1177 * blk->tfb_tcp_block_name as a stack name. Therefore, you should
1178 * explicitly include blk->tfb_tcp_block_name in the list of names if
1179 * you wish to register the stack with that name.)
1180 *
1181 * Either all name registrations will succeed or all will fail. If
1182 * a name registration fails, the function will update the num_names
1183 * argument to point to the array index of the name that encountered
1184 * the failure.
1185 *
1186 * Returns 0 on success, or an error code on failure.
1187 */
1188int
1189register_tcp_functions_as_names(struct tcp_function_block *blk, int wait,
1190 const char *names[], int *num_names)
1191{
1192 struct tcp_function *n;
1193 struct tcp_function_set fs;
1194 int error, i;
1195
1196 KASSERT(names != NULL && *num_names > 0,
1197 ("%s: Called with 0-length name list", __func__));
1198 KASSERT(names != NULL, ("%s: Called with NULL name list", __func__));
1199 KASSERT(rw_initialized(&tcp_function_lock),
1200 ("%s: called too early", __func__));
1201
1202 if ((blk->tfb_tcp_output == NULL) ||
1203 (blk->tfb_tcp_do_segment == NULL) ||
1204 (blk->tfb_tcp_ctloutput == NULL) ||
1205 (strlen(blk->tfb_tcp_block_name) == 0)) {
1206 /*
1207 * These functions are required and you
1208 * need a name.
1209 */
1210 *num_names = 0;
1211 return (EINVAL);
1212 }
1213 if (blk->tfb_tcp_timer_stop_all ||
1214 blk->tfb_tcp_timer_activate ||
1215 blk->tfb_tcp_timer_active ||
1216 blk->tfb_tcp_timer_stop) {
1217 /*
1218 * If you define one timer function you
1219 * must have them all.
1220 */
1221 if ((blk->tfb_tcp_timer_stop_all == NULL) ||
1222 (blk->tfb_tcp_timer_activate == NULL) ||
1223 (blk->tfb_tcp_timer_active == NULL) ||
1224 (blk->tfb_tcp_timer_stop == NULL)) {
1225 *num_names = 0;
1226 return (EINVAL);
1227 }
1228 }
1229
1230 if (blk->tfb_flags & TCP_FUNC_BEING_REMOVED) {
1231 *num_names = 0;
1232 return (EINVAL);
1233 }
1234
1235 refcount_init(&blk->tfb_refcnt, 0);
1236 blk->tfb_id = atomic_fetchadd_int(&next_tcp_stack_id, 1);
1237 for (i = 0; i < *num_names; i++) {
1238 n = malloc(sizeof(struct tcp_function), M_TCPFUNCTIONS, wait);
1239 if (n == NULL) {
1240 error = ENOMEM;
1241 goto cleanup;
1242 }
1243 n->tf_fb = blk;
1244
1245 (void)strlcpy(fs.function_set_name, names[i],
1246 sizeof(fs.function_set_name));
1247 rw_wlock(&tcp_function_lock);
1248 if (find_tcp_functions_locked(&fs) != NULL) {
1249 /* Duplicate name space not allowed */
1250 rw_wunlock(&tcp_function_lock);
1251 free(n, M_TCPFUNCTIONS);
1252 error = EALREADY;
1253 goto cleanup;
1254 }
1255 (void)strlcpy(n->tf_name, names[i], sizeof(n->tf_name));
1256 TAILQ_INSERT_TAIL(&t_functions, n, tf_next);
1257 tcp_fb_cnt++;
1258 rw_wunlock(&tcp_function_lock);
1259 }
1260 return(0);
1261
1262cleanup:
1263 /*
1264 * Deregister the names we just added. Because registration failed
1265 * for names[i], we don't need to deregister that name.
1266 */
1267 *num_names = i;
1268 rw_wlock(&tcp_function_lock);
1269 while (--i >= 0) {
1270 TAILQ_FOREACH(n, &t_functions, tf_next) {
1271 if (!strncmp(n->tf_name, names[i],
1272 TCP_FUNCTION_NAME_LEN_MAX)) {
1273 TAILQ_REMOVE(&t_functions, n, tf_next);
1274 tcp_fb_cnt--;
1275 n->tf_fb = NULL;
1276 free(n, M_TCPFUNCTIONS);
1277 break;
1278 }
1279 }
1280 }
1281 rw_wunlock(&tcp_function_lock);
1282 return (error);
1283}
1284
1285/*
1286 * Register a TCP function block using the name provided in the name
1287 * argument.
1288 *
1289 * Returns 0 on success, or an error code on failure.
1290 */
1291int
1292register_tcp_functions_as_name(struct tcp_function_block *blk, const char *name,
1293 int wait)
1294{
1295 const char *name_list[1];
1296 int num_names, rv;
1297
1298 num_names = 1;
1299 if (name != NULL)
1300 name_list[0] = name;
1301 else
1302 name_list[0] = blk->tfb_tcp_block_name;
1303 rv = register_tcp_functions_as_names(blk, wait, name_list, &num_names);
1304 return (rv);
1305}
1306
1307/*
1308 * Register a TCP function block using the name defined in
1309 * blk->tfb_tcp_block_name.
1310 *
1311 * Returns 0 on success, or an error code on failure.
1312 */
1313int
1314register_tcp_functions(struct tcp_function_block *blk, int wait)
1315{
1316
1317 return (register_tcp_functions_as_name(blk, NULL, wait));
1318}
1319
1320/*
1321 * Deregister all names associated with a function block. This
1322 * functionally removes the function block from use within the system.
1323 *
1324 * When called with a true quiesce argument, mark the function block
1325 * as being removed so no more stacks will use it and determine
1326 * whether the removal would succeed.
1327 *
1328 * When called with a false quiesce argument, actually attempt the
1329 * removal.
1330 *
1331 * When called with a force argument, attempt to switch all TCBs to
1332 * use the default stack instead of returning EBUSY.
1333 *
1334 * Returns 0 on success (or if the removal would succeed, or an error
1335 * code on failure.
1336 */
1337int
1338deregister_tcp_functions(struct tcp_function_block *blk, bool quiesce,
1339 bool force)
1340{
1341 struct tcp_function *f;
1342
1343 if (blk == &tcp_def_funcblk) {
1344 /* You can't un-register the default */
1345 return (EPERM);
1346 }
1347 rw_wlock(&tcp_function_lock);
1348 if (blk == tcp_func_set_ptr) {
1349 /* You can't free the current default */
1350 rw_wunlock(&tcp_function_lock);
1351 return (EBUSY);
1352 }
1353 /* Mark the block so no more stacks can use it. */
1354 blk->tfb_flags |= TCP_FUNC_BEING_REMOVED;
1355 /*
1356 * If TCBs are still attached to the stack, attempt to switch them
1357 * to the default stack.
1358 */
1359 if (force && blk->tfb_refcnt) {
1360 struct inpcb_iterator inpi = INP_ALL_ITERATOR(&V_tcbinfo,
1361 INPLOOKUP_WLOCKPCB);
1362 struct inpcb *inp;
1363 struct tcpcb *tp;
1364 VNET_ITERATOR_DECL(vnet_iter);
1365
1366 rw_wunlock(&tcp_function_lock);
1367
1368 VNET_LIST_RLOCK();
1369 VNET_FOREACH(vnet_iter) {
1370 CURVNET_SET(vnet_iter);
1371 while ((inp = inp_next(&inpi)) != NULL) {
1372 if (inp->inp_flags & INP_TIMEWAIT)
1373 continue;
1374 tp = intotcpcb(inp);
1375 if (tp == NULL || tp->t_fb != blk)
1376 continue;
1377 tcp_switch_back_to_default(tp);
1378 }
1379 CURVNET_RESTORE();
1380 }
1381 VNET_LIST_RUNLOCK();
1382
1383 rw_wlock(&tcp_function_lock);
1384 }
1385 if (blk->tfb_refcnt) {
1386 /* TCBs still attached. */
1387 rw_wunlock(&tcp_function_lock);
1388 return (EBUSY);
1389 }
1390 if (quiesce) {
1391 /* Skip removal. */
1392 rw_wunlock(&tcp_function_lock);
1393 return (0);
1394 }
1395 /* Remove any function names that map to this function block. */
1396 while (find_tcp_fb_locked(blk, &f) != NULL) {
1397 TAILQ_REMOVE(&t_functions, f, tf_next);
1398 tcp_fb_cnt--;
1399 f->tf_fb = NULL;
1400 free(f, M_TCPFUNCTIONS);
1401 }
1402 rw_wunlock(&tcp_function_lock);
1403 return (0);
1404}
1405
1406static void
1407tcp_vnet_init(void *arg __unused)
1408{
1409
1410#ifdef TCP_HHOOK
1411 if (hhook_head_register(HHOOK_TYPE_TCP, HHOOK_TCP_EST_IN,
1412 &V_tcp_hhh[HHOOK_TCP_EST_IN], HHOOK_NOWAIT|HHOOK_HEADISINVNET) != 0)
1413 printf("%s: WARNING: unable to register helper hook\n", __func__);
1414 if (hhook_head_register(HHOOK_TYPE_TCP, HHOOK_TCP_EST_OUT,
1415 &V_tcp_hhh[HHOOK_TCP_EST_OUT], HHOOK_NOWAIT|HHOOK_HEADISINVNET) != 0)
1416 printf("%s: WARNING: unable to register helper hook\n", __func__);
1417#endif
1418#ifdef STATS
1419 if (tcp_stats_init())
1420 printf("%s: WARNING: unable to initialise TCP stats\n",
1421 __func__);
1422#endif
1423 in_pcbinfo_init(&V_tcbinfo, &tcpcbstor, tcp_tcbhashsize,
1424 tcp_tcbhashsize);
1425
1426 /*
1427 * These have to be type stable for the benefit of the timers.
1428 */
1429 V_tcpcb_zone = uma_zcreate("tcpcb", sizeof(struct tcpcb_mem),
1430 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1431 uma_zone_set_max(V_tcpcb_zone, maxsockets);
1432 uma_zone_set_warning(V_tcpcb_zone, "kern.ipc.maxsockets limit reached");
1433
1434 tcp_tw_init();
1435 syncache_init();
1436 tcp_hc_init();
1437
1438 TUNABLE_INT_FETCH("net.inet.tcp.sack.enable", &V_tcp_do_sack);
1439 V_sack_hole_zone = uma_zcreate("sackhole", sizeof(struct sackhole),
1440 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1441
1442 tcp_fastopen_init();
1443
1444 COUNTER_ARRAY_ALLOC(V_tcps_states, TCP_NSTATES, M_WAITOK);
1445 VNET_PCPUSTAT_ALLOC(tcpstat, M_WAITOK);
1446
1447 V_tcp_msl = TCPTV_MSL;
1448}
1449VNET_SYSINIT(tcp_vnet_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FOURTH,
1450 tcp_vnet_init, NULL);
1451
1452static void
1453tcp_init(void *arg __unused)
1454{
1455 const char *tcbhash_tuneable;
1456 int hashsize;
1457
1458 tcp_reass_global_init();
1459
1460 /* XXX virtualize those below? */
1461 tcp_delacktime = TCPTV_DELACK;
1462 tcp_keepinit = TCPTV_KEEP_INIT;
1463 tcp_keepidle = TCPTV_KEEP_IDLE;
1464 tcp_keepintvl = TCPTV_KEEPINTVL;
1465 tcp_maxpersistidle = TCPTV_KEEP_IDLE;
1466 tcp_rexmit_initial = TCPTV_RTOBASE;
1467 if (tcp_rexmit_initial < 1)
1468 tcp_rexmit_initial = 1;
1469 tcp_rexmit_min = TCPTV_MIN;
1470 if (tcp_rexmit_min < 1)
1471 tcp_rexmit_min = 1;
1472 tcp_persmin = TCPTV_PERSMIN;
1473 tcp_persmax = TCPTV_PERSMAX;
1474 tcp_rexmit_slop = TCPTV_CPU_VAR;
1475 tcp_finwait2_timeout = TCPTV_FINWAIT2_TIMEOUT;
1476
1477 /* Setup the tcp function block list */
1478 TAILQ_INIT(&t_functions);
1479 rw_init(&tcp_function_lock, "tcp_func_lock");
1480 register_tcp_functions(&tcp_def_funcblk, M_WAITOK);
1481#ifdef TCP_BLACKBOX
1482 /* Initialize the TCP logging data. */
1483 tcp_log_init();
1484#endif
1485 arc4rand(&V_ts_offset_secret, sizeof(V_ts_offset_secret), 0);
1486
1487 if (tcp_soreceive_stream) {
1488#ifdef INET
1489 tcp_usrreqs.pru_soreceive = soreceive_stream;
1490#endif
1491#ifdef INET6
1492 tcp6_usrreqs.pru_soreceive = soreceive_stream;
1493#endif /* INET6 */
1494 }
1495
1496#ifdef INET6
1497#define TCP_MINPROTOHDR (sizeof(struct ip6_hdr) + sizeof(struct tcphdr))
1498#else /* INET6 */
1499#define TCP_MINPROTOHDR (sizeof(struct tcpiphdr))
1500#endif /* INET6 */
1501 if (max_protohdr < TCP_MINPROTOHDR)
1502 max_protohdr = TCP_MINPROTOHDR;
1503 if (max_linkhdr + TCP_MINPROTOHDR > MHLEN)
1504 panic("tcp_init");
1505#undef TCP_MINPROTOHDR
1506
1507 ISN_LOCK_INIT();
1508 EVENTHANDLER_REGISTER(shutdown_pre_sync, tcp_fini, NULL,
1509 SHUTDOWN_PRI_DEFAULT);
1510
1511 tcp_inp_lro_direct_queue = counter_u64_alloc(M_WAITOK);
1512 tcp_inp_lro_wokeup_queue = counter_u64_alloc(M_WAITOK);
1513 tcp_inp_lro_compressed = counter_u64_alloc(M_WAITOK);
1514 tcp_inp_lro_locks_taken = counter_u64_alloc(M_WAITOK);
1515 tcp_extra_mbuf = counter_u64_alloc(M_WAITOK);
1516 tcp_would_have_but = counter_u64_alloc(M_WAITOK);
1517 tcp_comp_total = counter_u64_alloc(M_WAITOK);
1518 tcp_uncomp_total = counter_u64_alloc(M_WAITOK);
1519 tcp_bad_csums = counter_u64_alloc(M_WAITOK);
1520#ifdef TCPPCAP
1521 tcp_pcap_init();
1522#endif
1523
1524 hashsize = TCBHASHSIZE;
1525 tcbhash_tuneable = "net.inet.tcp.tcbhashsize";
1526 TUNABLE_INT_FETCH(tcbhash_tuneable, &hashsize);
1527 if (hashsize == 0) {
1528 /*
1529 * Auto tune the hash size based on maxsockets.
1530 * A perfect hash would have a 1:1 mapping
1531 * (hashsize = maxsockets) however it's been
1532 * suggested that O(2) average is better.
1533 */
1534 hashsize = maketcp_hashsize(maxsockets / 4);
1535 /*
1536 * Our historical default is 512,
1537 * do not autotune lower than this.
1538 */
1539 if (hashsize < 512)
1540 hashsize = 512;
1541 if (bootverbose)
1542 printf("%s: %s auto tuned to %d\n", __func__,
1543 tcbhash_tuneable, hashsize);
1544 }
1545 /*
1546 * We require a hashsize to be a power of two.
1547 * Previously if it was not a power of two we would just reset it
1548 * back to 512, which could be a nasty surprise if you did not notice
1549 * the error message.
1550 * Instead what we do is clip it to the closest power of two lower
1551 * than the specified hash value.
1552 */
1553 if (!powerof2(hashsize)) {
1554 int oldhashsize = hashsize;
1555
1556 hashsize = maketcp_hashsize(hashsize);
1557 /* prevent absurdly low value */
1558 if (hashsize < 16)
1559 hashsize = 16;
1560 printf("%s: WARNING: TCB hash size not a power of 2, "
1561 "clipped from %d to %d.\n", __func__, oldhashsize,
1562 hashsize);
1563 }
1564 tcp_tcbhashsize = hashsize;
1565}
1566SYSINIT(tcp_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, tcp_init, NULL);
1567
1568#ifdef VIMAGE
1569static void
1570tcp_destroy(void *unused __unused)
1571{
1572 int n;
1573#ifdef TCP_HHOOK
1574 int error;
1575#endif
1576
1577 /*
1578 * All our processes are gone, all our sockets should be cleaned
1579 * up, which means, we should be past the tcp_discardcb() calls.
1580 * Sleep to let all tcpcb timers really disappear and cleanup.
1581 */
1582 for (;;) {
1583 INP_INFO_WLOCK(&V_tcbinfo);
1584 n = V_tcbinfo.ipi_count;
1585 INP_INFO_WUNLOCK(&V_tcbinfo);
1586 if (n == 0)
1587 break;
1588 pause("tcpdes", hz / 10);
1589 }
1590 tcp_hc_destroy();
1591 syncache_destroy();
1592 tcp_tw_destroy();
1593 in_pcbinfo_destroy(&V_tcbinfo);
1594 /* tcp_discardcb() clears the sack_holes up. */
1595 uma_zdestroy(V_sack_hole_zone);
1596 uma_zdestroy(V_tcpcb_zone);
1597
1598 /*
1599 * Cannot free the zone until all tcpcbs are released as we attach
1600 * the allocations to them.
1601 */
1602 tcp_fastopen_destroy();
1603
1604 COUNTER_ARRAY_FREE(V_tcps_states, TCP_NSTATES);
1605 VNET_PCPUSTAT_FREE(tcpstat);
1606
1607#ifdef TCP_HHOOK
1608 error = hhook_head_deregister(V_tcp_hhh[HHOOK_TCP_EST_IN]);
1609 if (error != 0) {
1610 printf("%s: WARNING: unable to deregister helper hook "
1611 "type=%d, id=%d: error %d returned\n", __func__,
1612 HHOOK_TYPE_TCP, HHOOK_TCP_EST_IN, error);
1613 }
1614 error = hhook_head_deregister(V_tcp_hhh[HHOOK_TCP_EST_OUT]);
1615 if (error != 0) {
1616 printf("%s: WARNING: unable to deregister helper hook "
1617 "type=%d, id=%d: error %d returned\n", __func__,
1618 HHOOK_TYPE_TCP, HHOOK_TCP_EST_OUT, error);
1619 }
1620#endif
1621}
1622VNET_SYSUNINIT(tcp, SI_SUB_PROTO_DOMAIN, SI_ORDER_FOURTH, tcp_destroy, NULL);
1623#endif
1624
1625void
1626tcp_fini(void *xtp)
1627{
1628
1629}
1630
1631/*
1632 * Fill in the IP and TCP headers for an outgoing packet, given the tcpcb.
1633 * tcp_template used to store this data in mbufs, but we now recopy it out
1634 * of the tcpcb each time to conserve mbufs.
1635 */
1636void
1637tcpip_fillheaders(struct inpcb *inp, uint16_t port, void *ip_ptr, void *tcp_ptr)
1638{
1639 struct tcphdr *th = (struct tcphdr *)tcp_ptr;
1640
1641 INP_WLOCK_ASSERT(inp);
1642
1643#ifdef INET6
1644 if ((inp->inp_vflag & INP_IPV6) != 0) {
1645 struct ip6_hdr *ip6;
1646
1647 ip6 = (struct ip6_hdr *)ip_ptr;
1648 ip6->ip6_flow = (ip6->ip6_flow & ~IPV6_FLOWINFO_MASK) |
1649 (inp->inp_flow & IPV6_FLOWINFO_MASK);
1650 ip6->ip6_vfc = (ip6->ip6_vfc & ~IPV6_VERSION_MASK) |
1651 (IPV6_VERSION & IPV6_VERSION_MASK);
1652 if (port == 0)
1653 ip6->ip6_nxt = IPPROTO_TCP;
1654 else
1655 ip6->ip6_nxt = IPPROTO_UDP;
1656 ip6->ip6_plen = htons(sizeof(struct tcphdr));
1657 ip6->ip6_src = inp->in6p_laddr;
1658 ip6->ip6_dst = inp->in6p_faddr;
1659 }
1660#endif /* INET6 */
1661#if defined(INET6) && defined(INET)
1662 else
1663#endif
1664#ifdef INET
1665 {
1666 struct ip *ip;
1667
1668 ip = (struct ip *)ip_ptr;
1669 ip->ip_v = IPVERSION;
1670 ip->ip_hl = 5;
1671 ip->ip_tos = inp->inp_ip_tos;
1672 ip->ip_len = 0;
1673 ip->ip_id = 0;
1674 ip->ip_off = 0;
1675 ip->ip_ttl = inp->inp_ip_ttl;
1676 ip->ip_sum = 0;
1677 if (port == 0)
1678 ip->ip_p = IPPROTO_TCP;
1679 else
1680 ip->ip_p = IPPROTO_UDP;
1681 ip->ip_src = inp->inp_laddr;
1682 ip->ip_dst = inp->inp_faddr;
1683 }
1684#endif /* INET */
1685 th->th_sport = inp->inp_lport;
1686 th->th_dport = inp->inp_fport;
1687 th->th_seq = 0;
1688 th->th_ack = 0;
1689 th->th_off = 5;
1690 tcp_set_flags(th, 0);
1691 th->th_win = 0;
1692 th->th_urp = 0;
1693 th->th_sum = 0; /* in_pseudo() is called later for ipv4 */
1694}
1695
1696/*
1697 * Create template to be used to send tcp packets on a connection.
1698 * Allocates an mbuf and fills in a skeletal tcp/ip header. The only
1699 * use for this function is in keepalives, which use tcp_respond.
1700 */
1701struct tcptemp *
1702tcpip_maketemplate(struct inpcb *inp)
1703{
1704 struct tcptemp *t;
1705
1706 t = malloc(sizeof(*t), M_TEMP, M_NOWAIT);
1707 if (t == NULL)
1708 return (NULL);
1709 tcpip_fillheaders(inp, 0, (void *)&t->tt_ipgen, (void *)&t->tt_t);
1710 return (t);
1711}
1712
1713/*
1714 * Send a single message to the TCP at address specified by
1715 * the given TCP/IP header. If m == NULL, then we make a copy
1716 * of the tcpiphdr at th and send directly to the addressed host.
1717 * This is used to force keep alive messages out using the TCP
1718 * template for a connection. If flags are given then we send
1719 * a message back to the TCP which originated the segment th,
1720 * and discard the mbuf containing it and any other attached mbufs.
1721 *
1722 * In any case the ack and sequence number of the transmitted
1723 * segment are as specified by the parameters.
1724 *
1725 * NOTE: If m != NULL, then th must point to *inside* the mbuf.
1726 */
1727void
1728tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
1729 tcp_seq ack, tcp_seq seq, int flags)
1730{
1731 struct tcpopt to;
1732 struct inpcb *inp;
1733 struct ip *ip;
1734 struct mbuf *optm;
1735 struct udphdr *uh = NULL;
1736 struct tcphdr *nth;
1737 struct tcp_log_buffer *lgb;
1738 u_char *optp;
1739#ifdef INET6
1740 struct ip6_hdr *ip6;
1741 int isipv6;
1742#endif /* INET6 */
1743 int optlen, tlen, win, ulen;
1744 bool incl_opts;
1745 uint16_t port;
1746 int output_ret;
1747#ifdef INVARIANTS
1748 int thflags = tcp_get_flags(th);
1749#endif
1750
1751 KASSERT(tp != NULL || m != NULL, ("tcp_respond: tp and m both NULL"));
1752 NET_EPOCH_ASSERT();
1753
1754#ifdef INET6
1755 isipv6 = ((struct ip *)ipgen)->ip_v == (IPV6_VERSION >> 4);
1756 ip6 = ipgen;
1757#endif /* INET6 */
1758 ip = ipgen;
1759
1760 if (tp != NULL) {
1761 inp = tp->t_inpcb;
1762 KASSERT(inp != NULL, ("tcp control block w/o inpcb"));
1763 INP_LOCK_ASSERT(inp);
1764 } else
1765 inp = NULL;
1766
1767 if (m != NULL) {
1768#ifdef INET6
1769 if (isipv6 && ip6 && (ip6->ip6_nxt == IPPROTO_UDP))
1770 port = m->m_pkthdr.tcp_tun_port;
1771 else
1772#endif
1773 if (ip && (ip->ip_p == IPPROTO_UDP))
1774 port = m->m_pkthdr.tcp_tun_port;
1775 else
1776 port = 0;
1777 } else
1778 port = tp->t_port;
1779
1780 incl_opts = false;
1781 win = 0;
1782 if (tp != NULL) {
1783 if (!(flags & TH_RST)) {
1784 win = sbspace(&inp->inp_socket->so_rcv);
1785 if (win > TCP_MAXWIN << tp->rcv_scale)
1786 win = TCP_MAXWIN << tp->rcv_scale;
1787 }
1788 if ((tp->t_flags & TF_NOOPT) == 0)
1789 incl_opts = true;
1790 }
1791 if (m == NULL) {
1792 m = m_gethdr(M_NOWAIT, MT_DATA);
1793 if (m == NULL)
1794 return;
1795 m->m_data += max_linkhdr;
1796#ifdef INET6
1797 if (isipv6) {
1798 bcopy((caddr_t)ip6, mtod(m, caddr_t),
1799 sizeof(struct ip6_hdr));
1800 ip6 = mtod(m, struct ip6_hdr *);
1801 nth = (struct tcphdr *)(ip6 + 1);
1802 if (port) {
1803 /* Insert a UDP header */
1804 uh = (struct udphdr *)nth;
1805 uh->uh_sport = htons(V_tcp_udp_tunneling_port);
1806 uh->uh_dport = port;
1807 nth = (struct tcphdr *)(uh + 1);
1808 }
1809 } else
1810#endif /* INET6 */
1811 {
1812 bcopy((caddr_t)ip, mtod(m, caddr_t), sizeof(struct ip));
1813 ip = mtod(m, struct ip *);
1814 nth = (struct tcphdr *)(ip + 1);
1815 if (port) {
1816 /* Insert a UDP header */
1817 uh = (struct udphdr *)nth;
1818 uh->uh_sport = htons(V_tcp_udp_tunneling_port);
1819 uh->uh_dport = port;
1820 nth = (struct tcphdr *)(uh + 1);
1821 }
1822 }
1823 bcopy((caddr_t)th, (caddr_t)nth, sizeof(struct tcphdr));
1824 flags = TH_ACK;
1825 } else if ((!M_WRITABLE(m)) || (port != 0)) {
1826 struct mbuf *n;
1827
1828 /* Can't reuse 'm', allocate a new mbuf. */
1829 n = m_gethdr(M_NOWAIT, MT_DATA);
1830 if (n == NULL) {
1831 m_freem(m);
1832 return;
1833 }
1834
1835 if (!m_dup_pkthdr(n, m, M_NOWAIT)) {
1836 m_freem(m);
1837 m_freem(n);
1838 return;
1839 }
1840
1841 n->m_data += max_linkhdr;
1842 /* m_len is set later */
1843#define xchg(a,b,type) { type t; t=a; a=b; b=t; }
1844#ifdef INET6
1845 if (isipv6) {
1846 bcopy((caddr_t)ip6, mtod(n, caddr_t),
1847 sizeof(struct ip6_hdr));
1848 ip6 = mtod(n, struct ip6_hdr *);
1849 xchg(ip6->ip6_dst, ip6->ip6_src, struct in6_addr);
1850 nth = (struct tcphdr *)(ip6 + 1);
1851 if (port) {
1852 /* Insert a UDP header */
1853 uh = (struct udphdr *)nth;
1854 uh->uh_sport = htons(V_tcp_udp_tunneling_port);
1855 uh->uh_dport = port;
1856 nth = (struct tcphdr *)(uh + 1);
1857 }
1858 } else
1859#endif /* INET6 */
1860 {
1861 bcopy((caddr_t)ip, mtod(n, caddr_t), sizeof(struct ip));
1862 ip = mtod(n, struct ip *);
1863 xchg(ip->ip_dst.s_addr, ip->ip_src.s_addr, uint32_t);
1864 nth = (struct tcphdr *)(ip + 1);
1865 if (port) {
1866 /* Insert a UDP header */
1867 uh = (struct udphdr *)nth;
1868 uh->uh_sport = htons(V_tcp_udp_tunneling_port);
1869 uh->uh_dport = port;
1870 nth = (struct tcphdr *)(uh + 1);
1871 }
1872 }
1873 bcopy((caddr_t)th, (caddr_t)nth, sizeof(struct tcphdr));
1874 xchg(nth->th_dport, nth->th_sport, uint16_t);
1875 th = nth;
1876 m_freem(m);
1877 m = n;
1878 } else {
1879 /*
1880 * reuse the mbuf.
1881 * XXX MRT We inherit the FIB, which is lucky.
1882 */
1883 m_freem(m->m_next);
1884 m->m_next = NULL;
1885 m->m_data = (caddr_t)ipgen;
1886 /* m_len is set later */
1887#ifdef INET6
1888 if (isipv6) {
1889 xchg(ip6->ip6_dst, ip6->ip6_src, struct in6_addr);
1890 nth = (struct tcphdr *)(ip6 + 1);
1891 } else
1892#endif /* INET6 */
1893 {
1894 xchg(ip->ip_dst.s_addr, ip->ip_src.s_addr, uint32_t);
1895 nth = (struct tcphdr *)(ip + 1);
1896 }
1897 if (th != nth) {
1898 /*
1899 * this is usually a case when an extension header
1900 * exists between the IPv6 header and the
1901 * TCP header.
1902 */
1903 nth->th_sport = th->th_sport;
1904 nth->th_dport = th->th_dport;
1905 }
1906 xchg(nth->th_dport, nth->th_sport, uint16_t);
1907#undef xchg
1908 }
1909 tlen = 0;
1910#ifdef INET6
1911 if (isipv6)
1912 tlen = sizeof (struct ip6_hdr) + sizeof (struct tcphdr);
1913#endif
1914#if defined(INET) && defined(INET6)
1915 else
1916#endif
1917#ifdef INET
1918 tlen = sizeof (struct tcpiphdr);
1919#endif
1920 if (port)
1921 tlen += sizeof (struct udphdr);
1922#ifdef INVARIANTS
1923 m->m_len = 0;
1924 KASSERT(M_TRAILINGSPACE(m) >= tlen,
1925 ("Not enough trailing space for message (m=%p, need=%d, have=%ld)",
1926 m, tlen, (long)M_TRAILINGSPACE(m)));
1927#endif
1928 m->m_len = tlen;
1929 to.to_flags = 0;
1930 if (incl_opts) {
1931 /* Make sure we have room. */
1932 if (M_TRAILINGSPACE(m) < TCP_MAXOLEN) {
1933 m->m_next = m_get(M_NOWAIT, MT_DATA);
1934 if (m->m_next) {
1935 optp = mtod(m->m_next, u_char *);
1936 optm = m->m_next;
1937 } else
1938 incl_opts = false;
1939 } else {
1940 optp = (u_char *) (nth + 1);
1941 optm = m;
1942 }
1943 }
1944 if (incl_opts) {
1945 /* Timestamps. */
1946 if (tp->t_flags & TF_RCVD_TSTMP) {
1947 to.to_tsval = tcp_ts_getticks() + tp->ts_offset;
1948 to.to_tsecr = tp->ts_recent;
1949 to.to_flags |= TOF_TS;
1950 }
1951#if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
1952 /* TCP-MD5 (RFC2385). */
1953 if (tp->t_flags & TF_SIGNATURE)
1954 to.to_flags |= TOF_SIGNATURE;
1955#endif
1956 /* Add the options. */
1957 tlen += optlen = tcp_addoptions(&to, optp);
1958
1959 /* Update m_len in the correct mbuf. */
1960 optm->m_len += optlen;
1961 } else
1962 optlen = 0;
1963#ifdef INET6
1964 if (isipv6) {
1965 if (uh) {
1966 ulen = tlen - sizeof(struct ip6_hdr);
1967 uh->uh_ulen = htons(ulen);
1968 }
1969 ip6->ip6_flow = 0;
1970 ip6->ip6_vfc = IPV6_VERSION;
1971 if (port)
1972 ip6->ip6_nxt = IPPROTO_UDP;
1973 else
1974 ip6->ip6_nxt = IPPROTO_TCP;
1975 ip6->ip6_plen = htons(tlen - sizeof(*ip6));
1976 }
1977#endif
1978#if defined(INET) && defined(INET6)
1979 else
1980#endif
1981#ifdef INET
1982 {
1983 if (uh) {
1984 ulen = tlen - sizeof(struct ip);
1985 uh->uh_ulen = htons(ulen);
1986 }
1987 ip->ip_len = htons(tlen);
1988 ip->ip_ttl = V_ip_defttl;
1989 if (port) {
1990 ip->ip_p = IPPROTO_UDP;
1991 } else {
1992 ip->ip_p = IPPROTO_TCP;
1993 }
1994 if (V_path_mtu_discovery)
1995 ip->ip_off |= htons(IP_DF);
1996 }
1997#endif
1998 m->m_pkthdr.len = tlen;
1999 m->m_pkthdr.rcvif = NULL;
2000#ifdef MAC
2001 if (inp != NULL) {
2002 /*
2003 * Packet is associated with a socket, so allow the
2004 * label of the response to reflect the socket label.
2005 */
2006 INP_LOCK_ASSERT(inp);
2007 mac_inpcb_create_mbuf(inp, m);
2008 } else {
2009 /*
2010 * Packet is not associated with a socket, so possibly
2011 * update the label in place.
2012 */
2013 mac_netinet_tcp_reply(m);
2014 }
2015#endif
2016 nth->th_seq = htonl(seq);
2017 nth->th_ack = htonl(ack);
2018 nth->th_off = (sizeof (struct tcphdr) + optlen) >> 2;
2019 tcp_set_flags(nth, flags);
2020 if (tp != NULL)
2021 nth->th_win = htons((u_short) (win >> tp->rcv_scale));
2022 else
2023 nth->th_win = htons((u_short)win);
2024 nth->th_urp = 0;
2025
2026#if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
2027 if (to.to_flags & TOF_SIGNATURE) {
2028 if (!TCPMD5_ENABLED() ||
2029 TCPMD5_OUTPUT(m, nth, to.to_signature) != 0) {
2030 m_freem(m);
2031 return;
2032 }
2033 }
2034#endif
2035
2036#ifdef INET6
2037 if (isipv6) {
2038 if (port) {
2039 m->m_pkthdr.csum_flags = CSUM_UDP_IPV6;
2040 m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
2041 uh->uh_sum = in6_cksum_pseudo(ip6, ulen, IPPROTO_UDP, 0);
2042 nth->th_sum = 0;
2043 } else {
2044 m->m_pkthdr.csum_flags = CSUM_TCP_IPV6;
2045 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
2046 nth->th_sum = in6_cksum_pseudo(ip6,
2047 tlen - sizeof(struct ip6_hdr), IPPROTO_TCP, 0);
2048 }
2049 ip6->ip6_hlim = in6_selecthlim(tp != NULL ? tp->t_inpcb :
2050 NULL, NULL);
2051 }
2052#endif /* INET6 */
2053#if defined(INET6) && defined(INET)
2054 else
2055#endif
2056#ifdef INET
2057 {
2058 if (port) {
2059 uh->uh_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
2060 htons(ulen + IPPROTO_UDP));
2061 m->m_pkthdr.csum_flags = CSUM_UDP;
2062 m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
2063 nth->th_sum = 0;
2064 } else {
2065 m->m_pkthdr.csum_flags = CSUM_TCP;
2066 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
2067 nth->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
2068 htons((u_short)(tlen - sizeof(struct ip) + ip->ip_p)));
2069 }
2070 }
2071#endif /* INET */
2072#ifdef TCPDEBUG
2073 if (tp == NULL || (inp->inp_socket->so_options & SO_DEBUG))
2074 tcp_trace(TA_OUTPUT, 0, tp, mtod(m, void *), th, 0);
2075#endif
2076 TCP_PROBE3(debug__output, tp, th, m);
2077 if (flags & TH_RST)
2078 TCP_PROBE5(accept__refused, NULL, NULL, m, tp, nth);
2079 lgb = NULL;
2080 if ((tp != NULL) && (tp->t_logstate != TCP_LOG_STATE_OFF)) {
2081 if (INP_WLOCKED(inp)) {
2082 union tcp_log_stackspecific log;
2083 struct timeval tv;
2084
2085 memset(&log.u_bbr, 0, sizeof(log.u_bbr));
2086 log.u_bbr.inhpts = tp->t_inpcb->inp_in_hpts;
2087 log.u_bbr.flex8 = 4;
2088 log.u_bbr.pkts_out = tp->t_maxseg;
2089 log.u_bbr.timeStamp = tcp_get_usecs(&tv);
2090 log.u_bbr.delivered = 0;
2091 lgb = tcp_log_event_(tp, nth, NULL, NULL, TCP_LOG_OUT,
2092 ERRNO_UNK, 0, &log, false, NULL, NULL, 0, &tv);
2093 } else {
2094 /*
2095 * We can not log the packet, since we only own the
2096 * read lock, but a write lock is needed. The read lock
2097 * is not upgraded to a write lock, since only getting
2098 * the read lock was done intentionally to improve the
2099 * handling of SYN flooding attacks.
2100 * This happens only for pure SYN segments received in
2101 * the initial CLOSED state, or received in a more
2102 * advanced state than listen and the UDP encapsulation
2103 * port is unexpected.
2104 * The incoming SYN segments do not really belong to
2105 * the TCP connection and the handling does not change
2106 * the state of the TCP connection. Therefore, the
2107 * sending of the RST segments is not logged. Please
2108 * note that also the incoming SYN segments are not
2109 * logged.
2110 *
2111 * The following code ensures that the above description
2112 * is and stays correct.
2113 */
2114 KASSERT((thflags & (TH_ACK|TH_SYN)) == TH_SYN &&
2115 (tp->t_state == TCPS_CLOSED ||
2116 (tp->t_state > TCPS_LISTEN && tp->t_port != port)),
2117 ("%s: Logging of TCP segment with flags 0x%b and "
2118 "UDP encapsulation port %u skipped in state %s",
2119 __func__, thflags, PRINT_TH_FLAGS,
2120 ntohs(port), tcpstates[tp->t_state]));
2121 }
2122 }
2123
2124#ifdef INET6
2125 if (isipv6) {
2126 TCP_PROBE5(send, NULL, tp, ip6, tp, nth);
2127 output_ret = ip6_output(m, NULL, NULL, 0, NULL, NULL, inp);
2128 }
2129#endif /* INET6 */
2130#if defined(INET) && defined(INET6)
2131 else
2132#endif
2133#ifdef INET
2134 {
2135 TCP_PROBE5(send, NULL, tp, ip, tp, nth);
2136 output_ret = ip_output(m, NULL, NULL, 0, NULL, inp);
2137 }
2138#endif
2139 if (lgb != NULL)
2140 lgb->tlb_errno = output_ret;
2141}
2142
2143/*
2144 * Create a new TCP control block, making an
2145 * empty reassembly queue and hooking it to the argument
2146 * protocol control block. The `inp' parameter must have
2147 * come from the zone allocator set up in tcp_init().
2148 */
2149struct tcpcb *
2150tcp_newtcpcb(struct inpcb *inp)
2151{
2152 struct tcpcb_mem *tm;
2153 struct tcpcb *tp;
2154#ifdef INET6
2155 int isipv6 = (inp->inp_vflag & INP_IPV6) != 0;
2156#endif /* INET6 */
2157
2158 tm = uma_zalloc(V_tcpcb_zone, M_NOWAIT | M_ZERO);
2159 if (tm == NULL)
2160 return (NULL);
2161 tp = &tm->tcb;
2162
2163 /* Initialise cc_var struct for this tcpcb. */
2164 tp->ccv = &tm->ccv;
2165 tp->ccv->type = IPPROTO_TCP;
2166 tp->ccv->ccvc.tcp = tp;
2167 rw_rlock(&tcp_function_lock);
2168 tp->t_fb = tcp_func_set_ptr;
2169 refcount_acquire(&tp->t_fb->tfb_refcnt);
2170 rw_runlock(&tcp_function_lock);
2171 /*
2172 * Use the current system default CC algorithm.
2173 */
2174 cc_attach(tp, CC_DEFAULT_ALGO());
2175
2176 /*
2177 * The tcpcb will hold a reference on its inpcb until tcp_discardcb()
2178 * is called.
2179 */
2180 in_pcbref(inp); /* Reference for tcpcb */
2181 tp->t_inpcb = inp;
2182
2183 if (CC_ALGO(tp)->cb_init != NULL)
2184 if (CC_ALGO(tp)->cb_init(tp->ccv, NULL) > 0) {
2185 cc_detach(tp);
2186 if (tp->t_fb->tfb_tcp_fb_fini)
2187 (*tp->t_fb->tfb_tcp_fb_fini)(tp, 1);
2188 in_pcbrele_wlocked(inp);
2189 refcount_release(&tp->t_fb->tfb_refcnt);
2190 uma_zfree(V_tcpcb_zone, tm);
2191 return (NULL);
2192 }
2193
2194#ifdef TCP_HHOOK
2195 tp->osd = &tm->osd;
2196 if (khelp_init_osd(HELPER_CLASS_TCP, tp->osd)) {
2197 if (tp->t_fb->tfb_tcp_fb_fini)
2198 (*tp->t_fb->tfb_tcp_fb_fini)(tp, 1);
2199 in_pcbrele_wlocked(inp);
2200 refcount_release(&tp->t_fb->tfb_refcnt);
2201 uma_zfree(V_tcpcb_zone, tm);
2202 return (NULL);
2203 }
2204#endif
2205
2206#ifdef VIMAGE
2207 tp->t_vnet = inp->inp_vnet;
2208#endif
2209 tp->t_timers = &tm->tt;
2210 TAILQ_INIT(&tp->t_segq);
2211 tp->t_maxseg =
2212#ifdef INET6
2213 isipv6 ? V_tcp_v6mssdflt :
2214#endif /* INET6 */
2215 V_tcp_mssdflt;
2216
2217 /* Set up our timeouts. */
2218 callout_init(&tp->t_timers->tt_rexmt, 1);
2219 callout_init(&tp->t_timers->tt_persist, 1);
2220 callout_init(&tp->t_timers->tt_keep, 1);
2221 callout_init(&tp->t_timers->tt_2msl, 1);
2222 callout_init(&tp->t_timers->tt_delack, 1);
2223
2224 if (V_tcp_do_rfc1323)
2225 tp->t_flags = (TF_REQ_SCALE|TF_REQ_TSTMP);
2226 if (V_tcp_do_sack)
2227 tp->t_flags |= TF_SACK_PERMIT;
2228 TAILQ_INIT(&tp->snd_holes);
2229
2230 /*
2231 * Init srtt to TCPTV_SRTTBASE (0), so we can tell that we have no
2232 * rtt estimate. Set rttvar so that srtt + 4 * rttvar gives
2233 * reasonable initial retransmit time.
2234 */
2235 tp->t_srtt = TCPTV_SRTTBASE;
2236 tp->t_rttvar = ((tcp_rexmit_initial - TCPTV_SRTTBASE) << TCP_RTTVAR_SHIFT) / 4;
2237 tp->t_rttmin = tcp_rexmit_min;
2238 tp->t_rxtcur = tcp_rexmit_initial;
2239 tp->snd_cwnd = TCP_MAXWIN << TCP_MAX_WINSHIFT;
2240 tp->snd_ssthresh = TCP_MAXWIN << TCP_MAX_WINSHIFT;
2241 tp->t_rcvtime = ticks;
2242 /*
2243 * IPv4 TTL initialization is necessary for an IPv6 socket as well,
2244 * because the socket may be bound to an IPv6 wildcard address,
2245 * which may match an IPv4-mapped IPv6 address.
2246 */
2247 inp->inp_ip_ttl = V_ip_defttl;
2248 inp->inp_ppcb = tp;
2249#ifdef TCPPCAP
2250 /*
2251 * Init the TCP PCAP queues.
2252 */
2253 tcp_pcap_tcpcb_init(tp);
2254#endif
2255#ifdef TCP_BLACKBOX
2256 /* Initialize the per-TCPCB log data. */
2257 tcp_log_tcpcbinit(tp);
2258#endif
2259 tp->t_pacing_rate = -1;
2260 if (tp->t_fb->tfb_tcp_fb_init) {
2261 if ((*tp->t_fb->tfb_tcp_fb_init)(tp)) {
2262 refcount_release(&tp->t_fb->tfb_refcnt);
2263 in_pcbrele_wlocked(inp);
2264 uma_zfree(V_tcpcb_zone, tm);
2265 return (NULL);
2266 }
2267 }
2268#ifdef STATS
2269 if (V_tcp_perconn_stats_enable == 1)
2270 tp->t_stats = stats_blob_alloc(V_tcp_perconn_stats_dflt_tpl, 0);
2271#endif
2272 if (V_tcp_do_lrd)
2273 tp->t_flags |= TF_LRD;
2274 return (tp); /* XXX */
2275}
2276
2277/*
2278 * Drop a TCP connection, reporting
2279 * the specified error. If connection is synchronized,
2280 * then send a RST to peer.
2281 */
2282struct tcpcb *
2283tcp_drop(struct tcpcb *tp, int errno)
2284{
2285 struct socket *so = tp->t_inpcb->inp_socket;
2286
2287 NET_EPOCH_ASSERT();
2288 INP_WLOCK_ASSERT(tp->t_inpcb);
2289
2290 if (TCPS_HAVERCVDSYN(tp->t_state)) {
2291 tcp_state_change(tp, TCPS_CLOSED);
2292 /* Don't use tcp_output() here due to possible recursion. */
2293 (void)tcp_output_nodrop(tp);
2294 TCPSTAT_INC(tcps_drops);
2295 } else
2296 TCPSTAT_INC(tcps_conndrops);
2297 if (errno == ETIMEDOUT && tp->t_softerror)
2298 errno = tp->t_softerror;
2299 so->so_error = errno;
2300 return (tcp_close(tp));
2301}
2302
2303void
2304tcp_discardcb(struct tcpcb *tp)
2305{
2306 struct inpcb *inp = tp->t_inpcb;
2307
2308 INP_WLOCK_ASSERT(inp);
2309
2310 /*
2311 * Make sure that all of our timers are stopped before we delete the
2312 * PCB.
2313 *
2314 * If stopping a timer fails, we schedule a discard function in same
2315 * callout, and the last discard function called will take care of
2316 * deleting the tcpcb.
2317 */
2318 tp->t_timers->tt_draincnt = 0;
2319 tcp_timer_stop(tp, TT_REXMT);
2320 tcp_timer_stop(tp, TT_PERSIST);
2321 tcp_timer_stop(tp, TT_KEEP);
2322 tcp_timer_stop(tp, TT_2MSL);
2323 tcp_timer_stop(tp, TT_DELACK);
2324 if (tp->t_fb->tfb_tcp_timer_stop_all) {
2325 /*
2326 * Call the stop-all function of the methods,
2327 * this function should call the tcp_timer_stop()
2328 * method with each of the function specific timeouts.
2329 * That stop will be called via the tfb_tcp_timer_stop()
2330 * which should use the async drain function of the
2331 * callout system (see tcp_var.h).
2332 */
2333 tp->t_fb->tfb_tcp_timer_stop_all(tp);
2334 }
2335
2336 /* free the reassembly queue, if any */
2337 tcp_reass_flush(tp);
2338
2339#ifdef TCP_OFFLOAD
2340 /* Disconnect offload device, if any. */
2341 if (tp->t_flags & TF_TOE)
2342 tcp_offload_detach(tp);
2343#endif
2344
2345 tcp_free_sackholes(tp);
2346
2347#ifdef TCPPCAP
2348 /* Free the TCP PCAP queues. */
2349 tcp_pcap_drain(&(tp->t_inpkts));
2350 tcp_pcap_drain(&(tp->t_outpkts));
2351#endif
2352
2353 /* Allow the CC algorithm to clean up after itself. */
2354 if (CC_ALGO(tp)->cb_destroy != NULL)
2355 CC_ALGO(tp)->cb_destroy(tp->ccv);
2356 CC_DATA(tp) = NULL;
2357 /* Detach from the CC algorithm */
2358 cc_detach(tp);
2359
2360#ifdef TCP_HHOOK
2361 khelp_destroy_osd(tp->osd);
2362#endif
2363#ifdef STATS
2364 stats_blob_destroy(tp->t_stats);
2365#endif
2366
2367 CC_ALGO(tp) = NULL;
2368 inp->inp_ppcb = NULL;
2369 if (tp->t_timers->tt_draincnt == 0) {
2370 bool released __diagused;
2371
2372 released = tcp_freecb(tp);
2373 KASSERT(!released, ("%s: inp %p should not have been released "
2374 "here", __func__, inp));
2375 }
2376}
2377
2378bool
2379tcp_freecb(struct tcpcb *tp)
2380{
2381 struct inpcb *inp = tp->t_inpcb;
2382 struct socket *so = inp->inp_socket;
2383#ifdef INET6
2384 bool isipv6 = (inp->inp_vflag & INP_IPV6) != 0;
2385#endif
2386
2387 INP_WLOCK_ASSERT(inp);
2388 MPASS(tp->t_timers->tt_draincnt == 0);
2389
2390 /* We own the last reference on tcpcb, let's free it. */
2391#ifdef TCP_BLACKBOX
2392 tcp_log_tcpcbfini(tp);
2393#endif
2394 TCPSTATES_DEC(tp->t_state);
2395 if (tp->t_fb->tfb_tcp_fb_fini)
2396 (*tp->t_fb->tfb_tcp_fb_fini)(tp, 1);
2397
2398 /*
2399 * If we got enough samples through the srtt filter,
2400 * save the rtt and rttvar in the routing entry.
2401 * 'Enough' is arbitrarily defined as 4 rtt samples.
2402 * 4 samples is enough for the srtt filter to converge
2403 * to within enough % of the correct value; fewer samples
2404 * and we could save a bogus rtt. The danger is not high
2405 * as tcp quickly recovers from everything.
2406 * XXX: Works very well but needs some more statistics!
2407 *
2408 * XXXRRS: Updating must be after the stack fini() since
2409 * that may be converting some internal representation of
2410 * say srtt etc into the general one used by other stacks.
2411 * Lets also at least protect against the so being NULL
2412 * as RW stated below.
2413 */
2414 if ((tp->t_rttupdated >= 4) && (so != NULL)) {
2415 struct hc_metrics_lite metrics;
2416 uint32_t ssthresh;
2417
2418 bzero(&metrics, sizeof(metrics));
2419 /*
2420 * Update the ssthresh always when the conditions below
2421 * are satisfied. This gives us better new start value
2422 * for the congestion avoidance for new connections.
2423 * ssthresh is only set if packet loss occurred on a session.
2424 *
2425 * XXXRW: 'so' may be NULL here, and/or socket buffer may be
2426 * being torn down. Ideally this code would not use 'so'.
2427 */
2428 ssthresh = tp->snd_ssthresh;
2429 if (ssthresh != 0 && ssthresh < so->so_snd.sb_hiwat / 2) {
2430 /*
2431 * convert the limit from user data bytes to
2432 * packets then to packet data bytes.
2433 */
2434 ssthresh = (ssthresh + tp->t_maxseg / 2) / tp->t_maxseg;
2435 if (ssthresh < 2)
2436 ssthresh = 2;
2437 ssthresh *= (tp->t_maxseg +
2438#ifdef INET6
2439 (isipv6 ? sizeof (struct ip6_hdr) +
2440 sizeof (struct tcphdr) :
2441#endif
2442 sizeof (struct tcpiphdr)
2443#ifdef INET6
2444 )
2445#endif
2446 );
2447 } else
2448 ssthresh = 0;
2449 metrics.rmx_ssthresh = ssthresh;
2450
2451 metrics.rmx_rtt = tp->t_srtt;
2452 metrics.rmx_rttvar = tp->t_rttvar;
2453 metrics.rmx_cwnd = tp->snd_cwnd;
2454 metrics.rmx_sendpipe = 0;
2455 metrics.rmx_recvpipe = 0;
2456
2457 tcp_hc_update(&inp->inp_inc, &metrics);
2458 }
2459
2460 refcount_release(&tp->t_fb->tfb_refcnt);
2461 uma_zfree(V_tcpcb_zone, tp);
2462
2463 return (in_pcbrele_wlocked(inp));
2464}
2465
2466/*
2467 * Attempt to close a TCP control block, marking it as dropped, and freeing
2468 * the socket if we hold the only reference.
2469 */
2470struct tcpcb *
2471tcp_close(struct tcpcb *tp)
2472{
2473 struct inpcb *inp = tp->t_inpcb;
2474 struct socket *so;
2475
2476 INP_WLOCK_ASSERT(inp);
2477
2478#ifdef TCP_OFFLOAD
2479 if (tp->t_state == TCPS_LISTEN)
2480 tcp_offload_listen_stop(tp);
2481#endif
2482 /*
2483 * This releases the TFO pending counter resource for TFO listen
2484 * sockets as well as passively-created TFO sockets that transition
2485 * from SYN_RECEIVED to CLOSED.
2486 */
2487 if (tp->t_tfo_pending) {
2488 tcp_fastopen_decrement_counter(tp->t_tfo_pending);
2489 tp->t_tfo_pending = NULL;
2490 }
2491#ifdef TCPHPTS
2492 tcp_hpts_remove(inp);
2493#endif
2494 in_pcbdrop(inp);
2495 TCPSTAT_INC(tcps_closed);
2496 if (tp->t_state != TCPS_CLOSED)
2497 tcp_state_change(tp, TCPS_CLOSED);
2498 KASSERT(inp->inp_socket != NULL, ("tcp_close: inp_socket NULL"));
2499 so = inp->inp_socket;
2500 soisdisconnected(so);
2501 if (inp->inp_flags & INP_SOCKREF) {
2502 KASSERT(so->so_state & SS_PROTOREF,
2503 ("tcp_close: !SS_PROTOREF"));
2504 inp->inp_flags &= ~INP_SOCKREF;
2505 INP_WUNLOCK(inp);
2506 SOCK_LOCK(so);
2507 so->so_state &= ~SS_PROTOREF;
2508 sofree(so);
2509 return (NULL);
2510 }
2511 return (tp);
2512}
2513
2514void
2515tcp_drain(void)
2516{
2517 VNET_ITERATOR_DECL(vnet_iter);
2518
2519 if (!do_tcpdrain)
2520 return;
2521
2522 VNET_LIST_RLOCK_NOSLEEP();
2523 VNET_FOREACH(vnet_iter) {
2524 CURVNET_SET(vnet_iter);
2525 struct inpcb_iterator inpi = INP_ALL_ITERATOR(&V_tcbinfo,
2526 INPLOOKUP_WLOCKPCB);
2527 struct inpcb *inpb;
2528 struct tcpcb *tcpb;
2529
2530 /*
2531 * Walk the tcpbs, if existing, and flush the reassembly queue,
2532 * if there is one...
2533 * XXX: The "Net/3" implementation doesn't imply that the TCP
2534 * reassembly queue should be flushed, but in a situation
2535 * where we're really low on mbufs, this is potentially
2536 * useful.
2537 */
2538 while ((inpb = inp_next(&inpi)) != NULL) {
2539 if (inpb->inp_flags & INP_TIMEWAIT)
2540 continue;
2541 if ((tcpb = intotcpcb(inpb)) != NULL) {
2542 tcp_reass_flush(tcpb);
2543 tcp_clean_sackreport(tcpb);
2544#ifdef TCP_BLACKBOX
2545 tcp_log_drain(tcpb);
2546#endif
2547#ifdef TCPPCAP
2548 if (tcp_pcap_aggressive_free) {
2549 /* Free the TCP PCAP queues. */
2550 tcp_pcap_drain(&(tcpb->t_inpkts));
2551 tcp_pcap_drain(&(tcpb->t_outpkts));
2552 }
2553#endif
2554 }
2555 }
2556 CURVNET_RESTORE();
2557 }
2558 VNET_LIST_RUNLOCK_NOSLEEP();
2559}
2560
2561/*
2562 * Notify a tcp user of an asynchronous error;
2563 * store error as soft error, but wake up user
2564 * (for now, won't do anything until can select for soft error).
2565 *
2566 * Do not wake up user since there currently is no mechanism for
2567 * reporting soft errors (yet - a kqueue filter may be added).
2568 */
2569static struct inpcb *
2570tcp_notify(struct inpcb *inp, int error)
2571{
2572 struct tcpcb *tp;
2573
2574 INP_WLOCK_ASSERT(inp);
2575
2576 if ((inp->inp_flags & INP_TIMEWAIT) ||
2577 (inp->inp_flags & INP_DROPPED))
2578 return (inp);
2579
2580 tp = intotcpcb(inp);
2581 KASSERT(tp != NULL, ("tcp_notify: tp == NULL"));
2582
2583 /*
2584 * Ignore some errors if we are hooked up.
2585 * If connection hasn't completed, has retransmitted several times,
2586 * and receives a second error, give up now. This is better
2587 * than waiting a long time to establish a connection that
2588 * can never complete.
2589 */
2590 if (tp->t_state == TCPS_ESTABLISHED &&
2591 (error == EHOSTUNREACH || error == ENETUNREACH ||
2592 error == EHOSTDOWN)) {
2593 if (inp->inp_route.ro_nh) {
2594 NH_FREE(inp->inp_route.ro_nh);
2595 inp->inp_route.ro_nh = (struct nhop_object *)NULL;
2596 }
2597 return (inp);
2598 } else if (tp->t_state < TCPS_ESTABLISHED && tp->t_rxtshift > 3 &&
2599 tp->t_softerror) {
2600 tp = tcp_drop(tp, error);
2601 if (tp != NULL)
2602 return (inp);
2603 else
2604 return (NULL);
2605 } else {
2606 tp->t_softerror = error;
2607 return (inp);
2608 }
2609#if 0
2610 wakeup( &so->so_timeo);
2611 sorwakeup(so);
2612 sowwakeup(so);
2613#endif
2614}
2615
2616static int
2617tcp_pcblist(SYSCTL_HANDLER_ARGS)
2618{
2619 struct inpcb_iterator inpi = INP_ALL_ITERATOR(&V_tcbinfo,
2620 INPLOOKUP_RLOCKPCB);
2621 struct xinpgen xig;
2622 struct inpcb *inp;
2623 int error;
2624
2625 if (req->newptr != NULL)
2626 return (EPERM);
2627
2628 if (req->oldptr == NULL) {
2629 int n;
2630
2631 n = V_tcbinfo.ipi_count +
2632 counter_u64_fetch(V_tcps_states[TCPS_SYN_RECEIVED]);
2633 n += imax(n / 8, 10);
2634 req->oldidx = 2 * (sizeof xig) + n * sizeof(struct xtcpcb);
2635 return (0);
2636 }
2637
2638 if ((error = sysctl_wire_old_buffer(req, 0)) != 0)
2639 return (error);
2640
2641 bzero(&xig, sizeof(xig));
2642 xig.xig_len = sizeof xig;
2643 xig.xig_count = V_tcbinfo.ipi_count +
2644 counter_u64_fetch(V_tcps_states[TCPS_SYN_RECEIVED]);
2645 xig.xig_gen = V_tcbinfo.ipi_gencnt;
2646 xig.xig_sogen = so_gencnt;
2647 error = SYSCTL_OUT(req, &xig, sizeof xig);
2648 if (error)
2649 return (error);
2650
2651 error = syncache_pcblist(req);
2652 if (error)
2653 return (error);
2654
2655 while ((inp = inp_next(&inpi)) != NULL) {
2656 if (inp->inp_gencnt <= xig.xig_gen) {
2657 int crerr;
2658
2659 /*
2660 * XXX: This use of cr_cansee(), introduced with
2661 * TCP state changes, is not quite right, but for
2662 * now, better than nothing.
2663 */
2664 if (inp->inp_flags & INP_TIMEWAIT) {
2665 if (intotw(inp) != NULL)
2666 crerr = cr_cansee(req->td->td_ucred,
2667 intotw(inp)->tw_cred);
2668 else
2669 crerr = EINVAL; /* Skip this inp. */
2670 } else
2671 crerr = cr_canseeinpcb(req->td->td_ucred, inp);
2672 if (crerr == 0) {
2673 struct xtcpcb xt;
2674
2675 tcp_inptoxtp(inp, &xt);
2676 error = SYSCTL_OUT(req, &xt, sizeof xt);
2677 if (error) {
2678 INP_RUNLOCK(inp);
2679 break;
2680 } else
2681 continue;
2682 }
2683 }
2684 }
2685
2686 if (!error) {
2687 /*
2688 * Give the user an updated idea of our state.
2689 * If the generation differs from what we told
2690 * her before, she knows that something happened
2691 * while we were processing this request, and it
2692 * might be necessary to retry.
2693 */
2694 xig.xig_gen = V_tcbinfo.ipi_gencnt;
2695 xig.xig_sogen = so_gencnt;
2696 xig.xig_count = V_tcbinfo.ipi_count +
2697 counter_u64_fetch(V_tcps_states[TCPS_SYN_RECEIVED]);
2698 error = SYSCTL_OUT(req, &xig, sizeof xig);
2699 }
2700
2701 return (error);
2702}
2703
2704SYSCTL_PROC(_net_inet_tcp, TCPCTL_PCBLIST, pcblist,
2705 CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_NEEDGIANT,
2706 NULL, 0, tcp_pcblist, "S,xtcpcb",
2707 "List of active TCP connections");
2708
2709#ifdef INET
2710static int
2711tcp_getcred(SYSCTL_HANDLER_ARGS)
2712{
2713 struct xucred xuc;
2714 struct sockaddr_in addrs[2];
2715 struct epoch_tracker et;
2716 struct inpcb *inp;
2717 int error;
2718
2719 error = priv_check(req->td, PRIV_NETINET_GETCRED);
2720 if (error)
2721 return (error);
2722 error = SYSCTL_IN(req, addrs, sizeof(addrs));
2723 if (error)
2724 return (error);
2725 NET_EPOCH_ENTER(et);
2726 inp = in_pcblookup(&V_tcbinfo, addrs[1].sin_addr, addrs[1].sin_port,
2727 addrs[0].sin_addr, addrs[0].sin_port, INPLOOKUP_RLOCKPCB, NULL);
2728 NET_EPOCH_EXIT(et);
2729 if (inp != NULL) {
2730 if (inp->inp_socket == NULL)
2731 error = ENOENT;
2732 if (error == 0)
2733 error = cr_canseeinpcb(req->td->td_ucred, inp);
2734 if (error == 0)
2735 cru2x(inp->inp_cred, &xuc);
2736 INP_RUNLOCK(inp);
2737 } else
2738 error = ENOENT;
2739 if (error == 0)
2740 error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred));
2741 return (error);
2742}
2743
2744SYSCTL_PROC(_net_inet_tcp, OID_AUTO, getcred,
2745 CTLTYPE_OPAQUE | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_NEEDGIANT,
2746 0, 0, tcp_getcred, "S,xucred",
2747 "Get the xucred of a TCP connection");
2748#endif /* INET */
2749
2750#ifdef INET6
2751static int
2752tcp6_getcred(SYSCTL_HANDLER_ARGS)
2753{
2754 struct epoch_tracker et;
2755 struct xucred xuc;
2756 struct sockaddr_in6 addrs[2];
2757 struct inpcb *inp;
2758 int error;
2759#ifdef INET
2760 int mapped = 0;
2761#endif
2762
2763 error = priv_check(req->td, PRIV_NETINET_GETCRED);
2764 if (error)
2765 return (error);
2766 error = SYSCTL_IN(req, addrs, sizeof(addrs));
2767 if (error)
2768 return (error);
2769 if ((error = sa6_embedscope(&addrs[0], V_ip6_use_defzone)) != 0 ||
2770 (error = sa6_embedscope(&addrs[1], V_ip6_use_defzone)) != 0) {
2771 return (error);
2772 }
2773 if (IN6_IS_ADDR_V4MAPPED(&addrs[0].sin6_addr)) {
2774#ifdef INET
2775 if (IN6_IS_ADDR_V4MAPPED(&addrs[1].sin6_addr))
2776 mapped = 1;
2777 else
2778#endif
2779 return (EINVAL);
2780 }
2781
2782 NET_EPOCH_ENTER(et);
2783#ifdef INET
2784 if (mapped == 1)
2785 inp = in_pcblookup(&V_tcbinfo,
2786 *(struct in_addr *)&addrs[1].sin6_addr.s6_addr[12],
2787 addrs[1].sin6_port,
2788 *(struct in_addr *)&addrs[0].sin6_addr.s6_addr[12],
2789 addrs[0].sin6_port, INPLOOKUP_RLOCKPCB, NULL);
2790 else
2791#endif
2792 inp = in6_pcblookup(&V_tcbinfo,
2793 &addrs[1].sin6_addr, addrs[1].sin6_port,
2794 &addrs[0].sin6_addr, addrs[0].sin6_port,
2795 INPLOOKUP_RLOCKPCB, NULL);
2796 NET_EPOCH_EXIT(et);
2797 if (inp != NULL) {
2798 if (inp->inp_socket == NULL)
2799 error = ENOENT;
2800 if (error == 0)
2801 error = cr_canseeinpcb(req->td->td_ucred, inp);
2802 if (error == 0)
2803 cru2x(inp->inp_cred, &xuc);
2804 INP_RUNLOCK(inp);
2805 } else
2806 error = ENOENT;
2807 if (error == 0)
2808 error = SYSCTL_OUT(req, &xuc, sizeof(struct xucred));
2809 return (error);
2810}
2811
2812SYSCTL_PROC(_net_inet6_tcp6, OID_AUTO, getcred,
2813 CTLTYPE_OPAQUE | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_NEEDGIANT,
2814 0, 0, tcp6_getcred, "S,xucred",
2815 "Get the xucred of a TCP6 connection");
2816#endif /* INET6 */
2817
2818#ifdef INET
2819/* Path MTU to try next when a fragmentation-needed message is received. */
2820static inline int
2821tcp_next_pmtu(const struct icmp *icp, const struct ip *ip)
2822{
2823 int mtu = ntohs(icp->icmp_nextmtu);
2824
2825 /* If no alternative MTU was proposed, try the next smaller one. */
2826 if (!mtu)
2827 mtu = ip_next_mtu(ntohs(ip->ip_len), 1);
2828 if (mtu < V_tcp_minmss + sizeof(struct tcpiphdr))
2829 mtu = V_tcp_minmss + sizeof(struct tcpiphdr);
2830
2831 return (mtu);
2832}
2833
2834static void
2835tcp_ctlinput_with_port(int cmd, struct sockaddr *sa, void *vip, uint16_t port)
2836{
2837 struct ip *ip = vip;
2838 struct tcphdr *th;
2839 struct in_addr faddr;
2840 struct inpcb *inp;
2841 struct tcpcb *tp;
2842 struct inpcb *(*notify)(struct inpcb *, int) = tcp_notify;
2843 struct icmp *icp;
2844 struct in_conninfo inc;
2845 tcp_seq icmp_tcp_seq;
2846 int mtu;
2847
2848 faddr = ((struct sockaddr_in *)sa)->sin_addr;
2849 if (sa->sa_family != AF_INET || faddr.s_addr == INADDR_ANY)
2850 return;
2851
2852 if (cmd == PRC_MSGSIZE)
2853 notify = tcp_mtudisc_notify;
2854 else if (V_icmp_may_rst && (cmd == PRC_UNREACH_ADMIN_PROHIB ||
2855 cmd == PRC_UNREACH_PORT || cmd == PRC_UNREACH_PROTOCOL ||
2856 cmd == PRC_TIMXCEED_INTRANS) && ip)
2857 notify = tcp_drop_syn_sent;
2858
2859 /*
2860 * Hostdead is ugly because it goes linearly through all PCBs.
2861 * XXX: We never get this from ICMP, otherwise it makes an
2862 * excellent DoS attack on machines with many connections.
2863 */
2864 else if (cmd == PRC_HOSTDEAD)
2865 ip = NULL;
2866 else if ((unsigned)cmd >= PRC_NCMDS || inetctlerrmap[cmd] == 0)
2867 return;
2868
2869 if (ip == NULL) {
2870 in_pcbnotifyall(&V_tcbinfo, faddr, inetctlerrmap[cmd], notify);
2871 return;
2872 }
2873
2874 icp = (struct icmp *)((caddr_t)ip - offsetof(struct icmp, icmp_ip));
2875 th = (struct tcphdr *)((caddr_t)ip + (ip->ip_hl << 2));
2876 inp = in_pcblookup(&V_tcbinfo, faddr, th->th_dport, ip->ip_src,
2877 th->th_sport, INPLOOKUP_WLOCKPCB, NULL);
2878 if (inp != NULL && PRC_IS_REDIRECT(cmd)) {
2879 /* signal EHOSTDOWN, as it flushes the cached route */
2880 inp = (*notify)(inp, EHOSTDOWN);
2881 goto out;
2882 }
2883 icmp_tcp_seq = th->th_seq;
2884 if (inp != NULL) {
2885 if (!(inp->inp_flags & INP_TIMEWAIT) &&
2886 !(inp->inp_flags & INP_DROPPED) &&
2887 !(inp->inp_socket == NULL)) {
2888 tp = intotcpcb(inp);
2889#ifdef TCP_OFFLOAD
2890 if (tp->t_flags & TF_TOE && cmd == PRC_MSGSIZE) {
2891 /*
2892 * MTU discovery for offloaded connections. Let
2893 * the TOE driver verify seq# and process it.
2894 */
2895 mtu = tcp_next_pmtu(icp, ip);
2896 tcp_offload_pmtu_update(tp, icmp_tcp_seq, mtu);
2897 goto out;
2898 }
2899#endif
2900 if (tp->t_port != port) {
2901 goto out;
2902 }
2903 if (SEQ_GEQ(ntohl(icmp_tcp_seq), tp->snd_una) &&
2904 SEQ_LT(ntohl(icmp_tcp_seq), tp->snd_max)) {
2905 if (cmd == PRC_MSGSIZE) {
2906 /*
2907 * MTU discovery: we got a needfrag and
2908 * will potentially try a lower MTU.
2909 */
2910 mtu = tcp_next_pmtu(icp, ip);
2911
2912 /*
2913 * Only process the offered MTU if it
2914 * is smaller than the current one.
2915 */
2916 if (mtu < tp->t_maxseg +
2917 sizeof(struct tcpiphdr)) {
2918 bzero(&inc, sizeof(inc));
2919 inc.inc_faddr = faddr;
2920 inc.inc_fibnum =
2921 inp->inp_inc.inc_fibnum;
2922 tcp_hc_updatemtu(&inc, mtu);
2923 inp = tcp_mtudisc(inp, mtu);
2924 }
2925 } else
2926 inp = (*notify)(inp,
2927 inetctlerrmap[cmd]);
2928 }
2929 }
2930 } else {
2931 bzero(&inc, sizeof(inc));
2932 inc.inc_fport = th->th_dport;
2933 inc.inc_lport = th->th_sport;
2934 inc.inc_faddr = faddr;
2935 inc.inc_laddr = ip->ip_src;
2936 syncache_unreach(&inc, icmp_tcp_seq, port);
2937 }
2938out:
2939 if (inp != NULL)
2940 INP_WUNLOCK(inp);
2941}
2942
2943void
2944tcp_ctlinput(int cmd, struct sockaddr *sa, void *vip)
2945{
2946 tcp_ctlinput_with_port(cmd, sa, vip, htons(0));
2947}
2948
2949void
2950tcp_ctlinput_viaudp(int cmd, struct sockaddr *sa, void *vip, void *unused)
2951{
2952 /* Its a tunneled TCP over UDP icmp */
2953 struct ip *outer_ip, *inner_ip;
2954 struct icmp *icmp;
2955 struct udphdr *udp;
2956 struct tcphdr *th, ttemp;
2957 int i_hlen, o_len;
2958 uint16_t port;
2959
2960 inner_ip = (struct ip *)vip;
2961 icmp = (struct icmp *)((caddr_t)inner_ip -
2962 (sizeof(struct icmp) - sizeof(struct ip)));
2963 outer_ip = (struct ip *)((caddr_t)icmp - sizeof(struct ip));
2964 i_hlen = inner_ip->ip_hl << 2;
2965 o_len = ntohs(outer_ip->ip_len);
2966 if (o_len <
2967 (sizeof(struct ip) + 8 + i_hlen + sizeof(struct udphdr) + offsetof(struct tcphdr, th_ack))) {
2968 /* Not enough data present */
2969 return;
2970 }
2971 /* Ok lets strip out the inner udphdr header by copying up on top of it the tcp hdr */
2972 udp = (struct udphdr *)(((caddr_t)inner_ip) + i_hlen);
2973 if (ntohs(udp->uh_sport) != V_tcp_udp_tunneling_port) {
2974 return;
2975 }
2976 port = udp->uh_dport;
2977 th = (struct tcphdr *)(udp + 1);
2978 memcpy(&ttemp, th, sizeof(struct tcphdr));
2979 memcpy(udp, &ttemp, sizeof(struct tcphdr));
2980 /* Now adjust down the size of the outer IP header */
2981 o_len -= sizeof(struct udphdr);
2982 outer_ip->ip_len = htons(o_len);
2983 /* Now call in to the normal handling code */
2984 tcp_ctlinput_with_port(cmd, sa, vip, port);
2985}
2986#endif /* INET */
2987
2988#ifdef INET6
2989static inline int
2990tcp6_next_pmtu(const struct icmp6_hdr *icmp6)
2991{
2992 int mtu = ntohl(icmp6->icmp6_mtu);
2993
2994 /*
2995 * If no alternative MTU was proposed, or the proposed MTU was too
2996 * small, set to the min.
2997 */
2998 if (mtu < IPV6_MMTU)
2999 mtu = IPV6_MMTU - 8; /* XXXNP: what is the adjustment for? */
3000 return (mtu);
3001}
3002
3003static void
3004tcp6_ctlinput_with_port(int cmd, struct sockaddr *sa, void *d, uint16_t port)
3005{
3006 struct in6_addr *dst;
3007 struct inpcb *(*notify)(struct inpcb *, int) = tcp_notify;
3008 struct ip6_hdr *ip6;
3009 struct mbuf *m;
3010 struct inpcb *inp;
3011 struct tcpcb *tp;
3012 struct icmp6_hdr *icmp6;
3013 struct ip6ctlparam *ip6cp = NULL;
3014 const struct sockaddr_in6 *sa6_src = NULL;
3015 struct in_conninfo inc;
3016 struct tcp_ports {
3017 uint16_t th_sport;
3018 uint16_t th_dport;
3019 } t_ports;
3020 tcp_seq icmp_tcp_seq;
3021 unsigned int mtu;
3022 unsigned int off;
3023
3024 if (sa->sa_family != AF_INET6 ||
3025 sa->sa_len != sizeof(struct sockaddr_in6))
3026 return;
3027
3028 /* if the parameter is from icmp6, decode it. */
3029 if (d != NULL) {
3030 ip6cp = (struct ip6ctlparam *)d;
3031 icmp6 = ip6cp->ip6c_icmp6;
3032 m = ip6cp->ip6c_m;
3033 ip6 = ip6cp->ip6c_ip6;
3034 off = ip6cp->ip6c_off;
3035 sa6_src = ip6cp->ip6c_src;
3036 dst = ip6cp->ip6c_finaldst;
3037 } else {
3038 m = NULL;
3039 ip6 = NULL;
3040 off = 0; /* fool gcc */
3041 sa6_src = &sa6_any;
3042 dst = NULL;
3043 }
3044
3045 if (cmd == PRC_MSGSIZE)
3046 notify = tcp_mtudisc_notify;
3047 else if (V_icmp_may_rst && (cmd == PRC_UNREACH_ADMIN_PROHIB ||
3048 cmd == PRC_UNREACH_PORT || cmd == PRC_UNREACH_PROTOCOL ||
3049 cmd == PRC_TIMXCEED_INTRANS) && ip6 != NULL)
3050 notify = tcp_drop_syn_sent;
3051
3052 /*
3053 * Hostdead is ugly because it goes linearly through all PCBs.
3054 * XXX: We never get this from ICMP, otherwise it makes an
3055 * excellent DoS attack on machines with many connections.
3056 */
3057 else if (cmd == PRC_HOSTDEAD)
3058 ip6 = NULL;
3059 else if ((unsigned)cmd >= PRC_NCMDS || inet6ctlerrmap[cmd] == 0)
3060 return;
3061
3062 if (ip6 == NULL) {
3063 in6_pcbnotify(&V_tcbinfo, sa, 0,
3064 (const struct sockaddr *)sa6_src,
3065 0, cmd, NULL, notify);
3066 return;
3067 }
3068
3069 /* Check if we can safely get the ports from the tcp hdr */
3070 if (m == NULL ||
3071 (m->m_pkthdr.len <
3072 (int32_t) (off + sizeof(struct tcp_ports)))) {
3073 return;
3074 }
3075 bzero(&t_ports, sizeof(struct tcp_ports));
3076 m_copydata(m, off, sizeof(struct tcp_ports), (caddr_t)&t_ports);
3077 inp = in6_pcblookup(&V_tcbinfo, &ip6->ip6_dst, t_ports.th_dport,
3078 &ip6->ip6_src, t_ports.th_sport, INPLOOKUP_WLOCKPCB, NULL);
3079 if (inp != NULL && PRC_IS_REDIRECT(cmd)) {
3080 /* signal EHOSTDOWN, as it flushes the cached route */
3081 inp = (*notify)(inp, EHOSTDOWN);
3082 goto out;
3083 }
3084 off += sizeof(struct tcp_ports);
3085 if (m->m_pkthdr.len < (int32_t) (off + sizeof(tcp_seq))) {
3086 goto out;
3087 }
3088 m_copydata(m, off, sizeof(tcp_seq), (caddr_t)&icmp_tcp_seq);
3089 if (inp != NULL) {
3090 if (!(inp->inp_flags & INP_TIMEWAIT) &&
3091 !(inp->inp_flags & INP_DROPPED) &&
3092 !(inp->inp_socket == NULL)) {
3093 tp = intotcpcb(inp);
3094#ifdef TCP_OFFLOAD
3095 if (tp->t_flags & TF_TOE && cmd == PRC_MSGSIZE) {
3096 /* MTU discovery for offloaded connections. */
3097 mtu = tcp6_next_pmtu(icmp6);
3098 tcp_offload_pmtu_update(tp, icmp_tcp_seq, mtu);
3099 goto out;
3100 }
3101#endif
3102 if (tp->t_port != port) {
3103 goto out;
3104 }
3105 if (SEQ_GEQ(ntohl(icmp_tcp_seq), tp->snd_una) &&
3106 SEQ_LT(ntohl(icmp_tcp_seq), tp->snd_max)) {
3107 if (cmd == PRC_MSGSIZE) {
3108 /*
3109 * MTU discovery:
3110 * If we got a needfrag set the MTU
3111 * in the route to the suggested new
3112 * value (if given) and then notify.
3113 */
3114 mtu = tcp6_next_pmtu(icmp6);
3115
3116 bzero(&inc, sizeof(inc));
3117 inc.inc_fibnum = M_GETFIB(m);
3118 inc.inc_flags |= INC_ISIPV6;
3119 inc.inc6_faddr = *dst;
3120 if (in6_setscope(&inc.inc6_faddr,
3121 m->m_pkthdr.rcvif, NULL))
3122 goto out;
3123 /*
3124 * Only process the offered MTU if it
3125 * is smaller than the current one.
3126 */
3127 if (mtu < tp->t_maxseg +
3128 sizeof (struct tcphdr) +
3129 sizeof (struct ip6_hdr)) {
3130 tcp_hc_updatemtu(&inc, mtu);
3131 tcp_mtudisc(inp, mtu);
3132 ICMP6STAT_INC(icp6s_pmtuchg);
3133 }
3134 } else
3135 inp = (*notify)(inp,
3136 inet6ctlerrmap[cmd]);
3137 }
3138 }
3139 } else {
3140 bzero(&inc, sizeof(inc));
3141 inc.inc_fibnum = M_GETFIB(m);
3142 inc.inc_flags |= INC_ISIPV6;
3143 inc.inc_fport = t_ports.th_dport;
3144 inc.inc_lport = t_ports.th_sport;
3145 inc.inc6_faddr = *dst;
3146 inc.inc6_laddr = ip6->ip6_src;
3147 syncache_unreach(&inc, icmp_tcp_seq, port);
3148 }
3149out:
3150 if (inp != NULL)
3151 INP_WUNLOCK(inp);
3152}
3153
3154void
3155tcp6_ctlinput(int cmd, struct sockaddr *sa, void *d)
3156{
3157 tcp6_ctlinput_with_port(cmd, sa, d, htons(0));
3158}
3159
3160void
3161tcp6_ctlinput_viaudp(int cmd, struct sockaddr *sa, void *d, void *unused)
3162{
3163 struct ip6ctlparam *ip6cp;
3164 struct mbuf *m;
3165 struct udphdr *udp;
3166 uint16_t port;
3167
3168 ip6cp = (struct ip6ctlparam *)d;
3169 m = m_pulldown(ip6cp->ip6c_m, ip6cp->ip6c_off, sizeof(struct udphdr), NULL);
3170 if (m == NULL) {
3171 return;
3172 }
3173 udp = mtod(m, struct udphdr *);
3174 if (ntohs(udp->uh_sport) != V_tcp_udp_tunneling_port) {
3175 return;
3176 }
3177 port = udp->uh_dport;
3178 m_adj(m, sizeof(struct udphdr));
3179 if ((m->m_flags & M_PKTHDR) == 0) {
3180 ip6cp->ip6c_m->m_pkthdr.len -= sizeof(struct udphdr);
3181 }
3182 /* Now call in to the normal handling code */
3183 tcp6_ctlinput_with_port(cmd, sa, d, port);
3184}
3185
3186#endif /* INET6 */
3187
3188static uint32_t
3189tcp_keyed_hash(struct in_conninfo *inc, u_char *key, u_int len)
3190{
3191 SIPHASH_CTX ctx;
3192 uint32_t hash[2];
3193
3194 KASSERT(len >= SIPHASH_KEY_LENGTH,
3195 ("%s: keylen %u too short ", __func__, len));
3196 SipHash24_Init(&ctx);
3197 SipHash_SetKey(&ctx, (uint8_t *)key);
3198 SipHash_Update(&ctx, &inc->inc_fport, sizeof(uint16_t));
3199 SipHash_Update(&ctx, &inc->inc_lport, sizeof(uint16_t));
3200 switch (inc->inc_flags & INC_ISIPV6) {
3201#ifdef INET
3202 case 0:
3203 SipHash_Update(&ctx, &inc->inc_faddr, sizeof(struct in_addr));
3204 SipHash_Update(&ctx, &inc->inc_laddr, sizeof(struct in_addr));
3205 break;
3206#endif
3207#ifdef INET6
3208 case INC_ISIPV6:
3209 SipHash_Update(&ctx, &inc->inc6_faddr, sizeof(struct in6_addr));
3210 SipHash_Update(&ctx, &inc->inc6_laddr, sizeof(struct in6_addr));
3211 break;
3212#endif
3213 }
3214 SipHash_Final((uint8_t *)hash, &ctx);
3215
3216 return (hash[0] ^ hash[1]);
3217}
3218
3219uint32_t
3220tcp_new_ts_offset(struct in_conninfo *inc)
3221{
3222 struct in_conninfo inc_store, *local_inc;
3223
3224 if (!V_tcp_ts_offset_per_conn) {
3225 memcpy(&inc_store, inc, sizeof(struct in_conninfo));
3226 inc_store.inc_lport = 0;
3227 inc_store.inc_fport = 0;
3228 local_inc = &inc_store;
3229 } else {
3230 local_inc = inc;
3231 }
3232 return (tcp_keyed_hash(local_inc, V_ts_offset_secret,
3233 sizeof(V_ts_offset_secret)));
3234}
3235
3236/*
3237 * Following is where TCP initial sequence number generation occurs.
3238 *
3239 * There are two places where we must use initial sequence numbers:
3240 * 1. In SYN-ACK packets.
3241 * 2. In SYN packets.
3242 *
3243 * All ISNs for SYN-ACK packets are generated by the syncache. See
3244 * tcp_syncache.c for details.
3245 *
3246 * The ISNs in SYN packets must be monotonic; TIME_WAIT recycling
3247 * depends on this property. In addition, these ISNs should be
3248 * unguessable so as to prevent connection hijacking. To satisfy
3249 * the requirements of this situation, the algorithm outlined in
3250 * RFC 1948 is used, with only small modifications.
3251 *
3252 * Implementation details:
3253 *
3254 * Time is based off the system timer, and is corrected so that it
3255 * increases by one megabyte per second. This allows for proper
3256 * recycling on high speed LANs while still leaving over an hour
3257 * before rollover.
3258 *
3259 * As reading the *exact* system time is too expensive to be done
3260 * whenever setting up a TCP connection, we increment the time
3261 * offset in two ways. First, a small random positive increment
3262 * is added to isn_offset for each connection that is set up.
3263 * Second, the function tcp_isn_tick fires once per clock tick
3264 * and increments isn_offset as necessary so that sequence numbers
3265 * are incremented at approximately ISN_BYTES_PER_SECOND. The
3266 * random positive increments serve only to ensure that the same
3267 * exact sequence number is never sent out twice (as could otherwise
3268 * happen when a port is recycled in less than the system tick
3269 * interval.)
3270 *
3271 * net.inet.tcp.isn_reseed_interval controls the number of seconds
3272 * between seeding of isn_secret. This is normally set to zero,
3273 * as reseeding should not be necessary.
3274 *
3275 * Locking of the global variables isn_secret, isn_last_reseed, isn_offset,
3276 * isn_offset_old, and isn_ctx is performed using the ISN lock. In
3277 * general, this means holding an exclusive (write) lock.
3278 */
3279
3280#define ISN_BYTES_PER_SECOND 1048576
3281#define ISN_STATIC_INCREMENT 4096
3282#define ISN_RANDOM_INCREMENT (4096 - 1)
3283#define ISN_SECRET_LENGTH SIPHASH_KEY_LENGTH
3284
3285VNET_DEFINE_STATIC(u_char, isn_secret[ISN_SECRET_LENGTH]);
3286VNET_DEFINE_STATIC(int, isn_last);
3287VNET_DEFINE_STATIC(int, isn_last_reseed);
3288VNET_DEFINE_STATIC(u_int32_t, isn_offset);
3289VNET_DEFINE_STATIC(u_int32_t, isn_offset_old);
3290
3291#define V_isn_secret VNET(isn_secret)
3292#define V_isn_last VNET(isn_last)
3293#define V_isn_last_reseed VNET(isn_last_reseed)
3294#define V_isn_offset VNET(isn_offset)
3295#define V_isn_offset_old VNET(isn_offset_old)
3296
3297tcp_seq
3298tcp_new_isn(struct in_conninfo *inc)
3299{
3300 tcp_seq new_isn;
3301 u_int32_t projected_offset;
3302
3303 ISN_LOCK();
3304 /* Seed if this is the first use, reseed if requested. */
3305 if ((V_isn_last_reseed == 0) || ((V_tcp_isn_reseed_interval > 0) &&
3306 (((u_int)V_isn_last_reseed + (u_int)V_tcp_isn_reseed_interval*hz)
3307 < (u_int)ticks))) {
3308 arc4rand(&V_isn_secret, sizeof(V_isn_secret), 0);
3309 V_isn_last_reseed = ticks;
3310 }
3311
3312 /* Compute the hash and return the ISN. */
3313 new_isn = (tcp_seq)tcp_keyed_hash(inc, V_isn_secret,
3314 sizeof(V_isn_secret));
3315 V_isn_offset += ISN_STATIC_INCREMENT +
3316 (arc4random() & ISN_RANDOM_INCREMENT);
3317 if (ticks != V_isn_last) {
3318 projected_offset = V_isn_offset_old +
3319 ISN_BYTES_PER_SECOND / hz * (ticks - V_isn_last);
3320 if (SEQ_GT(projected_offset, V_isn_offset))
3321 V_isn_offset = projected_offset;
3322 V_isn_offset_old = V_isn_offset;
3323 V_isn_last = ticks;
3324 }
3325 new_isn += V_isn_offset;
3326 ISN_UNLOCK();
3327 return (new_isn);
3328}
3329
3330/*
3331 * When a specific ICMP unreachable message is received and the
3332 * connection state is SYN-SENT, drop the connection. This behavior
3333 * is controlled by the icmp_may_rst sysctl.
3334 */
3335struct inpcb *
3336tcp_drop_syn_sent(struct inpcb *inp, int errno)
3337{
3338 struct tcpcb *tp;
3339
3340 NET_EPOCH_ASSERT();
3341 INP_WLOCK_ASSERT(inp);
3342
3343 if ((inp->inp_flags & INP_TIMEWAIT) ||
3344 (inp->inp_flags & INP_DROPPED))
3345 return (inp);
3346
3347 tp = intotcpcb(inp);
3348 if (tp->t_state != TCPS_SYN_SENT)
3349 return (inp);
3350
3351 if (IS_FASTOPEN(tp->t_flags))
3352 tcp_fastopen_disable_path(tp);
3353
3354 tp = tcp_drop(tp, errno);
3355 if (tp != NULL)
3356 return (inp);
3357 else
3358 return (NULL);
3359}
3360
3361/*
3362 * When `need fragmentation' ICMP is received, update our idea of the MSS
3363 * based on the new value. Also nudge TCP to send something, since we
3364 * know the packet we just sent was dropped.
3365 * This duplicates some code in the tcp_mss() function in tcp_input.c.
3366 */
3367static struct inpcb *
3368tcp_mtudisc_notify(struct inpcb *inp, int error)
3369{
3370
3371 return (tcp_mtudisc(inp, -1));
3372}
3373
3374static struct inpcb *
3375tcp_mtudisc(struct inpcb *inp, int mtuoffer)
3376{
3377 struct tcpcb *tp;
3378 struct socket *so;
3379
3380 INP_WLOCK_ASSERT(inp);
3381 if ((inp->inp_flags & INP_TIMEWAIT) ||
3382 (inp->inp_flags & INP_DROPPED))
3383 return (inp);
3384
3385 tp = intotcpcb(inp);
3386 KASSERT(tp != NULL, ("tcp_mtudisc: tp == NULL"));
3387
3388 tcp_mss_update(tp, -1, mtuoffer, NULL, NULL);
3389
3390 so = inp->inp_socket;
3391 SOCKBUF_LOCK(&so->so_snd);
3392 /* If the mss is larger than the socket buffer, decrease the mss. */
3393 if (so->so_snd.sb_hiwat < tp->t_maxseg)
3394 tp->t_maxseg = so->so_snd.sb_hiwat;
3395 SOCKBUF_UNLOCK(&so->so_snd);
3396
3397 TCPSTAT_INC(tcps_mturesent);
3398 tp->t_rtttime = 0;
3399 tp->snd_nxt = tp->snd_una;
3400 tcp_free_sackholes(tp);
3401 tp->snd_recover = tp->snd_max;
3402 if (tp->t_flags & TF_SACK_PERMIT)
3403 EXIT_FASTRECOVERY(tp->t_flags);
3404 if (tp->t_fb->tfb_tcp_mtu_chg != NULL) {
3405 /*
3406 * Conceptually the snd_nxt setting
3407 * and freeing sack holes should
3408 * be done by the default stacks
3409 * own tfb_tcp_mtu_chg().
3410 */
3411 tp->t_fb->tfb_tcp_mtu_chg(tp);
3412 }
3413 if (tcp_output(tp) < 0)
3414 return (NULL);
3415 else
3416 return (inp);
3417}
3418
3419#ifdef INET
3420/*
3421 * Look-up the routing entry to the peer of this inpcb. If no route
3422 * is found and it cannot be allocated, then return 0. This routine
3423 * is called by TCP routines that access the rmx structure and by
3424 * tcp_mss_update to get the peer/interface MTU.
3425 */
3426uint32_t
3427tcp_maxmtu(struct in_conninfo *inc, struct tcp_ifcap *cap)
3428{
3429 struct nhop_object *nh;
3430 struct ifnet *ifp;
3431 uint32_t maxmtu = 0;
3432
3433 KASSERT(inc != NULL, ("tcp_maxmtu with NULL in_conninfo pointer"));
3434
3435 if (inc->inc_faddr.s_addr != INADDR_ANY) {
3436 nh = fib4_lookup(inc->inc_fibnum, inc->inc_faddr, 0, NHR_NONE, 0);
3437 if (nh == NULL)
3438 return (0);
3439
3440 ifp = nh->nh_ifp;
3441 maxmtu = nh->nh_mtu;
3442
3443 /* Report additional interface capabilities. */
3444 if (cap != NULL) {
3445 if (ifp->if_capenable & IFCAP_TSO4 &&
3446 ifp->if_hwassist & CSUM_TSO) {
3447 cap->ifcap |= CSUM_TSO;
3448 cap->tsomax = ifp->if_hw_tsomax;
3449 cap->tsomaxsegcount = ifp->if_hw_tsomaxsegcount;
3450 cap->tsomaxsegsize = ifp->if_hw_tsomaxsegsize;
3451 }
3452 }
3453 }
3454 return (maxmtu);
3455}
3456#endif /* INET */
3457
3458#ifdef INET6
3459uint32_t
3460tcp_maxmtu6(struct in_conninfo *inc, struct tcp_ifcap *cap)
3461{
3462 struct nhop_object *nh;
3463 struct in6_addr dst6;
3464 uint32_t scopeid;
3465 struct ifnet *ifp;
3466 uint32_t maxmtu = 0;
3467
3468 KASSERT(inc != NULL, ("tcp_maxmtu6 with NULL in_conninfo pointer"));
3469
3470 if (inc->inc_flags & INC_IPV6MINMTU)
3471 return (IPV6_MMTU);
3472
3473 if (!IN6_IS_ADDR_UNSPECIFIED(&inc->inc6_faddr)) {
3474 in6_splitscope(&inc->inc6_faddr, &dst6, &scopeid);
3475 nh = fib6_lookup(inc->inc_fibnum, &dst6, scopeid, NHR_NONE, 0);
3476 if (nh == NULL)
3477 return (0);
3478
3479 ifp = nh->nh_ifp;
3480 maxmtu = nh->nh_mtu;
3481
3482 /* Report additional interface capabilities. */
3483 if (cap != NULL) {
3484 if (ifp->if_capenable & IFCAP_TSO6 &&
3485 ifp->if_hwassist & CSUM_TSO) {
3486 cap->ifcap |= CSUM_TSO;
3487 cap->tsomax = ifp->if_hw_tsomax;
3488 cap->tsomaxsegcount = ifp->if_hw_tsomaxsegcount;
3489 cap->tsomaxsegsize = ifp->if_hw_tsomaxsegsize;
3490 }
3491 }
3492 }
3493
3494 return (maxmtu);
3495}
3496
3497/*
3498 * Handle setsockopt(IPV6_USE_MIN_MTU) by a TCP stack.
3499 *
3500 * XXXGL: we are updating inpcb here with INC_IPV6MINMTU flag.
3501 * The right place to do that is ip6_setpktopt() that has just been
3502 * executed. By the way it just filled ip6po_minmtu for us.
3503 */
3504void
3505tcp6_use_min_mtu(struct tcpcb *tp)
3506{
3507 struct inpcb *inp = tp->t_inpcb;
3508
3509 INP_WLOCK_ASSERT(inp);
3510 /*
3511 * In case of the IPV6_USE_MIN_MTU socket
3512 * option, the INC_IPV6MINMTU flag to announce
3513 * a corresponding MSS during the initial
3514 * handshake. If the TCP connection is not in
3515 * the front states, just reduce the MSS being
3516 * used. This avoids the sending of TCP
3517 * segments which will be fragmented at the
3518 * IPv6 layer.
3519 */
3520 inp->inp_inc.inc_flags |= INC_IPV6MINMTU;
3521 if ((tp->t_state >= TCPS_SYN_SENT) &&
3522 (inp->inp_inc.inc_flags & INC_ISIPV6)) {
3523 struct ip6_pktopts *opt;
3524
3525 opt = inp->in6p_outputopts;
3526 if (opt != NULL && opt->ip6po_minmtu == IP6PO_MINMTU_ALL &&
3527 tp->t_maxseg > TCP6_MSS)
3528 tp->t_maxseg = TCP6_MSS;
3529 }
3530}
3531#endif /* INET6 */
3532
3533/*
3534 * Calculate effective SMSS per RFC5681 definition for a given TCP
3535 * connection at its current state, taking into account SACK and etc.
3536 */
3537u_int
3538tcp_maxseg(const struct tcpcb *tp)
3539{
3540 u_int optlen;
3541
3542 if (tp->t_flags & TF_NOOPT)
3543 return (tp->t_maxseg);
3544
3545 /*
3546 * Here we have a simplified code from tcp_addoptions(),
3547 * without a proper loop, and having most of paddings hardcoded.
3548 * We might make mistakes with padding here in some edge cases,
3549 * but this is harmless, since result of tcp_maxseg() is used
3550 * only in cwnd and ssthresh estimations.
3551 */
3552 if (TCPS_HAVEESTABLISHED(tp->t_state)) {
3553 if (tp->t_flags & TF_RCVD_TSTMP)
3554 optlen = TCPOLEN_TSTAMP_APPA;
3555 else
3556 optlen = 0;
3557#if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
3558 if (tp->t_flags & TF_SIGNATURE)
3559 optlen += PADTCPOLEN(TCPOLEN_SIGNATURE);
3560#endif
3561 if ((tp->t_flags & TF_SACK_PERMIT) && tp->rcv_numsacks > 0) {
3562 optlen += TCPOLEN_SACKHDR;
3563 optlen += tp->rcv_numsacks * TCPOLEN_SACK;
3564 optlen = PADTCPOLEN(optlen);
3565 }
3566 } else {
3567 if (tp->t_flags & TF_REQ_TSTMP)
3568 optlen = TCPOLEN_TSTAMP_APPA;
3569 else
3570 optlen = PADTCPOLEN(TCPOLEN_MAXSEG);
3571 if (tp->t_flags & TF_REQ_SCALE)
3572 optlen += PADTCPOLEN(TCPOLEN_WINDOW);
3573#if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
3574 if (tp->t_flags & TF_SIGNATURE)
3575 optlen += PADTCPOLEN(TCPOLEN_SIGNATURE);
3576#endif
3577 if (tp->t_flags & TF_SACK_PERMIT)
3578 optlen += PADTCPOLEN(TCPOLEN_SACK_PERMITTED);
3579 }
3580#undef PAD
3581 optlen = min(optlen, TCP_MAXOLEN);
3582 return (tp->t_maxseg - optlen);
3583}
3584
3585
3586u_int
3587tcp_fixed_maxseg(const struct tcpcb *tp)
3588{
3589 int optlen;
3590
3591 if (tp->t_flags & TF_NOOPT)
3592 return (tp->t_maxseg);
3593
3594 /*
3595 * Here we have a simplified code from tcp_addoptions(),
3596 * without a proper loop, and having most of paddings hardcoded.
3597 * We only consider fixed options that we would send every
3598 * time I.e. SACK is not considered. This is important
3599 * for cc modules to figure out what the modulo of the
3600 * cwnd should be.
3601 */
3602#define PAD(len) ((((len) / 4) + !!((len) % 4)) * 4)
3603 if (TCPS_HAVEESTABLISHED(tp->t_state)) {
3604 if (tp->t_flags & TF_RCVD_TSTMP)
3605 optlen = TCPOLEN_TSTAMP_APPA;
3606 else
3607 optlen = 0;
3608#if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
3609 if (tp->t_flags & TF_SIGNATURE)
3610 optlen += PAD(TCPOLEN_SIGNATURE);
3611#endif
3612 } else {
3613 if (tp->t_flags & TF_REQ_TSTMP)
3614 optlen = TCPOLEN_TSTAMP_APPA;
3615 else
3616 optlen = PAD(TCPOLEN_MAXSEG);
3617 if (tp->t_flags & TF_REQ_SCALE)
3618 optlen += PAD(TCPOLEN_WINDOW);
3619#if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
3620 if (tp->t_flags & TF_SIGNATURE)
3621 optlen += PAD(TCPOLEN_SIGNATURE);
3622#endif
3623 if (tp->t_flags & TF_SACK_PERMIT)
3624 optlen += PAD(TCPOLEN_SACK_PERMITTED);
3625 }
3626#undef PAD
3627 optlen = min(optlen, TCP_MAXOLEN);
3628 return (tp->t_maxseg - optlen);
3629}
3630
3631
3632
3633static int
3634sysctl_drop(SYSCTL_HANDLER_ARGS)
3635{
3636 /* addrs[0] is a foreign socket, addrs[1] is a local one. */
3637 struct sockaddr_storage addrs[2];
3638 struct inpcb *inp;
3639 struct tcpcb *tp;
3640 struct tcptw *tw;
3641 struct sockaddr_in *fin, *lin;
3642 struct epoch_tracker et;
3643#ifdef INET6
3644 struct sockaddr_in6 *fin6, *lin6;
3645#endif
3646 int error;
3647
3648 inp = NULL;
3649 fin = lin = NULL;
3650#ifdef INET6
3651 fin6 = lin6 = NULL;
3652#endif
3653 error = 0;
3654
3655 if (req->oldptr != NULL || req->oldlen != 0)
3656 return (EINVAL);
3657 if (req->newptr == NULL)
3658 return (EPERM);
3659 if (req->newlen < sizeof(addrs))
3660 return (ENOMEM);
3661 error = SYSCTL_IN(req, &addrs, sizeof(addrs));
3662 if (error)
3663 return (error);
3664
3665 switch (addrs[0].ss_family) {
3666#ifdef INET6
3667 case AF_INET6:
3668 fin6 = (struct sockaddr_in6 *)&addrs[0];
3669 lin6 = (struct sockaddr_in6 *)&addrs[1];
3670 if (fin6->sin6_len != sizeof(struct sockaddr_in6) ||
3671 lin6->sin6_len != sizeof(struct sockaddr_in6))
3672 return (EINVAL);
3673 if (IN6_IS_ADDR_V4MAPPED(&fin6->sin6_addr)) {
3674 if (!IN6_IS_ADDR_V4MAPPED(&lin6->sin6_addr))
3675 return (EINVAL);
3676 in6_sin6_2_sin_in_sock((struct sockaddr *)&addrs[0]);
3677 in6_sin6_2_sin_in_sock((struct sockaddr *)&addrs[1]);
3678 fin = (struct sockaddr_in *)&addrs[0];
3679 lin = (struct sockaddr_in *)&addrs[1];
3680 break;
3681 }
3682 error = sa6_embedscope(fin6, V_ip6_use_defzone);
3683 if (error)
3684 return (error);
3685 error = sa6_embedscope(lin6, V_ip6_use_defzone);
3686 if (error)
3687 return (error);
3688 break;
3689#endif
3690#ifdef INET
3691 case AF_INET:
3692 fin = (struct sockaddr_in *)&addrs[0];
3693 lin = (struct sockaddr_in *)&addrs[1];
3694 if (fin->sin_len != sizeof(struct sockaddr_in) ||
3695 lin->sin_len != sizeof(struct sockaddr_in))
3696 return (EINVAL);
3697 break;
3698#endif
3699 default:
3700 return (EINVAL);
3701 }
3702 NET_EPOCH_ENTER(et);
3703 switch (addrs[0].ss_family) {
3704#ifdef INET6
3705 case AF_INET6:
3706 inp = in6_pcblookup(&V_tcbinfo, &fin6->sin6_addr,
3707 fin6->sin6_port, &lin6->sin6_addr, lin6->sin6_port,
3708 INPLOOKUP_WLOCKPCB, NULL);
3709 break;
3710#endif
3711#ifdef INET
3712 case AF_INET:
3713 inp = in_pcblookup(&V_tcbinfo, fin->sin_addr, fin->sin_port,
3714 lin->sin_addr, lin->sin_port, INPLOOKUP_WLOCKPCB, NULL);
3715 break;
3716#endif
3717 }
3718 if (inp != NULL) {
3719 if (inp->inp_flags & INP_TIMEWAIT) {
3720 /*
3721 * XXXRW: There currently exists a state where an
3722 * inpcb is present, but its timewait state has been
3723 * discarded. For now, don't allow dropping of this
3724 * type of inpcb.
3725 */
3726 tw = intotw(inp);
3727 if (tw != NULL)
3728 tcp_twclose(tw, 0);
3729 else
3730 INP_WUNLOCK(inp);
3731 } else if ((inp->inp_flags & INP_DROPPED) == 0 &&
3732 !SOLISTENING(inp->inp_socket)) {
3733 tp = intotcpcb(inp);
3734 tp = tcp_drop(tp, ECONNABORTED);
3735 if (tp != NULL)
3736 INP_WUNLOCK(inp);
3737 } else
3738 INP_WUNLOCK(inp);
3739 } else
3740 error = ESRCH;
3741 NET_EPOCH_EXIT(et);
3742 return (error);
3743}
3744
3745SYSCTL_PROC(_net_inet_tcp, TCPCTL_DROP, drop,
3746 CTLFLAG_VNET | CTLTYPE_STRUCT | CTLFLAG_WR | CTLFLAG_SKIP |
3747 CTLFLAG_NEEDGIANT, NULL, 0, sysctl_drop, "",
3748 "Drop TCP connection");
3749
3750static int
3751tcp_sysctl_setsockopt(SYSCTL_HANDLER_ARGS)
3752{
3753 return (sysctl_setsockopt(oidp, arg1, arg2, req, &V_tcbinfo,
3754 &tcp_ctloutput_set));
3755}
3756
3757SYSCTL_PROC(_net_inet_tcp, OID_AUTO, setsockopt,
3758 CTLFLAG_VNET | CTLTYPE_STRUCT | CTLFLAG_WR | CTLFLAG_SKIP |
3759 CTLFLAG_MPSAFE, NULL, 0, tcp_sysctl_setsockopt, "",
3760 "Set socket option for TCP endpoint");
3761
3762#ifdef KERN_TLS
3763static int
3764sysctl_switch_tls(SYSCTL_HANDLER_ARGS)
3765{
3766 /* addrs[0] is a foreign socket, addrs[1] is a local one. */
3767 struct sockaddr_storage addrs[2];
3768 struct inpcb *inp;
3769 struct sockaddr_in *fin, *lin;
3770 struct epoch_tracker et;
3771#ifdef INET6
3772 struct sockaddr_in6 *fin6, *lin6;
3773#endif
3774 int error;
3775
3776 inp = NULL;
3777 fin = lin = NULL;
3778#ifdef INET6
3779 fin6 = lin6 = NULL;
3780#endif
3781 error = 0;
3782
3783 if (req->oldptr != NULL || req->oldlen != 0)
3784 return (EINVAL);
3785 if (req->newptr == NULL)
3786 return (EPERM);
3787 if (req->newlen < sizeof(addrs))
3788 return (ENOMEM);
3789 error = SYSCTL_IN(req, &addrs, sizeof(addrs));
3790 if (error)
3791 return (error);
3792
3793 switch (addrs[0].ss_family) {
3794#ifdef INET6
3795 case AF_INET6:
3796 fin6 = (struct sockaddr_in6 *)&addrs[0];
3797 lin6 = (struct sockaddr_in6 *)&addrs[1];
3798 if (fin6->sin6_len != sizeof(struct sockaddr_in6) ||
3799 lin6->sin6_len != sizeof(struct sockaddr_in6))
3800 return (EINVAL);
3801 if (IN6_IS_ADDR_V4MAPPED(&fin6->sin6_addr)) {
3802 if (!IN6_IS_ADDR_V4MAPPED(&lin6->sin6_addr))
3803 return (EINVAL);
3804 in6_sin6_2_sin_in_sock((struct sockaddr *)&addrs[0]);
3805 in6_sin6_2_sin_in_sock((struct sockaddr *)&addrs[1]);
3806 fin = (struct sockaddr_in *)&addrs[0];
3807 lin = (struct sockaddr_in *)&addrs[1];
3808 break;
3809 }
3810 error = sa6_embedscope(fin6, V_ip6_use_defzone);
3811 if (error)
3812 return (error);
3813 error = sa6_embedscope(lin6, V_ip6_use_defzone);
3814 if (error)
3815 return (error);
3816 break;
3817#endif
3818#ifdef INET
3819 case AF_INET:
3820 fin = (struct sockaddr_in *)&addrs[0];
3821 lin = (struct sockaddr_in *)&addrs[1];
3822 if (fin->sin_len != sizeof(struct sockaddr_in) ||
3823 lin->sin_len != sizeof(struct sockaddr_in))
3824 return (EINVAL);
3825 break;
3826#endif
3827 default:
3828 return (EINVAL);
3829 }
3830 NET_EPOCH_ENTER(et);
3831 switch (addrs[0].ss_family) {
3832#ifdef INET6
3833 case AF_INET6:
3834 inp = in6_pcblookup(&V_tcbinfo, &fin6->sin6_addr,
3835 fin6->sin6_port, &lin6->sin6_addr, lin6->sin6_port,
3836 INPLOOKUP_WLOCKPCB, NULL);
3837 break;
3838#endif
3839#ifdef INET
3840 case AF_INET:
3841 inp = in_pcblookup(&V_tcbinfo, fin->sin_addr, fin->sin_port,
3842 lin->sin_addr, lin->sin_port, INPLOOKUP_WLOCKPCB, NULL);
3843 break;
3844#endif
3845 }
3846 NET_EPOCH_EXIT(et);
3847 if (inp != NULL) {
3848 if ((inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) != 0 ||
3849 inp->inp_socket == NULL) {
3850 error = ECONNRESET;
3851 INP_WUNLOCK(inp);
3852 } else {
3853 struct socket *so;
3854
3855 so = inp->inp_socket;
3856 soref(so);
3857 error = ktls_set_tx_mode(so,
3858 arg2 == 0 ? TCP_TLS_MODE_SW : TCP_TLS_MODE_IFNET);
3859 INP_WUNLOCK(inp);
3860 sorele(so);
3861 }
3862 } else
3863 error = ESRCH;
3864 return (error);
3865}
3866
3867SYSCTL_PROC(_net_inet_tcp, OID_AUTO, switch_to_sw_tls,
3868 CTLFLAG_VNET | CTLTYPE_STRUCT | CTLFLAG_WR | CTLFLAG_SKIP |
3869 CTLFLAG_NEEDGIANT, NULL, 0, sysctl_switch_tls, "",
3870 "Switch TCP connection to SW TLS");
3871SYSCTL_PROC(_net_inet_tcp, OID_AUTO, switch_to_ifnet_tls,
3872 CTLFLAG_VNET | CTLTYPE_STRUCT | CTLFLAG_WR | CTLFLAG_SKIP |
3873 CTLFLAG_NEEDGIANT, NULL, 1, sysctl_switch_tls, "",
3874 "Switch TCP connection to ifnet TLS");
3875#endif
3876
3877/*
3878 * Generate a standardized TCP log line for use throughout the
3879 * tcp subsystem. Memory allocation is done with M_NOWAIT to
3880 * allow use in the interrupt context.
3881 *
3882 * NB: The caller MUST free(s, M_TCPLOG) the returned string.
3883 * NB: The function may return NULL if memory allocation failed.
3884 *
3885 * Due to header inclusion and ordering limitations the struct ip
3886 * and ip6_hdr pointers have to be passed as void pointers.
3887 */
3888char *
3889tcp_log_vain(struct in_conninfo *inc, struct tcphdr *th, void *ip4hdr,
3890 const void *ip6hdr)
3891{
3892
3893 /* Is logging enabled? */
3894 if (V_tcp_log_in_vain == 0)
3895 return (NULL);
3896
3897 return (tcp_log_addr(inc, th, ip4hdr, ip6hdr));
3898}
3899
3900char *
3901tcp_log_addrs(struct in_conninfo *inc, struct tcphdr *th, void *ip4hdr,
3902 const void *ip6hdr)
3903{
3904
3905 /* Is logging enabled? */
3906 if (tcp_log_debug == 0)
3907 return (NULL);
3908
3909 return (tcp_log_addr(inc, th, ip4hdr, ip6hdr));
3910}
3911
3912static char *
3913tcp_log_addr(struct in_conninfo *inc, struct tcphdr *th, void *ip4hdr,
3914 const void *ip6hdr)
3915{
3916 char *s, *sp;
3917 size_t size;
3918 struct ip *ip;
3919#ifdef INET6
3920 const struct ip6_hdr *ip6;
3921
3922 ip6 = (const struct ip6_hdr *)ip6hdr;
3923#endif /* INET6 */
3924 ip = (struct ip *)ip4hdr;
3925
3926 /*
3927 * The log line looks like this:
3928 * "TCP: [1.2.3.4]:50332 to [1.2.3.4]:80 tcpflags 0x2<SYN>"
3929 */
3930 size = sizeof("TCP: []:12345 to []:12345 tcpflags 0x2<>") +
3931 sizeof(PRINT_TH_FLAGS) + 1 +
3932#ifdef INET6
3933 2 * INET6_ADDRSTRLEN;
3934#else
3935 2 * INET_ADDRSTRLEN;
3936#endif /* INET6 */
3937
3938 s = malloc(size, M_TCPLOG, M_ZERO|M_NOWAIT);
3939 if (s == NULL)
3940 return (NULL);
3941
3942 strcat(s, "TCP: [");
3943 sp = s + strlen(s);
3944
3945 if (inc && ((inc->inc_flags & INC_ISIPV6) == 0)) {
3946 inet_ntoa_r(inc->inc_faddr, sp);
3947 sp = s + strlen(s);
3948 sprintf(sp, "]:%i to [", ntohs(inc->inc_fport));
3949 sp = s + strlen(s);
3950 inet_ntoa_r(inc->inc_laddr, sp);
3951 sp = s + strlen(s);
3952 sprintf(sp, "]:%i", ntohs(inc->inc_lport));
3953#ifdef INET6
3954 } else if (inc) {
3955 ip6_sprintf(sp, &inc->inc6_faddr);
3956 sp = s + strlen(s);
3957 sprintf(sp, "]:%i to [", ntohs(inc->inc_fport));
3958 sp = s + strlen(s);
3959 ip6_sprintf(sp, &inc->inc6_laddr);
3960 sp = s + strlen(s);
3961 sprintf(sp, "]:%i", ntohs(inc->inc_lport));
3962 } else if (ip6 && th) {
3963 ip6_sprintf(sp, &ip6->ip6_src);
3964 sp = s + strlen(s);
3965 sprintf(sp, "]:%i to [", ntohs(th->th_sport));
3966 sp = s + strlen(s);
3967 ip6_sprintf(sp, &ip6->ip6_dst);
3968 sp = s + strlen(s);
3969 sprintf(sp, "]:%i", ntohs(th->th_dport));
3970#endif /* INET6 */
3971#ifdef INET
3972 } else if (ip && th) {
3973 inet_ntoa_r(ip->ip_src, sp);
3974 sp = s + strlen(s);
3975 sprintf(sp, "]:%i to [", ntohs(th->th_sport));
3976 sp = s + strlen(s);
3977 inet_ntoa_r(ip->ip_dst, sp);
3978 sp = s + strlen(s);
3979 sprintf(sp, "]:%i", ntohs(th->th_dport));
3980#endif /* INET */
3981 } else {
3982 free(s, M_TCPLOG);
3983 return (NULL);
3984 }
3985 sp = s + strlen(s);
3986 if (th)
3987 sprintf(sp, " tcpflags 0x%b", tcp_get_flags(th), PRINT_TH_FLAGS);
3988 if (*(s + size - 1) != '\0')
3989 panic("%s: string too long", __func__);
3990 return (s);
3991}
3992
3993/*
3994 * A subroutine which makes it easy to track TCP state changes with DTrace.
3995 * This function shouldn't be called for t_state initializations that don't
3996 * correspond to actual TCP state transitions.
3997 */
3998void
3999tcp_state_change(struct tcpcb *tp, int newstate)
4000{
4001#if defined(KDTRACE_HOOKS)
4002 int pstate = tp->t_state;
4003#endif
4004
4005 TCPSTATES_DEC(tp->t_state);
4006 TCPSTATES_INC(newstate);
4007 tp->t_state = newstate;
4008 TCP_PROBE6(state__change, NULL, tp, NULL, tp, NULL, pstate);
4009}
4010
4011/*
4012 * Create an external-format (``xtcpcb'') structure using the information in
4013 * the kernel-format tcpcb structure pointed to by tp. This is done to
4014 * reduce the spew of irrelevant information over this interface, to isolate
4015 * user code from changes in the kernel structure, and potentially to provide
4016 * information-hiding if we decide that some of this information should be
4017 * hidden from users.
4018 */
4019void
4020tcp_inptoxtp(const struct inpcb *inp, struct xtcpcb *xt)
4021{
4022 struct tcpcb *tp = intotcpcb(inp);
4023 struct tcptw *tw = intotw(inp);
4024 sbintime_t now;
4025
4026 bzero(xt, sizeof(*xt));
4027 if (inp->inp_flags & INP_TIMEWAIT) {
4028 xt->t_state = TCPS_TIME_WAIT;
4029 xt->xt_encaps_port = tw->t_port;
4030 } else {
4031 xt->t_state = tp->t_state;
4032 xt->t_logstate = tp->t_logstate;
4033 xt->t_flags = tp->t_flags;
4034 xt->t_sndzerowin = tp->t_sndzerowin;
4035 xt->t_sndrexmitpack = tp->t_sndrexmitpack;
4036 xt->t_rcvoopack = tp->t_rcvoopack;
4037 xt->t_rcv_wnd = tp->rcv_wnd;
4038 xt->t_snd_wnd = tp->snd_wnd;
4039 xt->t_snd_cwnd = tp->snd_cwnd;
4040 xt->t_snd_ssthresh = tp->snd_ssthresh;
4041 xt->t_dsack_bytes = tp->t_dsack_bytes;
4042 xt->t_dsack_tlp_bytes = tp->t_dsack_tlp_bytes;
4043 xt->t_dsack_pack = tp->t_dsack_pack;
4044 xt->t_maxseg = tp->t_maxseg;
4045 xt->xt_ecn = (tp->t_flags2 & TF2_ECN_PERMIT) ? 1 : 0 +
4046 (tp->t_flags2 & TF2_ACE_PERMIT) ? 2 : 0;
4047
4048 now = getsbinuptime();
4049#define COPYTIMER(ttt) do { \
4050 if (callout_active(&tp->t_timers->ttt)) \
4051 xt->ttt = (tp->t_timers->ttt.c_time - now) / \
4052 SBT_1MS; \
4053 else \
4054 xt->ttt = 0; \
4055} while (0)
4056 COPYTIMER(tt_delack);
4057 COPYTIMER(tt_rexmt);
4058 COPYTIMER(tt_persist);
4059 COPYTIMER(tt_keep);
4060 COPYTIMER(tt_2msl);
4061#undef COPYTIMER
4062 xt->t_rcvtime = 1000 * (ticks - tp->t_rcvtime) / hz;
4063
4064 xt->xt_encaps_port = tp->t_port;
4065 bcopy(tp->t_fb->tfb_tcp_block_name, xt->xt_stack,
4066 TCP_FUNCTION_NAME_LEN_MAX);
4067 bcopy(CC_ALGO(tp)->name, xt->xt_cc,
4068 TCP_CA_NAME_MAX);
4069#ifdef TCP_BLACKBOX
4070 (void)tcp_log_get_id(tp, xt->xt_logid);
4071#endif
4072 }
4073
4074 xt->xt_len = sizeof(struct xtcpcb);
4075 in_pcbtoxinpcb(inp, &xt->xt_inp);
4076 if (inp->inp_socket == NULL)
4077 xt->xt_inp.xi_socket.xso_protocol = IPPROTO_TCP;
4078}
4079
4080void
4081tcp_log_end_status(struct tcpcb *tp, uint8_t status)
4082{
4083 uint32_t bit, i;
4084
4085 if ((tp == NULL) ||
4086 (status > TCP_EI_STATUS_MAX_VALUE) ||
4087 (status == 0)) {
4088 /* Invalid */
4089 return;
4090 }
4091 if (status > (sizeof(uint32_t) * 8)) {
4092 /* Should this be a KASSERT? */
4093 return;
4094 }
4095 bit = 1U << (status - 1);
4096 if (bit & tp->t_end_info_status) {
4097 /* already logged */
4098 return;
4099 }
4100 for (i = 0; i < TCP_END_BYTE_INFO; i++) {
4101 if (tp->t_end_info_bytes[i] == TCP_EI_EMPTY_SLOT) {
4102 tp->t_end_info_bytes[i] = status;
4103 tp->t_end_info_status |= bit;
4104 break;
4105 }
4106 }
4107}
4108
4109int
4110tcp_can_enable_pacing(void)
4111{
4112
4113 if ((tcp_pacing_limit == -1) ||
4114 (tcp_pacing_limit > number_of_tcp_connections_pacing)) {
4115 atomic_fetchadd_int(&number_of_tcp_connections_pacing, 1);
4116 shadow_num_connections = number_of_tcp_connections_pacing;
4117 return (1);
4118 } else {
4119 return (0);
4120 }
4121}
4122
4123static uint8_t tcp_pacing_warning = 0;
4124
4125void
4126tcp_decrement_paced_conn(void)
4127{
4128 uint32_t ret;
4129
4130 ret = atomic_fetchadd_int(&number_of_tcp_connections_pacing, -1);
4131 shadow_num_connections = number_of_tcp_connections_pacing;
4132 KASSERT(ret != 0, ("tcp_paced_connection_exits -1 would cause wrap?"));
4133 if (ret == 0) {
4134 if (tcp_pacing_limit != -1) {
4135 printf("Warning all pacing is now disabled, count decrements invalidly!\n");
4136 tcp_pacing_limit = 0;
4137 } else if (tcp_pacing_warning == 0) {
4138 printf("Warning pacing count is invalid, invalid decrement\n");
4139 tcp_pacing_warning = 1;
4140 }
4141 }
4142}
SYSCTL_NODE
static SYSCTL_NODE(_net_inet_accf, OID_AUTO, http, CTLFLAG_RW|CTLFLAG_MPSAFE, 0, "HTTP accept filter")
cc_attach
void cc_attach(struct tcpcb *tp, struct cc_algo *algo)
Definition: cc.c:126
cc_detach
void cc_detach(struct tcpcb *tp)
Definition: cc.c:138
CC_DEFAULT_ALGO
#define CC_DEFAULT_ALGO()
Definition: cc.h:216
CC_DATA
#define CC_DATA(tp)
Definition: cc.h:213
CC_ALGO
#define CC_ALGO(tp)
Definition: cc.h:210
ICMP6STAT_INC
#define ICMP6STAT_INC(name)
Definition: icmp6.h:655
uint32_t
__uint32_t uint32_t
Definition: in.h:62
uint16_t
__uint16_t uint16_t
Definition: in.h:57
uint8_t
__uint8_t uint8_t
Definition: in.h:52
inet_ntoa_r
char * inet_ntoa_r(struct in_addr ina, char *buf)
INADDR_ANY
#define INADDR_ANY
Definition: in.h:48
IPPROTO_TCP
#define IPPROTO_TCP
Definition: in.h:45
IPPROTO_UDP
#define IPPROTO_UDP
Definition: in.h:46
in_pseudo
u_short in_pseudo(u_int32_t a, u_int32_t b, u_int32_t c)
Definition: in_cksum.c:197
in_fib.h
fib4_lookup
struct nhop_object * fib4_lookup(uint32_t fibnum, struct in_addr dst, uint32_t scopeid, uint32_t flags, uint32_t flowid)
in_kdtrace.h
TCP_PROBE5
#define TCP_PROBE5(probe, arg0, arg1, arg2, arg3, arg4)
Definition: in_kdtrace.h:47
TCP_PROBE6
#define TCP_PROBE6(probe, arg0, arg1, arg2, arg3, arg4, arg5)
Definition: in_kdtrace.h:49
TCP_PROBE3
#define TCP_PROBE3(probe, arg0, arg1, arg2)
Definition: in_kdtrace.h:43
inp_next
struct inpcb * inp_next(struct inpcb_iterator *ii)
Definition: in_pcb.c:1655
in_pcbinfo_destroy
void in_pcbinfo_destroy(struct inpcbinfo *pcbinfo)
Definition: in_pcb.c:552
in_pcbtoxinpcb
void in_pcbtoxinpcb(const struct inpcb *inp, struct xinpcb *xi)
Definition: in_pcb.c:2777
in_pcbdrop
void in_pcbdrop(struct inpcb *inp)
Definition: in_pcb.c:1928
in_pcbref
void in_pcbref(struct inpcb *inp)
Definition: in_pcb.c:1762
in_pcbrele_wlocked
bool in_pcbrele_wlocked(struct inpcb *inp)
Definition: in_pcb.c:1792
in_pcbinfo_init
void in_pcbinfo_init(struct inpcbinfo *pcbinfo, struct inpcbstorage *pcbstor, u_int hash_nelements, u_int porthash_nelements)
Definition: in_pcb.c:524
sysctl_setsockopt
int sysctl_setsockopt(SYSCTL_HANDLER_ARGS, struct inpcbinfo *pcbinfo, int(*ctloutput_set)(struct inpcb *, struct sockopt *))
Definition: in_pcb.c:2803
in_pcb.h
INP_LOCK_ASSERT
#define INP_LOCK_ASSERT(inp)
Definition: in_pcb.h:527
INC_IPV6MINMTU
#define INC_IPV6MINMTU
Definition: in_pcb.h:125
INC_ISIPV6
#define INC_ISIPV6
Definition: in_pcb.h:124
in_pcblookup
struct inpcb * in_pcblookup(struct inpcbinfo *, struct in_addr, u_int, struct in_addr, u_int, int, struct ifnet *)
INP_RUNLOCK
#define INP_RUNLOCK(inp)
Definition: in_pcb.h:521
INP_ALL_ITERATOR
#define INP_ALL_ITERATOR(_ipi, _lock)
Definition: in_pcb.h:795
INP_WLOCK_ASSERT
#define INP_WLOCK_ASSERT(inp)
Definition: in_pcb.h:529
INP_INFO_WUNLOCK
#define INP_INFO_WUNLOCK(ipi)
Definition: in_pcb.h:565
INP_TIMEWAIT
#define INP_TIMEWAIT
Definition: in_pcb.h:644
INP_WLOCKED
#define INP_WLOCKED(inp)
Definition: in_pcb.h:526
INP_DROPPED
#define INP_DROPPED
Definition: in_pcb.h:646
INP_WUNLOCK
#define INP_WUNLOCK(inp)
Definition: in_pcb.h:522
INP_INFO_WLOCK
#define INP_INFO_WLOCK(ipi)
Definition: in_pcb.h:563
INPLOOKUP_RLOCKPCB
@ INPLOOKUP_RLOCKPCB
Definition: in_pcb.h:693
INPLOOKUP_WLOCKPCB
@ INPLOOKUP_WLOCKPCB
Definition: in_pcb.h:694
INP_IPV6
#define INP_IPV6
Definition: in_pcb.h:614
in_pcbnotifyall
void in_pcbnotifyall(struct inpcbinfo *pcbinfo, struct in_addr, int, struct inpcb *(*)(struct inpcb *, int))
INP_SOCKREF
#define INP_SOCKREF
Definition: in_pcb.h:647
cr_canseeinpcb
int cr_canseeinpcb(struct ucred *cred, struct inpcb *inp)
Definition: in_prot.c:59
in_systm.h
in_var.h
inetctlerrmap
u_char inetctlerrmap[]
Definition: ip_input.c:935
IPV6_FLOWINFO_MASK
#define IPV6_FLOWINFO_MASK
Definition: ip6.h:99
IPV6_MMTU
#define IPV6_MMTU
Definition: ip6.h:260
IPV6_VERSION_MASK
#define IPV6_VERSION_MASK
Definition: ip6.h:96
IPV6_VERSION
#define IPV6_VERSION
Definition: ip6.h:95
IPVERSION
#define IPVERSION
Definition: ip.h:46
IP_DF
#define IP_DF
Definition: ip.h:13
VNET_SYSUNINIT
VNET_SYSUNINIT(divert, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, div_destroy, NULL)
ip_icmp.h
ip_next_mtu
int ip_next_mtu(int, int)
icmp_ip
#define icmp_ip
Definition: ip_icmp.h:121
ip_output
int ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags, struct ip_moptions *imo, struct inpcb *inp)
Definition: ip_output.c:320
ip_var.h
V_ip_defttl
#define V_ip_defttl
Definition: ip_var.h:202
cc_var
Definition: cc.h:93
cc_var::ccvc
union cc_var::ccv_container ccvc
cc_var::type
int type
Definition: cc.h:98
hc_metrics_lite
Definition: tcp_var.h:604
icmp6_hdr
Definition: icmp6.h:71
icmp
Definition: ip_icmp.h:65
in_addr
Definition: in.h:83
in_addr::s_addr
in_addr_t s_addr
Definition: in.h:84
in_conninfo
Definition: in_pcb.h:113
in_conninfo::inc_flags
u_int8_t inc_flags
Definition: in_pcb.h:114
in_conninfo::inc_fibnum
u_int16_t inc_fibnum
Definition: in_pcb.h:116
inpcb_iterator
Definition: in_pcb.h:776
inpcb
Definition: in_pcb.h:217
inpcb::inp_socket
struct socket * inp_socket
Definition: in_pcb.h:254
inpcb::in6p_outputopts
struct ip6_pktopts * in6p_outputopts
Definition: in_pcb.h:286
inpcb::inp_gencnt
inp_gen_t inp_gencnt
Definition: in_pcb.h:297
inpcb::inp_route
struct route inp_route
Definition: in_pcb.h:301
inpcb::inp_cred
struct ucred * inp_cred
Definition: in_pcb.h:258
inpcb::inp_in_hpts
uint32_t inp_in_hpts
Definition: in_pcb.h:241
inpcb::inp_flags
int inp_flags
Definition: in_pcb.h:246
inpcb::inp_vflag
u_char inp_vflag
Definition: in_pcb.h:260
inpcb::inp_flow
u_int32_t inp_flow
Definition: in_pcb.h:259
inpcb::inp_ip_ttl
u_char inp_ip_ttl
Definition: in_pcb.h:261
inpcb::inp_ppcb
void * inp_ppcb
Definition: in_pcb.h:253
inpcb::inp_ip_tos
u_char inp_ip_tos
Definition: in_pcb.h:278
inpcb::inp_inc
struct in_conninfo inp_inc
Definition: in_pcb.h:270
ip6_hdr
Definition: ip6.h:74
ip6_hdr::ip6_dst
struct in6_addr ip6_dst
Definition: ip6.h:85
ip6_hdr::ip6_src
struct in6_addr ip6_src
Definition: ip6.h:84
ip
Definition: ip.h:51
ip::ip_p
u_char ip_p
Definition: ip.h:69
ip::ip_id
u_short ip_id
Definition: ip.h:62
ip::ip_dst
struct in_addr ip_src ip_dst
Definition: ip.h:71
ip::ip_tos
u_char ip_tos
Definition: ip.h:60
ip::ip_hl
u_char ip_hl
Definition: ip.h:53
ip::ip_sum
u_short ip_sum
Definition: ip.h:70
ip::ip_len
u_short ip_len
Definition: ip.h:61
ip::ip_v
u_char ip_v
Definition: ip.h:54
ip::ip_ttl
u_char ip_ttl
Definition: ip.h:68
ip::ip_off
u_short ip_off
Definition: ip.h:63
sackhint::recover_fs
uint32_t recover_fs
Definition: tcp_var.h:118
sockaddr_in
Definition: in.h:97
sockaddr_in::sin_addr
struct in_addr sin_addr
Definition: in.h:101
sockaddr_in::sin_len
uint8_t sin_len
Definition: in.h:98
sockaddr_in::sin_family
sa_family_t sin_family
Definition: in.h:99
sockaddr_in::sin_port
in_port_t sin_port
Definition: in.h:100
tcp_function_block
Definition: tcp_var.h:347
tcp_function_block::tfb_tcp_output
int(* tfb_tcp_output)(struct tcpcb *)
Definition: tcp_var.h:349
tcp_function_block::tfb_id
uint8_t tfb_id
Definition: tcp_var.h:380
tcp_function_block::tfb_tcp_block_name
char tfb_tcp_block_name[TCP_FUNCTION_NAME_LEN_MAX]
Definition: tcp_var.h:348
tcp_function_block::tfb_tcp_ctloutput
int(* tfb_tcp_ctloutput)(struct inpcb *inp, struct sockopt *sopt)
Definition: tcp_var.h:363
tcp_function_block::tfb_flags
uint32_t tfb_flags
Definition: tcp_var.h:379
tcp_function_block::tfb_tcp_timer_stop
void(* tfb_tcp_timer_stop)(struct tcpcb *, uint32_t)
Definition: tcp_var.h:372
tcp_function_block::tfb_tcp_timer_active
int(* tfb_tcp_timer_active)(struct tcpcb *, uint32_t)
Definition: tcp_var.h:371
tcp_function_block::tfb_refcnt
volatile uint32_t tfb_refcnt
Definition: tcp_var.h:378
tcp_function_block::tfb_tcp_fb_fini
void(* tfb_tcp_fb_fini)(struct tcpcb *, int)
Definition: tcp_var.h:366
tcp_function_block::tfb_tcp_handoff_ok
int(* tfb_tcp_handoff_ok)(struct tcpcb *)
Definition: tcp_var.h:374
tcp_function_block::tfb_tcp_mtu_chg
void(* tfb_tcp_mtu_chg)(struct tcpcb *)
Definition: tcp_var.h:375
tcp_function_block::tfb_tcp_fb_init
int(* tfb_tcp_fb_init)(struct tcpcb *)
Definition: tcp_var.h:365
tcp_function_block::tfb_tcp_do_segment
void(* tfb_tcp_do_segment)(struct mbuf *, struct tcphdr *, struct socket *, struct tcpcb *, int, int, uint8_t)
Definition: tcp_var.h:351
tcp_function_block::tfb_tcp_timer_stop_all
int(* tfb_tcp_timer_stop_all)(struct tcpcb *)
Definition: tcp_var.h:368
tcp_function_block::tfb_tcp_timer_activate
void(* tfb_tcp_timer_activate)(struct tcpcb *, uint32_t, u_int)
Definition: tcp_var.h:369
tcp_function_info
Definition: tcp_var.h:940
tcp_function_info::tfi_name
char tfi_name[TCP_FUNCTION_NAME_LEN_MAX]
Definition: tcp_var.h:943
tcp_function_info::tfi_alias
char tfi_alias[TCP_FUNCTION_NAME_LEN_MAX]
Definition: tcp_var.h:944
tcp_function_info::tfi_id
uint8_t tfi_id
Definition: tcp_var.h:942
tcp_function_info::tfi_refcnt
uint32_t tfi_refcnt
Definition: tcp_var.h:941
tcp_function_set
Definition: tcp.h:408
tcp_function_set::pcbcnt
uint32_t pcbcnt
Definition: tcp.h:410
tcp_function_set::function_set_name
char function_set_name[TCP_FUNCTION_NAME_LEN_MAX]
Definition: tcp.h:409
tcp_function
Definition: tcp_var.h:383
tcp_function::tf_name
char tf_name[TCP_FUNCTION_NAME_LEN_MAX]
Definition: tcp_var.h:385
tcp_function::tf_fb
struct tcp_function_block * tf_fb
Definition: tcp_var.h:386
tcp_ifcap
Definition: tcp_var.h:618
tcp_ifcap::tsomax
u_int tsomax
Definition: tcp_var.h:620
tcp_ifcap::ifcap
int ifcap
Definition: tcp_var.h:619
tcp_ifcap::tsomaxsegcount
u_int tsomaxsegcount
Definition: tcp_var.h:621
tcp_ifcap::tsomaxsegsize
u_int tsomaxsegsize
Definition: tcp_var.h:622
tcp_log_bbr::timeStamp
uint32_t timeStamp
Definition: tcp_log_buf.h:81
tcp_log_bbr::inhpts
uint8_t inhpts
Definition: tcp_log_buf.h:97
tcp_log_bbr::pkts_out
uint32_t pkts_out
Definition: tcp_log_buf.h:84
tcp_log_bbr::delivered
uint32_t delivered
Definition: tcp_log_buf.h:80
tcp_log_bbr::flex8
uint8_t flex8
Definition: tcp_log_buf.h:100
tcp_log_buffer
Definition: tcp_log_buf.h:112
tcp_log_buffer::tlb_errno
int tlb_errno
Definition: tcp_log_buf.h:125
tcp_timer
Definition: tcp_timer.h:148
tcp_timer::tt_2msl
struct callout tt_2msl
Definition: tcp_timer.h:152
tcp_timer::tt_rexmt
struct callout tt_rexmt
Definition: tcp_timer.h:149
tcp_timer::tt_keep
struct callout tt_keep
Definition: tcp_timer.h:151
tcp_timer::tt_draincnt
uint32_t tt_draincnt
Definition: tcp_timer.h:155
tcp_timer::tt_delack
struct callout tt_delack
Definition: tcp_timer.h:153
tcp_timer::tt_persist
struct callout tt_persist
Definition: tcp_timer.h:150
tcpcb_mem
Definition: tcp_subr.c:1128
tcpcb_mem::ccv
struct cc_var ccv
Definition: tcp_subr.c:1131
tcpcb_mem::tcb
struct tcpcb tcb
Definition: tcp_subr.c:1129
tcpcb_mem::tt
struct tcp_timer tt
Definition: tcp_subr.c:1130
tcpcb
Definition: tcp_var.h:132
tcpcb::t_segq
struct tsegqe_head t_segq
Definition: tcp_var.h:180
tcpcb::t_logstate
uint32_t t_logstate
Definition: tcp_var.h:138
tcpcb::t_dsack_bytes
uint32_t t_dsack_bytes
Definition: tcp_var.h:270
tcpcb::snd_recover
tcp_seq snd_recover
Definition: tcp_var.h:198
tcpcb::t_dsack_pack
uint32_t t_dsack_pack
Definition: tcp_var.h:272
tcpcb::t_rcvtime
u_int t_rcvtime
Definition: tcp_var.h:175
tcpcb::sackhint
struct sackhint sackhint
Definition: tcp_var.h:233
tcpcb::snd_nxt
tcp_seq snd_nxt
Definition: tcp_var.h:151
tcpcb::t_softerror
int t_softerror
Definition: tcp_var.h:219
tcpcb::t_sndrexmitpack
int t_sndrexmitpack
Definition: tcp_var.h:237
tcpcb::t_vnet
struct vnet * t_vnet
Definition: tcp_var.h:184
tcpcb::t_tfo_pending
unsigned int * t_tfo_pending
Definition: tcp_var.h:276
tcpcb::osd
struct osd * osd
Definition: tcp_var.h:242
tcpcb::t_end_info_bytes
uint8_t t_end_info_bytes[TCP_END_BYTE_INFO]
Definition: tcp_var.h:282
tcpcb::t_timers
struct tcp_timer * t_timers
Definition: tcp_var.h:183
tcpcb::snd_wnd
uint32_t snd_wnd
Definition: tcp_var.h:153
tcpcb::ccv
struct cc_var * ccv
Definition: tcp_var.h:241
tcpcb::snd_max
tcp_seq snd_max
Definition: tcp_var.h:148
tcpcb::snd_una
tcp_seq snd_una
Definition: tcp_var.h:147
tcpcb::t_state
uint32_t t_state
Definition: tcp_var.h:140
tcpcb::t_pacing_rate
int64_t t_pacing_rate
Definition: tcp_var.h:254
tcpcb::t_rttmin
u_int t_rttmin
Definition: tcp_var.h:215
tcpcb::rcv_scale
u_char rcv_scale
Definition: tcp_var.h:171
tcpcb::t_rttupdated
u_long t_rttupdated
Definition: tcp_var.h:226
tcpcb::t_rttvar
int t_rttvar
Definition: tcp_var.h:168
tcpcb::t_end_info_status
uint32_t t_end_info_status
Definition: tcp_var.h:275
tcpcb::snd_ssthresh
uint32_t snd_ssthresh
Definition: tcp_var.h:185
tcpcb::t_stats
struct statsblob * t_stats
Definition: tcp_var.h:259
tcpcb::rcv_wnd
uint32_t rcv_wnd
Definition: tcp_var.h:165
tcpcb::ts_recent
u_int32_t ts_recent
Definition: tcp_var.h:169
tcpcb::t_srtt
int t_srtt
Definition: tcp_var.h:167
tcpcb::ts_offset
u_int32_t ts_offset
Definition: tcp_var.h:157
tcpcb::t_rxtcur
int t_rxtcur
Definition: tcp_var.h:202
tcpcb::t_dsack_tlp_bytes
uint32_t t_dsack_tlp_bytes
Definition: tcp_var.h:271
tcpcb::t_rxtshift
int t_rxtshift
Definition: tcp_var.h:204
tcpcb::t_flags2
u_int t_flags2
Definition: tcp_var.h:166
tcpcb::t_flags
u_int t_flags
Definition: tcp_var.h:146
tcpcb::t_rtttime
u_int t_rtttime
Definition: tcp_var.h:205
tcpcb::t_port
uint32_t t_port
Definition: tcp_var.h:139
tcpcb::t_maxseg
uint32_t t_maxseg
Definition: tcp_var.h:137
tcpcb::snd_cwnd
uint32_t snd_cwnd
Definition: tcp_var.h:154
tcpcb::t_sndzerowin
int t_sndzerowin
Definition: tcp_var.h:225
tcpcb::t_fb
struct tcp_function_block * t_fb
Definition: tcp_var.h:135
tcpcb::t_rcvoopack
int t_rcvoopack
Definition: tcp_var.h:238
tcpcb::rcv_numsacks
int rcv_numsacks
Definition: tcp_var.h:159
tcpcb::t_inpcb
struct inpcb * t_inpcb
Definition: tcp_var.h:134
tcpiphdr
Definition: tcpip.h:41
tcpopt::to_signature
u_char * to_signature
Definition: tcp_var.h:590
tcpopt::to_tsval
u_int32_t to_tsval
Definition: tcp_var.h:587
tcpopt::to_flags
u_int32_t to_flags
Definition: tcp_var.h:578
tcpopt::to_tsecr
u_int32_t to_tsecr
Definition: tcp_var.h:588
tcptemp::tt_ipgen
u_char tt_ipgen[40]
Definition: tcp_var.h:294
tcptemp::tt_t
struct tcphdr tt_t
Definition: tcp_var.h:295
tcptw
Definition: tcp_var.h:629
tcptw::t_port
uint32_t t_port
Definition: tcp_var.h:631
udphdr
Definition: udp.h:45
udphdr::uh_ulen
u_short uh_ulen
Definition: udp.h:48
udphdr::uh_sport
u_short uh_sport
Definition: udp.h:46
udphdr::uh_sum
u_short uh_sum
Definition: udp.h:49
udphdr::uh_dport
u_short uh_dport
Definition: udp.h:47
TCP_TLS_MODE_IFNET
#define TCP_TLS_MODE_IFNET
Definition: tcp.h:416
TCP_FUNCTION_NAME_LEN_MAX
#define TCP_FUNCTION_NAME_LEN_MAX
Definition: tcp.h:406
TCP_TLS_MODE_SW
#define TCP_TLS_MODE_SW
Definition: tcp.h:415
tcp_trace
void tcp_trace(short act, short ostate, struct tcpcb *tp, void *ipgen, struct tcphdr *th, int req)
Definition: tcp_debug.c:99
tcp_debug.h
TA_OUTPUT
#define TA_OUTPUT
Definition: tcp_debug.h:64
tcp_fastopen_init
void tcp_fastopen_init(void)
Definition: tcp_fastopen.c:385
tcp_fastopen_destroy
void tcp_fastopen_destroy(void)
Definition: tcp_fastopen.c:447
tcp_fastopen_disable_path
void tcp_fastopen_disable_path(struct tcpcb *tp)
Definition: tcp_fastopen.c:956
tcp_fastopen_decrement_counter
void tcp_fastopen_decrement_counter(unsigned int *counter)
Definition: tcp_fastopen.c:479
tcp_fastopen.h
tcp_fsm.h
TCPS_HAVERCVDSYN
#define TCPS_HAVERCVDSYN(s)
Definition: tcp_fsm.h:62
TCPS_TIME_WAIT
#define TCPS_TIME_WAIT
Definition: tcp_fsm.h:60
TCPS_ESTABLISHED
#define TCPS_ESTABLISHED
Definition: tcp_fsm.h:52
TCPS_SYN_SENT
#define TCPS_SYN_SENT
Definition: tcp_fsm.h:49
TCPS_SYN_RECEIVED
#define TCPS_SYN_RECEIVED
Definition: tcp_fsm.h:50
TCPS_LISTEN
#define TCPS_LISTEN
Definition: tcp_fsm.h:48
TCPS_HAVEESTABLISHED
#define TCPS_HAVEESTABLISHED(s)
Definition: tcp_fsm.h:63
TCP_NSTATES
#define TCP_NSTATES
Definition: tcp_fsm.h:45
TCPS_CLOSED
#define TCPS_CLOSED
Definition: tcp_fsm.h:47
tcp_hc_updatemtu
void tcp_hc_updatemtu(struct in_conninfo *inc, uint32_t mtu)
Definition: tcp_hostcache.c:440
tcp_hc_init
void tcp_hc_init(void)
Definition: tcp_hostcache.c:227
tcp_hc_update
void tcp_hc_update(struct in_conninfo *inc, struct hc_metrics_lite *hcml)
Definition: tcp_hostcache.c:452
tcp_hpts_remove
void tcp_hpts_remove(struct inpcb *inp)
Definition: tcp_hpts.c:563
tcp_hpts.h
tcp_get_usecs
static __inline uint32_t tcp_get_usecs(struct timeval *tv)
Definition: tcp_hpts.h:198
tcp_input_with_port
int tcp_input_with_port(struct mbuf **mp, int *offp, int proto, uint16_t port)
Definition: tcp_input.c:608
tcp_do_segment
void tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so, struct tcpcb *tp, int drop_hdrlen, int tlen, uint8_t iptos)
Definition: tcp_input.c:1518
tcp_mss_update
void tcp_mss_update(struct tcpcb *tp, int offer, int mtuoffer, struct hc_metrics_lite *metricptr, struct tcp_ifcap *cap)
Definition: tcp_input.c:3665
tcp_log_drain
void tcp_log_drain(struct tcpcb *tp)
Definition: tcp_log_buf.c:1783
tcp_log_tcpcbinit
void tcp_log_tcpcbinit(struct tcpcb *tp)
Definition: tcp_log_buf.c:1176
tcp_log_event_
struct tcp_log_buffer * tcp_log_event_(struct tcpcb *tp, struct tcphdr *th, struct sockbuf *rxbuf, struct sockbuf *txbuf, uint8_t eventid, int errornum, uint32_t len, union tcp_log_stackspecific *stackinfo, int th_hostorder, const char *output_caller, const char *func, int line, const struct timeval *itv)
Definition: tcp_log_buf.c:1520
tcp_log_tcpcbfini
void tcp_log_tcpcbfini(struct tcpcb *tp)
Definition: tcp_log_buf.c:1319
tcp_log_init
void tcp_log_init(void)
Definition: tcp_log_buf.c:1138
tcp_log_get_id
size_t tcp_log_get_id(struct tcpcb *tp, char *buf)
Definition: tcp_log_buf.c:920
tcp_log_buf.h
TCP_LOG_STATE_OFF
@ TCP_LOG_STATE_OFF
Definition: tcp_log_buf.h:244
ERRNO_UNK
#define ERRNO_UNK
Definition: tcp_log_buf.h:257
TCP_LOG_OUT
@ TCP_LOG_OUT
Definition: tcp_log_buf.h:175
tcp_inp_lro_compressed
counter_u64_t tcp_inp_lro_compressed
Definition: tcp_lro.c:98
tcp_inp_lro_locks_taken
counter_u64_t tcp_inp_lro_locks_taken
Definition: tcp_lro.c:99
tcp_uncomp_total
counter_u64_t tcp_uncomp_total
Definition: tcp_lro.c:103
tcp_inp_lro_wokeup_queue
counter_u64_t tcp_inp_lro_wokeup_queue
Definition: tcp_lro.c:97
tcp_bad_csums
counter_u64_t tcp_bad_csums
Definition: tcp_lro.c:104
tcp_would_have_but
counter_u64_t tcp_would_have_but
Definition: tcp_lro.c:101
tcp_comp_total
counter_u64_t tcp_comp_total
Definition: tcp_lro.c:102
tcp_extra_mbuf
counter_u64_t tcp_extra_mbuf
Definition: tcp_lro.c:100
tcp_inp_lro_direct_queue
counter_u64_t tcp_inp_lro_direct_queue
Definition: tcp_lro.c:96
tcp_offload_listen_stop
void tcp_offload_listen_stop(struct tcpcb *tp)
Definition: tcp_offload.c:123
tcp_offload_pmtu_update
void tcp_offload_pmtu_update(struct tcpcb *tp, tcp_seq seq, int mtu)
Definition: tcp_offload.c:224
tcp_offload_detach
void tcp_offload_detach(struct tcpcb *tp)
Definition: tcp_offload.c:213
tcp_offload.h
tcp_addoptions
int tcp_addoptions(struct tcpopt *to, u_char *optp)
Definition: tcp_output.c:1790
tcp_setpersist
void tcp_setpersist(struct tcpcb *tp)
Definition: tcp_output.c:1754
tcp_default_output
int tcp_default_output(struct tcpcb *tp)
Definition: tcp_output.c:199
tcp_pcap_init
void tcp_pcap_init(void)
Definition: tcp_pcap.c:90
tcp_pcap_aggressive_free
int tcp_pcap_aggressive_free
Definition: tcp_pcap.c:45
tcp_pcap_tcpcb_init
void tcp_pcap_tcpcb_init(struct tcpcb *tp)
Definition: tcp_pcap.c:434
tcp_pcap_drain
void tcp_pcap_drain(struct mbufq *queue)
Definition: tcp_pcap.c:426
tcp_pcap.h
tcp_reass_global_init
void tcp_reass_global_init(void)
Definition: tcp_reass.c:273
tcp_reass_flush
void tcp_reass_flush(struct tcpcb *tp)
Definition: tcp_reass.c:305
tcp_clean_sackreport
void tcp_clean_sackreport(struct tcpcb *tp)
Definition: tcp_sack.c:451
tcp_free_sackholes
void tcp_free_sackholes(struct tcpcb *tp)
Definition: tcp_sack.c:830
tcp_seq.h
SEQ_GEQ
#define SEQ_GEQ(a, b)
Definition: tcp_seq.h:45
SEQ_GT
#define SEQ_GT(a, b)
Definition: tcp_seq.h:44
tcp_ts_getticks
static __inline uint32_t tcp_ts_getticks(void)
Definition: tcp_seq.h:89
SEQ_LT
#define SEQ_LT(a, b)
Definition: tcp_seq.h:42
tcp_stats_init
int tcp_stats_init()
Definition: tcp_stats.c:95
V_tcp_isn_reseed_interval
#define V_tcp_isn_reseed_interval
Definition: tcp_subr.c:325
TS_OFFSET_SECRET_LENGTH
#define TS_OFFSET_SECRET_LENGTH
Definition: tcp_subr.c:369
register_tcp_functions_as_name
int register_tcp_functions_as_name(struct tcp_function_block *blk, const char *name, int wait)
Definition: tcp_subr.c:1292
tcp_log_addrs
char * tcp_log_addrs(struct in_conninfo *inc, struct tcphdr *th, void *ip4hdr, const void *ip6hdr)
Definition: tcp_subr.c:3901
V_isn_last
#define V_isn_last
Definition: tcp_subr.c:3292
sysctl_drop
static int sysctl_drop(SYSCTL_HANDLER_ARGS)
Definition: tcp_subr.c:3634
SYSCTL_UINT
SYSCTL_UINT(_net_inet_tcp, OID_AUTO, ack_war_timewindow, CTLFLAG_RW, &tcp_ack_war_time_window, 1000, "If the tcp_stack does ack-war prevention how many milliseconds are in its time window?")
find_and_ref_tcp_functions
struct tcp_function_block * find_and_ref_tcp_functions(struct tcp_function_set *fs)
Definition: tcp_subr.c:454
tcp_decrement_paced_conn
void tcp_decrement_paced_conn(void)
Definition: tcp_subr.c:4126
V_tcpcb_zone
#define V_tcpcb_zone
Definition: tcp_subr.c:1138
tcp_drop_syn_sent
struct inpcb * tcp_drop_syn_sent(struct inpcb *inp, int errno)
Definition: tcp_subr.c:3336
register_tcp_functions
int register_tcp_functions(struct tcp_function_block *blk, int wait)
Definition: tcp_subr.c:1314
tcp_can_enable_pacing
int tcp_can_enable_pacing(void)
Definition: tcp_subr.c:4110
tcp_init
static void tcp_init(void *arg __unused)
Definition: tcp_subr.c:1453
tcp_drop
struct tcpcb * tcp_drop(struct tcpcb *tp, int errno)
Definition: tcp_subr.c:2283
SYSCTL_PROC
SYSCTL_PROC(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt, CTLFLAG_VNET|CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_NEEDGIANT, &VNET_NAME(tcp_mssdflt), 0, &sysctl_net_inet_tcp_mss_check, "I", "Default TCP Maximum Segment Size")
tcp_new_isn
tcp_seq tcp_new_isn(struct in_conninfo *inc)
Definition: tcp_subr.c:3298
tcp_pacing_warning
static uint8_t tcp_pacing_warning
Definition: tcp_subr.c:4123
INPCBSTORAGE_DEFINE
INPCBSTORAGE_DEFINE(tcpcbstor, "tcpinp", "tcp_inpcb", "tcp", "tcphash")
shadow_num_connections
static uint32_t shadow_num_connections
Definition: tcp_subr.c:293
tcp_fini
void tcp_fini(void *xtp)
Definition: tcp_subr.c:1626
tcp_pcblist
static int tcp_pcblist(SYSCTL_HANDLER_ARGS)
Definition: tcp_subr.c:2617
tcp_vnet_init
static void tcp_vnet_init(void *arg __unused)
Definition: tcp_subr.c:1407
deregister_tcp_functions
int deregister_tcp_functions(struct tcp_function_block *blk, bool quiesce, bool force)
Definition: tcp_subr.c:1338
register_tcp_functions_as_names
int register_tcp_functions_as_names(struct tcp_function_block *blk, int wait, const char *names[], int *num_names)
Definition: tcp_subr.c:1189
next_tcp_stack_id
static volatile int next_tcp_stack_id
Definition: tcp_subr.c:1172
tcp_log_addr
static char * tcp_log_addr(struct in_conninfo *inc, struct tcphdr *th, void *ip4hdr, const void *ip6hdr)
Definition: tcp_subr.c:3913
tcp_default_fb_fini
static void tcp_default_fb_fini(struct tcpcb *tp, int tcb_is_purged)
Definition: tcp_subr.c:1105
VNET_DEFINE_STATIC
VNET_DEFINE_STATIC(int, icmp_may_rst)
MALLOC_DEFINE
MALLOC_DEFINE(M_TCPLOG, "tcplog", "TCP address and flags print buffers")
tcp_over_udp_stop
static void tcp_over_udp_stop(void)
Definition: tcp_subr.c:776
tcp_drain
void tcp_drain(void)
Definition: tcp_subr.c:2515
tcp_log_vain
char * tcp_log_vain(struct in_conninfo *inc, struct tcphdr *th, void *ip4hdr, const void *ip6hdr)
Definition: tcp_subr.c:3889
VNET_SYSINIT
VNET_SYSINIT(tcp_vnet_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FOURTH, tcp_vnet_init, NULL)
tcp_discardcb
void tcp_discardcb(struct tcpcb *tp)
Definition: tcp_subr.c:2304
tcp_pacing_limit
static int tcp_pacing_limit
Definition: tcp_subr.c:295
ISN_STATIC_INCREMENT
#define ISN_STATIC_INCREMENT
Definition: tcp_subr.c:3281
ISN_BYTES_PER_SECOND
#define ISN_BYTES_PER_SECOND
Definition: tcp_subr.c:3280
VNET_DEFINE
VNET_DEFINE(int, tcp_mssdflt)
ISN_SECRET_LENGTH
#define ISN_SECRET_LENGTH
Definition: tcp_subr.c:3283
tcp_maxseg
u_int tcp_maxseg(const struct tcpcb *tp)
Definition: tcp_subr.c:3538
tcp_ack_war_cnt
uint32_t tcp_ack_war_cnt
Definition: tcp_subr.c:204
tcp_switch_back_to_default
void tcp_switch_back_to_default(struct tcpcb *tp)
Definition: tcp_subr.c:523
ISN_UNLOCK
#define ISN_UNLOCK()
Definition: tcp_subr.c:1147
tcp_keyed_hash
static uint32_t tcp_keyed_hash(struct in_conninfo *inc, u_char *key, u_int len)
Definition: tcp_subr.c:3189
tcp_newtcpcb
struct tcpcb * tcp_newtcpcb(struct inpcb *inp)
Definition: tcp_subr.c:2150
PAD
#define PAD(len)
tcp_mtudisc_notify
static struct inpcb * tcp_mtudisc_notify(struct inpcb *, int)
Definition: tcp_subr.c:3368
tcp_log_debug
static int tcp_log_debug
Definition: tcp_subr.c:303
sysctl_net_inet_default_tcp_functions
static int sysctl_net_inet_default_tcp_functions(SYSCTL_HANDLER_ARGS)
Definition: tcp_subr.c:668
sysctl_net_inet_list_func_info
static int sysctl_net_inet_list_func_info(SYSCTL_HANDLER_ARGS)
Definition: tcp_subr.c:945
__FBSDID
__FBSDID("$FreeBSD$")
V_isn_offset
#define V_isn_offset
Definition: tcp_subr.c:3294
sysctl_net_inet_tcp_udp_tunneling_overhead_check
static int sysctl_net_inet_tcp_udp_tunneling_overhead_check(SYSCTL_HANDLER_ARGS)
Definition: tcp_subr.c:919
sysctl_net_inet_tcp_mss_check
static int sysctl_net_inet_tcp_mss_check(SYSCTL_HANDLER_ARGS)
Definition: tcp_subr.c:213
tcpip_fillheaders
void tcpip_fillheaders(struct inpcb *inp, uint16_t port, void *ip_ptr, void *tcp_ptr)
Definition: tcp_subr.c:1637
V_isn_secret
#define V_isn_secret
Definition: tcp_subr.c:3291
tcp_state_change
void tcp_state_change(struct tcpcb *tp, int newstate)
Definition: tcp_subr.c:3999
tcp_close
struct tcpcb * tcp_close(struct tcpcb *tp)
Definition: tcp_subr.c:2471
tcp_respond
void tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m, tcp_seq ack, tcp_seq seq, int flags)
Definition: tcp_subr.c:1728
tcp_over_udp_start
static int tcp_over_udp_start(void)
Definition: tcp_subr.c:797
tcp_sysctl_setsockopt
static int tcp_sysctl_setsockopt(SYSCTL_HANDLER_ARGS)
Definition: tcp_subr.c:3751
tcp_soreceive_stream
static int tcp_soreceive_stream
Definition: tcp_subr.c:330
isn_mtx
static struct mtx isn_mtx
Definition: tcp_subr.c:1143
tcp_fixed_maxseg
u_int tcp_fixed_maxseg(const struct tcpcb *tp)
Definition: tcp_subr.c:3587
tcp_default_handoff_ok
static int tcp_default_handoff_ok(struct tcpcb *tp)
Definition: tcp_subr.c:1024
TCBHASHSIZE
#define TCBHASHSIZE
Definition: tcp_subr.c:1119
sysctl_net_inet_tcp_map_limit_check
static int sysctl_net_inet_tcp_map_limit_check(SYSCTL_HANDLER_ARGS)
Definition: tcp_subr.c:338
tcp_def_funcblk
static struct tcp_function_block tcp_def_funcblk
Definition: tcp_subr.c:382
tcp_function_lock
struct rwlock tcp_function_lock
Definition: tcp_subr.c:210
find_and_ref_tcp_default_fb
static struct tcp_function_block * find_and_ref_tcp_default_fb(void)
Definition: tcp_subr.c:511
tcp_log_end_status
void tcp_log_end_status(struct tcpcb *tp, uint8_t status)
Definition: tcp_subr.c:4081
tcp_ack_war_time_window
uint32_t tcp_ack_war_time_window
Definition: tcp_subr.c:199
COPYTIMER
#define COPYTIMER(ttt)
ISN_LOCK_INIT
#define ISN_LOCK_INIT()
Definition: tcp_subr.c:1145
tcp_tcbhashsize
static int tcp_tcbhashsize
Definition: tcp_subr.c:307
ISN_LOCK
#define ISN_LOCK()
Definition: tcp_subr.c:1146
tcp_recv_udp_tunneled_packet
static void tcp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *inp, const struct sockaddr *sa, void *ctx)
Definition: tcp_subr.c:594
SYSINIT
SYSINIT(tcp_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, tcp_init, NULL)
xchg
#define xchg(a, b, type)
tcp_freecb
bool tcp_freecb(struct tcpcb *tp)
Definition: tcp_subr.c:2379
V_isn_offset_old
#define V_isn_offset_old
Definition: tcp_subr.c:3295
V_sack_hole_zone
#define V_sack_hole_zone
Definition: tcp_subr.c:335
tcp_func_set_ptr
static struct tcp_function_block * tcp_func_set_ptr
Definition: tcp_subr.c:394
SYSCTL_INT
SYSCTL_INT(_net_inet_tcp, OID_AUTO, minmss, CTLFLAG_VNET|CTLFLAG_RW, &VNET_NAME(tcp_minmss), 0, "Minimum TCP Maximum Segment Size")
V_isn_last_reseed
#define V_isn_last_reseed
Definition: tcp_subr.c:3293
number_of_tcp_connections_pacing
static volatile uint32_t number_of_tcp_connections_pacing
Definition: tcp_subr.c:292
tcpip_maketemplate
struct tcptemp * tcpip_maketemplate(struct inpcb *inp)
Definition: tcp_subr.c:1702
tcp_record_dsack
void tcp_record_dsack(struct tcpcb *tp, tcp_seq start, tcp_seq end, int tlp)
Definition: tcp_subr.c:397
sysctl_net_inet_list_available
static int sysctl_net_inet_list_available(SYSCTL_HANDLER_ARGS)
Definition: tcp_subr.c:709
find_tcp_fb_locked
static struct tcp_function_block * find_tcp_fb_locked(struct tcp_function_block *blk, struct tcp_function **s)
Definition: tcp_subr.c:436
sysctl_net_inet_tcp_udp_tunneling_port_check
static int sysctl_net_inet_tcp_udp_tunneling_port_check(SYSCTL_HANDLER_ARGS)
Definition: tcp_subr.c:884
tcp_fb_cnt
static int tcp_fb_cnt
Definition: tcp_subr.c:392
t_functions
struct tcp_funchead t_functions
Definition: tcp_subr.c:393
V_icmp_may_rst
#define V_icmp_may_rst
Definition: tcp_subr.c:319
TCP_MINPROTOHDR
#define TCP_MINPROTOHDR
tcp_notify
static struct inpcb * tcp_notify(struct inpcb *, int)
Definition: tcp_subr.c:2570
ISN_RANDOM_INCREMENT
#define ISN_RANDOM_INCREMENT
Definition: tcp_subr.c:3282
do_tcpdrain
static int do_tcpdrain
Definition: tcp_subr.c:311
tcp_default_fb_init
static int tcp_default_fb_init(struct tcpcb *tp)
Definition: tcp_subr.c:1040
V_ts_offset_secret
#define V_ts_offset_secret
Definition: tcp_subr.c:371
find_tcp_function_alias
int find_tcp_function_alias(struct tcp_function_block *blk, struct tcp_function_set *fs)
Definition: tcp_subr.c:481
find_tcp_functions_locked
static struct tcp_function_block * find_tcp_functions_locked(struct tcp_function_set *fs)
Definition: tcp_subr.c:421
maketcp_hashsize
static int maketcp_hashsize(int size)
Definition: tcp_subr.c:1156
tcp_inptoxtp
void tcp_inptoxtp(const struct inpcb *inp, struct xtcpcb *xt)
Definition: tcp_subr.c:4020
tcp_new_ts_offset
uint32_t tcp_new_ts_offset(struct in_conninfo *inc)
Definition: tcp_subr.c:3220
find_and_ref_tcp_fb
struct tcp_function_block * find_and_ref_tcp_fb(struct tcp_function_block *blk)
Definition: tcp_subr.c:467
tcp_mtudisc
static struct inpcb * tcp_mtudisc(struct inpcb *, int)
Definition: tcp_subr.c:3375
syncache_init
void syncache_init(void)
Definition: tcp_syncache.c:254
syncache_pcblist
int syncache_pcblist(struct sysctl_req *req)
Definition: tcp_syncache.c:2554
syncache_unreach
void syncache_unreach(struct in_conninfo *inc, tcp_seq th_seq, uint16_t port)
Definition: tcp_syncache.c:749
tcp_syncache.h
tcp_keepintvl
int tcp_keepintvl
Definition: tcp_timer.c:108
tcp_rexmit_slop
int tcp_rexmit_slop
Definition: tcp_timer.c:138
tcp_persmin
int tcp_persmin
Definition: tcp_timer.c:84
tcp_maxpersistidle
int tcp_maxpersistidle
Definition: tcp_timer.c:165
tcp_timer_stop
void tcp_timer_stop(struct tcpcb *tp, uint32_t timer_type)
Definition: tcp_timer.c:1063
tcp_timer_active
int tcp_timer_active(struct tcpcb *tp, uint32_t timer_type)
Definition: tcp_timer.c:905
tcp_rexmit_min
int tcp_rexmit_min
Definition: tcp_timer.c:132
tcp_rexmit_initial
int tcp_rexmit_initial
Definition: tcp_timer.c:126
tcp_delacktime
int tcp_delacktime
Definition: tcp_timer.c:114
tcp_keepinit
int tcp_keepinit
Definition: tcp_timer.c:96
tcp_timer_activate
void tcp_timer_activate(struct tcpcb *tp, uint32_t timer_type, u_int delta)
Definition: tcp_timer.c:854
tcp_finwait2_timeout
int tcp_finwait2_timeout
Definition: tcp_timer.c:154
tcp_persmax
int tcp_persmax
Definition: tcp_timer.c:90
tcp_keepidle
int tcp_keepidle
Definition: tcp_timer.c:102
tcp_timer.h
V_tcp_msl
#define V_tcp_msl
Definition: tcp_timer.h:214
TCPTV_KEEP_INIT
#define TCPTV_KEEP_INIT
Definition: tcp_timer.h:84
TCPTV_FINWAIT2_TIMEOUT
#define TCPTV_FINWAIT2_TIMEOUT
Definition: tcp_timer.h:89
TCPTV_PERSMAX
#define TCPTV_PERSMAX
Definition: tcp_timer.h:82
TCPTV_CPU_VAR
#define TCPTV_CPU_VAR
Definition: tcp_timer.h:112
TP_KEEPINIT
#define TP_KEEPINIT(tp)
Definition: tcp_timer.h:180
TCPTV_RTOBASE
#define TCPTV_RTOBASE
Definition: tcp_timer.h:79
TCPTV_MSL
#define TCPTV_MSL
Definition: tcp_timer.h:77
TP_KEEPIDLE
#define TP_KEEPIDLE(tp)
Definition: tcp_timer.h:181
TCPTV_PERSMIN
#define TCPTV_PERSMIN
Definition: tcp_timer.h:81
TT_KEEP
#define TT_KEEP
Definition: tcp_timer.h:164
TCPTV_MIN
#define TCPTV_MIN
Definition: tcp_timer.h:111
TT_2MSL
#define TT_2MSL
Definition: tcp_timer.h:165
TCPTV_SRTTBASE
#define TCPTV_SRTTBASE
Definition: tcp_timer.h:78
TT_DELACK
#define TT_DELACK
Definition: tcp_timer.h:161
TCPTV_DELACK
#define TCPTV_DELACK
Definition: tcp_timer.h:119
TCPTV_KEEPINTVL
#define TCPTV_KEEPINTVL
Definition: tcp_timer.h:86
TCPTV_KEEP_IDLE
#define TCPTV_KEEP_IDLE
Definition: tcp_timer.h:85
TT_PERSIST
#define TT_PERSIST
Definition: tcp_timer.h:163
TT_REXMT
#define TT_REXMT
Definition: tcp_timer.h:162
tcp_twclose
void tcp_twclose(struct tcptw *tw, int reuse)
Definition: tcp_timewait.c:541
tcp_tw_init
void tcp_tw_init(void)
Definition: tcp_timewait.c:199
tcp_ctloutput_set
int tcp_ctloutput_set(struct inpcb *inp, struct sockopt *sopt)
Definition: tcp_usrreq.c:1717
tcp_default_ctloutput
int tcp_default_ctloutput(struct inpcb *inp, struct sockopt *sopt)
Definition: tcp_usrreq.c:2120
tcp_var.h
HHOOK_TCP_LAST
#define HHOOK_TCP_LAST
Definition: tcp_var.h:865
TF_SIGNATURE
#define TF_SIGNATURE
Definition: tcp_var.h:519
tcp_maxmtu6
uint32_t tcp_maxmtu6(struct in_conninfo *, struct tcp_ifcap *)
TOF_SIGNATURE
#define TOF_SIGNATURE
Definition: tcp_var.h:583
tcp_get_flags
static uint16_t tcp_get_flags(const struct tcphdr *th)
Definition: tcp_var.h:1265
EXIT_FASTRECOVERY
#define EXIT_FASTRECOVERY(t_flags)
Definition: tcp_var.h:532
TCPCTL_PCBLIST
#define TCPCTL_PCBLIST
Definition: tcp_var.h:959
TF2_ECN_PERMIT
#define TF2_ECN_PERMIT
Definition: tcp_var.h:564
IN_FASTRECOVERY
#define IN_FASTRECOVERY(t_flags)
Definition: tcp_var.h:530
tcp_set_flags
static void tcp_set_flags(struct tcphdr *th, uint16_t flags)
Definition: tcp_var.h:1271
TCPSTATES_DEC
#define TCPSTATES_DEC(state)
Definition: tcp_var.h:858
V_tcp_do_rfc1323
#define V_tcp_do_rfc1323
Definition: tcp_var.h:1039
V_tcp_udp_tunneling_port
#define V_tcp_udp_tunneling_port
Definition: tcp_var.h:1067
V_tcps_states
#define V_tcps_states
Definition: tcp_var.h:856
V_tcp_udp_tunneling_overhead
#define V_tcp_udp_tunneling_overhead
Definition: tcp_var.h:1066
V_tcp_do_lrd
#define V_tcp_do_lrd
Definition: tcp_var.h:1024
TCP_TUNNELING_PORT_MAX
#define TCP_TUNNELING_PORT_MAX
Definition: tcp_var.h:300
TF2_ACE_PERMIT
#define TF2_ACE_PERMIT
Definition: tcp_var.h:567
TCPSTAT_ADD
#define TCPSTAT_ADD(name, val)
Definition: tcp_var.h:840
intotcpcb
#define intotcpcb(ip)
Definition: tcp_var.h:645
V_tcp_mssdflt
#define V_tcp_mssdflt
Definition: tcp_var.h:1055
TF_LRD
#define TF_LRD
Definition: tcp_var.h:525
TF_REQ_SCALE
#define TF_REQ_SCALE
Definition: tcp_var.h:502
TCP_FUNC_BEING_REMOVED
#define TCP_FUNC_BEING_REMOVED
Definition: tcp_var.h:321
TF_NOOPT
#define TF_NOOPT
Definition: tcp_var.h:500
tcp6_use_min_mtu
void tcp6_use_min_mtu(struct tcpcb *)
V_tcp_map_entries_limit
#define V_tcp_map_entries_limit
Definition: tcp_var.h:1052
TCP_EI_STATUS_MAX_VALUE
#define TCP_EI_STATUS_MAX_VALUE
Definition: tcp_var.h:62
TCP_TUNNELING_OVERHEAD_MIN
#define TCP_TUNNELING_OVERHEAD_MIN
Definition: tcp_var.h:304
intotw
#define intotw(ip)
Definition: tcp_var.h:646
TCPSTATES_INC
#define TCPSTATES_INC(state)
Definition: tcp_var.h:857
TCP_MIN_MAP_ENTRIES_LIMIT
#define TCP_MIN_MAP_ENTRIES_LIMIT
Definition: tcp_var.h:309
TF_TOE
#define TF_TOE
Definition: tcp_var.h:522
V_tcp_ts_offset_per_conn
#define V_tcp_ts_offset_per_conn
Definition: tcp_var.h:1041
tcp_ctlinput_viaudp
void tcp_ctlinput_viaudp(int, struct sockaddr *, void *, void *)
V_tcp_log_in_vain
#define V_tcp_log_in_vain
Definition: tcp_var.h:974
TF_RCVD_TSTMP
#define TF_RCVD_TSTMP
Definition: tcp_var.h:505
TCP_TUNNELING_OVERHEAD_DEFAULT
#define TCP_TUNNELING_OVERHEAD_DEFAULT
Definition: tcp_var.h:306
tcp_maxmtu
uint32_t tcp_maxmtu(struct in_conninfo *, struct tcp_ifcap *)
TCP_TUNNELING_OVERHEAD_MAX
#define TCP_TUNNELING_OVERHEAD_MAX
Definition: tcp_var.h:305
tcp_ctlinput
void tcp_ctlinput(int, struct sockaddr *, void *)
TCPCTL_V6MSSDFLT
#define TCPCTL_V6MSSDFLT
Definition: tcp_var.h:961
TCP_END_BYTE_INFO
#define TCP_END_BYTE_INFO
Definition: tcp_var.h:48
tcp_usrreqs
struct pr_usrreqs tcp_usrreqs
V_tcp_do_sack
#define V_tcp_do_sack
Definition: tcp_var.h:1046
TCPSTAT_INC
#define TCPSTAT_INC(name)
Definition: tcp_var.h:842
IS_FASTOPEN
#define IS_FASTOPEN(t_flags)
Definition: tcp_var.h:543
TCP_RTTVAR_SHIFT
#define TCP_RTTVAR_SHIFT
Definition: tcp_var.h:661
HHOOK_TCP_EST_OUT
#define HHOOK_TCP_EST_OUT
Definition: tcp_var.h:864
TF_SACK_PERMIT
#define TF_SACK_PERMIT
Definition: tcp_var.h:506
TCPCTL_DO_RFC1323
#define TCPCTL_DO_RFC1323
Definition: tcp_var.h:950
V_path_mtu_discovery
#define V_path_mtu_discovery
Definition: tcp_var.h:1029
TCP_TUNNELING_PORT_DEFAULT
#define TCP_TUNNELING_PORT_DEFAULT
Definition: tcp_var.h:301
TCPCTL_MSSDFLT
#define TCPCTL_MSSDFLT
Definition: tcp_var.h:951
V_tcp_minmss
#define V_tcp_minmss
Definition: tcp_var.h:1054
V_tcbinfo
#define V_tcbinfo
Definition: tcp_var.h:1030
TCP_EI_EMPTY_SLOT
#define TCP_EI_EMPTY_SLOT
Definition: tcp_var.h:50
TF_REQ_TSTMP
#define TF_REQ_TSTMP
Definition: tcp_var.h:504
TCP_TUNNELING_PORT_MIN
#define TCP_TUNNELING_PORT_MIN
Definition: tcp_var.h:299
TOF_TS
#define TOF_TS
Definition: tcp_var.h:582
HHOOK_TCP_EST_IN
#define HHOOK_TCP_EST_IN
Definition: tcp_var.h:863
TCPCTL_DROP
#define TCPCTL_DROP
Definition: tcp_var.h:963
udp_set_kernel_tunneling
int udp_set_kernel_tunneling(struct socket *so, udp_tun_func_t f, udp_tun_icmp_t i, void *ctx)
Definition: udp_usrreq.c:1547
udp_var.h
cc_var::ccv_container::tcp
struct tcpcb * tcp
Definition: cc.h:100
tcp_log_stackspecific
Definition: tcp_log_buf.h:106
tcp_log_stackspecific::u_bbr
struct tcp_log_bbr u_bbr
Definition: tcp_log_buf.h:108