1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 *
26 * tcp.c, Code implementing the TCP protocol.
27 */
28
29 #pragma ident "%Z%%M% %I% %E% SMI"
30
31 #include <sys/types.h>
32 #include <socket_impl.h>
33 #include <socket_inet.h>
34 #include <sys/sysmacros.h>
35 #include <sys/promif.h>
36 #include <sys/socket.h>
37 #include <netinet/in_systm.h>
38 #include <netinet/in.h>
39 #include <netinet/ip.h>
40 #include <netinet/tcp.h>
41 #include <net/if_types.h>
42 #include <sys/salib.h>
43
44 #include "ipv4.h"
45 #include "ipv4_impl.h"
46 #include "mac.h"
47 #include "mac_impl.h"
48 #include "v4_sum_impl.h"
49 #include <sys/bootdebug.h>
50 #include "tcp_inet.h"
51 #include "tcp_sack.h"
52 #include <inet/common.h>
53 #include <inet/mib2.h>
54
55 /*
56 * We need to redefine BUMP_MIB/UPDATE_MIB to not have DTrace probes.
57 */
58 #undef BUMP_MIB
59 #define BUMP_MIB(x) (x)++
60
61 #undef UPDATE_MIB
62 #define UPDATE_MIB(x, y) x += y
63
64 /*
65 * MIB-2 stuff for SNMP
66 */
67 mib2_tcp_t tcp_mib; /* SNMP fixed size info */
68
69 /* The TCP mib does not include the following errors. */
70 static uint_t tcp_cksum_errors;
71 static uint_t tcp_drops;
72
73 /* Macros for timestamp comparisons */
74 #define TSTMP_GEQ(a, b) ((int32_t)((a)-(b)) >= 0)
75 #define TSTMP_LT(a, b) ((int32_t)((a)-(b)) < 0)
76
77 /*
78 * Parameters for TCP Initial Send Sequence number (ISS) generation.
79 * The ISS is calculated by adding three components: a time component
80 * which grows by 1 every 4096 nanoseconds (versus every 4 microseconds
81 * suggested by RFC 793, page 27);
82 * a per-connection component which grows by 125000 for every new connection;
83 * and an "extra" component that grows by a random amount centered
84 * approximately on 64000. This causes the the ISS generator to cycle every
85 * 4.89 hours if no TCP connections are made, and faster if connections are
86 * made.
87 */
88 #define ISS_INCR 250000
89 #define ISS_NSEC_SHT 0
90
91 static uint32_t tcp_iss_incr_extra; /* Incremented for each connection */
92
93 #define TCP_XMIT_LOWATER 4096
94 #define TCP_XMIT_HIWATER 49152
95 #define TCP_RECV_LOWATER 2048
96 #define TCP_RECV_HIWATER 49152
97
98 /*
99 * PAWS needs a timer for 24 days. This is the number of ms in 24 days
100 */
101 #define PAWS_TIMEOUT ((uint32_t)(24*24*60*60*1000))
102
103 /*
104 * TCP options struct returned from tcp_parse_options.
105 */
106 typedef struct tcp_opt_s {
107 uint32_t tcp_opt_mss;
108 uint32_t tcp_opt_wscale;
109 uint32_t tcp_opt_ts_val;
110 uint32_t tcp_opt_ts_ecr;
111 tcp_t *tcp;
112 } tcp_opt_t;
113
114 /*
115 * RFC1323-recommended phrasing of TSTAMP option, for easier parsing
116 */
117
118 #ifdef _BIG_ENDIAN
119 #define TCPOPT_NOP_NOP_TSTAMP ((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | \
120 (TCPOPT_TSTAMP << 8) | 10)
121 #else
122 #define TCPOPT_NOP_NOP_TSTAMP ((10 << 24) | (TCPOPT_TSTAMP << 16) | \
123 (TCPOPT_NOP << 8) | TCPOPT_NOP)
124 #endif
125
126 /*
127 * Flags returned from tcp_parse_options.
128 */
129 #define TCP_OPT_MSS_PRESENT 1
130 #define TCP_OPT_WSCALE_PRESENT 2
131 #define TCP_OPT_TSTAMP_PRESENT 4
132 #define TCP_OPT_SACK_OK_PRESENT 8
133 #define TCP_OPT_SACK_PRESENT 16
134
135 /* TCP option length */
136 #define TCPOPT_NOP_LEN 1
137 #define TCPOPT_MAXSEG_LEN 4
138 #define TCPOPT_WS_LEN 3
139 #define TCPOPT_REAL_WS_LEN (TCPOPT_WS_LEN+1)
140 #define TCPOPT_TSTAMP_LEN 10
141 #define TCPOPT_REAL_TS_LEN (TCPOPT_TSTAMP_LEN+2)
142 #define TCPOPT_SACK_OK_LEN 2
143 #define TCPOPT_REAL_SACK_OK_LEN (TCPOPT_SACK_OK_LEN+2)
144 #define TCPOPT_REAL_SACK_LEN 4
145 #define TCPOPT_MAX_SACK_LEN 36
146 #define TCPOPT_HEADER_LEN 2
147
148 /* TCP cwnd burst factor. */
149 #define TCP_CWND_INFINITE 65535
150 #define TCP_CWND_SS 3
151 #define TCP_CWND_NORMAL 5
152
153 /* Named Dispatch Parameter Management Structure */
154 typedef struct tcpparam_s {
155 uint32_t tcp_param_min;
156 uint32_t tcp_param_max;
157 uint32_t tcp_param_val;
158 char *tcp_param_name;
159 } tcpparam_t;
160
161 /* Max size IP datagram is 64k - 1 */
162 #define TCP_MSS_MAX_IPV4 (IP_MAXPACKET - (sizeof (struct ip) + \
163 sizeof (tcph_t)))
164
165 /* Max of the above */
166 #define TCP_MSS_MAX TCP_MSS_MAX_IPV4
167
168 /* Largest TCP port number */
169 #define TCP_MAX_PORT (64 * 1024 - 1)
170
171 /* Round up the value to the nearest mss. */
172 #define MSS_ROUNDUP(value, mss) ((((value) - 1) / (mss) + 1) * (mss))
173
174 #define MS 1L
175 #define SECONDS (1000 * MS)
176 #define MINUTES (60 * SECONDS)
177 #define HOURS (60 * MINUTES)
178 #define DAYS (24 * HOURS)
179
180 /* All NDD params in the core TCP became static variables. */
181 static int tcp_time_wait_interval = 1 * MINUTES;
182 static int tcp_conn_req_max_q = 128;
183 static int tcp_conn_req_max_q0 = 1024;
184 static int tcp_conn_req_min = 1;
185 static int tcp_conn_grace_period = 0 * SECONDS;
186 static int tcp_cwnd_max_ = 1024 * 1024;
187 static int tcp_smallest_nonpriv_port = 1024;
188 static int tcp_ip_abort_cinterval = 3 * MINUTES;
189 static int tcp_ip_abort_linterval = 3 * MINUTES;
190 static int tcp_ip_abort_interval = 8 * MINUTES;
191 static int tcp_ip_notify_cinterval = 10 * SECONDS;
192 static int tcp_ip_notify_interval = 10 * SECONDS;
193 static int tcp_ipv4_ttl = 64;
194 static int tcp_mss_def_ipv4 = 536;
195 static int tcp_mss_max_ipv4 = TCP_MSS_MAX_IPV4;
196 static int tcp_mss_min = 108;
197 static int tcp_naglim_def = (4*1024)-1;
198 static int tcp_rexmit_interval_initial = 3 * SECONDS;
199 static int tcp_rexmit_interval_max = 60 * SECONDS;
200 static int tcp_rexmit_interval_min = 400 * MS;
201 static int tcp_dupack_fast_retransmit = 3;
202 static int tcp_smallest_anon_port = 32 * 1024;
203 static int tcp_largest_anon_port = TCP_MAX_PORT;
204 static int tcp_xmit_lowat = TCP_XMIT_LOWATER;
205 static int tcp_recv_hiwat_minmss = 4;
206 static int tcp_fin_wait_2_flush_interval = 1 * MINUTES;
207 static int tcp_max_buf = 1024 * 1024;
208 static int tcp_wscale_always = 1;
209 static int tcp_tstamp_always = 1;
210 static int tcp_tstamp_if_wscale = 1;
211 static int tcp_rexmit_interval_extra = 0;
212 static int tcp_slow_start_after_idle = 2;
213 static int tcp_slow_start_initial = 2;
214 static int tcp_sack_permitted = 2;
215 static int tcp_ecn_permitted = 2;
216
217 /* Extra room to fit in headers. */
218 static uint_t tcp_wroff_xtra;
219
220 /* Hint for next port to try. */
221 static in_port_t tcp_next_port_to_try = 32*1024;
222
223 /*
224 * Figure out the value of window scale opton. Note that the rwnd is
225 * ASSUMED to be rounded up to the nearest MSS before the calculation.
226 * We cannot find the scale value and then do a round up of tcp_rwnd
227 * because the scale value may not be correct after that.
228 */
229 #define SET_WS_VALUE(tcp) \
230 { \
231 int i; \
232 uint32_t rwnd = (tcp)->tcp_rwnd; \
233 for (i = 0; rwnd > TCP_MAXWIN && i < TCP_MAX_WINSHIFT; \
234 i++, rwnd >>= 1) \
235 ; \
236 (tcp)->tcp_rcv_ws = i; \
237 }
238
239 /*
240 * Set ECN capable transport (ECT) code point in IP header.
241 *
242 * Note that there are 2 ECT code points '01' and '10', which are called
243 * ECT(1) and ECT(0) respectively. Here we follow the original ECT code
244 * point ECT(0) for TCP as described in RFC 2481.
245 */
246 #define SET_ECT(tcp, iph) \
247 if ((tcp)->tcp_ipversion == IPV4_VERSION) { \
248 /* We need to clear the code point first. */ \
249 ((struct ip *)(iph))->ip_tos &= 0xFC; \
250 ((struct ip *)(iph))->ip_tos |= IPH_ECN_ECT0; \
251 }
252
253 /*
254 * The format argument to pass to tcp_display().
255 * DISP_PORT_ONLY means that the returned string has only port info.
256 * DISP_ADDR_AND_PORT means that the returned string also contains the
257 * remote and local IP address.
258 */
259 #define DISP_PORT_ONLY 1
260 #define DISP_ADDR_AND_PORT 2
261
262 /*
263 * TCP reassembly macros. We hide starting and ending sequence numbers in
264 * b_next and b_prev of messages on the reassembly queue. The messages are
265 * chained using b_cont. These macros are used in tcp_reass() so we don't
266 * have to see the ugly casts and assignments.
267 * Note. use uintptr_t to suppress the gcc warning.
268 */
269 #define TCP_REASS_SEQ(mp) ((uint32_t)(uintptr_t)((mp)->b_next))
270 #define TCP_REASS_SET_SEQ(mp, u) ((mp)->b_next = \
271 (mblk_t *)((uintptr_t)(u)))
272 #define TCP_REASS_END(mp) ((uint32_t)(uintptr_t)((mp)->b_prev))
273 #define TCP_REASS_SET_END(mp, u) ((mp)->b_prev = \
274 (mblk_t *)((uintptr_t)(u)))
275
276 #define TCP_TIMER_RESTART(tcp, intvl) \
277 (tcp)->tcp_rto_timeout = prom_gettime() + intvl; \
278 (tcp)->tcp_timer_running = B_TRUE;
279
280 static int tcp_accept_comm(tcp_t *, tcp_t *, mblk_t *, uint_t);
281 static mblk_t *tcp_ack_mp(tcp_t *);
282 static in_port_t tcp_bindi(in_port_t, in_addr_t *, boolean_t, boolean_t);
283 static uint16_t tcp_cksum(uint16_t *, uint32_t);
284 static void tcp_clean_death(int, tcp_t *, int err);
285 static tcp_t *tcp_conn_request(tcp_t *, mblk_t *mp, uint_t, uint_t);
286 static char *tcp_display(tcp_t *, char *, char);
287 static int tcp_drain_input(tcp_t *, int, int);
288 static void tcp_drain_needed(int, tcp_t *);
289 static boolean_t tcp_drop_q0(tcp_t *);
290 static mblk_t *tcp_get_seg_mp(tcp_t *, uint32_t, int32_t *);
291 static int tcp_header_len(struct inetgram *);
292 static in_port_t tcp_report_ports(uint16_t *, enum Ports);
293 static int tcp_input(int);
294 static void tcp_iss_init(tcp_t *);
295 static tcp_t *tcp_lookup_ipv4(struct ip *, tcpha_t *, int, int *);
296 static tcp_t *tcp_lookup_listener_ipv4(in_addr_t, in_port_t, int *);
297 static int tcp_conn_check(tcp_t *);
298 static int tcp_close(int);
299 static void tcp_close_detached(tcp_t *);
300 static void tcp_eager_cleanup(tcp_t *, boolean_t, int);
301 static void tcp_eager_unlink(tcp_t *);
302 static void tcp_free(tcp_t *);
303 static int tcp_header_init_ipv4(tcp_t *);
304 static void tcp_mss_set(tcp_t *, uint32_t);
305 static int tcp_parse_options(tcph_t *, tcp_opt_t *);
306 static boolean_t tcp_paws_check(tcp_t *, tcph_t *, tcp_opt_t *);
307 static void tcp_process_options(tcp_t *, tcph_t *);
308 static int tcp_random(void);
309 static void tcp_random_init(void);
310 static mblk_t *tcp_reass(tcp_t *, mblk_t *, uint32_t);
311 static void tcp_reass_elim_overlap(tcp_t *, mblk_t *);
312 static void tcp_rcv_drain(int sock_id, tcp_t *);
313 static void tcp_rcv_enqueue(tcp_t *, mblk_t *, uint_t);
314 static void tcp_rput_data(tcp_t *, mblk_t *, int);
315 static int tcp_rwnd_set(tcp_t *, uint32_t);
316 static int32_t tcp_sack_rxmit(tcp_t *, int);
317 static void tcp_set_cksum(mblk_t *);
318 static void tcp_set_rto(tcp_t *, int32_t);
319 static void tcp_ss_rexmit(tcp_t *, int);
320 static int tcp_state_wait(int, tcp_t *, int);
321 static void tcp_timer(tcp_t *, int);
322 static void tcp_time_wait_append(tcp_t *);
323 static void tcp_time_wait_collector(void);
324 static void tcp_time_wait_processing(tcp_t *, mblk_t *, uint32_t,
325 uint32_t, int, tcph_t *, int sock_id);
326 static void tcp_time_wait_remove(tcp_t *);
327 static in_port_t tcp_update_next_port(in_port_t);
328 static int tcp_verify_cksum(mblk_t *);
329 static void tcp_wput_data(tcp_t *, mblk_t *, int);
330 static void tcp_xmit_ctl(char *, tcp_t *, mblk_t *, uint32_t, uint32_t,
331 int, uint_t, int);
332 static void tcp_xmit_early_reset(char *, int, mblk_t *, uint32_t, uint32_t,
333 int, uint_t);
334 static int tcp_xmit_end(tcp_t *, int);
335 static void tcp_xmit_listeners_reset(int, mblk_t *, uint_t);
336 static mblk_t *tcp_xmit_mp(tcp_t *, mblk_t *, int32_t, int32_t *,
337 mblk_t **, uint32_t, boolean_t, uint32_t *, boolean_t);
338 static int tcp_init_values(tcp_t *, struct inetboot_socket *);
339
340 #if DEBUG > 1
341 #define TCP_DUMP_PACKET(str, mp) \
342 { \
343 int len = (mp)->b_wptr - (mp)->b_rptr; \
344 \
345 printf("%s: dump TCP(%d): \n", (str), len); \
346 hexdump((char *)(mp)->b_rptr, len); \
347 }
348 #else
349 #define TCP_DUMP_PACKET(str, mp)
350 #endif
351
352 #ifdef DEBUG
353 #define DEBUG_1(str, arg) printf(str, (arg))
354 #define DEBUG_2(str, arg1, arg2) printf(str, (arg1), (arg2))
355 #define DEBUG_3(str, arg1, arg2, arg3) printf(str, (arg1), (arg2), (arg3))
356 #else
357 #define DEBUG_1(str, arg)
358 #define DEBUG_2(str, arg1, arg2)
359 #define DEBUG_3(str, arg1, arg2, arg3)
360 #endif
361
362 /* Whether it is the first time TCP is used. */
363 static boolean_t tcp_initialized = B_FALSE;
364
365 /* TCP time wait list. */
366 static tcp_t *tcp_time_wait_head;
367 static tcp_t *tcp_time_wait_tail;
368 static uint32_t tcp_cum_timewait;
369 /* When the tcp_time_wait_collector is run. */
370 static uint32_t tcp_time_wait_runtime;
371
372 #define TCP_RUN_TIME_WAIT_COLLECTOR() \
373 if (prom_gettime() > tcp_time_wait_runtime) \
374 tcp_time_wait_collector();
375
376 /*
377 * Accept will return with an error if there is no connection coming in
378 * after this (in ms).
379 */
380 static int tcp_accept_timeout = 60000;
381
382 /*
383 * Initialize the TCP-specific parts of a socket.
384 */
385 void
tcp_socket_init(struct inetboot_socket * isp)386 tcp_socket_init(struct inetboot_socket *isp)
387 {
388 /* Do some initializations. */
389 if (!tcp_initialized) {
390 tcp_random_init();
391 /* Extra head room for the MAC layer address. */
392 if ((tcp_wroff_xtra = mac_get_hdr_len()) & 0x3) {
393 tcp_wroff_xtra = (tcp_wroff_xtra & ~0x3) + 0x4;
394 }
395 /* Schedule the first time wait cleanup time */
396 tcp_time_wait_runtime = prom_gettime() + tcp_time_wait_interval;
397 tcp_initialized = B_TRUE;
398 }
399 TCP_RUN_TIME_WAIT_COLLECTOR();
400
401 isp->proto = IPPROTO_TCP;
402 isp->input[TRANSPORT_LVL] = tcp_input;
403 /* Socket layer should call tcp_send() directly. */
404 isp->output[TRANSPORT_LVL] = NULL;
405 isp->close[TRANSPORT_LVL] = tcp_close;
406 isp->headerlen[TRANSPORT_LVL] = tcp_header_len;
407 isp->ports = tcp_report_ports;
408 if ((isp->pcb = bkmem_alloc(sizeof (tcp_t))) == NULL) {
409 errno = ENOBUFS;
410 return;
411 }
412 if ((errno = tcp_init_values((tcp_t *)isp->pcb, isp)) != 0) {
413 bkmem_free(isp->pcb, sizeof (tcp_t));
414 return;
415 }
416 /*
417 * This is set last because this field is used to determine if
418 * a socket is in use or not.
419 */
420 isp->type = INETBOOT_STREAM;
421 }
422
423 /*
424 * Return the size of a TCP header including TCP option.
425 */
426 static int
tcp_header_len(struct inetgram * igm)427 tcp_header_len(struct inetgram *igm)
428 {
429 mblk_t *pkt;
430 int ipvers;
431
432 /* Just returns the standard TCP header without option */
433 if (igm == NULL)
434 return (sizeof (tcph_t));
435
436 if ((pkt = igm->igm_mp) == NULL)
437 return (0);
438
439 ipvers = ((struct ip *)pkt->b_rptr)->ip_v;
440 if (ipvers == IPV4_VERSION) {
441 return (TCP_HDR_LENGTH((tcph_t *)(pkt + IPH_HDR_LENGTH(pkt))));
442 } else {
443 dprintf("tcp_header_len: non-IPv4 packet.\n");
444 return (0);
445 }
446 }
447
448 /*
449 * Return the requested port number in network order.
450 */
451 static in_port_t
tcp_report_ports(uint16_t * tcphp,enum Ports request)452 tcp_report_ports(uint16_t *tcphp, enum Ports request)
453 {
454 if (request == SOURCE)
455 return (*(uint16_t *)(((tcph_t *)tcphp)->th_lport));
456 return (*(uint16_t *)(((tcph_t *)tcphp)->th_fport));
457 }
458
459 /*
460 * Because inetboot is not interrupt driven, TCP can only poll. This
461 * means that there can be packets stuck in the NIC buffer waiting to
462 * be processed. Thus we need to drain them before, for example, sending
463 * anything because an ACK may actually be stuck there.
464 *
465 * The timeout arguments determine how long we should wait for draining.
466 */
467 static int
tcp_drain_input(tcp_t * tcp,int sock_id,int timeout)468 tcp_drain_input(tcp_t *tcp, int sock_id, int timeout)
469 {
470 struct inetgram *in_gram;
471 struct inetgram *old_in_gram;
472 int old_timeout;
473 mblk_t *mp;
474 int i;
475
476 dprintf("tcp_drain_input(%d): %s\n", sock_id,
477 tcp_display(tcp, NULL, DISP_ADDR_AND_PORT));
478
479 /*
480 * Since the driver uses the in_timeout value in the socket
481 * structure to determine the timeout value, we need to save
482 * the original one so that we can restore that after draining.
483 */
484 old_timeout = sockets[sock_id].in_timeout;
485 sockets[sock_id].in_timeout = timeout;
486
487 /*
488 * We do this because the input queue may have some user
489 * data already.
490 */
491 old_in_gram = sockets[sock_id].inq;
492 sockets[sock_id].inq = NULL;
493
494 /* Go out and check the wire */
495 for (i = MEDIA_LVL; i < TRANSPORT_LVL; i++) {
496 if (sockets[sock_id].input[i] != NULL) {
497 if (sockets[sock_id].input[i](sock_id) < 0) {
498 sockets[sock_id].in_timeout = old_timeout;
499 if (sockets[sock_id].inq != NULL)
500 nuke_grams(&sockets[sock_id].inq);
501 sockets[sock_id].inq = old_in_gram;
502 return (-1);
503 }
504 }
505 }
506 #if DEBUG
507 printf("tcp_drain_input: done with checking packets\n");
508 #endif
509 while ((in_gram = sockets[sock_id].inq) != NULL) {
510 /* Remove unknown inetgrams from the head of inq. */
511 if (in_gram->igm_level != TRANSPORT_LVL) {
512 #if DEBUG
513 printf("tcp_drain_input: unexpected packet "
514 "level %d frame found\n", in_gram->igm_level);
515 #endif
516 del_gram(&sockets[sock_id].inq, in_gram, B_TRUE);
517 continue;
518 }
519 mp = in_gram->igm_mp;
520 del_gram(&sockets[sock_id].inq, in_gram, B_FALSE);
521 bkmem_free((caddr_t)in_gram, sizeof (struct inetgram));
522 tcp_rput_data(tcp, mp, sock_id);
523 sockets[sock_id].in_timeout = old_timeout;
524
525 /*
526 * The other side may have closed this connection or
527 * RST us. But we need to continue to process other
528 * packets in the socket's queue because they may be
529 * belong to another TCP connections.
530 */
531 if (sockets[sock_id].pcb == NULL)
532 tcp = NULL;
533 }
534
535 if (tcp == NULL || sockets[sock_id].pcb == NULL) {
536 if (sockets[sock_id].so_error != 0)
537 return (-1);
538 else
539 return (0);
540 }
541 #if DEBUG
542 printf("tcp_drain_input: done with processing packets\n");
543 #endif
544 sockets[sock_id].in_timeout = old_timeout;
545 sockets[sock_id].inq = old_in_gram;
546
547 /*
548 * Data may have been received so indicate it is available
549 */
550 tcp_drain_needed(sock_id, tcp);
551 return (0);
552 }
553
554 /*
555 * The receive entry point for upper layer to call to get data. Note
556 * that this follows the current architecture that lower layer receive
557 * routines have been called already. Thus if the inq of socket is
558 * not NULL, the packets must be for us.
559 */
560 static int
tcp_input(int sock_id)561 tcp_input(int sock_id)
562 {
563 struct inetgram *in_gram;
564 mblk_t *mp;
565 tcp_t *tcp;
566
567 TCP_RUN_TIME_WAIT_COLLECTOR();
568
569 if ((tcp = sockets[sock_id].pcb) == NULL)
570 return (-1);
571
572 while ((in_gram = sockets[sock_id].inq) != NULL) {
573 /* Remove unknown inetgrams from the head of inq. */
574 if (in_gram->igm_level != TRANSPORT_LVL) {
575 #ifdef DEBUG
576 printf("tcp_input: unexpected packet "
577 "level %d frame found\n", in_gram->igm_level);
578 #endif
579 del_gram(&sockets[sock_id].inq, in_gram, B_TRUE);
580 continue;
581 }
582 mp = in_gram->igm_mp;
583 del_gram(&sockets[sock_id].inq, in_gram, B_FALSE);
584 bkmem_free((caddr_t)in_gram, sizeof (struct inetgram));
585 tcp_rput_data(tcp, mp, sock_id);
586 /* The TCP may be gone because it gets a RST. */
587 if (sockets[sock_id].pcb == NULL)
588 return (-1);
589 }
590
591 /* Flush the receive list. */
592 if (tcp->tcp_rcv_list != NULL) {
593 tcp_rcv_drain(sock_id, tcp);
594 } else {
595 /* The other side has closed the connection, report this up. */
596 if (tcp->tcp_state == TCPS_CLOSE_WAIT) {
597 sockets[sock_id].so_state |= SS_CANTRCVMORE;
598 return (0);
599 }
600 }
601 return (0);
602 }
603
604 /*
605 * The send entry point for upper layer to call to send data. In order
606 * to minimize changes to the core TCP code, we need to put the
607 * data into mblks.
608 */
609 int
tcp_send(int sock_id,tcp_t * tcp,const void * msg,int len)610 tcp_send(int sock_id, tcp_t *tcp, const void *msg, int len)
611 {
612 mblk_t *mp;
613 mblk_t *head = NULL;
614 mblk_t *tail;
615 int mss = tcp->tcp_mss;
616 int cnt = 0;
617 int win_size;
618 char *buf = (char *)msg;
619
620 TCP_RUN_TIME_WAIT_COLLECTOR();
621
622 /* We don't want to append 0 size mblk. */
623 if (len == 0)
624 return (0);
625 while (len > 0) {
626 if (len < mss) {
627 mss = len;
628 }
629 /*
630 * If we cannot allocate more buffer, stop here and
631 * the number of bytes buffered will be returned.
632 *
633 * Note that we follow the core TCP optimization that
634 * each mblk contains only MSS bytes data.
635 */
636 if ((mp = allocb(mss + tcp->tcp_ip_hdr_len +
637 TCP_MAX_HDR_LENGTH + tcp_wroff_xtra, 0)) == NULL) {
638 break;
639 }
640 mp->b_rptr += tcp->tcp_hdr_len + tcp_wroff_xtra;
641 bcopy(buf, mp->b_rptr, mss);
642 mp->b_wptr = mp->b_rptr + mss;
643 buf += mss;
644 cnt += mss;
645 len -= mss;
646
647 if (head == NULL) {
648 head = mp;
649 tail = mp;
650 } else {
651 tail->b_cont = mp;
652 tail = mp;
653 }
654 }
655
656 /*
657 * Since inetboot is not interrupt driven, there may be
658 * some ACKs in the MAC's buffer. Drain them first,
659 * otherwise, we may not be able to send.
660 *
661 * We expect an ACK in two cases:
662 *
663 * 1) We have un-ACK'ed data.
664 *
665 * 2) All ACK's have been received and the sender's window has been
666 * closed. We need an ACK back to open the window so that we can
667 * send. In this case, call tcp_drain_input() if the window size is
668 * less than 2 * MSS.
669 */
670
671 /* window size = MIN(swnd, cwnd) - unacked bytes */
672 win_size = (tcp->tcp_swnd > tcp->tcp_cwnd) ? tcp->tcp_cwnd :
673 tcp->tcp_swnd;
674 win_size -= tcp->tcp_snxt;
675 win_size += tcp->tcp_suna;
676 if (win_size < (2 * tcp->tcp_mss))
677 if (tcp_drain_input(tcp, sock_id, 5) < 0)
678 return (-1);
679
680 tcp_wput_data(tcp, head, sock_id);
681 /*
682 * errno should be reset here as it may be
683 * set to ETIMEDOUT. This may be set by
684 * the MAC driver in case it has timed out
685 * waiting for ARP reply. Any segment which
686 * was not transmitted because of ARP timeout
687 * will be retransmitted by TCP.
688 */
689 if (errno == ETIMEDOUT)
690 errno = 0;
691 return (cnt);
692 }
693
694 /* Free up all TCP related stuff */
695 static void
tcp_free(tcp_t * tcp)696 tcp_free(tcp_t *tcp)
697 {
698 if (tcp->tcp_iphc != NULL) {
699 bkmem_free((caddr_t)tcp->tcp_iphc, tcp->tcp_iphc_len);
700 tcp->tcp_iphc = NULL;
701 }
702 if (tcp->tcp_xmit_head != NULL) {
703 freemsg(tcp->tcp_xmit_head);
704 tcp->tcp_xmit_head = NULL;
705 }
706 if (tcp->tcp_rcv_list != NULL) {
707 freemsg(tcp->tcp_rcv_list);
708 tcp->tcp_rcv_list = NULL;
709 }
710 if (tcp->tcp_reass_head != NULL) {
711 freemsg(tcp->tcp_reass_head);
712 tcp->tcp_reass_head = NULL;
713 }
714 if (tcp->tcp_sack_info != NULL) {
715 bkmem_free((caddr_t)tcp->tcp_sack_info,
716 sizeof (tcp_sack_info_t));
717 tcp->tcp_sack_info = NULL;
718 }
719 }
720
721 static void
tcp_close_detached(tcp_t * tcp)722 tcp_close_detached(tcp_t *tcp)
723 {
724 if (tcp->tcp_listener != NULL)
725 tcp_eager_unlink(tcp);
726 tcp_free(tcp);
727 bkmem_free((caddr_t)tcp, sizeof (tcp_t));
728 }
729
730 /*
731 * If we are an eager connection hanging off a listener that hasn't
732 * formally accepted the connection yet, get off his list and blow off
733 * any data that we have accumulated.
734 */
735 static void
tcp_eager_unlink(tcp_t * tcp)736 tcp_eager_unlink(tcp_t *tcp)
737 {
738 tcp_t *listener = tcp->tcp_listener;
739
740 assert(listener != NULL);
741 if (tcp->tcp_eager_next_q0 != NULL) {
742 assert(tcp->tcp_eager_prev_q0 != NULL);
743
744 /* Remove the eager tcp from q0 */
745 tcp->tcp_eager_next_q0->tcp_eager_prev_q0 =
746 tcp->tcp_eager_prev_q0;
747 tcp->tcp_eager_prev_q0->tcp_eager_next_q0 =
748 tcp->tcp_eager_next_q0;
749 listener->tcp_conn_req_cnt_q0--;
750 } else {
751 tcp_t **tcpp = &listener->tcp_eager_next_q;
752 tcp_t *prev = NULL;
753
754 for (; tcpp[0]; tcpp = &tcpp[0]->tcp_eager_next_q) {
755 if (tcpp[0] == tcp) {
756 if (listener->tcp_eager_last_q == tcp) {
757 /*
758 * If we are unlinking the last
759 * element on the list, adjust
760 * tail pointer. Set tail pointer
761 * to nil when list is empty.
762 */
763 assert(tcp->tcp_eager_next_q == NULL);
764 if (listener->tcp_eager_last_q ==
765 listener->tcp_eager_next_q) {
766 listener->tcp_eager_last_q =
767 NULL;
768 } else {
769 /*
770 * We won't get here if there
771 * is only one eager in the
772 * list.
773 */
774 assert(prev != NULL);
775 listener->tcp_eager_last_q =
776 prev;
777 }
778 }
779 tcpp[0] = tcp->tcp_eager_next_q;
780 tcp->tcp_eager_next_q = NULL;
781 tcp->tcp_eager_last_q = NULL;
782 listener->tcp_conn_req_cnt_q--;
783 break;
784 }
785 prev = tcpp[0];
786 }
787 }
788 tcp->tcp_listener = NULL;
789 }
790
791 /*
792 * Reset any eager connection hanging off this listener
793 * and then reclaim it's resources.
794 */
795 static void
tcp_eager_cleanup(tcp_t * listener,boolean_t q0_only,int sock_id)796 tcp_eager_cleanup(tcp_t *listener, boolean_t q0_only, int sock_id)
797 {
798 tcp_t *eager;
799
800 if (!q0_only) {
801 /* First cleanup q */
802 while ((eager = listener->tcp_eager_next_q) != NULL) {
803 assert(listener->tcp_eager_last_q != NULL);
804 tcp_xmit_ctl("tcp_eager_cleanup, can't wait",
805 eager, NULL, eager->tcp_snxt, 0, TH_RST, 0,
806 sock_id);
807 tcp_close_detached(eager);
808 }
809 assert(listener->tcp_eager_last_q == NULL);
810 }
811 /* Then cleanup q0 */
812 while ((eager = listener->tcp_eager_next_q0) != listener) {
813 tcp_xmit_ctl("tcp_eager_cleanup, can't wait",
814 eager, NULL, eager->tcp_snxt, 0, TH_RST, 0, sock_id);
815 tcp_close_detached(eager);
816 }
817 }
818
819 /*
820 * To handle the shutdown request. Called from shutdown()
821 */
822 int
tcp_shutdown(int sock_id)823 tcp_shutdown(int sock_id)
824 {
825 tcp_t *tcp;
826
827 DEBUG_1("tcp_shutdown: sock_id %x\n", sock_id);
828
829 if ((tcp = sockets[sock_id].pcb) == NULL) {
830 return (-1);
831 }
832
833 /*
834 * Since inetboot is not interrupt driven, there may be
835 * some ACKs in the MAC's buffer. Drain them first,
836 * otherwise, we may not be able to send.
837 */
838 if (tcp_drain_input(tcp, sock_id, 5) < 0) {
839 /*
840 * If we return now without freeing TCP, there will be
841 * a memory leak.
842 */
843 if (sockets[sock_id].pcb != NULL)
844 tcp_clean_death(sock_id, tcp, 0);
845 return (-1);
846 }
847
848 DEBUG_1("tcp_shutdown: tcp_state %x\n", tcp->tcp_state);
849 switch (tcp->tcp_state) {
850
851 case TCPS_SYN_RCVD:
852 /*
853 * Shutdown during the connect 3-way handshake
854 */
855 case TCPS_ESTABLISHED:
856 /*
857 * Transmit the FIN
858 * wait for the FIN to be ACKed,
859 * then remain in FIN_WAIT_2
860 */
861 dprintf("tcp_shutdown: sending fin\n");
862 if (tcp_xmit_end(tcp, sock_id) == 0 &&
863 tcp_state_wait(sock_id, tcp, TCPS_FIN_WAIT_2) < 0) {
864 /* During the wait, TCP may be gone... */
865 if (sockets[sock_id].pcb == NULL)
866 return (-1);
867 }
868 dprintf("tcp_shutdown: done\n");
869 break;
870
871 default:
872 break;
873
874 }
875 return (0);
876 }
877
878 /* To handle closing of the socket */
879 static int
tcp_close(int sock_id)880 tcp_close(int sock_id)
881 {
882 char *msg;
883 tcp_t *tcp;
884 int error = 0;
885
886 if ((tcp = sockets[sock_id].pcb) == NULL) {
887 return (-1);
888 }
889
890 TCP_RUN_TIME_WAIT_COLLECTOR();
891
892 /*
893 * Since inetboot is not interrupt driven, there may be
894 * some ACKs in the MAC's buffer. Drain them first,
895 * otherwise, we may not be able to send.
896 */
897 if (tcp_drain_input(tcp, sock_id, 5) < 0) {
898 /*
899 * If we return now without freeing TCP, there will be
900 * a memory leak.
901 */
902 if (sockets[sock_id].pcb != NULL)
903 tcp_clean_death(sock_id, tcp, 0);
904 return (-1);
905 }
906
907 if (tcp->tcp_conn_req_cnt_q0 != 0 || tcp->tcp_conn_req_cnt_q != 0) {
908 /* Cleanup for listener */
909 tcp_eager_cleanup(tcp, 0, sock_id);
910 }
911
912 msg = NULL;
913 switch (tcp->tcp_state) {
914 case TCPS_CLOSED:
915 case TCPS_IDLE:
916 case TCPS_BOUND:
917 case TCPS_LISTEN:
918 break;
919 case TCPS_SYN_SENT:
920 msg = "tcp_close, during connect";
921 break;
922 case TCPS_SYN_RCVD:
923 /*
924 * Close during the connect 3-way handshake
925 * but here there may or may not be pending data
926 * already on queue. Process almost same as in
927 * the ESTABLISHED state.
928 */
929 /* FALLTHRU */
930 default:
931 /*
932 * If SO_LINGER has set a zero linger time, abort the
933 * connection with a reset.
934 */
935 if (tcp->tcp_linger && tcp->tcp_lingertime == 0) {
936 msg = "tcp_close, zero lingertime";
937 break;
938 }
939
940 /*
941 * Abort connection if there is unread data queued.
942 */
943 if (tcp->tcp_rcv_list != NULL ||
944 tcp->tcp_reass_head != NULL) {
945 msg = "tcp_close, unread data";
946 break;
947 }
948 if (tcp->tcp_state <= TCPS_LISTEN)
949 break;
950
951 /*
952 * Transmit the FIN before detaching the tcp_t.
953 * After tcp_detach returns this queue/perimeter
954 * no longer owns the tcp_t thus others can modify it.
955 * The TCP could be closed in tcp_state_wait called by
956 * tcp_wput_data called by tcp_xmit_end.
957 */
958 (void) tcp_xmit_end(tcp, sock_id);
959 if (sockets[sock_id].pcb == NULL)
960 return (0);
961
962 /*
963 * If lingering on close then wait until the fin is acked,
964 * the SO_LINGER time passes, or a reset is sent/received.
965 */
966 if (tcp->tcp_linger && tcp->tcp_lingertime > 0 &&
967 !(tcp->tcp_fin_acked) &&
968 tcp->tcp_state >= TCPS_ESTABLISHED) {
969 uint32_t stoptime; /* in ms */
970
971 tcp->tcp_client_errno = 0;
972 stoptime = prom_gettime() +
973 (tcp->tcp_lingertime * 1000);
974 while (!(tcp->tcp_fin_acked) &&
975 tcp->tcp_state >= TCPS_ESTABLISHED &&
976 tcp->tcp_client_errno == 0 &&
977 ((int32_t)(stoptime - prom_gettime()) > 0)) {
978 if (tcp_drain_input(tcp, sock_id, 5) < 0) {
979 if (sockets[sock_id].pcb != NULL) {
980 tcp_clean_death(sock_id,
981 tcp, 0);
982 }
983 return (-1);
984 }
985 }
986 tcp->tcp_client_errno = 0;
987 }
988 if (tcp_state_wait(sock_id, tcp, TCPS_TIME_WAIT) < 0) {
989 /* During the wait, TCP may be gone... */
990 if (sockets[sock_id].pcb == NULL)
991 return (0);
992 msg = "tcp_close, couldn't detach";
993 } else {
994 return (0);
995 }
996 break;
997 }
998
999 /* Something went wrong... Send a RST and report the error */
1000 if (msg != NULL) {
1001 if (tcp->tcp_state == TCPS_ESTABLISHED ||
1002 tcp->tcp_state == TCPS_CLOSE_WAIT)
1003 BUMP_MIB(tcp_mib.tcpEstabResets);
1004 if (tcp->tcp_state == TCPS_SYN_SENT ||
1005 tcp->tcp_state == TCPS_SYN_RCVD)
1006 BUMP_MIB(tcp_mib.tcpAttemptFails);
1007 tcp_xmit_ctl(msg, tcp, NULL, tcp->tcp_snxt, 0, TH_RST, 0,
1008 sock_id);
1009 }
1010
1011 tcp_free(tcp);
1012 bkmem_free((caddr_t)tcp, sizeof (tcp_t));
1013 sockets[sock_id].pcb = NULL;
1014 return (error);
1015 }
1016
1017 /* To make an endpoint a listener. */
1018 int
tcp_listen(int sock_id,int backlog)1019 tcp_listen(int sock_id, int backlog)
1020 {
1021 tcp_t *tcp;
1022
1023 if ((tcp = (tcp_t *)(sockets[sock_id].pcb)) == NULL) {
1024 errno = EINVAL;
1025 return (-1);
1026 }
1027 /* We allow calling listen() multiple times to change the backlog. */
1028 if (tcp->tcp_state > TCPS_LISTEN || tcp->tcp_state < TCPS_BOUND) {
1029 errno = EOPNOTSUPP;
1030 return (-1);
1031 }
1032 /* The following initialization should only be done once. */
1033 if (tcp->tcp_state != TCPS_LISTEN) {
1034 tcp->tcp_eager_next_q0 = tcp->tcp_eager_prev_q0 = tcp;
1035 tcp->tcp_eager_next_q = NULL;
1036 tcp->tcp_state = TCPS_LISTEN;
1037 tcp->tcp_second_ctimer_threshold = tcp_ip_abort_linterval;
1038 }
1039 if ((tcp->tcp_conn_req_max = backlog) > tcp_conn_req_max_q) {
1040 tcp->tcp_conn_req_max = tcp_conn_req_max_q;
1041 }
1042 if (tcp->tcp_conn_req_max < tcp_conn_req_min) {
1043 tcp->tcp_conn_req_max = tcp_conn_req_min;
1044 }
1045 return (0);
1046 }
1047
1048 /* To accept connections. */
1049 int
tcp_accept(int sock_id,struct sockaddr * addr,socklen_t * addr_len)1050 tcp_accept(int sock_id, struct sockaddr *addr, socklen_t *addr_len)
1051 {
1052 tcp_t *listener;
1053 tcp_t *eager;
1054 int sd, new_sock_id;
1055 struct sockaddr_in *new_addr = (struct sockaddr_in *)addr;
1056 int timeout;
1057
1058 /* Sanity check. */
1059 if ((listener = (tcp_t *)(sockets[sock_id].pcb)) == NULL ||
1060 new_addr == NULL || addr_len == NULL ||
1061 *addr_len < sizeof (struct sockaddr_in) ||
1062 listener->tcp_state != TCPS_LISTEN) {
1063 errno = EINVAL;
1064 return (-1);
1065 }
1066
1067 if (sockets[sock_id].in_timeout > tcp_accept_timeout)
1068 timeout = prom_gettime() + sockets[sock_id].in_timeout;
1069 else
1070 timeout = prom_gettime() + tcp_accept_timeout;
1071 while (listener->tcp_eager_next_q == NULL &&
1072 timeout > prom_gettime()) {
1073 #if DEBUG
1074 printf("tcp_accept: Waiting in tcp_accept()\n");
1075 #endif
1076 if (tcp_drain_input(listener, sock_id, 5) < 0) {
1077 return (-1);
1078 }
1079 }
1080 /* If there is an eager, don't timeout... */
1081 if (timeout <= prom_gettime() && listener->tcp_eager_next_q == NULL) {
1082 #if DEBUG
1083 printf("tcp_accept: timeout\n");
1084 #endif
1085 errno = ETIMEDOUT;
1086 return (-1);
1087 }
1088 #if DEBUG
1089 printf("tcp_accept: got a connection\n");
1090 #endif
1091
1092 /* Now create the socket for this new TCP. */
1093 if ((sd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
1094 return (-1);
1095 }
1096 if ((new_sock_id = so_check_fd(sd, &errno)) == -1)
1097 /* This should not happen! */
1098 prom_panic("so_check_fd() fails in tcp_accept()");
1099 /* Free the TCP PCB in the original socket. */
1100 bkmem_free((caddr_t)(sockets[new_sock_id].pcb), sizeof (tcp_t));
1101 /* Dequeue the eager and attach it to the socket. */
1102 eager = listener->tcp_eager_next_q;
1103 listener->tcp_eager_next_q = eager->tcp_eager_next_q;
1104 if (listener->tcp_eager_last_q == eager)
1105 listener->tcp_eager_last_q = NULL;
1106 eager->tcp_eager_next_q = NULL;
1107 sockets[new_sock_id].pcb = eager;
1108 listener->tcp_conn_req_cnt_q--;
1109
1110 /* Copy in the address info. */
1111 bcopy(&eager->tcp_remote, &new_addr->sin_addr.s_addr,
1112 sizeof (in_addr_t));
1113 bcopy(&eager->tcp_fport, &new_addr->sin_port, sizeof (in_port_t));
1114 new_addr->sin_family = AF_INET;
1115
1116 #ifdef DEBUG
1117 printf("tcp_accept(), new sock_id: %d\n", sd);
1118 #endif
1119 return (sd);
1120 }
1121
1122 /* Update the next anonymous port to use. */
1123 static in_port_t
tcp_update_next_port(in_port_t port)1124 tcp_update_next_port(in_port_t port)
1125 {
1126 /* Don't allow the port to fall out of the anonymous port range. */
1127 if (port < tcp_smallest_anon_port || port > tcp_largest_anon_port)
1128 port = (in_port_t)tcp_smallest_anon_port;
1129
1130 if (port < tcp_smallest_nonpriv_port)
1131 port = (in_port_t)tcp_smallest_nonpriv_port;
1132 return (port);
1133 }
1134
1135 /* To check whether a bind to a port is allowed. */
1136 static in_port_t
tcp_bindi(in_port_t port,in_addr_t * addr,boolean_t reuseaddr,boolean_t bind_to_req_port_only)1137 tcp_bindi(in_port_t port, in_addr_t *addr, boolean_t reuseaddr,
1138 boolean_t bind_to_req_port_only)
1139 {
1140 int i, count;
1141 tcp_t *tcp;
1142
1143 count = tcp_largest_anon_port - tcp_smallest_anon_port;
1144 try_again:
1145 for (i = 0; i < MAXSOCKET; i++) {
1146 if (sockets[i].type != INETBOOT_STREAM ||
1147 ((tcp = (tcp_t *)sockets[i].pcb) == NULL) ||
1148 ntohs(tcp->tcp_lport) != port) {
1149 continue;
1150 }
1151 /*
1152 * Both TCPs have the same port. If SO_REUSEDADDR is
1153 * set and the bound TCP has a state greater than
1154 * TCPS_LISTEN, it is fine.
1155 */
1156 if (reuseaddr && tcp->tcp_state > TCPS_LISTEN) {
1157 continue;
1158 }
1159 if (tcp->tcp_bound_source != INADDR_ANY &&
1160 *addr != INADDR_ANY &&
1161 tcp->tcp_bound_source != *addr) {
1162 continue;
1163 }
1164 if (bind_to_req_port_only) {
1165 return (0);
1166 }
1167 if (--count > 0) {
1168 port = tcp_update_next_port(++port);
1169 goto try_again;
1170 } else {
1171 return (0);
1172 }
1173 }
1174 return (port);
1175 }
1176
1177 /* To handle the bind request. */
1178 int
tcp_bind(int sock_id)1179 tcp_bind(int sock_id)
1180 {
1181 tcp_t *tcp;
1182 in_port_t requested_port, allocated_port;
1183 boolean_t bind_to_req_port_only;
1184 boolean_t reuseaddr;
1185
1186 if ((tcp = (tcp_t *)sockets[sock_id].pcb) == NULL) {
1187 errno = EINVAL;
1188 return (-1);
1189 }
1190
1191 if (tcp->tcp_state >= TCPS_BOUND) {
1192 /* We don't allow multiple bind(). */
1193 errno = EPROTO;
1194 return (-1);
1195 }
1196
1197 requested_port = ntohs(sockets[sock_id].bind.sin_port);
1198
1199 /* The bound source can be INADDR_ANY. */
1200 tcp->tcp_bound_source = sockets[sock_id].bind.sin_addr.s_addr;
1201
1202 tcp->tcp_ipha->ip_src.s_addr = tcp->tcp_bound_source;
1203
1204 /* Verify the port is available. */
1205 if (requested_port == 0)
1206 bind_to_req_port_only = B_FALSE;
1207 else /* T_BIND_REQ and requested_port != 0 */
1208 bind_to_req_port_only = B_TRUE;
1209
1210 if (requested_port == 0) {
1211 requested_port = tcp_update_next_port(++tcp_next_port_to_try);
1212 }
1213 reuseaddr = sockets[sock_id].so_opt & SO_REUSEADDR;
1214 allocated_port = tcp_bindi(requested_port, &(tcp->tcp_bound_source),
1215 reuseaddr, bind_to_req_port_only);
1216
1217 if (allocated_port == 0) {
1218 errno = EADDRINUSE;
1219 return (-1);
1220 }
1221 tcp->tcp_lport = htons(allocated_port);
1222 *(uint16_t *)tcp->tcp_tcph->th_lport = tcp->tcp_lport;
1223 sockets[sock_id].bind.sin_port = tcp->tcp_lport;
1224 tcp->tcp_state = TCPS_BOUND;
1225 return (0);
1226 }
1227
1228 /*
1229 * Check for duplicate TCP connections.
1230 */
1231 static int
tcp_conn_check(tcp_t * tcp)1232 tcp_conn_check(tcp_t *tcp)
1233 {
1234 int i;
1235 tcp_t *tmp_tcp;
1236
1237 for (i = 0; i < MAXSOCKET; i++) {
1238 if (sockets[i].type != INETBOOT_STREAM)
1239 continue;
1240 /* Socket may not be closed but the TCP can be gone. */
1241 if ((tmp_tcp = (tcp_t *)sockets[i].pcb) == NULL)
1242 continue;
1243 /* We only care about TCP in states later than SYN_SENT. */
1244 if (tmp_tcp->tcp_state < TCPS_SYN_SENT)
1245 continue;
1246 if (tmp_tcp->tcp_lport != tcp->tcp_lport ||
1247 tmp_tcp->tcp_fport != tcp->tcp_fport ||
1248 tmp_tcp->tcp_bound_source != tcp->tcp_bound_source ||
1249 tmp_tcp->tcp_remote != tcp->tcp_remote) {
1250 continue;
1251 } else {
1252 return (-1);
1253 }
1254 }
1255 return (0);
1256 }
1257
1258 /* To handle a connect request. */
1259 int
tcp_connect(int sock_id)1260 tcp_connect(int sock_id)
1261 {
1262 tcp_t *tcp;
1263 in_addr_t dstaddr;
1264 in_port_t dstport;
1265 tcph_t *tcph;
1266 int mss;
1267 mblk_t *syn_mp;
1268
1269 if ((tcp = (tcp_t *)(sockets[sock_id].pcb)) == NULL) {
1270 errno = EINVAL;
1271 return (-1);
1272 }
1273
1274 TCP_RUN_TIME_WAIT_COLLECTOR();
1275
1276 dstaddr = sockets[sock_id].remote.sin_addr.s_addr;
1277 dstport = sockets[sock_id].remote.sin_port;
1278
1279 /*
1280 * Check for attempt to connect to INADDR_ANY or non-unicast addrress.
1281 * We don't have enough info to check for broadcast addr, except
1282 * for the all 1 broadcast.
1283 */
1284 if (dstaddr == INADDR_ANY || IN_CLASSD(ntohl(dstaddr)) ||
1285 dstaddr == INADDR_BROADCAST) {
1286 /*
1287 * SunOS 4.x and 4.3 BSD allow an application
1288 * to connect a TCP socket to INADDR_ANY.
1289 * When they do this, the kernel picks the
1290 * address of one interface and uses it
1291 * instead. The kernel usually ends up
1292 * picking the address of the loopback
1293 * interface. This is an undocumented feature.
1294 * However, we provide the same thing here
1295 * in order to have source and binary
1296 * compatibility with SunOS 4.x.
1297 * Update the T_CONN_REQ (sin/sin6) since it is used to
1298 * generate the T_CONN_CON.
1299 *
1300 * Fail this for inetboot TCP.
1301 */
1302 errno = EINVAL;
1303 return (-1);
1304 }
1305
1306 /* It is not bound to any address yet... */
1307 if (tcp->tcp_bound_source == INADDR_ANY) {
1308 ipv4_getipaddr(&(sockets[sock_id].bind.sin_addr));
1309 /* We don't have an address! */
1310 if (ntohl(sockets[sock_id].bind.sin_addr.s_addr) ==
1311 INADDR_ANY) {
1312 errno = EPROTO;
1313 return (-1);
1314 }
1315 tcp->tcp_bound_source = sockets[sock_id].bind.sin_addr.s_addr;
1316 tcp->tcp_ipha->ip_src.s_addr = tcp->tcp_bound_source;
1317 }
1318
1319 /*
1320 * Don't let an endpoint connect to itself.
1321 */
1322 if (dstaddr == tcp->tcp_ipha->ip_src.s_addr &&
1323 dstport == tcp->tcp_lport) {
1324 errno = EINVAL;
1325 return (-1);
1326 }
1327
1328 tcp->tcp_ipha->ip_dst.s_addr = dstaddr;
1329 tcp->tcp_remote = dstaddr;
1330 tcph = tcp->tcp_tcph;
1331 *(uint16_t *)tcph->th_fport = dstport;
1332 tcp->tcp_fport = dstport;
1333
1334 /*
1335 * Don't allow this connection to completely duplicate
1336 * an existing connection.
1337 */
1338 if (tcp_conn_check(tcp) < 0) {
1339 errno = EADDRINUSE;
1340 return (-1);
1341 }
1342
1343 /*
1344 * Just make sure our rwnd is at
1345 * least tcp_recv_hiwat_mss * MSS
1346 * large, and round up to the nearest
1347 * MSS.
1348 *
1349 * We do the round up here because
1350 * we need to get the interface
1351 * MTU first before we can do the
1352 * round up.
1353 */
1354 mss = tcp->tcp_mss - tcp->tcp_hdr_len;
1355 tcp->tcp_rwnd = MAX(MSS_ROUNDUP(tcp->tcp_rwnd, mss),
1356 tcp_recv_hiwat_minmss * mss);
1357 tcp->tcp_rwnd_max = tcp->tcp_rwnd;
1358 SET_WS_VALUE(tcp);
1359 U32_TO_ABE16((tcp->tcp_rwnd >> tcp->tcp_rcv_ws),
1360 tcp->tcp_tcph->th_win);
1361 if (tcp->tcp_rcv_ws > 0 || tcp_wscale_always)
1362 tcp->tcp_snd_ws_ok = B_TRUE;
1363
1364 /*
1365 * Set tcp_snd_ts_ok to true
1366 * so that tcp_xmit_mp will
1367 * include the timestamp
1368 * option in the SYN segment.
1369 */
1370 if (tcp_tstamp_always ||
1371 (tcp->tcp_rcv_ws && tcp_tstamp_if_wscale)) {
1372 tcp->tcp_snd_ts_ok = B_TRUE;
1373 }
1374
1375 if (tcp_sack_permitted == 2 ||
1376 tcp->tcp_snd_sack_ok) {
1377 assert(tcp->tcp_sack_info == NULL);
1378 if ((tcp->tcp_sack_info = (tcp_sack_info_t *)bkmem_zalloc(
1379 sizeof (tcp_sack_info_t))) == NULL) {
1380 tcp->tcp_snd_sack_ok = B_FALSE;
1381 } else {
1382 tcp->tcp_snd_sack_ok = B_TRUE;
1383 }
1384 }
1385 /*
1386 * Should we use ECN? Note that the current
1387 * default value (SunOS 5.9) of tcp_ecn_permitted
1388 * is 2. The reason for doing this is that there
1389 * are equipments out there that will drop ECN
1390 * enabled IP packets. Setting it to 1 avoids
1391 * compatibility problems.
1392 */
1393 if (tcp_ecn_permitted == 2)
1394 tcp->tcp_ecn_ok = B_TRUE;
1395
1396 tcp_iss_init(tcp);
1397 TCP_TIMER_RESTART(tcp, tcp->tcp_rto);
1398 tcp->tcp_active_open = B_TRUE;
1399
1400 tcp->tcp_state = TCPS_SYN_SENT;
1401 syn_mp = tcp_xmit_mp(tcp, NULL, 0, NULL, NULL, tcp->tcp_iss, B_FALSE,
1402 NULL, B_FALSE);
1403 if (syn_mp != NULL) {
1404 int ret;
1405
1406 /* Dump the packet when debugging. */
1407 TCP_DUMP_PACKET("tcp_connect", syn_mp);
1408 /* Send out the SYN packet. */
1409 ret = ipv4_tcp_output(sock_id, syn_mp);
1410 freeb(syn_mp);
1411 /*
1412 * errno ETIMEDOUT is set by the mac driver
1413 * in case it is not able to receive ARP reply.
1414 * TCP will retransmit this segment so we can
1415 * ignore the ARP timeout.
1416 */
1417 if ((ret < 0) && (errno != ETIMEDOUT)) {
1418 return (-1);
1419 }
1420 /* tcp_state_wait() will finish the 3 way handshake. */
1421 return (tcp_state_wait(sock_id, tcp, TCPS_ESTABLISHED));
1422 } else {
1423 errno = ENOBUFS;
1424 return (-1);
1425 }
1426 }
1427
1428 /*
1429 * Common accept code. Called by tcp_conn_request.
1430 * cr_pkt is the SYN packet.
1431 */
1432 static int
tcp_accept_comm(tcp_t * listener,tcp_t * acceptor,mblk_t * cr_pkt,uint_t ip_hdr_len)1433 tcp_accept_comm(tcp_t *listener, tcp_t *acceptor, mblk_t *cr_pkt,
1434 uint_t ip_hdr_len)
1435 {
1436 tcph_t *tcph;
1437
1438 #ifdef DEBUG
1439 printf("tcp_accept_comm #######################\n");
1440 #endif
1441
1442 /*
1443 * When we get here, we know that the acceptor header template
1444 * has already been initialized.
1445 * However, it may not match the listener if the listener
1446 * includes options...
1447 * It may also not match the listener if the listener is v6 and
1448 * and the acceptor is v4
1449 */
1450 acceptor->tcp_lport = listener->tcp_lport;
1451
1452 if (listener->tcp_ipversion == acceptor->tcp_ipversion) {
1453 if (acceptor->tcp_iphc_len != listener->tcp_iphc_len) {
1454 /*
1455 * Listener had options of some sort; acceptor inherits.
1456 * Free up the acceptor template and allocate one
1457 * of the right size.
1458 */
1459 bkmem_free(acceptor->tcp_iphc, acceptor->tcp_iphc_len);
1460 acceptor->tcp_iphc = bkmem_zalloc(
1461 listener->tcp_iphc_len);
1462 if (acceptor->tcp_iphc == NULL) {
1463 acceptor->tcp_iphc_len = 0;
1464 return (ENOMEM);
1465 }
1466 acceptor->tcp_iphc_len = listener->tcp_iphc_len;
1467 }
1468 acceptor->tcp_hdr_len = listener->tcp_hdr_len;
1469 acceptor->tcp_ip_hdr_len = listener->tcp_ip_hdr_len;
1470 acceptor->tcp_tcp_hdr_len = listener->tcp_tcp_hdr_len;
1471
1472 /*
1473 * Copy the IP+TCP header template from listener to acceptor
1474 */
1475 bcopy(listener->tcp_iphc, acceptor->tcp_iphc,
1476 listener->tcp_hdr_len);
1477 acceptor->tcp_ipha = (struct ip *)acceptor->tcp_iphc;
1478 acceptor->tcp_tcph = (tcph_t *)(acceptor->tcp_iphc +
1479 acceptor->tcp_ip_hdr_len);
1480 } else {
1481 prom_panic("tcp_accept_comm: version not equal");
1482 }
1483
1484 /* Copy our new dest and fport from the connection request packet */
1485 if (acceptor->tcp_ipversion == IPV4_VERSION) {
1486 struct ip *ipha;
1487
1488 ipha = (struct ip *)cr_pkt->b_rptr;
1489 acceptor->tcp_ipha->ip_dst = ipha->ip_src;
1490 acceptor->tcp_remote = ipha->ip_src.s_addr;
1491 acceptor->tcp_ipha->ip_src = ipha->ip_dst;
1492 acceptor->tcp_bound_source = ipha->ip_dst.s_addr;
1493 tcph = (tcph_t *)&cr_pkt->b_rptr[ip_hdr_len];
1494 } else {
1495 prom_panic("tcp_accept_comm: not IPv4");
1496 }
1497 bcopy(tcph->th_lport, acceptor->tcp_tcph->th_fport, sizeof (in_port_t));
1498 bcopy(acceptor->tcp_tcph->th_fport, &acceptor->tcp_fport,
1499 sizeof (in_port_t));
1500 /*
1501 * For an all-port proxy listener, the local port is determined by
1502 * the port number field in the SYN packet.
1503 */
1504 if (listener->tcp_lport == 0) {
1505 acceptor->tcp_lport = *(in_port_t *)tcph->th_fport;
1506 bcopy(tcph->th_fport, acceptor->tcp_tcph->th_lport,
1507 sizeof (in_port_t));
1508 }
1509 /* Inherit various TCP parameters from the listener */
1510 acceptor->tcp_naglim = listener->tcp_naglim;
1511 acceptor->tcp_first_timer_threshold =
1512 listener->tcp_first_timer_threshold;
1513 acceptor->tcp_second_timer_threshold =
1514 listener->tcp_second_timer_threshold;
1515
1516 acceptor->tcp_first_ctimer_threshold =
1517 listener->tcp_first_ctimer_threshold;
1518 acceptor->tcp_second_ctimer_threshold =
1519 listener->tcp_second_ctimer_threshold;
1520
1521 acceptor->tcp_xmit_hiwater = listener->tcp_xmit_hiwater;
1522
1523 acceptor->tcp_state = TCPS_LISTEN;
1524 tcp_iss_init(acceptor);
1525
1526 /* Process all TCP options. */
1527 tcp_process_options(acceptor, tcph);
1528
1529 /* Is the other end ECN capable? */
1530 if (tcp_ecn_permitted >= 1 &&
1531 (tcph->th_flags[0] & (TH_ECE|TH_CWR)) == (TH_ECE|TH_CWR)) {
1532 acceptor->tcp_ecn_ok = B_TRUE;
1533 }
1534
1535 /*
1536 * listener->tcp_rq->q_hiwat should be the default window size or a
1537 * window size changed via SO_RCVBUF option. First round up the
1538 * acceptor's tcp_rwnd to the nearest MSS. Then find out the window
1539 * scale option value if needed. Call tcp_rwnd_set() to finish the
1540 * setting.
1541 *
1542 * Note if there is a rpipe metric associated with the remote host,
1543 * we should not inherit receive window size from listener.
1544 */
1545 acceptor->tcp_rwnd = MSS_ROUNDUP(
1546 (acceptor->tcp_rwnd == 0 ? listener->tcp_rwnd_max :
1547 acceptor->tcp_rwnd), acceptor->tcp_mss);
1548 if (acceptor->tcp_snd_ws_ok)
1549 SET_WS_VALUE(acceptor);
1550 /*
1551 * Note that this is the only place tcp_rwnd_set() is called for
1552 * accepting a connection. We need to call it here instead of
1553 * after the 3-way handshake because we need to tell the other
1554 * side our rwnd in the SYN-ACK segment.
1555 */
1556 (void) tcp_rwnd_set(acceptor, acceptor->tcp_rwnd);
1557
1558 return (0);
1559 }
1560
1561 /*
1562 * Defense for the SYN attack -
1563 * 1. When q0 is full, drop from the tail (tcp_eager_prev_q0) the oldest
1564 * one that doesn't have the dontdrop bit set.
1565 * 2. Don't drop a SYN request before its first timeout. This gives every
1566 * request at least til the first timeout to complete its 3-way handshake.
1567 * 3. The current threshold is - # of timeout > q0len/4 => SYN alert on
1568 * # of timeout drops back to <= q0len/32 => SYN alert off
1569 */
1570 static boolean_t
tcp_drop_q0(tcp_t * tcp)1571 tcp_drop_q0(tcp_t *tcp)
1572 {
1573 tcp_t *eager;
1574
1575 assert(tcp->tcp_eager_next_q0 != tcp->tcp_eager_prev_q0);
1576 /*
1577 * New one is added after next_q0 so prev_q0 points to the oldest
1578 * Also do not drop any established connections that are deferred on
1579 * q0 due to q being full
1580 */
1581
1582 eager = tcp->tcp_eager_prev_q0;
1583 while (eager->tcp_dontdrop || eager->tcp_conn_def_q0) {
1584 /* XXX should move the eager to the head */
1585 eager = eager->tcp_eager_prev_q0;
1586 if (eager == tcp) {
1587 eager = tcp->tcp_eager_prev_q0;
1588 break;
1589 }
1590 }
1591 dprintf("tcp_drop_q0: listen half-open queue (max=%d) overflow"
1592 " (%d pending) on %s, drop one", tcp_conn_req_max_q0,
1593 tcp->tcp_conn_req_cnt_q0,
1594 tcp_display(tcp, NULL, DISP_PORT_ONLY));
1595
1596 BUMP_MIB(tcp_mib.tcpHalfOpenDrop);
1597 bkmem_free((caddr_t)eager, sizeof (tcp_t));
1598 return (B_TRUE);
1599 }
1600
1601 /* ARGSUSED */
1602 static tcp_t *
tcp_conn_request(tcp_t * tcp,mblk_t * mp,uint_t sock_id,uint_t ip_hdr_len)1603 tcp_conn_request(tcp_t *tcp, mblk_t *mp, uint_t sock_id, uint_t ip_hdr_len)
1604 {
1605 tcp_t *eager;
1606 struct ip *ipha;
1607 int err;
1608
1609 #ifdef DEBUG
1610 printf("tcp_conn_request ###################\n");
1611 #endif
1612
1613 if (tcp->tcp_conn_req_cnt_q >= tcp->tcp_conn_req_max) {
1614 BUMP_MIB(tcp_mib.tcpListenDrop);
1615 dprintf("tcp_conn_request: listen backlog (max=%d) "
1616 "overflow (%d pending) on %s",
1617 tcp->tcp_conn_req_max, tcp->tcp_conn_req_cnt_q,
1618 tcp_display(tcp, NULL, DISP_PORT_ONLY));
1619 return (NULL);
1620 }
1621
1622 assert(OK_32PTR(mp->b_rptr));
1623
1624 if (tcp->tcp_conn_req_cnt_q0 >=
1625 tcp->tcp_conn_req_max + tcp_conn_req_max_q0) {
1626 /*
1627 * Q0 is full. Drop a pending half-open req from the queue
1628 * to make room for the new SYN req. Also mark the time we
1629 * drop a SYN.
1630 */
1631 tcp->tcp_last_rcv_lbolt = prom_gettime();
1632 if (!tcp_drop_q0(tcp)) {
1633 freemsg(mp);
1634 BUMP_MIB(tcp_mib.tcpListenDropQ0);
1635 dprintf("tcp_conn_request: listen half-open queue "
1636 "(max=%d) full (%d pending) on %s",
1637 tcp_conn_req_max_q0,
1638 tcp->tcp_conn_req_cnt_q0,
1639 tcp_display(tcp, NULL, DISP_PORT_ONLY));
1640 return (NULL);
1641 }
1642 }
1643
1644 ipha = (struct ip *)mp->b_rptr;
1645 if (IN_CLASSD(ntohl(ipha->ip_src.s_addr)) ||
1646 ipha->ip_src.s_addr == INADDR_BROADCAST ||
1647 ipha->ip_src.s_addr == INADDR_ANY ||
1648 ipha->ip_dst.s_addr == INADDR_BROADCAST) {
1649 freemsg(mp);
1650 return (NULL);
1651 }
1652 /*
1653 * We allow the connection to proceed
1654 * by generating a detached tcp state vector and put it in
1655 * the eager queue. When an accept happens, it will be
1656 * dequeued sequentially.
1657 */
1658 if ((eager = (tcp_t *)bkmem_alloc(sizeof (tcp_t))) == NULL) {
1659 freemsg(mp);
1660 errno = ENOBUFS;
1661 return (NULL);
1662 }
1663 if ((errno = tcp_init_values(eager, NULL)) != 0) {
1664 freemsg(mp);
1665 bkmem_free((caddr_t)eager, sizeof (tcp_t));
1666 return (NULL);
1667 }
1668
1669 /*
1670 * Eager connection inherits address form from its listener,
1671 * but its packet form comes from the version of the received
1672 * SYN segment.
1673 */
1674 eager->tcp_family = tcp->tcp_family;
1675
1676 err = tcp_accept_comm(tcp, eager, mp, ip_hdr_len);
1677 if (err) {
1678 bkmem_free((caddr_t)eager, sizeof (tcp_t));
1679 return (NULL);
1680 }
1681
1682 tcp->tcp_eager_next_q0->tcp_eager_prev_q0 = eager;
1683 eager->tcp_eager_next_q0 = tcp->tcp_eager_next_q0;
1684 tcp->tcp_eager_next_q0 = eager;
1685 eager->tcp_eager_prev_q0 = tcp;
1686
1687 /* Set tcp_listener before adding it to tcp_conn_fanout */
1688 eager->tcp_listener = tcp;
1689 tcp->tcp_conn_req_cnt_q0++;
1690
1691 return (eager);
1692 }
1693
1694 /*
1695 * To get around the non-interrupt problem of inetboot.
1696 * Keep on processing packets until a certain state is reached or the
1697 * TCP is destroyed because of getting a RST packet.
1698 */
1699 static int
tcp_state_wait(int sock_id,tcp_t * tcp,int state)1700 tcp_state_wait(int sock_id, tcp_t *tcp, int state)
1701 {
1702 int i;
1703 struct inetgram *in_gram;
1704 mblk_t *mp;
1705 int timeout;
1706 boolean_t changed = B_FALSE;
1707
1708 /*
1709 * We need to make sure that the MAC does not wait longer
1710 * than RTO for any packet so that TCP can do retransmission.
1711 * But if the MAC timeout is less than tcp_rto, we are fine
1712 * and do not need to change it.
1713 */
1714 timeout = sockets[sock_id].in_timeout;
1715 if (timeout > tcp->tcp_rto) {
1716 sockets[sock_id].in_timeout = tcp->tcp_rto;
1717 changed = B_TRUE;
1718 }
1719 retry:
1720 if (sockets[sock_id].inq == NULL) {
1721 /* Go out and check the wire */
1722 for (i = MEDIA_LVL; i < TRANSPORT_LVL; i++) {
1723 if (sockets[sock_id].input[i] != NULL) {
1724 if (sockets[sock_id].input[i](sock_id) < 0) {
1725 if (changed) {
1726 sockets[sock_id].in_timeout =
1727 timeout;
1728 }
1729 return (-1);
1730 }
1731 }
1732 }
1733 }
1734
1735 while ((in_gram = sockets[sock_id].inq) != NULL) {
1736 if (tcp != NULL && tcp->tcp_state == state)
1737 break;
1738
1739 /* Remove unknown inetgrams from the head of inq. */
1740 if (in_gram->igm_level != TRANSPORT_LVL) {
1741 #ifdef DEBUG
1742 printf("tcp_state_wait for state %d: unexpected "
1743 "packet level %d frame found\n", state,
1744 in_gram->igm_level);
1745 #endif
1746 del_gram(&sockets[sock_id].inq, in_gram, B_TRUE);
1747 continue;
1748 }
1749 mp = in_gram->igm_mp;
1750 del_gram(&sockets[sock_id].inq, in_gram, B_FALSE);
1751 bkmem_free((caddr_t)in_gram, sizeof (struct inetgram));
1752 tcp_rput_data(tcp, mp, sock_id);
1753
1754 /*
1755 * The other side may have closed this connection or
1756 * RST us. But we need to continue to process other
1757 * packets in the socket's queue because they may be
1758 * belong to another TCP connections.
1759 */
1760 if (sockets[sock_id].pcb == NULL) {
1761 tcp = NULL;
1762 }
1763 }
1764
1765 /* If the other side has closed the connection, just return. */
1766 if (tcp == NULL || sockets[sock_id].pcb == NULL) {
1767 #ifdef DEBUG
1768 printf("tcp_state_wait other side dead: state %d "
1769 "error %d\n", state, sockets[sock_id].so_error);
1770 #endif
1771 if (sockets[sock_id].so_error != 0)
1772 return (-1);
1773 else
1774 return (0);
1775 }
1776 /*
1777 * TCPS_ALL_ACKED is not a valid TCP state, it is just used as an
1778 * indicator to tcp_state_wait to mean that it is being called
1779 * to wait till we have received acks for all the new segments sent.
1780 */
1781 if ((state == TCPS_ALL_ACKED) && (tcp->tcp_suna == tcp->tcp_snxt)) {
1782 goto done;
1783 }
1784 if (tcp->tcp_state != state) {
1785 if (prom_gettime() > tcp->tcp_rto_timeout)
1786 tcp_timer(tcp, sock_id);
1787 goto retry;
1788 }
1789 done:
1790 if (changed)
1791 sockets[sock_id].in_timeout = timeout;
1792
1793 tcp_drain_needed(sock_id, tcp);
1794 return (0);
1795 }
1796
1797 /* Verify the checksum of a segment. */
1798 static int
tcp_verify_cksum(mblk_t * mp)1799 tcp_verify_cksum(mblk_t *mp)
1800 {
1801 struct ip *iph;
1802 tcpha_t *tcph;
1803 int len;
1804 uint16_t old_sum;
1805
1806 iph = (struct ip *)mp->b_rptr;
1807 tcph = (tcpha_t *)(iph + 1);
1808 len = ntohs(iph->ip_len);
1809
1810 /*
1811 * Calculate the TCP checksum. Need to include the psuedo header,
1812 * which is similar to the real IP header starting at the TTL field.
1813 */
1814 iph->ip_sum = htons(len - IP_SIMPLE_HDR_LENGTH);
1815 old_sum = tcph->tha_sum;
1816 tcph->tha_sum = 0;
1817 iph->ip_ttl = 0;
1818 if (old_sum == tcp_cksum((uint16_t *)&(iph->ip_ttl),
1819 len - IP_SIMPLE_HDR_LENGTH + 12)) {
1820 return (0);
1821 } else {
1822 tcp_cksum_errors++;
1823 return (-1);
1824 }
1825 }
1826
1827 /* To find a TCP connection matching the incoming segment. */
1828 static tcp_t *
tcp_lookup_ipv4(struct ip * iph,tcpha_t * tcph,int min_state,int * sock_id)1829 tcp_lookup_ipv4(struct ip *iph, tcpha_t *tcph, int min_state, int *sock_id)
1830 {
1831 int i;
1832 tcp_t *tcp;
1833
1834 for (i = 0; i < MAXSOCKET; i++) {
1835 if (sockets[i].type == INETBOOT_STREAM &&
1836 (tcp = (tcp_t *)sockets[i].pcb) != NULL) {
1837 if (tcph->tha_lport == tcp->tcp_fport &&
1838 tcph->tha_fport == tcp->tcp_lport &&
1839 iph->ip_src.s_addr == tcp->tcp_remote &&
1840 iph->ip_dst.s_addr == tcp->tcp_bound_source &&
1841 tcp->tcp_state >= min_state) {
1842 *sock_id = i;
1843 return (tcp);
1844 }
1845 }
1846 }
1847 /* Find it in the time wait list. */
1848 for (tcp = tcp_time_wait_head; tcp != NULL;
1849 tcp = tcp->tcp_time_wait_next) {
1850 if (tcph->tha_lport == tcp->tcp_fport &&
1851 tcph->tha_fport == tcp->tcp_lport &&
1852 iph->ip_src.s_addr == tcp->tcp_remote &&
1853 iph->ip_dst.s_addr == tcp->tcp_bound_source &&
1854 tcp->tcp_state >= min_state) {
1855 *sock_id = -1;
1856 return (tcp);
1857 }
1858 }
1859 return (NULL);
1860 }
1861
1862 /* To find a TCP listening connection matching the incoming segment. */
1863 static tcp_t *
tcp_lookup_listener_ipv4(in_addr_t addr,in_port_t port,int * sock_id)1864 tcp_lookup_listener_ipv4(in_addr_t addr, in_port_t port, int *sock_id)
1865 {
1866 int i;
1867 tcp_t *tcp;
1868
1869 for (i = 0; i < MAXSOCKET; i++) {
1870 if (sockets[i].type == INETBOOT_STREAM &&
1871 (tcp = (tcp_t *)sockets[i].pcb) != NULL) {
1872 if (tcp->tcp_lport == port &&
1873 (tcp->tcp_bound_source == addr ||
1874 tcp->tcp_bound_source == INADDR_ANY)) {
1875 *sock_id = i;
1876 return (tcp);
1877 }
1878 }
1879 }
1880
1881 return (NULL);
1882 }
1883
1884 /* To find a TCP eager matching the incoming segment. */
1885 static tcp_t *
tcp_lookup_eager_ipv4(tcp_t * listener,struct ip * iph,tcpha_t * tcph)1886 tcp_lookup_eager_ipv4(tcp_t *listener, struct ip *iph, tcpha_t *tcph)
1887 {
1888 tcp_t *tcp;
1889
1890 #ifdef DEBUG
1891 printf("tcp_lookup_eager_ipv4 ###############\n");
1892 #endif
1893 for (tcp = listener->tcp_eager_next_q; tcp != NULL;
1894 tcp = tcp->tcp_eager_next_q) {
1895 if (tcph->tha_lport == tcp->tcp_fport &&
1896 tcph->tha_fport == tcp->tcp_lport &&
1897 iph->ip_src.s_addr == tcp->tcp_remote &&
1898 iph->ip_dst.s_addr == tcp->tcp_bound_source) {
1899 return (tcp);
1900 }
1901 }
1902
1903 for (tcp = listener->tcp_eager_next_q0; tcp != listener;
1904 tcp = tcp->tcp_eager_next_q0) {
1905 if (tcph->tha_lport == tcp->tcp_fport &&
1906 tcph->tha_fport == tcp->tcp_lport &&
1907 iph->ip_src.s_addr == tcp->tcp_remote &&
1908 iph->ip_dst.s_addr == tcp->tcp_bound_source) {
1909 return (tcp);
1910 }
1911 }
1912 #ifdef DEBUG
1913 printf("No eager found\n");
1914 #endif
1915 return (NULL);
1916 }
1917
1918 /* To destroy a TCP control block. */
1919 static void
tcp_clean_death(int sock_id,tcp_t * tcp,int err)1920 tcp_clean_death(int sock_id, tcp_t *tcp, int err)
1921 {
1922 tcp_free(tcp);
1923 if (tcp->tcp_state == TCPS_TIME_WAIT)
1924 tcp_time_wait_remove(tcp);
1925
1926 if (sock_id >= 0) {
1927 sockets[sock_id].pcb = NULL;
1928 if (err != 0)
1929 sockets[sock_id].so_error = err;
1930 }
1931 bkmem_free((caddr_t)tcp, sizeof (tcp_t));
1932 }
1933
1934 /*
1935 * tcp_rwnd_set() is called to adjust the receive window to a desired value.
1936 * We do not allow the receive window to shrink. After setting rwnd,
1937 * set the flow control hiwat of the stream.
1938 *
1939 * This function is called in 2 cases:
1940 *
1941 * 1) Before data transfer begins, in tcp_accept_comm() for accepting a
1942 * connection (passive open) and in tcp_rput_data() for active connect.
1943 * This is called after tcp_mss_set() when the desired MSS value is known.
1944 * This makes sure that our window size is a mutiple of the other side's
1945 * MSS.
1946 * 2) Handling SO_RCVBUF option.
1947 *
1948 * It is ASSUMED that the requested size is a multiple of the current MSS.
1949 *
1950 * XXX - Should allow a lower rwnd than tcp_recv_hiwat_minmss * mss if the
1951 * user requests so.
1952 */
1953 static int
tcp_rwnd_set(tcp_t * tcp,uint32_t rwnd)1954 tcp_rwnd_set(tcp_t *tcp, uint32_t rwnd)
1955 {
1956 uint32_t mss = tcp->tcp_mss;
1957 uint32_t old_max_rwnd;
1958 uint32_t max_transmittable_rwnd;
1959
1960 if (tcp->tcp_rwnd_max != 0)
1961 old_max_rwnd = tcp->tcp_rwnd_max;
1962 else
1963 old_max_rwnd = tcp->tcp_rwnd;
1964
1965 /*
1966 * Insist on a receive window that is at least
1967 * tcp_recv_hiwat_minmss * MSS (default 4 * MSS) to avoid
1968 * funny TCP interactions of Nagle algorithm, SWS avoidance
1969 * and delayed acknowledgement.
1970 */
1971 rwnd = MAX(rwnd, tcp_recv_hiwat_minmss * mss);
1972
1973 /*
1974 * If window size info has already been exchanged, TCP should not
1975 * shrink the window. Shrinking window is doable if done carefully.
1976 * We may add that support later. But so far there is not a real
1977 * need to do that.
1978 */
1979 if (rwnd < old_max_rwnd && tcp->tcp_state > TCPS_SYN_SENT) {
1980 /* MSS may have changed, do a round up again. */
1981 rwnd = MSS_ROUNDUP(old_max_rwnd, mss);
1982 }
1983
1984 /*
1985 * tcp_rcv_ws starts with TCP_MAX_WINSHIFT so the following check
1986 * can be applied even before the window scale option is decided.
1987 */
1988 max_transmittable_rwnd = TCP_MAXWIN << tcp->tcp_rcv_ws;
1989 if (rwnd > max_transmittable_rwnd) {
1990 rwnd = max_transmittable_rwnd -
1991 (max_transmittable_rwnd % mss);
1992 if (rwnd < mss)
1993 rwnd = max_transmittable_rwnd;
1994 /*
1995 * If we're over the limit we may have to back down tcp_rwnd.
1996 * The increment below won't work for us. So we set all three
1997 * here and the increment below will have no effect.
1998 */
1999 tcp->tcp_rwnd = old_max_rwnd = rwnd;
2000 }
2001
2002 /*
2003 * Increment the current rwnd by the amount the maximum grew (we
2004 * can not overwrite it since we might be in the middle of a
2005 * connection.)
2006 */
2007 tcp->tcp_rwnd += rwnd - old_max_rwnd;
2008 U32_TO_ABE16(tcp->tcp_rwnd >> tcp->tcp_rcv_ws, tcp->tcp_tcph->th_win);
2009 if ((tcp->tcp_rcv_ws > 0) && rwnd > tcp->tcp_cwnd_max)
2010 tcp->tcp_cwnd_max = rwnd;
2011 tcp->tcp_rwnd_max = rwnd;
2012
2013 return (rwnd);
2014 }
2015
2016 /*
2017 * Extract option values from a tcp header. We put any found values into the
2018 * tcpopt struct and return a bitmask saying which options were found.
2019 */
2020 static int
tcp_parse_options(tcph_t * tcph,tcp_opt_t * tcpopt)2021 tcp_parse_options(tcph_t *tcph, tcp_opt_t *tcpopt)
2022 {
2023 uchar_t *endp;
2024 int len;
2025 uint32_t mss;
2026 uchar_t *up = (uchar_t *)tcph;
2027 int found = 0;
2028 int32_t sack_len;
2029 tcp_seq sack_begin, sack_end;
2030 tcp_t *tcp;
2031
2032 endp = up + TCP_HDR_LENGTH(tcph);
2033 up += TCP_MIN_HEADER_LENGTH;
2034 while (up < endp) {
2035 len = endp - up;
2036 switch (*up) {
2037 case TCPOPT_EOL:
2038 break;
2039
2040 case TCPOPT_NOP:
2041 up++;
2042 continue;
2043
2044 case TCPOPT_MAXSEG:
2045 if (len < TCPOPT_MAXSEG_LEN ||
2046 up[1] != TCPOPT_MAXSEG_LEN)
2047 break;
2048
2049 mss = BE16_TO_U16(up+2);
2050 /* Caller must handle tcp_mss_min and tcp_mss_max_* */
2051 tcpopt->tcp_opt_mss = mss;
2052 found |= TCP_OPT_MSS_PRESENT;
2053
2054 up += TCPOPT_MAXSEG_LEN;
2055 continue;
2056
2057 case TCPOPT_WSCALE:
2058 if (len < TCPOPT_WS_LEN || up[1] != TCPOPT_WS_LEN)
2059 break;
2060
2061 if (up[2] > TCP_MAX_WINSHIFT)
2062 tcpopt->tcp_opt_wscale = TCP_MAX_WINSHIFT;
2063 else
2064 tcpopt->tcp_opt_wscale = up[2];
2065 found |= TCP_OPT_WSCALE_PRESENT;
2066
2067 up += TCPOPT_WS_LEN;
2068 continue;
2069
2070 case TCPOPT_SACK_PERMITTED:
2071 if (len < TCPOPT_SACK_OK_LEN ||
2072 up[1] != TCPOPT_SACK_OK_LEN)
2073 break;
2074 found |= TCP_OPT_SACK_OK_PRESENT;
2075 up += TCPOPT_SACK_OK_LEN;
2076 continue;
2077
2078 case TCPOPT_SACK:
2079 if (len <= 2 || up[1] <= 2 || len < up[1])
2080 break;
2081
2082 /* If TCP is not interested in SACK blks... */
2083 if ((tcp = tcpopt->tcp) == NULL) {
2084 up += up[1];
2085 continue;
2086 }
2087 sack_len = up[1] - TCPOPT_HEADER_LEN;
2088 up += TCPOPT_HEADER_LEN;
2089
2090 /*
2091 * If the list is empty, allocate one and assume
2092 * nothing is sack'ed.
2093 */
2094 assert(tcp->tcp_sack_info != NULL);
2095 if (tcp->tcp_notsack_list == NULL) {
2096 tcp_notsack_update(&(tcp->tcp_notsack_list),
2097 tcp->tcp_suna, tcp->tcp_snxt,
2098 &(tcp->tcp_num_notsack_blk),
2099 &(tcp->tcp_cnt_notsack_list));
2100
2101 /*
2102 * Make sure tcp_notsack_list is not NULL.
2103 * This happens when kmem_alloc(KM_NOSLEEP)
2104 * returns NULL.
2105 */
2106 if (tcp->tcp_notsack_list == NULL) {
2107 up += sack_len;
2108 continue;
2109 }
2110 tcp->tcp_fack = tcp->tcp_suna;
2111 }
2112
2113 while (sack_len > 0) {
2114 if (up + 8 > endp) {
2115 up = endp;
2116 break;
2117 }
2118 sack_begin = BE32_TO_U32(up);
2119 up += 4;
2120 sack_end = BE32_TO_U32(up);
2121 up += 4;
2122 sack_len -= 8;
2123 /*
2124 * Bounds checking. Make sure the SACK
2125 * info is within tcp_suna and tcp_snxt.
2126 * If this SACK blk is out of bound, ignore
2127 * it but continue to parse the following
2128 * blks.
2129 */
2130 if (SEQ_LEQ(sack_end, sack_begin) ||
2131 SEQ_LT(sack_begin, tcp->tcp_suna) ||
2132 SEQ_GT(sack_end, tcp->tcp_snxt)) {
2133 continue;
2134 }
2135 tcp_notsack_insert(&(tcp->tcp_notsack_list),
2136 sack_begin, sack_end,
2137 &(tcp->tcp_num_notsack_blk),
2138 &(tcp->tcp_cnt_notsack_list));
2139 if (SEQ_GT(sack_end, tcp->tcp_fack)) {
2140 tcp->tcp_fack = sack_end;
2141 }
2142 }
2143 found |= TCP_OPT_SACK_PRESENT;
2144 continue;
2145
2146 case TCPOPT_TSTAMP:
2147 if (len < TCPOPT_TSTAMP_LEN ||
2148 up[1] != TCPOPT_TSTAMP_LEN)
2149 break;
2150
2151 tcpopt->tcp_opt_ts_val = BE32_TO_U32(up+2);
2152 tcpopt->tcp_opt_ts_ecr = BE32_TO_U32(up+6);
2153
2154 found |= TCP_OPT_TSTAMP_PRESENT;
2155
2156 up += TCPOPT_TSTAMP_LEN;
2157 continue;
2158
2159 default:
2160 if (len <= 1 || len < (int)up[1] || up[1] == 0)
2161 break;
2162 up += up[1];
2163 continue;
2164 }
2165 break;
2166 }
2167 return (found);
2168 }
2169
2170 /*
2171 * Set the mss associated with a particular tcp based on its current value,
2172 * and a new one passed in. Observe minimums and maximums, and reset
2173 * other state variables that we want to view as multiples of mss.
2174 *
2175 * This function is called in various places mainly because
2176 * 1) Various stuffs, tcp_mss, tcp_cwnd, ... need to be adjusted when the
2177 * other side's SYN/SYN-ACK packet arrives.
2178 * 2) PMTUd may get us a new MSS.
2179 * 3) If the other side stops sending us timestamp option, we need to
2180 * increase the MSS size to use the extra bytes available.
2181 */
2182 static void
tcp_mss_set(tcp_t * tcp,uint32_t mss)2183 tcp_mss_set(tcp_t *tcp, uint32_t mss)
2184 {
2185 uint32_t mss_max;
2186
2187 mss_max = tcp_mss_max_ipv4;
2188
2189 if (mss < tcp_mss_min)
2190 mss = tcp_mss_min;
2191 if (mss > mss_max)
2192 mss = mss_max;
2193 /*
2194 * Unless naglim has been set by our client to
2195 * a non-mss value, force naglim to track mss.
2196 * This can help to aggregate small writes.
2197 */
2198 if (mss < tcp->tcp_naglim || tcp->tcp_mss == tcp->tcp_naglim)
2199 tcp->tcp_naglim = mss;
2200 /*
2201 * TCP should be able to buffer at least 4 MSS data for obvious
2202 * performance reason.
2203 */
2204 if ((mss << 2) > tcp->tcp_xmit_hiwater)
2205 tcp->tcp_xmit_hiwater = mss << 2;
2206 tcp->tcp_mss = mss;
2207 /*
2208 * Initialize cwnd according to draft-floyd-incr-init-win-01.txt.
2209 * Previously, we use tcp_slow_start_initial to control the size
2210 * of the initial cwnd. Now, when tcp_slow_start_initial * mss
2211 * is smaller than the cwnd calculated from the formula suggested in
2212 * the draft, we use tcp_slow_start_initial * mss as the cwnd.
2213 * Otherwise, use the cwnd from the draft's formula. The default
2214 * of tcp_slow_start_initial is 2.
2215 */
2216 tcp->tcp_cwnd = MIN(tcp_slow_start_initial * mss,
2217 MIN(4 * mss, MAX(2 * mss, 4380 / mss * mss)));
2218 tcp->tcp_cwnd_cnt = 0;
2219 }
2220
2221 /*
2222 * Process all TCP option in SYN segment.
2223 *
2224 * This function sets up the correct tcp_mss value according to the
2225 * MSS option value and our header size. It also sets up the window scale
2226 * and timestamp values, and initialize SACK info blocks. But it does not
2227 * change receive window size after setting the tcp_mss value. The caller
2228 * should do the appropriate change.
2229 */
2230 void
tcp_process_options(tcp_t * tcp,tcph_t * tcph)2231 tcp_process_options(tcp_t *tcp, tcph_t *tcph)
2232 {
2233 int options;
2234 tcp_opt_t tcpopt;
2235 uint32_t mss_max;
2236 char *tmp_tcph;
2237
2238 tcpopt.tcp = NULL;
2239 options = tcp_parse_options(tcph, &tcpopt);
2240
2241 /*
2242 * Process MSS option. Note that MSS option value does not account
2243 * for IP or TCP options. This means that it is equal to MTU - minimum
2244 * IP+TCP header size, which is 40 bytes for IPv4 and 60 bytes for
2245 * IPv6.
2246 */
2247 if (!(options & TCP_OPT_MSS_PRESENT)) {
2248 tcpopt.tcp_opt_mss = tcp_mss_def_ipv4;
2249 } else {
2250 if (tcp->tcp_ipversion == IPV4_VERSION)
2251 mss_max = tcp_mss_max_ipv4;
2252 if (tcpopt.tcp_opt_mss < tcp_mss_min)
2253 tcpopt.tcp_opt_mss = tcp_mss_min;
2254 else if (tcpopt.tcp_opt_mss > mss_max)
2255 tcpopt.tcp_opt_mss = mss_max;
2256 }
2257
2258 /* Process Window Scale option. */
2259 if (options & TCP_OPT_WSCALE_PRESENT) {
2260 tcp->tcp_snd_ws = tcpopt.tcp_opt_wscale;
2261 tcp->tcp_snd_ws_ok = B_TRUE;
2262 } else {
2263 tcp->tcp_snd_ws = B_FALSE;
2264 tcp->tcp_snd_ws_ok = B_FALSE;
2265 tcp->tcp_rcv_ws = B_FALSE;
2266 }
2267
2268 /* Process Timestamp option. */
2269 if ((options & TCP_OPT_TSTAMP_PRESENT) &&
2270 (tcp->tcp_snd_ts_ok || !tcp->tcp_active_open)) {
2271 tmp_tcph = (char *)tcp->tcp_tcph;
2272
2273 tcp->tcp_snd_ts_ok = B_TRUE;
2274 tcp->tcp_ts_recent = tcpopt.tcp_opt_ts_val;
2275 tcp->tcp_last_rcv_lbolt = prom_gettime();
2276 assert(OK_32PTR(tmp_tcph));
2277 assert(tcp->tcp_tcp_hdr_len == TCP_MIN_HEADER_LENGTH);
2278
2279 /* Fill in our template header with basic timestamp option. */
2280 tmp_tcph += tcp->tcp_tcp_hdr_len;
2281 tmp_tcph[0] = TCPOPT_NOP;
2282 tmp_tcph[1] = TCPOPT_NOP;
2283 tmp_tcph[2] = TCPOPT_TSTAMP;
2284 tmp_tcph[3] = TCPOPT_TSTAMP_LEN;
2285 tcp->tcp_hdr_len += TCPOPT_REAL_TS_LEN;
2286 tcp->tcp_tcp_hdr_len += TCPOPT_REAL_TS_LEN;
2287 tcp->tcp_tcph->th_offset_and_rsrvd[0] += (3 << 4);
2288 } else {
2289 tcp->tcp_snd_ts_ok = B_FALSE;
2290 }
2291
2292 /*
2293 * Process SACK options. If SACK is enabled for this connection,
2294 * then allocate the SACK info structure.
2295 */
2296 if ((options & TCP_OPT_SACK_OK_PRESENT) &&
2297 (tcp->tcp_snd_sack_ok ||
2298 (tcp_sack_permitted != 0 && !tcp->tcp_active_open))) {
2299 /* This should be true only in the passive case. */
2300 if (tcp->tcp_sack_info == NULL) {
2301 tcp->tcp_sack_info = (tcp_sack_info_t *)bkmem_zalloc(
2302 sizeof (tcp_sack_info_t));
2303 }
2304 if (tcp->tcp_sack_info == NULL) {
2305 tcp->tcp_snd_sack_ok = B_FALSE;
2306 } else {
2307 tcp->tcp_snd_sack_ok = B_TRUE;
2308 if (tcp->tcp_snd_ts_ok) {
2309 tcp->tcp_max_sack_blk = 3;
2310 } else {
2311 tcp->tcp_max_sack_blk = 4;
2312 }
2313 }
2314 } else {
2315 /*
2316 * Resetting tcp_snd_sack_ok to B_FALSE so that
2317 * no SACK info will be used for this
2318 * connection. This assumes that SACK usage
2319 * permission is negotiated. This may need
2320 * to be changed once this is clarified.
2321 */
2322 if (tcp->tcp_sack_info != NULL) {
2323 bkmem_free((caddr_t)tcp->tcp_sack_info,
2324 sizeof (tcp_sack_info_t));
2325 tcp->tcp_sack_info = NULL;
2326 }
2327 tcp->tcp_snd_sack_ok = B_FALSE;
2328 }
2329
2330 /*
2331 * Now we know the exact TCP/IP header length, subtract
2332 * that from tcp_mss to get our side's MSS.
2333 */
2334 tcp->tcp_mss -= tcp->tcp_hdr_len;
2335 /*
2336 * Here we assume that the other side's header size will be equal to
2337 * our header size. We calculate the real MSS accordingly. Need to
2338 * take into additional stuffs IPsec puts in.
2339 *
2340 * Real MSS = Opt.MSS - (our TCP/IP header - min TCP/IP header)
2341 */
2342 tcpopt.tcp_opt_mss -= tcp->tcp_hdr_len -
2343 (IP_SIMPLE_HDR_LENGTH + TCP_MIN_HEADER_LENGTH);
2344
2345 /*
2346 * Set MSS to the smaller one of both ends of the connection.
2347 * We should not have called tcp_mss_set() before, but our
2348 * side of the MSS should have been set to a proper value
2349 * by tcp_adapt_ire(). tcp_mss_set() will also set up the
2350 * STREAM head parameters properly.
2351 *
2352 * If we have a larger-than-16-bit window but the other side
2353 * didn't want to do window scale, tcp_rwnd_set() will take
2354 * care of that.
2355 */
2356 tcp_mss_set(tcp, MIN(tcpopt.tcp_opt_mss, tcp->tcp_mss));
2357 }
2358
2359 /*
2360 * This function does PAWS protection check. Returns B_TRUE if the
2361 * segment passes the PAWS test, else returns B_FALSE.
2362 */
2363 boolean_t
tcp_paws_check(tcp_t * tcp,tcph_t * tcph,tcp_opt_t * tcpoptp)2364 tcp_paws_check(tcp_t *tcp, tcph_t *tcph, tcp_opt_t *tcpoptp)
2365 {
2366 uint8_t flags;
2367 int options;
2368 uint8_t *up;
2369
2370 flags = (unsigned int)tcph->th_flags[0] & 0xFF;
2371 /*
2372 * If timestamp option is aligned nicely, get values inline,
2373 * otherwise call general routine to parse. Only do that
2374 * if timestamp is the only option.
2375 */
2376 if (TCP_HDR_LENGTH(tcph) == (uint32_t)TCP_MIN_HEADER_LENGTH +
2377 TCPOPT_REAL_TS_LEN &&
2378 OK_32PTR((up = ((uint8_t *)tcph) +
2379 TCP_MIN_HEADER_LENGTH)) &&
2380 *(uint32_t *)up == TCPOPT_NOP_NOP_TSTAMP) {
2381 tcpoptp->tcp_opt_ts_val = ABE32_TO_U32((up+4));
2382 tcpoptp->tcp_opt_ts_ecr = ABE32_TO_U32((up+8));
2383
2384 options = TCP_OPT_TSTAMP_PRESENT;
2385 } else {
2386 if (tcp->tcp_snd_sack_ok) {
2387 tcpoptp->tcp = tcp;
2388 } else {
2389 tcpoptp->tcp = NULL;
2390 }
2391 options = tcp_parse_options(tcph, tcpoptp);
2392 }
2393
2394 if (options & TCP_OPT_TSTAMP_PRESENT) {
2395 /*
2396 * Do PAWS per RFC 1323 section 4.2. Accept RST
2397 * regardless of the timestamp, page 18 RFC 1323.bis.
2398 */
2399 if ((flags & TH_RST) == 0 &&
2400 TSTMP_LT(tcpoptp->tcp_opt_ts_val,
2401 tcp->tcp_ts_recent)) {
2402 if (TSTMP_LT(prom_gettime(),
2403 tcp->tcp_last_rcv_lbolt + PAWS_TIMEOUT)) {
2404 /* This segment is not acceptable. */
2405 return (B_FALSE);
2406 } else {
2407 /*
2408 * Connection has been idle for
2409 * too long. Reset the timestamp
2410 * and assume the segment is valid.
2411 */
2412 tcp->tcp_ts_recent =
2413 tcpoptp->tcp_opt_ts_val;
2414 }
2415 }
2416 } else {
2417 /*
2418 * If we don't get a timestamp on every packet, we
2419 * figure we can't really trust 'em, so we stop sending
2420 * and parsing them.
2421 */
2422 tcp->tcp_snd_ts_ok = B_FALSE;
2423
2424 tcp->tcp_hdr_len -= TCPOPT_REAL_TS_LEN;
2425 tcp->tcp_tcp_hdr_len -= TCPOPT_REAL_TS_LEN;
2426 tcp->tcp_tcph->th_offset_and_rsrvd[0] -= (3 << 4);
2427 tcp_mss_set(tcp, tcp->tcp_mss + TCPOPT_REAL_TS_LEN);
2428 if (tcp->tcp_snd_sack_ok) {
2429 assert(tcp->tcp_sack_info != NULL);
2430 tcp->tcp_max_sack_blk = 4;
2431 }
2432 }
2433 return (B_TRUE);
2434 }
2435
2436 /*
2437 * tcp_get_seg_mp() is called to get the pointer to a segment in the
2438 * send queue which starts at the given seq. no.
2439 *
2440 * Parameters:
2441 * tcp_t *tcp: the tcp instance pointer.
2442 * uint32_t seq: the starting seq. no of the requested segment.
2443 * int32_t *off: after the execution, *off will be the offset to
2444 * the returned mblk which points to the requested seq no.
2445 *
2446 * Return:
2447 * A mblk_t pointer pointing to the requested segment in send queue.
2448 */
2449 static mblk_t *
tcp_get_seg_mp(tcp_t * tcp,uint32_t seq,int32_t * off)2450 tcp_get_seg_mp(tcp_t *tcp, uint32_t seq, int32_t *off)
2451 {
2452 int32_t cnt;
2453 mblk_t *mp;
2454
2455 /* Defensive coding. Make sure we don't send incorrect data. */
2456 if (SEQ_LT(seq, tcp->tcp_suna) || SEQ_GEQ(seq, tcp->tcp_snxt) ||
2457 off == NULL) {
2458 return (NULL);
2459 }
2460 cnt = seq - tcp->tcp_suna;
2461 mp = tcp->tcp_xmit_head;
2462 while (cnt > 0 && mp) {
2463 cnt -= mp->b_wptr - mp->b_rptr;
2464 if (cnt < 0) {
2465 cnt += mp->b_wptr - mp->b_rptr;
2466 break;
2467 }
2468 mp = mp->b_cont;
2469 }
2470 assert(mp != NULL);
2471 *off = cnt;
2472 return (mp);
2473 }
2474
2475 /*
2476 * This function handles all retransmissions if SACK is enabled for this
2477 * connection. First it calculates how many segments can be retransmitted
2478 * based on tcp_pipe. Then it goes thru the notsack list to find eligible
2479 * segments. A segment is eligible if sack_cnt for that segment is greater
2480 * than or equal tcp_dupack_fast_retransmit. After it has retransmitted
2481 * all eligible segments, it checks to see if TCP can send some new segments
2482 * (fast recovery). If it can, it returns 1. Otherwise it returns 0.
2483 *
2484 * Parameters:
2485 * tcp_t *tcp: the tcp structure of the connection.
2486 *
2487 * Return:
2488 * 1 if the pipe is not full (new data can be sent), 0 otherwise
2489 */
2490 static int32_t
tcp_sack_rxmit(tcp_t * tcp,int sock_id)2491 tcp_sack_rxmit(tcp_t *tcp, int sock_id)
2492 {
2493 notsack_blk_t *notsack_blk;
2494 int32_t usable_swnd;
2495 int32_t mss;
2496 uint32_t seg_len;
2497 mblk_t *xmit_mp;
2498
2499 assert(tcp->tcp_sack_info != NULL);
2500 assert(tcp->tcp_notsack_list != NULL);
2501 assert(tcp->tcp_rexmit == B_FALSE);
2502
2503 /* Defensive coding in case there is a bug... */
2504 if (tcp->tcp_notsack_list == NULL) {
2505 return (0);
2506 }
2507 notsack_blk = tcp->tcp_notsack_list;
2508 mss = tcp->tcp_mss;
2509
2510 /*
2511 * Limit the num of outstanding data in the network to be
2512 * tcp_cwnd_ssthresh, which is half of the original congestion wnd.
2513 */
2514 usable_swnd = tcp->tcp_cwnd_ssthresh - tcp->tcp_pipe;
2515
2516 /* At least retransmit 1 MSS of data. */
2517 if (usable_swnd <= 0) {
2518 usable_swnd = mss;
2519 }
2520
2521 /* Make sure no new RTT samples will be taken. */
2522 tcp->tcp_csuna = tcp->tcp_snxt;
2523
2524 notsack_blk = tcp->tcp_notsack_list;
2525 while (usable_swnd > 0) {
2526 mblk_t *snxt_mp, *tmp_mp;
2527 tcp_seq begin = tcp->tcp_sack_snxt;
2528 tcp_seq end;
2529 int32_t off;
2530
2531 for (; notsack_blk != NULL; notsack_blk = notsack_blk->next) {
2532 if (SEQ_GT(notsack_blk->end, begin) &&
2533 (notsack_blk->sack_cnt >=
2534 tcp_dupack_fast_retransmit)) {
2535 end = notsack_blk->end;
2536 if (SEQ_LT(begin, notsack_blk->begin)) {
2537 begin = notsack_blk->begin;
2538 }
2539 break;
2540 }
2541 }
2542 /*
2543 * All holes are filled. Manipulate tcp_cwnd to send more
2544 * if we can. Note that after the SACK recovery, tcp_cwnd is
2545 * set to tcp_cwnd_ssthresh.
2546 */
2547 if (notsack_blk == NULL) {
2548 usable_swnd = tcp->tcp_cwnd_ssthresh - tcp->tcp_pipe;
2549 if (usable_swnd <= 0) {
2550 tcp->tcp_cwnd = tcp->tcp_snxt - tcp->tcp_suna;
2551 assert(tcp->tcp_cwnd > 0);
2552 return (0);
2553 } else {
2554 usable_swnd = usable_swnd / mss;
2555 tcp->tcp_cwnd = tcp->tcp_snxt - tcp->tcp_suna +
2556 MAX(usable_swnd * mss, mss);
2557 return (1);
2558 }
2559 }
2560
2561 /*
2562 * Note that we may send more than usable_swnd allows here
2563 * because of round off, but no more than 1 MSS of data.
2564 */
2565 seg_len = end - begin;
2566 if (seg_len > mss)
2567 seg_len = mss;
2568 snxt_mp = tcp_get_seg_mp(tcp, begin, &off);
2569 assert(snxt_mp != NULL);
2570 /* This should not happen. Defensive coding again... */
2571 if (snxt_mp == NULL) {
2572 return (0);
2573 }
2574
2575 xmit_mp = tcp_xmit_mp(tcp, snxt_mp, seg_len, &off,
2576 &tmp_mp, begin, B_TRUE, &seg_len, B_TRUE);
2577
2578 if (xmit_mp == NULL)
2579 return (0);
2580
2581 usable_swnd -= seg_len;
2582 tcp->tcp_pipe += seg_len;
2583 tcp->tcp_sack_snxt = begin + seg_len;
2584 TCP_DUMP_PACKET("tcp_sack_rxmit", xmit_mp);
2585 (void) ipv4_tcp_output(sock_id, xmit_mp);
2586 freeb(xmit_mp);
2587
2588 /*
2589 * Update the send timestamp to avoid false retransmission.
2590 * Note. use uintptr_t to suppress the gcc warning.
2591 */
2592 snxt_mp->b_prev = (mblk_t *)(uintptr_t)prom_gettime();
2593
2594 BUMP_MIB(tcp_mib.tcpRetransSegs);
2595 UPDATE_MIB(tcp_mib.tcpRetransBytes, seg_len);
2596 BUMP_MIB(tcp_mib.tcpOutSackRetransSegs);
2597 /*
2598 * Update tcp_rexmit_max to extend this SACK recovery phase.
2599 * This happens when new data sent during fast recovery is
2600 * also lost. If TCP retransmits those new data, it needs
2601 * to extend SACK recover phase to avoid starting another
2602 * fast retransmit/recovery unnecessarily.
2603 */
2604 if (SEQ_GT(tcp->tcp_sack_snxt, tcp->tcp_rexmit_max)) {
2605 tcp->tcp_rexmit_max = tcp->tcp_sack_snxt;
2606 }
2607 }
2608 return (0);
2609 }
2610
2611 static void
tcp_rput_data(tcp_t * tcp,mblk_t * mp,int sock_id)2612 tcp_rput_data(tcp_t *tcp, mblk_t *mp, int sock_id)
2613 {
2614 uchar_t *rptr;
2615 struct ip *iph;
2616 tcp_t *tcp1;
2617 tcpha_t *tcph;
2618 uint32_t seg_ack;
2619 int seg_len;
2620 uint_t ip_hdr_len;
2621 uint32_t seg_seq;
2622 mblk_t *mp1;
2623 uint_t flags;
2624 uint32_t new_swnd = 0;
2625 int mss;
2626 boolean_t ofo_seg = B_FALSE; /* Out of order segment */
2627 int32_t gap;
2628 int32_t rgap;
2629 tcp_opt_t tcpopt;
2630 int32_t bytes_acked;
2631 int npkt;
2632 uint32_t cwnd;
2633 uint32_t add;
2634
2635 #ifdef DEBUG
2636 printf("tcp_rput_data sock %d mp %x mp_datap %x #################\n",
2637 sock_id, mp, mp->b_datap);
2638 #endif
2639
2640 /* Dump the packet when debugging. */
2641 TCP_DUMP_PACKET("tcp_rput_data", mp);
2642
2643 assert(OK_32PTR(mp->b_rptr));
2644
2645 rptr = mp->b_rptr;
2646 iph = (struct ip *)rptr;
2647 ip_hdr_len = IPH_HDR_LENGTH(rptr);
2648 if (ip_hdr_len != IP_SIMPLE_HDR_LENGTH) {
2649 #ifdef DEBUG
2650 printf("Not simple IP header\n");
2651 #endif
2652 /* We cannot handle IP option yet... */
2653 tcp_drops++;
2654 freeb(mp);
2655 return;
2656 }
2657 /* The TCP header must be aligned. */
2658 tcph = (tcpha_t *)&rptr[ip_hdr_len];
2659 seg_seq = ntohl(tcph->tha_seq);
2660 seg_ack = ntohl(tcph->tha_ack);
2661 assert((uintptr_t)(mp->b_wptr - rptr) <= (uintptr_t)INT_MAX);
2662 seg_len = (int)(mp->b_wptr - rptr) -
2663 (ip_hdr_len + TCP_HDR_LENGTH(((tcph_t *)tcph)));
2664 /* In inetboot, b_cont should always be NULL. */
2665 assert(mp->b_cont == NULL);
2666
2667 /* Verify the checksum. */
2668 if (tcp_verify_cksum(mp) < 0) {
2669 #ifdef DEBUG
2670 printf("tcp_rput_data: wrong cksum\n");
2671 #endif
2672 freemsg(mp);
2673 return;
2674 }
2675
2676 /*
2677 * This segment is not for us, try to find its
2678 * intended receiver.
2679 */
2680 if (tcp == NULL ||
2681 tcph->tha_lport != tcp->tcp_fport ||
2682 tcph->tha_fport != tcp->tcp_lport ||
2683 iph->ip_src.s_addr != tcp->tcp_remote ||
2684 iph->ip_dst.s_addr != tcp->tcp_bound_source) {
2685 #ifdef DEBUG
2686 printf("tcp_rput_data: not for us, state %d\n",
2687 tcp->tcp_state);
2688 #endif
2689 /*
2690 * First try to find a established connection. If none
2691 * is found, look for a listener.
2692 *
2693 * If a listener is found, we need to check to see if the
2694 * incoming segment is for one of its eagers. If it is,
2695 * give it to the eager. If not, listener should take care
2696 * of it.
2697 */
2698 if ((tcp1 = tcp_lookup_ipv4(iph, tcph, TCPS_SYN_SENT,
2699 &sock_id)) != NULL ||
2700 (tcp1 = tcp_lookup_listener_ipv4(iph->ip_dst.s_addr,
2701 tcph->tha_fport, &sock_id)) != NULL) {
2702 if (tcp1->tcp_state == TCPS_LISTEN) {
2703 if ((tcp = tcp_lookup_eager_ipv4(tcp1,
2704 iph, tcph)) == NULL) {
2705 /* No eager... sent to listener */
2706 #ifdef DEBUG
2707 printf("found the listener: %s\n",
2708 tcp_display(tcp1, NULL,
2709 DISP_ADDR_AND_PORT));
2710 #endif
2711 tcp = tcp1;
2712 }
2713 #ifdef DEBUG
2714 else {
2715 printf("found the eager: %s\n",
2716 tcp_display(tcp, NULL,
2717 DISP_ADDR_AND_PORT));
2718 }
2719 #endif
2720 } else {
2721 /* Non listener found... */
2722 #ifdef DEBUG
2723 printf("found the connection: %s\n",
2724 tcp_display(tcp1, NULL,
2725 DISP_ADDR_AND_PORT));
2726 #endif
2727 tcp = tcp1;
2728 }
2729 } else {
2730 /*
2731 * No connection for this segment...
2732 * Send a RST to the other side.
2733 */
2734 tcp_xmit_listeners_reset(sock_id, mp, ip_hdr_len);
2735 return;
2736 }
2737 }
2738
2739 flags = tcph->tha_flags & 0xFF;
2740 BUMP_MIB(tcp_mib.tcpInSegs);
2741 if (tcp->tcp_state == TCPS_TIME_WAIT) {
2742 tcp_time_wait_processing(tcp, mp, seg_seq, seg_ack,
2743 seg_len, (tcph_t *)tcph, sock_id);
2744 return;
2745 }
2746 /*
2747 * From this point we can assume that the tcp is not compressed,
2748 * since we would have branched off to tcp_time_wait_processing()
2749 * in such a case.
2750 */
2751 assert(tcp != NULL && tcp->tcp_state != TCPS_TIME_WAIT);
2752
2753 /*
2754 * After this point, we know we have the correct TCP, so update
2755 * the receive time.
2756 */
2757 tcp->tcp_last_recv_time = prom_gettime();
2758
2759 /* In inetboot, we do not handle urgent pointer... */
2760 if (flags & TH_URG) {
2761 freemsg(mp);
2762 DEBUG_1("tcp_rput_data(%d): received segment with urgent "
2763 "pointer\n", sock_id);
2764 tcp_drops++;
2765 return;
2766 }
2767
2768 switch (tcp->tcp_state) {
2769 case TCPS_LISTEN:
2770 if ((flags & (TH_RST | TH_ACK | TH_SYN)) != TH_SYN) {
2771 if (flags & TH_RST) {
2772 freemsg(mp);
2773 return;
2774 }
2775 if (flags & TH_ACK) {
2776 tcp_xmit_early_reset("TCPS_LISTEN-TH_ACK",
2777 sock_id, mp, seg_ack, 0, TH_RST,
2778 ip_hdr_len);
2779 return;
2780 }
2781 if (!(flags & TH_SYN)) {
2782 freemsg(mp);
2783 return;
2784 }
2785 printf("tcp_rput_data: %d\n", __LINE__);
2786 prom_panic("inetboot");
2787 }
2788 if (tcp->tcp_conn_req_max > 0) {
2789 tcp = tcp_conn_request(tcp, mp, sock_id, ip_hdr_len);
2790 if (tcp == NULL) {
2791 freemsg(mp);
2792 return;
2793 }
2794 #ifdef DEBUG
2795 printf("tcp_rput_data: new tcp created\n");
2796 #endif
2797 }
2798 tcp->tcp_irs = seg_seq;
2799 tcp->tcp_rack = seg_seq;
2800 tcp->tcp_rnxt = seg_seq + 1;
2801 U32_TO_ABE32(tcp->tcp_rnxt, tcp->tcp_tcph->th_ack);
2802 BUMP_MIB(tcp_mib.tcpPassiveOpens);
2803 goto syn_rcvd;
2804 case TCPS_SYN_SENT:
2805 if (flags & TH_ACK) {
2806 /*
2807 * Note that our stack cannot send data before a
2808 * connection is established, therefore the
2809 * following check is valid. Otherwise, it has
2810 * to be changed.
2811 */
2812 if (SEQ_LEQ(seg_ack, tcp->tcp_iss) ||
2813 SEQ_GT(seg_ack, tcp->tcp_snxt)) {
2814 if (flags & TH_RST) {
2815 freemsg(mp);
2816 return;
2817 }
2818 tcp_xmit_ctl("TCPS_SYN_SENT-Bad_seq",
2819 tcp, mp, seg_ack, 0, TH_RST,
2820 ip_hdr_len, sock_id);
2821 return;
2822 }
2823 assert(tcp->tcp_suna + 1 == seg_ack);
2824 }
2825 if (flags & TH_RST) {
2826 freemsg(mp);
2827 if (flags & TH_ACK) {
2828 tcp_clean_death(sock_id, tcp, ECONNREFUSED);
2829 }
2830 return;
2831 }
2832 if (!(flags & TH_SYN)) {
2833 freemsg(mp);
2834 return;
2835 }
2836
2837 /* Process all TCP options. */
2838 tcp_process_options(tcp, (tcph_t *)tcph);
2839 /*
2840 * The following changes our rwnd to be a multiple of the
2841 * MIN(peer MSS, our MSS) for performance reason.
2842 */
2843 (void) tcp_rwnd_set(tcp, MSS_ROUNDUP(tcp->tcp_rwnd,
2844 tcp->tcp_mss));
2845
2846 /* Is the other end ECN capable? */
2847 if (tcp->tcp_ecn_ok) {
2848 if ((flags & (TH_ECE|TH_CWR)) != TH_ECE) {
2849 tcp->tcp_ecn_ok = B_FALSE;
2850 }
2851 }
2852 /*
2853 * Clear ECN flags because it may interfere with later
2854 * processing.
2855 */
2856 flags &= ~(TH_ECE|TH_CWR);
2857
2858 tcp->tcp_irs = seg_seq;
2859 tcp->tcp_rack = seg_seq;
2860 tcp->tcp_rnxt = seg_seq + 1;
2861 U32_TO_ABE32(tcp->tcp_rnxt, tcp->tcp_tcph->th_ack);
2862
2863 if (flags & TH_ACK) {
2864 /* One for the SYN */
2865 tcp->tcp_suna = tcp->tcp_iss + 1;
2866 tcp->tcp_valid_bits &= ~TCP_ISS_VALID;
2867 tcp->tcp_state = TCPS_ESTABLISHED;
2868
2869 /*
2870 * If SYN was retransmitted, need to reset all
2871 * retransmission info. This is because this
2872 * segment will be treated as a dup ACK.
2873 */
2874 if (tcp->tcp_rexmit) {
2875 tcp->tcp_rexmit = B_FALSE;
2876 tcp->tcp_rexmit_nxt = tcp->tcp_snxt;
2877 tcp->tcp_rexmit_max = tcp->tcp_snxt;
2878 tcp->tcp_snd_burst = TCP_CWND_NORMAL;
2879
2880 /*
2881 * Set tcp_cwnd back to 1 MSS, per
2882 * recommendation from
2883 * draft-floyd-incr-init-win-01.txt,
2884 * Increasing TCP's Initial Window.
2885 */
2886 tcp->tcp_cwnd = tcp->tcp_mss;
2887 }
2888
2889 tcp->tcp_swl1 = seg_seq;
2890 tcp->tcp_swl2 = seg_ack;
2891
2892 new_swnd = BE16_TO_U16(((tcph_t *)tcph)->th_win);
2893 tcp->tcp_swnd = new_swnd;
2894 if (new_swnd > tcp->tcp_max_swnd)
2895 tcp->tcp_max_swnd = new_swnd;
2896
2897 /*
2898 * Always send the three-way handshake ack immediately
2899 * in order to make the connection complete as soon as
2900 * possible on the accepting host.
2901 */
2902 flags |= TH_ACK_NEEDED;
2903 /*
2904 * Check to see if there is data to be sent. If
2905 * yes, set the transmit flag. Then check to see
2906 * if received data processing needs to be done.
2907 * If not, go straight to xmit_check. This short
2908 * cut is OK as we don't support T/TCP.
2909 */
2910 if (tcp->tcp_unsent)
2911 flags |= TH_XMIT_NEEDED;
2912
2913 if (seg_len == 0) {
2914 freemsg(mp);
2915 goto xmit_check;
2916 }
2917
2918 flags &= ~TH_SYN;
2919 seg_seq++;
2920 break;
2921 }
2922 syn_rcvd:
2923 tcp->tcp_state = TCPS_SYN_RCVD;
2924 mp1 = tcp_xmit_mp(tcp, tcp->tcp_xmit_head, tcp->tcp_mss,
2925 NULL, NULL, tcp->tcp_iss, B_FALSE, NULL, B_FALSE);
2926 if (mp1 != NULL) {
2927 TCP_DUMP_PACKET("tcp_rput_data replying SYN", mp1);
2928 (void) ipv4_tcp_output(sock_id, mp1);
2929 TCP_TIMER_RESTART(tcp, tcp->tcp_rto);
2930 freeb(mp1);
2931 /*
2932 * Let's wait till our SYN has been ACKED since we
2933 * don't have a timer.
2934 */
2935 if (tcp_state_wait(sock_id, tcp, TCPS_ALL_ACKED) < 0) {
2936 freemsg(mp);
2937 return;
2938 }
2939 }
2940 freemsg(mp);
2941 return;
2942 default:
2943 break;
2944 }
2945 mp->b_rptr = (uchar_t *)tcph + TCP_HDR_LENGTH((tcph_t *)tcph);
2946 new_swnd = ntohs(tcph->tha_win) <<
2947 ((flags & TH_SYN) ? 0 : tcp->tcp_snd_ws);
2948 mss = tcp->tcp_mss;
2949
2950 if (tcp->tcp_snd_ts_ok) {
2951 if (!tcp_paws_check(tcp, (tcph_t *)tcph, &tcpopt)) {
2952 /*
2953 * This segment is not acceptable.
2954 * Drop it and send back an ACK.
2955 */
2956 freemsg(mp);
2957 flags |= TH_ACK_NEEDED;
2958 goto ack_check;
2959 }
2960 } else if (tcp->tcp_snd_sack_ok) {
2961 assert(tcp->tcp_sack_info != NULL);
2962 tcpopt.tcp = tcp;
2963 /*
2964 * SACK info in already updated in tcp_parse_options. Ignore
2965 * all other TCP options...
2966 */
2967 (void) tcp_parse_options((tcph_t *)tcph, &tcpopt);
2968 }
2969 try_again:;
2970 gap = seg_seq - tcp->tcp_rnxt;
2971 rgap = tcp->tcp_rwnd - (gap + seg_len);
2972 /*
2973 * gap is the amount of sequence space between what we expect to see
2974 * and what we got for seg_seq. A positive value for gap means
2975 * something got lost. A negative value means we got some old stuff.
2976 */
2977 if (gap < 0) {
2978 /* Old stuff present. Is the SYN in there? */
2979 if (seg_seq == tcp->tcp_irs && (flags & TH_SYN) &&
2980 (seg_len != 0)) {
2981 flags &= ~TH_SYN;
2982 seg_seq++;
2983 /* Recompute the gaps after noting the SYN. */
2984 goto try_again;
2985 }
2986 BUMP_MIB(tcp_mib.tcpInDataDupSegs);
2987 UPDATE_MIB(tcp_mib.tcpInDataDupBytes,
2988 (seg_len > -gap ? -gap : seg_len));
2989 /* Remove the old stuff from seg_len. */
2990 seg_len += gap;
2991 /*
2992 * Anything left?
2993 * Make sure to check for unack'd FIN when rest of data
2994 * has been previously ack'd.
2995 */
2996 if (seg_len < 0 || (seg_len == 0 && !(flags & TH_FIN))) {
2997 /*
2998 * Resets are only valid if they lie within our offered
2999 * window. If the RST bit is set, we just ignore this
3000 * segment.
3001 */
3002 if (flags & TH_RST) {
3003 freemsg(mp);
3004 return;
3005 }
3006
3007 /*
3008 * This segment is "unacceptable". None of its
3009 * sequence space lies within our advertized window.
3010 *
3011 * Adjust seg_len to the original value for tracing.
3012 */
3013 seg_len -= gap;
3014 #ifdef DEBUG
3015 printf("tcp_rput: unacceptable, gap %d, rgap "
3016 "%d, flags 0x%x, seg_seq %u, seg_ack %u, "
3017 "seg_len %d, rnxt %u, snxt %u, %s",
3018 gap, rgap, flags, seg_seq, seg_ack,
3019 seg_len, tcp->tcp_rnxt, tcp->tcp_snxt,
3020 tcp_display(tcp, NULL, DISP_ADDR_AND_PORT));
3021 #endif
3022
3023 /*
3024 * Arrange to send an ACK in response to the
3025 * unacceptable segment per RFC 793 page 69. There
3026 * is only one small difference between ours and the
3027 * acceptability test in the RFC - we accept ACK-only
3028 * packet with SEG.SEQ = RCV.NXT+RCV.WND and no ACK
3029 * will be generated.
3030 *
3031 * Note that we have to ACK an ACK-only packet at least
3032 * for stacks that send 0-length keep-alives with
3033 * SEG.SEQ = SND.NXT-1 as recommended by RFC1122,
3034 * section 4.2.3.6. As long as we don't ever generate
3035 * an unacceptable packet in response to an incoming
3036 * packet that is unacceptable, it should not cause
3037 * "ACK wars".
3038 */
3039 flags |= TH_ACK_NEEDED;
3040
3041 /*
3042 * Continue processing this segment in order to use the
3043 * ACK information it contains, but skip all other
3044 * sequence-number processing. Processing the ACK
3045 * information is necessary in order to
3046 * re-synchronize connections that may have lost
3047 * synchronization.
3048 *
3049 * We clear seg_len and flag fields related to
3050 * sequence number processing as they are not
3051 * to be trusted for an unacceptable segment.
3052 */
3053 seg_len = 0;
3054 flags &= ~(TH_SYN | TH_FIN | TH_URG);
3055 goto process_ack;
3056 }
3057
3058 /* Fix seg_seq, and chew the gap off the front. */
3059 seg_seq = tcp->tcp_rnxt;
3060 do {
3061 mblk_t *mp2;
3062 assert((uintptr_t)(mp->b_wptr - mp->b_rptr) <=
3063 (uintptr_t)UINT_MAX);
3064 gap += (uint_t)(mp->b_wptr - mp->b_rptr);
3065 if (gap > 0) {
3066 mp->b_rptr = mp->b_wptr - gap;
3067 break;
3068 }
3069 mp2 = mp;
3070 mp = mp->b_cont;
3071 freeb(mp2);
3072 } while (gap < 0);
3073 }
3074 /*
3075 * rgap is the amount of stuff received out of window. A negative
3076 * value is the amount out of window.
3077 */
3078 if (rgap < 0) {
3079 mblk_t *mp2;
3080
3081 if (tcp->tcp_rwnd == 0)
3082 BUMP_MIB(tcp_mib.tcpInWinProbe);
3083 else {
3084 BUMP_MIB(tcp_mib.tcpInDataPastWinSegs);
3085 UPDATE_MIB(tcp_mib.tcpInDataPastWinBytes, -rgap);
3086 }
3087
3088 /*
3089 * seg_len does not include the FIN, so if more than
3090 * just the FIN is out of window, we act like we don't
3091 * see it. (If just the FIN is out of window, rgap
3092 * will be zero and we will go ahead and acknowledge
3093 * the FIN.)
3094 */
3095 flags &= ~TH_FIN;
3096
3097 /* Fix seg_len and make sure there is something left. */
3098 seg_len += rgap;
3099 if (seg_len <= 0) {
3100 /*
3101 * Resets are only valid if they lie within our offered
3102 * window. If the RST bit is set, we just ignore this
3103 * segment.
3104 */
3105 if (flags & TH_RST) {
3106 freemsg(mp);
3107 return;
3108 }
3109
3110 /* Per RFC 793, we need to send back an ACK. */
3111 flags |= TH_ACK_NEEDED;
3112
3113 /*
3114 * If this is a zero window probe, continue to
3115 * process the ACK part. But we need to set seg_len
3116 * to 0 to avoid data processing. Otherwise just
3117 * drop the segment and send back an ACK.
3118 */
3119 if (tcp->tcp_rwnd == 0 && seg_seq == tcp->tcp_rnxt) {
3120 flags &= ~(TH_SYN | TH_URG);
3121 seg_len = 0;
3122 /* Let's see if we can update our rwnd */
3123 tcp_rcv_drain(sock_id, tcp);
3124 goto process_ack;
3125 } else {
3126 freemsg(mp);
3127 goto ack_check;
3128 }
3129 }
3130 /* Pitch out of window stuff off the end. */
3131 rgap = seg_len;
3132 mp2 = mp;
3133 do {
3134 assert((uintptr_t)(mp2->b_wptr -
3135 mp2->b_rptr) <= (uintptr_t)INT_MAX);
3136 rgap -= (int)(mp2->b_wptr - mp2->b_rptr);
3137 if (rgap < 0) {
3138 mp2->b_wptr += rgap;
3139 if ((mp1 = mp2->b_cont) != NULL) {
3140 mp2->b_cont = NULL;
3141 freemsg(mp1);
3142 }
3143 break;
3144 }
3145 } while ((mp2 = mp2->b_cont) != NULL);
3146 }
3147 ok:;
3148 /*
3149 * TCP should check ECN info for segments inside the window only.
3150 * Therefore the check should be done here.
3151 */
3152 if (tcp->tcp_ecn_ok) {
3153 uchar_t tos = ((struct ip *)rptr)->ip_tos;
3154
3155 if (flags & TH_CWR) {
3156 tcp->tcp_ecn_echo_on = B_FALSE;
3157 }
3158 /*
3159 * Note that both ECN_CE and CWR can be set in the
3160 * same segment. In this case, we once again turn
3161 * on ECN_ECHO.
3162 */
3163 if ((tos & IPH_ECN_CE) == IPH_ECN_CE) {
3164 tcp->tcp_ecn_echo_on = B_TRUE;
3165 }
3166 }
3167
3168 /*
3169 * Check whether we can update tcp_ts_recent. This test is
3170 * NOT the one in RFC 1323 3.4. It is from Braden, 1993, "TCP
3171 * Extensions for High Performance: An Update", Internet Draft.
3172 */
3173 if (tcp->tcp_snd_ts_ok &&
3174 TSTMP_GEQ(tcpopt.tcp_opt_ts_val, tcp->tcp_ts_recent) &&
3175 SEQ_LEQ(seg_seq, tcp->tcp_rack)) {
3176 tcp->tcp_ts_recent = tcpopt.tcp_opt_ts_val;
3177 tcp->tcp_last_rcv_lbolt = prom_gettime();
3178 }
3179
3180 if (seg_seq != tcp->tcp_rnxt || tcp->tcp_reass_head) {
3181 /*
3182 * FIN in an out of order segment. We record this in
3183 * tcp_valid_bits and the seq num of FIN in tcp_ofo_fin_seq.
3184 * Clear the FIN so that any check on FIN flag will fail.
3185 * Remember that FIN also counts in the sequence number
3186 * space. So we need to ack out of order FIN only segments.
3187 */
3188 if (flags & TH_FIN) {
3189 tcp->tcp_valid_bits |= TCP_OFO_FIN_VALID;
3190 tcp->tcp_ofo_fin_seq = seg_seq + seg_len;
3191 flags &= ~TH_FIN;
3192 flags |= TH_ACK_NEEDED;
3193 }
3194 if (seg_len > 0) {
3195 /* Fill in the SACK blk list. */
3196 if (tcp->tcp_snd_sack_ok) {
3197 assert(tcp->tcp_sack_info != NULL);
3198 tcp_sack_insert(tcp->tcp_sack_list,
3199 seg_seq, seg_seq + seg_len,
3200 &(tcp->tcp_num_sack_blk));
3201 }
3202
3203 /*
3204 * Attempt reassembly and see if we have something
3205 * ready to go.
3206 */
3207 mp = tcp_reass(tcp, mp, seg_seq);
3208 /* Always ack out of order packets */
3209 flags |= TH_ACK_NEEDED | TH_PUSH;
3210 if (mp != NULL) {
3211 assert((uintptr_t)(mp->b_wptr -
3212 mp->b_rptr) <= (uintptr_t)INT_MAX);
3213 seg_len = mp->b_cont ? msgdsize(mp) :
3214 (int)(mp->b_wptr - mp->b_rptr);
3215 seg_seq = tcp->tcp_rnxt;
3216 /*
3217 * A gap is filled and the seq num and len
3218 * of the gap match that of a previously
3219 * received FIN, put the FIN flag back in.
3220 */
3221 if ((tcp->tcp_valid_bits & TCP_OFO_FIN_VALID) &&
3222 seg_seq + seg_len == tcp->tcp_ofo_fin_seq) {
3223 flags |= TH_FIN;
3224 tcp->tcp_valid_bits &=
3225 ~TCP_OFO_FIN_VALID;
3226 }
3227 } else {
3228 /*
3229 * Keep going even with NULL mp.
3230 * There may be a useful ACK or something else
3231 * we don't want to miss.
3232 *
3233 * But TCP should not perform fast retransmit
3234 * because of the ack number. TCP uses
3235 * seg_len == 0 to determine if it is a pure
3236 * ACK. And this is not a pure ACK.
3237 */
3238 seg_len = 0;
3239 ofo_seg = B_TRUE;
3240 }
3241 }
3242 } else if (seg_len > 0) {
3243 BUMP_MIB(tcp_mib.tcpInDataInorderSegs);
3244 UPDATE_MIB(tcp_mib.tcpInDataInorderBytes, seg_len);
3245 /*
3246 * If an out of order FIN was received before, and the seq
3247 * num and len of the new segment match that of the FIN,
3248 * put the FIN flag back in.
3249 */
3250 if ((tcp->tcp_valid_bits & TCP_OFO_FIN_VALID) &&
3251 seg_seq + seg_len == tcp->tcp_ofo_fin_seq) {
3252 flags |= TH_FIN;
3253 tcp->tcp_valid_bits &= ~TCP_OFO_FIN_VALID;
3254 }
3255 }
3256 if ((flags & (TH_RST | TH_SYN | TH_URG | TH_ACK)) != TH_ACK) {
3257 if (flags & TH_RST) {
3258 freemsg(mp);
3259 switch (tcp->tcp_state) {
3260 case TCPS_SYN_RCVD:
3261 (void) tcp_clean_death(sock_id, tcp, ECONNREFUSED);
3262 break;
3263 case TCPS_ESTABLISHED:
3264 case TCPS_FIN_WAIT_1:
3265 case TCPS_FIN_WAIT_2:
3266 case TCPS_CLOSE_WAIT:
3267 (void) tcp_clean_death(sock_id, tcp, ECONNRESET);
3268 break;
3269 case TCPS_CLOSING:
3270 case TCPS_LAST_ACK:
3271 (void) tcp_clean_death(sock_id, tcp, 0);
3272 break;
3273 default:
3274 assert(tcp->tcp_state != TCPS_TIME_WAIT);
3275 (void) tcp_clean_death(sock_id, tcp, ENXIO);
3276 break;
3277 }
3278 return;
3279 }
3280 if (flags & TH_SYN) {
3281 /*
3282 * See RFC 793, Page 71
3283 *
3284 * The seq number must be in the window as it should
3285 * be "fixed" above. If it is outside window, it should
3286 * be already rejected. Note that we allow seg_seq to be
3287 * rnxt + rwnd because we want to accept 0 window probe.
3288 */
3289 assert(SEQ_GEQ(seg_seq, tcp->tcp_rnxt) &&
3290 SEQ_LEQ(seg_seq, tcp->tcp_rnxt + tcp->tcp_rwnd));
3291 freemsg(mp);
3292 /*
3293 * If the ACK flag is not set, just use our snxt as the
3294 * seq number of the RST segment.
3295 */
3296 if (!(flags & TH_ACK)) {
3297 seg_ack = tcp->tcp_snxt;
3298 }
3299 tcp_xmit_ctl("TH_SYN", tcp, NULL, seg_ack,
3300 seg_seq + 1, TH_RST|TH_ACK, 0, sock_id);
3301 assert(tcp->tcp_state != TCPS_TIME_WAIT);
3302 (void) tcp_clean_death(sock_id, tcp, ECONNRESET);
3303 return;
3304 }
3305
3306 process_ack:
3307 if (!(flags & TH_ACK)) {
3308 #ifdef DEBUG
3309 printf("No ack in segment, dropped it, seq:%x\n", seg_seq);
3310 #endif
3311 freemsg(mp);
3312 goto xmit_check;
3313 }
3314 }
3315 bytes_acked = (int)(seg_ack - tcp->tcp_suna);
3316
3317 if (tcp->tcp_state == TCPS_SYN_RCVD) {
3318 tcp_t *listener = tcp->tcp_listener;
3319 #ifdef DEBUG
3320 printf("Done with eager 3-way handshake\n");
3321 #endif
3322 /*
3323 * NOTE: RFC 793 pg. 72 says this should be 'bytes_acked < 0'
3324 * but that would mean we have an ack that ignored our SYN.
3325 */
3326 if (bytes_acked < 1 || SEQ_GT(seg_ack, tcp->tcp_snxt)) {
3327 freemsg(mp);
3328 tcp_xmit_ctl("TCPS_SYN_RCVD-bad_ack",
3329 tcp, NULL, seg_ack, 0, TH_RST, 0, sock_id);
3330 return;
3331 }
3332
3333 /*
3334 * if the conn_req_q is full defer processing
3335 * until space is availabe after accept()
3336 * processing
3337 */
3338 if (listener->tcp_conn_req_cnt_q <
3339 listener->tcp_conn_req_max) {
3340 tcp_t *tail;
3341
3342 listener->tcp_conn_req_cnt_q0--;
3343 listener->tcp_conn_req_cnt_q++;
3344
3345 /* Move from SYN_RCVD to ESTABLISHED list */
3346 tcp->tcp_eager_next_q0->tcp_eager_prev_q0 =
3347 tcp->tcp_eager_prev_q0;
3348 tcp->tcp_eager_prev_q0->tcp_eager_next_q0 =
3349 tcp->tcp_eager_next_q0;
3350 tcp->tcp_eager_prev_q0 = NULL;
3351 tcp->tcp_eager_next_q0 = NULL;
3352
3353 /*
3354 * Insert at end of the queue because sockfs
3355 * sends down T_CONN_RES in chronological
3356 * order. Leaving the older conn indications
3357 * at front of the queue helps reducing search
3358 * time.
3359 */
3360 tail = listener->tcp_eager_last_q;
3361 if (tail != NULL) {
3362 tail->tcp_eager_next_q = tcp;
3363 } else {
3364 listener->tcp_eager_next_q = tcp;
3365 }
3366 listener->tcp_eager_last_q = tcp;
3367 tcp->tcp_eager_next_q = NULL;
3368 } else {
3369 /*
3370 * Defer connection on q0 and set deferred
3371 * connection bit true
3372 */
3373 tcp->tcp_conn_def_q0 = B_TRUE;
3374
3375 /* take tcp out of q0 ... */
3376 tcp->tcp_eager_prev_q0->tcp_eager_next_q0 =
3377 tcp->tcp_eager_next_q0;
3378 tcp->tcp_eager_next_q0->tcp_eager_prev_q0 =
3379 tcp->tcp_eager_prev_q0;
3380
3381 /* ... and place it at the end of q0 */
3382 tcp->tcp_eager_prev_q0 = listener->tcp_eager_prev_q0;
3383 tcp->tcp_eager_next_q0 = listener;
3384 listener->tcp_eager_prev_q0->tcp_eager_next_q0 = tcp;
3385 listener->tcp_eager_prev_q0 = tcp;
3386 }
3387
3388 tcp->tcp_suna = tcp->tcp_iss + 1; /* One for the SYN */
3389 bytes_acked--;
3390
3391 /*
3392 * If SYN was retransmitted, need to reset all
3393 * retransmission info as this segment will be
3394 * treated as a dup ACK.
3395 */
3396 if (tcp->tcp_rexmit) {
3397 tcp->tcp_rexmit = B_FALSE;
3398 tcp->tcp_rexmit_nxt = tcp->tcp_snxt;
3399 tcp->tcp_rexmit_max = tcp->tcp_snxt;
3400 tcp->tcp_snd_burst = TCP_CWND_NORMAL;
3401 tcp->tcp_ms_we_have_waited = 0;
3402 tcp->tcp_cwnd = mss;
3403 }
3404
3405 /*
3406 * We set the send window to zero here.
3407 * This is needed if there is data to be
3408 * processed already on the queue.
3409 * Later (at swnd_update label), the
3410 * "new_swnd > tcp_swnd" condition is satisfied
3411 * the XMIT_NEEDED flag is set in the current
3412 * (SYN_RCVD) state. This ensures tcp_wput_data() is
3413 * called if there is already data on queue in
3414 * this state.
3415 */
3416 tcp->tcp_swnd = 0;
3417
3418 if (new_swnd > tcp->tcp_max_swnd)
3419 tcp->tcp_max_swnd = new_swnd;
3420 tcp->tcp_swl1 = seg_seq;
3421 tcp->tcp_swl2 = seg_ack;
3422 tcp->tcp_state = TCPS_ESTABLISHED;
3423 tcp->tcp_valid_bits &= ~TCP_ISS_VALID;
3424 }
3425 /* This code follows 4.4BSD-Lite2 mostly. */
3426 if (bytes_acked < 0)
3427 goto est;
3428
3429 /*
3430 * If TCP is ECN capable and the congestion experience bit is
3431 * set, reduce tcp_cwnd and tcp_ssthresh. But this should only be
3432 * done once per window (or more loosely, per RTT).
3433 */
3434 if (tcp->tcp_cwr && SEQ_GT(seg_ack, tcp->tcp_cwr_snd_max))
3435 tcp->tcp_cwr = B_FALSE;
3436 if (tcp->tcp_ecn_ok && (flags & TH_ECE)) {
3437 if (!tcp->tcp_cwr) {
3438 npkt = (MIN(tcp->tcp_cwnd, tcp->tcp_swnd) >> 1) / mss;
3439 tcp->tcp_cwnd_ssthresh = MAX(npkt, 2) * mss;
3440 tcp->tcp_cwnd = npkt * mss;
3441 /*
3442 * If the cwnd is 0, use the timer to clock out
3443 * new segments. This is required by the ECN spec.
3444 */
3445 if (npkt == 0) {
3446 TCP_TIMER_RESTART(tcp, tcp->tcp_rto);
3447 /*
3448 * This makes sure that when the ACK comes
3449 * back, we will increase tcp_cwnd by 1 MSS.
3450 */
3451 tcp->tcp_cwnd_cnt = 0;
3452 }
3453 tcp->tcp_cwr = B_TRUE;
3454 /*
3455 * This marks the end of the current window of in
3456 * flight data. That is why we don't use
3457 * tcp_suna + tcp_swnd. Only data in flight can
3458 * provide ECN info.
3459 */
3460 tcp->tcp_cwr_snd_max = tcp->tcp_snxt;
3461 tcp->tcp_ecn_cwr_sent = B_FALSE;
3462 }
3463 }
3464
3465 mp1 = tcp->tcp_xmit_head;
3466 if (bytes_acked == 0) {
3467 if (!ofo_seg && seg_len == 0 && new_swnd == tcp->tcp_swnd) {
3468 int dupack_cnt;
3469
3470 BUMP_MIB(tcp_mib.tcpInDupAck);
3471 /*
3472 * Fast retransmit. When we have seen exactly three
3473 * identical ACKs while we have unacked data
3474 * outstanding we take it as a hint that our peer
3475 * dropped something.
3476 *
3477 * If TCP is retransmitting, don't do fast retransmit.
3478 */
3479 if (mp1 != NULL && tcp->tcp_suna != tcp->tcp_snxt &&
3480 ! tcp->tcp_rexmit) {
3481 /* Do Limited Transmit */
3482 if ((dupack_cnt = ++tcp->tcp_dupack_cnt) <
3483 tcp_dupack_fast_retransmit) {
3484 /*
3485 * RFC 3042
3486 *
3487 * What we need to do is temporarily
3488 * increase tcp_cwnd so that new
3489 * data can be sent if it is allowed
3490 * by the receive window (tcp_rwnd).
3491 * tcp_wput_data() will take care of
3492 * the rest.
3493 *
3494 * If the connection is SACK capable,
3495 * only do limited xmit when there
3496 * is SACK info.
3497 *
3498 * Note how tcp_cwnd is incremented.
3499 * The first dup ACK will increase
3500 * it by 1 MSS. The second dup ACK
3501 * will increase it by 2 MSS. This
3502 * means that only 1 new segment will
3503 * be sent for each dup ACK.
3504 */
3505 if (tcp->tcp_unsent > 0 &&
3506 (!tcp->tcp_snd_sack_ok ||
3507 (tcp->tcp_snd_sack_ok &&
3508 tcp->tcp_notsack_list != NULL))) {
3509 tcp->tcp_cwnd += mss <<
3510 (tcp->tcp_dupack_cnt - 1);
3511 flags |= TH_LIMIT_XMIT;
3512 }
3513 } else if (dupack_cnt ==
3514 tcp_dupack_fast_retransmit) {
3515
3516 BUMP_MIB(tcp_mib.tcpOutFastRetrans);
3517 /*
3518 * If we have reduced tcp_ssthresh
3519 * because of ECN, do not reduce it again
3520 * unless it is already one window of data
3521 * away. After one window of data, tcp_cwr
3522 * should then be cleared. Note that
3523 * for non ECN capable connection, tcp_cwr
3524 * should always be false.
3525 *
3526 * Adjust cwnd since the duplicate
3527 * ack indicates that a packet was
3528 * dropped (due to congestion.)
3529 */
3530 if (!tcp->tcp_cwr) {
3531 npkt = (MIN(tcp->tcp_cwnd,
3532 tcp->tcp_swnd) >> 1) / mss;
3533 if (npkt < 2)
3534 npkt = 2;
3535 tcp->tcp_cwnd_ssthresh = npkt * mss;
3536 tcp->tcp_cwnd = (npkt +
3537 tcp->tcp_dupack_cnt) * mss;
3538 }
3539 if (tcp->tcp_ecn_ok) {
3540 tcp->tcp_cwr = B_TRUE;
3541 tcp->tcp_cwr_snd_max = tcp->tcp_snxt;
3542 tcp->tcp_ecn_cwr_sent = B_FALSE;
3543 }
3544
3545 /*
3546 * We do Hoe's algorithm. Refer to her
3547 * paper "Improving the Start-up Behavior
3548 * of a Congestion Control Scheme for TCP,"
3549 * appeared in SIGCOMM'96.
3550 *
3551 * Save highest seq no we have sent so far.
3552 * Be careful about the invisible FIN byte.
3553 */
3554 if ((tcp->tcp_valid_bits & TCP_FSS_VALID) &&
3555 (tcp->tcp_unsent == 0)) {
3556 tcp->tcp_rexmit_max = tcp->tcp_fss;
3557 } else {
3558 tcp->tcp_rexmit_max = tcp->tcp_snxt;
3559 }
3560
3561 /*
3562 * Do not allow bursty traffic during.
3563 * fast recovery. Refer to Fall and Floyd's
3564 * paper "Simulation-based Comparisons of
3565 * Tahoe, Reno and SACK TCP" (in CCR ??)
3566 * This is a best current practise.
3567 */
3568 tcp->tcp_snd_burst = TCP_CWND_SS;
3569
3570 /*
3571 * For SACK:
3572 * Calculate tcp_pipe, which is the
3573 * estimated number of bytes in
3574 * network.
3575 *
3576 * tcp_fack is the highest sack'ed seq num
3577 * TCP has received.
3578 *
3579 * tcp_pipe is explained in the above quoted
3580 * Fall and Floyd's paper. tcp_fack is
3581 * explained in Mathis and Mahdavi's
3582 * "Forward Acknowledgment: Refining TCP
3583 * Congestion Control" in SIGCOMM '96.
3584 */
3585 if (tcp->tcp_snd_sack_ok) {
3586 assert(tcp->tcp_sack_info != NULL);
3587 if (tcp->tcp_notsack_list != NULL) {
3588 tcp->tcp_pipe = tcp->tcp_snxt -
3589 tcp->tcp_fack;
3590 tcp->tcp_sack_snxt = seg_ack;
3591 flags |= TH_NEED_SACK_REXMIT;
3592 } else {
3593 /*
3594 * Always initialize tcp_pipe
3595 * even though we don't have
3596 * any SACK info. If later
3597 * we get SACK info and
3598 * tcp_pipe is not initialized,
3599 * funny things will happen.
3600 */
3601 tcp->tcp_pipe =
3602 tcp->tcp_cwnd_ssthresh;
3603 }
3604 } else {
3605 flags |= TH_REXMIT_NEEDED;
3606 } /* tcp_snd_sack_ok */
3607
3608 } else {
3609 /*
3610 * Here we perform congestion
3611 * avoidance, but NOT slow start.
3612 * This is known as the Fast
3613 * Recovery Algorithm.
3614 */
3615 if (tcp->tcp_snd_sack_ok &&
3616 tcp->tcp_notsack_list != NULL) {
3617 flags |= TH_NEED_SACK_REXMIT;
3618 tcp->tcp_pipe -= mss;
3619 if (tcp->tcp_pipe < 0)
3620 tcp->tcp_pipe = 0;
3621 } else {
3622 /*
3623 * We know that one more packet has
3624 * left the pipe thus we can update
3625 * cwnd.
3626 */
3627 cwnd = tcp->tcp_cwnd + mss;
3628 if (cwnd > tcp->tcp_cwnd_max)
3629 cwnd = tcp->tcp_cwnd_max;
3630 tcp->tcp_cwnd = cwnd;
3631 flags |= TH_XMIT_NEEDED;
3632 }
3633 }
3634 }
3635 } else if (tcp->tcp_zero_win_probe) {
3636 /*
3637 * If the window has opened, need to arrange
3638 * to send additional data.
3639 */
3640 if (new_swnd != 0) {
3641 /* tcp_suna != tcp_snxt */
3642 /* Packet contains a window update */
3643 BUMP_MIB(tcp_mib.tcpInWinUpdate);
3644 tcp->tcp_zero_win_probe = 0;
3645 tcp->tcp_timer_backoff = 0;
3646 tcp->tcp_ms_we_have_waited = 0;
3647
3648 /*
3649 * Transmit starting with tcp_suna since
3650 * the one byte probe is not ack'ed.
3651 * If TCP has sent more than one identical
3652 * probe, tcp_rexmit will be set. That means
3653 * tcp_ss_rexmit() will send out the one
3654 * byte along with new data. Otherwise,
3655 * fake the retransmission.
3656 */
3657 flags |= TH_XMIT_NEEDED;
3658 if (!tcp->tcp_rexmit) {
3659 tcp->tcp_rexmit = B_TRUE;
3660 tcp->tcp_dupack_cnt = 0;
3661 tcp->tcp_rexmit_nxt = tcp->tcp_suna;
3662 tcp->tcp_rexmit_max = tcp->tcp_suna + 1;
3663 }
3664 }
3665 }
3666 goto swnd_update;
3667 }
3668
3669 /*
3670 * Check for "acceptability" of ACK value per RFC 793, pages 72 - 73.
3671 * If the ACK value acks something that we have not yet sent, it might
3672 * be an old duplicate segment. Send an ACK to re-synchronize the
3673 * other side.
3674 * Note: reset in response to unacceptable ACK in SYN_RECEIVE
3675 * state is handled above, so we can always just drop the segment and
3676 * send an ACK here.
3677 *
3678 * Should we send ACKs in response to ACK only segments?
3679 */
3680 if (SEQ_GT(seg_ack, tcp->tcp_snxt)) {
3681 BUMP_MIB(tcp_mib.tcpInAckUnsent);
3682 /* drop the received segment */
3683 freemsg(mp);
3684
3685 /* Send back an ACK. */
3686 mp = tcp_ack_mp(tcp);
3687
3688 if (mp == NULL) {
3689 return;
3690 }
3691 BUMP_MIB(tcp_mib.tcpOutAck);
3692 (void) ipv4_tcp_output(sock_id, mp);
3693 freeb(mp);
3694 return;
3695 }
3696
3697 /*
3698 * TCP gets a new ACK, update the notsack'ed list to delete those
3699 * blocks that are covered by this ACK.
3700 */
3701 if (tcp->tcp_snd_sack_ok && tcp->tcp_notsack_list != NULL) {
3702 tcp_notsack_remove(&(tcp->tcp_notsack_list), seg_ack,
3703 &(tcp->tcp_num_notsack_blk), &(tcp->tcp_cnt_notsack_list));
3704 }
3705
3706 /*
3707 * If we got an ACK after fast retransmit, check to see
3708 * if it is a partial ACK. If it is not and the congestion
3709 * window was inflated to account for the other side's
3710 * cached packets, retract it. If it is, do Hoe's algorithm.
3711 */
3712 if (tcp->tcp_dupack_cnt >= tcp_dupack_fast_retransmit) {
3713 assert(tcp->tcp_rexmit == B_FALSE);
3714 if (SEQ_GEQ(seg_ack, tcp->tcp_rexmit_max)) {
3715 tcp->tcp_dupack_cnt = 0;
3716 /*
3717 * Restore the orig tcp_cwnd_ssthresh after
3718 * fast retransmit phase.
3719 */
3720 if (tcp->tcp_cwnd > tcp->tcp_cwnd_ssthresh) {
3721 tcp->tcp_cwnd = tcp->tcp_cwnd_ssthresh;
3722 }
3723 tcp->tcp_rexmit_max = seg_ack;
3724 tcp->tcp_cwnd_cnt = 0;
3725 tcp->tcp_snd_burst = TCP_CWND_NORMAL;
3726
3727 /*
3728 * Remove all notsack info to avoid confusion with
3729 * the next fast retrasnmit/recovery phase.
3730 */
3731 if (tcp->tcp_snd_sack_ok &&
3732 tcp->tcp_notsack_list != NULL) {
3733 TCP_NOTSACK_REMOVE_ALL(tcp->tcp_notsack_list);
3734 }
3735 } else {
3736 if (tcp->tcp_snd_sack_ok &&
3737 tcp->tcp_notsack_list != NULL) {
3738 flags |= TH_NEED_SACK_REXMIT;
3739 tcp->tcp_pipe -= mss;
3740 if (tcp->tcp_pipe < 0)
3741 tcp->tcp_pipe = 0;
3742 } else {
3743 /*
3744 * Hoe's algorithm:
3745 *
3746 * Retransmit the unack'ed segment and
3747 * restart fast recovery. Note that we
3748 * need to scale back tcp_cwnd to the
3749 * original value when we started fast
3750 * recovery. This is to prevent overly
3751 * aggressive behaviour in sending new
3752 * segments.
3753 */
3754 tcp->tcp_cwnd = tcp->tcp_cwnd_ssthresh +
3755 tcp_dupack_fast_retransmit * mss;
3756 tcp->tcp_cwnd_cnt = tcp->tcp_cwnd;
3757 BUMP_MIB(tcp_mib.tcpOutFastRetrans);
3758 flags |= TH_REXMIT_NEEDED;
3759 }
3760 }
3761 } else {
3762 tcp->tcp_dupack_cnt = 0;
3763 if (tcp->tcp_rexmit) {
3764 /*
3765 * TCP is retranmitting. If the ACK ack's all
3766 * outstanding data, update tcp_rexmit_max and
3767 * tcp_rexmit_nxt. Otherwise, update tcp_rexmit_nxt
3768 * to the correct value.
3769 *
3770 * Note that SEQ_LEQ() is used. This is to avoid
3771 * unnecessary fast retransmit caused by dup ACKs
3772 * received when TCP does slow start retransmission
3773 * after a time out. During this phase, TCP may
3774 * send out segments which are already received.
3775 * This causes dup ACKs to be sent back.
3776 */
3777 if (SEQ_LEQ(seg_ack, tcp->tcp_rexmit_max)) {
3778 if (SEQ_GT(seg_ack, tcp->tcp_rexmit_nxt)) {
3779 tcp->tcp_rexmit_nxt = seg_ack;
3780 }
3781 if (seg_ack != tcp->tcp_rexmit_max) {
3782 flags |= TH_XMIT_NEEDED;
3783 }
3784 } else {
3785 tcp->tcp_rexmit = B_FALSE;
3786 tcp->tcp_rexmit_nxt = tcp->tcp_snxt;
3787 tcp->tcp_snd_burst = TCP_CWND_NORMAL;
3788 }
3789 tcp->tcp_ms_we_have_waited = 0;
3790 }
3791 }
3792
3793 BUMP_MIB(tcp_mib.tcpInAckSegs);
3794 UPDATE_MIB(tcp_mib.tcpInAckBytes, bytes_acked);
3795 tcp->tcp_suna = seg_ack;
3796 if (tcp->tcp_zero_win_probe != 0) {
3797 tcp->tcp_zero_win_probe = 0;
3798 tcp->tcp_timer_backoff = 0;
3799 }
3800
3801 /*
3802 * If tcp_xmit_head is NULL, then it must be the FIN being ack'ed.
3803 * Note that it cannot be the SYN being ack'ed. The code flow
3804 * will not reach here.
3805 */
3806 if (mp1 == NULL) {
3807 goto fin_acked;
3808 }
3809
3810 /*
3811 * Update the congestion window.
3812 *
3813 * If TCP is not ECN capable or TCP is ECN capable but the
3814 * congestion experience bit is not set, increase the tcp_cwnd as
3815 * usual.
3816 */
3817 if (!tcp->tcp_ecn_ok || !(flags & TH_ECE)) {
3818 cwnd = tcp->tcp_cwnd;
3819 add = mss;
3820
3821 if (cwnd >= tcp->tcp_cwnd_ssthresh) {
3822 /*
3823 * This is to prevent an increase of less than 1 MSS of
3824 * tcp_cwnd. With partial increase, tcp_wput_data()
3825 * may send out tinygrams in order to preserve mblk
3826 * boundaries.
3827 *
3828 * By initializing tcp_cwnd_cnt to new tcp_cwnd and
3829 * decrementing it by 1 MSS for every ACKs, tcp_cwnd is
3830 * increased by 1 MSS for every RTTs.
3831 */
3832 if (tcp->tcp_cwnd_cnt <= 0) {
3833 tcp->tcp_cwnd_cnt = cwnd + add;
3834 } else {
3835 tcp->tcp_cwnd_cnt -= add;
3836 add = 0;
3837 }
3838 }
3839 tcp->tcp_cwnd = MIN(cwnd + add, tcp->tcp_cwnd_max);
3840 }
3841
3842 /* Can we update the RTT estimates? */
3843 if (tcp->tcp_snd_ts_ok) {
3844 /* Ignore zero timestamp echo-reply. */
3845 if (tcpopt.tcp_opt_ts_ecr != 0) {
3846 tcp_set_rto(tcp, (int32_t)(prom_gettime() -
3847 tcpopt.tcp_opt_ts_ecr));
3848 }
3849
3850 /* If needed, restart the timer. */
3851 if (tcp->tcp_set_timer == 1) {
3852 TCP_TIMER_RESTART(tcp, tcp->tcp_rto);
3853 tcp->tcp_set_timer = 0;
3854 }
3855 /*
3856 * Update tcp_csuna in case the other side stops sending
3857 * us timestamps.
3858 */
3859 tcp->tcp_csuna = tcp->tcp_snxt;
3860 } else if (SEQ_GT(seg_ack, tcp->tcp_csuna)) {
3861 /*
3862 * An ACK sequence we haven't seen before, so get the RTT
3863 * and update the RTO.
3864 * Note. use uintptr_t to suppress the gcc warning.
3865 */
3866 tcp_set_rto(tcp, (int32_t)(prom_gettime() -
3867 (uint32_t)(uintptr_t)mp1->b_prev));
3868
3869 /* Remeber the last sequence to be ACKed */
3870 tcp->tcp_csuna = seg_ack;
3871 if (tcp->tcp_set_timer == 1) {
3872 TCP_TIMER_RESTART(tcp, tcp->tcp_rto);
3873 tcp->tcp_set_timer = 0;
3874 }
3875 } else {
3876 BUMP_MIB(tcp_mib.tcpRttNoUpdate);
3877 }
3878
3879 /* Eat acknowledged bytes off the xmit queue. */
3880 for (;;) {
3881 mblk_t *mp2;
3882 uchar_t *wptr;
3883
3884 wptr = mp1->b_wptr;
3885 assert((uintptr_t)(wptr - mp1->b_rptr) <= (uintptr_t)INT_MAX);
3886 bytes_acked -= (int)(wptr - mp1->b_rptr);
3887 if (bytes_acked < 0) {
3888 mp1->b_rptr = wptr + bytes_acked;
3889 break;
3890 }
3891 mp1->b_prev = NULL;
3892 mp2 = mp1;
3893 mp1 = mp1->b_cont;
3894 freeb(mp2);
3895 if (bytes_acked == 0) {
3896 if (mp1 == NULL) {
3897 /* Everything is ack'ed, clear the tail. */
3898 tcp->tcp_xmit_tail = NULL;
3899 goto pre_swnd_update;
3900 }
3901 if (mp2 != tcp->tcp_xmit_tail)
3902 break;
3903 tcp->tcp_xmit_tail = mp1;
3904 assert((uintptr_t)(mp1->b_wptr -
3905 mp1->b_rptr) <= (uintptr_t)INT_MAX);
3906 tcp->tcp_xmit_tail_unsent = (int)(mp1->b_wptr -
3907 mp1->b_rptr);
3908 break;
3909 }
3910 if (mp1 == NULL) {
3911 /*
3912 * More was acked but there is nothing more
3913 * outstanding. This means that the FIN was
3914 * just acked or that we're talking to a clown.
3915 */
3916 fin_acked:
3917 assert(tcp->tcp_fin_sent);
3918 tcp->tcp_xmit_tail = NULL;
3919 if (tcp->tcp_fin_sent) {
3920 tcp->tcp_fin_acked = B_TRUE;
3921 } else {
3922 /*
3923 * We should never got here because
3924 * we have already checked that the
3925 * number of bytes ack'ed should be
3926 * smaller than or equal to what we
3927 * have sent so far (it is the
3928 * acceptability check of the ACK).
3929 * We can only get here if the send
3930 * queue is corrupted.
3931 *
3932 * Terminate the connection and
3933 * panic the system. It is better
3934 * for us to panic instead of
3935 * continuing to avoid other disaster.
3936 */
3937 tcp_xmit_ctl(NULL, tcp, NULL, tcp->tcp_snxt,
3938 tcp->tcp_rnxt, TH_RST|TH_ACK, 0, sock_id);
3939 printf("Memory corruption "
3940 "detected for connection %s.\n",
3941 tcp_display(tcp, NULL,
3942 DISP_ADDR_AND_PORT));
3943 /* We should never get here... */
3944 prom_panic("tcp_rput_data");
3945 return;
3946 }
3947 goto pre_swnd_update;
3948 }
3949 assert(mp2 != tcp->tcp_xmit_tail);
3950 }
3951 if (tcp->tcp_unsent) {
3952 flags |= TH_XMIT_NEEDED;
3953 }
3954 pre_swnd_update:
3955 tcp->tcp_xmit_head = mp1;
3956 swnd_update:
3957 /*
3958 * The following check is different from most other implementations.
3959 * For bi-directional transfer, when segments are dropped, the
3960 * "normal" check will not accept a window update in those
3961 * retransmitted segemnts. Failing to do that, TCP may send out
3962 * segments which are outside receiver's window. As TCP accepts
3963 * the ack in those retransmitted segments, if the window update in
3964 * the same segment is not accepted, TCP will incorrectly calculates
3965 * that it can send more segments. This can create a deadlock
3966 * with the receiver if its window becomes zero.
3967 */
3968 if (SEQ_LT(tcp->tcp_swl2, seg_ack) ||
3969 SEQ_LT(tcp->tcp_swl1, seg_seq) ||
3970 (tcp->tcp_swl1 == seg_seq && new_swnd > tcp->tcp_swnd)) {
3971 /*
3972 * The criteria for update is:
3973 *
3974 * 1. the segment acknowledges some data. Or
3975 * 2. the segment is new, i.e. it has a higher seq num. Or
3976 * 3. the segment is not old and the advertised window is
3977 * larger than the previous advertised window.
3978 */
3979 if (tcp->tcp_unsent && new_swnd > tcp->tcp_swnd)
3980 flags |= TH_XMIT_NEEDED;
3981 tcp->tcp_swnd = new_swnd;
3982 if (new_swnd > tcp->tcp_max_swnd)
3983 tcp->tcp_max_swnd = new_swnd;
3984 tcp->tcp_swl1 = seg_seq;
3985 tcp->tcp_swl2 = seg_ack;
3986 }
3987 est:
3988 if (tcp->tcp_state > TCPS_ESTABLISHED) {
3989 switch (tcp->tcp_state) {
3990 case TCPS_FIN_WAIT_1:
3991 if (tcp->tcp_fin_acked) {
3992 tcp->tcp_state = TCPS_FIN_WAIT_2;
3993 /*
3994 * We implement the non-standard BSD/SunOS
3995 * FIN_WAIT_2 flushing algorithm.
3996 * If there is no user attached to this
3997 * TCP endpoint, then this TCP struct
3998 * could hang around forever in FIN_WAIT_2
3999 * state if the peer forgets to send us
4000 * a FIN. To prevent this, we wait only
4001 * 2*MSL (a convenient time value) for
4002 * the FIN to arrive. If it doesn't show up,
4003 * we flush the TCP endpoint. This algorithm,
4004 * though a violation of RFC-793, has worked
4005 * for over 10 years in BSD systems.
4006 * Note: SunOS 4.x waits 675 seconds before
4007 * flushing the FIN_WAIT_2 connection.
4008 */
4009 TCP_TIMER_RESTART(tcp,
4010 tcp_fin_wait_2_flush_interval);
4011 }
4012 break;
4013 case TCPS_FIN_WAIT_2:
4014 break; /* Shutdown hook? */
4015 case TCPS_LAST_ACK:
4016 freemsg(mp);
4017 if (tcp->tcp_fin_acked) {
4018 (void) tcp_clean_death(sock_id, tcp, 0);
4019 return;
4020 }
4021 goto xmit_check;
4022 case TCPS_CLOSING:
4023 if (tcp->tcp_fin_acked) {
4024 tcp->tcp_state = TCPS_TIME_WAIT;
4025 tcp_time_wait_append(tcp);
4026 TCP_TIMER_RESTART(tcp, tcp_time_wait_interval);
4027 }
4028 /*FALLTHRU*/
4029 case TCPS_CLOSE_WAIT:
4030 freemsg(mp);
4031 goto xmit_check;
4032 default:
4033 assert(tcp->tcp_state != TCPS_TIME_WAIT);
4034 break;
4035 }
4036 }
4037 if (flags & TH_FIN) {
4038 /* Make sure we ack the fin */
4039 flags |= TH_ACK_NEEDED;
4040 if (!tcp->tcp_fin_rcvd) {
4041 tcp->tcp_fin_rcvd = B_TRUE;
4042 tcp->tcp_rnxt++;
4043 U32_TO_ABE32(tcp->tcp_rnxt, tcp->tcp_tcph->th_ack);
4044
4045 switch (tcp->tcp_state) {
4046 case TCPS_SYN_RCVD:
4047 case TCPS_ESTABLISHED:
4048 tcp->tcp_state = TCPS_CLOSE_WAIT;
4049 /* Keepalive? */
4050 break;
4051 case TCPS_FIN_WAIT_1:
4052 if (!tcp->tcp_fin_acked) {
4053 tcp->tcp_state = TCPS_CLOSING;
4054 break;
4055 }
4056 /* FALLTHRU */
4057 case TCPS_FIN_WAIT_2:
4058 tcp->tcp_state = TCPS_TIME_WAIT;
4059 tcp_time_wait_append(tcp);
4060 TCP_TIMER_RESTART(tcp, tcp_time_wait_interval);
4061 if (seg_len) {
4062 /*
4063 * implies data piggybacked on FIN.
4064 * break to handle data.
4065 */
4066 break;
4067 }
4068 freemsg(mp);
4069 goto ack_check;
4070 }
4071 }
4072 }
4073 if (mp == NULL)
4074 goto xmit_check;
4075 if (seg_len == 0) {
4076 freemsg(mp);
4077 goto xmit_check;
4078 }
4079 if (mp->b_rptr == mp->b_wptr) {
4080 /*
4081 * The header has been consumed, so we remove the
4082 * zero-length mblk here.
4083 */
4084 mp1 = mp;
4085 mp = mp->b_cont;
4086 freeb(mp1);
4087 }
4088 /*
4089 * ACK every other segments, unless the input queue is empty
4090 * as we don't have a timer available.
4091 */
4092 if (++tcp->tcp_rack_cnt == 2 || sockets[sock_id].inq == NULL) {
4093 flags |= TH_ACK_NEEDED;
4094 tcp->tcp_rack_cnt = 0;
4095 }
4096 tcp->tcp_rnxt += seg_len;
4097 U32_TO_ABE32(tcp->tcp_rnxt, tcp->tcp_tcph->th_ack);
4098
4099 /* Update SACK list */
4100 if (tcp->tcp_snd_sack_ok && tcp->tcp_num_sack_blk > 0) {
4101 tcp_sack_remove(tcp->tcp_sack_list, tcp->tcp_rnxt,
4102 &(tcp->tcp_num_sack_blk));
4103 }
4104
4105 if (tcp->tcp_listener) {
4106 /*
4107 * Side queue inbound data until the accept happens.
4108 * tcp_accept/tcp_rput drains this when the accept happens.
4109 */
4110 tcp_rcv_enqueue(tcp, mp, seg_len);
4111 } else {
4112 /* Just queue the data until the app calls read. */
4113 tcp_rcv_enqueue(tcp, mp, seg_len);
4114 /*
4115 * Make sure the timer is running if we have data waiting
4116 * for a push bit. This provides resiliency against
4117 * implementations that do not correctly generate push bits.
4118 */
4119 if (tcp->tcp_rcv_list != NULL)
4120 flags |= TH_TIMER_NEEDED;
4121 }
4122
4123 xmit_check:
4124 /* Is there anything left to do? */
4125 if ((flags & (TH_REXMIT_NEEDED|TH_XMIT_NEEDED|TH_ACK_NEEDED|
4126 TH_NEED_SACK_REXMIT|TH_LIMIT_XMIT|TH_TIMER_NEEDED)) == 0)
4127 return;
4128
4129 /* Any transmit work to do and a non-zero window? */
4130 if ((flags & (TH_REXMIT_NEEDED|TH_XMIT_NEEDED|TH_NEED_SACK_REXMIT|
4131 TH_LIMIT_XMIT)) && tcp->tcp_swnd != 0) {
4132 if (flags & TH_REXMIT_NEEDED) {
4133 uint32_t snd_size = tcp->tcp_snxt - tcp->tcp_suna;
4134
4135 if (snd_size > mss)
4136 snd_size = mss;
4137 if (snd_size > tcp->tcp_swnd)
4138 snd_size = tcp->tcp_swnd;
4139 mp1 = tcp_xmit_mp(tcp, tcp->tcp_xmit_head, snd_size,
4140 NULL, NULL, tcp->tcp_suna, B_TRUE, &snd_size,
4141 B_TRUE);
4142
4143 if (mp1 != NULL) {
4144 /* use uintptr_t to suppress the gcc warning */
4145 tcp->tcp_xmit_head->b_prev =
4146 (mblk_t *)(uintptr_t)prom_gettime();
4147 tcp->tcp_csuna = tcp->tcp_snxt;
4148 BUMP_MIB(tcp_mib.tcpRetransSegs);
4149 UPDATE_MIB(tcp_mib.tcpRetransBytes, snd_size);
4150 (void) ipv4_tcp_output(sock_id, mp1);
4151 freeb(mp1);
4152 }
4153 }
4154 if (flags & TH_NEED_SACK_REXMIT) {
4155 if (tcp_sack_rxmit(tcp, sock_id) != 0) {
4156 flags |= TH_XMIT_NEEDED;
4157 }
4158 }
4159 /*
4160 * For TH_LIMIT_XMIT, tcp_wput_data() is called to send
4161 * out new segment. Note that tcp_rexmit should not be
4162 * set, otherwise TH_LIMIT_XMIT should not be set.
4163 */
4164 if (flags & (TH_XMIT_NEEDED|TH_LIMIT_XMIT)) {
4165 if (!tcp->tcp_rexmit) {
4166 tcp_wput_data(tcp, NULL, sock_id);
4167 } else {
4168 tcp_ss_rexmit(tcp, sock_id);
4169 }
4170 /*
4171 * The TCP could be closed in tcp_state_wait via
4172 * tcp_wput_data (tcp_ss_rexmit could call
4173 * tcp_wput_data as well).
4174 */
4175 if (sockets[sock_id].pcb == NULL)
4176 return;
4177 }
4178 /*
4179 * Adjust tcp_cwnd back to normal value after sending
4180 * new data segments.
4181 */
4182 if (flags & TH_LIMIT_XMIT) {
4183 tcp->tcp_cwnd -= mss << (tcp->tcp_dupack_cnt - 1);
4184 }
4185
4186 /* Anything more to do? */
4187 if ((flags & (TH_ACK_NEEDED|TH_TIMER_NEEDED)) == 0)
4188 return;
4189 }
4190 ack_check:
4191 if (flags & TH_ACK_NEEDED) {
4192 /*
4193 * Time to send an ack for some reason.
4194 */
4195 if ((mp1 = tcp_ack_mp(tcp)) != NULL) {
4196 TCP_DUMP_PACKET("tcp_rput_data: ack mp", mp1);
4197 (void) ipv4_tcp_output(sock_id, mp1);
4198 BUMP_MIB(tcp_mib.tcpOutAck);
4199 freeb(mp1);
4200 }
4201 }
4202 }
4203
4204 /*
4205 * tcp_ss_rexmit() is called in tcp_rput_data() to do slow start
4206 * retransmission after a timeout.
4207 *
4208 * To limit the number of duplicate segments, we limit the number of segment
4209 * to be sent in one time to tcp_snd_burst, the burst variable.
4210 */
4211 static void
tcp_ss_rexmit(tcp_t * tcp,int sock_id)4212 tcp_ss_rexmit(tcp_t *tcp, int sock_id)
4213 {
4214 uint32_t snxt;
4215 uint32_t smax;
4216 int32_t win;
4217 int32_t mss;
4218 int32_t off;
4219 int32_t burst = tcp->tcp_snd_burst;
4220 mblk_t *snxt_mp;
4221
4222 /*
4223 * Note that tcp_rexmit can be set even though TCP has retransmitted
4224 * all unack'ed segments.
4225 */
4226 if (SEQ_LT(tcp->tcp_rexmit_nxt, tcp->tcp_rexmit_max)) {
4227 smax = tcp->tcp_rexmit_max;
4228 snxt = tcp->tcp_rexmit_nxt;
4229 if (SEQ_LT(snxt, tcp->tcp_suna)) {
4230 snxt = tcp->tcp_suna;
4231 }
4232 win = MIN(tcp->tcp_cwnd, tcp->tcp_swnd);
4233 win -= snxt - tcp->tcp_suna;
4234 mss = tcp->tcp_mss;
4235 snxt_mp = tcp_get_seg_mp(tcp, snxt, &off);
4236
4237 while (SEQ_LT(snxt, smax) && (win > 0) &&
4238 (burst > 0) && (snxt_mp != NULL)) {
4239 mblk_t *xmit_mp;
4240 mblk_t *old_snxt_mp = snxt_mp;
4241 uint32_t cnt = mss;
4242
4243 if (win < cnt) {
4244 cnt = win;
4245 }
4246 if (SEQ_GT(snxt + cnt, smax)) {
4247 cnt = smax - snxt;
4248 }
4249 xmit_mp = tcp_xmit_mp(tcp, snxt_mp, cnt, &off,
4250 &snxt_mp, snxt, B_TRUE, &cnt, B_TRUE);
4251
4252 if (xmit_mp == NULL)
4253 return;
4254
4255 (void) ipv4_tcp_output(sock_id, xmit_mp);
4256 freeb(xmit_mp);
4257
4258 snxt += cnt;
4259 win -= cnt;
4260 /*
4261 * Update the send timestamp to avoid false
4262 * retransmission.
4263 * Note. use uintptr_t to suppress the gcc warning.
4264 */
4265 old_snxt_mp->b_prev =
4266 (mblk_t *)(uintptr_t)prom_gettime();
4267 BUMP_MIB(tcp_mib.tcpRetransSegs);
4268 UPDATE_MIB(tcp_mib.tcpRetransBytes, cnt);
4269
4270 tcp->tcp_rexmit_nxt = snxt;
4271 burst--;
4272 }
4273 /*
4274 * If we have transmitted all we have at the time
4275 * we started the retranmission, we can leave
4276 * the rest of the job to tcp_wput_data(). But we
4277 * need to check the send window first. If the
4278 * win is not 0, go on with tcp_wput_data().
4279 */
4280 if (SEQ_LT(snxt, smax) || win == 0) {
4281 return;
4282 }
4283 }
4284 /* Only call tcp_wput_data() if there is data to be sent. */
4285 if (tcp->tcp_unsent) {
4286 tcp_wput_data(tcp, NULL, sock_id);
4287 }
4288 }
4289
4290 /*
4291 * tcp_timer is the timer service routine. It handles all timer events for
4292 * a tcp instance except keepalives. It figures out from the state of the
4293 * tcp instance what kind of action needs to be done at the time it is called.
4294 */
4295 static void
tcp_timer(tcp_t * tcp,int sock_id)4296 tcp_timer(tcp_t *tcp, int sock_id)
4297 {
4298 mblk_t *mp;
4299 uint32_t first_threshold;
4300 uint32_t second_threshold;
4301 uint32_t ms;
4302 uint32_t mss;
4303
4304 first_threshold = tcp->tcp_first_timer_threshold;
4305 second_threshold = tcp->tcp_second_timer_threshold;
4306 switch (tcp->tcp_state) {
4307 case TCPS_IDLE:
4308 case TCPS_BOUND:
4309 case TCPS_LISTEN:
4310 return;
4311 case TCPS_SYN_RCVD:
4312 case TCPS_SYN_SENT:
4313 first_threshold = tcp->tcp_first_ctimer_threshold;
4314 second_threshold = tcp->tcp_second_ctimer_threshold;
4315 break;
4316 case TCPS_ESTABLISHED:
4317 case TCPS_FIN_WAIT_1:
4318 case TCPS_CLOSING:
4319 case TCPS_CLOSE_WAIT:
4320 case TCPS_LAST_ACK:
4321 /* If we have data to rexmit */
4322 if (tcp->tcp_suna != tcp->tcp_snxt) {
4323 int32_t time_to_wait;
4324
4325 BUMP_MIB(tcp_mib.tcpTimRetrans);
4326 if (tcp->tcp_xmit_head == NULL)
4327 break;
4328 /* use uintptr_t to suppress the gcc warning */
4329 time_to_wait = (int32_t)(prom_gettime() -
4330 (uint32_t)(uintptr_t)tcp->tcp_xmit_head->b_prev);
4331 time_to_wait = tcp->tcp_rto - time_to_wait;
4332 if (time_to_wait > 0) {
4333 /*
4334 * Timer fired too early, so restart it.
4335 */
4336 TCP_TIMER_RESTART(tcp, time_to_wait);
4337 return;
4338 }
4339 /*
4340 * When we probe zero windows, we force the swnd open.
4341 * If our peer acks with a closed window swnd will be
4342 * set to zero by tcp_rput(). As long as we are
4343 * receiving acks tcp_rput will
4344 * reset 'tcp_ms_we_have_waited' so as not to trip the
4345 * first and second interval actions. NOTE: the timer
4346 * interval is allowed to continue its exponential
4347 * backoff.
4348 */
4349 if (tcp->tcp_swnd == 0 || tcp->tcp_zero_win_probe) {
4350 DEBUG_1("tcp_timer (%d): zero win", sock_id);
4351 break;
4352 } else {
4353 /*
4354 * After retransmission, we need to do
4355 * slow start. Set the ssthresh to one
4356 * half of current effective window and
4357 * cwnd to one MSS. Also reset
4358 * tcp_cwnd_cnt.
4359 *
4360 * Note that if tcp_ssthresh is reduced because
4361 * of ECN, do not reduce it again unless it is
4362 * already one window of data away (tcp_cwr
4363 * should then be cleared) or this is a
4364 * timeout for a retransmitted segment.
4365 */
4366 uint32_t npkt;
4367
4368 if (!tcp->tcp_cwr || tcp->tcp_rexmit) {
4369 npkt = (MIN((tcp->tcp_timer_backoff ?
4370 tcp->tcp_cwnd_ssthresh :
4371 tcp->tcp_cwnd),
4372 tcp->tcp_swnd) >> 1) /
4373 tcp->tcp_mss;
4374 if (npkt < 2)
4375 npkt = 2;
4376 tcp->tcp_cwnd_ssthresh = npkt *
4377 tcp->tcp_mss;
4378 }
4379 tcp->tcp_cwnd = tcp->tcp_mss;
4380 tcp->tcp_cwnd_cnt = 0;
4381 if (tcp->tcp_ecn_ok) {
4382 tcp->tcp_cwr = B_TRUE;
4383 tcp->tcp_cwr_snd_max = tcp->tcp_snxt;
4384 tcp->tcp_ecn_cwr_sent = B_FALSE;
4385 }
4386 }
4387 break;
4388 }
4389 /*
4390 * We have something to send yet we cannot send. The
4391 * reason can be:
4392 *
4393 * 1. Zero send window: we need to do zero window probe.
4394 * 2. Zero cwnd: because of ECN, we need to "clock out
4395 * segments.
4396 * 3. SWS avoidance: receiver may have shrunk window,
4397 * reset our knowledge.
4398 *
4399 * Note that condition 2 can happen with either 1 or
4400 * 3. But 1 and 3 are exclusive.
4401 */
4402 if (tcp->tcp_unsent != 0) {
4403 if (tcp->tcp_cwnd == 0) {
4404 /*
4405 * Set tcp_cwnd to 1 MSS so that a
4406 * new segment can be sent out. We
4407 * are "clocking out" new data when
4408 * the network is really congested.
4409 */
4410 assert(tcp->tcp_ecn_ok);
4411 tcp->tcp_cwnd = tcp->tcp_mss;
4412 }
4413 if (tcp->tcp_swnd == 0) {
4414 /* Extend window for zero window probe */
4415 tcp->tcp_swnd++;
4416 tcp->tcp_zero_win_probe = B_TRUE;
4417 BUMP_MIB(tcp_mib.tcpOutWinProbe);
4418 } else {
4419 /*
4420 * Handle timeout from sender SWS avoidance.
4421 * Reset our knowledge of the max send window
4422 * since the receiver might have reduced its
4423 * receive buffer. Avoid setting tcp_max_swnd
4424 * to one since that will essentially disable
4425 * the SWS checks.
4426 *
4427 * Note that since we don't have a SWS
4428 * state variable, if the timeout is set
4429 * for ECN but not for SWS, this
4430 * code will also be executed. This is
4431 * fine as tcp_max_swnd is updated
4432 * constantly and it will not affect
4433 * anything.
4434 */
4435 tcp->tcp_max_swnd = MAX(tcp->tcp_swnd, 2);
4436 }
4437 tcp_wput_data(tcp, NULL, sock_id);
4438 return;
4439 }
4440 /* Is there a FIN that needs to be to re retransmitted? */
4441 if ((tcp->tcp_valid_bits & TCP_FSS_VALID) &&
4442 !tcp->tcp_fin_acked)
4443 break;
4444 /* Nothing to do, return without restarting timer. */
4445 return;
4446 case TCPS_FIN_WAIT_2:
4447 /*
4448 * User closed the TCP endpoint and peer ACK'ed our FIN.
4449 * We waited some time for for peer's FIN, but it hasn't
4450 * arrived. We flush the connection now to avoid
4451 * case where the peer has rebooted.
4452 */
4453 /* FALLTHRU */
4454 case TCPS_TIME_WAIT:
4455 (void) tcp_clean_death(sock_id, tcp, 0);
4456 return;
4457 default:
4458 DEBUG_3("tcp_timer (%d): strange state (%d) %s", sock_id,
4459 tcp->tcp_state, tcp_display(tcp, NULL,
4460 DISP_PORT_ONLY));
4461 return;
4462 }
4463 if ((ms = tcp->tcp_ms_we_have_waited) > second_threshold) {
4464 /*
4465 * For zero window probe, we need to send indefinitely,
4466 * unless we have not heard from the other side for some
4467 * time...
4468 */
4469 if ((tcp->tcp_zero_win_probe == 0) ||
4470 ((prom_gettime() - tcp->tcp_last_recv_time) >
4471 second_threshold)) {
4472 BUMP_MIB(tcp_mib.tcpTimRetransDrop);
4473 /*
4474 * If TCP is in SYN_RCVD state, send back a
4475 * RST|ACK as BSD does. Note that tcp_zero_win_probe
4476 * should be zero in TCPS_SYN_RCVD state.
4477 */
4478 if (tcp->tcp_state == TCPS_SYN_RCVD) {
4479 tcp_xmit_ctl("tcp_timer: RST sent on timeout "
4480 "in SYN_RCVD",
4481 tcp, NULL, tcp->tcp_snxt,
4482 tcp->tcp_rnxt, TH_RST | TH_ACK, 0, sock_id);
4483 }
4484 (void) tcp_clean_death(sock_id, tcp,
4485 tcp->tcp_client_errno ?
4486 tcp->tcp_client_errno : ETIMEDOUT);
4487 return;
4488 } else {
4489 /*
4490 * Set tcp_ms_we_have_waited to second_threshold
4491 * so that in next timeout, we will do the above
4492 * check (lbolt - tcp_last_recv_time). This is
4493 * also to avoid overflow.
4494 *
4495 * We don't need to decrement tcp_timer_backoff
4496 * to avoid overflow because it will be decremented
4497 * later if new timeout value is greater than
4498 * tcp_rexmit_interval_max. In the case when
4499 * tcp_rexmit_interval_max is greater than
4500 * second_threshold, it means that we will wait
4501 * longer than second_threshold to send the next
4502 * window probe.
4503 */
4504 tcp->tcp_ms_we_have_waited = second_threshold;
4505 }
4506 } else if (ms > first_threshold && tcp->tcp_rtt_sa != 0) {
4507 /*
4508 * We have been retransmitting for too long... The RTT
4509 * we calculated is probably incorrect. Reinitialize it.
4510 * Need to compensate for 0 tcp_rtt_sa. Reset
4511 * tcp_rtt_update so that we won't accidentally cache a
4512 * bad value. But only do this if this is not a zero
4513 * window probe.
4514 */
4515 if (tcp->tcp_zero_win_probe == 0) {
4516 tcp->tcp_rtt_sd += (tcp->tcp_rtt_sa >> 3) +
4517 (tcp->tcp_rtt_sa >> 5);
4518 tcp->tcp_rtt_sa = 0;
4519 tcp->tcp_rtt_update = 0;
4520 }
4521 }
4522 tcp->tcp_timer_backoff++;
4523 if ((ms = (tcp->tcp_rtt_sa >> 3) + tcp->tcp_rtt_sd +
4524 tcp_rexmit_interval_extra + (tcp->tcp_rtt_sa >> 5)) <
4525 tcp_rexmit_interval_min) {
4526 /*
4527 * This means the original RTO is tcp_rexmit_interval_min.
4528 * So we will use tcp_rexmit_interval_min as the RTO value
4529 * and do the backoff.
4530 */
4531 ms = tcp_rexmit_interval_min << tcp->tcp_timer_backoff;
4532 } else {
4533 ms <<= tcp->tcp_timer_backoff;
4534 }
4535 if (ms > tcp_rexmit_interval_max) {
4536 ms = tcp_rexmit_interval_max;
4537 /*
4538 * ms is at max, decrement tcp_timer_backoff to avoid
4539 * overflow.
4540 */
4541 tcp->tcp_timer_backoff--;
4542 }
4543 tcp->tcp_ms_we_have_waited += ms;
4544 if (tcp->tcp_zero_win_probe == 0) {
4545 tcp->tcp_rto = ms;
4546 }
4547 TCP_TIMER_RESTART(tcp, ms);
4548 /*
4549 * This is after a timeout and tcp_rto is backed off. Set
4550 * tcp_set_timer to 1 so that next time RTO is updated, we will
4551 * restart the timer with a correct value.
4552 */
4553 tcp->tcp_set_timer = 1;
4554 mss = tcp->tcp_snxt - tcp->tcp_suna;
4555 if (mss > tcp->tcp_mss)
4556 mss = tcp->tcp_mss;
4557 if (mss > tcp->tcp_swnd && tcp->tcp_swnd != 0)
4558 mss = tcp->tcp_swnd;
4559
4560 if ((mp = tcp->tcp_xmit_head) != NULL) {
4561 /* use uintptr_t to suppress the gcc warning */
4562 mp->b_prev = (mblk_t *)(uintptr_t)prom_gettime();
4563 }
4564 mp = tcp_xmit_mp(tcp, mp, mss, NULL, NULL, tcp->tcp_suna, B_TRUE, &mss,
4565 B_TRUE);
4566 if (mp == NULL)
4567 return;
4568 tcp->tcp_csuna = tcp->tcp_snxt;
4569 BUMP_MIB(tcp_mib.tcpRetransSegs);
4570 UPDATE_MIB(tcp_mib.tcpRetransBytes, mss);
4571 /* Dump the packet when debugging. */
4572 TCP_DUMP_PACKET("tcp_timer", mp);
4573
4574 (void) ipv4_tcp_output(sock_id, mp);
4575 freeb(mp);
4576
4577 /*
4578 * When slow start after retransmission begins, start with
4579 * this seq no. tcp_rexmit_max marks the end of special slow
4580 * start phase. tcp_snd_burst controls how many segments
4581 * can be sent because of an ack.
4582 */
4583 tcp->tcp_rexmit_nxt = tcp->tcp_suna;
4584 tcp->tcp_snd_burst = TCP_CWND_SS;
4585 if ((tcp->tcp_valid_bits & TCP_FSS_VALID) &&
4586 (tcp->tcp_unsent == 0)) {
4587 tcp->tcp_rexmit_max = tcp->tcp_fss;
4588 } else {
4589 tcp->tcp_rexmit_max = tcp->tcp_snxt;
4590 }
4591 tcp->tcp_rexmit = B_TRUE;
4592 tcp->tcp_dupack_cnt = 0;
4593
4594 /*
4595 * Remove all rexmit SACK blk to start from fresh.
4596 */
4597 if (tcp->tcp_snd_sack_ok && tcp->tcp_notsack_list != NULL) {
4598 TCP_NOTSACK_REMOVE_ALL(tcp->tcp_notsack_list);
4599 tcp->tcp_num_notsack_blk = 0;
4600 tcp->tcp_cnt_notsack_list = 0;
4601 }
4602 }
4603
4604 /*
4605 * The TCP normal data output path.
4606 * NOTE: the logic of the fast path is duplicated from this function.
4607 */
4608 static void
tcp_wput_data(tcp_t * tcp,mblk_t * mp,int sock_id)4609 tcp_wput_data(tcp_t *tcp, mblk_t *mp, int sock_id)
4610 {
4611 int len;
4612 mblk_t *local_time;
4613 mblk_t *mp1;
4614 uchar_t *rptr;
4615 uint32_t snxt;
4616 int tail_unsent;
4617 int tcpstate;
4618 int usable = 0;
4619 mblk_t *xmit_tail;
4620 int32_t num_burst_seg;
4621 int32_t mss;
4622 int32_t num_sack_blk = 0;
4623 int32_t tcp_hdr_len;
4624 ipaddr_t *dst;
4625 ipaddr_t *src;
4626
4627 #ifdef DEBUG
4628 printf("tcp_wput_data(%d) ##############################\n", sock_id);
4629 #endif
4630 tcpstate = tcp->tcp_state;
4631 if (mp == NULL) {
4632 /* Really tacky... but we need this for detached closes. */
4633 len = tcp->tcp_unsent;
4634 goto data_null;
4635 }
4636
4637 /*
4638 * Don't allow data after T_ORDREL_REQ or T_DISCON_REQ,
4639 * or before a connection attempt has begun.
4640 *
4641 * The following should not happen in inetboot....
4642 */
4643 if (tcpstate < TCPS_SYN_SENT || tcpstate > TCPS_CLOSE_WAIT ||
4644 (tcp->tcp_valid_bits & TCP_FSS_VALID) != 0) {
4645 if ((tcp->tcp_valid_bits & TCP_FSS_VALID) != 0) {
4646 printf("tcp_wput_data: data after ordrel, %s\n",
4647 tcp_display(tcp, NULL, DISP_ADDR_AND_PORT));
4648 }
4649 freemsg(mp);
4650 return;
4651 }
4652
4653 /* Strip empties */
4654 for (;;) {
4655 assert((uintptr_t)(mp->b_wptr - mp->b_rptr) <=
4656 (uintptr_t)INT_MAX);
4657 len = (int)(mp->b_wptr - mp->b_rptr);
4658 if (len > 0)
4659 break;
4660 mp1 = mp;
4661 mp = mp->b_cont;
4662 freeb(mp1);
4663 if (mp == NULL) {
4664 return;
4665 }
4666 }
4667
4668 /* If we are the first on the list ... */
4669 if (tcp->tcp_xmit_head == NULL) {
4670 tcp->tcp_xmit_head = mp;
4671 tcp->tcp_xmit_tail = mp;
4672 tcp->tcp_xmit_tail_unsent = len;
4673 } else {
4674 tcp->tcp_xmit_last->b_cont = mp;
4675 len += tcp->tcp_unsent;
4676 }
4677
4678 /* Tack on however many more positive length mblks we have */
4679 if ((mp1 = mp->b_cont) != NULL) {
4680 do {
4681 int tlen;
4682 assert((uintptr_t)(mp1->b_wptr -
4683 mp1->b_rptr) <= (uintptr_t)INT_MAX);
4684 tlen = (int)(mp1->b_wptr - mp1->b_rptr);
4685 if (tlen <= 0) {
4686 mp->b_cont = mp1->b_cont;
4687 freeb(mp1);
4688 } else {
4689 len += tlen;
4690 mp = mp1;
4691 }
4692 } while ((mp1 = mp->b_cont) != NULL);
4693 }
4694 tcp->tcp_xmit_last = mp;
4695 tcp->tcp_unsent = len;
4696
4697 data_null:
4698 snxt = tcp->tcp_snxt;
4699 xmit_tail = tcp->tcp_xmit_tail;
4700 tail_unsent = tcp->tcp_xmit_tail_unsent;
4701
4702 /*
4703 * Note that tcp_mss has been adjusted to take into account the
4704 * timestamp option if applicable. Because SACK options do not
4705 * appear in every TCP segments and they are of variable lengths,
4706 * they cannot be included in tcp_mss. Thus we need to calculate
4707 * the actual segment length when we need to send a segment which
4708 * includes SACK options.
4709 */
4710 if (tcp->tcp_snd_sack_ok && tcp->tcp_num_sack_blk > 0) {
4711 int32_t opt_len;
4712
4713 num_sack_blk = MIN(tcp->tcp_max_sack_blk,
4714 tcp->tcp_num_sack_blk);
4715 opt_len = num_sack_blk * sizeof (sack_blk_t) + TCPOPT_NOP_LEN *
4716 2 + TCPOPT_HEADER_LEN;
4717 mss = tcp->tcp_mss - opt_len;
4718 tcp_hdr_len = tcp->tcp_hdr_len + opt_len;
4719 } else {
4720 mss = tcp->tcp_mss;
4721 tcp_hdr_len = tcp->tcp_hdr_len;
4722 }
4723
4724 if ((tcp->tcp_suna == snxt) &&
4725 (prom_gettime() - tcp->tcp_last_recv_time) >= tcp->tcp_rto) {
4726 tcp->tcp_cwnd = MIN(tcp_slow_start_after_idle * mss,
4727 MIN(4 * mss, MAX(2 * mss, 4380 / mss * mss)));
4728 }
4729 if (tcpstate == TCPS_SYN_RCVD) {
4730 /*
4731 * The three-way connection establishment handshake is not
4732 * complete yet. We want to queue the data for transmission
4733 * after entering ESTABLISHED state (RFC793). Setting usable to
4734 * zero cause a jump to "done" label effectively leaving data
4735 * on the queue.
4736 */
4737
4738 usable = 0;
4739 } else {
4740 int usable_r = tcp->tcp_swnd;
4741
4742 /*
4743 * In the special case when cwnd is zero, which can only
4744 * happen if the connection is ECN capable, return now.
4745 * New segments is sent using tcp_timer(). The timer
4746 * is set in tcp_rput_data().
4747 */
4748 if (tcp->tcp_cwnd == 0) {
4749 /*
4750 * Note that tcp_cwnd is 0 before 3-way handshake is
4751 * finished.
4752 */
4753 assert(tcp->tcp_ecn_ok ||
4754 tcp->tcp_state < TCPS_ESTABLISHED);
4755 return;
4756 }
4757
4758 /* usable = MIN(swnd, cwnd) - unacked_bytes */
4759 if (usable_r > tcp->tcp_cwnd)
4760 usable_r = tcp->tcp_cwnd;
4761
4762 /* NOTE: trouble if xmitting while SYN not acked? */
4763 usable_r -= snxt;
4764 usable_r += tcp->tcp_suna;
4765
4766 /* usable = MIN(usable, unsent) */
4767 if (usable_r > len)
4768 usable_r = len;
4769
4770 /* usable = MAX(usable, {1 for urgent, 0 for data}) */
4771 if (usable_r != 0)
4772 usable = usable_r;
4773 }
4774
4775 /* use uintptr_t to suppress the gcc warning */
4776 local_time = (mblk_t *)(uintptr_t)prom_gettime();
4777
4778 /*
4779 * "Our" Nagle Algorithm. This is not the same as in the old
4780 * BSD. This is more in line with the true intent of Nagle.
4781 *
4782 * The conditions are:
4783 * 1. The amount of unsent data (or amount of data which can be
4784 * sent, whichever is smaller) is less than Nagle limit.
4785 * 2. The last sent size is also less than Nagle limit.
4786 * 3. There is unack'ed data.
4787 * 4. Urgent pointer is not set. Send urgent data ignoring the
4788 * Nagle algorithm. This reduces the probability that urgent
4789 * bytes get "merged" together.
4790 * 5. The app has not closed the connection. This eliminates the
4791 * wait time of the receiving side waiting for the last piece of
4792 * (small) data.
4793 *
4794 * If all are satisified, exit without sending anything. Note
4795 * that Nagle limit can be smaller than 1 MSS. Nagle limit is
4796 * the smaller of 1 MSS and global tcp_naglim_def (default to be
4797 * 4095).
4798 */
4799 if (usable < (int)tcp->tcp_naglim &&
4800 tcp->tcp_naglim > tcp->tcp_last_sent_len &&
4801 snxt != tcp->tcp_suna &&
4802 !(tcp->tcp_valid_bits & TCP_URG_VALID))
4803 goto done;
4804
4805 num_burst_seg = tcp->tcp_snd_burst;
4806 for (;;) {
4807 tcph_t *tcph;
4808 mblk_t *new_mp;
4809
4810 if (num_burst_seg-- == 0)
4811 goto done;
4812
4813 len = mss;
4814 if (len > usable) {
4815 len = usable;
4816 if (len <= 0) {
4817 /* Terminate the loop */
4818 goto done;
4819 }
4820 /*
4821 * Sender silly-window avoidance.
4822 * Ignore this if we are going to send a
4823 * zero window probe out.
4824 *
4825 * TODO: force data into microscopic window ??
4826 * ==> (!pushed || (unsent > usable))
4827 */
4828 if (len < (tcp->tcp_max_swnd >> 1) &&
4829 (tcp->tcp_unsent - (snxt - tcp->tcp_snxt)) > len &&
4830 !((tcp->tcp_valid_bits & TCP_URG_VALID) &&
4831 len == 1) && (! tcp->tcp_zero_win_probe)) {
4832 /*
4833 * If the retransmit timer is not running
4834 * we start it so that we will retransmit
4835 * in the case when the the receiver has
4836 * decremented the window.
4837 */
4838 if (snxt == tcp->tcp_snxt &&
4839 snxt == tcp->tcp_suna) {
4840 /*
4841 * We are not supposed to send
4842 * anything. So let's wait a little
4843 * bit longer before breaking SWS
4844 * avoidance.
4845 *
4846 * What should the value be?
4847 * Suggestion: MAX(init rexmit time,
4848 * tcp->tcp_rto)
4849 */
4850 TCP_TIMER_RESTART(tcp, tcp->tcp_rto);
4851 }
4852 goto done;
4853 }
4854 }
4855
4856 tcph = tcp->tcp_tcph;
4857
4858 usable -= len; /* Approximate - can be adjusted later */
4859 if (usable > 0)
4860 tcph->th_flags[0] = TH_ACK;
4861 else
4862 tcph->th_flags[0] = (TH_ACK | TH_PUSH);
4863
4864 U32_TO_ABE32(snxt, tcph->th_seq);
4865
4866 if (tcp->tcp_valid_bits) {
4867 uchar_t *prev_rptr = xmit_tail->b_rptr;
4868 uint32_t prev_snxt = tcp->tcp_snxt;
4869
4870 if (tail_unsent == 0) {
4871 assert(xmit_tail->b_cont != NULL);
4872 xmit_tail = xmit_tail->b_cont;
4873 prev_rptr = xmit_tail->b_rptr;
4874 tail_unsent = (int)(xmit_tail->b_wptr -
4875 xmit_tail->b_rptr);
4876 } else {
4877 xmit_tail->b_rptr = xmit_tail->b_wptr -
4878 tail_unsent;
4879 }
4880 mp = tcp_xmit_mp(tcp, xmit_tail, len, NULL, NULL,
4881 snxt, B_FALSE, (uint32_t *)&len, B_FALSE);
4882 /* Restore tcp_snxt so we get amount sent right. */
4883 tcp->tcp_snxt = prev_snxt;
4884 if (prev_rptr == xmit_tail->b_rptr)
4885 xmit_tail->b_prev = local_time;
4886 else
4887 xmit_tail->b_rptr = prev_rptr;
4888
4889 if (mp == NULL)
4890 break;
4891
4892 mp1 = mp->b_cont;
4893
4894 snxt += len;
4895 tcp->tcp_last_sent_len = (ushort_t)len;
4896 while (mp1->b_cont) {
4897 xmit_tail = xmit_tail->b_cont;
4898 xmit_tail->b_prev = local_time;
4899 mp1 = mp1->b_cont;
4900 }
4901 tail_unsent = xmit_tail->b_wptr - mp1->b_wptr;
4902 BUMP_MIB(tcp_mib.tcpOutDataSegs);
4903 UPDATE_MIB(tcp_mib.tcpOutDataBytes, len);
4904 /* Dump the packet when debugging. */
4905 TCP_DUMP_PACKET("tcp_wput_data (valid bits)", mp);
4906 (void) ipv4_tcp_output(sock_id, mp);
4907 freeb(mp);
4908 continue;
4909 }
4910
4911 snxt += len; /* Adjust later if we don't send all of len */
4912 BUMP_MIB(tcp_mib.tcpOutDataSegs);
4913 UPDATE_MIB(tcp_mib.tcpOutDataBytes, len);
4914
4915 if (tail_unsent) {
4916 /* Are the bytes above us in flight? */
4917 rptr = xmit_tail->b_wptr - tail_unsent;
4918 if (rptr != xmit_tail->b_rptr) {
4919 tail_unsent -= len;
4920 len += tcp_hdr_len;
4921 tcp->tcp_ipha->ip_len = htons(len);
4922 mp = dupb(xmit_tail);
4923 if (!mp)
4924 break;
4925 mp->b_rptr = rptr;
4926 goto must_alloc;
4927 }
4928 } else {
4929 xmit_tail = xmit_tail->b_cont;
4930 assert((uintptr_t)(xmit_tail->b_wptr -
4931 xmit_tail->b_rptr) <= (uintptr_t)INT_MAX);
4932 tail_unsent = (int)(xmit_tail->b_wptr -
4933 xmit_tail->b_rptr);
4934 }
4935
4936 tail_unsent -= len;
4937 tcp->tcp_last_sent_len = (ushort_t)len;
4938
4939 len += tcp_hdr_len;
4940 if (tcp->tcp_ipversion == IPV4_VERSION)
4941 tcp->tcp_ipha->ip_len = htons(len);
4942
4943 xmit_tail->b_prev = local_time;
4944
4945 mp = dupb(xmit_tail);
4946 if (mp == NULL)
4947 goto out_of_mem;
4948
4949 len = tcp_hdr_len;
4950 /*
4951 * There are four reasons to allocate a new hdr mblk:
4952 * 1) The bytes above us are in use by another packet
4953 * 2) We don't have good alignment
4954 * 3) The mblk is being shared
4955 * 4) We don't have enough room for a header
4956 */
4957 rptr = mp->b_rptr - len;
4958 if (!OK_32PTR(rptr) ||
4959 rptr < mp->b_datap) {
4960 /* NOTE: we assume allocb returns an OK_32PTR */
4961
4962 must_alloc:;
4963 mp1 = allocb(tcp->tcp_ip_hdr_len + TCP_MAX_HDR_LENGTH +
4964 tcp_wroff_xtra, 0);
4965 if (mp1 == NULL) {
4966 freemsg(mp);
4967 goto out_of_mem;
4968 }
4969 mp1->b_cont = mp;
4970 mp = mp1;
4971 /* Leave room for Link Level header */
4972 len = tcp_hdr_len;
4973 rptr = &mp->b_rptr[tcp_wroff_xtra];
4974 mp->b_wptr = &rptr[len];
4975 }
4976
4977 if (tcp->tcp_snd_ts_ok) {
4978 /* use uintptr_t to suppress the gcc warning */
4979 U32_TO_BE32((uint32_t)(uintptr_t)local_time,
4980 (char *)tcph+TCP_MIN_HEADER_LENGTH+4);
4981 U32_TO_BE32(tcp->tcp_ts_recent,
4982 (char *)tcph+TCP_MIN_HEADER_LENGTH+8);
4983 } else {
4984 assert(tcp->tcp_tcp_hdr_len == TCP_MIN_HEADER_LENGTH);
4985 }
4986
4987 mp->b_rptr = rptr;
4988
4989 /* Copy the template header. */
4990 dst = (ipaddr_t *)rptr;
4991 src = (ipaddr_t *)tcp->tcp_iphc;
4992 dst[0] = src[0];
4993 dst[1] = src[1];
4994 dst[2] = src[2];
4995 dst[3] = src[3];
4996 dst[4] = src[4];
4997 dst[5] = src[5];
4998 dst[6] = src[6];
4999 dst[7] = src[7];
5000 dst[8] = src[8];
5001 dst[9] = src[9];
5002 len = tcp->tcp_hdr_len;
5003 if (len -= 40) {
5004 len >>= 2;
5005 dst += 10;
5006 src += 10;
5007 do {
5008 *dst++ = *src++;
5009 } while (--len);
5010 }
5011
5012 /*
5013 * Set tcph to point to the header of the outgoing packet,
5014 * not to the template header.
5015 */
5016 tcph = (tcph_t *)(rptr + tcp->tcp_ip_hdr_len);
5017
5018 /*
5019 * Set the ECN info in the TCP header if it is not a zero
5020 * window probe. Zero window probe is only sent in
5021 * tcp_wput_data() and tcp_timer().
5022 */
5023 if (tcp->tcp_ecn_ok && !tcp->tcp_zero_win_probe) {
5024 SET_ECT(tcp, rptr);
5025
5026 if (tcp->tcp_ecn_echo_on)
5027 tcph->th_flags[0] |= TH_ECE;
5028 if (tcp->tcp_cwr && !tcp->tcp_ecn_cwr_sent) {
5029 tcph->th_flags[0] |= TH_CWR;
5030 tcp->tcp_ecn_cwr_sent = B_TRUE;
5031 }
5032 }
5033
5034 /* Fill in SACK options */
5035 if (num_sack_blk > 0) {
5036 uchar_t *wptr = rptr + tcp->tcp_hdr_len;
5037 sack_blk_t *tmp;
5038 int32_t i;
5039
5040 wptr[0] = TCPOPT_NOP;
5041 wptr[1] = TCPOPT_NOP;
5042 wptr[2] = TCPOPT_SACK;
5043 wptr[3] = TCPOPT_HEADER_LEN + num_sack_blk *
5044 sizeof (sack_blk_t);
5045 wptr += TCPOPT_REAL_SACK_LEN;
5046
5047 tmp = tcp->tcp_sack_list;
5048 for (i = 0; i < num_sack_blk; i++) {
5049 U32_TO_BE32(tmp[i].begin, wptr);
5050 wptr += sizeof (tcp_seq);
5051 U32_TO_BE32(tmp[i].end, wptr);
5052 wptr += sizeof (tcp_seq);
5053 }
5054 tcph->th_offset_and_rsrvd[0] += ((num_sack_blk * 2 + 1)
5055 << 4);
5056 }
5057
5058 if (tail_unsent) {
5059 mp1 = mp->b_cont;
5060 if (mp1 == NULL)
5061 mp1 = mp;
5062 /*
5063 * If we're a little short, tack on more mblks
5064 * as long as we don't need to split an mblk.
5065 */
5066 while (tail_unsent < 0 &&
5067 tail_unsent + (int)(xmit_tail->b_cont->b_wptr -
5068 xmit_tail->b_cont->b_rptr) <= 0) {
5069 xmit_tail = xmit_tail->b_cont;
5070 /* Stash for rtt use later */
5071 xmit_tail->b_prev = local_time;
5072 mp1->b_cont = dupb(xmit_tail);
5073 mp1 = mp1->b_cont;
5074 assert((uintptr_t)(xmit_tail->b_wptr -
5075 xmit_tail->b_rptr) <= (uintptr_t)INT_MAX);
5076 tail_unsent += (int)(xmit_tail->b_wptr -
5077 xmit_tail->b_rptr);
5078 if (mp1 == NULL) {
5079 freemsg(mp);
5080 goto out_of_mem;
5081 }
5082 }
5083 /* Trim back any surplus on the last mblk */
5084 if (tail_unsent > 0)
5085 mp1->b_wptr -= tail_unsent;
5086 if (tail_unsent < 0) {
5087 uint32_t ip_len;
5088
5089 /*
5090 * We did not send everything we could in
5091 * order to preserve mblk boundaries.
5092 */
5093 usable -= tail_unsent;
5094 snxt += tail_unsent;
5095 tcp->tcp_last_sent_len += tail_unsent;
5096 UPDATE_MIB(tcp_mib.tcpOutDataBytes,
5097 tail_unsent);
5098 /* Adjust the IP length field. */
5099 ip_len = ntohs(((struct ip *)rptr)->ip_len) +
5100 tail_unsent;
5101 ((struct ip *)rptr)->ip_len = htons(ip_len);
5102 tail_unsent = 0;
5103 }
5104 }
5105
5106 if (mp == NULL)
5107 goto out_of_mem;
5108
5109 /*
5110 * Performance hit! We need to pullup the whole message
5111 * in order to do checksum and for the MAC output routine.
5112 */
5113 if (mp->b_cont != NULL) {
5114 int mp_size;
5115 #ifdef DEBUG
5116 printf("Multiple mblk %d\n", msgdsize(mp));
5117 #endif
5118 new_mp = allocb(msgdsize(mp) + tcp_wroff_xtra, 0);
5119 new_mp->b_rptr += tcp_wroff_xtra;
5120 new_mp->b_wptr = new_mp->b_rptr;
5121 while (mp != NULL) {
5122 mp_size = mp->b_wptr - mp->b_rptr;
5123 bcopy(mp->b_rptr, new_mp->b_wptr, mp_size);
5124 new_mp->b_wptr += mp_size;
5125 mp = mp->b_cont;
5126 }
5127 freemsg(mp);
5128 mp = new_mp;
5129 }
5130 tcp_set_cksum(mp);
5131 ((struct ip *)mp->b_rptr)->ip_ttl = (uint8_t)tcp_ipv4_ttl;
5132 TCP_DUMP_PACKET("tcp_wput_data", mp);
5133 (void) ipv4_tcp_output(sock_id, mp);
5134 freemsg(mp);
5135 }
5136 out_of_mem:;
5137 /* Pretend that all we were trying to send really got sent */
5138 if (tail_unsent < 0) {
5139 do {
5140 xmit_tail = xmit_tail->b_cont;
5141 xmit_tail->b_prev = local_time;
5142 assert((uintptr_t)(xmit_tail->b_wptr -
5143 xmit_tail->b_rptr) <= (uintptr_t)INT_MAX);
5144 tail_unsent += (int)(xmit_tail->b_wptr -
5145 xmit_tail->b_rptr);
5146 } while (tail_unsent < 0);
5147 }
5148 done:;
5149 tcp->tcp_xmit_tail = xmit_tail;
5150 tcp->tcp_xmit_tail_unsent = tail_unsent;
5151 len = tcp->tcp_snxt - snxt;
5152 if (len) {
5153 /*
5154 * If new data was sent, need to update the notsack
5155 * list, which is, afterall, data blocks that have
5156 * not been sack'ed by the receiver. New data is
5157 * not sack'ed.
5158 */
5159 if (tcp->tcp_snd_sack_ok && tcp->tcp_notsack_list != NULL) {
5160 /* len is a negative value. */
5161 tcp->tcp_pipe -= len;
5162 tcp_notsack_update(&(tcp->tcp_notsack_list),
5163 tcp->tcp_snxt, snxt,
5164 &(tcp->tcp_num_notsack_blk),
5165 &(tcp->tcp_cnt_notsack_list));
5166 }
5167 tcp->tcp_snxt = snxt + tcp->tcp_fin_sent;
5168 tcp->tcp_rack = tcp->tcp_rnxt;
5169 tcp->tcp_rack_cnt = 0;
5170 if ((snxt + len) == tcp->tcp_suna) {
5171 TCP_TIMER_RESTART(tcp, tcp->tcp_rto);
5172 }
5173 /*
5174 * Note that len is the amount we just sent but with a negative
5175 * sign. We update tcp_unsent here since we may come back to
5176 * tcp_wput_data from tcp_state_wait.
5177 */
5178 len += tcp->tcp_unsent;
5179 tcp->tcp_unsent = len;
5180
5181 /*
5182 * Let's wait till all the segments have been acked, since we
5183 * don't have a timer.
5184 */
5185 (void) tcp_state_wait(sock_id, tcp, TCPS_ALL_ACKED);
5186 return;
5187 } else if (snxt == tcp->tcp_suna && tcp->tcp_swnd == 0) {
5188 /*
5189 * Didn't send anything. Make sure the timer is running
5190 * so that we will probe a zero window.
5191 */
5192 TCP_TIMER_RESTART(tcp, tcp->tcp_rto);
5193 }
5194
5195 /* Note that len is the amount we just sent but with a negative sign */
5196 len += tcp->tcp_unsent;
5197 tcp->tcp_unsent = len;
5198
5199 }
5200
5201 static void
tcp_time_wait_processing(tcp_t * tcp,mblk_t * mp,uint32_t seg_seq,uint32_t seg_ack,int seg_len,tcph_t * tcph,int sock_id)5202 tcp_time_wait_processing(tcp_t *tcp, mblk_t *mp,
5203 uint32_t seg_seq, uint32_t seg_ack, int seg_len, tcph_t *tcph,
5204 int sock_id)
5205 {
5206 int32_t bytes_acked;
5207 int32_t gap;
5208 int32_t rgap;
5209 tcp_opt_t tcpopt;
5210 uint_t flags;
5211 uint32_t new_swnd = 0;
5212
5213 #ifdef DEBUG
5214 printf("Time wait processing called ###############3\n");
5215 #endif
5216
5217 /* Just make sure we send the right sock_id to tcp_clean_death */
5218 if ((sockets[sock_id].pcb == NULL) || (sockets[sock_id].pcb != tcp))
5219 sock_id = -1;
5220
5221 flags = (unsigned int)tcph->th_flags[0] & 0xFF;
5222 new_swnd = BE16_TO_U16(tcph->th_win) <<
5223 ((tcph->th_flags[0] & TH_SYN) ? 0 : tcp->tcp_snd_ws);
5224 if (tcp->tcp_snd_ts_ok) {
5225 if (!tcp_paws_check(tcp, tcph, &tcpopt)) {
5226 freemsg(mp);
5227 tcp_xmit_ctl(NULL, tcp, NULL, tcp->tcp_snxt,
5228 tcp->tcp_rnxt, TH_ACK, 0, -1);
5229 return;
5230 }
5231 }
5232 gap = seg_seq - tcp->tcp_rnxt;
5233 rgap = tcp->tcp_rwnd - (gap + seg_len);
5234 if (gap < 0) {
5235 BUMP_MIB(tcp_mib.tcpInDataDupSegs);
5236 UPDATE_MIB(tcp_mib.tcpInDataDupBytes,
5237 (seg_len > -gap ? -gap : seg_len));
5238 seg_len += gap;
5239 if (seg_len < 0 || (seg_len == 0 && !(flags & TH_FIN))) {
5240 if (flags & TH_RST) {
5241 freemsg(mp);
5242 return;
5243 }
5244 if ((flags & TH_FIN) && seg_len == -1) {
5245 /*
5246 * When TCP receives a duplicate FIN in
5247 * TIME_WAIT state, restart the 2 MSL timer.
5248 * See page 73 in RFC 793. Make sure this TCP
5249 * is already on the TIME_WAIT list. If not,
5250 * just restart the timer.
5251 */
5252 tcp_time_wait_remove(tcp);
5253 tcp_time_wait_append(tcp);
5254 TCP_TIMER_RESTART(tcp, tcp_time_wait_interval);
5255 tcp_xmit_ctl(NULL, tcp, NULL, tcp->tcp_snxt,
5256 tcp->tcp_rnxt, TH_ACK, 0, -1);
5257 freemsg(mp);
5258 return;
5259 }
5260 flags |= TH_ACK_NEEDED;
5261 seg_len = 0;
5262 goto process_ack;
5263 }
5264
5265 /* Fix seg_seq, and chew the gap off the front. */
5266 seg_seq = tcp->tcp_rnxt;
5267 }
5268
5269 if ((flags & TH_SYN) && gap > 0 && rgap < 0) {
5270 /*
5271 * Make sure that when we accept the connection, pick
5272 * an ISS greater than (tcp_snxt + ISS_INCR/2) for the
5273 * old connection.
5274 *
5275 * The next ISS generated is equal to tcp_iss_incr_extra
5276 * + ISS_INCR/2 + other components depending on the
5277 * value of tcp_strong_iss. We pre-calculate the new
5278 * ISS here and compare with tcp_snxt to determine if
5279 * we need to make adjustment to tcp_iss_incr_extra.
5280 *
5281 * Note that since we are now in the global queue
5282 * perimeter and need to do a lateral_put() to the
5283 * listener queue, there can be other connection requests/
5284 * attempts while the lateral_put() is going on. That
5285 * means what we calculate here may not be correct. This
5286 * is extremely difficult to solve unless TCP and IP
5287 * modules are merged and there is no perimeter, but just
5288 * locks. The above calculation is ugly and is a
5289 * waste of CPU cycles...
5290 */
5291 uint32_t new_iss = tcp_iss_incr_extra;
5292 int32_t adj;
5293
5294 /* Add time component and min random (i.e. 1). */
5295 new_iss += (prom_gettime() >> ISS_NSEC_SHT) + 1;
5296 if ((adj = (int32_t)(tcp->tcp_snxt - new_iss)) > 0) {
5297 /*
5298 * New ISS not guaranteed to be ISS_INCR/2
5299 * ahead of the current tcp_snxt, so add the
5300 * difference to tcp_iss_incr_extra.
5301 */
5302 tcp_iss_incr_extra += adj;
5303 }
5304 tcp_clean_death(sock_id, tcp, 0);
5305
5306 /*
5307 * This is a passive open. Right now we do not
5308 * do anything...
5309 */
5310 freemsg(mp);
5311 return;
5312 }
5313
5314 /*
5315 * rgap is the amount of stuff received out of window. A negative
5316 * value is the amount out of window.
5317 */
5318 if (rgap < 0) {
5319 BUMP_MIB(tcp_mib.tcpInDataPastWinSegs);
5320 UPDATE_MIB(tcp_mib.tcpInDataPastWinBytes, -rgap);
5321 /* Fix seg_len and make sure there is something left. */
5322 seg_len += rgap;
5323 if (seg_len <= 0) {
5324 if (flags & TH_RST) {
5325 freemsg(mp);
5326 return;
5327 }
5328 flags |= TH_ACK_NEEDED;
5329 seg_len = 0;
5330 goto process_ack;
5331 }
5332 }
5333 /*
5334 * Check whether we can update tcp_ts_recent. This test is
5335 * NOT the one in RFC 1323 3.4. It is from Braden, 1993, "TCP
5336 * Extensions for High Performance: An Update", Internet Draft.
5337 */
5338 if (tcp->tcp_snd_ts_ok &&
5339 TSTMP_GEQ(tcpopt.tcp_opt_ts_val, tcp->tcp_ts_recent) &&
5340 SEQ_LEQ(seg_seq, tcp->tcp_rack)) {
5341 tcp->tcp_ts_recent = tcpopt.tcp_opt_ts_val;
5342 tcp->tcp_last_rcv_lbolt = prom_gettime();
5343 }
5344
5345 if (seg_seq != tcp->tcp_rnxt && seg_len > 0) {
5346 /* Always ack out of order packets */
5347 flags |= TH_ACK_NEEDED;
5348 seg_len = 0;
5349 } else if (seg_len > 0) {
5350 BUMP_MIB(tcp_mib.tcpInDataInorderSegs);
5351 UPDATE_MIB(tcp_mib.tcpInDataInorderBytes, seg_len);
5352 }
5353 if (flags & TH_RST) {
5354 freemsg(mp);
5355 (void) tcp_clean_death(sock_id, tcp, 0);
5356 return;
5357 }
5358 if (flags & TH_SYN) {
5359 freemsg(mp);
5360 tcp_xmit_ctl("TH_SYN", tcp, NULL, seg_ack, seg_seq + 1,
5361 TH_RST|TH_ACK, 0, -1);
5362 /*
5363 * Do not delete the TCP structure if it is in
5364 * TIME_WAIT state. Refer to RFC 1122, 4.2.2.13.
5365 */
5366 return;
5367 }
5368 process_ack:
5369 if (flags & TH_ACK) {
5370 bytes_acked = (int)(seg_ack - tcp->tcp_suna);
5371 if (bytes_acked <= 0) {
5372 if (bytes_acked == 0 && seg_len == 0 &&
5373 new_swnd == tcp->tcp_swnd)
5374 BUMP_MIB(tcp_mib.tcpInDupAck);
5375 } else {
5376 /* Acks something not sent */
5377 flags |= TH_ACK_NEEDED;
5378 }
5379 }
5380 freemsg(mp);
5381 if (flags & TH_ACK_NEEDED) {
5382 /*
5383 * Time to send an ack for some reason.
5384 */
5385 tcp_xmit_ctl(NULL, tcp, NULL, tcp->tcp_snxt,
5386 tcp->tcp_rnxt, TH_ACK, 0, -1);
5387 }
5388 }
5389
5390 static int
tcp_init_values(tcp_t * tcp,struct inetboot_socket * isp)5391 tcp_init_values(tcp_t *tcp, struct inetboot_socket *isp)
5392 {
5393 int err;
5394
5395 tcp->tcp_family = AF_INET;
5396 tcp->tcp_ipversion = IPV4_VERSION;
5397
5398 /*
5399 * Initialize tcp_rtt_sa and tcp_rtt_sd so that the calculated RTO
5400 * will be close to tcp_rexmit_interval_initial. By doing this, we
5401 * allow the algorithm to adjust slowly to large fluctuations of RTT
5402 * during first few transmissions of a connection as seen in slow
5403 * links.
5404 */
5405 tcp->tcp_rtt_sa = tcp_rexmit_interval_initial << 2;
5406 tcp->tcp_rtt_sd = tcp_rexmit_interval_initial >> 1;
5407 tcp->tcp_rto = (tcp->tcp_rtt_sa >> 3) + tcp->tcp_rtt_sd +
5408 tcp_rexmit_interval_extra + (tcp->tcp_rtt_sa >> 5) +
5409 tcp_conn_grace_period;
5410 if (tcp->tcp_rto < tcp_rexmit_interval_min)
5411 tcp->tcp_rto = tcp_rexmit_interval_min;
5412 tcp->tcp_timer_backoff = 0;
5413 tcp->tcp_ms_we_have_waited = 0;
5414 tcp->tcp_last_recv_time = prom_gettime();
5415 tcp->tcp_cwnd_max = tcp_cwnd_max_;
5416 tcp->tcp_snd_burst = TCP_CWND_INFINITE;
5417 tcp->tcp_cwnd_ssthresh = TCP_MAX_LARGEWIN;
5418 /* For Ethernet, the mtu returned is actually 1550... */
5419 if (mac_get_type() == IFT_ETHER) {
5420 tcp->tcp_if_mtu = mac_get_mtu() - 50;
5421 } else {
5422 tcp->tcp_if_mtu = mac_get_mtu();
5423 }
5424 tcp->tcp_mss = tcp->tcp_if_mtu;
5425
5426 tcp->tcp_first_timer_threshold = tcp_ip_notify_interval;
5427 tcp->tcp_first_ctimer_threshold = tcp_ip_notify_cinterval;
5428 tcp->tcp_second_timer_threshold = tcp_ip_abort_interval;
5429 /*
5430 * Fix it to tcp_ip_abort_linterval later if it turns out to be a
5431 * passive open.
5432 */
5433 tcp->tcp_second_ctimer_threshold = tcp_ip_abort_cinterval;
5434
5435 tcp->tcp_naglim = tcp_naglim_def;
5436
5437 /* NOTE: ISS is now set in tcp_adapt_ire(). */
5438
5439 /* Initialize the header template */
5440 if (tcp->tcp_ipversion == IPV4_VERSION) {
5441 err = tcp_header_init_ipv4(tcp);
5442 }
5443 if (err)
5444 return (err);
5445
5446 /*
5447 * Init the window scale to the max so tcp_rwnd_set() won't pare
5448 * down tcp_rwnd. tcp_adapt_ire() will set the right value later.
5449 */
5450 tcp->tcp_rcv_ws = TCP_MAX_WINSHIFT;
5451 tcp->tcp_xmit_lowater = tcp_xmit_lowat;
5452 if (isp != NULL) {
5453 tcp->tcp_xmit_hiwater = isp->so_sndbuf;
5454 tcp->tcp_rwnd = isp->so_rcvbuf;
5455 tcp->tcp_rwnd_max = isp->so_rcvbuf;
5456 }
5457 tcp->tcp_state = TCPS_IDLE;
5458 return (0);
5459 }
5460
5461 /*
5462 * Initialize the IPv4 header. Loses any record of any IP options.
5463 */
5464 static int
tcp_header_init_ipv4(tcp_t * tcp)5465 tcp_header_init_ipv4(tcp_t *tcp)
5466 {
5467 tcph_t *tcph;
5468
5469 /*
5470 * This is a simple initialization. If there's
5471 * already a template, it should never be too small,
5472 * so reuse it. Otherwise, allocate space for the new one.
5473 */
5474 if (tcp->tcp_iphc != NULL) {
5475 assert(tcp->tcp_iphc_len >= TCP_MAX_COMBINED_HEADER_LENGTH);
5476 bzero(tcp->tcp_iphc, tcp->tcp_iphc_len);
5477 } else {
5478 tcp->tcp_iphc_len = TCP_MAX_COMBINED_HEADER_LENGTH;
5479 tcp->tcp_iphc = bkmem_zalloc(tcp->tcp_iphc_len);
5480 if (tcp->tcp_iphc == NULL) {
5481 tcp->tcp_iphc_len = 0;
5482 return (ENOMEM);
5483 }
5484 }
5485 tcp->tcp_ipha = (struct ip *)tcp->tcp_iphc;
5486 tcp->tcp_ipversion = IPV4_VERSION;
5487
5488 /*
5489 * Note that it does not include TCP options yet. It will
5490 * after the connection is established.
5491 */
5492 tcp->tcp_hdr_len = sizeof (struct ip) + sizeof (tcph_t);
5493 tcp->tcp_tcp_hdr_len = sizeof (tcph_t);
5494 tcp->tcp_ip_hdr_len = sizeof (struct ip);
5495 tcp->tcp_ipha->ip_v = IP_VERSION;
5496 /* We don't support IP options... */
5497 tcp->tcp_ipha->ip_hl = IP_SIMPLE_HDR_LENGTH_IN_WORDS;
5498 tcp->tcp_ipha->ip_p = IPPROTO_TCP;
5499 /* We are not supposed to do PMTU discovery... */
5500 tcp->tcp_ipha->ip_sum = 0;
5501
5502 tcph = (tcph_t *)(tcp->tcp_iphc + sizeof (struct ip));
5503 tcp->tcp_tcph = tcph;
5504 tcph->th_offset_and_rsrvd[0] = (5 << 4);
5505 return (0);
5506 }
5507
5508 /*
5509 * Send out a control packet on the tcp connection specified. This routine
5510 * is typically called where we need a simple ACK or RST generated.
5511 *
5512 * This function is called with or without a mp.
5513 */
5514 static void
tcp_xmit_ctl(char * str,tcp_t * tcp,mblk_t * mp,uint32_t seq,uint32_t ack,int ctl,uint_t ip_hdr_len,int sock_id)5515 tcp_xmit_ctl(char *str, tcp_t *tcp, mblk_t *mp, uint32_t seq,
5516 uint32_t ack, int ctl, uint_t ip_hdr_len, int sock_id)
5517 {
5518 uchar_t *rptr;
5519 tcph_t *tcph;
5520 struct ip *iph = NULL;
5521 int tcp_hdr_len;
5522 int tcp_ip_hdr_len;
5523
5524 tcp_hdr_len = tcp->tcp_hdr_len;
5525 tcp_ip_hdr_len = tcp->tcp_ip_hdr_len;
5526
5527 if (mp) {
5528 assert(ip_hdr_len != 0);
5529 rptr = mp->b_rptr;
5530 tcph = (tcph_t *)(rptr + ip_hdr_len);
5531 /* Don't reply to a RST segment. */
5532 if (tcph->th_flags[0] & TH_RST) {
5533 freeb(mp);
5534 return;
5535 }
5536 freemsg(mp);
5537 rptr = NULL;
5538 } else {
5539 assert(ip_hdr_len == 0);
5540 }
5541 /* If a text string is passed in with the request, print it out. */
5542 if (str != NULL) {
5543 dprintf("tcp_xmit_ctl(%d): '%s', seq 0x%x, ack 0x%x, "
5544 "ctl 0x%x\n", sock_id, str, seq, ack, ctl);
5545 }
5546 mp = allocb(tcp_ip_hdr_len + TCP_MAX_HDR_LENGTH + tcp_wroff_xtra, 0);
5547 if (mp == NULL) {
5548 dprintf("tcp_xmit_ctl(%d): Cannot allocate memory\n", sock_id);
5549 return;
5550 }
5551 rptr = &mp->b_rptr[tcp_wroff_xtra];
5552 mp->b_rptr = rptr;
5553 mp->b_wptr = &rptr[tcp_hdr_len];
5554 bcopy(tcp->tcp_iphc, rptr, tcp_hdr_len);
5555
5556 iph = (struct ip *)rptr;
5557 iph->ip_len = htons(tcp_hdr_len);
5558
5559 tcph = (tcph_t *)&rptr[tcp_ip_hdr_len];
5560 tcph->th_flags[0] = (uint8_t)ctl;
5561 if (ctl & TH_RST) {
5562 BUMP_MIB(tcp_mib.tcpOutRsts);
5563 BUMP_MIB(tcp_mib.tcpOutControl);
5564 /*
5565 * Don't send TSopt w/ TH_RST packets per RFC 1323.
5566 */
5567 if (tcp->tcp_snd_ts_ok && tcp->tcp_state > TCPS_SYN_SENT) {
5568 mp->b_wptr = &rptr[tcp_hdr_len - TCPOPT_REAL_TS_LEN];
5569 *(mp->b_wptr) = TCPOPT_EOL;
5570 iph->ip_len = htons(tcp_hdr_len -
5571 TCPOPT_REAL_TS_LEN);
5572 tcph->th_offset_and_rsrvd[0] -= (3 << 4);
5573 }
5574 }
5575 if (ctl & TH_ACK) {
5576 uint32_t now = prom_gettime();
5577
5578 if (tcp->tcp_snd_ts_ok) {
5579 U32_TO_BE32(now,
5580 (char *)tcph+TCP_MIN_HEADER_LENGTH+4);
5581 U32_TO_BE32(tcp->tcp_ts_recent,
5582 (char *)tcph+TCP_MIN_HEADER_LENGTH+8);
5583 }
5584 tcp->tcp_rack = ack;
5585 tcp->tcp_rack_cnt = 0;
5586 BUMP_MIB(tcp_mib.tcpOutAck);
5587 }
5588 BUMP_MIB(tcp_mib.tcpOutSegs);
5589 U32_TO_BE32(seq, tcph->th_seq);
5590 U32_TO_BE32(ack, tcph->th_ack);
5591
5592 tcp_set_cksum(mp);
5593 iph->ip_ttl = (uint8_t)tcp_ipv4_ttl;
5594 TCP_DUMP_PACKET("tcp_xmit_ctl", mp);
5595 (void) ipv4_tcp_output(sock_id, mp);
5596 freeb(mp);
5597 }
5598
5599 /* Generate an ACK-only (no data) segment for a TCP endpoint */
5600 static mblk_t *
tcp_ack_mp(tcp_t * tcp)5601 tcp_ack_mp(tcp_t *tcp)
5602 {
5603 if (tcp->tcp_valid_bits) {
5604 /*
5605 * For the complex case where we have to send some
5606 * controls (FIN or SYN), let tcp_xmit_mp do it.
5607 * When sending an ACK-only segment (no data)
5608 * into a zero window, always set the seq number to
5609 * suna, since snxt will be extended past the window.
5610 * If we used snxt, the receiver might consider the ACK
5611 * unacceptable.
5612 */
5613 return (tcp_xmit_mp(tcp, NULL, 0, NULL, NULL,
5614 (tcp->tcp_zero_win_probe) ?
5615 tcp->tcp_suna :
5616 tcp->tcp_snxt, B_FALSE, NULL, B_FALSE));
5617 } else {
5618 /* Generate a simple ACK */
5619 uchar_t *rptr;
5620 tcph_t *tcph;
5621 mblk_t *mp1;
5622 int32_t tcp_hdr_len;
5623 int32_t num_sack_blk = 0;
5624 int32_t sack_opt_len;
5625
5626 /*
5627 * Allocate space for TCP + IP headers
5628 * and link-level header
5629 */
5630 if (tcp->tcp_snd_sack_ok && tcp->tcp_num_sack_blk > 0) {
5631 num_sack_blk = MIN(tcp->tcp_max_sack_blk,
5632 tcp->tcp_num_sack_blk);
5633 sack_opt_len = num_sack_blk * sizeof (sack_blk_t) +
5634 TCPOPT_NOP_LEN * 2 + TCPOPT_HEADER_LEN;
5635 tcp_hdr_len = tcp->tcp_hdr_len + sack_opt_len;
5636 } else {
5637 tcp_hdr_len = tcp->tcp_hdr_len;
5638 }
5639 mp1 = allocb(tcp_hdr_len + tcp_wroff_xtra, 0);
5640 if (mp1 == NULL)
5641 return (NULL);
5642
5643 /* copy in prototype TCP + IP header */
5644 rptr = mp1->b_rptr + tcp_wroff_xtra;
5645 mp1->b_rptr = rptr;
5646 mp1->b_wptr = rptr + tcp_hdr_len;
5647 bcopy(tcp->tcp_iphc, rptr, tcp->tcp_hdr_len);
5648
5649 tcph = (tcph_t *)&rptr[tcp->tcp_ip_hdr_len];
5650
5651 /*
5652 * Set the TCP sequence number.
5653 * When sending an ACK-only segment (no data)
5654 * into a zero window, always set the seq number to
5655 * suna, since snxt will be extended past the window.
5656 * If we used snxt, the receiver might consider the ACK
5657 * unacceptable.
5658 */
5659 U32_TO_ABE32((tcp->tcp_zero_win_probe) ?
5660 tcp->tcp_suna : tcp->tcp_snxt, tcph->th_seq);
5661
5662 /* Set up the TCP flag field. */
5663 tcph->th_flags[0] = (uchar_t)TH_ACK;
5664 if (tcp->tcp_ecn_echo_on)
5665 tcph->th_flags[0] |= TH_ECE;
5666
5667 tcp->tcp_rack = tcp->tcp_rnxt;
5668 tcp->tcp_rack_cnt = 0;
5669
5670 /* fill in timestamp option if in use */
5671 if (tcp->tcp_snd_ts_ok) {
5672 uint32_t llbolt = (uint32_t)prom_gettime();
5673
5674 U32_TO_BE32(llbolt,
5675 (char *)tcph+TCP_MIN_HEADER_LENGTH+4);
5676 U32_TO_BE32(tcp->tcp_ts_recent,
5677 (char *)tcph+TCP_MIN_HEADER_LENGTH+8);
5678 }
5679
5680 /* Fill in SACK options */
5681 if (num_sack_blk > 0) {
5682 uchar_t *wptr = (uchar_t *)tcph + tcp->tcp_tcp_hdr_len;
5683 sack_blk_t *tmp;
5684 int32_t i;
5685
5686 wptr[0] = TCPOPT_NOP;
5687 wptr[1] = TCPOPT_NOP;
5688 wptr[2] = TCPOPT_SACK;
5689 wptr[3] = TCPOPT_HEADER_LEN + num_sack_blk *
5690 sizeof (sack_blk_t);
5691 wptr += TCPOPT_REAL_SACK_LEN;
5692
5693 tmp = tcp->tcp_sack_list;
5694 for (i = 0; i < num_sack_blk; i++) {
5695 U32_TO_BE32(tmp[i].begin, wptr);
5696 wptr += sizeof (tcp_seq);
5697 U32_TO_BE32(tmp[i].end, wptr);
5698 wptr += sizeof (tcp_seq);
5699 }
5700 tcph->th_offset_and_rsrvd[0] += ((num_sack_blk * 2 + 1)
5701 << 4);
5702 }
5703
5704 ((struct ip *)rptr)->ip_len = htons(tcp_hdr_len);
5705 tcp_set_cksum(mp1);
5706 ((struct ip *)rptr)->ip_ttl = (uint8_t)tcp_ipv4_ttl;
5707 return (mp1);
5708 }
5709 }
5710
5711 /*
5712 * tcp_xmit_mp is called to return a pointer to an mblk chain complete with
5713 * ip and tcp header ready to pass down to IP. If the mp passed in is
5714 * non-NULL, then up to max_to_send bytes of data will be dup'ed off that
5715 * mblk. (If sendall is not set the dup'ing will stop at an mblk boundary
5716 * otherwise it will dup partial mblks.)
5717 * Otherwise, an appropriate ACK packet will be generated. This
5718 * routine is not usually called to send new data for the first time. It
5719 * is mostly called out of the timer for retransmits, and to generate ACKs.
5720 *
5721 * If offset is not NULL, the returned mblk chain's first mblk's b_rptr will
5722 * be adjusted by *offset. And after dupb(), the offset and the ending mblk
5723 * of the original mblk chain will be returned in *offset and *end_mp.
5724 */
5725 static mblk_t *
tcp_xmit_mp(tcp_t * tcp,mblk_t * mp,int32_t max_to_send,int32_t * offset,mblk_t ** end_mp,uint32_t seq,boolean_t sendall,uint32_t * seg_len,boolean_t rexmit)5726 tcp_xmit_mp(tcp_t *tcp, mblk_t *mp, int32_t max_to_send, int32_t *offset,
5727 mblk_t **end_mp, uint32_t seq, boolean_t sendall, uint32_t *seg_len,
5728 boolean_t rexmit)
5729 {
5730 int data_length;
5731 int32_t off = 0;
5732 uint_t flags;
5733 mblk_t *mp1;
5734 mblk_t *mp2;
5735 mblk_t *new_mp;
5736 uchar_t *rptr;
5737 tcph_t *tcph;
5738 int32_t num_sack_blk = 0;
5739 int32_t sack_opt_len = 0;
5740
5741 /* Allocate for our maximum TCP header + link-level */
5742 mp1 = allocb(tcp->tcp_ip_hdr_len + TCP_MAX_HDR_LENGTH +
5743 tcp_wroff_xtra, 0);
5744 if (mp1 == NULL)
5745 return (NULL);
5746 data_length = 0;
5747
5748 /*
5749 * Note that tcp_mss has been adjusted to take into account the
5750 * timestamp option if applicable. Because SACK options do not
5751 * appear in every TCP segments and they are of variable lengths,
5752 * they cannot be included in tcp_mss. Thus we need to calculate
5753 * the actual segment length when we need to send a segment which
5754 * includes SACK options.
5755 */
5756 if (tcp->tcp_snd_sack_ok && tcp->tcp_num_sack_blk > 0) {
5757 num_sack_blk = MIN(tcp->tcp_max_sack_blk,
5758 tcp->tcp_num_sack_blk);
5759 sack_opt_len = num_sack_blk * sizeof (sack_blk_t) +
5760 TCPOPT_NOP_LEN * 2 + TCPOPT_HEADER_LEN;
5761 if (max_to_send + sack_opt_len > tcp->tcp_mss)
5762 max_to_send -= sack_opt_len;
5763 }
5764
5765 if (offset != NULL) {
5766 off = *offset;
5767 /* We use offset as an indicator that end_mp is not NULL. */
5768 *end_mp = NULL;
5769 }
5770 for (mp2 = mp1; mp && data_length != max_to_send; mp = mp->b_cont) {
5771 /* This could be faster with cooperation from downstream */
5772 if (mp2 != mp1 && !sendall &&
5773 data_length + (int)(mp->b_wptr - mp->b_rptr) >
5774 max_to_send)
5775 /*
5776 * Don't send the next mblk since the whole mblk
5777 * does not fit.
5778 */
5779 break;
5780 mp2->b_cont = dupb(mp);
5781 mp2 = mp2->b_cont;
5782 if (mp2 == NULL) {
5783 freemsg(mp1);
5784 return (NULL);
5785 }
5786 mp2->b_rptr += off;
5787 assert((uintptr_t)(mp2->b_wptr - mp2->b_rptr) <=
5788 (uintptr_t)INT_MAX);
5789
5790 data_length += (int)(mp2->b_wptr - mp2->b_rptr);
5791 if (data_length > max_to_send) {
5792 mp2->b_wptr -= data_length - max_to_send;
5793 data_length = max_to_send;
5794 off = mp2->b_wptr - mp->b_rptr;
5795 break;
5796 } else {
5797 off = 0;
5798 }
5799 }
5800 if (offset != NULL) {
5801 *offset = off;
5802 *end_mp = mp;
5803 }
5804 if (seg_len != NULL) {
5805 *seg_len = data_length;
5806 }
5807
5808 rptr = mp1->b_rptr + tcp_wroff_xtra;
5809 mp1->b_rptr = rptr;
5810 mp1->b_wptr = rptr + tcp->tcp_hdr_len + sack_opt_len;
5811 bcopy(tcp->tcp_iphc, rptr, tcp->tcp_hdr_len);
5812 tcph = (tcph_t *)&rptr[tcp->tcp_ip_hdr_len];
5813 U32_TO_ABE32(seq, tcph->th_seq);
5814
5815 /*
5816 * Use tcp_unsent to determine if the PUSH bit should be used assumes
5817 * that this function was called from tcp_wput_data. Thus, when called
5818 * to retransmit data the setting of the PUSH bit may appear some
5819 * what random in that it might get set when it should not. This
5820 * should not pose any performance issues.
5821 */
5822 if (data_length != 0 && (tcp->tcp_unsent == 0 ||
5823 tcp->tcp_unsent == data_length)) {
5824 flags = TH_ACK | TH_PUSH;
5825 } else {
5826 flags = TH_ACK;
5827 }
5828
5829 if (tcp->tcp_ecn_ok) {
5830 if (tcp->tcp_ecn_echo_on)
5831 flags |= TH_ECE;
5832
5833 /*
5834 * Only set ECT bit and ECN_CWR if a segment contains new data.
5835 * There is no TCP flow control for non-data segments, and
5836 * only data segment is transmitted reliably.
5837 */
5838 if (data_length > 0 && !rexmit) {
5839 SET_ECT(tcp, rptr);
5840 if (tcp->tcp_cwr && !tcp->tcp_ecn_cwr_sent) {
5841 flags |= TH_CWR;
5842 tcp->tcp_ecn_cwr_sent = B_TRUE;
5843 }
5844 }
5845 }
5846
5847 if (tcp->tcp_valid_bits) {
5848 uint32_t u1;
5849
5850 if ((tcp->tcp_valid_bits & TCP_ISS_VALID) &&
5851 seq == tcp->tcp_iss) {
5852 uchar_t *wptr;
5853
5854 /*
5855 * Tack on the MSS option. It is always needed
5856 * for both active and passive open.
5857 */
5858 wptr = mp1->b_wptr;
5859 wptr[0] = TCPOPT_MAXSEG;
5860 wptr[1] = TCPOPT_MAXSEG_LEN;
5861 wptr += 2;
5862 /*
5863 * MSS option value should be interface MTU - MIN
5864 * TCP/IP header.
5865 */
5866 u1 = tcp->tcp_if_mtu - IP_SIMPLE_HDR_LENGTH -
5867 TCP_MIN_HEADER_LENGTH;
5868 U16_TO_BE16(u1, wptr);
5869 mp1->b_wptr = wptr + 2;
5870 /* Update the offset to cover the additional word */
5871 tcph->th_offset_and_rsrvd[0] += (1 << 4);
5872
5873 /*
5874 * Note that the following way of filling in
5875 * TCP options are not optimal. Some NOPs can
5876 * be saved. But there is no need at this time
5877 * to optimize it. When it is needed, we will
5878 * do it.
5879 */
5880 switch (tcp->tcp_state) {
5881 case TCPS_SYN_SENT:
5882 flags = TH_SYN;
5883
5884 if (tcp->tcp_snd_ws_ok) {
5885 wptr = mp1->b_wptr;
5886 wptr[0] = TCPOPT_NOP;
5887 wptr[1] = TCPOPT_WSCALE;
5888 wptr[2] = TCPOPT_WS_LEN;
5889 wptr[3] = (uchar_t)tcp->tcp_rcv_ws;
5890 mp1->b_wptr += TCPOPT_REAL_WS_LEN;
5891 tcph->th_offset_and_rsrvd[0] +=
5892 (1 << 4);
5893 }
5894
5895 if (tcp->tcp_snd_ts_ok) {
5896 uint32_t llbolt;
5897
5898 llbolt = prom_gettime();
5899 wptr = mp1->b_wptr;
5900 wptr[0] = TCPOPT_NOP;
5901 wptr[1] = TCPOPT_NOP;
5902 wptr[2] = TCPOPT_TSTAMP;
5903 wptr[3] = TCPOPT_TSTAMP_LEN;
5904 wptr += 4;
5905 U32_TO_BE32(llbolt, wptr);
5906 wptr += 4;
5907 assert(tcp->tcp_ts_recent == 0);
5908 U32_TO_BE32(0L, wptr);
5909 mp1->b_wptr += TCPOPT_REAL_TS_LEN;
5910 tcph->th_offset_and_rsrvd[0] +=
5911 (3 << 4);
5912 }
5913
5914 if (tcp->tcp_snd_sack_ok) {
5915 wptr = mp1->b_wptr;
5916 wptr[0] = TCPOPT_NOP;
5917 wptr[1] = TCPOPT_NOP;
5918 wptr[2] = TCPOPT_SACK_PERMITTED;
5919 wptr[3] = TCPOPT_SACK_OK_LEN;
5920 mp1->b_wptr += TCPOPT_REAL_SACK_OK_LEN;
5921 tcph->th_offset_and_rsrvd[0] +=
5922 (1 << 4);
5923 }
5924
5925 /*
5926 * Set up all the bits to tell other side
5927 * we are ECN capable.
5928 */
5929 if (tcp->tcp_ecn_ok) {
5930 flags |= (TH_ECE | TH_CWR);
5931 }
5932 break;
5933 case TCPS_SYN_RCVD:
5934 flags |= TH_SYN;
5935
5936 if (tcp->tcp_snd_ws_ok) {
5937 wptr = mp1->b_wptr;
5938 wptr[0] = TCPOPT_NOP;
5939 wptr[1] = TCPOPT_WSCALE;
5940 wptr[2] = TCPOPT_WS_LEN;
5941 wptr[3] = (uchar_t)tcp->tcp_rcv_ws;
5942 mp1->b_wptr += TCPOPT_REAL_WS_LEN;
5943 tcph->th_offset_and_rsrvd[0] += (1 << 4);
5944 }
5945
5946 if (tcp->tcp_snd_sack_ok) {
5947 wptr = mp1->b_wptr;
5948 wptr[0] = TCPOPT_NOP;
5949 wptr[1] = TCPOPT_NOP;
5950 wptr[2] = TCPOPT_SACK_PERMITTED;
5951 wptr[3] = TCPOPT_SACK_OK_LEN;
5952 mp1->b_wptr += TCPOPT_REAL_SACK_OK_LEN;
5953 tcph->th_offset_and_rsrvd[0] +=
5954 (1 << 4);
5955 }
5956
5957 /*
5958 * If the other side is ECN capable, reply
5959 * that we are also ECN capable.
5960 */
5961 if (tcp->tcp_ecn_ok) {
5962 flags |= TH_ECE;
5963 }
5964 break;
5965 default:
5966 break;
5967 }
5968 /* allocb() of adequate mblk assures space */
5969 assert((uintptr_t)(mp1->b_wptr -
5970 mp1->b_rptr) <= (uintptr_t)INT_MAX);
5971 if (flags & TH_SYN)
5972 BUMP_MIB(tcp_mib.tcpOutControl);
5973 }
5974 if ((tcp->tcp_valid_bits & TCP_FSS_VALID) &&
5975 (seq + data_length) == tcp->tcp_fss) {
5976 if (!tcp->tcp_fin_acked) {
5977 flags |= TH_FIN;
5978 BUMP_MIB(tcp_mib.tcpOutControl);
5979 }
5980 if (!tcp->tcp_fin_sent) {
5981 tcp->tcp_fin_sent = B_TRUE;
5982 switch (tcp->tcp_state) {
5983 case TCPS_SYN_RCVD:
5984 case TCPS_ESTABLISHED:
5985 tcp->tcp_state = TCPS_FIN_WAIT_1;
5986 break;
5987 case TCPS_CLOSE_WAIT:
5988 tcp->tcp_state = TCPS_LAST_ACK;
5989 break;
5990 }
5991 if (tcp->tcp_suna == tcp->tcp_snxt)
5992 TCP_TIMER_RESTART(tcp, tcp->tcp_rto);
5993 tcp->tcp_snxt = tcp->tcp_fss + 1;
5994 }
5995 }
5996 }
5997 tcph->th_flags[0] = (uchar_t)flags;
5998 tcp->tcp_rack = tcp->tcp_rnxt;
5999 tcp->tcp_rack_cnt = 0;
6000
6001 if (tcp->tcp_snd_ts_ok) {
6002 if (tcp->tcp_state != TCPS_SYN_SENT) {
6003 uint32_t llbolt = prom_gettime();
6004
6005 U32_TO_BE32(llbolt,
6006 (char *)tcph+TCP_MIN_HEADER_LENGTH+4);
6007 U32_TO_BE32(tcp->tcp_ts_recent,
6008 (char *)tcph+TCP_MIN_HEADER_LENGTH+8);
6009 }
6010 }
6011
6012 if (num_sack_blk > 0) {
6013 uchar_t *wptr = (uchar_t *)tcph + tcp->tcp_tcp_hdr_len;
6014 sack_blk_t *tmp;
6015 int32_t i;
6016
6017 wptr[0] = TCPOPT_NOP;
6018 wptr[1] = TCPOPT_NOP;
6019 wptr[2] = TCPOPT_SACK;
6020 wptr[3] = TCPOPT_HEADER_LEN + num_sack_blk *
6021 sizeof (sack_blk_t);
6022 wptr += TCPOPT_REAL_SACK_LEN;
6023
6024 tmp = tcp->tcp_sack_list;
6025 for (i = 0; i < num_sack_blk; i++) {
6026 U32_TO_BE32(tmp[i].begin, wptr);
6027 wptr += sizeof (tcp_seq);
6028 U32_TO_BE32(tmp[i].end, wptr);
6029 wptr += sizeof (tcp_seq);
6030 }
6031 tcph->th_offset_and_rsrvd[0] += ((num_sack_blk * 2 + 1) << 4);
6032 }
6033 assert((uintptr_t)(mp1->b_wptr - rptr) <= (uintptr_t)INT_MAX);
6034 data_length += (int)(mp1->b_wptr - rptr);
6035 if (tcp->tcp_ipversion == IPV4_VERSION)
6036 ((struct ip *)rptr)->ip_len = htons(data_length);
6037
6038 /*
6039 * Performance hit! We need to pullup the whole message
6040 * in order to do checksum and for the MAC output routine.
6041 */
6042 if (mp1->b_cont != NULL) {
6043 int mp_size;
6044 #ifdef DEBUG
6045 printf("Multiple mblk %d\n", msgdsize(mp1));
6046 #endif
6047 mp2 = mp1;
6048 new_mp = allocb(msgdsize(mp1) + tcp_wroff_xtra, 0);
6049 new_mp->b_rptr += tcp_wroff_xtra;
6050 new_mp->b_wptr = new_mp->b_rptr;
6051 while (mp1 != NULL) {
6052 mp_size = mp1->b_wptr - mp1->b_rptr;
6053 bcopy(mp1->b_rptr, new_mp->b_wptr, mp_size);
6054 new_mp->b_wptr += mp_size;
6055 mp1 = mp1->b_cont;
6056 }
6057 freemsg(mp2);
6058 mp1 = new_mp;
6059 }
6060 tcp_set_cksum(mp1);
6061 /* Fill in the TTL field as it is 0 in the header template. */
6062 ((struct ip *)mp1->b_rptr)->ip_ttl = (uint8_t)tcp_ipv4_ttl;
6063
6064 return (mp1);
6065 }
6066
6067 /*
6068 * Generate a "no listener here" reset in response to the
6069 * connection request contained within 'mp'
6070 */
6071 static void
tcp_xmit_listeners_reset(int sock_id,mblk_t * mp,uint_t ip_hdr_len)6072 tcp_xmit_listeners_reset(int sock_id, mblk_t *mp, uint_t ip_hdr_len)
6073 {
6074 uchar_t *rptr;
6075 uint32_t seg_len;
6076 tcph_t *tcph;
6077 uint32_t seg_seq;
6078 uint32_t seg_ack;
6079 uint_t flags;
6080
6081 rptr = mp->b_rptr;
6082
6083 tcph = (tcph_t *)&rptr[ip_hdr_len];
6084 seg_seq = BE32_TO_U32(tcph->th_seq);
6085 seg_ack = BE32_TO_U32(tcph->th_ack);
6086 flags = tcph->th_flags[0];
6087
6088 seg_len = msgdsize(mp) - (TCP_HDR_LENGTH(tcph) + ip_hdr_len);
6089 if (flags & TH_RST) {
6090 freeb(mp);
6091 } else if (flags & TH_ACK) {
6092 tcp_xmit_early_reset("no tcp, reset",
6093 sock_id, mp, seg_ack, 0, TH_RST, ip_hdr_len);
6094 } else {
6095 if (flags & TH_SYN)
6096 seg_len++;
6097 tcp_xmit_early_reset("no tcp, reset/ack", sock_id,
6098 mp, 0, seg_seq + seg_len,
6099 TH_RST | TH_ACK, ip_hdr_len);
6100 }
6101 }
6102
6103 /* Non overlapping byte exchanger */
6104 static void
tcp_xchg(uchar_t * a,uchar_t * b,int len)6105 tcp_xchg(uchar_t *a, uchar_t *b, int len)
6106 {
6107 uchar_t uch;
6108
6109 while (len-- > 0) {
6110 uch = a[len];
6111 a[len] = b[len];
6112 b[len] = uch;
6113 }
6114 }
6115
6116 /*
6117 * Generate a reset based on an inbound packet for which there is no active
6118 * tcp state that we can find.
6119 */
6120 static void
tcp_xmit_early_reset(char * str,int sock_id,mblk_t * mp,uint32_t seq,uint32_t ack,int ctl,uint_t ip_hdr_len)6121 tcp_xmit_early_reset(char *str, int sock_id, mblk_t *mp, uint32_t seq,
6122 uint32_t ack, int ctl, uint_t ip_hdr_len)
6123 {
6124 struct ip *iph = NULL;
6125 ushort_t len;
6126 tcph_t *tcph;
6127 int i;
6128 ipaddr_t addr;
6129 mblk_t *new_mp;
6130
6131 if (str != NULL) {
6132 dprintf("tcp_xmit_early_reset: '%s', seq 0x%x, ack 0x%x, "
6133 "flags 0x%x\n", str, seq, ack, ctl);
6134 }
6135
6136 /*
6137 * We skip reversing source route here.
6138 * (for now we replace all IP options with EOL)
6139 */
6140 iph = (struct ip *)mp->b_rptr;
6141 for (i = IP_SIMPLE_HDR_LENGTH; i < (int)ip_hdr_len; i++)
6142 mp->b_rptr[i] = IPOPT_EOL;
6143 /*
6144 * Make sure that src address is not a limited broadcast
6145 * address. Not all broadcast address checking for the
6146 * src address is possible, since we don't know the
6147 * netmask of the src addr.
6148 * No check for destination address is done, since
6149 * IP will not pass up a packet with a broadcast dest address
6150 * to TCP.
6151 */
6152 if (iph->ip_src.s_addr == INADDR_ANY ||
6153 iph->ip_src.s_addr == INADDR_BROADCAST) {
6154 freemsg(mp);
6155 return;
6156 }
6157
6158 tcph = (tcph_t *)&mp->b_rptr[ip_hdr_len];
6159 if (tcph->th_flags[0] & TH_RST) {
6160 freemsg(mp);
6161 return;
6162 }
6163 /*
6164 * Now copy the original header to a new buffer. The reason
6165 * for doing this is that we need to put extra room before
6166 * the header for the MAC layer address. The original mblk
6167 * does not have this extra head room.
6168 */
6169 len = ip_hdr_len + sizeof (tcph_t);
6170 if ((new_mp = allocb(len + tcp_wroff_xtra, 0)) == NULL) {
6171 freemsg(mp);
6172 return;
6173 }
6174 new_mp->b_rptr += tcp_wroff_xtra;
6175 bcopy(mp->b_rptr, new_mp->b_rptr, len);
6176 new_mp->b_wptr = new_mp->b_rptr + len;
6177 freemsg(mp);
6178 mp = new_mp;
6179 iph = (struct ip *)mp->b_rptr;
6180 tcph = (tcph_t *)&mp->b_rptr[ip_hdr_len];
6181
6182 tcph->th_offset_and_rsrvd[0] = (5 << 4);
6183 tcp_xchg(tcph->th_fport, tcph->th_lport, 2);
6184 U32_TO_BE32(ack, tcph->th_ack);
6185 U32_TO_BE32(seq, tcph->th_seq);
6186 U16_TO_BE16(0, tcph->th_win);
6187 bzero(tcph->th_sum, sizeof (int16_t));
6188 tcph->th_flags[0] = (uint8_t)ctl;
6189 if (ctl & TH_RST) {
6190 BUMP_MIB(tcp_mib.tcpOutRsts);
6191 BUMP_MIB(tcp_mib.tcpOutControl);
6192 }
6193
6194 iph->ip_len = htons(len);
6195 /* Swap addresses */
6196 addr = iph->ip_src.s_addr;
6197 iph->ip_src = iph->ip_dst;
6198 iph->ip_dst.s_addr = addr;
6199 iph->ip_id = 0;
6200 iph->ip_ttl = 0;
6201 tcp_set_cksum(mp);
6202 iph->ip_ttl = (uint8_t)tcp_ipv4_ttl;
6203
6204 /* Dump the packet when debugging. */
6205 TCP_DUMP_PACKET("tcp_xmit_early_reset", mp);
6206 (void) ipv4_tcp_output(sock_id, mp);
6207 freemsg(mp);
6208 }
6209
6210 static void
tcp_set_cksum(mblk_t * mp)6211 tcp_set_cksum(mblk_t *mp)
6212 {
6213 struct ip *iph;
6214 tcpha_t *tcph;
6215 int len;
6216
6217 iph = (struct ip *)mp->b_rptr;
6218 tcph = (tcpha_t *)(iph + 1);
6219 len = ntohs(iph->ip_len);
6220 /*
6221 * Calculate the TCP checksum. Need to include the psuedo header,
6222 * which is similar to the real IP header starting at the TTL field.
6223 */
6224 iph->ip_sum = htons(len - IP_SIMPLE_HDR_LENGTH);
6225 tcph->tha_sum = 0;
6226 tcph->tha_sum = tcp_cksum((uint16_t *)&(iph->ip_ttl),
6227 len - IP_SIMPLE_HDR_LENGTH + 12);
6228 iph->ip_sum = 0;
6229 }
6230
6231 static uint16_t
tcp_cksum(uint16_t * buf,uint32_t len)6232 tcp_cksum(uint16_t *buf, uint32_t len)
6233 {
6234 /*
6235 * Compute Internet Checksum for "count" bytes
6236 * beginning at location "addr".
6237 */
6238 int32_t sum = 0;
6239
6240 while (len > 1) {
6241 /* This is the inner loop */
6242 sum += *buf++;
6243 len -= 2;
6244 }
6245
6246 /* Add left-over byte, if any */
6247 if (len > 0)
6248 sum += *(unsigned char *)buf * 256;
6249
6250 /* Fold 32-bit sum to 16 bits */
6251 while (sum >> 16)
6252 sum = (sum & 0xffff) + (sum >> 16);
6253
6254 return ((uint16_t)~sum);
6255 }
6256
6257 /*
6258 * Type three generator adapted from the random() function in 4.4 BSD:
6259 */
6260
6261 /*
6262 * Copyright (c) 1983, 1993
6263 * The Regents of the University of California. All rights reserved.
6264 *
6265 * Redistribution and use in source and binary forms, with or without
6266 * modification, are permitted provided that the following conditions
6267 * are met:
6268 * 1. Redistributions of source code must retain the above copyright
6269 * notice, this list of conditions and the following disclaimer.
6270 * 2. Redistributions in binary form must reproduce the above copyright
6271 * notice, this list of conditions and the following disclaimer in the
6272 * documentation and/or other materials provided with the distribution.
6273 * 3. All advertising materials mentioning features or use of this software
6274 * must display the following acknowledgement:
6275 * This product includes software developed by the University of
6276 * California, Berkeley and its contributors.
6277 * 4. Neither the name of the University nor the names of its contributors
6278 * may be used to endorse or promote products derived from this software
6279 * without specific prior written permission.
6280 *
6281 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
6282 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
6283 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
6284 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
6285 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
6286 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
6287 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
6288 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
6289 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
6290 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
6291 * SUCH DAMAGE.
6292 */
6293
6294 /* Type 3 -- x**31 + x**3 + 1 */
6295 #define DEG_3 31
6296 #define SEP_3 3
6297
6298
6299 /* Protected by tcp_random_lock */
6300 static int tcp_randtbl[DEG_3 + 1];
6301
6302 static int *tcp_random_fptr = &tcp_randtbl[SEP_3 + 1];
6303 static int *tcp_random_rptr = &tcp_randtbl[1];
6304
6305 static int *tcp_random_state = &tcp_randtbl[1];
6306 static int *tcp_random_end_ptr = &tcp_randtbl[DEG_3 + 1];
6307
6308 static void
tcp_random_init(void)6309 tcp_random_init(void)
6310 {
6311 int i;
6312 uint32_t hrt;
6313 uint32_t wallclock;
6314 uint32_t result;
6315
6316 /*
6317 *
6318 * XXX We don't have high resolution time in standalone... The
6319 * following is just some approximation on the comment below.
6320 *
6321 * Use high-res timer and current time for seed. Gethrtime() returns
6322 * a longlong, which may contain resolution down to nanoseconds.
6323 * The current time will either be a 32-bit or a 64-bit quantity.
6324 * XOR the two together in a 64-bit result variable.
6325 * Convert the result to a 32-bit value by multiplying the high-order
6326 * 32-bits by the low-order 32-bits.
6327 *
6328 * XXX We don't have gethrtime() in prom and the wallclock....
6329 */
6330
6331 hrt = prom_gettime();
6332 wallclock = (uint32_t)time(NULL);
6333 result = wallclock ^ hrt;
6334 tcp_random_state[0] = result;
6335
6336 for (i = 1; i < DEG_3; i++)
6337 tcp_random_state[i] = 1103515245 * tcp_random_state[i - 1]
6338 + 12345;
6339 tcp_random_fptr = &tcp_random_state[SEP_3];
6340 tcp_random_rptr = &tcp_random_state[0];
6341 for (i = 0; i < 10 * DEG_3; i++)
6342 (void) tcp_random();
6343 }
6344
6345 /*
6346 * tcp_random: Return a random number in the range [1 - (128K + 1)].
6347 * This range is selected to be approximately centered on TCP_ISS / 2,
6348 * and easy to compute. We get this value by generating a 32-bit random
6349 * number, selecting out the high-order 17 bits, and then adding one so
6350 * that we never return zero.
6351 */
6352 static int
tcp_random(void)6353 tcp_random(void)
6354 {
6355 int i;
6356
6357 *tcp_random_fptr += *tcp_random_rptr;
6358
6359 /*
6360 * The high-order bits are more random than the low-order bits,
6361 * so we select out the high-order 17 bits and add one so that
6362 * we never return zero.
6363 */
6364 i = ((*tcp_random_fptr >> 15) & 0x1ffff) + 1;
6365 if (++tcp_random_fptr >= tcp_random_end_ptr) {
6366 tcp_random_fptr = tcp_random_state;
6367 ++tcp_random_rptr;
6368 } else if (++tcp_random_rptr >= tcp_random_end_ptr)
6369 tcp_random_rptr = tcp_random_state;
6370
6371 return (i);
6372 }
6373
6374 /*
6375 * Generate ISS, taking into account NDD changes may happen halfway through.
6376 * (If the iss is not zero, set it.)
6377 */
6378 static void
tcp_iss_init(tcp_t * tcp)6379 tcp_iss_init(tcp_t *tcp)
6380 {
6381 tcp_iss_incr_extra += (ISS_INCR >> 1);
6382 tcp->tcp_iss = tcp_iss_incr_extra;
6383 tcp->tcp_iss += (prom_gettime() >> ISS_NSEC_SHT) + tcp_random();
6384 tcp->tcp_valid_bits = TCP_ISS_VALID;
6385 tcp->tcp_fss = tcp->tcp_iss - 1;
6386 tcp->tcp_suna = tcp->tcp_iss;
6387 tcp->tcp_snxt = tcp->tcp_iss + 1;
6388 tcp->tcp_rexmit_nxt = tcp->tcp_snxt;
6389 tcp->tcp_csuna = tcp->tcp_snxt;
6390 }
6391
6392 /*
6393 * Diagnostic routine used to return a string associated with the tcp state.
6394 * Note that if the caller does not supply a buffer, it will use an internal
6395 * static string. This means that if multiple threads call this function at
6396 * the same time, output can be corrupted... Note also that this function
6397 * does not check the size of the supplied buffer. The caller has to make
6398 * sure that it is big enough.
6399 */
6400 static char *
tcp_display(tcp_t * tcp,char * sup_buf,char format)6401 tcp_display(tcp_t *tcp, char *sup_buf, char format)
6402 {
6403 char buf1[30];
6404 static char priv_buf[INET_ADDRSTRLEN * 2 + 80];
6405 char *buf;
6406 char *cp;
6407 char local_addrbuf[INET_ADDRSTRLEN];
6408 char remote_addrbuf[INET_ADDRSTRLEN];
6409 struct in_addr addr;
6410
6411 if (sup_buf != NULL)
6412 buf = sup_buf;
6413 else
6414 buf = priv_buf;
6415
6416 if (tcp == NULL)
6417 return ("NULL_TCP");
6418 switch (tcp->tcp_state) {
6419 case TCPS_CLOSED:
6420 cp = "TCP_CLOSED";
6421 break;
6422 case TCPS_IDLE:
6423 cp = "TCP_IDLE";
6424 break;
6425 case TCPS_BOUND:
6426 cp = "TCP_BOUND";
6427 break;
6428 case TCPS_LISTEN:
6429 cp = "TCP_LISTEN";
6430 break;
6431 case TCPS_SYN_SENT:
6432 cp = "TCP_SYN_SENT";
6433 break;
6434 case TCPS_SYN_RCVD:
6435 cp = "TCP_SYN_RCVD";
6436 break;
6437 case TCPS_ESTABLISHED:
6438 cp = "TCP_ESTABLISHED";
6439 break;
6440 case TCPS_CLOSE_WAIT:
6441 cp = "TCP_CLOSE_WAIT";
6442 break;
6443 case TCPS_FIN_WAIT_1:
6444 cp = "TCP_FIN_WAIT_1";
6445 break;
6446 case TCPS_CLOSING:
6447 cp = "TCP_CLOSING";
6448 break;
6449 case TCPS_LAST_ACK:
6450 cp = "TCP_LAST_ACK";
6451 break;
6452 case TCPS_FIN_WAIT_2:
6453 cp = "TCP_FIN_WAIT_2";
6454 break;
6455 case TCPS_TIME_WAIT:
6456 cp = "TCP_TIME_WAIT";
6457 break;
6458 default:
6459 (void) sprintf(buf1, "TCPUnkState(%d)", tcp->tcp_state);
6460 cp = buf1;
6461 break;
6462 }
6463 switch (format) {
6464 case DISP_ADDR_AND_PORT:
6465 /*
6466 * Note that we use the remote address in the tcp_b
6467 * structure. This means that it will print out
6468 * the real destination address, not the next hop's
6469 * address if source routing is used.
6470 */
6471 addr.s_addr = tcp->tcp_bound_source;
6472 bcopy(inet_ntoa(addr), local_addrbuf, sizeof (local_addrbuf));
6473 addr.s_addr = tcp->tcp_remote;
6474 bcopy(inet_ntoa(addr), remote_addrbuf, sizeof (remote_addrbuf));
6475 (void) snprintf(buf, sizeof (priv_buf), "[%s.%u, %s.%u] %s",
6476 local_addrbuf, ntohs(tcp->tcp_lport), remote_addrbuf,
6477 ntohs(tcp->tcp_fport), cp);
6478 break;
6479 case DISP_PORT_ONLY:
6480 default:
6481 (void) snprintf(buf, sizeof (priv_buf), "[%u, %u] %s",
6482 ntohs(tcp->tcp_lport), ntohs(tcp->tcp_fport), cp);
6483 break;
6484 }
6485
6486 return (buf);
6487 }
6488
6489 /*
6490 * Add a new piece to the tcp reassembly queue. If the gap at the beginning
6491 * is filled, return as much as we can. The message passed in may be
6492 * multi-part, chained using b_cont. "start" is the starting sequence
6493 * number for this piece.
6494 */
6495 static mblk_t *
tcp_reass(tcp_t * tcp,mblk_t * mp,uint32_t start)6496 tcp_reass(tcp_t *tcp, mblk_t *mp, uint32_t start)
6497 {
6498 uint32_t end;
6499 mblk_t *mp1;
6500 mblk_t *mp2;
6501 mblk_t *next_mp;
6502 uint32_t u1;
6503
6504 /* Walk through all the new pieces. */
6505 do {
6506 assert((uintptr_t)(mp->b_wptr - mp->b_rptr) <=
6507 (uintptr_t)INT_MAX);
6508 end = start + (int)(mp->b_wptr - mp->b_rptr);
6509 next_mp = mp->b_cont;
6510 if (start == end) {
6511 /* Empty. Blast it. */
6512 freeb(mp);
6513 continue;
6514 }
6515 mp->b_cont = NULL;
6516 TCP_REASS_SET_SEQ(mp, start);
6517 TCP_REASS_SET_END(mp, end);
6518 mp1 = tcp->tcp_reass_tail;
6519 if (!mp1) {
6520 tcp->tcp_reass_tail = mp;
6521 tcp->tcp_reass_head = mp;
6522 BUMP_MIB(tcp_mib.tcpInDataUnorderSegs);
6523 UPDATE_MIB(tcp_mib.tcpInDataUnorderBytes, end - start);
6524 continue;
6525 }
6526 /* New stuff completely beyond tail? */
6527 if (SEQ_GEQ(start, TCP_REASS_END(mp1))) {
6528 /* Link it on end. */
6529 mp1->b_cont = mp;
6530 tcp->tcp_reass_tail = mp;
6531 BUMP_MIB(tcp_mib.tcpInDataUnorderSegs);
6532 UPDATE_MIB(tcp_mib.tcpInDataUnorderBytes, end - start);
6533 continue;
6534 }
6535 mp1 = tcp->tcp_reass_head;
6536 u1 = TCP_REASS_SEQ(mp1);
6537 /* New stuff at the front? */
6538 if (SEQ_LT(start, u1)) {
6539 /* Yes... Check for overlap. */
6540 mp->b_cont = mp1;
6541 tcp->tcp_reass_head = mp;
6542 tcp_reass_elim_overlap(tcp, mp);
6543 continue;
6544 }
6545 /*
6546 * The new piece fits somewhere between the head and tail.
6547 * We find our slot, where mp1 precedes us and mp2 trails.
6548 */
6549 for (; (mp2 = mp1->b_cont) != NULL; mp1 = mp2) {
6550 u1 = TCP_REASS_SEQ(mp2);
6551 if (SEQ_LEQ(start, u1))
6552 break;
6553 }
6554 /* Link ourselves in */
6555 mp->b_cont = mp2;
6556 mp1->b_cont = mp;
6557
6558 /* Trim overlap with following mblk(s) first */
6559 tcp_reass_elim_overlap(tcp, mp);
6560
6561 /* Trim overlap with preceding mblk */
6562 tcp_reass_elim_overlap(tcp, mp1);
6563
6564 } while (start = end, mp = next_mp);
6565 mp1 = tcp->tcp_reass_head;
6566 /* Anything ready to go? */
6567 if (TCP_REASS_SEQ(mp1) != tcp->tcp_rnxt)
6568 return (NULL);
6569 /* Eat what we can off the queue */
6570 for (;;) {
6571 mp = mp1->b_cont;
6572 end = TCP_REASS_END(mp1);
6573 TCP_REASS_SET_SEQ(mp1, 0);
6574 TCP_REASS_SET_END(mp1, 0);
6575 if (!mp) {
6576 tcp->tcp_reass_tail = NULL;
6577 break;
6578 }
6579 if (end != TCP_REASS_SEQ(mp)) {
6580 mp1->b_cont = NULL;
6581 break;
6582 }
6583 mp1 = mp;
6584 }
6585 mp1 = tcp->tcp_reass_head;
6586 tcp->tcp_reass_head = mp;
6587 return (mp1);
6588 }
6589
6590 /* Eliminate any overlap that mp may have over later mblks */
6591 static void
tcp_reass_elim_overlap(tcp_t * tcp,mblk_t * mp)6592 tcp_reass_elim_overlap(tcp_t *tcp, mblk_t *mp)
6593 {
6594 uint32_t end;
6595 mblk_t *mp1;
6596 uint32_t u1;
6597
6598 end = TCP_REASS_END(mp);
6599 while ((mp1 = mp->b_cont) != NULL) {
6600 u1 = TCP_REASS_SEQ(mp1);
6601 if (!SEQ_GT(end, u1))
6602 break;
6603 if (!SEQ_GEQ(end, TCP_REASS_END(mp1))) {
6604 mp->b_wptr -= end - u1;
6605 TCP_REASS_SET_END(mp, u1);
6606 BUMP_MIB(tcp_mib.tcpInDataPartDupSegs);
6607 UPDATE_MIB(tcp_mib.tcpInDataPartDupBytes, end - u1);
6608 break;
6609 }
6610 mp->b_cont = mp1->b_cont;
6611 freeb(mp1);
6612 BUMP_MIB(tcp_mib.tcpInDataDupSegs);
6613 UPDATE_MIB(tcp_mib.tcpInDataDupBytes, end - u1);
6614 }
6615 if (!mp1)
6616 tcp->tcp_reass_tail = mp;
6617 }
6618
6619 /*
6620 * Remove a connection from the list of detached TIME_WAIT connections.
6621 */
6622 static void
tcp_time_wait_remove(tcp_t * tcp)6623 tcp_time_wait_remove(tcp_t *tcp)
6624 {
6625 if (tcp->tcp_time_wait_expire == 0) {
6626 assert(tcp->tcp_time_wait_next == NULL);
6627 assert(tcp->tcp_time_wait_prev == NULL);
6628 return;
6629 }
6630 assert(tcp->tcp_state == TCPS_TIME_WAIT);
6631 if (tcp == tcp_time_wait_head) {
6632 assert(tcp->tcp_time_wait_prev == NULL);
6633 tcp_time_wait_head = tcp->tcp_time_wait_next;
6634 if (tcp_time_wait_head != NULL) {
6635 tcp_time_wait_head->tcp_time_wait_prev = NULL;
6636 } else {
6637 tcp_time_wait_tail = NULL;
6638 }
6639 } else if (tcp == tcp_time_wait_tail) {
6640 assert(tcp != tcp_time_wait_head);
6641 assert(tcp->tcp_time_wait_next == NULL);
6642 tcp_time_wait_tail = tcp->tcp_time_wait_prev;
6643 assert(tcp_time_wait_tail != NULL);
6644 tcp_time_wait_tail->tcp_time_wait_next = NULL;
6645 } else {
6646 assert(tcp->tcp_time_wait_prev->tcp_time_wait_next == tcp);
6647 assert(tcp->tcp_time_wait_next->tcp_time_wait_prev == tcp);
6648 tcp->tcp_time_wait_prev->tcp_time_wait_next =
6649 tcp->tcp_time_wait_next;
6650 tcp->tcp_time_wait_next->tcp_time_wait_prev =
6651 tcp->tcp_time_wait_prev;
6652 }
6653 tcp->tcp_time_wait_next = NULL;
6654 tcp->tcp_time_wait_prev = NULL;
6655 tcp->tcp_time_wait_expire = 0;
6656 }
6657
6658 /*
6659 * Add a connection to the list of detached TIME_WAIT connections
6660 * and set its time to expire ...
6661 */
6662 static void
tcp_time_wait_append(tcp_t * tcp)6663 tcp_time_wait_append(tcp_t *tcp)
6664 {
6665 tcp->tcp_time_wait_expire = prom_gettime() + tcp_time_wait_interval;
6666 if (tcp->tcp_time_wait_expire == 0)
6667 tcp->tcp_time_wait_expire = 1;
6668
6669 if (tcp_time_wait_head == NULL) {
6670 assert(tcp_time_wait_tail == NULL);
6671 tcp_time_wait_head = tcp;
6672 } else {
6673 assert(tcp_time_wait_tail != NULL);
6674 assert(tcp_time_wait_tail->tcp_state == TCPS_TIME_WAIT);
6675 tcp_time_wait_tail->tcp_time_wait_next = tcp;
6676 tcp->tcp_time_wait_prev = tcp_time_wait_tail;
6677 }
6678 tcp_time_wait_tail = tcp;
6679
6680 /* for ndd stats about compression */
6681 tcp_cum_timewait++;
6682 }
6683
6684 /*
6685 * Periodic qtimeout routine run on the default queue.
6686 * Performs 2 functions.
6687 * 1. Does TIME_WAIT compression on all recently added tcps. List
6688 * traversal is done backwards from the tail.
6689 * 2. Blows away all tcps whose TIME_WAIT has expired. List traversal
6690 * is done forwards from the head.
6691 */
6692 void
tcp_time_wait_collector(void)6693 tcp_time_wait_collector(void)
6694 {
6695 tcp_t *tcp;
6696 uint32_t now;
6697
6698 /*
6699 * In order to reap time waits reliably, we should use a
6700 * source of time that is not adjustable by the user
6701 */
6702 now = prom_gettime();
6703 while ((tcp = tcp_time_wait_head) != NULL) {
6704 /*
6705 * Compare times using modular arithmetic, since
6706 * lbolt can wrapover.
6707 */
6708 if ((int32_t)(now - tcp->tcp_time_wait_expire) < 0) {
6709 break;
6710 }
6711 /*
6712 * Note that the err must be 0 as there is no socket
6713 * associated with this TCP...
6714 */
6715 (void) tcp_clean_death(-1, tcp, 0);
6716 }
6717 /* Schedule next run time. */
6718 tcp_time_wait_runtime = prom_gettime() + 10000;
6719 }
6720
6721 void
tcp_time_wait_report(void)6722 tcp_time_wait_report(void)
6723 {
6724 tcp_t *tcp;
6725
6726 printf("Current time %u\n", prom_gettime());
6727 for (tcp = tcp_time_wait_head; tcp != NULL;
6728 tcp = tcp->tcp_time_wait_next) {
6729 printf("%s expires at %u\n", tcp_display(tcp, NULL,
6730 DISP_ADDR_AND_PORT), tcp->tcp_time_wait_expire);
6731 }
6732 }
6733
6734 /*
6735 * Send up all messages queued on tcp_rcv_list.
6736 * Have to set tcp_co_norm since we use putnext.
6737 */
6738 static void
tcp_rcv_drain(int sock_id,tcp_t * tcp)6739 tcp_rcv_drain(int sock_id, tcp_t *tcp)
6740 {
6741 mblk_t *mp;
6742 struct inetgram *in_gram;
6743 mblk_t *in_mp;
6744 int len;
6745
6746 /* Don't drain if the app has not finished reading all the data. */
6747 if (sockets[sock_id].so_rcvbuf <= 0)
6748 return;
6749
6750 /* We might have come here just to updated the rwnd */
6751 if (tcp->tcp_rcv_list == NULL)
6752 goto win_update;
6753
6754 if ((in_gram = (struct inetgram *)bkmem_zalloc(
6755 sizeof (struct inetgram))) == NULL) {
6756 return;
6757 }
6758 if ((in_mp = allocb(tcp->tcp_rcv_cnt, 0)) == NULL) {
6759 bkmem_free((caddr_t)in_gram, sizeof (struct inetgram));
6760 return;
6761 }
6762 in_gram->igm_level = APP_LVL;
6763 in_gram->igm_mp = in_mp;
6764 in_gram->igm_id = 0;
6765
6766 while ((mp = tcp->tcp_rcv_list) != NULL) {
6767 tcp->tcp_rcv_list = mp->b_cont;
6768 len = mp->b_wptr - mp->b_rptr;
6769 bcopy(mp->b_rptr, in_mp->b_wptr, len);
6770 in_mp->b_wptr += len;
6771 freeb(mp);
6772 }
6773
6774 tcp->tcp_rcv_last_tail = NULL;
6775 tcp->tcp_rcv_cnt = 0;
6776 add_grams(&sockets[sock_id].inq, in_gram);
6777
6778 /* This means that so_rcvbuf can be less than 0. */
6779 sockets[sock_id].so_rcvbuf -= in_mp->b_wptr - in_mp->b_rptr;
6780 win_update:
6781 /*
6782 * Increase the receive window to max. But we need to do receiver
6783 * SWS avoidance. This means that we need to check the increase of
6784 * of receive window is at least 1 MSS.
6785 */
6786 if (sockets[sock_id].so_rcvbuf > 0 &&
6787 (tcp->tcp_rwnd_max - tcp->tcp_rwnd >= tcp->tcp_mss)) {
6788 tcp->tcp_rwnd = tcp->tcp_rwnd_max;
6789 U32_TO_ABE16(tcp->tcp_rwnd >> tcp->tcp_rcv_ws,
6790 tcp->tcp_tcph->th_win);
6791 }
6792 }
6793
6794 /*
6795 * Wrapper for recvfrom to call
6796 */
6797 void
tcp_rcv_drain_sock(int sock_id)6798 tcp_rcv_drain_sock(int sock_id)
6799 {
6800 tcp_t *tcp;
6801 if ((tcp = sockets[sock_id].pcb) == NULL)
6802 return;
6803 tcp_rcv_drain(sock_id, tcp);
6804 }
6805
6806 /*
6807 * If the inq == NULL and the tcp_rcv_list != NULL, we have data that
6808 * recvfrom could read. Place a magic message in the inq to let recvfrom
6809 * know that it needs to call tcp_rcv_drain_sock to pullup the data.
6810 */
6811 static void
tcp_drain_needed(int sock_id,tcp_t * tcp)6812 tcp_drain_needed(int sock_id, tcp_t *tcp)
6813 {
6814 struct inetgram *in_gram;
6815 #ifdef DEBUG
6816 printf("tcp_drain_needed: inq %x, tcp_rcv_list %x\n",
6817 sockets[sock_id].inq, tcp->tcp_rcv_list);
6818 #endif
6819 if ((sockets[sock_id].inq != NULL) ||
6820 (tcp->tcp_rcv_list == NULL))
6821 return;
6822
6823 if ((in_gram = (struct inetgram *)bkmem_zalloc(
6824 sizeof (struct inetgram))) == NULL)
6825 return;
6826
6827 in_gram->igm_level = APP_LVL;
6828 in_gram->igm_mp = NULL;
6829 in_gram->igm_id = TCP_CALLB_MAGIC_ID;
6830
6831 add_grams(&sockets[sock_id].inq, in_gram);
6832 }
6833
6834 /*
6835 * Queue data on tcp_rcv_list which is a b_next chain.
6836 * Each element of the chain is a b_cont chain.
6837 *
6838 * M_DATA messages are added to the current element.
6839 * Other messages are added as new (b_next) elements.
6840 */
6841 static void
tcp_rcv_enqueue(tcp_t * tcp,mblk_t * mp,uint_t seg_len)6842 tcp_rcv_enqueue(tcp_t *tcp, mblk_t *mp, uint_t seg_len)
6843 {
6844 assert(seg_len == msgdsize(mp));
6845 if (tcp->tcp_rcv_list == NULL) {
6846 tcp->tcp_rcv_list = mp;
6847 } else {
6848 tcp->tcp_rcv_last_tail->b_cont = mp;
6849 }
6850 while (mp->b_cont)
6851 mp = mp->b_cont;
6852 tcp->tcp_rcv_last_tail = mp;
6853 tcp->tcp_rcv_cnt += seg_len;
6854 tcp->tcp_rwnd -= seg_len;
6855 #ifdef DEBUG
6856 printf("tcp_rcv_enqueue rwnd %d\n", tcp->tcp_rwnd);
6857 #endif
6858 U32_TO_ABE16(tcp->tcp_rwnd >> tcp->tcp_rcv_ws, tcp->tcp_tcph->th_win);
6859 }
6860
6861 /* The minimum of smoothed mean deviation in RTO calculation. */
6862 #define TCP_SD_MIN 400
6863
6864 /*
6865 * Set RTO for this connection. The formula is from Jacobson and Karels'
6866 * "Congestion Avoidance and Control" in SIGCOMM '88. The variable names
6867 * are the same as those in Appendix A.2 of that paper.
6868 *
6869 * m = new measurement
6870 * sa = smoothed RTT average (8 * average estimates).
6871 * sv = smoothed mean deviation (mdev) of RTT (4 * deviation estimates).
6872 */
6873 static void
tcp_set_rto(tcp_t * tcp,int32_t rtt)6874 tcp_set_rto(tcp_t *tcp, int32_t rtt)
6875 {
6876 int32_t m = rtt;
6877 uint32_t sa = tcp->tcp_rtt_sa;
6878 uint32_t sv = tcp->tcp_rtt_sd;
6879 uint32_t rto;
6880
6881 BUMP_MIB(tcp_mib.tcpRttUpdate);
6882 tcp->tcp_rtt_update++;
6883
6884 /* tcp_rtt_sa is not 0 means this is a new sample. */
6885 if (sa != 0) {
6886 /*
6887 * Update average estimator:
6888 * new rtt = 7/8 old rtt + 1/8 Error
6889 */
6890
6891 /* m is now Error in estimate. */
6892 m -= sa >> 3;
6893 if ((int32_t)(sa += m) <= 0) {
6894 /*
6895 * Don't allow the smoothed average to be negative.
6896 * We use 0 to denote reinitialization of the
6897 * variables.
6898 */
6899 sa = 1;
6900 }
6901
6902 /*
6903 * Update deviation estimator:
6904 * new mdev = 3/4 old mdev + 1/4 (abs(Error) - old mdev)
6905 */
6906 if (m < 0)
6907 m = -m;
6908 m -= sv >> 2;
6909 sv += m;
6910 } else {
6911 /*
6912 * This follows BSD's implementation. So the reinitialized
6913 * RTO is 3 * m. We cannot go less than 2 because if the
6914 * link is bandwidth dominated, doubling the window size
6915 * during slow start means doubling the RTT. We want to be
6916 * more conservative when we reinitialize our estimates. 3
6917 * is just a convenient number.
6918 */
6919 sa = m << 3;
6920 sv = m << 1;
6921 }
6922 if (sv < TCP_SD_MIN) {
6923 /*
6924 * We do not know that if sa captures the delay ACK
6925 * effect as in a long train of segments, a receiver
6926 * does not delay its ACKs. So set the minimum of sv
6927 * to be TCP_SD_MIN, which is default to 400 ms, twice
6928 * of BSD DATO. That means the minimum of mean
6929 * deviation is 100 ms.
6930 *
6931 */
6932 sv = TCP_SD_MIN;
6933 }
6934 tcp->tcp_rtt_sa = sa;
6935 tcp->tcp_rtt_sd = sv;
6936 /*
6937 * RTO = average estimates (sa / 8) + 4 * deviation estimates (sv)
6938 *
6939 * Add tcp_rexmit_interval extra in case of extreme environment
6940 * where the algorithm fails to work. The default value of
6941 * tcp_rexmit_interval_extra should be 0.
6942 *
6943 * As we use a finer grained clock than BSD and update
6944 * RTO for every ACKs, add in another .25 of RTT to the
6945 * deviation of RTO to accomodate burstiness of 1/4 of
6946 * window size.
6947 */
6948 rto = (sa >> 3) + sv + tcp_rexmit_interval_extra + (sa >> 5);
6949
6950 if (rto > tcp_rexmit_interval_max) {
6951 tcp->tcp_rto = tcp_rexmit_interval_max;
6952 } else if (rto < tcp_rexmit_interval_min) {
6953 tcp->tcp_rto = tcp_rexmit_interval_min;
6954 } else {
6955 tcp->tcp_rto = rto;
6956 }
6957
6958 /* Now, we can reset tcp_timer_backoff to use the new RTO... */
6959 tcp->tcp_timer_backoff = 0;
6960 }
6961
6962 /*
6963 * Initiate closedown sequence on an active connection.
6964 * Return value zero for OK return, non-zero for error return.
6965 */
6966 static int
tcp_xmit_end(tcp_t * tcp,int sock_id)6967 tcp_xmit_end(tcp_t *tcp, int sock_id)
6968 {
6969 mblk_t *mp;
6970
6971 if (tcp->tcp_state < TCPS_SYN_RCVD ||
6972 tcp->tcp_state > TCPS_CLOSE_WAIT) {
6973 /*
6974 * Invalid state, only states TCPS_SYN_RCVD,
6975 * TCPS_ESTABLISHED and TCPS_CLOSE_WAIT are valid
6976 */
6977 return (-1);
6978 }
6979
6980 tcp->tcp_fss = tcp->tcp_snxt + tcp->tcp_unsent;
6981 tcp->tcp_valid_bits |= TCP_FSS_VALID;
6982 /*
6983 * If there is nothing more unsent, send the FIN now.
6984 * Otherwise, it will go out with the last segment.
6985 */
6986 if (tcp->tcp_unsent == 0) {
6987 mp = tcp_xmit_mp(tcp, NULL, 0, NULL, NULL,
6988 tcp->tcp_fss, B_FALSE, NULL, B_FALSE);
6989
6990 if (mp != NULL) {
6991 /* Dump the packet when debugging. */
6992 TCP_DUMP_PACKET("tcp_xmit_end", mp);
6993 (void) ipv4_tcp_output(sock_id, mp);
6994 freeb(mp);
6995 } else {
6996 /*
6997 * Couldn't allocate msg. Pretend we got it out.
6998 * Wait for rexmit timeout.
6999 */
7000 tcp->tcp_snxt = tcp->tcp_fss + 1;
7001 TCP_TIMER_RESTART(tcp, tcp->tcp_rto);
7002 }
7003
7004 /*
7005 * If needed, update tcp_rexmit_snxt as tcp_snxt is
7006 * changed.
7007 */
7008 if (tcp->tcp_rexmit && tcp->tcp_rexmit_nxt == tcp->tcp_fss) {
7009 tcp->tcp_rexmit_nxt = tcp->tcp_snxt;
7010 }
7011 } else {
7012 tcp_wput_data(tcp, NULL, B_FALSE);
7013 }
7014
7015 return (0);
7016 }
7017
7018 int
tcp_opt_set(tcp_t * tcp,int level,int option,const void * optval,socklen_t optlen)7019 tcp_opt_set(tcp_t *tcp, int level, int option, const void *optval,
7020 socklen_t optlen)
7021 {
7022 switch (level) {
7023 case SOL_SOCKET: {
7024 switch (option) {
7025 case SO_RCVBUF:
7026 if (optlen == sizeof (int)) {
7027 int val = *(int *)optval;
7028
7029 if (val > tcp_max_buf) {
7030 errno = ENOBUFS;
7031 break;
7032 }
7033 /* Silently ignore zero */
7034 if (val != 0) {
7035 val = MSS_ROUNDUP(val, tcp->tcp_mss);
7036 (void) tcp_rwnd_set(tcp, val);
7037 }
7038 } else {
7039 errno = EINVAL;
7040 }
7041 break;
7042 case SO_SNDBUF:
7043 if (optlen == sizeof (int)) {
7044 tcp->tcp_xmit_hiwater = *(int *)optval;
7045 if (tcp->tcp_xmit_hiwater > tcp_max_buf)
7046 tcp->tcp_xmit_hiwater = tcp_max_buf;
7047 } else {
7048 errno = EINVAL;
7049 }
7050 break;
7051 case SO_LINGER:
7052 if (optlen == sizeof (struct linger)) {
7053 struct linger *lgr = (struct linger *)optval;
7054
7055 if (lgr->l_onoff) {
7056 tcp->tcp_linger = 1;
7057 tcp->tcp_lingertime = lgr->l_linger;
7058 } else {
7059 tcp->tcp_linger = 0;
7060 tcp->tcp_lingertime = 0;
7061 }
7062 } else {
7063 errno = EINVAL;
7064 }
7065 break;
7066 default:
7067 errno = ENOPROTOOPT;
7068 break;
7069 }
7070 break;
7071 } /* case SOL_SOCKET */
7072 case IPPROTO_TCP: {
7073 switch (option) {
7074 default:
7075 errno = ENOPROTOOPT;
7076 break;
7077 }
7078 break;
7079 } /* case IPPROTO_TCP */
7080 case IPPROTO_IP: {
7081 switch (option) {
7082 default:
7083 errno = ENOPROTOOPT;
7084 break;
7085 }
7086 break;
7087 } /* case IPPROTO_IP */
7088 default:
7089 errno = ENOPROTOOPT;
7090 break;
7091 } /* switch (level) */
7092
7093 if (errno != 0)
7094 return (-1);
7095 else
7096 return (0);
7097 }
7098