1 /*- 2 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)tcp_output.c 8.4 (Berkeley) 5/24/95 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD$"); 34 35 #include "opt_inet.h" 36 #include "opt_inet6.h" 37 #include "opt_ipsec.h" 38 #include "opt_tcpdebug.h" 39 40 #include <sys/param.h> 41 #include <sys/systm.h> 42 #include <sys/domain.h> 43 #include <sys/hhook.h> 44 #include <sys/kernel.h> 45 #include <sys/lock.h> 46 #include <sys/mbuf.h> 47 #include <sys/mutex.h> 48 #include <sys/protosw.h> 49 #include <sys/sdt.h> 50 #include <sys/socket.h> 51 #include <sys/socketvar.h> 52 #include <sys/sysctl.h> 53 54 #include <net/if.h> 55 #include <net/route.h> 56 #include <net/vnet.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_kdtrace.h> 60 #include <netinet/in_systm.h> 61 #include <netinet/ip.h> 62 #include <netinet/in_pcb.h> 63 #include <netinet/ip_var.h> 64 #include <netinet/ip_options.h> 65 #ifdef INET6 66 #include <netinet6/in6_pcb.h> 67 #include <netinet/ip6.h> 68 #include <netinet6/ip6_var.h> 69 #endif 70 #ifdef TCP_RFC7413 71 #include <netinet/tcp_fastopen.h> 72 #endif 73 #include <netinet/tcp.h> 74 #define TCPOUTFLAGS 75 #include <netinet/tcp_fsm.h> 76 #include <netinet/tcp_seq.h> 77 #include <netinet/tcp_timer.h> 78 #include <netinet/tcp_var.h> 79 #include <netinet/tcpip.h> 80 #include <netinet/tcp_cc.h> 81 #ifdef TCPPCAP 82 #include <netinet/tcp_pcap.h> 83 #endif 84 #ifdef TCPDEBUG 85 #include <netinet/tcp_debug.h> 86 #endif 87 #ifdef TCP_OFFLOAD 88 #include <netinet/tcp_offload.h> 89 #endif 90 91 #ifdef IPSEC 92 #include <netipsec/ipsec.h> 93 #endif /*IPSEC*/ 94 95 #include <machine/in_cksum.h> 96 97 #include <security/mac/mac_framework.h> 98 99 VNET_DEFINE(int, path_mtu_discovery) = 1; 100 SYSCTL_INT(_net_inet_tcp, OID_AUTO, path_mtu_discovery, CTLFLAG_VNET | CTLFLAG_RW, 101 &VNET_NAME(path_mtu_discovery), 1, 102 "Enable Path MTU Discovery"); 103 104 VNET_DEFINE(int, tcp_do_tso) = 1; 105 #define V_tcp_do_tso VNET(tcp_do_tso) 106 SYSCTL_INT(_net_inet_tcp, OID_AUTO, tso, CTLFLAG_VNET | CTLFLAG_RW, 107 &VNET_NAME(tcp_do_tso), 0, 108 "Enable TCP Segmentation Offload"); 109 110 VNET_DEFINE(int, tcp_sendspace) = 1024*32; 111 #define V_tcp_sendspace VNET(tcp_sendspace) 112 SYSCTL_INT(_net_inet_tcp, TCPCTL_SENDSPACE, sendspace, CTLFLAG_VNET | CTLFLAG_RW, 113 &VNET_NAME(tcp_sendspace), 0, "Initial send socket buffer size"); 114 115 VNET_DEFINE(int, tcp_do_autosndbuf) = 1; 116 #define V_tcp_do_autosndbuf VNET(tcp_do_autosndbuf) 117 SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_auto, CTLFLAG_VNET | CTLFLAG_RW, 118 &VNET_NAME(tcp_do_autosndbuf), 0, 119 "Enable automatic send buffer sizing"); 120 121 VNET_DEFINE(int, tcp_autosndbuf_inc) = 8*1024; 122 #define V_tcp_autosndbuf_inc VNET(tcp_autosndbuf_inc) 123 SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_inc, CTLFLAG_VNET | CTLFLAG_RW, 124 &VNET_NAME(tcp_autosndbuf_inc), 0, 125 "Incrementor step size of automatic send buffer"); 126 127 VNET_DEFINE(int, tcp_autosndbuf_max) = 2*1024*1024; 128 #define V_tcp_autosndbuf_max VNET(tcp_autosndbuf_max) 129 SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_max, CTLFLAG_VNET | CTLFLAG_RW, 130 &VNET_NAME(tcp_autosndbuf_max), 0, 131 "Max size of automatic send buffer"); 132 133 static void inline hhook_run_tcp_est_out(struct tcpcb *tp, 134 struct tcphdr *th, struct tcpopt *to, 135 long len, int tso); 136 static void inline cc_after_idle(struct tcpcb *tp); 137 138 /* 139 * Wrapper for the TCP established output helper hook. 140 */ 141 static void inline 142 hhook_run_tcp_est_out(struct tcpcb *tp, struct tcphdr *th, 143 struct tcpopt *to, long len, int tso) 144 { 145 struct tcp_hhook_data hhook_data; 146 147 if (V_tcp_hhh[HHOOK_TCP_EST_OUT]->hhh_nhooks > 0) { 148 hhook_data.tp = tp; 149 hhook_data.th = th; 150 hhook_data.to = to; 151 hhook_data.len = len; 152 hhook_data.tso = tso; 153 154 hhook_run_hooks(V_tcp_hhh[HHOOK_TCP_EST_OUT], &hhook_data, 155 tp->osd); 156 } 157 } 158 159 /* 160 * CC wrapper hook functions 161 */ 162 static void inline 163 cc_after_idle(struct tcpcb *tp) 164 { 165 INP_WLOCK_ASSERT(tp->t_inpcb); 166 167 if (CC_ALGO(tp)->after_idle != NULL) 168 CC_ALGO(tp)->after_idle(tp->ccv); 169 } 170 171 /* 172 * Tcp output routine: figure out what should be sent and send it. 173 */ 174 int 175 tcp_output(struct tcpcb *tp) 176 { 177 struct socket *so = tp->t_inpcb->inp_socket; 178 long len, recwin, sendwin; 179 int off, flags, error = 0; /* Keep compiler happy */ 180 struct mbuf *m; 181 struct ip *ip = NULL; 182 struct ipovly *ipov = NULL; 183 struct tcphdr *th; 184 u_char opt[TCP_MAXOLEN]; 185 unsigned ipoptlen, optlen, hdrlen; 186 #ifdef IPSEC 187 unsigned ipsec_optlen = 0; 188 #endif 189 int idle, sendalot; 190 int sack_rxmit, sack_bytes_rxmt; 191 struct sackhole *p; 192 int tso, mtu; 193 struct tcpopt to; 194 #if 0 195 int maxburst = TCP_MAXBURST; 196 #endif 197 #ifdef INET6 198 struct ip6_hdr *ip6 = NULL; 199 int isipv6; 200 201 isipv6 = (tp->t_inpcb->inp_vflag & INP_IPV6) != 0; 202 #endif 203 204 INP_WLOCK_ASSERT(tp->t_inpcb); 205 206 #ifdef TCP_OFFLOAD 207 if (tp->t_flags & TF_TOE) 208 return (tcp_offload_output(tp)); 209 #endif 210 211 #ifdef TCP_RFC7413 212 /* 213 * For TFO connections in SYN_RECEIVED, only allow the initial 214 * SYN|ACK and those sent by the retransmit timer. 215 */ 216 if ((tp->t_flags & TF_FASTOPEN) && 217 (tp->t_state == TCPS_SYN_RECEIVED) && 218 SEQ_GT(tp->snd_max, tp->snd_una) && /* inital SYN|ACK sent */ 219 (tp->snd_nxt != tp->snd_una)) /* not a retransmit */ 220 return (0); 221 #endif 222 /* 223 * Determine length of data that should be transmitted, 224 * and flags that will be used. 225 * If there is some data or critical controls (SYN, RST) 226 * to send, then transmit; otherwise, investigate further. 227 */ 228 idle = (tp->t_flags & TF_LASTIDLE) || (tp->snd_max == tp->snd_una); 229 if (idle && ticks - tp->t_rcvtime >= tp->t_rxtcur) 230 cc_after_idle(tp); 231 tp->t_flags &= ~TF_LASTIDLE; 232 if (idle) { 233 if (tp->t_flags & TF_MORETOCOME) { 234 tp->t_flags |= TF_LASTIDLE; 235 idle = 0; 236 } 237 } 238 again: 239 /* 240 * If we've recently taken a timeout, snd_max will be greater than 241 * snd_nxt. There may be SACK information that allows us to avoid 242 * resending already delivered data. Adjust snd_nxt accordingly. 243 */ 244 if ((tp->t_flags & TF_SACK_PERMIT) && 245 SEQ_LT(tp->snd_nxt, tp->snd_max)) 246 tcp_sack_adjust(tp); 247 sendalot = 0; 248 tso = 0; 249 mtu = 0; 250 off = tp->snd_nxt - tp->snd_una; 251 sendwin = min(tp->snd_wnd, tp->snd_cwnd); 252 253 flags = tcp_outflags[tp->t_state]; 254 /* 255 * Send any SACK-generated retransmissions. If we're explicitly trying 256 * to send out new data (when sendalot is 1), bypass this function. 257 * If we retransmit in fast recovery mode, decrement snd_cwnd, since 258 * we're replacing a (future) new transmission with a retransmission 259 * now, and we previously incremented snd_cwnd in tcp_input(). 260 */ 261 /* 262 * Still in sack recovery , reset rxmit flag to zero. 263 */ 264 sack_rxmit = 0; 265 sack_bytes_rxmt = 0; 266 len = 0; 267 p = NULL; 268 if ((tp->t_flags & TF_SACK_PERMIT) && IN_FASTRECOVERY(tp->t_flags) && 269 (p = tcp_sack_output(tp, &sack_bytes_rxmt))) { 270 long cwin; 271 272 cwin = min(tp->snd_wnd, tp->snd_cwnd) - sack_bytes_rxmt; 273 if (cwin < 0) 274 cwin = 0; 275 /* Do not retransmit SACK segments beyond snd_recover */ 276 if (SEQ_GT(p->end, tp->snd_recover)) { 277 /* 278 * (At least) part of sack hole extends beyond 279 * snd_recover. Check to see if we can rexmit data 280 * for this hole. 281 */ 282 if (SEQ_GEQ(p->rxmit, tp->snd_recover)) { 283 /* 284 * Can't rexmit any more data for this hole. 285 * That data will be rexmitted in the next 286 * sack recovery episode, when snd_recover 287 * moves past p->rxmit. 288 */ 289 p = NULL; 290 goto after_sack_rexmit; 291 } else 292 /* Can rexmit part of the current hole */ 293 len = ((long)ulmin(cwin, 294 tp->snd_recover - p->rxmit)); 295 } else 296 len = ((long)ulmin(cwin, p->end - p->rxmit)); 297 off = p->rxmit - tp->snd_una; 298 KASSERT(off >= 0,("%s: sack block to the left of una : %d", 299 __func__, off)); 300 if (len > 0) { 301 sack_rxmit = 1; 302 sendalot = 1; 303 TCPSTAT_INC(tcps_sack_rexmits); 304 TCPSTAT_ADD(tcps_sack_rexmit_bytes, 305 min(len, tp->t_maxseg)); 306 } 307 } 308 after_sack_rexmit: 309 /* 310 * Get standard flags, and add SYN or FIN if requested by 'hidden' 311 * state flags. 312 */ 313 if (tp->t_flags & TF_NEEDFIN) 314 flags |= TH_FIN; 315 if (tp->t_flags & TF_NEEDSYN) 316 flags |= TH_SYN; 317 318 SOCKBUF_LOCK(&so->so_snd); 319 /* 320 * If in persist timeout with window of 0, send 1 byte. 321 * Otherwise, if window is small but nonzero 322 * and timer expired, we will send what we can 323 * and go to transmit state. 324 */ 325 if (tp->t_flags & TF_FORCEDATA) { 326 if (sendwin == 0) { 327 /* 328 * If we still have some data to send, then 329 * clear the FIN bit. Usually this would 330 * happen below when it realizes that we 331 * aren't sending all the data. However, 332 * if we have exactly 1 byte of unsent data, 333 * then it won't clear the FIN bit below, 334 * and if we are in persist state, we wind 335 * up sending the packet without recording 336 * that we sent the FIN bit. 337 * 338 * We can't just blindly clear the FIN bit, 339 * because if we don't have any more data 340 * to send then the probe will be the FIN 341 * itself. 342 */ 343 if (off < sbused(&so->so_snd)) 344 flags &= ~TH_FIN; 345 sendwin = 1; 346 } else { 347 tcp_timer_activate(tp, TT_PERSIST, 0); 348 tp->t_rxtshift = 0; 349 } 350 } 351 352 /* 353 * If snd_nxt == snd_max and we have transmitted a FIN, the 354 * offset will be > 0 even if so_snd.sb_cc is 0, resulting in 355 * a negative length. This can also occur when TCP opens up 356 * its congestion window while receiving additional duplicate 357 * acks after fast-retransmit because TCP will reset snd_nxt 358 * to snd_max after the fast-retransmit. 359 * 360 * In the normal retransmit-FIN-only case, however, snd_nxt will 361 * be set to snd_una, the offset will be 0, and the length may 362 * wind up 0. 363 * 364 * If sack_rxmit is true we are retransmitting from the scoreboard 365 * in which case len is already set. 366 */ 367 if (sack_rxmit == 0) { 368 if (sack_bytes_rxmt == 0) 369 len = ((long)ulmin(sbavail(&so->so_snd), sendwin) - 370 off); 371 else { 372 long cwin; 373 374 /* 375 * We are inside of a SACK recovery episode and are 376 * sending new data, having retransmitted all the 377 * data possible in the scoreboard. 378 */ 379 len = ((long)ulmin(sbavail(&so->so_snd), tp->snd_wnd) - 380 off); 381 /* 382 * Don't remove this (len > 0) check ! 383 * We explicitly check for len > 0 here (although it 384 * isn't really necessary), to work around a gcc 385 * optimization issue - to force gcc to compute 386 * len above. Without this check, the computation 387 * of len is bungled by the optimizer. 388 */ 389 if (len > 0) { 390 cwin = tp->snd_cwnd - 391 (tp->snd_nxt - tp->sack_newdata) - 392 sack_bytes_rxmt; 393 if (cwin < 0) 394 cwin = 0; 395 len = lmin(len, cwin); 396 } 397 } 398 } 399 400 /* 401 * Lop off SYN bit if it has already been sent. However, if this 402 * is SYN-SENT state and if segment contains data and if we don't 403 * know that foreign host supports TAO, suppress sending segment. 404 */ 405 if ((flags & TH_SYN) && SEQ_GT(tp->snd_nxt, tp->snd_una)) { 406 if (tp->t_state != TCPS_SYN_RECEIVED) 407 flags &= ~TH_SYN; 408 #ifdef TCP_RFC7413 409 /* 410 * When sending additional segments following a TFO SYN|ACK, 411 * do not include the SYN bit. 412 */ 413 if ((tp->t_flags & TF_FASTOPEN) && 414 (tp->t_state == TCPS_SYN_RECEIVED)) 415 flags &= ~TH_SYN; 416 #endif 417 off--, len++; 418 } 419 420 /* 421 * Be careful not to send data and/or FIN on SYN segments. 422 * This measure is needed to prevent interoperability problems 423 * with not fully conformant TCP implementations. 424 */ 425 if ((flags & TH_SYN) && (tp->t_flags & TF_NOOPT)) { 426 len = 0; 427 flags &= ~TH_FIN; 428 } 429 430 #ifdef TCP_RFC7413 431 /* 432 * When retransmitting SYN|ACK on a passively-created TFO socket, 433 * don't include data, as the presence of data may have caused the 434 * original SYN|ACK to have been dropped by a middlebox. 435 */ 436 if ((tp->t_flags & TF_FASTOPEN) && 437 (((tp->t_state == TCPS_SYN_RECEIVED) && (tp->t_rxtshift > 0)) || 438 (flags & TH_RST))) 439 len = 0; 440 #endif 441 if (len <= 0) { 442 /* 443 * If FIN has been sent but not acked, 444 * but we haven't been called to retransmit, 445 * len will be < 0. Otherwise, window shrank 446 * after we sent into it. If window shrank to 0, 447 * cancel pending retransmit, pull snd_nxt back 448 * to (closed) window, and set the persist timer 449 * if it isn't already going. If the window didn't 450 * close completely, just wait for an ACK. 451 * 452 * We also do a general check here to ensure that 453 * we will set the persist timer when we have data 454 * to send, but a 0-byte window. This makes sure 455 * the persist timer is set even if the packet 456 * hits one of the "goto send" lines below. 457 */ 458 len = 0; 459 if ((sendwin == 0) && (TCPS_HAVEESTABLISHED(tp->t_state)) && 460 (off < (int) sbavail(&so->so_snd))) { 461 tcp_timer_activate(tp, TT_REXMT, 0); 462 tp->t_rxtshift = 0; 463 tp->snd_nxt = tp->snd_una; 464 if (!tcp_timer_active(tp, TT_PERSIST)) 465 tcp_setpersist(tp); 466 } 467 } 468 469 /* len will be >= 0 after this point. */ 470 KASSERT(len >= 0, ("[%s:%d]: len < 0", __func__, __LINE__)); 471 472 /* 473 * Automatic sizing of send socket buffer. Often the send buffer 474 * size is not optimally adjusted to the actual network conditions 475 * at hand (delay bandwidth product). Setting the buffer size too 476 * small limits throughput on links with high bandwidth and high 477 * delay (eg. trans-continental/oceanic links). Setting the 478 * buffer size too big consumes too much real kernel memory, 479 * especially with many connections on busy servers. 480 * 481 * The criteria to step up the send buffer one notch are: 482 * 1. receive window of remote host is larger than send buffer 483 * (with a fudge factor of 5/4th); 484 * 2. send buffer is filled to 7/8th with data (so we actually 485 * have data to make use of it); 486 * 3. send buffer fill has not hit maximal automatic size; 487 * 4. our send window (slow start and cogestion controlled) is 488 * larger than sent but unacknowledged data in send buffer. 489 * 490 * The remote host receive window scaling factor may limit the 491 * growing of the send buffer before it reaches its allowed 492 * maximum. 493 * 494 * It scales directly with slow start or congestion window 495 * and does at most one step per received ACK. This fast 496 * scaling has the drawback of growing the send buffer beyond 497 * what is strictly necessary to make full use of a given 498 * delay*bandwith product. However testing has shown this not 499 * to be much of an problem. At worst we are trading wasting 500 * of available bandwith (the non-use of it) for wasting some 501 * socket buffer memory. 502 * 503 * TODO: Shrink send buffer during idle periods together 504 * with congestion window. Requires another timer. Has to 505 * wait for upcoming tcp timer rewrite. 506 * 507 * XXXGL: should there be used sbused() or sbavail()? 508 */ 509 if (V_tcp_do_autosndbuf && so->so_snd.sb_flags & SB_AUTOSIZE) { 510 if ((tp->snd_wnd / 4 * 5) >= so->so_snd.sb_hiwat && 511 sbused(&so->so_snd) >= (so->so_snd.sb_hiwat / 8 * 7) && 512 sbused(&so->so_snd) < V_tcp_autosndbuf_max && 513 sendwin >= (sbused(&so->so_snd) - 514 (tp->snd_nxt - tp->snd_una))) { 515 if (!sbreserve_locked(&so->so_snd, 516 min(so->so_snd.sb_hiwat + V_tcp_autosndbuf_inc, 517 V_tcp_autosndbuf_max), so, curthread)) 518 so->so_snd.sb_flags &= ~SB_AUTOSIZE; 519 } 520 } 521 522 /* 523 * Decide if we can use TCP Segmentation Offloading (if supported by 524 * hardware). 525 * 526 * TSO may only be used if we are in a pure bulk sending state. The 527 * presence of TCP-MD5, SACK retransmits, SACK advertizements and 528 * IP options prevent using TSO. With TSO the TCP header is the same 529 * (except for the sequence number) for all generated packets. This 530 * makes it impossible to transmit any options which vary per generated 531 * segment or packet. 532 */ 533 #ifdef IPSEC 534 /* 535 * Pre-calculate here as we save another lookup into the darknesses 536 * of IPsec that way and can actually decide if TSO is ok. 537 */ 538 ipsec_optlen = ipsec_hdrsiz_tcp(tp); 539 #endif 540 if ((tp->t_flags & TF_TSO) && V_tcp_do_tso && len > tp->t_maxseg && 541 ((tp->t_flags & TF_SIGNATURE) == 0) && 542 tp->rcv_numsacks == 0 && sack_rxmit == 0 && 543 #ifdef IPSEC 544 ipsec_optlen == 0 && 545 #endif 546 tp->t_inpcb->inp_options == NULL && 547 tp->t_inpcb->in6p_options == NULL) 548 tso = 1; 549 550 if (sack_rxmit) { 551 if (SEQ_LT(p->rxmit + len, tp->snd_una + sbused(&so->so_snd))) 552 flags &= ~TH_FIN; 553 } else { 554 if (SEQ_LT(tp->snd_nxt + len, tp->snd_una + 555 sbused(&so->so_snd))) 556 flags &= ~TH_FIN; 557 } 558 559 recwin = sbspace(&so->so_rcv); 560 561 /* 562 * Sender silly window avoidance. We transmit under the following 563 * conditions when len is non-zero: 564 * 565 * - We have a full segment (or more with TSO) 566 * - This is the last buffer in a write()/send() and we are 567 * either idle or running NODELAY 568 * - we've timed out (e.g. persist timer) 569 * - we have more then 1/2 the maximum send window's worth of 570 * data (receiver may be limited the window size) 571 * - we need to retransmit 572 */ 573 if (len) { 574 if (len >= tp->t_maxseg) 575 goto send; 576 /* 577 * NOTE! on localhost connections an 'ack' from the remote 578 * end may occur synchronously with the output and cause 579 * us to flush a buffer queued with moretocome. XXX 580 * 581 * note: the len + off check is almost certainly unnecessary. 582 */ 583 if (!(tp->t_flags & TF_MORETOCOME) && /* normal case */ 584 (idle || (tp->t_flags & TF_NODELAY)) && 585 len + off >= sbavail(&so->so_snd) && 586 (tp->t_flags & TF_NOPUSH) == 0) { 587 goto send; 588 } 589 if (tp->t_flags & TF_FORCEDATA) /* typ. timeout case */ 590 goto send; 591 if (len >= tp->max_sndwnd / 2 && tp->max_sndwnd > 0) 592 goto send; 593 if (SEQ_LT(tp->snd_nxt, tp->snd_max)) /* retransmit case */ 594 goto send; 595 if (sack_rxmit) 596 goto send; 597 } 598 599 /* 600 * Sending of standalone window updates. 601 * 602 * Window updates are important when we close our window due to a 603 * full socket buffer and are opening it again after the application 604 * reads data from it. Once the window has opened again and the 605 * remote end starts to send again the ACK clock takes over and 606 * provides the most current window information. 607 * 608 * We must avoid the silly window syndrome whereas every read 609 * from the receive buffer, no matter how small, causes a window 610 * update to be sent. We also should avoid sending a flurry of 611 * window updates when the socket buffer had queued a lot of data 612 * and the application is doing small reads. 613 * 614 * Prevent a flurry of pointless window updates by only sending 615 * an update when we can increase the advertized window by more 616 * than 1/4th of the socket buffer capacity. When the buffer is 617 * getting full or is very small be more aggressive and send an 618 * update whenever we can increase by two mss sized segments. 619 * In all other situations the ACK's to new incoming data will 620 * carry further window increases. 621 * 622 * Don't send an independent window update if a delayed 623 * ACK is pending (it will get piggy-backed on it) or the 624 * remote side already has done a half-close and won't send 625 * more data. Skip this if the connection is in T/TCP 626 * half-open state. 627 */ 628 if (recwin > 0 && !(tp->t_flags & TF_NEEDSYN) && 629 !(tp->t_flags & TF_DELACK) && 630 !TCPS_HAVERCVDFIN(tp->t_state)) { 631 /* 632 * "adv" is the amount we could increase the window, 633 * taking into account that we are limited by 634 * TCP_MAXWIN << tp->rcv_scale. 635 */ 636 long adv; 637 int oldwin; 638 639 adv = min(recwin, (long)TCP_MAXWIN << tp->rcv_scale); 640 if (SEQ_GT(tp->rcv_adv, tp->rcv_nxt)) { 641 oldwin = (tp->rcv_adv - tp->rcv_nxt); 642 adv -= oldwin; 643 } else 644 oldwin = 0; 645 646 /* 647 * If the new window size ends up being the same as the old 648 * size when it is scaled, then don't force a window update. 649 */ 650 if (oldwin >> tp->rcv_scale == (adv + oldwin) >> tp->rcv_scale) 651 goto dontupdate; 652 653 if (adv >= (long)(2 * tp->t_maxseg) && 654 (adv >= (long)(so->so_rcv.sb_hiwat / 4) || 655 recwin <= (long)(so->so_rcv.sb_hiwat / 8) || 656 so->so_rcv.sb_hiwat <= 8 * tp->t_maxseg)) 657 goto send; 658 } 659 dontupdate: 660 661 /* 662 * Send if we owe the peer an ACK, RST, SYN, or urgent data. ACKNOW 663 * is also a catch-all for the retransmit timer timeout case. 664 */ 665 if (tp->t_flags & TF_ACKNOW) 666 goto send; 667 if ((flags & TH_RST) || 668 ((flags & TH_SYN) && (tp->t_flags & TF_NEEDSYN) == 0)) 669 goto send; 670 if (SEQ_GT(tp->snd_up, tp->snd_una)) 671 goto send; 672 /* 673 * If our state indicates that FIN should be sent 674 * and we have not yet done so, then we need to send. 675 */ 676 if (flags & TH_FIN && 677 ((tp->t_flags & TF_SENTFIN) == 0 || tp->snd_nxt == tp->snd_una)) 678 goto send; 679 /* 680 * In SACK, it is possible for tcp_output to fail to send a segment 681 * after the retransmission timer has been turned off. Make sure 682 * that the retransmission timer is set. 683 */ 684 if ((tp->t_flags & TF_SACK_PERMIT) && 685 SEQ_GT(tp->snd_max, tp->snd_una) && 686 !tcp_timer_active(tp, TT_REXMT) && 687 !tcp_timer_active(tp, TT_PERSIST)) { 688 tcp_timer_activate(tp, TT_REXMT, tp->t_rxtcur); 689 goto just_return; 690 } 691 /* 692 * TCP window updates are not reliable, rather a polling protocol 693 * using ``persist'' packets is used to insure receipt of window 694 * updates. The three ``states'' for the output side are: 695 * idle not doing retransmits or persists 696 * persisting to move a small or zero window 697 * (re)transmitting and thereby not persisting 698 * 699 * tcp_timer_active(tp, TT_PERSIST) 700 * is true when we are in persist state. 701 * (tp->t_flags & TF_FORCEDATA) 702 * is set when we are called to send a persist packet. 703 * tcp_timer_active(tp, TT_REXMT) 704 * is set when we are retransmitting 705 * The output side is idle when both timers are zero. 706 * 707 * If send window is too small, there is data to transmit, and no 708 * retransmit or persist is pending, then go to persist state. 709 * If nothing happens soon, send when timer expires: 710 * if window is nonzero, transmit what we can, 711 * otherwise force out a byte. 712 */ 713 if (sbavail(&so->so_snd) && !tcp_timer_active(tp, TT_REXMT) && 714 !tcp_timer_active(tp, TT_PERSIST)) { 715 tp->t_rxtshift = 0; 716 tcp_setpersist(tp); 717 } 718 719 /* 720 * No reason to send a segment, just return. 721 */ 722 just_return: 723 SOCKBUF_UNLOCK(&so->so_snd); 724 return (0); 725 726 send: 727 SOCKBUF_LOCK_ASSERT(&so->so_snd); 728 if (len > 0) { 729 if (len >= tp->t_maxseg) 730 tp->t_flags2 |= TF2_PLPMTU_MAXSEGSNT; 731 else 732 tp->t_flags2 &= ~TF2_PLPMTU_MAXSEGSNT; 733 } 734 /* 735 * Before ESTABLISHED, force sending of initial options 736 * unless TCP set not to do any options. 737 * NOTE: we assume that the IP/TCP header plus TCP options 738 * always fit in a single mbuf, leaving room for a maximum 739 * link header, i.e. 740 * max_linkhdr + sizeof (struct tcpiphdr) + optlen <= MCLBYTES 741 */ 742 optlen = 0; 743 #ifdef INET6 744 if (isipv6) 745 hdrlen = sizeof (struct ip6_hdr) + sizeof (struct tcphdr); 746 else 747 #endif 748 hdrlen = sizeof (struct tcpiphdr); 749 750 /* 751 * Compute options for segment. 752 * We only have to care about SYN and established connection 753 * segments. Options for SYN-ACK segments are handled in TCP 754 * syncache. 755 */ 756 to.to_flags = 0; 757 if ((tp->t_flags & TF_NOOPT) == 0) { 758 /* Maximum segment size. */ 759 if (flags & TH_SYN) { 760 tp->snd_nxt = tp->iss; 761 to.to_mss = tcp_mssopt(&tp->t_inpcb->inp_inc); 762 to.to_flags |= TOF_MSS; 763 #ifdef TCP_RFC7413 764 /* 765 * Only include the TFO option on the first 766 * transmission of the SYN|ACK on a 767 * passively-created TFO socket, as the presence of 768 * the TFO option may have caused the original 769 * SYN|ACK to have been dropped by a middlebox. 770 */ 771 if ((tp->t_flags & TF_FASTOPEN) && 772 (tp->t_state == TCPS_SYN_RECEIVED) && 773 (tp->t_rxtshift == 0)) { 774 to.to_tfo_len = TCP_FASTOPEN_COOKIE_LEN; 775 to.to_tfo_cookie = (u_char *)&tp->t_tfo_cookie; 776 to.to_flags |= TOF_FASTOPEN; 777 } 778 #endif 779 } 780 /* Window scaling. */ 781 if ((flags & TH_SYN) && (tp->t_flags & TF_REQ_SCALE)) { 782 to.to_wscale = tp->request_r_scale; 783 to.to_flags |= TOF_SCALE; 784 } 785 /* Timestamps. */ 786 if ((tp->t_flags & TF_RCVD_TSTMP) || 787 ((flags & TH_SYN) && (tp->t_flags & TF_REQ_TSTMP))) { 788 to.to_tsval = tcp_ts_getticks() + tp->ts_offset; 789 to.to_tsecr = tp->ts_recent; 790 to.to_flags |= TOF_TS; 791 /* Set receive buffer autosizing timestamp. */ 792 if (tp->rfbuf_ts == 0 && 793 (so->so_rcv.sb_flags & SB_AUTOSIZE)) 794 tp->rfbuf_ts = tcp_ts_getticks(); 795 } 796 /* Selective ACK's. */ 797 if (tp->t_flags & TF_SACK_PERMIT) { 798 if (flags & TH_SYN) 799 to.to_flags |= TOF_SACKPERM; 800 else if (TCPS_HAVEESTABLISHED(tp->t_state) && 801 (tp->t_flags & TF_SACK_PERMIT) && 802 tp->rcv_numsacks > 0) { 803 to.to_flags |= TOF_SACK; 804 to.to_nsacks = tp->rcv_numsacks; 805 to.to_sacks = (u_char *)tp->sackblks; 806 } 807 } 808 #ifdef TCP_SIGNATURE 809 /* TCP-MD5 (RFC2385). */ 810 if (tp->t_flags & TF_SIGNATURE) 811 to.to_flags |= TOF_SIGNATURE; 812 #endif /* TCP_SIGNATURE */ 813 814 /* Processing the options. */ 815 hdrlen += optlen = tcp_addoptions(&to, opt); 816 } 817 818 #ifdef INET6 819 if (isipv6) 820 ipoptlen = ip6_optlen(tp->t_inpcb); 821 else 822 #endif 823 if (tp->t_inpcb->inp_options) 824 ipoptlen = tp->t_inpcb->inp_options->m_len - 825 offsetof(struct ipoption, ipopt_list); 826 else 827 ipoptlen = 0; 828 #ifdef IPSEC 829 ipoptlen += ipsec_optlen; 830 #endif 831 832 /* 833 * Adjust data length if insertion of options will 834 * bump the packet length beyond the t_maxseg length. 835 * Clear the FIN bit because we cut off the tail of 836 * the segment. 837 */ 838 if (len + optlen + ipoptlen > tp->t_maxseg) { 839 flags &= ~TH_FIN; 840 841 if (tso) { 842 u_int if_hw_tsomax; 843 u_int if_hw_tsomaxsegcount; 844 u_int if_hw_tsomaxsegsize; 845 struct mbuf *mb; 846 u_int moff; 847 int max_len; 848 849 /* extract TSO information */ 850 if_hw_tsomax = tp->t_tsomax; 851 if_hw_tsomaxsegcount = tp->t_tsomaxsegcount; 852 if_hw_tsomaxsegsize = tp->t_tsomaxsegsize; 853 854 /* 855 * Limit a TSO burst to prevent it from 856 * overflowing or exceeding the maximum length 857 * allowed by the network interface: 858 */ 859 KASSERT(ipoptlen == 0, 860 ("%s: TSO can't do IP options", __func__)); 861 862 /* 863 * Check if we should limit by maximum payload 864 * length: 865 */ 866 if (if_hw_tsomax != 0) { 867 /* compute maximum TSO length */ 868 max_len = (if_hw_tsomax - hdrlen - 869 max_linkhdr); 870 if (max_len <= 0) { 871 len = 0; 872 } else if (len > max_len) { 873 sendalot = 1; 874 len = max_len; 875 } 876 } 877 878 /* 879 * Check if we should limit by maximum segment 880 * size and count: 881 */ 882 if (if_hw_tsomaxsegcount != 0 && 883 if_hw_tsomaxsegsize != 0) { 884 /* 885 * Subtract one segment for the LINK 886 * and TCP/IP headers mbuf that will 887 * be prepended to this mbuf chain 888 * after the code in this section 889 * limits the number of mbufs in the 890 * chain to if_hw_tsomaxsegcount. 891 */ 892 if_hw_tsomaxsegcount -= 1; 893 max_len = 0; 894 mb = sbsndmbuf(&so->so_snd, off, &moff); 895 896 while (mb != NULL && max_len < len) { 897 u_int mlen; 898 u_int frags; 899 900 /* 901 * Get length of mbuf fragment 902 * and how many hardware frags, 903 * rounded up, it would use: 904 */ 905 mlen = (mb->m_len - moff); 906 frags = howmany(mlen, 907 if_hw_tsomaxsegsize); 908 909 /* Handle special case: Zero Length Mbuf */ 910 if (frags == 0) 911 frags = 1; 912 913 /* 914 * Check if the fragment limit 915 * will be reached or exceeded: 916 */ 917 if (frags >= if_hw_tsomaxsegcount) { 918 max_len += min(mlen, 919 if_hw_tsomaxsegcount * 920 if_hw_tsomaxsegsize); 921 break; 922 } 923 max_len += mlen; 924 if_hw_tsomaxsegcount -= frags; 925 moff = 0; 926 mb = mb->m_next; 927 } 928 if (max_len <= 0) { 929 len = 0; 930 } else if (len > max_len) { 931 sendalot = 1; 932 len = max_len; 933 } 934 } 935 936 /* 937 * Prevent the last segment from being 938 * fractional unless the send sockbuf can be 939 * emptied: 940 */ 941 max_len = (tp->t_maxseg - optlen); 942 if ((off + len) < sbavail(&so->so_snd)) { 943 moff = len % max_len; 944 if (moff != 0) { 945 len -= moff; 946 sendalot = 1; 947 } 948 } 949 950 /* 951 * In case there are too many small fragments 952 * don't use TSO: 953 */ 954 if (len <= max_len) { 955 len = max_len; 956 sendalot = 1; 957 tso = 0; 958 } 959 960 /* 961 * Send the FIN in a separate segment 962 * after the bulk sending is done. 963 * We don't trust the TSO implementations 964 * to clear the FIN flag on all but the 965 * last segment. 966 */ 967 if (tp->t_flags & TF_NEEDFIN) 968 sendalot = 1; 969 970 } else { 971 len = tp->t_maxseg - optlen - ipoptlen; 972 sendalot = 1; 973 } 974 } else 975 tso = 0; 976 977 KASSERT(len + hdrlen + ipoptlen <= IP_MAXPACKET, 978 ("%s: len > IP_MAXPACKET", __func__)); 979 980 /*#ifdef DIAGNOSTIC*/ 981 #ifdef INET6 982 if (max_linkhdr + hdrlen > MCLBYTES) 983 #else 984 if (max_linkhdr + hdrlen > MHLEN) 985 #endif 986 panic("tcphdr too big"); 987 /*#endif*/ 988 989 /* 990 * This KASSERT is here to catch edge cases at a well defined place. 991 * Before, those had triggered (random) panic conditions further down. 992 */ 993 KASSERT(len >= 0, ("[%s:%d]: len < 0", __func__, __LINE__)); 994 995 /* 996 * Grab a header mbuf, attaching a copy of data to 997 * be transmitted, and initialize the header from 998 * the template for sends on this connection. 999 */ 1000 if (len) { 1001 struct mbuf *mb; 1002 u_int moff; 1003 1004 if ((tp->t_flags & TF_FORCEDATA) && len == 1) 1005 TCPSTAT_INC(tcps_sndprobe); 1006 else if (SEQ_LT(tp->snd_nxt, tp->snd_max) || sack_rxmit) { 1007 tp->t_sndrexmitpack++; 1008 TCPSTAT_INC(tcps_sndrexmitpack); 1009 TCPSTAT_ADD(tcps_sndrexmitbyte, len); 1010 } else { 1011 TCPSTAT_INC(tcps_sndpack); 1012 TCPSTAT_ADD(tcps_sndbyte, len); 1013 } 1014 #ifdef INET6 1015 if (MHLEN < hdrlen + max_linkhdr) 1016 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 1017 else 1018 #endif 1019 m = m_gethdr(M_NOWAIT, MT_DATA); 1020 1021 if (m == NULL) { 1022 SOCKBUF_UNLOCK(&so->so_snd); 1023 error = ENOBUFS; 1024 sack_rxmit = 0; 1025 goto out; 1026 } 1027 1028 m->m_data += max_linkhdr; 1029 m->m_len = hdrlen; 1030 1031 /* 1032 * Start the m_copy functions from the closest mbuf 1033 * to the offset in the socket buffer chain. 1034 */ 1035 mb = sbsndptr(&so->so_snd, off, len, &moff); 1036 1037 if (len <= MHLEN - hdrlen - max_linkhdr) { 1038 m_copydata(mb, moff, (int)len, 1039 mtod(m, caddr_t) + hdrlen); 1040 m->m_len += len; 1041 } else { 1042 m->m_next = m_copy(mb, moff, (int)len); 1043 if (m->m_next == NULL) { 1044 SOCKBUF_UNLOCK(&so->so_snd); 1045 (void) m_free(m); 1046 error = ENOBUFS; 1047 sack_rxmit = 0; 1048 goto out; 1049 } 1050 } 1051 1052 /* 1053 * If we're sending everything we've got, set PUSH. 1054 * (This will keep happy those implementations which only 1055 * give data to the user when a buffer fills or 1056 * a PUSH comes in.) 1057 */ 1058 if ((off + len == sbused(&so->so_snd)) && !(flags & TH_SYN)) 1059 flags |= TH_PUSH; 1060 SOCKBUF_UNLOCK(&so->so_snd); 1061 } else { 1062 SOCKBUF_UNLOCK(&so->so_snd); 1063 if (tp->t_flags & TF_ACKNOW) 1064 TCPSTAT_INC(tcps_sndacks); 1065 else if (flags & (TH_SYN|TH_FIN|TH_RST)) 1066 TCPSTAT_INC(tcps_sndctrl); 1067 else if (SEQ_GT(tp->snd_up, tp->snd_una)) 1068 TCPSTAT_INC(tcps_sndurg); 1069 else 1070 TCPSTAT_INC(tcps_sndwinup); 1071 1072 m = m_gethdr(M_NOWAIT, MT_DATA); 1073 if (m == NULL) { 1074 error = ENOBUFS; 1075 sack_rxmit = 0; 1076 goto out; 1077 } 1078 #ifdef INET6 1079 if (isipv6 && (MHLEN < hdrlen + max_linkhdr) && 1080 MHLEN >= hdrlen) { 1081 M_ALIGN(m, hdrlen); 1082 } else 1083 #endif 1084 m->m_data += max_linkhdr; 1085 m->m_len = hdrlen; 1086 } 1087 SOCKBUF_UNLOCK_ASSERT(&so->so_snd); 1088 m->m_pkthdr.rcvif = (struct ifnet *)0; 1089 #ifdef MAC 1090 mac_inpcb_create_mbuf(tp->t_inpcb, m); 1091 #endif 1092 #ifdef INET6 1093 if (isipv6) { 1094 ip6 = mtod(m, struct ip6_hdr *); 1095 th = (struct tcphdr *)(ip6 + 1); 1096 tcpip_fillheaders(tp->t_inpcb, ip6, th); 1097 } else 1098 #endif /* INET6 */ 1099 { 1100 ip = mtod(m, struct ip *); 1101 ipov = (struct ipovly *)ip; 1102 th = (struct tcphdr *)(ip + 1); 1103 tcpip_fillheaders(tp->t_inpcb, ip, th); 1104 } 1105 1106 /* 1107 * Fill in fields, remembering maximum advertised 1108 * window for use in delaying messages about window sizes. 1109 * If resending a FIN, be sure not to use a new sequence number. 1110 */ 1111 if (flags & TH_FIN && tp->t_flags & TF_SENTFIN && 1112 tp->snd_nxt == tp->snd_max) 1113 tp->snd_nxt--; 1114 /* 1115 * If we are starting a connection, send ECN setup 1116 * SYN packet. If we are on a retransmit, we may 1117 * resend those bits a number of times as per 1118 * RFC 3168. 1119 */ 1120 if (tp->t_state == TCPS_SYN_SENT && V_tcp_do_ecn) { 1121 if (tp->t_rxtshift >= 1) { 1122 if (tp->t_rxtshift <= V_tcp_ecn_maxretries) 1123 flags |= TH_ECE|TH_CWR; 1124 } else 1125 flags |= TH_ECE|TH_CWR; 1126 } 1127 1128 if (tp->t_state == TCPS_ESTABLISHED && 1129 (tp->t_flags & TF_ECN_PERMIT)) { 1130 /* 1131 * If the peer has ECN, mark data packets with 1132 * ECN capable transmission (ECT). 1133 * Ignore pure ack packets, retransmissions and window probes. 1134 */ 1135 if (len > 0 && SEQ_GEQ(tp->snd_nxt, tp->snd_max) && 1136 !((tp->t_flags & TF_FORCEDATA) && len == 1)) { 1137 #ifdef INET6 1138 if (isipv6) 1139 ip6->ip6_flow |= htonl(IPTOS_ECN_ECT0 << 20); 1140 else 1141 #endif 1142 ip->ip_tos |= IPTOS_ECN_ECT0; 1143 TCPSTAT_INC(tcps_ecn_ect0); 1144 } 1145 1146 /* 1147 * Reply with proper ECN notifications. 1148 */ 1149 if (tp->t_flags & TF_ECN_SND_CWR) { 1150 flags |= TH_CWR; 1151 tp->t_flags &= ~TF_ECN_SND_CWR; 1152 } 1153 if (tp->t_flags & TF_ECN_SND_ECE) 1154 flags |= TH_ECE; 1155 } 1156 1157 /* 1158 * If we are doing retransmissions, then snd_nxt will 1159 * not reflect the first unsent octet. For ACK only 1160 * packets, we do not want the sequence number of the 1161 * retransmitted packet, we want the sequence number 1162 * of the next unsent octet. So, if there is no data 1163 * (and no SYN or FIN), use snd_max instead of snd_nxt 1164 * when filling in ti_seq. But if we are in persist 1165 * state, snd_max might reflect one byte beyond the 1166 * right edge of the window, so use snd_nxt in that 1167 * case, since we know we aren't doing a retransmission. 1168 * (retransmit and persist are mutually exclusive...) 1169 */ 1170 if (sack_rxmit == 0) { 1171 if (len || (flags & (TH_SYN|TH_FIN)) || 1172 tcp_timer_active(tp, TT_PERSIST)) 1173 th->th_seq = htonl(tp->snd_nxt); 1174 else 1175 th->th_seq = htonl(tp->snd_max); 1176 } else { 1177 th->th_seq = htonl(p->rxmit); 1178 p->rxmit += len; 1179 tp->sackhint.sack_bytes_rexmit += len; 1180 } 1181 th->th_ack = htonl(tp->rcv_nxt); 1182 if (optlen) { 1183 bcopy(opt, th + 1, optlen); 1184 th->th_off = (sizeof (struct tcphdr) + optlen) >> 2; 1185 } 1186 th->th_flags = flags; 1187 /* 1188 * Calculate receive window. Don't shrink window, 1189 * but avoid silly window syndrome. 1190 */ 1191 if (recwin < (long)(so->so_rcv.sb_hiwat / 4) && 1192 recwin < (long)tp->t_maxseg) 1193 recwin = 0; 1194 if (SEQ_GT(tp->rcv_adv, tp->rcv_nxt) && 1195 recwin < (long)(tp->rcv_adv - tp->rcv_nxt)) 1196 recwin = (long)(tp->rcv_adv - tp->rcv_nxt); 1197 if (recwin > (long)TCP_MAXWIN << tp->rcv_scale) 1198 recwin = (long)TCP_MAXWIN << tp->rcv_scale; 1199 1200 /* 1201 * According to RFC1323 the window field in a SYN (i.e., a <SYN> 1202 * or <SYN,ACK>) segment itself is never scaled. The <SYN,ACK> 1203 * case is handled in syncache. 1204 */ 1205 if (flags & TH_SYN) 1206 th->th_win = htons((u_short) 1207 (min(sbspace(&so->so_rcv), TCP_MAXWIN))); 1208 else 1209 th->th_win = htons((u_short)(recwin >> tp->rcv_scale)); 1210 1211 /* 1212 * Adjust the RXWIN0SENT flag - indicate that we have advertised 1213 * a 0 window. This may cause the remote transmitter to stall. This 1214 * flag tells soreceive() to disable delayed acknowledgements when 1215 * draining the buffer. This can occur if the receiver is attempting 1216 * to read more data than can be buffered prior to transmitting on 1217 * the connection. 1218 */ 1219 if (th->th_win == 0) { 1220 tp->t_sndzerowin++; 1221 tp->t_flags |= TF_RXWIN0SENT; 1222 } else 1223 tp->t_flags &= ~TF_RXWIN0SENT; 1224 if (SEQ_GT(tp->snd_up, tp->snd_nxt)) { 1225 th->th_urp = htons((u_short)(tp->snd_up - tp->snd_nxt)); 1226 th->th_flags |= TH_URG; 1227 } else 1228 /* 1229 * If no urgent pointer to send, then we pull 1230 * the urgent pointer to the left edge of the send window 1231 * so that it doesn't drift into the send window on sequence 1232 * number wraparound. 1233 */ 1234 tp->snd_up = tp->snd_una; /* drag it along */ 1235 1236 #ifdef TCP_SIGNATURE 1237 if (to.to_flags & TOF_SIGNATURE) { 1238 int sigoff = to.to_signature - opt; 1239 tcp_signature_compute(m, 0, len, optlen, 1240 (u_char *)(th + 1) + sigoff, IPSEC_DIR_OUTBOUND); 1241 } 1242 #endif 1243 1244 /* 1245 * Put TCP length in extended header, and then 1246 * checksum extended header and data. 1247 */ 1248 m->m_pkthdr.len = hdrlen + len; /* in6_cksum() need this */ 1249 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); 1250 #ifdef INET6 1251 if (isipv6) { 1252 /* 1253 * ip6_plen is not need to be filled now, and will be filled 1254 * in ip6_output. 1255 */ 1256 m->m_pkthdr.csum_flags = CSUM_TCP_IPV6; 1257 th->th_sum = in6_cksum_pseudo(ip6, sizeof(struct tcphdr) + 1258 optlen + len, IPPROTO_TCP, 0); 1259 } 1260 #endif 1261 #if defined(INET6) && defined(INET) 1262 else 1263 #endif 1264 #ifdef INET 1265 { 1266 m->m_pkthdr.csum_flags = CSUM_TCP; 1267 th->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, 1268 htons(sizeof(struct tcphdr) + IPPROTO_TCP + len + optlen)); 1269 1270 /* IP version must be set here for ipv4/ipv6 checking later */ 1271 KASSERT(ip->ip_v == IPVERSION, 1272 ("%s: IP version incorrect: %d", __func__, ip->ip_v)); 1273 } 1274 #endif 1275 1276 /* 1277 * Enable TSO and specify the size of the segments. 1278 * The TCP pseudo header checksum is always provided. 1279 */ 1280 if (tso) { 1281 KASSERT(len > tp->t_maxseg - optlen, 1282 ("%s: len <= tso_segsz", __func__)); 1283 m->m_pkthdr.csum_flags |= CSUM_TSO; 1284 m->m_pkthdr.tso_segsz = tp->t_maxseg - optlen; 1285 } 1286 1287 #ifdef IPSEC 1288 KASSERT(len + hdrlen + ipoptlen - ipsec_optlen == m_length(m, NULL), 1289 ("%s: mbuf chain shorter than expected: %ld + %u + %u - %u != %u", 1290 __func__, len, hdrlen, ipoptlen, ipsec_optlen, m_length(m, NULL))); 1291 #else 1292 KASSERT(len + hdrlen + ipoptlen == m_length(m, NULL), 1293 ("%s: mbuf chain shorter than expected: %ld + %u + %u != %u", 1294 __func__, len, hdrlen, ipoptlen, m_length(m, NULL))); 1295 #endif 1296 1297 /* Run HHOOK_TCP_ESTABLISHED_OUT helper hooks. */ 1298 hhook_run_tcp_est_out(tp, th, &to, len, tso); 1299 1300 #ifdef TCPDEBUG 1301 /* 1302 * Trace. 1303 */ 1304 if (so->so_options & SO_DEBUG) { 1305 u_short save = 0; 1306 #ifdef INET6 1307 if (!isipv6) 1308 #endif 1309 { 1310 save = ipov->ih_len; 1311 ipov->ih_len = htons(m->m_pkthdr.len /* - hdrlen + (th->th_off << 2) */); 1312 } 1313 tcp_trace(TA_OUTPUT, tp->t_state, tp, mtod(m, void *), th, 0); 1314 #ifdef INET6 1315 if (!isipv6) 1316 #endif 1317 ipov->ih_len = save; 1318 } 1319 #endif /* TCPDEBUG */ 1320 TCP_PROBE3(debug__input, tp, th, mtod(m, const char *)); 1321 1322 /* 1323 * Fill in IP length and desired time to live and 1324 * send to IP level. There should be a better way 1325 * to handle ttl and tos; we could keep them in 1326 * the template, but need a way to checksum without them. 1327 */ 1328 /* 1329 * m->m_pkthdr.len should have been set before checksum calculation, 1330 * because in6_cksum() need it. 1331 */ 1332 #ifdef INET6 1333 if (isipv6) { 1334 struct route_in6 ro; 1335 1336 bzero(&ro, sizeof(ro)); 1337 /* 1338 * we separately set hoplimit for every segment, since the 1339 * user might want to change the value via setsockopt. 1340 * Also, desired default hop limit might be changed via 1341 * Neighbor Discovery. 1342 */ 1343 ip6->ip6_hlim = in6_selecthlim(tp->t_inpcb, NULL); 1344 1345 /* 1346 * Set the packet size here for the benefit of DTrace probes. 1347 * ip6_output() will set it properly; it's supposed to include 1348 * the option header lengths as well. 1349 */ 1350 ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6)); 1351 1352 if (V_path_mtu_discovery && tp->t_maxseg > V_tcp_minmss) 1353 tp->t_flags2 |= TF2_PLPMTU_PMTUD; 1354 else 1355 tp->t_flags2 &= ~TF2_PLPMTU_PMTUD; 1356 1357 if (tp->t_state == TCPS_SYN_SENT) 1358 TCP_PROBE5(connect__request, NULL, tp, ip6, tp, th); 1359 1360 TCP_PROBE5(send, NULL, tp, ip6, tp, th); 1361 1362 #ifdef TCPPCAP 1363 /* Save packet, if requested. */ 1364 tcp_pcap_add(th, m, &(tp->t_outpkts)); 1365 #endif 1366 1367 /* TODO: IPv6 IP6TOS_ECT bit on */ 1368 error = ip6_output(m, tp->t_inpcb->in6p_outputopts, &ro, 1369 ((so->so_options & SO_DONTROUTE) ? IP_ROUTETOIF : 0), 1370 NULL, NULL, tp->t_inpcb); 1371 1372 if (error == EMSGSIZE && ro.ro_rt != NULL) 1373 mtu = ro.ro_rt->rt_mtu; 1374 RO_RTFREE(&ro); 1375 } 1376 #endif /* INET6 */ 1377 #if defined(INET) && defined(INET6) 1378 else 1379 #endif 1380 #ifdef INET 1381 { 1382 struct route ro; 1383 1384 bzero(&ro, sizeof(ro)); 1385 ip->ip_len = htons(m->m_pkthdr.len); 1386 #ifdef INET6 1387 if (tp->t_inpcb->inp_vflag & INP_IPV6PROTO) 1388 ip->ip_ttl = in6_selecthlim(tp->t_inpcb, NULL); 1389 #endif /* INET6 */ 1390 /* 1391 * If we do path MTU discovery, then we set DF on every packet. 1392 * This might not be the best thing to do according to RFC3390 1393 * Section 2. However the tcp hostcache migitates the problem 1394 * so it affects only the first tcp connection with a host. 1395 * 1396 * NB: Don't set DF on small MTU/MSS to have a safe fallback. 1397 */ 1398 if (V_path_mtu_discovery && tp->t_maxseg > V_tcp_minmss) { 1399 ip->ip_off |= htons(IP_DF); 1400 tp->t_flags2 |= TF2_PLPMTU_PMTUD; 1401 } else { 1402 tp->t_flags2 &= ~TF2_PLPMTU_PMTUD; 1403 } 1404 1405 if (tp->t_state == TCPS_SYN_SENT) 1406 TCP_PROBE5(connect__request, NULL, tp, ip, tp, th); 1407 1408 TCP_PROBE5(send, NULL, tp, ip, tp, th); 1409 1410 #ifdef TCPPCAP 1411 /* Save packet, if requested. */ 1412 tcp_pcap_add(th, m, &(tp->t_outpkts)); 1413 #endif 1414 1415 error = ip_output(m, tp->t_inpcb->inp_options, &ro, 1416 ((so->so_options & SO_DONTROUTE) ? IP_ROUTETOIF : 0), 0, 1417 tp->t_inpcb); 1418 1419 if (error == EMSGSIZE && ro.ro_rt != NULL) 1420 mtu = ro.ro_rt->rt_mtu; 1421 RO_RTFREE(&ro); 1422 } 1423 #endif /* INET */ 1424 1425 out: 1426 /* 1427 * In transmit state, time the transmission and arrange for 1428 * the retransmit. In persist state, just set snd_max. 1429 */ 1430 if ((tp->t_flags & TF_FORCEDATA) == 0 || 1431 !tcp_timer_active(tp, TT_PERSIST)) { 1432 tcp_seq startseq = tp->snd_nxt; 1433 1434 /* 1435 * Advance snd_nxt over sequence space of this segment. 1436 */ 1437 if (flags & (TH_SYN|TH_FIN)) { 1438 if (flags & TH_SYN) 1439 tp->snd_nxt++; 1440 if (flags & TH_FIN) { 1441 tp->snd_nxt++; 1442 tp->t_flags |= TF_SENTFIN; 1443 } 1444 } 1445 if (sack_rxmit) 1446 goto timer; 1447 tp->snd_nxt += len; 1448 if (SEQ_GT(tp->snd_nxt, tp->snd_max)) { 1449 tp->snd_max = tp->snd_nxt; 1450 /* 1451 * Time this transmission if not a retransmission and 1452 * not currently timing anything. 1453 */ 1454 if (tp->t_rtttime == 0) { 1455 tp->t_rtttime = ticks; 1456 tp->t_rtseq = startseq; 1457 TCPSTAT_INC(tcps_segstimed); 1458 } 1459 } 1460 1461 /* 1462 * Set retransmit timer if not currently set, 1463 * and not doing a pure ack or a keep-alive probe. 1464 * Initial value for retransmit timer is smoothed 1465 * round-trip time + 2 * round-trip time variance. 1466 * Initialize shift counter which is used for backoff 1467 * of retransmit time. 1468 */ 1469 timer: 1470 if (!tcp_timer_active(tp, TT_REXMT) && 1471 ((sack_rxmit && tp->snd_nxt != tp->snd_max) || 1472 (tp->snd_nxt != tp->snd_una))) { 1473 if (tcp_timer_active(tp, TT_PERSIST)) { 1474 tcp_timer_activate(tp, TT_PERSIST, 0); 1475 tp->t_rxtshift = 0; 1476 } 1477 tcp_timer_activate(tp, TT_REXMT, tp->t_rxtcur); 1478 } else if (len == 0 && sbavail(&so->so_snd) && 1479 !tcp_timer_active(tp, TT_REXMT) && 1480 !tcp_timer_active(tp, TT_PERSIST)) { 1481 /* 1482 * Avoid a situation where we do not set persist timer 1483 * after a zero window condition. For example: 1484 * 1) A -> B: packet with enough data to fill the window 1485 * 2) B -> A: ACK for #1 + new data (0 window 1486 * advertisement) 1487 * 3) A -> B: ACK for #2, 0 len packet 1488 * 1489 * In this case, A will not activate the persist timer, 1490 * because it chose to send a packet. Unless tcp_output 1491 * is called for some other reason (delayed ack timer, 1492 * another input packet from B, socket syscall), A will 1493 * not send zero window probes. 1494 * 1495 * So, if you send a 0-length packet, but there is data 1496 * in the socket buffer, and neither the rexmt or 1497 * persist timer is already set, then activate the 1498 * persist timer. 1499 */ 1500 tp->t_rxtshift = 0; 1501 tcp_setpersist(tp); 1502 } 1503 } else { 1504 /* 1505 * Persist case, update snd_max but since we are in 1506 * persist mode (no window) we do not update snd_nxt. 1507 */ 1508 int xlen = len; 1509 if (flags & TH_SYN) 1510 ++xlen; 1511 if (flags & TH_FIN) { 1512 ++xlen; 1513 tp->t_flags |= TF_SENTFIN; 1514 } 1515 if (SEQ_GT(tp->snd_nxt + xlen, tp->snd_max)) 1516 tp->snd_max = tp->snd_nxt + len; 1517 } 1518 1519 if (error) { 1520 1521 /* 1522 * We know that the packet was lost, so back out the 1523 * sequence number advance, if any. 1524 * 1525 * If the error is EPERM the packet got blocked by the 1526 * local firewall. Normally we should terminate the 1527 * connection but the blocking may have been spurious 1528 * due to a firewall reconfiguration cycle. So we treat 1529 * it like a packet loss and let the retransmit timer and 1530 * timeouts do their work over time. 1531 * XXX: It is a POLA question whether calling tcp_drop right 1532 * away would be the really correct behavior instead. 1533 */ 1534 if (((tp->t_flags & TF_FORCEDATA) == 0 || 1535 !tcp_timer_active(tp, TT_PERSIST)) && 1536 ((flags & TH_SYN) == 0) && 1537 (error != EPERM)) { 1538 if (sack_rxmit) { 1539 p->rxmit -= len; 1540 tp->sackhint.sack_bytes_rexmit -= len; 1541 KASSERT(tp->sackhint.sack_bytes_rexmit >= 0, 1542 ("sackhint bytes rtx >= 0")); 1543 } else 1544 tp->snd_nxt -= len; 1545 } 1546 SOCKBUF_UNLOCK_ASSERT(&so->so_snd); /* Check gotos. */ 1547 switch (error) { 1548 case EPERM: 1549 tp->t_softerror = error; 1550 return (error); 1551 case ENOBUFS: 1552 if (!tcp_timer_active(tp, TT_REXMT) && 1553 !tcp_timer_active(tp, TT_PERSIST)) 1554 tcp_timer_activate(tp, TT_REXMT, tp->t_rxtcur); 1555 tp->snd_cwnd = tp->t_maxseg; 1556 return (0); 1557 case EMSGSIZE: 1558 /* 1559 * For some reason the interface we used initially 1560 * to send segments changed to another or lowered 1561 * its MTU. 1562 * If TSO was active we either got an interface 1563 * without TSO capabilits or TSO was turned off. 1564 * If we obtained mtu from ip_output() then update 1565 * it and try again. 1566 */ 1567 if (tso) 1568 tp->t_flags &= ~TF_TSO; 1569 if (mtu != 0) { 1570 tcp_mss_update(tp, -1, mtu, NULL, NULL); 1571 goto again; 1572 } 1573 return (error); 1574 case EHOSTDOWN: 1575 case EHOSTUNREACH: 1576 case ENETDOWN: 1577 case ENETUNREACH: 1578 if (TCPS_HAVERCVDSYN(tp->t_state)) { 1579 tp->t_softerror = error; 1580 return (0); 1581 } 1582 /* FALLTHROUGH */ 1583 default: 1584 return (error); 1585 } 1586 } 1587 TCPSTAT_INC(tcps_sndtotal); 1588 1589 /* 1590 * Data sent (as far as we can tell). 1591 * If this advertises a larger window than any other segment, 1592 * then remember the size of the advertised window. 1593 * Any pending ACK has now been sent. 1594 */ 1595 if (recwin >= 0 && SEQ_GT(tp->rcv_nxt + recwin, tp->rcv_adv)) 1596 tp->rcv_adv = tp->rcv_nxt + recwin; 1597 tp->last_ack_sent = tp->rcv_nxt; 1598 tp->t_flags &= ~(TF_ACKNOW | TF_DELACK); 1599 if (tcp_timer_active(tp, TT_DELACK)) 1600 tcp_timer_activate(tp, TT_DELACK, 0); 1601 #if 0 1602 /* 1603 * This completely breaks TCP if newreno is turned on. What happens 1604 * is that if delayed-acks are turned on on the receiver, this code 1605 * on the transmitter effectively destroys the TCP window, forcing 1606 * it to four packets (1.5Kx4 = 6K window). 1607 */ 1608 if (sendalot && --maxburst) 1609 goto again; 1610 #endif 1611 if (sendalot) 1612 goto again; 1613 return (0); 1614 } 1615 1616 void 1617 tcp_setpersist(struct tcpcb *tp) 1618 { 1619 int t = ((tp->t_srtt >> 2) + tp->t_rttvar) >> 1; 1620 int tt; 1621 1622 tp->t_flags &= ~TF_PREVVALID; 1623 if (tcp_timer_active(tp, TT_REXMT)) 1624 panic("tcp_setpersist: retransmit pending"); 1625 /* 1626 * Start/restart persistance timer. 1627 */ 1628 TCPT_RANGESET(tt, t * tcp_backoff[tp->t_rxtshift], 1629 TCPTV_PERSMIN, TCPTV_PERSMAX); 1630 tcp_timer_activate(tp, TT_PERSIST, tt); 1631 if (tp->t_rxtshift < TCP_MAXRXTSHIFT) 1632 tp->t_rxtshift++; 1633 } 1634 1635 /* 1636 * Insert TCP options according to the supplied parameters to the place 1637 * optp in a consistent way. Can handle unaligned destinations. 1638 * 1639 * The order of the option processing is crucial for optimal packing and 1640 * alignment for the scarce option space. 1641 * 1642 * The optimal order for a SYN/SYN-ACK segment is: 1643 * MSS (4) + NOP (1) + Window scale (3) + SACK permitted (2) + 1644 * Timestamp (10) + Signature (18) = 38 bytes out of a maximum of 40. 1645 * 1646 * The SACK options should be last. SACK blocks consume 8*n+2 bytes. 1647 * So a full size SACK blocks option is 34 bytes (with 4 SACK blocks). 1648 * At minimum we need 10 bytes (to generate 1 SACK block). If both 1649 * TCP Timestamps (12 bytes) and TCP Signatures (18 bytes) are present, 1650 * we only have 10 bytes for SACK options (40 - (12 + 18)). 1651 */ 1652 int 1653 tcp_addoptions(struct tcpopt *to, u_char *optp) 1654 { 1655 u_int mask, optlen = 0; 1656 1657 for (mask = 1; mask < TOF_MAXOPT; mask <<= 1) { 1658 if ((to->to_flags & mask) != mask) 1659 continue; 1660 if (optlen == TCP_MAXOLEN) 1661 break; 1662 switch (to->to_flags & mask) { 1663 case TOF_MSS: 1664 while (optlen % 4) { 1665 optlen += TCPOLEN_NOP; 1666 *optp++ = TCPOPT_NOP; 1667 } 1668 if (TCP_MAXOLEN - optlen < TCPOLEN_MAXSEG) 1669 continue; 1670 optlen += TCPOLEN_MAXSEG; 1671 *optp++ = TCPOPT_MAXSEG; 1672 *optp++ = TCPOLEN_MAXSEG; 1673 to->to_mss = htons(to->to_mss); 1674 bcopy((u_char *)&to->to_mss, optp, sizeof(to->to_mss)); 1675 optp += sizeof(to->to_mss); 1676 break; 1677 case TOF_SCALE: 1678 while (!optlen || optlen % 2 != 1) { 1679 optlen += TCPOLEN_NOP; 1680 *optp++ = TCPOPT_NOP; 1681 } 1682 if (TCP_MAXOLEN - optlen < TCPOLEN_WINDOW) 1683 continue; 1684 optlen += TCPOLEN_WINDOW; 1685 *optp++ = TCPOPT_WINDOW; 1686 *optp++ = TCPOLEN_WINDOW; 1687 *optp++ = to->to_wscale; 1688 break; 1689 case TOF_SACKPERM: 1690 while (optlen % 2) { 1691 optlen += TCPOLEN_NOP; 1692 *optp++ = TCPOPT_NOP; 1693 } 1694 if (TCP_MAXOLEN - optlen < TCPOLEN_SACK_PERMITTED) 1695 continue; 1696 optlen += TCPOLEN_SACK_PERMITTED; 1697 *optp++ = TCPOPT_SACK_PERMITTED; 1698 *optp++ = TCPOLEN_SACK_PERMITTED; 1699 break; 1700 case TOF_TS: 1701 while (!optlen || optlen % 4 != 2) { 1702 optlen += TCPOLEN_NOP; 1703 *optp++ = TCPOPT_NOP; 1704 } 1705 if (TCP_MAXOLEN - optlen < TCPOLEN_TIMESTAMP) 1706 continue; 1707 optlen += TCPOLEN_TIMESTAMP; 1708 *optp++ = TCPOPT_TIMESTAMP; 1709 *optp++ = TCPOLEN_TIMESTAMP; 1710 to->to_tsval = htonl(to->to_tsval); 1711 to->to_tsecr = htonl(to->to_tsecr); 1712 bcopy((u_char *)&to->to_tsval, optp, sizeof(to->to_tsval)); 1713 optp += sizeof(to->to_tsval); 1714 bcopy((u_char *)&to->to_tsecr, optp, sizeof(to->to_tsecr)); 1715 optp += sizeof(to->to_tsecr); 1716 break; 1717 #ifdef TCP_SIGNATURE 1718 case TOF_SIGNATURE: 1719 { 1720 int siglen = TCPOLEN_SIGNATURE - 2; 1721 1722 while (!optlen || optlen % 4 != 2) { 1723 optlen += TCPOLEN_NOP; 1724 *optp++ = TCPOPT_NOP; 1725 } 1726 if (TCP_MAXOLEN - optlen < TCPOLEN_SIGNATURE) 1727 continue; 1728 optlen += TCPOLEN_SIGNATURE; 1729 *optp++ = TCPOPT_SIGNATURE; 1730 *optp++ = TCPOLEN_SIGNATURE; 1731 to->to_signature = optp; 1732 while (siglen--) 1733 *optp++ = 0; 1734 break; 1735 } 1736 #endif 1737 case TOF_SACK: 1738 { 1739 int sackblks = 0; 1740 struct sackblk *sack = (struct sackblk *)to->to_sacks; 1741 tcp_seq sack_seq; 1742 1743 while (!optlen || optlen % 4 != 2) { 1744 optlen += TCPOLEN_NOP; 1745 *optp++ = TCPOPT_NOP; 1746 } 1747 if (TCP_MAXOLEN - optlen < TCPOLEN_SACKHDR + TCPOLEN_SACK) 1748 continue; 1749 optlen += TCPOLEN_SACKHDR; 1750 *optp++ = TCPOPT_SACK; 1751 sackblks = min(to->to_nsacks, 1752 (TCP_MAXOLEN - optlen) / TCPOLEN_SACK); 1753 *optp++ = TCPOLEN_SACKHDR + sackblks * TCPOLEN_SACK; 1754 while (sackblks--) { 1755 sack_seq = htonl(sack->start); 1756 bcopy((u_char *)&sack_seq, optp, sizeof(sack_seq)); 1757 optp += sizeof(sack_seq); 1758 sack_seq = htonl(sack->end); 1759 bcopy((u_char *)&sack_seq, optp, sizeof(sack_seq)); 1760 optp += sizeof(sack_seq); 1761 optlen += TCPOLEN_SACK; 1762 sack++; 1763 } 1764 TCPSTAT_INC(tcps_sack_send_blocks); 1765 break; 1766 } 1767 #ifdef TCP_RFC7413 1768 case TOF_FASTOPEN: 1769 { 1770 int total_len; 1771 1772 /* XXX is there any point to aligning this option? */ 1773 total_len = TCPOLEN_FAST_OPEN_EMPTY + to->to_tfo_len; 1774 if (TCP_MAXOLEN - optlen < total_len) 1775 continue; 1776 *optp++ = TCPOPT_FAST_OPEN; 1777 *optp++ = total_len; 1778 if (to->to_tfo_len > 0) { 1779 bcopy(to->to_tfo_cookie, optp, to->to_tfo_len); 1780 optp += to->to_tfo_len; 1781 } 1782 optlen += total_len; 1783 break; 1784 } 1785 #endif 1786 default: 1787 panic("%s: unknown TCP option type", __func__); 1788 break; 1789 } 1790 } 1791 1792 /* Terminate and pad TCP options to a 4 byte boundary. */ 1793 if (optlen % 4) { 1794 optlen += TCPOLEN_EOL; 1795 *optp++ = TCPOPT_EOL; 1796 } 1797 /* 1798 * According to RFC 793 (STD0007): 1799 * "The content of the header beyond the End-of-Option option 1800 * must be header padding (i.e., zero)." 1801 * and later: "The padding is composed of zeros." 1802 */ 1803 while (optlen % 4) { 1804 optlen += TCPOLEN_PAD; 1805 *optp++ = TCPOPT_PAD; 1806 } 1807 1808 KASSERT(optlen <= TCP_MAXOLEN, ("%s: TCP options too long", __func__)); 1809 return (optlen); 1810 } 1811