1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994, 1995 5 * The Regents of the University of California. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)tcp_sack.c 8.12 (Berkeley) 5/24/95 33 */ 34 35 /*- 36 * @@(#)COPYRIGHT 1.1 (NRL) 17 January 1995 37 * 38 * NRL grants permission for redistribution and use in source and binary 39 * forms, with or without modification, of the software and documentation 40 * created at NRL provided that the following conditions are met: 41 * 42 * 1. Redistributions of source code must retain the above copyright 43 * notice, this list of conditions and the following disclaimer. 44 * 2. Redistributions in binary form must reproduce the above copyright 45 * notice, this list of conditions and the following disclaimer in the 46 * documentation and/or other materials provided with the distribution. 47 * 3. All advertising materials mentioning features or use of this software 48 * must display the following acknowledgements: 49 * This product includes software developed by the University of 50 * California, Berkeley and its contributors. 51 * This product includes software developed at the Information 52 * Technology Division, US Naval Research Laboratory. 53 * 4. Neither the name of the NRL nor the names of its contributors 54 * may be used to endorse or promote products derived from this software 55 * without specific prior written permission. 56 * 57 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 58 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 59 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 60 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 61 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 62 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 63 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 64 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 65 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 66 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 67 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 68 * 69 * The views and conclusions contained in the software and documentation 70 * are those of the authors and should not be interpreted as representing 71 * official policies, either expressed or implied, of the US Naval 72 * Research Laboratory (NRL). 73 */ 74 75 #include <sys/cdefs.h> 76 #include "opt_inet.h" 77 #include "opt_inet6.h" 78 79 #include <sys/param.h> 80 #include <sys/systm.h> 81 #include <sys/kernel.h> 82 #include <sys/sysctl.h> 83 #include <sys/malloc.h> 84 #include <sys/mbuf.h> 85 #include <sys/proc.h> /* for proc0 declaration */ 86 #include <sys/protosw.h> 87 #include <sys/socket.h> 88 #include <sys/socketvar.h> 89 #include <sys/syslog.h> 90 #include <sys/systm.h> 91 92 #include <machine/cpu.h> /* before tcp_seq.h, for tcp_random18() */ 93 94 #include <vm/uma.h> 95 96 #include <net/if.h> 97 #include <net/if_var.h> 98 #include <net/route.h> 99 #include <net/vnet.h> 100 101 #include <netinet/in.h> 102 #include <netinet/in_systm.h> 103 #include <netinet/ip.h> 104 #include <netinet/in_var.h> 105 #include <netinet/in_pcb.h> 106 #include <netinet/ip_var.h> 107 #include <netinet/ip6.h> 108 #include <netinet/icmp6.h> 109 #include <netinet6/nd6.h> 110 #include <netinet6/ip6_var.h> 111 #include <netinet6/in6_pcb.h> 112 #include <netinet/tcp.h> 113 #include <netinet/tcp_fsm.h> 114 #include <netinet/tcp_seq.h> 115 #include <netinet/tcp_timer.h> 116 #include <netinet/tcp_var.h> 117 #include <netinet/tcpip.h> 118 #include <netinet/cc/cc.h> 119 120 #include <machine/in_cksum.h> 121 122 VNET_DECLARE(struct uma_zone *, sack_hole_zone); 123 #define V_sack_hole_zone VNET(sack_hole_zone) 124 125 SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 126 "TCP SACK"); 127 128 VNET_DEFINE(int, tcp_do_sack) = 1; 129 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, enable, CTLFLAG_VNET | CTLFLAG_RW, 130 &VNET_NAME(tcp_do_sack), 0, 131 "Enable/Disable TCP SACK support"); 132 133 VNET_DEFINE(int, tcp_do_newsack) = 1; 134 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, revised, CTLFLAG_VNET | CTLFLAG_RW, 135 &VNET_NAME(tcp_do_newsack), 0, 136 "Use revised SACK loss recovery per RFC 6675"); 137 138 VNET_DEFINE(int, tcp_sack_maxholes) = 128; 139 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, maxholes, CTLFLAG_VNET | CTLFLAG_RW, 140 &VNET_NAME(tcp_sack_maxholes), 0, 141 "Maximum number of TCP SACK holes allowed per connection"); 142 143 VNET_DEFINE(int, tcp_sack_globalmaxholes) = 65536; 144 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalmaxholes, CTLFLAG_VNET | CTLFLAG_RW, 145 &VNET_NAME(tcp_sack_globalmaxholes), 0, 146 "Global maximum number of TCP SACK holes"); 147 148 VNET_DEFINE(int, tcp_sack_globalholes) = 0; 149 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalholes, CTLFLAG_VNET | CTLFLAG_RD, 150 &VNET_NAME(tcp_sack_globalholes), 0, 151 "Global number of TCP SACK holes currently allocated"); 152 153 int 154 tcp_dsack_block_exists(struct tcpcb *tp) 155 { 156 /* Return true if a DSACK block exists */ 157 if (tp->rcv_numsacks == 0) 158 return (0); 159 if (SEQ_LEQ(tp->sackblks[0].end, tp->rcv_nxt)) 160 return(1); 161 return (0); 162 } 163 164 /* 165 * This function will find overlaps with the currently stored sackblocks 166 * and add any overlap as a dsack block upfront 167 */ 168 void 169 tcp_update_dsack_list(struct tcpcb *tp, tcp_seq rcv_start, tcp_seq rcv_end) 170 { 171 struct sackblk head_blk,mid_blk,saved_blks[MAX_SACK_BLKS]; 172 int i, j, n, identical; 173 tcp_seq start, end; 174 175 INP_WLOCK_ASSERT(tptoinpcb(tp)); 176 177 KASSERT(SEQ_LT(rcv_start, rcv_end), ("rcv_start < rcv_end")); 178 179 if (SEQ_LT(rcv_end, tp->rcv_nxt) || 180 ((rcv_end == tp->rcv_nxt) && 181 (tp->rcv_numsacks > 0 ) && 182 (tp->sackblks[0].end == tp->rcv_nxt))) { 183 saved_blks[0].start = rcv_start; 184 saved_blks[0].end = rcv_end; 185 } else { 186 saved_blks[0].start = saved_blks[0].end = 0; 187 } 188 189 head_blk.start = head_blk.end = 0; 190 mid_blk.start = rcv_start; 191 mid_blk.end = rcv_end; 192 identical = 0; 193 194 for (i = 0; i < tp->rcv_numsacks; i++) { 195 start = tp->sackblks[i].start; 196 end = tp->sackblks[i].end; 197 if (SEQ_LT(rcv_end, start)) { 198 /* pkt left to sack blk */ 199 continue; 200 } 201 if (SEQ_GT(rcv_start, end)) { 202 /* pkt right to sack blk */ 203 continue; 204 } 205 if (SEQ_GT(tp->rcv_nxt, end)) { 206 if ((SEQ_MAX(rcv_start, start) != SEQ_MIN(rcv_end, end)) && 207 (SEQ_GT(head_blk.start, SEQ_MAX(rcv_start, start)) || 208 (head_blk.start == head_blk.end))) { 209 head_blk.start = SEQ_MAX(rcv_start, start); 210 head_blk.end = SEQ_MIN(rcv_end, end); 211 } 212 continue; 213 } 214 if (((head_blk.start == head_blk.end) || 215 SEQ_LT(start, head_blk.start)) && 216 (SEQ_GT(end, rcv_start) && 217 SEQ_LEQ(start, rcv_end))) { 218 head_blk.start = start; 219 head_blk.end = end; 220 } 221 mid_blk.start = SEQ_MIN(mid_blk.start, start); 222 mid_blk.end = SEQ_MAX(mid_blk.end, end); 223 if ((mid_blk.start == start) && 224 (mid_blk.end == end)) 225 identical = 1; 226 } 227 if (SEQ_LT(head_blk.start, head_blk.end)) { 228 /* store overlapping range */ 229 saved_blks[0].start = SEQ_MAX(rcv_start, head_blk.start); 230 saved_blks[0].end = SEQ_MIN(rcv_end, head_blk.end); 231 } 232 n = 1; 233 /* 234 * Second, if not ACKed, store the SACK block that 235 * overlaps with the DSACK block unless it is identical 236 */ 237 if ((SEQ_LT(tp->rcv_nxt, mid_blk.end) && 238 !((mid_blk.start == saved_blks[0].start) && 239 (mid_blk.end == saved_blks[0].end))) || 240 identical == 1) { 241 saved_blks[n].start = mid_blk.start; 242 saved_blks[n++].end = mid_blk.end; 243 } 244 for (j = 0; (j < tp->rcv_numsacks) && (n < MAX_SACK_BLKS); j++) { 245 if (((SEQ_LT(tp->sackblks[j].end, mid_blk.start) || 246 SEQ_GT(tp->sackblks[j].start, mid_blk.end)) && 247 (SEQ_GT(tp->sackblks[j].start, tp->rcv_nxt)))) 248 saved_blks[n++] = tp->sackblks[j]; 249 } 250 j = 0; 251 for (i = 0; i < n; i++) { 252 /* we can end up with a stale initial entry */ 253 if (SEQ_LT(saved_blks[i].start, saved_blks[i].end)) { 254 tp->sackblks[j++] = saved_blks[i]; 255 } 256 } 257 tp->rcv_numsacks = j; 258 } 259 260 /* 261 * This function is called upon receipt of new valid data (while not in 262 * header prediction mode), and it updates the ordered list of sacks. 263 */ 264 void 265 tcp_update_sack_list(struct tcpcb *tp, tcp_seq rcv_start, tcp_seq rcv_end) 266 { 267 /* 268 * First reported block MUST be the most recent one. Subsequent 269 * blocks SHOULD be in the order in which they arrived at the 270 * receiver. These two conditions make the implementation fully 271 * compliant with RFC 2018. 272 */ 273 struct sackblk head_blk, saved_blks[MAX_SACK_BLKS]; 274 int num_head, num_saved, i; 275 276 INP_WLOCK_ASSERT(tptoinpcb(tp)); 277 278 /* Check arguments. */ 279 KASSERT(SEQ_LEQ(rcv_start, rcv_end), ("rcv_start <= rcv_end")); 280 281 if ((rcv_start == rcv_end) && 282 (tp->rcv_numsacks >= 1) && 283 (rcv_end == tp->sackblks[0].end)) { 284 /* retaining DSACK block below rcv_nxt (todrop) */ 285 head_blk = tp->sackblks[0]; 286 } else { 287 /* SACK block for the received segment. */ 288 head_blk.start = rcv_start; 289 head_blk.end = rcv_end; 290 } 291 292 /* 293 * Merge updated SACK blocks into head_blk, and save unchanged SACK 294 * blocks into saved_blks[]. num_saved will have the number of the 295 * saved SACK blocks. 296 */ 297 num_saved = 0; 298 for (i = 0; i < tp->rcv_numsacks; i++) { 299 tcp_seq start = tp->sackblks[i].start; 300 tcp_seq end = tp->sackblks[i].end; 301 if (SEQ_GEQ(start, end) || SEQ_LEQ(start, tp->rcv_nxt)) { 302 /* 303 * Discard this SACK block. 304 */ 305 } else if (SEQ_LEQ(head_blk.start, end) && 306 SEQ_GEQ(head_blk.end, start)) { 307 /* 308 * Merge this SACK block into head_blk. This SACK 309 * block itself will be discarded. 310 */ 311 /* 312 * |-| 313 * |---| merge 314 * 315 * |-| 316 * |---| merge 317 * 318 * |-----| 319 * |-| DSACK smaller 320 * 321 * |-| 322 * |-----| DSACK smaller 323 */ 324 if (head_blk.start == end) 325 head_blk.start = start; 326 else if (head_blk.end == start) 327 head_blk.end = end; 328 else { 329 if (SEQ_LT(head_blk.start, start)) { 330 tcp_seq temp = start; 331 start = head_blk.start; 332 head_blk.start = temp; 333 } 334 if (SEQ_GT(head_blk.end, end)) { 335 tcp_seq temp = end; 336 end = head_blk.end; 337 head_blk.end = temp; 338 } 339 if ((head_blk.start != start) || 340 (head_blk.end != end)) { 341 if ((num_saved >= 1) && 342 SEQ_GEQ(saved_blks[num_saved-1].start, start) && 343 SEQ_LEQ(saved_blks[num_saved-1].end, end)) 344 num_saved--; 345 saved_blks[num_saved].start = start; 346 saved_blks[num_saved].end = end; 347 num_saved++; 348 } 349 } 350 } else { 351 /* 352 * This block supercedes the prior block 353 */ 354 if ((num_saved >= 1) && 355 SEQ_GEQ(saved_blks[num_saved-1].start, start) && 356 SEQ_LEQ(saved_blks[num_saved-1].end, end)) 357 num_saved--; 358 /* 359 * Save this SACK block. 360 */ 361 saved_blks[num_saved].start = start; 362 saved_blks[num_saved].end = end; 363 num_saved++; 364 } 365 } 366 367 /* 368 * Update SACK list in tp->sackblks[]. 369 */ 370 num_head = 0; 371 if (SEQ_LT(rcv_start, rcv_end)) { 372 /* 373 * The received data segment is an out-of-order segment. Put 374 * head_blk at the top of SACK list. 375 */ 376 tp->sackblks[0] = head_blk; 377 num_head = 1; 378 /* 379 * If the number of saved SACK blocks exceeds its limit, 380 * discard the last SACK block. 381 */ 382 if (num_saved >= MAX_SACK_BLKS) 383 num_saved--; 384 } 385 if ((rcv_start == rcv_end) && 386 (rcv_start == tp->sackblks[0].end)) { 387 num_head = 1; 388 } 389 if (num_saved > 0) { 390 /* 391 * Copy the saved SACK blocks back. 392 */ 393 bcopy(saved_blks, &tp->sackblks[num_head], 394 sizeof(struct sackblk) * num_saved); 395 } 396 397 /* Save the number of SACK blocks. */ 398 tp->rcv_numsacks = num_head + num_saved; 399 } 400 401 void 402 tcp_clean_dsack_blocks(struct tcpcb *tp) 403 { 404 struct sackblk saved_blks[MAX_SACK_BLKS]; 405 int num_saved, i; 406 407 INP_WLOCK_ASSERT(tptoinpcb(tp)); 408 /* 409 * Clean up any DSACK blocks that 410 * are in our queue of sack blocks. 411 * 412 */ 413 num_saved = 0; 414 for (i = 0; i < tp->rcv_numsacks; i++) { 415 tcp_seq start = tp->sackblks[i].start; 416 tcp_seq end = tp->sackblks[i].end; 417 if (SEQ_GEQ(start, end) || SEQ_LEQ(start, tp->rcv_nxt)) { 418 /* 419 * Discard this D-SACK block. 420 */ 421 continue; 422 } 423 /* 424 * Save this SACK block. 425 */ 426 saved_blks[num_saved].start = start; 427 saved_blks[num_saved].end = end; 428 num_saved++; 429 } 430 if (num_saved > 0) { 431 /* 432 * Copy the saved SACK blocks back. 433 */ 434 bcopy(saved_blks, &tp->sackblks[0], 435 sizeof(struct sackblk) * num_saved); 436 } 437 tp->rcv_numsacks = num_saved; 438 } 439 440 /* 441 * Delete all receiver-side SACK information. 442 */ 443 void 444 tcp_clean_sackreport(struct tcpcb *tp) 445 { 446 int i; 447 448 INP_WLOCK_ASSERT(tptoinpcb(tp)); 449 tp->rcv_numsacks = 0; 450 for (i = 0; i < MAX_SACK_BLKS; i++) 451 tp->sackblks[i].start = tp->sackblks[i].end=0; 452 } 453 454 /* 455 * Allocate struct sackhole. 456 */ 457 static struct sackhole * 458 tcp_sackhole_alloc(struct tcpcb *tp, tcp_seq start, tcp_seq end) 459 { 460 struct sackhole *hole; 461 462 if (tp->snd_numholes >= V_tcp_sack_maxholes || 463 V_tcp_sack_globalholes >= V_tcp_sack_globalmaxholes) { 464 TCPSTAT_INC(tcps_sack_sboverflow); 465 return NULL; 466 } 467 468 hole = (struct sackhole *)uma_zalloc(V_sack_hole_zone, M_NOWAIT); 469 if (hole == NULL) 470 return NULL; 471 472 hole->start = start; 473 hole->end = end; 474 hole->rxmit = start; 475 476 tp->snd_numholes++; 477 atomic_add_int(&V_tcp_sack_globalholes, 1); 478 479 return hole; 480 } 481 482 /* 483 * Free struct sackhole. 484 */ 485 static void 486 tcp_sackhole_free(struct tcpcb *tp, struct sackhole *hole) 487 { 488 489 uma_zfree(V_sack_hole_zone, hole); 490 491 tp->snd_numholes--; 492 atomic_subtract_int(&V_tcp_sack_globalholes, 1); 493 494 KASSERT(tp->snd_numholes >= 0, ("tp->snd_numholes >= 0")); 495 KASSERT(V_tcp_sack_globalholes >= 0, ("tcp_sack_globalholes >= 0")); 496 } 497 498 /* 499 * Insert new SACK hole into scoreboard. 500 */ 501 static struct sackhole * 502 tcp_sackhole_insert(struct tcpcb *tp, tcp_seq start, tcp_seq end, 503 struct sackhole *after) 504 { 505 struct sackhole *hole; 506 507 /* Allocate a new SACK hole. */ 508 hole = tcp_sackhole_alloc(tp, start, end); 509 if (hole == NULL) 510 return NULL; 511 512 /* Insert the new SACK hole into scoreboard. */ 513 if (after != NULL) 514 TAILQ_INSERT_AFTER(&tp->snd_holes, after, hole, scblink); 515 else 516 TAILQ_INSERT_TAIL(&tp->snd_holes, hole, scblink); 517 518 /* Update SACK hint. */ 519 if (tp->sackhint.nexthole == NULL) 520 tp->sackhint.nexthole = hole; 521 522 return hole; 523 } 524 525 /* 526 * Remove SACK hole from scoreboard. 527 */ 528 static void 529 tcp_sackhole_remove(struct tcpcb *tp, struct sackhole *hole) 530 { 531 532 /* Update SACK hint. */ 533 if (tp->sackhint.nexthole == hole) 534 tp->sackhint.nexthole = TAILQ_NEXT(hole, scblink); 535 536 /* Remove this SACK hole. */ 537 TAILQ_REMOVE(&tp->snd_holes, hole, scblink); 538 539 /* Free this SACK hole. */ 540 tcp_sackhole_free(tp, hole); 541 } 542 543 /* 544 * Process cumulative ACK and the TCP SACK option to update the scoreboard. 545 * tp->snd_holes is an ordered list of holes (oldest to newest, in terms of 546 * the sequence space). 547 * Returns 1 if incoming ACK has previously unknown SACK information, 548 * 0 otherwise. 549 */ 550 int 551 tcp_sack_doack(struct tcpcb *tp, struct tcpopt *to, tcp_seq th_ack) 552 { 553 struct sackhole *cur, *temp; 554 struct sackblk sack, sack_blocks[TCP_MAX_SACK + 1], *sblkp; 555 int i, j, num_sack_blks, sack_changed; 556 int delivered_data, left_edge_delta; 557 558 tcp_seq loss_hiack = 0; 559 int loss_thresh = 0; 560 int loss_sblks = 0; 561 int notlost_bytes = 0; 562 563 INP_WLOCK_ASSERT(tptoinpcb(tp)); 564 565 num_sack_blks = 0; 566 sack_changed = 0; 567 delivered_data = 0; 568 left_edge_delta = 0; 569 /* 570 * If SND.UNA will be advanced by SEG.ACK, and if SACK holes exist, 571 * treat [SND.UNA, SEG.ACK) as if it is a SACK block. 572 * Account changes to SND.UNA always in delivered data. 573 */ 574 if (SEQ_LT(tp->snd_una, th_ack) && !TAILQ_EMPTY(&tp->snd_holes)) { 575 left_edge_delta = th_ack - tp->snd_una; 576 sack_blocks[num_sack_blks].start = tp->snd_una; 577 sack_blocks[num_sack_blks++].end = th_ack; 578 /* 579 * Pulling snd_fack forward if we got here 580 * due to DSACK blocks 581 */ 582 if (SEQ_LT(tp->snd_fack, th_ack)) { 583 delivered_data += th_ack - tp->snd_una; 584 tp->snd_fack = th_ack; 585 sack_changed = 1; 586 } 587 } 588 /* 589 * Append received valid SACK blocks to sack_blocks[], but only if we 590 * received new blocks from the other side. 591 */ 592 if (to->to_flags & TOF_SACK) { 593 for (i = 0; i < to->to_nsacks; i++) { 594 bcopy((to->to_sacks + i * TCPOLEN_SACK), 595 &sack, sizeof(sack)); 596 sack.start = ntohl(sack.start); 597 sack.end = ntohl(sack.end); 598 if (SEQ_GT(sack.end, sack.start) && 599 SEQ_GT(sack.start, tp->snd_una) && 600 SEQ_GT(sack.start, th_ack) && 601 SEQ_LT(sack.start, tp->snd_max) && 602 SEQ_GT(sack.end, tp->snd_una) && 603 SEQ_LEQ(sack.end, tp->snd_max)) { 604 sack_blocks[num_sack_blks++] = sack; 605 } else if (SEQ_LEQ(sack.start, th_ack) && 606 SEQ_LEQ(sack.end, th_ack)) { 607 /* 608 * Its a D-SACK block. 609 */ 610 tcp_record_dsack(tp, sack.start, sack.end, 0); 611 } 612 } 613 } 614 /* 615 * Return if SND.UNA is not advanced and no valid SACK block is 616 * received. 617 */ 618 if (num_sack_blks == 0) 619 return (sack_changed); 620 621 /* 622 * Sort the SACK blocks so we can update the scoreboard with just one 623 * pass. The overhead of sorting up to 4+1 elements is less than 624 * making up to 4+1 passes over the scoreboard. 625 */ 626 for (i = 0; i < num_sack_blks; i++) { 627 for (j = i + 1; j < num_sack_blks; j++) { 628 if (SEQ_GT(sack_blocks[i].end, sack_blocks[j].end)) { 629 sack = sack_blocks[i]; 630 sack_blocks[i] = sack_blocks[j]; 631 sack_blocks[j] = sack; 632 } 633 } 634 } 635 if (TAILQ_EMPTY(&tp->snd_holes)) { 636 /* 637 * Empty scoreboard. Need to initialize snd_fack (it may be 638 * uninitialized or have a bogus value). Scoreboard holes 639 * (from the sack blocks received) are created later below 640 * (in the logic that adds holes to the tail of the 641 * scoreboard). 642 */ 643 tp->snd_fack = SEQ_MAX(tp->snd_una, th_ack); 644 tp->sackhint.sacked_bytes = 0; /* reset */ 645 tp->sackhint.hole_bytes = 0; 646 } 647 /* 648 * In the while-loop below, incoming SACK blocks (sack_blocks[]) and 649 * SACK holes (snd_holes) are traversed from their tails with just 650 * one pass in order to reduce the number of compares especially when 651 * the bandwidth-delay product is large. 652 * 653 * Note: Typically, in the first RTT of SACK recovery, the highest 654 * three or four SACK blocks with the same ack number are received. 655 * In the second RTT, if retransmitted data segments are not lost, 656 * the highest three or four SACK blocks with ack number advancing 657 * are received. 658 */ 659 sblkp = &sack_blocks[num_sack_blks - 1]; /* Last SACK block */ 660 tp->sackhint.last_sack_ack = sblkp->end; 661 if (SEQ_LT(tp->snd_fack, sblkp->start)) { 662 /* 663 * The highest SACK block is beyond fack. First, 664 * check if there was a successful Rescue Retransmission, 665 * and move this hole left. With normal holes, snd_fack 666 * is always to the right of the end. 667 */ 668 if (((temp = TAILQ_LAST(&tp->snd_holes, sackhole_head)) != NULL) && 669 SEQ_LEQ(tp->snd_fack,temp->end)) { 670 tp->sackhint.hole_bytes -= temp->end - temp->start; 671 temp->start = SEQ_MAX(tp->snd_fack, SEQ_MAX(tp->snd_una, th_ack)); 672 temp->end = sblkp->start; 673 temp->rxmit = temp->start; 674 delivered_data += sblkp->end - sblkp->start; 675 tp->sackhint.hole_bytes += temp->end - temp->start; 676 KASSERT(tp->sackhint.hole_bytes >= 0, 677 ("sackhint hole bytes >= 0")); 678 tp->snd_fack = sblkp->end; 679 sack_changed = 1; 680 sblkp--; 681 } else { 682 /* 683 * Append a new SACK hole at the tail. If the 684 * second or later highest SACK blocks are also 685 * beyond the current fack, they will be inserted 686 * by way of hole splitting in the while-loop below. 687 */ 688 temp = tcp_sackhole_insert(tp, tp->snd_fack,sblkp->start,NULL); 689 if (temp != NULL) { 690 delivered_data += sblkp->end - sblkp->start; 691 tp->sackhint.hole_bytes += temp->end - temp->start; 692 tp->snd_fack = sblkp->end; 693 sack_changed = 1; 694 /* Go to the previous sack block. */ 695 sblkp--; 696 } else { 697 /* 698 * We failed to add a new hole based on the current 699 * sack block. Skip over all the sack blocks that 700 * fall completely to the right of snd_fack and 701 * proceed to trim the scoreboard based on the 702 * remaining sack blocks. This also trims the 703 * scoreboard for th_ack (which is sack_blocks[0]). 704 */ 705 while (sblkp >= sack_blocks && 706 SEQ_LT(tp->snd_fack, sblkp->start)) 707 sblkp--; 708 if (sblkp >= sack_blocks && 709 SEQ_LT(tp->snd_fack, sblkp->end)) { 710 delivered_data += sblkp->end - tp->snd_fack; 711 tp->snd_fack = sblkp->end; 712 sack_changed = 1; 713 } 714 } 715 } 716 } else if (SEQ_LT(tp->snd_fack, sblkp->end)) { 717 /* fack is advanced. */ 718 delivered_data += sblkp->end - tp->snd_fack; 719 tp->snd_fack = sblkp->end; 720 sack_changed = 1; 721 } 722 cur = TAILQ_LAST(&tp->snd_holes, sackhole_head); /* Last SACK hole. */ 723 loss_hiack = tp->snd_fack; 724 725 /* 726 * Since the incoming sack blocks are sorted, we can process them 727 * making one sweep of the scoreboard. 728 */ 729 while (cur != NULL) { 730 if (!(sblkp >= sack_blocks)) { 731 if (((loss_sblks >= tcprexmtthresh) || 732 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 733 break; 734 loss_thresh += loss_hiack - cur->end; 735 loss_hiack = cur->start; 736 loss_sblks++; 737 if (!((loss_sblks >= tcprexmtthresh) || 738 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) { 739 notlost_bytes += cur->end - cur->start; 740 } else { 741 break; 742 } 743 cur = TAILQ_PREV(cur, sackhole_head, scblink); 744 continue; 745 } 746 if (SEQ_GEQ(sblkp->start, cur->end)) { 747 /* 748 * SACKs data beyond the current hole. Go to the 749 * previous sack block. 750 */ 751 sblkp--; 752 continue; 753 } 754 if (SEQ_LEQ(sblkp->end, cur->start)) { 755 /* 756 * SACKs data before the current hole. Go to the 757 * previous hole. 758 */ 759 loss_thresh += loss_hiack - cur->end; 760 loss_hiack = cur->start; 761 loss_sblks++; 762 if (!((loss_sblks >= tcprexmtthresh) || 763 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 764 notlost_bytes += cur->end - cur->start; 765 cur = TAILQ_PREV(cur, sackhole_head, scblink); 766 continue; 767 } 768 tp->sackhint.sack_bytes_rexmit -= 769 (SEQ_MIN(cur->rxmit, cur->end) - cur->start); 770 KASSERT(tp->sackhint.sack_bytes_rexmit >= 0, 771 ("sackhint bytes rtx >= 0")); 772 sack_changed = 1; 773 if (SEQ_LEQ(sblkp->start, cur->start)) { 774 /* Data acks at least the beginning of hole. */ 775 if (SEQ_GEQ(sblkp->end, cur->end)) { 776 /* Acks entire hole, so delete hole. */ 777 delivered_data += (cur->end - cur->start); 778 temp = cur; 779 cur = TAILQ_PREV(cur, sackhole_head, scblink); 780 tp->sackhint.hole_bytes -= temp->end - temp->start; 781 tcp_sackhole_remove(tp, temp); 782 /* 783 * The sack block may ack all or part of the 784 * next hole too, so continue onto the next 785 * hole. 786 */ 787 continue; 788 } else { 789 /* Move start of hole forward. */ 790 delivered_data += (sblkp->end - cur->start); 791 tp->sackhint.hole_bytes -= sblkp->end - cur->start; 792 cur->start = sblkp->end; 793 cur->rxmit = SEQ_MAX(cur->rxmit, cur->start); 794 } 795 } else { 796 /* Data acks at least the end of hole. */ 797 if (SEQ_GEQ(sblkp->end, cur->end)) { 798 /* Move end of hole backward. */ 799 delivered_data += (cur->end - sblkp->start); 800 tp->sackhint.hole_bytes -= cur->end - sblkp->start; 801 cur->end = sblkp->start; 802 cur->rxmit = SEQ_MIN(cur->rxmit, cur->end); 803 if ((tp->t_flags & TF_LRD) && SEQ_GEQ(cur->rxmit, cur->end)) 804 cur->rxmit = tp->snd_recover; 805 } else { 806 /* 807 * ACKs some data in middle of a hole; need 808 * to split current hole 809 */ 810 temp = tcp_sackhole_insert(tp, sblkp->end, 811 cur->end, cur); 812 if (temp != NULL) { 813 if (SEQ_GT(cur->rxmit, temp->rxmit)) { 814 temp->rxmit = cur->rxmit; 815 tp->sackhint.sack_bytes_rexmit += 816 (SEQ_MIN(temp->rxmit, 817 temp->end) - temp->start); 818 } 819 tp->sackhint.hole_bytes -= sblkp->end - sblkp->start; 820 loss_thresh += loss_hiack - temp->end; 821 loss_hiack = temp->start; 822 loss_sblks++; 823 if (!((loss_sblks >= tcprexmtthresh) || 824 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 825 notlost_bytes += temp->end - temp->start; 826 cur->end = sblkp->start; 827 cur->rxmit = SEQ_MIN(cur->rxmit, 828 cur->end); 829 if ((tp->t_flags & TF_LRD) && SEQ_GEQ(cur->rxmit, cur->end)) 830 cur->rxmit = tp->snd_recover; 831 delivered_data += (sblkp->end - sblkp->start); 832 } 833 } 834 } 835 tp->sackhint.sack_bytes_rexmit += 836 (SEQ_MIN(cur->rxmit, cur->end) - cur->start); 837 /* 838 * Testing sblkp->start against cur->start tells us whether 839 * we're done with the sack block or the sack hole. 840 * Accordingly, we advance one or the other. 841 */ 842 if (SEQ_LEQ(sblkp->start, cur->start)) { 843 loss_thresh += loss_hiack - cur->end; 844 loss_hiack = cur->start; 845 loss_sblks++; 846 if (!((loss_sblks >= tcprexmtthresh) || 847 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 848 notlost_bytes += cur->end - cur->start; 849 cur = TAILQ_PREV(cur, sackhole_head, scblink); 850 } else { 851 sblkp--; 852 } 853 } 854 855 KASSERT(!(TAILQ_EMPTY(&tp->snd_holes) && (tp->sackhint.hole_bytes != 0)), 856 ("SACK scoreboard empty, but accounting non-zero\n")); 857 858 KASSERT(notlost_bytes <= tp->sackhint.hole_bytes, 859 ("SACK: more bytes marked notlost than in scoreboard holes")); 860 861 if (!(to->to_flags & TOF_SACK)) 862 /* 863 * If this ACK did not contain any 864 * SACK blocks, any only moved the 865 * left edge right, it is a pure 866 * cumulative ACK. Do not count 867 * DupAck for this. Also required 868 * for RFC6675 rescue retransmission. 869 */ 870 sack_changed = 0; 871 tp->sackhint.delivered_data = delivered_data; 872 tp->sackhint.sacked_bytes += delivered_data - left_edge_delta; 873 tp->sackhint.lost_bytes = tp->sackhint.hole_bytes - notlost_bytes; 874 KASSERT((delivered_data >= 0), ("delivered_data < 0")); 875 KASSERT((tp->sackhint.sacked_bytes >= 0), ("sacked_bytes < 0")); 876 return (sack_changed); 877 } 878 879 /* 880 * Free all SACK holes to clear the scoreboard. 881 */ 882 void 883 tcp_free_sackholes(struct tcpcb *tp) 884 { 885 struct sackhole *q; 886 887 INP_WLOCK_ASSERT(tptoinpcb(tp)); 888 while ((q = TAILQ_FIRST(&tp->snd_holes)) != NULL) 889 tcp_sackhole_remove(tp, q); 890 tp->sackhint.sack_bytes_rexmit = 0; 891 tp->sackhint.sacked_bytes = 0; 892 tp->sackhint.delivered_data = 0; 893 tp->sackhint.lost_bytes = 0; 894 tp->sackhint.hole_bytes = 0; 895 896 KASSERT(tp->snd_numholes == 0, ("tp->snd_numholes == 0")); 897 KASSERT(tp->sackhint.nexthole == NULL, 898 ("tp->sackhint.nexthole == NULL")); 899 } 900 901 /* 902 * Partial ack handling within a sack recovery episode. Keeping this very 903 * simple for now. When a partial ack is received, force snd_cwnd to a value 904 * that will allow the sender to transmit no more than 2 segments. If 905 * necessary, a better scheme can be adopted at a later point, but for now, 906 * the goal is to prevent the sender from bursting a large amount of data in 907 * the midst of sack recovery. 908 */ 909 void 910 tcp_sack_partialack(struct tcpcb *tp, struct tcphdr *th) 911 { 912 struct sackhole *temp; 913 int num_segs = 1; 914 u_int maxseg = tcp_maxseg(tp); 915 916 INP_WLOCK_ASSERT(tptoinpcb(tp)); 917 tcp_timer_activate(tp, TT_REXMT, 0); 918 tp->t_rtttime = 0; 919 /* Send one or 2 segments based on how much new data was acked. */ 920 if ((BYTES_THIS_ACK(tp, th) / maxseg) >= 2) 921 num_segs = 2; 922 tp->snd_cwnd = (tp->sackhint.sack_bytes_rexmit + 923 (tp->snd_nxt - tp->snd_recover) + num_segs * maxseg); 924 if (tp->snd_cwnd > tp->snd_ssthresh) 925 tp->snd_cwnd = tp->snd_ssthresh; 926 tp->t_flags |= TF_ACKNOW; 927 /* 928 * RFC6675 rescue retransmission 929 * Add a hole between th_ack (snd_una is not yet set) and snd_max, 930 * if this was a pure cumulative ACK and no data was send beyond 931 * recovery point. Since the data in the socket has not been freed 932 * at this point, we check if the scoreboard is empty, and the ACK 933 * delivered some new data, indicating a full ACK. Also, if the 934 * recovery point is still at snd_max, we are probably application 935 * limited. However, this inference might not always be true. The 936 * rescue retransmission may rarely be slightly premature 937 * compared to RFC6675. 938 * The corresponding ACK+SACK will cause any further outstanding 939 * segments to be retransmitted. This addresses a corner case, when 940 * the trailing packets of a window are lost and no further data 941 * is available for sending. 942 */ 943 if ((V_tcp_do_newsack) && 944 SEQ_LT(th->th_ack, tp->snd_recover) && 945 TAILQ_EMPTY(&tp->snd_holes) && 946 (tp->sackhint.delivered_data > 0)) { 947 /* 948 * Exclude FIN sequence space in 949 * the hole for the rescue retransmission, 950 * and also don't create a hole, if only 951 * the ACK for a FIN is outstanding. 952 */ 953 tcp_seq highdata = tp->snd_max; 954 if (tp->t_flags & TF_SENTFIN) 955 highdata--; 956 highdata = SEQ_MIN(highdata, tp->snd_recover); 957 if (th->th_ack != highdata) { 958 tp->snd_fack = th->th_ack; 959 if ((temp = tcp_sackhole_insert(tp, SEQ_MAX(th->th_ack, 960 highdata - maxseg), highdata, NULL)) != NULL) 961 tp->sackhint.hole_bytes += temp->end - 962 temp->start; 963 } 964 } 965 (void) tcp_output(tp); 966 } 967 968 #if 0 969 /* 970 * Debug version of tcp_sack_output() that walks the scoreboard. Used for 971 * now to sanity check the hint. 972 */ 973 static struct sackhole * 974 tcp_sack_output_debug(struct tcpcb *tp, int *sack_bytes_rexmt) 975 { 976 struct sackhole *p; 977 978 INP_WLOCK_ASSERT(tptoinpcb(tp)); 979 *sack_bytes_rexmt = 0; 980 TAILQ_FOREACH(p, &tp->snd_holes, scblink) { 981 if (SEQ_LT(p->rxmit, p->end)) { 982 if (SEQ_LT(p->rxmit, tp->snd_una)) {/* old SACK hole */ 983 continue; 984 } 985 *sack_bytes_rexmt += (p->rxmit - p->start); 986 break; 987 } 988 *sack_bytes_rexmt += (SEQ_MIN(p->rxmit, p->end) - p->start); 989 } 990 return (p); 991 } 992 #endif 993 994 /* 995 * Returns the next hole to retransmit and the number of retransmitted bytes 996 * from the scoreboard. We store both the next hole and the number of 997 * retransmitted bytes as hints (and recompute these on the fly upon SACK/ACK 998 * reception). This avoids scoreboard traversals completely. 999 * 1000 * The loop here will traverse *at most* one link. Here's the argument. For 1001 * the loop to traverse more than 1 link before finding the next hole to 1002 * retransmit, we would need to have at least 1 node following the current 1003 * hint with (rxmit == end). But, for all holes following the current hint, 1004 * (start == rxmit), since we have not yet retransmitted from them. 1005 * Therefore, in order to traverse more 1 link in the loop below, we need to 1006 * have at least one node following the current hint with (start == rxmit == 1007 * end). But that can't happen, (start == end) means that all the data in 1008 * that hole has been sacked, in which case, the hole would have been removed 1009 * from the scoreboard. 1010 */ 1011 struct sackhole * 1012 tcp_sack_output(struct tcpcb *tp, int *sack_bytes_rexmt) 1013 { 1014 struct sackhole *hole = NULL; 1015 1016 INP_WLOCK_ASSERT(tptoinpcb(tp)); 1017 *sack_bytes_rexmt = tp->sackhint.sack_bytes_rexmit; 1018 hole = tp->sackhint.nexthole; 1019 if (hole == NULL) 1020 return (hole); 1021 if (SEQ_GEQ(hole->rxmit, hole->end)) { 1022 for (;;) { 1023 hole = TAILQ_NEXT(hole, scblink); 1024 if (hole == NULL) 1025 return (hole); 1026 if (SEQ_LT(hole->rxmit, hole->end)) { 1027 tp->sackhint.nexthole = hole; 1028 break; 1029 } 1030 } 1031 } 1032 KASSERT(SEQ_LT(hole->start, hole->end), ("%s: hole.start >= hole.end", __func__)); 1033 if (!(V_tcp_do_newsack)) { 1034 KASSERT(SEQ_LT(hole->start, tp->snd_fack), ("%s: hole.start >= snd.fack", __func__)); 1035 KASSERT(SEQ_LT(hole->end, tp->snd_fack), ("%s: hole.end >= snd.fack", __func__)); 1036 KASSERT(SEQ_LT(hole->rxmit, tp->snd_fack), ("%s: hole.rxmit >= snd.fack", __func__)); 1037 if (SEQ_GEQ(hole->start, hole->end) || 1038 SEQ_GEQ(hole->start, tp->snd_fack) || 1039 SEQ_GEQ(hole->end, tp->snd_fack) || 1040 SEQ_GEQ(hole->rxmit, tp->snd_fack)) { 1041 log(LOG_CRIT,"tcp: invalid SACK hole (%u-%u,%u) vs fwd ack %u, ignoring.\n", 1042 hole->start, hole->end, hole->rxmit, tp->snd_fack); 1043 return (NULL); 1044 } 1045 } 1046 return (hole); 1047 } 1048 1049 /* 1050 * After a timeout, the SACK list may be rebuilt. This SACK information 1051 * should be used to avoid retransmitting SACKed data. This function 1052 * traverses the SACK list to see if snd_nxt should be moved forward. 1053 */ 1054 void 1055 tcp_sack_adjust(struct tcpcb *tp) 1056 { 1057 struct sackhole *p, *cur = TAILQ_FIRST(&tp->snd_holes); 1058 1059 INP_WLOCK_ASSERT(tptoinpcb(tp)); 1060 if (cur == NULL) 1061 return; /* No holes */ 1062 if (SEQ_GEQ(tp->snd_nxt, tp->snd_fack)) 1063 return; /* We're already beyond any SACKed blocks */ 1064 /*- 1065 * Two cases for which we want to advance snd_nxt: 1066 * i) snd_nxt lies between end of one hole and beginning of another 1067 * ii) snd_nxt lies between end of last hole and snd_fack 1068 */ 1069 while ((p = TAILQ_NEXT(cur, scblink)) != NULL) { 1070 if (SEQ_LT(tp->snd_nxt, cur->end)) 1071 return; 1072 if (SEQ_GEQ(tp->snd_nxt, p->start)) 1073 cur = p; 1074 else { 1075 tp->snd_nxt = p->start; 1076 return; 1077 } 1078 } 1079 if (SEQ_LT(tp->snd_nxt, cur->end)) 1080 return; 1081 tp->snd_nxt = tp->snd_fack; 1082 } 1083 1084 /* 1085 * Lost Retransmission Detection 1086 * Check is FACK is beyond the rexmit of the leftmost hole. 1087 * If yes, we restart sending from still existing holes, 1088 * and adjust cwnd via the congestion control module. 1089 */ 1090 void 1091 tcp_sack_lost_retransmission(struct tcpcb *tp, struct tcphdr *th) 1092 { 1093 struct sackhole *temp; 1094 1095 if (IN_RECOVERY(tp->t_flags) && 1096 SEQ_GT(tp->snd_fack, tp->snd_recover) && 1097 ((temp = TAILQ_FIRST(&tp->snd_holes)) != NULL) && 1098 SEQ_GEQ(temp->rxmit, temp->end) && 1099 SEQ_GEQ(tp->snd_fack, temp->rxmit)) { 1100 TCPSTAT_INC(tcps_sack_lostrexmt); 1101 /* 1102 * Start retransmissions from the first hole, and 1103 * subsequently all other remaining holes, including 1104 * those, which had been sent completely before. 1105 */ 1106 tp->sackhint.nexthole = temp; 1107 TAILQ_FOREACH(temp, &tp->snd_holes, scblink) { 1108 if (SEQ_GEQ(tp->snd_fack, temp->rxmit) && 1109 SEQ_GEQ(temp->rxmit, temp->end)) 1110 temp->rxmit = temp->start; 1111 } 1112 /* 1113 * Remember the old ssthresh, to deduct the beta factor used 1114 * by the CC module. Finally, set cwnd to ssthresh just 1115 * prior to invoking another cwnd reduction by the CC 1116 * module, to not shrink it excessively. 1117 */ 1118 tp->snd_cwnd = tp->snd_ssthresh; 1119 /* 1120 * Formally exit recovery, and let the CC module adjust 1121 * ssthresh as intended. 1122 */ 1123 EXIT_RECOVERY(tp->t_flags); 1124 cc_cong_signal(tp, th, CC_NDUPACK); 1125 /* 1126 * For PRR, adjust recover_fs as if this new reduction 1127 * initialized this variable. 1128 * cwnd will be adjusted by SACK or PRR processing 1129 * subsequently, only set it to a safe value here. 1130 */ 1131 tp->snd_cwnd = tcp_maxseg(tp); 1132 tp->sackhint.recover_fs = (tp->snd_max - tp->snd_una) - 1133 tp->sackhint.recover_fs; 1134 } 1135 } 1136