1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994, 1995 5 * The Regents of the University of California. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /*- 34 * 35 * NRL grants permission for redistribution and use in source and binary 36 * forms, with or without modification, of the software and documentation 37 * created at NRL provided that the following conditions are met: 38 * 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. All advertising materials mentioning features or use of this software 45 * must display the following acknowledgements: 46 * This product includes software developed by the University of 47 * California, Berkeley and its contributors. 48 * This product includes software developed at the Information 49 * Technology Division, US Naval Research Laboratory. 50 * 4. Neither the name of the NRL nor the names of its contributors 51 * may be used to endorse or promote products derived from this software 52 * without specific prior written permission. 53 * 54 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 55 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 56 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 57 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 58 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 59 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 60 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 61 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 62 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 63 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 64 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 65 * 66 * The views and conclusions contained in the software and documentation 67 * are those of the authors and should not be interpreted as representing 68 * official policies, either expressed or implied, of the US Naval 69 * Research Laboratory (NRL). 70 */ 71 72 #include <sys/cdefs.h> 73 #include "opt_inet.h" 74 #include "opt_inet6.h" 75 76 #include <sys/param.h> 77 #include <sys/systm.h> 78 #include <sys/kernel.h> 79 #include <sys/sysctl.h> 80 #include <sys/malloc.h> 81 #include <sys/mbuf.h> 82 #include <sys/proc.h> /* for proc0 declaration */ 83 #include <sys/protosw.h> 84 #include <sys/socket.h> 85 #include <sys/socketvar.h> 86 #include <sys/syslog.h> 87 #include <sys/systm.h> 88 89 #include <machine/cpu.h> /* before tcp_seq.h, for tcp_random18() */ 90 91 #include <vm/uma.h> 92 93 #include <net/if.h> 94 #include <net/if_var.h> 95 #include <net/route.h> 96 #include <net/vnet.h> 97 98 #include <netinet/in.h> 99 #include <netinet/in_systm.h> 100 #include <netinet/ip.h> 101 #include <netinet/in_var.h> 102 #include <netinet/in_pcb.h> 103 #include <netinet/ip_var.h> 104 #include <netinet/ip6.h> 105 #include <netinet/icmp6.h> 106 #include <netinet6/nd6.h> 107 #include <netinet6/ip6_var.h> 108 #include <netinet6/in6_pcb.h> 109 #include <netinet/tcp.h> 110 #include <netinet/tcp_fsm.h> 111 #include <netinet/tcp_seq.h> 112 #include <netinet/tcp_timer.h> 113 #include <netinet/tcp_var.h> 114 #include <netinet/tcpip.h> 115 #include <netinet/cc/cc.h> 116 117 #include <machine/in_cksum.h> 118 119 VNET_DECLARE(struct uma_zone *, sack_hole_zone); 120 #define V_sack_hole_zone VNET(sack_hole_zone) 121 122 SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 123 "TCP SACK"); 124 125 VNET_DEFINE(int, tcp_do_sack) = 1; 126 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, enable, CTLFLAG_VNET | CTLFLAG_RW, 127 &VNET_NAME(tcp_do_sack), 0, 128 "Enable/Disable TCP SACK support"); 129 130 VNET_DEFINE(int, tcp_do_newsack) = 1; 131 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, revised, CTLFLAG_VNET | CTLFLAG_RW, 132 &VNET_NAME(tcp_do_newsack), 0, 133 "Use revised SACK loss recovery per RFC 6675"); 134 135 VNET_DEFINE(int, tcp_do_lrd) = 1; 136 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, lrd, CTLFLAG_VNET | CTLFLAG_RW, 137 &VNET_NAME(tcp_do_lrd), 1, 138 "Perform Lost Retransmission Detection"); 139 140 VNET_DEFINE(int, tcp_sack_maxholes) = 128; 141 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, maxholes, CTLFLAG_VNET | CTLFLAG_RW, 142 &VNET_NAME(tcp_sack_maxholes), 0, 143 "Maximum number of TCP SACK holes allowed per connection"); 144 145 VNET_DEFINE(int, tcp_sack_globalmaxholes) = 65536; 146 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalmaxholes, CTLFLAG_VNET | CTLFLAG_RW, 147 &VNET_NAME(tcp_sack_globalmaxholes), 0, 148 "Global maximum number of TCP SACK holes"); 149 150 VNET_DEFINE(int, tcp_sack_globalholes) = 0; 151 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalholes, CTLFLAG_VNET | CTLFLAG_RD, 152 &VNET_NAME(tcp_sack_globalholes), 0, 153 "Global number of TCP SACK holes currently allocated"); 154 155 int 156 tcp_dsack_block_exists(struct tcpcb *tp) 157 { 158 /* Return true if a DSACK block exists */ 159 if (tp->rcv_numsacks == 0) 160 return (0); 161 if (SEQ_LEQ(tp->sackblks[0].end, tp->rcv_nxt)) 162 return(1); 163 return (0); 164 } 165 166 /* 167 * This function will find overlaps with the currently stored sackblocks 168 * and add any overlap as a dsack block upfront 169 */ 170 void 171 tcp_update_dsack_list(struct tcpcb *tp, tcp_seq rcv_start, tcp_seq rcv_end) 172 { 173 struct sackblk head_blk,mid_blk,saved_blks[MAX_SACK_BLKS]; 174 int i, j, n, identical; 175 tcp_seq start, end; 176 177 INP_WLOCK_ASSERT(tptoinpcb(tp)); 178 179 KASSERT(SEQ_LT(rcv_start, rcv_end), ("rcv_start < rcv_end")); 180 181 if (SEQ_LT(rcv_end, tp->rcv_nxt) || 182 ((rcv_end == tp->rcv_nxt) && 183 (tp->rcv_numsacks > 0 ) && 184 (tp->sackblks[0].end == tp->rcv_nxt))) { 185 saved_blks[0].start = rcv_start; 186 saved_blks[0].end = rcv_end; 187 } else { 188 saved_blks[0].start = saved_blks[0].end = 0; 189 } 190 191 head_blk.start = head_blk.end = 0; 192 mid_blk.start = rcv_start; 193 mid_blk.end = rcv_end; 194 identical = 0; 195 196 for (i = 0; i < tp->rcv_numsacks; i++) { 197 start = tp->sackblks[i].start; 198 end = tp->sackblks[i].end; 199 if (SEQ_LT(rcv_end, start)) { 200 /* pkt left to sack blk */ 201 continue; 202 } 203 if (SEQ_GT(rcv_start, end)) { 204 /* pkt right to sack blk */ 205 continue; 206 } 207 if (SEQ_GT(tp->rcv_nxt, end)) { 208 if ((SEQ_MAX(rcv_start, start) != SEQ_MIN(rcv_end, end)) && 209 (SEQ_GT(head_blk.start, SEQ_MAX(rcv_start, start)) || 210 (head_blk.start == head_blk.end))) { 211 head_blk.start = SEQ_MAX(rcv_start, start); 212 head_blk.end = SEQ_MIN(rcv_end, end); 213 } 214 continue; 215 } 216 if (((head_blk.start == head_blk.end) || 217 SEQ_LT(start, head_blk.start)) && 218 (SEQ_GT(end, rcv_start) && 219 SEQ_LEQ(start, rcv_end))) { 220 head_blk.start = start; 221 head_blk.end = end; 222 } 223 mid_blk.start = SEQ_MIN(mid_blk.start, start); 224 mid_blk.end = SEQ_MAX(mid_blk.end, end); 225 if ((mid_blk.start == start) && 226 (mid_blk.end == end)) 227 identical = 1; 228 } 229 if (SEQ_LT(head_blk.start, head_blk.end)) { 230 /* store overlapping range */ 231 saved_blks[0].start = SEQ_MAX(rcv_start, head_blk.start); 232 saved_blks[0].end = SEQ_MIN(rcv_end, head_blk.end); 233 } 234 n = 1; 235 /* 236 * Second, if not ACKed, store the SACK block that 237 * overlaps with the DSACK block unless it is identical 238 */ 239 if ((SEQ_LT(tp->rcv_nxt, mid_blk.end) && 240 !((mid_blk.start == saved_blks[0].start) && 241 (mid_blk.end == saved_blks[0].end))) || 242 identical == 1) { 243 saved_blks[n].start = mid_blk.start; 244 saved_blks[n++].end = mid_blk.end; 245 } 246 for (j = 0; (j < tp->rcv_numsacks) && (n < MAX_SACK_BLKS); j++) { 247 if (((SEQ_LT(tp->sackblks[j].end, mid_blk.start) || 248 SEQ_GT(tp->sackblks[j].start, mid_blk.end)) && 249 (SEQ_GT(tp->sackblks[j].start, tp->rcv_nxt)))) 250 saved_blks[n++] = tp->sackblks[j]; 251 } 252 j = 0; 253 for (i = 0; i < n; i++) { 254 /* we can end up with a stale initial entry */ 255 if (SEQ_LT(saved_blks[i].start, saved_blks[i].end)) { 256 tp->sackblks[j++] = saved_blks[i]; 257 } 258 } 259 tp->rcv_numsacks = j; 260 } 261 262 /* 263 * This function is called upon receipt of new valid data (while not in 264 * header prediction mode), and it updates the ordered list of sacks. 265 */ 266 void 267 tcp_update_sack_list(struct tcpcb *tp, tcp_seq rcv_start, tcp_seq rcv_end) 268 { 269 /* 270 * First reported block MUST be the most recent one. Subsequent 271 * blocks SHOULD be in the order in which they arrived at the 272 * receiver. These two conditions make the implementation fully 273 * compliant with RFC 2018. 274 */ 275 struct sackblk head_blk, saved_blks[MAX_SACK_BLKS]; 276 int num_head, num_saved, i; 277 278 INP_WLOCK_ASSERT(tptoinpcb(tp)); 279 280 /* Check arguments. */ 281 KASSERT(SEQ_LEQ(rcv_start, rcv_end), ("rcv_start <= rcv_end")); 282 283 if ((rcv_start == rcv_end) && 284 (tp->rcv_numsacks >= 1) && 285 (rcv_end == tp->sackblks[0].end)) { 286 /* retaining DSACK block below rcv_nxt (todrop) */ 287 head_blk = tp->sackblks[0]; 288 } else { 289 /* SACK block for the received segment. */ 290 head_blk.start = rcv_start; 291 head_blk.end = rcv_end; 292 } 293 294 /* 295 * Merge updated SACK blocks into head_blk, and save unchanged SACK 296 * blocks into saved_blks[]. num_saved will have the number of the 297 * saved SACK blocks. 298 */ 299 num_saved = 0; 300 for (i = 0; i < tp->rcv_numsacks; i++) { 301 tcp_seq start = tp->sackblks[i].start; 302 tcp_seq end = tp->sackblks[i].end; 303 if (SEQ_GEQ(start, end) || SEQ_LEQ(start, tp->rcv_nxt)) { 304 /* 305 * Discard this SACK block. 306 */ 307 } else if (SEQ_LEQ(head_blk.start, end) && 308 SEQ_GEQ(head_blk.end, start)) { 309 /* 310 * Merge this SACK block into head_blk. This SACK 311 * block itself will be discarded. 312 */ 313 /* 314 * |-| 315 * |---| merge 316 * 317 * |-| 318 * |---| merge 319 * 320 * |-----| 321 * |-| DSACK smaller 322 * 323 * |-| 324 * |-----| DSACK smaller 325 */ 326 if (head_blk.start == end) 327 head_blk.start = start; 328 else if (head_blk.end == start) 329 head_blk.end = end; 330 else { 331 if (SEQ_LT(head_blk.start, start)) { 332 tcp_seq temp = start; 333 start = head_blk.start; 334 head_blk.start = temp; 335 } 336 if (SEQ_GT(head_blk.end, end)) { 337 tcp_seq temp = end; 338 end = head_blk.end; 339 head_blk.end = temp; 340 } 341 if ((head_blk.start != start) || 342 (head_blk.end != end)) { 343 if ((num_saved >= 1) && 344 SEQ_GEQ(saved_blks[num_saved-1].start, start) && 345 SEQ_LEQ(saved_blks[num_saved-1].end, end)) 346 num_saved--; 347 saved_blks[num_saved].start = start; 348 saved_blks[num_saved].end = end; 349 num_saved++; 350 } 351 } 352 } else { 353 /* 354 * This block supercedes the prior block 355 */ 356 if ((num_saved >= 1) && 357 SEQ_GEQ(saved_blks[num_saved-1].start, start) && 358 SEQ_LEQ(saved_blks[num_saved-1].end, end)) 359 num_saved--; 360 /* 361 * Save this SACK block. 362 */ 363 saved_blks[num_saved].start = start; 364 saved_blks[num_saved].end = end; 365 num_saved++; 366 } 367 } 368 369 /* 370 * Update SACK list in tp->sackblks[]. 371 */ 372 num_head = 0; 373 if (SEQ_LT(rcv_start, rcv_end)) { 374 /* 375 * The received data segment is an out-of-order segment. Put 376 * head_blk at the top of SACK list. 377 */ 378 tp->sackblks[0] = head_blk; 379 num_head = 1; 380 /* 381 * If the number of saved SACK blocks exceeds its limit, 382 * discard the last SACK block. 383 */ 384 if (num_saved >= MAX_SACK_BLKS) 385 num_saved--; 386 } 387 if ((rcv_start == rcv_end) && 388 (rcv_start == tp->sackblks[0].end)) { 389 num_head = 1; 390 } 391 if (num_saved > 0) { 392 /* 393 * Copy the saved SACK blocks back. 394 */ 395 bcopy(saved_blks, &tp->sackblks[num_head], 396 sizeof(struct sackblk) * num_saved); 397 } 398 399 /* Save the number of SACK blocks. */ 400 tp->rcv_numsacks = num_head + num_saved; 401 } 402 403 void 404 tcp_clean_dsack_blocks(struct tcpcb *tp) 405 { 406 struct sackblk saved_blks[MAX_SACK_BLKS]; 407 int num_saved, i; 408 409 INP_WLOCK_ASSERT(tptoinpcb(tp)); 410 /* 411 * Clean up any DSACK blocks that 412 * are in our queue of sack blocks. 413 * 414 */ 415 num_saved = 0; 416 for (i = 0; i < tp->rcv_numsacks; i++) { 417 tcp_seq start = tp->sackblks[i].start; 418 tcp_seq end = tp->sackblks[i].end; 419 if (SEQ_GEQ(start, end) || SEQ_LEQ(start, tp->rcv_nxt)) { 420 /* 421 * Discard this D-SACK block. 422 */ 423 continue; 424 } 425 /* 426 * Save this SACK block. 427 */ 428 saved_blks[num_saved].start = start; 429 saved_blks[num_saved].end = end; 430 num_saved++; 431 } 432 if (num_saved > 0) { 433 /* 434 * Copy the saved SACK blocks back. 435 */ 436 bcopy(saved_blks, &tp->sackblks[0], 437 sizeof(struct sackblk) * num_saved); 438 } 439 tp->rcv_numsacks = num_saved; 440 } 441 442 /* 443 * Delete all receiver-side SACK information. 444 */ 445 void 446 tcp_clean_sackreport(struct tcpcb *tp) 447 { 448 int i; 449 450 INP_WLOCK_ASSERT(tptoinpcb(tp)); 451 tp->rcv_numsacks = 0; 452 for (i = 0; i < MAX_SACK_BLKS; i++) 453 tp->sackblks[i].start = tp->sackblks[i].end=0; 454 } 455 456 /* 457 * Allocate struct sackhole. 458 */ 459 static struct sackhole * 460 tcp_sackhole_alloc(struct tcpcb *tp, tcp_seq start, tcp_seq end) 461 { 462 struct sackhole *hole; 463 464 if (tp->snd_numholes >= V_tcp_sack_maxholes || 465 V_tcp_sack_globalholes >= V_tcp_sack_globalmaxholes) { 466 TCPSTAT_INC(tcps_sack_sboverflow); 467 return NULL; 468 } 469 470 hole = (struct sackhole *)uma_zalloc(V_sack_hole_zone, M_NOWAIT); 471 if (hole == NULL) 472 return NULL; 473 474 hole->start = start; 475 hole->end = end; 476 hole->rxmit = start; 477 478 tp->snd_numholes++; 479 atomic_add_int(&V_tcp_sack_globalholes, 1); 480 481 return hole; 482 } 483 484 /* 485 * Free struct sackhole. 486 */ 487 static void 488 tcp_sackhole_free(struct tcpcb *tp, struct sackhole *hole) 489 { 490 491 uma_zfree(V_sack_hole_zone, hole); 492 493 tp->snd_numholes--; 494 atomic_subtract_int(&V_tcp_sack_globalholes, 1); 495 496 KASSERT(tp->snd_numholes >= 0, ("tp->snd_numholes >= 0")); 497 KASSERT(V_tcp_sack_globalholes >= 0, ("tcp_sack_globalholes >= 0")); 498 } 499 500 /* 501 * Insert new SACK hole into scoreboard. 502 */ 503 static struct sackhole * 504 tcp_sackhole_insert(struct tcpcb *tp, tcp_seq start, tcp_seq end, 505 struct sackhole *after) 506 { 507 struct sackhole *hole; 508 509 /* Allocate a new SACK hole. */ 510 hole = tcp_sackhole_alloc(tp, start, end); 511 if (hole == NULL) 512 return NULL; 513 514 /* Insert the new SACK hole into scoreboard. */ 515 if (after != NULL) 516 TAILQ_INSERT_AFTER(&tp->snd_holes, after, hole, scblink); 517 else 518 TAILQ_INSERT_TAIL(&tp->snd_holes, hole, scblink); 519 520 /* Update SACK hint. */ 521 if (tp->sackhint.nexthole == NULL) 522 tp->sackhint.nexthole = hole; 523 524 return hole; 525 } 526 527 /* 528 * Remove SACK hole from scoreboard. 529 */ 530 static void 531 tcp_sackhole_remove(struct tcpcb *tp, struct sackhole *hole) 532 { 533 534 /* Update SACK hint. */ 535 if (tp->sackhint.nexthole == hole) 536 tp->sackhint.nexthole = TAILQ_NEXT(hole, scblink); 537 538 /* Remove this SACK hole. */ 539 TAILQ_REMOVE(&tp->snd_holes, hole, scblink); 540 541 /* Free this SACK hole. */ 542 tcp_sackhole_free(tp, hole); 543 } 544 545 /* 546 * Process cumulative ACK and the TCP SACK option to update the scoreboard. 547 * tp->snd_holes is an ordered list of holes (oldest to newest, in terms of 548 * the sequence space). 549 * Returns SACK_NEWLOSS if incoming ACK indicates ongoing loss (hole split, new hole), 550 * SACK_CHANGE if incoming ACK has previously unknown SACK information, 551 * SACK_NOCHANGE otherwise. 552 */ 553 sackstatus_t 554 tcp_sack_doack(struct tcpcb *tp, struct tcpopt *to, tcp_seq th_ack) 555 { 556 struct sackhole *cur, *temp; 557 struct sackblk sack, sack_blocks[TCP_MAX_SACK + 1], *sblkp; 558 int i, j, num_sack_blks; 559 sackstatus_t sack_changed; 560 int delivered_data, left_edge_delta; 561 562 tcp_seq loss_hiack = 0; 563 int loss_thresh = 0; 564 int loss_sblks = 0; 565 int notlost_bytes = 0; 566 567 INP_WLOCK_ASSERT(tptoinpcb(tp)); 568 569 num_sack_blks = 0; 570 sack_changed = SACK_NOCHANGE; 571 delivered_data = 0; 572 left_edge_delta = 0; 573 /* 574 * If SND.UNA will be advanced by SEG.ACK, and if SACK holes exist, 575 * treat [SND.UNA, SEG.ACK) as if it is a SACK block. 576 * Account changes to SND.UNA always in delivered data. 577 */ 578 if (SEQ_LT(tp->snd_una, th_ack) && !TAILQ_EMPTY(&tp->snd_holes)) { 579 left_edge_delta = th_ack - tp->snd_una; 580 sack_blocks[num_sack_blks].start = tp->snd_una; 581 sack_blocks[num_sack_blks++].end = th_ack; 582 /* 583 * Pulling snd_fack forward if we got here 584 * due to DSACK blocks 585 */ 586 if (SEQ_LT(tp->snd_fack, th_ack)) { 587 delivered_data += th_ack - tp->snd_una; 588 tp->snd_fack = th_ack; 589 sack_changed = SACK_CHANGE; 590 } 591 } 592 /* 593 * Append received valid SACK blocks to sack_blocks[], but only if we 594 * received new blocks from the other side. 595 */ 596 if (to->to_flags & TOF_SACK) { 597 for (i = 0; i < to->to_nsacks; i++) { 598 bcopy((to->to_sacks + i * TCPOLEN_SACK), 599 &sack, sizeof(sack)); 600 sack.start = ntohl(sack.start); 601 sack.end = ntohl(sack.end); 602 if (SEQ_GT(sack.end, sack.start) && 603 SEQ_GT(sack.start, tp->snd_una) && 604 SEQ_GT(sack.start, th_ack) && 605 SEQ_LT(sack.start, tp->snd_max) && 606 SEQ_GT(sack.end, tp->snd_una) && 607 SEQ_LEQ(sack.end, tp->snd_max)) { 608 sack_blocks[num_sack_blks++] = sack; 609 } else if (SEQ_LEQ(sack.start, th_ack) && 610 SEQ_LEQ(sack.end, th_ack)) { 611 /* 612 * Its a D-SACK block. 613 */ 614 tcp_record_dsack(tp, sack.start, sack.end, 0); 615 } 616 } 617 } 618 /* 619 * Return if SND.UNA is not advanced and no valid SACK block is 620 * received. 621 */ 622 if (num_sack_blks == 0) 623 return (sack_changed); 624 625 /* 626 * Sort the SACK blocks so we can update the scoreboard with just one 627 * pass. The overhead of sorting up to 4+1 elements is less than 628 * making up to 4+1 passes over the scoreboard. 629 */ 630 for (i = 0; i < num_sack_blks; i++) { 631 for (j = i + 1; j < num_sack_blks; j++) { 632 if (SEQ_GT(sack_blocks[i].end, sack_blocks[j].end)) { 633 sack = sack_blocks[i]; 634 sack_blocks[i] = sack_blocks[j]; 635 sack_blocks[j] = sack; 636 } 637 } 638 } 639 if (TAILQ_EMPTY(&tp->snd_holes)) { 640 /* 641 * Empty scoreboard. Need to initialize snd_fack (it may be 642 * uninitialized or have a bogus value). Scoreboard holes 643 * (from the sack blocks received) are created later below 644 * (in the logic that adds holes to the tail of the 645 * scoreboard). 646 */ 647 tp->snd_fack = SEQ_MAX(tp->snd_una, th_ack); 648 tp->sackhint.sacked_bytes = 0; /* reset */ 649 tp->sackhint.hole_bytes = 0; 650 } 651 /* 652 * In the while-loop below, incoming SACK blocks (sack_blocks[]) and 653 * SACK holes (snd_holes) are traversed from their tails with just 654 * one pass in order to reduce the number of compares especially when 655 * the bandwidth-delay product is large. 656 * 657 * Note: Typically, in the first RTT of SACK recovery, the highest 658 * three or four SACK blocks with the same ack number are received. 659 * In the second RTT, if retransmitted data segments are not lost, 660 * the highest three or four SACK blocks with ack number advancing 661 * are received. 662 */ 663 sblkp = &sack_blocks[num_sack_blks - 1]; /* Last SACK block */ 664 tp->sackhint.last_sack_ack = sblkp->end; 665 if (SEQ_LT(tp->snd_fack, sblkp->start)) { 666 /* 667 * The highest SACK block is beyond fack. First, 668 * check if there was a successful Rescue Retransmission, 669 * and move this hole left. With normal holes, snd_fack 670 * is always to the right of the end. 671 */ 672 if (((temp = TAILQ_LAST(&tp->snd_holes, sackhole_head)) != NULL) && 673 SEQ_LEQ(tp->snd_fack,temp->end)) { 674 tp->sackhint.hole_bytes -= temp->end - temp->start; 675 temp->start = SEQ_MAX(tp->snd_fack, SEQ_MAX(tp->snd_una, th_ack)); 676 temp->end = sblkp->start; 677 temp->rxmit = temp->start; 678 delivered_data += sblkp->end - sblkp->start; 679 tp->sackhint.hole_bytes += temp->end - temp->start; 680 KASSERT(tp->sackhint.hole_bytes >= 0, 681 ("sackhint hole bytes >= 0")); 682 tp->snd_fack = sblkp->end; 683 sblkp--; 684 sack_changed = SACK_NEWLOSS; 685 } else { 686 /* 687 * Append a new SACK hole at the tail. If the 688 * second or later highest SACK blocks are also 689 * beyond the current fack, they will be inserted 690 * by way of hole splitting in the while-loop below. 691 */ 692 temp = tcp_sackhole_insert(tp, tp->snd_fack,sblkp->start,NULL); 693 if (temp != NULL) { 694 delivered_data += sblkp->end - sblkp->start; 695 tp->sackhint.hole_bytes += temp->end - temp->start; 696 tp->snd_fack = sblkp->end; 697 /* Go to the previous sack block. */ 698 sblkp--; 699 sack_changed = SACK_CHANGE; 700 } else { 701 /* 702 * We failed to add a new hole based on the current 703 * sack block. Skip over all the sack blocks that 704 * fall completely to the right of snd_fack and 705 * proceed to trim the scoreboard based on the 706 * remaining sack blocks. This also trims the 707 * scoreboard for th_ack (which is sack_blocks[0]). 708 */ 709 while (sblkp >= sack_blocks && 710 SEQ_LT(tp->snd_fack, sblkp->start)) 711 sblkp--; 712 if (sblkp >= sack_blocks && 713 SEQ_LT(tp->snd_fack, sblkp->end)) { 714 delivered_data += sblkp->end - tp->snd_fack; 715 tp->snd_fack = sblkp->end; 716 /* 717 * While the Scoreboard didn't change in 718 * size, we only ended up here because 719 * some SACK data had to be dismissed. 720 */ 721 sack_changed = SACK_NEWLOSS; 722 } 723 } 724 } 725 } else if (SEQ_LT(tp->snd_fack, sblkp->end)) { 726 /* fack is advanced. */ 727 delivered_data += sblkp->end - tp->snd_fack; 728 tp->snd_fack = sblkp->end; 729 sack_changed = SACK_CHANGE; 730 } 731 cur = TAILQ_LAST(&tp->snd_holes, sackhole_head); /* Last SACK hole. */ 732 loss_hiack = tp->snd_fack; 733 734 /* 735 * Since the incoming sack blocks are sorted, we can process them 736 * making one sweep of the scoreboard. 737 */ 738 while (cur != NULL) { 739 if (!(sblkp >= sack_blocks)) { 740 if (((loss_sblks >= tcprexmtthresh) || 741 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 742 break; 743 loss_thresh += loss_hiack - cur->end; 744 loss_hiack = cur->start; 745 loss_sblks++; 746 if (!((loss_sblks >= tcprexmtthresh) || 747 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) { 748 notlost_bytes += cur->end - cur->start; 749 } else { 750 break; 751 } 752 cur = TAILQ_PREV(cur, sackhole_head, scblink); 753 continue; 754 } 755 if (SEQ_GEQ(sblkp->start, cur->end)) { 756 /* 757 * SACKs data beyond the current hole. Go to the 758 * previous sack block. 759 */ 760 sblkp--; 761 continue; 762 } 763 if (SEQ_LEQ(sblkp->end, cur->start)) { 764 /* 765 * SACKs data before the current hole. Go to the 766 * previous hole. 767 */ 768 loss_thresh += loss_hiack - cur->end; 769 loss_hiack = cur->start; 770 loss_sblks++; 771 if (!((loss_sblks >= tcprexmtthresh) || 772 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 773 notlost_bytes += cur->end - cur->start; 774 cur = TAILQ_PREV(cur, sackhole_head, scblink); 775 continue; 776 } 777 tp->sackhint.sack_bytes_rexmit -= 778 (SEQ_MIN(cur->rxmit, cur->end) - cur->start); 779 KASSERT(tp->sackhint.sack_bytes_rexmit >= 0, 780 ("sackhint bytes rtx >= 0")); 781 sack_changed = SACK_CHANGE; 782 if (SEQ_LEQ(sblkp->start, cur->start)) { 783 /* Data acks at least the beginning of hole. */ 784 if (SEQ_GEQ(sblkp->end, cur->end)) { 785 /* Acks entire hole, so delete hole. */ 786 delivered_data += (cur->end - cur->start); 787 temp = cur; 788 cur = TAILQ_PREV(cur, sackhole_head, scblink); 789 tp->sackhint.hole_bytes -= temp->end - temp->start; 790 tcp_sackhole_remove(tp, temp); 791 /* 792 * The sack block may ack all or part of the 793 * next hole too, so continue onto the next 794 * hole. 795 */ 796 continue; 797 } else { 798 /* Move start of hole forward. */ 799 delivered_data += (sblkp->end - cur->start); 800 tp->sackhint.hole_bytes -= sblkp->end - cur->start; 801 cur->start = sblkp->end; 802 cur->rxmit = SEQ_MAX(cur->rxmit, cur->start); 803 } 804 } else { 805 /* Data acks at least the end of hole. */ 806 if (SEQ_GEQ(sblkp->end, cur->end)) { 807 /* Move end of hole backward. */ 808 delivered_data += (cur->end - sblkp->start); 809 tp->sackhint.hole_bytes -= cur->end - sblkp->start; 810 cur->end = sblkp->start; 811 cur->rxmit = SEQ_MIN(cur->rxmit, cur->end); 812 if ((tp->t_flags & TF_LRD) && SEQ_GEQ(cur->rxmit, cur->end)) 813 cur->rxmit = tp->snd_recover; 814 } else { 815 /* 816 * ACKs some data in middle of a hole; need 817 * to split current hole 818 */ 819 temp = tcp_sackhole_insert(tp, sblkp->end, 820 cur->end, cur); 821 sack_changed = SACK_NEWLOSS; 822 if (temp != NULL) { 823 if (SEQ_GT(cur->rxmit, temp->rxmit)) { 824 temp->rxmit = cur->rxmit; 825 tp->sackhint.sack_bytes_rexmit += 826 (SEQ_MIN(temp->rxmit, 827 temp->end) - temp->start); 828 } 829 tp->sackhint.hole_bytes -= sblkp->end - sblkp->start; 830 loss_thresh += loss_hiack - temp->end; 831 loss_hiack = temp->start; 832 loss_sblks++; 833 if (!((loss_sblks >= tcprexmtthresh) || 834 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 835 notlost_bytes += temp->end - temp->start; 836 cur->end = sblkp->start; 837 cur->rxmit = SEQ_MIN(cur->rxmit, 838 cur->end); 839 if ((tp->t_flags & TF_LRD) && SEQ_GEQ(cur->rxmit, cur->end)) 840 cur->rxmit = tp->snd_recover; 841 delivered_data += (sblkp->end - sblkp->start); 842 } 843 } 844 } 845 tp->sackhint.sack_bytes_rexmit += 846 (SEQ_MIN(cur->rxmit, cur->end) - cur->start); 847 /* 848 * Testing sblkp->start against cur->start tells us whether 849 * we're done with the sack block or the sack hole. 850 * Accordingly, we advance one or the other. 851 */ 852 if (SEQ_LEQ(sblkp->start, cur->start)) { 853 loss_thresh += loss_hiack - cur->end; 854 loss_hiack = cur->start; 855 loss_sblks++; 856 if (!((loss_sblks >= tcprexmtthresh) || 857 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 858 notlost_bytes += cur->end - cur->start; 859 cur = TAILQ_PREV(cur, sackhole_head, scblink); 860 } else { 861 sblkp--; 862 } 863 } 864 865 KASSERT(!(TAILQ_EMPTY(&tp->snd_holes) && (tp->sackhint.hole_bytes != 0)), 866 ("SACK scoreboard empty, but accounting non-zero\n")); 867 868 KASSERT(notlost_bytes <= tp->sackhint.hole_bytes, 869 ("SACK: more bytes marked notlost than in scoreboard holes")); 870 871 if (!(to->to_flags & TOF_SACK)) 872 /* 873 * If this ACK did not contain any 874 * SACK blocks, any only moved the 875 * left edge right, it is a pure 876 * cumulative ACK. Do not count 877 * DupAck for this. Also required 878 * for RFC6675 rescue retransmission. 879 */ 880 sack_changed = SACK_NOCHANGE; 881 tp->sackhint.delivered_data = delivered_data; 882 tp->sackhint.sacked_bytes += delivered_data - left_edge_delta; 883 tp->sackhint.lost_bytes = tp->sackhint.hole_bytes - notlost_bytes; 884 KASSERT((delivered_data >= 0), ("delivered_data < 0")); 885 KASSERT((tp->sackhint.sacked_bytes >= 0), ("sacked_bytes < 0")); 886 return (sack_changed); 887 } 888 889 /* 890 * Free all SACK holes to clear the scoreboard. 891 */ 892 void 893 tcp_free_sackholes(struct tcpcb *tp) 894 { 895 struct sackhole *q; 896 897 INP_WLOCK_ASSERT(tptoinpcb(tp)); 898 while ((q = TAILQ_FIRST(&tp->snd_holes)) != NULL) 899 tcp_sackhole_remove(tp, q); 900 tp->sackhint.sack_bytes_rexmit = 0; 901 tp->sackhint.delivered_data = 0; 902 tp->sackhint.sacked_bytes = 0; 903 tp->sackhint.hole_bytes = 0; 904 tp->sackhint.lost_bytes = 0; 905 906 KASSERT(tp->snd_numholes == 0, ("tp->snd_numholes == 0")); 907 KASSERT(tp->sackhint.nexthole == NULL, 908 ("tp->sackhint.nexthole == NULL")); 909 } 910 911 /* 912 * Resend all the currently existing SACK holes of 913 * the scoreboard. This is in line with the Errata to 914 * RFC 2018, which allows the use of SACK data past 915 * an RTO to good effect typically. 916 */ 917 void 918 tcp_resend_sackholes(struct tcpcb *tp) 919 { 920 struct sackhole *p; 921 922 INP_WLOCK_ASSERT(tptoinpcb(tp)); 923 TAILQ_FOREACH(p, &tp->snd_holes, scblink) { 924 p->rxmit = p->start; 925 } 926 tp->sackhint.nexthole = TAILQ_FIRST(&tp->snd_holes); 927 tp->sackhint.sack_bytes_rexmit = 0; 928 } 929 930 /* 931 * Partial ack handling within a sack recovery episode. Keeping this very 932 * simple for now. When a partial ack is received, force snd_cwnd to a value 933 * that will allow the sender to transmit no more than 2 segments. If 934 * necessary, a better scheme can be adopted at a later point, but for now, 935 * the goal is to prevent the sender from bursting a large amount of data in 936 * the midst of sack recovery. 937 */ 938 void 939 tcp_sack_partialack(struct tcpcb *tp, struct tcphdr *th, u_int *maxsegp) 940 { 941 struct sackhole *temp; 942 int num_segs = 1; 943 u_int maxseg; 944 945 INP_WLOCK_ASSERT(tptoinpcb(tp)); 946 947 if (*maxsegp == 0) { 948 *maxsegp = tcp_maxseg(tp); 949 } 950 maxseg = *maxsegp; 951 tcp_timer_activate(tp, TT_REXMT, 0); 952 tp->t_rtttime = 0; 953 /* Send one or 2 segments based on how much new data was acked. */ 954 if ((BYTES_THIS_ACK(tp, th) / maxseg) >= 2) 955 num_segs = 2; 956 tp->snd_cwnd = (tp->sackhint.sack_bytes_rexmit + 957 (tp->snd_nxt - tp->snd_recover) + num_segs * maxseg); 958 if (tp->snd_cwnd > tp->snd_ssthresh) 959 tp->snd_cwnd = tp->snd_ssthresh; 960 tp->t_flags |= TF_ACKNOW; 961 /* 962 * RFC6675 rescue retransmission 963 * Add a hole between th_ack (snd_una is not yet set) and snd_max, 964 * if this was a pure cumulative ACK and no data was send beyond 965 * recovery point. Since the data in the socket has not been freed 966 * at this point, we check if the scoreboard is empty, and the ACK 967 * delivered some new data, indicating a full ACK. Also, if the 968 * recovery point is still at snd_max, we are probably application 969 * limited. However, this inference might not always be true. The 970 * rescue retransmission may rarely be slightly premature 971 * compared to RFC6675. 972 * The corresponding ACK+SACK will cause any further outstanding 973 * segments to be retransmitted. This addresses a corner case, when 974 * the trailing packets of a window are lost and no further data 975 * is available for sending. 976 */ 977 if ((V_tcp_do_newsack) && 978 SEQ_LT(th->th_ack, tp->snd_recover) && 979 TAILQ_EMPTY(&tp->snd_holes) && 980 (tp->sackhint.delivered_data > 0)) { 981 /* 982 * Exclude FIN sequence space in 983 * the hole for the rescue retransmission, 984 * and also don't create a hole, if only 985 * the ACK for a FIN is outstanding. 986 */ 987 tcp_seq highdata = tp->snd_max; 988 if (tp->t_flags & TF_SENTFIN) 989 highdata--; 990 highdata = SEQ_MIN(highdata, tp->snd_recover); 991 if (SEQ_LT(th->th_ack, highdata)) { 992 tp->snd_fack = th->th_ack; 993 if ((temp = tcp_sackhole_insert(tp, SEQ_MAX(th->th_ack, 994 highdata - maxseg), highdata, NULL)) != NULL) { 995 tp->sackhint.hole_bytes += 996 temp->end - temp->start; 997 } 998 } 999 } 1000 (void) tcp_output(tp); 1001 } 1002 1003 /* 1004 * Returns the next hole to retransmit and the number of retransmitted bytes 1005 * from the scoreboard. We store both the next hole and the number of 1006 * retransmitted bytes as hints (and recompute these on the fly upon SACK/ACK 1007 * reception). This avoids scoreboard traversals completely. 1008 * 1009 * The loop here will traverse *at most* one link. Here's the argument. For 1010 * the loop to traverse more than 1 link before finding the next hole to 1011 * retransmit, we would need to have at least 1 node following the current 1012 * hint with (rxmit == end). But, for all holes following the current hint, 1013 * (start == rxmit), since we have not yet retransmitted from them. 1014 * Therefore, in order to traverse more 1 link in the loop below, we need to 1015 * have at least one node following the current hint with (start == rxmit == 1016 * end). But that can't happen, (start == end) means that all the data in 1017 * that hole has been sacked, in which case, the hole would have been removed 1018 * from the scoreboard. 1019 */ 1020 struct sackhole * 1021 tcp_sack_output(struct tcpcb *tp, int *sack_bytes_rexmt) 1022 { 1023 struct sackhole *hole = NULL; 1024 1025 INP_WLOCK_ASSERT(tptoinpcb(tp)); 1026 *sack_bytes_rexmt = tp->sackhint.sack_bytes_rexmit; 1027 hole = tp->sackhint.nexthole; 1028 if (hole == NULL) 1029 return (hole); 1030 if (SEQ_GEQ(hole->rxmit, hole->end)) { 1031 for (;;) { 1032 hole = TAILQ_NEXT(hole, scblink); 1033 if (hole == NULL) 1034 return (hole); 1035 if (SEQ_LT(hole->rxmit, hole->end)) { 1036 tp->sackhint.nexthole = hole; 1037 break; 1038 } 1039 } 1040 } 1041 KASSERT(SEQ_LT(hole->start, hole->end), ("%s: hole.start >= hole.end", __func__)); 1042 if (!(V_tcp_do_newsack)) { 1043 KASSERT(SEQ_LT(hole->start, tp->snd_fack), ("%s: hole.start >= snd.fack", __func__)); 1044 KASSERT(SEQ_LT(hole->end, tp->snd_fack), ("%s: hole.end >= snd.fack", __func__)); 1045 KASSERT(SEQ_LT(hole->rxmit, tp->snd_fack), ("%s: hole.rxmit >= snd.fack", __func__)); 1046 if (SEQ_GEQ(hole->start, hole->end) || 1047 SEQ_GEQ(hole->start, tp->snd_fack) || 1048 SEQ_GEQ(hole->end, tp->snd_fack) || 1049 SEQ_GEQ(hole->rxmit, tp->snd_fack)) { 1050 log(LOG_CRIT,"tcp: invalid SACK hole (%u-%u,%u) vs fwd ack %u, ignoring.\n", 1051 hole->start, hole->end, hole->rxmit, tp->snd_fack); 1052 return (NULL); 1053 } 1054 } 1055 return (hole); 1056 } 1057 1058 /* 1059 * After a timeout, the SACK list may be rebuilt. This SACK information 1060 * should be used to avoid retransmitting SACKed data. This function 1061 * traverses the SACK list to see if snd_nxt should be moved forward. 1062 */ 1063 void 1064 tcp_sack_adjust(struct tcpcb *tp) 1065 { 1066 struct sackhole *p, *cur = TAILQ_FIRST(&tp->snd_holes); 1067 1068 INP_WLOCK_ASSERT(tptoinpcb(tp)); 1069 if (cur == NULL) { 1070 /* No holes */ 1071 return; 1072 } 1073 if (SEQ_GEQ(tp->snd_nxt, tp->snd_fack)) { 1074 /* We're already beyond any SACKed blocks */ 1075 return; 1076 } 1077 /*- 1078 * Two cases for which we want to advance snd_nxt: 1079 * i) snd_nxt lies between end of one hole and beginning of another 1080 * ii) snd_nxt lies between end of last hole and snd_fack 1081 */ 1082 while ((p = TAILQ_NEXT(cur, scblink)) != NULL) { 1083 if (SEQ_LT(tp->snd_nxt, cur->end)) { 1084 return; 1085 } 1086 if (SEQ_GEQ(tp->snd_nxt, p->start)) { 1087 cur = p; 1088 } else { 1089 tp->snd_nxt = p->start; 1090 return; 1091 } 1092 } 1093 if (SEQ_LT(tp->snd_nxt, cur->end)) { 1094 return; 1095 } 1096 tp->snd_nxt = tp->snd_fack; 1097 } 1098 1099 /* 1100 * Lost Retransmission Detection 1101 * Check is FACK is beyond the rexmit of the leftmost hole. 1102 * If yes, we restart sending from still existing holes, 1103 * and adjust cwnd via the congestion control module. 1104 */ 1105 void 1106 tcp_sack_lost_retransmission(struct tcpcb *tp, struct tcphdr *th) 1107 { 1108 struct sackhole *temp; 1109 1110 if (IN_RECOVERY(tp->t_flags) && 1111 SEQ_GT(tp->snd_fack, tp->snd_recover) && 1112 ((temp = TAILQ_FIRST(&tp->snd_holes)) != NULL) && 1113 SEQ_GEQ(temp->rxmit, temp->end) && 1114 SEQ_GEQ(tp->snd_fack, temp->rxmit)) { 1115 TCPSTAT_INC(tcps_sack_lostrexmt); 1116 /* 1117 * Start retransmissions from the first hole, and 1118 * subsequently all other remaining holes, including 1119 * those, which had been sent completely before. 1120 */ 1121 tp->sackhint.nexthole = temp; 1122 TAILQ_FOREACH(temp, &tp->snd_holes, scblink) { 1123 if (SEQ_GEQ(tp->snd_fack, temp->rxmit) && 1124 SEQ_GEQ(temp->rxmit, temp->end)) 1125 temp->rxmit = temp->start; 1126 } 1127 /* 1128 * Remember the old ssthresh, to deduct the beta factor used 1129 * by the CC module. Finally, set cwnd to ssthresh just 1130 * prior to invoking another cwnd reduction by the CC 1131 * module, to not shrink it excessively. 1132 */ 1133 tp->snd_cwnd = tp->snd_ssthresh; 1134 /* 1135 * Formally exit recovery, and let the CC module adjust 1136 * ssthresh as intended. 1137 */ 1138 EXIT_RECOVERY(tp->t_flags); 1139 cc_cong_signal(tp, th, CC_NDUPACK); 1140 /* 1141 * For PRR, adjust recover_fs as if this new reduction 1142 * initialized this variable. 1143 * cwnd will be adjusted by SACK or PRR processing 1144 * subsequently, only set it to a safe value here. 1145 */ 1146 tp->snd_cwnd = tcp_maxseg(tp); 1147 tp->sackhint.recover_fs = (tp->snd_max - tp->snd_una) - 1148 tp->sackhint.recover_fs; 1149 } 1150 } 1151