1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994, 1995 5 * The Regents of the University of California. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /*- 34 * 35 * NRL grants permission for redistribution and use in source and binary 36 * forms, with or without modification, of the software and documentation 37 * created at NRL provided that the following conditions are met: 38 * 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. All advertising materials mentioning features or use of this software 45 * must display the following acknowledgements: 46 * This product includes software developed by the University of 47 * California, Berkeley and its contributors. 48 * This product includes software developed at the Information 49 * Technology Division, US Naval Research Laboratory. 50 * 4. Neither the name of the NRL nor the names of its contributors 51 * may be used to endorse or promote products derived from this software 52 * without specific prior written permission. 53 * 54 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 55 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 56 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 57 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 58 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 59 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 60 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 61 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 62 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 63 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 64 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 65 * 66 * The views and conclusions contained in the software and documentation 67 * are those of the authors and should not be interpreted as representing 68 * official policies, either expressed or implied, of the US Naval 69 * Research Laboratory (NRL). 70 */ 71 72 #include <sys/cdefs.h> 73 #include "opt_inet.h" 74 #include "opt_inet6.h" 75 76 #include <sys/param.h> 77 #include <sys/systm.h> 78 #include <sys/kernel.h> 79 #include <sys/sysctl.h> 80 #include <sys/malloc.h> 81 #include <sys/mbuf.h> 82 #include <sys/proc.h> /* for proc0 declaration */ 83 #include <sys/protosw.h> 84 #include <sys/socket.h> 85 #include <sys/socketvar.h> 86 #include <sys/syslog.h> 87 #include <sys/systm.h> 88 89 #include <machine/cpu.h> /* before tcp_seq.h, for tcp_random18() */ 90 91 #include <vm/uma.h> 92 93 #include <net/if.h> 94 #include <net/if_var.h> 95 #include <net/route.h> 96 #include <net/vnet.h> 97 98 #include <netinet/in.h> 99 #include <netinet/in_systm.h> 100 #include <netinet/ip.h> 101 #include <netinet/in_var.h> 102 #include <netinet/in_pcb.h> 103 #include <netinet/ip_var.h> 104 #include <netinet/ip6.h> 105 #include <netinet/icmp6.h> 106 #include <netinet6/nd6.h> 107 #include <netinet6/ip6_var.h> 108 #include <netinet6/in6_pcb.h> 109 #include <netinet/tcp.h> 110 #include <netinet/tcp_fsm.h> 111 #include <netinet/tcp_seq.h> 112 #include <netinet/tcp_timer.h> 113 #include <netinet/tcp_var.h> 114 #include <netinet/tcpip.h> 115 #include <netinet/cc/cc.h> 116 117 #include <machine/in_cksum.h> 118 119 VNET_DECLARE(struct uma_zone *, sack_hole_zone); 120 #define V_sack_hole_zone VNET(sack_hole_zone) 121 122 SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 123 "TCP SACK"); 124 125 VNET_DEFINE(int, tcp_do_sack) = 1; 126 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, enable, CTLFLAG_VNET | CTLFLAG_RW, 127 &VNET_NAME(tcp_do_sack), 0, 128 "Enable/Disable TCP SACK support"); 129 130 VNET_DEFINE(int, tcp_do_newsack) = 1; 131 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, revised, CTLFLAG_VNET | CTLFLAG_RW, 132 &VNET_NAME(tcp_do_newsack), 0, 133 "Use revised SACK loss recovery per RFC 6675"); 134 135 VNET_DEFINE(int, tcp_sack_maxholes) = 128; 136 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, maxholes, CTLFLAG_VNET | CTLFLAG_RW, 137 &VNET_NAME(tcp_sack_maxholes), 0, 138 "Maximum number of TCP SACK holes allowed per connection"); 139 140 VNET_DEFINE(int, tcp_sack_globalmaxholes) = 65536; 141 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalmaxholes, CTLFLAG_VNET | CTLFLAG_RW, 142 &VNET_NAME(tcp_sack_globalmaxholes), 0, 143 "Global maximum number of TCP SACK holes"); 144 145 VNET_DEFINE(int, tcp_sack_globalholes) = 0; 146 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalholes, CTLFLAG_VNET | CTLFLAG_RD, 147 &VNET_NAME(tcp_sack_globalholes), 0, 148 "Global number of TCP SACK holes currently allocated"); 149 150 int 151 tcp_dsack_block_exists(struct tcpcb *tp) 152 { 153 /* Return true if a DSACK block exists */ 154 if (tp->rcv_numsacks == 0) 155 return (0); 156 if (SEQ_LEQ(tp->sackblks[0].end, tp->rcv_nxt)) 157 return(1); 158 return (0); 159 } 160 161 /* 162 * This function will find overlaps with the currently stored sackblocks 163 * and add any overlap as a dsack block upfront 164 */ 165 void 166 tcp_update_dsack_list(struct tcpcb *tp, tcp_seq rcv_start, tcp_seq rcv_end) 167 { 168 struct sackblk head_blk,mid_blk,saved_blks[MAX_SACK_BLKS]; 169 int i, j, n, identical; 170 tcp_seq start, end; 171 172 INP_WLOCK_ASSERT(tptoinpcb(tp)); 173 174 KASSERT(SEQ_LT(rcv_start, rcv_end), ("rcv_start < rcv_end")); 175 176 if (SEQ_LT(rcv_end, tp->rcv_nxt) || 177 ((rcv_end == tp->rcv_nxt) && 178 (tp->rcv_numsacks > 0 ) && 179 (tp->sackblks[0].end == tp->rcv_nxt))) { 180 saved_blks[0].start = rcv_start; 181 saved_blks[0].end = rcv_end; 182 } else { 183 saved_blks[0].start = saved_blks[0].end = 0; 184 } 185 186 head_blk.start = head_blk.end = 0; 187 mid_blk.start = rcv_start; 188 mid_blk.end = rcv_end; 189 identical = 0; 190 191 for (i = 0; i < tp->rcv_numsacks; i++) { 192 start = tp->sackblks[i].start; 193 end = tp->sackblks[i].end; 194 if (SEQ_LT(rcv_end, start)) { 195 /* pkt left to sack blk */ 196 continue; 197 } 198 if (SEQ_GT(rcv_start, end)) { 199 /* pkt right to sack blk */ 200 continue; 201 } 202 if (SEQ_GT(tp->rcv_nxt, end)) { 203 if ((SEQ_MAX(rcv_start, start) != SEQ_MIN(rcv_end, end)) && 204 (SEQ_GT(head_blk.start, SEQ_MAX(rcv_start, start)) || 205 (head_blk.start == head_blk.end))) { 206 head_blk.start = SEQ_MAX(rcv_start, start); 207 head_blk.end = SEQ_MIN(rcv_end, end); 208 } 209 continue; 210 } 211 if (((head_blk.start == head_blk.end) || 212 SEQ_LT(start, head_blk.start)) && 213 (SEQ_GT(end, rcv_start) && 214 SEQ_LEQ(start, rcv_end))) { 215 head_blk.start = start; 216 head_blk.end = end; 217 } 218 mid_blk.start = SEQ_MIN(mid_blk.start, start); 219 mid_blk.end = SEQ_MAX(mid_blk.end, end); 220 if ((mid_blk.start == start) && 221 (mid_blk.end == end)) 222 identical = 1; 223 } 224 if (SEQ_LT(head_blk.start, head_blk.end)) { 225 /* store overlapping range */ 226 saved_blks[0].start = SEQ_MAX(rcv_start, head_blk.start); 227 saved_blks[0].end = SEQ_MIN(rcv_end, head_blk.end); 228 } 229 n = 1; 230 /* 231 * Second, if not ACKed, store the SACK block that 232 * overlaps with the DSACK block unless it is identical 233 */ 234 if ((SEQ_LT(tp->rcv_nxt, mid_blk.end) && 235 !((mid_blk.start == saved_blks[0].start) && 236 (mid_blk.end == saved_blks[0].end))) || 237 identical == 1) { 238 saved_blks[n].start = mid_blk.start; 239 saved_blks[n++].end = mid_blk.end; 240 } 241 for (j = 0; (j < tp->rcv_numsacks) && (n < MAX_SACK_BLKS); j++) { 242 if (((SEQ_LT(tp->sackblks[j].end, mid_blk.start) || 243 SEQ_GT(tp->sackblks[j].start, mid_blk.end)) && 244 (SEQ_GT(tp->sackblks[j].start, tp->rcv_nxt)))) 245 saved_blks[n++] = tp->sackblks[j]; 246 } 247 j = 0; 248 for (i = 0; i < n; i++) { 249 /* we can end up with a stale initial entry */ 250 if (SEQ_LT(saved_blks[i].start, saved_blks[i].end)) { 251 tp->sackblks[j++] = saved_blks[i]; 252 } 253 } 254 tp->rcv_numsacks = j; 255 } 256 257 /* 258 * This function is called upon receipt of new valid data (while not in 259 * header prediction mode), and it updates the ordered list of sacks. 260 */ 261 void 262 tcp_update_sack_list(struct tcpcb *tp, tcp_seq rcv_start, tcp_seq rcv_end) 263 { 264 /* 265 * First reported block MUST be the most recent one. Subsequent 266 * blocks SHOULD be in the order in which they arrived at the 267 * receiver. These two conditions make the implementation fully 268 * compliant with RFC 2018. 269 */ 270 struct sackblk head_blk, saved_blks[MAX_SACK_BLKS]; 271 int num_head, num_saved, i; 272 273 INP_WLOCK_ASSERT(tptoinpcb(tp)); 274 275 /* Check arguments. */ 276 KASSERT(SEQ_LEQ(rcv_start, rcv_end), ("rcv_start <= rcv_end")); 277 278 if ((rcv_start == rcv_end) && 279 (tp->rcv_numsacks >= 1) && 280 (rcv_end == tp->sackblks[0].end)) { 281 /* retaining DSACK block below rcv_nxt (todrop) */ 282 head_blk = tp->sackblks[0]; 283 } else { 284 /* SACK block for the received segment. */ 285 head_blk.start = rcv_start; 286 head_blk.end = rcv_end; 287 } 288 289 /* 290 * Merge updated SACK blocks into head_blk, and save unchanged SACK 291 * blocks into saved_blks[]. num_saved will have the number of the 292 * saved SACK blocks. 293 */ 294 num_saved = 0; 295 for (i = 0; i < tp->rcv_numsacks; i++) { 296 tcp_seq start = tp->sackblks[i].start; 297 tcp_seq end = tp->sackblks[i].end; 298 if (SEQ_GEQ(start, end) || SEQ_LEQ(start, tp->rcv_nxt)) { 299 /* 300 * Discard this SACK block. 301 */ 302 } else if (SEQ_LEQ(head_blk.start, end) && 303 SEQ_GEQ(head_blk.end, start)) { 304 /* 305 * Merge this SACK block into head_blk. This SACK 306 * block itself will be discarded. 307 */ 308 /* 309 * |-| 310 * |---| merge 311 * 312 * |-| 313 * |---| merge 314 * 315 * |-----| 316 * |-| DSACK smaller 317 * 318 * |-| 319 * |-----| DSACK smaller 320 */ 321 if (head_blk.start == end) 322 head_blk.start = start; 323 else if (head_blk.end == start) 324 head_blk.end = end; 325 else { 326 if (SEQ_LT(head_blk.start, start)) { 327 tcp_seq temp = start; 328 start = head_blk.start; 329 head_blk.start = temp; 330 } 331 if (SEQ_GT(head_blk.end, end)) { 332 tcp_seq temp = end; 333 end = head_blk.end; 334 head_blk.end = temp; 335 } 336 if ((head_blk.start != start) || 337 (head_blk.end != end)) { 338 if ((num_saved >= 1) && 339 SEQ_GEQ(saved_blks[num_saved-1].start, start) && 340 SEQ_LEQ(saved_blks[num_saved-1].end, end)) 341 num_saved--; 342 saved_blks[num_saved].start = start; 343 saved_blks[num_saved].end = end; 344 num_saved++; 345 } 346 } 347 } else { 348 /* 349 * This block supercedes the prior block 350 */ 351 if ((num_saved >= 1) && 352 SEQ_GEQ(saved_blks[num_saved-1].start, start) && 353 SEQ_LEQ(saved_blks[num_saved-1].end, end)) 354 num_saved--; 355 /* 356 * Save this SACK block. 357 */ 358 saved_blks[num_saved].start = start; 359 saved_blks[num_saved].end = end; 360 num_saved++; 361 } 362 } 363 364 /* 365 * Update SACK list in tp->sackblks[]. 366 */ 367 num_head = 0; 368 if (SEQ_LT(rcv_start, rcv_end)) { 369 /* 370 * The received data segment is an out-of-order segment. Put 371 * head_blk at the top of SACK list. 372 */ 373 tp->sackblks[0] = head_blk; 374 num_head = 1; 375 /* 376 * If the number of saved SACK blocks exceeds its limit, 377 * discard the last SACK block. 378 */ 379 if (num_saved >= MAX_SACK_BLKS) 380 num_saved--; 381 } 382 if ((rcv_start == rcv_end) && 383 (rcv_start == tp->sackblks[0].end)) { 384 num_head = 1; 385 } 386 if (num_saved > 0) { 387 /* 388 * Copy the saved SACK blocks back. 389 */ 390 bcopy(saved_blks, &tp->sackblks[num_head], 391 sizeof(struct sackblk) * num_saved); 392 } 393 394 /* Save the number of SACK blocks. */ 395 tp->rcv_numsacks = num_head + num_saved; 396 } 397 398 void 399 tcp_clean_dsack_blocks(struct tcpcb *tp) 400 { 401 struct sackblk saved_blks[MAX_SACK_BLKS]; 402 int num_saved, i; 403 404 INP_WLOCK_ASSERT(tptoinpcb(tp)); 405 /* 406 * Clean up any DSACK blocks that 407 * are in our queue of sack blocks. 408 * 409 */ 410 num_saved = 0; 411 for (i = 0; i < tp->rcv_numsacks; i++) { 412 tcp_seq start = tp->sackblks[i].start; 413 tcp_seq end = tp->sackblks[i].end; 414 if (SEQ_GEQ(start, end) || SEQ_LEQ(start, tp->rcv_nxt)) { 415 /* 416 * Discard this D-SACK block. 417 */ 418 continue; 419 } 420 /* 421 * Save this SACK block. 422 */ 423 saved_blks[num_saved].start = start; 424 saved_blks[num_saved].end = end; 425 num_saved++; 426 } 427 if (num_saved > 0) { 428 /* 429 * Copy the saved SACK blocks back. 430 */ 431 bcopy(saved_blks, &tp->sackblks[0], 432 sizeof(struct sackblk) * num_saved); 433 } 434 tp->rcv_numsacks = num_saved; 435 } 436 437 /* 438 * Delete all receiver-side SACK information. 439 */ 440 void 441 tcp_clean_sackreport(struct tcpcb *tp) 442 { 443 int i; 444 445 INP_WLOCK_ASSERT(tptoinpcb(tp)); 446 tp->rcv_numsacks = 0; 447 for (i = 0; i < MAX_SACK_BLKS; i++) 448 tp->sackblks[i].start = tp->sackblks[i].end=0; 449 } 450 451 /* 452 * Allocate struct sackhole. 453 */ 454 static struct sackhole * 455 tcp_sackhole_alloc(struct tcpcb *tp, tcp_seq start, tcp_seq end) 456 { 457 struct sackhole *hole; 458 459 if (tp->snd_numholes >= V_tcp_sack_maxholes || 460 V_tcp_sack_globalholes >= V_tcp_sack_globalmaxholes) { 461 TCPSTAT_INC(tcps_sack_sboverflow); 462 return NULL; 463 } 464 465 hole = (struct sackhole *)uma_zalloc(V_sack_hole_zone, M_NOWAIT); 466 if (hole == NULL) 467 return NULL; 468 469 hole->start = start; 470 hole->end = end; 471 hole->rxmit = start; 472 473 tp->snd_numholes++; 474 atomic_add_int(&V_tcp_sack_globalholes, 1); 475 476 return hole; 477 } 478 479 /* 480 * Free struct sackhole. 481 */ 482 static void 483 tcp_sackhole_free(struct tcpcb *tp, struct sackhole *hole) 484 { 485 486 uma_zfree(V_sack_hole_zone, hole); 487 488 tp->snd_numholes--; 489 atomic_subtract_int(&V_tcp_sack_globalholes, 1); 490 491 KASSERT(tp->snd_numholes >= 0, ("tp->snd_numholes >= 0")); 492 KASSERT(V_tcp_sack_globalholes >= 0, ("tcp_sack_globalholes >= 0")); 493 } 494 495 /* 496 * Insert new SACK hole into scoreboard. 497 */ 498 static struct sackhole * 499 tcp_sackhole_insert(struct tcpcb *tp, tcp_seq start, tcp_seq end, 500 struct sackhole *after) 501 { 502 struct sackhole *hole; 503 504 /* Allocate a new SACK hole. */ 505 hole = tcp_sackhole_alloc(tp, start, end); 506 if (hole == NULL) 507 return NULL; 508 509 /* Insert the new SACK hole into scoreboard. */ 510 if (after != NULL) 511 TAILQ_INSERT_AFTER(&tp->snd_holes, after, hole, scblink); 512 else 513 TAILQ_INSERT_TAIL(&tp->snd_holes, hole, scblink); 514 515 /* Update SACK hint. */ 516 if (tp->sackhint.nexthole == NULL) 517 tp->sackhint.nexthole = hole; 518 519 return hole; 520 } 521 522 /* 523 * Remove SACK hole from scoreboard. 524 */ 525 static void 526 tcp_sackhole_remove(struct tcpcb *tp, struct sackhole *hole) 527 { 528 529 /* Update SACK hint. */ 530 if (tp->sackhint.nexthole == hole) 531 tp->sackhint.nexthole = TAILQ_NEXT(hole, scblink); 532 533 /* Remove this SACK hole. */ 534 TAILQ_REMOVE(&tp->snd_holes, hole, scblink); 535 536 /* Free this SACK hole. */ 537 tcp_sackhole_free(tp, hole); 538 } 539 540 /* 541 * Process cumulative ACK and the TCP SACK option to update the scoreboard. 542 * tp->snd_holes is an ordered list of holes (oldest to newest, in terms of 543 * the sequence space). 544 * Returns SACK_NEWLOSS if incoming ACK indicates ongoing loss (hole split, new hole), 545 * SACK_CHANGE if incoming ACK has previously unknown SACK information, 546 * SACK_NOCHANGE otherwise. 547 */ 548 sackstatus_t 549 tcp_sack_doack(struct tcpcb *tp, struct tcpopt *to, tcp_seq th_ack) 550 { 551 struct sackhole *cur, *temp; 552 struct sackblk sack, sack_blocks[TCP_MAX_SACK + 1], *sblkp; 553 int i, j, num_sack_blks; 554 sackstatus_t sack_changed; 555 int delivered_data, left_edge_delta; 556 557 tcp_seq loss_hiack = 0; 558 int loss_thresh = 0; 559 int loss_sblks = 0; 560 int notlost_bytes = 0; 561 562 INP_WLOCK_ASSERT(tptoinpcb(tp)); 563 564 num_sack_blks = 0; 565 sack_changed = SACK_NOCHANGE; 566 delivered_data = 0; 567 left_edge_delta = 0; 568 /* 569 * If SND.UNA will be advanced by SEG.ACK, and if SACK holes exist, 570 * treat [SND.UNA, SEG.ACK) as if it is a SACK block. 571 * Account changes to SND.UNA always in delivered data. 572 */ 573 if (SEQ_LT(tp->snd_una, th_ack) && !TAILQ_EMPTY(&tp->snd_holes)) { 574 left_edge_delta = th_ack - tp->snd_una; 575 sack_blocks[num_sack_blks].start = tp->snd_una; 576 sack_blocks[num_sack_blks++].end = th_ack; 577 /* 578 * Pulling snd_fack forward if we got here 579 * due to DSACK blocks 580 */ 581 if (SEQ_LT(tp->snd_fack, th_ack)) { 582 delivered_data += th_ack - tp->snd_una; 583 tp->snd_fack = th_ack; 584 sack_changed = SACK_CHANGE; 585 } 586 } 587 /* 588 * Append received valid SACK blocks to sack_blocks[], but only if we 589 * received new blocks from the other side. 590 */ 591 if (to->to_flags & TOF_SACK) { 592 for (i = 0; i < to->to_nsacks; i++) { 593 bcopy((to->to_sacks + i * TCPOLEN_SACK), 594 &sack, sizeof(sack)); 595 sack.start = ntohl(sack.start); 596 sack.end = ntohl(sack.end); 597 if (SEQ_GT(sack.end, sack.start) && 598 SEQ_GT(sack.start, tp->snd_una) && 599 SEQ_GT(sack.start, th_ack) && 600 SEQ_LT(sack.start, tp->snd_max) && 601 SEQ_GT(sack.end, tp->snd_una) && 602 SEQ_LEQ(sack.end, tp->snd_max)) { 603 sack_blocks[num_sack_blks++] = sack; 604 } else if (SEQ_LEQ(sack.start, th_ack) && 605 SEQ_LEQ(sack.end, th_ack)) { 606 /* 607 * Its a D-SACK block. 608 */ 609 tcp_record_dsack(tp, sack.start, sack.end, 0); 610 } 611 } 612 } 613 /* 614 * Return if SND.UNA is not advanced and no valid SACK block is 615 * received. 616 */ 617 if (num_sack_blks == 0) 618 return (sack_changed); 619 620 /* 621 * Sort the SACK blocks so we can update the scoreboard with just one 622 * pass. The overhead of sorting up to 4+1 elements is less than 623 * making up to 4+1 passes over the scoreboard. 624 */ 625 for (i = 0; i < num_sack_blks; i++) { 626 for (j = i + 1; j < num_sack_blks; j++) { 627 if (SEQ_GT(sack_blocks[i].end, sack_blocks[j].end)) { 628 sack = sack_blocks[i]; 629 sack_blocks[i] = sack_blocks[j]; 630 sack_blocks[j] = sack; 631 } 632 } 633 } 634 if (TAILQ_EMPTY(&tp->snd_holes)) { 635 /* 636 * Empty scoreboard. Need to initialize snd_fack (it may be 637 * uninitialized or have a bogus value). Scoreboard holes 638 * (from the sack blocks received) are created later below 639 * (in the logic that adds holes to the tail of the 640 * scoreboard). 641 */ 642 tp->snd_fack = SEQ_MAX(tp->snd_una, th_ack); 643 tp->sackhint.sacked_bytes = 0; /* reset */ 644 tp->sackhint.hole_bytes = 0; 645 } 646 /* 647 * In the while-loop below, incoming SACK blocks (sack_blocks[]) and 648 * SACK holes (snd_holes) are traversed from their tails with just 649 * one pass in order to reduce the number of compares especially when 650 * the bandwidth-delay product is large. 651 * 652 * Note: Typically, in the first RTT of SACK recovery, the highest 653 * three or four SACK blocks with the same ack number are received. 654 * In the second RTT, if retransmitted data segments are not lost, 655 * the highest three or four SACK blocks with ack number advancing 656 * are received. 657 */ 658 sblkp = &sack_blocks[num_sack_blks - 1]; /* Last SACK block */ 659 tp->sackhint.last_sack_ack = sblkp->end; 660 if (SEQ_LT(tp->snd_fack, sblkp->start)) { 661 /* 662 * The highest SACK block is beyond fack. First, 663 * check if there was a successful Rescue Retransmission, 664 * and move this hole left. With normal holes, snd_fack 665 * is always to the right of the end. 666 */ 667 if (((temp = TAILQ_LAST(&tp->snd_holes, sackhole_head)) != NULL) && 668 SEQ_LEQ(tp->snd_fack,temp->end)) { 669 tp->sackhint.hole_bytes -= temp->end - temp->start; 670 temp->start = SEQ_MAX(tp->snd_fack, SEQ_MAX(tp->snd_una, th_ack)); 671 temp->end = sblkp->start; 672 temp->rxmit = temp->start; 673 delivered_data += sblkp->end - sblkp->start; 674 tp->sackhint.hole_bytes += temp->end - temp->start; 675 KASSERT(tp->sackhint.hole_bytes >= 0, 676 ("sackhint hole bytes >= 0")); 677 tp->snd_fack = sblkp->end; 678 sblkp--; 679 sack_changed = SACK_NEWLOSS; 680 } else { 681 /* 682 * Append a new SACK hole at the tail. If the 683 * second or later highest SACK blocks are also 684 * beyond the current fack, they will be inserted 685 * by way of hole splitting in the while-loop below. 686 */ 687 temp = tcp_sackhole_insert(tp, tp->snd_fack,sblkp->start,NULL); 688 if (temp != NULL) { 689 delivered_data += sblkp->end - sblkp->start; 690 tp->sackhint.hole_bytes += temp->end - temp->start; 691 tp->snd_fack = sblkp->end; 692 /* Go to the previous sack block. */ 693 sblkp--; 694 sack_changed = SACK_CHANGE; 695 } else { 696 /* 697 * We failed to add a new hole based on the current 698 * sack block. Skip over all the sack blocks that 699 * fall completely to the right of snd_fack and 700 * proceed to trim the scoreboard based on the 701 * remaining sack blocks. This also trims the 702 * scoreboard for th_ack (which is sack_blocks[0]). 703 */ 704 while (sblkp >= sack_blocks && 705 SEQ_LT(tp->snd_fack, sblkp->start)) 706 sblkp--; 707 if (sblkp >= sack_blocks && 708 SEQ_LT(tp->snd_fack, sblkp->end)) { 709 delivered_data += sblkp->end - tp->snd_fack; 710 tp->snd_fack = sblkp->end; 711 /* 712 * While the Scoreboard didn't change in 713 * size, we only ended up here because 714 * some SACK data had to be dismissed. 715 */ 716 sack_changed = SACK_NEWLOSS; 717 } 718 } 719 } 720 } else if (SEQ_LT(tp->snd_fack, sblkp->end)) { 721 /* fack is advanced. */ 722 delivered_data += sblkp->end - tp->snd_fack; 723 tp->snd_fack = sblkp->end; 724 sack_changed = SACK_CHANGE; 725 } 726 cur = TAILQ_LAST(&tp->snd_holes, sackhole_head); /* Last SACK hole. */ 727 loss_hiack = tp->snd_fack; 728 729 /* 730 * Since the incoming sack blocks are sorted, we can process them 731 * making one sweep of the scoreboard. 732 */ 733 while (cur != NULL) { 734 if (!(sblkp >= sack_blocks)) { 735 if (((loss_sblks >= tcprexmtthresh) || 736 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 737 break; 738 loss_thresh += loss_hiack - cur->end; 739 loss_hiack = cur->start; 740 loss_sblks++; 741 if (!((loss_sblks >= tcprexmtthresh) || 742 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) { 743 notlost_bytes += cur->end - cur->start; 744 } else { 745 break; 746 } 747 cur = TAILQ_PREV(cur, sackhole_head, scblink); 748 continue; 749 } 750 if (SEQ_GEQ(sblkp->start, cur->end)) { 751 /* 752 * SACKs data beyond the current hole. Go to the 753 * previous sack block. 754 */ 755 sblkp--; 756 continue; 757 } 758 if (SEQ_LEQ(sblkp->end, cur->start)) { 759 /* 760 * SACKs data before the current hole. Go to the 761 * previous hole. 762 */ 763 loss_thresh += loss_hiack - cur->end; 764 loss_hiack = cur->start; 765 loss_sblks++; 766 if (!((loss_sblks >= tcprexmtthresh) || 767 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 768 notlost_bytes += cur->end - cur->start; 769 cur = TAILQ_PREV(cur, sackhole_head, scblink); 770 continue; 771 } 772 tp->sackhint.sack_bytes_rexmit -= 773 (SEQ_MIN(cur->rxmit, cur->end) - cur->start); 774 KASSERT(tp->sackhint.sack_bytes_rexmit >= 0, 775 ("sackhint bytes rtx >= 0")); 776 sack_changed = SACK_CHANGE; 777 if (SEQ_LEQ(sblkp->start, cur->start)) { 778 /* Data acks at least the beginning of hole. */ 779 if (SEQ_GEQ(sblkp->end, cur->end)) { 780 /* Acks entire hole, so delete hole. */ 781 delivered_data += (cur->end - cur->start); 782 temp = cur; 783 cur = TAILQ_PREV(cur, sackhole_head, scblink); 784 tp->sackhint.hole_bytes -= temp->end - temp->start; 785 tcp_sackhole_remove(tp, temp); 786 /* 787 * The sack block may ack all or part of the 788 * next hole too, so continue onto the next 789 * hole. 790 */ 791 continue; 792 } else { 793 /* Move start of hole forward. */ 794 delivered_data += (sblkp->end - cur->start); 795 tp->sackhint.hole_bytes -= sblkp->end - cur->start; 796 cur->start = sblkp->end; 797 cur->rxmit = SEQ_MAX(cur->rxmit, cur->start); 798 } 799 } else { 800 /* Data acks at least the end of hole. */ 801 if (SEQ_GEQ(sblkp->end, cur->end)) { 802 /* Move end of hole backward. */ 803 delivered_data += (cur->end - sblkp->start); 804 tp->sackhint.hole_bytes -= cur->end - sblkp->start; 805 cur->end = sblkp->start; 806 cur->rxmit = SEQ_MIN(cur->rxmit, cur->end); 807 if ((tp->t_flags & TF_LRD) && SEQ_GEQ(cur->rxmit, cur->end)) 808 cur->rxmit = tp->snd_recover; 809 } else { 810 /* 811 * ACKs some data in middle of a hole; need 812 * to split current hole 813 */ 814 temp = tcp_sackhole_insert(tp, sblkp->end, 815 cur->end, cur); 816 sack_changed = SACK_NEWLOSS; 817 if (temp != NULL) { 818 if (SEQ_GT(cur->rxmit, temp->rxmit)) { 819 temp->rxmit = cur->rxmit; 820 tp->sackhint.sack_bytes_rexmit += 821 (SEQ_MIN(temp->rxmit, 822 temp->end) - temp->start); 823 } 824 tp->sackhint.hole_bytes -= sblkp->end - sblkp->start; 825 loss_thresh += loss_hiack - temp->end; 826 loss_hiack = temp->start; 827 loss_sblks++; 828 if (!((loss_sblks >= tcprexmtthresh) || 829 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 830 notlost_bytes += temp->end - temp->start; 831 cur->end = sblkp->start; 832 cur->rxmit = SEQ_MIN(cur->rxmit, 833 cur->end); 834 if ((tp->t_flags & TF_LRD) && SEQ_GEQ(cur->rxmit, cur->end)) 835 cur->rxmit = tp->snd_recover; 836 delivered_data += (sblkp->end - sblkp->start); 837 } 838 } 839 } 840 tp->sackhint.sack_bytes_rexmit += 841 (SEQ_MIN(cur->rxmit, cur->end) - cur->start); 842 /* 843 * Testing sblkp->start against cur->start tells us whether 844 * we're done with the sack block or the sack hole. 845 * Accordingly, we advance one or the other. 846 */ 847 if (SEQ_LEQ(sblkp->start, cur->start)) { 848 loss_thresh += loss_hiack - cur->end; 849 loss_hiack = cur->start; 850 loss_sblks++; 851 if (!((loss_sblks >= tcprexmtthresh) || 852 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 853 notlost_bytes += cur->end - cur->start; 854 cur = TAILQ_PREV(cur, sackhole_head, scblink); 855 } else { 856 sblkp--; 857 } 858 } 859 860 KASSERT(!(TAILQ_EMPTY(&tp->snd_holes) && (tp->sackhint.hole_bytes != 0)), 861 ("SACK scoreboard empty, but accounting non-zero\n")); 862 863 KASSERT(notlost_bytes <= tp->sackhint.hole_bytes, 864 ("SACK: more bytes marked notlost than in scoreboard holes")); 865 866 if (!(to->to_flags & TOF_SACK)) 867 /* 868 * If this ACK did not contain any 869 * SACK blocks, any only moved the 870 * left edge right, it is a pure 871 * cumulative ACK. Do not count 872 * DupAck for this. Also required 873 * for RFC6675 rescue retransmission. 874 */ 875 sack_changed = SACK_NOCHANGE; 876 tp->sackhint.delivered_data = delivered_data; 877 tp->sackhint.sacked_bytes += delivered_data - left_edge_delta; 878 tp->sackhint.lost_bytes = tp->sackhint.hole_bytes - notlost_bytes; 879 KASSERT((delivered_data >= 0), ("delivered_data < 0")); 880 KASSERT((tp->sackhint.sacked_bytes >= 0), ("sacked_bytes < 0")); 881 return (sack_changed); 882 } 883 884 /* 885 * Free all SACK holes to clear the scoreboard. 886 */ 887 void 888 tcp_free_sackholes(struct tcpcb *tp) 889 { 890 struct sackhole *q; 891 892 INP_WLOCK_ASSERT(tptoinpcb(tp)); 893 while ((q = TAILQ_FIRST(&tp->snd_holes)) != NULL) 894 tcp_sackhole_remove(tp, q); 895 tp->sackhint.sack_bytes_rexmit = 0; 896 tp->sackhint.delivered_data = 0; 897 tp->sackhint.sacked_bytes = 0; 898 tp->sackhint.hole_bytes = 0; 899 tp->sackhint.lost_bytes = 0; 900 901 KASSERT(tp->snd_numholes == 0, ("tp->snd_numholes == 0")); 902 KASSERT(tp->sackhint.nexthole == NULL, 903 ("tp->sackhint.nexthole == NULL")); 904 } 905 906 /* 907 * Partial ack handling within a sack recovery episode. Keeping this very 908 * simple for now. When a partial ack is received, force snd_cwnd to a value 909 * that will allow the sender to transmit no more than 2 segments. If 910 * necessary, a better scheme can be adopted at a later point, but for now, 911 * the goal is to prevent the sender from bursting a large amount of data in 912 * the midst of sack recovery. 913 */ 914 void 915 tcp_sack_partialack(struct tcpcb *tp, struct tcphdr *th) 916 { 917 struct sackhole *temp; 918 int num_segs = 1; 919 u_int maxseg = tcp_maxseg(tp); 920 921 INP_WLOCK_ASSERT(tptoinpcb(tp)); 922 tcp_timer_activate(tp, TT_REXMT, 0); 923 tp->t_rtttime = 0; 924 /* Send one or 2 segments based on how much new data was acked. */ 925 if ((BYTES_THIS_ACK(tp, th) / maxseg) >= 2) 926 num_segs = 2; 927 tp->snd_cwnd = (tp->sackhint.sack_bytes_rexmit + 928 (tp->snd_nxt - tp->snd_recover) + num_segs * maxseg); 929 if (tp->snd_cwnd > tp->snd_ssthresh) 930 tp->snd_cwnd = tp->snd_ssthresh; 931 tp->t_flags |= TF_ACKNOW; 932 /* 933 * RFC6675 rescue retransmission 934 * Add a hole between th_ack (snd_una is not yet set) and snd_max, 935 * if this was a pure cumulative ACK and no data was send beyond 936 * recovery point. Since the data in the socket has not been freed 937 * at this point, we check if the scoreboard is empty, and the ACK 938 * delivered some new data, indicating a full ACK. Also, if the 939 * recovery point is still at snd_max, we are probably application 940 * limited. However, this inference might not always be true. The 941 * rescue retransmission may rarely be slightly premature 942 * compared to RFC6675. 943 * The corresponding ACK+SACK will cause any further outstanding 944 * segments to be retransmitted. This addresses a corner case, when 945 * the trailing packets of a window are lost and no further data 946 * is available for sending. 947 */ 948 if ((V_tcp_do_newsack) && 949 SEQ_LT(th->th_ack, tp->snd_recover) && 950 TAILQ_EMPTY(&tp->snd_holes) && 951 (tp->sackhint.delivered_data > 0)) { 952 /* 953 * Exclude FIN sequence space in 954 * the hole for the rescue retransmission, 955 * and also don't create a hole, if only 956 * the ACK for a FIN is outstanding. 957 */ 958 tcp_seq highdata = tp->snd_max; 959 if (tp->t_flags & TF_SENTFIN) 960 highdata--; 961 highdata = SEQ_MIN(highdata, tp->snd_recover); 962 if (th->th_ack != highdata) { 963 tp->snd_fack = th->th_ack; 964 if ((temp = tcp_sackhole_insert(tp, SEQ_MAX(th->th_ack, 965 highdata - maxseg), highdata, NULL)) != NULL) 966 tp->sackhint.hole_bytes += temp->end - 967 temp->start; 968 } 969 } 970 (void) tcp_output(tp); 971 } 972 973 #if 0 974 /* 975 * Debug version of tcp_sack_output() that walks the scoreboard. Used for 976 * now to sanity check the hint. 977 */ 978 static struct sackhole * 979 tcp_sack_output_debug(struct tcpcb *tp, int *sack_bytes_rexmt) 980 { 981 struct sackhole *p; 982 983 INP_WLOCK_ASSERT(tptoinpcb(tp)); 984 *sack_bytes_rexmt = 0; 985 TAILQ_FOREACH(p, &tp->snd_holes, scblink) { 986 if (SEQ_LT(p->rxmit, p->end)) { 987 if (SEQ_LT(p->rxmit, tp->snd_una)) {/* old SACK hole */ 988 continue; 989 } 990 *sack_bytes_rexmt += (p->rxmit - p->start); 991 break; 992 } 993 *sack_bytes_rexmt += (SEQ_MIN(p->rxmit, p->end) - p->start); 994 } 995 return (p); 996 } 997 #endif 998 999 /* 1000 * Returns the next hole to retransmit and the number of retransmitted bytes 1001 * from the scoreboard. We store both the next hole and the number of 1002 * retransmitted bytes as hints (and recompute these on the fly upon SACK/ACK 1003 * reception). This avoids scoreboard traversals completely. 1004 * 1005 * The loop here will traverse *at most* one link. Here's the argument. For 1006 * the loop to traverse more than 1 link before finding the next hole to 1007 * retransmit, we would need to have at least 1 node following the current 1008 * hint with (rxmit == end). But, for all holes following the current hint, 1009 * (start == rxmit), since we have not yet retransmitted from them. 1010 * Therefore, in order to traverse more 1 link in the loop below, we need to 1011 * have at least one node following the current hint with (start == rxmit == 1012 * end). But that can't happen, (start == end) means that all the data in 1013 * that hole has been sacked, in which case, the hole would have been removed 1014 * from the scoreboard. 1015 */ 1016 struct sackhole * 1017 tcp_sack_output(struct tcpcb *tp, int *sack_bytes_rexmt) 1018 { 1019 struct sackhole *hole = NULL; 1020 1021 INP_WLOCK_ASSERT(tptoinpcb(tp)); 1022 *sack_bytes_rexmt = tp->sackhint.sack_bytes_rexmit; 1023 hole = tp->sackhint.nexthole; 1024 if (hole == NULL) 1025 return (hole); 1026 if (SEQ_GEQ(hole->rxmit, hole->end)) { 1027 for (;;) { 1028 hole = TAILQ_NEXT(hole, scblink); 1029 if (hole == NULL) 1030 return (hole); 1031 if (SEQ_LT(hole->rxmit, hole->end)) { 1032 tp->sackhint.nexthole = hole; 1033 break; 1034 } 1035 } 1036 } 1037 KASSERT(SEQ_LT(hole->start, hole->end), ("%s: hole.start >= hole.end", __func__)); 1038 if (!(V_tcp_do_newsack)) { 1039 KASSERT(SEQ_LT(hole->start, tp->snd_fack), ("%s: hole.start >= snd.fack", __func__)); 1040 KASSERT(SEQ_LT(hole->end, tp->snd_fack), ("%s: hole.end >= snd.fack", __func__)); 1041 KASSERT(SEQ_LT(hole->rxmit, tp->snd_fack), ("%s: hole.rxmit >= snd.fack", __func__)); 1042 if (SEQ_GEQ(hole->start, hole->end) || 1043 SEQ_GEQ(hole->start, tp->snd_fack) || 1044 SEQ_GEQ(hole->end, tp->snd_fack) || 1045 SEQ_GEQ(hole->rxmit, tp->snd_fack)) { 1046 log(LOG_CRIT,"tcp: invalid SACK hole (%u-%u,%u) vs fwd ack %u, ignoring.\n", 1047 hole->start, hole->end, hole->rxmit, tp->snd_fack); 1048 return (NULL); 1049 } 1050 } 1051 return (hole); 1052 } 1053 1054 /* 1055 * After a timeout, the SACK list may be rebuilt. This SACK information 1056 * should be used to avoid retransmitting SACKed data. This function 1057 * traverses the SACK list to see if snd_nxt should be moved forward. 1058 */ 1059 void 1060 tcp_sack_adjust(struct tcpcb *tp) 1061 { 1062 struct sackhole *p, *cur = TAILQ_FIRST(&tp->snd_holes); 1063 1064 INP_WLOCK_ASSERT(tptoinpcb(tp)); 1065 if (cur == NULL) 1066 return; /* No holes */ 1067 if (SEQ_GEQ(tp->snd_nxt, tp->snd_fack)) 1068 return; /* We're already beyond any SACKed blocks */ 1069 /*- 1070 * Two cases for which we want to advance snd_nxt: 1071 * i) snd_nxt lies between end of one hole and beginning of another 1072 * ii) snd_nxt lies between end of last hole and snd_fack 1073 */ 1074 while ((p = TAILQ_NEXT(cur, scblink)) != NULL) { 1075 if (SEQ_LT(tp->snd_nxt, cur->end)) 1076 return; 1077 if (SEQ_GEQ(tp->snd_nxt, p->start)) 1078 cur = p; 1079 else { 1080 tp->snd_nxt = p->start; 1081 return; 1082 } 1083 } 1084 if (SEQ_LT(tp->snd_nxt, cur->end)) 1085 return; 1086 tp->snd_nxt = tp->snd_fack; 1087 } 1088 1089 /* 1090 * Lost Retransmission Detection 1091 * Check is FACK is beyond the rexmit of the leftmost hole. 1092 * If yes, we restart sending from still existing holes, 1093 * and adjust cwnd via the congestion control module. 1094 */ 1095 void 1096 tcp_sack_lost_retransmission(struct tcpcb *tp, struct tcphdr *th) 1097 { 1098 struct sackhole *temp; 1099 1100 if (IN_RECOVERY(tp->t_flags) && 1101 SEQ_GT(tp->snd_fack, tp->snd_recover) && 1102 ((temp = TAILQ_FIRST(&tp->snd_holes)) != NULL) && 1103 SEQ_GEQ(temp->rxmit, temp->end) && 1104 SEQ_GEQ(tp->snd_fack, temp->rxmit)) { 1105 TCPSTAT_INC(tcps_sack_lostrexmt); 1106 /* 1107 * Start retransmissions from the first hole, and 1108 * subsequently all other remaining holes, including 1109 * those, which had been sent completely before. 1110 */ 1111 tp->sackhint.nexthole = temp; 1112 TAILQ_FOREACH(temp, &tp->snd_holes, scblink) { 1113 if (SEQ_GEQ(tp->snd_fack, temp->rxmit) && 1114 SEQ_GEQ(temp->rxmit, temp->end)) 1115 temp->rxmit = temp->start; 1116 } 1117 /* 1118 * Remember the old ssthresh, to deduct the beta factor used 1119 * by the CC module. Finally, set cwnd to ssthresh just 1120 * prior to invoking another cwnd reduction by the CC 1121 * module, to not shrink it excessively. 1122 */ 1123 tp->snd_cwnd = tp->snd_ssthresh; 1124 /* 1125 * Formally exit recovery, and let the CC module adjust 1126 * ssthresh as intended. 1127 */ 1128 EXIT_RECOVERY(tp->t_flags); 1129 cc_cong_signal(tp, th, CC_NDUPACK); 1130 /* 1131 * For PRR, adjust recover_fs as if this new reduction 1132 * initialized this variable. 1133 * cwnd will be adjusted by SACK or PRR processing 1134 * subsequently, only set it to a safe value here. 1135 */ 1136 tp->snd_cwnd = tcp_maxseg(tp); 1137 tp->sackhint.recover_fs = (tp->snd_max - tp->snd_una) - 1138 tp->sackhint.recover_fs; 1139 } 1140 } 1141