1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994, 1995 5 * The Regents of the University of California. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)tcp_sack.c 8.12 (Berkeley) 5/24/95 33 */ 34 35 /*- 36 * @@(#)COPYRIGHT 1.1 (NRL) 17 January 1995 37 * 38 * NRL grants permission for redistribution and use in source and binary 39 * forms, with or without modification, of the software and documentation 40 * created at NRL provided that the following conditions are met: 41 * 42 * 1. Redistributions of source code must retain the above copyright 43 * notice, this list of conditions and the following disclaimer. 44 * 2. Redistributions in binary form must reproduce the above copyright 45 * notice, this list of conditions and the following disclaimer in the 46 * documentation and/or other materials provided with the distribution. 47 * 3. All advertising materials mentioning features or use of this software 48 * must display the following acknowledgements: 49 * This product includes software developed by the University of 50 * California, Berkeley and its contributors. 51 * This product includes software developed at the Information 52 * Technology Division, US Naval Research Laboratory. 53 * 4. Neither the name of the NRL nor the names of its contributors 54 * may be used to endorse or promote products derived from this software 55 * without specific prior written permission. 56 * 57 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 58 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 59 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 60 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 61 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 62 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 63 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 64 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 65 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 66 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 67 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 68 * 69 * The views and conclusions contained in the software and documentation 70 * are those of the authors and should not be interpreted as representing 71 * official policies, either expressed or implied, of the US Naval 72 * Research Laboratory (NRL). 73 */ 74 75 #include <sys/cdefs.h> 76 __FBSDID("$FreeBSD$"); 77 78 #include "opt_inet.h" 79 #include "opt_inet6.h" 80 #include "opt_tcpdebug.h" 81 82 #include <sys/param.h> 83 #include <sys/systm.h> 84 #include <sys/kernel.h> 85 #include <sys/sysctl.h> 86 #include <sys/malloc.h> 87 #include <sys/mbuf.h> 88 #include <sys/proc.h> /* for proc0 declaration */ 89 #include <sys/protosw.h> 90 #include <sys/socket.h> 91 #include <sys/socketvar.h> 92 #include <sys/syslog.h> 93 #include <sys/systm.h> 94 95 #include <machine/cpu.h> /* before tcp_seq.h, for tcp_random18() */ 96 97 #include <vm/uma.h> 98 99 #include <net/if.h> 100 #include <net/if_var.h> 101 #include <net/route.h> 102 #include <net/vnet.h> 103 104 #include <netinet/in.h> 105 #include <netinet/in_systm.h> 106 #include <netinet/ip.h> 107 #include <netinet/in_var.h> 108 #include <netinet/in_pcb.h> 109 #include <netinet/ip_var.h> 110 #include <netinet/ip6.h> 111 #include <netinet/icmp6.h> 112 #include <netinet6/nd6.h> 113 #include <netinet6/ip6_var.h> 114 #include <netinet6/in6_pcb.h> 115 #include <netinet/tcp.h> 116 #include <netinet/tcp_fsm.h> 117 #include <netinet/tcp_seq.h> 118 #include <netinet/tcp_timer.h> 119 #include <netinet/tcp_var.h> 120 #include <netinet6/tcp6_var.h> 121 #include <netinet/tcpip.h> 122 #ifdef TCPDEBUG 123 #include <netinet/tcp_debug.h> 124 #endif /* TCPDEBUG */ 125 126 #include <machine/in_cksum.h> 127 128 VNET_DECLARE(struct uma_zone *, sack_hole_zone); 129 #define V_sack_hole_zone VNET(sack_hole_zone) 130 131 SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 132 "TCP SACK"); 133 134 VNET_DEFINE(int, tcp_do_sack) = 1; 135 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, enable, CTLFLAG_VNET | CTLFLAG_RW, 136 &VNET_NAME(tcp_do_sack), 0, 137 "Enable/Disable TCP SACK support"); 138 139 VNET_DEFINE(int, tcp_do_newsack) = 1; 140 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, revised, CTLFLAG_VNET | CTLFLAG_RW, 141 &VNET_NAME(tcp_do_newsack), 0, 142 "Use revised SACK loss recovery per RFC 6675"); 143 144 VNET_DEFINE(int, tcp_sack_maxholes) = 128; 145 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, maxholes, CTLFLAG_VNET | CTLFLAG_RW, 146 &VNET_NAME(tcp_sack_maxholes), 0, 147 "Maximum number of TCP SACK holes allowed per connection"); 148 149 VNET_DEFINE(int, tcp_sack_globalmaxholes) = 65536; 150 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalmaxholes, CTLFLAG_VNET | CTLFLAG_RW, 151 &VNET_NAME(tcp_sack_globalmaxholes), 0, 152 "Global maximum number of TCP SACK holes"); 153 154 VNET_DEFINE(int, tcp_sack_globalholes) = 0; 155 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalholes, CTLFLAG_VNET | CTLFLAG_RD, 156 &VNET_NAME(tcp_sack_globalholes), 0, 157 "Global number of TCP SACK holes currently allocated"); 158 159 /* 160 * This function will find overlaps with the currently stored sackblocks 161 * and add any overlap as a dsack block upfront 162 */ 163 void 164 tcp_update_dsack_list(struct tcpcb *tp, tcp_seq rcv_start, tcp_seq rcv_end) 165 { 166 struct sackblk head_blk,mid_blk,saved_blks[MAX_SACK_BLKS]; 167 int i, j, n, identical; 168 tcp_seq start, end; 169 170 INP_WLOCK_ASSERT(tp->t_inpcb); 171 172 KASSERT(SEQ_LT(rcv_start, rcv_end), ("rcv_start < rcv_end")); 173 174 if (SEQ_LT(rcv_end, tp->rcv_nxt) || 175 ((rcv_end == tp->rcv_nxt) && 176 (tp->rcv_numsacks > 0 ) && 177 (tp->sackblks[0].end == tp->rcv_nxt))) { 178 saved_blks[0].start = rcv_start; 179 saved_blks[0].end = rcv_end; 180 } else { 181 saved_blks[0].start = saved_blks[0].end = 0; 182 } 183 184 head_blk.start = head_blk.end = 0; 185 mid_blk.start = rcv_start; 186 mid_blk.end = rcv_end; 187 identical = 0; 188 189 for (i = 0; i < tp->rcv_numsacks; i++) { 190 start = tp->sackblks[i].start; 191 end = tp->sackblks[i].end; 192 if (SEQ_LT(rcv_end, start)) { 193 /* pkt left to sack blk */ 194 continue; 195 } 196 if (SEQ_GT(rcv_start, end)) { 197 /* pkt right to sack blk */ 198 continue; 199 } 200 if (SEQ_GT(tp->rcv_nxt, end)) { 201 if ((SEQ_MAX(rcv_start, start) != SEQ_MIN(rcv_end, end)) && 202 (SEQ_GT(head_blk.start, SEQ_MAX(rcv_start, start)) || 203 (head_blk.start == head_blk.end))) { 204 head_blk.start = SEQ_MAX(rcv_start, start); 205 head_blk.end = SEQ_MIN(rcv_end, end); 206 } 207 continue; 208 } 209 if (((head_blk.start == head_blk.end) || 210 SEQ_LT(start, head_blk.start)) && 211 (SEQ_GT(end, rcv_start) && 212 SEQ_LEQ(start, rcv_end))) { 213 head_blk.start = start; 214 head_blk.end = end; 215 } 216 mid_blk.start = SEQ_MIN(mid_blk.start, start); 217 mid_blk.end = SEQ_MAX(mid_blk.end, end); 218 if ((mid_blk.start == start) && 219 (mid_blk.end == end)) 220 identical = 1; 221 } 222 if (SEQ_LT(head_blk.start, head_blk.end)) { 223 /* store overlapping range */ 224 saved_blks[0].start = SEQ_MAX(rcv_start, head_blk.start); 225 saved_blks[0].end = SEQ_MIN(rcv_end, head_blk.end); 226 } 227 n = 1; 228 /* 229 * Second, if not ACKed, store the SACK block that 230 * overlaps with the DSACK block unless it is identical 231 */ 232 if ((SEQ_LT(tp->rcv_nxt, mid_blk.end) && 233 !((mid_blk.start == saved_blks[0].start) && 234 (mid_blk.end == saved_blks[0].end))) || 235 identical == 1) { 236 saved_blks[n].start = mid_blk.start; 237 saved_blks[n++].end = mid_blk.end; 238 } 239 for (j = 0; (j < tp->rcv_numsacks) && (n < MAX_SACK_BLKS); j++) { 240 if (((SEQ_LT(tp->sackblks[j].end, mid_blk.start) || 241 SEQ_GT(tp->sackblks[j].start, mid_blk.end)) && 242 (SEQ_GT(tp->sackblks[j].start, tp->rcv_nxt)))) 243 saved_blks[n++] = tp->sackblks[j]; 244 } 245 j = 0; 246 for (i = 0; i < n; i++) { 247 /* we can end up with a stale initial entry */ 248 if (SEQ_LT(saved_blks[i].start, saved_blks[i].end)) { 249 tp->sackblks[j++] = saved_blks[i]; 250 } 251 } 252 tp->rcv_numsacks = j; 253 } 254 255 /* 256 * This function is called upon receipt of new valid data (while not in 257 * header prediction mode), and it updates the ordered list of sacks. 258 */ 259 void 260 tcp_update_sack_list(struct tcpcb *tp, tcp_seq rcv_start, tcp_seq rcv_end) 261 { 262 /* 263 * First reported block MUST be the most recent one. Subsequent 264 * blocks SHOULD be in the order in which they arrived at the 265 * receiver. These two conditions make the implementation fully 266 * compliant with RFC 2018. 267 */ 268 struct sackblk head_blk, saved_blks[MAX_SACK_BLKS]; 269 int num_head, num_saved, i; 270 271 INP_WLOCK_ASSERT(tp->t_inpcb); 272 273 /* Check arguments. */ 274 KASSERT(SEQ_LEQ(rcv_start, rcv_end), ("rcv_start <= rcv_end")); 275 276 if ((rcv_start == rcv_end) && 277 (tp->rcv_numsacks >= 1) && 278 (rcv_end == tp->sackblks[0].end)) { 279 /* retaining DSACK block below rcv_nxt (todrop) */ 280 head_blk = tp->sackblks[0]; 281 } else { 282 /* SACK block for the received segment. */ 283 head_blk.start = rcv_start; 284 head_blk.end = rcv_end; 285 } 286 287 /* 288 * Merge updated SACK blocks into head_blk, and save unchanged SACK 289 * blocks into saved_blks[]. num_saved will have the number of the 290 * saved SACK blocks. 291 */ 292 num_saved = 0; 293 for (i = 0; i < tp->rcv_numsacks; i++) { 294 tcp_seq start = tp->sackblks[i].start; 295 tcp_seq end = tp->sackblks[i].end; 296 if (SEQ_GEQ(start, end) || SEQ_LEQ(start, tp->rcv_nxt)) { 297 /* 298 * Discard this SACK block. 299 */ 300 } else if (SEQ_LEQ(head_blk.start, end) && 301 SEQ_GEQ(head_blk.end, start)) { 302 /* 303 * Merge this SACK block into head_blk. This SACK 304 * block itself will be discarded. 305 */ 306 /* 307 * |-| 308 * |---| merge 309 * 310 * |-| 311 * |---| merge 312 * 313 * |-----| 314 * |-| DSACK smaller 315 * 316 * |-| 317 * |-----| DSACK smaller 318 */ 319 if (head_blk.start == end) 320 head_blk.start = start; 321 else if (head_blk.end == start) 322 head_blk.end = end; 323 else { 324 if (SEQ_LT(head_blk.start, start)) { 325 tcp_seq temp = start; 326 start = head_blk.start; 327 head_blk.start = temp; 328 } 329 if (SEQ_GT(head_blk.end, end)) { 330 tcp_seq temp = end; 331 end = head_blk.end; 332 head_blk.end = temp; 333 } 334 if ((head_blk.start != start) || 335 (head_blk.end != end)) { 336 if ((num_saved >= 1) && 337 SEQ_GEQ(saved_blks[num_saved-1].start, start) && 338 SEQ_LEQ(saved_blks[num_saved-1].end, end)) 339 num_saved--; 340 saved_blks[num_saved].start = start; 341 saved_blks[num_saved].end = end; 342 num_saved++; 343 } 344 } 345 } else { 346 /* 347 * This block supercedes the prior block 348 */ 349 if ((num_saved >= 1) && 350 SEQ_GEQ(saved_blks[num_saved-1].start, start) && 351 SEQ_LEQ(saved_blks[num_saved-1].end, end)) 352 num_saved--; 353 /* 354 * Save this SACK block. 355 */ 356 saved_blks[num_saved].start = start; 357 saved_blks[num_saved].end = end; 358 num_saved++; 359 } 360 } 361 362 /* 363 * Update SACK list in tp->sackblks[]. 364 */ 365 num_head = 0; 366 if (SEQ_LT(rcv_start, rcv_end)) { 367 /* 368 * The received data segment is an out-of-order segment. Put 369 * head_blk at the top of SACK list. 370 */ 371 tp->sackblks[0] = head_blk; 372 num_head = 1; 373 /* 374 * If the number of saved SACK blocks exceeds its limit, 375 * discard the last SACK block. 376 */ 377 if (num_saved >= MAX_SACK_BLKS) 378 num_saved--; 379 } 380 if ((rcv_start == rcv_end) && 381 (rcv_start == tp->sackblks[0].end)) { 382 num_head = 1; 383 } 384 if (num_saved > 0) { 385 /* 386 * Copy the saved SACK blocks back. 387 */ 388 bcopy(saved_blks, &tp->sackblks[num_head], 389 sizeof(struct sackblk) * num_saved); 390 } 391 392 /* Save the number of SACK blocks. */ 393 tp->rcv_numsacks = num_head + num_saved; 394 } 395 396 void 397 tcp_clean_dsack_blocks(struct tcpcb *tp) 398 { 399 struct sackblk saved_blks[MAX_SACK_BLKS]; 400 int num_saved, i; 401 402 INP_WLOCK_ASSERT(tp->t_inpcb); 403 /* 404 * Clean up any DSACK blocks that 405 * are in our queue of sack blocks. 406 * 407 */ 408 num_saved = 0; 409 for (i = 0; i < tp->rcv_numsacks; i++) { 410 tcp_seq start = tp->sackblks[i].start; 411 tcp_seq end = tp->sackblks[i].end; 412 if (SEQ_GEQ(start, end) || SEQ_LEQ(start, tp->rcv_nxt)) { 413 /* 414 * Discard this D-SACK block. 415 */ 416 continue; 417 } 418 /* 419 * Save this SACK block. 420 */ 421 saved_blks[num_saved].start = start; 422 saved_blks[num_saved].end = end; 423 num_saved++; 424 } 425 if (num_saved > 0) { 426 /* 427 * Copy the saved SACK blocks back. 428 */ 429 bcopy(saved_blks, &tp->sackblks[0], 430 sizeof(struct sackblk) * num_saved); 431 } 432 tp->rcv_numsacks = num_saved; 433 } 434 435 /* 436 * Delete all receiver-side SACK information. 437 */ 438 void 439 tcp_clean_sackreport(struct tcpcb *tp) 440 { 441 int i; 442 443 INP_WLOCK_ASSERT(tp->t_inpcb); 444 tp->rcv_numsacks = 0; 445 for (i = 0; i < MAX_SACK_BLKS; i++) 446 tp->sackblks[i].start = tp->sackblks[i].end=0; 447 } 448 449 /* 450 * Allocate struct sackhole. 451 */ 452 static struct sackhole * 453 tcp_sackhole_alloc(struct tcpcb *tp, tcp_seq start, tcp_seq end) 454 { 455 struct sackhole *hole; 456 457 if (tp->snd_numholes >= V_tcp_sack_maxholes || 458 V_tcp_sack_globalholes >= V_tcp_sack_globalmaxholes) { 459 TCPSTAT_INC(tcps_sack_sboverflow); 460 return NULL; 461 } 462 463 hole = (struct sackhole *)uma_zalloc(V_sack_hole_zone, M_NOWAIT); 464 if (hole == NULL) 465 return NULL; 466 467 hole->start = start; 468 hole->end = end; 469 hole->rxmit = start; 470 471 tp->snd_numholes++; 472 atomic_add_int(&V_tcp_sack_globalholes, 1); 473 474 return hole; 475 } 476 477 /* 478 * Free struct sackhole. 479 */ 480 static void 481 tcp_sackhole_free(struct tcpcb *tp, struct sackhole *hole) 482 { 483 484 uma_zfree(V_sack_hole_zone, hole); 485 486 tp->snd_numholes--; 487 atomic_subtract_int(&V_tcp_sack_globalholes, 1); 488 489 KASSERT(tp->snd_numholes >= 0, ("tp->snd_numholes >= 0")); 490 KASSERT(V_tcp_sack_globalholes >= 0, ("tcp_sack_globalholes >= 0")); 491 } 492 493 /* 494 * Insert new SACK hole into scoreboard. 495 */ 496 static struct sackhole * 497 tcp_sackhole_insert(struct tcpcb *tp, tcp_seq start, tcp_seq end, 498 struct sackhole *after) 499 { 500 struct sackhole *hole; 501 502 /* Allocate a new SACK hole. */ 503 hole = tcp_sackhole_alloc(tp, start, end); 504 if (hole == NULL) 505 return NULL; 506 507 /* Insert the new SACK hole into scoreboard. */ 508 if (after != NULL) 509 TAILQ_INSERT_AFTER(&tp->snd_holes, after, hole, scblink); 510 else 511 TAILQ_INSERT_TAIL(&tp->snd_holes, hole, scblink); 512 513 /* Update SACK hint. */ 514 if (tp->sackhint.nexthole == NULL) 515 tp->sackhint.nexthole = hole; 516 517 return hole; 518 } 519 520 /* 521 * Remove SACK hole from scoreboard. 522 */ 523 static void 524 tcp_sackhole_remove(struct tcpcb *tp, struct sackhole *hole) 525 { 526 527 /* Update SACK hint. */ 528 if (tp->sackhint.nexthole == hole) 529 tp->sackhint.nexthole = TAILQ_NEXT(hole, scblink); 530 531 /* Remove this SACK hole. */ 532 TAILQ_REMOVE(&tp->snd_holes, hole, scblink); 533 534 /* Free this SACK hole. */ 535 tcp_sackhole_free(tp, hole); 536 } 537 538 /* 539 * Process cumulative ACK and the TCP SACK option to update the scoreboard. 540 * tp->snd_holes is an ordered list of holes (oldest to newest, in terms of 541 * the sequence space). 542 * Returns 1 if incoming ACK has previously unknown SACK information, 543 * 0 otherwise. 544 */ 545 int 546 tcp_sack_doack(struct tcpcb *tp, struct tcpopt *to, tcp_seq th_ack) 547 { 548 struct sackhole *cur, *temp; 549 struct sackblk sack, sack_blocks[TCP_MAX_SACK + 1], *sblkp; 550 int i, j, num_sack_blks, sack_changed; 551 int delivered_data, left_edge_delta; 552 553 INP_WLOCK_ASSERT(tp->t_inpcb); 554 555 num_sack_blks = 0; 556 sack_changed = 0; 557 delivered_data = 0; 558 left_edge_delta = 0; 559 /* 560 * If SND.UNA will be advanced by SEG.ACK, and if SACK holes exist, 561 * treat [SND.UNA, SEG.ACK) as if it is a SACK block. 562 * Account changes to SND.UNA always in delivered data. 563 */ 564 if (SEQ_LT(tp->snd_una, th_ack) && !TAILQ_EMPTY(&tp->snd_holes)) { 565 left_edge_delta = th_ack - tp->snd_una; 566 sack_blocks[num_sack_blks].start = tp->snd_una; 567 sack_blocks[num_sack_blks++].end = th_ack; 568 /* 569 * Pulling snd_fack forward if we got here 570 * due to DSACK blocks 571 */ 572 if (SEQ_LT(tp->snd_fack, th_ack)) { 573 delivered_data += th_ack - tp->snd_una; 574 tp->snd_fack = th_ack; 575 sack_changed = 1; 576 } 577 } 578 /* 579 * Append received valid SACK blocks to sack_blocks[], but only if we 580 * received new blocks from the other side. 581 */ 582 if (to->to_flags & TOF_SACK) { 583 for (i = 0; i < to->to_nsacks; i++) { 584 bcopy((to->to_sacks + i * TCPOLEN_SACK), 585 &sack, sizeof(sack)); 586 sack.start = ntohl(sack.start); 587 sack.end = ntohl(sack.end); 588 if (SEQ_GT(sack.end, sack.start) && 589 SEQ_GT(sack.start, tp->snd_una) && 590 SEQ_GT(sack.start, th_ack) && 591 SEQ_LT(sack.start, tp->snd_max) && 592 SEQ_GT(sack.end, tp->snd_una) && 593 SEQ_LEQ(sack.end, tp->snd_max)) { 594 sack_blocks[num_sack_blks++] = sack; 595 } 596 } 597 } 598 /* 599 * Return if SND.UNA is not advanced and no valid SACK block is 600 * received. 601 */ 602 if (num_sack_blks == 0) 603 return (sack_changed); 604 605 /* 606 * Sort the SACK blocks so we can update the scoreboard with just one 607 * pass. The overhead of sorting up to 4+1 elements is less than 608 * making up to 4+1 passes over the scoreboard. 609 */ 610 for (i = 0; i < num_sack_blks; i++) { 611 for (j = i + 1; j < num_sack_blks; j++) { 612 if (SEQ_GT(sack_blocks[i].end, sack_blocks[j].end)) { 613 sack = sack_blocks[i]; 614 sack_blocks[i] = sack_blocks[j]; 615 sack_blocks[j] = sack; 616 } 617 } 618 } 619 if (TAILQ_EMPTY(&tp->snd_holes)) { 620 /* 621 * Empty scoreboard. Need to initialize snd_fack (it may be 622 * uninitialized or have a bogus value). Scoreboard holes 623 * (from the sack blocks received) are created later below 624 * (in the logic that adds holes to the tail of the 625 * scoreboard). 626 */ 627 tp->snd_fack = SEQ_MAX(tp->snd_una, th_ack); 628 tp->sackhint.sacked_bytes = 0; /* reset */ 629 } 630 /* 631 * In the while-loop below, incoming SACK blocks (sack_blocks[]) and 632 * SACK holes (snd_holes) are traversed from their tails with just 633 * one pass in order to reduce the number of compares especially when 634 * the bandwidth-delay product is large. 635 * 636 * Note: Typically, in the first RTT of SACK recovery, the highest 637 * three or four SACK blocks with the same ack number are received. 638 * In the second RTT, if retransmitted data segments are not lost, 639 * the highest three or four SACK blocks with ack number advancing 640 * are received. 641 */ 642 sblkp = &sack_blocks[num_sack_blks - 1]; /* Last SACK block */ 643 tp->sackhint.last_sack_ack = sblkp->end; 644 if (SEQ_LT(tp->snd_fack, sblkp->start)) { 645 /* 646 * The highest SACK block is beyond fack. First, 647 * check if there was a successful Rescue Retransmission, 648 * and move this hole left. With normal holes, snd_fack 649 * is always to the right of the end. 650 */ 651 if (((temp = TAILQ_LAST(&tp->snd_holes, sackhole_head)) != NULL) && 652 SEQ_LEQ(tp->snd_fack,temp->end)) { 653 temp->start = SEQ_MAX(tp->snd_fack, SEQ_MAX(tp->snd_una, th_ack)); 654 temp->end = sblkp->start; 655 temp->rxmit = temp->start; 656 delivered_data += sblkp->end - sblkp->start; 657 tp->snd_fack = sblkp->end; 658 sblkp--; 659 sack_changed = 1; 660 } else { 661 /* 662 * Append a new SACK hole at the tail. If the 663 * second or later highest SACK blocks are also 664 * beyond the current fack, they will be inserted 665 * by way of hole splitting in the while-loop below. 666 */ 667 temp = tcp_sackhole_insert(tp, tp->snd_fack,sblkp->start,NULL); 668 if (temp != NULL) { 669 delivered_data += sblkp->end - sblkp->start; 670 tp->snd_fack = sblkp->end; 671 /* Go to the previous sack block. */ 672 sblkp--; 673 sack_changed = 1; 674 } else { 675 /* 676 * We failed to add a new hole based on the current 677 * sack block. Skip over all the sack blocks that 678 * fall completely to the right of snd_fack and 679 * proceed to trim the scoreboard based on the 680 * remaining sack blocks. This also trims the 681 * scoreboard for th_ack (which is sack_blocks[0]). 682 */ 683 while (sblkp >= sack_blocks && 684 SEQ_LT(tp->snd_fack, sblkp->start)) 685 sblkp--; 686 if (sblkp >= sack_blocks && 687 SEQ_LT(tp->snd_fack, sblkp->end)) { 688 delivered_data += sblkp->end - tp->snd_fack; 689 tp->snd_fack = sblkp->end; 690 sack_changed = 1; 691 } 692 } 693 } 694 } else if (SEQ_LT(tp->snd_fack, sblkp->end)) { 695 /* fack is advanced. */ 696 delivered_data += sblkp->end - tp->snd_fack; 697 tp->snd_fack = sblkp->end; 698 sack_changed = 1; 699 } 700 cur = TAILQ_LAST(&tp->snd_holes, sackhole_head); /* Last SACK hole. */ 701 /* 702 * Since the incoming sack blocks are sorted, we can process them 703 * making one sweep of the scoreboard. 704 */ 705 while (sblkp >= sack_blocks && cur != NULL) { 706 if (SEQ_GEQ(sblkp->start, cur->end)) { 707 /* 708 * SACKs data beyond the current hole. Go to the 709 * previous sack block. 710 */ 711 sblkp--; 712 continue; 713 } 714 if (SEQ_LEQ(sblkp->end, cur->start)) { 715 /* 716 * SACKs data before the current hole. Go to the 717 * previous hole. 718 */ 719 cur = TAILQ_PREV(cur, sackhole_head, scblink); 720 continue; 721 } 722 tp->sackhint.sack_bytes_rexmit -= (cur->rxmit - cur->start); 723 KASSERT(tp->sackhint.sack_bytes_rexmit >= 0, 724 ("sackhint bytes rtx >= 0")); 725 sack_changed = 1; 726 if (SEQ_LEQ(sblkp->start, cur->start)) { 727 /* Data acks at least the beginning of hole. */ 728 if (SEQ_GEQ(sblkp->end, cur->end)) { 729 /* Acks entire hole, so delete hole. */ 730 delivered_data += (cur->end - cur->start); 731 temp = cur; 732 cur = TAILQ_PREV(cur, sackhole_head, scblink); 733 tcp_sackhole_remove(tp, temp); 734 /* 735 * The sack block may ack all or part of the 736 * next hole too, so continue onto the next 737 * hole. 738 */ 739 continue; 740 } else { 741 /* Move start of hole forward. */ 742 delivered_data += (sblkp->end - cur->start); 743 cur->start = sblkp->end; 744 cur->rxmit = SEQ_MAX(cur->rxmit, cur->start); 745 } 746 } else { 747 /* Data acks at least the end of hole. */ 748 if (SEQ_GEQ(sblkp->end, cur->end)) { 749 /* Move end of hole backward. */ 750 delivered_data += (cur->end - sblkp->start); 751 cur->end = sblkp->start; 752 cur->rxmit = SEQ_MIN(cur->rxmit, cur->end); 753 } else { 754 /* 755 * ACKs some data in middle of a hole; need 756 * to split current hole 757 */ 758 temp = tcp_sackhole_insert(tp, sblkp->end, 759 cur->end, cur); 760 if (temp != NULL) { 761 if (SEQ_GT(cur->rxmit, temp->rxmit)) { 762 temp->rxmit = cur->rxmit; 763 tp->sackhint.sack_bytes_rexmit 764 += (temp->rxmit 765 - temp->start); 766 } 767 cur->end = sblkp->start; 768 cur->rxmit = SEQ_MIN(cur->rxmit, 769 cur->end); 770 delivered_data += (sblkp->end - sblkp->start); 771 } 772 } 773 } 774 tp->sackhint.sack_bytes_rexmit += (cur->rxmit - cur->start); 775 /* 776 * Testing sblkp->start against cur->start tells us whether 777 * we're done with the sack block or the sack hole. 778 * Accordingly, we advance one or the other. 779 */ 780 if (SEQ_LEQ(sblkp->start, cur->start)) 781 cur = TAILQ_PREV(cur, sackhole_head, scblink); 782 else 783 sblkp--; 784 } 785 if (!(to->to_flags & TOF_SACK)) 786 /* 787 * If this ACK did not contain any 788 * SACK blocks, any only moved the 789 * left edge right, it is a pure 790 * cumulative ACK. Do not count 791 * DupAck for this. Also required 792 * for RFC6675 rescue retransmission. 793 */ 794 sack_changed = 0; 795 tp->sackhint.delivered_data = delivered_data; 796 tp->sackhint.sacked_bytes += delivered_data - left_edge_delta; 797 KASSERT((delivered_data >= 0), ("delivered_data < 0")); 798 KASSERT((tp->sackhint.sacked_bytes >= 0), ("sacked_bytes < 0")); 799 return (sack_changed); 800 } 801 802 /* 803 * Free all SACK holes to clear the scoreboard. 804 */ 805 void 806 tcp_free_sackholes(struct tcpcb *tp) 807 { 808 struct sackhole *q; 809 810 INP_WLOCK_ASSERT(tp->t_inpcb); 811 while ((q = TAILQ_FIRST(&tp->snd_holes)) != NULL) 812 tcp_sackhole_remove(tp, q); 813 tp->sackhint.sack_bytes_rexmit = 0; 814 815 KASSERT(tp->snd_numholes == 0, ("tp->snd_numholes == 0")); 816 KASSERT(tp->sackhint.nexthole == NULL, 817 ("tp->sackhint.nexthole == NULL")); 818 } 819 820 /* 821 * Partial ack handling within a sack recovery episode. Keeping this very 822 * simple for now. When a partial ack is received, force snd_cwnd to a value 823 * that will allow the sender to transmit no more than 2 segments. If 824 * necessary, a better scheme can be adopted at a later point, but for now, 825 * the goal is to prevent the sender from bursting a large amount of data in 826 * the midst of sack recovery. 827 */ 828 void 829 tcp_sack_partialack(struct tcpcb *tp, struct tcphdr *th) 830 { 831 int num_segs = 1; 832 u_int maxseg = tcp_maxseg(tp); 833 834 INP_WLOCK_ASSERT(tp->t_inpcb); 835 tcp_timer_activate(tp, TT_REXMT, 0); 836 tp->t_rtttime = 0; 837 /* Send one or 2 segments based on how much new data was acked. */ 838 if ((BYTES_THIS_ACK(tp, th) / maxseg) >= 2) 839 num_segs = 2; 840 tp->snd_cwnd = (tp->sackhint.sack_bytes_rexmit + 841 (tp->snd_nxt - tp->snd_recover) + num_segs * maxseg); 842 if (tp->snd_cwnd > tp->snd_ssthresh) 843 tp->snd_cwnd = tp->snd_ssthresh; 844 tp->t_flags |= TF_ACKNOW; 845 /* 846 * RFC6675 rescue retransmission 847 * Add a hole between th_ack (snd_una is not yet set) and snd_max, 848 * if this was a pure cumulative ACK and no data was send beyond 849 * recovery point. Since the data in the socket has not been freed 850 * at this point, we check if the scoreboard is empty, and the ACK 851 * delivered some new data, indicating a full ACK. Also, if the 852 * recovery point is still at snd_max, we are probably application 853 * limited. However, this inference might not always be true. The 854 * rescue retransmission may rarely be slightly premature 855 * compared to RFC6675. 856 * The corresponding ACK+SACK will cause any further outstanding 857 * segments to be retransmitted. This addresses a corner case, when 858 * the trailing packets of a window are lost and no further data 859 * is available for sending. 860 */ 861 if ((V_tcp_do_newsack) && 862 SEQ_LT(th->th_ack, tp->snd_recover) && 863 (tp->snd_recover == tp->snd_max) && 864 TAILQ_EMPTY(&tp->snd_holes) && 865 (tp->sackhint.delivered_data > 0)) { 866 /* 867 * Exclude FIN sequence space in 868 * the hole for the rescue retransmission, 869 * and also don't create a hole, if only 870 * the ACK for a FIN is outstanding. 871 */ 872 tcp_seq highdata = tp->snd_max; 873 if (tp->t_flags & TF_SENTFIN) 874 highdata--; 875 if (th->th_ack != highdata) { 876 tp->snd_fack = th->th_ack; 877 (void)tcp_sackhole_insert(tp, SEQ_MAX(th->th_ack, 878 highdata - maxseg), highdata, NULL); 879 } 880 } 881 (void) tp->t_fb->tfb_tcp_output(tp); 882 } 883 884 #if 0 885 /* 886 * Debug version of tcp_sack_output() that walks the scoreboard. Used for 887 * now to sanity check the hint. 888 */ 889 static struct sackhole * 890 tcp_sack_output_debug(struct tcpcb *tp, int *sack_bytes_rexmt) 891 { 892 struct sackhole *p; 893 894 INP_WLOCK_ASSERT(tp->t_inpcb); 895 *sack_bytes_rexmt = 0; 896 TAILQ_FOREACH(p, &tp->snd_holes, scblink) { 897 if (SEQ_LT(p->rxmit, p->end)) { 898 if (SEQ_LT(p->rxmit, tp->snd_una)) {/* old SACK hole */ 899 continue; 900 } 901 *sack_bytes_rexmt += (p->rxmit - p->start); 902 break; 903 } 904 *sack_bytes_rexmt += (p->rxmit - p->start); 905 } 906 return (p); 907 } 908 #endif 909 910 /* 911 * Returns the next hole to retransmit and the number of retransmitted bytes 912 * from the scoreboard. We store both the next hole and the number of 913 * retransmitted bytes as hints (and recompute these on the fly upon SACK/ACK 914 * reception). This avoids scoreboard traversals completely. 915 * 916 * The loop here will traverse *at most* one link. Here's the argument. For 917 * the loop to traverse more than 1 link before finding the next hole to 918 * retransmit, we would need to have at least 1 node following the current 919 * hint with (rxmit == end). But, for all holes following the current hint, 920 * (start == rxmit), since we have not yet retransmitted from them. 921 * Therefore, in order to traverse more 1 link in the loop below, we need to 922 * have at least one node following the current hint with (start == rxmit == 923 * end). But that can't happen, (start == end) means that all the data in 924 * that hole has been sacked, in which case, the hole would have been removed 925 * from the scoreboard. 926 */ 927 struct sackhole * 928 tcp_sack_output(struct tcpcb *tp, int *sack_bytes_rexmt) 929 { 930 struct sackhole *hole = NULL; 931 932 INP_WLOCK_ASSERT(tp->t_inpcb); 933 *sack_bytes_rexmt = tp->sackhint.sack_bytes_rexmit; 934 hole = tp->sackhint.nexthole; 935 if (hole == NULL || SEQ_LT(hole->rxmit, hole->end)) 936 goto out; 937 while ((hole = TAILQ_NEXT(hole, scblink)) != NULL) { 938 if (SEQ_LT(hole->rxmit, hole->end)) { 939 tp->sackhint.nexthole = hole; 940 break; 941 } 942 } 943 out: 944 return (hole); 945 } 946 947 /* 948 * After a timeout, the SACK list may be rebuilt. This SACK information 949 * should be used to avoid retransmitting SACKed data. This function 950 * traverses the SACK list to see if snd_nxt should be moved forward. 951 */ 952 void 953 tcp_sack_adjust(struct tcpcb *tp) 954 { 955 struct sackhole *p, *cur = TAILQ_FIRST(&tp->snd_holes); 956 957 INP_WLOCK_ASSERT(tp->t_inpcb); 958 if (cur == NULL) 959 return; /* No holes */ 960 if (SEQ_GEQ(tp->snd_nxt, tp->snd_fack)) 961 return; /* We're already beyond any SACKed blocks */ 962 /*- 963 * Two cases for which we want to advance snd_nxt: 964 * i) snd_nxt lies between end of one hole and beginning of another 965 * ii) snd_nxt lies between end of last hole and snd_fack 966 */ 967 while ((p = TAILQ_NEXT(cur, scblink)) != NULL) { 968 if (SEQ_LT(tp->snd_nxt, cur->end)) 969 return; 970 if (SEQ_GEQ(tp->snd_nxt, p->start)) 971 cur = p; 972 else { 973 tp->snd_nxt = p->start; 974 return; 975 } 976 } 977 if (SEQ_LT(tp->snd_nxt, cur->end)) 978 return; 979 tp->snd_nxt = tp->snd_fack; 980 } 981