xref: /freebsd/sys/netinet/tcp_usrreq.c (revision ba00ec3d539f213abbda3a45ef8c539306cac098)
1 /*-
2  * Copyright (c) 1982, 1986, 1988, 1993
3  *	The Regents of the University of California.
4  * Copyright (c) 2006-2007 Robert N. M. Watson
5  * Copyright (c) 2010-2011 Juniper Networks, Inc.
6  * All rights reserved.
7  *
8  * Portions of this software were developed by Robert N. M. Watson under
9  * contract to Juniper Networks, Inc.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  * 4. Neither the name of the University nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  *
35  *	From: @(#)tcp_usrreq.c	8.2 (Berkeley) 1/3/94
36  */
37 
38 #include <sys/cdefs.h>
39 __FBSDID("$FreeBSD$");
40 
41 #include "opt_ddb.h"
42 #include "opt_inet.h"
43 #include "opt_inet6.h"
44 #include "opt_tcpdebug.h"
45 
46 #include <sys/param.h>
47 #include <sys/systm.h>
48 #include <sys/limits.h>
49 #include <sys/malloc.h>
50 #include <sys/kernel.h>
51 #include <sys/sysctl.h>
52 #include <sys/mbuf.h>
53 #ifdef INET6
54 #include <sys/domain.h>
55 #endif /* INET6 */
56 #include <sys/socket.h>
57 #include <sys/socketvar.h>
58 #include <sys/protosw.h>
59 #include <sys/proc.h>
60 #include <sys/jail.h>
61 
62 #ifdef DDB
63 #include <ddb/ddb.h>
64 #endif
65 
66 #include <net/if.h>
67 #include <net/route.h>
68 #include <net/vnet.h>
69 
70 #include <netinet/cc.h>
71 #include <netinet/in.h>
72 #include <netinet/in_pcb.h>
73 #include <netinet/in_systm.h>
74 #include <netinet/in_var.h>
75 #include <netinet/ip_var.h>
76 #ifdef INET6
77 #include <netinet/ip6.h>
78 #include <netinet6/in6_pcb.h>
79 #include <netinet6/ip6_var.h>
80 #include <netinet6/scope6_var.h>
81 #endif
82 #include <netinet/tcp_fsm.h>
83 #include <netinet/tcp_seq.h>
84 #include <netinet/tcp_timer.h>
85 #include <netinet/tcp_var.h>
86 #include <netinet/tcpip.h>
87 #ifdef TCPDEBUG
88 #include <netinet/tcp_debug.h>
89 #endif
90 #ifdef TCP_OFFLOAD
91 #include <netinet/tcp_offload.h>
92 #endif
93 
94 /*
95  * TCP protocol interface to socket abstraction.
96  */
97 static int	tcp_attach(struct socket *);
98 #ifdef INET
99 static int	tcp_connect(struct tcpcb *, struct sockaddr *,
100 		    struct thread *td);
101 #endif /* INET */
102 #ifdef INET6
103 static int	tcp6_connect(struct tcpcb *, struct sockaddr *,
104 		    struct thread *td);
105 #endif /* INET6 */
106 static void	tcp_disconnect(struct tcpcb *);
107 static void	tcp_usrclosed(struct tcpcb *);
108 static void	tcp_fill_info(struct tcpcb *, struct tcp_info *);
109 
110 #ifdef TCPDEBUG
111 #define	TCPDEBUG0	int ostate = 0
112 #define	TCPDEBUG1()	ostate = tp ? tp->t_state : 0
113 #define	TCPDEBUG2(req)	if (tp && (so->so_options & SO_DEBUG)) \
114 				tcp_trace(TA_USER, ostate, tp, 0, 0, req)
115 #else
116 #define	TCPDEBUG0
117 #define	TCPDEBUG1()
118 #define	TCPDEBUG2(req)
119 #endif
120 
121 /*
122  * TCP attaches to socket via pru_attach(), reserving space,
123  * and an internet control block.
124  */
125 static int
126 tcp_usr_attach(struct socket *so, int proto, struct thread *td)
127 {
128 	struct inpcb *inp;
129 	struct tcpcb *tp = NULL;
130 	int error;
131 	TCPDEBUG0;
132 
133 	inp = sotoinpcb(so);
134 	KASSERT(inp == NULL, ("tcp_usr_attach: inp != NULL"));
135 	TCPDEBUG1();
136 
137 	error = tcp_attach(so);
138 	if (error)
139 		goto out;
140 
141 	if ((so->so_options & SO_LINGER) && so->so_linger == 0)
142 		so->so_linger = TCP_LINGERTIME;
143 
144 	inp = sotoinpcb(so);
145 	tp = intotcpcb(inp);
146 out:
147 	TCPDEBUG2(PRU_ATTACH);
148 	return error;
149 }
150 
151 /*
152  * tcp_detach is called when the socket layer loses its final reference
153  * to the socket, be it a file descriptor reference, a reference from TCP,
154  * etc.  At this point, there is only one case in which we will keep around
155  * inpcb state: time wait.
156  *
157  * This function can probably be re-absorbed back into tcp_usr_detach() now
158  * that there is a single detach path.
159  */
160 static void
161 tcp_detach(struct socket *so, struct inpcb *inp)
162 {
163 	struct tcpcb *tp;
164 
165 	INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
166 	INP_WLOCK_ASSERT(inp);
167 
168 	KASSERT(so->so_pcb == inp, ("tcp_detach: so_pcb != inp"));
169 	KASSERT(inp->inp_socket == so, ("tcp_detach: inp_socket != so"));
170 
171 	tp = intotcpcb(inp);
172 
173 	if (inp->inp_flags & INP_TIMEWAIT) {
174 		/*
175 		 * There are two cases to handle: one in which the time wait
176 		 * state is being discarded (INP_DROPPED), and one in which
177 		 * this connection will remain in timewait.  In the former,
178 		 * it is time to discard all state (except tcptw, which has
179 		 * already been discarded by the timewait close code, which
180 		 * should be further up the call stack somewhere).  In the
181 		 * latter case, we detach from the socket, but leave the pcb
182 		 * present until timewait ends.
183 		 *
184 		 * XXXRW: Would it be cleaner to free the tcptw here?
185 		 */
186 		if (inp->inp_flags & INP_DROPPED) {
187 			KASSERT(tp == NULL, ("tcp_detach: INP_TIMEWAIT && "
188 			    "INP_DROPPED && tp != NULL"));
189 			in_pcbdetach(inp);
190 			in_pcbfree(inp);
191 		} else {
192 			in_pcbdetach(inp);
193 			INP_WUNLOCK(inp);
194 		}
195 	} else {
196 		/*
197 		 * If the connection is not in timewait, we consider two
198 		 * two conditions: one in which no further processing is
199 		 * necessary (dropped || embryonic), and one in which TCP is
200 		 * not yet done, but no longer requires the socket, so the
201 		 * pcb will persist for the time being.
202 		 *
203 		 * XXXRW: Does the second case still occur?
204 		 */
205 		if (inp->inp_flags & INP_DROPPED ||
206 		    tp->t_state < TCPS_SYN_SENT) {
207 			tcp_discardcb(tp);
208 			in_pcbdetach(inp);
209 			in_pcbfree(inp);
210 		} else {
211 			in_pcbdetach(inp);
212 			INP_WUNLOCK(inp);
213 		}
214 	}
215 }
216 
217 /*
218  * pru_detach() detaches the TCP protocol from the socket.
219  * If the protocol state is non-embryonic, then can't
220  * do this directly: have to initiate a pru_disconnect(),
221  * which may finish later; embryonic TCB's can just
222  * be discarded here.
223  */
224 static void
225 tcp_usr_detach(struct socket *so)
226 {
227 	struct inpcb *inp;
228 
229 	inp = sotoinpcb(so);
230 	KASSERT(inp != NULL, ("tcp_usr_detach: inp == NULL"));
231 	INP_INFO_WLOCK(&V_tcbinfo);
232 	INP_WLOCK(inp);
233 	KASSERT(inp->inp_socket != NULL,
234 	    ("tcp_usr_detach: inp_socket == NULL"));
235 	tcp_detach(so, inp);
236 	INP_INFO_WUNLOCK(&V_tcbinfo);
237 }
238 
239 #ifdef INET
240 /*
241  * Give the socket an address.
242  */
243 static int
244 tcp_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
245 {
246 	int error = 0;
247 	struct inpcb *inp;
248 	struct tcpcb *tp = NULL;
249 	struct sockaddr_in *sinp;
250 
251 	sinp = (struct sockaddr_in *)nam;
252 	if (nam->sa_len != sizeof (*sinp))
253 		return (EINVAL);
254 	/*
255 	 * Must check for multicast addresses and disallow binding
256 	 * to them.
257 	 */
258 	if (sinp->sin_family == AF_INET &&
259 	    IN_MULTICAST(ntohl(sinp->sin_addr.s_addr)))
260 		return (EAFNOSUPPORT);
261 
262 	TCPDEBUG0;
263 	inp = sotoinpcb(so);
264 	KASSERT(inp != NULL, ("tcp_usr_bind: inp == NULL"));
265 	INP_WLOCK(inp);
266 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
267 		error = EINVAL;
268 		goto out;
269 	}
270 	tp = intotcpcb(inp);
271 	TCPDEBUG1();
272 	INP_HASH_WLOCK(&V_tcbinfo);
273 	error = in_pcbbind(inp, nam, td->td_ucred);
274 	INP_HASH_WUNLOCK(&V_tcbinfo);
275 out:
276 	TCPDEBUG2(PRU_BIND);
277 	INP_WUNLOCK(inp);
278 
279 	return (error);
280 }
281 #endif /* INET */
282 
283 #ifdef INET6
284 static int
285 tcp6_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
286 {
287 	int error = 0;
288 	struct inpcb *inp;
289 	struct tcpcb *tp = NULL;
290 	struct sockaddr_in6 *sin6p;
291 
292 	sin6p = (struct sockaddr_in6 *)nam;
293 	if (nam->sa_len != sizeof (*sin6p))
294 		return (EINVAL);
295 	/*
296 	 * Must check for multicast addresses and disallow binding
297 	 * to them.
298 	 */
299 	if (sin6p->sin6_family == AF_INET6 &&
300 	    IN6_IS_ADDR_MULTICAST(&sin6p->sin6_addr))
301 		return (EAFNOSUPPORT);
302 
303 	TCPDEBUG0;
304 	inp = sotoinpcb(so);
305 	KASSERT(inp != NULL, ("tcp6_usr_bind: inp == NULL"));
306 	INP_WLOCK(inp);
307 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
308 		error = EINVAL;
309 		goto out;
310 	}
311 	tp = intotcpcb(inp);
312 	TCPDEBUG1();
313 	INP_HASH_WLOCK(&V_tcbinfo);
314 	inp->inp_vflag &= ~INP_IPV4;
315 	inp->inp_vflag |= INP_IPV6;
316 #ifdef INET
317 	if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) {
318 		if (IN6_IS_ADDR_UNSPECIFIED(&sin6p->sin6_addr))
319 			inp->inp_vflag |= INP_IPV4;
320 		else if (IN6_IS_ADDR_V4MAPPED(&sin6p->sin6_addr)) {
321 			struct sockaddr_in sin;
322 
323 			in6_sin6_2_sin(&sin, sin6p);
324 			inp->inp_vflag |= INP_IPV4;
325 			inp->inp_vflag &= ~INP_IPV6;
326 			error = in_pcbbind(inp, (struct sockaddr *)&sin,
327 			    td->td_ucred);
328 			INP_HASH_WUNLOCK(&V_tcbinfo);
329 			goto out;
330 		}
331 	}
332 #endif
333 	error = in6_pcbbind(inp, nam, td->td_ucred);
334 	INP_HASH_WUNLOCK(&V_tcbinfo);
335 out:
336 	TCPDEBUG2(PRU_BIND);
337 	INP_WUNLOCK(inp);
338 	return (error);
339 }
340 #endif /* INET6 */
341 
342 #ifdef INET
343 /*
344  * Prepare to accept connections.
345  */
346 static int
347 tcp_usr_listen(struct socket *so, int backlog, struct thread *td)
348 {
349 	int error = 0;
350 	struct inpcb *inp;
351 	struct tcpcb *tp = NULL;
352 
353 	TCPDEBUG0;
354 	inp = sotoinpcb(so);
355 	KASSERT(inp != NULL, ("tcp_usr_listen: inp == NULL"));
356 	INP_WLOCK(inp);
357 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
358 		error = EINVAL;
359 		goto out;
360 	}
361 	tp = intotcpcb(inp);
362 	TCPDEBUG1();
363 	SOCK_LOCK(so);
364 	error = solisten_proto_check(so);
365 	INP_HASH_WLOCK(&V_tcbinfo);
366 	if (error == 0 && inp->inp_lport == 0)
367 		error = in_pcbbind(inp, (struct sockaddr *)0, td->td_ucred);
368 	INP_HASH_WUNLOCK(&V_tcbinfo);
369 	if (error == 0) {
370 		tp->t_state = TCPS_LISTEN;
371 		solisten_proto(so, backlog);
372 #ifdef TCP_OFFLOAD
373 		tcp_offload_listen_start(tp);
374 #endif
375 	}
376 	SOCK_UNLOCK(so);
377 
378 out:
379 	TCPDEBUG2(PRU_LISTEN);
380 	INP_WUNLOCK(inp);
381 	return (error);
382 }
383 #endif /* INET */
384 
385 #ifdef INET6
386 static int
387 tcp6_usr_listen(struct socket *so, int backlog, struct thread *td)
388 {
389 	int error = 0;
390 	struct inpcb *inp;
391 	struct tcpcb *tp = NULL;
392 
393 	TCPDEBUG0;
394 	inp = sotoinpcb(so);
395 	KASSERT(inp != NULL, ("tcp6_usr_listen: inp == NULL"));
396 	INP_WLOCK(inp);
397 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
398 		error = EINVAL;
399 		goto out;
400 	}
401 	tp = intotcpcb(inp);
402 	TCPDEBUG1();
403 	SOCK_LOCK(so);
404 	error = solisten_proto_check(so);
405 	INP_HASH_WLOCK(&V_tcbinfo);
406 	if (error == 0 && inp->inp_lport == 0) {
407 		inp->inp_vflag &= ~INP_IPV4;
408 		if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0)
409 			inp->inp_vflag |= INP_IPV4;
410 		error = in6_pcbbind(inp, (struct sockaddr *)0, td->td_ucred);
411 	}
412 	INP_HASH_WUNLOCK(&V_tcbinfo);
413 	if (error == 0) {
414 		tp->t_state = TCPS_LISTEN;
415 		solisten_proto(so, backlog);
416 #ifdef TCP_OFFLOAD
417 		tcp_offload_listen_start(tp);
418 #endif
419 	}
420 	SOCK_UNLOCK(so);
421 
422 out:
423 	TCPDEBUG2(PRU_LISTEN);
424 	INP_WUNLOCK(inp);
425 	return (error);
426 }
427 #endif /* INET6 */
428 
429 #ifdef INET
430 /*
431  * Initiate connection to peer.
432  * Create a template for use in transmissions on this connection.
433  * Enter SYN_SENT state, and mark socket as connecting.
434  * Start keep-alive timer, and seed output sequence space.
435  * Send initial segment on connection.
436  */
437 static int
438 tcp_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
439 {
440 	int error = 0;
441 	struct inpcb *inp;
442 	struct tcpcb *tp = NULL;
443 	struct sockaddr_in *sinp;
444 
445 	sinp = (struct sockaddr_in *)nam;
446 	if (nam->sa_len != sizeof (*sinp))
447 		return (EINVAL);
448 	/*
449 	 * Must disallow TCP ``connections'' to multicast addresses.
450 	 */
451 	if (sinp->sin_family == AF_INET
452 	    && IN_MULTICAST(ntohl(sinp->sin_addr.s_addr)))
453 		return (EAFNOSUPPORT);
454 	if ((error = prison_remote_ip4(td->td_ucred, &sinp->sin_addr)) != 0)
455 		return (error);
456 
457 	TCPDEBUG0;
458 	inp = sotoinpcb(so);
459 	KASSERT(inp != NULL, ("tcp_usr_connect: inp == NULL"));
460 	INP_WLOCK(inp);
461 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
462 		error = EINVAL;
463 		goto out;
464 	}
465 	tp = intotcpcb(inp);
466 	TCPDEBUG1();
467 	if ((error = tcp_connect(tp, nam, td)) != 0)
468 		goto out;
469 #ifdef TCP_OFFLOAD
470 	if (registered_toedevs > 0 &&
471 	    (error = tcp_offload_connect(so, nam)) == 0)
472 		goto out;
473 #endif
474 	tcp_timer_activate(tp, TT_KEEP, TP_KEEPINIT(tp));
475 	error = tcp_output(tp);
476 out:
477 	TCPDEBUG2(PRU_CONNECT);
478 	INP_WUNLOCK(inp);
479 	return (error);
480 }
481 #endif /* INET */
482 
483 #ifdef INET6
484 static int
485 tcp6_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
486 {
487 	int error = 0;
488 	struct inpcb *inp;
489 	struct tcpcb *tp = NULL;
490 	struct sockaddr_in6 *sin6p;
491 
492 	TCPDEBUG0;
493 
494 	sin6p = (struct sockaddr_in6 *)nam;
495 	if (nam->sa_len != sizeof (*sin6p))
496 		return (EINVAL);
497 	/*
498 	 * Must disallow TCP ``connections'' to multicast addresses.
499 	 */
500 	if (sin6p->sin6_family == AF_INET6
501 	    && IN6_IS_ADDR_MULTICAST(&sin6p->sin6_addr))
502 		return (EAFNOSUPPORT);
503 
504 	inp = sotoinpcb(so);
505 	KASSERT(inp != NULL, ("tcp6_usr_connect: inp == NULL"));
506 	INP_WLOCK(inp);
507 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
508 		error = EINVAL;
509 		goto out;
510 	}
511 	tp = intotcpcb(inp);
512 	TCPDEBUG1();
513 #ifdef INET
514 	/*
515 	 * XXXRW: Some confusion: V4/V6 flags relate to binding, and
516 	 * therefore probably require the hash lock, which isn't held here.
517 	 * Is this a significant problem?
518 	 */
519 	if (IN6_IS_ADDR_V4MAPPED(&sin6p->sin6_addr)) {
520 		struct sockaddr_in sin;
521 
522 		if ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0) {
523 			error = EINVAL;
524 			goto out;
525 		}
526 
527 		in6_sin6_2_sin(&sin, sin6p);
528 		inp->inp_vflag |= INP_IPV4;
529 		inp->inp_vflag &= ~INP_IPV6;
530 		if ((error = prison_remote_ip4(td->td_ucred,
531 		    &sin.sin_addr)) != 0)
532 			goto out;
533 		if ((error = tcp_connect(tp, (struct sockaddr *)&sin, td)) != 0)
534 			goto out;
535 #ifdef TCP_OFFLOAD
536 		if (registered_toedevs > 0 &&
537 		    (error = tcp_offload_connect(so, nam)) == 0)
538 			goto out;
539 #endif
540 		error = tcp_output(tp);
541 		goto out;
542 	}
543 #endif
544 	inp->inp_vflag &= ~INP_IPV4;
545 	inp->inp_vflag |= INP_IPV6;
546 	inp->inp_inc.inc_flags |= INC_ISIPV6;
547 	if ((error = prison_remote_ip6(td->td_ucred, &sin6p->sin6_addr)) != 0)
548 		goto out;
549 	if ((error = tcp6_connect(tp, nam, td)) != 0)
550 		goto out;
551 #ifdef TCP_OFFLOAD
552 	if (registered_toedevs > 0 &&
553 	    (error = tcp_offload_connect(so, nam)) == 0)
554 		goto out;
555 #endif
556 	tcp_timer_activate(tp, TT_KEEP, TP_KEEPINIT(tp));
557 	error = tcp_output(tp);
558 
559 out:
560 	TCPDEBUG2(PRU_CONNECT);
561 	INP_WUNLOCK(inp);
562 	return (error);
563 }
564 #endif /* INET6 */
565 
566 /*
567  * Initiate disconnect from peer.
568  * If connection never passed embryonic stage, just drop;
569  * else if don't need to let data drain, then can just drop anyways,
570  * else have to begin TCP shutdown process: mark socket disconnecting,
571  * drain unread data, state switch to reflect user close, and
572  * send segment (e.g. FIN) to peer.  Socket will be really disconnected
573  * when peer sends FIN and acks ours.
574  *
575  * SHOULD IMPLEMENT LATER PRU_CONNECT VIA REALLOC TCPCB.
576  */
577 static int
578 tcp_usr_disconnect(struct socket *so)
579 {
580 	struct inpcb *inp;
581 	struct tcpcb *tp = NULL;
582 	int error = 0;
583 
584 	TCPDEBUG0;
585 	INP_INFO_WLOCK(&V_tcbinfo);
586 	inp = sotoinpcb(so);
587 	KASSERT(inp != NULL, ("tcp_usr_disconnect: inp == NULL"));
588 	INP_WLOCK(inp);
589 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
590 		error = ECONNRESET;
591 		goto out;
592 	}
593 	tp = intotcpcb(inp);
594 	TCPDEBUG1();
595 	tcp_disconnect(tp);
596 out:
597 	TCPDEBUG2(PRU_DISCONNECT);
598 	INP_WUNLOCK(inp);
599 	INP_INFO_WUNLOCK(&V_tcbinfo);
600 	return (error);
601 }
602 
603 #ifdef INET
604 /*
605  * Accept a connection.  Essentially all the work is done at higher levels;
606  * just return the address of the peer, storing through addr.
607  *
608  * The rationale for acquiring the tcbinfo lock here is somewhat complicated,
609  * and is described in detail in the commit log entry for r175612.  Acquiring
610  * it delays an accept(2) racing with sonewconn(), which inserts the socket
611  * before the inpcb address/port fields are initialized.  A better fix would
612  * prevent the socket from being placed in the listen queue until all fields
613  * are fully initialized.
614  */
615 static int
616 tcp_usr_accept(struct socket *so, struct sockaddr **nam)
617 {
618 	int error = 0;
619 	struct inpcb *inp = NULL;
620 	struct tcpcb *tp = NULL;
621 	struct in_addr addr;
622 	in_port_t port = 0;
623 	TCPDEBUG0;
624 
625 	if (so->so_state & SS_ISDISCONNECTED)
626 		return (ECONNABORTED);
627 
628 	inp = sotoinpcb(so);
629 	KASSERT(inp != NULL, ("tcp_usr_accept: inp == NULL"));
630 	INP_INFO_RLOCK(&V_tcbinfo);
631 	INP_WLOCK(inp);
632 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
633 		error = ECONNABORTED;
634 		goto out;
635 	}
636 	tp = intotcpcb(inp);
637 	TCPDEBUG1();
638 
639 	/*
640 	 * We inline in_getpeeraddr and COMMON_END here, so that we can
641 	 * copy the data of interest and defer the malloc until after we
642 	 * release the lock.
643 	 */
644 	port = inp->inp_fport;
645 	addr = inp->inp_faddr;
646 
647 out:
648 	TCPDEBUG2(PRU_ACCEPT);
649 	INP_WUNLOCK(inp);
650 	INP_INFO_RUNLOCK(&V_tcbinfo);
651 	if (error == 0)
652 		*nam = in_sockaddr(port, &addr);
653 	return error;
654 }
655 #endif /* INET */
656 
657 #ifdef INET6
658 static int
659 tcp6_usr_accept(struct socket *so, struct sockaddr **nam)
660 {
661 	struct inpcb *inp = NULL;
662 	int error = 0;
663 	struct tcpcb *tp = NULL;
664 	struct in_addr addr;
665 	struct in6_addr addr6;
666 	in_port_t port = 0;
667 	int v4 = 0;
668 	TCPDEBUG0;
669 
670 	if (so->so_state & SS_ISDISCONNECTED)
671 		return (ECONNABORTED);
672 
673 	inp = sotoinpcb(so);
674 	KASSERT(inp != NULL, ("tcp6_usr_accept: inp == NULL"));
675 	INP_INFO_RLOCK(&V_tcbinfo);
676 	INP_WLOCK(inp);
677 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
678 		error = ECONNABORTED;
679 		goto out;
680 	}
681 	tp = intotcpcb(inp);
682 	TCPDEBUG1();
683 
684 	/*
685 	 * We inline in6_mapped_peeraddr and COMMON_END here, so that we can
686 	 * copy the data of interest and defer the malloc until after we
687 	 * release the lock.
688 	 */
689 	if (inp->inp_vflag & INP_IPV4) {
690 		v4 = 1;
691 		port = inp->inp_fport;
692 		addr = inp->inp_faddr;
693 	} else {
694 		port = inp->inp_fport;
695 		addr6 = inp->in6p_faddr;
696 	}
697 
698 out:
699 	TCPDEBUG2(PRU_ACCEPT);
700 	INP_WUNLOCK(inp);
701 	INP_INFO_RUNLOCK(&V_tcbinfo);
702 	if (error == 0) {
703 		if (v4)
704 			*nam = in6_v4mapsin6_sockaddr(port, &addr);
705 		else
706 			*nam = in6_sockaddr(port, &addr6);
707 	}
708 	return error;
709 }
710 #endif /* INET6 */
711 
712 /*
713  * Mark the connection as being incapable of further output.
714  */
715 static int
716 tcp_usr_shutdown(struct socket *so)
717 {
718 	int error = 0;
719 	struct inpcb *inp;
720 	struct tcpcb *tp = NULL;
721 
722 	TCPDEBUG0;
723 	INP_INFO_WLOCK(&V_tcbinfo);
724 	inp = sotoinpcb(so);
725 	KASSERT(inp != NULL, ("inp == NULL"));
726 	INP_WLOCK(inp);
727 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
728 		error = ECONNRESET;
729 		goto out;
730 	}
731 	tp = intotcpcb(inp);
732 	TCPDEBUG1();
733 	socantsendmore(so);
734 	tcp_usrclosed(tp);
735 	if (!(inp->inp_flags & INP_DROPPED))
736 		error = tcp_output(tp);
737 
738 out:
739 	TCPDEBUG2(PRU_SHUTDOWN);
740 	INP_WUNLOCK(inp);
741 	INP_INFO_WUNLOCK(&V_tcbinfo);
742 
743 	return (error);
744 }
745 
746 /*
747  * After a receive, possibly send window update to peer.
748  */
749 static int
750 tcp_usr_rcvd(struct socket *so, int flags)
751 {
752 	struct inpcb *inp;
753 	struct tcpcb *tp = NULL;
754 	int error = 0;
755 
756 	TCPDEBUG0;
757 	inp = sotoinpcb(so);
758 	KASSERT(inp != NULL, ("tcp_usr_rcvd: inp == NULL"));
759 	INP_WLOCK(inp);
760 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
761 		error = ECONNRESET;
762 		goto out;
763 	}
764 	tp = intotcpcb(inp);
765 	TCPDEBUG1();
766 #ifdef TCP_OFFLOAD
767 	if (tp->t_flags & TF_TOE)
768 		tcp_offload_rcvd(tp);
769 #endif
770 	tcp_output(tp);
771 
772 out:
773 	TCPDEBUG2(PRU_RCVD);
774 	INP_WUNLOCK(inp);
775 	return (error);
776 }
777 
778 /*
779  * Do a send by putting data in output queue and updating urgent
780  * marker if URG set.  Possibly send more data.  Unlike the other
781  * pru_*() routines, the mbuf chains are our responsibility.  We
782  * must either enqueue them or free them.  The other pru_* routines
783  * generally are caller-frees.
784  */
785 static int
786 tcp_usr_send(struct socket *so, int flags, struct mbuf *m,
787     struct sockaddr *nam, struct mbuf *control, struct thread *td)
788 {
789 	int error = 0;
790 	struct inpcb *inp;
791 	struct tcpcb *tp = NULL;
792 #ifdef INET6
793 	int isipv6;
794 #endif
795 	TCPDEBUG0;
796 
797 	/*
798 	 * We require the pcbinfo lock if we will close the socket as part of
799 	 * this call.
800 	 */
801 	if (flags & PRUS_EOF)
802 		INP_INFO_WLOCK(&V_tcbinfo);
803 	inp = sotoinpcb(so);
804 	KASSERT(inp != NULL, ("tcp_usr_send: inp == NULL"));
805 	INP_WLOCK(inp);
806 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
807 		if (control)
808 			m_freem(control);
809 		if (m)
810 			m_freem(m);
811 		error = ECONNRESET;
812 		goto out;
813 	}
814 #ifdef INET6
815 	isipv6 = nam && nam->sa_family == AF_INET6;
816 #endif /* INET6 */
817 	tp = intotcpcb(inp);
818 	TCPDEBUG1();
819 	if (control) {
820 		/* TCP doesn't do control messages (rights, creds, etc) */
821 		if (control->m_len) {
822 			m_freem(control);
823 			if (m)
824 				m_freem(m);
825 			error = EINVAL;
826 			goto out;
827 		}
828 		m_freem(control);	/* empty control, just free it */
829 	}
830 	if (!(flags & PRUS_OOB)) {
831 		sbappendstream(&so->so_snd, m);
832 		if (nam && tp->t_state < TCPS_SYN_SENT) {
833 			/*
834 			 * Do implied connect if not yet connected,
835 			 * initialize window to default value, and
836 			 * initialize maxseg/maxopd using peer's cached
837 			 * MSS.
838 			 */
839 #ifdef INET6
840 			if (isipv6)
841 				error = tcp6_connect(tp, nam, td);
842 #endif /* INET6 */
843 #if defined(INET6) && defined(INET)
844 			else
845 #endif
846 #ifdef INET
847 				error = tcp_connect(tp, nam, td);
848 #endif
849 			if (error)
850 				goto out;
851 			tp->snd_wnd = TTCP_CLIENT_SND_WND;
852 			tcp_mss(tp, -1);
853 		}
854 		if (flags & PRUS_EOF) {
855 			/*
856 			 * Close the send side of the connection after
857 			 * the data is sent.
858 			 */
859 			INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
860 			socantsendmore(so);
861 			tcp_usrclosed(tp);
862 		}
863 		if (!(inp->inp_flags & INP_DROPPED)) {
864 			if (flags & PRUS_MORETOCOME)
865 				tp->t_flags |= TF_MORETOCOME;
866 			error = tcp_output(tp);
867 			if (flags & PRUS_MORETOCOME)
868 				tp->t_flags &= ~TF_MORETOCOME;
869 		}
870 	} else {
871 		/*
872 		 * XXXRW: PRUS_EOF not implemented with PRUS_OOB?
873 		 */
874 		SOCKBUF_LOCK(&so->so_snd);
875 		if (sbspace(&so->so_snd) < -512) {
876 			SOCKBUF_UNLOCK(&so->so_snd);
877 			m_freem(m);
878 			error = ENOBUFS;
879 			goto out;
880 		}
881 		/*
882 		 * According to RFC961 (Assigned Protocols),
883 		 * the urgent pointer points to the last octet
884 		 * of urgent data.  We continue, however,
885 		 * to consider it to indicate the first octet
886 		 * of data past the urgent section.
887 		 * Otherwise, snd_up should be one lower.
888 		 */
889 		sbappendstream_locked(&so->so_snd, m);
890 		SOCKBUF_UNLOCK(&so->so_snd);
891 		if (nam && tp->t_state < TCPS_SYN_SENT) {
892 			/*
893 			 * Do implied connect if not yet connected,
894 			 * initialize window to default value, and
895 			 * initialize maxseg/maxopd using peer's cached
896 			 * MSS.
897 			 */
898 #ifdef INET6
899 			if (isipv6)
900 				error = tcp6_connect(tp, nam, td);
901 #endif /* INET6 */
902 #if defined(INET6) && defined(INET)
903 			else
904 #endif
905 #ifdef INET
906 				error = tcp_connect(tp, nam, td);
907 #endif
908 			if (error)
909 				goto out;
910 			tp->snd_wnd = TTCP_CLIENT_SND_WND;
911 			tcp_mss(tp, -1);
912 		}
913 		tp->snd_up = tp->snd_una + so->so_snd.sb_cc;
914 		tp->t_flags |= TF_FORCEDATA;
915 		error = tcp_output(tp);
916 		tp->t_flags &= ~TF_FORCEDATA;
917 	}
918 out:
919 	TCPDEBUG2((flags & PRUS_OOB) ? PRU_SENDOOB :
920 		  ((flags & PRUS_EOF) ? PRU_SEND_EOF : PRU_SEND));
921 	INP_WUNLOCK(inp);
922 	if (flags & PRUS_EOF)
923 		INP_INFO_WUNLOCK(&V_tcbinfo);
924 	return (error);
925 }
926 
927 /*
928  * Abort the TCP.  Drop the connection abruptly.
929  */
930 static void
931 tcp_usr_abort(struct socket *so)
932 {
933 	struct inpcb *inp;
934 	struct tcpcb *tp = NULL;
935 	TCPDEBUG0;
936 
937 	inp = sotoinpcb(so);
938 	KASSERT(inp != NULL, ("tcp_usr_abort: inp == NULL"));
939 
940 	INP_INFO_WLOCK(&V_tcbinfo);
941 	INP_WLOCK(inp);
942 	KASSERT(inp->inp_socket != NULL,
943 	    ("tcp_usr_abort: inp_socket == NULL"));
944 
945 	/*
946 	 * If we still have full TCP state, and we're not dropped, drop.
947 	 */
948 	if (!(inp->inp_flags & INP_TIMEWAIT) &&
949 	    !(inp->inp_flags & INP_DROPPED)) {
950 		tp = intotcpcb(inp);
951 		TCPDEBUG1();
952 		tcp_drop(tp, ECONNABORTED);
953 		TCPDEBUG2(PRU_ABORT);
954 	}
955 	if (!(inp->inp_flags & INP_DROPPED)) {
956 		SOCK_LOCK(so);
957 		so->so_state |= SS_PROTOREF;
958 		SOCK_UNLOCK(so);
959 		inp->inp_flags |= INP_SOCKREF;
960 	}
961 	INP_WUNLOCK(inp);
962 	INP_INFO_WUNLOCK(&V_tcbinfo);
963 }
964 
965 /*
966  * TCP socket is closed.  Start friendly disconnect.
967  */
968 static void
969 tcp_usr_close(struct socket *so)
970 {
971 	struct inpcb *inp;
972 	struct tcpcb *tp = NULL;
973 	TCPDEBUG0;
974 
975 	inp = sotoinpcb(so);
976 	KASSERT(inp != NULL, ("tcp_usr_close: inp == NULL"));
977 
978 	INP_INFO_WLOCK(&V_tcbinfo);
979 	INP_WLOCK(inp);
980 	KASSERT(inp->inp_socket != NULL,
981 	    ("tcp_usr_close: inp_socket == NULL"));
982 
983 	/*
984 	 * If we still have full TCP state, and we're not dropped, initiate
985 	 * a disconnect.
986 	 */
987 	if (!(inp->inp_flags & INP_TIMEWAIT) &&
988 	    !(inp->inp_flags & INP_DROPPED)) {
989 		tp = intotcpcb(inp);
990 		TCPDEBUG1();
991 		tcp_disconnect(tp);
992 		TCPDEBUG2(PRU_CLOSE);
993 	}
994 	if (!(inp->inp_flags & INP_DROPPED)) {
995 		SOCK_LOCK(so);
996 		so->so_state |= SS_PROTOREF;
997 		SOCK_UNLOCK(so);
998 		inp->inp_flags |= INP_SOCKREF;
999 	}
1000 	INP_WUNLOCK(inp);
1001 	INP_INFO_WUNLOCK(&V_tcbinfo);
1002 }
1003 
1004 /*
1005  * Receive out-of-band data.
1006  */
1007 static int
1008 tcp_usr_rcvoob(struct socket *so, struct mbuf *m, int flags)
1009 {
1010 	int error = 0;
1011 	struct inpcb *inp;
1012 	struct tcpcb *tp = NULL;
1013 
1014 	TCPDEBUG0;
1015 	inp = sotoinpcb(so);
1016 	KASSERT(inp != NULL, ("tcp_usr_rcvoob: inp == NULL"));
1017 	INP_WLOCK(inp);
1018 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
1019 		error = ECONNRESET;
1020 		goto out;
1021 	}
1022 	tp = intotcpcb(inp);
1023 	TCPDEBUG1();
1024 	if ((so->so_oobmark == 0 &&
1025 	     (so->so_rcv.sb_state & SBS_RCVATMARK) == 0) ||
1026 	    so->so_options & SO_OOBINLINE ||
1027 	    tp->t_oobflags & TCPOOB_HADDATA) {
1028 		error = EINVAL;
1029 		goto out;
1030 	}
1031 	if ((tp->t_oobflags & TCPOOB_HAVEDATA) == 0) {
1032 		error = EWOULDBLOCK;
1033 		goto out;
1034 	}
1035 	m->m_len = 1;
1036 	*mtod(m, caddr_t) = tp->t_iobc;
1037 	if ((flags & MSG_PEEK) == 0)
1038 		tp->t_oobflags ^= (TCPOOB_HAVEDATA | TCPOOB_HADDATA);
1039 
1040 out:
1041 	TCPDEBUG2(PRU_RCVOOB);
1042 	INP_WUNLOCK(inp);
1043 	return (error);
1044 }
1045 
1046 #ifdef INET
1047 struct pr_usrreqs tcp_usrreqs = {
1048 	.pru_abort =		tcp_usr_abort,
1049 	.pru_accept =		tcp_usr_accept,
1050 	.pru_attach =		tcp_usr_attach,
1051 	.pru_bind =		tcp_usr_bind,
1052 	.pru_connect =		tcp_usr_connect,
1053 	.pru_control =		in_control,
1054 	.pru_detach =		tcp_usr_detach,
1055 	.pru_disconnect =	tcp_usr_disconnect,
1056 	.pru_listen =		tcp_usr_listen,
1057 	.pru_peeraddr =		in_getpeeraddr,
1058 	.pru_rcvd =		tcp_usr_rcvd,
1059 	.pru_rcvoob =		tcp_usr_rcvoob,
1060 	.pru_send =		tcp_usr_send,
1061 	.pru_shutdown =		tcp_usr_shutdown,
1062 	.pru_sockaddr =		in_getsockaddr,
1063 	.pru_sosetlabel =	in_pcbsosetlabel,
1064 	.pru_close =		tcp_usr_close,
1065 };
1066 #endif /* INET */
1067 
1068 #ifdef INET6
1069 struct pr_usrreqs tcp6_usrreqs = {
1070 	.pru_abort =		tcp_usr_abort,
1071 	.pru_accept =		tcp6_usr_accept,
1072 	.pru_attach =		tcp_usr_attach,
1073 	.pru_bind =		tcp6_usr_bind,
1074 	.pru_connect =		tcp6_usr_connect,
1075 	.pru_control =		in6_control,
1076 	.pru_detach =		tcp_usr_detach,
1077 	.pru_disconnect =	tcp_usr_disconnect,
1078 	.pru_listen =		tcp6_usr_listen,
1079 	.pru_peeraddr =		in6_mapped_peeraddr,
1080 	.pru_rcvd =		tcp_usr_rcvd,
1081 	.pru_rcvoob =		tcp_usr_rcvoob,
1082 	.pru_send =		tcp_usr_send,
1083 	.pru_shutdown =		tcp_usr_shutdown,
1084 	.pru_sockaddr =		in6_mapped_sockaddr,
1085 	.pru_sosetlabel =	in_pcbsosetlabel,
1086 	.pru_close =		tcp_usr_close,
1087 };
1088 #endif /* INET6 */
1089 
1090 #ifdef INET
1091 /*
1092  * Common subroutine to open a TCP connection to remote host specified
1093  * by struct sockaddr_in in mbuf *nam.  Call in_pcbbind to assign a local
1094  * port number if needed.  Call in_pcbconnect_setup to do the routing and
1095  * to choose a local host address (interface).  If there is an existing
1096  * incarnation of the same connection in TIME-WAIT state and if the remote
1097  * host was sending CC options and if the connection duration was < MSL, then
1098  * truncate the previous TIME-WAIT state and proceed.
1099  * Initialize connection parameters and enter SYN-SENT state.
1100  */
1101 static int
1102 tcp_connect(struct tcpcb *tp, struct sockaddr *nam, struct thread *td)
1103 {
1104 	struct inpcb *inp = tp->t_inpcb, *oinp;
1105 	struct socket *so = inp->inp_socket;
1106 	struct in_addr laddr;
1107 	u_short lport;
1108 	int error;
1109 
1110 	INP_WLOCK_ASSERT(inp);
1111 	INP_HASH_WLOCK(&V_tcbinfo);
1112 
1113 	if (inp->inp_lport == 0) {
1114 		error = in_pcbbind(inp, (struct sockaddr *)0, td->td_ucred);
1115 		if (error)
1116 			goto out;
1117 	}
1118 
1119 	/*
1120 	 * Cannot simply call in_pcbconnect, because there might be an
1121 	 * earlier incarnation of this same connection still in
1122 	 * TIME_WAIT state, creating an ADDRINUSE error.
1123 	 */
1124 	laddr = inp->inp_laddr;
1125 	lport = inp->inp_lport;
1126 	error = in_pcbconnect_setup(inp, nam, &laddr.s_addr, &lport,
1127 	    &inp->inp_faddr.s_addr, &inp->inp_fport, &oinp, td->td_ucred);
1128 	if (error && oinp == NULL)
1129 		goto out;
1130 	if (oinp) {
1131 		error = EADDRINUSE;
1132 		goto out;
1133 	}
1134 	inp->inp_laddr = laddr;
1135 	in_pcbrehash(inp);
1136 	INP_HASH_WUNLOCK(&V_tcbinfo);
1137 
1138 	/*
1139 	 * Compute window scaling to request:
1140 	 * Scale to fit into sweet spot.  See tcp_syncache.c.
1141 	 * XXX: This should move to tcp_output().
1142 	 */
1143 	while (tp->request_r_scale < TCP_MAX_WINSHIFT &&
1144 	    (TCP_MAXWIN << tp->request_r_scale) < sb_max)
1145 		tp->request_r_scale++;
1146 
1147 	soisconnecting(so);
1148 	TCPSTAT_INC(tcps_connattempt);
1149 	tp->t_state = TCPS_SYN_SENT;
1150 	tp->iss = tcp_new_isn(tp);
1151 	tcp_sendseqinit(tp);
1152 
1153 	return 0;
1154 
1155 out:
1156 	INP_HASH_WUNLOCK(&V_tcbinfo);
1157 	return (error);
1158 }
1159 #endif /* INET */
1160 
1161 #ifdef INET6
1162 static int
1163 tcp6_connect(struct tcpcb *tp, struct sockaddr *nam, struct thread *td)
1164 {
1165 	struct inpcb *inp = tp->t_inpcb, *oinp;
1166 	struct socket *so = inp->inp_socket;
1167 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)nam;
1168 	struct in6_addr addr6;
1169 	int error;
1170 
1171 	INP_WLOCK_ASSERT(inp);
1172 	INP_HASH_WLOCK(&V_tcbinfo);
1173 
1174 	if (inp->inp_lport == 0) {
1175 		error = in6_pcbbind(inp, (struct sockaddr *)0, td->td_ucred);
1176 		if (error)
1177 			goto out;
1178 	}
1179 
1180 	/*
1181 	 * Cannot simply call in_pcbconnect, because there might be an
1182 	 * earlier incarnation of this same connection still in
1183 	 * TIME_WAIT state, creating an ADDRINUSE error.
1184 	 * in6_pcbladdr() also handles scope zone IDs.
1185 	 *
1186 	 * XXXRW: We wouldn't need to expose in6_pcblookup_hash_locked()
1187 	 * outside of in6_pcb.c if there were an in6_pcbconnect_setup().
1188 	 */
1189 	error = in6_pcbladdr(inp, nam, &addr6);
1190 	if (error)
1191 		goto out;
1192 	oinp = in6_pcblookup_hash_locked(inp->inp_pcbinfo,
1193 				  &sin6->sin6_addr, sin6->sin6_port,
1194 				  IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)
1195 				  ? &addr6
1196 				  : &inp->in6p_laddr,
1197 				  inp->inp_lport,  0, NULL);
1198 	if (oinp) {
1199 		error = EADDRINUSE;
1200 		goto out;
1201 	}
1202 	if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr))
1203 		inp->in6p_laddr = addr6;
1204 	inp->in6p_faddr = sin6->sin6_addr;
1205 	inp->inp_fport = sin6->sin6_port;
1206 	/* update flowinfo - draft-itojun-ipv6-flowlabel-api-00 */
1207 	inp->inp_flow &= ~IPV6_FLOWLABEL_MASK;
1208 	if (inp->inp_flags & IN6P_AUTOFLOWLABEL)
1209 		inp->inp_flow |=
1210 		    (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK);
1211 	in_pcbrehash(inp);
1212 	INP_HASH_WUNLOCK(&V_tcbinfo);
1213 
1214 	/* Compute window scaling to request.  */
1215 	while (tp->request_r_scale < TCP_MAX_WINSHIFT &&
1216 	    (TCP_MAXWIN << tp->request_r_scale) < sb_max)
1217 		tp->request_r_scale++;
1218 
1219 	soisconnecting(so);
1220 	TCPSTAT_INC(tcps_connattempt);
1221 	tp->t_state = TCPS_SYN_SENT;
1222 	tp->iss = tcp_new_isn(tp);
1223 	tcp_sendseqinit(tp);
1224 
1225 	return 0;
1226 
1227 out:
1228 	INP_HASH_WUNLOCK(&V_tcbinfo);
1229 	return error;
1230 }
1231 #endif /* INET6 */
1232 
1233 /*
1234  * Export TCP internal state information via a struct tcp_info, based on the
1235  * Linux 2.6 API.  Not ABI compatible as our constants are mapped differently
1236  * (TCP state machine, etc).  We export all information using FreeBSD-native
1237  * constants -- for example, the numeric values for tcpi_state will differ
1238  * from Linux.
1239  */
1240 static void
1241 tcp_fill_info(struct tcpcb *tp, struct tcp_info *ti)
1242 {
1243 
1244 	INP_WLOCK_ASSERT(tp->t_inpcb);
1245 	bzero(ti, sizeof(*ti));
1246 
1247 	ti->tcpi_state = tp->t_state;
1248 	if ((tp->t_flags & TF_REQ_TSTMP) && (tp->t_flags & TF_RCVD_TSTMP))
1249 		ti->tcpi_options |= TCPI_OPT_TIMESTAMPS;
1250 	if (tp->t_flags & TF_SACK_PERMIT)
1251 		ti->tcpi_options |= TCPI_OPT_SACK;
1252 	if ((tp->t_flags & TF_REQ_SCALE) && (tp->t_flags & TF_RCVD_SCALE)) {
1253 		ti->tcpi_options |= TCPI_OPT_WSCALE;
1254 		ti->tcpi_snd_wscale = tp->snd_scale;
1255 		ti->tcpi_rcv_wscale = tp->rcv_scale;
1256 	}
1257 
1258 	ti->tcpi_rto = tp->t_rxtcur * tick;
1259 	ti->tcpi_last_data_recv = (long)(ticks - (int)tp->t_rcvtime) * tick;
1260 	ti->tcpi_rtt = ((u_int64_t)tp->t_srtt * tick) >> TCP_RTT_SHIFT;
1261 	ti->tcpi_rttvar = ((u_int64_t)tp->t_rttvar * tick) >> TCP_RTTVAR_SHIFT;
1262 
1263 	ti->tcpi_snd_ssthresh = tp->snd_ssthresh;
1264 	ti->tcpi_snd_cwnd = tp->snd_cwnd;
1265 
1266 	/*
1267 	 * FreeBSD-specific extension fields for tcp_info.
1268 	 */
1269 	ti->tcpi_rcv_space = tp->rcv_wnd;
1270 	ti->tcpi_rcv_nxt = tp->rcv_nxt;
1271 	ti->tcpi_snd_wnd = tp->snd_wnd;
1272 	ti->tcpi_snd_bwnd = 0;		/* Unused, kept for compat. */
1273 	ti->tcpi_snd_nxt = tp->snd_nxt;
1274 	ti->tcpi_snd_mss = tp->t_maxseg;
1275 	ti->tcpi_rcv_mss = tp->t_maxseg;
1276 	if (tp->t_flags & TF_TOE)
1277 		ti->tcpi_options |= TCPI_OPT_TOE;
1278 	ti->tcpi_snd_rexmitpack = tp->t_sndrexmitpack;
1279 	ti->tcpi_rcv_ooopack = tp->t_rcvoopack;
1280 	ti->tcpi_snd_zerowin = tp->t_sndzerowin;
1281 }
1282 
1283 /*
1284  * tcp_ctloutput() must drop the inpcb lock before performing copyin on
1285  * socket option arguments.  When it re-acquires the lock after the copy, it
1286  * has to revalidate that the connection is still valid for the socket
1287  * option.
1288  */
1289 #define INP_WLOCK_RECHECK(inp) do {					\
1290 	INP_WLOCK(inp);							\
1291 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {		\
1292 		INP_WUNLOCK(inp);					\
1293 		return (ECONNRESET);					\
1294 	}								\
1295 	tp = intotcpcb(inp);						\
1296 } while(0)
1297 
1298 int
1299 tcp_ctloutput(struct socket *so, struct sockopt *sopt)
1300 {
1301 	int	error, opt, optval;
1302 	u_int	ui;
1303 	struct	inpcb *inp;
1304 	struct	tcpcb *tp;
1305 	struct	tcp_info ti;
1306 	char buf[TCP_CA_NAME_MAX];
1307 	struct cc_algo *algo;
1308 
1309 	error = 0;
1310 	inp = sotoinpcb(so);
1311 	KASSERT(inp != NULL, ("tcp_ctloutput: inp == NULL"));
1312 	INP_WLOCK(inp);
1313 	if (sopt->sopt_level != IPPROTO_TCP) {
1314 #ifdef INET6
1315 		if (inp->inp_vflag & INP_IPV6PROTO) {
1316 			INP_WUNLOCK(inp);
1317 			error = ip6_ctloutput(so, sopt);
1318 		}
1319 #endif /* INET6 */
1320 #if defined(INET6) && defined(INET)
1321 		else
1322 #endif
1323 #ifdef INET
1324 		{
1325 			INP_WUNLOCK(inp);
1326 			error = ip_ctloutput(so, sopt);
1327 		}
1328 #endif
1329 		return (error);
1330 	}
1331 	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
1332 		INP_WUNLOCK(inp);
1333 		return (ECONNRESET);
1334 	}
1335 
1336 	switch (sopt->sopt_dir) {
1337 	case SOPT_SET:
1338 		switch (sopt->sopt_name) {
1339 #ifdef TCP_SIGNATURE
1340 		case TCP_MD5SIG:
1341 			INP_WUNLOCK(inp);
1342 			error = sooptcopyin(sopt, &optval, sizeof optval,
1343 			    sizeof optval);
1344 			if (error)
1345 				return (error);
1346 
1347 			INP_WLOCK_RECHECK(inp);
1348 			if (optval > 0)
1349 				tp->t_flags |= TF_SIGNATURE;
1350 			else
1351 				tp->t_flags &= ~TF_SIGNATURE;
1352 			goto unlock_and_done;
1353 #endif /* TCP_SIGNATURE */
1354 
1355 		case TCP_NODELAY:
1356 		case TCP_NOOPT:
1357 			INP_WUNLOCK(inp);
1358 			error = sooptcopyin(sopt, &optval, sizeof optval,
1359 			    sizeof optval);
1360 			if (error)
1361 				return (error);
1362 
1363 			INP_WLOCK_RECHECK(inp);
1364 			switch (sopt->sopt_name) {
1365 			case TCP_NODELAY:
1366 				opt = TF_NODELAY;
1367 				break;
1368 			case TCP_NOOPT:
1369 				opt = TF_NOOPT;
1370 				break;
1371 			default:
1372 				opt = 0; /* dead code to fool gcc */
1373 				break;
1374 			}
1375 
1376 			if (optval)
1377 				tp->t_flags |= opt;
1378 			else
1379 				tp->t_flags &= ~opt;
1380 unlock_and_done:
1381 #ifdef TCP_OFFLOAD
1382 			if (tp->t_flags & TF_TOE) {
1383 				tcp_offload_ctloutput(tp, sopt->sopt_dir,
1384 				    sopt->sopt_name);
1385 			}
1386 #endif
1387 			INP_WUNLOCK(inp);
1388 			break;
1389 
1390 		case TCP_NOPUSH:
1391 			INP_WUNLOCK(inp);
1392 			error = sooptcopyin(sopt, &optval, sizeof optval,
1393 			    sizeof optval);
1394 			if (error)
1395 				return (error);
1396 
1397 			INP_WLOCK_RECHECK(inp);
1398 			if (optval)
1399 				tp->t_flags |= TF_NOPUSH;
1400 			else if (tp->t_flags & TF_NOPUSH) {
1401 				tp->t_flags &= ~TF_NOPUSH;
1402 				if (TCPS_HAVEESTABLISHED(tp->t_state))
1403 					error = tcp_output(tp);
1404 			}
1405 			goto unlock_and_done;
1406 
1407 		case TCP_MAXSEG:
1408 			INP_WUNLOCK(inp);
1409 			error = sooptcopyin(sopt, &optval, sizeof optval,
1410 			    sizeof optval);
1411 			if (error)
1412 				return (error);
1413 
1414 			INP_WLOCK_RECHECK(inp);
1415 			if (optval > 0 && optval <= tp->t_maxseg &&
1416 			    optval + 40 >= V_tcp_minmss)
1417 				tp->t_maxseg = optval;
1418 			else
1419 				error = EINVAL;
1420 			goto unlock_and_done;
1421 
1422 		case TCP_INFO:
1423 			INP_WUNLOCK(inp);
1424 			error = EINVAL;
1425 			break;
1426 
1427 		case TCP_CONGESTION:
1428 			INP_WUNLOCK(inp);
1429 			bzero(buf, sizeof(buf));
1430 			error = sooptcopyin(sopt, &buf, sizeof(buf), 1);
1431 			if (error)
1432 				break;
1433 			INP_WLOCK_RECHECK(inp);
1434 			/*
1435 			 * Return EINVAL if we can't find the requested cc algo.
1436 			 */
1437 			error = EINVAL;
1438 			CC_LIST_RLOCK();
1439 			STAILQ_FOREACH(algo, &cc_list, entries) {
1440 				if (strncmp(buf, algo->name, TCP_CA_NAME_MAX)
1441 				    == 0) {
1442 					/* We've found the requested algo. */
1443 					error = 0;
1444 					/*
1445 					 * We hold a write lock over the tcb
1446 					 * so it's safe to do these things
1447 					 * without ordering concerns.
1448 					 */
1449 					if (CC_ALGO(tp)->cb_destroy != NULL)
1450 						CC_ALGO(tp)->cb_destroy(tp->ccv);
1451 					CC_ALGO(tp) = algo;
1452 					/*
1453 					 * If something goes pear shaped
1454 					 * initialising the new algo,
1455 					 * fall back to newreno (which
1456 					 * does not require initialisation).
1457 					 */
1458 					if (algo->cb_init != NULL)
1459 						if (algo->cb_init(tp->ccv) > 0) {
1460 							CC_ALGO(tp) = &newreno_cc_algo;
1461 							/*
1462 							 * The only reason init
1463 							 * should fail is
1464 							 * because of malloc.
1465 							 */
1466 							error = ENOMEM;
1467 						}
1468 					break; /* Break the STAILQ_FOREACH. */
1469 				}
1470 			}
1471 			CC_LIST_RUNLOCK();
1472 			goto unlock_and_done;
1473 
1474 		case TCP_KEEPIDLE:
1475 		case TCP_KEEPINTVL:
1476 		case TCP_KEEPINIT:
1477 			INP_WUNLOCK(inp);
1478 			error = sooptcopyin(sopt, &ui, sizeof(ui), sizeof(ui));
1479 			if (error)
1480 				return (error);
1481 
1482 			if (ui > (UINT_MAX / hz)) {
1483 				error = EINVAL;
1484 				break;
1485 			}
1486 			ui *= hz;
1487 
1488 			INP_WLOCK_RECHECK(inp);
1489 			switch (sopt->sopt_name) {
1490 			case TCP_KEEPIDLE:
1491 				tp->t_keepidle = ui;
1492 				/*
1493 				 * XXX: better check current remaining
1494 				 * timeout and "merge" it with new value.
1495 				 */
1496 				if ((tp->t_state > TCPS_LISTEN) &&
1497 				    (tp->t_state <= TCPS_CLOSING))
1498 					tcp_timer_activate(tp, TT_KEEP,
1499 					    TP_KEEPIDLE(tp));
1500 				break;
1501 			case TCP_KEEPINTVL:
1502 				tp->t_keepintvl = ui;
1503 				if ((tp->t_state == TCPS_FIN_WAIT_2) &&
1504 				    (TP_MAXIDLE(tp) > 0))
1505 					tcp_timer_activate(tp, TT_2MSL,
1506 					    TP_MAXIDLE(tp));
1507 				break;
1508 			case TCP_KEEPINIT:
1509 				tp->t_keepinit = ui;
1510 				if (tp->t_state == TCPS_SYN_RECEIVED ||
1511 				    tp->t_state == TCPS_SYN_SENT)
1512 					tcp_timer_activate(tp, TT_KEEP,
1513 					    TP_KEEPINIT(tp));
1514 				break;
1515 			}
1516 			goto unlock_and_done;
1517 
1518 		case TCP_KEEPCNT:
1519 			INP_WUNLOCK(inp);
1520 			error = sooptcopyin(sopt, &ui, sizeof(ui), sizeof(ui));
1521 			if (error)
1522 				return (error);
1523 
1524 			INP_WLOCK_RECHECK(inp);
1525 			tp->t_keepcnt = ui;
1526 			if ((tp->t_state == TCPS_FIN_WAIT_2) &&
1527 			    (TP_MAXIDLE(tp) > 0))
1528 				tcp_timer_activate(tp, TT_2MSL,
1529 				    TP_MAXIDLE(tp));
1530 			goto unlock_and_done;
1531 
1532 		default:
1533 			INP_WUNLOCK(inp);
1534 			error = ENOPROTOOPT;
1535 			break;
1536 		}
1537 		break;
1538 
1539 	case SOPT_GET:
1540 		tp = intotcpcb(inp);
1541 		switch (sopt->sopt_name) {
1542 #ifdef TCP_SIGNATURE
1543 		case TCP_MD5SIG:
1544 			optval = (tp->t_flags & TF_SIGNATURE) ? 1 : 0;
1545 			INP_WUNLOCK(inp);
1546 			error = sooptcopyout(sopt, &optval, sizeof optval);
1547 			break;
1548 #endif
1549 
1550 		case TCP_NODELAY:
1551 			optval = tp->t_flags & TF_NODELAY;
1552 			INP_WUNLOCK(inp);
1553 			error = sooptcopyout(sopt, &optval, sizeof optval);
1554 			break;
1555 		case TCP_MAXSEG:
1556 			optval = tp->t_maxseg;
1557 			INP_WUNLOCK(inp);
1558 			error = sooptcopyout(sopt, &optval, sizeof optval);
1559 			break;
1560 		case TCP_NOOPT:
1561 			optval = tp->t_flags & TF_NOOPT;
1562 			INP_WUNLOCK(inp);
1563 			error = sooptcopyout(sopt, &optval, sizeof optval);
1564 			break;
1565 		case TCP_NOPUSH:
1566 			optval = tp->t_flags & TF_NOPUSH;
1567 			INP_WUNLOCK(inp);
1568 			error = sooptcopyout(sopt, &optval, sizeof optval);
1569 			break;
1570 		case TCP_INFO:
1571 			tcp_fill_info(tp, &ti);
1572 			INP_WUNLOCK(inp);
1573 			error = sooptcopyout(sopt, &ti, sizeof ti);
1574 			break;
1575 		case TCP_CONGESTION:
1576 			bzero(buf, sizeof(buf));
1577 			strlcpy(buf, CC_ALGO(tp)->name, TCP_CA_NAME_MAX);
1578 			INP_WUNLOCK(inp);
1579 			error = sooptcopyout(sopt, buf, TCP_CA_NAME_MAX);
1580 			break;
1581 		default:
1582 			INP_WUNLOCK(inp);
1583 			error = ENOPROTOOPT;
1584 			break;
1585 		}
1586 		break;
1587 	}
1588 	return (error);
1589 }
1590 #undef INP_WLOCK_RECHECK
1591 
1592 /*
1593  * Attach TCP protocol to socket, allocating
1594  * internet protocol control block, tcp control block,
1595  * bufer space, and entering LISTEN state if to accept connections.
1596  */
1597 static int
1598 tcp_attach(struct socket *so)
1599 {
1600 	struct tcpcb *tp;
1601 	struct inpcb *inp;
1602 	int error;
1603 
1604 	if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
1605 		error = soreserve(so, V_tcp_sendspace, V_tcp_recvspace);
1606 		if (error)
1607 			return (error);
1608 	}
1609 	so->so_rcv.sb_flags |= SB_AUTOSIZE;
1610 	so->so_snd.sb_flags |= SB_AUTOSIZE;
1611 	INP_INFO_WLOCK(&V_tcbinfo);
1612 	error = in_pcballoc(so, &V_tcbinfo);
1613 	if (error) {
1614 		INP_INFO_WUNLOCK(&V_tcbinfo);
1615 		return (error);
1616 	}
1617 	inp = sotoinpcb(so);
1618 #ifdef INET6
1619 	if (inp->inp_vflag & INP_IPV6PROTO) {
1620 		inp->inp_vflag |= INP_IPV6;
1621 		inp->in6p_hops = -1;	/* use kernel default */
1622 	}
1623 	else
1624 #endif
1625 	inp->inp_vflag |= INP_IPV4;
1626 	tp = tcp_newtcpcb(inp);
1627 	if (tp == NULL) {
1628 		in_pcbdetach(inp);
1629 		in_pcbfree(inp);
1630 		INP_INFO_WUNLOCK(&V_tcbinfo);
1631 		return (ENOBUFS);
1632 	}
1633 	tp->t_state = TCPS_CLOSED;
1634 	INP_WUNLOCK(inp);
1635 	INP_INFO_WUNLOCK(&V_tcbinfo);
1636 	return (0);
1637 }
1638 
1639 /*
1640  * Initiate (or continue) disconnect.
1641  * If embryonic state, just send reset (once).
1642  * If in ``let data drain'' option and linger null, just drop.
1643  * Otherwise (hard), mark socket disconnecting and drop
1644  * current input data; switch states based on user close, and
1645  * send segment to peer (with FIN).
1646  */
1647 static void
1648 tcp_disconnect(struct tcpcb *tp)
1649 {
1650 	struct inpcb *inp = tp->t_inpcb;
1651 	struct socket *so = inp->inp_socket;
1652 
1653 	INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
1654 	INP_WLOCK_ASSERT(inp);
1655 
1656 	/*
1657 	 * Neither tcp_close() nor tcp_drop() should return NULL, as the
1658 	 * socket is still open.
1659 	 */
1660 	if (tp->t_state < TCPS_ESTABLISHED) {
1661 		tp = tcp_close(tp);
1662 		KASSERT(tp != NULL,
1663 		    ("tcp_disconnect: tcp_close() returned NULL"));
1664 	} else if ((so->so_options & SO_LINGER) && so->so_linger == 0) {
1665 		tp = tcp_drop(tp, 0);
1666 		KASSERT(tp != NULL,
1667 		    ("tcp_disconnect: tcp_drop() returned NULL"));
1668 	} else {
1669 		soisdisconnecting(so);
1670 		sbflush(&so->so_rcv);
1671 		tcp_usrclosed(tp);
1672 		if (!(inp->inp_flags & INP_DROPPED))
1673 			tcp_output(tp);
1674 	}
1675 }
1676 
1677 /*
1678  * User issued close, and wish to trail through shutdown states:
1679  * if never received SYN, just forget it.  If got a SYN from peer,
1680  * but haven't sent FIN, then go to FIN_WAIT_1 state to send peer a FIN.
1681  * If already got a FIN from peer, then almost done; go to LAST_ACK
1682  * state.  In all other cases, have already sent FIN to peer (e.g.
1683  * after PRU_SHUTDOWN), and just have to play tedious game waiting
1684  * for peer to send FIN or not respond to keep-alives, etc.
1685  * We can let the user exit from the close as soon as the FIN is acked.
1686  */
1687 static void
1688 tcp_usrclosed(struct tcpcb *tp)
1689 {
1690 
1691 	INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
1692 	INP_WLOCK_ASSERT(tp->t_inpcb);
1693 
1694 	switch (tp->t_state) {
1695 	case TCPS_LISTEN:
1696 #ifdef TCP_OFFLOAD
1697 		tcp_offload_listen_stop(tp);
1698 #endif
1699 		/* FALLTHROUGH */
1700 	case TCPS_CLOSED:
1701 		tp->t_state = TCPS_CLOSED;
1702 		tp = tcp_close(tp);
1703 		/*
1704 		 * tcp_close() should never return NULL here as the socket is
1705 		 * still open.
1706 		 */
1707 		KASSERT(tp != NULL,
1708 		    ("tcp_usrclosed: tcp_close() returned NULL"));
1709 		break;
1710 
1711 	case TCPS_SYN_SENT:
1712 	case TCPS_SYN_RECEIVED:
1713 		tp->t_flags |= TF_NEEDFIN;
1714 		break;
1715 
1716 	case TCPS_ESTABLISHED:
1717 		tp->t_state = TCPS_FIN_WAIT_1;
1718 		break;
1719 
1720 	case TCPS_CLOSE_WAIT:
1721 		tp->t_state = TCPS_LAST_ACK;
1722 		break;
1723 	}
1724 	if (tp->t_state >= TCPS_FIN_WAIT_2) {
1725 		soisdisconnected(tp->t_inpcb->inp_socket);
1726 		/* Prevent the connection hanging in FIN_WAIT_2 forever. */
1727 		if (tp->t_state == TCPS_FIN_WAIT_2) {
1728 			int timeout;
1729 
1730 			timeout = (tcp_fast_finwait2_recycle) ?
1731 			    tcp_finwait2_timeout : TP_MAXIDLE(tp);
1732 			tcp_timer_activate(tp, TT_2MSL, timeout);
1733 		}
1734 	}
1735 }
1736 
1737 #ifdef DDB
1738 static void
1739 db_print_indent(int indent)
1740 {
1741 	int i;
1742 
1743 	for (i = 0; i < indent; i++)
1744 		db_printf(" ");
1745 }
1746 
1747 static void
1748 db_print_tstate(int t_state)
1749 {
1750 
1751 	switch (t_state) {
1752 	case TCPS_CLOSED:
1753 		db_printf("TCPS_CLOSED");
1754 		return;
1755 
1756 	case TCPS_LISTEN:
1757 		db_printf("TCPS_LISTEN");
1758 		return;
1759 
1760 	case TCPS_SYN_SENT:
1761 		db_printf("TCPS_SYN_SENT");
1762 		return;
1763 
1764 	case TCPS_SYN_RECEIVED:
1765 		db_printf("TCPS_SYN_RECEIVED");
1766 		return;
1767 
1768 	case TCPS_ESTABLISHED:
1769 		db_printf("TCPS_ESTABLISHED");
1770 		return;
1771 
1772 	case TCPS_CLOSE_WAIT:
1773 		db_printf("TCPS_CLOSE_WAIT");
1774 		return;
1775 
1776 	case TCPS_FIN_WAIT_1:
1777 		db_printf("TCPS_FIN_WAIT_1");
1778 		return;
1779 
1780 	case TCPS_CLOSING:
1781 		db_printf("TCPS_CLOSING");
1782 		return;
1783 
1784 	case TCPS_LAST_ACK:
1785 		db_printf("TCPS_LAST_ACK");
1786 		return;
1787 
1788 	case TCPS_FIN_WAIT_2:
1789 		db_printf("TCPS_FIN_WAIT_2");
1790 		return;
1791 
1792 	case TCPS_TIME_WAIT:
1793 		db_printf("TCPS_TIME_WAIT");
1794 		return;
1795 
1796 	default:
1797 		db_printf("unknown");
1798 		return;
1799 	}
1800 }
1801 
1802 static void
1803 db_print_tflags(u_int t_flags)
1804 {
1805 	int comma;
1806 
1807 	comma = 0;
1808 	if (t_flags & TF_ACKNOW) {
1809 		db_printf("%sTF_ACKNOW", comma ? ", " : "");
1810 		comma = 1;
1811 	}
1812 	if (t_flags & TF_DELACK) {
1813 		db_printf("%sTF_DELACK", comma ? ", " : "");
1814 		comma = 1;
1815 	}
1816 	if (t_flags & TF_NODELAY) {
1817 		db_printf("%sTF_NODELAY", comma ? ", " : "");
1818 		comma = 1;
1819 	}
1820 	if (t_flags & TF_NOOPT) {
1821 		db_printf("%sTF_NOOPT", comma ? ", " : "");
1822 		comma = 1;
1823 	}
1824 	if (t_flags & TF_SENTFIN) {
1825 		db_printf("%sTF_SENTFIN", comma ? ", " : "");
1826 		comma = 1;
1827 	}
1828 	if (t_flags & TF_REQ_SCALE) {
1829 		db_printf("%sTF_REQ_SCALE", comma ? ", " : "");
1830 		comma = 1;
1831 	}
1832 	if (t_flags & TF_RCVD_SCALE) {
1833 		db_printf("%sTF_RECVD_SCALE", comma ? ", " : "");
1834 		comma = 1;
1835 	}
1836 	if (t_flags & TF_REQ_TSTMP) {
1837 		db_printf("%sTF_REQ_TSTMP", comma ? ", " : "");
1838 		comma = 1;
1839 	}
1840 	if (t_flags & TF_RCVD_TSTMP) {
1841 		db_printf("%sTF_RCVD_TSTMP", comma ? ", " : "");
1842 		comma = 1;
1843 	}
1844 	if (t_flags & TF_SACK_PERMIT) {
1845 		db_printf("%sTF_SACK_PERMIT", comma ? ", " : "");
1846 		comma = 1;
1847 	}
1848 	if (t_flags & TF_NEEDSYN) {
1849 		db_printf("%sTF_NEEDSYN", comma ? ", " : "");
1850 		comma = 1;
1851 	}
1852 	if (t_flags & TF_NEEDFIN) {
1853 		db_printf("%sTF_NEEDFIN", comma ? ", " : "");
1854 		comma = 1;
1855 	}
1856 	if (t_flags & TF_NOPUSH) {
1857 		db_printf("%sTF_NOPUSH", comma ? ", " : "");
1858 		comma = 1;
1859 	}
1860 	if (t_flags & TF_MORETOCOME) {
1861 		db_printf("%sTF_MORETOCOME", comma ? ", " : "");
1862 		comma = 1;
1863 	}
1864 	if (t_flags & TF_LQ_OVERFLOW) {
1865 		db_printf("%sTF_LQ_OVERFLOW", comma ? ", " : "");
1866 		comma = 1;
1867 	}
1868 	if (t_flags & TF_LASTIDLE) {
1869 		db_printf("%sTF_LASTIDLE", comma ? ", " : "");
1870 		comma = 1;
1871 	}
1872 	if (t_flags & TF_RXWIN0SENT) {
1873 		db_printf("%sTF_RXWIN0SENT", comma ? ", " : "");
1874 		comma = 1;
1875 	}
1876 	if (t_flags & TF_FASTRECOVERY) {
1877 		db_printf("%sTF_FASTRECOVERY", comma ? ", " : "");
1878 		comma = 1;
1879 	}
1880 	if (t_flags & TF_CONGRECOVERY) {
1881 		db_printf("%sTF_CONGRECOVERY", comma ? ", " : "");
1882 		comma = 1;
1883 	}
1884 	if (t_flags & TF_WASFRECOVERY) {
1885 		db_printf("%sTF_WASFRECOVERY", comma ? ", " : "");
1886 		comma = 1;
1887 	}
1888 	if (t_flags & TF_SIGNATURE) {
1889 		db_printf("%sTF_SIGNATURE", comma ? ", " : "");
1890 		comma = 1;
1891 	}
1892 	if (t_flags & TF_FORCEDATA) {
1893 		db_printf("%sTF_FORCEDATA", comma ? ", " : "");
1894 		comma = 1;
1895 	}
1896 	if (t_flags & TF_TSO) {
1897 		db_printf("%sTF_TSO", comma ? ", " : "");
1898 		comma = 1;
1899 	}
1900 	if (t_flags & TF_ECN_PERMIT) {
1901 		db_printf("%sTF_ECN_PERMIT", comma ? ", " : "");
1902 		comma = 1;
1903 	}
1904 }
1905 
1906 static void
1907 db_print_toobflags(char t_oobflags)
1908 {
1909 	int comma;
1910 
1911 	comma = 0;
1912 	if (t_oobflags & TCPOOB_HAVEDATA) {
1913 		db_printf("%sTCPOOB_HAVEDATA", comma ? ", " : "");
1914 		comma = 1;
1915 	}
1916 	if (t_oobflags & TCPOOB_HADDATA) {
1917 		db_printf("%sTCPOOB_HADDATA", comma ? ", " : "");
1918 		comma = 1;
1919 	}
1920 }
1921 
1922 static void
1923 db_print_tcpcb(struct tcpcb *tp, const char *name, int indent)
1924 {
1925 
1926 	db_print_indent(indent);
1927 	db_printf("%s at %p\n", name, tp);
1928 
1929 	indent += 2;
1930 
1931 	db_print_indent(indent);
1932 	db_printf("t_segq first: %p   t_segqlen: %d   t_dupacks: %d\n",
1933 	   LIST_FIRST(&tp->t_segq), tp->t_segqlen, tp->t_dupacks);
1934 
1935 	db_print_indent(indent);
1936 	db_printf("tt_rexmt: %p   tt_persist: %p   tt_keep: %p\n",
1937 	    &tp->t_timers->tt_rexmt, &tp->t_timers->tt_persist, &tp->t_timers->tt_keep);
1938 
1939 	db_print_indent(indent);
1940 	db_printf("tt_2msl: %p   tt_delack: %p   t_inpcb: %p\n", &tp->t_timers->tt_2msl,
1941 	    &tp->t_timers->tt_delack, tp->t_inpcb);
1942 
1943 	db_print_indent(indent);
1944 	db_printf("t_state: %d (", tp->t_state);
1945 	db_print_tstate(tp->t_state);
1946 	db_printf(")\n");
1947 
1948 	db_print_indent(indent);
1949 	db_printf("t_flags: 0x%x (", tp->t_flags);
1950 	db_print_tflags(tp->t_flags);
1951 	db_printf(")\n");
1952 
1953 	db_print_indent(indent);
1954 	db_printf("snd_una: 0x%08x   snd_max: 0x%08x   snd_nxt: x0%08x\n",
1955 	    tp->snd_una, tp->snd_max, tp->snd_nxt);
1956 
1957 	db_print_indent(indent);
1958 	db_printf("snd_up: 0x%08x   snd_wl1: 0x%08x   snd_wl2: 0x%08x\n",
1959 	   tp->snd_up, tp->snd_wl1, tp->snd_wl2);
1960 
1961 	db_print_indent(indent);
1962 	db_printf("iss: 0x%08x   irs: 0x%08x   rcv_nxt: 0x%08x\n",
1963 	    tp->iss, tp->irs, tp->rcv_nxt);
1964 
1965 	db_print_indent(indent);
1966 	db_printf("rcv_adv: 0x%08x   rcv_wnd: %lu   rcv_up: 0x%08x\n",
1967 	    tp->rcv_adv, tp->rcv_wnd, tp->rcv_up);
1968 
1969 	db_print_indent(indent);
1970 	db_printf("snd_wnd: %lu   snd_cwnd: %lu\n",
1971 	   tp->snd_wnd, tp->snd_cwnd);
1972 
1973 	db_print_indent(indent);
1974 	db_printf("snd_ssthresh: %lu   snd_recover: "
1975 	    "0x%08x\n", tp->snd_ssthresh, tp->snd_recover);
1976 
1977 	db_print_indent(indent);
1978 	db_printf("t_maxopd: %u   t_rcvtime: %u   t_startime: %u\n",
1979 	    tp->t_maxopd, tp->t_rcvtime, tp->t_starttime);
1980 
1981 	db_print_indent(indent);
1982 	db_printf("t_rttime: %u   t_rtsq: 0x%08x\n",
1983 	    tp->t_rtttime, tp->t_rtseq);
1984 
1985 	db_print_indent(indent);
1986 	db_printf("t_rxtcur: %d   t_maxseg: %u   t_srtt: %d\n",
1987 	    tp->t_rxtcur, tp->t_maxseg, tp->t_srtt);
1988 
1989 	db_print_indent(indent);
1990 	db_printf("t_rttvar: %d   t_rxtshift: %d   t_rttmin: %u   "
1991 	    "t_rttbest: %u\n", tp->t_rttvar, tp->t_rxtshift, tp->t_rttmin,
1992 	    tp->t_rttbest);
1993 
1994 	db_print_indent(indent);
1995 	db_printf("t_rttupdated: %lu   max_sndwnd: %lu   t_softerror: %d\n",
1996 	    tp->t_rttupdated, tp->max_sndwnd, tp->t_softerror);
1997 
1998 	db_print_indent(indent);
1999 	db_printf("t_oobflags: 0x%x (", tp->t_oobflags);
2000 	db_print_toobflags(tp->t_oobflags);
2001 	db_printf(")   t_iobc: 0x%02x\n", tp->t_iobc);
2002 
2003 	db_print_indent(indent);
2004 	db_printf("snd_scale: %u   rcv_scale: %u   request_r_scale: %u\n",
2005 	    tp->snd_scale, tp->rcv_scale, tp->request_r_scale);
2006 
2007 	db_print_indent(indent);
2008 	db_printf("ts_recent: %u   ts_recent_age: %u\n",
2009 	    tp->ts_recent, tp->ts_recent_age);
2010 
2011 	db_print_indent(indent);
2012 	db_printf("ts_offset: %u   last_ack_sent: 0x%08x   snd_cwnd_prev: "
2013 	    "%lu\n", tp->ts_offset, tp->last_ack_sent, tp->snd_cwnd_prev);
2014 
2015 	db_print_indent(indent);
2016 	db_printf("snd_ssthresh_prev: %lu   snd_recover_prev: 0x%08x   "
2017 	    "t_badrxtwin: %u\n", tp->snd_ssthresh_prev,
2018 	    tp->snd_recover_prev, tp->t_badrxtwin);
2019 
2020 	db_print_indent(indent);
2021 	db_printf("snd_numholes: %d  snd_holes first: %p\n",
2022 	    tp->snd_numholes, TAILQ_FIRST(&tp->snd_holes));
2023 
2024 	db_print_indent(indent);
2025 	db_printf("snd_fack: 0x%08x   rcv_numsacks: %d   sack_newdata: "
2026 	    "0x%08x\n", tp->snd_fack, tp->rcv_numsacks, tp->sack_newdata);
2027 
2028 	/* Skip sackblks, sackhint. */
2029 
2030 	db_print_indent(indent);
2031 	db_printf("t_rttlow: %d   rfbuf_ts: %u   rfbuf_cnt: %d\n",
2032 	    tp->t_rttlow, tp->rfbuf_ts, tp->rfbuf_cnt);
2033 }
2034 
2035 DB_SHOW_COMMAND(tcpcb, db_show_tcpcb)
2036 {
2037 	struct tcpcb *tp;
2038 
2039 	if (!have_addr) {
2040 		db_printf("usage: show tcpcb <addr>\n");
2041 		return;
2042 	}
2043 	tp = (struct tcpcb *)addr;
2044 
2045 	db_print_tcpcb(tp, "tcpcb", 0);
2046 }
2047 #endif
2048