1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 * 26 * tcp.c, Code implementing the TCP protocol. 27 */ 28 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 #include <sys/types.h> 32 #include <socket_impl.h> 33 #include <socket_inet.h> 34 #include <sys/sysmacros.h> 35 #include <sys/promif.h> 36 #include <sys/socket.h> 37 #include <netinet/in_systm.h> 38 #include <netinet/in.h> 39 #include <netinet/ip.h> 40 #include <netinet/tcp.h> 41 #include <net/if_types.h> 42 #include <sys/salib.h> 43 44 #include "ipv4.h" 45 #include "ipv4_impl.h" 46 #include "mac.h" 47 #include "mac_impl.h" 48 #include "v4_sum_impl.h" 49 #include <sys/bootdebug.h> 50 #include "tcp_inet.h" 51 #include "tcp_sack.h" 52 #include <inet/common.h> 53 #include <inet/mib2.h> 54 55 /* 56 * We need to redefine BUMP_MIB/UPDATE_MIB to not have DTrace probes. 57 */ 58 #undef BUMP_MIB 59 #define BUMP_MIB(x) (x)++ 60 61 #undef UPDATE_MIB 62 #define UPDATE_MIB(x, y) x += y 63 64 /* 65 * MIB-2 stuff for SNMP 66 */ 67 mib2_tcp_t tcp_mib; /* SNMP fixed size info */ 68 69 /* The TCP mib does not include the following errors. */ 70 static uint_t tcp_cksum_errors; 71 static uint_t tcp_drops; 72 73 /* Macros for timestamp comparisons */ 74 #define TSTMP_GEQ(a, b) ((int32_t)((a)-(b)) >= 0) 75 #define TSTMP_LT(a, b) ((int32_t)((a)-(b)) < 0) 76 77 /* 78 * Parameters for TCP Initial Send Sequence number (ISS) generation. 79 * The ISS is calculated by adding three components: a time component 80 * which grows by 1 every 4096 nanoseconds (versus every 4 microseconds 81 * suggested by RFC 793, page 27); 82 * a per-connection component which grows by 125000 for every new connection; 83 * and an "extra" component that grows by a random amount centered 84 * approximately on 64000. This causes the the ISS generator to cycle every 85 * 4.89 hours if no TCP connections are made, and faster if connections are 86 * made. 87 */ 88 #define ISS_INCR 250000 89 #define ISS_NSEC_SHT 0 90 91 static uint32_t tcp_iss_incr_extra; /* Incremented for each connection */ 92 93 #define TCP_XMIT_LOWATER 4096 94 #define TCP_XMIT_HIWATER 49152 95 #define TCP_RECV_LOWATER 2048 96 #define TCP_RECV_HIWATER 49152 97 98 /* 99 * PAWS needs a timer for 24 days. This is the number of ms in 24 days 100 */ 101 #define PAWS_TIMEOUT ((uint32_t)(24*24*60*60*1000)) 102 103 /* 104 * TCP options struct returned from tcp_parse_options. 105 */ 106 typedef struct tcp_opt_s { 107 uint32_t tcp_opt_mss; 108 uint32_t tcp_opt_wscale; 109 uint32_t tcp_opt_ts_val; 110 uint32_t tcp_opt_ts_ecr; 111 tcp_t *tcp; 112 } tcp_opt_t; 113 114 /* 115 * RFC1323-recommended phrasing of TSTAMP option, for easier parsing 116 */ 117 118 #ifdef _BIG_ENDIAN 119 #define TCPOPT_NOP_NOP_TSTAMP ((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | \ 120 (TCPOPT_TSTAMP << 8) | 10) 121 #else 122 #define TCPOPT_NOP_NOP_TSTAMP ((10 << 24) | (TCPOPT_TSTAMP << 16) | \ 123 (TCPOPT_NOP << 8) | TCPOPT_NOP) 124 #endif 125 126 /* 127 * Flags returned from tcp_parse_options. 128 */ 129 #define TCP_OPT_MSS_PRESENT 1 130 #define TCP_OPT_WSCALE_PRESENT 2 131 #define TCP_OPT_TSTAMP_PRESENT 4 132 #define TCP_OPT_SACK_OK_PRESENT 8 133 #define TCP_OPT_SACK_PRESENT 16 134 135 /* TCP option length */ 136 #define TCPOPT_NOP_LEN 1 137 #define TCPOPT_MAXSEG_LEN 4 138 #define TCPOPT_WS_LEN 3 139 #define TCPOPT_REAL_WS_LEN (TCPOPT_WS_LEN+1) 140 #define TCPOPT_TSTAMP_LEN 10 141 #define TCPOPT_REAL_TS_LEN (TCPOPT_TSTAMP_LEN+2) 142 #define TCPOPT_SACK_OK_LEN 2 143 #define TCPOPT_REAL_SACK_OK_LEN (TCPOPT_SACK_OK_LEN+2) 144 #define TCPOPT_REAL_SACK_LEN 4 145 #define TCPOPT_MAX_SACK_LEN 36 146 #define TCPOPT_HEADER_LEN 2 147 148 /* TCP cwnd burst factor. */ 149 #define TCP_CWND_INFINITE 65535 150 #define TCP_CWND_SS 3 151 #define TCP_CWND_NORMAL 5 152 153 /* Named Dispatch Parameter Management Structure */ 154 typedef struct tcpparam_s { 155 uint32_t tcp_param_min; 156 uint32_t tcp_param_max; 157 uint32_t tcp_param_val; 158 char *tcp_param_name; 159 } tcpparam_t; 160 161 /* Max size IP datagram is 64k - 1 */ 162 #define TCP_MSS_MAX_IPV4 (IP_MAXPACKET - (sizeof (struct ip) + \ 163 sizeof (tcph_t))) 164 165 /* Max of the above */ 166 #define TCP_MSS_MAX TCP_MSS_MAX_IPV4 167 168 /* Largest TCP port number */ 169 #define TCP_MAX_PORT (64 * 1024 - 1) 170 171 /* Round up the value to the nearest mss. */ 172 #define MSS_ROUNDUP(value, mss) ((((value) - 1) / (mss) + 1) * (mss)) 173 174 #define MS 1L 175 #define SECONDS (1000 * MS) 176 #define MINUTES (60 * SECONDS) 177 #define HOURS (60 * MINUTES) 178 #define DAYS (24 * HOURS) 179 180 /* All NDD params in the core TCP became static variables. */ 181 static int tcp_time_wait_interval = 1 * MINUTES; 182 static int tcp_conn_req_max_q = 128; 183 static int tcp_conn_req_max_q0 = 1024; 184 static int tcp_conn_req_min = 1; 185 static int tcp_conn_grace_period = 0 * SECONDS; 186 static int tcp_cwnd_max_ = 1024 * 1024; 187 static int tcp_smallest_nonpriv_port = 1024; 188 static int tcp_ip_abort_cinterval = 3 * MINUTES; 189 static int tcp_ip_abort_linterval = 3 * MINUTES; 190 static int tcp_ip_abort_interval = 8 * MINUTES; 191 static int tcp_ip_notify_cinterval = 10 * SECONDS; 192 static int tcp_ip_notify_interval = 10 * SECONDS; 193 static int tcp_ipv4_ttl = 64; 194 static int tcp_mss_def_ipv4 = 536; 195 static int tcp_mss_max_ipv4 = TCP_MSS_MAX_IPV4; 196 static int tcp_mss_min = 108; 197 static int tcp_naglim_def = (4*1024)-1; 198 static int tcp_rexmit_interval_initial = 3 * SECONDS; 199 static int tcp_rexmit_interval_max = 60 * SECONDS; 200 static int tcp_rexmit_interval_min = 400 * MS; 201 static int tcp_dupack_fast_retransmit = 3; 202 static int tcp_smallest_anon_port = 32 * 1024; 203 static int tcp_largest_anon_port = TCP_MAX_PORT; 204 static int tcp_xmit_lowat = TCP_XMIT_LOWATER; 205 static int tcp_recv_hiwat_minmss = 4; 206 static int tcp_fin_wait_2_flush_interval = 1 * MINUTES; 207 static int tcp_max_buf = 1024 * 1024; 208 static int tcp_wscale_always = 1; 209 static int tcp_tstamp_always = 1; 210 static int tcp_tstamp_if_wscale = 1; 211 static int tcp_rexmit_interval_extra = 0; 212 static int tcp_slow_start_after_idle = 2; 213 static int tcp_slow_start_initial = 2; 214 static int tcp_sack_permitted = 2; 215 static int tcp_ecn_permitted = 2; 216 217 /* Extra room to fit in headers. */ 218 static uint_t tcp_wroff_xtra; 219 220 /* Hint for next port to try. */ 221 static in_port_t tcp_next_port_to_try = 32*1024; 222 223 /* 224 * Figure out the value of window scale opton. Note that the rwnd is 225 * ASSUMED to be rounded up to the nearest MSS before the calculation. 226 * We cannot find the scale value and then do a round up of tcp_rwnd 227 * because the scale value may not be correct after that. 228 */ 229 #define SET_WS_VALUE(tcp) \ 230 { \ 231 int i; \ 232 uint32_t rwnd = (tcp)->tcp_rwnd; \ 233 for (i = 0; rwnd > TCP_MAXWIN && i < TCP_MAX_WINSHIFT; \ 234 i++, rwnd >>= 1) \ 235 ; \ 236 (tcp)->tcp_rcv_ws = i; \ 237 } 238 239 /* 240 * Set ECN capable transport (ECT) code point in IP header. 241 * 242 * Note that there are 2 ECT code points '01' and '10', which are called 243 * ECT(1) and ECT(0) respectively. Here we follow the original ECT code 244 * point ECT(0) for TCP as described in RFC 2481. 245 */ 246 #define SET_ECT(tcp, iph) \ 247 if ((tcp)->tcp_ipversion == IPV4_VERSION) { \ 248 /* We need to clear the code point first. */ \ 249 ((struct ip *)(iph))->ip_tos &= 0xFC; \ 250 ((struct ip *)(iph))->ip_tos |= IPH_ECN_ECT0; \ 251 } 252 253 /* 254 * The format argument to pass to tcp_display(). 255 * DISP_PORT_ONLY means that the returned string has only port info. 256 * DISP_ADDR_AND_PORT means that the returned string also contains the 257 * remote and local IP address. 258 */ 259 #define DISP_PORT_ONLY 1 260 #define DISP_ADDR_AND_PORT 2 261 262 /* 263 * TCP reassembly macros. We hide starting and ending sequence numbers in 264 * b_next and b_prev of messages on the reassembly queue. The messages are 265 * chained using b_cont. These macros are used in tcp_reass() so we don't 266 * have to see the ugly casts and assignments. 267 * Note. use uintptr_t to suppress the gcc warning. 268 */ 269 #define TCP_REASS_SEQ(mp) ((uint32_t)(uintptr_t)((mp)->b_next)) 270 #define TCP_REASS_SET_SEQ(mp, u) ((mp)->b_next = \ 271 (mblk_t *)((uintptr_t)(u))) 272 #define TCP_REASS_END(mp) ((uint32_t)(uintptr_t)((mp)->b_prev)) 273 #define TCP_REASS_SET_END(mp, u) ((mp)->b_prev = \ 274 (mblk_t *)((uintptr_t)(u))) 275 276 #define TCP_TIMER_RESTART(tcp, intvl) \ 277 (tcp)->tcp_rto_timeout = prom_gettime() + intvl; \ 278 (tcp)->tcp_timer_running = B_TRUE; 279 280 static int tcp_accept_comm(tcp_t *, tcp_t *, mblk_t *, uint_t); 281 static mblk_t *tcp_ack_mp(tcp_t *); 282 static in_port_t tcp_bindi(in_port_t, in_addr_t *, boolean_t, boolean_t); 283 static uint16_t tcp_cksum(uint16_t *, uint32_t); 284 static void tcp_clean_death(int, tcp_t *, int err); 285 static tcp_t *tcp_conn_request(tcp_t *, mblk_t *mp, uint_t, uint_t); 286 static char *tcp_display(tcp_t *, char *, char); 287 static int tcp_drain_input(tcp_t *, int, int); 288 static void tcp_drain_needed(int, tcp_t *); 289 static boolean_t tcp_drop_q0(tcp_t *); 290 static mblk_t *tcp_get_seg_mp(tcp_t *, uint32_t, int32_t *); 291 static int tcp_header_len(struct inetgram *); 292 static in_port_t tcp_report_ports(uint16_t *, enum Ports); 293 static int tcp_input(int); 294 static void tcp_iss_init(tcp_t *); 295 static tcp_t *tcp_lookup_ipv4(struct ip *, tcpha_t *, int, int *); 296 static tcp_t *tcp_lookup_listener_ipv4(in_addr_t, in_port_t, int *); 297 static int tcp_conn_check(tcp_t *); 298 static int tcp_close(int); 299 static void tcp_close_detached(tcp_t *); 300 static void tcp_eager_cleanup(tcp_t *, boolean_t, int); 301 static void tcp_eager_unlink(tcp_t *); 302 static void tcp_free(tcp_t *); 303 static int tcp_header_init_ipv4(tcp_t *); 304 static void tcp_mss_set(tcp_t *, uint32_t); 305 static int tcp_parse_options(tcph_t *, tcp_opt_t *); 306 static boolean_t tcp_paws_check(tcp_t *, tcph_t *, tcp_opt_t *); 307 static void tcp_process_options(tcp_t *, tcph_t *); 308 static int tcp_random(void); 309 static void tcp_random_init(void); 310 static mblk_t *tcp_reass(tcp_t *, mblk_t *, uint32_t); 311 static void tcp_reass_elim_overlap(tcp_t *, mblk_t *); 312 static void tcp_rcv_drain(int sock_id, tcp_t *); 313 static void tcp_rcv_enqueue(tcp_t *, mblk_t *, uint_t); 314 static void tcp_rput_data(tcp_t *, mblk_t *, int); 315 static int tcp_rwnd_set(tcp_t *, uint32_t); 316 static int32_t tcp_sack_rxmit(tcp_t *, int); 317 static void tcp_set_cksum(mblk_t *); 318 static void tcp_set_rto(tcp_t *, int32_t); 319 static void tcp_ss_rexmit(tcp_t *, int); 320 static int tcp_state_wait(int, tcp_t *, int); 321 static void tcp_timer(tcp_t *, int); 322 static void tcp_time_wait_append(tcp_t *); 323 static void tcp_time_wait_collector(void); 324 static void tcp_time_wait_processing(tcp_t *, mblk_t *, uint32_t, 325 uint32_t, int, tcph_t *, int sock_id); 326 static void tcp_time_wait_remove(tcp_t *); 327 static in_port_t tcp_update_next_port(in_port_t); 328 static int tcp_verify_cksum(mblk_t *); 329 static void tcp_wput_data(tcp_t *, mblk_t *, int); 330 static void tcp_xmit_ctl(char *, tcp_t *, mblk_t *, uint32_t, uint32_t, 331 int, uint_t, int); 332 static void tcp_xmit_early_reset(char *, int, mblk_t *, uint32_t, uint32_t, 333 int, uint_t); 334 static int tcp_xmit_end(tcp_t *, int); 335 static void tcp_xmit_listeners_reset(int, mblk_t *, uint_t); 336 static mblk_t *tcp_xmit_mp(tcp_t *, mblk_t *, int32_t, int32_t *, 337 mblk_t **, uint32_t, boolean_t, uint32_t *, boolean_t); 338 static int tcp_init_values(tcp_t *, struct inetboot_socket *); 339 340 #if DEBUG > 1 341 #define TCP_DUMP_PACKET(str, mp) \ 342 { \ 343 int len = (mp)->b_wptr - (mp)->b_rptr; \ 344 \ 345 printf("%s: dump TCP(%d): \n", (str), len); \ 346 hexdump((char *)(mp)->b_rptr, len); \ 347 } 348 #else 349 #define TCP_DUMP_PACKET(str, mp) 350 #endif 351 352 #ifdef DEBUG 353 #define DEBUG_1(str, arg) printf(str, (arg)) 354 #define DEBUG_2(str, arg1, arg2) printf(str, (arg1), (arg2)) 355 #define DEBUG_3(str, arg1, arg2, arg3) printf(str, (arg1), (arg2), (arg3)) 356 #else 357 #define DEBUG_1(str, arg) 358 #define DEBUG_2(str, arg1, arg2) 359 #define DEBUG_3(str, arg1, arg2, arg3) 360 #endif 361 362 /* Whether it is the first time TCP is used. */ 363 static boolean_t tcp_initialized = B_FALSE; 364 365 /* TCP time wait list. */ 366 static tcp_t *tcp_time_wait_head; 367 static tcp_t *tcp_time_wait_tail; 368 static uint32_t tcp_cum_timewait; 369 /* When the tcp_time_wait_collector is run. */ 370 static uint32_t tcp_time_wait_runtime; 371 372 #define TCP_RUN_TIME_WAIT_COLLECTOR() \ 373 if (prom_gettime() > tcp_time_wait_runtime) \ 374 tcp_time_wait_collector(); 375 376 /* 377 * Accept will return with an error if there is no connection coming in 378 * after this (in ms). 379 */ 380 static int tcp_accept_timeout = 60000; 381 382 /* 383 * Initialize the TCP-specific parts of a socket. 384 */ 385 void 386 tcp_socket_init(struct inetboot_socket *isp) 387 { 388 /* Do some initializations. */ 389 if (!tcp_initialized) { 390 tcp_random_init(); 391 /* Extra head room for the MAC layer address. */ 392 if ((tcp_wroff_xtra = mac_get_hdr_len()) & 0x3) { 393 tcp_wroff_xtra = (tcp_wroff_xtra & ~0x3) + 0x4; 394 } 395 /* Schedule the first time wait cleanup time */ 396 tcp_time_wait_runtime = prom_gettime() + tcp_time_wait_interval; 397 tcp_initialized = B_TRUE; 398 } 399 TCP_RUN_TIME_WAIT_COLLECTOR(); 400 401 isp->proto = IPPROTO_TCP; 402 isp->input[TRANSPORT_LVL] = tcp_input; 403 /* Socket layer should call tcp_send() directly. */ 404 isp->output[TRANSPORT_LVL] = NULL; 405 isp->close[TRANSPORT_LVL] = tcp_close; 406 isp->headerlen[TRANSPORT_LVL] = tcp_header_len; 407 isp->ports = tcp_report_ports; 408 if ((isp->pcb = bkmem_alloc(sizeof (tcp_t))) == NULL) { 409 errno = ENOBUFS; 410 return; 411 } 412 if ((errno = tcp_init_values((tcp_t *)isp->pcb, isp)) != 0) { 413 bkmem_free(isp->pcb, sizeof (tcp_t)); 414 return; 415 } 416 /* 417 * This is set last because this field is used to determine if 418 * a socket is in use or not. 419 */ 420 isp->type = INETBOOT_STREAM; 421 } 422 423 /* 424 * Return the size of a TCP header including TCP option. 425 */ 426 static int 427 tcp_header_len(struct inetgram *igm) 428 { 429 mblk_t *pkt; 430 int ipvers; 431 432 /* Just returns the standard TCP header without option */ 433 if (igm == NULL) 434 return (sizeof (tcph_t)); 435 436 if ((pkt = igm->igm_mp) == NULL) 437 return (0); 438 439 ipvers = ((struct ip *)pkt->b_rptr)->ip_v; 440 if (ipvers == IPV4_VERSION) { 441 return (TCP_HDR_LENGTH((tcph_t *)(pkt + IPH_HDR_LENGTH(pkt)))); 442 } else { 443 dprintf("tcp_header_len: non-IPv4 packet.\n"); 444 return (0); 445 } 446 } 447 448 /* 449 * Return the requested port number in network order. 450 */ 451 static in_port_t 452 tcp_report_ports(uint16_t *tcphp, enum Ports request) 453 { 454 if (request == SOURCE) 455 return (*(uint16_t *)(((tcph_t *)tcphp)->th_lport)); 456 return (*(uint16_t *)(((tcph_t *)tcphp)->th_fport)); 457 } 458 459 /* 460 * Because inetboot is not interrupt driven, TCP can only poll. This 461 * means that there can be packets stuck in the NIC buffer waiting to 462 * be processed. Thus we need to drain them before, for example, sending 463 * anything because an ACK may actually be stuck there. 464 * 465 * The timeout arguments determine how long we should wait for draining. 466 */ 467 static int 468 tcp_drain_input(tcp_t *tcp, int sock_id, int timeout) 469 { 470 struct inetgram *in_gram; 471 struct inetgram *old_in_gram; 472 int old_timeout; 473 mblk_t *mp; 474 int i; 475 476 dprintf("tcp_drain_input(%d): %s\n", sock_id, 477 tcp_display(tcp, NULL, DISP_ADDR_AND_PORT)); 478 479 /* 480 * Since the driver uses the in_timeout value in the socket 481 * structure to determine the timeout value, we need to save 482 * the original one so that we can restore that after draining. 483 */ 484 old_timeout = sockets[sock_id].in_timeout; 485 sockets[sock_id].in_timeout = timeout; 486 487 /* 488 * We do this because the input queue may have some user 489 * data already. 490 */ 491 old_in_gram = sockets[sock_id].inq; 492 sockets[sock_id].inq = NULL; 493 494 /* Go out and check the wire */ 495 for (i = MEDIA_LVL; i < TRANSPORT_LVL; i++) { 496 if (sockets[sock_id].input[i] != NULL) { 497 if (sockets[sock_id].input[i](sock_id) < 0) { 498 sockets[sock_id].in_timeout = old_timeout; 499 if (sockets[sock_id].inq != NULL) 500 nuke_grams(&sockets[sock_id].inq); 501 sockets[sock_id].inq = old_in_gram; 502 return (-1); 503 } 504 } 505 } 506 #if DEBUG 507 printf("tcp_drain_input: done with checking packets\n"); 508 #endif 509 while ((in_gram = sockets[sock_id].inq) != NULL) { 510 /* Remove unknown inetgrams from the head of inq. */ 511 if (in_gram->igm_level != TRANSPORT_LVL) { 512 #if DEBUG 513 printf("tcp_drain_input: unexpected packet " 514 "level %d frame found\n", in_gram->igm_level); 515 #endif 516 del_gram(&sockets[sock_id].inq, in_gram, B_TRUE); 517 continue; 518 } 519 mp = in_gram->igm_mp; 520 del_gram(&sockets[sock_id].inq, in_gram, B_FALSE); 521 bkmem_free((caddr_t)in_gram, sizeof (struct inetgram)); 522 tcp_rput_data(tcp, mp, sock_id); 523 sockets[sock_id].in_timeout = old_timeout; 524 525 /* 526 * The other side may have closed this connection or 527 * RST us. But we need to continue to process other 528 * packets in the socket's queue because they may be 529 * belong to another TCP connections. 530 */ 531 if (sockets[sock_id].pcb == NULL) 532 tcp = NULL; 533 } 534 535 if (tcp == NULL || sockets[sock_id].pcb == NULL) { 536 if (sockets[sock_id].so_error != 0) 537 return (-1); 538 else 539 return (0); 540 } 541 #if DEBUG 542 printf("tcp_drain_input: done with processing packets\n"); 543 #endif 544 sockets[sock_id].in_timeout = old_timeout; 545 sockets[sock_id].inq = old_in_gram; 546 547 /* 548 * Data may have been received so indicate it is available 549 */ 550 tcp_drain_needed(sock_id, tcp); 551 return (0); 552 } 553 554 /* 555 * The receive entry point for upper layer to call to get data. Note 556 * that this follows the current architecture that lower layer receive 557 * routines have been called already. Thus if the inq of socket is 558 * not NULL, the packets must be for us. 559 */ 560 static int 561 tcp_input(int sock_id) 562 { 563 struct inetgram *in_gram; 564 mblk_t *mp; 565 tcp_t *tcp; 566 567 TCP_RUN_TIME_WAIT_COLLECTOR(); 568 569 if ((tcp = sockets[sock_id].pcb) == NULL) 570 return (-1); 571 572 while ((in_gram = sockets[sock_id].inq) != NULL) { 573 /* Remove unknown inetgrams from the head of inq. */ 574 if (in_gram->igm_level != TRANSPORT_LVL) { 575 #ifdef DEBUG 576 printf("tcp_input: unexpected packet " 577 "level %d frame found\n", in_gram->igm_level); 578 #endif 579 del_gram(&sockets[sock_id].inq, in_gram, B_TRUE); 580 continue; 581 } 582 mp = in_gram->igm_mp; 583 del_gram(&sockets[sock_id].inq, in_gram, B_FALSE); 584 bkmem_free((caddr_t)in_gram, sizeof (struct inetgram)); 585 tcp_rput_data(tcp, mp, sock_id); 586 /* The TCP may be gone because it gets a RST. */ 587 if (sockets[sock_id].pcb == NULL) 588 return (-1); 589 } 590 591 /* Flush the receive list. */ 592 if (tcp->tcp_rcv_list != NULL) { 593 tcp_rcv_drain(sock_id, tcp); 594 } else { 595 /* The other side has closed the connection, report this up. */ 596 if (tcp->tcp_state == TCPS_CLOSE_WAIT) { 597 sockets[sock_id].so_state |= SS_CANTRCVMORE; 598 return (0); 599 } 600 } 601 return (0); 602 } 603 604 /* 605 * The send entry point for upper layer to call to send data. In order 606 * to minimize changes to the core TCP code, we need to put the 607 * data into mblks. 608 */ 609 int 610 tcp_send(int sock_id, tcp_t *tcp, const void *msg, int len) 611 { 612 mblk_t *mp; 613 mblk_t *head = NULL; 614 mblk_t *tail; 615 int mss = tcp->tcp_mss; 616 int cnt = 0; 617 int win_size; 618 char *buf = (char *)msg; 619 620 TCP_RUN_TIME_WAIT_COLLECTOR(); 621 622 /* We don't want to append 0 size mblk. */ 623 if (len == 0) 624 return (0); 625 while (len > 0) { 626 if (len < mss) { 627 mss = len; 628 } 629 /* 630 * If we cannot allocate more buffer, stop here and 631 * the number of bytes buffered will be returned. 632 * 633 * Note that we follow the core TCP optimization that 634 * each mblk contains only MSS bytes data. 635 */ 636 if ((mp = allocb(mss + tcp->tcp_ip_hdr_len + 637 TCP_MAX_HDR_LENGTH + tcp_wroff_xtra, 0)) == NULL) { 638 break; 639 } 640 mp->b_rptr += tcp->tcp_hdr_len + tcp_wroff_xtra; 641 bcopy(buf, mp->b_rptr, mss); 642 mp->b_wptr = mp->b_rptr + mss; 643 buf += mss; 644 cnt += mss; 645 len -= mss; 646 647 if (head == NULL) { 648 head = mp; 649 tail = mp; 650 } else { 651 tail->b_cont = mp; 652 tail = mp; 653 } 654 } 655 656 /* 657 * Since inetboot is not interrupt driven, there may be 658 * some ACKs in the MAC's buffer. Drain them first, 659 * otherwise, we may not be able to send. 660 * 661 * We expect an ACK in two cases: 662 * 663 * 1) We have un-ACK'ed data. 664 * 665 * 2) All ACK's have been received and the sender's window has been 666 * closed. We need an ACK back to open the window so that we can 667 * send. In this case, call tcp_drain_input() if the window size is 668 * less than 2 * MSS. 669 */ 670 671 /* window size = MIN(swnd, cwnd) - unacked bytes */ 672 win_size = (tcp->tcp_swnd > tcp->tcp_cwnd) ? tcp->tcp_cwnd : 673 tcp->tcp_swnd; 674 win_size -= tcp->tcp_snxt; 675 win_size += tcp->tcp_suna; 676 if (win_size < (2 * tcp->tcp_mss)) 677 if (tcp_drain_input(tcp, sock_id, 5) < 0) 678 return (-1); 679 680 tcp_wput_data(tcp, head, sock_id); 681 /* 682 * errno should be reset here as it may be 683 * set to ETIMEDOUT. This may be set by 684 * the MAC driver in case it has timed out 685 * waiting for ARP reply. Any segment which 686 * was not transmitted because of ARP timeout 687 * will be retransmitted by TCP. 688 */ 689 if (errno == ETIMEDOUT) 690 errno = 0; 691 return (cnt); 692 } 693 694 /* Free up all TCP related stuff */ 695 static void 696 tcp_free(tcp_t *tcp) 697 { 698 if (tcp->tcp_iphc != NULL) { 699 bkmem_free((caddr_t)tcp->tcp_iphc, tcp->tcp_iphc_len); 700 tcp->tcp_iphc = NULL; 701 } 702 if (tcp->tcp_xmit_head != NULL) { 703 freemsg(tcp->tcp_xmit_head); 704 tcp->tcp_xmit_head = NULL; 705 } 706 if (tcp->tcp_rcv_list != NULL) { 707 freemsg(tcp->tcp_rcv_list); 708 tcp->tcp_rcv_list = NULL; 709 } 710 if (tcp->tcp_reass_head != NULL) { 711 freemsg(tcp->tcp_reass_head); 712 tcp->tcp_reass_head = NULL; 713 } 714 if (tcp->tcp_sack_info != NULL) { 715 bkmem_free((caddr_t)tcp->tcp_sack_info, 716 sizeof (tcp_sack_info_t)); 717 tcp->tcp_sack_info = NULL; 718 } 719 } 720 721 static void 722 tcp_close_detached(tcp_t *tcp) 723 { 724 if (tcp->tcp_listener != NULL) 725 tcp_eager_unlink(tcp); 726 tcp_free(tcp); 727 bkmem_free((caddr_t)tcp, sizeof (tcp_t)); 728 } 729 730 /* 731 * If we are an eager connection hanging off a listener that hasn't 732 * formally accepted the connection yet, get off his list and blow off 733 * any data that we have accumulated. 734 */ 735 static void 736 tcp_eager_unlink(tcp_t *tcp) 737 { 738 tcp_t *listener = tcp->tcp_listener; 739 740 assert(listener != NULL); 741 if (tcp->tcp_eager_next_q0 != NULL) { 742 assert(tcp->tcp_eager_prev_q0 != NULL); 743 744 /* Remove the eager tcp from q0 */ 745 tcp->tcp_eager_next_q0->tcp_eager_prev_q0 = 746 tcp->tcp_eager_prev_q0; 747 tcp->tcp_eager_prev_q0->tcp_eager_next_q0 = 748 tcp->tcp_eager_next_q0; 749 listener->tcp_conn_req_cnt_q0--; 750 } else { 751 tcp_t **tcpp = &listener->tcp_eager_next_q; 752 tcp_t *prev = NULL; 753 754 for (; tcpp[0]; tcpp = &tcpp[0]->tcp_eager_next_q) { 755 if (tcpp[0] == tcp) { 756 if (listener->tcp_eager_last_q == tcp) { 757 /* 758 * If we are unlinking the last 759 * element on the list, adjust 760 * tail pointer. Set tail pointer 761 * to nil when list is empty. 762 */ 763 assert(tcp->tcp_eager_next_q == NULL); 764 if (listener->tcp_eager_last_q == 765 listener->tcp_eager_next_q) { 766 listener->tcp_eager_last_q = 767 NULL; 768 } else { 769 /* 770 * We won't get here if there 771 * is only one eager in the 772 * list. 773 */ 774 assert(prev != NULL); 775 listener->tcp_eager_last_q = 776 prev; 777 } 778 } 779 tcpp[0] = tcp->tcp_eager_next_q; 780 tcp->tcp_eager_next_q = NULL; 781 tcp->tcp_eager_last_q = NULL; 782 listener->tcp_conn_req_cnt_q--; 783 break; 784 } 785 prev = tcpp[0]; 786 } 787 } 788 tcp->tcp_listener = NULL; 789 } 790 791 /* 792 * Reset any eager connection hanging off this listener 793 * and then reclaim it's resources. 794 */ 795 static void 796 tcp_eager_cleanup(tcp_t *listener, boolean_t q0_only, int sock_id) 797 { 798 tcp_t *eager; 799 800 if (!q0_only) { 801 /* First cleanup q */ 802 while ((eager = listener->tcp_eager_next_q) != NULL) { 803 assert(listener->tcp_eager_last_q != NULL); 804 tcp_xmit_ctl("tcp_eager_cleanup, can't wait", 805 eager, NULL, eager->tcp_snxt, 0, TH_RST, 0, 806 sock_id); 807 tcp_close_detached(eager); 808 } 809 assert(listener->tcp_eager_last_q == NULL); 810 } 811 /* Then cleanup q0 */ 812 while ((eager = listener->tcp_eager_next_q0) != listener) { 813 tcp_xmit_ctl("tcp_eager_cleanup, can't wait", 814 eager, NULL, eager->tcp_snxt, 0, TH_RST, 0, sock_id); 815 tcp_close_detached(eager); 816 } 817 } 818 819 /* 820 * To handle the shutdown request. Called from shutdown() 821 */ 822 int 823 tcp_shutdown(int sock_id) 824 { 825 tcp_t *tcp; 826 827 DEBUG_1("tcp_shutdown: sock_id %x\n", sock_id); 828 829 if ((tcp = sockets[sock_id].pcb) == NULL) { 830 return (-1); 831 } 832 833 /* 834 * Since inetboot is not interrupt driven, there may be 835 * some ACKs in the MAC's buffer. Drain them first, 836 * otherwise, we may not be able to send. 837 */ 838 if (tcp_drain_input(tcp, sock_id, 5) < 0) { 839 /* 840 * If we return now without freeing TCP, there will be 841 * a memory leak. 842 */ 843 if (sockets[sock_id].pcb != NULL) 844 tcp_clean_death(sock_id, tcp, 0); 845 return (-1); 846 } 847 848 DEBUG_1("tcp_shutdown: tcp_state %x\n", tcp->tcp_state); 849 switch (tcp->tcp_state) { 850 851 case TCPS_SYN_RCVD: 852 /* 853 * Shutdown during the connect 3-way handshake 854 */ 855 case TCPS_ESTABLISHED: 856 /* 857 * Transmit the FIN 858 * wait for the FIN to be ACKed, 859 * then remain in FIN_WAIT_2 860 */ 861 dprintf("tcp_shutdown: sending fin\n"); 862 if (tcp_xmit_end(tcp, sock_id) == 0 && 863 tcp_state_wait(sock_id, tcp, TCPS_FIN_WAIT_2) < 0) { 864 /* During the wait, TCP may be gone... */ 865 if (sockets[sock_id].pcb == NULL) 866 return (-1); 867 } 868 dprintf("tcp_shutdown: done\n"); 869 break; 870 871 default: 872 break; 873 874 } 875 return (0); 876 } 877 878 /* To handle closing of the socket */ 879 static int 880 tcp_close(int sock_id) 881 { 882 char *msg; 883 tcp_t *tcp; 884 int error = 0; 885 886 if ((tcp = sockets[sock_id].pcb) == NULL) { 887 return (-1); 888 } 889 890 TCP_RUN_TIME_WAIT_COLLECTOR(); 891 892 /* 893 * Since inetboot is not interrupt driven, there may be 894 * some ACKs in the MAC's buffer. Drain them first, 895 * otherwise, we may not be able to send. 896 */ 897 if (tcp_drain_input(tcp, sock_id, 5) < 0) { 898 /* 899 * If we return now without freeing TCP, there will be 900 * a memory leak. 901 */ 902 if (sockets[sock_id].pcb != NULL) 903 tcp_clean_death(sock_id, tcp, 0); 904 return (-1); 905 } 906 907 if (tcp->tcp_conn_req_cnt_q0 != 0 || tcp->tcp_conn_req_cnt_q != 0) { 908 /* Cleanup for listener */ 909 tcp_eager_cleanup(tcp, 0, sock_id); 910 } 911 912 msg = NULL; 913 switch (tcp->tcp_state) { 914 case TCPS_CLOSED: 915 case TCPS_IDLE: 916 case TCPS_BOUND: 917 case TCPS_LISTEN: 918 break; 919 case TCPS_SYN_SENT: 920 msg = "tcp_close, during connect"; 921 break; 922 case TCPS_SYN_RCVD: 923 /* 924 * Close during the connect 3-way handshake 925 * but here there may or may not be pending data 926 * already on queue. Process almost same as in 927 * the ESTABLISHED state. 928 */ 929 /* FALLTHRU */ 930 default: 931 /* 932 * If SO_LINGER has set a zero linger time, abort the 933 * connection with a reset. 934 */ 935 if (tcp->tcp_linger && tcp->tcp_lingertime == 0) { 936 msg = "tcp_close, zero lingertime"; 937 break; 938 } 939 940 /* 941 * Abort connection if there is unread data queued. 942 */ 943 if (tcp->tcp_rcv_list != NULL || 944 tcp->tcp_reass_head != NULL) { 945 msg = "tcp_close, unread data"; 946 break; 947 } 948 if (tcp->tcp_state <= TCPS_LISTEN) 949 break; 950 951 /* 952 * Transmit the FIN before detaching the tcp_t. 953 * After tcp_detach returns this queue/perimeter 954 * no longer owns the tcp_t thus others can modify it. 955 * The TCP could be closed in tcp_state_wait called by 956 * tcp_wput_data called by tcp_xmit_end. 957 */ 958 (void) tcp_xmit_end(tcp, sock_id); 959 if (sockets[sock_id].pcb == NULL) 960 return (0); 961 962 /* 963 * If lingering on close then wait until the fin is acked, 964 * the SO_LINGER time passes, or a reset is sent/received. 965 */ 966 if (tcp->tcp_linger && tcp->tcp_lingertime > 0 && 967 !(tcp->tcp_fin_acked) && 968 tcp->tcp_state >= TCPS_ESTABLISHED) { 969 uint32_t stoptime; /* in ms */ 970 971 tcp->tcp_client_errno = 0; 972 stoptime = prom_gettime() + 973 (tcp->tcp_lingertime * 1000); 974 while (!(tcp->tcp_fin_acked) && 975 tcp->tcp_state >= TCPS_ESTABLISHED && 976 tcp->tcp_client_errno == 0 && 977 ((int32_t)(stoptime - prom_gettime()) > 0)) { 978 if (tcp_drain_input(tcp, sock_id, 5) < 0) { 979 if (sockets[sock_id].pcb != NULL) { 980 tcp_clean_death(sock_id, 981 tcp, 0); 982 } 983 return (-1); 984 } 985 } 986 tcp->tcp_client_errno = 0; 987 } 988 if (tcp_state_wait(sock_id, tcp, TCPS_TIME_WAIT) < 0) { 989 /* During the wait, TCP may be gone... */ 990 if (sockets[sock_id].pcb == NULL) 991 return (0); 992 msg = "tcp_close, couldn't detach"; 993 } else { 994 return (0); 995 } 996 break; 997 } 998 999 /* Something went wrong... Send a RST and report the error */ 1000 if (msg != NULL) { 1001 if (tcp->tcp_state == TCPS_ESTABLISHED || 1002 tcp->tcp_state == TCPS_CLOSE_WAIT) 1003 BUMP_MIB(tcp_mib.tcpEstabResets); 1004 if (tcp->tcp_state == TCPS_SYN_SENT || 1005 tcp->tcp_state == TCPS_SYN_RCVD) 1006 BUMP_MIB(tcp_mib.tcpAttemptFails); 1007 tcp_xmit_ctl(msg, tcp, NULL, tcp->tcp_snxt, 0, TH_RST, 0, 1008 sock_id); 1009 } 1010 1011 tcp_free(tcp); 1012 bkmem_free((caddr_t)tcp, sizeof (tcp_t)); 1013 sockets[sock_id].pcb = NULL; 1014 return (error); 1015 } 1016 1017 /* To make an endpoint a listener. */ 1018 int 1019 tcp_listen(int sock_id, int backlog) 1020 { 1021 tcp_t *tcp; 1022 1023 if ((tcp = (tcp_t *)(sockets[sock_id].pcb)) == NULL) { 1024 errno = EINVAL; 1025 return (-1); 1026 } 1027 /* We allow calling listen() multiple times to change the backlog. */ 1028 if (tcp->tcp_state > TCPS_LISTEN || tcp->tcp_state < TCPS_BOUND) { 1029 errno = EOPNOTSUPP; 1030 return (-1); 1031 } 1032 /* The following initialization should only be done once. */ 1033 if (tcp->tcp_state != TCPS_LISTEN) { 1034 tcp->tcp_eager_next_q0 = tcp->tcp_eager_prev_q0 = tcp; 1035 tcp->tcp_eager_next_q = NULL; 1036 tcp->tcp_state = TCPS_LISTEN; 1037 tcp->tcp_second_ctimer_threshold = tcp_ip_abort_linterval; 1038 } 1039 if ((tcp->tcp_conn_req_max = backlog) > tcp_conn_req_max_q) { 1040 tcp->tcp_conn_req_max = tcp_conn_req_max_q; 1041 } 1042 if (tcp->tcp_conn_req_max < tcp_conn_req_min) { 1043 tcp->tcp_conn_req_max = tcp_conn_req_min; 1044 } 1045 return (0); 1046 } 1047 1048 /* To accept connections. */ 1049 int 1050 tcp_accept(int sock_id, struct sockaddr *addr, socklen_t *addr_len) 1051 { 1052 tcp_t *listener; 1053 tcp_t *eager; 1054 int sd, new_sock_id; 1055 struct sockaddr_in *new_addr = (struct sockaddr_in *)addr; 1056 int timeout; 1057 1058 /* Sanity check. */ 1059 if ((listener = (tcp_t *)(sockets[sock_id].pcb)) == NULL || 1060 new_addr == NULL || addr_len == NULL || 1061 *addr_len < sizeof (struct sockaddr_in) || 1062 listener->tcp_state != TCPS_LISTEN) { 1063 errno = EINVAL; 1064 return (-1); 1065 } 1066 1067 if (sockets[sock_id].in_timeout > tcp_accept_timeout) 1068 timeout = prom_gettime() + sockets[sock_id].in_timeout; 1069 else 1070 timeout = prom_gettime() + tcp_accept_timeout; 1071 while (listener->tcp_eager_next_q == NULL && 1072 timeout > prom_gettime()) { 1073 #if DEBUG 1074 printf("tcp_accept: Waiting in tcp_accept()\n"); 1075 #endif 1076 if (tcp_drain_input(listener, sock_id, 5) < 0) { 1077 return (-1); 1078 } 1079 } 1080 /* If there is an eager, don't timeout... */ 1081 if (timeout <= prom_gettime() && listener->tcp_eager_next_q == NULL) { 1082 #if DEBUG 1083 printf("tcp_accept: timeout\n"); 1084 #endif 1085 errno = ETIMEDOUT; 1086 return (-1); 1087 } 1088 #if DEBUG 1089 printf("tcp_accept: got a connection\n"); 1090 #endif 1091 1092 /* Now create the socket for this new TCP. */ 1093 if ((sd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { 1094 return (-1); 1095 } 1096 if ((new_sock_id = so_check_fd(sd, &errno)) == -1) 1097 /* This should not happen! */ 1098 prom_panic("so_check_fd() fails in tcp_accept()"); 1099 /* Free the TCP PCB in the original socket. */ 1100 bkmem_free((caddr_t)(sockets[new_sock_id].pcb), sizeof (tcp_t)); 1101 /* Dequeue the eager and attach it to the socket. */ 1102 eager = listener->tcp_eager_next_q; 1103 listener->tcp_eager_next_q = eager->tcp_eager_next_q; 1104 if (listener->tcp_eager_last_q == eager) 1105 listener->tcp_eager_last_q = NULL; 1106 eager->tcp_eager_next_q = NULL; 1107 sockets[new_sock_id].pcb = eager; 1108 listener->tcp_conn_req_cnt_q--; 1109 1110 /* Copy in the address info. */ 1111 bcopy(&eager->tcp_remote, &new_addr->sin_addr.s_addr, 1112 sizeof (in_addr_t)); 1113 bcopy(&eager->tcp_fport, &new_addr->sin_port, sizeof (in_port_t)); 1114 new_addr->sin_family = AF_INET; 1115 1116 #ifdef DEBUG 1117 printf("tcp_accept(), new sock_id: %d\n", sd); 1118 #endif 1119 return (sd); 1120 } 1121 1122 /* Update the next anonymous port to use. */ 1123 static in_port_t 1124 tcp_update_next_port(in_port_t port) 1125 { 1126 /* Don't allow the port to fall out of the anonymous port range. */ 1127 if (port < tcp_smallest_anon_port || port > tcp_largest_anon_port) 1128 port = (in_port_t)tcp_smallest_anon_port; 1129 1130 if (port < tcp_smallest_nonpriv_port) 1131 port = (in_port_t)tcp_smallest_nonpriv_port; 1132 return (port); 1133 } 1134 1135 /* To check whether a bind to a port is allowed. */ 1136 static in_port_t 1137 tcp_bindi(in_port_t port, in_addr_t *addr, boolean_t reuseaddr, 1138 boolean_t bind_to_req_port_only) 1139 { 1140 int i, count; 1141 tcp_t *tcp; 1142 1143 count = tcp_largest_anon_port - tcp_smallest_anon_port; 1144 try_again: 1145 for (i = 0; i < MAXSOCKET; i++) { 1146 if (sockets[i].type != INETBOOT_STREAM || 1147 ((tcp = (tcp_t *)sockets[i].pcb) == NULL) || 1148 ntohs(tcp->tcp_lport) != port) { 1149 continue; 1150 } 1151 /* 1152 * Both TCPs have the same port. If SO_REUSEDADDR is 1153 * set and the bound TCP has a state greater than 1154 * TCPS_LISTEN, it is fine. 1155 */ 1156 if (reuseaddr && tcp->tcp_state > TCPS_LISTEN) { 1157 continue; 1158 } 1159 if (tcp->tcp_bound_source != INADDR_ANY && 1160 *addr != INADDR_ANY && 1161 tcp->tcp_bound_source != *addr) { 1162 continue; 1163 } 1164 if (bind_to_req_port_only) { 1165 return (0); 1166 } 1167 if (--count > 0) { 1168 port = tcp_update_next_port(++port); 1169 goto try_again; 1170 } else { 1171 return (0); 1172 } 1173 } 1174 return (port); 1175 } 1176 1177 /* To handle the bind request. */ 1178 int 1179 tcp_bind(int sock_id) 1180 { 1181 tcp_t *tcp; 1182 in_port_t requested_port, allocated_port; 1183 boolean_t bind_to_req_port_only; 1184 boolean_t reuseaddr; 1185 1186 if ((tcp = (tcp_t *)sockets[sock_id].pcb) == NULL) { 1187 errno = EINVAL; 1188 return (-1); 1189 } 1190 1191 if (tcp->tcp_state >= TCPS_BOUND) { 1192 /* We don't allow multiple bind(). */ 1193 errno = EPROTO; 1194 return (-1); 1195 } 1196 1197 requested_port = ntohs(sockets[sock_id].bind.sin_port); 1198 1199 /* The bound source can be INADDR_ANY. */ 1200 tcp->tcp_bound_source = sockets[sock_id].bind.sin_addr.s_addr; 1201 1202 tcp->tcp_ipha->ip_src.s_addr = tcp->tcp_bound_source; 1203 1204 /* Verify the port is available. */ 1205 if (requested_port == 0) 1206 bind_to_req_port_only = B_FALSE; 1207 else /* T_BIND_REQ and requested_port != 0 */ 1208 bind_to_req_port_only = B_TRUE; 1209 1210 if (requested_port == 0) { 1211 requested_port = tcp_update_next_port(++tcp_next_port_to_try); 1212 } 1213 reuseaddr = sockets[sock_id].so_opt & SO_REUSEADDR; 1214 allocated_port = tcp_bindi(requested_port, &(tcp->tcp_bound_source), 1215 reuseaddr, bind_to_req_port_only); 1216 1217 if (allocated_port == 0) { 1218 errno = EADDRINUSE; 1219 return (-1); 1220 } 1221 tcp->tcp_lport = htons(allocated_port); 1222 *(uint16_t *)tcp->tcp_tcph->th_lport = tcp->tcp_lport; 1223 sockets[sock_id].bind.sin_port = tcp->tcp_lport; 1224 tcp->tcp_state = TCPS_BOUND; 1225 return (0); 1226 } 1227 1228 /* 1229 * Check for duplicate TCP connections. 1230 */ 1231 static int 1232 tcp_conn_check(tcp_t *tcp) 1233 { 1234 int i; 1235 tcp_t *tmp_tcp; 1236 1237 for (i = 0; i < MAXSOCKET; i++) { 1238 if (sockets[i].type != INETBOOT_STREAM) 1239 continue; 1240 /* Socket may not be closed but the TCP can be gone. */ 1241 if ((tmp_tcp = (tcp_t *)sockets[i].pcb) == NULL) 1242 continue; 1243 /* We only care about TCP in states later than SYN_SENT. */ 1244 if (tmp_tcp->tcp_state < TCPS_SYN_SENT) 1245 continue; 1246 if (tmp_tcp->tcp_lport != tcp->tcp_lport || 1247 tmp_tcp->tcp_fport != tcp->tcp_fport || 1248 tmp_tcp->tcp_bound_source != tcp->tcp_bound_source || 1249 tmp_tcp->tcp_remote != tcp->tcp_remote) { 1250 continue; 1251 } else { 1252 return (-1); 1253 } 1254 } 1255 return (0); 1256 } 1257 1258 /* To handle a connect request. */ 1259 int 1260 tcp_connect(int sock_id) 1261 { 1262 tcp_t *tcp; 1263 in_addr_t dstaddr; 1264 in_port_t dstport; 1265 tcph_t *tcph; 1266 int mss; 1267 mblk_t *syn_mp; 1268 1269 if ((tcp = (tcp_t *)(sockets[sock_id].pcb)) == NULL) { 1270 errno = EINVAL; 1271 return (-1); 1272 } 1273 1274 TCP_RUN_TIME_WAIT_COLLECTOR(); 1275 1276 dstaddr = sockets[sock_id].remote.sin_addr.s_addr; 1277 dstport = sockets[sock_id].remote.sin_port; 1278 1279 /* 1280 * Check for attempt to connect to INADDR_ANY or non-unicast addrress. 1281 * We don't have enough info to check for broadcast addr, except 1282 * for the all 1 broadcast. 1283 */ 1284 if (dstaddr == INADDR_ANY || IN_CLASSD(ntohl(dstaddr)) || 1285 dstaddr == INADDR_BROADCAST) { 1286 /* 1287 * SunOS 4.x and 4.3 BSD allow an application 1288 * to connect a TCP socket to INADDR_ANY. 1289 * When they do this, the kernel picks the 1290 * address of one interface and uses it 1291 * instead. The kernel usually ends up 1292 * picking the address of the loopback 1293 * interface. This is an undocumented feature. 1294 * However, we provide the same thing here 1295 * in order to have source and binary 1296 * compatibility with SunOS 4.x. 1297 * Update the T_CONN_REQ (sin/sin6) since it is used to 1298 * generate the T_CONN_CON. 1299 * 1300 * Fail this for inetboot TCP. 1301 */ 1302 errno = EINVAL; 1303 return (-1); 1304 } 1305 1306 /* It is not bound to any address yet... */ 1307 if (tcp->tcp_bound_source == INADDR_ANY) { 1308 ipv4_getipaddr(&(sockets[sock_id].bind.sin_addr)); 1309 /* We don't have an address! */ 1310 if (ntohl(sockets[sock_id].bind.sin_addr.s_addr) == 1311 INADDR_ANY) { 1312 errno = EPROTO; 1313 return (-1); 1314 } 1315 tcp->tcp_bound_source = sockets[sock_id].bind.sin_addr.s_addr; 1316 tcp->tcp_ipha->ip_src.s_addr = tcp->tcp_bound_source; 1317 } 1318 1319 /* 1320 * Don't let an endpoint connect to itself. 1321 */ 1322 if (dstaddr == tcp->tcp_ipha->ip_src.s_addr && 1323 dstport == tcp->tcp_lport) { 1324 errno = EINVAL; 1325 return (-1); 1326 } 1327 1328 tcp->tcp_ipha->ip_dst.s_addr = dstaddr; 1329 tcp->tcp_remote = dstaddr; 1330 tcph = tcp->tcp_tcph; 1331 *(uint16_t *)tcph->th_fport = dstport; 1332 tcp->tcp_fport = dstport; 1333 1334 /* 1335 * Don't allow this connection to completely duplicate 1336 * an existing connection. 1337 */ 1338 if (tcp_conn_check(tcp) < 0) { 1339 errno = EADDRINUSE; 1340 return (-1); 1341 } 1342 1343 /* 1344 * Just make sure our rwnd is at 1345 * least tcp_recv_hiwat_mss * MSS 1346 * large, and round up to the nearest 1347 * MSS. 1348 * 1349 * We do the round up here because 1350 * we need to get the interface 1351 * MTU first before we can do the 1352 * round up. 1353 */ 1354 mss = tcp->tcp_mss - tcp->tcp_hdr_len; 1355 tcp->tcp_rwnd = MAX(MSS_ROUNDUP(tcp->tcp_rwnd, mss), 1356 tcp_recv_hiwat_minmss * mss); 1357 tcp->tcp_rwnd_max = tcp->tcp_rwnd; 1358 SET_WS_VALUE(tcp); 1359 U32_TO_ABE16((tcp->tcp_rwnd >> tcp->tcp_rcv_ws), 1360 tcp->tcp_tcph->th_win); 1361 if (tcp->tcp_rcv_ws > 0 || tcp_wscale_always) 1362 tcp->tcp_snd_ws_ok = B_TRUE; 1363 1364 /* 1365 * Set tcp_snd_ts_ok to true 1366 * so that tcp_xmit_mp will 1367 * include the timestamp 1368 * option in the SYN segment. 1369 */ 1370 if (tcp_tstamp_always || 1371 (tcp->tcp_rcv_ws && tcp_tstamp_if_wscale)) { 1372 tcp->tcp_snd_ts_ok = B_TRUE; 1373 } 1374 1375 if (tcp_sack_permitted == 2 || 1376 tcp->tcp_snd_sack_ok) { 1377 assert(tcp->tcp_sack_info == NULL); 1378 if ((tcp->tcp_sack_info = (tcp_sack_info_t *)bkmem_zalloc( 1379 sizeof (tcp_sack_info_t))) == NULL) { 1380 tcp->tcp_snd_sack_ok = B_FALSE; 1381 } else { 1382 tcp->tcp_snd_sack_ok = B_TRUE; 1383 } 1384 } 1385 /* 1386 * Should we use ECN? Note that the current 1387 * default value (SunOS 5.9) of tcp_ecn_permitted 1388 * is 2. The reason for doing this is that there 1389 * are equipments out there that will drop ECN 1390 * enabled IP packets. Setting it to 1 avoids 1391 * compatibility problems. 1392 */ 1393 if (tcp_ecn_permitted == 2) 1394 tcp->tcp_ecn_ok = B_TRUE; 1395 1396 tcp_iss_init(tcp); 1397 TCP_TIMER_RESTART(tcp, tcp->tcp_rto); 1398 tcp->tcp_active_open = B_TRUE; 1399 1400 tcp->tcp_state = TCPS_SYN_SENT; 1401 syn_mp = tcp_xmit_mp(tcp, NULL, 0, NULL, NULL, tcp->tcp_iss, B_FALSE, 1402 NULL, B_FALSE); 1403 if (syn_mp != NULL) { 1404 int ret; 1405 1406 /* Dump the packet when debugging. */ 1407 TCP_DUMP_PACKET("tcp_connect", syn_mp); 1408 /* Send out the SYN packet. */ 1409 ret = ipv4_tcp_output(sock_id, syn_mp); 1410 freeb(syn_mp); 1411 /* 1412 * errno ETIMEDOUT is set by the mac driver 1413 * in case it is not able to receive ARP reply. 1414 * TCP will retransmit this segment so we can 1415 * ignore the ARP timeout. 1416 */ 1417 if ((ret < 0) && (errno != ETIMEDOUT)) { 1418 return (-1); 1419 } 1420 /* tcp_state_wait() will finish the 3 way handshake. */ 1421 return (tcp_state_wait(sock_id, tcp, TCPS_ESTABLISHED)); 1422 } else { 1423 errno = ENOBUFS; 1424 return (-1); 1425 } 1426 } 1427 1428 /* 1429 * Common accept code. Called by tcp_conn_request. 1430 * cr_pkt is the SYN packet. 1431 */ 1432 static int 1433 tcp_accept_comm(tcp_t *listener, tcp_t *acceptor, mblk_t *cr_pkt, 1434 uint_t ip_hdr_len) 1435 { 1436 tcph_t *tcph; 1437 1438 #ifdef DEBUG 1439 printf("tcp_accept_comm #######################\n"); 1440 #endif 1441 1442 /* 1443 * When we get here, we know that the acceptor header template 1444 * has already been initialized. 1445 * However, it may not match the listener if the listener 1446 * includes options... 1447 * It may also not match the listener if the listener is v6 and 1448 * and the acceptor is v4 1449 */ 1450 acceptor->tcp_lport = listener->tcp_lport; 1451 1452 if (listener->tcp_ipversion == acceptor->tcp_ipversion) { 1453 if (acceptor->tcp_iphc_len != listener->tcp_iphc_len) { 1454 /* 1455 * Listener had options of some sort; acceptor inherits. 1456 * Free up the acceptor template and allocate one 1457 * of the right size. 1458 */ 1459 bkmem_free(acceptor->tcp_iphc, acceptor->tcp_iphc_len); 1460 acceptor->tcp_iphc = bkmem_zalloc( 1461 listener->tcp_iphc_len); 1462 if (acceptor->tcp_iphc == NULL) { 1463 acceptor->tcp_iphc_len = 0; 1464 return (ENOMEM); 1465 } 1466 acceptor->tcp_iphc_len = listener->tcp_iphc_len; 1467 } 1468 acceptor->tcp_hdr_len = listener->tcp_hdr_len; 1469 acceptor->tcp_ip_hdr_len = listener->tcp_ip_hdr_len; 1470 acceptor->tcp_tcp_hdr_len = listener->tcp_tcp_hdr_len; 1471 1472 /* 1473 * Copy the IP+TCP header template from listener to acceptor 1474 */ 1475 bcopy(listener->tcp_iphc, acceptor->tcp_iphc, 1476 listener->tcp_hdr_len); 1477 acceptor->tcp_ipha = (struct ip *)acceptor->tcp_iphc; 1478 acceptor->tcp_tcph = (tcph_t *)(acceptor->tcp_iphc + 1479 acceptor->tcp_ip_hdr_len); 1480 } else { 1481 prom_panic("tcp_accept_comm: version not equal"); 1482 } 1483 1484 /* Copy our new dest and fport from the connection request packet */ 1485 if (acceptor->tcp_ipversion == IPV4_VERSION) { 1486 struct ip *ipha; 1487 1488 ipha = (struct ip *)cr_pkt->b_rptr; 1489 acceptor->tcp_ipha->ip_dst = ipha->ip_src; 1490 acceptor->tcp_remote = ipha->ip_src.s_addr; 1491 acceptor->tcp_ipha->ip_src = ipha->ip_dst; 1492 acceptor->tcp_bound_source = ipha->ip_dst.s_addr; 1493 tcph = (tcph_t *)&cr_pkt->b_rptr[ip_hdr_len]; 1494 } else { 1495 prom_panic("tcp_accept_comm: not IPv4"); 1496 } 1497 bcopy(tcph->th_lport, acceptor->tcp_tcph->th_fport, sizeof (in_port_t)); 1498 bcopy(acceptor->tcp_tcph->th_fport, &acceptor->tcp_fport, 1499 sizeof (in_port_t)); 1500 /* 1501 * For an all-port proxy listener, the local port is determined by 1502 * the port number field in the SYN packet. 1503 */ 1504 if (listener->tcp_lport == 0) { 1505 acceptor->tcp_lport = *(in_port_t *)tcph->th_fport; 1506 bcopy(tcph->th_fport, acceptor->tcp_tcph->th_lport, 1507 sizeof (in_port_t)); 1508 } 1509 /* Inherit various TCP parameters from the listener */ 1510 acceptor->tcp_naglim = listener->tcp_naglim; 1511 acceptor->tcp_first_timer_threshold = 1512 listener->tcp_first_timer_threshold; 1513 acceptor->tcp_second_timer_threshold = 1514 listener->tcp_second_timer_threshold; 1515 1516 acceptor->tcp_first_ctimer_threshold = 1517 listener->tcp_first_ctimer_threshold; 1518 acceptor->tcp_second_ctimer_threshold = 1519 listener->tcp_second_ctimer_threshold; 1520 1521 acceptor->tcp_xmit_hiwater = listener->tcp_xmit_hiwater; 1522 1523 acceptor->tcp_state = TCPS_LISTEN; 1524 tcp_iss_init(acceptor); 1525 1526 /* Process all TCP options. */ 1527 tcp_process_options(acceptor, tcph); 1528 1529 /* Is the other end ECN capable? */ 1530 if (tcp_ecn_permitted >= 1 && 1531 (tcph->th_flags[0] & (TH_ECE|TH_CWR)) == (TH_ECE|TH_CWR)) { 1532 acceptor->tcp_ecn_ok = B_TRUE; 1533 } 1534 1535 /* 1536 * listener->tcp_rq->q_hiwat should be the default window size or a 1537 * window size changed via SO_RCVBUF option. First round up the 1538 * acceptor's tcp_rwnd to the nearest MSS. Then find out the window 1539 * scale option value if needed. Call tcp_rwnd_set() to finish the 1540 * setting. 1541 * 1542 * Note if there is a rpipe metric associated with the remote host, 1543 * we should not inherit receive window size from listener. 1544 */ 1545 acceptor->tcp_rwnd = MSS_ROUNDUP( 1546 (acceptor->tcp_rwnd == 0 ? listener->tcp_rwnd_max : 1547 acceptor->tcp_rwnd), acceptor->tcp_mss); 1548 if (acceptor->tcp_snd_ws_ok) 1549 SET_WS_VALUE(acceptor); 1550 /* 1551 * Note that this is the only place tcp_rwnd_set() is called for 1552 * accepting a connection. We need to call it here instead of 1553 * after the 3-way handshake because we need to tell the other 1554 * side our rwnd in the SYN-ACK segment. 1555 */ 1556 (void) tcp_rwnd_set(acceptor, acceptor->tcp_rwnd); 1557 1558 return (0); 1559 } 1560 1561 /* 1562 * Defense for the SYN attack - 1563 * 1. When q0 is full, drop from the tail (tcp_eager_prev_q0) the oldest 1564 * one that doesn't have the dontdrop bit set. 1565 * 2. Don't drop a SYN request before its first timeout. This gives every 1566 * request at least til the first timeout to complete its 3-way handshake. 1567 * 3. The current threshold is - # of timeout > q0len/4 => SYN alert on 1568 * # of timeout drops back to <= q0len/32 => SYN alert off 1569 */ 1570 static boolean_t 1571 tcp_drop_q0(tcp_t *tcp) 1572 { 1573 tcp_t *eager; 1574 1575 assert(tcp->tcp_eager_next_q0 != tcp->tcp_eager_prev_q0); 1576 /* 1577 * New one is added after next_q0 so prev_q0 points to the oldest 1578 * Also do not drop any established connections that are deferred on 1579 * q0 due to q being full 1580 */ 1581 1582 eager = tcp->tcp_eager_prev_q0; 1583 while (eager->tcp_dontdrop || eager->tcp_conn_def_q0) { 1584 /* XXX should move the eager to the head */ 1585 eager = eager->tcp_eager_prev_q0; 1586 if (eager == tcp) { 1587 eager = tcp->tcp_eager_prev_q0; 1588 break; 1589 } 1590 } 1591 dprintf("tcp_drop_q0: listen half-open queue (max=%d) overflow" 1592 " (%d pending) on %s, drop one", tcp_conn_req_max_q0, 1593 tcp->tcp_conn_req_cnt_q0, 1594 tcp_display(tcp, NULL, DISP_PORT_ONLY)); 1595 1596 BUMP_MIB(tcp_mib.tcpHalfOpenDrop); 1597 bkmem_free((caddr_t)eager, sizeof (tcp_t)); 1598 return (B_TRUE); 1599 } 1600 1601 /* ARGSUSED */ 1602 static tcp_t * 1603 tcp_conn_request(tcp_t *tcp, mblk_t *mp, uint_t sock_id, uint_t ip_hdr_len) 1604 { 1605 tcp_t *eager; 1606 struct ip *ipha; 1607 int err; 1608 1609 #ifdef DEBUG 1610 printf("tcp_conn_request ###################\n"); 1611 #endif 1612 1613 if (tcp->tcp_conn_req_cnt_q >= tcp->tcp_conn_req_max) { 1614 BUMP_MIB(tcp_mib.tcpListenDrop); 1615 dprintf("tcp_conn_request: listen backlog (max=%d) " 1616 "overflow (%d pending) on %s", 1617 tcp->tcp_conn_req_max, tcp->tcp_conn_req_cnt_q, 1618 tcp_display(tcp, NULL, DISP_PORT_ONLY)); 1619 return (NULL); 1620 } 1621 1622 assert(OK_32PTR(mp->b_rptr)); 1623 1624 if (tcp->tcp_conn_req_cnt_q0 >= 1625 tcp->tcp_conn_req_max + tcp_conn_req_max_q0) { 1626 /* 1627 * Q0 is full. Drop a pending half-open req from the queue 1628 * to make room for the new SYN req. Also mark the time we 1629 * drop a SYN. 1630 */ 1631 tcp->tcp_last_rcv_lbolt = prom_gettime(); 1632 if (!tcp_drop_q0(tcp)) { 1633 freemsg(mp); 1634 BUMP_MIB(tcp_mib.tcpListenDropQ0); 1635 dprintf("tcp_conn_request: listen half-open queue " 1636 "(max=%d) full (%d pending) on %s", 1637 tcp_conn_req_max_q0, 1638 tcp->tcp_conn_req_cnt_q0, 1639 tcp_display(tcp, NULL, DISP_PORT_ONLY)); 1640 return (NULL); 1641 } 1642 } 1643 1644 ipha = (struct ip *)mp->b_rptr; 1645 if (IN_CLASSD(ntohl(ipha->ip_src.s_addr)) || 1646 ipha->ip_src.s_addr == INADDR_BROADCAST || 1647 ipha->ip_src.s_addr == INADDR_ANY || 1648 ipha->ip_dst.s_addr == INADDR_BROADCAST) { 1649 freemsg(mp); 1650 return (NULL); 1651 } 1652 /* 1653 * We allow the connection to proceed 1654 * by generating a detached tcp state vector and put it in 1655 * the eager queue. When an accept happens, it will be 1656 * dequeued sequentially. 1657 */ 1658 if ((eager = (tcp_t *)bkmem_alloc(sizeof (tcp_t))) == NULL) { 1659 freemsg(mp); 1660 errno = ENOBUFS; 1661 return (NULL); 1662 } 1663 if ((errno = tcp_init_values(eager, NULL)) != 0) { 1664 freemsg(mp); 1665 bkmem_free((caddr_t)eager, sizeof (tcp_t)); 1666 return (NULL); 1667 } 1668 1669 /* 1670 * Eager connection inherits address form from its listener, 1671 * but its packet form comes from the version of the received 1672 * SYN segment. 1673 */ 1674 eager->tcp_family = tcp->tcp_family; 1675 1676 err = tcp_accept_comm(tcp, eager, mp, ip_hdr_len); 1677 if (err) { 1678 bkmem_free((caddr_t)eager, sizeof (tcp_t)); 1679 return (NULL); 1680 } 1681 1682 tcp->tcp_eager_next_q0->tcp_eager_prev_q0 = eager; 1683 eager->tcp_eager_next_q0 = tcp->tcp_eager_next_q0; 1684 tcp->tcp_eager_next_q0 = eager; 1685 eager->tcp_eager_prev_q0 = tcp; 1686 1687 /* Set tcp_listener before adding it to tcp_conn_fanout */ 1688 eager->tcp_listener = tcp; 1689 tcp->tcp_conn_req_cnt_q0++; 1690 1691 return (eager); 1692 } 1693 1694 /* 1695 * To get around the non-interrupt problem of inetboot. 1696 * Keep on processing packets until a certain state is reached or the 1697 * TCP is destroyed because of getting a RST packet. 1698 */ 1699 static int 1700 tcp_state_wait(int sock_id, tcp_t *tcp, int state) 1701 { 1702 int i; 1703 struct inetgram *in_gram; 1704 mblk_t *mp; 1705 int timeout; 1706 boolean_t changed = B_FALSE; 1707 1708 /* 1709 * We need to make sure that the MAC does not wait longer 1710 * than RTO for any packet so that TCP can do retransmission. 1711 * But if the MAC timeout is less than tcp_rto, we are fine 1712 * and do not need to change it. 1713 */ 1714 timeout = sockets[sock_id].in_timeout; 1715 if (timeout > tcp->tcp_rto) { 1716 sockets[sock_id].in_timeout = tcp->tcp_rto; 1717 changed = B_TRUE; 1718 } 1719 retry: 1720 if (sockets[sock_id].inq == NULL) { 1721 /* Go out and check the wire */ 1722 for (i = MEDIA_LVL; i < TRANSPORT_LVL; i++) { 1723 if (sockets[sock_id].input[i] != NULL) { 1724 if (sockets[sock_id].input[i](sock_id) < 0) { 1725 if (changed) { 1726 sockets[sock_id].in_timeout = 1727 timeout; 1728 } 1729 return (-1); 1730 } 1731 } 1732 } 1733 } 1734 1735 while ((in_gram = sockets[sock_id].inq) != NULL) { 1736 if (tcp != NULL && tcp->tcp_state == state) 1737 break; 1738 1739 /* Remove unknown inetgrams from the head of inq. */ 1740 if (in_gram->igm_level != TRANSPORT_LVL) { 1741 #ifdef DEBUG 1742 printf("tcp_state_wait for state %d: unexpected " 1743 "packet level %d frame found\n", state, 1744 in_gram->igm_level); 1745 #endif 1746 del_gram(&sockets[sock_id].inq, in_gram, B_TRUE); 1747 continue; 1748 } 1749 mp = in_gram->igm_mp; 1750 del_gram(&sockets[sock_id].inq, in_gram, B_FALSE); 1751 bkmem_free((caddr_t)in_gram, sizeof (struct inetgram)); 1752 tcp_rput_data(tcp, mp, sock_id); 1753 1754 /* 1755 * The other side may have closed this connection or 1756 * RST us. But we need to continue to process other 1757 * packets in the socket's queue because they may be 1758 * belong to another TCP connections. 1759 */ 1760 if (sockets[sock_id].pcb == NULL) { 1761 tcp = NULL; 1762 } 1763 } 1764 1765 /* If the other side has closed the connection, just return. */ 1766 if (tcp == NULL || sockets[sock_id].pcb == NULL) { 1767 #ifdef DEBUG 1768 printf("tcp_state_wait other side dead: state %d " 1769 "error %d\n", state, sockets[sock_id].so_error); 1770 #endif 1771 if (sockets[sock_id].so_error != 0) 1772 return (-1); 1773 else 1774 return (0); 1775 } 1776 /* 1777 * TCPS_ALL_ACKED is not a valid TCP state, it is just used as an 1778 * indicator to tcp_state_wait to mean that it is being called 1779 * to wait till we have received acks for all the new segments sent. 1780 */ 1781 if ((state == TCPS_ALL_ACKED) && (tcp->tcp_suna == tcp->tcp_snxt)) { 1782 goto done; 1783 } 1784 if (tcp->tcp_state != state) { 1785 if (prom_gettime() > tcp->tcp_rto_timeout) 1786 tcp_timer(tcp, sock_id); 1787 goto retry; 1788 } 1789 done: 1790 if (changed) 1791 sockets[sock_id].in_timeout = timeout; 1792 1793 tcp_drain_needed(sock_id, tcp); 1794 return (0); 1795 } 1796 1797 /* Verify the checksum of a segment. */ 1798 static int 1799 tcp_verify_cksum(mblk_t *mp) 1800 { 1801 struct ip *iph; 1802 tcpha_t *tcph; 1803 int len; 1804 uint16_t old_sum; 1805 1806 iph = (struct ip *)mp->b_rptr; 1807 tcph = (tcpha_t *)(iph + 1); 1808 len = ntohs(iph->ip_len); 1809 1810 /* 1811 * Calculate the TCP checksum. Need to include the psuedo header, 1812 * which is similar to the real IP header starting at the TTL field. 1813 */ 1814 iph->ip_sum = htons(len - IP_SIMPLE_HDR_LENGTH); 1815 old_sum = tcph->tha_sum; 1816 tcph->tha_sum = 0; 1817 iph->ip_ttl = 0; 1818 if (old_sum == tcp_cksum((uint16_t *)&(iph->ip_ttl), 1819 len - IP_SIMPLE_HDR_LENGTH + 12)) { 1820 return (0); 1821 } else { 1822 tcp_cksum_errors++; 1823 return (-1); 1824 } 1825 } 1826 1827 /* To find a TCP connection matching the incoming segment. */ 1828 static tcp_t * 1829 tcp_lookup_ipv4(struct ip *iph, tcpha_t *tcph, int min_state, int *sock_id) 1830 { 1831 int i; 1832 tcp_t *tcp; 1833 1834 for (i = 0; i < MAXSOCKET; i++) { 1835 if (sockets[i].type == INETBOOT_STREAM && 1836 (tcp = (tcp_t *)sockets[i].pcb) != NULL) { 1837 if (tcph->tha_lport == tcp->tcp_fport && 1838 tcph->tha_fport == tcp->tcp_lport && 1839 iph->ip_src.s_addr == tcp->tcp_remote && 1840 iph->ip_dst.s_addr == tcp->tcp_bound_source && 1841 tcp->tcp_state >= min_state) { 1842 *sock_id = i; 1843 return (tcp); 1844 } 1845 } 1846 } 1847 /* Find it in the time wait list. */ 1848 for (tcp = tcp_time_wait_head; tcp != NULL; 1849 tcp = tcp->tcp_time_wait_next) { 1850 if (tcph->tha_lport == tcp->tcp_fport && 1851 tcph->tha_fport == tcp->tcp_lport && 1852 iph->ip_src.s_addr == tcp->tcp_remote && 1853 iph->ip_dst.s_addr == tcp->tcp_bound_source && 1854 tcp->tcp_state >= min_state) { 1855 *sock_id = -1; 1856 return (tcp); 1857 } 1858 } 1859 return (NULL); 1860 } 1861 1862 /* To find a TCP listening connection matching the incoming segment. */ 1863 static tcp_t * 1864 tcp_lookup_listener_ipv4(in_addr_t addr, in_port_t port, int *sock_id) 1865 { 1866 int i; 1867 tcp_t *tcp; 1868 1869 for (i = 0; i < MAXSOCKET; i++) { 1870 if (sockets[i].type == INETBOOT_STREAM && 1871 (tcp = (tcp_t *)sockets[i].pcb) != NULL) { 1872 if (tcp->tcp_lport == port && 1873 (tcp->tcp_bound_source == addr || 1874 tcp->tcp_bound_source == INADDR_ANY)) { 1875 *sock_id = i; 1876 return (tcp); 1877 } 1878 } 1879 } 1880 1881 return (NULL); 1882 } 1883 1884 /* To find a TCP eager matching the incoming segment. */ 1885 static tcp_t * 1886 tcp_lookup_eager_ipv4(tcp_t *listener, struct ip *iph, tcpha_t *tcph) 1887 { 1888 tcp_t *tcp; 1889 1890 #ifdef DEBUG 1891 printf("tcp_lookup_eager_ipv4 ###############\n"); 1892 #endif 1893 for (tcp = listener->tcp_eager_next_q; tcp != NULL; 1894 tcp = tcp->tcp_eager_next_q) { 1895 if (tcph->tha_lport == tcp->tcp_fport && 1896 tcph->tha_fport == tcp->tcp_lport && 1897 iph->ip_src.s_addr == tcp->tcp_remote && 1898 iph->ip_dst.s_addr == tcp->tcp_bound_source) { 1899 return (tcp); 1900 } 1901 } 1902 1903 for (tcp = listener->tcp_eager_next_q0; tcp != listener; 1904 tcp = tcp->tcp_eager_next_q0) { 1905 if (tcph->tha_lport == tcp->tcp_fport && 1906 tcph->tha_fport == tcp->tcp_lport && 1907 iph->ip_src.s_addr == tcp->tcp_remote && 1908 iph->ip_dst.s_addr == tcp->tcp_bound_source) { 1909 return (tcp); 1910 } 1911 } 1912 #ifdef DEBUG 1913 printf("No eager found\n"); 1914 #endif 1915 return (NULL); 1916 } 1917 1918 /* To destroy a TCP control block. */ 1919 static void 1920 tcp_clean_death(int sock_id, tcp_t *tcp, int err) 1921 { 1922 tcp_free(tcp); 1923 if (tcp->tcp_state == TCPS_TIME_WAIT) 1924 tcp_time_wait_remove(tcp); 1925 1926 if (sock_id >= 0) { 1927 sockets[sock_id].pcb = NULL; 1928 if (err != 0) 1929 sockets[sock_id].so_error = err; 1930 } 1931 bkmem_free((caddr_t)tcp, sizeof (tcp_t)); 1932 } 1933 1934 /* 1935 * tcp_rwnd_set() is called to adjust the receive window to a desired value. 1936 * We do not allow the receive window to shrink. After setting rwnd, 1937 * set the flow control hiwat of the stream. 1938 * 1939 * This function is called in 2 cases: 1940 * 1941 * 1) Before data transfer begins, in tcp_accept_comm() for accepting a 1942 * connection (passive open) and in tcp_rput_data() for active connect. 1943 * This is called after tcp_mss_set() when the desired MSS value is known. 1944 * This makes sure that our window size is a mutiple of the other side's 1945 * MSS. 1946 * 2) Handling SO_RCVBUF option. 1947 * 1948 * It is ASSUMED that the requested size is a multiple of the current MSS. 1949 * 1950 * XXX - Should allow a lower rwnd than tcp_recv_hiwat_minmss * mss if the 1951 * user requests so. 1952 */ 1953 static int 1954 tcp_rwnd_set(tcp_t *tcp, uint32_t rwnd) 1955 { 1956 uint32_t mss = tcp->tcp_mss; 1957 uint32_t old_max_rwnd; 1958 uint32_t max_transmittable_rwnd; 1959 1960 if (tcp->tcp_rwnd_max != 0) 1961 old_max_rwnd = tcp->tcp_rwnd_max; 1962 else 1963 old_max_rwnd = tcp->tcp_rwnd; 1964 1965 /* 1966 * Insist on a receive window that is at least 1967 * tcp_recv_hiwat_minmss * MSS (default 4 * MSS) to avoid 1968 * funny TCP interactions of Nagle algorithm, SWS avoidance 1969 * and delayed acknowledgement. 1970 */ 1971 rwnd = MAX(rwnd, tcp_recv_hiwat_minmss * mss); 1972 1973 /* 1974 * If window size info has already been exchanged, TCP should not 1975 * shrink the window. Shrinking window is doable if done carefully. 1976 * We may add that support later. But so far there is not a real 1977 * need to do that. 1978 */ 1979 if (rwnd < old_max_rwnd && tcp->tcp_state > TCPS_SYN_SENT) { 1980 /* MSS may have changed, do a round up again. */ 1981 rwnd = MSS_ROUNDUP(old_max_rwnd, mss); 1982 } 1983 1984 /* 1985 * tcp_rcv_ws starts with TCP_MAX_WINSHIFT so the following check 1986 * can be applied even before the window scale option is decided. 1987 */ 1988 max_transmittable_rwnd = TCP_MAXWIN << tcp->tcp_rcv_ws; 1989 if (rwnd > max_transmittable_rwnd) { 1990 rwnd = max_transmittable_rwnd - 1991 (max_transmittable_rwnd % mss); 1992 if (rwnd < mss) 1993 rwnd = max_transmittable_rwnd; 1994 /* 1995 * If we're over the limit we may have to back down tcp_rwnd. 1996 * The increment below won't work for us. So we set all three 1997 * here and the increment below will have no effect. 1998 */ 1999 tcp->tcp_rwnd = old_max_rwnd = rwnd; 2000 } 2001 2002 /* 2003 * Increment the current rwnd by the amount the maximum grew (we 2004 * can not overwrite it since we might be in the middle of a 2005 * connection.) 2006 */ 2007 tcp->tcp_rwnd += rwnd - old_max_rwnd; 2008 U32_TO_ABE16(tcp->tcp_rwnd >> tcp->tcp_rcv_ws, tcp->tcp_tcph->th_win); 2009 if ((tcp->tcp_rcv_ws > 0) && rwnd > tcp->tcp_cwnd_max) 2010 tcp->tcp_cwnd_max = rwnd; 2011 tcp->tcp_rwnd_max = rwnd; 2012 2013 return (rwnd); 2014 } 2015 2016 /* 2017 * Extract option values from a tcp header. We put any found values into the 2018 * tcpopt struct and return a bitmask saying which options were found. 2019 */ 2020 static int 2021 tcp_parse_options(tcph_t *tcph, tcp_opt_t *tcpopt) 2022 { 2023 uchar_t *endp; 2024 int len; 2025 uint32_t mss; 2026 uchar_t *up = (uchar_t *)tcph; 2027 int found = 0; 2028 int32_t sack_len; 2029 tcp_seq sack_begin, sack_end; 2030 tcp_t *tcp; 2031 2032 endp = up + TCP_HDR_LENGTH(tcph); 2033 up += TCP_MIN_HEADER_LENGTH; 2034 while (up < endp) { 2035 len = endp - up; 2036 switch (*up) { 2037 case TCPOPT_EOL: 2038 break; 2039 2040 case TCPOPT_NOP: 2041 up++; 2042 continue; 2043 2044 case TCPOPT_MAXSEG: 2045 if (len < TCPOPT_MAXSEG_LEN || 2046 up[1] != TCPOPT_MAXSEG_LEN) 2047 break; 2048 2049 mss = BE16_TO_U16(up+2); 2050 /* Caller must handle tcp_mss_min and tcp_mss_max_* */ 2051 tcpopt->tcp_opt_mss = mss; 2052 found |= TCP_OPT_MSS_PRESENT; 2053 2054 up += TCPOPT_MAXSEG_LEN; 2055 continue; 2056 2057 case TCPOPT_WSCALE: 2058 if (len < TCPOPT_WS_LEN || up[1] != TCPOPT_WS_LEN) 2059 break; 2060 2061 if (up[2] > TCP_MAX_WINSHIFT) 2062 tcpopt->tcp_opt_wscale = TCP_MAX_WINSHIFT; 2063 else 2064 tcpopt->tcp_opt_wscale = up[2]; 2065 found |= TCP_OPT_WSCALE_PRESENT; 2066 2067 up += TCPOPT_WS_LEN; 2068 continue; 2069 2070 case TCPOPT_SACK_PERMITTED: 2071 if (len < TCPOPT_SACK_OK_LEN || 2072 up[1] != TCPOPT_SACK_OK_LEN) 2073 break; 2074 found |= TCP_OPT_SACK_OK_PRESENT; 2075 up += TCPOPT_SACK_OK_LEN; 2076 continue; 2077 2078 case TCPOPT_SACK: 2079 if (len <= 2 || up[1] <= 2 || len < up[1]) 2080 break; 2081 2082 /* If TCP is not interested in SACK blks... */ 2083 if ((tcp = tcpopt->tcp) == NULL) { 2084 up += up[1]; 2085 continue; 2086 } 2087 sack_len = up[1] - TCPOPT_HEADER_LEN; 2088 up += TCPOPT_HEADER_LEN; 2089 2090 /* 2091 * If the list is empty, allocate one and assume 2092 * nothing is sack'ed. 2093 */ 2094 assert(tcp->tcp_sack_info != NULL); 2095 if (tcp->tcp_notsack_list == NULL) { 2096 tcp_notsack_update(&(tcp->tcp_notsack_list), 2097 tcp->tcp_suna, tcp->tcp_snxt, 2098 &(tcp->tcp_num_notsack_blk), 2099 &(tcp->tcp_cnt_notsack_list)); 2100 2101 /* 2102 * Make sure tcp_notsack_list is not NULL. 2103 * This happens when kmem_alloc(KM_NOSLEEP) 2104 * returns NULL. 2105 */ 2106 if (tcp->tcp_notsack_list == NULL) { 2107 up += sack_len; 2108 continue; 2109 } 2110 tcp->tcp_fack = tcp->tcp_suna; 2111 } 2112 2113 while (sack_len > 0) { 2114 if (up + 8 > endp) { 2115 up = endp; 2116 break; 2117 } 2118 sack_begin = BE32_TO_U32(up); 2119 up += 4; 2120 sack_end = BE32_TO_U32(up); 2121 up += 4; 2122 sack_len -= 8; 2123 /* 2124 * Bounds checking. Make sure the SACK 2125 * info is within tcp_suna and tcp_snxt. 2126 * If this SACK blk is out of bound, ignore 2127 * it but continue to parse the following 2128 * blks. 2129 */ 2130 if (SEQ_LEQ(sack_end, sack_begin) || 2131 SEQ_LT(sack_begin, tcp->tcp_suna) || 2132 SEQ_GT(sack_end, tcp->tcp_snxt)) { 2133 continue; 2134 } 2135 tcp_notsack_insert(&(tcp->tcp_notsack_list), 2136 sack_begin, sack_end, 2137 &(tcp->tcp_num_notsack_blk), 2138 &(tcp->tcp_cnt_notsack_list)); 2139 if (SEQ_GT(sack_end, tcp->tcp_fack)) { 2140 tcp->tcp_fack = sack_end; 2141 } 2142 } 2143 found |= TCP_OPT_SACK_PRESENT; 2144 continue; 2145 2146 case TCPOPT_TSTAMP: 2147 if (len < TCPOPT_TSTAMP_LEN || 2148 up[1] != TCPOPT_TSTAMP_LEN) 2149 break; 2150 2151 tcpopt->tcp_opt_ts_val = BE32_TO_U32(up+2); 2152 tcpopt->tcp_opt_ts_ecr = BE32_TO_U32(up+6); 2153 2154 found |= TCP_OPT_TSTAMP_PRESENT; 2155 2156 up += TCPOPT_TSTAMP_LEN; 2157 continue; 2158 2159 default: 2160 if (len <= 1 || len < (int)up[1] || up[1] == 0) 2161 break; 2162 up += up[1]; 2163 continue; 2164 } 2165 break; 2166 } 2167 return (found); 2168 } 2169 2170 /* 2171 * Set the mss associated with a particular tcp based on its current value, 2172 * and a new one passed in. Observe minimums and maximums, and reset 2173 * other state variables that we want to view as multiples of mss. 2174 * 2175 * This function is called in various places mainly because 2176 * 1) Various stuffs, tcp_mss, tcp_cwnd, ... need to be adjusted when the 2177 * other side's SYN/SYN-ACK packet arrives. 2178 * 2) PMTUd may get us a new MSS. 2179 * 3) If the other side stops sending us timestamp option, we need to 2180 * increase the MSS size to use the extra bytes available. 2181 */ 2182 static void 2183 tcp_mss_set(tcp_t *tcp, uint32_t mss) 2184 { 2185 uint32_t mss_max; 2186 2187 mss_max = tcp_mss_max_ipv4; 2188 2189 if (mss < tcp_mss_min) 2190 mss = tcp_mss_min; 2191 if (mss > mss_max) 2192 mss = mss_max; 2193 /* 2194 * Unless naglim has been set by our client to 2195 * a non-mss value, force naglim to track mss. 2196 * This can help to aggregate small writes. 2197 */ 2198 if (mss < tcp->tcp_naglim || tcp->tcp_mss == tcp->tcp_naglim) 2199 tcp->tcp_naglim = mss; 2200 /* 2201 * TCP should be able to buffer at least 4 MSS data for obvious 2202 * performance reason. 2203 */ 2204 if ((mss << 2) > tcp->tcp_xmit_hiwater) 2205 tcp->tcp_xmit_hiwater = mss << 2; 2206 tcp->tcp_mss = mss; 2207 /* 2208 * Initialize cwnd according to draft-floyd-incr-init-win-01.txt. 2209 * Previously, we use tcp_slow_start_initial to control the size 2210 * of the initial cwnd. Now, when tcp_slow_start_initial * mss 2211 * is smaller than the cwnd calculated from the formula suggested in 2212 * the draft, we use tcp_slow_start_initial * mss as the cwnd. 2213 * Otherwise, use the cwnd from the draft's formula. The default 2214 * of tcp_slow_start_initial is 2. 2215 */ 2216 tcp->tcp_cwnd = MIN(tcp_slow_start_initial * mss, 2217 MIN(4 * mss, MAX(2 * mss, 4380 / mss * mss))); 2218 tcp->tcp_cwnd_cnt = 0; 2219 } 2220 2221 /* 2222 * Process all TCP option in SYN segment. 2223 * 2224 * This function sets up the correct tcp_mss value according to the 2225 * MSS option value and our header size. It also sets up the window scale 2226 * and timestamp values, and initialize SACK info blocks. But it does not 2227 * change receive window size after setting the tcp_mss value. The caller 2228 * should do the appropriate change. 2229 */ 2230 void 2231 tcp_process_options(tcp_t *tcp, tcph_t *tcph) 2232 { 2233 int options; 2234 tcp_opt_t tcpopt; 2235 uint32_t mss_max; 2236 char *tmp_tcph; 2237 2238 tcpopt.tcp = NULL; 2239 options = tcp_parse_options(tcph, &tcpopt); 2240 2241 /* 2242 * Process MSS option. Note that MSS option value does not account 2243 * for IP or TCP options. This means that it is equal to MTU - minimum 2244 * IP+TCP header size, which is 40 bytes for IPv4 and 60 bytes for 2245 * IPv6. 2246 */ 2247 if (!(options & TCP_OPT_MSS_PRESENT)) { 2248 tcpopt.tcp_opt_mss = tcp_mss_def_ipv4; 2249 } else { 2250 if (tcp->tcp_ipversion == IPV4_VERSION) 2251 mss_max = tcp_mss_max_ipv4; 2252 if (tcpopt.tcp_opt_mss < tcp_mss_min) 2253 tcpopt.tcp_opt_mss = tcp_mss_min; 2254 else if (tcpopt.tcp_opt_mss > mss_max) 2255 tcpopt.tcp_opt_mss = mss_max; 2256 } 2257 2258 /* Process Window Scale option. */ 2259 if (options & TCP_OPT_WSCALE_PRESENT) { 2260 tcp->tcp_snd_ws = tcpopt.tcp_opt_wscale; 2261 tcp->tcp_snd_ws_ok = B_TRUE; 2262 } else { 2263 tcp->tcp_snd_ws = B_FALSE; 2264 tcp->tcp_snd_ws_ok = B_FALSE; 2265 tcp->tcp_rcv_ws = B_FALSE; 2266 } 2267 2268 /* Process Timestamp option. */ 2269 if ((options & TCP_OPT_TSTAMP_PRESENT) && 2270 (tcp->tcp_snd_ts_ok || !tcp->tcp_active_open)) { 2271 tmp_tcph = (char *)tcp->tcp_tcph; 2272 2273 tcp->tcp_snd_ts_ok = B_TRUE; 2274 tcp->tcp_ts_recent = tcpopt.tcp_opt_ts_val; 2275 tcp->tcp_last_rcv_lbolt = prom_gettime(); 2276 assert(OK_32PTR(tmp_tcph)); 2277 assert(tcp->tcp_tcp_hdr_len == TCP_MIN_HEADER_LENGTH); 2278 2279 /* Fill in our template header with basic timestamp option. */ 2280 tmp_tcph += tcp->tcp_tcp_hdr_len; 2281 tmp_tcph[0] = TCPOPT_NOP; 2282 tmp_tcph[1] = TCPOPT_NOP; 2283 tmp_tcph[2] = TCPOPT_TSTAMP; 2284 tmp_tcph[3] = TCPOPT_TSTAMP_LEN; 2285 tcp->tcp_hdr_len += TCPOPT_REAL_TS_LEN; 2286 tcp->tcp_tcp_hdr_len += TCPOPT_REAL_TS_LEN; 2287 tcp->tcp_tcph->th_offset_and_rsrvd[0] += (3 << 4); 2288 } else { 2289 tcp->tcp_snd_ts_ok = B_FALSE; 2290 } 2291 2292 /* 2293 * Process SACK options. If SACK is enabled for this connection, 2294 * then allocate the SACK info structure. 2295 */ 2296 if ((options & TCP_OPT_SACK_OK_PRESENT) && 2297 (tcp->tcp_snd_sack_ok || 2298 (tcp_sack_permitted != 0 && !tcp->tcp_active_open))) { 2299 /* This should be true only in the passive case. */ 2300 if (tcp->tcp_sack_info == NULL) { 2301 tcp->tcp_sack_info = (tcp_sack_info_t *)bkmem_zalloc( 2302 sizeof (tcp_sack_info_t)); 2303 } 2304 if (tcp->tcp_sack_info == NULL) { 2305 tcp->tcp_snd_sack_ok = B_FALSE; 2306 } else { 2307 tcp->tcp_snd_sack_ok = B_TRUE; 2308 if (tcp->tcp_snd_ts_ok) { 2309 tcp->tcp_max_sack_blk = 3; 2310 } else { 2311 tcp->tcp_max_sack_blk = 4; 2312 } 2313 } 2314 } else { 2315 /* 2316 * Resetting tcp_snd_sack_ok to B_FALSE so that 2317 * no SACK info will be used for this 2318 * connection. This assumes that SACK usage 2319 * permission is negotiated. This may need 2320 * to be changed once this is clarified. 2321 */ 2322 if (tcp->tcp_sack_info != NULL) { 2323 bkmem_free((caddr_t)tcp->tcp_sack_info, 2324 sizeof (tcp_sack_info_t)); 2325 tcp->tcp_sack_info = NULL; 2326 } 2327 tcp->tcp_snd_sack_ok = B_FALSE; 2328 } 2329 2330 /* 2331 * Now we know the exact TCP/IP header length, subtract 2332 * that from tcp_mss to get our side's MSS. 2333 */ 2334 tcp->tcp_mss -= tcp->tcp_hdr_len; 2335 /* 2336 * Here we assume that the other side's header size will be equal to 2337 * our header size. We calculate the real MSS accordingly. Need to 2338 * take into additional stuffs IPsec puts in. 2339 * 2340 * Real MSS = Opt.MSS - (our TCP/IP header - min TCP/IP header) 2341 */ 2342 tcpopt.tcp_opt_mss -= tcp->tcp_hdr_len - 2343 (IP_SIMPLE_HDR_LENGTH + TCP_MIN_HEADER_LENGTH); 2344 2345 /* 2346 * Set MSS to the smaller one of both ends of the connection. 2347 * We should not have called tcp_mss_set() before, but our 2348 * side of the MSS should have been set to a proper value 2349 * by tcp_adapt_ire(). tcp_mss_set() will also set up the 2350 * STREAM head parameters properly. 2351 * 2352 * If we have a larger-than-16-bit window but the other side 2353 * didn't want to do window scale, tcp_rwnd_set() will take 2354 * care of that. 2355 */ 2356 tcp_mss_set(tcp, MIN(tcpopt.tcp_opt_mss, tcp->tcp_mss)); 2357 } 2358 2359 /* 2360 * This function does PAWS protection check. Returns B_TRUE if the 2361 * segment passes the PAWS test, else returns B_FALSE. 2362 */ 2363 boolean_t 2364 tcp_paws_check(tcp_t *tcp, tcph_t *tcph, tcp_opt_t *tcpoptp) 2365 { 2366 uint8_t flags; 2367 int options; 2368 uint8_t *up; 2369 2370 flags = (unsigned int)tcph->th_flags[0] & 0xFF; 2371 /* 2372 * If timestamp option is aligned nicely, get values inline, 2373 * otherwise call general routine to parse. Only do that 2374 * if timestamp is the only option. 2375 */ 2376 if (TCP_HDR_LENGTH(tcph) == (uint32_t)TCP_MIN_HEADER_LENGTH + 2377 TCPOPT_REAL_TS_LEN && 2378 OK_32PTR((up = ((uint8_t *)tcph) + 2379 TCP_MIN_HEADER_LENGTH)) && 2380 *(uint32_t *)up == TCPOPT_NOP_NOP_TSTAMP) { 2381 tcpoptp->tcp_opt_ts_val = ABE32_TO_U32((up+4)); 2382 tcpoptp->tcp_opt_ts_ecr = ABE32_TO_U32((up+8)); 2383 2384 options = TCP_OPT_TSTAMP_PRESENT; 2385 } else { 2386 if (tcp->tcp_snd_sack_ok) { 2387 tcpoptp->tcp = tcp; 2388 } else { 2389 tcpoptp->tcp = NULL; 2390 } 2391 options = tcp_parse_options(tcph, tcpoptp); 2392 } 2393 2394 if (options & TCP_OPT_TSTAMP_PRESENT) { 2395 /* 2396 * Do PAWS per RFC 1323 section 4.2. Accept RST 2397 * regardless of the timestamp, page 18 RFC 1323.bis. 2398 */ 2399 if ((flags & TH_RST) == 0 && 2400 TSTMP_LT(tcpoptp->tcp_opt_ts_val, 2401 tcp->tcp_ts_recent)) { 2402 if (TSTMP_LT(prom_gettime(), 2403 tcp->tcp_last_rcv_lbolt + PAWS_TIMEOUT)) { 2404 /* This segment is not acceptable. */ 2405 return (B_FALSE); 2406 } else { 2407 /* 2408 * Connection has been idle for 2409 * too long. Reset the timestamp 2410 * and assume the segment is valid. 2411 */ 2412 tcp->tcp_ts_recent = 2413 tcpoptp->tcp_opt_ts_val; 2414 } 2415 } 2416 } else { 2417 /* 2418 * If we don't get a timestamp on every packet, we 2419 * figure we can't really trust 'em, so we stop sending 2420 * and parsing them. 2421 */ 2422 tcp->tcp_snd_ts_ok = B_FALSE; 2423 2424 tcp->tcp_hdr_len -= TCPOPT_REAL_TS_LEN; 2425 tcp->tcp_tcp_hdr_len -= TCPOPT_REAL_TS_LEN; 2426 tcp->tcp_tcph->th_offset_and_rsrvd[0] -= (3 << 4); 2427 tcp_mss_set(tcp, tcp->tcp_mss + TCPOPT_REAL_TS_LEN); 2428 if (tcp->tcp_snd_sack_ok) { 2429 assert(tcp->tcp_sack_info != NULL); 2430 tcp->tcp_max_sack_blk = 4; 2431 } 2432 } 2433 return (B_TRUE); 2434 } 2435 2436 /* 2437 * tcp_get_seg_mp() is called to get the pointer to a segment in the 2438 * send queue which starts at the given seq. no. 2439 * 2440 * Parameters: 2441 * tcp_t *tcp: the tcp instance pointer. 2442 * uint32_t seq: the starting seq. no of the requested segment. 2443 * int32_t *off: after the execution, *off will be the offset to 2444 * the returned mblk which points to the requested seq no. 2445 * 2446 * Return: 2447 * A mblk_t pointer pointing to the requested segment in send queue. 2448 */ 2449 static mblk_t * 2450 tcp_get_seg_mp(tcp_t *tcp, uint32_t seq, int32_t *off) 2451 { 2452 int32_t cnt; 2453 mblk_t *mp; 2454 2455 /* Defensive coding. Make sure we don't send incorrect data. */ 2456 if (SEQ_LT(seq, tcp->tcp_suna) || SEQ_GEQ(seq, tcp->tcp_snxt) || 2457 off == NULL) { 2458 return (NULL); 2459 } 2460 cnt = seq - tcp->tcp_suna; 2461 mp = tcp->tcp_xmit_head; 2462 while (cnt > 0 && mp) { 2463 cnt -= mp->b_wptr - mp->b_rptr; 2464 if (cnt < 0) { 2465 cnt += mp->b_wptr - mp->b_rptr; 2466 break; 2467 } 2468 mp = mp->b_cont; 2469 } 2470 assert(mp != NULL); 2471 *off = cnt; 2472 return (mp); 2473 } 2474 2475 /* 2476 * This function handles all retransmissions if SACK is enabled for this 2477 * connection. First it calculates how many segments can be retransmitted 2478 * based on tcp_pipe. Then it goes thru the notsack list to find eligible 2479 * segments. A segment is eligible if sack_cnt for that segment is greater 2480 * than or equal tcp_dupack_fast_retransmit. After it has retransmitted 2481 * all eligible segments, it checks to see if TCP can send some new segments 2482 * (fast recovery). If it can, it returns 1. Otherwise it returns 0. 2483 * 2484 * Parameters: 2485 * tcp_t *tcp: the tcp structure of the connection. 2486 * 2487 * Return: 2488 * 1 if the pipe is not full (new data can be sent), 0 otherwise 2489 */ 2490 static int32_t 2491 tcp_sack_rxmit(tcp_t *tcp, int sock_id) 2492 { 2493 notsack_blk_t *notsack_blk; 2494 int32_t usable_swnd; 2495 int32_t mss; 2496 uint32_t seg_len; 2497 mblk_t *xmit_mp; 2498 2499 assert(tcp->tcp_sack_info != NULL); 2500 assert(tcp->tcp_notsack_list != NULL); 2501 assert(tcp->tcp_rexmit == B_FALSE); 2502 2503 /* Defensive coding in case there is a bug... */ 2504 if (tcp->tcp_notsack_list == NULL) { 2505 return (0); 2506 } 2507 notsack_blk = tcp->tcp_notsack_list; 2508 mss = tcp->tcp_mss; 2509 2510 /* 2511 * Limit the num of outstanding data in the network to be 2512 * tcp_cwnd_ssthresh, which is half of the original congestion wnd. 2513 */ 2514 usable_swnd = tcp->tcp_cwnd_ssthresh - tcp->tcp_pipe; 2515 2516 /* At least retransmit 1 MSS of data. */ 2517 if (usable_swnd <= 0) { 2518 usable_swnd = mss; 2519 } 2520 2521 /* Make sure no new RTT samples will be taken. */ 2522 tcp->tcp_csuna = tcp->tcp_snxt; 2523 2524 notsack_blk = tcp->tcp_notsack_list; 2525 while (usable_swnd > 0) { 2526 mblk_t *snxt_mp, *tmp_mp; 2527 tcp_seq begin = tcp->tcp_sack_snxt; 2528 tcp_seq end; 2529 int32_t off; 2530 2531 for (; notsack_blk != NULL; notsack_blk = notsack_blk->next) { 2532 if (SEQ_GT(notsack_blk->end, begin) && 2533 (notsack_blk->sack_cnt >= 2534 tcp_dupack_fast_retransmit)) { 2535 end = notsack_blk->end; 2536 if (SEQ_LT(begin, notsack_blk->begin)) { 2537 begin = notsack_blk->begin; 2538 } 2539 break; 2540 } 2541 } 2542 /* 2543 * All holes are filled. Manipulate tcp_cwnd to send more 2544 * if we can. Note that after the SACK recovery, tcp_cwnd is 2545 * set to tcp_cwnd_ssthresh. 2546 */ 2547 if (notsack_blk == NULL) { 2548 usable_swnd = tcp->tcp_cwnd_ssthresh - tcp->tcp_pipe; 2549 if (usable_swnd <= 0) { 2550 tcp->tcp_cwnd = tcp->tcp_snxt - tcp->tcp_suna; 2551 assert(tcp->tcp_cwnd > 0); 2552 return (0); 2553 } else { 2554 usable_swnd = usable_swnd / mss; 2555 tcp->tcp_cwnd = tcp->tcp_snxt - tcp->tcp_suna + 2556 MAX(usable_swnd * mss, mss); 2557 return (1); 2558 } 2559 } 2560 2561 /* 2562 * Note that we may send more than usable_swnd allows here 2563 * because of round off, but no more than 1 MSS of data. 2564 */ 2565 seg_len = end - begin; 2566 if (seg_len > mss) 2567 seg_len = mss; 2568 snxt_mp = tcp_get_seg_mp(tcp, begin, &off); 2569 assert(snxt_mp != NULL); 2570 /* This should not happen. Defensive coding again... */ 2571 if (snxt_mp == NULL) { 2572 return (0); 2573 } 2574 2575 xmit_mp = tcp_xmit_mp(tcp, snxt_mp, seg_len, &off, 2576 &tmp_mp, begin, B_TRUE, &seg_len, B_TRUE); 2577 2578 if (xmit_mp == NULL) 2579 return (0); 2580 2581 usable_swnd -= seg_len; 2582 tcp->tcp_pipe += seg_len; 2583 tcp->tcp_sack_snxt = begin + seg_len; 2584 TCP_DUMP_PACKET("tcp_sack_rxmit", xmit_mp); 2585 (void) ipv4_tcp_output(sock_id, xmit_mp); 2586 freeb(xmit_mp); 2587 2588 /* 2589 * Update the send timestamp to avoid false retransmission. 2590 * Note. use uintptr_t to suppress the gcc warning. 2591 */ 2592 snxt_mp->b_prev = (mblk_t *)(uintptr_t)prom_gettime(); 2593 2594 BUMP_MIB(tcp_mib.tcpRetransSegs); 2595 UPDATE_MIB(tcp_mib.tcpRetransBytes, seg_len); 2596 BUMP_MIB(tcp_mib.tcpOutSackRetransSegs); 2597 /* 2598 * Update tcp_rexmit_max to extend this SACK recovery phase. 2599 * This happens when new data sent during fast recovery is 2600 * also lost. If TCP retransmits those new data, it needs 2601 * to extend SACK recover phase to avoid starting another 2602 * fast retransmit/recovery unnecessarily. 2603 */ 2604 if (SEQ_GT(tcp->tcp_sack_snxt, tcp->tcp_rexmit_max)) { 2605 tcp->tcp_rexmit_max = tcp->tcp_sack_snxt; 2606 } 2607 } 2608 return (0); 2609 } 2610 2611 static void 2612 tcp_rput_data(tcp_t *tcp, mblk_t *mp, int sock_id) 2613 { 2614 uchar_t *rptr; 2615 struct ip *iph; 2616 tcp_t *tcp1; 2617 tcpha_t *tcph; 2618 uint32_t seg_ack; 2619 int seg_len; 2620 uint_t ip_hdr_len; 2621 uint32_t seg_seq; 2622 mblk_t *mp1; 2623 uint_t flags; 2624 uint32_t new_swnd = 0; 2625 int mss; 2626 boolean_t ofo_seg = B_FALSE; /* Out of order segment */ 2627 int32_t gap; 2628 int32_t rgap; 2629 tcp_opt_t tcpopt; 2630 int32_t bytes_acked; 2631 int npkt; 2632 uint32_t cwnd; 2633 uint32_t add; 2634 2635 #ifdef DEBUG 2636 printf("tcp_rput_data sock %d mp %x mp_datap %x #################\n", 2637 sock_id, mp, mp->b_datap); 2638 #endif 2639 2640 /* Dump the packet when debugging. */ 2641 TCP_DUMP_PACKET("tcp_rput_data", mp); 2642 2643 assert(OK_32PTR(mp->b_rptr)); 2644 2645 rptr = mp->b_rptr; 2646 iph = (struct ip *)rptr; 2647 ip_hdr_len = IPH_HDR_LENGTH(rptr); 2648 if (ip_hdr_len != IP_SIMPLE_HDR_LENGTH) { 2649 #ifdef DEBUG 2650 printf("Not simple IP header\n"); 2651 #endif 2652 /* We cannot handle IP option yet... */ 2653 tcp_drops++; 2654 freeb(mp); 2655 return; 2656 } 2657 /* The TCP header must be aligned. */ 2658 tcph = (tcpha_t *)&rptr[ip_hdr_len]; 2659 seg_seq = ntohl(tcph->tha_seq); 2660 seg_ack = ntohl(tcph->tha_ack); 2661 assert((uintptr_t)(mp->b_wptr - rptr) <= (uintptr_t)INT_MAX); 2662 seg_len = (int)(mp->b_wptr - rptr) - 2663 (ip_hdr_len + TCP_HDR_LENGTH(((tcph_t *)tcph))); 2664 /* In inetboot, b_cont should always be NULL. */ 2665 assert(mp->b_cont == NULL); 2666 2667 /* Verify the checksum. */ 2668 if (tcp_verify_cksum(mp) < 0) { 2669 #ifdef DEBUG 2670 printf("tcp_rput_data: wrong cksum\n"); 2671 #endif 2672 freemsg(mp); 2673 return; 2674 } 2675 2676 /* 2677 * This segment is not for us, try to find its 2678 * intended receiver. 2679 */ 2680 if (tcp == NULL || 2681 tcph->tha_lport != tcp->tcp_fport || 2682 tcph->tha_fport != tcp->tcp_lport || 2683 iph->ip_src.s_addr != tcp->tcp_remote || 2684 iph->ip_dst.s_addr != tcp->tcp_bound_source) { 2685 #ifdef DEBUG 2686 printf("tcp_rput_data: not for us, state %d\n", 2687 tcp->tcp_state); 2688 #endif 2689 /* 2690 * First try to find a established connection. If none 2691 * is found, look for a listener. 2692 * 2693 * If a listener is found, we need to check to see if the 2694 * incoming segment is for one of its eagers. If it is, 2695 * give it to the eager. If not, listener should take care 2696 * of it. 2697 */ 2698 if ((tcp1 = tcp_lookup_ipv4(iph, tcph, TCPS_SYN_SENT, 2699 &sock_id)) != NULL || 2700 (tcp1 = tcp_lookup_listener_ipv4(iph->ip_dst.s_addr, 2701 tcph->tha_fport, &sock_id)) != NULL) { 2702 if (tcp1->tcp_state == TCPS_LISTEN) { 2703 if ((tcp = tcp_lookup_eager_ipv4(tcp1, 2704 iph, tcph)) == NULL) { 2705 /* No eager... sent to listener */ 2706 #ifdef DEBUG 2707 printf("found the listener: %s\n", 2708 tcp_display(tcp1, NULL, 2709 DISP_ADDR_AND_PORT)); 2710 #endif 2711 tcp = tcp1; 2712 } 2713 #ifdef DEBUG 2714 else { 2715 printf("found the eager: %s\n", 2716 tcp_display(tcp, NULL, 2717 DISP_ADDR_AND_PORT)); 2718 } 2719 #endif 2720 } else { 2721 /* Non listener found... */ 2722 #ifdef DEBUG 2723 printf("found the connection: %s\n", 2724 tcp_display(tcp1, NULL, 2725 DISP_ADDR_AND_PORT)); 2726 #endif 2727 tcp = tcp1; 2728 } 2729 } else { 2730 /* 2731 * No connection for this segment... 2732 * Send a RST to the other side. 2733 */ 2734 tcp_xmit_listeners_reset(sock_id, mp, ip_hdr_len); 2735 return; 2736 } 2737 } 2738 2739 flags = tcph->tha_flags & 0xFF; 2740 BUMP_MIB(tcp_mib.tcpInSegs); 2741 if (tcp->tcp_state == TCPS_TIME_WAIT) { 2742 tcp_time_wait_processing(tcp, mp, seg_seq, seg_ack, 2743 seg_len, (tcph_t *)tcph, sock_id); 2744 return; 2745 } 2746 /* 2747 * From this point we can assume that the tcp is not compressed, 2748 * since we would have branched off to tcp_time_wait_processing() 2749 * in such a case. 2750 */ 2751 assert(tcp != NULL && tcp->tcp_state != TCPS_TIME_WAIT); 2752 2753 /* 2754 * After this point, we know we have the correct TCP, so update 2755 * the receive time. 2756 */ 2757 tcp->tcp_last_recv_time = prom_gettime(); 2758 2759 /* In inetboot, we do not handle urgent pointer... */ 2760 if (flags & TH_URG) { 2761 freemsg(mp); 2762 DEBUG_1("tcp_rput_data(%d): received segment with urgent " 2763 "pointer\n", sock_id); 2764 tcp_drops++; 2765 return; 2766 } 2767 2768 switch (tcp->tcp_state) { 2769 case TCPS_LISTEN: 2770 if ((flags & (TH_RST | TH_ACK | TH_SYN)) != TH_SYN) { 2771 if (flags & TH_RST) { 2772 freemsg(mp); 2773 return; 2774 } 2775 if (flags & TH_ACK) { 2776 tcp_xmit_early_reset("TCPS_LISTEN-TH_ACK", 2777 sock_id, mp, seg_ack, 0, TH_RST, 2778 ip_hdr_len); 2779 return; 2780 } 2781 if (!(flags & TH_SYN)) { 2782 freemsg(mp); 2783 return; 2784 } 2785 printf("tcp_rput_data: %d\n", __LINE__); 2786 prom_panic("inetboot"); 2787 } 2788 if (tcp->tcp_conn_req_max > 0) { 2789 tcp = tcp_conn_request(tcp, mp, sock_id, ip_hdr_len); 2790 if (tcp == NULL) { 2791 freemsg(mp); 2792 return; 2793 } 2794 #ifdef DEBUG 2795 printf("tcp_rput_data: new tcp created\n"); 2796 #endif 2797 } 2798 tcp->tcp_irs = seg_seq; 2799 tcp->tcp_rack = seg_seq; 2800 tcp->tcp_rnxt = seg_seq + 1; 2801 U32_TO_ABE32(tcp->tcp_rnxt, tcp->tcp_tcph->th_ack); 2802 BUMP_MIB(tcp_mib.tcpPassiveOpens); 2803 goto syn_rcvd; 2804 case TCPS_SYN_SENT: 2805 if (flags & TH_ACK) { 2806 /* 2807 * Note that our stack cannot send data before a 2808 * connection is established, therefore the 2809 * following check is valid. Otherwise, it has 2810 * to be changed. 2811 */ 2812 if (SEQ_LEQ(seg_ack, tcp->tcp_iss) || 2813 SEQ_GT(seg_ack, tcp->tcp_snxt)) { 2814 if (flags & TH_RST) { 2815 freemsg(mp); 2816 return; 2817 } 2818 tcp_xmit_ctl("TCPS_SYN_SENT-Bad_seq", 2819 tcp, mp, seg_ack, 0, TH_RST, 2820 ip_hdr_len, sock_id); 2821 return; 2822 } 2823 assert(tcp->tcp_suna + 1 == seg_ack); 2824 } 2825 if (flags & TH_RST) { 2826 freemsg(mp); 2827 if (flags & TH_ACK) { 2828 tcp_clean_death(sock_id, tcp, ECONNREFUSED); 2829 } 2830 return; 2831 } 2832 if (!(flags & TH_SYN)) { 2833 freemsg(mp); 2834 return; 2835 } 2836 2837 /* Process all TCP options. */ 2838 tcp_process_options(tcp, (tcph_t *)tcph); 2839 /* 2840 * The following changes our rwnd to be a multiple of the 2841 * MIN(peer MSS, our MSS) for performance reason. 2842 */ 2843 (void) tcp_rwnd_set(tcp, MSS_ROUNDUP(tcp->tcp_rwnd, 2844 tcp->tcp_mss)); 2845 2846 /* Is the other end ECN capable? */ 2847 if (tcp->tcp_ecn_ok) { 2848 if ((flags & (TH_ECE|TH_CWR)) != TH_ECE) { 2849 tcp->tcp_ecn_ok = B_FALSE; 2850 } 2851 } 2852 /* 2853 * Clear ECN flags because it may interfere with later 2854 * processing. 2855 */ 2856 flags &= ~(TH_ECE|TH_CWR); 2857 2858 tcp->tcp_irs = seg_seq; 2859 tcp->tcp_rack = seg_seq; 2860 tcp->tcp_rnxt = seg_seq + 1; 2861 U32_TO_ABE32(tcp->tcp_rnxt, tcp->tcp_tcph->th_ack); 2862 2863 if (flags & TH_ACK) { 2864 /* One for the SYN */ 2865 tcp->tcp_suna = tcp->tcp_iss + 1; 2866 tcp->tcp_valid_bits &= ~TCP_ISS_VALID; 2867 tcp->tcp_state = TCPS_ESTABLISHED; 2868 2869 /* 2870 * If SYN was retransmitted, need to reset all 2871 * retransmission info. This is because this 2872 * segment will be treated as a dup ACK. 2873 */ 2874 if (tcp->tcp_rexmit) { 2875 tcp->tcp_rexmit = B_FALSE; 2876 tcp->tcp_rexmit_nxt = tcp->tcp_snxt; 2877 tcp->tcp_rexmit_max = tcp->tcp_snxt; 2878 tcp->tcp_snd_burst = TCP_CWND_NORMAL; 2879 2880 /* 2881 * Set tcp_cwnd back to 1 MSS, per 2882 * recommendation from 2883 * draft-floyd-incr-init-win-01.txt, 2884 * Increasing TCP's Initial Window. 2885 */ 2886 tcp->tcp_cwnd = tcp->tcp_mss; 2887 } 2888 2889 tcp->tcp_swl1 = seg_seq; 2890 tcp->tcp_swl2 = seg_ack; 2891 2892 new_swnd = BE16_TO_U16(((tcph_t *)tcph)->th_win); 2893 tcp->tcp_swnd = new_swnd; 2894 if (new_swnd > tcp->tcp_max_swnd) 2895 tcp->tcp_max_swnd = new_swnd; 2896 2897 /* 2898 * Always send the three-way handshake ack immediately 2899 * in order to make the connection complete as soon as 2900 * possible on the accepting host. 2901 */ 2902 flags |= TH_ACK_NEEDED; 2903 /* 2904 * Check to see if there is data to be sent. If 2905 * yes, set the transmit flag. Then check to see 2906 * if received data processing needs to be done. 2907 * If not, go straight to xmit_check. This short 2908 * cut is OK as we don't support T/TCP. 2909 */ 2910 if (tcp->tcp_unsent) 2911 flags |= TH_XMIT_NEEDED; 2912 2913 if (seg_len == 0) { 2914 freemsg(mp); 2915 goto xmit_check; 2916 } 2917 2918 flags &= ~TH_SYN; 2919 seg_seq++; 2920 break; 2921 } 2922 syn_rcvd: 2923 tcp->tcp_state = TCPS_SYN_RCVD; 2924 mp1 = tcp_xmit_mp(tcp, tcp->tcp_xmit_head, tcp->tcp_mss, 2925 NULL, NULL, tcp->tcp_iss, B_FALSE, NULL, B_FALSE); 2926 if (mp1 != NULL) { 2927 TCP_DUMP_PACKET("tcp_rput_data replying SYN", mp1); 2928 (void) ipv4_tcp_output(sock_id, mp1); 2929 TCP_TIMER_RESTART(tcp, tcp->tcp_rto); 2930 freeb(mp1); 2931 /* 2932 * Let's wait till our SYN has been ACKED since we 2933 * don't have a timer. 2934 */ 2935 if (tcp_state_wait(sock_id, tcp, TCPS_ALL_ACKED) < 0) { 2936 freemsg(mp); 2937 return; 2938 } 2939 } 2940 freemsg(mp); 2941 return; 2942 default: 2943 break; 2944 } 2945 mp->b_rptr = (uchar_t *)tcph + TCP_HDR_LENGTH((tcph_t *)tcph); 2946 new_swnd = ntohs(tcph->tha_win) << 2947 ((flags & TH_SYN) ? 0 : tcp->tcp_snd_ws); 2948 mss = tcp->tcp_mss; 2949 2950 if (tcp->tcp_snd_ts_ok) { 2951 if (!tcp_paws_check(tcp, (tcph_t *)tcph, &tcpopt)) { 2952 /* 2953 * This segment is not acceptable. 2954 * Drop it and send back an ACK. 2955 */ 2956 freemsg(mp); 2957 flags |= TH_ACK_NEEDED; 2958 goto ack_check; 2959 } 2960 } else if (tcp->tcp_snd_sack_ok) { 2961 assert(tcp->tcp_sack_info != NULL); 2962 tcpopt.tcp = tcp; 2963 /* 2964 * SACK info in already updated in tcp_parse_options. Ignore 2965 * all other TCP options... 2966 */ 2967 (void) tcp_parse_options((tcph_t *)tcph, &tcpopt); 2968 } 2969 try_again:; 2970 gap = seg_seq - tcp->tcp_rnxt; 2971 rgap = tcp->tcp_rwnd - (gap + seg_len); 2972 /* 2973 * gap is the amount of sequence space between what we expect to see 2974 * and what we got for seg_seq. A positive value for gap means 2975 * something got lost. A negative value means we got some old stuff. 2976 */ 2977 if (gap < 0) { 2978 /* Old stuff present. Is the SYN in there? */ 2979 if (seg_seq == tcp->tcp_irs && (flags & TH_SYN) && 2980 (seg_len != 0)) { 2981 flags &= ~TH_SYN; 2982 seg_seq++; 2983 /* Recompute the gaps after noting the SYN. */ 2984 goto try_again; 2985 } 2986 BUMP_MIB(tcp_mib.tcpInDataDupSegs); 2987 UPDATE_MIB(tcp_mib.tcpInDataDupBytes, 2988 (seg_len > -gap ? -gap : seg_len)); 2989 /* Remove the old stuff from seg_len. */ 2990 seg_len += gap; 2991 /* 2992 * Anything left? 2993 * Make sure to check for unack'd FIN when rest of data 2994 * has been previously ack'd. 2995 */ 2996 if (seg_len < 0 || (seg_len == 0 && !(flags & TH_FIN))) { 2997 /* 2998 * Resets are only valid if they lie within our offered 2999 * window. If the RST bit is set, we just ignore this 3000 * segment. 3001 */ 3002 if (flags & TH_RST) { 3003 freemsg(mp); 3004 return; 3005 } 3006 3007 /* 3008 * This segment is "unacceptable". None of its 3009 * sequence space lies within our advertized window. 3010 * 3011 * Adjust seg_len to the original value for tracing. 3012 */ 3013 seg_len -= gap; 3014 #ifdef DEBUG 3015 printf("tcp_rput: unacceptable, gap %d, rgap " 3016 "%d, flags 0x%x, seg_seq %u, seg_ack %u, " 3017 "seg_len %d, rnxt %u, snxt %u, %s", 3018 gap, rgap, flags, seg_seq, seg_ack, 3019 seg_len, tcp->tcp_rnxt, tcp->tcp_snxt, 3020 tcp_display(tcp, NULL, DISP_ADDR_AND_PORT)); 3021 #endif 3022 3023 /* 3024 * Arrange to send an ACK in response to the 3025 * unacceptable segment per RFC 793 page 69. There 3026 * is only one small difference between ours and the 3027 * acceptability test in the RFC - we accept ACK-only 3028 * packet with SEG.SEQ = RCV.NXT+RCV.WND and no ACK 3029 * will be generated. 3030 * 3031 * Note that we have to ACK an ACK-only packet at least 3032 * for stacks that send 0-length keep-alives with 3033 * SEG.SEQ = SND.NXT-1 as recommended by RFC1122, 3034 * section 4.2.3.6. As long as we don't ever generate 3035 * an unacceptable packet in response to an incoming 3036 * packet that is unacceptable, it should not cause 3037 * "ACK wars". 3038 */ 3039 flags |= TH_ACK_NEEDED; 3040 3041 /* 3042 * Continue processing this segment in order to use the 3043 * ACK information it contains, but skip all other 3044 * sequence-number processing. Processing the ACK 3045 * information is necessary in order to 3046 * re-synchronize connections that may have lost 3047 * synchronization. 3048 * 3049 * We clear seg_len and flag fields related to 3050 * sequence number processing as they are not 3051 * to be trusted for an unacceptable segment. 3052 */ 3053 seg_len = 0; 3054 flags &= ~(TH_SYN | TH_FIN | TH_URG); 3055 goto process_ack; 3056 } 3057 3058 /* Fix seg_seq, and chew the gap off the front. */ 3059 seg_seq = tcp->tcp_rnxt; 3060 do { 3061 mblk_t *mp2; 3062 assert((uintptr_t)(mp->b_wptr - mp->b_rptr) <= 3063 (uintptr_t)UINT_MAX); 3064 gap += (uint_t)(mp->b_wptr - mp->b_rptr); 3065 if (gap > 0) { 3066 mp->b_rptr = mp->b_wptr - gap; 3067 break; 3068 } 3069 mp2 = mp; 3070 mp = mp->b_cont; 3071 freeb(mp2); 3072 } while (gap < 0); 3073 } 3074 /* 3075 * rgap is the amount of stuff received out of window. A negative 3076 * value is the amount out of window. 3077 */ 3078 if (rgap < 0) { 3079 mblk_t *mp2; 3080 3081 if (tcp->tcp_rwnd == 0) 3082 BUMP_MIB(tcp_mib.tcpInWinProbe); 3083 else { 3084 BUMP_MIB(tcp_mib.tcpInDataPastWinSegs); 3085 UPDATE_MIB(tcp_mib.tcpInDataPastWinBytes, -rgap); 3086 } 3087 3088 /* 3089 * seg_len does not include the FIN, so if more than 3090 * just the FIN is out of window, we act like we don't 3091 * see it. (If just the FIN is out of window, rgap 3092 * will be zero and we will go ahead and acknowledge 3093 * the FIN.) 3094 */ 3095 flags &= ~TH_FIN; 3096 3097 /* Fix seg_len and make sure there is something left. */ 3098 seg_len += rgap; 3099 if (seg_len <= 0) { 3100 /* 3101 * Resets are only valid if they lie within our offered 3102 * window. If the RST bit is set, we just ignore this 3103 * segment. 3104 */ 3105 if (flags & TH_RST) { 3106 freemsg(mp); 3107 return; 3108 } 3109 3110 /* Per RFC 793, we need to send back an ACK. */ 3111 flags |= TH_ACK_NEEDED; 3112 3113 /* 3114 * If this is a zero window probe, continue to 3115 * process the ACK part. But we need to set seg_len 3116 * to 0 to avoid data processing. Otherwise just 3117 * drop the segment and send back an ACK. 3118 */ 3119 if (tcp->tcp_rwnd == 0 && seg_seq == tcp->tcp_rnxt) { 3120 flags &= ~(TH_SYN | TH_URG); 3121 seg_len = 0; 3122 /* Let's see if we can update our rwnd */ 3123 tcp_rcv_drain(sock_id, tcp); 3124 goto process_ack; 3125 } else { 3126 freemsg(mp); 3127 goto ack_check; 3128 } 3129 } 3130 /* Pitch out of window stuff off the end. */ 3131 rgap = seg_len; 3132 mp2 = mp; 3133 do { 3134 assert((uintptr_t)(mp2->b_wptr - 3135 mp2->b_rptr) <= (uintptr_t)INT_MAX); 3136 rgap -= (int)(mp2->b_wptr - mp2->b_rptr); 3137 if (rgap < 0) { 3138 mp2->b_wptr += rgap; 3139 if ((mp1 = mp2->b_cont) != NULL) { 3140 mp2->b_cont = NULL; 3141 freemsg(mp1); 3142 } 3143 break; 3144 } 3145 } while ((mp2 = mp2->b_cont) != NULL); 3146 } 3147 ok:; 3148 /* 3149 * TCP should check ECN info for segments inside the window only. 3150 * Therefore the check should be done here. 3151 */ 3152 if (tcp->tcp_ecn_ok) { 3153 uchar_t tos = ((struct ip *)rptr)->ip_tos; 3154 3155 if (flags & TH_CWR) { 3156 tcp->tcp_ecn_echo_on = B_FALSE; 3157 } 3158 /* 3159 * Note that both ECN_CE and CWR can be set in the 3160 * same segment. In this case, we once again turn 3161 * on ECN_ECHO. 3162 */ 3163 if ((tos & IPH_ECN_CE) == IPH_ECN_CE) { 3164 tcp->tcp_ecn_echo_on = B_TRUE; 3165 } 3166 } 3167 3168 /* 3169 * Check whether we can update tcp_ts_recent. This test is 3170 * NOT the one in RFC 1323 3.4. It is from Braden, 1993, "TCP 3171 * Extensions for High Performance: An Update", Internet Draft. 3172 */ 3173 if (tcp->tcp_snd_ts_ok && 3174 TSTMP_GEQ(tcpopt.tcp_opt_ts_val, tcp->tcp_ts_recent) && 3175 SEQ_LEQ(seg_seq, tcp->tcp_rack)) { 3176 tcp->tcp_ts_recent = tcpopt.tcp_opt_ts_val; 3177 tcp->tcp_last_rcv_lbolt = prom_gettime(); 3178 } 3179 3180 if (seg_seq != tcp->tcp_rnxt || tcp->tcp_reass_head) { 3181 /* 3182 * FIN in an out of order segment. We record this in 3183 * tcp_valid_bits and the seq num of FIN in tcp_ofo_fin_seq. 3184 * Clear the FIN so that any check on FIN flag will fail. 3185 * Remember that FIN also counts in the sequence number 3186 * space. So we need to ack out of order FIN only segments. 3187 */ 3188 if (flags & TH_FIN) { 3189 tcp->tcp_valid_bits |= TCP_OFO_FIN_VALID; 3190 tcp->tcp_ofo_fin_seq = seg_seq + seg_len; 3191 flags &= ~TH_FIN; 3192 flags |= TH_ACK_NEEDED; 3193 } 3194 if (seg_len > 0) { 3195 /* Fill in the SACK blk list. */ 3196 if (tcp->tcp_snd_sack_ok) { 3197 assert(tcp->tcp_sack_info != NULL); 3198 tcp_sack_insert(tcp->tcp_sack_list, 3199 seg_seq, seg_seq + seg_len, 3200 &(tcp->tcp_num_sack_blk)); 3201 } 3202 3203 /* 3204 * Attempt reassembly and see if we have something 3205 * ready to go. 3206 */ 3207 mp = tcp_reass(tcp, mp, seg_seq); 3208 /* Always ack out of order packets */ 3209 flags |= TH_ACK_NEEDED | TH_PUSH; 3210 if (mp != NULL) { 3211 assert((uintptr_t)(mp->b_wptr - 3212 mp->b_rptr) <= (uintptr_t)INT_MAX); 3213 seg_len = mp->b_cont ? msgdsize(mp) : 3214 (int)(mp->b_wptr - mp->b_rptr); 3215 seg_seq = tcp->tcp_rnxt; 3216 /* 3217 * A gap is filled and the seq num and len 3218 * of the gap match that of a previously 3219 * received FIN, put the FIN flag back in. 3220 */ 3221 if ((tcp->tcp_valid_bits & TCP_OFO_FIN_VALID) && 3222 seg_seq + seg_len == tcp->tcp_ofo_fin_seq) { 3223 flags |= TH_FIN; 3224 tcp->tcp_valid_bits &= 3225 ~TCP_OFO_FIN_VALID; 3226 } 3227 } else { 3228 /* 3229 * Keep going even with NULL mp. 3230 * There may be a useful ACK or something else 3231 * we don't want to miss. 3232 * 3233 * But TCP should not perform fast retransmit 3234 * because of the ack number. TCP uses 3235 * seg_len == 0 to determine if it is a pure 3236 * ACK. And this is not a pure ACK. 3237 */ 3238 seg_len = 0; 3239 ofo_seg = B_TRUE; 3240 } 3241 } 3242 } else if (seg_len > 0) { 3243 BUMP_MIB(tcp_mib.tcpInDataInorderSegs); 3244 UPDATE_MIB(tcp_mib.tcpInDataInorderBytes, seg_len); 3245 /* 3246 * If an out of order FIN was received before, and the seq 3247 * num and len of the new segment match that of the FIN, 3248 * put the FIN flag back in. 3249 */ 3250 if ((tcp->tcp_valid_bits & TCP_OFO_FIN_VALID) && 3251 seg_seq + seg_len == tcp->tcp_ofo_fin_seq) { 3252 flags |= TH_FIN; 3253 tcp->tcp_valid_bits &= ~TCP_OFO_FIN_VALID; 3254 } 3255 } 3256 if ((flags & (TH_RST | TH_SYN | TH_URG | TH_ACK)) != TH_ACK) { 3257 if (flags & TH_RST) { 3258 freemsg(mp); 3259 switch (tcp->tcp_state) { 3260 case TCPS_SYN_RCVD: 3261 (void) tcp_clean_death(sock_id, tcp, ECONNREFUSED); 3262 break; 3263 case TCPS_ESTABLISHED: 3264 case TCPS_FIN_WAIT_1: 3265 case TCPS_FIN_WAIT_2: 3266 case TCPS_CLOSE_WAIT: 3267 (void) tcp_clean_death(sock_id, tcp, ECONNRESET); 3268 break; 3269 case TCPS_CLOSING: 3270 case TCPS_LAST_ACK: 3271 (void) tcp_clean_death(sock_id, tcp, 0); 3272 break; 3273 default: 3274 assert(tcp->tcp_state != TCPS_TIME_WAIT); 3275 (void) tcp_clean_death(sock_id, tcp, ENXIO); 3276 break; 3277 } 3278 return; 3279 } 3280 if (flags & TH_SYN) { 3281 /* 3282 * See RFC 793, Page 71 3283 * 3284 * The seq number must be in the window as it should 3285 * be "fixed" above. If it is outside window, it should 3286 * be already rejected. Note that we allow seg_seq to be 3287 * rnxt + rwnd because we want to accept 0 window probe. 3288 */ 3289 assert(SEQ_GEQ(seg_seq, tcp->tcp_rnxt) && 3290 SEQ_LEQ(seg_seq, tcp->tcp_rnxt + tcp->tcp_rwnd)); 3291 freemsg(mp); 3292 /* 3293 * If the ACK flag is not set, just use our snxt as the 3294 * seq number of the RST segment. 3295 */ 3296 if (!(flags & TH_ACK)) { 3297 seg_ack = tcp->tcp_snxt; 3298 } 3299 tcp_xmit_ctl("TH_SYN", tcp, NULL, seg_ack, 3300 seg_seq + 1, TH_RST|TH_ACK, 0, sock_id); 3301 assert(tcp->tcp_state != TCPS_TIME_WAIT); 3302 (void) tcp_clean_death(sock_id, tcp, ECONNRESET); 3303 return; 3304 } 3305 3306 process_ack: 3307 if (!(flags & TH_ACK)) { 3308 #ifdef DEBUG 3309 printf("No ack in segment, dropped it, seq:%x\n", seg_seq); 3310 #endif 3311 freemsg(mp); 3312 goto xmit_check; 3313 } 3314 } 3315 bytes_acked = (int)(seg_ack - tcp->tcp_suna); 3316 3317 if (tcp->tcp_state == TCPS_SYN_RCVD) { 3318 tcp_t *listener = tcp->tcp_listener; 3319 #ifdef DEBUG 3320 printf("Done with eager 3-way handshake\n"); 3321 #endif 3322 /* 3323 * NOTE: RFC 793 pg. 72 says this should be 'bytes_acked < 0' 3324 * but that would mean we have an ack that ignored our SYN. 3325 */ 3326 if (bytes_acked < 1 || SEQ_GT(seg_ack, tcp->tcp_snxt)) { 3327 freemsg(mp); 3328 tcp_xmit_ctl("TCPS_SYN_RCVD-bad_ack", 3329 tcp, NULL, seg_ack, 0, TH_RST, 0, sock_id); 3330 return; 3331 } 3332 3333 /* 3334 * if the conn_req_q is full defer processing 3335 * until space is availabe after accept() 3336 * processing 3337 */ 3338 if (listener->tcp_conn_req_cnt_q < 3339 listener->tcp_conn_req_max) { 3340 tcp_t *tail; 3341 3342 listener->tcp_conn_req_cnt_q0--; 3343 listener->tcp_conn_req_cnt_q++; 3344 3345 /* Move from SYN_RCVD to ESTABLISHED list */ 3346 tcp->tcp_eager_next_q0->tcp_eager_prev_q0 = 3347 tcp->tcp_eager_prev_q0; 3348 tcp->tcp_eager_prev_q0->tcp_eager_next_q0 = 3349 tcp->tcp_eager_next_q0; 3350 tcp->tcp_eager_prev_q0 = NULL; 3351 tcp->tcp_eager_next_q0 = NULL; 3352 3353 /* 3354 * Insert at end of the queue because sockfs 3355 * sends down T_CONN_RES in chronological 3356 * order. Leaving the older conn indications 3357 * at front of the queue helps reducing search 3358 * time. 3359 */ 3360 tail = listener->tcp_eager_last_q; 3361 if (tail != NULL) { 3362 tail->tcp_eager_next_q = tcp; 3363 } else { 3364 listener->tcp_eager_next_q = tcp; 3365 } 3366 listener->tcp_eager_last_q = tcp; 3367 tcp->tcp_eager_next_q = NULL; 3368 } else { 3369 /* 3370 * Defer connection on q0 and set deferred 3371 * connection bit true 3372 */ 3373 tcp->tcp_conn_def_q0 = B_TRUE; 3374 3375 /* take tcp out of q0 ... */ 3376 tcp->tcp_eager_prev_q0->tcp_eager_next_q0 = 3377 tcp->tcp_eager_next_q0; 3378 tcp->tcp_eager_next_q0->tcp_eager_prev_q0 = 3379 tcp->tcp_eager_prev_q0; 3380 3381 /* ... and place it at the end of q0 */ 3382 tcp->tcp_eager_prev_q0 = listener->tcp_eager_prev_q0; 3383 tcp->tcp_eager_next_q0 = listener; 3384 listener->tcp_eager_prev_q0->tcp_eager_next_q0 = tcp; 3385 listener->tcp_eager_prev_q0 = tcp; 3386 } 3387 3388 tcp->tcp_suna = tcp->tcp_iss + 1; /* One for the SYN */ 3389 bytes_acked--; 3390 3391 /* 3392 * If SYN was retransmitted, need to reset all 3393 * retransmission info as this segment will be 3394 * treated as a dup ACK. 3395 */ 3396 if (tcp->tcp_rexmit) { 3397 tcp->tcp_rexmit = B_FALSE; 3398 tcp->tcp_rexmit_nxt = tcp->tcp_snxt; 3399 tcp->tcp_rexmit_max = tcp->tcp_snxt; 3400 tcp->tcp_snd_burst = TCP_CWND_NORMAL; 3401 tcp->tcp_ms_we_have_waited = 0; 3402 tcp->tcp_cwnd = mss; 3403 } 3404 3405 /* 3406 * We set the send window to zero here. 3407 * This is needed if there is data to be 3408 * processed already on the queue. 3409 * Later (at swnd_update label), the 3410 * "new_swnd > tcp_swnd" condition is satisfied 3411 * the XMIT_NEEDED flag is set in the current 3412 * (SYN_RCVD) state. This ensures tcp_wput_data() is 3413 * called if there is already data on queue in 3414 * this state. 3415 */ 3416 tcp->tcp_swnd = 0; 3417 3418 if (new_swnd > tcp->tcp_max_swnd) 3419 tcp->tcp_max_swnd = new_swnd; 3420 tcp->tcp_swl1 = seg_seq; 3421 tcp->tcp_swl2 = seg_ack; 3422 tcp->tcp_state = TCPS_ESTABLISHED; 3423 tcp->tcp_valid_bits &= ~TCP_ISS_VALID; 3424 } 3425 /* This code follows 4.4BSD-Lite2 mostly. */ 3426 if (bytes_acked < 0) 3427 goto est; 3428 3429 /* 3430 * If TCP is ECN capable and the congestion experience bit is 3431 * set, reduce tcp_cwnd and tcp_ssthresh. But this should only be 3432 * done once per window (or more loosely, per RTT). 3433 */ 3434 if (tcp->tcp_cwr && SEQ_GT(seg_ack, tcp->tcp_cwr_snd_max)) 3435 tcp->tcp_cwr = B_FALSE; 3436 if (tcp->tcp_ecn_ok && (flags & TH_ECE)) { 3437 if (!tcp->tcp_cwr) { 3438 npkt = (MIN(tcp->tcp_cwnd, tcp->tcp_swnd) >> 1) / mss; 3439 tcp->tcp_cwnd_ssthresh = MAX(npkt, 2) * mss; 3440 tcp->tcp_cwnd = npkt * mss; 3441 /* 3442 * If the cwnd is 0, use the timer to clock out 3443 * new segments. This is required by the ECN spec. 3444 */ 3445 if (npkt == 0) { 3446 TCP_TIMER_RESTART(tcp, tcp->tcp_rto); 3447 /* 3448 * This makes sure that when the ACK comes 3449 * back, we will increase tcp_cwnd by 1 MSS. 3450 */ 3451 tcp->tcp_cwnd_cnt = 0; 3452 } 3453 tcp->tcp_cwr = B_TRUE; 3454 /* 3455 * This marks the end of the current window of in 3456 * flight data. That is why we don't use 3457 * tcp_suna + tcp_swnd. Only data in flight can 3458 * provide ECN info. 3459 */ 3460 tcp->tcp_cwr_snd_max = tcp->tcp_snxt; 3461 tcp->tcp_ecn_cwr_sent = B_FALSE; 3462 } 3463 } 3464 3465 mp1 = tcp->tcp_xmit_head; 3466 if (bytes_acked == 0) { 3467 if (!ofo_seg && seg_len == 0 && new_swnd == tcp->tcp_swnd) { 3468 int dupack_cnt; 3469 3470 BUMP_MIB(tcp_mib.tcpInDupAck); 3471 /* 3472 * Fast retransmit. When we have seen exactly three 3473 * identical ACKs while we have unacked data 3474 * outstanding we take it as a hint that our peer 3475 * dropped something. 3476 * 3477 * If TCP is retransmitting, don't do fast retransmit. 3478 */ 3479 if (mp1 != NULL && tcp->tcp_suna != tcp->tcp_snxt && 3480 ! tcp->tcp_rexmit) { 3481 /* Do Limited Transmit */ 3482 if ((dupack_cnt = ++tcp->tcp_dupack_cnt) < 3483 tcp_dupack_fast_retransmit) { 3484 /* 3485 * RFC 3042 3486 * 3487 * What we need to do is temporarily 3488 * increase tcp_cwnd so that new 3489 * data can be sent if it is allowed 3490 * by the receive window (tcp_rwnd). 3491 * tcp_wput_data() will take care of 3492 * the rest. 3493 * 3494 * If the connection is SACK capable, 3495 * only do limited xmit when there 3496 * is SACK info. 3497 * 3498 * Note how tcp_cwnd is incremented. 3499 * The first dup ACK will increase 3500 * it by 1 MSS. The second dup ACK 3501 * will increase it by 2 MSS. This 3502 * means that only 1 new segment will 3503 * be sent for each dup ACK. 3504 */ 3505 if (tcp->tcp_unsent > 0 && 3506 (!tcp->tcp_snd_sack_ok || 3507 (tcp->tcp_snd_sack_ok && 3508 tcp->tcp_notsack_list != NULL))) { 3509 tcp->tcp_cwnd += mss << 3510 (tcp->tcp_dupack_cnt - 1); 3511 flags |= TH_LIMIT_XMIT; 3512 } 3513 } else if (dupack_cnt == 3514 tcp_dupack_fast_retransmit) { 3515 3516 BUMP_MIB(tcp_mib.tcpOutFastRetrans); 3517 /* 3518 * If we have reduced tcp_ssthresh 3519 * because of ECN, do not reduce it again 3520 * unless it is already one window of data 3521 * away. After one window of data, tcp_cwr 3522 * should then be cleared. Note that 3523 * for non ECN capable connection, tcp_cwr 3524 * should always be false. 3525 * 3526 * Adjust cwnd since the duplicate 3527 * ack indicates that a packet was 3528 * dropped (due to congestion.) 3529 */ 3530 if (!tcp->tcp_cwr) { 3531 npkt = (MIN(tcp->tcp_cwnd, 3532 tcp->tcp_swnd) >> 1) / mss; 3533 if (npkt < 2) 3534 npkt = 2; 3535 tcp->tcp_cwnd_ssthresh = npkt * mss; 3536 tcp->tcp_cwnd = (npkt + 3537 tcp->tcp_dupack_cnt) * mss; 3538 } 3539 if (tcp->tcp_ecn_ok) { 3540 tcp->tcp_cwr = B_TRUE; 3541 tcp->tcp_cwr_snd_max = tcp->tcp_snxt; 3542 tcp->tcp_ecn_cwr_sent = B_FALSE; 3543 } 3544 3545 /* 3546 * We do Hoe's algorithm. Refer to her 3547 * paper "Improving the Start-up Behavior 3548 * of a Congestion Control Scheme for TCP," 3549 * appeared in SIGCOMM'96. 3550 * 3551 * Save highest seq no we have sent so far. 3552 * Be careful about the invisible FIN byte. 3553 */ 3554 if ((tcp->tcp_valid_bits & TCP_FSS_VALID) && 3555 (tcp->tcp_unsent == 0)) { 3556 tcp->tcp_rexmit_max = tcp->tcp_fss; 3557 } else { 3558 tcp->tcp_rexmit_max = tcp->tcp_snxt; 3559 } 3560 3561 /* 3562 * Do not allow bursty traffic during. 3563 * fast recovery. Refer to Fall and Floyd's 3564 * paper "Simulation-based Comparisons of 3565 * Tahoe, Reno and SACK TCP" (in CCR ??) 3566 * This is a best current practise. 3567 */ 3568 tcp->tcp_snd_burst = TCP_CWND_SS; 3569 3570 /* 3571 * For SACK: 3572 * Calculate tcp_pipe, which is the 3573 * estimated number of bytes in 3574 * network. 3575 * 3576 * tcp_fack is the highest sack'ed seq num 3577 * TCP has received. 3578 * 3579 * tcp_pipe is explained in the above quoted 3580 * Fall and Floyd's paper. tcp_fack is 3581 * explained in Mathis and Mahdavi's 3582 * "Forward Acknowledgment: Refining TCP 3583 * Congestion Control" in SIGCOMM '96. 3584 */ 3585 if (tcp->tcp_snd_sack_ok) { 3586 assert(tcp->tcp_sack_info != NULL); 3587 if (tcp->tcp_notsack_list != NULL) { 3588 tcp->tcp_pipe = tcp->tcp_snxt - 3589 tcp->tcp_fack; 3590 tcp->tcp_sack_snxt = seg_ack; 3591 flags |= TH_NEED_SACK_REXMIT; 3592 } else { 3593 /* 3594 * Always initialize tcp_pipe 3595 * even though we don't have 3596 * any SACK info. If later 3597 * we get SACK info and 3598 * tcp_pipe is not initialized, 3599 * funny things will happen. 3600 */ 3601 tcp->tcp_pipe = 3602 tcp->tcp_cwnd_ssthresh; 3603 } 3604 } else { 3605 flags |= TH_REXMIT_NEEDED; 3606 } /* tcp_snd_sack_ok */ 3607 3608 } else { 3609 /* 3610 * Here we perform congestion 3611 * avoidance, but NOT slow start. 3612 * This is known as the Fast 3613 * Recovery Algorithm. 3614 */ 3615 if (tcp->tcp_snd_sack_ok && 3616 tcp->tcp_notsack_list != NULL) { 3617 flags |= TH_NEED_SACK_REXMIT; 3618 tcp->tcp_pipe -= mss; 3619 if (tcp->tcp_pipe < 0) 3620 tcp->tcp_pipe = 0; 3621 } else { 3622 /* 3623 * We know that one more packet has 3624 * left the pipe thus we can update 3625 * cwnd. 3626 */ 3627 cwnd = tcp->tcp_cwnd + mss; 3628 if (cwnd > tcp->tcp_cwnd_max) 3629 cwnd = tcp->tcp_cwnd_max; 3630 tcp->tcp_cwnd = cwnd; 3631 flags |= TH_XMIT_NEEDED; 3632 } 3633 } 3634 } 3635 } else if (tcp->tcp_zero_win_probe) { 3636 /* 3637 * If the window has opened, need to arrange 3638 * to send additional data. 3639 */ 3640 if (new_swnd != 0) { 3641 /* tcp_suna != tcp_snxt */ 3642 /* Packet contains a window update */ 3643 BUMP_MIB(tcp_mib.tcpInWinUpdate); 3644 tcp->tcp_zero_win_probe = 0; 3645 tcp->tcp_timer_backoff = 0; 3646 tcp->tcp_ms_we_have_waited = 0; 3647 3648 /* 3649 * Transmit starting with tcp_suna since 3650 * the one byte probe is not ack'ed. 3651 * If TCP has sent more than one identical 3652 * probe, tcp_rexmit will be set. That means 3653 * tcp_ss_rexmit() will send out the one 3654 * byte along with new data. Otherwise, 3655 * fake the retransmission. 3656 */ 3657 flags |= TH_XMIT_NEEDED; 3658 if (!tcp->tcp_rexmit) { 3659 tcp->tcp_rexmit = B_TRUE; 3660 tcp->tcp_dupack_cnt = 0; 3661 tcp->tcp_rexmit_nxt = tcp->tcp_suna; 3662 tcp->tcp_rexmit_max = tcp->tcp_suna + 1; 3663 } 3664 } 3665 } 3666 goto swnd_update; 3667 } 3668 3669 /* 3670 * Check for "acceptability" of ACK value per RFC 793, pages 72 - 73. 3671 * If the ACK value acks something that we have not yet sent, it might 3672 * be an old duplicate segment. Send an ACK to re-synchronize the 3673 * other side. 3674 * Note: reset in response to unacceptable ACK in SYN_RECEIVE 3675 * state is handled above, so we can always just drop the segment and 3676 * send an ACK here. 3677 * 3678 * Should we send ACKs in response to ACK only segments? 3679 */ 3680 if (SEQ_GT(seg_ack, tcp->tcp_snxt)) { 3681 BUMP_MIB(tcp_mib.tcpInAckUnsent); 3682 /* drop the received segment */ 3683 freemsg(mp); 3684 3685 /* Send back an ACK. */ 3686 mp = tcp_ack_mp(tcp); 3687 3688 if (mp == NULL) { 3689 return; 3690 } 3691 BUMP_MIB(tcp_mib.tcpOutAck); 3692 (void) ipv4_tcp_output(sock_id, mp); 3693 freeb(mp); 3694 return; 3695 } 3696 3697 /* 3698 * TCP gets a new ACK, update the notsack'ed list to delete those 3699 * blocks that are covered by this ACK. 3700 */ 3701 if (tcp->tcp_snd_sack_ok && tcp->tcp_notsack_list != NULL) { 3702 tcp_notsack_remove(&(tcp->tcp_notsack_list), seg_ack, 3703 &(tcp->tcp_num_notsack_blk), &(tcp->tcp_cnt_notsack_list)); 3704 } 3705 3706 /* 3707 * If we got an ACK after fast retransmit, check to see 3708 * if it is a partial ACK. If it is not and the congestion 3709 * window was inflated to account for the other side's 3710 * cached packets, retract it. If it is, do Hoe's algorithm. 3711 */ 3712 if (tcp->tcp_dupack_cnt >= tcp_dupack_fast_retransmit) { 3713 assert(tcp->tcp_rexmit == B_FALSE); 3714 if (SEQ_GEQ(seg_ack, tcp->tcp_rexmit_max)) { 3715 tcp->tcp_dupack_cnt = 0; 3716 /* 3717 * Restore the orig tcp_cwnd_ssthresh after 3718 * fast retransmit phase. 3719 */ 3720 if (tcp->tcp_cwnd > tcp->tcp_cwnd_ssthresh) { 3721 tcp->tcp_cwnd = tcp->tcp_cwnd_ssthresh; 3722 } 3723 tcp->tcp_rexmit_max = seg_ack; 3724 tcp->tcp_cwnd_cnt = 0; 3725 tcp->tcp_snd_burst = TCP_CWND_NORMAL; 3726 3727 /* 3728 * Remove all notsack info to avoid confusion with 3729 * the next fast retrasnmit/recovery phase. 3730 */ 3731 if (tcp->tcp_snd_sack_ok && 3732 tcp->tcp_notsack_list != NULL) { 3733 TCP_NOTSACK_REMOVE_ALL(tcp->tcp_notsack_list); 3734 } 3735 } else { 3736 if (tcp->tcp_snd_sack_ok && 3737 tcp->tcp_notsack_list != NULL) { 3738 flags |= TH_NEED_SACK_REXMIT; 3739 tcp->tcp_pipe -= mss; 3740 if (tcp->tcp_pipe < 0) 3741 tcp->tcp_pipe = 0; 3742 } else { 3743 /* 3744 * Hoe's algorithm: 3745 * 3746 * Retransmit the unack'ed segment and 3747 * restart fast recovery. Note that we 3748 * need to scale back tcp_cwnd to the 3749 * original value when we started fast 3750 * recovery. This is to prevent overly 3751 * aggressive behaviour in sending new 3752 * segments. 3753 */ 3754 tcp->tcp_cwnd = tcp->tcp_cwnd_ssthresh + 3755 tcp_dupack_fast_retransmit * mss; 3756 tcp->tcp_cwnd_cnt = tcp->tcp_cwnd; 3757 BUMP_MIB(tcp_mib.tcpOutFastRetrans); 3758 flags |= TH_REXMIT_NEEDED; 3759 } 3760 } 3761 } else { 3762 tcp->tcp_dupack_cnt = 0; 3763 if (tcp->tcp_rexmit) { 3764 /* 3765 * TCP is retranmitting. If the ACK ack's all 3766 * outstanding data, update tcp_rexmit_max and 3767 * tcp_rexmit_nxt. Otherwise, update tcp_rexmit_nxt 3768 * to the correct value. 3769 * 3770 * Note that SEQ_LEQ() is used. This is to avoid 3771 * unnecessary fast retransmit caused by dup ACKs 3772 * received when TCP does slow start retransmission 3773 * after a time out. During this phase, TCP may 3774 * send out segments which are already received. 3775 * This causes dup ACKs to be sent back. 3776 */ 3777 if (SEQ_LEQ(seg_ack, tcp->tcp_rexmit_max)) { 3778 if (SEQ_GT(seg_ack, tcp->tcp_rexmit_nxt)) { 3779 tcp->tcp_rexmit_nxt = seg_ack; 3780 } 3781 if (seg_ack != tcp->tcp_rexmit_max) { 3782 flags |= TH_XMIT_NEEDED; 3783 } 3784 } else { 3785 tcp->tcp_rexmit = B_FALSE; 3786 tcp->tcp_rexmit_nxt = tcp->tcp_snxt; 3787 tcp->tcp_snd_burst = TCP_CWND_NORMAL; 3788 } 3789 tcp->tcp_ms_we_have_waited = 0; 3790 } 3791 } 3792 3793 BUMP_MIB(tcp_mib.tcpInAckSegs); 3794 UPDATE_MIB(tcp_mib.tcpInAckBytes, bytes_acked); 3795 tcp->tcp_suna = seg_ack; 3796 if (tcp->tcp_zero_win_probe != 0) { 3797 tcp->tcp_zero_win_probe = 0; 3798 tcp->tcp_timer_backoff = 0; 3799 } 3800 3801 /* 3802 * If tcp_xmit_head is NULL, then it must be the FIN being ack'ed. 3803 * Note that it cannot be the SYN being ack'ed. The code flow 3804 * will not reach here. 3805 */ 3806 if (mp1 == NULL) { 3807 goto fin_acked; 3808 } 3809 3810 /* 3811 * Update the congestion window. 3812 * 3813 * If TCP is not ECN capable or TCP is ECN capable but the 3814 * congestion experience bit is not set, increase the tcp_cwnd as 3815 * usual. 3816 */ 3817 if (!tcp->tcp_ecn_ok || !(flags & TH_ECE)) { 3818 cwnd = tcp->tcp_cwnd; 3819 add = mss; 3820 3821 if (cwnd >= tcp->tcp_cwnd_ssthresh) { 3822 /* 3823 * This is to prevent an increase of less than 1 MSS of 3824 * tcp_cwnd. With partial increase, tcp_wput_data() 3825 * may send out tinygrams in order to preserve mblk 3826 * boundaries. 3827 * 3828 * By initializing tcp_cwnd_cnt to new tcp_cwnd and 3829 * decrementing it by 1 MSS for every ACKs, tcp_cwnd is 3830 * increased by 1 MSS for every RTTs. 3831 */ 3832 if (tcp->tcp_cwnd_cnt <= 0) { 3833 tcp->tcp_cwnd_cnt = cwnd + add; 3834 } else { 3835 tcp->tcp_cwnd_cnt -= add; 3836 add = 0; 3837 } 3838 } 3839 tcp->tcp_cwnd = MIN(cwnd + add, tcp->tcp_cwnd_max); 3840 } 3841 3842 /* Can we update the RTT estimates? */ 3843 if (tcp->tcp_snd_ts_ok) { 3844 /* Ignore zero timestamp echo-reply. */ 3845 if (tcpopt.tcp_opt_ts_ecr != 0) { 3846 tcp_set_rto(tcp, (int32_t)(prom_gettime() - 3847 tcpopt.tcp_opt_ts_ecr)); 3848 } 3849 3850 /* If needed, restart the timer. */ 3851 if (tcp->tcp_set_timer == 1) { 3852 TCP_TIMER_RESTART(tcp, tcp->tcp_rto); 3853 tcp->tcp_set_timer = 0; 3854 } 3855 /* 3856 * Update tcp_csuna in case the other side stops sending 3857 * us timestamps. 3858 */ 3859 tcp->tcp_csuna = tcp->tcp_snxt; 3860 } else if (SEQ_GT(seg_ack, tcp->tcp_csuna)) { 3861 /* 3862 * An ACK sequence we haven't seen before, so get the RTT 3863 * and update the RTO. 3864 * Note. use uintptr_t to suppress the gcc warning. 3865 */ 3866 tcp_set_rto(tcp, (int32_t)(prom_gettime() - 3867 (uint32_t)(uintptr_t)mp1->b_prev)); 3868 3869 /* Remeber the last sequence to be ACKed */ 3870 tcp->tcp_csuna = seg_ack; 3871 if (tcp->tcp_set_timer == 1) { 3872 TCP_TIMER_RESTART(tcp, tcp->tcp_rto); 3873 tcp->tcp_set_timer = 0; 3874 } 3875 } else { 3876 BUMP_MIB(tcp_mib.tcpRttNoUpdate); 3877 } 3878 3879 /* Eat acknowledged bytes off the xmit queue. */ 3880 for (;;) { 3881 mblk_t *mp2; 3882 uchar_t *wptr; 3883 3884 wptr = mp1->b_wptr; 3885 assert((uintptr_t)(wptr - mp1->b_rptr) <= (uintptr_t)INT_MAX); 3886 bytes_acked -= (int)(wptr - mp1->b_rptr); 3887 if (bytes_acked < 0) { 3888 mp1->b_rptr = wptr + bytes_acked; 3889 break; 3890 } 3891 mp1->b_prev = NULL; 3892 mp2 = mp1; 3893 mp1 = mp1->b_cont; 3894 freeb(mp2); 3895 if (bytes_acked == 0) { 3896 if (mp1 == NULL) { 3897 /* Everything is ack'ed, clear the tail. */ 3898 tcp->tcp_xmit_tail = NULL; 3899 goto pre_swnd_update; 3900 } 3901 if (mp2 != tcp->tcp_xmit_tail) 3902 break; 3903 tcp->tcp_xmit_tail = mp1; 3904 assert((uintptr_t)(mp1->b_wptr - 3905 mp1->b_rptr) <= (uintptr_t)INT_MAX); 3906 tcp->tcp_xmit_tail_unsent = (int)(mp1->b_wptr - 3907 mp1->b_rptr); 3908 break; 3909 } 3910 if (mp1 == NULL) { 3911 /* 3912 * More was acked but there is nothing more 3913 * outstanding. This means that the FIN was 3914 * just acked or that we're talking to a clown. 3915 */ 3916 fin_acked: 3917 assert(tcp->tcp_fin_sent); 3918 tcp->tcp_xmit_tail = NULL; 3919 if (tcp->tcp_fin_sent) { 3920 tcp->tcp_fin_acked = B_TRUE; 3921 } else { 3922 /* 3923 * We should never got here because 3924 * we have already checked that the 3925 * number of bytes ack'ed should be 3926 * smaller than or equal to what we 3927 * have sent so far (it is the 3928 * acceptability check of the ACK). 3929 * We can only get here if the send 3930 * queue is corrupted. 3931 * 3932 * Terminate the connection and 3933 * panic the system. It is better 3934 * for us to panic instead of 3935 * continuing to avoid other disaster. 3936 */ 3937 tcp_xmit_ctl(NULL, tcp, NULL, tcp->tcp_snxt, 3938 tcp->tcp_rnxt, TH_RST|TH_ACK, 0, sock_id); 3939 printf("Memory corruption " 3940 "detected for connection %s.\n", 3941 tcp_display(tcp, NULL, 3942 DISP_ADDR_AND_PORT)); 3943 /* We should never get here... */ 3944 prom_panic("tcp_rput_data"); 3945 return; 3946 } 3947 goto pre_swnd_update; 3948 } 3949 assert(mp2 != tcp->tcp_xmit_tail); 3950 } 3951 if (tcp->tcp_unsent) { 3952 flags |= TH_XMIT_NEEDED; 3953 } 3954 pre_swnd_update: 3955 tcp->tcp_xmit_head = mp1; 3956 swnd_update: 3957 /* 3958 * The following check is different from most other implementations. 3959 * For bi-directional transfer, when segments are dropped, the 3960 * "normal" check will not accept a window update in those 3961 * retransmitted segemnts. Failing to do that, TCP may send out 3962 * segments which are outside receiver's window. As TCP accepts 3963 * the ack in those retransmitted segments, if the window update in 3964 * the same segment is not accepted, TCP will incorrectly calculates 3965 * that it can send more segments. This can create a deadlock 3966 * with the receiver if its window becomes zero. 3967 */ 3968 if (SEQ_LT(tcp->tcp_swl2, seg_ack) || 3969 SEQ_LT(tcp->tcp_swl1, seg_seq) || 3970 (tcp->tcp_swl1 == seg_seq && new_swnd > tcp->tcp_swnd)) { 3971 /* 3972 * The criteria for update is: 3973 * 3974 * 1. the segment acknowledges some data. Or 3975 * 2. the segment is new, i.e. it has a higher seq num. Or 3976 * 3. the segment is not old and the advertised window is 3977 * larger than the previous advertised window. 3978 */ 3979 if (tcp->tcp_unsent && new_swnd > tcp->tcp_swnd) 3980 flags |= TH_XMIT_NEEDED; 3981 tcp->tcp_swnd = new_swnd; 3982 if (new_swnd > tcp->tcp_max_swnd) 3983 tcp->tcp_max_swnd = new_swnd; 3984 tcp->tcp_swl1 = seg_seq; 3985 tcp->tcp_swl2 = seg_ack; 3986 } 3987 est: 3988 if (tcp->tcp_state > TCPS_ESTABLISHED) { 3989 switch (tcp->tcp_state) { 3990 case TCPS_FIN_WAIT_1: 3991 if (tcp->tcp_fin_acked) { 3992 tcp->tcp_state = TCPS_FIN_WAIT_2; 3993 /* 3994 * We implement the non-standard BSD/SunOS 3995 * FIN_WAIT_2 flushing algorithm. 3996 * If there is no user attached to this 3997 * TCP endpoint, then this TCP struct 3998 * could hang around forever in FIN_WAIT_2 3999 * state if the peer forgets to send us 4000 * a FIN. To prevent this, we wait only 4001 * 2*MSL (a convenient time value) for 4002 * the FIN to arrive. If it doesn't show up, 4003 * we flush the TCP endpoint. This algorithm, 4004 * though a violation of RFC-793, has worked 4005 * for over 10 years in BSD systems. 4006 * Note: SunOS 4.x waits 675 seconds before 4007 * flushing the FIN_WAIT_2 connection. 4008 */ 4009 TCP_TIMER_RESTART(tcp, 4010 tcp_fin_wait_2_flush_interval); 4011 } 4012 break; 4013 case TCPS_FIN_WAIT_2: 4014 break; /* Shutdown hook? */ 4015 case TCPS_LAST_ACK: 4016 freemsg(mp); 4017 if (tcp->tcp_fin_acked) { 4018 (void) tcp_clean_death(sock_id, tcp, 0); 4019 return; 4020 } 4021 goto xmit_check; 4022 case TCPS_CLOSING: 4023 if (tcp->tcp_fin_acked) { 4024 tcp->tcp_state = TCPS_TIME_WAIT; 4025 tcp_time_wait_append(tcp); 4026 TCP_TIMER_RESTART(tcp, tcp_time_wait_interval); 4027 } 4028 /*FALLTHRU*/ 4029 case TCPS_CLOSE_WAIT: 4030 freemsg(mp); 4031 goto xmit_check; 4032 default: 4033 assert(tcp->tcp_state != TCPS_TIME_WAIT); 4034 break; 4035 } 4036 } 4037 if (flags & TH_FIN) { 4038 /* Make sure we ack the fin */ 4039 flags |= TH_ACK_NEEDED; 4040 if (!tcp->tcp_fin_rcvd) { 4041 tcp->tcp_fin_rcvd = B_TRUE; 4042 tcp->tcp_rnxt++; 4043 U32_TO_ABE32(tcp->tcp_rnxt, tcp->tcp_tcph->th_ack); 4044 4045 switch (tcp->tcp_state) { 4046 case TCPS_SYN_RCVD: 4047 case TCPS_ESTABLISHED: 4048 tcp->tcp_state = TCPS_CLOSE_WAIT; 4049 /* Keepalive? */ 4050 break; 4051 case TCPS_FIN_WAIT_1: 4052 if (!tcp->tcp_fin_acked) { 4053 tcp->tcp_state = TCPS_CLOSING; 4054 break; 4055 } 4056 /* FALLTHRU */ 4057 case TCPS_FIN_WAIT_2: 4058 tcp->tcp_state = TCPS_TIME_WAIT; 4059 tcp_time_wait_append(tcp); 4060 TCP_TIMER_RESTART(tcp, tcp_time_wait_interval); 4061 if (seg_len) { 4062 /* 4063 * implies data piggybacked on FIN. 4064 * break to handle data. 4065 */ 4066 break; 4067 } 4068 freemsg(mp); 4069 goto ack_check; 4070 } 4071 } 4072 } 4073 if (mp == NULL) 4074 goto xmit_check; 4075 if (seg_len == 0) { 4076 freemsg(mp); 4077 goto xmit_check; 4078 } 4079 if (mp->b_rptr == mp->b_wptr) { 4080 /* 4081 * The header has been consumed, so we remove the 4082 * zero-length mblk here. 4083 */ 4084 mp1 = mp; 4085 mp = mp->b_cont; 4086 freeb(mp1); 4087 } 4088 /* 4089 * ACK every other segments, unless the input queue is empty 4090 * as we don't have a timer available. 4091 */ 4092 if (++tcp->tcp_rack_cnt == 2 || sockets[sock_id].inq == NULL) { 4093 flags |= TH_ACK_NEEDED; 4094 tcp->tcp_rack_cnt = 0; 4095 } 4096 tcp->tcp_rnxt += seg_len; 4097 U32_TO_ABE32(tcp->tcp_rnxt, tcp->tcp_tcph->th_ack); 4098 4099 /* Update SACK list */ 4100 if (tcp->tcp_snd_sack_ok && tcp->tcp_num_sack_blk > 0) { 4101 tcp_sack_remove(tcp->tcp_sack_list, tcp->tcp_rnxt, 4102 &(tcp->tcp_num_sack_blk)); 4103 } 4104 4105 if (tcp->tcp_listener) { 4106 /* 4107 * Side queue inbound data until the accept happens. 4108 * tcp_accept/tcp_rput drains this when the accept happens. 4109 */ 4110 tcp_rcv_enqueue(tcp, mp, seg_len); 4111 } else { 4112 /* Just queue the data until the app calls read. */ 4113 tcp_rcv_enqueue(tcp, mp, seg_len); 4114 /* 4115 * Make sure the timer is running if we have data waiting 4116 * for a push bit. This provides resiliency against 4117 * implementations that do not correctly generate push bits. 4118 */ 4119 if (tcp->tcp_rcv_list != NULL) 4120 flags |= TH_TIMER_NEEDED; 4121 } 4122 4123 xmit_check: 4124 /* Is there anything left to do? */ 4125 if ((flags & (TH_REXMIT_NEEDED|TH_XMIT_NEEDED|TH_ACK_NEEDED| 4126 TH_NEED_SACK_REXMIT|TH_LIMIT_XMIT|TH_TIMER_NEEDED)) == 0) 4127 return; 4128 4129 /* Any transmit work to do and a non-zero window? */ 4130 if ((flags & (TH_REXMIT_NEEDED|TH_XMIT_NEEDED|TH_NEED_SACK_REXMIT| 4131 TH_LIMIT_XMIT)) && tcp->tcp_swnd != 0) { 4132 if (flags & TH_REXMIT_NEEDED) { 4133 uint32_t snd_size = tcp->tcp_snxt - tcp->tcp_suna; 4134 4135 if (snd_size > mss) 4136 snd_size = mss; 4137 if (snd_size > tcp->tcp_swnd) 4138 snd_size = tcp->tcp_swnd; 4139 mp1 = tcp_xmit_mp(tcp, tcp->tcp_xmit_head, snd_size, 4140 NULL, NULL, tcp->tcp_suna, B_TRUE, &snd_size, 4141 B_TRUE); 4142 4143 if (mp1 != NULL) { 4144 /* use uintptr_t to suppress the gcc warning */ 4145 tcp->tcp_xmit_head->b_prev = 4146 (mblk_t *)(uintptr_t)prom_gettime(); 4147 tcp->tcp_csuna = tcp->tcp_snxt; 4148 BUMP_MIB(tcp_mib.tcpRetransSegs); 4149 UPDATE_MIB(tcp_mib.tcpRetransBytes, snd_size); 4150 (void) ipv4_tcp_output(sock_id, mp1); 4151 freeb(mp1); 4152 } 4153 } 4154 if (flags & TH_NEED_SACK_REXMIT) { 4155 if (tcp_sack_rxmit(tcp, sock_id) != 0) { 4156 flags |= TH_XMIT_NEEDED; 4157 } 4158 } 4159 /* 4160 * For TH_LIMIT_XMIT, tcp_wput_data() is called to send 4161 * out new segment. Note that tcp_rexmit should not be 4162 * set, otherwise TH_LIMIT_XMIT should not be set. 4163 */ 4164 if (flags & (TH_XMIT_NEEDED|TH_LIMIT_XMIT)) { 4165 if (!tcp->tcp_rexmit) { 4166 tcp_wput_data(tcp, NULL, sock_id); 4167 } else { 4168 tcp_ss_rexmit(tcp, sock_id); 4169 } 4170 /* 4171 * The TCP could be closed in tcp_state_wait via 4172 * tcp_wput_data (tcp_ss_rexmit could call 4173 * tcp_wput_data as well). 4174 */ 4175 if (sockets[sock_id].pcb == NULL) 4176 return; 4177 } 4178 /* 4179 * Adjust tcp_cwnd back to normal value after sending 4180 * new data segments. 4181 */ 4182 if (flags & TH_LIMIT_XMIT) { 4183 tcp->tcp_cwnd -= mss << (tcp->tcp_dupack_cnt - 1); 4184 } 4185 4186 /* Anything more to do? */ 4187 if ((flags & (TH_ACK_NEEDED|TH_TIMER_NEEDED)) == 0) 4188 return; 4189 } 4190 ack_check: 4191 if (flags & TH_ACK_NEEDED) { 4192 /* 4193 * Time to send an ack for some reason. 4194 */ 4195 if ((mp1 = tcp_ack_mp(tcp)) != NULL) { 4196 TCP_DUMP_PACKET("tcp_rput_data: ack mp", mp1); 4197 (void) ipv4_tcp_output(sock_id, mp1); 4198 BUMP_MIB(tcp_mib.tcpOutAck); 4199 freeb(mp1); 4200 } 4201 } 4202 } 4203 4204 /* 4205 * tcp_ss_rexmit() is called in tcp_rput_data() to do slow start 4206 * retransmission after a timeout. 4207 * 4208 * To limit the number of duplicate segments, we limit the number of segment 4209 * to be sent in one time to tcp_snd_burst, the burst variable. 4210 */ 4211 static void 4212 tcp_ss_rexmit(tcp_t *tcp, int sock_id) 4213 { 4214 uint32_t snxt; 4215 uint32_t smax; 4216 int32_t win; 4217 int32_t mss; 4218 int32_t off; 4219 int32_t burst = tcp->tcp_snd_burst; 4220 mblk_t *snxt_mp; 4221 4222 /* 4223 * Note that tcp_rexmit can be set even though TCP has retransmitted 4224 * all unack'ed segments. 4225 */ 4226 if (SEQ_LT(tcp->tcp_rexmit_nxt, tcp->tcp_rexmit_max)) { 4227 smax = tcp->tcp_rexmit_max; 4228 snxt = tcp->tcp_rexmit_nxt; 4229 if (SEQ_LT(snxt, tcp->tcp_suna)) { 4230 snxt = tcp->tcp_suna; 4231 } 4232 win = MIN(tcp->tcp_cwnd, tcp->tcp_swnd); 4233 win -= snxt - tcp->tcp_suna; 4234 mss = tcp->tcp_mss; 4235 snxt_mp = tcp_get_seg_mp(tcp, snxt, &off); 4236 4237 while (SEQ_LT(snxt, smax) && (win > 0) && 4238 (burst > 0) && (snxt_mp != NULL)) { 4239 mblk_t *xmit_mp; 4240 mblk_t *old_snxt_mp = snxt_mp; 4241 uint32_t cnt = mss; 4242 4243 if (win < cnt) { 4244 cnt = win; 4245 } 4246 if (SEQ_GT(snxt + cnt, smax)) { 4247 cnt = smax - snxt; 4248 } 4249 xmit_mp = tcp_xmit_mp(tcp, snxt_mp, cnt, &off, 4250 &snxt_mp, snxt, B_TRUE, &cnt, B_TRUE); 4251 4252 if (xmit_mp == NULL) 4253 return; 4254 4255 (void) ipv4_tcp_output(sock_id, xmit_mp); 4256 freeb(xmit_mp); 4257 4258 snxt += cnt; 4259 win -= cnt; 4260 /* 4261 * Update the send timestamp to avoid false 4262 * retransmission. 4263 * Note. use uintptr_t to suppress the gcc warning. 4264 */ 4265 old_snxt_mp->b_prev = 4266 (mblk_t *)(uintptr_t)prom_gettime(); 4267 BUMP_MIB(tcp_mib.tcpRetransSegs); 4268 UPDATE_MIB(tcp_mib.tcpRetransBytes, cnt); 4269 4270 tcp->tcp_rexmit_nxt = snxt; 4271 burst--; 4272 } 4273 /* 4274 * If we have transmitted all we have at the time 4275 * we started the retranmission, we can leave 4276 * the rest of the job to tcp_wput_data(). But we 4277 * need to check the send window first. If the 4278 * win is not 0, go on with tcp_wput_data(). 4279 */ 4280 if (SEQ_LT(snxt, smax) || win == 0) { 4281 return; 4282 } 4283 } 4284 /* Only call tcp_wput_data() if there is data to be sent. */ 4285 if (tcp->tcp_unsent) { 4286 tcp_wput_data(tcp, NULL, sock_id); 4287 } 4288 } 4289 4290 /* 4291 * tcp_timer is the timer service routine. It handles all timer events for 4292 * a tcp instance except keepalives. It figures out from the state of the 4293 * tcp instance what kind of action needs to be done at the time it is called. 4294 */ 4295 static void 4296 tcp_timer(tcp_t *tcp, int sock_id) 4297 { 4298 mblk_t *mp; 4299 uint32_t first_threshold; 4300 uint32_t second_threshold; 4301 uint32_t ms; 4302 uint32_t mss; 4303 4304 first_threshold = tcp->tcp_first_timer_threshold; 4305 second_threshold = tcp->tcp_second_timer_threshold; 4306 switch (tcp->tcp_state) { 4307 case TCPS_IDLE: 4308 case TCPS_BOUND: 4309 case TCPS_LISTEN: 4310 return; 4311 case TCPS_SYN_RCVD: 4312 case TCPS_SYN_SENT: 4313 first_threshold = tcp->tcp_first_ctimer_threshold; 4314 second_threshold = tcp->tcp_second_ctimer_threshold; 4315 break; 4316 case TCPS_ESTABLISHED: 4317 case TCPS_FIN_WAIT_1: 4318 case TCPS_CLOSING: 4319 case TCPS_CLOSE_WAIT: 4320 case TCPS_LAST_ACK: 4321 /* If we have data to rexmit */ 4322 if (tcp->tcp_suna != tcp->tcp_snxt) { 4323 int32_t time_to_wait; 4324 4325 BUMP_MIB(tcp_mib.tcpTimRetrans); 4326 if (tcp->tcp_xmit_head == NULL) 4327 break; 4328 /* use uintptr_t to suppress the gcc warning */ 4329 time_to_wait = (int32_t)(prom_gettime() - 4330 (uint32_t)(uintptr_t)tcp->tcp_xmit_head->b_prev); 4331 time_to_wait = tcp->tcp_rto - time_to_wait; 4332 if (time_to_wait > 0) { 4333 /* 4334 * Timer fired too early, so restart it. 4335 */ 4336 TCP_TIMER_RESTART(tcp, time_to_wait); 4337 return; 4338 } 4339 /* 4340 * When we probe zero windows, we force the swnd open. 4341 * If our peer acks with a closed window swnd will be 4342 * set to zero by tcp_rput(). As long as we are 4343 * receiving acks tcp_rput will 4344 * reset 'tcp_ms_we_have_waited' so as not to trip the 4345 * first and second interval actions. NOTE: the timer 4346 * interval is allowed to continue its exponential 4347 * backoff. 4348 */ 4349 if (tcp->tcp_swnd == 0 || tcp->tcp_zero_win_probe) { 4350 DEBUG_1("tcp_timer (%d): zero win", sock_id); 4351 break; 4352 } else { 4353 /* 4354 * After retransmission, we need to do 4355 * slow start. Set the ssthresh to one 4356 * half of current effective window and 4357 * cwnd to one MSS. Also reset 4358 * tcp_cwnd_cnt. 4359 * 4360 * Note that if tcp_ssthresh is reduced because 4361 * of ECN, do not reduce it again unless it is 4362 * already one window of data away (tcp_cwr 4363 * should then be cleared) or this is a 4364 * timeout for a retransmitted segment. 4365 */ 4366 uint32_t npkt; 4367 4368 if (!tcp->tcp_cwr || tcp->tcp_rexmit) { 4369 npkt = (MIN((tcp->tcp_timer_backoff ? 4370 tcp->tcp_cwnd_ssthresh : 4371 tcp->tcp_cwnd), 4372 tcp->tcp_swnd) >> 1) / 4373 tcp->tcp_mss; 4374 if (npkt < 2) 4375 npkt = 2; 4376 tcp->tcp_cwnd_ssthresh = npkt * 4377 tcp->tcp_mss; 4378 } 4379 tcp->tcp_cwnd = tcp->tcp_mss; 4380 tcp->tcp_cwnd_cnt = 0; 4381 if (tcp->tcp_ecn_ok) { 4382 tcp->tcp_cwr = B_TRUE; 4383 tcp->tcp_cwr_snd_max = tcp->tcp_snxt; 4384 tcp->tcp_ecn_cwr_sent = B_FALSE; 4385 } 4386 } 4387 break; 4388 } 4389 /* 4390 * We have something to send yet we cannot send. The 4391 * reason can be: 4392 * 4393 * 1. Zero send window: we need to do zero window probe. 4394 * 2. Zero cwnd: because of ECN, we need to "clock out 4395 * segments. 4396 * 3. SWS avoidance: receiver may have shrunk window, 4397 * reset our knowledge. 4398 * 4399 * Note that condition 2 can happen with either 1 or 4400 * 3. But 1 and 3 are exclusive. 4401 */ 4402 if (tcp->tcp_unsent != 0) { 4403 if (tcp->tcp_cwnd == 0) { 4404 /* 4405 * Set tcp_cwnd to 1 MSS so that a 4406 * new segment can be sent out. We 4407 * are "clocking out" new data when 4408 * the network is really congested. 4409 */ 4410 assert(tcp->tcp_ecn_ok); 4411 tcp->tcp_cwnd = tcp->tcp_mss; 4412 } 4413 if (tcp->tcp_swnd == 0) { 4414 /* Extend window for zero window probe */ 4415 tcp->tcp_swnd++; 4416 tcp->tcp_zero_win_probe = B_TRUE; 4417 BUMP_MIB(tcp_mib.tcpOutWinProbe); 4418 } else { 4419 /* 4420 * Handle timeout from sender SWS avoidance. 4421 * Reset our knowledge of the max send window 4422 * since the receiver might have reduced its 4423 * receive buffer. Avoid setting tcp_max_swnd 4424 * to one since that will essentially disable 4425 * the SWS checks. 4426 * 4427 * Note that since we don't have a SWS 4428 * state variable, if the timeout is set 4429 * for ECN but not for SWS, this 4430 * code will also be executed. This is 4431 * fine as tcp_max_swnd is updated 4432 * constantly and it will not affect 4433 * anything. 4434 */ 4435 tcp->tcp_max_swnd = MAX(tcp->tcp_swnd, 2); 4436 } 4437 tcp_wput_data(tcp, NULL, sock_id); 4438 return; 4439 } 4440 /* Is there a FIN that needs to be to re retransmitted? */ 4441 if ((tcp->tcp_valid_bits & TCP_FSS_VALID) && 4442 !tcp->tcp_fin_acked) 4443 break; 4444 /* Nothing to do, return without restarting timer. */ 4445 return; 4446 case TCPS_FIN_WAIT_2: 4447 /* 4448 * User closed the TCP endpoint and peer ACK'ed our FIN. 4449 * We waited some time for for peer's FIN, but it hasn't 4450 * arrived. We flush the connection now to avoid 4451 * case where the peer has rebooted. 4452 */ 4453 /* FALLTHRU */ 4454 case TCPS_TIME_WAIT: 4455 (void) tcp_clean_death(sock_id, tcp, 0); 4456 return; 4457 default: 4458 DEBUG_3("tcp_timer (%d): strange state (%d) %s", sock_id, 4459 tcp->tcp_state, tcp_display(tcp, NULL, 4460 DISP_PORT_ONLY)); 4461 return; 4462 } 4463 if ((ms = tcp->tcp_ms_we_have_waited) > second_threshold) { 4464 /* 4465 * For zero window probe, we need to send indefinitely, 4466 * unless we have not heard from the other side for some 4467 * time... 4468 */ 4469 if ((tcp->tcp_zero_win_probe == 0) || 4470 ((prom_gettime() - tcp->tcp_last_recv_time) > 4471 second_threshold)) { 4472 BUMP_MIB(tcp_mib.tcpTimRetransDrop); 4473 /* 4474 * If TCP is in SYN_RCVD state, send back a 4475 * RST|ACK as BSD does. Note that tcp_zero_win_probe 4476 * should be zero in TCPS_SYN_RCVD state. 4477 */ 4478 if (tcp->tcp_state == TCPS_SYN_RCVD) { 4479 tcp_xmit_ctl("tcp_timer: RST sent on timeout " 4480 "in SYN_RCVD", 4481 tcp, NULL, tcp->tcp_snxt, 4482 tcp->tcp_rnxt, TH_RST | TH_ACK, 0, sock_id); 4483 } 4484 (void) tcp_clean_death(sock_id, tcp, 4485 tcp->tcp_client_errno ? 4486 tcp->tcp_client_errno : ETIMEDOUT); 4487 return; 4488 } else { 4489 /* 4490 * Set tcp_ms_we_have_waited to second_threshold 4491 * so that in next timeout, we will do the above 4492 * check (lbolt - tcp_last_recv_time). This is 4493 * also to avoid overflow. 4494 * 4495 * We don't need to decrement tcp_timer_backoff 4496 * to avoid overflow because it will be decremented 4497 * later if new timeout value is greater than 4498 * tcp_rexmit_interval_max. In the case when 4499 * tcp_rexmit_interval_max is greater than 4500 * second_threshold, it means that we will wait 4501 * longer than second_threshold to send the next 4502 * window probe. 4503 */ 4504 tcp->tcp_ms_we_have_waited = second_threshold; 4505 } 4506 } else if (ms > first_threshold && tcp->tcp_rtt_sa != 0) { 4507 /* 4508 * We have been retransmitting for too long... The RTT 4509 * we calculated is probably incorrect. Reinitialize it. 4510 * Need to compensate for 0 tcp_rtt_sa. Reset 4511 * tcp_rtt_update so that we won't accidentally cache a 4512 * bad value. But only do this if this is not a zero 4513 * window probe. 4514 */ 4515 if (tcp->tcp_zero_win_probe == 0) { 4516 tcp->tcp_rtt_sd += (tcp->tcp_rtt_sa >> 3) + 4517 (tcp->tcp_rtt_sa >> 5); 4518 tcp->tcp_rtt_sa = 0; 4519 tcp->tcp_rtt_update = 0; 4520 } 4521 } 4522 tcp->tcp_timer_backoff++; 4523 if ((ms = (tcp->tcp_rtt_sa >> 3) + tcp->tcp_rtt_sd + 4524 tcp_rexmit_interval_extra + (tcp->tcp_rtt_sa >> 5)) < 4525 tcp_rexmit_interval_min) { 4526 /* 4527 * This means the original RTO is tcp_rexmit_interval_min. 4528 * So we will use tcp_rexmit_interval_min as the RTO value 4529 * and do the backoff. 4530 */ 4531 ms = tcp_rexmit_interval_min << tcp->tcp_timer_backoff; 4532 } else { 4533 ms <<= tcp->tcp_timer_backoff; 4534 } 4535 if (ms > tcp_rexmit_interval_max) { 4536 ms = tcp_rexmit_interval_max; 4537 /* 4538 * ms is at max, decrement tcp_timer_backoff to avoid 4539 * overflow. 4540 */ 4541 tcp->tcp_timer_backoff--; 4542 } 4543 tcp->tcp_ms_we_have_waited += ms; 4544 if (tcp->tcp_zero_win_probe == 0) { 4545 tcp->tcp_rto = ms; 4546 } 4547 TCP_TIMER_RESTART(tcp, ms); 4548 /* 4549 * This is after a timeout and tcp_rto is backed off. Set 4550 * tcp_set_timer to 1 so that next time RTO is updated, we will 4551 * restart the timer with a correct value. 4552 */ 4553 tcp->tcp_set_timer = 1; 4554 mss = tcp->tcp_snxt - tcp->tcp_suna; 4555 if (mss > tcp->tcp_mss) 4556 mss = tcp->tcp_mss; 4557 if (mss > tcp->tcp_swnd && tcp->tcp_swnd != 0) 4558 mss = tcp->tcp_swnd; 4559 4560 if ((mp = tcp->tcp_xmit_head) != NULL) { 4561 /* use uintptr_t to suppress the gcc warning */ 4562 mp->b_prev = (mblk_t *)(uintptr_t)prom_gettime(); 4563 } 4564 mp = tcp_xmit_mp(tcp, mp, mss, NULL, NULL, tcp->tcp_suna, B_TRUE, &mss, 4565 B_TRUE); 4566 if (mp == NULL) 4567 return; 4568 tcp->tcp_csuna = tcp->tcp_snxt; 4569 BUMP_MIB(tcp_mib.tcpRetransSegs); 4570 UPDATE_MIB(tcp_mib.tcpRetransBytes, mss); 4571 /* Dump the packet when debugging. */ 4572 TCP_DUMP_PACKET("tcp_timer", mp); 4573 4574 (void) ipv4_tcp_output(sock_id, mp); 4575 freeb(mp); 4576 4577 /* 4578 * When slow start after retransmission begins, start with 4579 * this seq no. tcp_rexmit_max marks the end of special slow 4580 * start phase. tcp_snd_burst controls how many segments 4581 * can be sent because of an ack. 4582 */ 4583 tcp->tcp_rexmit_nxt = tcp->tcp_suna; 4584 tcp->tcp_snd_burst = TCP_CWND_SS; 4585 if ((tcp->tcp_valid_bits & TCP_FSS_VALID) && 4586 (tcp->tcp_unsent == 0)) { 4587 tcp->tcp_rexmit_max = tcp->tcp_fss; 4588 } else { 4589 tcp->tcp_rexmit_max = tcp->tcp_snxt; 4590 } 4591 tcp->tcp_rexmit = B_TRUE; 4592 tcp->tcp_dupack_cnt = 0; 4593 4594 /* 4595 * Remove all rexmit SACK blk to start from fresh. 4596 */ 4597 if (tcp->tcp_snd_sack_ok && tcp->tcp_notsack_list != NULL) { 4598 TCP_NOTSACK_REMOVE_ALL(tcp->tcp_notsack_list); 4599 tcp->tcp_num_notsack_blk = 0; 4600 tcp->tcp_cnt_notsack_list = 0; 4601 } 4602 } 4603 4604 /* 4605 * The TCP normal data output path. 4606 * NOTE: the logic of the fast path is duplicated from this function. 4607 */ 4608 static void 4609 tcp_wput_data(tcp_t *tcp, mblk_t *mp, int sock_id) 4610 { 4611 int len; 4612 mblk_t *local_time; 4613 mblk_t *mp1; 4614 uchar_t *rptr; 4615 uint32_t snxt; 4616 int tail_unsent; 4617 int tcpstate; 4618 int usable = 0; 4619 mblk_t *xmit_tail; 4620 int32_t num_burst_seg; 4621 int32_t mss; 4622 int32_t num_sack_blk = 0; 4623 int32_t tcp_hdr_len; 4624 ipaddr_t *dst; 4625 ipaddr_t *src; 4626 4627 #ifdef DEBUG 4628 printf("tcp_wput_data(%d) ##############################\n", sock_id); 4629 #endif 4630 tcpstate = tcp->tcp_state; 4631 if (mp == NULL) { 4632 /* Really tacky... but we need this for detached closes. */ 4633 len = tcp->tcp_unsent; 4634 goto data_null; 4635 } 4636 4637 /* 4638 * Don't allow data after T_ORDREL_REQ or T_DISCON_REQ, 4639 * or before a connection attempt has begun. 4640 * 4641 * The following should not happen in inetboot.... 4642 */ 4643 if (tcpstate < TCPS_SYN_SENT || tcpstate > TCPS_CLOSE_WAIT || 4644 (tcp->tcp_valid_bits & TCP_FSS_VALID) != 0) { 4645 if ((tcp->tcp_valid_bits & TCP_FSS_VALID) != 0) { 4646 printf("tcp_wput_data: data after ordrel, %s\n", 4647 tcp_display(tcp, NULL, DISP_ADDR_AND_PORT)); 4648 } 4649 freemsg(mp); 4650 return; 4651 } 4652 4653 /* Strip empties */ 4654 for (;;) { 4655 assert((uintptr_t)(mp->b_wptr - mp->b_rptr) <= 4656 (uintptr_t)INT_MAX); 4657 len = (int)(mp->b_wptr - mp->b_rptr); 4658 if (len > 0) 4659 break; 4660 mp1 = mp; 4661 mp = mp->b_cont; 4662 freeb(mp1); 4663 if (mp == NULL) { 4664 return; 4665 } 4666 } 4667 4668 /* If we are the first on the list ... */ 4669 if (tcp->tcp_xmit_head == NULL) { 4670 tcp->tcp_xmit_head = mp; 4671 tcp->tcp_xmit_tail = mp; 4672 tcp->tcp_xmit_tail_unsent = len; 4673 } else { 4674 tcp->tcp_xmit_last->b_cont = mp; 4675 len += tcp->tcp_unsent; 4676 } 4677 4678 /* Tack on however many more positive length mblks we have */ 4679 if ((mp1 = mp->b_cont) != NULL) { 4680 do { 4681 int tlen; 4682 assert((uintptr_t)(mp1->b_wptr - 4683 mp1->b_rptr) <= (uintptr_t)INT_MAX); 4684 tlen = (int)(mp1->b_wptr - mp1->b_rptr); 4685 if (tlen <= 0) { 4686 mp->b_cont = mp1->b_cont; 4687 freeb(mp1); 4688 } else { 4689 len += tlen; 4690 mp = mp1; 4691 } 4692 } while ((mp1 = mp->b_cont) != NULL); 4693 } 4694 tcp->tcp_xmit_last = mp; 4695 tcp->tcp_unsent = len; 4696 4697 data_null: 4698 snxt = tcp->tcp_snxt; 4699 xmit_tail = tcp->tcp_xmit_tail; 4700 tail_unsent = tcp->tcp_xmit_tail_unsent; 4701 4702 /* 4703 * Note that tcp_mss has been adjusted to take into account the 4704 * timestamp option if applicable. Because SACK options do not 4705 * appear in every TCP segments and they are of variable lengths, 4706 * they cannot be included in tcp_mss. Thus we need to calculate 4707 * the actual segment length when we need to send a segment which 4708 * includes SACK options. 4709 */ 4710 if (tcp->tcp_snd_sack_ok && tcp->tcp_num_sack_blk > 0) { 4711 int32_t opt_len; 4712 4713 num_sack_blk = MIN(tcp->tcp_max_sack_blk, 4714 tcp->tcp_num_sack_blk); 4715 opt_len = num_sack_blk * sizeof (sack_blk_t) + TCPOPT_NOP_LEN * 4716 2 + TCPOPT_HEADER_LEN; 4717 mss = tcp->tcp_mss - opt_len; 4718 tcp_hdr_len = tcp->tcp_hdr_len + opt_len; 4719 } else { 4720 mss = tcp->tcp_mss; 4721 tcp_hdr_len = tcp->tcp_hdr_len; 4722 } 4723 4724 if ((tcp->tcp_suna == snxt) && 4725 (prom_gettime() - tcp->tcp_last_recv_time) >= tcp->tcp_rto) { 4726 tcp->tcp_cwnd = MIN(tcp_slow_start_after_idle * mss, 4727 MIN(4 * mss, MAX(2 * mss, 4380 / mss * mss))); 4728 } 4729 if (tcpstate == TCPS_SYN_RCVD) { 4730 /* 4731 * The three-way connection establishment handshake is not 4732 * complete yet. We want to queue the data for transmission 4733 * after entering ESTABLISHED state (RFC793). Setting usable to 4734 * zero cause a jump to "done" label effectively leaving data 4735 * on the queue. 4736 */ 4737 4738 usable = 0; 4739 } else { 4740 int usable_r = tcp->tcp_swnd; 4741 4742 /* 4743 * In the special case when cwnd is zero, which can only 4744 * happen if the connection is ECN capable, return now. 4745 * New segments is sent using tcp_timer(). The timer 4746 * is set in tcp_rput_data(). 4747 */ 4748 if (tcp->tcp_cwnd == 0) { 4749 /* 4750 * Note that tcp_cwnd is 0 before 3-way handshake is 4751 * finished. 4752 */ 4753 assert(tcp->tcp_ecn_ok || 4754 tcp->tcp_state < TCPS_ESTABLISHED); 4755 return; 4756 } 4757 4758 /* usable = MIN(swnd, cwnd) - unacked_bytes */ 4759 if (usable_r > tcp->tcp_cwnd) 4760 usable_r = tcp->tcp_cwnd; 4761 4762 /* NOTE: trouble if xmitting while SYN not acked? */ 4763 usable_r -= snxt; 4764 usable_r += tcp->tcp_suna; 4765 4766 /* usable = MIN(usable, unsent) */ 4767 if (usable_r > len) 4768 usable_r = len; 4769 4770 /* usable = MAX(usable, {1 for urgent, 0 for data}) */ 4771 if (usable_r != 0) 4772 usable = usable_r; 4773 } 4774 4775 /* use uintptr_t to suppress the gcc warning */ 4776 local_time = (mblk_t *)(uintptr_t)prom_gettime(); 4777 4778 /* 4779 * "Our" Nagle Algorithm. This is not the same as in the old 4780 * BSD. This is more in line with the true intent of Nagle. 4781 * 4782 * The conditions are: 4783 * 1. The amount of unsent data (or amount of data which can be 4784 * sent, whichever is smaller) is less than Nagle limit. 4785 * 2. The last sent size is also less than Nagle limit. 4786 * 3. There is unack'ed data. 4787 * 4. Urgent pointer is not set. Send urgent data ignoring the 4788 * Nagle algorithm. This reduces the probability that urgent 4789 * bytes get "merged" together. 4790 * 5. The app has not closed the connection. This eliminates the 4791 * wait time of the receiving side waiting for the last piece of 4792 * (small) data. 4793 * 4794 * If all are satisified, exit without sending anything. Note 4795 * that Nagle limit can be smaller than 1 MSS. Nagle limit is 4796 * the smaller of 1 MSS and global tcp_naglim_def (default to be 4797 * 4095). 4798 */ 4799 if (usable < (int)tcp->tcp_naglim && 4800 tcp->tcp_naglim > tcp->tcp_last_sent_len && 4801 snxt != tcp->tcp_suna && 4802 !(tcp->tcp_valid_bits & TCP_URG_VALID)) 4803 goto done; 4804 4805 num_burst_seg = tcp->tcp_snd_burst; 4806 for (;;) { 4807 tcph_t *tcph; 4808 mblk_t *new_mp; 4809 4810 if (num_burst_seg-- == 0) 4811 goto done; 4812 4813 len = mss; 4814 if (len > usable) { 4815 len = usable; 4816 if (len <= 0) { 4817 /* Terminate the loop */ 4818 goto done; 4819 } 4820 /* 4821 * Sender silly-window avoidance. 4822 * Ignore this if we are going to send a 4823 * zero window probe out. 4824 * 4825 * TODO: force data into microscopic window ?? 4826 * ==> (!pushed || (unsent > usable)) 4827 */ 4828 if (len < (tcp->tcp_max_swnd >> 1) && 4829 (tcp->tcp_unsent - (snxt - tcp->tcp_snxt)) > len && 4830 !((tcp->tcp_valid_bits & TCP_URG_VALID) && 4831 len == 1) && (! tcp->tcp_zero_win_probe)) { 4832 /* 4833 * If the retransmit timer is not running 4834 * we start it so that we will retransmit 4835 * in the case when the the receiver has 4836 * decremented the window. 4837 */ 4838 if (snxt == tcp->tcp_snxt && 4839 snxt == tcp->tcp_suna) { 4840 /* 4841 * We are not supposed to send 4842 * anything. So let's wait a little 4843 * bit longer before breaking SWS 4844 * avoidance. 4845 * 4846 * What should the value be? 4847 * Suggestion: MAX(init rexmit time, 4848 * tcp->tcp_rto) 4849 */ 4850 TCP_TIMER_RESTART(tcp, tcp->tcp_rto); 4851 } 4852 goto done; 4853 } 4854 } 4855 4856 tcph = tcp->tcp_tcph; 4857 4858 usable -= len; /* Approximate - can be adjusted later */ 4859 if (usable > 0) 4860 tcph->th_flags[0] = TH_ACK; 4861 else 4862 tcph->th_flags[0] = (TH_ACK | TH_PUSH); 4863 4864 U32_TO_ABE32(snxt, tcph->th_seq); 4865 4866 if (tcp->tcp_valid_bits) { 4867 uchar_t *prev_rptr = xmit_tail->b_rptr; 4868 uint32_t prev_snxt = tcp->tcp_snxt; 4869 4870 if (tail_unsent == 0) { 4871 assert(xmit_tail->b_cont != NULL); 4872 xmit_tail = xmit_tail->b_cont; 4873 prev_rptr = xmit_tail->b_rptr; 4874 tail_unsent = (int)(xmit_tail->b_wptr - 4875 xmit_tail->b_rptr); 4876 } else { 4877 xmit_tail->b_rptr = xmit_tail->b_wptr - 4878 tail_unsent; 4879 } 4880 mp = tcp_xmit_mp(tcp, xmit_tail, len, NULL, NULL, 4881 snxt, B_FALSE, (uint32_t *)&len, B_FALSE); 4882 /* Restore tcp_snxt so we get amount sent right. */ 4883 tcp->tcp_snxt = prev_snxt; 4884 if (prev_rptr == xmit_tail->b_rptr) 4885 xmit_tail->b_prev = local_time; 4886 else 4887 xmit_tail->b_rptr = prev_rptr; 4888 4889 if (mp == NULL) 4890 break; 4891 4892 mp1 = mp->b_cont; 4893 4894 snxt += len; 4895 tcp->tcp_last_sent_len = (ushort_t)len; 4896 while (mp1->b_cont) { 4897 xmit_tail = xmit_tail->b_cont; 4898 xmit_tail->b_prev = local_time; 4899 mp1 = mp1->b_cont; 4900 } 4901 tail_unsent = xmit_tail->b_wptr - mp1->b_wptr; 4902 BUMP_MIB(tcp_mib.tcpOutDataSegs); 4903 UPDATE_MIB(tcp_mib.tcpOutDataBytes, len); 4904 /* Dump the packet when debugging. */ 4905 TCP_DUMP_PACKET("tcp_wput_data (valid bits)", mp); 4906 (void) ipv4_tcp_output(sock_id, mp); 4907 freeb(mp); 4908 continue; 4909 } 4910 4911 snxt += len; /* Adjust later if we don't send all of len */ 4912 BUMP_MIB(tcp_mib.tcpOutDataSegs); 4913 UPDATE_MIB(tcp_mib.tcpOutDataBytes, len); 4914 4915 if (tail_unsent) { 4916 /* Are the bytes above us in flight? */ 4917 rptr = xmit_tail->b_wptr - tail_unsent; 4918 if (rptr != xmit_tail->b_rptr) { 4919 tail_unsent -= len; 4920 len += tcp_hdr_len; 4921 tcp->tcp_ipha->ip_len = htons(len); 4922 mp = dupb(xmit_tail); 4923 if (!mp) 4924 break; 4925 mp->b_rptr = rptr; 4926 goto must_alloc; 4927 } 4928 } else { 4929 xmit_tail = xmit_tail->b_cont; 4930 assert((uintptr_t)(xmit_tail->b_wptr - 4931 xmit_tail->b_rptr) <= (uintptr_t)INT_MAX); 4932 tail_unsent = (int)(xmit_tail->b_wptr - 4933 xmit_tail->b_rptr); 4934 } 4935 4936 tail_unsent -= len; 4937 tcp->tcp_last_sent_len = (ushort_t)len; 4938 4939 len += tcp_hdr_len; 4940 if (tcp->tcp_ipversion == IPV4_VERSION) 4941 tcp->tcp_ipha->ip_len = htons(len); 4942 4943 xmit_tail->b_prev = local_time; 4944 4945 mp = dupb(xmit_tail); 4946 if (mp == NULL) 4947 goto out_of_mem; 4948 4949 len = tcp_hdr_len; 4950 /* 4951 * There are four reasons to allocate a new hdr mblk: 4952 * 1) The bytes above us are in use by another packet 4953 * 2) We don't have good alignment 4954 * 3) The mblk is being shared 4955 * 4) We don't have enough room for a header 4956 */ 4957 rptr = mp->b_rptr - len; 4958 if (!OK_32PTR(rptr) || 4959 rptr < mp->b_datap) { 4960 /* NOTE: we assume allocb returns an OK_32PTR */ 4961 4962 must_alloc:; 4963 mp1 = allocb(tcp->tcp_ip_hdr_len + TCP_MAX_HDR_LENGTH + 4964 tcp_wroff_xtra, 0); 4965 if (mp1 == NULL) { 4966 freemsg(mp); 4967 goto out_of_mem; 4968 } 4969 mp1->b_cont = mp; 4970 mp = mp1; 4971 /* Leave room for Link Level header */ 4972 len = tcp_hdr_len; 4973 rptr = &mp->b_rptr[tcp_wroff_xtra]; 4974 mp->b_wptr = &rptr[len]; 4975 } 4976 4977 if (tcp->tcp_snd_ts_ok) { 4978 /* use uintptr_t to suppress the gcc warning */ 4979 U32_TO_BE32((uint32_t)(uintptr_t)local_time, 4980 (char *)tcph+TCP_MIN_HEADER_LENGTH+4); 4981 U32_TO_BE32(tcp->tcp_ts_recent, 4982 (char *)tcph+TCP_MIN_HEADER_LENGTH+8); 4983 } else { 4984 assert(tcp->tcp_tcp_hdr_len == TCP_MIN_HEADER_LENGTH); 4985 } 4986 4987 mp->b_rptr = rptr; 4988 4989 /* Copy the template header. */ 4990 dst = (ipaddr_t *)rptr; 4991 src = (ipaddr_t *)tcp->tcp_iphc; 4992 dst[0] = src[0]; 4993 dst[1] = src[1]; 4994 dst[2] = src[2]; 4995 dst[3] = src[3]; 4996 dst[4] = src[4]; 4997 dst[5] = src[5]; 4998 dst[6] = src[6]; 4999 dst[7] = src[7]; 5000 dst[8] = src[8]; 5001 dst[9] = src[9]; 5002 len = tcp->tcp_hdr_len; 5003 if (len -= 40) { 5004 len >>= 2; 5005 dst += 10; 5006 src += 10; 5007 do { 5008 *dst++ = *src++; 5009 } while (--len); 5010 } 5011 5012 /* 5013 * Set tcph to point to the header of the outgoing packet, 5014 * not to the template header. 5015 */ 5016 tcph = (tcph_t *)(rptr + tcp->tcp_ip_hdr_len); 5017 5018 /* 5019 * Set the ECN info in the TCP header if it is not a zero 5020 * window probe. Zero window probe is only sent in 5021 * tcp_wput_data() and tcp_timer(). 5022 */ 5023 if (tcp->tcp_ecn_ok && !tcp->tcp_zero_win_probe) { 5024 SET_ECT(tcp, rptr); 5025 5026 if (tcp->tcp_ecn_echo_on) 5027 tcph->th_flags[0] |= TH_ECE; 5028 if (tcp->tcp_cwr && !tcp->tcp_ecn_cwr_sent) { 5029 tcph->th_flags[0] |= TH_CWR; 5030 tcp->tcp_ecn_cwr_sent = B_TRUE; 5031 } 5032 } 5033 5034 /* Fill in SACK options */ 5035 if (num_sack_blk > 0) { 5036 uchar_t *wptr = rptr + tcp->tcp_hdr_len; 5037 sack_blk_t *tmp; 5038 int32_t i; 5039 5040 wptr[0] = TCPOPT_NOP; 5041 wptr[1] = TCPOPT_NOP; 5042 wptr[2] = TCPOPT_SACK; 5043 wptr[3] = TCPOPT_HEADER_LEN + num_sack_blk * 5044 sizeof (sack_blk_t); 5045 wptr += TCPOPT_REAL_SACK_LEN; 5046 5047 tmp = tcp->tcp_sack_list; 5048 for (i = 0; i < num_sack_blk; i++) { 5049 U32_TO_BE32(tmp[i].begin, wptr); 5050 wptr += sizeof (tcp_seq); 5051 U32_TO_BE32(tmp[i].end, wptr); 5052 wptr += sizeof (tcp_seq); 5053 } 5054 tcph->th_offset_and_rsrvd[0] += ((num_sack_blk * 2 + 1) 5055 << 4); 5056 } 5057 5058 if (tail_unsent) { 5059 mp1 = mp->b_cont; 5060 if (mp1 == NULL) 5061 mp1 = mp; 5062 /* 5063 * If we're a little short, tack on more mblks 5064 * as long as we don't need to split an mblk. 5065 */ 5066 while (tail_unsent < 0 && 5067 tail_unsent + (int)(xmit_tail->b_cont->b_wptr - 5068 xmit_tail->b_cont->b_rptr) <= 0) { 5069 xmit_tail = xmit_tail->b_cont; 5070 /* Stash for rtt use later */ 5071 xmit_tail->b_prev = local_time; 5072 mp1->b_cont = dupb(xmit_tail); 5073 mp1 = mp1->b_cont; 5074 assert((uintptr_t)(xmit_tail->b_wptr - 5075 xmit_tail->b_rptr) <= (uintptr_t)INT_MAX); 5076 tail_unsent += (int)(xmit_tail->b_wptr - 5077 xmit_tail->b_rptr); 5078 if (mp1 == NULL) { 5079 freemsg(mp); 5080 goto out_of_mem; 5081 } 5082 } 5083 /* Trim back any surplus on the last mblk */ 5084 if (tail_unsent > 0) 5085 mp1->b_wptr -= tail_unsent; 5086 if (tail_unsent < 0) { 5087 uint32_t ip_len; 5088 5089 /* 5090 * We did not send everything we could in 5091 * order to preserve mblk boundaries. 5092 */ 5093 usable -= tail_unsent; 5094 snxt += tail_unsent; 5095 tcp->tcp_last_sent_len += tail_unsent; 5096 UPDATE_MIB(tcp_mib.tcpOutDataBytes, 5097 tail_unsent); 5098 /* Adjust the IP length field. */ 5099 ip_len = ntohs(((struct ip *)rptr)->ip_len) + 5100 tail_unsent; 5101 ((struct ip *)rptr)->ip_len = htons(ip_len); 5102 tail_unsent = 0; 5103 } 5104 } 5105 5106 if (mp == NULL) 5107 goto out_of_mem; 5108 5109 /* 5110 * Performance hit! We need to pullup the whole message 5111 * in order to do checksum and for the MAC output routine. 5112 */ 5113 if (mp->b_cont != NULL) { 5114 int mp_size; 5115 #ifdef DEBUG 5116 printf("Multiple mblk %d\n", msgdsize(mp)); 5117 #endif 5118 new_mp = allocb(msgdsize(mp) + tcp_wroff_xtra, 0); 5119 new_mp->b_rptr += tcp_wroff_xtra; 5120 new_mp->b_wptr = new_mp->b_rptr; 5121 while (mp != NULL) { 5122 mp_size = mp->b_wptr - mp->b_rptr; 5123 bcopy(mp->b_rptr, new_mp->b_wptr, mp_size); 5124 new_mp->b_wptr += mp_size; 5125 mp = mp->b_cont; 5126 } 5127 freemsg(mp); 5128 mp = new_mp; 5129 } 5130 tcp_set_cksum(mp); 5131 ((struct ip *)mp->b_rptr)->ip_ttl = (uint8_t)tcp_ipv4_ttl; 5132 TCP_DUMP_PACKET("tcp_wput_data", mp); 5133 (void) ipv4_tcp_output(sock_id, mp); 5134 freemsg(mp); 5135 } 5136 out_of_mem:; 5137 /* Pretend that all we were trying to send really got sent */ 5138 if (tail_unsent < 0) { 5139 do { 5140 xmit_tail = xmit_tail->b_cont; 5141 xmit_tail->b_prev = local_time; 5142 assert((uintptr_t)(xmit_tail->b_wptr - 5143 xmit_tail->b_rptr) <= (uintptr_t)INT_MAX); 5144 tail_unsent += (int)(xmit_tail->b_wptr - 5145 xmit_tail->b_rptr); 5146 } while (tail_unsent < 0); 5147 } 5148 done:; 5149 tcp->tcp_xmit_tail = xmit_tail; 5150 tcp->tcp_xmit_tail_unsent = tail_unsent; 5151 len = tcp->tcp_snxt - snxt; 5152 if (len) { 5153 /* 5154 * If new data was sent, need to update the notsack 5155 * list, which is, afterall, data blocks that have 5156 * not been sack'ed by the receiver. New data is 5157 * not sack'ed. 5158 */ 5159 if (tcp->tcp_snd_sack_ok && tcp->tcp_notsack_list != NULL) { 5160 /* len is a negative value. */ 5161 tcp->tcp_pipe -= len; 5162 tcp_notsack_update(&(tcp->tcp_notsack_list), 5163 tcp->tcp_snxt, snxt, 5164 &(tcp->tcp_num_notsack_blk), 5165 &(tcp->tcp_cnt_notsack_list)); 5166 } 5167 tcp->tcp_snxt = snxt + tcp->tcp_fin_sent; 5168 tcp->tcp_rack = tcp->tcp_rnxt; 5169 tcp->tcp_rack_cnt = 0; 5170 if ((snxt + len) == tcp->tcp_suna) { 5171 TCP_TIMER_RESTART(tcp, tcp->tcp_rto); 5172 } 5173 /* 5174 * Note that len is the amount we just sent but with a negative 5175 * sign. We update tcp_unsent here since we may come back to 5176 * tcp_wput_data from tcp_state_wait. 5177 */ 5178 len += tcp->tcp_unsent; 5179 tcp->tcp_unsent = len; 5180 5181 /* 5182 * Let's wait till all the segments have been acked, since we 5183 * don't have a timer. 5184 */ 5185 (void) tcp_state_wait(sock_id, tcp, TCPS_ALL_ACKED); 5186 return; 5187 } else if (snxt == tcp->tcp_suna && tcp->tcp_swnd == 0) { 5188 /* 5189 * Didn't send anything. Make sure the timer is running 5190 * so that we will probe a zero window. 5191 */ 5192 TCP_TIMER_RESTART(tcp, tcp->tcp_rto); 5193 } 5194 5195 /* Note that len is the amount we just sent but with a negative sign */ 5196 len += tcp->tcp_unsent; 5197 tcp->tcp_unsent = len; 5198 5199 } 5200 5201 static void 5202 tcp_time_wait_processing(tcp_t *tcp, mblk_t *mp, 5203 uint32_t seg_seq, uint32_t seg_ack, int seg_len, tcph_t *tcph, 5204 int sock_id) 5205 { 5206 int32_t bytes_acked; 5207 int32_t gap; 5208 int32_t rgap; 5209 tcp_opt_t tcpopt; 5210 uint_t flags; 5211 uint32_t new_swnd = 0; 5212 5213 #ifdef DEBUG 5214 printf("Time wait processing called ###############3\n"); 5215 #endif 5216 5217 /* Just make sure we send the right sock_id to tcp_clean_death */ 5218 if ((sockets[sock_id].pcb == NULL) || (sockets[sock_id].pcb != tcp)) 5219 sock_id = -1; 5220 5221 flags = (unsigned int)tcph->th_flags[0] & 0xFF; 5222 new_swnd = BE16_TO_U16(tcph->th_win) << 5223 ((tcph->th_flags[0] & TH_SYN) ? 0 : tcp->tcp_snd_ws); 5224 if (tcp->tcp_snd_ts_ok) { 5225 if (!tcp_paws_check(tcp, tcph, &tcpopt)) { 5226 freemsg(mp); 5227 tcp_xmit_ctl(NULL, tcp, NULL, tcp->tcp_snxt, 5228 tcp->tcp_rnxt, TH_ACK, 0, -1); 5229 return; 5230 } 5231 } 5232 gap = seg_seq - tcp->tcp_rnxt; 5233 rgap = tcp->tcp_rwnd - (gap + seg_len); 5234 if (gap < 0) { 5235 BUMP_MIB(tcp_mib.tcpInDataDupSegs); 5236 UPDATE_MIB(tcp_mib.tcpInDataDupBytes, 5237 (seg_len > -gap ? -gap : seg_len)); 5238 seg_len += gap; 5239 if (seg_len < 0 || (seg_len == 0 && !(flags & TH_FIN))) { 5240 if (flags & TH_RST) { 5241 freemsg(mp); 5242 return; 5243 } 5244 if ((flags & TH_FIN) && seg_len == -1) { 5245 /* 5246 * When TCP receives a duplicate FIN in 5247 * TIME_WAIT state, restart the 2 MSL timer. 5248 * See page 73 in RFC 793. Make sure this TCP 5249 * is already on the TIME_WAIT list. If not, 5250 * just restart the timer. 5251 */ 5252 tcp_time_wait_remove(tcp); 5253 tcp_time_wait_append(tcp); 5254 TCP_TIMER_RESTART(tcp, tcp_time_wait_interval); 5255 tcp_xmit_ctl(NULL, tcp, NULL, tcp->tcp_snxt, 5256 tcp->tcp_rnxt, TH_ACK, 0, -1); 5257 freemsg(mp); 5258 return; 5259 } 5260 flags |= TH_ACK_NEEDED; 5261 seg_len = 0; 5262 goto process_ack; 5263 } 5264 5265 /* Fix seg_seq, and chew the gap off the front. */ 5266 seg_seq = tcp->tcp_rnxt; 5267 } 5268 5269 if ((flags & TH_SYN) && gap > 0 && rgap < 0) { 5270 /* 5271 * Make sure that when we accept the connection, pick 5272 * an ISS greater than (tcp_snxt + ISS_INCR/2) for the 5273 * old connection. 5274 * 5275 * The next ISS generated is equal to tcp_iss_incr_extra 5276 * + ISS_INCR/2 + other components depending on the 5277 * value of tcp_strong_iss. We pre-calculate the new 5278 * ISS here and compare with tcp_snxt to determine if 5279 * we need to make adjustment to tcp_iss_incr_extra. 5280 * 5281 * Note that since we are now in the global queue 5282 * perimeter and need to do a lateral_put() to the 5283 * listener queue, there can be other connection requests/ 5284 * attempts while the lateral_put() is going on. That 5285 * means what we calculate here may not be correct. This 5286 * is extremely difficult to solve unless TCP and IP 5287 * modules are merged and there is no perimeter, but just 5288 * locks. The above calculation is ugly and is a 5289 * waste of CPU cycles... 5290 */ 5291 uint32_t new_iss = tcp_iss_incr_extra; 5292 int32_t adj; 5293 5294 /* Add time component and min random (i.e. 1). */ 5295 new_iss += (prom_gettime() >> ISS_NSEC_SHT) + 1; 5296 if ((adj = (int32_t)(tcp->tcp_snxt - new_iss)) > 0) { 5297 /* 5298 * New ISS not guaranteed to be ISS_INCR/2 5299 * ahead of the current tcp_snxt, so add the 5300 * difference to tcp_iss_incr_extra. 5301 */ 5302 tcp_iss_incr_extra += adj; 5303 } 5304 tcp_clean_death(sock_id, tcp, 0); 5305 5306 /* 5307 * This is a passive open. Right now we do not 5308 * do anything... 5309 */ 5310 freemsg(mp); 5311 return; 5312 } 5313 5314 /* 5315 * rgap is the amount of stuff received out of window. A negative 5316 * value is the amount out of window. 5317 */ 5318 if (rgap < 0) { 5319 BUMP_MIB(tcp_mib.tcpInDataPastWinSegs); 5320 UPDATE_MIB(tcp_mib.tcpInDataPastWinBytes, -rgap); 5321 /* Fix seg_len and make sure there is something left. */ 5322 seg_len += rgap; 5323 if (seg_len <= 0) { 5324 if (flags & TH_RST) { 5325 freemsg(mp); 5326 return; 5327 } 5328 flags |= TH_ACK_NEEDED; 5329 seg_len = 0; 5330 goto process_ack; 5331 } 5332 } 5333 /* 5334 * Check whether we can update tcp_ts_recent. This test is 5335 * NOT the one in RFC 1323 3.4. It is from Braden, 1993, "TCP 5336 * Extensions for High Performance: An Update", Internet Draft. 5337 */ 5338 if (tcp->tcp_snd_ts_ok && 5339 TSTMP_GEQ(tcpopt.tcp_opt_ts_val, tcp->tcp_ts_recent) && 5340 SEQ_LEQ(seg_seq, tcp->tcp_rack)) { 5341 tcp->tcp_ts_recent = tcpopt.tcp_opt_ts_val; 5342 tcp->tcp_last_rcv_lbolt = prom_gettime(); 5343 } 5344 5345 if (seg_seq != tcp->tcp_rnxt && seg_len > 0) { 5346 /* Always ack out of order packets */ 5347 flags |= TH_ACK_NEEDED; 5348 seg_len = 0; 5349 } else if (seg_len > 0) { 5350 BUMP_MIB(tcp_mib.tcpInDataInorderSegs); 5351 UPDATE_MIB(tcp_mib.tcpInDataInorderBytes, seg_len); 5352 } 5353 if (flags & TH_RST) { 5354 freemsg(mp); 5355 (void) tcp_clean_death(sock_id, tcp, 0); 5356 return; 5357 } 5358 if (flags & TH_SYN) { 5359 freemsg(mp); 5360 tcp_xmit_ctl("TH_SYN", tcp, NULL, seg_ack, seg_seq + 1, 5361 TH_RST|TH_ACK, 0, -1); 5362 /* 5363 * Do not delete the TCP structure if it is in 5364 * TIME_WAIT state. Refer to RFC 1122, 4.2.2.13. 5365 */ 5366 return; 5367 } 5368 process_ack: 5369 if (flags & TH_ACK) { 5370 bytes_acked = (int)(seg_ack - tcp->tcp_suna); 5371 if (bytes_acked <= 0) { 5372 if (bytes_acked == 0 && seg_len == 0 && 5373 new_swnd == tcp->tcp_swnd) 5374 BUMP_MIB(tcp_mib.tcpInDupAck); 5375 } else { 5376 /* Acks something not sent */ 5377 flags |= TH_ACK_NEEDED; 5378 } 5379 } 5380 freemsg(mp); 5381 if (flags & TH_ACK_NEEDED) { 5382 /* 5383 * Time to send an ack for some reason. 5384 */ 5385 tcp_xmit_ctl(NULL, tcp, NULL, tcp->tcp_snxt, 5386 tcp->tcp_rnxt, TH_ACK, 0, -1); 5387 } 5388 } 5389 5390 static int 5391 tcp_init_values(tcp_t *tcp, struct inetboot_socket *isp) 5392 { 5393 int err; 5394 5395 tcp->tcp_family = AF_INET; 5396 tcp->tcp_ipversion = IPV4_VERSION; 5397 5398 /* 5399 * Initialize tcp_rtt_sa and tcp_rtt_sd so that the calculated RTO 5400 * will be close to tcp_rexmit_interval_initial. By doing this, we 5401 * allow the algorithm to adjust slowly to large fluctuations of RTT 5402 * during first few transmissions of a connection as seen in slow 5403 * links. 5404 */ 5405 tcp->tcp_rtt_sa = tcp_rexmit_interval_initial << 2; 5406 tcp->tcp_rtt_sd = tcp_rexmit_interval_initial >> 1; 5407 tcp->tcp_rto = (tcp->tcp_rtt_sa >> 3) + tcp->tcp_rtt_sd + 5408 tcp_rexmit_interval_extra + (tcp->tcp_rtt_sa >> 5) + 5409 tcp_conn_grace_period; 5410 if (tcp->tcp_rto < tcp_rexmit_interval_min) 5411 tcp->tcp_rto = tcp_rexmit_interval_min; 5412 tcp->tcp_timer_backoff = 0; 5413 tcp->tcp_ms_we_have_waited = 0; 5414 tcp->tcp_last_recv_time = prom_gettime(); 5415 tcp->tcp_cwnd_max = tcp_cwnd_max_; 5416 tcp->tcp_snd_burst = TCP_CWND_INFINITE; 5417 tcp->tcp_cwnd_ssthresh = TCP_MAX_LARGEWIN; 5418 /* For Ethernet, the mtu returned is actually 1550... */ 5419 if (mac_get_type() == IFT_ETHER) { 5420 tcp->tcp_if_mtu = mac_get_mtu() - 50; 5421 } else { 5422 tcp->tcp_if_mtu = mac_get_mtu(); 5423 } 5424 tcp->tcp_mss = tcp->tcp_if_mtu; 5425 5426 tcp->tcp_first_timer_threshold = tcp_ip_notify_interval; 5427 tcp->tcp_first_ctimer_threshold = tcp_ip_notify_cinterval; 5428 tcp->tcp_second_timer_threshold = tcp_ip_abort_interval; 5429 /* 5430 * Fix it to tcp_ip_abort_linterval later if it turns out to be a 5431 * passive open. 5432 */ 5433 tcp->tcp_second_ctimer_threshold = tcp_ip_abort_cinterval; 5434 5435 tcp->tcp_naglim = tcp_naglim_def; 5436 5437 /* NOTE: ISS is now set in tcp_adapt_ire(). */ 5438 5439 /* Initialize the header template */ 5440 if (tcp->tcp_ipversion == IPV4_VERSION) { 5441 err = tcp_header_init_ipv4(tcp); 5442 } 5443 if (err) 5444 return (err); 5445 5446 /* 5447 * Init the window scale to the max so tcp_rwnd_set() won't pare 5448 * down tcp_rwnd. tcp_adapt_ire() will set the right value later. 5449 */ 5450 tcp->tcp_rcv_ws = TCP_MAX_WINSHIFT; 5451 tcp->tcp_xmit_lowater = tcp_xmit_lowat; 5452 if (isp != NULL) { 5453 tcp->tcp_xmit_hiwater = isp->so_sndbuf; 5454 tcp->tcp_rwnd = isp->so_rcvbuf; 5455 tcp->tcp_rwnd_max = isp->so_rcvbuf; 5456 } 5457 tcp->tcp_state = TCPS_IDLE; 5458 return (0); 5459 } 5460 5461 /* 5462 * Initialize the IPv4 header. Loses any record of any IP options. 5463 */ 5464 static int 5465 tcp_header_init_ipv4(tcp_t *tcp) 5466 { 5467 tcph_t *tcph; 5468 5469 /* 5470 * This is a simple initialization. If there's 5471 * already a template, it should never be too small, 5472 * so reuse it. Otherwise, allocate space for the new one. 5473 */ 5474 if (tcp->tcp_iphc != NULL) { 5475 assert(tcp->tcp_iphc_len >= TCP_MAX_COMBINED_HEADER_LENGTH); 5476 bzero(tcp->tcp_iphc, tcp->tcp_iphc_len); 5477 } else { 5478 tcp->tcp_iphc_len = TCP_MAX_COMBINED_HEADER_LENGTH; 5479 tcp->tcp_iphc = bkmem_zalloc(tcp->tcp_iphc_len); 5480 if (tcp->tcp_iphc == NULL) { 5481 tcp->tcp_iphc_len = 0; 5482 return (ENOMEM); 5483 } 5484 } 5485 tcp->tcp_ipha = (struct ip *)tcp->tcp_iphc; 5486 tcp->tcp_ipversion = IPV4_VERSION; 5487 5488 /* 5489 * Note that it does not include TCP options yet. It will 5490 * after the connection is established. 5491 */ 5492 tcp->tcp_hdr_len = sizeof (struct ip) + sizeof (tcph_t); 5493 tcp->tcp_tcp_hdr_len = sizeof (tcph_t); 5494 tcp->tcp_ip_hdr_len = sizeof (struct ip); 5495 tcp->tcp_ipha->ip_v = IP_VERSION; 5496 /* We don't support IP options... */ 5497 tcp->tcp_ipha->ip_hl = IP_SIMPLE_HDR_LENGTH_IN_WORDS; 5498 tcp->tcp_ipha->ip_p = IPPROTO_TCP; 5499 /* We are not supposed to do PMTU discovery... */ 5500 tcp->tcp_ipha->ip_sum = 0; 5501 5502 tcph = (tcph_t *)(tcp->tcp_iphc + sizeof (struct ip)); 5503 tcp->tcp_tcph = tcph; 5504 tcph->th_offset_and_rsrvd[0] = (5 << 4); 5505 return (0); 5506 } 5507 5508 /* 5509 * Send out a control packet on the tcp connection specified. This routine 5510 * is typically called where we need a simple ACK or RST generated. 5511 * 5512 * This function is called with or without a mp. 5513 */ 5514 static void 5515 tcp_xmit_ctl(char *str, tcp_t *tcp, mblk_t *mp, uint32_t seq, 5516 uint32_t ack, int ctl, uint_t ip_hdr_len, int sock_id) 5517 { 5518 uchar_t *rptr; 5519 tcph_t *tcph; 5520 struct ip *iph = NULL; 5521 int tcp_hdr_len; 5522 int tcp_ip_hdr_len; 5523 5524 tcp_hdr_len = tcp->tcp_hdr_len; 5525 tcp_ip_hdr_len = tcp->tcp_ip_hdr_len; 5526 5527 if (mp) { 5528 assert(ip_hdr_len != 0); 5529 rptr = mp->b_rptr; 5530 tcph = (tcph_t *)(rptr + ip_hdr_len); 5531 /* Don't reply to a RST segment. */ 5532 if (tcph->th_flags[0] & TH_RST) { 5533 freeb(mp); 5534 return; 5535 } 5536 freemsg(mp); 5537 rptr = NULL; 5538 } else { 5539 assert(ip_hdr_len == 0); 5540 } 5541 /* If a text string is passed in with the request, print it out. */ 5542 if (str != NULL) { 5543 dprintf("tcp_xmit_ctl(%d): '%s', seq 0x%x, ack 0x%x, " 5544 "ctl 0x%x\n", sock_id, str, seq, ack, ctl); 5545 } 5546 mp = allocb(tcp_ip_hdr_len + TCP_MAX_HDR_LENGTH + tcp_wroff_xtra, 0); 5547 if (mp == NULL) { 5548 dprintf("tcp_xmit_ctl(%d): Cannot allocate memory\n", sock_id); 5549 return; 5550 } 5551 rptr = &mp->b_rptr[tcp_wroff_xtra]; 5552 mp->b_rptr = rptr; 5553 mp->b_wptr = &rptr[tcp_hdr_len]; 5554 bcopy(tcp->tcp_iphc, rptr, tcp_hdr_len); 5555 5556 iph = (struct ip *)rptr; 5557 iph->ip_len = htons(tcp_hdr_len); 5558 5559 tcph = (tcph_t *)&rptr[tcp_ip_hdr_len]; 5560 tcph->th_flags[0] = (uint8_t)ctl; 5561 if (ctl & TH_RST) { 5562 BUMP_MIB(tcp_mib.tcpOutRsts); 5563 BUMP_MIB(tcp_mib.tcpOutControl); 5564 /* 5565 * Don't send TSopt w/ TH_RST packets per RFC 1323. 5566 */ 5567 if (tcp->tcp_snd_ts_ok && tcp->tcp_state > TCPS_SYN_SENT) { 5568 mp->b_wptr = &rptr[tcp_hdr_len - TCPOPT_REAL_TS_LEN]; 5569 *(mp->b_wptr) = TCPOPT_EOL; 5570 iph->ip_len = htons(tcp_hdr_len - 5571 TCPOPT_REAL_TS_LEN); 5572 tcph->th_offset_and_rsrvd[0] -= (3 << 4); 5573 } 5574 } 5575 if (ctl & TH_ACK) { 5576 uint32_t now = prom_gettime(); 5577 5578 if (tcp->tcp_snd_ts_ok) { 5579 U32_TO_BE32(now, 5580 (char *)tcph+TCP_MIN_HEADER_LENGTH+4); 5581 U32_TO_BE32(tcp->tcp_ts_recent, 5582 (char *)tcph+TCP_MIN_HEADER_LENGTH+8); 5583 } 5584 tcp->tcp_rack = ack; 5585 tcp->tcp_rack_cnt = 0; 5586 BUMP_MIB(tcp_mib.tcpOutAck); 5587 } 5588 BUMP_MIB(tcp_mib.tcpOutSegs); 5589 U32_TO_BE32(seq, tcph->th_seq); 5590 U32_TO_BE32(ack, tcph->th_ack); 5591 5592 tcp_set_cksum(mp); 5593 iph->ip_ttl = (uint8_t)tcp_ipv4_ttl; 5594 TCP_DUMP_PACKET("tcp_xmit_ctl", mp); 5595 (void) ipv4_tcp_output(sock_id, mp); 5596 freeb(mp); 5597 } 5598 5599 /* Generate an ACK-only (no data) segment for a TCP endpoint */ 5600 static mblk_t * 5601 tcp_ack_mp(tcp_t *tcp) 5602 { 5603 if (tcp->tcp_valid_bits) { 5604 /* 5605 * For the complex case where we have to send some 5606 * controls (FIN or SYN), let tcp_xmit_mp do it. 5607 * When sending an ACK-only segment (no data) 5608 * into a zero window, always set the seq number to 5609 * suna, since snxt will be extended past the window. 5610 * If we used snxt, the receiver might consider the ACK 5611 * unacceptable. 5612 */ 5613 return (tcp_xmit_mp(tcp, NULL, 0, NULL, NULL, 5614 (tcp->tcp_zero_win_probe) ? 5615 tcp->tcp_suna : 5616 tcp->tcp_snxt, B_FALSE, NULL, B_FALSE)); 5617 } else { 5618 /* Generate a simple ACK */ 5619 uchar_t *rptr; 5620 tcph_t *tcph; 5621 mblk_t *mp1; 5622 int32_t tcp_hdr_len; 5623 int32_t num_sack_blk = 0; 5624 int32_t sack_opt_len; 5625 5626 /* 5627 * Allocate space for TCP + IP headers 5628 * and link-level header 5629 */ 5630 if (tcp->tcp_snd_sack_ok && tcp->tcp_num_sack_blk > 0) { 5631 num_sack_blk = MIN(tcp->tcp_max_sack_blk, 5632 tcp->tcp_num_sack_blk); 5633 sack_opt_len = num_sack_blk * sizeof (sack_blk_t) + 5634 TCPOPT_NOP_LEN * 2 + TCPOPT_HEADER_LEN; 5635 tcp_hdr_len = tcp->tcp_hdr_len + sack_opt_len; 5636 } else { 5637 tcp_hdr_len = tcp->tcp_hdr_len; 5638 } 5639 mp1 = allocb(tcp_hdr_len + tcp_wroff_xtra, 0); 5640 if (mp1 == NULL) 5641 return (NULL); 5642 5643 /* copy in prototype TCP + IP header */ 5644 rptr = mp1->b_rptr + tcp_wroff_xtra; 5645 mp1->b_rptr = rptr; 5646 mp1->b_wptr = rptr + tcp_hdr_len; 5647 bcopy(tcp->tcp_iphc, rptr, tcp->tcp_hdr_len); 5648 5649 tcph = (tcph_t *)&rptr[tcp->tcp_ip_hdr_len]; 5650 5651 /* 5652 * Set the TCP sequence number. 5653 * When sending an ACK-only segment (no data) 5654 * into a zero window, always set the seq number to 5655 * suna, since snxt will be extended past the window. 5656 * If we used snxt, the receiver might consider the ACK 5657 * unacceptable. 5658 */ 5659 U32_TO_ABE32((tcp->tcp_zero_win_probe) ? 5660 tcp->tcp_suna : tcp->tcp_snxt, tcph->th_seq); 5661 5662 /* Set up the TCP flag field. */ 5663 tcph->th_flags[0] = (uchar_t)TH_ACK; 5664 if (tcp->tcp_ecn_echo_on) 5665 tcph->th_flags[0] |= TH_ECE; 5666 5667 tcp->tcp_rack = tcp->tcp_rnxt; 5668 tcp->tcp_rack_cnt = 0; 5669 5670 /* fill in timestamp option if in use */ 5671 if (tcp->tcp_snd_ts_ok) { 5672 uint32_t llbolt = (uint32_t)prom_gettime(); 5673 5674 U32_TO_BE32(llbolt, 5675 (char *)tcph+TCP_MIN_HEADER_LENGTH+4); 5676 U32_TO_BE32(tcp->tcp_ts_recent, 5677 (char *)tcph+TCP_MIN_HEADER_LENGTH+8); 5678 } 5679 5680 /* Fill in SACK options */ 5681 if (num_sack_blk > 0) { 5682 uchar_t *wptr = (uchar_t *)tcph + tcp->tcp_tcp_hdr_len; 5683 sack_blk_t *tmp; 5684 int32_t i; 5685 5686 wptr[0] = TCPOPT_NOP; 5687 wptr[1] = TCPOPT_NOP; 5688 wptr[2] = TCPOPT_SACK; 5689 wptr[3] = TCPOPT_HEADER_LEN + num_sack_blk * 5690 sizeof (sack_blk_t); 5691 wptr += TCPOPT_REAL_SACK_LEN; 5692 5693 tmp = tcp->tcp_sack_list; 5694 for (i = 0; i < num_sack_blk; i++) { 5695 U32_TO_BE32(tmp[i].begin, wptr); 5696 wptr += sizeof (tcp_seq); 5697 U32_TO_BE32(tmp[i].end, wptr); 5698 wptr += sizeof (tcp_seq); 5699 } 5700 tcph->th_offset_and_rsrvd[0] += ((num_sack_blk * 2 + 1) 5701 << 4); 5702 } 5703 5704 ((struct ip *)rptr)->ip_len = htons(tcp_hdr_len); 5705 tcp_set_cksum(mp1); 5706 ((struct ip *)rptr)->ip_ttl = (uint8_t)tcp_ipv4_ttl; 5707 return (mp1); 5708 } 5709 } 5710 5711 /* 5712 * tcp_xmit_mp is called to return a pointer to an mblk chain complete with 5713 * ip and tcp header ready to pass down to IP. If the mp passed in is 5714 * non-NULL, then up to max_to_send bytes of data will be dup'ed off that 5715 * mblk. (If sendall is not set the dup'ing will stop at an mblk boundary 5716 * otherwise it will dup partial mblks.) 5717 * Otherwise, an appropriate ACK packet will be generated. This 5718 * routine is not usually called to send new data for the first time. It 5719 * is mostly called out of the timer for retransmits, and to generate ACKs. 5720 * 5721 * If offset is not NULL, the returned mblk chain's first mblk's b_rptr will 5722 * be adjusted by *offset. And after dupb(), the offset and the ending mblk 5723 * of the original mblk chain will be returned in *offset and *end_mp. 5724 */ 5725 static mblk_t * 5726 tcp_xmit_mp(tcp_t *tcp, mblk_t *mp, int32_t max_to_send, int32_t *offset, 5727 mblk_t **end_mp, uint32_t seq, boolean_t sendall, uint32_t *seg_len, 5728 boolean_t rexmit) 5729 { 5730 int data_length; 5731 int32_t off = 0; 5732 uint_t flags; 5733 mblk_t *mp1; 5734 mblk_t *mp2; 5735 mblk_t *new_mp; 5736 uchar_t *rptr; 5737 tcph_t *tcph; 5738 int32_t num_sack_blk = 0; 5739 int32_t sack_opt_len = 0; 5740 5741 /* Allocate for our maximum TCP header + link-level */ 5742 mp1 = allocb(tcp->tcp_ip_hdr_len + TCP_MAX_HDR_LENGTH + 5743 tcp_wroff_xtra, 0); 5744 if (mp1 == NULL) 5745 return (NULL); 5746 data_length = 0; 5747 5748 /* 5749 * Note that tcp_mss has been adjusted to take into account the 5750 * timestamp option if applicable. Because SACK options do not 5751 * appear in every TCP segments and they are of variable lengths, 5752 * they cannot be included in tcp_mss. Thus we need to calculate 5753 * the actual segment length when we need to send a segment which 5754 * includes SACK options. 5755 */ 5756 if (tcp->tcp_snd_sack_ok && tcp->tcp_num_sack_blk > 0) { 5757 num_sack_blk = MIN(tcp->tcp_max_sack_blk, 5758 tcp->tcp_num_sack_blk); 5759 sack_opt_len = num_sack_blk * sizeof (sack_blk_t) + 5760 TCPOPT_NOP_LEN * 2 + TCPOPT_HEADER_LEN; 5761 if (max_to_send + sack_opt_len > tcp->tcp_mss) 5762 max_to_send -= sack_opt_len; 5763 } 5764 5765 if (offset != NULL) { 5766 off = *offset; 5767 /* We use offset as an indicator that end_mp is not NULL. */ 5768 *end_mp = NULL; 5769 } 5770 for (mp2 = mp1; mp && data_length != max_to_send; mp = mp->b_cont) { 5771 /* This could be faster with cooperation from downstream */ 5772 if (mp2 != mp1 && !sendall && 5773 data_length + (int)(mp->b_wptr - mp->b_rptr) > 5774 max_to_send) 5775 /* 5776 * Don't send the next mblk since the whole mblk 5777 * does not fit. 5778 */ 5779 break; 5780 mp2->b_cont = dupb(mp); 5781 mp2 = mp2->b_cont; 5782 if (mp2 == NULL) { 5783 freemsg(mp1); 5784 return (NULL); 5785 } 5786 mp2->b_rptr += off; 5787 assert((uintptr_t)(mp2->b_wptr - mp2->b_rptr) <= 5788 (uintptr_t)INT_MAX); 5789 5790 data_length += (int)(mp2->b_wptr - mp2->b_rptr); 5791 if (data_length > max_to_send) { 5792 mp2->b_wptr -= data_length - max_to_send; 5793 data_length = max_to_send; 5794 off = mp2->b_wptr - mp->b_rptr; 5795 break; 5796 } else { 5797 off = 0; 5798 } 5799 } 5800 if (offset != NULL) { 5801 *offset = off; 5802 *end_mp = mp; 5803 } 5804 if (seg_len != NULL) { 5805 *seg_len = data_length; 5806 } 5807 5808 rptr = mp1->b_rptr + tcp_wroff_xtra; 5809 mp1->b_rptr = rptr; 5810 mp1->b_wptr = rptr + tcp->tcp_hdr_len + sack_opt_len; 5811 bcopy(tcp->tcp_iphc, rptr, tcp->tcp_hdr_len); 5812 tcph = (tcph_t *)&rptr[tcp->tcp_ip_hdr_len]; 5813 U32_TO_ABE32(seq, tcph->th_seq); 5814 5815 /* 5816 * Use tcp_unsent to determine if the PUSH bit should be used assumes 5817 * that this function was called from tcp_wput_data. Thus, when called 5818 * to retransmit data the setting of the PUSH bit may appear some 5819 * what random in that it might get set when it should not. This 5820 * should not pose any performance issues. 5821 */ 5822 if (data_length != 0 && (tcp->tcp_unsent == 0 || 5823 tcp->tcp_unsent == data_length)) { 5824 flags = TH_ACK | TH_PUSH; 5825 } else { 5826 flags = TH_ACK; 5827 } 5828 5829 if (tcp->tcp_ecn_ok) { 5830 if (tcp->tcp_ecn_echo_on) 5831 flags |= TH_ECE; 5832 5833 /* 5834 * Only set ECT bit and ECN_CWR if a segment contains new data. 5835 * There is no TCP flow control for non-data segments, and 5836 * only data segment is transmitted reliably. 5837 */ 5838 if (data_length > 0 && !rexmit) { 5839 SET_ECT(tcp, rptr); 5840 if (tcp->tcp_cwr && !tcp->tcp_ecn_cwr_sent) { 5841 flags |= TH_CWR; 5842 tcp->tcp_ecn_cwr_sent = B_TRUE; 5843 } 5844 } 5845 } 5846 5847 if (tcp->tcp_valid_bits) { 5848 uint32_t u1; 5849 5850 if ((tcp->tcp_valid_bits & TCP_ISS_VALID) && 5851 seq == tcp->tcp_iss) { 5852 uchar_t *wptr; 5853 5854 /* 5855 * Tack on the MSS option. It is always needed 5856 * for both active and passive open. 5857 */ 5858 wptr = mp1->b_wptr; 5859 wptr[0] = TCPOPT_MAXSEG; 5860 wptr[1] = TCPOPT_MAXSEG_LEN; 5861 wptr += 2; 5862 /* 5863 * MSS option value should be interface MTU - MIN 5864 * TCP/IP header. 5865 */ 5866 u1 = tcp->tcp_if_mtu - IP_SIMPLE_HDR_LENGTH - 5867 TCP_MIN_HEADER_LENGTH; 5868 U16_TO_BE16(u1, wptr); 5869 mp1->b_wptr = wptr + 2; 5870 /* Update the offset to cover the additional word */ 5871 tcph->th_offset_and_rsrvd[0] += (1 << 4); 5872 5873 /* 5874 * Note that the following way of filling in 5875 * TCP options are not optimal. Some NOPs can 5876 * be saved. But there is no need at this time 5877 * to optimize it. When it is needed, we will 5878 * do it. 5879 */ 5880 switch (tcp->tcp_state) { 5881 case TCPS_SYN_SENT: 5882 flags = TH_SYN; 5883 5884 if (tcp->tcp_snd_ws_ok) { 5885 wptr = mp1->b_wptr; 5886 wptr[0] = TCPOPT_NOP; 5887 wptr[1] = TCPOPT_WSCALE; 5888 wptr[2] = TCPOPT_WS_LEN; 5889 wptr[3] = (uchar_t)tcp->tcp_rcv_ws; 5890 mp1->b_wptr += TCPOPT_REAL_WS_LEN; 5891 tcph->th_offset_and_rsrvd[0] += 5892 (1 << 4); 5893 } 5894 5895 if (tcp->tcp_snd_ts_ok) { 5896 uint32_t llbolt; 5897 5898 llbolt = prom_gettime(); 5899 wptr = mp1->b_wptr; 5900 wptr[0] = TCPOPT_NOP; 5901 wptr[1] = TCPOPT_NOP; 5902 wptr[2] = TCPOPT_TSTAMP; 5903 wptr[3] = TCPOPT_TSTAMP_LEN; 5904 wptr += 4; 5905 U32_TO_BE32(llbolt, wptr); 5906 wptr += 4; 5907 assert(tcp->tcp_ts_recent == 0); 5908 U32_TO_BE32(0L, wptr); 5909 mp1->b_wptr += TCPOPT_REAL_TS_LEN; 5910 tcph->th_offset_and_rsrvd[0] += 5911 (3 << 4); 5912 } 5913 5914 if (tcp->tcp_snd_sack_ok) { 5915 wptr = mp1->b_wptr; 5916 wptr[0] = TCPOPT_NOP; 5917 wptr[1] = TCPOPT_NOP; 5918 wptr[2] = TCPOPT_SACK_PERMITTED; 5919 wptr[3] = TCPOPT_SACK_OK_LEN; 5920 mp1->b_wptr += TCPOPT_REAL_SACK_OK_LEN; 5921 tcph->th_offset_and_rsrvd[0] += 5922 (1 << 4); 5923 } 5924 5925 /* 5926 * Set up all the bits to tell other side 5927 * we are ECN capable. 5928 */ 5929 if (tcp->tcp_ecn_ok) { 5930 flags |= (TH_ECE | TH_CWR); 5931 } 5932 break; 5933 case TCPS_SYN_RCVD: 5934 flags |= TH_SYN; 5935 5936 if (tcp->tcp_snd_ws_ok) { 5937 wptr = mp1->b_wptr; 5938 wptr[0] = TCPOPT_NOP; 5939 wptr[1] = TCPOPT_WSCALE; 5940 wptr[2] = TCPOPT_WS_LEN; 5941 wptr[3] = (uchar_t)tcp->tcp_rcv_ws; 5942 mp1->b_wptr += TCPOPT_REAL_WS_LEN; 5943 tcph->th_offset_and_rsrvd[0] += (1 << 4); 5944 } 5945 5946 if (tcp->tcp_snd_sack_ok) { 5947 wptr = mp1->b_wptr; 5948 wptr[0] = TCPOPT_NOP; 5949 wptr[1] = TCPOPT_NOP; 5950 wptr[2] = TCPOPT_SACK_PERMITTED; 5951 wptr[3] = TCPOPT_SACK_OK_LEN; 5952 mp1->b_wptr += TCPOPT_REAL_SACK_OK_LEN; 5953 tcph->th_offset_and_rsrvd[0] += 5954 (1 << 4); 5955 } 5956 5957 /* 5958 * If the other side is ECN capable, reply 5959 * that we are also ECN capable. 5960 */ 5961 if (tcp->tcp_ecn_ok) { 5962 flags |= TH_ECE; 5963 } 5964 break; 5965 default: 5966 break; 5967 } 5968 /* allocb() of adequate mblk assures space */ 5969 assert((uintptr_t)(mp1->b_wptr - 5970 mp1->b_rptr) <= (uintptr_t)INT_MAX); 5971 if (flags & TH_SYN) 5972 BUMP_MIB(tcp_mib.tcpOutControl); 5973 } 5974 if ((tcp->tcp_valid_bits & TCP_FSS_VALID) && 5975 (seq + data_length) == tcp->tcp_fss) { 5976 if (!tcp->tcp_fin_acked) { 5977 flags |= TH_FIN; 5978 BUMP_MIB(tcp_mib.tcpOutControl); 5979 } 5980 if (!tcp->tcp_fin_sent) { 5981 tcp->tcp_fin_sent = B_TRUE; 5982 switch (tcp->tcp_state) { 5983 case TCPS_SYN_RCVD: 5984 case TCPS_ESTABLISHED: 5985 tcp->tcp_state = TCPS_FIN_WAIT_1; 5986 break; 5987 case TCPS_CLOSE_WAIT: 5988 tcp->tcp_state = TCPS_LAST_ACK; 5989 break; 5990 } 5991 if (tcp->tcp_suna == tcp->tcp_snxt) 5992 TCP_TIMER_RESTART(tcp, tcp->tcp_rto); 5993 tcp->tcp_snxt = tcp->tcp_fss + 1; 5994 } 5995 } 5996 } 5997 tcph->th_flags[0] = (uchar_t)flags; 5998 tcp->tcp_rack = tcp->tcp_rnxt; 5999 tcp->tcp_rack_cnt = 0; 6000 6001 if (tcp->tcp_snd_ts_ok) { 6002 if (tcp->tcp_state != TCPS_SYN_SENT) { 6003 uint32_t llbolt = prom_gettime(); 6004 6005 U32_TO_BE32(llbolt, 6006 (char *)tcph+TCP_MIN_HEADER_LENGTH+4); 6007 U32_TO_BE32(tcp->tcp_ts_recent, 6008 (char *)tcph+TCP_MIN_HEADER_LENGTH+8); 6009 } 6010 } 6011 6012 if (num_sack_blk > 0) { 6013 uchar_t *wptr = (uchar_t *)tcph + tcp->tcp_tcp_hdr_len; 6014 sack_blk_t *tmp; 6015 int32_t i; 6016 6017 wptr[0] = TCPOPT_NOP; 6018 wptr[1] = TCPOPT_NOP; 6019 wptr[2] = TCPOPT_SACK; 6020 wptr[3] = TCPOPT_HEADER_LEN + num_sack_blk * 6021 sizeof (sack_blk_t); 6022 wptr += TCPOPT_REAL_SACK_LEN; 6023 6024 tmp = tcp->tcp_sack_list; 6025 for (i = 0; i < num_sack_blk; i++) { 6026 U32_TO_BE32(tmp[i].begin, wptr); 6027 wptr += sizeof (tcp_seq); 6028 U32_TO_BE32(tmp[i].end, wptr); 6029 wptr += sizeof (tcp_seq); 6030 } 6031 tcph->th_offset_and_rsrvd[0] += ((num_sack_blk * 2 + 1) << 4); 6032 } 6033 assert((uintptr_t)(mp1->b_wptr - rptr) <= (uintptr_t)INT_MAX); 6034 data_length += (int)(mp1->b_wptr - rptr); 6035 if (tcp->tcp_ipversion == IPV4_VERSION) 6036 ((struct ip *)rptr)->ip_len = htons(data_length); 6037 6038 /* 6039 * Performance hit! We need to pullup the whole message 6040 * in order to do checksum and for the MAC output routine. 6041 */ 6042 if (mp1->b_cont != NULL) { 6043 int mp_size; 6044 #ifdef DEBUG 6045 printf("Multiple mblk %d\n", msgdsize(mp1)); 6046 #endif 6047 mp2 = mp1; 6048 new_mp = allocb(msgdsize(mp1) + tcp_wroff_xtra, 0); 6049 new_mp->b_rptr += tcp_wroff_xtra; 6050 new_mp->b_wptr = new_mp->b_rptr; 6051 while (mp1 != NULL) { 6052 mp_size = mp1->b_wptr - mp1->b_rptr; 6053 bcopy(mp1->b_rptr, new_mp->b_wptr, mp_size); 6054 new_mp->b_wptr += mp_size; 6055 mp1 = mp1->b_cont; 6056 } 6057 freemsg(mp2); 6058 mp1 = new_mp; 6059 } 6060 tcp_set_cksum(mp1); 6061 /* Fill in the TTL field as it is 0 in the header template. */ 6062 ((struct ip *)mp1->b_rptr)->ip_ttl = (uint8_t)tcp_ipv4_ttl; 6063 6064 return (mp1); 6065 } 6066 6067 /* 6068 * Generate a "no listener here" reset in response to the 6069 * connection request contained within 'mp' 6070 */ 6071 static void 6072 tcp_xmit_listeners_reset(int sock_id, mblk_t *mp, uint_t ip_hdr_len) 6073 { 6074 uchar_t *rptr; 6075 uint32_t seg_len; 6076 tcph_t *tcph; 6077 uint32_t seg_seq; 6078 uint32_t seg_ack; 6079 uint_t flags; 6080 6081 rptr = mp->b_rptr; 6082 6083 tcph = (tcph_t *)&rptr[ip_hdr_len]; 6084 seg_seq = BE32_TO_U32(tcph->th_seq); 6085 seg_ack = BE32_TO_U32(tcph->th_ack); 6086 flags = tcph->th_flags[0]; 6087 6088 seg_len = msgdsize(mp) - (TCP_HDR_LENGTH(tcph) + ip_hdr_len); 6089 if (flags & TH_RST) { 6090 freeb(mp); 6091 } else if (flags & TH_ACK) { 6092 tcp_xmit_early_reset("no tcp, reset", 6093 sock_id, mp, seg_ack, 0, TH_RST, ip_hdr_len); 6094 } else { 6095 if (flags & TH_SYN) 6096 seg_len++; 6097 tcp_xmit_early_reset("no tcp, reset/ack", sock_id, 6098 mp, 0, seg_seq + seg_len, 6099 TH_RST | TH_ACK, ip_hdr_len); 6100 } 6101 } 6102 6103 /* Non overlapping byte exchanger */ 6104 static void 6105 tcp_xchg(uchar_t *a, uchar_t *b, int len) 6106 { 6107 uchar_t uch; 6108 6109 while (len-- > 0) { 6110 uch = a[len]; 6111 a[len] = b[len]; 6112 b[len] = uch; 6113 } 6114 } 6115 6116 /* 6117 * Generate a reset based on an inbound packet for which there is no active 6118 * tcp state that we can find. 6119 */ 6120 static void 6121 tcp_xmit_early_reset(char *str, int sock_id, mblk_t *mp, uint32_t seq, 6122 uint32_t ack, int ctl, uint_t ip_hdr_len) 6123 { 6124 struct ip *iph = NULL; 6125 ushort_t len; 6126 tcph_t *tcph; 6127 int i; 6128 ipaddr_t addr; 6129 mblk_t *new_mp; 6130 6131 if (str != NULL) { 6132 dprintf("tcp_xmit_early_reset: '%s', seq 0x%x, ack 0x%x, " 6133 "flags 0x%x\n", str, seq, ack, ctl); 6134 } 6135 6136 /* 6137 * We skip reversing source route here. 6138 * (for now we replace all IP options with EOL) 6139 */ 6140 iph = (struct ip *)mp->b_rptr; 6141 for (i = IP_SIMPLE_HDR_LENGTH; i < (int)ip_hdr_len; i++) 6142 mp->b_rptr[i] = IPOPT_EOL; 6143 /* 6144 * Make sure that src address is not a limited broadcast 6145 * address. Not all broadcast address checking for the 6146 * src address is possible, since we don't know the 6147 * netmask of the src addr. 6148 * No check for destination address is done, since 6149 * IP will not pass up a packet with a broadcast dest address 6150 * to TCP. 6151 */ 6152 if (iph->ip_src.s_addr == INADDR_ANY || 6153 iph->ip_src.s_addr == INADDR_BROADCAST) { 6154 freemsg(mp); 6155 return; 6156 } 6157 6158 tcph = (tcph_t *)&mp->b_rptr[ip_hdr_len]; 6159 if (tcph->th_flags[0] & TH_RST) { 6160 freemsg(mp); 6161 return; 6162 } 6163 /* 6164 * Now copy the original header to a new buffer. The reason 6165 * for doing this is that we need to put extra room before 6166 * the header for the MAC layer address. The original mblk 6167 * does not have this extra head room. 6168 */ 6169 len = ip_hdr_len + sizeof (tcph_t); 6170 if ((new_mp = allocb(len + tcp_wroff_xtra, 0)) == NULL) { 6171 freemsg(mp); 6172 return; 6173 } 6174 new_mp->b_rptr += tcp_wroff_xtra; 6175 bcopy(mp->b_rptr, new_mp->b_rptr, len); 6176 new_mp->b_wptr = new_mp->b_rptr + len; 6177 freemsg(mp); 6178 mp = new_mp; 6179 iph = (struct ip *)mp->b_rptr; 6180 tcph = (tcph_t *)&mp->b_rptr[ip_hdr_len]; 6181 6182 tcph->th_offset_and_rsrvd[0] = (5 << 4); 6183 tcp_xchg(tcph->th_fport, tcph->th_lport, 2); 6184 U32_TO_BE32(ack, tcph->th_ack); 6185 U32_TO_BE32(seq, tcph->th_seq); 6186 U16_TO_BE16(0, tcph->th_win); 6187 bzero(tcph->th_sum, sizeof (int16_t)); 6188 tcph->th_flags[0] = (uint8_t)ctl; 6189 if (ctl & TH_RST) { 6190 BUMP_MIB(tcp_mib.tcpOutRsts); 6191 BUMP_MIB(tcp_mib.tcpOutControl); 6192 } 6193 6194 iph->ip_len = htons(len); 6195 /* Swap addresses */ 6196 addr = iph->ip_src.s_addr; 6197 iph->ip_src = iph->ip_dst; 6198 iph->ip_dst.s_addr = addr; 6199 iph->ip_id = 0; 6200 iph->ip_ttl = 0; 6201 tcp_set_cksum(mp); 6202 iph->ip_ttl = (uint8_t)tcp_ipv4_ttl; 6203 6204 /* Dump the packet when debugging. */ 6205 TCP_DUMP_PACKET("tcp_xmit_early_reset", mp); 6206 (void) ipv4_tcp_output(sock_id, mp); 6207 freemsg(mp); 6208 } 6209 6210 static void 6211 tcp_set_cksum(mblk_t *mp) 6212 { 6213 struct ip *iph; 6214 tcpha_t *tcph; 6215 int len; 6216 6217 iph = (struct ip *)mp->b_rptr; 6218 tcph = (tcpha_t *)(iph + 1); 6219 len = ntohs(iph->ip_len); 6220 /* 6221 * Calculate the TCP checksum. Need to include the psuedo header, 6222 * which is similar to the real IP header starting at the TTL field. 6223 */ 6224 iph->ip_sum = htons(len - IP_SIMPLE_HDR_LENGTH); 6225 tcph->tha_sum = 0; 6226 tcph->tha_sum = tcp_cksum((uint16_t *)&(iph->ip_ttl), 6227 len - IP_SIMPLE_HDR_LENGTH + 12); 6228 iph->ip_sum = 0; 6229 } 6230 6231 static uint16_t 6232 tcp_cksum(uint16_t *buf, uint32_t len) 6233 { 6234 /* 6235 * Compute Internet Checksum for "count" bytes 6236 * beginning at location "addr". 6237 */ 6238 int32_t sum = 0; 6239 6240 while (len > 1) { 6241 /* This is the inner loop */ 6242 sum += *buf++; 6243 len -= 2; 6244 } 6245 6246 /* Add left-over byte, if any */ 6247 if (len > 0) 6248 sum += *(unsigned char *)buf * 256; 6249 6250 /* Fold 32-bit sum to 16 bits */ 6251 while (sum >> 16) 6252 sum = (sum & 0xffff) + (sum >> 16); 6253 6254 return ((uint16_t)~sum); 6255 } 6256 6257 /* 6258 * Type three generator adapted from the random() function in 4.4 BSD: 6259 */ 6260 6261 /* 6262 * Copyright (c) 1983, 1993 6263 * The Regents of the University of California. All rights reserved. 6264 * 6265 * Redistribution and use in source and binary forms, with or without 6266 * modification, are permitted provided that the following conditions 6267 * are met: 6268 * 1. Redistributions of source code must retain the above copyright 6269 * notice, this list of conditions and the following disclaimer. 6270 * 2. Redistributions in binary form must reproduce the above copyright 6271 * notice, this list of conditions and the following disclaimer in the 6272 * documentation and/or other materials provided with the distribution. 6273 * 3. All advertising materials mentioning features or use of this software 6274 * must display the following acknowledgement: 6275 * This product includes software developed by the University of 6276 * California, Berkeley and its contributors. 6277 * 4. Neither the name of the University nor the names of its contributors 6278 * may be used to endorse or promote products derived from this software 6279 * without specific prior written permission. 6280 * 6281 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 6282 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 6283 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 6284 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 6285 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 6286 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 6287 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 6288 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 6289 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 6290 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 6291 * SUCH DAMAGE. 6292 */ 6293 6294 /* Type 3 -- x**31 + x**3 + 1 */ 6295 #define DEG_3 31 6296 #define SEP_3 3 6297 6298 6299 /* Protected by tcp_random_lock */ 6300 static int tcp_randtbl[DEG_3 + 1]; 6301 6302 static int *tcp_random_fptr = &tcp_randtbl[SEP_3 + 1]; 6303 static int *tcp_random_rptr = &tcp_randtbl[1]; 6304 6305 static int *tcp_random_state = &tcp_randtbl[1]; 6306 static int *tcp_random_end_ptr = &tcp_randtbl[DEG_3 + 1]; 6307 6308 static void 6309 tcp_random_init(void) 6310 { 6311 int i; 6312 uint32_t hrt; 6313 uint32_t wallclock; 6314 uint32_t result; 6315 6316 /* 6317 * 6318 * XXX We don't have high resolution time in standalone... The 6319 * following is just some approximation on the comment below. 6320 * 6321 * Use high-res timer and current time for seed. Gethrtime() returns 6322 * a longlong, which may contain resolution down to nanoseconds. 6323 * The current time will either be a 32-bit or a 64-bit quantity. 6324 * XOR the two together in a 64-bit result variable. 6325 * Convert the result to a 32-bit value by multiplying the high-order 6326 * 32-bits by the low-order 32-bits. 6327 * 6328 * XXX We don't have gethrtime() in prom and the wallclock.... 6329 */ 6330 6331 hrt = prom_gettime(); 6332 wallclock = (uint32_t)time(NULL); 6333 result = wallclock ^ hrt; 6334 tcp_random_state[0] = result; 6335 6336 for (i = 1; i < DEG_3; i++) 6337 tcp_random_state[i] = 1103515245 * tcp_random_state[i - 1] 6338 + 12345; 6339 tcp_random_fptr = &tcp_random_state[SEP_3]; 6340 tcp_random_rptr = &tcp_random_state[0]; 6341 for (i = 0; i < 10 * DEG_3; i++) 6342 (void) tcp_random(); 6343 } 6344 6345 /* 6346 * tcp_random: Return a random number in the range [1 - (128K + 1)]. 6347 * This range is selected to be approximately centered on TCP_ISS / 2, 6348 * and easy to compute. We get this value by generating a 32-bit random 6349 * number, selecting out the high-order 17 bits, and then adding one so 6350 * that we never return zero. 6351 */ 6352 static int 6353 tcp_random(void) 6354 { 6355 int i; 6356 6357 *tcp_random_fptr += *tcp_random_rptr; 6358 6359 /* 6360 * The high-order bits are more random than the low-order bits, 6361 * so we select out the high-order 17 bits and add one so that 6362 * we never return zero. 6363 */ 6364 i = ((*tcp_random_fptr >> 15) & 0x1ffff) + 1; 6365 if (++tcp_random_fptr >= tcp_random_end_ptr) { 6366 tcp_random_fptr = tcp_random_state; 6367 ++tcp_random_rptr; 6368 } else if (++tcp_random_rptr >= tcp_random_end_ptr) 6369 tcp_random_rptr = tcp_random_state; 6370 6371 return (i); 6372 } 6373 6374 /* 6375 * Generate ISS, taking into account NDD changes may happen halfway through. 6376 * (If the iss is not zero, set it.) 6377 */ 6378 static void 6379 tcp_iss_init(tcp_t *tcp) 6380 { 6381 tcp_iss_incr_extra += (ISS_INCR >> 1); 6382 tcp->tcp_iss = tcp_iss_incr_extra; 6383 tcp->tcp_iss += (prom_gettime() >> ISS_NSEC_SHT) + tcp_random(); 6384 tcp->tcp_valid_bits = TCP_ISS_VALID; 6385 tcp->tcp_fss = tcp->tcp_iss - 1; 6386 tcp->tcp_suna = tcp->tcp_iss; 6387 tcp->tcp_snxt = tcp->tcp_iss + 1; 6388 tcp->tcp_rexmit_nxt = tcp->tcp_snxt; 6389 tcp->tcp_csuna = tcp->tcp_snxt; 6390 } 6391 6392 /* 6393 * Diagnostic routine used to return a string associated with the tcp state. 6394 * Note that if the caller does not supply a buffer, it will use an internal 6395 * static string. This means that if multiple threads call this function at 6396 * the same time, output can be corrupted... Note also that this function 6397 * does not check the size of the supplied buffer. The caller has to make 6398 * sure that it is big enough. 6399 */ 6400 static char * 6401 tcp_display(tcp_t *tcp, char *sup_buf, char format) 6402 { 6403 char buf1[30]; 6404 static char priv_buf[INET_ADDRSTRLEN * 2 + 80]; 6405 char *buf; 6406 char *cp; 6407 char local_addrbuf[INET_ADDRSTRLEN]; 6408 char remote_addrbuf[INET_ADDRSTRLEN]; 6409 struct in_addr addr; 6410 6411 if (sup_buf != NULL) 6412 buf = sup_buf; 6413 else 6414 buf = priv_buf; 6415 6416 if (tcp == NULL) 6417 return ("NULL_TCP"); 6418 switch (tcp->tcp_state) { 6419 case TCPS_CLOSED: 6420 cp = "TCP_CLOSED"; 6421 break; 6422 case TCPS_IDLE: 6423 cp = "TCP_IDLE"; 6424 break; 6425 case TCPS_BOUND: 6426 cp = "TCP_BOUND"; 6427 break; 6428 case TCPS_LISTEN: 6429 cp = "TCP_LISTEN"; 6430 break; 6431 case TCPS_SYN_SENT: 6432 cp = "TCP_SYN_SENT"; 6433 break; 6434 case TCPS_SYN_RCVD: 6435 cp = "TCP_SYN_RCVD"; 6436 break; 6437 case TCPS_ESTABLISHED: 6438 cp = "TCP_ESTABLISHED"; 6439 break; 6440 case TCPS_CLOSE_WAIT: 6441 cp = "TCP_CLOSE_WAIT"; 6442 break; 6443 case TCPS_FIN_WAIT_1: 6444 cp = "TCP_FIN_WAIT_1"; 6445 break; 6446 case TCPS_CLOSING: 6447 cp = "TCP_CLOSING"; 6448 break; 6449 case TCPS_LAST_ACK: 6450 cp = "TCP_LAST_ACK"; 6451 break; 6452 case TCPS_FIN_WAIT_2: 6453 cp = "TCP_FIN_WAIT_2"; 6454 break; 6455 case TCPS_TIME_WAIT: 6456 cp = "TCP_TIME_WAIT"; 6457 break; 6458 default: 6459 (void) sprintf(buf1, "TCPUnkState(%d)", tcp->tcp_state); 6460 cp = buf1; 6461 break; 6462 } 6463 switch (format) { 6464 case DISP_ADDR_AND_PORT: 6465 /* 6466 * Note that we use the remote address in the tcp_b 6467 * structure. This means that it will print out 6468 * the real destination address, not the next hop's 6469 * address if source routing is used. 6470 */ 6471 addr.s_addr = tcp->tcp_bound_source; 6472 bcopy(inet_ntoa(addr), local_addrbuf, sizeof (local_addrbuf)); 6473 addr.s_addr = tcp->tcp_remote; 6474 bcopy(inet_ntoa(addr), remote_addrbuf, sizeof (remote_addrbuf)); 6475 (void) snprintf(buf, sizeof (priv_buf), "[%s.%u, %s.%u] %s", 6476 local_addrbuf, ntohs(tcp->tcp_lport), remote_addrbuf, 6477 ntohs(tcp->tcp_fport), cp); 6478 break; 6479 case DISP_PORT_ONLY: 6480 default: 6481 (void) snprintf(buf, sizeof (priv_buf), "[%u, %u] %s", 6482 ntohs(tcp->tcp_lport), ntohs(tcp->tcp_fport), cp); 6483 break; 6484 } 6485 6486 return (buf); 6487 } 6488 6489 /* 6490 * Add a new piece to the tcp reassembly queue. If the gap at the beginning 6491 * is filled, return as much as we can. The message passed in may be 6492 * multi-part, chained using b_cont. "start" is the starting sequence 6493 * number for this piece. 6494 */ 6495 static mblk_t * 6496 tcp_reass(tcp_t *tcp, mblk_t *mp, uint32_t start) 6497 { 6498 uint32_t end; 6499 mblk_t *mp1; 6500 mblk_t *mp2; 6501 mblk_t *next_mp; 6502 uint32_t u1; 6503 6504 /* Walk through all the new pieces. */ 6505 do { 6506 assert((uintptr_t)(mp->b_wptr - mp->b_rptr) <= 6507 (uintptr_t)INT_MAX); 6508 end = start + (int)(mp->b_wptr - mp->b_rptr); 6509 next_mp = mp->b_cont; 6510 if (start == end) { 6511 /* Empty. Blast it. */ 6512 freeb(mp); 6513 continue; 6514 } 6515 mp->b_cont = NULL; 6516 TCP_REASS_SET_SEQ(mp, start); 6517 TCP_REASS_SET_END(mp, end); 6518 mp1 = tcp->tcp_reass_tail; 6519 if (!mp1) { 6520 tcp->tcp_reass_tail = mp; 6521 tcp->tcp_reass_head = mp; 6522 BUMP_MIB(tcp_mib.tcpInDataUnorderSegs); 6523 UPDATE_MIB(tcp_mib.tcpInDataUnorderBytes, end - start); 6524 continue; 6525 } 6526 /* New stuff completely beyond tail? */ 6527 if (SEQ_GEQ(start, TCP_REASS_END(mp1))) { 6528 /* Link it on end. */ 6529 mp1->b_cont = mp; 6530 tcp->tcp_reass_tail = mp; 6531 BUMP_MIB(tcp_mib.tcpInDataUnorderSegs); 6532 UPDATE_MIB(tcp_mib.tcpInDataUnorderBytes, end - start); 6533 continue; 6534 } 6535 mp1 = tcp->tcp_reass_head; 6536 u1 = TCP_REASS_SEQ(mp1); 6537 /* New stuff at the front? */ 6538 if (SEQ_LT(start, u1)) { 6539 /* Yes... Check for overlap. */ 6540 mp->b_cont = mp1; 6541 tcp->tcp_reass_head = mp; 6542 tcp_reass_elim_overlap(tcp, mp); 6543 continue; 6544 } 6545 /* 6546 * The new piece fits somewhere between the head and tail. 6547 * We find our slot, where mp1 precedes us and mp2 trails. 6548 */ 6549 for (; (mp2 = mp1->b_cont) != NULL; mp1 = mp2) { 6550 u1 = TCP_REASS_SEQ(mp2); 6551 if (SEQ_LEQ(start, u1)) 6552 break; 6553 } 6554 /* Link ourselves in */ 6555 mp->b_cont = mp2; 6556 mp1->b_cont = mp; 6557 6558 /* Trim overlap with following mblk(s) first */ 6559 tcp_reass_elim_overlap(tcp, mp); 6560 6561 /* Trim overlap with preceding mblk */ 6562 tcp_reass_elim_overlap(tcp, mp1); 6563 6564 } while (start = end, mp = next_mp); 6565 mp1 = tcp->tcp_reass_head; 6566 /* Anything ready to go? */ 6567 if (TCP_REASS_SEQ(mp1) != tcp->tcp_rnxt) 6568 return (NULL); 6569 /* Eat what we can off the queue */ 6570 for (;;) { 6571 mp = mp1->b_cont; 6572 end = TCP_REASS_END(mp1); 6573 TCP_REASS_SET_SEQ(mp1, 0); 6574 TCP_REASS_SET_END(mp1, 0); 6575 if (!mp) { 6576 tcp->tcp_reass_tail = NULL; 6577 break; 6578 } 6579 if (end != TCP_REASS_SEQ(mp)) { 6580 mp1->b_cont = NULL; 6581 break; 6582 } 6583 mp1 = mp; 6584 } 6585 mp1 = tcp->tcp_reass_head; 6586 tcp->tcp_reass_head = mp; 6587 return (mp1); 6588 } 6589 6590 /* Eliminate any overlap that mp may have over later mblks */ 6591 static void 6592 tcp_reass_elim_overlap(tcp_t *tcp, mblk_t *mp) 6593 { 6594 uint32_t end; 6595 mblk_t *mp1; 6596 uint32_t u1; 6597 6598 end = TCP_REASS_END(mp); 6599 while ((mp1 = mp->b_cont) != NULL) { 6600 u1 = TCP_REASS_SEQ(mp1); 6601 if (!SEQ_GT(end, u1)) 6602 break; 6603 if (!SEQ_GEQ(end, TCP_REASS_END(mp1))) { 6604 mp->b_wptr -= end - u1; 6605 TCP_REASS_SET_END(mp, u1); 6606 BUMP_MIB(tcp_mib.tcpInDataPartDupSegs); 6607 UPDATE_MIB(tcp_mib.tcpInDataPartDupBytes, end - u1); 6608 break; 6609 } 6610 mp->b_cont = mp1->b_cont; 6611 freeb(mp1); 6612 BUMP_MIB(tcp_mib.tcpInDataDupSegs); 6613 UPDATE_MIB(tcp_mib.tcpInDataDupBytes, end - u1); 6614 } 6615 if (!mp1) 6616 tcp->tcp_reass_tail = mp; 6617 } 6618 6619 /* 6620 * Remove a connection from the list of detached TIME_WAIT connections. 6621 */ 6622 static void 6623 tcp_time_wait_remove(tcp_t *tcp) 6624 { 6625 if (tcp->tcp_time_wait_expire == 0) { 6626 assert(tcp->tcp_time_wait_next == NULL); 6627 assert(tcp->tcp_time_wait_prev == NULL); 6628 return; 6629 } 6630 assert(tcp->tcp_state == TCPS_TIME_WAIT); 6631 if (tcp == tcp_time_wait_head) { 6632 assert(tcp->tcp_time_wait_prev == NULL); 6633 tcp_time_wait_head = tcp->tcp_time_wait_next; 6634 if (tcp_time_wait_head != NULL) { 6635 tcp_time_wait_head->tcp_time_wait_prev = NULL; 6636 } else { 6637 tcp_time_wait_tail = NULL; 6638 } 6639 } else if (tcp == tcp_time_wait_tail) { 6640 assert(tcp != tcp_time_wait_head); 6641 assert(tcp->tcp_time_wait_next == NULL); 6642 tcp_time_wait_tail = tcp->tcp_time_wait_prev; 6643 assert(tcp_time_wait_tail != NULL); 6644 tcp_time_wait_tail->tcp_time_wait_next = NULL; 6645 } else { 6646 assert(tcp->tcp_time_wait_prev->tcp_time_wait_next == tcp); 6647 assert(tcp->tcp_time_wait_next->tcp_time_wait_prev == tcp); 6648 tcp->tcp_time_wait_prev->tcp_time_wait_next = 6649 tcp->tcp_time_wait_next; 6650 tcp->tcp_time_wait_next->tcp_time_wait_prev = 6651 tcp->tcp_time_wait_prev; 6652 } 6653 tcp->tcp_time_wait_next = NULL; 6654 tcp->tcp_time_wait_prev = NULL; 6655 tcp->tcp_time_wait_expire = 0; 6656 } 6657 6658 /* 6659 * Add a connection to the list of detached TIME_WAIT connections 6660 * and set its time to expire ... 6661 */ 6662 static void 6663 tcp_time_wait_append(tcp_t *tcp) 6664 { 6665 tcp->tcp_time_wait_expire = prom_gettime() + tcp_time_wait_interval; 6666 if (tcp->tcp_time_wait_expire == 0) 6667 tcp->tcp_time_wait_expire = 1; 6668 6669 if (tcp_time_wait_head == NULL) { 6670 assert(tcp_time_wait_tail == NULL); 6671 tcp_time_wait_head = tcp; 6672 } else { 6673 assert(tcp_time_wait_tail != NULL); 6674 assert(tcp_time_wait_tail->tcp_state == TCPS_TIME_WAIT); 6675 tcp_time_wait_tail->tcp_time_wait_next = tcp; 6676 tcp->tcp_time_wait_prev = tcp_time_wait_tail; 6677 } 6678 tcp_time_wait_tail = tcp; 6679 6680 /* for ndd stats about compression */ 6681 tcp_cum_timewait++; 6682 } 6683 6684 /* 6685 * Periodic qtimeout routine run on the default queue. 6686 * Performs 2 functions. 6687 * 1. Does TIME_WAIT compression on all recently added tcps. List 6688 * traversal is done backwards from the tail. 6689 * 2. Blows away all tcps whose TIME_WAIT has expired. List traversal 6690 * is done forwards from the head. 6691 */ 6692 void 6693 tcp_time_wait_collector(void) 6694 { 6695 tcp_t *tcp; 6696 uint32_t now; 6697 6698 /* 6699 * In order to reap time waits reliably, we should use a 6700 * source of time that is not adjustable by the user 6701 */ 6702 now = prom_gettime(); 6703 while ((tcp = tcp_time_wait_head) != NULL) { 6704 /* 6705 * Compare times using modular arithmetic, since 6706 * lbolt can wrapover. 6707 */ 6708 if ((int32_t)(now - tcp->tcp_time_wait_expire) < 0) { 6709 break; 6710 } 6711 /* 6712 * Note that the err must be 0 as there is no socket 6713 * associated with this TCP... 6714 */ 6715 (void) tcp_clean_death(-1, tcp, 0); 6716 } 6717 /* Schedule next run time. */ 6718 tcp_time_wait_runtime = prom_gettime() + 10000; 6719 } 6720 6721 void 6722 tcp_time_wait_report(void) 6723 { 6724 tcp_t *tcp; 6725 6726 printf("Current time %u\n", prom_gettime()); 6727 for (tcp = tcp_time_wait_head; tcp != NULL; 6728 tcp = tcp->tcp_time_wait_next) { 6729 printf("%s expires at %u\n", tcp_display(tcp, NULL, 6730 DISP_ADDR_AND_PORT), tcp->tcp_time_wait_expire); 6731 } 6732 } 6733 6734 /* 6735 * Send up all messages queued on tcp_rcv_list. 6736 * Have to set tcp_co_norm since we use putnext. 6737 */ 6738 static void 6739 tcp_rcv_drain(int sock_id, tcp_t *tcp) 6740 { 6741 mblk_t *mp; 6742 struct inetgram *in_gram; 6743 mblk_t *in_mp; 6744 int len; 6745 6746 /* Don't drain if the app has not finished reading all the data. */ 6747 if (sockets[sock_id].so_rcvbuf <= 0) 6748 return; 6749 6750 /* We might have come here just to updated the rwnd */ 6751 if (tcp->tcp_rcv_list == NULL) 6752 goto win_update; 6753 6754 if ((in_gram = (struct inetgram *)bkmem_zalloc( 6755 sizeof (struct inetgram))) == NULL) { 6756 return; 6757 } 6758 if ((in_mp = allocb(tcp->tcp_rcv_cnt, 0)) == NULL) { 6759 bkmem_free((caddr_t)in_gram, sizeof (struct inetgram)); 6760 return; 6761 } 6762 in_gram->igm_level = APP_LVL; 6763 in_gram->igm_mp = in_mp; 6764 in_gram->igm_id = 0; 6765 6766 while ((mp = tcp->tcp_rcv_list) != NULL) { 6767 tcp->tcp_rcv_list = mp->b_cont; 6768 len = mp->b_wptr - mp->b_rptr; 6769 bcopy(mp->b_rptr, in_mp->b_wptr, len); 6770 in_mp->b_wptr += len; 6771 freeb(mp); 6772 } 6773 6774 tcp->tcp_rcv_last_tail = NULL; 6775 tcp->tcp_rcv_cnt = 0; 6776 add_grams(&sockets[sock_id].inq, in_gram); 6777 6778 /* This means that so_rcvbuf can be less than 0. */ 6779 sockets[sock_id].so_rcvbuf -= in_mp->b_wptr - in_mp->b_rptr; 6780 win_update: 6781 /* 6782 * Increase the receive window to max. But we need to do receiver 6783 * SWS avoidance. This means that we need to check the increase of 6784 * of receive window is at least 1 MSS. 6785 */ 6786 if (sockets[sock_id].so_rcvbuf > 0 && 6787 (tcp->tcp_rwnd_max - tcp->tcp_rwnd >= tcp->tcp_mss)) { 6788 tcp->tcp_rwnd = tcp->tcp_rwnd_max; 6789 U32_TO_ABE16(tcp->tcp_rwnd >> tcp->tcp_rcv_ws, 6790 tcp->tcp_tcph->th_win); 6791 } 6792 } 6793 6794 /* 6795 * Wrapper for recvfrom to call 6796 */ 6797 void 6798 tcp_rcv_drain_sock(int sock_id) 6799 { 6800 tcp_t *tcp; 6801 if ((tcp = sockets[sock_id].pcb) == NULL) 6802 return; 6803 tcp_rcv_drain(sock_id, tcp); 6804 } 6805 6806 /* 6807 * If the inq == NULL and the tcp_rcv_list != NULL, we have data that 6808 * recvfrom could read. Place a magic message in the inq to let recvfrom 6809 * know that it needs to call tcp_rcv_drain_sock to pullup the data. 6810 */ 6811 static void 6812 tcp_drain_needed(int sock_id, tcp_t *tcp) 6813 { 6814 struct inetgram *in_gram; 6815 #ifdef DEBUG 6816 printf("tcp_drain_needed: inq %x, tcp_rcv_list %x\n", 6817 sockets[sock_id].inq, tcp->tcp_rcv_list); 6818 #endif 6819 if ((sockets[sock_id].inq != NULL) || 6820 (tcp->tcp_rcv_list == NULL)) 6821 return; 6822 6823 if ((in_gram = (struct inetgram *)bkmem_zalloc( 6824 sizeof (struct inetgram))) == NULL) 6825 return; 6826 6827 in_gram->igm_level = APP_LVL; 6828 in_gram->igm_mp = NULL; 6829 in_gram->igm_id = TCP_CALLB_MAGIC_ID; 6830 6831 add_grams(&sockets[sock_id].inq, in_gram); 6832 } 6833 6834 /* 6835 * Queue data on tcp_rcv_list which is a b_next chain. 6836 * Each element of the chain is a b_cont chain. 6837 * 6838 * M_DATA messages are added to the current element. 6839 * Other messages are added as new (b_next) elements. 6840 */ 6841 static void 6842 tcp_rcv_enqueue(tcp_t *tcp, mblk_t *mp, uint_t seg_len) 6843 { 6844 assert(seg_len == msgdsize(mp)); 6845 if (tcp->tcp_rcv_list == NULL) { 6846 tcp->tcp_rcv_list = mp; 6847 } else { 6848 tcp->tcp_rcv_last_tail->b_cont = mp; 6849 } 6850 while (mp->b_cont) 6851 mp = mp->b_cont; 6852 tcp->tcp_rcv_last_tail = mp; 6853 tcp->tcp_rcv_cnt += seg_len; 6854 tcp->tcp_rwnd -= seg_len; 6855 #ifdef DEBUG 6856 printf("tcp_rcv_enqueue rwnd %d\n", tcp->tcp_rwnd); 6857 #endif 6858 U32_TO_ABE16(tcp->tcp_rwnd >> tcp->tcp_rcv_ws, tcp->tcp_tcph->th_win); 6859 } 6860 6861 /* The minimum of smoothed mean deviation in RTO calculation. */ 6862 #define TCP_SD_MIN 400 6863 6864 /* 6865 * Set RTO for this connection. The formula is from Jacobson and Karels' 6866 * "Congestion Avoidance and Control" in SIGCOMM '88. The variable names 6867 * are the same as those in Appendix A.2 of that paper. 6868 * 6869 * m = new measurement 6870 * sa = smoothed RTT average (8 * average estimates). 6871 * sv = smoothed mean deviation (mdev) of RTT (4 * deviation estimates). 6872 */ 6873 static void 6874 tcp_set_rto(tcp_t *tcp, int32_t rtt) 6875 { 6876 int32_t m = rtt; 6877 uint32_t sa = tcp->tcp_rtt_sa; 6878 uint32_t sv = tcp->tcp_rtt_sd; 6879 uint32_t rto; 6880 6881 BUMP_MIB(tcp_mib.tcpRttUpdate); 6882 tcp->tcp_rtt_update++; 6883 6884 /* tcp_rtt_sa is not 0 means this is a new sample. */ 6885 if (sa != 0) { 6886 /* 6887 * Update average estimator: 6888 * new rtt = 7/8 old rtt + 1/8 Error 6889 */ 6890 6891 /* m is now Error in estimate. */ 6892 m -= sa >> 3; 6893 if ((int32_t)(sa += m) <= 0) { 6894 /* 6895 * Don't allow the smoothed average to be negative. 6896 * We use 0 to denote reinitialization of the 6897 * variables. 6898 */ 6899 sa = 1; 6900 } 6901 6902 /* 6903 * Update deviation estimator: 6904 * new mdev = 3/4 old mdev + 1/4 (abs(Error) - old mdev) 6905 */ 6906 if (m < 0) 6907 m = -m; 6908 m -= sv >> 2; 6909 sv += m; 6910 } else { 6911 /* 6912 * This follows BSD's implementation. So the reinitialized 6913 * RTO is 3 * m. We cannot go less than 2 because if the 6914 * link is bandwidth dominated, doubling the window size 6915 * during slow start means doubling the RTT. We want to be 6916 * more conservative when we reinitialize our estimates. 3 6917 * is just a convenient number. 6918 */ 6919 sa = m << 3; 6920 sv = m << 1; 6921 } 6922 if (sv < TCP_SD_MIN) { 6923 /* 6924 * We do not know that if sa captures the delay ACK 6925 * effect as in a long train of segments, a receiver 6926 * does not delay its ACKs. So set the minimum of sv 6927 * to be TCP_SD_MIN, which is default to 400 ms, twice 6928 * of BSD DATO. That means the minimum of mean 6929 * deviation is 100 ms. 6930 * 6931 */ 6932 sv = TCP_SD_MIN; 6933 } 6934 tcp->tcp_rtt_sa = sa; 6935 tcp->tcp_rtt_sd = sv; 6936 /* 6937 * RTO = average estimates (sa / 8) + 4 * deviation estimates (sv) 6938 * 6939 * Add tcp_rexmit_interval extra in case of extreme environment 6940 * where the algorithm fails to work. The default value of 6941 * tcp_rexmit_interval_extra should be 0. 6942 * 6943 * As we use a finer grained clock than BSD and update 6944 * RTO for every ACKs, add in another .25 of RTT to the 6945 * deviation of RTO to accomodate burstiness of 1/4 of 6946 * window size. 6947 */ 6948 rto = (sa >> 3) + sv + tcp_rexmit_interval_extra + (sa >> 5); 6949 6950 if (rto > tcp_rexmit_interval_max) { 6951 tcp->tcp_rto = tcp_rexmit_interval_max; 6952 } else if (rto < tcp_rexmit_interval_min) { 6953 tcp->tcp_rto = tcp_rexmit_interval_min; 6954 } else { 6955 tcp->tcp_rto = rto; 6956 } 6957 6958 /* Now, we can reset tcp_timer_backoff to use the new RTO... */ 6959 tcp->tcp_timer_backoff = 0; 6960 } 6961 6962 /* 6963 * Initiate closedown sequence on an active connection. 6964 * Return value zero for OK return, non-zero for error return. 6965 */ 6966 static int 6967 tcp_xmit_end(tcp_t *tcp, int sock_id) 6968 { 6969 mblk_t *mp; 6970 6971 if (tcp->tcp_state < TCPS_SYN_RCVD || 6972 tcp->tcp_state > TCPS_CLOSE_WAIT) { 6973 /* 6974 * Invalid state, only states TCPS_SYN_RCVD, 6975 * TCPS_ESTABLISHED and TCPS_CLOSE_WAIT are valid 6976 */ 6977 return (-1); 6978 } 6979 6980 tcp->tcp_fss = tcp->tcp_snxt + tcp->tcp_unsent; 6981 tcp->tcp_valid_bits |= TCP_FSS_VALID; 6982 /* 6983 * If there is nothing more unsent, send the FIN now. 6984 * Otherwise, it will go out with the last segment. 6985 */ 6986 if (tcp->tcp_unsent == 0) { 6987 mp = tcp_xmit_mp(tcp, NULL, 0, NULL, NULL, 6988 tcp->tcp_fss, B_FALSE, NULL, B_FALSE); 6989 6990 if (mp != NULL) { 6991 /* Dump the packet when debugging. */ 6992 TCP_DUMP_PACKET("tcp_xmit_end", mp); 6993 (void) ipv4_tcp_output(sock_id, mp); 6994 freeb(mp); 6995 } else { 6996 /* 6997 * Couldn't allocate msg. Pretend we got it out. 6998 * Wait for rexmit timeout. 6999 */ 7000 tcp->tcp_snxt = tcp->tcp_fss + 1; 7001 TCP_TIMER_RESTART(tcp, tcp->tcp_rto); 7002 } 7003 7004 /* 7005 * If needed, update tcp_rexmit_snxt as tcp_snxt is 7006 * changed. 7007 */ 7008 if (tcp->tcp_rexmit && tcp->tcp_rexmit_nxt == tcp->tcp_fss) { 7009 tcp->tcp_rexmit_nxt = tcp->tcp_snxt; 7010 } 7011 } else { 7012 tcp_wput_data(tcp, NULL, B_FALSE); 7013 } 7014 7015 return (0); 7016 } 7017 7018 int 7019 tcp_opt_set(tcp_t *tcp, int level, int option, const void *optval, 7020 socklen_t optlen) 7021 { 7022 switch (level) { 7023 case SOL_SOCKET: { 7024 switch (option) { 7025 case SO_RCVBUF: 7026 if (optlen == sizeof (int)) { 7027 int val = *(int *)optval; 7028 7029 if (val > tcp_max_buf) { 7030 errno = ENOBUFS; 7031 break; 7032 } 7033 /* Silently ignore zero */ 7034 if (val != 0) { 7035 val = MSS_ROUNDUP(val, tcp->tcp_mss); 7036 (void) tcp_rwnd_set(tcp, val); 7037 } 7038 } else { 7039 errno = EINVAL; 7040 } 7041 break; 7042 case SO_SNDBUF: 7043 if (optlen == sizeof (int)) { 7044 tcp->tcp_xmit_hiwater = *(int *)optval; 7045 if (tcp->tcp_xmit_hiwater > tcp_max_buf) 7046 tcp->tcp_xmit_hiwater = tcp_max_buf; 7047 } else { 7048 errno = EINVAL; 7049 } 7050 break; 7051 case SO_LINGER: 7052 if (optlen == sizeof (struct linger)) { 7053 struct linger *lgr = (struct linger *)optval; 7054 7055 if (lgr->l_onoff) { 7056 tcp->tcp_linger = 1; 7057 tcp->tcp_lingertime = lgr->l_linger; 7058 } else { 7059 tcp->tcp_linger = 0; 7060 tcp->tcp_lingertime = 0; 7061 } 7062 } else { 7063 errno = EINVAL; 7064 } 7065 break; 7066 default: 7067 errno = ENOPROTOOPT; 7068 break; 7069 } 7070 break; 7071 } /* case SOL_SOCKET */ 7072 case IPPROTO_TCP: { 7073 switch (option) { 7074 default: 7075 errno = ENOPROTOOPT; 7076 break; 7077 } 7078 break; 7079 } /* case IPPROTO_TCP */ 7080 case IPPROTO_IP: { 7081 switch (option) { 7082 default: 7083 errno = ENOPROTOOPT; 7084 break; 7085 } 7086 break; 7087 } /* case IPPROTO_IP */ 7088 default: 7089 errno = ENOPROTOOPT; 7090 break; 7091 } /* switch (level) */ 7092 7093 if (errno != 0) 7094 return (-1); 7095 else 7096 return (0); 7097 } 7098