1 /*
2 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95
34 * $FreeBSD$
35 */
36
37 #include "opt_compat.h"
38 #include "opt_inet.h"
39 #include "opt_inet6.h"
40 #include "opt_ipsec.h"
41 #include "opt_tcpdebug.h"
42
43 #include <sys/param.h>
44 #include <sys/systm.h>
45 #include <sys/callout.h>
46 #include <sys/kernel.h>
47 #include <sys/sysctl.h>
48 #include <sys/malloc.h>
49 #include <sys/mbuf.h>
50 #ifdef INET6
51 #include <sys/domain.h>
52 #endif
53 #include <sys/proc.h>
54 #include <sys/socket.h>
55 #include <sys/socketvar.h>
56 #include <sys/protosw.h>
57 #include <sys/random.h>
58
59 #include <vm/vm_zone.h>
60
61 #include <net/route.h>
62 #include <net/if.h>
63
64 #define _IP_VHL
65 #include <netinet/in.h>
66 #include <netinet/in_systm.h>
67 #include <netinet/ip.h>
68 #ifdef INET6
69 #include <netinet/ip6.h>
70 #endif
71 #include <netinet/in_pcb.h>
72 #ifdef INET6
73 #include <netinet6/in6_pcb.h>
74 #endif
75 #include <netinet/in_var.h>
76 #include <netinet/ip_var.h>
77 #ifdef INET6
78 #include <netinet6/ip6_var.h>
79 #endif
80 #include <netinet/tcp.h>
81 #include <netinet/tcp_fsm.h>
82 #include <netinet/tcp_seq.h>
83 #include <netinet/tcp_timer.h>
84 #include <netinet/tcp_var.h>
85 #ifdef INET6
86 #include <netinet6/tcp6_var.h>
87 #endif
88 #include <netinet/tcpip.h>
89 #ifdef TCPDEBUG
90 #include <netinet/tcp_debug.h>
91 #endif
92 #include <netinet6/ip6protosw.h>
93
94 #ifdef IPSEC
95 #include <netinet6/ipsec.h>
96 #ifdef INET6
97 #include <netinet6/ipsec6.h>
98 #endif
99 #endif /*IPSEC*/
100
101 #ifdef FAST_IPSEC
102 #include <netipsec/ipsec.h>
103 #include <netipsec/xform.h>
104 #ifdef INET6
105 #include <netipsec/ipsec6.h>
106 #endif
107 #include <netipsec/key.h>
108 #define IPSEC
109 #endif /*FAST_IPSEC*/
110
111 #include <machine/in_cksum.h>
112 #include <sys/md5.h>
113
114 int tcp_mssdflt = TCP_MSS;
115 SYSCTL_INT(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt, CTLFLAG_RW,
116 &tcp_mssdflt , 0, "Default TCP Maximum Segment Size");
117
118 #ifdef INET6
119 int tcp_v6mssdflt = TCP6_MSS;
120 SYSCTL_INT(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt,
121 CTLFLAG_RW, &tcp_v6mssdflt , 0,
122 "Default TCP Maximum Segment Size for IPv6");
123 #endif
124
125 #if 0
126 static int tcp_rttdflt = TCPTV_SRTTDFLT / PR_SLOWHZ;
127 SYSCTL_INT(_net_inet_tcp, TCPCTL_RTTDFLT, rttdflt, CTLFLAG_RW,
128 &tcp_rttdflt , 0, "Default maximum TCP Round Trip Time");
129 #endif
130
131 int tcp_do_rfc1323 = 1;
132 SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_RW,
133 &tcp_do_rfc1323 , 0, "Enable rfc1323 (high performance TCP) extensions");
134
135 int tcp_do_rfc1644 = 0;
136 SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1644, rfc1644, CTLFLAG_RW,
137 &tcp_do_rfc1644 , 0, "Enable rfc1644 (TTCP) extensions");
138
139 static int tcp_tcbhashsize = 0;
140 SYSCTL_INT(_net_inet_tcp, OID_AUTO, tcbhashsize, CTLFLAG_RD,
141 &tcp_tcbhashsize, 0, "Size of TCP control-block hashtable");
142
143 static int do_tcpdrain = 1;
144 SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, &do_tcpdrain, 0,
145 "Enable tcp_drain routine for extra help when low on mbufs");
146
147 SYSCTL_INT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD,
148 &tcbinfo.ipi_count, 0, "Number of active PCBs");
149
150 static int icmp_may_rst = 1;
151 SYSCTL_INT(_net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_RW, &icmp_may_rst, 0,
152 "Certain ICMP unreachable messages may abort connections in SYN_SENT");
153
154 static int tcp_isn_reseed_interval = 0;
155 SYSCTL_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_RW,
156 &tcp_isn_reseed_interval, 0, "Seconds between reseeding of ISN secret");
157
158 /*
159 * TCP bandwidth limiting sysctls. Note that the default lower bound of
160 * 1024 exists only for debugging. A good production default would be
161 * something like 6100.
162 */
163 static int tcp_inflight_enable = 0;
164 SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_enable, CTLFLAG_RW,
165 &tcp_inflight_enable, 0, "Enable automatic TCP inflight data limiting");
166
167 static int tcp_inflight_debug = 0;
168 SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_debug, CTLFLAG_RW,
169 &tcp_inflight_debug, 0, "Debug TCP inflight calculations");
170
171 static int tcp_inflight_min = 6144;
172 SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_min, CTLFLAG_RW,
173 &tcp_inflight_min, 0, "Lower-bound for TCP inflight window");
174
175 static int tcp_inflight_max = TCP_MAXWIN << TCP_MAX_WINSHIFT;
176 SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_max, CTLFLAG_RW,
177 &tcp_inflight_max, 0, "Upper-bound for TCP inflight window");
178
179 static int tcp_inflight_stab = 20;
180 SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_stab, CTLFLAG_RW,
181 &tcp_inflight_stab, 0, "Slop in maximal packets / 10 (20 = 2 packets)");
182
183 static void tcp_cleartaocache __P((void));
184 static void tcp_notify __P((struct inpcb *, int));
185
186 /*
187 * Target size of TCP PCB hash tables. Must be a power of two.
188 *
189 * Note that this can be overridden by the kernel environment
190 * variable net.inet.tcp.tcbhashsize
191 */
192 #ifndef TCBHASHSIZE
193 #define TCBHASHSIZE 512
194 #endif
195
196 /*
197 * This is the actual shape of what we allocate using the zone
198 * allocator. Doing it this way allows us to protect both structures
199 * using the same generation count, and also eliminates the overhead
200 * of allocating tcpcbs separately. By hiding the structure here,
201 * we avoid changing most of the rest of the code (although it needs
202 * to be changed, eventually, for greater efficiency).
203 */
204 #define ALIGNMENT 32
205 #define ALIGNM1 (ALIGNMENT - 1)
206 struct inp_tp {
207 union {
208 struct inpcb inp;
209 char align[(sizeof(struct inpcb) + ALIGNM1) & ~ALIGNM1];
210 } inp_tp_u;
211 struct tcpcb tcb;
212 struct callout inp_tp_rexmt, inp_tp_persist, inp_tp_keep, inp_tp_2msl;
213 struct callout inp_tp_delack;
214 };
215 #undef ALIGNMENT
216 #undef ALIGNM1
217
218 /*
219 * Tcp initialization
220 */
221 void
222 tcp_init()
223 {
224 int hashsize = TCBHASHSIZE;
225
226 tcp_ccgen = 1;
227 tcp_cleartaocache();
228
229 tcp_delacktime = TCPTV_DELACK;
230 tcp_keepinit = TCPTV_KEEP_INIT;
231 tcp_keepidle = TCPTV_KEEP_IDLE;
232 tcp_keepintvl = TCPTV_KEEPINTVL;
233 tcp_maxpersistidle = TCPTV_KEEP_IDLE;
234 tcp_msl = TCPTV_MSL;
235 tcp_rexmit_min = TCPTV_MIN;
236 tcp_rexmit_slop = TCPTV_CPU_VAR;
237
238 LIST_INIT(&tcb);
239 tcbinfo.listhead = &tcb;
240 TUNABLE_INT_FETCH("net.inet.tcp.tcbhashsize", &hashsize);
241 if (!powerof2(hashsize)) {
242 printf("WARNING: TCB hash size not a power of 2\n");
243 hashsize = 512; /* safe default */
244 }
245 tcp_tcbhashsize = hashsize;
246 tcbinfo.hashbase = hashinit(hashsize, M_PCB, &tcbinfo.hashmask);
247 tcbinfo.porthashbase = hashinit(hashsize, M_PCB,
248 &tcbinfo.porthashmask);
249 tcbinfo.ipi_zone = zinit("tcpcb", sizeof(struct inp_tp), maxsockets,
250 ZONE_INTERRUPT, 0);
251
252 tcp_reass_maxseg = nmbclusters / 16;
253 TUNABLE_INT_FETCH("net.inet.tcp.reass.maxsegments",
254 &tcp_reass_maxseg);
255
256 #ifdef INET6
257 #define TCP_MINPROTOHDR (sizeof(struct ip6_hdr) + sizeof(struct tcphdr))
258 #else /* INET6 */
259 #define TCP_MINPROTOHDR (sizeof(struct tcpiphdr))
260 #endif /* INET6 */
261 if (max_protohdr < TCP_MINPROTOHDR)
262 max_protohdr = TCP_MINPROTOHDR;
263 if (max_linkhdr + TCP_MINPROTOHDR > MHLEN)
264 panic("tcp_init");
265 #undef TCP_MINPROTOHDR
266
267 syncache_init();
268 }
269
270 /*
271 * Fill in the IP and TCP headers for an outgoing packet, given the tcpcb.
272 * tcp_template used to store this data in mbufs, but we now recopy it out
273 * of the tcpcb each time to conserve mbufs.
274 */
275 void
276 tcp_fillheaders(tp, ip_ptr, tcp_ptr)
277 struct tcpcb *tp;
278 void *ip_ptr;
279 void *tcp_ptr;
280 {
281 struct inpcb *inp = tp->t_inpcb;
282 struct tcphdr *tcp_hdr = (struct tcphdr *)tcp_ptr;
283
284 #ifdef INET6
285 if ((inp->inp_vflag & INP_IPV6) != 0) {
286 struct ip6_hdr *ip6;
287
288 ip6 = (struct ip6_hdr *)ip_ptr;
289 ip6->ip6_flow = (ip6->ip6_flow & ~IPV6_FLOWINFO_MASK) |
290 (inp->in6p_flowinfo & IPV6_FLOWINFO_MASK);
291 ip6->ip6_vfc = (ip6->ip6_vfc & ~IPV6_VERSION_MASK) |
292 (IPV6_VERSION & IPV6_VERSION_MASK);
293 ip6->ip6_nxt = IPPROTO_TCP;
294 ip6->ip6_plen = sizeof(struct tcphdr);
295 ip6->ip6_src = inp->in6p_laddr;
296 ip6->ip6_dst = inp->in6p_faddr;
297 tcp_hdr->th_sum = 0;
298 } else
299 #endif
300 {
301 struct ip *ip = (struct ip *) ip_ptr;
302
303 ip->ip_vhl = IP_VHL_BORING;
304 ip->ip_tos = 0;
305 ip->ip_len = 0;
306 ip->ip_id = 0;
307 ip->ip_off = 0;
308 ip->ip_ttl = 0;
309 ip->ip_sum = 0;
310 ip->ip_p = IPPROTO_TCP;
311 ip->ip_src = inp->inp_laddr;
312 ip->ip_dst = inp->inp_faddr;
313 tcp_hdr->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
314 htons(sizeof(struct tcphdr) + IPPROTO_TCP));
315 }
316
317 tcp_hdr->th_sport = inp->inp_lport;
318 tcp_hdr->th_dport = inp->inp_fport;
319 tcp_hdr->th_seq = 0;
320 tcp_hdr->th_ack = 0;
321 tcp_hdr->th_x2 = 0;
322 tcp_hdr->th_off = 5;
323 tcp_hdr->th_flags = 0;
324 tcp_hdr->th_win = 0;
325 tcp_hdr->th_urp = 0;
326 }
327
328 /*
329 * Create template to be used to send tcp packets on a connection.
330 * Allocates an mbuf and fills in a skeletal tcp/ip header. The only
331 * use for this function is in keepalives, which use tcp_respond.
332 */
333 struct tcptemp *
334 tcp_maketemplate(tp)
335 struct tcpcb *tp;
336 {
337 struct mbuf *m;
338 struct tcptemp *n;
339
340 m = m_get(M_DONTWAIT, MT_HEADER);
341 if (m == NULL)
342 return (0);
343 m->m_len = sizeof(struct tcptemp);
344 n = mtod(m, struct tcptemp *);
345
346 tcp_fillheaders(tp, (void *)&n->tt_ipgen, (void *)&n->tt_t);
347 return (n);
348 }
349
350 /*
351 * Send a single message to the TCP at address specified by
352 * the given TCP/IP header. If m == 0, then we make a copy
353 * of the tcpiphdr at ti and send directly to the addressed host.
354 * This is used to force keep alive messages out using the TCP
355 * template for a connection. If flags are given then we send
356 * a message back to the TCP which originated the * segment ti,
357 * and discard the mbuf containing it and any other attached mbufs.
358 *
359 * In any case the ack and sequence number of the transmitted
360 * segment are as specified by the parameters.
361 *
362 * NOTE: If m != NULL, then ti must point to *inside* the mbuf.
363 */
364 void
365 tcp_respond(tp, ipgen, th, m, ack, seq, flags)
366 struct tcpcb *tp;
367 void *ipgen;
368 register struct tcphdr *th;
369 register struct mbuf *m;
370 tcp_seq ack, seq;
371 int flags;
372 {
373 register int tlen;
374 int win = 0;
375 struct route *ro = 0;
376 struct route sro;
377 struct ip *ip;
378 struct tcphdr *nth;
379 #ifdef INET6
380 struct route_in6 *ro6 = 0;
381 struct route_in6 sro6;
382 struct ip6_hdr *ip6;
383 int isipv6;
384 #endif /* INET6 */
385 int ipflags = 0;
386
387 #ifdef INET6
388 isipv6 = IP_VHL_V(((struct ip *)ipgen)->ip_vhl) == 6;
389 ip6 = ipgen;
390 #endif /* INET6 */
391 ip = ipgen;
392
393 if (tp) {
394 if (!(flags & TH_RST)) {
395 win = sbspace(&tp->t_inpcb->inp_socket->so_rcv);
396 if (win > (long)TCP_MAXWIN << tp->rcv_scale)
397 win = (long)TCP_MAXWIN << tp->rcv_scale;
398 }
399 #ifdef INET6
400 if (isipv6)
401 ro6 = &tp->t_inpcb->in6p_route;
402 else
403 #endif /* INET6 */
404 ro = &tp->t_inpcb->inp_route;
405 } else {
406 #ifdef INET6
407 if (isipv6) {
408 ro6 = &sro6;
409 bzero(ro6, sizeof *ro6);
410 } else
411 #endif /* INET6 */
412 {
413 ro = &sro;
414 bzero(ro, sizeof *ro);
415 }
416 }
417 if (m == 0) {
418 m = m_gethdr(M_DONTWAIT, MT_HEADER);
419 if (m == NULL)
420 return;
421 tlen = 0;
422 m->m_data += max_linkhdr;
423 #ifdef INET6
424 if (isipv6) {
425 bcopy((caddr_t)ip6, mtod(m, caddr_t),
426 sizeof(struct ip6_hdr));
427 ip6 = mtod(m, struct ip6_hdr *);
428 nth = (struct tcphdr *)(ip6 + 1);
429 } else
430 #endif /* INET6 */
431 {
432 bcopy((caddr_t)ip, mtod(m, caddr_t), sizeof(struct ip));
433 ip = mtod(m, struct ip *);
434 nth = (struct tcphdr *)(ip + 1);
435 }
436 bcopy((caddr_t)th, (caddr_t)nth, sizeof(struct tcphdr));
437 flags = TH_ACK;
438 } else {
439 m_freem(m->m_next);
440 m->m_next = 0;
441 m->m_data = (caddr_t)ipgen;
442 /* m_len is set later */
443 tlen = 0;
444 #define xchg(a,b,type) { type t; t=a; a=b; b=t; }
445 #ifdef INET6
446 if (isipv6) {
447 xchg(ip6->ip6_dst, ip6->ip6_src, struct in6_addr);
448 nth = (struct tcphdr *)(ip6 + 1);
449 } else
450 #endif /* INET6 */
451 {
452 xchg(ip->ip_dst.s_addr, ip->ip_src.s_addr, n_long);
453 nth = (struct tcphdr *)(ip + 1);
454 }
455 if (th != nth) {
456 /*
457 * this is usually a case when an extension header
458 * exists between the IPv6 header and the
459 * TCP header.
460 */
461 nth->th_sport = th->th_sport;
462 nth->th_dport = th->th_dport;
463 }
464 xchg(nth->th_dport, nth->th_sport, n_short);
465 #undef xchg
466 }
467 #ifdef INET6
468 if (isipv6) {
469 ip6->ip6_flow = 0;
470 ip6->ip6_vfc = IPV6_VERSION;
471 ip6->ip6_nxt = IPPROTO_TCP;
472 ip6->ip6_plen = htons((u_short)(sizeof (struct tcphdr) +
473 tlen));
474 tlen += sizeof (struct ip6_hdr) + sizeof (struct tcphdr);
475 } else
476 #endif
477 {
478 tlen += sizeof (struct tcpiphdr);
479 ip->ip_len = tlen;
480 ip->ip_ttl = ip_defttl;
481 }
482 m->m_len = tlen;
483 m->m_pkthdr.len = tlen;
484 m->m_pkthdr.rcvif = (struct ifnet *) 0;
485 nth->th_seq = htonl(seq);
486 nth->th_ack = htonl(ack);
487 nth->th_x2 = 0;
488 nth->th_off = sizeof (struct tcphdr) >> 2;
489 nth->th_flags = flags;
490 if (tp)
491 nth->th_win = htons((u_short) (win >> tp->rcv_scale));
492 else
493 nth->th_win = htons((u_short)win);
494 nth->th_urp = 0;
495 #ifdef INET6
496 if (isipv6) {
497 nth->th_sum = 0;
498 nth->th_sum = in6_cksum(m, IPPROTO_TCP,
499 sizeof(struct ip6_hdr),
500 tlen - sizeof(struct ip6_hdr));
501 ip6->ip6_hlim = in6_selecthlim(tp ? tp->t_inpcb : NULL,
502 ro6 && ro6->ro_rt ?
503 ro6->ro_rt->rt_ifp :
504 NULL);
505 } else
506 #endif /* INET6 */
507 {
508 nth->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
509 htons((u_short)(tlen - sizeof(struct ip) + ip->ip_p)));
510 m->m_pkthdr.csum_flags = CSUM_TCP;
511 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
512 }
513 #ifdef TCPDEBUG
514 if (tp == NULL || (tp->t_inpcb->inp_socket->so_options & SO_DEBUG))
515 tcp_trace(TA_OUTPUT, 0, tp, mtod(m, void *), th, 0);
516 #endif
517 #ifdef INET6
518 if (isipv6) {
519 (void)ip6_output(m, NULL, ro6, ipflags, NULL, NULL,
520 tp ? tp->t_inpcb : NULL);
521 if (ro6 == &sro6 && ro6->ro_rt) {
522 RTFREE(ro6->ro_rt);
523 ro6->ro_rt = NULL;
524 }
525 } else
526 #endif /* INET6 */
527 {
528 (void) ip_output(m, NULL, ro, ipflags, NULL, tp ? tp->t_inpcb : NULL);
529 if (ro == &sro && ro->ro_rt) {
530 RTFREE(ro->ro_rt);
531 ro->ro_rt = NULL;
532 }
533 }
534 }
535
536 /*
537 * Create a new TCP control block, making an
538 * empty reassembly queue and hooking it to the argument
539 * protocol control block. The `inp' parameter must have
540 * come from the zone allocator set up in tcp_init().
541 */
542 struct tcpcb *
543 tcp_newtcpcb(inp)
544 struct inpcb *inp;
545 {
546 struct inp_tp *it;
547 register struct tcpcb *tp;
548 #ifdef INET6
549 int isipv6 = (inp->inp_vflag & INP_IPV6) != 0;
550 #endif /* INET6 */
551
552 it = (struct inp_tp *)inp;
553 tp = &it->tcb;
554 bzero((char *) tp, sizeof(struct tcpcb));
555 LIST_INIT(&tp->t_segq);
556 tp->t_maxseg = tp->t_maxopd =
557 #ifdef INET6
558 isipv6 ? tcp_v6mssdflt :
559 #endif /* INET6 */
560 tcp_mssdflt;
561
562 /* Set up our timeouts. */
563 callout_init(tp->tt_rexmt = &it->inp_tp_rexmt);
564 callout_init(tp->tt_persist = &it->inp_tp_persist);
565 callout_init(tp->tt_keep = &it->inp_tp_keep);
566 callout_init(tp->tt_2msl = &it->inp_tp_2msl);
567 callout_init(tp->tt_delack = &it->inp_tp_delack);
568
569 if (tcp_do_rfc1323)
570 tp->t_flags = (TF_REQ_SCALE|TF_REQ_TSTMP);
571 if (tcp_do_rfc1644)
572 tp->t_flags |= TF_REQ_CC;
573 tp->t_inpcb = inp; /* XXX */
574 /*
575 * Init srtt to TCPTV_SRTTBASE (0), so we can tell that we have no
576 * rtt estimate. Set rttvar so that srtt + 4 * rttvar gives
577 * reasonable initial retransmit time.
578 */
579 tp->t_srtt = TCPTV_SRTTBASE;
580 tp->t_rttvar = ((TCPTV_RTOBASE - TCPTV_SRTTBASE) << TCP_RTTVAR_SHIFT) / 4;
581 tp->t_rttmin = tcp_rexmit_min;
582 tp->t_rxtcur = TCPTV_RTOBASE;
583 tp->snd_cwnd = TCP_MAXWIN << TCP_MAX_WINSHIFT;
584 tp->snd_bwnd = TCP_MAXWIN << TCP_MAX_WINSHIFT;
585 tp->snd_ssthresh = TCP_MAXWIN << TCP_MAX_WINSHIFT;
586 tp->t_rcvtime = ticks;
587 tp->t_bw_rtttime = ticks;
588 /*
589 * IPv4 TTL initialization is necessary for an IPv6 socket as well,
590 * because the socket may be bound to an IPv6 wildcard address,
591 * which may match an IPv4-mapped IPv6 address.
592 */
593 inp->inp_ip_ttl = ip_defttl;
594 inp->inp_ppcb = (caddr_t)tp;
595 return (tp); /* XXX */
596 }
597
598 /*
599 * Drop a TCP connection, reporting
600 * the specified error. If connection is synchronized,
601 * then send a RST to peer.
602 */
603 struct tcpcb *
604 tcp_drop(tp, errno)
605 register struct tcpcb *tp;
606 int errno;
607 {
608 struct socket *so = tp->t_inpcb->inp_socket;
609
610 if (TCPS_HAVERCVDSYN(tp->t_state)) {
611 tp->t_state = TCPS_CLOSED;
612 (void) tcp_output(tp);
613 tcpstat.tcps_drops++;
614 } else
615 tcpstat.tcps_conndrops++;
616 if (errno == ETIMEDOUT && tp->t_softerror)
617 errno = tp->t_softerror;
618 so->so_error = errno;
619 return (tcp_close(tp));
620 }
621
622 /*
623 * Close a TCP control block:
624 * discard all space held by the tcp
625 * discard internet protocol block
626 * wake up any sleepers
627 */
628 struct tcpcb *
629 tcp_close(tp)
630 register struct tcpcb *tp;
631 {
632 register struct tseg_qent *q;
633 struct inpcb *inp = tp->t_inpcb;
634 struct socket *so = inp->inp_socket;
635 #ifdef INET6
636 int isipv6 = (inp->inp_vflag & INP_IPV6) != 0;
637 #endif /* INET6 */
638 register struct rtentry *rt;
639 int dosavessthresh;
640
641 /*
642 * Make sure that all of our timers are stopped before we
643 * delete the PCB.
644 */
645 callout_stop(tp->tt_rexmt);
646 callout_stop(tp->tt_persist);
647 callout_stop(tp->tt_keep);
648 callout_stop(tp->tt_2msl);
649 callout_stop(tp->tt_delack);
650
651 /*
652 * If we got enough samples through the srtt filter,
653 * save the rtt and rttvar in the routing entry.
654 * 'Enough' is arbitrarily defined as the 16 samples.
655 * 16 samples is enough for the srtt filter to converge
656 * to within 5% of the correct value; fewer samples and
657 * we could save a very bogus rtt.
658 *
659 * Don't update the default route's characteristics and don't
660 * update anything that the user "locked".
661 */
662 if (tp->t_rttupdated >= 16) {
663 register u_long i = 0;
664 #ifdef INET6
665 if (isipv6) {
666 struct sockaddr_in6 *sin6;
667
668 if ((rt = inp->in6p_route.ro_rt) == NULL)
669 goto no_valid_rt;
670 sin6 = (struct sockaddr_in6 *)rt_key(rt);
671 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))
672 goto no_valid_rt;
673 }
674 else
675 #endif /* INET6 */
676 if ((rt = inp->inp_route.ro_rt) == NULL ||
677 ((struct sockaddr_in *)rt_key(rt))->sin_addr.s_addr
678 == INADDR_ANY)
679 goto no_valid_rt;
680
681 if ((rt->rt_rmx.rmx_locks & RTV_RTT) == 0) {
682 i = tp->t_srtt *
683 (RTM_RTTUNIT / (hz * TCP_RTT_SCALE));
684 if (rt->rt_rmx.rmx_rtt && i)
685 /*
686 * filter this update to half the old & half
687 * the new values, converting scale.
688 * See route.h and tcp_var.h for a
689 * description of the scaling constants.
690 */
691 rt->rt_rmx.rmx_rtt =
692 (rt->rt_rmx.rmx_rtt + i) / 2;
693 else
694 rt->rt_rmx.rmx_rtt = i;
695 tcpstat.tcps_cachedrtt++;
696 }
697 if ((rt->rt_rmx.rmx_locks & RTV_RTTVAR) == 0) {
698 i = tp->t_rttvar *
699 (RTM_RTTUNIT / (hz * TCP_RTTVAR_SCALE));
700 if (rt->rt_rmx.rmx_rttvar && i)
701 rt->rt_rmx.rmx_rttvar =
702 (rt->rt_rmx.rmx_rttvar + i) / 2;
703 else
704 rt->rt_rmx.rmx_rttvar = i;
705 tcpstat.tcps_cachedrttvar++;
706 }
707 /*
708 * The old comment here said:
709 * update the pipelimit (ssthresh) if it has been updated
710 * already or if a pipesize was specified & the threshhold
711 * got below half the pipesize. I.e., wait for bad news
712 * before we start updating, then update on both good
713 * and bad news.
714 *
715 * But we want to save the ssthresh even if no pipesize is
716 * specified explicitly in the route, because such
717 * connections still have an implicit pipesize specified
718 * by the global tcp_sendspace. In the absence of a reliable
719 * way to calculate the pipesize, it will have to do.
720 */
721 i = tp->snd_ssthresh;
722 if (rt->rt_rmx.rmx_sendpipe != 0)
723 dosavessthresh = (i < rt->rt_rmx.rmx_sendpipe / 2);
724 else
725 dosavessthresh = (i < so->so_snd.sb_hiwat / 2);
726 if (((rt->rt_rmx.rmx_locks & RTV_SSTHRESH) == 0 &&
727 i != 0 && rt->rt_rmx.rmx_ssthresh != 0)
728 || dosavessthresh) {
729 /*
730 * convert the limit from user data bytes to
731 * packets then to packet data bytes.
732 */
733 i = (i + tp->t_maxseg / 2) / tp->t_maxseg;
734 if (i < 2)
735 i = 2;
736 i *= (u_long)(tp->t_maxseg +
737 #ifdef INET6
738 (isipv6 ? sizeof (struct ip6_hdr) +
739 sizeof (struct tcphdr) :
740 #endif
741 sizeof (struct tcpiphdr)
742 #ifdef INET6
743 )
744 #endif
745 );
746 if (rt->rt_rmx.rmx_ssthresh)
747 rt->rt_rmx.rmx_ssthresh =
748 (rt->rt_rmx.rmx_ssthresh + i) / 2;
749 else
750 rt->rt_rmx.rmx_ssthresh = i;
751 tcpstat.tcps_cachedssthresh++;
752 }
753 }
754 no_valid_rt:
755 /* free the reassembly queue, if any */
756 while((q = LIST_FIRST(&tp->t_segq)) != NULL) {
757 LIST_REMOVE(q, tqe_q);
758 m_freem(q->tqe_m);
759 FREE(q, M_TSEGQ);
760 tcp_reass_qsize--;
761 }
762 inp->inp_ppcb = NULL;
763 soisdisconnected(so);
764 #ifdef INET6
765 if (INP_CHECK_SOCKAF(so, AF_INET6))
766 in6_pcbdetach(inp);
767 else
768 #endif /* INET6 */
769 in_pcbdetach(inp);
770 tcpstat.tcps_closed++;
771 return ((struct tcpcb *)0);
772 }
773
774 void
775 tcp_drain()
776 {
777 if (do_tcpdrain)
778 {
779 struct inpcb *inpb;
780 struct tcpcb *tcpb;
781 struct tseg_qent *te;
782
783 /*
784 * Walk the tcpbs, if existing, and flush the reassembly queue,
785 * if there is one...
786 * XXX: The "Net/3" implementation doesn't imply that the TCP
787 * reassembly queue should be flushed, but in a situation
788 * where we're really low on mbufs, this is potentially
789 * usefull.
790 */
791 LIST_FOREACH(inpb, tcbinfo.listhead, inp_list) {
792 if ((tcpb = intotcpcb(inpb))) {
793 while ((te = LIST_FIRST(&tcpb->t_segq))
794 != NULL) {
795 LIST_REMOVE(te, tqe_q);
796 m_freem(te->tqe_m);
797 FREE(te, M_TSEGQ);
798 tcp_reass_qsize--;
799 }
800 }
801 }
802
803 }
804 }
805
806 /*
807 * Notify a tcp user of an asynchronous error;
808 * store error as soft error, but wake up user
809 * (for now, won't do anything until can select for soft error).
810 *
811 * Do not wake up user since there currently is no mechanism for
812 * reporting soft errors (yet - a kqueue filter may be added).
813 */
814 static void
815 tcp_notify(inp, error)
816 struct inpcb *inp;
817 int error;
818 {
819 struct tcpcb *tp = (struct tcpcb *)inp->inp_ppcb;
820
821 /*
822 * Ignore some errors if we are hooked up.
823 * If connection hasn't completed, has retransmitted several times,
824 * and receives a second error, give up now. This is better
825 * than waiting a long time to establish a connection that
826 * can never complete.
827 */
828 if (tp->t_state == TCPS_ESTABLISHED &&
829 (error == EHOSTUNREACH || error == ENETUNREACH ||
830 error == EHOSTDOWN)) {
831 return;
832 } else if (tp->t_state < TCPS_ESTABLISHED && tp->t_rxtshift > 3 &&
833 tp->t_softerror)
834 tcp_drop(tp, error);
835 else
836 tp->t_softerror = error;
837 #if 0
838 wakeup((caddr_t) &so->so_timeo);
839 sorwakeup(so);
840 sowwakeup(so);
841 #endif
842 }
843
844 static int
845 tcp_pcblist(SYSCTL_HANDLER_ARGS)
846 {
847 int error, i, n, s;
848 struct inpcb *inp, **inp_list;
849 inp_gen_t gencnt;
850 struct xinpgen xig;
851
852 /*
853 * The process of preparing the TCB list is too time-consuming and
854 * resource-intensive to repeat twice on every request.
855 */
856 if (req->oldptr == 0) {
857 n = tcbinfo.ipi_count;
858 req->oldidx = 2 * (sizeof xig)
859 + (n + n/8) * sizeof(struct xtcpcb);
860 return 0;
861 }
862
863 if (req->newptr != 0)
864 return EPERM;
865
866 /*
867 * OK, now we're committed to doing something.
868 */
869 s = splnet();
870 gencnt = tcbinfo.ipi_gencnt;
871 n = tcbinfo.ipi_count;
872 splx(s);
873
874 xig.xig_len = sizeof xig;
875 xig.xig_count = n;
876 xig.xig_gen = gencnt;
877 xig.xig_sogen = so_gencnt;
878 error = SYSCTL_OUT(req, &xig, sizeof xig);
879 if (error)
880 return error;
881
882 inp_list = malloc(n * sizeof *inp_list, M_TEMP, M_WAITOK);
883 if (inp_list == 0)
884 return ENOMEM;
885
886 s = splnet();
887 for (inp = LIST_FIRST(tcbinfo.listhead), i = 0; inp && i < n;
888 inp = LIST_NEXT(inp, inp_list)) {
889 if (inp->inp_gencnt <= gencnt && !prison_xinpcb(req->p, inp))
890 inp_list[i++] = inp;
891 }
892 splx(s);
893 n = i;
894
895 error = 0;
896 for (i = 0; i < n; i++) {
897 inp = inp_list[i];
898 if (inp->inp_gencnt <= gencnt) {
899 struct xtcpcb xt;
900 caddr_t inp_ppcb;
901
902 bzero(&xt, sizeof(xt));
903 xt.xt_len = sizeof xt;
904 /* XXX should avoid extra copy */
905 bcopy(inp, &xt.xt_inp, sizeof *inp);
906 inp_ppcb = inp->inp_ppcb;
907 if (inp_ppcb != NULL)
908 bcopy(inp_ppcb, &xt.xt_tp, sizeof xt.xt_tp);
909 else
910 bzero((char *) &xt.xt_tp, sizeof xt.xt_tp);
911 if (inp->inp_socket)
912 sotoxsocket(inp->inp_socket, &xt.xt_socket);
913 error = SYSCTL_OUT(req, &xt, sizeof xt);
914 }
915 }
916 if (!error) {
917 /*
918 * Give the user an updated idea of our state.
919 * If the generation differs from what we told
920 * her before, she knows that something happened
921 * while we were processing this request, and it
922 * might be necessary to retry.
923 */
924 s = splnet();
925 xig.xig_gen = tcbinfo.ipi_gencnt;
926 xig.xig_sogen = so_gencnt;
927 xig.xig_count = tcbinfo.ipi_count;
928 splx(s);
929 error = SYSCTL_OUT(req, &xig, sizeof xig);
930 }
931 free(inp_list, M_TEMP);
932 return error;
933 }
934
935 SYSCTL_PROC(_net_inet_tcp, TCPCTL_PCBLIST, pcblist, CTLFLAG_RD, 0, 0,
936 tcp_pcblist, "S,xtcpcb", "List of active TCP connections");
937
938 static int
939 tcp_getcred(SYSCTL_HANDLER_ARGS)
940 {
941 struct sockaddr_in addrs[2];
942 struct inpcb *inp;
943 int error, s;
944
945 error = suser(req->p);
946 if (error)
947 return (error);
948 error = SYSCTL_IN(req, addrs, sizeof(addrs));
949 if (error)
950 return (error);
951 s = splnet();
952 inp = in_pcblookup_hash(&tcbinfo, addrs[1].sin_addr, addrs[1].sin_port,
953 addrs[0].sin_addr, addrs[0].sin_port, 0, NULL);
954 if (inp == NULL || inp->inp_socket == NULL) {
955 error = ENOENT;
956 goto out;
957 }
958 error = SYSCTL_OUT(req, inp->inp_socket->so_cred, sizeof(struct ucred));
959 out:
960 splx(s);
961 return (error);
962 }
963
964 SYSCTL_PROC(_net_inet_tcp, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW,
965 0, 0, tcp_getcred, "S,ucred", "Get the ucred of a TCP connection");
966
967 #ifdef INET6
968 static int
969 tcp6_getcred(SYSCTL_HANDLER_ARGS)
970 {
971 struct sockaddr_in6 addrs[2];
972 struct inpcb *inp;
973 int error, s, mapped = 0;
974
975 error = suser(req->p);
976 if (error)
977 return (error);
978 error = SYSCTL_IN(req, addrs, sizeof(addrs));
979 if (error)
980 return (error);
981 if (IN6_IS_ADDR_V4MAPPED(&addrs[0].sin6_addr)) {
982 if (IN6_IS_ADDR_V4MAPPED(&addrs[1].sin6_addr))
983 mapped = 1;
984 else
985 return (EINVAL);
986 }
987 s = splnet();
988 if (mapped == 1)
989 inp = in_pcblookup_hash(&tcbinfo,
990 *(struct in_addr *)&addrs[1].sin6_addr.s6_addr[12],
991 addrs[1].sin6_port,
992 *(struct in_addr *)&addrs[0].sin6_addr.s6_addr[12],
993 addrs[0].sin6_port,
994 0, NULL);
995 else
996 inp = in6_pcblookup_hash(&tcbinfo, &addrs[1].sin6_addr,
997 addrs[1].sin6_port,
998 &addrs[0].sin6_addr, addrs[0].sin6_port,
999 0, NULL);
1000 if (inp == NULL || inp->inp_socket == NULL) {
1001 error = ENOENT;
1002 goto out;
1003 }
1004 error = SYSCTL_OUT(req, inp->inp_socket->so_cred,
1005 sizeof(struct ucred));
1006 out:
1007 splx(s);
1008 return (error);
1009 }
1010
1011 SYSCTL_PROC(_net_inet6_tcp6, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW,
1012 0, 0,
1013 tcp6_getcred, "S,ucred", "Get the ucred of a TCP6 connection");
1014 #endif
1015
1016
1017 void
1018 tcp_ctlinput(cmd, sa, vip)
1019 int cmd;
1020 struct sockaddr *sa;
1021 void *vip;
1022 {
1023 struct ip *ip = vip;
1024 struct tcphdr *th;
1025 struct in_addr faddr;
1026 struct inpcb *inp;
1027 struct tcpcb *tp;
1028 void (*notify) __P((struct inpcb *, int)) = tcp_notify;
1029 tcp_seq icmp_seq;
1030 int s;
1031
1032 faddr = ((struct sockaddr_in *)sa)->sin_addr;
1033 if (sa->sa_family != AF_INET || faddr.s_addr == INADDR_ANY)
1034 return;
1035
1036 if (cmd == PRC_QUENCH)
1037 notify = tcp_quench;
1038 else if (icmp_may_rst && (cmd == PRC_UNREACH_ADMIN_PROHIB ||
1039 cmd == PRC_UNREACH_PORT || cmd == PRC_TIMXCEED_INTRANS) && ip)
1040 notify = tcp_drop_syn_sent;
1041 else if (cmd == PRC_MSGSIZE)
1042 notify = tcp_mtudisc;
1043 else if (PRC_IS_REDIRECT(cmd)) {
1044 ip = 0;
1045 notify = in_rtchange;
1046 } else if (cmd == PRC_HOSTDEAD)
1047 ip = 0;
1048 else if ((unsigned)cmd > PRC_NCMDS || inetctlerrmap[cmd] == 0)
1049 return;
1050 if (ip) {
1051 s = splnet();
1052 th = (struct tcphdr *)((caddr_t)ip
1053 + (IP_VHL_HL(ip->ip_vhl) << 2));
1054 inp = in_pcblookup_hash(&tcbinfo, faddr, th->th_dport,
1055 ip->ip_src, th->th_sport, 0, NULL);
1056 if (inp != NULL && inp->inp_socket != NULL) {
1057 icmp_seq = htonl(th->th_seq);
1058 tp = intotcpcb(inp);
1059 if (SEQ_GEQ(icmp_seq, tp->snd_una) &&
1060 SEQ_LT(icmp_seq, tp->snd_max))
1061 (*notify)(inp, inetctlerrmap[cmd]);
1062 } else {
1063 struct in_conninfo inc;
1064
1065 inc.inc_fport = th->th_dport;
1066 inc.inc_lport = th->th_sport;
1067 inc.inc_faddr = faddr;
1068 inc.inc_laddr = ip->ip_src;
1069 #ifdef INET6
1070 inc.inc_isipv6 = 0;
1071 #endif
1072 syncache_unreach(&inc, th);
1073 }
1074 splx(s);
1075 } else
1076 in_pcbnotifyall(&tcb, faddr, inetctlerrmap[cmd], notify);
1077 }
1078
1079 #ifdef INET6
1080 void
1081 tcp6_ctlinput(cmd, sa, d)
1082 int cmd;
1083 struct sockaddr *sa;
1084 void *d;
1085 {
1086 struct tcphdr th;
1087 void (*notify) __P((struct inpcb *, int)) = tcp_notify;
1088 struct ip6_hdr *ip6;
1089 struct mbuf *m;
1090 struct ip6ctlparam *ip6cp = NULL;
1091 const struct sockaddr_in6 *sa6_src = NULL;
1092 int off;
1093 struct tcp_portonly {
1094 u_int16_t th_sport;
1095 u_int16_t th_dport;
1096 } *thp;
1097
1098 if (sa->sa_family != AF_INET6 ||
1099 sa->sa_len != sizeof(struct sockaddr_in6))
1100 return;
1101
1102 if (cmd == PRC_QUENCH)
1103 notify = tcp_quench;
1104 else if (cmd == PRC_MSGSIZE)
1105 notify = tcp_mtudisc;
1106 else if (!PRC_IS_REDIRECT(cmd) &&
1107 ((unsigned)cmd > PRC_NCMDS || inet6ctlerrmap[cmd] == 0))
1108 return;
1109
1110 /* if the parameter is from icmp6, decode it. */
1111 if (d != NULL) {
1112 ip6cp = (struct ip6ctlparam *)d;
1113 m = ip6cp->ip6c_m;
1114 ip6 = ip6cp->ip6c_ip6;
1115 off = ip6cp->ip6c_off;
1116 sa6_src = ip6cp->ip6c_src;
1117 } else {
1118 m = NULL;
1119 ip6 = NULL;
1120 off = 0; /* fool gcc */
1121 sa6_src = &sa6_any;
1122 }
1123
1124 if (ip6) {
1125 struct in_conninfo inc;
1126 /*
1127 * XXX: We assume that when IPV6 is non NULL,
1128 * M and OFF are valid.
1129 */
1130
1131 /* check if we can safely examine src and dst ports */
1132 if (m->m_pkthdr.len < off + sizeof(*thp))
1133 return;
1134
1135 bzero(&th, sizeof(th));
1136 m_copydata(m, off, sizeof(*thp), (caddr_t)&th);
1137
1138 in6_pcbnotify(&tcb, sa, th.th_dport,
1139 (struct sockaddr *)ip6cp->ip6c_src,
1140 th.th_sport, cmd, notify);
1141
1142 inc.inc_fport = th.th_dport;
1143 inc.inc_lport = th.th_sport;
1144 inc.inc6_faddr = ((struct sockaddr_in6 *)sa)->sin6_addr;
1145 inc.inc6_laddr = ip6cp->ip6c_src->sin6_addr;
1146 inc.inc_isipv6 = 1;
1147 syncache_unreach(&inc, &th);
1148 } else
1149 in6_pcbnotify(&tcb, sa, 0, (struct sockaddr *)sa6_src,
1150 0, cmd, notify);
1151 }
1152 #endif /* INET6 */
1153
1154
1155 /*
1156 * Following is where TCP initial sequence number generation occurs.
1157 *
1158 * There are two places where we must use initial sequence numbers:
1159 * 1. In SYN-ACK packets.
1160 * 2. In SYN packets.
1161 *
1162 * All ISNs for SYN-ACK packets are generated by the syncache. See
1163 * tcp_syncache.c for details.
1164 *
1165 * The ISNs in SYN packets must be monotonic; TIME_WAIT recycling
1166 * depends on this property. In addition, these ISNs should be
1167 * unguessable so as to prevent connection hijacking. To satisfy
1168 * the requirements of this situation, the algorithm outlined in
1169 * RFC 1948 is used to generate sequence numbers.
1170 *
1171 * Implementation details:
1172 *
1173 * Time is based off the system timer, and is corrected so that it
1174 * increases by one megabyte per second. This allows for proper
1175 * recycling on high speed LANs while still leaving over an hour
1176 * before rollover.
1177 *
1178 * net.inet.tcp.isn_reseed_interval controls the number of seconds
1179 * between seeding of isn_secret. This is normally set to zero,
1180 * as reseeding should not be necessary.
1181 *
1182 */
1183
1184 #define ISN_BYTES_PER_SECOND 1048576
1185
1186 u_char isn_secret[32];
1187 int isn_last_reseed;
1188 MD5_CTX isn_ctx;
1189
1190 tcp_seq
1191 tcp_new_isn(tp)
1192 struct tcpcb *tp;
1193 {
1194 u_int32_t md5_buffer[4];
1195 tcp_seq new_isn;
1196
1197 /* Seed if this is the first use, reseed if requested. */
1198 if ((isn_last_reseed == 0) || ((tcp_isn_reseed_interval > 0) &&
1199 (((u_int)isn_last_reseed + (u_int)tcp_isn_reseed_interval*hz)
1200 < (u_int)ticks))) {
1201 read_random_unlimited(&isn_secret, sizeof(isn_secret));
1202 isn_last_reseed = ticks;
1203 }
1204
1205 /* Compute the md5 hash and return the ISN. */
1206 MD5Init(&isn_ctx);
1207 MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_fport, sizeof(u_short));
1208 MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_lport, sizeof(u_short));
1209 #ifdef INET6
1210 if ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0) {
1211 MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_faddr,
1212 sizeof(struct in6_addr));
1213 MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_laddr,
1214 sizeof(struct in6_addr));
1215 } else
1216 #endif
1217 {
1218 MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_faddr,
1219 sizeof(struct in_addr));
1220 MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_laddr,
1221 sizeof(struct in_addr));
1222 }
1223 MD5Update(&isn_ctx, (u_char *) &isn_secret, sizeof(isn_secret));
1224 MD5Final((u_char *) &md5_buffer, &isn_ctx);
1225 new_isn = (tcp_seq) md5_buffer[0];
1226 new_isn += ticks * (ISN_BYTES_PER_SECOND / hz);
1227 return new_isn;
1228 }
1229
1230 /*
1231 * When a source quench is received, close congestion window
1232 * to one segment. We will gradually open it again as we proceed.
1233 */
1234 void
1235 tcp_quench(inp, errno)
1236 struct inpcb *inp;
1237 int errno;
1238 {
1239 struct tcpcb *tp = intotcpcb(inp);
1240
1241 if (tp)
1242 tp->snd_cwnd = tp->t_maxseg;
1243 }
1244
1245 /*
1246 * When a specific ICMP unreachable message is received and the
1247 * connection state is SYN-SENT, drop the connection. This behavior
1248 * is controlled by the icmp_may_rst sysctl.
1249 */
1250 void
1251 tcp_drop_syn_sent(inp, errno)
1252 struct inpcb *inp;
1253 int errno;
1254 {
1255 struct tcpcb *tp = intotcpcb(inp);
1256
1257 if (tp && tp->t_state == TCPS_SYN_SENT)
1258 tcp_drop(tp, errno);
1259 }
1260
1261 /*
1262 * When `need fragmentation' ICMP is received, update our idea of the MSS
1263 * based on the new value in the route. Also nudge TCP to send something,
1264 * since we know the packet we just sent was dropped.
1265 * This duplicates some code in the tcp_mss() function in tcp_input.c.
1266 */
1267 void
1268 tcp_mtudisc(inp, errno)
1269 struct inpcb *inp;
1270 int errno;
1271 {
1272 struct tcpcb *tp = intotcpcb(inp);
1273 struct rtentry *rt;
1274 struct rmxp_tao *taop;
1275 struct socket *so = inp->inp_socket;
1276 int offered;
1277 int mss;
1278 #ifdef INET6
1279 int isipv6 = (tp->t_inpcb->inp_vflag & INP_IPV6) != 0;
1280 #endif /* INET6 */
1281
1282 if (tp) {
1283 #ifdef INET6
1284 if (isipv6)
1285 rt = tcp_rtlookup6(&inp->inp_inc);
1286 else
1287 #endif /* INET6 */
1288 rt = tcp_rtlookup(&inp->inp_inc);
1289 if (!rt || !rt->rt_rmx.rmx_mtu) {
1290 tp->t_maxopd = tp->t_maxseg =
1291 #ifdef INET6
1292 isipv6 ? tcp_v6mssdflt :
1293 #endif /* INET6 */
1294 tcp_mssdflt;
1295 return;
1296 }
1297 taop = rmx_taop(rt->rt_rmx);
1298 offered = taop->tao_mssopt;
1299 mss = rt->rt_rmx.rmx_mtu -
1300 #ifdef INET6
1301 (isipv6 ?
1302 sizeof(struct ip6_hdr) + sizeof(struct tcphdr) :
1303 #endif /* INET6 */
1304 sizeof(struct tcpiphdr)
1305 #ifdef INET6
1306 )
1307 #endif /* INET6 */
1308 ;
1309
1310 if (offered)
1311 mss = min(mss, offered);
1312 /*
1313 * XXX - The above conditional probably violates the TCP
1314 * spec. The problem is that, since we don't know the
1315 * other end's MSS, we are supposed to use a conservative
1316 * default. But, if we do that, then MTU discovery will
1317 * never actually take place, because the conservative
1318 * default is much less than the MTUs typically seen
1319 * on the Internet today. For the moment, we'll sweep
1320 * this under the carpet.
1321 *
1322 * The conservative default might not actually be a problem
1323 * if the only case this occurs is when sending an initial
1324 * SYN with options and data to a host we've never talked
1325 * to before. Then, they will reply with an MSS value which
1326 * will get recorded and the new parameters should get
1327 * recomputed. For Further Study.
1328 */
1329 if (tp->t_maxopd <= mss)
1330 return;
1331 tp->t_maxopd = mss;
1332
1333 if ((tp->t_flags & (TF_REQ_TSTMP|TF_NOOPT)) == TF_REQ_TSTMP &&
1334 (tp->t_flags & TF_RCVD_TSTMP) == TF_RCVD_TSTMP)
1335 mss -= TCPOLEN_TSTAMP_APPA;
1336 if ((tp->t_flags & (TF_REQ_CC|TF_NOOPT)) == TF_REQ_CC &&
1337 (tp->t_flags & TF_RCVD_CC) == TF_RCVD_CC)
1338 mss -= TCPOLEN_CC_APPA;
1339 #if (MCLBYTES & (MCLBYTES - 1)) == 0
1340 if (mss > MCLBYTES)
1341 mss &= ~(MCLBYTES-1);
1342 #else
1343 if (mss > MCLBYTES)
1344 mss = mss / MCLBYTES * MCLBYTES;
1345 #endif
1346 if (so->so_snd.sb_hiwat < mss)
1347 mss = so->so_snd.sb_hiwat;
1348
1349 tp->t_maxseg = mss;
1350
1351 tcpstat.tcps_mturesent++;
1352 tp->t_rtttime = 0;
1353 tp->snd_nxt = tp->snd_una;
1354 tcp_output(tp);
1355 }
1356 }
1357
1358 /*
1359 * Look-up the routing entry to the peer of this inpcb. If no route
1360 * is found and it cannot be allocated the return NULL. This routine
1361 * is called by TCP routines that access the rmx structure and by tcp_mss
1362 * to get the interface MTU.
1363 */
1364 struct rtentry *
1365 tcp_rtlookup(inc)
1366 struct in_conninfo *inc;
1367 {
1368 struct route *ro;
1369 struct rtentry *rt;
1370
1371 ro = &inc->inc_route;
1372 rt = ro->ro_rt;
1373 if (rt == NULL || !(rt->rt_flags & RTF_UP)) {
1374 /* No route yet, so try to acquire one */
1375 if (inc->inc_faddr.s_addr != INADDR_ANY) {
1376 ro->ro_dst.sa_family = AF_INET;
1377 ro->ro_dst.sa_len = sizeof(struct sockaddr_in);
1378 ((struct sockaddr_in *) &ro->ro_dst)->sin_addr =
1379 inc->inc_faddr;
1380 rtalloc(ro);
1381 rt = ro->ro_rt;
1382 }
1383 }
1384 return rt;
1385 }
1386
1387 #ifdef INET6
1388 struct rtentry *
1389 tcp_rtlookup6(inc)
1390 struct in_conninfo *inc;
1391 {
1392 struct route_in6 *ro6;
1393 struct rtentry *rt;
1394
1395 ro6 = &inc->inc6_route;
1396 rt = ro6->ro_rt;
1397 if (rt == NULL || !(rt->rt_flags & RTF_UP)) {
1398 /* No route yet, so try to acquire one */
1399 if (!IN6_IS_ADDR_UNSPECIFIED(&inc->inc6_faddr)) {
1400 ro6->ro_dst.sin6_family = AF_INET6;
1401 ro6->ro_dst.sin6_len = sizeof(struct sockaddr_in6);
1402 ro6->ro_dst.sin6_addr = inc->inc6_faddr;
1403 rtalloc((struct route *)ro6);
1404 rt = ro6->ro_rt;
1405 }
1406 }
1407 return rt;
1408 }
1409 #endif /* INET6 */
1410
1411 #ifdef IPSEC
1412 /* compute ESP/AH header size for TCP, including outer IP header. */
1413 size_t
1414 ipsec_hdrsiz_tcp(tp)
1415 struct tcpcb *tp;
1416 {
1417 struct inpcb *inp;
1418 struct mbuf *m;
1419 size_t hdrsiz;
1420 struct ip *ip;
1421 #ifdef INET6
1422 struct ip6_hdr *ip6;
1423 #endif /* INET6 */
1424 struct tcphdr *th;
1425
1426 if ((tp == NULL) || ((inp = tp->t_inpcb) == NULL))
1427 return 0;
1428 MGETHDR(m, M_DONTWAIT, MT_DATA);
1429 if (!m)
1430 return 0;
1431
1432 #ifdef INET6
1433 if ((inp->inp_vflag & INP_IPV6) != 0) {
1434 ip6 = mtod(m, struct ip6_hdr *);
1435 th = (struct tcphdr *)(ip6 + 1);
1436 m->m_pkthdr.len = m->m_len =
1437 sizeof(struct ip6_hdr) + sizeof(struct tcphdr);
1438 tcp_fillheaders(tp, ip6, th);
1439 hdrsiz = ipsec6_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
1440 } else
1441 #endif /* INET6 */
1442 {
1443 ip = mtod(m, struct ip *);
1444 th = (struct tcphdr *)(ip + 1);
1445 m->m_pkthdr.len = m->m_len = sizeof(struct tcpiphdr);
1446 tcp_fillheaders(tp, ip, th);
1447 hdrsiz = ipsec4_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
1448 }
1449
1450 m_free(m);
1451 return hdrsiz;
1452 }
1453 #endif /*IPSEC*/
1454
1455 /*
1456 * Return a pointer to the cached information about the remote host.
1457 * The cached information is stored in the protocol specific part of
1458 * the route metrics.
1459 */
1460 struct rmxp_tao *
1461 tcp_gettaocache(inc)
1462 struct in_conninfo *inc;
1463 {
1464 struct rtentry *rt;
1465
1466 #ifdef INET6
1467 if (inc->inc_isipv6)
1468 rt = tcp_rtlookup6(inc);
1469 else
1470 #endif /* INET6 */
1471 rt = tcp_rtlookup(inc);
1472
1473 /* Make sure this is a host route and is up. */
1474 if (rt == NULL ||
1475 (rt->rt_flags & (RTF_UP|RTF_HOST)) != (RTF_UP|RTF_HOST))
1476 return NULL;
1477
1478 return rmx_taop(rt->rt_rmx);
1479 }
1480
1481 /*
1482 * Clear all the TAO cache entries, called from tcp_init.
1483 *
1484 * XXX
1485 * This routine is just an empty one, because we assume that the routing
1486 * routing tables are initialized at the same time when TCP, so there is
1487 * nothing in the cache left over.
1488 */
1489 static void
1490 tcp_cleartaocache()
1491 {
1492 }
1493
1494 /*
1495 * TCP BANDWIDTH DELAY PRODUCT WINDOW LIMITING
1496 *
1497 * This code attempts to calculate the bandwidth-delay product as a
1498 * means of determining the optimal window size to maximize bandwidth,
1499 * minimize RTT, and avoid the over-allocation of buffers on interfaces and
1500 * routers. This code also does a fairly good job keeping RTTs in check
1501 * across slow links like modems. We implement an algorithm which is very
1502 * similar (but not meant to be) TCP/Vegas. The code operates on the
1503 * transmitter side of a TCP connection and so only effects the transmit
1504 * side of the connection.
1505 *
1506 * BACKGROUND: TCP makes no provision for the management of buffer space
1507 * at the end points or at the intermediate routers and switches. A TCP
1508 * stream, whether using NewReno or not, will eventually buffer as
1509 * many packets as it is able and the only reason this typically works is
1510 * due to the fairly small default buffers made available for a connection
1511 * (typicaly 16K or 32K). As machines use larger windows and/or window
1512 * scaling it is now fairly easy for even a single TCP connection to blow-out
1513 * all available buffer space not only on the local interface, but on
1514 * intermediate routers and switches as well. NewReno makes a misguided
1515 * attempt to 'solve' this problem by waiting for an actual failure to occur,
1516 * then backing off, then steadily increasing the window again until another
1517 * failure occurs, ad-infinitum. This results in terrible oscillation that
1518 * is only made worse as network loads increase and the idea of intentionally
1519 * blowing out network buffers is, frankly, a terrible way to manage network
1520 * resources.
1521 *
1522 * It is far better to limit the transmit window prior to the failure
1523 * condition being achieved. There are two general ways to do this: First
1524 * you can 'scan' through different transmit window sizes and locate the
1525 * point where the RTT stops increasing, indicating that you have filled the
1526 * pipe, then scan backwards until you note that RTT stops decreasing, then
1527 * repeat ad-infinitum. This method works in principle but has severe
1528 * implementation issues due to RTT variances, timer granularity, and
1529 * instability in the algorithm which can lead to many false positives and
1530 * create oscillations as well as interact badly with other TCP streams
1531 * implementing the same algorithm.
1532 *
1533 * The second method is to limit the window to the bandwidth delay product
1534 * of the link. This is the method we implement. RTT variances and our
1535 * own manipulation of the congestion window, bwnd, can potentially
1536 * destabilize the algorithm. For this reason we have to stabilize the
1537 * elements used to calculate the window. We do this by using the minimum
1538 * observed RTT, the long term average of the observed bandwidth, and
1539 * by adding two segments worth of slop. It isn't perfect but it is able
1540 * to react to changing conditions and gives us a very stable basis on
1541 * which to extend the algorithm.
1542 */
1543 void
1544 tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq)
1545 {
1546 u_long bw;
1547 u_long bwnd;
1548 int save_ticks;
1549
1550 /*
1551 * If inflight_enable is disabled in the middle of a tcp connection,
1552 * make sure snd_bwnd is effectively disabled.
1553 */
1554 if (tcp_inflight_enable == 0) {
1555 tp->snd_bwnd = TCP_MAXWIN << TCP_MAX_WINSHIFT;
1556 tp->snd_bandwidth = 0;
1557 return;
1558 }
1559
1560 /*
1561 * Figure out the bandwidth. Due to the tick granularity this
1562 * is a very rough number and it MUST be averaged over a fairly
1563 * long period of time. XXX we need to take into account a link
1564 * that is not using all available bandwidth, but for now our
1565 * slop will ramp us up if this case occurs and the bandwidth later
1566 * increases.
1567 *
1568 * Note: if ticks rollover 'bw' may wind up negative. We must
1569 * effectively reset t_bw_rtttime for this case.
1570 */
1571 save_ticks = ticks;
1572 if ((u_int)(save_ticks - tp->t_bw_rtttime) < 1)
1573 return;
1574
1575 bw = (int64_t)(ack_seq - tp->t_bw_rtseq) * hz /
1576 (save_ticks - tp->t_bw_rtttime);
1577 tp->t_bw_rtttime = save_ticks;
1578 tp->t_bw_rtseq = ack_seq;
1579 if (tp->t_bw_rtttime == 0 || (int)bw < 0)
1580 return;
1581 bw = ((int64_t)tp->snd_bandwidth * 15 + bw) >> 4;
1582
1583 tp->snd_bandwidth = bw;
1584
1585 /*
1586 * Calculate the semi-static bandwidth delay product, plus two maximal
1587 * segments. The additional slop puts us squarely in the sweet
1588 * spot and also handles the bandwidth run-up case. Without the
1589 * slop we could be locking ourselves into a lower bandwidth.
1590 *
1591 * Situations Handled:
1592 * (1) Prevents over-queueing of packets on LANs, especially on
1593 * high speed LANs, allowing larger TCP buffers to be
1594 * specified, and also does a good job preventing
1595 * over-queueing of packets over choke points like modems
1596 * (at least for the transmit side).
1597 *
1598 * (2) Is able to handle changing network loads (bandwidth
1599 * drops so bwnd drops, bandwidth increases so bwnd
1600 * increases).
1601 *
1602 * (3) Theoretically should stabilize in the face of multiple
1603 * connections implementing the same algorithm (this may need
1604 * a little work).
1605 *
1606 * (4) Stability value (defaults to 20 = 2 maximal packets) can
1607 * be adjusted with a sysctl but typically only needs to be on
1608 * very slow connections. A value no smaller then 5 should
1609 * be used, but only reduce this default if you have no other
1610 * choice.
1611 */
1612 #define USERTT ((tp->t_srtt + tp->t_rttbest) / 2)
1613 bwnd = (int64_t)bw * USERTT / (hz << TCP_RTT_SHIFT) + tcp_inflight_stab * (int)tp->t_maxseg / 10;
1614 #undef USERTT
1615
1616 if (tcp_inflight_debug > 0) {
1617 static int ltime;
1618 if ((u_int)(ticks - ltime) >= hz / tcp_inflight_debug) {
1619 ltime = ticks;
1620 printf("%p bw %ld rttbest %d srtt %d bwnd %ld\n",
1621 tp,
1622 bw,
1623 tp->t_rttbest,
1624 tp->t_srtt,
1625 bwnd
1626 );
1627 }
1628 }
1629 if ((long)bwnd < tcp_inflight_min)
1630 bwnd = tcp_inflight_min;
1631 if (bwnd > tcp_inflight_max)
1632 bwnd = tcp_inflight_max;
1633 if ((long)bwnd < tp->t_maxseg * 2)
1634 bwnd = tp->t_maxseg * 2;
1635 tp->snd_bwnd = bwnd;
1636 }
1637
1638 #ifdef TCP_SIGNATURE
1639 /*
1640 * Callback function invoked by m_apply() to digest TCP segment data
1641 * contained within an mbuf chain.
1642 */
1643 static int
1644 tcp_signature_apply(void *fstate, void *data, u_int len)
1645 {
1646
1647 MD5Update(fstate, (u_char *)data, len);
1648 return (0);
1649 }
1650
1651 /*
1652 * Compute TCP-MD5 hash of a TCPv4 segment. (RFC2385)
1653 *
1654 * Parameters:
1655 * m pointer to head of mbuf chain
1656 * off0 offset to TCP header within the mbuf chain
1657 * len length of TCP segment data, excluding options
1658 * optlen length of TCP segment options
1659 * buf pointer to storage for computed MD5 digest
1660 * direction direction of flow (IPSEC_DIR_INBOUND or OUTBOUND)
1661 *
1662 * We do this over ip, tcphdr, segment data, and the key in the SADB.
1663 * When called from tcp_input(), we can be sure that th_sum has been
1664 * zeroed out and verified already.
1665 *
1666 * This function is for IPv4 use only. Calling this function with an
1667 * IPv6 packet in the mbuf chain will yield undefined results.
1668 *
1669 * Return 0 if successful, otherwise return -1.
1670 *
1671 * XXX The key is retrieved from the system's PF_KEY SADB, by keying a
1672 * search with the destination IP address, and a 'magic SPI' of 0x1000.
1673 * Another branch of this code exists which uses the SPD to specify
1674 * per-application flows, but it is unstable.
1675 */
1676 int
1677 tcp_signature_compute(struct mbuf *m, int off0, int len, int optlen,
1678 u_char *buf, u_int direction)
1679 {
1680 union sockaddr_union dst;
1681 struct ippseudo ippseudo;
1682 MD5_CTX ctx;
1683 int doff;
1684 struct ip *ip;
1685 struct ipovly *ipovly;
1686 struct secasvar *sav;
1687 struct tcphdr *th;
1688 u_short savecsum;
1689
1690 KASSERT(m != NULL, ("NULL mbuf chain"));
1691 KASSERT(buf != NULL, ("NULL signature pointer"));
1692
1693 /* Extract the destination from the IP header in the mbuf. */
1694 ip = mtod(m, struct ip *);
1695 bzero(&dst, sizeof(union sockaddr_union));
1696 dst.sa.sa_len = sizeof(struct sockaddr_in);
1697 dst.sa.sa_family = AF_INET;
1698 dst.sin.sin_addr = (direction == IPSEC_DIR_INBOUND) ?
1699 ip->ip_src : ip->ip_dst;
1700
1701 /* Look up an SADB entry which matches the address of the peer. */
1702 sav = KEY_ALLOCSA(&dst, IPPROTO_TCP, htonl(TCP_SIG_SPI));
1703 if (sav == NULL) {
1704 printf("%s: SADB lookup failed for %s\n", __func__,
1705 inet_ntoa(dst.sin.sin_addr));
1706 return (EINVAL);
1707 }
1708
1709 MD5Init(&ctx);
1710 ipovly = (struct ipovly *)ip;
1711 th = (struct tcphdr *)((u_char *)ip + off0);
1712 doff = off0 + sizeof(struct tcphdr) + optlen;
1713
1714 /*
1715 * Step 1: Update MD5 hash with IP pseudo-header.
1716 *
1717 * XXX The ippseudo header MUST be digested in network byte order,
1718 * or else we'll fail the regression test. Assume all fields we've
1719 * been doing arithmetic on have been in host byte order.
1720 * XXX One cannot depend on ipovly->ih_len here. When called from
1721 * tcp_output(), the underlying ip_len member has not yet been set.
1722 */
1723 ippseudo.ippseudo_src = ipovly->ih_src;
1724 ippseudo.ippseudo_dst = ipovly->ih_dst;
1725 ippseudo.ippseudo_pad = 0;
1726 ippseudo.ippseudo_p = IPPROTO_TCP;
1727 ippseudo.ippseudo_len = htons(len + sizeof(struct tcphdr) + optlen);
1728 MD5Update(&ctx, (char *)&ippseudo, sizeof(struct ippseudo));
1729
1730 /*
1731 * Step 2: Update MD5 hash with TCP header, excluding options.
1732 * The TCP checksum must be set to zero.
1733 */
1734 savecsum = th->th_sum;
1735 th->th_sum = 0;
1736 MD5Update(&ctx, (char *)th, sizeof(struct tcphdr));
1737 th->th_sum = savecsum;
1738
1739 /*
1740 * Step 3: Update MD5 hash with TCP segment data.
1741 * Use m_apply() to avoid an early m_pullup().
1742 */
1743 if (len > 0)
1744 m_apply(m, doff, len, tcp_signature_apply, &ctx);
1745
1746 /*
1747 * Step 4: Update MD5 hash with shared secret.
1748 */
1749 MD5Update(&ctx, _KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
1750 MD5Final(buf, &ctx);
1751
1752 key_sa_recordxfer(sav, m);
1753 KEY_FREESAV(&sav);
1754 return (0);
1755 }
1756 #endif /* TCP_SIGNATURE */
Cache object: 036b9692e97e5f4bffb9d07aa778758e
|