1 /* $NetBSD: tcp_subr.c,v 1.160.2.5 2004/09/19 15:38:01 he Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 /*-
33 * Copyright (c) 1997, 1998, 2000, 2001 The NetBSD Foundation, Inc.
34 * All rights reserved.
35 *
36 * This code is derived from software contributed to The NetBSD Foundation
37 * by Jason R. Thorpe and Kevin M. Lahey of the Numerical Aerospace Simulation
38 * Facility, NASA Ames Research Center.
39 *
40 * Redistribution and use in source and binary forms, with or without
41 * modification, are permitted provided that the following conditions
42 * are met:
43 * 1. Redistributions of source code must retain the above copyright
44 * notice, this list of conditions and the following disclaimer.
45 * 2. Redistributions in binary form must reproduce the above copyright
46 * notice, this list of conditions and the following disclaimer in the
47 * documentation and/or other materials provided with the distribution.
48 * 3. All advertising materials mentioning features or use of this software
49 * must display the following acknowledgement:
50 * This product includes software developed by the NetBSD
51 * Foundation, Inc. and its contributors.
52 * 4. Neither the name of The NetBSD Foundation nor the names of its
53 * contributors may be used to endorse or promote products derived
54 * from this software without specific prior written permission.
55 *
56 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
57 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
58 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
59 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
60 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
61 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
62 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
63 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
64 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
65 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
66 * POSSIBILITY OF SUCH DAMAGE.
67 */
68
69 /*
70 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
71 * The Regents of the University of California. All rights reserved.
72 *
73 * Redistribution and use in source and binary forms, with or without
74 * modification, are permitted provided that the following conditions
75 * are met:
76 * 1. Redistributions of source code must retain the above copyright
77 * notice, this list of conditions and the following disclaimer.
78 * 2. Redistributions in binary form must reproduce the above copyright
79 * notice, this list of conditions and the following disclaimer in the
80 * documentation and/or other materials provided with the distribution.
81 * 3. Neither the name of the University nor the names of its contributors
82 * may be used to endorse or promote products derived from this software
83 * without specific prior written permission.
84 *
85 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
86 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
87 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
88 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
89 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
90 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
91 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
92 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
93 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
94 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
95 * SUCH DAMAGE.
96 *
97 * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95
98 */
99
100 #include <sys/cdefs.h>
101 __KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.160.2.5 2004/09/19 15:38:01 he Exp $");
102
103 #include "opt_inet.h"
104 #include "opt_ipsec.h"
105 #include "opt_tcp_compat_42.h"
106 #include "opt_inet_csum.h"
107 #include "opt_mbuftrace.h"
108 #include "rnd.h"
109
110 #include <sys/param.h>
111 #include <sys/proc.h>
112 #include <sys/systm.h>
113 #include <sys/malloc.h>
114 #include <sys/mbuf.h>
115 #include <sys/socket.h>
116 #include <sys/socketvar.h>
117 #include <sys/protosw.h>
118 #include <sys/errno.h>
119 #include <sys/kernel.h>
120 #include <sys/pool.h>
121 #if NRND > 0
122 #include <sys/md5.h>
123 #include <sys/rnd.h>
124 #endif
125
126 #include <net/route.h>
127 #include <net/if.h>
128
129 #include <netinet/in.h>
130 #include <netinet/in_systm.h>
131 #include <netinet/ip.h>
132 #include <netinet/in_pcb.h>
133 #include <netinet/ip_var.h>
134 #include <netinet/ip_icmp.h>
135
136 #ifdef INET6
137 #ifndef INET
138 #include <netinet/in.h>
139 #endif
140 #include <netinet/ip6.h>
141 #include <netinet6/in6_pcb.h>
142 #include <netinet6/ip6_var.h>
143 #include <netinet6/in6_var.h>
144 #include <netinet6/ip6protosw.h>
145 #include <netinet/icmp6.h>
146 #include <netinet6/nd6.h>
147 #endif
148
149 #include <netinet/tcp.h>
150 #include <netinet/tcp_fsm.h>
151 #include <netinet/tcp_seq.h>
152 #include <netinet/tcp_timer.h>
153 #include <netinet/tcp_var.h>
154 #include <netinet/tcpip.h>
155
156 #ifdef IPSEC
157 #include <netinet6/ipsec.h>
158 #endif /*IPSEC*/
159
160 #ifdef FAST_IPSEC
161 #include <netipsec/ipsec.h>
162 #ifdef INET6
163 #include <netipsec/ipsec6.h>
164 #endif
165 #endif /* FAST_IPSEC*/
166
167
168 struct inpcbtable tcbtable; /* head of queue of active tcpcb's */
169 struct tcpstat tcpstat; /* tcp statistics */
170 u_int32_t tcp_now; /* for RFC 1323 timestamps */
171
172 /* patchable/settable parameters for tcp */
173 int tcp_mssdflt = TCP_MSS;
174 int tcp_rttdflt = TCPTV_SRTTDFLT / PR_SLOWHZ;
175 int tcp_do_rfc1323 = 1; /* window scaling / timestamps (obsolete) */
176 #if NRND > 0
177 int tcp_do_rfc1948 = 0; /* ISS by cryptographic hash */
178 #endif
179 int tcp_do_sack = 1; /* selective acknowledgement */
180 int tcp_do_win_scale = 1; /* RFC1323 window scaling */
181 int tcp_do_timestamps = 1; /* RFC1323 timestamps */
182 int tcp_do_newreno = 1; /* Use the New Reno algorithms */
183 int tcp_ack_on_push = 0; /* set to enable immediate ACK-on-PUSH */
184 #ifndef TCP_INIT_WIN
185 #define TCP_INIT_WIN 0 /* initial slow start window */
186 #endif
187 #ifndef TCP_INIT_WIN_LOCAL
188 #define TCP_INIT_WIN_LOCAL 4 /* initial slow start window for local nets */
189 #endif
190 int tcp_init_win = TCP_INIT_WIN;
191 int tcp_init_win_local = TCP_INIT_WIN_LOCAL;
192 int tcp_mss_ifmtu = 0;
193 #ifdef TCP_COMPAT_42
194 int tcp_compat_42 = 1;
195 #else
196 int tcp_compat_42 = 0;
197 #endif
198 int tcp_rst_ppslim = 100; /* 100pps */
199 int tcp_ackdrop_ppslim = 100; /* 100pps */
200
201 /* tcb hash */
202 #ifndef TCBHASHSIZE
203 #define TCBHASHSIZE 128
204 #endif
205 int tcbhashsize = TCBHASHSIZE;
206
207 /* syn hash parameters */
208 #define TCP_SYN_HASH_SIZE 293
209 #define TCP_SYN_BUCKET_SIZE 35
210 int tcp_syn_cache_size = TCP_SYN_HASH_SIZE;
211 int tcp_syn_cache_limit = TCP_SYN_HASH_SIZE*TCP_SYN_BUCKET_SIZE;
212 int tcp_syn_bucket_limit = 3*TCP_SYN_BUCKET_SIZE;
213 struct syn_cache_head tcp_syn_cache[TCP_SYN_HASH_SIZE];
214
215 int tcp_freeq __P((struct tcpcb *));
216
217 #ifdef INET
218 void tcp_mtudisc_callback __P((struct in_addr));
219 #endif
220 #ifdef INET6
221 void tcp6_mtudisc_callback __P((struct in6_addr *));
222 #endif
223
224 void tcp_mtudisc __P((struct inpcb *, int));
225 #ifdef INET6
226 void tcp6_mtudisc __P((struct in6pcb *, int));
227 #endif
228
229 struct pool tcpcb_pool;
230
231 #ifdef TCP_CSUM_COUNTERS
232 #include <sys/device.h>
233
234 struct evcnt tcp_hwcsum_bad = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
235 NULL, "tcp", "hwcsum bad");
236 struct evcnt tcp_hwcsum_ok = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
237 NULL, "tcp", "hwcsum ok");
238 struct evcnt tcp_hwcsum_data = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
239 NULL, "tcp", "hwcsum data");
240 struct evcnt tcp_swcsum = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
241 NULL, "tcp", "swcsum");
242 #endif /* TCP_CSUM_COUNTERS */
243
244 #ifdef TCP_OUTPUT_COUNTERS
245 #include <sys/device.h>
246
247 struct evcnt tcp_output_bigheader = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
248 NULL, "tcp", "output big header");
249 struct evcnt tcp_output_predict_hit = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
250 NULL, "tcp", "output predict hit");
251 struct evcnt tcp_output_predict_miss = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
252 NULL, "tcp", "output predict miss");
253 struct evcnt tcp_output_copysmall = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
254 NULL, "tcp", "output copy small");
255 struct evcnt tcp_output_copybig = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
256 NULL, "tcp", "output copy big");
257 struct evcnt tcp_output_refbig = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
258 NULL, "tcp", "output reference big");
259 #endif /* TCP_OUTPUT_COUNTERS */
260
261 #ifdef TCP_REASS_COUNTERS
262 #include <sys/device.h>
263
264 struct evcnt tcp_reass_ = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
265 NULL, "tcp_reass", "calls");
266 struct evcnt tcp_reass_empty = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
267 &tcp_reass_, "tcp_reass", "insert into empty queue");
268 struct evcnt tcp_reass_iteration[8] = {
269 EVCNT_INITIALIZER(EVCNT_TYPE_MISC, &tcp_reass_, "tcp_reass", ">7 iterations"),
270 EVCNT_INITIALIZER(EVCNT_TYPE_MISC, &tcp_reass_, "tcp_reass", "1 iteration"),
271 EVCNT_INITIALIZER(EVCNT_TYPE_MISC, &tcp_reass_, "tcp_reass", "2 iterations"),
272 EVCNT_INITIALIZER(EVCNT_TYPE_MISC, &tcp_reass_, "tcp_reass", "3 iterations"),
273 EVCNT_INITIALIZER(EVCNT_TYPE_MISC, &tcp_reass_, "tcp_reass", "4 iterations"),
274 EVCNT_INITIALIZER(EVCNT_TYPE_MISC, &tcp_reass_, "tcp_reass", "5 iterations"),
275 EVCNT_INITIALIZER(EVCNT_TYPE_MISC, &tcp_reass_, "tcp_reass", "6 iterations"),
276 EVCNT_INITIALIZER(EVCNT_TYPE_MISC, &tcp_reass_, "tcp_reass", "7 iterations"),
277 };
278 struct evcnt tcp_reass_prependfirst = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
279 &tcp_reass_, "tcp_reass", "prepend to first");
280 struct evcnt tcp_reass_prepend = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
281 &tcp_reass_, "tcp_reass", "prepend");
282 struct evcnt tcp_reass_insert = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
283 &tcp_reass_, "tcp_reass", "insert");
284 struct evcnt tcp_reass_inserttail = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
285 &tcp_reass_, "tcp_reass", "insert at tail");
286 struct evcnt tcp_reass_append = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
287 &tcp_reass_, "tcp_reass", "append");
288 struct evcnt tcp_reass_appendtail = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
289 &tcp_reass_, "tcp_reass", "append to tail fragment");
290 struct evcnt tcp_reass_overlaptail = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
291 &tcp_reass_, "tcp_reass", "overlap at end");
292 struct evcnt tcp_reass_overlapfront = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
293 &tcp_reass_, "tcp_reass", "overlap at start");
294 struct evcnt tcp_reass_segdup = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
295 &tcp_reass_, "tcp_reass", "duplicate segment");
296 struct evcnt tcp_reass_fragdup = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
297 &tcp_reass_, "tcp_reass", "duplicate fragment");
298
299 #endif /* TCP_REASS_COUNTERS */
300
301 #ifdef MBUFTRACE
302 struct mowner tcp_mowner = { "tcp" };
303 struct mowner tcp_rx_mowner = { "tcp", "rx" };
304 struct mowner tcp_tx_mowner = { "tcp", "tx" };
305 #endif
306
307 /*
308 * Tcp initialization
309 */
310 void
311 tcp_init()
312 {
313 int hlen;
314
315 /* Initialize the TCPCB template. */
316 tcp_tcpcb_template();
317
318 pool_init(&tcpcb_pool, sizeof(struct tcpcb), 0, 0, 0, "tcpcbpl",
319 NULL);
320 in_pcbinit(&tcbtable, tcbhashsize, tcbhashsize);
321
322 pool_init(&tcpipqent_pool, sizeof(struct ipqent), 0, 0, 0, "tcpipqepl",
323 NULL);
324
325 hlen = sizeof(struct ip) + sizeof(struct tcphdr);
326 #ifdef INET6
327 if (sizeof(struct ip) < sizeof(struct ip6_hdr))
328 hlen = sizeof(struct ip6_hdr) + sizeof(struct tcphdr);
329 #endif
330 if (max_protohdr < hlen)
331 max_protohdr = hlen;
332 if (max_linkhdr + hlen > MHLEN)
333 panic("tcp_init");
334
335 #ifdef INET
336 icmp_mtudisc_callback_register(tcp_mtudisc_callback);
337 #endif
338 #ifdef INET6
339 icmp6_mtudisc_callback_register(tcp6_mtudisc_callback);
340 #endif
341
342 /* Initialize timer state. */
343 tcp_timer_init();
344
345 /* Initialize the compressed state engine. */
346 syn_cache_init();
347
348 #ifdef TCP_CSUM_COUNTERS
349 evcnt_attach_static(&tcp_hwcsum_bad);
350 evcnt_attach_static(&tcp_hwcsum_ok);
351 evcnt_attach_static(&tcp_hwcsum_data);
352 evcnt_attach_static(&tcp_swcsum);
353 #endif /* TCP_CSUM_COUNTERS */
354
355 #ifdef TCP_OUTPUT_COUNTERS
356 evcnt_attach_static(&tcp_output_bigheader);
357 evcnt_attach_static(&tcp_output_predict_hit);
358 evcnt_attach_static(&tcp_output_predict_miss);
359 evcnt_attach_static(&tcp_output_copysmall);
360 evcnt_attach_static(&tcp_output_copybig);
361 evcnt_attach_static(&tcp_output_refbig);
362 #endif /* TCP_OUTPUT_COUNTERS */
363
364 #ifdef TCP_REASS_COUNTERS
365 evcnt_attach_static(&tcp_reass_);
366 evcnt_attach_static(&tcp_reass_empty);
367 evcnt_attach_static(&tcp_reass_iteration[0]);
368 evcnt_attach_static(&tcp_reass_iteration[1]);
369 evcnt_attach_static(&tcp_reass_iteration[2]);
370 evcnt_attach_static(&tcp_reass_iteration[3]);
371 evcnt_attach_static(&tcp_reass_iteration[4]);
372 evcnt_attach_static(&tcp_reass_iteration[5]);
373 evcnt_attach_static(&tcp_reass_iteration[6]);
374 evcnt_attach_static(&tcp_reass_iteration[7]);
375 evcnt_attach_static(&tcp_reass_prependfirst);
376 evcnt_attach_static(&tcp_reass_prepend);
377 evcnt_attach_static(&tcp_reass_insert);
378 evcnt_attach_static(&tcp_reass_inserttail);
379 evcnt_attach_static(&tcp_reass_append);
380 evcnt_attach_static(&tcp_reass_appendtail);
381 evcnt_attach_static(&tcp_reass_overlaptail);
382 evcnt_attach_static(&tcp_reass_overlapfront);
383 evcnt_attach_static(&tcp_reass_segdup);
384 evcnt_attach_static(&tcp_reass_fragdup);
385 #endif /* TCP_REASS_COUNTERS */
386
387 MOWNER_ATTACH(&tcp_tx_mowner);
388 MOWNER_ATTACH(&tcp_rx_mowner);
389 MOWNER_ATTACH(&tcp_mowner);
390 }
391
392 /*
393 * Create template to be used to send tcp packets on a connection.
394 * Call after host entry created, allocates an mbuf and fills
395 * in a skeletal tcp/ip header, minimizing the amount of work
396 * necessary when the connection is used.
397 */
398 struct mbuf *
399 tcp_template(tp)
400 struct tcpcb *tp;
401 {
402 struct inpcb *inp = tp->t_inpcb;
403 #ifdef INET6
404 struct in6pcb *in6p = tp->t_in6pcb;
405 #endif
406 struct tcphdr *n;
407 struct mbuf *m;
408 int hlen;
409
410 switch (tp->t_family) {
411 case AF_INET:
412 hlen = sizeof(struct ip);
413 if (inp)
414 break;
415 #ifdef INET6
416 if (in6p) {
417 /* mapped addr case */
418 if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_laddr)
419 && IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr))
420 break;
421 }
422 #endif
423 return NULL; /*EINVAL*/
424 #ifdef INET6
425 case AF_INET6:
426 hlen = sizeof(struct ip6_hdr);
427 if (in6p) {
428 /* more sainty check? */
429 break;
430 }
431 return NULL; /*EINVAL*/
432 #endif
433 default:
434 hlen = 0; /*pacify gcc*/
435 return NULL; /*EAFNOSUPPORT*/
436 }
437 #ifdef DIAGNOSTIC
438 if (hlen + sizeof(struct tcphdr) > MCLBYTES)
439 panic("mclbytes too small for t_template");
440 #endif
441 m = tp->t_template;
442 if (m && m->m_len == hlen + sizeof(struct tcphdr))
443 ;
444 else {
445 if (m)
446 m_freem(m);
447 m = tp->t_template = NULL;
448 MGETHDR(m, M_DONTWAIT, MT_HEADER);
449 if (m && hlen + sizeof(struct tcphdr) > MHLEN) {
450 MCLGET(m, M_DONTWAIT);
451 if ((m->m_flags & M_EXT) == 0) {
452 m_free(m);
453 m = NULL;
454 }
455 }
456 if (m == NULL)
457 return NULL;
458 MCLAIM(m, &tcp_mowner);
459 m->m_pkthdr.len = m->m_len = hlen + sizeof(struct tcphdr);
460 }
461
462 bzero(mtod(m, caddr_t), m->m_len);
463
464 n = (struct tcphdr *)(mtod(m, caddr_t) + hlen);
465
466 switch (tp->t_family) {
467 case AF_INET:
468 {
469 struct ipovly *ipov;
470 mtod(m, struct ip *)->ip_v = 4;
471 mtod(m, struct ip *)->ip_hl = hlen >> 2;
472 ipov = mtod(m, struct ipovly *);
473 ipov->ih_pr = IPPROTO_TCP;
474 ipov->ih_len = htons(sizeof(struct tcphdr));
475 if (inp) {
476 ipov->ih_src = inp->inp_laddr;
477 ipov->ih_dst = inp->inp_faddr;
478 }
479 #ifdef INET6
480 else if (in6p) {
481 /* mapped addr case */
482 bcopy(&in6p->in6p_laddr.s6_addr32[3], &ipov->ih_src,
483 sizeof(ipov->ih_src));
484 bcopy(&in6p->in6p_faddr.s6_addr32[3], &ipov->ih_dst,
485 sizeof(ipov->ih_dst));
486 }
487 #endif
488 /*
489 * Compute the pseudo-header portion of the checksum
490 * now. We incrementally add in the TCP option and
491 * payload lengths later, and then compute the TCP
492 * checksum right before the packet is sent off onto
493 * the wire.
494 */
495 n->th_sum = in_cksum_phdr(ipov->ih_src.s_addr,
496 ipov->ih_dst.s_addr,
497 htons(sizeof(struct tcphdr) + IPPROTO_TCP));
498 break;
499 }
500 #ifdef INET6
501 case AF_INET6:
502 {
503 struct ip6_hdr *ip6;
504 mtod(m, struct ip *)->ip_v = 6;
505 ip6 = mtod(m, struct ip6_hdr *);
506 ip6->ip6_nxt = IPPROTO_TCP;
507 ip6->ip6_plen = htons(sizeof(struct tcphdr));
508 ip6->ip6_src = in6p->in6p_laddr;
509 ip6->ip6_dst = in6p->in6p_faddr;
510 ip6->ip6_flow = in6p->in6p_flowinfo & IPV6_FLOWINFO_MASK;
511 if (ip6_auto_flowlabel) {
512 ip6->ip6_flow &= ~IPV6_FLOWLABEL_MASK;
513 ip6->ip6_flow |=
514 (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK);
515 }
516 ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
517 ip6->ip6_vfc |= IPV6_VERSION;
518
519 /*
520 * Compute the pseudo-header portion of the checksum
521 * now. We incrementally add in the TCP option and
522 * payload lengths later, and then compute the TCP
523 * checksum right before the packet is sent off onto
524 * the wire.
525 */
526 n->th_sum = in6_cksum_phdr(&in6p->in6p_laddr,
527 &in6p->in6p_faddr, htonl(sizeof(struct tcphdr)),
528 htonl(IPPROTO_TCP));
529 break;
530 }
531 #endif
532 }
533 if (inp) {
534 n->th_sport = inp->inp_lport;
535 n->th_dport = inp->inp_fport;
536 }
537 #ifdef INET6
538 else if (in6p) {
539 n->th_sport = in6p->in6p_lport;
540 n->th_dport = in6p->in6p_fport;
541 }
542 #endif
543 n->th_seq = 0;
544 n->th_ack = 0;
545 n->th_x2 = 0;
546 n->th_off = 5;
547 n->th_flags = 0;
548 n->th_win = 0;
549 n->th_urp = 0;
550 return (m);
551 }
552
553 /*
554 * Send a single message to the TCP at address specified by
555 * the given TCP/IP header. If m == 0, then we make a copy
556 * of the tcpiphdr at ti and send directly to the addressed host.
557 * This is used to force keep alive messages out using the TCP
558 * template for a connection tp->t_template. If flags are given
559 * then we send a message back to the TCP which originated the
560 * segment ti, and discard the mbuf containing it and any other
561 * attached mbufs.
562 *
563 * In any case the ack and sequence number of the transmitted
564 * segment are as specified by the parameters.
565 */
566 int
567 tcp_respond(tp, template, m, th0, ack, seq, flags)
568 struct tcpcb *tp;
569 struct mbuf *template;
570 struct mbuf *m;
571 struct tcphdr *th0;
572 tcp_seq ack, seq;
573 int flags;
574 {
575 struct route *ro;
576 int error, tlen, win = 0;
577 int hlen;
578 struct ip *ip;
579 #ifdef INET6
580 struct ip6_hdr *ip6;
581 #endif
582 int family; /* family on packet, not inpcb/in6pcb! */
583 struct tcphdr *th;
584 struct socket *so;
585
586 if (tp != NULL && (flags & TH_RST) == 0) {
587 #ifdef DIAGNOSTIC
588 if (tp->t_inpcb && tp->t_in6pcb)
589 panic("tcp_respond: both t_inpcb and t_in6pcb are set");
590 #endif
591 #ifdef INET
592 if (tp->t_inpcb)
593 win = sbspace(&tp->t_inpcb->inp_socket->so_rcv);
594 #endif
595 #ifdef INET6
596 if (tp->t_in6pcb)
597 win = sbspace(&tp->t_in6pcb->in6p_socket->so_rcv);
598 #endif
599 }
600
601 th = NULL; /* Quell uninitialized warning */
602 ip = NULL;
603 #ifdef INET6
604 ip6 = NULL;
605 #endif
606 if (m == 0) {
607 if (!template)
608 return EINVAL;
609
610 /* get family information from template */
611 switch (mtod(template, struct ip *)->ip_v) {
612 case 4:
613 family = AF_INET;
614 hlen = sizeof(struct ip);
615 break;
616 #ifdef INET6
617 case 6:
618 family = AF_INET6;
619 hlen = sizeof(struct ip6_hdr);
620 break;
621 #endif
622 default:
623 return EAFNOSUPPORT;
624 }
625
626 MGETHDR(m, M_DONTWAIT, MT_HEADER);
627 if (m) {
628 MCLAIM(m, &tcp_tx_mowner);
629 MCLGET(m, M_DONTWAIT);
630 if ((m->m_flags & M_EXT) == 0) {
631 m_free(m);
632 m = NULL;
633 }
634 }
635 if (m == NULL)
636 return (ENOBUFS);
637
638 if (tcp_compat_42)
639 tlen = 1;
640 else
641 tlen = 0;
642
643 m->m_data += max_linkhdr;
644 bcopy(mtod(template, caddr_t), mtod(m, caddr_t),
645 template->m_len);
646 switch (family) {
647 case AF_INET:
648 ip = mtod(m, struct ip *);
649 th = (struct tcphdr *)(ip + 1);
650 break;
651 #ifdef INET6
652 case AF_INET6:
653 ip6 = mtod(m, struct ip6_hdr *);
654 th = (struct tcphdr *)(ip6 + 1);
655 break;
656 #endif
657 #if 0
658 default:
659 /* noone will visit here */
660 m_freem(m);
661 return EAFNOSUPPORT;
662 #endif
663 }
664 flags = TH_ACK;
665 } else {
666
667 if ((m->m_flags & M_PKTHDR) == 0) {
668 #if 0
669 printf("non PKTHDR to tcp_respond\n");
670 #endif
671 m_freem(m);
672 return EINVAL;
673 }
674 #ifdef DIAGNOSTIC
675 if (!th0)
676 panic("th0 == NULL in tcp_respond");
677 #endif
678
679 /* get family information from m */
680 switch (mtod(m, struct ip *)->ip_v) {
681 case 4:
682 family = AF_INET;
683 hlen = sizeof(struct ip);
684 ip = mtod(m, struct ip *);
685 break;
686 #ifdef INET6
687 case 6:
688 family = AF_INET6;
689 hlen = sizeof(struct ip6_hdr);
690 ip6 = mtod(m, struct ip6_hdr *);
691 break;
692 #endif
693 default:
694 m_freem(m);
695 return EAFNOSUPPORT;
696 }
697 if ((flags & TH_SYN) == 0 || sizeof(*th0) > (th0->th_off << 2))
698 tlen = sizeof(*th0);
699 else
700 tlen = th0->th_off << 2;
701
702 if (m->m_len > hlen + tlen && (m->m_flags & M_EXT) == 0 &&
703 mtod(m, caddr_t) + hlen == (caddr_t)th0) {
704 m->m_len = hlen + tlen;
705 m_freem(m->m_next);
706 m->m_next = NULL;
707 } else {
708 struct mbuf *n;
709
710 #ifdef DIAGNOSTIC
711 if (max_linkhdr + hlen + tlen > MCLBYTES) {
712 m_freem(m);
713 return EMSGSIZE;
714 }
715 #endif
716 MGETHDR(n, M_DONTWAIT, MT_HEADER);
717 if (n && max_linkhdr + hlen + tlen > MHLEN) {
718 MCLGET(n, M_DONTWAIT);
719 if ((n->m_flags & M_EXT) == 0) {
720 m_freem(n);
721 n = NULL;
722 }
723 }
724 if (!n) {
725 m_freem(m);
726 return ENOBUFS;
727 }
728
729 MCLAIM(n, &tcp_tx_mowner);
730 n->m_data += max_linkhdr;
731 n->m_len = hlen + tlen;
732 m_copyback(n, 0, hlen, mtod(m, caddr_t));
733 m_copyback(n, hlen, tlen, (caddr_t)th0);
734
735 m_freem(m);
736 m = n;
737 n = NULL;
738 }
739
740 #define xchg(a,b,type) { type t; t=a; a=b; b=t; }
741 switch (family) {
742 case AF_INET:
743 ip = mtod(m, struct ip *);
744 th = (struct tcphdr *)(ip + 1);
745 ip->ip_p = IPPROTO_TCP;
746 xchg(ip->ip_dst, ip->ip_src, struct in_addr);
747 ip->ip_p = IPPROTO_TCP;
748 break;
749 #ifdef INET6
750 case AF_INET6:
751 ip6 = mtod(m, struct ip6_hdr *);
752 th = (struct tcphdr *)(ip6 + 1);
753 ip6->ip6_nxt = IPPROTO_TCP;
754 xchg(ip6->ip6_dst, ip6->ip6_src, struct in6_addr);
755 ip6->ip6_nxt = IPPROTO_TCP;
756 break;
757 #endif
758 #if 0
759 default:
760 /* noone will visit here */
761 m_freem(m);
762 return EAFNOSUPPORT;
763 #endif
764 }
765 xchg(th->th_dport, th->th_sport, u_int16_t);
766 #undef xchg
767 tlen = 0; /*be friendly with the following code*/
768 }
769 th->th_seq = htonl(seq);
770 th->th_ack = htonl(ack);
771 th->th_x2 = 0;
772 if ((flags & TH_SYN) == 0) {
773 if (tp)
774 win >>= tp->rcv_scale;
775 if (win > TCP_MAXWIN)
776 win = TCP_MAXWIN;
777 th->th_win = htons((u_int16_t)win);
778 th->th_off = sizeof (struct tcphdr) >> 2;
779 tlen += sizeof(*th);
780 } else
781 tlen += th->th_off << 2;
782 m->m_len = hlen + tlen;
783 m->m_pkthdr.len = hlen + tlen;
784 m->m_pkthdr.rcvif = (struct ifnet *) 0;
785 th->th_flags = flags;
786 th->th_urp = 0;
787
788 switch (family) {
789 #ifdef INET
790 case AF_INET:
791 {
792 struct ipovly *ipov = (struct ipovly *)ip;
793 bzero(ipov->ih_x1, sizeof ipov->ih_x1);
794 ipov->ih_len = htons((u_int16_t)tlen);
795
796 th->th_sum = 0;
797 th->th_sum = in_cksum(m, hlen + tlen);
798 ip->ip_len = htons(hlen + tlen);
799 ip->ip_ttl = ip_defttl;
800 break;
801 }
802 #endif
803 #ifdef INET6
804 case AF_INET6:
805 {
806 th->th_sum = 0;
807 th->th_sum = in6_cksum(m, IPPROTO_TCP, sizeof(struct ip6_hdr),
808 tlen);
809 ip6->ip6_plen = ntohs(tlen);
810 if (tp && tp->t_in6pcb) {
811 struct ifnet *oifp;
812 ro = (struct route *)&tp->t_in6pcb->in6p_route;
813 oifp = ro->ro_rt ? ro->ro_rt->rt_ifp : NULL;
814 ip6->ip6_hlim = in6_selecthlim(tp->t_in6pcb, oifp);
815 } else
816 ip6->ip6_hlim = ip6_defhlim;
817 ip6->ip6_flow &= ~IPV6_FLOWINFO_MASK;
818 if (ip6_auto_flowlabel) {
819 ip6->ip6_flow |=
820 (htonl(ip6_randomflowlabel()) & IPV6_FLOWLABEL_MASK);
821 }
822 break;
823 }
824 #endif
825 }
826
827 if (tp && tp->t_inpcb)
828 so = tp->t_inpcb->inp_socket;
829 #ifdef INET6
830 else if (tp && tp->t_in6pcb)
831 so = tp->t_in6pcb->in6p_socket;
832 #endif
833 else
834 so = NULL;
835
836 if (tp != NULL && tp->t_inpcb != NULL) {
837 ro = &tp->t_inpcb->inp_route;
838 #ifdef DIAGNOSTIC
839 if (family != AF_INET)
840 panic("tcp_respond: address family mismatch");
841 if (!in_hosteq(ip->ip_dst, tp->t_inpcb->inp_faddr)) {
842 panic("tcp_respond: ip_dst %x != inp_faddr %x",
843 ntohl(ip->ip_dst.s_addr),
844 ntohl(tp->t_inpcb->inp_faddr.s_addr));
845 }
846 #endif
847 }
848 #ifdef INET6
849 else if (tp != NULL && tp->t_in6pcb != NULL) {
850 ro = (struct route *)&tp->t_in6pcb->in6p_route;
851 #ifdef DIAGNOSTIC
852 if (family == AF_INET) {
853 if (!IN6_IS_ADDR_V4MAPPED(&tp->t_in6pcb->in6p_faddr))
854 panic("tcp_respond: not mapped addr");
855 if (bcmp(&ip->ip_dst,
856 &tp->t_in6pcb->in6p_faddr.s6_addr32[3],
857 sizeof(ip->ip_dst)) != 0) {
858 panic("tcp_respond: ip_dst != in6p_faddr");
859 }
860 } else if (family == AF_INET6) {
861 if (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
862 &tp->t_in6pcb->in6p_faddr))
863 panic("tcp_respond: ip6_dst != in6p_faddr");
864 } else
865 panic("tcp_respond: address family mismatch");
866 #endif
867 }
868 #endif
869 else
870 ro = NULL;
871
872 switch (family) {
873 #ifdef INET
874 case AF_INET:
875 error = ip_output(m, NULL, ro,
876 (tp && tp->t_mtudisc ? IP_MTUDISC : 0),
877 (struct ip_moptions *)0, so);
878 break;
879 #endif
880 #ifdef INET6
881 case AF_INET6:
882 error = ip6_output(m, NULL, (struct route_in6 *)ro, 0,
883 (struct ip6_moptions *)0, so, NULL);
884 break;
885 #endif
886 default:
887 error = EAFNOSUPPORT;
888 break;
889 }
890
891 return (error);
892 }
893
894 /*
895 * Template TCPCB. Rather than zeroing a new TCPCB and initializing
896 * a bunch of members individually, we maintain this template for the
897 * static and mostly-static components of the TCPCB, and copy it into
898 * the new TCPCB instead.
899 */
900 static struct tcpcb tcpcb_template = {
901 /*
902 * If TCP_NTIMERS ever changes, we'll need to update this
903 * initializer.
904 */
905 .t_timer = {
906 CALLOUT_INITIALIZER,
907 CALLOUT_INITIALIZER,
908 CALLOUT_INITIALIZER,
909 CALLOUT_INITIALIZER,
910 },
911 .t_delack_ch = CALLOUT_INITIALIZER,
912
913 .t_srtt = TCPTV_SRTTBASE,
914 .t_rttmin = TCPTV_MIN,
915
916 .snd_cwnd = TCP_MAXWIN << TCP_MAX_WINSHIFT,
917 .snd_ssthresh = TCP_MAXWIN << TCP_MAX_WINSHIFT,
918 };
919
920 /*
921 * Updates the TCPCB template whenever a parameter that would affect
922 * the template is changed.
923 */
924 void
925 tcp_tcpcb_template(void)
926 {
927 struct tcpcb *tp = &tcpcb_template;
928 int flags;
929
930 tp->t_peermss = tcp_mssdflt;
931 tp->t_ourmss = tcp_mssdflt;
932 tp->t_segsz = tcp_mssdflt;
933
934 flags = 0;
935 if (tcp_do_rfc1323 && tcp_do_win_scale)
936 flags |= TF_REQ_SCALE;
937 if (tcp_do_rfc1323 && tcp_do_timestamps)
938 flags |= TF_REQ_TSTMP;
939 if (tcp_do_sack == 2)
940 flags |= TF_WILL_SACK;
941 else if (tcp_do_sack == 1)
942 flags |= TF_WILL_SACK|TF_IGNR_RXSACK;
943 flags |= TF_CANT_TXSACK;
944 tp->t_flags = flags;
945
946 /*
947 * Init srtt to TCPTV_SRTTBASE (0), so we can tell that we have no
948 * rtt estimate. Set rttvar so that srtt + 2 * rttvar gives
949 * reasonable initial retransmit time.
950 */
951 tp->t_rttvar = tcp_rttdflt * PR_SLOWHZ << (TCP_RTTVAR_SHIFT + 2 - 1);
952 TCPT_RANGESET(tp->t_rxtcur, TCP_REXMTVAL(tp),
953 TCPTV_MIN, TCPTV_REXMTMAX);
954 }
955
956 /*
957 * Create a new TCP control block, making an
958 * empty reassembly queue and hooking it to the argument
959 * protocol control block.
960 */
961 struct tcpcb *
962 tcp_newtcpcb(family, aux)
963 int family; /* selects inpcb, or in6pcb */
964 void *aux;
965 {
966 struct tcpcb *tp;
967 int i;
968
969 /* XXX Consider using a pool_cache for speed. */
970 tp = pool_get(&tcpcb_pool, PR_NOWAIT);
971 if (tp == NULL)
972 return (NULL);
973 memcpy(tp, &tcpcb_template, sizeof(*tp));
974 TAILQ_INIT(&tp->segq);
975 TAILQ_INIT(&tp->timeq);
976 tp->t_family = family; /* may be overridden later on */
977 LIST_INIT(&tp->t_sc); /* XXX can template this */
978
979 /* Don't sweat this loop; hopefully the compiler will unroll it. */
980 for (i = 0; i < TCPT_NTIMERS; i++)
981 TCP_TIMER_INIT(tp, i);
982
983 switch (family) {
984 case AF_INET:
985 {
986 struct inpcb *inp = (struct inpcb *)aux;
987
988 inp->inp_ip.ip_ttl = ip_defttl;
989 inp->inp_ppcb = (caddr_t)tp;
990
991 tp->t_inpcb = inp;
992 tp->t_mtudisc = ip_mtudisc;
993 break;
994 }
995 #ifdef INET6
996 case AF_INET6:
997 {
998 struct in6pcb *in6p = (struct in6pcb *)aux;
999
1000 in6p->in6p_ip6.ip6_hlim = in6_selecthlim(in6p,
1001 in6p->in6p_route.ro_rt ? in6p->in6p_route.ro_rt->rt_ifp
1002 : NULL);
1003 in6p->in6p_ppcb = (caddr_t)tp;
1004
1005 tp->t_in6pcb = in6p;
1006 /* for IPv6, always try to run path MTU discovery */
1007 tp->t_mtudisc = 1;
1008 break;
1009 }
1010 #endif /* INET6 */
1011 default:
1012 pool_put(&tcpcb_pool, tp);
1013 return (NULL);
1014 }
1015
1016 /*
1017 * Initialize our timebase. When we send timestamps, we take
1018 * the delta from tcp_now -- this means each connection always
1019 * gets a timebase of 0, which makes it, among other things,
1020 * more difficult to determine how long a system has been up,
1021 * and thus how many TCP sequence increments have occurred.
1022 */
1023 tp->ts_timebase = tcp_now;
1024
1025 return (tp);
1026 }
1027
1028 /*
1029 * Drop a TCP connection, reporting
1030 * the specified error. If connection is synchronized,
1031 * then send a RST to peer.
1032 */
1033 struct tcpcb *
1034 tcp_drop(tp, errno)
1035 struct tcpcb *tp;
1036 int errno;
1037 {
1038 struct socket *so = NULL;
1039
1040 #ifdef DIAGNOSTIC
1041 if (tp->t_inpcb && tp->t_in6pcb)
1042 panic("tcp_drop: both t_inpcb and t_in6pcb are set");
1043 #endif
1044 #ifdef INET
1045 if (tp->t_inpcb)
1046 so = tp->t_inpcb->inp_socket;
1047 #endif
1048 #ifdef INET6
1049 if (tp->t_in6pcb)
1050 so = tp->t_in6pcb->in6p_socket;
1051 #endif
1052 if (!so)
1053 return NULL;
1054
1055 if (TCPS_HAVERCVDSYN(tp->t_state)) {
1056 tp->t_state = TCPS_CLOSED;
1057 (void) tcp_output(tp);
1058 tcpstat.tcps_drops++;
1059 } else
1060 tcpstat.tcps_conndrops++;
1061 if (errno == ETIMEDOUT && tp->t_softerror)
1062 errno = tp->t_softerror;
1063 so->so_error = errno;
1064 return (tcp_close(tp));
1065 }
1066
1067 /*
1068 * Return whether this tcpcb is marked as dead, indicating
1069 * to the calling timer function that no further action should
1070 * be taken, as we are about to release this tcpcb. The release
1071 * of the storage will be done if this is the last timer running.
1072 *
1073 * This should be called from the callout handler function after
1074 * callout_ack() is done, so that the number of invoking timer
1075 * functions is 0.
1076 */
1077 int
1078 tcp_isdead(tp)
1079 struct tcpcb *tp;
1080 {
1081 int dead = (tp->t_flags & TF_DEAD);
1082
1083 if (__predict_false(dead)) {
1084 if (tcp_timers_invoking(tp) > 0)
1085 /* not quite there yet -- count separately? */
1086 return dead;
1087 tcpstat.tcps_delayed_free++;
1088 pool_put(&tcpcb_pool, tp);
1089 }
1090 return dead;
1091 }
1092
1093 /*
1094 * Close a TCP control block:
1095 * discard all space held by the tcp
1096 * discard internet protocol block
1097 * wake up any sleepers
1098 */
1099 struct tcpcb *
1100 tcp_close(tp)
1101 struct tcpcb *tp;
1102 {
1103 struct inpcb *inp;
1104 #ifdef INET6
1105 struct in6pcb *in6p;
1106 #endif
1107 struct socket *so;
1108 #ifdef RTV_RTT
1109 struct rtentry *rt;
1110 #endif
1111 struct route *ro;
1112
1113 inp = tp->t_inpcb;
1114 #ifdef INET6
1115 in6p = tp->t_in6pcb;
1116 #endif
1117 so = NULL;
1118 ro = NULL;
1119 if (inp) {
1120 so = inp->inp_socket;
1121 ro = &inp->inp_route;
1122 }
1123 #ifdef INET6
1124 else if (in6p) {
1125 so = in6p->in6p_socket;
1126 ro = (struct route *)&in6p->in6p_route;
1127 }
1128 #endif
1129
1130 #ifdef RTV_RTT
1131 /*
1132 * If we sent enough data to get some meaningful characteristics,
1133 * save them in the routing entry. 'Enough' is arbitrarily
1134 * defined as the sendpipesize (default 4K) * 16. This would
1135 * give us 16 rtt samples assuming we only get one sample per
1136 * window (the usual case on a long haul net). 16 samples is
1137 * enough for the srtt filter to converge to within 5% of the correct
1138 * value; fewer samples and we could save a very bogus rtt.
1139 *
1140 * Don't update the default route's characteristics and don't
1141 * update anything that the user "locked".
1142 */
1143 if (SEQ_LT(tp->iss + so->so_snd.sb_hiwat * 16, tp->snd_max) &&
1144 ro && (rt = ro->ro_rt) &&
1145 !in_nullhost(satosin(rt_key(rt))->sin_addr)) {
1146 u_long i = 0;
1147
1148 if ((rt->rt_rmx.rmx_locks & RTV_RTT) == 0) {
1149 i = tp->t_srtt *
1150 ((RTM_RTTUNIT / PR_SLOWHZ) >> (TCP_RTT_SHIFT + 2));
1151 if (rt->rt_rmx.rmx_rtt && i)
1152 /*
1153 * filter this update to half the old & half
1154 * the new values, converting scale.
1155 * See route.h and tcp_var.h for a
1156 * description of the scaling constants.
1157 */
1158 rt->rt_rmx.rmx_rtt =
1159 (rt->rt_rmx.rmx_rtt + i) / 2;
1160 else
1161 rt->rt_rmx.rmx_rtt = i;
1162 }
1163 if ((rt->rt_rmx.rmx_locks & RTV_RTTVAR) == 0) {
1164 i = tp->t_rttvar *
1165 ((RTM_RTTUNIT / PR_SLOWHZ) >> (TCP_RTTVAR_SHIFT + 2));
1166 if (rt->rt_rmx.rmx_rttvar && i)
1167 rt->rt_rmx.rmx_rttvar =
1168 (rt->rt_rmx.rmx_rttvar + i) / 2;
1169 else
1170 rt->rt_rmx.rmx_rttvar = i;
1171 }
1172 /*
1173 * update the pipelimit (ssthresh) if it has been updated
1174 * already or if a pipesize was specified & the threshhold
1175 * got below half the pipesize. I.e., wait for bad news
1176 * before we start updating, then update on both good
1177 * and bad news.
1178 */
1179 if (((rt->rt_rmx.rmx_locks & RTV_SSTHRESH) == 0 &&
1180 (i = tp->snd_ssthresh) && rt->rt_rmx.rmx_ssthresh) ||
1181 i < (rt->rt_rmx.rmx_sendpipe / 2)) {
1182 /*
1183 * convert the limit from user data bytes to
1184 * packets then to packet data bytes.
1185 */
1186 i = (i + tp->t_segsz / 2) / tp->t_segsz;
1187 if (i < 2)
1188 i = 2;
1189 i *= (u_long)(tp->t_segsz + sizeof (struct tcpiphdr));
1190 if (rt->rt_rmx.rmx_ssthresh)
1191 rt->rt_rmx.rmx_ssthresh =
1192 (rt->rt_rmx.rmx_ssthresh + i) / 2;
1193 else
1194 rt->rt_rmx.rmx_ssthresh = i;
1195 }
1196 }
1197 #endif /* RTV_RTT */
1198 /* free the reassembly queue, if any */
1199 TCP_REASS_LOCK(tp);
1200 (void) tcp_freeq(tp);
1201 TCP_REASS_UNLOCK(tp);
1202
1203 tcp_canceltimers(tp);
1204 TCP_CLEAR_DELACK(tp);
1205 syn_cache_cleanup(tp);
1206
1207 if (tp->t_template) {
1208 m_free(tp->t_template);
1209 tp->t_template = NULL;
1210 }
1211 if (tcp_timers_invoking(tp))
1212 tp->t_flags |= TF_DEAD;
1213 else
1214 pool_put(&tcpcb_pool, tp);
1215
1216 if (inp) {
1217 inp->inp_ppcb = 0;
1218 soisdisconnected(so);
1219 in_pcbdetach(inp);
1220 }
1221 #ifdef INET6
1222 else if (in6p) {
1223 in6p->in6p_ppcb = 0;
1224 soisdisconnected(so);
1225 in6_pcbdetach(in6p);
1226 }
1227 #endif
1228 tcpstat.tcps_closed++;
1229 return ((struct tcpcb *)0);
1230 }
1231
1232 int
1233 tcp_freeq(tp)
1234 struct tcpcb *tp;
1235 {
1236 struct ipqent *qe;
1237 int rv = 0;
1238 #ifdef TCPREASS_DEBUG
1239 int i = 0;
1240 #endif
1241
1242 TCP_REASS_LOCK_CHECK(tp);
1243
1244 while ((qe = TAILQ_FIRST(&tp->segq)) != NULL) {
1245 #ifdef TCPREASS_DEBUG
1246 printf("tcp_freeq[%p,%d]: %u:%u(%u) 0x%02x\n",
1247 tp, i++, qe->ipqe_seq, qe->ipqe_seq + qe->ipqe_len,
1248 qe->ipqe_len, qe->ipqe_flags & (TH_SYN|TH_FIN|TH_RST));
1249 #endif
1250 TAILQ_REMOVE(&tp->segq, qe, ipqe_q);
1251 TAILQ_REMOVE(&tp->timeq, qe, ipqe_timeq);
1252 m_freem(qe->ipqe_m);
1253 pool_put(&tcpipqent_pool, qe);
1254 rv = 1;
1255 }
1256 return (rv);
1257 }
1258
1259 /*
1260 * Protocol drain routine. Called when memory is in short supply.
1261 */
1262 void
1263 tcp_drain()
1264 {
1265 struct inpcb_hdr *inph;
1266 struct tcpcb *tp;
1267
1268 /*
1269 * Free the sequence queue of all TCP connections.
1270 */
1271 CIRCLEQ_FOREACH(inph, &tcbtable.inpt_queue, inph_queue) {
1272 switch (inph->inph_af) {
1273 case AF_INET:
1274 tp = intotcpcb((struct inpcb *)inph);
1275 break;
1276 #ifdef INET6
1277 case AF_INET6:
1278 tp = in6totcpcb((struct in6pcb *)inph);
1279 break;
1280 #endif
1281 default:
1282 tp = NULL;
1283 break;
1284 }
1285 if (tp != NULL) {
1286 /*
1287 * We may be called from a device's interrupt
1288 * context. If the tcpcb is already busy,
1289 * just bail out now.
1290 */
1291 if (tcp_reass_lock_try(tp) == 0)
1292 continue;
1293 if (tcp_freeq(tp))
1294 tcpstat.tcps_connsdrained++;
1295 TCP_REASS_UNLOCK(tp);
1296 }
1297 }
1298 }
1299
1300 /*
1301 * Notify a tcp user of an asynchronous error;
1302 * store error as soft error, but wake up user
1303 * (for now, won't do anything until can select for soft error).
1304 */
1305 void
1306 tcp_notify(inp, error)
1307 struct inpcb *inp;
1308 int error;
1309 {
1310 struct tcpcb *tp = (struct tcpcb *)inp->inp_ppcb;
1311 struct socket *so = inp->inp_socket;
1312
1313 /*
1314 * Ignore some errors if we are hooked up.
1315 * If connection hasn't completed, has retransmitted several times,
1316 * and receives a second error, give up now. This is better
1317 * than waiting a long time to establish a connection that
1318 * can never complete.
1319 */
1320 if (tp->t_state == TCPS_ESTABLISHED &&
1321 (error == EHOSTUNREACH || error == ENETUNREACH ||
1322 error == EHOSTDOWN)) {
1323 return;
1324 } else if (TCPS_HAVEESTABLISHED(tp->t_state) == 0 &&
1325 tp->t_rxtshift > 3 && tp->t_softerror)
1326 so->so_error = error;
1327 else
1328 tp->t_softerror = error;
1329 wakeup((caddr_t) &so->so_timeo);
1330 sorwakeup(so);
1331 sowwakeup(so);
1332 }
1333
1334 #ifdef INET6
1335 void
1336 tcp6_notify(in6p, error)
1337 struct in6pcb *in6p;
1338 int error;
1339 {
1340 struct tcpcb *tp = (struct tcpcb *)in6p->in6p_ppcb;
1341 struct socket *so = in6p->in6p_socket;
1342
1343 /*
1344 * Ignore some errors if we are hooked up.
1345 * If connection hasn't completed, has retransmitted several times,
1346 * and receives a second error, give up now. This is better
1347 * than waiting a long time to establish a connection that
1348 * can never complete.
1349 */
1350 if (tp->t_state == TCPS_ESTABLISHED &&
1351 (error == EHOSTUNREACH || error == ENETUNREACH ||
1352 error == EHOSTDOWN)) {
1353 return;
1354 } else if (TCPS_HAVEESTABLISHED(tp->t_state) == 0 &&
1355 tp->t_rxtshift > 3 && tp->t_softerror)
1356 so->so_error = error;
1357 else
1358 tp->t_softerror = error;
1359 wakeup((caddr_t) &so->so_timeo);
1360 sorwakeup(so);
1361 sowwakeup(so);
1362 }
1363 #endif
1364
1365 #ifdef INET6
1366 void
1367 tcp6_ctlinput(cmd, sa, d)
1368 int cmd;
1369 struct sockaddr *sa;
1370 void *d;
1371 {
1372 struct tcphdr th;
1373 void (*notify) __P((struct in6pcb *, int)) = tcp6_notify;
1374 int nmatch;
1375 struct ip6_hdr *ip6;
1376 const struct sockaddr_in6 *sa6_src = NULL;
1377 struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)sa;
1378 struct mbuf *m;
1379 int off;
1380
1381 if (sa->sa_family != AF_INET6 ||
1382 sa->sa_len != sizeof(struct sockaddr_in6))
1383 return;
1384 if ((unsigned)cmd >= PRC_NCMDS)
1385 return;
1386 else if (cmd == PRC_QUENCH) {
1387 /* XXX there's no PRC_QUENCH in IPv6 */
1388 notify = tcp6_quench;
1389 } else if (PRC_IS_REDIRECT(cmd))
1390 notify = in6_rtchange, d = NULL;
1391 else if (cmd == PRC_MSGSIZE)
1392 ; /* special code is present, see below */
1393 else if (cmd == PRC_HOSTDEAD)
1394 d = NULL;
1395 else if (inet6ctlerrmap[cmd] == 0)
1396 return;
1397
1398 /* if the parameter is from icmp6, decode it. */
1399 if (d != NULL) {
1400 struct ip6ctlparam *ip6cp = (struct ip6ctlparam *)d;
1401 m = ip6cp->ip6c_m;
1402 ip6 = ip6cp->ip6c_ip6;
1403 off = ip6cp->ip6c_off;
1404 sa6_src = ip6cp->ip6c_src;
1405 } else {
1406 m = NULL;
1407 ip6 = NULL;
1408 sa6_src = &sa6_any;
1409 off = 0;
1410 }
1411
1412 if (ip6) {
1413 /*
1414 * XXX: We assume that when ip6 is non NULL,
1415 * M and OFF are valid.
1416 */
1417
1418 /* check if we can safely examine src and dst ports */
1419 if (m->m_pkthdr.len < off + sizeof(th)) {
1420 if (cmd == PRC_MSGSIZE)
1421 icmp6_mtudisc_update((struct ip6ctlparam *)d, 0);
1422 return;
1423 }
1424
1425 bzero(&th, sizeof(th));
1426 m_copydata(m, off, sizeof(th), (caddr_t)&th);
1427
1428 if (cmd == PRC_MSGSIZE) {
1429 int valid = 0;
1430
1431 /*
1432 * Check to see if we have a valid TCP connection
1433 * corresponding to the address in the ICMPv6 message
1434 * payload.
1435 */
1436 if (in6_pcblookup_connect(&tcbtable, &sa6->sin6_addr,
1437 th.th_dport, (struct in6_addr *)&sa6_src->sin6_addr,
1438 th.th_sport, 0))
1439 valid++;
1440
1441 /*
1442 * Depending on the value of "valid" and routing table
1443 * size (mtudisc_{hi,lo}wat), we will:
1444 * - recalcurate the new MTU and create the
1445 * corresponding routing entry, or
1446 * - ignore the MTU change notification.
1447 */
1448 icmp6_mtudisc_update((struct ip6ctlparam *)d, valid);
1449
1450 /*
1451 * no need to call in6_pcbnotify, it should have been
1452 * called via callback if necessary
1453 */
1454 return;
1455 }
1456
1457 nmatch = in6_pcbnotify(&tcbtable, sa, th.th_dport,
1458 (struct sockaddr *)sa6_src, th.th_sport, cmd, NULL, notify);
1459 if (nmatch == 0 && syn_cache_count &&
1460 (inet6ctlerrmap[cmd] == EHOSTUNREACH ||
1461 inet6ctlerrmap[cmd] == ENETUNREACH ||
1462 inet6ctlerrmap[cmd] == EHOSTDOWN))
1463 syn_cache_unreach((struct sockaddr *)sa6_src,
1464 sa, &th);
1465 } else {
1466 (void) in6_pcbnotify(&tcbtable, sa, 0,
1467 (struct sockaddr *)sa6_src, 0, cmd, NULL, notify);
1468 }
1469 }
1470 #endif
1471
1472 #ifdef INET
1473 /* assumes that ip header and tcp header are contiguous on mbuf */
1474 void *
1475 tcp_ctlinput(cmd, sa, v)
1476 int cmd;
1477 struct sockaddr *sa;
1478 void *v;
1479 {
1480 struct ip *ip = v;
1481 struct tcphdr *th;
1482 struct icmp *icp;
1483 extern const int inetctlerrmap[];
1484 void (*notify) __P((struct inpcb *, int)) = tcp_notify;
1485 int errno;
1486 int nmatch;
1487 #ifdef INET6
1488 struct in6_addr src6, dst6;
1489 #endif
1490
1491 if (sa->sa_family != AF_INET ||
1492 sa->sa_len != sizeof(struct sockaddr_in))
1493 return NULL;
1494 if ((unsigned)cmd >= PRC_NCMDS)
1495 return NULL;
1496 errno = inetctlerrmap[cmd];
1497 if (cmd == PRC_QUENCH)
1498 notify = tcp_quench;
1499 else if (PRC_IS_REDIRECT(cmd))
1500 notify = in_rtchange, ip = 0;
1501 else if (cmd == PRC_MSGSIZE && ip && ip->ip_v == 4) {
1502 /*
1503 * Check to see if we have a valid TCP connection
1504 * corresponding to the address in the ICMP message
1505 * payload.
1506 *
1507 * Boundary check is made in icmp_input(), with ICMP_ADVLENMIN.
1508 */
1509 th = (struct tcphdr *)((caddr_t)ip + (ip->ip_hl << 2));
1510 #ifdef INET6
1511 memset(&src6, 0, sizeof(src6));
1512 memset(&dst6, 0, sizeof(dst6));
1513 src6.s6_addr16[5] = dst6.s6_addr16[5] = 0xffff;
1514 memcpy(&src6.s6_addr32[3], &ip->ip_src, sizeof(struct in_addr));
1515 memcpy(&dst6.s6_addr32[3], &ip->ip_dst, sizeof(struct in_addr));
1516 #endif
1517 if (in_pcblookup_connect(&tcbtable, ip->ip_dst, th->th_dport,
1518 ip->ip_src, th->th_sport) != NULL)
1519 ;
1520 #ifdef INET6
1521 else if (in6_pcblookup_connect(&tcbtable, &dst6,
1522 th->th_dport, &src6, th->th_sport, 0) != NULL)
1523 ;
1524 #endif
1525 else
1526 return NULL;
1527
1528 /*
1529 * Now that we've validated that we are actually communicating
1530 * with the host indicated in the ICMP message, locate the
1531 * ICMP header, recalculate the new MTU, and create the
1532 * corresponding routing entry.
1533 */
1534 icp = (struct icmp *)((caddr_t)ip -
1535 offsetof(struct icmp, icmp_ip));
1536 icmp_mtudisc(icp, ip->ip_dst);
1537
1538 return NULL;
1539 } else if (cmd == PRC_HOSTDEAD)
1540 ip = 0;
1541 else if (errno == 0)
1542 return NULL;
1543 if (ip && ip->ip_v == 4 && sa->sa_family == AF_INET) {
1544 th = (struct tcphdr *)((caddr_t)ip + (ip->ip_hl << 2));
1545 nmatch = in_pcbnotify(&tcbtable, satosin(sa)->sin_addr,
1546 th->th_dport, ip->ip_src, th->th_sport, errno, notify);
1547 if (nmatch == 0 && syn_cache_count &&
1548 (inetctlerrmap[cmd] == EHOSTUNREACH ||
1549 inetctlerrmap[cmd] == ENETUNREACH ||
1550 inetctlerrmap[cmd] == EHOSTDOWN)) {
1551 struct sockaddr_in sin;
1552 bzero(&sin, sizeof(sin));
1553 sin.sin_len = sizeof(sin);
1554 sin.sin_family = AF_INET;
1555 sin.sin_port = th->th_sport;
1556 sin.sin_addr = ip->ip_src;
1557 syn_cache_unreach((struct sockaddr *)&sin, sa, th);
1558 }
1559
1560 /* XXX mapped address case */
1561 } else
1562 in_pcbnotifyall(&tcbtable, satosin(sa)->sin_addr, errno,
1563 notify);
1564 return NULL;
1565 }
1566
1567 /*
1568 * When a source quence is received, we are being notifed of congestion.
1569 * Close the congestion window down to the Loss Window (one segment).
1570 * We will gradually open it again as we proceed.
1571 */
1572 void
1573 tcp_quench(inp, errno)
1574 struct inpcb *inp;
1575 int errno;
1576 {
1577 struct tcpcb *tp = intotcpcb(inp);
1578
1579 if (tp)
1580 tp->snd_cwnd = tp->t_segsz;
1581 }
1582 #endif
1583
1584 #ifdef INET6
1585 void
1586 tcp6_quench(in6p, errno)
1587 struct in6pcb *in6p;
1588 int errno;
1589 {
1590 struct tcpcb *tp = in6totcpcb(in6p);
1591
1592 if (tp)
1593 tp->snd_cwnd = tp->t_segsz;
1594 }
1595 #endif
1596
1597 #ifdef INET
1598 /*
1599 * Path MTU Discovery handlers.
1600 */
1601 void
1602 tcp_mtudisc_callback(faddr)
1603 struct in_addr faddr;
1604 {
1605 #ifdef INET6
1606 struct in6_addr in6;
1607 #endif
1608
1609 in_pcbnotifyall(&tcbtable, faddr, EMSGSIZE, tcp_mtudisc);
1610 #ifdef INET6
1611 memset(&in6, 0, sizeof(in6));
1612 in6.s6_addr16[5] = 0xffff;
1613 memcpy(&in6.s6_addr32[3], &faddr, sizeof(struct in_addr));
1614 tcp6_mtudisc_callback(&in6);
1615 #endif
1616 }
1617
1618 /*
1619 * On receipt of path MTU corrections, flush old route and replace it
1620 * with the new one. Retransmit all unacknowledged packets, to ensure
1621 * that all packets will be received.
1622 */
1623 void
1624 tcp_mtudisc(inp, errno)
1625 struct inpcb *inp;
1626 int errno;
1627 {
1628 struct tcpcb *tp = intotcpcb(inp);
1629 struct rtentry *rt = in_pcbrtentry(inp);
1630
1631 if (tp != 0) {
1632 if (rt != 0) {
1633 /*
1634 * If this was not a host route, remove and realloc.
1635 */
1636 if ((rt->rt_flags & RTF_HOST) == 0) {
1637 in_rtchange(inp, errno);
1638 if ((rt = in_pcbrtentry(inp)) == 0)
1639 return;
1640 }
1641
1642 /*
1643 * Slow start out of the error condition. We
1644 * use the MTU because we know it's smaller
1645 * than the previously transmitted segment.
1646 *
1647 * Note: This is more conservative than the
1648 * suggestion in draft-floyd-incr-init-win-03.
1649 */
1650 if (rt->rt_rmx.rmx_mtu != 0)
1651 tp->snd_cwnd =
1652 TCP_INITIAL_WINDOW(tcp_init_win,
1653 rt->rt_rmx.rmx_mtu);
1654 }
1655
1656 /*
1657 * Resend unacknowledged packets.
1658 */
1659 tp->snd_nxt = tp->snd_una;
1660 tcp_output(tp);
1661 }
1662 }
1663 #endif
1664
1665 #ifdef INET6
1666 /*
1667 * Path MTU Discovery handlers.
1668 */
1669 void
1670 tcp6_mtudisc_callback(faddr)
1671 struct in6_addr *faddr;
1672 {
1673 struct sockaddr_in6 sin6;
1674
1675 bzero(&sin6, sizeof(sin6));
1676 sin6.sin6_family = AF_INET6;
1677 sin6.sin6_len = sizeof(struct sockaddr_in6);
1678 sin6.sin6_addr = *faddr;
1679 (void) in6_pcbnotify(&tcbtable, (struct sockaddr *)&sin6, 0,
1680 (struct sockaddr *)&sa6_any, 0, PRC_MSGSIZE, NULL, tcp6_mtudisc);
1681 }
1682
1683 void
1684 tcp6_mtudisc(in6p, errno)
1685 struct in6pcb *in6p;
1686 int errno;
1687 {
1688 struct tcpcb *tp = in6totcpcb(in6p);
1689 struct rtentry *rt = in6_pcbrtentry(in6p);
1690
1691 if (tp != 0) {
1692 if (rt != 0) {
1693 /*
1694 * If this was not a host route, remove and realloc.
1695 */
1696 if ((rt->rt_flags & RTF_HOST) == 0) {
1697 in6_rtchange(in6p, errno);
1698 if ((rt = in6_pcbrtentry(in6p)) == 0)
1699 return;
1700 }
1701
1702 /*
1703 * Slow start out of the error condition. We
1704 * use the MTU because we know it's smaller
1705 * than the previously transmitted segment.
1706 *
1707 * Note: This is more conservative than the
1708 * suggestion in draft-floyd-incr-init-win-03.
1709 */
1710 if (rt->rt_rmx.rmx_mtu != 0)
1711 tp->snd_cwnd =
1712 TCP_INITIAL_WINDOW(tcp_init_win,
1713 rt->rt_rmx.rmx_mtu);
1714 }
1715
1716 /*
1717 * Resend unacknowledged packets.
1718 */
1719 tp->snd_nxt = tp->snd_una;
1720 tcp_output(tp);
1721 }
1722 }
1723 #endif /* INET6 */
1724
1725 /*
1726 * Compute the MSS to advertise to the peer. Called only during
1727 * the 3-way handshake. If we are the server (peer initiated
1728 * connection), we are called with a pointer to the interface
1729 * on which the SYN packet arrived. If we are the client (we
1730 * initiated connection), we are called with a pointer to the
1731 * interface out which this connection should go.
1732 *
1733 * NOTE: Do not subtract IP option/extension header size nor IPsec
1734 * header size from MSS advertisement. MSS option must hold the maximum
1735 * segment size we can accept, so it must always be:
1736 * max(if mtu) - ip header - tcp header
1737 */
1738 u_long
1739 tcp_mss_to_advertise(ifp, af)
1740 const struct ifnet *ifp;
1741 int af;
1742 {
1743 extern u_long in_maxmtu;
1744 u_long mss = 0;
1745 u_long hdrsiz;
1746
1747 /*
1748 * In order to avoid defeating path MTU discovery on the peer,
1749 * we advertise the max MTU of all attached networks as our MSS,
1750 * per RFC 1191, section 3.1.
1751 *
1752 * We provide the option to advertise just the MTU of
1753 * the interface on which we hope this connection will
1754 * be receiving. If we are responding to a SYN, we
1755 * will have a pretty good idea about this, but when
1756 * initiating a connection there is a bit more doubt.
1757 *
1758 * We also need to ensure that loopback has a large enough
1759 * MSS, as the loopback MTU is never included in in_maxmtu.
1760 */
1761
1762 if (ifp != NULL)
1763 switch (af) {
1764 case AF_INET:
1765 mss = ifp->if_mtu;
1766 break;
1767 #ifdef INET6
1768 case AF_INET6:
1769 mss = IN6_LINKMTU(ifp);
1770 break;
1771 #endif
1772 }
1773
1774 if (tcp_mss_ifmtu == 0)
1775 switch (af) {
1776 case AF_INET:
1777 mss = max(in_maxmtu, mss);
1778 break;
1779 #ifdef INET6
1780 case AF_INET6:
1781 mss = max(in6_maxmtu, mss);
1782 break;
1783 #endif
1784 }
1785
1786 switch (af) {
1787 case AF_INET:
1788 hdrsiz = sizeof(struct ip);
1789 break;
1790 #ifdef INET6
1791 case AF_INET6:
1792 hdrsiz = sizeof(struct ip6_hdr);
1793 break;
1794 #endif
1795 default:
1796 hdrsiz = 0;
1797 break;
1798 }
1799 hdrsiz += sizeof(struct tcphdr);
1800 if (mss > hdrsiz)
1801 mss -= hdrsiz;
1802
1803 mss = max(tcp_mssdflt, mss);
1804 return (mss);
1805 }
1806
1807 /*
1808 * Set connection variables based on the peer's advertised MSS.
1809 * We are passed the TCPCB for the actual connection. If we
1810 * are the server, we are called by the compressed state engine
1811 * when the 3-way handshake is complete. If we are the client,
1812 * we are called when we receive the SYN,ACK from the server.
1813 *
1814 * NOTE: Our advertised MSS value must be initialized in the TCPCB
1815 * before this routine is called!
1816 */
1817 void
1818 tcp_mss_from_peer(tp, offer)
1819 struct tcpcb *tp;
1820 int offer;
1821 {
1822 struct socket *so;
1823 #if defined(RTV_SPIPE) || defined(RTV_SSTHRESH)
1824 struct rtentry *rt;
1825 #endif
1826 u_long bufsize;
1827 int mss;
1828
1829 #ifdef DIAGNOSTIC
1830 if (tp->t_inpcb && tp->t_in6pcb)
1831 panic("tcp_mss_from_peer: both t_inpcb and t_in6pcb are set");
1832 #endif
1833 so = NULL;
1834 rt = NULL;
1835 #ifdef INET
1836 if (tp->t_inpcb) {
1837 so = tp->t_inpcb->inp_socket;
1838 #if defined(RTV_SPIPE) || defined(RTV_SSTHRESH)
1839 rt = in_pcbrtentry(tp->t_inpcb);
1840 #endif
1841 }
1842 #endif
1843 #ifdef INET6
1844 if (tp->t_in6pcb) {
1845 so = tp->t_in6pcb->in6p_socket;
1846 #if defined(RTV_SPIPE) || defined(RTV_SSTHRESH)
1847 rt = in6_pcbrtentry(tp->t_in6pcb);
1848 #endif
1849 }
1850 #endif
1851
1852 /*
1853 * As per RFC1122, use the default MSS value, unless they
1854 * sent us an offer. Do not accept offers less than 256 bytes.
1855 */
1856 mss = tcp_mssdflt;
1857 if (offer)
1858 mss = offer;
1859 mss = max(mss, 256); /* sanity */
1860 tp->t_peermss = mss;
1861 mss -= tcp_optlen(tp);
1862 #ifdef INET
1863 if (tp->t_inpcb)
1864 mss -= ip_optlen(tp->t_inpcb);
1865 #endif
1866 #ifdef INET6
1867 if (tp->t_in6pcb)
1868 mss -= ip6_optlen(tp->t_in6pcb);
1869 #endif
1870
1871 /*
1872 * If there's a pipesize, change the socket buffer to that size.
1873 * Make the socket buffer an integral number of MSS units. If
1874 * the MSS is larger than the socket buffer, artificially decrease
1875 * the MSS.
1876 */
1877 #ifdef RTV_SPIPE
1878 if (rt != NULL && rt->rt_rmx.rmx_sendpipe != 0)
1879 bufsize = rt->rt_rmx.rmx_sendpipe;
1880 else
1881 #endif
1882 bufsize = so->so_snd.sb_hiwat;
1883 if (bufsize < mss)
1884 mss = bufsize;
1885 else {
1886 bufsize = roundup(bufsize, mss);
1887 if (bufsize > sb_max)
1888 bufsize = sb_max;
1889 (void) sbreserve(&so->so_snd, bufsize);
1890 }
1891 tp->t_segsz = mss;
1892
1893 #ifdef RTV_SSTHRESH
1894 if (rt != NULL && rt->rt_rmx.rmx_ssthresh) {
1895 /*
1896 * There's some sort of gateway or interface buffer
1897 * limit on the path. Use this to set the slow
1898 * start threshold, but set the threshold to no less
1899 * than 2 * MSS.
1900 */
1901 tp->snd_ssthresh = max(2 * mss, rt->rt_rmx.rmx_ssthresh);
1902 }
1903 #endif
1904 }
1905
1906 /*
1907 * Processing necessary when a TCP connection is established.
1908 */
1909 void
1910 tcp_established(tp)
1911 struct tcpcb *tp;
1912 {
1913 struct socket *so;
1914 #ifdef RTV_RPIPE
1915 struct rtentry *rt;
1916 #endif
1917 u_long bufsize;
1918
1919 #ifdef DIAGNOSTIC
1920 if (tp->t_inpcb && tp->t_in6pcb)
1921 panic("tcp_established: both t_inpcb and t_in6pcb are set");
1922 #endif
1923 so = NULL;
1924 rt = NULL;
1925 #ifdef INET
1926 if (tp->t_inpcb) {
1927 so = tp->t_inpcb->inp_socket;
1928 #if defined(RTV_RPIPE)
1929 rt = in_pcbrtentry(tp->t_inpcb);
1930 #endif
1931 }
1932 #endif
1933 #ifdef INET6
1934 if (tp->t_in6pcb) {
1935 so = tp->t_in6pcb->in6p_socket;
1936 #if defined(RTV_RPIPE)
1937 rt = in6_pcbrtentry(tp->t_in6pcb);
1938 #endif
1939 }
1940 #endif
1941
1942 tp->t_state = TCPS_ESTABLISHED;
1943 TCP_TIMER_ARM(tp, TCPT_KEEP, tcp_keepidle);
1944
1945 #ifdef RTV_RPIPE
1946 if (rt != NULL && rt->rt_rmx.rmx_recvpipe != 0)
1947 bufsize = rt->rt_rmx.rmx_recvpipe;
1948 else
1949 #endif
1950 bufsize = so->so_rcv.sb_hiwat;
1951 if (bufsize > tp->t_ourmss) {
1952 bufsize = roundup(bufsize, tp->t_ourmss);
1953 if (bufsize > sb_max)
1954 bufsize = sb_max;
1955 (void) sbreserve(&so->so_rcv, bufsize);
1956 }
1957 }
1958
1959 /*
1960 * Check if there's an initial rtt or rttvar. Convert from the
1961 * route-table units to scaled multiples of the slow timeout timer.
1962 * Called only during the 3-way handshake.
1963 */
1964 void
1965 tcp_rmx_rtt(tp)
1966 struct tcpcb *tp;
1967 {
1968 #ifdef RTV_RTT
1969 struct rtentry *rt = NULL;
1970 int rtt;
1971
1972 #ifdef DIAGNOSTIC
1973 if (tp->t_inpcb && tp->t_in6pcb)
1974 panic("tcp_rmx_rtt: both t_inpcb and t_in6pcb are set");
1975 #endif
1976 #ifdef INET
1977 if (tp->t_inpcb)
1978 rt = in_pcbrtentry(tp->t_inpcb);
1979 #endif
1980 #ifdef INET6
1981 if (tp->t_in6pcb)
1982 rt = in6_pcbrtentry(tp->t_in6pcb);
1983 #endif
1984 if (rt == NULL)
1985 return;
1986
1987 if (tp->t_srtt == 0 && (rtt = rt->rt_rmx.rmx_rtt)) {
1988 /*
1989 * XXX The lock bit for MTU indicates that the value
1990 * is also a minimum value; this is subject to time.
1991 */
1992 if (rt->rt_rmx.rmx_locks & RTV_RTT)
1993 TCPT_RANGESET(tp->t_rttmin,
1994 rtt / (RTM_RTTUNIT / PR_SLOWHZ),
1995 TCPTV_MIN, TCPTV_REXMTMAX);
1996 tp->t_srtt = rtt /
1997 ((RTM_RTTUNIT / PR_SLOWHZ) >> (TCP_RTT_SHIFT + 2));
1998 if (rt->rt_rmx.rmx_rttvar) {
1999 tp->t_rttvar = rt->rt_rmx.rmx_rttvar /
2000 ((RTM_RTTUNIT / PR_SLOWHZ) >>
2001 (TCP_RTTVAR_SHIFT + 2));
2002 } else {
2003 /* Default variation is +- 1 rtt */
2004 tp->t_rttvar =
2005 tp->t_srtt >> (TCP_RTT_SHIFT - TCP_RTTVAR_SHIFT);
2006 }
2007 TCPT_RANGESET(tp->t_rxtcur,
2008 ((tp->t_srtt >> 2) + tp->t_rttvar) >> (1 + 2),
2009 tp->t_rttmin, TCPTV_REXMTMAX);
2010 }
2011 #endif
2012 }
2013
2014 tcp_seq tcp_iss_seq = 0; /* tcp initial seq # */
2015 #if NRND > 0
2016 u_int8_t tcp_iss_secret[16]; /* 128 bits; should be plenty */
2017 #endif
2018
2019 /*
2020 * Get a new sequence value given a tcp control block
2021 */
2022 tcp_seq
2023 tcp_new_iss(struct tcpcb *tp, tcp_seq addin)
2024 {
2025
2026 #ifdef INET
2027 if (tp->t_inpcb != NULL) {
2028 return (tcp_new_iss1(&tp->t_inpcb->inp_laddr,
2029 &tp->t_inpcb->inp_faddr, tp->t_inpcb->inp_lport,
2030 tp->t_inpcb->inp_fport, sizeof(tp->t_inpcb->inp_laddr),
2031 addin));
2032 }
2033 #endif
2034 #ifdef INET6
2035 if (tp->t_in6pcb != NULL) {
2036 return (tcp_new_iss1(&tp->t_in6pcb->in6p_laddr,
2037 &tp->t_in6pcb->in6p_faddr, tp->t_in6pcb->in6p_lport,
2038 tp->t_in6pcb->in6p_fport, sizeof(tp->t_in6pcb->in6p_laddr),
2039 addin));
2040 }
2041 #endif
2042 /* Not possible. */
2043 panic("tcp_new_iss");
2044 }
2045
2046 /*
2047 * This routine actually generates a new TCP initial sequence number.
2048 */
2049 tcp_seq
2050 tcp_new_iss1(void *laddr, void *faddr, u_int16_t lport, u_int16_t fport,
2051 size_t addrsz, tcp_seq addin)
2052 {
2053 tcp_seq tcp_iss;
2054
2055 #if NRND > 0
2056 static int beenhere;
2057
2058 /*
2059 * If we haven't been here before, initialize our cryptographic
2060 * hash secret.
2061 */
2062 if (beenhere == 0) {
2063 rnd_extract_data(tcp_iss_secret, sizeof(tcp_iss_secret),
2064 RND_EXTRACT_ANY);
2065 beenhere = 1;
2066 }
2067
2068 if (tcp_do_rfc1948) {
2069 MD5_CTX ctx;
2070 u_int8_t hash[16]; /* XXX MD5 knowledge */
2071
2072 /*
2073 * Compute the base value of the ISS. It is a hash
2074 * of (saddr, sport, daddr, dport, secret).
2075 */
2076 MD5Init(&ctx);
2077
2078 MD5Update(&ctx, (u_char *) laddr, addrsz);
2079 MD5Update(&ctx, (u_char *) &lport, sizeof(lport));
2080
2081 MD5Update(&ctx, (u_char *) faddr, addrsz);
2082 MD5Update(&ctx, (u_char *) &fport, sizeof(fport));
2083
2084 MD5Update(&ctx, tcp_iss_secret, sizeof(tcp_iss_secret));
2085
2086 MD5Final(hash, &ctx);
2087
2088 memcpy(&tcp_iss, hash, sizeof(tcp_iss));
2089
2090 /*
2091 * Now increment our "timer", and add it in to
2092 * the computed value.
2093 *
2094 * XXX Use `addin'?
2095 * XXX TCP_ISSINCR too large to use?
2096 */
2097 tcp_iss_seq += TCP_ISSINCR;
2098 #ifdef TCPISS_DEBUG
2099 printf("ISS hash 0x%08x, ", tcp_iss);
2100 #endif
2101 tcp_iss += tcp_iss_seq + addin;
2102 #ifdef TCPISS_DEBUG
2103 printf("new ISS 0x%08x\n", tcp_iss);
2104 #endif
2105 } else
2106 #endif /* NRND > 0 */
2107 {
2108 /*
2109 * Randomize.
2110 */
2111 #if NRND > 0
2112 rnd_extract_data(&tcp_iss, sizeof(tcp_iss), RND_EXTRACT_ANY);
2113 #else
2114 tcp_iss = arc4random();
2115 #endif
2116
2117 /*
2118 * If we were asked to add some amount to a known value,
2119 * we will take a random value obtained above, mask off
2120 * the upper bits, and add in the known value. We also
2121 * add in a constant to ensure that we are at least a
2122 * certain distance from the original value.
2123 *
2124 * This is used when an old connection is in timed wait
2125 * and we have a new one coming in, for instance.
2126 */
2127 if (addin != 0) {
2128 #ifdef TCPISS_DEBUG
2129 printf("Random %08x, ", tcp_iss);
2130 #endif
2131 tcp_iss &= TCP_ISS_RANDOM_MASK;
2132 tcp_iss += addin + TCP_ISSINCR;
2133 #ifdef TCPISS_DEBUG
2134 printf("Old ISS %08x, ISS %08x\n", addin, tcp_iss);
2135 #endif
2136 } else {
2137 tcp_iss &= TCP_ISS_RANDOM_MASK;
2138 tcp_iss += tcp_iss_seq;
2139 tcp_iss_seq += TCP_ISSINCR;
2140 #ifdef TCPISS_DEBUG
2141 printf("ISS %08x\n", tcp_iss);
2142 #endif
2143 }
2144 }
2145
2146 if (tcp_compat_42) {
2147 /*
2148 * Limit it to the positive range for really old TCP
2149 * implementations.
2150 * Just AND off the top bit instead of checking if
2151 * is set first - saves a branch 50% of the time.
2152 */
2153 tcp_iss &= 0x7fffffff; /* XXX */
2154 }
2155
2156 return (tcp_iss);
2157 }
2158
2159 #if defined(IPSEC) || defined(FAST_IPSEC)
2160 /* compute ESP/AH header size for TCP, including outer IP header. */
2161 size_t
2162 ipsec4_hdrsiz_tcp(tp)
2163 struct tcpcb *tp;
2164 {
2165 struct inpcb *inp;
2166 size_t hdrsiz;
2167
2168 /* XXX mapped addr case (tp->t_in6pcb) */
2169 if (!tp || !tp->t_template || !(inp = tp->t_inpcb))
2170 return 0;
2171 switch (tp->t_family) {
2172 case AF_INET:
2173 /* XXX: should use currect direction. */
2174 hdrsiz = ipsec4_hdrsiz(tp->t_template, IPSEC_DIR_OUTBOUND, inp);
2175 break;
2176 default:
2177 hdrsiz = 0;
2178 break;
2179 }
2180
2181 return hdrsiz;
2182 }
2183
2184 #ifdef INET6
2185 size_t
2186 ipsec6_hdrsiz_tcp(tp)
2187 struct tcpcb *tp;
2188 {
2189 struct in6pcb *in6p;
2190 size_t hdrsiz;
2191
2192 if (!tp || !tp->t_template || !(in6p = tp->t_in6pcb))
2193 return 0;
2194 switch (tp->t_family) {
2195 case AF_INET6:
2196 /* XXX: should use currect direction. */
2197 hdrsiz = ipsec6_hdrsiz(tp->t_template, IPSEC_DIR_OUTBOUND, in6p);
2198 break;
2199 case AF_INET:
2200 /* mapped address case - tricky */
2201 default:
2202 hdrsiz = 0;
2203 break;
2204 }
2205
2206 return hdrsiz;
2207 }
2208 #endif
2209 #endif /*IPSEC*/
2210
2211 /*
2212 * Determine the length of the TCP options for this connection.
2213 *
2214 * XXX: What do we do for SACK, when we add that? Just reserve
2215 * all of the space? Otherwise we can't exactly be incrementing
2216 * cwnd by an amount that varies depending on the amount we last
2217 * had to SACK!
2218 */
2219
2220 u_int
2221 tcp_optlen(tp)
2222 struct tcpcb *tp;
2223 {
2224 if ((tp->t_flags & (TF_REQ_TSTMP|TF_RCVD_TSTMP|TF_NOOPT)) ==
2225 (TF_REQ_TSTMP | TF_RCVD_TSTMP))
2226 return TCPOLEN_TSTAMP_APPA;
2227 else
2228 return 0;
2229 }
Cache object: 19eb8554419c878dd56f46aecf04d689
|