1 /* $NetBSD: tcp_usrreq.c,v 1.149.4.2 2009/09/26 18:34:29 snj Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 /*-
33 * Copyright (c) 1997, 1998, 2005, 2006 The NetBSD Foundation, Inc.
34 * All rights reserved.
35 *
36 * This code is derived from software contributed to The NetBSD Foundation
37 * by Jason R. Thorpe and Kevin M. Lahey of the Numerical Aerospace Simulation
38 * Facility, NASA Ames Research Center.
39 * This code is derived from software contributed to The NetBSD Foundation
40 * by Charles M. Hannum.
41 * This code is derived from software contributed to The NetBSD Foundation
42 * by Rui Paulo.
43 *
44 * Redistribution and use in source and binary forms, with or without
45 * modification, are permitted provided that the following conditions
46 * are met:
47 * 1. Redistributions of source code must retain the above copyright
48 * notice, this list of conditions and the following disclaimer.
49 * 2. Redistributions in binary form must reproduce the above copyright
50 * notice, this list of conditions and the following disclaimer in the
51 * documentation and/or other materials provided with the distribution.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
54 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
55 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
56 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
57 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
58 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
59 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
60 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
61 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
62 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
63 * POSSIBILITY OF SUCH DAMAGE.
64 */
65
66 /*
67 * Copyright (c) 1982, 1986, 1988, 1993, 1995
68 * The Regents of the University of California. All rights reserved.
69 *
70 * Redistribution and use in source and binary forms, with or without
71 * modification, are permitted provided that the following conditions
72 * are met:
73 * 1. Redistributions of source code must retain the above copyright
74 * notice, this list of conditions and the following disclaimer.
75 * 2. Redistributions in binary form must reproduce the above copyright
76 * notice, this list of conditions and the following disclaimer in the
77 * documentation and/or other materials provided with the distribution.
78 * 3. Neither the name of the University nor the names of its contributors
79 * may be used to endorse or promote products derived from this software
80 * without specific prior written permission.
81 *
82 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
83 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
84 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
85 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
86 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
87 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
88 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
89 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
90 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
91 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
92 * SUCH DAMAGE.
93 *
94 * @(#)tcp_usrreq.c 8.5 (Berkeley) 6/21/95
95 */
96
97 #include <sys/cdefs.h>
98 __KERNEL_RCSID(0, "$NetBSD: tcp_usrreq.c,v 1.149.4.2 2009/09/26 18:34:29 snj Exp $");
99
100 #include "opt_inet.h"
101 #include "opt_ipsec.h"
102 #include "opt_tcp_debug.h"
103 #include "opt_mbuftrace.h"
104 #include "rnd.h"
105
106 #include <sys/param.h>
107 #include <sys/systm.h>
108 #include <sys/kernel.h>
109 #include <sys/malloc.h>
110 #include <sys/mbuf.h>
111 #include <sys/socket.h>
112 #include <sys/socketvar.h>
113 #include <sys/protosw.h>
114 #include <sys/errno.h>
115 #include <sys/stat.h>
116 #include <sys/proc.h>
117 #include <sys/domain.h>
118 #include <sys/sysctl.h>
119 #include <sys/kauth.h>
120 #include <sys/uidinfo.h>
121
122 #include <net/if.h>
123 #include <net/route.h>
124
125 #include <netinet/in.h>
126 #include <netinet/in_systm.h>
127 #include <netinet/in_var.h>
128 #include <netinet/ip.h>
129 #include <netinet/in_pcb.h>
130 #include <netinet/ip_var.h>
131 #include <netinet/in_offload.h>
132
133 #ifdef INET6
134 #ifndef INET
135 #include <netinet/in.h>
136 #endif
137 #include <netinet/ip6.h>
138 #include <netinet6/in6_pcb.h>
139 #include <netinet6/ip6_var.h>
140 #include <netinet6/scope6_var.h>
141 #endif
142
143 #include <netinet/tcp.h>
144 #include <netinet/tcp_fsm.h>
145 #include <netinet/tcp_seq.h>
146 #include <netinet/tcp_timer.h>
147 #include <netinet/tcp_var.h>
148 #include <netinet/tcp_private.h>
149 #include <netinet/tcp_congctl.h>
150 #include <netinet/tcpip.h>
151 #include <netinet/tcp_debug.h>
152
153 #include "opt_tcp_space.h"
154
155 #ifdef IPSEC
156 #include <netinet6/ipsec.h>
157 #endif /*IPSEC*/
158
159 /*
160 * TCP protocol interface to socket abstraction.
161 */
162
163 /*
164 * Process a TCP user request for TCP tb. If this is a send request
165 * then m is the mbuf chain of send data. If this is a timer expiration
166 * (called from the software clock routine), then timertype tells which timer.
167 */
168 /*ARGSUSED*/
169 int
170 tcp_usrreq(struct socket *so, int req,
171 struct mbuf *m, struct mbuf *nam, struct mbuf *control, struct lwp *l)
172 {
173 struct inpcb *inp;
174 #ifdef INET6
175 struct in6pcb *in6p;
176 #endif
177 struct tcpcb *tp = NULL;
178 int s;
179 int error = 0;
180 #ifdef TCP_DEBUG
181 int ostate = 0;
182 #endif
183 int family; /* family of the socket */
184
185 family = so->so_proto->pr_domain->dom_family;
186
187 if (req == PRU_CONTROL) {
188 switch (family) {
189 #ifdef INET
190 case PF_INET:
191 return (in_control(so, (long)m, (void *)nam,
192 (struct ifnet *)control, l));
193 #endif
194 #ifdef INET6
195 case PF_INET6:
196 return (in6_control(so, (long)m, (void *)nam,
197 (struct ifnet *)control, l));
198 #endif
199 default:
200 return EAFNOSUPPORT;
201 }
202 }
203
204 s = splsoftnet();
205
206 if (req == PRU_PURGEIF) {
207 mutex_enter(softnet_lock);
208 switch (family) {
209 #ifdef INET
210 case PF_INET:
211 in_pcbpurgeif0(&tcbtable, (struct ifnet *)control);
212 in_purgeif((struct ifnet *)control);
213 in_pcbpurgeif(&tcbtable, (struct ifnet *)control);
214 break;
215 #endif
216 #ifdef INET6
217 case PF_INET6:
218 in6_pcbpurgeif0(&tcbtable, (struct ifnet *)control);
219 in6_purgeif((struct ifnet *)control);
220 in6_pcbpurgeif(&tcbtable, (struct ifnet *)control);
221 break;
222 #endif
223 default:
224 mutex_exit(softnet_lock);
225 splx(s);
226 return (EAFNOSUPPORT);
227 }
228 mutex_exit(softnet_lock);
229 splx(s);
230 return (0);
231 }
232
233 if (req == PRU_ATTACH)
234 sosetlock(so);
235
236 switch (family) {
237 #ifdef INET
238 case PF_INET:
239 inp = sotoinpcb(so);
240 #ifdef INET6
241 in6p = NULL;
242 #endif
243 break;
244 #endif
245 #ifdef INET6
246 case PF_INET6:
247 inp = NULL;
248 in6p = sotoin6pcb(so);
249 break;
250 #endif
251 default:
252 splx(s);
253 return EAFNOSUPPORT;
254 }
255
256 #ifdef DIAGNOSTIC
257 #ifdef INET6
258 if (inp && in6p)
259 panic("tcp_usrreq: both inp and in6p set to non-NULL");
260 #endif
261 if (req != PRU_SEND && req != PRU_SENDOOB && control)
262 panic("tcp_usrreq: unexpected control mbuf");
263 #endif
264 /*
265 * When a TCP is attached to a socket, then there will be
266 * a (struct inpcb) pointed at by the socket, and this
267 * structure will point at a subsidary (struct tcpcb).
268 */
269 #ifndef INET6
270 if (inp == 0 && req != PRU_ATTACH)
271 #else
272 if ((inp == 0 && in6p == 0) && req != PRU_ATTACH)
273 #endif
274 {
275 error = EINVAL;
276 goto release;
277 }
278 #ifdef INET
279 if (inp) {
280 tp = intotcpcb(inp);
281 /* WHAT IF TP IS 0? */
282 #ifdef KPROF
283 tcp_acounts[tp->t_state][req]++;
284 #endif
285 #ifdef TCP_DEBUG
286 ostate = tp->t_state;
287 #endif
288 }
289 #endif
290 #ifdef INET6
291 if (in6p) {
292 tp = in6totcpcb(in6p);
293 /* WHAT IF TP IS 0? */
294 #ifdef KPROF
295 tcp_acounts[tp->t_state][req]++;
296 #endif
297 #ifdef TCP_DEBUG
298 ostate = tp->t_state;
299 #endif
300 }
301 #endif
302
303 switch (req) {
304
305 /*
306 * TCP attaches to socket via PRU_ATTACH, reserving space,
307 * and an internet control block.
308 */
309 case PRU_ATTACH:
310 #ifndef INET6
311 if (inp != 0)
312 #else
313 if (inp != 0 || in6p != 0)
314 #endif
315 {
316 error = EISCONN;
317 break;
318 }
319 error = tcp_attach(so);
320 if (error)
321 break;
322 if ((so->so_options & SO_LINGER) && so->so_linger == 0)
323 so->so_linger = TCP_LINGERTIME;
324 tp = sototcpcb(so);
325 break;
326
327 /*
328 * PRU_DETACH detaches the TCP protocol from the socket.
329 */
330 case PRU_DETACH:
331 tp = tcp_disconnect(tp);
332 break;
333
334 /*
335 * Give the socket an address.
336 */
337 case PRU_BIND:
338 switch (family) {
339 #ifdef INET
340 case PF_INET:
341 error = in_pcbbind(inp, nam, l);
342 break;
343 #endif
344 #ifdef INET6
345 case PF_INET6:
346 error = in6_pcbbind(in6p, nam, l);
347 if (!error) {
348 /* mapped addr case */
349 if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_laddr))
350 tp->t_family = AF_INET;
351 else
352 tp->t_family = AF_INET6;
353 }
354 break;
355 #endif
356 }
357 break;
358
359 /*
360 * Prepare to accept connections.
361 */
362 case PRU_LISTEN:
363 #ifdef INET
364 if (inp && inp->inp_lport == 0) {
365 error = in_pcbbind(inp, (struct mbuf *)0, l);
366 if (error)
367 break;
368 }
369 #endif
370 #ifdef INET6
371 if (in6p && in6p->in6p_lport == 0) {
372 error = in6_pcbbind(in6p, (struct mbuf *)0,
373 (struct lwp *)0);
374 if (error)
375 break;
376 }
377 #endif
378 tp->t_state = TCPS_LISTEN;
379 break;
380
381 /*
382 * Initiate connection to peer.
383 * Create a template for use in transmissions on this connection.
384 * Enter SYN_SENT state, and mark socket as connecting.
385 * Start keep-alive timer, and seed output sequence space.
386 * Send initial segment on connection.
387 */
388 case PRU_CONNECT:
389 #ifdef INET
390 if (inp) {
391 if (inp->inp_lport == 0) {
392 error = in_pcbbind(inp, (struct mbuf *)0, l);
393 if (error)
394 break;
395 }
396 error = in_pcbconnect(inp, nam, l);
397 }
398 #endif
399 #ifdef INET6
400 if (in6p) {
401 if (in6p->in6p_lport == 0) {
402 error = in6_pcbbind(in6p, (struct mbuf *)0,
403 (struct lwp *)0);
404 if (error)
405 break;
406 }
407 error = in6_pcbconnect(in6p, nam, l);
408 if (!error) {
409 /* mapped addr case */
410 if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr))
411 tp->t_family = AF_INET;
412 else
413 tp->t_family = AF_INET6;
414 }
415 }
416 #endif
417 if (error)
418 break;
419 tp->t_template = tcp_template(tp);
420 if (tp->t_template == 0) {
421 #ifdef INET
422 if (inp)
423 in_pcbdisconnect(inp);
424 #endif
425 #ifdef INET6
426 if (in6p)
427 in6_pcbdisconnect(in6p);
428 #endif
429 error = ENOBUFS;
430 break;
431 }
432 /*
433 * Compute window scaling to request.
434 * XXX: This should be moved to tcp_output().
435 */
436 while (tp->request_r_scale < TCP_MAX_WINSHIFT &&
437 (TCP_MAXWIN << tp->request_r_scale) < sb_max)
438 tp->request_r_scale++;
439 soisconnecting(so);
440 TCP_STATINC(TCP_STAT_CONNATTEMPT);
441 tp->t_state = TCPS_SYN_SENT;
442 TCP_TIMER_ARM(tp, TCPT_KEEP, tp->t_keepinit);
443 tp->iss = tcp_new_iss(tp, 0);
444 tcp_sendseqinit(tp);
445 error = tcp_output(tp);
446 break;
447
448 /*
449 * Create a TCP connection between two sockets.
450 */
451 case PRU_CONNECT2:
452 error = EOPNOTSUPP;
453 break;
454
455 /*
456 * Initiate disconnect from peer.
457 * If connection never passed embryonic stage, just drop;
458 * else if don't need to let data drain, then can just drop anyways,
459 * else have to begin TCP shutdown process: mark socket disconnecting,
460 * drain unread data, state switch to reflect user close, and
461 * send segment (e.g. FIN) to peer. Socket will be really disconnected
462 * when peer sends FIN and acks ours.
463 *
464 * SHOULD IMPLEMENT LATER PRU_CONNECT VIA REALLOC TCPCB.
465 */
466 case PRU_DISCONNECT:
467 tp = tcp_disconnect(tp);
468 break;
469
470 /*
471 * Accept a connection. Essentially all the work is
472 * done at higher levels; just return the address
473 * of the peer, storing through addr.
474 */
475 case PRU_ACCEPT:
476 #ifdef INET
477 if (inp)
478 in_setpeeraddr(inp, nam);
479 #endif
480 #ifdef INET6
481 if (in6p)
482 in6_setpeeraddr(in6p, nam);
483 #endif
484 break;
485
486 /*
487 * Mark the connection as being incapable of further output.
488 */
489 case PRU_SHUTDOWN:
490 socantsendmore(so);
491 tp = tcp_usrclosed(tp);
492 if (tp)
493 error = tcp_output(tp);
494 break;
495
496 /*
497 * After a receive, possibly send window update to peer.
498 */
499 case PRU_RCVD:
500 /*
501 * soreceive() calls this function when a user receives
502 * ancillary data on a listening socket. We don't call
503 * tcp_output in such a case, since there is no header
504 * template for a listening socket and hence the kernel
505 * will panic.
506 */
507 if ((so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING)) != 0)
508 (void) tcp_output(tp);
509 break;
510
511 /*
512 * Do a send by putting data in output queue and updating urgent
513 * marker if URG set. Possibly send more data.
514 */
515 case PRU_SEND:
516 if (control && control->m_len) {
517 m_freem(control);
518 m_freem(m);
519 error = EINVAL;
520 break;
521 }
522 sbappendstream(&so->so_snd, m);
523 error = tcp_output(tp);
524 break;
525
526 /*
527 * Abort the TCP.
528 */
529 case PRU_ABORT:
530 tp = tcp_drop(tp, ECONNABORTED);
531 break;
532
533 case PRU_SENSE:
534 /*
535 * stat: don't bother with a blocksize.
536 */
537 splx(s);
538 return (0);
539
540 case PRU_RCVOOB:
541 if (control && control->m_len) {
542 m_freem(control);
543 m_freem(m);
544 error = EINVAL;
545 break;
546 }
547 if ((so->so_oobmark == 0 &&
548 (so->so_state & SS_RCVATMARK) == 0) ||
549 so->so_options & SO_OOBINLINE ||
550 tp->t_oobflags & TCPOOB_HADDATA) {
551 error = EINVAL;
552 break;
553 }
554 if ((tp->t_oobflags & TCPOOB_HAVEDATA) == 0) {
555 error = EWOULDBLOCK;
556 break;
557 }
558 m->m_len = 1;
559 *mtod(m, char *) = tp->t_iobc;
560 if (((long)nam & MSG_PEEK) == 0)
561 tp->t_oobflags ^= (TCPOOB_HAVEDATA | TCPOOB_HADDATA);
562 break;
563
564 case PRU_SENDOOB:
565 if (sbspace(&so->so_snd) < -512) {
566 m_freem(m);
567 error = ENOBUFS;
568 break;
569 }
570 /*
571 * According to RFC961 (Assigned Protocols),
572 * the urgent pointer points to the last octet
573 * of urgent data. We continue, however,
574 * to consider it to indicate the first octet
575 * of data past the urgent section.
576 * Otherwise, snd_up should be one lower.
577 */
578 sbappendstream(&so->so_snd, m);
579 tp->snd_up = tp->snd_una + so->so_snd.sb_cc;
580 tp->t_force = 1;
581 error = tcp_output(tp);
582 tp->t_force = 0;
583 break;
584
585 case PRU_SOCKADDR:
586 #ifdef INET
587 if (inp)
588 in_setsockaddr(inp, nam);
589 #endif
590 #ifdef INET6
591 if (in6p)
592 in6_setsockaddr(in6p, nam);
593 #endif
594 break;
595
596 case PRU_PEERADDR:
597 #ifdef INET
598 if (inp)
599 in_setpeeraddr(inp, nam);
600 #endif
601 #ifdef INET6
602 if (in6p)
603 in6_setpeeraddr(in6p, nam);
604 #endif
605 break;
606
607 default:
608 panic("tcp_usrreq");
609 }
610 #ifdef TCP_DEBUG
611 if (tp && (so->so_options & SO_DEBUG))
612 tcp_trace(TA_USER, ostate, tp, NULL, req);
613 #endif
614
615 release:
616 splx(s);
617 return (error);
618 }
619
620 static void
621 change_keepalive(struct socket *so, struct tcpcb *tp)
622 {
623 tp->t_maxidle = tp->t_keepcnt * tp->t_keepintvl;
624 TCP_TIMER_DISARM(tp, TCPT_KEEP);
625 TCP_TIMER_DISARM(tp, TCPT_2MSL);
626
627 if (tp->t_state == TCPS_SYN_RECEIVED ||
628 tp->t_state == TCPS_SYN_SENT) {
629 TCP_TIMER_ARM(tp, TCPT_KEEP, tp->t_keepinit);
630 } else if (so->so_options & SO_KEEPALIVE &&
631 tp->t_state <= TCPS_CLOSE_WAIT) {
632 TCP_TIMER_ARM(tp, TCPT_KEEP, tp->t_keepintvl);
633 } else {
634 TCP_TIMER_ARM(tp, TCPT_KEEP, tp->t_keepidle);
635 }
636
637 if ((tp->t_state == TCPS_FIN_WAIT_2) && (tp->t_maxidle > 0))
638 TCP_TIMER_ARM(tp, TCPT_2MSL, tp->t_maxidle);
639 }
640
641
642 int
643 tcp_ctloutput(int op, struct socket *so, struct sockopt *sopt)
644 {
645 int error = 0, s;
646 struct inpcb *inp;
647 #ifdef INET6
648 struct in6pcb *in6p;
649 #endif
650 struct tcpcb *tp;
651 u_int ui;
652 int family; /* family of the socket */
653 int level, optname, optval;
654
655 level = sopt->sopt_level;
656 optname = sopt->sopt_name;
657
658 family = so->so_proto->pr_domain->dom_family;
659
660 s = splsoftnet();
661 switch (family) {
662 #ifdef INET
663 case PF_INET:
664 inp = sotoinpcb(so);
665 #ifdef INET6
666 in6p = NULL;
667 #endif
668 break;
669 #endif
670 #ifdef INET6
671 case PF_INET6:
672 inp = NULL;
673 in6p = sotoin6pcb(so);
674 break;
675 #endif
676 default:
677 splx(s);
678 panic("%s: af %d", __func__, family);
679 }
680 #ifndef INET6
681 if (inp == NULL)
682 #else
683 if (inp == NULL && in6p == NULL)
684 #endif
685 {
686 splx(s);
687 return (ECONNRESET);
688 }
689 if (level != IPPROTO_TCP) {
690 switch (family) {
691 #ifdef INET
692 case PF_INET:
693 error = ip_ctloutput(op, so, sopt);
694 break;
695 #endif
696 #ifdef INET6
697 case PF_INET6:
698 error = ip6_ctloutput(op, so, sopt);
699 break;
700 #endif
701 }
702 splx(s);
703 return (error);
704 }
705 if (inp)
706 tp = intotcpcb(inp);
707 #ifdef INET6
708 else if (in6p)
709 tp = in6totcpcb(in6p);
710 #endif
711 else
712 tp = NULL;
713
714 switch (op) {
715 case PRCO_SETOPT:
716 switch (optname) {
717 #ifdef TCP_SIGNATURE
718 case TCP_MD5SIG:
719 error = sockopt_getint(sopt, &optval);
720 if (error)
721 break;
722 if (optval > 0)
723 tp->t_flags |= TF_SIGNATURE;
724 else
725 tp->t_flags &= ~TF_SIGNATURE;
726 break;
727 #endif /* TCP_SIGNATURE */
728
729 case TCP_NODELAY:
730 error = sockopt_getint(sopt, &optval);
731 if (error)
732 break;
733 if (optval)
734 tp->t_flags |= TF_NODELAY;
735 else
736 tp->t_flags &= ~TF_NODELAY;
737 break;
738
739 case TCP_MAXSEG:
740 error = sockopt_getint(sopt, &optval);
741 if (error)
742 break;
743 if (optval > 0 && optval <= tp->t_peermss)
744 tp->t_peermss = optval; /* limit on send size */
745 else
746 error = EINVAL;
747 break;
748 #ifdef notyet
749 case TCP_CONGCTL:
750 /* XXX string overflow XXX */
751 error = tcp_congctl_select(tp, sopt->sopt_data);
752 break;
753 #endif
754
755 case TCP_KEEPIDLE:
756 error = sockopt_get(sopt, &ui, sizeof(ui));
757 if (error)
758 break;
759 if (ui > 0) {
760 tp->t_keepidle = ui;
761 change_keepalive(so, tp);
762 } else
763 error = EINVAL;
764 break;
765
766 case TCP_KEEPINTVL:
767 error = sockopt_get(sopt, &ui, sizeof(ui));
768 if (error)
769 break;
770 if (ui > 0) {
771 tp->t_keepintvl = ui;
772 change_keepalive(so, tp);
773 } else
774 error = EINVAL;
775 break;
776
777 case TCP_KEEPCNT:
778 error = sockopt_get(sopt, &ui, sizeof(ui));
779 if (error)
780 break;
781 if (ui > 0) {
782 tp->t_keepcnt = ui;
783 change_keepalive(so, tp);
784 } else
785 error = EINVAL;
786 break;
787
788 case TCP_KEEPINIT:
789 error = sockopt_get(sopt, &ui, sizeof(ui));
790 if (error)
791 break;
792 if (ui > 0) {
793 tp->t_keepinit = ui;
794 change_keepalive(so, tp);
795 } else
796 error = EINVAL;
797 break;
798
799 default:
800 error = ENOPROTOOPT;
801 break;
802 }
803 break;
804
805 case PRCO_GETOPT:
806 switch (optname) {
807 #ifdef TCP_SIGNATURE
808 case TCP_MD5SIG:
809 optval = (tp->t_flags & TF_SIGNATURE) ? 1 : 0;
810 error = sockopt_set(sopt, &optval, sizeof(optval));
811 break;
812 #endif
813 case TCP_NODELAY:
814 optval = tp->t_flags & TF_NODELAY;
815 error = sockopt_set(sopt, &optval, sizeof(optval));
816 break;
817 case TCP_MAXSEG:
818 optval = tp->t_peermss;
819 error = sockopt_set(sopt, &optval, sizeof(optval));
820 break;
821 #ifdef notyet
822 case TCP_CONGCTL:
823 break;
824 #endif
825 default:
826 error = ENOPROTOOPT;
827 break;
828 }
829 break;
830 }
831 splx(s);
832 return (error);
833 }
834
835 #ifndef TCP_SENDSPACE
836 #define TCP_SENDSPACE 1024*32
837 #endif
838 int tcp_sendspace = TCP_SENDSPACE;
839 #ifndef TCP_RECVSPACE
840 #define TCP_RECVSPACE 1024*32
841 #endif
842 int tcp_recvspace = TCP_RECVSPACE;
843
844 /*
845 * Attach TCP protocol to socket, allocating
846 * internet protocol control block, tcp control block,
847 * bufer space, and entering LISTEN state if to accept connections.
848 */
849 int
850 tcp_attach(struct socket *so)
851 {
852 struct tcpcb *tp;
853 struct inpcb *inp;
854 #ifdef INET6
855 struct in6pcb *in6p;
856 #endif
857 int error;
858 int family; /* family of the socket */
859
860 family = so->so_proto->pr_domain->dom_family;
861
862 #ifdef MBUFTRACE
863 so->so_mowner = &tcp_sock_mowner;
864 so->so_rcv.sb_mowner = &tcp_sock_rx_mowner;
865 so->so_snd.sb_mowner = &tcp_sock_tx_mowner;
866 #endif
867 if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
868 error = soreserve(so, tcp_sendspace, tcp_recvspace);
869 if (error)
870 return (error);
871 }
872
873 so->so_rcv.sb_flags |= SB_AUTOSIZE;
874 so->so_snd.sb_flags |= SB_AUTOSIZE;
875
876 switch (family) {
877 #ifdef INET
878 case PF_INET:
879 error = in_pcballoc(so, &tcbtable);
880 if (error)
881 return (error);
882 inp = sotoinpcb(so);
883 #ifdef INET6
884 in6p = NULL;
885 #endif
886 break;
887 #endif
888 #ifdef INET6
889 case PF_INET6:
890 error = in6_pcballoc(so, &tcbtable);
891 if (error)
892 return (error);
893 inp = NULL;
894 in6p = sotoin6pcb(so);
895 break;
896 #endif
897 default:
898 return EAFNOSUPPORT;
899 }
900 if (inp)
901 tp = tcp_newtcpcb(family, (void *)inp);
902 #ifdef INET6
903 else if (in6p)
904 tp = tcp_newtcpcb(family, (void *)in6p);
905 #endif
906 else
907 tp = NULL;
908
909 if (tp == 0) {
910 int nofd = so->so_state & SS_NOFDREF; /* XXX */
911
912 so->so_state &= ~SS_NOFDREF; /* don't free the socket yet */
913 #ifdef INET
914 if (inp)
915 in_pcbdetach(inp);
916 #endif
917 #ifdef INET6
918 if (in6p)
919 in6_pcbdetach(in6p);
920 #endif
921 so->so_state |= nofd;
922 return (ENOBUFS);
923 }
924 tp->t_state = TCPS_CLOSED;
925 return (0);
926 }
927
928 /*
929 * Initiate (or continue) disconnect.
930 * If embryonic state, just send reset (once).
931 * If in ``let data drain'' option and linger null, just drop.
932 * Otherwise (hard), mark socket disconnecting and drop
933 * current input data; switch states based on user close, and
934 * send segment to peer (with FIN).
935 */
936 struct tcpcb *
937 tcp_disconnect(struct tcpcb *tp)
938 {
939 struct socket *so;
940
941 if (tp->t_inpcb)
942 so = tp->t_inpcb->inp_socket;
943 #ifdef INET6
944 else if (tp->t_in6pcb)
945 so = tp->t_in6pcb->in6p_socket;
946 #endif
947 else
948 so = NULL;
949
950 if (TCPS_HAVEESTABLISHED(tp->t_state) == 0)
951 tp = tcp_close(tp);
952 else if ((so->so_options & SO_LINGER) && so->so_linger == 0)
953 tp = tcp_drop(tp, 0);
954 else {
955 soisdisconnecting(so);
956 sbflush(&so->so_rcv);
957 tp = tcp_usrclosed(tp);
958 if (tp)
959 (void) tcp_output(tp);
960 }
961 return (tp);
962 }
963
964 /*
965 * User issued close, and wish to trail through shutdown states:
966 * if never received SYN, just forget it. If got a SYN from peer,
967 * but haven't sent FIN, then go to FIN_WAIT_1 state to send peer a FIN.
968 * If already got a FIN from peer, then almost done; go to LAST_ACK
969 * state. In all other cases, have already sent FIN to peer (e.g.
970 * after PRU_SHUTDOWN), and just have to play tedious game waiting
971 * for peer to send FIN or not respond to keep-alives, etc.
972 * We can let the user exit from the close as soon as the FIN is acked.
973 */
974 struct tcpcb *
975 tcp_usrclosed(struct tcpcb *tp)
976 {
977
978 switch (tp->t_state) {
979
980 case TCPS_CLOSED:
981 case TCPS_LISTEN:
982 case TCPS_SYN_SENT:
983 tp->t_state = TCPS_CLOSED;
984 tp = tcp_close(tp);
985 break;
986
987 case TCPS_SYN_RECEIVED:
988 case TCPS_ESTABLISHED:
989 tp->t_state = TCPS_FIN_WAIT_1;
990 break;
991
992 case TCPS_CLOSE_WAIT:
993 tp->t_state = TCPS_LAST_ACK;
994 break;
995 }
996 if (tp && tp->t_state >= TCPS_FIN_WAIT_2) {
997 struct socket *so;
998 if (tp->t_inpcb)
999 so = tp->t_inpcb->inp_socket;
1000 #ifdef INET6
1001 else if (tp->t_in6pcb)
1002 so = tp->t_in6pcb->in6p_socket;
1003 #endif
1004 else
1005 so = NULL;
1006 if (so)
1007 soisdisconnected(so);
1008 /*
1009 * If we are in FIN_WAIT_2, we arrived here because the
1010 * application did a shutdown of the send side. Like the
1011 * case of a transition from FIN_WAIT_1 to FIN_WAIT_2 after
1012 * a full close, we start a timer to make sure sockets are
1013 * not left in FIN_WAIT_2 forever.
1014 */
1015 if ((tp->t_state == TCPS_FIN_WAIT_2) && (tp->t_maxidle > 0))
1016 TCP_TIMER_ARM(tp, TCPT_2MSL, tp->t_maxidle);
1017 }
1018 return (tp);
1019 }
1020
1021 /*
1022 * sysctl helper routine for net.inet.ip.mssdflt. it can't be less
1023 * than 32.
1024 */
1025 static int
1026 sysctl_net_inet_tcp_mssdflt(SYSCTLFN_ARGS)
1027 {
1028 int error, mssdflt;
1029 struct sysctlnode node;
1030
1031 mssdflt = tcp_mssdflt;
1032 node = *rnode;
1033 node.sysctl_data = &mssdflt;
1034 error = sysctl_lookup(SYSCTLFN_CALL(&node));
1035 if (error || newp == NULL)
1036 return (error);
1037
1038 if (mssdflt < 32)
1039 return (EINVAL);
1040 tcp_mssdflt = mssdflt;
1041
1042 return (0);
1043 }
1044
1045 /*
1046 * sysctl helper routine for setting port related values under
1047 * net.inet.ip and net.inet6.ip6. does basic range checking and does
1048 * additional checks for each type. this code has placed in
1049 * tcp_input.c since INET and INET6 both use the same tcp code.
1050 *
1051 * this helper is not static so that both inet and inet6 can use it.
1052 */
1053 int
1054 sysctl_net_inet_ip_ports(SYSCTLFN_ARGS)
1055 {
1056 int error, tmp;
1057 int apmin, apmax;
1058 #ifndef IPNOPRIVPORTS
1059 int lpmin, lpmax;
1060 #endif /* IPNOPRIVPORTS */
1061 struct sysctlnode node;
1062
1063 if (namelen != 0)
1064 return (EINVAL);
1065
1066 switch (name[-3]) {
1067 #ifdef INET
1068 case PF_INET:
1069 apmin = anonportmin;
1070 apmax = anonportmax;
1071 #ifndef IPNOPRIVPORTS
1072 lpmin = lowportmin;
1073 lpmax = lowportmax;
1074 #endif /* IPNOPRIVPORTS */
1075 break;
1076 #endif /* INET */
1077 #ifdef INET6
1078 case PF_INET6:
1079 apmin = ip6_anonportmin;
1080 apmax = ip6_anonportmax;
1081 #ifndef IPNOPRIVPORTS
1082 lpmin = ip6_lowportmin;
1083 lpmax = ip6_lowportmax;
1084 #endif /* IPNOPRIVPORTS */
1085 break;
1086 #endif /* INET6 */
1087 default:
1088 return (EINVAL);
1089 }
1090
1091 /*
1092 * insert temporary copy into node, perform lookup on
1093 * temporary, then restore pointer
1094 */
1095 node = *rnode;
1096 tmp = *(int*)rnode->sysctl_data;
1097 node.sysctl_data = &tmp;
1098 error = sysctl_lookup(SYSCTLFN_CALL(&node));
1099 if (error || newp == NULL)
1100 return (error);
1101
1102 /*
1103 * simple port range check
1104 */
1105 if (tmp < 0 || tmp > 65535)
1106 return (EINVAL);
1107
1108 /*
1109 * per-node range checks
1110 */
1111 switch (rnode->sysctl_num) {
1112 case IPCTL_ANONPORTMIN:
1113 if (tmp >= apmax)
1114 return (EINVAL);
1115 #ifndef IPNOPRIVPORTS
1116 if (tmp < IPPORT_RESERVED)
1117 return (EINVAL);
1118 #endif /* IPNOPRIVPORTS */
1119 break;
1120
1121 case IPCTL_ANONPORTMAX:
1122 if (apmin >= tmp)
1123 return (EINVAL);
1124 #ifndef IPNOPRIVPORTS
1125 if (tmp < IPPORT_RESERVED)
1126 return (EINVAL);
1127 #endif /* IPNOPRIVPORTS */
1128 break;
1129
1130 #ifndef IPNOPRIVPORTS
1131 case IPCTL_LOWPORTMIN:
1132 if (tmp >= lpmax ||
1133 tmp > IPPORT_RESERVEDMAX ||
1134 tmp < IPPORT_RESERVEDMIN)
1135 return (EINVAL);
1136 break;
1137
1138 case IPCTL_LOWPORTMAX:
1139 if (lpmin >= tmp ||
1140 tmp > IPPORT_RESERVEDMAX ||
1141 tmp < IPPORT_RESERVEDMIN)
1142 return (EINVAL);
1143 break;
1144 #endif /* IPNOPRIVPORTS */
1145
1146 default:
1147 return (EINVAL);
1148 }
1149
1150 *(int*)rnode->sysctl_data = tmp;
1151
1152 return (0);
1153 }
1154
1155 /*
1156 * The superuser can drop any connection. Normal users can only drop
1157 * their own connections.
1158 */
1159 static inline int
1160 check_sockuid(struct socket *sockp, kauth_cred_t cred)
1161 {
1162 uid_t sockuid;
1163
1164 sockuid = sockp->so_uidinfo->ui_uid;
1165 if (kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER, NULL) == 0 ||
1166 sockuid == kauth_cred_getuid(cred) ||
1167 sockuid == kauth_cred_geteuid(cred))
1168 return 0;
1169 return EACCES;
1170 }
1171
1172 static inline int
1173 copyout_uid(struct socket *sockp, void *oldp, size_t *oldlenp)
1174 {
1175 size_t sz;
1176 int error;
1177 uid_t uid;
1178
1179 uid = sockp->so_uidinfo->ui_uid;
1180 if (oldp) {
1181 sz = MIN(sizeof(uid), *oldlenp);
1182 error = copyout(&uid, oldp, sz);
1183 if (error)
1184 return error;
1185 }
1186 *oldlenp = sizeof(uid);
1187 return 0;
1188 }
1189
1190 static inline int
1191 inet4_ident_core(struct in_addr raddr, u_int rport,
1192 struct in_addr laddr, u_int lport,
1193 void *oldp, size_t *oldlenp,
1194 struct lwp *l, int dodrop)
1195 {
1196 struct inpcb *inp;
1197 struct socket *sockp;
1198
1199 inp = in_pcblookup_connect(&tcbtable, raddr, rport, laddr, lport);
1200
1201 if (inp == NULL || (sockp = inp->inp_socket) == NULL)
1202 return ESRCH;
1203
1204 if (dodrop) {
1205 struct tcpcb *tp;
1206
1207 if (inp == NULL || (tp = intotcpcb(inp)) == NULL ||
1208 (inp->inp_socket->so_options & SO_ACCEPTCONN) != 0)
1209 return ESRCH;
1210
1211 if (check_sockuid(inp->inp_socket, l->l_cred) != 0)
1212 return EACCES;
1213
1214 (void)tcp_drop(tp, ECONNABORTED);
1215 return 0;
1216 }
1217 else
1218 return copyout_uid(sockp, oldp, oldlenp);
1219 }
1220
1221 #ifdef INET6
1222 static inline int
1223 inet6_ident_core(struct in6_addr *raddr, u_int rport,
1224 struct in6_addr *laddr, u_int lport,
1225 void *oldp, size_t *oldlenp,
1226 struct lwp *l, int dodrop)
1227 {
1228 struct in6pcb *in6p;
1229 struct socket *sockp;
1230
1231 in6p = in6_pcblookup_connect(&tcbtable, raddr, rport, laddr, lport, 0);
1232
1233 if (in6p == NULL || (sockp = in6p->in6p_socket) == NULL)
1234 return ESRCH;
1235
1236 if (dodrop) {
1237 struct tcpcb *tp;
1238
1239 if (in6p == NULL || (tp = in6totcpcb(in6p)) == NULL ||
1240 (in6p->in6p_socket->so_options & SO_ACCEPTCONN) != 0)
1241 return ESRCH;
1242
1243 if (check_sockuid(in6p->in6p_socket, l->l_cred) != 0)
1244 return EACCES;
1245
1246 (void)tcp_drop(tp, ECONNABORTED);
1247 return 0;
1248 }
1249 else
1250 return copyout_uid(sockp, oldp, oldlenp);
1251 }
1252 #endif
1253
1254 /*
1255 * sysctl helper routine for the net.inet.tcp.drop and
1256 * net.inet6.tcp6.drop nodes.
1257 */
1258 #define sysctl_net_inet_tcp_drop sysctl_net_inet_tcp_ident
1259
1260 /*
1261 * sysctl helper routine for the net.inet.tcp.ident and
1262 * net.inet6.tcp6.ident nodes. contains backwards compat code for the
1263 * old way of looking up the ident information for ipv4 which involves
1264 * stuffing the port/addr pairs into the mib lookup.
1265 */
1266 static int
1267 sysctl_net_inet_tcp_ident(SYSCTLFN_ARGS)
1268 {
1269 #ifdef INET
1270 struct sockaddr_in *si4[2];
1271 #endif /* INET */
1272 #ifdef INET6
1273 struct sockaddr_in6 *si6[2];
1274 #endif /* INET6 */
1275 struct sockaddr_storage sa[2];
1276 int error, pf, dodrop;
1277
1278 dodrop = name[-1] == TCPCTL_DROP;
1279 if (dodrop) {
1280 if (oldp != NULL || *oldlenp != 0)
1281 return EINVAL;
1282 if (newp == NULL)
1283 return EPERM;
1284 if (newlen < sizeof(sa))
1285 return ENOMEM;
1286 }
1287 if (namelen != 4 && namelen != 0)
1288 return EINVAL;
1289 if (name[-2] != IPPROTO_TCP)
1290 return EINVAL;
1291 pf = name[-3];
1292
1293 /* old style lookup, ipv4 only */
1294 if (namelen == 4) {
1295 #ifdef INET
1296 struct in_addr laddr, raddr;
1297 u_int lport, rport;
1298
1299 if (pf != PF_INET)
1300 return EPROTONOSUPPORT;
1301 raddr.s_addr = (uint32_t)name[0];
1302 rport = (u_int)name[1];
1303 laddr.s_addr = (uint32_t)name[2];
1304 lport = (u_int)name[3];
1305
1306 mutex_enter(softnet_lock);
1307 error = inet4_ident_core(raddr, rport, laddr, lport,
1308 oldp, oldlenp, l, dodrop);
1309 mutex_exit(softnet_lock);
1310 return error;
1311 #else /* INET */
1312 return EINVAL;
1313 #endif /* INET */
1314 }
1315
1316 if (newp == NULL || newlen != sizeof(sa))
1317 return EINVAL;
1318 error = copyin(newp, &sa, newlen);
1319 if (error)
1320 return error;
1321
1322 /*
1323 * requested families must match
1324 */
1325 if (pf != sa[0].ss_family || sa[0].ss_family != sa[1].ss_family)
1326 return EINVAL;
1327
1328 switch (pf) {
1329 #ifdef INET6
1330 case PF_INET6:
1331 si6[0] = (struct sockaddr_in6*)&sa[0];
1332 si6[1] = (struct sockaddr_in6*)&sa[1];
1333 if (si6[0]->sin6_len != sizeof(*si6[0]) ||
1334 si6[1]->sin6_len != sizeof(*si6[1]))
1335 return EINVAL;
1336
1337 if (!IN6_IS_ADDR_V4MAPPED(&si6[0]->sin6_addr) &&
1338 !IN6_IS_ADDR_V4MAPPED(&si6[1]->sin6_addr)) {
1339 error = sa6_embedscope(si6[0], ip6_use_defzone);
1340 if (error)
1341 return error;
1342 error = sa6_embedscope(si6[1], ip6_use_defzone);
1343 if (error)
1344 return error;
1345
1346 mutex_enter(softnet_lock);
1347 error = inet6_ident_core(&si6[0]->sin6_addr,
1348 si6[0]->sin6_port, &si6[1]->sin6_addr,
1349 si6[1]->sin6_port, oldp, oldlenp, l, dodrop);
1350 mutex_exit(softnet_lock);
1351 return error;
1352 }
1353
1354 if (IN6_IS_ADDR_V4MAPPED(&si6[0]->sin6_addr) !=
1355 IN6_IS_ADDR_V4MAPPED(&si6[1]->sin6_addr))
1356 return EINVAL;
1357
1358 in6_sin6_2_sin_in_sock((struct sockaddr *)&sa[0]);
1359 in6_sin6_2_sin_in_sock((struct sockaddr *)&sa[1]);
1360 /*FALLTHROUGH*/
1361 #endif /* INET6 */
1362 #ifdef INET
1363 case PF_INET:
1364 si4[0] = (struct sockaddr_in*)&sa[0];
1365 si4[1] = (struct sockaddr_in*)&sa[1];
1366 if (si4[0]->sin_len != sizeof(*si4[0]) ||
1367 si4[0]->sin_len != sizeof(*si4[1]))
1368 return EINVAL;
1369
1370 mutex_enter(softnet_lock);
1371 error = inet4_ident_core(si4[0]->sin_addr, si4[0]->sin_port,
1372 si4[1]->sin_addr, si4[1]->sin_port,
1373 oldp, oldlenp, l, dodrop);
1374 mutex_exit(softnet_lock);
1375 return error;
1376 #endif /* INET */
1377 default:
1378 return EPROTONOSUPPORT;
1379 }
1380 }
1381
1382 /*
1383 * sysctl helper for the inet and inet6 pcblists. handles tcp/udp and
1384 * inet/inet6, as well as raw pcbs for each. specifically not
1385 * declared static so that raw sockets and udp/udp6 can use it as
1386 * well.
1387 */
1388 int
1389 sysctl_inpcblist(SYSCTLFN_ARGS)
1390 {
1391 #ifdef INET
1392 struct sockaddr_in *in;
1393 const struct inpcb *inp;
1394 #endif
1395 #ifdef INET6
1396 struct sockaddr_in6 *in6;
1397 const struct in6pcb *in6p;
1398 #endif
1399 /*
1400 * sysctl_data is const, but CIRCLEQ_FOREACH can't use a const
1401 * struct inpcbtable pointer, so we have to discard const. :-/
1402 */
1403 struct inpcbtable *pcbtbl = __UNCONST(rnode->sysctl_data);
1404 const struct inpcb_hdr *inph;
1405 struct tcpcb *tp;
1406 struct kinfo_pcb pcb;
1407 char *dp;
1408 u_int op, arg;
1409 size_t len, needed, elem_size, out_size;
1410 int error, elem_count, pf, proto, pf2;
1411
1412 if (namelen != 4)
1413 return (EINVAL);
1414
1415 if (oldp != NULL) {
1416 len = *oldlenp;
1417 elem_size = name[2];
1418 elem_count = name[3];
1419 if (elem_size != sizeof(pcb))
1420 return EINVAL;
1421 } else {
1422 len = 0;
1423 elem_count = INT_MAX;
1424 elem_size = sizeof(pcb);
1425 }
1426 error = 0;
1427 dp = oldp;
1428 op = name[0];
1429 arg = name[1];
1430 out_size = elem_size;
1431 needed = 0;
1432
1433 if (namelen == 1 && name[0] == CTL_QUERY)
1434 return (sysctl_query(SYSCTLFN_CALL(rnode)));
1435
1436 if (name - oname != 4)
1437 return (EINVAL);
1438
1439 pf = oname[1];
1440 proto = oname[2];
1441 pf2 = (oldp != NULL) ? pf : 0;
1442
1443 mutex_enter(softnet_lock);
1444
1445 CIRCLEQ_FOREACH(inph, &pcbtbl->inpt_queue, inph_queue) {
1446 #ifdef INET
1447 inp = (const struct inpcb *)inph;
1448 #endif
1449 #ifdef INET6
1450 in6p = (const struct in6pcb *)inph;
1451 #endif
1452
1453 if (inph->inph_af != pf)
1454 continue;
1455
1456 if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_SOCKET,
1457 KAUTH_REQ_NETWORK_SOCKET_CANSEE, inph->inph_socket, NULL,
1458 NULL) != 0)
1459 continue;
1460
1461 memset(&pcb, 0, sizeof(pcb));
1462
1463 pcb.ki_family = pf;
1464 pcb.ki_type = proto;
1465
1466 switch (pf2) {
1467 case 0:
1468 /* just probing for size */
1469 break;
1470 #ifdef INET
1471 case PF_INET:
1472 pcb.ki_family = inp->inp_socket->so_proto->
1473 pr_domain->dom_family;
1474 pcb.ki_type = inp->inp_socket->so_proto->
1475 pr_type;
1476 pcb.ki_protocol = inp->inp_socket->so_proto->
1477 pr_protocol;
1478 pcb.ki_pflags = inp->inp_flags;
1479
1480 pcb.ki_sostate = inp->inp_socket->so_state;
1481 pcb.ki_prstate = inp->inp_state;
1482 if (proto == IPPROTO_TCP) {
1483 tp = intotcpcb(inp);
1484 pcb.ki_tstate = tp->t_state;
1485 pcb.ki_tflags = tp->t_flags;
1486 }
1487
1488 pcb.ki_pcbaddr = PTRTOUINT64(inp);
1489 pcb.ki_ppcbaddr = PTRTOUINT64(inp->inp_ppcb);
1490 pcb.ki_sockaddr = PTRTOUINT64(inp->inp_socket);
1491
1492 pcb.ki_rcvq = inp->inp_socket->so_rcv.sb_cc;
1493 pcb.ki_sndq = inp->inp_socket->so_snd.sb_cc;
1494
1495 in = satosin(&pcb.ki_src);
1496 in->sin_len = sizeof(*in);
1497 in->sin_family = pf;
1498 in->sin_port = inp->inp_lport;
1499 in->sin_addr = inp->inp_laddr;
1500 if (pcb.ki_prstate >= INP_CONNECTED) {
1501 in = satosin(&pcb.ki_dst);
1502 in->sin_len = sizeof(*in);
1503 in->sin_family = pf;
1504 in->sin_port = inp->inp_fport;
1505 in->sin_addr = inp->inp_faddr;
1506 }
1507 break;
1508 #endif
1509 #ifdef INET6
1510 case PF_INET6:
1511 pcb.ki_family = in6p->in6p_socket->so_proto->
1512 pr_domain->dom_family;
1513 pcb.ki_type = in6p->in6p_socket->so_proto->pr_type;
1514 pcb.ki_protocol = in6p->in6p_socket->so_proto->
1515 pr_protocol;
1516 pcb.ki_pflags = in6p->in6p_flags;
1517
1518 pcb.ki_sostate = in6p->in6p_socket->so_state;
1519 pcb.ki_prstate = in6p->in6p_state;
1520 if (proto == IPPROTO_TCP) {
1521 tp = in6totcpcb(in6p);
1522 pcb.ki_tstate = tp->t_state;
1523 pcb.ki_tflags = tp->t_flags;
1524 }
1525
1526 pcb.ki_pcbaddr = PTRTOUINT64(in6p);
1527 pcb.ki_ppcbaddr = PTRTOUINT64(in6p->in6p_ppcb);
1528 pcb.ki_sockaddr = PTRTOUINT64(in6p->in6p_socket);
1529
1530 pcb.ki_rcvq = in6p->in6p_socket->so_rcv.sb_cc;
1531 pcb.ki_sndq = in6p->in6p_socket->so_snd.sb_cc;
1532
1533 in6 = satosin6(&pcb.ki_src);
1534 in6->sin6_len = sizeof(*in6);
1535 in6->sin6_family = pf;
1536 in6->sin6_port = in6p->in6p_lport;
1537 in6->sin6_flowinfo = in6p->in6p_flowinfo;
1538 in6->sin6_addr = in6p->in6p_laddr;
1539 in6->sin6_scope_id = 0; /* XXX? */
1540
1541 if (pcb.ki_prstate >= IN6P_CONNECTED) {
1542 in6 = satosin6(&pcb.ki_dst);
1543 in6->sin6_len = sizeof(*in6);
1544 in6->sin6_family = pf;
1545 in6->sin6_port = in6p->in6p_fport;
1546 in6->sin6_flowinfo = in6p->in6p_flowinfo;
1547 in6->sin6_addr = in6p->in6p_faddr;
1548 in6->sin6_scope_id = 0; /* XXX? */
1549 }
1550 break;
1551 #endif
1552 }
1553
1554 if (len >= elem_size && elem_count > 0) {
1555 error = copyout(&pcb, dp, out_size);
1556 if (error) {
1557 mutex_exit(softnet_lock);
1558 return (error);
1559 }
1560 dp += elem_size;
1561 len -= elem_size;
1562 }
1563 if (elem_count > 0) {
1564 needed += elem_size;
1565 if (elem_count != INT_MAX)
1566 elem_count--;
1567 }
1568 }
1569
1570 *oldlenp = needed;
1571 if (oldp == NULL)
1572 *oldlenp += PCB_SLOP * sizeof(struct kinfo_pcb);
1573
1574 mutex_exit(softnet_lock);
1575
1576 return (error);
1577 }
1578
1579 static int
1580 sysctl_tcp_congctl(SYSCTLFN_ARGS)
1581 {
1582 struct sysctlnode node;
1583 int error;
1584 char newname[TCPCC_MAXLEN];
1585
1586 strlcpy(newname, tcp_congctl_global_name, sizeof(newname) - 1);
1587
1588 node = *rnode;
1589 node.sysctl_data = newname;
1590 node.sysctl_size = sizeof(newname);
1591
1592 error = sysctl_lookup(SYSCTLFN_CALL(&node));
1593
1594 if (error ||
1595 newp == NULL ||
1596 strncmp(newname, tcp_congctl_global_name, sizeof(newname)) == 0)
1597 return error;
1598
1599 mutex_enter(softnet_lock);
1600 error = tcp_congctl_select(NULL, newname);
1601 mutex_exit(softnet_lock);
1602
1603 return error;
1604 }
1605
1606 static int
1607 sysctl_tcp_keep(SYSCTLFN_ARGS)
1608 {
1609 int error;
1610 u_int tmp;
1611 struct sysctlnode node;
1612
1613 node = *rnode;
1614 tmp = *(u_int *)rnode->sysctl_data;
1615 node.sysctl_data = &tmp;
1616
1617 error = sysctl_lookup(SYSCTLFN_CALL(&node));
1618 if (error || newp == NULL)
1619 return error;
1620
1621 mutex_enter(softnet_lock);
1622
1623 *(u_int *)rnode->sysctl_data = tmp;
1624 tcp_tcpcb_template(); /* update the template */
1625
1626 mutex_exit(softnet_lock);
1627 return 0;
1628 }
1629
1630 static int
1631 sysctl_net_inet_tcp_stats(SYSCTLFN_ARGS)
1632 {
1633
1634 return (NETSTAT_SYSCTL(tcpstat_percpu, TCP_NSTATS));
1635 }
1636
1637 /*
1638 * this (second stage) setup routine is a replacement for tcp_sysctl()
1639 * (which is currently used for ipv4 and ipv6)
1640 */
1641 static void
1642 sysctl_net_inet_tcp_setup2(struct sysctllog **clog, int pf, const char *pfname,
1643 const char *tcpname)
1644 {
1645 const struct sysctlnode *sack_node;
1646 const struct sysctlnode *abc_node;
1647 const struct sysctlnode *ecn_node;
1648 const struct sysctlnode *congctl_node;
1649 #ifdef TCP_DEBUG
1650 extern struct tcp_debug tcp_debug[TCP_NDEBUG];
1651 extern int tcp_debx;
1652 #endif
1653
1654 sysctl_createv(clog, 0, NULL, NULL,
1655 CTLFLAG_PERMANENT,
1656 CTLTYPE_NODE, "net", NULL,
1657 NULL, 0, NULL, 0,
1658 CTL_NET, CTL_EOL);
1659 sysctl_createv(clog, 0, NULL, NULL,
1660 CTLFLAG_PERMANENT,
1661 CTLTYPE_NODE, pfname, NULL,
1662 NULL, 0, NULL, 0,
1663 CTL_NET, pf, CTL_EOL);
1664 sysctl_createv(clog, 0, NULL, NULL,
1665 CTLFLAG_PERMANENT,
1666 CTLTYPE_NODE, tcpname,
1667 SYSCTL_DESCR("TCP related settings"),
1668 NULL, 0, NULL, 0,
1669 CTL_NET, pf, IPPROTO_TCP, CTL_EOL);
1670
1671 sysctl_createv(clog, 0, NULL, NULL,
1672 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1673 CTLTYPE_INT, "rfc1323",
1674 SYSCTL_DESCR("Enable RFC1323 TCP extensions"),
1675 NULL, 0, &tcp_do_rfc1323, 0,
1676 CTL_NET, pf, IPPROTO_TCP, TCPCTL_RFC1323, CTL_EOL);
1677 sysctl_createv(clog, 0, NULL, NULL,
1678 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1679 CTLTYPE_INT, "sendspace",
1680 SYSCTL_DESCR("Default TCP send buffer size"),
1681 NULL, 0, &tcp_sendspace, 0,
1682 CTL_NET, pf, IPPROTO_TCP, TCPCTL_SENDSPACE, CTL_EOL);
1683 sysctl_createv(clog, 0, NULL, NULL,
1684 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1685 CTLTYPE_INT, "recvspace",
1686 SYSCTL_DESCR("Default TCP receive buffer size"),
1687 NULL, 0, &tcp_recvspace, 0,
1688 CTL_NET, pf, IPPROTO_TCP, TCPCTL_RECVSPACE, CTL_EOL);
1689 sysctl_createv(clog, 0, NULL, NULL,
1690 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1691 CTLTYPE_INT, "mssdflt",
1692 SYSCTL_DESCR("Default maximum segment size"),
1693 sysctl_net_inet_tcp_mssdflt, 0, &tcp_mssdflt, 0,
1694 CTL_NET, pf, IPPROTO_TCP, TCPCTL_MSSDFLT, CTL_EOL);
1695 sysctl_createv(clog, 0, NULL, NULL,
1696 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1697 CTLTYPE_INT, "minmss",
1698 SYSCTL_DESCR("Lower limit for TCP maximum segment size"),
1699 NULL, 0, &tcp_minmss, 0,
1700 CTL_NET, pf, IPPROTO_TCP, CTL_CREATE, CTL_EOL);
1701 sysctl_createv(clog, 0, NULL, NULL,
1702 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1703 CTLTYPE_INT, "msl",
1704 SYSCTL_DESCR("Maximum Segment Life"),
1705 NULL, 0, &tcp_msl, 0,
1706 CTL_NET, pf, IPPROTO_TCP, TCPCTL_MSL, CTL_EOL);
1707 sysctl_createv(clog, 0, NULL, NULL,
1708 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1709 CTLTYPE_INT, "syn_cache_limit",
1710 SYSCTL_DESCR("Maximum number of entries in the TCP "
1711 "compressed state engine"),
1712 NULL, 0, &tcp_syn_cache_limit, 0,
1713 CTL_NET, pf, IPPROTO_TCP, TCPCTL_SYN_CACHE_LIMIT,
1714 CTL_EOL);
1715 sysctl_createv(clog, 0, NULL, NULL,
1716 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1717 CTLTYPE_INT, "syn_bucket_limit",
1718 SYSCTL_DESCR("Maximum number of entries per hash "
1719 "bucket in the TCP compressed state "
1720 "engine"),
1721 NULL, 0, &tcp_syn_bucket_limit, 0,
1722 CTL_NET, pf, IPPROTO_TCP, TCPCTL_SYN_BUCKET_LIMIT,
1723 CTL_EOL);
1724 #if 0 /* obsoleted */
1725 sysctl_createv(clog, 0, NULL, NULL,
1726 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1727 CTLTYPE_INT, "syn_cache_interval",
1728 SYSCTL_DESCR("TCP compressed state engine's timer interval"),
1729 NULL, 0, &tcp_syn_cache_interval, 0,
1730 CTL_NET, pf, IPPROTO_TCP, TCPCTL_SYN_CACHE_INTER,
1731 CTL_EOL);
1732 #endif
1733 sysctl_createv(clog, 0, NULL, NULL,
1734 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1735 CTLTYPE_INT, "init_win",
1736 SYSCTL_DESCR("Initial TCP congestion window"),
1737 NULL, 0, &tcp_init_win, 0,
1738 CTL_NET, pf, IPPROTO_TCP, TCPCTL_INIT_WIN, CTL_EOL);
1739 sysctl_createv(clog, 0, NULL, NULL,
1740 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1741 CTLTYPE_INT, "mss_ifmtu",
1742 SYSCTL_DESCR("Use interface MTU for calculating MSS"),
1743 NULL, 0, &tcp_mss_ifmtu, 0,
1744 CTL_NET, pf, IPPROTO_TCP, TCPCTL_MSS_IFMTU, CTL_EOL);
1745 sysctl_createv(clog, 0, NULL, &sack_node,
1746 CTLFLAG_PERMANENT,
1747 CTLTYPE_NODE, "sack",
1748 SYSCTL_DESCR("RFC2018 Selective ACKnowledgement tunables"),
1749 NULL, 0, NULL, 0,
1750 CTL_NET, pf, IPPROTO_TCP, TCPCTL_SACK, CTL_EOL);
1751
1752 /* Congctl subtree */
1753 sysctl_createv(clog, 0, NULL, &congctl_node,
1754 CTLFLAG_PERMANENT,
1755 CTLTYPE_NODE, "congctl",
1756 SYSCTL_DESCR("TCP Congestion Control"),
1757 NULL, 0, NULL, 0,
1758 CTL_NET, pf, IPPROTO_TCP, CTL_CREATE, CTL_EOL);
1759 sysctl_createv(clog, 0, &congctl_node, NULL,
1760 CTLFLAG_PERMANENT,
1761 CTLTYPE_STRING, "available",
1762 SYSCTL_DESCR("Available Congestion Control Mechanisms"),
1763 NULL, 0, &tcp_congctl_avail, 0, CTL_CREATE, CTL_EOL);
1764 sysctl_createv(clog, 0, &congctl_node, NULL,
1765 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1766 CTLTYPE_STRING, "selected",
1767 SYSCTL_DESCR("Selected Congestion Control Mechanism"),
1768 sysctl_tcp_congctl, 0, NULL, TCPCC_MAXLEN,
1769 CTL_CREATE, CTL_EOL);
1770
1771 sysctl_createv(clog, 0, NULL, NULL,
1772 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1773 CTLTYPE_INT, "win_scale",
1774 SYSCTL_DESCR("Use RFC1323 window scale options"),
1775 NULL, 0, &tcp_do_win_scale, 0,
1776 CTL_NET, pf, IPPROTO_TCP, TCPCTL_WSCALE, CTL_EOL);
1777 sysctl_createv(clog, 0, NULL, NULL,
1778 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1779 CTLTYPE_INT, "timestamps",
1780 SYSCTL_DESCR("Use RFC1323 time stamp options"),
1781 NULL, 0, &tcp_do_timestamps, 0,
1782 CTL_NET, pf, IPPROTO_TCP, TCPCTL_TSTAMP, CTL_EOL);
1783 sysctl_createv(clog, 0, NULL, NULL,
1784 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1785 CTLTYPE_INT, "compat_42",
1786 SYSCTL_DESCR("Enable workarounds for 4.2BSD TCP bugs"),
1787 NULL, 0, &tcp_compat_42, 0,
1788 CTL_NET, pf, IPPROTO_TCP, TCPCTL_COMPAT_42, CTL_EOL);
1789 sysctl_createv(clog, 0, NULL, NULL,
1790 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1791 CTLTYPE_INT, "cwm",
1792 SYSCTL_DESCR("Hughes/Touch/Heidemann Congestion Window "
1793 "Monitoring"),
1794 NULL, 0, &tcp_cwm, 0,
1795 CTL_NET, pf, IPPROTO_TCP, TCPCTL_CWM, CTL_EOL);
1796 sysctl_createv(clog, 0, NULL, NULL,
1797 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1798 CTLTYPE_INT, "cwm_burstsize",
1799 SYSCTL_DESCR("Congestion Window Monitoring allowed "
1800 "burst count in packets"),
1801 NULL, 0, &tcp_cwm_burstsize, 0,
1802 CTL_NET, pf, IPPROTO_TCP, TCPCTL_CWM_BURSTSIZE,
1803 CTL_EOL);
1804 sysctl_createv(clog, 0, NULL, NULL,
1805 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1806 CTLTYPE_INT, "ack_on_push",
1807 SYSCTL_DESCR("Immediately return ACK when PSH is "
1808 "received"),
1809 NULL, 0, &tcp_ack_on_push, 0,
1810 CTL_NET, pf, IPPROTO_TCP, TCPCTL_ACK_ON_PUSH, CTL_EOL);
1811 sysctl_createv(clog, 0, NULL, NULL,
1812 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1813 CTLTYPE_INT, "keepidle",
1814 SYSCTL_DESCR("Allowed connection idle ticks before a "
1815 "keepalive probe is sent"),
1816 sysctl_tcp_keep, 0, &tcp_keepidle, 0,
1817 CTL_NET, pf, IPPROTO_TCP, TCPCTL_KEEPIDLE, CTL_EOL);
1818 sysctl_createv(clog, 0, NULL, NULL,
1819 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1820 CTLTYPE_INT, "keepintvl",
1821 SYSCTL_DESCR("Ticks before next keepalive probe is sent"),
1822 sysctl_tcp_keep, 0, &tcp_keepintvl, 0,
1823 CTL_NET, pf, IPPROTO_TCP, TCPCTL_KEEPINTVL, CTL_EOL);
1824 sysctl_createv(clog, 0, NULL, NULL,
1825 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1826 CTLTYPE_INT, "keepcnt",
1827 SYSCTL_DESCR("Number of keepalive probes to send"),
1828 sysctl_tcp_keep, 0, &tcp_keepcnt, 0,
1829 CTL_NET, pf, IPPROTO_TCP, TCPCTL_KEEPCNT, CTL_EOL);
1830 sysctl_createv(clog, 0, NULL, NULL,
1831 CTLFLAG_PERMANENT|CTLFLAG_IMMEDIATE,
1832 CTLTYPE_INT, "slowhz",
1833 SYSCTL_DESCR("Keepalive ticks per second"),
1834 NULL, PR_SLOWHZ, NULL, 0,
1835 CTL_NET, pf, IPPROTO_TCP, TCPCTL_SLOWHZ, CTL_EOL);
1836 sysctl_createv(clog, 0, NULL, NULL,
1837 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1838 CTLTYPE_INT, "log_refused",
1839 SYSCTL_DESCR("Log refused TCP connections"),
1840 NULL, 0, &tcp_log_refused, 0,
1841 CTL_NET, pf, IPPROTO_TCP, TCPCTL_LOG_REFUSED, CTL_EOL);
1842 #if 0 /* obsoleted */
1843 sysctl_createv(clog, 0, NULL, NULL,
1844 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1845 CTLTYPE_INT, "rstratelimit", NULL,
1846 NULL, 0, &tcp_rst_ratelim, 0,
1847 CTL_NET, pf, IPPROTO_TCP, TCPCTL_RSTRATELIMIT, CTL_EOL);
1848 #endif
1849 sysctl_createv(clog, 0, NULL, NULL,
1850 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1851 CTLTYPE_INT, "rstppslimit",
1852 SYSCTL_DESCR("Maximum number of RST packets to send "
1853 "per second"),
1854 NULL, 0, &tcp_rst_ppslim, 0,
1855 CTL_NET, pf, IPPROTO_TCP, TCPCTL_RSTPPSLIMIT, CTL_EOL);
1856 sysctl_createv(clog, 0, NULL, NULL,
1857 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1858 CTLTYPE_INT, "delack_ticks",
1859 SYSCTL_DESCR("Number of ticks to delay sending an ACK"),
1860 NULL, 0, &tcp_delack_ticks, 0,
1861 CTL_NET, pf, IPPROTO_TCP, TCPCTL_DELACK_TICKS, CTL_EOL);
1862 sysctl_createv(clog, 0, NULL, NULL,
1863 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1864 CTLTYPE_INT, "init_win_local",
1865 SYSCTL_DESCR("Initial TCP window size (in segments)"),
1866 NULL, 0, &tcp_init_win_local, 0,
1867 CTL_NET, pf, IPPROTO_TCP, TCPCTL_INIT_WIN_LOCAL,
1868 CTL_EOL);
1869 sysctl_createv(clog, 0, NULL, NULL,
1870 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1871 CTLTYPE_STRUCT, "ident",
1872 SYSCTL_DESCR("RFC1413 Identification Protocol lookups"),
1873 sysctl_net_inet_tcp_ident, 0, NULL, sizeof(uid_t),
1874 CTL_NET, pf, IPPROTO_TCP, TCPCTL_IDENT, CTL_EOL);
1875 sysctl_createv(clog, 0, NULL, NULL,
1876 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1877 CTLTYPE_INT, "do_loopback_cksum",
1878 SYSCTL_DESCR("Perform TCP checksum on loopback"),
1879 NULL, 0, &tcp_do_loopback_cksum, 0,
1880 CTL_NET, pf, IPPROTO_TCP, TCPCTL_LOOPBACKCKSUM,
1881 CTL_EOL);
1882 sysctl_createv(clog, 0, NULL, NULL,
1883 CTLFLAG_PERMANENT,
1884 CTLTYPE_STRUCT, "pcblist",
1885 SYSCTL_DESCR("TCP protocol control block list"),
1886 sysctl_inpcblist, 0, &tcbtable, 0,
1887 CTL_NET, pf, IPPROTO_TCP, CTL_CREATE,
1888 CTL_EOL);
1889 sysctl_createv(clog, 0, NULL, NULL,
1890 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1891 CTLTYPE_INT, "keepinit",
1892 SYSCTL_DESCR("Ticks before initial tcp connection times out"),
1893 sysctl_tcp_keep, 0, &tcp_keepinit, 0,
1894 CTL_NET, pf, IPPROTO_TCP, CTL_CREATE, CTL_EOL);
1895
1896 /* TCP socket buffers auto-sizing nodes */
1897 sysctl_createv(clog, 0, NULL, NULL,
1898 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1899 CTLTYPE_INT, "recvbuf_auto",
1900 SYSCTL_DESCR("Enable automatic receive "
1901 "buffer sizing (experimental)"),
1902 NULL, 0, &tcp_do_autorcvbuf, 0,
1903 CTL_NET, pf, IPPROTO_TCP, CTL_CREATE, CTL_EOL);
1904 sysctl_createv(clog, 0, NULL, NULL,
1905 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1906 CTLTYPE_INT, "recvbuf_inc",
1907 SYSCTL_DESCR("Incrementor step size of "
1908 "automatic receive buffer"),
1909 NULL, 0, &tcp_autorcvbuf_inc, 0,
1910 CTL_NET, pf, IPPROTO_TCP, CTL_CREATE, CTL_EOL);
1911 sysctl_createv(clog, 0, NULL, NULL,
1912 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1913 CTLTYPE_INT, "recvbuf_max",
1914 SYSCTL_DESCR("Max size of automatic receive buffer"),
1915 NULL, 0, &tcp_autorcvbuf_max, 0,
1916 CTL_NET, pf, IPPROTO_TCP, CTL_CREATE, CTL_EOL);
1917
1918 sysctl_createv(clog, 0, NULL, NULL,
1919 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1920 CTLTYPE_INT, "sendbuf_auto",
1921 SYSCTL_DESCR("Enable automatic send "
1922 "buffer sizing (experimental)"),
1923 NULL, 0, &tcp_do_autosndbuf, 0,
1924 CTL_NET, pf, IPPROTO_TCP, CTL_CREATE, CTL_EOL);
1925 sysctl_createv(clog, 0, NULL, NULL,
1926 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1927 CTLTYPE_INT, "sendbuf_inc",
1928 SYSCTL_DESCR("Incrementor step size of "
1929 "automatic send buffer"),
1930 NULL, 0, &tcp_autosndbuf_inc, 0,
1931 CTL_NET, pf, IPPROTO_TCP, CTL_CREATE, CTL_EOL);
1932 sysctl_createv(clog, 0, NULL, NULL,
1933 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1934 CTLTYPE_INT, "sendbuf_max",
1935 SYSCTL_DESCR("Max size of automatic send buffer"),
1936 NULL, 0, &tcp_autosndbuf_max, 0,
1937 CTL_NET, pf, IPPROTO_TCP, CTL_CREATE, CTL_EOL);
1938
1939 /* ECN subtree */
1940 sysctl_createv(clog, 0, NULL, &ecn_node,
1941 CTLFLAG_PERMANENT,
1942 CTLTYPE_NODE, "ecn",
1943 SYSCTL_DESCR("RFC3168 Explicit Congestion Notification"),
1944 NULL, 0, NULL, 0,
1945 CTL_NET, pf, IPPROTO_TCP, CTL_CREATE, CTL_EOL);
1946 sysctl_createv(clog, 0, &ecn_node, NULL,
1947 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1948 CTLTYPE_INT, "enable",
1949 SYSCTL_DESCR("Enable TCP Explicit Congestion "
1950 "Notification"),
1951 NULL, 0, &tcp_do_ecn, 0, CTL_CREATE, CTL_EOL);
1952 sysctl_createv(clog, 0, &ecn_node, NULL,
1953 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1954 CTLTYPE_INT, "maxretries",
1955 SYSCTL_DESCR("Number of times to retry ECN setup "
1956 "before disabling ECN on the connection"),
1957 NULL, 0, &tcp_ecn_maxretries, 0, CTL_CREATE, CTL_EOL);
1958
1959 /* SACK gets it's own little subtree. */
1960 sysctl_createv(clog, 0, NULL, &sack_node,
1961 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1962 CTLTYPE_INT, "enable",
1963 SYSCTL_DESCR("Enable RFC2018 Selective ACKnowledgement"),
1964 NULL, 0, &tcp_do_sack, 0,
1965 CTL_NET, pf, IPPROTO_TCP, TCPCTL_SACK, CTL_CREATE, CTL_EOL);
1966 sysctl_createv(clog, 0, NULL, &sack_node,
1967 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1968 CTLTYPE_INT, "maxholes",
1969 SYSCTL_DESCR("Maximum number of TCP SACK holes allowed per connection"),
1970 NULL, 0, &tcp_sack_tp_maxholes, 0,
1971 CTL_NET, pf, IPPROTO_TCP, TCPCTL_SACK, CTL_CREATE, CTL_EOL);
1972 sysctl_createv(clog, 0, NULL, &sack_node,
1973 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
1974 CTLTYPE_INT, "globalmaxholes",
1975 SYSCTL_DESCR("Global maximum number of TCP SACK holes"),
1976 NULL, 0, &tcp_sack_globalmaxholes, 0,
1977 CTL_NET, pf, IPPROTO_TCP, TCPCTL_SACK, CTL_CREATE, CTL_EOL);
1978 sysctl_createv(clog, 0, NULL, &sack_node,
1979 CTLFLAG_PERMANENT,
1980 CTLTYPE_INT, "globalholes",
1981 SYSCTL_DESCR("Global number of TCP SACK holes"),
1982 NULL, 0, &tcp_sack_globalholes, 0,
1983 CTL_NET, pf, IPPROTO_TCP, TCPCTL_SACK, CTL_CREATE, CTL_EOL);
1984
1985 sysctl_createv(clog, 0, NULL, NULL,
1986 CTLFLAG_PERMANENT,
1987 CTLTYPE_STRUCT, "stats",
1988 SYSCTL_DESCR("TCP statistics"),
1989 sysctl_net_inet_tcp_stats, 0, NULL, 0,
1990 CTL_NET, pf, IPPROTO_TCP, TCPCTL_STATS,
1991 CTL_EOL);
1992 #ifdef TCP_DEBUG
1993 sysctl_createv(clog, 0, NULL, NULL,
1994 CTLFLAG_PERMANENT,
1995 CTLTYPE_STRUCT, "debug",
1996 SYSCTL_DESCR("TCP sockets debug information"),
1997 NULL, 0, &tcp_debug, sizeof(tcp_debug),
1998 CTL_NET, pf, IPPROTO_TCP, TCPCTL_DEBUG,
1999 CTL_EOL);
2000 sysctl_createv(clog, 0, NULL, NULL,
2001 CTLFLAG_PERMANENT,
2002 CTLTYPE_INT, "debx",
2003 SYSCTL_DESCR("Number of TCP debug sockets messages"),
2004 NULL, 0, &tcp_debx, sizeof(tcp_debx),
2005 CTL_NET, pf, IPPROTO_TCP, TCPCTL_DEBX,
2006 CTL_EOL);
2007 #endif
2008 sysctl_createv(clog, 0, NULL, NULL,
2009 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2010 CTLTYPE_STRUCT, "drop",
2011 SYSCTL_DESCR("TCP drop connection"),
2012 sysctl_net_inet_tcp_drop, 0, NULL, 0,
2013 CTL_NET, pf, IPPROTO_TCP, TCPCTL_DROP, CTL_EOL);
2014 #if NRND > 0
2015 sysctl_createv(clog, 0, NULL, NULL,
2016 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2017 CTLTYPE_INT, "iss_hash",
2018 SYSCTL_DESCR("Enable RFC 1948 ISS by cryptographic "
2019 "hash computation"),
2020 NULL, 0, &tcp_do_rfc1948, sizeof(tcp_do_rfc1948),
2021 CTL_NET, pf, IPPROTO_TCP, CTL_CREATE,
2022 CTL_EOL);
2023 #endif
2024
2025 /* ABC subtree */
2026
2027 sysctl_createv(clog, 0, NULL, &abc_node,
2028 CTLFLAG_PERMANENT, CTLTYPE_NODE, "abc",
2029 SYSCTL_DESCR("RFC3465 Appropriate Byte Counting (ABC)"),
2030 NULL, 0, NULL, 0,
2031 CTL_NET, pf, IPPROTO_TCP, CTL_CREATE, CTL_EOL);
2032 sysctl_createv(clog, 0, &abc_node, NULL,
2033 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2034 CTLTYPE_INT, "enable",
2035 SYSCTL_DESCR("Enable RFC3465 Appropriate Byte Counting"),
2036 NULL, 0, &tcp_do_abc, 0, CTL_CREATE, CTL_EOL);
2037 sysctl_createv(clog, 0, &abc_node, NULL,
2038 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2039 CTLTYPE_INT, "aggressive",
2040 SYSCTL_DESCR("1: L=2*SMSS 0: L=1*SMSS"),
2041 NULL, 0, &tcp_abc_aggressive, 0, CTL_CREATE, CTL_EOL);
2042 }
2043
2044 /*
2045 * Sysctl for tcp variables.
2046 */
2047 #ifdef INET
2048 SYSCTL_SETUP(sysctl_net_inet_tcp_setup, "sysctl net.inet.tcp subtree setup")
2049 {
2050
2051 sysctl_net_inet_tcp_setup2(clog, PF_INET, "inet", "tcp");
2052 }
2053 #endif /* INET */
2054
2055 #ifdef INET6
2056 SYSCTL_SETUP(sysctl_net_inet6_tcp6_setup, "sysctl net.inet6.tcp6 subtree setup")
2057 {
2058
2059 sysctl_net_inet_tcp_setup2(clog, PF_INET6, "inet6", "tcp6");
2060 }
2061 #endif /* INET6 */
Cache object: cf3107adbfe03046977ad60f156472d0
|