1 /* $NetBSD: tcp_output.c,v 1.212 2019/11/17 08:21:25 mlelstv Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 /* 33 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 34 * 35 * NRL grants permission for redistribution and use in source and binary 36 * forms, with or without modification, of the software and documentation 37 * created at NRL provided that the following conditions are met: 38 * 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. All advertising materials mentioning features or use of this software 45 * must display the following acknowledgements: 46 * This product includes software developed by the University of 47 * California, Berkeley and its contributors. 48 * This product includes software developed at the Information 49 * Technology Division, US Naval Research Laboratory. 50 * 4. Neither the name of the NRL nor the names of its contributors 51 * may be used to endorse or promote products derived from this software 52 * without specific prior written permission. 53 * 54 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 55 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 56 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 57 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 58 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 59 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 60 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 61 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 62 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 63 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 64 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 65 * 66 * The views and conclusions contained in the software and documentation 67 * are those of the authors and should not be interpreted as representing 68 * official policies, either expressed or implied, of the US Naval 69 * Research Laboratory (NRL). 70 */ 71 72 /*- 73 * Copyright (c) 1997, 1998, 2001, 2005, 2006 The NetBSD Foundation, Inc. 74 * All rights reserved. 75 * 76 * This code is derived from software contributed to The NetBSD Foundation 77 * by Jason R. Thorpe and Kevin M. Lahey of the Numerical Aerospace Simulation 78 * Facility, NASA Ames Research Center. 79 * This code is derived from software contributed to The NetBSD Foundation 80 * by Charles M. Hannum. 81 * This code is derived from software contributed to The NetBSD Foundation 82 * by Rui Paulo. 83 * 84 * Redistribution and use in source and binary forms, with or without 85 * modification, are permitted provided that the following conditions 86 * are met: 87 * 1. Redistributions of source code must retain the above copyright 88 * notice, this list of conditions and the following disclaimer. 89 * 2. Redistributions in binary form must reproduce the above copyright 90 * notice, this list of conditions and the following disclaimer in the 91 * documentation and/or other materials provided with the distribution. 92 * 93 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 94 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 95 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 96 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 97 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 98 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 99 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 100 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 101 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 103 * POSSIBILITY OF SUCH DAMAGE. 104 */ 105 106 /* 107 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 108 * The Regents of the University of California. All rights reserved. 109 * 110 * Redistribution and use in source and binary forms, with or without 111 * modification, are permitted provided that the following conditions 112 * are met: 113 * 1. Redistributions of source code must retain the above copyright 114 * notice, this list of conditions and the following disclaimer. 115 * 2. Redistributions in binary form must reproduce the above copyright 116 * notice, this list of conditions and the following disclaimer in the 117 * documentation and/or other materials provided with the distribution. 118 * 3. Neither the name of the University nor the names of its contributors 119 * may be used to endorse or promote products derived from this software 120 * without specific prior written permission. 121 * 122 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 123 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 124 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 125 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 126 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 127 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 128 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 129 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 130 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 131 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 132 * SUCH DAMAGE. 133 * 134 * @(#)tcp_output.c 8.4 (Berkeley) 5/24/95 135 */ 136 137 #include <sys/cdefs.h> 138 __KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.212 2019/11/17 08:21:25 mlelstv Exp $"); 139 140 #ifdef _KERNEL_OPT 141 #include "opt_inet.h" 142 #include "opt_ipsec.h" 143 #include "opt_tcp_debug.h" 144 #endif 145 146 #include <sys/param.h> 147 #include <sys/systm.h> 148 #include <sys/mbuf.h> 149 #include <sys/protosw.h> 150 #include <sys/socket.h> 151 #include <sys/socketvar.h> 152 #include <sys/errno.h> 153 #include <sys/domain.h> 154 #include <sys/kernel.h> 155 #ifdef TCP_SIGNATURE 156 #include <sys/md5.h> 157 #endif 158 159 #include <net/if.h> 160 #include <net/route.h> 161 162 #include <netinet/in.h> 163 #include <netinet/in_systm.h> 164 #include <netinet/ip.h> 165 #include <netinet/in_pcb.h> 166 #include <netinet/ip_var.h> 167 168 #ifdef INET6 169 #include <netinet/ip6.h> 170 #include <netinet6/in6_var.h> 171 #include <netinet6/ip6_var.h> 172 #include <netinet6/in6_pcb.h> 173 #include <netinet6/nd6.h> 174 #endif 175 176 #ifdef IPSEC 177 #include <netipsec/ipsec.h> 178 #include <netipsec/key.h> 179 #ifdef INET6 180 #include <netipsec/ipsec6.h> 181 #endif 182 #endif 183 184 #include <netinet/tcp.h> 185 #define TCPOUTFLAGS 186 #include <netinet/tcp_fsm.h> 187 #include <netinet/tcp_seq.h> 188 #include <netinet/tcp_timer.h> 189 #include <netinet/tcp_var.h> 190 #include <netinet/tcp_private.h> 191 #include <netinet/tcp_congctl.h> 192 #include <netinet/tcp_debug.h> 193 #include <netinet/in_offload.h> 194 #include <netinet6/in6_offload.h> 195 196 /* 197 * Knob to enable Congestion Window Monitoring, and control 198 * the burst size it allows. Default burst is 4 packets, per 199 * the Internet draft. 200 */ 201 int tcp_cwm = 0; 202 int tcp_cwm_burstsize = 4; 203 204 int tcp_do_autosndbuf = 1; 205 int tcp_autosndbuf_inc = 8 * 1024; 206 int tcp_autosndbuf_max = 256 * 1024; 207 208 #ifdef TCP_OUTPUT_COUNTERS 209 #include <sys/device.h> 210 211 extern struct evcnt tcp_output_bigheader; 212 extern struct evcnt tcp_output_predict_hit; 213 extern struct evcnt tcp_output_predict_miss; 214 extern struct evcnt tcp_output_copysmall; 215 extern struct evcnt tcp_output_copybig; 216 extern struct evcnt tcp_output_refbig; 217 218 #define TCP_OUTPUT_COUNTER_INCR(ev) (ev)->ev_count++ 219 #else 220 221 #define TCP_OUTPUT_COUNTER_INCR(ev) /* nothing */ 222 223 #endif /* TCP_OUTPUT_COUNTERS */ 224 225 static int 226 tcp_segsize(struct tcpcb *tp, int *txsegsizep, int *rxsegsizep, 227 bool *alwaysfragp) 228 { 229 struct inpcb *inp = tp->t_inpcb; 230 #ifdef INET6 231 struct in6pcb *in6p = tp->t_in6pcb; 232 #endif 233 struct socket *so = NULL; 234 struct rtentry *rt; 235 struct ifnet *ifp; 236 int size; 237 int hdrlen; 238 int optlen; 239 240 *alwaysfragp = false; 241 size = tcp_mssdflt; 242 243 KASSERT(!(tp->t_inpcb && tp->t_in6pcb)); 244 245 switch (tp->t_family) { 246 case AF_INET: 247 hdrlen = sizeof(struct ip) + sizeof(struct tcphdr); 248 break; 249 #ifdef INET6 250 case AF_INET6: 251 hdrlen = sizeof(struct ip6_hdr) + sizeof(struct tcphdr); 252 break; 253 #endif 254 default: 255 hdrlen = 1; /* prevent zero sized segments */ 256 goto out; 257 } 258 259 rt = NULL; 260 if (inp) { 261 rt = in_pcbrtentry(inp); 262 so = inp->inp_socket; 263 } 264 #ifdef INET6 265 if (in6p) { 266 rt = in6_pcbrtentry(in6p); 267 so = in6p->in6p_socket; 268 } 269 #endif 270 if (rt == NULL) { 271 goto out; 272 } 273 274 ifp = rt->rt_ifp; 275 276 if (tp->t_mtudisc && rt->rt_rmx.rmx_mtu != 0) { 277 #ifdef INET6 278 if (in6p && rt->rt_rmx.rmx_mtu < IPV6_MMTU) { 279 /* 280 * RFC2460 section 5, last paragraph: if path MTU is 281 * smaller than 1280, use 1280 as packet size and 282 * attach fragment header. 283 */ 284 size = IPV6_MMTU - hdrlen - sizeof(struct ip6_frag); 285 *alwaysfragp = true; 286 } else 287 size = rt->rt_rmx.rmx_mtu - hdrlen; 288 #else 289 size = rt->rt_rmx.rmx_mtu - hdrlen; 290 #endif 291 } else if (ifp->if_flags & IFF_LOOPBACK) 292 size = ifp->if_mtu - hdrlen; 293 else if (inp && tp->t_mtudisc) 294 size = ifp->if_mtu - hdrlen; 295 else if (inp && in_localaddr(inp->inp_faddr)) 296 size = ifp->if_mtu - hdrlen; 297 #ifdef INET6 298 else if (in6p) { 299 if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr)) { 300 /* mapped addr case */ 301 struct in_addr d; 302 memcpy(&d, &in6p->in6p_faddr.s6_addr32[3], sizeof(d)); 303 if (tp->t_mtudisc || in_localaddr(d)) 304 size = ifp->if_mtu - hdrlen; 305 } else { 306 /* 307 * for IPv6, path MTU discovery is always turned on, 308 * or the node must use packet size <= 1280. 309 */ 310 size = tp->t_mtudisc ? IN6_LINKMTU(ifp) : IPV6_MMTU; 311 size -= hdrlen; 312 } 313 } 314 #endif 315 if (inp) 316 in_pcbrtentry_unref(rt, inp); 317 #ifdef INET6 318 if (in6p) 319 in6_pcbrtentry_unref(rt, in6p); 320 #endif 321 out: 322 /* 323 * Now we must make room for whatever extra TCP/IP options are in 324 * the packet. 325 */ 326 optlen = tcp_optlen(tp); 327 328 /* 329 * XXX tp->t_ourmss should have the right size, but without this code 330 * fragmentation will occur... need more investigation 331 */ 332 333 if (inp) { 334 #if defined(IPSEC) 335 if (ipsec_used && 336 !ipsec_pcb_skip_ipsec(inp->inp_sp, IPSEC_DIR_OUTBOUND)) 337 optlen += ipsec4_hdrsiz_tcp(tp); 338 #endif 339 optlen += ip_optlen(inp); 340 } 341 342 #ifdef INET6 343 if (in6p && tp->t_family == AF_INET) { 344 #if defined(IPSEC) 345 if (ipsec_used && 346 !ipsec_pcb_skip_ipsec(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) 347 optlen += ipsec4_hdrsiz_tcp(tp); 348 #endif 349 /* XXX size -= ip_optlen(in6p); */ 350 } else if (in6p && tp->t_family == AF_INET6) { 351 #if defined(IPSEC) 352 if (ipsec_used && 353 !ipsec_pcb_skip_ipsec(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) 354 optlen += ipsec6_hdrsiz_tcp(tp); 355 #endif 356 optlen += ip6_optlen(in6p); 357 } 358 #endif 359 size -= optlen; 360 361 /* 362 * There may not be any room for data if mtu is too small. This 363 * includes zero-sized. 364 */ 365 if (size <= 0) { 366 return EMSGSIZE; 367 } 368 369 /* 370 * *rxsegsizep holds *estimated* inbound segment size (estimation 371 * assumes that path MTU is the same for both ways). this is only 372 * for silly window avoidance, do not use the value for other purposes. 373 * 374 * ipseclen is subtracted from both sides, this may not be right. 375 * I'm not quite sure about this (could someone comment). 376 */ 377 *txsegsizep = uimin(tp->t_peermss - optlen, size); 378 *rxsegsizep = uimin(tp->t_ourmss - optlen, size); 379 380 /* 381 * Never send more than half a buffer full. This insures that we can 382 * always keep 2 packets on the wire, no matter what SO_SNDBUF is, and 383 * therefore acks will never be delayed unless we run out of data to 384 * transmit. 385 */ 386 if (so) { 387 *txsegsizep = uimin(so->so_snd.sb_hiwat >> 1, *txsegsizep); 388 } 389 390 /* 391 * A segment must at least store header + options 392 */ 393 if (*txsegsizep < hdrlen + optlen) { 394 return EMSGSIZE; 395 } 396 397 if (*txsegsizep != tp->t_segsz) { 398 /* 399 * If the new segment size is larger, we don't want to 400 * mess up the congestion window, but if it is smaller 401 * we'll have to reduce the congestion window to ensure 402 * that we don't get into trouble with initial windows 403 * and the rest. In any case, if the segment size 404 * has changed, chances are the path has, too, and 405 * our congestion window will be different. 406 */ 407 if (*txsegsizep < tp->t_segsz) { 408 tp->snd_cwnd = uimax((tp->snd_cwnd / tp->t_segsz) 409 * *txsegsizep, *txsegsizep); 410 tp->snd_ssthresh = uimax((tp->snd_ssthresh / tp->t_segsz) 411 * *txsegsizep, *txsegsizep); 412 } 413 tp->t_segsz = *txsegsizep; 414 } 415 416 return 0; 417 } 418 419 static int 420 tcp_build_datapkt(struct tcpcb *tp, struct socket *so, int off, 421 long len, int hdrlen, struct mbuf **mp) 422 { 423 struct mbuf *m, *m0; 424 uint64_t *tcps; 425 426 tcps = TCP_STAT_GETREF(); 427 if (tp->t_force && len == 1) 428 tcps[TCP_STAT_SNDPROBE]++; 429 else if (SEQ_LT(tp->snd_nxt, tp->snd_max)) { 430 tp->t_sndrexmitpack++; 431 tcps[TCP_STAT_SNDREXMITPACK]++; 432 tcps[TCP_STAT_SNDREXMITBYTE] += len; 433 } else { 434 tcps[TCP_STAT_SNDPACK]++; 435 tcps[TCP_STAT_SNDBYTE] += len; 436 } 437 TCP_STAT_PUTREF(); 438 439 MGETHDR(m, M_DONTWAIT, MT_HEADER); 440 if (__predict_false(m == NULL)) 441 return ENOBUFS; 442 MCLAIM(m, &tcp_tx_mowner); 443 444 /* 445 * XXX Because other code assumes headers will fit in 446 * XXX one header mbuf. 447 * 448 * (This code should almost *never* be run.) 449 */ 450 if (__predict_false((max_linkhdr + hdrlen) > MHLEN)) { 451 TCP_OUTPUT_COUNTER_INCR(&tcp_output_bigheader); 452 MCLGET(m, M_DONTWAIT); 453 if ((m->m_flags & M_EXT) == 0) { 454 m_freem(m); 455 return ENOBUFS; 456 } 457 } 458 459 m->m_data += max_linkhdr; 460 m->m_len = hdrlen; 461 462 /* 463 * To avoid traversing the whole sb_mb chain for correct 464 * data to send, remember last sent mbuf, its offset and 465 * the sent size. When called the next time, see if the 466 * data to send is directly following the previous transfer. 467 * This is important for large TCP windows. 468 */ 469 if (off == 0 || tp->t_lastm == NULL || 470 (tp->t_lastoff + tp->t_lastlen) != off) { 471 TCP_OUTPUT_COUNTER_INCR(&tcp_output_predict_miss); 472 /* 473 * Either a new packet or a retransmit. 474 * Start from the beginning. 475 */ 476 tp->t_lastm = so->so_snd.sb_mb; 477 tp->t_inoff = off; 478 } else { 479 TCP_OUTPUT_COUNTER_INCR(&tcp_output_predict_hit); 480 tp->t_inoff += tp->t_lastlen; 481 } 482 483 /* Traverse forward to next packet */ 484 while (tp->t_inoff > 0) { 485 if (tp->t_lastm == NULL) 486 panic("tp->t_lastm == NULL"); 487 if (tp->t_inoff < tp->t_lastm->m_len) 488 break; 489 tp->t_inoff -= tp->t_lastm->m_len; 490 tp->t_lastm = tp->t_lastm->m_next; 491 } 492 493 tp->t_lastoff = off; 494 tp->t_lastlen = len; 495 m0 = tp->t_lastm; 496 off = tp->t_inoff; 497 498 if (len <= M_TRAILINGSPACE(m)) { 499 m_copydata(m0, off, (int)len, mtod(m, char *) + hdrlen); 500 m->m_len += len; 501 TCP_OUTPUT_COUNTER_INCR(&tcp_output_copysmall); 502 } else { 503 m->m_next = m_copym(m0, off, (int)len, M_DONTWAIT); 504 if (m->m_next == NULL) { 505 m_freem(m); 506 return ENOBUFS; 507 } 508 #ifdef TCP_OUTPUT_COUNTERS 509 if (m->m_next->m_flags & M_EXT) 510 TCP_OUTPUT_COUNTER_INCR(&tcp_output_refbig); 511 else 512 TCP_OUTPUT_COUNTER_INCR(&tcp_output_copybig); 513 #endif 514 } 515 516 *mp = m; 517 return 0; 518 } 519 520 /* 521 * Tcp output routine: figure out what should be sent and send it. 522 */ 523 int 524 tcp_output(struct tcpcb *tp) 525 { 526 struct rtentry *rt = NULL; 527 struct socket *so; 528 struct route *ro; 529 long len, win; 530 int off, flags, error; 531 struct mbuf *m; 532 struct ip *ip; 533 #ifdef INET6 534 struct ip6_hdr *ip6; 535 #endif 536 struct tcphdr *th; 537 u_char opt[MAX_TCPOPTLEN], *optp; 538 #define OPT_FITS(more) ((optlen + (more)) <= sizeof(opt)) 539 unsigned optlen, hdrlen, packetlen; 540 unsigned int sack_numblks; 541 int idle, sendalot, txsegsize, rxsegsize; 542 int txsegsize_nosack; 543 int maxburst = TCP_MAXBURST; 544 int af; /* address family on the wire */ 545 int iphdrlen; 546 int has_tso4, has_tso6; 547 int has_tso, use_tso; 548 bool alwaysfrag; 549 int sack_rxmit; 550 int sack_bytes_rxmt; 551 int ecn_tos; 552 struct sackhole *p; 553 #ifdef TCP_SIGNATURE 554 int sigoff = 0; 555 #endif 556 uint64_t *tcps; 557 558 KASSERT(!(tp->t_inpcb && tp->t_in6pcb)); 559 560 so = NULL; 561 ro = NULL; 562 if (tp->t_inpcb) { 563 so = tp->t_inpcb->inp_socket; 564 ro = &tp->t_inpcb->inp_route; 565 } 566 #ifdef INET6 567 else if (tp->t_in6pcb) { 568 so = tp->t_in6pcb->in6p_socket; 569 ro = &tp->t_in6pcb->in6p_route; 570 } 571 #endif 572 573 switch (af = tp->t_family) { 574 case AF_INET: 575 if (tp->t_inpcb) 576 break; 577 #ifdef INET6 578 /* mapped addr case */ 579 if (tp->t_in6pcb) 580 break; 581 #endif 582 return EINVAL; 583 #ifdef INET6 584 case AF_INET6: 585 if (tp->t_in6pcb) 586 break; 587 return EINVAL; 588 #endif 589 default: 590 return EAFNOSUPPORT; 591 } 592 593 if (tcp_segsize(tp, &txsegsize, &rxsegsize, &alwaysfrag)) 594 return EMSGSIZE; 595 596 idle = (tp->snd_max == tp->snd_una); 597 598 /* 599 * Determine if we can use TCP segmentation offload: 600 * - If we're using IPv4 601 * - If there is not an IPsec policy that prevents it 602 * - If the interface can do it 603 */ 604 has_tso4 = has_tso6 = false; 605 606 has_tso4 = tp->t_inpcb != NULL && 607 #if defined(IPSEC) 608 (!ipsec_used || ipsec_pcb_skip_ipsec(tp->t_inpcb->inp_sp, 609 IPSEC_DIR_OUTBOUND)) && 610 #endif 611 (rt = rtcache_validate(&tp->t_inpcb->inp_route)) != NULL && 612 (rt->rt_ifp->if_capenable & IFCAP_TSOv4) != 0; 613 if (rt != NULL) { 614 rtcache_unref(rt, &tp->t_inpcb->inp_route); 615 rt = NULL; 616 } 617 618 #if defined(INET6) 619 has_tso6 = tp->t_in6pcb != NULL && 620 #if defined(IPSEC) 621 (!ipsec_used || ipsec_pcb_skip_ipsec(tp->t_in6pcb->in6p_sp, 622 IPSEC_DIR_OUTBOUND)) && 623 #endif 624 (rt = rtcache_validate(&tp->t_in6pcb->in6p_route)) != NULL && 625 (rt->rt_ifp->if_capenable & IFCAP_TSOv6) != 0; 626 if (rt != NULL) 627 rtcache_unref(rt, &tp->t_in6pcb->in6p_route); 628 #endif /* defined(INET6) */ 629 has_tso = (has_tso4 || has_tso6) && !alwaysfrag; 630 631 /* 632 * Restart Window computation. From draft-floyd-incr-init-win-03: 633 * 634 * Optionally, a TCP MAY set the restart window to the 635 * minimum of the value used for the initial window and 636 * the current value of cwnd (in other words, using a 637 * larger value for the restart window should never increase 638 * the size of cwnd). 639 */ 640 if (tcp_cwm) { 641 /* 642 * Hughes/Touch/Heidemann Congestion Window Monitoring. 643 * Count the number of packets currently pending 644 * acknowledgement, and limit our congestion window 645 * to a pre-determined allowed burst size plus that count. 646 * This prevents bursting once all pending packets have 647 * been acknowledged (i.e. transmission is idle). 648 * 649 * XXX Link this to Initial Window? 650 */ 651 tp->snd_cwnd = uimin(tp->snd_cwnd, 652 (tcp_cwm_burstsize * txsegsize) + 653 (tp->snd_nxt - tp->snd_una)); 654 } else { 655 if (idle && (tcp_now - tp->t_rcvtime) >= tp->t_rxtcur) { 656 /* 657 * We have been idle for "a while" and no acks are 658 * expected to clock out any data we send -- 659 * slow start to get ack "clock" running again. 660 */ 661 int ss = tcp_init_win; 662 if (tp->t_inpcb && 663 in_localaddr(tp->t_inpcb->inp_faddr)) 664 ss = tcp_init_win_local; 665 #ifdef INET6 666 if (tp->t_in6pcb && 667 in6_localaddr(&tp->t_in6pcb->in6p_faddr)) 668 ss = tcp_init_win_local; 669 #endif 670 tp->snd_cwnd = uimin(tp->snd_cwnd, 671 TCP_INITIAL_WINDOW(ss, txsegsize)); 672 } 673 } 674 675 txsegsize_nosack = txsegsize; 676 again: 677 ecn_tos = 0; 678 use_tso = has_tso; 679 if ((tp->t_flags & (TF_ECN_SND_CWR|TF_ECN_SND_ECE)) != 0) { 680 /* don't duplicate CWR/ECE. */ 681 use_tso = 0; 682 } 683 TCP_REASS_LOCK(tp); 684 sack_numblks = tcp_sack_numblks(tp); 685 if (sack_numblks) { 686 int sackoptlen; 687 688 sackoptlen = TCP_SACK_OPTLEN(sack_numblks); 689 if (sackoptlen > txsegsize_nosack) { 690 sack_numblks = 0; /* give up SACK */ 691 txsegsize = txsegsize_nosack; 692 } else { 693 if ((tp->rcv_sack_flags & TCPSACK_HAVED) != 0) { 694 /* don't duplicate D-SACK. */ 695 use_tso = 0; 696 } 697 txsegsize = txsegsize_nosack - sackoptlen; 698 } 699 } else { 700 txsegsize = txsegsize_nosack; 701 } 702 703 /* 704 * Determine length of data that should be transmitted, and 705 * flags that should be used. If there is some data or critical 706 * controls (SYN, RST) to send, then transmit; otherwise, 707 * investigate further. 708 * 709 * Readjust SACK information to avoid resending duplicate data. 710 */ 711 if (TCP_SACK_ENABLED(tp) && SEQ_LT(tp->snd_nxt, tp->snd_max)) 712 tcp_sack_adjust(tp); 713 sendalot = 0; 714 off = tp->snd_nxt - tp->snd_una; 715 win = uimin(tp->snd_wnd, tp->snd_cwnd); 716 717 flags = tcp_outflags[tp->t_state]; 718 719 /* 720 * Send any SACK-generated retransmissions. If we're explicitly trying 721 * to send out new data (when sendalot is 1), bypass this function. 722 * If we retransmit in fast recovery mode, decrement snd_cwnd, since 723 * we're replacing a (future) new transmission with a retransmission 724 * now, and we previously incremented snd_cwnd in tcp_input(). 725 */ 726 /* 727 * Still in sack recovery, reset rxmit flag to zero. 728 */ 729 sack_rxmit = 0; 730 sack_bytes_rxmt = 0; 731 len = 0; 732 p = NULL; 733 do { 734 long cwin; 735 if (!TCP_SACK_ENABLED(tp)) 736 break; 737 if (tp->t_partialacks < 0) 738 break; 739 p = tcp_sack_output(tp, &sack_bytes_rxmt); 740 if (p == NULL) 741 break; 742 743 cwin = uimin(tp->snd_wnd, tp->snd_cwnd) - sack_bytes_rxmt; 744 if (cwin < 0) 745 cwin = 0; 746 /* Do not retransmit SACK segments beyond snd_recover */ 747 if (SEQ_GT(p->end, tp->snd_recover)) { 748 /* 749 * (At least) part of sack hole extends beyond 750 * snd_recover. Check to see if we can rexmit data 751 * for this hole. 752 */ 753 if (SEQ_GEQ(p->rxmit, tp->snd_recover)) { 754 /* 755 * Can't rexmit any more data for this hole. 756 * That data will be rexmitted in the next 757 * sack recovery episode, when snd_recover 758 * moves past p->rxmit. 759 */ 760 p = NULL; 761 break; 762 } 763 /* Can rexmit part of the current hole */ 764 len = ((long)ulmin(cwin, tp->snd_recover - p->rxmit)); 765 } else 766 len = ((long)ulmin(cwin, p->end - p->rxmit)); 767 off = p->rxmit - tp->snd_una; 768 if (off + len > so->so_snd.sb_cc) { 769 /* 1 for TH_FIN */ 770 KASSERT(off + len == so->so_snd.sb_cc + 1); 771 KASSERT(p->rxmit + len == tp->snd_max); 772 len = so->so_snd.sb_cc - off; 773 } 774 if (len > 0) { 775 sack_rxmit = 1; 776 sendalot = 1; 777 } 778 } while (/*CONSTCOND*/0); 779 780 /* 781 * If in persist timeout with window of 0, send 1 byte. 782 * Otherwise, if window is small but nonzero 783 * and timer expired, we will send what we can 784 * and go to transmit state. 785 */ 786 if (tp->t_force) { 787 if (win == 0) { 788 /* 789 * If we still have some data to send, then 790 * clear the FIN bit. Usually this would 791 * happen below when it realizes that we 792 * aren't sending all the data. However, 793 * if we have exactly 1 byte of unset data, 794 * then it won't clear the FIN bit below, 795 * and if we are in persist state, we wind 796 * up sending the packet without recording 797 * that we sent the FIN bit. 798 * 799 * We can't just blindly clear the FIN bit, 800 * because if we don't have any more data 801 * to send then the probe will be the FIN 802 * itself. 803 */ 804 if (off < so->so_snd.sb_cc) 805 flags &= ~TH_FIN; 806 win = 1; 807 } else { 808 TCP_TIMER_DISARM(tp, TCPT_PERSIST); 809 tp->t_rxtshift = 0; 810 } 811 } 812 813 if (sack_rxmit == 0) { 814 if (TCP_SACK_ENABLED(tp) && tp->t_partialacks >= 0) { 815 long cwin; 816 817 /* 818 * We are inside of a SACK recovery episode and are 819 * sending new data, having retransmitted all the 820 * data possible in the scoreboard. 821 */ 822 if (tp->snd_wnd < so->so_snd.sb_cc) { 823 len = tp->snd_wnd - off; 824 flags &= ~TH_FIN; 825 } else { 826 len = so->so_snd.sb_cc - off; 827 } 828 829 /* 830 * From FreeBSD: 831 * Don't remove this (len > 0) check ! 832 * We explicitly check for len > 0 here (although it 833 * isn't really necessary), to work around a gcc 834 * optimization issue - to force gcc to compute 835 * len above. Without this check, the computation 836 * of len is bungled by the optimizer. 837 */ 838 if (len > 0) { 839 cwin = tp->snd_cwnd - 840 (tp->snd_nxt - tp->sack_newdata) - 841 sack_bytes_rxmt; 842 if (cwin < 0) 843 cwin = 0; 844 if (cwin < len) { 845 len = cwin; 846 flags &= ~TH_FIN; 847 } 848 } 849 } else if (win < so->so_snd.sb_cc) { 850 len = win - off; 851 flags &= ~TH_FIN; 852 } else { 853 len = so->so_snd.sb_cc - off; 854 } 855 } 856 857 if (len < 0) { 858 /* 859 * If FIN has been sent but not acked, 860 * but we haven't been called to retransmit, 861 * len will be -1. Otherwise, window shrank 862 * after we sent into it. If window shrank to 0, 863 * cancel pending retransmit, pull snd_nxt back 864 * to (closed) window, and set the persist timer 865 * if it isn't already going. If the window didn't 866 * close completely, just wait for an ACK. 867 * 868 * If we have a pending FIN, either it has already been 869 * transmitted or it is outside the window, so drop it. 870 * If the FIN has been transmitted, but this is not a 871 * retransmission, then len must be -1. Therefore we also 872 * prevent here the sending of `gratuitous FINs'. This 873 * eliminates the need to check for that case below (e.g. 874 * to back up snd_nxt before the FIN so that the sequence 875 * number is correct). 876 */ 877 len = 0; 878 flags &= ~TH_FIN; 879 if (win == 0) { 880 TCP_TIMER_DISARM(tp, TCPT_REXMT); 881 tp->t_rxtshift = 0; 882 tp->snd_nxt = tp->snd_una; 883 if (TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) 884 tcp_setpersist(tp); 885 } 886 } 887 888 /* 889 * Automatic sizing enables the performance of large buffers 890 * and most of the efficiency of small ones by only allocating 891 * space when it is needed. 892 * 893 * The criteria to step up the send buffer one notch are: 894 * 1. receive window of remote host is larger than send buffer 895 * (with a fudge factor of 5/4th); 896 * 2. send buffer is filled to 7/8th with data (so we actually 897 * have data to make use of it); 898 * 3. send buffer fill has not hit maximal automatic size; 899 * 4. our send window (slow start and cogestion controlled) is 900 * larger than sent but unacknowledged data in send buffer. 901 * 902 * The remote host receive window scaling factor may limit the 903 * growing of the send buffer before it reaches its allowed 904 * maximum. 905 * 906 * It scales directly with slow start or congestion window 907 * and does at most one step per received ACK. This fast 908 * scaling has the drawback of growing the send buffer beyond 909 * what is strictly necessary to make full use of a given 910 * delay*bandwith product. However testing has shown this not 911 * to be much of an problem. At worst we are trading wasting 912 * of available bandwith (the non-use of it) for wasting some 913 * socket buffer memory. 914 * 915 * TODO: Shrink send buffer during idle periods together 916 * with congestion window. Requires another timer. 917 */ 918 if (tcp_do_autosndbuf && so->so_snd.sb_flags & SB_AUTOSIZE) { 919 if ((tp->snd_wnd / 4 * 5) >= so->so_snd.sb_hiwat && 920 so->so_snd.sb_cc >= (so->so_snd.sb_hiwat / 8 * 7) && 921 so->so_snd.sb_cc < tcp_autosndbuf_max && 922 win >= (so->so_snd.sb_cc - (tp->snd_nxt - tp->snd_una))) { 923 if (!sbreserve(&so->so_snd, 924 uimin(so->so_snd.sb_hiwat + tcp_autosndbuf_inc, 925 tcp_autosndbuf_max), so)) 926 so->so_snd.sb_flags &= ~SB_AUTOSIZE; 927 } 928 } 929 930 if (len > txsegsize) { 931 if (use_tso) { 932 /* 933 * Truncate TSO transfers to IP_MAXPACKET, and make 934 * sure that we send equal size transfers down the 935 * stack (rather than big-small-big-small-...). 936 */ 937 #ifdef INET6 938 CTASSERT(IPV6_MAXPACKET == IP_MAXPACKET); 939 #endif 940 len = (uimin(len, IP_MAXPACKET) / txsegsize) * txsegsize; 941 if (len <= txsegsize) { 942 use_tso = 0; 943 } 944 } else 945 len = txsegsize; 946 flags &= ~TH_FIN; 947 sendalot = 1; 948 } else 949 use_tso = 0; 950 if (sack_rxmit) { 951 if (SEQ_LT(p->rxmit + len, tp->snd_una + so->so_snd.sb_cc)) 952 flags &= ~TH_FIN; 953 } 954 955 win = sbspace(&so->so_rcv); 956 957 /* 958 * Sender silly window avoidance. If connection is idle 959 * and can send all data, a maximum segment, 960 * at least a maximum default-size segment do it, 961 * or are forced, do it; otherwise don't bother. 962 * If peer's buffer is tiny, then send 963 * when window is at least half open. 964 * If retransmitting (possibly after persist timer forced us 965 * to send into a small window), then must resend. 966 */ 967 if (len) { 968 if (len >= txsegsize) 969 goto send; 970 if ((so->so_state & SS_MORETOCOME) == 0 && 971 ((idle || tp->t_flags & TF_NODELAY) && 972 len + off >= so->so_snd.sb_cc)) 973 goto send; 974 if (tp->t_force) 975 goto send; 976 if (len >= tp->max_sndwnd / 2) 977 goto send; 978 if (SEQ_LT(tp->snd_nxt, tp->snd_max)) 979 goto send; 980 if (sack_rxmit) 981 goto send; 982 } 983 984 /* 985 * Compare available window to amount of window known to peer 986 * (as advertised window less next expected input). If the 987 * difference is at least twice the size of the largest segment 988 * we expect to receive (i.e. two segments) or at least 50% of 989 * the maximum possible window, then want to send a window update 990 * to peer. 991 */ 992 if (win > 0) { 993 /* 994 * "adv" is the amount we can increase the window, 995 * taking into account that we are limited by 996 * TCP_MAXWIN << tp->rcv_scale. 997 */ 998 long recwin = uimin(win, (long)TCP_MAXWIN << tp->rcv_scale); 999 long oldwin, adv; 1000 1001 /* 1002 * rcv_nxt may overtake rcv_adv when we accept a 1003 * zero-window probe. 1004 */ 1005 if (SEQ_GT(tp->rcv_adv, tp->rcv_nxt)) 1006 oldwin = tp->rcv_adv - tp->rcv_nxt; 1007 else 1008 oldwin = 0; 1009 1010 /* 1011 * If the new window size ends up being the same as or 1012 * less than the old size when it is scaled, then 1013 * don't force a window update. 1014 */ 1015 if (recwin >> tp->rcv_scale <= oldwin >> tp->rcv_scale) 1016 goto dontupdate; 1017 1018 adv = recwin - oldwin; 1019 if (adv >= (long) (2 * rxsegsize)) 1020 goto send; 1021 if (2 * adv >= (long) so->so_rcv.sb_hiwat) 1022 goto send; 1023 } 1024 dontupdate: 1025 1026 /* 1027 * Send if we owe peer an ACK. 1028 */ 1029 if (tp->t_flags & TF_ACKNOW) 1030 goto send; 1031 if (flags & (TH_SYN|TH_FIN|TH_RST)) 1032 goto send; 1033 if (SEQ_GT(tp->snd_up, tp->snd_una)) 1034 goto send; 1035 /* 1036 * In SACK, it is possible for tcp_output to fail to send a segment 1037 * after the retransmission timer has been turned off. Make sure 1038 * that the retransmission timer is set. 1039 */ 1040 if (TCP_SACK_ENABLED(tp) && SEQ_GT(tp->snd_max, tp->snd_una) && 1041 !TCP_TIMER_ISARMED(tp, TCPT_REXMT) && 1042 !TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) { 1043 TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur); 1044 goto just_return; 1045 } 1046 1047 /* 1048 * TCP window updates are not reliable, rather a polling protocol 1049 * using ``persist'' packets is used to insure receipt of window 1050 * updates. The three ``states'' for the output side are: 1051 * idle not doing retransmits or persists 1052 * persisting to move a small or zero window 1053 * (re)transmitting and thereby not persisting 1054 * 1055 * tp->t_timer[TCPT_PERSIST] 1056 * is set when we are in persist state. 1057 * tp->t_force 1058 * is set when we are called to send a persist packet. 1059 * tp->t_timer[TCPT_REXMT] 1060 * is set when we are retransmitting 1061 * The output side is idle when both timers are zero. 1062 * 1063 * If send window is too small, there is data to transmit, and no 1064 * retransmit or persist is pending, then go to persist state. 1065 * If nothing happens soon, send when timer expires: 1066 * if window is nonzero, transmit what we can, 1067 * otherwise force out a byte. 1068 */ 1069 if (so->so_snd.sb_cc && TCP_TIMER_ISARMED(tp, TCPT_REXMT) == 0 && 1070 TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) { 1071 tp->t_rxtshift = 0; 1072 tcp_setpersist(tp); 1073 } 1074 1075 /* 1076 * No reason to send a segment, just return. 1077 */ 1078 just_return: 1079 TCP_REASS_UNLOCK(tp); 1080 return 0; 1081 1082 send: 1083 /* 1084 * Before ESTABLISHED, force sending of initial options unless TCP set 1085 * not to do any options. 1086 * 1087 * Note: we assume that the IP/TCP header plus TCP options always fit 1088 * in a single mbuf, leaving room for a maximum link header, i.e.: 1089 * max_linkhdr + IP_header + TCP_header + optlen <= MCLBYTES 1090 */ 1091 optlen = 0; 1092 optp = opt; 1093 switch (af) { 1094 case AF_INET: 1095 iphdrlen = sizeof(struct ip) + sizeof(struct tcphdr); 1096 break; 1097 #ifdef INET6 1098 case AF_INET6: 1099 iphdrlen = sizeof(struct ip6_hdr) + sizeof(struct tcphdr); 1100 break; 1101 #endif 1102 default: /*pacify gcc*/ 1103 iphdrlen = 0; 1104 break; 1105 } 1106 hdrlen = iphdrlen; 1107 if (flags & TH_SYN) { 1108 struct rtentry *synrt; 1109 1110 synrt = NULL; 1111 if (tp->t_inpcb) 1112 synrt = in_pcbrtentry(tp->t_inpcb); 1113 #ifdef INET6 1114 if (tp->t_in6pcb) 1115 synrt = in6_pcbrtentry(tp->t_in6pcb); 1116 #endif 1117 1118 tp->snd_nxt = tp->iss; 1119 tp->t_ourmss = tcp_mss_to_advertise(synrt != NULL ? 1120 synrt->rt_ifp : NULL, af); 1121 if (tp->t_inpcb) 1122 in_pcbrtentry_unref(synrt, tp->t_inpcb); 1123 #ifdef INET6 1124 if (tp->t_in6pcb) 1125 in6_pcbrtentry_unref(synrt, tp->t_in6pcb); 1126 #endif 1127 if ((tp->t_flags & TF_NOOPT) == 0 && OPT_FITS(TCPOLEN_MAXSEG)) { 1128 *optp++ = TCPOPT_MAXSEG; 1129 *optp++ = TCPOLEN_MAXSEG; 1130 *optp++ = (tp->t_ourmss >> 8) & 0xff; 1131 *optp++ = tp->t_ourmss & 0xff; 1132 optlen += TCPOLEN_MAXSEG; 1133 1134 if ((tp->t_flags & TF_REQ_SCALE) && 1135 ((flags & TH_ACK) == 0 || 1136 (tp->t_flags & TF_RCVD_SCALE)) && 1137 OPT_FITS(TCPOLEN_WINDOW + TCPOLEN_NOP)) { 1138 *((uint32_t *)optp) = htonl( 1139 TCPOPT_NOP << 24 | 1140 TCPOPT_WINDOW << 16 | 1141 TCPOLEN_WINDOW << 8 | 1142 tp->request_r_scale); 1143 optp += TCPOLEN_WINDOW + TCPOLEN_NOP; 1144 optlen += TCPOLEN_WINDOW + TCPOLEN_NOP; 1145 } 1146 if (tcp_do_sack && OPT_FITS(TCPOLEN_SACK_PERMITTED)) { 1147 *optp++ = TCPOPT_SACK_PERMITTED; 1148 *optp++ = TCPOLEN_SACK_PERMITTED; 1149 optlen += TCPOLEN_SACK_PERMITTED; 1150 } 1151 } 1152 } 1153 1154 /* 1155 * Send a timestamp and echo-reply if this is a SYN and our side 1156 * wants to use timestamps (TF_REQ_TSTMP is set) or both our side 1157 * and our peer have sent timestamps in our SYN's. 1158 */ 1159 if ((tp->t_flags & (TF_REQ_TSTMP|TF_NOOPT)) == TF_REQ_TSTMP && 1160 (flags & TH_RST) == 0 && 1161 ((flags & (TH_SYN|TH_ACK)) == TH_SYN || 1162 (tp->t_flags & TF_RCVD_TSTMP))) { 1163 int alen = 0; 1164 while (optlen % 4 != 2) { 1165 optlen += TCPOLEN_NOP; 1166 *optp++ = TCPOPT_NOP; 1167 alen++; 1168 } 1169 if (OPT_FITS(TCPOLEN_TIMESTAMP)) { 1170 *optp++ = TCPOPT_TIMESTAMP; 1171 *optp++ = TCPOLEN_TIMESTAMP; 1172 uint32_t *lp = (uint32_t *)optp; 1173 /* Form timestamp option (appendix A of RFC 1323) */ 1174 *lp++ = htonl(TCP_TIMESTAMP(tp)); 1175 *lp = htonl(tp->ts_recent); 1176 optp += TCPOLEN_TIMESTAMP - 2; 1177 optlen += TCPOLEN_TIMESTAMP; 1178 1179 /* Set receive buffer autosizing timestamp. */ 1180 if (tp->rfbuf_ts == 0 && 1181 (so->so_rcv.sb_flags & SB_AUTOSIZE)) 1182 tp->rfbuf_ts = TCP_TIMESTAMP(tp); 1183 } else { 1184 optp -= alen; 1185 optlen -= alen; 1186 } 1187 } 1188 1189 #ifdef TCP_SIGNATURE 1190 if (tp->t_flags & TF_SIGNATURE) { 1191 /* 1192 * Initialize TCP-MD5 option (RFC2385) 1193 */ 1194 if (!OPT_FITS(TCPOLEN_SIGNATURE)) 1195 goto reset; 1196 1197 *optp++ = TCPOPT_SIGNATURE; 1198 *optp++ = TCPOLEN_SIGNATURE; 1199 sigoff = optlen + 2; 1200 memset(optp, 0, TCP_SIGLEN); 1201 optlen += TCPOLEN_SIGNATURE; 1202 optp += TCP_SIGLEN; 1203 } 1204 #endif 1205 1206 /* 1207 * Tack on the SACK block if it is necessary. 1208 */ 1209 if (sack_numblks) { 1210 int alen = 0; 1211 int sack_len = sack_numblks * 8; 1212 while (optlen % 4 != 2) { 1213 optlen += TCPOLEN_NOP; 1214 *optp++ = TCPOPT_NOP; 1215 alen++; 1216 } 1217 if (OPT_FITS(sack_len + 2)) { 1218 struct ipqent *tiqe; 1219 *optp++ = TCPOPT_SACK; 1220 *optp++ = sack_len + 2; 1221 uint32_t *lp = (uint32_t *)optp; 1222 if ((tp->rcv_sack_flags & TCPSACK_HAVED) != 0) { 1223 sack_numblks--; 1224 *lp++ = htonl(tp->rcv_dsack_block.left); 1225 *lp++ = htonl(tp->rcv_dsack_block.right); 1226 tp->rcv_sack_flags &= ~TCPSACK_HAVED; 1227 } 1228 for (tiqe = TAILQ_FIRST(&tp->timeq); 1229 sack_numblks > 0; 1230 tiqe = TAILQ_NEXT(tiqe, ipqe_timeq)) { 1231 KASSERT(tiqe != NULL); 1232 sack_numblks--; 1233 *lp++ = htonl(tiqe->ipqe_seq); 1234 *lp++ = htonl(tiqe->ipqe_seq + tiqe->ipqe_len + 1235 ((tiqe->ipqe_flags & TH_FIN) != 0 ? 1 : 0)); 1236 } 1237 optlen += sack_len + 2; 1238 optp += sack_len; 1239 } else { 1240 optp -= alen; 1241 optlen -= alen; 1242 } 1243 } 1244 1245 /* Terminate and pad TCP options to a 4 byte boundary. */ 1246 if (optlen % 4) { 1247 if (!OPT_FITS(TCPOLEN_EOL)) { 1248 reset: TCP_REASS_UNLOCK(tp); 1249 error = ECONNABORTED; 1250 goto out; 1251 } 1252 optlen += TCPOLEN_EOL; 1253 *optp++ = TCPOPT_EOL; 1254 } 1255 /* 1256 * According to RFC 793 (STD0007): 1257 * "The content of the header beyond the End-of-Option option 1258 * must be header padding (i.e., zero)." 1259 * and later: "The padding is composed of zeros." 1260 */ 1261 while (optlen % 4) { 1262 if (!OPT_FITS(TCPOLEN_PAD)) 1263 goto reset; 1264 optlen += TCPOLEN_PAD; 1265 *optp++ = TCPOPT_PAD; 1266 } 1267 1268 TCP_REASS_UNLOCK(tp); 1269 1270 hdrlen += optlen; 1271 1272 #ifdef DIAGNOSTIC 1273 if (!use_tso && len > txsegsize) 1274 panic("tcp data to be sent is larger than segment"); 1275 else if (use_tso && len > IP_MAXPACKET) 1276 panic("tcp data to be sent is larger than max TSO size"); 1277 if (max_linkhdr + hdrlen > MCLBYTES) 1278 panic("tcphdr too big"); 1279 #endif 1280 1281 /* 1282 * Grab a header mbuf, attaching a copy of data to 1283 * be transmitted, and initialize the header from 1284 * the template for sends on this connection. 1285 */ 1286 if (len) { 1287 error = tcp_build_datapkt(tp, so, off, len, hdrlen, &m); 1288 if (error) 1289 goto out; 1290 /* 1291 * If we're sending everything we've got, set PUSH. 1292 * (This will keep happy those implementations which only 1293 * give data to the user when a buffer fills or 1294 * a PUSH comes in.) 1295 */ 1296 if (off + len == so->so_snd.sb_cc) 1297 flags |= TH_PUSH; 1298 } else { 1299 tcps = TCP_STAT_GETREF(); 1300 if (tp->t_flags & TF_ACKNOW) 1301 tcps[TCP_STAT_SNDACKS]++; 1302 else if (flags & (TH_SYN|TH_FIN|TH_RST)) 1303 tcps[TCP_STAT_SNDCTRL]++; 1304 else if (SEQ_GT(tp->snd_up, tp->snd_una)) 1305 tcps[TCP_STAT_SNDURG]++; 1306 else 1307 tcps[TCP_STAT_SNDWINUP]++; 1308 TCP_STAT_PUTREF(); 1309 1310 MGETHDR(m, M_DONTWAIT, MT_HEADER); 1311 if (m != NULL && max_linkhdr + hdrlen > MHLEN) { 1312 MCLGET(m, M_DONTWAIT); 1313 if ((m->m_flags & M_EXT) == 0) { 1314 m_freem(m); 1315 m = NULL; 1316 } 1317 } 1318 if (m == NULL) { 1319 error = ENOBUFS; 1320 goto out; 1321 } 1322 MCLAIM(m, &tcp_tx_mowner); 1323 m->m_data += max_linkhdr; 1324 m->m_len = hdrlen; 1325 } 1326 m_reset_rcvif(m); 1327 switch (af) { 1328 case AF_INET: 1329 ip = mtod(m, struct ip *); 1330 #ifdef INET6 1331 ip6 = NULL; 1332 #endif 1333 th = (struct tcphdr *)(ip + 1); 1334 break; 1335 #ifdef INET6 1336 case AF_INET6: 1337 ip = NULL; 1338 ip6 = mtod(m, struct ip6_hdr *); 1339 th = (struct tcphdr *)(ip6 + 1); 1340 break; 1341 #endif 1342 default: /*pacify gcc*/ 1343 ip = NULL; 1344 #ifdef INET6 1345 ip6 = NULL; 1346 #endif 1347 th = NULL; 1348 break; 1349 } 1350 if (tp->t_template == NULL) 1351 panic("%s: no template", __func__); 1352 if (tp->t_template->m_len < iphdrlen) 1353 panic("%s: %d < %d", __func__, tp->t_template->m_len, iphdrlen); 1354 bcopy(mtod(tp->t_template, void *), mtod(m, void *), iphdrlen); 1355 1356 /* 1357 * If we are starting a connection, send ECN setup 1358 * SYN packet. If we are on a retransmit, we may 1359 * resend those bits a number of times as per 1360 * RFC 3168. 1361 */ 1362 if (tp->t_state == TCPS_SYN_SENT && tcp_do_ecn) { 1363 if (tp->t_flags & TF_SYN_REXMT) { 1364 if (tp->t_ecn_retries--) 1365 flags |= TH_ECE|TH_CWR; 1366 } else { 1367 flags |= TH_ECE|TH_CWR; 1368 tp->t_ecn_retries = tcp_ecn_maxretries; 1369 } 1370 } 1371 1372 if (TCP_ECN_ALLOWED(tp)) { 1373 /* 1374 * If the peer has ECN, mark data packets 1375 * ECN capable. Ignore pure ack packets, retransmissions 1376 * and window probes. 1377 */ 1378 if (len > 0 && SEQ_GEQ(tp->snd_nxt, tp->snd_max) && 1379 !(tp->t_force && len == 1)) { 1380 ecn_tos = IPTOS_ECN_ECT0; 1381 TCP_STATINC(TCP_STAT_ECN_ECT); 1382 } 1383 1384 /* 1385 * Reply with proper ECN notifications. 1386 */ 1387 if (tp->t_flags & TF_ECN_SND_CWR) { 1388 flags |= TH_CWR; 1389 tp->t_flags &= ~TF_ECN_SND_CWR; 1390 } 1391 if (tp->t_flags & TF_ECN_SND_ECE) { 1392 flags |= TH_ECE; 1393 } 1394 } 1395 1396 /* 1397 * If we are doing retransmissions, then snd_nxt will 1398 * not reflect the first unsent octet. For ACK only 1399 * packets, we do not want the sequence number of the 1400 * retransmitted packet, we want the sequence number 1401 * of the next unsent octet. So, if there is no data 1402 * (and no SYN or FIN), use snd_max instead of snd_nxt 1403 * when filling in ti_seq. But if we are in persist 1404 * state, snd_max might reflect one byte beyond the 1405 * right edge of the window, so use snd_nxt in that 1406 * case, since we know we aren't doing a retransmission. 1407 * (retransmit and persist are mutually exclusive...) 1408 */ 1409 if (TCP_SACK_ENABLED(tp) && sack_rxmit) { 1410 th->th_seq = htonl(p->rxmit); 1411 p->rxmit += len; 1412 } else { 1413 if (len || (flags & (TH_SYN|TH_FIN)) || 1414 TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) 1415 th->th_seq = htonl(tp->snd_nxt); 1416 else 1417 th->th_seq = htonl(tp->snd_max); 1418 } 1419 th->th_ack = htonl(tp->rcv_nxt); 1420 if (optlen) { 1421 memcpy(th + 1, opt, optlen); 1422 th->th_off = (sizeof (struct tcphdr) + optlen) >> 2; 1423 } 1424 th->th_flags = flags; 1425 /* 1426 * Calculate receive window. Don't shrink window, 1427 * but avoid silly window syndrome. 1428 */ 1429 if (win < (long)(so->so_rcv.sb_hiwat / 4) && win < (long)rxsegsize) 1430 win = 0; 1431 if (win > (long)TCP_MAXWIN << tp->rcv_scale) 1432 win = (long)TCP_MAXWIN << tp->rcv_scale; 1433 if (win < (long)(int32_t)(tp->rcv_adv - tp->rcv_nxt)) 1434 win = (long)(int32_t)(tp->rcv_adv - tp->rcv_nxt); 1435 th->th_win = htons((u_int16_t) (win>>tp->rcv_scale)); 1436 if (th->th_win == 0) { 1437 tp->t_sndzerowin++; 1438 } 1439 if (SEQ_GT(tp->snd_up, tp->snd_nxt)) { 1440 u_int32_t urp = tp->snd_up - tp->snd_nxt; 1441 if (urp > IP_MAXPACKET) 1442 urp = IP_MAXPACKET; 1443 th->th_urp = htons((u_int16_t)urp); 1444 th->th_flags |= TH_URG; 1445 } else 1446 /* 1447 * If no urgent pointer to send, then we pull 1448 * the urgent pointer to the left edge of the send window 1449 * so that it doesn't drift into the send window on sequence 1450 * number wraparound. 1451 */ 1452 tp->snd_up = tp->snd_una; /* drag it along */ 1453 1454 #ifdef TCP_SIGNATURE 1455 if (sigoff && (tp->t_flags & TF_SIGNATURE)) { 1456 struct secasvar *sav; 1457 u_int8_t *sigp; 1458 1459 sav = tcp_signature_getsav(m); 1460 if (sav == NULL) { 1461 if (m) 1462 m_freem(m); 1463 return EPERM; 1464 } 1465 1466 m->m_pkthdr.len = hdrlen + len; 1467 sigp = (char *)th + sizeof(*th) + sigoff; 1468 tcp_signature(m, th, (char *)th - mtod(m, char *), sav, sigp); 1469 1470 key_sa_recordxfer(sav, m); 1471 KEY_SA_UNREF(&sav); 1472 } 1473 #endif 1474 1475 /* 1476 * Set ourselves up to be checksummed just before the packet 1477 * hits the wire. 1478 */ 1479 switch (af) { 1480 case AF_INET: 1481 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); 1482 if (use_tso) { 1483 m->m_pkthdr.segsz = txsegsize; 1484 m->m_pkthdr.csum_flags = M_CSUM_TSOv4; 1485 } else { 1486 m->m_pkthdr.csum_flags = M_CSUM_TCPv4; 1487 if (len + optlen) { 1488 /* Fixup the pseudo-header checksum. */ 1489 /* XXXJRT Not IP Jumbogram safe. */ 1490 th->th_sum = in_cksum_addword(th->th_sum, 1491 htons((u_int16_t) (len + optlen))); 1492 } 1493 } 1494 break; 1495 #ifdef INET6 1496 case AF_INET6: 1497 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); 1498 if (use_tso) { 1499 m->m_pkthdr.segsz = txsegsize; 1500 m->m_pkthdr.csum_flags = M_CSUM_TSOv6; 1501 } else { 1502 m->m_pkthdr.csum_flags = M_CSUM_TCPv6; 1503 if (len + optlen) { 1504 /* Fixup the pseudo-header checksum. */ 1505 /* XXXJRT: Not IPv6 Jumbogram safe. */ 1506 th->th_sum = in_cksum_addword(th->th_sum, 1507 htons((u_int16_t) (len + optlen))); 1508 } 1509 } 1510 break; 1511 #endif 1512 } 1513 1514 /* 1515 * In transmit state, time the transmission and arrange for 1516 * the retransmit. In persist state, just set snd_max. 1517 */ 1518 if (tp->t_force == 0 || TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) { 1519 tcp_seq startseq = tp->snd_nxt; 1520 1521 /* 1522 * Advance snd_nxt over sequence space of this segment. 1523 * There are no states in which we send both a SYN and a FIN, 1524 * so we collapse the tests for these flags. 1525 */ 1526 if (flags & (TH_SYN|TH_FIN)) 1527 tp->snd_nxt++; 1528 if (sack_rxmit) 1529 goto timer; 1530 tp->snd_nxt += len; 1531 if (SEQ_GT(tp->snd_nxt, tp->snd_max)) { 1532 tp->snd_max = tp->snd_nxt; 1533 /* 1534 * Time this transmission if not a retransmission and 1535 * not currently timing anything. 1536 */ 1537 if (tp->t_rtttime == 0) { 1538 tp->t_rtttime = tcp_now; 1539 tp->t_rtseq = startseq; 1540 TCP_STATINC(TCP_STAT_SEGSTIMED); 1541 } 1542 } 1543 1544 /* 1545 * Set retransmit timer if not currently set, 1546 * and not doing an ack or a keep-alive probe. 1547 * Initial value for retransmit timer is smoothed 1548 * round-trip time + 2 * round-trip time variance. 1549 * Initialize shift counter which is used for backoff 1550 * of retransmit time. 1551 */ 1552 timer: 1553 if (TCP_TIMER_ISARMED(tp, TCPT_REXMT) == 0) { 1554 if ((sack_rxmit && tp->snd_nxt != tp->snd_max) 1555 || tp->snd_nxt != tp->snd_una) { 1556 if (TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) { 1557 TCP_TIMER_DISARM(tp, TCPT_PERSIST); 1558 tp->t_rxtshift = 0; 1559 } 1560 TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur); 1561 } else if (len == 0 && so->so_snd.sb_cc > 0 1562 && TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) { 1563 /* 1564 * If we are sending a window probe and there's 1565 * unacked data in the socket, make sure at 1566 * least the persist timer is running. 1567 */ 1568 tp->t_rxtshift = 0; 1569 tcp_setpersist(tp); 1570 } 1571 } 1572 } else 1573 if (SEQ_GT(tp->snd_nxt + len, tp->snd_max)) 1574 tp->snd_max = tp->snd_nxt + len; 1575 1576 #ifdef TCP_DEBUG 1577 /* 1578 * Trace. 1579 */ 1580 if (so->so_options & SO_DEBUG) 1581 tcp_trace(TA_OUTPUT, tp->t_state, tp, m, 0); 1582 #endif 1583 1584 /* 1585 * Fill in IP length and desired time to live and 1586 * send to IP level. There should be a better way 1587 * to handle ttl and tos; we could keep them in 1588 * the template, but need a way to checksum without them. 1589 */ 1590 m->m_pkthdr.len = hdrlen + len; 1591 1592 switch (af) { 1593 case AF_INET: 1594 ip->ip_len = htons(m->m_pkthdr.len); 1595 packetlen = m->m_pkthdr.len; 1596 if (tp->t_inpcb) { 1597 ip->ip_ttl = tp->t_inpcb->inp_ip.ip_ttl; 1598 ip->ip_tos = tp->t_inpcb->inp_ip.ip_tos | ecn_tos; 1599 } 1600 #ifdef INET6 1601 else if (tp->t_in6pcb) { 1602 ip->ip_ttl = in6_selecthlim(tp->t_in6pcb, NULL); /*XXX*/ 1603 ip->ip_tos = ecn_tos; /*XXX*/ 1604 } 1605 #endif 1606 break; 1607 #ifdef INET6 1608 case AF_INET6: 1609 packetlen = m->m_pkthdr.len; 1610 ip6->ip6_nxt = IPPROTO_TCP; 1611 if (tp->t_in6pcb) { 1612 /* 1613 * we separately set hoplimit for every segment, since 1614 * the user might want to change the value via 1615 * setsockopt. Also, desired default hop limit might 1616 * be changed via Neighbor Discovery. 1617 */ 1618 ip6->ip6_hlim = in6_selecthlim_rt(tp->t_in6pcb); 1619 } 1620 ip6->ip6_flow |= htonl(ecn_tos << 20); 1621 /* ip6->ip6_flow = ??? (from template) */ 1622 /* ip6_plen will be filled in ip6_output(). */ 1623 break; 1624 #endif 1625 default: /*pacify gcc*/ 1626 packetlen = 0; 1627 break; 1628 } 1629 1630 switch (af) { 1631 case AF_INET: 1632 { 1633 struct mbuf *opts; 1634 1635 if (tp->t_inpcb) 1636 opts = tp->t_inpcb->inp_options; 1637 else 1638 opts = NULL; 1639 error = ip_output(m, opts, ro, 1640 (tp->t_mtudisc ? IP_MTUDISC : 0) | 1641 (so->so_options & SO_DONTROUTE), NULL, tp->t_inpcb); 1642 break; 1643 } 1644 #ifdef INET6 1645 case AF_INET6: 1646 { 1647 struct ip6_pktopts *opts; 1648 1649 if (tp->t_in6pcb) 1650 opts = tp->t_in6pcb->in6p_outputopts; 1651 else 1652 opts = NULL; 1653 error = ip6_output(m, opts, ro, so->so_options & SO_DONTROUTE, 1654 NULL, tp->t_in6pcb, NULL); 1655 break; 1656 } 1657 #endif 1658 default: 1659 error = EAFNOSUPPORT; 1660 break; 1661 } 1662 if (error) { 1663 out: 1664 if (error == ENOBUFS) { 1665 TCP_STATINC(TCP_STAT_SELFQUENCH); 1666 if (tp->t_inpcb) 1667 tcp_quench(tp->t_inpcb); 1668 #ifdef INET6 1669 if (tp->t_in6pcb) 1670 tcp6_quench(tp->t_in6pcb); 1671 #endif 1672 error = 0; 1673 } else if ((error == EHOSTUNREACH || error == ENETDOWN) && 1674 TCPS_HAVERCVDSYN(tp->t_state)) { 1675 tp->t_softerror = error; 1676 error = 0; 1677 } 1678 1679 /* Back out the sequence number advance. */ 1680 if (sack_rxmit) 1681 p->rxmit -= len; 1682 1683 /* Restart the delayed ACK timer, if necessary. */ 1684 if (tp->t_flags & TF_DELACK) 1685 TCP_RESTART_DELACK(tp); 1686 1687 return error; 1688 } 1689 1690 if (packetlen > tp->t_pmtud_mtu_sent) 1691 tp->t_pmtud_mtu_sent = packetlen; 1692 1693 tcps = TCP_STAT_GETREF(); 1694 tcps[TCP_STAT_SNDTOTAL]++; 1695 if (tp->t_flags & TF_DELACK) 1696 tcps[TCP_STAT_DELACK]++; 1697 TCP_STAT_PUTREF(); 1698 1699 /* 1700 * Data sent (as far as we can tell). 1701 * If this advertises a larger window than any other segment, 1702 * then remember the size of the advertised window. 1703 * Any pending ACK has now been sent. 1704 */ 1705 if (win > 0 && SEQ_GT(tp->rcv_nxt+win, tp->rcv_adv)) 1706 tp->rcv_adv = tp->rcv_nxt + win; 1707 tp->last_ack_sent = tp->rcv_nxt; 1708 tp->t_flags &= ~TF_ACKNOW; 1709 TCP_CLEAR_DELACK(tp); 1710 #ifdef DIAGNOSTIC 1711 if (maxburst < 0) 1712 printf("tcp_output: maxburst exceeded by %d\n", -maxburst); 1713 #endif 1714 if (sendalot && (tp->t_congctl == &tcp_reno_ctl || --maxburst)) 1715 goto again; 1716 return 0; 1717 } 1718 1719 void 1720 tcp_setpersist(struct tcpcb *tp) 1721 { 1722 int t = ((tp->t_srtt >> 2) + tp->t_rttvar) >> (1 + 2); 1723 int nticks; 1724 1725 if (TCP_TIMER_ISARMED(tp, TCPT_REXMT)) 1726 panic("tcp_output REXMT"); 1727 /* 1728 * Start/restart persistance timer. 1729 */ 1730 if (t < tp->t_rttmin) 1731 t = tp->t_rttmin; 1732 TCPT_RANGESET(nticks, t * tcp_backoff[tp->t_rxtshift], 1733 TCPTV_PERSMIN, TCPTV_PERSMAX); 1734 TCP_TIMER_ARM(tp, TCPT_PERSIST, nticks); 1735 if (tp->t_rxtshift < TCP_MAXRXTSHIFT) 1736 tp->t_rxtshift++; 1737 } 1738