inet/tcp/tcp_time_wait.c

11754SKacheong.Poon@Sun.COM/*
11754SKacheong.Poon@Sun.COM * CDDL HEADER START
11754SKacheong.Poon@Sun.COM *
11754SKacheong.Poon@Sun.COM * The contents of this file are subject to the terms of the
11754SKacheong.Poon@Sun.COM * Common Development and Distribution License (the "License").
11754SKacheong.Poon@Sun.COM * You may not use this file except in compliance with the License.
11754SKacheong.Poon@Sun.COM *
11754SKacheong.Poon@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
11754SKacheong.Poon@Sun.COM * or http://www.opensolaris.org/os/licensing.
11754SKacheong.Poon@Sun.COM * See the License for the specific language governing permissions
11754SKacheong.Poon@Sun.COM * and limitations under the License.
11754SKacheong.Poon@Sun.COM *
11754SKacheong.Poon@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each
11754SKacheong.Poon@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
11754SKacheong.Poon@Sun.COM * If applicable, add the following below this CDDL HEADER, with the
11754SKacheong.Poon@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying
11754SKacheong.Poon@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner]
11754SKacheong.Poon@Sun.COM *
11754SKacheong.Poon@Sun.COM * CDDL HEADER END
11754SKacheong.Poon@Sun.COM */
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM/*
12056SKacheong.Poon@Sun.COM * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
11754SKacheong.Poon@Sun.COM */
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM/*
11754SKacheong.Poon@Sun.COM * This file contains functions related to TCP time wait processing.  Also
11754SKacheong.Poon@Sun.COM * refer to the time wait handling comments in tcp_impl.h.
11754SKacheong.Poon@Sun.COM */
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM#include <sys/types.h>
11754SKacheong.Poon@Sun.COM#include <sys/strsun.h>
11754SKacheong.Poon@Sun.COM#include <sys/squeue_impl.h>
11754SKacheong.Poon@Sun.COM#include <sys/squeue.h>
11754SKacheong.Poon@Sun.COM#include <sys/callo.h>
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM#include <inet/common.h>
11754SKacheong.Poon@Sun.COM#include <inet/ip.h>
11754SKacheong.Poon@Sun.COM#include <inet/tcp.h>
11754SKacheong.Poon@Sun.COM#include <inet/tcp_impl.h>
11754SKacheong.Poon@Sun.COM#include <inet/tcp_cluster.h>
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COMstatic void	tcp_timewait_close(void *, mblk_t *, void *, ip_recv_attr_t *);
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM/*
11754SKacheong.Poon@Sun.COM * TCP_TIME_WAIT_DELAY governs how often the time_wait_collector runs.
11754SKacheong.Poon@Sun.COM * Running it every 5 seconds seems to give the best results.
11754SKacheong.Poon@Sun.COM */
11754SKacheong.Poon@Sun.COM#define	TCP_TIME_WAIT_DELAY ((hrtime_t)5 * NANOSEC)
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM/*
11754SKacheong.Poon@Sun.COM * Remove a connection from the list of detached TIME_WAIT connections.
11754SKacheong.Poon@Sun.COM * It returns B_FALSE if it can't remove the connection from the list
11754SKacheong.Poon@Sun.COM * as the connection has already been removed from the list due to an
11754SKacheong.Poon@Sun.COM * earlier call to tcp_time_wait_remove(); otherwise it returns B_TRUE.
11754SKacheong.Poon@Sun.COM */
11754SKacheong.Poon@Sun.COMboolean_t
11754SKacheong.Poon@Sun.COMtcp_time_wait_remove(tcp_t *tcp, tcp_squeue_priv_t *tcp_time_wait)
11754SKacheong.Poon@Sun.COM{
11754SKacheong.Poon@Sun.COM	boolean_t	locked = B_FALSE;
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	if (tcp_time_wait == NULL) {
11754SKacheong.Poon@Sun.COM		tcp_time_wait = *((tcp_squeue_priv_t **)
11754SKacheong.Poon@Sun.COM		    squeue_getprivate(tcp->tcp_connp->conn_sqp, SQPRIVATE_TCP));
11754SKacheong.Poon@Sun.COM		mutex_enter(&tcp_time_wait->tcp_time_wait_lock);
11754SKacheong.Poon@Sun.COM		locked = B_TRUE;
11754SKacheong.Poon@Sun.COM	} else {
11754SKacheong.Poon@Sun.COM		ASSERT(MUTEX_HELD(&tcp_time_wait->tcp_time_wait_lock));
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	/* 0 means that the tcp_t has not been added to the time wait list. */
11754SKacheong.Poon@Sun.COM	if (tcp->tcp_time_wait_expire == 0) {
11754SKacheong.Poon@Sun.COM		ASSERT(tcp->tcp_time_wait_next == NULL);
11754SKacheong.Poon@Sun.COM		ASSERT(tcp->tcp_time_wait_prev == NULL);
11754SKacheong.Poon@Sun.COM		if (locked)
11754SKacheong.Poon@Sun.COM			mutex_exit(&tcp_time_wait->tcp_time_wait_lock);
11754SKacheong.Poon@Sun.COM		return (B_FALSE);
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM	ASSERT(TCP_IS_DETACHED(tcp));
11754SKacheong.Poon@Sun.COM	ASSERT(tcp->tcp_state == TCPS_TIME_WAIT);
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	if (tcp == tcp_time_wait->tcp_time_wait_head) {
11754SKacheong.Poon@Sun.COM		ASSERT(tcp->tcp_time_wait_prev == NULL);
11754SKacheong.Poon@Sun.COM		tcp_time_wait->tcp_time_wait_head = tcp->tcp_time_wait_next;
11754SKacheong.Poon@Sun.COM		if (tcp_time_wait->tcp_time_wait_head != NULL) {
11754SKacheong.Poon@Sun.COM			tcp_time_wait->tcp_time_wait_head->tcp_time_wait_prev =
11754SKacheong.Poon@Sun.COM			    NULL;
11754SKacheong.Poon@Sun.COM		} else {
11754SKacheong.Poon@Sun.COM			tcp_time_wait->tcp_time_wait_tail = NULL;
11754SKacheong.Poon@Sun.COM		}
11754SKacheong.Poon@Sun.COM	} else if (tcp == tcp_time_wait->tcp_time_wait_tail) {
11754SKacheong.Poon@Sun.COM		ASSERT(tcp->tcp_time_wait_next == NULL);
11754SKacheong.Poon@Sun.COM		tcp_time_wait->tcp_time_wait_tail = tcp->tcp_time_wait_prev;
11754SKacheong.Poon@Sun.COM		ASSERT(tcp_time_wait->tcp_time_wait_tail != NULL);
11754SKacheong.Poon@Sun.COM		tcp_time_wait->tcp_time_wait_tail->tcp_time_wait_next = NULL;
11754SKacheong.Poon@Sun.COM	} else {
11754SKacheong.Poon@Sun.COM		ASSERT(tcp->tcp_time_wait_prev->tcp_time_wait_next == tcp);
11754SKacheong.Poon@Sun.COM		ASSERT(tcp->tcp_time_wait_next->tcp_time_wait_prev == tcp);
11754SKacheong.Poon@Sun.COM		tcp->tcp_time_wait_prev->tcp_time_wait_next =
11754SKacheong.Poon@Sun.COM		    tcp->tcp_time_wait_next;
11754SKacheong.Poon@Sun.COM		tcp->tcp_time_wait_next->tcp_time_wait_prev =
11754SKacheong.Poon@Sun.COM		    tcp->tcp_time_wait_prev;
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM	tcp->tcp_time_wait_next = NULL;
11754SKacheong.Poon@Sun.COM	tcp->tcp_time_wait_prev = NULL;
11754SKacheong.Poon@Sun.COM	tcp->tcp_time_wait_expire = 0;
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	if (locked)
11754SKacheong.Poon@Sun.COM		mutex_exit(&tcp_time_wait->tcp_time_wait_lock);
11754SKacheong.Poon@Sun.COM	return (B_TRUE);
11754SKacheong.Poon@Sun.COM}
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM/*
11754SKacheong.Poon@Sun.COM * Add a connection to the list of detached TIME_WAIT connections
11754SKacheong.Poon@Sun.COM * and set its time to expire.
11754SKacheong.Poon@Sun.COM */
11754SKacheong.Poon@Sun.COMvoid
11754SKacheong.Poon@Sun.COMtcp_time_wait_append(tcp_t *tcp)
11754SKacheong.Poon@Sun.COM{
11754SKacheong.Poon@Sun.COM	tcp_stack_t	*tcps = tcp->tcp_tcps;
12056SKacheong.Poon@Sun.COM	squeue_t	*sqp = tcp->tcp_connp->conn_sqp;
11754SKacheong.Poon@Sun.COM	tcp_squeue_priv_t *tcp_time_wait =
12056SKacheong.Poon@Sun.COM	    *((tcp_squeue_priv_t **)squeue_getprivate(sqp, SQPRIVATE_TCP));
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	tcp_timers_stop(tcp);
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	/* Freed above */
11754SKacheong.Poon@Sun.COM	ASSERT(tcp->tcp_timer_tid == 0);
11754SKacheong.Poon@Sun.COM	ASSERT(tcp->tcp_ack_tid == 0);
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	/* must have happened at the time of detaching the tcp */
11754SKacheong.Poon@Sun.COM	ASSERT(tcp->tcp_ptpahn == NULL);
11754SKacheong.Poon@Sun.COM	ASSERT(tcp->tcp_flow_stopped == 0);
11754SKacheong.Poon@Sun.COM	ASSERT(tcp->tcp_time_wait_next == NULL);
11754SKacheong.Poon@Sun.COM	ASSERT(tcp->tcp_time_wait_prev == NULL);
12056SKacheong.Poon@Sun.COM	ASSERT(tcp->tcp_time_wait_expire == 0);
11754SKacheong.Poon@Sun.COM	ASSERT(tcp->tcp_listener == NULL);
11754SKacheong.Poon@Sun.COM
12056SKacheong.Poon@Sun.COM	tcp->tcp_time_wait_expire = ddi_get_lbolt64();
11754SKacheong.Poon@Sun.COM	/*
12056SKacheong.Poon@Sun.COM	 * Since tcp_time_wait_expire is lbolt64, it should not wrap around
12056SKacheong.Poon@Sun.COM	 * in practice.  Hence it cannot be 0.  Note that zero means that the
12056SKacheong.Poon@Sun.COM	 * tcp_t is not in the TIME_WAIT list.
11754SKacheong.Poon@Sun.COM	 */
11754SKacheong.Poon@Sun.COM	tcp->tcp_time_wait_expire += MSEC_TO_TICK(
11754SKacheong.Poon@Sun.COM	    tcps->tcps_time_wait_interval);
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	ASSERT(TCP_IS_DETACHED(tcp));
11754SKacheong.Poon@Sun.COM	ASSERT(tcp->tcp_state == TCPS_TIME_WAIT);
11754SKacheong.Poon@Sun.COM	ASSERT(tcp->tcp_time_wait_next == NULL);
11754SKacheong.Poon@Sun.COM	ASSERT(tcp->tcp_time_wait_prev == NULL);
11754SKacheong.Poon@Sun.COM	TCP_DBGSTAT(tcps, tcp_time_wait);
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	mutex_enter(&tcp_time_wait->tcp_time_wait_lock);
11754SKacheong.Poon@Sun.COM	if (tcp_time_wait->tcp_time_wait_head == NULL) {
11754SKacheong.Poon@Sun.COM		ASSERT(tcp_time_wait->tcp_time_wait_tail == NULL);
11754SKacheong.Poon@Sun.COM		tcp_time_wait->tcp_time_wait_head = tcp;
12056SKacheong.Poon@Sun.COM
12056SKacheong.Poon@Sun.COM		/*
12056SKacheong.Poon@Sun.COM		 * Even if the list was empty before, there may be a timer
12056SKacheong.Poon@Sun.COM		 * running since a tcp_t can be removed from the list
12056SKacheong.Poon@Sun.COM		 * in other places, such as tcp_clean_death().  So check if
12056SKacheong.Poon@Sun.COM		 * a timer is needed.
12056SKacheong.Poon@Sun.COM		 */
12056SKacheong.Poon@Sun.COM		if (tcp_time_wait->tcp_time_wait_tid == 0) {
12056SKacheong.Poon@Sun.COM			tcp_time_wait->tcp_time_wait_tid =
12056SKacheong.Poon@Sun.COM			    timeout_generic(CALLOUT_NORMAL,
12056SKacheong.Poon@Sun.COM			    tcp_time_wait_collector, sqp,
12056SKacheong.Poon@Sun.COM			    (hrtime_t)(tcps->tcps_time_wait_interval + 1) *
12056SKacheong.Poon@Sun.COM			    MICROSEC, CALLOUT_TCP_RESOLUTION,
12056SKacheong.Poon@Sun.COM			    CALLOUT_FLAG_ROUNDUP);
12056SKacheong.Poon@Sun.COM		}
11754SKacheong.Poon@Sun.COM	} else {
*12175SKacheong.Poon@Sun.COM		/*
*12175SKacheong.Poon@Sun.COM		 * The list is not empty, so a timer must be running.  If not,
*12175SKacheong.Poon@Sun.COM		 * tcp_time_wait_collector() must be running on this
*12175SKacheong.Poon@Sun.COM		 * tcp_time_wait list at the same time.
*12175SKacheong.Poon@Sun.COM		 */
*12175SKacheong.Poon@Sun.COM		ASSERT(tcp_time_wait->tcp_time_wait_tid != 0 ||
*12175SKacheong.Poon@Sun.COM		    tcp_time_wait->tcp_time_wait_running);
11754SKacheong.Poon@Sun.COM		ASSERT(tcp_time_wait->tcp_time_wait_tail != NULL);
11754SKacheong.Poon@Sun.COM		ASSERT(tcp_time_wait->tcp_time_wait_tail->tcp_state ==
11754SKacheong.Poon@Sun.COM		    TCPS_TIME_WAIT);
11754SKacheong.Poon@Sun.COM		tcp_time_wait->tcp_time_wait_tail->tcp_time_wait_next = tcp;
11754SKacheong.Poon@Sun.COM		tcp->tcp_time_wait_prev = tcp_time_wait->tcp_time_wait_tail;
12056SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM	tcp_time_wait->tcp_time_wait_tail = tcp;
11754SKacheong.Poon@Sun.COM	mutex_exit(&tcp_time_wait->tcp_time_wait_lock);
11754SKacheong.Poon@Sun.COM}
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM/*
11754SKacheong.Poon@Sun.COM * Wrapper to call tcp_close_detached() via squeue to clean up TIME-WAIT
11754SKacheong.Poon@Sun.COM * tcp_t.  Used in tcp_time_wait_collector().
11754SKacheong.Poon@Sun.COM */
11754SKacheong.Poon@Sun.COM/* ARGSUSED */
11754SKacheong.Poon@Sun.COMstatic void
11754SKacheong.Poon@Sun.COMtcp_timewait_close(void *arg, mblk_t *mp, void *arg2, ip_recv_attr_t *dummy)
11754SKacheong.Poon@Sun.COM{
11754SKacheong.Poon@Sun.COM	conn_t	*connp = (conn_t *)arg;
11754SKacheong.Poon@Sun.COM	tcp_t	*tcp = connp->conn_tcp;
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	ASSERT(tcp != NULL);
11754SKacheong.Poon@Sun.COM	if (tcp->tcp_state == TCPS_CLOSED) {
11754SKacheong.Poon@Sun.COM		return;
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	ASSERT((connp->conn_family == AF_INET &&
11754SKacheong.Poon@Sun.COM	    connp->conn_ipversion == IPV4_VERSION) ||
11754SKacheong.Poon@Sun.COM	    (connp->conn_family == AF_INET6 &&
11754SKacheong.Poon@Sun.COM	    (connp->conn_ipversion == IPV4_VERSION ||
11754SKacheong.Poon@Sun.COM	    connp->conn_ipversion == IPV6_VERSION)));
11754SKacheong.Poon@Sun.COM	ASSERT(!tcp->tcp_listener);
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	ASSERT(TCP_IS_DETACHED(tcp));
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	/*
11754SKacheong.Poon@Sun.COM	 * Because they have no upstream client to rebind or tcp_close()
11754SKacheong.Poon@Sun.COM	 * them later, we axe the connection here and now.
11754SKacheong.Poon@Sun.COM	 */
11754SKacheong.Poon@Sun.COM	tcp_close_detached(tcp);
11754SKacheong.Poon@Sun.COM}
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM/*
11754SKacheong.Poon@Sun.COM * Blows away all tcps whose TIME_WAIT has expired. List traversal
11754SKacheong.Poon@Sun.COM * is done forwards from the head.
11754SKacheong.Poon@Sun.COM * This walks all stack instances since
11754SKacheong.Poon@Sun.COM * tcp_time_wait remains global across all stacks.
11754SKacheong.Poon@Sun.COM */
11754SKacheong.Poon@Sun.COM/* ARGSUSED */
11754SKacheong.Poon@Sun.COMvoid
11754SKacheong.Poon@Sun.COMtcp_time_wait_collector(void *arg)
11754SKacheong.Poon@Sun.COM{
11754SKacheong.Poon@Sun.COM	tcp_t *tcp;
12056SKacheong.Poon@Sun.COM	int64_t now;
11754SKacheong.Poon@Sun.COM	mblk_t *mp;
11754SKacheong.Poon@Sun.COM	conn_t *connp;
11754SKacheong.Poon@Sun.COM	kmutex_t *lock;
11754SKacheong.Poon@Sun.COM	boolean_t removed;
11754SKacheong.Poon@Sun.COM	extern void (*cl_inet_disconnect)(netstackid_t, uint8_t, sa_family_t,
11754SKacheong.Poon@Sun.COM	    uint8_t *, in_port_t, uint8_t *, in_port_t, void *);
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	squeue_t *sqp = (squeue_t *)arg;
11754SKacheong.Poon@Sun.COM	tcp_squeue_priv_t *tcp_time_wait =
11754SKacheong.Poon@Sun.COM	    *((tcp_squeue_priv_t **)squeue_getprivate(sqp, SQPRIVATE_TCP));
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	mutex_enter(&tcp_time_wait->tcp_time_wait_lock);
11754SKacheong.Poon@Sun.COM	tcp_time_wait->tcp_time_wait_tid = 0;
*12175SKacheong.Poon@Sun.COM#ifdef DEBUG
*12175SKacheong.Poon@Sun.COM	tcp_time_wait->tcp_time_wait_running = B_TRUE;
*12175SKacheong.Poon@Sun.COM#endif
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	if (tcp_time_wait->tcp_free_list != NULL &&
11754SKacheong.Poon@Sun.COM	    tcp_time_wait->tcp_free_list->tcp_in_free_list == B_TRUE) {
11754SKacheong.Poon@Sun.COM		TCP_G_STAT(tcp_freelist_cleanup);
11754SKacheong.Poon@Sun.COM		while ((tcp = tcp_time_wait->tcp_free_list) != NULL) {
11754SKacheong.Poon@Sun.COM			tcp_time_wait->tcp_free_list = tcp->tcp_time_wait_next;
11754SKacheong.Poon@Sun.COM			tcp->tcp_time_wait_next = NULL;
11754SKacheong.Poon@Sun.COM			tcp_time_wait->tcp_free_list_cnt--;
11754SKacheong.Poon@Sun.COM			ASSERT(tcp->tcp_tcps == NULL);
11754SKacheong.Poon@Sun.COM			CONN_DEC_REF(tcp->tcp_connp);
11754SKacheong.Poon@Sun.COM		}
11754SKacheong.Poon@Sun.COM		ASSERT(tcp_time_wait->tcp_free_list_cnt == 0);
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	/*
11754SKacheong.Poon@Sun.COM	 * In order to reap time waits reliably, we should use a
11754SKacheong.Poon@Sun.COM	 * source of time that is not adjustable by the user -- hence
12056SKacheong.Poon@Sun.COM	 * the call to ddi_get_lbolt64().
11754SKacheong.Poon@Sun.COM	 */
12056SKacheong.Poon@Sun.COM	now = ddi_get_lbolt64();
11754SKacheong.Poon@Sun.COM	while ((tcp = tcp_time_wait->tcp_time_wait_head) != NULL) {
11754SKacheong.Poon@Sun.COM		/*
12056SKacheong.Poon@Sun.COM		 * lbolt64 should not wrap around in practice...  So we can
12056SKacheong.Poon@Sun.COM		 * do a direct comparison.
11754SKacheong.Poon@Sun.COM		 */
12056SKacheong.Poon@Sun.COM		if (now < tcp->tcp_time_wait_expire)
11754SKacheong.Poon@Sun.COM			break;
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM		removed = tcp_time_wait_remove(tcp, tcp_time_wait);
11754SKacheong.Poon@Sun.COM		ASSERT(removed);
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM		connp = tcp->tcp_connp;
11754SKacheong.Poon@Sun.COM		ASSERT(connp->conn_fanout != NULL);
11754SKacheong.Poon@Sun.COM		lock = &connp->conn_fanout->connf_lock;
11754SKacheong.Poon@Sun.COM		/*
11754SKacheong.Poon@Sun.COM		 * This is essentially a TW reclaim fast path optimization for
11754SKacheong.Poon@Sun.COM		 * performance where the timewait collector checks under the
11754SKacheong.Poon@Sun.COM		 * fanout lock (so that no one else can get access to the
11754SKacheong.Poon@Sun.COM		 * conn_t) that the refcnt is 2 i.e. one for TCP and one for
11754SKacheong.Poon@Sun.COM		 * the classifier hash list. If ref count is indeed 2, we can
11754SKacheong.Poon@Sun.COM		 * just remove the conn under the fanout lock and avoid
11754SKacheong.Poon@Sun.COM		 * cleaning up the conn under the squeue, provided that
11754SKacheong.Poon@Sun.COM		 * clustering callbacks are not enabled. If clustering is
11754SKacheong.Poon@Sun.COM		 * enabled, we need to make the clustering callback before
11754SKacheong.Poon@Sun.COM		 * setting the CONDEMNED flag and after dropping all locks and
11754SKacheong.Poon@Sun.COM		 * so we forego this optimization and fall back to the slow
11754SKacheong.Poon@Sun.COM		 * path. Also please see the comments in tcp_closei_local
11754SKacheong.Poon@Sun.COM		 * regarding the refcnt logic.
11754SKacheong.Poon@Sun.COM		 *
11754SKacheong.Poon@Sun.COM		 * Since we are holding the tcp_time_wait_lock, its better
11754SKacheong.Poon@Sun.COM		 * not to block on the fanout_lock because other connections
11754SKacheong.Poon@Sun.COM		 * can't add themselves to time_wait list. So we do a
11754SKacheong.Poon@Sun.COM		 * tryenter instead of mutex_enter.
11754SKacheong.Poon@Sun.COM		 */
11754SKacheong.Poon@Sun.COM		if (mutex_tryenter(lock)) {
11754SKacheong.Poon@Sun.COM			mutex_enter(&connp->conn_lock);
11754SKacheong.Poon@Sun.COM			if ((connp->conn_ref == 2) &&
11754SKacheong.Poon@Sun.COM			    (cl_inet_disconnect == NULL)) {
11754SKacheong.Poon@Sun.COM				ipcl_hash_remove_locked(connp,
11754SKacheong.Poon@Sun.COM				    connp->conn_fanout);
11754SKacheong.Poon@Sun.COM				/*
11754SKacheong.Poon@Sun.COM				 * Set the CONDEMNED flag now itself so that
11754SKacheong.Poon@Sun.COM				 * the refcnt cannot increase due to any
11754SKacheong.Poon@Sun.COM				 * walker.
11754SKacheong.Poon@Sun.COM				 */
11754SKacheong.Poon@Sun.COM				connp->conn_state_flags |= CONN_CONDEMNED;
11754SKacheong.Poon@Sun.COM				mutex_exit(lock);
11754SKacheong.Poon@Sun.COM				mutex_exit(&connp->conn_lock);
11754SKacheong.Poon@Sun.COM				if (tcp_time_wait->tcp_free_list_cnt <
11754SKacheong.Poon@Sun.COM				    tcp_free_list_max_cnt) {
11754SKacheong.Poon@Sun.COM					/* Add to head of tcp_free_list */
11754SKacheong.Poon@Sun.COM					mutex_exit(
11754SKacheong.Poon@Sun.COM					    &tcp_time_wait->tcp_time_wait_lock);
11754SKacheong.Poon@Sun.COM					tcp_cleanup(tcp);
11754SKacheong.Poon@Sun.COM					ASSERT(connp->conn_latch == NULL);
11754SKacheong.Poon@Sun.COM					ASSERT(connp->conn_policy == NULL);
11754SKacheong.Poon@Sun.COM					ASSERT(tcp->tcp_tcps == NULL);
11754SKacheong.Poon@Sun.COM					ASSERT(connp->conn_netstack == NULL);
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM					mutex_enter(
11754SKacheong.Poon@Sun.COM					    &tcp_time_wait->tcp_time_wait_lock);
11754SKacheong.Poon@Sun.COM					tcp->tcp_time_wait_next =
11754SKacheong.Poon@Sun.COM					    tcp_time_wait->tcp_free_list;
11754SKacheong.Poon@Sun.COM					tcp_time_wait->tcp_free_list = tcp;
11754SKacheong.Poon@Sun.COM					tcp_time_wait->tcp_free_list_cnt++;
11754SKacheong.Poon@Sun.COM					continue;
11754SKacheong.Poon@Sun.COM				} else {
11754SKacheong.Poon@Sun.COM					/* Do not add to tcp_free_list */
11754SKacheong.Poon@Sun.COM					mutex_exit(
11754SKacheong.Poon@Sun.COM					    &tcp_time_wait->tcp_time_wait_lock);
11754SKacheong.Poon@Sun.COM					tcp_bind_hash_remove(tcp);
11754SKacheong.Poon@Sun.COM					ixa_cleanup(tcp->tcp_connp->conn_ixa);
11754SKacheong.Poon@Sun.COM					tcp_ipsec_cleanup(tcp);
11754SKacheong.Poon@Sun.COM					CONN_DEC_REF(tcp->tcp_connp);
11754SKacheong.Poon@Sun.COM				}
11754SKacheong.Poon@Sun.COM			} else {
11754SKacheong.Poon@Sun.COM				CONN_INC_REF_LOCKED(connp);
11754SKacheong.Poon@Sun.COM				mutex_exit(lock);
11754SKacheong.Poon@Sun.COM				mutex_exit(&tcp_time_wait->tcp_time_wait_lock);
11754SKacheong.Poon@Sun.COM				mutex_exit(&connp->conn_lock);
11754SKacheong.Poon@Sun.COM				/*
11754SKacheong.Poon@Sun.COM				 * We can reuse the closemp here since conn has
11754SKacheong.Poon@Sun.COM				 * detached (otherwise we wouldn't even be in
11754SKacheong.Poon@Sun.COM				 * time_wait list). tcp_closemp_used can safely
11754SKacheong.Poon@Sun.COM				 * be changed without taking a lock as no other
11754SKacheong.Poon@Sun.COM				 * thread can concurrently access it at this
11754SKacheong.Poon@Sun.COM				 * point in the connection lifecycle.
11754SKacheong.Poon@Sun.COM				 */
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM				if (tcp->tcp_closemp.b_prev == NULL)
11754SKacheong.Poon@Sun.COM					tcp->tcp_closemp_used = B_TRUE;
11754SKacheong.Poon@Sun.COM				else
11754SKacheong.Poon@Sun.COM					cmn_err(CE_PANIC,
11754SKacheong.Poon@Sun.COM					    "tcp_timewait_collector: "
11754SKacheong.Poon@Sun.COM					    "concurrent use of tcp_closemp: "
11754SKacheong.Poon@Sun.COM					    "connp %p tcp %p\n", (void *)connp,
11754SKacheong.Poon@Sun.COM					    (void *)tcp);
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM				TCP_DEBUG_GETPCSTACK(tcp->tcmp_stk, 15);
11754SKacheong.Poon@Sun.COM				mp = &tcp->tcp_closemp;
11754SKacheong.Poon@Sun.COM				SQUEUE_ENTER_ONE(connp->conn_sqp, mp,
11754SKacheong.Poon@Sun.COM				    tcp_timewait_close, connp, NULL,
11754SKacheong.Poon@Sun.COM				    SQ_FILL, SQTAG_TCP_TIMEWAIT);
11754SKacheong.Poon@Sun.COM			}
11754SKacheong.Poon@Sun.COM		} else {
11754SKacheong.Poon@Sun.COM			mutex_enter(&connp->conn_lock);
11754SKacheong.Poon@Sun.COM			CONN_INC_REF_LOCKED(connp);
11754SKacheong.Poon@Sun.COM			mutex_exit(&tcp_time_wait->tcp_time_wait_lock);
11754SKacheong.Poon@Sun.COM			mutex_exit(&connp->conn_lock);
11754SKacheong.Poon@Sun.COM			/*
11754SKacheong.Poon@Sun.COM			 * We can reuse the closemp here since conn has
11754SKacheong.Poon@Sun.COM			 * detached (otherwise we wouldn't even be in
11754SKacheong.Poon@Sun.COM			 * time_wait list). tcp_closemp_used can safely
11754SKacheong.Poon@Sun.COM			 * be changed without taking a lock as no other
11754SKacheong.Poon@Sun.COM			 * thread can concurrently access it at this
11754SKacheong.Poon@Sun.COM			 * point in the connection lifecycle.
11754SKacheong.Poon@Sun.COM			 */
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM			if (tcp->tcp_closemp.b_prev == NULL)
11754SKacheong.Poon@Sun.COM				tcp->tcp_closemp_used = B_TRUE;
11754SKacheong.Poon@Sun.COM			else
11754SKacheong.Poon@Sun.COM				cmn_err(CE_PANIC, "tcp_timewait_collector: "
11754SKacheong.Poon@Sun.COM				    "concurrent use of tcp_closemp: "
11754SKacheong.Poon@Sun.COM				    "connp %p tcp %p\n", (void *)connp,
11754SKacheong.Poon@Sun.COM				    (void *)tcp);
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM			TCP_DEBUG_GETPCSTACK(tcp->tcmp_stk, 15);
11754SKacheong.Poon@Sun.COM			mp = &tcp->tcp_closemp;
11754SKacheong.Poon@Sun.COM			SQUEUE_ENTER_ONE(connp->conn_sqp, mp,
11754SKacheong.Poon@Sun.COM			    tcp_timewait_close, connp, NULL,
11754SKacheong.Poon@Sun.COM			    SQ_FILL, SQTAG_TCP_TIMEWAIT);
11754SKacheong.Poon@Sun.COM		}
11754SKacheong.Poon@Sun.COM		mutex_enter(&tcp_time_wait->tcp_time_wait_lock);
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	if (tcp_time_wait->tcp_free_list != NULL)
11754SKacheong.Poon@Sun.COM		tcp_time_wait->tcp_free_list->tcp_in_free_list = B_TRUE;
11754SKacheong.Poon@Sun.COM
12056SKacheong.Poon@Sun.COM	/*
12056SKacheong.Poon@Sun.COM	 * If the time wait list is not empty and there is no timer running,
12056SKacheong.Poon@Sun.COM	 * restart it.
12056SKacheong.Poon@Sun.COM	 */
12056SKacheong.Poon@Sun.COM	if ((tcp = tcp_time_wait->tcp_time_wait_head) != NULL &&
12056SKacheong.Poon@Sun.COM	    tcp_time_wait->tcp_time_wait_tid == 0) {
12056SKacheong.Poon@Sun.COM		hrtime_t firetime;
12056SKacheong.Poon@Sun.COM
12056SKacheong.Poon@Sun.COM		firetime = TICK_TO_NSEC(tcp->tcp_time_wait_expire - now);
12056SKacheong.Poon@Sun.COM		/* This ensures that we won't wake up too often. */
12056SKacheong.Poon@Sun.COM		firetime = MAX(TCP_TIME_WAIT_DELAY, firetime);
12056SKacheong.Poon@Sun.COM		tcp_time_wait->tcp_time_wait_tid =
12056SKacheong.Poon@Sun.COM		    timeout_generic(CALLOUT_NORMAL, tcp_time_wait_collector,
12056SKacheong.Poon@Sun.COM		    sqp, firetime, CALLOUT_TCP_RESOLUTION,
12056SKacheong.Poon@Sun.COM		    CALLOUT_FLAG_ROUNDUP);
12056SKacheong.Poon@Sun.COM	}
*12175SKacheong.Poon@Sun.COM#ifdef DEBUG
*12175SKacheong.Poon@Sun.COM	tcp_time_wait->tcp_time_wait_running = B_FALSE;
*12175SKacheong.Poon@Sun.COM#endif
11754SKacheong.Poon@Sun.COM	mutex_exit(&tcp_time_wait->tcp_time_wait_lock);
11754SKacheong.Poon@Sun.COM}
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM/*
11754SKacheong.Poon@Sun.COM * tcp_time_wait_processing() handles processing of incoming packets when
11754SKacheong.Poon@Sun.COM * the tcp_t is in the TIME_WAIT state.
11754SKacheong.Poon@Sun.COM *
11754SKacheong.Poon@Sun.COM * A TIME_WAIT tcp_t that has an associated open TCP end point (not in
11754SKacheong.Poon@Sun.COM * detached state) is never put on the time wait list.
11754SKacheong.Poon@Sun.COM */
11754SKacheong.Poon@Sun.COMvoid
11754SKacheong.Poon@Sun.COMtcp_time_wait_processing(tcp_t *tcp, mblk_t *mp, uint32_t seg_seq,
11754SKacheong.Poon@Sun.COM    uint32_t seg_ack, int seg_len, tcpha_t *tcpha, ip_recv_attr_t *ira)
11754SKacheong.Poon@Sun.COM{
11754SKacheong.Poon@Sun.COM	int32_t		bytes_acked;
11754SKacheong.Poon@Sun.COM	int32_t		gap;
11754SKacheong.Poon@Sun.COM	int32_t		rgap;
11754SKacheong.Poon@Sun.COM	tcp_opt_t	tcpopt;
11754SKacheong.Poon@Sun.COM	uint_t		flags;
11754SKacheong.Poon@Sun.COM	uint32_t	new_swnd = 0;
11754SKacheong.Poon@Sun.COM	conn_t		*nconnp;
11754SKacheong.Poon@Sun.COM	conn_t		*connp = tcp->tcp_connp;
11754SKacheong.Poon@Sun.COM	tcp_stack_t	*tcps = tcp->tcp_tcps;
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	BUMP_LOCAL(tcp->tcp_ibsegs);
11754SKacheong.Poon@Sun.COM	DTRACE_PROBE2(tcp__trace__recv, mblk_t *, mp, tcp_t *, tcp);
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	flags = (unsigned int)tcpha->tha_flags & 0xFF;
11754SKacheong.Poon@Sun.COM	new_swnd = ntohs(tcpha->tha_win) <<
11754SKacheong.Poon@Sun.COM	    ((tcpha->tha_flags & TH_SYN) ? 0 : tcp->tcp_snd_ws);
11754SKacheong.Poon@Sun.COM	if (tcp->tcp_snd_ts_ok) {
11754SKacheong.Poon@Sun.COM		if (!tcp_paws_check(tcp, tcpha, &tcpopt)) {
11754SKacheong.Poon@Sun.COM			tcp_xmit_ctl(NULL, tcp, tcp->tcp_snxt,
11754SKacheong.Poon@Sun.COM			    tcp->tcp_rnxt, TH_ACK);
11754SKacheong.Poon@Sun.COM			goto done;
11754SKacheong.Poon@Sun.COM		}
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM	gap = seg_seq - tcp->tcp_rnxt;
11754SKacheong.Poon@Sun.COM	rgap = tcp->tcp_rwnd - (gap + seg_len);
11754SKacheong.Poon@Sun.COM	if (gap < 0) {
11754SKacheong.Poon@Sun.COM		TCPS_BUMP_MIB(tcps, tcpInDataDupSegs);
11754SKacheong.Poon@Sun.COM		TCPS_UPDATE_MIB(tcps, tcpInDataDupBytes,
11754SKacheong.Poon@Sun.COM		    (seg_len > -gap ? -gap : seg_len));
11754SKacheong.Poon@Sun.COM		seg_len += gap;
11754SKacheong.Poon@Sun.COM		if (seg_len < 0 || (seg_len == 0 && !(flags & TH_FIN))) {
11754SKacheong.Poon@Sun.COM			if (flags & TH_RST) {
11754SKacheong.Poon@Sun.COM				goto done;
11754SKacheong.Poon@Sun.COM			}
11754SKacheong.Poon@Sun.COM			if ((flags & TH_FIN) && seg_len == -1) {
11754SKacheong.Poon@Sun.COM				/*
11754SKacheong.Poon@Sun.COM				 * When TCP receives a duplicate FIN in
11754SKacheong.Poon@Sun.COM				 * TIME_WAIT state, restart the 2 MSL timer.
11754SKacheong.Poon@Sun.COM				 * See page 73 in RFC 793. Make sure this TCP
11754SKacheong.Poon@Sun.COM				 * is already on the TIME_WAIT list. If not,
11754SKacheong.Poon@Sun.COM				 * just restart the timer.
11754SKacheong.Poon@Sun.COM				 */
11754SKacheong.Poon@Sun.COM				if (TCP_IS_DETACHED(tcp)) {
11754SKacheong.Poon@Sun.COM					if (tcp_time_wait_remove(tcp, NULL) ==
11754SKacheong.Poon@Sun.COM					    B_TRUE) {
11754SKacheong.Poon@Sun.COM						tcp_time_wait_append(tcp);
11754SKacheong.Poon@Sun.COM						TCP_DBGSTAT(tcps,
11754SKacheong.Poon@Sun.COM						    tcp_rput_time_wait);
11754SKacheong.Poon@Sun.COM					}
11754SKacheong.Poon@Sun.COM				} else {
11754SKacheong.Poon@Sun.COM					ASSERT(tcp != NULL);
11754SKacheong.Poon@Sun.COM					TCP_TIMER_RESTART(tcp,
11754SKacheong.Poon@Sun.COM					    tcps->tcps_time_wait_interval);
11754SKacheong.Poon@Sun.COM				}
11754SKacheong.Poon@Sun.COM				tcp_xmit_ctl(NULL, tcp, tcp->tcp_snxt,
11754SKacheong.Poon@Sun.COM				    tcp->tcp_rnxt, TH_ACK);
11754SKacheong.Poon@Sun.COM				goto done;
11754SKacheong.Poon@Sun.COM			}
11754SKacheong.Poon@Sun.COM			flags |=  TH_ACK_NEEDED;
11754SKacheong.Poon@Sun.COM			seg_len = 0;
11754SKacheong.Poon@Sun.COM			goto process_ack;
11754SKacheong.Poon@Sun.COM		}
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM		/* Fix seg_seq, and chew the gap off the front. */
11754SKacheong.Poon@Sun.COM		seg_seq = tcp->tcp_rnxt;
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	if ((flags & TH_SYN) && gap > 0 && rgap < 0) {
11754SKacheong.Poon@Sun.COM		/*
11754SKacheong.Poon@Sun.COM		 * Make sure that when we accept the connection, pick
11754SKacheong.Poon@Sun.COM		 * an ISS greater than (tcp_snxt + ISS_INCR/2) for the
11754SKacheong.Poon@Sun.COM		 * old connection.
11754SKacheong.Poon@Sun.COM		 *
11754SKacheong.Poon@Sun.COM		 * The next ISS generated is equal to tcp_iss_incr_extra
11754SKacheong.Poon@Sun.COM		 * + ISS_INCR/2 + other components depending on the
11754SKacheong.Poon@Sun.COM		 * value of tcp_strong_iss.  We pre-calculate the new
11754SKacheong.Poon@Sun.COM		 * ISS here and compare with tcp_snxt to determine if
11754SKacheong.Poon@Sun.COM		 * we need to make adjustment to tcp_iss_incr_extra.
11754SKacheong.Poon@Sun.COM		 *
11754SKacheong.Poon@Sun.COM		 * The above calculation is ugly and is a
11754SKacheong.Poon@Sun.COM		 * waste of CPU cycles...
11754SKacheong.Poon@Sun.COM		 */
11754SKacheong.Poon@Sun.COM		uint32_t new_iss = tcps->tcps_iss_incr_extra;
11754SKacheong.Poon@Sun.COM		int32_t adj;
11754SKacheong.Poon@Sun.COM		ip_stack_t *ipst = tcps->tcps_netstack->netstack_ip;
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM		switch (tcps->tcps_strong_iss) {
11754SKacheong.Poon@Sun.COM		case 2: {
11754SKacheong.Poon@Sun.COM			/* Add time and MD5 components. */
11754SKacheong.Poon@Sun.COM			uint32_t answer[4];
11754SKacheong.Poon@Sun.COM			struct {
11754SKacheong.Poon@Sun.COM				uint32_t ports;
11754SKacheong.Poon@Sun.COM				in6_addr_t src;
11754SKacheong.Poon@Sun.COM				in6_addr_t dst;
11754SKacheong.Poon@Sun.COM			} arg;
11754SKacheong.Poon@Sun.COM			MD5_CTX context;
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM			mutex_enter(&tcps->tcps_iss_key_lock);
11754SKacheong.Poon@Sun.COM			context = tcps->tcps_iss_key;
11754SKacheong.Poon@Sun.COM			mutex_exit(&tcps->tcps_iss_key_lock);
11754SKacheong.Poon@Sun.COM			arg.ports = connp->conn_ports;
11754SKacheong.Poon@Sun.COM			/* We use MAPPED addresses in tcp_iss_init */
11754SKacheong.Poon@Sun.COM			arg.src = connp->conn_laddr_v6;
11754SKacheong.Poon@Sun.COM			arg.dst = connp->conn_faddr_v6;
11754SKacheong.Poon@Sun.COM			MD5Update(&context, (uchar_t *)&arg,
11754SKacheong.Poon@Sun.COM			    sizeof (arg));
11754SKacheong.Poon@Sun.COM			MD5Final((uchar_t *)answer, &context);
11754SKacheong.Poon@Sun.COM			answer[0] ^= answer[1] ^ answer[2] ^ answer[3];
11754SKacheong.Poon@Sun.COM			new_iss += (gethrtime() >> ISS_NSEC_SHT) + answer[0];
11754SKacheong.Poon@Sun.COM			break;
11754SKacheong.Poon@Sun.COM		}
11754SKacheong.Poon@Sun.COM		case 1:
11754SKacheong.Poon@Sun.COM			/* Add time component and min random (i.e. 1). */
11754SKacheong.Poon@Sun.COM			new_iss += (gethrtime() >> ISS_NSEC_SHT) + 1;
11754SKacheong.Poon@Sun.COM			break;
11754SKacheong.Poon@Sun.COM		default:
11754SKacheong.Poon@Sun.COM			/* Add only time component. */
11754SKacheong.Poon@Sun.COM			new_iss += (uint32_t)gethrestime_sec() * ISS_INCR;
11754SKacheong.Poon@Sun.COM			break;
11754SKacheong.Poon@Sun.COM		}
11754SKacheong.Poon@Sun.COM		if ((adj = (int32_t)(tcp->tcp_snxt - new_iss)) > 0) {
11754SKacheong.Poon@Sun.COM			/*
11754SKacheong.Poon@Sun.COM			 * New ISS not guaranteed to be ISS_INCR/2
11754SKacheong.Poon@Sun.COM			 * ahead of the current tcp_snxt, so add the
11754SKacheong.Poon@Sun.COM			 * difference to tcp_iss_incr_extra.
11754SKacheong.Poon@Sun.COM			 */
11754SKacheong.Poon@Sun.COM			tcps->tcps_iss_incr_extra += adj;
11754SKacheong.Poon@Sun.COM		}
11754SKacheong.Poon@Sun.COM		/*
11754SKacheong.Poon@Sun.COM		 * If tcp_clean_death() can not perform the task now,
11754SKacheong.Poon@Sun.COM		 * drop the SYN packet and let the other side re-xmit.
11754SKacheong.Poon@Sun.COM		 * Otherwise pass the SYN packet back in, since the
11754SKacheong.Poon@Sun.COM		 * old tcp state has been cleaned up or freed.
11754SKacheong.Poon@Sun.COM		 */
11754SKacheong.Poon@Sun.COM		if (tcp_clean_death(tcp, 0) == -1)
11754SKacheong.Poon@Sun.COM			goto done;
11754SKacheong.Poon@Sun.COM		nconnp = ipcl_classify(mp, ira, ipst);
11754SKacheong.Poon@Sun.COM		if (nconnp != NULL) {
11754SKacheong.Poon@Sun.COM			TCP_STAT(tcps, tcp_time_wait_syn_success);
11754SKacheong.Poon@Sun.COM			/* Drops ref on nconnp */
11754SKacheong.Poon@Sun.COM			tcp_reinput(nconnp, mp, ira, ipst);
11754SKacheong.Poon@Sun.COM			return;
11754SKacheong.Poon@Sun.COM		}
11754SKacheong.Poon@Sun.COM		goto done;
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	/*
11754SKacheong.Poon@Sun.COM	 * rgap is the amount of stuff received out of window.  A negative
11754SKacheong.Poon@Sun.COM	 * value is the amount out of window.
11754SKacheong.Poon@Sun.COM	 */
11754SKacheong.Poon@Sun.COM	if (rgap < 0) {
11754SKacheong.Poon@Sun.COM		TCPS_BUMP_MIB(tcps, tcpInDataPastWinSegs);
11754SKacheong.Poon@Sun.COM		TCPS_UPDATE_MIB(tcps, tcpInDataPastWinBytes, -rgap);
11754SKacheong.Poon@Sun.COM		/* Fix seg_len and make sure there is something left. */
11754SKacheong.Poon@Sun.COM		seg_len += rgap;
11754SKacheong.Poon@Sun.COM		if (seg_len <= 0) {
11754SKacheong.Poon@Sun.COM			if (flags & TH_RST) {
11754SKacheong.Poon@Sun.COM				goto done;
11754SKacheong.Poon@Sun.COM			}
11754SKacheong.Poon@Sun.COM			flags |=  TH_ACK_NEEDED;
11754SKacheong.Poon@Sun.COM			seg_len = 0;
11754SKacheong.Poon@Sun.COM			goto process_ack;
11754SKacheong.Poon@Sun.COM		}
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM	/*
11754SKacheong.Poon@Sun.COM	 * Check whether we can update tcp_ts_recent.  This test is
11754SKacheong.Poon@Sun.COM	 * NOT the one in RFC 1323 3.4.  It is from Braden, 1993, "TCP
11754SKacheong.Poon@Sun.COM	 * Extensions for High Performance: An Update", Internet Draft.
11754SKacheong.Poon@Sun.COM	 */
11754SKacheong.Poon@Sun.COM	if (tcp->tcp_snd_ts_ok &&
11754SKacheong.Poon@Sun.COM	    TSTMP_GEQ(tcpopt.tcp_opt_ts_val, tcp->tcp_ts_recent) &&
11754SKacheong.Poon@Sun.COM	    SEQ_LEQ(seg_seq, tcp->tcp_rack)) {
11754SKacheong.Poon@Sun.COM		tcp->tcp_ts_recent = tcpopt.tcp_opt_ts_val;
11754SKacheong.Poon@Sun.COM		tcp->tcp_last_rcv_lbolt = ddi_get_lbolt64();
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM
11754SKacheong.Poon@Sun.COM	if (seg_seq != tcp->tcp_rnxt && seg_len > 0) {
11754SKacheong.Poon@Sun.COM		/* Always ack out of order packets */
11754SKacheong.Poon@Sun.COM		flags |= TH_ACK_NEEDED;
11754SKacheong.Poon@Sun.COM		seg_len = 0;
11754SKacheong.Poon@Sun.COM	} else if (seg_len > 0) {
11754SKacheong.Poon@Sun.COM		TCPS_BUMP_MIB(tcps, tcpInClosed);
11754SKacheong.Poon@Sun.COM		TCPS_BUMP_MIB(tcps, tcpInDataInorderSegs);
11754SKacheong.Poon@Sun.COM		TCPS_UPDATE_MIB(tcps, tcpInDataInorderBytes, seg_len);
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM	if (flags & TH_RST) {
11754SKacheong.Poon@Sun.COM		(void) tcp_clean_death(tcp, 0);
11754SKacheong.Poon@Sun.COM		goto done;
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM	if (flags & TH_SYN) {
11754SKacheong.Poon@Sun.COM		tcp_xmit_ctl("TH_SYN", tcp, seg_ack, seg_seq + 1,
11754SKacheong.Poon@Sun.COM		    TH_RST|TH_ACK);
11754SKacheong.Poon@Sun.COM		/*
11754SKacheong.Poon@Sun.COM		 * Do not delete the TCP structure if it is in
11754SKacheong.Poon@Sun.COM		 * TIME_WAIT state.  Refer to RFC 1122, 4.2.2.13.
11754SKacheong.Poon@Sun.COM		 */
11754SKacheong.Poon@Sun.COM		goto done;
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COMprocess_ack:
11754SKacheong.Poon@Sun.COM	if (flags & TH_ACK) {
11754SKacheong.Poon@Sun.COM		bytes_acked = (int)(seg_ack - tcp->tcp_suna);
11754SKacheong.Poon@Sun.COM		if (bytes_acked <= 0) {
11754SKacheong.Poon@Sun.COM			if (bytes_acked == 0 && seg_len == 0 &&
11754SKacheong.Poon@Sun.COM			    new_swnd == tcp->tcp_swnd)
11754SKacheong.Poon@Sun.COM				TCPS_BUMP_MIB(tcps, tcpInDupAck);
11754SKacheong.Poon@Sun.COM		} else {
11754SKacheong.Poon@Sun.COM			/* Acks something not sent */
11754SKacheong.Poon@Sun.COM			flags |= TH_ACK_NEEDED;
11754SKacheong.Poon@Sun.COM		}
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COM	if (flags & TH_ACK_NEEDED) {
11754SKacheong.Poon@Sun.COM		/*
11754SKacheong.Poon@Sun.COM		 * Time to send an ack for some reason.
11754SKacheong.Poon@Sun.COM		 */
11754SKacheong.Poon@Sun.COM		tcp_xmit_ctl(NULL, tcp, tcp->tcp_snxt,
11754SKacheong.Poon@Sun.COM		    tcp->tcp_rnxt, TH_ACK);
11754SKacheong.Poon@Sun.COM	}
11754SKacheong.Poon@Sun.COMdone:
11754SKacheong.Poon@Sun.COM	freemsg(mp);
11754SKacheong.Poon@Sun.COM}