1 /* $OpenBSD: tcp_output.c,v 1.44 2001/11/24 19:29:07 deraadt Exp $ */ 2 /* $NetBSD: tcp_output.c,v 1.16 1997/06/03 16:17:09 kml Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1988, 1990, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. All advertising materials mentioning features or use of this software 17 * must display the following acknowledgement: 18 * This product includes software developed by the University of 19 * California, Berkeley and its contributors. 20 * 4. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 37 * 38 * NRL grants permission for redistribution and use in source and binary 39 * forms, with or without modification, of the software and documentation 40 * created at NRL provided that the following conditions are met: 41 * 42 * 1. Redistributions of source code must retain the above copyright 43 * notice, this list of conditions and the following disclaimer. 44 * 2. Redistributions in binary form must reproduce the above copyright 45 * notice, this list of conditions and the following disclaimer in the 46 * documentation and/or other materials provided with the distribution. 47 * 3. All advertising materials mentioning features or use of this software 48 * must display the following acknowledgements: 49 * This product includes software developed by the University of 50 * California, Berkeley and its contributors. 51 * This product includes software developed at the Information 52 * Technology Division, US Naval Research Laboratory. 53 * 4. Neither the name of the NRL nor the names of its contributors 54 * may be used to endorse or promote products derived from this software 55 * without specific prior written permission. 56 * 57 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 58 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 59 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 60 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 61 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 62 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 63 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 64 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 65 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 66 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 67 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 68 * 69 * The views and conclusions contained in the software and documentation 70 * are those of the authors and should not be interpreted as representing 71 * official policies, either expressed or implied, of the US Naval 72 * Research Laboratory (NRL). 73 */ 74 75 #include <sys/param.h> 76 #include <sys/systm.h> 77 #include <sys/mbuf.h> 78 #include <sys/protosw.h> 79 #include <sys/socket.h> 80 #include <sys/socketvar.h> 81 82 #include <net/route.h> 83 #include <net/if.h> 84 85 #include <netinet/in.h> 86 #include <netinet/in_systm.h> 87 #include <netinet/ip.h> 88 #include <netinet/in_pcb.h> 89 #include <netinet/ip_var.h> 90 #include <netinet/tcp.h> 91 #define TCPOUTFLAGS 92 #include <netinet/tcp_fsm.h> 93 #include <netinet/tcp_seq.h> 94 #include <netinet/tcp_timer.h> 95 #include <netinet/tcp_var.h> 96 #include <netinet/tcpip.h> 97 #include <netinet/tcp_debug.h> 98 99 #ifdef TUBA 100 #include <netiso/iso.h> 101 #include <netiso/tuba_table.h> 102 #endif 103 104 #ifdef INET6 105 #include <netinet6/tcpipv6.h> 106 #endif /* INET6 */ 107 108 #ifdef TCP_SIGNATURE 109 #include <sys/md5k.h> 110 #endif /* TCP_SIGNATURE */ 111 112 #ifdef notyet 113 extern struct mbuf *m_copypack(); 114 #endif 115 116 #ifdef TCP_SACK 117 extern int tcprexmtthresh; 118 #endif 119 120 #ifdef TCP_SACK 121 #ifdef TCP_SACK_DEBUG 122 void 123 tcp_print_holes(tp) 124 struct tcpcb *tp; 125 { 126 struct sackhole *p = tp->snd_holes; 127 if (p == 0) 128 return; 129 printf("Hole report: start--end dups rxmit\n"); 130 while (p) { 131 printf("%x--%x d %d r %x\n", p->start, p->end, p->dups, 132 p->rxmit); 133 p = p->next; 134 } 135 printf("\n"); 136 } 137 #endif /* TCP_SACK_DEBUG */ 138 139 /* 140 * Returns pointer to a sackhole if there are any pending retransmissions; 141 * NULL otherwise. 142 */ 143 struct sackhole * 144 tcp_sack_output(tp) 145 register struct tcpcb *tp; 146 { 147 struct sackhole *p; 148 if (tp->sack_disable) 149 return 0; 150 p = tp->snd_holes; 151 while (p) { 152 #ifndef TCP_FACK 153 if (p->dups >= tcprexmtthresh && SEQ_LT(p->rxmit, p->end)) { 154 #else 155 /* In FACK, if p->dups is less than tcprexmtthresh, but 156 * snd_fack advances more than tcprextmtthresh * tp->t_maxseg, 157 * tcp_input() will try fast retransmit. This forces output. 158 */ 159 if ((p->dups >= tcprexmtthresh || 160 tp->t_dupacks == tcprexmtthresh) && 161 SEQ_LT(p->rxmit, p->end)) { 162 #endif /* TCP_FACK */ 163 if (SEQ_LT(p->rxmit, tp->snd_una)) {/* old SACK hole */ 164 p = p->next; 165 continue; 166 } 167 #ifdef TCP_SACK_DEBUG 168 if (p) 169 tcp_print_holes(tp); 170 #endif 171 return p; 172 } 173 p = p->next; 174 } 175 return 0; 176 } 177 178 /* 179 * After a timeout, the SACK list may be rebuilt. This SACK information 180 * should be used to avoid retransmitting SACKed data. This function 181 * traverses the SACK list to see if snd_nxt should be moved forward. 182 */ 183 void 184 tcp_sack_adjust(tp) 185 struct tcpcb *tp; 186 { 187 struct sackhole *cur = tp->snd_holes; 188 if (cur == 0) 189 return; /* No holes */ 190 if (SEQ_GEQ(tp->snd_nxt, tp->rcv_lastsack)) 191 return; /* We're already beyond any SACKed blocks */ 192 /* 193 * Two cases for which we want to advance snd_nxt: 194 * i) snd_nxt lies between end of one hole and beginning of another 195 * ii) snd_nxt lies between end of last hole and rcv_lastsack 196 */ 197 while (cur->next) { 198 if (SEQ_LT(tp->snd_nxt, cur->end)) 199 return; 200 if (SEQ_GEQ(tp->snd_nxt, cur->next->start)) 201 cur = cur->next; 202 else { 203 tp->snd_nxt = cur->next->start; 204 return; 205 } 206 } 207 if (SEQ_LT(tp->snd_nxt, cur->end)) 208 return; 209 tp->snd_nxt = tp->rcv_lastsack; 210 return; 211 } 212 #endif /* TCP_SACK */ 213 214 /* 215 * Tcp output routine: figure out what should be sent and send it. 216 */ 217 int 218 tcp_output(tp) 219 register struct tcpcb *tp; 220 { 221 register struct socket *so = tp->t_inpcb->inp_socket; 222 register long len, win; 223 int off, flags, error; 224 register struct mbuf *m; 225 register struct tcphdr *th; 226 u_char opt[MAX_TCPOPTLEN]; 227 unsigned int optlen, hdrlen; 228 int idle, sendalot = 0; 229 #ifdef TCP_SACK 230 int i, sack_rxmit = 0; 231 struct sackhole *p; 232 #endif 233 #if defined(TCP_SACK) 234 int maxburst = TCP_MAXBURST; 235 #endif 236 #ifdef TCP_SIGNATURE 237 unsigned int sigoff; 238 #endif /* TCP_SIGNATURE */ 239 240 #if defined(TCP_SACK) && defined(TCP_SIGNATURE) && defined(DIAGNOSTIC) 241 if (!tp->sack_disable && (tp->t_flags & TF_SIGNATURE)) 242 return (EINVAL); 243 #endif /* defined(TCP_SACK) && defined(TCP_SIGNATURE) && defined(DIAGNOSTIC) */ 244 245 /* 246 * Determine length of data that should be transmitted, 247 * and flags that will be used. 248 * If there is some data or critical controls (SYN, RST) 249 * to send, then transmit; otherwise, investigate further. 250 */ 251 idle = (tp->snd_max == tp->snd_una); 252 if (idle && tp->t_idle >= tp->t_rxtcur) 253 /* 254 * We have been idle for "a while" and no acks are 255 * expected to clock out any data we send -- 256 * slow start to get ack "clock" running again. 257 */ 258 tp->snd_cwnd = tp->t_maxseg; 259 again: 260 #ifdef TCP_SACK 261 /* 262 * If we've recently taken a timeout, snd_max will be greater than 263 * snd_nxt. There may be SACK information that allows us to avoid 264 * resending already delivered data. Adjust snd_nxt accordingly. 265 */ 266 if (!tp->sack_disable && SEQ_LT(tp->snd_nxt, tp->snd_max)) 267 tcp_sack_adjust(tp); 268 #endif 269 off = tp->snd_nxt - tp->snd_una; 270 #if defined(TCP_SACK) && defined(TCP_FACK) 271 /* Normally, sendable data is limited by off < tp->snd_cwnd. 272 * But in FACK, sendable data is limited by snd_awnd < snd_cwnd, 273 * regardless of offset. 274 */ 275 if (!tp->sack_disable && (tp->t_dupacks > tcprexmtthresh)) 276 win = tp->snd_wnd; 277 else 278 #endif 279 win = ulmin(tp->snd_wnd, tp->snd_cwnd); 280 281 flags = tcp_outflags[tp->t_state]; 282 283 #ifdef TCP_SACK 284 /* 285 * Send any SACK-generated retransmissions. If we're explicitly trying 286 * to send out new data (when sendalot is 1), bypass this function. 287 * If we retransmit in fast recovery mode, decrement snd_cwnd, since 288 * we're replacing a (future) new transmission with a retransmission 289 * now, and we previously incremented snd_cwnd in tcp_input(). 290 */ 291 if (!tp->sack_disable && !sendalot) { 292 if (tp->t_dupacks >= tcprexmtthresh && 293 (p = tcp_sack_output(tp))) { 294 off = p->rxmit - tp->snd_una; 295 sack_rxmit = 1; 296 #if 0 297 /* Coalesce holes into a single retransmission */ 298 #endif 299 len = min(tp->t_maxseg, p->end - p->rxmit); 300 #ifndef TCP_FACK 301 /* in FACK, hold snd_cwnd constant during recovery */ 302 if (SEQ_LT(tp->snd_una, tp->snd_last)) 303 tp->snd_cwnd -= tp->t_maxseg; 304 #endif 305 } 306 } 307 #endif /* TCP_SACK */ 308 309 sendalot = 0; 310 /* 311 * If in persist timeout with window of 0, send 1 byte. 312 * Otherwise, if window is small but nonzero 313 * and timer expired, we will send what we can 314 * and go to transmit state. 315 */ 316 if (tp->t_force) { 317 if (win == 0) { 318 /* 319 * If we still have some data to send, then 320 * clear the FIN bit. Usually this would 321 * happen below when it realizes that we 322 * aren't sending all the data. However, 323 * if we have exactly 1 byte of unset data, 324 * then it won't clear the FIN bit below, 325 * and if we are in persist state, we wind 326 * up sending the packet without recording 327 * that we sent the FIN bit. 328 * 329 * We can't just blindly clear the FIN bit, 330 * because if we don't have any more data 331 * to send then the probe will be the FIN 332 * itself. 333 */ 334 if (off < so->so_snd.sb_cc) 335 flags &= ~TH_FIN; 336 win = 1; 337 } else { 338 tp->t_timer[TCPT_PERSIST] = 0; 339 tp->t_rxtshift = 0; 340 } 341 } 342 343 #ifdef TCP_SACK 344 if (!sack_rxmit) { 345 #endif 346 len = ulmin(so->so_snd.sb_cc, win) - off; 347 348 #if defined(TCP_SACK) && defined(TCP_FACK) 349 /* 350 * If we're in fast recovery (SEQ_GT(tp->snd_last, tp->snd_una)), and 351 * amount of outstanding data (snd_awnd) is >= snd_cwnd, then 352 * do not send data (like zero window conditions) 353 */ 354 if (!tp->sack_disable && len && SEQ_GT(tp->snd_last, tp->snd_una) && 355 (tp->snd_awnd >= tp->snd_cwnd)) 356 len = 0; 357 #endif /* TCP_FACK */ 358 #ifdef TCP_SACK 359 } 360 #endif 361 362 if (len < 0) { 363 /* 364 * If FIN has been sent but not acked, 365 * but we haven't been called to retransmit, 366 * len will be -1. Otherwise, window shrank 367 * after we sent into it. If window shrank to 0, 368 * cancel pending retransmit, pull snd_nxt back 369 * to (closed) window, and set the persist timer 370 * if it isn't already going. If the window didn't 371 * close completely, just wait for an ACK. 372 */ 373 len = 0; 374 if (win == 0) { 375 tp->t_timer[TCPT_REXMT] = 0; 376 tp->t_rxtshift = 0; 377 tp->snd_nxt = tp->snd_una; 378 if (tp->t_timer[TCPT_PERSIST] == 0) 379 tcp_setpersist(tp); 380 } 381 } 382 if (len > tp->t_maxseg) { 383 len = tp->t_maxseg; 384 sendalot = 1; 385 } 386 if (SEQ_LT(tp->snd_nxt + len, tp->snd_una + so->so_snd.sb_cc)) 387 flags &= ~TH_FIN; 388 389 win = sbspace(&so->so_rcv); 390 391 /* 392 * Sender silly window avoidance. If connection is idle 393 * and can send all data, a maximum segment, 394 * at least a maximum default-size segment do it, 395 * or are forced, do it; otherwise don't bother. 396 * If peer's buffer is tiny, then send 397 * when window is at least half open. 398 * If retransmitting (possibly after persist timer forced us 399 * to send into a small window), then must resend. 400 */ 401 if (len) { 402 if (len == tp->t_maxseg) 403 goto send; 404 if ((idle || tp->t_flags & TF_NODELAY) && 405 len + off >= so->so_snd.sb_cc) 406 goto send; 407 if (tp->t_force) 408 goto send; 409 if (len >= tp->max_sndwnd / 2 && tp->max_sndwnd > 0) 410 goto send; 411 if (SEQ_LT(tp->snd_nxt, tp->snd_max)) 412 goto send; 413 #ifdef TCP_SACK 414 if (sack_rxmit) 415 goto send; 416 #endif 417 } 418 419 /* 420 * Compare available window to amount of window 421 * known to peer (as advertised window less 422 * next expected input). If the difference is at least two 423 * max size segments, or at least 50% of the maximum possible 424 * window, then want to send a window update to peer. 425 */ 426 if (win > 0) { 427 /* 428 * "adv" is the amount we can increase the window, 429 * taking into account that we are limited by 430 * TCP_MAXWIN << tp->rcv_scale. 431 */ 432 long adv = lmin(win, (long)TCP_MAXWIN << tp->rcv_scale) - 433 (tp->rcv_adv - tp->rcv_nxt); 434 435 if (adv >= (long) (2 * tp->t_maxseg)) 436 goto send; 437 if (2 * adv >= (long) so->so_rcv.sb_hiwat) 438 goto send; 439 } 440 441 /* 442 * Send if we owe peer an ACK. 443 */ 444 if (tp->t_flags & TF_ACKNOW) 445 goto send; 446 if (flags & (TH_SYN|TH_RST)) 447 goto send; 448 if (SEQ_GT(tp->snd_up, tp->snd_una)) 449 goto send; 450 /* 451 * If our state indicates that FIN should be sent 452 * and we have not yet done so, or we're retransmitting the FIN, 453 * then we need to send. 454 */ 455 if (flags & TH_FIN && 456 ((tp->t_flags & TF_SENTFIN) == 0 || tp->snd_nxt == tp->snd_una)) 457 goto send; 458 #ifdef TCP_SACK 459 /* 460 * In SACK, it is possible for tcp_output to fail to send a segment 461 * after the retransmission timer has been turned off. Make sure 462 * that the retransmission timer is set. 463 */ 464 if (SEQ_GT(tp->snd_max, tp->snd_una) && 465 tp->t_timer[TCPT_REXMT] == 0 && 466 tp->t_timer[TCPT_PERSIST] == 0) { 467 tp->t_timer[TCPT_REXMT] = tp->t_rxtcur; 468 return (0); 469 } 470 #endif /* TCP_SACK */ 471 472 /* 473 * TCP window updates are not reliable, rather a polling protocol 474 * using ``persist'' packets is used to insure receipt of window 475 * updates. The three ``states'' for the output side are: 476 * idle not doing retransmits or persists 477 * persisting to move a small or zero window 478 * (re)transmitting and thereby not persisting 479 * 480 * tp->t_timer[TCPT_PERSIST] 481 * is set when we are in persist state. 482 * tp->t_force 483 * is set when we are called to send a persist packet. 484 * tp->t_timer[TCPT_REXMT] 485 * is set when we are retransmitting 486 * The output side is idle when both timers are zero. 487 * 488 * If send window is too small, there is data to transmit, and no 489 * retransmit or persist is pending, then go to persist state. 490 * If nothing happens soon, send when timer expires: 491 * if window is nonzero, transmit what we can, 492 * otherwise force out a byte. 493 */ 494 if (so->so_snd.sb_cc && tp->t_timer[TCPT_REXMT] == 0 && 495 tp->t_timer[TCPT_PERSIST] == 0) { 496 tp->t_rxtshift = 0; 497 tcp_setpersist(tp); 498 } 499 500 /* 501 * No reason to send a segment, just return. 502 */ 503 return (0); 504 505 send: 506 /* 507 * Before ESTABLISHED, force sending of initial options 508 * unless TCP set not to do any options. 509 * NOTE: we assume that the IP/TCP header plus TCP options 510 * always fit in a single mbuf, leaving room for a maximum 511 * link header, i.e. 512 * max_linkhdr + sizeof(network header) + sizeof(struct tcphdr + 513 * optlen <= MHLEN 514 */ 515 optlen = 0; 516 517 switch (tp->pf) { 518 case 0: /*default to PF_INET*/ 519 #ifdef INET 520 case PF_INET: 521 hdrlen = sizeof(struct ip) + sizeof(struct tcphdr); 522 break; 523 #endif /* INET */ 524 #ifdef INET6 525 case PF_INET6: 526 hdrlen = sizeof(struct ip6_hdr) + sizeof(struct tcphdr); 527 break; 528 #endif /* INET6 */ 529 default: 530 return (EPFNOSUPPORT); 531 } 532 533 if (flags & TH_SYN) { 534 tp->snd_nxt = tp->iss; 535 if ((tp->t_flags & TF_NOOPT) == 0) { 536 u_int16_t mss; 537 538 opt[0] = TCPOPT_MAXSEG; 539 opt[1] = 4; 540 mss = htons((u_int16_t) tcp_mss(tp, 0)); 541 bcopy((caddr_t)&mss, (caddr_t)(opt + 2), sizeof(mss)); 542 optlen = 4; 543 544 if (flags & TH_ACK) 545 tcp_mss_update(tp); 546 #ifdef TCP_SACK 547 /* 548 * If this is the first SYN of connection (not a SYN 549 * ACK), include SACK_PERMIT_HDR option. If this is a 550 * SYN ACK, include SACK_PERMIT_HDR option if peer has 551 * already done so. 552 */ 553 if (!tp->sack_disable && ((flags & TH_ACK) == 0 || 554 (tp->t_flags & TF_SACK_PERMIT))) { 555 *((u_int32_t *) (opt + optlen)) = 556 htonl(TCPOPT_SACK_PERMIT_HDR); 557 optlen += 4; 558 } 559 #endif 560 561 if ((tp->t_flags & TF_REQ_SCALE) && 562 ((flags & TH_ACK) == 0 || 563 (tp->t_flags & TF_RCVD_SCALE))) { 564 *((u_int32_t *) (opt + optlen)) = htonl( 565 TCPOPT_NOP << 24 | 566 TCPOPT_WINDOW << 16 | 567 TCPOLEN_WINDOW << 8 | 568 tp->request_r_scale); 569 optlen += 4; 570 } 571 } 572 } 573 574 /* 575 * Send a timestamp and echo-reply if this is a SYN and our side 576 * wants to use timestamps (TF_REQ_TSTMP is set) or both our side 577 * and our peer have sent timestamps in our SYN's. 578 */ 579 if ((tp->t_flags & (TF_REQ_TSTMP|TF_NOOPT)) == TF_REQ_TSTMP && 580 (flags & TH_RST) == 0 && 581 ((flags & (TH_SYN|TH_ACK)) == TH_SYN || 582 (tp->t_flags & TF_RCVD_TSTMP))) { 583 u_int32_t *lp = (u_int32_t *)(opt + optlen); 584 585 /* Form timestamp option as shown in appendix A of RFC 1323. */ 586 *lp++ = htonl(TCPOPT_TSTAMP_HDR); 587 *lp++ = htonl(tcp_now); 588 *lp = htonl(tp->ts_recent); 589 optlen += TCPOLEN_TSTAMP_APPA; 590 } 591 592 #ifdef TCP_SIGNATURE 593 if (tp->t_flags & TF_SIGNATURE) { 594 u_int8_t *bp = (u_int8_t *)(opt + optlen); 595 596 /* Send signature option */ 597 *(bp++) = TCPOPT_SIGNATURE; 598 *(bp++) = TCPOLEN_SIGNATURE; 599 sigoff = optlen + 2; 600 601 { 602 unsigned int i; 603 604 for (i = 0; i < 16; i++) 605 *(bp++) = 0; 606 } 607 608 optlen += TCPOLEN_SIGNATURE; 609 610 /* Pad options list to the next 32 bit boundary and 611 * terminate it. 612 */ 613 *bp++ = TCPOPT_NOP; 614 *bp++ = TCPOPT_EOL; 615 optlen += 2; 616 } 617 #endif /* TCP_SIGNATURE */ 618 619 #ifdef TCP_SACK 620 /* 621 * Send SACKs if necessary. This should be the last option processed. 622 * Only as many SACKs are sent as are permitted by the maximum options 623 * size. No more than three SACKs are sent. 624 */ 625 if (!tp->sack_disable && tp->t_state == TCPS_ESTABLISHED && 626 (tp->t_flags & (TF_SACK_PERMIT|TF_NOOPT)) == TF_SACK_PERMIT && 627 tp->rcv_numsacks) { 628 u_int32_t *lp = (u_int32_t *)(opt + optlen); 629 u_int32_t *olp = lp++; 630 int count = 0; /* actual number of SACKs inserted */ 631 int maxsack = (MAX_TCPOPTLEN - (optlen + 4))/TCPOLEN_SACK; 632 633 maxsack = min(maxsack, TCP_MAX_SACK); 634 for (i = 0; (i < tp->rcv_numsacks && count < maxsack); i++) { 635 struct sackblk sack = tp->sackblks[i]; 636 if (sack.start == 0 && sack.end == 0) 637 continue; 638 *lp++ = htonl(sack.start); 639 *lp++ = htonl(sack.end); 640 count++; 641 } 642 *olp = htonl(TCPOPT_SACK_HDR|(TCPOLEN_SACK*count+2)); 643 optlen += TCPOLEN_SACK*count + 4; /* including leading NOPs */ 644 } 645 #endif /* TCP_SACK */ 646 647 #ifdef DIAGNOSTIC 648 if (optlen > MAX_TCPOPTLEN) 649 panic("tcp_output: options too long"); 650 #endif /* DIAGNOSTIC */ 651 652 hdrlen += optlen; 653 654 /* 655 * Adjust data length if insertion of options will 656 * bump the packet length beyond the t_maxopd length. 657 */ 658 if (len > tp->t_maxopd - optlen) { 659 len = tp->t_maxopd - optlen; 660 sendalot = 1; 661 flags &= ~TH_FIN; 662 } 663 664 #ifdef DIAGNOSTIC 665 if (max_linkhdr + hdrlen > MCLBYTES) 666 panic("tcphdr too big"); 667 #endif 668 669 /* 670 * Grab a header mbuf, attaching a copy of data to 671 * be transmitted, and initialize the header from 672 * the template for sends on this connection. 673 */ 674 if (len) { 675 if (tp->t_force && len == 1) 676 tcpstat.tcps_sndprobe++; 677 else if (SEQ_LT(tp->snd_nxt, tp->snd_max)) { 678 tcpstat.tcps_sndrexmitpack++; 679 tcpstat.tcps_sndrexmitbyte += len; 680 } else { 681 tcpstat.tcps_sndpack++; 682 tcpstat.tcps_sndbyte += len; 683 } 684 #ifdef notyet 685 if ((m = m_copypack(so->so_snd.sb_mb, off, 686 (int)len, max_linkhdr + hdrlen)) == 0) { 687 error = ENOBUFS; 688 goto out; 689 } 690 /* 691 * m_copypack left space for our hdr; use it. 692 */ 693 m->m_len += hdrlen; 694 m->m_data -= hdrlen; 695 #else 696 MGETHDR(m, M_DONTWAIT, MT_HEADER); 697 if (m != NULL) { 698 MCLGET(m, M_DONTWAIT); 699 if ((m->m_flags & M_EXT) == 0) { 700 m_freem(m); 701 m = NULL; 702 } 703 } 704 if (m == NULL) { 705 error = ENOBUFS; 706 goto out; 707 } 708 m->m_data += max_linkhdr; 709 m->m_len = hdrlen; 710 if (len <= MCLBYTES - hdrlen - max_linkhdr) { 711 m_copydata(so->so_snd.sb_mb, off, (int) len, 712 mtod(m, caddr_t) + hdrlen); 713 m->m_len += len; 714 } else { 715 m->m_next = m_copy(so->so_snd.sb_mb, off, (int) len); 716 if (m->m_next == 0) { 717 (void) m_free(m); 718 error = ENOBUFS; 719 goto out; 720 } 721 } 722 #endif 723 /* 724 * If we're sending everything we've got, set PUSH. 725 * (This will keep happy those implementations which only 726 * give data to the user when a buffer fills or 727 * a PUSH comes in.) 728 */ 729 if (off + len == so->so_snd.sb_cc) 730 flags |= TH_PUSH; 731 } else { 732 if (tp->t_flags & TF_ACKNOW) 733 tcpstat.tcps_sndacks++; 734 else if (flags & (TH_SYN|TH_FIN|TH_RST)) 735 tcpstat.tcps_sndctrl++; 736 else if (SEQ_GT(tp->snd_up, tp->snd_una)) 737 tcpstat.tcps_sndurg++; 738 else 739 tcpstat.tcps_sndwinup++; 740 741 MGETHDR(m, M_DONTWAIT, MT_HEADER); 742 if (m != NULL) { 743 MCLGET(m, M_DONTWAIT); 744 if ((m->m_flags & M_EXT) == 0) { 745 m_freem(m); 746 m = NULL; 747 } 748 } 749 if (m == NULL) { 750 error = ENOBUFS; 751 goto out; 752 } 753 m->m_data += max_linkhdr; 754 m->m_len = hdrlen; 755 } 756 m->m_pkthdr.rcvif = (struct ifnet *)0; 757 758 if (!tp->t_template) 759 panic("tcp_output"); 760 #ifdef DIAGNOSTIC 761 if (tp->t_template->m_len != hdrlen - optlen) 762 panic("tcp_output: template len != hdrlen - optlen"); 763 #endif /* DIAGNOSTIC */ 764 bcopy(mtod(tp->t_template, caddr_t), mtod(m, caddr_t), 765 tp->t_template->m_len); 766 th = (struct tcphdr *)(mtod(m, caddr_t) + tp->t_template->m_len - 767 sizeof(struct tcphdr)); 768 769 /* 770 * Fill in fields, remembering maximum advertised 771 * window for use in delaying messages about window sizes. 772 * If resending a FIN, be sure not to use a new sequence number. 773 */ 774 if ((flags & TH_FIN) && (tp->t_flags & TF_SENTFIN) && 775 (tp->snd_nxt == tp->snd_max)) 776 tp->snd_nxt--; 777 /* 778 * If we are doing retransmissions, then snd_nxt will 779 * not reflect the first unsent octet. For ACK only 780 * packets, we do not want the sequence number of the 781 * retransmitted packet, we want the sequence number 782 * of the next unsent octet. So, if there is no data 783 * (and no SYN or FIN), use snd_max instead of snd_nxt 784 * when filling in ti_seq. But if we are in persist 785 * state, snd_max might reflect one byte beyond the 786 * right edge of the window, so use snd_nxt in that 787 * case, since we know we aren't doing a retransmission. 788 * (retransmit and persist are mutually exclusive...) 789 */ 790 if (len || (flags & (TH_SYN|TH_FIN)) || tp->t_timer[TCPT_PERSIST]) 791 th->th_seq = htonl(tp->snd_nxt); 792 else 793 th->th_seq = htonl(tp->snd_max); 794 795 #ifdef TCP_SACK 796 if (sack_rxmit) { 797 /* 798 * If sendalot was turned on (due to option stuffing), turn it 799 * off. Properly set th_seq field. Advance the ret'x pointer 800 * by len. 801 */ 802 if (sendalot) 803 sendalot = 0; 804 th->th_seq = htonl(p->rxmit); 805 p->rxmit += len; 806 #if defined(TCP_SACK) && defined(TCP_FACK) 807 tp->retran_data += len; 808 #endif /* TCP_FACK */ 809 } 810 #endif /* TCP_SACK */ 811 812 th->th_ack = htonl(tp->rcv_nxt); 813 if (optlen) { 814 bcopy((caddr_t)opt, (caddr_t)(th + 1), optlen); 815 th->th_off = (sizeof (struct tcphdr) + optlen) >> 2; 816 } 817 th->th_flags = flags; 818 819 /* 820 * Calculate receive window. Don't shrink window, 821 * but avoid silly window syndrome. 822 */ 823 if (win < (long)(so->so_rcv.sb_hiwat / 4) && win < (long)tp->t_maxseg) 824 win = 0; 825 if (win > (long)TCP_MAXWIN << tp->rcv_scale) 826 win = (long)TCP_MAXWIN << tp->rcv_scale; 827 if (win < (long)(tp->rcv_adv - tp->rcv_nxt)) 828 win = (long)(tp->rcv_adv - tp->rcv_nxt); 829 if (flags & TH_RST) 830 win = 0; 831 th->th_win = htons((u_int16_t) (win>>tp->rcv_scale)); 832 if (SEQ_GT(tp->snd_up, tp->snd_nxt)) { 833 u_int32_t urp = tp->snd_up - tp->snd_nxt; 834 if (urp > IP_MAXPACKET) 835 urp = IP_MAXPACKET; 836 th->th_urp = htons((u_int16_t)urp); 837 th->th_flags |= TH_URG; 838 } else 839 /* 840 * If no urgent pointer to send, then we pull 841 * the urgent pointer to the left edge of the send window 842 * so that it doesn't drift into the send window on sequence 843 * number wraparound. 844 */ 845 tp->snd_up = tp->snd_una; /* drag it along */ 846 847 #ifdef TCP_SIGNATURE 848 if (tp->t_flags & TF_SIGNATURE) { 849 MD5_CTX ctx; 850 union sockaddr_union sa; 851 struct tdb *tdb; 852 853 bzero(&sa, sizeof(union sockaddr_union)); 854 855 switch (tp->pf) { 856 case 0: /*default to PF_INET*/ 857 #ifdef INET 858 case AF_INET: 859 sa.sa.sa_len = sizeof(struct sockaddr_in); 860 sa.sa.sa_family = AF_INET; 861 sa.sin.sin_addr = mtod(m, struct ip *)->ip_dst; 862 break; 863 #endif /* INET */ 864 #ifdef INET6 865 case AF_INET6: 866 sa.sa.sa_len = sizeof(struct sockaddr_in6); 867 sa.sa.sa_family = AF_INET6; 868 sa.sin6.sin6_addr = mtod(m, struct ip6_hdr *)->ip6_dst; 869 break; 870 #endif /* INET6 */ 871 } 872 873 /* XXX gettdb() should really be called at spltdb(). */ 874 /* XXX this is splsoftnet(), currently they are the same. */ 875 tdb = gettdb(0, &sa, IPPROTO_TCP); 876 if (tdb == NULL) 877 return (EPERM); 878 879 MD5Init(&ctx); 880 881 switch (tp->pf) { 882 case 0: /*default to PF_INET*/ 883 #ifdef INET 884 case AF_INET: 885 { 886 struct ippseudo ippseudo; 887 struct ipovly *ipovly; 888 889 ipovly = mtod(m, struct ipovly *); 890 891 ippseudo.ippseudo_src = ipovly->ih_src; 892 ippseudo.ippseudo_dst = ipovly->ih_dst; 893 ippseudo.ippseudo_pad = 0; 894 ippseudo.ippseudo_p = IPPROTO_TCP; 895 ippseudo.ippseudo_len = ipovly->ih_len + len + 896 optlen; 897 MD5Update(&ctx, (char *)&ippseudo, 898 sizeof(struct ippseudo)); 899 MD5Update(&ctx, mtod(m, caddr_t) + 900 sizeof(struct ip), 901 sizeof(struct tcphdr)); 902 } 903 break; 904 #endif /* INET */ 905 #ifdef INET6 906 case AF_INET6: 907 { 908 static int printed = 0; 909 910 if (!printed) { 911 printf("error: TCP MD5 support for " 912 "IPv6 not yet implemented.\n"); 913 printed = 1; 914 } 915 } 916 break; 917 #endif /* INET6 */ 918 } 919 920 if (len && m_apply(m, hdrlen, len, tcp_signature_apply, 921 (caddr_t)&ctx)) 922 return (EINVAL); 923 924 MD5Update(&ctx, tdb->tdb_amxkey, tdb->tdb_amxkeylen); 925 MD5Final(mtod(m, caddr_t) + hdrlen - optlen + sigoff, &ctx); 926 } 927 #endif /* TCP_SIGNATURE */ 928 929 /* 930 * Put TCP length in extended header, and then 931 * checksum extended header and data. 932 */ 933 switch (tp->pf) { 934 case 0: /*default to PF_INET*/ 935 #ifdef INET 936 case AF_INET: 937 /* Defer checksumming until later (ip_output() or hardware) */ 938 m->m_pkthdr.csum |= M_TCPV4_CSUM_OUT; 939 if (len + optlen) 940 th->th_sum = in_cksum_addword(th->th_sum, 941 htons((u_int16_t)(len + optlen))); 942 break; 943 #endif /* INET */ 944 #ifdef INET6 945 case AF_INET6: 946 m->m_pkthdr.len = hdrlen + len; 947 th->th_sum = in6_cksum(m, IPPROTO_TCP, sizeof(struct ip6_hdr), 948 hdrlen - sizeof(struct ip6_hdr) + len); 949 break; 950 #endif /* INET6 */ 951 } 952 953 /* 954 * In transmit state, time the transmission and arrange for 955 * the retransmit. In persist state, just set snd_max. 956 */ 957 if (tp->t_force == 0 || tp->t_timer[TCPT_PERSIST] == 0) { 958 tcp_seq startseq = tp->snd_nxt; 959 960 /* 961 * Advance snd_nxt over sequence space of this segment. 962 */ 963 if (flags & (TH_SYN|TH_FIN)) { 964 if (flags & TH_SYN) 965 tp->snd_nxt++; 966 if (flags & TH_FIN) { 967 tp->snd_nxt++; 968 tp->t_flags |= TF_SENTFIN; 969 } 970 } 971 #ifdef TCP_SACK 972 if (!tp->sack_disable) { 973 if (sack_rxmit && (p->rxmit != tp->snd_nxt)) { 974 goto timer; 975 } 976 } 977 #endif 978 tp->snd_nxt += len; 979 if (SEQ_GT(tp->snd_nxt, tp->snd_max)) { 980 tp->snd_max = tp->snd_nxt; 981 /* 982 * Time this transmission if not a retransmission and 983 * not currently timing anything. 984 */ 985 if (tp->t_rtt == 0) { 986 tp->t_rtt = 1; 987 tp->t_rtseq = startseq; 988 tcpstat.tcps_segstimed++; 989 } 990 } 991 992 /* 993 * Set retransmit timer if not currently set, 994 * and not doing an ack or a keep-alive probe. 995 * Initial value for retransmit timer is smoothed 996 * round-trip time + 2 * round-trip time variance. 997 * Initialize shift counter which is used for backoff 998 * of retransmit time. 999 */ 1000 #ifdef TCP_SACK 1001 timer: 1002 if (!tp->sack_disable && sack_rxmit && 1003 tp->t_timer[TCPT_REXMT] == 0 && 1004 tp->snd_nxt != tp->snd_max) { 1005 tp->t_timer[TCPT_REXMT] = tp->t_rxtcur; 1006 if (tp->t_timer[TCPT_PERSIST]) { 1007 tp->t_timer[TCPT_PERSIST] = 0; 1008 tp->t_rxtshift = 0; 1009 } 1010 } 1011 #endif 1012 1013 if (tp->t_timer[TCPT_REXMT] == 0 && 1014 tp->snd_nxt != tp->snd_una) { 1015 tp->t_timer[TCPT_REXMT] = tp->t_rxtcur; 1016 if (tp->t_timer[TCPT_PERSIST]) { 1017 tp->t_timer[TCPT_PERSIST] = 0; 1018 tp->t_rxtshift = 0; 1019 } 1020 } 1021 } else 1022 if (SEQ_GT(tp->snd_nxt + len, tp->snd_max)) 1023 tp->snd_max = tp->snd_nxt + len; 1024 1025 /* 1026 * Trace. 1027 */ 1028 if (so->so_options & SO_DEBUG) 1029 tcp_trace(TA_OUTPUT, tp->t_state, tp, mtod(m, caddr_t), 0, 1030 len); 1031 1032 /* 1033 * Fill in IP length and desired time to live and 1034 * send to IP level. There should be a better way 1035 * to handle ttl and tos; we could keep them in 1036 * the template, but need a way to checksum without them. 1037 */ 1038 m->m_pkthdr.len = hdrlen + len; 1039 1040 switch (tp->pf) { 1041 case 0: /*default to PF_INET*/ 1042 #ifdef INET 1043 case AF_INET: 1044 { 1045 struct ip *ip; 1046 1047 ip = mtod(m, struct ip *); 1048 ip->ip_len = m->m_pkthdr.len; 1049 ip->ip_ttl = tp->t_inpcb->inp_ip.ip_ttl; 1050 ip->ip_tos = tp->t_inpcb->inp_ip.ip_tos; 1051 } 1052 error = ip_output(m, tp->t_inpcb->inp_options, 1053 &tp->t_inpcb->inp_route, 1054 (ip_mtudisc ? IP_MTUDISC : 0) | 1055 (so->so_options & SO_DONTROUTE), 1056 0, tp->t_inpcb); 1057 break; 1058 #endif /* INET */ 1059 #ifdef INET6 1060 case AF_INET6: 1061 { 1062 struct ip6_hdr *ipv6; 1063 1064 ipv6 = mtod(m, struct ip6_hdr *); 1065 ipv6->ip6_plen = m->m_pkthdr.len - 1066 sizeof(struct ip6_hdr); 1067 ipv6->ip6_nxt = IPPROTO_TCP; 1068 ipv6->ip6_hlim = in6_selecthlim(tp->t_inpcb, NULL); 1069 } 1070 error = ip6_output(m, tp->t_inpcb->inp_outputopts6, 1071 &tp->t_inpcb->inp_route6, 1072 (so->so_options & SO_DONTROUTE), NULL, NULL); 1073 break; 1074 #endif /* INET6 */ 1075 #ifdef TUBA 1076 case AF_ISO: 1077 if (tp->t_tuba_pcb) 1078 error = tuba_output(m, tp); 1079 break; 1080 #endif /* TUBA */ 1081 } 1082 1083 #if defined(TCP_SACK) && defined(TCP_FACK) 1084 /* Update snd_awnd to reflect the new data that was sent. */ 1085 tp->snd_awnd = tcp_seq_subtract(tp->snd_max, tp->snd_fack) + 1086 tp->retran_data; 1087 #endif /* defined(TCP_SACK) && defined(TCP_FACK) */ 1088 1089 if (error) { 1090 out: 1091 if (error == ENOBUFS) { 1092 tcp_quench(tp->t_inpcb, 0); 1093 return (0); 1094 } 1095 if (error == EMSGSIZE) { 1096 /* 1097 * ip_output() will have already fixed the route 1098 * for us. tcp_mtudisc() will, as its last action, 1099 * initiate retransmission, so it is important to 1100 * not do so here. 1101 */ 1102 tcp_mtudisc(tp->t_inpcb, 0); 1103 return (0); 1104 } 1105 if ((error == EHOSTUNREACH || error == ENETDOWN) && 1106 TCPS_HAVERCVDSYN(tp->t_state)) { 1107 tp->t_softerror = error; 1108 return (0); 1109 } 1110 return (error); 1111 } 1112 tcpstat.tcps_sndtotal++; 1113 1114 /* 1115 * Data sent (as far as we can tell). 1116 * If this advertises a larger window than any other segment, 1117 * then remember the size of the advertised window. 1118 * Any pending ACK has now been sent. 1119 */ 1120 if (win > 0 && SEQ_GT(tp->rcv_nxt+win, tp->rcv_adv)) 1121 tp->rcv_adv = tp->rcv_nxt + win; 1122 tp->last_ack_sent = tp->rcv_nxt; 1123 tp->t_flags &= ~(TF_ACKNOW|TF_DELACK); 1124 #if defined(TCP_SACK) 1125 if (sendalot && --maxburst) 1126 #else 1127 if (sendalot) 1128 #endif 1129 goto again; 1130 return (0); 1131 } 1132 1133 void 1134 tcp_setpersist(tp) 1135 register struct tcpcb *tp; 1136 { 1137 register int t = ((tp->t_srtt >> 2) + tp->t_rttvar) >> 1; 1138 1139 if (tp->t_timer[TCPT_REXMT]) 1140 panic("tcp_output REXMT"); 1141 /* 1142 * Start/restart persistance timer. 1143 */ 1144 if (t < tp->t_rttmin) 1145 t = tp->t_rttmin; 1146 TCPT_RANGESET(tp->t_timer[TCPT_PERSIST], 1147 t * tcp_backoff[tp->t_rxtshift], 1148 TCPTV_PERSMIN, TCPTV_PERSMAX); 1149 if (tp->t_rxtshift < TCP_MAXRXTSHIFT) 1150 tp->t_rxtshift++; 1151 } 1152