1 /* 2 * Copyright (c) 2004 Jeffrey M. Hsu. All rights reserved. 3 * Copyright (c) 2004 The DragonFly Project. All rights reserved. 4 * 5 * This code is derived from software contributed to The DragonFly Project 6 * by Jeffrey M. Hsu. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of The DragonFly Project nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific, prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 30 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* 35 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 36 * The Regents of the University of California. All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 1. Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * 2. Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in the 45 * documentation and/or other materials provided with the distribution. 46 * 3. All advertising materials mentioning features or use of this software 47 * must display the following acknowledgement: 48 * This product includes software developed by the University of 49 * California, Berkeley and its contributors. 50 * 4. Neither the name of the University nor the names of its contributors 51 * may be used to endorse or promote products derived from this software 52 * without specific prior written permission. 53 * 54 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 55 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 56 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 57 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 58 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 59 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 60 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 62 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 63 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 64 * SUCH DAMAGE. 65 * 66 * @(#)tcp_output.c 8.4 (Berkeley) 5/24/95 67 * $FreeBSD: src/sys/netinet/tcp_output.c,v 1.39.2.20 2003/01/29 22:45:36 hsu Exp $ 68 * $DragonFly: src/sys/netinet/tcp_output.c,v 1.34 2007/04/22 01:13:14 dillon Exp $ 69 */ 70 71 #include "opt_inet.h" 72 #include "opt_inet6.h" 73 #include "opt_ipsec.h" 74 #include "opt_tcpdebug.h" 75 76 #include <sys/param.h> 77 #include <sys/systm.h> 78 #include <sys/kernel.h> 79 #include <sys/sysctl.h> 80 #include <sys/mbuf.h> 81 #include <sys/domain.h> 82 #include <sys/protosw.h> 83 #include <sys/socket.h> 84 #include <sys/socketvar.h> 85 #include <sys/in_cksum.h> 86 #include <sys/thread.h> 87 #include <sys/globaldata.h> 88 89 #include <net/route.h> 90 91 #include <netinet/in.h> 92 #include <netinet/in_systm.h> 93 #include <netinet/ip.h> 94 #include <netinet/in_pcb.h> 95 #include <netinet/ip_var.h> 96 #include <netinet6/in6_pcb.h> 97 #include <netinet/ip6.h> 98 #include <netinet6/ip6_var.h> 99 #include <netinet/tcp.h> 100 #define TCPOUTFLAGS 101 #include <netinet/tcp_fsm.h> 102 #include <netinet/tcp_seq.h> 103 #include <netinet/tcp_timer.h> 104 #include <netinet/tcp_timer2.h> 105 #include <netinet/tcp_var.h> 106 #include <netinet/tcpip.h> 107 #ifdef TCPDEBUG 108 #include <netinet/tcp_debug.h> 109 #endif 110 111 #ifdef IPSEC 112 #include <netinet6/ipsec.h> 113 #endif /*IPSEC*/ 114 115 #ifdef FAST_IPSEC 116 #include <netproto/ipsec/ipsec.h> 117 #define IPSEC 118 #endif /*FAST_IPSEC*/ 119 120 #ifdef notyet 121 extern struct mbuf *m_copypack(); 122 #endif 123 124 int path_mtu_discovery = 0; 125 SYSCTL_INT(_net_inet_tcp, OID_AUTO, path_mtu_discovery, CTLFLAG_RW, 126 &path_mtu_discovery, 1, "Enable Path MTU Discovery"); 127 128 static int avoid_pure_win_update = 1; 129 SYSCTL_INT(_net_inet_tcp, OID_AUTO, avoid_pure_win_update, CTLFLAG_RW, 130 &avoid_pure_win_update, 1, "Avoid pure window updates when possible"); 131 132 int tcp_do_autosndbuf = 1; 133 SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_auto, CTLFLAG_RW, 134 &tcp_do_autosndbuf, 0, "Enable automatic send buffer sizing"); 135 136 int tcp_autosndbuf_inc = 8*1024; 137 SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_inc, CTLFLAG_RW, 138 &tcp_autosndbuf_inc, 0, "Incrementor step size of automatic send buffer"); 139 140 int tcp_autosndbuf_max = 2*1024*1024; 141 SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_max, CTLFLAG_RW, 142 &tcp_autosndbuf_max, 0, "Max size of automatic send buffer"); 143 144 /* 145 * Tcp output routine: figure out what should be sent and send it. 146 */ 147 int 148 tcp_output(struct tcpcb *tp) 149 { 150 struct inpcb * const inp = tp->t_inpcb; 151 struct socket *so = inp->inp_socket; 152 long len, recvwin, sendwin; 153 int nsacked = 0; 154 int off, flags, error = 0; 155 #ifdef TCP_SIGNATURE 156 int sigoff = 0; 157 #endif 158 struct mbuf *m; 159 struct ip *ip; 160 struct ipovly *ipov; 161 struct tcphdr *th; 162 u_char opt[TCP_MAXOLEN]; 163 unsigned int ipoptlen, optlen, hdrlen; 164 int idle; 165 boolean_t sendalot; 166 struct ip6_hdr *ip6; 167 #ifdef INET6 168 const boolean_t isipv6 = (inp->inp_vflag & INP_IPV6) != 0; 169 #else 170 const boolean_t isipv6 = FALSE; 171 #endif 172 173 KKASSERT(so->so_port == &curthread->td_msgport); 174 175 /* 176 * Determine length of data that should be transmitted, 177 * and flags that will be used. 178 * If there is some data or critical controls (SYN, RST) 179 * to send, then transmit; otherwise, investigate further. 180 */ 181 182 /* 183 * If we have been idle for a while, the send congestion window 184 * could be no longer representative of the current state of the link. 185 * So unless we are expecting more acks to come in, slow-start from 186 * scratch to re-determine the send congestion window. 187 */ 188 if (tp->snd_max == tp->snd_una && 189 (ticks - tp->t_rcvtime) >= tp->t_rxtcur) { 190 u_long initial_cwnd = tcp_initial_window(tp); 191 192 /* 193 * According to RFC5681: 194 * RW=min(IW,cwnd) 195 */ 196 tp->snd_cwnd = min(tp->snd_cwnd, initial_cwnd); 197 tp->snd_wacked = 0; 198 } 199 200 /* 201 * Calculate whether the transmit stream was previously idle 202 * and adjust TF_LASTIDLE for the next time. 203 */ 204 idle = (tp->t_flags & TF_LASTIDLE) || (tp->snd_max == tp->snd_una); 205 if (idle && (tp->t_flags & TF_MORETOCOME)) 206 tp->t_flags |= TF_LASTIDLE; 207 else 208 tp->t_flags &= ~TF_LASTIDLE; 209 210 if (TCP_DO_SACK(tp) && tp->snd_nxt != tp->snd_max && 211 !IN_FASTRECOVERY(tp)) 212 nsacked = tcp_sack_bytes_below(&tp->scb, tp->snd_nxt); 213 214 again: 215 m = NULL; 216 ip = NULL; 217 ipov = NULL; 218 th = NULL; 219 ip6 = NULL; 220 221 /* Make use of SACK information when slow-starting after a RTO. */ 222 if (TCP_DO_SACK(tp) && tp->snd_nxt != tp->snd_max && 223 !IN_FASTRECOVERY(tp)) { 224 tcp_seq old_snd_nxt = tp->snd_nxt; 225 226 tcp_sack_skip_sacked(&tp->scb, &tp->snd_nxt); 227 nsacked += tp->snd_nxt - old_snd_nxt; 228 } 229 230 sendalot = FALSE; 231 off = tp->snd_nxt - tp->snd_una; 232 sendwin = min(tp->snd_wnd, tp->snd_cwnd + nsacked); 233 sendwin = min(sendwin, tp->snd_bwnd); 234 235 flags = tcp_outflags[tp->t_state]; 236 /* 237 * Get standard flags, and add SYN or FIN if requested by 'hidden' 238 * state flags. 239 */ 240 if (tp->t_flags & TF_NEEDFIN) 241 flags |= TH_FIN; 242 if (tp->t_flags & TF_NEEDSYN) 243 flags |= TH_SYN; 244 245 /* 246 * If in persist timeout with window of 0, send 1 byte. 247 * Otherwise, if window is small but nonzero 248 * and timer expired, we will send what we can 249 * and go to transmit state. 250 */ 251 if (tp->t_flags & TF_FORCE) { 252 if (sendwin == 0) { 253 /* 254 * If we still have some data to send, then 255 * clear the FIN bit. Usually this would 256 * happen below when it realizes that we 257 * aren't sending all the data. However, 258 * if we have exactly 1 byte of unsent data, 259 * then it won't clear the FIN bit below, 260 * and if we are in persist state, we wind 261 * up sending the packet without recording 262 * that we sent the FIN bit. 263 * 264 * We can't just blindly clear the FIN bit, 265 * because if we don't have any more data 266 * to send then the probe will be the FIN 267 * itself. 268 */ 269 if (off < so->so_snd.ssb_cc) 270 flags &= ~TH_FIN; 271 sendwin = 1; 272 } else { 273 tcp_callout_stop(tp, tp->tt_persist); 274 tp->t_rxtshift = 0; 275 } 276 } 277 278 /* 279 * If snd_nxt == snd_max and we have transmitted a FIN, the 280 * offset will be > 0 even if so_snd.ssb_cc is 0, resulting in 281 * a negative length. This can also occur when TCP opens up 282 * its congestion window while receiving additional duplicate 283 * acks after fast-retransmit because TCP will reset snd_nxt 284 * to snd_max after the fast-retransmit. 285 * 286 * A negative length can also occur when we are in the 287 * TCPS_SYN_RECEIVED state due to a simultanious connect where 288 * our SYN has not been acked yet. 289 * 290 * In the normal retransmit-FIN-only case, however, snd_nxt will 291 * be set to snd_una, the offset will be 0, and the length may 292 * wind up 0. 293 */ 294 len = (long)ulmin(so->so_snd.ssb_cc, sendwin) - off; 295 296 /* 297 * Lop off SYN bit if it has already been sent. However, if this 298 * is SYN-SENT state and if segment contains data, suppress sending 299 * segment (sending the segment would be an option if we still 300 * did TAO and the remote host supported it). 301 */ 302 if ((flags & TH_SYN) && SEQ_GT(tp->snd_nxt, tp->snd_una)) { 303 flags &= ~TH_SYN; 304 off--, len++; 305 if (len > 0 && tp->t_state == TCPS_SYN_SENT) 306 return 0; 307 } 308 309 /* 310 * Be careful not to send data and/or FIN on SYN segments. 311 * This measure is needed to prevent interoperability problems 312 * with not fully conformant TCP implementations. 313 */ 314 if (flags & TH_SYN) { 315 len = 0; 316 flags &= ~TH_FIN; 317 } 318 319 if (len < 0) { 320 /* 321 * A negative len can occur if our FIN has been sent but not 322 * acked, or if we are in a simultanious connect in the 323 * TCPS_SYN_RECEIVED state with our SYN sent but not yet 324 * acked. 325 * 326 * If our window has contracted to 0 in the FIN case 327 * (which can only occur if we have NOT been called to 328 * retransmit as per code a few paragraphs up) then we 329 * want to shift the retransmit timer over to the 330 * persist timer. 331 * 332 * However, if we are in the TCPS_SYN_RECEIVED state 333 * (the SYN case) we will be in a simultanious connect and 334 * the window may be zero degeneratively. In this case we 335 * do not want to shift to the persist timer after the SYN 336 * or the SYN+ACK transmission. 337 */ 338 len = 0; 339 if (sendwin == 0 && tp->t_state != TCPS_SYN_RECEIVED) { 340 tcp_callout_stop(tp, tp->tt_rexmt); 341 tp->t_rxtshift = 0; 342 tp->snd_nxt = tp->snd_una; 343 if (!tcp_callout_active(tp, tp->tt_persist)) 344 tcp_setpersist(tp); 345 } 346 } 347 348 KASSERT(len >= 0, ("%s: len < 0", __func__)); 349 /* 350 * Automatic sizing of send socket buffer. Often the send buffer 351 * size is not optimally adjusted to the actual network conditions 352 * at hand (delay bandwidth product). Setting the buffer size too 353 * small limits throughput on links with high bandwidth and high 354 * delay (eg. trans-continental/oceanic links). Setting the 355 * buffer size too big consumes too much real kernel memory, 356 * especially with many connections on busy servers. 357 * 358 * The criteria to step up the send buffer one notch are: 359 * 1. receive window of remote host is larger than send buffer 360 * (with a fudge factor of 5/4th); 361 * 2. send buffer is filled to 7/8th with data (so we actually 362 * have data to make use of it); 363 * 3. send buffer fill has not hit maximal automatic size; 364 * 4. our send window (slow start and cogestion controlled) is 365 * larger than sent but unacknowledged data in send buffer. 366 * 367 * The remote host receive window scaling factor may limit the 368 * growing of the send buffer before it reaches its allowed 369 * maximum. 370 * 371 * It scales directly with slow start or congestion window 372 * and does at most one step per received ACK. This fast 373 * scaling has the drawback of growing the send buffer beyond 374 * what is strictly necessary to make full use of a given 375 * delay*bandwith product. However testing has shown this not 376 * to be much of an problem. At worst we are trading wasting 377 * of available bandwith (the non-use of it) for wasting some 378 * socket buffer memory. 379 * 380 * TODO: Shrink send buffer during idle periods together 381 * with congestion window. Requires another timer. Has to 382 * wait for upcoming tcp timer rewrite. 383 */ 384 if (tcp_do_autosndbuf && so->so_snd.ssb_flags & SSB_AUTOSIZE) { 385 if ((tp->snd_wnd / 4 * 5) >= so->so_snd.ssb_hiwat && 386 so->so_snd.ssb_cc >= (so->so_snd.ssb_hiwat / 8 * 7) && 387 so->so_snd.ssb_cc < tcp_autosndbuf_max && 388 sendwin >= (so->so_snd.ssb_cc - (tp->snd_nxt - tp->snd_una))) { 389 u_long newsize; 390 391 newsize = ulmin(so->so_snd.ssb_hiwat + 392 tcp_autosndbuf_inc, 393 tcp_autosndbuf_max); 394 if (!ssb_reserve(&so->so_snd, newsize, so, NULL)) 395 atomic_clear_int(&so->so_snd.ssb_flags, SSB_AUTOSIZE); 396 if (newsize >= (TCP_MAXWIN << tp->snd_scale)) 397 atomic_clear_int(&so->so_snd.ssb_flags, SSB_AUTOSIZE); 398 } 399 } 400 401 /* 402 * Truncate to the maximum segment length and ensure that FIN is 403 * removed if the length no longer contains the last data byte. 404 */ 405 if (len > tp->t_maxseg) { 406 len = tp->t_maxseg; 407 sendalot = TRUE; 408 } 409 if (SEQ_LT(tp->snd_nxt + len, tp->snd_una + so->so_snd.ssb_cc)) 410 flags &= ~TH_FIN; 411 412 recvwin = ssb_space(&so->so_rcv); 413 414 /* 415 * Sender silly window avoidance. We transmit under the following 416 * conditions when len is non-zero: 417 * 418 * - We have a full segment 419 * - This is the last buffer in a write()/send() and we are 420 * either idle or running NODELAY 421 * - we've timed out (e.g. persist timer) 422 * - we have more then 1/2 the maximum send window's worth of 423 * data (receiver may be limiting the window size) 424 * - we need to retransmit 425 */ 426 if (len) { 427 if (len == tp->t_maxseg) 428 goto send; 429 /* 430 * NOTE! on localhost connections an 'ack' from the remote 431 * end may occur synchronously with the output and cause 432 * us to flush a buffer queued with moretocome. XXX 433 * 434 * note: the len + off check is almost certainly unnecessary. 435 */ 436 if (!(tp->t_flags & TF_MORETOCOME) && /* normal case */ 437 (idle || (tp->t_flags & TF_NODELAY)) && 438 len + off >= so->so_snd.ssb_cc && 439 !(tp->t_flags & TF_NOPUSH)) { 440 goto send; 441 } 442 if (tp->t_flags & TF_FORCE) /* typ. timeout case */ 443 goto send; 444 if (len >= tp->max_sndwnd / 2 && tp->max_sndwnd > 0) 445 goto send; 446 if (SEQ_LT(tp->snd_nxt, tp->snd_max)) /* retransmit case */ 447 goto send; 448 } 449 450 /* 451 * Compare available window to amount of window 452 * known to peer (as advertised window less 453 * next expected input). If the difference is at least two 454 * max size segments, or at least 50% of the maximum possible 455 * window, then want to send a window update to peer. 456 */ 457 if (recvwin > 0) { 458 /* 459 * "adv" is the amount we can increase the window, 460 * taking into account that we are limited by 461 * TCP_MAXWIN << tp->rcv_scale. 462 */ 463 long adv = min(recvwin, (long)TCP_MAXWIN << tp->rcv_scale) - 464 (tp->rcv_adv - tp->rcv_nxt); 465 long hiwat; 466 467 /* 468 * This ack case typically occurs when the user has drained 469 * the TCP socket buffer sufficiently to warrent an ack 470 * containing a 'pure window update'... that is, an ack that 471 * ONLY updates the tcp window. 472 * 473 * It is unclear why we would need to do a pure window update 474 * past 2 segments if we are going to do one at 1/2 the high 475 * water mark anyway, especially since under normal conditions 476 * the user program will drain the socket buffer quickly. 477 * The 2-segment pure window update will often add a large 478 * number of extra, unnecessary acks to the stream. 479 * 480 * avoid_pure_win_update now defaults to 1. 481 */ 482 if (avoid_pure_win_update == 0 || 483 (tp->t_flags & TF_RXRESIZED)) { 484 if (adv >= (long) (2 * tp->t_maxseg)) { 485 goto send; 486 } 487 } 488 hiwat = (long)(TCP_MAXWIN << tp->rcv_scale); 489 if (hiwat > (long)so->so_rcv.ssb_hiwat) 490 hiwat = (long)so->so_rcv.ssb_hiwat; 491 if (adv >= hiwat / 2) 492 goto send; 493 } 494 495 /* 496 * Send if we owe the peer an ACK, RST, SYN, or urgent data. ACKNOW 497 * is also a catch-all for the retransmit timer timeout case. 498 */ 499 if (tp->t_flags & TF_ACKNOW) 500 goto send; 501 if ((flags & TH_RST) || 502 ((flags & TH_SYN) && !(tp->t_flags & TF_NEEDSYN))) 503 goto send; 504 if (SEQ_GT(tp->snd_up, tp->snd_una)) 505 goto send; 506 /* 507 * If our state indicates that FIN should be sent 508 * and we have not yet done so, then we need to send. 509 */ 510 if ((flags & TH_FIN) && 511 (!(tp->t_flags & TF_SENTFIN) || tp->snd_nxt == tp->snd_una)) 512 goto send; 513 514 /* 515 * TCP window updates are not reliable, rather a polling protocol 516 * using ``persist'' packets is used to insure receipt of window 517 * updates. The three ``states'' for the output side are: 518 * idle not doing retransmits or persists 519 * persisting to move a small or zero window 520 * (re)transmitting and thereby not persisting 521 * 522 * tcp_callout_active(tp, tp->tt_persist) 523 * is true when we are in persist state. 524 * The TF_FORCE flag in tp->t_flags 525 * is set when we are called to send a persist packet. 526 * tcp_callout_active(tp, tp->tt_rexmt) 527 * is set when we are retransmitting 528 * The output side is idle when both timers are zero. 529 * 530 * If send window is too small, there is data to transmit, and no 531 * retransmit or persist is pending, then go to persist state. 532 * 533 * If nothing happens soon, send when timer expires: 534 * if window is nonzero, transmit what we can, otherwise force out 535 * a byte. 536 * 537 * Don't try to set the persist state if we are in TCPS_SYN_RECEIVED 538 * with data pending. This situation can occur during a 539 * simultanious connect. 540 */ 541 if (so->so_snd.ssb_cc > 0 && 542 tp->t_state != TCPS_SYN_RECEIVED && 543 !tcp_callout_active(tp, tp->tt_rexmt) && 544 !tcp_callout_active(tp, tp->tt_persist)) { 545 tp->t_rxtshift = 0; 546 tcp_setpersist(tp); 547 } 548 549 /* 550 * No reason to send a segment, just return. 551 */ 552 return (0); 553 554 send: 555 /* 556 * Before ESTABLISHED, force sending of initial options 557 * unless TCP set not to do any options. 558 * NOTE: we assume that the IP/TCP header plus TCP options 559 * always fit in a single mbuf, leaving room for a maximum 560 * link header, i.e. 561 * max_linkhdr + sizeof(struct tcpiphdr) + optlen <= MCLBYTES 562 */ 563 optlen = 0; 564 if (isipv6) 565 hdrlen = sizeof(struct ip6_hdr) + sizeof(struct tcphdr); 566 else 567 hdrlen = sizeof(struct tcpiphdr); 568 if (flags & TH_SYN) { 569 tp->snd_nxt = tp->iss; 570 if (!(tp->t_flags & TF_NOOPT)) { 571 u_short mss; 572 573 opt[0] = TCPOPT_MAXSEG; 574 opt[1] = TCPOLEN_MAXSEG; 575 mss = htons((u_short) tcp_mssopt(tp)); 576 memcpy(opt + 2, &mss, sizeof mss); 577 optlen = TCPOLEN_MAXSEG; 578 579 if ((tp->t_flags & TF_REQ_SCALE) && 580 (!(flags & TH_ACK) || 581 (tp->t_flags & TF_RCVD_SCALE))) { 582 *((u_int32_t *)(opt + optlen)) = htonl( 583 TCPOPT_NOP << 24 | 584 TCPOPT_WINDOW << 16 | 585 TCPOLEN_WINDOW << 8 | 586 tp->request_r_scale); 587 optlen += 4; 588 } 589 590 if ((tcp_do_sack && !(flags & TH_ACK)) || 591 tp->t_flags & TF_SACK_PERMITTED) { 592 uint32_t *lp = (uint32_t *)(opt + optlen); 593 594 *lp = htonl(TCPOPT_SACK_PERMITTED_ALIGNED); 595 optlen += TCPOLEN_SACK_PERMITTED_ALIGNED; 596 } 597 } 598 } 599 600 /* 601 * Send a timestamp and echo-reply if this is a SYN and our side 602 * wants to use timestamps (TF_REQ_TSTMP is set) or both our side 603 * and our peer have sent timestamps in our SYN's. 604 */ 605 if ((tp->t_flags & (TF_REQ_TSTMP | TF_NOOPT)) == TF_REQ_TSTMP && 606 !(flags & TH_RST) && 607 (!(flags & TH_ACK) || (tp->t_flags & TF_RCVD_TSTMP))) { 608 u_int32_t *lp = (u_int32_t *)(opt + optlen); 609 610 /* Form timestamp option as shown in appendix A of RFC 1323. */ 611 *lp++ = htonl(TCPOPT_TSTAMP_HDR); 612 *lp++ = htonl(ticks); 613 *lp = htonl(tp->ts_recent); 614 optlen += TCPOLEN_TSTAMP_APPA; 615 } 616 617 /* Set receive buffer autosizing timestamp. */ 618 if (tp->rfbuf_ts == 0 && (so->so_rcv.ssb_flags & SSB_AUTOSIZE)) 619 tp->rfbuf_ts = ticks; 620 621 /* 622 * If this is a SACK connection and we have a block to report, 623 * fill in the SACK blocks in the TCP options. 624 */ 625 if ((tp->t_flags & (TF_SACK_PERMITTED | TF_NOOPT)) == 626 TF_SACK_PERMITTED && 627 (!LIST_EMPTY(&tp->t_segq) || 628 tp->reportblk.rblk_start != tp->reportblk.rblk_end)) 629 tcp_sack_fill_report(tp, opt, &optlen); 630 631 #ifdef TCP_SIGNATURE 632 if (tp->t_flags & TF_SIGNATURE) { 633 int i; 634 u_char *bp; 635 /* 636 * Initialize TCP-MD5 option (RFC2385) 637 */ 638 bp = (u_char *)opt + optlen; 639 *bp++ = TCPOPT_SIGNATURE; 640 *bp++ = TCPOLEN_SIGNATURE; 641 sigoff = optlen + 2; 642 for (i = 0; i < TCP_SIGLEN; i++) 643 *bp++ = 0; 644 optlen += TCPOLEN_SIGNATURE; 645 /* 646 * Terminate options list and maintain 32-bit alignment. 647 */ 648 *bp++ = TCPOPT_NOP; 649 *bp++ = TCPOPT_EOL; 650 optlen += 2; 651 } 652 #endif /* TCP_SIGNATURE */ 653 KASSERT(optlen <= TCP_MAXOLEN, ("too many TCP options")); 654 hdrlen += optlen; 655 656 if (isipv6) { 657 ipoptlen = ip6_optlen(inp); 658 } else { 659 if (inp->inp_options) { 660 ipoptlen = inp->inp_options->m_len - 661 offsetof(struct ipoption, ipopt_list); 662 } else { 663 ipoptlen = 0; 664 } 665 } 666 #ifdef IPSEC 667 ipoptlen += ipsec_hdrsiz_tcp(tp); 668 #endif 669 670 /* 671 * Adjust data length if insertion of options will bump the packet 672 * length beyond the t_maxopd length. Clear FIN to prevent premature 673 * closure since there is still more data to send after this (now 674 * truncated) packet. 675 * 676 * If just the options do not fit we are in a no-win situation and 677 * we treat it as an unreachable host. 678 */ 679 if (len + optlen + ipoptlen > tp->t_maxopd) { 680 if (tp->t_maxopd <= optlen + ipoptlen) { 681 static time_t last_optlen_report; 682 683 if (last_optlen_report != time_second) { 684 last_optlen_report = time_second; 685 kprintf("tcpcb %p: MSS (%d) too small to hold options!\n", tp, tp->t_maxopd); 686 } 687 error = EHOSTUNREACH; 688 goto out; 689 } else { 690 flags &= ~TH_FIN; 691 len = tp->t_maxopd - optlen - ipoptlen; 692 sendalot = TRUE; 693 } 694 } 695 696 #ifdef INET6 697 KASSERT(max_linkhdr + hdrlen <= MCLBYTES, ("tcphdr too big")); 698 #else 699 KASSERT(max_linkhdr + hdrlen <= MHLEN, ("tcphdr too big")); 700 #endif 701 702 /* 703 * Grab a header mbuf, attaching a copy of data to 704 * be transmitted, and initialize the header from 705 * the template for sends on this connection. 706 */ 707 if (len) { 708 if ((tp->t_flags & TF_FORCE) && len == 1) 709 tcpstat.tcps_sndprobe++; 710 else if (SEQ_LT(tp->snd_nxt, tp->snd_max)) { 711 if (tp->snd_nxt == tp->snd_una) 712 tp->snd_max_rexmt = tp->snd_max; 713 if (nsacked) { 714 tcpstat.tcps_sndsackrtopack++; 715 tcpstat.tcps_sndsackrtobyte += len; 716 } 717 tcpstat.tcps_sndrexmitpack++; 718 tcpstat.tcps_sndrexmitbyte += len; 719 } else { 720 tcpstat.tcps_sndpack++; 721 tcpstat.tcps_sndbyte += len; 722 } 723 #ifdef notyet 724 if ((m = m_copypack(so->so_snd.ssb_mb, off, (int)len, 725 max_linkhdr + hdrlen)) == NULL) { 726 error = ENOBUFS; 727 goto after_th; 728 } 729 /* 730 * m_copypack left space for our hdr; use it. 731 */ 732 m->m_len += hdrlen; 733 m->m_data -= hdrlen; 734 #else 735 #ifndef INET6 736 m = m_gethdr(MB_DONTWAIT, MT_HEADER); 737 #else 738 m = m_getl(hdrlen + max_linkhdr, MB_DONTWAIT, MT_HEADER, 739 M_PKTHDR, NULL); 740 #endif 741 if (m == NULL) { 742 error = ENOBUFS; 743 goto after_th; 744 } 745 m->m_data += max_linkhdr; 746 m->m_len = hdrlen; 747 if (len <= MHLEN - hdrlen - max_linkhdr) { 748 m_copydata(so->so_snd.ssb_mb, off, (int) len, 749 mtod(m, caddr_t) + hdrlen); 750 m->m_len += len; 751 } else { 752 m->m_next = m_copy(so->so_snd.ssb_mb, off, (int) len); 753 if (m->m_next == NULL) { 754 m_free(m); 755 m = NULL; 756 error = ENOBUFS; 757 goto after_th; 758 } 759 } 760 #endif 761 /* 762 * If we're sending everything we've got, set PUSH. 763 * (This will keep happy those implementations which only 764 * give data to the user when a buffer fills or 765 * a PUSH comes in.) 766 */ 767 if (off + len == so->so_snd.ssb_cc) 768 flags |= TH_PUSH; 769 } else { 770 if (tp->t_flags & TF_ACKNOW) 771 tcpstat.tcps_sndacks++; 772 else if (flags & (TH_SYN | TH_FIN | TH_RST)) 773 tcpstat.tcps_sndctrl++; 774 else if (SEQ_GT(tp->snd_up, tp->snd_una)) 775 tcpstat.tcps_sndurg++; 776 else 777 tcpstat.tcps_sndwinup++; 778 779 MGETHDR(m, MB_DONTWAIT, MT_HEADER); 780 if (m == NULL) { 781 error = ENOBUFS; 782 goto after_th; 783 } 784 if (isipv6 && 785 (hdrlen + max_linkhdr > MHLEN) && hdrlen <= MHLEN) 786 MH_ALIGN(m, hdrlen); 787 else 788 m->m_data += max_linkhdr; 789 m->m_len = hdrlen; 790 } 791 m->m_pkthdr.rcvif = NULL; 792 if (isipv6) { 793 ip6 = mtod(m, struct ip6_hdr *); 794 th = (struct tcphdr *)(ip6 + 1); 795 tcp_fillheaders(tp, ip6, th); 796 } else { 797 ip = mtod(m, struct ip *); 798 ipov = (struct ipovly *)ip; 799 th = (struct tcphdr *)(ip + 1); 800 /* this picks up the pseudo header (w/o the length) */ 801 tcp_fillheaders(tp, ip, th); 802 } 803 after_th: 804 /* 805 * Fill in fields, remembering maximum advertised 806 * window for use in delaying messages about window sizes. 807 * If resending a FIN, be sure not to use a new sequence number. 808 */ 809 if (flags & TH_FIN && tp->t_flags & TF_SENTFIN && 810 tp->snd_nxt == tp->snd_max) 811 tp->snd_nxt--; 812 813 if (th != NULL) { 814 /* 815 * If we are doing retransmissions, then snd_nxt will 816 * not reflect the first unsent octet. For ACK only 817 * packets, we do not want the sequence number of the 818 * retransmitted packet, we want the sequence number 819 * of the next unsent octet. So, if there is no data 820 * (and no SYN or FIN), use snd_max instead of snd_nxt 821 * when filling in ti_seq. But if we are in persist 822 * state, snd_max might reflect one byte beyond the 823 * right edge of the window, so use snd_nxt in that 824 * case, since we know we aren't doing a retransmission. 825 * (retransmit and persist are mutually exclusive...) 826 */ 827 if (len || (flags & (TH_SYN|TH_FIN)) || 828 tcp_callout_active(tp, tp->tt_persist)) 829 th->th_seq = htonl(tp->snd_nxt); 830 else 831 th->th_seq = htonl(tp->snd_max); 832 th->th_ack = htonl(tp->rcv_nxt); 833 if (optlen) { 834 bcopy(opt, th + 1, optlen); 835 th->th_off = (sizeof(struct tcphdr) + optlen) >> 2; 836 } 837 th->th_flags = flags; 838 } 839 840 /* 841 * Calculate receive window. Don't shrink window, but avoid 842 * silly window syndrome by sending a 0 window if the actual 843 * window is less then one segment. 844 */ 845 if (recvwin < (long)(so->so_rcv.ssb_hiwat / 4) && 846 recvwin < (long)tp->t_maxseg) 847 recvwin = 0; 848 if (recvwin < (tcp_seq_diff_t)(tp->rcv_adv - tp->rcv_nxt)) 849 recvwin = (tcp_seq_diff_t)(tp->rcv_adv - tp->rcv_nxt); 850 if (recvwin > (long)TCP_MAXWIN << tp->rcv_scale) 851 recvwin = (long)TCP_MAXWIN << tp->rcv_scale; 852 853 /* 854 * Adjust the RXWIN0SENT flag - indicate that we have advertised 855 * a 0 window. This may cause the remote transmitter to stall. This 856 * flag tells soreceive() to disable delayed acknowledgements when 857 * draining the buffer. This can occur if the receiver is attempting 858 * to read more data then can be buffered prior to transmitting on 859 * the connection. 860 */ 861 if (recvwin == 0) 862 tp->t_flags |= TF_RXWIN0SENT; 863 else 864 tp->t_flags &= ~TF_RXWIN0SENT; 865 866 if (th != NULL) 867 th->th_win = htons((u_short) (recvwin>>tp->rcv_scale)); 868 869 if (SEQ_GT(tp->snd_up, tp->snd_nxt)) { 870 if (th != NULL) { 871 th->th_urp = htons((u_short)(tp->snd_up - tp->snd_nxt)); 872 th->th_flags |= TH_URG; 873 } 874 } else { 875 /* 876 * If no urgent pointer to send, then we pull 877 * the urgent pointer to the left edge of the send window 878 * so that it doesn't drift into the send window on sequence 879 * number wraparound. 880 */ 881 tp->snd_up = tp->snd_una; /* drag it along */ 882 } 883 884 if (th != NULL) { 885 #ifdef TCP_SIGNATURE 886 if (tp->t_flags & TF_SIGNATURE) { 887 tcpsignature_compute(m, len, optlen, 888 (u_char *)(th + 1) + sigoff, IPSEC_DIR_OUTBOUND); 889 } 890 #endif /* TCP_SIGNATURE */ 891 892 /* 893 * Put TCP length in extended header, and then 894 * checksum extended header and data. 895 */ 896 m->m_pkthdr.len = hdrlen + len; /* in6_cksum() need this */ 897 if (isipv6) { 898 /* 899 * ip6_plen is not need to be filled now, and will be 900 * filled in ip6_output(). 901 */ 902 th->th_sum = in6_cksum(m, IPPROTO_TCP, 903 sizeof(struct ip6_hdr), 904 sizeof(struct tcphdr) + optlen + len); 905 } else { 906 m->m_pkthdr.csum_flags = CSUM_TCP; 907 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); 908 if (len + optlen) { 909 th->th_sum = in_addword(th->th_sum, 910 htons((u_short)(optlen + len))); 911 } 912 913 /* 914 * IP version must be set here for ipv4/ipv6 checking 915 * later 916 */ 917 KASSERT(ip->ip_v == IPVERSION, 918 ("%s: IP version incorrect: %d", 919 __func__, ip->ip_v)); 920 } 921 } 922 923 /* 924 * In transmit state, time the transmission and arrange for 925 * the retransmit. In persist state, just set snd_max. 926 */ 927 if (!(tp->t_flags & TF_FORCE) || 928 !tcp_callout_active(tp, tp->tt_persist)) { 929 tcp_seq startseq = tp->snd_nxt; 930 931 /* 932 * Advance snd_nxt over sequence space of this segment. 933 */ 934 if (flags & (TH_SYN | TH_FIN)) { 935 if (flags & TH_SYN) 936 tp->snd_nxt++; 937 if (flags & TH_FIN) { 938 tp->snd_nxt++; 939 tp->t_flags |= TF_SENTFIN; 940 } 941 } 942 tp->snd_nxt += len; 943 if (SEQ_GT(tp->snd_nxt, tp->snd_max)) { 944 tp->snd_max = tp->snd_nxt; 945 /* 946 * Time this transmission if not a retransmission and 947 * not currently timing anything. 948 */ 949 if (tp->t_rtttime == 0) { 950 tp->t_rtttime = ticks; 951 tp->t_rtseq = startseq; 952 tcpstat.tcps_segstimed++; 953 } 954 } 955 956 /* 957 * Set retransmit timer if not currently set, 958 * and not doing a pure ack or a keep-alive probe. 959 * Initial value for retransmit timer is smoothed 960 * round-trip time + 2 * round-trip time variance. 961 * Initialize shift counter which is used for backoff 962 * of retransmit time. 963 */ 964 if (!tcp_callout_active(tp, tp->tt_rexmt) && 965 tp->snd_nxt != tp->snd_una) { 966 if (tcp_callout_active(tp, tp->tt_persist)) { 967 tcp_callout_stop(tp, tp->tt_persist); 968 tp->t_rxtshift = 0; 969 } 970 tcp_callout_reset(tp, tp->tt_rexmt, tp->t_rxtcur, 971 tcp_timer_rexmt); 972 } 973 } else { 974 /* 975 * Persist case, update snd_max but since we are in 976 * persist mode (no window) we do not update snd_nxt. 977 */ 978 int xlen = len; 979 if (flags & TH_SYN) 980 panic("tcp_output: persist timer to send SYN\n"); 981 if (flags & TH_FIN) { 982 ++xlen; 983 tp->t_flags |= TF_SENTFIN; 984 } 985 if (SEQ_GT(tp->snd_nxt + xlen, tp->snd_max)) 986 tp->snd_max = tp->snd_nxt + xlen; 987 } 988 989 if (th != NULL) { 990 #ifdef TCPDEBUG 991 /* Trace. */ 992 if (so->so_options & SO_DEBUG) { 993 tcp_trace(TA_OUTPUT, tp->t_state, tp, 994 mtod(m, void *), th, 0); 995 } 996 #endif 997 998 /* 999 * Fill in IP length and desired time to live and 1000 * send to IP level. There should be a better way 1001 * to handle ttl and tos; we could keep them in 1002 * the template, but need a way to checksum without them. 1003 */ 1004 /* 1005 * m->m_pkthdr.len should have been set before cksum 1006 * calcuration, because in6_cksum() need it. 1007 */ 1008 if (isipv6) { 1009 /* 1010 * we separately set hoplimit for every segment, 1011 * since the user might want to change the value 1012 * via setsockopt. Also, desired default hop 1013 * limit might be changed via Neighbor Discovery. 1014 */ 1015 ip6->ip6_hlim = in6_selecthlim(inp, 1016 (inp->in6p_route.ro_rt ? 1017 inp->in6p_route.ro_rt->rt_ifp : NULL)); 1018 1019 /* TODO: IPv6 IP6TOS_ECT bit on */ 1020 error = ip6_output(m, inp->in6p_outputopts, 1021 &inp->in6p_route, (so->so_options & SO_DONTROUTE), 1022 NULL, NULL, inp); 1023 } else { 1024 struct rtentry *rt; 1025 ip->ip_len = m->m_pkthdr.len; 1026 #ifdef INET6 1027 if (INP_CHECK_SOCKAF(so, AF_INET6)) 1028 ip->ip_ttl = in6_selecthlim(inp, 1029 (inp->in6p_route.ro_rt ? 1030 inp->in6p_route.ro_rt->rt_ifp : NULL)); 1031 else 1032 #endif 1033 ip->ip_ttl = inp->inp_ip_ttl; /* XXX */ 1034 1035 ip->ip_tos = inp->inp_ip_tos; /* XXX */ 1036 /* 1037 * See if we should do MTU discovery. 1038 * We do it only if the following are true: 1039 * 1) we have a valid route to the destination 1040 * 2) the MTU is not locked (if it is, 1041 * then discovery has been disabled) 1042 */ 1043 if (path_mtu_discovery && 1044 (rt = inp->inp_route.ro_rt) && 1045 (rt->rt_flags & RTF_UP) && 1046 !(rt->rt_rmx.rmx_locks & RTV_MTU)) 1047 ip->ip_off |= IP_DF; 1048 1049 error = ip_output(m, inp->inp_options, &inp->inp_route, 1050 (so->so_options & SO_DONTROUTE) | 1051 IP_DEBUGROUTE, NULL, inp); 1052 } 1053 } else { 1054 KASSERT(error != 0, ("no error, but th not set\n")); 1055 } 1056 if (error) { 1057 1058 /* 1059 * We know that the packet was lost, so back out the 1060 * sequence number advance, if any. 1061 */ 1062 if (!(tp->t_flags & TF_FORCE) || 1063 !tcp_callout_active(tp, tp->tt_persist)) { 1064 /* 1065 * No need to check for TH_FIN here because 1066 * the TF_SENTFIN flag handles that case. 1067 */ 1068 if (!(flags & TH_SYN)) 1069 tp->snd_nxt -= len; 1070 } 1071 1072 out: 1073 if (error == ENOBUFS) { 1074 /* 1075 * If we can't send, make sure there is something 1076 * to get us going again later. 1077 * 1078 * The persist timer isn't necessarily allowed in all 1079 * states, use the rexmt timer. 1080 */ 1081 if (!tcp_callout_active(tp, tp->tt_rexmt) && 1082 !tcp_callout_active(tp, tp->tt_persist)) { 1083 tcp_callout_reset(tp, tp->tt_rexmt, 1084 tp->t_rxtcur, 1085 tcp_timer_rexmt); 1086 #if 0 1087 tp->t_rxtshift = 0; 1088 tcp_setpersist(tp); 1089 #endif 1090 } 1091 tcp_quench(inp, 0); 1092 return (0); 1093 } 1094 if (error == EMSGSIZE) { 1095 /* 1096 * ip_output() will have already fixed the route 1097 * for us. tcp_mtudisc() will, as its last action, 1098 * initiate retransmission, so it is important to 1099 * not do so here. 1100 */ 1101 tcp_mtudisc(inp, 0); 1102 return 0; 1103 } 1104 if ((error == EHOSTUNREACH || error == ENETDOWN) && 1105 TCPS_HAVERCVDSYN(tp->t_state)) { 1106 tp->t_softerror = error; 1107 return (0); 1108 } 1109 return (error); 1110 } 1111 tcpstat.tcps_sndtotal++; 1112 1113 /* 1114 * Data sent (as far as we can tell). 1115 * 1116 * If this advertises a larger window than any other segment, 1117 * then remember the size of the advertised window. 1118 * 1119 * Any pending ACK has now been sent. 1120 */ 1121 if (recvwin > 0 && SEQ_GT(tp->rcv_nxt + recvwin, tp->rcv_adv)) { 1122 tp->rcv_adv = tp->rcv_nxt + recvwin; 1123 tp->t_flags &= ~TF_RXRESIZED; 1124 } 1125 tp->last_ack_sent = tp->rcv_nxt; 1126 tp->t_flags &= ~TF_ACKNOW; 1127 if (tcp_delack_enabled) 1128 tcp_callout_stop(tp, tp->tt_delack); 1129 if (sendalot) 1130 goto again; 1131 return (0); 1132 } 1133 1134 void 1135 tcp_setpersist(struct tcpcb *tp) 1136 { 1137 int t = ((tp->t_srtt >> 2) + tp->t_rttvar) >> 1; 1138 int tt; 1139 1140 if (tp->t_state == TCPS_SYN_SENT || 1141 tp->t_state == TCPS_SYN_RECEIVED) { 1142 panic("tcp_setpersist: not established yet, current %s\n", 1143 tp->t_state == TCPS_SYN_SENT ? 1144 "SYN_SENT" : "SYN_RECEIVED"); 1145 } 1146 1147 if (tcp_callout_active(tp, tp->tt_rexmt)) 1148 panic("tcp_setpersist: retransmit pending"); 1149 /* 1150 * Start/restart persistance timer. 1151 */ 1152 TCPT_RANGESET(tt, t * tcp_backoff[tp->t_rxtshift], TCPTV_PERSMIN, 1153 TCPTV_PERSMAX); 1154 tcp_callout_reset(tp, tp->tt_persist, tt, tcp_timer_persist); 1155 if (tp->t_rxtshift < TCP_MAXRXTSHIFT) 1156 tp->t_rxtshift++; 1157 } 1158