1 /* $NetBSD: tcp_output.c,v 1.166 2008/04/12 05:58:22 thorpej Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 /* 33 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 34 * 35 * NRL grants permission for redistribution and use in source and binary 36 * forms, with or without modification, of the software and documentation 37 * created at NRL provided that the following conditions are met: 38 * 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. All advertising materials mentioning features or use of this software 45 * must display the following acknowledgements: 46 * This product includes software developed by the University of 47 * California, Berkeley and its contributors. 48 * This product includes software developed at the Information 49 * Technology Division, US Naval Research Laboratory. 50 * 4. Neither the name of the NRL nor the names of its contributors 51 * may be used to endorse or promote products derived from this software 52 * without specific prior written permission. 53 * 54 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 55 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 56 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 57 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 58 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 59 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 60 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 61 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 62 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 63 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 64 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 65 * 66 * The views and conclusions contained in the software and documentation 67 * are those of the authors and should not be interpreted as representing 68 * official policies, either expressed or implied, of the US Naval 69 * Research Laboratory (NRL). 70 */ 71 72 /*- 73 * Copyright (c) 1997, 1998, 2001, 2005, 2006 The NetBSD Foundation, Inc. 74 * All rights reserved. 75 * 76 * This code is derived from software contributed to The NetBSD Foundation 77 * by Jason R. Thorpe and Kevin M. Lahey of the Numerical Aerospace Simulation 78 * Facility, NASA Ames Research Center. 79 * This code is derived from software contributed to The NetBSD Foundation 80 * by Charles M. Hannum. 81 * This code is derived from software contributed to The NetBSD Foundation 82 * by Rui Paulo. 83 * 84 * Redistribution and use in source and binary forms, with or without 85 * modification, are permitted provided that the following conditions 86 * are met: 87 * 1. Redistributions of source code must retain the above copyright 88 * notice, this list of conditions and the following disclaimer. 89 * 2. Redistributions in binary form must reproduce the above copyright 90 * notice, this list of conditions and the following disclaimer in the 91 * documentation and/or other materials provided with the distribution. 92 * 3. All advertising materials mentioning features or use of this software 93 * must display the following acknowledgement: 94 * This product includes software developed by the NetBSD 95 * Foundation, Inc. and its contributors. 96 * 4. Neither the name of The NetBSD Foundation nor the names of its 97 * contributors may be used to endorse or promote products derived 98 * from this software without specific prior written permission. 99 * 100 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 101 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 102 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 103 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 104 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 105 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 106 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 107 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 108 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 109 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 110 * POSSIBILITY OF SUCH DAMAGE. 111 */ 112 113 /* 114 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 115 * The Regents of the University of California. All rights reserved. 116 * 117 * Redistribution and use in source and binary forms, with or without 118 * modification, are permitted provided that the following conditions 119 * are met: 120 * 1. Redistributions of source code must retain the above copyright 121 * notice, this list of conditions and the following disclaimer. 122 * 2. Redistributions in binary form must reproduce the above copyright 123 * notice, this list of conditions and the following disclaimer in the 124 * documentation and/or other materials provided with the distribution. 125 * 3. Neither the name of the University nor the names of its contributors 126 * may be used to endorse or promote products derived from this software 127 * without specific prior written permission. 128 * 129 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 130 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 131 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 132 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 133 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 134 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 135 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 136 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 137 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 138 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 139 * SUCH DAMAGE. 140 * 141 * @(#)tcp_output.c 8.4 (Berkeley) 5/24/95 142 */ 143 144 #include <sys/cdefs.h> 145 __KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.166 2008/04/12 05:58:22 thorpej Exp $"); 146 147 #include "opt_inet.h" 148 #include "opt_ipsec.h" 149 #include "opt_tcp_debug.h" 150 151 #include <sys/param.h> 152 #include <sys/systm.h> 153 #include <sys/malloc.h> 154 #include <sys/mbuf.h> 155 #include <sys/protosw.h> 156 #include <sys/socket.h> 157 #include <sys/socketvar.h> 158 #include <sys/errno.h> 159 #include <sys/domain.h> 160 #include <sys/kernel.h> 161 #ifdef TCP_SIGNATURE 162 #include <sys/md5.h> 163 #endif 164 165 #include <net/if.h> 166 #include <net/route.h> 167 168 #include <netinet/in.h> 169 #include <netinet/in_systm.h> 170 #include <netinet/ip.h> 171 #include <netinet/in_pcb.h> 172 #include <netinet/ip_var.h> 173 174 #ifdef INET6 175 #ifndef INET 176 #include <netinet/in.h> 177 #endif 178 #include <netinet/ip6.h> 179 #include <netinet6/in6_var.h> 180 #include <netinet6/ip6_var.h> 181 #include <netinet6/in6_pcb.h> 182 #include <netinet6/nd6.h> 183 #endif 184 185 #ifdef FAST_IPSEC 186 #include <netipsec/ipsec.h> 187 #include <netipsec/key.h> 188 #ifdef INET6 189 #include <netipsec/ipsec6.h> 190 #endif 191 #endif /* FAST_IPSEC*/ 192 #ifdef IPSEC 193 #include <netinet6/ipsec.h> 194 #endif 195 196 #include <netinet/tcp.h> 197 #define TCPOUTFLAGS 198 #include <netinet/tcp_fsm.h> 199 #include <netinet/tcp_seq.h> 200 #include <netinet/tcp_timer.h> 201 #include <netinet/tcp_var.h> 202 #include <netinet/tcp_private.h> 203 #include <netinet/tcp_congctl.h> 204 #include <netinet/tcpip.h> 205 #include <netinet/tcp_debug.h> 206 #include <netinet/in_offload.h> 207 #include <netinet6/in6_offload.h> 208 209 #ifdef IPSEC 210 #include <netkey/key.h> 211 #endif 212 213 #ifdef notyet 214 extern struct mbuf *m_copypack(); 215 #endif 216 217 /* 218 * Knob to enable Congestion Window Monitoring, and control 219 * the burst size it allows. Default burst is 4 packets, per 220 * the Internet draft. 221 */ 222 int tcp_cwm = 0; 223 int tcp_cwm_burstsize = 4; 224 225 int tcp_do_autosndbuf = 0; 226 int tcp_autosndbuf_inc = 8 * 1024; 227 int tcp_autosndbuf_max = 256 * 1024; 228 229 #ifdef TCP_OUTPUT_COUNTERS 230 #include <sys/device.h> 231 232 extern struct evcnt tcp_output_bigheader; 233 extern struct evcnt tcp_output_predict_hit; 234 extern struct evcnt tcp_output_predict_miss; 235 extern struct evcnt tcp_output_copysmall; 236 extern struct evcnt tcp_output_copybig; 237 extern struct evcnt tcp_output_refbig; 238 239 #define TCP_OUTPUT_COUNTER_INCR(ev) (ev)->ev_count++ 240 #else 241 242 #define TCP_OUTPUT_COUNTER_INCR(ev) /* nothing */ 243 244 #endif /* TCP_OUTPUT_COUNTERS */ 245 246 static 247 #ifndef GPROF 248 inline 249 #endif 250 int 251 tcp_segsize(struct tcpcb *tp, int *txsegsizep, int *rxsegsizep, 252 bool *alwaysfragp) 253 { 254 #ifdef INET 255 struct inpcb *inp = tp->t_inpcb; 256 #endif 257 #ifdef INET6 258 struct in6pcb *in6p = tp->t_in6pcb; 259 #endif 260 struct socket *so = NULL; 261 struct rtentry *rt; 262 struct ifnet *ifp; 263 int size; 264 int hdrlen; 265 int optlen; 266 267 *alwaysfragp = false; 268 269 #ifdef DIAGNOSTIC 270 if (tp->t_inpcb && tp->t_in6pcb) 271 panic("tcp_segsize: both t_inpcb and t_in6pcb are set"); 272 #endif 273 switch (tp->t_family) { 274 #ifdef INET 275 case AF_INET: 276 hdrlen = sizeof(struct ip) + sizeof(struct tcphdr); 277 break; 278 #endif 279 #ifdef INET6 280 case AF_INET6: 281 hdrlen = sizeof(struct ip6_hdr) + sizeof(struct tcphdr); 282 break; 283 #endif 284 default: 285 size = tcp_mssdflt; 286 goto out; 287 } 288 289 rt = NULL; 290 #ifdef INET 291 if (inp) { 292 rt = in_pcbrtentry(inp); 293 so = inp->inp_socket; 294 } 295 #endif 296 #ifdef INET6 297 if (in6p) { 298 rt = in6_pcbrtentry(in6p); 299 so = in6p->in6p_socket; 300 } 301 #endif 302 if (rt == NULL) { 303 size = tcp_mssdflt; 304 goto out; 305 } 306 307 ifp = rt->rt_ifp; 308 309 size = tcp_mssdflt; 310 if (tp->t_mtudisc && rt->rt_rmx.rmx_mtu != 0) { 311 #ifdef INET6 312 if (in6p && rt->rt_rmx.rmx_mtu < IPV6_MMTU) { 313 /* 314 * RFC2460 section 5, last paragraph: if path MTU is 315 * smaller than 1280, use 1280 as packet size and 316 * attach fragment header. 317 */ 318 size = IPV6_MMTU - hdrlen - sizeof(struct ip6_frag); 319 *alwaysfragp = true; 320 } else 321 size = rt->rt_rmx.rmx_mtu - hdrlen; 322 #else 323 size = rt->rt_rmx.rmx_mtu - hdrlen; 324 #endif 325 } else if (ifp->if_flags & IFF_LOOPBACK) 326 size = ifp->if_mtu - hdrlen; 327 #ifdef INET 328 else if (inp && tp->t_mtudisc) 329 size = ifp->if_mtu - hdrlen; 330 else if (inp && in_localaddr(inp->inp_faddr)) 331 size = ifp->if_mtu - hdrlen; 332 #endif 333 #ifdef INET6 334 else if (in6p) { 335 #ifdef INET 336 if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr)) { 337 /* mapped addr case */ 338 struct in_addr d; 339 bcopy(&in6p->in6p_faddr.s6_addr32[3], &d, sizeof(d)); 340 if (tp->t_mtudisc || in_localaddr(d)) 341 size = ifp->if_mtu - hdrlen; 342 } else 343 #endif 344 { 345 /* 346 * for IPv6, path MTU discovery is always turned on, 347 * or the node must use packet size <= 1280. 348 */ 349 size = tp->t_mtudisc ? IN6_LINKMTU(ifp) : IPV6_MMTU; 350 size -= hdrlen; 351 } 352 } 353 #endif 354 out: 355 /* 356 * Now we must make room for whatever extra TCP/IP options are in 357 * the packet. 358 */ 359 optlen = tcp_optlen(tp); 360 361 /* 362 * XXX tp->t_ourmss should have the right size, but without this code 363 * fragmentation will occur... need more investigation 364 */ 365 #ifdef INET 366 if (inp) { 367 #if defined(IPSEC) || defined(FAST_IPSEC) 368 if (! IPSEC_PCB_SKIP_IPSEC(inp->inp_sp, IPSEC_DIR_OUTBOUND)) 369 optlen += ipsec4_hdrsiz_tcp(tp); 370 #endif 371 optlen += ip_optlen(inp); 372 } 373 #endif 374 #ifdef INET6 375 #ifdef INET 376 if (in6p && tp->t_family == AF_INET) { 377 #if defined(IPSEC) || defined(FAST_IPSEC) 378 if (! IPSEC_PCB_SKIP_IPSEC(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) 379 optlen += ipsec4_hdrsiz_tcp(tp); 380 #endif 381 /* XXX size -= ip_optlen(in6p); */ 382 } else 383 #endif 384 if (in6p && tp->t_family == AF_INET6) { 385 #if defined(IPSEC) || defined(FAST_IPSEC) 386 if (! IPSEC_PCB_SKIP_IPSEC(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) 387 optlen += ipsec6_hdrsiz_tcp(tp); 388 #endif 389 optlen += ip6_optlen(in6p); 390 } 391 #endif 392 size -= optlen; 393 394 /* there may not be any room for data if mtu is too small */ 395 if (size < 0) 396 return (EMSGSIZE); 397 398 /* 399 * *rxsegsizep holds *estimated* inbound segment size (estimation 400 * assumes that path MTU is the same for both ways). this is only 401 * for silly window avoidance, do not use the value for other purposes. 402 * 403 * ipseclen is subtracted from both sides, this may not be right. 404 * I'm not quite sure about this (could someone comment). 405 */ 406 *txsegsizep = min(tp->t_peermss - optlen, size); 407 /* 408 * Never send more than half a buffer full. This insures that we can 409 * always keep 2 packets on the wire, no matter what SO_SNDBUF is, and 410 * therefore acks will never be delayed unless we run out of data to 411 * transmit. 412 */ 413 if (so) 414 *txsegsizep = min(so->so_snd.sb_hiwat >> 1, *txsegsizep); 415 *rxsegsizep = min(tp->t_ourmss - optlen, size); 416 417 if (*txsegsizep != tp->t_segsz) { 418 /* 419 * If the new segment size is larger, we don't want to 420 * mess up the congestion window, but if it is smaller 421 * we'll have to reduce the congestion window to ensure 422 * that we don't get into trouble with initial windows 423 * and the rest. In any case, if the segment size 424 * has changed, chances are the path has, too, and 425 * our congestion window will be different. 426 */ 427 if (*txsegsizep < tp->t_segsz) { 428 tp->snd_cwnd = max((tp->snd_cwnd / tp->t_segsz) 429 * *txsegsizep, *txsegsizep); 430 tp->snd_ssthresh = max((tp->snd_ssthresh / tp->t_segsz) 431 * *txsegsizep, *txsegsizep); 432 } 433 tp->t_segsz = *txsegsizep; 434 } 435 436 return (0); 437 } 438 439 static 440 #ifndef GPROF 441 inline 442 #endif 443 int 444 tcp_build_datapkt(struct tcpcb *tp, struct socket *so, int off, 445 long len, int hdrlen, struct mbuf **mp) 446 { 447 struct mbuf *m, *m0; 448 uint64_t *tcps; 449 450 tcps = TCP_STAT_GETREF(); 451 if (tp->t_force && len == 1) 452 tcps[TCP_STAT_SNDPROBE]++; 453 else if (SEQ_LT(tp->snd_nxt, tp->snd_max)) { 454 tcps[TCP_STAT_SNDREXMITPACK]++; 455 tcps[TCP_STAT_SNDREXMITBYTE] += len; 456 } else { 457 tcps[TCP_STAT_SNDPACK]++; 458 tcps[TCP_STAT_SNDBYTE] += len; 459 } 460 TCP_STAT_PUTREF(); 461 #ifdef notyet 462 if ((m = m_copypack(so->so_snd.sb_mb, off, 463 (int)len, max_linkhdr + hdrlen)) == 0) 464 return (ENOBUFS); 465 /* 466 * m_copypack left space for our hdr; use it. 467 */ 468 m->m_len += hdrlen; 469 m->m_data -= hdrlen; 470 #else 471 MGETHDR(m, M_DONTWAIT, MT_HEADER); 472 if (__predict_false(m == NULL)) 473 return (ENOBUFS); 474 MCLAIM(m, &tcp_tx_mowner); 475 476 /* 477 * XXX Because other code assumes headers will fit in 478 * XXX one header mbuf. 479 * 480 * (This code should almost *never* be run.) 481 */ 482 if (__predict_false((max_linkhdr + hdrlen) > MHLEN)) { 483 TCP_OUTPUT_COUNTER_INCR(&tcp_output_bigheader); 484 MCLGET(m, M_DONTWAIT); 485 if ((m->m_flags & M_EXT) == 0) { 486 m_freem(m); 487 return (ENOBUFS); 488 } 489 } 490 491 m->m_data += max_linkhdr; 492 m->m_len = hdrlen; 493 494 /* 495 * To avoid traversing the whole sb_mb chain for correct 496 * data to send, remember last sent mbuf, its offset and 497 * the sent size. When called the next time, see if the 498 * data to send is directly following the previous transfer. 499 * This is important for large TCP windows. 500 */ 501 if (off == 0 || tp->t_lastm == NULL || 502 (tp->t_lastoff + tp->t_lastlen) != off) { 503 TCP_OUTPUT_COUNTER_INCR(&tcp_output_predict_miss); 504 /* 505 * Either a new packet or a retransmit. 506 * Start from the beginning. 507 */ 508 tp->t_lastm = so->so_snd.sb_mb; 509 tp->t_inoff = off; 510 } else { 511 TCP_OUTPUT_COUNTER_INCR(&tcp_output_predict_hit); 512 tp->t_inoff += tp->t_lastlen; 513 } 514 515 /* Traverse forward to next packet */ 516 while (tp->t_inoff > 0) { 517 if (tp->t_lastm == NULL) 518 panic("tp->t_lastm == NULL"); 519 if (tp->t_inoff < tp->t_lastm->m_len) 520 break; 521 tp->t_inoff -= tp->t_lastm->m_len; 522 tp->t_lastm = tp->t_lastm->m_next; 523 } 524 525 tp->t_lastoff = off; 526 tp->t_lastlen = len; 527 m0 = tp->t_lastm; 528 off = tp->t_inoff; 529 530 if (len <= M_TRAILINGSPACE(m)) { 531 m_copydata(m0, off, (int) len, mtod(m, char *) + hdrlen); 532 m->m_len += len; 533 TCP_OUTPUT_COUNTER_INCR(&tcp_output_copysmall); 534 } else { 535 m->m_next = m_copym(m0, off, (int) len, M_DONTWAIT); 536 if (m->m_next == NULL) { 537 m_freem(m); 538 return (ENOBUFS); 539 } 540 #ifdef TCP_OUTPUT_COUNTERS 541 if (m->m_next->m_flags & M_EXT) 542 TCP_OUTPUT_COUNTER_INCR(&tcp_output_refbig); 543 else 544 TCP_OUTPUT_COUNTER_INCR(&tcp_output_copybig); 545 #endif /* TCP_OUTPUT_COUNTERS */ 546 } 547 #endif 548 549 *mp = m; 550 return (0); 551 } 552 553 /* 554 * Tcp output routine: figure out what should be sent and send it. 555 */ 556 int 557 tcp_output(struct tcpcb *tp) 558 { 559 struct rtentry *rt; 560 struct socket *so; 561 struct route *ro; 562 long len, win; 563 int off, flags, error; 564 struct mbuf *m; 565 struct ip *ip; 566 #ifdef INET6 567 struct ip6_hdr *ip6; 568 #endif 569 struct tcphdr *th; 570 u_char opt[MAX_TCPOPTLEN]; 571 unsigned optlen, hdrlen, packetlen; 572 unsigned int sack_numblks; 573 int idle, sendalot, txsegsize, rxsegsize; 574 int txsegsize_nosack; 575 int maxburst = TCP_MAXBURST; 576 int af; /* address family on the wire */ 577 int iphdrlen; 578 int has_tso4, has_tso6; 579 int has_tso, use_tso; 580 bool alwaysfrag; 581 int sack_rxmit; 582 int sack_bytes_rxmt; 583 struct sackhole *p; 584 #ifdef TCP_SIGNATURE 585 int sigoff = 0; 586 #endif 587 uint64_t *tcps; 588 589 #ifdef DIAGNOSTIC 590 if (tp->t_inpcb && tp->t_in6pcb) 591 panic("tcp_output: both t_inpcb and t_in6pcb are set"); 592 #endif 593 so = NULL; 594 ro = NULL; 595 if (tp->t_inpcb) { 596 so = tp->t_inpcb->inp_socket; 597 ro = &tp->t_inpcb->inp_route; 598 } 599 #ifdef INET6 600 else if (tp->t_in6pcb) { 601 so = tp->t_in6pcb->in6p_socket; 602 ro = &tp->t_in6pcb->in6p_route; 603 } 604 #endif 605 606 switch (af = tp->t_family) { 607 #ifdef INET 608 case AF_INET: 609 if (tp->t_inpcb) 610 break; 611 #ifdef INET6 612 /* mapped addr case */ 613 if (tp->t_in6pcb) 614 break; 615 #endif 616 return (EINVAL); 617 #endif 618 #ifdef INET6 619 case AF_INET6: 620 if (tp->t_in6pcb) 621 break; 622 return (EINVAL); 623 #endif 624 default: 625 return (EAFNOSUPPORT); 626 } 627 628 if (tcp_segsize(tp, &txsegsize, &rxsegsize, &alwaysfrag)) 629 return (EMSGSIZE); 630 631 idle = (tp->snd_max == tp->snd_una); 632 633 /* 634 * Determine if we can use TCP segmentation offload: 635 * - If we're using IPv4 636 * - If there is not an IPsec policy that prevents it 637 * - If the interface can do it 638 */ 639 has_tso4 = has_tso6 = false; 640 #if defined(INET) 641 has_tso4 = tp->t_inpcb != NULL && 642 #if defined(IPSEC) || defined(FAST_IPSEC) 643 IPSEC_PCB_SKIP_IPSEC(tp->t_inpcb->inp_sp, 644 IPSEC_DIR_OUTBOUND) && 645 #endif 646 (rt = rtcache_validate(&tp->t_inpcb->inp_route)) != NULL && 647 (rt->rt_ifp->if_capenable & IFCAP_TSOv4) != 0; 648 #endif /* defined(INET) */ 649 #if defined(INET6) 650 has_tso6 = tp->t_in6pcb != NULL && 651 #if defined(IPSEC) || defined(FAST_IPSEC) 652 IPSEC_PCB_SKIP_IPSEC(tp->t_in6pcb->in6p_sp, 653 IPSEC_DIR_OUTBOUND) && 654 #endif 655 (rt = rtcache_validate(&tp->t_in6pcb->in6p_route)) != NULL && 656 (rt->rt_ifp->if_capenable & IFCAP_TSOv6) != 0; 657 #endif /* defined(INET6) */ 658 has_tso = (has_tso4 || has_tso6) && !alwaysfrag; 659 660 /* 661 * Restart Window computation. From draft-floyd-incr-init-win-03: 662 * 663 * Optionally, a TCP MAY set the restart window to the 664 * minimum of the value used for the initial window and 665 * the current value of cwnd (in other words, using a 666 * larger value for the restart window should never increase 667 * the size of cwnd). 668 */ 669 if (tcp_cwm) { 670 /* 671 * Hughes/Touch/Heidemann Congestion Window Monitoring. 672 * Count the number of packets currently pending 673 * acknowledgement, and limit our congestion window 674 * to a pre-determined allowed burst size plus that count. 675 * This prevents bursting once all pending packets have 676 * been acknowledged (i.e. transmission is idle). 677 * 678 * XXX Link this to Initial Window? 679 */ 680 tp->snd_cwnd = min(tp->snd_cwnd, 681 (tcp_cwm_burstsize * txsegsize) + 682 (tp->snd_nxt - tp->snd_una)); 683 } else { 684 if (idle && (tcp_now - tp->t_rcvtime) >= tp->t_rxtcur) { 685 /* 686 * We have been idle for "a while" and no acks are 687 * expected to clock out any data we send -- 688 * slow start to get ack "clock" running again. 689 */ 690 int ss = tcp_init_win; 691 #ifdef INET 692 if (tp->t_inpcb && 693 in_localaddr(tp->t_inpcb->inp_faddr)) 694 ss = tcp_init_win_local; 695 #endif 696 #ifdef INET6 697 if (tp->t_in6pcb && 698 in6_localaddr(&tp->t_in6pcb->in6p_faddr)) 699 ss = tcp_init_win_local; 700 #endif 701 tp->snd_cwnd = min(tp->snd_cwnd, 702 TCP_INITIAL_WINDOW(ss, txsegsize)); 703 } 704 } 705 706 txsegsize_nosack = txsegsize; 707 again: 708 use_tso = has_tso; 709 if ((tp->t_flags & (TF_ECN_SND_CWR|TF_ECN_SND_ECE)) != 0) { 710 /* don't duplicate CWR/ECE. */ 711 use_tso = 0; 712 } 713 TCP_REASS_LOCK(tp); 714 sack_numblks = tcp_sack_numblks(tp); 715 if (sack_numblks) { 716 int sackoptlen; 717 718 sackoptlen = TCP_SACK_OPTLEN(sack_numblks); 719 if (sackoptlen > txsegsize_nosack) { 720 sack_numblks = 0; /* give up SACK */ 721 txsegsize = txsegsize_nosack; 722 } else { 723 if ((tp->rcv_sack_flags & TCPSACK_HAVED) != 0) { 724 /* don't duplicate D-SACK. */ 725 use_tso = 0; 726 } 727 txsegsize = txsegsize_nosack - sackoptlen; 728 } 729 } else { 730 txsegsize = txsegsize_nosack; 731 } 732 733 /* 734 * Determine length of data that should be transmitted, and 735 * flags that should be used. If there is some data or critical 736 * controls (SYN, RST) to send, then transmit; otherwise, 737 * investigate further. 738 * 739 * Readjust SACK information to avoid resending duplicate data. 740 */ 741 if (TCP_SACK_ENABLED(tp) && SEQ_LT(tp->snd_nxt, tp->snd_max)) 742 tcp_sack_adjust(tp); 743 sendalot = 0; 744 off = tp->snd_nxt - tp->snd_una; 745 win = min(tp->snd_wnd, tp->snd_cwnd); 746 747 flags = tcp_outflags[tp->t_state]; 748 749 /* 750 * Send any SACK-generated retransmissions. If we're explicitly trying 751 * to send out new data (when sendalot is 1), bypass this function. 752 * If we retransmit in fast recovery mode, decrement snd_cwnd, since 753 * we're replacing a (future) new transmission with a retransmission 754 * now, and we previously incremented snd_cwnd in tcp_input(). 755 */ 756 /* 757 * Still in sack recovery , reset rxmit flag to zero. 758 */ 759 sack_rxmit = 0; 760 sack_bytes_rxmt = 0; 761 len = 0; 762 p = NULL; 763 do { 764 long cwin; 765 if (!TCP_SACK_ENABLED(tp)) 766 break; 767 if (tp->t_partialacks < 0) 768 break; 769 p = tcp_sack_output(tp, &sack_bytes_rxmt); 770 if (p == NULL) 771 break; 772 773 cwin = min(tp->snd_wnd, tp->snd_cwnd) - sack_bytes_rxmt; 774 if (cwin < 0) 775 cwin = 0; 776 /* Do not retransmit SACK segments beyond snd_recover */ 777 if (SEQ_GT(p->end, tp->snd_recover)) { 778 /* 779 * (At least) part of sack hole extends beyond 780 * snd_recover. Check to see if we can rexmit data 781 * for this hole. 782 */ 783 if (SEQ_GEQ(p->rxmit, tp->snd_recover)) { 784 /* 785 * Can't rexmit any more data for this hole. 786 * That data will be rexmitted in the next 787 * sack recovery episode, when snd_recover 788 * moves past p->rxmit. 789 */ 790 p = NULL; 791 break; 792 } 793 /* Can rexmit part of the current hole */ 794 len = ((long)ulmin(cwin, tp->snd_recover - p->rxmit)); 795 } else 796 len = ((long)ulmin(cwin, p->end - p->rxmit)); 797 off = p->rxmit - tp->snd_una; 798 if (off + len > so->so_snd.sb_cc) { 799 /* 1 for TH_FIN */ 800 KASSERT(off + len == so->so_snd.sb_cc + 1); 801 KASSERT(p->rxmit + len == tp->snd_max); 802 len = so->so_snd.sb_cc - off; 803 } 804 if (len > 0) { 805 sack_rxmit = 1; 806 sendalot = 1; 807 } 808 } while (/*CONSTCOND*/0); 809 810 /* 811 * If in persist timeout with window of 0, send 1 byte. 812 * Otherwise, if window is small but nonzero 813 * and timer expired, we will send what we can 814 * and go to transmit state. 815 */ 816 if (tp->t_force) { 817 if (win == 0) { 818 /* 819 * If we still have some data to send, then 820 * clear the FIN bit. Usually this would 821 * happen below when it realizes that we 822 * aren't sending all the data. However, 823 * if we have exactly 1 byte of unset data, 824 * then it won't clear the FIN bit below, 825 * and if we are in persist state, we wind 826 * up sending the packet without recording 827 * that we sent the FIN bit. 828 * 829 * We can't just blindly clear the FIN bit, 830 * because if we don't have any more data 831 * to send then the probe will be the FIN 832 * itself. 833 */ 834 if (off < so->so_snd.sb_cc) 835 flags &= ~TH_FIN; 836 win = 1; 837 } else { 838 TCP_TIMER_DISARM(tp, TCPT_PERSIST); 839 tp->t_rxtshift = 0; 840 } 841 } 842 843 if (sack_rxmit == 0) { 844 if (TCP_SACK_ENABLED(tp) && tp->t_partialacks >= 0) { 845 long cwin; 846 847 /* 848 * We are inside of a SACK recovery episode and are 849 * sending new data, having retransmitted all the 850 * data possible in the scoreboard. 851 */ 852 if (tp->snd_wnd < so->so_snd.sb_cc) { 853 len = tp->snd_wnd - off; 854 flags &= ~TH_FIN; 855 } else { 856 len = so->so_snd.sb_cc - off; 857 } 858 859 /* 860 * From FreeBSD: 861 * Don't remove this (len > 0) check ! 862 * We explicitly check for len > 0 here (although it 863 * isn't really necessary), to work around a gcc 864 * optimization issue - to force gcc to compute 865 * len above. Without this check, the computation 866 * of len is bungled by the optimizer. 867 */ 868 if (len > 0) { 869 cwin = tp->snd_cwnd - 870 (tp->snd_nxt - tp->sack_newdata) - 871 sack_bytes_rxmt; 872 if (cwin < 0) 873 cwin = 0; 874 if (cwin < len) { 875 len = cwin; 876 flags &= ~TH_FIN; 877 } 878 } 879 } else if (win < so->so_snd.sb_cc) { 880 len = win - off; 881 flags &= ~TH_FIN; 882 } else { 883 len = so->so_snd.sb_cc - off; 884 } 885 } 886 887 if (len < 0) { 888 /* 889 * If FIN has been sent but not acked, 890 * but we haven't been called to retransmit, 891 * len will be -1. Otherwise, window shrank 892 * after we sent into it. If window shrank to 0, 893 * cancel pending retransmit, pull snd_nxt back 894 * to (closed) window, and set the persist timer 895 * if it isn't already going. If the window didn't 896 * close completely, just wait for an ACK. 897 * 898 * If we have a pending FIN, either it has already been 899 * transmitted or it is outside the window, so drop it. 900 * If the FIN has been transmitted, but this is not a 901 * retransmission, then len must be -1. Therefore we also 902 * prevent here the sending of `gratuitous FINs'. This 903 * eliminates the need to check for that case below (e.g. 904 * to back up snd_nxt before the FIN so that the sequence 905 * number is correct). 906 */ 907 len = 0; 908 flags &= ~TH_FIN; 909 if (win == 0) { 910 TCP_TIMER_DISARM(tp, TCPT_REXMT); 911 tp->t_rxtshift = 0; 912 tp->snd_nxt = tp->snd_una; 913 if (TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) 914 tcp_setpersist(tp); 915 } 916 } 917 918 /* 919 * Automatic sizing enables the performance of large buffers 920 * and most of the efficiency of small ones by only allocating 921 * space when it is needed. 922 * 923 * The criteria to step up the send buffer one notch are: 924 * 1. receive window of remote host is larger than send buffer 925 * (with a fudge factor of 5/4th); 926 * 2. send buffer is filled to 7/8th with data (so we actually 927 * have data to make use of it); 928 * 3. send buffer fill has not hit maximal automatic size; 929 * 4. our send window (slow start and cogestion controlled) is 930 * larger than sent but unacknowledged data in send buffer. 931 * 932 * The remote host receive window scaling factor may limit the 933 * growing of the send buffer before it reaches its allowed 934 * maximum. 935 * 936 * It scales directly with slow start or congestion window 937 * and does at most one step per received ACK. This fast 938 * scaling has the drawback of growing the send buffer beyond 939 * what is strictly necessary to make full use of a given 940 * delay*bandwith product. However testing has shown this not 941 * to be much of an problem. At worst we are trading wasting 942 * of available bandwith (the non-use of it) for wasting some 943 * socket buffer memory. 944 * 945 * TODO: Shrink send buffer during idle periods together 946 * with congestion window. Requires another timer. 947 */ 948 if (tcp_do_autosndbuf && so->so_snd.sb_flags & SB_AUTOSIZE) { 949 if ((tp->snd_wnd / 4 * 5) >= so->so_snd.sb_hiwat && 950 so->so_snd.sb_cc >= (so->so_snd.sb_hiwat / 8 * 7) && 951 so->so_snd.sb_cc < tcp_autosndbuf_max && 952 win >= (so->so_snd.sb_cc - (tp->snd_nxt - tp->snd_una))) { 953 if (!sbreserve(&so->so_snd, 954 min(so->so_snd.sb_hiwat + tcp_autosndbuf_inc, 955 tcp_autosndbuf_max), so)) 956 so->so_snd.sb_flags &= ~SB_AUTOSIZE; 957 } 958 } 959 960 if (len > txsegsize) { 961 if (use_tso) { 962 /* 963 * Truncate TSO transfers to IP_MAXPACKET, and make 964 * sure that we send equal size transfers down the 965 * stack (rather than big-small-big-small-...). 966 */ 967 #ifdef INET6 968 #if IPV6_MAXPACKET != IP_MAXPACKET 969 #error IPV6_MAXPACKET != IP_MAXPACKET 970 #endif 971 #endif 972 len = (min(len, IP_MAXPACKET) / txsegsize) * txsegsize; 973 if (len <= txsegsize) { 974 use_tso = 0; 975 } 976 } else 977 len = txsegsize; 978 flags &= ~TH_FIN; 979 sendalot = 1; 980 } else 981 use_tso = 0; 982 if (sack_rxmit) { 983 if (SEQ_LT(p->rxmit + len, tp->snd_una + so->so_snd.sb_cc)) 984 flags &= ~TH_FIN; 985 } 986 987 win = sbspace(&so->so_rcv); 988 989 /* 990 * Sender silly window avoidance. If connection is idle 991 * and can send all data, a maximum segment, 992 * at least a maximum default-size segment do it, 993 * or are forced, do it; otherwise don't bother. 994 * If peer's buffer is tiny, then send 995 * when window is at least half open. 996 * If retransmitting (possibly after persist timer forced us 997 * to send into a small window), then must resend. 998 */ 999 if (len) { 1000 if (len >= txsegsize) 1001 goto send; 1002 if ((so->so_state & SS_MORETOCOME) == 0 && 1003 ((idle || tp->t_flags & TF_NODELAY) && 1004 len + off >= so->so_snd.sb_cc)) 1005 goto send; 1006 if (tp->t_force) 1007 goto send; 1008 if (len >= tp->max_sndwnd / 2) 1009 goto send; 1010 if (SEQ_LT(tp->snd_nxt, tp->snd_max)) 1011 goto send; 1012 if (sack_rxmit) 1013 goto send; 1014 } 1015 1016 /* 1017 * Compare available window to amount of window known to peer 1018 * (as advertised window less next expected input). If the 1019 * difference is at least twice the size of the largest segment 1020 * we expect to receive (i.e. two segments) or at least 50% of 1021 * the maximum possible window, then want to send a window update 1022 * to peer. 1023 */ 1024 if (win > 0) { 1025 /* 1026 * "adv" is the amount we can increase the window, 1027 * taking into account that we are limited by 1028 * TCP_MAXWIN << tp->rcv_scale. 1029 */ 1030 long adv = min(win, (long)TCP_MAXWIN << tp->rcv_scale) - 1031 (tp->rcv_adv - tp->rcv_nxt); 1032 1033 if (adv >= (long) (2 * rxsegsize)) 1034 goto send; 1035 if (2 * adv >= (long) so->so_rcv.sb_hiwat) 1036 goto send; 1037 } 1038 1039 /* 1040 * Send if we owe peer an ACK. 1041 */ 1042 if (tp->t_flags & TF_ACKNOW) 1043 goto send; 1044 if (flags & (TH_SYN|TH_FIN|TH_RST)) 1045 goto send; 1046 if (SEQ_GT(tp->snd_up, tp->snd_una)) 1047 goto send; 1048 /* 1049 * In SACK, it is possible for tcp_output to fail to send a segment 1050 * after the retransmission timer has been turned off. Make sure 1051 * that the retransmission timer is set. 1052 */ 1053 if (TCP_SACK_ENABLED(tp) && SEQ_GT(tp->snd_max, tp->snd_una) && 1054 !TCP_TIMER_ISARMED(tp, TCPT_REXMT) && 1055 !TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) { 1056 TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur); 1057 goto just_return; 1058 } 1059 1060 /* 1061 * TCP window updates are not reliable, rather a polling protocol 1062 * using ``persist'' packets is used to insure receipt of window 1063 * updates. The three ``states'' for the output side are: 1064 * idle not doing retransmits or persists 1065 * persisting to move a small or zero window 1066 * (re)transmitting and thereby not persisting 1067 * 1068 * tp->t_timer[TCPT_PERSIST] 1069 * is set when we are in persist state. 1070 * tp->t_force 1071 * is set when we are called to send a persist packet. 1072 * tp->t_timer[TCPT_REXMT] 1073 * is set when we are retransmitting 1074 * The output side is idle when both timers are zero. 1075 * 1076 * If send window is too small, there is data to transmit, and no 1077 * retransmit or persist is pending, then go to persist state. 1078 * If nothing happens soon, send when timer expires: 1079 * if window is nonzero, transmit what we can, 1080 * otherwise force out a byte. 1081 */ 1082 if (so->so_snd.sb_cc && TCP_TIMER_ISARMED(tp, TCPT_REXMT) == 0 && 1083 TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) { 1084 tp->t_rxtshift = 0; 1085 tcp_setpersist(tp); 1086 } 1087 1088 /* 1089 * No reason to send a segment, just return. 1090 */ 1091 just_return: 1092 TCP_REASS_UNLOCK(tp); 1093 return (0); 1094 1095 send: 1096 /* 1097 * Before ESTABLISHED, force sending of initial options 1098 * unless TCP set not to do any options. 1099 * NOTE: we assume that the IP/TCP header plus TCP options 1100 * always fit in a single mbuf, leaving room for a maximum 1101 * link header, i.e. 1102 * max_linkhdr + sizeof (struct tcpiphdr) + optlen <= MCLBYTES 1103 */ 1104 optlen = 0; 1105 switch (af) { 1106 #ifdef INET 1107 case AF_INET: 1108 iphdrlen = sizeof(struct ip) + sizeof(struct tcphdr); 1109 break; 1110 #endif 1111 #ifdef INET6 1112 case AF_INET6: 1113 iphdrlen = sizeof(struct ip6_hdr) + sizeof(struct tcphdr); 1114 break; 1115 #endif 1116 default: /*pacify gcc*/ 1117 iphdrlen = 0; 1118 break; 1119 } 1120 hdrlen = iphdrlen; 1121 if (flags & TH_SYN) { 1122 struct rtentry *synrt; 1123 1124 synrt = NULL; 1125 #ifdef INET 1126 if (tp->t_inpcb) 1127 synrt = in_pcbrtentry(tp->t_inpcb); 1128 #endif 1129 #ifdef INET6 1130 if (tp->t_in6pcb) 1131 synrt = in6_pcbrtentry(tp->t_in6pcb); 1132 #endif 1133 1134 tp->snd_nxt = tp->iss; 1135 tp->t_ourmss = tcp_mss_to_advertise(synrt != NULL ? 1136 synrt->rt_ifp : NULL, af); 1137 if ((tp->t_flags & TF_NOOPT) == 0) { 1138 opt[0] = TCPOPT_MAXSEG; 1139 opt[1] = 4; 1140 opt[2] = (tp->t_ourmss >> 8) & 0xff; 1141 opt[3] = tp->t_ourmss & 0xff; 1142 optlen = 4; 1143 1144 if ((tp->t_flags & TF_REQ_SCALE) && 1145 ((flags & TH_ACK) == 0 || 1146 (tp->t_flags & TF_RCVD_SCALE))) { 1147 *((u_int32_t *) (opt + optlen)) = htonl( 1148 TCPOPT_NOP << 24 | 1149 TCPOPT_WINDOW << 16 | 1150 TCPOLEN_WINDOW << 8 | 1151 tp->request_r_scale); 1152 optlen += 4; 1153 } 1154 if (tcp_do_sack) { 1155 u_int8_t *cp = (u_int8_t *)(opt + optlen); 1156 1157 cp[0] = TCPOPT_SACK_PERMITTED; 1158 cp[1] = 2; 1159 cp[2] = TCPOPT_NOP; 1160 cp[3] = TCPOPT_NOP; 1161 optlen += 4; 1162 } 1163 } 1164 } 1165 1166 /* 1167 * Send a timestamp and echo-reply if this is a SYN and our side 1168 * wants to use timestamps (TF_REQ_TSTMP is set) or both our side 1169 * and our peer have sent timestamps in our SYN's. 1170 */ 1171 if ((tp->t_flags & (TF_REQ_TSTMP|TF_NOOPT)) == TF_REQ_TSTMP && 1172 (flags & TH_RST) == 0 && 1173 ((flags & (TH_SYN|TH_ACK)) == TH_SYN || 1174 (tp->t_flags & TF_RCVD_TSTMP))) { 1175 u_int32_t *lp = (u_int32_t *)(opt + optlen); 1176 1177 /* Form timestamp option as shown in appendix A of RFC 1323. */ 1178 *lp++ = htonl(TCPOPT_TSTAMP_HDR); 1179 *lp++ = htonl(TCP_TIMESTAMP(tp)); 1180 *lp = htonl(tp->ts_recent); 1181 optlen += TCPOLEN_TSTAMP_APPA; 1182 1183 /* Set receive buffer autosizing timestamp. */ 1184 if (tp->rfbuf_ts == 0 && (so->so_rcv.sb_flags & SB_AUTOSIZE)) 1185 tp->rfbuf_ts = TCP_TIMESTAMP(tp); 1186 } 1187 1188 /* 1189 * Tack on the SACK block if it is necessary. 1190 */ 1191 if (sack_numblks) { 1192 int sack_len; 1193 u_char *bp = (u_char *)(opt + optlen); 1194 u_int32_t *lp = (u_int32_t *)(bp + 4); 1195 struct ipqent *tiqe; 1196 1197 sack_len = sack_numblks * 8 + 2; 1198 bp[0] = TCPOPT_NOP; 1199 bp[1] = TCPOPT_NOP; 1200 bp[2] = TCPOPT_SACK; 1201 bp[3] = sack_len; 1202 if ((tp->rcv_sack_flags & TCPSACK_HAVED) != 0) { 1203 sack_numblks--; 1204 *lp++ = htonl(tp->rcv_dsack_block.left); 1205 *lp++ = htonl(tp->rcv_dsack_block.right); 1206 tp->rcv_sack_flags &= ~TCPSACK_HAVED; 1207 } 1208 for (tiqe = TAILQ_FIRST(&tp->timeq); 1209 sack_numblks > 0; tiqe = TAILQ_NEXT(tiqe, ipqe_timeq)) { 1210 KASSERT(tiqe != NULL); 1211 sack_numblks--; 1212 *lp++ = htonl(tiqe->ipqe_seq); 1213 *lp++ = htonl(tiqe->ipqe_seq + tiqe->ipqe_len + 1214 ((tiqe->ipqe_flags & TH_FIN) != 0 ? 1 : 0)); 1215 } 1216 optlen += sack_len + 2; 1217 } 1218 TCP_REASS_UNLOCK(tp); 1219 1220 #ifdef TCP_SIGNATURE 1221 if (tp->t_flags & TF_SIGNATURE) { 1222 u_char *bp; 1223 /* 1224 * Initialize TCP-MD5 option (RFC2385) 1225 */ 1226 bp = (u_char *)opt + optlen; 1227 *bp++ = TCPOPT_SIGNATURE; 1228 *bp++ = TCPOLEN_SIGNATURE; 1229 sigoff = optlen + 2; 1230 bzero(bp, TCP_SIGLEN); 1231 bp += TCP_SIGLEN; 1232 optlen += TCPOLEN_SIGNATURE; 1233 /* 1234 * Terminate options list and maintain 32-bit alignment. 1235 */ 1236 *bp++ = TCPOPT_NOP; 1237 *bp++ = TCPOPT_EOL; 1238 optlen += 2; 1239 } 1240 #endif /* TCP_SIGNATURE */ 1241 1242 hdrlen += optlen; 1243 1244 #ifdef DIAGNOSTIC 1245 if (!use_tso && len > txsegsize) 1246 panic("tcp data to be sent is larger than segment"); 1247 else if (use_tso && len > IP_MAXPACKET) 1248 panic("tcp data to be sent is larger than max TSO size"); 1249 if (max_linkhdr + hdrlen > MCLBYTES) 1250 panic("tcphdr too big"); 1251 #endif 1252 1253 /* 1254 * Grab a header mbuf, attaching a copy of data to 1255 * be transmitted, and initialize the header from 1256 * the template for sends on this connection. 1257 */ 1258 if (len) { 1259 error = tcp_build_datapkt(tp, so, off, len, hdrlen, &m); 1260 if (error) 1261 goto out; 1262 /* 1263 * If we're sending everything we've got, set PUSH. 1264 * (This will keep happy those implementations which only 1265 * give data to the user when a buffer fills or 1266 * a PUSH comes in.) 1267 */ 1268 if (off + len == so->so_snd.sb_cc) 1269 flags |= TH_PUSH; 1270 } else { 1271 tcps = TCP_STAT_GETREF(); 1272 if (tp->t_flags & TF_ACKNOW) 1273 tcps[TCP_STAT_SNDACKS]++; 1274 else if (flags & (TH_SYN|TH_FIN|TH_RST)) 1275 tcps[TCP_STAT_SNDCTRL]++; 1276 else if (SEQ_GT(tp->snd_up, tp->snd_una)) 1277 tcps[TCP_STAT_SNDURG]++; 1278 else 1279 tcps[TCP_STAT_SNDWINUP]++; 1280 TCP_STAT_PUTREF(); 1281 1282 MGETHDR(m, M_DONTWAIT, MT_HEADER); 1283 if (m != NULL && max_linkhdr + hdrlen > MHLEN) { 1284 MCLGET(m, M_DONTWAIT); 1285 if ((m->m_flags & M_EXT) == 0) { 1286 m_freem(m); 1287 m = NULL; 1288 } 1289 } 1290 if (m == NULL) { 1291 error = ENOBUFS; 1292 goto out; 1293 } 1294 MCLAIM(m, &tcp_tx_mowner); 1295 m->m_data += max_linkhdr; 1296 m->m_len = hdrlen; 1297 } 1298 m->m_pkthdr.rcvif = (struct ifnet *)0; 1299 switch (af) { 1300 #ifdef INET 1301 case AF_INET: 1302 ip = mtod(m, struct ip *); 1303 #ifdef INET6 1304 ip6 = NULL; 1305 #endif 1306 th = (struct tcphdr *)(ip + 1); 1307 break; 1308 #endif 1309 #ifdef INET6 1310 case AF_INET6: 1311 ip = NULL; 1312 ip6 = mtod(m, struct ip6_hdr *); 1313 th = (struct tcphdr *)(ip6 + 1); 1314 break; 1315 #endif 1316 default: /*pacify gcc*/ 1317 ip = NULL; 1318 #ifdef INET6 1319 ip6 = NULL; 1320 #endif 1321 th = NULL; 1322 break; 1323 } 1324 if (tp->t_template == 0) 1325 panic("tcp_output"); 1326 if (tp->t_template->m_len < iphdrlen) 1327 panic("tcp_output"); 1328 bcopy(mtod(tp->t_template, void *), mtod(m, void *), iphdrlen); 1329 1330 /* 1331 * If we are starting a connection, send ECN setup 1332 * SYN packet. If we are on a retransmit, we may 1333 * resend those bits a number of times as per 1334 * RFC 3168. 1335 */ 1336 if (tp->t_state == TCPS_SYN_SENT && tcp_do_ecn) { 1337 if (tp->t_flags & TF_SYN_REXMT) { 1338 if (tp->t_ecn_retries--) 1339 flags |= TH_ECE|TH_CWR; 1340 } else { 1341 flags |= TH_ECE|TH_CWR; 1342 tp->t_ecn_retries = tcp_ecn_maxretries; 1343 } 1344 } 1345 1346 if (TCP_ECN_ALLOWED(tp)) { 1347 /* 1348 * If the peer has ECN, mark data packets 1349 * ECN capable. Ignore pure ack packets, retransmissions 1350 * and window probes. 1351 */ 1352 if (len > 0 && SEQ_GEQ(tp->snd_nxt, tp->snd_max) && 1353 !(tp->t_force && len == 1)) { 1354 switch (af) { 1355 #ifdef INET 1356 case AF_INET: 1357 tp->t_inpcb->inp_ip.ip_tos |= IPTOS_ECN_ECT0; 1358 break; 1359 #endif 1360 #ifdef INET6 1361 case AF_INET6: 1362 ip6->ip6_flow |= htonl(IPTOS_ECN_ECT0 << 20); 1363 break; 1364 #endif 1365 } 1366 TCP_STATINC(TCP_STAT_ECN_ECT); 1367 } 1368 1369 /* 1370 * Reply with proper ECN notifications. 1371 */ 1372 if (tp->t_flags & TF_ECN_SND_CWR) { 1373 flags |= TH_CWR; 1374 tp->t_flags &= ~TF_ECN_SND_CWR; 1375 } 1376 if (tp->t_flags & TF_ECN_SND_ECE) { 1377 flags |= TH_ECE; 1378 } 1379 } 1380 1381 1382 /* 1383 * If we are doing retransmissions, then snd_nxt will 1384 * not reflect the first unsent octet. For ACK only 1385 * packets, we do not want the sequence number of the 1386 * retransmitted packet, we want the sequence number 1387 * of the next unsent octet. So, if there is no data 1388 * (and no SYN or FIN), use snd_max instead of snd_nxt 1389 * when filling in ti_seq. But if we are in persist 1390 * state, snd_max might reflect one byte beyond the 1391 * right edge of the window, so use snd_nxt in that 1392 * case, since we know we aren't doing a retransmission. 1393 * (retransmit and persist are mutually exclusive...) 1394 */ 1395 if (TCP_SACK_ENABLED(tp) && sack_rxmit) { 1396 th->th_seq = htonl(p->rxmit); 1397 p->rxmit += len; 1398 } else { 1399 if (len || (flags & (TH_SYN|TH_FIN)) || 1400 TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) 1401 th->th_seq = htonl(tp->snd_nxt); 1402 else 1403 th->th_seq = htonl(tp->snd_max); 1404 } 1405 th->th_ack = htonl(tp->rcv_nxt); 1406 if (optlen) { 1407 bcopy((void *)opt, (void *)(th + 1), optlen); 1408 th->th_off = (sizeof (struct tcphdr) + optlen) >> 2; 1409 } 1410 th->th_flags = flags; 1411 /* 1412 * Calculate receive window. Don't shrink window, 1413 * but avoid silly window syndrome. 1414 */ 1415 if (win < (long)(so->so_rcv.sb_hiwat / 4) && win < (long)rxsegsize) 1416 win = 0; 1417 if (win > (long)TCP_MAXWIN << tp->rcv_scale) 1418 win = (long)TCP_MAXWIN << tp->rcv_scale; 1419 if (win < (long)(int32_t)(tp->rcv_adv - tp->rcv_nxt)) 1420 win = (long)(int32_t)(tp->rcv_adv - tp->rcv_nxt); 1421 th->th_win = htons((u_int16_t) (win>>tp->rcv_scale)); 1422 if (SEQ_GT(tp->snd_up, tp->snd_nxt)) { 1423 u_int32_t urp = tp->snd_up - tp->snd_nxt; 1424 if (urp > IP_MAXPACKET) 1425 urp = IP_MAXPACKET; 1426 th->th_urp = htons((u_int16_t)urp); 1427 th->th_flags |= TH_URG; 1428 } else 1429 /* 1430 * If no urgent pointer to send, then we pull 1431 * the urgent pointer to the left edge of the send window 1432 * so that it doesn't drift into the send window on sequence 1433 * number wraparound. 1434 */ 1435 tp->snd_up = tp->snd_una; /* drag it along */ 1436 1437 #ifdef TCP_SIGNATURE 1438 if (sigoff && (tp->t_flags & TF_SIGNATURE)) { 1439 struct secasvar *sav; 1440 u_int8_t *sigp; 1441 1442 sav = tcp_signature_getsav(m, th); 1443 1444 if (sav == NULL) { 1445 if (m) 1446 m_freem(m); 1447 return (EPERM); 1448 } 1449 1450 m->m_pkthdr.len = hdrlen + len; 1451 sigp = (char *)th + sizeof(*th) + sigoff; 1452 tcp_signature(m, th, (char *)th - mtod(m, char *), sav, sigp); 1453 1454 key_sa_recordxfer(sav, m); 1455 #ifdef FAST_IPSEC 1456 KEY_FREESAV(&sav); 1457 #else 1458 key_freesav(sav); 1459 #endif 1460 } 1461 #endif 1462 1463 /* 1464 * Set ourselves up to be checksummed just before the packet 1465 * hits the wire. 1466 */ 1467 switch (af) { 1468 #ifdef INET 1469 case AF_INET: 1470 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); 1471 if (use_tso) { 1472 m->m_pkthdr.segsz = txsegsize; 1473 m->m_pkthdr.csum_flags = M_CSUM_TSOv4; 1474 } else { 1475 m->m_pkthdr.csum_flags = M_CSUM_TCPv4; 1476 if (len + optlen) { 1477 /* Fixup the pseudo-header checksum. */ 1478 /* XXXJRT Not IP Jumbogram safe. */ 1479 th->th_sum = in_cksum_addword(th->th_sum, 1480 htons((u_int16_t) (len + optlen))); 1481 } 1482 } 1483 break; 1484 #endif 1485 #ifdef INET6 1486 case AF_INET6: 1487 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); 1488 if (use_tso) { 1489 m->m_pkthdr.segsz = txsegsize; 1490 m->m_pkthdr.csum_flags = M_CSUM_TSOv6; 1491 } else { 1492 m->m_pkthdr.csum_flags = M_CSUM_TCPv6; 1493 if (len + optlen) { 1494 /* Fixup the pseudo-header checksum. */ 1495 /* XXXJRT: Not IPv6 Jumbogram safe. */ 1496 th->th_sum = in_cksum_addword(th->th_sum, 1497 htons((u_int16_t) (len + optlen))); 1498 } 1499 } 1500 break; 1501 #endif 1502 } 1503 1504 /* 1505 * In transmit state, time the transmission and arrange for 1506 * the retransmit. In persist state, just set snd_max. 1507 */ 1508 if (tp->t_force == 0 || TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) { 1509 tcp_seq startseq = tp->snd_nxt; 1510 1511 /* 1512 * Advance snd_nxt over sequence space of this segment. 1513 * There are no states in which we send both a SYN and a FIN, 1514 * so we collapse the tests for these flags. 1515 */ 1516 if (flags & (TH_SYN|TH_FIN)) 1517 tp->snd_nxt++; 1518 if (sack_rxmit) 1519 goto timer; 1520 tp->snd_nxt += len; 1521 if (SEQ_GT(tp->snd_nxt, tp->snd_max)) { 1522 tp->snd_max = tp->snd_nxt; 1523 /* 1524 * Time this transmission if not a retransmission and 1525 * not currently timing anything. 1526 */ 1527 if (tp->t_rtttime == 0) { 1528 tp->t_rtttime = tcp_now; 1529 tp->t_rtseq = startseq; 1530 TCP_STATINC(TCP_STAT_SEGSTIMED); 1531 } 1532 } 1533 1534 /* 1535 * Set retransmit timer if not currently set, 1536 * and not doing an ack or a keep-alive probe. 1537 * Initial value for retransmit timer is smoothed 1538 * round-trip time + 2 * round-trip time variance. 1539 * Initialize shift counter which is used for backoff 1540 * of retransmit time. 1541 */ 1542 timer: 1543 if (TCP_TIMER_ISARMED(tp, TCPT_REXMT) == 0 && 1544 ((sack_rxmit && tp->snd_nxt != tp->snd_max) || 1545 tp->snd_nxt != tp->snd_una)) { 1546 if (TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) { 1547 TCP_TIMER_DISARM(tp, TCPT_PERSIST); 1548 tp->t_rxtshift = 0; 1549 } 1550 TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur); 1551 } 1552 } else 1553 if (SEQ_GT(tp->snd_nxt + len, tp->snd_max)) 1554 tp->snd_max = tp->snd_nxt + len; 1555 1556 #ifdef TCP_DEBUG 1557 /* 1558 * Trace. 1559 */ 1560 if (so->so_options & SO_DEBUG) 1561 tcp_trace(TA_OUTPUT, tp->t_state, tp, m, 0); 1562 #endif 1563 1564 /* 1565 * Fill in IP length and desired time to live and 1566 * send to IP level. There should be a better way 1567 * to handle ttl and tos; we could keep them in 1568 * the template, but need a way to checksum without them. 1569 */ 1570 m->m_pkthdr.len = hdrlen + len; 1571 1572 switch (af) { 1573 #ifdef INET 1574 case AF_INET: 1575 ip->ip_len = htons(m->m_pkthdr.len); 1576 packetlen = m->m_pkthdr.len; 1577 if (tp->t_inpcb) { 1578 ip->ip_ttl = tp->t_inpcb->inp_ip.ip_ttl; 1579 ip->ip_tos = tp->t_inpcb->inp_ip.ip_tos; 1580 } 1581 #ifdef INET6 1582 else if (tp->t_in6pcb) { 1583 ip->ip_ttl = in6_selecthlim(tp->t_in6pcb, NULL); /*XXX*/ 1584 ip->ip_tos = 0; /*XXX*/ 1585 } 1586 #endif 1587 break; 1588 #endif 1589 #ifdef INET6 1590 case AF_INET6: 1591 packetlen = m->m_pkthdr.len; 1592 ip6->ip6_nxt = IPPROTO_TCP; 1593 if (tp->t_in6pcb) { 1594 /* 1595 * we separately set hoplimit for every segment, since 1596 * the user might want to change the value via 1597 * setsockopt. Also, desired default hop limit might 1598 * be changed via Neighbor Discovery. 1599 */ 1600 ip6->ip6_hlim = in6_selecthlim(tp->t_in6pcb, 1601 (rt = rtcache_validate(ro)) != NULL ? rt->rt_ifp 1602 : NULL); 1603 } 1604 /* ip6->ip6_flow = ??? */ 1605 /* ip6_plen will be filled in ip6_output(). */ 1606 break; 1607 #endif 1608 default: /*pacify gcc*/ 1609 packetlen = 0; 1610 break; 1611 } 1612 1613 switch (af) { 1614 #ifdef INET 1615 case AF_INET: 1616 { 1617 struct mbuf *opts; 1618 1619 if (tp->t_inpcb) 1620 opts = tp->t_inpcb->inp_options; 1621 else 1622 opts = NULL; 1623 error = ip_output(m, opts, ro, 1624 (tp->t_mtudisc ? IP_MTUDISC : 0) | 1625 (so->so_options & SO_DONTROUTE), 1626 (struct ip_moptions *)0, so); 1627 break; 1628 } 1629 #endif 1630 #ifdef INET6 1631 case AF_INET6: 1632 { 1633 struct ip6_pktopts *opts; 1634 1635 if (tp->t_in6pcb) 1636 opts = tp->t_in6pcb->in6p_outputopts; 1637 else 1638 opts = NULL; 1639 error = ip6_output(m, opts, ro, so->so_options & SO_DONTROUTE, 1640 NULL, so, NULL); 1641 break; 1642 } 1643 #endif 1644 default: 1645 error = EAFNOSUPPORT; 1646 break; 1647 } 1648 if (error) { 1649 out: 1650 if (error == ENOBUFS) { 1651 TCP_STATINC(TCP_STAT_SELFQUENCH); 1652 #ifdef INET 1653 if (tp->t_inpcb) 1654 tcp_quench(tp->t_inpcb, 0); 1655 #endif 1656 #ifdef INET6 1657 if (tp->t_in6pcb) 1658 tcp6_quench(tp->t_in6pcb, 0); 1659 #endif 1660 error = 0; 1661 } else if ((error == EHOSTUNREACH || error == ENETDOWN) && 1662 TCPS_HAVERCVDSYN(tp->t_state)) { 1663 tp->t_softerror = error; 1664 error = 0; 1665 } 1666 1667 /* Back out the seqence number advance. */ 1668 if (sack_rxmit) 1669 p->rxmit -= len; 1670 1671 /* Restart the delayed ACK timer, if necessary. */ 1672 if (tp->t_flags & TF_DELACK) 1673 TCP_RESTART_DELACK(tp); 1674 1675 return (error); 1676 } 1677 1678 if (packetlen > tp->t_pmtud_mtu_sent) 1679 tp->t_pmtud_mtu_sent = packetlen; 1680 1681 tcps = TCP_STAT_GETREF(); 1682 tcps[TCP_STAT_SNDTOTAL]++; 1683 if (tp->t_flags & TF_DELACK) 1684 tcps[TCP_STAT_DELACK]++; 1685 TCP_STAT_PUTREF(); 1686 1687 /* 1688 * Data sent (as far as we can tell). 1689 * If this advertises a larger window than any other segment, 1690 * then remember the size of the advertised window. 1691 * Any pending ACK has now been sent. 1692 */ 1693 if (win > 0 && SEQ_GT(tp->rcv_nxt+win, tp->rcv_adv)) 1694 tp->rcv_adv = tp->rcv_nxt + win; 1695 tp->last_ack_sent = tp->rcv_nxt; 1696 tp->t_flags &= ~TF_ACKNOW; 1697 TCP_CLEAR_DELACK(tp); 1698 #ifdef DIAGNOSTIC 1699 if (maxburst < 0) 1700 printf("tcp_output: maxburst exceeded by %d\n", -maxburst); 1701 #endif 1702 if (sendalot && (tp->t_congctl == &tcp_reno_ctl || --maxburst)) 1703 goto again; 1704 return (0); 1705 } 1706 1707 void 1708 tcp_setpersist(struct tcpcb *tp) 1709 { 1710 int t = ((tp->t_srtt >> 2) + tp->t_rttvar) >> (1 + 2); 1711 int nticks; 1712 1713 if (TCP_TIMER_ISARMED(tp, TCPT_REXMT)) 1714 panic("tcp_output REXMT"); 1715 /* 1716 * Start/restart persistance timer. 1717 */ 1718 if (t < tp->t_rttmin) 1719 t = tp->t_rttmin; 1720 TCPT_RANGESET(nticks, t * tcp_backoff[tp->t_rxtshift], 1721 TCPTV_PERSMIN, TCPTV_PERSMAX); 1722 TCP_TIMER_ARM(tp, TCPT_PERSIST, nticks); 1723 if (tp->t_rxtshift < TCP_MAXRXTSHIFT) 1724 tp->t_rxtshift++; 1725 } 1726