1 /* $NetBSD: tcp_output.c,v 1.205 2018/04/03 08:02:34 maxv Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 /* 33 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 34 * 35 * NRL grants permission for redistribution and use in source and binary 36 * forms, with or without modification, of the software and documentation 37 * created at NRL provided that the following conditions are met: 38 * 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. All advertising materials mentioning features or use of this software 45 * must display the following acknowledgements: 46 * This product includes software developed by the University of 47 * California, Berkeley and its contributors. 48 * This product includes software developed at the Information 49 * Technology Division, US Naval Research Laboratory. 50 * 4. Neither the name of the NRL nor the names of its contributors 51 * may be used to endorse or promote products derived from this software 52 * without specific prior written permission. 53 * 54 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 55 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 56 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 57 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 58 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 59 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 60 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 61 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 62 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 63 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 64 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 65 * 66 * The views and conclusions contained in the software and documentation 67 * are those of the authors and should not be interpreted as representing 68 * official policies, either expressed or implied, of the US Naval 69 * Research Laboratory (NRL). 70 */ 71 72 /*- 73 * Copyright (c) 1997, 1998, 2001, 2005, 2006 The NetBSD Foundation, Inc. 74 * All rights reserved. 75 * 76 * This code is derived from software contributed to The NetBSD Foundation 77 * by Jason R. Thorpe and Kevin M. Lahey of the Numerical Aerospace Simulation 78 * Facility, NASA Ames Research Center. 79 * This code is derived from software contributed to The NetBSD Foundation 80 * by Charles M. Hannum. 81 * This code is derived from software contributed to The NetBSD Foundation 82 * by Rui Paulo. 83 * 84 * Redistribution and use in source and binary forms, with or without 85 * modification, are permitted provided that the following conditions 86 * are met: 87 * 1. Redistributions of source code must retain the above copyright 88 * notice, this list of conditions and the following disclaimer. 89 * 2. Redistributions in binary form must reproduce the above copyright 90 * notice, this list of conditions and the following disclaimer in the 91 * documentation and/or other materials provided with the distribution. 92 * 93 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 94 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 95 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 96 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 97 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 98 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 99 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 100 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 101 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 103 * POSSIBILITY OF SUCH DAMAGE. 104 */ 105 106 /* 107 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 108 * The Regents of the University of California. All rights reserved. 109 * 110 * Redistribution and use in source and binary forms, with or without 111 * modification, are permitted provided that the following conditions 112 * are met: 113 * 1. Redistributions of source code must retain the above copyright 114 * notice, this list of conditions and the following disclaimer. 115 * 2. Redistributions in binary form must reproduce the above copyright 116 * notice, this list of conditions and the following disclaimer in the 117 * documentation and/or other materials provided with the distribution. 118 * 3. Neither the name of the University nor the names of its contributors 119 * may be used to endorse or promote products derived from this software 120 * without specific prior written permission. 121 * 122 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 123 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 124 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 125 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 126 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 127 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 128 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 129 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 130 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 131 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 132 * SUCH DAMAGE. 133 * 134 * @(#)tcp_output.c 8.4 (Berkeley) 5/24/95 135 */ 136 137 #include <sys/cdefs.h> 138 __KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.205 2018/04/03 08:02:34 maxv Exp $"); 139 140 #ifdef _KERNEL_OPT 141 #include "opt_inet.h" 142 #include "opt_ipsec.h" 143 #include "opt_tcp_debug.h" 144 #endif 145 146 #include <sys/param.h> 147 #include <sys/systm.h> 148 #include <sys/mbuf.h> 149 #include <sys/protosw.h> 150 #include <sys/socket.h> 151 #include <sys/socketvar.h> 152 #include <sys/errno.h> 153 #include <sys/domain.h> 154 #include <sys/kernel.h> 155 #ifdef TCP_SIGNATURE 156 #include <sys/md5.h> 157 #endif 158 159 #include <net/if.h> 160 #include <net/route.h> 161 162 #include <netinet/in.h> 163 #include <netinet/in_systm.h> 164 #include <netinet/ip.h> 165 #include <netinet/in_pcb.h> 166 #include <netinet/ip_var.h> 167 168 #ifdef INET6 169 #include <netinet/ip6.h> 170 #include <netinet6/in6_var.h> 171 #include <netinet6/ip6_var.h> 172 #include <netinet6/in6_pcb.h> 173 #include <netinet6/nd6.h> 174 #endif 175 176 #ifdef IPSEC 177 #include <netipsec/ipsec.h> 178 #include <netipsec/key.h> 179 #ifdef INET6 180 #include <netipsec/ipsec6.h> 181 #endif 182 #endif 183 184 #include <netinet/tcp.h> 185 #define TCPOUTFLAGS 186 #include <netinet/tcp_fsm.h> 187 #include <netinet/tcp_seq.h> 188 #include <netinet/tcp_timer.h> 189 #include <netinet/tcp_var.h> 190 #include <netinet/tcp_private.h> 191 #include <netinet/tcp_congctl.h> 192 #include <netinet/tcpip.h> 193 #include <netinet/tcp_debug.h> 194 #include <netinet/in_offload.h> 195 #include <netinet6/in6_offload.h> 196 197 /* 198 * Knob to enable Congestion Window Monitoring, and control 199 * the burst size it allows. Default burst is 4 packets, per 200 * the Internet draft. 201 */ 202 int tcp_cwm = 0; 203 int tcp_cwm_burstsize = 4; 204 205 int tcp_do_autosndbuf = 1; 206 int tcp_autosndbuf_inc = 8 * 1024; 207 int tcp_autosndbuf_max = 256 * 1024; 208 209 #ifdef TCP_OUTPUT_COUNTERS 210 #include <sys/device.h> 211 212 extern struct evcnt tcp_output_bigheader; 213 extern struct evcnt tcp_output_predict_hit; 214 extern struct evcnt tcp_output_predict_miss; 215 extern struct evcnt tcp_output_copysmall; 216 extern struct evcnt tcp_output_copybig; 217 extern struct evcnt tcp_output_refbig; 218 219 #define TCP_OUTPUT_COUNTER_INCR(ev) (ev)->ev_count++ 220 #else 221 222 #define TCP_OUTPUT_COUNTER_INCR(ev) /* nothing */ 223 224 #endif /* TCP_OUTPUT_COUNTERS */ 225 226 static int 227 tcp_segsize(struct tcpcb *tp, int *txsegsizep, int *rxsegsizep, 228 bool *alwaysfragp) 229 { 230 struct inpcb *inp = tp->t_inpcb; 231 #ifdef INET6 232 struct in6pcb *in6p = tp->t_in6pcb; 233 #endif 234 struct socket *so = NULL; 235 struct rtentry *rt; 236 struct ifnet *ifp; 237 int size; 238 int hdrlen; 239 int optlen; 240 241 *alwaysfragp = false; 242 size = tcp_mssdflt; 243 244 KASSERT(!(tp->t_inpcb && tp->t_in6pcb)); 245 246 switch (tp->t_family) { 247 case AF_INET: 248 hdrlen = sizeof(struct ip) + sizeof(struct tcphdr); 249 break; 250 #ifdef INET6 251 case AF_INET6: 252 hdrlen = sizeof(struct ip6_hdr) + sizeof(struct tcphdr); 253 break; 254 #endif 255 default: 256 goto out; 257 } 258 259 rt = NULL; 260 if (inp) { 261 rt = in_pcbrtentry(inp); 262 so = inp->inp_socket; 263 } 264 #ifdef INET6 265 if (in6p) { 266 rt = in6_pcbrtentry(in6p); 267 so = in6p->in6p_socket; 268 } 269 #endif 270 if (rt == NULL) { 271 goto out; 272 } 273 274 ifp = rt->rt_ifp; 275 276 if (tp->t_mtudisc && rt->rt_rmx.rmx_mtu != 0) { 277 #ifdef INET6 278 if (in6p && rt->rt_rmx.rmx_mtu < IPV6_MMTU) { 279 /* 280 * RFC2460 section 5, last paragraph: if path MTU is 281 * smaller than 1280, use 1280 as packet size and 282 * attach fragment header. 283 */ 284 size = IPV6_MMTU - hdrlen - sizeof(struct ip6_frag); 285 *alwaysfragp = true; 286 } else 287 size = rt->rt_rmx.rmx_mtu - hdrlen; 288 #else 289 size = rt->rt_rmx.rmx_mtu - hdrlen; 290 #endif 291 } else if (ifp->if_flags & IFF_LOOPBACK) 292 size = ifp->if_mtu - hdrlen; 293 else if (inp && tp->t_mtudisc) 294 size = ifp->if_mtu - hdrlen; 295 else if (inp && in_localaddr(inp->inp_faddr)) 296 size = ifp->if_mtu - hdrlen; 297 #ifdef INET6 298 else if (in6p) { 299 if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr)) { 300 /* mapped addr case */ 301 struct in_addr d; 302 memcpy(&d, &in6p->in6p_faddr.s6_addr32[3], sizeof(d)); 303 if (tp->t_mtudisc || in_localaddr(d)) 304 size = ifp->if_mtu - hdrlen; 305 } else { 306 /* 307 * for IPv6, path MTU discovery is always turned on, 308 * or the node must use packet size <= 1280. 309 */ 310 size = tp->t_mtudisc ? IN6_LINKMTU(ifp) : IPV6_MMTU; 311 size -= hdrlen; 312 } 313 } 314 #endif 315 if (inp) 316 in_pcbrtentry_unref(rt, inp); 317 #ifdef INET6 318 if (in6p) 319 in6_pcbrtentry_unref(rt, in6p); 320 #endif 321 out: 322 /* 323 * Now we must make room for whatever extra TCP/IP options are in 324 * the packet. 325 */ 326 optlen = tcp_optlen(tp); 327 328 /* 329 * XXX tp->t_ourmss should have the right size, but without this code 330 * fragmentation will occur... need more investigation 331 */ 332 333 if (inp) { 334 #if defined(IPSEC) 335 if (ipsec_used && 336 !ipsec_pcb_skip_ipsec(inp->inp_sp, IPSEC_DIR_OUTBOUND)) 337 optlen += ipsec4_hdrsiz_tcp(tp); 338 #endif 339 optlen += ip_optlen(inp); 340 } 341 342 #ifdef INET6 343 if (in6p && tp->t_family == AF_INET) { 344 #if defined(IPSEC) 345 if (ipsec_used && 346 !ipsec_pcb_skip_ipsec(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) 347 optlen += ipsec4_hdrsiz_tcp(tp); 348 #endif 349 /* XXX size -= ip_optlen(in6p); */ 350 } else if (in6p && tp->t_family == AF_INET6) { 351 #if defined(IPSEC) 352 if (ipsec_used && 353 !ipsec_pcb_skip_ipsec(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) 354 optlen += ipsec6_hdrsiz_tcp(tp); 355 #endif 356 optlen += ip6_optlen(in6p); 357 } 358 #endif 359 size -= optlen; 360 361 /* 362 * There may not be any room for data if mtu is too small. This 363 * includes zero-sized. 364 */ 365 if (size <= 0) { 366 return EMSGSIZE; 367 } 368 369 /* 370 * *rxsegsizep holds *estimated* inbound segment size (estimation 371 * assumes that path MTU is the same for both ways). this is only 372 * for silly window avoidance, do not use the value for other purposes. 373 * 374 * ipseclen is subtracted from both sides, this may not be right. 375 * I'm not quite sure about this (could someone comment). 376 */ 377 *txsegsizep = min(tp->t_peermss - optlen, size); 378 *rxsegsizep = min(tp->t_ourmss - optlen, size); 379 380 /* 381 * Never send more than half a buffer full. This insures that we can 382 * always keep 2 packets on the wire, no matter what SO_SNDBUF is, and 383 * therefore acks will never be delayed unless we run out of data to 384 * transmit. 385 */ 386 if (so) { 387 *txsegsizep = min(so->so_snd.sb_hiwat >> 1, *txsegsizep); 388 } 389 390 if (*txsegsizep != tp->t_segsz) { 391 /* 392 * If the new segment size is larger, we don't want to 393 * mess up the congestion window, but if it is smaller 394 * we'll have to reduce the congestion window to ensure 395 * that we don't get into trouble with initial windows 396 * and the rest. In any case, if the segment size 397 * has changed, chances are the path has, too, and 398 * our congestion window will be different. 399 */ 400 if (*txsegsizep < tp->t_segsz) { 401 tp->snd_cwnd = max((tp->snd_cwnd / tp->t_segsz) 402 * *txsegsizep, *txsegsizep); 403 tp->snd_ssthresh = max((tp->snd_ssthresh / tp->t_segsz) 404 * *txsegsizep, *txsegsizep); 405 } 406 tp->t_segsz = *txsegsizep; 407 } 408 409 return 0; 410 } 411 412 static int 413 tcp_build_datapkt(struct tcpcb *tp, struct socket *so, int off, 414 long len, int hdrlen, struct mbuf **mp) 415 { 416 struct mbuf *m, *m0; 417 uint64_t *tcps; 418 419 tcps = TCP_STAT_GETREF(); 420 if (tp->t_force && len == 1) 421 tcps[TCP_STAT_SNDPROBE]++; 422 else if (SEQ_LT(tp->snd_nxt, tp->snd_max)) { 423 tp->t_sndrexmitpack++; 424 tcps[TCP_STAT_SNDREXMITPACK]++; 425 tcps[TCP_STAT_SNDREXMITBYTE] += len; 426 } else { 427 tcps[TCP_STAT_SNDPACK]++; 428 tcps[TCP_STAT_SNDBYTE] += len; 429 } 430 TCP_STAT_PUTREF(); 431 432 MGETHDR(m, M_DONTWAIT, MT_HEADER); 433 if (__predict_false(m == NULL)) 434 return ENOBUFS; 435 MCLAIM(m, &tcp_tx_mowner); 436 437 /* 438 * XXX Because other code assumes headers will fit in 439 * XXX one header mbuf. 440 * 441 * (This code should almost *never* be run.) 442 */ 443 if (__predict_false((max_linkhdr + hdrlen) > MHLEN)) { 444 TCP_OUTPUT_COUNTER_INCR(&tcp_output_bigheader); 445 MCLGET(m, M_DONTWAIT); 446 if ((m->m_flags & M_EXT) == 0) { 447 m_freem(m); 448 return ENOBUFS; 449 } 450 } 451 452 m->m_data += max_linkhdr; 453 m->m_len = hdrlen; 454 455 /* 456 * To avoid traversing the whole sb_mb chain for correct 457 * data to send, remember last sent mbuf, its offset and 458 * the sent size. When called the next time, see if the 459 * data to send is directly following the previous transfer. 460 * This is important for large TCP windows. 461 */ 462 if (off == 0 || tp->t_lastm == NULL || 463 (tp->t_lastoff + tp->t_lastlen) != off) { 464 TCP_OUTPUT_COUNTER_INCR(&tcp_output_predict_miss); 465 /* 466 * Either a new packet or a retransmit. 467 * Start from the beginning. 468 */ 469 tp->t_lastm = so->so_snd.sb_mb; 470 tp->t_inoff = off; 471 } else { 472 TCP_OUTPUT_COUNTER_INCR(&tcp_output_predict_hit); 473 tp->t_inoff += tp->t_lastlen; 474 } 475 476 /* Traverse forward to next packet */ 477 while (tp->t_inoff > 0) { 478 if (tp->t_lastm == NULL) 479 panic("tp->t_lastm == NULL"); 480 if (tp->t_inoff < tp->t_lastm->m_len) 481 break; 482 tp->t_inoff -= tp->t_lastm->m_len; 483 tp->t_lastm = tp->t_lastm->m_next; 484 } 485 486 tp->t_lastoff = off; 487 tp->t_lastlen = len; 488 m0 = tp->t_lastm; 489 off = tp->t_inoff; 490 491 if (len <= M_TRAILINGSPACE(m)) { 492 m_copydata(m0, off, (int)len, mtod(m, char *) + hdrlen); 493 m->m_len += len; 494 TCP_OUTPUT_COUNTER_INCR(&tcp_output_copysmall); 495 } else { 496 m->m_next = m_copym(m0, off, (int)len, M_DONTWAIT); 497 if (m->m_next == NULL) { 498 m_freem(m); 499 return ENOBUFS; 500 } 501 #ifdef TCP_OUTPUT_COUNTERS 502 if (m->m_next->m_flags & M_EXT) 503 TCP_OUTPUT_COUNTER_INCR(&tcp_output_refbig); 504 else 505 TCP_OUTPUT_COUNTER_INCR(&tcp_output_copybig); 506 #endif 507 } 508 509 *mp = m; 510 return 0; 511 } 512 513 /* 514 * Tcp output routine: figure out what should be sent and send it. 515 */ 516 int 517 tcp_output(struct tcpcb *tp) 518 { 519 struct rtentry *rt = NULL; 520 struct socket *so; 521 struct route *ro; 522 long len, win; 523 int off, flags, error; 524 struct mbuf *m; 525 struct ip *ip; 526 #ifdef INET6 527 struct ip6_hdr *ip6; 528 #endif 529 struct tcphdr *th; 530 u_char opt[MAX_TCPOPTLEN], *optp; 531 #define OPT_FITS(more) ((optlen + (more)) <= sizeof(opt)) 532 unsigned optlen, hdrlen, packetlen; 533 unsigned int sack_numblks; 534 int idle, sendalot, txsegsize, rxsegsize; 535 int txsegsize_nosack; 536 int maxburst = TCP_MAXBURST; 537 int af; /* address family on the wire */ 538 int iphdrlen; 539 int has_tso4, has_tso6; 540 int has_tso, use_tso; 541 bool alwaysfrag; 542 int sack_rxmit; 543 int sack_bytes_rxmt; 544 int ecn_tos; 545 struct sackhole *p; 546 #ifdef TCP_SIGNATURE 547 int sigoff = 0; 548 #endif 549 uint64_t *tcps; 550 551 KASSERT(!(tp->t_inpcb && tp->t_in6pcb)); 552 553 so = NULL; 554 ro = NULL; 555 if (tp->t_inpcb) { 556 so = tp->t_inpcb->inp_socket; 557 ro = &tp->t_inpcb->inp_route; 558 } 559 #ifdef INET6 560 else if (tp->t_in6pcb) { 561 so = tp->t_in6pcb->in6p_socket; 562 ro = &tp->t_in6pcb->in6p_route; 563 } 564 #endif 565 566 switch (af = tp->t_family) { 567 case AF_INET: 568 if (tp->t_inpcb) 569 break; 570 #ifdef INET6 571 /* mapped addr case */ 572 if (tp->t_in6pcb) 573 break; 574 #endif 575 return EINVAL; 576 #ifdef INET6 577 case AF_INET6: 578 if (tp->t_in6pcb) 579 break; 580 return EINVAL; 581 #endif 582 default: 583 return EAFNOSUPPORT; 584 } 585 586 if (tcp_segsize(tp, &txsegsize, &rxsegsize, &alwaysfrag)) 587 return EMSGSIZE; 588 589 idle = (tp->snd_max == tp->snd_una); 590 591 /* 592 * Determine if we can use TCP segmentation offload: 593 * - If we're using IPv4 594 * - If there is not an IPsec policy that prevents it 595 * - If the interface can do it 596 */ 597 has_tso4 = has_tso6 = false; 598 599 has_tso4 = tp->t_inpcb != NULL && 600 #if defined(IPSEC) 601 (!ipsec_used || ipsec_pcb_skip_ipsec(tp->t_inpcb->inp_sp, 602 IPSEC_DIR_OUTBOUND)) && 603 #endif 604 (rt = rtcache_validate(&tp->t_inpcb->inp_route)) != NULL && 605 (rt->rt_ifp->if_capenable & IFCAP_TSOv4) != 0; 606 if (rt != NULL) { 607 rtcache_unref(rt, &tp->t_inpcb->inp_route); 608 rt = NULL; 609 } 610 611 #if defined(INET6) 612 has_tso6 = tp->t_in6pcb != NULL && 613 #if defined(IPSEC) 614 (!ipsec_used || ipsec_pcb_skip_ipsec(tp->t_in6pcb->in6p_sp, 615 IPSEC_DIR_OUTBOUND)) && 616 #endif 617 (rt = rtcache_validate(&tp->t_in6pcb->in6p_route)) != NULL && 618 (rt->rt_ifp->if_capenable & IFCAP_TSOv6) != 0; 619 if (rt != NULL) 620 rtcache_unref(rt, &tp->t_in6pcb->in6p_route); 621 #endif /* defined(INET6) */ 622 has_tso = (has_tso4 || has_tso6) && !alwaysfrag; 623 624 /* 625 * Restart Window computation. From draft-floyd-incr-init-win-03: 626 * 627 * Optionally, a TCP MAY set the restart window to the 628 * minimum of the value used for the initial window and 629 * the current value of cwnd (in other words, using a 630 * larger value for the restart window should never increase 631 * the size of cwnd). 632 */ 633 if (tcp_cwm) { 634 /* 635 * Hughes/Touch/Heidemann Congestion Window Monitoring. 636 * Count the number of packets currently pending 637 * acknowledgement, and limit our congestion window 638 * to a pre-determined allowed burst size plus that count. 639 * This prevents bursting once all pending packets have 640 * been acknowledged (i.e. transmission is idle). 641 * 642 * XXX Link this to Initial Window? 643 */ 644 tp->snd_cwnd = min(tp->snd_cwnd, 645 (tcp_cwm_burstsize * txsegsize) + 646 (tp->snd_nxt - tp->snd_una)); 647 } else { 648 if (idle && (tcp_now - tp->t_rcvtime) >= tp->t_rxtcur) { 649 /* 650 * We have been idle for "a while" and no acks are 651 * expected to clock out any data we send -- 652 * slow start to get ack "clock" running again. 653 */ 654 int ss = tcp_init_win; 655 if (tp->t_inpcb && 656 in_localaddr(tp->t_inpcb->inp_faddr)) 657 ss = tcp_init_win_local; 658 #ifdef INET6 659 if (tp->t_in6pcb && 660 in6_localaddr(&tp->t_in6pcb->in6p_faddr)) 661 ss = tcp_init_win_local; 662 #endif 663 tp->snd_cwnd = min(tp->snd_cwnd, 664 TCP_INITIAL_WINDOW(ss, txsegsize)); 665 } 666 } 667 668 txsegsize_nosack = txsegsize; 669 again: 670 ecn_tos = 0; 671 use_tso = has_tso; 672 if ((tp->t_flags & (TF_ECN_SND_CWR|TF_ECN_SND_ECE)) != 0) { 673 /* don't duplicate CWR/ECE. */ 674 use_tso = 0; 675 } 676 TCP_REASS_LOCK(tp); 677 sack_numblks = tcp_sack_numblks(tp); 678 if (sack_numblks) { 679 int sackoptlen; 680 681 sackoptlen = TCP_SACK_OPTLEN(sack_numblks); 682 if (sackoptlen > txsegsize_nosack) { 683 sack_numblks = 0; /* give up SACK */ 684 txsegsize = txsegsize_nosack; 685 } else { 686 if ((tp->rcv_sack_flags & TCPSACK_HAVED) != 0) { 687 /* don't duplicate D-SACK. */ 688 use_tso = 0; 689 } 690 txsegsize = txsegsize_nosack - sackoptlen; 691 } 692 } else { 693 txsegsize = txsegsize_nosack; 694 } 695 696 /* 697 * Determine length of data that should be transmitted, and 698 * flags that should be used. If there is some data or critical 699 * controls (SYN, RST) to send, then transmit; otherwise, 700 * investigate further. 701 * 702 * Readjust SACK information to avoid resending duplicate data. 703 */ 704 if (TCP_SACK_ENABLED(tp) && SEQ_LT(tp->snd_nxt, tp->snd_max)) 705 tcp_sack_adjust(tp); 706 sendalot = 0; 707 off = tp->snd_nxt - tp->snd_una; 708 win = min(tp->snd_wnd, tp->snd_cwnd); 709 710 flags = tcp_outflags[tp->t_state]; 711 712 /* 713 * Send any SACK-generated retransmissions. If we're explicitly trying 714 * to send out new data (when sendalot is 1), bypass this function. 715 * If we retransmit in fast recovery mode, decrement snd_cwnd, since 716 * we're replacing a (future) new transmission with a retransmission 717 * now, and we previously incremented snd_cwnd in tcp_input(). 718 */ 719 /* 720 * Still in sack recovery, reset rxmit flag to zero. 721 */ 722 sack_rxmit = 0; 723 sack_bytes_rxmt = 0; 724 len = 0; 725 p = NULL; 726 do { 727 long cwin; 728 if (!TCP_SACK_ENABLED(tp)) 729 break; 730 if (tp->t_partialacks < 0) 731 break; 732 p = tcp_sack_output(tp, &sack_bytes_rxmt); 733 if (p == NULL) 734 break; 735 736 cwin = min(tp->snd_wnd, tp->snd_cwnd) - sack_bytes_rxmt; 737 if (cwin < 0) 738 cwin = 0; 739 /* Do not retransmit SACK segments beyond snd_recover */ 740 if (SEQ_GT(p->end, tp->snd_recover)) { 741 /* 742 * (At least) part of sack hole extends beyond 743 * snd_recover. Check to see if we can rexmit data 744 * for this hole. 745 */ 746 if (SEQ_GEQ(p->rxmit, tp->snd_recover)) { 747 /* 748 * Can't rexmit any more data for this hole. 749 * That data will be rexmitted in the next 750 * sack recovery episode, when snd_recover 751 * moves past p->rxmit. 752 */ 753 p = NULL; 754 break; 755 } 756 /* Can rexmit part of the current hole */ 757 len = ((long)ulmin(cwin, tp->snd_recover - p->rxmit)); 758 } else 759 len = ((long)ulmin(cwin, p->end - p->rxmit)); 760 off = p->rxmit - tp->snd_una; 761 if (off + len > so->so_snd.sb_cc) { 762 /* 1 for TH_FIN */ 763 KASSERT(off + len == so->so_snd.sb_cc + 1); 764 KASSERT(p->rxmit + len == tp->snd_max); 765 len = so->so_snd.sb_cc - off; 766 } 767 if (len > 0) { 768 sack_rxmit = 1; 769 sendalot = 1; 770 } 771 } while (/*CONSTCOND*/0); 772 773 /* 774 * If in persist timeout with window of 0, send 1 byte. 775 * Otherwise, if window is small but nonzero 776 * and timer expired, we will send what we can 777 * and go to transmit state. 778 */ 779 if (tp->t_force) { 780 if (win == 0) { 781 /* 782 * If we still have some data to send, then 783 * clear the FIN bit. Usually this would 784 * happen below when it realizes that we 785 * aren't sending all the data. However, 786 * if we have exactly 1 byte of unset data, 787 * then it won't clear the FIN bit below, 788 * and if we are in persist state, we wind 789 * up sending the packet without recording 790 * that we sent the FIN bit. 791 * 792 * We can't just blindly clear the FIN bit, 793 * because if we don't have any more data 794 * to send then the probe will be the FIN 795 * itself. 796 */ 797 if (off < so->so_snd.sb_cc) 798 flags &= ~TH_FIN; 799 win = 1; 800 } else { 801 TCP_TIMER_DISARM(tp, TCPT_PERSIST); 802 tp->t_rxtshift = 0; 803 } 804 } 805 806 if (sack_rxmit == 0) { 807 if (TCP_SACK_ENABLED(tp) && tp->t_partialacks >= 0) { 808 long cwin; 809 810 /* 811 * We are inside of a SACK recovery episode and are 812 * sending new data, having retransmitted all the 813 * data possible in the scoreboard. 814 */ 815 if (tp->snd_wnd < so->so_snd.sb_cc) { 816 len = tp->snd_wnd - off; 817 flags &= ~TH_FIN; 818 } else { 819 len = so->so_snd.sb_cc - off; 820 } 821 822 /* 823 * From FreeBSD: 824 * Don't remove this (len > 0) check ! 825 * We explicitly check for len > 0 here (although it 826 * isn't really necessary), to work around a gcc 827 * optimization issue - to force gcc to compute 828 * len above. Without this check, the computation 829 * of len is bungled by the optimizer. 830 */ 831 if (len > 0) { 832 cwin = tp->snd_cwnd - 833 (tp->snd_nxt - tp->sack_newdata) - 834 sack_bytes_rxmt; 835 if (cwin < 0) 836 cwin = 0; 837 if (cwin < len) { 838 len = cwin; 839 flags &= ~TH_FIN; 840 } 841 } 842 } else if (win < so->so_snd.sb_cc) { 843 len = win - off; 844 flags &= ~TH_FIN; 845 } else { 846 len = so->so_snd.sb_cc - off; 847 } 848 } 849 850 if (len < 0) { 851 /* 852 * If FIN has been sent but not acked, 853 * but we haven't been called to retransmit, 854 * len will be -1. Otherwise, window shrank 855 * after we sent into it. If window shrank to 0, 856 * cancel pending retransmit, pull snd_nxt back 857 * to (closed) window, and set the persist timer 858 * if it isn't already going. If the window didn't 859 * close completely, just wait for an ACK. 860 * 861 * If we have a pending FIN, either it has already been 862 * transmitted or it is outside the window, so drop it. 863 * If the FIN has been transmitted, but this is not a 864 * retransmission, then len must be -1. Therefore we also 865 * prevent here the sending of `gratuitous FINs'. This 866 * eliminates the need to check for that case below (e.g. 867 * to back up snd_nxt before the FIN so that the sequence 868 * number is correct). 869 */ 870 len = 0; 871 flags &= ~TH_FIN; 872 if (win == 0) { 873 TCP_TIMER_DISARM(tp, TCPT_REXMT); 874 tp->t_rxtshift = 0; 875 tp->snd_nxt = tp->snd_una; 876 if (TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) 877 tcp_setpersist(tp); 878 } 879 } 880 881 /* 882 * Automatic sizing enables the performance of large buffers 883 * and most of the efficiency of small ones by only allocating 884 * space when it is needed. 885 * 886 * The criteria to step up the send buffer one notch are: 887 * 1. receive window of remote host is larger than send buffer 888 * (with a fudge factor of 5/4th); 889 * 2. send buffer is filled to 7/8th with data (so we actually 890 * have data to make use of it); 891 * 3. send buffer fill has not hit maximal automatic size; 892 * 4. our send window (slow start and cogestion controlled) is 893 * larger than sent but unacknowledged data in send buffer. 894 * 895 * The remote host receive window scaling factor may limit the 896 * growing of the send buffer before it reaches its allowed 897 * maximum. 898 * 899 * It scales directly with slow start or congestion window 900 * and does at most one step per received ACK. This fast 901 * scaling has the drawback of growing the send buffer beyond 902 * what is strictly necessary to make full use of a given 903 * delay*bandwith product. However testing has shown this not 904 * to be much of an problem. At worst we are trading wasting 905 * of available bandwith (the non-use of it) for wasting some 906 * socket buffer memory. 907 * 908 * TODO: Shrink send buffer during idle periods together 909 * with congestion window. Requires another timer. 910 */ 911 if (tcp_do_autosndbuf && so->so_snd.sb_flags & SB_AUTOSIZE) { 912 if ((tp->snd_wnd / 4 * 5) >= so->so_snd.sb_hiwat && 913 so->so_snd.sb_cc >= (so->so_snd.sb_hiwat / 8 * 7) && 914 so->so_snd.sb_cc < tcp_autosndbuf_max && 915 win >= (so->so_snd.sb_cc - (tp->snd_nxt - tp->snd_una))) { 916 if (!sbreserve(&so->so_snd, 917 min(so->so_snd.sb_hiwat + tcp_autosndbuf_inc, 918 tcp_autosndbuf_max), so)) 919 so->so_snd.sb_flags &= ~SB_AUTOSIZE; 920 } 921 } 922 923 if (len > txsegsize) { 924 if (use_tso) { 925 /* 926 * Truncate TSO transfers to IP_MAXPACKET, and make 927 * sure that we send equal size transfers down the 928 * stack (rather than big-small-big-small-...). 929 */ 930 #ifdef INET6 931 CTASSERT(IPV6_MAXPACKET == IP_MAXPACKET); 932 #endif 933 len = (min(len, IP_MAXPACKET) / txsegsize) * txsegsize; 934 if (len <= txsegsize) { 935 use_tso = 0; 936 } 937 } else 938 len = txsegsize; 939 flags &= ~TH_FIN; 940 sendalot = 1; 941 } else 942 use_tso = 0; 943 if (sack_rxmit) { 944 if (SEQ_LT(p->rxmit + len, tp->snd_una + so->so_snd.sb_cc)) 945 flags &= ~TH_FIN; 946 } 947 948 win = sbspace(&so->so_rcv); 949 950 /* 951 * Sender silly window avoidance. If connection is idle 952 * and can send all data, a maximum segment, 953 * at least a maximum default-size segment do it, 954 * or are forced, do it; otherwise don't bother. 955 * If peer's buffer is tiny, then send 956 * when window is at least half open. 957 * If retransmitting (possibly after persist timer forced us 958 * to send into a small window), then must resend. 959 */ 960 if (len) { 961 if (len >= txsegsize) 962 goto send; 963 if ((so->so_state & SS_MORETOCOME) == 0 && 964 ((idle || tp->t_flags & TF_NODELAY) && 965 len + off >= so->so_snd.sb_cc)) 966 goto send; 967 if (tp->t_force) 968 goto send; 969 if (len >= tp->max_sndwnd / 2) 970 goto send; 971 if (SEQ_LT(tp->snd_nxt, tp->snd_max)) 972 goto send; 973 if (sack_rxmit) 974 goto send; 975 } 976 977 /* 978 * Compare available window to amount of window known to peer 979 * (as advertised window less next expected input). If the 980 * difference is at least twice the size of the largest segment 981 * we expect to receive (i.e. two segments) or at least 50% of 982 * the maximum possible window, then want to send a window update 983 * to peer. 984 */ 985 if (win > 0) { 986 /* 987 * "adv" is the amount we can increase the window, 988 * taking into account that we are limited by 989 * TCP_MAXWIN << tp->rcv_scale. 990 */ 991 long adv = min(win, (long)TCP_MAXWIN << tp->rcv_scale) - 992 (tp->rcv_adv - tp->rcv_nxt); 993 994 /* 995 * If the new window size ends up being the same as the old 996 * size when it is scaled, then don't force a window update. 997 */ 998 if ((tp->rcv_adv - tp->rcv_nxt) >> tp->rcv_scale == 999 (adv + tp->rcv_adv - tp->rcv_nxt) >> tp->rcv_scale) 1000 goto dontupdate; 1001 if (adv >= (long) (2 * rxsegsize)) 1002 goto send; 1003 if (2 * adv >= (long) so->so_rcv.sb_hiwat) 1004 goto send; 1005 } 1006 dontupdate: 1007 1008 /* 1009 * Send if we owe peer an ACK. 1010 */ 1011 if (tp->t_flags & TF_ACKNOW) 1012 goto send; 1013 if (flags & (TH_SYN|TH_FIN|TH_RST)) 1014 goto send; 1015 if (SEQ_GT(tp->snd_up, tp->snd_una)) 1016 goto send; 1017 /* 1018 * In SACK, it is possible for tcp_output to fail to send a segment 1019 * after the retransmission timer has been turned off. Make sure 1020 * that the retransmission timer is set. 1021 */ 1022 if (TCP_SACK_ENABLED(tp) && SEQ_GT(tp->snd_max, tp->snd_una) && 1023 !TCP_TIMER_ISARMED(tp, TCPT_REXMT) && 1024 !TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) { 1025 TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur); 1026 goto just_return; 1027 } 1028 1029 /* 1030 * TCP window updates are not reliable, rather a polling protocol 1031 * using ``persist'' packets is used to insure receipt of window 1032 * updates. The three ``states'' for the output side are: 1033 * idle not doing retransmits or persists 1034 * persisting to move a small or zero window 1035 * (re)transmitting and thereby not persisting 1036 * 1037 * tp->t_timer[TCPT_PERSIST] 1038 * is set when we are in persist state. 1039 * tp->t_force 1040 * is set when we are called to send a persist packet. 1041 * tp->t_timer[TCPT_REXMT] 1042 * is set when we are retransmitting 1043 * The output side is idle when both timers are zero. 1044 * 1045 * If send window is too small, there is data to transmit, and no 1046 * retransmit or persist is pending, then go to persist state. 1047 * If nothing happens soon, send when timer expires: 1048 * if window is nonzero, transmit what we can, 1049 * otherwise force out a byte. 1050 */ 1051 if (so->so_snd.sb_cc && TCP_TIMER_ISARMED(tp, TCPT_REXMT) == 0 && 1052 TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) { 1053 tp->t_rxtshift = 0; 1054 tcp_setpersist(tp); 1055 } 1056 1057 /* 1058 * No reason to send a segment, just return. 1059 */ 1060 just_return: 1061 TCP_REASS_UNLOCK(tp); 1062 return 0; 1063 1064 send: 1065 /* 1066 * Before ESTABLISHED, force sending of initial options 1067 * unless TCP set not to do any options. 1068 * NOTE: we assume that the IP/TCP header plus TCP options 1069 * always fit in a single mbuf, leaving room for a maximum 1070 * link header, i.e. 1071 * max_linkhdr + sizeof (struct tcpiphdr) + optlen <= MCLBYTES 1072 */ 1073 optlen = 0; 1074 optp = opt; 1075 switch (af) { 1076 case AF_INET: 1077 iphdrlen = sizeof(struct ip) + sizeof(struct tcphdr); 1078 break; 1079 #ifdef INET6 1080 case AF_INET6: 1081 iphdrlen = sizeof(struct ip6_hdr) + sizeof(struct tcphdr); 1082 break; 1083 #endif 1084 default: /*pacify gcc*/ 1085 iphdrlen = 0; 1086 break; 1087 } 1088 hdrlen = iphdrlen; 1089 if (flags & TH_SYN) { 1090 struct rtentry *synrt; 1091 1092 synrt = NULL; 1093 if (tp->t_inpcb) 1094 synrt = in_pcbrtentry(tp->t_inpcb); 1095 #ifdef INET6 1096 if (tp->t_in6pcb) 1097 synrt = in6_pcbrtentry(tp->t_in6pcb); 1098 #endif 1099 1100 tp->snd_nxt = tp->iss; 1101 tp->t_ourmss = tcp_mss_to_advertise(synrt != NULL ? 1102 synrt->rt_ifp : NULL, af); 1103 if (tp->t_inpcb) 1104 in_pcbrtentry_unref(synrt, tp->t_inpcb); 1105 #ifdef INET6 1106 if (tp->t_in6pcb) 1107 in6_pcbrtentry_unref(synrt, tp->t_in6pcb); 1108 #endif 1109 if ((tp->t_flags & TF_NOOPT) == 0 && OPT_FITS(TCPOLEN_MAXSEG)) { 1110 *optp++ = TCPOPT_MAXSEG; 1111 *optp++ = TCPOLEN_MAXSEG; 1112 *optp++ = (tp->t_ourmss >> 8) & 0xff; 1113 *optp++ = tp->t_ourmss & 0xff; 1114 optlen += TCPOLEN_MAXSEG; 1115 1116 if ((tp->t_flags & TF_REQ_SCALE) && 1117 ((flags & TH_ACK) == 0 || 1118 (tp->t_flags & TF_RCVD_SCALE)) && 1119 OPT_FITS(TCPOLEN_WINDOW + TCPOLEN_NOP)) { 1120 *((uint32_t *)optp) = htonl( 1121 TCPOPT_NOP << 24 | 1122 TCPOPT_WINDOW << 16 | 1123 TCPOLEN_WINDOW << 8 | 1124 tp->request_r_scale); 1125 optp += TCPOLEN_WINDOW + TCPOLEN_NOP; 1126 optlen += TCPOLEN_WINDOW + TCPOLEN_NOP; 1127 } 1128 if (tcp_do_sack && OPT_FITS(TCPOLEN_SACK_PERMITTED)) { 1129 *optp++ = TCPOPT_SACK_PERMITTED; 1130 *optp++ = TCPOLEN_SACK_PERMITTED; 1131 optlen += TCPOLEN_SACK_PERMITTED; 1132 } 1133 } 1134 } 1135 1136 /* 1137 * Send a timestamp and echo-reply if this is a SYN and our side 1138 * wants to use timestamps (TF_REQ_TSTMP is set) or both our side 1139 * and our peer have sent timestamps in our SYN's. 1140 */ 1141 if ((tp->t_flags & (TF_REQ_TSTMP|TF_NOOPT)) == TF_REQ_TSTMP && 1142 (flags & TH_RST) == 0 && 1143 ((flags & (TH_SYN|TH_ACK)) == TH_SYN || 1144 (tp->t_flags & TF_RCVD_TSTMP))) { 1145 int alen = 0; 1146 while (optlen % 4 != 2) { 1147 optlen += TCPOLEN_NOP; 1148 *optp++ = TCPOPT_NOP; 1149 alen++; 1150 } 1151 if (OPT_FITS(TCPOLEN_TIMESTAMP)) { 1152 *optp++ = TCPOPT_TIMESTAMP; 1153 *optp++ = TCPOLEN_TIMESTAMP; 1154 uint32_t *lp = (uint32_t *)optp; 1155 /* Form timestamp option (appendix A of RFC 1323) */ 1156 *lp++ = htonl(TCP_TIMESTAMP(tp)); 1157 *lp = htonl(tp->ts_recent); 1158 optp += TCPOLEN_TIMESTAMP - 2; 1159 optlen += TCPOLEN_TIMESTAMP; 1160 1161 /* Set receive buffer autosizing timestamp. */ 1162 if (tp->rfbuf_ts == 0 && 1163 (so->so_rcv.sb_flags & SB_AUTOSIZE)) 1164 tp->rfbuf_ts = TCP_TIMESTAMP(tp); 1165 } else { 1166 optp -= alen; 1167 optlen -= alen; 1168 } 1169 } 1170 1171 #ifdef TCP_SIGNATURE 1172 if (tp->t_flags & TF_SIGNATURE) { 1173 /* 1174 * Initialize TCP-MD5 option (RFC2385) 1175 */ 1176 if (!OPT_FITS(TCPOLEN_SIGNATURE)) 1177 goto reset; 1178 1179 *optp++ = TCPOPT_SIGNATURE; 1180 *optp++ = TCPOLEN_SIGNATURE; 1181 sigoff = optlen + 2; 1182 memset(optp, 0, TCP_SIGLEN); 1183 optlen += TCPOLEN_SIGNATURE; 1184 optp += TCP_SIGLEN; 1185 } 1186 #endif 1187 1188 /* 1189 * Tack on the SACK block if it is necessary. 1190 */ 1191 if (sack_numblks) { 1192 int alen = 0; 1193 int sack_len = sack_numblks * 8; 1194 while (optlen % 4 != 2) { 1195 optlen += TCPOLEN_NOP; 1196 *optp++ = TCPOPT_NOP; 1197 alen++; 1198 } 1199 if (OPT_FITS(sack_len + 2)) { 1200 struct ipqent *tiqe; 1201 *optp++ = TCPOPT_SACK; 1202 *optp++ = sack_len + 2; 1203 uint32_t *lp = (uint32_t *)optp; 1204 if ((tp->rcv_sack_flags & TCPSACK_HAVED) != 0) { 1205 sack_numblks--; 1206 *lp++ = htonl(tp->rcv_dsack_block.left); 1207 *lp++ = htonl(tp->rcv_dsack_block.right); 1208 tp->rcv_sack_flags &= ~TCPSACK_HAVED; 1209 } 1210 for (tiqe = TAILQ_FIRST(&tp->timeq); 1211 sack_numblks > 0; 1212 tiqe = TAILQ_NEXT(tiqe, ipqe_timeq)) { 1213 KASSERT(tiqe != NULL); 1214 sack_numblks--; 1215 *lp++ = htonl(tiqe->ipqe_seq); 1216 *lp++ = htonl(tiqe->ipqe_seq + tiqe->ipqe_len + 1217 ((tiqe->ipqe_flags & TH_FIN) != 0 ? 1 : 0)); 1218 } 1219 optlen += sack_len + 2; 1220 optp += sack_len; 1221 } else { 1222 optp -= alen; 1223 optlen -= alen; 1224 } 1225 } 1226 1227 /* Terminate and pad TCP options to a 4 byte boundary. */ 1228 if (optlen % 4) { 1229 if (!OPT_FITS(TCPOLEN_EOL)) { 1230 reset: TCP_REASS_UNLOCK(tp); 1231 error = ECONNABORTED; 1232 goto out; 1233 } 1234 optlen += TCPOLEN_EOL; 1235 *optp++ = TCPOPT_EOL; 1236 } 1237 /* 1238 * According to RFC 793 (STD0007): 1239 * "The content of the header beyond the End-of-Option option 1240 * must be header padding (i.e., zero)." 1241 * and later: "The padding is composed of zeros." 1242 */ 1243 while (optlen % 4) { 1244 if (!OPT_FITS(TCPOLEN_PAD)) 1245 goto reset; 1246 optlen += TCPOLEN_PAD; 1247 *optp++ = TCPOPT_PAD; 1248 } 1249 1250 TCP_REASS_UNLOCK(tp); 1251 1252 hdrlen += optlen; 1253 1254 #ifdef DIAGNOSTIC 1255 if (!use_tso && len > txsegsize) 1256 panic("tcp data to be sent is larger than segment"); 1257 else if (use_tso && len > IP_MAXPACKET) 1258 panic("tcp data to be sent is larger than max TSO size"); 1259 if (max_linkhdr + hdrlen > MCLBYTES) 1260 panic("tcphdr too big"); 1261 #endif 1262 1263 /* 1264 * Grab a header mbuf, attaching a copy of data to 1265 * be transmitted, and initialize the header from 1266 * the template for sends on this connection. 1267 */ 1268 if (len) { 1269 error = tcp_build_datapkt(tp, so, off, len, hdrlen, &m); 1270 if (error) 1271 goto out; 1272 /* 1273 * If we're sending everything we've got, set PUSH. 1274 * (This will keep happy those implementations which only 1275 * give data to the user when a buffer fills or 1276 * a PUSH comes in.) 1277 */ 1278 if (off + len == so->so_snd.sb_cc) 1279 flags |= TH_PUSH; 1280 } else { 1281 tcps = TCP_STAT_GETREF(); 1282 if (tp->t_flags & TF_ACKNOW) 1283 tcps[TCP_STAT_SNDACKS]++; 1284 else if (flags & (TH_SYN|TH_FIN|TH_RST)) 1285 tcps[TCP_STAT_SNDCTRL]++; 1286 else if (SEQ_GT(tp->snd_up, tp->snd_una)) 1287 tcps[TCP_STAT_SNDURG]++; 1288 else 1289 tcps[TCP_STAT_SNDWINUP]++; 1290 TCP_STAT_PUTREF(); 1291 1292 MGETHDR(m, M_DONTWAIT, MT_HEADER); 1293 if (m != NULL && max_linkhdr + hdrlen > MHLEN) { 1294 MCLGET(m, M_DONTWAIT); 1295 if ((m->m_flags & M_EXT) == 0) { 1296 m_freem(m); 1297 m = NULL; 1298 } 1299 } 1300 if (m == NULL) { 1301 error = ENOBUFS; 1302 goto out; 1303 } 1304 MCLAIM(m, &tcp_tx_mowner); 1305 m->m_data += max_linkhdr; 1306 m->m_len = hdrlen; 1307 } 1308 m_reset_rcvif(m); 1309 switch (af) { 1310 case AF_INET: 1311 ip = mtod(m, struct ip *); 1312 #ifdef INET6 1313 ip6 = NULL; 1314 #endif 1315 th = (struct tcphdr *)(ip + 1); 1316 break; 1317 #ifdef INET6 1318 case AF_INET6: 1319 ip = NULL; 1320 ip6 = mtod(m, struct ip6_hdr *); 1321 th = (struct tcphdr *)(ip6 + 1); 1322 break; 1323 #endif 1324 default: /*pacify gcc*/ 1325 ip = NULL; 1326 #ifdef INET6 1327 ip6 = NULL; 1328 #endif 1329 th = NULL; 1330 break; 1331 } 1332 if (tp->t_template == NULL) 1333 panic("tcp_output"); 1334 if (tp->t_template->m_len < iphdrlen) 1335 panic("tcp_output"); 1336 bcopy(mtod(tp->t_template, void *), mtod(m, void *), iphdrlen); 1337 1338 /* 1339 * If we are starting a connection, send ECN setup 1340 * SYN packet. If we are on a retransmit, we may 1341 * resend those bits a number of times as per 1342 * RFC 3168. 1343 */ 1344 if (tp->t_state == TCPS_SYN_SENT && tcp_do_ecn) { 1345 if (tp->t_flags & TF_SYN_REXMT) { 1346 if (tp->t_ecn_retries--) 1347 flags |= TH_ECE|TH_CWR; 1348 } else { 1349 flags |= TH_ECE|TH_CWR; 1350 tp->t_ecn_retries = tcp_ecn_maxretries; 1351 } 1352 } 1353 1354 if (TCP_ECN_ALLOWED(tp)) { 1355 /* 1356 * If the peer has ECN, mark data packets 1357 * ECN capable. Ignore pure ack packets, retransmissions 1358 * and window probes. 1359 */ 1360 if (len > 0 && SEQ_GEQ(tp->snd_nxt, tp->snd_max) && 1361 !(tp->t_force && len == 1)) { 1362 ecn_tos = IPTOS_ECN_ECT0; 1363 TCP_STATINC(TCP_STAT_ECN_ECT); 1364 } 1365 1366 /* 1367 * Reply with proper ECN notifications. 1368 */ 1369 if (tp->t_flags & TF_ECN_SND_CWR) { 1370 flags |= TH_CWR; 1371 tp->t_flags &= ~TF_ECN_SND_CWR; 1372 } 1373 if (tp->t_flags & TF_ECN_SND_ECE) { 1374 flags |= TH_ECE; 1375 } 1376 } 1377 1378 /* 1379 * If we are doing retransmissions, then snd_nxt will 1380 * not reflect the first unsent octet. For ACK only 1381 * packets, we do not want the sequence number of the 1382 * retransmitted packet, we want the sequence number 1383 * of the next unsent octet. So, if there is no data 1384 * (and no SYN or FIN), use snd_max instead of snd_nxt 1385 * when filling in ti_seq. But if we are in persist 1386 * state, snd_max might reflect one byte beyond the 1387 * right edge of the window, so use snd_nxt in that 1388 * case, since we know we aren't doing a retransmission. 1389 * (retransmit and persist are mutually exclusive...) 1390 */ 1391 if (TCP_SACK_ENABLED(tp) && sack_rxmit) { 1392 th->th_seq = htonl(p->rxmit); 1393 p->rxmit += len; 1394 } else { 1395 if (len || (flags & (TH_SYN|TH_FIN)) || 1396 TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) 1397 th->th_seq = htonl(tp->snd_nxt); 1398 else 1399 th->th_seq = htonl(tp->snd_max); 1400 } 1401 th->th_ack = htonl(tp->rcv_nxt); 1402 if (optlen) { 1403 memcpy(th + 1, opt, optlen); 1404 th->th_off = (sizeof (struct tcphdr) + optlen) >> 2; 1405 } 1406 th->th_flags = flags; 1407 /* 1408 * Calculate receive window. Don't shrink window, 1409 * but avoid silly window syndrome. 1410 */ 1411 if (win < (long)(so->so_rcv.sb_hiwat / 4) && win < (long)rxsegsize) 1412 win = 0; 1413 if (win > (long)TCP_MAXWIN << tp->rcv_scale) 1414 win = (long)TCP_MAXWIN << tp->rcv_scale; 1415 if (win < (long)(int32_t)(tp->rcv_adv - tp->rcv_nxt)) 1416 win = (long)(int32_t)(tp->rcv_adv - tp->rcv_nxt); 1417 th->th_win = htons((u_int16_t) (win>>tp->rcv_scale)); 1418 if (th->th_win == 0) { 1419 tp->t_sndzerowin++; 1420 } 1421 if (SEQ_GT(tp->snd_up, tp->snd_nxt)) { 1422 u_int32_t urp = tp->snd_up - tp->snd_nxt; 1423 if (urp > IP_MAXPACKET) 1424 urp = IP_MAXPACKET; 1425 th->th_urp = htons((u_int16_t)urp); 1426 th->th_flags |= TH_URG; 1427 } else 1428 /* 1429 * If no urgent pointer to send, then we pull 1430 * the urgent pointer to the left edge of the send window 1431 * so that it doesn't drift into the send window on sequence 1432 * number wraparound. 1433 */ 1434 tp->snd_up = tp->snd_una; /* drag it along */ 1435 1436 #ifdef TCP_SIGNATURE 1437 if (sigoff && (tp->t_flags & TF_SIGNATURE)) { 1438 struct secasvar *sav; 1439 u_int8_t *sigp; 1440 1441 sav = tcp_signature_getsav(m); 1442 if (sav == NULL) { 1443 if (m) 1444 m_freem(m); 1445 return EPERM; 1446 } 1447 1448 m->m_pkthdr.len = hdrlen + len; 1449 sigp = (char *)th + sizeof(*th) + sigoff; 1450 tcp_signature(m, th, (char *)th - mtod(m, char *), sav, sigp); 1451 1452 key_sa_recordxfer(sav, m); 1453 KEY_SA_UNREF(&sav); 1454 } 1455 #endif 1456 1457 /* 1458 * Set ourselves up to be checksummed just before the packet 1459 * hits the wire. 1460 */ 1461 switch (af) { 1462 case AF_INET: 1463 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); 1464 if (use_tso) { 1465 m->m_pkthdr.segsz = txsegsize; 1466 m->m_pkthdr.csum_flags = M_CSUM_TSOv4; 1467 } else { 1468 m->m_pkthdr.csum_flags = M_CSUM_TCPv4; 1469 if (len + optlen) { 1470 /* Fixup the pseudo-header checksum. */ 1471 /* XXXJRT Not IP Jumbogram safe. */ 1472 th->th_sum = in_cksum_addword(th->th_sum, 1473 htons((u_int16_t) (len + optlen))); 1474 } 1475 } 1476 break; 1477 #ifdef INET6 1478 case AF_INET6: 1479 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); 1480 if (use_tso) { 1481 m->m_pkthdr.segsz = txsegsize; 1482 m->m_pkthdr.csum_flags = M_CSUM_TSOv6; 1483 } else { 1484 m->m_pkthdr.csum_flags = M_CSUM_TCPv6; 1485 if (len + optlen) { 1486 /* Fixup the pseudo-header checksum. */ 1487 /* XXXJRT: Not IPv6 Jumbogram safe. */ 1488 th->th_sum = in_cksum_addword(th->th_sum, 1489 htons((u_int16_t) (len + optlen))); 1490 } 1491 } 1492 break; 1493 #endif 1494 } 1495 1496 /* 1497 * In transmit state, time the transmission and arrange for 1498 * the retransmit. In persist state, just set snd_max. 1499 */ 1500 if (tp->t_force == 0 || TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) { 1501 tcp_seq startseq = tp->snd_nxt; 1502 1503 /* 1504 * Advance snd_nxt over sequence space of this segment. 1505 * There are no states in which we send both a SYN and a FIN, 1506 * so we collapse the tests for these flags. 1507 */ 1508 if (flags & (TH_SYN|TH_FIN)) 1509 tp->snd_nxt++; 1510 if (sack_rxmit) 1511 goto timer; 1512 tp->snd_nxt += len; 1513 if (SEQ_GT(tp->snd_nxt, tp->snd_max)) { 1514 tp->snd_max = tp->snd_nxt; 1515 /* 1516 * Time this transmission if not a retransmission and 1517 * not currently timing anything. 1518 */ 1519 if (tp->t_rtttime == 0) { 1520 tp->t_rtttime = tcp_now; 1521 tp->t_rtseq = startseq; 1522 TCP_STATINC(TCP_STAT_SEGSTIMED); 1523 } 1524 } 1525 1526 /* 1527 * Set retransmit timer if not currently set, 1528 * and not doing an ack or a keep-alive probe. 1529 * Initial value for retransmit timer is smoothed 1530 * round-trip time + 2 * round-trip time variance. 1531 * Initialize shift counter which is used for backoff 1532 * of retransmit time. 1533 */ 1534 timer: 1535 if (TCP_TIMER_ISARMED(tp, TCPT_REXMT) == 0) { 1536 if ((sack_rxmit && tp->snd_nxt != tp->snd_max) 1537 || tp->snd_nxt != tp->snd_una) { 1538 if (TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) { 1539 TCP_TIMER_DISARM(tp, TCPT_PERSIST); 1540 tp->t_rxtshift = 0; 1541 } 1542 TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur); 1543 } else if (len == 0 && so->so_snd.sb_cc > 0 1544 && TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) { 1545 /* 1546 * If we are sending a window probe and there's 1547 * unacked data in the socket, make sure at 1548 * least the persist timer is running. 1549 */ 1550 tp->t_rxtshift = 0; 1551 tcp_setpersist(tp); 1552 } 1553 } 1554 } else 1555 if (SEQ_GT(tp->snd_nxt + len, tp->snd_max)) 1556 tp->snd_max = tp->snd_nxt + len; 1557 1558 #ifdef TCP_DEBUG 1559 /* 1560 * Trace. 1561 */ 1562 if (so->so_options & SO_DEBUG) 1563 tcp_trace(TA_OUTPUT, tp->t_state, tp, m, 0); 1564 #endif 1565 1566 /* 1567 * Fill in IP length and desired time to live and 1568 * send to IP level. There should be a better way 1569 * to handle ttl and tos; we could keep them in 1570 * the template, but need a way to checksum without them. 1571 */ 1572 m->m_pkthdr.len = hdrlen + len; 1573 1574 switch (af) { 1575 case AF_INET: 1576 ip->ip_len = htons(m->m_pkthdr.len); 1577 packetlen = m->m_pkthdr.len; 1578 if (tp->t_inpcb) { 1579 ip->ip_ttl = tp->t_inpcb->inp_ip.ip_ttl; 1580 ip->ip_tos = tp->t_inpcb->inp_ip.ip_tos | ecn_tos; 1581 } 1582 #ifdef INET6 1583 else if (tp->t_in6pcb) { 1584 ip->ip_ttl = in6_selecthlim(tp->t_in6pcb, NULL); /*XXX*/ 1585 ip->ip_tos = ecn_tos; /*XXX*/ 1586 } 1587 #endif 1588 break; 1589 #ifdef INET6 1590 case AF_INET6: 1591 packetlen = m->m_pkthdr.len; 1592 ip6->ip6_nxt = IPPROTO_TCP; 1593 if (tp->t_in6pcb) { 1594 /* 1595 * we separately set hoplimit for every segment, since 1596 * the user might want to change the value via 1597 * setsockopt. Also, desired default hop limit might 1598 * be changed via Neighbor Discovery. 1599 */ 1600 ip6->ip6_hlim = in6_selecthlim_rt(tp->t_in6pcb); 1601 } 1602 ip6->ip6_flow |= htonl(ecn_tos << 20); 1603 /* ip6->ip6_flow = ??? (from template) */ 1604 /* ip6_plen will be filled in ip6_output(). */ 1605 break; 1606 #endif 1607 default: /*pacify gcc*/ 1608 packetlen = 0; 1609 break; 1610 } 1611 1612 switch (af) { 1613 case AF_INET: 1614 { 1615 struct mbuf *opts; 1616 1617 if (tp->t_inpcb) 1618 opts = tp->t_inpcb->inp_options; 1619 else 1620 opts = NULL; 1621 error = ip_output(m, opts, ro, 1622 (tp->t_mtudisc ? IP_MTUDISC : 0) | 1623 (so->so_options & SO_DONTROUTE), NULL, tp->t_inpcb); 1624 break; 1625 } 1626 #ifdef INET6 1627 case AF_INET6: 1628 { 1629 struct ip6_pktopts *opts; 1630 1631 if (tp->t_in6pcb) 1632 opts = tp->t_in6pcb->in6p_outputopts; 1633 else 1634 opts = NULL; 1635 error = ip6_output(m, opts, ro, so->so_options & SO_DONTROUTE, 1636 NULL, tp->t_in6pcb, NULL); 1637 break; 1638 } 1639 #endif 1640 default: 1641 error = EAFNOSUPPORT; 1642 break; 1643 } 1644 if (error) { 1645 out: 1646 if (error == ENOBUFS) { 1647 TCP_STATINC(TCP_STAT_SELFQUENCH); 1648 if (tp->t_inpcb) 1649 tcp_quench(tp->t_inpcb, 0); 1650 #ifdef INET6 1651 if (tp->t_in6pcb) 1652 tcp6_quench(tp->t_in6pcb, 0); 1653 #endif 1654 error = 0; 1655 } else if ((error == EHOSTUNREACH || error == ENETDOWN) && 1656 TCPS_HAVERCVDSYN(tp->t_state)) { 1657 tp->t_softerror = error; 1658 error = 0; 1659 } 1660 1661 /* Back out the sequence number advance. */ 1662 if (sack_rxmit) 1663 p->rxmit -= len; 1664 1665 /* Restart the delayed ACK timer, if necessary. */ 1666 if (tp->t_flags & TF_DELACK) 1667 TCP_RESTART_DELACK(tp); 1668 1669 return error; 1670 } 1671 1672 if (packetlen > tp->t_pmtud_mtu_sent) 1673 tp->t_pmtud_mtu_sent = packetlen; 1674 1675 tcps = TCP_STAT_GETREF(); 1676 tcps[TCP_STAT_SNDTOTAL]++; 1677 if (tp->t_flags & TF_DELACK) 1678 tcps[TCP_STAT_DELACK]++; 1679 TCP_STAT_PUTREF(); 1680 1681 /* 1682 * Data sent (as far as we can tell). 1683 * If this advertises a larger window than any other segment, 1684 * then remember the size of the advertised window. 1685 * Any pending ACK has now been sent. 1686 */ 1687 if (win > 0 && SEQ_GT(tp->rcv_nxt+win, tp->rcv_adv)) 1688 tp->rcv_adv = tp->rcv_nxt + win; 1689 tp->last_ack_sent = tp->rcv_nxt; 1690 tp->t_flags &= ~TF_ACKNOW; 1691 TCP_CLEAR_DELACK(tp); 1692 #ifdef DIAGNOSTIC 1693 if (maxburst < 0) 1694 printf("tcp_output: maxburst exceeded by %d\n", -maxburst); 1695 #endif 1696 if (sendalot && (tp->t_congctl == &tcp_reno_ctl || --maxburst)) 1697 goto again; 1698 return 0; 1699 } 1700 1701 void 1702 tcp_setpersist(struct tcpcb *tp) 1703 { 1704 int t = ((tp->t_srtt >> 2) + tp->t_rttvar) >> (1 + 2); 1705 int nticks; 1706 1707 if (TCP_TIMER_ISARMED(tp, TCPT_REXMT)) 1708 panic("tcp_output REXMT"); 1709 /* 1710 * Start/restart persistance timer. 1711 */ 1712 if (t < tp->t_rttmin) 1713 t = tp->t_rttmin; 1714 TCPT_RANGESET(nticks, t * tcp_backoff[tp->t_rxtshift], 1715 TCPTV_PERSMIN, TCPTV_PERSMAX); 1716 TCP_TIMER_ARM(tp, TCPT_PERSIST, nticks); 1717 if (tp->t_rxtshift < TCP_MAXRXTSHIFT) 1718 tp->t_rxtshift++; 1719 } 1720