1 /* $NetBSD: tcp_output.c,v 1.197 2017/08/03 06:32:51 ozaki-r Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 /* 33 * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 34 * 35 * NRL grants permission for redistribution and use in source and binary 36 * forms, with or without modification, of the software and documentation 37 * created at NRL provided that the following conditions are met: 38 * 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. All advertising materials mentioning features or use of this software 45 * must display the following acknowledgements: 46 * This product includes software developed by the University of 47 * California, Berkeley and its contributors. 48 * This product includes software developed at the Information 49 * Technology Division, US Naval Research Laboratory. 50 * 4. Neither the name of the NRL nor the names of its contributors 51 * may be used to endorse or promote products derived from this software 52 * without specific prior written permission. 53 * 54 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 55 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 56 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 57 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 58 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 59 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 60 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 61 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 62 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 63 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 64 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 65 * 66 * The views and conclusions contained in the software and documentation 67 * are those of the authors and should not be interpreted as representing 68 * official policies, either expressed or implied, of the US Naval 69 * Research Laboratory (NRL). 70 */ 71 72 /*- 73 * Copyright (c) 1997, 1998, 2001, 2005, 2006 The NetBSD Foundation, Inc. 74 * All rights reserved. 75 * 76 * This code is derived from software contributed to The NetBSD Foundation 77 * by Jason R. Thorpe and Kevin M. Lahey of the Numerical Aerospace Simulation 78 * Facility, NASA Ames Research Center. 79 * This code is derived from software contributed to The NetBSD Foundation 80 * by Charles M. Hannum. 81 * This code is derived from software contributed to The NetBSD Foundation 82 * by Rui Paulo. 83 * 84 * Redistribution and use in source and binary forms, with or without 85 * modification, are permitted provided that the following conditions 86 * are met: 87 * 1. Redistributions of source code must retain the above copyright 88 * notice, this list of conditions and the following disclaimer. 89 * 2. Redistributions in binary form must reproduce the above copyright 90 * notice, this list of conditions and the following disclaimer in the 91 * documentation and/or other materials provided with the distribution. 92 * 93 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 94 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 95 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 96 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 97 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 98 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 99 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 100 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 101 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 103 * POSSIBILITY OF SUCH DAMAGE. 104 */ 105 106 /* 107 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 108 * The Regents of the University of California. All rights reserved. 109 * 110 * Redistribution and use in source and binary forms, with or without 111 * modification, are permitted provided that the following conditions 112 * are met: 113 * 1. Redistributions of source code must retain the above copyright 114 * notice, this list of conditions and the following disclaimer. 115 * 2. Redistributions in binary form must reproduce the above copyright 116 * notice, this list of conditions and the following disclaimer in the 117 * documentation and/or other materials provided with the distribution. 118 * 3. Neither the name of the University nor the names of its contributors 119 * may be used to endorse or promote products derived from this software 120 * without specific prior written permission. 121 * 122 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 123 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 124 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 125 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 126 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 127 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 128 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 129 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 130 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 131 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 132 * SUCH DAMAGE. 133 * 134 * @(#)tcp_output.c 8.4 (Berkeley) 5/24/95 135 */ 136 137 #include <sys/cdefs.h> 138 __KERNEL_RCSID(0, "$NetBSD: tcp_output.c,v 1.197 2017/08/03 06:32:51 ozaki-r Exp $"); 139 140 #ifdef _KERNEL_OPT 141 #include "opt_inet.h" 142 #include "opt_ipsec.h" 143 #include "opt_tcp_debug.h" 144 #endif 145 146 #include <sys/param.h> 147 #include <sys/systm.h> 148 #include <sys/mbuf.h> 149 #include <sys/protosw.h> 150 #include <sys/socket.h> 151 #include <sys/socketvar.h> 152 #include <sys/errno.h> 153 #include <sys/domain.h> 154 #include <sys/kernel.h> 155 #ifdef TCP_SIGNATURE 156 #include <sys/md5.h> 157 #endif 158 159 #include <net/if.h> 160 #include <net/route.h> 161 162 #include <netinet/in.h> 163 #include <netinet/in_systm.h> 164 #include <netinet/ip.h> 165 #include <netinet/in_pcb.h> 166 #include <netinet/ip_var.h> 167 168 #ifdef INET6 169 #ifndef INET 170 #include <netinet/in.h> 171 #endif 172 #include <netinet/ip6.h> 173 #include <netinet6/in6_var.h> 174 #include <netinet6/ip6_var.h> 175 #include <netinet6/in6_pcb.h> 176 #include <netinet6/nd6.h> 177 #endif 178 179 #ifdef IPSEC 180 #include <netipsec/ipsec.h> 181 #include <netipsec/key.h> 182 #ifdef INET6 183 #include <netipsec/ipsec6.h> 184 #endif 185 #endif /* IPSEC*/ 186 187 #include <netinet/tcp.h> 188 #define TCPOUTFLAGS 189 #include <netinet/tcp_fsm.h> 190 #include <netinet/tcp_seq.h> 191 #include <netinet/tcp_timer.h> 192 #include <netinet/tcp_var.h> 193 #include <netinet/tcp_private.h> 194 #include <netinet/tcp_congctl.h> 195 #include <netinet/tcpip.h> 196 #include <netinet/tcp_debug.h> 197 #include <netinet/in_offload.h> 198 #include <netinet6/in6_offload.h> 199 200 #ifdef notyet 201 extern struct mbuf *m_copypack(); 202 #endif 203 204 /* 205 * Knob to enable Congestion Window Monitoring, and control 206 * the burst size it allows. Default burst is 4 packets, per 207 * the Internet draft. 208 */ 209 int tcp_cwm = 0; 210 int tcp_cwm_burstsize = 4; 211 212 int tcp_do_autosndbuf = 1; 213 int tcp_autosndbuf_inc = 8 * 1024; 214 int tcp_autosndbuf_max = 256 * 1024; 215 216 #ifdef TCP_OUTPUT_COUNTERS 217 #include <sys/device.h> 218 219 extern struct evcnt tcp_output_bigheader; 220 extern struct evcnt tcp_output_predict_hit; 221 extern struct evcnt tcp_output_predict_miss; 222 extern struct evcnt tcp_output_copysmall; 223 extern struct evcnt tcp_output_copybig; 224 extern struct evcnt tcp_output_refbig; 225 226 #define TCP_OUTPUT_COUNTER_INCR(ev) (ev)->ev_count++ 227 #else 228 229 #define TCP_OUTPUT_COUNTER_INCR(ev) /* nothing */ 230 231 #endif /* TCP_OUTPUT_COUNTERS */ 232 233 static 234 #ifndef GPROF 235 inline 236 #endif 237 int 238 tcp_segsize(struct tcpcb *tp, int *txsegsizep, int *rxsegsizep, 239 bool *alwaysfragp) 240 { 241 #ifdef INET 242 struct inpcb *inp = tp->t_inpcb; 243 #endif 244 #ifdef INET6 245 struct in6pcb *in6p = tp->t_in6pcb; 246 #endif 247 struct socket *so = NULL; 248 struct rtentry *rt; 249 struct ifnet *ifp; 250 int size; 251 int hdrlen; 252 int optlen; 253 254 *alwaysfragp = false; 255 256 #ifdef DIAGNOSTIC 257 if (tp->t_inpcb && tp->t_in6pcb) 258 panic("tcp_segsize: both t_inpcb and t_in6pcb are set"); 259 #endif 260 switch (tp->t_family) { 261 #ifdef INET 262 case AF_INET: 263 hdrlen = sizeof(struct ip) + sizeof(struct tcphdr); 264 break; 265 #endif 266 #ifdef INET6 267 case AF_INET6: 268 hdrlen = sizeof(struct ip6_hdr) + sizeof(struct tcphdr); 269 break; 270 #endif 271 default: 272 size = tcp_mssdflt; 273 goto out; 274 } 275 276 rt = NULL; 277 #ifdef INET 278 if (inp) { 279 rt = in_pcbrtentry(inp); 280 so = inp->inp_socket; 281 } 282 #endif 283 #ifdef INET6 284 if (in6p) { 285 rt = in6_pcbrtentry(in6p); 286 so = in6p->in6p_socket; 287 } 288 #endif 289 if (rt == NULL) { 290 size = tcp_mssdflt; 291 goto out; 292 } 293 294 ifp = rt->rt_ifp; 295 296 size = tcp_mssdflt; 297 if (tp->t_mtudisc && rt->rt_rmx.rmx_mtu != 0) { 298 #ifdef INET6 299 if (in6p && rt->rt_rmx.rmx_mtu < IPV6_MMTU) { 300 /* 301 * RFC2460 section 5, last paragraph: if path MTU is 302 * smaller than 1280, use 1280 as packet size and 303 * attach fragment header. 304 */ 305 size = IPV6_MMTU - hdrlen - sizeof(struct ip6_frag); 306 *alwaysfragp = true; 307 } else 308 size = rt->rt_rmx.rmx_mtu - hdrlen; 309 #else 310 size = rt->rt_rmx.rmx_mtu - hdrlen; 311 #endif 312 } else if (ifp->if_flags & IFF_LOOPBACK) 313 size = ifp->if_mtu - hdrlen; 314 #ifdef INET 315 else if (inp && tp->t_mtudisc) 316 size = ifp->if_mtu - hdrlen; 317 else if (inp && in_localaddr(inp->inp_faddr)) 318 size = ifp->if_mtu - hdrlen; 319 #endif 320 #ifdef INET6 321 else if (in6p) { 322 #ifdef INET 323 if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_faddr)) { 324 /* mapped addr case */ 325 struct in_addr d; 326 bcopy(&in6p->in6p_faddr.s6_addr32[3], &d, sizeof(d)); 327 if (tp->t_mtudisc || in_localaddr(d)) 328 size = ifp->if_mtu - hdrlen; 329 } else 330 #endif 331 { 332 /* 333 * for IPv6, path MTU discovery is always turned on, 334 * or the node must use packet size <= 1280. 335 */ 336 size = tp->t_mtudisc ? IN6_LINKMTU(ifp) : IPV6_MMTU; 337 size -= hdrlen; 338 } 339 } 340 #endif 341 #ifdef INET 342 if (inp) 343 in_pcbrtentry_unref(rt, inp); 344 #endif 345 #ifdef INET6 346 if (in6p) 347 in6_pcbrtentry_unref(rt, in6p); 348 #endif 349 out: 350 /* 351 * Now we must make room for whatever extra TCP/IP options are in 352 * the packet. 353 */ 354 optlen = tcp_optlen(tp); 355 356 /* 357 * XXX tp->t_ourmss should have the right size, but without this code 358 * fragmentation will occur... need more investigation 359 */ 360 #ifdef INET 361 if (inp) { 362 #if defined(IPSEC) 363 if (ipsec_used && 364 !ipsec_pcb_skip_ipsec(inp->inp_sp, IPSEC_DIR_OUTBOUND)) 365 optlen += ipsec4_hdrsiz_tcp(tp); 366 #endif 367 optlen += ip_optlen(inp); 368 } 369 #endif 370 #ifdef INET6 371 #ifdef INET 372 if (in6p && tp->t_family == AF_INET) { 373 #if defined(IPSEC) 374 if (ipsec_used && 375 !ipsec_pcb_skip_ipsec(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) 376 optlen += ipsec4_hdrsiz_tcp(tp); 377 #endif 378 /* XXX size -= ip_optlen(in6p); */ 379 } else 380 #endif 381 if (in6p && tp->t_family == AF_INET6) { 382 #if defined(IPSEC) 383 if (ipsec_used && 384 !ipsec_pcb_skip_ipsec(in6p->in6p_sp, IPSEC_DIR_OUTBOUND)) 385 optlen += ipsec6_hdrsiz_tcp(tp); 386 #endif 387 optlen += ip6_optlen(in6p); 388 } 389 #endif 390 size -= optlen; 391 392 /* there may not be any room for data if mtu is too small */ 393 if (size < 0) 394 return (EMSGSIZE); 395 396 /* 397 * *rxsegsizep holds *estimated* inbound segment size (estimation 398 * assumes that path MTU is the same for both ways). this is only 399 * for silly window avoidance, do not use the value for other purposes. 400 * 401 * ipseclen is subtracted from both sides, this may not be right. 402 * I'm not quite sure about this (could someone comment). 403 */ 404 *txsegsizep = min(tp->t_peermss - optlen, size); 405 /* 406 * Never send more than half a buffer full. This insures that we can 407 * always keep 2 packets on the wire, no matter what SO_SNDBUF is, and 408 * therefore acks will never be delayed unless we run out of data to 409 * transmit. 410 */ 411 if (so) 412 *txsegsizep = min(so->so_snd.sb_hiwat >> 1, *txsegsizep); 413 *rxsegsizep = min(tp->t_ourmss - optlen, size); 414 415 if (*txsegsizep != tp->t_segsz) { 416 /* 417 * If the new segment size is larger, we don't want to 418 * mess up the congestion window, but if it is smaller 419 * we'll have to reduce the congestion window to ensure 420 * that we don't get into trouble with initial windows 421 * and the rest. In any case, if the segment size 422 * has changed, chances are the path has, too, and 423 * our congestion window will be different. 424 */ 425 if (*txsegsizep < tp->t_segsz) { 426 tp->snd_cwnd = max((tp->snd_cwnd / tp->t_segsz) 427 * *txsegsizep, *txsegsizep); 428 tp->snd_ssthresh = max((tp->snd_ssthresh / tp->t_segsz) 429 * *txsegsizep, *txsegsizep); 430 } 431 tp->t_segsz = *txsegsizep; 432 } 433 434 return (0); 435 } 436 437 static 438 #ifndef GPROF 439 inline 440 #endif 441 int 442 tcp_build_datapkt(struct tcpcb *tp, struct socket *so, int off, 443 long len, int hdrlen, struct mbuf **mp) 444 { 445 struct mbuf *m, *m0; 446 uint64_t *tcps; 447 448 tcps = TCP_STAT_GETREF(); 449 if (tp->t_force && len == 1) 450 tcps[TCP_STAT_SNDPROBE]++; 451 else if (SEQ_LT(tp->snd_nxt, tp->snd_max)) { 452 tp->t_sndrexmitpack++; 453 tcps[TCP_STAT_SNDREXMITPACK]++; 454 tcps[TCP_STAT_SNDREXMITBYTE] += len; 455 } else { 456 tcps[TCP_STAT_SNDPACK]++; 457 tcps[TCP_STAT_SNDBYTE] += len; 458 } 459 TCP_STAT_PUTREF(); 460 #ifdef notyet 461 if ((m = m_copypack(so->so_snd.sb_mb, off, 462 (int)len, max_linkhdr + hdrlen)) == 0) 463 return (ENOBUFS); 464 /* 465 * m_copypack left space for our hdr; use it. 466 */ 467 m->m_len += hdrlen; 468 m->m_data -= hdrlen; 469 #else 470 MGETHDR(m, M_DONTWAIT, MT_HEADER); 471 if (__predict_false(m == NULL)) 472 return (ENOBUFS); 473 MCLAIM(m, &tcp_tx_mowner); 474 475 /* 476 * XXX Because other code assumes headers will fit in 477 * XXX one header mbuf. 478 * 479 * (This code should almost *never* be run.) 480 */ 481 if (__predict_false((max_linkhdr + hdrlen) > MHLEN)) { 482 TCP_OUTPUT_COUNTER_INCR(&tcp_output_bigheader); 483 MCLGET(m, M_DONTWAIT); 484 if ((m->m_flags & M_EXT) == 0) { 485 m_freem(m); 486 return (ENOBUFS); 487 } 488 } 489 490 m->m_data += max_linkhdr; 491 m->m_len = hdrlen; 492 493 /* 494 * To avoid traversing the whole sb_mb chain for correct 495 * data to send, remember last sent mbuf, its offset and 496 * the sent size. When called the next time, see if the 497 * data to send is directly following the previous transfer. 498 * This is important for large TCP windows. 499 */ 500 if (off == 0 || tp->t_lastm == NULL || 501 (tp->t_lastoff + tp->t_lastlen) != off) { 502 TCP_OUTPUT_COUNTER_INCR(&tcp_output_predict_miss); 503 /* 504 * Either a new packet or a retransmit. 505 * Start from the beginning. 506 */ 507 tp->t_lastm = so->so_snd.sb_mb; 508 tp->t_inoff = off; 509 } else { 510 TCP_OUTPUT_COUNTER_INCR(&tcp_output_predict_hit); 511 tp->t_inoff += tp->t_lastlen; 512 } 513 514 /* Traverse forward to next packet */ 515 while (tp->t_inoff > 0) { 516 if (tp->t_lastm == NULL) 517 panic("tp->t_lastm == NULL"); 518 if (tp->t_inoff < tp->t_lastm->m_len) 519 break; 520 tp->t_inoff -= tp->t_lastm->m_len; 521 tp->t_lastm = tp->t_lastm->m_next; 522 } 523 524 tp->t_lastoff = off; 525 tp->t_lastlen = len; 526 m0 = tp->t_lastm; 527 off = tp->t_inoff; 528 529 if (len <= M_TRAILINGSPACE(m)) { 530 m_copydata(m0, off, (int) len, mtod(m, char *) + hdrlen); 531 m->m_len += len; 532 TCP_OUTPUT_COUNTER_INCR(&tcp_output_copysmall); 533 } else { 534 m->m_next = m_copym(m0, off, (int) len, M_DONTWAIT); 535 if (m->m_next == NULL) { 536 m_freem(m); 537 return (ENOBUFS); 538 } 539 #ifdef TCP_OUTPUT_COUNTERS 540 if (m->m_next->m_flags & M_EXT) 541 TCP_OUTPUT_COUNTER_INCR(&tcp_output_refbig); 542 else 543 TCP_OUTPUT_COUNTER_INCR(&tcp_output_copybig); 544 #endif /* TCP_OUTPUT_COUNTERS */ 545 } 546 #endif 547 548 *mp = m; 549 return (0); 550 } 551 552 /* 553 * Tcp output routine: figure out what should be sent and send it. 554 */ 555 int 556 tcp_output(struct tcpcb *tp) 557 { 558 struct rtentry *rt = NULL; 559 struct socket *so; 560 struct route *ro; 561 long len, win; 562 int off, flags, error; 563 struct mbuf *m; 564 struct ip *ip; 565 #ifdef INET6 566 struct ip6_hdr *ip6; 567 #endif 568 struct tcphdr *th; 569 u_char opt[MAX_TCPOPTLEN], *optp; 570 #define OPT_FITS(more) ((optlen + (more)) <= sizeof(opt)) 571 unsigned optlen, hdrlen, packetlen; 572 unsigned int sack_numblks; 573 int idle, sendalot, txsegsize, rxsegsize; 574 int txsegsize_nosack; 575 int maxburst = TCP_MAXBURST; 576 int af; /* address family on the wire */ 577 int iphdrlen; 578 int has_tso4, has_tso6; 579 int has_tso, use_tso; 580 bool alwaysfrag; 581 int sack_rxmit; 582 int sack_bytes_rxmt; 583 int ecn_tos; 584 struct sackhole *p; 585 #ifdef TCP_SIGNATURE 586 int sigoff = 0; 587 #endif 588 uint64_t *tcps; 589 590 #ifdef DIAGNOSTIC 591 if (tp->t_inpcb && tp->t_in6pcb) 592 panic("tcp_output: both t_inpcb and t_in6pcb are set"); 593 #endif 594 so = NULL; 595 ro = NULL; 596 if (tp->t_inpcb) { 597 so = tp->t_inpcb->inp_socket; 598 ro = &tp->t_inpcb->inp_route; 599 } 600 #ifdef INET6 601 else if (tp->t_in6pcb) { 602 so = tp->t_in6pcb->in6p_socket; 603 ro = &tp->t_in6pcb->in6p_route; 604 } 605 #endif 606 607 switch (af = tp->t_family) { 608 #ifdef INET 609 case AF_INET: 610 if (tp->t_inpcb) 611 break; 612 #ifdef INET6 613 /* mapped addr case */ 614 if (tp->t_in6pcb) 615 break; 616 #endif 617 return (EINVAL); 618 #endif 619 #ifdef INET6 620 case AF_INET6: 621 if (tp->t_in6pcb) 622 break; 623 return (EINVAL); 624 #endif 625 default: 626 return (EAFNOSUPPORT); 627 } 628 629 if (tcp_segsize(tp, &txsegsize, &rxsegsize, &alwaysfrag)) 630 return (EMSGSIZE); 631 632 idle = (tp->snd_max == tp->snd_una); 633 634 /* 635 * Determine if we can use TCP segmentation offload: 636 * - If we're using IPv4 637 * - If there is not an IPsec policy that prevents it 638 * - If the interface can do it 639 */ 640 has_tso4 = has_tso6 = false; 641 #if defined(INET) 642 has_tso4 = tp->t_inpcb != NULL && 643 #if defined(IPSEC) 644 (!ipsec_used || ipsec_pcb_skip_ipsec(tp->t_inpcb->inp_sp, 645 IPSEC_DIR_OUTBOUND)) && 646 #endif 647 (rt = rtcache_validate(&tp->t_inpcb->inp_route)) != NULL && 648 (rt->rt_ifp->if_capenable & IFCAP_TSOv4) != 0; 649 if (rt != NULL) { 650 rtcache_unref(rt, &tp->t_inpcb->inp_route); 651 rt = NULL; 652 } 653 #endif /* defined(INET) */ 654 #if defined(INET6) 655 has_tso6 = tp->t_in6pcb != NULL && 656 #if defined(IPSEC) 657 (!ipsec_used || ipsec_pcb_skip_ipsec(tp->t_in6pcb->in6p_sp, 658 IPSEC_DIR_OUTBOUND)) && 659 #endif 660 (rt = rtcache_validate(&tp->t_in6pcb->in6p_route)) != NULL && 661 (rt->rt_ifp->if_capenable & IFCAP_TSOv6) != 0; 662 if (rt != NULL) 663 rtcache_unref(rt, &tp->t_in6pcb->in6p_route); 664 #endif /* defined(INET6) */ 665 has_tso = (has_tso4 || has_tso6) && !alwaysfrag; 666 667 /* 668 * Restart Window computation. From draft-floyd-incr-init-win-03: 669 * 670 * Optionally, a TCP MAY set the restart window to the 671 * minimum of the value used for the initial window and 672 * the current value of cwnd (in other words, using a 673 * larger value for the restart window should never increase 674 * the size of cwnd). 675 */ 676 if (tcp_cwm) { 677 /* 678 * Hughes/Touch/Heidemann Congestion Window Monitoring. 679 * Count the number of packets currently pending 680 * acknowledgement, and limit our congestion window 681 * to a pre-determined allowed burst size plus that count. 682 * This prevents bursting once all pending packets have 683 * been acknowledged (i.e. transmission is idle). 684 * 685 * XXX Link this to Initial Window? 686 */ 687 tp->snd_cwnd = min(tp->snd_cwnd, 688 (tcp_cwm_burstsize * txsegsize) + 689 (tp->snd_nxt - tp->snd_una)); 690 } else { 691 if (idle && (tcp_now - tp->t_rcvtime) >= tp->t_rxtcur) { 692 /* 693 * We have been idle for "a while" and no acks are 694 * expected to clock out any data we send -- 695 * slow start to get ack "clock" running again. 696 */ 697 int ss = tcp_init_win; 698 #ifdef INET 699 if (tp->t_inpcb && 700 in_localaddr(tp->t_inpcb->inp_faddr)) 701 ss = tcp_init_win_local; 702 #endif 703 #ifdef INET6 704 if (tp->t_in6pcb && 705 in6_localaddr(&tp->t_in6pcb->in6p_faddr)) 706 ss = tcp_init_win_local; 707 #endif 708 tp->snd_cwnd = min(tp->snd_cwnd, 709 TCP_INITIAL_WINDOW(ss, txsegsize)); 710 } 711 } 712 713 txsegsize_nosack = txsegsize; 714 again: 715 ecn_tos = 0; 716 use_tso = has_tso; 717 if ((tp->t_flags & (TF_ECN_SND_CWR|TF_ECN_SND_ECE)) != 0) { 718 /* don't duplicate CWR/ECE. */ 719 use_tso = 0; 720 } 721 TCP_REASS_LOCK(tp); 722 sack_numblks = tcp_sack_numblks(tp); 723 if (sack_numblks) { 724 int sackoptlen; 725 726 sackoptlen = TCP_SACK_OPTLEN(sack_numblks); 727 if (sackoptlen > txsegsize_nosack) { 728 sack_numblks = 0; /* give up SACK */ 729 txsegsize = txsegsize_nosack; 730 } else { 731 if ((tp->rcv_sack_flags & TCPSACK_HAVED) != 0) { 732 /* don't duplicate D-SACK. */ 733 use_tso = 0; 734 } 735 txsegsize = txsegsize_nosack - sackoptlen; 736 } 737 } else { 738 txsegsize = txsegsize_nosack; 739 } 740 741 /* 742 * Determine length of data that should be transmitted, and 743 * flags that should be used. If there is some data or critical 744 * controls (SYN, RST) to send, then transmit; otherwise, 745 * investigate further. 746 * 747 * Readjust SACK information to avoid resending duplicate data. 748 */ 749 if (TCP_SACK_ENABLED(tp) && SEQ_LT(tp->snd_nxt, tp->snd_max)) 750 tcp_sack_adjust(tp); 751 sendalot = 0; 752 off = tp->snd_nxt - tp->snd_una; 753 win = min(tp->snd_wnd, tp->snd_cwnd); 754 755 flags = tcp_outflags[tp->t_state]; 756 757 /* 758 * Send any SACK-generated retransmissions. If we're explicitly trying 759 * to send out new data (when sendalot is 1), bypass this function. 760 * If we retransmit in fast recovery mode, decrement snd_cwnd, since 761 * we're replacing a (future) new transmission with a retransmission 762 * now, and we previously incremented snd_cwnd in tcp_input(). 763 */ 764 /* 765 * Still in sack recovery , reset rxmit flag to zero. 766 */ 767 sack_rxmit = 0; 768 sack_bytes_rxmt = 0; 769 len = 0; 770 p = NULL; 771 do { 772 long cwin; 773 if (!TCP_SACK_ENABLED(tp)) 774 break; 775 if (tp->t_partialacks < 0) 776 break; 777 p = tcp_sack_output(tp, &sack_bytes_rxmt); 778 if (p == NULL) 779 break; 780 781 cwin = min(tp->snd_wnd, tp->snd_cwnd) - sack_bytes_rxmt; 782 if (cwin < 0) 783 cwin = 0; 784 /* Do not retransmit SACK segments beyond snd_recover */ 785 if (SEQ_GT(p->end, tp->snd_recover)) { 786 /* 787 * (At least) part of sack hole extends beyond 788 * snd_recover. Check to see if we can rexmit data 789 * for this hole. 790 */ 791 if (SEQ_GEQ(p->rxmit, tp->snd_recover)) { 792 /* 793 * Can't rexmit any more data for this hole. 794 * That data will be rexmitted in the next 795 * sack recovery episode, when snd_recover 796 * moves past p->rxmit. 797 */ 798 p = NULL; 799 break; 800 } 801 /* Can rexmit part of the current hole */ 802 len = ((long)ulmin(cwin, tp->snd_recover - p->rxmit)); 803 } else 804 len = ((long)ulmin(cwin, p->end - p->rxmit)); 805 off = p->rxmit - tp->snd_una; 806 if (off + len > so->so_snd.sb_cc) { 807 /* 1 for TH_FIN */ 808 KASSERT(off + len == so->so_snd.sb_cc + 1); 809 KASSERT(p->rxmit + len == tp->snd_max); 810 len = so->so_snd.sb_cc - off; 811 } 812 if (len > 0) { 813 sack_rxmit = 1; 814 sendalot = 1; 815 } 816 } while (/*CONSTCOND*/0); 817 818 /* 819 * If in persist timeout with window of 0, send 1 byte. 820 * Otherwise, if window is small but nonzero 821 * and timer expired, we will send what we can 822 * and go to transmit state. 823 */ 824 if (tp->t_force) { 825 if (win == 0) { 826 /* 827 * If we still have some data to send, then 828 * clear the FIN bit. Usually this would 829 * happen below when it realizes that we 830 * aren't sending all the data. However, 831 * if we have exactly 1 byte of unset data, 832 * then it won't clear the FIN bit below, 833 * and if we are in persist state, we wind 834 * up sending the packet without recording 835 * that we sent the FIN bit. 836 * 837 * We can't just blindly clear the FIN bit, 838 * because if we don't have any more data 839 * to send then the probe will be the FIN 840 * itself. 841 */ 842 if (off < so->so_snd.sb_cc) 843 flags &= ~TH_FIN; 844 win = 1; 845 } else { 846 TCP_TIMER_DISARM(tp, TCPT_PERSIST); 847 tp->t_rxtshift = 0; 848 } 849 } 850 851 if (sack_rxmit == 0) { 852 if (TCP_SACK_ENABLED(tp) && tp->t_partialacks >= 0) { 853 long cwin; 854 855 /* 856 * We are inside of a SACK recovery episode and are 857 * sending new data, having retransmitted all the 858 * data possible in the scoreboard. 859 */ 860 if (tp->snd_wnd < so->so_snd.sb_cc) { 861 len = tp->snd_wnd - off; 862 flags &= ~TH_FIN; 863 } else { 864 len = so->so_snd.sb_cc - off; 865 } 866 867 /* 868 * From FreeBSD: 869 * Don't remove this (len > 0) check ! 870 * We explicitly check for len > 0 here (although it 871 * isn't really necessary), to work around a gcc 872 * optimization issue - to force gcc to compute 873 * len above. Without this check, the computation 874 * of len is bungled by the optimizer. 875 */ 876 if (len > 0) { 877 cwin = tp->snd_cwnd - 878 (tp->snd_nxt - tp->sack_newdata) - 879 sack_bytes_rxmt; 880 if (cwin < 0) 881 cwin = 0; 882 if (cwin < len) { 883 len = cwin; 884 flags &= ~TH_FIN; 885 } 886 } 887 } else if (win < so->so_snd.sb_cc) { 888 len = win - off; 889 flags &= ~TH_FIN; 890 } else { 891 len = so->so_snd.sb_cc - off; 892 } 893 } 894 895 if (len < 0) { 896 /* 897 * If FIN has been sent but not acked, 898 * but we haven't been called to retransmit, 899 * len will be -1. Otherwise, window shrank 900 * after we sent into it. If window shrank to 0, 901 * cancel pending retransmit, pull snd_nxt back 902 * to (closed) window, and set the persist timer 903 * if it isn't already going. If the window didn't 904 * close completely, just wait for an ACK. 905 * 906 * If we have a pending FIN, either it has already been 907 * transmitted or it is outside the window, so drop it. 908 * If the FIN has been transmitted, but this is not a 909 * retransmission, then len must be -1. Therefore we also 910 * prevent here the sending of `gratuitous FINs'. This 911 * eliminates the need to check for that case below (e.g. 912 * to back up snd_nxt before the FIN so that the sequence 913 * number is correct). 914 */ 915 len = 0; 916 flags &= ~TH_FIN; 917 if (win == 0) { 918 TCP_TIMER_DISARM(tp, TCPT_REXMT); 919 tp->t_rxtshift = 0; 920 tp->snd_nxt = tp->snd_una; 921 if (TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) 922 tcp_setpersist(tp); 923 } 924 } 925 926 /* 927 * Automatic sizing enables the performance of large buffers 928 * and most of the efficiency of small ones by only allocating 929 * space when it is needed. 930 * 931 * The criteria to step up the send buffer one notch are: 932 * 1. receive window of remote host is larger than send buffer 933 * (with a fudge factor of 5/4th); 934 * 2. send buffer is filled to 7/8th with data (so we actually 935 * have data to make use of it); 936 * 3. send buffer fill has not hit maximal automatic size; 937 * 4. our send window (slow start and cogestion controlled) is 938 * larger than sent but unacknowledged data in send buffer. 939 * 940 * The remote host receive window scaling factor may limit the 941 * growing of the send buffer before it reaches its allowed 942 * maximum. 943 * 944 * It scales directly with slow start or congestion window 945 * and does at most one step per received ACK. This fast 946 * scaling has the drawback of growing the send buffer beyond 947 * what is strictly necessary to make full use of a given 948 * delay*bandwith product. However testing has shown this not 949 * to be much of an problem. At worst we are trading wasting 950 * of available bandwith (the non-use of it) for wasting some 951 * socket buffer memory. 952 * 953 * TODO: Shrink send buffer during idle periods together 954 * with congestion window. Requires another timer. 955 */ 956 if (tcp_do_autosndbuf && so->so_snd.sb_flags & SB_AUTOSIZE) { 957 if ((tp->snd_wnd / 4 * 5) >= so->so_snd.sb_hiwat && 958 so->so_snd.sb_cc >= (so->so_snd.sb_hiwat / 8 * 7) && 959 so->so_snd.sb_cc < tcp_autosndbuf_max && 960 win >= (so->so_snd.sb_cc - (tp->snd_nxt - tp->snd_una))) { 961 if (!sbreserve(&so->so_snd, 962 min(so->so_snd.sb_hiwat + tcp_autosndbuf_inc, 963 tcp_autosndbuf_max), so)) 964 so->so_snd.sb_flags &= ~SB_AUTOSIZE; 965 } 966 } 967 968 if (len > txsegsize) { 969 if (use_tso) { 970 /* 971 * Truncate TSO transfers to IP_MAXPACKET, and make 972 * sure that we send equal size transfers down the 973 * stack (rather than big-small-big-small-...). 974 */ 975 #ifdef INET6 976 CTASSERT(IPV6_MAXPACKET == IP_MAXPACKET); 977 #endif 978 len = (min(len, IP_MAXPACKET) / txsegsize) * txsegsize; 979 if (len <= txsegsize) { 980 use_tso = 0; 981 } 982 } else 983 len = txsegsize; 984 flags &= ~TH_FIN; 985 sendalot = 1; 986 } else 987 use_tso = 0; 988 if (sack_rxmit) { 989 if (SEQ_LT(p->rxmit + len, tp->snd_una + so->so_snd.sb_cc)) 990 flags &= ~TH_FIN; 991 } 992 993 win = sbspace(&so->so_rcv); 994 995 /* 996 * Sender silly window avoidance. If connection is idle 997 * and can send all data, a maximum segment, 998 * at least a maximum default-size segment do it, 999 * or are forced, do it; otherwise don't bother. 1000 * If peer's buffer is tiny, then send 1001 * when window is at least half open. 1002 * If retransmitting (possibly after persist timer forced us 1003 * to send into a small window), then must resend. 1004 */ 1005 if (len) { 1006 if (len >= txsegsize) 1007 goto send; 1008 if ((so->so_state & SS_MORETOCOME) == 0 && 1009 ((idle || tp->t_flags & TF_NODELAY) && 1010 len + off >= so->so_snd.sb_cc)) 1011 goto send; 1012 if (tp->t_force) 1013 goto send; 1014 if (len >= tp->max_sndwnd / 2) 1015 goto send; 1016 if (SEQ_LT(tp->snd_nxt, tp->snd_max)) 1017 goto send; 1018 if (sack_rxmit) 1019 goto send; 1020 } 1021 1022 /* 1023 * Compare available window to amount of window known to peer 1024 * (as advertised window less next expected input). If the 1025 * difference is at least twice the size of the largest segment 1026 * we expect to receive (i.e. two segments) or at least 50% of 1027 * the maximum possible window, then want to send a window update 1028 * to peer. 1029 */ 1030 if (win > 0) { 1031 /* 1032 * "adv" is the amount we can increase the window, 1033 * taking into account that we are limited by 1034 * TCP_MAXWIN << tp->rcv_scale. 1035 */ 1036 long adv = min(win, (long)TCP_MAXWIN << tp->rcv_scale) - 1037 (tp->rcv_adv - tp->rcv_nxt); 1038 1039 /* 1040 * If the new window size ends up being the same as the old 1041 * size when it is scaled, then don't force a window update. 1042 */ 1043 if ((tp->rcv_adv - tp->rcv_nxt) >> tp->rcv_scale == 1044 (adv + tp->rcv_adv - tp->rcv_nxt) >> tp->rcv_scale) 1045 goto dontupdate; 1046 if (adv >= (long) (2 * rxsegsize)) 1047 goto send; 1048 if (2 * adv >= (long) so->so_rcv.sb_hiwat) 1049 goto send; 1050 } 1051 dontupdate: 1052 1053 /* 1054 * Send if we owe peer an ACK. 1055 */ 1056 if (tp->t_flags & TF_ACKNOW) 1057 goto send; 1058 if (flags & (TH_SYN|TH_FIN|TH_RST)) 1059 goto send; 1060 if (SEQ_GT(tp->snd_up, tp->snd_una)) 1061 goto send; 1062 /* 1063 * In SACK, it is possible for tcp_output to fail to send a segment 1064 * after the retransmission timer has been turned off. Make sure 1065 * that the retransmission timer is set. 1066 */ 1067 if (TCP_SACK_ENABLED(tp) && SEQ_GT(tp->snd_max, tp->snd_una) && 1068 !TCP_TIMER_ISARMED(tp, TCPT_REXMT) && 1069 !TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) { 1070 TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur); 1071 goto just_return; 1072 } 1073 1074 /* 1075 * TCP window updates are not reliable, rather a polling protocol 1076 * using ``persist'' packets is used to insure receipt of window 1077 * updates. The three ``states'' for the output side are: 1078 * idle not doing retransmits or persists 1079 * persisting to move a small or zero window 1080 * (re)transmitting and thereby not persisting 1081 * 1082 * tp->t_timer[TCPT_PERSIST] 1083 * is set when we are in persist state. 1084 * tp->t_force 1085 * is set when we are called to send a persist packet. 1086 * tp->t_timer[TCPT_REXMT] 1087 * is set when we are retransmitting 1088 * The output side is idle when both timers are zero. 1089 * 1090 * If send window is too small, there is data to transmit, and no 1091 * retransmit or persist is pending, then go to persist state. 1092 * If nothing happens soon, send when timer expires: 1093 * if window is nonzero, transmit what we can, 1094 * otherwise force out a byte. 1095 */ 1096 if (so->so_snd.sb_cc && TCP_TIMER_ISARMED(tp, TCPT_REXMT) == 0 && 1097 TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) { 1098 tp->t_rxtshift = 0; 1099 tcp_setpersist(tp); 1100 } 1101 1102 /* 1103 * No reason to send a segment, just return. 1104 */ 1105 just_return: 1106 TCP_REASS_UNLOCK(tp); 1107 return (0); 1108 1109 send: 1110 /* 1111 * Before ESTABLISHED, force sending of initial options 1112 * unless TCP set not to do any options. 1113 * NOTE: we assume that the IP/TCP header plus TCP options 1114 * always fit in a single mbuf, leaving room for a maximum 1115 * link header, i.e. 1116 * max_linkhdr + sizeof (struct tcpiphdr) + optlen <= MCLBYTES 1117 */ 1118 optlen = 0; 1119 optp = opt; 1120 switch (af) { 1121 #ifdef INET 1122 case AF_INET: 1123 iphdrlen = sizeof(struct ip) + sizeof(struct tcphdr); 1124 break; 1125 #endif 1126 #ifdef INET6 1127 case AF_INET6: 1128 iphdrlen = sizeof(struct ip6_hdr) + sizeof(struct tcphdr); 1129 break; 1130 #endif 1131 default: /*pacify gcc*/ 1132 iphdrlen = 0; 1133 break; 1134 } 1135 hdrlen = iphdrlen; 1136 if (flags & TH_SYN) { 1137 struct rtentry *synrt; 1138 1139 synrt = NULL; 1140 #ifdef INET 1141 if (tp->t_inpcb) 1142 synrt = in_pcbrtentry(tp->t_inpcb); 1143 #endif 1144 #ifdef INET6 1145 if (tp->t_in6pcb) 1146 synrt = in6_pcbrtentry(tp->t_in6pcb); 1147 #endif 1148 1149 tp->snd_nxt = tp->iss; 1150 tp->t_ourmss = tcp_mss_to_advertise(synrt != NULL ? 1151 synrt->rt_ifp : NULL, af); 1152 #ifdef INET 1153 if (tp->t_inpcb) 1154 in_pcbrtentry_unref(synrt, tp->t_inpcb); 1155 #endif 1156 #ifdef INET6 1157 if (tp->t_in6pcb) 1158 in6_pcbrtentry_unref(synrt, tp->t_in6pcb); 1159 #endif 1160 if ((tp->t_flags & TF_NOOPT) == 0 && OPT_FITS(TCPOLEN_MAXSEG)) { 1161 *optp++ = TCPOPT_MAXSEG; 1162 *optp++ = TCPOLEN_MAXSEG; 1163 *optp++ = (tp->t_ourmss >> 8) & 0xff; 1164 *optp++ = tp->t_ourmss & 0xff; 1165 optlen += TCPOLEN_MAXSEG; 1166 1167 if ((tp->t_flags & TF_REQ_SCALE) && 1168 ((flags & TH_ACK) == 0 || 1169 (tp->t_flags & TF_RCVD_SCALE)) && 1170 OPT_FITS(TCPOLEN_WINDOW + TCPOLEN_NOP)) { 1171 *((uint32_t *)optp) = htonl( 1172 TCPOPT_NOP << 24 | 1173 TCPOPT_WINDOW << 16 | 1174 TCPOLEN_WINDOW << 8 | 1175 tp->request_r_scale); 1176 optp += TCPOLEN_WINDOW + TCPOLEN_NOP; 1177 optlen += TCPOLEN_WINDOW + TCPOLEN_NOP; 1178 } 1179 if (tcp_do_sack && OPT_FITS(TCPOLEN_SACK_PERMITTED)) { 1180 *optp++ = TCPOPT_SACK_PERMITTED; 1181 *optp++ = TCPOLEN_SACK_PERMITTED; 1182 optlen += TCPOLEN_SACK_PERMITTED; 1183 } 1184 } 1185 } 1186 1187 /* 1188 * Send a timestamp and echo-reply if this is a SYN and our side 1189 * wants to use timestamps (TF_REQ_TSTMP is set) or both our side 1190 * and our peer have sent timestamps in our SYN's. 1191 */ 1192 if ((tp->t_flags & (TF_REQ_TSTMP|TF_NOOPT)) == TF_REQ_TSTMP && 1193 (flags & TH_RST) == 0 && 1194 ((flags & (TH_SYN|TH_ACK)) == TH_SYN || 1195 (tp->t_flags & TF_RCVD_TSTMP))) { 1196 int alen = 0; 1197 while (optlen % 4 != 2) { 1198 optlen += TCPOLEN_NOP; 1199 *optp++ = TCPOPT_NOP; 1200 alen++; 1201 } 1202 if (OPT_FITS(TCPOLEN_TIMESTAMP)) { 1203 *optp++ = TCPOPT_TIMESTAMP; 1204 *optp++ = TCPOLEN_TIMESTAMP; 1205 uint32_t *lp = (uint32_t *)optp; 1206 /* Form timestamp option (appendix A of RFC 1323) */ 1207 *lp++ = htonl(TCP_TIMESTAMP(tp)); 1208 *lp = htonl(tp->ts_recent); 1209 optp += TCPOLEN_TIMESTAMP - 2; 1210 optlen += TCPOLEN_TIMESTAMP; 1211 1212 /* Set receive buffer autosizing timestamp. */ 1213 if (tp->rfbuf_ts == 0 && 1214 (so->so_rcv.sb_flags & SB_AUTOSIZE)) 1215 tp->rfbuf_ts = TCP_TIMESTAMP(tp); 1216 } else { 1217 optp -= alen; 1218 optlen -= alen; 1219 } 1220 } 1221 1222 #ifdef TCP_SIGNATURE 1223 if (tp->t_flags & TF_SIGNATURE) { 1224 /* 1225 * Initialize TCP-MD5 option (RFC2385) 1226 */ 1227 if (!OPT_FITS(TCPOLEN_SIGNATURE)) 1228 goto reset; 1229 1230 *optp++ = TCPOPT_SIGNATURE; 1231 *optp++ = TCPOLEN_SIGNATURE; 1232 sigoff = optlen + 2; 1233 memset(optp, 0, TCP_SIGLEN); 1234 optlen += TCPOLEN_SIGNATURE; 1235 optp += TCP_SIGLEN; 1236 } 1237 #endif /* TCP_SIGNATURE */ 1238 1239 /* 1240 * Tack on the SACK block if it is necessary. 1241 */ 1242 if (sack_numblks) { 1243 int alen = 0; 1244 int sack_len = sack_numblks * 8; 1245 while (optlen % 4 != 2) { 1246 optlen += TCPOLEN_NOP; 1247 *optp++ = TCPOPT_NOP; 1248 alen++; 1249 } 1250 if (OPT_FITS(sack_len + 2)) { 1251 struct ipqent *tiqe; 1252 *optp++ = TCPOPT_SACK; 1253 *optp++ = sack_len + 2; 1254 uint32_t *lp = (uint32_t *)optp; 1255 if ((tp->rcv_sack_flags & TCPSACK_HAVED) != 0) { 1256 sack_numblks--; 1257 *lp++ = htonl(tp->rcv_dsack_block.left); 1258 *lp++ = htonl(tp->rcv_dsack_block.right); 1259 tp->rcv_sack_flags &= ~TCPSACK_HAVED; 1260 } 1261 for (tiqe = TAILQ_FIRST(&tp->timeq); 1262 sack_numblks > 0; 1263 tiqe = TAILQ_NEXT(tiqe, ipqe_timeq)) { 1264 KASSERT(tiqe != NULL); 1265 sack_numblks--; 1266 *lp++ = htonl(tiqe->ipqe_seq); 1267 *lp++ = htonl(tiqe->ipqe_seq + tiqe->ipqe_len + 1268 ((tiqe->ipqe_flags & TH_FIN) != 0 ? 1 : 0)); 1269 } 1270 optlen += sack_len + 2; 1271 optp += sack_len; 1272 } else { 1273 optp -= alen; 1274 optlen -= alen; 1275 } 1276 } 1277 1278 /* Terminate and pad TCP options to a 4 byte boundary. */ 1279 if (optlen % 4) { 1280 if (!OPT_FITS(TCPOLEN_EOL)) { 1281 reset: TCP_REASS_UNLOCK(tp); 1282 error = ECONNABORTED; 1283 goto out; 1284 } 1285 optlen += TCPOLEN_EOL; 1286 *optp++ = TCPOPT_EOL; 1287 } 1288 /* 1289 * According to RFC 793 (STD0007): 1290 * "The content of the header beyond the End-of-Option option 1291 * must be header padding (i.e., zero)." 1292 * and later: "The padding is composed of zeros." 1293 */ 1294 while (optlen % 4) { 1295 if (!OPT_FITS(TCPOLEN_PAD)) 1296 goto reset; 1297 optlen += TCPOLEN_PAD; 1298 *optp++ = TCPOPT_PAD; 1299 } 1300 1301 TCP_REASS_UNLOCK(tp); 1302 1303 hdrlen += optlen; 1304 1305 #ifdef DIAGNOSTIC 1306 if (!use_tso && len > txsegsize) 1307 panic("tcp data to be sent is larger than segment"); 1308 else if (use_tso && len > IP_MAXPACKET) 1309 panic("tcp data to be sent is larger than max TSO size"); 1310 if (max_linkhdr + hdrlen > MCLBYTES) 1311 panic("tcphdr too big"); 1312 #endif 1313 1314 /* 1315 * Grab a header mbuf, attaching a copy of data to 1316 * be transmitted, and initialize the header from 1317 * the template for sends on this connection. 1318 */ 1319 if (len) { 1320 error = tcp_build_datapkt(tp, so, off, len, hdrlen, &m); 1321 if (error) 1322 goto out; 1323 /* 1324 * If we're sending everything we've got, set PUSH. 1325 * (This will keep happy those implementations which only 1326 * give data to the user when a buffer fills or 1327 * a PUSH comes in.) 1328 */ 1329 if (off + len == so->so_snd.sb_cc) 1330 flags |= TH_PUSH; 1331 } else { 1332 tcps = TCP_STAT_GETREF(); 1333 if (tp->t_flags & TF_ACKNOW) 1334 tcps[TCP_STAT_SNDACKS]++; 1335 else if (flags & (TH_SYN|TH_FIN|TH_RST)) 1336 tcps[TCP_STAT_SNDCTRL]++; 1337 else if (SEQ_GT(tp->snd_up, tp->snd_una)) 1338 tcps[TCP_STAT_SNDURG]++; 1339 else 1340 tcps[TCP_STAT_SNDWINUP]++; 1341 TCP_STAT_PUTREF(); 1342 1343 MGETHDR(m, M_DONTWAIT, MT_HEADER); 1344 if (m != NULL && max_linkhdr + hdrlen > MHLEN) { 1345 MCLGET(m, M_DONTWAIT); 1346 if ((m->m_flags & M_EXT) == 0) { 1347 m_freem(m); 1348 m = NULL; 1349 } 1350 } 1351 if (m == NULL) { 1352 error = ENOBUFS; 1353 goto out; 1354 } 1355 MCLAIM(m, &tcp_tx_mowner); 1356 m->m_data += max_linkhdr; 1357 m->m_len = hdrlen; 1358 } 1359 m_reset_rcvif(m); 1360 switch (af) { 1361 #ifdef INET 1362 case AF_INET: 1363 ip = mtod(m, struct ip *); 1364 #ifdef INET6 1365 ip6 = NULL; 1366 #endif 1367 th = (struct tcphdr *)(ip + 1); 1368 break; 1369 #endif 1370 #ifdef INET6 1371 case AF_INET6: 1372 ip = NULL; 1373 ip6 = mtod(m, struct ip6_hdr *); 1374 th = (struct tcphdr *)(ip6 + 1); 1375 break; 1376 #endif 1377 default: /*pacify gcc*/ 1378 ip = NULL; 1379 #ifdef INET6 1380 ip6 = NULL; 1381 #endif 1382 th = NULL; 1383 break; 1384 } 1385 if (tp->t_template == 0) 1386 panic("tcp_output"); 1387 if (tp->t_template->m_len < iphdrlen) 1388 panic("tcp_output"); 1389 bcopy(mtod(tp->t_template, void *), mtod(m, void *), iphdrlen); 1390 1391 /* 1392 * If we are starting a connection, send ECN setup 1393 * SYN packet. If we are on a retransmit, we may 1394 * resend those bits a number of times as per 1395 * RFC 3168. 1396 */ 1397 if (tp->t_state == TCPS_SYN_SENT && tcp_do_ecn) { 1398 if (tp->t_flags & TF_SYN_REXMT) { 1399 if (tp->t_ecn_retries--) 1400 flags |= TH_ECE|TH_CWR; 1401 } else { 1402 flags |= TH_ECE|TH_CWR; 1403 tp->t_ecn_retries = tcp_ecn_maxretries; 1404 } 1405 } 1406 1407 if (TCP_ECN_ALLOWED(tp)) { 1408 /* 1409 * If the peer has ECN, mark data packets 1410 * ECN capable. Ignore pure ack packets, retransmissions 1411 * and window probes. 1412 */ 1413 if (len > 0 && SEQ_GEQ(tp->snd_nxt, tp->snd_max) && 1414 !(tp->t_force && len == 1)) { 1415 ecn_tos = IPTOS_ECN_ECT0; 1416 TCP_STATINC(TCP_STAT_ECN_ECT); 1417 } 1418 1419 /* 1420 * Reply with proper ECN notifications. 1421 */ 1422 if (tp->t_flags & TF_ECN_SND_CWR) { 1423 flags |= TH_CWR; 1424 tp->t_flags &= ~TF_ECN_SND_CWR; 1425 } 1426 if (tp->t_flags & TF_ECN_SND_ECE) { 1427 flags |= TH_ECE; 1428 } 1429 } 1430 1431 1432 /* 1433 * If we are doing retransmissions, then snd_nxt will 1434 * not reflect the first unsent octet. For ACK only 1435 * packets, we do not want the sequence number of the 1436 * retransmitted packet, we want the sequence number 1437 * of the next unsent octet. So, if there is no data 1438 * (and no SYN or FIN), use snd_max instead of snd_nxt 1439 * when filling in ti_seq. But if we are in persist 1440 * state, snd_max might reflect one byte beyond the 1441 * right edge of the window, so use snd_nxt in that 1442 * case, since we know we aren't doing a retransmission. 1443 * (retransmit and persist are mutually exclusive...) 1444 */ 1445 if (TCP_SACK_ENABLED(tp) && sack_rxmit) { 1446 th->th_seq = htonl(p->rxmit); 1447 p->rxmit += len; 1448 } else { 1449 if (len || (flags & (TH_SYN|TH_FIN)) || 1450 TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) 1451 th->th_seq = htonl(tp->snd_nxt); 1452 else 1453 th->th_seq = htonl(tp->snd_max); 1454 } 1455 th->th_ack = htonl(tp->rcv_nxt); 1456 if (optlen) { 1457 bcopy((void *)opt, (void *)(th + 1), optlen); 1458 th->th_off = (sizeof (struct tcphdr) + optlen) >> 2; 1459 } 1460 th->th_flags = flags; 1461 /* 1462 * Calculate receive window. Don't shrink window, 1463 * but avoid silly window syndrome. 1464 */ 1465 if (win < (long)(so->so_rcv.sb_hiwat / 4) && win < (long)rxsegsize) 1466 win = 0; 1467 if (win > (long)TCP_MAXWIN << tp->rcv_scale) 1468 win = (long)TCP_MAXWIN << tp->rcv_scale; 1469 if (win < (long)(int32_t)(tp->rcv_adv - tp->rcv_nxt)) 1470 win = (long)(int32_t)(tp->rcv_adv - tp->rcv_nxt); 1471 th->th_win = htons((u_int16_t) (win>>tp->rcv_scale)); 1472 if (th->th_win == 0) { 1473 tp->t_sndzerowin++; 1474 } 1475 if (SEQ_GT(tp->snd_up, tp->snd_nxt)) { 1476 u_int32_t urp = tp->snd_up - tp->snd_nxt; 1477 if (urp > IP_MAXPACKET) 1478 urp = IP_MAXPACKET; 1479 th->th_urp = htons((u_int16_t)urp); 1480 th->th_flags |= TH_URG; 1481 } else 1482 /* 1483 * If no urgent pointer to send, then we pull 1484 * the urgent pointer to the left edge of the send window 1485 * so that it doesn't drift into the send window on sequence 1486 * number wraparound. 1487 */ 1488 tp->snd_up = tp->snd_una; /* drag it along */ 1489 1490 #ifdef TCP_SIGNATURE 1491 if (sigoff && (tp->t_flags & TF_SIGNATURE)) { 1492 struct secasvar *sav; 1493 u_int8_t *sigp; 1494 1495 sav = tcp_signature_getsav(m, th); 1496 1497 if (sav == NULL) { 1498 if (m) 1499 m_freem(m); 1500 return (EPERM); 1501 } 1502 1503 m->m_pkthdr.len = hdrlen + len; 1504 sigp = (char *)th + sizeof(*th) + sigoff; 1505 tcp_signature(m, th, (char *)th - mtod(m, char *), sav, sigp); 1506 1507 key_sa_recordxfer(sav, m); 1508 KEY_SA_UNREF(&sav); 1509 } 1510 #endif 1511 1512 /* 1513 * Set ourselves up to be checksummed just before the packet 1514 * hits the wire. 1515 */ 1516 switch (af) { 1517 #ifdef INET 1518 case AF_INET: 1519 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); 1520 if (use_tso) { 1521 m->m_pkthdr.segsz = txsegsize; 1522 m->m_pkthdr.csum_flags = M_CSUM_TSOv4; 1523 } else { 1524 m->m_pkthdr.csum_flags = M_CSUM_TCPv4; 1525 if (len + optlen) { 1526 /* Fixup the pseudo-header checksum. */ 1527 /* XXXJRT Not IP Jumbogram safe. */ 1528 th->th_sum = in_cksum_addword(th->th_sum, 1529 htons((u_int16_t) (len + optlen))); 1530 } 1531 } 1532 break; 1533 #endif 1534 #ifdef INET6 1535 case AF_INET6: 1536 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); 1537 if (use_tso) { 1538 m->m_pkthdr.segsz = txsegsize; 1539 m->m_pkthdr.csum_flags = M_CSUM_TSOv6; 1540 } else { 1541 m->m_pkthdr.csum_flags = M_CSUM_TCPv6; 1542 if (len + optlen) { 1543 /* Fixup the pseudo-header checksum. */ 1544 /* XXXJRT: Not IPv6 Jumbogram safe. */ 1545 th->th_sum = in_cksum_addword(th->th_sum, 1546 htons((u_int16_t) (len + optlen))); 1547 } 1548 } 1549 break; 1550 #endif 1551 } 1552 1553 /* 1554 * In transmit state, time the transmission and arrange for 1555 * the retransmit. In persist state, just set snd_max. 1556 */ 1557 if (tp->t_force == 0 || TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) { 1558 tcp_seq startseq = tp->snd_nxt; 1559 1560 /* 1561 * Advance snd_nxt over sequence space of this segment. 1562 * There are no states in which we send both a SYN and a FIN, 1563 * so we collapse the tests for these flags. 1564 */ 1565 if (flags & (TH_SYN|TH_FIN)) 1566 tp->snd_nxt++; 1567 if (sack_rxmit) 1568 goto timer; 1569 tp->snd_nxt += len; 1570 if (SEQ_GT(tp->snd_nxt, tp->snd_max)) { 1571 tp->snd_max = tp->snd_nxt; 1572 /* 1573 * Time this transmission if not a retransmission and 1574 * not currently timing anything. 1575 */ 1576 if (tp->t_rtttime == 0) { 1577 tp->t_rtttime = tcp_now; 1578 tp->t_rtseq = startseq; 1579 TCP_STATINC(TCP_STAT_SEGSTIMED); 1580 } 1581 } 1582 1583 /* 1584 * Set retransmit timer if not currently set, 1585 * and not doing an ack or a keep-alive probe. 1586 * Initial value for retransmit timer is smoothed 1587 * round-trip time + 2 * round-trip time variance. 1588 * Initialize shift counter which is used for backoff 1589 * of retransmit time. 1590 */ 1591 timer: 1592 if (TCP_TIMER_ISARMED(tp, TCPT_REXMT) == 0) { 1593 if ((sack_rxmit && tp->snd_nxt != tp->snd_max) 1594 || tp->snd_nxt != tp->snd_una) { 1595 if (TCP_TIMER_ISARMED(tp, TCPT_PERSIST)) { 1596 TCP_TIMER_DISARM(tp, TCPT_PERSIST); 1597 tp->t_rxtshift = 0; 1598 } 1599 TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur); 1600 } else if (len == 0 && so->so_snd.sb_cc > 0 1601 && TCP_TIMER_ISARMED(tp, TCPT_PERSIST) == 0) { 1602 /* 1603 * If we are sending a window probe and there's 1604 * unacked data in the socket, make sure at 1605 * least the persist timer is running. 1606 */ 1607 tp->t_rxtshift = 0; 1608 tcp_setpersist(tp); 1609 } 1610 } 1611 } else 1612 if (SEQ_GT(tp->snd_nxt + len, tp->snd_max)) 1613 tp->snd_max = tp->snd_nxt + len; 1614 1615 #ifdef TCP_DEBUG 1616 /* 1617 * Trace. 1618 */ 1619 if (so->so_options & SO_DEBUG) 1620 tcp_trace(TA_OUTPUT, tp->t_state, tp, m, 0); 1621 #endif 1622 1623 /* 1624 * Fill in IP length and desired time to live and 1625 * send to IP level. There should be a better way 1626 * to handle ttl and tos; we could keep them in 1627 * the template, but need a way to checksum without them. 1628 */ 1629 m->m_pkthdr.len = hdrlen + len; 1630 1631 switch (af) { 1632 #ifdef INET 1633 case AF_INET: 1634 ip->ip_len = htons(m->m_pkthdr.len); 1635 packetlen = m->m_pkthdr.len; 1636 if (tp->t_inpcb) { 1637 ip->ip_ttl = tp->t_inpcb->inp_ip.ip_ttl; 1638 ip->ip_tos = tp->t_inpcb->inp_ip.ip_tos | ecn_tos; 1639 } 1640 #ifdef INET6 1641 else if (tp->t_in6pcb) { 1642 ip->ip_ttl = in6_selecthlim(tp->t_in6pcb, NULL); /*XXX*/ 1643 ip->ip_tos = ecn_tos; /*XXX*/ 1644 } 1645 #endif 1646 break; 1647 #endif 1648 #ifdef INET6 1649 case AF_INET6: 1650 packetlen = m->m_pkthdr.len; 1651 ip6->ip6_nxt = IPPROTO_TCP; 1652 if (tp->t_in6pcb) { 1653 /* 1654 * we separately set hoplimit for every segment, since 1655 * the user might want to change the value via 1656 * setsockopt. Also, desired default hop limit might 1657 * be changed via Neighbor Discovery. 1658 */ 1659 ip6->ip6_hlim = in6_selecthlim_rt(tp->t_in6pcb); 1660 } 1661 ip6->ip6_flow |= htonl(ecn_tos << 20); 1662 /* ip6->ip6_flow = ??? (from template) */ 1663 /* ip6_plen will be filled in ip6_output(). */ 1664 break; 1665 #endif 1666 default: /*pacify gcc*/ 1667 packetlen = 0; 1668 break; 1669 } 1670 1671 switch (af) { 1672 #ifdef INET 1673 case AF_INET: 1674 { 1675 struct mbuf *opts; 1676 1677 if (tp->t_inpcb) 1678 opts = tp->t_inpcb->inp_options; 1679 else 1680 opts = NULL; 1681 error = ip_output(m, opts, ro, 1682 (tp->t_mtudisc ? IP_MTUDISC : 0) | 1683 (so->so_options & SO_DONTROUTE), NULL, tp->t_inpcb); 1684 break; 1685 } 1686 #endif 1687 #ifdef INET6 1688 case AF_INET6: 1689 { 1690 struct ip6_pktopts *opts; 1691 1692 if (tp->t_in6pcb) 1693 opts = tp->t_in6pcb->in6p_outputopts; 1694 else 1695 opts = NULL; 1696 error = ip6_output(m, opts, ro, so->so_options & SO_DONTROUTE, 1697 NULL, tp->t_in6pcb, NULL); 1698 break; 1699 } 1700 #endif 1701 default: 1702 error = EAFNOSUPPORT; 1703 break; 1704 } 1705 if (error) { 1706 out: 1707 if (error == ENOBUFS) { 1708 TCP_STATINC(TCP_STAT_SELFQUENCH); 1709 #ifdef INET 1710 if (tp->t_inpcb) 1711 tcp_quench(tp->t_inpcb, 0); 1712 #endif 1713 #ifdef INET6 1714 if (tp->t_in6pcb) 1715 tcp6_quench(tp->t_in6pcb, 0); 1716 #endif 1717 error = 0; 1718 } else if ((error == EHOSTUNREACH || error == ENETDOWN) && 1719 TCPS_HAVERCVDSYN(tp->t_state)) { 1720 tp->t_softerror = error; 1721 error = 0; 1722 } 1723 1724 /* Back out the seqence number advance. */ 1725 if (sack_rxmit) 1726 p->rxmit -= len; 1727 1728 /* Restart the delayed ACK timer, if necessary. */ 1729 if (tp->t_flags & TF_DELACK) 1730 TCP_RESTART_DELACK(tp); 1731 1732 return (error); 1733 } 1734 1735 if (packetlen > tp->t_pmtud_mtu_sent) 1736 tp->t_pmtud_mtu_sent = packetlen; 1737 1738 tcps = TCP_STAT_GETREF(); 1739 tcps[TCP_STAT_SNDTOTAL]++; 1740 if (tp->t_flags & TF_DELACK) 1741 tcps[TCP_STAT_DELACK]++; 1742 TCP_STAT_PUTREF(); 1743 1744 /* 1745 * Data sent (as far as we can tell). 1746 * If this advertises a larger window than any other segment, 1747 * then remember the size of the advertised window. 1748 * Any pending ACK has now been sent. 1749 */ 1750 if (win > 0 && SEQ_GT(tp->rcv_nxt+win, tp->rcv_adv)) 1751 tp->rcv_adv = tp->rcv_nxt + win; 1752 tp->last_ack_sent = tp->rcv_nxt; 1753 tp->t_flags &= ~TF_ACKNOW; 1754 TCP_CLEAR_DELACK(tp); 1755 #ifdef DIAGNOSTIC 1756 if (maxburst < 0) 1757 printf("tcp_output: maxburst exceeded by %d\n", -maxburst); 1758 #endif 1759 if (sendalot && (tp->t_congctl == &tcp_reno_ctl || --maxburst)) 1760 goto again; 1761 return (0); 1762 } 1763 1764 void 1765 tcp_setpersist(struct tcpcb *tp) 1766 { 1767 int t = ((tp->t_srtt >> 2) + tp->t_rttvar) >> (1 + 2); 1768 int nticks; 1769 1770 if (TCP_TIMER_ISARMED(tp, TCPT_REXMT)) 1771 panic("tcp_output REXMT"); 1772 /* 1773 * Start/restart persistance timer. 1774 */ 1775 if (t < tp->t_rttmin) 1776 t = tp->t_rttmin; 1777 TCPT_RANGESET(nticks, t * tcp_backoff[tp->t_rxtshift], 1778 TCPTV_PERSMIN, TCPTV_PERSMAX); 1779 TCP_TIMER_ARM(tp, TCPT_PERSIST, nticks); 1780 if (tp->t_rxtshift < TCP_MAXRXTSHIFT) 1781 tp->t_rxtshift++; 1782 } 1783