1 /* $OpenBSD: tcp_timer.c,v 1.82 2025/01/16 11:59:20 bluhm Exp $ */ 2 /* $NetBSD: tcp_timer.c,v 1.14 1996/02/13 23:44:09 christos Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1988, 1990, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)tcp_timer.c 8.1 (Berkeley) 6/10/93 33 */ 34 35 #include <sys/param.h> 36 #include <sys/systm.h> 37 #include <sys/mbuf.h> 38 #include <sys/socket.h> 39 #include <sys/socketvar.h> 40 #include <sys/protosw.h> 41 #include <sys/kernel.h> 42 #include <sys/pool.h> 43 44 #include <net/route.h> 45 46 #include <netinet/in.h> 47 #include <netinet/ip.h> 48 #include <netinet/in_pcb.h> 49 #include <netinet/ip_var.h> 50 #include <netinet/tcp.h> 51 #include <netinet/tcp_fsm.h> 52 #include <netinet/tcp_timer.h> 53 #include <netinet/tcp_var.h> 54 #include <netinet/tcp_debug.h> 55 #include <netinet/ip_icmp.h> 56 #include <netinet/tcp_seq.h> 57 58 /* 59 * Locks used to protect struct members in this file: 60 * T tcp_timer_mtx global tcp timer data structures 61 */ 62 63 int tcp_always_keepalive; 64 int tcp_keepinit = TCPTV_KEEPINIT; 65 int tcp_keepidle = TCPTV_KEEPIDLE; 66 int tcp_keepintvl = TCPTV_KEEPINTVL; 67 int tcp_keepinit_sec = TCPTV_KEEPINIT / TCP_TIME(1); 68 int tcp_keepidle_sec = TCPTV_KEEPIDLE / TCP_TIME(1); 69 int tcp_keepintvl_sec = TCPTV_KEEPINTVL / TCP_TIME(1); 70 int tcp_maxpersistidle = TCPTV_KEEPIDLE; /* max idle time in persist */ 71 int tcp_delack_msecs = TCP_DELACK_MSECS; /* time to delay the ACK */ 72 73 void tcp_timer_rexmt(void *); 74 void tcp_timer_persist(void *); 75 void tcp_timer_keep(void *); 76 void tcp_timer_2msl(void *); 77 void tcp_timer_delack(void *); 78 79 const tcp_timer_func_t tcp_timer_funcs[TCPT_NTIMERS] = { 80 tcp_timer_rexmt, 81 tcp_timer_persist, 82 tcp_timer_keep, 83 tcp_timer_2msl, 84 tcp_timer_delack, 85 }; 86 87 static inline int 88 tcp_timer_enter(struct inpcb *inp, struct socket **so, struct tcpcb **tp, 89 u_int timer) 90 { 91 KASSERT(timer < TCPT_NTIMERS); 92 93 NET_LOCK_SHARED(); 94 *so = in_pcbsolock_ref(inp); 95 if (*so == NULL) { 96 *tp = NULL; 97 return -1; 98 } 99 *tp = intotcpcb(inp); 100 /* Ignore canceled timeouts or timeouts that have been rescheduled. */ 101 if (*tp == NULL || !ISSET((*tp)->t_flags, TF_TIMER << timer) || 102 timeout_pending(&(*tp)->t_timer[timer])) 103 return -1; 104 CLR((*tp)->t_flags, TF_TIMER << timer); 105 106 return 0; 107 } 108 109 static inline void 110 tcp_timer_leave(struct inpcb *inp, struct socket *so) 111 { 112 in_pcbsounlock_rele(inp, so); 113 NET_UNLOCK_SHARED(); 114 in_pcbunref(inp); 115 } 116 117 /* 118 * Callout to process delayed ACKs for a TCPCB. 119 */ 120 void 121 tcp_timer_delack(void *arg) 122 { 123 struct inpcb *inp = arg; 124 struct socket *so; 125 struct tcpcb *otp = NULL, *tp; 126 short ostate; 127 128 /* 129 * If tcp_output() wasn't able to transmit the ACK 130 * for whatever reason, it will restart the delayed 131 * ACK callout. 132 */ 133 if (tcp_timer_enter(inp, &so, &tp, TCPT_DELACK)) 134 goto out; 135 136 if (so->so_options & SO_DEBUG) { 137 otp = tp; 138 ostate = tp->t_state; 139 } 140 tp->t_flags |= TF_ACKNOW; 141 (void) tcp_output(tp); 142 if (otp) 143 tcp_trace(TA_TIMER, ostate, tp, otp, NULL, TCPT_DELACK, 0); 144 out: 145 tcp_timer_leave(inp, so); 146 } 147 148 /* 149 * Tcp protocol timeout routine called every 500 ms. 150 * Updates the timers in all active tcb's and 151 * causes finite state machine actions if timers expire. 152 */ 153 void 154 tcp_slowtimo(void) 155 { 156 mtx_enter(&tcp_timer_mtx); 157 tcp_iss += TCP_ISSINCR2/PR_SLOWHZ; /* increment iss */ 158 mtx_leave(&tcp_timer_mtx); 159 } 160 161 /* 162 * Cancel all timers for TCP tp. 163 */ 164 void 165 tcp_canceltimers(struct tcpcb *tp) 166 { 167 int i; 168 169 for (i = 0; i < TCPT_NTIMERS; i++) 170 TCP_TIMER_DISARM(tp, i); 171 } 172 173 const int tcp_backoff[TCP_MAXRXTSHIFT + 1] = 174 { 1, 2, 4, 8, 16, 32, 64, 64, 64, 64, 64, 64, 64 }; 175 176 const int tcp_totbackoff = 511; /* sum of tcp_backoff[] */ 177 178 /* 179 * TCP timer processing. 180 */ 181 182 void tcp_timer_freesack(struct tcpcb *); 183 184 void 185 tcp_timer_freesack(struct tcpcb *tp) 186 { 187 struct sackhole *p, *q; 188 /* 189 * Free SACK holes for 2MSL and REXMT timers. 190 */ 191 q = tp->snd_holes; 192 while (q != NULL) { 193 p = q; 194 q = q->next; 195 pool_put(&sackhl_pool, p); 196 } 197 tp->snd_holes = 0; 198 } 199 200 void 201 tcp_timer_rexmt(void *arg) 202 { 203 struct inpcb *inp = arg; 204 struct socket *so; 205 struct tcpcb *otp = NULL, *tp; 206 short ostate; 207 uint32_t rto; 208 209 if (tcp_timer_enter(inp, &so, &tp, TCPT_REXMT)) 210 goto out; 211 212 if ((tp->t_flags & TF_PMTUD_PEND) && 213 SEQ_GEQ(tp->t_pmtud_th_seq, tp->snd_una) && 214 SEQ_LT(tp->t_pmtud_th_seq, (int)(tp->snd_una + tp->t_maxseg))) { 215 struct sockaddr_in sin; 216 struct icmp icmp; 217 218 /* TF_PMTUD_PEND is set in tcp_ctlinput() which is IPv4 only */ 219 KASSERT(!ISSET(inp->inp_flags, INP_IPV6)); 220 tp->t_flags &= ~TF_PMTUD_PEND; 221 222 /* XXX create fake icmp message with relevant entries */ 223 icmp.icmp_nextmtu = tp->t_pmtud_nextmtu; 224 icmp.icmp_ip.ip_len = tp->t_pmtud_ip_len; 225 icmp.icmp_ip.ip_hl = tp->t_pmtud_ip_hl; 226 icmp.icmp_ip.ip_dst = inp->inp_faddr; 227 icmp_mtudisc(&icmp, inp->inp_rtableid); 228 229 /* 230 * Notify all connections to the same peer about 231 * new mss and trigger retransmit. 232 */ 233 bzero(&sin, sizeof(sin)); 234 sin.sin_len = sizeof(sin); 235 sin.sin_family = AF_INET; 236 sin.sin_addr = inp->inp_faddr; 237 in_pcbnotifyall(&tcbtable, &sin, inp->inp_rtableid, EMSGSIZE, 238 tcp_mtudisc); 239 goto out; 240 } 241 242 tcp_timer_freesack(tp); 243 if (++tp->t_rxtshift > TCP_MAXRXTSHIFT) { 244 tp->t_rxtshift = TCP_MAXRXTSHIFT; 245 tcpstat_inc(tcps_timeoutdrop); 246 tp = tcp_drop(tp, tp->t_softerror ? 247 tp->t_softerror : ETIMEDOUT); 248 goto out; 249 } 250 if (so->so_options & SO_DEBUG) { 251 otp = tp; 252 ostate = tp->t_state; 253 } 254 tcpstat_inc(tcps_rexmttimeo); 255 rto = TCP_REXMTVAL(tp); 256 if (rto < tp->t_rttmin) 257 rto = tp->t_rttmin; 258 TCPT_RANGESET(tp->t_rxtcur, 259 rto * tcp_backoff[tp->t_rxtshift], 260 tp->t_rttmin, TCPTV_REXMTMAX); 261 TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur); 262 263 /* 264 * If we are losing and we are trying path MTU discovery, 265 * try turning it off. This will avoid black holes in 266 * the network which suppress or fail to send "packet 267 * too big" ICMP messages. We should ideally do 268 * lots more sophisticated searching to find the right 269 * value here... 270 */ 271 if (ip_mtudisc && 272 TCPS_HAVEESTABLISHED(tp->t_state) && 273 tp->t_rxtshift > TCP_MAXRXTSHIFT / 6) { 274 struct rtentry *rt = NULL; 275 276 /* No data to send means path mtu is not a problem */ 277 if (!READ_ONCE(so->so_snd.sb_cc)) 278 goto leave; 279 280 rt = in_pcbrtentry(inp); 281 /* Check if path MTU discovery is disabled already */ 282 if (rt && (rt->rt_flags & RTF_HOST) && 283 (rt->rt_locks & RTV_MTU)) 284 goto leave; 285 286 rt = NULL; 287 switch(tp->pf) { 288 #ifdef INET6 289 case PF_INET6: 290 /* 291 * We can not turn off path MTU for IPv6. 292 * Do nothing for now, maybe lower to 293 * minimum MTU. 294 */ 295 break; 296 #endif 297 case PF_INET: 298 rt = icmp_mtudisc_clone(inp->inp_faddr, 299 inp->inp_rtableid, 0); 300 break; 301 } 302 if (rt != NULL) { 303 /* Disable path MTU discovery */ 304 if ((rt->rt_locks & RTV_MTU) == 0) { 305 rt->rt_locks |= RTV_MTU; 306 in_rtchange(inp, 0); 307 } 308 309 rtfree(rt); 310 } 311 leave: 312 ; 313 } 314 315 /* 316 * If losing, let the lower level know and try for 317 * a better route. Also, if we backed off this far, 318 * our srtt estimate is probably bogus. Clobber it 319 * so we'll take the next rtt measurement as our srtt; 320 * move the current srtt into rttvar to keep the current 321 * retransmit times until then. 322 */ 323 if (tp->t_rxtshift > TCP_MAXRXTSHIFT / 4) { 324 in_losing(inp); 325 tp->t_rttvar += (tp->t_srtt >> TCP_RTT_SHIFT); 326 tp->t_srtt = 0; 327 } 328 tp->snd_nxt = tp->snd_una; 329 /* 330 * Note: We overload snd_last to function also as the 331 * snd_last variable described in RFC 2582 332 */ 333 tp->snd_last = tp->snd_max; 334 /* 335 * If timing a segment in this window, stop the timer. 336 */ 337 tp->t_rtttime = 0; 338 #ifdef TCP_ECN 339 /* 340 * if ECN is enabled, there might be a broken firewall which 341 * blocks ecn packets. fall back to non-ecn. 342 */ 343 if ((tp->t_state == TCPS_SYN_SENT || tp->t_state == TCPS_SYN_RECEIVED) 344 && atomic_load_int(&tcp_do_ecn) && !(tp->t_flags & TF_DISABLE_ECN)) 345 tp->t_flags |= TF_DISABLE_ECN; 346 #endif 347 /* 348 * Close the congestion window down to one segment 349 * (we'll open it by one segment for each ack we get). 350 * Since we probably have a window's worth of unacked 351 * data accumulated, this "slow start" keeps us from 352 * dumping all that data as back-to-back packets (which 353 * might overwhelm an intermediate gateway). 354 * 355 * There are two phases to the opening: Initially we 356 * open by one mss on each ack. This makes the window 357 * size increase exponentially with time. If the 358 * window is larger than the path can handle, this 359 * exponential growth results in dropped packet(s) 360 * almost immediately. To get more time between 361 * drops but still "push" the network to take advantage 362 * of improving conditions, we switch from exponential 363 * to linear window opening at some threshold size. 364 * For a threshold, we use half the current window 365 * size, truncated to a multiple of the mss. 366 * 367 * (the minimum cwnd that will give us exponential 368 * growth is 2 mss. We don't allow the threshold 369 * to go below this.) 370 */ 371 { 372 u_long win; 373 374 win = ulmin(tp->snd_wnd, tp->snd_cwnd) / 2 / tp->t_maxseg; 375 if (win < 2) 376 win = 2; 377 tp->snd_cwnd = tp->t_maxseg; 378 tp->snd_ssthresh = win * tp->t_maxseg; 379 tp->t_dupacks = 0; 380 #ifdef TCP_ECN 381 tp->snd_last = tp->snd_max; 382 tp->t_flags |= TF_SEND_CWR; 383 #endif 384 #if 1 /* TCP_ECN */ 385 tcpstat_inc(tcps_cwr_timeout); 386 #endif 387 } 388 (void) tcp_output(tp); 389 if (otp) 390 tcp_trace(TA_TIMER, ostate, tp, otp, NULL, TCPT_REXMT, 0); 391 out: 392 tcp_timer_leave(inp, so); 393 } 394 395 void 396 tcp_timer_persist(void *arg) 397 { 398 struct inpcb *inp = arg; 399 struct socket *so; 400 struct tcpcb *otp = NULL, *tp; 401 short ostate; 402 uint64_t now; 403 uint32_t rto; 404 405 if (tcp_timer_enter(inp, &so, &tp, TCPT_PERSIST)) 406 goto out; 407 408 if (TCP_TIMER_ISARMED(tp, TCPT_REXMT)) 409 goto out; 410 411 if (so->so_options & SO_DEBUG) { 412 otp = tp; 413 ostate = tp->t_state; 414 } 415 tcpstat_inc(tcps_persisttimeo); 416 /* 417 * Hack: if the peer is dead/unreachable, we do not 418 * time out if the window is closed. After a full 419 * backoff, drop the connection if the idle time 420 * (no responses to probes) reaches the maximum 421 * backoff that we would use if retransmitting. 422 */ 423 rto = TCP_REXMTVAL(tp); 424 if (rto < tp->t_rttmin) 425 rto = tp->t_rttmin; 426 now = tcp_now(); 427 if (tp->t_rxtshift == TCP_MAXRXTSHIFT && 428 ((now - tp->t_rcvtime) >= tcp_maxpersistidle || 429 (now - tp->t_rcvtime) >= rto * tcp_totbackoff)) { 430 tcpstat_inc(tcps_persistdrop); 431 tp = tcp_drop(tp, ETIMEDOUT); 432 goto out; 433 } 434 tcp_setpersist(tp); 435 tp->t_force = 1; 436 (void) tcp_output(tp); 437 tp->t_force = 0; 438 if (otp) 439 tcp_trace(TA_TIMER, ostate, tp, otp, NULL, TCPT_PERSIST, 0); 440 out: 441 tcp_timer_leave(inp, so); 442 } 443 444 void 445 tcp_timer_keep(void *arg) 446 { 447 struct inpcb *inp = arg; 448 struct socket *so; 449 struct tcpcb *otp = NULL, *tp; 450 short ostate; 451 452 if (tcp_timer_enter(inp, &so, &tp, TCPT_KEEP)) 453 goto out; 454 455 if (so->so_options & SO_DEBUG) { 456 otp = tp; 457 ostate = tp->t_state; 458 } 459 tcpstat_inc(tcps_keeptimeo); 460 if (TCPS_HAVEESTABLISHED(tp->t_state) == 0) { 461 tcpstat_inc(tcps_keepdrops); 462 tp = tcp_drop(tp, ETIMEDOUT); 463 goto out; 464 } 465 if ((atomic_load_int(&tcp_always_keepalive) || 466 so->so_options & SO_KEEPALIVE) && 467 tp->t_state <= TCPS_CLOSING) { 468 int keepidle, maxidle; 469 uint64_t now; 470 471 keepidle = atomic_load_int(&tcp_keepidle); 472 maxidle = TCPTV_KEEPCNT * keepidle; 473 now = tcp_now(); 474 if ((maxidle > 0) && 475 ((now - tp->t_rcvtime) >= keepidle + maxidle)) { 476 tcpstat_inc(tcps_keepdrops); 477 tp = tcp_drop(tp, ETIMEDOUT); 478 goto out; 479 } 480 /* 481 * Send a packet designed to force a response 482 * if the peer is up and reachable: 483 * either an ACK if the connection is still alive, 484 * or an RST if the peer has closed the connection 485 * due to timeout or reboot. 486 * Using sequence number tp->snd_una-1 487 * causes the transmitted zero-length segment 488 * to lie outside the receive window; 489 * by the protocol spec, this requires the 490 * correspondent TCP to respond. 491 */ 492 tcpstat_inc(tcps_keepprobe); 493 tcp_respond(tp, mtod(tp->t_template, caddr_t), 494 NULL, tp->rcv_nxt, tp->snd_una - 1, 0, 0, now); 495 TCP_TIMER_ARM(tp, TCPT_KEEP, atomic_load_int(&tcp_keepintvl)); 496 } else 497 TCP_TIMER_ARM(tp, TCPT_KEEP, atomic_load_int(&tcp_keepidle)); 498 if (otp) 499 tcp_trace(TA_TIMER, ostate, tp, otp, NULL, TCPT_KEEP, 0); 500 out: 501 tcp_timer_leave(inp, so); 502 } 503 504 void 505 tcp_timer_2msl(void *arg) 506 { 507 struct inpcb *inp = arg; 508 struct socket *so; 509 struct tcpcb *otp = NULL, *tp; 510 short ostate; 511 uint64_t now; 512 int maxidle; 513 514 if (tcp_timer_enter(inp, &so, &tp, TCPT_2MSL)) 515 goto out; 516 517 if (so->so_options & SO_DEBUG) { 518 otp = tp; 519 ostate = tp->t_state; 520 } 521 tcp_timer_freesack(tp); 522 523 maxidle = TCPTV_KEEPCNT * atomic_load_int(&tcp_keepidle); 524 now = tcp_now(); 525 if (tp->t_state != TCPS_TIME_WAIT && 526 ((maxidle == 0) || ((now - tp->t_rcvtime) <= maxidle))) 527 TCP_TIMER_ARM(tp, TCPT_2MSL, atomic_load_int(&tcp_keepintvl)); 528 else 529 tp = tcp_close(tp); 530 if (otp) 531 tcp_trace(TA_TIMER, ostate, tp, otp, NULL, TCPT_2MSL, 0); 532 out: 533 tcp_timer_leave(inp, so); 534 } 535 536 void 537 tcp_timer_reaper(void *arg) 538 { 539 struct tcpcb *tp = arg; 540 541 /* 542 * This timer is necessary to delay the pool_put() after all timers 543 * have finished, even if they were sleeping to grab the net lock. 544 * Putting the pool_put() in a timer is sufficient as all timers run 545 * from the same timeout thread. Note that neither softnet thread nor 546 * user process may access the tcpcb after arming the reaper timer. 547 * Freeing may run in parallel as it does not grab the net lock. 548 */ 549 pool_put(&tcpcb_pool, tp); 550 } 551