xref: /openbsd-src/sys/netinet/tcp_timer.c (revision aa997e528a848ca5596493c2a801bdd6fb26ae61)
1 /*	$OpenBSD: tcp_timer.c,v 1.64 2018/02/07 00:31:10 bluhm Exp $	*/
2 /*	$NetBSD: tcp_timer.c,v 1.14 1996/02/13 23:44:09 christos Exp $	*/
3 
4 /*
5  * Copyright (c) 1982, 1986, 1988, 1990, 1993
6  *	The Regents of the University of California.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. Neither the name of the University nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  *	@(#)tcp_timer.c	8.1 (Berkeley) 6/10/93
33  */
34 
35 #include <sys/param.h>
36 #include <sys/systm.h>
37 #include <sys/mbuf.h>
38 #include <sys/socket.h>
39 #include <sys/socketvar.h>
40 #include <sys/protosw.h>
41 #include <sys/kernel.h>
42 #include <sys/pool.h>
43 
44 #include <net/route.h>
45 
46 #include <netinet/in.h>
47 #include <netinet/ip.h>
48 #include <netinet/in_pcb.h>
49 #include <netinet/ip_var.h>
50 #include <netinet/tcp.h>
51 #include <netinet/tcp_fsm.h>
52 #include <netinet/tcp_timer.h>
53 #include <netinet/tcp_var.h>
54 #include <netinet/ip_icmp.h>
55 #include <netinet/tcp_seq.h>
56 
57 int	tcp_always_keepalive;
58 int	tcp_keepidle;
59 int	tcp_keepintvl;
60 int	tcp_maxpersistidle;	/* max idle time in persist */
61 int	tcp_maxidle;
62 
63 /*
64  * Time to delay the ACK.  This is initialized in tcp_init(), unless
65  * its patched.
66  */
67 int	tcp_delack_msecs;
68 
69 void	tcp_timer_rexmt(void *);
70 void	tcp_timer_persist(void *);
71 void	tcp_timer_keep(void *);
72 void	tcp_timer_2msl(void *);
73 void	tcp_timer_reaper(void *);
74 
75 const tcp_timer_func_t tcp_timer_funcs[TCPT_NTIMERS] = {
76 	tcp_timer_rexmt,
77 	tcp_timer_persist,
78 	tcp_timer_keep,
79 	tcp_timer_2msl,
80 	tcp_timer_reaper,
81 };
82 
83 /*
84  * Timer state initialization, called from tcp_init().
85  */
86 void
87 tcp_timer_init(void)
88 {
89 
90 	if (tcp_keepidle == 0)
91 		tcp_keepidle = TCPTV_KEEP_IDLE;
92 
93 	if (tcp_keepintvl == 0)
94 		tcp_keepintvl = TCPTV_KEEPINTVL;
95 
96 	if (tcp_maxpersistidle == 0)
97 		tcp_maxpersistidle = TCPTV_KEEP_IDLE;
98 
99 	if (tcp_delack_msecs == 0)
100 		tcp_delack_msecs = TCP_DELACK_MSECS;
101 }
102 
103 /*
104  * Callout to process delayed ACKs for a TCPCB.
105  */
106 void
107 tcp_delack(void *arg)
108 {
109 	struct tcpcb *tp = arg;
110 
111 	/*
112 	 * If tcp_output() wasn't able to transmit the ACK
113 	 * for whatever reason, it will restart the delayed
114 	 * ACK callout.
115 	 */
116 	NET_LOCK();
117 	if (tp->t_flags & TF_DEAD)
118 		goto out;
119 	tp->t_flags |= TF_ACKNOW;
120 	(void) tcp_output(tp);
121  out:
122 	NET_UNLOCK();
123 }
124 
125 /*
126  * Tcp protocol timeout routine called every 500 ms.
127  * Updates the timers in all active tcb's and
128  * causes finite state machine actions if timers expire.
129  */
130 void
131 tcp_slowtimo(void)
132 {
133 	NET_LOCK();
134 
135 	tcp_maxidle = TCPTV_KEEPCNT * tcp_keepintvl;
136 	tcp_iss += TCP_ISSINCR2/PR_SLOWHZ;		/* increment iss */
137 	tcp_now++;					/* for timestamps */
138 
139 	NET_UNLOCK();
140 }
141 
142 /*
143  * Cancel all timers for TCP tp.
144  */
145 void
146 tcp_canceltimers(struct tcpcb *tp)
147 {
148 	int i;
149 
150 	for (i = 0; i < TCPT_NTIMERS; i++)
151 		TCP_TIMER_DISARM(tp, i);
152 }
153 
154 int	tcp_backoff[TCP_MAXRXTSHIFT + 1] =
155     { 1, 2, 4, 8, 16, 32, 64, 64, 64, 64, 64, 64, 64 };
156 
157 int tcp_totbackoff = 511;	/* sum of tcp_backoff[] */
158 
159 /*
160  * TCP timer processing.
161  */
162 
163 void	tcp_timer_freesack(struct tcpcb *);
164 
165 void
166 tcp_timer_freesack(struct tcpcb *tp)
167 {
168 	struct sackhole *p, *q;
169 	/*
170 	 * Free SACK holes for 2MSL and REXMT timers.
171 	 */
172 	q = tp->snd_holes;
173 	while (q != NULL) {
174 		p = q;
175 		q = q->next;
176 		pool_put(&sackhl_pool, p);
177 	}
178 	tp->snd_holes = 0;
179 }
180 
181 void
182 tcp_timer_rexmt(void *arg)
183 {
184 	struct tcpcb *tp = arg;
185 	uint32_t rto;
186 
187 	NET_LOCK();
188 	/* Ignore canceled timeouts or timeouts that have been rescheduled. */
189 	if (!ISSET((tp)->t_flags, TF_TMR_REXMT) ||
190 	    timeout_pending(&tp->t_timer[TCPT_REXMT]))
191 		goto out;
192 	CLR((tp)->t_flags, TF_TMR_REXMT);
193 
194 	if ((tp->t_flags & TF_PMTUD_PEND) && tp->t_inpcb &&
195 	    SEQ_GEQ(tp->t_pmtud_th_seq, tp->snd_una) &&
196 	    SEQ_LT(tp->t_pmtud_th_seq, (int)(tp->snd_una + tp->t_maxseg))) {
197 		struct sockaddr_in sin;
198 		struct icmp icmp;
199 
200 		tp->t_flags &= ~TF_PMTUD_PEND;
201 
202 		/* XXX create fake icmp message with relevant entries */
203 		icmp.icmp_nextmtu = tp->t_pmtud_nextmtu;
204 		icmp.icmp_ip.ip_len = tp->t_pmtud_ip_len;
205 		icmp.icmp_ip.ip_hl = tp->t_pmtud_ip_hl;
206 		icmp.icmp_ip.ip_dst = tp->t_inpcb->inp_faddr;
207 		icmp_mtudisc(&icmp, tp->t_inpcb->inp_rtableid);
208 
209 		/*
210 		 * Notify all connections to the same peer about
211 		 * new mss and trigger retransmit.
212 		 */
213 		bzero(&sin, sizeof(sin));
214 		sin.sin_len = sizeof(sin);
215 		sin.sin_family = AF_INET;
216 		sin.sin_addr = tp->t_inpcb->inp_faddr;
217 		in_pcbnotifyall(&tcbtable, sintosa(&sin),
218 		    tp->t_inpcb->inp_rtableid, EMSGSIZE, tcp_mtudisc);
219 		goto out;
220 	}
221 
222 	tcp_timer_freesack(tp);
223 	if (++tp->t_rxtshift > TCP_MAXRXTSHIFT) {
224 		tp->t_rxtshift = TCP_MAXRXTSHIFT;
225 		tcpstat_inc(tcps_timeoutdrop);
226 		tp = tcp_drop(tp, tp->t_softerror ?
227 		    tp->t_softerror : ETIMEDOUT);
228 		goto out;
229 	}
230 	tcpstat_inc(tcps_rexmttimeo);
231 	rto = TCP_REXMTVAL(tp);
232 	if (rto < tp->t_rttmin)
233 		rto = tp->t_rttmin;
234 	TCPT_RANGESET(tp->t_rxtcur,
235 	    rto * tcp_backoff[tp->t_rxtshift],
236 	    tp->t_rttmin, TCPTV_REXMTMAX);
237 	TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur);
238 
239 	/*
240 	 * If we are losing and we are trying path MTU discovery,
241 	 * try turning it off.  This will avoid black holes in
242 	 * the network which suppress or fail to send "packet
243 	 * too big" ICMP messages.  We should ideally do
244 	 * lots more sophisticated searching to find the right
245 	 * value here...
246 	 */
247 	if (ip_mtudisc && tp->t_inpcb &&
248 	    TCPS_HAVEESTABLISHED(tp->t_state) &&
249 	    tp->t_rxtshift > TCP_MAXRXTSHIFT / 6) {
250 		struct inpcb *inp = tp->t_inpcb;
251 		struct rtentry *rt = NULL;
252 
253 		/* No data to send means path mtu is not a problem */
254 		if (!inp->inp_socket->so_snd.sb_cc)
255 			goto leave;
256 
257 		rt = in_pcbrtentry(inp);
258 		/* Check if path MTU discovery is disabled already */
259 		if (rt && (rt->rt_flags & RTF_HOST) &&
260 		    (rt->rt_locks & RTV_MTU))
261 			goto leave;
262 
263 		rt = NULL;
264 		switch(tp->pf) {
265 #ifdef INET6
266 		case PF_INET6:
267 			/*
268 			 * We can not turn off path MTU for IPv6.
269 			 * Do nothing for now, maybe lower to
270 			 * minimum MTU.
271 			 */
272 			break;
273 #endif
274 		case PF_INET:
275 			rt = icmp_mtudisc_clone(inp->inp_faddr,
276 			    inp->inp_rtableid);
277 			break;
278 		}
279 		if (rt != NULL) {
280 			/* Disable path MTU discovery */
281 			if ((rt->rt_locks & RTV_MTU) == 0) {
282 				rt->rt_locks |= RTV_MTU;
283 				in_rtchange(inp, 0);
284 			}
285 
286 			rtfree(rt);
287 		}
288 	leave:
289 		;
290 	}
291 
292 	/*
293 	 * If losing, let the lower level know and try for
294 	 * a better route.  Also, if we backed off this far,
295 	 * our srtt estimate is probably bogus.  Clobber it
296 	 * so we'll take the next rtt measurement as our srtt;
297 	 * move the current srtt into rttvar to keep the current
298 	 * retransmit times until then.
299 	 */
300 	if (tp->t_rxtshift > TCP_MAXRXTSHIFT / 4) {
301 		in_losing(tp->t_inpcb);
302 		tp->t_rttvar += (tp->t_srtt >> TCP_RTT_SHIFT);
303 		tp->t_srtt = 0;
304 	}
305 	tp->snd_nxt = tp->snd_una;
306 	/*
307 	 * Note:  We overload snd_last to function also as the
308 	 * snd_last variable described in RFC 2582
309 	 */
310 	tp->snd_last = tp->snd_max;
311 	/*
312 	 * If timing a segment in this window, stop the timer.
313 	 */
314 	tp->t_rtttime = 0;
315 #ifdef TCP_ECN
316 	/*
317 	 * if ECN is enabled, there might be a broken firewall which
318 	 * blocks ecn packets.  fall back to non-ecn.
319 	 */
320 	if ((tp->t_state == TCPS_SYN_SENT || tp->t_state == TCPS_SYN_RECEIVED)
321 	    && tcp_do_ecn && !(tp->t_flags & TF_DISABLE_ECN))
322 		tp->t_flags |= TF_DISABLE_ECN;
323 #endif
324 	/*
325 	 * Close the congestion window down to one segment
326 	 * (we'll open it by one segment for each ack we get).
327 	 * Since we probably have a window's worth of unacked
328 	 * data accumulated, this "slow start" keeps us from
329 	 * dumping all that data as back-to-back packets (which
330 	 * might overwhelm an intermediate gateway).
331 	 *
332 	 * There are two phases to the opening: Initially we
333 	 * open by one mss on each ack.  This makes the window
334 	 * size increase exponentially with time.  If the
335 	 * window is larger than the path can handle, this
336 	 * exponential growth results in dropped packet(s)
337 	 * almost immediately.  To get more time between
338 	 * drops but still "push" the network to take advantage
339 	 * of improving conditions, we switch from exponential
340 	 * to linear window opening at some threshold size.
341 	 * For a threshold, we use half the current window
342 	 * size, truncated to a multiple of the mss.
343 	 *
344 	 * (the minimum cwnd that will give us exponential
345 	 * growth is 2 mss.  We don't allow the threshold
346 	 * to go below this.)
347 	 */
348 	{
349 		u_long win = ulmin(tp->snd_wnd, tp->snd_cwnd) / 2 / tp->t_maxseg;
350 		if (win < 2)
351 			win = 2;
352 		tp->snd_cwnd = tp->t_maxseg;
353 		tp->snd_ssthresh = win * tp->t_maxseg;
354 		tp->t_dupacks = 0;
355 #ifdef TCP_ECN
356 		tp->snd_last = tp->snd_max;
357 		tp->t_flags |= TF_SEND_CWR;
358 #endif
359 #if 1 /* TCP_ECN */
360 		tcpstat_inc(tcps_cwr_timeout);
361 #endif
362 	}
363 	(void) tcp_output(tp);
364 
365  out:
366 	NET_UNLOCK();
367 }
368 
369 void
370 tcp_timer_persist(void *arg)
371 {
372 	struct tcpcb *tp = arg;
373 	uint32_t rto;
374 
375 	NET_LOCK();
376 	/* Ignore canceled timeouts or timeouts that have been rescheduled. */
377 	if (!ISSET((tp)->t_flags, TF_TMR_PERSIST) ||
378 	    timeout_pending(&tp->t_timer[TCPT_PERSIST]))
379 		goto out;
380 	CLR((tp)->t_flags, TF_TMR_PERSIST);
381 
382 	if (TCP_TIMER_ISARMED(tp, TCPT_REXMT))
383 		goto out;
384 	tcpstat_inc(tcps_persisttimeo);
385 	/*
386 	 * Hack: if the peer is dead/unreachable, we do not
387 	 * time out if the window is closed.  After a full
388 	 * backoff, drop the connection if the idle time
389 	 * (no responses to probes) reaches the maximum
390 	 * backoff that we would use if retransmitting.
391 	 */
392 	rto = TCP_REXMTVAL(tp);
393 	if (rto < tp->t_rttmin)
394 		rto = tp->t_rttmin;
395 	if (tp->t_rxtshift == TCP_MAXRXTSHIFT &&
396 	    ((tcp_now - tp->t_rcvtime) >= tcp_maxpersistidle ||
397 	    (tcp_now - tp->t_rcvtime) >= rto * tcp_totbackoff)) {
398 		tcpstat_inc(tcps_persistdrop);
399 		tp = tcp_drop(tp, ETIMEDOUT);
400 		goto out;
401 	}
402 	tcp_setpersist(tp);
403 	tp->t_force = 1;
404 	(void) tcp_output(tp);
405 	tp->t_force = 0;
406  out:
407 	NET_UNLOCK();
408 }
409 
410 void
411 tcp_timer_keep(void *arg)
412 {
413 	struct tcpcb *tp = arg;
414 
415 	NET_LOCK();
416 	/* Ignore canceled timeouts or timeouts that have been rescheduled. */
417 	if (!ISSET((tp)->t_flags, TF_TMR_KEEP) ||
418 	    timeout_pending(&tp->t_timer[TCPT_KEEP]))
419 		goto out;
420 	CLR((tp)->t_flags, TF_TMR_KEEP);
421 
422 	tcpstat_inc(tcps_keeptimeo);
423 	if (TCPS_HAVEESTABLISHED(tp->t_state) == 0)
424 		goto dropit;
425 	if ((tcp_always_keepalive ||
426 	    tp->t_inpcb->inp_socket->so_options & SO_KEEPALIVE) &&
427 	    tp->t_state <= TCPS_CLOSING) {
428 		if ((tcp_maxidle > 0) &&
429 		    ((tcp_now - tp->t_rcvtime) >= tcp_keepidle + tcp_maxidle))
430 			goto dropit;
431 		/*
432 		 * Send a packet designed to force a response
433 		 * if the peer is up and reachable:
434 		 * either an ACK if the connection is still alive,
435 		 * or an RST if the peer has closed the connection
436 		 * due to timeout or reboot.
437 		 * Using sequence number tp->snd_una-1
438 		 * causes the transmitted zero-length segment
439 		 * to lie outside the receive window;
440 		 * by the protocol spec, this requires the
441 		 * correspondent TCP to respond.
442 		 */
443 		tcpstat_inc(tcps_keepprobe);
444 		tcp_respond(tp, mtod(tp->t_template, caddr_t),
445 		    NULL, tp->rcv_nxt, tp->snd_una - 1, 0, 0);
446 		TCP_TIMER_ARM(tp, TCPT_KEEP, tcp_keepintvl);
447 	} else
448 		TCP_TIMER_ARM(tp, TCPT_KEEP, tcp_keepidle);
449  out:
450 	NET_UNLOCK();
451 	return;
452 
453  dropit:
454 	tcpstat_inc(tcps_keepdrops);
455 	tp = tcp_drop(tp, ETIMEDOUT);
456 	NET_UNLOCK();
457 }
458 
459 void
460 tcp_timer_2msl(void *arg)
461 {
462 	struct tcpcb *tp = arg;
463 
464 	NET_LOCK();
465 	/* Ignore canceled timeouts or timeouts that have been rescheduled. */
466 	if (!ISSET((tp)->t_flags, TF_TMR_2MSL) ||
467 	    timeout_pending(&tp->t_timer[TCPT_2MSL]))
468 		goto out;
469 	CLR((tp)->t_flags, TF_TMR_2MSL);
470 
471 	tcp_timer_freesack(tp);
472 
473 	if (tp->t_state != TCPS_TIME_WAIT &&
474 	    ((tcp_maxidle == 0) || ((tcp_now - tp->t_rcvtime) <= tcp_maxidle)))
475 		TCP_TIMER_ARM(tp, TCPT_2MSL, tcp_keepintvl);
476 	else
477 		tp = tcp_close(tp);
478 
479  out:
480 	NET_UNLOCK();
481 }
482 
483 void
484 tcp_timer_reaper(void *arg)
485 {
486 	struct tcpcb *tp = arg;
487 
488 	/*
489 	 * This timer is necessary to delay the pool_put() after all timers
490 	 * have finished, even if they were sleeping to grab the net lock.
491 	 * Putting the pool_put() in a timer is sufficinet as all timers run
492 	 * from the same timeout thread.  Note that neither softnet thread nor
493 	 * user process may access the tcpcb after arming the reaper timer.
494 	 * Freeing may run in parallel as it does not grab the net lock.
495 	 */
496 	pool_put(&tcpcb_pool, tp);
497 	tcpstat_inc(tcps_closed);
498 }
499