1 /* $OpenBSD: tcp_timer.c,v 1.64 2018/02/07 00:31:10 bluhm Exp $ */ 2 /* $NetBSD: tcp_timer.c,v 1.14 1996/02/13 23:44:09 christos Exp $ */ 3 4 /* 5 * Copyright (c) 1982, 1986, 1988, 1990, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * @(#)tcp_timer.c 8.1 (Berkeley) 6/10/93 33 */ 34 35 #include <sys/param.h> 36 #include <sys/systm.h> 37 #include <sys/mbuf.h> 38 #include <sys/socket.h> 39 #include <sys/socketvar.h> 40 #include <sys/protosw.h> 41 #include <sys/kernel.h> 42 #include <sys/pool.h> 43 44 #include <net/route.h> 45 46 #include <netinet/in.h> 47 #include <netinet/ip.h> 48 #include <netinet/in_pcb.h> 49 #include <netinet/ip_var.h> 50 #include <netinet/tcp.h> 51 #include <netinet/tcp_fsm.h> 52 #include <netinet/tcp_timer.h> 53 #include <netinet/tcp_var.h> 54 #include <netinet/ip_icmp.h> 55 #include <netinet/tcp_seq.h> 56 57 int tcp_always_keepalive; 58 int tcp_keepidle; 59 int tcp_keepintvl; 60 int tcp_maxpersistidle; /* max idle time in persist */ 61 int tcp_maxidle; 62 63 /* 64 * Time to delay the ACK. This is initialized in tcp_init(), unless 65 * its patched. 66 */ 67 int tcp_delack_msecs; 68 69 void tcp_timer_rexmt(void *); 70 void tcp_timer_persist(void *); 71 void tcp_timer_keep(void *); 72 void tcp_timer_2msl(void *); 73 void tcp_timer_reaper(void *); 74 75 const tcp_timer_func_t tcp_timer_funcs[TCPT_NTIMERS] = { 76 tcp_timer_rexmt, 77 tcp_timer_persist, 78 tcp_timer_keep, 79 tcp_timer_2msl, 80 tcp_timer_reaper, 81 }; 82 83 /* 84 * Timer state initialization, called from tcp_init(). 85 */ 86 void 87 tcp_timer_init(void) 88 { 89 90 if (tcp_keepidle == 0) 91 tcp_keepidle = TCPTV_KEEP_IDLE; 92 93 if (tcp_keepintvl == 0) 94 tcp_keepintvl = TCPTV_KEEPINTVL; 95 96 if (tcp_maxpersistidle == 0) 97 tcp_maxpersistidle = TCPTV_KEEP_IDLE; 98 99 if (tcp_delack_msecs == 0) 100 tcp_delack_msecs = TCP_DELACK_MSECS; 101 } 102 103 /* 104 * Callout to process delayed ACKs for a TCPCB. 105 */ 106 void 107 tcp_delack(void *arg) 108 { 109 struct tcpcb *tp = arg; 110 111 /* 112 * If tcp_output() wasn't able to transmit the ACK 113 * for whatever reason, it will restart the delayed 114 * ACK callout. 115 */ 116 NET_LOCK(); 117 if (tp->t_flags & TF_DEAD) 118 goto out; 119 tp->t_flags |= TF_ACKNOW; 120 (void) tcp_output(tp); 121 out: 122 NET_UNLOCK(); 123 } 124 125 /* 126 * Tcp protocol timeout routine called every 500 ms. 127 * Updates the timers in all active tcb's and 128 * causes finite state machine actions if timers expire. 129 */ 130 void 131 tcp_slowtimo(void) 132 { 133 NET_LOCK(); 134 135 tcp_maxidle = TCPTV_KEEPCNT * tcp_keepintvl; 136 tcp_iss += TCP_ISSINCR2/PR_SLOWHZ; /* increment iss */ 137 tcp_now++; /* for timestamps */ 138 139 NET_UNLOCK(); 140 } 141 142 /* 143 * Cancel all timers for TCP tp. 144 */ 145 void 146 tcp_canceltimers(struct tcpcb *tp) 147 { 148 int i; 149 150 for (i = 0; i < TCPT_NTIMERS; i++) 151 TCP_TIMER_DISARM(tp, i); 152 } 153 154 int tcp_backoff[TCP_MAXRXTSHIFT + 1] = 155 { 1, 2, 4, 8, 16, 32, 64, 64, 64, 64, 64, 64, 64 }; 156 157 int tcp_totbackoff = 511; /* sum of tcp_backoff[] */ 158 159 /* 160 * TCP timer processing. 161 */ 162 163 void tcp_timer_freesack(struct tcpcb *); 164 165 void 166 tcp_timer_freesack(struct tcpcb *tp) 167 { 168 struct sackhole *p, *q; 169 /* 170 * Free SACK holes for 2MSL and REXMT timers. 171 */ 172 q = tp->snd_holes; 173 while (q != NULL) { 174 p = q; 175 q = q->next; 176 pool_put(&sackhl_pool, p); 177 } 178 tp->snd_holes = 0; 179 } 180 181 void 182 tcp_timer_rexmt(void *arg) 183 { 184 struct tcpcb *tp = arg; 185 uint32_t rto; 186 187 NET_LOCK(); 188 /* Ignore canceled timeouts or timeouts that have been rescheduled. */ 189 if (!ISSET((tp)->t_flags, TF_TMR_REXMT) || 190 timeout_pending(&tp->t_timer[TCPT_REXMT])) 191 goto out; 192 CLR((tp)->t_flags, TF_TMR_REXMT); 193 194 if ((tp->t_flags & TF_PMTUD_PEND) && tp->t_inpcb && 195 SEQ_GEQ(tp->t_pmtud_th_seq, tp->snd_una) && 196 SEQ_LT(tp->t_pmtud_th_seq, (int)(tp->snd_una + tp->t_maxseg))) { 197 struct sockaddr_in sin; 198 struct icmp icmp; 199 200 tp->t_flags &= ~TF_PMTUD_PEND; 201 202 /* XXX create fake icmp message with relevant entries */ 203 icmp.icmp_nextmtu = tp->t_pmtud_nextmtu; 204 icmp.icmp_ip.ip_len = tp->t_pmtud_ip_len; 205 icmp.icmp_ip.ip_hl = tp->t_pmtud_ip_hl; 206 icmp.icmp_ip.ip_dst = tp->t_inpcb->inp_faddr; 207 icmp_mtudisc(&icmp, tp->t_inpcb->inp_rtableid); 208 209 /* 210 * Notify all connections to the same peer about 211 * new mss and trigger retransmit. 212 */ 213 bzero(&sin, sizeof(sin)); 214 sin.sin_len = sizeof(sin); 215 sin.sin_family = AF_INET; 216 sin.sin_addr = tp->t_inpcb->inp_faddr; 217 in_pcbnotifyall(&tcbtable, sintosa(&sin), 218 tp->t_inpcb->inp_rtableid, EMSGSIZE, tcp_mtudisc); 219 goto out; 220 } 221 222 tcp_timer_freesack(tp); 223 if (++tp->t_rxtshift > TCP_MAXRXTSHIFT) { 224 tp->t_rxtshift = TCP_MAXRXTSHIFT; 225 tcpstat_inc(tcps_timeoutdrop); 226 tp = tcp_drop(tp, tp->t_softerror ? 227 tp->t_softerror : ETIMEDOUT); 228 goto out; 229 } 230 tcpstat_inc(tcps_rexmttimeo); 231 rto = TCP_REXMTVAL(tp); 232 if (rto < tp->t_rttmin) 233 rto = tp->t_rttmin; 234 TCPT_RANGESET(tp->t_rxtcur, 235 rto * tcp_backoff[tp->t_rxtshift], 236 tp->t_rttmin, TCPTV_REXMTMAX); 237 TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur); 238 239 /* 240 * If we are losing and we are trying path MTU discovery, 241 * try turning it off. This will avoid black holes in 242 * the network which suppress or fail to send "packet 243 * too big" ICMP messages. We should ideally do 244 * lots more sophisticated searching to find the right 245 * value here... 246 */ 247 if (ip_mtudisc && tp->t_inpcb && 248 TCPS_HAVEESTABLISHED(tp->t_state) && 249 tp->t_rxtshift > TCP_MAXRXTSHIFT / 6) { 250 struct inpcb *inp = tp->t_inpcb; 251 struct rtentry *rt = NULL; 252 253 /* No data to send means path mtu is not a problem */ 254 if (!inp->inp_socket->so_snd.sb_cc) 255 goto leave; 256 257 rt = in_pcbrtentry(inp); 258 /* Check if path MTU discovery is disabled already */ 259 if (rt && (rt->rt_flags & RTF_HOST) && 260 (rt->rt_locks & RTV_MTU)) 261 goto leave; 262 263 rt = NULL; 264 switch(tp->pf) { 265 #ifdef INET6 266 case PF_INET6: 267 /* 268 * We can not turn off path MTU for IPv6. 269 * Do nothing for now, maybe lower to 270 * minimum MTU. 271 */ 272 break; 273 #endif 274 case PF_INET: 275 rt = icmp_mtudisc_clone(inp->inp_faddr, 276 inp->inp_rtableid); 277 break; 278 } 279 if (rt != NULL) { 280 /* Disable path MTU discovery */ 281 if ((rt->rt_locks & RTV_MTU) == 0) { 282 rt->rt_locks |= RTV_MTU; 283 in_rtchange(inp, 0); 284 } 285 286 rtfree(rt); 287 } 288 leave: 289 ; 290 } 291 292 /* 293 * If losing, let the lower level know and try for 294 * a better route. Also, if we backed off this far, 295 * our srtt estimate is probably bogus. Clobber it 296 * so we'll take the next rtt measurement as our srtt; 297 * move the current srtt into rttvar to keep the current 298 * retransmit times until then. 299 */ 300 if (tp->t_rxtshift > TCP_MAXRXTSHIFT / 4) { 301 in_losing(tp->t_inpcb); 302 tp->t_rttvar += (tp->t_srtt >> TCP_RTT_SHIFT); 303 tp->t_srtt = 0; 304 } 305 tp->snd_nxt = tp->snd_una; 306 /* 307 * Note: We overload snd_last to function also as the 308 * snd_last variable described in RFC 2582 309 */ 310 tp->snd_last = tp->snd_max; 311 /* 312 * If timing a segment in this window, stop the timer. 313 */ 314 tp->t_rtttime = 0; 315 #ifdef TCP_ECN 316 /* 317 * if ECN is enabled, there might be a broken firewall which 318 * blocks ecn packets. fall back to non-ecn. 319 */ 320 if ((tp->t_state == TCPS_SYN_SENT || tp->t_state == TCPS_SYN_RECEIVED) 321 && tcp_do_ecn && !(tp->t_flags & TF_DISABLE_ECN)) 322 tp->t_flags |= TF_DISABLE_ECN; 323 #endif 324 /* 325 * Close the congestion window down to one segment 326 * (we'll open it by one segment for each ack we get). 327 * Since we probably have a window's worth of unacked 328 * data accumulated, this "slow start" keeps us from 329 * dumping all that data as back-to-back packets (which 330 * might overwhelm an intermediate gateway). 331 * 332 * There are two phases to the opening: Initially we 333 * open by one mss on each ack. This makes the window 334 * size increase exponentially with time. If the 335 * window is larger than the path can handle, this 336 * exponential growth results in dropped packet(s) 337 * almost immediately. To get more time between 338 * drops but still "push" the network to take advantage 339 * of improving conditions, we switch from exponential 340 * to linear window opening at some threshold size. 341 * For a threshold, we use half the current window 342 * size, truncated to a multiple of the mss. 343 * 344 * (the minimum cwnd that will give us exponential 345 * growth is 2 mss. We don't allow the threshold 346 * to go below this.) 347 */ 348 { 349 u_long win = ulmin(tp->snd_wnd, tp->snd_cwnd) / 2 / tp->t_maxseg; 350 if (win < 2) 351 win = 2; 352 tp->snd_cwnd = tp->t_maxseg; 353 tp->snd_ssthresh = win * tp->t_maxseg; 354 tp->t_dupacks = 0; 355 #ifdef TCP_ECN 356 tp->snd_last = tp->snd_max; 357 tp->t_flags |= TF_SEND_CWR; 358 #endif 359 #if 1 /* TCP_ECN */ 360 tcpstat_inc(tcps_cwr_timeout); 361 #endif 362 } 363 (void) tcp_output(tp); 364 365 out: 366 NET_UNLOCK(); 367 } 368 369 void 370 tcp_timer_persist(void *arg) 371 { 372 struct tcpcb *tp = arg; 373 uint32_t rto; 374 375 NET_LOCK(); 376 /* Ignore canceled timeouts or timeouts that have been rescheduled. */ 377 if (!ISSET((tp)->t_flags, TF_TMR_PERSIST) || 378 timeout_pending(&tp->t_timer[TCPT_PERSIST])) 379 goto out; 380 CLR((tp)->t_flags, TF_TMR_PERSIST); 381 382 if (TCP_TIMER_ISARMED(tp, TCPT_REXMT)) 383 goto out; 384 tcpstat_inc(tcps_persisttimeo); 385 /* 386 * Hack: if the peer is dead/unreachable, we do not 387 * time out if the window is closed. After a full 388 * backoff, drop the connection if the idle time 389 * (no responses to probes) reaches the maximum 390 * backoff that we would use if retransmitting. 391 */ 392 rto = TCP_REXMTVAL(tp); 393 if (rto < tp->t_rttmin) 394 rto = tp->t_rttmin; 395 if (tp->t_rxtshift == TCP_MAXRXTSHIFT && 396 ((tcp_now - tp->t_rcvtime) >= tcp_maxpersistidle || 397 (tcp_now - tp->t_rcvtime) >= rto * tcp_totbackoff)) { 398 tcpstat_inc(tcps_persistdrop); 399 tp = tcp_drop(tp, ETIMEDOUT); 400 goto out; 401 } 402 tcp_setpersist(tp); 403 tp->t_force = 1; 404 (void) tcp_output(tp); 405 tp->t_force = 0; 406 out: 407 NET_UNLOCK(); 408 } 409 410 void 411 tcp_timer_keep(void *arg) 412 { 413 struct tcpcb *tp = arg; 414 415 NET_LOCK(); 416 /* Ignore canceled timeouts or timeouts that have been rescheduled. */ 417 if (!ISSET((tp)->t_flags, TF_TMR_KEEP) || 418 timeout_pending(&tp->t_timer[TCPT_KEEP])) 419 goto out; 420 CLR((tp)->t_flags, TF_TMR_KEEP); 421 422 tcpstat_inc(tcps_keeptimeo); 423 if (TCPS_HAVEESTABLISHED(tp->t_state) == 0) 424 goto dropit; 425 if ((tcp_always_keepalive || 426 tp->t_inpcb->inp_socket->so_options & SO_KEEPALIVE) && 427 tp->t_state <= TCPS_CLOSING) { 428 if ((tcp_maxidle > 0) && 429 ((tcp_now - tp->t_rcvtime) >= tcp_keepidle + tcp_maxidle)) 430 goto dropit; 431 /* 432 * Send a packet designed to force a response 433 * if the peer is up and reachable: 434 * either an ACK if the connection is still alive, 435 * or an RST if the peer has closed the connection 436 * due to timeout or reboot. 437 * Using sequence number tp->snd_una-1 438 * causes the transmitted zero-length segment 439 * to lie outside the receive window; 440 * by the protocol spec, this requires the 441 * correspondent TCP to respond. 442 */ 443 tcpstat_inc(tcps_keepprobe); 444 tcp_respond(tp, mtod(tp->t_template, caddr_t), 445 NULL, tp->rcv_nxt, tp->snd_una - 1, 0, 0); 446 TCP_TIMER_ARM(tp, TCPT_KEEP, tcp_keepintvl); 447 } else 448 TCP_TIMER_ARM(tp, TCPT_KEEP, tcp_keepidle); 449 out: 450 NET_UNLOCK(); 451 return; 452 453 dropit: 454 tcpstat_inc(tcps_keepdrops); 455 tp = tcp_drop(tp, ETIMEDOUT); 456 NET_UNLOCK(); 457 } 458 459 void 460 tcp_timer_2msl(void *arg) 461 { 462 struct tcpcb *tp = arg; 463 464 NET_LOCK(); 465 /* Ignore canceled timeouts or timeouts that have been rescheduled. */ 466 if (!ISSET((tp)->t_flags, TF_TMR_2MSL) || 467 timeout_pending(&tp->t_timer[TCPT_2MSL])) 468 goto out; 469 CLR((tp)->t_flags, TF_TMR_2MSL); 470 471 tcp_timer_freesack(tp); 472 473 if (tp->t_state != TCPS_TIME_WAIT && 474 ((tcp_maxidle == 0) || ((tcp_now - tp->t_rcvtime) <= tcp_maxidle))) 475 TCP_TIMER_ARM(tp, TCPT_2MSL, tcp_keepintvl); 476 else 477 tp = tcp_close(tp); 478 479 out: 480 NET_UNLOCK(); 481 } 482 483 void 484 tcp_timer_reaper(void *arg) 485 { 486 struct tcpcb *tp = arg; 487 488 /* 489 * This timer is necessary to delay the pool_put() after all timers 490 * have finished, even if they were sleeping to grab the net lock. 491 * Putting the pool_put() in a timer is sufficinet as all timers run 492 * from the same timeout thread. Note that neither softnet thread nor 493 * user process may access the tcpcb after arming the reaper timer. 494 * Freeing may run in parallel as it does not grab the net lock. 495 */ 496 pool_put(&tcpcb_pool, tp); 497 tcpstat_inc(tcps_closed); 498 } 499