tcp: Allow per-tcpcb keepintvl and keepcnt
[dragonfly.git] / sys / netinet / tcp_subr.c
CommitLineData
984263bc 1/*
66d6c637
JH
2 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved.
3 * Copyright (c) 2003, 2004 The DragonFly Project. All rights reserved.
f23061d4 4 *
66d6c637
JH
5 * This code is derived from software contributed to The DragonFly Project
6 * by Jeffrey M. Hsu.
f23061d4 7 *
66d6c637
JH
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of The DragonFly Project nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific, prior written permission.
f23061d4 19 *
66d6c637
JH
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
30 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34/*
984263bc
MD
35 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
36 * The Regents of the University of California. All rights reserved.
37 *
38 * Redistribution and use in source and binary forms, with or without
39 * modification, are permitted provided that the following conditions
40 * are met:
41 * 1. Redistributions of source code must retain the above copyright
42 * notice, this list of conditions and the following disclaimer.
43 * 2. Redistributions in binary form must reproduce the above copyright
44 * notice, this list of conditions and the following disclaimer in the
45 * documentation and/or other materials provided with the distribution.
46 * 3. All advertising materials mentioning features or use of this software
47 * must display the following acknowledgement:
48 * This product includes software developed by the University of
49 * California, Berkeley and its contributors.
50 * 4. Neither the name of the University nor the names of its contributors
51 * may be used to endorse or promote products derived from this software
52 * without specific prior written permission.
53 *
54 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
55 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
56 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
57 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
58 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
59 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
60 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
62 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
63 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
64 * SUCH DAMAGE.
65 *
66 * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95
67 * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.73.2.31 2003/01/24 05:11:34 sam Exp $
68 */
69
70#include "opt_compat.h"
b1992928 71#include "opt_inet.h"
984263bc
MD
72#include "opt_inet6.h"
73#include "opt_ipsec.h"
74#include "opt_tcpdebug.h"
75
76#include <sys/param.h>
77#include <sys/systm.h>
78#include <sys/callout.h>
79#include <sys/kernel.h>
80#include <sys/sysctl.h>
81#include <sys/malloc.h>
dd2b0fb4 82#include <sys/mpipe.h>
984263bc
MD
83#include <sys/mbuf.h>
84#ifdef INET6
85#include <sys/domain.h>
86#endif
87#include <sys/proc.h>
895c1f85 88#include <sys/priv.h>
984263bc
MD
89#include <sys/socket.h>
90#include <sys/socketvar.h>
91#include <sys/protosw.h>
92#include <sys/random.h>
3f9db7f8 93#include <sys/in_cksum.h>
c7afbe76 94#include <sys/ktr.h>
984263bc 95
984263bc
MD
96#include <net/route.h>
97#include <net/if.h>
0ddb6032 98#include <net/netisr.h>
984263bc 99
707ad4ed 100#define _IP_VHL
984263bc
MD
101#include <netinet/in.h>
102#include <netinet/in_systm.h>
103#include <netinet/ip.h>
984263bc 104#include <netinet/ip6.h>
984263bc 105#include <netinet/in_pcb.h>
984263bc 106#include <netinet6/in6_pcb.h>
984263bc
MD
107#include <netinet/in_var.h>
108#include <netinet/ip_var.h>
984263bc 109#include <netinet6/ip6_var.h>
7d448528
JH
110#include <netinet/ip_icmp.h>
111#ifdef INET6
112#include <netinet/icmp6.h>
113#endif
984263bc
MD
114#include <netinet/tcp.h>
115#include <netinet/tcp_fsm.h>
116#include <netinet/tcp_seq.h>
117#include <netinet/tcp_timer.h>
a48c5dd5 118#include <netinet/tcp_timer2.h>
984263bc 119#include <netinet/tcp_var.h>
984263bc 120#include <netinet6/tcp6_var.h>
984263bc
MD
121#include <netinet/tcpip.h>
122#ifdef TCPDEBUG
123#include <netinet/tcp_debug.h>
124#endif
125#include <netinet6/ip6protosw.h>
126
127#ifdef IPSEC
128#include <netinet6/ipsec.h>
b1992928 129#include <netproto/key/key.h>
984263bc
MD
130#ifdef INET6
131#include <netinet6/ipsec6.h>
132#endif
707ad4ed 133#endif
984263bc
MD
134
135#ifdef FAST_IPSEC
bf844ffa 136#include <netproto/ipsec/ipsec.h>
984263bc 137#ifdef INET6
bf844ffa 138#include <netproto/ipsec/ipsec6.h>
984263bc
MD
139#endif
140#define IPSEC
707ad4ed 141#endif
984263bc 142
984263bc 143#include <sys/md5.h>
d2e9e54c
MD
144#include <machine/smp.h>
145
684a93c4
MD
146#include <sys/msgport2.h>
147#include <sys/mplock2.h>
4599cf19
MD
148#include <net/netmsg2.h>
149
c7afbe76
MD
150#if !defined(KTR_TCP)
151#define KTR_TCP KTR_ALL
152#endif
c3c96e44 153/*
879a1b60 154KTR_INFO_MASTER(tcp);
c7afbe76
MD
155KTR_INFO(KTR_TCP, tcp, rxmsg, 0, "tcp getmsg", 0);
156KTR_INFO(KTR_TCP, tcp, wait, 1, "tcp waitmsg", 0);
157KTR_INFO(KTR_TCP, tcp, delayed, 2, "tcp execute delayed ops", 0);
158#define logtcp(name) KTR_LOG(tcp_ ## name)
879a1b60 159*/
c7afbe76 160
2b1ce38a
MD
161struct inpcbinfo tcbinfo[MAXCPU];
162struct tcpcbackqhead tcpcbackq[MAXCPU];
163
0ce0603e 164static struct lwkt_token tcp_port_token =
a3c18566 165 LWKT_TOKEN_INITIALIZER(tcp_port_token);
0ce0603e 166
707ad4ed 167int tcp_mssdflt = TCP_MSS;
f23061d4 168SYSCTL_INT(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt, CTLFLAG_RW,
707ad4ed 169 &tcp_mssdflt, 0, "Default TCP Maximum Segment Size");
984263bc
MD
170
171#ifdef INET6
707ad4ed
JH
172int tcp_v6mssdflt = TCP6_MSS;
173SYSCTL_INT(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt, CTLFLAG_RW,
174 &tcp_v6mssdflt, 0, "Default TCP Maximum Segment Size for IPv6");
984263bc
MD
175#endif
176
5b0b9fa5
PA
177/*
178 * Minimum MSS we accept and use. This prevents DoS attacks where
179 * we are forced to a ridiculous low MSS like 20 and send hundreds
180 * of packets instead of one. The effect scales with the available
181 * bandwidth and quickly saturates the CPU and network interface
182 * with packet generation and sending. Set to zero to disable MINMSS
183 * checking. This setting prevents us from sending too small packets.
184 */
185int tcp_minmss = TCP_MINMSS;
186SYSCTL_INT(_net_inet_tcp, OID_AUTO, minmss, CTLFLAG_RW,
187 &tcp_minmss , 0, "Minmum TCP Maximum Segment Size");
5b0b9fa5 188
984263bc 189#if 0
707ad4ed 190static int tcp_rttdflt = TCPTV_SRTTDFLT / PR_SLOWHZ;
f23061d4 191SYSCTL_INT(_net_inet_tcp, TCPCTL_RTTDFLT, rttdflt, CTLFLAG_RW,
707ad4ed 192 &tcp_rttdflt, 0, "Default maximum TCP Round Trip Time");
984263bc
MD
193#endif
194
707ad4ed 195int tcp_do_rfc1323 = 1;
f23061d4 196SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_RW,
707ad4ed 197 &tcp_do_rfc1323, 0, "Enable rfc1323 (high performance TCP) extensions");
984263bc 198
707ad4ed 199static int tcp_tcbhashsize = 0;
984263bc 200SYSCTL_INT(_net_inet_tcp, OID_AUTO, tcbhashsize, CTLFLAG_RD,
707ad4ed 201 &tcp_tcbhashsize, 0, "Size of TCP control block hashtable");
984263bc 202
707ad4ed 203static int do_tcpdrain = 1;
984263bc
MD
204SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, &do_tcpdrain, 0,
205 "Enable tcp_drain routine for extra help when low on mbufs");
206
707ad4ed 207static int icmp_may_rst = 1;
f23061d4 208SYSCTL_INT(_net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_RW, &icmp_may_rst, 0,
984263bc
MD
209 "Certain ICMP unreachable messages may abort connections in SYN_SENT");
210
707ad4ed 211static int tcp_isn_reseed_interval = 0;
984263bc
MD
212SYSCTL_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_RW,
213 &tcp_isn_reseed_interval, 0, "Seconds between reseeding of ISN secret");
214
215/*
d66b98eb
MD
216 * TCP bandwidth limiting sysctls. The inflight limiter is now turned on
217 * by default, but with generous values which should allow maximal
218 * bandwidth. In particular, the slop defaults to 50 (5 packets).
219 *
220 * The reason for doing this is that the limiter is the only mechanism we
221 * have which seems to do a really good job preventing receiver RX rings
222 * on network interfaces from getting blown out. Even though GigE/10GigE
223 * is supposed to flow control it looks like either it doesn't actually
224 * do it or Open Source drivers do not properly enable it.
225 *
226 * People using the limiter to reduce bottlenecks on slower WAN connections
227 * should set the slop to 20 (2 packets).
984263bc 228 */
d66b98eb 229static int tcp_inflight_enable = 1;
984263bc
MD
230SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_enable, CTLFLAG_RW,
231 &tcp_inflight_enable, 0, "Enable automatic TCP inflight data limiting");
232
707ad4ed 233static int tcp_inflight_debug = 0;
984263bc
MD
234SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_debug, CTLFLAG_RW,
235 &tcp_inflight_debug, 0, "Debug TCP inflight calculations");
236
707ad4ed 237static int tcp_inflight_min = 6144;
984263bc 238SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_min, CTLFLAG_RW,
707ad4ed 239 &tcp_inflight_min, 0, "Lower bound for TCP inflight window");
984263bc 240
707ad4ed 241static int tcp_inflight_max = TCP_MAXWIN << TCP_MAX_WINSHIFT;
984263bc 242SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_max, CTLFLAG_RW,
707ad4ed 243 &tcp_inflight_max, 0, "Upper bound for TCP inflight window");
984263bc 244
d66b98eb 245static int tcp_inflight_stab = 50;
984263bc 246SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_stab, CTLFLAG_RW,
d66b98eb 247 &tcp_inflight_stab, 0, "Slop in maximal packets / 10 (20 = 3 packets)");
984263bc 248
dd2b0fb4
MD
249static MALLOC_DEFINE(M_TCPTEMP, "tcptemp", "TCP Templates for Keepalives");
250static struct malloc_pipe tcptemp_mpipe;
251
c3c96e44 252static void tcp_willblock(void);
707ad4ed 253static void tcp_notify (struct inpcb *, int);
984263bc 254
5f7ab76b 255struct tcp_stats tcpstats_percpu[MAXCPU];
2b57d013
MD
256#ifdef SMP
257static int
258sysctl_tcpstats(SYSCTL_HANDLER_ARGS)
259{
707ad4ed 260 int cpu, error = 0;
2b57d013 261
707ad4ed 262 for (cpu = 0; cpu < ncpus; ++cpu) {
5f7ab76b 263 if ((error = SYSCTL_OUT(req, &tcpstats_percpu[cpu],
707ad4ed 264 sizeof(struct tcp_stats))))
2b57d013 265 break;
5f7ab76b 266 if ((error = SYSCTL_IN(req, &tcpstats_percpu[cpu],
707ad4ed 267 sizeof(struct tcp_stats))))
2b57d013
MD
268 break;
269 }
270
271 return (error);
272}
707ad4ed
JH
273SYSCTL_PROC(_net_inet_tcp, TCPCTL_STATS, stats, (CTLTYPE_OPAQUE | CTLFLAG_RW),
274 0, 0, sysctl_tcpstats, "S,tcp_stats", "TCP statistics");
275#else
2b57d013 276SYSCTL_STRUCT(_net_inet_tcp, TCPCTL_STATS, stats, CTLFLAG_RW,
707ad4ed 277 &tcpstat, tcp_stats, "TCP statistics");
2b57d013
MD
278#endif
279
984263bc
MD
280/*
281 * Target size of TCP PCB hash tables. Must be a power of two.
282 *
283 * Note that this can be overridden by the kernel environment
284 * variable net.inet.tcp.tcbhashsize
285 */
286#ifndef TCBHASHSIZE
707ad4ed 287#define TCBHASHSIZE 512
984263bc
MD
288#endif
289
290/*
291 * This is the actual shape of what we allocate using the zone
292 * allocator. Doing it this way allows us to protect both structures
293 * using the same generation count, and also eliminates the overhead
294 * of allocating tcpcbs separately. By hiding the structure here,
295 * we avoid changing most of the rest of the code (although it needs
296 * to be changed, eventually, for greater efficiency).
297 */
298#define ALIGNMENT 32
299#define ALIGNM1 (ALIGNMENT - 1)
300struct inp_tp {
301 union {
302 struct inpcb inp;
303 char align[(sizeof(struct inpcb) + ALIGNM1) & ~ALIGNM1];
304 } inp_tp_u;
305 struct tcpcb tcb;
a48c5dd5
SZ
306 struct tcp_callout inp_tp_rexmt;
307 struct tcp_callout inp_tp_persist;
308 struct tcp_callout inp_tp_keep;
309 struct tcp_callout inp_tp_2msl;
310 struct tcp_callout inp_tp_delack;
0f758523 311 struct netmsg_tcp_timer inp_tp_timermsg;
984263bc
MD
312};
313#undef ALIGNMENT
314#undef ALIGNM1
315
316/*
317 * Tcp initialization
318 */
319void
f3f70f0d 320tcp_init(void)
984263bc 321{
0ce0603e 322 struct inpcbporthead *porthashbase;
85095f20 323 struct inpcbinfo *ticb;
0ce0603e 324 u_long porthashmask;
984263bc 325 int hashsize = TCBHASHSIZE;
d371a63a 326 int cpu;
bf82f9b7 327
d2e9e54c
MD
328 /*
329 * note: tcptemp is used for keepalives, and it is ok for an
330 * allocation to fail so do not specify MPF_INT.
331 */
dd2b0fb4 332 mpipe_init(&tcptemp_mpipe, M_TCPTEMP, sizeof(struct tcptemp),
fdec03d6 333 25, -1, 0, NULL, NULL, NULL);
dd2b0fb4 334
984263bc
MD
335 tcp_delacktime = TCPTV_DELACK;
336 tcp_keepinit = TCPTV_KEEP_INIT;
337 tcp_keepidle = TCPTV_KEEP_IDLE;
338 tcp_keepintvl = TCPTV_KEEPINTVL;
339 tcp_maxpersistidle = TCPTV_KEEP_IDLE;
340 tcp_msl = TCPTV_MSL;
341 tcp_rexmit_min = TCPTV_MIN;
342 tcp_rexmit_slop = TCPTV_CPU_VAR;
343
984263bc
MD
344 TUNABLE_INT_FETCH("net.inet.tcp.tcbhashsize", &hashsize);
345 if (!powerof2(hashsize)) {
a6ec04bc 346 kprintf("WARNING: TCB hash size not a power of 2\n");
984263bc
MD
347 hashsize = 512; /* safe default */
348 }
349 tcp_tcbhashsize = hashsize;
0ce0603e 350 porthashbase = hashinit(hashsize, M_PCB, &porthashmask);
d371a63a
JH
351
352 for (cpu = 0; cpu < ncpus2; cpu++) {
85095f20
MD
353 ticb = &tcbinfo[cpu];
354 in_pcbinfo_init(ticb);
355 ticb->cpu = cpu;
356 ticb->hashbase = hashinit(hashsize, M_PCB,
357 &ticb->hashmask);
0ce0603e
MD
358 ticb->porthashbase = porthashbase;
359 ticb->porthashmask = porthashmask;
360 ticb->porttoken = &tcp_port_token;
361#if 0
85095f20
MD
362 ticb->porthashbase = hashinit(hashsize, M_PCB,
363 &ticb->porthashmask);
0ce0603e 364#endif
85095f20
MD
365 ticb->wildcardhashbase = hashinit(hashsize, M_PCB,
366 &ticb->wildcardhashmask);
367 ticb->ipi_size = sizeof(struct inp_tp);
2b1ce38a 368 TAILQ_INIT(&tcpcbackq[cpu]);
d371a63a 369 }
3edf7c37
RG
370
371 tcp_reass_maxseg = nmbclusters / 16;
707ad4ed 372 TUNABLE_INT_FETCH("net.inet.tcp.reass.maxsegments", &tcp_reass_maxseg);
3edf7c37 373
984263bc 374#ifdef INET6
707ad4ed
JH
375#define TCP_MINPROTOHDR (sizeof(struct ip6_hdr) + sizeof(struct tcphdr))
376#else
377#define TCP_MINPROTOHDR (sizeof(struct tcpiphdr))
378#endif
984263bc
MD
379 if (max_protohdr < TCP_MINPROTOHDR)
380 max_protohdr = TCP_MINPROTOHDR;
381 if (max_linkhdr + TCP_MINPROTOHDR > MHLEN)
382 panic("tcp_init");
383#undef TCP_MINPROTOHDR
384
2b57d013 385 /*
5f7ab76b 386 * Initialize TCP statistics counters for each CPU.
2b57d013
MD
387 */
388#ifdef SMP
389 for (cpu = 0; cpu < ncpus; ++cpu) {
5f7ab76b 390 bzero(&tcpstats_percpu[cpu], sizeof(struct tcp_stats));
2b57d013
MD
391 }
392#else
393 bzero(&tcpstat, sizeof(struct tcp_stats));
394#endif
395
984263bc 396 syncache_init();
c3c96e44 397 netisr_register_rollup(tcp_willblock);
2b1ce38a
MD
398}
399
400static void
c3c96e44 401tcp_willblock(void)
2b1ce38a
MD
402{
403 struct tcpcb *tp;
404 int cpu = mycpu->gd_cpuid;
405
406 while ((tp = TAILQ_FIRST(&tcpcbackq[cpu])) != NULL) {
407 KKASSERT(tp->t_flags & TF_ONOUTPUTQ);
408 tp->t_flags &= ~TF_ONOUTPUTQ;
409 TAILQ_REMOVE(&tcpcbackq[cpu], tp, t_outputq);
410 tcp_output(tp);
411 }
412}
413
984263bc
MD
414/*
415 * Fill in the IP and TCP headers for an outgoing packet, given the tcpcb.
416 * tcp_template used to store this data in mbufs, but we now recopy it out
417 * of the tcpcb each time to conserve mbufs.
418 */
419void
707ad4ed 420tcp_fillheaders(struct tcpcb *tp, void *ip_ptr, void *tcp_ptr)
984263bc
MD
421{
422 struct inpcb *inp = tp->t_inpcb;
423 struct tcphdr *tcp_hdr = (struct tcphdr *)tcp_ptr;
424
425#ifdef INET6
707ad4ed 426 if (inp->inp_vflag & INP_IPV6) {
984263bc
MD
427 struct ip6_hdr *ip6;
428
429 ip6 = (struct ip6_hdr *)ip_ptr;
430 ip6->ip6_flow = (ip6->ip6_flow & ~IPV6_FLOWINFO_MASK) |
431 (inp->in6p_flowinfo & IPV6_FLOWINFO_MASK);
432 ip6->ip6_vfc = (ip6->ip6_vfc & ~IPV6_VERSION_MASK) |
433 (IPV6_VERSION & IPV6_VERSION_MASK);
434 ip6->ip6_nxt = IPPROTO_TCP;
435 ip6->ip6_plen = sizeof(struct tcphdr);
436 ip6->ip6_src = inp->in6p_laddr;
437 ip6->ip6_dst = inp->in6p_faddr;
438 tcp_hdr->th_sum = 0;
439 } else
440#endif
441 {
707ad4ed
JH
442 struct ip *ip = (struct ip *) ip_ptr;
443
444 ip->ip_vhl = IP_VHL_BORING;
445 ip->ip_tos = 0;
446 ip->ip_len = 0;
447 ip->ip_id = 0;
448 ip->ip_off = 0;
449 ip->ip_ttl = 0;
450 ip->ip_sum = 0;
451 ip->ip_p = IPPROTO_TCP;
452 ip->ip_src = inp->inp_laddr;
453 ip->ip_dst = inp->inp_faddr;
454 tcp_hdr->th_sum = in_pseudo(ip->ip_src.s_addr,
455 ip->ip_dst.s_addr,
456 htons(sizeof(struct tcphdr) + IPPROTO_TCP));
984263bc
MD
457 }
458
459 tcp_hdr->th_sport = inp->inp_lport;
460 tcp_hdr->th_dport = inp->inp_fport;
461 tcp_hdr->th_seq = 0;
462 tcp_hdr->th_ack = 0;
463 tcp_hdr->th_x2 = 0;
464 tcp_hdr->th_off = 5;
465 tcp_hdr->th_flags = 0;
466 tcp_hdr->th_win = 0;
467 tcp_hdr->th_urp = 0;
468}
469
470/*
471 * Create template to be used to send tcp packets on a connection.
472 * Allocates an mbuf and fills in a skeletal tcp/ip header. The only
473 * use for this function is in keepalives, which use tcp_respond.
474 */
475struct tcptemp *
707ad4ed 476tcp_maketemplate(struct tcpcb *tp)
984263bc 477{
dd2b0fb4 478 struct tcptemp *tmp;
984263bc 479
dd2b0fb4 480 if ((tmp = mpipe_alloc_nowait(&tcptemp_mpipe)) == NULL)
707ad4ed 481 return (NULL);
f23061d4 482 tcp_fillheaders(tp, &tmp->tt_ipgen, &tmp->tt_t);
dd2b0fb4
MD
483 return (tmp);
484}
984263bc 485
dd2b0fb4
MD
486void
487tcp_freetemplate(struct tcptemp *tmp)
488{
489 mpipe_free(&tcptemp_mpipe, tmp);
984263bc
MD
490}
491
492/*
493 * Send a single message to the TCP at address specified by
707ad4ed 494 * the given TCP/IP header. If m == NULL, then we make a copy
984263bc
MD
495 * of the tcpiphdr at ti and send directly to the addressed host.
496 * This is used to force keep alive messages out using the TCP
497 * template for a connection. If flags are given then we send
498 * a message back to the TCP which originated the * segment ti,
499 * and discard the mbuf containing it and any other attached mbufs.
500 *
501 * In any case the ack and sequence number of the transmitted
502 * segment are as specified by the parameters.
503 *
504 * NOTE: If m != NULL, then ti must point to *inside* the mbuf.
505 */
506void
707ad4ed
JH
507tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
508 tcp_seq ack, tcp_seq seq, int flags)
984263bc 509{
2256ba69 510 int tlen;
984263bc 511 int win = 0;
707ad4ed 512 struct route *ro = NULL;
984263bc 513 struct route sro;
707ad4ed 514 struct ip *ip = ipgen;
984263bc 515 struct tcphdr *nth;
984263bc 516 int ipflags = 0;
707ad4ed
JH
517 struct route_in6 *ro6 = NULL;
518 struct route_in6 sro6;
519 struct ip6_hdr *ip6 = ipgen;
5a0e5b43 520 boolean_t use_tmpro = TRUE;
984263bc 521#ifdef INET6
707ad4ed
JH
522 boolean_t isipv6 = (IP_VHL_V(ip->ip_vhl) == 6);
523#else
524 const boolean_t isipv6 = FALSE;
525#endif
984263bc 526
707ad4ed 527 if (tp != NULL) {
984263bc 528 if (!(flags & TH_RST)) {
6d49aa6f 529 win = ssb_space(&tp->t_inpcb->inp_socket->so_rcv);
46e92930
MD
530 if (win < 0)
531 win = 0;
984263bc
MD
532 if (win > (long)TCP_MAXWIN << tp->rcv_scale)
533 win = (long)TCP_MAXWIN << tp->rcv_scale;
534 }
5a0e5b43
SZ
535 /*
536 * Don't use the route cache of a listen socket,
537 * it is not MPSAFE; use temporary route cache.
538 */
539 if (tp->t_state != TCPS_LISTEN) {
540 if (isipv6)
541 ro6 = &tp->t_inpcb->in6p_route;
542 else
543 ro = &tp->t_inpcb->inp_route;
544 use_tmpro = FALSE;
545 }
546 }
547 if (use_tmpro) {
984263bc
MD
548 if (isipv6) {
549 ro6 = &sro6;
550 bzero(ro6, sizeof *ro6);
707ad4ed
JH
551 } else {
552 ro = &sro;
553 bzero(ro, sizeof *ro);
554 }
984263bc 555 }
707ad4ed 556 if (m == NULL) {
74f1caca 557 m = m_gethdr(MB_DONTWAIT, MT_HEADER);
984263bc
MD
558 if (m == NULL)
559 return;
560 tlen = 0;
561 m->m_data += max_linkhdr;
984263bc 562 if (isipv6) {
707ad4ed 563 bcopy(ip6, mtod(m, caddr_t), sizeof(struct ip6_hdr));
984263bc
MD
564 ip6 = mtod(m, struct ip6_hdr *);
565 nth = (struct tcphdr *)(ip6 + 1);
707ad4ed
JH
566 } else {
567 bcopy(ip, mtod(m, caddr_t), sizeof(struct ip));
568 ip = mtod(m, struct ip *);
569 nth = (struct tcphdr *)(ip + 1);
570 }
571 bcopy(th, nth, sizeof(struct tcphdr));
984263bc
MD
572 flags = TH_ACK;
573 } else {
574 m_freem(m->m_next);
707ad4ed 575 m->m_next = NULL;
984263bc
MD
576 m->m_data = (caddr_t)ipgen;
577 /* m_len is set later */
578 tlen = 0;
707ad4ed 579#define xchg(a, b, type) { type t; t = a; a = b; b = t; }
984263bc
MD
580 if (isipv6) {
581 xchg(ip6->ip6_dst, ip6->ip6_src, struct in6_addr);
582 nth = (struct tcphdr *)(ip6 + 1);
707ad4ed
JH
583 } else {
584 xchg(ip->ip_dst.s_addr, ip->ip_src.s_addr, n_long);
585 nth = (struct tcphdr *)(ip + 1);
586 }
984263bc
MD
587 if (th != nth) {
588 /*
589 * this is usually a case when an extension header
590 * exists between the IPv6 header and the
591 * TCP header.
592 */
593 nth->th_sport = th->th_sport;
594 nth->th_dport = th->th_dport;
595 }
596 xchg(nth->th_dport, nth->th_sport, n_short);
597#undef xchg
598 }
984263bc
MD
599 if (isipv6) {
600 ip6->ip6_flow = 0;
601 ip6->ip6_vfc = IPV6_VERSION;
602 ip6->ip6_nxt = IPPROTO_TCP;
707ad4ed
JH
603 ip6->ip6_plen = htons((u_short)(sizeof(struct tcphdr) + tlen));
604 tlen += sizeof(struct ip6_hdr) + sizeof(struct tcphdr);
605 } else {
606 tlen += sizeof(struct tcpiphdr);
607 ip->ip_len = tlen;
608 ip->ip_ttl = ip_defttl;
609 }
984263bc
MD
610 m->m_len = tlen;
611 m->m_pkthdr.len = tlen;
2038fb68 612 m->m_pkthdr.rcvif = NULL;
984263bc
MD
613 nth->th_seq = htonl(seq);
614 nth->th_ack = htonl(ack);
615 nth->th_x2 = 0;
707ad4ed 616 nth->th_off = sizeof(struct tcphdr) >> 2;
984263bc 617 nth->th_flags = flags;
707ad4ed 618 if (tp != NULL)
984263bc
MD
619 nth->th_win = htons((u_short) (win >> tp->rcv_scale));
620 else
621 nth->th_win = htons((u_short)win);
622 nth->th_urp = 0;
984263bc
MD
623 if (isipv6) {
624 nth->th_sum = 0;
625 nth->th_sum = in6_cksum(m, IPPROTO_TCP,
626 sizeof(struct ip6_hdr),
627 tlen - sizeof(struct ip6_hdr));
628 ip6->ip6_hlim = in6_selecthlim(tp ? tp->t_inpcb : NULL,
707ad4ed 629 (ro6 && ro6->ro_rt) ?
f23061d4 630 ro6->ro_rt->rt_ifp : NULL);
707ad4ed
JH
631 } else {
632 nth->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
633 htons((u_short)(tlen - sizeof(struct ip) + ip->ip_p)));
634 m->m_pkthdr.csum_flags = CSUM_TCP;
635 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
636 }
984263bc
MD
637#ifdef TCPDEBUG
638 if (tp == NULL || (tp->t_inpcb->inp_socket->so_options & SO_DEBUG))
639 tcp_trace(TA_OUTPUT, 0, tp, mtod(m, void *), th, 0);
640#endif
984263bc 641 if (isipv6) {
f23061d4
JH
642 ip6_output(m, NULL, ro6, ipflags, NULL, NULL,
643 tp ? tp->t_inpcb : NULL);
707ad4ed 644 if ((ro6 == &sro6) && (ro6->ro_rt != NULL)) {
984263bc
MD
645 RTFREE(ro6->ro_rt);
646 ro6->ro_rt = NULL;
647 }
707ad4ed 648 } else {
1dbb3516 649 ipflags |= IP_DEBUGROUTE;
f23061d4 650 ip_output(m, NULL, ro, ipflags, NULL, tp ? tp->t_inpcb : NULL);
707ad4ed
JH
651 if ((ro == &sro) && (ro->ro_rt != NULL)) {
652 RTFREE(ro->ro_rt);
653 ro->ro_rt = NULL;
654 }
984263bc 655 }
984263bc
MD
656}
657
658/*
659 * Create a new TCP control block, making an
660 * empty reassembly queue and hooking it to the argument
661 * protocol control block. The `inp' parameter must have
662 * come from the zone allocator set up in tcp_init().
663 */
664struct tcpcb *
707ad4ed 665tcp_newtcpcb(struct inpcb *inp)
984263bc
MD
666{
667 struct inp_tp *it;
2256ba69 668 struct tcpcb *tp;
984263bc 669#ifdef INET6
707ad4ed
JH
670 boolean_t isipv6 = ((inp->inp_vflag & INP_IPV6) != 0);
671#else
672 const boolean_t isipv6 = FALSE;
673#endif
984263bc
MD
674
675 it = (struct inp_tp *)inp;
676 tp = &it->tcb;
707ad4ed 677 bzero(tp, sizeof(struct tcpcb));
984263bc 678 LIST_INIT(&tp->t_segq);
707ad4ed 679 tp->t_maxseg = tp->t_maxopd = isipv6 ? tcp_v6mssdflt : tcp_mssdflt;
984263bc
MD
680
681 /* Set up our timeouts. */
a48c5dd5
SZ
682 tp->tt_rexmt = &it->inp_tp_rexmt;
683 tp->tt_persist = &it->inp_tp_persist;
684 tp->tt_keep = &it->inp_tp_keep;
685 tp->tt_2msl = &it->inp_tp_2msl;
686 tp->tt_delack = &it->inp_tp_delack;
687 tcp_inittimers(tp);
984263bc 688
3db1c8a3
SZ
689 /*
690 * Zero out timer message. We don't create it here,
691 * since the current CPU may not be the owner of this
692 * inpcb.
693 */
0f758523 694 tp->tt_msg = &it->inp_tp_timermsg;
3db1c8a3 695 bzero(tp->tt_msg, sizeof(*tp->tt_msg));
0f758523 696
2ce132be 697 tp->t_keepinit = tcp_keepinit;
7ea3a353 698 tp->t_keepidle = tcp_keepidle;
5d61ded3
SZ
699 tp->t_keepintvl = tcp_keepintvl;
700 tp->t_keepcnt = tcp_keepcnt;
701 tp->t_maxidle = tp->t_keepintvl * tp->t_keepcnt;
2ce132be 702
984263bc 703 if (tcp_do_rfc1323)
707ad4ed 704 tp->t_flags = (TF_REQ_SCALE | TF_REQ_TSTMP);
984263bc 705 tp->t_inpcb = inp; /* XXX */
eb594563 706 tp->t_state = TCPS_CLOSED;
984263bc
MD
707 /*
708 * Init srtt to TCPTV_SRTTBASE (0), so we can tell that we have no
709 * rtt estimate. Set rttvar so that srtt + 4 * rttvar gives
710 * reasonable initial retransmit time.
711 */
712 tp->t_srtt = TCPTV_SRTTBASE;
707ad4ed
JH
713 tp->t_rttvar =
714 ((TCPTV_RTOBASE - TCPTV_SRTTBASE) << TCP_RTTVAR_SHIFT) / 4;
984263bc
MD
715 tp->t_rttmin = tcp_rexmit_min;
716 tp->t_rxtcur = TCPTV_RTOBASE;
717 tp->snd_cwnd = TCP_MAXWIN << TCP_MAX_WINSHIFT;
718 tp->snd_bwnd = TCP_MAXWIN << TCP_MAX_WINSHIFT;
719 tp->snd_ssthresh = TCP_MAXWIN << TCP_MAX_WINSHIFT;
720 tp->t_rcvtime = ticks;
707ad4ed 721 /*
984263bc
MD
722 * IPv4 TTL initialization is necessary for an IPv6 socket as well,
723 * because the socket may be bound to an IPv6 wildcard address,
724 * which may match an IPv4-mapped IPv6 address.
725 */
726 inp->inp_ip_ttl = ip_defttl;
f23061d4 727 inp->inp_ppcb = tp;
91489f6b 728 tcp_sack_tcpcb_init(tp);
984263bc
MD
729 return (tp); /* XXX */
730}
731
732/*
707ad4ed
JH
733 * Drop a TCP connection, reporting the specified error.
734 * If connection is synchronized, then send a RST to peer.
984263bc
MD
735 */
736struct tcpcb *
71f385dc 737tcp_drop(struct tcpcb *tp, int error)
984263bc
MD
738{
739 struct socket *so = tp->t_inpcb->inp_socket;
740
741 if (TCPS_HAVERCVDSYN(tp->t_state)) {
742 tp->t_state = TCPS_CLOSED;
f23061d4 743 tcp_output(tp);
984263bc
MD
744 tcpstat.tcps_drops++;
745 } else
746 tcpstat.tcps_conndrops++;
71f385dc
MD
747 if (error == ETIMEDOUT && tp->t_softerror)
748 error = tp->t_softerror;
749 so->so_error = error;
984263bc
MD
750 return (tcp_close(tp));
751}
752
8affadf8 753#ifdef SMP
eb594563 754
ce6f0462 755struct netmsg_listen_detach {
002c1265 756 struct netmsg_base base;
ce6f0462 757 struct tcpcb *nm_tp;
8affadf8
JH
758};
759
4599cf19 760static void
ce6f0462 761tcp_listen_detach_handler(netmsg_t msg)
8affadf8 762{
ce6f0462
SZ
763 struct netmsg_listen_detach *nmsg = (struct netmsg_listen_detach *)msg;
764 struct tcpcb *tp = nmsg->nm_tp;
765 int cpu = mycpuid, nextcpu;
8affadf8 766
f7b29de5 767 if (tp->t_flags & TF_LISTEN)
ce6f0462 768 syncache_destroy(tp);
eb594563 769
ce6f0462
SZ
770 in_pcbremwildcardhash_oncpu(tp->t_inpcb, &tcbinfo[cpu]);
771
772 nextcpu = cpu + 1;
773 if (nextcpu < ncpus2)
774 lwkt_forwardmsg(cpu_portfn(nextcpu), &nmsg->base.lmsg);
775 else
002c1265 776 lwkt_replymsg(&nmsg->base.lmsg, 0);
8affadf8 777}
eb594563 778
8affadf8
JH
779#endif
780
984263bc
MD
781/*
782 * Close a TCP control block:
783 * discard all space held by the tcp
784 * discard internet protocol block
785 * wake up any sleepers
786 */
787struct tcpcb *
707ad4ed 788tcp_close(struct tcpcb *tp)
984263bc 789{
2256ba69 790 struct tseg_qent *q;
984263bc
MD
791 struct inpcb *inp = tp->t_inpcb;
792 struct socket *so = inp->inp_socket;
2256ba69 793 struct rtentry *rt;
707ad4ed
JH
794 boolean_t dosavessthresh;
795#ifdef INET6
796 boolean_t isipv6 = ((inp->inp_vflag & INP_IPV6) != 0);
eb594563 797 boolean_t isafinet6 = (INP_CHECK_SOCKAF(so, AF_INET6) != 0);
707ad4ed
JH
798#else
799 const boolean_t isipv6 = FALSE;
800#endif
984263bc 801
ce6f0462 802#ifdef SMP
984263bc 803 /*
ce6f0462
SZ
804 * INP_WILDCARD_MP indicates that listen(2) has been called on
805 * this socket. This implies:
806 * - A wildcard inp's hash is replicated for each protocol thread.
807 * - Syncache for this inp grows independently in each protocol
808 * thread.
985b2cb0 809 * - There is more than one cpu
eb594563 810 *
ce6f0462
SZ
811 * We have to chain a message to the rest of the protocol threads
812 * to cleanup the wildcard hash and the syncache. The cleanup
813 * in the current protocol thread is defered till the end of this
814 * function.
815 *
816 * NOTE:
817 * After cleanup the inp's hash and syncache entries, this inp will
818 * no longer be available to the rest of the protocol threads, so we
819 * are safe to whack the inp in the following code.
eb594563 820 */
ce6f0462
SZ
821 if (inp->inp_flags & INP_WILDCARD_MP) {
822 struct netmsg_listen_detach nmsg;
823
824 KKASSERT(so->so_port == cpu_portfn(0));
825 KKASSERT(&curthread->td_msgport == cpu_portfn(0));
826 KKASSERT(inp->inp_pcbinfo == &tcbinfo[0]);
827
828 netmsg_init(&nmsg.base, NULL, &curthread->td_msgport,
829 MSGF_PRIORITY, tcp_listen_detach_handler);
830 nmsg.nm_tp = tp;
831 lwkt_domsg(cpu_portfn(1), &nmsg.base.lmsg, 0);
832
833 inp->inp_flags &= ~INP_WILDCARD_MP;
834 }
835#endif
836
eb594563
MD
837 KKASSERT(tp->t_state != TCPS_TERMINATING);
838 tp->t_state = TCPS_TERMINATING;
839
840 /*
984263bc 841 * Make sure that all of our timers are stopped before we
2d42d2b0 842 * delete the PCB. For listen TCP socket (tp->tt_msg == NULL),
697aadcd
SZ
843 * timers are never used. If timer message is never created
844 * (tp->tt_msg->tt_tcb == NULL), timers are never used too.
984263bc 845 */
697aadcd 846 if (tp->tt_msg != NULL && tp->tt_msg->tt_tcb != NULL) {
2d42d2b0
SZ
847 tcp_callout_stop(tp, tp->tt_rexmt);
848 tcp_callout_stop(tp, tp->tt_persist);
849 tcp_callout_stop(tp, tp->tt_keep);
850 tcp_callout_stop(tp, tp->tt_2msl);
851 tcp_callout_stop(tp, tp->tt_delack);
852 }
984263bc 853
2b1ce38a
MD
854 if (tp->t_flags & TF_ONOUTPUTQ) {
855 KKASSERT(tp->tt_cpu == mycpu->gd_cpuid);
856 TAILQ_REMOVE(&tcpcbackq[tp->tt_cpu], tp, t_outputq);
857 tp->t_flags &= ~TF_ONOUTPUTQ;
858 }
859
984263bc
MD
860 /*
861 * If we got enough samples through the srtt filter,
862 * save the rtt and rttvar in the routing entry.
863 * 'Enough' is arbitrarily defined as the 16 samples.
864 * 16 samples is enough for the srtt filter to converge
865 * to within 5% of the correct value; fewer samples and
866 * we could save a very bogus rtt.
867 *
868 * Don't update the default route's characteristics and don't
869 * update anything that the user "locked".
870 */
871 if (tp->t_rttupdated >= 16) {
2256ba69 872 u_long i = 0;
707ad4ed 873
984263bc
MD
874 if (isipv6) {
875 struct sockaddr_in6 *sin6;
876
877 if ((rt = inp->in6p_route.ro_rt) == NULL)
878 goto no_valid_rt;
879 sin6 = (struct sockaddr_in6 *)rt_key(rt);
880 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))
881 goto no_valid_rt;
707ad4ed
JH
882 } else
883 if ((rt = inp->inp_route.ro_rt) == NULL ||
884 ((struct sockaddr_in *)rt_key(rt))->
885 sin_addr.s_addr == INADDR_ANY)
886 goto no_valid_rt;
887
888 if (!(rt->rt_rmx.rmx_locks & RTV_RTT)) {
889 i = tp->t_srtt * (RTM_RTTUNIT / (hz * TCP_RTT_SCALE));
984263bc
MD
890 if (rt->rt_rmx.rmx_rtt && i)
891 /*
892 * filter this update to half the old & half
893 * the new values, converting scale.
894 * See route.h and tcp_var.h for a
895 * description of the scaling constants.
896 */
897 rt->rt_rmx.rmx_rtt =
898 (rt->rt_rmx.rmx_rtt + i) / 2;
899 else
900 rt->rt_rmx.rmx_rtt = i;
901 tcpstat.tcps_cachedrtt++;
902 }
707ad4ed 903 if (!(rt->rt_rmx.rmx_locks & RTV_RTTVAR)) {
984263bc
MD
904 i = tp->t_rttvar *
905 (RTM_RTTUNIT / (hz * TCP_RTTVAR_SCALE));
906 if (rt->rt_rmx.rmx_rttvar && i)
907 rt->rt_rmx.rmx_rttvar =
908 (rt->rt_rmx.rmx_rttvar + i) / 2;
909 else
910 rt->rt_rmx.rmx_rttvar = i;
911 tcpstat.tcps_cachedrttvar++;
912 }
913 /*
914 * The old comment here said:
915 * update the pipelimit (ssthresh) if it has been updated
916 * already or if a pipesize was specified & the threshhold
917 * got below half the pipesize. I.e., wait for bad news
918 * before we start updating, then update on both good
919 * and bad news.
920 *
921 * But we want to save the ssthresh even if no pipesize is
922 * specified explicitly in the route, because such
923 * connections still have an implicit pipesize specified
924 * by the global tcp_sendspace. In the absence of a reliable
925 * way to calculate the pipesize, it will have to do.
926 */
927 i = tp->snd_ssthresh;
928 if (rt->rt_rmx.rmx_sendpipe != 0)
707ad4ed 929 dosavessthresh = (i < rt->rt_rmx.rmx_sendpipe/2);
984263bc 930 else
6d49aa6f 931 dosavessthresh = (i < so->so_snd.ssb_hiwat/2);
707ad4ed
JH
932 if (dosavessthresh ||
933 (!(rt->rt_rmx.rmx_locks & RTV_SSTHRESH) && (i != 0) &&
934 (rt->rt_rmx.rmx_ssthresh != 0))) {
984263bc
MD
935 /*
936 * convert the limit from user data bytes to
937 * packets then to packet data bytes.
938 */
939 i = (i + tp->t_maxseg / 2) / tp->t_maxseg;
940 if (i < 2)
941 i = 2;
707ad4ed
JH
942 i *= tp->t_maxseg +
943 (isipv6 ?
944 sizeof(struct ip6_hdr) + sizeof(struct tcphdr) :
945 sizeof(struct tcpiphdr));
984263bc
MD
946 if (rt->rt_rmx.rmx_ssthresh)
947 rt->rt_rmx.rmx_ssthresh =
948 (rt->rt_rmx.rmx_ssthresh + i) / 2;
949 else
950 rt->rt_rmx.rmx_ssthresh = i;
951 tcpstat.tcps_cachedssthresh++;
952 }
953 }
707ad4ed
JH
954
955no_valid_rt:
984263bc
MD
956 /* free the reassembly queue, if any */
957 while((q = LIST_FIRST(&tp->t_segq)) != NULL) {
958 LIST_REMOVE(q, tqe_q);
959 m_freem(q->tqe_m);
960 FREE(q, M_TSEGQ);
2d23a8be 961 atomic_add_int(&tcp_reass_qsize, -1);
984263bc 962 }
4617a559 963 /* throw away SACK blocks in scoreboard*/
91489f6b
JH
964 if (TCP_DO_SACK(tp))
965 tcp_sack_cleanup(&tp->scb);
eb594563 966
4617a559 967 inp->inp_ppcb = NULL;
984263bc 968 soisdisconnected(so);
4617a559
MD
969 /* note: pcb detached later on */
970
0f758523 971 tcp_destroy_timermsg(tp);
ce6f0462 972
f7b29de5 973 if (tp->t_flags & TF_LISTEN)
e5fe3477 974 syncache_destroy(tp);
0f758523 975
eb594563 976 /*
ce6f0462
SZ
977 * NOTE:
978 * pcbdetach removes any wildcard hash entry on the current CPU.
eb594563 979 */
984263bc 980#ifdef INET6
ce6f0462
SZ
981 if (isafinet6)
982 in6_pcbdetach(inp);
983 else
707ad4ed 984#endif
ce6f0462
SZ
985 in_pcbdetach(inp);
986
984263bc 987 tcpstat.tcps_closed++;
707ad4ed 988 return (NULL);
984263bc
MD
989}
990
3f48f9c5
JH
991static __inline void
992tcp_drain_oncpu(struct inpcbhead *head)
984263bc 993{
2d23a8be 994 struct inpcb *marker;
d371a63a
JH
995 struct inpcb *inpb;
996 struct tcpcb *tcpb;
997 struct tseg_qent *te;
3f48f9c5 998
2d23a8be
MD
999 /*
1000 * Allows us to block while running the list
1001 */
1002 marker = kmalloc(sizeof(struct inpcb), M_TEMP, M_WAITOK|M_ZERO);
1003 marker->inp_flags |= INP_PLACEMARKER;
1004 LIST_INSERT_HEAD(head, marker, inp_list);
1005
1006 while ((inpb = LIST_NEXT(marker, inp_list)) != NULL) {
1007 if ((inpb->inp_flags & INP_PLACEMARKER) == 0 &&
1008 (tcpb = intotcpcb(inpb)) != NULL &&
1009 (te = LIST_FIRST(&tcpb->t_segq)) != NULL) {
1010 LIST_REMOVE(te, tqe_q);
1011 m_freem(te->tqe_m);
1012 FREE(te, M_TSEGQ);
1013 atomic_add_int(&tcp_reass_qsize, -1);
1014 /* retry */
1015 } else {
1016 LIST_REMOVE(marker, inp_list);
1017 LIST_INSERT_AFTER(inpb, marker, inp_list);
3f48f9c5
JH
1018 }
1019 }
2d23a8be
MD
1020 LIST_REMOVE(marker, inp_list);
1021 kfree(marker, M_TEMP);
3f48f9c5
JH
1022}
1023
0ddb6032
JH
1024#ifdef SMP
1025struct netmsg_tcp_drain {
002c1265 1026 struct netmsg_base base;
0ddb6032
JH
1027 struct inpcbhead *nm_head;
1028};
1029
4599cf19 1030static void
002c1265 1031tcp_drain_handler(netmsg_t msg)
0ddb6032 1032{
002c1265 1033 struct netmsg_tcp_drain *nm = (void *)msg;
0ddb6032
JH
1034
1035 tcp_drain_oncpu(nm->nm_head);
002c1265 1036 lwkt_replymsg(&nm->base.lmsg, 0);
0ddb6032
JH
1037}
1038#endif
1039
3f48f9c5 1040void
f3f70f0d 1041tcp_drain(void)
3f48f9c5 1042{
93c8e032 1043#ifdef SMP
d371a63a 1044 int cpu;
93c8e032 1045#endif
d371a63a
JH
1046
1047 if (!do_tcpdrain)
1048 return;
984263bc
MD
1049
1050 /*
1051 * Walk the tcpbs, if existing, and flush the reassembly queue,
1052 * if there is one...
1053 * XXX: The "Net/3" implementation doesn't imply that the TCP
707ad4ed
JH
1054 * reassembly queue should be flushed, but in a situation
1055 * where we're really low on mbufs, this is potentially
1056 * useful.
984263bc 1057 */
3f48f9c5 1058#ifdef SMP
d371a63a 1059 for (cpu = 0; cpu < ncpus2; cpu++) {
002c1265 1060 struct netmsg_tcp_drain *nm;
3f48f9c5 1061
0ddb6032 1062 if (cpu == mycpu->gd_cpuid) {
d2e9e54c 1063 tcp_drain_oncpu(&tcbinfo[cpu].pcblisthead);
3f48f9c5 1064 } else {
002c1265
MD
1065 nm = kmalloc(sizeof(struct netmsg_tcp_drain),
1066 M_LWKTMSG, M_NOWAIT);
1067 if (nm == NULL)
3f48f9c5 1068 continue;
002c1265 1069 netmsg_init(&nm->base, NULL, &netisr_afree_rport,
48e7b118 1070 0, tcp_drain_handler);
002c1265
MD
1071 nm->nm_head = &tcbinfo[cpu].pcblisthead;
1072 lwkt_sendmsg(cpu_portfn(cpu), &nm->base.lmsg);
984263bc 1073 }
984263bc 1074 }
3f48f9c5 1075#else
d2e9e54c 1076 tcp_drain_oncpu(&tcbinfo[0].pcblisthead);
3f48f9c5 1077#endif
984263bc
MD
1078}
1079
1080/*
1081 * Notify a tcp user of an asynchronous error;
1082 * store error as soft error, but wake up user
1083 * (for now, won't do anything until can select for soft error).
1084 *
1085 * Do not wake up user since there currently is no mechanism for
1086 * reporting soft errors (yet - a kqueue filter may be added).
1087 */
1088static void
707ad4ed 1089tcp_notify(struct inpcb *inp, int error)
984263bc 1090{
707ad4ed 1091 struct tcpcb *tp = intotcpcb(inp);
984263bc
MD
1092
1093 /*
1094 * Ignore some errors if we are hooked up.
1095 * If connection hasn't completed, has retransmitted several times,
1096 * and receives a second error, give up now. This is better
1097 * than waiting a long time to establish a connection that
1098 * can never complete.
1099 */
1100 if (tp->t_state == TCPS_ESTABLISHED &&
1101 (error == EHOSTUNREACH || error == ENETUNREACH ||
1102 error == EHOSTDOWN)) {
1103 return;
1104 } else if (tp->t_state < TCPS_ESTABLISHED && tp->t_rxtshift > 3 &&
1105 tp->t_softerror)
1106 tcp_drop(tp, error);
1107 else
1108 tp->t_softerror = error;
1109#if 0
f23061d4 1110 wakeup(&so->so_timeo);
984263bc
MD
1111 sorwakeup(so);
1112 sowwakeup(so);
1113#endif
1114}
1115
1116static int
1117tcp_pcblist(SYSCTL_HANDLER_ARGS)
1118{
d2e9e54c
MD
1119 int error, i, n;
1120 struct inpcb *marker;
1121 struct inpcb *inp;
d2e9e54c
MD
1122 globaldata_t gd;
1123 int origcpu, ccpu;
1124
1125 error = 0;
1126 n = 0;
984263bc
MD
1127
1128 /*
1129 * The process of preparing the TCB list is too time-consuming and
1130 * resource-intensive to repeat twice on every request.
1131 */
707ad4ed 1132 if (req->oldptr == NULL) {
d2e9e54c
MD
1133 for (ccpu = 0; ccpu < ncpus; ++ccpu) {
1134 gd = globaldata_find(ccpu);
1135 n += tcbinfo[gd->gd_cpuid].ipi_count;
1136 }
8d7c364e 1137 req->oldidx = (n + n/8 + 10) * sizeof(struct xtcpcb);
707ad4ed 1138 return (0);
984263bc
MD
1139 }
1140
707ad4ed
JH
1141 if (req->newptr != NULL)
1142 return (EPERM);
984263bc 1143
efda3bd0 1144 marker = kmalloc(sizeof(struct inpcb), M_TEMP, M_WAITOK|M_ZERO);
d2e9e54c
MD
1145 marker->inp_flags |= INP_PLACEMARKER;
1146
984263bc 1147 /*
d2e9e54c 1148 * OK, now we're committed to doing something. Run the inpcb list
f23061d4 1149 * for each cpu in the system and construct the output. Use a
d2e9e54c
MD
1150 * list placemarker to deal with list changes occuring during
1151 * copyout blockages (but otherwise depend on being on the correct
1152 * cpu to avoid races).
984263bc 1153 */
d2e9e54c
MD
1154 origcpu = mycpu->gd_cpuid;
1155 for (ccpu = 1; ccpu <= ncpus && error == 0; ++ccpu) {
1156 globaldata_t rgd;
1157 caddr_t inp_ppcb;
1158 struct xtcpcb xt;
1159 int cpu_id;
1160
1161 cpu_id = (origcpu + ccpu) % ncpus;
da23a592 1162 if ((smp_active_mask & CPUMASK(cpu_id)) == 0)
d2e9e54c
MD
1163 continue;
1164 rgd = globaldata_find(cpu_id);
1165 lwkt_setcpu_self(rgd);
1166
d2e9e54c
MD
1167 n = tcbinfo[cpu_id].ipi_count;
1168
d2e9e54c
MD
1169 LIST_INSERT_HEAD(&tcbinfo[cpu_id].pcblisthead, marker, inp_list);
1170 i = 0;
1171 while ((inp = LIST_NEXT(marker, inp_list)) != NULL && i < n) {
1172 /*
1173 * process a snapshot of pcbs, ignoring placemarkers
1174 * and using our own to allow SYSCTL_OUT to block.
1175 */
1176 LIST_REMOVE(marker, inp_list);
1177 LIST_INSERT_AFTER(inp, marker, inp_list);
707ad4ed 1178
d2e9e54c
MD
1179 if (inp->inp_flags & INP_PLACEMARKER)
1180 continue;
d2e9e54c
MD
1181 if (prison_xinpcb(req->td, inp))
1182 continue;
984263bc 1183
984263bc 1184 xt.xt_len = sizeof xt;
984263bc
MD
1185 bcopy(inp, &xt.xt_inp, sizeof *inp);
1186 inp_ppcb = inp->inp_ppcb;
1187 if (inp_ppcb != NULL)
1188 bcopy(inp_ppcb, &xt.xt_tp, sizeof xt.xt_tp);
1189 else
707ad4ed 1190 bzero(&xt.xt_tp, sizeof xt.xt_tp);
984263bc
MD
1191 if (inp->inp_socket)
1192 sotoxsocket(inp->inp_socket, &xt.xt_socket);
d2e9e54c
MD
1193 if ((error = SYSCTL_OUT(req, &xt, sizeof xt)) != 0)
1194 break;
1195 ++i;
1196 }
1197 LIST_REMOVE(marker, inp_list);
1198 if (error == 0 && i < n) {
0c3c561c
JH
1199 bzero(&xt, sizeof xt);
1200 xt.xt_len = sizeof xt;
d2e9e54c 1201 while (i < n) {
f23061d4 1202 error = SYSCTL_OUT(req, &xt, sizeof xt);
d2e9e54c
MD
1203 if (error)
1204 break;
1205 ++i;
1206 }
1207 }
984263bc 1208 }
d2e9e54c
MD
1209
1210 /*
1211 * Make sure we are on the same cpu we were on originally, since
1212 * higher level callers expect this. Also don't pollute caches with
1213 * migrated userland data by (eventually) returning to userland
1214 * on a different cpu.
1215 */
1216 lwkt_setcpu_self(globaldata_find(origcpu));
efda3bd0 1217 kfree(marker, M_TEMP);
707ad4ed 1218 return (error);
984263bc
MD
1219}
1220
1221SYSCTL_PROC(_net_inet_tcp, TCPCTL_PCBLIST, pcblist, CTLFLAG_RD, 0, 0,
1222 tcp_pcblist, "S,xtcpcb", "List of active TCP connections");
1223
1224static int
1225tcp_getcred(SYSCTL_HANDLER_ARGS)
1226{
1227 struct sockaddr_in addrs[2];
1228 struct inpcb *inp;
d371a63a 1229 int cpu;
1cae611f 1230 int error;
984263bc 1231
895c1f85 1232 error = priv_check(req->td, PRIV_ROOT);
707ad4ed 1233 if (error != 0)
984263bc 1234 return (error);
707ad4ed
JH
1235 error = SYSCTL_IN(req, addrs, sizeof addrs);
1236 if (error != 0)
984263bc 1237 return (error);
1cae611f 1238 crit_enter();
d371a63a
JH
1239 cpu = tcp_addrcpu(addrs[1].sin_addr.s_addr, addrs[1].sin_port,
1240 addrs[0].sin_addr.s_addr, addrs[0].sin_port);
1241 inp = in_pcblookup_hash(&tcbinfo[cpu], addrs[1].sin_addr,
1242 addrs[1].sin_port, addrs[0].sin_addr, addrs[0].sin_port, 0, NULL);
984263bc
MD
1243 if (inp == NULL || inp->inp_socket == NULL) {
1244 error = ENOENT;
1245 goto out;
1246 }
1247 error = SYSCTL_OUT(req, inp->inp_socket->so_cred, sizeof(struct ucred));
1248out:
1cae611f 1249 crit_exit();
984263bc
MD
1250 return (error);
1251}
1252
707ad4ed 1253SYSCTL_PROC(_net_inet_tcp, OID_AUTO, getcred, (CTLTYPE_OPAQUE | CTLFLAG_RW),
984263bc
MD
1254 0, 0, tcp_getcred, "S,ucred", "Get the ucred of a TCP connection");
1255
1256#ifdef INET6
1257static int
1258tcp6_getcred(SYSCTL_HANDLER_ARGS)
1259{
1260 struct sockaddr_in6 addrs[2];
1261 struct inpcb *inp;
1cae611f 1262 int error;
707ad4ed 1263 boolean_t mapped = FALSE;
984263bc 1264
895c1f85 1265 error = priv_check(req->td, PRIV_ROOT);
707ad4ed 1266 if (error != 0)
984263bc 1267 return (error);
707ad4ed
JH
1268 error = SYSCTL_IN(req, addrs, sizeof addrs);
1269 if (error != 0)
984263bc
MD
1270 return (error);
1271 if (IN6_IS_ADDR_V4MAPPED(&addrs[0].sin6_addr)) {
1272 if (IN6_IS_ADDR_V4MAPPED(&addrs[1].sin6_addr))
707ad4ed 1273 mapped = TRUE;
984263bc
MD
1274 else
1275 return (EINVAL);
1276 }
1cae611f 1277 crit_enter();
707ad4ed 1278 if (mapped) {
d371a63a
JH
1279 inp = in_pcblookup_hash(&tcbinfo[0],
1280 *(struct in_addr *)&addrs[1].sin6_addr.s6_addr[12],
1281 addrs[1].sin6_port,
1282 *(struct in_addr *)&addrs[0].sin6_addr.s6_addr[12],
1283 addrs[0].sin6_port,
1284 0, NULL);
1285 } else {
1286 inp = in6_pcblookup_hash(&tcbinfo[0],
1287 &addrs[1].sin6_addr, addrs[1].sin6_port,
1288 &addrs[0].sin6_addr, addrs[0].sin6_port,
1289 0, NULL);
1290 }
984263bc
MD
1291 if (inp == NULL || inp->inp_socket == NULL) {
1292 error = ENOENT;
1293 goto out;
1294 }
707ad4ed 1295 error = SYSCTL_OUT(req, inp->inp_socket->so_cred, sizeof(struct ucred));
984263bc 1296out:
1cae611f 1297 crit_exit();
984263bc
MD
1298 return (error);
1299}
1300
707ad4ed 1301SYSCTL_PROC(_net_inet6_tcp6, OID_AUTO, getcred, (CTLTYPE_OPAQUE | CTLFLAG_RW),
984263bc
MD
1302 0, 0,
1303 tcp6_getcred, "S,ucred", "Get the ucred of a TCP6 connection");
1304#endif
1305
14572273 1306struct netmsg_tcp_notify {
002c1265 1307 struct netmsg_base base;
14572273
SZ
1308 void (*nm_notify)(struct inpcb *, int);
1309 struct in_addr nm_faddr;
1310 int nm_arg;
1311};
1312
1313static void
002c1265 1314tcp_notifyall_oncpu(netmsg_t msg)
14572273 1315{
002c1265 1316 struct netmsg_tcp_notify *nm = (struct netmsg_tcp_notify *)msg;
14572273
SZ
1317 int nextcpu;
1318
002c1265
MD
1319 in_pcbnotifyall(&tcbinfo[mycpuid].pcblisthead, nm->nm_faddr,
1320 nm->nm_arg, nm->nm_notify);
14572273
SZ
1321
1322 nextcpu = mycpuid + 1;
1323 if (nextcpu < ncpus2)
002c1265 1324 lwkt_forwardmsg(cpu_portfn(nextcpu), &nm->base.lmsg);
14572273 1325 else
002c1265 1326 lwkt_replymsg(&nm->base.lmsg, 0);
14572273
SZ
1327}
1328
984263bc 1329void
002c1265 1330tcp_ctlinput(netmsg_t msg)
984263bc 1331{
002c1265
MD
1332 int cmd = msg->ctlinput.nm_cmd;
1333 struct sockaddr *sa = msg->ctlinput.nm_arg;
1334 struct ip *ip = msg->ctlinput.nm_extra;
984263bc
MD
1335 struct tcphdr *th;
1336 struct in_addr faddr;
1337 struct inpcb *inp;
1338 struct tcpcb *tp;
707ad4ed 1339 void (*notify)(struct inpcb *, int) = tcp_notify;
7d448528 1340 tcp_seq icmpseq;
1cae611f 1341 int arg, cpu;
7d448528
JH
1342
1343 if ((unsigned)cmd >= PRC_NCMDS || inetctlerrmap[cmd] == 0) {
002c1265 1344 goto done;
7d448528 1345 }
984263bc
MD
1346
1347 faddr = ((struct sockaddr_in *)sa)->sin_addr;
1348 if (sa->sa_family != AF_INET || faddr.s_addr == INADDR_ANY)
002c1265 1349 goto done;
984263bc 1350
7d448528
JH
1351 arg = inetctlerrmap[cmd];
1352 if (cmd == PRC_QUENCH) {
984263bc 1353 notify = tcp_quench;
7d448528
JH
1354 } else if (icmp_may_rst &&
1355 (cmd == PRC_UNREACH_ADMIN_PROHIB ||
1356 cmd == PRC_UNREACH_PORT ||
1357 cmd == PRC_TIMXCEED_INTRANS) &&
1358 ip != NULL) {
984263bc 1359 notify = tcp_drop_syn_sent;
7d448528
JH
1360 } else if (cmd == PRC_MSGSIZE) {
1361 struct icmp *icmp = (struct icmp *)
1362 ((caddr_t)ip - offsetof(struct icmp, icmp_ip));
1363
1364 arg = ntohs(icmp->icmp_nextmtu);
984263bc 1365 notify = tcp_mtudisc;
7d448528 1366 } else if (PRC_IS_REDIRECT(cmd)) {
707ad4ed 1367 ip = NULL;
984263bc 1368 notify = in_rtchange;
7d448528 1369 } else if (cmd == PRC_HOSTDEAD) {
707ad4ed 1370 ip = NULL;
7d448528
JH
1371 }
1372
707ad4ed 1373 if (ip != NULL) {
1cae611f 1374 crit_enter();
707ad4ed
JH
1375 th = (struct tcphdr *)((caddr_t)ip +
1376 (IP_VHL_HL(ip->ip_vhl) << 2));
d371a63a 1377 cpu = tcp_addrcpu(faddr.s_addr, th->th_dport,
707ad4ed 1378 ip->ip_src.s_addr, th->th_sport);
d371a63a 1379 inp = in_pcblookup_hash(&tcbinfo[cpu], faddr, th->th_dport,
707ad4ed
JH
1380 ip->ip_src, th->th_sport, 0, NULL);
1381 if ((inp != NULL) && (inp->inp_socket != NULL)) {
7d448528 1382 icmpseq = htonl(th->th_seq);
984263bc 1383 tp = intotcpcb(inp);
7d448528
JH
1384 if (SEQ_GEQ(icmpseq, tp->snd_una) &&
1385 SEQ_LT(icmpseq, tp->snd_max))
1386 (*notify)(inp, arg);
984263bc
MD
1387 } else {
1388 struct in_conninfo inc;
1389
1390 inc.inc_fport = th->th_dport;
1391 inc.inc_lport = th->th_sport;
1392 inc.inc_faddr = faddr;
1393 inc.inc_laddr = ip->ip_src;
1394#ifdef INET6
1395 inc.inc_isipv6 = 0;
1396#endif
1397 syncache_unreach(&inc, th);
1398 }
1cae611f 1399 crit_exit();
d371a63a 1400 } else {
002c1265 1401 struct netmsg_tcp_notify *nm;
14572273
SZ
1402
1403 KKASSERT(&curthread->td_msgport == cpu_portfn(0));
002c1265
MD
1404 nm = kmalloc(sizeof(*nm), M_LWKTMSG, M_INTWAIT);
1405 netmsg_init(&nm->base, NULL, &netisr_afree_rport,
48e7b118 1406 0, tcp_notifyall_oncpu);
002c1265
MD
1407 nm->nm_faddr = faddr;
1408 nm->nm_arg = arg;
1409 nm->nm_notify = notify;
14572273 1410
002c1265 1411 lwkt_sendmsg(cpu_portfn(0), &nm->base.lmsg);
d371a63a 1412 }
002c1265
MD
1413done:
1414 lwkt_replymsg(&msg->lmsg, 0);
984263bc
MD
1415}
1416
1417#ifdef INET6
002c1265 1418
984263bc 1419void
002c1265 1420tcp6_ctlinput(netmsg_t msg)
984263bc 1421{
002c1265
MD
1422 int cmd = msg->ctlinput.nm_cmd;
1423 struct sockaddr *sa = msg->ctlinput.nm_arg;
1424 void *d = msg->ctlinput.nm_extra;
984263bc 1425 struct tcphdr th;
42a7fc75 1426 void (*notify) (struct inpcb *, int) = tcp_notify;
984263bc
MD
1427 struct ip6_hdr *ip6;
1428 struct mbuf *m;
1429 struct ip6ctlparam *ip6cp = NULL;
1430 const struct sockaddr_in6 *sa6_src = NULL;
1431 int off;
1432 struct tcp_portonly {
1433 u_int16_t th_sport;
1434 u_int16_t th_dport;
1435 } *thp;
7d448528 1436 int arg;
984263bc
MD
1437
1438 if (sa->sa_family != AF_INET6 ||
002c1265
MD
1439 sa->sa_len != sizeof(struct sockaddr_in6)) {
1440 goto out;
1441 }
984263bc 1442
7d448528 1443 arg = 0;
984263bc
MD
1444 if (cmd == PRC_QUENCH)
1445 notify = tcp_quench;
7d448528
JH
1446 else if (cmd == PRC_MSGSIZE) {
1447 struct ip6ctlparam *ip6cp = d;
1448 struct icmp6_hdr *icmp6 = ip6cp->ip6c_icmp6;
1449
1450 arg = ntohl(icmp6->icmp6_mtu);
984263bc 1451 notify = tcp_mtudisc;
7d448528
JH
1452 } else if (!PRC_IS_REDIRECT(cmd) &&
1453 ((unsigned)cmd > PRC_NCMDS || inet6ctlerrmap[cmd] == 0)) {
002c1265 1454 goto out;
7d448528 1455 }
984263bc
MD
1456
1457 /* if the parameter is from icmp6, decode it. */
1458 if (d != NULL) {
1459 ip6cp = (struct ip6ctlparam *)d;
1460 m = ip6cp->ip6c_m;
1461 ip6 = ip6cp->ip6c_ip6;
1462 off = ip6cp->ip6c_off;
1463 sa6_src = ip6cp->ip6c_src;
1464 } else {
1465 m = NULL;
1466 ip6 = NULL;
1467 off = 0; /* fool gcc */
1468 sa6_src = &sa6_any;
1469 }
1470
707ad4ed 1471 if (ip6 != NULL) {
984263bc
MD
1472 struct in_conninfo inc;
1473 /*
1474 * XXX: We assume that when IPV6 is non NULL,
1475 * M and OFF are valid.
1476 */
1477
1478 /* check if we can safely examine src and dst ports */
707ad4ed 1479 if (m->m_pkthdr.len < off + sizeof *thp)
002c1265 1480 goto out;
984263bc 1481
707ad4ed
JH
1482 bzero(&th, sizeof th);
1483 m_copydata(m, off, sizeof *thp, (caddr_t)&th);
984263bc 1484
d2e9e54c 1485 in6_pcbnotify(&tcbinfo[0].pcblisthead, sa, th.th_dport,
984263bc 1486 (struct sockaddr *)ip6cp->ip6c_src,
7d448528 1487 th.th_sport, cmd, arg, notify);
984263bc
MD
1488
1489 inc.inc_fport = th.th_dport;
1490 inc.inc_lport = th.th_sport;
1491 inc.inc6_faddr = ((struct sockaddr_in6 *)sa)->sin6_addr;
1492 inc.inc6_laddr = ip6cp->ip6c_src->sin6_addr;
1493 inc.inc_isipv6 = 1;
1494 syncache_unreach(&inc, &th);
002c1265 1495 } else {
d2e9e54c 1496 in6_pcbnotify(&tcbinfo[0].pcblisthead, sa, 0,
7d448528 1497 (const struct sockaddr *)sa6_src, 0, cmd, arg, notify);
002c1265
MD
1498 }
1499out:
1500 lwkt_replymsg(&msg->ctlinput.base.lmsg, 0);
984263bc 1501}
002c1265 1502
707ad4ed 1503#endif
984263bc
MD
1504
1505/*
1506 * Following is where TCP initial sequence number generation occurs.
1507 *
1508 * There are two places where we must use initial sequence numbers:
1509 * 1. In SYN-ACK packets.
1510 * 2. In SYN packets.
1511 *
1512 * All ISNs for SYN-ACK packets are generated by the syncache. See
1513 * tcp_syncache.c for details.
1514 *
1515 * The ISNs in SYN packets must be monotonic; TIME_WAIT recycling
1516 * depends on this property. In addition, these ISNs should be
1517 * unguessable so as to prevent connection hijacking. To satisfy
1518 * the requirements of this situation, the algorithm outlined in
1519 * RFC 1948 is used to generate sequence numbers.
1520 *
1521 * Implementation details:
1522 *
1523 * Time is based off the system timer, and is corrected so that it
1524 * increases by one megabyte per second. This allows for proper
1525 * recycling on high speed LANs while still leaving over an hour
1526 * before rollover.
1527 *
1528 * net.inet.tcp.isn_reseed_interval controls the number of seconds
1529 * between seeding of isn_secret. This is normally set to zero,
1530 * as reseeding should not be necessary.
1531 *
1532 */
1533
707ad4ed 1534#define ISN_BYTES_PER_SECOND 1048576
984263bc
MD
1535
1536u_char isn_secret[32];
1537int isn_last_reseed;
1538MD5_CTX isn_ctx;
1539
1540tcp_seq
707ad4ed 1541tcp_new_isn(struct tcpcb *tp)
984263bc
MD
1542{
1543 u_int32_t md5_buffer[4];
1544 tcp_seq new_isn;
1545
1546 /* Seed if this is the first use, reseed if requested. */
1547 if ((isn_last_reseed == 0) || ((tcp_isn_reseed_interval > 0) &&
1548 (((u_int)isn_last_reseed + (u_int)tcp_isn_reseed_interval*hz)
1549 < (u_int)ticks))) {
707ad4ed 1550 read_random_unlimited(&isn_secret, sizeof isn_secret);
984263bc
MD
1551 isn_last_reseed = ticks;
1552 }
707ad4ed 1553
984263bc
MD
1554 /* Compute the md5 hash and return the ISN. */
1555 MD5Init(&isn_ctx);
707ad4ed
JH
1556 MD5Update(&isn_ctx, (u_char *)&tp->t_inpcb->inp_fport, sizeof(u_short));
1557 MD5Update(&isn_ctx, (u_char *)&tp->t_inpcb->inp_lport, sizeof(u_short));
984263bc 1558#ifdef INET6
707ad4ed 1559 if (tp->t_inpcb->inp_vflag & INP_IPV6) {
984263bc
MD
1560 MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_faddr,
1561 sizeof(struct in6_addr));
1562 MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_laddr,
1563 sizeof(struct in6_addr));
1564 } else
1565#endif
1566 {
1567 MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_faddr,
1568 sizeof(struct in_addr));
1569 MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_laddr,
1570 sizeof(struct in_addr));
1571 }
1572 MD5Update(&isn_ctx, (u_char *) &isn_secret, sizeof(isn_secret));
1573 MD5Final((u_char *) &md5_buffer, &isn_ctx);
1574 new_isn = (tcp_seq) md5_buffer[0];
1575 new_isn += ticks * (ISN_BYTES_PER_SECOND / hz);
707ad4ed 1576 return (new_isn);
984263bc
MD
1577}
1578
1579/*
1580 * When a source quench is received, close congestion window
1581 * to one segment. We will gradually open it again as we proceed.
1582 */
1583void
71f385dc 1584tcp_quench(struct inpcb *inp, int error)
984263bc
MD
1585{
1586 struct tcpcb *tp = intotcpcb(inp);
1587
8acdb67c 1588 if (tp != NULL) {
984263bc 1589 tp->snd_cwnd = tp->t_maxseg;
8acdb67c
JH
1590 tp->snd_wacked = 0;
1591 }
984263bc
MD
1592}
1593
1594/*
1595 * When a specific ICMP unreachable message is received and the
1596 * connection state is SYN-SENT, drop the connection. This behavior
1597 * is controlled by the icmp_may_rst sysctl.
1598 */
1599void
71f385dc 1600tcp_drop_syn_sent(struct inpcb *inp, int error)
984263bc
MD
1601{
1602 struct tcpcb *tp = intotcpcb(inp);
1603
707ad4ed 1604 if ((tp != NULL) && (tp->t_state == TCPS_SYN_SENT))
71f385dc 1605 tcp_drop(tp, error);
984263bc
MD
1606}
1607
1608/*
7d448528 1609 * When a `need fragmentation' ICMP is received, update our idea of the MSS
984263bc
MD
1610 * based on the new value in the route. Also nudge TCP to send something,
1611 * since we know the packet we just sent was dropped.
1612 * This duplicates some code in the tcp_mss() function in tcp_input.c.
1613 */
1614void
7d448528 1615tcp_mtudisc(struct inpcb *inp, int mtu)
984263bc
MD
1616{
1617 struct tcpcb *tp = intotcpcb(inp);
1618 struct rtentry *rt;
984263bc 1619 struct socket *so = inp->inp_socket;
7d448528 1620 int maxopd, mss;
984263bc 1621#ifdef INET6
707ad4ed
JH
1622 boolean_t isipv6 = ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0);
1623#else
1624 const boolean_t isipv6 = FALSE;
1625#endif
984263bc 1626
7d448528
JH
1627 if (tp == NULL)
1628 return;
1629
1630 /*
1631 * If no MTU is provided in the ICMP message, use the
1632 * next lower likely value, as specified in RFC 1191.
1633 */
1634 if (mtu == 0) {
1635 int oldmtu;
1636
1637 oldmtu = tp->t_maxopd +
1638 (isipv6 ?
1639 sizeof(struct ip6_hdr) + sizeof(struct tcphdr) :
1640 sizeof(struct tcpiphdr));
1641 mtu = ip_next_mtu(oldmtu, 0);
1642 }
1643
1644 if (isipv6)
1645 rt = tcp_rtlookup6(&inp->inp_inc);
1646 else
1647 rt = tcp_rtlookup(&inp->inp_inc);
1648 if (rt != NULL) {
7d448528
JH
1649 if (rt->rt_rmx.rmx_mtu != 0 && rt->rt_rmx.rmx_mtu < mtu)
1650 mtu = rt->rt_rmx.rmx_mtu;
1651
1652 maxopd = mtu -
1653 (isipv6 ?
1654 sizeof(struct ip6_hdr) + sizeof(struct tcphdr) :
1655 sizeof(struct tcpiphdr));
1656
984263bc 1657 /*
7d448528 1658 * XXX - The following conditional probably violates the TCP
984263bc
MD
1659 * spec. The problem is that, since we don't know the
1660 * other end's MSS, we are supposed to use a conservative
1661 * default. But, if we do that, then MTU discovery will
1662 * never actually take place, because the conservative
1663 * default is much less than the MTUs typically seen
1664 * on the Internet today. For the moment, we'll sweep
1665 * this under the carpet.
1666 *
1667 * The conservative default might not actually be a problem
1668 * if the only case this occurs is when sending an initial
1669 * SYN with options and data to a host we've never talked
1670 * to before. Then, they will reply with an MSS value which
1671 * will get recorded and the new parameters should get
1672 * recomputed. For Further Study.
1673 */
27b8aee3
AE
1674 if (rt->rt_rmx.rmx_mssopt && rt->rt_rmx.rmx_mssopt < maxopd)
1675 maxopd = rt->rt_rmx.rmx_mssopt;
7d448528
JH
1676 } else
1677 maxopd = mtu -
1678 (isipv6 ?
1679 sizeof(struct ip6_hdr) + sizeof(struct tcphdr) :
1680 sizeof(struct tcpiphdr));
1681
1682 if (tp->t_maxopd <= maxopd)
1683 return;
1684 tp->t_maxopd = maxopd;
1685
1686 mss = maxopd;
1687 if ((tp->t_flags & (TF_REQ_TSTMP | TF_RCVD_TSTMP | TF_NOOPT)) ==
1688 (TF_REQ_TSTMP | TF_RCVD_TSTMP))
1689 mss -= TCPOLEN_TSTAMP_APPA;
1690
7d448528
JH
1691 /* round down to multiple of MCLBYTES */
1692#if (MCLBYTES & (MCLBYTES - 1)) == 0 /* test if MCLBYTES power of 2 */
1693 if (mss > MCLBYTES)
1694 mss &= ~(MCLBYTES - 1);
984263bc 1695#else
7d448528
JH
1696 if (mss > MCLBYTES)
1697 mss = (mss / MCLBYTES) * MCLBYTES;
984263bc 1698#endif
984263bc 1699
6d49aa6f
MD
1700 if (so->so_snd.ssb_hiwat < mss)
1701 mss = so->so_snd.ssb_hiwat;
984263bc 1702
7d448528
JH
1703 tp->t_maxseg = mss;
1704 tp->t_rtttime = 0;
1705 tp->snd_nxt = tp->snd_una;
1706 tcp_output(tp);
1707 tcpstat.tcps_mturesent++;
984263bc
MD
1708}
1709
1710/*
1711 * Look-up the routing entry to the peer of this inpcb. If no route
1712 * is found and it cannot be allocated the return NULL. This routine
1713 * is called by TCP routines that access the rmx structure and by tcp_mss
1714 * to get the interface MTU.
1715 */
1716struct rtentry *
707ad4ed 1717tcp_rtlookup(struct in_conninfo *inc)
984263bc 1718{
f23061d4 1719 struct route *ro = &inc->inc_route;
984263bc 1720
f23061d4 1721 if (ro->ro_rt == NULL || !(ro->ro_rt->rt_flags & RTF_UP)) {
984263bc
MD
1722 /* No route yet, so try to acquire one */
1723 if (inc->inc_faddr.s_addr != INADDR_ANY) {
88fcebeb
MD
1724 /*
1725 * unused portions of the structure MUST be zero'd
1726 * out because rtalloc() treats it as opaque data
1727 */
1728 bzero(&ro->ro_dst, sizeof(struct sockaddr_in));
984263bc
MD
1729 ro->ro_dst.sa_family = AF_INET;
1730 ro->ro_dst.sa_len = sizeof(struct sockaddr_in);
1731 ((struct sockaddr_in *) &ro->ro_dst)->sin_addr =
1732 inc->inc_faddr;
1733 rtalloc(ro);
984263bc
MD
1734 }
1735 }
f23061d4 1736 return (ro->ro_rt);
984263bc
MD
1737}
1738
1739#ifdef INET6
1740struct rtentry *
707ad4ed 1741tcp_rtlookup6(struct in_conninfo *inc)
984263bc 1742{
f23061d4 1743 struct route_in6 *ro6 = &inc->inc6_route;
984263bc 1744
f23061d4 1745 if (ro6->ro_rt == NULL || !(ro6->ro_rt->rt_flags & RTF_UP)) {
984263bc
MD
1746 /* No route yet, so try to acquire one */
1747 if (!IN6_IS_ADDR_UNSPECIFIED(&inc->inc6_faddr)) {
88fcebeb
MD
1748 /*
1749 * unused portions of the structure MUST be zero'd
1750 * out because rtalloc() treats it as opaque data
1751 */
1752 bzero(&ro6->ro_dst, sizeof(struct sockaddr_in6));
984263bc
MD
1753 ro6->ro_dst.sin6_family = AF_INET6;
1754 ro6->ro_dst.sin6_len = sizeof(struct sockaddr_in6);
1755 ro6->ro_dst.sin6_addr = inc->inc6_faddr;
1756 rtalloc((struct route *)ro6);
984263bc
MD
1757 }
1758 }
f23061d4 1759 return (ro6->ro_rt);
984263bc 1760}
707ad4ed 1761#endif
984263bc
MD
1762
1763#ifdef IPSEC
1764/* compute ESP/AH header size for TCP, including outer IP header. */
1765size_t
707ad4ed 1766ipsec_hdrsiz_tcp(struct tcpcb *tp)
984263bc
MD
1767{
1768 struct inpcb *inp;
1769 struct mbuf *m;
1770 size_t hdrsiz;
1771 struct ip *ip;
984263bc
MD
1772 struct tcphdr *th;
1773
1774 if ((tp == NULL) || ((inp = tp->t_inpcb) == NULL))
707ad4ed 1775 return (0);
74f1caca 1776 MGETHDR(m, MB_DONTWAIT, MT_DATA);
984263bc 1777 if (!m)
707ad4ed 1778 return (0);
984263bc
MD
1779
1780#ifdef INET6
707ad4ed
JH
1781 if (inp->inp_vflag & INP_IPV6) {
1782 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
1783
984263bc
MD
1784 th = (struct tcphdr *)(ip6 + 1);
1785 m->m_pkthdr.len = m->m_len =
707ad4ed 1786 sizeof(struct ip6_hdr) + sizeof(struct tcphdr);
984263bc
MD
1787 tcp_fillheaders(tp, ip6, th);
1788 hdrsiz = ipsec6_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
1789 } else
707ad4ed
JH
1790#endif
1791 {
1792 ip = mtod(m, struct ip *);
1793 th = (struct tcphdr *)(ip + 1);
1794 m->m_pkthdr.len = m->m_len = sizeof(struct tcpiphdr);
1795 tcp_fillheaders(tp, ip, th);
1796 hdrsiz = ipsec4_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
1797 }
984263bc
MD
1798
1799 m_free(m);
707ad4ed 1800 return (hdrsiz);
984263bc 1801}
707ad4ed 1802#endif
984263bc
MD
1803
1804/*
984263bc
MD
1805 * TCP BANDWIDTH DELAY PRODUCT WINDOW LIMITING
1806 *
1807 * This code attempts to calculate the bandwidth-delay product as a
1808 * means of determining the optimal window size to maximize bandwidth,
1809 * minimize RTT, and avoid the over-allocation of buffers on interfaces and
1810 * routers. This code also does a fairly good job keeping RTTs in check
1811 * across slow links like modems. We implement an algorithm which is very
1812 * similar (but not meant to be) TCP/Vegas. The code operates on the
1813 * transmitter side of a TCP connection and so only effects the transmit
1814 * side of the connection.
1815 *
1816 * BACKGROUND: TCP makes no provision for the management of buffer space
f23061d4 1817 * at the end points or at the intermediate routers and switches. A TCP
984263bc
MD
1818 * stream, whether using NewReno or not, will eventually buffer as
1819 * many packets as it is able and the only reason this typically works is
1820 * due to the fairly small default buffers made available for a connection
1821 * (typicaly 16K or 32K). As machines use larger windows and/or window
1822 * scaling it is now fairly easy for even a single TCP connection to blow-out
f23061d4 1823 * all available buffer space not only on the local interface, but on
984263bc
MD
1824 * intermediate routers and switches as well. NewReno makes a misguided
1825 * attempt to 'solve' this problem by waiting for an actual failure to occur,
1826 * then backing off, then steadily increasing the window again until another
1827 * failure occurs, ad-infinitum. This results in terrible oscillation that
1828 * is only made worse as network loads increase and the idea of intentionally
1829 * blowing out network buffers is, frankly, a terrible way to manage network
1830 * resources.
1831 *
1832 * It is far better to limit the transmit window prior to the failure
1833 * condition being achieved. There are two general ways to do this: First
1834 * you can 'scan' through different transmit window sizes and locate the
1835 * point where the RTT stops increasing, indicating that you have filled the
1836 * pipe, then scan backwards until you note that RTT stops decreasing, then
1837 * repeat ad-infinitum. This method works in principle but has severe
1838 * implementation issues due to RTT variances, timer granularity, and
1839 * instability in the algorithm which can lead to many false positives and
1840 * create oscillations as well as interact badly with other TCP streams
1841 * implementing the same algorithm.
1842 *
1843 * The second method is to limit the window to the bandwidth delay product
1844 * of the link. This is the method we implement. RTT variances and our
f23061d4 1845 * own manipulation of the congestion window, bwnd, can potentially
984263bc
MD
1846 * destabilize the algorithm. For this reason we have to stabilize the
1847 * elements used to calculate the window. We do this by using the minimum
1848 * observed RTT, the long term average of the observed bandwidth, and
1849 * by adding two segments worth of slop. It isn't perfect but it is able
1850 * to react to changing conditions and gives us a very stable basis on
1851 * which to extend the algorithm.
1852 */
1853void
1854tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq)
1855{
1856 u_long bw;
1857 u_long bwnd;
1858 int save_ticks;
421de19e 1859 int delta_ticks;
984263bc
MD
1860
1861 /*
1862 * If inflight_enable is disabled in the middle of a tcp connection,
1863 * make sure snd_bwnd is effectively disabled.
1864 */
707ad4ed 1865 if (!tcp_inflight_enable) {
984263bc
MD
1866 tp->snd_bwnd = TCP_MAXWIN << TCP_MAX_WINSHIFT;
1867 tp->snd_bandwidth = 0;
1868 return;
1869 }
1870
1871 /*
421de19e
MD
1872 * Validate the delta time. If a connection is new or has been idle
1873 * a long time we have to reset the bandwidth calculator.
1874 */
1875 save_ticks = ticks;
1876 delta_ticks = save_ticks - tp->t_bw_rtttime;
1877 if (tp->t_bw_rtttime == 0 || delta_ticks < 0 || delta_ticks > hz * 10) {
1878 tp->t_bw_rtttime = ticks;
1879 tp->t_bw_rtseq = ack_seq;
1880 if (tp->snd_bandwidth == 0)
1881 tp->snd_bandwidth = tcp_inflight_min;
1882 return;
1883 }
1884 if (delta_ticks == 0)
1885 return;
1886
1887 /*
1888 * Sanity check, plus ignore pure window update acks.
1889 */
1890 if ((int)(ack_seq - tp->t_bw_rtseq) <= 0)
1891 return;
1892
1893 /*
984263bc
MD
1894 * Figure out the bandwidth. Due to the tick granularity this
1895 * is a very rough number and it MUST be averaged over a fairly
1896 * long period of time. XXX we need to take into account a link
1897 * that is not using all available bandwidth, but for now our
1898 * slop will ramp us up if this case occurs and the bandwidth later
1899 * increases.
984263bc 1900 */
421de19e 1901 bw = (int64_t)(ack_seq - tp->t_bw_rtseq) * hz / delta_ticks;
984263bc
MD
1902 tp->t_bw_rtttime = save_ticks;
1903 tp->t_bw_rtseq = ack_seq;
984263bc
MD
1904 bw = ((int64_t)tp->snd_bandwidth * 15 + bw) >> 4;
1905
1906 tp->snd_bandwidth = bw;
1907
1908 /*
1909 * Calculate the semi-static bandwidth delay product, plus two maximal
1910 * segments. The additional slop puts us squarely in the sweet
1911 * spot and also handles the bandwidth run-up case. Without the
1912 * slop we could be locking ourselves into a lower bandwidth.
1913 *
1914 * Situations Handled:
1915 * (1) Prevents over-queueing of packets on LANs, especially on
1916 * high speed LANs, allowing larger TCP buffers to be
f23061d4 1917 * specified, and also does a good job preventing
984263bc
MD
1918 * over-queueing of packets over choke points like modems
1919 * (at least for the transmit side).
1920 *
1921 * (2) Is able to handle changing network loads (bandwidth
1922 * drops so bwnd drops, bandwidth increases so bwnd
1923 * increases).
1924 *
1925 * (3) Theoretically should stabilize in the face of multiple
1926 * connections implementing the same algorithm (this may need
1927 * a little work).
1928 *
f23061d4 1929 * (4) Stability value (defaults to 20 = 2 maximal packets) can
984263bc
MD
1930 * be adjusted with a sysctl but typically only needs to be on
1931 * very slow connections. A value no smaller then 5 should
1932 * be used, but only reduce this default if you have no other
1933 * choice.
1934 */
707ad4ed
JH
1935
1936#define USERTT ((tp->t_srtt + tp->t_rttbest) / 2)
1937 bwnd = (int64_t)bw * USERTT / (hz << TCP_RTT_SHIFT) +
1938 tcp_inflight_stab * (int)tp->t_maxseg / 10;
984263bc
MD
1939#undef USERTT
1940
1941 if (tcp_inflight_debug > 0) {
1942 static int ltime;
1943 if ((u_int)(ticks - ltime) >= hz / tcp_inflight_debug) {
1944 ltime = ticks;
a6ec04bc 1945 kprintf("%p bw %ld rttbest %d srtt %d bwnd %ld\n",
707ad4ed 1946 tp, bw, tp->t_rttbest, tp->t_srtt, bwnd);
984263bc
MD
1947 }
1948 }
1949 if ((long)bwnd < tcp_inflight_min)
1950 bwnd = tcp_inflight_min;
1951 if (bwnd > tcp_inflight_max)
1952 bwnd = tcp_inflight_max;
1953 if ((long)bwnd < tp->t_maxseg * 2)
1954 bwnd = tp->t_maxseg * 2;
1955 tp->snd_bwnd = bwnd;
1956}
b1992928
MD
1957
1958#ifdef TCP_SIGNATURE
1959/*
1960 * Compute TCP-MD5 hash of a TCP segment. (RFC2385)
1961 *
1962 * We do this over ip, tcphdr, segment data, and the key in the SADB.
1963 * When called from tcp_input(), we can be sure that th_sum has been
1964 * zeroed out and verified already.
1965 *
1966 * Return 0 if successful, otherwise return -1.
1967 *
1968 * XXX The key is retrieved from the system's PF_KEY SADB, by keying a
1969 * search with the destination IP address, and a 'magic SPI' to be
1970 * determined by the application. This is hardcoded elsewhere to 1179
1971 * right now. Another branch of this code exists which uses the SPD to
1972 * specify per-application flows but it is unstable.
1973 */
1974int
1975tcpsignature_compute(
1976 struct mbuf *m, /* mbuf chain */
1977 int len, /* length of TCP data */
1978 int optlen, /* length of TCP options */
1979 u_char *buf, /* storage for MD5 digest */
1980 u_int direction) /* direction of flow */
1981{
1982 struct ippseudo ippseudo;
1983 MD5_CTX ctx;
1984 int doff;
1985 struct ip *ip;
1986 struct ipovly *ipovly;
1987 struct secasvar *sav;
1988 struct tcphdr *th;
1989#ifdef INET6
1990 struct ip6_hdr *ip6;
1991 struct in6_addr in6;
1992 uint32_t plen;
1993 uint16_t nhdr;
1994#endif /* INET6 */
1995 u_short savecsum;
1996
1997 KASSERT(m != NULL, ("passed NULL mbuf. Game over."));
1998 KASSERT(buf != NULL, ("passed NULL storage pointer for MD5 signature"));
1999 /*
2000 * Extract the destination from the IP header in the mbuf.
2001 */
2002 ip = mtod(m, struct ip *);
2003#ifdef INET6
2004 ip6 = NULL; /* Make the compiler happy. */
2005#endif /* INET6 */
2006 /*
2007 * Look up an SADB entry which matches the address found in
2008 * the segment.
2009 */
2010 switch (IP_VHL_V(ip->ip_vhl)) {
2011 case IPVERSION:
2012 sav = key_allocsa(AF_INET, (caddr_t)&ip->ip_src, (caddr_t)&ip->ip_dst,
2013 IPPROTO_TCP, htonl(TCP_SIG_SPI));
2014 break;
2015#ifdef INET6
2016 case (IPV6_VERSION >> 4):
2017 ip6 = mtod(m, struct ip6_hdr *);
2018 sav = key_allocsa(AF_INET6, (caddr_t)&ip6->ip6_src, (caddr_t)&ip6->ip6_dst,
2019 IPPROTO_TCP, htonl(TCP_SIG_SPI));
2020 break;
2021#endif /* INET6 */
2022 default:
2023 return (EINVAL);
2024 /* NOTREACHED */
2025 break;
2026 }
2027 if (sav == NULL) {
2028 kprintf("%s: SADB lookup failed\n", __func__);
2029 return (EINVAL);
2030 }
2031 MD5Init(&ctx);
2032
2033 /*
2034 * Step 1: Update MD5 hash with IP pseudo-header.
2035 *
2036 * XXX The ippseudo header MUST be digested in network byte order,
2037 * or else we'll fail the regression test. Assume all fields we've
2038 * been doing arithmetic on have been in host byte order.
2039 * XXX One cannot depend on ipovly->ih_len here. When called from
2040 * tcp_output(), the underlying ip_len member has not yet been set.
2041 */
2042 switch (IP_VHL_V(ip->ip_vhl)) {
2043 case IPVERSION:
2044 ipovly = (struct ipovly *)ip;
2045 ippseudo.ippseudo_src = ipovly->ih_src;
2046 ippseudo.ippseudo_dst = ipovly->ih_dst;
2047 ippseudo.ippseudo_pad = 0;
2048 ippseudo.ippseudo_p = IPPROTO_TCP;
2049 ippseudo.ippseudo_len = htons(len + sizeof(struct tcphdr) + optlen);
2050 MD5Update(&ctx, (char *)&ippseudo, sizeof(struct ippseudo));
2051 th = (struct tcphdr *)((u_char *)ip + sizeof(struct ip));
2052 doff = sizeof(struct ip) + sizeof(struct tcphdr) + optlen;
2053 break;
2054#ifdef INET6
2055 /*
2056 * RFC 2385, 2.0 Proposal
2057 * For IPv6, the pseudo-header is as described in RFC 2460, namely the
2058 * 128-bit source IPv6 address, 128-bit destination IPv6 address, zero-
2059 * extended next header value (to form 32 bits), and 32-bit segment
2060 * length.
2061 * Note: Upper-Layer Packet Length comes before Next Header.
2062 */
2063 case (IPV6_VERSION >> 4):
2064 in6 = ip6->ip6_src;
2065 in6_clearscope(&in6);
2066 MD5Update(&ctx, (char *)&in6, sizeof(struct in6_addr));
2067 in6 = ip6->ip6_dst;
2068 in6_clearscope(&in6);
2069 MD5Update(&ctx, (char *)&in6, sizeof(struct in6_addr));
2070 plen = htonl(len + sizeof(struct tcphdr) + optlen);
2071 MD5Update(&ctx, (char *)&plen, sizeof(uint32_t));
2072 nhdr = 0;
2073 MD5Update(&ctx, (char *)&nhdr, sizeof(uint8_t));
2074 MD5Update(&ctx, (char *)&nhdr, sizeof(uint8_t));
2075 MD5Update(&ctx, (char *)&nhdr, sizeof(uint8_t));
2076 nhdr = IPPROTO_TCP;
2077 MD5Update(&ctx, (char *)&nhdr, sizeof(uint8_t));
2078 th = (struct tcphdr *)((u_char *)ip6 + sizeof(struct ip6_hdr));
2079 doff = sizeof(struct ip6_hdr) + sizeof(struct tcphdr) + optlen;
2080 break;
2081#endif /* INET6 */
2082 default:
2083 return (EINVAL);
2084 /* NOTREACHED */
2085 break;
2086 }
2087 /*
2088 * Step 2: Update MD5 hash with TCP header, excluding options.
2089 * The TCP checksum must be set to zero.
2090 */
2091 savecsum = th->th_sum;
2092 th->th_sum = 0;
2093 MD5Update(&ctx, (char *)th, sizeof(struct tcphdr));
2094 th->th_sum = savecsum;
2095 /*
2096 * Step 3: Update MD5 hash with TCP segment data.
2097 * Use m_apply() to avoid an early m_pullup().
2098 */
2099 if (len > 0)
2100 m_apply(m, doff, len, tcpsignature_apply, &ctx);
2101 /*
2102 * Step 4: Update MD5 hash with shared secret.
2103 */
2104 MD5Update(&ctx, _KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
2105 MD5Final(buf, &ctx);
2106 key_sa_recordxfer(sav, m);
2107 key_freesav(sav);
2108 return (0);
2109}
2110
2111int
2112tcpsignature_apply(void *fstate, void *data, unsigned int len)
2113{
2114
2115 MD5Update((MD5_CTX *)fstate, (unsigned char *)data, len);
2116 return (0);
2117}
2118#endif /* TCP_SIGNATURE */