| 1 | /* |
| 2 | * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 |
| 3 | * The Regents of the University of California. All rights reserved. |
| 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions |
| 7 | * are met: |
| 8 | * 1. Redistributions of source code must retain the above copyright |
| 9 | * notice, this list of conditions and the following disclaimer. |
| 10 | * 2. Redistributions in binary form must reproduce the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer in the |
| 12 | * documentation and/or other materials provided with the distribution. |
| 13 | * 3. All advertising materials mentioning features or use of this software |
| 14 | * must display the following acknowledgement: |
| 15 | * This product includes software developed by the University of |
| 16 | * California, Berkeley and its contributors. |
| 17 | * 4. Neither the name of the University nor the names of its contributors |
| 18 | * may be used to endorse or promote products derived from this software |
| 19 | * without specific prior written permission. |
| 20 | * |
| 21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 31 | * SUCH DAMAGE. |
| 32 | * |
| 33 | * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95 |
| 34 | * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.73.2.31 2003/01/24 05:11:34 sam Exp $ |
| 35 | * $DragonFly: src/sys/netinet/tcp_subr.c,v 1.9 2003/11/08 07:57:51 dillon Exp $ |
| 36 | */ |
| 37 | |
| 38 | #include "opt_compat.h" |
| 39 | #include "opt_inet6.h" |
| 40 | #include "opt_ipsec.h" |
| 41 | #include "opt_tcpdebug.h" |
| 42 | |
| 43 | #include <sys/param.h> |
| 44 | #include <sys/systm.h> |
| 45 | #include <sys/callout.h> |
| 46 | #include <sys/kernel.h> |
| 47 | #include <sys/sysctl.h> |
| 48 | #include <sys/malloc.h> |
| 49 | #include <sys/mbuf.h> |
| 50 | #ifdef INET6 |
| 51 | #include <sys/domain.h> |
| 52 | #endif |
| 53 | #include <sys/proc.h> |
| 54 | #include <sys/socket.h> |
| 55 | #include <sys/socketvar.h> |
| 56 | #include <sys/protosw.h> |
| 57 | #include <sys/random.h> |
| 58 | |
| 59 | #include <vm/vm_zone.h> |
| 60 | |
| 61 | #include <net/route.h> |
| 62 | #include <net/if.h> |
| 63 | |
| 64 | #define _IP_VHL |
| 65 | #include <netinet/in.h> |
| 66 | #include <netinet/in_systm.h> |
| 67 | #include <netinet/ip.h> |
| 68 | #ifdef INET6 |
| 69 | #include <netinet/ip6.h> |
| 70 | #endif |
| 71 | #include <netinet/in_pcb.h> |
| 72 | #ifdef INET6 |
| 73 | #include <netinet6/in6_pcb.h> |
| 74 | #endif |
| 75 | #include <netinet/in_var.h> |
| 76 | #include <netinet/ip_var.h> |
| 77 | #ifdef INET6 |
| 78 | #include <netinet6/ip6_var.h> |
| 79 | #endif |
| 80 | #include <netinet/tcp.h> |
| 81 | #include <netinet/tcp_fsm.h> |
| 82 | #include <netinet/tcp_seq.h> |
| 83 | #include <netinet/tcp_timer.h> |
| 84 | #include <netinet/tcp_var.h> |
| 85 | #ifdef INET6 |
| 86 | #include <netinet6/tcp6_var.h> |
| 87 | #endif |
| 88 | #include <netinet/tcpip.h> |
| 89 | #ifdef TCPDEBUG |
| 90 | #include <netinet/tcp_debug.h> |
| 91 | #endif |
| 92 | #include <netinet6/ip6protosw.h> |
| 93 | |
| 94 | #ifdef IPSEC |
| 95 | #include <netinet6/ipsec.h> |
| 96 | #ifdef INET6 |
| 97 | #include <netinet6/ipsec6.h> |
| 98 | #endif |
| 99 | #endif /*IPSEC*/ |
| 100 | |
| 101 | #ifdef FAST_IPSEC |
| 102 | #include <netipsec/ipsec.h> |
| 103 | #ifdef INET6 |
| 104 | #include <netipsec/ipsec6.h> |
| 105 | #endif |
| 106 | #define IPSEC |
| 107 | #endif /*FAST_IPSEC*/ |
| 108 | |
| 109 | #include <machine/in_cksum.h> |
| 110 | #include <sys/md5.h> |
| 111 | |
| 112 | int tcp_mssdflt = TCP_MSS; |
| 113 | SYSCTL_INT(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt, CTLFLAG_RW, |
| 114 | &tcp_mssdflt , 0, "Default TCP Maximum Segment Size"); |
| 115 | |
| 116 | #ifdef INET6 |
| 117 | int tcp_v6mssdflt = TCP6_MSS; |
| 118 | SYSCTL_INT(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt, |
| 119 | CTLFLAG_RW, &tcp_v6mssdflt , 0, |
| 120 | "Default TCP Maximum Segment Size for IPv6"); |
| 121 | #endif |
| 122 | |
| 123 | #if 0 |
| 124 | static int tcp_rttdflt = TCPTV_SRTTDFLT / PR_SLOWHZ; |
| 125 | SYSCTL_INT(_net_inet_tcp, TCPCTL_RTTDFLT, rttdflt, CTLFLAG_RW, |
| 126 | &tcp_rttdflt , 0, "Default maximum TCP Round Trip Time"); |
| 127 | #endif |
| 128 | |
| 129 | int tcp_do_rfc1323 = 1; |
| 130 | SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_RW, |
| 131 | &tcp_do_rfc1323 , 0, "Enable rfc1323 (high performance TCP) extensions"); |
| 132 | |
| 133 | int tcp_do_rfc1644 = 0; |
| 134 | SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1644, rfc1644, CTLFLAG_RW, |
| 135 | &tcp_do_rfc1644 , 0, "Enable rfc1644 (TTCP) extensions"); |
| 136 | |
| 137 | static int tcp_tcbhashsize = 0; |
| 138 | SYSCTL_INT(_net_inet_tcp, OID_AUTO, tcbhashsize, CTLFLAG_RD, |
| 139 | &tcp_tcbhashsize, 0, "Size of TCP control-block hashtable"); |
| 140 | |
| 141 | static int do_tcpdrain = 1; |
| 142 | SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, &do_tcpdrain, 0, |
| 143 | "Enable tcp_drain routine for extra help when low on mbufs"); |
| 144 | |
| 145 | SYSCTL_INT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD, |
| 146 | &tcbinfo.ipi_count, 0, "Number of active PCBs"); |
| 147 | |
| 148 | static int icmp_may_rst = 1; |
| 149 | SYSCTL_INT(_net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_RW, &icmp_may_rst, 0, |
| 150 | "Certain ICMP unreachable messages may abort connections in SYN_SENT"); |
| 151 | |
| 152 | static int tcp_isn_reseed_interval = 0; |
| 153 | SYSCTL_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_RW, |
| 154 | &tcp_isn_reseed_interval, 0, "Seconds between reseeding of ISN secret"); |
| 155 | |
| 156 | /* |
| 157 | * TCP bandwidth limiting sysctls. Note that the default lower bound of |
| 158 | * 1024 exists only for debugging. A good production default would be |
| 159 | * something like 6100. |
| 160 | */ |
| 161 | static int tcp_inflight_enable = 0; |
| 162 | SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_enable, CTLFLAG_RW, |
| 163 | &tcp_inflight_enable, 0, "Enable automatic TCP inflight data limiting"); |
| 164 | |
| 165 | static int tcp_inflight_debug = 0; |
| 166 | SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_debug, CTLFLAG_RW, |
| 167 | &tcp_inflight_debug, 0, "Debug TCP inflight calculations"); |
| 168 | |
| 169 | static int tcp_inflight_min = 6144; |
| 170 | SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_min, CTLFLAG_RW, |
| 171 | &tcp_inflight_min, 0, "Lower-bound for TCP inflight window"); |
| 172 | |
| 173 | static int tcp_inflight_max = TCP_MAXWIN << TCP_MAX_WINSHIFT; |
| 174 | SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_max, CTLFLAG_RW, |
| 175 | &tcp_inflight_max, 0, "Upper-bound for TCP inflight window"); |
| 176 | |
| 177 | static int tcp_inflight_stab = 20; |
| 178 | SYSCTL_INT(_net_inet_tcp, OID_AUTO, inflight_stab, CTLFLAG_RW, |
| 179 | &tcp_inflight_stab, 0, "Slop in maximal packets / 10 (20 = 2 packets)"); |
| 180 | |
| 181 | static void tcp_cleartaocache (void); |
| 182 | static void tcp_notify (struct inpcb *, int); |
| 183 | |
| 184 | /* |
| 185 | * Target size of TCP PCB hash tables. Must be a power of two. |
| 186 | * |
| 187 | * Note that this can be overridden by the kernel environment |
| 188 | * variable net.inet.tcp.tcbhashsize |
| 189 | */ |
| 190 | #ifndef TCBHASHSIZE |
| 191 | #define TCBHASHSIZE 512 |
| 192 | #endif |
| 193 | |
| 194 | /* |
| 195 | * This is the actual shape of what we allocate using the zone |
| 196 | * allocator. Doing it this way allows us to protect both structures |
| 197 | * using the same generation count, and also eliminates the overhead |
| 198 | * of allocating tcpcbs separately. By hiding the structure here, |
| 199 | * we avoid changing most of the rest of the code (although it needs |
| 200 | * to be changed, eventually, for greater efficiency). |
| 201 | */ |
| 202 | #define ALIGNMENT 32 |
| 203 | #define ALIGNM1 (ALIGNMENT - 1) |
| 204 | struct inp_tp { |
| 205 | union { |
| 206 | struct inpcb inp; |
| 207 | char align[(sizeof(struct inpcb) + ALIGNM1) & ~ALIGNM1]; |
| 208 | } inp_tp_u; |
| 209 | struct tcpcb tcb; |
| 210 | struct callout inp_tp_rexmt, inp_tp_persist, inp_tp_keep, inp_tp_2msl; |
| 211 | struct callout inp_tp_delack; |
| 212 | }; |
| 213 | #undef ALIGNMENT |
| 214 | #undef ALIGNM1 |
| 215 | |
| 216 | /* |
| 217 | * Tcp initialization |
| 218 | */ |
| 219 | void |
| 220 | tcp_init() |
| 221 | { |
| 222 | int hashsize = TCBHASHSIZE; |
| 223 | |
| 224 | tcp_ccgen = 1; |
| 225 | tcp_cleartaocache(); |
| 226 | |
| 227 | tcp_delacktime = TCPTV_DELACK; |
| 228 | tcp_keepinit = TCPTV_KEEP_INIT; |
| 229 | tcp_keepidle = TCPTV_KEEP_IDLE; |
| 230 | tcp_keepintvl = TCPTV_KEEPINTVL; |
| 231 | tcp_maxpersistidle = TCPTV_KEEP_IDLE; |
| 232 | tcp_msl = TCPTV_MSL; |
| 233 | tcp_rexmit_min = TCPTV_MIN; |
| 234 | tcp_rexmit_slop = TCPTV_CPU_VAR; |
| 235 | |
| 236 | LIST_INIT(&tcb); |
| 237 | tcbinfo.listhead = &tcb; |
| 238 | TUNABLE_INT_FETCH("net.inet.tcp.tcbhashsize", &hashsize); |
| 239 | if (!powerof2(hashsize)) { |
| 240 | printf("WARNING: TCB hash size not a power of 2\n"); |
| 241 | hashsize = 512; /* safe default */ |
| 242 | } |
| 243 | tcp_tcbhashsize = hashsize; |
| 244 | tcbinfo.hashbase = hashinit(hashsize, M_PCB, &tcbinfo.hashmask); |
| 245 | tcbinfo.porthashbase = hashinit(hashsize, M_PCB, |
| 246 | &tcbinfo.porthashmask); |
| 247 | tcbinfo.ipi_zone = zinit("tcpcb", sizeof(struct inp_tp), maxsockets, |
| 248 | ZONE_INTERRUPT, 0); |
| 249 | #ifdef INET6 |
| 250 | #define TCP_MINPROTOHDR (sizeof(struct ip6_hdr) + sizeof(struct tcphdr)) |
| 251 | #else /* INET6 */ |
| 252 | #define TCP_MINPROTOHDR (sizeof(struct tcpiphdr)) |
| 253 | #endif /* INET6 */ |
| 254 | if (max_protohdr < TCP_MINPROTOHDR) |
| 255 | max_protohdr = TCP_MINPROTOHDR; |
| 256 | if (max_linkhdr + TCP_MINPROTOHDR > MHLEN) |
| 257 | panic("tcp_init"); |
| 258 | #undef TCP_MINPROTOHDR |
| 259 | |
| 260 | syncache_init(); |
| 261 | tcp_thread_init(); |
| 262 | } |
| 263 | |
| 264 | /* |
| 265 | * Fill in the IP and TCP headers for an outgoing packet, given the tcpcb. |
| 266 | * tcp_template used to store this data in mbufs, but we now recopy it out |
| 267 | * of the tcpcb each time to conserve mbufs. |
| 268 | */ |
| 269 | void |
| 270 | tcp_fillheaders(tp, ip_ptr, tcp_ptr) |
| 271 | struct tcpcb *tp; |
| 272 | void *ip_ptr; |
| 273 | void *tcp_ptr; |
| 274 | { |
| 275 | struct inpcb *inp = tp->t_inpcb; |
| 276 | struct tcphdr *tcp_hdr = (struct tcphdr *)tcp_ptr; |
| 277 | |
| 278 | #ifdef INET6 |
| 279 | if ((inp->inp_vflag & INP_IPV6) != 0) { |
| 280 | struct ip6_hdr *ip6; |
| 281 | |
| 282 | ip6 = (struct ip6_hdr *)ip_ptr; |
| 283 | ip6->ip6_flow = (ip6->ip6_flow & ~IPV6_FLOWINFO_MASK) | |
| 284 | (inp->in6p_flowinfo & IPV6_FLOWINFO_MASK); |
| 285 | ip6->ip6_vfc = (ip6->ip6_vfc & ~IPV6_VERSION_MASK) | |
| 286 | (IPV6_VERSION & IPV6_VERSION_MASK); |
| 287 | ip6->ip6_nxt = IPPROTO_TCP; |
| 288 | ip6->ip6_plen = sizeof(struct tcphdr); |
| 289 | ip6->ip6_src = inp->in6p_laddr; |
| 290 | ip6->ip6_dst = inp->in6p_faddr; |
| 291 | tcp_hdr->th_sum = 0; |
| 292 | } else |
| 293 | #endif |
| 294 | { |
| 295 | struct ip *ip = (struct ip *) ip_ptr; |
| 296 | |
| 297 | ip->ip_vhl = IP_VHL_BORING; |
| 298 | ip->ip_tos = 0; |
| 299 | ip->ip_len = 0; |
| 300 | ip->ip_id = 0; |
| 301 | ip->ip_off = 0; |
| 302 | ip->ip_ttl = 0; |
| 303 | ip->ip_sum = 0; |
| 304 | ip->ip_p = IPPROTO_TCP; |
| 305 | ip->ip_src = inp->inp_laddr; |
| 306 | ip->ip_dst = inp->inp_faddr; |
| 307 | tcp_hdr->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, |
| 308 | htons(sizeof(struct tcphdr) + IPPROTO_TCP)); |
| 309 | } |
| 310 | |
| 311 | tcp_hdr->th_sport = inp->inp_lport; |
| 312 | tcp_hdr->th_dport = inp->inp_fport; |
| 313 | tcp_hdr->th_seq = 0; |
| 314 | tcp_hdr->th_ack = 0; |
| 315 | tcp_hdr->th_x2 = 0; |
| 316 | tcp_hdr->th_off = 5; |
| 317 | tcp_hdr->th_flags = 0; |
| 318 | tcp_hdr->th_win = 0; |
| 319 | tcp_hdr->th_urp = 0; |
| 320 | } |
| 321 | |
| 322 | /* |
| 323 | * Create template to be used to send tcp packets on a connection. |
| 324 | * Allocates an mbuf and fills in a skeletal tcp/ip header. The only |
| 325 | * use for this function is in keepalives, which use tcp_respond. |
| 326 | */ |
| 327 | struct tcptemp * |
| 328 | tcp_maketemplate(tp) |
| 329 | struct tcpcb *tp; |
| 330 | { |
| 331 | struct mbuf *m; |
| 332 | struct tcptemp *n; |
| 333 | |
| 334 | m = m_get(M_DONTWAIT, MT_HEADER); |
| 335 | if (m == NULL) |
| 336 | return (0); |
| 337 | m->m_len = sizeof(struct tcptemp); |
| 338 | n = mtod(m, struct tcptemp *); |
| 339 | |
| 340 | tcp_fillheaders(tp, (void *)&n->tt_ipgen, (void *)&n->tt_t); |
| 341 | return (n); |
| 342 | } |
| 343 | |
| 344 | /* |
| 345 | * Send a single message to the TCP at address specified by |
| 346 | * the given TCP/IP header. If m == 0, then we make a copy |
| 347 | * of the tcpiphdr at ti and send directly to the addressed host. |
| 348 | * This is used to force keep alive messages out using the TCP |
| 349 | * template for a connection. If flags are given then we send |
| 350 | * a message back to the TCP which originated the * segment ti, |
| 351 | * and discard the mbuf containing it and any other attached mbufs. |
| 352 | * |
| 353 | * In any case the ack and sequence number of the transmitted |
| 354 | * segment are as specified by the parameters. |
| 355 | * |
| 356 | * NOTE: If m != NULL, then ti must point to *inside* the mbuf. |
| 357 | */ |
| 358 | void |
| 359 | tcp_respond(tp, ipgen, th, m, ack, seq, flags) |
| 360 | struct tcpcb *tp; |
| 361 | void *ipgen; |
| 362 | struct tcphdr *th; |
| 363 | struct mbuf *m; |
| 364 | tcp_seq ack, seq; |
| 365 | int flags; |
| 366 | { |
| 367 | int tlen; |
| 368 | int win = 0; |
| 369 | struct route *ro = 0; |
| 370 | struct route sro; |
| 371 | struct ip *ip; |
| 372 | struct tcphdr *nth; |
| 373 | #ifdef INET6 |
| 374 | struct route_in6 *ro6 = 0; |
| 375 | struct route_in6 sro6; |
| 376 | struct ip6_hdr *ip6; |
| 377 | int isipv6; |
| 378 | #endif /* INET6 */ |
| 379 | int ipflags = 0; |
| 380 | |
| 381 | #ifdef INET6 |
| 382 | isipv6 = IP_VHL_V(((struct ip *)ipgen)->ip_vhl) == 6; |
| 383 | ip6 = ipgen; |
| 384 | #endif /* INET6 */ |
| 385 | ip = ipgen; |
| 386 | |
| 387 | if (tp) { |
| 388 | if (!(flags & TH_RST)) { |
| 389 | win = sbspace(&tp->t_inpcb->inp_socket->so_rcv); |
| 390 | if (win > (long)TCP_MAXWIN << tp->rcv_scale) |
| 391 | win = (long)TCP_MAXWIN << tp->rcv_scale; |
| 392 | } |
| 393 | #ifdef INET6 |
| 394 | if (isipv6) |
| 395 | ro6 = &tp->t_inpcb->in6p_route; |
| 396 | else |
| 397 | #endif /* INET6 */ |
| 398 | ro = &tp->t_inpcb->inp_route; |
| 399 | } else { |
| 400 | #ifdef INET6 |
| 401 | if (isipv6) { |
| 402 | ro6 = &sro6; |
| 403 | bzero(ro6, sizeof *ro6); |
| 404 | } else |
| 405 | #endif /* INET6 */ |
| 406 | { |
| 407 | ro = &sro; |
| 408 | bzero(ro, sizeof *ro); |
| 409 | } |
| 410 | } |
| 411 | if (m == 0) { |
| 412 | m = m_gethdr(M_DONTWAIT, MT_HEADER); |
| 413 | if (m == NULL) |
| 414 | return; |
| 415 | tlen = 0; |
| 416 | m->m_data += max_linkhdr; |
| 417 | #ifdef INET6 |
| 418 | if (isipv6) { |
| 419 | bcopy((caddr_t)ip6, mtod(m, caddr_t), |
| 420 | sizeof(struct ip6_hdr)); |
| 421 | ip6 = mtod(m, struct ip6_hdr *); |
| 422 | nth = (struct tcphdr *)(ip6 + 1); |
| 423 | } else |
| 424 | #endif /* INET6 */ |
| 425 | { |
| 426 | bcopy((caddr_t)ip, mtod(m, caddr_t), sizeof(struct ip)); |
| 427 | ip = mtod(m, struct ip *); |
| 428 | nth = (struct tcphdr *)(ip + 1); |
| 429 | } |
| 430 | bcopy((caddr_t)th, (caddr_t)nth, sizeof(struct tcphdr)); |
| 431 | flags = TH_ACK; |
| 432 | } else { |
| 433 | m_freem(m->m_next); |
| 434 | m->m_next = 0; |
| 435 | m->m_data = (caddr_t)ipgen; |
| 436 | /* m_len is set later */ |
| 437 | tlen = 0; |
| 438 | #define xchg(a,b,type) { type t; t=a; a=b; b=t; } |
| 439 | #ifdef INET6 |
| 440 | if (isipv6) { |
| 441 | xchg(ip6->ip6_dst, ip6->ip6_src, struct in6_addr); |
| 442 | nth = (struct tcphdr *)(ip6 + 1); |
| 443 | } else |
| 444 | #endif /* INET6 */ |
| 445 | { |
| 446 | xchg(ip->ip_dst.s_addr, ip->ip_src.s_addr, n_long); |
| 447 | nth = (struct tcphdr *)(ip + 1); |
| 448 | } |
| 449 | if (th != nth) { |
| 450 | /* |
| 451 | * this is usually a case when an extension header |
| 452 | * exists between the IPv6 header and the |
| 453 | * TCP header. |
| 454 | */ |
| 455 | nth->th_sport = th->th_sport; |
| 456 | nth->th_dport = th->th_dport; |
| 457 | } |
| 458 | xchg(nth->th_dport, nth->th_sport, n_short); |
| 459 | #undef xchg |
| 460 | } |
| 461 | #ifdef INET6 |
| 462 | if (isipv6) { |
| 463 | ip6->ip6_flow = 0; |
| 464 | ip6->ip6_vfc = IPV6_VERSION; |
| 465 | ip6->ip6_nxt = IPPROTO_TCP; |
| 466 | ip6->ip6_plen = htons((u_short)(sizeof (struct tcphdr) + |
| 467 | tlen)); |
| 468 | tlen += sizeof (struct ip6_hdr) + sizeof (struct tcphdr); |
| 469 | } else |
| 470 | #endif |
| 471 | { |
| 472 | tlen += sizeof (struct tcpiphdr); |
| 473 | ip->ip_len = tlen; |
| 474 | ip->ip_ttl = ip_defttl; |
| 475 | } |
| 476 | m->m_len = tlen; |
| 477 | m->m_pkthdr.len = tlen; |
| 478 | m->m_pkthdr.rcvif = (struct ifnet *) 0; |
| 479 | nth->th_seq = htonl(seq); |
| 480 | nth->th_ack = htonl(ack); |
| 481 | nth->th_x2 = 0; |
| 482 | nth->th_off = sizeof (struct tcphdr) >> 2; |
| 483 | nth->th_flags = flags; |
| 484 | if (tp) |
| 485 | nth->th_win = htons((u_short) (win >> tp->rcv_scale)); |
| 486 | else |
| 487 | nth->th_win = htons((u_short)win); |
| 488 | nth->th_urp = 0; |
| 489 | #ifdef INET6 |
| 490 | if (isipv6) { |
| 491 | nth->th_sum = 0; |
| 492 | nth->th_sum = in6_cksum(m, IPPROTO_TCP, |
| 493 | sizeof(struct ip6_hdr), |
| 494 | tlen - sizeof(struct ip6_hdr)); |
| 495 | ip6->ip6_hlim = in6_selecthlim(tp ? tp->t_inpcb : NULL, |
| 496 | ro6 && ro6->ro_rt ? |
| 497 | ro6->ro_rt->rt_ifp : |
| 498 | NULL); |
| 499 | } else |
| 500 | #endif /* INET6 */ |
| 501 | { |
| 502 | nth->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, |
| 503 | htons((u_short)(tlen - sizeof(struct ip) + ip->ip_p))); |
| 504 | m->m_pkthdr.csum_flags = CSUM_TCP; |
| 505 | m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum); |
| 506 | } |
| 507 | #ifdef TCPDEBUG |
| 508 | if (tp == NULL || (tp->t_inpcb->inp_socket->so_options & SO_DEBUG)) |
| 509 | tcp_trace(TA_OUTPUT, 0, tp, mtod(m, void *), th, 0); |
| 510 | #endif |
| 511 | #ifdef INET6 |
| 512 | if (isipv6) { |
| 513 | (void)ip6_output(m, NULL, ro6, ipflags, NULL, NULL, |
| 514 | tp ? tp->t_inpcb : NULL); |
| 515 | if (ro6 == &sro6 && ro6->ro_rt) { |
| 516 | RTFREE(ro6->ro_rt); |
| 517 | ro6->ro_rt = NULL; |
| 518 | } |
| 519 | } else |
| 520 | #endif /* INET6 */ |
| 521 | { |
| 522 | (void) ip_output(m, NULL, ro, ipflags, NULL, tp ? tp->t_inpcb : NULL); |
| 523 | if (ro == &sro && ro->ro_rt) { |
| 524 | RTFREE(ro->ro_rt); |
| 525 | ro->ro_rt = NULL; |
| 526 | } |
| 527 | } |
| 528 | } |
| 529 | |
| 530 | /* |
| 531 | * Create a new TCP control block, making an |
| 532 | * empty reassembly queue and hooking it to the argument |
| 533 | * protocol control block. The `inp' parameter must have |
| 534 | * come from the zone allocator set up in tcp_init(). |
| 535 | */ |
| 536 | struct tcpcb * |
| 537 | tcp_newtcpcb(inp) |
| 538 | struct inpcb *inp; |
| 539 | { |
| 540 | struct inp_tp *it; |
| 541 | struct tcpcb *tp; |
| 542 | #ifdef INET6 |
| 543 | int isipv6 = (inp->inp_vflag & INP_IPV6) != 0; |
| 544 | #endif /* INET6 */ |
| 545 | |
| 546 | it = (struct inp_tp *)inp; |
| 547 | tp = &it->tcb; |
| 548 | bzero((char *) tp, sizeof(struct tcpcb)); |
| 549 | LIST_INIT(&tp->t_segq); |
| 550 | tp->t_maxseg = tp->t_maxopd = |
| 551 | #ifdef INET6 |
| 552 | isipv6 ? tcp_v6mssdflt : |
| 553 | #endif /* INET6 */ |
| 554 | tcp_mssdflt; |
| 555 | |
| 556 | /* Set up our timeouts. */ |
| 557 | callout_init(tp->tt_rexmt = &it->inp_tp_rexmt); |
| 558 | callout_init(tp->tt_persist = &it->inp_tp_persist); |
| 559 | callout_init(tp->tt_keep = &it->inp_tp_keep); |
| 560 | callout_init(tp->tt_2msl = &it->inp_tp_2msl); |
| 561 | callout_init(tp->tt_delack = &it->inp_tp_delack); |
| 562 | |
| 563 | if (tcp_do_rfc1323) |
| 564 | tp->t_flags = (TF_REQ_SCALE|TF_REQ_TSTMP); |
| 565 | if (tcp_do_rfc1644) |
| 566 | tp->t_flags |= TF_REQ_CC; |
| 567 | tp->t_inpcb = inp; /* XXX */ |
| 568 | /* |
| 569 | * Init srtt to TCPTV_SRTTBASE (0), so we can tell that we have no |
| 570 | * rtt estimate. Set rttvar so that srtt + 4 * rttvar gives |
| 571 | * reasonable initial retransmit time. |
| 572 | */ |
| 573 | tp->t_srtt = TCPTV_SRTTBASE; |
| 574 | tp->t_rttvar = ((TCPTV_RTOBASE - TCPTV_SRTTBASE) << TCP_RTTVAR_SHIFT) / 4; |
| 575 | tp->t_rttmin = tcp_rexmit_min; |
| 576 | tp->t_rxtcur = TCPTV_RTOBASE; |
| 577 | tp->snd_cwnd = TCP_MAXWIN << TCP_MAX_WINSHIFT; |
| 578 | tp->snd_bwnd = TCP_MAXWIN << TCP_MAX_WINSHIFT; |
| 579 | tp->snd_ssthresh = TCP_MAXWIN << TCP_MAX_WINSHIFT; |
| 580 | tp->t_rcvtime = ticks; |
| 581 | tp->t_bw_rtttime = ticks; |
| 582 | /* |
| 583 | * IPv4 TTL initialization is necessary for an IPv6 socket as well, |
| 584 | * because the socket may be bound to an IPv6 wildcard address, |
| 585 | * which may match an IPv4-mapped IPv6 address. |
| 586 | */ |
| 587 | inp->inp_ip_ttl = ip_defttl; |
| 588 | inp->inp_ppcb = (caddr_t)tp; |
| 589 | return (tp); /* XXX */ |
| 590 | } |
| 591 | |
| 592 | /* |
| 593 | * Drop a TCP connection, reporting |
| 594 | * the specified error. If connection is synchronized, |
| 595 | * then send a RST to peer. |
| 596 | */ |
| 597 | struct tcpcb * |
| 598 | tcp_drop(tp, errno) |
| 599 | struct tcpcb *tp; |
| 600 | int errno; |
| 601 | { |
| 602 | struct socket *so = tp->t_inpcb->inp_socket; |
| 603 | |
| 604 | if (TCPS_HAVERCVDSYN(tp->t_state)) { |
| 605 | tp->t_state = TCPS_CLOSED; |
| 606 | (void) tcp_output(tp); |
| 607 | tcpstat.tcps_drops++; |
| 608 | } else |
| 609 | tcpstat.tcps_conndrops++; |
| 610 | if (errno == ETIMEDOUT && tp->t_softerror) |
| 611 | errno = tp->t_softerror; |
| 612 | so->so_error = errno; |
| 613 | return (tcp_close(tp)); |
| 614 | } |
| 615 | |
| 616 | /* |
| 617 | * Close a TCP control block: |
| 618 | * discard all space held by the tcp |
| 619 | * discard internet protocol block |
| 620 | * wake up any sleepers |
| 621 | */ |
| 622 | struct tcpcb * |
| 623 | tcp_close(tp) |
| 624 | struct tcpcb *tp; |
| 625 | { |
| 626 | struct tseg_qent *q; |
| 627 | struct inpcb *inp = tp->t_inpcb; |
| 628 | struct socket *so = inp->inp_socket; |
| 629 | #ifdef INET6 |
| 630 | int isipv6 = (inp->inp_vflag & INP_IPV6) != 0; |
| 631 | #endif /* INET6 */ |
| 632 | struct rtentry *rt; |
| 633 | int dosavessthresh; |
| 634 | |
| 635 | /* |
| 636 | * Make sure that all of our timers are stopped before we |
| 637 | * delete the PCB. |
| 638 | */ |
| 639 | callout_stop(tp->tt_rexmt); |
| 640 | callout_stop(tp->tt_persist); |
| 641 | callout_stop(tp->tt_keep); |
| 642 | callout_stop(tp->tt_2msl); |
| 643 | callout_stop(tp->tt_delack); |
| 644 | |
| 645 | /* |
| 646 | * If we got enough samples through the srtt filter, |
| 647 | * save the rtt and rttvar in the routing entry. |
| 648 | * 'Enough' is arbitrarily defined as the 16 samples. |
| 649 | * 16 samples is enough for the srtt filter to converge |
| 650 | * to within 5% of the correct value; fewer samples and |
| 651 | * we could save a very bogus rtt. |
| 652 | * |
| 653 | * Don't update the default route's characteristics and don't |
| 654 | * update anything that the user "locked". |
| 655 | */ |
| 656 | if (tp->t_rttupdated >= 16) { |
| 657 | u_long i = 0; |
| 658 | #ifdef INET6 |
| 659 | if (isipv6) { |
| 660 | struct sockaddr_in6 *sin6; |
| 661 | |
| 662 | if ((rt = inp->in6p_route.ro_rt) == NULL) |
| 663 | goto no_valid_rt; |
| 664 | sin6 = (struct sockaddr_in6 *)rt_key(rt); |
| 665 | if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) |
| 666 | goto no_valid_rt; |
| 667 | } |
| 668 | else |
| 669 | #endif /* INET6 */ |
| 670 | if ((rt = inp->inp_route.ro_rt) == NULL || |
| 671 | ((struct sockaddr_in *)rt_key(rt))->sin_addr.s_addr |
| 672 | == INADDR_ANY) |
| 673 | goto no_valid_rt; |
| 674 | |
| 675 | if ((rt->rt_rmx.rmx_locks & RTV_RTT) == 0) { |
| 676 | i = tp->t_srtt * |
| 677 | (RTM_RTTUNIT / (hz * TCP_RTT_SCALE)); |
| 678 | if (rt->rt_rmx.rmx_rtt && i) |
| 679 | /* |
| 680 | * filter this update to half the old & half |
| 681 | * the new values, converting scale. |
| 682 | * See route.h and tcp_var.h for a |
| 683 | * description of the scaling constants. |
| 684 | */ |
| 685 | rt->rt_rmx.rmx_rtt = |
| 686 | (rt->rt_rmx.rmx_rtt + i) / 2; |
| 687 | else |
| 688 | rt->rt_rmx.rmx_rtt = i; |
| 689 | tcpstat.tcps_cachedrtt++; |
| 690 | } |
| 691 | if ((rt->rt_rmx.rmx_locks & RTV_RTTVAR) == 0) { |
| 692 | i = tp->t_rttvar * |
| 693 | (RTM_RTTUNIT / (hz * TCP_RTTVAR_SCALE)); |
| 694 | if (rt->rt_rmx.rmx_rttvar && i) |
| 695 | rt->rt_rmx.rmx_rttvar = |
| 696 | (rt->rt_rmx.rmx_rttvar + i) / 2; |
| 697 | else |
| 698 | rt->rt_rmx.rmx_rttvar = i; |
| 699 | tcpstat.tcps_cachedrttvar++; |
| 700 | } |
| 701 | /* |
| 702 | * The old comment here said: |
| 703 | * update the pipelimit (ssthresh) if it has been updated |
| 704 | * already or if a pipesize was specified & the threshhold |
| 705 | * got below half the pipesize. I.e., wait for bad news |
| 706 | * before we start updating, then update on both good |
| 707 | * and bad news. |
| 708 | * |
| 709 | * But we want to save the ssthresh even if no pipesize is |
| 710 | * specified explicitly in the route, because such |
| 711 | * connections still have an implicit pipesize specified |
| 712 | * by the global tcp_sendspace. In the absence of a reliable |
| 713 | * way to calculate the pipesize, it will have to do. |
| 714 | */ |
| 715 | i = tp->snd_ssthresh; |
| 716 | if (rt->rt_rmx.rmx_sendpipe != 0) |
| 717 | dosavessthresh = (i < rt->rt_rmx.rmx_sendpipe / 2); |
| 718 | else |
| 719 | dosavessthresh = (i < so->so_snd.sb_hiwat / 2); |
| 720 | if (((rt->rt_rmx.rmx_locks & RTV_SSTHRESH) == 0 && |
| 721 | i != 0 && rt->rt_rmx.rmx_ssthresh != 0) |
| 722 | || dosavessthresh) { |
| 723 | /* |
| 724 | * convert the limit from user data bytes to |
| 725 | * packets then to packet data bytes. |
| 726 | */ |
| 727 | i = (i + tp->t_maxseg / 2) / tp->t_maxseg; |
| 728 | if (i < 2) |
| 729 | i = 2; |
| 730 | i *= (u_long)(tp->t_maxseg + |
| 731 | #ifdef INET6 |
| 732 | (isipv6 ? sizeof (struct ip6_hdr) + |
| 733 | sizeof (struct tcphdr) : |
| 734 | #endif |
| 735 | sizeof (struct tcpiphdr) |
| 736 | #ifdef INET6 |
| 737 | ) |
| 738 | #endif |
| 739 | ); |
| 740 | if (rt->rt_rmx.rmx_ssthresh) |
| 741 | rt->rt_rmx.rmx_ssthresh = |
| 742 | (rt->rt_rmx.rmx_ssthresh + i) / 2; |
| 743 | else |
| 744 | rt->rt_rmx.rmx_ssthresh = i; |
| 745 | tcpstat.tcps_cachedssthresh++; |
| 746 | } |
| 747 | } |
| 748 | no_valid_rt: |
| 749 | /* free the reassembly queue, if any */ |
| 750 | while((q = LIST_FIRST(&tp->t_segq)) != NULL) { |
| 751 | LIST_REMOVE(q, tqe_q); |
| 752 | m_freem(q->tqe_m); |
| 753 | FREE(q, M_TSEGQ); |
| 754 | } |
| 755 | inp->inp_ppcb = NULL; |
| 756 | soisdisconnected(so); |
| 757 | #ifdef INET6 |
| 758 | if (INP_CHECK_SOCKAF(so, AF_INET6)) |
| 759 | in6_pcbdetach(inp); |
| 760 | else |
| 761 | #endif /* INET6 */ |
| 762 | in_pcbdetach(inp); |
| 763 | tcpstat.tcps_closed++; |
| 764 | return ((struct tcpcb *)0); |
| 765 | } |
| 766 | |
| 767 | void |
| 768 | tcp_drain() |
| 769 | { |
| 770 | if (do_tcpdrain) |
| 771 | { |
| 772 | struct inpcb *inpb; |
| 773 | struct tcpcb *tcpb; |
| 774 | struct tseg_qent *te; |
| 775 | |
| 776 | /* |
| 777 | * Walk the tcpbs, if existing, and flush the reassembly queue, |
| 778 | * if there is one... |
| 779 | * XXX: The "Net/3" implementation doesn't imply that the TCP |
| 780 | * reassembly queue should be flushed, but in a situation |
| 781 | * where we're really low on mbufs, this is potentially |
| 782 | * usefull. |
| 783 | */ |
| 784 | LIST_FOREACH(inpb, tcbinfo.listhead, inp_list) { |
| 785 | if ((tcpb = intotcpcb(inpb))) { |
| 786 | while ((te = LIST_FIRST(&tcpb->t_segq)) |
| 787 | != NULL) { |
| 788 | LIST_REMOVE(te, tqe_q); |
| 789 | m_freem(te->tqe_m); |
| 790 | FREE(te, M_TSEGQ); |
| 791 | } |
| 792 | } |
| 793 | } |
| 794 | |
| 795 | } |
| 796 | } |
| 797 | |
| 798 | /* |
| 799 | * Notify a tcp user of an asynchronous error; |
| 800 | * store error as soft error, but wake up user |
| 801 | * (for now, won't do anything until can select for soft error). |
| 802 | * |
| 803 | * Do not wake up user since there currently is no mechanism for |
| 804 | * reporting soft errors (yet - a kqueue filter may be added). |
| 805 | */ |
| 806 | static void |
| 807 | tcp_notify(inp, error) |
| 808 | struct inpcb *inp; |
| 809 | int error; |
| 810 | { |
| 811 | struct tcpcb *tp = (struct tcpcb *)inp->inp_ppcb; |
| 812 | |
| 813 | /* |
| 814 | * Ignore some errors if we are hooked up. |
| 815 | * If connection hasn't completed, has retransmitted several times, |
| 816 | * and receives a second error, give up now. This is better |
| 817 | * than waiting a long time to establish a connection that |
| 818 | * can never complete. |
| 819 | */ |
| 820 | if (tp->t_state == TCPS_ESTABLISHED && |
| 821 | (error == EHOSTUNREACH || error == ENETUNREACH || |
| 822 | error == EHOSTDOWN)) { |
| 823 | return; |
| 824 | } else if (tp->t_state < TCPS_ESTABLISHED && tp->t_rxtshift > 3 && |
| 825 | tp->t_softerror) |
| 826 | tcp_drop(tp, error); |
| 827 | else |
| 828 | tp->t_softerror = error; |
| 829 | #if 0 |
| 830 | wakeup((caddr_t) &so->so_timeo); |
| 831 | sorwakeup(so); |
| 832 | sowwakeup(so); |
| 833 | #endif |
| 834 | } |
| 835 | |
| 836 | static int |
| 837 | tcp_pcblist(SYSCTL_HANDLER_ARGS) |
| 838 | { |
| 839 | int error, i, n, s; |
| 840 | struct inpcb *inp, **inp_list; |
| 841 | inp_gen_t gencnt; |
| 842 | struct xinpgen xig; |
| 843 | |
| 844 | /* |
| 845 | * The process of preparing the TCB list is too time-consuming and |
| 846 | * resource-intensive to repeat twice on every request. |
| 847 | */ |
| 848 | if (req->oldptr == 0) { |
| 849 | n = tcbinfo.ipi_count; |
| 850 | req->oldidx = 2 * (sizeof xig) |
| 851 | + (n + n/8) * sizeof(struct xtcpcb); |
| 852 | return 0; |
| 853 | } |
| 854 | |
| 855 | if (req->newptr != 0) |
| 856 | return EPERM; |
| 857 | |
| 858 | /* |
| 859 | * OK, now we're committed to doing something. |
| 860 | */ |
| 861 | s = splnet(); |
| 862 | gencnt = tcbinfo.ipi_gencnt; |
| 863 | n = tcbinfo.ipi_count; |
| 864 | splx(s); |
| 865 | |
| 866 | xig.xig_len = sizeof xig; |
| 867 | xig.xig_count = n; |
| 868 | xig.xig_gen = gencnt; |
| 869 | xig.xig_sogen = so_gencnt; |
| 870 | error = SYSCTL_OUT(req, &xig, sizeof xig); |
| 871 | if (error) |
| 872 | return error; |
| 873 | |
| 874 | inp_list = malloc(n * sizeof *inp_list, M_TEMP, M_WAITOK); |
| 875 | if (inp_list == 0) |
| 876 | return ENOMEM; |
| 877 | |
| 878 | s = splnet(); |
| 879 | for (inp = LIST_FIRST(tcbinfo.listhead), i = 0; inp && i < n; |
| 880 | inp = LIST_NEXT(inp, inp_list)) { |
| 881 | if (inp->inp_gencnt <= gencnt && !prison_xinpcb(req->td, inp)) |
| 882 | inp_list[i++] = inp; |
| 883 | } |
| 884 | splx(s); |
| 885 | n = i; |
| 886 | |
| 887 | error = 0; |
| 888 | for (i = 0; i < n; i++) { |
| 889 | inp = inp_list[i]; |
| 890 | if (inp->inp_gencnt <= gencnt) { |
| 891 | struct xtcpcb xt; |
| 892 | caddr_t inp_ppcb; |
| 893 | xt.xt_len = sizeof xt; |
| 894 | /* XXX should avoid extra copy */ |
| 895 | bcopy(inp, &xt.xt_inp, sizeof *inp); |
| 896 | inp_ppcb = inp->inp_ppcb; |
| 897 | if (inp_ppcb != NULL) |
| 898 | bcopy(inp_ppcb, &xt.xt_tp, sizeof xt.xt_tp); |
| 899 | else |
| 900 | bzero((char *) &xt.xt_tp, sizeof xt.xt_tp); |
| 901 | if (inp->inp_socket) |
| 902 | sotoxsocket(inp->inp_socket, &xt.xt_socket); |
| 903 | error = SYSCTL_OUT(req, &xt, sizeof xt); |
| 904 | } |
| 905 | } |
| 906 | if (!error) { |
| 907 | /* |
| 908 | * Give the user an updated idea of our state. |
| 909 | * If the generation differs from what we told |
| 910 | * her before, she knows that something happened |
| 911 | * while we were processing this request, and it |
| 912 | * might be necessary to retry. |
| 913 | */ |
| 914 | s = splnet(); |
| 915 | xig.xig_gen = tcbinfo.ipi_gencnt; |
| 916 | xig.xig_sogen = so_gencnt; |
| 917 | xig.xig_count = tcbinfo.ipi_count; |
| 918 | splx(s); |
| 919 | error = SYSCTL_OUT(req, &xig, sizeof xig); |
| 920 | } |
| 921 | free(inp_list, M_TEMP); |
| 922 | return error; |
| 923 | } |
| 924 | |
| 925 | SYSCTL_PROC(_net_inet_tcp, TCPCTL_PCBLIST, pcblist, CTLFLAG_RD, 0, 0, |
| 926 | tcp_pcblist, "S,xtcpcb", "List of active TCP connections"); |
| 927 | |
| 928 | static int |
| 929 | tcp_getcred(SYSCTL_HANDLER_ARGS) |
| 930 | { |
| 931 | struct sockaddr_in addrs[2]; |
| 932 | struct inpcb *inp; |
| 933 | int error, s; |
| 934 | |
| 935 | error = suser(req->td); |
| 936 | if (error) |
| 937 | return (error); |
| 938 | error = SYSCTL_IN(req, addrs, sizeof(addrs)); |
| 939 | if (error) |
| 940 | return (error); |
| 941 | s = splnet(); |
| 942 | inp = in_pcblookup_hash(&tcbinfo, addrs[1].sin_addr, addrs[1].sin_port, |
| 943 | addrs[0].sin_addr, addrs[0].sin_port, 0, NULL); |
| 944 | if (inp == NULL || inp->inp_socket == NULL) { |
| 945 | error = ENOENT; |
| 946 | goto out; |
| 947 | } |
| 948 | error = SYSCTL_OUT(req, inp->inp_socket->so_cred, sizeof(struct ucred)); |
| 949 | out: |
| 950 | splx(s); |
| 951 | return (error); |
| 952 | } |
| 953 | |
| 954 | SYSCTL_PROC(_net_inet_tcp, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, |
| 955 | 0, 0, tcp_getcred, "S,ucred", "Get the ucred of a TCP connection"); |
| 956 | |
| 957 | #ifdef INET6 |
| 958 | static int |
| 959 | tcp6_getcred(SYSCTL_HANDLER_ARGS) |
| 960 | { |
| 961 | struct sockaddr_in6 addrs[2]; |
| 962 | struct inpcb *inp; |
| 963 | int error, s, mapped = 0; |
| 964 | |
| 965 | error = suser(req->td); |
| 966 | if (error) |
| 967 | return (error); |
| 968 | error = SYSCTL_IN(req, addrs, sizeof(addrs)); |
| 969 | if (error) |
| 970 | return (error); |
| 971 | if (IN6_IS_ADDR_V4MAPPED(&addrs[0].sin6_addr)) { |
| 972 | if (IN6_IS_ADDR_V4MAPPED(&addrs[1].sin6_addr)) |
| 973 | mapped = 1; |
| 974 | else |
| 975 | return (EINVAL); |
| 976 | } |
| 977 | s = splnet(); |
| 978 | if (mapped == 1) |
| 979 | inp = in_pcblookup_hash(&tcbinfo, |
| 980 | *(struct in_addr *)&addrs[1].sin6_addr.s6_addr[12], |
| 981 | addrs[1].sin6_port, |
| 982 | *(struct in_addr *)&addrs[0].sin6_addr.s6_addr[12], |
| 983 | addrs[0].sin6_port, |
| 984 | 0, NULL); |
| 985 | else |
| 986 | inp = in6_pcblookup_hash(&tcbinfo, &addrs[1].sin6_addr, |
| 987 | addrs[1].sin6_port, |
| 988 | &addrs[0].sin6_addr, addrs[0].sin6_port, |
| 989 | 0, NULL); |
| 990 | if (inp == NULL || inp->inp_socket == NULL) { |
| 991 | error = ENOENT; |
| 992 | goto out; |
| 993 | } |
| 994 | error = SYSCTL_OUT(req, inp->inp_socket->so_cred, |
| 995 | sizeof(struct ucred)); |
| 996 | out: |
| 997 | splx(s); |
| 998 | return (error); |
| 999 | } |
| 1000 | |
| 1001 | SYSCTL_PROC(_net_inet6_tcp6, OID_AUTO, getcred, CTLTYPE_OPAQUE|CTLFLAG_RW, |
| 1002 | 0, 0, |
| 1003 | tcp6_getcred, "S,ucred", "Get the ucred of a TCP6 connection"); |
| 1004 | #endif |
| 1005 | |
| 1006 | |
| 1007 | void |
| 1008 | tcp_ctlinput(cmd, sa, vip) |
| 1009 | int cmd; |
| 1010 | struct sockaddr *sa; |
| 1011 | void *vip; |
| 1012 | { |
| 1013 | struct ip *ip = vip; |
| 1014 | struct tcphdr *th; |
| 1015 | struct in_addr faddr; |
| 1016 | struct inpcb *inp; |
| 1017 | struct tcpcb *tp; |
| 1018 | void (*notify) (struct inpcb *, int) = tcp_notify; |
| 1019 | tcp_seq icmp_seq; |
| 1020 | int s; |
| 1021 | |
| 1022 | faddr = ((struct sockaddr_in *)sa)->sin_addr; |
| 1023 | if (sa->sa_family != AF_INET || faddr.s_addr == INADDR_ANY) |
| 1024 | return; |
| 1025 | |
| 1026 | if (cmd == PRC_QUENCH) |
| 1027 | notify = tcp_quench; |
| 1028 | else if (icmp_may_rst && (cmd == PRC_UNREACH_ADMIN_PROHIB || |
| 1029 | cmd == PRC_UNREACH_PORT || cmd == PRC_TIMXCEED_INTRANS) && ip) |
| 1030 | notify = tcp_drop_syn_sent; |
| 1031 | else if (cmd == PRC_MSGSIZE) |
| 1032 | notify = tcp_mtudisc; |
| 1033 | else if (PRC_IS_REDIRECT(cmd)) { |
| 1034 | ip = 0; |
| 1035 | notify = in_rtchange; |
| 1036 | } else if (cmd == PRC_HOSTDEAD) |
| 1037 | ip = 0; |
| 1038 | else if ((unsigned)cmd > PRC_NCMDS || inetctlerrmap[cmd] == 0) |
| 1039 | return; |
| 1040 | if (ip) { |
| 1041 | s = splnet(); |
| 1042 | th = (struct tcphdr *)((caddr_t)ip |
| 1043 | + (IP_VHL_HL(ip->ip_vhl) << 2)); |
| 1044 | inp = in_pcblookup_hash(&tcbinfo, faddr, th->th_dport, |
| 1045 | ip->ip_src, th->th_sport, 0, NULL); |
| 1046 | if (inp != NULL && inp->inp_socket != NULL) { |
| 1047 | icmp_seq = htonl(th->th_seq); |
| 1048 | tp = intotcpcb(inp); |
| 1049 | if (SEQ_GEQ(icmp_seq, tp->snd_una) && |
| 1050 | SEQ_LT(icmp_seq, tp->snd_max)) |
| 1051 | (*notify)(inp, inetctlerrmap[cmd]); |
| 1052 | } else { |
| 1053 | struct in_conninfo inc; |
| 1054 | |
| 1055 | inc.inc_fport = th->th_dport; |
| 1056 | inc.inc_lport = th->th_sport; |
| 1057 | inc.inc_faddr = faddr; |
| 1058 | inc.inc_laddr = ip->ip_src; |
| 1059 | #ifdef INET6 |
| 1060 | inc.inc_isipv6 = 0; |
| 1061 | #endif |
| 1062 | syncache_unreach(&inc, th); |
| 1063 | } |
| 1064 | splx(s); |
| 1065 | } else |
| 1066 | in_pcbnotifyall(&tcb, faddr, inetctlerrmap[cmd], notify); |
| 1067 | } |
| 1068 | |
| 1069 | #ifdef INET6 |
| 1070 | void |
| 1071 | tcp6_ctlinput(cmd, sa, d) |
| 1072 | int cmd; |
| 1073 | struct sockaddr *sa; |
| 1074 | void *d; |
| 1075 | { |
| 1076 | struct tcphdr th; |
| 1077 | void (*notify) (struct inpcb *, int) = tcp_notify; |
| 1078 | struct ip6_hdr *ip6; |
| 1079 | struct mbuf *m; |
| 1080 | struct ip6ctlparam *ip6cp = NULL; |
| 1081 | const struct sockaddr_in6 *sa6_src = NULL; |
| 1082 | int off; |
| 1083 | struct tcp_portonly { |
| 1084 | u_int16_t th_sport; |
| 1085 | u_int16_t th_dport; |
| 1086 | } *thp; |
| 1087 | |
| 1088 | if (sa->sa_family != AF_INET6 || |
| 1089 | sa->sa_len != sizeof(struct sockaddr_in6)) |
| 1090 | return; |
| 1091 | |
| 1092 | if (cmd == PRC_QUENCH) |
| 1093 | notify = tcp_quench; |
| 1094 | else if (cmd == PRC_MSGSIZE) |
| 1095 | notify = tcp_mtudisc; |
| 1096 | else if (!PRC_IS_REDIRECT(cmd) && |
| 1097 | ((unsigned)cmd > PRC_NCMDS || inet6ctlerrmap[cmd] == 0)) |
| 1098 | return; |
| 1099 | |
| 1100 | /* if the parameter is from icmp6, decode it. */ |
| 1101 | if (d != NULL) { |
| 1102 | ip6cp = (struct ip6ctlparam *)d; |
| 1103 | m = ip6cp->ip6c_m; |
| 1104 | ip6 = ip6cp->ip6c_ip6; |
| 1105 | off = ip6cp->ip6c_off; |
| 1106 | sa6_src = ip6cp->ip6c_src; |
| 1107 | } else { |
| 1108 | m = NULL; |
| 1109 | ip6 = NULL; |
| 1110 | off = 0; /* fool gcc */ |
| 1111 | sa6_src = &sa6_any; |
| 1112 | } |
| 1113 | |
| 1114 | if (ip6) { |
| 1115 | struct in_conninfo inc; |
| 1116 | /* |
| 1117 | * XXX: We assume that when IPV6 is non NULL, |
| 1118 | * M and OFF are valid. |
| 1119 | */ |
| 1120 | |
| 1121 | /* check if we can safely examine src and dst ports */ |
| 1122 | if (m->m_pkthdr.len < off + sizeof(*thp)) |
| 1123 | return; |
| 1124 | |
| 1125 | bzero(&th, sizeof(th)); |
| 1126 | m_copydata(m, off, sizeof(*thp), (caddr_t)&th); |
| 1127 | |
| 1128 | in6_pcbnotify(&tcb, sa, th.th_dport, |
| 1129 | (struct sockaddr *)ip6cp->ip6c_src, |
| 1130 | th.th_sport, cmd, notify); |
| 1131 | |
| 1132 | inc.inc_fport = th.th_dport; |
| 1133 | inc.inc_lport = th.th_sport; |
| 1134 | inc.inc6_faddr = ((struct sockaddr_in6 *)sa)->sin6_addr; |
| 1135 | inc.inc6_laddr = ip6cp->ip6c_src->sin6_addr; |
| 1136 | inc.inc_isipv6 = 1; |
| 1137 | syncache_unreach(&inc, &th); |
| 1138 | } else |
| 1139 | in6_pcbnotify(&tcb, sa, 0, (const struct sockaddr *)sa6_src, |
| 1140 | 0, cmd, notify); |
| 1141 | } |
| 1142 | #endif /* INET6 */ |
| 1143 | |
| 1144 | |
| 1145 | /* |
| 1146 | * Following is where TCP initial sequence number generation occurs. |
| 1147 | * |
| 1148 | * There are two places where we must use initial sequence numbers: |
| 1149 | * 1. In SYN-ACK packets. |
| 1150 | * 2. In SYN packets. |
| 1151 | * |
| 1152 | * All ISNs for SYN-ACK packets are generated by the syncache. See |
| 1153 | * tcp_syncache.c for details. |
| 1154 | * |
| 1155 | * The ISNs in SYN packets must be monotonic; TIME_WAIT recycling |
| 1156 | * depends on this property. In addition, these ISNs should be |
| 1157 | * unguessable so as to prevent connection hijacking. To satisfy |
| 1158 | * the requirements of this situation, the algorithm outlined in |
| 1159 | * RFC 1948 is used to generate sequence numbers. |
| 1160 | * |
| 1161 | * Implementation details: |
| 1162 | * |
| 1163 | * Time is based off the system timer, and is corrected so that it |
| 1164 | * increases by one megabyte per second. This allows for proper |
| 1165 | * recycling on high speed LANs while still leaving over an hour |
| 1166 | * before rollover. |
| 1167 | * |
| 1168 | * net.inet.tcp.isn_reseed_interval controls the number of seconds |
| 1169 | * between seeding of isn_secret. This is normally set to zero, |
| 1170 | * as reseeding should not be necessary. |
| 1171 | * |
| 1172 | */ |
| 1173 | |
| 1174 | #define ISN_BYTES_PER_SECOND 1048576 |
| 1175 | |
| 1176 | u_char isn_secret[32]; |
| 1177 | int isn_last_reseed; |
| 1178 | MD5_CTX isn_ctx; |
| 1179 | |
| 1180 | tcp_seq |
| 1181 | tcp_new_isn(tp) |
| 1182 | struct tcpcb *tp; |
| 1183 | { |
| 1184 | u_int32_t md5_buffer[4]; |
| 1185 | tcp_seq new_isn; |
| 1186 | |
| 1187 | /* Seed if this is the first use, reseed if requested. */ |
| 1188 | if ((isn_last_reseed == 0) || ((tcp_isn_reseed_interval > 0) && |
| 1189 | (((u_int)isn_last_reseed + (u_int)tcp_isn_reseed_interval*hz) |
| 1190 | < (u_int)ticks))) { |
| 1191 | read_random_unlimited(&isn_secret, sizeof(isn_secret)); |
| 1192 | isn_last_reseed = ticks; |
| 1193 | } |
| 1194 | |
| 1195 | /* Compute the md5 hash and return the ISN. */ |
| 1196 | MD5Init(&isn_ctx); |
| 1197 | MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_fport, sizeof(u_short)); |
| 1198 | MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_lport, sizeof(u_short)); |
| 1199 | #ifdef INET6 |
| 1200 | if ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0) { |
| 1201 | MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_faddr, |
| 1202 | sizeof(struct in6_addr)); |
| 1203 | MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_laddr, |
| 1204 | sizeof(struct in6_addr)); |
| 1205 | } else |
| 1206 | #endif |
| 1207 | { |
| 1208 | MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_faddr, |
| 1209 | sizeof(struct in_addr)); |
| 1210 | MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_laddr, |
| 1211 | sizeof(struct in_addr)); |
| 1212 | } |
| 1213 | MD5Update(&isn_ctx, (u_char *) &isn_secret, sizeof(isn_secret)); |
| 1214 | MD5Final((u_char *) &md5_buffer, &isn_ctx); |
| 1215 | new_isn = (tcp_seq) md5_buffer[0]; |
| 1216 | new_isn += ticks * (ISN_BYTES_PER_SECOND / hz); |
| 1217 | return new_isn; |
| 1218 | } |
| 1219 | |
| 1220 | /* |
| 1221 | * When a source quench is received, close congestion window |
| 1222 | * to one segment. We will gradually open it again as we proceed. |
| 1223 | */ |
| 1224 | void |
| 1225 | tcp_quench(inp, errno) |
| 1226 | struct inpcb *inp; |
| 1227 | int errno; |
| 1228 | { |
| 1229 | struct tcpcb *tp = intotcpcb(inp); |
| 1230 | |
| 1231 | if (tp) |
| 1232 | tp->snd_cwnd = tp->t_maxseg; |
| 1233 | } |
| 1234 | |
| 1235 | /* |
| 1236 | * When a specific ICMP unreachable message is received and the |
| 1237 | * connection state is SYN-SENT, drop the connection. This behavior |
| 1238 | * is controlled by the icmp_may_rst sysctl. |
| 1239 | */ |
| 1240 | void |
| 1241 | tcp_drop_syn_sent(inp, errno) |
| 1242 | struct inpcb *inp; |
| 1243 | int errno; |
| 1244 | { |
| 1245 | struct tcpcb *tp = intotcpcb(inp); |
| 1246 | |
| 1247 | if (tp && tp->t_state == TCPS_SYN_SENT) |
| 1248 | tcp_drop(tp, errno); |
| 1249 | } |
| 1250 | |
| 1251 | /* |
| 1252 | * When `need fragmentation' ICMP is received, update our idea of the MSS |
| 1253 | * based on the new value in the route. Also nudge TCP to send something, |
| 1254 | * since we know the packet we just sent was dropped. |
| 1255 | * This duplicates some code in the tcp_mss() function in tcp_input.c. |
| 1256 | */ |
| 1257 | void |
| 1258 | tcp_mtudisc(inp, errno) |
| 1259 | struct inpcb *inp; |
| 1260 | int errno; |
| 1261 | { |
| 1262 | struct tcpcb *tp = intotcpcb(inp); |
| 1263 | struct rtentry *rt; |
| 1264 | struct rmxp_tao *taop; |
| 1265 | struct socket *so = inp->inp_socket; |
| 1266 | int offered; |
| 1267 | int mss; |
| 1268 | #ifdef INET6 |
| 1269 | int isipv6 = (tp->t_inpcb->inp_vflag & INP_IPV6) != 0; |
| 1270 | #endif /* INET6 */ |
| 1271 | |
| 1272 | if (tp) { |
| 1273 | #ifdef INET6 |
| 1274 | if (isipv6) |
| 1275 | rt = tcp_rtlookup6(&inp->inp_inc); |
| 1276 | else |
| 1277 | #endif /* INET6 */ |
| 1278 | rt = tcp_rtlookup(&inp->inp_inc); |
| 1279 | if (!rt || !rt->rt_rmx.rmx_mtu) { |
| 1280 | tp->t_maxopd = tp->t_maxseg = |
| 1281 | #ifdef INET6 |
| 1282 | isipv6 ? tcp_v6mssdflt : |
| 1283 | #endif /* INET6 */ |
| 1284 | tcp_mssdflt; |
| 1285 | return; |
| 1286 | } |
| 1287 | taop = rmx_taop(rt->rt_rmx); |
| 1288 | offered = taop->tao_mssopt; |
| 1289 | mss = rt->rt_rmx.rmx_mtu - |
| 1290 | #ifdef INET6 |
| 1291 | (isipv6 ? |
| 1292 | sizeof(struct ip6_hdr) + sizeof(struct tcphdr) : |
| 1293 | #endif /* INET6 */ |
| 1294 | sizeof(struct tcpiphdr) |
| 1295 | #ifdef INET6 |
| 1296 | ) |
| 1297 | #endif /* INET6 */ |
| 1298 | ; |
| 1299 | |
| 1300 | if (offered) |
| 1301 | mss = min(mss, offered); |
| 1302 | /* |
| 1303 | * XXX - The above conditional probably violates the TCP |
| 1304 | * spec. The problem is that, since we don't know the |
| 1305 | * other end's MSS, we are supposed to use a conservative |
| 1306 | * default. But, if we do that, then MTU discovery will |
| 1307 | * never actually take place, because the conservative |
| 1308 | * default is much less than the MTUs typically seen |
| 1309 | * on the Internet today. For the moment, we'll sweep |
| 1310 | * this under the carpet. |
| 1311 | * |
| 1312 | * The conservative default might not actually be a problem |
| 1313 | * if the only case this occurs is when sending an initial |
| 1314 | * SYN with options and data to a host we've never talked |
| 1315 | * to before. Then, they will reply with an MSS value which |
| 1316 | * will get recorded and the new parameters should get |
| 1317 | * recomputed. For Further Study. |
| 1318 | */ |
| 1319 | if (tp->t_maxopd <= mss) |
| 1320 | return; |
| 1321 | tp->t_maxopd = mss; |
| 1322 | |
| 1323 | if ((tp->t_flags & (TF_REQ_TSTMP|TF_NOOPT)) == TF_REQ_TSTMP && |
| 1324 | (tp->t_flags & TF_RCVD_TSTMP) == TF_RCVD_TSTMP) |
| 1325 | mss -= TCPOLEN_TSTAMP_APPA; |
| 1326 | if ((tp->t_flags & (TF_REQ_CC|TF_NOOPT)) == TF_REQ_CC && |
| 1327 | (tp->t_flags & TF_RCVD_CC) == TF_RCVD_CC) |
| 1328 | mss -= TCPOLEN_CC_APPA; |
| 1329 | #if (MCLBYTES & (MCLBYTES - 1)) == 0 |
| 1330 | if (mss > MCLBYTES) |
| 1331 | mss &= ~(MCLBYTES-1); |
| 1332 | #else |
| 1333 | if (mss > MCLBYTES) |
| 1334 | mss = mss / MCLBYTES * MCLBYTES; |
| 1335 | #endif |
| 1336 | if (so->so_snd.sb_hiwat < mss) |
| 1337 | mss = so->so_snd.sb_hiwat; |
| 1338 | |
| 1339 | tp->t_maxseg = mss; |
| 1340 | |
| 1341 | tcpstat.tcps_mturesent++; |
| 1342 | tp->t_rtttime = 0; |
| 1343 | tp->snd_nxt = tp->snd_una; |
| 1344 | tcp_output(tp); |
| 1345 | } |
| 1346 | } |
| 1347 | |
| 1348 | /* |
| 1349 | * Look-up the routing entry to the peer of this inpcb. If no route |
| 1350 | * is found and it cannot be allocated the return NULL. This routine |
| 1351 | * is called by TCP routines that access the rmx structure and by tcp_mss |
| 1352 | * to get the interface MTU. |
| 1353 | */ |
| 1354 | struct rtentry * |
| 1355 | tcp_rtlookup(inc) |
| 1356 | struct in_conninfo *inc; |
| 1357 | { |
| 1358 | struct route *ro; |
| 1359 | struct rtentry *rt; |
| 1360 | |
| 1361 | ro = &inc->inc_route; |
| 1362 | rt = ro->ro_rt; |
| 1363 | if (rt == NULL || !(rt->rt_flags & RTF_UP)) { |
| 1364 | /* No route yet, so try to acquire one */ |
| 1365 | if (inc->inc_faddr.s_addr != INADDR_ANY) { |
| 1366 | ro->ro_dst.sa_family = AF_INET; |
| 1367 | ro->ro_dst.sa_len = sizeof(struct sockaddr_in); |
| 1368 | ((struct sockaddr_in *) &ro->ro_dst)->sin_addr = |
| 1369 | inc->inc_faddr; |
| 1370 | rtalloc(ro); |
| 1371 | rt = ro->ro_rt; |
| 1372 | } |
| 1373 | } |
| 1374 | return rt; |
| 1375 | } |
| 1376 | |
| 1377 | #ifdef INET6 |
| 1378 | struct rtentry * |
| 1379 | tcp_rtlookup6(inc) |
| 1380 | struct in_conninfo *inc; |
| 1381 | { |
| 1382 | struct route_in6 *ro6; |
| 1383 | struct rtentry *rt; |
| 1384 | |
| 1385 | ro6 = &inc->inc6_route; |
| 1386 | rt = ro6->ro_rt; |
| 1387 | if (rt == NULL || !(rt->rt_flags & RTF_UP)) { |
| 1388 | /* No route yet, so try to acquire one */ |
| 1389 | if (!IN6_IS_ADDR_UNSPECIFIED(&inc->inc6_faddr)) { |
| 1390 | ro6->ro_dst.sin6_family = AF_INET6; |
| 1391 | ro6->ro_dst.sin6_len = sizeof(struct sockaddr_in6); |
| 1392 | ro6->ro_dst.sin6_addr = inc->inc6_faddr; |
| 1393 | rtalloc((struct route *)ro6); |
| 1394 | rt = ro6->ro_rt; |
| 1395 | } |
| 1396 | } |
| 1397 | return rt; |
| 1398 | } |
| 1399 | #endif /* INET6 */ |
| 1400 | |
| 1401 | #ifdef IPSEC |
| 1402 | /* compute ESP/AH header size for TCP, including outer IP header. */ |
| 1403 | size_t |
| 1404 | ipsec_hdrsiz_tcp(tp) |
| 1405 | struct tcpcb *tp; |
| 1406 | { |
| 1407 | struct inpcb *inp; |
| 1408 | struct mbuf *m; |
| 1409 | size_t hdrsiz; |
| 1410 | struct ip *ip; |
| 1411 | #ifdef INET6 |
| 1412 | struct ip6_hdr *ip6; |
| 1413 | #endif /* INET6 */ |
| 1414 | struct tcphdr *th; |
| 1415 | |
| 1416 | if ((tp == NULL) || ((inp = tp->t_inpcb) == NULL)) |
| 1417 | return 0; |
| 1418 | MGETHDR(m, M_DONTWAIT, MT_DATA); |
| 1419 | if (!m) |
| 1420 | return 0; |
| 1421 | |
| 1422 | #ifdef INET6 |
| 1423 | if ((inp->inp_vflag & INP_IPV6) != 0) { |
| 1424 | ip6 = mtod(m, struct ip6_hdr *); |
| 1425 | th = (struct tcphdr *)(ip6 + 1); |
| 1426 | m->m_pkthdr.len = m->m_len = |
| 1427 | sizeof(struct ip6_hdr) + sizeof(struct tcphdr); |
| 1428 | tcp_fillheaders(tp, ip6, th); |
| 1429 | hdrsiz = ipsec6_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp); |
| 1430 | } else |
| 1431 | #endif /* INET6 */ |
| 1432 | { |
| 1433 | ip = mtod(m, struct ip *); |
| 1434 | th = (struct tcphdr *)(ip + 1); |
| 1435 | m->m_pkthdr.len = m->m_len = sizeof(struct tcpiphdr); |
| 1436 | tcp_fillheaders(tp, ip, th); |
| 1437 | hdrsiz = ipsec4_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp); |
| 1438 | } |
| 1439 | |
| 1440 | m_free(m); |
| 1441 | return hdrsiz; |
| 1442 | } |
| 1443 | #endif /*IPSEC*/ |
| 1444 | |
| 1445 | /* |
| 1446 | * Return a pointer to the cached information about the remote host. |
| 1447 | * The cached information is stored in the protocol specific part of |
| 1448 | * the route metrics. |
| 1449 | */ |
| 1450 | struct rmxp_tao * |
| 1451 | tcp_gettaocache(inc) |
| 1452 | struct in_conninfo *inc; |
| 1453 | { |
| 1454 | struct rtentry *rt; |
| 1455 | |
| 1456 | #ifdef INET6 |
| 1457 | if (inc->inc_isipv6) |
| 1458 | rt = tcp_rtlookup6(inc); |
| 1459 | else |
| 1460 | #endif /* INET6 */ |
| 1461 | rt = tcp_rtlookup(inc); |
| 1462 | |
| 1463 | /* Make sure this is a host route and is up. */ |
| 1464 | if (rt == NULL || |
| 1465 | (rt->rt_flags & (RTF_UP|RTF_HOST)) != (RTF_UP|RTF_HOST)) |
| 1466 | return NULL; |
| 1467 | |
| 1468 | return rmx_taop(rt->rt_rmx); |
| 1469 | } |
| 1470 | |
| 1471 | /* |
| 1472 | * Clear all the TAO cache entries, called from tcp_init. |
| 1473 | * |
| 1474 | * XXX |
| 1475 | * This routine is just an empty one, because we assume that the routing |
| 1476 | * routing tables are initialized at the same time when TCP, so there is |
| 1477 | * nothing in the cache left over. |
| 1478 | */ |
| 1479 | static void |
| 1480 | tcp_cleartaocache() |
| 1481 | { |
| 1482 | } |
| 1483 | |
| 1484 | /* |
| 1485 | * TCP BANDWIDTH DELAY PRODUCT WINDOW LIMITING |
| 1486 | * |
| 1487 | * This code attempts to calculate the bandwidth-delay product as a |
| 1488 | * means of determining the optimal window size to maximize bandwidth, |
| 1489 | * minimize RTT, and avoid the over-allocation of buffers on interfaces and |
| 1490 | * routers. This code also does a fairly good job keeping RTTs in check |
| 1491 | * across slow links like modems. We implement an algorithm which is very |
| 1492 | * similar (but not meant to be) TCP/Vegas. The code operates on the |
| 1493 | * transmitter side of a TCP connection and so only effects the transmit |
| 1494 | * side of the connection. |
| 1495 | * |
| 1496 | * BACKGROUND: TCP makes no provision for the management of buffer space |
| 1497 | * at the end points or at the intermediate routers and switches. A TCP |
| 1498 | * stream, whether using NewReno or not, will eventually buffer as |
| 1499 | * many packets as it is able and the only reason this typically works is |
| 1500 | * due to the fairly small default buffers made available for a connection |
| 1501 | * (typicaly 16K or 32K). As machines use larger windows and/or window |
| 1502 | * scaling it is now fairly easy for even a single TCP connection to blow-out |
| 1503 | * all available buffer space not only on the local interface, but on |
| 1504 | * intermediate routers and switches as well. NewReno makes a misguided |
| 1505 | * attempt to 'solve' this problem by waiting for an actual failure to occur, |
| 1506 | * then backing off, then steadily increasing the window again until another |
| 1507 | * failure occurs, ad-infinitum. This results in terrible oscillation that |
| 1508 | * is only made worse as network loads increase and the idea of intentionally |
| 1509 | * blowing out network buffers is, frankly, a terrible way to manage network |
| 1510 | * resources. |
| 1511 | * |
| 1512 | * It is far better to limit the transmit window prior to the failure |
| 1513 | * condition being achieved. There are two general ways to do this: First |
| 1514 | * you can 'scan' through different transmit window sizes and locate the |
| 1515 | * point where the RTT stops increasing, indicating that you have filled the |
| 1516 | * pipe, then scan backwards until you note that RTT stops decreasing, then |
| 1517 | * repeat ad-infinitum. This method works in principle but has severe |
| 1518 | * implementation issues due to RTT variances, timer granularity, and |
| 1519 | * instability in the algorithm which can lead to many false positives and |
| 1520 | * create oscillations as well as interact badly with other TCP streams |
| 1521 | * implementing the same algorithm. |
| 1522 | * |
| 1523 | * The second method is to limit the window to the bandwidth delay product |
| 1524 | * of the link. This is the method we implement. RTT variances and our |
| 1525 | * own manipulation of the congestion window, bwnd, can potentially |
| 1526 | * destabilize the algorithm. For this reason we have to stabilize the |
| 1527 | * elements used to calculate the window. We do this by using the minimum |
| 1528 | * observed RTT, the long term average of the observed bandwidth, and |
| 1529 | * by adding two segments worth of slop. It isn't perfect but it is able |
| 1530 | * to react to changing conditions and gives us a very stable basis on |
| 1531 | * which to extend the algorithm. |
| 1532 | */ |
| 1533 | void |
| 1534 | tcp_xmit_bandwidth_limit(struct tcpcb *tp, tcp_seq ack_seq) |
| 1535 | { |
| 1536 | u_long bw; |
| 1537 | u_long bwnd; |
| 1538 | int save_ticks; |
| 1539 | |
| 1540 | /* |
| 1541 | * If inflight_enable is disabled in the middle of a tcp connection, |
| 1542 | * make sure snd_bwnd is effectively disabled. |
| 1543 | */ |
| 1544 | if (tcp_inflight_enable == 0) { |
| 1545 | tp->snd_bwnd = TCP_MAXWIN << TCP_MAX_WINSHIFT; |
| 1546 | tp->snd_bandwidth = 0; |
| 1547 | return; |
| 1548 | } |
| 1549 | |
| 1550 | /* |
| 1551 | * Figure out the bandwidth. Due to the tick granularity this |
| 1552 | * is a very rough number and it MUST be averaged over a fairly |
| 1553 | * long period of time. XXX we need to take into account a link |
| 1554 | * that is not using all available bandwidth, but for now our |
| 1555 | * slop will ramp us up if this case occurs and the bandwidth later |
| 1556 | * increases. |
| 1557 | * |
| 1558 | * Note: if ticks rollover 'bw' may wind up negative. We must |
| 1559 | * effectively reset t_bw_rtttime for this case. |
| 1560 | */ |
| 1561 | save_ticks = ticks; |
| 1562 | if ((u_int)(save_ticks - tp->t_bw_rtttime) < 1) |
| 1563 | return; |
| 1564 | |
| 1565 | bw = (int64_t)(ack_seq - tp->t_bw_rtseq) * hz / |
| 1566 | (save_ticks - tp->t_bw_rtttime); |
| 1567 | tp->t_bw_rtttime = save_ticks; |
| 1568 | tp->t_bw_rtseq = ack_seq; |
| 1569 | if (tp->t_bw_rtttime == 0 || (int)bw < 0) |
| 1570 | return; |
| 1571 | bw = ((int64_t)tp->snd_bandwidth * 15 + bw) >> 4; |
| 1572 | |
| 1573 | tp->snd_bandwidth = bw; |
| 1574 | |
| 1575 | /* |
| 1576 | * Calculate the semi-static bandwidth delay product, plus two maximal |
| 1577 | * segments. The additional slop puts us squarely in the sweet |
| 1578 | * spot and also handles the bandwidth run-up case. Without the |
| 1579 | * slop we could be locking ourselves into a lower bandwidth. |
| 1580 | * |
| 1581 | * Situations Handled: |
| 1582 | * (1) Prevents over-queueing of packets on LANs, especially on |
| 1583 | * high speed LANs, allowing larger TCP buffers to be |
| 1584 | * specified, and also does a good job preventing |
| 1585 | * over-queueing of packets over choke points like modems |
| 1586 | * (at least for the transmit side). |
| 1587 | * |
| 1588 | * (2) Is able to handle changing network loads (bandwidth |
| 1589 | * drops so bwnd drops, bandwidth increases so bwnd |
| 1590 | * increases). |
| 1591 | * |
| 1592 | * (3) Theoretically should stabilize in the face of multiple |
| 1593 | * connections implementing the same algorithm (this may need |
| 1594 | * a little work). |
| 1595 | * |
| 1596 | * (4) Stability value (defaults to 20 = 2 maximal packets) can |
| 1597 | * be adjusted with a sysctl but typically only needs to be on |
| 1598 | * very slow connections. A value no smaller then 5 should |
| 1599 | * be used, but only reduce this default if you have no other |
| 1600 | * choice. |
| 1601 | */ |
| 1602 | #define USERTT ((tp->t_srtt + tp->t_rttbest) / 2) |
| 1603 | bwnd = (int64_t)bw * USERTT / (hz << TCP_RTT_SHIFT) + tcp_inflight_stab * (int)tp->t_maxseg / 10; |
| 1604 | #undef USERTT |
| 1605 | |
| 1606 | if (tcp_inflight_debug > 0) { |
| 1607 | static int ltime; |
| 1608 | if ((u_int)(ticks - ltime) >= hz / tcp_inflight_debug) { |
| 1609 | ltime = ticks; |
| 1610 | printf("%p bw %ld rttbest %d srtt %d bwnd %ld\n", |
| 1611 | tp, |
| 1612 | bw, |
| 1613 | tp->t_rttbest, |
| 1614 | tp->t_srtt, |
| 1615 | bwnd |
| 1616 | ); |
| 1617 | } |
| 1618 | } |
| 1619 | if ((long)bwnd < tcp_inflight_min) |
| 1620 | bwnd = tcp_inflight_min; |
| 1621 | if (bwnd > tcp_inflight_max) |
| 1622 | bwnd = tcp_inflight_max; |
| 1623 | if ((long)bwnd < tp->t_maxseg * 2) |
| 1624 | bwnd = tp->t_maxseg * 2; |
| 1625 | tp->snd_bwnd = bwnd; |
| 1626 | } |