Fix a NULL pointer dereference panic that occurs when the TCP protocol
[dragonfly.git] / sys / netinet / tcp_usrreq.c
CommitLineData
984263bc 1/*
66d6c637
JH
2 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved.
3 * Copyright (c) 2003, 2004 The DragonFly Project. All rights reserved.
4 *
5 * This code is derived from software contributed to The DragonFly Project
6 * by Jeffrey M. Hsu.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of The DragonFly Project nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific, prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
30 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34/*
35 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved.
36 *
37 * License terms: all terms for the DragonFly license above plus the following:
38 *
39 * 4. All advertising materials mentioning features or use of this software
40 * must display the following acknowledgement:
41 *
42 * This product includes software developed by Jeffrey M. Hsu
43 * for the DragonFly Project.
44 *
45 * This requirement may be waived with permission from Jeffrey Hsu.
46 * This requirement will sunset and may be removed on July 8 2005,
47 * after which the standard DragonFly license (as shown above) will
48 * apply.
49 */
50
51/*
984263bc
MD
52 * Copyright (c) 1982, 1986, 1988, 1993
53 * The Regents of the University of California. All rights reserved.
54 *
55 * Redistribution and use in source and binary forms, with or without
56 * modification, are permitted provided that the following conditions
57 * are met:
58 * 1. Redistributions of source code must retain the above copyright
59 * notice, this list of conditions and the following disclaimer.
60 * 2. Redistributions in binary form must reproduce the above copyright
61 * notice, this list of conditions and the following disclaimer in the
62 * documentation and/or other materials provided with the distribution.
63 * 3. All advertising materials mentioning features or use of this software
64 * must display the following acknowledgement:
65 * This product includes software developed by the University of
66 * California, Berkeley and its contributors.
67 * 4. Neither the name of the University nor the names of its contributors
68 * may be used to endorse or promote products derived from this software
69 * without specific prior written permission.
70 *
71 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
72 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
73 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
74 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
75 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
76 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
77 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
78 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
79 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
80 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
81 * SUCH DAMAGE.
82 *
83 * From: @(#)tcp_usrreq.c 8.2 (Berkeley) 1/3/94
84 * $FreeBSD: src/sys/netinet/tcp_usrreq.c,v 1.51.2.17 2002/10/11 11:46:44 ume Exp $
621989fd 85 * $DragonFly: src/sys/netinet/tcp_usrreq.c,v 1.27 2004/10/27 03:43:47 dillon Exp $
984263bc
MD
86 */
87
88#include "opt_ipsec.h"
89#include "opt_inet6.h"
90#include "opt_tcpdebug.h"
91
92#include <sys/param.h>
93#include <sys/systm.h>
94#include <sys/kernel.h>
7fe56515 95#include <sys/malloc.h>
984263bc 96#include <sys/sysctl.h>
d371a63a
JH
97#include <sys/globaldata.h>
98#include <sys/thread.h>
99
984263bc
MD
100#include <sys/mbuf.h>
101#ifdef INET6
102#include <sys/domain.h>
103#endif /* INET6 */
104#include <sys/socket.h>
105#include <sys/socketvar.h>
106#include <sys/protosw.h>
107
7fe56515
JH
108#include <sys/msgport2.h>
109
984263bc 110#include <net/if.h>
7fe56515 111#include <net/netisr.h>
984263bc
MD
112#include <net/route.h>
113
114#include <netinet/in.h>
115#include <netinet/in_systm.h>
116#ifdef INET6
117#include <netinet/ip6.h>
118#endif
119#include <netinet/in_pcb.h>
120#ifdef INET6
121#include <netinet6/in6_pcb.h>
122#endif
123#include <netinet/in_var.h>
124#include <netinet/ip_var.h>
125#ifdef INET6
126#include <netinet6/ip6_var.h>
127#endif
128#include <netinet/tcp.h>
129#include <netinet/tcp_fsm.h>
130#include <netinet/tcp_seq.h>
131#include <netinet/tcp_timer.h>
132#include <netinet/tcp_var.h>
133#include <netinet/tcpip.h>
134#ifdef TCPDEBUG
135#include <netinet/tcp_debug.h>
136#endif
137
138#ifdef IPSEC
139#include <netinet6/ipsec.h>
140#endif /*IPSEC*/
141
142/*
143 * TCP protocol interface to socket abstraction.
144 */
145extern char *tcpstates[]; /* XXX ??? */
146
e4700d00 147static int tcp_attach (struct socket *, struct pru_attach_info *);
42a7fc75
RG
148static int tcp_connect (struct tcpcb *, struct sockaddr *,
149 struct thread *);
984263bc 150#ifdef INET6
42a7fc75
RG
151static int tcp6_connect (struct tcpcb *, struct sockaddr *,
152 struct thread *);
984263bc
MD
153#endif /* INET6 */
154static struct tcpcb *
42a7fc75 155 tcp_disconnect (struct tcpcb *);
984263bc 156static struct tcpcb *
42a7fc75 157 tcp_usrclosed (struct tcpcb *);
984263bc
MD
158
159#ifdef TCPDEBUG
160#define TCPDEBUG0 int ostate = 0
161#define TCPDEBUG1() ostate = tp ? tp->t_state : 0
162#define TCPDEBUG2(req) if (tp && (so->so_options & SO_DEBUG)) \
163 tcp_trace(TA_USER, ostate, tp, 0, 0, req)
164#else
165#define TCPDEBUG0
166#define TCPDEBUG1()
167#define TCPDEBUG2(req)
168#endif
169
170/*
171 * TCP attaches to socket via pru_attach(), reserving space,
172 * and an internet control block.
173 */
174static int
e4700d00 175tcp_usr_attach(struct socket *so, int proto, struct pru_attach_info *ai)
984263bc
MD
176{
177 int s = splnet();
178 int error;
179 struct inpcb *inp = sotoinpcb(so);
180 struct tcpcb *tp = 0;
181 TCPDEBUG0;
182
183 TCPDEBUG1();
184 if (inp) {
185 error = EISCONN;
186 goto out;
187 }
188
e4700d00 189 error = tcp_attach(so, ai);
984263bc
MD
190 if (error)
191 goto out;
192
193 if ((so->so_options & SO_LINGER) && so->so_linger == 0)
194 so->so_linger = TCP_LINGERTIME;
195 tp = sototcpcb(so);
196out:
197 TCPDEBUG2(PRU_ATTACH);
198 splx(s);
199 return error;
200}
201
202/*
203 * pru_detach() detaches the TCP protocol from the socket.
204 * If the protocol state is non-embryonic, then can't
205 * do this directly: have to initiate a pru_disconnect(),
206 * which may finish later; embryonic TCB's can just
207 * be discarded here.
208 */
209static int
210tcp_usr_detach(struct socket *so)
211{
212 int s = splnet();
213 int error = 0;
214 struct inpcb *inp = sotoinpcb(so);
215 struct tcpcb *tp;
216 TCPDEBUG0;
217
621989fd 218 if (inp == NULL) {
984263bc
MD
219 splx(s);
220 return EINVAL; /* XXX */
221 }
984263bc 222
621989fd
MD
223 /*
224 * It's possible for the tcpcb (tp) to disconnect from the inp due
225 * to tcp_drop()->tcp_close() being called. This may occur *after*
226 * the detach message has been queued so we may find a NULL tp here.
227 */
228 if ((tp = intotcpcb(inp)) != NULL) {
229 TCPDEBUG1();
230 tp = tcp_disconnect(tp);
231 TCPDEBUG2(PRU_DETACH);
232 }
984263bc
MD
233 splx(s);
234 return error;
235}
236
237#define COMMON_START() TCPDEBUG0; \
238 do { \
239 if (inp == 0) { \
240 splx(s); \
241 return EINVAL; \
242 } \
243 tp = intotcpcb(inp); \
244 TCPDEBUG1(); \
245 } while(0)
246
247#define COMMON_END(req) out: TCPDEBUG2(req); splx(s); return error; goto out
248
249
250/*
251 * Give the socket an address.
252 */
253static int
dadab5e9 254tcp_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
984263bc
MD
255{
256 int s = splnet();
257 int error = 0;
258 struct inpcb *inp = sotoinpcb(so);
259 struct tcpcb *tp;
260 struct sockaddr_in *sinp;
261
262 COMMON_START();
263
264 /*
265 * Must check for multicast addresses and disallow binding
266 * to them.
267 */
268 sinp = (struct sockaddr_in *)nam;
269 if (sinp->sin_family == AF_INET &&
270 IN_MULTICAST(ntohl(sinp->sin_addr.s_addr))) {
271 error = EAFNOSUPPORT;
272 goto out;
273 }
dadab5e9 274 error = in_pcbbind(inp, nam, td);
984263bc
MD
275 if (error)
276 goto out;
277 COMMON_END(PRU_BIND);
278
279}
280
281#ifdef INET6
282static int
dadab5e9 283tcp6_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
984263bc
MD
284{
285 int s = splnet();
286 int error = 0;
287 struct inpcb *inp = sotoinpcb(so);
288 struct tcpcb *tp;
289 struct sockaddr_in6 *sin6p;
290
291 COMMON_START();
292
293 /*
294 * Must check for multicast addresses and disallow binding
295 * to them.
296 */
297 sin6p = (struct sockaddr_in6 *)nam;
298 if (sin6p->sin6_family == AF_INET6 &&
299 IN6_IS_ADDR_MULTICAST(&sin6p->sin6_addr)) {
300 error = EAFNOSUPPORT;
301 goto out;
302 }
303 inp->inp_vflag &= ~INP_IPV4;
304 inp->inp_vflag |= INP_IPV6;
305 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) {
306 if (IN6_IS_ADDR_UNSPECIFIED(&sin6p->sin6_addr))
307 inp->inp_vflag |= INP_IPV4;
308 else if (IN6_IS_ADDR_V4MAPPED(&sin6p->sin6_addr)) {
309 struct sockaddr_in sin;
310
311 in6_sin6_2_sin(&sin, sin6p);
312 inp->inp_vflag |= INP_IPV4;
313 inp->inp_vflag &= ~INP_IPV6;
dadab5e9 314 error = in_pcbbind(inp, (struct sockaddr *)&sin, td);
984263bc
MD
315 goto out;
316 }
317 }
dadab5e9 318 error = in6_pcbbind(inp, nam, td);
984263bc
MD
319 if (error)
320 goto out;
321 COMMON_END(PRU_BIND);
322}
323#endif /* INET6 */
324
8affadf8
JH
325#ifdef SMP
326struct netmsg_inswildcard {
327 struct lwkt_msg nm_lmsg;
328 struct inpcb *nm_inp;
329 struct inpcbinfo *nm_pcbinfo;
330};
331
332static int
333in_pcbinswildcardhash_handler(struct lwkt_msg *msg0)
334{
335 struct netmsg_inswildcard *msg = (struct netmsg_inswildcard *)msg0;
336
337 in_pcbinswildcardhash_oncpu(msg->nm_inp, msg->nm_pcbinfo);
338 lwkt_replymsg(&msg->nm_lmsg, 0);
339 return (EASYNC);
340}
341#endif
342
984263bc
MD
343/*
344 * Prepare to accept connections.
345 */
346static int
dadab5e9 347tcp_usr_listen(struct socket *so, struct thread *td)
984263bc
MD
348{
349 int s = splnet();
350 int error = 0;
351 struct inpcb *inp = sotoinpcb(so);
352 struct tcpcb *tp;
8affadf8
JH
353#ifdef SMP
354 int cpu;
355#endif
984263bc
MD
356
357 COMMON_START();
8affadf8
JH
358 if (inp->inp_lport == 0) {
359 error = in_pcbbind(inp, NULL, td);
360 if (error != 0)
361 goto out;
362 }
363
364 tp->t_state = TCPS_LISTEN;
365#ifdef SMP
eb594563
MD
366 /*
367 * We have to set the flag because we can't have other cpus messing
368 * with our inp's flags.
369 */
370 inp->inp_flags |= INP_WILDCARD_MP;
8affadf8
JH
371 for (cpu = 0; cpu < ncpus2; cpu++) {
372 struct netmsg_inswildcard *msg;
373
374 if (cpu == mycpu->gd_cpuid) {
375 in_pcbinswildcardhash_oncpu(inp, &tcbinfo[cpu]);
376 continue;
377 }
378
379 msg = malloc(sizeof(struct netmsg_inswildcard), M_LWKTMSG,
380 M_INTWAIT);
381 lwkt_initmsg(&msg->nm_lmsg, &netisr_afree_rport, 0,
382 lwkt_cmd_func(in_pcbinswildcardhash_handler),
383 lwkt_cmd_op_none);
384 msg->nm_inp = inp;
385 msg->nm_pcbinfo = &tcbinfo[cpu];
386 lwkt_sendmsg(tcp_cport(cpu), &msg->nm_lmsg);
e61cbecc 387 }
8affadf8
JH
388#else
389 in_pcbinswildcardhash(inp);
390#endif
984263bc
MD
391 COMMON_END(PRU_LISTEN);
392}
393
394#ifdef INET6
395static int
dadab5e9 396tcp6_usr_listen(struct socket *so, struct thread *td)
984263bc
MD
397{
398 int s = splnet();
399 int error = 0;
400 struct inpcb *inp = sotoinpcb(so);
401 struct tcpcb *tp;
402
403 COMMON_START();
404 if (inp->inp_lport == 0) {
405 inp->inp_vflag &= ~INP_IPV4;
406 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) == 0)
407 inp->inp_vflag |= INP_IPV4;
dadab5e9 408 error = in6_pcbbind(inp, (struct sockaddr *)0, td);
984263bc
MD
409 }
410 if (error == 0)
411 tp->t_state = TCPS_LISTEN;
0ca5e441 412 in_pcbinswildcardhash(inp);
984263bc
MD
413 COMMON_END(PRU_LISTEN);
414}
415#endif /* INET6 */
416
417/*
418 * Initiate connection to peer.
419 * Create a template for use in transmissions on this connection.
420 * Enter SYN_SENT state, and mark socket as connecting.
421 * Start keep-alive timer, and seed output sequence space.
422 * Send initial segment on connection.
423 */
424static int
dadab5e9 425tcp_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
984263bc
MD
426{
427 int s = splnet();
428 int error = 0;
429 struct inpcb *inp = sotoinpcb(so);
430 struct tcpcb *tp;
431 struct sockaddr_in *sinp;
432
433 COMMON_START();
434
435 /*
436 * Must disallow TCP ``connections'' to multicast addresses.
437 */
438 sinp = (struct sockaddr_in *)nam;
439 if (sinp->sin_family == AF_INET
440 && IN_MULTICAST(ntohl(sinp->sin_addr.s_addr))) {
441 error = EAFNOSUPPORT;
442 goto out;
443 }
444
dadab5e9 445 prison_remote_ip(td, 0, &sinp->sin_addr.s_addr);
984263bc 446
dadab5e9 447 if ((error = tcp_connect(tp, nam, td)) != 0)
984263bc
MD
448 goto out;
449 error = tcp_output(tp);
450 COMMON_END(PRU_CONNECT);
451}
452
453#ifdef INET6
454static int
dadab5e9 455tcp6_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
984263bc
MD
456{
457 int s = splnet();
458 int error = 0;
459 struct inpcb *inp = sotoinpcb(so);
460 struct tcpcb *tp;
461 struct sockaddr_in6 *sin6p;
462
463 COMMON_START();
464
465 /*
466 * Must disallow TCP ``connections'' to multicast addresses.
467 */
468 sin6p = (struct sockaddr_in6 *)nam;
469 if (sin6p->sin6_family == AF_INET6
470 && IN6_IS_ADDR_MULTICAST(&sin6p->sin6_addr)) {
471 error = EAFNOSUPPORT;
472 goto out;
473 }
474
475 if (IN6_IS_ADDR_V4MAPPED(&sin6p->sin6_addr)) {
476 struct sockaddr_in sin;
477
478 if ((inp->inp_flags & IN6P_IPV6_V6ONLY) != 0) {
479 error = EINVAL;
480 goto out;
481 }
482
483 in6_sin6_2_sin(&sin, sin6p);
484 inp->inp_vflag |= INP_IPV4;
485 inp->inp_vflag &= ~INP_IPV6;
dadab5e9 486 if ((error = tcp_connect(tp, (struct sockaddr *)&sin, td)) != 0)
984263bc
MD
487 goto out;
488 error = tcp_output(tp);
489 goto out;
490 }
491 inp->inp_vflag &= ~INP_IPV4;
492 inp->inp_vflag |= INP_IPV6;
493 inp->inp_inc.inc_isipv6 = 1;
dadab5e9 494 if ((error = tcp6_connect(tp, nam, td)) != 0)
984263bc
MD
495 goto out;
496 error = tcp_output(tp);
497 COMMON_END(PRU_CONNECT);
498}
499#endif /* INET6 */
500
501/*
502 * Initiate disconnect from peer.
503 * If connection never passed embryonic stage, just drop;
504 * else if don't need to let data drain, then can just drop anyways,
505 * else have to begin TCP shutdown process: mark socket disconnecting,
506 * drain unread data, state switch to reflect user close, and
507 * send segment (e.g. FIN) to peer. Socket will be really disconnected
508 * when peer sends FIN and acks ours.
509 *
510 * SHOULD IMPLEMENT LATER PRU_CONNECT VIA REALLOC TCPCB.
511 */
512static int
513tcp_usr_disconnect(struct socket *so)
514{
515 int s = splnet();
516 int error = 0;
517 struct inpcb *inp = sotoinpcb(so);
518 struct tcpcb *tp;
519
520 COMMON_START();
521 tp = tcp_disconnect(tp);
522 COMMON_END(PRU_DISCONNECT);
523}
524
525/*
526 * Accept a connection. Essentially all the work is
527 * done at higher levels; just return the address
528 * of the peer, storing through addr.
529 */
530static int
531tcp_usr_accept(struct socket *so, struct sockaddr **nam)
532{
533 int s = splnet();
534 int error = 0;
535 struct inpcb *inp = sotoinpcb(so);
536 struct tcpcb *tp = NULL;
537 TCPDEBUG0;
538
539 if (so->so_state & SS_ISDISCONNECTED) {
540 error = ECONNABORTED;
541 goto out;
542 }
543 if (inp == 0) {
544 splx(s);
545 return (EINVAL);
546 }
547 tp = intotcpcb(inp);
548 TCPDEBUG1();
549 in_setpeeraddr(so, nam);
550 COMMON_END(PRU_ACCEPT);
551}
552
553#ifdef INET6
554static int
555tcp6_usr_accept(struct socket *so, struct sockaddr **nam)
556{
557 int s = splnet();
558 int error = 0;
559 struct inpcb *inp = sotoinpcb(so);
560 struct tcpcb *tp = NULL;
561 TCPDEBUG0;
562
563 if (so->so_state & SS_ISDISCONNECTED) {
564 error = ECONNABORTED;
565 goto out;
566 }
567 if (inp == 0) {
568 splx(s);
569 return (EINVAL);
570 }
571 tp = intotcpcb(inp);
572 TCPDEBUG1();
573 in6_mapped_peeraddr(so, nam);
574 COMMON_END(PRU_ACCEPT);
575}
576#endif /* INET6 */
577/*
578 * Mark the connection as being incapable of further output.
579 */
580static int
581tcp_usr_shutdown(struct socket *so)
582{
583 int s = splnet();
584 int error = 0;
585 struct inpcb *inp = sotoinpcb(so);
586 struct tcpcb *tp;
587
588 COMMON_START();
589 socantsendmore(so);
590 tp = tcp_usrclosed(tp);
591 if (tp)
592 error = tcp_output(tp);
593 COMMON_END(PRU_SHUTDOWN);
594}
595
596/*
597 * After a receive, possibly send window update to peer.
598 */
599static int
600tcp_usr_rcvd(struct socket *so, int flags)
601{
602 int s = splnet();
603 int error = 0;
604 struct inpcb *inp = sotoinpcb(so);
605 struct tcpcb *tp;
606
607 COMMON_START();
608 tcp_output(tp);
609 COMMON_END(PRU_RCVD);
610}
611
612/*
613 * Do a send by putting data in output queue and updating urgent
614 * marker if URG set. Possibly send more data. Unlike the other
615 * pru_*() routines, the mbuf chains are our responsibility. We
616 * must either enqueue them or free them. The other pru_* routines
617 * generally are caller-frees.
618 */
619static int
620tcp_usr_send(struct socket *so, int flags, struct mbuf *m,
dadab5e9 621 struct sockaddr *nam, struct mbuf *control, struct thread *td)
984263bc
MD
622{
623 int s = splnet();
624 int error = 0;
625 struct inpcb *inp = sotoinpcb(so);
626 struct tcpcb *tp;
627#ifdef INET6
628 int isipv6;
629#endif
630 TCPDEBUG0;
631
632 if (inp == NULL) {
633 /*
634 * OOPS! we lost a race, the TCP session got reset after
635 * we checked SS_CANTSENDMORE, eg: while doing uiomove or a
636 * network interrupt in the non-splnet() section of sosend().
637 */
638 if (m)
639 m_freem(m);
640 if (control)
641 m_freem(control);
642 error = ECONNRESET; /* XXX EPIPE? */
643 tp = NULL;
644 TCPDEBUG1();
645 goto out;
646 }
647#ifdef INET6
648 isipv6 = nam && nam->sa_family == AF_INET6;
649#endif /* INET6 */
650 tp = intotcpcb(inp);
651 TCPDEBUG1();
652 if (control) {
653 /* TCP doesn't do control messages (rights, creds, etc) */
654 if (control->m_len) {
655 m_freem(control);
656 if (m)
657 m_freem(m);
658 error = EINVAL;
659 goto out;
660 }
661 m_freem(control); /* empty control, just free it */
662 }
663 if(!(flags & PRUS_OOB)) {
664 sbappend(&so->so_snd, m);
665 if (nam && tp->t_state < TCPS_SYN_SENT) {
666 /*
667 * Do implied connect if not yet connected,
668 * initialize window to default value, and
669 * initialize maxseg/maxopd using peer's cached
670 * MSS.
671 */
672#ifdef INET6
673 if (isipv6)
dadab5e9 674 error = tcp6_connect(tp, nam, td);
984263bc
MD
675 else
676#endif /* INET6 */
dadab5e9 677 error = tcp_connect(tp, nam, td);
984263bc
MD
678 if (error)
679 goto out;
680 tp->snd_wnd = TTCP_CLIENT_SND_WND;
681 tcp_mss(tp, -1);
682 }
683
684 if (flags & PRUS_EOF) {
685 /*
686 * Close the send side of the connection after
687 * the data is sent.
688 */
689 socantsendmore(so);
690 tp = tcp_usrclosed(tp);
691 }
692 if (tp != NULL) {
693 if (flags & PRUS_MORETOCOME)
694 tp->t_flags |= TF_MORETOCOME;
695 error = tcp_output(tp);
696 if (flags & PRUS_MORETOCOME)
697 tp->t_flags &= ~TF_MORETOCOME;
698 }
699 } else {
700 if (sbspace(&so->so_snd) < -512) {
701 m_freem(m);
702 error = ENOBUFS;
703 goto out;
704 }
705 /*
706 * According to RFC961 (Assigned Protocols),
707 * the urgent pointer points to the last octet
708 * of urgent data. We continue, however,
709 * to consider it to indicate the first octet
710 * of data past the urgent section.
711 * Otherwise, snd_up should be one lower.
712 */
713 sbappend(&so->so_snd, m);
714 if (nam && tp->t_state < TCPS_SYN_SENT) {
715 /*
716 * Do implied connect if not yet connected,
717 * initialize window to default value, and
718 * initialize maxseg/maxopd using peer's cached
719 * MSS.
720 */
721#ifdef INET6
722 if (isipv6)
dadab5e9 723 error = tcp6_connect(tp, nam, td);
984263bc
MD
724 else
725#endif /* INET6 */
dadab5e9 726 error = tcp_connect(tp, nam, td);
984263bc
MD
727 if (error)
728 goto out;
729 tp->snd_wnd = TTCP_CLIENT_SND_WND;
730 tcp_mss(tp, -1);
731 }
732 tp->snd_up = tp->snd_una + so->so_snd.sb_cc;
c1d3b892 733 tp->t_flags |= TF_FORCE;
984263bc 734 error = tcp_output(tp);
c1d3b892 735 tp->t_flags &= ~TF_FORCE;
984263bc
MD
736 }
737 COMMON_END((flags & PRUS_OOB) ? PRU_SENDOOB :
738 ((flags & PRUS_EOF) ? PRU_SEND_EOF : PRU_SEND));
739}
740
741/*
742 * Abort the TCP.
743 */
744static int
745tcp_usr_abort(struct socket *so)
746{
747 int s = splnet();
748 int error = 0;
749 struct inpcb *inp = sotoinpcb(so);
750 struct tcpcb *tp;
751
752 COMMON_START();
753 tp = tcp_drop(tp, ECONNABORTED);
754 COMMON_END(PRU_ABORT);
755}
756
757/*
758 * Receive out-of-band data.
759 */
760static int
761tcp_usr_rcvoob(struct socket *so, struct mbuf *m, int flags)
762{
763 int s = splnet();
764 int error = 0;
765 struct inpcb *inp = sotoinpcb(so);
766 struct tcpcb *tp;
767
768 COMMON_START();
769 if ((so->so_oobmark == 0 &&
770 (so->so_state & SS_RCVATMARK) == 0) ||
771 so->so_options & SO_OOBINLINE ||
772 tp->t_oobflags & TCPOOB_HADDATA) {
773 error = EINVAL;
774 goto out;
775 }
776 if ((tp->t_oobflags & TCPOOB_HAVEDATA) == 0) {
777 error = EWOULDBLOCK;
778 goto out;
779 }
780 m->m_len = 1;
781 *mtod(m, caddr_t) = tp->t_iobc;
782 if ((flags & MSG_PEEK) == 0)
783 tp->t_oobflags ^= (TCPOOB_HAVEDATA | TCPOOB_HADDATA);
784 COMMON_END(PRU_RCVOOB);
785}
786
787/* xxx - should be const */
788struct pr_usrreqs tcp_usrreqs = {
789 tcp_usr_abort, tcp_usr_accept, tcp_usr_attach, tcp_usr_bind,
790 tcp_usr_connect, pru_connect2_notsupp, in_control, tcp_usr_detach,
791 tcp_usr_disconnect, tcp_usr_listen, in_setpeeraddr, tcp_usr_rcvd,
792 tcp_usr_rcvoob, tcp_usr_send, pru_sense_null, tcp_usr_shutdown,
793 in_setsockaddr, sosend, soreceive, sopoll
794};
795
796#ifdef INET6
797struct pr_usrreqs tcp6_usrreqs = {
798 tcp_usr_abort, tcp6_usr_accept, tcp_usr_attach, tcp6_usr_bind,
799 tcp6_usr_connect, pru_connect2_notsupp, in6_control, tcp_usr_detach,
800 tcp_usr_disconnect, tcp6_usr_listen, in6_mapped_peeraddr, tcp_usr_rcvd,
801 tcp_usr_rcvoob, tcp_usr_send, pru_sense_null, tcp_usr_shutdown,
802 in6_mapped_sockaddr, sosend, soreceive, sopoll
803};
804#endif /* INET6 */
805
984263bc 806static int
7fe56515
JH
807tcp_connect_oncpu(struct tcpcb *tp, struct sockaddr_in *sin,
808 struct sockaddr_in *if_sin)
984263bc
MD
809{
810 struct inpcb *inp = tp->t_inpcb, *oinp;
811 struct socket *so = inp->inp_socket;
812 struct tcpcb *otp;
984263bc
MD
813 struct rmxp_tao *taop;
814 struct rmxp_tao tao_noncached;
984263bc 815
7fe56515 816 oinp = in_pcblookup_hash(&tcbinfo[mycpu->gd_cpuid],
984263bc 817 sin->sin_addr, sin->sin_port,
13d8907a
JH
818 inp->inp_laddr.s_addr != INADDR_ANY ?
819 inp->inp_laddr : if_sin->sin_addr,
7fe56515 820 inp->inp_lport, 0, NULL);
13d8907a 821 if (oinp != NULL) {
984263bc 822 if (oinp != inp && (otp = intotcpcb(oinp)) != NULL &&
13d8907a 823 otp->t_state == TCPS_TIME_WAIT &&
984263bc
MD
824 (ticks - otp->t_starttime) < tcp_msl &&
825 (otp->t_flags & TF_RCVD_CC))
13d8907a 826 (void) tcp_close(otp);
984263bc 827 else
13d8907a 828 return (EADDRINUSE);
984263bc
MD
829 }
830 if (inp->inp_laddr.s_addr == INADDR_ANY)
13d8907a 831 inp->inp_laddr = if_sin->sin_addr;
984263bc
MD
832 inp->inp_faddr = sin->sin_addr;
833 inp->inp_fport = sin->sin_port;
7fe56515 834 inp->inp_cpcbinfo = &tcbinfo[mycpu->gd_cpuid];
13d8907a 835 in_pcbinsconnhash(inp);
984263bc
MD
836
837 /* Compute window scaling to request. */
838 while (tp->request_r_scale < TCP_MAX_WINSHIFT &&
839 (TCP_MAXWIN << tp->request_r_scale) < so->so_rcv.sb_hiwat)
840 tp->request_r_scale++;
841
842 soisconnecting(so);
843 tcpstat.tcps_connattempt++;
844 tp->t_state = TCPS_SYN_SENT;
845 callout_reset(tp->tt_keep, tcp_keepinit, tcp_timer_keep, tp);
846 tp->iss = tcp_new_isn(tp);
847 tp->t_bw_rtseq = tp->iss;
848 tcp_sendseqinit(tp);
849
850 /*
851 * Generate a CC value for this connection and
852 * check whether CC or CCnew should be used.
853 */
854 if ((taop = tcp_gettaocache(&tp->t_inpcb->inp_inc)) == NULL) {
855 taop = &tao_noncached;
856 bzero(taop, sizeof(*taop));
857 }
858
859 tp->cc_send = CC_INC(tcp_ccgen);
860 if (taop->tao_ccsent != 0 &&
861 CC_GEQ(tp->cc_send, taop->tao_ccsent)) {
862 taop->tao_ccsent = tp->cc_send;
863 } else {
864 taop->tao_ccsent = 0;
865 tp->t_flags |= TF_SENDCCNEW;
866 }
867
13d8907a 868 return (0);
984263bc
MD
869}
870
540a0bf0
JH
871#ifdef SMP
872
873struct netmsg_tcp_connect {
874 struct lwkt_msg nm_lmsg;
875 struct tcpcb *nm_tp;
876 struct sockaddr_in *nm_sin;
877 struct sockaddr_in *nm_ifsin;
878};
b44419cb
MD
879
880static int
881tcp_connect_handler(lwkt_msg_t lmsg)
7fe56515 882{
b44419cb 883 struct netmsg_tcp_connect *msg = (void *)lmsg;
7fe56515
JH
884 int error;
885
886 error = tcp_connect_oncpu(msg->nm_tp, msg->nm_sin, msg->nm_ifsin);
b44419cb
MD
887 lwkt_replymsg(lmsg, error);
888 return(EASYNC);
7fe56515
JH
889}
890
b44419cb
MD
891#endif
892
7fe56515
JH
893/*
894 * Common subroutine to open a TCP connection to remote host specified
895 * by struct sockaddr_in in mbuf *nam. Call in_pcbbind to assign a local
896 * port number if needed. Call in_pcbladdr to do the routing and to choose
897 * a local host address (interface). If there is an existing incarnation
898 * of the same connection in TIME-WAIT state and if the remote host was
899 * sending CC options and if the connection duration was < MSL, then
900 * truncate the previous TIME-WAIT state and proceed.
901 * Initialize connection parameters and enter SYN-SENT state.
902 */
903static int
904tcp_connect(struct tcpcb *tp, struct sockaddr *nam, struct thread *td)
905{
906 struct inpcb *inp = tp->t_inpcb;
907 struct sockaddr_in *sin = (struct sockaddr_in *)nam;
908 struct sockaddr_in *if_sin;
909 int error;
540a0bf0 910#ifdef SMP
7fe56515
JH
911 lwkt_port_t port;
912#endif
913
914 if (inp->inp_lport == 0) {
915 error = in_pcbbind(inp, (struct sockaddr *)NULL, td);
916 if (error)
917 return (error);
7fe56515
JH
918 }
919
920 /*
921 * Cannot simply call in_pcbconnect, because there might be an
922 * earlier incarnation of this same connection still in
923 * TIME_WAIT state, creating an ADDRINUSE error.
924 */
925 error = in_pcbladdr(inp, nam, &if_sin);
926 if (error)
927 return (error);
928
540a0bf0 929#ifdef SMP
7fe56515
JH
930 port = tcp_addrport(sin->sin_addr.s_addr, sin->sin_port,
931 inp->inp_laddr.s_addr ?
932 inp->inp_laddr.s_addr : if_sin->sin_addr.s_addr,
933 inp->inp_lport);
934
935 if (port->mp_td != curthread) {
540a0bf0
JH
936 struct netmsg_tcp_connect msg;
937
938 lwkt_initmsg(&msg.nm_lmsg, &curthread->td_msgport, 0,
939 lwkt_cmd_func(tcp_connect_handler), lwkt_cmd_op_none);
940 msg.nm_tp = tp;
941 msg.nm_sin = sin;
942 msg.nm_ifsin = if_sin;
943 error = lwkt_domsg(port, &msg.nm_lmsg);
7fe56515
JH
944 } else
945#endif
946 error = tcp_connect_oncpu(tp, sin, if_sin);
947
948 return (error);
949}
950
984263bc
MD
951#ifdef INET6
952static int
dadab5e9 953tcp6_connect(struct tcpcb *tp, struct sockaddr *nam, struct thread *td)
984263bc
MD
954{
955 struct inpcb *inp = tp->t_inpcb, *oinp;
956 struct socket *so = inp->inp_socket;
957 struct tcpcb *otp;
958 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)nam;
959 struct in6_addr *addr6;
960 struct rmxp_tao *taop;
961 struct rmxp_tao tao_noncached;
962 int error;
963
964 if (inp->inp_lport == 0) {
dadab5e9 965 error = in6_pcbbind(inp, (struct sockaddr *)0, td);
984263bc
MD
966 if (error)
967 return error;
968 }
969
970 /*
971 * Cannot simply call in_pcbconnect, because there might be an
972 * earlier incarnation of this same connection still in
973 * TIME_WAIT state, creating an ADDRINUSE error.
974 */
975 error = in6_pcbladdr(inp, nam, &addr6);
976 if (error)
977 return error;
7fe56515 978 oinp = in6_pcblookup_hash(inp->inp_cpcbinfo,
984263bc 979 &sin6->sin6_addr, sin6->sin6_port,
13d8907a
JH
980 IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) ?
981 addr6 : &inp->in6p_laddr,
984263bc
MD
982 inp->inp_lport, 0, NULL);
983 if (oinp) {
984 if (oinp != inp && (otp = intotcpcb(oinp)) != NULL &&
985 otp->t_state == TCPS_TIME_WAIT &&
986 (ticks - otp->t_starttime) < tcp_msl &&
987 (otp->t_flags & TF_RCVD_CC))
988 otp = tcp_close(otp);
989 else
13d8907a 990 return (EADDRINUSE);
984263bc
MD
991 }
992 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr))
993 inp->in6p_laddr = *addr6;
994 inp->in6p_faddr = sin6->sin6_addr;
995 inp->inp_fport = sin6->sin6_port;
996 if ((sin6->sin6_flowinfo & IPV6_FLOWINFO_MASK) != NULL)
997 inp->in6p_flowinfo = sin6->sin6_flowinfo;
13d8907a 998 in_pcbinsconnhash(inp);
984263bc
MD
999
1000 /* Compute window scaling to request. */
1001 while (tp->request_r_scale < TCP_MAX_WINSHIFT &&
1002 (TCP_MAXWIN << tp->request_r_scale) < so->so_rcv.sb_hiwat)
1003 tp->request_r_scale++;
1004
1005 soisconnecting(so);
1006 tcpstat.tcps_connattempt++;
1007 tp->t_state = TCPS_SYN_SENT;
1008 callout_reset(tp->tt_keep, tcp_keepinit, tcp_timer_keep, tp);
1009 tp->iss = tcp_new_isn(tp);
1010 tp->t_bw_rtseq = tp->iss;
1011 tcp_sendseqinit(tp);
1012
1013 /*
1014 * Generate a CC value for this connection and
1015 * check whether CC or CCnew should be used.
1016 */
1017 if ((taop = tcp_gettaocache(&tp->t_inpcb->inp_inc)) == NULL) {
1018 taop = &tao_noncached;
1019 bzero(taop, sizeof(*taop));
1020 }
1021
1022 tp->cc_send = CC_INC(tcp_ccgen);
1023 if (taop->tao_ccsent != 0 &&
1024 CC_GEQ(tp->cc_send, taop->tao_ccsent)) {
1025 taop->tao_ccsent = tp->cc_send;
1026 } else {
1027 taop->tao_ccsent = 0;
1028 tp->t_flags |= TF_SENDCCNEW;
1029 }
1030
13d8907a 1031 return (0);
984263bc
MD
1032}
1033#endif /* INET6 */
1034
1035/*
1036 * The new sockopt interface makes it possible for us to block in the
1037 * copyin/out step (if we take a page fault). Taking a page fault at
1038 * splnet() is probably a Bad Thing. (Since sockets and pcbs both now
1039 * use TSM, there probably isn't any need for this function to run at
1040 * splnet() any more. This needs more examination.)
1041 */
1042int
1043tcp_ctloutput(so, sopt)
1044 struct socket *so;
1045 struct sockopt *sopt;
1046{
1047 int error, opt, optval, s;
1048 struct inpcb *inp;
1049 struct tcpcb *tp;
1050
1051 error = 0;
1052 s = splnet(); /* XXX */
1053 inp = sotoinpcb(so);
1054 if (inp == NULL) {
1055 splx(s);
1056 return (ECONNRESET);
1057 }
1058 if (sopt->sopt_level != IPPROTO_TCP) {
1059#ifdef INET6
1060 if (INP_CHECK_SOCKAF(so, AF_INET6))
1061 error = ip6_ctloutput(so, sopt);
1062 else
1063#endif /* INET6 */
1064 error = ip_ctloutput(so, sopt);
1065 splx(s);
1066 return (error);
1067 }
1068 tp = intotcpcb(inp);
1069
1070 switch (sopt->sopt_dir) {
1071 case SOPT_SET:
1072 switch (sopt->sopt_name) {
1073 case TCP_NODELAY:
1074 case TCP_NOOPT:
1075 error = sooptcopyin(sopt, &optval, sizeof optval,
1076 sizeof optval);
1077 if (error)
1078 break;
1079
1080 switch (sopt->sopt_name) {
1081 case TCP_NODELAY:
1082 opt = TF_NODELAY;
1083 break;
1084 case TCP_NOOPT:
1085 opt = TF_NOOPT;
1086 break;
1087 default:
1088 opt = 0; /* dead code to fool gcc */
1089 break;
1090 }
1091
1092 if (optval)
1093 tp->t_flags |= opt;
1094 else
1095 tp->t_flags &= ~opt;
1096 break;
1097
1098 case TCP_NOPUSH:
1099 error = sooptcopyin(sopt, &optval, sizeof optval,
1100 sizeof optval);
1101 if (error)
1102 break;
1103
1104 if (optval)
1105 tp->t_flags |= TF_NOPUSH;
1106 else {
1107 tp->t_flags &= ~TF_NOPUSH;
1108 error = tcp_output(tp);
1109 }
1110 break;
1111
1112 case TCP_MAXSEG:
1113 error = sooptcopyin(sopt, &optval, sizeof optval,
1114 sizeof optval);
1115 if (error)
1116 break;
1117
1118 if (optval > 0 && optval <= tp->t_maxseg)
1119 tp->t_maxseg = optval;
1120 else
1121 error = EINVAL;
1122 break;
1123
1124 default:
1125 error = ENOPROTOOPT;
1126 break;
1127 }
1128 break;
1129
1130 case SOPT_GET:
1131 switch (sopt->sopt_name) {
1132 case TCP_NODELAY:
1133 optval = tp->t_flags & TF_NODELAY;
1134 break;
1135 case TCP_MAXSEG:
1136 optval = tp->t_maxseg;
1137 break;
1138 case TCP_NOOPT:
1139 optval = tp->t_flags & TF_NOOPT;
1140 break;
1141 case TCP_NOPUSH:
1142 optval = tp->t_flags & TF_NOPUSH;
1143 break;
1144 default:
1145 error = ENOPROTOOPT;
1146 break;
1147 }
1148 if (error == 0)
1149 error = sooptcopyout(sopt, &optval, sizeof optval);
1150 break;
1151 }
1152 splx(s);
1153 return (error);
1154}
1155
1156/*
1157 * tcp_sendspace and tcp_recvspace are the default send and receive window
1158 * sizes, respectively. These are obsolescent (this information should
1159 * be set by the route).
1160 */
1161u_long tcp_sendspace = 1024*32;
1162SYSCTL_INT(_net_inet_tcp, TCPCTL_SENDSPACE, sendspace, CTLFLAG_RW,
1163 &tcp_sendspace , 0, "Maximum outgoing TCP datagram size");
1164u_long tcp_recvspace = 57344; /* largest multiple of PAGE_SIZE < 64k */
1165SYSCTL_INT(_net_inet_tcp, TCPCTL_RECVSPACE, recvspace, CTLFLAG_RW,
1166 &tcp_recvspace , 0, "Maximum incoming TCP datagram size");
1167
1168/*
1169 * Attach TCP protocol to socket, allocating
1170 * internet protocol control block, tcp control block,
1171 * bufer space, and entering LISTEN state if to accept connections.
1172 */
1173static int
e4700d00 1174tcp_attach(struct socket *so, struct pru_attach_info *ai)
984263bc 1175{
2256ba69 1176 struct tcpcb *tp;
984263bc
MD
1177 struct inpcb *inp;
1178 int error;
6ca1a1cd 1179 int cpu;
984263bc
MD
1180#ifdef INET6
1181 int isipv6 = INP_CHECK_SOCKAF(so, AF_INET6) != NULL;
1182#endif
1183
1184 if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
e4700d00
JH
1185 error = soreserve(so, tcp_sendspace, tcp_recvspace,
1186 ai->sb_rlimit);
984263bc
MD
1187 if (error)
1188 return (error);
1189 }
6ca1a1cd 1190 cpu = mycpu->gd_cpuid;
6ca1a1cd 1191 error = in_pcballoc(so, &tcbinfo[cpu]);
984263bc
MD
1192 if (error)
1193 return (error);
1194 inp = sotoinpcb(so);
1195#ifdef INET6
1196 if (isipv6) {
1197 inp->inp_vflag |= INP_IPV6;
1198 inp->in6p_hops = -1; /* use kernel default */
1199 }
1200 else
1201#endif
1202 inp->inp_vflag |= INP_IPV4;
1203 tp = tcp_newtcpcb(inp);
1204 if (tp == 0) {
1205 int nofd = so->so_state & SS_NOFDREF; /* XXX */
1206
1207 so->so_state &= ~SS_NOFDREF; /* don't free the socket yet */
1208#ifdef INET6
1209 if (isipv6)
1210 in6_pcbdetach(inp);
1211 else
1212#endif
1213 in_pcbdetach(inp);
1214 so->so_state |= nofd;
1215 return (ENOBUFS);
1216 }
1217 tp->t_state = TCPS_CLOSED;
1218 return (0);
1219}
1220
1221/*
1222 * Initiate (or continue) disconnect.
1223 * If embryonic state, just send reset (once).
1224 * If in ``let data drain'' option and linger null, just drop.
1225 * Otherwise (hard), mark socket disconnecting and drop
1226 * current input data; switch states based on user close, and
1227 * send segment to peer (with FIN).
1228 */
1229static struct tcpcb *
1230tcp_disconnect(tp)
2256ba69 1231 struct tcpcb *tp;
984263bc
MD
1232{
1233 struct socket *so = tp->t_inpcb->inp_socket;
1234
1235 if (tp->t_state < TCPS_ESTABLISHED)
1236 tp = tcp_close(tp);
1237 else if ((so->so_options & SO_LINGER) && so->so_linger == 0)
1238 tp = tcp_drop(tp, 0);
1239 else {
1240 soisdisconnecting(so);
1241 sbflush(&so->so_rcv);
1242 tp = tcp_usrclosed(tp);
1243 if (tp)
1244 (void) tcp_output(tp);
1245 }
1246 return (tp);
1247}
1248
1249/*
1250 * User issued close, and wish to trail through shutdown states:
1251 * if never received SYN, just forget it. If got a SYN from peer,
1252 * but haven't sent FIN, then go to FIN_WAIT_1 state to send peer a FIN.
1253 * If already got a FIN from peer, then almost done; go to LAST_ACK
1254 * state. In all other cases, have already sent FIN to peer (e.g.
1255 * after PRU_SHUTDOWN), and just have to play tedious game waiting
1256 * for peer to send FIN or not respond to keep-alives, etc.
1257 * We can let the user exit from the close as soon as the FIN is acked.
1258 */
1259static struct tcpcb *
1260tcp_usrclosed(tp)
2256ba69 1261 struct tcpcb *tp;
984263bc
MD
1262{
1263
1264 switch (tp->t_state) {
1265
1266 case TCPS_CLOSED:
1267 case TCPS_LISTEN:
1268 tp->t_state = TCPS_CLOSED;
1269 tp = tcp_close(tp);
1270 break;
1271
1272 case TCPS_SYN_SENT:
1273 case TCPS_SYN_RECEIVED:
1274 tp->t_flags |= TF_NEEDFIN;
1275 break;
1276
1277 case TCPS_ESTABLISHED:
1278 tp->t_state = TCPS_FIN_WAIT_1;
1279 break;
1280
1281 case TCPS_CLOSE_WAIT:
1282 tp->t_state = TCPS_LAST_ACK;
1283 break;
1284 }
1285 if (tp && tp->t_state >= TCPS_FIN_WAIT_2) {
1286 soisdisconnected(tp->t_inpcb->inp_socket);
1287 /* To prevent the connection hanging in FIN_WAIT_2 forever. */
1288 if (tp->t_state == TCPS_FIN_WAIT_2)
1289 callout_reset(tp->tt_2msl, tcp_maxidle,
1290 tcp_timer_2msl, tp);
1291 }
1292 return (tp);
1293}