diff options
| author | stevel@tonic-gate <none@none> | 2005-06-14 00:00:00 -0700 |
|---|---|---|
| committer | stevel@tonic-gate <none@none> | 2005-06-14 00:00:00 -0700 |
| commit | 7c478bd95313f5f23a4c958a745db2134aa03244 (patch) | |
| tree | c871e58545497667cbb4b0a4f2daf204743e1fe7 /usr/src/stand/lib/tcp/tcp.c | |
| download | illumos-joyent-7c478bd95313f5f23a4c958a745db2134aa03244.tar.gz | |
OpenSolaris Launch
Diffstat (limited to 'usr/src/stand/lib/tcp/tcp.c')
| -rw-r--r-- | usr/src/stand/lib/tcp/tcp.c | 7067 |
1 files changed, 7067 insertions, 0 deletions
diff --git a/usr/src/stand/lib/tcp/tcp.c b/usr/src/stand/lib/tcp/tcp.c new file mode 100644 index 0000000000..f05cacad8e --- /dev/null +++ b/usr/src/stand/lib/tcp/tcp.c @@ -0,0 +1,7067 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License, Version 1.0 only + * (the "License"). You may not use this file except in compliance + * with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + * + * tcp.c, Code implementing the TCP protocol. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +#include <sys/types.h> +#include <socket_impl.h> +#include <socket_inet.h> +#include <sys/sysmacros.h> +#include <sys/promif.h> +#include <sys/socket.h> +#include <netinet/in_systm.h> +#include <netinet/in.h> +#include <netinet/ip.h> +#include <netinet/tcp.h> +#include <net/if_types.h> +#include <sys/salib.h> + +#include "ipv4.h" +#include "ipv4_impl.h" +#include "mac.h" +#include "mac_impl.h" +#include "v4_sum_impl.h" +#include <sys/bootdebug.h> +#include "tcp_inet.h" +#include "tcp_sack.h" +#include <inet/common.h> +#include <inet/mib2.h> + +/* + * We need to redefine BUMP_MIB/UPDATE_MIB to not have DTrace probes. + */ +#undef BUMP_MIB +#define BUMP_MIB(x) (x)++ + +#undef UPDATE_MIB +#define UPDATE_MIB(x, y) x += y + +/* + * MIB-2 stuff for SNMP + */ +mib2_tcp_t tcp_mib; /* SNMP fixed size info */ + +/* The TCP mib does not include the following errors. */ +static uint_t tcp_cksum_errors; +static uint_t tcp_drops; + +/* Macros for timestamp comparisons */ +#define TSTMP_GEQ(a, b) ((int32_t)((a)-(b)) >= 0) +#define TSTMP_LT(a, b) ((int32_t)((a)-(b)) < 0) + +/* + * Parameters for TCP Initial Send Sequence number (ISS) generation. + * The ISS is calculated by adding three components: a time component + * which grows by 1 every 4096 nanoseconds (versus every 4 microseconds + * suggested by RFC 793, page 27); + * a per-connection component which grows by 125000 for every new connection; + * and an "extra" component that grows by a random amount centered + * approximately on 64000. This causes the the ISS generator to cycle every + * 4.89 hours if no TCP connections are made, and faster if connections are + * made. + */ +#define ISS_INCR 250000 +#define ISS_NSEC_SHT 0 + +static uint32_t tcp_iss_incr_extra; /* Incremented for each connection */ + +#define TCP_XMIT_LOWATER 4096 +#define TCP_XMIT_HIWATER 49152 +#define TCP_RECV_LOWATER 2048 +#define TCP_RECV_HIWATER 49152 + +/* + * PAWS needs a timer for 24 days. This is the number of ms in 24 days + */ +#define PAWS_TIMEOUT ((uint32_t)(24*24*60*60*1000)) + +/* + * TCP options struct returned from tcp_parse_options. + */ +typedef struct tcp_opt_s { + uint32_t tcp_opt_mss; + uint32_t tcp_opt_wscale; + uint32_t tcp_opt_ts_val; + uint32_t tcp_opt_ts_ecr; + tcp_t *tcp; +} tcp_opt_t; + +/* + * RFC1323-recommended phrasing of TSTAMP option, for easier parsing + */ + +#ifdef _BIG_ENDIAN +#define TCPOPT_NOP_NOP_TSTAMP ((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | \ + (TCPOPT_TSTAMP << 8) | 10) +#else +#define TCPOPT_NOP_NOP_TSTAMP ((10 << 24) | (TCPOPT_TSTAMP << 16) | \ + (TCPOPT_NOP << 8) | TCPOPT_NOP) +#endif + +/* + * Flags returned from tcp_parse_options. + */ +#define TCP_OPT_MSS_PRESENT 1 +#define TCP_OPT_WSCALE_PRESENT 2 +#define TCP_OPT_TSTAMP_PRESENT 4 +#define TCP_OPT_SACK_OK_PRESENT 8 +#define TCP_OPT_SACK_PRESENT 16 + +/* TCP option length */ +#define TCPOPT_NOP_LEN 1 +#define TCPOPT_MAXSEG_LEN 4 +#define TCPOPT_WS_LEN 3 +#define TCPOPT_REAL_WS_LEN (TCPOPT_WS_LEN+1) +#define TCPOPT_TSTAMP_LEN 10 +#define TCPOPT_REAL_TS_LEN (TCPOPT_TSTAMP_LEN+2) +#define TCPOPT_SACK_OK_LEN 2 +#define TCPOPT_REAL_SACK_OK_LEN (TCPOPT_SACK_OK_LEN+2) +#define TCPOPT_REAL_SACK_LEN 4 +#define TCPOPT_MAX_SACK_LEN 36 +#define TCPOPT_HEADER_LEN 2 + +/* TCP cwnd burst factor. */ +#define TCP_CWND_INFINITE 65535 +#define TCP_CWND_SS 3 +#define TCP_CWND_NORMAL 5 + +/* Named Dispatch Parameter Management Structure */ +typedef struct tcpparam_s { + uint32_t tcp_param_min; + uint32_t tcp_param_max; + uint32_t tcp_param_val; + char *tcp_param_name; +} tcpparam_t; + +/* Max size IP datagram is 64k - 1 */ +#define TCP_MSS_MAX_IPV4 (IP_MAXPACKET - (sizeof (struct ip) + \ + sizeof (tcph_t))) + +/* Max of the above */ +#define TCP_MSS_MAX TCP_MSS_MAX_IPV4 + +/* Largest TCP port number */ +#define TCP_MAX_PORT (64 * 1024 - 1) + +/* Round up the value to the nearest mss. */ +#define MSS_ROUNDUP(value, mss) ((((value) - 1) / (mss) + 1) * (mss)) + +#define MS 1L +#define SECONDS (1000 * MS) +#define MINUTES (60 * SECONDS) +#define HOURS (60 * MINUTES) +#define DAYS (24 * HOURS) + +/* All NDD params in the core TCP became static variables. */ +static int tcp_time_wait_interval = 1 * MINUTES; +static int tcp_conn_req_max_q = 128; +static int tcp_conn_req_max_q0 = 1024; +static int tcp_conn_req_min = 1; +static int tcp_conn_grace_period = 0 * SECONDS; +static int tcp_cwnd_max_ = 1024 * 1024; +static int tcp_smallest_nonpriv_port = 1024; +static int tcp_ip_abort_cinterval = 3 * MINUTES; +static int tcp_ip_abort_linterval = 3 * MINUTES; +static int tcp_ip_abort_interval = 8 * MINUTES; +static int tcp_ip_notify_cinterval = 10 * SECONDS; +static int tcp_ip_notify_interval = 10 * SECONDS; +static int tcp_ipv4_ttl = 64; +static int tcp_mss_def_ipv4 = 536; +static int tcp_mss_max_ipv4 = TCP_MSS_MAX_IPV4; +static int tcp_mss_min = 108; +static int tcp_naglim_def = (4*1024)-1; +static int tcp_rexmit_interval_initial = 3 * SECONDS; +static int tcp_rexmit_interval_max = 60 * SECONDS; +static int tcp_rexmit_interval_min = 400 * MS; +static int tcp_dupack_fast_retransmit = 3; +static int tcp_smallest_anon_port = 32 * 1024; +static int tcp_largest_anon_port = TCP_MAX_PORT; +static int tcp_xmit_lowat = TCP_XMIT_LOWATER; +static int tcp_recv_hiwat_minmss = 4; +static int tcp_fin_wait_2_flush_interval = 1 * MINUTES; +static int tcp_max_buf = 1024 * 1024; +static int tcp_wscale_always = 1; +static int tcp_tstamp_always = 1; +static int tcp_tstamp_if_wscale = 1; +static int tcp_rexmit_interval_extra = 0; +static int tcp_slow_start_after_idle = 2; +static int tcp_slow_start_initial = 2; +static int tcp_sack_permitted = 2; +static int tcp_ecn_permitted = 2; + +/* Extra room to fit in headers. */ +static uint_t tcp_wroff_xtra; + +/* Hint for next port to try. */ +static in_port_t tcp_next_port_to_try = 32*1024; + +/* + * Figure out the value of window scale opton. Note that the rwnd is + * ASSUMED to be rounded up to the nearest MSS before the calculation. + * We cannot find the scale value and then do a round up of tcp_rwnd + * because the scale value may not be correct after that. + */ +#define SET_WS_VALUE(tcp) \ +{ \ + int i; \ + uint32_t rwnd = (tcp)->tcp_rwnd; \ + for (i = 0; rwnd > TCP_MAXWIN && i < TCP_MAX_WINSHIFT; \ + i++, rwnd >>= 1) \ + ; \ + (tcp)->tcp_rcv_ws = i; \ +} + +/* + * Set ECN capable transport (ECT) code point in IP header. + * + * Note that there are 2 ECT code points '01' and '10', which are called + * ECT(1) and ECT(0) respectively. Here we follow the original ECT code + * point ECT(0) for TCP as described in RFC 2481. + */ +#define SET_ECT(tcp, iph) \ + if ((tcp)->tcp_ipversion == IPV4_VERSION) { \ + /* We need to clear the code point first. */ \ + ((struct ip *)(iph))->ip_tos &= 0xFC; \ + ((struct ip *)(iph))->ip_tos |= IPH_ECN_ECT0; \ + } + +/* + * The format argument to pass to tcp_display(). + * DISP_PORT_ONLY means that the returned string has only port info. + * DISP_ADDR_AND_PORT means that the returned string also contains the + * remote and local IP address. + */ +#define DISP_PORT_ONLY 1 +#define DISP_ADDR_AND_PORT 2 + +/* + * TCP reassembly macros. We hide starting and ending sequence numbers in + * b_next and b_prev of messages on the reassembly queue. The messages are + * chained using b_cont. These macros are used in tcp_reass() so we don't + * have to see the ugly casts and assignments. + */ +#define TCP_REASS_SEQ(mp) ((uint32_t)((mp)->b_next)) +#define TCP_REASS_SET_SEQ(mp, u) ((mp)->b_next = (mblk_t *)(u)) +#define TCP_REASS_END(mp) ((uint32_t)((mp)->b_prev)) +#define TCP_REASS_SET_END(mp, u) ((mp)->b_prev = (mblk_t *)(u)) + +#define TCP_TIMER_RESTART(tcp, intvl) \ + (tcp)->tcp_rto_timeout = prom_gettime() + intvl; \ + (tcp)->tcp_timer_running = B_TRUE; + +static int tcp_accept_comm(tcp_t *, tcp_t *, mblk_t *, uint_t); +static mblk_t *tcp_ack_mp(tcp_t *); +static in_port_t tcp_bindi(in_port_t, in_addr_t *, boolean_t, boolean_t); +static uint16_t tcp_cksum(uint16_t *, uint32_t); +static void tcp_clean_death(int, tcp_t *, int err); +static tcp_t *tcp_conn_request(tcp_t *, mblk_t *mp, uint_t, uint_t); +static char *tcp_display(tcp_t *, char *, char); +static int tcp_drain_input(tcp_t *, int, int); +static void tcp_drain_needed(int, tcp_t *); +static boolean_t tcp_drop_q0(tcp_t *); +static mblk_t *tcp_get_seg_mp(tcp_t *, uint32_t, int32_t *); +static int tcp_header_len(struct inetgram *); +static in_port_t tcp_report_ports(uint16_t *, enum Ports); +static int tcp_input(int); +static void tcp_iss_init(tcp_t *); +static tcp_t *tcp_lookup_ipv4(struct ip *, tcpha_t *, int, int *); +static tcp_t *tcp_lookup_listener_ipv4(in_addr_t, in_port_t, int *); +static int tcp_conn_check(tcp_t *); +static int tcp_close(int); +static void tcp_close_detached(tcp_t *); +static void tcp_eager_cleanup(tcp_t *, boolean_t, int); +static void tcp_eager_unlink(tcp_t *); +static void tcp_free(tcp_t *); +static int tcp_header_init_ipv4(tcp_t *); +static void tcp_mss_set(tcp_t *, uint32_t); +static int tcp_parse_options(tcph_t *, tcp_opt_t *); +static boolean_t tcp_paws_check(tcp_t *, tcph_t *, tcp_opt_t *); +static void tcp_process_options(tcp_t *, tcph_t *); +static int tcp_random(void); +static void tcp_random_init(void); +static mblk_t *tcp_reass(tcp_t *, mblk_t *, uint32_t); +static void tcp_reass_elim_overlap(tcp_t *, mblk_t *); +static void tcp_rcv_drain(int sock_id, tcp_t *); +static void tcp_rcv_enqueue(tcp_t *, mblk_t *, uint_t); +static void tcp_rput_data(tcp_t *, mblk_t *, int); +static int tcp_rwnd_set(tcp_t *, uint32_t); +static int32_t tcp_sack_rxmit(tcp_t *, int); +static void tcp_set_cksum(mblk_t *); +static void tcp_set_rto(tcp_t *, int32_t); +static void tcp_ss_rexmit(tcp_t *, int); +static int tcp_state_wait(int, tcp_t *, int); +static void tcp_timer(tcp_t *, int); +static void tcp_time_wait_append(tcp_t *); +static void tcp_time_wait_collector(void); +static void tcp_time_wait_processing(tcp_t *, mblk_t *, uint32_t, + uint32_t, int, tcph_t *, int sock_id); +static void tcp_time_wait_remove(tcp_t *); +static in_port_t tcp_update_next_port(in_port_t); +static int tcp_verify_cksum(mblk_t *); +static void tcp_wput_data(tcp_t *, mblk_t *, int); +static void tcp_xmit_ctl(char *, tcp_t *, mblk_t *, uint32_t, uint32_t, + int, uint_t, int); +static void tcp_xmit_early_reset(char *, int, mblk_t *, uint32_t, uint32_t, + int, uint_t); +static int tcp_xmit_end(tcp_t *, int); +static void tcp_xmit_listeners_reset(int, mblk_t *, uint_t); +static mblk_t *tcp_xmit_mp(tcp_t *, mblk_t *, int32_t, int32_t *, + mblk_t **, uint32_t, boolean_t, uint32_t *, boolean_t); +static int tcp_init_values(tcp_t *, struct inetboot_socket *); + +#if DEBUG > 1 +#define TCP_DUMP_PACKET(str, mp) \ +{ \ + int len = (mp)->b_wptr - (mp)->b_rptr; \ +\ + printf("%s: dump TCP(%d): \n", (str), len); \ + hexdump((char *)(mp)->b_rptr, len); \ +} +#else +#define TCP_DUMP_PACKET(str, mp) +#endif + +#ifdef DEBUG +#define DEBUG_1(str, arg) printf(str, (arg)) +#define DEBUG_2(str, arg1, arg2) printf(str, (arg1), (arg2)) +#define DEBUG_3(str, arg1, arg2, arg3) printf(str, (arg1), (arg2), (arg3)) +#else +#define DEBUG_1(str, arg) +#define DEBUG_2(str, arg1, arg2) +#define DEBUG_3(str, arg1, arg2, arg3) +#endif + +/* Whether it is the first time TCP is used. */ +static boolean_t tcp_initialized = B_FALSE; + +/* TCP time wait list. */ +static tcp_t *tcp_time_wait_head; +static tcp_t *tcp_time_wait_tail; +static uint32_t tcp_cum_timewait; +/* When the tcp_time_wait_collector is run. */ +static uint32_t tcp_time_wait_runtime; + +#define TCP_RUN_TIME_WAIT_COLLECTOR() \ + if (prom_gettime() > tcp_time_wait_runtime) \ + tcp_time_wait_collector(); + +/* + * Accept will return with an error if there is no connection coming in + * after this (in ms). + */ +static int tcp_accept_timeout = 60000; + +/* + * Initialize the TCP-specific parts of a socket. + */ +void +tcp_socket_init(struct inetboot_socket *isp) +{ + /* Do some initializations. */ + if (!tcp_initialized) { + tcp_random_init(); + /* Extra head room for the MAC layer address. */ + if ((tcp_wroff_xtra = mac_get_hdr_len()) & 0x3) { + tcp_wroff_xtra = (tcp_wroff_xtra & ~0x3) + 0x4; + } + /* Schedule the first time wait cleanup time */ + tcp_time_wait_runtime = prom_gettime() + tcp_time_wait_interval; + tcp_initialized = B_TRUE; + } + TCP_RUN_TIME_WAIT_COLLECTOR(); + + isp->proto = IPPROTO_TCP; + isp->input[TRANSPORT_LVL] = tcp_input; + /* Socket layer should call tcp_send() directly. */ + isp->output[TRANSPORT_LVL] = NULL; + isp->close[TRANSPORT_LVL] = tcp_close; + isp->headerlen[TRANSPORT_LVL] = tcp_header_len; + isp->ports = tcp_report_ports; + if ((isp->pcb = bkmem_alloc(sizeof (tcp_t))) == NULL) { + errno = ENOBUFS; + return; + } + if ((errno = tcp_init_values((tcp_t *)isp->pcb, isp)) != 0) { + bkmem_free(isp->pcb, sizeof (tcp_t)); + return; + } + /* + * This is set last because this field is used to determine if + * a socket is in use or not. + */ + isp->type = INETBOOT_STREAM; +} + +/* + * Return the size of a TCP header including TCP option. + */ +static int +tcp_header_len(struct inetgram *igm) +{ + mblk_t *pkt; + int ipvers; + + /* Just returns the standard TCP header without option */ + if (igm == NULL) + return (sizeof (tcph_t)); + + if ((pkt = igm->igm_mp) == NULL) + return (0); + + ipvers = ((struct ip *)pkt->b_rptr)->ip_v; + if (ipvers == IPV4_VERSION) { + return (TCP_HDR_LENGTH((tcph_t *)(pkt + IPH_HDR_LENGTH(pkt)))); + } else { + dprintf("tcp_header_len: non-IPv4 packet.\n"); + return (0); + } +} + +/* + * Return the requested port number in network order. + */ +static in_port_t +tcp_report_ports(uint16_t *tcphp, enum Ports request) +{ + if (request == SOURCE) + return (*(uint16_t *)(((tcph_t *)tcphp)->th_lport)); + return (*(uint16_t *)(((tcph_t *)tcphp)->th_fport)); +} + +/* + * Because inetboot is not interrupt driven, TCP can only poll. This + * means that there can be packets stuck in the NIC buffer waiting to + * be processed. Thus we need to drain them before, for example, sending + * anything because an ACK may actually be stuck there. + * + * The timeout arguments determine how long we should wait for draining. + */ +static int +tcp_drain_input(tcp_t *tcp, int sock_id, int timeout) +{ + struct inetgram *in_gram; + struct inetgram *old_in_gram; + int old_timeout; + mblk_t *mp; + int i; + + dprintf("tcp_drain_input(%d): %s\n", sock_id, + tcp_display(tcp, NULL, DISP_ADDR_AND_PORT)); + + /* + * Since the driver uses the in_timeout value in the socket + * structure to determine the timeout value, we need to save + * the original one so that we can restore that after draining. + */ + old_timeout = sockets[sock_id].in_timeout; + sockets[sock_id].in_timeout = timeout; + + /* + * We do this because the input queue may have some user + * data already. + */ + old_in_gram = sockets[sock_id].inq; + sockets[sock_id].inq = NULL; + + /* Go out and check the wire */ + for (i = MEDIA_LVL; i < TRANSPORT_LVL; i++) { + if (sockets[sock_id].input[i] != NULL) { + if (sockets[sock_id].input[i](sock_id) < 0) { + sockets[sock_id].in_timeout = old_timeout; + if (sockets[sock_id].inq != NULL) + nuke_grams(&sockets[sock_id].inq); + sockets[sock_id].inq = old_in_gram; + return (-1); + } + } + } +#if DEBUG + printf("tcp_drain_input: done with checking packets\n"); +#endif + while ((in_gram = sockets[sock_id].inq) != NULL) { + /* Remove unknown inetgrams from the head of inq. */ + if (in_gram->igm_level != TRANSPORT_LVL) { +#if DEBUG + printf("tcp_drain_input: unexpected packet " + "level %d frame found\n", in_gram->igm_level); +#endif + del_gram(&sockets[sock_id].inq, in_gram, B_TRUE); + continue; + } + mp = in_gram->igm_mp; + del_gram(&sockets[sock_id].inq, in_gram, B_FALSE); + bkmem_free((caddr_t)in_gram, sizeof (struct inetgram)); + tcp_rput_data(tcp, mp, sock_id); + sockets[sock_id].in_timeout = old_timeout; + + /* + * The other side may have closed this connection or + * RST us. But we need to continue to process other + * packets in the socket's queue because they may be + * belong to another TCP connections. + */ + if (sockets[sock_id].pcb == NULL) + tcp = NULL; + } + + if (tcp == NULL || sockets[sock_id].pcb == NULL) { + if (sockets[sock_id].so_error != 0) + return (-1); + else + return (0); + } +#if DEBUG + printf("tcp_drain_input: done with processing packets\n"); +#endif + sockets[sock_id].in_timeout = old_timeout; + sockets[sock_id].inq = old_in_gram; + + /* + * Data may have been received so indicate it is available + */ + tcp_drain_needed(sock_id, tcp); + return (0); +} + +/* + * The receive entry point for upper layer to call to get data. Note + * that this follows the current architecture that lower layer receive + * routines have been called already. Thus if the inq of socket is + * not NULL, the packets must be for us. + */ +static int +tcp_input(int sock_id) +{ + struct inetgram *in_gram; + mblk_t *mp; + tcp_t *tcp; + + TCP_RUN_TIME_WAIT_COLLECTOR(); + + if ((tcp = sockets[sock_id].pcb) == NULL) + return (-1); + + while ((in_gram = sockets[sock_id].inq) != NULL) { + /* Remove unknown inetgrams from the head of inq. */ + if (in_gram->igm_level != TRANSPORT_LVL) { +#ifdef DEBUG + printf("tcp_input: unexpected packet " + "level %d frame found\n", in_gram->igm_level); +#endif + del_gram(&sockets[sock_id].inq, in_gram, B_TRUE); + continue; + } + mp = in_gram->igm_mp; + del_gram(&sockets[sock_id].inq, in_gram, B_FALSE); + bkmem_free((caddr_t)in_gram, sizeof (struct inetgram)); + tcp_rput_data(tcp, mp, sock_id); + /* The TCP may be gone because it gets a RST. */ + if (sockets[sock_id].pcb == NULL) + return (-1); + } + + /* Flush the receive list. */ + if (tcp->tcp_rcv_list != NULL) { + tcp_rcv_drain(sock_id, tcp); + } else { + /* The other side has closed the connection, report this up. */ + if (tcp->tcp_state == TCPS_CLOSE_WAIT) { + sockets[sock_id].so_state |= SS_CANTRCVMORE; + return (0); + } + } + return (0); +} + +/* + * The send entry point for upper layer to call to send data. In order + * to minimize changes to the core TCP code, we need to put the + * data into mblks. + */ +int +tcp_send(int sock_id, tcp_t *tcp, const void *msg, int len) +{ + mblk_t *mp; + mblk_t *head = NULL; + mblk_t *tail; + int mss = tcp->tcp_mss; + int cnt = 0; + int win_size; + char *buf = (char *)msg; + + TCP_RUN_TIME_WAIT_COLLECTOR(); + + /* We don't want to append 0 size mblk. */ + if (len == 0) + return (0); + while (len > 0) { + if (len < mss) { + mss = len; + } + /* + * If we cannot allocate more buffer, stop here and + * the number of bytes buffered will be returned. + * + * Note that we follow the core TCP optimization that + * each mblk contains only MSS bytes data. + */ + if ((mp = allocb(mss + tcp->tcp_ip_hdr_len + + TCP_MAX_HDR_LENGTH + tcp_wroff_xtra, 0)) == NULL) { + break; + } + mp->b_rptr += tcp->tcp_hdr_len + tcp_wroff_xtra; + bcopy(buf, mp->b_rptr, mss); + mp->b_wptr = mp->b_rptr + mss; + buf += mss; + cnt += mss; + len -= mss; + + if (head == NULL) { + head = mp; + tail = mp; + } else { + tail->b_cont = mp; + tail = mp; + } + } + + /* + * Since inetboot is not interrupt driven, there may be + * some ACKs in the MAC's buffer. Drain them first, + * otherwise, we may not be able to send. + * + * We expect an ACK in two cases: + * + * 1) We have un-ACK'ed data. + * + * 2) All ACK's have been received and the sender's window has been + * closed. We need an ACK back to open the window so that we can + * send. In this case, call tcp_drain_input() if the window size is + * less than 2 * MSS. + */ + + /* window size = MIN(swnd, cwnd) - unacked bytes */ + win_size = (tcp->tcp_swnd > tcp->tcp_cwnd) ? tcp->tcp_cwnd : + tcp->tcp_swnd; + win_size -= tcp->tcp_snxt; + win_size += tcp->tcp_suna; + if (win_size < (2 * tcp->tcp_mss)) + if (tcp_drain_input(tcp, sock_id, 5) < 0) + return (-1); + + tcp_wput_data(tcp, head, sock_id); + return (cnt); +} + +/* Free up all TCP related stuff */ +static void +tcp_free(tcp_t *tcp) +{ + if (tcp->tcp_iphc != NULL) { + bkmem_free((caddr_t)tcp->tcp_iphc, tcp->tcp_iphc_len); + tcp->tcp_iphc = NULL; + } + if (tcp->tcp_xmit_head != NULL) { + freemsg(tcp->tcp_xmit_head); + tcp->tcp_xmit_head = NULL; + } + if (tcp->tcp_rcv_list != NULL) { + freemsg(tcp->tcp_rcv_list); + tcp->tcp_rcv_list = NULL; + } + if (tcp->tcp_reass_head != NULL) { + freemsg(tcp->tcp_reass_head); + tcp->tcp_reass_head = NULL; + } + if (tcp->tcp_sack_info != NULL) { + bkmem_free((caddr_t)tcp->tcp_sack_info, + sizeof (tcp_sack_info_t)); + tcp->tcp_sack_info = NULL; + } +} + +static void +tcp_close_detached(tcp_t *tcp) +{ + if (tcp->tcp_listener != NULL) + tcp_eager_unlink(tcp); + tcp_free(tcp); + bkmem_free((caddr_t)tcp, sizeof (tcp_t)); +} + +/* + * If we are an eager connection hanging off a listener that hasn't + * formally accepted the connection yet, get off his list and blow off + * any data that we have accumulated. + */ +static void +tcp_eager_unlink(tcp_t *tcp) +{ + tcp_t *listener = tcp->tcp_listener; + + assert(listener != NULL); + if (tcp->tcp_eager_next_q0 != NULL) { + assert(tcp->tcp_eager_prev_q0 != NULL); + + /* Remove the eager tcp from q0 */ + tcp->tcp_eager_next_q0->tcp_eager_prev_q0 = + tcp->tcp_eager_prev_q0; + tcp->tcp_eager_prev_q0->tcp_eager_next_q0 = + tcp->tcp_eager_next_q0; + listener->tcp_conn_req_cnt_q0--; + } else { + tcp_t **tcpp = &listener->tcp_eager_next_q; + tcp_t *prev = NULL; + + for (; tcpp[0]; tcpp = &tcpp[0]->tcp_eager_next_q) { + if (tcpp[0] == tcp) { + if (listener->tcp_eager_last_q == tcp) { + /* + * If we are unlinking the last + * element on the list, adjust + * tail pointer. Set tail pointer + * to nil when list is empty. + */ + assert(tcp->tcp_eager_next_q == NULL); + if (listener->tcp_eager_last_q == + listener->tcp_eager_next_q) { + listener->tcp_eager_last_q = + NULL; + } else { + /* + * We won't get here if there + * is only one eager in the + * list. + */ + assert(prev != NULL); + listener->tcp_eager_last_q = + prev; + } + } + tcpp[0] = tcp->tcp_eager_next_q; + tcp->tcp_eager_next_q = NULL; + tcp->tcp_eager_last_q = NULL; + listener->tcp_conn_req_cnt_q--; + break; + } + prev = tcpp[0]; + } + } + tcp->tcp_listener = NULL; +} + +/* + * Reset any eager connection hanging off this listener + * and then reclaim it's resources. + */ +static void +tcp_eager_cleanup(tcp_t *listener, boolean_t q0_only, int sock_id) +{ + tcp_t *eager; + + if (!q0_only) { + /* First cleanup q */ + while ((eager = listener->tcp_eager_next_q) != NULL) { + assert(listener->tcp_eager_last_q != NULL); + tcp_xmit_ctl("tcp_eager_cleanup, can't wait", + eager, NULL, eager->tcp_snxt, 0, TH_RST, 0, + sock_id); + tcp_close_detached(eager); + } + assert(listener->tcp_eager_last_q == NULL); + } + /* Then cleanup q0 */ + while ((eager = listener->tcp_eager_next_q0) != listener) { + tcp_xmit_ctl("tcp_eager_cleanup, can't wait", + eager, NULL, eager->tcp_snxt, 0, TH_RST, 0, sock_id); + tcp_close_detached(eager); + } +} + +/* + * To handle the shutdown request. Called from shutdown() + */ +int +tcp_shutdown(int sock_id) +{ + tcp_t *tcp; + + DEBUG_1("tcp_shutdown: sock_id %x\n", sock_id); + + if ((tcp = sockets[sock_id].pcb) == NULL) { + return (-1); + } + + /* + * Since inetboot is not interrupt driven, there may be + * some ACKs in the MAC's buffer. Drain them first, + * otherwise, we may not be able to send. + */ + if (tcp_drain_input(tcp, sock_id, 5) < 0) { + /* + * If we return now without freeing TCP, there will be + * a memory leak. + */ + if (sockets[sock_id].pcb != NULL) + tcp_clean_death(sock_id, tcp, 0); + return (-1); + } + + DEBUG_1("tcp_shutdown: tcp_state %x\n", tcp->tcp_state); + switch (tcp->tcp_state) { + + case TCPS_SYN_RCVD: + /* + * Shutdown during the connect 3-way handshake + */ + case TCPS_ESTABLISHED: + /* + * Transmit the FIN + * wait for the FIN to be ACKed, + * then remain in FIN_WAIT_2 + */ + dprintf("tcp_shutdown: sending fin\n"); + if (tcp_xmit_end(tcp, sock_id) == 0 && + tcp_state_wait(sock_id, tcp, TCPS_FIN_WAIT_2) < 0) { + /* During the wait, TCP may be gone... */ + if (sockets[sock_id].pcb == NULL) + return (-1); + } + dprintf("tcp_shutdown: done\n"); + break; + + default: + break; + + } + return (0); +} + +/* To handle closing of the socket */ +static int +tcp_close(int sock_id) +{ + char *msg; + tcp_t *tcp; + int error = 0; + + if ((tcp = sockets[sock_id].pcb) == NULL) { + return (-1); + } + + TCP_RUN_TIME_WAIT_COLLECTOR(); + + /* + * Since inetboot is not interrupt driven, there may be + * some ACKs in the MAC's buffer. Drain them first, + * otherwise, we may not be able to send. + */ + if (tcp_drain_input(tcp, sock_id, 5) < 0) { + /* + * If we return now without freeing TCP, there will be + * a memory leak. + */ + if (sockets[sock_id].pcb != NULL) + tcp_clean_death(sock_id, tcp, 0); + return (-1); + } + + if (tcp->tcp_conn_req_cnt_q0 != 0 || tcp->tcp_conn_req_cnt_q != 0) { + /* Cleanup for listener */ + tcp_eager_cleanup(tcp, 0, sock_id); + } + + msg = NULL; + switch (tcp->tcp_state) { + case TCPS_CLOSED: + case TCPS_IDLE: + case TCPS_BOUND: + case TCPS_LISTEN: + break; + case TCPS_SYN_SENT: + msg = "tcp_close, during connect"; + break; + case TCPS_SYN_RCVD: + /* + * Close during the connect 3-way handshake + * but here there may or may not be pending data + * already on queue. Process almost same as in + * the ESTABLISHED state. + */ + /* FALLTHRU */ + default: + /* + * If SO_LINGER has set a zero linger time, abort the + * connection with a reset. + */ + if (tcp->tcp_linger && tcp->tcp_lingertime == 0) { + msg = "tcp_close, zero lingertime"; + break; + } + + /* + * Abort connection if there is unread data queued. + */ + if (tcp->tcp_rcv_list != NULL || + tcp->tcp_reass_head != NULL) { + msg = "tcp_close, unread data"; + break; + } + if (tcp->tcp_state <= TCPS_LISTEN) + break; + + /* + * Transmit the FIN before detaching the tcp_t. + * After tcp_detach returns this queue/perimeter + * no longer owns the tcp_t thus others can modify it. + * The TCP could be closed in tcp_state_wait called by + * tcp_wput_data called by tcp_xmit_end. + */ + (void) tcp_xmit_end(tcp, sock_id); + if (sockets[sock_id].pcb == NULL) + return (0); + + /* + * If lingering on close then wait until the fin is acked, + * the SO_LINGER time passes, or a reset is sent/received. + */ + if (tcp->tcp_linger && tcp->tcp_lingertime > 0 && + !(tcp->tcp_fin_acked) && + tcp->tcp_state >= TCPS_ESTABLISHED) { + uint32_t stoptime; /* in ms */ + + tcp->tcp_client_errno = 0; + stoptime = prom_gettime() + + (tcp->tcp_lingertime * 1000); + while (!(tcp->tcp_fin_acked) && + tcp->tcp_state >= TCPS_ESTABLISHED && + tcp->tcp_client_errno == 0 && + ((int32_t)(stoptime - prom_gettime()) > 0)) { + if (tcp_drain_input(tcp, sock_id, 5) < 0) { + if (sockets[sock_id].pcb != NULL) { + tcp_clean_death(sock_id, + tcp, 0); + } + return (-1); + } + } + tcp->tcp_client_errno = 0; + } + if (tcp_state_wait(sock_id, tcp, TCPS_TIME_WAIT) < 0) { + /* During the wait, TCP may be gone... */ + if (sockets[sock_id].pcb == NULL) + return (0); + msg = "tcp_close, couldn't detach"; + } else { + return (0); + } + break; + } + + /* Something went wrong... Send a RST and report the error */ + if (msg != NULL) { + if (tcp->tcp_state == TCPS_ESTABLISHED || + tcp->tcp_state == TCPS_CLOSE_WAIT) + BUMP_MIB(tcp_mib.tcpEstabResets); + if (tcp->tcp_state == TCPS_SYN_SENT || + tcp->tcp_state == TCPS_SYN_RCVD) + BUMP_MIB(tcp_mib.tcpAttemptFails); + tcp_xmit_ctl(msg, tcp, NULL, tcp->tcp_snxt, 0, TH_RST, 0, + sock_id); + } + + tcp_free(tcp); + bkmem_free((caddr_t)tcp, sizeof (tcp_t)); + sockets[sock_id].pcb = NULL; + return (error); +} + +/* To make an endpoint a listener. */ +int +tcp_listen(int sock_id, int backlog) +{ + tcp_t *tcp; + + if ((tcp = (tcp_t *)(sockets[sock_id].pcb)) == NULL) { + errno = EINVAL; + return (-1); + } + /* We allow calling listen() multiple times to change the backlog. */ + if (tcp->tcp_state > TCPS_LISTEN || tcp->tcp_state < TCPS_BOUND) { + errno = EOPNOTSUPP; + return (-1); + } + /* The following initialization should only be done once. */ + if (tcp->tcp_state != TCPS_LISTEN) { + tcp->tcp_eager_next_q0 = tcp->tcp_eager_prev_q0 = tcp; + tcp->tcp_eager_next_q = NULL; + tcp->tcp_state = TCPS_LISTEN; + tcp->tcp_second_ctimer_threshold = tcp_ip_abort_linterval; + } + if ((tcp->tcp_conn_req_max = backlog) > tcp_conn_req_max_q) { + tcp->tcp_conn_req_max = tcp_conn_req_max_q; + } + if (tcp->tcp_conn_req_max < tcp_conn_req_min) { + tcp->tcp_conn_req_max = tcp_conn_req_min; + } + return (0); +} + +/* To accept connections. */ +int +tcp_accept(int sock_id, struct sockaddr *addr, socklen_t *addr_len) +{ + tcp_t *listener; + tcp_t *eager; + int sd, new_sock_id; + struct sockaddr_in *new_addr = (struct sockaddr_in *)addr; + int timeout; + + /* Sanity check. */ + if ((listener = (tcp_t *)(sockets[sock_id].pcb)) == NULL || + new_addr == NULL || addr_len == NULL || + *addr_len < sizeof (struct sockaddr_in) || + listener->tcp_state != TCPS_LISTEN) { + errno = EINVAL; + return (-1); + } + + if (sockets[sock_id].in_timeout > tcp_accept_timeout) + timeout = prom_gettime() + sockets[sock_id].in_timeout; + else + timeout = prom_gettime() + tcp_accept_timeout; + while (listener->tcp_eager_next_q == NULL && + timeout > prom_gettime()) { +#if DEBUG + printf("tcp_accept: Waiting in tcp_accept()\n"); +#endif + if (tcp_drain_input(listener, sock_id, 5) < 0) { + return (-1); + } + } + /* If there is an eager, don't timeout... */ + if (timeout <= prom_gettime() && listener->tcp_eager_next_q == NULL) { +#if DEBUG + printf("tcp_accept: timeout\n"); +#endif + errno = ETIMEDOUT; + return (-1); + } +#if DEBUG + printf("tcp_accept: got a connection\n"); +#endif + + /* Now create the socket for this new TCP. */ + if ((sd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + return (-1); + } + if ((new_sock_id = so_check_fd(sd, &errno)) == -1) + /* This should not happen! */ + prom_panic("so_check_fd() fails in tcp_accept()"); + /* Free the TCP PCB in the original socket. */ + bkmem_free((caddr_t)(sockets[new_sock_id].pcb), sizeof (tcp_t)); + /* Dequeue the eager and attach it to the socket. */ + eager = listener->tcp_eager_next_q; + listener->tcp_eager_next_q = eager->tcp_eager_next_q; + if (listener->tcp_eager_last_q == eager) + listener->tcp_eager_last_q = NULL; + eager->tcp_eager_next_q = NULL; + sockets[new_sock_id].pcb = eager; + listener->tcp_conn_req_cnt_q--; + + /* Copy in the address info. */ + bcopy(&eager->tcp_remote, &new_addr->sin_addr.s_addr, + sizeof (in_addr_t)); + bcopy(&eager->tcp_fport, &new_addr->sin_port, sizeof (in_port_t)); + new_addr->sin_family = AF_INET; + +#ifdef DEBUG + printf("tcp_accept(), new sock_id: %d\n", sd); +#endif + return (sd); +} + +/* Update the next anonymous port to use. */ +static in_port_t +tcp_update_next_port(in_port_t port) +{ + /* Don't allow the port to fall out of the anonymous port range. */ + if (port < tcp_smallest_anon_port || port > tcp_largest_anon_port) + port = (in_port_t)tcp_smallest_anon_port; + + if (port < tcp_smallest_nonpriv_port) + port = (in_port_t)tcp_smallest_nonpriv_port; + return (port); +} + +/* To check whether a bind to a port is allowed. */ +static in_port_t +tcp_bindi(in_port_t port, in_addr_t *addr, boolean_t reuseaddr, + boolean_t bind_to_req_port_only) +{ + int i, count; + tcp_t *tcp; + + count = tcp_largest_anon_port - tcp_smallest_anon_port; +try_again: + for (i = 0; i < MAXSOCKET; i++) { + if (sockets[i].type != INETBOOT_STREAM || + ((tcp = (tcp_t *)sockets[i].pcb) == NULL) || + ntohs(tcp->tcp_lport) != port) { + continue; + } + /* + * Both TCPs have the same port. If SO_REUSEDADDR is + * set and the bound TCP has a state greater than + * TCPS_LISTEN, it is fine. + */ + if (reuseaddr && tcp->tcp_state > TCPS_LISTEN) { + continue; + } + if (tcp->tcp_bound_source != INADDR_ANY && + *addr != INADDR_ANY && + tcp->tcp_bound_source != *addr) { + continue; + } + if (bind_to_req_port_only) { + return (0); + } + if (--count > 0) { + port = tcp_update_next_port(++port); + goto try_again; + } else { + return (0); + } + } + return (port); +} + +/* To handle the bind request. */ +int +tcp_bind(int sock_id) +{ + tcp_t *tcp; + in_port_t requested_port, allocated_port; + boolean_t bind_to_req_port_only; + boolean_t reuseaddr; + + if ((tcp = (tcp_t *)sockets[sock_id].pcb) == NULL) { + errno = EINVAL; + return (-1); + } + + if (tcp->tcp_state >= TCPS_BOUND) { + /* We don't allow multiple bind(). */ + errno = EPROTO; + return (-1); + } + + requested_port = ntohs(sockets[sock_id].bind.sin_port); + + /* The bound source can be INADDR_ANY. */ + tcp->tcp_bound_source = sockets[sock_id].bind.sin_addr.s_addr; + + tcp->tcp_ipha->ip_src.s_addr = tcp->tcp_bound_source; + + /* Verify the port is available. */ + if (requested_port == 0) + bind_to_req_port_only = B_FALSE; + else /* T_BIND_REQ and requested_port != 0 */ + bind_to_req_port_only = B_TRUE; + + if (requested_port == 0) { + requested_port = tcp_update_next_port(++tcp_next_port_to_try); + } + reuseaddr = sockets[sock_id].so_opt & SO_REUSEADDR; + allocated_port = tcp_bindi(requested_port, &(tcp->tcp_bound_source), + reuseaddr, bind_to_req_port_only); + + if (allocated_port == 0) { + errno = EADDRINUSE; + return (-1); + } + tcp->tcp_lport = htons(allocated_port); + *(uint16_t *)tcp->tcp_tcph->th_lport = tcp->tcp_lport; + sockets[sock_id].bind.sin_port = tcp->tcp_lport; + tcp->tcp_state = TCPS_BOUND; + return (0); +} + +/* + * Check for duplicate TCP connections. + */ +static int +tcp_conn_check(tcp_t *tcp) +{ + int i; + tcp_t *tmp_tcp; + + for (i = 0; i < MAXSOCKET; i++) { + if (sockets[i].type != INETBOOT_STREAM) + continue; + /* Socket may not be closed but the TCP can be gone. */ + if ((tmp_tcp = (tcp_t *)sockets[i].pcb) == NULL) + continue; + /* We only care about TCP in states later than SYN_SENT. */ + if (tmp_tcp->tcp_state < TCPS_SYN_SENT) + continue; + if (tmp_tcp->tcp_lport != tcp->tcp_lport || + tmp_tcp->tcp_fport != tcp->tcp_fport || + tmp_tcp->tcp_bound_source != tcp->tcp_bound_source || + tmp_tcp->tcp_remote != tcp->tcp_remote) { + continue; + } else { + return (-1); + } + } + return (0); +} + +/* To handle a connect request. */ +int +tcp_connect(int sock_id) +{ + tcp_t *tcp; + in_addr_t dstaddr; + in_port_t dstport; + tcph_t *tcph; + int mss; + mblk_t *syn_mp; + + if ((tcp = (tcp_t *)(sockets[sock_id].pcb)) == NULL) { + errno = EINVAL; + return (-1); + } + + TCP_RUN_TIME_WAIT_COLLECTOR(); + + dstaddr = sockets[sock_id].remote.sin_addr.s_addr; + dstport = sockets[sock_id].remote.sin_port; + + /* + * Check for attempt to connect to INADDR_ANY or non-unicast addrress. + * We don't have enough info to check for broadcast addr, except + * for the all 1 broadcast. + */ + if (dstaddr == INADDR_ANY || IN_CLASSD(ntohl(dstaddr)) || + dstaddr == INADDR_BROADCAST) { + /* + * SunOS 4.x and 4.3 BSD allow an application + * to connect a TCP socket to INADDR_ANY. + * When they do this, the kernel picks the + * address of one interface and uses it + * instead. The kernel usually ends up + * picking the address of the loopback + * interface. This is an undocumented feature. + * However, we provide the same thing here + * in order to have source and binary + * compatibility with SunOS 4.x. + * Update the T_CONN_REQ (sin/sin6) since it is used to + * generate the T_CONN_CON. + * + * Fail this for inetboot TCP. + */ + errno = EINVAL; + return (-1); + } + + /* It is not bound to any address yet... */ + if (tcp->tcp_bound_source == INADDR_ANY) { + ipv4_getipaddr(&(sockets[sock_id].bind.sin_addr)); + /* We don't have an address! */ + if (ntohl(sockets[sock_id].bind.sin_addr.s_addr) == + INADDR_ANY) { + errno = EPROTO; + return (-1); + } + tcp->tcp_bound_source = sockets[sock_id].bind.sin_addr.s_addr; + tcp->tcp_ipha->ip_src.s_addr = tcp->tcp_bound_source; + } + + /* + * Don't let an endpoint connect to itself. + */ + if (dstaddr == tcp->tcp_ipha->ip_src.s_addr && + dstport == tcp->tcp_lport) { + errno = EINVAL; + return (-1); + } + + tcp->tcp_ipha->ip_dst.s_addr = dstaddr; + tcp->tcp_remote = dstaddr; + tcph = tcp->tcp_tcph; + *(uint16_t *)tcph->th_fport = dstport; + tcp->tcp_fport = dstport; + + /* + * Don't allow this connection to completely duplicate + * an existing connection. + */ + if (tcp_conn_check(tcp) < 0) { + errno = EADDRINUSE; + return (-1); + } + + /* + * Just make sure our rwnd is at + * least tcp_recv_hiwat_mss * MSS + * large, and round up to the nearest + * MSS. + * + * We do the round up here because + * we need to get the interface + * MTU first before we can do the + * round up. + */ + mss = tcp->tcp_mss - tcp->tcp_hdr_len; + tcp->tcp_rwnd = MAX(MSS_ROUNDUP(tcp->tcp_rwnd, mss), + tcp_recv_hiwat_minmss * mss); + tcp->tcp_rwnd_max = tcp->tcp_rwnd; + SET_WS_VALUE(tcp); + U32_TO_ABE16((tcp->tcp_rwnd >> tcp->tcp_rcv_ws), + tcp->tcp_tcph->th_win); + if (tcp->tcp_rcv_ws > 0 || tcp_wscale_always) + tcp->tcp_snd_ws_ok = B_TRUE; + + /* + * Set tcp_snd_ts_ok to true + * so that tcp_xmit_mp will + * include the timestamp + * option in the SYN segment. + */ + if (tcp_tstamp_always || + (tcp->tcp_rcv_ws && tcp_tstamp_if_wscale)) { + tcp->tcp_snd_ts_ok = B_TRUE; + } + + if (tcp_sack_permitted == 2 || + tcp->tcp_snd_sack_ok) { + assert(tcp->tcp_sack_info == NULL); + if ((tcp->tcp_sack_info = (tcp_sack_info_t *)bkmem_zalloc( + sizeof (tcp_sack_info_t))) == NULL) { + tcp->tcp_snd_sack_ok = B_FALSE; + } else { + tcp->tcp_snd_sack_ok = B_TRUE; + } + } + /* + * Should we use ECN? Note that the current + * default value (SunOS 5.9) of tcp_ecn_permitted + * is 2. The reason for doing this is that there + * are equipments out there that will drop ECN + * enabled IP packets. Setting it to 1 avoids + * compatibility problems. + */ + if (tcp_ecn_permitted == 2) + tcp->tcp_ecn_ok = B_TRUE; + + tcp_iss_init(tcp); + TCP_TIMER_RESTART(tcp, tcp->tcp_rto); + tcp->tcp_active_open = B_TRUE; + + tcp->tcp_state = TCPS_SYN_SENT; + syn_mp = tcp_xmit_mp(tcp, NULL, 0, NULL, NULL, tcp->tcp_iss, B_FALSE, + NULL, B_FALSE); + if (syn_mp != NULL) { + int ret; + + /* Dump the packet when debugging. */ + TCP_DUMP_PACKET("tcp_connect", syn_mp); + /* Send out the SYN packet. */ + ret = ipv4_tcp_output(sock_id, syn_mp); + freeb(syn_mp); + if (ret < 0) { + return (-1); + } + /* tcp_state_wait() will finish the 3 way handshake. */ + return (tcp_state_wait(sock_id, tcp, TCPS_ESTABLISHED)); + } else { + errno = ENOBUFS; + return (-1); + } +} + +/* + * Common accept code. Called by tcp_conn_request. + * cr_pkt is the SYN packet. + */ +static int +tcp_accept_comm(tcp_t *listener, tcp_t *acceptor, mblk_t *cr_pkt, + uint_t ip_hdr_len) +{ + tcph_t *tcph; + +#ifdef DEBUG + printf("tcp_accept_comm #######################\n"); +#endif + + /* + * When we get here, we know that the acceptor header template + * has already been initialized. + * However, it may not match the listener if the listener + * includes options... + * It may also not match the listener if the listener is v6 and + * and the acceptor is v4 + */ + acceptor->tcp_lport = listener->tcp_lport; + + if (listener->tcp_ipversion == acceptor->tcp_ipversion) { + if (acceptor->tcp_iphc_len != listener->tcp_iphc_len) { + /* + * Listener had options of some sort; acceptor inherits. + * Free up the acceptor template and allocate one + * of the right size. + */ + bkmem_free(acceptor->tcp_iphc, acceptor->tcp_iphc_len); + acceptor->tcp_iphc = bkmem_zalloc( + listener->tcp_iphc_len); + if (acceptor->tcp_iphc == NULL) { + acceptor->tcp_iphc_len = 0; + return (ENOMEM); + } + acceptor->tcp_iphc_len = listener->tcp_iphc_len; + } + acceptor->tcp_hdr_len = listener->tcp_hdr_len; + acceptor->tcp_ip_hdr_len = listener->tcp_ip_hdr_len; + acceptor->tcp_tcp_hdr_len = listener->tcp_tcp_hdr_len; + + /* + * Copy the IP+TCP header template from listener to acceptor + */ + bcopy(listener->tcp_iphc, acceptor->tcp_iphc, + listener->tcp_hdr_len); + acceptor->tcp_ipha = (struct ip *)acceptor->tcp_iphc; + acceptor->tcp_tcph = (tcph_t *)(acceptor->tcp_iphc + + acceptor->tcp_ip_hdr_len); + } else { + prom_panic("tcp_accept_comm: version not equal"); + } + + /* Copy our new dest and fport from the connection request packet */ + if (acceptor->tcp_ipversion == IPV4_VERSION) { + struct ip *ipha; + + ipha = (struct ip *)cr_pkt->b_rptr; + acceptor->tcp_ipha->ip_dst = ipha->ip_src; + acceptor->tcp_remote = ipha->ip_src.s_addr; + acceptor->tcp_ipha->ip_src = ipha->ip_dst; + acceptor->tcp_bound_source = ipha->ip_dst.s_addr; + tcph = (tcph_t *)&cr_pkt->b_rptr[ip_hdr_len]; + } else { + prom_panic("tcp_accept_comm: not IPv4"); + } + bcopy(tcph->th_lport, acceptor->tcp_tcph->th_fport, sizeof (in_port_t)); + bcopy(acceptor->tcp_tcph->th_fport, &acceptor->tcp_fport, + sizeof (in_port_t)); + /* + * For an all-port proxy listener, the local port is determined by + * the port number field in the SYN packet. + */ + if (listener->tcp_lport == 0) { + acceptor->tcp_lport = *(in_port_t *)tcph->th_fport; + bcopy(tcph->th_fport, acceptor->tcp_tcph->th_lport, + sizeof (in_port_t)); + } + /* Inherit various TCP parameters from the listener */ + acceptor->tcp_naglim = listener->tcp_naglim; + acceptor->tcp_first_timer_threshold = + listener->tcp_first_timer_threshold; + acceptor->tcp_second_timer_threshold = + listener->tcp_second_timer_threshold; + + acceptor->tcp_first_ctimer_threshold = + listener->tcp_first_ctimer_threshold; + acceptor->tcp_second_ctimer_threshold = + listener->tcp_second_ctimer_threshold; + + acceptor->tcp_xmit_hiwater = listener->tcp_xmit_hiwater; + + acceptor->tcp_state = TCPS_LISTEN; + tcp_iss_init(acceptor); + + /* Process all TCP options. */ + tcp_process_options(acceptor, tcph); + + /* Is the other end ECN capable? */ + if (tcp_ecn_permitted >= 1 && + (tcph->th_flags[0] & (TH_ECE|TH_CWR)) == (TH_ECE|TH_CWR)) { + acceptor->tcp_ecn_ok = B_TRUE; + } + + /* + * listener->tcp_rq->q_hiwat should be the default window size or a + * window size changed via SO_RCVBUF option. First round up the + * acceptor's tcp_rwnd to the nearest MSS. Then find out the window + * scale option value if needed. Call tcp_rwnd_set() to finish the + * setting. + * + * Note if there is a rpipe metric associated with the remote host, + * we should not inherit receive window size from listener. + */ + acceptor->tcp_rwnd = MSS_ROUNDUP( + (acceptor->tcp_rwnd == 0 ? listener->tcp_rwnd_max : + acceptor->tcp_rwnd), acceptor->tcp_mss); + if (acceptor->tcp_snd_ws_ok) + SET_WS_VALUE(acceptor); + /* + * Note that this is the only place tcp_rwnd_set() is called for + * accepting a connection. We need to call it here instead of + * after the 3-way handshake because we need to tell the other + * side our rwnd in the SYN-ACK segment. + */ + (void) tcp_rwnd_set(acceptor, acceptor->tcp_rwnd); + + return (0); +} + +/* + * Defense for the SYN attack - + * 1. When q0 is full, drop from the tail (tcp_eager_prev_q0) the oldest + * one that doesn't have the dontdrop bit set. + * 2. Don't drop a SYN request before its first timeout. This gives every + * request at least til the first timeout to complete its 3-way handshake. + * 3. The current threshold is - # of timeout > q0len/4 => SYN alert on + * # of timeout drops back to <= q0len/32 => SYN alert off + */ +static boolean_t +tcp_drop_q0(tcp_t *tcp) +{ + tcp_t *eager; + + assert(tcp->tcp_eager_next_q0 != tcp->tcp_eager_prev_q0); + /* + * New one is added after next_q0 so prev_q0 points to the oldest + * Also do not drop any established connections that are deferred on + * q0 due to q being full + */ + + eager = tcp->tcp_eager_prev_q0; + while (eager->tcp_dontdrop || eager->tcp_conn_def_q0) { + /* XXX should move the eager to the head */ + eager = eager->tcp_eager_prev_q0; + if (eager == tcp) { + eager = tcp->tcp_eager_prev_q0; + break; + } + } + dprintf("tcp_drop_q0: listen half-open queue (max=%d) overflow" + " (%d pending) on %s, drop one", tcp_conn_req_max_q0, + tcp->tcp_conn_req_cnt_q0, + tcp_display(tcp, NULL, DISP_PORT_ONLY)); + + BUMP_MIB(tcp_mib.tcpHalfOpenDrop); + bkmem_free((caddr_t)eager, sizeof (tcp_t)); + return (B_TRUE); +} + +/* ARGSUSED */ +static tcp_t * +tcp_conn_request(tcp_t *tcp, mblk_t *mp, uint_t sock_id, uint_t ip_hdr_len) +{ + tcp_t *eager; + struct ip *ipha; + int err; + +#ifdef DEBUG + printf("tcp_conn_request ###################\n"); +#endif + + if (tcp->tcp_conn_req_cnt_q >= tcp->tcp_conn_req_max) { + BUMP_MIB(tcp_mib.tcpListenDrop); + dprintf("tcp_conn_request: listen backlog (max=%d) " + "overflow (%d pending) on %s", + tcp->tcp_conn_req_max, tcp->tcp_conn_req_cnt_q, + tcp_display(tcp, NULL, DISP_PORT_ONLY)); + return (NULL); + } + + assert(OK_32PTR(mp->b_rptr)); + + if (tcp->tcp_conn_req_cnt_q0 >= + tcp->tcp_conn_req_max + tcp_conn_req_max_q0) { + /* + * Q0 is full. Drop a pending half-open req from the queue + * to make room for the new SYN req. Also mark the time we + * drop a SYN. + */ + tcp->tcp_last_rcv_lbolt = prom_gettime(); + if (!tcp_drop_q0(tcp)) { + freemsg(mp); + BUMP_MIB(tcp_mib.tcpListenDropQ0); + dprintf("tcp_conn_request: listen half-open queue " + "(max=%d) full (%d pending) on %s", + tcp_conn_req_max_q0, + tcp->tcp_conn_req_cnt_q0, + tcp_display(tcp, NULL, DISP_PORT_ONLY)); + return (NULL); + } + } + + ipha = (struct ip *)mp->b_rptr; + if (IN_CLASSD(ntohl(ipha->ip_src.s_addr)) || + ipha->ip_src.s_addr == INADDR_BROADCAST || + ipha->ip_src.s_addr == INADDR_ANY || + ipha->ip_dst.s_addr == INADDR_BROADCAST) { + freemsg(mp); + return (NULL); + } + /* + * We allow the connection to proceed + * by generating a detached tcp state vector and put it in + * the eager queue. When an accept happens, it will be + * dequeued sequentially. + */ + if ((eager = (tcp_t *)bkmem_alloc(sizeof (tcp_t))) == NULL) { + freemsg(mp); + errno = ENOBUFS; + return (NULL); + } + if ((errno = tcp_init_values(eager, NULL)) != 0) { + freemsg(mp); + bkmem_free((caddr_t)eager, sizeof (tcp_t)); + return (NULL); + } + + /* + * Eager connection inherits address form from its listener, + * but its packet form comes from the version of the received + * SYN segment. + */ + eager->tcp_family = tcp->tcp_family; + + err = tcp_accept_comm(tcp, eager, mp, ip_hdr_len); + if (err) { + bkmem_free((caddr_t)eager, sizeof (tcp_t)); + return (NULL); + } + + tcp->tcp_eager_next_q0->tcp_eager_prev_q0 = eager; + eager->tcp_eager_next_q0 = tcp->tcp_eager_next_q0; + tcp->tcp_eager_next_q0 = eager; + eager->tcp_eager_prev_q0 = tcp; + + /* Set tcp_listener before adding it to tcp_conn_fanout */ + eager->tcp_listener = tcp; + tcp->tcp_conn_req_cnt_q0++; + + return (eager); +} + +/* + * To get around the non-interrupt problem of inetboot. + * Keep on processing packets until a certain state is reached or the + * TCP is destroyed because of getting a RST packet. + */ +static int +tcp_state_wait(int sock_id, tcp_t *tcp, int state) +{ + int i; + struct inetgram *in_gram; + mblk_t *mp; + int timeout; + boolean_t changed = B_FALSE; + + /* + * We need to make sure that the MAC does not wait longer + * than RTO for any packet so that TCP can do retransmission. + * But if the MAC timeout is less than tcp_rto, we are fine + * and do not need to change it. + */ + timeout = sockets[sock_id].in_timeout; + if (timeout > tcp->tcp_rto) { + sockets[sock_id].in_timeout = tcp->tcp_rto; + changed = B_TRUE; + } +retry: + if (sockets[sock_id].inq == NULL) { + /* Go out and check the wire */ + for (i = MEDIA_LVL; i < TRANSPORT_LVL; i++) { + if (sockets[sock_id].input[i] != NULL) { + if (sockets[sock_id].input[i](sock_id) < 0) { + if (changed) { + sockets[sock_id].in_timeout = + timeout; + } + return (-1); + } + } + } + } + + while ((in_gram = sockets[sock_id].inq) != NULL) { + if (tcp != NULL && tcp->tcp_state == state) + break; + + /* Remove unknown inetgrams from the head of inq. */ + if (in_gram->igm_level != TRANSPORT_LVL) { +#ifdef DEBUG + printf("tcp_state_wait for state %d: unexpected " + "packet level %d frame found\n", state, + in_gram->igm_level); +#endif + del_gram(&sockets[sock_id].inq, in_gram, B_TRUE); + continue; + } + mp = in_gram->igm_mp; + del_gram(&sockets[sock_id].inq, in_gram, B_FALSE); + bkmem_free((caddr_t)in_gram, sizeof (struct inetgram)); + tcp_rput_data(tcp, mp, sock_id); + + /* + * The other side may have closed this connection or + * RST us. But we need to continue to process other + * packets in the socket's queue because they may be + * belong to another TCP connections. + */ + if (sockets[sock_id].pcb == NULL) { + tcp = NULL; + } + } + + /* If the other side has closed the connection, just return. */ + if (tcp == NULL || sockets[sock_id].pcb == NULL) { +#ifdef DEBUG + printf("tcp_state_wait other side dead: state %d " + "error %d\n", state, sockets[sock_id].so_error); +#endif + if (sockets[sock_id].so_error != 0) + return (-1); + else + return (0); + } + /* + * TCPS_ALL_ACKED is not a valid TCP state, it is just used as an + * indicator to tcp_state_wait to mean that it is being called + * to wait till we have received acks for all the new segments sent. + */ + if ((state == TCPS_ALL_ACKED) && (tcp->tcp_suna == tcp->tcp_snxt)) { + goto done; + } + if (tcp->tcp_state != state) { + if (prom_gettime() > tcp->tcp_rto_timeout) + tcp_timer(tcp, sock_id); + goto retry; + } +done: + if (changed) + sockets[sock_id].in_timeout = timeout; + + tcp_drain_needed(sock_id, tcp); + return (0); +} + +/* Verify the checksum of a segment. */ +static int +tcp_verify_cksum(mblk_t *mp) +{ + struct ip *iph; + tcpha_t *tcph; + int len; + uint16_t old_sum; + + iph = (struct ip *)mp->b_rptr; + tcph = (tcpha_t *)(iph + 1); + len = ntohs(iph->ip_len); + + /* + * Calculate the TCP checksum. Need to include the psuedo header, + * which is similar to the real IP header starting at the TTL field. + */ + iph->ip_sum = htons(len - IP_SIMPLE_HDR_LENGTH); + old_sum = tcph->tha_sum; + tcph->tha_sum = 0; + iph->ip_ttl = 0; + if (old_sum == tcp_cksum((uint16_t *)&(iph->ip_ttl), + len - IP_SIMPLE_HDR_LENGTH + 12)) { + return (0); + } else { + tcp_cksum_errors++; + return (-1); + } +} + +/* To find a TCP connection matching the incoming segment. */ +static tcp_t * +tcp_lookup_ipv4(struct ip *iph, tcpha_t *tcph, int min_state, int *sock_id) +{ + int i; + tcp_t *tcp; + + for (i = 0; i < MAXSOCKET; i++) { + if (sockets[i].type == INETBOOT_STREAM && + (tcp = (tcp_t *)sockets[i].pcb) != NULL) { + if (tcph->tha_lport == tcp->tcp_fport && + tcph->tha_fport == tcp->tcp_lport && + iph->ip_src.s_addr == tcp->tcp_remote && + iph->ip_dst.s_addr == tcp->tcp_bound_source && + tcp->tcp_state >= min_state) { + *sock_id = i; + return (tcp); + } + } + } + /* Find it in the time wait list. */ + for (tcp = tcp_time_wait_head; tcp != NULL; + tcp = tcp->tcp_time_wait_next) { + if (tcph->tha_lport == tcp->tcp_fport && + tcph->tha_fport == tcp->tcp_lport && + iph->ip_src.s_addr == tcp->tcp_remote && + iph->ip_dst.s_addr == tcp->tcp_bound_source && + tcp->tcp_state >= min_state) { + *sock_id = -1; + return (tcp); + } + } + return (NULL); +} + +/* To find a TCP listening connection matching the incoming segment. */ +static tcp_t * +tcp_lookup_listener_ipv4(in_addr_t addr, in_port_t port, int *sock_id) +{ + int i; + tcp_t *tcp; + + for (i = 0; i < MAXSOCKET; i++) { + if (sockets[i].type == INETBOOT_STREAM && + (tcp = (tcp_t *)sockets[i].pcb) != NULL) { + if (tcp->tcp_lport == port && + (tcp->tcp_bound_source == addr || + tcp->tcp_bound_source == INADDR_ANY)) { + *sock_id = i; + return (tcp); + } + } + } + + return (NULL); +} + +/* To find a TCP eager matching the incoming segment. */ +static tcp_t * +tcp_lookup_eager_ipv4(tcp_t *listener, struct ip *iph, tcpha_t *tcph) +{ + tcp_t *tcp; + +#ifdef DEBUG + printf("tcp_lookup_eager_ipv4 ###############\n"); +#endif + for (tcp = listener->tcp_eager_next_q; tcp != NULL; + tcp = tcp->tcp_eager_next_q) { + if (tcph->tha_lport == tcp->tcp_fport && + tcph->tha_fport == tcp->tcp_lport && + iph->ip_src.s_addr == tcp->tcp_remote && + iph->ip_dst.s_addr == tcp->tcp_bound_source) { + return (tcp); + } + } + + for (tcp = listener->tcp_eager_next_q0; tcp != listener; + tcp = tcp->tcp_eager_next_q0) { + if (tcph->tha_lport == tcp->tcp_fport && + tcph->tha_fport == tcp->tcp_lport && + iph->ip_src.s_addr == tcp->tcp_remote && + iph->ip_dst.s_addr == tcp->tcp_bound_source) { + return (tcp); + } + } +#ifdef DEBUG + printf("No eager found\n"); +#endif + return (NULL); +} + +/* To destroy a TCP control block. */ +static void +tcp_clean_death(int sock_id, tcp_t *tcp, int err) +{ + tcp_free(tcp); + if (tcp->tcp_state == TCPS_TIME_WAIT) + tcp_time_wait_remove(tcp); + + if (sock_id >= 0) { + sockets[sock_id].pcb = NULL; + if (err != 0) + sockets[sock_id].so_error = err; + } + bkmem_free((caddr_t)tcp, sizeof (tcp_t)); +} + +/* + * tcp_rwnd_set() is called to adjust the receive window to a desired value. + * We do not allow the receive window to shrink. After setting rwnd, + * set the flow control hiwat of the stream. + * + * This function is called in 2 cases: + * + * 1) Before data transfer begins, in tcp_accept_comm() for accepting a + * connection (passive open) and in tcp_rput_data() for active connect. + * This is called after tcp_mss_set() when the desired MSS value is known. + * This makes sure that our window size is a mutiple of the other side's + * MSS. + * 2) Handling SO_RCVBUF option. + * + * It is ASSUMED that the requested size is a multiple of the current MSS. + * + * XXX - Should allow a lower rwnd than tcp_recv_hiwat_minmss * mss if the + * user requests so. + */ +static int +tcp_rwnd_set(tcp_t *tcp, uint32_t rwnd) +{ + uint32_t mss = tcp->tcp_mss; + uint32_t old_max_rwnd; + uint32_t max_transmittable_rwnd; + + if (tcp->tcp_rwnd_max != 0) + old_max_rwnd = tcp->tcp_rwnd_max; + else + old_max_rwnd = tcp->tcp_rwnd; + + /* + * Insist on a receive window that is at least + * tcp_recv_hiwat_minmss * MSS (default 4 * MSS) to avoid + * funny TCP interactions of Nagle algorithm, SWS avoidance + * and delayed acknowledgement. + */ + rwnd = MAX(rwnd, tcp_recv_hiwat_minmss * mss); + + /* + * If window size info has already been exchanged, TCP should not + * shrink the window. Shrinking window is doable if done carefully. + * We may add that support later. But so far there is not a real + * need to do that. + */ + if (rwnd < old_max_rwnd && tcp->tcp_state > TCPS_SYN_SENT) { + /* MSS may have changed, do a round up again. */ + rwnd = MSS_ROUNDUP(old_max_rwnd, mss); + } + + /* + * tcp_rcv_ws starts with TCP_MAX_WINSHIFT so the following check + * can be applied even before the window scale option is decided. + */ + max_transmittable_rwnd = TCP_MAXWIN << tcp->tcp_rcv_ws; + if (rwnd > max_transmittable_rwnd) { + rwnd = max_transmittable_rwnd - + (max_transmittable_rwnd % mss); + if (rwnd < mss) + rwnd = max_transmittable_rwnd; + /* + * If we're over the limit we may have to back down tcp_rwnd. + * The increment below won't work for us. So we set all three + * here and the increment below will have no effect. + */ + tcp->tcp_rwnd = old_max_rwnd = rwnd; + } + + /* + * Increment the current rwnd by the amount the maximum grew (we + * can not overwrite it since we might be in the middle of a + * connection.) + */ + tcp->tcp_rwnd += rwnd - old_max_rwnd; + U32_TO_ABE16(tcp->tcp_rwnd >> tcp->tcp_rcv_ws, tcp->tcp_tcph->th_win); + if ((tcp->tcp_rcv_ws > 0) && rwnd > tcp->tcp_cwnd_max) + tcp->tcp_cwnd_max = rwnd; + tcp->tcp_rwnd_max = rwnd; + + return (rwnd); +} + +/* + * Extract option values from a tcp header. We put any found values into the + * tcpopt struct and return a bitmask saying which options were found. + */ +static int +tcp_parse_options(tcph_t *tcph, tcp_opt_t *tcpopt) +{ + uchar_t *endp; + int len; + uint32_t mss; + uchar_t *up = (uchar_t *)tcph; + int found = 0; + int32_t sack_len; + tcp_seq sack_begin, sack_end; + tcp_t *tcp; + + endp = up + TCP_HDR_LENGTH(tcph); + up += TCP_MIN_HEADER_LENGTH; + while (up < endp) { + len = endp - up; + switch (*up) { + case TCPOPT_EOL: + break; + + case TCPOPT_NOP: + up++; + continue; + + case TCPOPT_MAXSEG: + if (len < TCPOPT_MAXSEG_LEN || + up[1] != TCPOPT_MAXSEG_LEN) + break; + + mss = BE16_TO_U16(up+2); + /* Caller must handle tcp_mss_min and tcp_mss_max_* */ + tcpopt->tcp_opt_mss = mss; + found |= TCP_OPT_MSS_PRESENT; + + up += TCPOPT_MAXSEG_LEN; + continue; + + case TCPOPT_WSCALE: + if (len < TCPOPT_WS_LEN || up[1] != TCPOPT_WS_LEN) + break; + + if (up[2] > TCP_MAX_WINSHIFT) + tcpopt->tcp_opt_wscale = TCP_MAX_WINSHIFT; + else + tcpopt->tcp_opt_wscale = up[2]; + found |= TCP_OPT_WSCALE_PRESENT; + + up += TCPOPT_WS_LEN; + continue; + + case TCPOPT_SACK_PERMITTED: + if (len < TCPOPT_SACK_OK_LEN || + up[1] != TCPOPT_SACK_OK_LEN) + break; + found |= TCP_OPT_SACK_OK_PRESENT; + up += TCPOPT_SACK_OK_LEN; + continue; + + case TCPOPT_SACK: + if (len <= 2 || up[1] <= 2 || len < up[1]) + break; + + /* If TCP is not interested in SACK blks... */ + if ((tcp = tcpopt->tcp) == NULL) { + up += up[1]; + continue; + } + sack_len = up[1] - TCPOPT_HEADER_LEN; + up += TCPOPT_HEADER_LEN; + + /* + * If the list is empty, allocate one and assume + * nothing is sack'ed. + */ + assert(tcp->tcp_sack_info != NULL); + if (tcp->tcp_notsack_list == NULL) { + tcp_notsack_update(&(tcp->tcp_notsack_list), + tcp->tcp_suna, tcp->tcp_snxt, + &(tcp->tcp_num_notsack_blk), + &(tcp->tcp_cnt_notsack_list)); + + /* + * Make sure tcp_notsack_list is not NULL. + * This happens when kmem_alloc(KM_NOSLEEP) + * returns NULL. + */ + if (tcp->tcp_notsack_list == NULL) { + up += sack_len; + continue; + } + tcp->tcp_fack = tcp->tcp_suna; + } + + while (sack_len > 0) { + if (up + 8 > endp) { + up = endp; + break; + } + sack_begin = BE32_TO_U32(up); + up += 4; + sack_end = BE32_TO_U32(up); + up += 4; + sack_len -= 8; + /* + * Bounds checking. Make sure the SACK + * info is within tcp_suna and tcp_snxt. + * If this SACK blk is out of bound, ignore + * it but continue to parse the following + * blks. + */ + if (SEQ_LEQ(sack_end, sack_begin) || + SEQ_LT(sack_begin, tcp->tcp_suna) || + SEQ_GT(sack_end, tcp->tcp_snxt)) { + continue; + } + tcp_notsack_insert(&(tcp->tcp_notsack_list), + sack_begin, sack_end, + &(tcp->tcp_num_notsack_blk), + &(tcp->tcp_cnt_notsack_list)); + if (SEQ_GT(sack_end, tcp->tcp_fack)) { + tcp->tcp_fack = sack_end; + } + } + found |= TCP_OPT_SACK_PRESENT; + continue; + + case TCPOPT_TSTAMP: + if (len < TCPOPT_TSTAMP_LEN || + up[1] != TCPOPT_TSTAMP_LEN) + break; + + tcpopt->tcp_opt_ts_val = BE32_TO_U32(up+2); + tcpopt->tcp_opt_ts_ecr = BE32_TO_U32(up+6); + + found |= TCP_OPT_TSTAMP_PRESENT; + + up += TCPOPT_TSTAMP_LEN; + continue; + + default: + if (len <= 1 || len < (int)up[1] || up[1] == 0) + break; + up += up[1]; + continue; + } + break; + } + return (found); +} + +/* + * Set the mss associated with a particular tcp based on its current value, + * and a new one passed in. Observe minimums and maximums, and reset + * other state variables that we want to view as multiples of mss. + * + * This function is called in various places mainly because + * 1) Various stuffs, tcp_mss, tcp_cwnd, ... need to be adjusted when the + * other side's SYN/SYN-ACK packet arrives. + * 2) PMTUd may get us a new MSS. + * 3) If the other side stops sending us timestamp option, we need to + * increase the MSS size to use the extra bytes available. + */ +static void +tcp_mss_set(tcp_t *tcp, uint32_t mss) +{ + uint32_t mss_max; + + mss_max = tcp_mss_max_ipv4; + + if (mss < tcp_mss_min) + mss = tcp_mss_min; + if (mss > mss_max) + mss = mss_max; + /* + * Unless naglim has been set by our client to + * a non-mss value, force naglim to track mss. + * This can help to aggregate small writes. + */ + if (mss < tcp->tcp_naglim || tcp->tcp_mss == tcp->tcp_naglim) + tcp->tcp_naglim = mss; + /* + * TCP should be able to buffer at least 4 MSS data for obvious + * performance reason. + */ + if ((mss << 2) > tcp->tcp_xmit_hiwater) + tcp->tcp_xmit_hiwater = mss << 2; + tcp->tcp_mss = mss; + /* + * Initialize cwnd according to draft-floyd-incr-init-win-01.txt. + * Previously, we use tcp_slow_start_initial to control the size + * of the initial cwnd. Now, when tcp_slow_start_initial * mss + * is smaller than the cwnd calculated from the formula suggested in + * the draft, we use tcp_slow_start_initial * mss as the cwnd. + * Otherwise, use the cwnd from the draft's formula. The default + * of tcp_slow_start_initial is 2. + */ + tcp->tcp_cwnd = MIN(tcp_slow_start_initial * mss, + MIN(4 * mss, MAX(2 * mss, 4380 / mss * mss))); + tcp->tcp_cwnd_cnt = 0; +} + +/* + * Process all TCP option in SYN segment. + * + * This function sets up the correct tcp_mss value according to the + * MSS option value and our header size. It also sets up the window scale + * and timestamp values, and initialize SACK info blocks. But it does not + * change receive window size after setting the tcp_mss value. The caller + * should do the appropriate change. + */ +void +tcp_process_options(tcp_t *tcp, tcph_t *tcph) +{ + int options; + tcp_opt_t tcpopt; + uint32_t mss_max; + char *tmp_tcph; + + tcpopt.tcp = NULL; + options = tcp_parse_options(tcph, &tcpopt); + + /* + * Process MSS option. Note that MSS option value does not account + * for IP or TCP options. This means that it is equal to MTU - minimum + * IP+TCP header size, which is 40 bytes for IPv4 and 60 bytes for + * IPv6. + */ + if (!(options & TCP_OPT_MSS_PRESENT)) { + tcpopt.tcp_opt_mss = tcp_mss_def_ipv4; + } else { + if (tcp->tcp_ipversion == IPV4_VERSION) + mss_max = tcp_mss_max_ipv4; + if (tcpopt.tcp_opt_mss < tcp_mss_min) + tcpopt.tcp_opt_mss = tcp_mss_min; + else if (tcpopt.tcp_opt_mss > mss_max) + tcpopt.tcp_opt_mss = mss_max; + } + + /* Process Window Scale option. */ + if (options & TCP_OPT_WSCALE_PRESENT) { + tcp->tcp_snd_ws = tcpopt.tcp_opt_wscale; + tcp->tcp_snd_ws_ok = B_TRUE; + } else { + tcp->tcp_snd_ws = B_FALSE; + tcp->tcp_snd_ws_ok = B_FALSE; + tcp->tcp_rcv_ws = B_FALSE; + } + + /* Process Timestamp option. */ + if ((options & TCP_OPT_TSTAMP_PRESENT) && + (tcp->tcp_snd_ts_ok || !tcp->tcp_active_open)) { + tmp_tcph = (char *)tcp->tcp_tcph; + + tcp->tcp_snd_ts_ok = B_TRUE; + tcp->tcp_ts_recent = tcpopt.tcp_opt_ts_val; + tcp->tcp_last_rcv_lbolt = prom_gettime(); + assert(OK_32PTR(tmp_tcph)); + assert(tcp->tcp_tcp_hdr_len == TCP_MIN_HEADER_LENGTH); + + /* Fill in our template header with basic timestamp option. */ + tmp_tcph += tcp->tcp_tcp_hdr_len; + tmp_tcph[0] = TCPOPT_NOP; + tmp_tcph[1] = TCPOPT_NOP; + tmp_tcph[2] = TCPOPT_TSTAMP; + tmp_tcph[3] = TCPOPT_TSTAMP_LEN; + tcp->tcp_hdr_len += TCPOPT_REAL_TS_LEN; + tcp->tcp_tcp_hdr_len += TCPOPT_REAL_TS_LEN; + tcp->tcp_tcph->th_offset_and_rsrvd[0] += (3 << 4); + } else { + tcp->tcp_snd_ts_ok = B_FALSE; + } + + /* + * Process SACK options. If SACK is enabled for this connection, + * then allocate the SACK info structure. + */ + if ((options & TCP_OPT_SACK_OK_PRESENT) && + (tcp->tcp_snd_sack_ok || + (tcp_sack_permitted != 0 && !tcp->tcp_active_open))) { + /* This should be true only in the passive case. */ + if (tcp->tcp_sack_info == NULL) { + tcp->tcp_sack_info = (tcp_sack_info_t *)bkmem_zalloc( + sizeof (tcp_sack_info_t)); + } + if (tcp->tcp_sack_info == NULL) { + tcp->tcp_snd_sack_ok = B_FALSE; + } else { + tcp->tcp_snd_sack_ok = B_TRUE; + if (tcp->tcp_snd_ts_ok) { + tcp->tcp_max_sack_blk = 3; + } else { + tcp->tcp_max_sack_blk = 4; + } + } + } else { + /* + * Resetting tcp_snd_sack_ok to B_FALSE so that + * no SACK info will be used for this + * connection. This assumes that SACK usage + * permission is negotiated. This may need + * to be changed once this is clarified. + */ + if (tcp->tcp_sack_info != NULL) { + bkmem_free((caddr_t)tcp->tcp_sack_info, + sizeof (tcp_sack_info_t)); + tcp->tcp_sack_info = NULL; + } + tcp->tcp_snd_sack_ok = B_FALSE; + } + + /* + * Now we know the exact TCP/IP header length, subtract + * that from tcp_mss to get our side's MSS. + */ + tcp->tcp_mss -= tcp->tcp_hdr_len; + /* + * Here we assume that the other side's header size will be equal to + * our header size. We calculate the real MSS accordingly. Need to + * take into additional stuffs IPsec puts in. + * + * Real MSS = Opt.MSS - (our TCP/IP header - min TCP/IP header) + */ + tcpopt.tcp_opt_mss -= tcp->tcp_hdr_len - + (IP_SIMPLE_HDR_LENGTH + TCP_MIN_HEADER_LENGTH); + + /* + * Set MSS to the smaller one of both ends of the connection. + * We should not have called tcp_mss_set() before, but our + * side of the MSS should have been set to a proper value + * by tcp_adapt_ire(). tcp_mss_set() will also set up the + * STREAM head parameters properly. + * + * If we have a larger-than-16-bit window but the other side + * didn't want to do window scale, tcp_rwnd_set() will take + * care of that. + */ + tcp_mss_set(tcp, MIN(tcpopt.tcp_opt_mss, tcp->tcp_mss)); +} + +/* + * This function does PAWS protection check. Returns B_TRUE if the + * segment passes the PAWS test, else returns B_FALSE. + */ +boolean_t +tcp_paws_check(tcp_t *tcp, tcph_t *tcph, tcp_opt_t *tcpoptp) +{ + uint8_t flags; + int options; + uint8_t *up; + + flags = (unsigned int)tcph->th_flags[0] & 0xFF; + /* + * If timestamp option is aligned nicely, get values inline, + * otherwise call general routine to parse. Only do that + * if timestamp is the only option. + */ + if (TCP_HDR_LENGTH(tcph) == (uint32_t)TCP_MIN_HEADER_LENGTH + + TCPOPT_REAL_TS_LEN && + OK_32PTR((up = ((uint8_t *)tcph) + + TCP_MIN_HEADER_LENGTH)) && + *(uint32_t *)up == TCPOPT_NOP_NOP_TSTAMP) { + tcpoptp->tcp_opt_ts_val = ABE32_TO_U32((up+4)); + tcpoptp->tcp_opt_ts_ecr = ABE32_TO_U32((up+8)); + + options = TCP_OPT_TSTAMP_PRESENT; + } else { + if (tcp->tcp_snd_sack_ok) { + tcpoptp->tcp = tcp; + } else { + tcpoptp->tcp = NULL; + } + options = tcp_parse_options(tcph, tcpoptp); + } + + if (options & TCP_OPT_TSTAMP_PRESENT) { + /* + * Do PAWS per RFC 1323 section 4.2. Accept RST + * regardless of the timestamp, page 18 RFC 1323.bis. + */ + if ((flags & TH_RST) == 0 && + TSTMP_LT(tcpoptp->tcp_opt_ts_val, + tcp->tcp_ts_recent)) { + if (TSTMP_LT(prom_gettime(), + tcp->tcp_last_rcv_lbolt + PAWS_TIMEOUT)) { + /* This segment is not acceptable. */ + return (B_FALSE); + } else { + /* + * Connection has been idle for + * too long. Reset the timestamp + * and assume the segment is valid. + */ + tcp->tcp_ts_recent = + tcpoptp->tcp_opt_ts_val; + } + } + } else { + /* + * If we don't get a timestamp on every packet, we + * figure we can't really trust 'em, so we stop sending + * and parsing them. + */ + tcp->tcp_snd_ts_ok = B_FALSE; + + tcp->tcp_hdr_len -= TCPOPT_REAL_TS_LEN; + tcp->tcp_tcp_hdr_len -= TCPOPT_REAL_TS_LEN; + tcp->tcp_tcph->th_offset_and_rsrvd[0] -= (3 << 4); + tcp_mss_set(tcp, tcp->tcp_mss + TCPOPT_REAL_TS_LEN); + if (tcp->tcp_snd_sack_ok) { + assert(tcp->tcp_sack_info != NULL); + tcp->tcp_max_sack_blk = 4; + } + } + return (B_TRUE); +} + +/* + * tcp_get_seg_mp() is called to get the pointer to a segment in the + * send queue which starts at the given seq. no. + * + * Parameters: + * tcp_t *tcp: the tcp instance pointer. + * uint32_t seq: the starting seq. no of the requested segment. + * int32_t *off: after the execution, *off will be the offset to + * the returned mblk which points to the requested seq no. + * + * Return: + * A mblk_t pointer pointing to the requested segment in send queue. + */ +static mblk_t * +tcp_get_seg_mp(tcp_t *tcp, uint32_t seq, int32_t *off) +{ + int32_t cnt; + mblk_t *mp; + + /* Defensive coding. Make sure we don't send incorrect data. */ + if (SEQ_LT(seq, tcp->tcp_suna) || SEQ_GEQ(seq, tcp->tcp_snxt) || + off == NULL) { + return (NULL); + } + cnt = seq - tcp->tcp_suna; + mp = tcp->tcp_xmit_head; + while (cnt > 0 && mp) { + cnt -= mp->b_wptr - mp->b_rptr; + if (cnt < 0) { + cnt += mp->b_wptr - mp->b_rptr; + break; + } + mp = mp->b_cont; + } + assert(mp != NULL); + *off = cnt; + return (mp); +} + +/* + * This function handles all retransmissions if SACK is enabled for this + * connection. First it calculates how many segments can be retransmitted + * based on tcp_pipe. Then it goes thru the notsack list to find eligible + * segments. A segment is eligible if sack_cnt for that segment is greater + * than or equal tcp_dupack_fast_retransmit. After it has retransmitted + * all eligible segments, it checks to see if TCP can send some new segments + * (fast recovery). If it can, it returns 1. Otherwise it returns 0. + * + * Parameters: + * tcp_t *tcp: the tcp structure of the connection. + * + * Return: + * 1 if the pipe is not full (new data can be sent), 0 otherwise + */ +static int32_t +tcp_sack_rxmit(tcp_t *tcp, int sock_id) +{ + notsack_blk_t *notsack_blk; + int32_t usable_swnd; + int32_t mss; + uint32_t seg_len; + mblk_t *xmit_mp; + + assert(tcp->tcp_sack_info != NULL); + assert(tcp->tcp_notsack_list != NULL); + assert(tcp->tcp_rexmit == B_FALSE); + + /* Defensive coding in case there is a bug... */ + if (tcp->tcp_notsack_list == NULL) { + return (0); + } + notsack_blk = tcp->tcp_notsack_list; + mss = tcp->tcp_mss; + + /* + * Limit the num of outstanding data in the network to be + * tcp_cwnd_ssthresh, which is half of the original congestion wnd. + */ + usable_swnd = tcp->tcp_cwnd_ssthresh - tcp->tcp_pipe; + + /* At least retransmit 1 MSS of data. */ + if (usable_swnd <= 0) { + usable_swnd = mss; + } + + /* Make sure no new RTT samples will be taken. */ + tcp->tcp_csuna = tcp->tcp_snxt; + + notsack_blk = tcp->tcp_notsack_list; + while (usable_swnd > 0) { + mblk_t *snxt_mp, *tmp_mp; + tcp_seq begin = tcp->tcp_sack_snxt; + tcp_seq end; + int32_t off; + + for (; notsack_blk != NULL; notsack_blk = notsack_blk->next) { + if (SEQ_GT(notsack_blk->end, begin) && + (notsack_blk->sack_cnt >= + tcp_dupack_fast_retransmit)) { + end = notsack_blk->end; + if (SEQ_LT(begin, notsack_blk->begin)) { + begin = notsack_blk->begin; + } + break; + } + } + /* + * All holes are filled. Manipulate tcp_cwnd to send more + * if we can. Note that after the SACK recovery, tcp_cwnd is + * set to tcp_cwnd_ssthresh. + */ + if (notsack_blk == NULL) { + usable_swnd = tcp->tcp_cwnd_ssthresh - tcp->tcp_pipe; + if (usable_swnd <= 0) { + tcp->tcp_cwnd = tcp->tcp_snxt - tcp->tcp_suna; + assert(tcp->tcp_cwnd > 0); + return (0); + } else { + usable_swnd = usable_swnd / mss; + tcp->tcp_cwnd = tcp->tcp_snxt - tcp->tcp_suna + + MAX(usable_swnd * mss, mss); + return (1); + } + } + + /* + * Note that we may send more than usable_swnd allows here + * because of round off, but no more than 1 MSS of data. + */ + seg_len = end - begin; + if (seg_len > mss) + seg_len = mss; + snxt_mp = tcp_get_seg_mp(tcp, begin, &off); + assert(snxt_mp != NULL); + /* This should not happen. Defensive coding again... */ + if (snxt_mp == NULL) { + return (0); + } + + xmit_mp = tcp_xmit_mp(tcp, snxt_mp, seg_len, &off, + &tmp_mp, begin, B_TRUE, &seg_len, B_TRUE); + + if (xmit_mp == NULL) + return (0); + + usable_swnd -= seg_len; + tcp->tcp_pipe += seg_len; + tcp->tcp_sack_snxt = begin + seg_len; + TCP_DUMP_PACKET("tcp_sack_rxmit", xmit_mp); + (void) ipv4_tcp_output(sock_id, xmit_mp); + freeb(xmit_mp); + + /* + * Update the send timestamp to avoid false retransmission. + */ + snxt_mp->b_prev = (mblk_t *)prom_gettime(); + + BUMP_MIB(tcp_mib.tcpRetransSegs); + UPDATE_MIB(tcp_mib.tcpRetransBytes, seg_len); + BUMP_MIB(tcp_mib.tcpOutSackRetransSegs); + /* + * Update tcp_rexmit_max to extend this SACK recovery phase. + * This happens when new data sent during fast recovery is + * also lost. If TCP retransmits those new data, it needs + * to extend SACK recover phase to avoid starting another + * fast retransmit/recovery unnecessarily. + */ + if (SEQ_GT(tcp->tcp_sack_snxt, tcp->tcp_rexmit_max)) { + tcp->tcp_rexmit_max = tcp->tcp_sack_snxt; + } + } + return (0); +} + +static void +tcp_rput_data(tcp_t *tcp, mblk_t *mp, int sock_id) +{ + uchar_t *rptr; + struct ip *iph; + tcp_t *tcp1; + tcpha_t *tcph; + uint32_t seg_ack; + int seg_len; + uint_t ip_hdr_len; + uint32_t seg_seq; + mblk_t *mp1; + uint_t flags; + uint32_t new_swnd = 0; + int mss; + boolean_t ofo_seg = B_FALSE; /* Out of order segment */ + int32_t gap; + int32_t rgap; + tcp_opt_t tcpopt; + int32_t bytes_acked; + int npkt; + uint32_t cwnd; + uint32_t add; + +#ifdef DEBUG + printf("tcp_rput_data sock %d mp %x mp_datap %x #################\n", + sock_id, mp, mp->b_datap); +#endif + + /* Dump the packet when debugging. */ + TCP_DUMP_PACKET("tcp_rput_data", mp); + + assert(OK_32PTR(mp->b_rptr)); + + rptr = mp->b_rptr; + iph = (struct ip *)rptr; + ip_hdr_len = IPH_HDR_LENGTH(rptr); + if (ip_hdr_len != IP_SIMPLE_HDR_LENGTH) { +#ifdef DEBUG + printf("Not simple IP header\n"); +#endif + /* We cannot handle IP option yet... */ + tcp_drops++; + freeb(mp); + return; + } + /* The TCP header must be aligned. */ + tcph = (tcpha_t *)&rptr[ip_hdr_len]; + seg_seq = ntohl(tcph->tha_seq); + seg_ack = ntohl(tcph->tha_ack); + assert((uintptr_t)(mp->b_wptr - rptr) <= (uintptr_t)INT_MAX); + seg_len = (int)(mp->b_wptr - rptr) - + (ip_hdr_len + TCP_HDR_LENGTH(((tcph_t *)tcph))); + /* In inetboot, b_cont should always be NULL. */ + assert(mp->b_cont == NULL); + + /* Verify the checksum. */ + if (tcp_verify_cksum(mp) < 0) { +#ifdef DEBUG + printf("tcp_rput_data: wrong cksum\n"); +#endif + freemsg(mp); + return; + } + + /* + * This segment is not for us, try to find its + * intended receiver. + */ + if (tcp == NULL || + tcph->tha_lport != tcp->tcp_fport || + tcph->tha_fport != tcp->tcp_lport || + iph->ip_src.s_addr != tcp->tcp_remote || + iph->ip_dst.s_addr != tcp->tcp_bound_source) { +#ifdef DEBUG + printf("tcp_rput_data: not for us, state %d\n", + tcp->tcp_state); +#endif + /* + * First try to find a established connection. If none + * is found, look for a listener. + * + * If a listener is found, we need to check to see if the + * incoming segment is for one of its eagers. If it is, + * give it to the eager. If not, listener should take care + * of it. + */ + if ((tcp1 = tcp_lookup_ipv4(iph, tcph, TCPS_SYN_SENT, + &sock_id)) != NULL || + (tcp1 = tcp_lookup_listener_ipv4(iph->ip_dst.s_addr, + tcph->tha_fport, &sock_id)) != NULL) { + if (tcp1->tcp_state == TCPS_LISTEN) { + if ((tcp = tcp_lookup_eager_ipv4(tcp1, + iph, tcph)) == NULL) { + /* No eager... sent to listener */ +#ifdef DEBUG + printf("found the listener: %s\n", + tcp_display(tcp1, NULL, + DISP_ADDR_AND_PORT)); +#endif + tcp = tcp1; + } +#ifdef DEBUG + else { + printf("found the eager: %s\n", + tcp_display(tcp, NULL, + DISP_ADDR_AND_PORT)); + } +#endif + } else { + /* Non listener found... */ +#ifdef DEBUG + printf("found the connection: %s\n", + tcp_display(tcp1, NULL, + DISP_ADDR_AND_PORT)); +#endif + tcp = tcp1; + } + } else { + /* + * No connection for this segment... + * Send a RST to the other side. + */ + tcp_xmit_listeners_reset(sock_id, mp, ip_hdr_len); + return; + } + } + + flags = tcph->tha_flags & 0xFF; + BUMP_MIB(tcp_mib.tcpInSegs); + if (tcp->tcp_state == TCPS_TIME_WAIT) { + tcp_time_wait_processing(tcp, mp, seg_seq, seg_ack, + seg_len, (tcph_t *)tcph, sock_id); + return; + } + /* + * From this point we can assume that the tcp is not compressed, + * since we would have branched off to tcp_time_wait_processing() + * in such a case. + */ + assert(tcp != NULL && tcp->tcp_state != TCPS_TIME_WAIT); + + /* + * After this point, we know we have the correct TCP, so update + * the receive time. + */ + tcp->tcp_last_recv_time = prom_gettime(); + + /* In inetboot, we do not handle urgent pointer... */ + if (flags & TH_URG) { + freemsg(mp); + DEBUG_1("tcp_rput_data(%d): received segment with urgent " + "pointer\n", sock_id); + tcp_drops++; + return; + } + + switch (tcp->tcp_state) { + case TCPS_LISTEN: + if ((flags & (TH_RST | TH_ACK | TH_SYN)) != TH_SYN) { + if (flags & TH_RST) { + freemsg(mp); + return; + } + if (flags & TH_ACK) { + tcp_xmit_early_reset("TCPS_LISTEN-TH_ACK", + sock_id, mp, seg_ack, 0, TH_RST, + ip_hdr_len); + return; + } + if (!(flags & TH_SYN)) { + freemsg(mp); + return; + } + printf("tcp_rput_data: %d\n", __LINE__); + prom_panic("inetboot"); + } + if (tcp->tcp_conn_req_max > 0) { + tcp = tcp_conn_request(tcp, mp, sock_id, ip_hdr_len); + if (tcp == NULL) { + freemsg(mp); + return; + } +#ifdef DEBUG + printf("tcp_rput_data: new tcp created\n"); +#endif + } + tcp->tcp_irs = seg_seq; + tcp->tcp_rack = seg_seq; + tcp->tcp_rnxt = seg_seq + 1; + U32_TO_ABE32(tcp->tcp_rnxt, tcp->tcp_tcph->th_ack); + BUMP_MIB(tcp_mib.tcpPassiveOpens); + goto syn_rcvd; + case TCPS_SYN_SENT: + if (flags & TH_ACK) { + /* + * Note that our stack cannot send data before a + * connection is established, therefore the + * following check is valid. Otherwise, it has + * to be changed. + */ + if (SEQ_LEQ(seg_ack, tcp->tcp_iss) || + SEQ_GT(seg_ack, tcp->tcp_snxt)) { + if (flags & TH_RST) { + freemsg(mp); + return; + } + tcp_xmit_ctl("TCPS_SYN_SENT-Bad_seq", + tcp, mp, seg_ack, 0, TH_RST, + ip_hdr_len, sock_id); + return; + } + assert(tcp->tcp_suna + 1 == seg_ack); + } + if (flags & TH_RST) { + freemsg(mp); + if (flags & TH_ACK) { + tcp_clean_death(sock_id, tcp, ECONNREFUSED); + } + return; + } + if (!(flags & TH_SYN)) { + freemsg(mp); + return; + } + + /* Process all TCP options. */ + tcp_process_options(tcp, (tcph_t *)tcph); + /* + * The following changes our rwnd to be a multiple of the + * MIN(peer MSS, our MSS) for performance reason. + */ + (void) tcp_rwnd_set(tcp, MSS_ROUNDUP(tcp->tcp_rwnd, + tcp->tcp_mss)); + + /* Is the other end ECN capable? */ + if (tcp->tcp_ecn_ok) { + if ((flags & (TH_ECE|TH_CWR)) != TH_ECE) { + tcp->tcp_ecn_ok = B_FALSE; + } + } + /* + * Clear ECN flags because it may interfere with later + * processing. + */ + flags &= ~(TH_ECE|TH_CWR); + + tcp->tcp_irs = seg_seq; + tcp->tcp_rack = seg_seq; + tcp->tcp_rnxt = seg_seq + 1; + U32_TO_ABE32(tcp->tcp_rnxt, tcp->tcp_tcph->th_ack); + + if (flags & TH_ACK) { + /* One for the SYN */ + tcp->tcp_suna = tcp->tcp_iss + 1; + tcp->tcp_valid_bits &= ~TCP_ISS_VALID; + tcp->tcp_state = TCPS_ESTABLISHED; + + /* + * If SYN was retransmitted, need to reset all + * retransmission info. This is because this + * segment will be treated as a dup ACK. + */ + if (tcp->tcp_rexmit) { + tcp->tcp_rexmit = B_FALSE; + tcp->tcp_rexmit_nxt = tcp->tcp_snxt; + tcp->tcp_rexmit_max = tcp->tcp_snxt; + tcp->tcp_snd_burst = TCP_CWND_NORMAL; + + /* + * Set tcp_cwnd back to 1 MSS, per + * recommendation from + * draft-floyd-incr-init-win-01.txt, + * Increasing TCP's Initial Window. + */ + tcp->tcp_cwnd = tcp->tcp_mss; + } + + tcp->tcp_swl1 = seg_seq; + tcp->tcp_swl2 = seg_ack; + + new_swnd = BE16_TO_U16(((tcph_t *)tcph)->th_win); + tcp->tcp_swnd = new_swnd; + if (new_swnd > tcp->tcp_max_swnd) + tcp->tcp_max_swnd = new_swnd; + + /* + * Always send the three-way handshake ack immediately + * in order to make the connection complete as soon as + * possible on the accepting host. + */ + flags |= TH_ACK_NEEDED; + /* + * Check to see if there is data to be sent. If + * yes, set the transmit flag. Then check to see + * if received data processing needs to be done. + * If not, go straight to xmit_check. This short + * cut is OK as we don't support T/TCP. + */ + if (tcp->tcp_unsent) + flags |= TH_XMIT_NEEDED; + + if (seg_len == 0) { + freemsg(mp); + goto xmit_check; + } + + flags &= ~TH_SYN; + seg_seq++; + break; + } + syn_rcvd: + tcp->tcp_state = TCPS_SYN_RCVD; + mp1 = tcp_xmit_mp(tcp, tcp->tcp_xmit_head, tcp->tcp_mss, + NULL, NULL, tcp->tcp_iss, B_FALSE, NULL, B_FALSE); + if (mp1 != NULL) { + TCP_DUMP_PACKET("tcp_rput_data replying SYN", mp1); + (void) ipv4_tcp_output(sock_id, mp1); + TCP_TIMER_RESTART(tcp, tcp->tcp_rto); + freeb(mp1); + /* + * Let's wait till our SYN has been ACKED since we + * don't have a timer. + */ + if (tcp_state_wait(sock_id, tcp, TCPS_ALL_ACKED) < 0) { + freemsg(mp); + return; + } + } + freemsg(mp); + return; + default: + break; + } + mp->b_rptr = (uchar_t *)tcph + TCP_HDR_LENGTH((tcph_t *)tcph); + new_swnd = ntohs(tcph->tha_win) << + ((flags & TH_SYN) ? 0 : tcp->tcp_snd_ws); + mss = tcp->tcp_mss; + + if (tcp->tcp_snd_ts_ok) { + if (!tcp_paws_check(tcp, (tcph_t *)tcph, &tcpopt)) { + /* + * This segment is not acceptable. + * Drop it and send back an ACK. + */ + freemsg(mp); + flags |= TH_ACK_NEEDED; + goto ack_check; + } + } else if (tcp->tcp_snd_sack_ok) { + assert(tcp->tcp_sack_info != NULL); + tcpopt.tcp = tcp; + /* + * SACK info in already updated in tcp_parse_options. Ignore + * all other TCP options... + */ + (void) tcp_parse_options((tcph_t *)tcph, &tcpopt); + } +try_again:; + gap = seg_seq - tcp->tcp_rnxt; + rgap = tcp->tcp_rwnd - (gap + seg_len); + /* + * gap is the amount of sequence space between what we expect to see + * and what we got for seg_seq. A positive value for gap means + * something got lost. A negative value means we got some old stuff. + */ + if (gap < 0) { + /* Old stuff present. Is the SYN in there? */ + if (seg_seq == tcp->tcp_irs && (flags & TH_SYN) && + (seg_len != 0)) { + flags &= ~TH_SYN; + seg_seq++; + /* Recompute the gaps after noting the SYN. */ + goto try_again; + } + BUMP_MIB(tcp_mib.tcpInDataDupSegs); + UPDATE_MIB(tcp_mib.tcpInDataDupBytes, + (seg_len > -gap ? -gap : seg_len)); + /* Remove the old stuff from seg_len. */ + seg_len += gap; + /* + * Anything left? + * Make sure to check for unack'd FIN when rest of data + * has been previously ack'd. + */ + if (seg_len < 0 || (seg_len == 0 && !(flags & TH_FIN))) { + /* + * Resets are only valid if they lie within our offered + * window. If the RST bit is set, we just ignore this + * segment. + */ + if (flags & TH_RST) { + freemsg(mp); + return; + } + + /* + * This segment is "unacceptable". None of its + * sequence space lies within our advertized window. + * + * Adjust seg_len to the original value for tracing. + */ + seg_len -= gap; +#ifdef DEBUG + printf("tcp_rput: unacceptable, gap %d, rgap " + "%d, flags 0x%x, seg_seq %u, seg_ack %u, " + "seg_len %d, rnxt %u, snxt %u, %s", + gap, rgap, flags, seg_seq, seg_ack, + seg_len, tcp->tcp_rnxt, tcp->tcp_snxt, + tcp_display(tcp, NULL, DISP_ADDR_AND_PORT)); +#endif + + /* + * Arrange to send an ACK in response to the + * unacceptable segment per RFC 793 page 69. There + * is only one small difference between ours and the + * acceptability test in the RFC - we accept ACK-only + * packet with SEG.SEQ = RCV.NXT+RCV.WND and no ACK + * will be generated. + * + * Note that we have to ACK an ACK-only packet at least + * for stacks that send 0-length keep-alives with + * SEG.SEQ = SND.NXT-1 as recommended by RFC1122, + * section 4.2.3.6. As long as we don't ever generate + * an unacceptable packet in response to an incoming + * packet that is unacceptable, it should not cause + * "ACK wars". + */ + flags |= TH_ACK_NEEDED; + + /* + * Continue processing this segment in order to use the + * ACK information it contains, but skip all other + * sequence-number processing. Processing the ACK + * information is necessary in order to + * re-synchronize connections that may have lost + * synchronization. + * + * We clear seg_len and flag fields related to + * sequence number processing as they are not + * to be trusted for an unacceptable segment. + */ + seg_len = 0; + flags &= ~(TH_SYN | TH_FIN | TH_URG); + goto process_ack; + } + + /* Fix seg_seq, and chew the gap off the front. */ + seg_seq = tcp->tcp_rnxt; + do { + mblk_t *mp2; + assert((uintptr_t)(mp->b_wptr - mp->b_rptr) <= + (uintptr_t)UINT_MAX); + gap += (uint_t)(mp->b_wptr - mp->b_rptr); + if (gap > 0) { + mp->b_rptr = mp->b_wptr - gap; + break; + } + mp2 = mp; + mp = mp->b_cont; + freeb(mp2); + } while (gap < 0); + } + /* + * rgap is the amount of stuff received out of window. A negative + * value is the amount out of window. + */ + if (rgap < 0) { + mblk_t *mp2; + + if (tcp->tcp_rwnd == 0) + BUMP_MIB(tcp_mib.tcpInWinProbe); + else { + BUMP_MIB(tcp_mib.tcpInDataPastWinSegs); + UPDATE_MIB(tcp_mib.tcpInDataPastWinBytes, -rgap); + } + + /* + * seg_len does not include the FIN, so if more than + * just the FIN is out of window, we act like we don't + * see it. (If just the FIN is out of window, rgap + * will be zero and we will go ahead and acknowledge + * the FIN.) + */ + flags &= ~TH_FIN; + + /* Fix seg_len and make sure there is something left. */ + seg_len += rgap; + if (seg_len <= 0) { + /* + * Resets are only valid if they lie within our offered + * window. If the RST bit is set, we just ignore this + * segment. + */ + if (flags & TH_RST) { + freemsg(mp); + return; + } + + /* Per RFC 793, we need to send back an ACK. */ + flags |= TH_ACK_NEEDED; + + /* + * If this is a zero window probe, continue to + * process the ACK part. But we need to set seg_len + * to 0 to avoid data processing. Otherwise just + * drop the segment and send back an ACK. + */ + if (tcp->tcp_rwnd == 0 && seg_seq == tcp->tcp_rnxt) { + flags &= ~(TH_SYN | TH_URG); + seg_len = 0; + /* Let's see if we can update our rwnd */ + tcp_rcv_drain(sock_id, tcp); + goto process_ack; + } else { + freemsg(mp); + goto ack_check; + } + } + /* Pitch out of window stuff off the end. */ + rgap = seg_len; + mp2 = mp; + do { + assert((uintptr_t)(mp2->b_wptr - + mp2->b_rptr) <= (uintptr_t)INT_MAX); + rgap -= (int)(mp2->b_wptr - mp2->b_rptr); + if (rgap < 0) { + mp2->b_wptr += rgap; + if ((mp1 = mp2->b_cont) != NULL) { + mp2->b_cont = NULL; + freemsg(mp1); + } + break; + } + } while ((mp2 = mp2->b_cont) != NULL); + } +ok:; + /* + * TCP should check ECN info for segments inside the window only. + * Therefore the check should be done here. + */ + if (tcp->tcp_ecn_ok) { + uchar_t tos = ((struct ip *)rptr)->ip_tos; + + if (flags & TH_CWR) { + tcp->tcp_ecn_echo_on = B_FALSE; + } + /* + * Note that both ECN_CE and CWR can be set in the + * same segment. In this case, we once again turn + * on ECN_ECHO. + */ + if ((tos & IPH_ECN_CE) == IPH_ECN_CE) { + tcp->tcp_ecn_echo_on = B_TRUE; + } + } + + /* + * Check whether we can update tcp_ts_recent. This test is + * NOT the one in RFC 1323 3.4. It is from Braden, 1993, "TCP + * Extensions for High Performance: An Update", Internet Draft. + */ + if (tcp->tcp_snd_ts_ok && + TSTMP_GEQ(tcpopt.tcp_opt_ts_val, tcp->tcp_ts_recent) && + SEQ_LEQ(seg_seq, tcp->tcp_rack)) { + tcp->tcp_ts_recent = tcpopt.tcp_opt_ts_val; + tcp->tcp_last_rcv_lbolt = prom_gettime(); + } + + if (seg_seq != tcp->tcp_rnxt || tcp->tcp_reass_head) { + /* + * FIN in an out of order segment. We record this in + * tcp_valid_bits and the seq num of FIN in tcp_ofo_fin_seq. + * Clear the FIN so that any check on FIN flag will fail. + * Remember that FIN also counts in the sequence number + * space. So we need to ack out of order FIN only segments. + */ + if (flags & TH_FIN) { + tcp->tcp_valid_bits |= TCP_OFO_FIN_VALID; + tcp->tcp_ofo_fin_seq = seg_seq + seg_len; + flags &= ~TH_FIN; + flags |= TH_ACK_NEEDED; + } + if (seg_len > 0) { + /* Fill in the SACK blk list. */ + if (tcp->tcp_snd_sack_ok) { + assert(tcp->tcp_sack_info != NULL); + tcp_sack_insert(tcp->tcp_sack_list, + seg_seq, seg_seq + seg_len, + &(tcp->tcp_num_sack_blk)); + } + + /* + * Attempt reassembly and see if we have something + * ready to go. + */ + mp = tcp_reass(tcp, mp, seg_seq); + /* Always ack out of order packets */ + flags |= TH_ACK_NEEDED | TH_PUSH; + if (mp != NULL) { + assert((uintptr_t)(mp->b_wptr - + mp->b_rptr) <= (uintptr_t)INT_MAX); + seg_len = mp->b_cont ? msgdsize(mp) : + (int)(mp->b_wptr - mp->b_rptr); + seg_seq = tcp->tcp_rnxt; + /* + * A gap is filled and the seq num and len + * of the gap match that of a previously + * received FIN, put the FIN flag back in. + */ + if ((tcp->tcp_valid_bits & TCP_OFO_FIN_VALID) && + seg_seq + seg_len == tcp->tcp_ofo_fin_seq) { + flags |= TH_FIN; + tcp->tcp_valid_bits &= + ~TCP_OFO_FIN_VALID; + } + } else { + /* + * Keep going even with NULL mp. + * There may be a useful ACK or something else + * we don't want to miss. + * + * But TCP should not perform fast retransmit + * because of the ack number. TCP uses + * seg_len == 0 to determine if it is a pure + * ACK. And this is not a pure ACK. + */ + seg_len = 0; + ofo_seg = B_TRUE; + } + } + } else if (seg_len > 0) { + BUMP_MIB(tcp_mib.tcpInDataInorderSegs); + UPDATE_MIB(tcp_mib.tcpInDataInorderBytes, seg_len); + /* + * If an out of order FIN was received before, and the seq + * num and len of the new segment match that of the FIN, + * put the FIN flag back in. + */ + if ((tcp->tcp_valid_bits & TCP_OFO_FIN_VALID) && + seg_seq + seg_len == tcp->tcp_ofo_fin_seq) { + flags |= TH_FIN; + tcp->tcp_valid_bits &= ~TCP_OFO_FIN_VALID; + } + } + if ((flags & (TH_RST | TH_SYN | TH_URG | TH_ACK)) != TH_ACK) { + if (flags & TH_RST) { + freemsg(mp); + switch (tcp->tcp_state) { + case TCPS_SYN_RCVD: + (void) tcp_clean_death(sock_id, tcp, ECONNREFUSED); + break; + case TCPS_ESTABLISHED: + case TCPS_FIN_WAIT_1: + case TCPS_FIN_WAIT_2: + case TCPS_CLOSE_WAIT: + (void) tcp_clean_death(sock_id, tcp, ECONNRESET); + break; + case TCPS_CLOSING: + case TCPS_LAST_ACK: + (void) tcp_clean_death(sock_id, tcp, 0); + break; + default: + assert(tcp->tcp_state != TCPS_TIME_WAIT); + (void) tcp_clean_death(sock_id, tcp, ENXIO); + break; + } + return; + } + if (flags & TH_SYN) { + /* + * See RFC 793, Page 71 + * + * The seq number must be in the window as it should + * be "fixed" above. If it is outside window, it should + * be already rejected. Note that we allow seg_seq to be + * rnxt + rwnd because we want to accept 0 window probe. + */ + assert(SEQ_GEQ(seg_seq, tcp->tcp_rnxt) && + SEQ_LEQ(seg_seq, tcp->tcp_rnxt + tcp->tcp_rwnd)); + freemsg(mp); + /* + * If the ACK flag is not set, just use our snxt as the + * seq number of the RST segment. + */ + if (!(flags & TH_ACK)) { + seg_ack = tcp->tcp_snxt; + } + tcp_xmit_ctl("TH_SYN", tcp, NULL, seg_ack, + seg_seq + 1, TH_RST|TH_ACK, 0, sock_id); + assert(tcp->tcp_state != TCPS_TIME_WAIT); + (void) tcp_clean_death(sock_id, tcp, ECONNRESET); + return; + } + +process_ack: + if (!(flags & TH_ACK)) { +#ifdef DEBUG + printf("No ack in segment, dropped it, seq:%x\n", seg_seq); +#endif + freemsg(mp); + goto xmit_check; + } + } + bytes_acked = (int)(seg_ack - tcp->tcp_suna); + + if (tcp->tcp_state == TCPS_SYN_RCVD) { + tcp_t *listener = tcp->tcp_listener; +#ifdef DEBUG + printf("Done with eager 3-way handshake\n"); +#endif + /* + * NOTE: RFC 793 pg. 72 says this should be 'bytes_acked < 0' + * but that would mean we have an ack that ignored our SYN. + */ + if (bytes_acked < 1 || SEQ_GT(seg_ack, tcp->tcp_snxt)) { + freemsg(mp); + tcp_xmit_ctl("TCPS_SYN_RCVD-bad_ack", + tcp, NULL, seg_ack, 0, TH_RST, 0, sock_id); + return; + } + + /* + * if the conn_req_q is full defer processing + * until space is availabe after accept() + * processing + */ + if (listener->tcp_conn_req_cnt_q < + listener->tcp_conn_req_max) { + tcp_t *tail; + + listener->tcp_conn_req_cnt_q0--; + listener->tcp_conn_req_cnt_q++; + + /* Move from SYN_RCVD to ESTABLISHED list */ + tcp->tcp_eager_next_q0->tcp_eager_prev_q0 = + tcp->tcp_eager_prev_q0; + tcp->tcp_eager_prev_q0->tcp_eager_next_q0 = + tcp->tcp_eager_next_q0; + tcp->tcp_eager_prev_q0 = NULL; + tcp->tcp_eager_next_q0 = NULL; + + /* + * Insert at end of the queue because sockfs + * sends down T_CONN_RES in chronological + * order. Leaving the older conn indications + * at front of the queue helps reducing search + * time. + */ + tail = listener->tcp_eager_last_q; + if (tail != NULL) { + tail->tcp_eager_next_q = tcp; + } else { + listener->tcp_eager_next_q = tcp; + } + listener->tcp_eager_last_q = tcp; + tcp->tcp_eager_next_q = NULL; + } else { + /* + * Defer connection on q0 and set deferred + * connection bit true + */ + tcp->tcp_conn_def_q0 = B_TRUE; + + /* take tcp out of q0 ... */ + tcp->tcp_eager_prev_q0->tcp_eager_next_q0 = + tcp->tcp_eager_next_q0; + tcp->tcp_eager_next_q0->tcp_eager_prev_q0 = + tcp->tcp_eager_prev_q0; + + /* ... and place it at the end of q0 */ + tcp->tcp_eager_prev_q0 = listener->tcp_eager_prev_q0; + tcp->tcp_eager_next_q0 = listener; + listener->tcp_eager_prev_q0->tcp_eager_next_q0 = tcp; + listener->tcp_eager_prev_q0 = tcp; + } + + tcp->tcp_suna = tcp->tcp_iss + 1; /* One for the SYN */ + bytes_acked--; + + /* + * If SYN was retransmitted, need to reset all + * retransmission info as this segment will be + * treated as a dup ACK. + */ + if (tcp->tcp_rexmit) { + tcp->tcp_rexmit = B_FALSE; + tcp->tcp_rexmit_nxt = tcp->tcp_snxt; + tcp->tcp_rexmit_max = tcp->tcp_snxt; + tcp->tcp_snd_burst = TCP_CWND_NORMAL; + tcp->tcp_ms_we_have_waited = 0; + tcp->tcp_cwnd = mss; + } + + /* + * We set the send window to zero here. + * This is needed if there is data to be + * processed already on the queue. + * Later (at swnd_update label), the + * "new_swnd > tcp_swnd" condition is satisfied + * the XMIT_NEEDED flag is set in the current + * (SYN_RCVD) state. This ensures tcp_wput_data() is + * called if there is already data on queue in + * this state. + */ + tcp->tcp_swnd = 0; + + if (new_swnd > tcp->tcp_max_swnd) + tcp->tcp_max_swnd = new_swnd; + tcp->tcp_swl1 = seg_seq; + tcp->tcp_swl2 = seg_ack; + tcp->tcp_state = TCPS_ESTABLISHED; + tcp->tcp_valid_bits &= ~TCP_ISS_VALID; + } + /* This code follows 4.4BSD-Lite2 mostly. */ + if (bytes_acked < 0) + goto est; + + /* + * If TCP is ECN capable and the congestion experience bit is + * set, reduce tcp_cwnd and tcp_ssthresh. But this should only be + * done once per window (or more loosely, per RTT). + */ + if (tcp->tcp_cwr && SEQ_GT(seg_ack, tcp->tcp_cwr_snd_max)) + tcp->tcp_cwr = B_FALSE; + if (tcp->tcp_ecn_ok && (flags & TH_ECE)) { + if (!tcp->tcp_cwr) { + npkt = (MIN(tcp->tcp_cwnd, tcp->tcp_swnd) >> 1) / mss; + tcp->tcp_cwnd_ssthresh = MAX(npkt, 2) * mss; + tcp->tcp_cwnd = npkt * mss; + /* + * If the cwnd is 0, use the timer to clock out + * new segments. This is required by the ECN spec. + */ + if (npkt == 0) { + TCP_TIMER_RESTART(tcp, tcp->tcp_rto); + /* + * This makes sure that when the ACK comes + * back, we will increase tcp_cwnd by 1 MSS. + */ + tcp->tcp_cwnd_cnt = 0; + } + tcp->tcp_cwr = B_TRUE; + /* + * This marks the end of the current window of in + * flight data. That is why we don't use + * tcp_suna + tcp_swnd. Only data in flight can + * provide ECN info. + */ + tcp->tcp_cwr_snd_max = tcp->tcp_snxt; + tcp->tcp_ecn_cwr_sent = B_FALSE; + } + } + + mp1 = tcp->tcp_xmit_head; + if (bytes_acked == 0) { + if (!ofo_seg && seg_len == 0 && new_swnd == tcp->tcp_swnd) { + int dupack_cnt; + + BUMP_MIB(tcp_mib.tcpInDupAck); + /* + * Fast retransmit. When we have seen exactly three + * identical ACKs while we have unacked data + * outstanding we take it as a hint that our peer + * dropped something. + * + * If TCP is retransmitting, don't do fast retransmit. + */ + if (mp1 != NULL && tcp->tcp_suna != tcp->tcp_snxt && + ! tcp->tcp_rexmit) { + /* Do Limited Transmit */ + if ((dupack_cnt = ++tcp->tcp_dupack_cnt) < + tcp_dupack_fast_retransmit) { + /* + * RFC 3042 + * + * What we need to do is temporarily + * increase tcp_cwnd so that new + * data can be sent if it is allowed + * by the receive window (tcp_rwnd). + * tcp_wput_data() will take care of + * the rest. + * + * If the connection is SACK capable, + * only do limited xmit when there + * is SACK info. + * + * Note how tcp_cwnd is incremented. + * The first dup ACK will increase + * it by 1 MSS. The second dup ACK + * will increase it by 2 MSS. This + * means that only 1 new segment will + * be sent for each dup ACK. + */ + if (tcp->tcp_unsent > 0 && + (!tcp->tcp_snd_sack_ok || + (tcp->tcp_snd_sack_ok && + tcp->tcp_notsack_list != NULL))) { + tcp->tcp_cwnd += mss << + (tcp->tcp_dupack_cnt - 1); + flags |= TH_LIMIT_XMIT; + } + } else if (dupack_cnt == + tcp_dupack_fast_retransmit) { + + BUMP_MIB(tcp_mib.tcpOutFastRetrans); + /* + * If we have reduced tcp_ssthresh + * because of ECN, do not reduce it again + * unless it is already one window of data + * away. After one window of data, tcp_cwr + * should then be cleared. Note that + * for non ECN capable connection, tcp_cwr + * should always be false. + * + * Adjust cwnd since the duplicate + * ack indicates that a packet was + * dropped (due to congestion.) + */ + if (!tcp->tcp_cwr) { + npkt = (MIN(tcp->tcp_cwnd, + tcp->tcp_swnd) >> 1) / mss; + if (npkt < 2) + npkt = 2; + tcp->tcp_cwnd_ssthresh = npkt * mss; + tcp->tcp_cwnd = (npkt + + tcp->tcp_dupack_cnt) * mss; + } + if (tcp->tcp_ecn_ok) { + tcp->tcp_cwr = B_TRUE; + tcp->tcp_cwr_snd_max = tcp->tcp_snxt; + tcp->tcp_ecn_cwr_sent = B_FALSE; + } + + /* + * We do Hoe's algorithm. Refer to her + * paper "Improving the Start-up Behavior + * of a Congestion Control Scheme for TCP," + * appeared in SIGCOMM'96. + * + * Save highest seq no we have sent so far. + * Be careful about the invisible FIN byte. + */ + if ((tcp->tcp_valid_bits & TCP_FSS_VALID) && + (tcp->tcp_unsent == 0)) { + tcp->tcp_rexmit_max = tcp->tcp_fss; + } else { + tcp->tcp_rexmit_max = tcp->tcp_snxt; + } + + /* + * Do not allow bursty traffic during. + * fast recovery. Refer to Fall and Floyd's + * paper "Simulation-based Comparisons of + * Tahoe, Reno and SACK TCP" (in CCR ??) + * This is a best current practise. + */ + tcp->tcp_snd_burst = TCP_CWND_SS; + + /* + * For SACK: + * Calculate tcp_pipe, which is the + * estimated number of bytes in + * network. + * + * tcp_fack is the highest sack'ed seq num + * TCP has received. + * + * tcp_pipe is explained in the above quoted + * Fall and Floyd's paper. tcp_fack is + * explained in Mathis and Mahdavi's + * "Forward Acknowledgment: Refining TCP + * Congestion Control" in SIGCOMM '96. + */ + if (tcp->tcp_snd_sack_ok) { + assert(tcp->tcp_sack_info != NULL); + if (tcp->tcp_notsack_list != NULL) { + tcp->tcp_pipe = tcp->tcp_snxt - + tcp->tcp_fack; + tcp->tcp_sack_snxt = seg_ack; + flags |= TH_NEED_SACK_REXMIT; + } else { + /* + * Always initialize tcp_pipe + * even though we don't have + * any SACK info. If later + * we get SACK info and + * tcp_pipe is not initialized, + * funny things will happen. + */ + tcp->tcp_pipe = + tcp->tcp_cwnd_ssthresh; + } + } else { + flags |= TH_REXMIT_NEEDED; + } /* tcp_snd_sack_ok */ + + } else { + /* + * Here we perform congestion + * avoidance, but NOT slow start. + * This is known as the Fast + * Recovery Algorithm. + */ + if (tcp->tcp_snd_sack_ok && + tcp->tcp_notsack_list != NULL) { + flags |= TH_NEED_SACK_REXMIT; + tcp->tcp_pipe -= mss; + if (tcp->tcp_pipe < 0) + tcp->tcp_pipe = 0; + } else { + /* + * We know that one more packet has + * left the pipe thus we can update + * cwnd. + */ + cwnd = tcp->tcp_cwnd + mss; + if (cwnd > tcp->tcp_cwnd_max) + cwnd = tcp->tcp_cwnd_max; + tcp->tcp_cwnd = cwnd; + flags |= TH_XMIT_NEEDED; + } + } + } + } else if (tcp->tcp_zero_win_probe) { + /* + * If the window has opened, need to arrange + * to send additional data. + */ + if (new_swnd != 0) { + /* tcp_suna != tcp_snxt */ + /* Packet contains a window update */ + BUMP_MIB(tcp_mib.tcpInWinUpdate); + tcp->tcp_zero_win_probe = 0; + tcp->tcp_timer_backoff = 0; + tcp->tcp_ms_we_have_waited = 0; + + /* + * Transmit starting with tcp_suna since + * the one byte probe is not ack'ed. + * If TCP has sent more than one identical + * probe, tcp_rexmit will be set. That means + * tcp_ss_rexmit() will send out the one + * byte along with new data. Otherwise, + * fake the retransmission. + */ + flags |= TH_XMIT_NEEDED; + if (!tcp->tcp_rexmit) { + tcp->tcp_rexmit = B_TRUE; + tcp->tcp_dupack_cnt = 0; + tcp->tcp_rexmit_nxt = tcp->tcp_suna; + tcp->tcp_rexmit_max = tcp->tcp_suna + 1; + } + } + } + goto swnd_update; + } + + /* + * Check for "acceptability" of ACK value per RFC 793, pages 72 - 73. + * If the ACK value acks something that we have not yet sent, it might + * be an old duplicate segment. Send an ACK to re-synchronize the + * other side. + * Note: reset in response to unacceptable ACK in SYN_RECEIVE + * state is handled above, so we can always just drop the segment and + * send an ACK here. + * + * Should we send ACKs in response to ACK only segments? + */ + if (SEQ_GT(seg_ack, tcp->tcp_snxt)) { + BUMP_MIB(tcp_mib.tcpInAckUnsent); + /* drop the received segment */ + freemsg(mp); + + /* Send back an ACK. */ + mp = tcp_ack_mp(tcp); + + if (mp == NULL) { + return; + } + BUMP_MIB(tcp_mib.tcpOutAck); + (void) ipv4_tcp_output(sock_id, mp); + freeb(mp); + return; + } + + /* + * TCP gets a new ACK, update the notsack'ed list to delete those + * blocks that are covered by this ACK. + */ + if (tcp->tcp_snd_sack_ok && tcp->tcp_notsack_list != NULL) { + tcp_notsack_remove(&(tcp->tcp_notsack_list), seg_ack, + &(tcp->tcp_num_notsack_blk), &(tcp->tcp_cnt_notsack_list)); + } + + /* + * If we got an ACK after fast retransmit, check to see + * if it is a partial ACK. If it is not and the congestion + * window was inflated to account for the other side's + * cached packets, retract it. If it is, do Hoe's algorithm. + */ + if (tcp->tcp_dupack_cnt >= tcp_dupack_fast_retransmit) { + assert(tcp->tcp_rexmit == B_FALSE); + if (SEQ_GEQ(seg_ack, tcp->tcp_rexmit_max)) { + tcp->tcp_dupack_cnt = 0; + /* + * Restore the orig tcp_cwnd_ssthresh after + * fast retransmit phase. + */ + if (tcp->tcp_cwnd > tcp->tcp_cwnd_ssthresh) { + tcp->tcp_cwnd = tcp->tcp_cwnd_ssthresh; + } + tcp->tcp_rexmit_max = seg_ack; + tcp->tcp_cwnd_cnt = 0; + tcp->tcp_snd_burst = TCP_CWND_NORMAL; + + /* + * Remove all notsack info to avoid confusion with + * the next fast retrasnmit/recovery phase. + */ + if (tcp->tcp_snd_sack_ok && + tcp->tcp_notsack_list != NULL) { + TCP_NOTSACK_REMOVE_ALL(tcp->tcp_notsack_list); + } + } else { + if (tcp->tcp_snd_sack_ok && + tcp->tcp_notsack_list != NULL) { + flags |= TH_NEED_SACK_REXMIT; + tcp->tcp_pipe -= mss; + if (tcp->tcp_pipe < 0) + tcp->tcp_pipe = 0; + } else { + /* + * Hoe's algorithm: + * + * Retransmit the unack'ed segment and + * restart fast recovery. Note that we + * need to scale back tcp_cwnd to the + * original value when we started fast + * recovery. This is to prevent overly + * aggressive behaviour in sending new + * segments. + */ + tcp->tcp_cwnd = tcp->tcp_cwnd_ssthresh + + tcp_dupack_fast_retransmit * mss; + tcp->tcp_cwnd_cnt = tcp->tcp_cwnd; + BUMP_MIB(tcp_mib.tcpOutFastRetrans); + flags |= TH_REXMIT_NEEDED; + } + } + } else { + tcp->tcp_dupack_cnt = 0; + if (tcp->tcp_rexmit) { + /* + * TCP is retranmitting. If the ACK ack's all + * outstanding data, update tcp_rexmit_max and + * tcp_rexmit_nxt. Otherwise, update tcp_rexmit_nxt + * to the correct value. + * + * Note that SEQ_LEQ() is used. This is to avoid + * unnecessary fast retransmit caused by dup ACKs + * received when TCP does slow start retransmission + * after a time out. During this phase, TCP may + * send out segments which are already received. + * This causes dup ACKs to be sent back. + */ + if (SEQ_LEQ(seg_ack, tcp->tcp_rexmit_max)) { + if (SEQ_GT(seg_ack, tcp->tcp_rexmit_nxt)) { + tcp->tcp_rexmit_nxt = seg_ack; + } + if (seg_ack != tcp->tcp_rexmit_max) { + flags |= TH_XMIT_NEEDED; + } + } else { + tcp->tcp_rexmit = B_FALSE; + tcp->tcp_rexmit_nxt = tcp->tcp_snxt; + tcp->tcp_snd_burst = TCP_CWND_NORMAL; + } + tcp->tcp_ms_we_have_waited = 0; + } + } + + BUMP_MIB(tcp_mib.tcpInAckSegs); + UPDATE_MIB(tcp_mib.tcpInAckBytes, bytes_acked); + tcp->tcp_suna = seg_ack; + if (tcp->tcp_zero_win_probe != 0) { + tcp->tcp_zero_win_probe = 0; + tcp->tcp_timer_backoff = 0; + } + + /* + * If tcp_xmit_head is NULL, then it must be the FIN being ack'ed. + * Note that it cannot be the SYN being ack'ed. The code flow + * will not reach here. + */ + if (mp1 == NULL) { + goto fin_acked; + } + + /* + * Update the congestion window. + * + * If TCP is not ECN capable or TCP is ECN capable but the + * congestion experience bit is not set, increase the tcp_cwnd as + * usual. + */ + if (!tcp->tcp_ecn_ok || !(flags & TH_ECE)) { + cwnd = tcp->tcp_cwnd; + add = mss; + + if (cwnd >= tcp->tcp_cwnd_ssthresh) { + /* + * This is to prevent an increase of less than 1 MSS of + * tcp_cwnd. With partial increase, tcp_wput_data() + * may send out tinygrams in order to preserve mblk + * boundaries. + * + * By initializing tcp_cwnd_cnt to new tcp_cwnd and + * decrementing it by 1 MSS for every ACKs, tcp_cwnd is + * increased by 1 MSS for every RTTs. + */ + if (tcp->tcp_cwnd_cnt <= 0) { + tcp->tcp_cwnd_cnt = cwnd + add; + } else { + tcp->tcp_cwnd_cnt -= add; + add = 0; + } + } + tcp->tcp_cwnd = MIN(cwnd + add, tcp->tcp_cwnd_max); + } + + /* Can we update the RTT estimates? */ + if (tcp->tcp_snd_ts_ok) { + /* Ignore zero timestamp echo-reply. */ + if (tcpopt.tcp_opt_ts_ecr != 0) { + tcp_set_rto(tcp, (int32_t)(prom_gettime() - + tcpopt.tcp_opt_ts_ecr)); + } + + /* If needed, restart the timer. */ + if (tcp->tcp_set_timer == 1) { + TCP_TIMER_RESTART(tcp, tcp->tcp_rto); + tcp->tcp_set_timer = 0; + } + /* + * Update tcp_csuna in case the other side stops sending + * us timestamps. + */ + tcp->tcp_csuna = tcp->tcp_snxt; + } else if (SEQ_GT(seg_ack, tcp->tcp_csuna)) { + /* + * An ACK sequence we haven't seen before, so get the RTT + * and update the RTO. + */ + tcp_set_rto(tcp, (int32_t)(prom_gettime() - + (uint32_t)mp1->b_prev)); + + /* Remeber the last sequence to be ACKed */ + tcp->tcp_csuna = seg_ack; + if (tcp->tcp_set_timer == 1) { + TCP_TIMER_RESTART(tcp, tcp->tcp_rto); + tcp->tcp_set_timer = 0; + } + } else { + BUMP_MIB(tcp_mib.tcpRttNoUpdate); + } + + /* Eat acknowledged bytes off the xmit queue. */ + for (;;) { + mblk_t *mp2; + uchar_t *wptr; + + wptr = mp1->b_wptr; + assert((uintptr_t)(wptr - mp1->b_rptr) <= (uintptr_t)INT_MAX); + bytes_acked -= (int)(wptr - mp1->b_rptr); + if (bytes_acked < 0) { + mp1->b_rptr = wptr + bytes_acked; + break; + } + mp1->b_prev = NULL; + mp2 = mp1; + mp1 = mp1->b_cont; + freeb(mp2); + if (bytes_acked == 0) { + if (mp1 == NULL) { + /* Everything is ack'ed, clear the tail. */ + tcp->tcp_xmit_tail = NULL; + goto pre_swnd_update; + } + if (mp2 != tcp->tcp_xmit_tail) + break; + tcp->tcp_xmit_tail = mp1; + assert((uintptr_t)(mp1->b_wptr - + mp1->b_rptr) <= (uintptr_t)INT_MAX); + tcp->tcp_xmit_tail_unsent = (int)(mp1->b_wptr - + mp1->b_rptr); + break; + } + if (mp1 == NULL) { + /* + * More was acked but there is nothing more + * outstanding. This means that the FIN was + * just acked or that we're talking to a clown. + */ +fin_acked: + assert(tcp->tcp_fin_sent); + tcp->tcp_xmit_tail = NULL; + if (tcp->tcp_fin_sent) { + tcp->tcp_fin_acked = B_TRUE; + } else { + /* + * We should never got here because + * we have already checked that the + * number of bytes ack'ed should be + * smaller than or equal to what we + * have sent so far (it is the + * acceptability check of the ACK). + * We can only get here if the send + * queue is corrupted. + * + * Terminate the connection and + * panic the system. It is better + * for us to panic instead of + * continuing to avoid other disaster. + */ + tcp_xmit_ctl(NULL, tcp, NULL, tcp->tcp_snxt, + tcp->tcp_rnxt, TH_RST|TH_ACK, 0, sock_id); + printf("Memory corruption " + "detected for connection %s.\n", + tcp_display(tcp, NULL, + DISP_ADDR_AND_PORT)); + /* We should never get here... */ + prom_panic("tcp_rput_data"); + return; + } + goto pre_swnd_update; + } + assert(mp2 != tcp->tcp_xmit_tail); + } + if (tcp->tcp_unsent) { + flags |= TH_XMIT_NEEDED; + } +pre_swnd_update: + tcp->tcp_xmit_head = mp1; +swnd_update: + /* + * The following check is different from most other implementations. + * For bi-directional transfer, when segments are dropped, the + * "normal" check will not accept a window update in those + * retransmitted segemnts. Failing to do that, TCP may send out + * segments which are outside receiver's window. As TCP accepts + * the ack in those retransmitted segments, if the window update in + * the same segment is not accepted, TCP will incorrectly calculates + * that it can send more segments. This can create a deadlock + * with the receiver if its window becomes zero. + */ + if (SEQ_LT(tcp->tcp_swl2, seg_ack) || + SEQ_LT(tcp->tcp_swl1, seg_seq) || + (tcp->tcp_swl1 == seg_seq && new_swnd > tcp->tcp_swnd)) { + /* + * The criteria for update is: + * + * 1. the segment acknowledges some data. Or + * 2. the segment is new, i.e. it has a higher seq num. Or + * 3. the segment is not old and the advertised window is + * larger than the previous advertised window. + */ + if (tcp->tcp_unsent && new_swnd > tcp->tcp_swnd) + flags |= TH_XMIT_NEEDED; + tcp->tcp_swnd = new_swnd; + if (new_swnd > tcp->tcp_max_swnd) + tcp->tcp_max_swnd = new_swnd; + tcp->tcp_swl1 = seg_seq; + tcp->tcp_swl2 = seg_ack; + } +est: + if (tcp->tcp_state > TCPS_ESTABLISHED) { + switch (tcp->tcp_state) { + case TCPS_FIN_WAIT_1: + if (tcp->tcp_fin_acked) { + tcp->tcp_state = TCPS_FIN_WAIT_2; + /* + * We implement the non-standard BSD/SunOS + * FIN_WAIT_2 flushing algorithm. + * If there is no user attached to this + * TCP endpoint, then this TCP struct + * could hang around forever in FIN_WAIT_2 + * state if the peer forgets to send us + * a FIN. To prevent this, we wait only + * 2*MSL (a convenient time value) for + * the FIN to arrive. If it doesn't show up, + * we flush the TCP endpoint. This algorithm, + * though a violation of RFC-793, has worked + * for over 10 years in BSD systems. + * Note: SunOS 4.x waits 675 seconds before + * flushing the FIN_WAIT_2 connection. + */ + TCP_TIMER_RESTART(tcp, + tcp_fin_wait_2_flush_interval); + } + break; + case TCPS_FIN_WAIT_2: + break; /* Shutdown hook? */ + case TCPS_LAST_ACK: + freemsg(mp); + if (tcp->tcp_fin_acked) { + (void) tcp_clean_death(sock_id, tcp, 0); + return; + } + goto xmit_check; + case TCPS_CLOSING: + if (tcp->tcp_fin_acked) { + tcp->tcp_state = TCPS_TIME_WAIT; + tcp_time_wait_append(tcp); + TCP_TIMER_RESTART(tcp, tcp_time_wait_interval); + } + /*FALLTHRU*/ + case TCPS_CLOSE_WAIT: + freemsg(mp); + goto xmit_check; + default: + assert(tcp->tcp_state != TCPS_TIME_WAIT); + break; + } + } + if (flags & TH_FIN) { + /* Make sure we ack the fin */ + flags |= TH_ACK_NEEDED; + if (!tcp->tcp_fin_rcvd) { + tcp->tcp_fin_rcvd = B_TRUE; + tcp->tcp_rnxt++; + U32_TO_ABE32(tcp->tcp_rnxt, tcp->tcp_tcph->th_ack); + + switch (tcp->tcp_state) { + case TCPS_SYN_RCVD: + case TCPS_ESTABLISHED: + tcp->tcp_state = TCPS_CLOSE_WAIT; + /* Keepalive? */ + break; + case TCPS_FIN_WAIT_1: + if (!tcp->tcp_fin_acked) { + tcp->tcp_state = TCPS_CLOSING; + break; + } + /* FALLTHRU */ + case TCPS_FIN_WAIT_2: + tcp->tcp_state = TCPS_TIME_WAIT; + tcp_time_wait_append(tcp); + TCP_TIMER_RESTART(tcp, tcp_time_wait_interval); + if (seg_len) { + /* + * implies data piggybacked on FIN. + * break to handle data. + */ + break; + } + freemsg(mp); + goto ack_check; + } + } + } + if (mp == NULL) + goto xmit_check; + if (seg_len == 0) { + freemsg(mp); + goto xmit_check; + } + if (mp->b_rptr == mp->b_wptr) { + /* + * The header has been consumed, so we remove the + * zero-length mblk here. + */ + mp1 = mp; + mp = mp->b_cont; + freeb(mp1); + } + /* + * ACK every other segments, unless the input queue is empty + * as we don't have a timer available. + */ + if (++tcp->tcp_rack_cnt == 2 || sockets[sock_id].inq == NULL) { + flags |= TH_ACK_NEEDED; + tcp->tcp_rack_cnt = 0; + } + tcp->tcp_rnxt += seg_len; + U32_TO_ABE32(tcp->tcp_rnxt, tcp->tcp_tcph->th_ack); + + /* Update SACK list */ + if (tcp->tcp_snd_sack_ok && tcp->tcp_num_sack_blk > 0) { + tcp_sack_remove(tcp->tcp_sack_list, tcp->tcp_rnxt, + &(tcp->tcp_num_sack_blk)); + } + + if (tcp->tcp_listener) { + /* + * Side queue inbound data until the accept happens. + * tcp_accept/tcp_rput drains this when the accept happens. + */ + tcp_rcv_enqueue(tcp, mp, seg_len); + } else { + /* Just queue the data until the app calls read. */ + tcp_rcv_enqueue(tcp, mp, seg_len); + /* + * Make sure the timer is running if we have data waiting + * for a push bit. This provides resiliency against + * implementations that do not correctly generate push bits. + */ + if (tcp->tcp_rcv_list != NULL) + flags |= TH_TIMER_NEEDED; + } + +xmit_check: + /* Is there anything left to do? */ + if ((flags & (TH_REXMIT_NEEDED|TH_XMIT_NEEDED|TH_ACK_NEEDED| + TH_NEED_SACK_REXMIT|TH_LIMIT_XMIT|TH_TIMER_NEEDED)) == 0) + return; + + /* Any transmit work to do and a non-zero window? */ + if ((flags & (TH_REXMIT_NEEDED|TH_XMIT_NEEDED|TH_NEED_SACK_REXMIT| + TH_LIMIT_XMIT)) && tcp->tcp_swnd != 0) { + if (flags & TH_REXMIT_NEEDED) { + uint32_t snd_size = tcp->tcp_snxt - tcp->tcp_suna; + + if (snd_size > mss) + snd_size = mss; + if (snd_size > tcp->tcp_swnd) + snd_size = tcp->tcp_swnd; + mp1 = tcp_xmit_mp(tcp, tcp->tcp_xmit_head, snd_size, + NULL, NULL, tcp->tcp_suna, B_TRUE, &snd_size, + B_TRUE); + + if (mp1 != NULL) { + tcp->tcp_xmit_head->b_prev = + (mblk_t *)prom_gettime(); + tcp->tcp_csuna = tcp->tcp_snxt; + BUMP_MIB(tcp_mib.tcpRetransSegs); + UPDATE_MIB(tcp_mib.tcpRetransBytes, snd_size); + (void) ipv4_tcp_output(sock_id, mp1); + freeb(mp1); + } + } + if (flags & TH_NEED_SACK_REXMIT) { + if (tcp_sack_rxmit(tcp, sock_id) != 0) { + flags |= TH_XMIT_NEEDED; + } + } + /* + * For TH_LIMIT_XMIT, tcp_wput_data() is called to send + * out new segment. Note that tcp_rexmit should not be + * set, otherwise TH_LIMIT_XMIT should not be set. + */ + if (flags & (TH_XMIT_NEEDED|TH_LIMIT_XMIT)) { + if (!tcp->tcp_rexmit) { + tcp_wput_data(tcp, NULL, sock_id); + } else { + tcp_ss_rexmit(tcp, sock_id); + } + /* + * The TCP could be closed in tcp_state_wait via + * tcp_wput_data (tcp_ss_rexmit could call + * tcp_wput_data as well). + */ + if (sockets[sock_id].pcb == NULL) + return; + } + /* + * Adjust tcp_cwnd back to normal value after sending + * new data segments. + */ + if (flags & TH_LIMIT_XMIT) { + tcp->tcp_cwnd -= mss << (tcp->tcp_dupack_cnt - 1); + } + + /* Anything more to do? */ + if ((flags & (TH_ACK_NEEDED|TH_TIMER_NEEDED)) == 0) + return; + } +ack_check: + if (flags & TH_ACK_NEEDED) { + /* + * Time to send an ack for some reason. + */ + if ((mp1 = tcp_ack_mp(tcp)) != NULL) { + TCP_DUMP_PACKET("tcp_rput_data: ack mp", mp1); + (void) ipv4_tcp_output(sock_id, mp1); + BUMP_MIB(tcp_mib.tcpOutAck); + freeb(mp1); + } + } +} + +/* + * tcp_ss_rexmit() is called in tcp_rput_data() to do slow start + * retransmission after a timeout. + * + * To limit the number of duplicate segments, we limit the number of segment + * to be sent in one time to tcp_snd_burst, the burst variable. + */ +static void +tcp_ss_rexmit(tcp_t *tcp, int sock_id) +{ + uint32_t snxt; + uint32_t smax; + int32_t win; + int32_t mss; + int32_t off; + int32_t burst = tcp->tcp_snd_burst; + mblk_t *snxt_mp; + + /* + * Note that tcp_rexmit can be set even though TCP has retransmitted + * all unack'ed segments. + */ + if (SEQ_LT(tcp->tcp_rexmit_nxt, tcp->tcp_rexmit_max)) { + smax = tcp->tcp_rexmit_max; + snxt = tcp->tcp_rexmit_nxt; + if (SEQ_LT(snxt, tcp->tcp_suna)) { + snxt = tcp->tcp_suna; + } + win = MIN(tcp->tcp_cwnd, tcp->tcp_swnd); + win -= snxt - tcp->tcp_suna; + mss = tcp->tcp_mss; + snxt_mp = tcp_get_seg_mp(tcp, snxt, &off); + + while (SEQ_LT(snxt, smax) && (win > 0) && + (burst > 0) && (snxt_mp != NULL)) { + mblk_t *xmit_mp; + mblk_t *old_snxt_mp = snxt_mp; + uint32_t cnt = mss; + + if (win < cnt) { + cnt = win; + } + if (SEQ_GT(snxt + cnt, smax)) { + cnt = smax - snxt; + } + xmit_mp = tcp_xmit_mp(tcp, snxt_mp, cnt, &off, + &snxt_mp, snxt, B_TRUE, &cnt, B_TRUE); + + if (xmit_mp == NULL) + return; + + (void) ipv4_tcp_output(sock_id, xmit_mp); + freeb(xmit_mp); + + snxt += cnt; + win -= cnt; + /* + * Update the send timestamp to avoid false + * retransmission. + */ + old_snxt_mp->b_prev = (mblk_t *)prom_gettime(); + BUMP_MIB(tcp_mib.tcpRetransSegs); + UPDATE_MIB(tcp_mib.tcpRetransBytes, cnt); + + tcp->tcp_rexmit_nxt = snxt; + burst--; + } + /* + * If we have transmitted all we have at the time + * we started the retranmission, we can leave + * the rest of the job to tcp_wput_data(). But we + * need to check the send window first. If the + * win is not 0, go on with tcp_wput_data(). + */ + if (SEQ_LT(snxt, smax) || win == 0) { + return; + } + } + /* Only call tcp_wput_data() if there is data to be sent. */ + if (tcp->tcp_unsent) { + tcp_wput_data(tcp, NULL, sock_id); + } +} + +/* + * tcp_timer is the timer service routine. It handles all timer events for + * a tcp instance except keepalives. It figures out from the state of the + * tcp instance what kind of action needs to be done at the time it is called. + */ +static void +tcp_timer(tcp_t *tcp, int sock_id) +{ + mblk_t *mp; + uint32_t first_threshold; + uint32_t second_threshold; + uint32_t ms; + uint32_t mss; + + first_threshold = tcp->tcp_first_timer_threshold; + second_threshold = tcp->tcp_second_timer_threshold; + switch (tcp->tcp_state) { + case TCPS_IDLE: + case TCPS_BOUND: + case TCPS_LISTEN: + return; + case TCPS_SYN_RCVD: + case TCPS_SYN_SENT: + first_threshold = tcp->tcp_first_ctimer_threshold; + second_threshold = tcp->tcp_second_ctimer_threshold; + break; + case TCPS_ESTABLISHED: + case TCPS_FIN_WAIT_1: + case TCPS_CLOSING: + case TCPS_CLOSE_WAIT: + case TCPS_LAST_ACK: + /* If we have data to rexmit */ + if (tcp->tcp_suna != tcp->tcp_snxt) { + int32_t time_to_wait; + + BUMP_MIB(tcp_mib.tcpTimRetrans); + if (tcp->tcp_xmit_head == NULL) + break; + time_to_wait = (int32_t)(prom_gettime() - + (uint32_t)tcp->tcp_xmit_head->b_prev); + time_to_wait = tcp->tcp_rto - time_to_wait; + if (time_to_wait > 0) { + /* + * Timer fired too early, so restart it. + */ + TCP_TIMER_RESTART(tcp, time_to_wait); + return; + } + /* + * When we probe zero windows, we force the swnd open. + * If our peer acks with a closed window swnd will be + * set to zero by tcp_rput(). As long as we are + * receiving acks tcp_rput will + * reset 'tcp_ms_we_have_waited' so as not to trip the + * first and second interval actions. NOTE: the timer + * interval is allowed to continue its exponential + * backoff. + */ + if (tcp->tcp_swnd == 0 || tcp->tcp_zero_win_probe) { + DEBUG_1("tcp_timer (%d): zero win", sock_id); + break; + } else { + /* + * After retransmission, we need to do + * slow start. Set the ssthresh to one + * half of current effective window and + * cwnd to one MSS. Also reset + * tcp_cwnd_cnt. + * + * Note that if tcp_ssthresh is reduced because + * of ECN, do not reduce it again unless it is + * already one window of data away (tcp_cwr + * should then be cleared) or this is a + * timeout for a retransmitted segment. + */ + uint32_t npkt; + + if (!tcp->tcp_cwr || tcp->tcp_rexmit) { + npkt = (MIN((tcp->tcp_timer_backoff ? + tcp->tcp_cwnd_ssthresh : + tcp->tcp_cwnd), + tcp->tcp_swnd) >> 1) / + tcp->tcp_mss; + if (npkt < 2) + npkt = 2; + tcp->tcp_cwnd_ssthresh = npkt * + tcp->tcp_mss; + } + tcp->tcp_cwnd = tcp->tcp_mss; + tcp->tcp_cwnd_cnt = 0; + if (tcp->tcp_ecn_ok) { + tcp->tcp_cwr = B_TRUE; + tcp->tcp_cwr_snd_max = tcp->tcp_snxt; + tcp->tcp_ecn_cwr_sent = B_FALSE; + } + } + break; + } + /* + * We have something to send yet we cannot send. The + * reason can be: + * + * 1. Zero send window: we need to do zero window probe. + * 2. Zero cwnd: because of ECN, we need to "clock out + * segments. + * 3. SWS avoidance: receiver may have shrunk window, + * reset our knowledge. + * + * Note that condition 2 can happen with either 1 or + * 3. But 1 and 3 are exclusive. + */ + if (tcp->tcp_unsent != 0) { + if (tcp->tcp_cwnd == 0) { + /* + * Set tcp_cwnd to 1 MSS so that a + * new segment can be sent out. We + * are "clocking out" new data when + * the network is really congested. + */ + assert(tcp->tcp_ecn_ok); + tcp->tcp_cwnd = tcp->tcp_mss; + } + if (tcp->tcp_swnd == 0) { + /* Extend window for zero window probe */ + tcp->tcp_swnd++; + tcp->tcp_zero_win_probe = B_TRUE; + BUMP_MIB(tcp_mib.tcpOutWinProbe); + } else { + /* + * Handle timeout from sender SWS avoidance. + * Reset our knowledge of the max send window + * since the receiver might have reduced its + * receive buffer. Avoid setting tcp_max_swnd + * to one since that will essentially disable + * the SWS checks. + * + * Note that since we don't have a SWS + * state variable, if the timeout is set + * for ECN but not for SWS, this + * code will also be executed. This is + * fine as tcp_max_swnd is updated + * constantly and it will not affect + * anything. + */ + tcp->tcp_max_swnd = MAX(tcp->tcp_swnd, 2); + } + tcp_wput_data(tcp, NULL, sock_id); + return; + } + /* Is there a FIN that needs to be to re retransmitted? */ + if ((tcp->tcp_valid_bits & TCP_FSS_VALID) && + !tcp->tcp_fin_acked) + break; + /* Nothing to do, return without restarting timer. */ + return; + case TCPS_FIN_WAIT_2: + /* + * User closed the TCP endpoint and peer ACK'ed our FIN. + * We waited some time for for peer's FIN, but it hasn't + * arrived. We flush the connection now to avoid + * case where the peer has rebooted. + */ + /* FALLTHRU */ + case TCPS_TIME_WAIT: + (void) tcp_clean_death(sock_id, tcp, 0); + return; + default: + DEBUG_3("tcp_timer (%d): strange state (%d) %s", sock_id, + tcp->tcp_state, tcp_display(tcp, NULL, + DISP_PORT_ONLY)); + return; + } + if ((ms = tcp->tcp_ms_we_have_waited) > second_threshold) { + /* + * For zero window probe, we need to send indefinitely, + * unless we have not heard from the other side for some + * time... + */ + if ((tcp->tcp_zero_win_probe == 0) || + ((prom_gettime() - tcp->tcp_last_recv_time) > + second_threshold)) { + BUMP_MIB(tcp_mib.tcpTimRetransDrop); + /* + * If TCP is in SYN_RCVD state, send back a + * RST|ACK as BSD does. Note that tcp_zero_win_probe + * should be zero in TCPS_SYN_RCVD state. + */ + if (tcp->tcp_state == TCPS_SYN_RCVD) { + tcp_xmit_ctl("tcp_timer: RST sent on timeout " + "in SYN_RCVD", + tcp, NULL, tcp->tcp_snxt, + tcp->tcp_rnxt, TH_RST | TH_ACK, 0, sock_id); + } + (void) tcp_clean_death(sock_id, tcp, + tcp->tcp_client_errno ? + tcp->tcp_client_errno : ETIMEDOUT); + return; + } else { + /* + * Set tcp_ms_we_have_waited to second_threshold + * so that in next timeout, we will do the above + * check (lbolt - tcp_last_recv_time). This is + * also to avoid overflow. + * + * We don't need to decrement tcp_timer_backoff + * to avoid overflow because it will be decremented + * later if new timeout value is greater than + * tcp_rexmit_interval_max. In the case when + * tcp_rexmit_interval_max is greater than + * second_threshold, it means that we will wait + * longer than second_threshold to send the next + * window probe. + */ + tcp->tcp_ms_we_have_waited = second_threshold; + } + } else if (ms > first_threshold && tcp->tcp_rtt_sa != 0) { + /* + * We have been retransmitting for too long... The RTT + * we calculated is probably incorrect. Reinitialize it. + * Need to compensate for 0 tcp_rtt_sa. Reset + * tcp_rtt_update so that we won't accidentally cache a + * bad value. But only do this if this is not a zero + * window probe. + */ + if (tcp->tcp_zero_win_probe == 0) { + tcp->tcp_rtt_sd += (tcp->tcp_rtt_sa >> 3) + + (tcp->tcp_rtt_sa >> 5); + tcp->tcp_rtt_sa = 0; + tcp->tcp_rtt_update = 0; + } + } + tcp->tcp_timer_backoff++; + if ((ms = (tcp->tcp_rtt_sa >> 3) + tcp->tcp_rtt_sd + + tcp_rexmit_interval_extra + (tcp->tcp_rtt_sa >> 5)) < + tcp_rexmit_interval_min) { + /* + * This means the original RTO is tcp_rexmit_interval_min. + * So we will use tcp_rexmit_interval_min as the RTO value + * and do the backoff. + */ + ms = tcp_rexmit_interval_min << tcp->tcp_timer_backoff; + } else { + ms <<= tcp->tcp_timer_backoff; + } + if (ms > tcp_rexmit_interval_max) { + ms = tcp_rexmit_interval_max; + /* + * ms is at max, decrement tcp_timer_backoff to avoid + * overflow. + */ + tcp->tcp_timer_backoff--; + } + tcp->tcp_ms_we_have_waited += ms; + if (tcp->tcp_zero_win_probe == 0) { + tcp->tcp_rto = ms; + } + TCP_TIMER_RESTART(tcp, ms); + /* + * This is after a timeout and tcp_rto is backed off. Set + * tcp_set_timer to 1 so that next time RTO is updated, we will + * restart the timer with a correct value. + */ + tcp->tcp_set_timer = 1; + mss = tcp->tcp_snxt - tcp->tcp_suna; + if (mss > tcp->tcp_mss) + mss = tcp->tcp_mss; + if (mss > tcp->tcp_swnd && tcp->tcp_swnd != 0) + mss = tcp->tcp_swnd; + + if ((mp = tcp->tcp_xmit_head) != NULL) + mp->b_prev = (mblk_t *)prom_gettime(); + mp = tcp_xmit_mp(tcp, mp, mss, NULL, NULL, tcp->tcp_suna, B_TRUE, &mss, + B_TRUE); + if (mp == NULL) + return; + tcp->tcp_csuna = tcp->tcp_snxt; + BUMP_MIB(tcp_mib.tcpRetransSegs); + UPDATE_MIB(tcp_mib.tcpRetransBytes, mss); + /* Dump the packet when debugging. */ + TCP_DUMP_PACKET("tcp_timer", mp); + + (void) ipv4_tcp_output(sock_id, mp); + freeb(mp); + + /* + * When slow start after retransmission begins, start with + * this seq no. tcp_rexmit_max marks the end of special slow + * start phase. tcp_snd_burst controls how many segments + * can be sent because of an ack. + */ + tcp->tcp_rexmit_nxt = tcp->tcp_suna; + tcp->tcp_snd_burst = TCP_CWND_SS; + if ((tcp->tcp_valid_bits & TCP_FSS_VALID) && + (tcp->tcp_unsent == 0)) { + tcp->tcp_rexmit_max = tcp->tcp_fss; + } else { + tcp->tcp_rexmit_max = tcp->tcp_snxt; + } + tcp->tcp_rexmit = B_TRUE; + tcp->tcp_dupack_cnt = 0; + + /* + * Remove all rexmit SACK blk to start from fresh. + */ + if (tcp->tcp_snd_sack_ok && tcp->tcp_notsack_list != NULL) { + TCP_NOTSACK_REMOVE_ALL(tcp->tcp_notsack_list); + tcp->tcp_num_notsack_blk = 0; + tcp->tcp_cnt_notsack_list = 0; + } +} + +/* + * The TCP normal data output path. + * NOTE: the logic of the fast path is duplicated from this function. + */ +static void +tcp_wput_data(tcp_t *tcp, mblk_t *mp, int sock_id) +{ + int len; + mblk_t *local_time; + mblk_t *mp1; + uchar_t *rptr; + uint32_t snxt; + int tail_unsent; + int tcpstate; + int usable = 0; + mblk_t *xmit_tail; + int32_t num_burst_seg; + int32_t mss; + int32_t num_sack_blk = 0; + int32_t tcp_hdr_len; + ipaddr_t *dst; + ipaddr_t *src; + +#ifdef DEBUG + printf("tcp_wput_data(%d) ##############################\n", sock_id); +#endif + tcpstate = tcp->tcp_state; + if (mp == NULL) { + /* Really tacky... but we need this for detached closes. */ + len = tcp->tcp_unsent; + goto data_null; + } + + /* + * Don't allow data after T_ORDREL_REQ or T_DISCON_REQ, + * or before a connection attempt has begun. + * + * The following should not happen in inetboot.... + */ + if (tcpstate < TCPS_SYN_SENT || tcpstate > TCPS_CLOSE_WAIT || + (tcp->tcp_valid_bits & TCP_FSS_VALID) != 0) { + if ((tcp->tcp_valid_bits & TCP_FSS_VALID) != 0) { + printf("tcp_wput_data: data after ordrel, %s\n", + tcp_display(tcp, NULL, DISP_ADDR_AND_PORT)); + } + freemsg(mp); + return; + } + + /* Strip empties */ + for (;;) { + assert((uintptr_t)(mp->b_wptr - mp->b_rptr) <= + (uintptr_t)INT_MAX); + len = (int)(mp->b_wptr - mp->b_rptr); + if (len > 0) + break; + mp1 = mp; + mp = mp->b_cont; + freeb(mp1); + if (mp == NULL) { + return; + } + } + + /* If we are the first on the list ... */ + if (tcp->tcp_xmit_head == NULL) { + tcp->tcp_xmit_head = mp; + tcp->tcp_xmit_tail = mp; + tcp->tcp_xmit_tail_unsent = len; + } else { + tcp->tcp_xmit_last->b_cont = mp; + len += tcp->tcp_unsent; + } + + /* Tack on however many more positive length mblks we have */ + if ((mp1 = mp->b_cont) != NULL) { + do { + int tlen; + assert((uintptr_t)(mp1->b_wptr - + mp1->b_rptr) <= (uintptr_t)INT_MAX); + tlen = (int)(mp1->b_wptr - mp1->b_rptr); + if (tlen <= 0) { + mp->b_cont = mp1->b_cont; + freeb(mp1); + } else { + len += tlen; + mp = mp1; + } + } while ((mp1 = mp->b_cont) != NULL); + } + tcp->tcp_xmit_last = mp; + tcp->tcp_unsent = len; + +data_null: + snxt = tcp->tcp_snxt; + xmit_tail = tcp->tcp_xmit_tail; + tail_unsent = tcp->tcp_xmit_tail_unsent; + + /* + * Note that tcp_mss has been adjusted to take into account the + * timestamp option if applicable. Because SACK options do not + * appear in every TCP segments and they are of variable lengths, + * they cannot be included in tcp_mss. Thus we need to calculate + * the actual segment length when we need to send a segment which + * includes SACK options. + */ + if (tcp->tcp_snd_sack_ok && tcp->tcp_num_sack_blk > 0) { + int32_t opt_len; + + num_sack_blk = MIN(tcp->tcp_max_sack_blk, + tcp->tcp_num_sack_blk); + opt_len = num_sack_blk * sizeof (sack_blk_t) + TCPOPT_NOP_LEN * + 2 + TCPOPT_HEADER_LEN; + mss = tcp->tcp_mss - opt_len; + tcp_hdr_len = tcp->tcp_hdr_len + opt_len; + } else { + mss = tcp->tcp_mss; + tcp_hdr_len = tcp->tcp_hdr_len; + } + + if ((tcp->tcp_suna == snxt) && + (prom_gettime() - tcp->tcp_last_recv_time) >= tcp->tcp_rto) { + tcp->tcp_cwnd = MIN(tcp_slow_start_after_idle * mss, + MIN(4 * mss, MAX(2 * mss, 4380 / mss * mss))); + } + if (tcpstate == TCPS_SYN_RCVD) { + /* + * The three-way connection establishment handshake is not + * complete yet. We want to queue the data for transmission + * after entering ESTABLISHED state (RFC793). Setting usable to + * zero cause a jump to "done" label effectively leaving data + * on the queue. + */ + + usable = 0; + } else { + int usable_r = tcp->tcp_swnd; + + /* + * In the special case when cwnd is zero, which can only + * happen if the connection is ECN capable, return now. + * New segments is sent using tcp_timer(). The timer + * is set in tcp_rput_data(). + */ + if (tcp->tcp_cwnd == 0) { + /* + * Note that tcp_cwnd is 0 before 3-way handshake is + * finished. + */ + assert(tcp->tcp_ecn_ok || + tcp->tcp_state < TCPS_ESTABLISHED); + return; + } + + /* usable = MIN(swnd, cwnd) - unacked_bytes */ + if (usable_r > tcp->tcp_cwnd) + usable_r = tcp->tcp_cwnd; + + /* NOTE: trouble if xmitting while SYN not acked? */ + usable_r -= snxt; + usable_r += tcp->tcp_suna; + + /* usable = MIN(usable, unsent) */ + if (usable_r > len) + usable_r = len; + + /* usable = MAX(usable, {1 for urgent, 0 for data}) */ + if (usable_r != 0) + usable = usable_r; + } + + local_time = (mblk_t *)prom_gettime(); + + /* + * "Our" Nagle Algorithm. This is not the same as in the old + * BSD. This is more in line with the true intent of Nagle. + * + * The conditions are: + * 1. The amount of unsent data (or amount of data which can be + * sent, whichever is smaller) is less than Nagle limit. + * 2. The last sent size is also less than Nagle limit. + * 3. There is unack'ed data. + * 4. Urgent pointer is not set. Send urgent data ignoring the + * Nagle algorithm. This reduces the probability that urgent + * bytes get "merged" together. + * 5. The app has not closed the connection. This eliminates the + * wait time of the receiving side waiting for the last piece of + * (small) data. + * + * If all are satisified, exit without sending anything. Note + * that Nagle limit can be smaller than 1 MSS. Nagle limit is + * the smaller of 1 MSS and global tcp_naglim_def (default to be + * 4095). + */ + if (usable < (int)tcp->tcp_naglim && + tcp->tcp_naglim > tcp->tcp_last_sent_len && + snxt != tcp->tcp_suna && + !(tcp->tcp_valid_bits & TCP_URG_VALID)) + goto done; + + num_burst_seg = tcp->tcp_snd_burst; + for (;;) { + tcph_t *tcph; + mblk_t *new_mp; + + if (num_burst_seg-- == 0) + goto done; + + len = mss; + if (len > usable) { + len = usable; + if (len <= 0) { + /* Terminate the loop */ + goto done; + } + /* + * Sender silly-window avoidance. + * Ignore this if we are going to send a + * zero window probe out. + * + * TODO: force data into microscopic window ?? + * ==> (!pushed || (unsent > usable)) + */ + if (len < (tcp->tcp_max_swnd >> 1) && + (tcp->tcp_unsent - (snxt - tcp->tcp_snxt)) > len && + !((tcp->tcp_valid_bits & TCP_URG_VALID) && + len == 1) && (! tcp->tcp_zero_win_probe)) { + /* + * If the retransmit timer is not running + * we start it so that we will retransmit + * in the case when the the receiver has + * decremented the window. + */ + if (snxt == tcp->tcp_snxt && + snxt == tcp->tcp_suna) { + /* + * We are not supposed to send + * anything. So let's wait a little + * bit longer before breaking SWS + * avoidance. + * + * What should the value be? + * Suggestion: MAX(init rexmit time, + * tcp->tcp_rto) + */ + TCP_TIMER_RESTART(tcp, tcp->tcp_rto); + } + goto done; + } + } + + tcph = tcp->tcp_tcph; + + usable -= len; /* Approximate - can be adjusted later */ + if (usable > 0) + tcph->th_flags[0] = TH_ACK; + else + tcph->th_flags[0] = (TH_ACK | TH_PUSH); + + U32_TO_ABE32(snxt, tcph->th_seq); + + if (tcp->tcp_valid_bits) { + uchar_t *prev_rptr = xmit_tail->b_rptr; + uint32_t prev_snxt = tcp->tcp_snxt; + + if (tail_unsent == 0) { + assert(xmit_tail->b_cont != NULL); + xmit_tail = xmit_tail->b_cont; + prev_rptr = xmit_tail->b_rptr; + tail_unsent = (int)(xmit_tail->b_wptr - + xmit_tail->b_rptr); + } else { + xmit_tail->b_rptr = xmit_tail->b_wptr - + tail_unsent; + } + mp = tcp_xmit_mp(tcp, xmit_tail, len, NULL, NULL, + snxt, B_FALSE, (uint32_t *)&len, B_FALSE); + /* Restore tcp_snxt so we get amount sent right. */ + tcp->tcp_snxt = prev_snxt; + if (prev_rptr == xmit_tail->b_rptr) + xmit_tail->b_prev = local_time; + else + xmit_tail->b_rptr = prev_rptr; + + if (mp == NULL) + break; + + mp1 = mp->b_cont; + + snxt += len; + tcp->tcp_last_sent_len = (ushort_t)len; + while (mp1->b_cont) { + xmit_tail = xmit_tail->b_cont; + xmit_tail->b_prev = local_time; + mp1 = mp1->b_cont; + } + tail_unsent = xmit_tail->b_wptr - mp1->b_wptr; + BUMP_MIB(tcp_mib.tcpOutDataSegs); + UPDATE_MIB(tcp_mib.tcpOutDataBytes, len); + /* Dump the packet when debugging. */ + TCP_DUMP_PACKET("tcp_wput_data (valid bits)", mp); + (void) ipv4_tcp_output(sock_id, mp); + freeb(mp); + continue; + } + + snxt += len; /* Adjust later if we don't send all of len */ + BUMP_MIB(tcp_mib.tcpOutDataSegs); + UPDATE_MIB(tcp_mib.tcpOutDataBytes, len); + + if (tail_unsent) { + /* Are the bytes above us in flight? */ + rptr = xmit_tail->b_wptr - tail_unsent; + if (rptr != xmit_tail->b_rptr) { + tail_unsent -= len; + len += tcp_hdr_len; + tcp->tcp_ipha->ip_len = htons(len); + mp = dupb(xmit_tail); + if (!mp) + break; + mp->b_rptr = rptr; + goto must_alloc; + } + } else { + xmit_tail = xmit_tail->b_cont; + assert((uintptr_t)(xmit_tail->b_wptr - + xmit_tail->b_rptr) <= (uintptr_t)INT_MAX); + tail_unsent = (int)(xmit_tail->b_wptr - + xmit_tail->b_rptr); + } + + tail_unsent -= len; + tcp->tcp_last_sent_len = (ushort_t)len; + + len += tcp_hdr_len; + if (tcp->tcp_ipversion == IPV4_VERSION) + tcp->tcp_ipha->ip_len = htons(len); + + xmit_tail->b_prev = local_time; + + mp = dupb(xmit_tail); + if (mp == NULL) + goto out_of_mem; + + len = tcp_hdr_len; + /* + * There are four reasons to allocate a new hdr mblk: + * 1) The bytes above us are in use by another packet + * 2) We don't have good alignment + * 3) The mblk is being shared + * 4) We don't have enough room for a header + */ + rptr = mp->b_rptr - len; + if (!OK_32PTR(rptr) || + rptr < mp->b_datap) { + /* NOTE: we assume allocb returns an OK_32PTR */ + + must_alloc:; + mp1 = allocb(tcp->tcp_ip_hdr_len + TCP_MAX_HDR_LENGTH + + tcp_wroff_xtra, 0); + if (mp1 == NULL) { + freemsg(mp); + goto out_of_mem; + } + mp1->b_cont = mp; + mp = mp1; + /* Leave room for Link Level header */ + len = tcp_hdr_len; + rptr = &mp->b_rptr[tcp_wroff_xtra]; + mp->b_wptr = &rptr[len]; + } + + if (tcp->tcp_snd_ts_ok) { + U32_TO_BE32((uint32_t)local_time, + (char *)tcph+TCP_MIN_HEADER_LENGTH+4); + U32_TO_BE32(tcp->tcp_ts_recent, + (char *)tcph+TCP_MIN_HEADER_LENGTH+8); + } else { + assert(tcp->tcp_tcp_hdr_len == TCP_MIN_HEADER_LENGTH); + } + + mp->b_rptr = rptr; + + /* Copy the template header. */ + dst = (ipaddr_t *)rptr; + src = (ipaddr_t *)tcp->tcp_iphc; + dst[0] = src[0]; + dst[1] = src[1]; + dst[2] = src[2]; + dst[3] = src[3]; + dst[4] = src[4]; + dst[5] = src[5]; + dst[6] = src[6]; + dst[7] = src[7]; + dst[8] = src[8]; + dst[9] = src[9]; + len = tcp->tcp_hdr_len; + if (len -= 40) { + len >>= 2; + dst += 10; + src += 10; + do { + *dst++ = *src++; + } while (--len); + } + + /* + * Set tcph to point to the header of the outgoing packet, + * not to the template header. + */ + tcph = (tcph_t *)(rptr + tcp->tcp_ip_hdr_len); + + /* + * Set the ECN info in the TCP header if it is not a zero + * window probe. Zero window probe is only sent in + * tcp_wput_data() and tcp_timer(). + */ + if (tcp->tcp_ecn_ok && !tcp->tcp_zero_win_probe) { + SET_ECT(tcp, rptr); + + if (tcp->tcp_ecn_echo_on) + tcph->th_flags[0] |= TH_ECE; + if (tcp->tcp_cwr && !tcp->tcp_ecn_cwr_sent) { + tcph->th_flags[0] |= TH_CWR; + tcp->tcp_ecn_cwr_sent = B_TRUE; + } + } + + /* Fill in SACK options */ + if (num_sack_blk > 0) { + uchar_t *wptr = rptr + tcp->tcp_hdr_len; + sack_blk_t *tmp; + int32_t i; + + wptr[0] = TCPOPT_NOP; + wptr[1] = TCPOPT_NOP; + wptr[2] = TCPOPT_SACK; + wptr[3] = TCPOPT_HEADER_LEN + num_sack_blk * + sizeof (sack_blk_t); + wptr += TCPOPT_REAL_SACK_LEN; + + tmp = tcp->tcp_sack_list; + for (i = 0; i < num_sack_blk; i++) { + U32_TO_BE32(tmp[i].begin, wptr); + wptr += sizeof (tcp_seq); + U32_TO_BE32(tmp[i].end, wptr); + wptr += sizeof (tcp_seq); + } + tcph->th_offset_and_rsrvd[0] += ((num_sack_blk * 2 + 1) + << 4); + } + + if (tail_unsent) { + mp1 = mp->b_cont; + if (mp1 == NULL) + mp1 = mp; + /* + * If we're a little short, tack on more mblks + * as long as we don't need to split an mblk. + */ + while (tail_unsent < 0 && + tail_unsent + (int)(xmit_tail->b_cont->b_wptr - + xmit_tail->b_cont->b_rptr) <= 0) { + xmit_tail = xmit_tail->b_cont; + /* Stash for rtt use later */ + xmit_tail->b_prev = local_time; + mp1->b_cont = dupb(xmit_tail); + mp1 = mp1->b_cont; + assert((uintptr_t)(xmit_tail->b_wptr - + xmit_tail->b_rptr) <= (uintptr_t)INT_MAX); + tail_unsent += (int)(xmit_tail->b_wptr - + xmit_tail->b_rptr); + if (mp1 == NULL) { + freemsg(mp); + goto out_of_mem; + } + } + /* Trim back any surplus on the last mblk */ + if (tail_unsent > 0) + mp1->b_wptr -= tail_unsent; + if (tail_unsent < 0) { + uint32_t ip_len; + + /* + * We did not send everything we could in + * order to preserve mblk boundaries. + */ + usable -= tail_unsent; + snxt += tail_unsent; + tcp->tcp_last_sent_len += tail_unsent; + UPDATE_MIB(tcp_mib.tcpOutDataBytes, + tail_unsent); + /* Adjust the IP length field. */ + ip_len = ntohs(((struct ip *)rptr)->ip_len) + + tail_unsent; + ((struct ip *)rptr)->ip_len = htons(ip_len); + tail_unsent = 0; + } + } + + if (mp == NULL) + goto out_of_mem; + + /* + * Performance hit! We need to pullup the whole message + * in order to do checksum and for the MAC output routine. + */ + if (mp->b_cont != NULL) { + int mp_size; +#ifdef DEBUG + printf("Multiple mblk %d\n", msgdsize(mp)); +#endif + new_mp = allocb(msgdsize(mp) + tcp_wroff_xtra, 0); + new_mp->b_rptr += tcp_wroff_xtra; + new_mp->b_wptr = new_mp->b_rptr; + while (mp != NULL) { + mp_size = mp->b_wptr - mp->b_rptr; + bcopy(mp->b_rptr, new_mp->b_wptr, mp_size); + new_mp->b_wptr += mp_size; + mp = mp->b_cont; + } + freemsg(mp); + mp = new_mp; + } + tcp_set_cksum(mp); + ((struct ip *)mp->b_rptr)->ip_ttl = (uint8_t)tcp_ipv4_ttl; + TCP_DUMP_PACKET("tcp_wput_data", mp); + (void) ipv4_tcp_output(sock_id, mp); + freemsg(mp); + } +out_of_mem:; + /* Pretend that all we were trying to send really got sent */ + if (tail_unsent < 0) { + do { + xmit_tail = xmit_tail->b_cont; + xmit_tail->b_prev = local_time; + assert((uintptr_t)(xmit_tail->b_wptr - + xmit_tail->b_rptr) <= (uintptr_t)INT_MAX); + tail_unsent += (int)(xmit_tail->b_wptr - + xmit_tail->b_rptr); + } while (tail_unsent < 0); + } +done:; + tcp->tcp_xmit_tail = xmit_tail; + tcp->tcp_xmit_tail_unsent = tail_unsent; + len = tcp->tcp_snxt - snxt; + if (len) { + /* + * If new data was sent, need to update the notsack + * list, which is, afterall, data blocks that have + * not been sack'ed by the receiver. New data is + * not sack'ed. + */ + if (tcp->tcp_snd_sack_ok && tcp->tcp_notsack_list != NULL) { + /* len is a negative value. */ + tcp->tcp_pipe -= len; + tcp_notsack_update(&(tcp->tcp_notsack_list), + tcp->tcp_snxt, snxt, + &(tcp->tcp_num_notsack_blk), + &(tcp->tcp_cnt_notsack_list)); + } + tcp->tcp_snxt = snxt + tcp->tcp_fin_sent; + tcp->tcp_rack = tcp->tcp_rnxt; + tcp->tcp_rack_cnt = 0; + if ((snxt + len) == tcp->tcp_suna) { + TCP_TIMER_RESTART(tcp, tcp->tcp_rto); + } + /* + * Note that len is the amount we just sent but with a negative + * sign. We update tcp_unsent here since we may come back to + * tcp_wput_data from tcp_state_wait. + */ + len += tcp->tcp_unsent; + tcp->tcp_unsent = len; + + /* + * Let's wait till all the segments have been acked, since we + * don't have a timer. + */ + (void) tcp_state_wait(sock_id, tcp, TCPS_ALL_ACKED); + return; + } else if (snxt == tcp->tcp_suna && tcp->tcp_swnd == 0) { + /* + * Didn't send anything. Make sure the timer is running + * so that we will probe a zero window. + */ + TCP_TIMER_RESTART(tcp, tcp->tcp_rto); + } + + /* Note that len is the amount we just sent but with a negative sign */ + len += tcp->tcp_unsent; + tcp->tcp_unsent = len; + +} + +static void +tcp_time_wait_processing(tcp_t *tcp, mblk_t *mp, + uint32_t seg_seq, uint32_t seg_ack, int seg_len, tcph_t *tcph, + int sock_id) +{ + int32_t bytes_acked; + int32_t gap; + int32_t rgap; + tcp_opt_t tcpopt; + uint_t flags; + uint32_t new_swnd = 0; + +#ifdef DEBUG + printf("Time wait processing called ###############3\n"); +#endif + + /* Just make sure we send the right sock_id to tcp_clean_death */ + if ((sockets[sock_id].pcb == NULL) || (sockets[sock_id].pcb != tcp)) + sock_id = -1; + + flags = (unsigned int)tcph->th_flags[0] & 0xFF; + new_swnd = BE16_TO_U16(tcph->th_win) << + ((tcph->th_flags[0] & TH_SYN) ? 0 : tcp->tcp_snd_ws); + if (tcp->tcp_snd_ts_ok) { + if (!tcp_paws_check(tcp, tcph, &tcpopt)) { + freemsg(mp); + tcp_xmit_ctl(NULL, tcp, NULL, tcp->tcp_snxt, + tcp->tcp_rnxt, TH_ACK, 0, -1); + return; + } + } + gap = seg_seq - tcp->tcp_rnxt; + rgap = tcp->tcp_rwnd - (gap + seg_len); + if (gap < 0) { + BUMP_MIB(tcp_mib.tcpInDataDupSegs); + UPDATE_MIB(tcp_mib.tcpInDataDupBytes, + (seg_len > -gap ? -gap : seg_len)); + seg_len += gap; + if (seg_len < 0 || (seg_len == 0 && !(flags & TH_FIN))) { + if (flags & TH_RST) { + freemsg(mp); + return; + } + if ((flags & TH_FIN) && seg_len == -1) { + /* + * When TCP receives a duplicate FIN in + * TIME_WAIT state, restart the 2 MSL timer. + * See page 73 in RFC 793. Make sure this TCP + * is already on the TIME_WAIT list. If not, + * just restart the timer. + */ + tcp_time_wait_remove(tcp); + tcp_time_wait_append(tcp); + TCP_TIMER_RESTART(tcp, tcp_time_wait_interval); + tcp_xmit_ctl(NULL, tcp, NULL, tcp->tcp_snxt, + tcp->tcp_rnxt, TH_ACK, 0, -1); + freemsg(mp); + return; + } + flags |= TH_ACK_NEEDED; + seg_len = 0; + goto process_ack; + } + + /* Fix seg_seq, and chew the gap off the front. */ + seg_seq = tcp->tcp_rnxt; + } + + if ((flags & TH_SYN) && gap > 0 && rgap < 0) { + /* + * Make sure that when we accept the connection, pick + * an ISS greater than (tcp_snxt + ISS_INCR/2) for the + * old connection. + * + * The next ISS generated is equal to tcp_iss_incr_extra + * + ISS_INCR/2 + other components depending on the + * value of tcp_strong_iss. We pre-calculate the new + * ISS here and compare with tcp_snxt to determine if + * we need to make adjustment to tcp_iss_incr_extra. + * + * Note that since we are now in the global queue + * perimeter and need to do a lateral_put() to the + * listener queue, there can be other connection requests/ + * attempts while the lateral_put() is going on. That + * means what we calculate here may not be correct. This + * is extremely difficult to solve unless TCP and IP + * modules are merged and there is no perimeter, but just + * locks. The above calculation is ugly and is a + * waste of CPU cycles... + */ + uint32_t new_iss = tcp_iss_incr_extra; + int32_t adj; + + /* Add time component and min random (i.e. 1). */ + new_iss += (prom_gettime() >> ISS_NSEC_SHT) + 1; + if ((adj = (int32_t)(tcp->tcp_snxt - new_iss)) > 0) { + /* + * New ISS not guaranteed to be ISS_INCR/2 + * ahead of the current tcp_snxt, so add the + * difference to tcp_iss_incr_extra. + */ + tcp_iss_incr_extra += adj; + } + tcp_clean_death(sock_id, tcp, 0); + + /* + * This is a passive open. Right now we do not + * do anything... + */ + freemsg(mp); + return; + } + + /* + * rgap is the amount of stuff received out of window. A negative + * value is the amount out of window. + */ + if (rgap < 0) { + BUMP_MIB(tcp_mib.tcpInDataPastWinSegs); + UPDATE_MIB(tcp_mib.tcpInDataPastWinBytes, -rgap); + /* Fix seg_len and make sure there is something left. */ + seg_len += rgap; + if (seg_len <= 0) { + if (flags & TH_RST) { + freemsg(mp); + return; + } + flags |= TH_ACK_NEEDED; + seg_len = 0; + goto process_ack; + } + } + /* + * Check whether we can update tcp_ts_recent. This test is + * NOT the one in RFC 1323 3.4. It is from Braden, 1993, "TCP + * Extensions for High Performance: An Update", Internet Draft. + */ + if (tcp->tcp_snd_ts_ok && + TSTMP_GEQ(tcpopt.tcp_opt_ts_val, tcp->tcp_ts_recent) && + SEQ_LEQ(seg_seq, tcp->tcp_rack)) { + tcp->tcp_ts_recent = tcpopt.tcp_opt_ts_val; + tcp->tcp_last_rcv_lbolt = prom_gettime(); + } + + if (seg_seq != tcp->tcp_rnxt && seg_len > 0) { + /* Always ack out of order packets */ + flags |= TH_ACK_NEEDED; + seg_len = 0; + } else if (seg_len > 0) { + BUMP_MIB(tcp_mib.tcpInDataInorderSegs); + UPDATE_MIB(tcp_mib.tcpInDataInorderBytes, seg_len); + } + if (flags & TH_RST) { + freemsg(mp); + (void) tcp_clean_death(sock_id, tcp, 0); + return; + } + if (flags & TH_SYN) { + freemsg(mp); + tcp_xmit_ctl("TH_SYN", tcp, NULL, seg_ack, seg_seq + 1, + TH_RST|TH_ACK, 0, -1); + /* + * Do not delete the TCP structure if it is in + * TIME_WAIT state. Refer to RFC 1122, 4.2.2.13. + */ + return; + } +process_ack: + if (flags & TH_ACK) { + bytes_acked = (int)(seg_ack - tcp->tcp_suna); + if (bytes_acked <= 0) { + if (bytes_acked == 0 && seg_len == 0 && + new_swnd == tcp->tcp_swnd) + BUMP_MIB(tcp_mib.tcpInDupAck); + } else { + /* Acks something not sent */ + flags |= TH_ACK_NEEDED; + } + } + freemsg(mp); + if (flags & TH_ACK_NEEDED) { + /* + * Time to send an ack for some reason. + */ + tcp_xmit_ctl(NULL, tcp, NULL, tcp->tcp_snxt, + tcp->tcp_rnxt, TH_ACK, 0, -1); + } +} + +static int +tcp_init_values(tcp_t *tcp, struct inetboot_socket *isp) +{ + int err; + + tcp->tcp_family = AF_INET; + tcp->tcp_ipversion = IPV4_VERSION; + + /* + * Initialize tcp_rtt_sa and tcp_rtt_sd so that the calculated RTO + * will be close to tcp_rexmit_interval_initial. By doing this, we + * allow the algorithm to adjust slowly to large fluctuations of RTT + * during first few transmissions of a connection as seen in slow + * links. + */ + tcp->tcp_rtt_sa = tcp_rexmit_interval_initial << 2; + tcp->tcp_rtt_sd = tcp_rexmit_interval_initial >> 1; + tcp->tcp_rto = (tcp->tcp_rtt_sa >> 3) + tcp->tcp_rtt_sd + + tcp_rexmit_interval_extra + (tcp->tcp_rtt_sa >> 5) + + tcp_conn_grace_period; + if (tcp->tcp_rto < tcp_rexmit_interval_min) + tcp->tcp_rto = tcp_rexmit_interval_min; + tcp->tcp_timer_backoff = 0; + tcp->tcp_ms_we_have_waited = 0; + tcp->tcp_last_recv_time = prom_gettime(); + tcp->tcp_cwnd_max = tcp_cwnd_max_; + tcp->tcp_snd_burst = TCP_CWND_INFINITE; + tcp->tcp_cwnd_ssthresh = TCP_MAX_LARGEWIN; + /* For Ethernet, the mtu returned is actually 1550... */ + if (mac_get_type() == IFT_ETHER) { + tcp->tcp_if_mtu = mac_get_mtu() - 50; + } else { + tcp->tcp_if_mtu = mac_get_mtu(); + } + tcp->tcp_mss = tcp->tcp_if_mtu; + + tcp->tcp_first_timer_threshold = tcp_ip_notify_interval; + tcp->tcp_first_ctimer_threshold = tcp_ip_notify_cinterval; + tcp->tcp_second_timer_threshold = tcp_ip_abort_interval; + /* + * Fix it to tcp_ip_abort_linterval later if it turns out to be a + * passive open. + */ + tcp->tcp_second_ctimer_threshold = tcp_ip_abort_cinterval; + + tcp->tcp_naglim = tcp_naglim_def; + + /* NOTE: ISS is now set in tcp_adapt_ire(). */ + + /* Initialize the header template */ + if (tcp->tcp_ipversion == IPV4_VERSION) { + err = tcp_header_init_ipv4(tcp); + } + if (err) + return (err); + + /* + * Init the window scale to the max so tcp_rwnd_set() won't pare + * down tcp_rwnd. tcp_adapt_ire() will set the right value later. + */ + tcp->tcp_rcv_ws = TCP_MAX_WINSHIFT; + tcp->tcp_xmit_lowater = tcp_xmit_lowat; + if (isp != NULL) { + tcp->tcp_xmit_hiwater = isp->so_sndbuf; + tcp->tcp_rwnd = isp->so_rcvbuf; + tcp->tcp_rwnd_max = isp->so_rcvbuf; + } + tcp->tcp_state = TCPS_IDLE; + return (0); +} + +/* + * Initialize the IPv4 header. Loses any record of any IP options. + */ +static int +tcp_header_init_ipv4(tcp_t *tcp) +{ + tcph_t *tcph; + + /* + * This is a simple initialization. If there's + * already a template, it should never be too small, + * so reuse it. Otherwise, allocate space for the new one. + */ + if (tcp->tcp_iphc != NULL) { + assert(tcp->tcp_iphc_len >= TCP_MAX_COMBINED_HEADER_LENGTH); + bzero(tcp->tcp_iphc, tcp->tcp_iphc_len); + } else { + tcp->tcp_iphc_len = TCP_MAX_COMBINED_HEADER_LENGTH; + tcp->tcp_iphc = bkmem_zalloc(tcp->tcp_iphc_len); + if (tcp->tcp_iphc == NULL) { + tcp->tcp_iphc_len = 0; + return (ENOMEM); + } + } + tcp->tcp_ipha = (struct ip *)tcp->tcp_iphc; + tcp->tcp_ipversion = IPV4_VERSION; + + /* + * Note that it does not include TCP options yet. It will + * after the connection is established. + */ + tcp->tcp_hdr_len = sizeof (struct ip) + sizeof (tcph_t); + tcp->tcp_tcp_hdr_len = sizeof (tcph_t); + tcp->tcp_ip_hdr_len = sizeof (struct ip); + tcp->tcp_ipha->ip_v = IP_VERSION; + /* We don't support IP options... */ + tcp->tcp_ipha->ip_hl = IP_SIMPLE_HDR_LENGTH_IN_WORDS; + tcp->tcp_ipha->ip_p = IPPROTO_TCP; + /* We are not supposed to do PMTU discovery... */ + tcp->tcp_ipha->ip_sum = 0; + + tcph = (tcph_t *)(tcp->tcp_iphc + sizeof (struct ip)); + tcp->tcp_tcph = tcph; + tcph->th_offset_and_rsrvd[0] = (5 << 4); + return (0); +} + +/* + * Send out a control packet on the tcp connection specified. This routine + * is typically called where we need a simple ACK or RST generated. + * + * This function is called with or without a mp. + */ +static void +tcp_xmit_ctl(char *str, tcp_t *tcp, mblk_t *mp, uint32_t seq, + uint32_t ack, int ctl, uint_t ip_hdr_len, int sock_id) +{ + uchar_t *rptr; + tcph_t *tcph; + struct ip *iph = NULL; + int tcp_hdr_len; + int tcp_ip_hdr_len; + + tcp_hdr_len = tcp->tcp_hdr_len; + tcp_ip_hdr_len = tcp->tcp_ip_hdr_len; + + if (mp) { + assert(ip_hdr_len != 0); + rptr = mp->b_rptr; + tcph = (tcph_t *)(rptr + ip_hdr_len); + /* Don't reply to a RST segment. */ + if (tcph->th_flags[0] & TH_RST) { + freeb(mp); + return; + } + freemsg(mp); + rptr = NULL; + } else { + assert(ip_hdr_len == 0); + } + /* If a text string is passed in with the request, print it out. */ + if (str != NULL) { + dprintf("tcp_xmit_ctl(%d): '%s', seq 0x%x, ack 0x%x, " + "ctl 0x%x\n", sock_id, str, seq, ack, ctl); + } + mp = allocb(tcp_ip_hdr_len + TCP_MAX_HDR_LENGTH + tcp_wroff_xtra, 0); + if (mp == NULL) { + dprintf("tcp_xmit_ctl(%d): Cannot allocate memory\n", sock_id); + return; + } + rptr = &mp->b_rptr[tcp_wroff_xtra]; + mp->b_rptr = rptr; + mp->b_wptr = &rptr[tcp_hdr_len]; + bcopy(tcp->tcp_iphc, rptr, tcp_hdr_len); + + iph = (struct ip *)rptr; + iph->ip_len = htons(tcp_hdr_len); + + tcph = (tcph_t *)&rptr[tcp_ip_hdr_len]; + tcph->th_flags[0] = (uint8_t)ctl; + if (ctl & TH_RST) { + BUMP_MIB(tcp_mib.tcpOutRsts); + BUMP_MIB(tcp_mib.tcpOutControl); + /* + * Don't send TSopt w/ TH_RST packets per RFC 1323. + */ + if (tcp->tcp_snd_ts_ok && tcp->tcp_state > TCPS_SYN_SENT) { + mp->b_wptr = &rptr[tcp_hdr_len - TCPOPT_REAL_TS_LEN]; + *(mp->b_wptr) = TCPOPT_EOL; + iph->ip_len = htons(tcp_hdr_len - + TCPOPT_REAL_TS_LEN); + tcph->th_offset_and_rsrvd[0] -= (3 << 4); + } + } + if (ctl & TH_ACK) { + uint32_t now = prom_gettime(); + + if (tcp->tcp_snd_ts_ok) { + U32_TO_BE32(now, + (char *)tcph+TCP_MIN_HEADER_LENGTH+4); + U32_TO_BE32(tcp->tcp_ts_recent, + (char *)tcph+TCP_MIN_HEADER_LENGTH+8); + } + tcp->tcp_rack = ack; + tcp->tcp_rack_cnt = 0; + BUMP_MIB(tcp_mib.tcpOutAck); + } + BUMP_MIB(tcp_mib.tcpOutSegs); + U32_TO_BE32(seq, tcph->th_seq); + U32_TO_BE32(ack, tcph->th_ack); + + tcp_set_cksum(mp); + iph->ip_ttl = (uint8_t)tcp_ipv4_ttl; + TCP_DUMP_PACKET("tcp_xmit_ctl", mp); + (void) ipv4_tcp_output(sock_id, mp); + freeb(mp); +} + +/* Generate an ACK-only (no data) segment for a TCP endpoint */ +static mblk_t * +tcp_ack_mp(tcp_t *tcp) +{ + if (tcp->tcp_valid_bits) { + /* + * For the complex case where we have to send some + * controls (FIN or SYN), let tcp_xmit_mp do it. + * When sending an ACK-only segment (no data) + * into a zero window, always set the seq number to + * suna, since snxt will be extended past the window. + * If we used snxt, the receiver might consider the ACK + * unacceptable. + */ + return (tcp_xmit_mp(tcp, NULL, 0, NULL, NULL, + (tcp->tcp_zero_win_probe) ? + tcp->tcp_suna : + tcp->tcp_snxt, B_FALSE, NULL, B_FALSE)); + } else { + /* Generate a simple ACK */ + uchar_t *rptr; + tcph_t *tcph; + mblk_t *mp1; + int32_t tcp_hdr_len; + int32_t num_sack_blk = 0; + int32_t sack_opt_len; + + /* + * Allocate space for TCP + IP headers + * and link-level header + */ + if (tcp->tcp_snd_sack_ok && tcp->tcp_num_sack_blk > 0) { + num_sack_blk = MIN(tcp->tcp_max_sack_blk, + tcp->tcp_num_sack_blk); + sack_opt_len = num_sack_blk * sizeof (sack_blk_t) + + TCPOPT_NOP_LEN * 2 + TCPOPT_HEADER_LEN; + tcp_hdr_len = tcp->tcp_hdr_len + sack_opt_len; + } else { + tcp_hdr_len = tcp->tcp_hdr_len; + } + mp1 = allocb(tcp_hdr_len + tcp_wroff_xtra, 0); + if (mp1 == NULL) + return (NULL); + + /* copy in prototype TCP + IP header */ + rptr = mp1->b_rptr + tcp_wroff_xtra; + mp1->b_rptr = rptr; + mp1->b_wptr = rptr + tcp_hdr_len; + bcopy(tcp->tcp_iphc, rptr, tcp->tcp_hdr_len); + + tcph = (tcph_t *)&rptr[tcp->tcp_ip_hdr_len]; + + /* + * Set the TCP sequence number. + * When sending an ACK-only segment (no data) + * into a zero window, always set the seq number to + * suna, since snxt will be extended past the window. + * If we used snxt, the receiver might consider the ACK + * unacceptable. + */ + U32_TO_ABE32((tcp->tcp_zero_win_probe) ? + tcp->tcp_suna : tcp->tcp_snxt, tcph->th_seq); + + /* Set up the TCP flag field. */ + tcph->th_flags[0] = (uchar_t)TH_ACK; + if (tcp->tcp_ecn_echo_on) + tcph->th_flags[0] |= TH_ECE; + + tcp->tcp_rack = tcp->tcp_rnxt; + tcp->tcp_rack_cnt = 0; + + /* fill in timestamp option if in use */ + if (tcp->tcp_snd_ts_ok) { + uint32_t llbolt = (uint32_t)prom_gettime(); + + U32_TO_BE32(llbolt, + (char *)tcph+TCP_MIN_HEADER_LENGTH+4); + U32_TO_BE32(tcp->tcp_ts_recent, + (char *)tcph+TCP_MIN_HEADER_LENGTH+8); + } + + /* Fill in SACK options */ + if (num_sack_blk > 0) { + uchar_t *wptr = (uchar_t *)tcph + tcp->tcp_tcp_hdr_len; + sack_blk_t *tmp; + int32_t i; + + wptr[0] = TCPOPT_NOP; + wptr[1] = TCPOPT_NOP; + wptr[2] = TCPOPT_SACK; + wptr[3] = TCPOPT_HEADER_LEN + num_sack_blk * + sizeof (sack_blk_t); + wptr += TCPOPT_REAL_SACK_LEN; + + tmp = tcp->tcp_sack_list; + for (i = 0; i < num_sack_blk; i++) { + U32_TO_BE32(tmp[i].begin, wptr); + wptr += sizeof (tcp_seq); + U32_TO_BE32(tmp[i].end, wptr); + wptr += sizeof (tcp_seq); + } + tcph->th_offset_and_rsrvd[0] += ((num_sack_blk * 2 + 1) + << 4); + } + + ((struct ip *)rptr)->ip_len = htons(tcp_hdr_len); + tcp_set_cksum(mp1); + ((struct ip *)rptr)->ip_ttl = (uint8_t)tcp_ipv4_ttl; + return (mp1); + } +} + +/* + * tcp_xmit_mp is called to return a pointer to an mblk chain complete with + * ip and tcp header ready to pass down to IP. If the mp passed in is + * non-NULL, then up to max_to_send bytes of data will be dup'ed off that + * mblk. (If sendall is not set the dup'ing will stop at an mblk boundary + * otherwise it will dup partial mblks.) + * Otherwise, an appropriate ACK packet will be generated. This + * routine is not usually called to send new data for the first time. It + * is mostly called out of the timer for retransmits, and to generate ACKs. + * + * If offset is not NULL, the returned mblk chain's first mblk's b_rptr will + * be adjusted by *offset. And after dupb(), the offset and the ending mblk + * of the original mblk chain will be returned in *offset and *end_mp. + */ +static mblk_t * +tcp_xmit_mp(tcp_t *tcp, mblk_t *mp, int32_t max_to_send, int32_t *offset, + mblk_t **end_mp, uint32_t seq, boolean_t sendall, uint32_t *seg_len, + boolean_t rexmit) +{ + int data_length; + int32_t off = 0; + uint_t flags; + mblk_t *mp1; + mblk_t *mp2; + mblk_t *new_mp; + uchar_t *rptr; + tcph_t *tcph; + int32_t num_sack_blk = 0; + int32_t sack_opt_len = 0; + + /* Allocate for our maximum TCP header + link-level */ + mp1 = allocb(tcp->tcp_ip_hdr_len + TCP_MAX_HDR_LENGTH + + tcp_wroff_xtra, 0); + if (mp1 == NULL) + return (NULL); + data_length = 0; + + /* + * Note that tcp_mss has been adjusted to take into account the + * timestamp option if applicable. Because SACK options do not + * appear in every TCP segments and they are of variable lengths, + * they cannot be included in tcp_mss. Thus we need to calculate + * the actual segment length when we need to send a segment which + * includes SACK options. + */ + if (tcp->tcp_snd_sack_ok && tcp->tcp_num_sack_blk > 0) { + num_sack_blk = MIN(tcp->tcp_max_sack_blk, + tcp->tcp_num_sack_blk); + sack_opt_len = num_sack_blk * sizeof (sack_blk_t) + + TCPOPT_NOP_LEN * 2 + TCPOPT_HEADER_LEN; + if (max_to_send + sack_opt_len > tcp->tcp_mss) + max_to_send -= sack_opt_len; + } + + if (offset != NULL) { + off = *offset; + /* We use offset as an indicator that end_mp is not NULL. */ + *end_mp = NULL; + } + for (mp2 = mp1; mp && data_length != max_to_send; mp = mp->b_cont) { + /* This could be faster with cooperation from downstream */ + if (mp2 != mp1 && !sendall && + data_length + (int)(mp->b_wptr - mp->b_rptr) > + max_to_send) + /* + * Don't send the next mblk since the whole mblk + * does not fit. + */ + break; + mp2->b_cont = dupb(mp); + mp2 = mp2->b_cont; + if (mp2 == NULL) { + freemsg(mp1); + return (NULL); + } + mp2->b_rptr += off; + assert((uintptr_t)(mp2->b_wptr - mp2->b_rptr) <= + (uintptr_t)INT_MAX); + + data_length += (int)(mp2->b_wptr - mp2->b_rptr); + if (data_length > max_to_send) { + mp2->b_wptr -= data_length - max_to_send; + data_length = max_to_send; + off = mp2->b_wptr - mp->b_rptr; + break; + } else { + off = 0; + } + } + if (offset != NULL) { + *offset = off; + *end_mp = mp; + } + if (seg_len != NULL) { + *seg_len = data_length; + } + + rptr = mp1->b_rptr + tcp_wroff_xtra; + mp1->b_rptr = rptr; + mp1->b_wptr = rptr + tcp->tcp_hdr_len + sack_opt_len; + bcopy(tcp->tcp_iphc, rptr, tcp->tcp_hdr_len); + tcph = (tcph_t *)&rptr[tcp->tcp_ip_hdr_len]; + U32_TO_ABE32(seq, tcph->th_seq); + + /* + * Use tcp_unsent to determine if the PUSH bit should be used assumes + * that this function was called from tcp_wput_data. Thus, when called + * to retransmit data the setting of the PUSH bit may appear some + * what random in that it might get set when it should not. This + * should not pose any performance issues. + */ + if (data_length != 0 && (tcp->tcp_unsent == 0 || + tcp->tcp_unsent == data_length)) { + flags = TH_ACK | TH_PUSH; + } else { + flags = TH_ACK; + } + + if (tcp->tcp_ecn_ok) { + if (tcp->tcp_ecn_echo_on) + flags |= TH_ECE; + + /* + * Only set ECT bit and ECN_CWR if a segment contains new data. + * There is no TCP flow control for non-data segments, and + * only data segment is transmitted reliably. + */ + if (data_length > 0 && !rexmit) { + SET_ECT(tcp, rptr); + if (tcp->tcp_cwr && !tcp->tcp_ecn_cwr_sent) { + flags |= TH_CWR; + tcp->tcp_ecn_cwr_sent = B_TRUE; + } + } + } + + if (tcp->tcp_valid_bits) { + uint32_t u1; + + if ((tcp->tcp_valid_bits & TCP_ISS_VALID) && + seq == tcp->tcp_iss) { + uchar_t *wptr; + + /* + * Tack on the MSS option. It is always needed + * for both active and passive open. + */ + wptr = mp1->b_wptr; + wptr[0] = TCPOPT_MAXSEG; + wptr[1] = TCPOPT_MAXSEG_LEN; + wptr += 2; + /* + * MSS option value should be interface MTU - MIN + * TCP/IP header. + */ + u1 = tcp->tcp_if_mtu - IP_SIMPLE_HDR_LENGTH - + TCP_MIN_HEADER_LENGTH; + U16_TO_BE16(u1, wptr); + mp1->b_wptr = wptr + 2; + /* Update the offset to cover the additional word */ + tcph->th_offset_and_rsrvd[0] += (1 << 4); + + /* + * Note that the following way of filling in + * TCP options are not optimal. Some NOPs can + * be saved. But there is no need at this time + * to optimize it. When it is needed, we will + * do it. + */ + switch (tcp->tcp_state) { + case TCPS_SYN_SENT: + flags = TH_SYN; + + if (tcp->tcp_snd_ws_ok) { + wptr = mp1->b_wptr; + wptr[0] = TCPOPT_NOP; + wptr[1] = TCPOPT_WSCALE; + wptr[2] = TCPOPT_WS_LEN; + wptr[3] = (uchar_t)tcp->tcp_rcv_ws; + mp1->b_wptr += TCPOPT_REAL_WS_LEN; + tcph->th_offset_and_rsrvd[0] += + (1 << 4); + } + + if (tcp->tcp_snd_ts_ok) { + uint32_t llbolt; + + llbolt = prom_gettime(); + wptr = mp1->b_wptr; + wptr[0] = TCPOPT_NOP; + wptr[1] = TCPOPT_NOP; + wptr[2] = TCPOPT_TSTAMP; + wptr[3] = TCPOPT_TSTAMP_LEN; + wptr += 4; + U32_TO_BE32(llbolt, wptr); + wptr += 4; + assert(tcp->tcp_ts_recent == 0); + U32_TO_BE32(0L, wptr); + mp1->b_wptr += TCPOPT_REAL_TS_LEN; + tcph->th_offset_and_rsrvd[0] += + (3 << 4); + } + + if (tcp->tcp_snd_sack_ok) { + wptr = mp1->b_wptr; + wptr[0] = TCPOPT_NOP; + wptr[1] = TCPOPT_NOP; + wptr[2] = TCPOPT_SACK_PERMITTED; + wptr[3] = TCPOPT_SACK_OK_LEN; + mp1->b_wptr += TCPOPT_REAL_SACK_OK_LEN; + tcph->th_offset_and_rsrvd[0] += + (1 << 4); + } + + /* + * Set up all the bits to tell other side + * we are ECN capable. + */ + if (tcp->tcp_ecn_ok) { + flags |= (TH_ECE | TH_CWR); + } + break; + case TCPS_SYN_RCVD: + flags |= TH_SYN; + + if (tcp->tcp_snd_ws_ok) { + wptr = mp1->b_wptr; + wptr[0] = TCPOPT_NOP; + wptr[1] = TCPOPT_WSCALE; + wptr[2] = TCPOPT_WS_LEN; + wptr[3] = (uchar_t)tcp->tcp_rcv_ws; + mp1->b_wptr += TCPOPT_REAL_WS_LEN; + tcph->th_offset_and_rsrvd[0] += (1 << 4); + } + + if (tcp->tcp_snd_sack_ok) { + wptr = mp1->b_wptr; + wptr[0] = TCPOPT_NOP; + wptr[1] = TCPOPT_NOP; + wptr[2] = TCPOPT_SACK_PERMITTED; + wptr[3] = TCPOPT_SACK_OK_LEN; + mp1->b_wptr += TCPOPT_REAL_SACK_OK_LEN; + tcph->th_offset_and_rsrvd[0] += + (1 << 4); + } + + /* + * If the other side is ECN capable, reply + * that we are also ECN capable. + */ + if (tcp->tcp_ecn_ok) { + flags |= TH_ECE; + } + break; + default: + break; + } + /* allocb() of adequate mblk assures space */ + assert((uintptr_t)(mp1->b_wptr - + mp1->b_rptr) <= (uintptr_t)INT_MAX); + if (flags & TH_SYN) + BUMP_MIB(tcp_mib.tcpOutControl); + } + if ((tcp->tcp_valid_bits & TCP_FSS_VALID) && + (seq + data_length) == tcp->tcp_fss) { + if (!tcp->tcp_fin_acked) { + flags |= TH_FIN; + BUMP_MIB(tcp_mib.tcpOutControl); + } + if (!tcp->tcp_fin_sent) { + tcp->tcp_fin_sent = B_TRUE; + switch (tcp->tcp_state) { + case TCPS_SYN_RCVD: + case TCPS_ESTABLISHED: + tcp->tcp_state = TCPS_FIN_WAIT_1; + break; + case TCPS_CLOSE_WAIT: + tcp->tcp_state = TCPS_LAST_ACK; + break; + } + if (tcp->tcp_suna == tcp->tcp_snxt) + TCP_TIMER_RESTART(tcp, tcp->tcp_rto); + tcp->tcp_snxt = tcp->tcp_fss + 1; + } + } + } + tcph->th_flags[0] = (uchar_t)flags; + tcp->tcp_rack = tcp->tcp_rnxt; + tcp->tcp_rack_cnt = 0; + + if (tcp->tcp_snd_ts_ok) { + if (tcp->tcp_state != TCPS_SYN_SENT) { + uint32_t llbolt = prom_gettime(); + + U32_TO_BE32(llbolt, + (char *)tcph+TCP_MIN_HEADER_LENGTH+4); + U32_TO_BE32(tcp->tcp_ts_recent, + (char *)tcph+TCP_MIN_HEADER_LENGTH+8); + } + } + + if (num_sack_blk > 0) { + uchar_t *wptr = (uchar_t *)tcph + tcp->tcp_tcp_hdr_len; + sack_blk_t *tmp; + int32_t i; + + wptr[0] = TCPOPT_NOP; + wptr[1] = TCPOPT_NOP; + wptr[2] = TCPOPT_SACK; + wptr[3] = TCPOPT_HEADER_LEN + num_sack_blk * + sizeof (sack_blk_t); + wptr += TCPOPT_REAL_SACK_LEN; + + tmp = tcp->tcp_sack_list; + for (i = 0; i < num_sack_blk; i++) { + U32_TO_BE32(tmp[i].begin, wptr); + wptr += sizeof (tcp_seq); + U32_TO_BE32(tmp[i].end, wptr); + wptr += sizeof (tcp_seq); + } + tcph->th_offset_and_rsrvd[0] += ((num_sack_blk * 2 + 1) << 4); + } + assert((uintptr_t)(mp1->b_wptr - rptr) <= (uintptr_t)INT_MAX); + data_length += (int)(mp1->b_wptr - rptr); + if (tcp->tcp_ipversion == IPV4_VERSION) + ((struct ip *)rptr)->ip_len = htons(data_length); + + /* + * Performance hit! We need to pullup the whole message + * in order to do checksum and for the MAC output routine. + */ + if (mp1->b_cont != NULL) { + int mp_size; +#ifdef DEBUG + printf("Multiple mblk %d\n", msgdsize(mp1)); +#endif + new_mp = allocb(msgdsize(mp1) + tcp_wroff_xtra, 0); + new_mp->b_rptr += tcp_wroff_xtra; + new_mp->b_wptr = new_mp->b_rptr; + while (mp1 != NULL) { + mp_size = mp1->b_wptr - mp1->b_rptr; + bcopy(mp1->b_rptr, new_mp->b_wptr, mp_size); + new_mp->b_wptr += mp_size; + mp1 = mp1->b_cont; + } + freemsg(mp1); + mp1 = new_mp; + } + tcp_set_cksum(mp1); + /* Fill in the TTL field as it is 0 in the header template. */ + ((struct ip *)mp1->b_rptr)->ip_ttl = (uint8_t)tcp_ipv4_ttl; + + return (mp1); +} + +/* + * Generate a "no listener here" reset in response to the + * connection request contained within 'mp' + */ +static void +tcp_xmit_listeners_reset(int sock_id, mblk_t *mp, uint_t ip_hdr_len) +{ + uchar_t *rptr; + uint32_t seg_len; + tcph_t *tcph; + uint32_t seg_seq; + uint32_t seg_ack; + uint_t flags; + + rptr = mp->b_rptr; + + tcph = (tcph_t *)&rptr[ip_hdr_len]; + seg_seq = BE32_TO_U32(tcph->th_seq); + seg_ack = BE32_TO_U32(tcph->th_ack); + flags = tcph->th_flags[0]; + + seg_len = msgdsize(mp) - (TCP_HDR_LENGTH(tcph) + ip_hdr_len); + if (flags & TH_RST) { + freeb(mp); + } else if (flags & TH_ACK) { + tcp_xmit_early_reset("no tcp, reset", + sock_id, mp, seg_ack, 0, TH_RST, ip_hdr_len); + } else { + if (flags & TH_SYN) + seg_len++; + tcp_xmit_early_reset("no tcp, reset/ack", sock_id, + mp, 0, seg_seq + seg_len, + TH_RST | TH_ACK, ip_hdr_len); + } +} + +/* Non overlapping byte exchanger */ +static void +tcp_xchg(uchar_t *a, uchar_t *b, int len) +{ + uchar_t uch; + + while (len-- > 0) { + uch = a[len]; + a[len] = b[len]; + b[len] = uch; + } +} + +/* + * Generate a reset based on an inbound packet for which there is no active + * tcp state that we can find. + */ +static void +tcp_xmit_early_reset(char *str, int sock_id, mblk_t *mp, uint32_t seq, + uint32_t ack, int ctl, uint_t ip_hdr_len) +{ + struct ip *iph = NULL; + ushort_t len; + tcph_t *tcph; + int i; + ipaddr_t addr; + mblk_t *new_mp; + + if (str != NULL) { + dprintf("tcp_xmit_early_reset: '%s', seq 0x%x, ack 0x%x, " + "flags 0x%x\n", str, seq, ack, ctl); + } + + /* + * We skip reversing source route here. + * (for now we replace all IP options with EOL) + */ + iph = (struct ip *)mp->b_rptr; + for (i = IP_SIMPLE_HDR_LENGTH; i < (int)ip_hdr_len; i++) + mp->b_rptr[i] = IPOPT_EOL; + /* + * Make sure that src address is not a limited broadcast + * address. Not all broadcast address checking for the + * src address is possible, since we don't know the + * netmask of the src addr. + * No check for destination address is done, since + * IP will not pass up a packet with a broadcast dest address + * to TCP. + */ + if (iph->ip_src.s_addr == INADDR_ANY || + iph->ip_src.s_addr == INADDR_BROADCAST) { + freemsg(mp); + return; + } + + tcph = (tcph_t *)&mp->b_rptr[ip_hdr_len]; + if (tcph->th_flags[0] & TH_RST) { + freemsg(mp); + return; + } + /* + * Now copy the original header to a new buffer. The reason + * for doing this is that we need to put extra room before + * the header for the MAC layer address. The original mblk + * does not have this extra head room. + */ + len = ip_hdr_len + sizeof (tcph_t); + if ((new_mp = allocb(len + tcp_wroff_xtra, 0)) == NULL) { + freemsg(mp); + return; + } + new_mp->b_rptr += tcp_wroff_xtra; + bcopy(mp->b_rptr, new_mp->b_rptr, len); + new_mp->b_wptr = new_mp->b_rptr + len; + freemsg(mp); + mp = new_mp; + iph = (struct ip *)mp->b_rptr; + tcph = (tcph_t *)&mp->b_rptr[ip_hdr_len]; + + tcph->th_offset_and_rsrvd[0] = (5 << 4); + tcp_xchg(tcph->th_fport, tcph->th_lport, 2); + U32_TO_BE32(ack, tcph->th_ack); + U32_TO_BE32(seq, tcph->th_seq); + U16_TO_BE16(0, tcph->th_win); + bzero(tcph->th_sum, sizeof (int16_t)); + tcph->th_flags[0] = (uint8_t)ctl; + if (ctl & TH_RST) { + BUMP_MIB(tcp_mib.tcpOutRsts); + BUMP_MIB(tcp_mib.tcpOutControl); + } + + iph->ip_len = htons(len); + /* Swap addresses */ + addr = iph->ip_src.s_addr; + iph->ip_src = iph->ip_dst; + iph->ip_dst.s_addr = addr; + iph->ip_id = 0; + iph->ip_ttl = 0; + tcp_set_cksum(mp); + iph->ip_ttl = (uint8_t)tcp_ipv4_ttl; + + /* Dump the packet when debugging. */ + TCP_DUMP_PACKET("tcp_xmit_early_reset", mp); + (void) ipv4_tcp_output(sock_id, mp); + freemsg(mp); +} + +static void +tcp_set_cksum(mblk_t *mp) +{ + struct ip *iph; + tcpha_t *tcph; + int len; + + iph = (struct ip *)mp->b_rptr; + tcph = (tcpha_t *)(iph + 1); + len = ntohs(iph->ip_len); + /* + * Calculate the TCP checksum. Need to include the psuedo header, + * which is similar to the real IP header starting at the TTL field. + */ + iph->ip_sum = htons(len - IP_SIMPLE_HDR_LENGTH); + tcph->tha_sum = 0; + tcph->tha_sum = tcp_cksum((uint16_t *)&(iph->ip_ttl), + len - IP_SIMPLE_HDR_LENGTH + 12); + iph->ip_sum = 0; +} + +static uint16_t +tcp_cksum(uint16_t *buf, uint32_t len) +{ + /* + * Compute Internet Checksum for "count" bytes + * beginning at location "addr". + */ + int32_t sum = 0; + + while (len > 1) { + /* This is the inner loop */ + sum += *buf++; + len -= 2; + } + + /* Add left-over byte, if any */ + if (len > 0) + sum += *(unsigned char *)buf * 256; + + /* Fold 32-bit sum to 16 bits */ + while (sum >> 16) + sum = (sum & 0xffff) + (sum >> 16); + + return ((uint16_t)~sum); +} + +/* + * Type three generator adapted from the random() function in 4.4 BSD: + */ + +/* + * Copyright (c) 1983, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* Type 3 -- x**31 + x**3 + 1 */ +#define DEG_3 31 +#define SEP_3 3 + + +/* Protected by tcp_random_lock */ +static int tcp_randtbl[DEG_3 + 1]; + +static int *tcp_random_fptr = &tcp_randtbl[SEP_3 + 1]; +static int *tcp_random_rptr = &tcp_randtbl[1]; + +static int *tcp_random_state = &tcp_randtbl[1]; +static int *tcp_random_end_ptr = &tcp_randtbl[DEG_3 + 1]; + +static void +tcp_random_init(void) +{ + int i; + uint32_t hrt; + uint32_t wallclock; + uint32_t result; + + /* + * + * XXX We don't have high resolution time in standalone... The + * following is just some approximation on the comment below. + * + * Use high-res timer and current time for seed. Gethrtime() returns + * a longlong, which may contain resolution down to nanoseconds. + * The current time will either be a 32-bit or a 64-bit quantity. + * XOR the two together in a 64-bit result variable. + * Convert the result to a 32-bit value by multiplying the high-order + * 32-bits by the low-order 32-bits. + * + * XXX We don't have gethrtime() in prom and the wallclock.... + */ + + hrt = prom_gettime(); + wallclock = (uint32_t)time(NULL); + result = wallclock ^ hrt; + tcp_random_state[0] = result; + + for (i = 1; i < DEG_3; i++) + tcp_random_state[i] = 1103515245 * tcp_random_state[i - 1] + + 12345; + tcp_random_fptr = &tcp_random_state[SEP_3]; + tcp_random_rptr = &tcp_random_state[0]; + for (i = 0; i < 10 * DEG_3; i++) + (void) tcp_random(); +} + +/* + * tcp_random: Return a random number in the range [1 - (128K + 1)]. + * This range is selected to be approximately centered on TCP_ISS / 2, + * and easy to compute. We get this value by generating a 32-bit random + * number, selecting out the high-order 17 bits, and then adding one so + * that we never return zero. + */ +static int +tcp_random(void) +{ + int i; + + *tcp_random_fptr += *tcp_random_rptr; + + /* + * The high-order bits are more random than the low-order bits, + * so we select out the high-order 17 bits and add one so that + * we never return zero. + */ + i = ((*tcp_random_fptr >> 15) & 0x1ffff) + 1; + if (++tcp_random_fptr >= tcp_random_end_ptr) { + tcp_random_fptr = tcp_random_state; + ++tcp_random_rptr; + } else if (++tcp_random_rptr >= tcp_random_end_ptr) + tcp_random_rptr = tcp_random_state; + + return (i); +} + +/* + * Generate ISS, taking into account NDD changes may happen halfway through. + * (If the iss is not zero, set it.) + */ +static void +tcp_iss_init(tcp_t *tcp) +{ + tcp_iss_incr_extra += (ISS_INCR >> 1); + tcp->tcp_iss = tcp_iss_incr_extra; + tcp->tcp_iss += (prom_gettime() >> ISS_NSEC_SHT) + tcp_random(); + tcp->tcp_valid_bits = TCP_ISS_VALID; + tcp->tcp_fss = tcp->tcp_iss - 1; + tcp->tcp_suna = tcp->tcp_iss; + tcp->tcp_snxt = tcp->tcp_iss + 1; + tcp->tcp_rexmit_nxt = tcp->tcp_snxt; + tcp->tcp_csuna = tcp->tcp_snxt; +} + +/* + * Diagnostic routine used to return a string associated with the tcp state. + * Note that if the caller does not supply a buffer, it will use an internal + * static string. This means that if multiple threads call this function at + * the same time, output can be corrupted... Note also that this function + * does not check the size of the supplied buffer. The caller has to make + * sure that it is big enough. + */ +static char * +tcp_display(tcp_t *tcp, char *sup_buf, char format) +{ + char buf1[30]; + static char priv_buf[INET_ADDRSTRLEN * 2 + 80]; + char *buf; + char *cp; + char local_addrbuf[INET_ADDRSTRLEN]; + char remote_addrbuf[INET_ADDRSTRLEN]; + struct in_addr addr; + + if (sup_buf != NULL) + buf = sup_buf; + else + buf = priv_buf; + + if (tcp == NULL) + return ("NULL_TCP"); + switch (tcp->tcp_state) { + case TCPS_CLOSED: + cp = "TCP_CLOSED"; + break; + case TCPS_IDLE: + cp = "TCP_IDLE"; + break; + case TCPS_BOUND: + cp = "TCP_BOUND"; + break; + case TCPS_LISTEN: + cp = "TCP_LISTEN"; + break; + case TCPS_SYN_SENT: + cp = "TCP_SYN_SENT"; + break; + case TCPS_SYN_RCVD: + cp = "TCP_SYN_RCVD"; + break; + case TCPS_ESTABLISHED: + cp = "TCP_ESTABLISHED"; + break; + case TCPS_CLOSE_WAIT: + cp = "TCP_CLOSE_WAIT"; + break; + case TCPS_FIN_WAIT_1: + cp = "TCP_FIN_WAIT_1"; + break; + case TCPS_CLOSING: + cp = "TCP_CLOSING"; + break; + case TCPS_LAST_ACK: + cp = "TCP_LAST_ACK"; + break; + case TCPS_FIN_WAIT_2: + cp = "TCP_FIN_WAIT_2"; + break; + case TCPS_TIME_WAIT: + cp = "TCP_TIME_WAIT"; + break; + default: + (void) sprintf(buf1, "TCPUnkState(%d)", tcp->tcp_state); + cp = buf1; + break; + } + switch (format) { + case DISP_ADDR_AND_PORT: + /* + * Note that we use the remote address in the tcp_b + * structure. This means that it will print out + * the real destination address, not the next hop's + * address if source routing is used. + */ + addr.s_addr = tcp->tcp_bound_source; + bcopy(inet_ntoa(addr), local_addrbuf, sizeof (local_addrbuf)); + addr.s_addr = tcp->tcp_remote; + bcopy(inet_ntoa(addr), remote_addrbuf, sizeof (remote_addrbuf)); + (void) snprintf(buf, sizeof (priv_buf), "[%s.%u, %s.%u] %s", + local_addrbuf, ntohs(tcp->tcp_lport), remote_addrbuf, + ntohs(tcp->tcp_fport), cp); + break; + case DISP_PORT_ONLY: + default: + (void) snprintf(buf, sizeof (priv_buf), "[%u, %u] %s", + ntohs(tcp->tcp_lport), ntohs(tcp->tcp_fport), cp); + break; + } + + return (buf); +} + +/* + * Add a new piece to the tcp reassembly queue. If the gap at the beginning + * is filled, return as much as we can. The message passed in may be + * multi-part, chained using b_cont. "start" is the starting sequence + * number for this piece. + */ +static mblk_t * +tcp_reass(tcp_t *tcp, mblk_t *mp, uint32_t start) +{ + uint32_t end; + mblk_t *mp1; + mblk_t *mp2; + mblk_t *next_mp; + uint32_t u1; + + /* Walk through all the new pieces. */ + do { + assert((uintptr_t)(mp->b_wptr - mp->b_rptr) <= + (uintptr_t)INT_MAX); + end = start + (int)(mp->b_wptr - mp->b_rptr); + next_mp = mp->b_cont; + if (start == end) { + /* Empty. Blast it. */ + freeb(mp); + continue; + } + mp->b_cont = NULL; + TCP_REASS_SET_SEQ(mp, start); + TCP_REASS_SET_END(mp, end); + mp1 = tcp->tcp_reass_tail; + if (!mp1) { + tcp->tcp_reass_tail = mp; + tcp->tcp_reass_head = mp; + BUMP_MIB(tcp_mib.tcpInDataUnorderSegs); + UPDATE_MIB(tcp_mib.tcpInDataUnorderBytes, end - start); + continue; + } + /* New stuff completely beyond tail? */ + if (SEQ_GEQ(start, TCP_REASS_END(mp1))) { + /* Link it on end. */ + mp1->b_cont = mp; + tcp->tcp_reass_tail = mp; + BUMP_MIB(tcp_mib.tcpInDataUnorderSegs); + UPDATE_MIB(tcp_mib.tcpInDataUnorderBytes, end - start); + continue; + } + mp1 = tcp->tcp_reass_head; + u1 = TCP_REASS_SEQ(mp1); + /* New stuff at the front? */ + if (SEQ_LT(start, u1)) { + /* Yes... Check for overlap. */ + mp->b_cont = mp1; + tcp->tcp_reass_head = mp; + tcp_reass_elim_overlap(tcp, mp); + continue; + } + /* + * The new piece fits somewhere between the head and tail. + * We find our slot, where mp1 precedes us and mp2 trails. + */ + for (; (mp2 = mp1->b_cont) != NULL; mp1 = mp2) { + u1 = TCP_REASS_SEQ(mp2); + if (SEQ_LEQ(start, u1)) + break; + } + /* Link ourselves in */ + mp->b_cont = mp2; + mp1->b_cont = mp; + + /* Trim overlap with following mblk(s) first */ + tcp_reass_elim_overlap(tcp, mp); + + /* Trim overlap with preceding mblk */ + tcp_reass_elim_overlap(tcp, mp1); + + } while (start = end, mp = next_mp); + mp1 = tcp->tcp_reass_head; + /* Anything ready to go? */ + if (TCP_REASS_SEQ(mp1) != tcp->tcp_rnxt) + return (NULL); + /* Eat what we can off the queue */ + for (;;) { + mp = mp1->b_cont; + end = TCP_REASS_END(mp1); + TCP_REASS_SET_SEQ(mp1, 0); + TCP_REASS_SET_END(mp1, 0); + if (!mp) { + tcp->tcp_reass_tail = NULL; + break; + } + if (end != TCP_REASS_SEQ(mp)) { + mp1->b_cont = NULL; + break; + } + mp1 = mp; + } + mp1 = tcp->tcp_reass_head; + tcp->tcp_reass_head = mp; + return (mp1); +} + +/* Eliminate any overlap that mp may have over later mblks */ +static void +tcp_reass_elim_overlap(tcp_t *tcp, mblk_t *mp) +{ + uint32_t end; + mblk_t *mp1; + uint32_t u1; + + end = TCP_REASS_END(mp); + while ((mp1 = mp->b_cont) != NULL) { + u1 = TCP_REASS_SEQ(mp1); + if (!SEQ_GT(end, u1)) + break; + if (!SEQ_GEQ(end, TCP_REASS_END(mp1))) { + mp->b_wptr -= end - u1; + TCP_REASS_SET_END(mp, u1); + BUMP_MIB(tcp_mib.tcpInDataPartDupSegs); + UPDATE_MIB(tcp_mib.tcpInDataPartDupBytes, end - u1); + break; + } + mp->b_cont = mp1->b_cont; + freeb(mp1); + BUMP_MIB(tcp_mib.tcpInDataDupSegs); + UPDATE_MIB(tcp_mib.tcpInDataDupBytes, end - u1); + } + if (!mp1) + tcp->tcp_reass_tail = mp; +} + +/* + * Remove a connection from the list of detached TIME_WAIT connections. + */ +static void +tcp_time_wait_remove(tcp_t *tcp) +{ + if (tcp->tcp_time_wait_expire == 0) { + assert(tcp->tcp_time_wait_next == NULL); + assert(tcp->tcp_time_wait_prev == NULL); + return; + } + assert(tcp->tcp_state == TCPS_TIME_WAIT); + if (tcp == tcp_time_wait_head) { + assert(tcp->tcp_time_wait_prev == NULL); + tcp_time_wait_head = tcp->tcp_time_wait_next; + if (tcp_time_wait_head != NULL) { + tcp_time_wait_head->tcp_time_wait_prev = NULL; + } else { + tcp_time_wait_tail = NULL; + } + } else if (tcp == tcp_time_wait_tail) { + assert(tcp != tcp_time_wait_head); + assert(tcp->tcp_time_wait_next == NULL); + tcp_time_wait_tail = tcp->tcp_time_wait_prev; + assert(tcp_time_wait_tail != NULL); + tcp_time_wait_tail->tcp_time_wait_next = NULL; + } else { + assert(tcp->tcp_time_wait_prev->tcp_time_wait_next == tcp); + assert(tcp->tcp_time_wait_next->tcp_time_wait_prev == tcp); + tcp->tcp_time_wait_prev->tcp_time_wait_next = + tcp->tcp_time_wait_next; + tcp->tcp_time_wait_next->tcp_time_wait_prev = + tcp->tcp_time_wait_prev; + } + tcp->tcp_time_wait_next = NULL; + tcp->tcp_time_wait_prev = NULL; + tcp->tcp_time_wait_expire = 0; +} + +/* + * Add a connection to the list of detached TIME_WAIT connections + * and set its time to expire ... + */ +static void +tcp_time_wait_append(tcp_t *tcp) +{ + tcp->tcp_time_wait_expire = prom_gettime() + tcp_time_wait_interval; + if (tcp->tcp_time_wait_expire == 0) + tcp->tcp_time_wait_expire = 1; + + if (tcp_time_wait_head == NULL) { + assert(tcp_time_wait_tail == NULL); + tcp_time_wait_head = tcp; + } else { + assert(tcp_time_wait_tail != NULL); + assert(tcp_time_wait_tail->tcp_state == TCPS_TIME_WAIT); + tcp_time_wait_tail->tcp_time_wait_next = tcp; + tcp->tcp_time_wait_prev = tcp_time_wait_tail; + } + tcp_time_wait_tail = tcp; + + /* for ndd stats about compression */ + tcp_cum_timewait++; +} + +/* + * Periodic qtimeout routine run on the default queue. + * Performs 2 functions. + * 1. Does TIME_WAIT compression on all recently added tcps. List + * traversal is done backwards from the tail. + * 2. Blows away all tcps whose TIME_WAIT has expired. List traversal + * is done forwards from the head. + */ +void +tcp_time_wait_collector(void) +{ + tcp_t *tcp; + uint32_t now; + + /* + * In order to reap time waits reliably, we should use a + * source of time that is not adjustable by the user + */ + now = prom_gettime(); + while ((tcp = tcp_time_wait_head) != NULL) { + /* + * Compare times using modular arithmetic, since + * lbolt can wrapover. + */ + if ((int32_t)(now - tcp->tcp_time_wait_expire) < 0) { + break; + } + /* + * Note that the err must be 0 as there is no socket + * associated with this TCP... + */ + (void) tcp_clean_death(-1, tcp, 0); + } + /* Schedule next run time. */ + tcp_time_wait_runtime = prom_gettime() + 10000; +} + +void +tcp_time_wait_report(void) +{ + tcp_t *tcp; + + printf("Current time %u\n", prom_gettime()); + for (tcp = tcp_time_wait_head; tcp != NULL; + tcp = tcp->tcp_time_wait_next) { + printf("%s expires at %u\n", tcp_display(tcp, NULL, + DISP_ADDR_AND_PORT), tcp->tcp_time_wait_expire); + } +} + +/* + * Send up all messages queued on tcp_rcv_list. + * Have to set tcp_co_norm since we use putnext. + */ +static void +tcp_rcv_drain(int sock_id, tcp_t *tcp) +{ + mblk_t *mp; + struct inetgram *in_gram; + mblk_t *in_mp; + int len; + + /* Don't drain if the app has not finished reading all the data. */ + if (sockets[sock_id].so_rcvbuf <= 0) + return; + + /* We might have come here just to updated the rwnd */ + if (tcp->tcp_rcv_list == NULL) + goto win_update; + + if ((in_gram = (struct inetgram *)bkmem_zalloc( + sizeof (struct inetgram))) == NULL) { + return; + } + if ((in_mp = allocb(tcp->tcp_rcv_cnt, 0)) == NULL) { + bkmem_free((caddr_t)in_gram, sizeof (struct inetgram)); + return; + } + in_gram->igm_level = APP_LVL; + in_gram->igm_mp = in_mp; + in_gram->igm_id = 0; + + while ((mp = tcp->tcp_rcv_list) != NULL) { + tcp->tcp_rcv_list = mp->b_cont; + len = mp->b_wptr - mp->b_rptr; + bcopy(mp->b_rptr, in_mp->b_wptr, len); + in_mp->b_wptr += len; + freeb(mp); + } + + tcp->tcp_rcv_last_tail = NULL; + tcp->tcp_rcv_cnt = 0; + add_grams(&sockets[sock_id].inq, in_gram); + + /* This means that so_rcvbuf can be less than 0. */ + sockets[sock_id].so_rcvbuf -= in_mp->b_wptr - in_mp->b_rptr; +win_update: + /* + * Increase the receive window to max. But we need to do receiver + * SWS avoidance. This means that we need to check the increase of + * of receive window is at least 1 MSS. + */ + if (sockets[sock_id].so_rcvbuf > 0 && + (tcp->tcp_rwnd_max - tcp->tcp_rwnd >= tcp->tcp_mss)) { + tcp->tcp_rwnd = tcp->tcp_rwnd_max; + U32_TO_ABE16(tcp->tcp_rwnd >> tcp->tcp_rcv_ws, + tcp->tcp_tcph->th_win); + } +} + +/* + * Wrapper for recvfrom to call + */ +void +tcp_rcv_drain_sock(int sock_id) +{ + tcp_t *tcp; + if ((tcp = sockets[sock_id].pcb) == NULL) + return; + tcp_rcv_drain(sock_id, tcp); +} + +/* + * If the inq == NULL and the tcp_rcv_list != NULL, we have data that + * recvfrom could read. Place a magic message in the inq to let recvfrom + * know that it needs to call tcp_rcv_drain_sock to pullup the data. + */ +static void +tcp_drain_needed(int sock_id, tcp_t *tcp) +{ + struct inetgram *in_gram; +#ifdef DEBUG + printf("tcp_drain_needed: inq %x, tcp_rcv_list %x\n", + sockets[sock_id].inq, tcp->tcp_rcv_list); +#endif + if ((sockets[sock_id].inq != NULL) || + (tcp->tcp_rcv_list == NULL)) + return; + + if ((in_gram = (struct inetgram *)bkmem_zalloc( + sizeof (struct inetgram))) == NULL) + return; + + in_gram->igm_level = APP_LVL; + in_gram->igm_mp = NULL; + in_gram->igm_id = TCP_CALLB_MAGIC_ID; + + add_grams(&sockets[sock_id].inq, in_gram); +} + +/* + * Queue data on tcp_rcv_list which is a b_next chain. + * Each element of the chain is a b_cont chain. + * + * M_DATA messages are added to the current element. + * Other messages are added as new (b_next) elements. + */ +static void +tcp_rcv_enqueue(tcp_t *tcp, mblk_t *mp, uint_t seg_len) +{ + assert(seg_len == msgdsize(mp)); + if (tcp->tcp_rcv_list == NULL) { + tcp->tcp_rcv_list = mp; + } else { + tcp->tcp_rcv_last_tail->b_cont = mp; + } + while (mp->b_cont) + mp = mp->b_cont; + tcp->tcp_rcv_last_tail = mp; + tcp->tcp_rcv_cnt += seg_len; + tcp->tcp_rwnd -= seg_len; +#ifdef DEBUG + printf("tcp_rcv_enqueue rwnd %d\n", tcp->tcp_rwnd); +#endif + U32_TO_ABE16(tcp->tcp_rwnd >> tcp->tcp_rcv_ws, tcp->tcp_tcph->th_win); +} + +/* The minimum of smoothed mean deviation in RTO calculation. */ +#define TCP_SD_MIN 400 + +/* + * Set RTO for this connection. The formula is from Jacobson and Karels' + * "Congestion Avoidance and Control" in SIGCOMM '88. The variable names + * are the same as those in Appendix A.2 of that paper. + * + * m = new measurement + * sa = smoothed RTT average (8 * average estimates). + * sv = smoothed mean deviation (mdev) of RTT (4 * deviation estimates). + */ +static void +tcp_set_rto(tcp_t *tcp, int32_t rtt) +{ + int32_t m = rtt; + uint32_t sa = tcp->tcp_rtt_sa; + uint32_t sv = tcp->tcp_rtt_sd; + uint32_t rto; + + BUMP_MIB(tcp_mib.tcpRttUpdate); + tcp->tcp_rtt_update++; + + /* tcp_rtt_sa is not 0 means this is a new sample. */ + if (sa != 0) { + /* + * Update average estimator: + * new rtt = 7/8 old rtt + 1/8 Error + */ + + /* m is now Error in estimate. */ + m -= sa >> 3; + if ((int32_t)(sa += m) <= 0) { + /* + * Don't allow the smoothed average to be negative. + * We use 0 to denote reinitialization of the + * variables. + */ + sa = 1; + } + + /* + * Update deviation estimator: + * new mdev = 3/4 old mdev + 1/4 (abs(Error) - old mdev) + */ + if (m < 0) + m = -m; + m -= sv >> 2; + sv += m; + } else { + /* + * This follows BSD's implementation. So the reinitialized + * RTO is 3 * m. We cannot go less than 2 because if the + * link is bandwidth dominated, doubling the window size + * during slow start means doubling the RTT. We want to be + * more conservative when we reinitialize our estimates. 3 + * is just a convenient number. + */ + sa = m << 3; + sv = m << 1; + } + if (sv < TCP_SD_MIN) { + /* + * We do not know that if sa captures the delay ACK + * effect as in a long train of segments, a receiver + * does not delay its ACKs. So set the minimum of sv + * to be TCP_SD_MIN, which is default to 400 ms, twice + * of BSD DATO. That means the minimum of mean + * deviation is 100 ms. + * + */ + sv = TCP_SD_MIN; + } + tcp->tcp_rtt_sa = sa; + tcp->tcp_rtt_sd = sv; + /* + * RTO = average estimates (sa / 8) + 4 * deviation estimates (sv) + * + * Add tcp_rexmit_interval extra in case of extreme environment + * where the algorithm fails to work. The default value of + * tcp_rexmit_interval_extra should be 0. + * + * As we use a finer grained clock than BSD and update + * RTO for every ACKs, add in another .25 of RTT to the + * deviation of RTO to accomodate burstiness of 1/4 of + * window size. + */ + rto = (sa >> 3) + sv + tcp_rexmit_interval_extra + (sa >> 5); + + if (rto > tcp_rexmit_interval_max) { + tcp->tcp_rto = tcp_rexmit_interval_max; + } else if (rto < tcp_rexmit_interval_min) { + tcp->tcp_rto = tcp_rexmit_interval_min; + } else { + tcp->tcp_rto = rto; + } + + /* Now, we can reset tcp_timer_backoff to use the new RTO... */ + tcp->tcp_timer_backoff = 0; +} + +/* + * Initiate closedown sequence on an active connection. + * Return value zero for OK return, non-zero for error return. + */ +static int +tcp_xmit_end(tcp_t *tcp, int sock_id) +{ + mblk_t *mp; + + if (tcp->tcp_state < TCPS_SYN_RCVD || + tcp->tcp_state > TCPS_CLOSE_WAIT) { + /* + * Invalid state, only states TCPS_SYN_RCVD, + * TCPS_ESTABLISHED and TCPS_CLOSE_WAIT are valid + */ + return (-1); + } + + tcp->tcp_fss = tcp->tcp_snxt + tcp->tcp_unsent; + tcp->tcp_valid_bits |= TCP_FSS_VALID; + /* + * If there is nothing more unsent, send the FIN now. + * Otherwise, it will go out with the last segment. + */ + if (tcp->tcp_unsent == 0) { + mp = tcp_xmit_mp(tcp, NULL, 0, NULL, NULL, + tcp->tcp_fss, B_FALSE, NULL, B_FALSE); + + if (mp != NULL) { + /* Dump the packet when debugging. */ + TCP_DUMP_PACKET("tcp_xmit_end", mp); + (void) ipv4_tcp_output(sock_id, mp); + freeb(mp); + } else { + /* + * Couldn't allocate msg. Pretend we got it out. + * Wait for rexmit timeout. + */ + tcp->tcp_snxt = tcp->tcp_fss + 1; + TCP_TIMER_RESTART(tcp, tcp->tcp_rto); + } + + /* + * If needed, update tcp_rexmit_snxt as tcp_snxt is + * changed. + */ + if (tcp->tcp_rexmit && tcp->tcp_rexmit_nxt == tcp->tcp_fss) { + tcp->tcp_rexmit_nxt = tcp->tcp_snxt; + } + } else { + tcp_wput_data(tcp, NULL, B_FALSE); + } + + return (0); +} + +int +tcp_opt_set(tcp_t *tcp, int level, int option, const void *optval, + socklen_t optlen) +{ + switch (level) { + case SOL_SOCKET: { + switch (option) { + case SO_RCVBUF: + if (optlen == sizeof (int)) { + int val = *(int *)optval; + + if (val > tcp_max_buf) { + errno = ENOBUFS; + break; + } + /* Silently ignore zero */ + if (val != 0) { + val = MSS_ROUNDUP(val, tcp->tcp_mss); + (void) tcp_rwnd_set(tcp, val); + } + } else { + errno = EINVAL; + } + break; + case SO_SNDBUF: + if (optlen == sizeof (int)) { + tcp->tcp_xmit_hiwater = *(int *)optval; + if (tcp->tcp_xmit_hiwater > tcp_max_buf) + tcp->tcp_xmit_hiwater = tcp_max_buf; + } else { + errno = EINVAL; + } + break; + case SO_LINGER: + if (optlen == sizeof (struct linger)) { + struct linger *lgr = (struct linger *)optval; + + if (lgr->l_onoff) { + tcp->tcp_linger = 1; + tcp->tcp_lingertime = lgr->l_linger; + } else { + tcp->tcp_linger = 0; + tcp->tcp_lingertime = 0; + } + } else { + errno = EINVAL; + } + break; + default: + errno = ENOPROTOOPT; + break; + } + break; + } /* case SOL_SOCKET */ + case IPPROTO_TCP: { + switch (option) { + default: + errno = ENOPROTOOPT; + break; + } + break; + } /* case IPPROTO_TCP */ + case IPPROTO_IP: { + switch (option) { + default: + errno = ENOPROTOOPT; + break; + } + break; + } /* case IPPROTO_IP */ + default: + errno = ENOPROTOOPT; + break; + } /* switch (level) */ + + if (errno != 0) + return (-1); + else + return (0); +} |