Print this page
1631 kernel panic in tcp_input_data
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/inet/tcp/tcp_input.c
+++ new/usr/src/uts/common/inet/tcp/tcp_input.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24 + * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
24 25 */
25 26
26 27 /* This file contains all TCP input processing functions. */
27 28
28 29 #include <sys/types.h>
29 30 #include <sys/stream.h>
30 31 #include <sys/strsun.h>
31 32 #include <sys/strsubr.h>
32 33 #include <sys/stropts.h>
33 34 #include <sys/strlog.h>
34 35 #define _SUN_TPI_VERSION 2
35 36 #include <sys/tihdr.h>
36 37 #include <sys/suntpi.h>
37 38 #include <sys/xti_inet.h>
38 39 #include <sys/squeue_impl.h>
39 40 #include <sys/squeue.h>
40 41 #include <sys/tsol/tnet.h>
41 42
42 43 #include <inet/common.h>
43 44 #include <inet/ip.h>
44 45 #include <inet/tcp.h>
45 46 #include <inet/tcp_impl.h>
46 47 #include <inet/tcp_cluster.h>
47 48 #include <inet/proto_set.h>
48 49 #include <inet/ipsec_impl.h>
49 50
50 51 /*
51 52 * RFC1323-recommended phrasing of TSTAMP option, for easier parsing
52 53 */
53 54
54 55 #ifdef _BIG_ENDIAN
55 56 #define TCPOPT_NOP_NOP_TSTAMP ((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | \
56 57 (TCPOPT_TSTAMP << 8) | 10)
57 58 #else
58 59 #define TCPOPT_NOP_NOP_TSTAMP ((10 << 24) | (TCPOPT_TSTAMP << 16) | \
59 60 (TCPOPT_NOP << 8) | TCPOPT_NOP)
60 61 #endif
61 62
62 63 /*
63 64 * Flags returned from tcp_parse_options.
64 65 */
65 66 #define TCP_OPT_MSS_PRESENT 1
66 67 #define TCP_OPT_WSCALE_PRESENT 2
67 68 #define TCP_OPT_TSTAMP_PRESENT 4
68 69 #define TCP_OPT_SACK_OK_PRESENT 8
69 70 #define TCP_OPT_SACK_PRESENT 16
70 71
71 72 /*
72 73 * PAWS needs a timer for 24 days. This is the number of ticks in 24 days
73 74 */
74 75 #define PAWS_TIMEOUT ((clock_t)(24*24*60*60*hz))
75 76
76 77 /*
77 78 * Since tcp_listener is not cleared atomically with tcp_detached
78 79 * being cleared we need this extra bit to tell a detached connection
79 80 * apart from one that is in the process of being accepted.
80 81 */
81 82 #define TCP_IS_DETACHED_NONEAGER(tcp) \
82 83 (TCP_IS_DETACHED(tcp) && \
83 84 (!(tcp)->tcp_hard_binding))
84 85
85 86 /*
86 87 * Steps to do when a tcp_t moves to TIME-WAIT state.
87 88 *
88 89 * This connection is done, we don't need to account for it. Decrement
89 90 * the listener connection counter if needed.
90 91 *
91 92 * Decrement the connection counter of the stack. Note that this counter
92 93 * is per CPU. So the total number of connections in a stack is the sum of all
93 94 * of them. Since there is no lock for handling all of them exclusively, the
94 95 * resulting sum is only an approximation.
95 96 *
96 97 * Unconditionally clear the exclusive binding bit so this TIME-WAIT
97 98 * connection won't interfere with new ones.
98 99 *
99 100 * Start the TIME-WAIT timer. If upper layer has not closed the connection,
100 101 * the timer is handled within the context of this tcp_t. When the timer
101 102 * fires, tcp_clean_death() is called. If upper layer closes the connection
102 103 * during this period, tcp_time_wait_append() will be called to add this
103 104 * tcp_t to the global TIME-WAIT list. Note that this means that the
104 105 * actual wait time in TIME-WAIT state will be longer than the
105 106 * tcps_time_wait_interval since the period before upper layer closes the
106 107 * connection is not accounted for when tcp_time_wait_append() is called.
107 108 *
108 109 * If uppser layer has closed the connection, call tcp_time_wait_append()
109 110 * directly.
110 111 *
111 112 */
112 113 #define SET_TIME_WAIT(tcps, tcp, connp) \
113 114 { \
114 115 (tcp)->tcp_state = TCPS_TIME_WAIT; \
115 116 if ((tcp)->tcp_listen_cnt != NULL) \
116 117 TCP_DECR_LISTEN_CNT(tcp); \
117 118 atomic_dec_64( \
118 119 (uint64_t *)&(tcps)->tcps_sc[CPU->cpu_seqid]->tcp_sc_conn_cnt); \
119 120 (connp)->conn_exclbind = 0; \
120 121 if (!TCP_IS_DETACHED(tcp)) { \
121 122 TCP_TIMER_RESTART(tcp, (tcps)->tcps_time_wait_interval); \
122 123 } else { \
123 124 tcp_time_wait_append(tcp); \
124 125 TCP_DBGSTAT(tcps, tcp_rput_time_wait); \
125 126 } \
126 127 }
127 128
128 129 /*
129 130 * If tcp_drop_ack_unsent_cnt is greater than 0, when TCP receives more
130 131 * than tcp_drop_ack_unsent_cnt number of ACKs which acknowledge unsent
131 132 * data, TCP will not respond with an ACK. RFC 793 requires that
132 133 * TCP responds with an ACK for such a bogus ACK. By not following
133 134 * the RFC, we prevent TCP from getting into an ACK storm if somehow
134 135 * an attacker successfully spoofs an acceptable segment to our
135 136 * peer; or when our peer is "confused."
136 137 */
137 138 static uint32_t tcp_drop_ack_unsent_cnt = 10;
138 139
139 140 /*
140 141 * To protect TCP against attacker using a small window and requesting
141 142 * large amount of data (DoS attack by conuming memory), TCP checks the
142 143 * window advertised in the last ACK of the 3-way handshake. TCP uses
143 144 * the tcp_mss (the size of one packet) value for comparion. The window
144 145 * should be larger than tcp_mss. But while a sane TCP should advertise
145 146 * a receive window larger than or equal to 4*MSS to avoid stop and go
146 147 * tarrfic, not all TCP stacks do that. This is especially true when
147 148 * tcp_mss is a big value.
148 149 *
149 150 * To work around this issue, an additional fixed value for comparison
150 151 * is also used. If the advertised window is smaller than both tcp_mss
151 152 * and tcp_init_wnd_chk, the ACK is considered as invalid. So for large
152 153 * tcp_mss value (say, 8K), a window larger than tcp_init_wnd_chk but
153 154 * smaller than 8K is considered to be OK.
154 155 */
155 156 static uint32_t tcp_init_wnd_chk = 4096;
156 157
157 158 /* Process ICMP source quench message or not. */
158 159 static boolean_t tcp_icmp_source_quench = B_FALSE;
159 160
160 161 static boolean_t tcp_outbound_squeue_switch = B_FALSE;
161 162
162 163 static mblk_t *tcp_conn_create_v4(conn_t *, conn_t *, mblk_t *,
163 164 ip_recv_attr_t *);
164 165 static mblk_t *tcp_conn_create_v6(conn_t *, conn_t *, mblk_t *,
165 166 ip_recv_attr_t *);
166 167 static boolean_t tcp_drop_q0(tcp_t *);
167 168 static void tcp_icmp_error_ipv6(tcp_t *, mblk_t *, ip_recv_attr_t *);
168 169 static mblk_t *tcp_input_add_ancillary(tcp_t *, mblk_t *, ip_pkt_t *,
169 170 ip_recv_attr_t *);
170 171 static void tcp_input_listener(void *, mblk_t *, void *, ip_recv_attr_t *);
171 172 static int tcp_parse_options(tcpha_t *, tcp_opt_t *);
172 173 static void tcp_process_options(tcp_t *, tcpha_t *);
173 174 static mblk_t *tcp_reass(tcp_t *, mblk_t *, uint32_t);
174 175 static void tcp_reass_elim_overlap(tcp_t *, mblk_t *);
175 176 static void tcp_rsrv_input(void *, mblk_t *, void *, ip_recv_attr_t *);
176 177 static void tcp_set_rto(tcp_t *, time_t);
177 178 static void tcp_setcred_data(mblk_t *, ip_recv_attr_t *);
178 179
179 180 /*
180 181 * Set the MSS associated with a particular tcp based on its current value,
181 182 * and a new one passed in. Observe minimums and maximums, and reset other
182 183 * state variables that we want to view as multiples of MSS.
183 184 *
184 185 * The value of MSS could be either increased or descreased.
185 186 */
186 187 void
187 188 tcp_mss_set(tcp_t *tcp, uint32_t mss)
188 189 {
189 190 uint32_t mss_max;
190 191 tcp_stack_t *tcps = tcp->tcp_tcps;
191 192 conn_t *connp = tcp->tcp_connp;
192 193
193 194 if (connp->conn_ipversion == IPV4_VERSION)
194 195 mss_max = tcps->tcps_mss_max_ipv4;
195 196 else
196 197 mss_max = tcps->tcps_mss_max_ipv6;
197 198
198 199 if (mss < tcps->tcps_mss_min)
199 200 mss = tcps->tcps_mss_min;
200 201 if (mss > mss_max)
201 202 mss = mss_max;
202 203 /*
203 204 * Unless naglim has been set by our client to
204 205 * a non-mss value, force naglim to track mss.
205 206 * This can help to aggregate small writes.
206 207 */
207 208 if (mss < tcp->tcp_naglim || tcp->tcp_mss == tcp->tcp_naglim)
208 209 tcp->tcp_naglim = mss;
209 210 /*
210 211 * TCP should be able to buffer at least 4 MSS data for obvious
211 212 * performance reason.
212 213 */
213 214 if ((mss << 2) > connp->conn_sndbuf)
214 215 connp->conn_sndbuf = mss << 2;
215 216
216 217 /*
217 218 * Set the send lowater to at least twice of MSS.
218 219 */
219 220 if ((mss << 1) > connp->conn_sndlowat)
220 221 connp->conn_sndlowat = mss << 1;
221 222
222 223 /*
223 224 * Update tcp_cwnd according to the new value of MSS. Keep the
224 225 * previous ratio to preserve the transmit rate.
225 226 */
226 227 tcp->tcp_cwnd = (tcp->tcp_cwnd / tcp->tcp_mss) * mss;
227 228 tcp->tcp_cwnd_cnt = 0;
228 229
229 230 tcp->tcp_mss = mss;
230 231 (void) tcp_maxpsz_set(tcp, B_TRUE);
231 232 }
232 233
233 234 /*
234 235 * Extract option values from a tcp header. We put any found values into the
235 236 * tcpopt struct and return a bitmask saying which options were found.
236 237 */
237 238 static int
238 239 tcp_parse_options(tcpha_t *tcpha, tcp_opt_t *tcpopt)
239 240 {
240 241 uchar_t *endp;
241 242 int len;
242 243 uint32_t mss;
243 244 uchar_t *up = (uchar_t *)tcpha;
244 245 int found = 0;
245 246 int32_t sack_len;
246 247 tcp_seq sack_begin, sack_end;
247 248 tcp_t *tcp;
248 249
249 250 endp = up + TCP_HDR_LENGTH(tcpha);
250 251 up += TCP_MIN_HEADER_LENGTH;
251 252 while (up < endp) {
252 253 len = endp - up;
253 254 switch (*up) {
254 255 case TCPOPT_EOL:
255 256 break;
256 257
257 258 case TCPOPT_NOP:
258 259 up++;
259 260 continue;
260 261
261 262 case TCPOPT_MAXSEG:
262 263 if (len < TCPOPT_MAXSEG_LEN ||
263 264 up[1] != TCPOPT_MAXSEG_LEN)
264 265 break;
265 266
266 267 mss = BE16_TO_U16(up+2);
267 268 /* Caller must handle tcp_mss_min and tcp_mss_max_* */
268 269 tcpopt->tcp_opt_mss = mss;
269 270 found |= TCP_OPT_MSS_PRESENT;
270 271
271 272 up += TCPOPT_MAXSEG_LEN;
272 273 continue;
273 274
274 275 case TCPOPT_WSCALE:
275 276 if (len < TCPOPT_WS_LEN || up[1] != TCPOPT_WS_LEN)
276 277 break;
277 278
278 279 if (up[2] > TCP_MAX_WINSHIFT)
279 280 tcpopt->tcp_opt_wscale = TCP_MAX_WINSHIFT;
280 281 else
281 282 tcpopt->tcp_opt_wscale = up[2];
282 283 found |= TCP_OPT_WSCALE_PRESENT;
283 284
284 285 up += TCPOPT_WS_LEN;
285 286 continue;
286 287
287 288 case TCPOPT_SACK_PERMITTED:
288 289 if (len < TCPOPT_SACK_OK_LEN ||
289 290 up[1] != TCPOPT_SACK_OK_LEN)
290 291 break;
291 292 found |= TCP_OPT_SACK_OK_PRESENT;
292 293 up += TCPOPT_SACK_OK_LEN;
293 294 continue;
294 295
295 296 case TCPOPT_SACK:
296 297 if (len <= 2 || up[1] <= 2 || len < up[1])
297 298 break;
298 299
299 300 /* If TCP is not interested in SACK blks... */
300 301 if ((tcp = tcpopt->tcp) == NULL) {
301 302 up += up[1];
302 303 continue;
303 304 }
304 305 sack_len = up[1] - TCPOPT_HEADER_LEN;
305 306 up += TCPOPT_HEADER_LEN;
306 307
307 308 /*
308 309 * If the list is empty, allocate one and assume
309 310 * nothing is sack'ed.
310 311 */
311 312 if (tcp->tcp_notsack_list == NULL) {
312 313 tcp_notsack_update(&(tcp->tcp_notsack_list),
313 314 tcp->tcp_suna, tcp->tcp_snxt,
314 315 &(tcp->tcp_num_notsack_blk),
315 316 &(tcp->tcp_cnt_notsack_list));
316 317
317 318 /*
318 319 * Make sure tcp_notsack_list is not NULL.
319 320 * This happens when kmem_alloc(KM_NOSLEEP)
320 321 * returns NULL.
321 322 */
322 323 if (tcp->tcp_notsack_list == NULL) {
323 324 up += sack_len;
324 325 continue;
325 326 }
326 327 tcp->tcp_fack = tcp->tcp_suna;
327 328 }
328 329
329 330 while (sack_len > 0) {
330 331 if (up + 8 > endp) {
331 332 up = endp;
332 333 break;
333 334 }
334 335 sack_begin = BE32_TO_U32(up);
335 336 up += 4;
336 337 sack_end = BE32_TO_U32(up);
337 338 up += 4;
338 339 sack_len -= 8;
339 340 /*
340 341 * Bounds checking. Make sure the SACK
341 342 * info is within tcp_suna and tcp_snxt.
342 343 * If this SACK blk is out of bound, ignore
343 344 * it but continue to parse the following
344 345 * blks.
345 346 */
346 347 if (SEQ_LEQ(sack_end, sack_begin) ||
347 348 SEQ_LT(sack_begin, tcp->tcp_suna) ||
348 349 SEQ_GT(sack_end, tcp->tcp_snxt)) {
349 350 continue;
350 351 }
351 352 tcp_notsack_insert(&(tcp->tcp_notsack_list),
352 353 sack_begin, sack_end,
353 354 &(tcp->tcp_num_notsack_blk),
354 355 &(tcp->tcp_cnt_notsack_list));
355 356 if (SEQ_GT(sack_end, tcp->tcp_fack)) {
356 357 tcp->tcp_fack = sack_end;
357 358 }
358 359 }
359 360 found |= TCP_OPT_SACK_PRESENT;
360 361 continue;
361 362
362 363 case TCPOPT_TSTAMP:
363 364 if (len < TCPOPT_TSTAMP_LEN ||
364 365 up[1] != TCPOPT_TSTAMP_LEN)
365 366 break;
366 367
367 368 tcpopt->tcp_opt_ts_val = BE32_TO_U32(up+2);
368 369 tcpopt->tcp_opt_ts_ecr = BE32_TO_U32(up+6);
369 370
370 371 found |= TCP_OPT_TSTAMP_PRESENT;
371 372
372 373 up += TCPOPT_TSTAMP_LEN;
373 374 continue;
374 375
375 376 default:
376 377 if (len <= 1 || len < (int)up[1] || up[1] == 0)
377 378 break;
378 379 up += up[1];
379 380 continue;
380 381 }
381 382 break;
382 383 }
383 384 return (found);
384 385 }
385 386
386 387 /*
387 388 * Process all TCP option in SYN segment. Note that this function should
388 389 * be called after tcp_set_destination() is called so that the necessary info
389 390 * from IRE is already set in the tcp structure.
390 391 *
391 392 * This function sets up the correct tcp_mss value according to the
392 393 * MSS option value and our header size. It also sets up the window scale
393 394 * and timestamp values, and initialize SACK info blocks. But it does not
394 395 * change receive window size after setting the tcp_mss value. The caller
395 396 * should do the appropriate change.
396 397 */
397 398 static void
398 399 tcp_process_options(tcp_t *tcp, tcpha_t *tcpha)
399 400 {
400 401 int options;
401 402 tcp_opt_t tcpopt;
402 403 uint32_t mss_max;
403 404 char *tmp_tcph;
404 405 tcp_stack_t *tcps = tcp->tcp_tcps;
405 406 conn_t *connp = tcp->tcp_connp;
406 407
407 408 tcpopt.tcp = NULL;
408 409 options = tcp_parse_options(tcpha, &tcpopt);
409 410
410 411 /*
411 412 * Process MSS option. Note that MSS option value does not account
412 413 * for IP or TCP options. This means that it is equal to MTU - minimum
413 414 * IP+TCP header size, which is 40 bytes for IPv4 and 60 bytes for
414 415 * IPv6.
415 416 */
416 417 if (!(options & TCP_OPT_MSS_PRESENT)) {
417 418 if (connp->conn_ipversion == IPV4_VERSION)
418 419 tcpopt.tcp_opt_mss = tcps->tcps_mss_def_ipv4;
419 420 else
420 421 tcpopt.tcp_opt_mss = tcps->tcps_mss_def_ipv6;
421 422 } else {
422 423 if (connp->conn_ipversion == IPV4_VERSION)
423 424 mss_max = tcps->tcps_mss_max_ipv4;
424 425 else
425 426 mss_max = tcps->tcps_mss_max_ipv6;
426 427 if (tcpopt.tcp_opt_mss < tcps->tcps_mss_min)
427 428 tcpopt.tcp_opt_mss = tcps->tcps_mss_min;
428 429 else if (tcpopt.tcp_opt_mss > mss_max)
429 430 tcpopt.tcp_opt_mss = mss_max;
430 431 }
431 432
432 433 /* Process Window Scale option. */
433 434 if (options & TCP_OPT_WSCALE_PRESENT) {
434 435 tcp->tcp_snd_ws = tcpopt.tcp_opt_wscale;
435 436 tcp->tcp_snd_ws_ok = B_TRUE;
436 437 } else {
437 438 tcp->tcp_snd_ws = B_FALSE;
438 439 tcp->tcp_snd_ws_ok = B_FALSE;
439 440 tcp->tcp_rcv_ws = B_FALSE;
440 441 }
441 442
442 443 /* Process Timestamp option. */
443 444 if ((options & TCP_OPT_TSTAMP_PRESENT) &&
444 445 (tcp->tcp_snd_ts_ok || TCP_IS_DETACHED(tcp))) {
445 446 tmp_tcph = (char *)tcp->tcp_tcpha;
446 447
447 448 tcp->tcp_snd_ts_ok = B_TRUE;
448 449 tcp->tcp_ts_recent = tcpopt.tcp_opt_ts_val;
449 450 tcp->tcp_last_rcv_lbolt = ddi_get_lbolt64();
450 451 ASSERT(OK_32PTR(tmp_tcph));
451 452 ASSERT(connp->conn_ht_ulp_len == TCP_MIN_HEADER_LENGTH);
452 453
453 454 /* Fill in our template header with basic timestamp option. */
454 455 tmp_tcph += connp->conn_ht_ulp_len;
455 456 tmp_tcph[0] = TCPOPT_NOP;
456 457 tmp_tcph[1] = TCPOPT_NOP;
457 458 tmp_tcph[2] = TCPOPT_TSTAMP;
458 459 tmp_tcph[3] = TCPOPT_TSTAMP_LEN;
459 460 connp->conn_ht_iphc_len += TCPOPT_REAL_TS_LEN;
460 461 connp->conn_ht_ulp_len += TCPOPT_REAL_TS_LEN;
461 462 tcp->tcp_tcpha->tha_offset_and_reserved += (3 << 4);
462 463 } else {
463 464 tcp->tcp_snd_ts_ok = B_FALSE;
464 465 }
465 466
466 467 /*
467 468 * Process SACK options. If SACK is enabled for this connection,
468 469 * then allocate the SACK info structure. Note the following ways
469 470 * when tcp_snd_sack_ok is set to true.
470 471 *
471 472 * For active connection: in tcp_set_destination() called in
472 473 * tcp_connect().
473 474 *
474 475 * For passive connection: in tcp_set_destination() called in
475 476 * tcp_input_listener().
476 477 *
477 478 * That's the reason why the extra TCP_IS_DETACHED() check is there.
478 479 * That check makes sure that if we did not send a SACK OK option,
479 480 * we will not enable SACK for this connection even though the other
480 481 * side sends us SACK OK option. For active connection, the SACK
481 482 * info structure has already been allocated. So we need to free
482 483 * it if SACK is disabled.
483 484 */
484 485 if ((options & TCP_OPT_SACK_OK_PRESENT) &&
485 486 (tcp->tcp_snd_sack_ok ||
486 487 (tcps->tcps_sack_permitted != 0 && TCP_IS_DETACHED(tcp)))) {
487 488 ASSERT(tcp->tcp_num_sack_blk == 0);
488 489 ASSERT(tcp->tcp_notsack_list == NULL);
489 490
490 491 tcp->tcp_snd_sack_ok = B_TRUE;
491 492 if (tcp->tcp_snd_ts_ok) {
492 493 tcp->tcp_max_sack_blk = 3;
493 494 } else {
494 495 tcp->tcp_max_sack_blk = 4;
495 496 }
496 497 } else if (tcp->tcp_snd_sack_ok) {
497 498 /*
498 499 * Resetting tcp_snd_sack_ok to B_FALSE so that
499 500 * no SACK info will be used for this
500 501 * connection. This assumes that SACK usage
501 502 * permission is negotiated. This may need
502 503 * to be changed once this is clarified.
503 504 */
504 505 ASSERT(tcp->tcp_num_sack_blk == 0);
505 506 ASSERT(tcp->tcp_notsack_list == NULL);
506 507 tcp->tcp_snd_sack_ok = B_FALSE;
507 508 }
508 509
509 510 /*
510 511 * Now we know the exact TCP/IP header length, subtract
511 512 * that from tcp_mss to get our side's MSS.
512 513 */
513 514 tcp->tcp_mss -= connp->conn_ht_iphc_len;
514 515
515 516 /*
516 517 * Here we assume that the other side's header size will be equal to
517 518 * our header size. We calculate the real MSS accordingly. Need to
518 519 * take into additional stuffs IPsec puts in.
519 520 *
520 521 * Real MSS = Opt.MSS - (our TCP/IP header - min TCP/IP header)
521 522 */
522 523 tcpopt.tcp_opt_mss -= connp->conn_ht_iphc_len +
523 524 tcp->tcp_ipsec_overhead -
524 525 ((connp->conn_ipversion == IPV4_VERSION ?
525 526 IP_SIMPLE_HDR_LENGTH : IPV6_HDR_LEN) + TCP_MIN_HEADER_LENGTH);
526 527
527 528 /*
528 529 * Set MSS to the smaller one of both ends of the connection.
529 530 * We should not have called tcp_mss_set() before, but our
530 531 * side of the MSS should have been set to a proper value
531 532 * by tcp_set_destination(). tcp_mss_set() will also set up the
532 533 * STREAM head parameters properly.
533 534 *
534 535 * If we have a larger-than-16-bit window but the other side
535 536 * didn't want to do window scale, tcp_rwnd_set() will take
536 537 * care of that.
537 538 */
538 539 tcp_mss_set(tcp, MIN(tcpopt.tcp_opt_mss, tcp->tcp_mss));
539 540
540 541 /*
541 542 * Initialize tcp_cwnd value. After tcp_mss_set(), tcp_mss has been
542 543 * updated properly.
543 544 */
544 545 TCP_SET_INIT_CWND(tcp, tcp->tcp_mss, tcps->tcps_slow_start_initial);
545 546 }
546 547
547 548 /*
548 549 * Add a new piece to the tcp reassembly queue. If the gap at the beginning
549 550 * is filled, return as much as we can. The message passed in may be
550 551 * multi-part, chained using b_cont. "start" is the starting sequence
551 552 * number for this piece.
552 553 */
553 554 static mblk_t *
554 555 tcp_reass(tcp_t *tcp, mblk_t *mp, uint32_t start)
555 556 {
556 557 uint32_t end;
557 558 mblk_t *mp1;
558 559 mblk_t *mp2;
559 560 mblk_t *next_mp;
560 561 uint32_t u1;
561 562 tcp_stack_t *tcps = tcp->tcp_tcps;
562 563
563 564
564 565 /* Walk through all the new pieces. */
565 566 do {
566 567 ASSERT((uintptr_t)(mp->b_wptr - mp->b_rptr) <=
567 568 (uintptr_t)INT_MAX);
568 569 end = start + (int)(mp->b_wptr - mp->b_rptr);
569 570 next_mp = mp->b_cont;
570 571 if (start == end) {
571 572 /* Empty. Blast it. */
572 573 freeb(mp);
573 574 continue;
574 575 }
575 576 mp->b_cont = NULL;
576 577 TCP_REASS_SET_SEQ(mp, start);
577 578 TCP_REASS_SET_END(mp, end);
578 579 mp1 = tcp->tcp_reass_tail;
579 580 if (!mp1) {
580 581 tcp->tcp_reass_tail = mp;
581 582 tcp->tcp_reass_head = mp;
582 583 TCPS_BUMP_MIB(tcps, tcpInDataUnorderSegs);
583 584 TCPS_UPDATE_MIB(tcps, tcpInDataUnorderBytes,
584 585 end - start);
585 586 continue;
586 587 }
587 588 /* New stuff completely beyond tail? */
588 589 if (SEQ_GEQ(start, TCP_REASS_END(mp1))) {
589 590 /* Link it on end. */
590 591 mp1->b_cont = mp;
591 592 tcp->tcp_reass_tail = mp;
592 593 TCPS_BUMP_MIB(tcps, tcpInDataUnorderSegs);
593 594 TCPS_UPDATE_MIB(tcps, tcpInDataUnorderBytes,
594 595 end - start);
595 596 continue;
596 597 }
597 598 mp1 = tcp->tcp_reass_head;
598 599 u1 = TCP_REASS_SEQ(mp1);
599 600 /* New stuff at the front? */
600 601 if (SEQ_LT(start, u1)) {
601 602 /* Yes... Check for overlap. */
602 603 mp->b_cont = mp1;
603 604 tcp->tcp_reass_head = mp;
604 605 tcp_reass_elim_overlap(tcp, mp);
605 606 continue;
606 607 }
607 608 /*
608 609 * The new piece fits somewhere between the head and tail.
609 610 * We find our slot, where mp1 precedes us and mp2 trails.
610 611 */
611 612 for (; (mp2 = mp1->b_cont) != NULL; mp1 = mp2) {
612 613 u1 = TCP_REASS_SEQ(mp2);
613 614 if (SEQ_LEQ(start, u1))
614 615 break;
615 616 }
616 617 /* Link ourselves in */
617 618 mp->b_cont = mp2;
618 619 mp1->b_cont = mp;
619 620
620 621 /* Trim overlap with following mblk(s) first */
621 622 tcp_reass_elim_overlap(tcp, mp);
622 623
623 624 /* Trim overlap with preceding mblk */
624 625 tcp_reass_elim_overlap(tcp, mp1);
625 626
626 627 } while (start = end, mp = next_mp);
627 628 mp1 = tcp->tcp_reass_head;
628 629 /* Anything ready to go? */
629 630 if (TCP_REASS_SEQ(mp1) != tcp->tcp_rnxt)
630 631 return (NULL);
631 632 /* Eat what we can off the queue */
632 633 for (;;) {
633 634 mp = mp1->b_cont;
634 635 end = TCP_REASS_END(mp1);
635 636 TCP_REASS_SET_SEQ(mp1, 0);
636 637 TCP_REASS_SET_END(mp1, 0);
637 638 if (!mp) {
638 639 tcp->tcp_reass_tail = NULL;
639 640 break;
640 641 }
641 642 if (end != TCP_REASS_SEQ(mp)) {
642 643 mp1->b_cont = NULL;
643 644 break;
644 645 }
645 646 mp1 = mp;
646 647 }
647 648 mp1 = tcp->tcp_reass_head;
648 649 tcp->tcp_reass_head = mp;
649 650 return (mp1);
650 651 }
651 652
652 653 /* Eliminate any overlap that mp may have over later mblks */
653 654 static void
654 655 tcp_reass_elim_overlap(tcp_t *tcp, mblk_t *mp)
655 656 {
656 657 uint32_t end;
657 658 mblk_t *mp1;
658 659 uint32_t u1;
659 660 tcp_stack_t *tcps = tcp->tcp_tcps;
660 661
661 662 end = TCP_REASS_END(mp);
662 663 while ((mp1 = mp->b_cont) != NULL) {
663 664 u1 = TCP_REASS_SEQ(mp1);
664 665 if (!SEQ_GT(end, u1))
665 666 break;
666 667 if (!SEQ_GEQ(end, TCP_REASS_END(mp1))) {
667 668 mp->b_wptr -= end - u1;
668 669 TCP_REASS_SET_END(mp, u1);
669 670 TCPS_BUMP_MIB(tcps, tcpInDataPartDupSegs);
670 671 TCPS_UPDATE_MIB(tcps, tcpInDataPartDupBytes,
671 672 end - u1);
672 673 break;
673 674 }
674 675 mp->b_cont = mp1->b_cont;
675 676 TCP_REASS_SET_SEQ(mp1, 0);
676 677 TCP_REASS_SET_END(mp1, 0);
677 678 freeb(mp1);
678 679 TCPS_BUMP_MIB(tcps, tcpInDataDupSegs);
679 680 TCPS_UPDATE_MIB(tcps, tcpInDataDupBytes, end - u1);
680 681 }
681 682 if (!mp1)
682 683 tcp->tcp_reass_tail = mp;
683 684 }
684 685
685 686 /*
686 687 * This function does PAWS protection check. Returns B_TRUE if the
687 688 * segment passes the PAWS test, else returns B_FALSE.
688 689 */
689 690 boolean_t
690 691 tcp_paws_check(tcp_t *tcp, tcpha_t *tcpha, tcp_opt_t *tcpoptp)
691 692 {
692 693 uint8_t flags;
693 694 int options;
694 695 uint8_t *up;
695 696 conn_t *connp = tcp->tcp_connp;
696 697
697 698 flags = (unsigned int)tcpha->tha_flags & 0xFF;
698 699 /*
699 700 * If timestamp option is aligned nicely, get values inline,
700 701 * otherwise call general routine to parse. Only do that
701 702 * if timestamp is the only option.
702 703 */
703 704 if (TCP_HDR_LENGTH(tcpha) == (uint32_t)TCP_MIN_HEADER_LENGTH +
704 705 TCPOPT_REAL_TS_LEN &&
705 706 OK_32PTR((up = ((uint8_t *)tcpha) +
706 707 TCP_MIN_HEADER_LENGTH)) &&
707 708 *(uint32_t *)up == TCPOPT_NOP_NOP_TSTAMP) {
708 709 tcpoptp->tcp_opt_ts_val = ABE32_TO_U32((up+4));
709 710 tcpoptp->tcp_opt_ts_ecr = ABE32_TO_U32((up+8));
710 711
711 712 options = TCP_OPT_TSTAMP_PRESENT;
712 713 } else {
713 714 if (tcp->tcp_snd_sack_ok) {
714 715 tcpoptp->tcp = tcp;
715 716 } else {
716 717 tcpoptp->tcp = NULL;
717 718 }
718 719 options = tcp_parse_options(tcpha, tcpoptp);
719 720 }
720 721
721 722 if (options & TCP_OPT_TSTAMP_PRESENT) {
722 723 /*
723 724 * Do PAWS per RFC 1323 section 4.2. Accept RST
724 725 * regardless of the timestamp, page 18 RFC 1323.bis.
725 726 */
726 727 if ((flags & TH_RST) == 0 &&
727 728 TSTMP_LT(tcpoptp->tcp_opt_ts_val,
728 729 tcp->tcp_ts_recent)) {
729 730 if (LBOLT_FASTPATH64 <
730 731 (tcp->tcp_last_rcv_lbolt + PAWS_TIMEOUT)) {
731 732 /* This segment is not acceptable. */
732 733 return (B_FALSE);
733 734 } else {
734 735 /*
735 736 * Connection has been idle for
736 737 * too long. Reset the timestamp
737 738 * and assume the segment is valid.
738 739 */
739 740 tcp->tcp_ts_recent =
740 741 tcpoptp->tcp_opt_ts_val;
741 742 }
742 743 }
743 744 } else {
744 745 /*
745 746 * If we don't get a timestamp on every packet, we
746 747 * figure we can't really trust 'em, so we stop sending
747 748 * and parsing them.
748 749 */
749 750 tcp->tcp_snd_ts_ok = B_FALSE;
750 751
751 752 connp->conn_ht_iphc_len -= TCPOPT_REAL_TS_LEN;
752 753 connp->conn_ht_ulp_len -= TCPOPT_REAL_TS_LEN;
753 754 tcp->tcp_tcpha->tha_offset_and_reserved -= (3 << 4);
754 755 /*
755 756 * Adjust the tcp_mss and tcp_cwnd accordingly. We avoid
756 757 * doing a slow start here so as to not to lose on the
757 758 * transfer rate built up so far.
758 759 */
759 760 tcp_mss_set(tcp, tcp->tcp_mss + TCPOPT_REAL_TS_LEN);
760 761 if (tcp->tcp_snd_sack_ok)
761 762 tcp->tcp_max_sack_blk = 4;
762 763 }
763 764 return (B_TRUE);
764 765 }
765 766
766 767 /*
767 768 * Defense for the SYN attack -
768 769 * 1. When q0 is full, drop from the tail (tcp_eager_prev_drop_q0) the oldest
769 770 * one from the list of droppable eagers. This list is a subset of q0.
770 771 * see comments before the definition of MAKE_DROPPABLE().
771 772 * 2. Don't drop a SYN request before its first timeout. This gives every
772 773 * request at least til the first timeout to complete its 3-way handshake.
773 774 * 3. Maintain tcp_syn_rcvd_timeout as an accurate count of how many
774 775 * requests currently on the queue that has timed out. This will be used
775 776 * as an indicator of whether an attack is under way, so that appropriate
776 777 * actions can be taken. (It's incremented in tcp_timer() and decremented
777 778 * either when eager goes into ESTABLISHED, or gets freed up.)
778 779 * 4. The current threshold is - # of timeout > q0len/4 => SYN alert on
779 780 * # of timeout drops back to <= q0len/32 => SYN alert off
780 781 */
781 782 static boolean_t
782 783 tcp_drop_q0(tcp_t *tcp)
783 784 {
784 785 tcp_t *eager;
785 786 mblk_t *mp;
786 787 tcp_stack_t *tcps = tcp->tcp_tcps;
787 788
788 789 ASSERT(MUTEX_HELD(&tcp->tcp_eager_lock));
789 790 ASSERT(tcp->tcp_eager_next_q0 != tcp->tcp_eager_prev_q0);
790 791
791 792 /* Pick oldest eager from the list of droppable eagers */
792 793 eager = tcp->tcp_eager_prev_drop_q0;
793 794
794 795 /* If list is empty. return B_FALSE */
795 796 if (eager == tcp) {
796 797 return (B_FALSE);
797 798 }
798 799
799 800 /* If allocated, the mp will be freed in tcp_clean_death_wrapper() */
800 801 if ((mp = allocb(0, BPRI_HI)) == NULL)
801 802 return (B_FALSE);
802 803
803 804 /*
804 805 * Take this eager out from the list of droppable eagers since we are
805 806 * going to drop it.
806 807 */
807 808 MAKE_UNDROPPABLE(eager);
808 809
809 810 if (tcp->tcp_connp->conn_debug) {
810 811 (void) strlog(TCP_MOD_ID, 0, 3, SL_TRACE,
811 812 "tcp_drop_q0: listen half-open queue (max=%d) overflow"
812 813 " (%d pending) on %s, drop one", tcps->tcps_conn_req_max_q0,
813 814 tcp->tcp_conn_req_cnt_q0,
814 815 tcp_display(tcp, NULL, DISP_PORT_ONLY));
815 816 }
816 817
817 818 TCPS_BUMP_MIB(tcps, tcpHalfOpenDrop);
818 819
819 820 /* Put a reference on the conn as we are enqueueing it in the sqeue */
820 821 CONN_INC_REF(eager->tcp_connp);
821 822
822 823 SQUEUE_ENTER_ONE(eager->tcp_connp->conn_sqp, mp,
823 824 tcp_clean_death_wrapper, eager->tcp_connp, NULL,
824 825 SQ_FILL, SQTAG_TCP_DROP_Q0);
825 826
826 827 return (B_TRUE);
827 828 }
828 829
829 830 /*
830 831 * Handle a SYN on an AF_INET6 socket; can be either IPv4 or IPv6
831 832 */
832 833 static mblk_t *
833 834 tcp_conn_create_v6(conn_t *lconnp, conn_t *connp, mblk_t *mp,
834 835 ip_recv_attr_t *ira)
835 836 {
836 837 tcp_t *ltcp = lconnp->conn_tcp;
837 838 tcp_t *tcp = connp->conn_tcp;
838 839 mblk_t *tpi_mp;
839 840 ipha_t *ipha;
840 841 ip6_t *ip6h;
841 842 sin6_t sin6;
842 843 uint_t ifindex = ira->ira_ruifindex;
843 844 tcp_stack_t *tcps = tcp->tcp_tcps;
844 845
845 846 if (ira->ira_flags & IRAF_IS_IPV4) {
846 847 ipha = (ipha_t *)mp->b_rptr;
847 848
848 849 connp->conn_ipversion = IPV4_VERSION;
849 850 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_dst, &connp->conn_laddr_v6);
850 851 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_src, &connp->conn_faddr_v6);
851 852 connp->conn_saddr_v6 = connp->conn_laddr_v6;
852 853
853 854 sin6 = sin6_null;
854 855 sin6.sin6_addr = connp->conn_faddr_v6;
855 856 sin6.sin6_port = connp->conn_fport;
856 857 sin6.sin6_family = AF_INET6;
857 858 sin6.__sin6_src_id = ip_srcid_find_addr(&connp->conn_laddr_v6,
858 859 IPCL_ZONEID(lconnp), tcps->tcps_netstack);
859 860
860 861 if (connp->conn_recv_ancillary.crb_recvdstaddr) {
861 862 sin6_t sin6d;
862 863
863 864 sin6d = sin6_null;
864 865 sin6d.sin6_addr = connp->conn_laddr_v6;
865 866 sin6d.sin6_port = connp->conn_lport;
866 867 sin6d.sin6_family = AF_INET;
867 868 tpi_mp = mi_tpi_extconn_ind(NULL,
868 869 (char *)&sin6d, sizeof (sin6_t),
869 870 (char *)&tcp,
870 871 (t_scalar_t)sizeof (intptr_t),
871 872 (char *)&sin6d, sizeof (sin6_t),
872 873 (t_scalar_t)ltcp->tcp_conn_req_seqnum);
873 874 } else {
874 875 tpi_mp = mi_tpi_conn_ind(NULL,
875 876 (char *)&sin6, sizeof (sin6_t),
876 877 (char *)&tcp, (t_scalar_t)sizeof (intptr_t),
877 878 (t_scalar_t)ltcp->tcp_conn_req_seqnum);
878 879 }
879 880 } else {
880 881 ip6h = (ip6_t *)mp->b_rptr;
881 882
882 883 connp->conn_ipversion = IPV6_VERSION;
883 884 connp->conn_laddr_v6 = ip6h->ip6_dst;
884 885 connp->conn_faddr_v6 = ip6h->ip6_src;
885 886 connp->conn_saddr_v6 = connp->conn_laddr_v6;
886 887
887 888 sin6 = sin6_null;
888 889 sin6.sin6_addr = connp->conn_faddr_v6;
889 890 sin6.sin6_port = connp->conn_fport;
890 891 sin6.sin6_family = AF_INET6;
891 892 sin6.sin6_flowinfo = ip6h->ip6_vcf & ~IPV6_VERS_AND_FLOW_MASK;
892 893 sin6.__sin6_src_id = ip_srcid_find_addr(&connp->conn_laddr_v6,
893 894 IPCL_ZONEID(lconnp), tcps->tcps_netstack);
894 895
895 896 if (IN6_IS_ADDR_LINKSCOPE(&ip6h->ip6_src)) {
896 897 /* Pass up the scope_id of remote addr */
897 898 sin6.sin6_scope_id = ifindex;
898 899 } else {
899 900 sin6.sin6_scope_id = 0;
900 901 }
901 902 if (connp->conn_recv_ancillary.crb_recvdstaddr) {
902 903 sin6_t sin6d;
903 904
904 905 sin6d = sin6_null;
905 906 sin6.sin6_addr = connp->conn_laddr_v6;
906 907 sin6d.sin6_port = connp->conn_lport;
907 908 sin6d.sin6_family = AF_INET6;
908 909 if (IN6_IS_ADDR_LINKSCOPE(&connp->conn_laddr_v6))
909 910 sin6d.sin6_scope_id = ifindex;
910 911
911 912 tpi_mp = mi_tpi_extconn_ind(NULL,
912 913 (char *)&sin6d, sizeof (sin6_t),
913 914 (char *)&tcp, (t_scalar_t)sizeof (intptr_t),
914 915 (char *)&sin6d, sizeof (sin6_t),
915 916 (t_scalar_t)ltcp->tcp_conn_req_seqnum);
916 917 } else {
917 918 tpi_mp = mi_tpi_conn_ind(NULL,
918 919 (char *)&sin6, sizeof (sin6_t),
919 920 (char *)&tcp, (t_scalar_t)sizeof (intptr_t),
920 921 (t_scalar_t)ltcp->tcp_conn_req_seqnum);
921 922 }
922 923 }
923 924
924 925 tcp->tcp_mss = tcps->tcps_mss_def_ipv6;
925 926 return (tpi_mp);
926 927 }
927 928
928 929 /* Handle a SYN on an AF_INET socket */
929 930 static mblk_t *
930 931 tcp_conn_create_v4(conn_t *lconnp, conn_t *connp, mblk_t *mp,
931 932 ip_recv_attr_t *ira)
932 933 {
933 934 tcp_t *ltcp = lconnp->conn_tcp;
934 935 tcp_t *tcp = connp->conn_tcp;
935 936 sin_t sin;
936 937 mblk_t *tpi_mp = NULL;
937 938 tcp_stack_t *tcps = tcp->tcp_tcps;
938 939 ipha_t *ipha;
939 940
940 941 ASSERT(ira->ira_flags & IRAF_IS_IPV4);
941 942 ipha = (ipha_t *)mp->b_rptr;
942 943
943 944 connp->conn_ipversion = IPV4_VERSION;
944 945 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_dst, &connp->conn_laddr_v6);
945 946 IN6_IPADDR_TO_V4MAPPED(ipha->ipha_src, &connp->conn_faddr_v6);
946 947 connp->conn_saddr_v6 = connp->conn_laddr_v6;
947 948
948 949 sin = sin_null;
949 950 sin.sin_addr.s_addr = connp->conn_faddr_v4;
950 951 sin.sin_port = connp->conn_fport;
951 952 sin.sin_family = AF_INET;
952 953 if (lconnp->conn_recv_ancillary.crb_recvdstaddr) {
953 954 sin_t sind;
954 955
955 956 sind = sin_null;
956 957 sind.sin_addr.s_addr = connp->conn_laddr_v4;
957 958 sind.sin_port = connp->conn_lport;
958 959 sind.sin_family = AF_INET;
959 960 tpi_mp = mi_tpi_extconn_ind(NULL,
960 961 (char *)&sind, sizeof (sin_t), (char *)&tcp,
961 962 (t_scalar_t)sizeof (intptr_t), (char *)&sind,
962 963 sizeof (sin_t), (t_scalar_t)ltcp->tcp_conn_req_seqnum);
963 964 } else {
964 965 tpi_mp = mi_tpi_conn_ind(NULL,
965 966 (char *)&sin, sizeof (sin_t),
966 967 (char *)&tcp, (t_scalar_t)sizeof (intptr_t),
967 968 (t_scalar_t)ltcp->tcp_conn_req_seqnum);
968 969 }
969 970
970 971 tcp->tcp_mss = tcps->tcps_mss_def_ipv4;
971 972 return (tpi_mp);
972 973 }
973 974
974 975 /*
975 976 * Called via squeue to get on to eager's perimeter. It sends a
976 977 * TH_RST if eager is in the fanout table. The listener wants the
977 978 * eager to disappear either by means of tcp_eager_blowoff() or
978 979 * tcp_eager_cleanup() being called. tcp_eager_kill() can also be
979 980 * called (via squeue) if the eager cannot be inserted in the
980 981 * fanout table in tcp_input_listener().
981 982 */
982 983 /* ARGSUSED */
983 984 void
984 985 tcp_eager_kill(void *arg, mblk_t *mp, void *arg2, ip_recv_attr_t *dummy)
985 986 {
986 987 conn_t *econnp = (conn_t *)arg;
987 988 tcp_t *eager = econnp->conn_tcp;
988 989 tcp_t *listener = eager->tcp_listener;
989 990
990 991 /*
991 992 * We could be called because listener is closing. Since
992 993 * the eager was using listener's queue's, we avoid
993 994 * using the listeners queues from now on.
994 995 */
995 996 ASSERT(eager->tcp_detached);
996 997 econnp->conn_rq = NULL;
997 998 econnp->conn_wq = NULL;
998 999
999 1000 /*
1000 1001 * An eager's conn_fanout will be NULL if it's a duplicate
1001 1002 * for an existing 4-tuples in the conn fanout table.
1002 1003 * We don't want to send an RST out in such case.
1003 1004 */
1004 1005 if (econnp->conn_fanout != NULL && eager->tcp_state > TCPS_LISTEN) {
1005 1006 tcp_xmit_ctl("tcp_eager_kill, can't wait",
1006 1007 eager, eager->tcp_snxt, 0, TH_RST);
1007 1008 }
1008 1009
1009 1010 /* We are here because listener wants this eager gone */
1010 1011 if (listener != NULL) {
1011 1012 mutex_enter(&listener->tcp_eager_lock);
1012 1013 tcp_eager_unlink(eager);
1013 1014 if (eager->tcp_tconnind_started) {
1014 1015 /*
1015 1016 * The eager has sent a conn_ind up to the
1016 1017 * listener but listener decides to close
1017 1018 * instead. We need to drop the extra ref
1018 1019 * placed on eager in tcp_input_data() before
1019 1020 * sending the conn_ind to listener.
1020 1021 */
1021 1022 CONN_DEC_REF(econnp);
1022 1023 }
1023 1024 mutex_exit(&listener->tcp_eager_lock);
1024 1025 CONN_DEC_REF(listener->tcp_connp);
1025 1026 }
1026 1027
1027 1028 if (eager->tcp_state != TCPS_CLOSED)
1028 1029 tcp_close_detached(eager);
1029 1030 }
1030 1031
1031 1032 /*
1032 1033 * Reset any eager connection hanging off this listener marked
1033 1034 * with 'seqnum' and then reclaim it's resources.
1034 1035 */
1035 1036 boolean_t
1036 1037 tcp_eager_blowoff(tcp_t *listener, t_scalar_t seqnum)
1037 1038 {
1038 1039 tcp_t *eager;
1039 1040 mblk_t *mp;
1040 1041
1041 1042 eager = listener;
1042 1043 mutex_enter(&listener->tcp_eager_lock);
1043 1044 do {
1044 1045 eager = eager->tcp_eager_next_q;
1045 1046 if (eager == NULL) {
1046 1047 mutex_exit(&listener->tcp_eager_lock);
1047 1048 return (B_FALSE);
1048 1049 }
1049 1050 } while (eager->tcp_conn_req_seqnum != seqnum);
1050 1051
1051 1052 if (eager->tcp_closemp_used) {
1052 1053 mutex_exit(&listener->tcp_eager_lock);
1053 1054 return (B_TRUE);
1054 1055 }
1055 1056 eager->tcp_closemp_used = B_TRUE;
1056 1057 TCP_DEBUG_GETPCSTACK(eager->tcmp_stk, 15);
1057 1058 CONN_INC_REF(eager->tcp_connp);
1058 1059 mutex_exit(&listener->tcp_eager_lock);
1059 1060 mp = &eager->tcp_closemp;
1060 1061 SQUEUE_ENTER_ONE(eager->tcp_connp->conn_sqp, mp, tcp_eager_kill,
1061 1062 eager->tcp_connp, NULL, SQ_FILL, SQTAG_TCP_EAGER_BLOWOFF);
1062 1063 return (B_TRUE);
1063 1064 }
1064 1065
1065 1066 /*
1066 1067 * Reset any eager connection hanging off this listener
1067 1068 * and then reclaim it's resources.
1068 1069 */
1069 1070 void
1070 1071 tcp_eager_cleanup(tcp_t *listener, boolean_t q0_only)
1071 1072 {
1072 1073 tcp_t *eager;
1073 1074 mblk_t *mp;
1074 1075 tcp_stack_t *tcps = listener->tcp_tcps;
1075 1076
1076 1077 ASSERT(MUTEX_HELD(&listener->tcp_eager_lock));
1077 1078
1078 1079 if (!q0_only) {
1079 1080 /* First cleanup q */
1080 1081 TCP_STAT(tcps, tcp_eager_blowoff_q);
1081 1082 eager = listener->tcp_eager_next_q;
1082 1083 while (eager != NULL) {
1083 1084 if (!eager->tcp_closemp_used) {
1084 1085 eager->tcp_closemp_used = B_TRUE;
1085 1086 TCP_DEBUG_GETPCSTACK(eager->tcmp_stk, 15);
1086 1087 CONN_INC_REF(eager->tcp_connp);
1087 1088 mp = &eager->tcp_closemp;
1088 1089 SQUEUE_ENTER_ONE(eager->tcp_connp->conn_sqp, mp,
1089 1090 tcp_eager_kill, eager->tcp_connp, NULL,
1090 1091 SQ_FILL, SQTAG_TCP_EAGER_CLEANUP);
1091 1092 }
1092 1093 eager = eager->tcp_eager_next_q;
1093 1094 }
1094 1095 }
1095 1096 /* Then cleanup q0 */
1096 1097 TCP_STAT(tcps, tcp_eager_blowoff_q0);
1097 1098 eager = listener->tcp_eager_next_q0;
1098 1099 while (eager != listener) {
1099 1100 if (!eager->tcp_closemp_used) {
1100 1101 eager->tcp_closemp_used = B_TRUE;
1101 1102 TCP_DEBUG_GETPCSTACK(eager->tcmp_stk, 15);
1102 1103 CONN_INC_REF(eager->tcp_connp);
1103 1104 mp = &eager->tcp_closemp;
1104 1105 SQUEUE_ENTER_ONE(eager->tcp_connp->conn_sqp, mp,
1105 1106 tcp_eager_kill, eager->tcp_connp, NULL, SQ_FILL,
1106 1107 SQTAG_TCP_EAGER_CLEANUP_Q0);
1107 1108 }
1108 1109 eager = eager->tcp_eager_next_q0;
1109 1110 }
1110 1111 }
1111 1112
1112 1113 /*
1113 1114 * If we are an eager connection hanging off a listener that hasn't
1114 1115 * formally accepted the connection yet, get off his list and blow off
1115 1116 * any data that we have accumulated.
1116 1117 */
1117 1118 void
1118 1119 tcp_eager_unlink(tcp_t *tcp)
1119 1120 {
1120 1121 tcp_t *listener = tcp->tcp_listener;
1121 1122
1122 1123 ASSERT(listener != NULL);
1123 1124 ASSERT(MUTEX_HELD(&listener->tcp_eager_lock));
1124 1125 if (tcp->tcp_eager_next_q0 != NULL) {
1125 1126 ASSERT(tcp->tcp_eager_prev_q0 != NULL);
1126 1127
1127 1128 /* Remove the eager tcp from q0 */
1128 1129 tcp->tcp_eager_next_q0->tcp_eager_prev_q0 =
1129 1130 tcp->tcp_eager_prev_q0;
1130 1131 tcp->tcp_eager_prev_q0->tcp_eager_next_q0 =
1131 1132 tcp->tcp_eager_next_q0;
1132 1133 ASSERT(listener->tcp_conn_req_cnt_q0 > 0);
1133 1134 listener->tcp_conn_req_cnt_q0--;
1134 1135
1135 1136 tcp->tcp_eager_next_q0 = NULL;
1136 1137 tcp->tcp_eager_prev_q0 = NULL;
1137 1138
1138 1139 /*
1139 1140 * Take the eager out, if it is in the list of droppable
1140 1141 * eagers.
1141 1142 */
1142 1143 MAKE_UNDROPPABLE(tcp);
1143 1144
1144 1145 if (tcp->tcp_syn_rcvd_timeout != 0) {
1145 1146 /* we have timed out before */
1146 1147 ASSERT(listener->tcp_syn_rcvd_timeout > 0);
1147 1148 listener->tcp_syn_rcvd_timeout--;
1148 1149 }
1149 1150 } else {
1150 1151 tcp_t **tcpp = &listener->tcp_eager_next_q;
1151 1152 tcp_t *prev = NULL;
1152 1153
1153 1154 for (; tcpp[0]; tcpp = &tcpp[0]->tcp_eager_next_q) {
1154 1155 if (tcpp[0] == tcp) {
1155 1156 if (listener->tcp_eager_last_q == tcp) {
1156 1157 /*
1157 1158 * If we are unlinking the last
1158 1159 * element on the list, adjust
1159 1160 * tail pointer. Set tail pointer
1160 1161 * to nil when list is empty.
1161 1162 */
1162 1163 ASSERT(tcp->tcp_eager_next_q == NULL);
1163 1164 if (listener->tcp_eager_last_q ==
1164 1165 listener->tcp_eager_next_q) {
1165 1166 listener->tcp_eager_last_q =
1166 1167 NULL;
1167 1168 } else {
1168 1169 /*
1169 1170 * We won't get here if there
1170 1171 * is only one eager in the
1171 1172 * list.
1172 1173 */
1173 1174 ASSERT(prev != NULL);
1174 1175 listener->tcp_eager_last_q =
1175 1176 prev;
1176 1177 }
1177 1178 }
1178 1179 tcpp[0] = tcp->tcp_eager_next_q;
1179 1180 tcp->tcp_eager_next_q = NULL;
1180 1181 tcp->tcp_eager_last_q = NULL;
1181 1182 ASSERT(listener->tcp_conn_req_cnt_q > 0);
1182 1183 listener->tcp_conn_req_cnt_q--;
1183 1184 break;
1184 1185 }
1185 1186 prev = tcpp[0];
1186 1187 }
1187 1188 }
1188 1189 tcp->tcp_listener = NULL;
1189 1190 }
1190 1191
1191 1192 /* BEGIN CSTYLED */
1192 1193 /*
1193 1194 *
1194 1195 * The sockfs ACCEPT path:
1195 1196 * =======================
1196 1197 *
1197 1198 * The eager is now established in its own perimeter as soon as SYN is
1198 1199 * received in tcp_input_listener(). When sockfs receives conn_ind, it
1199 1200 * completes the accept processing on the acceptor STREAM. The sending
1200 1201 * of conn_ind part is common for both sockfs listener and a TLI/XTI
1201 1202 * listener but a TLI/XTI listener completes the accept processing
1202 1203 * on the listener perimeter.
1203 1204 *
1204 1205 * Common control flow for 3 way handshake:
1205 1206 * ----------------------------------------
1206 1207 *
1207 1208 * incoming SYN (listener perimeter) -> tcp_input_listener()
1208 1209 *
1209 1210 * incoming SYN-ACK-ACK (eager perim) -> tcp_input_data()
1210 1211 * send T_CONN_IND (listener perim) -> tcp_send_conn_ind()
1211 1212 *
1212 1213 * Sockfs ACCEPT Path:
1213 1214 * -------------------
1214 1215 *
1215 1216 * open acceptor stream (tcp_open allocates tcp_tli_accept()
1216 1217 * as STREAM entry point)
1217 1218 *
1218 1219 * soaccept() sends T_CONN_RES on the acceptor STREAM to tcp_tli_accept()
1219 1220 *
1220 1221 * tcp_tli_accept() extracts the eager and makes the q->q_ptr <-> eager
1221 1222 * association (we are not behind eager's squeue but sockfs is protecting us
1222 1223 * and no one knows about this stream yet. The STREAMS entry point q->q_info
1223 1224 * is changed to point at tcp_wput().
1224 1225 *
1225 1226 * tcp_accept_common() sends any deferred eagers via tcp_send_pending() to
1226 1227 * listener (done on listener's perimeter).
1227 1228 *
1228 1229 * tcp_tli_accept() calls tcp_accept_finish() on eagers perimeter to finish
1229 1230 * accept.
1230 1231 *
1231 1232 * TLI/XTI client ACCEPT path:
1232 1233 * ---------------------------
1233 1234 *
1234 1235 * soaccept() sends T_CONN_RES on the listener STREAM.
1235 1236 *
1236 1237 * tcp_tli_accept() -> tcp_accept_swap() complete the processing and send
1237 1238 * a M_SETOPS mblk to eager perimeter to finish accept (tcp_accept_finish()).
1238 1239 *
1239 1240 * Locks:
1240 1241 * ======
1241 1242 *
1242 1243 * listener->tcp_eager_lock protects the listeners->tcp_eager_next_q0 and
1243 1244 * and listeners->tcp_eager_next_q.
1244 1245 *
1245 1246 * Referencing:
1246 1247 * ============
1247 1248 *
1248 1249 * 1) We start out in tcp_input_listener by eager placing a ref on
1249 1250 * listener and listener adding eager to listeners->tcp_eager_next_q0.
1250 1251 *
1251 1252 * 2) When a SYN-ACK-ACK arrives, we send the conn_ind to listener. Before
1252 1253 * doing so we place a ref on the eager. This ref is finally dropped at the
1253 1254 * end of tcp_accept_finish() while unwinding from the squeue, i.e. the
1254 1255 * reference is dropped by the squeue framework.
1255 1256 *
1256 1257 * 3) The ref on listener placed in 1 above is dropped in tcp_accept_finish
1257 1258 *
1258 1259 * The reference must be released by the same entity that added the reference
1259 1260 * In the above scheme, the eager is the entity that adds and releases the
1260 1261 * references. Note that tcp_accept_finish executes in the squeue of the eager
1261 1262 * (albeit after it is attached to the acceptor stream). Though 1. executes
1262 1263 * in the listener's squeue, the eager is nascent at this point and the
1263 1264 * reference can be considered to have been added on behalf of the eager.
1264 1265 *
1265 1266 * Eager getting a Reset or listener closing:
1266 1267 * ==========================================
1267 1268 *
1268 1269 * Once the listener and eager are linked, the listener never does the unlink.
1269 1270 * If the listener needs to close, tcp_eager_cleanup() is called which queues
1270 1271 * a message on all eager perimeter. The eager then does the unlink, clears
1271 1272 * any pointers to the listener's queue and drops the reference to the
1272 1273 * listener. The listener waits in tcp_close outside the squeue until its
1273 1274 * refcount has dropped to 1. This ensures that the listener has waited for
1274 1275 * all eagers to clear their association with the listener.
1275 1276 *
1276 1277 * Similarly, if eager decides to go away, it can unlink itself and close.
1277 1278 * When the T_CONN_RES comes down, we check if eager has closed. Note that
1278 1279 * the reference to eager is still valid because of the extra ref we put
1279 1280 * in tcp_send_conn_ind.
1280 1281 *
1281 1282 * Listener can always locate the eager under the protection
1282 1283 * of the listener->tcp_eager_lock, and then do a refhold
1283 1284 * on the eager during the accept processing.
1284 1285 *
1285 1286 * The acceptor stream accesses the eager in the accept processing
1286 1287 * based on the ref placed on eager before sending T_conn_ind.
1287 1288 * The only entity that can negate this refhold is a listener close
1288 1289 * which is mutually exclusive with an active acceptor stream.
1289 1290 *
1290 1291 * Eager's reference on the listener
1291 1292 * ===================================
1292 1293 *
1293 1294 * If the accept happens (even on a closed eager) the eager drops its
1294 1295 * reference on the listener at the start of tcp_accept_finish. If the
1295 1296 * eager is killed due to an incoming RST before the T_conn_ind is sent up,
1296 1297 * the reference is dropped in tcp_closei_local. If the listener closes,
1297 1298 * the reference is dropped in tcp_eager_kill. In all cases the reference
1298 1299 * is dropped while executing in the eager's context (squeue).
1299 1300 */
1300 1301 /* END CSTYLED */
1301 1302
1302 1303 /* Process the SYN packet, mp, directed at the listener 'tcp' */
1303 1304
1304 1305 /*
1305 1306 * THIS FUNCTION IS DIRECTLY CALLED BY IP VIA SQUEUE FOR SYN.
1306 1307 * tcp_input_data will not see any packets for listeners since the listener
1307 1308 * has conn_recv set to tcp_input_listener.
1308 1309 */
1309 1310 /* ARGSUSED */
1310 1311 static void
1311 1312 tcp_input_listener(void *arg, mblk_t *mp, void *arg2, ip_recv_attr_t *ira)
1312 1313 {
1313 1314 tcpha_t *tcpha;
1314 1315 uint32_t seg_seq;
1315 1316 tcp_t *eager;
1316 1317 int err;
1317 1318 conn_t *econnp = NULL;
1318 1319 squeue_t *new_sqp;
1319 1320 mblk_t *mp1;
1320 1321 uint_t ip_hdr_len;
1321 1322 conn_t *lconnp = (conn_t *)arg;
1322 1323 tcp_t *listener = lconnp->conn_tcp;
1323 1324 tcp_stack_t *tcps = listener->tcp_tcps;
1324 1325 ip_stack_t *ipst = tcps->tcps_netstack->netstack_ip;
1325 1326 uint_t flags;
1326 1327 mblk_t *tpi_mp;
1327 1328 uint_t ifindex = ira->ira_ruifindex;
1328 1329 boolean_t tlc_set = B_FALSE;
1329 1330
1330 1331 ip_hdr_len = ira->ira_ip_hdr_length;
1331 1332 tcpha = (tcpha_t *)&mp->b_rptr[ip_hdr_len];
1332 1333 flags = (unsigned int)tcpha->tha_flags & 0xFF;
1333 1334
1334 1335 DTRACE_TCP5(receive, mblk_t *, NULL, ip_xmit_attr_t *, lconnp->conn_ixa,
1335 1336 __dtrace_tcp_void_ip_t *, mp->b_rptr, tcp_t *, listener,
1336 1337 __dtrace_tcp_tcph_t *, tcpha);
1337 1338
1338 1339 if (!(flags & TH_SYN)) {
1339 1340 if ((flags & TH_RST) || (flags & TH_URG)) {
1340 1341 freemsg(mp);
1341 1342 return;
1342 1343 }
1343 1344 if (flags & TH_ACK) {
1344 1345 /* Note this executes in listener's squeue */
1345 1346 tcp_xmit_listeners_reset(mp, ira, ipst, lconnp);
1346 1347 return;
1347 1348 }
1348 1349
1349 1350 freemsg(mp);
1350 1351 return;
1351 1352 }
1352 1353
1353 1354 if (listener->tcp_state != TCPS_LISTEN)
1354 1355 goto error2;
1355 1356
1356 1357 ASSERT(IPCL_IS_BOUND(lconnp));
1357 1358
1358 1359 mutex_enter(&listener->tcp_eager_lock);
1359 1360
1360 1361 /*
1361 1362 * The system is under memory pressure, so we need to do our part
1362 1363 * to relieve the pressure. So we only accept new request if there
1363 1364 * is nothing waiting to be accepted or waiting to complete the 3-way
1364 1365 * handshake. This means that busy listener will not get too many
1365 1366 * new requests which they cannot handle in time while non-busy
1366 1367 * listener is still functioning properly.
1367 1368 */
1368 1369 if (tcps->tcps_reclaim && (listener->tcp_conn_req_cnt_q > 0 ||
1369 1370 listener->tcp_conn_req_cnt_q0 > 0)) {
1370 1371 mutex_exit(&listener->tcp_eager_lock);
1371 1372 TCP_STAT(tcps, tcp_listen_mem_drop);
1372 1373 goto error2;
1373 1374 }
1374 1375
1375 1376 if (listener->tcp_conn_req_cnt_q >= listener->tcp_conn_req_max) {
1376 1377 mutex_exit(&listener->tcp_eager_lock);
1377 1378 TCP_STAT(tcps, tcp_listendrop);
1378 1379 TCPS_BUMP_MIB(tcps, tcpListenDrop);
1379 1380 if (lconnp->conn_debug) {
1380 1381 (void) strlog(TCP_MOD_ID, 0, 1, SL_TRACE|SL_ERROR,
1381 1382 "tcp_input_listener: listen backlog (max=%d) "
1382 1383 "overflow (%d pending) on %s",
1383 1384 listener->tcp_conn_req_max,
1384 1385 listener->tcp_conn_req_cnt_q,
1385 1386 tcp_display(listener, NULL, DISP_PORT_ONLY));
1386 1387 }
1387 1388 goto error2;
1388 1389 }
1389 1390
1390 1391 if (listener->tcp_conn_req_cnt_q0 >=
1391 1392 listener->tcp_conn_req_max + tcps->tcps_conn_req_max_q0) {
1392 1393 /*
1393 1394 * Q0 is full. Drop a pending half-open req from the queue
1394 1395 * to make room for the new SYN req. Also mark the time we
1395 1396 * drop a SYN.
1396 1397 *
1397 1398 * A more aggressive defense against SYN attack will
1398 1399 * be to set the "tcp_syn_defense" flag now.
1399 1400 */
1400 1401 TCP_STAT(tcps, tcp_listendropq0);
1401 1402 listener->tcp_last_rcv_lbolt = ddi_get_lbolt64();
1402 1403 if (!tcp_drop_q0(listener)) {
1403 1404 mutex_exit(&listener->tcp_eager_lock);
1404 1405 TCPS_BUMP_MIB(tcps, tcpListenDropQ0);
1405 1406 if (lconnp->conn_debug) {
1406 1407 (void) strlog(TCP_MOD_ID, 0, 3, SL_TRACE,
1407 1408 "tcp_input_listener: listen half-open "
1408 1409 "queue (max=%d) full (%d pending) on %s",
1409 1410 tcps->tcps_conn_req_max_q0,
1410 1411 listener->tcp_conn_req_cnt_q0,
1411 1412 tcp_display(listener, NULL,
1412 1413 DISP_PORT_ONLY));
1413 1414 }
1414 1415 goto error2;
1415 1416 }
1416 1417 }
1417 1418
1418 1419 /*
1419 1420 * Enforce the limit set on the number of connections per listener.
1420 1421 * Note that tlc_cnt starts with 1. So need to add 1 to tlc_max
1421 1422 * for comparison.
1422 1423 */
1423 1424 if (listener->tcp_listen_cnt != NULL) {
1424 1425 tcp_listen_cnt_t *tlc = listener->tcp_listen_cnt;
1425 1426 int64_t now;
1426 1427
1427 1428 if (atomic_add_32_nv(&tlc->tlc_cnt, 1) > tlc->tlc_max + 1) {
1428 1429 mutex_exit(&listener->tcp_eager_lock);
1429 1430 now = ddi_get_lbolt64();
1430 1431 atomic_add_32(&tlc->tlc_cnt, -1);
1431 1432 TCP_STAT(tcps, tcp_listen_cnt_drop);
1432 1433 tlc->tlc_drop++;
1433 1434 if (now - tlc->tlc_report_time >
1434 1435 MSEC_TO_TICK(TCP_TLC_REPORT_INTERVAL)) {
1435 1436 zcmn_err(lconnp->conn_zoneid, CE_WARN,
1436 1437 "Listener (port %d) connection max (%u) "
1437 1438 "reached: %u attempts dropped total\n",
1438 1439 ntohs(listener->tcp_connp->conn_lport),
1439 1440 tlc->tlc_max, tlc->tlc_drop);
1440 1441 tlc->tlc_report_time = now;
1441 1442 }
1442 1443 goto error2;
1443 1444 }
1444 1445 tlc_set = B_TRUE;
1445 1446 }
1446 1447
1447 1448 mutex_exit(&listener->tcp_eager_lock);
1448 1449
1449 1450 /*
1450 1451 * IP sets ira_sqp to either the senders conn_sqp (for loopback)
1451 1452 * or based on the ring (for packets from GLD). Otherwise it is
1452 1453 * set based on lbolt i.e., a somewhat random number.
1453 1454 */
1454 1455 ASSERT(ira->ira_sqp != NULL);
1455 1456 new_sqp = ira->ira_sqp;
1456 1457
1457 1458 econnp = (conn_t *)tcp_get_conn(arg2, tcps);
1458 1459 if (econnp == NULL)
1459 1460 goto error2;
1460 1461
1461 1462 ASSERT(econnp->conn_netstack == lconnp->conn_netstack);
1462 1463 econnp->conn_sqp = new_sqp;
1463 1464 econnp->conn_initial_sqp = new_sqp;
1464 1465 econnp->conn_ixa->ixa_sqp = new_sqp;
1465 1466
1466 1467 econnp->conn_fport = tcpha->tha_lport;
1467 1468 econnp->conn_lport = tcpha->tha_fport;
1468 1469
1469 1470 err = conn_inherit_parent(lconnp, econnp);
1470 1471 if (err != 0)
1471 1472 goto error3;
1472 1473
1473 1474 /* We already know the laddr of the new connection is ours */
1474 1475 econnp->conn_ixa->ixa_src_generation = ipst->ips_src_generation;
1475 1476
1476 1477 ASSERT(OK_32PTR(mp->b_rptr));
1477 1478 ASSERT(IPH_HDR_VERSION(mp->b_rptr) == IPV4_VERSION ||
1478 1479 IPH_HDR_VERSION(mp->b_rptr) == IPV6_VERSION);
1479 1480
1480 1481 if (lconnp->conn_family == AF_INET) {
1481 1482 ASSERT(IPH_HDR_VERSION(mp->b_rptr) == IPV4_VERSION);
1482 1483 tpi_mp = tcp_conn_create_v4(lconnp, econnp, mp, ira);
1483 1484 } else {
1484 1485 tpi_mp = tcp_conn_create_v6(lconnp, econnp, mp, ira);
1485 1486 }
1486 1487
1487 1488 if (tpi_mp == NULL)
1488 1489 goto error3;
1489 1490
1490 1491 eager = econnp->conn_tcp;
1491 1492 eager->tcp_detached = B_TRUE;
1492 1493 SOCK_CONNID_INIT(eager->tcp_connid);
1493 1494
1494 1495 /*
1495 1496 * Initialize the eager's tcp_t and inherit some parameters from
1496 1497 * the listener.
1497 1498 */
1498 1499 tcp_init_values(eager, listener);
1499 1500
1500 1501 ASSERT((econnp->conn_ixa->ixa_flags &
1501 1502 (IXAF_SET_ULP_CKSUM | IXAF_VERIFY_SOURCE |
1502 1503 IXAF_VERIFY_PMTU | IXAF_VERIFY_LSO)) ==
1503 1504 (IXAF_SET_ULP_CKSUM | IXAF_VERIFY_SOURCE |
1504 1505 IXAF_VERIFY_PMTU | IXAF_VERIFY_LSO));
1505 1506
1506 1507 if (!tcps->tcps_dev_flow_ctl)
1507 1508 econnp->conn_ixa->ixa_flags |= IXAF_NO_DEV_FLOW_CTL;
1508 1509
1509 1510 /* Prepare for diffing against previous packets */
1510 1511 eager->tcp_recvifindex = 0;
1511 1512 eager->tcp_recvhops = 0xffffffffU;
1512 1513
1513 1514 if (!(ira->ira_flags & IRAF_IS_IPV4) && econnp->conn_bound_if == 0) {
1514 1515 if (IN6_IS_ADDR_LINKSCOPE(&econnp->conn_faddr_v6) ||
1515 1516 IN6_IS_ADDR_LINKSCOPE(&econnp->conn_laddr_v6)) {
1516 1517 econnp->conn_incoming_ifindex = ifindex;
1517 1518 econnp->conn_ixa->ixa_flags |= IXAF_SCOPEID_SET;
1518 1519 econnp->conn_ixa->ixa_scopeid = ifindex;
1519 1520 }
1520 1521 }
1521 1522
1522 1523 if ((ira->ira_flags & (IRAF_IS_IPV4|IRAF_IPV4_OPTIONS)) ==
1523 1524 (IRAF_IS_IPV4|IRAF_IPV4_OPTIONS) &&
1524 1525 tcps->tcps_rev_src_routes) {
1525 1526 ipha_t *ipha = (ipha_t *)mp->b_rptr;
1526 1527 ip_pkt_t *ipp = &econnp->conn_xmit_ipp;
1527 1528
1528 1529 /* Source routing option copyover (reverse it) */
1529 1530 err = ip_find_hdr_v4(ipha, ipp, B_TRUE);
1530 1531 if (err != 0) {
1531 1532 freemsg(tpi_mp);
1532 1533 goto error3;
1533 1534 }
1534 1535 ip_pkt_source_route_reverse_v4(ipp);
1535 1536 }
1536 1537
1537 1538 ASSERT(eager->tcp_conn.tcp_eager_conn_ind == NULL);
1538 1539 ASSERT(!eager->tcp_tconnind_started);
1539 1540 /*
1540 1541 * If the SYN came with a credential, it's a loopback packet or a
1541 1542 * labeled packet; attach the credential to the TPI message.
1542 1543 */
1543 1544 if (ira->ira_cred != NULL)
1544 1545 mblk_setcred(tpi_mp, ira->ira_cred, ira->ira_cpid);
1545 1546
1546 1547 eager->tcp_conn.tcp_eager_conn_ind = tpi_mp;
1547 1548 ASSERT(eager->tcp_ordrel_mp == NULL);
1548 1549
1549 1550 /* Inherit the listener's non-STREAMS flag */
1550 1551 if (IPCL_IS_NONSTR(lconnp)) {
1551 1552 econnp->conn_flags |= IPCL_NONSTR;
1552 1553 /* All non-STREAMS tcp_ts are sockets */
1553 1554 eager->tcp_issocket = B_TRUE;
1554 1555 } else {
1555 1556 /*
1556 1557 * Pre-allocate the T_ordrel_ind mblk for TPI socket so that
1557 1558 * at close time, we will always have that to send up.
1558 1559 * Otherwise, we need to do special handling in case the
1559 1560 * allocation fails at that time.
1560 1561 */
1561 1562 if ((eager->tcp_ordrel_mp = mi_tpi_ordrel_ind()) == NULL)
1562 1563 goto error3;
1563 1564 }
1564 1565 /*
1565 1566 * Now that the IP addresses and ports are setup in econnp we
1566 1567 * can do the IPsec policy work.
1567 1568 */
1568 1569 if (ira->ira_flags & IRAF_IPSEC_SECURE) {
1569 1570 if (lconnp->conn_policy != NULL) {
1570 1571 /*
1571 1572 * Inherit the policy from the listener; use
1572 1573 * actions from ira
1573 1574 */
1574 1575 if (!ip_ipsec_policy_inherit(econnp, lconnp, ira)) {
1575 1576 CONN_DEC_REF(econnp);
1576 1577 freemsg(mp);
1577 1578 goto error3;
1578 1579 }
1579 1580 }
1580 1581 }
1581 1582
1582 1583 /*
1583 1584 * tcp_set_destination() may set tcp_rwnd according to the route
1584 1585 * metrics. If it does not, the eager's receive window will be set
1585 1586 * to the listener's receive window later in this function.
1586 1587 */
1587 1588 eager->tcp_rwnd = 0;
1588 1589
1589 1590 if (is_system_labeled()) {
1590 1591 ip_xmit_attr_t *ixa = econnp->conn_ixa;
1591 1592
1592 1593 ASSERT(ira->ira_tsl != NULL);
1593 1594 /* Discard any old label */
1594 1595 if (ixa->ixa_free_flags & IXA_FREE_TSL) {
1595 1596 ASSERT(ixa->ixa_tsl != NULL);
1596 1597 label_rele(ixa->ixa_tsl);
1597 1598 ixa->ixa_free_flags &= ~IXA_FREE_TSL;
1598 1599 ixa->ixa_tsl = NULL;
1599 1600 }
1600 1601 if ((lconnp->conn_mlp_type != mlptSingle ||
1601 1602 lconnp->conn_mac_mode != CONN_MAC_DEFAULT) &&
1602 1603 ira->ira_tsl != NULL) {
1603 1604 /*
1604 1605 * If this is an MLP connection or a MAC-Exempt
1605 1606 * connection with an unlabeled node, packets are to be
1606 1607 * exchanged using the security label of the received
1607 1608 * SYN packet instead of the server application's label.
1608 1609 * tsol_check_dest called from ip_set_destination
1609 1610 * might later update TSF_UNLABELED by replacing
1610 1611 * ixa_tsl with a new label.
1611 1612 */
1612 1613 label_hold(ira->ira_tsl);
1613 1614 ip_xmit_attr_replace_tsl(ixa, ira->ira_tsl);
1614 1615 DTRACE_PROBE2(mlp_syn_accept, conn_t *,
1615 1616 econnp, ts_label_t *, ixa->ixa_tsl)
1616 1617 } else {
1617 1618 ixa->ixa_tsl = crgetlabel(econnp->conn_cred);
1618 1619 DTRACE_PROBE2(syn_accept, conn_t *,
1619 1620 econnp, ts_label_t *, ixa->ixa_tsl)
1620 1621 }
1621 1622 /*
1622 1623 * conn_connect() called from tcp_set_destination will verify
1623 1624 * the destination is allowed to receive packets at the
1624 1625 * security label of the SYN-ACK we are generating. As part of
1625 1626 * that, tsol_check_dest() may create a new effective label for
1626 1627 * this connection.
1627 1628 * Finally conn_connect() will call conn_update_label.
1628 1629 * All that remains for TCP to do is to call
1629 1630 * conn_build_hdr_template which is done as part of
1630 1631 * tcp_set_destination.
1631 1632 */
1632 1633 }
1633 1634
1634 1635 /*
1635 1636 * Since we will clear tcp_listener before we clear tcp_detached
1636 1637 * in the accept code we need tcp_hard_binding aka tcp_accept_inprogress
1637 1638 * so we can tell a TCP_IS_DETACHED_NONEAGER apart.
1638 1639 */
1639 1640 eager->tcp_hard_binding = B_TRUE;
1640 1641
1641 1642 tcp_bind_hash_insert(&tcps->tcps_bind_fanout[
1642 1643 TCP_BIND_HASH(econnp->conn_lport)], eager, 0);
1643 1644
1644 1645 CL_INET_CONNECT(econnp, B_FALSE, err);
1645 1646 if (err != 0) {
1646 1647 tcp_bind_hash_remove(eager);
1647 1648 goto error3;
1648 1649 }
1649 1650
1650 1651 SOCK_CONNID_BUMP(eager->tcp_connid);
1651 1652
1652 1653 /*
1653 1654 * Adapt our mss, ttl, ... based on the remote address.
1654 1655 */
1655 1656
1656 1657 if (tcp_set_destination(eager) != 0) {
1657 1658 TCPS_BUMP_MIB(tcps, tcpAttemptFails);
1658 1659 /* Undo the bind_hash_insert */
1659 1660 tcp_bind_hash_remove(eager);
1660 1661 goto error3;
1661 1662 }
1662 1663
1663 1664 /* Process all TCP options. */
1664 1665 tcp_process_options(eager, tcpha);
1665 1666
1666 1667 /* Is the other end ECN capable? */
1667 1668 if (tcps->tcps_ecn_permitted >= 1 &&
1668 1669 (tcpha->tha_flags & (TH_ECE|TH_CWR)) == (TH_ECE|TH_CWR)) {
1669 1670 eager->tcp_ecn_ok = B_TRUE;
1670 1671 }
1671 1672
1672 1673 /*
1673 1674 * The listener's conn_rcvbuf should be the default window size or a
1674 1675 * window size changed via SO_RCVBUF option. First round up the
1675 1676 * eager's tcp_rwnd to the nearest MSS. Then find out the window
1676 1677 * scale option value if needed. Call tcp_rwnd_set() to finish the
1677 1678 * setting.
1678 1679 *
1679 1680 * Note if there is a rpipe metric associated with the remote host,
1680 1681 * we should not inherit receive window size from listener.
1681 1682 */
1682 1683 eager->tcp_rwnd = MSS_ROUNDUP(
1683 1684 (eager->tcp_rwnd == 0 ? econnp->conn_rcvbuf :
1684 1685 eager->tcp_rwnd), eager->tcp_mss);
1685 1686 if (eager->tcp_snd_ws_ok)
1686 1687 tcp_set_ws_value(eager);
1687 1688 /*
1688 1689 * Note that this is the only place tcp_rwnd_set() is called for
1689 1690 * accepting a connection. We need to call it here instead of
1690 1691 * after the 3-way handshake because we need to tell the other
1691 1692 * side our rwnd in the SYN-ACK segment.
1692 1693 */
1693 1694 (void) tcp_rwnd_set(eager, eager->tcp_rwnd);
1694 1695
1695 1696 ASSERT(eager->tcp_connp->conn_rcvbuf != 0 &&
1696 1697 eager->tcp_connp->conn_rcvbuf == eager->tcp_rwnd);
1697 1698
1698 1699 ASSERT(econnp->conn_rcvbuf != 0 &&
1699 1700 econnp->conn_rcvbuf == eager->tcp_rwnd);
1700 1701
1701 1702 /* Put a ref on the listener for the eager. */
1702 1703 CONN_INC_REF(lconnp);
1703 1704 mutex_enter(&listener->tcp_eager_lock);
1704 1705 listener->tcp_eager_next_q0->tcp_eager_prev_q0 = eager;
1705 1706 eager->tcp_eager_next_q0 = listener->tcp_eager_next_q0;
1706 1707 listener->tcp_eager_next_q0 = eager;
1707 1708 eager->tcp_eager_prev_q0 = listener;
1708 1709
1709 1710 /* Set tcp_listener before adding it to tcp_conn_fanout */
1710 1711 eager->tcp_listener = listener;
1711 1712 eager->tcp_saved_listener = listener;
1712 1713
1713 1714 /*
1714 1715 * Set tcp_listen_cnt so that when the connection is done, the counter
1715 1716 * is decremented.
1716 1717 */
1717 1718 eager->tcp_listen_cnt = listener->tcp_listen_cnt;
1718 1719
1719 1720 /*
1720 1721 * Tag this detached tcp vector for later retrieval
1721 1722 * by our listener client in tcp_accept().
1722 1723 */
1723 1724 eager->tcp_conn_req_seqnum = listener->tcp_conn_req_seqnum;
1724 1725 listener->tcp_conn_req_cnt_q0++;
1725 1726 if (++listener->tcp_conn_req_seqnum == -1) {
1726 1727 /*
1727 1728 * -1 is "special" and defined in TPI as something
1728 1729 * that should never be used in T_CONN_IND
1729 1730 */
1730 1731 ++listener->tcp_conn_req_seqnum;
1731 1732 }
1732 1733 mutex_exit(&listener->tcp_eager_lock);
1733 1734
1734 1735 if (listener->tcp_syn_defense) {
1735 1736 /* Don't drop the SYN that comes from a good IP source */
1736 1737 ipaddr_t *addr_cache;
1737 1738
1738 1739 addr_cache = (ipaddr_t *)(listener->tcp_ip_addr_cache);
1739 1740 if (addr_cache != NULL && econnp->conn_faddr_v4 ==
1740 1741 addr_cache[IP_ADDR_CACHE_HASH(econnp->conn_faddr_v4)]) {
1741 1742 eager->tcp_dontdrop = B_TRUE;
1742 1743 }
1743 1744 }
1744 1745
1745 1746 /*
1746 1747 * We need to insert the eager in its own perimeter but as soon
1747 1748 * as we do that, we expose the eager to the classifier and
1748 1749 * should not touch any field outside the eager's perimeter.
1749 1750 * So do all the work necessary before inserting the eager
1750 1751 * in its own perimeter. Be optimistic that conn_connect()
1751 1752 * will succeed but undo everything if it fails.
1752 1753 */
1753 1754 seg_seq = ntohl(tcpha->tha_seq);
1754 1755 eager->tcp_irs = seg_seq;
1755 1756 eager->tcp_rack = seg_seq;
1756 1757 eager->tcp_rnxt = seg_seq + 1;
1757 1758 eager->tcp_tcpha->tha_ack = htonl(eager->tcp_rnxt);
1758 1759 TCPS_BUMP_MIB(tcps, tcpPassiveOpens);
1759 1760 eager->tcp_state = TCPS_SYN_RCVD;
1760 1761 DTRACE_TCP6(state__change, void, NULL, ip_xmit_attr_t *,
1761 1762 econnp->conn_ixa, void, NULL, tcp_t *, eager, void, NULL,
1762 1763 int32_t, TCPS_LISTEN);
1763 1764
1764 1765 mp1 = tcp_xmit_mp(eager, eager->tcp_xmit_head, eager->tcp_mss,
1765 1766 NULL, NULL, eager->tcp_iss, B_FALSE, NULL, B_FALSE);
1766 1767 if (mp1 == NULL) {
1767 1768 /*
1768 1769 * Increment the ref count as we are going to
1769 1770 * enqueueing an mp in squeue
1770 1771 */
1771 1772 CONN_INC_REF(econnp);
1772 1773 goto error;
1773 1774 }
1774 1775
1775 1776 /*
1776 1777 * We need to start the rto timer. In normal case, we start
1777 1778 * the timer after sending the packet on the wire (or at
1778 1779 * least believing that packet was sent by waiting for
1779 1780 * conn_ip_output() to return). Since this is the first packet
1780 1781 * being sent on the wire for the eager, our initial tcp_rto
1781 1782 * is at least tcp_rexmit_interval_min which is a fairly
1782 1783 * large value to allow the algorithm to adjust slowly to large
1783 1784 * fluctuations of RTT during first few transmissions.
1784 1785 *
1785 1786 * Starting the timer first and then sending the packet in this
1786 1787 * case shouldn't make much difference since tcp_rexmit_interval_min
1787 1788 * is of the order of several 100ms and starting the timer
1788 1789 * first and then sending the packet will result in difference
1789 1790 * of few micro seconds.
1790 1791 *
1791 1792 * Without this optimization, we are forced to hold the fanout
1792 1793 * lock across the ipcl_bind_insert() and sending the packet
1793 1794 * so that we don't race against an incoming packet (maybe RST)
1794 1795 * for this eager.
1795 1796 *
1796 1797 * It is necessary to acquire an extra reference on the eager
1797 1798 * at this point and hold it until after tcp_send_data() to
1798 1799 * ensure against an eager close race.
1799 1800 */
1800 1801
1801 1802 CONN_INC_REF(econnp);
1802 1803
1803 1804 TCP_TIMER_RESTART(eager, eager->tcp_rto);
1804 1805
1805 1806 /*
1806 1807 * Insert the eager in its own perimeter now. We are ready to deal
1807 1808 * with any packets on eager.
1808 1809 */
1809 1810 if (ipcl_conn_insert(econnp) != 0)
1810 1811 goto error;
1811 1812
1812 1813 ASSERT(econnp->conn_ixa->ixa_notify_cookie == econnp->conn_tcp);
1813 1814 freemsg(mp);
1814 1815 /*
1815 1816 * Send the SYN-ACK. Use the right squeue so that conn_ixa is
1816 1817 * only used by one thread at a time.
1817 1818 */
1818 1819 if (econnp->conn_sqp == lconnp->conn_sqp) {
1819 1820 DTRACE_TCP5(send, mblk_t *, NULL, ip_xmit_attr_t *,
1820 1821 econnp->conn_ixa, __dtrace_tcp_void_ip_t *, mp1->b_rptr,
1821 1822 tcp_t *, eager, __dtrace_tcp_tcph_t *,
1822 1823 &mp1->b_rptr[econnp->conn_ixa->ixa_ip_hdr_length]);
1823 1824 (void) conn_ip_output(mp1, econnp->conn_ixa);
1824 1825 CONN_DEC_REF(econnp);
1825 1826 } else {
1826 1827 SQUEUE_ENTER_ONE(econnp->conn_sqp, mp1, tcp_send_synack,
1827 1828 econnp, NULL, SQ_PROCESS, SQTAG_TCP_SEND_SYNACK);
1828 1829 }
1829 1830 return;
1830 1831 error:
1831 1832 freemsg(mp1);
1832 1833 eager->tcp_closemp_used = B_TRUE;
1833 1834 TCP_DEBUG_GETPCSTACK(eager->tcmp_stk, 15);
1834 1835 mp1 = &eager->tcp_closemp;
1835 1836 SQUEUE_ENTER_ONE(econnp->conn_sqp, mp1, tcp_eager_kill,
1836 1837 econnp, NULL, SQ_FILL, SQTAG_TCP_CONN_REQ_2);
1837 1838
1838 1839 /*
1839 1840 * If a connection already exists, send the mp to that connections so
1840 1841 * that it can be appropriately dealt with.
1841 1842 */
1842 1843 ipst = tcps->tcps_netstack->netstack_ip;
1843 1844
1844 1845 if ((econnp = ipcl_classify(mp, ira, ipst)) != NULL) {
1845 1846 if (!IPCL_IS_CONNECTED(econnp)) {
1846 1847 /*
1847 1848 * Something bad happened. ipcl_conn_insert()
1848 1849 * failed because a connection already existed
1849 1850 * in connected hash but we can't find it
1850 1851 * anymore (someone blew it away). Just
1851 1852 * free this message and hopefully remote
1852 1853 * will retransmit at which time the SYN can be
1853 1854 * treated as a new connection or dealth with
1854 1855 * a TH_RST if a connection already exists.
1855 1856 */
1856 1857 CONN_DEC_REF(econnp);
1857 1858 freemsg(mp);
1858 1859 } else {
1859 1860 SQUEUE_ENTER_ONE(econnp->conn_sqp, mp, tcp_input_data,
1860 1861 econnp, ira, SQ_FILL, SQTAG_TCP_CONN_REQ_1);
1861 1862 }
1862 1863 } else {
1863 1864 /* Nobody wants this packet */
1864 1865 freemsg(mp);
1865 1866 }
1866 1867 return;
1867 1868 error3:
1868 1869 CONN_DEC_REF(econnp);
1869 1870 error2:
1870 1871 freemsg(mp);
1871 1872 if (tlc_set)
1872 1873 atomic_add_32(&listener->tcp_listen_cnt->tlc_cnt, -1);
1873 1874 }
1874 1875
1875 1876 /*
1876 1877 * In an ideal case of vertical partition in NUMA architecture, its
1877 1878 * beneficial to have the listener and all the incoming connections
1878 1879 * tied to the same squeue. The other constraint is that incoming
1879 1880 * connections should be tied to the squeue attached to interrupted
1880 1881 * CPU for obvious locality reason so this leaves the listener to
1881 1882 * be tied to the same squeue. Our only problem is that when listener
1882 1883 * is binding, the CPU that will get interrupted by the NIC whose
1883 1884 * IP address the listener is binding to is not even known. So
1884 1885 * the code below allows us to change that binding at the time the
1885 1886 * CPU is interrupted by virtue of incoming connection's squeue.
1886 1887 *
1887 1888 * This is usefull only in case of a listener bound to a specific IP
1888 1889 * address. For other kind of listeners, they get bound the
1889 1890 * very first time and there is no attempt to rebind them.
1890 1891 */
1891 1892 void
1892 1893 tcp_input_listener_unbound(void *arg, mblk_t *mp, void *arg2,
1893 1894 ip_recv_attr_t *ira)
1894 1895 {
1895 1896 conn_t *connp = (conn_t *)arg;
1896 1897 squeue_t *sqp = (squeue_t *)arg2;
1897 1898 squeue_t *new_sqp;
1898 1899 uint32_t conn_flags;
1899 1900
1900 1901 /*
1901 1902 * IP sets ira_sqp to either the senders conn_sqp (for loopback)
1902 1903 * or based on the ring (for packets from GLD). Otherwise it is
1903 1904 * set based on lbolt i.e., a somewhat random number.
1904 1905 */
1905 1906 ASSERT(ira->ira_sqp != NULL);
1906 1907 new_sqp = ira->ira_sqp;
1907 1908
1908 1909 if (connp->conn_fanout == NULL)
1909 1910 goto done;
1910 1911
1911 1912 if (!(connp->conn_flags & IPCL_FULLY_BOUND)) {
1912 1913 mutex_enter(&connp->conn_fanout->connf_lock);
1913 1914 mutex_enter(&connp->conn_lock);
1914 1915 /*
1915 1916 * No one from read or write side can access us now
1916 1917 * except for already queued packets on this squeue.
1917 1918 * But since we haven't changed the squeue yet, they
1918 1919 * can't execute. If they are processed after we have
1919 1920 * changed the squeue, they are sent back to the
1920 1921 * correct squeue down below.
1921 1922 * But a listner close can race with processing of
1922 1923 * incoming SYN. If incoming SYN processing changes
1923 1924 * the squeue then the listener close which is waiting
1924 1925 * to enter the squeue would operate on the wrong
1925 1926 * squeue. Hence we don't change the squeue here unless
1926 1927 * the refcount is exactly the minimum refcount. The
1927 1928 * minimum refcount of 4 is counted as - 1 each for
1928 1929 * TCP and IP, 1 for being in the classifier hash, and
1929 1930 * 1 for the mblk being processed.
1930 1931 */
1931 1932
1932 1933 if (connp->conn_ref != 4 ||
1933 1934 connp->conn_tcp->tcp_state != TCPS_LISTEN) {
1934 1935 mutex_exit(&connp->conn_lock);
1935 1936 mutex_exit(&connp->conn_fanout->connf_lock);
1936 1937 goto done;
1937 1938 }
1938 1939 if (connp->conn_sqp != new_sqp) {
1939 1940 while (connp->conn_sqp != new_sqp)
1940 1941 (void) casptr(&connp->conn_sqp, sqp, new_sqp);
1941 1942 /* No special MT issues for outbound ixa_sqp hint */
1942 1943 connp->conn_ixa->ixa_sqp = new_sqp;
1943 1944 }
1944 1945
1945 1946 do {
1946 1947 conn_flags = connp->conn_flags;
1947 1948 conn_flags |= IPCL_FULLY_BOUND;
1948 1949 (void) cas32(&connp->conn_flags, connp->conn_flags,
1949 1950 conn_flags);
1950 1951 } while (!(connp->conn_flags & IPCL_FULLY_BOUND));
1951 1952
1952 1953 mutex_exit(&connp->conn_fanout->connf_lock);
1953 1954 mutex_exit(&connp->conn_lock);
1954 1955
1955 1956 /*
1956 1957 * Assume we have picked a good squeue for the listener. Make
1957 1958 * subsequent SYNs not try to change the squeue.
1958 1959 */
1959 1960 connp->conn_recv = tcp_input_listener;
1960 1961 }
1961 1962
1962 1963 done:
1963 1964 if (connp->conn_sqp != sqp) {
1964 1965 CONN_INC_REF(connp);
1965 1966 SQUEUE_ENTER_ONE(connp->conn_sqp, mp, connp->conn_recv, connp,
1966 1967 ira, SQ_FILL, SQTAG_TCP_CONN_REQ_UNBOUND);
1967 1968 } else {
1968 1969 tcp_input_listener(connp, mp, sqp, ira);
1969 1970 }
1970 1971 }
1971 1972
1972 1973 /*
1973 1974 * Send up all messages queued on tcp_rcv_list.
1974 1975 */
1975 1976 uint_t
1976 1977 tcp_rcv_drain(tcp_t *tcp)
1977 1978 {
1978 1979 mblk_t *mp;
1979 1980 uint_t ret = 0;
1980 1981 #ifdef DEBUG
1981 1982 uint_t cnt = 0;
1982 1983 #endif
1983 1984 queue_t *q = tcp->tcp_connp->conn_rq;
1984 1985
1985 1986 /* Can't drain on an eager connection */
1986 1987 if (tcp->tcp_listener != NULL)
1987 1988 return (ret);
1988 1989
1989 1990 /* Can't be a non-STREAMS connection */
1990 1991 ASSERT(!IPCL_IS_NONSTR(tcp->tcp_connp));
1991 1992
1992 1993 /* No need for the push timer now. */
1993 1994 if (tcp->tcp_push_tid != 0) {
1994 1995 (void) TCP_TIMER_CANCEL(tcp, tcp->tcp_push_tid);
1995 1996 tcp->tcp_push_tid = 0;
1996 1997 }
1997 1998
1998 1999 /*
1999 2000 * Handle two cases here: we are currently fused or we were
2000 2001 * previously fused and have some urgent data to be delivered
2001 2002 * upstream. The latter happens because we either ran out of
2002 2003 * memory or were detached and therefore sending the SIGURG was
2003 2004 * deferred until this point. In either case we pass control
2004 2005 * over to tcp_fuse_rcv_drain() since it may need to complete
2005 2006 * some work.
2006 2007 */
2007 2008 if ((tcp->tcp_fused || tcp->tcp_fused_sigurg)) {
2008 2009 if (tcp_fuse_rcv_drain(q, tcp, tcp->tcp_fused ? NULL :
2009 2010 &tcp->tcp_fused_sigurg_mp))
2010 2011 return (ret);
2011 2012 }
2012 2013
2013 2014 while ((mp = tcp->tcp_rcv_list) != NULL) {
2014 2015 tcp->tcp_rcv_list = mp->b_next;
2015 2016 mp->b_next = NULL;
2016 2017 #ifdef DEBUG
2017 2018 cnt += msgdsize(mp);
2018 2019 #endif
2019 2020 putnext(q, mp);
2020 2021 }
2021 2022 #ifdef DEBUG
2022 2023 ASSERT(cnt == tcp->tcp_rcv_cnt);
2023 2024 #endif
2024 2025 tcp->tcp_rcv_last_head = NULL;
2025 2026 tcp->tcp_rcv_last_tail = NULL;
2026 2027 tcp->tcp_rcv_cnt = 0;
2027 2028
2028 2029 if (canputnext(q))
2029 2030 return (tcp_rwnd_reopen(tcp));
2030 2031
2031 2032 return (ret);
2032 2033 }
2033 2034
2034 2035 /*
2035 2036 * Queue data on tcp_rcv_list which is a b_next chain.
2036 2037 * tcp_rcv_last_head/tail is the last element of this chain.
2037 2038 * Each element of the chain is a b_cont chain.
2038 2039 *
2039 2040 * M_DATA messages are added to the current element.
2040 2041 * Other messages are added as new (b_next) elements.
2041 2042 */
2042 2043 void
2043 2044 tcp_rcv_enqueue(tcp_t *tcp, mblk_t *mp, uint_t seg_len, cred_t *cr)
2044 2045 {
2045 2046 ASSERT(seg_len == msgdsize(mp));
2046 2047 ASSERT(tcp->tcp_rcv_list == NULL || tcp->tcp_rcv_last_head != NULL);
2047 2048
2048 2049 if (is_system_labeled()) {
2049 2050 ASSERT(cr != NULL || msg_getcred(mp, NULL) != NULL);
2050 2051 /*
2051 2052 * Provide for protocols above TCP such as RPC. NOPID leaves
2052 2053 * db_cpid unchanged.
2053 2054 * The cred could have already been set.
2054 2055 */
2055 2056 if (cr != NULL)
2056 2057 mblk_setcred(mp, cr, NOPID);
2057 2058 }
2058 2059
2059 2060 if (tcp->tcp_rcv_list == NULL) {
2060 2061 ASSERT(tcp->tcp_rcv_last_head == NULL);
2061 2062 tcp->tcp_rcv_list = mp;
2062 2063 tcp->tcp_rcv_last_head = mp;
2063 2064 } else if (DB_TYPE(mp) == DB_TYPE(tcp->tcp_rcv_last_head)) {
2064 2065 tcp->tcp_rcv_last_tail->b_cont = mp;
2065 2066 } else {
2066 2067 tcp->tcp_rcv_last_head->b_next = mp;
2067 2068 tcp->tcp_rcv_last_head = mp;
2068 2069 }
2069 2070
2070 2071 while (mp->b_cont)
2071 2072 mp = mp->b_cont;
2072 2073
2073 2074 tcp->tcp_rcv_last_tail = mp;
2074 2075 tcp->tcp_rcv_cnt += seg_len;
2075 2076 tcp->tcp_rwnd -= seg_len;
2076 2077 }
2077 2078
2078 2079 /* Generate an ACK-only (no data) segment for a TCP endpoint */
2079 2080 mblk_t *
2080 2081 tcp_ack_mp(tcp_t *tcp)
2081 2082 {
2082 2083 uint32_t seq_no;
2083 2084 tcp_stack_t *tcps = tcp->tcp_tcps;
2084 2085 conn_t *connp = tcp->tcp_connp;
2085 2086
2086 2087 /*
2087 2088 * There are a few cases to be considered while setting the sequence no.
2088 2089 * Essentially, we can come here while processing an unacceptable pkt
2089 2090 * in the TCPS_SYN_RCVD state, in which case we set the sequence number
2090 2091 * to snxt (per RFC 793), note the swnd wouldn't have been set yet.
2091 2092 * If we are here for a zero window probe, stick with suna. In all
2092 2093 * other cases, we check if suna + swnd encompasses snxt and set
2093 2094 * the sequence number to snxt, if so. If snxt falls outside the
2094 2095 * window (the receiver probably shrunk its window), we will go with
2095 2096 * suna + swnd, otherwise the sequence no will be unacceptable to the
2096 2097 * receiver.
2097 2098 */
2098 2099 if (tcp->tcp_zero_win_probe) {
2099 2100 seq_no = tcp->tcp_suna;
2100 2101 } else if (tcp->tcp_state == TCPS_SYN_RCVD) {
2101 2102 ASSERT(tcp->tcp_swnd == 0);
2102 2103 seq_no = tcp->tcp_snxt;
2103 2104 } else {
2104 2105 seq_no = SEQ_GT(tcp->tcp_snxt,
2105 2106 (tcp->tcp_suna + tcp->tcp_swnd)) ?
2106 2107 (tcp->tcp_suna + tcp->tcp_swnd) : tcp->tcp_snxt;
2107 2108 }
2108 2109
2109 2110 if (tcp->tcp_valid_bits) {
2110 2111 /*
2111 2112 * For the complex case where we have to send some
2112 2113 * controls (FIN or SYN), let tcp_xmit_mp do it.
2113 2114 */
2114 2115 return (tcp_xmit_mp(tcp, NULL, 0, NULL, NULL, seq_no, B_FALSE,
2115 2116 NULL, B_FALSE));
2116 2117 } else {
2117 2118 /* Generate a simple ACK */
2118 2119 int data_length;
2119 2120 uchar_t *rptr;
2120 2121 tcpha_t *tcpha;
2121 2122 mblk_t *mp1;
2122 2123 int32_t total_hdr_len;
2123 2124 int32_t tcp_hdr_len;
2124 2125 int32_t num_sack_blk = 0;
2125 2126 int32_t sack_opt_len;
2126 2127 ip_xmit_attr_t *ixa = connp->conn_ixa;
2127 2128
2128 2129 /*
2129 2130 * Allocate space for TCP + IP headers
2130 2131 * and link-level header
2131 2132 */
2132 2133 if (tcp->tcp_snd_sack_ok && tcp->tcp_num_sack_blk > 0) {
2133 2134 num_sack_blk = MIN(tcp->tcp_max_sack_blk,
2134 2135 tcp->tcp_num_sack_blk);
2135 2136 sack_opt_len = num_sack_blk * sizeof (sack_blk_t) +
2136 2137 TCPOPT_NOP_LEN * 2 + TCPOPT_HEADER_LEN;
2137 2138 total_hdr_len = connp->conn_ht_iphc_len + sack_opt_len;
2138 2139 tcp_hdr_len = connp->conn_ht_ulp_len + sack_opt_len;
2139 2140 } else {
2140 2141 total_hdr_len = connp->conn_ht_iphc_len;
2141 2142 tcp_hdr_len = connp->conn_ht_ulp_len;
2142 2143 }
2143 2144 mp1 = allocb(total_hdr_len + tcps->tcps_wroff_xtra, BPRI_MED);
2144 2145 if (!mp1)
2145 2146 return (NULL);
2146 2147
2147 2148 /* Update the latest receive window size in TCP header. */
2148 2149 tcp->tcp_tcpha->tha_win =
2149 2150 htons(tcp->tcp_rwnd >> tcp->tcp_rcv_ws);
2150 2151 /* copy in prototype TCP + IP header */
2151 2152 rptr = mp1->b_rptr + tcps->tcps_wroff_xtra;
2152 2153 mp1->b_rptr = rptr;
2153 2154 mp1->b_wptr = rptr + total_hdr_len;
2154 2155 bcopy(connp->conn_ht_iphc, rptr, connp->conn_ht_iphc_len);
2155 2156
2156 2157 tcpha = (tcpha_t *)&rptr[ixa->ixa_ip_hdr_length];
2157 2158
2158 2159 /* Set the TCP sequence number. */
2159 2160 tcpha->tha_seq = htonl(seq_no);
2160 2161
2161 2162 /* Set up the TCP flag field. */
2162 2163 tcpha->tha_flags = (uchar_t)TH_ACK;
2163 2164 if (tcp->tcp_ecn_echo_on)
2164 2165 tcpha->tha_flags |= TH_ECE;
2165 2166
2166 2167 tcp->tcp_rack = tcp->tcp_rnxt;
2167 2168 tcp->tcp_rack_cnt = 0;
2168 2169
2169 2170 /* fill in timestamp option if in use */
2170 2171 if (tcp->tcp_snd_ts_ok) {
2171 2172 uint32_t llbolt = (uint32_t)LBOLT_FASTPATH;
2172 2173
2173 2174 U32_TO_BE32(llbolt,
2174 2175 (char *)tcpha + TCP_MIN_HEADER_LENGTH+4);
2175 2176 U32_TO_BE32(tcp->tcp_ts_recent,
2176 2177 (char *)tcpha + TCP_MIN_HEADER_LENGTH+8);
2177 2178 }
2178 2179
2179 2180 /* Fill in SACK options */
2180 2181 if (num_sack_blk > 0) {
2181 2182 uchar_t *wptr = (uchar_t *)tcpha +
2182 2183 connp->conn_ht_ulp_len;
2183 2184 sack_blk_t *tmp;
2184 2185 int32_t i;
2185 2186
2186 2187 wptr[0] = TCPOPT_NOP;
2187 2188 wptr[1] = TCPOPT_NOP;
2188 2189 wptr[2] = TCPOPT_SACK;
2189 2190 wptr[3] = TCPOPT_HEADER_LEN + num_sack_blk *
2190 2191 sizeof (sack_blk_t);
2191 2192 wptr += TCPOPT_REAL_SACK_LEN;
2192 2193
2193 2194 tmp = tcp->tcp_sack_list;
2194 2195 for (i = 0; i < num_sack_blk; i++) {
2195 2196 U32_TO_BE32(tmp[i].begin, wptr);
2196 2197 wptr += sizeof (tcp_seq);
2197 2198 U32_TO_BE32(tmp[i].end, wptr);
2198 2199 wptr += sizeof (tcp_seq);
2199 2200 }
2200 2201 tcpha->tha_offset_and_reserved +=
2201 2202 ((num_sack_blk * 2 + 1) << 4);
2202 2203 }
2203 2204
2204 2205 ixa->ixa_pktlen = total_hdr_len;
2205 2206
2206 2207 if (ixa->ixa_flags & IXAF_IS_IPV4) {
2207 2208 ((ipha_t *)rptr)->ipha_length = htons(total_hdr_len);
2208 2209 } else {
2209 2210 ip6_t *ip6 = (ip6_t *)rptr;
2210 2211
2211 2212 ip6->ip6_plen = htons(total_hdr_len - IPV6_HDR_LEN);
2212 2213 }
2213 2214
2214 2215 /*
2215 2216 * Prime pump for checksum calculation in IP. Include the
2216 2217 * adjustment for a source route if any.
2217 2218 */
2218 2219 data_length = tcp_hdr_len + connp->conn_sum;
2219 2220 data_length = (data_length >> 16) + (data_length & 0xFFFF);
2220 2221 tcpha->tha_sum = htons(data_length);
2221 2222
2222 2223 if (tcp->tcp_ip_forward_progress) {
|
↓ open down ↓ |
2189 lines elided |
↑ open up ↑ |
2223 2224 tcp->tcp_ip_forward_progress = B_FALSE;
2224 2225 connp->conn_ixa->ixa_flags |= IXAF_REACH_CONF;
2225 2226 } else {
2226 2227 connp->conn_ixa->ixa_flags &= ~IXAF_REACH_CONF;
2227 2228 }
2228 2229 return (mp1);
2229 2230 }
2230 2231 }
2231 2232
2232 2233 /*
2234 + * Dummy socket upcalls for if/when the conn_t gets detached from a
2235 + * direct-callback sonode via a user-driven close(). Easy to catch with
2236 + * DTrace FBT, and should be mostly harmless.
2237 + */
2238 +
2239 +/* ARGSUSED */
2240 +static sock_upper_handle_t
2241 +tcp_dummy_newconn(sock_upper_handle_t x, sock_lower_handle_t y,
2242 + sock_downcalls_t *z, cred_t *cr, pid_t pid, sock_upcalls_t **ignored)
2243 +{
2244 + ASSERT(0); /* Panic in debug, otherwise ignore. */
2245 + return (NULL);
2246 +}
2247 +
2248 +/* ARGSUSED */
2249 +static void
2250 +tcp_dummy_connected(sock_upper_handle_t x, sock_connid_t y, cred_t *cr,
2251 + pid_t pid)
2252 +{
2253 + ASSERT(x == NULL);
2254 + /* Normally we'd crhold(cr) and attach it to socket state. */
2255 + /* LINTED */
2256 +}
2257 +
2258 +/* ARGSUSED */
2259 +static int
2260 +tcp_dummy_disconnected(sock_upper_handle_t x, sock_connid_t y, int blah)
2261 +{
2262 + ASSERT(0); /* Panic in debug, otherwise ignore. */
2263 + return (-1);
2264 +}
2265 +
2266 +/* ARGSUSED */
2267 +static void
2268 +tcp_dummy_opctl(sock_upper_handle_t x, sock_opctl_action_t y, uintptr_t blah)
2269 +{
2270 + ASSERT(x == NULL);
2271 + /* We really want this one to be a harmless NOP for now. */
2272 + /* LINTED */
2273 +}
2274 +
2275 +/* ARGSUSED */
2276 +static ssize_t
2277 +tcp_dummy_recv(sock_upper_handle_t x, mblk_t *mp, size_t len, int flags,
2278 + int *error, boolean_t *push)
2279 +{
2280 + ASSERT(x == NULL);
2281 +
2282 + /*
2283 + * Consume the message, set ESHUTDOWN, and return an error.
2284 + * Nobody's home!
2285 + */
2286 + freemsg(mp);
2287 + *error = ESHUTDOWN;
2288 + return (-1);
2289 +}
2290 +
2291 +/* ARGSUSED */
2292 +static void
2293 +tcp_dummy_set_proto_props(sock_upper_handle_t x, struct sock_proto_props *y)
2294 +{
2295 + ASSERT(0); /* Panic in debug, otherwise ignore. */
2296 +}
2297 +
2298 +/* ARGSUSED */
2299 +static void
2300 +tcp_dummy_txq_full(sock_upper_handle_t x, boolean_t y)
2301 +{
2302 + ASSERT(0); /* Panic in debug, otherwise ignore. */
2303 +}
2304 +
2305 +/* ARGSUSED */
2306 +static void
2307 +tcp_dummy_signal_oob(sock_upper_handle_t x, ssize_t len)
2308 +{
2309 + ASSERT(x == NULL);
2310 + /* Otherwise, this would signal socket state about OOB data. */
2311 +}
2312 +
2313 +/* ARGSUSED */
2314 +static void
2315 +tcp_dummy_set_error(sock_upper_handle_t x, int err)
2316 +{
2317 + ASSERT(0); /* Panic in debug, otherwise ignore. */
2318 +}
2319 +
2320 +/* ARGSUSED */
2321 +static void
2322 +tcp_dummy_onearg(sock_upper_handle_t x)
2323 +{
2324 + ASSERT(0); /* Panic in debug, otherwise ignore. */
2325 +}
2326 +
2327 +static sock_upcalls_t tcp_dummy_upcalls = {
2328 + tcp_dummy_newconn,
2329 + tcp_dummy_connected,
2330 + tcp_dummy_disconnected,
2331 + tcp_dummy_opctl,
2332 + tcp_dummy_recv,
2333 + tcp_dummy_set_proto_props,
2334 + tcp_dummy_txq_full,
2335 + tcp_dummy_signal_oob,
2336 + tcp_dummy_onearg,
2337 + tcp_dummy_set_error,
2338 + tcp_dummy_onearg
2339 +};
2340 +
2341 +/*
2233 2342 * Handle M_DATA messages from IP. Its called directly from IP via
2234 2343 * squeue for received IP packets.
2235 2344 *
2236 2345 * The first argument is always the connp/tcp to which the mp belongs.
2237 2346 * There are no exceptions to this rule. The caller has already put
2238 2347 * a reference on this connp/tcp and once tcp_input_data() returns,
2239 2348 * the squeue will do the refrele.
2240 2349 *
2241 2350 * The TH_SYN for the listener directly go to tcp_input_listener via
2242 2351 * squeue. ICMP errors go directly to tcp_icmp_input().
2243 2352 *
2244 2353 * sqp: NULL = recursive, sqp != NULL means called from squeue
2245 2354 */
2246 2355 void
2247 2356 tcp_input_data(void *arg, mblk_t *mp, void *arg2, ip_recv_attr_t *ira)
2248 2357 {
2249 2358 int32_t bytes_acked;
2250 2359 int32_t gap;
2251 2360 mblk_t *mp1;
2252 2361 uint_t flags;
2253 2362 uint32_t new_swnd = 0;
2254 2363 uchar_t *iphdr;
2255 2364 uchar_t *rptr;
2256 2365 int32_t rgap;
2257 2366 uint32_t seg_ack;
2258 2367 int seg_len;
2259 2368 uint_t ip_hdr_len;
2260 2369 uint32_t seg_seq;
2261 2370 tcpha_t *tcpha;
2262 2371 int urp;
2263 2372 tcp_opt_t tcpopt;
|
↓ open down ↓ |
21 lines elided |
↑ open up ↑ |
2264 2373 ip_pkt_t ipp;
2265 2374 boolean_t ofo_seg = B_FALSE; /* Out of order segment */
2266 2375 uint32_t cwnd;
2267 2376 uint32_t add;
2268 2377 int npkt;
2269 2378 int mss;
2270 2379 conn_t *connp = (conn_t *)arg;
2271 2380 squeue_t *sqp = (squeue_t *)arg2;
2272 2381 tcp_t *tcp = connp->conn_tcp;
2273 2382 tcp_stack_t *tcps = tcp->tcp_tcps;
2383 + sock_upcalls_t *sockupcalls;
2274 2384
2275 2385 /*
2276 2386 * RST from fused tcp loopback peer should trigger an unfuse.
2277 2387 */
2278 2388 if (tcp->tcp_fused) {
2279 2389 TCP_STAT(tcps, tcp_fusion_aborted);
2280 2390 tcp_unfuse(tcp);
2281 2391 }
2282 2392
2283 2393 iphdr = mp->b_rptr;
2284 2394 rptr = mp->b_rptr;
2285 2395 ASSERT(OK_32PTR(rptr));
2286 2396
2287 2397 ip_hdr_len = ira->ira_ip_hdr_length;
2288 2398 if (connp->conn_recv_ancillary.crb_all != 0) {
2289 2399 /*
2290 2400 * Record packet information in the ip_pkt_t
2291 2401 */
2292 2402 ipp.ipp_fields = 0;
2293 2403 if (ira->ira_flags & IRAF_IS_IPV4) {
2294 2404 (void) ip_find_hdr_v4((ipha_t *)rptr, &ipp,
2295 2405 B_FALSE);
2296 2406 } else {
2297 2407 uint8_t nexthdrp;
2298 2408
2299 2409 /*
2300 2410 * IPv6 packets can only be received by applications
2301 2411 * that are prepared to receive IPv6 addresses.
2302 2412 * The IP fanout must ensure this.
2303 2413 */
2304 2414 ASSERT(connp->conn_family == AF_INET6);
2305 2415
2306 2416 (void) ip_find_hdr_v6(mp, (ip6_t *)rptr, B_TRUE, &ipp,
2307 2417 &nexthdrp);
2308 2418 ASSERT(nexthdrp == IPPROTO_TCP);
2309 2419
2310 2420 /* Could have caused a pullup? */
2311 2421 iphdr = mp->b_rptr;
2312 2422 rptr = mp->b_rptr;
2313 2423 }
2314 2424 }
2315 2425 ASSERT(DB_TYPE(mp) == M_DATA);
2316 2426 ASSERT(mp->b_next == NULL);
2317 2427
2318 2428 tcpha = (tcpha_t *)&rptr[ip_hdr_len];
2319 2429 seg_seq = ntohl(tcpha->tha_seq);
2320 2430 seg_ack = ntohl(tcpha->tha_ack);
2321 2431 ASSERT((uintptr_t)(mp->b_wptr - rptr) <= (uintptr_t)INT_MAX);
2322 2432 seg_len = (int)(mp->b_wptr - rptr) -
2323 2433 (ip_hdr_len + TCP_HDR_LENGTH(tcpha));
2324 2434 if ((mp1 = mp->b_cont) != NULL && mp1->b_datap->db_type == M_DATA) {
2325 2435 do {
2326 2436 ASSERT((uintptr_t)(mp1->b_wptr - mp1->b_rptr) <=
2327 2437 (uintptr_t)INT_MAX);
2328 2438 seg_len += (int)(mp1->b_wptr - mp1->b_rptr);
2329 2439 } while ((mp1 = mp1->b_cont) != NULL &&
2330 2440 mp1->b_datap->db_type == M_DATA);
2331 2441 }
2332 2442
2333 2443 DTRACE_TCP5(receive, mblk_t *, NULL, ip_xmit_attr_t *, connp->conn_ixa,
2334 2444 __dtrace_tcp_void_ip_t *, iphdr, tcp_t *, tcp,
2335 2445 __dtrace_tcp_tcph_t *, tcpha);
2336 2446
2337 2447 if (tcp->tcp_state == TCPS_TIME_WAIT) {
2338 2448 tcp_time_wait_processing(tcp, mp, seg_seq, seg_ack,
2339 2449 seg_len, tcpha, ira);
2340 2450 return;
2341 2451 }
2342 2452
2343 2453 if (sqp != NULL) {
2344 2454 /*
2345 2455 * This is the correct place to update tcp_last_recv_time. Note
2346 2456 * that it is also updated for tcp structure that belongs to
2347 2457 * global and listener queues which do not really need updating.
2348 2458 * But that should not cause any harm. And it is updated for
2349 2459 * all kinds of incoming segments, not only for data segments.
2350 2460 */
2351 2461 tcp->tcp_last_recv_time = LBOLT_FASTPATH;
2352 2462 }
2353 2463
2354 2464 flags = (unsigned int)tcpha->tha_flags & 0xFF;
2355 2465
2356 2466 BUMP_LOCAL(tcp->tcp_ibsegs);
2357 2467 DTRACE_PROBE2(tcp__trace__recv, mblk_t *, mp, tcp_t *, tcp);
2358 2468
2359 2469 if ((flags & TH_URG) && sqp != NULL) {
2360 2470 /*
2361 2471 * TCP can't handle urgent pointers that arrive before
2362 2472 * the connection has been accept()ed since it can't
2363 2473 * buffer OOB data. Discard segment if this happens.
2364 2474 *
2365 2475 * We can't just rely on a non-null tcp_listener to indicate
2366 2476 * that the accept() has completed since unlinking of the
2367 2477 * eager and completion of the accept are not atomic.
2368 2478 * tcp_detached, when it is not set (B_FALSE) indicates
2369 2479 * that the accept() has completed.
2370 2480 *
2371 2481 * Nor can it reassemble urgent pointers, so discard
2372 2482 * if it's not the next segment expected.
2373 2483 *
2374 2484 * Otherwise, collapse chain into one mblk (discard if
2375 2485 * that fails). This makes sure the headers, retransmitted
2376 2486 * data, and new data all are in the same mblk.
2377 2487 */
2378 2488 ASSERT(mp != NULL);
2379 2489 if (tcp->tcp_detached || !pullupmsg(mp, -1)) {
2380 2490 freemsg(mp);
2381 2491 return;
2382 2492 }
2383 2493 /* Update pointers into message */
2384 2494 iphdr = rptr = mp->b_rptr;
2385 2495 tcpha = (tcpha_t *)&rptr[ip_hdr_len];
2386 2496 if (SEQ_GT(seg_seq, tcp->tcp_rnxt)) {
2387 2497 /*
2388 2498 * Since we can't handle any data with this urgent
|
↓ open down ↓ |
105 lines elided |
↑ open up ↑ |
2389 2499 * pointer that is out of sequence, we expunge
2390 2500 * the data. This allows us to still register
2391 2501 * the urgent mark and generate the M_PCSIG,
2392 2502 * which we can do.
2393 2503 */
2394 2504 mp->b_wptr = (uchar_t *)tcpha + TCP_HDR_LENGTH(tcpha);
2395 2505 seg_len = 0;
2396 2506 }
2397 2507 }
2398 2508
2509 + sockupcalls = connp->conn_upcalls;
2510 + /* A conn_t may have belonged to a now-closed socket. Be careful. */
2511 + if (sockupcalls == NULL)
2512 + sockupcalls = &tcp_dummy_upcalls;
2513 +
2399 2514 switch (tcp->tcp_state) {
2400 2515 case TCPS_SYN_SENT:
2401 2516 if (connp->conn_final_sqp == NULL &&
2402 2517 tcp_outbound_squeue_switch && sqp != NULL) {
2403 2518 ASSERT(connp->conn_initial_sqp == connp->conn_sqp);
2404 2519 connp->conn_final_sqp = sqp;
2405 2520 if (connp->conn_final_sqp != connp->conn_sqp) {
2406 2521 DTRACE_PROBE1(conn__final__sqp__switch,
2407 2522 conn_t *, connp);
2408 2523 CONN_INC_REF(connp);
2409 2524 SQUEUE_SWITCH(connp, connp->conn_final_sqp);
2410 2525 SQUEUE_ENTER_ONE(connp->conn_sqp, mp,
2411 2526 tcp_input_data, connp, ira, ip_squeue_flag,
2412 2527 SQTAG_CONNECT_FINISH);
2413 2528 return;
2414 2529 }
2415 2530 DTRACE_PROBE1(conn__final__sqp__same, conn_t *, connp);
2416 2531 }
2417 2532 if (flags & TH_ACK) {
2418 2533 /*
2419 2534 * Note that our stack cannot send data before a
2420 2535 * connection is established, therefore the
2421 2536 * following check is valid. Otherwise, it has
2422 2537 * to be changed.
2423 2538 */
2424 2539 if (SEQ_LEQ(seg_ack, tcp->tcp_iss) ||
2425 2540 SEQ_GT(seg_ack, tcp->tcp_snxt)) {
2426 2541 freemsg(mp);
2427 2542 if (flags & TH_RST)
2428 2543 return;
2429 2544 tcp_xmit_ctl("TCPS_SYN_SENT-Bad_seq",
2430 2545 tcp, seg_ack, 0, TH_RST);
2431 2546 return;
2432 2547 }
2433 2548 ASSERT(tcp->tcp_suna + 1 == seg_ack);
2434 2549 }
2435 2550 if (flags & TH_RST) {
2436 2551 if (flags & TH_ACK) {
2437 2552 DTRACE_TCP5(connect__refused, mblk_t *, NULL,
2438 2553 ip_xmit_attr_t *, connp->conn_ixa,
2439 2554 void_ip_t *, iphdr, tcp_t *, tcp,
2440 2555 tcph_t *, tcpha);
2441 2556 (void) tcp_clean_death(tcp, ECONNREFUSED);
2442 2557 }
2443 2558 freemsg(mp);
2444 2559 return;
2445 2560 }
2446 2561 if (!(flags & TH_SYN)) {
2447 2562 freemsg(mp);
2448 2563 return;
2449 2564 }
2450 2565
2451 2566 /* Process all TCP options. */
2452 2567 tcp_process_options(tcp, tcpha);
2453 2568 /*
2454 2569 * The following changes our rwnd to be a multiple of the
2455 2570 * MIN(peer MSS, our MSS) for performance reason.
2456 2571 */
2457 2572 (void) tcp_rwnd_set(tcp, MSS_ROUNDUP(connp->conn_rcvbuf,
2458 2573 tcp->tcp_mss));
2459 2574
2460 2575 /* Is the other end ECN capable? */
2461 2576 if (tcp->tcp_ecn_ok) {
2462 2577 if ((flags & (TH_ECE|TH_CWR)) != TH_ECE) {
2463 2578 tcp->tcp_ecn_ok = B_FALSE;
2464 2579 }
2465 2580 }
2466 2581 /*
2467 2582 * Clear ECN flags because it may interfere with later
2468 2583 * processing.
2469 2584 */
2470 2585 flags &= ~(TH_ECE|TH_CWR);
2471 2586
2472 2587 tcp->tcp_irs = seg_seq;
2473 2588 tcp->tcp_rack = seg_seq;
2474 2589 tcp->tcp_rnxt = seg_seq + 1;
2475 2590 tcp->tcp_tcpha->tha_ack = htonl(tcp->tcp_rnxt);
2476 2591 if (!TCP_IS_DETACHED(tcp)) {
2477 2592 /* Allocate room for SACK options if needed. */
2478 2593 connp->conn_wroff = connp->conn_ht_iphc_len;
2479 2594 if (tcp->tcp_snd_sack_ok)
2480 2595 connp->conn_wroff += TCPOPT_MAX_SACK_LEN;
2481 2596 if (!tcp->tcp_loopback)
2482 2597 connp->conn_wroff += tcps->tcps_wroff_xtra;
2483 2598
2484 2599 (void) proto_set_tx_wroff(connp->conn_rq, connp,
2485 2600 connp->conn_wroff);
2486 2601 }
2487 2602 if (flags & TH_ACK) {
2488 2603 /*
2489 2604 * If we can't get the confirmation upstream, pretend
2490 2605 * we didn't even see this one.
2491 2606 *
2492 2607 * XXX: how can we pretend we didn't see it if we
2493 2608 * have updated rnxt et. al.
2494 2609 *
2495 2610 * For loopback we defer sending up the T_CONN_CON
2496 2611 * until after some checks below.
2497 2612 */
2498 2613 mp1 = NULL;
2499 2614 /*
2500 2615 * tcp_sendmsg() checks tcp_state without entering
2501 2616 * the squeue so tcp_state should be updated before
2502 2617 * sending up connection confirmation. Probe the
2503 2618 * state change below when we are sure the connection
2504 2619 * confirmation has been sent.
2505 2620 */
2506 2621 tcp->tcp_state = TCPS_ESTABLISHED;
2507 2622 if (!tcp_conn_con(tcp, iphdr, mp,
2508 2623 tcp->tcp_loopback ? &mp1 : NULL, ira)) {
2509 2624 tcp->tcp_state = TCPS_SYN_SENT;
2510 2625 freemsg(mp);
2511 2626 return;
2512 2627 }
2513 2628 TCPS_CONN_INC(tcps);
2514 2629 /* SYN was acked - making progress */
2515 2630 tcp->tcp_ip_forward_progress = B_TRUE;
2516 2631
2517 2632 /* One for the SYN */
2518 2633 tcp->tcp_suna = tcp->tcp_iss + 1;
2519 2634 tcp->tcp_valid_bits &= ~TCP_ISS_VALID;
2520 2635
2521 2636 /*
2522 2637 * If SYN was retransmitted, need to reset all
2523 2638 * retransmission info. This is because this
2524 2639 * segment will be treated as a dup ACK.
2525 2640 */
2526 2641 if (tcp->tcp_rexmit) {
2527 2642 tcp->tcp_rexmit = B_FALSE;
2528 2643 tcp->tcp_rexmit_nxt = tcp->tcp_snxt;
2529 2644 tcp->tcp_rexmit_max = tcp->tcp_snxt;
2530 2645 tcp->tcp_snd_burst = tcp->tcp_localnet ?
2531 2646 TCP_CWND_INFINITE : TCP_CWND_NORMAL;
2532 2647 tcp->tcp_ms_we_have_waited = 0;
2533 2648
2534 2649 /*
2535 2650 * Set tcp_cwnd back to 1 MSS, per
2536 2651 * recommendation from
2537 2652 * draft-floyd-incr-init-win-01.txt,
2538 2653 * Increasing TCP's Initial Window.
2539 2654 */
2540 2655 tcp->tcp_cwnd = tcp->tcp_mss;
2541 2656 }
2542 2657
2543 2658 tcp->tcp_swl1 = seg_seq;
2544 2659 tcp->tcp_swl2 = seg_ack;
2545 2660
2546 2661 new_swnd = ntohs(tcpha->tha_win);
2547 2662 tcp->tcp_swnd = new_swnd;
2548 2663 if (new_swnd > tcp->tcp_max_swnd)
2549 2664 tcp->tcp_max_swnd = new_swnd;
2550 2665
2551 2666 /*
2552 2667 * Always send the three-way handshake ack immediately
2553 2668 * in order to make the connection complete as soon as
2554 2669 * possible on the accepting host.
2555 2670 */
2556 2671 flags |= TH_ACK_NEEDED;
2557 2672
2558 2673 /*
2559 2674 * Trace connect-established here.
2560 2675 */
2561 2676 DTRACE_TCP5(connect__established, mblk_t *, NULL,
2562 2677 ip_xmit_attr_t *, tcp->tcp_connp->conn_ixa,
2563 2678 void_ip_t *, iphdr, tcp_t *, tcp, tcph_t *, tcpha);
2564 2679
2565 2680 /* Trace change from SYN_SENT -> ESTABLISHED here */
2566 2681 DTRACE_TCP6(state__change, void, NULL, ip_xmit_attr_t *,
2567 2682 connp->conn_ixa, void, NULL, tcp_t *, tcp,
2568 2683 void, NULL, int32_t, TCPS_SYN_SENT);
2569 2684
2570 2685 /*
2571 2686 * Special case for loopback. At this point we have
2572 2687 * received SYN-ACK from the remote endpoint. In
2573 2688 * order to ensure that both endpoints reach the
2574 2689 * fused state prior to any data exchange, the final
2575 2690 * ACK needs to be sent before we indicate T_CONN_CON
2576 2691 * to the module upstream.
2577 2692 */
2578 2693 if (tcp->tcp_loopback) {
2579 2694 mblk_t *ack_mp;
2580 2695
2581 2696 ASSERT(!tcp->tcp_unfusable);
2582 2697 ASSERT(mp1 != NULL);
2583 2698 /*
2584 2699 * For loopback, we always get a pure SYN-ACK
2585 2700 * and only need to send back the final ACK
2586 2701 * with no data (this is because the other
2587 2702 * tcp is ours and we don't do T/TCP). This
2588 2703 * final ACK triggers the passive side to
2589 2704 * perform fusion in ESTABLISHED state.
2590 2705 */
2591 2706 if ((ack_mp = tcp_ack_mp(tcp)) != NULL) {
2592 2707 if (tcp->tcp_ack_tid != 0) {
2593 2708 (void) TCP_TIMER_CANCEL(tcp,
2594 2709 tcp->tcp_ack_tid);
2595 2710 tcp->tcp_ack_tid = 0;
2596 2711 }
2597 2712 tcp_send_data(tcp, ack_mp);
2598 2713 BUMP_LOCAL(tcp->tcp_obsegs);
2599 2714 TCPS_BUMP_MIB(tcps, tcpOutAck);
|
↓ open down ↓ |
191 lines elided |
↑ open up ↑ |
2600 2715
2601 2716 if (!IPCL_IS_NONSTR(connp)) {
2602 2717 /* Send up T_CONN_CON */
2603 2718 if (ira->ira_cred != NULL) {
2604 2719 mblk_setcred(mp1,
2605 2720 ira->ira_cred,
2606 2721 ira->ira_cpid);
2607 2722 }
2608 2723 putnext(connp->conn_rq, mp1);
2609 2724 } else {
2610 - (*connp->conn_upcalls->
2611 - su_connected)
2725 + (*sockupcalls->su_connected)
2612 2726 (connp->conn_upper_handle,
2613 2727 tcp->tcp_connid,
2614 2728 ira->ira_cred,
2615 2729 ira->ira_cpid);
2616 2730 freemsg(mp1);
2617 2731 }
2618 2732
2619 2733 freemsg(mp);
2620 2734 return;
2621 2735 }
2622 2736 /*
2623 2737 * Forget fusion; we need to handle more
2624 2738 * complex cases below. Send the deferred
2625 2739 * T_CONN_CON message upstream and proceed
2626 2740 * as usual. Mark this tcp as not capable
2627 2741 * of fusion.
|
↓ open down ↓ |
6 lines elided |
↑ open up ↑ |
2628 2742 */
2629 2743 TCP_STAT(tcps, tcp_fusion_unfusable);
2630 2744 tcp->tcp_unfusable = B_TRUE;
2631 2745 if (!IPCL_IS_NONSTR(connp)) {
2632 2746 if (ira->ira_cred != NULL) {
2633 2747 mblk_setcred(mp1, ira->ira_cred,
2634 2748 ira->ira_cpid);
2635 2749 }
2636 2750 putnext(connp->conn_rq, mp1);
2637 2751 } else {
2638 - (*connp->conn_upcalls->su_connected)
2752 + (*sockupcalls->su_connected)
2639 2753 (connp->conn_upper_handle,
2640 2754 tcp->tcp_connid, ira->ira_cred,
2641 2755 ira->ira_cpid);
2642 2756 freemsg(mp1);
2643 2757 }
2644 2758 }
2645 2759
2646 2760 /*
2647 2761 * Check to see if there is data to be sent. If
2648 2762 * yes, set the transmit flag. Then check to see
2649 2763 * if received data processing needs to be done.
2650 2764 * If not, go straight to xmit_check. This short
2651 2765 * cut is OK as we don't support T/TCP.
2652 2766 */
2653 2767 if (tcp->tcp_unsent)
2654 2768 flags |= TH_XMIT_NEEDED;
2655 2769
2656 2770 if (seg_len == 0 && !(flags & TH_URG)) {
2657 2771 freemsg(mp);
2658 2772 goto xmit_check;
2659 2773 }
2660 2774
2661 2775 flags &= ~TH_SYN;
2662 2776 seg_seq++;
2663 2777 break;
2664 2778 }
2665 2779 tcp->tcp_state = TCPS_SYN_RCVD;
2666 2780 DTRACE_TCP6(state__change, void, NULL, ip_xmit_attr_t *,
2667 2781 connp->conn_ixa, void_ip_t *, NULL, tcp_t *, tcp,
2668 2782 tcph_t *, NULL, int32_t, TCPS_SYN_SENT);
2669 2783 mp1 = tcp_xmit_mp(tcp, tcp->tcp_xmit_head, tcp->tcp_mss,
2670 2784 NULL, NULL, tcp->tcp_iss, B_FALSE, NULL, B_FALSE);
2671 2785 if (mp1 != NULL) {
2672 2786 tcp_send_data(tcp, mp1);
2673 2787 TCP_TIMER_RESTART(tcp, tcp->tcp_rto);
2674 2788 }
2675 2789 freemsg(mp);
2676 2790 return;
2677 2791 case TCPS_SYN_RCVD:
2678 2792 if (flags & TH_ACK) {
2679 2793 uint32_t pinit_wnd;
2680 2794
2681 2795 /*
2682 2796 * In this state, a SYN|ACK packet is either bogus
2683 2797 * because the other side must be ACKing our SYN which
2684 2798 * indicates it has seen the ACK for their SYN and
2685 2799 * shouldn't retransmit it or we're crossing SYNs
2686 2800 * on active open.
2687 2801 */
2688 2802 if ((flags & TH_SYN) && !tcp->tcp_active_open) {
2689 2803 freemsg(mp);
2690 2804 tcp_xmit_ctl("TCPS_SYN_RCVD-bad_syn",
2691 2805 tcp, seg_ack, 0, TH_RST);
2692 2806 return;
2693 2807 }
2694 2808 /*
2695 2809 * NOTE: RFC 793 pg. 72 says this should be
2696 2810 * tcp->tcp_suna <= seg_ack <= tcp->tcp_snxt
2697 2811 * but that would mean we have an ack that ignored
2698 2812 * our SYN.
2699 2813 */
2700 2814 if (SEQ_LEQ(seg_ack, tcp->tcp_suna) ||
2701 2815 SEQ_GT(seg_ack, tcp->tcp_snxt)) {
2702 2816 freemsg(mp);
2703 2817 tcp_xmit_ctl("TCPS_SYN_RCVD-bad_ack",
2704 2818 tcp, seg_ack, 0, TH_RST);
2705 2819 return;
2706 2820 }
2707 2821 /*
2708 2822 * No sane TCP stack will send such a small window
2709 2823 * without receiving any data. Just drop this invalid
2710 2824 * ACK. We also shorten the abort timeout in case
2711 2825 * this is an attack.
2712 2826 */
2713 2827 pinit_wnd = ntohs(tcpha->tha_win) << tcp->tcp_snd_ws;
2714 2828 if (pinit_wnd < tcp->tcp_mss &&
2715 2829 pinit_wnd < tcp_init_wnd_chk) {
2716 2830 freemsg(mp);
2717 2831 TCP_STAT(tcps, tcp_zwin_ack_syn);
2718 2832 tcp->tcp_second_ctimer_threshold =
2719 2833 tcp_early_abort * SECONDS;
2720 2834 return;
2721 2835 }
2722 2836 }
2723 2837 break;
2724 2838 case TCPS_LISTEN:
2725 2839 /*
2726 2840 * Only a TLI listener can come through this path when a
2727 2841 * acceptor is going back to be a listener and a packet
2728 2842 * for the acceptor hits the classifier. For a socket
2729 2843 * listener, this can never happen because a listener
2730 2844 * can never accept connection on itself and hence a
2731 2845 * socket acceptor can not go back to being a listener.
2732 2846 */
2733 2847 ASSERT(!TCP_IS_SOCKET(tcp));
2734 2848 /*FALLTHRU*/
2735 2849 case TCPS_CLOSED:
2736 2850 case TCPS_BOUND: {
2737 2851 conn_t *new_connp;
2738 2852 ip_stack_t *ipst = tcps->tcps_netstack->netstack_ip;
2739 2853
2740 2854 /*
2741 2855 * Don't accept any input on a closed tcp as this TCP logically
2742 2856 * does not exist on the system. Don't proceed further with
2743 2857 * this TCP. For instance, this packet could trigger another
2744 2858 * close of this tcp which would be disastrous for tcp_refcnt.
2745 2859 * tcp_close_detached / tcp_clean_death / tcp_closei_local must
2746 2860 * be called at most once on a TCP. In this case we need to
2747 2861 * refeed the packet into the classifier and figure out where
2748 2862 * the packet should go.
2749 2863 */
2750 2864 new_connp = ipcl_classify(mp, ira, ipst);
2751 2865 if (new_connp != NULL) {
2752 2866 /* Drops ref on new_connp */
2753 2867 tcp_reinput(new_connp, mp, ira, ipst);
2754 2868 return;
2755 2869 }
2756 2870 /* We failed to classify. For now just drop the packet */
2757 2871 freemsg(mp);
2758 2872 return;
2759 2873 }
2760 2874 case TCPS_IDLE:
2761 2875 /*
2762 2876 * Handle the case where the tcp_clean_death() has happened
2763 2877 * on a connection (application hasn't closed yet) but a packet
2764 2878 * was already queued on squeue before tcp_clean_death()
2765 2879 * was processed. Calling tcp_clean_death() twice on same
2766 2880 * connection can result in weird behaviour.
2767 2881 */
2768 2882 freemsg(mp);
2769 2883 return;
2770 2884 default:
2771 2885 break;
2772 2886 }
2773 2887
2774 2888 /*
2775 2889 * Already on the correct queue/perimeter.
2776 2890 * If this is a detached connection and not an eager
2777 2891 * connection hanging off a listener then new data
2778 2892 * (past the FIN) will cause a reset.
2779 2893 * We do a special check here where it
2780 2894 * is out of the main line, rather than check
2781 2895 * if we are detached every time we see new
2782 2896 * data down below.
2783 2897 */
2784 2898 if (TCP_IS_DETACHED_NONEAGER(tcp) &&
2785 2899 (seg_len > 0 && SEQ_GT(seg_seq + seg_len, tcp->tcp_rnxt))) {
2786 2900 TCPS_BUMP_MIB(tcps, tcpInClosed);
2787 2901 DTRACE_PROBE2(tcp__trace__recv, mblk_t *, mp, tcp_t *, tcp);
2788 2902 freemsg(mp);
2789 2903 tcp_xmit_ctl("new data when detached", tcp,
2790 2904 tcp->tcp_snxt, 0, TH_RST);
2791 2905 (void) tcp_clean_death(tcp, EPROTO);
2792 2906 return;
2793 2907 }
2794 2908
2795 2909 mp->b_rptr = (uchar_t *)tcpha + TCP_HDR_LENGTH(tcpha);
2796 2910 urp = ntohs(tcpha->tha_urp) - TCP_OLD_URP_INTERPRETATION;
2797 2911 new_swnd = ntohs(tcpha->tha_win) <<
2798 2912 ((tcpha->tha_flags & TH_SYN) ? 0 : tcp->tcp_snd_ws);
2799 2913
2800 2914 if (tcp->tcp_snd_ts_ok) {
2801 2915 if (!tcp_paws_check(tcp, tcpha, &tcpopt)) {
2802 2916 /*
2803 2917 * This segment is not acceptable.
2804 2918 * Drop it and send back an ACK.
2805 2919 */
2806 2920 freemsg(mp);
2807 2921 flags |= TH_ACK_NEEDED;
2808 2922 goto ack_check;
2809 2923 }
2810 2924 } else if (tcp->tcp_snd_sack_ok) {
2811 2925 tcpopt.tcp = tcp;
2812 2926 /*
2813 2927 * SACK info in already updated in tcp_parse_options. Ignore
2814 2928 * all other TCP options...
2815 2929 */
2816 2930 (void) tcp_parse_options(tcpha, &tcpopt);
2817 2931 }
2818 2932 try_again:;
2819 2933 mss = tcp->tcp_mss;
2820 2934 gap = seg_seq - tcp->tcp_rnxt;
2821 2935 rgap = tcp->tcp_rwnd - (gap + seg_len);
2822 2936 /*
2823 2937 * gap is the amount of sequence space between what we expect to see
2824 2938 * and what we got for seg_seq. A positive value for gap means
2825 2939 * something got lost. A negative value means we got some old stuff.
2826 2940 */
2827 2941 if (gap < 0) {
2828 2942 /* Old stuff present. Is the SYN in there? */
2829 2943 if (seg_seq == tcp->tcp_irs && (flags & TH_SYN) &&
2830 2944 (seg_len != 0)) {
2831 2945 flags &= ~TH_SYN;
2832 2946 seg_seq++;
2833 2947 urp--;
2834 2948 /* Recompute the gaps after noting the SYN. */
2835 2949 goto try_again;
2836 2950 }
2837 2951 TCPS_BUMP_MIB(tcps, tcpInDataDupSegs);
2838 2952 TCPS_UPDATE_MIB(tcps, tcpInDataDupBytes,
2839 2953 (seg_len > -gap ? -gap : seg_len));
2840 2954 /* Remove the old stuff from seg_len. */
2841 2955 seg_len += gap;
2842 2956 /*
2843 2957 * Anything left?
2844 2958 * Make sure to check for unack'd FIN when rest of data
2845 2959 * has been previously ack'd.
2846 2960 */
2847 2961 if (seg_len < 0 || (seg_len == 0 && !(flags & TH_FIN))) {
2848 2962 /*
2849 2963 * Resets are only valid if they lie within our offered
2850 2964 * window. If the RST bit is set, we just ignore this
2851 2965 * segment.
2852 2966 */
2853 2967 if (flags & TH_RST) {
2854 2968 freemsg(mp);
2855 2969 return;
2856 2970 }
2857 2971
2858 2972 /*
2859 2973 * The arriving of dup data packets indicate that we
2860 2974 * may have postponed an ack for too long, or the other
2861 2975 * side's RTT estimate is out of shape. Start acking
2862 2976 * more often.
2863 2977 */
2864 2978 if (SEQ_GEQ(seg_seq + seg_len - gap, tcp->tcp_rack) &&
2865 2979 tcp->tcp_rack_cnt >= 1 &&
2866 2980 tcp->tcp_rack_abs_max > 2) {
2867 2981 tcp->tcp_rack_abs_max--;
2868 2982 }
2869 2983 tcp->tcp_rack_cur_max = 1;
2870 2984
2871 2985 /*
2872 2986 * This segment is "unacceptable". None of its
2873 2987 * sequence space lies within our advertized window.
2874 2988 *
2875 2989 * Adjust seg_len to the original value for tracing.
2876 2990 */
2877 2991 seg_len -= gap;
2878 2992 if (connp->conn_debug) {
2879 2993 (void) strlog(TCP_MOD_ID, 0, 1, SL_TRACE,
2880 2994 "tcp_rput: unacceptable, gap %d, rgap %d, "
2881 2995 "flags 0x%x, seg_seq %u, seg_ack %u, "
2882 2996 "seg_len %d, rnxt %u, snxt %u, %s",
2883 2997 gap, rgap, flags, seg_seq, seg_ack,
2884 2998 seg_len, tcp->tcp_rnxt, tcp->tcp_snxt,
2885 2999 tcp_display(tcp, NULL,
2886 3000 DISP_ADDR_AND_PORT));
2887 3001 }
2888 3002
2889 3003 /*
2890 3004 * Arrange to send an ACK in response to the
2891 3005 * unacceptable segment per RFC 793 page 69. There
2892 3006 * is only one small difference between ours and the
2893 3007 * acceptability test in the RFC - we accept ACK-only
2894 3008 * packet with SEG.SEQ = RCV.NXT+RCV.WND and no ACK
2895 3009 * will be generated.
2896 3010 *
2897 3011 * Note that we have to ACK an ACK-only packet at least
2898 3012 * for stacks that send 0-length keep-alives with
2899 3013 * SEG.SEQ = SND.NXT-1 as recommended by RFC1122,
2900 3014 * section 4.2.3.6. As long as we don't ever generate
2901 3015 * an unacceptable packet in response to an incoming
2902 3016 * packet that is unacceptable, it should not cause
2903 3017 * "ACK wars".
2904 3018 */
2905 3019 flags |= TH_ACK_NEEDED;
2906 3020
2907 3021 /*
2908 3022 * Continue processing this segment in order to use the
2909 3023 * ACK information it contains, but skip all other
2910 3024 * sequence-number processing. Processing the ACK
2911 3025 * information is necessary in order to
2912 3026 * re-synchronize connections that may have lost
2913 3027 * synchronization.
2914 3028 *
2915 3029 * We clear seg_len and flag fields related to
2916 3030 * sequence number processing as they are not
2917 3031 * to be trusted for an unacceptable segment.
2918 3032 */
2919 3033 seg_len = 0;
2920 3034 flags &= ~(TH_SYN | TH_FIN | TH_URG);
2921 3035 goto process_ack;
2922 3036 }
2923 3037
2924 3038 /* Fix seg_seq, and chew the gap off the front. */
2925 3039 seg_seq = tcp->tcp_rnxt;
2926 3040 urp += gap;
2927 3041 do {
2928 3042 mblk_t *mp2;
2929 3043 ASSERT((uintptr_t)(mp->b_wptr - mp->b_rptr) <=
2930 3044 (uintptr_t)UINT_MAX);
2931 3045 gap += (uint_t)(mp->b_wptr - mp->b_rptr);
2932 3046 if (gap > 0) {
2933 3047 mp->b_rptr = mp->b_wptr - gap;
2934 3048 break;
2935 3049 }
2936 3050 mp2 = mp;
2937 3051 mp = mp->b_cont;
2938 3052 freeb(mp2);
2939 3053 } while (gap < 0);
2940 3054 /*
2941 3055 * If the urgent data has already been acknowledged, we
2942 3056 * should ignore TH_URG below
2943 3057 */
2944 3058 if (urp < 0)
2945 3059 flags &= ~TH_URG;
2946 3060 }
2947 3061 /*
2948 3062 * rgap is the amount of stuff received out of window. A negative
2949 3063 * value is the amount out of window.
2950 3064 */
2951 3065 if (rgap < 0) {
2952 3066 mblk_t *mp2;
2953 3067
2954 3068 if (tcp->tcp_rwnd == 0) {
2955 3069 TCPS_BUMP_MIB(tcps, tcpInWinProbe);
2956 3070 } else {
2957 3071 TCPS_BUMP_MIB(tcps, tcpInDataPastWinSegs);
2958 3072 TCPS_UPDATE_MIB(tcps, tcpInDataPastWinBytes, -rgap);
2959 3073 }
2960 3074
2961 3075 /*
2962 3076 * seg_len does not include the FIN, so if more than
2963 3077 * just the FIN is out of window, we act like we don't
2964 3078 * see it. (If just the FIN is out of window, rgap
2965 3079 * will be zero and we will go ahead and acknowledge
2966 3080 * the FIN.)
2967 3081 */
2968 3082 flags &= ~TH_FIN;
2969 3083
2970 3084 /* Fix seg_len and make sure there is something left. */
2971 3085 seg_len += rgap;
2972 3086 if (seg_len <= 0) {
2973 3087 /*
2974 3088 * Resets are only valid if they lie within our offered
2975 3089 * window. If the RST bit is set, we just ignore this
2976 3090 * segment.
2977 3091 */
2978 3092 if (flags & TH_RST) {
2979 3093 freemsg(mp);
2980 3094 return;
2981 3095 }
2982 3096
2983 3097 /* Per RFC 793, we need to send back an ACK. */
2984 3098 flags |= TH_ACK_NEEDED;
2985 3099
2986 3100 /*
2987 3101 * Send SIGURG as soon as possible i.e. even
2988 3102 * if the TH_URG was delivered in a window probe
2989 3103 * packet (which will be unacceptable).
2990 3104 *
2991 3105 * We generate a signal if none has been generated
2992 3106 * for this connection or if this is a new urgent
2993 3107 * byte. Also send a zero-length "unmarked" message
2994 3108 * to inform SIOCATMARK that this is not the mark.
2995 3109 *
2996 3110 * tcp_urp_last_valid is cleared when the T_exdata_ind
2997 3111 * is sent up. This plus the check for old data
2998 3112 * (gap >= 0) handles the wraparound of the sequence
2999 3113 * number space without having to always track the
3000 3114 * correct MAX(tcp_urp_last, tcp_rnxt). (BSD tracks
3001 3115 * this max in its rcv_up variable).
|
↓ open down ↓ |
353 lines elided |
↑ open up ↑ |
3002 3116 *
3003 3117 * This prevents duplicate SIGURGS due to a "late"
3004 3118 * zero-window probe when the T_EXDATA_IND has already
3005 3119 * been sent up.
3006 3120 */
3007 3121 if ((flags & TH_URG) &&
3008 3122 (!tcp->tcp_urp_last_valid || SEQ_GT(urp + seg_seq,
3009 3123 tcp->tcp_urp_last))) {
3010 3124 if (IPCL_IS_NONSTR(connp)) {
3011 3125 if (!TCP_IS_DETACHED(tcp)) {
3012 - (*connp->conn_upcalls->
3013 - su_signal_oob)
3126 + (*sockupcalls->su_signal_oob)
3014 3127 (connp->conn_upper_handle,
3015 3128 urp);
3016 3129 }
3017 3130 } else {
3018 3131 mp1 = allocb(0, BPRI_MED);
3019 3132 if (mp1 == NULL) {
3020 3133 freemsg(mp);
3021 3134 return;
3022 3135 }
3023 3136 if (!TCP_IS_DETACHED(tcp) &&
3024 3137 !putnextctl1(connp->conn_rq,
3025 3138 M_PCSIG, SIGURG)) {
3026 3139 /* Try again on the rexmit. */
3027 3140 freemsg(mp1);
3028 3141 freemsg(mp);
3029 3142 return;
3030 3143 }
3031 3144 /*
3032 3145 * If the next byte would be the mark
3033 3146 * then mark with MARKNEXT else mark
3034 3147 * with NOTMARKNEXT.
3035 3148 */
3036 3149 if (gap == 0 && urp == 0)
3037 3150 mp1->b_flag |= MSGMARKNEXT;
3038 3151 else
3039 3152 mp1->b_flag |= MSGNOTMARKNEXT;
3040 3153 freemsg(tcp->tcp_urp_mark_mp);
3041 3154 tcp->tcp_urp_mark_mp = mp1;
3042 3155 flags |= TH_SEND_URP_MARK;
3043 3156 }
3044 3157 tcp->tcp_urp_last_valid = B_TRUE;
3045 3158 tcp->tcp_urp_last = urp + seg_seq;
3046 3159 }
3047 3160 /*
3048 3161 * If this is a zero window probe, continue to
3049 3162 * process the ACK part. But we need to set seg_len
3050 3163 * to 0 to avoid data processing. Otherwise just
3051 3164 * drop the segment and send back an ACK.
3052 3165 */
3053 3166 if (tcp->tcp_rwnd == 0 && seg_seq == tcp->tcp_rnxt) {
3054 3167 flags &= ~(TH_SYN | TH_URG);
3055 3168 seg_len = 0;
3056 3169 goto process_ack;
3057 3170 } else {
3058 3171 freemsg(mp);
3059 3172 goto ack_check;
3060 3173 }
3061 3174 }
3062 3175 /* Pitch out of window stuff off the end. */
3063 3176 rgap = seg_len;
3064 3177 mp2 = mp;
3065 3178 do {
3066 3179 ASSERT((uintptr_t)(mp2->b_wptr - mp2->b_rptr) <=
3067 3180 (uintptr_t)INT_MAX);
3068 3181 rgap -= (int)(mp2->b_wptr - mp2->b_rptr);
3069 3182 if (rgap < 0) {
3070 3183 mp2->b_wptr += rgap;
3071 3184 if ((mp1 = mp2->b_cont) != NULL) {
3072 3185 mp2->b_cont = NULL;
3073 3186 freemsg(mp1);
3074 3187 }
3075 3188 break;
3076 3189 }
3077 3190 } while ((mp2 = mp2->b_cont) != NULL);
3078 3191 }
3079 3192 ok:;
3080 3193 /*
3081 3194 * TCP should check ECN info for segments inside the window only.
3082 3195 * Therefore the check should be done here.
3083 3196 */
3084 3197 if (tcp->tcp_ecn_ok) {
3085 3198 if (flags & TH_CWR) {
3086 3199 tcp->tcp_ecn_echo_on = B_FALSE;
3087 3200 }
3088 3201 /*
3089 3202 * Note that both ECN_CE and CWR can be set in the
3090 3203 * same segment. In this case, we once again turn
3091 3204 * on ECN_ECHO.
3092 3205 */
3093 3206 if (connp->conn_ipversion == IPV4_VERSION) {
3094 3207 uchar_t tos = ((ipha_t *)rptr)->ipha_type_of_service;
3095 3208
3096 3209 if ((tos & IPH_ECN_CE) == IPH_ECN_CE) {
3097 3210 tcp->tcp_ecn_echo_on = B_TRUE;
3098 3211 }
3099 3212 } else {
3100 3213 uint32_t vcf = ((ip6_t *)rptr)->ip6_vcf;
3101 3214
3102 3215 if ((vcf & htonl(IPH_ECN_CE << 20)) ==
3103 3216 htonl(IPH_ECN_CE << 20)) {
3104 3217 tcp->tcp_ecn_echo_on = B_TRUE;
3105 3218 }
3106 3219 }
3107 3220 }
3108 3221
3109 3222 /*
3110 3223 * Check whether we can update tcp_ts_recent. This test is
3111 3224 * NOT the one in RFC 1323 3.4. It is from Braden, 1993, "TCP
3112 3225 * Extensions for High Performance: An Update", Internet Draft.
3113 3226 */
3114 3227 if (tcp->tcp_snd_ts_ok &&
3115 3228 TSTMP_GEQ(tcpopt.tcp_opt_ts_val, tcp->tcp_ts_recent) &&
3116 3229 SEQ_LEQ(seg_seq, tcp->tcp_rack)) {
3117 3230 tcp->tcp_ts_recent = tcpopt.tcp_opt_ts_val;
3118 3231 tcp->tcp_last_rcv_lbolt = LBOLT_FASTPATH64;
3119 3232 }
3120 3233
3121 3234 if (seg_seq != tcp->tcp_rnxt || tcp->tcp_reass_head) {
3122 3235 /*
3123 3236 * FIN in an out of order segment. We record this in
3124 3237 * tcp_valid_bits and the seq num of FIN in tcp_ofo_fin_seq.
3125 3238 * Clear the FIN so that any check on FIN flag will fail.
3126 3239 * Remember that FIN also counts in the sequence number
3127 3240 * space. So we need to ack out of order FIN only segments.
3128 3241 */
3129 3242 if (flags & TH_FIN) {
3130 3243 tcp->tcp_valid_bits |= TCP_OFO_FIN_VALID;
3131 3244 tcp->tcp_ofo_fin_seq = seg_seq + seg_len;
3132 3245 flags &= ~TH_FIN;
3133 3246 flags |= TH_ACK_NEEDED;
3134 3247 }
3135 3248 if (seg_len > 0) {
3136 3249 /* Fill in the SACK blk list. */
3137 3250 if (tcp->tcp_snd_sack_ok) {
3138 3251 tcp_sack_insert(tcp->tcp_sack_list,
3139 3252 seg_seq, seg_seq + seg_len,
3140 3253 &(tcp->tcp_num_sack_blk));
3141 3254 }
3142 3255
3143 3256 /*
3144 3257 * Attempt reassembly and see if we have something
3145 3258 * ready to go.
3146 3259 */
3147 3260 mp = tcp_reass(tcp, mp, seg_seq);
3148 3261 /* Always ack out of order packets */
3149 3262 flags |= TH_ACK_NEEDED | TH_PUSH;
3150 3263 if (mp) {
3151 3264 ASSERT((uintptr_t)(mp->b_wptr - mp->b_rptr) <=
3152 3265 (uintptr_t)INT_MAX);
3153 3266 seg_len = mp->b_cont ? msgdsize(mp) :
3154 3267 (int)(mp->b_wptr - mp->b_rptr);
3155 3268 seg_seq = tcp->tcp_rnxt;
3156 3269 /*
3157 3270 * A gap is filled and the seq num and len
3158 3271 * of the gap match that of a previously
3159 3272 * received FIN, put the FIN flag back in.
3160 3273 */
3161 3274 if ((tcp->tcp_valid_bits & TCP_OFO_FIN_VALID) &&
3162 3275 seg_seq + seg_len == tcp->tcp_ofo_fin_seq) {
3163 3276 flags |= TH_FIN;
3164 3277 tcp->tcp_valid_bits &=
3165 3278 ~TCP_OFO_FIN_VALID;
3166 3279 }
3167 3280 if (tcp->tcp_reass_tid != 0) {
3168 3281 (void) TCP_TIMER_CANCEL(tcp,
3169 3282 tcp->tcp_reass_tid);
3170 3283 /*
3171 3284 * Restart the timer if there is still
3172 3285 * data in the reassembly queue.
3173 3286 */
3174 3287 if (tcp->tcp_reass_head != NULL) {
3175 3288 tcp->tcp_reass_tid = TCP_TIMER(
3176 3289 tcp, tcp_reass_timer,
3177 3290 tcps->tcps_reass_timeout);
3178 3291 } else {
3179 3292 tcp->tcp_reass_tid = 0;
3180 3293 }
3181 3294 }
3182 3295 } else {
3183 3296 /*
3184 3297 * Keep going even with NULL mp.
3185 3298 * There may be a useful ACK or something else
3186 3299 * we don't want to miss.
3187 3300 *
3188 3301 * But TCP should not perform fast retransmit
3189 3302 * because of the ack number. TCP uses
3190 3303 * seg_len == 0 to determine if it is a pure
3191 3304 * ACK. And this is not a pure ACK.
3192 3305 */
3193 3306 seg_len = 0;
3194 3307 ofo_seg = B_TRUE;
3195 3308
3196 3309 if (tcps->tcps_reass_timeout != 0 &&
3197 3310 tcp->tcp_reass_tid == 0) {
3198 3311 tcp->tcp_reass_tid = TCP_TIMER(tcp,
3199 3312 tcp_reass_timer,
3200 3313 tcps->tcps_reass_timeout);
3201 3314 }
3202 3315 }
3203 3316 }
3204 3317 } else if (seg_len > 0) {
3205 3318 TCPS_BUMP_MIB(tcps, tcpInDataInorderSegs);
3206 3319 TCPS_UPDATE_MIB(tcps, tcpInDataInorderBytes, seg_len);
3207 3320 /*
3208 3321 * If an out of order FIN was received before, and the seq
3209 3322 * num and len of the new segment match that of the FIN,
3210 3323 * put the FIN flag back in.
3211 3324 */
3212 3325 if ((tcp->tcp_valid_bits & TCP_OFO_FIN_VALID) &&
3213 3326 seg_seq + seg_len == tcp->tcp_ofo_fin_seq) {
3214 3327 flags |= TH_FIN;
3215 3328 tcp->tcp_valid_bits &= ~TCP_OFO_FIN_VALID;
3216 3329 }
3217 3330 }
3218 3331 if ((flags & (TH_RST | TH_SYN | TH_URG | TH_ACK)) != TH_ACK) {
3219 3332 if (flags & TH_RST) {
3220 3333 freemsg(mp);
3221 3334 switch (tcp->tcp_state) {
3222 3335 case TCPS_SYN_RCVD:
3223 3336 (void) tcp_clean_death(tcp, ECONNREFUSED);
3224 3337 break;
3225 3338 case TCPS_ESTABLISHED:
3226 3339 case TCPS_FIN_WAIT_1:
3227 3340 case TCPS_FIN_WAIT_2:
3228 3341 case TCPS_CLOSE_WAIT:
3229 3342 (void) tcp_clean_death(tcp, ECONNRESET);
3230 3343 break;
3231 3344 case TCPS_CLOSING:
3232 3345 case TCPS_LAST_ACK:
3233 3346 (void) tcp_clean_death(tcp, 0);
3234 3347 break;
3235 3348 default:
3236 3349 ASSERT(tcp->tcp_state != TCPS_TIME_WAIT);
3237 3350 (void) tcp_clean_death(tcp, ENXIO);
3238 3351 break;
3239 3352 }
3240 3353 return;
3241 3354 }
3242 3355 if (flags & TH_SYN) {
3243 3356 /*
3244 3357 * See RFC 793, Page 71
3245 3358 *
3246 3359 * The seq number must be in the window as it should
3247 3360 * be "fixed" above. If it is outside window, it should
3248 3361 * be already rejected. Note that we allow seg_seq to be
3249 3362 * rnxt + rwnd because we want to accept 0 window probe.
3250 3363 */
3251 3364 ASSERT(SEQ_GEQ(seg_seq, tcp->tcp_rnxt) &&
3252 3365 SEQ_LEQ(seg_seq, tcp->tcp_rnxt + tcp->tcp_rwnd));
3253 3366 freemsg(mp);
3254 3367 /*
3255 3368 * If the ACK flag is not set, just use our snxt as the
3256 3369 * seq number of the RST segment.
3257 3370 */
3258 3371 if (!(flags & TH_ACK)) {
3259 3372 seg_ack = tcp->tcp_snxt;
3260 3373 }
3261 3374 tcp_xmit_ctl("TH_SYN", tcp, seg_ack, seg_seq + 1,
3262 3375 TH_RST|TH_ACK);
3263 3376 ASSERT(tcp->tcp_state != TCPS_TIME_WAIT);
3264 3377 (void) tcp_clean_death(tcp, ECONNRESET);
3265 3378 return;
3266 3379 }
3267 3380 /*
3268 3381 * urp could be -1 when the urp field in the packet is 0
3269 3382 * and TCP_OLD_URP_INTERPRETATION is set. This implies that the urgent
3270 3383 * byte was at seg_seq - 1, in which case we ignore the urgent flag.
3271 3384 */
3272 3385 if (flags & TH_URG && urp >= 0) {
3273 3386 if (!tcp->tcp_urp_last_valid ||
3274 3387 SEQ_GT(urp + seg_seq, tcp->tcp_urp_last)) {
3275 3388 /*
3276 3389 * Non-STREAMS sockets handle the urgent data a litte
3277 3390 * differently from STREAMS based sockets. There is no
3278 3391 * need to mark any mblks with the MSG{NOT,}MARKNEXT
3279 3392 * flags to keep SIOCATMARK happy. Instead a
3280 3393 * su_signal_oob upcall is made to update the mark.
|
↓ open down ↓ |
257 lines elided |
↑ open up ↑ |
3281 3394 * Neither is a T_EXDATA_IND mblk needed to be
3282 3395 * prepended to the urgent data. The urgent data is
3283 3396 * delivered using the su_recv upcall, where we set
3284 3397 * the MSG_OOB flag to indicate that it is urg data.
3285 3398 *
3286 3399 * Neither TH_SEND_URP_MARK nor TH_MARKNEXT_NEEDED
3287 3400 * are used by non-STREAMS sockets.
3288 3401 */
3289 3402 if (IPCL_IS_NONSTR(connp)) {
3290 3403 if (!TCP_IS_DETACHED(tcp)) {
3291 - (*connp->conn_upcalls->su_signal_oob)
3404 + (*sockupcalls->su_signal_oob)
3292 3405 (connp->conn_upper_handle, urp);
3293 3406 }
3294 3407 } else {
3295 3408 /*
3296 3409 * If we haven't generated the signal yet for
3297 3410 * this urgent pointer value, do it now. Also,
3298 3411 * send up a zero-length M_DATA indicating
3299 3412 * whether or not this is the mark. The latter
3300 3413 * is not needed when a T_EXDATA_IND is sent up.
3301 3414 * However, if there are allocation failures
3302 3415 * this code relies on the sender retransmitting
3303 3416 * and the socket code for determining the mark
3304 3417 * should not block waiting for the peer to
3305 3418 * transmit. Thus, for simplicity we always
3306 3419 * send up the mark indication.
3307 3420 */
3308 3421 mp1 = allocb(0, BPRI_MED);
3309 3422 if (mp1 == NULL) {
3310 3423 freemsg(mp);
3311 3424 return;
3312 3425 }
3313 3426 if (!TCP_IS_DETACHED(tcp) &&
3314 3427 !putnextctl1(connp->conn_rq, M_PCSIG,
3315 3428 SIGURG)) {
3316 3429 /* Try again on the rexmit. */
3317 3430 freemsg(mp1);
3318 3431 freemsg(mp);
3319 3432 return;
3320 3433 }
3321 3434 /*
3322 3435 * Mark with NOTMARKNEXT for now.
3323 3436 * The code below will change this to MARKNEXT
3324 3437 * if we are at the mark.
3325 3438 *
3326 3439 * If there are allocation failures (e.g. in
3327 3440 * dupmsg below) the next time tcp_input_data
3328 3441 * sees the urgent segment it will send up the
3329 3442 * MSGMARKNEXT message.
3330 3443 */
3331 3444 mp1->b_flag |= MSGNOTMARKNEXT;
3332 3445 freemsg(tcp->tcp_urp_mark_mp);
3333 3446 tcp->tcp_urp_mark_mp = mp1;
3334 3447 flags |= TH_SEND_URP_MARK;
3335 3448 #ifdef DEBUG
3336 3449 (void) strlog(TCP_MOD_ID, 0, 1, SL_TRACE,
3337 3450 "tcp_rput: sent M_PCSIG 2 seq %x urp %x "
3338 3451 "last %x, %s",
3339 3452 seg_seq, urp, tcp->tcp_urp_last,
3340 3453 tcp_display(tcp, NULL, DISP_PORT_ONLY));
3341 3454 #endif /* DEBUG */
3342 3455 }
3343 3456 tcp->tcp_urp_last_valid = B_TRUE;
3344 3457 tcp->tcp_urp_last = urp + seg_seq;
3345 3458 } else if (tcp->tcp_urp_mark_mp != NULL) {
3346 3459 /*
3347 3460 * An allocation failure prevented the previous
3348 3461 * tcp_input_data from sending up the allocated
3349 3462 * MSG*MARKNEXT message - send it up this time
3350 3463 * around.
3351 3464 */
3352 3465 flags |= TH_SEND_URP_MARK;
3353 3466 }
3354 3467
3355 3468 /*
3356 3469 * If the urgent byte is in this segment, make sure that it is
3357 3470 * all by itself. This makes it much easier to deal with the
3358 3471 * possibility of an allocation failure on the T_exdata_ind.
3359 3472 * Note that seg_len is the number of bytes in the segment, and
3360 3473 * urp is the offset into the segment of the urgent byte.
3361 3474 * urp < seg_len means that the urgent byte is in this segment.
3362 3475 */
3363 3476 if (urp < seg_len) {
3364 3477 if (seg_len != 1) {
3365 3478 uint32_t tmp_rnxt;
3366 3479 /*
3367 3480 * Break it up and feed it back in.
3368 3481 * Re-attach the IP header.
3369 3482 */
3370 3483 mp->b_rptr = iphdr;
3371 3484 if (urp > 0) {
3372 3485 /*
3373 3486 * There is stuff before the urgent
3374 3487 * byte.
3375 3488 */
3376 3489 mp1 = dupmsg(mp);
3377 3490 if (!mp1) {
3378 3491 /*
3379 3492 * Trim from urgent byte on.
3380 3493 * The rest will come back.
3381 3494 */
3382 3495 (void) adjmsg(mp,
3383 3496 urp - seg_len);
3384 3497 tcp_input_data(connp,
3385 3498 mp, NULL, ira);
3386 3499 return;
3387 3500 }
3388 3501 (void) adjmsg(mp1, urp - seg_len);
3389 3502 /* Feed this piece back in. */
3390 3503 tmp_rnxt = tcp->tcp_rnxt;
3391 3504 tcp_input_data(connp, mp1, NULL, ira);
3392 3505 /*
3393 3506 * If the data passed back in was not
3394 3507 * processed (ie: bad ACK) sending
3395 3508 * the remainder back in will cause a
3396 3509 * loop. In this case, drop the
3397 3510 * packet and let the sender try
3398 3511 * sending a good packet.
3399 3512 */
3400 3513 if (tmp_rnxt == tcp->tcp_rnxt) {
3401 3514 freemsg(mp);
3402 3515 return;
3403 3516 }
3404 3517 }
3405 3518 if (urp != seg_len - 1) {
3406 3519 uint32_t tmp_rnxt;
3407 3520 /*
3408 3521 * There is stuff after the urgent
3409 3522 * byte.
3410 3523 */
3411 3524 mp1 = dupmsg(mp);
3412 3525 if (!mp1) {
3413 3526 /*
3414 3527 * Trim everything beyond the
3415 3528 * urgent byte. The rest will
3416 3529 * come back.
3417 3530 */
3418 3531 (void) adjmsg(mp,
3419 3532 urp + 1 - seg_len);
3420 3533 tcp_input_data(connp,
3421 3534 mp, NULL, ira);
3422 3535 return;
3423 3536 }
3424 3537 (void) adjmsg(mp1, urp + 1 - seg_len);
3425 3538 tmp_rnxt = tcp->tcp_rnxt;
3426 3539 tcp_input_data(connp, mp1, NULL, ira);
3427 3540 /*
3428 3541 * If the data passed back in was not
3429 3542 * processed (ie: bad ACK) sending
3430 3543 * the remainder back in will cause a
3431 3544 * loop. In this case, drop the
3432 3545 * packet and let the sender try
3433 3546 * sending a good packet.
3434 3547 */
3435 3548 if (tmp_rnxt == tcp->tcp_rnxt) {
3436 3549 freemsg(mp);
3437 3550 return;
3438 3551 }
3439 3552 }
|
↓ open down ↓ |
138 lines elided |
↑ open up ↑ |
3440 3553 tcp_input_data(connp, mp, NULL, ira);
3441 3554 return;
3442 3555 }
3443 3556 /*
3444 3557 * This segment contains only the urgent byte. We
3445 3558 * have to allocate the T_exdata_ind, if we can.
3446 3559 */
3447 3560 if (IPCL_IS_NONSTR(connp)) {
3448 3561 int error;
3449 3562
3450 - (*connp->conn_upcalls->su_recv)
3563 + (*sockupcalls->su_recv)
3451 3564 (connp->conn_upper_handle, mp, seg_len,
3452 3565 MSG_OOB, &error, NULL);
3453 3566 /*
3454 3567 * We should never be in middle of a
3455 3568 * fallback, the squeue guarantees that.
3456 3569 */
3457 3570 ASSERT(error != EOPNOTSUPP);
3458 3571 mp = NULL;
3459 3572 goto update_ack;
3460 3573 } else if (!tcp->tcp_urp_mp) {
3461 3574 struct T_exdata_ind *tei;
3462 3575 mp1 = allocb(sizeof (struct T_exdata_ind),
3463 3576 BPRI_MED);
3464 3577 if (!mp1) {
3465 3578 /*
3466 3579 * Sigh... It'll be back.
3467 3580 * Generate any MSG*MARK message now.
3468 3581 */
3469 3582 freemsg(mp);
3470 3583 seg_len = 0;
3471 3584 if (flags & TH_SEND_URP_MARK) {
3472 3585
3473 3586
3474 3587 ASSERT(tcp->tcp_urp_mark_mp);
3475 3588 tcp->tcp_urp_mark_mp->b_flag &=
3476 3589 ~MSGNOTMARKNEXT;
3477 3590 tcp->tcp_urp_mark_mp->b_flag |=
3478 3591 MSGMARKNEXT;
3479 3592 }
3480 3593 goto ack_check;
3481 3594 }
3482 3595 mp1->b_datap->db_type = M_PROTO;
3483 3596 tei = (struct T_exdata_ind *)mp1->b_rptr;
3484 3597 tei->PRIM_type = T_EXDATA_IND;
3485 3598 tei->MORE_flag = 0;
3486 3599 mp1->b_wptr = (uchar_t *)&tei[1];
3487 3600 tcp->tcp_urp_mp = mp1;
3488 3601 #ifdef DEBUG
3489 3602 (void) strlog(TCP_MOD_ID, 0, 1, SL_TRACE,
3490 3603 "tcp_rput: allocated exdata_ind %s",
3491 3604 tcp_display(tcp, NULL,
3492 3605 DISP_PORT_ONLY));
3493 3606 #endif /* DEBUG */
3494 3607 /*
3495 3608 * There is no need to send a separate MSG*MARK
3496 3609 * message since the T_EXDATA_IND will be sent
3497 3610 * now.
3498 3611 */
3499 3612 flags &= ~TH_SEND_URP_MARK;
3500 3613 freemsg(tcp->tcp_urp_mark_mp);
3501 3614 tcp->tcp_urp_mark_mp = NULL;
3502 3615 }
3503 3616 /*
3504 3617 * Now we are all set. On the next putnext upstream,
3505 3618 * tcp_urp_mp will be non-NULL and will get prepended
3506 3619 * to what has to be this piece containing the urgent
3507 3620 * byte. If for any reason we abort this segment below,
3508 3621 * if it comes back, we will have this ready, or it
3509 3622 * will get blown off in close.
3510 3623 */
3511 3624 } else if (urp == seg_len) {
3512 3625 /*
3513 3626 * The urgent byte is the next byte after this sequence
3514 3627 * number. If this endpoint is non-STREAMS, then there
3515 3628 * is nothing to do here since the socket has already
3516 3629 * been notified about the urg pointer by the
3517 3630 * su_signal_oob call above.
3518 3631 *
3519 3632 * In case of STREAMS, some more work might be needed.
3520 3633 * If there is data it is marked with MSGMARKNEXT and
3521 3634 * and any tcp_urp_mark_mp is discarded since it is not
3522 3635 * needed. Otherwise, if the code above just allocated
3523 3636 * a zero-length tcp_urp_mark_mp message, that message
3524 3637 * is tagged with MSGMARKNEXT. Sending up these
3525 3638 * MSGMARKNEXT messages makes SIOCATMARK work correctly
3526 3639 * even though the T_EXDATA_IND will not be sent up
3527 3640 * until the urgent byte arrives.
3528 3641 */
3529 3642 if (!IPCL_IS_NONSTR(tcp->tcp_connp)) {
3530 3643 if (seg_len != 0) {
3531 3644 flags |= TH_MARKNEXT_NEEDED;
3532 3645 freemsg(tcp->tcp_urp_mark_mp);
3533 3646 tcp->tcp_urp_mark_mp = NULL;
3534 3647 flags &= ~TH_SEND_URP_MARK;
3535 3648 } else if (tcp->tcp_urp_mark_mp != NULL) {
3536 3649 flags |= TH_SEND_URP_MARK;
3537 3650 tcp->tcp_urp_mark_mp->b_flag &=
3538 3651 ~MSGNOTMARKNEXT;
3539 3652 tcp->tcp_urp_mark_mp->b_flag |=
3540 3653 MSGMARKNEXT;
3541 3654 }
3542 3655 }
3543 3656 #ifdef DEBUG
3544 3657 (void) strlog(TCP_MOD_ID, 0, 1, SL_TRACE,
3545 3658 "tcp_rput: AT MARK, len %d, flags 0x%x, %s",
3546 3659 seg_len, flags,
3547 3660 tcp_display(tcp, NULL, DISP_PORT_ONLY));
3548 3661 #endif /* DEBUG */
3549 3662 }
3550 3663 #ifdef DEBUG
3551 3664 else {
3552 3665 /* Data left until we hit mark */
3553 3666 (void) strlog(TCP_MOD_ID, 0, 1, SL_TRACE,
3554 3667 "tcp_rput: URP %d bytes left, %s",
3555 3668 urp - seg_len, tcp_display(tcp, NULL,
3556 3669 DISP_PORT_ONLY));
3557 3670 }
3558 3671 #endif /* DEBUG */
3559 3672 }
3560 3673
3561 3674 process_ack:
3562 3675 if (!(flags & TH_ACK)) {
3563 3676 freemsg(mp);
3564 3677 goto xmit_check;
3565 3678 }
3566 3679 }
3567 3680 bytes_acked = (int)(seg_ack - tcp->tcp_suna);
3568 3681
3569 3682 if (bytes_acked > 0)
3570 3683 tcp->tcp_ip_forward_progress = B_TRUE;
3571 3684 if (tcp->tcp_state == TCPS_SYN_RCVD) {
3572 3685 /*
3573 3686 * tcp_sendmsg() checks tcp_state without entering
3574 3687 * the squeue so tcp_state should be updated before
3575 3688 * sending up a connection confirmation or a new
3576 3689 * connection indication.
3577 3690 */
3578 3691 tcp->tcp_state = TCPS_ESTABLISHED;
3579 3692
3580 3693 /*
3581 3694 * We are seeing the final ack in the three way
3582 3695 * hand shake of a active open'ed connection
3583 3696 * so we must send up a T_CONN_CON
3584 3697 */
3585 3698 if (tcp->tcp_active_open) {
3586 3699 if (!tcp_conn_con(tcp, iphdr, mp, NULL, ira)) {
3587 3700 freemsg(mp);
3588 3701 tcp->tcp_state = TCPS_SYN_RCVD;
3589 3702 return;
3590 3703 }
3591 3704 /*
3592 3705 * Don't fuse the loopback endpoints for
3593 3706 * simultaneous active opens.
3594 3707 */
3595 3708 if (tcp->tcp_loopback) {
3596 3709 TCP_STAT(tcps, tcp_fusion_unfusable);
3597 3710 tcp->tcp_unfusable = B_TRUE;
3598 3711 }
3599 3712 /*
3600 3713 * For simultaneous active open, trace receipt of final
3601 3714 * ACK as tcp:::connect-established.
3602 3715 */
3603 3716 DTRACE_TCP5(connect__established, mblk_t *, NULL,
3604 3717 ip_xmit_attr_t *, connp->conn_ixa, void_ip_t *,
3605 3718 iphdr, tcp_t *, tcp, tcph_t *, tcpha);
3606 3719 } else if (IPCL_IS_NONSTR(connp)) {
3607 3720 /*
3608 3721 * 3-way handshake has completed, so notify socket
3609 3722 * of the new connection.
3610 3723 *
3611 3724 * We are here means eager is fine but it can
3612 3725 * get a TH_RST at any point between now and till
3613 3726 * accept completes and disappear. We need to
3614 3727 * ensure that reference to eager is valid after
3615 3728 * we get out of eager's perimeter. So we do
3616 3729 * an extra refhold.
3617 3730 */
3618 3731 CONN_INC_REF(connp);
3619 3732
3620 3733 if (!tcp_newconn_notify(tcp, ira)) {
3621 3734 /*
3622 3735 * The state-change probe for SYN_RCVD ->
3623 3736 * ESTABLISHED has not fired yet. We reset
3624 3737 * the state to SYN_RCVD so that future
3625 3738 * state-change probes report correct state
3626 3739 * transistions.
3627 3740 */
3628 3741 tcp->tcp_state = TCPS_SYN_RCVD;
3629 3742 freemsg(mp);
3630 3743 /* notification did not go up, so drop ref */
3631 3744 CONN_DEC_REF(connp);
3632 3745 /* ... and close the eager */
3633 3746 ASSERT(TCP_IS_DETACHED(tcp));
3634 3747 (void) tcp_close_detached(tcp);
3635 3748 return;
3636 3749 }
3637 3750 /*
3638 3751 * For passive open, trace receipt of final ACK as
3639 3752 * tcp:::accept-established.
3640 3753 */
3641 3754 DTRACE_TCP5(accept__established, mlbk_t *, NULL,
3642 3755 ip_xmit_attr_t *, connp->conn_ixa, void_ip_t *,
3643 3756 iphdr, tcp_t *, tcp, tcph_t *, tcpha);
3644 3757 } else {
3645 3758 /*
3646 3759 * 3-way handshake complete - this is a STREAMS based
3647 3760 * socket, so pass up the T_CONN_IND.
3648 3761 */
3649 3762 tcp_t *listener = tcp->tcp_listener;
3650 3763 mblk_t *mp = tcp->tcp_conn.tcp_eager_conn_ind;
3651 3764
3652 3765 tcp->tcp_tconnind_started = B_TRUE;
3653 3766 tcp->tcp_conn.tcp_eager_conn_ind = NULL;
3654 3767 ASSERT(mp != NULL);
3655 3768 /*
3656 3769 * We are here means eager is fine but it can
3657 3770 * get a TH_RST at any point between now and till
3658 3771 * accept completes and disappear. We need to
3659 3772 * ensure that reference to eager is valid after
3660 3773 * we get out of eager's perimeter. So we do
3661 3774 * an extra refhold.
3662 3775 */
3663 3776 CONN_INC_REF(connp);
3664 3777
3665 3778 /*
3666 3779 * The listener also exists because of the refhold
3667 3780 * done in tcp_input_listener. Its possible that it
3668 3781 * might have closed. We will check that once we
3669 3782 * get inside listeners context.
3670 3783 */
3671 3784 CONN_INC_REF(listener->tcp_connp);
3672 3785 if (listener->tcp_connp->conn_sqp ==
3673 3786 connp->conn_sqp) {
3674 3787 /*
3675 3788 * We optimize by not calling an SQUEUE_ENTER
3676 3789 * on the listener since we know that the
3677 3790 * listener and eager squeues are the same.
3678 3791 * We are able to make this check safely only
3679 3792 * because neither the eager nor the listener
3680 3793 * can change its squeue. Only an active connect
3681 3794 * can change its squeue
3682 3795 */
3683 3796 tcp_send_conn_ind(listener->tcp_connp, mp,
3684 3797 listener->tcp_connp->conn_sqp);
3685 3798 CONN_DEC_REF(listener->tcp_connp);
3686 3799 } else if (!tcp->tcp_loopback) {
3687 3800 SQUEUE_ENTER_ONE(listener->tcp_connp->conn_sqp,
3688 3801 mp, tcp_send_conn_ind,
3689 3802 listener->tcp_connp, NULL, SQ_FILL,
3690 3803 SQTAG_TCP_CONN_IND);
3691 3804 } else {
3692 3805 SQUEUE_ENTER_ONE(listener->tcp_connp->conn_sqp,
3693 3806 mp, tcp_send_conn_ind,
3694 3807 listener->tcp_connp, NULL, SQ_NODRAIN,
3695 3808 SQTAG_TCP_CONN_IND);
3696 3809 }
3697 3810 /*
3698 3811 * For passive open, trace receipt of final ACK as
3699 3812 * tcp:::accept-established.
3700 3813 */
3701 3814 DTRACE_TCP5(accept__established, mlbk_t *, NULL,
3702 3815 ip_xmit_attr_t *, connp->conn_ixa, void_ip_t *,
3703 3816 iphdr, tcp_t *, tcp, tcph_t *, tcpha);
3704 3817 }
3705 3818 TCPS_CONN_INC(tcps);
3706 3819
3707 3820 tcp->tcp_suna = tcp->tcp_iss + 1; /* One for the SYN */
3708 3821 bytes_acked--;
3709 3822 /* SYN was acked - making progress */
3710 3823 tcp->tcp_ip_forward_progress = B_TRUE;
3711 3824
3712 3825 /*
3713 3826 * If SYN was retransmitted, need to reset all
3714 3827 * retransmission info as this segment will be
3715 3828 * treated as a dup ACK.
3716 3829 */
3717 3830 if (tcp->tcp_rexmit) {
3718 3831 tcp->tcp_rexmit = B_FALSE;
3719 3832 tcp->tcp_rexmit_nxt = tcp->tcp_snxt;
3720 3833 tcp->tcp_rexmit_max = tcp->tcp_snxt;
3721 3834 tcp->tcp_snd_burst = tcp->tcp_localnet ?
3722 3835 TCP_CWND_INFINITE : TCP_CWND_NORMAL;
3723 3836 tcp->tcp_ms_we_have_waited = 0;
3724 3837 tcp->tcp_cwnd = mss;
3725 3838 }
3726 3839
3727 3840 /*
3728 3841 * We set the send window to zero here.
3729 3842 * This is needed if there is data to be
3730 3843 * processed already on the queue.
3731 3844 * Later (at swnd_update label), the
3732 3845 * "new_swnd > tcp_swnd" condition is satisfied
3733 3846 * the XMIT_NEEDED flag is set in the current
3734 3847 * (SYN_RCVD) state. This ensures tcp_wput_data() is
3735 3848 * called if there is already data on queue in
3736 3849 * this state.
3737 3850 */
3738 3851 tcp->tcp_swnd = 0;
3739 3852
3740 3853 if (new_swnd > tcp->tcp_max_swnd)
3741 3854 tcp->tcp_max_swnd = new_swnd;
3742 3855 tcp->tcp_swl1 = seg_seq;
3743 3856 tcp->tcp_swl2 = seg_ack;
3744 3857 tcp->tcp_valid_bits &= ~TCP_ISS_VALID;
3745 3858
3746 3859 /* Trace change from SYN_RCVD -> ESTABLISHED here */
3747 3860 DTRACE_TCP6(state__change, void, NULL, ip_xmit_attr_t *,
3748 3861 connp->conn_ixa, void, NULL, tcp_t *, tcp, void, NULL,
3749 3862 int32_t, TCPS_SYN_RCVD);
3750 3863
3751 3864 /* Fuse when both sides are in ESTABLISHED state */
3752 3865 if (tcp->tcp_loopback && do_tcp_fusion)
3753 3866 tcp_fuse(tcp, iphdr, tcpha);
3754 3867
3755 3868 }
3756 3869 /* This code follows 4.4BSD-Lite2 mostly. */
3757 3870 if (bytes_acked < 0)
3758 3871 goto est;
3759 3872
3760 3873 /*
3761 3874 * If TCP is ECN capable and the congestion experience bit is
3762 3875 * set, reduce tcp_cwnd and tcp_ssthresh. But this should only be
3763 3876 * done once per window (or more loosely, per RTT).
3764 3877 */
3765 3878 if (tcp->tcp_cwr && SEQ_GT(seg_ack, tcp->tcp_cwr_snd_max))
3766 3879 tcp->tcp_cwr = B_FALSE;
3767 3880 if (tcp->tcp_ecn_ok && (flags & TH_ECE)) {
3768 3881 if (!tcp->tcp_cwr) {
3769 3882 npkt = ((tcp->tcp_snxt - tcp->tcp_suna) >> 1) / mss;
3770 3883 tcp->tcp_cwnd_ssthresh = MAX(npkt, 2) * mss;
3771 3884 tcp->tcp_cwnd = npkt * mss;
3772 3885 /*
3773 3886 * If the cwnd is 0, use the timer to clock out
3774 3887 * new segments. This is required by the ECN spec.
3775 3888 */
3776 3889 if (npkt == 0) {
3777 3890 TCP_TIMER_RESTART(tcp, tcp->tcp_rto);
3778 3891 /*
3779 3892 * This makes sure that when the ACK comes
3780 3893 * back, we will increase tcp_cwnd by 1 MSS.
3781 3894 */
3782 3895 tcp->tcp_cwnd_cnt = 0;
3783 3896 }
3784 3897 tcp->tcp_cwr = B_TRUE;
3785 3898 /*
3786 3899 * This marks the end of the current window of in
3787 3900 * flight data. That is why we don't use
3788 3901 * tcp_suna + tcp_swnd. Only data in flight can
3789 3902 * provide ECN info.
3790 3903 */
3791 3904 tcp->tcp_cwr_snd_max = tcp->tcp_snxt;
3792 3905 tcp->tcp_ecn_cwr_sent = B_FALSE;
3793 3906 }
3794 3907 }
3795 3908
3796 3909 mp1 = tcp->tcp_xmit_head;
3797 3910 if (bytes_acked == 0) {
3798 3911 if (!ofo_seg && seg_len == 0 && new_swnd == tcp->tcp_swnd) {
3799 3912 int dupack_cnt;
3800 3913
3801 3914 TCPS_BUMP_MIB(tcps, tcpInDupAck);
3802 3915 /*
3803 3916 * Fast retransmit. When we have seen exactly three
3804 3917 * identical ACKs while we have unacked data
3805 3918 * outstanding we take it as a hint that our peer
3806 3919 * dropped something.
3807 3920 *
3808 3921 * If TCP is retransmitting, don't do fast retransmit.
3809 3922 */
3810 3923 if (mp1 && tcp->tcp_suna != tcp->tcp_snxt &&
3811 3924 ! tcp->tcp_rexmit) {
3812 3925 /* Do Limited Transmit */
3813 3926 if ((dupack_cnt = ++tcp->tcp_dupack_cnt) <
3814 3927 tcps->tcps_dupack_fast_retransmit) {
3815 3928 /*
3816 3929 * RFC 3042
3817 3930 *
3818 3931 * What we need to do is temporarily
3819 3932 * increase tcp_cwnd so that new
3820 3933 * data can be sent if it is allowed
3821 3934 * by the receive window (tcp_rwnd).
3822 3935 * tcp_wput_data() will take care of
3823 3936 * the rest.
3824 3937 *
3825 3938 * If the connection is SACK capable,
3826 3939 * only do limited xmit when there
3827 3940 * is SACK info.
3828 3941 *
3829 3942 * Note how tcp_cwnd is incremented.
3830 3943 * The first dup ACK will increase
3831 3944 * it by 1 MSS. The second dup ACK
3832 3945 * will increase it by 2 MSS. This
3833 3946 * means that only 1 new segment will
3834 3947 * be sent for each dup ACK.
3835 3948 */
3836 3949 if (tcp->tcp_unsent > 0 &&
3837 3950 (!tcp->tcp_snd_sack_ok ||
3838 3951 (tcp->tcp_snd_sack_ok &&
3839 3952 tcp->tcp_notsack_list != NULL))) {
3840 3953 tcp->tcp_cwnd += mss <<
3841 3954 (tcp->tcp_dupack_cnt - 1);
3842 3955 flags |= TH_LIMIT_XMIT;
3843 3956 }
3844 3957 } else if (dupack_cnt ==
3845 3958 tcps->tcps_dupack_fast_retransmit) {
3846 3959
3847 3960 /*
3848 3961 * If we have reduced tcp_ssthresh
3849 3962 * because of ECN, do not reduce it again
3850 3963 * unless it is already one window of data
3851 3964 * away. After one window of data, tcp_cwr
3852 3965 * should then be cleared. Note that
3853 3966 * for non ECN capable connection, tcp_cwr
3854 3967 * should always be false.
3855 3968 *
3856 3969 * Adjust cwnd since the duplicate
3857 3970 * ack indicates that a packet was
3858 3971 * dropped (due to congestion.)
3859 3972 */
3860 3973 if (!tcp->tcp_cwr) {
3861 3974 npkt = ((tcp->tcp_snxt -
3862 3975 tcp->tcp_suna) >> 1) / mss;
3863 3976 tcp->tcp_cwnd_ssthresh = MAX(npkt, 2) *
3864 3977 mss;
3865 3978 tcp->tcp_cwnd = (npkt +
3866 3979 tcp->tcp_dupack_cnt) * mss;
3867 3980 }
3868 3981 if (tcp->tcp_ecn_ok) {
3869 3982 tcp->tcp_cwr = B_TRUE;
3870 3983 tcp->tcp_cwr_snd_max = tcp->tcp_snxt;
3871 3984 tcp->tcp_ecn_cwr_sent = B_FALSE;
3872 3985 }
3873 3986
3874 3987 /*
3875 3988 * We do Hoe's algorithm. Refer to her
3876 3989 * paper "Improving the Start-up Behavior
3877 3990 * of a Congestion Control Scheme for TCP,"
3878 3991 * appeared in SIGCOMM'96.
3879 3992 *
3880 3993 * Save highest seq no we have sent so far.
3881 3994 * Be careful about the invisible FIN byte.
3882 3995 */
3883 3996 if ((tcp->tcp_valid_bits & TCP_FSS_VALID) &&
3884 3997 (tcp->tcp_unsent == 0)) {
3885 3998 tcp->tcp_rexmit_max = tcp->tcp_fss;
3886 3999 } else {
3887 4000 tcp->tcp_rexmit_max = tcp->tcp_snxt;
3888 4001 }
3889 4002
3890 4003 /*
3891 4004 * Do not allow bursty traffic during.
3892 4005 * fast recovery. Refer to Fall and Floyd's
3893 4006 * paper "Simulation-based Comparisons of
3894 4007 * Tahoe, Reno and SACK TCP" (in CCR?)
3895 4008 * This is a best current practise.
3896 4009 */
3897 4010 tcp->tcp_snd_burst = TCP_CWND_SS;
3898 4011
3899 4012 /*
3900 4013 * For SACK:
3901 4014 * Calculate tcp_pipe, which is the
3902 4015 * estimated number of bytes in
3903 4016 * network.
3904 4017 *
3905 4018 * tcp_fack is the highest sack'ed seq num
3906 4019 * TCP has received.
3907 4020 *
3908 4021 * tcp_pipe is explained in the above quoted
3909 4022 * Fall and Floyd's paper. tcp_fack is
3910 4023 * explained in Mathis and Mahdavi's
3911 4024 * "Forward Acknowledgment: Refining TCP
3912 4025 * Congestion Control" in SIGCOMM '96.
3913 4026 */
3914 4027 if (tcp->tcp_snd_sack_ok) {
3915 4028 if (tcp->tcp_notsack_list != NULL) {
3916 4029 tcp->tcp_pipe = tcp->tcp_snxt -
3917 4030 tcp->tcp_fack;
3918 4031 tcp->tcp_sack_snxt = seg_ack;
3919 4032 flags |= TH_NEED_SACK_REXMIT;
3920 4033 } else {
3921 4034 /*
3922 4035 * Always initialize tcp_pipe
3923 4036 * even though we don't have
3924 4037 * any SACK info. If later
3925 4038 * we get SACK info and
3926 4039 * tcp_pipe is not initialized,
3927 4040 * funny things will happen.
3928 4041 */
3929 4042 tcp->tcp_pipe =
3930 4043 tcp->tcp_cwnd_ssthresh;
3931 4044 }
3932 4045 } else {
3933 4046 flags |= TH_REXMIT_NEEDED;
3934 4047 } /* tcp_snd_sack_ok */
3935 4048
3936 4049 } else {
3937 4050 /*
3938 4051 * Here we perform congestion
3939 4052 * avoidance, but NOT slow start.
3940 4053 * This is known as the Fast
3941 4054 * Recovery Algorithm.
3942 4055 */
3943 4056 if (tcp->tcp_snd_sack_ok &&
3944 4057 tcp->tcp_notsack_list != NULL) {
3945 4058 flags |= TH_NEED_SACK_REXMIT;
3946 4059 tcp->tcp_pipe -= mss;
3947 4060 if (tcp->tcp_pipe < 0)
3948 4061 tcp->tcp_pipe = 0;
3949 4062 } else {
3950 4063 /*
3951 4064 * We know that one more packet has
3952 4065 * left the pipe thus we can update
3953 4066 * cwnd.
3954 4067 */
3955 4068 cwnd = tcp->tcp_cwnd + mss;
3956 4069 if (cwnd > tcp->tcp_cwnd_max)
3957 4070 cwnd = tcp->tcp_cwnd_max;
3958 4071 tcp->tcp_cwnd = cwnd;
3959 4072 if (tcp->tcp_unsent > 0)
3960 4073 flags |= TH_XMIT_NEEDED;
3961 4074 }
3962 4075 }
3963 4076 }
3964 4077 } else if (tcp->tcp_zero_win_probe) {
3965 4078 /*
3966 4079 * If the window has opened, need to arrange
3967 4080 * to send additional data.
3968 4081 */
3969 4082 if (new_swnd != 0) {
3970 4083 /* tcp_suna != tcp_snxt */
3971 4084 /* Packet contains a window update */
3972 4085 TCPS_BUMP_MIB(tcps, tcpInWinUpdate);
3973 4086 tcp->tcp_zero_win_probe = 0;
3974 4087 tcp->tcp_timer_backoff = 0;
3975 4088 tcp->tcp_ms_we_have_waited = 0;
3976 4089
3977 4090 /*
3978 4091 * Transmit starting with tcp_suna since
3979 4092 * the one byte probe is not ack'ed.
3980 4093 * If TCP has sent more than one identical
3981 4094 * probe, tcp_rexmit will be set. That means
3982 4095 * tcp_ss_rexmit() will send out the one
3983 4096 * byte along with new data. Otherwise,
3984 4097 * fake the retransmission.
3985 4098 */
3986 4099 flags |= TH_XMIT_NEEDED;
3987 4100 if (!tcp->tcp_rexmit) {
3988 4101 tcp->tcp_rexmit = B_TRUE;
3989 4102 tcp->tcp_dupack_cnt = 0;
3990 4103 tcp->tcp_rexmit_nxt = tcp->tcp_suna;
3991 4104 tcp->tcp_rexmit_max = tcp->tcp_suna + 1;
3992 4105 }
3993 4106 }
3994 4107 }
3995 4108 goto swnd_update;
3996 4109 }
3997 4110
3998 4111 /*
3999 4112 * Check for "acceptability" of ACK value per RFC 793, pages 72 - 73.
4000 4113 * If the ACK value acks something that we have not yet sent, it might
4001 4114 * be an old duplicate segment. Send an ACK to re-synchronize the
4002 4115 * other side.
4003 4116 * Note: reset in response to unacceptable ACK in SYN_RECEIVE
4004 4117 * state is handled above, so we can always just drop the segment and
4005 4118 * send an ACK here.
4006 4119 *
4007 4120 * In the case where the peer shrinks the window, we see the new window
4008 4121 * update, but all the data sent previously is queued up by the peer.
4009 4122 * To account for this, in tcp_process_shrunk_swnd(), the sequence
4010 4123 * number, which was already sent, and within window, is recorded.
4011 4124 * tcp_snxt is then updated.
4012 4125 *
4013 4126 * If the window has previously shrunk, and an ACK for data not yet
4014 4127 * sent, according to tcp_snxt is recieved, it may still be valid. If
4015 4128 * the ACK is for data within the window at the time the window was
4016 4129 * shrunk, then the ACK is acceptable. In this case tcp_snxt is set to
4017 4130 * the sequence number ACK'ed.
4018 4131 *
4019 4132 * If the ACK covers all the data sent at the time the window was
4020 4133 * shrunk, we can now set tcp_is_wnd_shrnk to B_FALSE.
4021 4134 *
4022 4135 * Should we send ACKs in response to ACK only segments?
4023 4136 */
4024 4137
4025 4138 if (SEQ_GT(seg_ack, tcp->tcp_snxt)) {
4026 4139 if ((tcp->tcp_is_wnd_shrnk) &&
4027 4140 (SEQ_LEQ(seg_ack, tcp->tcp_snxt_shrunk))) {
4028 4141 uint32_t data_acked_ahead_snxt;
4029 4142
4030 4143 data_acked_ahead_snxt = seg_ack - tcp->tcp_snxt;
4031 4144 tcp_update_xmit_tail(tcp, seg_ack);
4032 4145 tcp->tcp_unsent -= data_acked_ahead_snxt;
4033 4146 } else {
4034 4147 TCPS_BUMP_MIB(tcps, tcpInAckUnsent);
4035 4148 /* drop the received segment */
4036 4149 freemsg(mp);
4037 4150
4038 4151 /*
4039 4152 * Send back an ACK. If tcp_drop_ack_unsent_cnt is
4040 4153 * greater than 0, check if the number of such
4041 4154 * bogus ACks is greater than that count. If yes,
4042 4155 * don't send back any ACK. This prevents TCP from
4043 4156 * getting into an ACK storm if somehow an attacker
4044 4157 * successfully spoofs an acceptable segment to our
4045 4158 * peer. If this continues (count > 2 X threshold),
4046 4159 * we should abort this connection.
4047 4160 */
4048 4161 if (tcp_drop_ack_unsent_cnt > 0 &&
4049 4162 ++tcp->tcp_in_ack_unsent >
4050 4163 tcp_drop_ack_unsent_cnt) {
4051 4164 TCP_STAT(tcps, tcp_in_ack_unsent_drop);
4052 4165 if (tcp->tcp_in_ack_unsent > 2 *
4053 4166 tcp_drop_ack_unsent_cnt) {
4054 4167 (void) tcp_clean_death(tcp, EPROTO);
4055 4168 }
4056 4169 return;
4057 4170 }
4058 4171 mp = tcp_ack_mp(tcp);
4059 4172 if (mp != NULL) {
4060 4173 BUMP_LOCAL(tcp->tcp_obsegs);
4061 4174 TCPS_BUMP_MIB(tcps, tcpOutAck);
4062 4175 tcp_send_data(tcp, mp);
4063 4176 }
4064 4177 return;
4065 4178 }
4066 4179 } else if (tcp->tcp_is_wnd_shrnk && SEQ_GEQ(seg_ack,
4067 4180 tcp->tcp_snxt_shrunk)) {
4068 4181 tcp->tcp_is_wnd_shrnk = B_FALSE;
4069 4182 }
4070 4183
4071 4184 /*
4072 4185 * TCP gets a new ACK, update the notsack'ed list to delete those
4073 4186 * blocks that are covered by this ACK.
4074 4187 */
4075 4188 if (tcp->tcp_snd_sack_ok && tcp->tcp_notsack_list != NULL) {
4076 4189 tcp_notsack_remove(&(tcp->tcp_notsack_list), seg_ack,
4077 4190 &(tcp->tcp_num_notsack_blk), &(tcp->tcp_cnt_notsack_list));
4078 4191 }
4079 4192
4080 4193 /*
4081 4194 * If we got an ACK after fast retransmit, check to see
4082 4195 * if it is a partial ACK. If it is not and the congestion
4083 4196 * window was inflated to account for the other side's
4084 4197 * cached packets, retract it. If it is, do Hoe's algorithm.
4085 4198 */
4086 4199 if (tcp->tcp_dupack_cnt >= tcps->tcps_dupack_fast_retransmit) {
4087 4200 ASSERT(tcp->tcp_rexmit == B_FALSE);
4088 4201 if (SEQ_GEQ(seg_ack, tcp->tcp_rexmit_max)) {
4089 4202 tcp->tcp_dupack_cnt = 0;
4090 4203 /*
4091 4204 * Restore the orig tcp_cwnd_ssthresh after
4092 4205 * fast retransmit phase.
4093 4206 */
4094 4207 if (tcp->tcp_cwnd > tcp->tcp_cwnd_ssthresh) {
4095 4208 tcp->tcp_cwnd = tcp->tcp_cwnd_ssthresh;
4096 4209 }
4097 4210 tcp->tcp_rexmit_max = seg_ack;
4098 4211 tcp->tcp_cwnd_cnt = 0;
4099 4212 tcp->tcp_snd_burst = tcp->tcp_localnet ?
4100 4213 TCP_CWND_INFINITE : TCP_CWND_NORMAL;
4101 4214
4102 4215 /*
4103 4216 * Remove all notsack info to avoid confusion with
4104 4217 * the next fast retrasnmit/recovery phase.
4105 4218 */
4106 4219 if (tcp->tcp_snd_sack_ok) {
4107 4220 TCP_NOTSACK_REMOVE_ALL(tcp->tcp_notsack_list,
4108 4221 tcp);
4109 4222 }
4110 4223 } else {
4111 4224 if (tcp->tcp_snd_sack_ok &&
4112 4225 tcp->tcp_notsack_list != NULL) {
4113 4226 flags |= TH_NEED_SACK_REXMIT;
4114 4227 tcp->tcp_pipe -= mss;
4115 4228 if (tcp->tcp_pipe < 0)
4116 4229 tcp->tcp_pipe = 0;
4117 4230 } else {
4118 4231 /*
4119 4232 * Hoe's algorithm:
4120 4233 *
4121 4234 * Retransmit the unack'ed segment and
4122 4235 * restart fast recovery. Note that we
4123 4236 * need to scale back tcp_cwnd to the
4124 4237 * original value when we started fast
4125 4238 * recovery. This is to prevent overly
4126 4239 * aggressive behaviour in sending new
4127 4240 * segments.
4128 4241 */
4129 4242 tcp->tcp_cwnd = tcp->tcp_cwnd_ssthresh +
4130 4243 tcps->tcps_dupack_fast_retransmit * mss;
4131 4244 tcp->tcp_cwnd_cnt = tcp->tcp_cwnd;
4132 4245 flags |= TH_REXMIT_NEEDED;
4133 4246 }
4134 4247 }
4135 4248 } else {
4136 4249 tcp->tcp_dupack_cnt = 0;
4137 4250 if (tcp->tcp_rexmit) {
4138 4251 /*
4139 4252 * TCP is retranmitting. If the ACK ack's all
4140 4253 * outstanding data, update tcp_rexmit_max and
4141 4254 * tcp_rexmit_nxt. Otherwise, update tcp_rexmit_nxt
4142 4255 * to the correct value.
4143 4256 *
4144 4257 * Note that SEQ_LEQ() is used. This is to avoid
4145 4258 * unnecessary fast retransmit caused by dup ACKs
4146 4259 * received when TCP does slow start retransmission
4147 4260 * after a time out. During this phase, TCP may
4148 4261 * send out segments which are already received.
4149 4262 * This causes dup ACKs to be sent back.
4150 4263 */
4151 4264 if (SEQ_LEQ(seg_ack, tcp->tcp_rexmit_max)) {
4152 4265 if (SEQ_GT(seg_ack, tcp->tcp_rexmit_nxt)) {
4153 4266 tcp->tcp_rexmit_nxt = seg_ack;
4154 4267 }
4155 4268 if (seg_ack != tcp->tcp_rexmit_max) {
4156 4269 flags |= TH_XMIT_NEEDED;
4157 4270 }
4158 4271 } else {
4159 4272 tcp->tcp_rexmit = B_FALSE;
4160 4273 tcp->tcp_rexmit_nxt = tcp->tcp_snxt;
4161 4274 tcp->tcp_snd_burst = tcp->tcp_localnet ?
4162 4275 TCP_CWND_INFINITE : TCP_CWND_NORMAL;
4163 4276 }
4164 4277 tcp->tcp_ms_we_have_waited = 0;
4165 4278 }
4166 4279 }
4167 4280
4168 4281 TCPS_BUMP_MIB(tcps, tcpInAckSegs);
4169 4282 TCPS_UPDATE_MIB(tcps, tcpInAckBytes, bytes_acked);
4170 4283 tcp->tcp_suna = seg_ack;
4171 4284 if (tcp->tcp_zero_win_probe != 0) {
4172 4285 tcp->tcp_zero_win_probe = 0;
4173 4286 tcp->tcp_timer_backoff = 0;
4174 4287 }
4175 4288
4176 4289 /*
4177 4290 * If tcp_xmit_head is NULL, then it must be the FIN being ack'ed.
4178 4291 * Note that it cannot be the SYN being ack'ed. The code flow
4179 4292 * will not reach here.
4180 4293 */
4181 4294 if (mp1 == NULL) {
4182 4295 goto fin_acked;
4183 4296 }
4184 4297
4185 4298 /*
4186 4299 * Update the congestion window.
4187 4300 *
4188 4301 * If TCP is not ECN capable or TCP is ECN capable but the
4189 4302 * congestion experience bit is not set, increase the tcp_cwnd as
4190 4303 * usual.
4191 4304 */
4192 4305 if (!tcp->tcp_ecn_ok || !(flags & TH_ECE)) {
4193 4306 cwnd = tcp->tcp_cwnd;
4194 4307 add = mss;
4195 4308
4196 4309 if (cwnd >= tcp->tcp_cwnd_ssthresh) {
4197 4310 /*
4198 4311 * This is to prevent an increase of less than 1 MSS of
4199 4312 * tcp_cwnd. With partial increase, tcp_wput_data()
4200 4313 * may send out tinygrams in order to preserve mblk
4201 4314 * boundaries.
4202 4315 *
4203 4316 * By initializing tcp_cwnd_cnt to new tcp_cwnd and
4204 4317 * decrementing it by 1 MSS for every ACKs, tcp_cwnd is
4205 4318 * increased by 1 MSS for every RTTs.
4206 4319 */
4207 4320 if (tcp->tcp_cwnd_cnt <= 0) {
4208 4321 tcp->tcp_cwnd_cnt = cwnd + add;
4209 4322 } else {
4210 4323 tcp->tcp_cwnd_cnt -= add;
4211 4324 add = 0;
4212 4325 }
4213 4326 }
4214 4327 tcp->tcp_cwnd = MIN(cwnd + add, tcp->tcp_cwnd_max);
4215 4328 }
4216 4329
4217 4330 /* See if the latest urgent data has been acknowledged */
4218 4331 if ((tcp->tcp_valid_bits & TCP_URG_VALID) &&
4219 4332 SEQ_GT(seg_ack, tcp->tcp_urg))
4220 4333 tcp->tcp_valid_bits &= ~TCP_URG_VALID;
4221 4334
4222 4335 /* Can we update the RTT estimates? */
4223 4336 if (tcp->tcp_snd_ts_ok) {
4224 4337 /* Ignore zero timestamp echo-reply. */
4225 4338 if (tcpopt.tcp_opt_ts_ecr != 0) {
4226 4339 tcp_set_rto(tcp, (int32_t)LBOLT_FASTPATH -
4227 4340 (int32_t)tcpopt.tcp_opt_ts_ecr);
4228 4341 }
4229 4342
4230 4343 /* If needed, restart the timer. */
4231 4344 if (tcp->tcp_set_timer == 1) {
4232 4345 TCP_TIMER_RESTART(tcp, tcp->tcp_rto);
4233 4346 tcp->tcp_set_timer = 0;
4234 4347 }
4235 4348 /*
4236 4349 * Update tcp_csuna in case the other side stops sending
4237 4350 * us timestamps.
4238 4351 */
4239 4352 tcp->tcp_csuna = tcp->tcp_snxt;
4240 4353 } else if (SEQ_GT(seg_ack, tcp->tcp_csuna)) {
4241 4354 /*
4242 4355 * An ACK sequence we haven't seen before, so get the RTT
4243 4356 * and update the RTO. But first check if the timestamp is
4244 4357 * valid to use.
4245 4358 */
4246 4359 if ((mp1->b_next != NULL) &&
4247 4360 SEQ_GT(seg_ack, (uint32_t)(uintptr_t)(mp1->b_next)))
4248 4361 tcp_set_rto(tcp, (int32_t)LBOLT_FASTPATH -
4249 4362 (int32_t)(intptr_t)mp1->b_prev);
4250 4363 else
4251 4364 TCPS_BUMP_MIB(tcps, tcpRttNoUpdate);
4252 4365
4253 4366 /* Remeber the last sequence to be ACKed */
4254 4367 tcp->tcp_csuna = seg_ack;
4255 4368 if (tcp->tcp_set_timer == 1) {
4256 4369 TCP_TIMER_RESTART(tcp, tcp->tcp_rto);
4257 4370 tcp->tcp_set_timer = 0;
4258 4371 }
4259 4372 } else {
4260 4373 TCPS_BUMP_MIB(tcps, tcpRttNoUpdate);
4261 4374 }
4262 4375
4263 4376 /* Eat acknowledged bytes off the xmit queue. */
4264 4377 for (;;) {
4265 4378 mblk_t *mp2;
4266 4379 uchar_t *wptr;
4267 4380
4268 4381 wptr = mp1->b_wptr;
4269 4382 ASSERT((uintptr_t)(wptr - mp1->b_rptr) <= (uintptr_t)INT_MAX);
4270 4383 bytes_acked -= (int)(wptr - mp1->b_rptr);
4271 4384 if (bytes_acked < 0) {
4272 4385 mp1->b_rptr = wptr + bytes_acked;
4273 4386 /*
4274 4387 * Set a new timestamp if all the bytes timed by the
4275 4388 * old timestamp have been ack'ed.
4276 4389 */
4277 4390 if (SEQ_GT(seg_ack,
4278 4391 (uint32_t)(uintptr_t)(mp1->b_next))) {
4279 4392 mp1->b_prev =
4280 4393 (mblk_t *)(uintptr_t)LBOLT_FASTPATH;
4281 4394 mp1->b_next = NULL;
4282 4395 }
4283 4396 break;
4284 4397 }
4285 4398 mp1->b_next = NULL;
4286 4399 mp1->b_prev = NULL;
4287 4400 mp2 = mp1;
4288 4401 mp1 = mp1->b_cont;
4289 4402
4290 4403 /*
4291 4404 * This notification is required for some zero-copy
4292 4405 * clients to maintain a copy semantic. After the data
4293 4406 * is ack'ed, client is safe to modify or reuse the buffer.
4294 4407 */
4295 4408 if (tcp->tcp_snd_zcopy_aware &&
4296 4409 (mp2->b_datap->db_struioflag & STRUIO_ZCNOTIFY))
4297 4410 tcp_zcopy_notify(tcp);
4298 4411 freeb(mp2);
4299 4412 if (bytes_acked == 0) {
4300 4413 if (mp1 == NULL) {
4301 4414 /* Everything is ack'ed, clear the tail. */
4302 4415 tcp->tcp_xmit_tail = NULL;
4303 4416 /*
4304 4417 * Cancel the timer unless we are still
4305 4418 * waiting for an ACK for the FIN packet.
4306 4419 */
4307 4420 if (tcp->tcp_timer_tid != 0 &&
4308 4421 tcp->tcp_snxt == tcp->tcp_suna) {
4309 4422 (void) TCP_TIMER_CANCEL(tcp,
4310 4423 tcp->tcp_timer_tid);
4311 4424 tcp->tcp_timer_tid = 0;
4312 4425 }
4313 4426 goto pre_swnd_update;
4314 4427 }
4315 4428 if (mp2 != tcp->tcp_xmit_tail)
4316 4429 break;
4317 4430 tcp->tcp_xmit_tail = mp1;
4318 4431 ASSERT((uintptr_t)(mp1->b_wptr - mp1->b_rptr) <=
4319 4432 (uintptr_t)INT_MAX);
4320 4433 tcp->tcp_xmit_tail_unsent = (int)(mp1->b_wptr -
4321 4434 mp1->b_rptr);
4322 4435 break;
4323 4436 }
4324 4437 if (mp1 == NULL) {
4325 4438 /*
4326 4439 * More was acked but there is nothing more
4327 4440 * outstanding. This means that the FIN was
4328 4441 * just acked or that we're talking to a clown.
4329 4442 */
4330 4443 fin_acked:
4331 4444 ASSERT(tcp->tcp_fin_sent);
4332 4445 tcp->tcp_xmit_tail = NULL;
4333 4446 if (tcp->tcp_fin_sent) {
4334 4447 /* FIN was acked - making progress */
4335 4448 if (!tcp->tcp_fin_acked)
4336 4449 tcp->tcp_ip_forward_progress = B_TRUE;
4337 4450 tcp->tcp_fin_acked = B_TRUE;
4338 4451 if (tcp->tcp_linger_tid != 0 &&
4339 4452 TCP_TIMER_CANCEL(tcp,
4340 4453 tcp->tcp_linger_tid) >= 0) {
4341 4454 tcp_stop_lingering(tcp);
4342 4455 freemsg(mp);
4343 4456 mp = NULL;
4344 4457 }
4345 4458 } else {
4346 4459 /*
4347 4460 * We should never get here because
4348 4461 * we have already checked that the
4349 4462 * number of bytes ack'ed should be
4350 4463 * smaller than or equal to what we
4351 4464 * have sent so far (it is the
4352 4465 * acceptability check of the ACK).
4353 4466 * We can only get here if the send
4354 4467 * queue is corrupted.
4355 4468 *
4356 4469 * Terminate the connection and
4357 4470 * panic the system. It is better
4358 4471 * for us to panic instead of
4359 4472 * continuing to avoid other disaster.
4360 4473 */
4361 4474 tcp_xmit_ctl(NULL, tcp, tcp->tcp_snxt,
4362 4475 tcp->tcp_rnxt, TH_RST|TH_ACK);
4363 4476 panic("Memory corruption "
4364 4477 "detected for connection %s.",
4365 4478 tcp_display(tcp, NULL,
4366 4479 DISP_ADDR_AND_PORT));
4367 4480 /*NOTREACHED*/
4368 4481 }
4369 4482 goto pre_swnd_update;
4370 4483 }
4371 4484 ASSERT(mp2 != tcp->tcp_xmit_tail);
4372 4485 }
4373 4486 if (tcp->tcp_unsent) {
4374 4487 flags |= TH_XMIT_NEEDED;
4375 4488 }
4376 4489 pre_swnd_update:
4377 4490 tcp->tcp_xmit_head = mp1;
4378 4491 swnd_update:
4379 4492 /*
4380 4493 * The following check is different from most other implementations.
4381 4494 * For bi-directional transfer, when segments are dropped, the
4382 4495 * "normal" check will not accept a window update in those
4383 4496 * retransmitted segemnts. Failing to do that, TCP may send out
4384 4497 * segments which are outside receiver's window. As TCP accepts
4385 4498 * the ack in those retransmitted segments, if the window update in
4386 4499 * the same segment is not accepted, TCP will incorrectly calculates
4387 4500 * that it can send more segments. This can create a deadlock
4388 4501 * with the receiver if its window becomes zero.
4389 4502 */
4390 4503 if (SEQ_LT(tcp->tcp_swl2, seg_ack) ||
4391 4504 SEQ_LT(tcp->tcp_swl1, seg_seq) ||
4392 4505 (tcp->tcp_swl1 == seg_seq && new_swnd > tcp->tcp_swnd)) {
4393 4506 /*
4394 4507 * The criteria for update is:
4395 4508 *
4396 4509 * 1. the segment acknowledges some data. Or
4397 4510 * 2. the segment is new, i.e. it has a higher seq num. Or
4398 4511 * 3. the segment is not old and the advertised window is
4399 4512 * larger than the previous advertised window.
4400 4513 */
4401 4514 if (tcp->tcp_unsent && new_swnd > tcp->tcp_swnd)
4402 4515 flags |= TH_XMIT_NEEDED;
4403 4516 tcp->tcp_swnd = new_swnd;
4404 4517 if (new_swnd > tcp->tcp_max_swnd)
4405 4518 tcp->tcp_max_swnd = new_swnd;
4406 4519 tcp->tcp_swl1 = seg_seq;
4407 4520 tcp->tcp_swl2 = seg_ack;
4408 4521 }
4409 4522 est:
4410 4523 if (tcp->tcp_state > TCPS_ESTABLISHED) {
4411 4524
4412 4525 switch (tcp->tcp_state) {
4413 4526 case TCPS_FIN_WAIT_1:
4414 4527 if (tcp->tcp_fin_acked) {
4415 4528 tcp->tcp_state = TCPS_FIN_WAIT_2;
4416 4529 DTRACE_TCP6(state__change, void, NULL,
4417 4530 ip_xmit_attr_t *, connp->conn_ixa,
4418 4531 void, NULL, tcp_t *, tcp, void, NULL,
4419 4532 int32_t, TCPS_FIN_WAIT_1);
4420 4533 /*
4421 4534 * We implement the non-standard BSD/SunOS
4422 4535 * FIN_WAIT_2 flushing algorithm.
4423 4536 * If there is no user attached to this
4424 4537 * TCP endpoint, then this TCP struct
4425 4538 * could hang around forever in FIN_WAIT_2
4426 4539 * state if the peer forgets to send us
4427 4540 * a FIN. To prevent this, we wait only
4428 4541 * 2*MSL (a convenient time value) for
4429 4542 * the FIN to arrive. If it doesn't show up,
4430 4543 * we flush the TCP endpoint. This algorithm,
4431 4544 * though a violation of RFC-793, has worked
4432 4545 * for over 10 years in BSD systems.
4433 4546 * Note: SunOS 4.x waits 675 seconds before
4434 4547 * flushing the FIN_WAIT_2 connection.
4435 4548 */
4436 4549 TCP_TIMER_RESTART(tcp,
4437 4550 tcp->tcp_fin_wait_2_flush_interval);
4438 4551 }
4439 4552 break;
4440 4553 case TCPS_FIN_WAIT_2:
4441 4554 break; /* Shutdown hook? */
4442 4555 case TCPS_LAST_ACK:
4443 4556 freemsg(mp);
4444 4557 if (tcp->tcp_fin_acked) {
4445 4558 (void) tcp_clean_death(tcp, 0);
4446 4559 return;
4447 4560 }
4448 4561 goto xmit_check;
4449 4562 case TCPS_CLOSING:
4450 4563 if (tcp->tcp_fin_acked) {
4451 4564 SET_TIME_WAIT(tcps, tcp, connp);
4452 4565 DTRACE_TCP6(state__change, void, NULL,
4453 4566 ip_xmit_attr_t *, connp->conn_ixa, void,
4454 4567 NULL, tcp_t *, tcp, void, NULL, int32_t,
4455 4568 TCPS_CLOSING);
4456 4569 }
4457 4570 /*FALLTHRU*/
4458 4571 case TCPS_CLOSE_WAIT:
4459 4572 freemsg(mp);
4460 4573 goto xmit_check;
4461 4574 default:
4462 4575 ASSERT(tcp->tcp_state != TCPS_TIME_WAIT);
4463 4576 break;
4464 4577 }
4465 4578 }
4466 4579 if (flags & TH_FIN) {
4467 4580 /* Make sure we ack the fin */
4468 4581 flags |= TH_ACK_NEEDED;
4469 4582 if (!tcp->tcp_fin_rcvd) {
4470 4583 tcp->tcp_fin_rcvd = B_TRUE;
4471 4584 tcp->tcp_rnxt++;
4472 4585 tcpha = tcp->tcp_tcpha;
4473 4586 tcpha->tha_ack = htonl(tcp->tcp_rnxt);
4474 4587
4475 4588 /*
4476 4589 * Generate the ordrel_ind at the end unless the
4477 4590 * conn is detached or it is a STREAMS based eager.
4478 4591 * In the eager case we defer the notification until
4479 4592 * tcp_accept_finish has run.
4480 4593 */
4481 4594 if (!TCP_IS_DETACHED(tcp) && (IPCL_IS_NONSTR(connp) ||
4482 4595 (tcp->tcp_listener == NULL &&
4483 4596 !tcp->tcp_hard_binding)))
4484 4597 flags |= TH_ORDREL_NEEDED;
4485 4598 switch (tcp->tcp_state) {
4486 4599 case TCPS_SYN_RCVD:
4487 4600 tcp->tcp_state = TCPS_CLOSE_WAIT;
4488 4601 DTRACE_TCP6(state__change, void, NULL,
4489 4602 ip_xmit_attr_t *, connp->conn_ixa,
4490 4603 void, NULL, tcp_t *, tcp, void, NULL,
4491 4604 int32_t, TCPS_SYN_RCVD);
4492 4605 /* Keepalive? */
4493 4606 break;
4494 4607 case TCPS_ESTABLISHED:
4495 4608 tcp->tcp_state = TCPS_CLOSE_WAIT;
4496 4609 DTRACE_TCP6(state__change, void, NULL,
4497 4610 ip_xmit_attr_t *, connp->conn_ixa,
4498 4611 void, NULL, tcp_t *, tcp, void, NULL,
4499 4612 int32_t, TCPS_ESTABLISHED);
4500 4613 /* Keepalive? */
4501 4614 break;
4502 4615 case TCPS_FIN_WAIT_1:
4503 4616 if (!tcp->tcp_fin_acked) {
4504 4617 tcp->tcp_state = TCPS_CLOSING;
4505 4618 DTRACE_TCP6(state__change, void, NULL,
4506 4619 ip_xmit_attr_t *, connp->conn_ixa,
4507 4620 void, NULL, tcp_t *, tcp, void,
4508 4621 NULL, int32_t, TCPS_FIN_WAIT_1);
4509 4622 break;
4510 4623 }
4511 4624 /* FALLTHRU */
4512 4625 case TCPS_FIN_WAIT_2:
4513 4626 SET_TIME_WAIT(tcps, tcp, connp);
4514 4627 DTRACE_TCP6(state__change, void, NULL,
4515 4628 ip_xmit_attr_t *, connp->conn_ixa, void,
4516 4629 NULL, tcp_t *, tcp, void, NULL, int32_t,
4517 4630 TCPS_FIN_WAIT_2);
4518 4631 if (seg_len) {
4519 4632 /*
4520 4633 * implies data piggybacked on FIN.
4521 4634 * break to handle data.
4522 4635 */
4523 4636 break;
4524 4637 }
4525 4638 freemsg(mp);
4526 4639 goto ack_check;
4527 4640 }
4528 4641 }
4529 4642 }
4530 4643 if (mp == NULL)
4531 4644 goto xmit_check;
4532 4645 if (seg_len == 0) {
4533 4646 freemsg(mp);
4534 4647 goto xmit_check;
4535 4648 }
4536 4649 if (mp->b_rptr == mp->b_wptr) {
4537 4650 /*
4538 4651 * The header has been consumed, so we remove the
4539 4652 * zero-length mblk here.
4540 4653 */
4541 4654 mp1 = mp;
4542 4655 mp = mp->b_cont;
4543 4656 freeb(mp1);
4544 4657 }
4545 4658 update_ack:
4546 4659 tcpha = tcp->tcp_tcpha;
4547 4660 tcp->tcp_rack_cnt++;
4548 4661 {
4549 4662 uint32_t cur_max;
4550 4663
4551 4664 cur_max = tcp->tcp_rack_cur_max;
4552 4665 if (tcp->tcp_rack_cnt >= cur_max) {
4553 4666 /*
4554 4667 * We have more unacked data than we should - send
4555 4668 * an ACK now.
4556 4669 */
4557 4670 flags |= TH_ACK_NEEDED;
4558 4671 cur_max++;
4559 4672 if (cur_max > tcp->tcp_rack_abs_max)
4560 4673 tcp->tcp_rack_cur_max = tcp->tcp_rack_abs_max;
4561 4674 else
4562 4675 tcp->tcp_rack_cur_max = cur_max;
4563 4676 } else if (TCP_IS_DETACHED(tcp)) {
4564 4677 /* We don't have an ACK timer for detached TCP. */
4565 4678 flags |= TH_ACK_NEEDED;
4566 4679 } else if (seg_len < mss) {
4567 4680 /*
4568 4681 * If we get a segment that is less than an mss, and we
4569 4682 * already have unacknowledged data, and the amount
4570 4683 * unacknowledged is not a multiple of mss, then we
4571 4684 * better generate an ACK now. Otherwise, this may be
4572 4685 * the tail piece of a transaction, and we would rather
4573 4686 * wait for the response.
4574 4687 */
4575 4688 uint32_t udif;
4576 4689 ASSERT((uintptr_t)(tcp->tcp_rnxt - tcp->tcp_rack) <=
4577 4690 (uintptr_t)INT_MAX);
4578 4691 udif = (int)(tcp->tcp_rnxt - tcp->tcp_rack);
4579 4692 if (udif && (udif % mss))
4580 4693 flags |= TH_ACK_NEEDED;
4581 4694 else
4582 4695 flags |= TH_ACK_TIMER_NEEDED;
4583 4696 } else {
4584 4697 /* Start delayed ack timer */
4585 4698 flags |= TH_ACK_TIMER_NEEDED;
4586 4699 }
4587 4700 }
4588 4701 tcp->tcp_rnxt += seg_len;
4589 4702 tcpha->tha_ack = htonl(tcp->tcp_rnxt);
4590 4703
4591 4704 if (mp == NULL)
4592 4705 goto xmit_check;
4593 4706
4594 4707 /* Update SACK list */
4595 4708 if (tcp->tcp_snd_sack_ok && tcp->tcp_num_sack_blk > 0) {
4596 4709 tcp_sack_remove(tcp->tcp_sack_list, tcp->tcp_rnxt,
4597 4710 &(tcp->tcp_num_sack_blk));
4598 4711 }
4599 4712
4600 4713 if (tcp->tcp_urp_mp) {
4601 4714 tcp->tcp_urp_mp->b_cont = mp;
4602 4715 mp = tcp->tcp_urp_mp;
4603 4716 tcp->tcp_urp_mp = NULL;
4604 4717 /* Ready for a new signal. */
4605 4718 tcp->tcp_urp_last_valid = B_FALSE;
4606 4719 #ifdef DEBUG
4607 4720 (void) strlog(TCP_MOD_ID, 0, 1, SL_TRACE,
4608 4721 "tcp_rput: sending exdata_ind %s",
4609 4722 tcp_display(tcp, NULL, DISP_PORT_ONLY));
4610 4723 #endif /* DEBUG */
4611 4724 }
4612 4725
4613 4726 /*
4614 4727 * Check for ancillary data changes compared to last segment.
4615 4728 */
4616 4729 if (connp->conn_recv_ancillary.crb_all != 0) {
4617 4730 mp = tcp_input_add_ancillary(tcp, mp, &ipp, ira);
4618 4731 if (mp == NULL)
|
↓ open down ↓ |
1158 lines elided |
↑ open up ↑ |
4619 4732 return;
4620 4733 }
4621 4734
4622 4735 if (IPCL_IS_NONSTR(connp)) {
4623 4736 /*
4624 4737 * Non-STREAMS socket
4625 4738 */
4626 4739 boolean_t push = flags & (TH_PUSH|TH_FIN);
4627 4740 int error;
4628 4741
4629 - if ((*connp->conn_upcalls->su_recv)(
4630 - connp->conn_upper_handle,
4742 + if ((*sockupcalls->su_recv)(connp->conn_upper_handle,
4631 4743 mp, seg_len, 0, &error, &push) <= 0) {
4632 4744 /*
4633 4745 * We should never be in middle of a
4634 4746 * fallback, the squeue guarantees that.
4635 4747 */
4636 4748 ASSERT(error != EOPNOTSUPP);
4637 4749 if (error == ENOSPC)
4638 4750 tcp->tcp_rwnd -= seg_len;
4639 4751 } else if (push) {
4640 4752 /* PUSH bit set and sockfs is not flow controlled */
4641 4753 flags |= tcp_rwnd_reopen(tcp);
4642 4754 }
4643 4755 } else if (tcp->tcp_listener != NULL || tcp->tcp_hard_binding) {
4644 4756 /*
4645 4757 * Side queue inbound data until the accept happens.
4646 4758 * tcp_accept/tcp_rput drains this when the accept happens.
4647 4759 * M_DATA is queued on b_cont. Otherwise (T_OPTDATA_IND or
4648 4760 * T_EXDATA_IND) it is queued on b_next.
4649 4761 * XXX Make urgent data use this. Requires:
4650 4762 * Removing tcp_listener check for TH_URG
4651 4763 * Making M_PCPROTO and MARK messages skip the eager case
4652 4764 */
4653 4765
4654 4766 tcp_rcv_enqueue(tcp, mp, seg_len, ira->ira_cred);
4655 4767 } else {
4656 4768 /* Active STREAMS socket */
4657 4769 if (mp->b_datap->db_type != M_DATA ||
4658 4770 (flags & TH_MARKNEXT_NEEDED)) {
4659 4771 if (tcp->tcp_rcv_list != NULL) {
4660 4772 flags |= tcp_rcv_drain(tcp);
4661 4773 }
4662 4774 ASSERT(tcp->tcp_rcv_list == NULL ||
4663 4775 tcp->tcp_fused_sigurg);
4664 4776
4665 4777 if (flags & TH_MARKNEXT_NEEDED) {
4666 4778 #ifdef DEBUG
4667 4779 (void) strlog(TCP_MOD_ID, 0, 1, SL_TRACE,
4668 4780 "tcp_rput: sending MSGMARKNEXT %s",
4669 4781 tcp_display(tcp, NULL,
4670 4782 DISP_PORT_ONLY));
4671 4783 #endif /* DEBUG */
4672 4784 mp->b_flag |= MSGMARKNEXT;
4673 4785 flags &= ~TH_MARKNEXT_NEEDED;
4674 4786 }
4675 4787
4676 4788 if (is_system_labeled())
4677 4789 tcp_setcred_data(mp, ira);
4678 4790
4679 4791 putnext(connp->conn_rq, mp);
4680 4792 if (!canputnext(connp->conn_rq))
4681 4793 tcp->tcp_rwnd -= seg_len;
4682 4794 } else if ((flags & (TH_PUSH|TH_FIN)) ||
4683 4795 tcp->tcp_rcv_cnt + seg_len >= connp->conn_rcvbuf >> 3) {
4684 4796 if (tcp->tcp_rcv_list != NULL) {
4685 4797 /*
4686 4798 * Enqueue the new segment first and then
4687 4799 * call tcp_rcv_drain() to send all data
4688 4800 * up. The other way to do this is to
4689 4801 * send all queued data up and then call
4690 4802 * putnext() to send the new segment up.
4691 4803 * This way can remove the else part later
4692 4804 * on.
4693 4805 *
4694 4806 * We don't do this to avoid one more call to
4695 4807 * canputnext() as tcp_rcv_drain() needs to
4696 4808 * call canputnext().
4697 4809 */
4698 4810 tcp_rcv_enqueue(tcp, mp, seg_len,
4699 4811 ira->ira_cred);
4700 4812 flags |= tcp_rcv_drain(tcp);
4701 4813 } else {
4702 4814 if (is_system_labeled())
4703 4815 tcp_setcred_data(mp, ira);
4704 4816
4705 4817 putnext(connp->conn_rq, mp);
4706 4818 if (!canputnext(connp->conn_rq))
4707 4819 tcp->tcp_rwnd -= seg_len;
4708 4820 }
4709 4821 } else {
4710 4822 /*
4711 4823 * Enqueue all packets when processing an mblk
4712 4824 * from the co queue and also enqueue normal packets.
4713 4825 */
4714 4826 tcp_rcv_enqueue(tcp, mp, seg_len, ira->ira_cred);
4715 4827 }
4716 4828 /*
4717 4829 * Make sure the timer is running if we have data waiting
4718 4830 * for a push bit. This provides resiliency against
4719 4831 * implementations that do not correctly generate push bits.
4720 4832 */
4721 4833 if (tcp->tcp_rcv_list != NULL && tcp->tcp_push_tid == 0) {
4722 4834 /*
4723 4835 * The connection may be closed at this point, so don't
4724 4836 * do anything for a detached tcp.
4725 4837 */
4726 4838 if (!TCP_IS_DETACHED(tcp))
4727 4839 tcp->tcp_push_tid = TCP_TIMER(tcp,
4728 4840 tcp_push_timer,
4729 4841 tcps->tcps_push_timer_interval);
4730 4842 }
4731 4843 }
4732 4844
4733 4845 xmit_check:
4734 4846 /* Is there anything left to do? */
4735 4847 ASSERT(!(flags & TH_MARKNEXT_NEEDED));
4736 4848 if ((flags & (TH_REXMIT_NEEDED|TH_XMIT_NEEDED|TH_ACK_NEEDED|
4737 4849 TH_NEED_SACK_REXMIT|TH_LIMIT_XMIT|TH_ACK_TIMER_NEEDED|
4738 4850 TH_ORDREL_NEEDED|TH_SEND_URP_MARK)) == 0)
4739 4851 goto done;
4740 4852
4741 4853 /* Any transmit work to do and a non-zero window? */
4742 4854 if ((flags & (TH_REXMIT_NEEDED|TH_XMIT_NEEDED|TH_NEED_SACK_REXMIT|
4743 4855 TH_LIMIT_XMIT)) && tcp->tcp_swnd != 0) {
4744 4856 if (flags & TH_REXMIT_NEEDED) {
4745 4857 uint32_t snd_size = tcp->tcp_snxt - tcp->tcp_suna;
4746 4858
4747 4859 TCPS_BUMP_MIB(tcps, tcpOutFastRetrans);
4748 4860 if (snd_size > mss)
4749 4861 snd_size = mss;
4750 4862 if (snd_size > tcp->tcp_swnd)
4751 4863 snd_size = tcp->tcp_swnd;
4752 4864 mp1 = tcp_xmit_mp(tcp, tcp->tcp_xmit_head, snd_size,
4753 4865 NULL, NULL, tcp->tcp_suna, B_TRUE, &snd_size,
4754 4866 B_TRUE);
4755 4867
4756 4868 if (mp1 != NULL) {
4757 4869 tcp->tcp_xmit_head->b_prev =
4758 4870 (mblk_t *)LBOLT_FASTPATH;
4759 4871 tcp->tcp_csuna = tcp->tcp_snxt;
4760 4872 TCPS_BUMP_MIB(tcps, tcpRetransSegs);
4761 4873 TCPS_UPDATE_MIB(tcps, tcpRetransBytes,
4762 4874 snd_size);
4763 4875 tcp_send_data(tcp, mp1);
4764 4876 }
4765 4877 }
4766 4878 if (flags & TH_NEED_SACK_REXMIT) {
4767 4879 tcp_sack_rexmit(tcp, &flags);
4768 4880 }
4769 4881 /*
4770 4882 * For TH_LIMIT_XMIT, tcp_wput_data() is called to send
4771 4883 * out new segment. Note that tcp_rexmit should not be
4772 4884 * set, otherwise TH_LIMIT_XMIT should not be set.
4773 4885 */
4774 4886 if (flags & (TH_XMIT_NEEDED|TH_LIMIT_XMIT)) {
4775 4887 if (!tcp->tcp_rexmit) {
4776 4888 tcp_wput_data(tcp, NULL, B_FALSE);
4777 4889 } else {
4778 4890 tcp_ss_rexmit(tcp);
4779 4891 }
4780 4892 }
4781 4893 /*
4782 4894 * Adjust tcp_cwnd back to normal value after sending
4783 4895 * new data segments.
4784 4896 */
4785 4897 if (flags & TH_LIMIT_XMIT) {
4786 4898 tcp->tcp_cwnd -= mss << (tcp->tcp_dupack_cnt - 1);
4787 4899 /*
4788 4900 * This will restart the timer. Restarting the
4789 4901 * timer is used to avoid a timeout before the
4790 4902 * limited transmitted segment's ACK gets back.
4791 4903 */
4792 4904 if (tcp->tcp_xmit_head != NULL)
4793 4905 tcp->tcp_xmit_head->b_prev =
4794 4906 (mblk_t *)LBOLT_FASTPATH;
4795 4907 }
4796 4908
4797 4909 /* Anything more to do? */
4798 4910 if ((flags & (TH_ACK_NEEDED|TH_ACK_TIMER_NEEDED|
4799 4911 TH_ORDREL_NEEDED|TH_SEND_URP_MARK)) == 0)
4800 4912 goto done;
4801 4913 }
4802 4914 ack_check:
4803 4915 if (flags & TH_SEND_URP_MARK) {
4804 4916 ASSERT(tcp->tcp_urp_mark_mp);
4805 4917 ASSERT(!IPCL_IS_NONSTR(connp));
4806 4918 /*
4807 4919 * Send up any queued data and then send the mark message
4808 4920 */
4809 4921 if (tcp->tcp_rcv_list != NULL) {
4810 4922 flags |= tcp_rcv_drain(tcp);
4811 4923
4812 4924 }
4813 4925 ASSERT(tcp->tcp_rcv_list == NULL || tcp->tcp_fused_sigurg);
4814 4926 mp1 = tcp->tcp_urp_mark_mp;
4815 4927 tcp->tcp_urp_mark_mp = NULL;
4816 4928 if (is_system_labeled())
4817 4929 tcp_setcred_data(mp1, ira);
4818 4930
4819 4931 putnext(connp->conn_rq, mp1);
4820 4932 #ifdef DEBUG
4821 4933 (void) strlog(TCP_MOD_ID, 0, 1, SL_TRACE,
4822 4934 "tcp_rput: sending zero-length %s %s",
4823 4935 ((mp1->b_flag & MSGMARKNEXT) ? "MSGMARKNEXT" :
4824 4936 "MSGNOTMARKNEXT"),
4825 4937 tcp_display(tcp, NULL, DISP_PORT_ONLY));
4826 4938 #endif /* DEBUG */
4827 4939 flags &= ~TH_SEND_URP_MARK;
4828 4940 }
4829 4941 if (flags & TH_ACK_NEEDED) {
4830 4942 /*
4831 4943 * Time to send an ack for some reason.
4832 4944 */
4833 4945 mp1 = tcp_ack_mp(tcp);
4834 4946
4835 4947 if (mp1 != NULL) {
4836 4948 tcp_send_data(tcp, mp1);
4837 4949 BUMP_LOCAL(tcp->tcp_obsegs);
4838 4950 TCPS_BUMP_MIB(tcps, tcpOutAck);
4839 4951 }
4840 4952 if (tcp->tcp_ack_tid != 0) {
4841 4953 (void) TCP_TIMER_CANCEL(tcp, tcp->tcp_ack_tid);
4842 4954 tcp->tcp_ack_tid = 0;
4843 4955 }
4844 4956 }
4845 4957 if (flags & TH_ACK_TIMER_NEEDED) {
4846 4958 /*
4847 4959 * Arrange for deferred ACK or push wait timeout.
4848 4960 * Start timer if it is not already running.
4849 4961 */
4850 4962 if (tcp->tcp_ack_tid == 0) {
4851 4963 tcp->tcp_ack_tid = TCP_TIMER(tcp, tcp_ack_timer,
4852 4964 tcp->tcp_localnet ?
4853 4965 tcps->tcps_local_dack_interval :
4854 4966 tcps->tcps_deferred_ack_interval);
4855 4967 }
4856 4968 }
4857 4969 if (flags & TH_ORDREL_NEEDED) {
4858 4970 /*
4859 4971 * Notify upper layer about an orderly release. If this is
4860 4972 * a non-STREAMS socket, then just make an upcall. For STREAMS
4861 4973 * we send up an ordrel_ind, unless this is an eager, in which
|
↓ open down ↓ |
221 lines elided |
↑ open up ↑ |
4862 4974 * case the ordrel will be sent when tcp_accept_finish runs.
4863 4975 * Note that for non-STREAMS we make an upcall even if it is an
4864 4976 * eager, because we have an upper handle to send it to.
4865 4977 */
4866 4978 ASSERT(IPCL_IS_NONSTR(connp) || tcp->tcp_listener == NULL);
4867 4979 ASSERT(!tcp->tcp_detached);
4868 4980
4869 4981 if (IPCL_IS_NONSTR(connp)) {
4870 4982 ASSERT(tcp->tcp_ordrel_mp == NULL);
4871 4983 tcp->tcp_ordrel_done = B_TRUE;
4872 - (*connp->conn_upcalls->su_opctl)
4873 - (connp->conn_upper_handle, SOCK_OPCTL_SHUT_RECV, 0);
4984 + (*sockupcalls->su_opctl)(connp->conn_upper_handle,
4985 + SOCK_OPCTL_SHUT_RECV, 0);
4874 4986 goto done;
4875 4987 }
4876 4988
4877 4989 if (tcp->tcp_rcv_list != NULL) {
4878 4990 /*
4879 4991 * Push any mblk(s) enqueued from co processing.
4880 4992 */
4881 4993 flags |= tcp_rcv_drain(tcp);
4882 4994 }
4883 4995 ASSERT(tcp->tcp_rcv_list == NULL || tcp->tcp_fused_sigurg);
4884 4996
4885 4997 mp1 = tcp->tcp_ordrel_mp;
4886 4998 tcp->tcp_ordrel_mp = NULL;
4887 4999 tcp->tcp_ordrel_done = B_TRUE;
4888 5000 putnext(connp->conn_rq, mp1);
4889 5001 }
4890 5002 done:
4891 5003 ASSERT(!(flags & TH_MARKNEXT_NEEDED));
4892 5004 }
4893 5005
4894 5006 /*
4895 5007 * Attach ancillary data to a received TCP segments for the
4896 5008 * ancillary pieces requested by the application that are
4897 5009 * different than they were in the previous data segment.
4898 5010 *
4899 5011 * Save the "current" values once memory allocation is ok so that
4900 5012 * when memory allocation fails we can just wait for the next data segment.
4901 5013 */
4902 5014 static mblk_t *
4903 5015 tcp_input_add_ancillary(tcp_t *tcp, mblk_t *mp, ip_pkt_t *ipp,
4904 5016 ip_recv_attr_t *ira)
4905 5017 {
4906 5018 struct T_optdata_ind *todi;
4907 5019 int optlen;
4908 5020 uchar_t *optptr;
4909 5021 struct T_opthdr *toh;
4910 5022 crb_t addflag; /* Which pieces to add */
4911 5023 mblk_t *mp1;
4912 5024 conn_t *connp = tcp->tcp_connp;
4913 5025
4914 5026 optlen = 0;
4915 5027 addflag.crb_all = 0;
4916 5028 /* If app asked for pktinfo and the index has changed ... */
4917 5029 if (connp->conn_recv_ancillary.crb_ip_recvpktinfo &&
4918 5030 ira->ira_ruifindex != tcp->tcp_recvifindex) {
4919 5031 optlen += sizeof (struct T_opthdr) +
4920 5032 sizeof (struct in6_pktinfo);
4921 5033 addflag.crb_ip_recvpktinfo = 1;
4922 5034 }
4923 5035 /* If app asked for hoplimit and it has changed ... */
4924 5036 if (connp->conn_recv_ancillary.crb_ipv6_recvhoplimit &&
4925 5037 ipp->ipp_hoplimit != tcp->tcp_recvhops) {
4926 5038 optlen += sizeof (struct T_opthdr) + sizeof (uint_t);
4927 5039 addflag.crb_ipv6_recvhoplimit = 1;
4928 5040 }
4929 5041 /* If app asked for tclass and it has changed ... */
4930 5042 if (connp->conn_recv_ancillary.crb_ipv6_recvtclass &&
4931 5043 ipp->ipp_tclass != tcp->tcp_recvtclass) {
4932 5044 optlen += sizeof (struct T_opthdr) + sizeof (uint_t);
4933 5045 addflag.crb_ipv6_recvtclass = 1;
4934 5046 }
4935 5047 /*
4936 5048 * If app asked for hopbyhop headers and it has changed ...
4937 5049 * For security labels, note that (1) security labels can't change on
4938 5050 * a connected socket at all, (2) we're connected to at most one peer,
4939 5051 * (3) if anything changes, then it must be some other extra option.
4940 5052 */
4941 5053 if (connp->conn_recv_ancillary.crb_ipv6_recvhopopts &&
4942 5054 ip_cmpbuf(tcp->tcp_hopopts, tcp->tcp_hopoptslen,
4943 5055 (ipp->ipp_fields & IPPF_HOPOPTS),
4944 5056 ipp->ipp_hopopts, ipp->ipp_hopoptslen)) {
4945 5057 optlen += sizeof (struct T_opthdr) + ipp->ipp_hopoptslen;
4946 5058 addflag.crb_ipv6_recvhopopts = 1;
4947 5059 if (!ip_allocbuf((void **)&tcp->tcp_hopopts,
4948 5060 &tcp->tcp_hopoptslen, (ipp->ipp_fields & IPPF_HOPOPTS),
4949 5061 ipp->ipp_hopopts, ipp->ipp_hopoptslen))
4950 5062 return (mp);
4951 5063 }
4952 5064 /* If app asked for dst headers before routing headers ... */
4953 5065 if (connp->conn_recv_ancillary.crb_ipv6_recvrthdrdstopts &&
4954 5066 ip_cmpbuf(tcp->tcp_rthdrdstopts, tcp->tcp_rthdrdstoptslen,
4955 5067 (ipp->ipp_fields & IPPF_RTHDRDSTOPTS),
4956 5068 ipp->ipp_rthdrdstopts, ipp->ipp_rthdrdstoptslen)) {
4957 5069 optlen += sizeof (struct T_opthdr) +
4958 5070 ipp->ipp_rthdrdstoptslen;
4959 5071 addflag.crb_ipv6_recvrthdrdstopts = 1;
4960 5072 if (!ip_allocbuf((void **)&tcp->tcp_rthdrdstopts,
4961 5073 &tcp->tcp_rthdrdstoptslen,
4962 5074 (ipp->ipp_fields & IPPF_RTHDRDSTOPTS),
4963 5075 ipp->ipp_rthdrdstopts, ipp->ipp_rthdrdstoptslen))
4964 5076 return (mp);
4965 5077 }
4966 5078 /* If app asked for routing headers and it has changed ... */
4967 5079 if (connp->conn_recv_ancillary.crb_ipv6_recvrthdr &&
4968 5080 ip_cmpbuf(tcp->tcp_rthdr, tcp->tcp_rthdrlen,
4969 5081 (ipp->ipp_fields & IPPF_RTHDR),
4970 5082 ipp->ipp_rthdr, ipp->ipp_rthdrlen)) {
4971 5083 optlen += sizeof (struct T_opthdr) + ipp->ipp_rthdrlen;
4972 5084 addflag.crb_ipv6_recvrthdr = 1;
4973 5085 if (!ip_allocbuf((void **)&tcp->tcp_rthdr,
4974 5086 &tcp->tcp_rthdrlen, (ipp->ipp_fields & IPPF_RTHDR),
4975 5087 ipp->ipp_rthdr, ipp->ipp_rthdrlen))
4976 5088 return (mp);
4977 5089 }
4978 5090 /* If app asked for dest headers and it has changed ... */
4979 5091 if ((connp->conn_recv_ancillary.crb_ipv6_recvdstopts ||
4980 5092 connp->conn_recv_ancillary.crb_old_ipv6_recvdstopts) &&
4981 5093 ip_cmpbuf(tcp->tcp_dstopts, tcp->tcp_dstoptslen,
4982 5094 (ipp->ipp_fields & IPPF_DSTOPTS),
4983 5095 ipp->ipp_dstopts, ipp->ipp_dstoptslen)) {
4984 5096 optlen += sizeof (struct T_opthdr) + ipp->ipp_dstoptslen;
4985 5097 addflag.crb_ipv6_recvdstopts = 1;
4986 5098 if (!ip_allocbuf((void **)&tcp->tcp_dstopts,
4987 5099 &tcp->tcp_dstoptslen, (ipp->ipp_fields & IPPF_DSTOPTS),
4988 5100 ipp->ipp_dstopts, ipp->ipp_dstoptslen))
4989 5101 return (mp);
4990 5102 }
4991 5103
4992 5104 if (optlen == 0) {
4993 5105 /* Nothing to add */
4994 5106 return (mp);
4995 5107 }
4996 5108 mp1 = allocb(sizeof (struct T_optdata_ind) + optlen, BPRI_MED);
4997 5109 if (mp1 == NULL) {
4998 5110 /*
4999 5111 * Defer sending ancillary data until the next TCP segment
5000 5112 * arrives.
5001 5113 */
5002 5114 return (mp);
5003 5115 }
5004 5116 mp1->b_cont = mp;
5005 5117 mp = mp1;
5006 5118 mp->b_wptr += sizeof (*todi) + optlen;
5007 5119 mp->b_datap->db_type = M_PROTO;
5008 5120 todi = (struct T_optdata_ind *)mp->b_rptr;
5009 5121 todi->PRIM_type = T_OPTDATA_IND;
5010 5122 todi->DATA_flag = 1; /* MORE data */
5011 5123 todi->OPT_length = optlen;
5012 5124 todi->OPT_offset = sizeof (*todi);
5013 5125 optptr = (uchar_t *)&todi[1];
5014 5126 /*
5015 5127 * If app asked for pktinfo and the index has changed ...
5016 5128 * Note that the local address never changes for the connection.
5017 5129 */
5018 5130 if (addflag.crb_ip_recvpktinfo) {
5019 5131 struct in6_pktinfo *pkti;
5020 5132 uint_t ifindex;
5021 5133
5022 5134 ifindex = ira->ira_ruifindex;
5023 5135 toh = (struct T_opthdr *)optptr;
5024 5136 toh->level = IPPROTO_IPV6;
5025 5137 toh->name = IPV6_PKTINFO;
5026 5138 toh->len = sizeof (*toh) + sizeof (*pkti);
5027 5139 toh->status = 0;
5028 5140 optptr += sizeof (*toh);
5029 5141 pkti = (struct in6_pktinfo *)optptr;
5030 5142 pkti->ipi6_addr = connp->conn_laddr_v6;
5031 5143 pkti->ipi6_ifindex = ifindex;
5032 5144 optptr += sizeof (*pkti);
5033 5145 ASSERT(OK_32PTR(optptr));
5034 5146 /* Save as "last" value */
5035 5147 tcp->tcp_recvifindex = ifindex;
5036 5148 }
5037 5149 /* If app asked for hoplimit and it has changed ... */
5038 5150 if (addflag.crb_ipv6_recvhoplimit) {
5039 5151 toh = (struct T_opthdr *)optptr;
5040 5152 toh->level = IPPROTO_IPV6;
5041 5153 toh->name = IPV6_HOPLIMIT;
5042 5154 toh->len = sizeof (*toh) + sizeof (uint_t);
5043 5155 toh->status = 0;
5044 5156 optptr += sizeof (*toh);
5045 5157 *(uint_t *)optptr = ipp->ipp_hoplimit;
5046 5158 optptr += sizeof (uint_t);
5047 5159 ASSERT(OK_32PTR(optptr));
5048 5160 /* Save as "last" value */
5049 5161 tcp->tcp_recvhops = ipp->ipp_hoplimit;
5050 5162 }
5051 5163 /* If app asked for tclass and it has changed ... */
5052 5164 if (addflag.crb_ipv6_recvtclass) {
5053 5165 toh = (struct T_opthdr *)optptr;
5054 5166 toh->level = IPPROTO_IPV6;
5055 5167 toh->name = IPV6_TCLASS;
5056 5168 toh->len = sizeof (*toh) + sizeof (uint_t);
5057 5169 toh->status = 0;
5058 5170 optptr += sizeof (*toh);
5059 5171 *(uint_t *)optptr = ipp->ipp_tclass;
5060 5172 optptr += sizeof (uint_t);
5061 5173 ASSERT(OK_32PTR(optptr));
5062 5174 /* Save as "last" value */
5063 5175 tcp->tcp_recvtclass = ipp->ipp_tclass;
5064 5176 }
5065 5177 if (addflag.crb_ipv6_recvhopopts) {
5066 5178 toh = (struct T_opthdr *)optptr;
5067 5179 toh->level = IPPROTO_IPV6;
5068 5180 toh->name = IPV6_HOPOPTS;
5069 5181 toh->len = sizeof (*toh) + ipp->ipp_hopoptslen;
5070 5182 toh->status = 0;
5071 5183 optptr += sizeof (*toh);
5072 5184 bcopy((uchar_t *)ipp->ipp_hopopts, optptr, ipp->ipp_hopoptslen);
5073 5185 optptr += ipp->ipp_hopoptslen;
5074 5186 ASSERT(OK_32PTR(optptr));
5075 5187 /* Save as last value */
5076 5188 ip_savebuf((void **)&tcp->tcp_hopopts, &tcp->tcp_hopoptslen,
5077 5189 (ipp->ipp_fields & IPPF_HOPOPTS),
5078 5190 ipp->ipp_hopopts, ipp->ipp_hopoptslen);
5079 5191 }
5080 5192 if (addflag.crb_ipv6_recvrthdrdstopts) {
5081 5193 toh = (struct T_opthdr *)optptr;
5082 5194 toh->level = IPPROTO_IPV6;
5083 5195 toh->name = IPV6_RTHDRDSTOPTS;
5084 5196 toh->len = sizeof (*toh) + ipp->ipp_rthdrdstoptslen;
5085 5197 toh->status = 0;
5086 5198 optptr += sizeof (*toh);
5087 5199 bcopy(ipp->ipp_rthdrdstopts, optptr, ipp->ipp_rthdrdstoptslen);
5088 5200 optptr += ipp->ipp_rthdrdstoptslen;
5089 5201 ASSERT(OK_32PTR(optptr));
5090 5202 /* Save as last value */
5091 5203 ip_savebuf((void **)&tcp->tcp_rthdrdstopts,
5092 5204 &tcp->tcp_rthdrdstoptslen,
5093 5205 (ipp->ipp_fields & IPPF_RTHDRDSTOPTS),
5094 5206 ipp->ipp_rthdrdstopts, ipp->ipp_rthdrdstoptslen);
5095 5207 }
5096 5208 if (addflag.crb_ipv6_recvrthdr) {
5097 5209 toh = (struct T_opthdr *)optptr;
5098 5210 toh->level = IPPROTO_IPV6;
5099 5211 toh->name = IPV6_RTHDR;
5100 5212 toh->len = sizeof (*toh) + ipp->ipp_rthdrlen;
5101 5213 toh->status = 0;
5102 5214 optptr += sizeof (*toh);
5103 5215 bcopy(ipp->ipp_rthdr, optptr, ipp->ipp_rthdrlen);
5104 5216 optptr += ipp->ipp_rthdrlen;
5105 5217 ASSERT(OK_32PTR(optptr));
5106 5218 /* Save as last value */
5107 5219 ip_savebuf((void **)&tcp->tcp_rthdr, &tcp->tcp_rthdrlen,
5108 5220 (ipp->ipp_fields & IPPF_RTHDR),
5109 5221 ipp->ipp_rthdr, ipp->ipp_rthdrlen);
5110 5222 }
5111 5223 if (addflag.crb_ipv6_recvdstopts) {
5112 5224 toh = (struct T_opthdr *)optptr;
5113 5225 toh->level = IPPROTO_IPV6;
5114 5226 toh->name = IPV6_DSTOPTS;
5115 5227 toh->len = sizeof (*toh) + ipp->ipp_dstoptslen;
5116 5228 toh->status = 0;
5117 5229 optptr += sizeof (*toh);
5118 5230 bcopy(ipp->ipp_dstopts, optptr, ipp->ipp_dstoptslen);
5119 5231 optptr += ipp->ipp_dstoptslen;
5120 5232 ASSERT(OK_32PTR(optptr));
5121 5233 /* Save as last value */
5122 5234 ip_savebuf((void **)&tcp->tcp_dstopts, &tcp->tcp_dstoptslen,
5123 5235 (ipp->ipp_fields & IPPF_DSTOPTS),
5124 5236 ipp->ipp_dstopts, ipp->ipp_dstoptslen);
5125 5237 }
5126 5238 ASSERT(optptr == mp->b_wptr);
5127 5239 return (mp);
5128 5240 }
5129 5241
5130 5242 /* The minimum of smoothed mean deviation in RTO calculation. */
5131 5243 #define TCP_SD_MIN 400
5132 5244
5133 5245 /*
5134 5246 * Set RTO for this connection. The formula is from Jacobson and Karels'
5135 5247 * "Congestion Avoidance and Control" in SIGCOMM '88. The variable names
5136 5248 * are the same as those in Appendix A.2 of that paper.
5137 5249 *
5138 5250 * m = new measurement
5139 5251 * sa = smoothed RTT average (8 * average estimates).
5140 5252 * sv = smoothed mean deviation (mdev) of RTT (4 * deviation estimates).
5141 5253 */
5142 5254 static void
5143 5255 tcp_set_rto(tcp_t *tcp, clock_t rtt)
5144 5256 {
5145 5257 long m = TICK_TO_MSEC(rtt);
5146 5258 clock_t sa = tcp->tcp_rtt_sa;
5147 5259 clock_t sv = tcp->tcp_rtt_sd;
5148 5260 clock_t rto;
5149 5261 tcp_stack_t *tcps = tcp->tcp_tcps;
5150 5262
5151 5263 TCPS_BUMP_MIB(tcps, tcpRttUpdate);
5152 5264 tcp->tcp_rtt_update++;
5153 5265
5154 5266 /* tcp_rtt_sa is not 0 means this is a new sample. */
5155 5267 if (sa != 0) {
5156 5268 /*
5157 5269 * Update average estimator:
5158 5270 * new rtt = 7/8 old rtt + 1/8 Error
5159 5271 */
5160 5272
5161 5273 /* m is now Error in estimate. */
5162 5274 m -= sa >> 3;
5163 5275 if ((sa += m) <= 0) {
5164 5276 /*
5165 5277 * Don't allow the smoothed average to be negative.
5166 5278 * We use 0 to denote reinitialization of the
5167 5279 * variables.
5168 5280 */
5169 5281 sa = 1;
5170 5282 }
5171 5283
5172 5284 /*
5173 5285 * Update deviation estimator:
5174 5286 * new mdev = 3/4 old mdev + 1/4 (abs(Error) - old mdev)
5175 5287 */
5176 5288 if (m < 0)
5177 5289 m = -m;
5178 5290 m -= sv >> 2;
5179 5291 sv += m;
5180 5292 } else {
5181 5293 /*
5182 5294 * This follows BSD's implementation. So the reinitialized
5183 5295 * RTO is 3 * m. We cannot go less than 2 because if the
5184 5296 * link is bandwidth dominated, doubling the window size
5185 5297 * during slow start means doubling the RTT. We want to be
5186 5298 * more conservative when we reinitialize our estimates. 3
5187 5299 * is just a convenient number.
5188 5300 */
5189 5301 sa = m << 3;
5190 5302 sv = m << 1;
5191 5303 }
5192 5304 if (sv < TCP_SD_MIN) {
5193 5305 /*
5194 5306 * We do not know that if sa captures the delay ACK
5195 5307 * effect as in a long train of segments, a receiver
5196 5308 * does not delay its ACKs. So set the minimum of sv
5197 5309 * to be TCP_SD_MIN, which is default to 400 ms, twice
5198 5310 * of BSD DATO. That means the minimum of mean
5199 5311 * deviation is 100 ms.
5200 5312 *
5201 5313 */
5202 5314 sv = TCP_SD_MIN;
5203 5315 }
5204 5316 tcp->tcp_rtt_sa = sa;
5205 5317 tcp->tcp_rtt_sd = sv;
5206 5318 /*
5207 5319 * RTO = average estimates (sa / 8) + 4 * deviation estimates (sv)
5208 5320 *
5209 5321 * Add tcp_rexmit_interval extra in case of extreme environment
5210 5322 * where the algorithm fails to work. The default value of
5211 5323 * tcp_rexmit_interval_extra should be 0.
5212 5324 *
5213 5325 * As we use a finer grained clock than BSD and update
5214 5326 * RTO for every ACKs, add in another .25 of RTT to the
5215 5327 * deviation of RTO to accomodate burstiness of 1/4 of
5216 5328 * window size.
5217 5329 */
5218 5330 rto = (sa >> 3) + sv + tcps->tcps_rexmit_interval_extra + (sa >> 5);
5219 5331
5220 5332 TCP_SET_RTO(tcp, rto);
5221 5333
5222 5334 /* Now, we can reset tcp_timer_backoff to use the new RTO... */
5223 5335 tcp->tcp_timer_backoff = 0;
5224 5336 }
5225 5337
5226 5338 /*
5227 5339 * On a labeled system we have some protocols above TCP, such as RPC, which
5228 5340 * appear to assume that every mblk in a chain has a db_credp.
5229 5341 */
5230 5342 static void
5231 5343 tcp_setcred_data(mblk_t *mp, ip_recv_attr_t *ira)
5232 5344 {
5233 5345 ASSERT(is_system_labeled());
5234 5346 ASSERT(ira->ira_cred != NULL);
5235 5347
5236 5348 while (mp != NULL) {
5237 5349 mblk_setcred(mp, ira->ira_cred, NOPID);
5238 5350 mp = mp->b_cont;
5239 5351 }
5240 5352 }
5241 5353
5242 5354 uint_t
5243 5355 tcp_rwnd_reopen(tcp_t *tcp)
5244 5356 {
5245 5357 uint_t ret = 0;
5246 5358 uint_t thwin;
5247 5359 conn_t *connp = tcp->tcp_connp;
5248 5360
5249 5361 /* Learn the latest rwnd information that we sent to the other side. */
5250 5362 thwin = ((uint_t)ntohs(tcp->tcp_tcpha->tha_win))
5251 5363 << tcp->tcp_rcv_ws;
5252 5364 /* This is peer's calculated send window (our receive window). */
5253 5365 thwin -= tcp->tcp_rnxt - tcp->tcp_rack;
5254 5366 /*
5255 5367 * Increase the receive window to max. But we need to do receiver
5256 5368 * SWS avoidance. This means that we need to check the increase of
5257 5369 * of receive window is at least 1 MSS.
5258 5370 */
5259 5371 if (connp->conn_rcvbuf - thwin >= tcp->tcp_mss) {
5260 5372 /*
5261 5373 * If the window that the other side knows is less than max
5262 5374 * deferred acks segments, send an update immediately.
5263 5375 */
5264 5376 if (thwin < tcp->tcp_rack_cur_max * tcp->tcp_mss) {
5265 5377 TCPS_BUMP_MIB(tcp->tcp_tcps, tcpOutWinUpdate);
5266 5378 ret = TH_ACK_NEEDED;
5267 5379 }
5268 5380 tcp->tcp_rwnd = connp->conn_rcvbuf;
5269 5381 }
5270 5382 return (ret);
5271 5383 }
5272 5384
5273 5385 /*
5274 5386 * Handle a packet that has been reclassified by TCP.
5275 5387 * This function drops the ref on connp that the caller had.
5276 5388 */
5277 5389 void
5278 5390 tcp_reinput(conn_t *connp, mblk_t *mp, ip_recv_attr_t *ira, ip_stack_t *ipst)
5279 5391 {
5280 5392 ipsec_stack_t *ipss = ipst->ips_netstack->netstack_ipsec;
5281 5393
5282 5394 if (connp->conn_incoming_ifindex != 0 &&
5283 5395 connp->conn_incoming_ifindex != ira->ira_ruifindex) {
5284 5396 freemsg(mp);
5285 5397 CONN_DEC_REF(connp);
5286 5398 return;
5287 5399 }
5288 5400
5289 5401 if (CONN_INBOUND_POLICY_PRESENT_V6(connp, ipss) ||
5290 5402 (ira->ira_flags & IRAF_IPSEC_SECURE)) {
5291 5403 ip6_t *ip6h;
5292 5404 ipha_t *ipha;
5293 5405
5294 5406 if (ira->ira_flags & IRAF_IS_IPV4) {
5295 5407 ipha = (ipha_t *)mp->b_rptr;
5296 5408 ip6h = NULL;
5297 5409 } else {
5298 5410 ipha = NULL;
5299 5411 ip6h = (ip6_t *)mp->b_rptr;
5300 5412 }
5301 5413 mp = ipsec_check_inbound_policy(mp, connp, ipha, ip6h, ira);
5302 5414 if (mp == NULL) {
5303 5415 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsInDiscards);
5304 5416 /* Note that mp is NULL */
5305 5417 ip_drop_input("ipIfStatsInDiscards", mp, NULL);
5306 5418 CONN_DEC_REF(connp);
5307 5419 return;
5308 5420 }
5309 5421 }
5310 5422
5311 5423 if (IPCL_IS_TCP(connp)) {
5312 5424 /*
5313 5425 * do not drain, certain use cases can blow
5314 5426 * the stack
5315 5427 */
5316 5428 SQUEUE_ENTER_ONE(connp->conn_sqp, mp,
5317 5429 connp->conn_recv, connp, ira,
5318 5430 SQ_NODRAIN, SQTAG_IP_TCP_INPUT);
5319 5431 } else {
5320 5432 /* Not TCP; must be SOCK_RAW, IPPROTO_TCP */
5321 5433 (connp->conn_recv)(connp, mp, NULL,
5322 5434 ira);
5323 5435 CONN_DEC_REF(connp);
5324 5436 }
5325 5437
5326 5438 }
5327 5439
5328 5440 /* ARGSUSED */
5329 5441 static void
5330 5442 tcp_rsrv_input(void *arg, mblk_t *mp, void *arg2, ip_recv_attr_t *dummy)
5331 5443 {
5332 5444 conn_t *connp = (conn_t *)arg;
5333 5445 tcp_t *tcp = connp->conn_tcp;
5334 5446 queue_t *q = connp->conn_rq;
5335 5447
5336 5448 ASSERT(!IPCL_IS_NONSTR(connp));
5337 5449 mutex_enter(&tcp->tcp_rsrv_mp_lock);
5338 5450 tcp->tcp_rsrv_mp = mp;
5339 5451 mutex_exit(&tcp->tcp_rsrv_mp_lock);
5340 5452
5341 5453 if (TCP_IS_DETACHED(tcp) || q == NULL) {
5342 5454 return;
5343 5455 }
5344 5456
5345 5457 if (tcp->tcp_fused) {
5346 5458 tcp_fuse_backenable(tcp);
5347 5459 return;
5348 5460 }
5349 5461
5350 5462 if (canputnext(q)) {
5351 5463 /* Not flow-controlled, open rwnd */
5352 5464 tcp->tcp_rwnd = connp->conn_rcvbuf;
5353 5465
5354 5466 /*
5355 5467 * Send back a window update immediately if TCP is above
5356 5468 * ESTABLISHED state and the increase of the rcv window
5357 5469 * that the other side knows is at least 1 MSS after flow
5358 5470 * control is lifted.
5359 5471 */
5360 5472 if (tcp->tcp_state >= TCPS_ESTABLISHED &&
5361 5473 tcp_rwnd_reopen(tcp) == TH_ACK_NEEDED) {
5362 5474 tcp_xmit_ctl(NULL, tcp,
5363 5475 (tcp->tcp_swnd == 0) ? tcp->tcp_suna :
5364 5476 tcp->tcp_snxt, tcp->tcp_rnxt, TH_ACK);
5365 5477 }
5366 5478 }
5367 5479 }
5368 5480
5369 5481 /*
5370 5482 * The read side service routine is called mostly when we get back-enabled as a
5371 5483 * result of flow control relief. Since we don't actually queue anything in
5372 5484 * TCP, we have no data to send out of here. What we do is clear the receive
5373 5485 * window, and send out a window update.
5374 5486 */
5375 5487 void
5376 5488 tcp_rsrv(queue_t *q)
5377 5489 {
5378 5490 conn_t *connp = Q_TO_CONN(q);
5379 5491 tcp_t *tcp = connp->conn_tcp;
5380 5492 mblk_t *mp;
5381 5493
5382 5494 /* No code does a putq on the read side */
5383 5495 ASSERT(q->q_first == NULL);
5384 5496
5385 5497 /*
5386 5498 * If tcp->tcp_rsrv_mp == NULL, it means that tcp_rsrv() has already
5387 5499 * been run. So just return.
5388 5500 */
5389 5501 mutex_enter(&tcp->tcp_rsrv_mp_lock);
5390 5502 if ((mp = tcp->tcp_rsrv_mp) == NULL) {
5391 5503 mutex_exit(&tcp->tcp_rsrv_mp_lock);
5392 5504 return;
5393 5505 }
5394 5506 tcp->tcp_rsrv_mp = NULL;
5395 5507 mutex_exit(&tcp->tcp_rsrv_mp_lock);
5396 5508
5397 5509 CONN_INC_REF(connp);
5398 5510 SQUEUE_ENTER_ONE(connp->conn_sqp, mp, tcp_rsrv_input, connp,
5399 5511 NULL, SQ_PROCESS, SQTAG_TCP_RSRV);
5400 5512 }
5401 5513
5402 5514 /* At minimum we need 8 bytes in the TCP header for the lookup */
5403 5515 #define ICMP_MIN_TCP_HDR 8
5404 5516
5405 5517 /*
5406 5518 * tcp_icmp_input is called as conn_recvicmp to process ICMP error messages
5407 5519 * passed up by IP. The message is always received on the correct tcp_t.
5408 5520 * Assumes that IP has pulled up everything up to and including the ICMP header.
5409 5521 */
5410 5522 /* ARGSUSED2 */
5411 5523 void
5412 5524 tcp_icmp_input(void *arg1, mblk_t *mp, void *arg2, ip_recv_attr_t *ira)
5413 5525 {
5414 5526 conn_t *connp = (conn_t *)arg1;
5415 5527 icmph_t *icmph;
5416 5528 ipha_t *ipha;
5417 5529 int iph_hdr_length;
5418 5530 tcpha_t *tcpha;
5419 5531 uint32_t seg_seq;
5420 5532 tcp_t *tcp = connp->conn_tcp;
5421 5533
5422 5534 /* Assume IP provides aligned packets */
5423 5535 ASSERT(OK_32PTR(mp->b_rptr));
5424 5536 ASSERT((MBLKL(mp) >= sizeof (ipha_t)));
5425 5537
5426 5538 /*
5427 5539 * Verify IP version. Anything other than IPv4 or IPv6 packet is sent
5428 5540 * upstream. ICMPv6 is handled in tcp_icmp_error_ipv6.
5429 5541 */
5430 5542 if (!(ira->ira_flags & IRAF_IS_IPV4)) {
5431 5543 tcp_icmp_error_ipv6(tcp, mp, ira);
5432 5544 return;
5433 5545 }
5434 5546
5435 5547 /* Skip past the outer IP and ICMP headers */
5436 5548 iph_hdr_length = ira->ira_ip_hdr_length;
5437 5549 icmph = (icmph_t *)&mp->b_rptr[iph_hdr_length];
5438 5550 /*
5439 5551 * If we don't have the correct outer IP header length
5440 5552 * or if we don't have a complete inner IP header
5441 5553 * drop it.
5442 5554 */
5443 5555 if (iph_hdr_length < sizeof (ipha_t) ||
5444 5556 (ipha_t *)&icmph[1] + 1 > (ipha_t *)mp->b_wptr) {
5445 5557 noticmpv4:
5446 5558 freemsg(mp);
5447 5559 return;
5448 5560 }
5449 5561 ipha = (ipha_t *)&icmph[1];
5450 5562
5451 5563 /* Skip past the inner IP and find the ULP header */
5452 5564 iph_hdr_length = IPH_HDR_LENGTH(ipha);
5453 5565 tcpha = (tcpha_t *)((char *)ipha + iph_hdr_length);
5454 5566 /*
5455 5567 * If we don't have the correct inner IP header length or if the ULP
5456 5568 * is not IPPROTO_TCP or if we don't have at least ICMP_MIN_TCP_HDR
5457 5569 * bytes of TCP header, drop it.
5458 5570 */
5459 5571 if (iph_hdr_length < sizeof (ipha_t) ||
5460 5572 ipha->ipha_protocol != IPPROTO_TCP ||
5461 5573 (uchar_t *)tcpha + ICMP_MIN_TCP_HDR > mp->b_wptr) {
5462 5574 goto noticmpv4;
5463 5575 }
5464 5576
5465 5577 seg_seq = ntohl(tcpha->tha_seq);
5466 5578 switch (icmph->icmph_type) {
5467 5579 case ICMP_DEST_UNREACHABLE:
5468 5580 switch (icmph->icmph_code) {
5469 5581 case ICMP_FRAGMENTATION_NEEDED:
5470 5582 /*
5471 5583 * Update Path MTU, then try to send something out.
5472 5584 */
5473 5585 tcp_update_pmtu(tcp, B_TRUE);
5474 5586 tcp_rexmit_after_error(tcp);
5475 5587 break;
5476 5588 case ICMP_PORT_UNREACHABLE:
5477 5589 case ICMP_PROTOCOL_UNREACHABLE:
5478 5590 switch (tcp->tcp_state) {
5479 5591 case TCPS_SYN_SENT:
5480 5592 case TCPS_SYN_RCVD:
5481 5593 /*
5482 5594 * ICMP can snipe away incipient
5483 5595 * TCP connections as long as
5484 5596 * seq number is same as initial
5485 5597 * send seq number.
5486 5598 */
5487 5599 if (seg_seq == tcp->tcp_iss) {
5488 5600 (void) tcp_clean_death(tcp,
5489 5601 ECONNREFUSED);
5490 5602 }
5491 5603 break;
5492 5604 }
5493 5605 break;
5494 5606 case ICMP_HOST_UNREACHABLE:
5495 5607 case ICMP_NET_UNREACHABLE:
5496 5608 /* Record the error in case we finally time out. */
5497 5609 if (icmph->icmph_code == ICMP_HOST_UNREACHABLE)
5498 5610 tcp->tcp_client_errno = EHOSTUNREACH;
5499 5611 else
5500 5612 tcp->tcp_client_errno = ENETUNREACH;
5501 5613 if (tcp->tcp_state == TCPS_SYN_RCVD) {
5502 5614 if (tcp->tcp_listener != NULL &&
5503 5615 tcp->tcp_listener->tcp_syn_defense) {
5504 5616 /*
5505 5617 * Ditch the half-open connection if we
5506 5618 * suspect a SYN attack is under way.
5507 5619 */
5508 5620 (void) tcp_clean_death(tcp,
5509 5621 tcp->tcp_client_errno);
5510 5622 }
5511 5623 }
5512 5624 break;
5513 5625 default:
5514 5626 break;
5515 5627 }
5516 5628 break;
5517 5629 case ICMP_SOURCE_QUENCH: {
5518 5630 /*
5519 5631 * use a global boolean to control
5520 5632 * whether TCP should respond to ICMP_SOURCE_QUENCH.
5521 5633 * The default is false.
5522 5634 */
5523 5635 if (tcp_icmp_source_quench) {
5524 5636 /*
5525 5637 * Reduce the sending rate as if we got a
5526 5638 * retransmit timeout
5527 5639 */
5528 5640 uint32_t npkt;
5529 5641
5530 5642 npkt = ((tcp->tcp_snxt - tcp->tcp_suna) >> 1) /
5531 5643 tcp->tcp_mss;
5532 5644 tcp->tcp_cwnd_ssthresh = MAX(npkt, 2) * tcp->tcp_mss;
5533 5645 tcp->tcp_cwnd = tcp->tcp_mss;
5534 5646 tcp->tcp_cwnd_cnt = 0;
5535 5647 }
5536 5648 break;
5537 5649 }
5538 5650 }
5539 5651 freemsg(mp);
5540 5652 }
5541 5653
5542 5654 /*
5543 5655 * tcp_icmp_error_ipv6 is called from tcp_icmp_input to process ICMPv6
5544 5656 * error messages passed up by IP.
5545 5657 * Assumes that IP has pulled up all the extension headers as well
5546 5658 * as the ICMPv6 header.
5547 5659 */
5548 5660 static void
5549 5661 tcp_icmp_error_ipv6(tcp_t *tcp, mblk_t *mp, ip_recv_attr_t *ira)
5550 5662 {
5551 5663 icmp6_t *icmp6;
5552 5664 ip6_t *ip6h;
5553 5665 uint16_t iph_hdr_length = ira->ira_ip_hdr_length;
5554 5666 tcpha_t *tcpha;
5555 5667 uint8_t *nexthdrp;
5556 5668 uint32_t seg_seq;
5557 5669
5558 5670 /*
5559 5671 * Verify that we have a complete IP header.
5560 5672 */
5561 5673 ASSERT((MBLKL(mp) >= sizeof (ip6_t)));
5562 5674
5563 5675 icmp6 = (icmp6_t *)&mp->b_rptr[iph_hdr_length];
5564 5676 ip6h = (ip6_t *)&icmp6[1];
5565 5677 /*
5566 5678 * Verify if we have a complete ICMP and inner IP header.
5567 5679 */
5568 5680 if ((uchar_t *)&ip6h[1] > mp->b_wptr) {
5569 5681 noticmpv6:
5570 5682 freemsg(mp);
5571 5683 return;
5572 5684 }
5573 5685
5574 5686 if (!ip_hdr_length_nexthdr_v6(mp, ip6h, &iph_hdr_length, &nexthdrp))
5575 5687 goto noticmpv6;
5576 5688 tcpha = (tcpha_t *)((char *)ip6h + iph_hdr_length);
5577 5689 /*
5578 5690 * Validate inner header. If the ULP is not IPPROTO_TCP or if we don't
5579 5691 * have at least ICMP_MIN_TCP_HDR bytes of TCP header drop the
5580 5692 * packet.
5581 5693 */
5582 5694 if ((*nexthdrp != IPPROTO_TCP) ||
5583 5695 ((uchar_t *)tcpha + ICMP_MIN_TCP_HDR) > mp->b_wptr) {
5584 5696 goto noticmpv6;
5585 5697 }
5586 5698
5587 5699 seg_seq = ntohl(tcpha->tha_seq);
5588 5700 switch (icmp6->icmp6_type) {
5589 5701 case ICMP6_PACKET_TOO_BIG:
5590 5702 /*
5591 5703 * Update Path MTU, then try to send something out.
5592 5704 */
5593 5705 tcp_update_pmtu(tcp, B_TRUE);
5594 5706 tcp_rexmit_after_error(tcp);
5595 5707 break;
5596 5708 case ICMP6_DST_UNREACH:
5597 5709 switch (icmp6->icmp6_code) {
5598 5710 case ICMP6_DST_UNREACH_NOPORT:
5599 5711 if (((tcp->tcp_state == TCPS_SYN_SENT) ||
5600 5712 (tcp->tcp_state == TCPS_SYN_RCVD)) &&
5601 5713 (seg_seq == tcp->tcp_iss)) {
5602 5714 (void) tcp_clean_death(tcp, ECONNREFUSED);
5603 5715 }
5604 5716 break;
5605 5717 case ICMP6_DST_UNREACH_ADMIN:
5606 5718 case ICMP6_DST_UNREACH_NOROUTE:
5607 5719 case ICMP6_DST_UNREACH_BEYONDSCOPE:
5608 5720 case ICMP6_DST_UNREACH_ADDR:
5609 5721 /* Record the error in case we finally time out. */
5610 5722 tcp->tcp_client_errno = EHOSTUNREACH;
5611 5723 if (((tcp->tcp_state == TCPS_SYN_SENT) ||
5612 5724 (tcp->tcp_state == TCPS_SYN_RCVD)) &&
5613 5725 (seg_seq == tcp->tcp_iss)) {
5614 5726 if (tcp->tcp_listener != NULL &&
5615 5727 tcp->tcp_listener->tcp_syn_defense) {
5616 5728 /*
5617 5729 * Ditch the half-open connection if we
5618 5730 * suspect a SYN attack is under way.
5619 5731 */
5620 5732 (void) tcp_clean_death(tcp,
5621 5733 tcp->tcp_client_errno);
5622 5734 }
5623 5735 }
5624 5736
5625 5737
5626 5738 break;
5627 5739 default:
5628 5740 break;
5629 5741 }
5630 5742 break;
5631 5743 case ICMP6_PARAM_PROB:
5632 5744 /* If this corresponds to an ICMP_PROTOCOL_UNREACHABLE */
5633 5745 if (icmp6->icmp6_code == ICMP6_PARAMPROB_NEXTHEADER &&
5634 5746 (uchar_t *)ip6h + icmp6->icmp6_pptr ==
5635 5747 (uchar_t *)nexthdrp) {
5636 5748 if (tcp->tcp_state == TCPS_SYN_SENT ||
5637 5749 tcp->tcp_state == TCPS_SYN_RCVD) {
5638 5750 (void) tcp_clean_death(tcp, ECONNREFUSED);
5639 5751 }
5640 5752 break;
5641 5753 }
5642 5754 break;
5643 5755
5644 5756 case ICMP6_TIME_EXCEEDED:
5645 5757 default:
5646 5758 break;
5647 5759 }
5648 5760 freemsg(mp);
5649 5761 }
5650 5762
5651 5763 /*
5652 5764 * CALLED OUTSIDE OF SQUEUE! It can not follow any pointers that tcp might
5653 5765 * change. But it can refer to fields like tcp_suna and tcp_snxt.
5654 5766 *
5655 5767 * Function tcp_verifyicmp is called as conn_verifyicmp to verify the ICMP
5656 5768 * error messages received by IP. The message is always received on the correct
5657 5769 * tcp_t.
5658 5770 */
5659 5771 /* ARGSUSED */
5660 5772 boolean_t
5661 5773 tcp_verifyicmp(conn_t *connp, void *arg2, icmph_t *icmph, icmp6_t *icmp6,
5662 5774 ip_recv_attr_t *ira)
5663 5775 {
5664 5776 tcpha_t *tcpha = (tcpha_t *)arg2;
5665 5777 uint32_t seq = ntohl(tcpha->tha_seq);
5666 5778 tcp_t *tcp = connp->conn_tcp;
5667 5779
5668 5780 /*
5669 5781 * TCP sequence number contained in payload of the ICMP error message
5670 5782 * should be within the range SND.UNA <= SEG.SEQ < SND.NXT. Otherwise,
5671 5783 * the message is either a stale ICMP error, or an attack from the
5672 5784 * network. Fail the verification.
5673 5785 */
5674 5786 if (SEQ_LT(seq, tcp->tcp_suna) || SEQ_GEQ(seq, tcp->tcp_snxt))
5675 5787 return (B_FALSE);
5676 5788
5677 5789 /* For "too big" we also check the ignore flag */
5678 5790 if (ira->ira_flags & IRAF_IS_IPV4) {
5679 5791 ASSERT(icmph != NULL);
5680 5792 if (icmph->icmph_type == ICMP_DEST_UNREACHABLE &&
5681 5793 icmph->icmph_code == ICMP_FRAGMENTATION_NEEDED &&
5682 5794 tcp->tcp_tcps->tcps_ignore_path_mtu)
5683 5795 return (B_FALSE);
5684 5796 } else {
5685 5797 ASSERT(icmp6 != NULL);
5686 5798 if (icmp6->icmp6_type == ICMP6_PACKET_TOO_BIG &&
5687 5799 tcp->tcp_tcps->tcps_ignore_path_mtu)
5688 5800 return (B_FALSE);
5689 5801 }
5690 5802 return (B_TRUE);
5691 5803 }
|
↓ open down ↓ |
808 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX