2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
5 * The Regents of the University of California. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/cdefs.h>
34 #include "opt_inet6.h"
35 #include "opt_ipsec.h"
36 #include "opt_kern_tls.h"
38 #include <sys/param.h>
39 #include <sys/systm.h>
41 #include <sys/domain.h>
43 #include <sys/hhook.h>
45 #include <sys/kernel.h>
51 #include <sys/mutex.h>
52 #include <sys/protosw.h>
53 #include <sys/qmath.h>
55 #include <sys/socket.h>
56 #include <sys/socketvar.h>
57 #include <sys/sysctl.h>
58 #include <sys/stats.h>
61 #include <net/route.h>
62 #include <net/route/nhop.h>
65 #include <netinet/in.h>
66 #include <netinet/in_kdtrace.h>
67 #include <netinet/in_systm.h>
68 #include <netinet/ip.h>
69 #include <netinet/in_pcb.h>
70 #include <netinet/ip_var.h>
71 #include <netinet/ip_options.h>
73 #include <netinet6/in6_pcb.h>
74 #include <netinet/ip6.h>
75 #include <netinet6/ip6_var.h>
77 #include <netinet/tcp.h>
79 #include <netinet/tcp_fsm.h>
80 #include <netinet/tcp_seq.h>
81 #include <netinet/tcp_var.h>
82 #include <netinet/tcp_log_buf.h>
83 #include <netinet/tcp_syncache.h>
84 #include <netinet/tcp_timer.h>
85 #include <netinet/tcpip.h>
86 #include <netinet/cc/cc.h>
87 #include <netinet/tcp_fastopen.h>
89 #include <netinet/tcp_pcap.h>
92 #include <netinet/tcp_offload.h>
94 #include <netinet/tcp_ecn.h>
96 #include <netipsec/ipsec_support.h>
98 #include <netinet/udp.h>
99 #include <netinet/udp_var.h>
100 #include <machine/in_cksum.h>
102 #include <security/mac/mac_framework.h>
104 VNET_DEFINE(int, path_mtu_discovery) = 1;
105 SYSCTL_INT(_net_inet_tcp, OID_AUTO, path_mtu_discovery, CTLFLAG_VNET | CTLFLAG_RW,
106 &VNET_NAME(path_mtu_discovery), 1,
107 "Enable Path MTU Discovery");
109 VNET_DEFINE(int, tcp_do_tso) = 1;
110 SYSCTL_INT(_net_inet_tcp, OID_AUTO, tso, CTLFLAG_VNET | CTLFLAG_RW,
111 &VNET_NAME(tcp_do_tso), 0,
112 "Enable TCP Segmentation Offload");
114 VNET_DEFINE(int, tcp_sendspace) = 1024*32;
115 #define V_tcp_sendspace VNET(tcp_sendspace)
116 SYSCTL_INT(_net_inet_tcp, TCPCTL_SENDSPACE, sendspace, CTLFLAG_VNET | CTLFLAG_RW,
117 &VNET_NAME(tcp_sendspace), 0, "Initial send socket buffer size");
119 VNET_DEFINE(int, tcp_do_autosndbuf) = 1;
120 SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_auto, CTLFLAG_VNET | CTLFLAG_RW,
121 &VNET_NAME(tcp_do_autosndbuf), 0,
122 "Enable automatic send buffer sizing");
124 VNET_DEFINE(int, tcp_autosndbuf_inc) = 8*1024;
125 SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_inc, CTLFLAG_VNET | CTLFLAG_RW,
126 &VNET_NAME(tcp_autosndbuf_inc), 0,
127 "Incrementor step size of automatic send buffer");
129 VNET_DEFINE(int, tcp_autosndbuf_max) = 2*1024*1024;
130 SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_max, CTLFLAG_VNET | CTLFLAG_RW,
131 &VNET_NAME(tcp_autosndbuf_max), 0,
132 "Max size of automatic send buffer");
134 VNET_DEFINE(int, tcp_sendbuf_auto_lowat) = 0;
135 #define V_tcp_sendbuf_auto_lowat VNET(tcp_sendbuf_auto_lowat)
136 SYSCTL_INT(_net_inet_tcp, OID_AUTO, sendbuf_auto_lowat, CTLFLAG_VNET | CTLFLAG_RW,
137 &VNET_NAME(tcp_sendbuf_auto_lowat), 0,
138 "Modify threshold for auto send buffer growth to account for SO_SNDLOWAT");
141 * Make sure that either retransmit or persist timer is set for SYN, FIN and
144 #define TCP_XMIT_TIMER_ASSERT(tp, len, th_flags) \
145 KASSERT(((len) == 0 && ((th_flags) & (TH_SYN | TH_FIN)) == 0) ||\
146 tcp_timer_active((tp), TT_REXMT) || \
147 tcp_timer_active((tp), TT_PERSIST), \
148 ("neither rexmt nor persist timer is set"))
152 * Wrapper for the TCP established output helper hook.
155 hhook_run_tcp_est_out(struct tcpcb *tp, struct tcphdr *th,
156 struct tcpopt *to, uint32_t len, int tso)
158 struct tcp_hhook_data hhook_data;
160 if (V_tcp_hhh[HHOOK_TCP_EST_OUT]->hhh_nhooks > 0) {
164 hhook_data.len = len;
165 hhook_data.tso = tso;
167 hhook_run_hooks(V_tcp_hhh[HHOOK_TCP_EST_OUT], &hhook_data,
174 * CC wrapper hook functions
177 cc_after_idle(struct tcpcb *tp)
179 INP_WLOCK_ASSERT(tptoinpcb(tp));
181 if (CC_ALGO(tp)->after_idle != NULL)
182 CC_ALGO(tp)->after_idle(&tp->t_ccv);
186 * Tcp output routine: figure out what should be sent and send it.
189 tcp_default_output(struct tcpcb *tp)
191 struct socket *so = tptosocket(tp);
192 struct inpcb *inp = tptoinpcb(tp);
194 uint32_t recwin, sendwin;
196 int off, error = 0; /* Keep compiler happy */
197 u_int if_hw_tsomaxsegcount = 0;
198 u_int if_hw_tsomaxsegsize = 0;
200 struct ip *ip = NULL;
202 u_char opt[TCP_MAXOLEN];
203 unsigned ipoptlen, optlen, hdrlen, ulen;
204 #if defined(IPSEC) || defined(IPSEC_SUPPORT)
205 unsigned ipsec_optlen = 0;
207 int idle, sendalot, curticks;
208 int sack_rxmit, sack_bytes_rxmt;
212 struct udphdr *udp = NULL;
213 struct tcp_log_buffer *lgb;
214 unsigned int wanted_cookie = 0;
215 unsigned int dont_sendalot = 0;
217 int maxburst = TCP_MAXBURST;
220 struct ip6_hdr *ip6 = NULL;
221 const bool isipv6 = (inp->inp_vflag & INP_IPV6) != 0;
224 const bool hw_tls = tp->t_nic_ktls_xmit != 0;
226 const bool hw_tls = false;
230 INP_WLOCK_ASSERT(inp);
233 if (tp->t_flags & TF_TOE)
234 return (tcp_offload_output(tp));
238 * For TFO connections in SYN_SENT or SYN_RECEIVED,
239 * only allow the initial SYN or SYN|ACK and those sent
240 * by the retransmit timer.
242 if (IS_FASTOPEN(tp->t_flags) &&
243 ((tp->t_state == TCPS_SYN_SENT) ||
244 (tp->t_state == TCPS_SYN_RECEIVED)) &&
245 SEQ_GT(tp->snd_max, tp->snd_una) && /* initial SYN or SYN|ACK sent */
246 (tp->snd_nxt != tp->snd_una)) /* not a retransmit */
250 * Determine length of data that should be transmitted,
251 * and flags that will be used.
252 * If there is some data or critical controls (SYN, RST)
253 * to send, then transmit; otherwise, investigate further.
255 idle = (tp->t_flags & TF_LASTIDLE) || (tp->snd_max == tp->snd_una);
256 if (idle && (((ticks - tp->t_rcvtime) >= tp->t_rxtcur) ||
257 (tp->t_sndtime && ((ticks - tp->t_sndtime) >= tp->t_rxtcur))))
259 tp->t_flags &= ~TF_LASTIDLE;
261 if (tp->t_flags & TF_MORETOCOME) {
262 tp->t_flags |= TF_LASTIDLE;
268 * If we've recently taken a timeout, snd_max will be greater than
269 * snd_nxt. There may be SACK information that allows us to avoid
270 * resending already delivered data. Adjust snd_nxt accordingly.
272 if ((tp->t_flags & TF_SACK_PERMIT) &&
273 SEQ_LT(tp->snd_nxt, tp->snd_max))
278 off = tp->snd_nxt - tp->snd_una;
279 sendwin = min(tp->snd_wnd, tp->snd_cwnd);
281 flags = tcp_outflags[tp->t_state];
283 * Send any SACK-generated retransmissions. If we're explicitly trying
284 * to send out new data (when sendalot is 1), bypass this function.
285 * If we retransmit in fast recovery mode, decrement snd_cwnd, since
286 * we're replacing a (future) new transmission with a retransmission
287 * now, and we previously incremented snd_cwnd in tcp_input().
290 * Still in sack recovery , reset rxmit flag to zero.
296 if ((tp->t_flags & TF_SACK_PERMIT) && IN_FASTRECOVERY(tp->t_flags) &&
297 (p = tcp_sack_output(tp, &sack_bytes_rxmt))) {
301 imax(min(tp->snd_wnd, tp->snd_cwnd) - sack_bytes_rxmt, 0);
302 /* Do not retransmit SACK segments beyond snd_recover */
303 if (SEQ_GT(p->end, tp->snd_recover)) {
305 * (At least) part of sack hole extends beyond
306 * snd_recover. Check to see if we can rexmit data
309 if (SEQ_GEQ(p->rxmit, tp->snd_recover)) {
311 * Can't rexmit any more data for this hole.
312 * That data will be rexmitted in the next
313 * sack recovery episode, when snd_recover
314 * moves past p->rxmit.
317 goto after_sack_rexmit;
319 /* Can rexmit part of the current hole */
320 len = ((int32_t)ulmin(cwin,
321 SEQ_SUB(tp->snd_recover, p->rxmit)));
324 len = ((int32_t)ulmin(cwin,
325 SEQ_SUB(p->end, p->rxmit)));
328 off = SEQ_SUB(p->rxmit, tp->snd_una);
329 KASSERT(off >= 0,("%s: sack block to the left of una : %d",
337 * Get standard flags, and add SYN or FIN if requested by 'hidden'
340 if (tp->t_flags & TF_NEEDFIN)
342 if (tp->t_flags & TF_NEEDSYN)
345 SOCKBUF_LOCK(&so->so_snd);
347 * If in persist timeout with window of 0, send 1 byte.
348 * Otherwise, if window is small but nonzero
349 * and timer expired, we will send what we can
350 * and go to transmit state.
352 if (tp->t_flags & TF_FORCEDATA) {
355 * If we still have some data to send, then
356 * clear the FIN bit. Usually this would
357 * happen below when it realizes that we
358 * aren't sending all the data. However,
359 * if we have exactly 1 byte of unsent data,
360 * then it won't clear the FIN bit below,
361 * and if we are in persist state, we wind
362 * up sending the packet without recording
363 * that we sent the FIN bit.
365 * We can't just blindly clear the FIN bit,
366 * because if we don't have any more data
367 * to send then the probe will be the FIN
370 if (off < sbused(&so->so_snd))
374 tcp_timer_activate(tp, TT_PERSIST, 0);
380 * If snd_nxt == snd_max and we have transmitted a FIN, the
381 * offset will be > 0 even if so_snd.sb_cc is 0, resulting in
382 * a negative length. This can also occur when TCP opens up
383 * its congestion window while receiving additional duplicate
384 * acks after fast-retransmit because TCP will reset snd_nxt
385 * to snd_max after the fast-retransmit.
387 * In the normal retransmit-FIN-only case, however, snd_nxt will
388 * be set to snd_una, the offset will be 0, and the length may
391 * If sack_rxmit is true we are retransmitting from the scoreboard
392 * in which case len is already set.
394 if (sack_rxmit == 0) {
395 if (sack_bytes_rxmt == 0) {
396 len = ((int32_t)min(sbavail(&so->so_snd), sendwin) -
402 * We are inside of a SACK recovery episode and are
403 * sending new data, having retransmitted all the
404 * data possible in the scoreboard.
406 len = ((int32_t)min(sbavail(&so->so_snd), tp->snd_wnd) -
409 * Don't remove this (len > 0) check !
410 * We explicitly check for len > 0 here (although it
411 * isn't really necessary), to work around a gcc
412 * optimization issue - to force gcc to compute
413 * len above. Without this check, the computation
414 * of len is bungled by the optimizer.
417 cwin = tp->snd_cwnd - imax(0, (int32_t)
418 (tp->snd_nxt - tp->snd_recover)) -
422 len = imin(len, cwin);
428 * Lop off SYN bit if it has already been sent. However, if this
429 * is SYN-SENT state and if segment contains data and if we don't
430 * know that foreign host supports TAO, suppress sending segment.
432 if ((flags & TH_SYN) && SEQ_GT(tp->snd_nxt, tp->snd_una)) {
433 if (tp->t_state != TCPS_SYN_RECEIVED)
436 * When sending additional segments following a TFO SYN|ACK,
437 * do not include the SYN bit.
439 if (IS_FASTOPEN(tp->t_flags) &&
440 (tp->t_state == TCPS_SYN_RECEIVED))
446 * Be careful not to send data and/or FIN on SYN segments.
447 * This measure is needed to prevent interoperability problems
448 * with not fully conformant TCP implementations.
450 if ((flags & TH_SYN) && (tp->t_flags & TF_NOOPT)) {
456 * On TFO sockets, ensure no data is sent in the following cases:
458 * - When retransmitting SYN|ACK on a passively-created socket
460 * - When retransmitting SYN on an actively created socket
462 * - When sending a zero-length cookie (cookie request) on an
463 * actively created socket
465 * - When the socket is in the CLOSED state (RST is being sent)
467 if (IS_FASTOPEN(tp->t_flags) &&
468 (((flags & TH_SYN) && (tp->t_rxtshift > 0)) ||
469 ((tp->t_state == TCPS_SYN_SENT) &&
470 (tp->t_tfo_client_cookie_len == 0)) ||
475 * If FIN has been sent but not acked,
476 * but we haven't been called to retransmit,
477 * len will be < 0. Otherwise, window shrank
478 * after we sent into it. If window shrank to 0,
479 * cancel pending retransmit, pull snd_nxt back
480 * to (closed) window, and set the persist timer
481 * if it isn't already going. If the window didn't
482 * close completely, just wait for an ACK.
484 * We also do a general check here to ensure that
485 * we will set the persist timer when we have data
486 * to send, but a 0-byte window. This makes sure
487 * the persist timer is set even if the packet
488 * hits one of the "goto send" lines below.
491 if ((sendwin == 0) && (TCPS_HAVEESTABLISHED(tp->t_state)) &&
492 (off < (int) sbavail(&so->so_snd)) &&
493 !tcp_timer_active(tp, TT_PERSIST)) {
494 tcp_timer_activate(tp, TT_REXMT, 0);
496 tp->snd_nxt = tp->snd_una;
497 if (!tcp_timer_active(tp, TT_PERSIST))
502 /* len will be >= 0 after this point. */
503 KASSERT(len >= 0, ("[%s:%d]: len < 0", __func__, __LINE__));
505 tcp_sndbuf_autoscale(tp, so, sendwin);
508 * Decide if we can use TCP Segmentation Offloading (if supported by
511 * TSO may only be used if we are in a pure bulk sending state. The
512 * presence of TCP-MD5, SACK retransmits, SACK advertizements and
513 * IP options prevent using TSO. With TSO the TCP header is the same
514 * (except for the sequence number) for all generated packets. This
515 * makes it impossible to transmit any options which vary per generated
518 * IPv4 handling has a clear separation of ip options and ip header
519 * flags while IPv6 combines both in in6p_outputopts. ip6_optlen() does
520 * the right thing below to provide length of just ip options and thus
521 * checking for ipoptlen is enough to decide if ip options are present.
523 #if defined(IPSEC) || defined(IPSEC_SUPPORT)
525 * Pre-calculate here as we save another lookup into the darknesses
526 * of IPsec that way and can actually decide if TSO is ok.
529 if (isipv6 && IPSEC_ENABLED(ipv6))
530 ipsec_optlen = IPSEC_HDRSIZE(ipv6, inp);
536 if (IPSEC_ENABLED(ipv4))
537 ipsec_optlen = IPSEC_HDRSIZE(ipv4, inp);
542 ipoptlen = ip6_optlen(inp);
545 if (inp->inp_options)
546 ipoptlen = inp->inp_options->m_len -
547 offsetof(struct ipoption, ipopt_list);
550 #if defined(IPSEC) || defined(IPSEC_SUPPORT)
551 ipoptlen += ipsec_optlen;
554 if ((tp->t_flags & TF_TSO) && V_tcp_do_tso && len > tp->t_maxseg &&
556 ((tp->t_flags & TF_SIGNATURE) == 0) &&
557 tp->rcv_numsacks == 0 && sack_rxmit == 0 &&
558 ipoptlen == 0 && !(flags & TH_SYN))
561 if (SEQ_LT((sack_rxmit ? p->rxmit : tp->snd_nxt) + len,
562 tp->snd_una + sbused(&so->so_snd))) {
566 recwin = lmin(lmax(sbspace(&so->so_rcv), 0),
567 (long)TCP_MAXWIN << tp->rcv_scale);
570 * Sender silly window avoidance. We transmit under the following
571 * conditions when len is non-zero:
573 * - We have a full segment (or more with TSO)
574 * - This is the last buffer in a write()/send() and we are
575 * either idle or running NODELAY
576 * - we've timed out (e.g. persist timer)
577 * - we have more then 1/2 the maximum send window's worth of
578 * data (receiver may be limited the window size)
579 * - we need to retransmit
582 if (len >= tp->t_maxseg)
585 * As the TCP header options are now
586 * considered when setting up the initial
587 * window, we would not send the last segment
588 * if we skip considering the option length here.
589 * Note: this may not work when tcp headers change
590 * very dynamically in the future.
592 if ((((tp->t_flags & TF_SIGNATURE) ?
593 PADTCPOLEN(TCPOLEN_SIGNATURE) : 0) +
594 ((tp->t_flags & TF_RCVD_TSTMP) ?
595 PADTCPOLEN(TCPOLEN_TIMESTAMP) : 0) +
596 len) >= tp->t_maxseg)
599 * NOTE! on localhost connections an 'ack' from the remote
600 * end may occur synchronously with the output and cause
601 * us to flush a buffer queued with moretocome. XXX
603 * note: the len + off check is almost certainly unnecessary.
605 if (!(tp->t_flags & TF_MORETOCOME) && /* normal case */
606 (idle || (tp->t_flags & TF_NODELAY)) &&
607 (uint32_t)len + (uint32_t)off >= sbavail(&so->so_snd) &&
608 (tp->t_flags & TF_NOPUSH) == 0) {
611 if (tp->t_flags & TF_FORCEDATA) /* typ. timeout case */
613 if (len >= tp->max_sndwnd / 2 && tp->max_sndwnd > 0)
615 if (SEQ_LT(tp->snd_nxt, tp->snd_max)) /* retransmit case */
622 * Sending of standalone window updates.
624 * Window updates are important when we close our window due to a
625 * full socket buffer and are opening it again after the application
626 * reads data from it. Once the window has opened again and the
627 * remote end starts to send again the ACK clock takes over and
628 * provides the most current window information.
630 * We must avoid the silly window syndrome whereas every read
631 * from the receive buffer, no matter how small, causes a window
632 * update to be sent. We also should avoid sending a flurry of
633 * window updates when the socket buffer had queued a lot of data
634 * and the application is doing small reads.
636 * Prevent a flurry of pointless window updates by only sending
637 * an update when we can increase the advertized window by more
638 * than 1/4th of the socket buffer capacity. When the buffer is
639 * getting full or is very small be more aggressive and send an
640 * update whenever we can increase by two mss sized segments.
641 * In all other situations the ACK's to new incoming data will
642 * carry further window increases.
644 * Don't send an independent window update if a delayed
645 * ACK is pending (it will get piggy-backed on it) or the
646 * remote side already has done a half-close and won't send
649 if (recwin > 0 && !(tp->t_flags & TF_NEEDSYN) &&
650 !(tp->t_flags & TF_DELACK) &&
651 !TCPS_HAVERCVDFIN(tp->t_state)) {
653 * "adv" is the amount we could increase the window,
654 * taking into account that we are limited by
655 * TCP_MAXWIN << tp->rcv_scale.
661 if (SEQ_GT(tp->rcv_adv, tp->rcv_nxt)) {
662 oldwin = (tp->rcv_adv - tp->rcv_nxt);
671 * If the new window size ends up being the same as or less
672 * than the old size when it is scaled, then don't force
675 if (oldwin >> tp->rcv_scale >= (adv + oldwin) >> tp->rcv_scale)
678 if (adv >= (int32_t)(2 * tp->t_maxseg) &&
679 (adv >= (int32_t)(so->so_rcv.sb_hiwat / 4) ||
680 recwin <= (so->so_rcv.sb_hiwat / 8) ||
681 so->so_rcv.sb_hiwat <= 8 * tp->t_maxseg ||
682 adv >= TCP_MAXWIN << tp->rcv_scale))
684 if (2 * adv >= (int32_t)so->so_rcv.sb_hiwat)
690 * Send if we owe the peer an ACK, RST, SYN, or urgent data. ACKNOW
691 * is also a catch-all for the retransmit timer timeout case.
693 if (tp->t_flags & TF_ACKNOW)
695 if ((flags & TH_RST) ||
696 ((flags & TH_SYN) && (tp->t_flags & TF_NEEDSYN) == 0))
698 if (SEQ_GT(tp->snd_up, tp->snd_una))
701 * If our state indicates that FIN should be sent
702 * and we have not yet done so, then we need to send.
704 if (flags & TH_FIN &&
705 ((tp->t_flags & TF_SENTFIN) == 0 || tp->snd_nxt == tp->snd_una))
708 * In SACK, it is possible for tcp_output to fail to send a segment
709 * after the retransmission timer has been turned off. Make sure
710 * that the retransmission timer is set.
712 if ((tp->t_flags & TF_SACK_PERMIT) &&
713 SEQ_GT(tp->snd_max, tp->snd_una) &&
714 !tcp_timer_active(tp, TT_REXMT) &&
715 !tcp_timer_active(tp, TT_PERSIST)) {
716 tcp_timer_activate(tp, TT_REXMT, TP_RXTCUR(tp));
720 * TCP window updates are not reliable, rather a polling protocol
721 * using ``persist'' packets is used to insure receipt of window
722 * updates. The three ``states'' for the output side are:
723 * idle not doing retransmits or persists
724 * persisting to move a small or zero window
725 * (re)transmitting and thereby not persisting
727 * tcp_timer_active(tp, TT_PERSIST)
728 * is true when we are in persist state.
729 * (tp->t_flags & TF_FORCEDATA)
730 * is set when we are called to send a persist packet.
731 * tcp_timer_active(tp, TT_REXMT)
732 * is set when we are retransmitting
733 * The output side is idle when both timers are zero.
735 * If send window is too small, there is data to transmit, and no
736 * retransmit or persist is pending, then go to persist state.
737 * If nothing happens soon, send when timer expires:
738 * if window is nonzero, transmit what we can,
739 * otherwise force out a byte.
741 if (sbavail(&so->so_snd) && !tcp_timer_active(tp, TT_REXMT) &&
742 !tcp_timer_active(tp, TT_PERSIST)) {
748 * No reason to send a segment, just return.
751 SOCKBUF_UNLOCK(&so->so_snd);
755 SOCKBUF_LOCK_ASSERT(&so->so_snd);
757 if (len >= tp->t_maxseg)
758 tp->t_flags2 |= TF2_PLPMTU_MAXSEGSNT;
760 tp->t_flags2 &= ~TF2_PLPMTU_MAXSEGSNT;
763 * Before ESTABLISHED, force sending of initial options
764 * unless TCP set not to do any options.
765 * NOTE: we assume that the IP/TCP header plus TCP options
766 * always fit in a single mbuf, leaving room for a maximum
768 * max_linkhdr + sizeof (struct tcpiphdr) + optlen <= MCLBYTES
773 hdrlen = sizeof (struct ip6_hdr) + sizeof (struct tcphdr);
776 hdrlen = sizeof (struct tcpiphdr);
778 if (flags & TH_SYN) {
779 tp->snd_nxt = tp->iss;
783 * Compute options for segment.
784 * We only have to care about SYN and established connection
785 * segments. Options for SYN-ACK segments are handled in TCP
789 if ((tp->t_flags & TF_NOOPT) == 0) {
790 /* Maximum segment size. */
791 if (flags & TH_SYN) {
792 to.to_mss = tcp_mssopt(&inp->inp_inc);
794 to.to_mss -= V_tcp_udp_tunneling_overhead;
795 to.to_flags |= TOF_MSS;
798 * On SYN or SYN|ACK transmits on TFO connections,
799 * only include the TFO option if it is not a
800 * retransmit, as the presence of the TFO option may
801 * have caused the original SYN or SYN|ACK to have
802 * been dropped by a middlebox.
804 if (IS_FASTOPEN(tp->t_flags) &&
805 (tp->t_rxtshift == 0)) {
806 if (tp->t_state == TCPS_SYN_RECEIVED) {
807 to.to_tfo_len = TCP_FASTOPEN_COOKIE_LEN;
809 (u_int8_t *)&tp->t_tfo_cookie.server;
810 to.to_flags |= TOF_FASTOPEN;
812 } else if (tp->t_state == TCPS_SYN_SENT) {
814 tp->t_tfo_client_cookie_len;
816 tp->t_tfo_cookie.client;
817 to.to_flags |= TOF_FASTOPEN;
820 * If we wind up having more data to
821 * send with the SYN than can fit in
822 * one segment, don't send any more
823 * until the SYN|ACK comes back from
830 /* Window scaling. */
831 if ((flags & TH_SYN) && (tp->t_flags & TF_REQ_SCALE)) {
832 to.to_wscale = tp->request_r_scale;
833 to.to_flags |= TOF_SCALE;
836 if ((tp->t_flags & TF_RCVD_TSTMP) ||
837 ((flags & TH_SYN) && (tp->t_flags & TF_REQ_TSTMP))) {
838 curticks = tcp_ts_getticks();
839 to.to_tsval = curticks + tp->ts_offset;
840 to.to_tsecr = tp->ts_recent;
841 to.to_flags |= TOF_TS;
842 if (tp->t_rxtshift == 1)
843 tp->t_badrxtwin = curticks;
846 /* Set receive buffer autosizing timestamp. */
847 if (tp->rfbuf_ts == 0 &&
848 (so->so_rcv.sb_flags & SB_AUTOSIZE))
849 tp->rfbuf_ts = tcp_ts_getticks();
851 /* Selective ACK's. */
852 if (tp->t_flags & TF_SACK_PERMIT) {
854 to.to_flags |= TOF_SACKPERM;
855 else if (TCPS_HAVEESTABLISHED(tp->t_state) &&
856 tp->rcv_numsacks > 0) {
857 to.to_flags |= TOF_SACK;
858 to.to_nsacks = tp->rcv_numsacks;
859 to.to_sacks = (u_char *)tp->sackblks;
862 #if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
863 /* TCP-MD5 (RFC2385). */
865 * Check that TCP_MD5SIG is enabled in tcpcb to
866 * account the size needed to set this TCP option.
868 if (tp->t_flags & TF_SIGNATURE)
869 to.to_flags |= TOF_SIGNATURE;
870 #endif /* TCP_SIGNATURE */
872 /* Processing the options. */
873 hdrlen += optlen = tcp_addoptions(&to, opt);
875 * If we wanted a TFO option to be added, but it was unable
876 * to fit, ensure no data is sent.
878 if (IS_FASTOPEN(tp->t_flags) && wanted_cookie &&
879 !(to.to_flags & TOF_FASTOPEN))
883 if (V_tcp_udp_tunneling_port == 0) {
884 /* The port was removed?? */
885 SOCKBUF_UNLOCK(&so->so_snd);
886 return (EHOSTUNREACH);
888 hdrlen += sizeof(struct udphdr);
891 * Adjust data length if insertion of options will
892 * bump the packet length beyond the t_maxseg length.
893 * Clear the FIN bit because we cut off the tail of
896 if (len + optlen + ipoptlen > tp->t_maxseg) {
904 /* extract TSO information */
905 if_hw_tsomax = tp->t_tsomax;
906 if_hw_tsomaxsegcount = tp->t_tsomaxsegcount;
907 if_hw_tsomaxsegsize = tp->t_tsomaxsegsize;
910 * Limit a TSO burst to prevent it from
911 * overflowing or exceeding the maximum length
912 * allowed by the network interface:
914 KASSERT(ipoptlen == 0,
915 ("%s: TSO can't do IP options", __func__));
918 * Check if we should limit by maximum payload
921 if (if_hw_tsomax != 0) {
922 /* compute maximum TSO length */
923 max_len = (if_hw_tsomax - hdrlen -
927 } else if (len > max_len) {
934 * Prevent the last segment from being
935 * fractional unless the send sockbuf can be
938 max_len = (tp->t_maxseg - optlen);
939 if (((uint32_t)off + (uint32_t)len) <
940 sbavail(&so->so_snd)) {
941 moff = len % max_len;
949 * In case there are too many small fragments
952 if (len <= max_len) {
959 * Send the FIN in a separate segment
960 * after the bulk sending is done.
961 * We don't trust the TSO implementations
962 * to clear the FIN flag on all but the
965 if (tp->t_flags & TF_NEEDFIN)
968 if (optlen + ipoptlen >= tp->t_maxseg) {
970 * Since we don't have enough space to put
971 * the IP header chain and the TCP header in
972 * one packet as required by RFC 7112, don't
973 * send it. Also ensure that at least one
974 * byte of the payload can be put into the
977 SOCKBUF_UNLOCK(&so->so_snd);
982 len = tp->t_maxseg - optlen - ipoptlen;
990 KASSERT(len + hdrlen + ipoptlen <= IP_MAXPACKET,
991 ("%s: len > IP_MAXPACKET", __func__));
993 /*#ifdef DIAGNOSTIC*/
995 if (max_linkhdr + hdrlen > MCLBYTES)
997 if (max_linkhdr + hdrlen > MHLEN)
999 panic("tcphdr too big");
1003 * This KASSERT is here to catch edge cases at a well defined place.
1004 * Before, those had triggered (random) panic conditions further down.
1006 KASSERT(len >= 0, ("[%s:%d]: len < 0", __func__, __LINE__));
1009 * Grab a header mbuf, attaching a copy of data to
1010 * be transmitted, and initialize the header from
1011 * the template for sends on this connection.
1015 struct sockbuf *msb;
1018 if ((tp->t_flags & TF_FORCEDATA) && len == 1) {
1019 TCPSTAT_INC(tcps_sndprobe);
1021 if (SEQ_LT(tp->snd_nxt, tp->snd_max))
1022 stats_voi_update_abs_u32(tp->t_stats,
1023 VOI_TCP_RETXPB, len);
1025 stats_voi_update_abs_u64(tp->t_stats,
1028 } else if (SEQ_LT(tp->snd_nxt, tp->snd_max) || sack_rxmit) {
1029 tp->t_sndrexmitpack++;
1030 TCPSTAT_INC(tcps_sndrexmitpack);
1031 TCPSTAT_ADD(tcps_sndrexmitbyte, len);
1033 TCPSTAT_INC(tcps_sack_rexmits);
1034 TCPSTAT_ADD(tcps_sack_rexmit_bytes, len);
1037 stats_voi_update_abs_u32(tp->t_stats, VOI_TCP_RETXPB,
1041 TCPSTAT_INC(tcps_sndpack);
1042 TCPSTAT_ADD(tcps_sndbyte, len);
1044 stats_voi_update_abs_u64(tp->t_stats, VOI_TCP_TXPB,
1049 if (MHLEN < hdrlen + max_linkhdr)
1050 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
1053 m = m_gethdr(M_NOWAIT, MT_DATA);
1056 SOCKBUF_UNLOCK(&so->so_snd);
1062 m->m_data += max_linkhdr;
1066 * Start the m_copy functions from the closest mbuf
1067 * to the offset in the socket buffer chain.
1069 mb = sbsndptr_noadv(&so->so_snd, off, &moff);
1070 if (len <= MHLEN - hdrlen - max_linkhdr && !hw_tls) {
1071 m_copydata(mb, moff, len,
1072 mtod(m, caddr_t) + hdrlen);
1073 if (SEQ_LT(tp->snd_nxt, tp->snd_max))
1074 sbsndptr_adv(&so->so_snd, mb, len);
1077 if (SEQ_LT(tp->snd_nxt, tp->snd_max))
1081 m->m_next = tcp_m_copym(mb, moff,
1082 &len, if_hw_tsomaxsegcount,
1083 if_hw_tsomaxsegsize, msb, hw_tls);
1084 if (len <= (tp->t_maxseg - optlen)) {
1086 * Must have ran out of mbufs for the copy
1087 * shorten it to no longer need tso. Lets
1088 * not put on sendalot since we are low on
1093 if (m->m_next == NULL) {
1094 SOCKBUF_UNLOCK(&so->so_snd);
1103 * If we're sending everything we've got, set PUSH.
1104 * (This will keep happy those implementations which only
1105 * give data to the user when a buffer fills or
1108 if (((uint32_t)off + (uint32_t)len == sbused(&so->so_snd)) &&
1111 SOCKBUF_UNLOCK(&so->so_snd);
1113 SOCKBUF_UNLOCK(&so->so_snd);
1114 if (tp->t_flags & TF_ACKNOW)
1115 TCPSTAT_INC(tcps_sndacks);
1116 else if (flags & (TH_SYN|TH_FIN|TH_RST))
1117 TCPSTAT_INC(tcps_sndctrl);
1118 else if (SEQ_GT(tp->snd_up, tp->snd_una))
1119 TCPSTAT_INC(tcps_sndurg);
1121 TCPSTAT_INC(tcps_sndwinup);
1123 m = m_gethdr(M_NOWAIT, MT_DATA);
1130 if (isipv6 && (MHLEN < hdrlen + max_linkhdr) &&
1135 m->m_data += max_linkhdr;
1138 SOCKBUF_UNLOCK_ASSERT(&so->so_snd);
1139 m->m_pkthdr.rcvif = (struct ifnet *)0;
1141 mac_inpcb_create_mbuf(inp, m);
1145 ip6 = mtod(m, struct ip6_hdr *);
1147 udp = (struct udphdr *)((caddr_t)ip6 + sizeof(struct ip6_hdr));
1148 udp->uh_sport = htons(V_tcp_udp_tunneling_port);
1149 udp->uh_dport = tp->t_port;
1150 ulen = hdrlen + len - sizeof(struct ip6_hdr);
1151 udp->uh_ulen = htons(ulen);
1152 th = (struct tcphdr *)(udp + 1);
1154 th = (struct tcphdr *)(ip6 + 1);
1156 tcpip_fillheaders(inp, tp->t_port, ip6, th);
1160 ip = mtod(m, struct ip *);
1162 udp = (struct udphdr *)((caddr_t)ip + sizeof(struct ip));
1163 udp->uh_sport = htons(V_tcp_udp_tunneling_port);
1164 udp->uh_dport = tp->t_port;
1165 ulen = hdrlen + len - sizeof(struct ip);
1166 udp->uh_ulen = htons(ulen);
1167 th = (struct tcphdr *)(udp + 1);
1169 th = (struct tcphdr *)(ip + 1);
1170 tcpip_fillheaders(inp, tp->t_port, ip, th);
1174 * Fill in fields, remembering maximum advertised
1175 * window for use in delaying messages about window sizes.
1176 * If resending a FIN, be sure not to use a new sequence number.
1178 if (flags & TH_FIN && tp->t_flags & TF_SENTFIN &&
1179 tp->snd_nxt == tp->snd_max)
1182 * If we are starting a connection, send ECN setup
1183 * SYN packet. If we are on a retransmit, we may
1184 * resend those bits a number of times as per
1187 if (tp->t_state == TCPS_SYN_SENT && V_tcp_do_ecn) {
1188 flags |= tcp_ecn_output_syn_sent(tp);
1190 /* Also handle parallel SYN for ECN */
1191 if ((TCPS_HAVERCVDSYN(tp->t_state)) &&
1192 (tp->t_flags2 & (TF2_ECN_PERMIT | TF2_ACE_PERMIT))) {
1193 int ect = tcp_ecn_output_established(tp, &flags, len, sack_rxmit);
1194 if ((tp->t_state == TCPS_SYN_RECEIVED) &&
1195 (tp->t_flags2 & TF2_ECN_SND_ECE))
1196 tp->t_flags2 &= ~TF2_ECN_SND_ECE;
1199 ip6->ip6_flow &= ~htonl(IPTOS_ECN_MASK << IPV6_FLOWLABEL_LEN);
1200 ip6->ip6_flow |= htonl(ect << IPV6_FLOWLABEL_LEN);
1205 ip->ip_tos &= ~IPTOS_ECN_MASK;
1211 * If we are doing retransmissions, then snd_nxt will
1212 * not reflect the first unsent octet. For ACK only
1213 * packets, we do not want the sequence number of the
1214 * retransmitted packet, we want the sequence number
1215 * of the next unsent octet. So, if there is no data
1216 * (and no SYN or FIN), use snd_max instead of snd_nxt
1217 * when filling in ti_seq. But if we are in persist
1218 * state, snd_max might reflect one byte beyond the
1219 * right edge of the window, so use snd_nxt in that
1220 * case, since we know we aren't doing a retransmission.
1221 * (retransmit and persist are mutually exclusive...)
1223 if (sack_rxmit == 0) {
1224 if (len || (flags & (TH_SYN|TH_FIN)) ||
1225 tcp_timer_active(tp, TT_PERSIST))
1226 th->th_seq = htonl(tp->snd_nxt);
1228 th->th_seq = htonl(tp->snd_max);
1230 th->th_seq = htonl(p->rxmit);
1233 * Lost Retransmission Detection
1234 * trigger resending of a (then
1235 * still existing) hole, when
1236 * fack acks recoverypoint.
1238 if ((tp->t_flags & TF_LRD) && SEQ_GEQ(p->rxmit, p->end))
1239 p->rxmit = tp->snd_recover;
1240 tp->sackhint.sack_bytes_rexmit += len;
1242 if (IN_RECOVERY(tp->t_flags)) {
1244 * Account all bytes transmitted while
1245 * IN_RECOVERY, simplifying PRR and
1246 * Lost Retransmit Detection
1248 tp->sackhint.prr_out += len;
1250 th->th_ack = htonl(tp->rcv_nxt);
1252 bcopy(opt, th + 1, optlen);
1253 th->th_off = (sizeof (struct tcphdr) + optlen) >> 2;
1255 tcp_set_flags(th, flags);
1257 * Calculate receive window. Don't shrink window,
1258 * but avoid silly window syndrome.
1259 * If a RST segment is sent, advertise a window of zero.
1261 if (flags & TH_RST) {
1264 if (recwin < (so->so_rcv.sb_hiwat / 4) &&
1265 recwin < tp->t_maxseg)
1267 if (SEQ_GT(tp->rcv_adv, tp->rcv_nxt) &&
1268 recwin < (tp->rcv_adv - tp->rcv_nxt))
1269 recwin = (tp->rcv_adv - tp->rcv_nxt);
1272 * According to RFC1323 the window field in a SYN (i.e., a <SYN>
1273 * or <SYN,ACK>) segment itself is never scaled. The <SYN,ACK>
1274 * case is handled in syncache.
1277 th->th_win = htons((u_short)
1278 (min(sbspace(&so->so_rcv), TCP_MAXWIN)));
1280 /* Avoid shrinking window with window scaling. */
1281 recwin = roundup2(recwin, 1 << tp->rcv_scale);
1282 th->th_win = htons((u_short)(recwin >> tp->rcv_scale));
1286 * Adjust the RXWIN0SENT flag - indicate that we have advertised
1287 * a 0 window. This may cause the remote transmitter to stall. This
1288 * flag tells soreceive() to disable delayed acknowledgements when
1289 * draining the buffer. This can occur if the receiver is attempting
1290 * to read more data than can be buffered prior to transmitting on
1293 if (th->th_win == 0) {
1295 tp->t_flags |= TF_RXWIN0SENT;
1297 tp->t_flags &= ~TF_RXWIN0SENT;
1298 if (SEQ_GT(tp->snd_up, tp->snd_nxt)) {
1299 th->th_urp = htons((u_short)(tp->snd_up - tp->snd_nxt));
1300 th->th_flags |= TH_URG;
1303 * If no urgent pointer to send, then we pull
1304 * the urgent pointer to the left edge of the send window
1305 * so that it doesn't drift into the send window on sequence
1306 * number wraparound.
1308 tp->snd_up = tp->snd_una; /* drag it along */
1311 * Put TCP length in extended header, and then
1312 * checksum extended header and data.
1314 m->m_pkthdr.len = hdrlen + len; /* in6_cksum() need this */
1316 #if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
1317 if (to.to_flags & TOF_SIGNATURE) {
1319 * Calculate MD5 signature and put it into the place
1320 * determined before.
1321 * NOTE: since TCP options buffer doesn't point into
1322 * mbuf's data, calculate offset and use it.
1324 if (!TCPMD5_ENABLED() || (error = TCPMD5_OUTPUT(m, th,
1325 (u_char *)(th + 1) + (to.to_signature - opt))) != 0) {
1327 * Do not send segment if the calculation of MD5
1328 * digest has failed.
1338 * There is no need to fill in ip6_plen right now.
1339 * It will be filled later by ip6_output.
1342 m->m_pkthdr.csum_flags = CSUM_UDP_IPV6;
1343 m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
1344 udp->uh_sum = in6_cksum_pseudo(ip6, ulen, IPPROTO_UDP, 0);
1345 th->th_sum = htons(0);
1346 UDPSTAT_INC(udps_opackets);
1348 m->m_pkthdr.csum_flags = CSUM_TCP_IPV6;
1349 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
1350 th->th_sum = in6_cksum_pseudo(ip6,
1351 sizeof(struct tcphdr) + optlen + len, IPPROTO_TCP,
1356 #if defined(INET6) && defined(INET)
1362 m->m_pkthdr.csum_flags = CSUM_UDP;
1363 m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
1364 udp->uh_sum = in_pseudo(ip->ip_src.s_addr,
1365 ip->ip_dst.s_addr, htons(ulen + IPPROTO_UDP));
1366 th->th_sum = htons(0);
1367 UDPSTAT_INC(udps_opackets);
1369 m->m_pkthdr.csum_flags = CSUM_TCP;
1370 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
1371 th->th_sum = in_pseudo(ip->ip_src.s_addr,
1372 ip->ip_dst.s_addr, htons(sizeof(struct tcphdr) +
1373 IPPROTO_TCP + len + optlen));
1376 /* IP version must be set here for ipv4/ipv6 checking later */
1377 KASSERT(ip->ip_v == IPVERSION,
1378 ("%s: IP version incorrect: %d", __func__, ip->ip_v));
1383 * Enable TSO and specify the size of the segments.
1384 * The TCP pseudo header checksum is always provided.
1387 KASSERT(len > tp->t_maxseg - optlen,
1388 ("%s: len <= tso_segsz", __func__));
1389 m->m_pkthdr.csum_flags |= CSUM_TSO;
1390 m->m_pkthdr.tso_segsz = tp->t_maxseg - optlen;
1393 KASSERT(len + hdrlen == m_length(m, NULL),
1394 ("%s: mbuf chain shorter than expected: %d + %u != %u",
1395 __func__, len, hdrlen, m_length(m, NULL)));
1398 /* Run HHOOK_TCP_ESTABLISHED_OUT helper hooks. */
1399 hhook_run_tcp_est_out(tp, th, &to, len, tso);
1402 TCP_PROBE3(debug__output, tp, th, m);
1404 /* We're getting ready to send; log now. */
1405 /* XXXMT: We are not honoring verbose logging. */
1407 if (tcp_bblogging_on(tp))
1408 lgb = tcp_log_event(tp, th, &so->so_rcv, &so->so_snd,
1409 TCP_LOG_OUT, ERRNO_UNK, len, NULL, false, NULL, NULL, 0,
1415 * Fill in IP length and desired time to live and
1416 * send to IP level. There should be a better way
1417 * to handle ttl and tos; we could keep them in
1418 * the template, but need a way to checksum without them.
1421 * m->m_pkthdr.len should have been set before checksum calculation,
1422 * because in6_cksum() need it.
1427 * we separately set hoplimit for every segment, since the
1428 * user might want to change the value via setsockopt.
1429 * Also, desired default hop limit might be changed via
1430 * Neighbor Discovery.
1432 ip6->ip6_hlim = in6_selecthlim(inp, NULL);
1435 * Set the packet size here for the benefit of DTrace probes.
1436 * ip6_output() will set it properly; it's supposed to include
1437 * the option header lengths as well.
1439 ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6));
1441 if (V_path_mtu_discovery && tp->t_maxseg > V_tcp_minmss)
1442 tp->t_flags2 |= TF2_PLPMTU_PMTUD;
1444 tp->t_flags2 &= ~TF2_PLPMTU_PMTUD;
1446 if (tp->t_state == TCPS_SYN_SENT)
1447 TCP_PROBE5(connect__request, NULL, tp, ip6, tp, th);
1449 TCP_PROBE5(send, NULL, tp, ip6, tp, th);
1452 /* Save packet, if requested. */
1453 tcp_pcap_add(th, m, &(tp->t_outpkts));
1456 /* TODO: IPv6 IP6TOS_ECT bit on */
1457 error = ip6_output(m, inp->in6p_outputopts, &inp->inp_route6,
1458 ((so->so_options & SO_DONTROUTE) ? IP_ROUTETOIF : 0),
1461 if (error == EMSGSIZE && inp->inp_route6.ro_nh != NULL)
1462 mtu = inp->inp_route6.ro_nh->nh_mtu;
1465 #if defined(INET) && defined(INET6)
1470 ip->ip_len = htons(m->m_pkthdr.len);
1472 if (inp->inp_vflag & INP_IPV6PROTO)
1473 ip->ip_ttl = in6_selecthlim(inp, NULL);
1476 * If we do path MTU discovery, then we set DF on every packet.
1477 * This might not be the best thing to do according to RFC3390
1478 * Section 2. However the tcp hostcache migitates the problem
1479 * so it affects only the first tcp connection with a host.
1481 * NB: Don't set DF on small MTU/MSS to have a safe fallback.
1483 if (V_path_mtu_discovery && tp->t_maxseg > V_tcp_minmss) {
1484 tp->t_flags2 |= TF2_PLPMTU_PMTUD;
1485 if (tp->t_port == 0 || len < V_tcp_minmss) {
1486 ip->ip_off |= htons(IP_DF);
1489 tp->t_flags2 &= ~TF2_PLPMTU_PMTUD;
1492 if (tp->t_state == TCPS_SYN_SENT)
1493 TCP_PROBE5(connect__request, NULL, tp, ip, tp, th);
1495 TCP_PROBE5(send, NULL, tp, ip, tp, th);
1498 /* Save packet, if requested. */
1499 tcp_pcap_add(th, m, &(tp->t_outpkts));
1502 error = ip_output(m, inp->inp_options, &inp->inp_route,
1503 ((so->so_options & SO_DONTROUTE) ? IP_ROUTETOIF : 0), 0, inp);
1505 if (error == EMSGSIZE && inp->inp_route.ro_nh != NULL)
1506 mtu = inp->inp_route.ro_nh->nh_mtu;
1511 lgb->tlb_errno = error;
1516 tcp_account_for_send(tp, len, (tp->snd_nxt != tp->snd_max), 0, hw_tls);
1518 * In transmit state, time the transmission and arrange for
1519 * the retransmit. In persist state, just set snd_max. In a closed
1520 * state just return.
1522 if (flags & TH_RST) {
1523 TCPSTAT_INC(tcps_sndtotal);
1525 } else if ((tp->t_flags & TF_FORCEDATA) == 0 ||
1526 !tcp_timer_active(tp, TT_PERSIST)) {
1527 tcp_seq startseq = tp->snd_nxt;
1530 * Advance snd_nxt over sequence space of this segment.
1532 if (flags & (TH_SYN|TH_FIN)) {
1535 if (flags & TH_FIN) {
1537 tp->t_flags |= TF_SENTFIN;
1543 if (SEQ_GT(tp->snd_nxt, tp->snd_max)) {
1545 * Update "made progress" indication if we just
1546 * added new data to an empty socket buffer.
1548 if (tp->snd_una == tp->snd_max)
1549 tp->t_acktime = ticks;
1550 tp->snd_max = tp->snd_nxt;
1552 * Time this transmission if not a retransmission and
1553 * not currently timing anything.
1555 tp->t_sndtime = ticks;
1556 if (tp->t_rtttime == 0) {
1557 tp->t_rtttime = ticks;
1558 tp->t_rtseq = startseq;
1559 TCPSTAT_INC(tcps_segstimed);
1562 if (!(tp->t_flags & TF_GPUTINPROG) && len) {
1563 tp->t_flags |= TF_GPUTINPROG;
1564 tp->gput_seq = startseq;
1565 tp->gput_ack = startseq +
1566 ulmin(sbavail(&so->so_snd) - off, sendwin);
1567 tp->gput_ts = tcp_ts_getticks();
1573 * Set retransmit timer if not currently set,
1574 * and not doing a pure ack or a keep-alive probe.
1575 * Initial value for retransmit timer is smoothed
1576 * round-trip time + 2 * round-trip time variance.
1577 * Initialize shift counter which is used for backoff
1578 * of retransmit time.
1581 if (!tcp_timer_active(tp, TT_REXMT) &&
1582 ((sack_rxmit && tp->snd_nxt != tp->snd_max) ||
1583 (tp->snd_nxt != tp->snd_una))) {
1584 if (tcp_timer_active(tp, TT_PERSIST)) {
1585 tcp_timer_activate(tp, TT_PERSIST, 0);
1588 tcp_timer_activate(tp, TT_REXMT, TP_RXTCUR(tp));
1589 } else if (len == 0 && sbavail(&so->so_snd) &&
1590 !tcp_timer_active(tp, TT_REXMT) &&
1591 !tcp_timer_active(tp, TT_PERSIST)) {
1593 * Avoid a situation where we do not set persist timer
1594 * after a zero window condition. For example:
1595 * 1) A -> B: packet with enough data to fill the window
1596 * 2) B -> A: ACK for #1 + new data (0 window
1598 * 3) A -> B: ACK for #2, 0 len packet
1600 * In this case, A will not activate the persist timer,
1601 * because it chose to send a packet. Unless tcp_output
1602 * is called for some other reason (delayed ack timer,
1603 * another input packet from B, socket syscall), A will
1604 * not send zero window probes.
1606 * So, if you send a 0-length packet, but there is data
1607 * in the socket buffer, and neither the rexmt or
1608 * persist timer is already set, then activate the
1616 * Persist case, update snd_max but since we are in
1617 * persist mode (no window) we do not update snd_nxt.
1622 if (flags & TH_FIN) {
1624 tp->t_flags |= TF_SENTFIN;
1626 if (SEQ_GT(tp->snd_nxt + xlen, tp->snd_max))
1627 tp->snd_max = tp->snd_nxt + xlen;
1630 (TCPS_HAVEESTABLISHED(tp->t_state) &&
1631 (tp->t_flags & TF_SACK_PERMIT) &&
1632 tp->rcv_numsacks > 0)) {
1633 /* Clean up any DSACK's sent */
1634 tcp_clean_dsack_blocks(tp);
1638 * We know that the packet was lost, so back out the
1639 * sequence number advance, if any.
1641 * If the error is EPERM the packet got blocked by the
1642 * local firewall. Normally we should terminate the
1643 * connection but the blocking may have been spurious
1644 * due to a firewall reconfiguration cycle. So we treat
1645 * it like a packet loss and let the retransmit timer and
1646 * timeouts do their work over time.
1647 * XXX: It is a POLA question whether calling tcp_drop right
1648 * away would be the really correct behavior instead.
1650 if (((tp->t_flags & TF_FORCEDATA) == 0 ||
1651 !tcp_timer_active(tp, TT_PERSIST)) &&
1652 ((flags & TH_SYN) == 0) &&
1655 p->rxmit = SEQ_MIN(p->end, p->rxmit) - len;
1656 tp->sackhint.sack_bytes_rexmit -= len;
1657 KASSERT(tp->sackhint.sack_bytes_rexmit >= 0,
1658 ("sackhint bytes rtx >= 0"));
1659 KASSERT((flags & TH_FIN) == 0,
1660 ("error while FIN with SACK rxmit"));
1666 if (IN_RECOVERY(tp->t_flags))
1667 tp->sackhint.prr_out -= len;
1669 SOCKBUF_UNLOCK_ASSERT(&so->so_snd); /* Check gotos. */
1673 tp->t_softerror = error;
1676 TCP_XMIT_TIMER_ASSERT(tp, len, flags);
1677 tp->snd_cwnd = tp->t_maxseg;
1681 * For some reason the interface we used initially
1682 * to send segments changed to another or lowered
1684 * If TSO was active we either got an interface
1685 * without TSO capabilits or TSO was turned off.
1686 * If we obtained mtu from ip_output() then update
1690 tp->t_flags &= ~TF_TSO;
1692 tcp_mss_update(tp, -1, mtu, NULL, NULL);
1700 if (TCPS_HAVERCVDSYN(tp->t_state)) {
1701 tp->t_softerror = error;
1709 TCPSTAT_INC(tcps_sndtotal);
1712 * Data sent (as far as we can tell).
1713 * If this advertises a larger window than any other segment,
1714 * then remember the size of the advertised window.
1715 * Any pending ACK has now been sent.
1717 if (SEQ_GT(tp->rcv_nxt + recwin, tp->rcv_adv))
1718 tp->rcv_adv = tp->rcv_nxt + recwin;
1719 tp->last_ack_sent = tp->rcv_nxt;
1720 tp->t_flags &= ~(TF_ACKNOW | TF_DELACK);
1721 if (tcp_timer_active(tp, TT_DELACK))
1722 tcp_timer_activate(tp, TT_DELACK, 0);
1729 tcp_setpersist(struct tcpcb *tp)
1731 int t = ((tp->t_srtt >> 2) + tp->t_rttvar) >> 1;
1735 tp->t_flags &= ~TF_PREVVALID;
1736 if (tcp_timer_active(tp, TT_REXMT))
1737 panic("tcp_setpersist: retransmit pending");
1739 * If the state is already closed, don't bother.
1741 if (tp->t_state == TCPS_CLOSED)
1745 * Start/restart persistence timer.
1747 TCPT_RANGESET(tt, t * tcp_backoff[tp->t_rxtshift],
1748 tcp_persmin, tcp_persmax);
1749 if (TP_MAXUNACKTIME(tp) && tp->t_acktime) {
1750 maxunacktime = tp->t_acktime + TP_MAXUNACKTIME(tp) - ticks;
1751 if (maxunacktime < 1)
1753 if (maxunacktime < tt)
1756 tcp_timer_activate(tp, TT_PERSIST, tt);
1757 if (tp->t_rxtshift < V_tcp_retries)
1762 * Insert TCP options according to the supplied parameters to the place
1763 * optp in a consistent way. Can handle unaligned destinations.
1765 * The order of the option processing is crucial for optimal packing and
1766 * alignment for the scarce option space.
1768 * The optimal order for a SYN/SYN-ACK segment is:
1769 * MSS (4) + NOP (1) + Window scale (3) + SACK permitted (2) +
1770 * Timestamp (10) + Signature (18) = 38 bytes out of a maximum of 40.
1772 * The SACK options should be last. SACK blocks consume 8*n+2 bytes.
1773 * So a full size SACK blocks option is 34 bytes (with 4 SACK blocks).
1774 * At minimum we need 10 bytes (to generate 1 SACK block). If both
1775 * TCP Timestamps (12 bytes) and TCP Signatures (18 bytes) are present,
1776 * we only have 10 bytes for SACK options (40 - (12 + 18)).
1779 tcp_addoptions(struct tcpopt *to, u_char *optp)
1781 u_int32_t mask, optlen = 0;
1783 for (mask = 1; mask < TOF_MAXOPT; mask <<= 1) {
1784 if ((to->to_flags & mask) != mask)
1786 if (optlen == TCP_MAXOLEN)
1788 switch (to->to_flags & mask) {
1790 while (optlen % 4) {
1791 optlen += TCPOLEN_NOP;
1792 *optp++ = TCPOPT_NOP;
1794 if (TCP_MAXOLEN - optlen < TCPOLEN_MAXSEG)
1796 optlen += TCPOLEN_MAXSEG;
1797 *optp++ = TCPOPT_MAXSEG;
1798 *optp++ = TCPOLEN_MAXSEG;
1799 to->to_mss = htons(to->to_mss);
1800 bcopy((u_char *)&to->to_mss, optp, sizeof(to->to_mss));
1801 optp += sizeof(to->to_mss);
1804 while (!optlen || optlen % 2 != 1) {
1805 optlen += TCPOLEN_NOP;
1806 *optp++ = TCPOPT_NOP;
1808 if (TCP_MAXOLEN - optlen < TCPOLEN_WINDOW)
1810 optlen += TCPOLEN_WINDOW;
1811 *optp++ = TCPOPT_WINDOW;
1812 *optp++ = TCPOLEN_WINDOW;
1813 *optp++ = to->to_wscale;
1816 while (optlen % 2) {
1817 optlen += TCPOLEN_NOP;
1818 *optp++ = TCPOPT_NOP;
1820 if (TCP_MAXOLEN - optlen < TCPOLEN_SACK_PERMITTED)
1822 optlen += TCPOLEN_SACK_PERMITTED;
1823 *optp++ = TCPOPT_SACK_PERMITTED;
1824 *optp++ = TCPOLEN_SACK_PERMITTED;
1827 while (!optlen || optlen % 4 != 2) {
1828 optlen += TCPOLEN_NOP;
1829 *optp++ = TCPOPT_NOP;
1831 if (TCP_MAXOLEN - optlen < TCPOLEN_TIMESTAMP)
1833 optlen += TCPOLEN_TIMESTAMP;
1834 *optp++ = TCPOPT_TIMESTAMP;
1835 *optp++ = TCPOLEN_TIMESTAMP;
1836 to->to_tsval = htonl(to->to_tsval);
1837 to->to_tsecr = htonl(to->to_tsecr);
1838 bcopy((u_char *)&to->to_tsval, optp, sizeof(to->to_tsval));
1839 optp += sizeof(to->to_tsval);
1840 bcopy((u_char *)&to->to_tsecr, optp, sizeof(to->to_tsecr));
1841 optp += sizeof(to->to_tsecr);
1845 int siglen = TCPOLEN_SIGNATURE - 2;
1847 while (!optlen || optlen % 4 != 2) {
1848 optlen += TCPOLEN_NOP;
1849 *optp++ = TCPOPT_NOP;
1851 if (TCP_MAXOLEN - optlen < TCPOLEN_SIGNATURE) {
1852 to->to_flags &= ~TOF_SIGNATURE;
1855 optlen += TCPOLEN_SIGNATURE;
1856 *optp++ = TCPOPT_SIGNATURE;
1857 *optp++ = TCPOLEN_SIGNATURE;
1858 to->to_signature = optp;
1866 struct sackblk *sack = (struct sackblk *)to->to_sacks;
1869 while (!optlen || optlen % 4 != 2) {
1870 optlen += TCPOLEN_NOP;
1871 *optp++ = TCPOPT_NOP;
1873 if (TCP_MAXOLEN - optlen < TCPOLEN_SACKHDR + TCPOLEN_SACK)
1875 optlen += TCPOLEN_SACKHDR;
1876 *optp++ = TCPOPT_SACK;
1877 sackblks = min(to->to_nsacks,
1878 (TCP_MAXOLEN - optlen) / TCPOLEN_SACK);
1879 *optp++ = TCPOLEN_SACKHDR + sackblks * TCPOLEN_SACK;
1880 while (sackblks--) {
1881 sack_seq = htonl(sack->start);
1882 bcopy((u_char *)&sack_seq, optp, sizeof(sack_seq));
1883 optp += sizeof(sack_seq);
1884 sack_seq = htonl(sack->end);
1885 bcopy((u_char *)&sack_seq, optp, sizeof(sack_seq));
1886 optp += sizeof(sack_seq);
1887 optlen += TCPOLEN_SACK;
1890 TCPSTAT_INC(tcps_sack_send_blocks);
1897 /* XXX is there any point to aligning this option? */
1898 total_len = TCPOLEN_FAST_OPEN_EMPTY + to->to_tfo_len;
1899 if (TCP_MAXOLEN - optlen < total_len) {
1900 to->to_flags &= ~TOF_FASTOPEN;
1903 *optp++ = TCPOPT_FAST_OPEN;
1904 *optp++ = total_len;
1905 if (to->to_tfo_len > 0) {
1906 bcopy(to->to_tfo_cookie, optp, to->to_tfo_len);
1907 optp += to->to_tfo_len;
1909 optlen += total_len;
1913 panic("%s: unknown TCP option type", __func__);
1918 /* Terminate and pad TCP options to a 4 byte boundary. */
1920 optlen += TCPOLEN_EOL;
1921 *optp++ = TCPOPT_EOL;
1924 * According to RFC 793 (STD0007):
1925 * "The content of the header beyond the End-of-Option option
1926 * must be header padding (i.e., zero)."
1927 * and later: "The padding is composed of zeros."
1929 while (optlen % 4) {
1930 optlen += TCPOLEN_PAD;
1931 *optp++ = TCPOPT_PAD;
1934 KASSERT(optlen <= TCP_MAXOLEN, ("%s: TCP options too long", __func__));
1939 * This is a copy of m_copym(), taking the TSO segment size/limit
1940 * constraints into account, and advancing the sndptr as it goes.
1943 tcp_m_copym(struct mbuf *m, int32_t off0, int32_t *plen,
1944 int32_t seglimit, int32_t segsize, struct sockbuf *sb, bool hw_tls)
1947 struct ktls_session *tls, *ntls;
1948 struct mbuf *start __diagused;
1950 struct mbuf *n, **np;
1953 int32_t len = *plen;
1957 uint32_t mlen, frags;
1960 KASSERT(off >= 0, ("tcp_m_copym, negative off %d", off));
1961 KASSERT(len >= 0, ("tcp_m_copym, negative len %d", len));
1962 if (off == 0 && m->m_flags & M_PKTHDR)
1967 KASSERT(m != NULL, ("tcp_m_copym, offset > size of mbuf chain"));
1971 if ((sb) && (m == sb->sb_sndptr)) {
1972 sb->sb_sndptroff += m->m_len;
1973 sb->sb_sndptr = m->m_next;
1981 if (hw_tls && (m->m_flags & M_EXTPG))
1989 KASSERT(len == M_COPYALL,
1990 ("tcp_m_copym, length > size of mbuf chain"));
1992 if (pkthdrlen != NULL)
1993 *pkthdrlen = len_cp;
1998 if (m->m_flags & M_EXTPG)
1999 ntls = m->m_epg_tls;
2004 * Avoid mixing TLS records with handshake
2005 * data or TLS records from different
2011 if (pkthdrlen != NULL)
2012 *pkthdrlen = len_cp;
2017 mlen = min(len, m->m_len - off);
2020 * For M_EXTPG mbufs, add 3 segments
2021 * + 1 in case we are crossing page boundaries
2022 * + 2 in case the TLS hdr/trailer are used
2023 * It is cheaper to just add the segments
2024 * than it is to take the cache miss to look
2025 * at the mbuf ext_pgs state in detail.
2027 if (m->m_flags & M_EXTPG) {
2028 fragsize = min(segsize, PAGE_SIZE);
2035 /* Break if we really can't fit anymore. */
2036 if ((frags + 1) >= seglimit) {
2038 if (pkthdrlen != NULL)
2039 *pkthdrlen = len_cp;
2044 * Reduce size if you can't copy the whole
2045 * mbuf. If we can't copy the whole mbuf, also
2046 * adjust len so the loop will end after this
2049 if ((frags + howmany(mlen, fragsize)) >= seglimit) {
2050 mlen = (seglimit - frags - 1) * fragsize;
2052 *plen = len_cp + len;
2053 if (pkthdrlen != NULL)
2056 frags += howmany(mlen, fragsize);
2060 KASSERT(seglimit > 0,
2061 ("%s: seglimit went too low", __func__));
2064 n = m_gethdr(M_NOWAIT, m->m_type);
2066 n = m_get(M_NOWAIT, m->m_type);
2071 if (!m_dup_pkthdr(n, m, M_NOWAIT))
2073 if (len == M_COPYALL)
2074 n->m_pkthdr.len -= off0;
2076 n->m_pkthdr.len = len;
2077 pkthdrlen = &n->m_pkthdr.len;
2082 if (m->m_flags & (M_EXT | M_EXTPG)) {
2083 n->m_data = m->m_data + off;
2086 bcopy(mtod(m, caddr_t)+off, mtod(n, caddr_t),
2089 if (sb && (sb->sb_sndptr == m) &&
2090 ((n->m_len + off) >= m->m_len) && m->m_next) {
2091 sb->sb_sndptroff += m->m_len;
2092 sb->sb_sndptr = m->m_next;
2095 if (len != M_COPYALL) {
2108 tcp_sndbuf_autoscale(struct tcpcb *tp, struct socket *so, uint32_t sendwin)
2112 * Automatic sizing of send socket buffer. Often the send buffer
2113 * size is not optimally adjusted to the actual network conditions
2114 * at hand (delay bandwidth product). Setting the buffer size too
2115 * small limits throughput on links with high bandwidth and high
2116 * delay (eg. trans-continental/oceanic links). Setting the
2117 * buffer size too big consumes too much real kernel memory,
2118 * especially with many connections on busy servers.
2120 * The criteria to step up the send buffer one notch are:
2121 * 1. receive window of remote host is larger than send buffer
2122 * (with a fudge factor of 5/4th);
2123 * 2. send buffer is filled to 7/8th with data (so we actually
2124 * have data to make use of it);
2125 * 3. send buffer fill has not hit maximal automatic size;
2126 * 4. our send window (slow start and cogestion controlled) is
2127 * larger than sent but unacknowledged data in send buffer.
2129 * The remote host receive window scaling factor may limit the
2130 * growing of the send buffer before it reaches its allowed
2133 * It scales directly with slow start or congestion window
2134 * and does at most one step per received ACK. This fast
2135 * scaling has the drawback of growing the send buffer beyond
2136 * what is strictly necessary to make full use of a given
2137 * delay*bandwidth product. However testing has shown this not
2138 * to be much of an problem. At worst we are trading wasting
2139 * of available bandwidth (the non-use of it) for wasting some
2140 * socket buffer memory.
2142 * TODO: Shrink send buffer during idle periods together
2143 * with congestion window. Requires another timer. Has to
2144 * wait for upcoming tcp timer rewrite.
2146 * XXXGL: should there be used sbused() or sbavail()?
2148 if (V_tcp_do_autosndbuf && so->so_snd.sb_flags & SB_AUTOSIZE) {
2151 lowat = V_tcp_sendbuf_auto_lowat ? so->so_snd.sb_lowat : 0;
2152 if ((tp->snd_wnd / 4 * 5) >= so->so_snd.sb_hiwat - lowat &&
2153 sbused(&so->so_snd) >=
2154 (so->so_snd.sb_hiwat / 8 * 7) - lowat &&
2155 sbused(&so->so_snd) < V_tcp_autosndbuf_max &&
2156 sendwin >= (sbused(&so->so_snd) -
2157 (tp->snd_nxt - tp->snd_una))) {
2158 if (!sbreserve_locked(so, SO_SND,
2159 min(so->so_snd.sb_hiwat + V_tcp_autosndbuf_inc,
2160 V_tcp_autosndbuf_max), curthread))
2161 so->so_snd.sb_flags &= ~SB_AUTOSIZE;