2 * Copyright (c) 2016-2020 Netflix, Inc.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * Author: Randall Stewart <rrs@netflix.com>
28 * This work is based on the ACM Queue paper
29 * BBR - Congestion Based Congestion Control
30 * and also numerous discussions with Neal, Yuchung and Van.
33 #include <sys/cdefs.h>
34 __FBSDID("$FreeBSD$");
37 #include "opt_inet6.h"
38 #include "opt_ipsec.h"
39 #include "opt_tcpdebug.h"
40 #include "opt_ratelimit.h"
41 #include "opt_kern_tls.h"
42 #include <sys/param.h>
44 #include <sys/module.h>
45 #include <sys/kernel.h>
47 #include <sys/hhook.h>
49 #include <sys/malloc.h>
52 #include <sys/qmath.h>
53 #include <sys/socket.h>
54 #include <sys/socketvar.h>
58 #include <sys/sysctl.h>
59 #include <sys/systm.h>
62 #include <sys/stats.h> /* Must come after qmath.h and tree.h */
64 #include <sys/refcount.h>
65 #include <sys/queue.h>
67 #include <sys/kthread.h>
69 #include <sys/mutex.h>
70 #include <sys/tim_filter.h>
73 #include <sys/kern_prefetch.h>
75 #include <net/route.h>
77 #include <net/ethernet.h>
80 #define TCPSTATES /* for logging */
82 #include <netinet/in.h>
83 #include <netinet/in_kdtrace.h>
84 #include <netinet/in_pcb.h>
85 #include <netinet/ip.h>
86 #include <netinet/ip_icmp.h> /* required for icmp_var.h */
87 #include <netinet/icmp_var.h> /* for ICMP_BANDLIM */
88 #include <netinet/ip_var.h>
89 #include <netinet/ip6.h>
90 #include <netinet6/in6_pcb.h>
91 #include <netinet6/ip6_var.h>
92 #include <netinet/tcp.h>
93 #include <netinet/tcp_fsm.h>
94 #include <netinet/tcp_seq.h>
95 #include <netinet/tcp_timer.h>
96 #include <netinet/tcp_var.h>
97 #include <netinet/tcpip.h>
98 #include <netinet/tcp_hpts.h>
99 #include <netinet/cc/cc.h>
100 #include <netinet/tcp_log_buf.h>
102 #include <netinet/tcp_debug.h>
103 #endif /* TCPDEBUG */
105 #include <netinet/tcp_offload.h>
108 #include <netinet6/tcp6_var.h>
110 #include <netinet/tcp_fastopen.h>
112 #include <netipsec/ipsec_support.h>
114 #include <net/if_var.h>
116 #if defined(IPSEC) || defined(IPSEC_SUPPORT)
117 #include <netipsec/ipsec.h>
118 #include <netipsec/ipsec6.h>
121 #include <netinet/udp.h>
122 #include <netinet/udp_var.h>
123 #include <machine/in_cksum.h>
126 #include <security/mac/mac_framework.h>
128 #include "rack_bbr_common.h"
131 * Common TCP Functions - These are shared by borth
136 ctf_get_opt_tls_size(struct socket *so, uint32_t rwnd)
138 struct ktls_session *tls;
142 tls = so->so_snd.sb_tls_info;
143 len = tls->params.max_frame_len; /* max tls payload */
144 len += tls->params.tls_hlen; /* tls header len */
145 len += tls->params.tls_tlen; /* tls trailer len */
146 if ((len * 4) > rwnd) {
148 * Stroke this will suck counter and what
149 * else should we do Drew? From the
150 * TCP perspective I am not sure
151 * what should be done...
153 if (tls->params.max_frame_len > 4096) {
154 tls->params.max_frame_len -= 4096;
155 if (tls->params.max_frame_len < 4096)
156 tls->params.max_frame_len = 4096;
165 * The function ctf_process_inbound_raw() is used by
166 * transport developers to do the steps needed to
167 * support MBUF Queuing i.e. the flags in
170 * - INP_SUPPORTS_MBUFQ
171 * - INP_MBUF_QUEUE_READY
172 * - INP_DONT_SACK_QUEUE
174 * These flags help control how LRO will deliver
175 * packets to the transport. You first set in inp_flags2
176 * the INP_SUPPORTS_MBUFQ to tell the LRO code that you
177 * will gladly take a queue of packets instead of a compressed
178 * single packet. You also set in your t_fb pointer the
179 * tfb_do_queued_segments to point to ctf_process_inbound_raw.
181 * This then gets you lists of inbound ACK's/Data instead
182 * of a condensed compressed ACK/DATA packet. Why would you
183 * want that? This will get you access to all the arrival
184 * times of at least LRO and possibly at the Hardware (if
185 * the interface card supports that) of the actual ACK/DATA.
186 * In some transport designs this is important since knowing
187 * the actual time we got the packet is useful information.
189 * Now there are some interesting Caveats that the transport
190 * designer needs to take into account when using this feature.
192 * 1) It is used with HPTS and pacing, when the pacing timer
193 * for output calls it will first call the input.
194 * 2) When you set INP_MBUF_QUEUE_READY this tells LRO
195 * queue normal packets, I am busy pacing out data and
196 * will process the queued packets before my tfb_tcp_output
197 * call from pacing. If a non-normal packet arrives, (e.g. sack)
198 * you will be awoken immediately.
199 * 3) Finally you can add the INP_DONT_SACK_QUEUE to not even
200 * be awoken if a SACK has arrived. You would do this when
201 * you were not only running a pacing for output timer
202 * but a Rack timer as well i.e. you know you are in recovery
203 * and are in the process (via the timers) of dealing with
206 * Now a critical thing you must be aware of here is that the
207 * use of the flags has a far greater scope then just your
208 * typical LRO. Why? Well thats because in the normal compressed
209 * LRO case at the end of a driver interupt all packets are going
210 * to get presented to the transport no matter if there is one
211 * or 100. With the MBUF_QUEUE model, this is not true. You will
212 * only be awoken to process the queue of packets when:
213 * a) The flags discussed above allow it.
215 * b) You exceed a ack or data limit (by default the
216 * ack limit is infinity (64k acks) and the data
217 * limit is 64k of new TCP data)
219 * c) The push bit has been set by the peer
223 ctf_process_inbound_raw(struct tcpcb *tp, struct socket *so, struct mbuf *m, int has_pkt)
226 * We are passed a raw change of mbuf packets
227 * that arrived in LRO. They are linked via
228 * the m_nextpkt link in the pkt-headers.
230 * We process each one by:
231 * a) saving off the next
232 * b) stripping off the ether-header
233 * c) formulating the arguments for
234 * the tfb_tcp_hpts_do_segment
235 * d) calling each mbuf to tfb_tcp_hpts_do_segment
236 * after adjusting the time to match the arrival time.
237 * Note that the LRO code assures no IP options are present.
239 * The symantics for calling tfb_tcp_hpts_do_segment are the
241 * 1) It returns 0 if all went well and you (the caller) need
242 * to release the lock.
243 * 2) If nxt_pkt is set, then the function will surpress calls
244 * to tfb_tcp_output() since you are promising to call again
245 * with another packet.
246 * 3) If it returns 1, then you must free all the packets being
247 * shipped in, the tcb has been destroyed (or about to be destroyed).
250 struct ether_header *eh;
253 struct ip6_hdr *ip6 = NULL; /* Keep compiler happy. */
256 struct ip *ip = NULL; /* Keep compiler happy. */
260 int32_t retval, nxt_pkt, tlen, off;
262 uint16_t drop_hdrlen;
263 uint8_t iptos, no_vn=0, bpf_req=0;
267 if (m && m->m_pkthdr.rcvif)
268 ifp = m->m_pkthdr.rcvif;
272 bpf_req = bpf_peers_present(ifp->if_bpf);
275 * We probably should not work around
276 * but kassert, since lro alwasy sets rcvif.
281 CURVNET_SET(ifp->if_vnet);
284 m_save = m->m_nextpkt;
286 /* Now lets get the ether header */
287 eh = mtod(m, struct ether_header *);
288 etype = ntohs(eh->ether_type);
289 /* Let the BPF see the packet */
291 ETHER_BPF_MTAP(ifp, m);
292 m_adj(m, sizeof(*eh));
293 /* Trim off the ethernet header */
298 if (m->m_len < (sizeof(*ip6) + sizeof(*th))) {
299 m = m_pullup(m, sizeof(*ip6) + sizeof(*th));
301 KMOD_TCPSTAT_INC(tcps_rcvshort);
306 ip6 = (struct ip6_hdr *)(eh + 1);
307 th = (struct tcphdr *)(ip6 + 1);
308 tlen = ntohs(ip6->ip6_plen);
309 drop_hdrlen = sizeof(*ip6);
310 if (m->m_pkthdr.csum_flags & CSUM_DATA_VALID_IPV6) {
311 if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR)
312 th->th_sum = m->m_pkthdr.csum_data;
314 th->th_sum = in6_cksum_pseudo(ip6, tlen,
315 IPPROTO_TCP, m->m_pkthdr.csum_data);
316 th->th_sum ^= 0xffff;
318 th->th_sum = in6_cksum(m, IPPROTO_TCP, drop_hdrlen, tlen);
320 KMOD_TCPSTAT_INC(tcps_rcvbadsum);
325 * Be proactive about unspecified IPv6 address in source.
326 * As we use all-zero to indicate unbounded/unconnected pcb,
327 * unspecified IPv6 address can be used to confuse us.
329 * Note that packets with unspecified IPv6 destination is
330 * already dropped in ip6_input.
332 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
337 iptos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
344 if (m->m_len < sizeof (struct tcpiphdr)) {
345 if ((m = m_pullup(m, sizeof (struct tcpiphdr)))
347 KMOD_TCPSTAT_INC(tcps_rcvshort);
352 ip = (struct ip *)(eh + 1);
353 th = (struct tcphdr *)(ip + 1);
354 drop_hdrlen = sizeof(*ip);
356 tlen = ntohs(ip->ip_len) - sizeof(struct ip);
357 if (m->m_pkthdr.csum_flags & CSUM_DATA_VALID) {
358 if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR)
359 th->th_sum = m->m_pkthdr.csum_data;
361 th->th_sum = in_pseudo(ip->ip_src.s_addr,
363 htonl(m->m_pkthdr.csum_data + tlen +
365 th->th_sum ^= 0xffff;
368 struct ipovly *ipov = (struct ipovly *)ip;
370 * Checksum extended TCP header and data.
372 len = drop_hdrlen + tlen;
373 bzero(ipov->ih_x1, sizeof(ipov->ih_x1));
374 ipov->ih_len = htons(tlen);
375 th->th_sum = in_cksum(m, len);
376 /* Reset length for SDT probes. */
377 ip->ip_len = htons(len);
380 /* Re-initialization for later version check */
381 ip->ip_v = IPVERSION;
382 ip->ip_hl = sizeof(*ip) >> 2;
385 KMOD_TCPSTAT_INC(tcps_rcvbadsum);
394 * Convert TCP protocol specific fields to host format.
396 tcp_fields_to_host(th);
398 off = th->th_off << 2;
399 if (off < sizeof (struct tcphdr) || off > tlen) {
400 KMOD_TCPSTAT_INC(tcps_rcvbadoff);
407 * Now lets setup the timeval to be when we should
408 * have been called (if we can).
410 m->m_pkthdr.lro_nsegs = 1;
411 if (m->m_flags & M_TSTMP_LRO) {
412 tv.tv_sec = m->m_pkthdr.rcv_tstmp /1000000000;
413 tv.tv_usec = (m->m_pkthdr.rcv_tstmp % 1000000000)/1000;
415 /* Should not be should we kassert instead? */
418 /* Now what about next packet? */
419 if (m_save || has_pkt)
423 KMOD_TCPSTAT_INC(tcps_rcvtotal);
424 retval = (*tp->t_fb->tfb_do_segment_nounlock)(m, th, so, tp, drop_hdrlen, tlen,
425 iptos, nxt_pkt, &tv);
427 /* We lost the lock and tcb probably */
430 m_save = m->m_nextpkt;
448 ctf_do_queued_segments(struct socket *so, struct tcpcb *tp, int have_pkt)
452 /* First lets see if we have old packets */
456 tp->t_tail_pkt = NULL;
457 if (ctf_process_inbound_raw(tp, so, m, have_pkt)) {
458 /* We lost the tcpcb (maybe a RST came in)? */
461 tcp_handle_wakeup(tp, so);
467 ctf_outstanding(struct tcpcb *tp)
471 bytes_out = tp->snd_max - tp->snd_una;
472 if (tp->t_state < TCPS_ESTABLISHED)
474 if (tp->t_flags & TF_SENTFIN)
480 ctf_flight_size(struct tcpcb *tp, uint32_t rc_sacked)
482 if (rc_sacked <= ctf_outstanding(tp))
483 return(ctf_outstanding(tp) - rc_sacked);
487 panic("tp:%p rc_sacked:%d > out:%d",
488 tp, rc_sacked, ctf_outstanding(tp));
495 ctf_do_dropwithreset(struct mbuf *m, struct tcpcb *tp, struct tcphdr *th,
496 int32_t rstreason, int32_t tlen)
499 tcp_dropwithreset(m, th, tp, tlen, rstreason);
500 INP_WUNLOCK(tp->t_inpcb);
502 tcp_dropwithreset(m, th, NULL, tlen, rstreason);
506 * ctf_drop_checks returns 1 for you should not proceed. It places
507 * in ret_val what should be returned 1/0 by the caller. The 1 indicates
508 * that the TCB is unlocked and probably dropped. The 0 indicates the
509 * TCB is still valid and locked.
512 ctf_drop_checks(struct tcpopt *to, struct mbuf *m, struct tcphdr *th, struct tcpcb *tp, int32_t * tlenp, int32_t * thf, int32_t * drop_hdrlen, int32_t * ret_val)
520 todrop = tp->rcv_nxt - th->th_seq;
522 if (thflags & TH_SYN) {
532 * Following if statement from Stevens, vol. 2, p. 960.
535 || (todrop == tlen && (thflags & TH_FIN) == 0)) {
537 * Any valid FIN must be to the left of the window.
538 * At this point the FIN must be a duplicate or out
539 * of sequence; drop it.
543 * Send an ACK to resynchronize and drop any data.
544 * But keep on processing for RST or ACK.
546 tp->t_flags |= TF_ACKNOW;
548 KMOD_TCPSTAT_INC(tcps_rcvduppack);
549 KMOD_TCPSTAT_ADD(tcps_rcvdupbyte, todrop);
551 KMOD_TCPSTAT_INC(tcps_rcvpartduppack);
552 KMOD_TCPSTAT_ADD(tcps_rcvpartdupbyte, todrop);
555 * DSACK - add SACK block for dropped range
557 if ((todrop > 0) && (tp->t_flags & TF_SACK_PERMIT)) {
558 tcp_update_sack_list(tp, th->th_seq,
559 th->th_seq + todrop);
561 * ACK now, as the next in-sequence segment
562 * will clear the DSACK block again
564 tp->t_flags |= TF_ACKNOW;
566 *drop_hdrlen += todrop; /* drop from the top afterwards */
567 th->th_seq += todrop;
569 if (th->th_urp > todrop)
570 th->th_urp -= todrop;
577 * If segment ends after window, drop trailing data (and PUSH and
578 * FIN); if nothing left, just ACK.
580 todrop = (th->th_seq + tlen) - (tp->rcv_nxt + tp->rcv_wnd);
582 KMOD_TCPSTAT_INC(tcps_rcvpackafterwin);
583 if (todrop >= tlen) {
584 KMOD_TCPSTAT_ADD(tcps_rcvbyteafterwin, tlen);
586 * If window is closed can only take segments at
587 * window edge, and have to drop data and PUSH from
588 * incoming segments. Continue processing, but
589 * remember to ack. Otherwise, drop segment and
592 if (tp->rcv_wnd == 0 && th->th_seq == tp->rcv_nxt) {
593 tp->t_flags |= TF_ACKNOW;
594 KMOD_TCPSTAT_INC(tcps_rcvwinprobe);
596 ctf_do_dropafterack(m, tp, th, thflags, tlen, ret_val);
600 KMOD_TCPSTAT_ADD(tcps_rcvbyteafterwin, todrop);
603 thflags &= ~(TH_PUSH | TH_FIN);
611 * The value in ret_val informs the caller
612 * if we dropped the tcb (and lock) or not.
613 * 1 = we dropped it, 0 = the TCB is still locked
617 ctf_do_dropafterack(struct mbuf *m, struct tcpcb *tp, struct tcphdr *th, int32_t thflags, int32_t tlen, int32_t * ret_val)
620 * Generate an ACK dropping incoming segment if it occupies sequence
621 * space, where the ACK reflects our state.
623 * We can now skip the test for the RST flag since all paths to this
624 * code happen after packets containing RST have been dropped.
626 * In the SYN-RECEIVED state, don't send an ACK unless the segment
627 * we received passes the SYN-RECEIVED ACK test. If it fails send a
628 * RST. This breaks the loop in the "LAND" DoS attack, and also
629 * prevents an ACK storm between two listening ports that have been
630 * sent forged SYN segments, each with the source address of the
633 if (tp->t_state == TCPS_SYN_RECEIVED && (thflags & TH_ACK) &&
634 (SEQ_GT(tp->snd_una, th->th_ack) ||
635 SEQ_GT(th->th_ack, tp->snd_max))) {
637 ctf_do_dropwithreset(m, tp, th, BANDLIM_RST_OPENPORT, tlen);
641 tp->t_flags |= TF_ACKNOW;
647 ctf_do_drop(struct mbuf *m, struct tcpcb *tp)
651 * Drop space held by incoming segment and return.
654 INP_WUNLOCK(tp->t_inpcb);
660 ctf_process_rst(struct mbuf *m, struct tcphdr *th, struct socket *so, struct tcpcb *tp)
663 * RFC5961 Section 3.2
665 * - RST drops connection only if SEG.SEQ == RCV.NXT. - If RST is in
666 * window, we send challenge ACK.
668 * Note: to take into account delayed ACKs, we should test against
669 * last_ack_sent instead of rcv_nxt. Note 2: we handle special case
670 * of closed window, not covered by the RFC.
674 if ((SEQ_GEQ(th->th_seq, (tp->last_ack_sent - 1)) &&
675 SEQ_LT(th->th_seq, tp->last_ack_sent + tp->rcv_wnd)) ||
676 (tp->rcv_wnd == 0 && tp->last_ack_sent == th->th_seq)) {
677 KASSERT(tp->t_state != TCPS_SYN_SENT,
678 ("%s: TH_RST for TCPS_SYN_SENT th %p tp %p",
681 if (V_tcp_insecure_rst ||
682 (tp->last_ack_sent == th->th_seq) ||
683 (tp->rcv_nxt == th->th_seq) ||
684 ((tp->last_ack_sent - 1) == th->th_seq)) {
685 KMOD_TCPSTAT_INC(tcps_drops);
686 /* Drop the connection. */
687 switch (tp->t_state) {
688 case TCPS_SYN_RECEIVED:
689 so->so_error = ECONNREFUSED;
691 case TCPS_ESTABLISHED:
692 case TCPS_FIN_WAIT_1:
693 case TCPS_FIN_WAIT_2:
694 case TCPS_CLOSE_WAIT:
697 so->so_error = ECONNRESET;
699 tcp_state_change(tp, TCPS_CLOSED);
702 tcp_log_end_status(tp, TCP_EI_STATUS_CLIENT_RST);
708 KMOD_TCPSTAT_INC(tcps_badrst);
709 /* Send challenge ACK. */
710 tcp_respond(tp, mtod(m, void *), th, m,
711 tp->rcv_nxt, tp->snd_nxt, TH_ACK);
712 tp->last_ack_sent = tp->rcv_nxt;
721 * The value in ret_val informs the caller
722 * if we dropped the tcb (and lock) or not.
723 * 1 = we dropped it, 0 = the TCB is still locked
727 ctf_challenge_ack(struct mbuf *m, struct tcphdr *th, struct tcpcb *tp, int32_t * ret_val)
732 KMOD_TCPSTAT_INC(tcps_badsyn);
733 if (V_tcp_insecure_syn &&
734 SEQ_GEQ(th->th_seq, tp->last_ack_sent) &&
735 SEQ_LT(th->th_seq, tp->last_ack_sent + tp->rcv_wnd)) {
736 tp = tcp_drop(tp, ECONNRESET);
740 /* Send challenge ACK. */
741 tcp_respond(tp, mtod(m, void *), th, m, tp->rcv_nxt,
742 tp->snd_nxt, TH_ACK);
743 tp->last_ack_sent = tp->rcv_nxt;
746 ctf_do_drop(m, NULL);
751 * bbr_ts_check returns 1 for you should not proceed, the state
752 * machine should return. It places in ret_val what should
753 * be returned 1/0 by the caller (hpts_do_segment). The 1 indicates
754 * that the TCB is unlocked and probably dropped. The 0 indicates the
755 * TCB is still valid and locked.
758 ctf_ts_check(struct mbuf *m, struct tcphdr *th, struct tcpcb *tp,
759 int32_t tlen, int32_t thflags, int32_t * ret_val)
762 if (tcp_ts_getticks() - tp->ts_recent_age > TCP_PAWS_IDLE) {
764 * Invalidate ts_recent. If this segment updates ts_recent,
765 * the age will be reset later and ts_recent will get a
766 * valid value. If it does not, setting ts_recent to zero
767 * will at least satisfy the requirement that zero be placed
768 * in the timestamp echo reply when ts_recent isn't valid.
769 * The age isn't reset until we get a valid ts_recent
770 * because we don't want out-of-order segments to be dropped
771 * when ts_recent is old.
775 KMOD_TCPSTAT_INC(tcps_rcvduppack);
776 KMOD_TCPSTAT_ADD(tcps_rcvdupbyte, tlen);
777 KMOD_TCPSTAT_INC(tcps_pawsdrop);
780 ctf_do_dropafterack(m, tp, th, thflags, tlen, ret_val);
782 ctf_do_drop(m, NULL);
790 ctf_calc_rwin(struct socket *so, struct tcpcb *tp)
795 * Calculate amount of space in receive window, and then do TCP
796 * input processing. Receive window is amount of space in rcv queue,
797 * but not less than advertised window.
799 win = sbspace(&so->so_rcv);
802 tp->rcv_wnd = imax(win, (int)(tp->rcv_adv - tp->rcv_nxt));
806 ctf_do_dropwithreset_conn(struct mbuf *m, struct tcpcb *tp, struct tcphdr *th,
807 int32_t rstreason, int32_t tlen)
811 tcp_set_inp_to_drop(tp->t_inpcb, ETIMEDOUT);
813 tcp_dropwithreset(m, th, tp, tlen, rstreason);
814 INP_WUNLOCK(tp->t_inpcb);
818 ctf_fixed_maxseg(struct tcpcb *tp)
822 if (tp->t_flags & TF_NOOPT)
823 return (tp->t_maxseg);
826 * Here we have a simplified code from tcp_addoptions(),
827 * without a proper loop, and having most of paddings hardcoded.
828 * We only consider fixed options that we would send every
829 * time I.e. SACK is not considered.
832 #define PAD(len) ((((len) / 4) + !!((len) % 4)) * 4)
833 if (TCPS_HAVEESTABLISHED(tp->t_state)) {
834 if (tp->t_flags & TF_RCVD_TSTMP)
835 optlen = TCPOLEN_TSTAMP_APPA;
838 #if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
839 if (tp->t_flags & TF_SIGNATURE)
840 optlen += PAD(TCPOLEN_SIGNATURE);
843 if (tp->t_flags & TF_REQ_TSTMP)
844 optlen = TCPOLEN_TSTAMP_APPA;
846 optlen = PAD(TCPOLEN_MAXSEG);
847 if (tp->t_flags & TF_REQ_SCALE)
848 optlen += PAD(TCPOLEN_WINDOW);
849 #if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
850 if (tp->t_flags & TF_SIGNATURE)
851 optlen += PAD(TCPOLEN_SIGNATURE);
853 if (tp->t_flags & TF_SACK_PERMIT)
854 optlen += PAD(TCPOLEN_SACK_PERMITTED);
857 optlen = min(optlen, TCP_MAXOLEN);
858 return (tp->t_maxseg - optlen);
862 ctf_log_sack_filter(struct tcpcb *tp, int num_sack_blks, struct sackblk *sack_blocks)
864 if (tp->t_logstate != TCP_LOG_STATE_OFF) {
865 union tcp_log_stackspecific log;
868 memset(&log, 0, sizeof(log));
869 log.u_bbr.timeStamp = tcp_get_usecs(&tv);
870 log.u_bbr.flex8 = num_sack_blks;
871 if (num_sack_blks > 0) {
872 log.u_bbr.flex1 = sack_blocks[0].start;
873 log.u_bbr.flex2 = sack_blocks[0].end;
875 if (num_sack_blks > 1) {
876 log.u_bbr.flex3 = sack_blocks[1].start;
877 log.u_bbr.flex4 = sack_blocks[1].end;
879 if (num_sack_blks > 2) {
880 log.u_bbr.flex5 = sack_blocks[2].start;
881 log.u_bbr.flex6 = sack_blocks[2].end;
883 if (num_sack_blks > 3) {
884 log.u_bbr.applimited = sack_blocks[3].start;
885 log.u_bbr.pkts_out = sack_blocks[3].end;
887 TCP_LOG_EVENTP(tp, NULL,
888 &tp->t_inpcb->inp_socket->so_rcv,
889 &tp->t_inpcb->inp_socket->so_snd,
890 TCP_SACK_FILTER_RES, 0,
891 0, &log, false, &tv);
896 ctf_decay_count(uint32_t count, uint32_t decay)
899 * Given a count, decay it by a set percentage. The
900 * percentage is in thousands i.e. 100% = 1000,
903 uint64_t perc_count, decay_per;
904 uint32_t decayed_count;
906 /* We don't raise it */
911 perc_count *= decay_per;
914 * So now perc_count holds the
917 decayed_count = count - (uint32_t)perc_count;
918 return(decayed_count);
922 ctf_progress_timeout_check(struct tcpcb *tp, bool log)
924 if (tp->t_maxunacktime && tp->t_acktime && TSTMP_GT(ticks, tp->t_acktime)) {
925 if ((ticks - tp->t_acktime) >= tp->t_maxunacktime) {
927 * There is an assumption that the caller
928 * will drop the connection so we will
929 * increment the counters here.
932 tcp_log_end_status(tp, TCP_EI_STATUS_PROGRESS);
934 KMOD_TCPSTAT_INC(tcps_progdrops);