2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
5 * The Regents of the University of California. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * @(#)tcp_timer.c 8.2 (Berkeley) 5/24/95
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
38 #include "opt_inet6.h"
39 #include "opt_tcpdebug.h"
42 #include <sys/param.h>
43 #include <sys/kernel.h>
46 #include <sys/mutex.h>
47 #include <sys/protosw.h>
49 #include <sys/socket.h>
50 #include <sys/socketvar.h>
51 #include <sys/sysctl.h>
52 #include <sys/systm.h>
55 #include <net/route.h>
56 #include <net/rss_config.h>
58 #include <net/netisr.h>
60 #include <netinet/in.h>
61 #include <netinet/in_kdtrace.h>
62 #include <netinet/in_pcb.h>
63 #include <netinet/in_rss.h>
64 #include <netinet/in_systm.h>
66 #include <netinet6/in6_pcb.h>
68 #include <netinet/ip_var.h>
69 #include <netinet/tcp.h>
70 #include <netinet/tcp_fsm.h>
71 #include <netinet/tcp_timer.h>
72 #include <netinet/tcp_var.h>
73 #include <netinet/cc/cc.h>
75 #include <netinet6/tcp6_var.h>
77 #include <netinet/tcpip.h>
79 #include <netinet/tcp_debug.h>
83 SYSCTL_PROC(_net_inet_tcp, OID_AUTO, persmin, CTLTYPE_INT|CTLFLAG_RW,
84 &tcp_persmin, 0, sysctl_msec_to_ticks, "I", "minimum persistence interval");
87 SYSCTL_PROC(_net_inet_tcp, OID_AUTO, persmax, CTLTYPE_INT|CTLFLAG_RW,
88 &tcp_persmax, 0, sysctl_msec_to_ticks, "I", "maximum persistence interval");
91 SYSCTL_PROC(_net_inet_tcp, TCPCTL_KEEPINIT, keepinit, CTLTYPE_INT|CTLFLAG_RW,
92 &tcp_keepinit, 0, sysctl_msec_to_ticks, "I", "time to establish connection");
95 SYSCTL_PROC(_net_inet_tcp, TCPCTL_KEEPIDLE, keepidle, CTLTYPE_INT|CTLFLAG_RW,
96 &tcp_keepidle, 0, sysctl_msec_to_ticks, "I", "time before keepalive probes begin");
99 SYSCTL_PROC(_net_inet_tcp, TCPCTL_KEEPINTVL, keepintvl, CTLTYPE_INT|CTLFLAG_RW,
100 &tcp_keepintvl, 0, sysctl_msec_to_ticks, "I", "time between keepalive probes");
103 SYSCTL_PROC(_net_inet_tcp, TCPCTL_DELACKTIME, delacktime, CTLTYPE_INT|CTLFLAG_RW,
104 &tcp_delacktime, 0, sysctl_msec_to_ticks, "I",
105 "Time before a delayed ACK is sent");
108 SYSCTL_PROC(_net_inet_tcp, OID_AUTO, msl, CTLTYPE_INT|CTLFLAG_RW,
109 &tcp_msl, 0, sysctl_msec_to_ticks, "I", "Maximum segment lifetime");
112 SYSCTL_PROC(_net_inet_tcp, OID_AUTO, rexmit_min, CTLTYPE_INT|CTLFLAG_RW,
113 &tcp_rexmit_min, 0, sysctl_msec_to_ticks, "I",
114 "Minimum Retransmission Timeout");
117 SYSCTL_PROC(_net_inet_tcp, OID_AUTO, rexmit_slop, CTLTYPE_INT|CTLFLAG_RW,
118 &tcp_rexmit_slop, 0, sysctl_msec_to_ticks, "I",
119 "Retransmission Timer Slop");
121 int tcp_always_keepalive = 1;
122 SYSCTL_INT(_net_inet_tcp, OID_AUTO, always_keepalive, CTLFLAG_RW,
123 &tcp_always_keepalive , 0, "Assume SO_KEEPALIVE on all TCP connections");
125 int tcp_fast_finwait2_recycle = 0;
126 SYSCTL_INT(_net_inet_tcp, OID_AUTO, fast_finwait2_recycle, CTLFLAG_RW,
127 &tcp_fast_finwait2_recycle, 0,
128 "Recycle closed FIN_WAIT_2 connections faster");
130 int tcp_finwait2_timeout;
131 SYSCTL_PROC(_net_inet_tcp, OID_AUTO, finwait2_timeout, CTLTYPE_INT|CTLFLAG_RW,
132 &tcp_finwait2_timeout, 0, sysctl_msec_to_ticks, "I", "FIN-WAIT2 timeout");
134 int tcp_keepcnt = TCPTV_KEEPCNT;
135 SYSCTL_INT(_net_inet_tcp, OID_AUTO, keepcnt, CTLFLAG_RW, &tcp_keepcnt, 0,
136 "Number of keepalive probes to send");
138 /* max idle probes */
139 int tcp_maxpersistidle;
141 static int tcp_rexmit_drop_options = 0;
142 SYSCTL_INT(_net_inet_tcp, OID_AUTO, rexmit_drop_options, CTLFLAG_RW,
143 &tcp_rexmit_drop_options, 0,
144 "Drop TCP options from 3rd and later retransmitted SYN");
146 VNET_DEFINE(int, tcp_pmtud_blackhole_detect);
147 SYSCTL_INT(_net_inet_tcp, OID_AUTO, pmtud_blackhole_detection,
148 CTLFLAG_RW|CTLFLAG_VNET,
149 &VNET_NAME(tcp_pmtud_blackhole_detect), 0,
150 "Path MTU Discovery Black Hole Detection Enabled");
153 VNET_DEFINE(int, tcp_pmtud_blackhole_mss) = 1200;
154 SYSCTL_INT(_net_inet_tcp, OID_AUTO, pmtud_blackhole_mss,
155 CTLFLAG_RW|CTLFLAG_VNET,
156 &VNET_NAME(tcp_pmtud_blackhole_mss), 0,
157 "Path MTU Discovery Black Hole Detection lowered MSS");
161 VNET_DEFINE(int, tcp_v6pmtud_blackhole_mss) = 1220;
162 SYSCTL_INT(_net_inet_tcp, OID_AUTO, v6pmtud_blackhole_mss,
163 CTLFLAG_RW|CTLFLAG_VNET,
164 &VNET_NAME(tcp_v6pmtud_blackhole_mss), 0,
165 "Path MTU Discovery IPv6 Black Hole Detection lowered MSS");
169 static int per_cpu_timers = 1;
171 static int per_cpu_timers = 0;
173 SYSCTL_INT(_net_inet_tcp, OID_AUTO, per_cpu_timers, CTLFLAG_RW,
174 &per_cpu_timers , 0, "run tcp timers on all cpus");
177 #define INP_CPU(inp) (per_cpu_timers ? (!CPU_ABSENT(((inp)->inp_flowid % (mp_maxid+1))) ? \
178 ((inp)->inp_flowid % (mp_maxid+1)) : curcpu) : 0)
182 * Map the given inp to a CPU id.
184 * This queries RSS if it's compiled in, else it defaults to the current
188 inp_to_cpuid(struct inpcb *inp)
193 if (per_cpu_timers) {
194 cpuid = rss_hash2cpuid(inp->inp_flowid, inp->inp_flowtype);
195 if (cpuid == NETISR_CPUID_NONE)
196 return (curcpu); /* XXX */
201 /* Legacy, pre-RSS behaviour */
202 if (per_cpu_timers) {
204 * We don't have a flowid -> cpuid mapping, so cheat and
205 * just map unknown cpuids to curcpu. Not the best, but
206 * apparently better than defaulting to swi 0.
208 cpuid = inp->inp_flowid % (mp_maxid + 1);
209 if (! CPU_ABSENT(cpuid))
214 /* Default for RSS and non-RSS - cpuid 0 */
221 * Tcp protocol timeout routine called every 500 ms.
222 * Updates timestamps used for TCP
223 * causes finite state machine actions if timers expire.
228 VNET_ITERATOR_DECL(vnet_iter);
230 VNET_LIST_RLOCK_NOSLEEP();
231 VNET_FOREACH(vnet_iter) {
232 CURVNET_SET(vnet_iter);
233 (void) tcp_tw_2msl_scan(0);
236 VNET_LIST_RUNLOCK_NOSLEEP();
239 int tcp_syn_backoff[TCP_MAXRXTSHIFT + 1] =
240 { 1, 1, 1, 1, 1, 2, 4, 8, 16, 32, 64, 64, 64 };
242 int tcp_backoff[TCP_MAXRXTSHIFT + 1] =
243 { 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 512, 512, 512 };
245 static int tcp_totbackoff = 2559; /* sum of tcp_backoff[] */
248 * TCP timer processing.
252 tcp_timer_delack(void *xtp)
254 struct tcpcb *tp = xtp;
256 CURVNET_SET(tp->t_vnet);
259 KASSERT(inp != NULL, ("%s: tp %p tp->t_inpcb == NULL", __func__, tp));
261 if (callout_pending(&tp->t_timers->tt_delack) ||
262 !callout_active(&tp->t_timers->tt_delack)) {
267 callout_deactivate(&tp->t_timers->tt_delack);
268 if ((inp->inp_flags & INP_DROPPED) != 0) {
273 tp->t_flags |= TF_ACKNOW;
274 TCPSTAT_INC(tcps_delack);
275 (void) tp->t_fb->tfb_tcp_output(tp);
281 * When a timer wants to remove a TCB it must
282 * hold the INP_INFO_RLOCK(). The timer function
283 * should only have grabbed the INP_WLOCK() when
284 * it entered. To safely switch to holding both the
285 * INP_INFO_RLOCK() and the INP_WLOCK() we must first
286 * grab a reference on the inp, which will hold the inp
287 * so that it can't be removed. We then unlock the INP_WLOCK(),
288 * and grab the INP_INFO_RLOCK() lock. Once we have the INP_INFO_RLOCK()
289 * we proceed again to get the INP_WLOCK() (this preserves proper
290 * lock order). After acquiring the INP_WLOCK we must check if someone
291 * else deleted the pcb i.e. the inp_flags check.
292 * If so we return 1 otherwise we return 0.
294 * No matter what the tcp_inpinfo_lock_add() function
295 * returns the caller must afterwards call tcp_inpinfo_lock_del()
296 * to drop the locks and reference properly.
300 tcp_inpinfo_lock_add(struct inpcb *inp)
304 INP_INFO_RLOCK(&V_tcbinfo);
306 if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
314 tcp_inpinfo_lock_del(struct inpcb *inp, struct tcpcb *tp)
316 INP_INFO_RUNLOCK(&V_tcbinfo);
317 if (inp && (tp == NULL)) {
319 * If tcp_close/drop() gets called and tp
320 * returns NULL, then the function dropped
321 * the inp lock, we hold a reference keeping
322 * this around, so we must re-aquire the
323 * INP_WLOCK() in order to proceed with
324 * our dropping the inp reference.
328 if (inp && in_pcbrele_wlocked(inp) == 0)
333 tcp_timer_2msl(void *xtp)
335 struct tcpcb *tp = xtp;
337 CURVNET_SET(tp->t_vnet);
341 ostate = tp->t_state;
344 KASSERT(inp != NULL, ("%s: tp %p tp->t_inpcb == NULL", __func__, tp));
346 tcp_free_sackholes(tp);
347 if (callout_pending(&tp->t_timers->tt_2msl) ||
348 !callout_active(&tp->t_timers->tt_2msl)) {
349 INP_WUNLOCK(tp->t_inpcb);
353 callout_deactivate(&tp->t_timers->tt_2msl);
354 if ((inp->inp_flags & INP_DROPPED) != 0) {
359 KASSERT((tp->t_timers->tt_flags & TT_STOPPED) == 0,
360 ("%s: tp %p tcpcb can't be stopped here", __func__, tp));
362 * 2 MSL timeout in shutdown went off. If we're closed but
363 * still waiting for peer to close and connection has been idle
364 * too long delete connection control block. Otherwise, check
367 * If in TIME_WAIT state just ignore as this timeout is handled in
368 * tcp_tw_2msl_scan().
370 * If fastrecycle of FIN_WAIT_2, in FIN_WAIT_2 and receiver has closed,
371 * there's no point in hanging onto FIN_WAIT_2 socket. Just close it.
372 * Ignore fact that there were recent incoming segments.
374 if ((inp->inp_flags & INP_TIMEWAIT) != 0) {
379 if (tcp_fast_finwait2_recycle && tp->t_state == TCPS_FIN_WAIT_2 &&
380 tp->t_inpcb && tp->t_inpcb->inp_socket &&
381 (tp->t_inpcb->inp_socket->so_rcv.sb_state & SBS_CANTRCVMORE)) {
382 TCPSTAT_INC(tcps_finwait2_drops);
383 if (tcp_inpinfo_lock_add(inp)) {
384 tcp_inpinfo_lock_del(inp, tp);
388 tcp_inpinfo_lock_del(inp, tp);
391 if (ticks - tp->t_rcvtime <= TP_MAXIDLE(tp)) {
392 callout_reset(&tp->t_timers->tt_2msl,
393 TP_KEEPINTVL(tp), tcp_timer_2msl, tp);
395 if (tcp_inpinfo_lock_add(inp)) {
396 tcp_inpinfo_lock_del(inp, tp);
400 tcp_inpinfo_lock_del(inp, tp);
406 if (tp != NULL && (tp->t_inpcb->inp_socket->so_options & SO_DEBUG))
407 tcp_trace(TA_USER, ostate, tp, (void *)0, (struct tcphdr *)0,
410 TCP_PROBE2(debug__user, tp, PRU_SLOWTIMO);
419 tcp_timer_keep(void *xtp)
421 struct tcpcb *tp = xtp;
422 struct tcptemp *t_template;
424 CURVNET_SET(tp->t_vnet);
428 ostate = tp->t_state;
431 KASSERT(inp != NULL, ("%s: tp %p tp->t_inpcb == NULL", __func__, tp));
433 if (callout_pending(&tp->t_timers->tt_keep) ||
434 !callout_active(&tp->t_timers->tt_keep)) {
439 callout_deactivate(&tp->t_timers->tt_keep);
440 if ((inp->inp_flags & INP_DROPPED) != 0) {
445 KASSERT((tp->t_timers->tt_flags & TT_STOPPED) == 0,
446 ("%s: tp %p tcpcb can't be stopped here", __func__, tp));
449 * Because we don't regularly reset the keepalive callout in
450 * the ESTABLISHED state, it may be that we don't actually need
451 * to send a keepalive yet. If that occurs, schedule another
452 * call for the next time the keepalive timer might expire.
454 if (TCPS_HAVEESTABLISHED(tp->t_state)) {
457 idletime = ticks - tp->t_rcvtime;
458 if (idletime < TP_KEEPIDLE(tp)) {
459 callout_reset(&tp->t_timers->tt_keep,
460 TP_KEEPIDLE(tp) - idletime, tcp_timer_keep, tp);
468 * Keep-alive timer went off; send something
469 * or drop connection if idle for too long.
471 TCPSTAT_INC(tcps_keeptimeo);
472 if (tp->t_state < TCPS_ESTABLISHED)
474 if ((tcp_always_keepalive ||
475 inp->inp_socket->so_options & SO_KEEPALIVE) &&
476 tp->t_state <= TCPS_CLOSING) {
477 if (ticks - tp->t_rcvtime >= TP_KEEPIDLE(tp) + TP_MAXIDLE(tp))
480 * Send a packet designed to force a response
481 * if the peer is up and reachable:
482 * either an ACK if the connection is still alive,
483 * or an RST if the peer has closed the connection
484 * due to timeout or reboot.
485 * Using sequence number tp->snd_una-1
486 * causes the transmitted zero-length segment
487 * to lie outside the receive window;
488 * by the protocol spec, this requires the
489 * correspondent TCP to respond.
491 TCPSTAT_INC(tcps_keepprobe);
492 t_template = tcpip_maketemplate(inp);
494 tcp_respond(tp, t_template->tt_ipgen,
495 &t_template->tt_t, (struct mbuf *)NULL,
496 tp->rcv_nxt, tp->snd_una - 1, 0);
497 free(t_template, M_TEMP);
499 callout_reset(&tp->t_timers->tt_keep, TP_KEEPINTVL(tp),
502 callout_reset(&tp->t_timers->tt_keep, TP_KEEPIDLE(tp),
506 if (inp->inp_socket->so_options & SO_DEBUG)
507 tcp_trace(TA_USER, ostate, tp, (void *)0, (struct tcphdr *)0,
510 TCP_PROBE2(debug__user, tp, PRU_SLOWTIMO);
516 TCPSTAT_INC(tcps_keepdrops);
518 if (tcp_inpinfo_lock_add(inp)) {
519 tcp_inpinfo_lock_del(inp, tp);
522 tp = tcp_drop(tp, ETIMEDOUT);
525 if (tp != NULL && (tp->t_inpcb->inp_socket->so_options & SO_DEBUG))
526 tcp_trace(TA_USER, ostate, tp, (void *)0, (struct tcphdr *)0,
529 TCP_PROBE2(debug__user, tp, PRU_SLOWTIMO);
530 tcp_inpinfo_lock_del(inp, tp);
536 tcp_timer_persist(void *xtp)
538 struct tcpcb *tp = xtp;
540 CURVNET_SET(tp->t_vnet);
544 ostate = tp->t_state;
547 KASSERT(inp != NULL, ("%s: tp %p tp->t_inpcb == NULL", __func__, tp));
549 if (callout_pending(&tp->t_timers->tt_persist) ||
550 !callout_active(&tp->t_timers->tt_persist)) {
555 callout_deactivate(&tp->t_timers->tt_persist);
556 if ((inp->inp_flags & INP_DROPPED) != 0) {
561 KASSERT((tp->t_timers->tt_flags & TT_STOPPED) == 0,
562 ("%s: tp %p tcpcb can't be stopped here", __func__, tp));
564 * Persistence timer into zero window.
565 * Force a byte to be output, if possible.
567 TCPSTAT_INC(tcps_persisttimeo);
569 * Hack: if the peer is dead/unreachable, we do not
570 * time out if the window is closed. After a full
571 * backoff, drop the connection if the idle time
572 * (no responses to probes) reaches the maximum
573 * backoff that we would use if retransmitting.
575 if (tp->t_rxtshift == TCP_MAXRXTSHIFT &&
576 (ticks - tp->t_rcvtime >= tcp_maxpersistidle ||
577 ticks - tp->t_rcvtime >= TCP_REXMTVAL(tp) * tcp_totbackoff)) {
578 TCPSTAT_INC(tcps_persistdrop);
579 if (tcp_inpinfo_lock_add(inp)) {
580 tcp_inpinfo_lock_del(inp, tp);
583 tp = tcp_drop(tp, ETIMEDOUT);
584 tcp_inpinfo_lock_del(inp, tp);
588 * If the user has closed the socket then drop a persisting
589 * connection after a much reduced timeout.
591 if (tp->t_state > TCPS_CLOSE_WAIT &&
592 (ticks - tp->t_rcvtime) >= TCPTV_PERSMAX) {
593 TCPSTAT_INC(tcps_persistdrop);
594 if (tcp_inpinfo_lock_add(inp)) {
595 tcp_inpinfo_lock_del(inp, tp);
598 tp = tcp_drop(tp, ETIMEDOUT);
599 tcp_inpinfo_lock_del(inp, tp);
603 tp->t_flags |= TF_FORCEDATA;
604 (void) tp->t_fb->tfb_tcp_output(tp);
605 tp->t_flags &= ~TF_FORCEDATA;
608 if (tp != NULL && tp->t_inpcb->inp_socket->so_options & SO_DEBUG)
609 tcp_trace(TA_USER, ostate, tp, NULL, NULL, PRU_SLOWTIMO);
611 TCP_PROBE2(debug__user, tp, PRU_SLOWTIMO);
618 tcp_timer_rexmt(void * xtp)
620 struct tcpcb *tp = xtp;
621 CURVNET_SET(tp->t_vnet);
627 ostate = tp->t_state;
630 KASSERT(inp != NULL, ("%s: tp %p tp->t_inpcb == NULL", __func__, tp));
632 if (callout_pending(&tp->t_timers->tt_rexmt) ||
633 !callout_active(&tp->t_timers->tt_rexmt)) {
638 callout_deactivate(&tp->t_timers->tt_rexmt);
639 if ((inp->inp_flags & INP_DROPPED) != 0) {
644 KASSERT((tp->t_timers->tt_flags & TT_STOPPED) == 0,
645 ("%s: tp %p tcpcb can't be stopped here", __func__, tp));
646 tcp_free_sackholes(tp);
647 if (tp->t_fb->tfb_tcp_rexmit_tmr) {
648 /* The stack has a timer action too. */
649 (*tp->t_fb->tfb_tcp_rexmit_tmr)(tp);
652 * Retransmission timer went off. Message has not
653 * been acked within retransmit interval. Back off
654 * to a longer retransmit interval and retransmit one segment.
656 if (++tp->t_rxtshift > TCP_MAXRXTSHIFT) {
657 tp->t_rxtshift = TCP_MAXRXTSHIFT;
658 TCPSTAT_INC(tcps_timeoutdrop);
659 if (tcp_inpinfo_lock_add(inp)) {
660 tcp_inpinfo_lock_del(inp, tp);
663 tp = tcp_drop(tp, tp->t_softerror ?
664 tp->t_softerror : ETIMEDOUT);
665 tcp_inpinfo_lock_del(inp, tp);
668 if (tp->t_state == TCPS_SYN_SENT) {
670 * If the SYN was retransmitted, indicate CWND to be
671 * limited to 1 segment in cc_conn_init().
674 } else if (tp->t_rxtshift == 1) {
676 * first retransmit; record ssthresh and cwnd so they can
677 * be recovered if this turns out to be a "bad" retransmit.
678 * A retransmit is considered "bad" if an ACK for this
679 * segment is received within RTT/2 interval; the assumption
680 * here is that the ACK was already in flight. See
681 * "On Estimating End-to-End Network Path Properties" by
682 * Allman and Paxson for more details.
684 tp->snd_cwnd_prev = tp->snd_cwnd;
685 tp->snd_ssthresh_prev = tp->snd_ssthresh;
686 tp->snd_recover_prev = tp->snd_recover;
687 if (IN_FASTRECOVERY(tp->t_flags))
688 tp->t_flags |= TF_WASFRECOVERY;
690 tp->t_flags &= ~TF_WASFRECOVERY;
691 if (IN_CONGRECOVERY(tp->t_flags))
692 tp->t_flags |= TF_WASCRECOVERY;
694 tp->t_flags &= ~TF_WASCRECOVERY;
695 tp->t_badrxtwin = ticks + (tp->t_srtt >> (TCP_RTT_SHIFT + 1));
696 tp->t_flags |= TF_PREVVALID;
698 tp->t_flags &= ~TF_PREVVALID;
699 TCPSTAT_INC(tcps_rexmttimeo);
700 if ((tp->t_state == TCPS_SYN_SENT) ||
701 (tp->t_state == TCPS_SYN_RECEIVED))
702 rexmt = TCPTV_RTOBASE * tcp_syn_backoff[tp->t_rxtshift];
704 rexmt = TCP_REXMTVAL(tp) * tcp_backoff[tp->t_rxtshift];
705 TCPT_RANGESET(tp->t_rxtcur, rexmt,
706 tp->t_rttmin, TCPTV_REXMTMAX);
709 * We enter the path for PLMTUD if connection is established or, if
710 * connection is FIN_WAIT_1 status, reason for the last is that if
711 * amount of data we send is very small, we could send it in couple of
712 * packets and process straight to FIN. In that case we won't catch
715 if (V_tcp_pmtud_blackhole_detect && (((tp->t_state == TCPS_ESTABLISHED))
716 || (tp->t_state == TCPS_FIN_WAIT_1))) {
722 * Idea here is that at each stage of mtu probe (usually, 1448
723 * -> 1188 -> 524) should be given 2 chances to recover before
724 * further clamping down. 'tp->t_rxtshift % 2 == 0' should
727 if (((tp->t_flags2 & (TF2_PLPMTU_PMTUD|TF2_PLPMTU_MAXSEGSNT)) ==
728 (TF2_PLPMTU_PMTUD|TF2_PLPMTU_MAXSEGSNT)) &&
729 (tp->t_rxtshift >= 2 && tp->t_rxtshift < 6 &&
730 tp->t_rxtshift % 2 == 0)) {
732 * Enter Path MTU Black-hole Detection mechanism:
733 * - Disable Path MTU Discovery (IP "DF" bit).
734 * - Reduce MTU to lower value than what we
735 * negotiated with peer.
737 if ((tp->t_flags2 & TF2_PLPMTU_BLACKHOLE) == 0) {
738 /* Record that we may have found a black hole. */
739 tp->t_flags2 |= TF2_PLPMTU_BLACKHOLE;
740 /* Keep track of previous MSS. */
741 tp->t_pmtud_saved_maxseg = tp->t_maxseg;
745 * Reduce the MSS to blackhole value or to the default
746 * in an attempt to retransmit.
749 isipv6 = (tp->t_inpcb->inp_vflag & INP_IPV6) ? 1 : 0;
751 tp->t_maxseg > V_tcp_v6pmtud_blackhole_mss) {
752 /* Use the sysctl tuneable blackhole MSS. */
753 tp->t_maxseg = V_tcp_v6pmtud_blackhole_mss;
754 TCPSTAT_INC(tcps_pmtud_blackhole_activated);
756 /* Use the default MSS. */
757 tp->t_maxseg = V_tcp_v6mssdflt;
759 * Disable Path MTU Discovery when we switch to
762 tp->t_flags2 &= ~TF2_PLPMTU_PMTUD;
763 TCPSTAT_INC(tcps_pmtud_blackhole_activated_min_mss);
766 #if defined(INET6) && defined(INET)
770 if (tp->t_maxseg > V_tcp_pmtud_blackhole_mss) {
771 /* Use the sysctl tuneable blackhole MSS. */
772 tp->t_maxseg = V_tcp_pmtud_blackhole_mss;
773 TCPSTAT_INC(tcps_pmtud_blackhole_activated);
775 /* Use the default MSS. */
776 tp->t_maxseg = V_tcp_mssdflt;
778 * Disable Path MTU Discovery when we switch to
781 tp->t_flags2 &= ~TF2_PLPMTU_PMTUD;
782 TCPSTAT_INC(tcps_pmtud_blackhole_activated_min_mss);
786 * Reset the slow-start flight size
787 * as it may depend on the new MSS.
789 if (CC_ALGO(tp)->conn_init != NULL)
790 CC_ALGO(tp)->conn_init(tp->ccv);
793 * If further retransmissions are still unsuccessful
794 * with a lowered MTU, maybe this isn't a blackhole and
795 * we restore the previous MSS and blackhole detection
797 * The limit '6' is determined by giving each probe
798 * stage (1448, 1188, 524) 2 chances to recover.
800 if ((tp->t_flags2 & TF2_PLPMTU_BLACKHOLE) &&
801 (tp->t_rxtshift >= 6)) {
802 tp->t_flags2 |= TF2_PLPMTU_PMTUD;
803 tp->t_flags2 &= ~TF2_PLPMTU_BLACKHOLE;
804 tp->t_maxseg = tp->t_pmtud_saved_maxseg;
805 TCPSTAT_INC(tcps_pmtud_blackhole_failed);
807 * Reset the slow-start flight size as it
808 * may depend on the new MSS.
810 if (CC_ALGO(tp)->conn_init != NULL)
811 CC_ALGO(tp)->conn_init(tp->ccv);
817 * Disable RFC1323 and SACK if we haven't got any response to
818 * our third SYN to work-around some broken terminal servers
819 * (most of which have hopefully been retired) that have bad VJ
820 * header compression code which trashes TCP segments containing
821 * unknown-to-them TCP options.
823 if (tcp_rexmit_drop_options && (tp->t_state == TCPS_SYN_SENT) &&
824 (tp->t_rxtshift == 3))
825 tp->t_flags &= ~(TF_REQ_SCALE|TF_REQ_TSTMP|TF_SACK_PERMIT);
827 * If we backed off this far, notify the L3 protocol that we're having
828 * connection problems.
830 if (tp->t_rxtshift > TCP_RTT_INVALIDATE) {
832 if ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0)
833 in6_losing(tp->t_inpcb);
836 in_losing(tp->t_inpcb);
838 tp->snd_nxt = tp->snd_una;
839 tp->snd_recover = tp->snd_max;
841 * Force a segment to be sent.
843 tp->t_flags |= TF_ACKNOW;
845 * If timing a segment in this window, stop the timer.
849 cc_cong_signal(tp, NULL, CC_RTO);
851 (void) tp->t_fb->tfb_tcp_output(tp);
854 if (tp != NULL && (tp->t_inpcb->inp_socket->so_options & SO_DEBUG))
855 tcp_trace(TA_USER, ostate, tp, (void *)0, (struct tcphdr *)0,
858 TCP_PROBE2(debug__user, tp, PRU_SLOWTIMO);
865 tcp_timer_activate(struct tcpcb *tp, uint32_t timer_type, u_int delta)
867 struct callout *t_callout;
868 timeout_t *f_callout;
869 struct inpcb *inp = tp->t_inpcb;
870 int cpu = inp_to_cpuid(inp);
873 if (tp->t_flags & TF_TOE)
877 if (tp->t_timers->tt_flags & TT_STOPPED)
880 switch (timer_type) {
882 t_callout = &tp->t_timers->tt_delack;
883 f_callout = tcp_timer_delack;
886 t_callout = &tp->t_timers->tt_rexmt;
887 f_callout = tcp_timer_rexmt;
890 t_callout = &tp->t_timers->tt_persist;
891 f_callout = tcp_timer_persist;
894 t_callout = &tp->t_timers->tt_keep;
895 f_callout = tcp_timer_keep;
898 t_callout = &tp->t_timers->tt_2msl;
899 f_callout = tcp_timer_2msl;
902 if (tp->t_fb->tfb_tcp_timer_activate) {
903 tp->t_fb->tfb_tcp_timer_activate(tp, timer_type, delta);
906 panic("tp %p bad timer_type %#x", tp, timer_type);
909 callout_stop(t_callout);
911 callout_reset_on(t_callout, delta, f_callout, tp, cpu);
916 tcp_timer_active(struct tcpcb *tp, uint32_t timer_type)
918 struct callout *t_callout;
920 switch (timer_type) {
922 t_callout = &tp->t_timers->tt_delack;
925 t_callout = &tp->t_timers->tt_rexmt;
928 t_callout = &tp->t_timers->tt_persist;
931 t_callout = &tp->t_timers->tt_keep;
934 t_callout = &tp->t_timers->tt_2msl;
937 if (tp->t_fb->tfb_tcp_timer_active) {
938 return(tp->t_fb->tfb_tcp_timer_active(tp, timer_type));
940 panic("tp %p bad timer_type %#x", tp, timer_type);
942 return callout_active(t_callout);
946 tcp_timer_stop(struct tcpcb *tp, uint32_t timer_type)
948 struct callout *t_callout;
950 tp->t_timers->tt_flags |= TT_STOPPED;
951 switch (timer_type) {
953 t_callout = &tp->t_timers->tt_delack;
956 t_callout = &tp->t_timers->tt_rexmt;
959 t_callout = &tp->t_timers->tt_persist;
962 t_callout = &tp->t_timers->tt_keep;
965 t_callout = &tp->t_timers->tt_2msl;
968 if (tp->t_fb->tfb_tcp_timer_stop) {
970 * XXXrrs we need to look at this with the
971 * stop case below (flags).
973 tp->t_fb->tfb_tcp_timer_stop(tp, timer_type);
976 panic("tp %p bad timer_type %#x", tp, timer_type);
979 if (callout_async_drain(t_callout, tcp_timer_discard) == 0) {
981 * Can't stop the callout, defer tcpcb actual deletion
982 * to the last one. We do this using the async drain
983 * function and incrementing the count in
985 tp->t_timers->tt_draincnt++;