2 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 4. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
36 #include "opt_inet6.h"
38 #include "opt_tcpdebug.h"
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/callout.h>
43 #include <sys/kernel.h>
44 #include <sys/sysctl.h>
45 #include <sys/malloc.h>
49 #include <sys/socket.h>
50 #include <sys/socketvar.h>
51 #include <sys/protosw.h>
52 #include <sys/random.h>
53 #include <sys/vimage.h>
57 #include <net/route.h>
60 #include <netinet/in.h>
61 #include <netinet/in_systm.h>
62 #include <netinet/ip.h>
64 #include <netinet/ip6.h>
66 #include <netinet/in_pcb.h>
68 #include <netinet6/in6_pcb.h>
70 #include <netinet/in_var.h>
71 #include <netinet/ip_var.h>
73 #include <netinet6/ip6_var.h>
74 #include <netinet6/scope6_var.h>
75 #include <netinet6/nd6.h>
77 #include <netinet/ip_icmp.h>
78 #include <netinet/tcp.h>
79 #include <netinet/tcp_fsm.h>
80 #include <netinet/tcp_seq.h>
81 #include <netinet/tcp_timer.h>
82 #include <netinet/tcp_var.h>
84 #include <netinet6/tcp6_var.h>
86 #include <netinet/tcpip.h>
88 #include <netinet/tcp_debug.h>
90 #include <netinet6/ip6protosw.h>
92 #include <machine/in_cksum.h>
94 #include <security/mac/mac_framework.h>
96 static uma_zone_t tcptw_zone;
100 * The timed wait queue contains references to each of the TCP sessions
101 * currently in the TIME_WAIT state. The queue pointers, including the
102 * queue pointers in each tcptw structure, are protected using the global
103 * tcbinfo lock, which must be held over queue iteration and modification.
105 static TAILQ_HEAD(, tcptw) twq_2msl;
107 static void tcp_tw_2msl_reset(struct tcptw *, int);
108 static void tcp_tw_2msl_stop(struct tcptw *);
111 tcptw_auto_size(void)
116 * Max out at half the ephemeral port range so that TIME_WAIT
117 * sockets don't tie up too many ephemeral ports.
119 if (V_ipport_lastauto > V_ipport_firstauto)
120 halfrange = (V_ipport_lastauto - V_ipport_firstauto) / 2;
122 halfrange = (V_ipport_firstauto - V_ipport_lastauto) / 2;
123 /* Protect against goofy port ranges smaller than 32. */
124 return (imin(imax(halfrange, 32), maxsockets / 5));
128 sysctl_maxtcptw(SYSCTL_HANDLER_ARGS)
133 new = tcptw_auto_size();
136 error = sysctl_handle_int(oidp, &new, 0, req);
137 if (error == 0 && req->newptr)
140 uma_zone_set_max(tcptw_zone, maxtcptw);
145 SYSCTL_PROC(_net_inet_tcp, OID_AUTO, maxtcptw, CTLTYPE_INT|CTLFLAG_RW,
146 &maxtcptw, 0, sysctl_maxtcptw, "IU",
147 "Maximum number of compressed TCP TIME_WAIT entries");
149 static int nolocaltimewait = 0;
150 SYSCTL_INT(_net_inet_tcp, OID_AUTO, nolocaltimewait, CTLFLAG_RW,
152 "Do not create compressed TCP TIME_WAIT entries for local connections");
155 tcp_tw_zone_change(void)
159 uma_zone_set_max(tcptw_zone, tcptw_auto_size());
166 tcptw_zone = uma_zcreate("tcptw", sizeof(struct tcptw),
167 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
168 TUNABLE_INT_FETCH("net.inet.tcp.maxtcptw", &maxtcptw);
170 uma_zone_set_max(tcptw_zone, tcptw_auto_size());
172 uma_zone_set_max(tcptw_zone, maxtcptw);
173 TAILQ_INIT(&V_twq_2msl);
177 * Move a TCP connection into TIME_WAIT state.
179 * inp is locked, and is unlocked before returning.
182 tcp_twstart(struct tcpcb *tp)
185 struct inpcb *inp = tp->t_inpcb;
189 INP_INFO_WLOCK_ASSERT(&V_tcbinfo); /* tcp_tw_2msl_reset(). */
190 INP_WLOCK_ASSERT(inp);
192 if (V_nolocaltimewait && in_localip(inp->inp_faddr)) {
199 tw = uma_zalloc(tcptw_zone, M_NOWAIT);
201 tw = tcp_tw_2msl_scan(1);
212 * Recover last window size sent.
214 tw->last_win = (tp->rcv_adv - tp->rcv_nxt) >> tp->rcv_scale;
217 * Set t_recent if timestamps are used on the connection.
219 if ((tp->t_flags & (TF_REQ_TSTMP|TF_RCVD_TSTMP|TF_NOOPT)) ==
220 (TF_REQ_TSTMP|TF_RCVD_TSTMP)) {
221 tw->t_recent = tp->ts_recent;
222 tw->ts_offset = tp->ts_offset;
228 tw->snd_nxt = tp->snd_nxt;
229 tw->rcv_nxt = tp->rcv_nxt;
232 tw->t_starttime = tp->t_starttime;
237 * be used for fin-wait-2 state also, then we may need
238 * a ts_recent from the last segment.
240 acknow = tp->t_flags & TF_ACKNOW;
243 * First, discard tcpcb state, which includes stopping its timers and
244 * freeing it. tcp_discardcb() used to also release the inpcb, but
245 * that work is now done in the caller.
247 * Note: soisdisconnected() call used to be made in tcp_discardcb(),
248 * and might not be needed here any longer.
251 so = inp->inp_socket;
252 soisdisconnected(so);
253 tw->tw_cred = crhold(so->so_cred);
255 tw->tw_so_options = so->so_options;
258 tcp_twrespond(tw, TH_ACK);
260 inp->inp_vflag |= INP_TIMEWAIT;
261 tcp_tw_2msl_reset(tw, 0);
264 * If the inpcb owns the sole reference to the socket, then we can
265 * detach and free the socket as it is not needed in time wait.
267 if (inp->inp_vflag & INP_SOCKREF) {
268 KASSERT(so->so_state & SS_PROTOREF,
269 ("tcp_twstart: !SS_PROTOREF"));
270 inp->inp_vflag &= ~INP_SOCKREF;
274 so->so_state &= ~SS_PROTOREF;
282 * The appromixate rate of ISN increase of Microsoft TCP stacks;
283 * the actual rate is slightly higher due to the addition of
284 * random positive increments.
286 * Most other new OSes use semi-randomized ISN values, so we
287 * do not need to worry about them.
289 #define MS_ISN_BYTES_PER_SECOND 250000
292 * Determine if the ISN we will generate has advanced beyond the last
293 * sequence number used by the previous connection. If so, indicate
294 * that it is safe to recycle this tw socket by returning 1.
297 tcp_twrecycleable(struct tcptw *tw)
299 tcp_seq new_iss = tw->iss;
300 tcp_seq new_irs = tw->irs;
302 INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
303 new_iss += (ticks - tw->t_starttime) * (ISN_BYTES_PER_SECOND / hz);
304 new_irs += (ticks - tw->t_starttime) * (MS_ISN_BYTES_PER_SECOND / hz);
306 if (SEQ_GT(new_iss, tw->snd_nxt) && SEQ_GT(new_irs, tw->rcv_nxt))
314 * Returns 1 if the TIME_WAIT state was killed and we should start over,
315 * looking for a pcb in the listen state. Returns 0 otherwise.
318 tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th,
319 struct mbuf *m, int tlen)
325 int isipv6 = (mtod(m, struct ip *)->ip_v == 6) ? 1 : 0;
327 const int isipv6 = 0;
330 /* tcbinfo lock required for tcp_twclose(), tcp_tw_2msl_reset(). */
331 INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
332 INP_WLOCK_ASSERT(inp);
335 * XXXRW: Time wait state for inpcb has been recycled, but inpcb is
336 * still present. This is undesirable, but temporarily necessary
337 * until we work out how to handle inpcb's who's timewait state has
344 thflags = th->th_flags;
347 * NOTE: for FIN_WAIT_2 (to be added later),
348 * must validate sequence number before accepting RST
352 * If the segment contains RST:
353 * Drop the segment - see Stevens, vol. 2, p. 964 and
356 if (thflags & TH_RST)
360 /* PAWS not needed at the moment */
362 * RFC 1323 PAWS: If we have a timestamp reply on this segment
363 * and it's less than ts_recent, drop it.
365 if ((to.to_flags & TOF_TS) != 0 && tp->ts_recent &&
366 TSTMP_LT(to.to_tsval, tp->ts_recent)) {
367 if ((thflags & TH_ACK) == 0)
372 * ts_recent is never updated because we never accept new segments.
377 * If a new connection request is received
378 * while in TIME_WAIT, drop the old connection
379 * and start over if the sequence numbers
380 * are above the previous ones.
382 if ((thflags & TH_SYN) && SEQ_GT(th->th_seq, tw->rcv_nxt)) {
388 * Drop the the segment if it does not contain an ACK.
390 if ((thflags & TH_ACK) == 0)
394 * Reset the 2MSL timer if this is a duplicate FIN.
396 if (thflags & TH_FIN) {
397 seq = th->th_seq + tlen + (thflags & TH_SYN ? 1 : 0);
398 if (seq + 1 == tw->rcv_nxt)
399 tcp_tw_2msl_reset(tw, 1);
403 * Acknowledge the segment if it has data or is not a duplicate ACK.
405 if (thflags != TH_ACK || tlen != 0 ||
406 th->th_seq != tw->rcv_nxt || th->th_ack != tw->snd_nxt)
407 tcp_twrespond(tw, TH_ACK);
411 * Generate a RST, dropping incoming segment.
412 * Make ACK acceptable to originator of segment.
413 * Don't bother to respond if destination was broadcast/multicast.
415 if (m->m_flags & (M_BCAST|M_MCAST))
421 /* IPv6 anycast check is done at tcp6_input() */
422 ip6 = mtod(m, struct ip6_hdr *);
423 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
424 IN6_IS_ADDR_MULTICAST(&ip6->ip6_src))
430 ip = mtod(m, struct ip *);
431 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) ||
432 IN_MULTICAST(ntohl(ip->ip_src.s_addr)) ||
433 ip->ip_src.s_addr == htonl(INADDR_BROADCAST) ||
434 in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
437 if (thflags & TH_ACK) {
439 mtod(m, void *), th, m, 0, th->th_ack, TH_RST);
441 seq = th->th_seq + (thflags & TH_SYN ? 1 : 0);
443 mtod(m, void *), th, m, seq, 0, TH_RST|TH_ACK);
455 tcp_twclose(struct tcptw *tw, int reuse)
461 * At this point, we are in one of two situations:
463 * (1) We have no socket, just an inpcb<->twtcp pair. We can free
466 * (2) We have a socket -- if we own a reference, release it and
467 * notify the socket layer.
470 KASSERT((inp->inp_vflag & INP_TIMEWAIT), ("tcp_twclose: !timewait"));
471 KASSERT(intotw(inp) == tw, ("tcp_twclose: inp_ppcb != tw"));
472 INP_INFO_WLOCK_ASSERT(&V_tcbinfo); /* tcp_tw_2msl_stop(). */
473 INP_WLOCK_ASSERT(inp);
476 tcp_tw_2msl_stop(tw);
477 inp->inp_ppcb = NULL;
480 so = inp->inp_socket;
483 * If there's a socket, handle two cases: first, we own a
484 * strong reference, which we will now release, or we don't
485 * in which case another reference exists (XXXRW: think
486 * about this more), and we don't need to take action.
488 if (inp->inp_vflag & INP_SOCKREF) {
489 inp->inp_vflag &= ~INP_SOCKREF;
493 KASSERT(so->so_state & SS_PROTOREF,
494 ("tcp_twclose: INP_SOCKREF && !SS_PROTOREF"));
495 so->so_state &= ~SS_PROTOREF;
499 * If we don't own the only reference, the socket and
500 * inpcb need to be left around to be handled by
501 * tcp_usr_detach() later.
507 if (inp->inp_vflag & INP_IPV6PROTO)
513 V_tcpstat.tcps_closed++;
518 uma_zfree(tcptw_zone, tw);
522 tcp_twrespond(struct tcptw *tw, int flags)
524 struct inpcb *inp = tw->tw_inpcb;
527 struct ip *ip = NULL;
528 u_int hdrlen, optlen;
532 struct ip6_hdr *ip6 = NULL;
533 int isipv6 = inp->inp_inc.inc_isipv6;
536 INP_WLOCK_ASSERT(inp);
538 m = m_gethdr(M_DONTWAIT, MT_DATA);
541 m->m_data += max_linkhdr;
544 mac_inpcb_create_mbuf(inp, m);
549 hdrlen = sizeof(struct ip6_hdr) + sizeof(struct tcphdr);
550 ip6 = mtod(m, struct ip6_hdr *);
551 th = (struct tcphdr *)(ip6 + 1);
552 tcpip_fillheaders(inp, ip6, th);
556 hdrlen = sizeof(struct tcpiphdr);
557 ip = mtod(m, struct ip *);
558 th = (struct tcphdr *)(ip + 1);
559 tcpip_fillheaders(inp, ip, th);
564 * Send a timestamp and echo-reply if both our side and our peer
565 * have sent timestamps in our SYN's and this is not a RST.
567 if (tw->t_recent && flags == TH_ACK) {
568 to.to_flags |= TOF_TS;
569 to.to_tsval = ticks + tw->ts_offset;
570 to.to_tsecr = tw->t_recent;
572 optlen = tcp_addoptions(&to, (u_char *)(th + 1));
574 m->m_len = hdrlen + optlen;
575 m->m_pkthdr.len = m->m_len;
577 KASSERT(max_linkhdr + m->m_len <= MHLEN, ("tcptw: mbuf too small"));
579 th->th_seq = htonl(tw->snd_nxt);
580 th->th_ack = htonl(tw->rcv_nxt);
581 th->th_off = (sizeof(struct tcphdr) + optlen) >> 2;
582 th->th_flags = flags;
583 th->th_win = htons(tw->last_win);
587 th->th_sum = in6_cksum(m, IPPROTO_TCP, sizeof(struct ip6_hdr),
588 sizeof(struct tcphdr) + optlen);
589 ip6->ip6_hlim = in6_selecthlim(inp, NULL);
590 error = ip6_output(m, inp->in6p_outputopts, NULL,
591 (tw->tw_so_options & SO_DONTROUTE), NULL, NULL, inp);
595 th->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
596 htons(sizeof(struct tcphdr) + optlen + IPPROTO_TCP));
597 m->m_pkthdr.csum_flags = CSUM_TCP;
598 m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
599 ip->ip_len = m->m_pkthdr.len;
600 if (V_path_mtu_discovery)
602 error = ip_output(m, inp->inp_options, NULL,
603 ((tw->tw_so_options & SO_DONTROUTE) ? IP_ROUTETOIF : 0),
607 V_tcpstat.tcps_sndacks++;
609 V_tcpstat.tcps_sndctrl++;
610 V_tcpstat.tcps_sndtotal++;
615 tcp_tw_2msl_reset(struct tcptw *tw, int rearm)
618 INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
619 INP_WLOCK_ASSERT(tw->tw_inpcb);
621 TAILQ_REMOVE(&V_twq_2msl, tw, tw_2msl);
622 tw->tw_time = ticks + 2 * tcp_msl;
623 TAILQ_INSERT_TAIL(&V_twq_2msl, tw, tw_2msl);
627 tcp_tw_2msl_stop(struct tcptw *tw)
630 INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
631 TAILQ_REMOVE(&V_twq_2msl, tw, tw_2msl);
635 tcp_tw_2msl_scan(int reuse)
639 INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
641 tw = TAILQ_FIRST(&V_twq_2msl);
642 if (tw == NULL || (!reuse && tw->tw_time > ticks))
644 INP_WLOCK(tw->tw_inpcb);
645 tcp_twclose(tw, reuse);