tcp_input.c revision 87fb4b7b533073eeeaed0b6bf7c2328995f6c075
1/* 2 * INET An implementation of the TCP/IP protocol suite for the LINUX 3 * operating system. INET is implemented using the BSD Socket 4 * interface as the means of communication with the user level. 5 * 6 * Implementation of the Transmission Control Protocol(TCP). 7 * 8 * Authors: Ross Biro 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 10 * Mark Evans, <evansmp@uhura.aston.ac.uk> 11 * Corey Minyard <wf-rch!minyard@relay.EU.net> 12 * Florian La Roche, <flla@stud.uni-sb.de> 13 * Charles Hedrick, <hedrick@klinzhai.rutgers.edu> 14 * Linus Torvalds, <torvalds@cs.helsinki.fi> 15 * Alan Cox, <gw4pts@gw4pts.ampr.org> 16 * Matthew Dillon, <dillon@apollo.west.oic.com> 17 * Arnt Gulbrandsen, <agulbra@nvg.unit.no> 18 * Jorge Cwik, <jorge@laser.satlink.net> 19 */ 20 21/* 22 * Changes: 23 * Pedro Roque : Fast Retransmit/Recovery. 24 * Two receive queues. 25 * Retransmit queue handled by TCP. 26 * Better retransmit timer handling. 27 * New congestion avoidance. 28 * Header prediction. 29 * Variable renaming. 30 * 31 * Eric : Fast Retransmit. 32 * Randy Scott : MSS option defines. 33 * Eric Schenk : Fixes to slow start algorithm. 34 * Eric Schenk : Yet another double ACK bug. 35 * Eric Schenk : Delayed ACK bug fixes. 36 * Eric Schenk : Floyd style fast retrans war avoidance. 37 * David S. Miller : Don't allow zero congestion window. 38 * Eric Schenk : Fix retransmitter so that it sends 39 * next packet on ack of previous packet. 40 * Andi Kleen : Moved open_request checking here 41 * and process RSTs for open_requests. 42 * Andi Kleen : Better prune_queue, and other fixes. 43 * Andrey Savochkin: Fix RTT measurements in the presence of 44 * timestamps. 45 * Andrey Savochkin: Check sequence numbers correctly when 46 * removing SACKs due to in sequence incoming 47 * data segments. 48 * Andi Kleen: Make sure we never ack data there is not 49 * enough room for. Also make this condition 50 * a fatal error if it might still happen. 51 * Andi Kleen: Add tcp_measure_rcv_mss to make 52 * connections with MSS<min(MTU,ann. MSS) 53 * work without delayed acks. 54 * Andi Kleen: Process packets with PSH set in the 55 * fast path. 56 * J Hadi Salim: ECN support 57 * Andrei Gurtov, 58 * Pasi Sarolahti, 59 * Panu Kuhlberg: Experimental audit of TCP (re)transmission 60 * engine. Lots of bugs are found. 61 * Pasi Sarolahti: F-RTO for dealing with spurious RTOs 62 */ 63 64#include <linux/mm.h> 65#include <linux/slab.h> 66#include <linux/module.h> 67#include <linux/sysctl.h> 68#include <linux/kernel.h> 69#include <net/dst.h> 70#include <net/tcp.h> 71#include <net/inet_common.h> 72#include <linux/ipsec.h> 73#include <asm/unaligned.h> 74#include <net/netdma.h> 75 76int sysctl_tcp_timestamps __read_mostly = 1; 77int sysctl_tcp_window_scaling __read_mostly = 1; 78int sysctl_tcp_sack __read_mostly = 1; 79int sysctl_tcp_fack __read_mostly = 1; 80int sysctl_tcp_reordering __read_mostly = TCP_FASTRETRANS_THRESH; 81EXPORT_SYMBOL(sysctl_tcp_reordering); 82int sysctl_tcp_ecn __read_mostly = 2; 83EXPORT_SYMBOL(sysctl_tcp_ecn); 84int sysctl_tcp_dsack __read_mostly = 1; 85int sysctl_tcp_app_win __read_mostly = 31; 86int sysctl_tcp_adv_win_scale __read_mostly = 2; 87EXPORT_SYMBOL(sysctl_tcp_adv_win_scale); 88 89int sysctl_tcp_stdurg __read_mostly; 90int sysctl_tcp_rfc1337 __read_mostly; 91int sysctl_tcp_max_orphans __read_mostly = NR_FILE; 92int sysctl_tcp_frto __read_mostly = 2; 93int sysctl_tcp_frto_response __read_mostly; 94int sysctl_tcp_nometrics_save __read_mostly; 95 96int sysctl_tcp_thin_dupack __read_mostly; 97 98int sysctl_tcp_moderate_rcvbuf __read_mostly = 1; 99int sysctl_tcp_abc __read_mostly; 100 101#define FLAG_DATA 0x01 /* Incoming frame contained data. */ 102#define FLAG_WIN_UPDATE 0x02 /* Incoming ACK was a window update. */ 103#define FLAG_DATA_ACKED 0x04 /* This ACK acknowledged new data. */ 104#define FLAG_RETRANS_DATA_ACKED 0x08 /* "" "" some of which was retransmitted. */ 105#define FLAG_SYN_ACKED 0x10 /* This ACK acknowledged SYN. */ 106#define FLAG_DATA_SACKED 0x20 /* New SACK. */ 107#define FLAG_ECE 0x40 /* ECE in this ACK */ 108#define FLAG_DATA_LOST 0x80 /* SACK detected data lossage. */ 109#define FLAG_SLOWPATH 0x100 /* Do not skip RFC checks for window update.*/ 110#define FLAG_ONLY_ORIG_SACKED 0x200 /* SACKs only non-rexmit sent before RTO */ 111#define FLAG_SND_UNA_ADVANCED 0x400 /* Snd_una was changed (!= FLAG_DATA_ACKED) */ 112#define FLAG_DSACKING_ACK 0x800 /* SACK blocks contained D-SACK info */ 113#define FLAG_NONHEAD_RETRANS_ACKED 0x1000 /* Non-head rexmitted data was ACKed */ 114#define FLAG_SACK_RENEGING 0x2000 /* snd_una advanced to a sacked seq */ 115 116#define FLAG_ACKED (FLAG_DATA_ACKED|FLAG_SYN_ACKED) 117#define FLAG_NOT_DUP (FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED) 118#define FLAG_CA_ALERT (FLAG_DATA_SACKED|FLAG_ECE) 119#define FLAG_FORWARD_PROGRESS (FLAG_ACKED|FLAG_DATA_SACKED) 120#define FLAG_ANY_PROGRESS (FLAG_FORWARD_PROGRESS|FLAG_SND_UNA_ADVANCED) 121 122#define TCP_REMNANT (TCP_FLAG_FIN|TCP_FLAG_URG|TCP_FLAG_SYN|TCP_FLAG_PSH) 123#define TCP_HP_BITS (~(TCP_RESERVED_BITS|TCP_FLAG_PSH)) 124 125/* Adapt the MSS value used to make delayed ack decision to the 126 * real world. 127 */ 128static void tcp_measure_rcv_mss(struct sock *sk, const struct sk_buff *skb) 129{ 130 struct inet_connection_sock *icsk = inet_csk(sk); 131 const unsigned int lss = icsk->icsk_ack.last_seg_size; 132 unsigned int len; 133 134 icsk->icsk_ack.last_seg_size = 0; 135 136 /* skb->len may jitter because of SACKs, even if peer 137 * sends good full-sized frames. 138 */ 139 len = skb_shinfo(skb)->gso_size ? : skb->len; 140 if (len >= icsk->icsk_ack.rcv_mss) { 141 icsk->icsk_ack.rcv_mss = len; 142 } else { 143 /* Otherwise, we make more careful check taking into account, 144 * that SACKs block is variable. 145 * 146 * "len" is invariant segment length, including TCP header. 147 */ 148 len += skb->data - skb_transport_header(skb); 149 if (len >= TCP_MSS_DEFAULT + sizeof(struct tcphdr) || 150 /* If PSH is not set, packet should be 151 * full sized, provided peer TCP is not badly broken. 152 * This observation (if it is correct 8)) allows 153 * to handle super-low mtu links fairly. 154 */ 155 (len >= TCP_MIN_MSS + sizeof(struct tcphdr) && 156 !(tcp_flag_word(tcp_hdr(skb)) & TCP_REMNANT))) { 157 /* Subtract also invariant (if peer is RFC compliant), 158 * tcp header plus fixed timestamp option length. 159 * Resulting "len" is MSS free of SACK jitter. 160 */ 161 len -= tcp_sk(sk)->tcp_header_len; 162 icsk->icsk_ack.last_seg_size = len; 163 if (len == lss) { 164 icsk->icsk_ack.rcv_mss = len; 165 return; 166 } 167 } 168 if (icsk->icsk_ack.pending & ICSK_ACK_PUSHED) 169 icsk->icsk_ack.pending |= ICSK_ACK_PUSHED2; 170 icsk->icsk_ack.pending |= ICSK_ACK_PUSHED; 171 } 172} 173 174static void tcp_incr_quickack(struct sock *sk) 175{ 176 struct inet_connection_sock *icsk = inet_csk(sk); 177 unsigned quickacks = tcp_sk(sk)->rcv_wnd / (2 * icsk->icsk_ack.rcv_mss); 178 179 if (quickacks == 0) 180 quickacks = 2; 181 if (quickacks > icsk->icsk_ack.quick) 182 icsk->icsk_ack.quick = min(quickacks, TCP_MAX_QUICKACKS); 183} 184 185static void tcp_enter_quickack_mode(struct sock *sk) 186{ 187 struct inet_connection_sock *icsk = inet_csk(sk); 188 tcp_incr_quickack(sk); 189 icsk->icsk_ack.pingpong = 0; 190 icsk->icsk_ack.ato = TCP_ATO_MIN; 191} 192 193/* Send ACKs quickly, if "quick" count is not exhausted 194 * and the session is not interactive. 195 */ 196 197static inline int tcp_in_quickack_mode(const struct sock *sk) 198{ 199 const struct inet_connection_sock *icsk = inet_csk(sk); 200 return icsk->icsk_ack.quick && !icsk->icsk_ack.pingpong; 201} 202 203static inline void TCP_ECN_queue_cwr(struct tcp_sock *tp) 204{ 205 if (tp->ecn_flags & TCP_ECN_OK) 206 tp->ecn_flags |= TCP_ECN_QUEUE_CWR; 207} 208 209static inline void TCP_ECN_accept_cwr(struct tcp_sock *tp, struct sk_buff *skb) 210{ 211 if (tcp_hdr(skb)->cwr) 212 tp->ecn_flags &= ~TCP_ECN_DEMAND_CWR; 213} 214 215static inline void TCP_ECN_withdraw_cwr(struct tcp_sock *tp) 216{ 217 tp->ecn_flags &= ~TCP_ECN_DEMAND_CWR; 218} 219 220static inline void TCP_ECN_check_ce(struct tcp_sock *tp, const struct sk_buff *skb) 221{ 222 if (!(tp->ecn_flags & TCP_ECN_OK)) 223 return; 224 225 switch (TCP_SKB_CB(skb)->ip_dsfield & INET_ECN_MASK) { 226 case INET_ECN_NOT_ECT: 227 /* Funny extension: if ECT is not set on a segment, 228 * and we already seen ECT on a previous segment, 229 * it is probably a retransmit. 230 */ 231 if (tp->ecn_flags & TCP_ECN_SEEN) 232 tcp_enter_quickack_mode((struct sock *)tp); 233 break; 234 case INET_ECN_CE: 235 tp->ecn_flags |= TCP_ECN_DEMAND_CWR; 236 /* fallinto */ 237 default: 238 tp->ecn_flags |= TCP_ECN_SEEN; 239 } 240} 241 242static inline void TCP_ECN_rcv_synack(struct tcp_sock *tp, struct tcphdr *th) 243{ 244 if ((tp->ecn_flags & TCP_ECN_OK) && (!th->ece || th->cwr)) 245 tp->ecn_flags &= ~TCP_ECN_OK; 246} 247 248static inline void TCP_ECN_rcv_syn(struct tcp_sock *tp, struct tcphdr *th) 249{ 250 if ((tp->ecn_flags & TCP_ECN_OK) && (!th->ece || !th->cwr)) 251 tp->ecn_flags &= ~TCP_ECN_OK; 252} 253 254static inline int TCP_ECN_rcv_ecn_echo(struct tcp_sock *tp, struct tcphdr *th) 255{ 256 if (th->ece && !th->syn && (tp->ecn_flags & TCP_ECN_OK)) 257 return 1; 258 return 0; 259} 260 261/* Buffer size and advertised window tuning. 262 * 263 * 1. Tuning sk->sk_sndbuf, when connection enters established state. 264 */ 265 266static void tcp_fixup_sndbuf(struct sock *sk) 267{ 268 int sndmem = SKB_TRUESIZE(tcp_sk(sk)->rx_opt.mss_clamp + MAX_TCP_HEADER); 269 270 if (sk->sk_sndbuf < 3 * sndmem) { 271 sk->sk_sndbuf = 3 * sndmem; 272 if (sk->sk_sndbuf > sysctl_tcp_wmem[2]) 273 sk->sk_sndbuf = sysctl_tcp_wmem[2]; 274 } 275} 276 277/* 2. Tuning advertised window (window_clamp, rcv_ssthresh) 278 * 279 * All tcp_full_space() is split to two parts: "network" buffer, allocated 280 * forward and advertised in receiver window (tp->rcv_wnd) and 281 * "application buffer", required to isolate scheduling/application 282 * latencies from network. 283 * window_clamp is maximal advertised window. It can be less than 284 * tcp_full_space(), in this case tcp_full_space() - window_clamp 285 * is reserved for "application" buffer. The less window_clamp is 286 * the smoother our behaviour from viewpoint of network, but the lower 287 * throughput and the higher sensitivity of the connection to losses. 8) 288 * 289 * rcv_ssthresh is more strict window_clamp used at "slow start" 290 * phase to predict further behaviour of this connection. 291 * It is used for two goals: 292 * - to enforce header prediction at sender, even when application 293 * requires some significant "application buffer". It is check #1. 294 * - to prevent pruning of receive queue because of misprediction 295 * of receiver window. Check #2. 296 * 297 * The scheme does not work when sender sends good segments opening 298 * window and then starts to feed us spaghetti. But it should work 299 * in common situations. Otherwise, we have to rely on queue collapsing. 300 */ 301 302/* Slow part of check#2. */ 303static int __tcp_grow_window(const struct sock *sk, const struct sk_buff *skb) 304{ 305 struct tcp_sock *tp = tcp_sk(sk); 306 /* Optimize this! */ 307 int truesize = tcp_win_from_space(skb->truesize) >> 1; 308 int window = tcp_win_from_space(sysctl_tcp_rmem[2]) >> 1; 309 310 while (tp->rcv_ssthresh <= window) { 311 if (truesize <= skb->len) 312 return 2 * inet_csk(sk)->icsk_ack.rcv_mss; 313 314 truesize >>= 1; 315 window >>= 1; 316 } 317 return 0; 318} 319 320static void tcp_grow_window(struct sock *sk, struct sk_buff *skb) 321{ 322 struct tcp_sock *tp = tcp_sk(sk); 323 324 /* Check #1 */ 325 if (tp->rcv_ssthresh < tp->window_clamp && 326 (int)tp->rcv_ssthresh < tcp_space(sk) && 327 !tcp_memory_pressure) { 328 int incr; 329 330 /* Check #2. Increase window, if skb with such overhead 331 * will fit to rcvbuf in future. 332 */ 333 if (tcp_win_from_space(skb->truesize) <= skb->len) 334 incr = 2 * tp->advmss; 335 else 336 incr = __tcp_grow_window(sk, skb); 337 338 if (incr) { 339 tp->rcv_ssthresh = min(tp->rcv_ssthresh + incr, 340 tp->window_clamp); 341 inet_csk(sk)->icsk_ack.quick |= 1; 342 } 343 } 344} 345 346/* 3. Tuning rcvbuf, when connection enters established state. */ 347 348static void tcp_fixup_rcvbuf(struct sock *sk) 349{ 350 struct tcp_sock *tp = tcp_sk(sk); 351 int rcvmem = SKB_TRUESIZE(tp->advmss + MAX_TCP_HEADER); 352 353 /* Try to select rcvbuf so that 4 mss-sized segments 354 * will fit to window and corresponding skbs will fit to our rcvbuf. 355 * (was 3; 4 is minimum to allow fast retransmit to work.) 356 */ 357 while (tcp_win_from_space(rcvmem) < tp->advmss) 358 rcvmem += 128; 359 if (sk->sk_rcvbuf < 4 * rcvmem) 360 sk->sk_rcvbuf = min(4 * rcvmem, sysctl_tcp_rmem[2]); 361} 362 363/* 4. Try to fixup all. It is made immediately after connection enters 364 * established state. 365 */ 366static void tcp_init_buffer_space(struct sock *sk) 367{ 368 struct tcp_sock *tp = tcp_sk(sk); 369 int maxwin; 370 371 if (!(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) 372 tcp_fixup_rcvbuf(sk); 373 if (!(sk->sk_userlocks & SOCK_SNDBUF_LOCK)) 374 tcp_fixup_sndbuf(sk); 375 376 tp->rcvq_space.space = tp->rcv_wnd; 377 378 maxwin = tcp_full_space(sk); 379 380 if (tp->window_clamp >= maxwin) { 381 tp->window_clamp = maxwin; 382 383 if (sysctl_tcp_app_win && maxwin > 4 * tp->advmss) 384 tp->window_clamp = max(maxwin - 385 (maxwin >> sysctl_tcp_app_win), 386 4 * tp->advmss); 387 } 388 389 /* Force reservation of one segment. */ 390 if (sysctl_tcp_app_win && 391 tp->window_clamp > 2 * tp->advmss && 392 tp->window_clamp + tp->advmss > maxwin) 393 tp->window_clamp = max(2 * tp->advmss, maxwin - tp->advmss); 394 395 tp->rcv_ssthresh = min(tp->rcv_ssthresh, tp->window_clamp); 396 tp->snd_cwnd_stamp = tcp_time_stamp; 397} 398 399/* 5. Recalculate window clamp after socket hit its memory bounds. */ 400static void tcp_clamp_window(struct sock *sk) 401{ 402 struct tcp_sock *tp = tcp_sk(sk); 403 struct inet_connection_sock *icsk = inet_csk(sk); 404 405 icsk->icsk_ack.quick = 0; 406 407 if (sk->sk_rcvbuf < sysctl_tcp_rmem[2] && 408 !(sk->sk_userlocks & SOCK_RCVBUF_LOCK) && 409 !tcp_memory_pressure && 410 atomic_long_read(&tcp_memory_allocated) < sysctl_tcp_mem[0]) { 411 sk->sk_rcvbuf = min(atomic_read(&sk->sk_rmem_alloc), 412 sysctl_tcp_rmem[2]); 413 } 414 if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf) 415 tp->rcv_ssthresh = min(tp->window_clamp, 2U * tp->advmss); 416} 417 418/* Initialize RCV_MSS value. 419 * RCV_MSS is an our guess about MSS used by the peer. 420 * We haven't any direct information about the MSS. 421 * It's better to underestimate the RCV_MSS rather than overestimate. 422 * Overestimations make us ACKing less frequently than needed. 423 * Underestimations are more easy to detect and fix by tcp_measure_rcv_mss(). 424 */ 425void tcp_initialize_rcv_mss(struct sock *sk) 426{ 427 struct tcp_sock *tp = tcp_sk(sk); 428 unsigned int hint = min_t(unsigned int, tp->advmss, tp->mss_cache); 429 430 hint = min(hint, tp->rcv_wnd / 2); 431 hint = min(hint, TCP_MSS_DEFAULT); 432 hint = max(hint, TCP_MIN_MSS); 433 434 inet_csk(sk)->icsk_ack.rcv_mss = hint; 435} 436EXPORT_SYMBOL(tcp_initialize_rcv_mss); 437 438/* Receiver "autotuning" code. 439 * 440 * The algorithm for RTT estimation w/o timestamps is based on 441 * Dynamic Right-Sizing (DRS) by Wu Feng and Mike Fisk of LANL. 442 * <http://public.lanl.gov/radiant/pubs.html#DRS> 443 * 444 * More detail on this code can be found at 445 * <http://staff.psc.edu/jheffner/>, 446 * though this reference is out of date. A new paper 447 * is pending. 448 */ 449static void tcp_rcv_rtt_update(struct tcp_sock *tp, u32 sample, int win_dep) 450{ 451 u32 new_sample = tp->rcv_rtt_est.rtt; 452 long m = sample; 453 454 if (m == 0) 455 m = 1; 456 457 if (new_sample != 0) { 458 /* If we sample in larger samples in the non-timestamp 459 * case, we could grossly overestimate the RTT especially 460 * with chatty applications or bulk transfer apps which 461 * are stalled on filesystem I/O. 462 * 463 * Also, since we are only going for a minimum in the 464 * non-timestamp case, we do not smooth things out 465 * else with timestamps disabled convergence takes too 466 * long. 467 */ 468 if (!win_dep) { 469 m -= (new_sample >> 3); 470 new_sample += m; 471 } else if (m < new_sample) 472 new_sample = m << 3; 473 } else { 474 /* No previous measure. */ 475 new_sample = m << 3; 476 } 477 478 if (tp->rcv_rtt_est.rtt != new_sample) 479 tp->rcv_rtt_est.rtt = new_sample; 480} 481 482static inline void tcp_rcv_rtt_measure(struct tcp_sock *tp) 483{ 484 if (tp->rcv_rtt_est.time == 0) 485 goto new_measure; 486 if (before(tp->rcv_nxt, tp->rcv_rtt_est.seq)) 487 return; 488 tcp_rcv_rtt_update(tp, jiffies - tp->rcv_rtt_est.time, 1); 489 490new_measure: 491 tp->rcv_rtt_est.seq = tp->rcv_nxt + tp->rcv_wnd; 492 tp->rcv_rtt_est.time = tcp_time_stamp; 493} 494 495static inline void tcp_rcv_rtt_measure_ts(struct sock *sk, 496 const struct sk_buff *skb) 497{ 498 struct tcp_sock *tp = tcp_sk(sk); 499 if (tp->rx_opt.rcv_tsecr && 500 (TCP_SKB_CB(skb)->end_seq - 501 TCP_SKB_CB(skb)->seq >= inet_csk(sk)->icsk_ack.rcv_mss)) 502 tcp_rcv_rtt_update(tp, tcp_time_stamp - tp->rx_opt.rcv_tsecr, 0); 503} 504 505/* 506 * This function should be called every time data is copied to user space. 507 * It calculates the appropriate TCP receive buffer space. 508 */ 509void tcp_rcv_space_adjust(struct sock *sk) 510{ 511 struct tcp_sock *tp = tcp_sk(sk); 512 int time; 513 int space; 514 515 if (tp->rcvq_space.time == 0) 516 goto new_measure; 517 518 time = tcp_time_stamp - tp->rcvq_space.time; 519 if (time < (tp->rcv_rtt_est.rtt >> 3) || tp->rcv_rtt_est.rtt == 0) 520 return; 521 522 space = 2 * (tp->copied_seq - tp->rcvq_space.seq); 523 524 space = max(tp->rcvq_space.space, space); 525 526 if (tp->rcvq_space.space != space) { 527 int rcvmem; 528 529 tp->rcvq_space.space = space; 530 531 if (sysctl_tcp_moderate_rcvbuf && 532 !(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) { 533 int new_clamp = space; 534 535 /* Receive space grows, normalize in order to 536 * take into account packet headers and sk_buff 537 * structure overhead. 538 */ 539 space /= tp->advmss; 540 if (!space) 541 space = 1; 542 rcvmem = SKB_TRUESIZE(tp->advmss + MAX_TCP_HEADER); 543 while (tcp_win_from_space(rcvmem) < tp->advmss) 544 rcvmem += 128; 545 space *= rcvmem; 546 space = min(space, sysctl_tcp_rmem[2]); 547 if (space > sk->sk_rcvbuf) { 548 sk->sk_rcvbuf = space; 549 550 /* Make the window clamp follow along. */ 551 tp->window_clamp = new_clamp; 552 } 553 } 554 } 555 556new_measure: 557 tp->rcvq_space.seq = tp->copied_seq; 558 tp->rcvq_space.time = tcp_time_stamp; 559} 560 561/* There is something which you must keep in mind when you analyze the 562 * behavior of the tp->ato delayed ack timeout interval. When a 563 * connection starts up, we want to ack as quickly as possible. The 564 * problem is that "good" TCP's do slow start at the beginning of data 565 * transmission. The means that until we send the first few ACK's the 566 * sender will sit on his end and only queue most of his data, because 567 * he can only send snd_cwnd unacked packets at any given time. For 568 * each ACK we send, he increments snd_cwnd and transmits more of his 569 * queue. -DaveM 570 */ 571static void tcp_event_data_recv(struct sock *sk, struct sk_buff *skb) 572{ 573 struct tcp_sock *tp = tcp_sk(sk); 574 struct inet_connection_sock *icsk = inet_csk(sk); 575 u32 now; 576 577 inet_csk_schedule_ack(sk); 578 579 tcp_measure_rcv_mss(sk, skb); 580 581 tcp_rcv_rtt_measure(tp); 582 583 now = tcp_time_stamp; 584 585 if (!icsk->icsk_ack.ato) { 586 /* The _first_ data packet received, initialize 587 * delayed ACK engine. 588 */ 589 tcp_incr_quickack(sk); 590 icsk->icsk_ack.ato = TCP_ATO_MIN; 591 } else { 592 int m = now - icsk->icsk_ack.lrcvtime; 593 594 if (m <= TCP_ATO_MIN / 2) { 595 /* The fastest case is the first. */ 596 icsk->icsk_ack.ato = (icsk->icsk_ack.ato >> 1) + TCP_ATO_MIN / 2; 597 } else if (m < icsk->icsk_ack.ato) { 598 icsk->icsk_ack.ato = (icsk->icsk_ack.ato >> 1) + m; 599 if (icsk->icsk_ack.ato > icsk->icsk_rto) 600 icsk->icsk_ack.ato = icsk->icsk_rto; 601 } else if (m > icsk->icsk_rto) { 602 /* Too long gap. Apparently sender failed to 603 * restart window, so that we send ACKs quickly. 604 */ 605 tcp_incr_quickack(sk); 606 sk_mem_reclaim(sk); 607 } 608 } 609 icsk->icsk_ack.lrcvtime = now; 610 611 TCP_ECN_check_ce(tp, skb); 612 613 if (skb->len >= 128) 614 tcp_grow_window(sk, skb); 615} 616 617/* Called to compute a smoothed rtt estimate. The data fed to this 618 * routine either comes from timestamps, or from segments that were 619 * known _not_ to have been retransmitted [see Karn/Partridge 620 * Proceedings SIGCOMM 87]. The algorithm is from the SIGCOMM 88 621 * piece by Van Jacobson. 622 * NOTE: the next three routines used to be one big routine. 623 * To save cycles in the RFC 1323 implementation it was better to break 624 * it up into three procedures. -- erics 625 */ 626static void tcp_rtt_estimator(struct sock *sk, const __u32 mrtt) 627{ 628 struct tcp_sock *tp = tcp_sk(sk); 629 long m = mrtt; /* RTT */ 630 631 /* The following amusing code comes from Jacobson's 632 * article in SIGCOMM '88. Note that rtt and mdev 633 * are scaled versions of rtt and mean deviation. 634 * This is designed to be as fast as possible 635 * m stands for "measurement". 636 * 637 * On a 1990 paper the rto value is changed to: 638 * RTO = rtt + 4 * mdev 639 * 640 * Funny. This algorithm seems to be very broken. 641 * These formulae increase RTO, when it should be decreased, increase 642 * too slowly, when it should be increased quickly, decrease too quickly 643 * etc. I guess in BSD RTO takes ONE value, so that it is absolutely 644 * does not matter how to _calculate_ it. Seems, it was trap 645 * that VJ failed to avoid. 8) 646 */ 647 if (m == 0) 648 m = 1; 649 if (tp->srtt != 0) { 650 m -= (tp->srtt >> 3); /* m is now error in rtt est */ 651 tp->srtt += m; /* rtt = 7/8 rtt + 1/8 new */ 652 if (m < 0) { 653 m = -m; /* m is now abs(error) */ 654 m -= (tp->mdev >> 2); /* similar update on mdev */ 655 /* This is similar to one of Eifel findings. 656 * Eifel blocks mdev updates when rtt decreases. 657 * This solution is a bit different: we use finer gain 658 * for mdev in this case (alpha*beta). 659 * Like Eifel it also prevents growth of rto, 660 * but also it limits too fast rto decreases, 661 * happening in pure Eifel. 662 */ 663 if (m > 0) 664 m >>= 3; 665 } else { 666 m -= (tp->mdev >> 2); /* similar update on mdev */ 667 } 668 tp->mdev += m; /* mdev = 3/4 mdev + 1/4 new */ 669 if (tp->mdev > tp->mdev_max) { 670 tp->mdev_max = tp->mdev; 671 if (tp->mdev_max > tp->rttvar) 672 tp->rttvar = tp->mdev_max; 673 } 674 if (after(tp->snd_una, tp->rtt_seq)) { 675 if (tp->mdev_max < tp->rttvar) 676 tp->rttvar -= (tp->rttvar - tp->mdev_max) >> 2; 677 tp->rtt_seq = tp->snd_nxt; 678 tp->mdev_max = tcp_rto_min(sk); 679 } 680 } else { 681 /* no previous measure. */ 682 tp->srtt = m << 3; /* take the measured time to be rtt */ 683 tp->mdev = m << 1; /* make sure rto = 3*rtt */ 684 tp->mdev_max = tp->rttvar = max(tp->mdev, tcp_rto_min(sk)); 685 tp->rtt_seq = tp->snd_nxt; 686 } 687} 688 689/* Calculate rto without backoff. This is the second half of Van Jacobson's 690 * routine referred to above. 691 */ 692static inline void tcp_set_rto(struct sock *sk) 693{ 694 const struct tcp_sock *tp = tcp_sk(sk); 695 /* Old crap is replaced with new one. 8) 696 * 697 * More seriously: 698 * 1. If rtt variance happened to be less 50msec, it is hallucination. 699 * It cannot be less due to utterly erratic ACK generation made 700 * at least by solaris and freebsd. "Erratic ACKs" has _nothing_ 701 * to do with delayed acks, because at cwnd>2 true delack timeout 702 * is invisible. Actually, Linux-2.4 also generates erratic 703 * ACKs in some circumstances. 704 */ 705 inet_csk(sk)->icsk_rto = __tcp_set_rto(tp); 706 707 /* 2. Fixups made earlier cannot be right. 708 * If we do not estimate RTO correctly without them, 709 * all the algo is pure shit and should be replaced 710 * with correct one. It is exactly, which we pretend to do. 711 */ 712 713 /* NOTE: clamping at TCP_RTO_MIN is not required, current algo 714 * guarantees that rto is higher. 715 */ 716 tcp_bound_rto(sk); 717} 718 719/* Save metrics learned by this TCP session. 720 This function is called only, when TCP finishes successfully 721 i.e. when it enters TIME-WAIT or goes from LAST-ACK to CLOSE. 722 */ 723void tcp_update_metrics(struct sock *sk) 724{ 725 struct tcp_sock *tp = tcp_sk(sk); 726 struct dst_entry *dst = __sk_dst_get(sk); 727 728 if (sysctl_tcp_nometrics_save) 729 return; 730 731 dst_confirm(dst); 732 733 if (dst && (dst->flags & DST_HOST)) { 734 const struct inet_connection_sock *icsk = inet_csk(sk); 735 int m; 736 unsigned long rtt; 737 738 if (icsk->icsk_backoff || !tp->srtt) { 739 /* This session failed to estimate rtt. Why? 740 * Probably, no packets returned in time. 741 * Reset our results. 742 */ 743 if (!(dst_metric_locked(dst, RTAX_RTT))) 744 dst_metric_set(dst, RTAX_RTT, 0); 745 return; 746 } 747 748 rtt = dst_metric_rtt(dst, RTAX_RTT); 749 m = rtt - tp->srtt; 750 751 /* If newly calculated rtt larger than stored one, 752 * store new one. Otherwise, use EWMA. Remember, 753 * rtt overestimation is always better than underestimation. 754 */ 755 if (!(dst_metric_locked(dst, RTAX_RTT))) { 756 if (m <= 0) 757 set_dst_metric_rtt(dst, RTAX_RTT, tp->srtt); 758 else 759 set_dst_metric_rtt(dst, RTAX_RTT, rtt - (m >> 3)); 760 } 761 762 if (!(dst_metric_locked(dst, RTAX_RTTVAR))) { 763 unsigned long var; 764 if (m < 0) 765 m = -m; 766 767 /* Scale deviation to rttvar fixed point */ 768 m >>= 1; 769 if (m < tp->mdev) 770 m = tp->mdev; 771 772 var = dst_metric_rtt(dst, RTAX_RTTVAR); 773 if (m >= var) 774 var = m; 775 else 776 var -= (var - m) >> 2; 777 778 set_dst_metric_rtt(dst, RTAX_RTTVAR, var); 779 } 780 781 if (tcp_in_initial_slowstart(tp)) { 782 /* Slow start still did not finish. */ 783 if (dst_metric(dst, RTAX_SSTHRESH) && 784 !dst_metric_locked(dst, RTAX_SSTHRESH) && 785 (tp->snd_cwnd >> 1) > dst_metric(dst, RTAX_SSTHRESH)) 786 dst_metric_set(dst, RTAX_SSTHRESH, tp->snd_cwnd >> 1); 787 if (!dst_metric_locked(dst, RTAX_CWND) && 788 tp->snd_cwnd > dst_metric(dst, RTAX_CWND)) 789 dst_metric_set(dst, RTAX_CWND, tp->snd_cwnd); 790 } else if (tp->snd_cwnd > tp->snd_ssthresh && 791 icsk->icsk_ca_state == TCP_CA_Open) { 792 /* Cong. avoidance phase, cwnd is reliable. */ 793 if (!dst_metric_locked(dst, RTAX_SSTHRESH)) 794 dst_metric_set(dst, RTAX_SSTHRESH, 795 max(tp->snd_cwnd >> 1, tp->snd_ssthresh)); 796 if (!dst_metric_locked(dst, RTAX_CWND)) 797 dst_metric_set(dst, RTAX_CWND, 798 (dst_metric(dst, RTAX_CWND) + 799 tp->snd_cwnd) >> 1); 800 } else { 801 /* Else slow start did not finish, cwnd is non-sense, 802 ssthresh may be also invalid. 803 */ 804 if (!dst_metric_locked(dst, RTAX_CWND)) 805 dst_metric_set(dst, RTAX_CWND, 806 (dst_metric(dst, RTAX_CWND) + 807 tp->snd_ssthresh) >> 1); 808 if (dst_metric(dst, RTAX_SSTHRESH) && 809 !dst_metric_locked(dst, RTAX_SSTHRESH) && 810 tp->snd_ssthresh > dst_metric(dst, RTAX_SSTHRESH)) 811 dst_metric_set(dst, RTAX_SSTHRESH, tp->snd_ssthresh); 812 } 813 814 if (!dst_metric_locked(dst, RTAX_REORDERING)) { 815 if (dst_metric(dst, RTAX_REORDERING) < tp->reordering && 816 tp->reordering != sysctl_tcp_reordering) 817 dst_metric_set(dst, RTAX_REORDERING, tp->reordering); 818 } 819 } 820} 821 822__u32 tcp_init_cwnd(struct tcp_sock *tp, struct dst_entry *dst) 823{ 824 __u32 cwnd = (dst ? dst_metric(dst, RTAX_INITCWND) : 0); 825 826 if (!cwnd) 827 cwnd = TCP_INIT_CWND; 828 return min_t(__u32, cwnd, tp->snd_cwnd_clamp); 829} 830 831/* Set slow start threshold and cwnd not falling to slow start */ 832void tcp_enter_cwr(struct sock *sk, const int set_ssthresh) 833{ 834 struct tcp_sock *tp = tcp_sk(sk); 835 const struct inet_connection_sock *icsk = inet_csk(sk); 836 837 tp->prior_ssthresh = 0; 838 tp->bytes_acked = 0; 839 if (icsk->icsk_ca_state < TCP_CA_CWR) { 840 tp->undo_marker = 0; 841 if (set_ssthresh) 842 tp->snd_ssthresh = icsk->icsk_ca_ops->ssthresh(sk); 843 tp->snd_cwnd = min(tp->snd_cwnd, 844 tcp_packets_in_flight(tp) + 1U); 845 tp->snd_cwnd_cnt = 0; 846 tp->high_seq = tp->snd_nxt; 847 tp->snd_cwnd_stamp = tcp_time_stamp; 848 TCP_ECN_queue_cwr(tp); 849 850 tcp_set_ca_state(sk, TCP_CA_CWR); 851 } 852} 853 854/* 855 * Packet counting of FACK is based on in-order assumptions, therefore TCP 856 * disables it when reordering is detected 857 */ 858static void tcp_disable_fack(struct tcp_sock *tp) 859{ 860 /* RFC3517 uses different metric in lost marker => reset on change */ 861 if (tcp_is_fack(tp)) 862 tp->lost_skb_hint = NULL; 863 tp->rx_opt.sack_ok &= ~2; 864} 865 866/* Take a notice that peer is sending D-SACKs */ 867static void tcp_dsack_seen(struct tcp_sock *tp) 868{ 869 tp->rx_opt.sack_ok |= 4; 870} 871 872/* Initialize metrics on socket. */ 873 874static void tcp_init_metrics(struct sock *sk) 875{ 876 struct tcp_sock *tp = tcp_sk(sk); 877 struct dst_entry *dst = __sk_dst_get(sk); 878 879 if (dst == NULL) 880 goto reset; 881 882 dst_confirm(dst); 883 884 if (dst_metric_locked(dst, RTAX_CWND)) 885 tp->snd_cwnd_clamp = dst_metric(dst, RTAX_CWND); 886 if (dst_metric(dst, RTAX_SSTHRESH)) { 887 tp->snd_ssthresh = dst_metric(dst, RTAX_SSTHRESH); 888 if (tp->snd_ssthresh > tp->snd_cwnd_clamp) 889 tp->snd_ssthresh = tp->snd_cwnd_clamp; 890 } else { 891 /* ssthresh may have been reduced unnecessarily during. 892 * 3WHS. Restore it back to its initial default. 893 */ 894 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH; 895 } 896 if (dst_metric(dst, RTAX_REORDERING) && 897 tp->reordering != dst_metric(dst, RTAX_REORDERING)) { 898 tcp_disable_fack(tp); 899 tp->reordering = dst_metric(dst, RTAX_REORDERING); 900 } 901 902 if (dst_metric(dst, RTAX_RTT) == 0 || tp->srtt == 0) 903 goto reset; 904 905 /* Initial rtt is determined from SYN,SYN-ACK. 906 * The segment is small and rtt may appear much 907 * less than real one. Use per-dst memory 908 * to make it more realistic. 909 * 910 * A bit of theory. RTT is time passed after "normal" sized packet 911 * is sent until it is ACKed. In normal circumstances sending small 912 * packets force peer to delay ACKs and calculation is correct too. 913 * The algorithm is adaptive and, provided we follow specs, it 914 * NEVER underestimate RTT. BUT! If peer tries to make some clever 915 * tricks sort of "quick acks" for time long enough to decrease RTT 916 * to low value, and then abruptly stops to do it and starts to delay 917 * ACKs, wait for troubles. 918 */ 919 if (dst_metric_rtt(dst, RTAX_RTT) > tp->srtt) { 920 tp->srtt = dst_metric_rtt(dst, RTAX_RTT); 921 tp->rtt_seq = tp->snd_nxt; 922 } 923 if (dst_metric_rtt(dst, RTAX_RTTVAR) > tp->mdev) { 924 tp->mdev = dst_metric_rtt(dst, RTAX_RTTVAR); 925 tp->mdev_max = tp->rttvar = max(tp->mdev, tcp_rto_min(sk)); 926 } 927 tcp_set_rto(sk); 928reset: 929 if (tp->srtt == 0) { 930 /* RFC2988bis: We've failed to get a valid RTT sample from 931 * 3WHS. This is most likely due to retransmission, 932 * including spurious one. Reset the RTO back to 3secs 933 * from the more aggressive 1sec to avoid more spurious 934 * retransmission. 935 */ 936 tp->mdev = tp->mdev_max = tp->rttvar = TCP_TIMEOUT_FALLBACK; 937 inet_csk(sk)->icsk_rto = TCP_TIMEOUT_FALLBACK; 938 } 939 /* Cut cwnd down to 1 per RFC5681 if SYN or SYN-ACK has been 940 * retransmitted. In light of RFC2988bis' more aggressive 1sec 941 * initRTO, we only reset cwnd when more than 1 SYN/SYN-ACK 942 * retransmission has occurred. 943 */ 944 if (tp->total_retrans > 1) 945 tp->snd_cwnd = 1; 946 else 947 tp->snd_cwnd = tcp_init_cwnd(tp, dst); 948 tp->snd_cwnd_stamp = tcp_time_stamp; 949} 950 951static void tcp_update_reordering(struct sock *sk, const int metric, 952 const int ts) 953{ 954 struct tcp_sock *tp = tcp_sk(sk); 955 if (metric > tp->reordering) { 956 int mib_idx; 957 958 tp->reordering = min(TCP_MAX_REORDERING, metric); 959 960 /* This exciting event is worth to be remembered. 8) */ 961 if (ts) 962 mib_idx = LINUX_MIB_TCPTSREORDER; 963 else if (tcp_is_reno(tp)) 964 mib_idx = LINUX_MIB_TCPRENOREORDER; 965 else if (tcp_is_fack(tp)) 966 mib_idx = LINUX_MIB_TCPFACKREORDER; 967 else 968 mib_idx = LINUX_MIB_TCPSACKREORDER; 969 970 NET_INC_STATS_BH(sock_net(sk), mib_idx); 971#if FASTRETRANS_DEBUG > 1 972 printk(KERN_DEBUG "Disorder%d %d %u f%u s%u rr%d\n", 973 tp->rx_opt.sack_ok, inet_csk(sk)->icsk_ca_state, 974 tp->reordering, 975 tp->fackets_out, 976 tp->sacked_out, 977 tp->undo_marker ? tp->undo_retrans : 0); 978#endif 979 tcp_disable_fack(tp); 980 } 981} 982 983/* This must be called before lost_out is incremented */ 984static void tcp_verify_retransmit_hint(struct tcp_sock *tp, struct sk_buff *skb) 985{ 986 if ((tp->retransmit_skb_hint == NULL) || 987 before(TCP_SKB_CB(skb)->seq, 988 TCP_SKB_CB(tp->retransmit_skb_hint)->seq)) 989 tp->retransmit_skb_hint = skb; 990 991 if (!tp->lost_out || 992 after(TCP_SKB_CB(skb)->end_seq, tp->retransmit_high)) 993 tp->retransmit_high = TCP_SKB_CB(skb)->end_seq; 994} 995 996static void tcp_skb_mark_lost(struct tcp_sock *tp, struct sk_buff *skb) 997{ 998 if (!(TCP_SKB_CB(skb)->sacked & (TCPCB_LOST|TCPCB_SACKED_ACKED))) { 999 tcp_verify_retransmit_hint(tp, skb); 1000 1001 tp->lost_out += tcp_skb_pcount(skb); 1002 TCP_SKB_CB(skb)->sacked |= TCPCB_LOST; 1003 } 1004} 1005 1006static void tcp_skb_mark_lost_uncond_verify(struct tcp_sock *tp, 1007 struct sk_buff *skb) 1008{ 1009 tcp_verify_retransmit_hint(tp, skb); 1010 1011 if (!(TCP_SKB_CB(skb)->sacked & (TCPCB_LOST|TCPCB_SACKED_ACKED))) { 1012 tp->lost_out += tcp_skb_pcount(skb); 1013 TCP_SKB_CB(skb)->sacked |= TCPCB_LOST; 1014 } 1015} 1016 1017/* This procedure tags the retransmission queue when SACKs arrive. 1018 * 1019 * We have three tag bits: SACKED(S), RETRANS(R) and LOST(L). 1020 * Packets in queue with these bits set are counted in variables 1021 * sacked_out, retrans_out and lost_out, correspondingly. 1022 * 1023 * Valid combinations are: 1024 * Tag InFlight Description 1025 * 0 1 - orig segment is in flight. 1026 * S 0 - nothing flies, orig reached receiver. 1027 * L 0 - nothing flies, orig lost by net. 1028 * R 2 - both orig and retransmit are in flight. 1029 * L|R 1 - orig is lost, retransmit is in flight. 1030 * S|R 1 - orig reached receiver, retrans is still in flight. 1031 * (L|S|R is logically valid, it could occur when L|R is sacked, 1032 * but it is equivalent to plain S and code short-curcuits it to S. 1033 * L|S is logically invalid, it would mean -1 packet in flight 8)) 1034 * 1035 * These 6 states form finite state machine, controlled by the following events: 1036 * 1. New ACK (+SACK) arrives. (tcp_sacktag_write_queue()) 1037 * 2. Retransmission. (tcp_retransmit_skb(), tcp_xmit_retransmit_queue()) 1038 * 3. Loss detection event of one of three flavors: 1039 * A. Scoreboard estimator decided the packet is lost. 1040 * A'. Reno "three dupacks" marks head of queue lost. 1041 * A''. Its FACK modfication, head until snd.fack is lost. 1042 * B. SACK arrives sacking data transmitted after never retransmitted 1043 * hole was sent out. 1044 * C. SACK arrives sacking SND.NXT at the moment, when the 1045 * segment was retransmitted. 1046 * 4. D-SACK added new rule: D-SACK changes any tag to S. 1047 * 1048 * It is pleasant to note, that state diagram turns out to be commutative, 1049 * so that we are allowed not to be bothered by order of our actions, 1050 * when multiple events arrive simultaneously. (see the function below). 1051 * 1052 * Reordering detection. 1053 * -------------------- 1054 * Reordering metric is maximal distance, which a packet can be displaced 1055 * in packet stream. With SACKs we can estimate it: 1056 * 1057 * 1. SACK fills old hole and the corresponding segment was not 1058 * ever retransmitted -> reordering. Alas, we cannot use it 1059 * when segment was retransmitted. 1060 * 2. The last flaw is solved with D-SACK. D-SACK arrives 1061 * for retransmitted and already SACKed segment -> reordering.. 1062 * Both of these heuristics are not used in Loss state, when we cannot 1063 * account for retransmits accurately. 1064 * 1065 * SACK block validation. 1066 * ---------------------- 1067 * 1068 * SACK block range validation checks that the received SACK block fits to 1069 * the expected sequence limits, i.e., it is between SND.UNA and SND.NXT. 1070 * Note that SND.UNA is not included to the range though being valid because 1071 * it means that the receiver is rather inconsistent with itself reporting 1072 * SACK reneging when it should advance SND.UNA. Such SACK block this is 1073 * perfectly valid, however, in light of RFC2018 which explicitly states 1074 * that "SACK block MUST reflect the newest segment. Even if the newest 1075 * segment is going to be discarded ...", not that it looks very clever 1076 * in case of head skb. Due to potentional receiver driven attacks, we 1077 * choose to avoid immediate execution of a walk in write queue due to 1078 * reneging and defer head skb's loss recovery to standard loss recovery 1079 * procedure that will eventually trigger (nothing forbids us doing this). 1080 * 1081 * Implements also blockage to start_seq wrap-around. Problem lies in the 1082 * fact that though start_seq (s) is before end_seq (i.e., not reversed), 1083 * there's no guarantee that it will be before snd_nxt (n). The problem 1084 * happens when start_seq resides between end_seq wrap (e_w) and snd_nxt 1085 * wrap (s_w): 1086 * 1087 * <- outs wnd -> <- wrapzone -> 1088 * u e n u_w e_w s n_w 1089 * | | | | | | | 1090 * |<------------+------+----- TCP seqno space --------------+---------->| 1091 * ...-- <2^31 ->| |<--------... 1092 * ...---- >2^31 ------>| |<--------... 1093 * 1094 * Current code wouldn't be vulnerable but it's better still to discard such 1095 * crazy SACK blocks. Doing this check for start_seq alone closes somewhat 1096 * similar case (end_seq after snd_nxt wrap) as earlier reversed check in 1097 * snd_nxt wrap -> snd_una region will then become "well defined", i.e., 1098 * equal to the ideal case (infinite seqno space without wrap caused issues). 1099 * 1100 * With D-SACK the lower bound is extended to cover sequence space below 1101 * SND.UNA down to undo_marker, which is the last point of interest. Yet 1102 * again, D-SACK block must not to go across snd_una (for the same reason as 1103 * for the normal SACK blocks, explained above). But there all simplicity 1104 * ends, TCP might receive valid D-SACKs below that. As long as they reside 1105 * fully below undo_marker they do not affect behavior in anyway and can 1106 * therefore be safely ignored. In rare cases (which are more or less 1107 * theoretical ones), the D-SACK will nicely cross that boundary due to skb 1108 * fragmentation and packet reordering past skb's retransmission. To consider 1109 * them correctly, the acceptable range must be extended even more though 1110 * the exact amount is rather hard to quantify. However, tp->max_window can 1111 * be used as an exaggerated estimate. 1112 */ 1113static int tcp_is_sackblock_valid(struct tcp_sock *tp, int is_dsack, 1114 u32 start_seq, u32 end_seq) 1115{ 1116 /* Too far in future, or reversed (interpretation is ambiguous) */ 1117 if (after(end_seq, tp->snd_nxt) || !before(start_seq, end_seq)) 1118 return 0; 1119 1120 /* Nasty start_seq wrap-around check (see comments above) */ 1121 if (!before(start_seq, tp->snd_nxt)) 1122 return 0; 1123 1124 /* In outstanding window? ...This is valid exit for D-SACKs too. 1125 * start_seq == snd_una is non-sensical (see comments above) 1126 */ 1127 if (after(start_seq, tp->snd_una)) 1128 return 1; 1129 1130 if (!is_dsack || !tp->undo_marker) 1131 return 0; 1132 1133 /* ...Then it's D-SACK, and must reside below snd_una completely */ 1134 if (after(end_seq, tp->snd_una)) 1135 return 0; 1136 1137 if (!before(start_seq, tp->undo_marker)) 1138 return 1; 1139 1140 /* Too old */ 1141 if (!after(end_seq, tp->undo_marker)) 1142 return 0; 1143 1144 /* Undo_marker boundary crossing (overestimates a lot). Known already: 1145 * start_seq < undo_marker and end_seq >= undo_marker. 1146 */ 1147 return !before(start_seq, end_seq - tp->max_window); 1148} 1149 1150/* Check for lost retransmit. This superb idea is borrowed from "ratehalving". 1151 * Event "C". Later note: FACK people cheated me again 8), we have to account 1152 * for reordering! Ugly, but should help. 1153 * 1154 * Search retransmitted skbs from write_queue that were sent when snd_nxt was 1155 * less than what is now known to be received by the other end (derived from 1156 * highest SACK block). Also calculate the lowest snd_nxt among the remaining 1157 * retransmitted skbs to avoid some costly processing per ACKs. 1158 */ 1159static void tcp_mark_lost_retrans(struct sock *sk) 1160{ 1161 const struct inet_connection_sock *icsk = inet_csk(sk); 1162 struct tcp_sock *tp = tcp_sk(sk); 1163 struct sk_buff *skb; 1164 int cnt = 0; 1165 u32 new_low_seq = tp->snd_nxt; 1166 u32 received_upto = tcp_highest_sack_seq(tp); 1167 1168 if (!tcp_is_fack(tp) || !tp->retrans_out || 1169 !after(received_upto, tp->lost_retrans_low) || 1170 icsk->icsk_ca_state != TCP_CA_Recovery) 1171 return; 1172 1173 tcp_for_write_queue(skb, sk) { 1174 u32 ack_seq = TCP_SKB_CB(skb)->ack_seq; 1175 1176 if (skb == tcp_send_head(sk)) 1177 break; 1178 if (cnt == tp->retrans_out) 1179 break; 1180 if (!after(TCP_SKB_CB(skb)->end_seq, tp->snd_una)) 1181 continue; 1182 1183 if (!(TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS)) 1184 continue; 1185 1186 /* TODO: We would like to get rid of tcp_is_fack(tp) only 1187 * constraint here (see above) but figuring out that at 1188 * least tp->reordering SACK blocks reside between ack_seq 1189 * and received_upto is not easy task to do cheaply with 1190 * the available datastructures. 1191 * 1192 * Whether FACK should check here for tp->reordering segs 1193 * in-between one could argue for either way (it would be 1194 * rather simple to implement as we could count fack_count 1195 * during the walk and do tp->fackets_out - fack_count). 1196 */ 1197 if (after(received_upto, ack_seq)) { 1198 TCP_SKB_CB(skb)->sacked &= ~TCPCB_SACKED_RETRANS; 1199 tp->retrans_out -= tcp_skb_pcount(skb); 1200 1201 tcp_skb_mark_lost_uncond_verify(tp, skb); 1202 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPLOSTRETRANSMIT); 1203 } else { 1204 if (before(ack_seq, new_low_seq)) 1205 new_low_seq = ack_seq; 1206 cnt += tcp_skb_pcount(skb); 1207 } 1208 } 1209 1210 if (tp->retrans_out) 1211 tp->lost_retrans_low = new_low_seq; 1212} 1213 1214static int tcp_check_dsack(struct sock *sk, struct sk_buff *ack_skb, 1215 struct tcp_sack_block_wire *sp, int num_sacks, 1216 u32 prior_snd_una) 1217{ 1218 struct tcp_sock *tp = tcp_sk(sk); 1219 u32 start_seq_0 = get_unaligned_be32(&sp[0].start_seq); 1220 u32 end_seq_0 = get_unaligned_be32(&sp[0].end_seq); 1221 int dup_sack = 0; 1222 1223 if (before(start_seq_0, TCP_SKB_CB(ack_skb)->ack_seq)) { 1224 dup_sack = 1; 1225 tcp_dsack_seen(tp); 1226 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPDSACKRECV); 1227 } else if (num_sacks > 1) { 1228 u32 end_seq_1 = get_unaligned_be32(&sp[1].end_seq); 1229 u32 start_seq_1 = get_unaligned_be32(&sp[1].start_seq); 1230 1231 if (!after(end_seq_0, end_seq_1) && 1232 !before(start_seq_0, start_seq_1)) { 1233 dup_sack = 1; 1234 tcp_dsack_seen(tp); 1235 NET_INC_STATS_BH(sock_net(sk), 1236 LINUX_MIB_TCPDSACKOFORECV); 1237 } 1238 } 1239 1240 /* D-SACK for already forgotten data... Do dumb counting. */ 1241 if (dup_sack && tp->undo_marker && tp->undo_retrans && 1242 !after(end_seq_0, prior_snd_una) && 1243 after(end_seq_0, tp->undo_marker)) 1244 tp->undo_retrans--; 1245 1246 return dup_sack; 1247} 1248 1249struct tcp_sacktag_state { 1250 int reord; 1251 int fack_count; 1252 int flag; 1253}; 1254 1255/* Check if skb is fully within the SACK block. In presence of GSO skbs, 1256 * the incoming SACK may not exactly match but we can find smaller MSS 1257 * aligned portion of it that matches. Therefore we might need to fragment 1258 * which may fail and creates some hassle (caller must handle error case 1259 * returns). 1260 * 1261 * FIXME: this could be merged to shift decision code 1262 */ 1263static int tcp_match_skb_to_sack(struct sock *sk, struct sk_buff *skb, 1264 u32 start_seq, u32 end_seq) 1265{ 1266 int in_sack, err; 1267 unsigned int pkt_len; 1268 unsigned int mss; 1269 1270 in_sack = !after(start_seq, TCP_SKB_CB(skb)->seq) && 1271 !before(end_seq, TCP_SKB_CB(skb)->end_seq); 1272 1273 if (tcp_skb_pcount(skb) > 1 && !in_sack && 1274 after(TCP_SKB_CB(skb)->end_seq, start_seq)) { 1275 mss = tcp_skb_mss(skb); 1276 in_sack = !after(start_seq, TCP_SKB_CB(skb)->seq); 1277 1278 if (!in_sack) { 1279 pkt_len = start_seq - TCP_SKB_CB(skb)->seq; 1280 if (pkt_len < mss) 1281 pkt_len = mss; 1282 } else { 1283 pkt_len = end_seq - TCP_SKB_CB(skb)->seq; 1284 if (pkt_len < mss) 1285 return -EINVAL; 1286 } 1287 1288 /* Round if necessary so that SACKs cover only full MSSes 1289 * and/or the remaining small portion (if present) 1290 */ 1291 if (pkt_len > mss) { 1292 unsigned int new_len = (pkt_len / mss) * mss; 1293 if (!in_sack && new_len < pkt_len) { 1294 new_len += mss; 1295 if (new_len > skb->len) 1296 return 0; 1297 } 1298 pkt_len = new_len; 1299 } 1300 err = tcp_fragment(sk, skb, pkt_len, mss); 1301 if (err < 0) 1302 return err; 1303 } 1304 1305 return in_sack; 1306} 1307 1308static u8 tcp_sacktag_one(struct sk_buff *skb, struct sock *sk, 1309 struct tcp_sacktag_state *state, 1310 int dup_sack, int pcount) 1311{ 1312 struct tcp_sock *tp = tcp_sk(sk); 1313 u8 sacked = TCP_SKB_CB(skb)->sacked; 1314 int fack_count = state->fack_count; 1315 1316 /* Account D-SACK for retransmitted packet. */ 1317 if (dup_sack && (sacked & TCPCB_RETRANS)) { 1318 if (tp->undo_marker && tp->undo_retrans && 1319 after(TCP_SKB_CB(skb)->end_seq, tp->undo_marker)) 1320 tp->undo_retrans--; 1321 if (sacked & TCPCB_SACKED_ACKED) 1322 state->reord = min(fack_count, state->reord); 1323 } 1324 1325 /* Nothing to do; acked frame is about to be dropped (was ACKed). */ 1326 if (!after(TCP_SKB_CB(skb)->end_seq, tp->snd_una)) 1327 return sacked; 1328 1329 if (!(sacked & TCPCB_SACKED_ACKED)) { 1330 if (sacked & TCPCB_SACKED_RETRANS) { 1331 /* If the segment is not tagged as lost, 1332 * we do not clear RETRANS, believing 1333 * that retransmission is still in flight. 1334 */ 1335 if (sacked & TCPCB_LOST) { 1336 sacked &= ~(TCPCB_LOST|TCPCB_SACKED_RETRANS); 1337 tp->lost_out -= pcount; 1338 tp->retrans_out -= pcount; 1339 } 1340 } else { 1341 if (!(sacked & TCPCB_RETRANS)) { 1342 /* New sack for not retransmitted frame, 1343 * which was in hole. It is reordering. 1344 */ 1345 if (before(TCP_SKB_CB(skb)->seq, 1346 tcp_highest_sack_seq(tp))) 1347 state->reord = min(fack_count, 1348 state->reord); 1349 1350 /* SACK enhanced F-RTO (RFC4138; Appendix B) */ 1351 if (!after(TCP_SKB_CB(skb)->end_seq, tp->frto_highmark)) 1352 state->flag |= FLAG_ONLY_ORIG_SACKED; 1353 } 1354 1355 if (sacked & TCPCB_LOST) { 1356 sacked &= ~TCPCB_LOST; 1357 tp->lost_out -= pcount; 1358 } 1359 } 1360 1361 sacked |= TCPCB_SACKED_ACKED; 1362 state->flag |= FLAG_DATA_SACKED; 1363 tp->sacked_out += pcount; 1364 1365 fack_count += pcount; 1366 1367 /* Lost marker hint past SACKed? Tweak RFC3517 cnt */ 1368 if (!tcp_is_fack(tp) && (tp->lost_skb_hint != NULL) && 1369 before(TCP_SKB_CB(skb)->seq, 1370 TCP_SKB_CB(tp->lost_skb_hint)->seq)) 1371 tp->lost_cnt_hint += pcount; 1372 1373 if (fack_count > tp->fackets_out) 1374 tp->fackets_out = fack_count; 1375 } 1376 1377 /* D-SACK. We can detect redundant retransmission in S|R and plain R 1378 * frames and clear it. undo_retrans is decreased above, L|R frames 1379 * are accounted above as well. 1380 */ 1381 if (dup_sack && (sacked & TCPCB_SACKED_RETRANS)) { 1382 sacked &= ~TCPCB_SACKED_RETRANS; 1383 tp->retrans_out -= pcount; 1384 } 1385 1386 return sacked; 1387} 1388 1389static int tcp_shifted_skb(struct sock *sk, struct sk_buff *skb, 1390 struct tcp_sacktag_state *state, 1391 unsigned int pcount, int shifted, int mss, 1392 int dup_sack) 1393{ 1394 struct tcp_sock *tp = tcp_sk(sk); 1395 struct sk_buff *prev = tcp_write_queue_prev(sk, skb); 1396 1397 BUG_ON(!pcount); 1398 1399 if (skb == tp->lost_skb_hint) 1400 tp->lost_cnt_hint += pcount; 1401 1402 TCP_SKB_CB(prev)->end_seq += shifted; 1403 TCP_SKB_CB(skb)->seq += shifted; 1404 1405 skb_shinfo(prev)->gso_segs += pcount; 1406 BUG_ON(skb_shinfo(skb)->gso_segs < pcount); 1407 skb_shinfo(skb)->gso_segs -= pcount; 1408 1409 /* When we're adding to gso_segs == 1, gso_size will be zero, 1410 * in theory this shouldn't be necessary but as long as DSACK 1411 * code can come after this skb later on it's better to keep 1412 * setting gso_size to something. 1413 */ 1414 if (!skb_shinfo(prev)->gso_size) { 1415 skb_shinfo(prev)->gso_size = mss; 1416 skb_shinfo(prev)->gso_type = sk->sk_gso_type; 1417 } 1418 1419 /* CHECKME: To clear or not to clear? Mimics normal skb currently */ 1420 if (skb_shinfo(skb)->gso_segs <= 1) { 1421 skb_shinfo(skb)->gso_size = 0; 1422 skb_shinfo(skb)->gso_type = 0; 1423 } 1424 1425 /* We discard results */ 1426 tcp_sacktag_one(skb, sk, state, dup_sack, pcount); 1427 1428 /* Difference in this won't matter, both ACKed by the same cumul. ACK */ 1429 TCP_SKB_CB(prev)->sacked |= (TCP_SKB_CB(skb)->sacked & TCPCB_EVER_RETRANS); 1430 1431 if (skb->len > 0) { 1432 BUG_ON(!tcp_skb_pcount(skb)); 1433 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SACKSHIFTED); 1434 return 0; 1435 } 1436 1437 /* Whole SKB was eaten :-) */ 1438 1439 if (skb == tp->retransmit_skb_hint) 1440 tp->retransmit_skb_hint = prev; 1441 if (skb == tp->scoreboard_skb_hint) 1442 tp->scoreboard_skb_hint = prev; 1443 if (skb == tp->lost_skb_hint) { 1444 tp->lost_skb_hint = prev; 1445 tp->lost_cnt_hint -= tcp_skb_pcount(prev); 1446 } 1447 1448 TCP_SKB_CB(skb)->tcp_flags |= TCP_SKB_CB(prev)->tcp_flags; 1449 if (skb == tcp_highest_sack(sk)) 1450 tcp_advance_highest_sack(sk, skb); 1451 1452 tcp_unlink_write_queue(skb, sk); 1453 sk_wmem_free_skb(sk, skb); 1454 1455 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SACKMERGED); 1456 1457 return 1; 1458} 1459 1460/* I wish gso_size would have a bit more sane initialization than 1461 * something-or-zero which complicates things 1462 */ 1463static int tcp_skb_seglen(struct sk_buff *skb) 1464{ 1465 return tcp_skb_pcount(skb) == 1 ? skb->len : tcp_skb_mss(skb); 1466} 1467 1468/* Shifting pages past head area doesn't work */ 1469static int skb_can_shift(struct sk_buff *skb) 1470{ 1471 return !skb_headlen(skb) && skb_is_nonlinear(skb); 1472} 1473 1474/* Try collapsing SACK blocks spanning across multiple skbs to a single 1475 * skb. 1476 */ 1477static struct sk_buff *tcp_shift_skb_data(struct sock *sk, struct sk_buff *skb, 1478 struct tcp_sacktag_state *state, 1479 u32 start_seq, u32 end_seq, 1480 int dup_sack) 1481{ 1482 struct tcp_sock *tp = tcp_sk(sk); 1483 struct sk_buff *prev; 1484 int mss; 1485 int pcount = 0; 1486 int len; 1487 int in_sack; 1488 1489 if (!sk_can_gso(sk)) 1490 goto fallback; 1491 1492 /* Normally R but no L won't result in plain S */ 1493 if (!dup_sack && 1494 (TCP_SKB_CB(skb)->sacked & (TCPCB_LOST|TCPCB_SACKED_RETRANS)) == TCPCB_SACKED_RETRANS) 1495 goto fallback; 1496 if (!skb_can_shift(skb)) 1497 goto fallback; 1498 /* This frame is about to be dropped (was ACKed). */ 1499 if (!after(TCP_SKB_CB(skb)->end_seq, tp->snd_una)) 1500 goto fallback; 1501 1502 /* Can only happen with delayed DSACK + discard craziness */ 1503 if (unlikely(skb == tcp_write_queue_head(sk))) 1504 goto fallback; 1505 prev = tcp_write_queue_prev(sk, skb); 1506 1507 if ((TCP_SKB_CB(prev)->sacked & TCPCB_TAGBITS) != TCPCB_SACKED_ACKED) 1508 goto fallback; 1509 1510 in_sack = !after(start_seq, TCP_SKB_CB(skb)->seq) && 1511 !before(end_seq, TCP_SKB_CB(skb)->end_seq); 1512 1513 if (in_sack) { 1514 len = skb->len; 1515 pcount = tcp_skb_pcount(skb); 1516 mss = tcp_skb_seglen(skb); 1517 1518 /* TODO: Fix DSACKs to not fragment already SACKed and we can 1519 * drop this restriction as unnecessary 1520 */ 1521 if (mss != tcp_skb_seglen(prev)) 1522 goto fallback; 1523 } else { 1524 if (!after(TCP_SKB_CB(skb)->end_seq, start_seq)) 1525 goto noop; 1526 /* CHECKME: This is non-MSS split case only?, this will 1527 * cause skipped skbs due to advancing loop btw, original 1528 * has that feature too 1529 */ 1530 if (tcp_skb_pcount(skb) <= 1) 1531 goto noop; 1532 1533 in_sack = !after(start_seq, TCP_SKB_CB(skb)->seq); 1534 if (!in_sack) { 1535 /* TODO: head merge to next could be attempted here 1536 * if (!after(TCP_SKB_CB(skb)->end_seq, end_seq)), 1537 * though it might not be worth of the additional hassle 1538 * 1539 * ...we can probably just fallback to what was done 1540 * previously. We could try merging non-SACKed ones 1541 * as well but it probably isn't going to buy off 1542 * because later SACKs might again split them, and 1543 * it would make skb timestamp tracking considerably 1544 * harder problem. 1545 */ 1546 goto fallback; 1547 } 1548 1549 len = end_seq - TCP_SKB_CB(skb)->seq; 1550 BUG_ON(len < 0); 1551 BUG_ON(len > skb->len); 1552 1553 /* MSS boundaries should be honoured or else pcount will 1554 * severely break even though it makes things bit trickier. 1555 * Optimize common case to avoid most of the divides 1556 */ 1557 mss = tcp_skb_mss(skb); 1558 1559 /* TODO: Fix DSACKs to not fragment already SACKed and we can 1560 * drop this restriction as unnecessary 1561 */ 1562 if (mss != tcp_skb_seglen(prev)) 1563 goto fallback; 1564 1565 if (len == mss) { 1566 pcount = 1; 1567 } else if (len < mss) { 1568 goto noop; 1569 } else { 1570 pcount = len / mss; 1571 len = pcount * mss; 1572 } 1573 } 1574 1575 if (!skb_shift(prev, skb, len)) 1576 goto fallback; 1577 if (!tcp_shifted_skb(sk, skb, state, pcount, len, mss, dup_sack)) 1578 goto out; 1579 1580 /* Hole filled allows collapsing with the next as well, this is very 1581 * useful when hole on every nth skb pattern happens 1582 */ 1583 if (prev == tcp_write_queue_tail(sk)) 1584 goto out; 1585 skb = tcp_write_queue_next(sk, prev); 1586 1587 if (!skb_can_shift(skb) || 1588 (skb == tcp_send_head(sk)) || 1589 ((TCP_SKB_CB(skb)->sacked & TCPCB_TAGBITS) != TCPCB_SACKED_ACKED) || 1590 (mss != tcp_skb_seglen(skb))) 1591 goto out; 1592 1593 len = skb->len; 1594 if (skb_shift(prev, skb, len)) { 1595 pcount += tcp_skb_pcount(skb); 1596 tcp_shifted_skb(sk, skb, state, tcp_skb_pcount(skb), len, mss, 0); 1597 } 1598 1599out: 1600 state->fack_count += pcount; 1601 return prev; 1602 1603noop: 1604 return skb; 1605 1606fallback: 1607 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SACKSHIFTFALLBACK); 1608 return NULL; 1609} 1610 1611static struct sk_buff *tcp_sacktag_walk(struct sk_buff *skb, struct sock *sk, 1612 struct tcp_sack_block *next_dup, 1613 struct tcp_sacktag_state *state, 1614 u32 start_seq, u32 end_seq, 1615 int dup_sack_in) 1616{ 1617 struct tcp_sock *tp = tcp_sk(sk); 1618 struct sk_buff *tmp; 1619 1620 tcp_for_write_queue_from(skb, sk) { 1621 int in_sack = 0; 1622 int dup_sack = dup_sack_in; 1623 1624 if (skb == tcp_send_head(sk)) 1625 break; 1626 1627 /* queue is in-order => we can short-circuit the walk early */ 1628 if (!before(TCP_SKB_CB(skb)->seq, end_seq)) 1629 break; 1630 1631 if ((next_dup != NULL) && 1632 before(TCP_SKB_CB(skb)->seq, next_dup->end_seq)) { 1633 in_sack = tcp_match_skb_to_sack(sk, skb, 1634 next_dup->start_seq, 1635 next_dup->end_seq); 1636 if (in_sack > 0) 1637 dup_sack = 1; 1638 } 1639 1640 /* skb reference here is a bit tricky to get right, since 1641 * shifting can eat and free both this skb and the next, 1642 * so not even _safe variant of the loop is enough. 1643 */ 1644 if (in_sack <= 0) { 1645 tmp = tcp_shift_skb_data(sk, skb, state, 1646 start_seq, end_seq, dup_sack); 1647 if (tmp != NULL) { 1648 if (tmp != skb) { 1649 skb = tmp; 1650 continue; 1651 } 1652 1653 in_sack = 0; 1654 } else { 1655 in_sack = tcp_match_skb_to_sack(sk, skb, 1656 start_seq, 1657 end_seq); 1658 } 1659 } 1660 1661 if (unlikely(in_sack < 0)) 1662 break; 1663 1664 if (in_sack) { 1665 TCP_SKB_CB(skb)->sacked = tcp_sacktag_one(skb, sk, 1666 state, 1667 dup_sack, 1668 tcp_skb_pcount(skb)); 1669 1670 if (!before(TCP_SKB_CB(skb)->seq, 1671 tcp_highest_sack_seq(tp))) 1672 tcp_advance_highest_sack(sk, skb); 1673 } 1674 1675 state->fack_count += tcp_skb_pcount(skb); 1676 } 1677 return skb; 1678} 1679 1680/* Avoid all extra work that is being done by sacktag while walking in 1681 * a normal way 1682 */ 1683static struct sk_buff *tcp_sacktag_skip(struct sk_buff *skb, struct sock *sk, 1684 struct tcp_sacktag_state *state, 1685 u32 skip_to_seq) 1686{ 1687 tcp_for_write_queue_from(skb, sk) { 1688 if (skb == tcp_send_head(sk)) 1689 break; 1690 1691 if (after(TCP_SKB_CB(skb)->end_seq, skip_to_seq)) 1692 break; 1693 1694 state->fack_count += tcp_skb_pcount(skb); 1695 } 1696 return skb; 1697} 1698 1699static struct sk_buff *tcp_maybe_skipping_dsack(struct sk_buff *skb, 1700 struct sock *sk, 1701 struct tcp_sack_block *next_dup, 1702 struct tcp_sacktag_state *state, 1703 u32 skip_to_seq) 1704{ 1705 if (next_dup == NULL) 1706 return skb; 1707 1708 if (before(next_dup->start_seq, skip_to_seq)) { 1709 skb = tcp_sacktag_skip(skb, sk, state, next_dup->start_seq); 1710 skb = tcp_sacktag_walk(skb, sk, NULL, state, 1711 next_dup->start_seq, next_dup->end_seq, 1712 1); 1713 } 1714 1715 return skb; 1716} 1717 1718static int tcp_sack_cache_ok(struct tcp_sock *tp, struct tcp_sack_block *cache) 1719{ 1720 return cache < tp->recv_sack_cache + ARRAY_SIZE(tp->recv_sack_cache); 1721} 1722 1723static int 1724tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, 1725 u32 prior_snd_una) 1726{ 1727 const struct inet_connection_sock *icsk = inet_csk(sk); 1728 struct tcp_sock *tp = tcp_sk(sk); 1729 unsigned char *ptr = (skb_transport_header(ack_skb) + 1730 TCP_SKB_CB(ack_skb)->sacked); 1731 struct tcp_sack_block_wire *sp_wire = (struct tcp_sack_block_wire *)(ptr+2); 1732 struct tcp_sack_block sp[TCP_NUM_SACKS]; 1733 struct tcp_sack_block *cache; 1734 struct tcp_sacktag_state state; 1735 struct sk_buff *skb; 1736 int num_sacks = min(TCP_NUM_SACKS, (ptr[1] - TCPOLEN_SACK_BASE) >> 3); 1737 int used_sacks; 1738 int found_dup_sack = 0; 1739 int i, j; 1740 int first_sack_index; 1741 1742 state.flag = 0; 1743 state.reord = tp->packets_out; 1744 1745 if (!tp->sacked_out) { 1746 if (WARN_ON(tp->fackets_out)) 1747 tp->fackets_out = 0; 1748 tcp_highest_sack_reset(sk); 1749 } 1750 1751 found_dup_sack = tcp_check_dsack(sk, ack_skb, sp_wire, 1752 num_sacks, prior_snd_una); 1753 if (found_dup_sack) 1754 state.flag |= FLAG_DSACKING_ACK; 1755 1756 /* Eliminate too old ACKs, but take into 1757 * account more or less fresh ones, they can 1758 * contain valid SACK info. 1759 */ 1760 if (before(TCP_SKB_CB(ack_skb)->ack_seq, prior_snd_una - tp->max_window)) 1761 return 0; 1762 1763 if (!tp->packets_out) 1764 goto out; 1765 1766 used_sacks = 0; 1767 first_sack_index = 0; 1768 for (i = 0; i < num_sacks; i++) { 1769 int dup_sack = !i && found_dup_sack; 1770 1771 sp[used_sacks].start_seq = get_unaligned_be32(&sp_wire[i].start_seq); 1772 sp[used_sacks].end_seq = get_unaligned_be32(&sp_wire[i].end_seq); 1773 1774 if (!tcp_is_sackblock_valid(tp, dup_sack, 1775 sp[used_sacks].start_seq, 1776 sp[used_sacks].end_seq)) { 1777 int mib_idx; 1778 1779 if (dup_sack) { 1780 if (!tp->undo_marker) 1781 mib_idx = LINUX_MIB_TCPDSACKIGNOREDNOUNDO; 1782 else 1783 mib_idx = LINUX_MIB_TCPDSACKIGNOREDOLD; 1784 } else { 1785 /* Don't count olds caused by ACK reordering */ 1786 if ((TCP_SKB_CB(ack_skb)->ack_seq != tp->snd_una) && 1787 !after(sp[used_sacks].end_seq, tp->snd_una)) 1788 continue; 1789 mib_idx = LINUX_MIB_TCPSACKDISCARD; 1790 } 1791 1792 NET_INC_STATS_BH(sock_net(sk), mib_idx); 1793 if (i == 0) 1794 first_sack_index = -1; 1795 continue; 1796 } 1797 1798 /* Ignore very old stuff early */ 1799 if (!after(sp[used_sacks].end_seq, prior_snd_una)) 1800 continue; 1801 1802 used_sacks++; 1803 } 1804 1805 /* order SACK blocks to allow in order walk of the retrans queue */ 1806 for (i = used_sacks - 1; i > 0; i--) { 1807 for (j = 0; j < i; j++) { 1808 if (after(sp[j].start_seq, sp[j + 1].start_seq)) { 1809 swap(sp[j], sp[j + 1]); 1810 1811 /* Track where the first SACK block goes to */ 1812 if (j == first_sack_index) 1813 first_sack_index = j + 1; 1814 } 1815 } 1816 } 1817 1818 skb = tcp_write_queue_head(sk); 1819 state.fack_count = 0; 1820 i = 0; 1821 1822 if (!tp->sacked_out) { 1823 /* It's already past, so skip checking against it */ 1824 cache = tp->recv_sack_cache + ARRAY_SIZE(tp->recv_sack_cache); 1825 } else { 1826 cache = tp->recv_sack_cache; 1827 /* Skip empty blocks in at head of the cache */ 1828 while (tcp_sack_cache_ok(tp, cache) && !cache->start_seq && 1829 !cache->end_seq) 1830 cache++; 1831 } 1832 1833 while (i < used_sacks) { 1834 u32 start_seq = sp[i].start_seq; 1835 u32 end_seq = sp[i].end_seq; 1836 int dup_sack = (found_dup_sack && (i == first_sack_index)); 1837 struct tcp_sack_block *next_dup = NULL; 1838 1839 if (found_dup_sack && ((i + 1) == first_sack_index)) 1840 next_dup = &sp[i + 1]; 1841 1842 /* Event "B" in the comment above. */ 1843 if (after(end_seq, tp->high_seq)) 1844 state.flag |= FLAG_DATA_LOST; 1845 1846 /* Skip too early cached blocks */ 1847 while (tcp_sack_cache_ok(tp, cache) && 1848 !before(start_seq, cache->end_seq)) 1849 cache++; 1850 1851 /* Can skip some work by looking recv_sack_cache? */ 1852 if (tcp_sack_cache_ok(tp, cache) && !dup_sack && 1853 after(end_seq, cache->start_seq)) { 1854 1855 /* Head todo? */ 1856 if (before(start_seq, cache->start_seq)) { 1857 skb = tcp_sacktag_skip(skb, sk, &state, 1858 start_seq); 1859 skb = tcp_sacktag_walk(skb, sk, next_dup, 1860 &state, 1861 start_seq, 1862 cache->start_seq, 1863 dup_sack); 1864 } 1865 1866 /* Rest of the block already fully processed? */ 1867 if (!after(end_seq, cache->end_seq)) 1868 goto advance_sp; 1869 1870 skb = tcp_maybe_skipping_dsack(skb, sk, next_dup, 1871 &state, 1872 cache->end_seq); 1873 1874 /* ...tail remains todo... */ 1875 if (tcp_highest_sack_seq(tp) == cache->end_seq) { 1876 /* ...but better entrypoint exists! */ 1877 skb = tcp_highest_sack(sk); 1878 if (skb == NULL) 1879 break; 1880 state.fack_count = tp->fackets_out; 1881 cache++; 1882 goto walk; 1883 } 1884 1885 skb = tcp_sacktag_skip(skb, sk, &state, cache->end_seq); 1886 /* Check overlap against next cached too (past this one already) */ 1887 cache++; 1888 continue; 1889 } 1890 1891 if (!before(start_seq, tcp_highest_sack_seq(tp))) { 1892 skb = tcp_highest_sack(sk); 1893 if (skb == NULL) 1894 break; 1895 state.fack_count = tp->fackets_out; 1896 } 1897 skb = tcp_sacktag_skip(skb, sk, &state, start_seq); 1898 1899walk: 1900 skb = tcp_sacktag_walk(skb, sk, next_dup, &state, 1901 start_seq, end_seq, dup_sack); 1902 1903advance_sp: 1904 /* SACK enhanced FRTO (RFC4138, Appendix B): Clearing correct 1905 * due to in-order walk 1906 */ 1907 if (after(end_seq, tp->frto_highmark)) 1908 state.flag &= ~FLAG_ONLY_ORIG_SACKED; 1909 1910 i++; 1911 } 1912 1913 /* Clear the head of the cache sack blocks so we can skip it next time */ 1914 for (i = 0; i < ARRAY_SIZE(tp->recv_sack_cache) - used_sacks; i++) { 1915 tp->recv_sack_cache[i].start_seq = 0; 1916 tp->recv_sack_cache[i].end_seq = 0; 1917 } 1918 for (j = 0; j < used_sacks; j++) 1919 tp->recv_sack_cache[i++] = sp[j]; 1920 1921 tcp_mark_lost_retrans(sk); 1922 1923 tcp_verify_left_out(tp); 1924 1925 if ((state.reord < tp->fackets_out) && 1926 ((icsk->icsk_ca_state != TCP_CA_Loss) || tp->undo_marker) && 1927 (!tp->frto_highmark || after(tp->snd_una, tp->frto_highmark))) 1928 tcp_update_reordering(sk, tp->fackets_out - state.reord, 0); 1929 1930out: 1931 1932#if FASTRETRANS_DEBUG > 0 1933 WARN_ON((int)tp->sacked_out < 0); 1934 WARN_ON((int)tp->lost_out < 0); 1935 WARN_ON((int)tp->retrans_out < 0); 1936 WARN_ON((int)tcp_packets_in_flight(tp) < 0); 1937#endif 1938 return state.flag; 1939} 1940 1941/* Limits sacked_out so that sum with lost_out isn't ever larger than 1942 * packets_out. Returns zero if sacked_out adjustement wasn't necessary. 1943 */ 1944static int tcp_limit_reno_sacked(struct tcp_sock *tp) 1945{ 1946 u32 holes; 1947 1948 holes = max(tp->lost_out, 1U); 1949 holes = min(holes, tp->packets_out); 1950 1951 if ((tp->sacked_out + holes) > tp->packets_out) { 1952 tp->sacked_out = tp->packets_out - holes; 1953 return 1; 1954 } 1955 return 0; 1956} 1957 1958/* If we receive more dupacks than we expected counting segments 1959 * in assumption of absent reordering, interpret this as reordering. 1960 * The only another reason could be bug in receiver TCP. 1961 */ 1962static void tcp_check_reno_reordering(struct sock *sk, const int addend) 1963{ 1964 struct tcp_sock *tp = tcp_sk(sk); 1965 if (tcp_limit_reno_sacked(tp)) 1966 tcp_update_reordering(sk, tp->packets_out + addend, 0); 1967} 1968 1969/* Emulate SACKs for SACKless connection: account for a new dupack. */ 1970 1971static void tcp_add_reno_sack(struct sock *sk) 1972{ 1973 struct tcp_sock *tp = tcp_sk(sk); 1974 tp->sacked_out++; 1975 tcp_check_reno_reordering(sk, 0); 1976 tcp_verify_left_out(tp); 1977} 1978 1979/* Account for ACK, ACKing some data in Reno Recovery phase. */ 1980 1981static void tcp_remove_reno_sacks(struct sock *sk, int acked) 1982{ 1983 struct tcp_sock *tp = tcp_sk(sk); 1984 1985 if (acked > 0) { 1986 /* One ACK acked hole. The rest eat duplicate ACKs. */ 1987 if (acked - 1 >= tp->sacked_out) 1988 tp->sacked_out = 0; 1989 else 1990 tp->sacked_out -= acked - 1; 1991 } 1992 tcp_check_reno_reordering(sk, acked); 1993 tcp_verify_left_out(tp); 1994} 1995 1996static inline void tcp_reset_reno_sack(struct tcp_sock *tp) 1997{ 1998 tp->sacked_out = 0; 1999} 2000 2001static int tcp_is_sackfrto(const struct tcp_sock *tp) 2002{ 2003 return (sysctl_tcp_frto == 0x2) && !tcp_is_reno(tp); 2004} 2005 2006/* F-RTO can only be used if TCP has never retransmitted anything other than 2007 * head (SACK enhanced variant from Appendix B of RFC4138 is more robust here) 2008 */ 2009int tcp_use_frto(struct sock *sk) 2010{ 2011 const struct tcp_sock *tp = tcp_sk(sk); 2012 const struct inet_connection_sock *icsk = inet_csk(sk); 2013 struct sk_buff *skb; 2014 2015 if (!sysctl_tcp_frto) 2016 return 0; 2017 2018 /* MTU probe and F-RTO won't really play nicely along currently */ 2019 if (icsk->icsk_mtup.probe_size) 2020 return 0; 2021 2022 if (tcp_is_sackfrto(tp)) 2023 return 1; 2024 2025 /* Avoid expensive walking of rexmit queue if possible */ 2026 if (tp->retrans_out > 1) 2027 return 0; 2028 2029 skb = tcp_write_queue_head(sk); 2030 if (tcp_skb_is_last(sk, skb)) 2031 return 1; 2032 skb = tcp_write_queue_next(sk, skb); /* Skips head */ 2033 tcp_for_write_queue_from(skb, sk) { 2034 if (skb == tcp_send_head(sk)) 2035 break; 2036 if (TCP_SKB_CB(skb)->sacked & TCPCB_RETRANS) 2037 return 0; 2038 /* Short-circuit when first non-SACKed skb has been checked */ 2039 if (!(TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)) 2040 break; 2041 } 2042 return 1; 2043} 2044 2045/* RTO occurred, but do not yet enter Loss state. Instead, defer RTO 2046 * recovery a bit and use heuristics in tcp_process_frto() to detect if 2047 * the RTO was spurious. Only clear SACKED_RETRANS of the head here to 2048 * keep retrans_out counting accurate (with SACK F-RTO, other than head 2049 * may still have that bit set); TCPCB_LOST and remaining SACKED_RETRANS 2050 * bits are handled if the Loss state is really to be entered (in 2051 * tcp_enter_frto_loss). 2052 * 2053 * Do like tcp_enter_loss() would; when RTO expires the second time it 2054 * does: 2055 * "Reduce ssthresh if it has not yet been made inside this window." 2056 */ 2057void tcp_enter_frto(struct sock *sk) 2058{ 2059 const struct inet_connection_sock *icsk = inet_csk(sk); 2060 struct tcp_sock *tp = tcp_sk(sk); 2061 struct sk_buff *skb; 2062 2063 if ((!tp->frto_counter && icsk->icsk_ca_state <= TCP_CA_Disorder) || 2064 tp->snd_una == tp->high_seq || 2065 ((icsk->icsk_ca_state == TCP_CA_Loss || tp->frto_counter) && 2066 !icsk->icsk_retransmits)) { 2067 tp->prior_ssthresh = tcp_current_ssthresh(sk); 2068 /* Our state is too optimistic in ssthresh() call because cwnd 2069 * is not reduced until tcp_enter_frto_loss() when previous F-RTO 2070 * recovery has not yet completed. Pattern would be this: RTO, 2071 * Cumulative ACK, RTO (2xRTO for the same segment does not end 2072 * up here twice). 2073 * RFC4138 should be more specific on what to do, even though 2074 * RTO is quite unlikely to occur after the first Cumulative ACK 2075 * due to back-off and complexity of triggering events ... 2076 */ 2077 if (tp->frto_counter) { 2078 u32 stored_cwnd; 2079 stored_cwnd = tp->snd_cwnd; 2080 tp->snd_cwnd = 2; 2081 tp->snd_ssthresh = icsk->icsk_ca_ops->ssthresh(sk); 2082 tp->snd_cwnd = stored_cwnd; 2083 } else { 2084 tp->snd_ssthresh = icsk->icsk_ca_ops->ssthresh(sk); 2085 } 2086 /* ... in theory, cong.control module could do "any tricks" in 2087 * ssthresh(), which means that ca_state, lost bits and lost_out 2088 * counter would have to be faked before the call occurs. We 2089 * consider that too expensive, unlikely and hacky, so modules 2090 * using these in ssthresh() must deal these incompatibility 2091 * issues if they receives CA_EVENT_FRTO and frto_counter != 0 2092 */ 2093 tcp_ca_event(sk, CA_EVENT_FRTO); 2094 } 2095 2096 tp->undo_marker = tp->snd_una; 2097 tp->undo_retrans = 0; 2098 2099 skb = tcp_write_queue_head(sk); 2100 if (TCP_SKB_CB(skb)->sacked & TCPCB_RETRANS) 2101 tp->undo_marker = 0; 2102 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS) { 2103 TCP_SKB_CB(skb)->sacked &= ~TCPCB_SACKED_RETRANS; 2104 tp->retrans_out -= tcp_skb_pcount(skb); 2105 } 2106 tcp_verify_left_out(tp); 2107 2108 /* Too bad if TCP was application limited */ 2109 tp->snd_cwnd = min(tp->snd_cwnd, tcp_packets_in_flight(tp) + 1); 2110 2111 /* Earlier loss recovery underway (see RFC4138; Appendix B). 2112 * The last condition is necessary at least in tp->frto_counter case. 2113 */ 2114 if (tcp_is_sackfrto(tp) && (tp->frto_counter || 2115 ((1 << icsk->icsk_ca_state) & (TCPF_CA_Recovery|TCPF_CA_Loss))) && 2116 after(tp->high_seq, tp->snd_una)) { 2117 tp->frto_highmark = tp->high_seq; 2118 } else { 2119 tp->frto_highmark = tp->snd_nxt; 2120 } 2121 tcp_set_ca_state(sk, TCP_CA_Disorder); 2122 tp->high_seq = tp->snd_nxt; 2123 tp->frto_counter = 1; 2124} 2125 2126/* Enter Loss state after F-RTO was applied. Dupack arrived after RTO, 2127 * which indicates that we should follow the traditional RTO recovery, 2128 * i.e. mark everything lost and do go-back-N retransmission. 2129 */ 2130static void tcp_enter_frto_loss(struct sock *sk, int allowed_segments, int flag) 2131{ 2132 struct tcp_sock *tp = tcp_sk(sk); 2133 struct sk_buff *skb; 2134 2135 tp->lost_out = 0; 2136 tp->retrans_out = 0; 2137 if (tcp_is_reno(tp)) 2138 tcp_reset_reno_sack(tp); 2139 2140 tcp_for_write_queue(skb, sk) { 2141 if (skb == tcp_send_head(sk)) 2142 break; 2143 2144 TCP_SKB_CB(skb)->sacked &= ~TCPCB_LOST; 2145 /* 2146 * Count the retransmission made on RTO correctly (only when 2147 * waiting for the first ACK and did not get it)... 2148 */ 2149 if ((tp->frto_counter == 1) && !(flag & FLAG_DATA_ACKED)) { 2150 /* For some reason this R-bit might get cleared? */ 2151 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS) 2152 tp->retrans_out += tcp_skb_pcount(skb); 2153 /* ...enter this if branch just for the first segment */ 2154 flag |= FLAG_DATA_ACKED; 2155 } else { 2156 if (TCP_SKB_CB(skb)->sacked & TCPCB_RETRANS) 2157 tp->undo_marker = 0; 2158 TCP_SKB_CB(skb)->sacked &= ~TCPCB_SACKED_RETRANS; 2159 } 2160 2161 /* Marking forward transmissions that were made after RTO lost 2162 * can cause unnecessary retransmissions in some scenarios, 2163 * SACK blocks will mitigate that in some but not in all cases. 2164 * We used to not mark them but it was causing break-ups with 2165 * receivers that do only in-order receival. 2166 * 2167 * TODO: we could detect presence of such receiver and select 2168 * different behavior per flow. 2169 */ 2170 if (!(TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)) { 2171 TCP_SKB_CB(skb)->sacked |= TCPCB_LOST; 2172 tp->lost_out += tcp_skb_pcount(skb); 2173 tp->retransmit_high = TCP_SKB_CB(skb)->end_seq; 2174 } 2175 } 2176 tcp_verify_left_out(tp); 2177 2178 tp->snd_cwnd = tcp_packets_in_flight(tp) + allowed_segments; 2179 tp->snd_cwnd_cnt = 0; 2180 tp->snd_cwnd_stamp = tcp_time_stamp; 2181 tp->frto_counter = 0; 2182 tp->bytes_acked = 0; 2183 2184 tp->reordering = min_t(unsigned int, tp->reordering, 2185 sysctl_tcp_reordering); 2186 tcp_set_ca_state(sk, TCP_CA_Loss); 2187 tp->high_seq = tp->snd_nxt; 2188 TCP_ECN_queue_cwr(tp); 2189 2190 tcp_clear_all_retrans_hints(tp); 2191} 2192 2193static void tcp_clear_retrans_partial(struct tcp_sock *tp) 2194{ 2195 tp->retrans_out = 0; 2196 tp->lost_out = 0; 2197 2198 tp->undo_marker = 0; 2199 tp->undo_retrans = 0; 2200} 2201 2202void tcp_clear_retrans(struct tcp_sock *tp) 2203{ 2204 tcp_clear_retrans_partial(tp); 2205 2206 tp->fackets_out = 0; 2207 tp->sacked_out = 0; 2208} 2209 2210/* Enter Loss state. If "how" is not zero, forget all SACK information 2211 * and reset tags completely, otherwise preserve SACKs. If receiver 2212 * dropped its ofo queue, we will know this due to reneging detection. 2213 */ 2214void tcp_enter_loss(struct sock *sk, int how) 2215{ 2216 const struct inet_connection_sock *icsk = inet_csk(sk); 2217 struct tcp_sock *tp = tcp_sk(sk); 2218 struct sk_buff *skb; 2219 2220 /* Reduce ssthresh if it has not yet been made inside this window. */ 2221 if (icsk->icsk_ca_state <= TCP_CA_Disorder || tp->snd_una == tp->high_seq || 2222 (icsk->icsk_ca_state == TCP_CA_Loss && !icsk->icsk_retransmits)) { 2223 tp->prior_ssthresh = tcp_current_ssthresh(sk); 2224 tp->snd_ssthresh = icsk->icsk_ca_ops->ssthresh(sk); 2225 tcp_ca_event(sk, CA_EVENT_LOSS); 2226 } 2227 tp->snd_cwnd = 1; 2228 tp->snd_cwnd_cnt = 0; 2229 tp->snd_cwnd_stamp = tcp_time_stamp; 2230 2231 tp->bytes_acked = 0; 2232 tcp_clear_retrans_partial(tp); 2233 2234 if (tcp_is_reno(tp)) 2235 tcp_reset_reno_sack(tp); 2236 2237 if (!how) { 2238 /* Push undo marker, if it was plain RTO and nothing 2239 * was retransmitted. */ 2240 tp->undo_marker = tp->snd_una; 2241 } else { 2242 tp->sacked_out = 0; 2243 tp->fackets_out = 0; 2244 } 2245 tcp_clear_all_retrans_hints(tp); 2246 2247 tcp_for_write_queue(skb, sk) { 2248 if (skb == tcp_send_head(sk)) 2249 break; 2250 2251 if (TCP_SKB_CB(skb)->sacked & TCPCB_RETRANS) 2252 tp->undo_marker = 0; 2253 TCP_SKB_CB(skb)->sacked &= (~TCPCB_TAGBITS)|TCPCB_SACKED_ACKED; 2254 if (!(TCP_SKB_CB(skb)->sacked&TCPCB_SACKED_ACKED) || how) { 2255 TCP_SKB_CB(skb)->sacked &= ~TCPCB_SACKED_ACKED; 2256 TCP_SKB_CB(skb)->sacked |= TCPCB_LOST; 2257 tp->lost_out += tcp_skb_pcount(skb); 2258 tp->retransmit_high = TCP_SKB_CB(skb)->end_seq; 2259 } 2260 } 2261 tcp_verify_left_out(tp); 2262 2263 tp->reordering = min_t(unsigned int, tp->reordering, 2264 sysctl_tcp_reordering); 2265 tcp_set_ca_state(sk, TCP_CA_Loss); 2266 tp->high_seq = tp->snd_nxt; 2267 TCP_ECN_queue_cwr(tp); 2268 /* Abort F-RTO algorithm if one is in progress */ 2269 tp->frto_counter = 0; 2270} 2271 2272/* If ACK arrived pointing to a remembered SACK, it means that our 2273 * remembered SACKs do not reflect real state of receiver i.e. 2274 * receiver _host_ is heavily congested (or buggy). 2275 * 2276 * Do processing similar to RTO timeout. 2277 */ 2278static int tcp_check_sack_reneging(struct sock *sk, int flag) 2279{ 2280 if (flag & FLAG_SACK_RENEGING) { 2281 struct inet_connection_sock *icsk = inet_csk(sk); 2282 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPSACKRENEGING); 2283 2284 tcp_enter_loss(sk, 1); 2285 icsk->icsk_retransmits++; 2286 tcp_retransmit_skb(sk, tcp_write_queue_head(sk)); 2287 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 2288 icsk->icsk_rto, TCP_RTO_MAX); 2289 return 1; 2290 } 2291 return 0; 2292} 2293 2294static inline int tcp_fackets_out(struct tcp_sock *tp) 2295{ 2296 return tcp_is_reno(tp) ? tp->sacked_out + 1 : tp->fackets_out; 2297} 2298 2299/* Heurestics to calculate number of duplicate ACKs. There's no dupACKs 2300 * counter when SACK is enabled (without SACK, sacked_out is used for 2301 * that purpose). 2302 * 2303 * Instead, with FACK TCP uses fackets_out that includes both SACKed 2304 * segments up to the highest received SACK block so far and holes in 2305 * between them. 2306 * 2307 * With reordering, holes may still be in flight, so RFC3517 recovery 2308 * uses pure sacked_out (total number of SACKed segments) even though 2309 * it violates the RFC that uses duplicate ACKs, often these are equal 2310 * but when e.g. out-of-window ACKs or packet duplication occurs, 2311 * they differ. Since neither occurs due to loss, TCP should really 2312 * ignore them. 2313 */ 2314static inline int tcp_dupack_heuristics(struct tcp_sock *tp) 2315{ 2316 return tcp_is_fack(tp) ? tp->fackets_out : tp->sacked_out + 1; 2317} 2318 2319static inline int tcp_skb_timedout(struct sock *sk, struct sk_buff *skb) 2320{ 2321 return tcp_time_stamp - TCP_SKB_CB(skb)->when > inet_csk(sk)->icsk_rto; 2322} 2323 2324static inline int tcp_head_timedout(struct sock *sk) 2325{ 2326 struct tcp_sock *tp = tcp_sk(sk); 2327 2328 return tp->packets_out && 2329 tcp_skb_timedout(sk, tcp_write_queue_head(sk)); 2330} 2331 2332/* Linux NewReno/SACK/FACK/ECN state machine. 2333 * -------------------------------------- 2334 * 2335 * "Open" Normal state, no dubious events, fast path. 2336 * "Disorder" In all the respects it is "Open", 2337 * but requires a bit more attention. It is entered when 2338 * we see some SACKs or dupacks. It is split of "Open" 2339 * mainly to move some processing from fast path to slow one. 2340 * "CWR" CWND was reduced due to some Congestion Notification event. 2341 * It can be ECN, ICMP source quench, local device congestion. 2342 * "Recovery" CWND was reduced, we are fast-retransmitting. 2343 * "Loss" CWND was reduced due to RTO timeout or SACK reneging. 2344 * 2345 * tcp_fastretrans_alert() is entered: 2346 * - each incoming ACK, if state is not "Open" 2347 * - when arrived ACK is unusual, namely: 2348 * * SACK 2349 * * Duplicate ACK. 2350 * * ECN ECE. 2351 * 2352 * Counting packets in flight is pretty simple. 2353 * 2354 * in_flight = packets_out - left_out + retrans_out 2355 * 2356 * packets_out is SND.NXT-SND.UNA counted in packets. 2357 * 2358 * retrans_out is number of retransmitted segments. 2359 * 2360 * left_out is number of segments left network, but not ACKed yet. 2361 * 2362 * left_out = sacked_out + lost_out 2363 * 2364 * sacked_out: Packets, which arrived to receiver out of order 2365 * and hence not ACKed. With SACKs this number is simply 2366 * amount of SACKed data. Even without SACKs 2367 * it is easy to give pretty reliable estimate of this number, 2368 * counting duplicate ACKs. 2369 * 2370 * lost_out: Packets lost by network. TCP has no explicit 2371 * "loss notification" feedback from network (for now). 2372 * It means that this number can be only _guessed_. 2373 * Actually, it is the heuristics to predict lossage that 2374 * distinguishes different algorithms. 2375 * 2376 * F.e. after RTO, when all the queue is considered as lost, 2377 * lost_out = packets_out and in_flight = retrans_out. 2378 * 2379 * Essentially, we have now two algorithms counting 2380 * lost packets. 2381 * 2382 * FACK: It is the simplest heuristics. As soon as we decided 2383 * that something is lost, we decide that _all_ not SACKed 2384 * packets until the most forward SACK are lost. I.e. 2385 * lost_out = fackets_out - sacked_out and left_out = fackets_out. 2386 * It is absolutely correct estimate, if network does not reorder 2387 * packets. And it loses any connection to reality when reordering 2388 * takes place. We use FACK by default until reordering 2389 * is suspected on the path to this destination. 2390 * 2391 * NewReno: when Recovery is entered, we assume that one segment 2392 * is lost (classic Reno). While we are in Recovery and 2393 * a partial ACK arrives, we assume that one more packet 2394 * is lost (NewReno). This heuristics are the same in NewReno 2395 * and SACK. 2396 * 2397 * Imagine, that's all! Forget about all this shamanism about CWND inflation 2398 * deflation etc. CWND is real congestion window, never inflated, changes 2399 * only according to classic VJ rules. 2400 * 2401 * Really tricky (and requiring careful tuning) part of algorithm 2402 * is hidden in functions tcp_time_to_recover() and tcp_xmit_retransmit_queue(). 2403 * The first determines the moment _when_ we should reduce CWND and, 2404 * hence, slow down forward transmission. In fact, it determines the moment 2405 * when we decide that hole is caused by loss, rather than by a reorder. 2406 * 2407 * tcp_xmit_retransmit_queue() decides, _what_ we should retransmit to fill 2408 * holes, caused by lost packets. 2409 * 2410 * And the most logically complicated part of algorithm is undo 2411 * heuristics. We detect false retransmits due to both too early 2412 * fast retransmit (reordering) and underestimated RTO, analyzing 2413 * timestamps and D-SACKs. When we detect that some segments were 2414 * retransmitted by mistake and CWND reduction was wrong, we undo 2415 * window reduction and abort recovery phase. This logic is hidden 2416 * inside several functions named tcp_try_undo_<something>. 2417 */ 2418 2419/* This function decides, when we should leave Disordered state 2420 * and enter Recovery phase, reducing congestion window. 2421 * 2422 * Main question: may we further continue forward transmission 2423 * with the same cwnd? 2424 */ 2425static int tcp_time_to_recover(struct sock *sk) 2426{ 2427 struct tcp_sock *tp = tcp_sk(sk); 2428 __u32 packets_out; 2429 2430 /* Do not perform any recovery during F-RTO algorithm */ 2431 if (tp->frto_counter) 2432 return 0; 2433 2434 /* Trick#1: The loss is proven. */ 2435 if (tp->lost_out) 2436 return 1; 2437 2438 /* Not-A-Trick#2 : Classic rule... */ 2439 if (tcp_dupack_heuristics(tp) > tp->reordering) 2440 return 1; 2441 2442 /* Trick#3 : when we use RFC2988 timer restart, fast 2443 * retransmit can be triggered by timeout of queue head. 2444 */ 2445 if (tcp_is_fack(tp) && tcp_head_timedout(sk)) 2446 return 1; 2447 2448 /* Trick#4: It is still not OK... But will it be useful to delay 2449 * recovery more? 2450 */ 2451 packets_out = tp->packets_out; 2452 if (packets_out <= tp->reordering && 2453 tp->sacked_out >= max_t(__u32, packets_out/2, sysctl_tcp_reordering) && 2454 !tcp_may_send_now(sk)) { 2455 /* We have nothing to send. This connection is limited 2456 * either by receiver window or by application. 2457 */ 2458 return 1; 2459 } 2460 2461 /* If a thin stream is detected, retransmit after first 2462 * received dupack. Employ only if SACK is supported in order 2463 * to avoid possible corner-case series of spurious retransmissions 2464 * Use only if there are no unsent data. 2465 */ 2466 if ((tp->thin_dupack || sysctl_tcp_thin_dupack) && 2467 tcp_stream_is_thin(tp) && tcp_dupack_heuristics(tp) > 1 && 2468 tcp_is_sack(tp) && !tcp_send_head(sk)) 2469 return 1; 2470 2471 return 0; 2472} 2473 2474/* New heuristics: it is possible only after we switched to restart timer 2475 * each time when something is ACKed. Hence, we can detect timed out packets 2476 * during fast retransmit without falling to slow start. 2477 * 2478 * Usefulness of this as is very questionable, since we should know which of 2479 * the segments is the next to timeout which is relatively expensive to find 2480 * in general case unless we add some data structure just for that. The 2481 * current approach certainly won't find the right one too often and when it 2482 * finally does find _something_ it usually marks large part of the window 2483 * right away (because a retransmission with a larger timestamp blocks the 2484 * loop from advancing). -ij 2485 */ 2486static void tcp_timeout_skbs(struct sock *sk) 2487{ 2488 struct tcp_sock *tp = tcp_sk(sk); 2489 struct sk_buff *skb; 2490 2491 if (!tcp_is_fack(tp) || !tcp_head_timedout(sk)) 2492 return; 2493 2494 skb = tp->scoreboard_skb_hint; 2495 if (tp->scoreboard_skb_hint == NULL) 2496 skb = tcp_write_queue_head(sk); 2497 2498 tcp_for_write_queue_from(skb, sk) { 2499 if (skb == tcp_send_head(sk)) 2500 break; 2501 if (!tcp_skb_timedout(sk, skb)) 2502 break; 2503 2504 tcp_skb_mark_lost(tp, skb); 2505 } 2506 2507 tp->scoreboard_skb_hint = skb; 2508 2509 tcp_verify_left_out(tp); 2510} 2511 2512/* Mark head of queue up as lost. With RFC3517 SACK, the packets is 2513 * is against sacked "cnt", otherwise it's against facked "cnt" 2514 */ 2515static void tcp_mark_head_lost(struct sock *sk, int packets, int mark_head) 2516{ 2517 struct tcp_sock *tp = tcp_sk(sk); 2518 struct sk_buff *skb; 2519 int cnt, oldcnt; 2520 int err; 2521 unsigned int mss; 2522 2523 WARN_ON(packets > tp->packets_out); 2524 if (tp->lost_skb_hint) { 2525 skb = tp->lost_skb_hint; 2526 cnt = tp->lost_cnt_hint; 2527 /* Head already handled? */ 2528 if (mark_head && skb != tcp_write_queue_head(sk)) 2529 return; 2530 } else { 2531 skb = tcp_write_queue_head(sk); 2532 cnt = 0; 2533 } 2534 2535 tcp_for_write_queue_from(skb, sk) { 2536 if (skb == tcp_send_head(sk)) 2537 break; 2538 /* TODO: do this better */ 2539 /* this is not the most efficient way to do this... */ 2540 tp->lost_skb_hint = skb; 2541 tp->lost_cnt_hint = cnt; 2542 2543 if (after(TCP_SKB_CB(skb)->end_seq, tp->high_seq)) 2544 break; 2545 2546 oldcnt = cnt; 2547 if (tcp_is_fack(tp) || tcp_is_reno(tp) || 2548 (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)) 2549 cnt += tcp_skb_pcount(skb); 2550 2551 if (cnt > packets) { 2552 if ((tcp_is_sack(tp) && !tcp_is_fack(tp)) || 2553 (oldcnt >= packets)) 2554 break; 2555 2556 mss = skb_shinfo(skb)->gso_size; 2557 err = tcp_fragment(sk, skb, (packets - oldcnt) * mss, mss); 2558 if (err < 0) 2559 break; 2560 cnt = packets; 2561 } 2562 2563 tcp_skb_mark_lost(tp, skb); 2564 2565 if (mark_head) 2566 break; 2567 } 2568 tcp_verify_left_out(tp); 2569} 2570 2571/* Account newly detected lost packet(s) */ 2572 2573static void tcp_update_scoreboard(struct sock *sk, int fast_rexmit) 2574{ 2575 struct tcp_sock *tp = tcp_sk(sk); 2576 2577 if (tcp_is_reno(tp)) { 2578 tcp_mark_head_lost(sk, 1, 1); 2579 } else if (tcp_is_fack(tp)) { 2580 int lost = tp->fackets_out - tp->reordering; 2581 if (lost <= 0) 2582 lost = 1; 2583 tcp_mark_head_lost(sk, lost, 0); 2584 } else { 2585 int sacked_upto = tp->sacked_out - tp->reordering; 2586 if (sacked_upto >= 0) 2587 tcp_mark_head_lost(sk, sacked_upto, 0); 2588 else if (fast_rexmit) 2589 tcp_mark_head_lost(sk, 1, 1); 2590 } 2591 2592 tcp_timeout_skbs(sk); 2593} 2594 2595/* CWND moderation, preventing bursts due to too big ACKs 2596 * in dubious situations. 2597 */ 2598static inline void tcp_moderate_cwnd(struct tcp_sock *tp) 2599{ 2600 tp->snd_cwnd = min(tp->snd_cwnd, 2601 tcp_packets_in_flight(tp) + tcp_max_burst(tp)); 2602 tp->snd_cwnd_stamp = tcp_time_stamp; 2603} 2604 2605/* Lower bound on congestion window is slow start threshold 2606 * unless congestion avoidance choice decides to overide it. 2607 */ 2608static inline u32 tcp_cwnd_min(const struct sock *sk) 2609{ 2610 const struct tcp_congestion_ops *ca_ops = inet_csk(sk)->icsk_ca_ops; 2611 2612 return ca_ops->min_cwnd ? ca_ops->min_cwnd(sk) : tcp_sk(sk)->snd_ssthresh; 2613} 2614 2615/* Decrease cwnd each second ack. */ 2616static void tcp_cwnd_down(struct sock *sk, int flag) 2617{ 2618 struct tcp_sock *tp = tcp_sk(sk); 2619 int decr = tp->snd_cwnd_cnt + 1; 2620 2621 if ((flag & (FLAG_ANY_PROGRESS | FLAG_DSACKING_ACK)) || 2622 (tcp_is_reno(tp) && !(flag & FLAG_NOT_DUP))) { 2623 tp->snd_cwnd_cnt = decr & 1; 2624 decr >>= 1; 2625 2626 if (decr && tp->snd_cwnd > tcp_cwnd_min(sk)) 2627 tp->snd_cwnd -= decr; 2628 2629 tp->snd_cwnd = min(tp->snd_cwnd, tcp_packets_in_flight(tp) + 1); 2630 tp->snd_cwnd_stamp = tcp_time_stamp; 2631 } 2632} 2633 2634/* Nothing was retransmitted or returned timestamp is less 2635 * than timestamp of the first retransmission. 2636 */ 2637static inline int tcp_packet_delayed(struct tcp_sock *tp) 2638{ 2639 return !tp->retrans_stamp || 2640 (tp->rx_opt.saw_tstamp && tp->rx_opt.rcv_tsecr && 2641 before(tp->rx_opt.rcv_tsecr, tp->retrans_stamp)); 2642} 2643 2644/* Undo procedures. */ 2645 2646#if FASTRETRANS_DEBUG > 1 2647static void DBGUNDO(struct sock *sk, const char *msg) 2648{ 2649 struct tcp_sock *tp = tcp_sk(sk); 2650 struct inet_sock *inet = inet_sk(sk); 2651 2652 if (sk->sk_family == AF_INET) { 2653 printk(KERN_DEBUG "Undo %s %pI4/%u c%u l%u ss%u/%u p%u\n", 2654 msg, 2655 &inet->inet_daddr, ntohs(inet->inet_dport), 2656 tp->snd_cwnd, tcp_left_out(tp), 2657 tp->snd_ssthresh, tp->prior_ssthresh, 2658 tp->packets_out); 2659 } 2660#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 2661 else if (sk->sk_family == AF_INET6) { 2662 struct ipv6_pinfo *np = inet6_sk(sk); 2663 printk(KERN_DEBUG "Undo %s %pI6/%u c%u l%u ss%u/%u p%u\n", 2664 msg, 2665 &np->daddr, ntohs(inet->inet_dport), 2666 tp->snd_cwnd, tcp_left_out(tp), 2667 tp->snd_ssthresh, tp->prior_ssthresh, 2668 tp->packets_out); 2669 } 2670#endif 2671} 2672#else 2673#define DBGUNDO(x...) do { } while (0) 2674#endif 2675 2676static void tcp_undo_cwr(struct sock *sk, const bool undo_ssthresh) 2677{ 2678 struct tcp_sock *tp = tcp_sk(sk); 2679 2680 if (tp->prior_ssthresh) { 2681 const struct inet_connection_sock *icsk = inet_csk(sk); 2682 2683 if (icsk->icsk_ca_ops->undo_cwnd) 2684 tp->snd_cwnd = icsk->icsk_ca_ops->undo_cwnd(sk); 2685 else 2686 tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh << 1); 2687 2688 if (undo_ssthresh && tp->prior_ssthresh > tp->snd_ssthresh) { 2689 tp->snd_ssthresh = tp->prior_ssthresh; 2690 TCP_ECN_withdraw_cwr(tp); 2691 } 2692 } else { 2693 tp->snd_cwnd = max(tp->snd_cwnd, tp->snd_ssthresh); 2694 } 2695 tp->snd_cwnd_stamp = tcp_time_stamp; 2696} 2697 2698static inline int tcp_may_undo(struct tcp_sock *tp) 2699{ 2700 return tp->undo_marker && (!tp->undo_retrans || tcp_packet_delayed(tp)); 2701} 2702 2703/* People celebrate: "We love our President!" */ 2704static int tcp_try_undo_recovery(struct sock *sk) 2705{ 2706 struct tcp_sock *tp = tcp_sk(sk); 2707 2708 if (tcp_may_undo(tp)) { 2709 int mib_idx; 2710 2711 /* Happy end! We did not retransmit anything 2712 * or our original transmission succeeded. 2713 */ 2714 DBGUNDO(sk, inet_csk(sk)->icsk_ca_state == TCP_CA_Loss ? "loss" : "retrans"); 2715 tcp_undo_cwr(sk, true); 2716 if (inet_csk(sk)->icsk_ca_state == TCP_CA_Loss) 2717 mib_idx = LINUX_MIB_TCPLOSSUNDO; 2718 else 2719 mib_idx = LINUX_MIB_TCPFULLUNDO; 2720 2721 NET_INC_STATS_BH(sock_net(sk), mib_idx); 2722 tp->undo_marker = 0; 2723 } 2724 if (tp->snd_una == tp->high_seq && tcp_is_reno(tp)) { 2725 /* Hold old state until something *above* high_seq 2726 * is ACKed. For Reno it is MUST to prevent false 2727 * fast retransmits (RFC2582). SACK TCP is safe. */ 2728 tcp_moderate_cwnd(tp); 2729 return 1; 2730 } 2731 tcp_set_ca_state(sk, TCP_CA_Open); 2732 return 0; 2733} 2734 2735/* Try to undo cwnd reduction, because D-SACKs acked all retransmitted data */ 2736static void tcp_try_undo_dsack(struct sock *sk) 2737{ 2738 struct tcp_sock *tp = tcp_sk(sk); 2739 2740 if (tp->undo_marker && !tp->undo_retrans) { 2741 DBGUNDO(sk, "D-SACK"); 2742 tcp_undo_cwr(sk, true); 2743 tp->undo_marker = 0; 2744 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPDSACKUNDO); 2745 } 2746} 2747 2748/* We can clear retrans_stamp when there are no retransmissions in the 2749 * window. It would seem that it is trivially available for us in 2750 * tp->retrans_out, however, that kind of assumptions doesn't consider 2751 * what will happen if errors occur when sending retransmission for the 2752 * second time. ...It could the that such segment has only 2753 * TCPCB_EVER_RETRANS set at the present time. It seems that checking 2754 * the head skb is enough except for some reneging corner cases that 2755 * are not worth the effort. 2756 * 2757 * Main reason for all this complexity is the fact that connection dying 2758 * time now depends on the validity of the retrans_stamp, in particular, 2759 * that successive retransmissions of a segment must not advance 2760 * retrans_stamp under any conditions. 2761 */ 2762static int tcp_any_retrans_done(struct sock *sk) 2763{ 2764 struct tcp_sock *tp = tcp_sk(sk); 2765 struct sk_buff *skb; 2766 2767 if (tp->retrans_out) 2768 return 1; 2769 2770 skb = tcp_write_queue_head(sk); 2771 if (unlikely(skb && TCP_SKB_CB(skb)->sacked & TCPCB_EVER_RETRANS)) 2772 return 1; 2773 2774 return 0; 2775} 2776 2777/* Undo during fast recovery after partial ACK. */ 2778 2779static int tcp_try_undo_partial(struct sock *sk, int acked) 2780{ 2781 struct tcp_sock *tp = tcp_sk(sk); 2782 /* Partial ACK arrived. Force Hoe's retransmit. */ 2783 int failed = tcp_is_reno(tp) || (tcp_fackets_out(tp) > tp->reordering); 2784 2785 if (tcp_may_undo(tp)) { 2786 /* Plain luck! Hole if filled with delayed 2787 * packet, rather than with a retransmit. 2788 */ 2789 if (!tcp_any_retrans_done(sk)) 2790 tp->retrans_stamp = 0; 2791 2792 tcp_update_reordering(sk, tcp_fackets_out(tp) + acked, 1); 2793 2794 DBGUNDO(sk, "Hoe"); 2795 tcp_undo_cwr(sk, false); 2796 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPPARTIALUNDO); 2797 2798 /* So... Do not make Hoe's retransmit yet. 2799 * If the first packet was delayed, the rest 2800 * ones are most probably delayed as well. 2801 */ 2802 failed = 0; 2803 } 2804 return failed; 2805} 2806 2807/* Undo during loss recovery after partial ACK. */ 2808static int tcp_try_undo_loss(struct sock *sk) 2809{ 2810 struct tcp_sock *tp = tcp_sk(sk); 2811 2812 if (tcp_may_undo(tp)) { 2813 struct sk_buff *skb; 2814 tcp_for_write_queue(skb, sk) { 2815 if (skb == tcp_send_head(sk)) 2816 break; 2817 TCP_SKB_CB(skb)->sacked &= ~TCPCB_LOST; 2818 } 2819 2820 tcp_clear_all_retrans_hints(tp); 2821 2822 DBGUNDO(sk, "partial loss"); 2823 tp->lost_out = 0; 2824 tcp_undo_cwr(sk, true); 2825 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPLOSSUNDO); 2826 inet_csk(sk)->icsk_retransmits = 0; 2827 tp->undo_marker = 0; 2828 if (tcp_is_sack(tp)) 2829 tcp_set_ca_state(sk, TCP_CA_Open); 2830 return 1; 2831 } 2832 return 0; 2833} 2834 2835static inline void tcp_complete_cwr(struct sock *sk) 2836{ 2837 struct tcp_sock *tp = tcp_sk(sk); 2838 2839 /* Do not moderate cwnd if it's already undone in cwr or recovery. */ 2840 if (tp->undo_marker) { 2841 if (inet_csk(sk)->icsk_ca_state == TCP_CA_CWR) 2842 tp->snd_cwnd = min(tp->snd_cwnd, tp->snd_ssthresh); 2843 else /* PRR */ 2844 tp->snd_cwnd = tp->snd_ssthresh; 2845 tp->snd_cwnd_stamp = tcp_time_stamp; 2846 } 2847 tcp_ca_event(sk, CA_EVENT_COMPLETE_CWR); 2848} 2849 2850static void tcp_try_keep_open(struct sock *sk) 2851{ 2852 struct tcp_sock *tp = tcp_sk(sk); 2853 int state = TCP_CA_Open; 2854 2855 if (tcp_left_out(tp) || tcp_any_retrans_done(sk) || tp->undo_marker) 2856 state = TCP_CA_Disorder; 2857 2858 if (inet_csk(sk)->icsk_ca_state != state) { 2859 tcp_set_ca_state(sk, state); 2860 tp->high_seq = tp->snd_nxt; 2861 } 2862} 2863 2864static void tcp_try_to_open(struct sock *sk, int flag) 2865{ 2866 struct tcp_sock *tp = tcp_sk(sk); 2867 2868 tcp_verify_left_out(tp); 2869 2870 if (!tp->frto_counter && !tcp_any_retrans_done(sk)) 2871 tp->retrans_stamp = 0; 2872 2873 if (flag & FLAG_ECE) 2874 tcp_enter_cwr(sk, 1); 2875 2876 if (inet_csk(sk)->icsk_ca_state != TCP_CA_CWR) { 2877 tcp_try_keep_open(sk); 2878 tcp_moderate_cwnd(tp); 2879 } else { 2880 tcp_cwnd_down(sk, flag); 2881 } 2882} 2883 2884static void tcp_mtup_probe_failed(struct sock *sk) 2885{ 2886 struct inet_connection_sock *icsk = inet_csk(sk); 2887 2888 icsk->icsk_mtup.search_high = icsk->icsk_mtup.probe_size - 1; 2889 icsk->icsk_mtup.probe_size = 0; 2890} 2891 2892static void tcp_mtup_probe_success(struct sock *sk) 2893{ 2894 struct tcp_sock *tp = tcp_sk(sk); 2895 struct inet_connection_sock *icsk = inet_csk(sk); 2896 2897 /* FIXME: breaks with very large cwnd */ 2898 tp->prior_ssthresh = tcp_current_ssthresh(sk); 2899 tp->snd_cwnd = tp->snd_cwnd * 2900 tcp_mss_to_mtu(sk, tp->mss_cache) / 2901 icsk->icsk_mtup.probe_size; 2902 tp->snd_cwnd_cnt = 0; 2903 tp->snd_cwnd_stamp = tcp_time_stamp; 2904 tp->snd_ssthresh = tcp_current_ssthresh(sk); 2905 2906 icsk->icsk_mtup.search_low = icsk->icsk_mtup.probe_size; 2907 icsk->icsk_mtup.probe_size = 0; 2908 tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); 2909} 2910 2911/* Do a simple retransmit without using the backoff mechanisms in 2912 * tcp_timer. This is used for path mtu discovery. 2913 * The socket is already locked here. 2914 */ 2915void tcp_simple_retransmit(struct sock *sk) 2916{ 2917 const struct inet_connection_sock *icsk = inet_csk(sk); 2918 struct tcp_sock *tp = tcp_sk(sk); 2919 struct sk_buff *skb; 2920 unsigned int mss = tcp_current_mss(sk); 2921 u32 prior_lost = tp->lost_out; 2922 2923 tcp_for_write_queue(skb, sk) { 2924 if (skb == tcp_send_head(sk)) 2925 break; 2926 if (tcp_skb_seglen(skb) > mss && 2927 !(TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)) { 2928 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS) { 2929 TCP_SKB_CB(skb)->sacked &= ~TCPCB_SACKED_RETRANS; 2930 tp->retrans_out -= tcp_skb_pcount(skb); 2931 } 2932 tcp_skb_mark_lost_uncond_verify(tp, skb); 2933 } 2934 } 2935 2936 tcp_clear_retrans_hints_partial(tp); 2937 2938 if (prior_lost == tp->lost_out) 2939 return; 2940 2941 if (tcp_is_reno(tp)) 2942 tcp_limit_reno_sacked(tp); 2943 2944 tcp_verify_left_out(tp); 2945 2946 /* Don't muck with the congestion window here. 2947 * Reason is that we do not increase amount of _data_ 2948 * in network, but units changed and effective 2949 * cwnd/ssthresh really reduced now. 2950 */ 2951 if (icsk->icsk_ca_state != TCP_CA_Loss) { 2952 tp->high_seq = tp->snd_nxt; 2953 tp->snd_ssthresh = tcp_current_ssthresh(sk); 2954 tp->prior_ssthresh = 0; 2955 tp->undo_marker = 0; 2956 tcp_set_ca_state(sk, TCP_CA_Loss); 2957 } 2958 tcp_xmit_retransmit_queue(sk); 2959} 2960EXPORT_SYMBOL(tcp_simple_retransmit); 2961 2962/* This function implements the PRR algorithm, specifcally the PRR-SSRB 2963 * (proportional rate reduction with slow start reduction bound) as described in 2964 * http://www.ietf.org/id/draft-mathis-tcpm-proportional-rate-reduction-01.txt. 2965 * It computes the number of packets to send (sndcnt) based on packets newly 2966 * delivered: 2967 * 1) If the packets in flight is larger than ssthresh, PRR spreads the 2968 * cwnd reductions across a full RTT. 2969 * 2) If packets in flight is lower than ssthresh (such as due to excess 2970 * losses and/or application stalls), do not perform any further cwnd 2971 * reductions, but instead slow start up to ssthresh. 2972 */ 2973static void tcp_update_cwnd_in_recovery(struct sock *sk, int newly_acked_sacked, 2974 int fast_rexmit, int flag) 2975{ 2976 struct tcp_sock *tp = tcp_sk(sk); 2977 int sndcnt = 0; 2978 int delta = tp->snd_ssthresh - tcp_packets_in_flight(tp); 2979 2980 if (tcp_packets_in_flight(tp) > tp->snd_ssthresh) { 2981 u64 dividend = (u64)tp->snd_ssthresh * tp->prr_delivered + 2982 tp->prior_cwnd - 1; 2983 sndcnt = div_u64(dividend, tp->prior_cwnd) - tp->prr_out; 2984 } else { 2985 sndcnt = min_t(int, delta, 2986 max_t(int, tp->prr_delivered - tp->prr_out, 2987 newly_acked_sacked) + 1); 2988 } 2989 2990 sndcnt = max(sndcnt, (fast_rexmit ? 1 : 0)); 2991 tp->snd_cwnd = tcp_packets_in_flight(tp) + sndcnt; 2992} 2993 2994/* Process an event, which can update packets-in-flight not trivially. 2995 * Main goal of this function is to calculate new estimate for left_out, 2996 * taking into account both packets sitting in receiver's buffer and 2997 * packets lost by network. 2998 * 2999 * Besides that it does CWND reduction, when packet loss is detected 3000 * and changes state of machine. 3001 * 3002 * It does _not_ decide what to send, it is made in function 3003 * tcp_xmit_retransmit_queue(). 3004 */ 3005static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, 3006 int newly_acked_sacked, int flag) 3007{ 3008 struct inet_connection_sock *icsk = inet_csk(sk); 3009 struct tcp_sock *tp = tcp_sk(sk); 3010 int is_dupack = !(flag & (FLAG_SND_UNA_ADVANCED | FLAG_NOT_DUP)); 3011 int do_lost = is_dupack || ((flag & FLAG_DATA_SACKED) && 3012 (tcp_fackets_out(tp) > tp->reordering)); 3013 int fast_rexmit = 0, mib_idx; 3014 3015 if (WARN_ON(!tp->packets_out && tp->sacked_out)) 3016 tp->sacked_out = 0; 3017 if (WARN_ON(!tp->sacked_out && tp->fackets_out)) 3018 tp->fackets_out = 0; 3019 3020 /* Now state machine starts. 3021 * A. ECE, hence prohibit cwnd undoing, the reduction is required. */ 3022 if (flag & FLAG_ECE) 3023 tp->prior_ssthresh = 0; 3024 3025 /* B. In all the states check for reneging SACKs. */ 3026 if (tcp_check_sack_reneging(sk, flag)) 3027 return; 3028 3029 /* C. Process data loss notification, provided it is valid. */ 3030 if (tcp_is_fack(tp) && (flag & FLAG_DATA_LOST) && 3031 before(tp->snd_una, tp->high_seq) && 3032 icsk->icsk_ca_state != TCP_CA_Open && 3033 tp->fackets_out > tp->reordering) { 3034 tcp_mark_head_lost(sk, tp->fackets_out - tp->reordering, 0); 3035 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPLOSS); 3036 } 3037 3038 /* D. Check consistency of the current state. */ 3039 tcp_verify_left_out(tp); 3040 3041 /* E. Check state exit conditions. State can be terminated 3042 * when high_seq is ACKed. */ 3043 if (icsk->icsk_ca_state == TCP_CA_Open) { 3044 WARN_ON(tp->retrans_out != 0); 3045 tp->retrans_stamp = 0; 3046 } else if (!before(tp->snd_una, tp->high_seq)) { 3047 switch (icsk->icsk_ca_state) { 3048 case TCP_CA_Loss: 3049 icsk->icsk_retransmits = 0; 3050 if (tcp_try_undo_recovery(sk)) 3051 return; 3052 break; 3053 3054 case TCP_CA_CWR: 3055 /* CWR is to be held something *above* high_seq 3056 * is ACKed for CWR bit to reach receiver. */ 3057 if (tp->snd_una != tp->high_seq) { 3058 tcp_complete_cwr(sk); 3059 tcp_set_ca_state(sk, TCP_CA_Open); 3060 } 3061 break; 3062 3063 case TCP_CA_Disorder: 3064 tcp_try_undo_dsack(sk); 3065 if (!tp->undo_marker || 3066 /* For SACK case do not Open to allow to undo 3067 * catching for all duplicate ACKs. */ 3068 tcp_is_reno(tp) || tp->snd_una != tp->high_seq) { 3069 tp->undo_marker = 0; 3070 tcp_set_ca_state(sk, TCP_CA_Open); 3071 } 3072 break; 3073 3074 case TCP_CA_Recovery: 3075 if (tcp_is_reno(tp)) 3076 tcp_reset_reno_sack(tp); 3077 if (tcp_try_undo_recovery(sk)) 3078 return; 3079 tcp_complete_cwr(sk); 3080 break; 3081 } 3082 } 3083 3084 /* F. Process state. */ 3085 switch (icsk->icsk_ca_state) { 3086 case TCP_CA_Recovery: 3087 if (!(flag & FLAG_SND_UNA_ADVANCED)) { 3088 if (tcp_is_reno(tp) && is_dupack) 3089 tcp_add_reno_sack(sk); 3090 } else 3091 do_lost = tcp_try_undo_partial(sk, pkts_acked); 3092 break; 3093 case TCP_CA_Loss: 3094 if (flag & FLAG_DATA_ACKED) 3095 icsk->icsk_retransmits = 0; 3096 if (tcp_is_reno(tp) && flag & FLAG_SND_UNA_ADVANCED) 3097 tcp_reset_reno_sack(tp); 3098 if (!tcp_try_undo_loss(sk)) { 3099 tcp_moderate_cwnd(tp); 3100 tcp_xmit_retransmit_queue(sk); 3101 return; 3102 } 3103 if (icsk->icsk_ca_state != TCP_CA_Open) 3104 return; 3105 /* Loss is undone; fall through to processing in Open state. */ 3106 default: 3107 if (tcp_is_reno(tp)) { 3108 if (flag & FLAG_SND_UNA_ADVANCED) 3109 tcp_reset_reno_sack(tp); 3110 if (is_dupack) 3111 tcp_add_reno_sack(sk); 3112 } 3113 3114 if (icsk->icsk_ca_state == TCP_CA_Disorder) 3115 tcp_try_undo_dsack(sk); 3116 3117 if (!tcp_time_to_recover(sk)) { 3118 tcp_try_to_open(sk, flag); 3119 return; 3120 } 3121 3122 /* MTU probe failure: don't reduce cwnd */ 3123 if (icsk->icsk_ca_state < TCP_CA_CWR && 3124 icsk->icsk_mtup.probe_size && 3125 tp->snd_una == tp->mtu_probe.probe_seq_start) { 3126 tcp_mtup_probe_failed(sk); 3127 /* Restores the reduction we did in tcp_mtup_probe() */ 3128 tp->snd_cwnd++; 3129 tcp_simple_retransmit(sk); 3130 return; 3131 } 3132 3133 /* Otherwise enter Recovery state */ 3134 3135 if (tcp_is_reno(tp)) 3136 mib_idx = LINUX_MIB_TCPRENORECOVERY; 3137 else 3138 mib_idx = LINUX_MIB_TCPSACKRECOVERY; 3139 3140 NET_INC_STATS_BH(sock_net(sk), mib_idx); 3141 3142 tp->high_seq = tp->snd_nxt; 3143 tp->prior_ssthresh = 0; 3144 tp->undo_marker = tp->snd_una; 3145 tp->undo_retrans = tp->retrans_out; 3146 3147 if (icsk->icsk_ca_state < TCP_CA_CWR) { 3148 if (!(flag & FLAG_ECE)) 3149 tp->prior_ssthresh = tcp_current_ssthresh(sk); 3150 tp->snd_ssthresh = icsk->icsk_ca_ops->ssthresh(sk); 3151 TCP_ECN_queue_cwr(tp); 3152 } 3153 3154 tp->bytes_acked = 0; 3155 tp->snd_cwnd_cnt = 0; 3156 tp->prior_cwnd = tp->snd_cwnd; 3157 tp->prr_delivered = 0; 3158 tp->prr_out = 0; 3159 tcp_set_ca_state(sk, TCP_CA_Recovery); 3160 fast_rexmit = 1; 3161 } 3162 3163 if (do_lost || (tcp_is_fack(tp) && tcp_head_timedout(sk))) 3164 tcp_update_scoreboard(sk, fast_rexmit); 3165 tp->prr_delivered += newly_acked_sacked; 3166 tcp_update_cwnd_in_recovery(sk, newly_acked_sacked, fast_rexmit, flag); 3167 tcp_xmit_retransmit_queue(sk); 3168} 3169 3170void tcp_valid_rtt_meas(struct sock *sk, u32 seq_rtt) 3171{ 3172 tcp_rtt_estimator(sk, seq_rtt); 3173 tcp_set_rto(sk); 3174 inet_csk(sk)->icsk_backoff = 0; 3175} 3176EXPORT_SYMBOL(tcp_valid_rtt_meas); 3177 3178/* Read draft-ietf-tcplw-high-performance before mucking 3179 * with this code. (Supersedes RFC1323) 3180 */ 3181static void tcp_ack_saw_tstamp(struct sock *sk, int flag) 3182{ 3183 /* RTTM Rule: A TSecr value received in a segment is used to 3184 * update the averaged RTT measurement only if the segment 3185 * acknowledges some new data, i.e., only if it advances the 3186 * left edge of the send window. 3187 * 3188 * See draft-ietf-tcplw-high-performance-00, section 3.3. 3189 * 1998/04/10 Andrey V. Savochkin <saw@msu.ru> 3190 * 3191 * Changed: reset backoff as soon as we see the first valid sample. 3192 * If we do not, we get strongly overestimated rto. With timestamps 3193 * samples are accepted even from very old segments: f.e., when rtt=1 3194 * increases to 8, we retransmit 5 times and after 8 seconds delayed 3195 * answer arrives rto becomes 120 seconds! If at least one of segments 3196 * in window is lost... Voila. --ANK (010210) 3197 */ 3198 struct tcp_sock *tp = tcp_sk(sk); 3199 3200 tcp_valid_rtt_meas(sk, tcp_time_stamp - tp->rx_opt.rcv_tsecr); 3201} 3202 3203static void tcp_ack_no_tstamp(struct sock *sk, u32 seq_rtt, int flag) 3204{ 3205 /* We don't have a timestamp. Can only use 3206 * packets that are not retransmitted to determine 3207 * rtt estimates. Also, we must not reset the 3208 * backoff for rto until we get a non-retransmitted 3209 * packet. This allows us to deal with a situation 3210 * where the network delay has increased suddenly. 3211 * I.e. Karn's algorithm. (SIGCOMM '87, p5.) 3212 */ 3213 3214 if (flag & FLAG_RETRANS_DATA_ACKED) 3215 return; 3216 3217 tcp_valid_rtt_meas(sk, seq_rtt); 3218} 3219 3220static inline void tcp_ack_update_rtt(struct sock *sk, const int flag, 3221 const s32 seq_rtt) 3222{ 3223 const struct tcp_sock *tp = tcp_sk(sk); 3224 /* Note that peer MAY send zero echo. In this case it is ignored. (rfc1323) */ 3225 if (tp->rx_opt.saw_tstamp && tp->rx_opt.rcv_tsecr) 3226 tcp_ack_saw_tstamp(sk, flag); 3227 else if (seq_rtt >= 0) 3228 tcp_ack_no_tstamp(sk, seq_rtt, flag); 3229} 3230 3231static void tcp_cong_avoid(struct sock *sk, u32 ack, u32 in_flight) 3232{ 3233 const struct inet_connection_sock *icsk = inet_csk(sk); 3234 icsk->icsk_ca_ops->cong_avoid(sk, ack, in_flight); 3235 tcp_sk(sk)->snd_cwnd_stamp = tcp_time_stamp; 3236} 3237 3238/* Restart timer after forward progress on connection. 3239 * RFC2988 recommends to restart timer to now+rto. 3240 */ 3241static void tcp_rearm_rto(struct sock *sk) 3242{ 3243 struct tcp_sock *tp = tcp_sk(sk); 3244 3245 if (!tp->packets_out) { 3246 inet_csk_clear_xmit_timer(sk, ICSK_TIME_RETRANS); 3247 } else { 3248 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 3249 inet_csk(sk)->icsk_rto, TCP_RTO_MAX); 3250 } 3251} 3252 3253/* If we get here, the whole TSO packet has not been acked. */ 3254static u32 tcp_tso_acked(struct sock *sk, struct sk_buff *skb) 3255{ 3256 struct tcp_sock *tp = tcp_sk(sk); 3257 u32 packets_acked; 3258 3259 BUG_ON(!after(TCP_SKB_CB(skb)->end_seq, tp->snd_una)); 3260 3261 packets_acked = tcp_skb_pcount(skb); 3262 if (tcp_trim_head(sk, skb, tp->snd_una - TCP_SKB_CB(skb)->seq)) 3263 return 0; 3264 packets_acked -= tcp_skb_pcount(skb); 3265 3266 if (packets_acked) { 3267 BUG_ON(tcp_skb_pcount(skb) == 0); 3268 BUG_ON(!before(TCP_SKB_CB(skb)->seq, TCP_SKB_CB(skb)->end_seq)); 3269 } 3270 3271 return packets_acked; 3272} 3273 3274/* Remove acknowledged frames from the retransmission queue. If our packet 3275 * is before the ack sequence we can discard it as it's confirmed to have 3276 * arrived at the other end. 3277 */ 3278static int tcp_clean_rtx_queue(struct sock *sk, int prior_fackets, 3279 u32 prior_snd_una) 3280{ 3281 struct tcp_sock *tp = tcp_sk(sk); 3282 const struct inet_connection_sock *icsk = inet_csk(sk); 3283 struct sk_buff *skb; 3284 u32 now = tcp_time_stamp; 3285 int fully_acked = 1; 3286 int flag = 0; 3287 u32 pkts_acked = 0; 3288 u32 reord = tp->packets_out; 3289 u32 prior_sacked = tp->sacked_out; 3290 s32 seq_rtt = -1; 3291 s32 ca_seq_rtt = -1; 3292 ktime_t last_ackt = net_invalid_timestamp(); 3293 3294 while ((skb = tcp_write_queue_head(sk)) && skb != tcp_send_head(sk)) { 3295 struct tcp_skb_cb *scb = TCP_SKB_CB(skb); 3296 u32 acked_pcount; 3297 u8 sacked = scb->sacked; 3298 3299 /* Determine how many packets and what bytes were acked, tso and else */ 3300 if (after(scb->end_seq, tp->snd_una)) { 3301 if (tcp_skb_pcount(skb) == 1 || 3302 !after(tp->snd_una, scb->seq)) 3303 break; 3304 3305 acked_pcount = tcp_tso_acked(sk, skb); 3306 if (!acked_pcount) 3307 break; 3308 3309 fully_acked = 0; 3310 } else { 3311 acked_pcount = tcp_skb_pcount(skb); 3312 } 3313 3314 if (sacked & TCPCB_RETRANS) { 3315 if (sacked & TCPCB_SACKED_RETRANS) 3316 tp->retrans_out -= acked_pcount; 3317 flag |= FLAG_RETRANS_DATA_ACKED; 3318 ca_seq_rtt = -1; 3319 seq_rtt = -1; 3320 if ((flag & FLAG_DATA_ACKED) || (acked_pcount > 1)) 3321 flag |= FLAG_NONHEAD_RETRANS_ACKED; 3322 } else { 3323 ca_seq_rtt = now - scb->when; 3324 last_ackt = skb->tstamp; 3325 if (seq_rtt < 0) { 3326 seq_rtt = ca_seq_rtt; 3327 } 3328 if (!(sacked & TCPCB_SACKED_ACKED)) 3329 reord = min(pkts_acked, reord); 3330 } 3331 3332 if (sacked & TCPCB_SACKED_ACKED) 3333 tp->sacked_out -= acked_pcount; 3334 if (sacked & TCPCB_LOST) 3335 tp->lost_out -= acked_pcount; 3336 3337 tp->packets_out -= acked_pcount; 3338 pkts_acked += acked_pcount; 3339 3340 /* Initial outgoing SYN's get put onto the write_queue 3341 * just like anything else we transmit. It is not 3342 * true data, and if we misinform our callers that 3343 * this ACK acks real data, we will erroneously exit 3344 * connection startup slow start one packet too 3345 * quickly. This is severely frowned upon behavior. 3346 */ 3347 if (!(scb->tcp_flags & TCPHDR_SYN)) { 3348 flag |= FLAG_DATA_ACKED; 3349 } else { 3350 flag |= FLAG_SYN_ACKED; 3351 tp->retrans_stamp = 0; 3352 } 3353 3354 if (!fully_acked) 3355 break; 3356 3357 tcp_unlink_write_queue(skb, sk); 3358 sk_wmem_free_skb(sk, skb); 3359 tp->scoreboard_skb_hint = NULL; 3360 if (skb == tp->retransmit_skb_hint) 3361 tp->retransmit_skb_hint = NULL; 3362 if (skb == tp->lost_skb_hint) 3363 tp->lost_skb_hint = NULL; 3364 } 3365 3366 if (likely(between(tp->snd_up, prior_snd_una, tp->snd_una))) 3367 tp->snd_up = tp->snd_una; 3368 3369 if (skb && (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)) 3370 flag |= FLAG_SACK_RENEGING; 3371 3372 if (flag & FLAG_ACKED) { 3373 const struct tcp_congestion_ops *ca_ops 3374 = inet_csk(sk)->icsk_ca_ops; 3375 3376 if (unlikely(icsk->icsk_mtup.probe_size && 3377 !after(tp->mtu_probe.probe_seq_end, tp->snd_una))) { 3378 tcp_mtup_probe_success(sk); 3379 } 3380 3381 tcp_ack_update_rtt(sk, flag, seq_rtt); 3382 tcp_rearm_rto(sk); 3383 3384 if (tcp_is_reno(tp)) { 3385 tcp_remove_reno_sacks(sk, pkts_acked); 3386 } else { 3387 int delta; 3388 3389 /* Non-retransmitted hole got filled? That's reordering */ 3390 if (reord < prior_fackets) 3391 tcp_update_reordering(sk, tp->fackets_out - reord, 0); 3392 3393 delta = tcp_is_fack(tp) ? pkts_acked : 3394 prior_sacked - tp->sacked_out; 3395 tp->lost_cnt_hint -= min(tp->lost_cnt_hint, delta); 3396 } 3397 3398 tp->fackets_out -= min(pkts_acked, tp->fackets_out); 3399 3400 if (ca_ops->pkts_acked) { 3401 s32 rtt_us = -1; 3402 3403 /* Is the ACK triggering packet unambiguous? */ 3404 if (!(flag & FLAG_RETRANS_DATA_ACKED)) { 3405 /* High resolution needed and available? */ 3406 if (ca_ops->flags & TCP_CONG_RTT_STAMP && 3407 !ktime_equal(last_ackt, 3408 net_invalid_timestamp())) 3409 rtt_us = ktime_us_delta(ktime_get_real(), 3410 last_ackt); 3411 else if (ca_seq_rtt >= 0) 3412 rtt_us = jiffies_to_usecs(ca_seq_rtt); 3413 } 3414 3415 ca_ops->pkts_acked(sk, pkts_acked, rtt_us); 3416 } 3417 } 3418 3419#if FASTRETRANS_DEBUG > 0 3420 WARN_ON((int)tp->sacked_out < 0); 3421 WARN_ON((int)tp->lost_out < 0); 3422 WARN_ON((int)tp->retrans_out < 0); 3423 if (!tp->packets_out && tcp_is_sack(tp)) { 3424 icsk = inet_csk(sk); 3425 if (tp->lost_out) { 3426 printk(KERN_DEBUG "Leak l=%u %d\n", 3427 tp->lost_out, icsk->icsk_ca_state); 3428 tp->lost_out = 0; 3429 } 3430 if (tp->sacked_out) { 3431 printk(KERN_DEBUG "Leak s=%u %d\n", 3432 tp->sacked_out, icsk->icsk_ca_state); 3433 tp->sacked_out = 0; 3434 } 3435 if (tp->retrans_out) { 3436 printk(KERN_DEBUG "Leak r=%u %d\n", 3437 tp->retrans_out, icsk->icsk_ca_state); 3438 tp->retrans_out = 0; 3439 } 3440 } 3441#endif 3442 return flag; 3443} 3444 3445static void tcp_ack_probe(struct sock *sk) 3446{ 3447 const struct tcp_sock *tp = tcp_sk(sk); 3448 struct inet_connection_sock *icsk = inet_csk(sk); 3449 3450 /* Was it a usable window open? */ 3451 3452 if (!after(TCP_SKB_CB(tcp_send_head(sk))->end_seq, tcp_wnd_end(tp))) { 3453 icsk->icsk_backoff = 0; 3454 inet_csk_clear_xmit_timer(sk, ICSK_TIME_PROBE0); 3455 /* Socket must be waked up by subsequent tcp_data_snd_check(). 3456 * This function is not for random using! 3457 */ 3458 } else { 3459 inet_csk_reset_xmit_timer(sk, ICSK_TIME_PROBE0, 3460 min(icsk->icsk_rto << icsk->icsk_backoff, TCP_RTO_MAX), 3461 TCP_RTO_MAX); 3462 } 3463} 3464 3465static inline int tcp_ack_is_dubious(const struct sock *sk, const int flag) 3466{ 3467 return !(flag & FLAG_NOT_DUP) || (flag & FLAG_CA_ALERT) || 3468 inet_csk(sk)->icsk_ca_state != TCP_CA_Open; 3469} 3470 3471static inline int tcp_may_raise_cwnd(const struct sock *sk, const int flag) 3472{ 3473 const struct tcp_sock *tp = tcp_sk(sk); 3474 return (!(flag & FLAG_ECE) || tp->snd_cwnd < tp->snd_ssthresh) && 3475 !((1 << inet_csk(sk)->icsk_ca_state) & (TCPF_CA_Recovery | TCPF_CA_CWR)); 3476} 3477 3478/* Check that window update is acceptable. 3479 * The function assumes that snd_una<=ack<=snd_next. 3480 */ 3481static inline int tcp_may_update_window(const struct tcp_sock *tp, 3482 const u32 ack, const u32 ack_seq, 3483 const u32 nwin) 3484{ 3485 return after(ack, tp->snd_una) || 3486 after(ack_seq, tp->snd_wl1) || 3487 (ack_seq == tp->snd_wl1 && nwin > tp->snd_wnd); 3488} 3489 3490/* Update our send window. 3491 * 3492 * Window update algorithm, described in RFC793/RFC1122 (used in linux-2.2 3493 * and in FreeBSD. NetBSD's one is even worse.) is wrong. 3494 */ 3495static int tcp_ack_update_window(struct sock *sk, struct sk_buff *skb, u32 ack, 3496 u32 ack_seq) 3497{ 3498 struct tcp_sock *tp = tcp_sk(sk); 3499 int flag = 0; 3500 u32 nwin = ntohs(tcp_hdr(skb)->window); 3501 3502 if (likely(!tcp_hdr(skb)->syn)) 3503 nwin <<= tp->rx_opt.snd_wscale; 3504 3505 if (tcp_may_update_window(tp, ack, ack_seq, nwin)) { 3506 flag |= FLAG_WIN_UPDATE; 3507 tcp_update_wl(tp, ack_seq); 3508 3509 if (tp->snd_wnd != nwin) { 3510 tp->snd_wnd = nwin; 3511 3512 /* Note, it is the only place, where 3513 * fast path is recovered for sending TCP. 3514 */ 3515 tp->pred_flags = 0; 3516 tcp_fast_path_check(sk); 3517 3518 if (nwin > tp->max_window) { 3519 tp->max_window = nwin; 3520 tcp_sync_mss(sk, inet_csk(sk)->icsk_pmtu_cookie); 3521 } 3522 } 3523 } 3524 3525 tp->snd_una = ack; 3526 3527 return flag; 3528} 3529 3530/* A very conservative spurious RTO response algorithm: reduce cwnd and 3531 * continue in congestion avoidance. 3532 */ 3533static void tcp_conservative_spur_to_response(struct tcp_sock *tp) 3534{ 3535 tp->snd_cwnd = min(tp->snd_cwnd, tp->snd_ssthresh); 3536 tp->snd_cwnd_cnt = 0; 3537 tp->bytes_acked = 0; 3538 TCP_ECN_queue_cwr(tp); 3539 tcp_moderate_cwnd(tp); 3540} 3541 3542/* A conservative spurious RTO response algorithm: reduce cwnd using 3543 * rate halving and continue in congestion avoidance. 3544 */ 3545static void tcp_ratehalving_spur_to_response(struct sock *sk) 3546{ 3547 tcp_enter_cwr(sk, 0); 3548} 3549 3550static void tcp_undo_spur_to_response(struct sock *sk, int flag) 3551{ 3552 if (flag & FLAG_ECE) 3553 tcp_ratehalving_spur_to_response(sk); 3554 else 3555 tcp_undo_cwr(sk, true); 3556} 3557 3558/* F-RTO spurious RTO detection algorithm (RFC4138) 3559 * 3560 * F-RTO affects during two new ACKs following RTO (well, almost, see inline 3561 * comments). State (ACK number) is kept in frto_counter. When ACK advances 3562 * window (but not to or beyond highest sequence sent before RTO): 3563 * On First ACK, send two new segments out. 3564 * On Second ACK, RTO was likely spurious. Do spurious response (response 3565 * algorithm is not part of the F-RTO detection algorithm 3566 * given in RFC4138 but can be selected separately). 3567 * Otherwise (basically on duplicate ACK), RTO was (likely) caused by a loss 3568 * and TCP falls back to conventional RTO recovery. F-RTO allows overriding 3569 * of Nagle, this is done using frto_counter states 2 and 3, when a new data 3570 * segment of any size sent during F-RTO, state 2 is upgraded to 3. 3571 * 3572 * Rationale: if the RTO was spurious, new ACKs should arrive from the 3573 * original window even after we transmit two new data segments. 3574 * 3575 * SACK version: 3576 * on first step, wait until first cumulative ACK arrives, then move to 3577 * the second step. In second step, the next ACK decides. 3578 * 3579 * F-RTO is implemented (mainly) in four functions: 3580 * - tcp_use_frto() is used to determine if TCP is can use F-RTO 3581 * - tcp_enter_frto() prepares TCP state on RTO if F-RTO is used, it is 3582 * called when tcp_use_frto() showed green light 3583 * - tcp_process_frto() handles incoming ACKs during F-RTO algorithm 3584 * - tcp_enter_frto_loss() is called if there is not enough evidence 3585 * to prove that the RTO is indeed spurious. It transfers the control 3586 * from F-RTO to the conventional RTO recovery 3587 */ 3588static int tcp_process_frto(struct sock *sk, int flag) 3589{ 3590 struct tcp_sock *tp = tcp_sk(sk); 3591 3592 tcp_verify_left_out(tp); 3593 3594 /* Duplicate the behavior from Loss state (fastretrans_alert) */ 3595 if (flag & FLAG_DATA_ACKED) 3596 inet_csk(sk)->icsk_retransmits = 0; 3597 3598 if ((flag & FLAG_NONHEAD_RETRANS_ACKED) || 3599 ((tp->frto_counter >= 2) && (flag & FLAG_RETRANS_DATA_ACKED))) 3600 tp->undo_marker = 0; 3601 3602 if (!before(tp->snd_una, tp->frto_highmark)) { 3603 tcp_enter_frto_loss(sk, (tp->frto_counter == 1 ? 2 : 3), flag); 3604 return 1; 3605 } 3606 3607 if (!tcp_is_sackfrto(tp)) { 3608 /* RFC4138 shortcoming in step 2; should also have case c): 3609 * ACK isn't duplicate nor advances window, e.g., opposite dir 3610 * data, winupdate 3611 */ 3612 if (!(flag & FLAG_ANY_PROGRESS) && (flag & FLAG_NOT_DUP)) 3613 return 1; 3614 3615 if (!(flag & FLAG_DATA_ACKED)) { 3616 tcp_enter_frto_loss(sk, (tp->frto_counter == 1 ? 0 : 3), 3617 flag); 3618 return 1; 3619 } 3620 } else { 3621 if (!(flag & FLAG_DATA_ACKED) && (tp->frto_counter == 1)) { 3622 /* Prevent sending of new data. */ 3623 tp->snd_cwnd = min(tp->snd_cwnd, 3624 tcp_packets_in_flight(tp)); 3625 return 1; 3626 } 3627 3628 if ((tp->frto_counter >= 2) && 3629 (!(flag & FLAG_FORWARD_PROGRESS) || 3630 ((flag & FLAG_DATA_SACKED) && 3631 !(flag & FLAG_ONLY_ORIG_SACKED)))) { 3632 /* RFC4138 shortcoming (see comment above) */ 3633 if (!(flag & FLAG_FORWARD_PROGRESS) && 3634 (flag & FLAG_NOT_DUP)) 3635 return 1; 3636 3637 tcp_enter_frto_loss(sk, 3, flag); 3638 return 1; 3639 } 3640 } 3641 3642 if (tp->frto_counter == 1) { 3643 /* tcp_may_send_now needs to see updated state */ 3644 tp->snd_cwnd = tcp_packets_in_flight(tp) + 2; 3645 tp->frto_counter = 2; 3646 3647 if (!tcp_may_send_now(sk)) 3648 tcp_enter_frto_loss(sk, 2, flag); 3649 3650 return 1; 3651 } else { 3652 switch (sysctl_tcp_frto_response) { 3653 case 2: 3654 tcp_undo_spur_to_response(sk, flag); 3655 break; 3656 case 1: 3657 tcp_conservative_spur_to_response(tp); 3658 break; 3659 default: 3660 tcp_ratehalving_spur_to_response(sk); 3661 break; 3662 } 3663 tp->frto_counter = 0; 3664 tp->undo_marker = 0; 3665 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPSPURIOUSRTOS); 3666 } 3667 return 0; 3668} 3669 3670/* This routine deals with incoming acks, but not outgoing ones. */ 3671static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag) 3672{ 3673 struct inet_connection_sock *icsk = inet_csk(sk); 3674 struct tcp_sock *tp = tcp_sk(sk); 3675 u32 prior_snd_una = tp->snd_una; 3676 u32 ack_seq = TCP_SKB_CB(skb)->seq; 3677 u32 ack = TCP_SKB_CB(skb)->ack_seq; 3678 u32 prior_in_flight; 3679 u32 prior_fackets; 3680 int prior_packets; 3681 int prior_sacked = tp->sacked_out; 3682 int newly_acked_sacked = 0; 3683 int frto_cwnd = 0; 3684 3685 /* If the ack is older than previous acks 3686 * then we can probably ignore it. 3687 */ 3688 if (before(ack, prior_snd_una)) 3689 goto old_ack; 3690 3691 /* If the ack includes data we haven't sent yet, discard 3692 * this segment (RFC793 Section 3.9). 3693 */ 3694 if (after(ack, tp->snd_nxt)) 3695 goto invalid_ack; 3696 3697 if (after(ack, prior_snd_una)) 3698 flag |= FLAG_SND_UNA_ADVANCED; 3699 3700 if (sysctl_tcp_abc) { 3701 if (icsk->icsk_ca_state < TCP_CA_CWR) 3702 tp->bytes_acked += ack - prior_snd_una; 3703 else if (icsk->icsk_ca_state == TCP_CA_Loss) 3704 /* we assume just one segment left network */ 3705 tp->bytes_acked += min(ack - prior_snd_una, 3706 tp->mss_cache); 3707 } 3708 3709 prior_fackets = tp->fackets_out; 3710 prior_in_flight = tcp_packets_in_flight(tp); 3711 3712 if (!(flag & FLAG_SLOWPATH) && after(ack, prior_snd_una)) { 3713 /* Window is constant, pure forward advance. 3714 * No more checks are required. 3715 * Note, we use the fact that SND.UNA>=SND.WL2. 3716 */ 3717 tcp_update_wl(tp, ack_seq); 3718 tp->snd_una = ack; 3719 flag |= FLAG_WIN_UPDATE; 3720 3721 tcp_ca_event(sk, CA_EVENT_FAST_ACK); 3722 3723 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPHPACKS); 3724 } else { 3725 if (ack_seq != TCP_SKB_CB(skb)->end_seq) 3726 flag |= FLAG_DATA; 3727 else 3728 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPPUREACKS); 3729 3730 flag |= tcp_ack_update_window(sk, skb, ack, ack_seq); 3731 3732 if (TCP_SKB_CB(skb)->sacked) 3733 flag |= tcp_sacktag_write_queue(sk, skb, prior_snd_una); 3734 3735 if (TCP_ECN_rcv_ecn_echo(tp, tcp_hdr(skb))) 3736 flag |= FLAG_ECE; 3737 3738 tcp_ca_event(sk, CA_EVENT_SLOW_ACK); 3739 } 3740 3741 /* We passed data and got it acked, remove any soft error 3742 * log. Something worked... 3743 */ 3744 sk->sk_err_soft = 0; 3745 icsk->icsk_probes_out = 0; 3746 tp->rcv_tstamp = tcp_time_stamp; 3747 prior_packets = tp->packets_out; 3748 if (!prior_packets) 3749 goto no_queue; 3750 3751 /* See if we can take anything off of the retransmit queue. */ 3752 flag |= tcp_clean_rtx_queue(sk, prior_fackets, prior_snd_una); 3753 3754 newly_acked_sacked = (prior_packets - prior_sacked) - 3755 (tp->packets_out - tp->sacked_out); 3756 3757 if (tp->frto_counter) 3758 frto_cwnd = tcp_process_frto(sk, flag); 3759 /* Guarantee sacktag reordering detection against wrap-arounds */ 3760 if (before(tp->frto_highmark, tp->snd_una)) 3761 tp->frto_highmark = 0; 3762 3763 if (tcp_ack_is_dubious(sk, flag)) { 3764 /* Advance CWND, if state allows this. */ 3765 if ((flag & FLAG_DATA_ACKED) && !frto_cwnd && 3766 tcp_may_raise_cwnd(sk, flag)) 3767 tcp_cong_avoid(sk, ack, prior_in_flight); 3768 tcp_fastretrans_alert(sk, prior_packets - tp->packets_out, 3769 newly_acked_sacked, flag); 3770 } else { 3771 if ((flag & FLAG_DATA_ACKED) && !frto_cwnd) 3772 tcp_cong_avoid(sk, ack, prior_in_flight); 3773 } 3774 3775 if ((flag & FLAG_FORWARD_PROGRESS) || !(flag & FLAG_NOT_DUP)) 3776 dst_confirm(__sk_dst_get(sk)); 3777 3778 return 1; 3779 3780no_queue: 3781 /* If this ack opens up a zero window, clear backoff. It was 3782 * being used to time the probes, and is probably far higher than 3783 * it needs to be for normal retransmission. 3784 */ 3785 if (tcp_send_head(sk)) 3786 tcp_ack_probe(sk); 3787 return 1; 3788 3789invalid_ack: 3790 SOCK_DEBUG(sk, "Ack %u after %u:%u\n", ack, tp->snd_una, tp->snd_nxt); 3791 return -1; 3792 3793old_ack: 3794 if (TCP_SKB_CB(skb)->sacked) { 3795 tcp_sacktag_write_queue(sk, skb, prior_snd_una); 3796 if (icsk->icsk_ca_state == TCP_CA_Open) 3797 tcp_try_keep_open(sk); 3798 } 3799 3800 SOCK_DEBUG(sk, "Ack %u before %u:%u\n", ack, tp->snd_una, tp->snd_nxt); 3801 return 0; 3802} 3803 3804/* Look for tcp options. Normally only called on SYN and SYNACK packets. 3805 * But, this can also be called on packets in the established flow when 3806 * the fast version below fails. 3807 */ 3808void tcp_parse_options(struct sk_buff *skb, struct tcp_options_received *opt_rx, 3809 u8 **hvpp, int estab) 3810{ 3811 unsigned char *ptr; 3812 struct tcphdr *th = tcp_hdr(skb); 3813 int length = (th->doff * 4) - sizeof(struct tcphdr); 3814 3815 ptr = (unsigned char *)(th + 1); 3816 opt_rx->saw_tstamp = 0; 3817 3818 while (length > 0) { 3819 int opcode = *ptr++; 3820 int opsize; 3821 3822 switch (opcode) { 3823 case TCPOPT_EOL: 3824 return; 3825 case TCPOPT_NOP: /* Ref: RFC 793 section 3.1 */ 3826 length--; 3827 continue; 3828 default: 3829 opsize = *ptr++; 3830 if (opsize < 2) /* "silly options" */ 3831 return; 3832 if (opsize > length) 3833 return; /* don't parse partial options */ 3834 switch (opcode) { 3835 case TCPOPT_MSS: 3836 if (opsize == TCPOLEN_MSS && th->syn && !estab) { 3837 u16 in_mss = get_unaligned_be16(ptr); 3838 if (in_mss) { 3839 if (opt_rx->user_mss && 3840 opt_rx->user_mss < in_mss) 3841 in_mss = opt_rx->user_mss; 3842 opt_rx->mss_clamp = in_mss; 3843 } 3844 } 3845 break; 3846 case TCPOPT_WINDOW: 3847 if (opsize == TCPOLEN_WINDOW && th->syn && 3848 !estab && sysctl_tcp_window_scaling) { 3849 __u8 snd_wscale = *(__u8 *)ptr; 3850 opt_rx->wscale_ok = 1; 3851 if (snd_wscale > 14) { 3852 if (net_ratelimit()) 3853 printk(KERN_INFO "tcp_parse_options: Illegal window " 3854 "scaling value %d >14 received.\n", 3855 snd_wscale); 3856 snd_wscale = 14; 3857 } 3858 opt_rx->snd_wscale = snd_wscale; 3859 } 3860 break; 3861 case TCPOPT_TIMESTAMP: 3862 if ((opsize == TCPOLEN_TIMESTAMP) && 3863 ((estab && opt_rx->tstamp_ok) || 3864 (!estab && sysctl_tcp_timestamps))) { 3865 opt_rx->saw_tstamp = 1; 3866 opt_rx->rcv_tsval = get_unaligned_be32(ptr); 3867 opt_rx->rcv_tsecr = get_unaligned_be32(ptr + 4); 3868 } 3869 break; 3870 case TCPOPT_SACK_PERM: 3871 if (opsize == TCPOLEN_SACK_PERM && th->syn && 3872 !estab && sysctl_tcp_sack) { 3873 opt_rx->sack_ok = 1; 3874 tcp_sack_reset(opt_rx); 3875 } 3876 break; 3877 3878 case TCPOPT_SACK: 3879 if ((opsize >= (TCPOLEN_SACK_BASE + TCPOLEN_SACK_PERBLOCK)) && 3880 !((opsize - TCPOLEN_SACK_BASE) % TCPOLEN_SACK_PERBLOCK) && 3881 opt_rx->sack_ok) { 3882 TCP_SKB_CB(skb)->sacked = (ptr - 2) - (unsigned char *)th; 3883 } 3884 break; 3885#ifdef CONFIG_TCP_MD5SIG 3886 case TCPOPT_MD5SIG: 3887 /* 3888 * The MD5 Hash has already been 3889 * checked (see tcp_v{4,6}_do_rcv()). 3890 */ 3891 break; 3892#endif 3893 case TCPOPT_COOKIE: 3894 /* This option is variable length. 3895 */ 3896 switch (opsize) { 3897 case TCPOLEN_COOKIE_BASE: 3898 /* not yet implemented */ 3899 break; 3900 case TCPOLEN_COOKIE_PAIR: 3901 /* not yet implemented */ 3902 break; 3903 case TCPOLEN_COOKIE_MIN+0: 3904 case TCPOLEN_COOKIE_MIN+2: 3905 case TCPOLEN_COOKIE_MIN+4: 3906 case TCPOLEN_COOKIE_MIN+6: 3907 case TCPOLEN_COOKIE_MAX: 3908 /* 16-bit multiple */ 3909 opt_rx->cookie_plus = opsize; 3910 *hvpp = ptr; 3911 break; 3912 default: 3913 /* ignore option */ 3914 break; 3915 } 3916 break; 3917 } 3918 3919 ptr += opsize-2; 3920 length -= opsize; 3921 } 3922 } 3923} 3924EXPORT_SYMBOL(tcp_parse_options); 3925 3926static int tcp_parse_aligned_timestamp(struct tcp_sock *tp, struct tcphdr *th) 3927{ 3928 __be32 *ptr = (__be32 *)(th + 1); 3929 3930 if (*ptr == htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) 3931 | (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP)) { 3932 tp->rx_opt.saw_tstamp = 1; 3933 ++ptr; 3934 tp->rx_opt.rcv_tsval = ntohl(*ptr); 3935 ++ptr; 3936 tp->rx_opt.rcv_tsecr = ntohl(*ptr); 3937 return 1; 3938 } 3939 return 0; 3940} 3941 3942/* Fast parse options. This hopes to only see timestamps. 3943 * If it is wrong it falls back on tcp_parse_options(). 3944 */ 3945static int tcp_fast_parse_options(struct sk_buff *skb, struct tcphdr *th, 3946 struct tcp_sock *tp, u8 **hvpp) 3947{ 3948 /* In the spirit of fast parsing, compare doff directly to constant 3949 * values. Because equality is used, short doff can be ignored here. 3950 */ 3951 if (th->doff == (sizeof(*th) / 4)) { 3952 tp->rx_opt.saw_tstamp = 0; 3953 return 0; 3954 } else if (tp->rx_opt.tstamp_ok && 3955 th->doff == ((sizeof(*th) + TCPOLEN_TSTAMP_ALIGNED) / 4)) { 3956 if (tcp_parse_aligned_timestamp(tp, th)) 3957 return 1; 3958 } 3959 tcp_parse_options(skb, &tp->rx_opt, hvpp, 1); 3960 return 1; 3961} 3962 3963#ifdef CONFIG_TCP_MD5SIG 3964/* 3965 * Parse MD5 Signature option 3966 */ 3967u8 *tcp_parse_md5sig_option(struct tcphdr *th) 3968{ 3969 int length = (th->doff << 2) - sizeof (*th); 3970 u8 *ptr = (u8*)(th + 1); 3971 3972 /* If the TCP option is too short, we can short cut */ 3973 if (length < TCPOLEN_MD5SIG) 3974 return NULL; 3975 3976 while (length > 0) { 3977 int opcode = *ptr++; 3978 int opsize; 3979 3980 switch(opcode) { 3981 case TCPOPT_EOL: 3982 return NULL; 3983 case TCPOPT_NOP: 3984 length--; 3985 continue; 3986 default: 3987 opsize = *ptr++; 3988 if (opsize < 2 || opsize > length) 3989 return NULL; 3990 if (opcode == TCPOPT_MD5SIG) 3991 return opsize == TCPOLEN_MD5SIG ? ptr : NULL; 3992 } 3993 ptr += opsize - 2; 3994 length -= opsize; 3995 } 3996 return NULL; 3997} 3998EXPORT_SYMBOL(tcp_parse_md5sig_option); 3999#endif 4000 4001static inline void tcp_store_ts_recent(struct tcp_sock *tp) 4002{ 4003 tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval; 4004 tp->rx_opt.ts_recent_stamp = get_seconds(); 4005} 4006 4007static inline void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq) 4008{ 4009 if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) { 4010 /* PAWS bug workaround wrt. ACK frames, the PAWS discard 4011 * extra check below makes sure this can only happen 4012 * for pure ACK frames. -DaveM 4013 * 4014 * Not only, also it occurs for expired timestamps. 4015 */ 4016 4017 if (tcp_paws_check(&tp->rx_opt, 0)) 4018 tcp_store_ts_recent(tp); 4019 } 4020} 4021 4022/* Sorry, PAWS as specified is broken wrt. pure-ACKs -DaveM 4023 * 4024 * It is not fatal. If this ACK does _not_ change critical state (seqs, window) 4025 * it can pass through stack. So, the following predicate verifies that 4026 * this segment is not used for anything but congestion avoidance or 4027 * fast retransmit. Moreover, we even are able to eliminate most of such 4028 * second order effects, if we apply some small "replay" window (~RTO) 4029 * to timestamp space. 4030 * 4031 * All these measures still do not guarantee that we reject wrapped ACKs 4032 * on networks with high bandwidth, when sequence space is recycled fastly, 4033 * but it guarantees that such events will be very rare and do not affect 4034 * connection seriously. This doesn't look nice, but alas, PAWS is really 4035 * buggy extension. 4036 * 4037 * [ Later note. Even worse! It is buggy for segments _with_ data. RFC 4038 * states that events when retransmit arrives after original data are rare. 4039 * It is a blatant lie. VJ forgot about fast retransmit! 8)8) It is 4040 * the biggest problem on large power networks even with minor reordering. 4041 * OK, let's give it small replay window. If peer clock is even 1hz, it is safe 4042 * up to bandwidth of 18Gigabit/sec. 8) ] 4043 */ 4044 4045static int tcp_disordered_ack(const struct sock *sk, const struct sk_buff *skb) 4046{ 4047 struct tcp_sock *tp = tcp_sk(sk); 4048 struct tcphdr *th = tcp_hdr(skb); 4049 u32 seq = TCP_SKB_CB(skb)->seq; 4050 u32 ack = TCP_SKB_CB(skb)->ack_seq; 4051 4052 return (/* 1. Pure ACK with correct sequence number. */ 4053 (th->ack && seq == TCP_SKB_CB(skb)->end_seq && seq == tp->rcv_nxt) && 4054 4055 /* 2. ... and duplicate ACK. */ 4056 ack == tp->snd_una && 4057 4058 /* 3. ... and does not update window. */ 4059 !tcp_may_update_window(tp, ack, seq, ntohs(th->window) << tp->rx_opt.snd_wscale) && 4060 4061 /* 4. ... and sits in replay window. */ 4062 (s32)(tp->rx_opt.ts_recent - tp->rx_opt.rcv_tsval) <= (inet_csk(sk)->icsk_rto * 1024) / HZ); 4063} 4064 4065static inline int tcp_paws_discard(const struct sock *sk, 4066 const struct sk_buff *skb) 4067{ 4068 const struct tcp_sock *tp = tcp_sk(sk); 4069 4070 return !tcp_paws_check(&tp->rx_opt, TCP_PAWS_WINDOW) && 4071 !tcp_disordered_ack(sk, skb); 4072} 4073 4074/* Check segment sequence number for validity. 4075 * 4076 * Segment controls are considered valid, if the segment 4077 * fits to the window after truncation to the window. Acceptability 4078 * of data (and SYN, FIN, of course) is checked separately. 4079 * See tcp_data_queue(), for example. 4080 * 4081 * Also, controls (RST is main one) are accepted using RCV.WUP instead 4082 * of RCV.NXT. Peer still did not advance his SND.UNA when we 4083 * delayed ACK, so that hisSND.UNA<=ourRCV.WUP. 4084 * (borrowed from freebsd) 4085 */ 4086 4087static inline int tcp_sequence(struct tcp_sock *tp, u32 seq, u32 end_seq) 4088{ 4089 return !before(end_seq, tp->rcv_wup) && 4090 !after(seq, tp->rcv_nxt + tcp_receive_window(tp)); 4091} 4092 4093/* When we get a reset we do this. */ 4094static void tcp_reset(struct sock *sk) 4095{ 4096 /* We want the right error as BSD sees it (and indeed as we do). */ 4097 switch (sk->sk_state) { 4098 case TCP_SYN_SENT: 4099 sk->sk_err = ECONNREFUSED; 4100 break; 4101 case TCP_CLOSE_WAIT: 4102 sk->sk_err = EPIPE; 4103 break; 4104 case TCP_CLOSE: 4105 return; 4106 default: 4107 sk->sk_err = ECONNRESET; 4108 } 4109 /* This barrier is coupled with smp_rmb() in tcp_poll() */ 4110 smp_wmb(); 4111 4112 if (!sock_flag(sk, SOCK_DEAD)) 4113 sk->sk_error_report(sk); 4114 4115 tcp_done(sk); 4116} 4117 4118/* 4119 * Process the FIN bit. This now behaves as it is supposed to work 4120 * and the FIN takes effect when it is validly part of sequence 4121 * space. Not before when we get holes. 4122 * 4123 * If we are ESTABLISHED, a received fin moves us to CLOSE-WAIT 4124 * (and thence onto LAST-ACK and finally, CLOSE, we never enter 4125 * TIME-WAIT) 4126 * 4127 * If we are in FINWAIT-1, a received FIN indicates simultaneous 4128 * close and we go into CLOSING (and later onto TIME-WAIT) 4129 * 4130 * If we are in FINWAIT-2, a received FIN moves us to TIME-WAIT. 4131 */ 4132static void tcp_fin(struct sk_buff *skb, struct sock *sk, struct tcphdr *th) 4133{ 4134 struct tcp_sock *tp = tcp_sk(sk); 4135 4136 inet_csk_schedule_ack(sk); 4137 4138 sk->sk_shutdown |= RCV_SHUTDOWN; 4139 sock_set_flag(sk, SOCK_DONE); 4140 4141 switch (sk->sk_state) { 4142 case TCP_SYN_RECV: 4143 case TCP_ESTABLISHED: 4144 /* Move to CLOSE_WAIT */ 4145 tcp_set_state(sk, TCP_CLOSE_WAIT); 4146 inet_csk(sk)->icsk_ack.pingpong = 1; 4147 break; 4148 4149 case TCP_CLOSE_WAIT: 4150 case TCP_CLOSING: 4151 /* Received a retransmission of the FIN, do 4152 * nothing. 4153 */ 4154 break; 4155 case TCP_LAST_ACK: 4156 /* RFC793: Remain in the LAST-ACK state. */ 4157 break; 4158 4159 case TCP_FIN_WAIT1: 4160 /* This case occurs when a simultaneous close 4161 * happens, we must ack the received FIN and 4162 * enter the CLOSING state. 4163 */ 4164 tcp_send_ack(sk); 4165 tcp_set_state(sk, TCP_CLOSING); 4166 break; 4167 case TCP_FIN_WAIT2: 4168 /* Received a FIN -- send ACK and enter TIME_WAIT. */ 4169 tcp_send_ack(sk); 4170 tcp_time_wait(sk, TCP_TIME_WAIT, 0); 4171 break; 4172 default: 4173 /* Only TCP_LISTEN and TCP_CLOSE are left, in these 4174 * cases we should never reach this piece of code. 4175 */ 4176 printk(KERN_ERR "%s: Impossible, sk->sk_state=%d\n", 4177 __func__, sk->sk_state); 4178 break; 4179 } 4180 4181 /* It _is_ possible, that we have something out-of-order _after_ FIN. 4182 * Probably, we should reset in this case. For now drop them. 4183 */ 4184 __skb_queue_purge(&tp->out_of_order_queue); 4185 if (tcp_is_sack(tp)) 4186 tcp_sack_reset(&tp->rx_opt); 4187 sk_mem_reclaim(sk); 4188 4189 if (!sock_flag(sk, SOCK_DEAD)) { 4190 sk->sk_state_change(sk); 4191 4192 /* Do not send POLL_HUP for half duplex close. */ 4193 if (sk->sk_shutdown == SHUTDOWN_MASK || 4194 sk->sk_state == TCP_CLOSE) 4195 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_HUP); 4196 else 4197 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN); 4198 } 4199} 4200 4201static inline int tcp_sack_extend(struct tcp_sack_block *sp, u32 seq, 4202 u32 end_seq) 4203{ 4204 if (!after(seq, sp->end_seq) && !after(sp->start_seq, end_seq)) { 4205 if (before(seq, sp->start_seq)) 4206 sp->start_seq = seq; 4207 if (after(end_seq, sp->end_seq)) 4208 sp->end_seq = end_seq; 4209 return 1; 4210 } 4211 return 0; 4212} 4213 4214static void tcp_dsack_set(struct sock *sk, u32 seq, u32 end_seq) 4215{ 4216 struct tcp_sock *tp = tcp_sk(sk); 4217 4218 if (tcp_is_sack(tp) && sysctl_tcp_dsack) { 4219 int mib_idx; 4220 4221 if (before(seq, tp->rcv_nxt)) 4222 mib_idx = LINUX_MIB_TCPDSACKOLDSENT; 4223 else 4224 mib_idx = LINUX_MIB_TCPDSACKOFOSENT; 4225 4226 NET_INC_STATS_BH(sock_net(sk), mib_idx); 4227 4228 tp->rx_opt.dsack = 1; 4229 tp->duplicate_sack[0].start_seq = seq; 4230 tp->duplicate_sack[0].end_seq = end_seq; 4231 } 4232} 4233 4234static void tcp_dsack_extend(struct sock *sk, u32 seq, u32 end_seq) 4235{ 4236 struct tcp_sock *tp = tcp_sk(sk); 4237 4238 if (!tp->rx_opt.dsack) 4239 tcp_dsack_set(sk, seq, end_seq); 4240 else 4241 tcp_sack_extend(tp->duplicate_sack, seq, end_seq); 4242} 4243 4244static void tcp_send_dupack(struct sock *sk, struct sk_buff *skb) 4245{ 4246 struct tcp_sock *tp = tcp_sk(sk); 4247 4248 if (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq && 4249 before(TCP_SKB_CB(skb)->seq, tp->rcv_nxt)) { 4250 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_DELAYEDACKLOST); 4251 tcp_enter_quickack_mode(sk); 4252 4253 if (tcp_is_sack(tp) && sysctl_tcp_dsack) { 4254 u32 end_seq = TCP_SKB_CB(skb)->end_seq; 4255 4256 if (after(TCP_SKB_CB(skb)->end_seq, tp->rcv_nxt)) 4257 end_seq = tp->rcv_nxt; 4258 tcp_dsack_set(sk, TCP_SKB_CB(skb)->seq, end_seq); 4259 } 4260 } 4261 4262 tcp_send_ack(sk); 4263} 4264 4265/* These routines update the SACK block as out-of-order packets arrive or 4266 * in-order packets close up the sequence space. 4267 */ 4268static void tcp_sack_maybe_coalesce(struct tcp_sock *tp) 4269{ 4270 int this_sack; 4271 struct tcp_sack_block *sp = &tp->selective_acks[0]; 4272 struct tcp_sack_block *swalk = sp + 1; 4273 4274 /* See if the recent change to the first SACK eats into 4275 * or hits the sequence space of other SACK blocks, if so coalesce. 4276 */ 4277 for (this_sack = 1; this_sack < tp->rx_opt.num_sacks;) { 4278 if (tcp_sack_extend(sp, swalk->start_seq, swalk->end_seq)) { 4279 int i; 4280 4281 /* Zap SWALK, by moving every further SACK up by one slot. 4282 * Decrease num_sacks. 4283 */ 4284 tp->rx_opt.num_sacks--; 4285 for (i = this_sack; i < tp->rx_opt.num_sacks; i++) 4286 sp[i] = sp[i + 1]; 4287 continue; 4288 } 4289 this_sack++, swalk++; 4290 } 4291} 4292 4293static void tcp_sack_new_ofo_skb(struct sock *sk, u32 seq, u32 end_seq) 4294{ 4295 struct tcp_sock *tp = tcp_sk(sk); 4296 struct tcp_sack_block *sp = &tp->selective_acks[0]; 4297 int cur_sacks = tp->rx_opt.num_sacks; 4298 int this_sack; 4299 4300 if (!cur_sacks) 4301 goto new_sack; 4302 4303 for (this_sack = 0; this_sack < cur_sacks; this_sack++, sp++) { 4304 if (tcp_sack_extend(sp, seq, end_seq)) { 4305 /* Rotate this_sack to the first one. */ 4306 for (; this_sack > 0; this_sack--, sp--) 4307 swap(*sp, *(sp - 1)); 4308 if (cur_sacks > 1) 4309 tcp_sack_maybe_coalesce(tp); 4310 return; 4311 } 4312 } 4313 4314 /* Could not find an adjacent existing SACK, build a new one, 4315 * put it at the front, and shift everyone else down. We 4316 * always know there is at least one SACK present already here. 4317 * 4318 * If the sack array is full, forget about the last one. 4319 */ 4320 if (this_sack >= TCP_NUM_SACKS) { 4321 this_sack--; 4322 tp->rx_opt.num_sacks--; 4323 sp--; 4324 } 4325 for (; this_sack > 0; this_sack--, sp--) 4326 *sp = *(sp - 1); 4327 4328new_sack: 4329 /* Build the new head SACK, and we're done. */ 4330 sp->start_seq = seq; 4331 sp->end_seq = end_seq; 4332 tp->rx_opt.num_sacks++; 4333} 4334 4335/* RCV.NXT advances, some SACKs should be eaten. */ 4336 4337static void tcp_sack_remove(struct tcp_sock *tp) 4338{ 4339 struct tcp_sack_block *sp = &tp->selective_acks[0]; 4340 int num_sacks = tp->rx_opt.num_sacks; 4341 int this_sack; 4342 4343 /* Empty ofo queue, hence, all the SACKs are eaten. Clear. */ 4344 if (skb_queue_empty(&tp->out_of_order_queue)) { 4345 tp->rx_opt.num_sacks = 0; 4346 return; 4347 } 4348 4349 for (this_sack = 0; this_sack < num_sacks;) { 4350 /* Check if the start of the sack is covered by RCV.NXT. */ 4351 if (!before(tp->rcv_nxt, sp->start_seq)) { 4352 int i; 4353 4354 /* RCV.NXT must cover all the block! */ 4355 WARN_ON(before(tp->rcv_nxt, sp->end_seq)); 4356 4357 /* Zap this SACK, by moving forward any other SACKS. */ 4358 for (i=this_sack+1; i < num_sacks; i++) 4359 tp->selective_acks[i-1] = tp->selective_acks[i]; 4360 num_sacks--; 4361 continue; 4362 } 4363 this_sack++; 4364 sp++; 4365 } 4366 tp->rx_opt.num_sacks = num_sacks; 4367} 4368 4369/* This one checks to see if we can put data from the 4370 * out_of_order queue into the receive_queue. 4371 */ 4372static void tcp_ofo_queue(struct sock *sk) 4373{ 4374 struct tcp_sock *tp = tcp_sk(sk); 4375 __u32 dsack_high = tp->rcv_nxt; 4376 struct sk_buff *skb; 4377 4378 while ((skb = skb_peek(&tp->out_of_order_queue)) != NULL) { 4379 if (after(TCP_SKB_CB(skb)->seq, tp->rcv_nxt)) 4380 break; 4381 4382 if (before(TCP_SKB_CB(skb)->seq, dsack_high)) { 4383 __u32 dsack = dsack_high; 4384 if (before(TCP_SKB_CB(skb)->end_seq, dsack_high)) 4385 dsack_high = TCP_SKB_CB(skb)->end_seq; 4386 tcp_dsack_extend(sk, TCP_SKB_CB(skb)->seq, dsack); 4387 } 4388 4389 if (!after(TCP_SKB_CB(skb)->end_seq, tp->rcv_nxt)) { 4390 SOCK_DEBUG(sk, "ofo packet was already received\n"); 4391 __skb_unlink(skb, &tp->out_of_order_queue); 4392 __kfree_skb(skb); 4393 continue; 4394 } 4395 SOCK_DEBUG(sk, "ofo requeuing : rcv_next %X seq %X - %X\n", 4396 tp->rcv_nxt, TCP_SKB_CB(skb)->seq, 4397 TCP_SKB_CB(skb)->end_seq); 4398 4399 __skb_unlink(skb, &tp->out_of_order_queue); 4400 __skb_queue_tail(&sk->sk_receive_queue, skb); 4401 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq; 4402 if (tcp_hdr(skb)->fin) 4403 tcp_fin(skb, sk, tcp_hdr(skb)); 4404 } 4405} 4406 4407static int tcp_prune_ofo_queue(struct sock *sk); 4408static int tcp_prune_queue(struct sock *sk); 4409 4410static inline int tcp_try_rmem_schedule(struct sock *sk, unsigned int size) 4411{ 4412 if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf || 4413 !sk_rmem_schedule(sk, size)) { 4414 4415 if (tcp_prune_queue(sk) < 0) 4416 return -1; 4417 4418 if (!sk_rmem_schedule(sk, size)) { 4419 if (!tcp_prune_ofo_queue(sk)) 4420 return -1; 4421 4422 if (!sk_rmem_schedule(sk, size)) 4423 return -1; 4424 } 4425 } 4426 return 0; 4427} 4428 4429static void tcp_data_queue(struct sock *sk, struct sk_buff *skb) 4430{ 4431 struct tcphdr *th = tcp_hdr(skb); 4432 struct tcp_sock *tp = tcp_sk(sk); 4433 int eaten = -1; 4434 4435 if (TCP_SKB_CB(skb)->seq == TCP_SKB_CB(skb)->end_seq) 4436 goto drop; 4437 4438 skb_dst_drop(skb); 4439 __skb_pull(skb, th->doff * 4); 4440 4441 TCP_ECN_accept_cwr(tp, skb); 4442 4443 tp->rx_opt.dsack = 0; 4444 4445 /* Queue data for delivery to the user. 4446 * Packets in sequence go to the receive queue. 4447 * Out of sequence packets to the out_of_order_queue. 4448 */ 4449 if (TCP_SKB_CB(skb)->seq == tp->rcv_nxt) { 4450 if (tcp_receive_window(tp) == 0) 4451 goto out_of_window; 4452 4453 /* Ok. In sequence. In window. */ 4454 if (tp->ucopy.task == current && 4455 tp->copied_seq == tp->rcv_nxt && tp->ucopy.len && 4456 sock_owned_by_user(sk) && !tp->urg_data) { 4457 int chunk = min_t(unsigned int, skb->len, 4458 tp->ucopy.len); 4459 4460 __set_current_state(TASK_RUNNING); 4461 4462 local_bh_enable(); 4463 if (!skb_copy_datagram_iovec(skb, 0, tp->ucopy.iov, chunk)) { 4464 tp->ucopy.len -= chunk; 4465 tp->copied_seq += chunk; 4466 eaten = (chunk == skb->len); 4467 tcp_rcv_space_adjust(sk); 4468 } 4469 local_bh_disable(); 4470 } 4471 4472 if (eaten <= 0) { 4473queue_and_out: 4474 if (eaten < 0 && 4475 tcp_try_rmem_schedule(sk, skb->truesize)) 4476 goto drop; 4477 4478 skb_set_owner_r(skb, sk); 4479 __skb_queue_tail(&sk->sk_receive_queue, skb); 4480 } 4481 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq; 4482 if (skb->len) 4483 tcp_event_data_recv(sk, skb); 4484 if (th->fin) 4485 tcp_fin(skb, sk, th); 4486 4487 if (!skb_queue_empty(&tp->out_of_order_queue)) { 4488 tcp_ofo_queue(sk); 4489 4490 /* RFC2581. 4.2. SHOULD send immediate ACK, when 4491 * gap in queue is filled. 4492 */ 4493 if (skb_queue_empty(&tp->out_of_order_queue)) 4494 inet_csk(sk)->icsk_ack.pingpong = 0; 4495 } 4496 4497 if (tp->rx_opt.num_sacks) 4498 tcp_sack_remove(tp); 4499 4500 tcp_fast_path_check(sk); 4501 4502 if (eaten > 0) 4503 __kfree_skb(skb); 4504 else if (!sock_flag(sk, SOCK_DEAD)) 4505 sk->sk_data_ready(sk, 0); 4506 return; 4507 } 4508 4509 if (!after(TCP_SKB_CB(skb)->end_seq, tp->rcv_nxt)) { 4510 /* A retransmit, 2nd most common case. Force an immediate ack. */ 4511 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_DELAYEDACKLOST); 4512 tcp_dsack_set(sk, TCP_SKB_CB(skb)->seq, TCP_SKB_CB(skb)->end_seq); 4513 4514out_of_window: 4515 tcp_enter_quickack_mode(sk); 4516 inet_csk_schedule_ack(sk); 4517drop: 4518 __kfree_skb(skb); 4519 return; 4520 } 4521 4522 /* Out of window. F.e. zero window probe. */ 4523 if (!before(TCP_SKB_CB(skb)->seq, tp->rcv_nxt + tcp_receive_window(tp))) 4524 goto out_of_window; 4525 4526 tcp_enter_quickack_mode(sk); 4527 4528 if (before(TCP_SKB_CB(skb)->seq, tp->rcv_nxt)) { 4529 /* Partial packet, seq < rcv_next < end_seq */ 4530 SOCK_DEBUG(sk, "partial packet: rcv_next %X seq %X - %X\n", 4531 tp->rcv_nxt, TCP_SKB_CB(skb)->seq, 4532 TCP_SKB_CB(skb)->end_seq); 4533 4534 tcp_dsack_set(sk, TCP_SKB_CB(skb)->seq, tp->rcv_nxt); 4535 4536 /* If window is closed, drop tail of packet. But after 4537 * remembering D-SACK for its head made in previous line. 4538 */ 4539 if (!tcp_receive_window(tp)) 4540 goto out_of_window; 4541 goto queue_and_out; 4542 } 4543 4544 TCP_ECN_check_ce(tp, skb); 4545 4546 if (tcp_try_rmem_schedule(sk, skb->truesize)) 4547 goto drop; 4548 4549 /* Disable header prediction. */ 4550 tp->pred_flags = 0; 4551 inet_csk_schedule_ack(sk); 4552 4553 SOCK_DEBUG(sk, "out of order segment: rcv_next %X seq %X - %X\n", 4554 tp->rcv_nxt, TCP_SKB_CB(skb)->seq, TCP_SKB_CB(skb)->end_seq); 4555 4556 skb_set_owner_r(skb, sk); 4557 4558 if (!skb_peek(&tp->out_of_order_queue)) { 4559 /* Initial out of order segment, build 1 SACK. */ 4560 if (tcp_is_sack(tp)) { 4561 tp->rx_opt.num_sacks = 1; 4562 tp->selective_acks[0].start_seq = TCP_SKB_CB(skb)->seq; 4563 tp->selective_acks[0].end_seq = 4564 TCP_SKB_CB(skb)->end_seq; 4565 } 4566 __skb_queue_head(&tp->out_of_order_queue, skb); 4567 } else { 4568 struct sk_buff *skb1 = skb_peek_tail(&tp->out_of_order_queue); 4569 u32 seq = TCP_SKB_CB(skb)->seq; 4570 u32 end_seq = TCP_SKB_CB(skb)->end_seq; 4571 4572 if (seq == TCP_SKB_CB(skb1)->end_seq) { 4573 __skb_queue_after(&tp->out_of_order_queue, skb1, skb); 4574 4575 if (!tp->rx_opt.num_sacks || 4576 tp->selective_acks[0].end_seq != seq) 4577 goto add_sack; 4578 4579 /* Common case: data arrive in order after hole. */ 4580 tp->selective_acks[0].end_seq = end_seq; 4581 return; 4582 } 4583 4584 /* Find place to insert this segment. */ 4585 while (1) { 4586 if (!after(TCP_SKB_CB(skb1)->seq, seq)) 4587 break; 4588 if (skb_queue_is_first(&tp->out_of_order_queue, skb1)) { 4589 skb1 = NULL; 4590 break; 4591 } 4592 skb1 = skb_queue_prev(&tp->out_of_order_queue, skb1); 4593 } 4594 4595 /* Do skb overlap to previous one? */ 4596 if (skb1 && before(seq, TCP_SKB_CB(skb1)->end_seq)) { 4597 if (!after(end_seq, TCP_SKB_CB(skb1)->end_seq)) { 4598 /* All the bits are present. Drop. */ 4599 __kfree_skb(skb); 4600 tcp_dsack_set(sk, seq, end_seq); 4601 goto add_sack; 4602 } 4603 if (after(seq, TCP_SKB_CB(skb1)->seq)) { 4604 /* Partial overlap. */ 4605 tcp_dsack_set(sk, seq, 4606 TCP_SKB_CB(skb1)->end_seq); 4607 } else { 4608 if (skb_queue_is_first(&tp->out_of_order_queue, 4609 skb1)) 4610 skb1 = NULL; 4611 else 4612 skb1 = skb_queue_prev( 4613 &tp->out_of_order_queue, 4614 skb1); 4615 } 4616 } 4617 if (!skb1) 4618 __skb_queue_head(&tp->out_of_order_queue, skb); 4619 else 4620 __skb_queue_after(&tp->out_of_order_queue, skb1, skb); 4621 4622 /* And clean segments covered by new one as whole. */ 4623 while (!skb_queue_is_last(&tp->out_of_order_queue, skb)) { 4624 skb1 = skb_queue_next(&tp->out_of_order_queue, skb); 4625 4626 if (!after(end_seq, TCP_SKB_CB(skb1)->seq)) 4627 break; 4628 if (before(end_seq, TCP_SKB_CB(skb1)->end_seq)) { 4629 tcp_dsack_extend(sk, TCP_SKB_CB(skb1)->seq, 4630 end_seq); 4631 break; 4632 } 4633 __skb_unlink(skb1, &tp->out_of_order_queue); 4634 tcp_dsack_extend(sk, TCP_SKB_CB(skb1)->seq, 4635 TCP_SKB_CB(skb1)->end_seq); 4636 __kfree_skb(skb1); 4637 } 4638 4639add_sack: 4640 if (tcp_is_sack(tp)) 4641 tcp_sack_new_ofo_skb(sk, seq, end_seq); 4642 } 4643} 4644 4645static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, 4646 struct sk_buff_head *list) 4647{ 4648 struct sk_buff *next = NULL; 4649 4650 if (!skb_queue_is_last(list, skb)) 4651 next = skb_queue_next(list, skb); 4652 4653 __skb_unlink(skb, list); 4654 __kfree_skb(skb); 4655 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPRCVCOLLAPSED); 4656 4657 return next; 4658} 4659 4660/* Collapse contiguous sequence of skbs head..tail with 4661 * sequence numbers start..end. 4662 * 4663 * If tail is NULL, this means until the end of the list. 4664 * 4665 * Segments with FIN/SYN are not collapsed (only because this 4666 * simplifies code) 4667 */ 4668static void 4669tcp_collapse(struct sock *sk, struct sk_buff_head *list, 4670 struct sk_buff *head, struct sk_buff *tail, 4671 u32 start, u32 end) 4672{ 4673 struct sk_buff *skb, *n; 4674 bool end_of_skbs; 4675 4676 /* First, check that queue is collapsible and find 4677 * the point where collapsing can be useful. */ 4678 skb = head; 4679restart: 4680 end_of_skbs = true; 4681 skb_queue_walk_from_safe(list, skb, n) { 4682 if (skb == tail) 4683 break; 4684 /* No new bits? It is possible on ofo queue. */ 4685 if (!before(start, TCP_SKB_CB(skb)->end_seq)) { 4686 skb = tcp_collapse_one(sk, skb, list); 4687 if (!skb) 4688 break; 4689 goto restart; 4690 } 4691 4692 /* The first skb to collapse is: 4693 * - not SYN/FIN and 4694 * - bloated or contains data before "start" or 4695 * overlaps to the next one. 4696 */ 4697 if (!tcp_hdr(skb)->syn && !tcp_hdr(skb)->fin && 4698 (tcp_win_from_space(skb->truesize) > skb->len || 4699 before(TCP_SKB_CB(skb)->seq, start))) { 4700 end_of_skbs = false; 4701 break; 4702 } 4703 4704 if (!skb_queue_is_last(list, skb)) { 4705 struct sk_buff *next = skb_queue_next(list, skb); 4706 if (next != tail && 4707 TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(next)->seq) { 4708 end_of_skbs = false; 4709 break; 4710 } 4711 } 4712 4713 /* Decided to skip this, advance start seq. */ 4714 start = TCP_SKB_CB(skb)->end_seq; 4715 } 4716 if (end_of_skbs || tcp_hdr(skb)->syn || tcp_hdr(skb)->fin) 4717 return; 4718 4719 while (before(start, end)) { 4720 struct sk_buff *nskb; 4721 unsigned int header = skb_headroom(skb); 4722 int copy = SKB_MAX_ORDER(header, 0); 4723 4724 /* Too big header? This can happen with IPv6. */ 4725 if (copy < 0) 4726 return; 4727 if (end - start < copy) 4728 copy = end - start; 4729 nskb = alloc_skb(copy + header, GFP_ATOMIC); 4730 if (!nskb) 4731 return; 4732 4733 skb_set_mac_header(nskb, skb_mac_header(skb) - skb->head); 4734 skb_set_network_header(nskb, (skb_network_header(skb) - 4735 skb->head)); 4736 skb_set_transport_header(nskb, (skb_transport_header(skb) - 4737 skb->head)); 4738 skb_reserve(nskb, header); 4739 memcpy(nskb->head, skb->head, header); 4740 memcpy(nskb->cb, skb->cb, sizeof(skb->cb)); 4741 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(nskb)->end_seq = start; 4742 __skb_queue_before(list, skb, nskb); 4743 skb_set_owner_r(nskb, sk); 4744 4745 /* Copy data, releasing collapsed skbs. */ 4746 while (copy > 0) { 4747 int offset = start - TCP_SKB_CB(skb)->seq; 4748 int size = TCP_SKB_CB(skb)->end_seq - start; 4749 4750 BUG_ON(offset < 0); 4751 if (size > 0) { 4752 size = min(copy, size); 4753 if (skb_copy_bits(skb, offset, skb_put(nskb, size), size)) 4754 BUG(); 4755 TCP_SKB_CB(nskb)->end_seq += size; 4756 copy -= size; 4757 start += size; 4758 } 4759 if (!before(start, TCP_SKB_CB(skb)->end_seq)) { 4760 skb = tcp_collapse_one(sk, skb, list); 4761 if (!skb || 4762 skb == tail || 4763 tcp_hdr(skb)->syn || 4764 tcp_hdr(skb)->fin) 4765 return; 4766 } 4767 } 4768 } 4769} 4770 4771/* Collapse ofo queue. Algorithm: select contiguous sequence of skbs 4772 * and tcp_collapse() them until all the queue is collapsed. 4773 */ 4774static void tcp_collapse_ofo_queue(struct sock *sk) 4775{ 4776 struct tcp_sock *tp = tcp_sk(sk); 4777 struct sk_buff *skb = skb_peek(&tp->out_of_order_queue); 4778 struct sk_buff *head; 4779 u32 start, end; 4780 4781 if (skb == NULL) 4782 return; 4783 4784 start = TCP_SKB_CB(skb)->seq; 4785 end = TCP_SKB_CB(skb)->end_seq; 4786 head = skb; 4787 4788 for (;;) { 4789 struct sk_buff *next = NULL; 4790 4791 if (!skb_queue_is_last(&tp->out_of_order_queue, skb)) 4792 next = skb_queue_next(&tp->out_of_order_queue, skb); 4793 skb = next; 4794 4795 /* Segment is terminated when we see gap or when 4796 * we are at the end of all the queue. */ 4797 if (!skb || 4798 after(TCP_SKB_CB(skb)->seq, end) || 4799 before(TCP_SKB_CB(skb)->end_seq, start)) { 4800 tcp_collapse(sk, &tp->out_of_order_queue, 4801 head, skb, start, end); 4802 head = skb; 4803 if (!skb) 4804 break; 4805 /* Start new segment */ 4806 start = TCP_SKB_CB(skb)->seq; 4807 end = TCP_SKB_CB(skb)->end_seq; 4808 } else { 4809 if (before(TCP_SKB_CB(skb)->seq, start)) 4810 start = TCP_SKB_CB(skb)->seq; 4811 if (after(TCP_SKB_CB(skb)->end_seq, end)) 4812 end = TCP_SKB_CB(skb)->end_seq; 4813 } 4814 } 4815} 4816 4817/* 4818 * Purge the out-of-order queue. 4819 * Return true if queue was pruned. 4820 */ 4821static int tcp_prune_ofo_queue(struct sock *sk) 4822{ 4823 struct tcp_sock *tp = tcp_sk(sk); 4824 int res = 0; 4825 4826 if (!skb_queue_empty(&tp->out_of_order_queue)) { 4827 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_OFOPRUNED); 4828 __skb_queue_purge(&tp->out_of_order_queue); 4829 4830 /* Reset SACK state. A conforming SACK implementation will 4831 * do the same at a timeout based retransmit. When a connection 4832 * is in a sad state like this, we care only about integrity 4833 * of the connection not performance. 4834 */ 4835 if (tp->rx_opt.sack_ok) 4836 tcp_sack_reset(&tp->rx_opt); 4837 sk_mem_reclaim(sk); 4838 res = 1; 4839 } 4840 return res; 4841} 4842 4843/* Reduce allocated memory if we can, trying to get 4844 * the socket within its memory limits again. 4845 * 4846 * Return less than zero if we should start dropping frames 4847 * until the socket owning process reads some of the data 4848 * to stabilize the situation. 4849 */ 4850static int tcp_prune_queue(struct sock *sk) 4851{ 4852 struct tcp_sock *tp = tcp_sk(sk); 4853 4854 SOCK_DEBUG(sk, "prune_queue: c=%x\n", tp->copied_seq); 4855 4856 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PRUNECALLED); 4857 4858 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) 4859 tcp_clamp_window(sk); 4860 else if (tcp_memory_pressure) 4861 tp->rcv_ssthresh = min(tp->rcv_ssthresh, 4U * tp->advmss); 4862 4863 tcp_collapse_ofo_queue(sk); 4864 if (!skb_queue_empty(&sk->sk_receive_queue)) 4865 tcp_collapse(sk, &sk->sk_receive_queue, 4866 skb_peek(&sk->sk_receive_queue), 4867 NULL, 4868 tp->copied_seq, tp->rcv_nxt); 4869 sk_mem_reclaim(sk); 4870 4871 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) 4872 return 0; 4873 4874 /* Collapsing did not help, destructive actions follow. 4875 * This must not ever occur. */ 4876 4877 tcp_prune_ofo_queue(sk); 4878 4879 if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) 4880 return 0; 4881 4882 /* If we are really being abused, tell the caller to silently 4883 * drop receive data on the floor. It will get retransmitted 4884 * and hopefully then we'll have sufficient space. 4885 */ 4886 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_RCVPRUNED); 4887 4888 /* Massive buffer overcommit. */ 4889 tp->pred_flags = 0; 4890 return -1; 4891} 4892 4893/* RFC2861, slow part. Adjust cwnd, after it was not full during one rto. 4894 * As additional protections, we do not touch cwnd in retransmission phases, 4895 * and if application hit its sndbuf limit recently. 4896 */ 4897void tcp_cwnd_application_limited(struct sock *sk) 4898{ 4899 struct tcp_sock *tp = tcp_sk(sk); 4900 4901 if (inet_csk(sk)->icsk_ca_state == TCP_CA_Open && 4902 sk->sk_socket && !test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { 4903 /* Limited by application or receiver window. */ 4904 u32 init_win = tcp_init_cwnd(tp, __sk_dst_get(sk)); 4905 u32 win_used = max(tp->snd_cwnd_used, init_win); 4906 if (win_used < tp->snd_cwnd) { 4907 tp->snd_ssthresh = tcp_current_ssthresh(sk); 4908 tp->snd_cwnd = (tp->snd_cwnd + win_used) >> 1; 4909 } 4910 tp->snd_cwnd_used = 0; 4911 } 4912 tp->snd_cwnd_stamp = tcp_time_stamp; 4913} 4914 4915static int tcp_should_expand_sndbuf(struct sock *sk) 4916{ 4917 struct tcp_sock *tp = tcp_sk(sk); 4918 4919 /* If the user specified a specific send buffer setting, do 4920 * not modify it. 4921 */ 4922 if (sk->sk_userlocks & SOCK_SNDBUF_LOCK) 4923 return 0; 4924 4925 /* If we are under global TCP memory pressure, do not expand. */ 4926 if (tcp_memory_pressure) 4927 return 0; 4928 4929 /* If we are under soft global TCP memory pressure, do not expand. */ 4930 if (atomic_long_read(&tcp_memory_allocated) >= sysctl_tcp_mem[0]) 4931 return 0; 4932 4933 /* If we filled the congestion window, do not expand. */ 4934 if (tp->packets_out >= tp->snd_cwnd) 4935 return 0; 4936 4937 return 1; 4938} 4939 4940/* When incoming ACK allowed to free some skb from write_queue, 4941 * we remember this event in flag SOCK_QUEUE_SHRUNK and wake up socket 4942 * on the exit from tcp input handler. 4943 * 4944 * PROBLEM: sndbuf expansion does not work well with largesend. 4945 */ 4946static void tcp_new_space(struct sock *sk) 4947{ 4948 struct tcp_sock *tp = tcp_sk(sk); 4949 4950 if (tcp_should_expand_sndbuf(sk)) { 4951 int sndmem = SKB_TRUESIZE(max_t(u32, 4952 tp->rx_opt.mss_clamp, 4953 tp->mss_cache) + 4954 MAX_TCP_HEADER); 4955 int demanded = max_t(unsigned int, tp->snd_cwnd, 4956 tp->reordering + 1); 4957 sndmem *= 2 * demanded; 4958 if (sndmem > sk->sk_sndbuf) 4959 sk->sk_sndbuf = min(sndmem, sysctl_tcp_wmem[2]); 4960 tp->snd_cwnd_stamp = tcp_time_stamp; 4961 } 4962 4963 sk->sk_write_space(sk); 4964} 4965 4966static void tcp_check_space(struct sock *sk) 4967{ 4968 if (sock_flag(sk, SOCK_QUEUE_SHRUNK)) { 4969 sock_reset_flag(sk, SOCK_QUEUE_SHRUNK); 4970 if (sk->sk_socket && 4971 test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) 4972 tcp_new_space(sk); 4973 } 4974} 4975 4976static inline void tcp_data_snd_check(struct sock *sk) 4977{ 4978 tcp_push_pending_frames(sk); 4979 tcp_check_space(sk); 4980} 4981 4982/* 4983 * Check if sending an ack is needed. 4984 */ 4985static void __tcp_ack_snd_check(struct sock *sk, int ofo_possible) 4986{ 4987 struct tcp_sock *tp = tcp_sk(sk); 4988 4989 /* More than one full frame received... */ 4990 if (((tp->rcv_nxt - tp->rcv_wup) > inet_csk(sk)->icsk_ack.rcv_mss && 4991 /* ... and right edge of window advances far enough. 4992 * (tcp_recvmsg() will send ACK otherwise). Or... 4993 */ 4994 __tcp_select_window(sk) >= tp->rcv_wnd) || 4995 /* We ACK each frame or... */ 4996 tcp_in_quickack_mode(sk) || 4997 /* We have out of order data. */ 4998 (ofo_possible && skb_peek(&tp->out_of_order_queue))) { 4999 /* Then ack it now */ 5000 tcp_send_ack(sk); 5001 } else { 5002 /* Else, send delayed ack. */ 5003 tcp_send_delayed_ack(sk); 5004 } 5005} 5006 5007static inline void tcp_ack_snd_check(struct sock *sk) 5008{ 5009 if (!inet_csk_ack_scheduled(sk)) { 5010 /* We sent a data segment already. */ 5011 return; 5012 } 5013 __tcp_ack_snd_check(sk, 1); 5014} 5015 5016/* 5017 * This routine is only called when we have urgent data 5018 * signaled. Its the 'slow' part of tcp_urg. It could be 5019 * moved inline now as tcp_urg is only called from one 5020 * place. We handle URGent data wrong. We have to - as 5021 * BSD still doesn't use the correction from RFC961. 5022 * For 1003.1g we should support a new option TCP_STDURG to permit 5023 * either form (or just set the sysctl tcp_stdurg). 5024 */ 5025 5026static void tcp_check_urg(struct sock *sk, struct tcphdr *th) 5027{ 5028 struct tcp_sock *tp = tcp_sk(sk); 5029 u32 ptr = ntohs(th->urg_ptr); 5030 5031 if (ptr && !sysctl_tcp_stdurg) 5032 ptr--; 5033 ptr += ntohl(th->seq); 5034 5035 /* Ignore urgent data that we've already seen and read. */ 5036 if (after(tp->copied_seq, ptr)) 5037 return; 5038 5039 /* Do not replay urg ptr. 5040 * 5041 * NOTE: interesting situation not covered by specs. 5042 * Misbehaving sender may send urg ptr, pointing to segment, 5043 * which we already have in ofo queue. We are not able to fetch 5044 * such data and will stay in TCP_URG_NOTYET until will be eaten 5045 * by recvmsg(). Seems, we are not obliged to handle such wicked 5046 * situations. But it is worth to think about possibility of some 5047 * DoSes using some hypothetical application level deadlock. 5048 */ 5049 if (before(ptr, tp->rcv_nxt)) 5050 return; 5051 5052 /* Do we already have a newer (or duplicate) urgent pointer? */ 5053 if (tp->urg_data && !after(ptr, tp->urg_seq)) 5054 return; 5055 5056 /* Tell the world about our new urgent pointer. */ 5057 sk_send_sigurg(sk); 5058 5059 /* We may be adding urgent data when the last byte read was 5060 * urgent. To do this requires some care. We cannot just ignore 5061 * tp->copied_seq since we would read the last urgent byte again 5062 * as data, nor can we alter copied_seq until this data arrives 5063 * or we break the semantics of SIOCATMARK (and thus sockatmark()) 5064 * 5065 * NOTE. Double Dutch. Rendering to plain English: author of comment 5066 * above did something sort of send("A", MSG_OOB); send("B", MSG_OOB); 5067 * and expect that both A and B disappear from stream. This is _wrong_. 5068 * Though this happens in BSD with high probability, this is occasional. 5069 * Any application relying on this is buggy. Note also, that fix "works" 5070 * only in this artificial test. Insert some normal data between A and B and we will 5071 * decline of BSD again. Verdict: it is better to remove to trap 5072 * buggy users. 5073 */ 5074 if (tp->urg_seq == tp->copied_seq && tp->urg_data && 5075 !sock_flag(sk, SOCK_URGINLINE) && tp->copied_seq != tp->rcv_nxt) { 5076 struct sk_buff *skb = skb_peek(&sk->sk_receive_queue); 5077 tp->copied_seq++; 5078 if (skb && !before(tp->copied_seq, TCP_SKB_CB(skb)->end_seq)) { 5079 __skb_unlink(skb, &sk->sk_receive_queue); 5080 __kfree_skb(skb); 5081 } 5082 } 5083 5084 tp->urg_data = TCP_URG_NOTYET; 5085 tp->urg_seq = ptr; 5086 5087 /* Disable header prediction. */ 5088 tp->pred_flags = 0; 5089} 5090 5091/* This is the 'fast' part of urgent handling. */ 5092static void tcp_urg(struct sock *sk, struct sk_buff *skb, struct tcphdr *th) 5093{ 5094 struct tcp_sock *tp = tcp_sk(sk); 5095 5096 /* Check if we get a new urgent pointer - normally not. */ 5097 if (th->urg) 5098 tcp_check_urg(sk, th); 5099 5100 /* Do we wait for any urgent data? - normally not... */ 5101 if (tp->urg_data == TCP_URG_NOTYET) { 5102 u32 ptr = tp->urg_seq - ntohl(th->seq) + (th->doff * 4) - 5103 th->syn; 5104 5105 /* Is the urgent pointer pointing into this packet? */ 5106 if (ptr < skb->len) { 5107 u8 tmp; 5108 if (skb_copy_bits(skb, ptr, &tmp, 1)) 5109 BUG(); 5110 tp->urg_data = TCP_URG_VALID | tmp; 5111 if (!sock_flag(sk, SOCK_DEAD)) 5112 sk->sk_data_ready(sk, 0); 5113 } 5114 } 5115} 5116 5117static int tcp_copy_to_iovec(struct sock *sk, struct sk_buff *skb, int hlen) 5118{ 5119 struct tcp_sock *tp = tcp_sk(sk); 5120 int chunk = skb->len - hlen; 5121 int err; 5122 5123 local_bh_enable(); 5124 if (skb_csum_unnecessary(skb)) 5125 err = skb_copy_datagram_iovec(skb, hlen, tp->ucopy.iov, chunk); 5126 else 5127 err = skb_copy_and_csum_datagram_iovec(skb, hlen, 5128 tp->ucopy.iov); 5129 5130 if (!err) { 5131 tp->ucopy.len -= chunk; 5132 tp->copied_seq += chunk; 5133 tcp_rcv_space_adjust(sk); 5134 } 5135 5136 local_bh_disable(); 5137 return err; 5138} 5139 5140static __sum16 __tcp_checksum_complete_user(struct sock *sk, 5141 struct sk_buff *skb) 5142{ 5143 __sum16 result; 5144 5145 if (sock_owned_by_user(sk)) { 5146 local_bh_enable(); 5147 result = __tcp_checksum_complete(skb); 5148 local_bh_disable(); 5149 } else { 5150 result = __tcp_checksum_complete(skb); 5151 } 5152 return result; 5153} 5154 5155static inline int tcp_checksum_complete_user(struct sock *sk, 5156 struct sk_buff *skb) 5157{ 5158 return !skb_csum_unnecessary(skb) && 5159 __tcp_checksum_complete_user(sk, skb); 5160} 5161 5162#ifdef CONFIG_NET_DMA 5163static int tcp_dma_try_early_copy(struct sock *sk, struct sk_buff *skb, 5164 int hlen) 5165{ 5166 struct tcp_sock *tp = tcp_sk(sk); 5167 int chunk = skb->len - hlen; 5168 int dma_cookie; 5169 int copied_early = 0; 5170 5171 if (tp->ucopy.wakeup) 5172 return 0; 5173 5174 if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list) 5175 tp->ucopy.dma_chan = dma_find_channel(DMA_MEMCPY); 5176 5177 if (tp->ucopy.dma_chan && skb_csum_unnecessary(skb)) { 5178 5179 dma_cookie = dma_skb_copy_datagram_iovec(tp->ucopy.dma_chan, 5180 skb, hlen, 5181 tp->ucopy.iov, chunk, 5182 tp->ucopy.pinned_list); 5183 5184 if (dma_cookie < 0) 5185 goto out; 5186 5187 tp->ucopy.dma_cookie = dma_cookie; 5188 copied_early = 1; 5189 5190 tp->ucopy.len -= chunk; 5191 tp->copied_seq += chunk; 5192 tcp_rcv_space_adjust(sk); 5193 5194 if ((tp->ucopy.len == 0) || 5195 (tcp_flag_word(tcp_hdr(skb)) & TCP_FLAG_PSH) || 5196 (atomic_read(&sk->sk_rmem_alloc) > (sk->sk_rcvbuf >> 1))) { 5197 tp->ucopy.wakeup = 1; 5198 sk->sk_data_ready(sk, 0); 5199 } 5200 } else if (chunk > 0) { 5201 tp->ucopy.wakeup = 1; 5202 sk->sk_data_ready(sk, 0); 5203 } 5204out: 5205 return copied_early; 5206} 5207#endif /* CONFIG_NET_DMA */ 5208 5209/* Does PAWS and seqno based validation of an incoming segment, flags will 5210 * play significant role here. 5211 */ 5212static int tcp_validate_incoming(struct sock *sk, struct sk_buff *skb, 5213 struct tcphdr *th, int syn_inerr) 5214{ 5215 u8 *hash_location; 5216 struct tcp_sock *tp = tcp_sk(sk); 5217 5218 /* RFC1323: H1. Apply PAWS check first. */ 5219 if (tcp_fast_parse_options(skb, th, tp, &hash_location) && 5220 tp->rx_opt.saw_tstamp && 5221 tcp_paws_discard(sk, skb)) { 5222 if (!th->rst) { 5223 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSESTABREJECTED); 5224 tcp_send_dupack(sk, skb); 5225 goto discard; 5226 } 5227 /* Reset is accepted even if it did not pass PAWS. */ 5228 } 5229 5230 /* Step 1: check sequence number */ 5231 if (!tcp_sequence(tp, TCP_SKB_CB(skb)->seq, TCP_SKB_CB(skb)->end_seq)) { 5232 /* RFC793, page 37: "In all states except SYN-SENT, all reset 5233 * (RST) segments are validated by checking their SEQ-fields." 5234 * And page 69: "If an incoming segment is not acceptable, 5235 * an acknowledgment should be sent in reply (unless the RST 5236 * bit is set, if so drop the segment and return)". 5237 */ 5238 if (!th->rst) 5239 tcp_send_dupack(sk, skb); 5240 goto discard; 5241 } 5242 5243 /* Step 2: check RST bit */ 5244 if (th->rst) { 5245 tcp_reset(sk); 5246 goto discard; 5247 } 5248 5249 /* ts_recent update must be made after we are sure that the packet 5250 * is in window. 5251 */ 5252 tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); 5253 5254 /* step 3: check security and precedence [ignored] */ 5255 5256 /* step 4: Check for a SYN in window. */ 5257 if (th->syn && !before(TCP_SKB_CB(skb)->seq, tp->rcv_nxt)) { 5258 if (syn_inerr) 5259 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS); 5260 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPABORTONSYN); 5261 tcp_reset(sk); 5262 return -1; 5263 } 5264 5265 return 1; 5266 5267discard: 5268 __kfree_skb(skb); 5269 return 0; 5270} 5271 5272/* 5273 * TCP receive function for the ESTABLISHED state. 5274 * 5275 * It is split into a fast path and a slow path. The fast path is 5276 * disabled when: 5277 * - A zero window was announced from us - zero window probing 5278 * is only handled properly in the slow path. 5279 * - Out of order segments arrived. 5280 * - Urgent data is expected. 5281 * - There is no buffer space left 5282 * - Unexpected TCP flags/window values/header lengths are received 5283 * (detected by checking the TCP header against pred_flags) 5284 * - Data is sent in both directions. Fast path only supports pure senders 5285 * or pure receivers (this means either the sequence number or the ack 5286 * value must stay constant) 5287 * - Unexpected TCP option. 5288 * 5289 * When these conditions are not satisfied it drops into a standard 5290 * receive procedure patterned after RFC793 to handle all cases. 5291 * The first three cases are guaranteed by proper pred_flags setting, 5292 * the rest is checked inline. Fast processing is turned on in 5293 * tcp_data_queue when everything is OK. 5294 */ 5295int tcp_rcv_established(struct sock *sk, struct sk_buff *skb, 5296 struct tcphdr *th, unsigned len) 5297{ 5298 struct tcp_sock *tp = tcp_sk(sk); 5299 int res; 5300 5301 /* 5302 * Header prediction. 5303 * The code loosely follows the one in the famous 5304 * "30 instruction TCP receive" Van Jacobson mail. 5305 * 5306 * Van's trick is to deposit buffers into socket queue 5307 * on a device interrupt, to call tcp_recv function 5308 * on the receive process context and checksum and copy 5309 * the buffer to user space. smart... 5310 * 5311 * Our current scheme is not silly either but we take the 5312 * extra cost of the net_bh soft interrupt processing... 5313 * We do checksum and copy also but from device to kernel. 5314 */ 5315 5316 tp->rx_opt.saw_tstamp = 0; 5317 5318 /* pred_flags is 0xS?10 << 16 + snd_wnd 5319 * if header_prediction is to be made 5320 * 'S' will always be tp->tcp_header_len >> 2 5321 * '?' will be 0 for the fast path, otherwise pred_flags is 0 to 5322 * turn it off (when there are holes in the receive 5323 * space for instance) 5324 * PSH flag is ignored. 5325 */ 5326 5327 if ((tcp_flag_word(th) & TCP_HP_BITS) == tp->pred_flags && 5328 TCP_SKB_CB(skb)->seq == tp->rcv_nxt && 5329 !after(TCP_SKB_CB(skb)->ack_seq, tp->snd_nxt)) { 5330 int tcp_header_len = tp->tcp_header_len; 5331 5332 /* Timestamp header prediction: tcp_header_len 5333 * is automatically equal to th->doff*4 due to pred_flags 5334 * match. 5335 */ 5336 5337 /* Check timestamp */ 5338 if (tcp_header_len == sizeof(struct tcphdr) + TCPOLEN_TSTAMP_ALIGNED) { 5339 /* No? Slow path! */ 5340 if (!tcp_parse_aligned_timestamp(tp, th)) 5341 goto slow_path; 5342 5343 /* If PAWS failed, check it more carefully in slow path */ 5344 if ((s32)(tp->rx_opt.rcv_tsval - tp->rx_opt.ts_recent) < 0) 5345 goto slow_path; 5346 5347 /* DO NOT update ts_recent here, if checksum fails 5348 * and timestamp was corrupted part, it will result 5349 * in a hung connection since we will drop all 5350 * future packets due to the PAWS test. 5351 */ 5352 } 5353 5354 if (len <= tcp_header_len) { 5355 /* Bulk data transfer: sender */ 5356 if (len == tcp_header_len) { 5357 /* Predicted packet is in window by definition. 5358 * seq == rcv_nxt and rcv_wup <= rcv_nxt. 5359 * Hence, check seq<=rcv_wup reduces to: 5360 */ 5361 if (tcp_header_len == 5362 (sizeof(struct tcphdr) + TCPOLEN_TSTAMP_ALIGNED) && 5363 tp->rcv_nxt == tp->rcv_wup) 5364 tcp_store_ts_recent(tp); 5365 5366 /* We know that such packets are checksummed 5367 * on entry. 5368 */ 5369 tcp_ack(sk, skb, 0); 5370 __kfree_skb(skb); 5371 tcp_data_snd_check(sk); 5372 return 0; 5373 } else { /* Header too small */ 5374 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS); 5375 goto discard; 5376 } 5377 } else { 5378 int eaten = 0; 5379 int copied_early = 0; 5380 5381 if (tp->copied_seq == tp->rcv_nxt && 5382 len - tcp_header_len <= tp->ucopy.len) { 5383#ifdef CONFIG_NET_DMA 5384 if (tcp_dma_try_early_copy(sk, skb, tcp_header_len)) { 5385 copied_early = 1; 5386 eaten = 1; 5387 } 5388#endif 5389 if (tp->ucopy.task == current && 5390 sock_owned_by_user(sk) && !copied_early) { 5391 __set_current_state(TASK_RUNNING); 5392 5393 if (!tcp_copy_to_iovec(sk, skb, tcp_header_len)) 5394 eaten = 1; 5395 } 5396 if (eaten) { 5397 /* Predicted packet is in window by definition. 5398 * seq == rcv_nxt and rcv_wup <= rcv_nxt. 5399 * Hence, check seq<=rcv_wup reduces to: 5400 */ 5401 if (tcp_header_len == 5402 (sizeof(struct tcphdr) + 5403 TCPOLEN_TSTAMP_ALIGNED) && 5404 tp->rcv_nxt == tp->rcv_wup) 5405 tcp_store_ts_recent(tp); 5406 5407 tcp_rcv_rtt_measure_ts(sk, skb); 5408 5409 __skb_pull(skb, tcp_header_len); 5410 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq; 5411 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPHPHITSTOUSER); 5412 } 5413 if (copied_early) 5414 tcp_cleanup_rbuf(sk, skb->len); 5415 } 5416 if (!eaten) { 5417 if (tcp_checksum_complete_user(sk, skb)) 5418 goto csum_error; 5419 5420 /* Predicted packet is in window by definition. 5421 * seq == rcv_nxt and rcv_wup <= rcv_nxt. 5422 * Hence, check seq<=rcv_wup reduces to: 5423 */ 5424 if (tcp_header_len == 5425 (sizeof(struct tcphdr) + TCPOLEN_TSTAMP_ALIGNED) && 5426 tp->rcv_nxt == tp->rcv_wup) 5427 tcp_store_ts_recent(tp); 5428 5429 tcp_rcv_rtt_measure_ts(sk, skb); 5430 5431 if ((int)skb->truesize > sk->sk_forward_alloc) 5432 goto step5; 5433 5434 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPHPHITS); 5435 5436 /* Bulk data transfer: receiver */ 5437 __skb_pull(skb, tcp_header_len); 5438 __skb_queue_tail(&sk->sk_receive_queue, skb); 5439 skb_set_owner_r(skb, sk); 5440 tp->rcv_nxt = TCP_SKB_CB(skb)->end_seq; 5441 } 5442 5443 tcp_event_data_recv(sk, skb); 5444 5445 if (TCP_SKB_CB(skb)->ack_seq != tp->snd_una) { 5446 /* Well, only one small jumplet in fast path... */ 5447 tcp_ack(sk, skb, FLAG_DATA); 5448 tcp_data_snd_check(sk); 5449 if (!inet_csk_ack_scheduled(sk)) 5450 goto no_ack; 5451 } 5452 5453 if (!copied_early || tp->rcv_nxt != tp->rcv_wup) 5454 __tcp_ack_snd_check(sk, 0); 5455no_ack: 5456#ifdef CONFIG_NET_DMA 5457 if (copied_early) 5458 __skb_queue_tail(&sk->sk_async_wait_queue, skb); 5459 else 5460#endif 5461 if (eaten) 5462 __kfree_skb(skb); 5463 else 5464 sk->sk_data_ready(sk, 0); 5465 return 0; 5466 } 5467 } 5468 5469slow_path: 5470 if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb)) 5471 goto csum_error; 5472 5473 /* 5474 * Standard slow path. 5475 */ 5476 5477 res = tcp_validate_incoming(sk, skb, th, 1); 5478 if (res <= 0) 5479 return -res; 5480 5481step5: 5482 if (th->ack && tcp_ack(sk, skb, FLAG_SLOWPATH) < 0) 5483 goto discard; 5484 5485 tcp_rcv_rtt_measure_ts(sk, skb); 5486 5487 /* Process urgent data. */ 5488 tcp_urg(sk, skb, th); 5489 5490 /* step 7: process the segment text */ 5491 tcp_data_queue(sk, skb); 5492 5493 tcp_data_snd_check(sk); 5494 tcp_ack_snd_check(sk); 5495 return 0; 5496 5497csum_error: 5498 TCP_INC_STATS_BH(sock_net(sk), TCP_MIB_INERRS); 5499 5500discard: 5501 __kfree_skb(skb); 5502 return 0; 5503} 5504EXPORT_SYMBOL(tcp_rcv_established); 5505 5506static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, 5507 struct tcphdr *th, unsigned len) 5508{ 5509 u8 *hash_location; 5510 struct inet_connection_sock *icsk = inet_csk(sk); 5511 struct tcp_sock *tp = tcp_sk(sk); 5512 struct tcp_cookie_values *cvp = tp->cookie_values; 5513 int saved_clamp = tp->rx_opt.mss_clamp; 5514 5515 tcp_parse_options(skb, &tp->rx_opt, &hash_location, 0); 5516 5517 if (th->ack) { 5518 /* rfc793: 5519 * "If the state is SYN-SENT then 5520 * first check the ACK bit 5521 * If the ACK bit is set 5522 * If SEG.ACK =< ISS, or SEG.ACK > SND.NXT, send 5523 * a reset (unless the RST bit is set, if so drop 5524 * the segment and return)" 5525 * 5526 * We do not send data with SYN, so that RFC-correct 5527 * test reduces to: 5528 */ 5529 if (TCP_SKB_CB(skb)->ack_seq != tp->snd_nxt) 5530 goto reset_and_undo; 5531 5532 if (tp->rx_opt.saw_tstamp && tp->rx_opt.rcv_tsecr && 5533 !between(tp->rx_opt.rcv_tsecr, tp->retrans_stamp, 5534 tcp_time_stamp)) { 5535 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSACTIVEREJECTED); 5536 goto reset_and_undo; 5537 } 5538 5539 /* Now ACK is acceptable. 5540 * 5541 * "If the RST bit is set 5542 * If the ACK was acceptable then signal the user "error: 5543 * connection reset", drop the segment, enter CLOSED state, 5544 * delete TCB, and return." 5545 */ 5546 5547 if (th->rst) { 5548 tcp_reset(sk); 5549 goto discard; 5550 } 5551 5552 /* rfc793: 5553 * "fifth, if neither of the SYN or RST bits is set then 5554 * drop the segment and return." 5555 * 5556 * See note below! 5557 * --ANK(990513) 5558 */ 5559 if (!th->syn) 5560 goto discard_and_undo; 5561 5562 /* rfc793: 5563 * "If the SYN bit is on ... 5564 * are acceptable then ... 5565 * (our SYN has been ACKed), change the connection 5566 * state to ESTABLISHED..." 5567 */ 5568 5569 TCP_ECN_rcv_synack(tp, th); 5570 5571 tp->snd_wl1 = TCP_SKB_CB(skb)->seq; 5572 tcp_ack(sk, skb, FLAG_SLOWPATH); 5573 5574 /* Ok.. it's good. Set up sequence numbers and 5575 * move to established. 5576 */ 5577 tp->rcv_nxt = TCP_SKB_CB(skb)->seq + 1; 5578 tp->rcv_wup = TCP_SKB_CB(skb)->seq + 1; 5579 5580 /* RFC1323: The window in SYN & SYN/ACK segments is 5581 * never scaled. 5582 */ 5583 tp->snd_wnd = ntohs(th->window); 5584 tcp_init_wl(tp, TCP_SKB_CB(skb)->seq); 5585 5586 if (!tp->rx_opt.wscale_ok) { 5587 tp->rx_opt.snd_wscale = tp->rx_opt.rcv_wscale = 0; 5588 tp->window_clamp = min(tp->window_clamp, 65535U); 5589 } 5590 5591 if (tp->rx_opt.saw_tstamp) { 5592 tp->rx_opt.tstamp_ok = 1; 5593 tp->tcp_header_len = 5594 sizeof(struct tcphdr) + TCPOLEN_TSTAMP_ALIGNED; 5595 tp->advmss -= TCPOLEN_TSTAMP_ALIGNED; 5596 tcp_store_ts_recent(tp); 5597 } else { 5598 tp->tcp_header_len = sizeof(struct tcphdr); 5599 } 5600 5601 if (tcp_is_sack(tp) && sysctl_tcp_fack) 5602 tcp_enable_fack(tp); 5603 5604 tcp_mtup_init(sk); 5605 tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); 5606 tcp_initialize_rcv_mss(sk); 5607 5608 /* Remember, tcp_poll() does not lock socket! 5609 * Change state from SYN-SENT only after copied_seq 5610 * is initialized. */ 5611 tp->copied_seq = tp->rcv_nxt; 5612 5613 if (cvp != NULL && 5614 cvp->cookie_pair_size > 0 && 5615 tp->rx_opt.cookie_plus > 0) { 5616 int cookie_size = tp->rx_opt.cookie_plus 5617 - TCPOLEN_COOKIE_BASE; 5618 int cookie_pair_size = cookie_size 5619 + cvp->cookie_desired; 5620 5621 /* A cookie extension option was sent and returned. 5622 * Note that each incoming SYNACK replaces the 5623 * Responder cookie. The initial exchange is most 5624 * fragile, as protection against spoofing relies 5625 * entirely upon the sequence and timestamp (above). 5626 * This replacement strategy allows the correct pair to 5627 * pass through, while any others will be filtered via 5628 * Responder verification later. 5629 */ 5630 if (sizeof(cvp->cookie_pair) >= cookie_pair_size) { 5631 memcpy(&cvp->cookie_pair[cvp->cookie_desired], 5632 hash_location, cookie_size); 5633 cvp->cookie_pair_size = cookie_pair_size; 5634 } 5635 } 5636 5637 smp_mb(); 5638 tcp_set_state(sk, TCP_ESTABLISHED); 5639 5640 security_inet_conn_established(sk, skb); 5641 5642 /* Make sure socket is routed, for correct metrics. */ 5643 icsk->icsk_af_ops->rebuild_header(sk); 5644 5645 tcp_init_metrics(sk); 5646 5647 tcp_init_congestion_control(sk); 5648 5649 /* Prevent spurious tcp_cwnd_restart() on first data 5650 * packet. 5651 */ 5652 tp->lsndtime = tcp_time_stamp; 5653 5654 tcp_init_buffer_space(sk); 5655 5656 if (sock_flag(sk, SOCK_KEEPOPEN)) 5657 inet_csk_reset_keepalive_timer(sk, keepalive_time_when(tp)); 5658 5659 if (!tp->rx_opt.snd_wscale) 5660 __tcp_fast_path_on(tp, tp->snd_wnd); 5661 else 5662 tp->pred_flags = 0; 5663 5664 if (!sock_flag(sk, SOCK_DEAD)) { 5665 sk->sk_state_change(sk); 5666 sk_wake_async(sk, SOCK_WAKE_IO, POLL_OUT); 5667 } 5668 5669 if (sk->sk_write_pending || 5670 icsk->icsk_accept_queue.rskq_defer_accept || 5671 icsk->icsk_ack.pingpong) { 5672 /* Save one ACK. Data will be ready after 5673 * several ticks, if write_pending is set. 5674 * 5675 * It may be deleted, but with this feature tcpdumps 5676 * look so _wonderfully_ clever, that I was not able 5677 * to stand against the temptation 8) --ANK 5678 */ 5679 inet_csk_schedule_ack(sk); 5680 icsk->icsk_ack.lrcvtime = tcp_time_stamp; 5681 icsk->icsk_ack.ato = TCP_ATO_MIN; 5682 tcp_incr_quickack(sk); 5683 tcp_enter_quickack_mode(sk); 5684 inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK, 5685 TCP_DELACK_MAX, TCP_RTO_MAX); 5686 5687discard: 5688 __kfree_skb(skb); 5689 return 0; 5690 } else { 5691 tcp_send_ack(sk); 5692 } 5693 return -1; 5694 } 5695 5696 /* No ACK in the segment */ 5697 5698 if (th->rst) { 5699 /* rfc793: 5700 * "If the RST bit is set 5701 * 5702 * Otherwise (no ACK) drop the segment and return." 5703 */ 5704 5705 goto discard_and_undo; 5706 } 5707 5708 /* PAWS check. */ 5709 if (tp->rx_opt.ts_recent_stamp && tp->rx_opt.saw_tstamp && 5710 tcp_paws_reject(&tp->rx_opt, 0)) 5711 goto discard_and_undo; 5712 5713 if (th->syn) { 5714 /* We see SYN without ACK. It is attempt of 5715 * simultaneous connect with crossed SYNs. 5716 * Particularly, it can be connect to self. 5717 */ 5718 tcp_set_state(sk, TCP_SYN_RECV); 5719 5720 if (tp->rx_opt.saw_tstamp) { 5721 tp->rx_opt.tstamp_ok = 1; 5722 tcp_store_ts_recent(tp); 5723 tp->tcp_header_len = 5724 sizeof(struct tcphdr) + TCPOLEN_TSTAMP_ALIGNED; 5725 } else { 5726 tp->tcp_header_len = sizeof(struct tcphdr); 5727 } 5728 5729 tp->rcv_nxt = TCP_SKB_CB(skb)->seq + 1; 5730 tp->rcv_wup = TCP_SKB_CB(skb)->seq + 1; 5731 5732 /* RFC1323: The window in SYN & SYN/ACK segments is 5733 * never scaled. 5734 */ 5735 tp->snd_wnd = ntohs(th->window); 5736 tp->snd_wl1 = TCP_SKB_CB(skb)->seq; 5737 tp->max_window = tp->snd_wnd; 5738 5739 TCP_ECN_rcv_syn(tp, th); 5740 5741 tcp_mtup_init(sk); 5742 tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); 5743 tcp_initialize_rcv_mss(sk); 5744 5745 tcp_send_synack(sk); 5746#if 0 5747 /* Note, we could accept data and URG from this segment. 5748 * There are no obstacles to make this. 5749 * 5750 * However, if we ignore data in ACKless segments sometimes, 5751 * we have no reasons to accept it sometimes. 5752 * Also, seems the code doing it in step6 of tcp_rcv_state_process 5753 * is not flawless. So, discard packet for sanity. 5754 * Uncomment this return to process the data. 5755 */ 5756 return -1; 5757#else 5758 goto discard; 5759#endif 5760 } 5761 /* "fifth, if neither of the SYN or RST bits is set then 5762 * drop the segment and return." 5763 */ 5764 5765discard_and_undo: 5766 tcp_clear_options(&tp->rx_opt); 5767 tp->rx_opt.mss_clamp = saved_clamp; 5768 goto discard; 5769 5770reset_and_undo: 5771 tcp_clear_options(&tp->rx_opt); 5772 tp->rx_opt.mss_clamp = saved_clamp; 5773 return 1; 5774} 5775 5776/* 5777 * This function implements the receiving procedure of RFC 793 for 5778 * all states except ESTABLISHED and TIME_WAIT. 5779 * It's called from both tcp_v4_rcv and tcp_v6_rcv and should be 5780 * address independent. 5781 */ 5782 5783int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, 5784 struct tcphdr *th, unsigned len) 5785{ 5786 struct tcp_sock *tp = tcp_sk(sk); 5787 struct inet_connection_sock *icsk = inet_csk(sk); 5788 int queued = 0; 5789 int res; 5790 5791 tp->rx_opt.saw_tstamp = 0; 5792 5793 switch (sk->sk_state) { 5794 case TCP_CLOSE: 5795 goto discard; 5796 5797 case TCP_LISTEN: 5798 if (th->ack) 5799 return 1; 5800 5801 if (th->rst) 5802 goto discard; 5803 5804 if (th->syn) { 5805 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) 5806 return 1; 5807 5808 /* Now we have several options: In theory there is 5809 * nothing else in the frame. KA9Q has an option to 5810 * send data with the syn, BSD accepts data with the 5811 * syn up to the [to be] advertised window and 5812 * Solaris 2.1 gives you a protocol error. For now 5813 * we just ignore it, that fits the spec precisely 5814 * and avoids incompatibilities. It would be nice in 5815 * future to drop through and process the data. 5816 * 5817 * Now that TTCP is starting to be used we ought to 5818 * queue this data. 5819 * But, this leaves one open to an easy denial of 5820 * service attack, and SYN cookies can't defend 5821 * against this problem. So, we drop the data 5822 * in the interest of security over speed unless 5823 * it's still in use. 5824 */ 5825 kfree_skb(skb); 5826 return 0; 5827 } 5828 goto discard; 5829 5830 case TCP_SYN_SENT: 5831 queued = tcp_rcv_synsent_state_process(sk, skb, th, len); 5832 if (queued >= 0) 5833 return queued; 5834 5835 /* Do step6 onward by hand. */ 5836 tcp_urg(sk, skb, th); 5837 __kfree_skb(skb); 5838 tcp_data_snd_check(sk); 5839 return 0; 5840 } 5841 5842 res = tcp_validate_incoming(sk, skb, th, 0); 5843 if (res <= 0) 5844 return -res; 5845 5846 /* step 5: check the ACK field */ 5847 if (th->ack) { 5848 int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0; 5849 5850 switch (sk->sk_state) { 5851 case TCP_SYN_RECV: 5852 if (acceptable) { 5853 tp->copied_seq = tp->rcv_nxt; 5854 smp_mb(); 5855 tcp_set_state(sk, TCP_ESTABLISHED); 5856 sk->sk_state_change(sk); 5857 5858 /* Note, that this wakeup is only for marginal 5859 * crossed SYN case. Passively open sockets 5860 * are not waked up, because sk->sk_sleep == 5861 * NULL and sk->sk_socket == NULL. 5862 */ 5863 if (sk->sk_socket) 5864 sk_wake_async(sk, 5865 SOCK_WAKE_IO, POLL_OUT); 5866 5867 tp->snd_una = TCP_SKB_CB(skb)->ack_seq; 5868 tp->snd_wnd = ntohs(th->window) << 5869 tp->rx_opt.snd_wscale; 5870 tcp_init_wl(tp, TCP_SKB_CB(skb)->seq); 5871 5872 if (tp->rx_opt.tstamp_ok) 5873 tp->advmss -= TCPOLEN_TSTAMP_ALIGNED; 5874 5875 /* Make sure socket is routed, for 5876 * correct metrics. 5877 */ 5878 icsk->icsk_af_ops->rebuild_header(sk); 5879 5880 tcp_init_metrics(sk); 5881 5882 tcp_init_congestion_control(sk); 5883 5884 /* Prevent spurious tcp_cwnd_restart() on 5885 * first data packet. 5886 */ 5887 tp->lsndtime = tcp_time_stamp; 5888 5889 tcp_mtup_init(sk); 5890 tcp_initialize_rcv_mss(sk); 5891 tcp_init_buffer_space(sk); 5892 tcp_fast_path_on(tp); 5893 } else { 5894 return 1; 5895 } 5896 break; 5897 5898 case TCP_FIN_WAIT1: 5899 if (tp->snd_una == tp->write_seq) { 5900 tcp_set_state(sk, TCP_FIN_WAIT2); 5901 sk->sk_shutdown |= SEND_SHUTDOWN; 5902 dst_confirm(__sk_dst_get(sk)); 5903 5904 if (!sock_flag(sk, SOCK_DEAD)) 5905 /* Wake up lingering close() */ 5906 sk->sk_state_change(sk); 5907 else { 5908 int tmo; 5909 5910 if (tp->linger2 < 0 || 5911 (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq && 5912 after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt))) { 5913 tcp_done(sk); 5914 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPABORTONDATA); 5915 return 1; 5916 } 5917 5918 tmo = tcp_fin_time(sk); 5919 if (tmo > TCP_TIMEWAIT_LEN) { 5920 inet_csk_reset_keepalive_timer(sk, tmo - TCP_TIMEWAIT_LEN); 5921 } else if (th->fin || sock_owned_by_user(sk)) { 5922 /* Bad case. We could lose such FIN otherwise. 5923 * It is not a big problem, but it looks confusing 5924 * and not so rare event. We still can lose it now, 5925 * if it spins in bh_lock_sock(), but it is really 5926 * marginal case. 5927 */ 5928 inet_csk_reset_keepalive_timer(sk, tmo); 5929 } else { 5930 tcp_time_wait(sk, TCP_FIN_WAIT2, tmo); 5931 goto discard; 5932 } 5933 } 5934 } 5935 break; 5936 5937 case TCP_CLOSING: 5938 if (tp->snd_una == tp->write_seq) { 5939 tcp_time_wait(sk, TCP_TIME_WAIT, 0); 5940 goto discard; 5941 } 5942 break; 5943 5944 case TCP_LAST_ACK: 5945 if (tp->snd_una == tp->write_seq) { 5946 tcp_update_metrics(sk); 5947 tcp_done(sk); 5948 goto discard; 5949 } 5950 break; 5951 } 5952 } else 5953 goto discard; 5954 5955 /* step 6: check the URG bit */ 5956 tcp_urg(sk, skb, th); 5957 5958 /* step 7: process the segment text */ 5959 switch (sk->sk_state) { 5960 case TCP_CLOSE_WAIT: 5961 case TCP_CLOSING: 5962 case TCP_LAST_ACK: 5963 if (!before(TCP_SKB_CB(skb)->seq, tp->rcv_nxt)) 5964 break; 5965 case TCP_FIN_WAIT1: 5966 case TCP_FIN_WAIT2: 5967 /* RFC 793 says to queue data in these states, 5968 * RFC 1122 says we MUST send a reset. 5969 * BSD 4.4 also does reset. 5970 */ 5971 if (sk->sk_shutdown & RCV_SHUTDOWN) { 5972 if (TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq && 5973 after(TCP_SKB_CB(skb)->end_seq - th->fin, tp->rcv_nxt)) { 5974 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPABORTONDATA); 5975 tcp_reset(sk); 5976 return 1; 5977 } 5978 } 5979 /* Fall through */ 5980 case TCP_ESTABLISHED: 5981 tcp_data_queue(sk, skb); 5982 queued = 1; 5983 break; 5984 } 5985 5986 /* tcp_data could move socket to TIME-WAIT */ 5987 if (sk->sk_state != TCP_CLOSE) { 5988 tcp_data_snd_check(sk); 5989 tcp_ack_snd_check(sk); 5990 } 5991 5992 if (!queued) { 5993discard: 5994 __kfree_skb(skb); 5995 } 5996 return 0; 5997} 5998EXPORT_SYMBOL(tcp_rcv_state_process); 5999