Cross Reference: /freebsd-10.1-release/sys/netinet/tcp

Deleted Added

sdiff udiff text old ( 86744 ) new ( 86764 )

full compact

tcp_input.c (86744)	tcp_input.c (86764)
1/* 2 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994, 1995 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)tcp_input.c 8.12 (Berkeley) 5/24/95	1/* 2 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994, 1995 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)tcp_input.c 8.12 (Berkeley) 5/24/95
34 * $FreeBSD: head/sys/netinet/tcp_input.c 86744 2001-11-21 18:45:51Z jlemon $	34 * $FreeBSD: head/sys/netinet/tcp_input.c 86764 2001-11-22 04:50:44Z jlemon $
35 / 36 37#include "opt_ipfw.h" / for ipfw_fwd / 38#include "opt_inet6.h" 39#include "opt_ipsec.h" 40#include "opt_tcpdebug.h" 41#include "opt_tcp_input.h" 42 --- 72 unchanged lines hidden* (view full) --- 115SYSCTL_INT(_net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_RW, 116 &blackhole, 0, "Do not send RST when dropping refused connections"); 117 118int tcp_delack_enabled = 1; 119SYSCTL_INT(_net_inet_tcp, OID_AUTO, delayed_ack, CTLFLAG_RW, 120 &tcp_delack_enabled, 0, 121 "Delay ACK to try and piggyback it onto a data packet"); 122	35 / 36 37#include "opt_ipfw.h" / for ipfw_fwd / 38#include "opt_inet6.h" 39#include "opt_ipsec.h" 40#include "opt_tcpdebug.h" 41#include "opt_tcp_input.h" 42 --- 72 unchanged lines hidden* (view full) --- 115SYSCTL_INT(_net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_RW, 116 &blackhole, 0, "Do not send RST when dropping refused connections"); 117 118int tcp_delack_enabled = 1; 119SYSCTL_INT(_net_inet_tcp, OID_AUTO, delayed_ack, CTLFLAG_RW, 120 &tcp_delack_enabled, 0, 121 "Delay ACK to try and piggyback it onto a data packet"); 122
123int tcp_lq_overflow = 1; 124SYSCTL_INT(_net_inet_tcp, OID_AUTO, tcp_lq_overflow, CTLFLAG_RW, 125 &tcp_lq_overflow, 0, 126 "Listen Queue Overflow"); 127
128#ifdef TCP_DROP_SYNFIN 129static int drop_synfin = 0; 130SYSCTL_INT(_net_inet_tcp, OID_AUTO, drop_synfin, CTLFLAG_RW, 131 &drop_synfin, 0, "Drop TCP packets with SYN+FIN set"); 132#endif 133 134struct inpcbhead tcb; 135#define tcb6 tcb /* for KAME src sync over BSD's / 136struct inpcbinfo tcbinfo; 137	123#ifdef TCP_DROP_SYNFIN 124static int drop_synfin = 0; 125SYSCTL_INT(_net_inet_tcp, OID_AUTO, drop_synfin, CTLFLAG_RW, 126 &drop_synfin, 0, "Drop TCP packets with SYN+FIN set"); 127#endif 128 129struct inpcbhead tcb; 130#define tcb6 tcb /* for KAME src sync over BSD's / 131struct inpcbinfo tcbinfo; 132
138static void tcp_dooptions __P((struct tcpcb , 139* u_char , int, struct tcphdr , struct tcpopt *));	133static void tcp_dooptions __P((struct tcpopt , u_char , int, int));
140static void tcp_pulloutofband __P((struct socket *,	134static void tcp_pulloutofband __P((struct socket *,
141 struct tcphdr , struct mbuf , int));	135 struct tcphdr , struct mbuf , int));
142static int tcp_reass __P((struct tcpcb , struct tcphdr , int , 143* struct mbuf )); 144static void tcp_xmit_timer __P((struct tcpcb , int)); 145static int tcp_newreno __P((struct tcpcb , struct tcphdr )); 146 147/* Neighbor Discovery, Neighbor Unreachability Detection Upper layer hint. / 148#ifdef INET6 149#define ND6_HINT(tp) \ --- 189 unchanged lines hidden* (view full) --- 339 u_char optp = NULL; 340* int optlen = 0; 341 int len, tlen, off; 342 int drop_hdrlen; 343 register struct tcpcb tp = 0; 344* register int thflags; 345 struct socket so = 0; 346* int todrop, acked, ourfinisacked, needoutput = 0;	136static int tcp_reass __P((struct tcpcb , struct tcphdr , int , 137* struct mbuf )); 138static void tcp_xmit_timer __P((struct tcpcb , int)); 139static int tcp_newreno __P((struct tcpcb , struct tcphdr )); 140 141/* Neighbor Discovery, Neighbor Unreachability Detection Upper layer hint. / 142#ifdef INET6 143#define ND6_HINT(tp) \ --- 189 unchanged lines hidden* (view full) --- 333 u_char optp = NULL; 334* int optlen = 0; 335 int len, tlen, off; 336 int drop_hdrlen; 337 register struct tcpcb tp = 0; 338* register int thflags; 339 struct socket so = 0; 340* int todrop, acked, ourfinisacked, needoutput = 0;
347 struct in_addr laddr; 348#ifdef INET6 349 struct in6_addr laddr6; 350#endif 351 int dropsocket = 0;
352 int iss = 0; 353 u_long tiwin; 354 struct tcpopt to; /* options in this segment / 355* struct rmxp_tao taop; / pointer to our TAO cache entry / 356* struct rmxp_tao tao_noncached; /* in case there's no cached entry / 357#ifdef TCPDEBUG 358* short ostate = 0; 359#endif --- 278 unchanged lines hidden (view full) --- 638 /* Unscale the window into a 32-bit value. / 639* if ((thflags & TH_SYN) == 0) 640 tiwin = th->th_win << tp->snd_scale; 641 else 642 tiwin = th->th_win; 643 644 so = inp->inp_socket; 645 if (so->so_options & (SO_DEBUG\|SO_ACCEPTCONN)) {	341 int iss = 0; 342 u_long tiwin; 343 struct tcpopt to; /* options in this segment / 344* struct rmxp_tao taop; / pointer to our TAO cache entry / 345* struct rmxp_tao tao_noncached; /* in case there's no cached entry / 346#ifdef TCPDEBUG 347* short ostate = 0; 348#endif --- 278 unchanged lines hidden (view full) --- 627 /* Unscale the window into a 32-bit value. / 628* if ((thflags & TH_SYN) == 0) 629 tiwin = th->th_win << tp->snd_scale; 630 else 631 tiwin = th->th_win; 632 633 so = inp->inp_socket; 634 if (so->so_options & (SO_DEBUG\|SO_ACCEPTCONN)) {
	635 struct in_conninfo inc;
646#ifdef TCPDEBUG 647 if (so->so_options & SO_DEBUG) { 648 ostate = tp->t_state; 649#ifdef INET6 650 if (isipv6) 651 bcopy((char )ip6, (char )tcp_saveipgen, 652 sizeof(ip6)); 653* else 654#endif /* INET6 / 655* bcopy((char )ip, (char )tcp_saveipgen, sizeof(ip)); 656* tcp_savetcp = th; 657* } 658#endif	636#ifdef TCPDEBUG 637 if (so->so_options & SO_DEBUG) { 638 ostate = tp->t_state; 639#ifdef INET6 640 if (isipv6) 641 bcopy((char )ip6, (char )tcp_saveipgen, 642 sizeof(ip6)); 643* else 644#endif /* INET6 / 645* bcopy((char )ip, (char )tcp_saveipgen, sizeof(ip)); 646* tcp_savetcp = th; 647* } 648#endif
659 if (so->so_options & SO_ACCEPTCONN) { 660 register struct tcpcb tp0 = tp; 661* struct socket so2; 662#ifdef IPSEC 663* struct socket oso; 664*#endif	649 /* skip if this isn't a listen socket / 650* if ((so->so_options & SO_ACCEPTCONN) == 0) 651 goto after_listen;
665#ifdef INET6	652#ifdef INET6
666 struct inpcb *oinp = sotoinpcb(so);	653 inc.inc_isipv6 = isipv6; 654 if (isipv6) { 655 inc.inc6_faddr = ip6->ip6_src; 656 inc.inc6_laddr = ip6->ip6_dst; 657 inc.inc6_route.ro_rt = NULL; /* XXX / 658* 659 } else
667#endif /* INET6 */	660#endif /* INET6 */
	661 { 662 inc.inc_faddr = ip->ip_src; 663 inc.inc_laddr = ip->ip_dst; 664 inc.inc_route.ro_rt = NULL; /* XXX / 665* } 666 inc.inc_fport = th->th_sport; 667 inc.inc_lport = th->th_dport;
668	668
669#ifndef IPSEC 670 /* 671 * Current IPsec implementation makes incorrect IPsec 672 * cache if this check is done here. 673 * So delay this until duplicated socket is created. 674 / 675* if ((thflags & (TH_RST\|TH_ACK\|TH_SYN)) != TH_SYN) { 676 /* 677 * Note: dropwithreset makes sure we don't 678 * send a RST in response to a RST. 679 / 680* if (thflags & TH_ACK) {	669 /* 670 * If the state is LISTEN then ignore segment if it contains 671 * a RST. If the segment contains an ACK then it is bad and 672 * send a RST. If it does not contain a SYN then it is not 673 * interesting; drop it. 674 * 675 * If the state is SYN_RECEIVED (syncache) and seg contains 676 * an ACK, but not for our SYN/ACK, send a RST. If the seg 677 * contains a RST, check the sequence number to see if it 678 * is a valid reset segment. 679 / 680* if ((thflags & (TH_RST\|TH_ACK\|TH_SYN)) != TH_SYN) { 681 if ((thflags & (TH_RST\|TH_ACK\|TH_SYN)) == TH_ACK) { 682 if (!syncache_expand(&inc, th, &so, m)) { 683 /* 684 * No syncache entry, or ACK was not 685 * for our SYN/ACK. Send a RST. 686 */
681 tcpstat.tcps_badsyn++; 682 rstreason = BANDLIM_RST_OPENPORT; 683 goto dropwithreset; 684 }	687 tcpstat.tcps_badsyn++; 688 rstreason = BANDLIM_RST_OPENPORT; 689 goto dropwithreset; 690 }
	691 if (so == NULL) 692 /* 693 * Could not complete 3-way handshake, 694 * connection is being closed down, and 695 * syncache will free mbuf. 696 / 697* return; 698 /* 699 * Socket is created in state SYN_RECEIVED. 700 * Continue processing segment. 701 / 702* inp = sotoinpcb(so); 703 tp = intotcpcb(inp); 704 /* 705 * This is what would have happened in 706 * tcp_ouput() when the SYN,ACK was sent. 707 / 708* tp->snd_up = tp->snd_una; 709 tp->snd_max = tp->snd_nxt = tp->iss + 1; 710 tp->last_ack_sent = tp->rcv_nxt; 711/* 712 * XXX possible bug - it doesn't appear that tp->snd_wnd is unscaled 713 * until the _second_ ACK is received: 714 * rcv SYN (set wscale opts) --> send SYN/ACK, set snd_wnd = window. 715 * rcv ACK, calculate tiwin --> process SYN_RECEIVED, determine wscale, 716 * move to ESTAB, set snd_wnd to tiwin. 717 / 718* tp->snd_wnd = tiwin; /* unscaled / 719* goto after_listen; 720 } 721 if (thflags & TH_RST) { 722 syncache_chkrst(&inc, th);
685 goto drop; 686 }	723 goto drop; 724 }
687#endif	725 if (thflags & TH_ACK) { 726 syncache_badack(&inc); 727 tcpstat.tcps_badsyn++; 728 rstreason = BANDLIM_RST_OPENPORT; 729 goto dropwithreset; 730 } 731 goto drop; 732 }
688	733
	734 /* 735 * Segment's flags are (SYN) or (SYN\|FIN). 736 */
689#ifdef INET6	737#ifdef INET6
690 /* 691 * If deprecated address is forbidden, 692 * we do not accept SYN to deprecated interface 693 * address to prevent any new inbound connection from 694 * getting established. 695 * When we do not accept SYN, we send a TCP RST, 696 * with deprecated source address (instead of dropping 697 * it). We compromise it as it is much better for peer 698 * to send a RST, and RST will be the final packet 699 * for the exchange. 700 * 701 * If we do not forbid deprecated addresses, we accept 702 * the SYN packet. RFC2462 does not suggest dropping 703 * SYN in this case. 704 * If we decipher RFC2462 5.5.4, it says like this: 705 * 1. use of deprecated addr with existing 706 * communication is okay - "SHOULD continue to be 707 * used" 708 * 2. use of it with new communication: 709 * (2a) "SHOULD NOT be used if alternate address 710 * with sufficient scope is available" 711 * (2b) nothing mentioned otherwise. 712 * Here we fall into (2b) case as we have no choice in 713 * our source address selection - we must obey the peer. 714 * 715 * The wording in RFC2462 is confusing, and there are 716 * multiple description text for deprecated address 717 * handling - worse, they are not exactly the same. 718 * I believe 5.5.4 is the best one, so we follow 5.5.4. 719 / 720* if (isipv6 && !ip6_use_deprecated) { 721 struct in6_ifaddr *ia6;	738 /* 739 * If deprecated address is forbidden, 740 * we do not accept SYN to deprecated interface 741 * address to prevent any new inbound connection from 742 * getting established. 743 * When we do not accept SYN, we send a TCP RST, 744 * with deprecated source address (instead of dropping 745 * it). We compromise it as it is much better for peer 746 * to send a RST, and RST will be the final packet 747 * for the exchange. 748 * 749 * If we do not forbid deprecated addresses, we accept 750 * the SYN packet. RFC2462 does not suggest dropping 751 * SYN in this case. 752 * If we decipher RFC2462 5.5.4, it says like this: 753 * 1. use of deprecated addr with existing 754 * communication is okay - "SHOULD continue to be 755 * used" 756 * 2. use of it with new communication: 757 * (2a) "SHOULD NOT be used if alternate address 758 * with sufficient scope is available" 759 * (2b) nothing mentioned otherwise. 760 * Here we fall into (2b) case as we have no choice in 761 * our source address selection - we must obey the peer. 762 * 763 * The wording in RFC2462 is confusing, and there are 764 * multiple description text for deprecated address 765 * handling - worse, they are not exactly the same. 766 * I believe 5.5.4 is the best one, so we follow 5.5.4. 767 / 768* if (isipv6 && !ip6_use_deprecated) { 769 struct in6_ifaddr *ia6;
722	770
723 if ((ia6 = ip6_getdstifaddr(m)) && 724 (ia6->ia6_flags & IN6_IFF_DEPRECATED)) { 725 tp = NULL; 726 rstreason = BANDLIM_RST_OPENPORT; 727 goto dropwithreset; 728 }	771 if ((ia6 = ip6_getdstifaddr(m)) && 772 (ia6->ia6_flags & IN6_IFF_DEPRECATED)) { 773 tp = NULL; 774 rstreason = BANDLIM_RST_OPENPORT; 775 goto dropwithreset;
729 }	776 }
	777 }
730#endif	778#endif
731 732 so2 = sonewconn(so, 0); 733 if (so2 == 0) { 734 /* 735 * If we were unable to create a new socket 736 * for this SYN, we call sodropablereq to 737 * see if there are any other sockets we 738 * can kick out of the listen queue. If 739 * so, we'll silently drop the socket 740 * sodropablereq told us to drop and 741 * create a new one. 742 * 743 * If sodropablereq returns 0, we'll 744 * simply drop the incoming SYN, as we 745 * can not allocate a socket for it. 746 / 747* tcpstat.tcps_listendrop++; 748 so2 = sodropablereq(so); 749 if (so2) { 750 if (tcp_lq_overflow) 751 sototcpcb(so2)->t_flags \|= 752 TF_LQ_OVERFLOW; 753 tcp_close(sototcpcb(so2)); 754 so2 = sonewconn(so, 0); 755 } 756 if (!so2) 757 goto drop; 758 } 759#ifdef IPSEC 760 oso = so; 761#endif 762 so = so2; 763 /* 764 * This is ugly, but .... 765 * 766 * Mark socket as temporary until we're 767 * committed to keeping it. The code at 768 * ``drop'' and ``dropwithreset'' check the 769 * flag dropsocket to see if the temporary 770 * socket created here should be discarded. 771 * We mark the socket as discardable until 772 * we're committed to it below in TCPS_LISTEN. 773 / 774* dropsocket++; 775 inp = (struct inpcb *)so->so_pcb;	779 /* 780 * If it is from this socket, drop it, it must be forged. 781 * Don't bother responding if the destination was a broadcast. 782 / 783* if (th->th_dport == th->th_sport) {
776#ifdef INET6	784#ifdef INET6
777 if (isipv6) 778 inp->in6p_laddr = ip6->ip6_dst; 779 else { 780 inp->inp_vflag &= ~INP_IPV6; 781 inp->inp_vflag \|= INP_IPV4;	785 if (isipv6) { 786 if (IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, 787 &ip6->ip6_src)) 788 goto drop; 789 } else
782#endif /* INET6 */	790#endif /* INET6 */
783 inp->inp_laddr = ip->ip_dst;	791 if (ip->ip_dst.s_addr == ip->ip_src.s_addr) 792 goto drop; 793 } 794 /* 795 * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN 796 * in_broadcast() should never return true on a received 797 * packet with M_BCAST not set. 798 * 799 * Packets with a multicast source address should also 800 * be discarded. 801 / 802* if (m->m_flags & (M_BCAST\|M_MCAST)) 803 goto drop;
784#ifdef INET6	804#ifdef INET6
785 } 786#endif /* INET6 / 787* inp->inp_lport = th->th_dport; 788 if (in_pcbinshash(inp) != 0) {	805 if (isipv6) { 806 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) \|\| 807 IN6_IS_ADDR_MULTICAST(&ip6->ip6_src)) 808 goto drop; 809 } else 810#endif 811 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) \|\| 812 IN_MULTICAST(ntohl(ip->ip_src.s_addr)) \|\| 813 ip->ip_src.s_addr == htonl(INADDR_BROADCAST)) 814 goto drop; 815 /* 816 * SYN appears to be valid; create compressed TCP state 817 * for syncache, or perform t/tcp connection. 818 / 819* if (so->so_qlen <= so->so_qlimit) { 820 tcp_dooptions(&to, optp, optlen, 1); 821 if (!syncache_add(&inc, &to, th, &so, m)) 822 goto drop; 823 if (so == NULL)
789 /*	824 /*
790 * Undo the assignments above if we failed to 791 * put the PCB on the hash lists.	825 * Entry added to syncache, mbuf used to 826 * send SYN,ACK packet.
792 */	827 */
793#ifdef INET6 794 if (isipv6) 795 inp->in6p_laddr = in6addr_any; 796 else 797#endif /* INET6 / 798* inp->inp_laddr.s_addr = INADDR_ANY; 799 inp->inp_lport = 0; 800 goto drop; 801 } 802#ifdef IPSEC	828 return;
803 /*	829 /*
804 * To avoid creating incorrectly cached IPsec 805 * association, this is need to be done here. 806 * 807 * Subject: (KAME-snap 748) 808 * From: Wayne Knowles <w.knowles@niwa.cri.nz> 809 * ftp://ftp.kame.net/pub/mail-list/snap-users/748	830 * Segment passed TAO tests.
810 */	831 */
811 if ((thflags & (TH_RST\|TH_ACK\|TH_SYN)) != TH_SYN) { 812 /* 813 * Note: dropwithreset makes sure we don't 814 * send a RST in response to a RST. 815 / 816* if (thflags & TH_ACK) { 817 tcpstat.tcps_badsyn++; 818 rstreason = BANDLIM_RST_OPENPORT; 819 goto dropwithreset; 820 } 821 goto drop; 822 }	832 inp = sotoinpcb(so); 833 tp = intotcpcb(inp); 834 tp->snd_wnd = tiwin; 835 tp->t_starttime = ticks; 836 tp->t_state = TCPS_ESTABLISHED; 837 838 /* 839 * If there is a FIN, or if there is data and the 840 * connection is local, then delay SYN,ACK(SYN) in 841 * the hope of piggy-backing it on a response 842 * segment. Otherwise must send ACK now in case 843 * the other side is slow starting. 844 / 845* if (DELAY_ACK(tp) && ((thflags & TH_FIN) \|\| 846 (tlen != 0 && 847#ifdef INET6 848 ((isipv6 && in6_localaddr(&inp->in6p_faddr)) 849 \|\| 850 (!isipv6 &&
823#endif	851#endif
	852 in_localaddr(inp->inp_faddr)
824#ifdef INET6	853#ifdef INET6
825 if (isipv6) { 826 /* 827 * Inherit socket options from the listening 828 * socket. 829 * Note that in6p_inputopts are not (even 830 * should not be) copied, since it stores 831 * previously received options and is used to 832 * detect if each new option is different than 833 * the previous one and hence should be passed 834 * to a user. 835 * If we copied in6p_inputopts, a user would 836 * not be able to receive options just after 837 * calling the accept system call. 838 / 839* inp->inp_flags \|= 840 oinp->inp_flags & INP_CONTROLOPTS; 841 if (oinp->in6p_outputopts) 842 inp->in6p_outputopts = 843 ip6_copypktopts(oinp->in6p_outputopts, 844 M_NOWAIT); 845 } else 846#endif /* INET6 / 847* inp->inp_options = ip_srcroute(); 848#ifdef IPSEC 849 /* copy old policy into new socket's / 850* if (ipsec_copy_policy(sotoinpcb(oso)->inp_sp, 851 inp->inp_sp)) 852 printf("tcp_input: could not copy policy\n");	854 ))
853#endif	855#endif
854 tp = intotcpcb(inp); 855 tp->t_state = TCPS_LISTEN; 856 tp->t_flags \|= tp0->t_flags & (TF_NOPUSH\|TF_NOOPT);	856 ))) { 857 callout_reset(tp->tt_delack, tcp_delacktime, 858 tcp_timer_delack, tp); 859 tp->t_flags \|= TF_NEEDSYN; 860 } else 861 tp->t_flags \|= (TF_ACKNOW \| TF_NEEDSYN);
857	862
858 /* Compute proper scaling value from buffer space / 859* while (tp->request_r_scale < TCP_MAX_WINSHIFT && 860 TCP_MAXWIN << tp->request_r_scale < 861 so->so_rcv.sb_hiwat) 862 tp->request_r_scale++;	863 tcpstat.tcps_connects++; 864 soisconnected(so); 865 goto trimthenstep6;
863 }	866 }
	867 goto drop;
864 }	868 }
	869after_listen:
865	870
	871/* XXX temp debugging / 872* /* should not happen - syncache should pick up these connections / 873* if (tp->t_state == TCPS_LISTEN) 874 panic("tcp_input: TCPS_LISTEN"); 875
866 /* 867 * Segment received on connection. 868 * Reset idle time and keep-alive timer. 869 / 870* tp->t_rcvtime = ticks; 871 if (TCPS_HAVEESTABLISHED(tp->t_state)) 872 callout_reset(tp->tt_keep, tcp_keepidle, tcp_timer_keep, tp); 873 874 /*	876 /* 877 * Segment received on connection. 878 * Reset idle time and keep-alive timer. 879 / 880* tp->t_rcvtime = ticks; 881 if (TCPS_HAVEESTABLISHED(tp->t_state)) 882 callout_reset(tp->tt_keep, tcp_keepidle, tcp_timer_keep, tp); 883 884 /*
875 * Process options if not in LISTEN state, 876 * else do it below (after getting remote address).	885 * Process options. 886 * XXX this is tradtitional behavior, may need to be cleaned up.
877 */	887 */
878 if (tp->t_state != TCPS_LISTEN) 879 tcp_dooptions(tp, optp, optlen, th, &to);	888 tcp_dooptions(&to, optp, optlen, thflags & TH_SYN); 889 if (thflags & TH_SYN) { 890 if (to.to_flags & TOF_SCALE) { 891 tp->t_flags \|= TF_RCVD_SCALE; 892 tp->requested_s_scale = to.to_requested_s_scale; 893 } 894 if (to.to_flags & TOF_TS) { 895 tp->t_flags \|= TF_RCVD_TSTMP; 896 tp->ts_recent = to.to_tsval; 897 tp->ts_recent_age = ticks; 898 } 899 if (to.to_flags & (TOF_CC\|TOF_CCNEW)) 900 tp->t_flags \|= TF_RCVD_CC; 901 if (to.to_flags & TOF_MSS) 902 tcp_mss(tp, to.to_mss); 903 }
880 881 /* 882 * Header prediction: check for the two common cases 883 * of a uni-directional data xfer. If the packet has 884 * no control flags, is in-sequence, the window didn't 885 * change and we're not retransmitting, it's a 886 * candidate. If the length is zero and the ack moved 887 * forward, we're the sender side of the xfer. Just --- 5 unchanged lines hidden (view full) --- 893 * the socket buffer and note that we need a delayed ack. 894 * Make sure that the hidden state-flags are also off. 895 * Since we check for TCPS_ESTABLISHED above, it can only 896 * be TH_NEEDSYN. 897 / 898* if (tp->t_state == TCPS_ESTABLISHED && 899 (thflags & (TH_SYN\|TH_FIN\|TH_RST\|TH_URG\|TH_ACK)) == TH_ACK && 900 ((tp->t_flags & (TF_NEEDSYN\|TF_NEEDFIN)) == 0) &&	904 905 /* 906 * Header prediction: check for the two common cases 907 * of a uni-directional data xfer. If the packet has 908 * no control flags, is in-sequence, the window didn't 909 * change and we're not retransmitting, it's a 910 * candidate. If the length is zero and the ack moved 911 * forward, we're the sender side of the xfer. Just --- 5 unchanged lines hidden (view full) --- 917 * the socket buffer and note that we need a delayed ack. 918 * Make sure that the hidden state-flags are also off. 919 * Since we check for TCPS_ESTABLISHED above, it can only 920 * be TH_NEEDSYN. 921 / 922* if (tp->t_state == TCPS_ESTABLISHED && 923 (thflags & (TH_SYN\|TH_FIN\|TH_RST\|TH_URG\|TH_ACK)) == TH_ACK && 924 ((tp->t_flags & (TF_NEEDSYN\|TF_NEEDFIN)) == 0) &&
901 ((to.to_flag & TOF_TS) == 0 \|\|	925 ((to.to_flags & TOF_TS) == 0 \|\|
902 TSTMP_GEQ(to.to_tsval, tp->ts_recent)) && 903 /* 904 * Using the CC option is compulsory if once started: 905 * the segment is OK if no T/TCP was negotiated or 906 * if the segment has a CC option equal to CCrecv 907 / 908* ((tp->t_flags & (TF_REQ_CC\|TF_RCVD_CC)) != (TF_REQ_CC\|TF_RCVD_CC) \|\|	926 TSTMP_GEQ(to.to_tsval, tp->ts_recent)) && 927 /* 928 * Using the CC option is compulsory if once started: 929 * the segment is OK if no T/TCP was negotiated or 930 * if the segment has a CC option equal to CCrecv 931 / 932* ((tp->t_flags & (TF_REQ_CC\|TF_RCVD_CC)) != (TF_REQ_CC\|TF_RCVD_CC) \|\|
909 ((to.to_flag & TOF_CC) != 0 && to.to_cc == tp->cc_recv)) &&	933 ((to.to_flags & TOF_CC) != 0 && to.to_cc == tp->cc_recv)) &&
910 th->th_seq == tp->rcv_nxt && 911 tiwin && tiwin == tp->snd_wnd && 912 tp->snd_nxt == tp->snd_max) { 913 914 /* 915 * If last ACK falls within this segment's sequence numbers, 916 * record the timestamp. 917 * NOTE that the test is modified according to the latest 918 * proposal of the tcplw@cray.com list (Braden 1993/04/26). 919 */	934 th->th_seq == tp->rcv_nxt && 935 tiwin && tiwin == tp->snd_wnd && 936 tp->snd_nxt == tp->snd_max) { 937 938 /* 939 * If last ACK falls within this segment's sequence numbers, 940 * record the timestamp. 941 * NOTE that the test is modified according to the latest 942 * proposal of the tcplw@cray.com list (Braden 1993/04/26). 943 */
920 if ((to.to_flag & TOF_TS) != 0 &&	944 if ((to.to_flags & TOF_TS) != 0 &&
921 SEQ_LEQ(th->th_seq, tp->last_ack_sent)) { 922 tp->ts_recent_age = ticks; 923 tp->ts_recent = to.to_tsval; 924 } 925 926 if (tlen == 0) { 927 if (SEQ_GT(th->th_ack, tp->snd_una) && 928 SEQ_LEQ(th->th_ack, tp->snd_max) && --- 9 unchanged lines hidden (view full) --- 938 if (tp->t_rxtshift == 1 && 939 ticks < tp->t_badrxtwin) { 940 tp->snd_cwnd = tp->snd_cwnd_prev; 941 tp->snd_ssthresh = 942 tp->snd_ssthresh_prev; 943 tp->snd_nxt = tp->snd_max; 944 tp->t_badrxtwin = 0; 945 }	945 SEQ_LEQ(th->th_seq, tp->last_ack_sent)) { 946 tp->ts_recent_age = ticks; 947 tp->ts_recent = to.to_tsval; 948 } 949 950 if (tlen == 0) { 951 if (SEQ_GT(th->th_ack, tp->snd_una) && 952 SEQ_LEQ(th->th_ack, tp->snd_max) && --- 9 unchanged lines hidden (view full) --- 962 if (tp->t_rxtshift == 1 && 963 ticks < tp->t_badrxtwin) { 964 tp->snd_cwnd = tp->snd_cwnd_prev; 965 tp->snd_ssthresh = 966 tp->snd_ssthresh_prev; 967 tp->snd_nxt = tp->snd_max; 968 tp->t_badrxtwin = 0; 969 }
946 if ((to.to_flag & TOF_TS) != 0)	970 if ((to.to_flags & TOF_TS) != 0)
947 tcp_xmit_timer(tp, 948 ticks - to.to_tsecr + 1); 949 else if (tp->t_rtttime && 950 SEQ_GT(th->th_ack, tp->t_rtseq)) 951 tcp_xmit_timer(tp, ticks - tp->t_rtttime); 952 acked = th->th_ack - tp->snd_una; 953 tcpstat.tcps_rcvackpack++; 954 tcpstat.tcps_rcvackbyte += acked; --- 65 unchanged lines hidden (view full) --- 1020 if (win < 0) 1021 win = 0; 1022 tp->rcv_wnd = imax(win, (int)(tp->rcv_adv - tp->rcv_nxt)); 1023 } 1024 1025 switch (tp->t_state) { 1026 1027 /*	971 tcp_xmit_timer(tp, 972 ticks - to.to_tsecr + 1); 973 else if (tp->t_rtttime && 974 SEQ_GT(th->th_ack, tp->t_rtseq)) 975 tcp_xmit_timer(tp, ticks - tp->t_rtttime); 976 acked = th->th_ack - tp->snd_una; 977 tcpstat.tcps_rcvackpack++; 978 tcpstat.tcps_rcvackbyte += acked; --- 65 unchanged lines hidden (view full) --- 1044 if (win < 0) 1045 win = 0; 1046 tp->rcv_wnd = imax(win, (int)(tp->rcv_adv - tp->rcv_nxt)); 1047 } 1048 1049 switch (tp->t_state) { 1050 1051 /*
1028 * If the state is LISTEN then ignore segment if it contains an RST. 1029 * If the segment contains an ACK then it is bad and send a RST. 1030 * If it does not contain a SYN then it is not interesting; drop it. 1031 * If it is from this socket, drop it, it must be forged. 1032 * Don't bother responding if the destination was a broadcast. 1033 * Otherwise initialize tp->rcv_nxt, and tp->irs, select an initial 1034 * tp->iss, and send a segment: 1035 * <SEQ=ISS><ACK=RCV_NXT><CTL=SYN,ACK> 1036 * Also initialize tp->snd_nxt to tp->iss+1 and tp->snd_una to tp->iss. 1037 * Fill in remote peer address fields if not previously specified. 1038 * Enter SYN_RECEIVED state, and process any other fields of this 1039 * segment in this state. 1040 / 1041* case TCPS_LISTEN: { 1042 register struct sockaddr_in sin; 1043#ifdef INET6 1044* register struct sockaddr_in6 sin6; 1045#endif 1046* 1047 if (thflags & TH_RST) 1048 goto drop; 1049 if (thflags & TH_ACK) { 1050 rstreason = BANDLIM_RST_OPENPORT; 1051 goto dropwithreset; 1052 } 1053 if ((thflags & TH_SYN) == 0) 1054 goto drop; 1055 if (th->th_dport == th->th_sport) { 1056#ifdef INET6 1057 if (isipv6) { 1058 if (IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, 1059 &ip6->ip6_src)) 1060 goto drop; 1061 } else 1062#endif /* INET6 / 1063* if (ip->ip_dst.s_addr == ip->ip_src.s_addr) 1064 goto drop; 1065 } 1066 /* 1067 * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN 1068 * in_broadcast() should never return true on a received 1069 * packet with M_BCAST not set. 1070 * 1071 * Packets with a multicast source address should also 1072 * be discarded. 1073 / 1074* if (m->m_flags & (M_BCAST\|M_MCAST)) 1075 goto drop; 1076#ifdef INET6 1077 if (isipv6) { 1078 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) \|\| 1079 IN6_IS_ADDR_MULTICAST(&ip6->ip6_src)) 1080 goto drop; 1081 } else 1082#endif 1083 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) \|\| 1084 IN_MULTICAST(ntohl(ip->ip_src.s_addr)) \|\| 1085 ip->ip_src.s_addr == htonl(INADDR_BROADCAST)) 1086 goto drop; 1087#ifdef INET6 1088 if (isipv6) { 1089 MALLOC(sin6, struct sockaddr_in6 , sizeof sin6, 1090 M_SONAME, M_NOWAIT \| M_ZERO); 1091 if (sin6 == NULL) 1092 goto drop; 1093 sin6->sin6_family = AF_INET6; 1094 sin6->sin6_len = sizeof(sin6); 1095* sin6->sin6_addr = ip6->ip6_src; 1096 sin6->sin6_port = th->th_sport; 1097 laddr6 = inp->in6p_laddr; 1098 if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) 1099 inp->in6p_laddr = ip6->ip6_dst; 1100 if (in6_pcbconnect(inp, (struct sockaddr )sin6, 1101* thread0)) { 1102 inp->in6p_laddr = laddr6; 1103 FREE(sin6, M_SONAME); 1104 goto drop; 1105 } 1106 FREE(sin6, M_SONAME); 1107 } else 1108#endif 1109 { 1110 MALLOC(sin, struct sockaddr_in , sizeof sin, M_SONAME, 1111 M_NOWAIT); 1112 if (sin == NULL) 1113 goto drop; 1114 sin->sin_family = AF_INET; 1115 sin->sin_len = sizeof(sin); 1116* sin->sin_addr = ip->ip_src; 1117 sin->sin_port = th->th_sport; 1118 bzero((caddr_t)sin->sin_zero, sizeof(sin->sin_zero)); 1119 laddr = inp->inp_laddr; 1120 if (inp->inp_laddr.s_addr == INADDR_ANY) 1121 inp->inp_laddr = ip->ip_dst; 1122 if (in_pcbconnect(inp, (struct sockaddr )sin, thread0)) { 1123* inp->inp_laddr = laddr; 1124 FREE(sin, M_SONAME); 1125 goto drop; 1126 } 1127 FREE(sin, M_SONAME); 1128 } 1129 if ((taop = tcp_gettaocache(inp)) == NULL) { 1130 taop = &tao_noncached; 1131 bzero(taop, sizeof(taop)); 1132* } 1133 tcp_dooptions(tp, optp, optlen, th, &to); 1134 if (iss) 1135 tp->iss = iss; 1136 else { 1137 tp->iss = tcp_new_isn(tp); 1138 } 1139 tp->irs = th->th_seq; 1140 tcp_sendseqinit(tp); 1141 tcp_rcvseqinit(tp); 1142 /* 1143 * Initialization of the tcpcb for transaction; 1144 * set SND.WND = SEG.WND, 1145 * initialize CCsend and CCrecv. 1146 / 1147* tp->snd_wnd = tiwin; /* initial send-window / 1148* tp->cc_send = CC_INC(tcp_ccgen); 1149 tp->cc_recv = to.to_cc; 1150 /* 1151 * Perform TAO test on incoming CC (SEG.CC) option, if any. 1152 * - compare SEG.CC against cached CC from the same host, 1153 * if any. 1154 * - if SEG.CC > chached value, SYN must be new and is accepted 1155 * immediately: save new CC in the cache, mark the socket 1156 * connected, enter ESTABLISHED state, turn on flag to 1157 * send a SYN in the next segment. 1158 * A virtual advertised window is set in rcv_adv to 1159 * initialize SWS prevention. Then enter normal segment 1160 * processing: drop SYN, process data and FIN. 1161 * - otherwise do a normal 3-way handshake. 1162 / 1163* if ((to.to_flag & TOF_CC) != 0) { 1164 if (((tp->t_flags & TF_NOPUSH) != 0) && 1165 taop->tao_cc != 0 && CC_GT(to.to_cc, taop->tao_cc)) { 1166 1167 taop->tao_cc = to.to_cc; 1168 tp->t_starttime = ticks; 1169 tp->t_state = TCPS_ESTABLISHED; 1170 1171 /* 1172 * If there is a FIN, or if there is data and the 1173 * connection is local, then delay SYN,ACK(SYN) in 1174 * the hope of piggy-backing it on a response 1175 * segment. Otherwise must send ACK now in case 1176 * the other side is slow starting. 1177 / 1178* if (DELAY_ACK(tp) && ((thflags & TH_FIN) \|\| 1179 (tlen != 0 && 1180#ifdef INET6 1181 ((isipv6 && in6_localaddr(&inp->in6p_faddr)) 1182 \|\| 1183 (!isipv6 && 1184#endif 1185 in_localaddr(inp->inp_faddr) 1186#ifdef INET6 1187 )) 1188#endif 1189 ))) { 1190 callout_reset(tp->tt_delack, tcp_delacktime, 1191 tcp_timer_delack, tp); 1192 tp->t_flags \|= TF_NEEDSYN; 1193 } else 1194 tp->t_flags \|= (TF_ACKNOW \| TF_NEEDSYN); 1195 1196 /* 1197 * Limit the `virtual advertised window' to TCP_MAXWIN 1198 * here. Even if we requested window scaling, it will 1199 * become effective only later when our SYN is acked. 1200 / 1201* tp->rcv_adv += min(tp->rcv_wnd, TCP_MAXWIN); 1202 tcpstat.tcps_connects++; 1203 soisconnected(so); 1204 callout_reset(tp->tt_keep, tcp_keepinit, 1205 tcp_timer_keep, tp); 1206 dropsocket = 0; /* committed to socket / 1207* tcpstat.tcps_accepts++; 1208 goto trimthenstep6; 1209 } 1210 /* else do standard 3-way handshake / 1211* } else { 1212 /* 1213 * No CC option, but maybe CC.NEW: 1214 * invalidate cached value. 1215 / 1216* taop->tao_cc = 0; 1217 } 1218 /* 1219 * TAO test failed or there was no CC option, 1220 * do a standard 3-way handshake. 1221 / 1222* tp->t_flags \|= TF_ACKNOW; 1223 tp->t_state = TCPS_SYN_RECEIVED; 1224 callout_reset(tp->tt_keep, tcp_keepinit, tcp_timer_keep, tp); 1225 dropsocket = 0; /* committed to socket / 1226* tcpstat.tcps_accepts++; 1227 goto trimthenstep6; 1228 } 1229 1230 /*
1231 * If the state is SYN_RECEIVED: 1232 * if seg contains an ACK, but not for our SYN/ACK, send a RST. 1233 / 1234* case TCPS_SYN_RECEIVED: 1235 if ((thflags & TH_ACK) && 1236 (SEQ_LEQ(th->th_ack, tp->snd_una) \|\| 1237 SEQ_GT(th->th_ack, tp->snd_max))) { 1238 rstreason = BANDLIM_RST_OPENPORT; --- 9 unchanged lines hidden (view full) --- 1248 * Otherwise this is an acceptable SYN segment 1249 * initialize tp->rcv_nxt and tp->irs 1250 * if seg contains ack then advance tp->snd_una 1251 * if SYN has been acked change to ESTABLISHED else SYN_RCVD state 1252 * arrange for segment to be acked (eventually) 1253 * continue processing rest of data/controls, beginning with URG 1254 / 1255* case TCPS_SYN_SENT:	1052 * If the state is SYN_RECEIVED: 1053 * if seg contains an ACK, but not for our SYN/ACK, send a RST. 1054 / 1055* case TCPS_SYN_RECEIVED: 1056 if ((thflags & TH_ACK) && 1057 (SEQ_LEQ(th->th_ack, tp->snd_una) \|\| 1058 SEQ_GT(th->th_ack, tp->snd_max))) { 1059 rstreason = BANDLIM_RST_OPENPORT; --- 9 unchanged lines hidden (view full) --- 1069 * Otherwise this is an acceptable SYN segment 1070 * initialize tp->rcv_nxt and tp->irs 1071 * if seg contains ack then advance tp->snd_una 1072 * if SYN has been acked change to ESTABLISHED else SYN_RCVD state 1073 * arrange for segment to be acked (eventually) 1074 * continue processing rest of data/controls, beginning with URG 1075 / 1076* case TCPS_SYN_SENT:
1256 if ((taop = tcp_gettaocache(inp)) == NULL) {	1077 if ((taop = tcp_gettaocache(&inp->inp_inc)) == NULL) {
1257 taop = &tao_noncached; 1258 bzero(taop, sizeof(taop)); 1259* } 1260 1261 if ((thflags & TH_ACK) && 1262 (SEQ_LEQ(th->th_ack, tp->iss) \|\| 1263 SEQ_GT(th->th_ack, tp->snd_max))) { 1264 /* --- 27 unchanged lines hidden (view full) --- 1292 /* 1293 * Our SYN was acked. If segment contains CC.ECHO 1294 * option, check it to make sure this segment really 1295 * matches our SYN. If not, just drop it as old 1296 * duplicate, but send an RST if we're still playing 1297 * by the old rules. If no CC.ECHO option, make sure 1298 * we don't get fooled into using T/TCP. 1299 */	1078 taop = &tao_noncached; 1079 bzero(taop, sizeof(taop)); 1080* } 1081 1082 if ((thflags & TH_ACK) && 1083 (SEQ_LEQ(th->th_ack, tp->iss) \|\| 1084 SEQ_GT(th->th_ack, tp->snd_max))) { 1085 /* --- 27 unchanged lines hidden (view full) --- 1113 /* 1114 * Our SYN was acked. If segment contains CC.ECHO 1115 * option, check it to make sure this segment really 1116 * matches our SYN. If not, just drop it as old 1117 * duplicate, but send an RST if we're still playing 1118 * by the old rules. If no CC.ECHO option, make sure 1119 * we don't get fooled into using T/TCP. 1120 */
1300 if (to.to_flag & TOF_CCECHO) {	1121 if (to.to_flags & TOF_CCECHO) {
1301 if (tp->cc_send != to.to_ccecho) { 1302 if (taop->tao_ccsent != 0) 1303 goto drop; 1304 else { 1305 rstreason = BANDLIM_UNLIMITED; 1306 goto dropwithreset; 1307 } 1308 } --- 45 unchanged lines hidden (view full) --- 1354 * a cached CC, apply TAO test; if it succeeds, connection is 1355 * half-synchronized. Otherwise, do 3-way handshake: 1356 * SYN-SENT -> SYN-RECEIVED 1357 * SYN-SENT* -> SYN-RECEIVED* 1358 * If there was no CC option, clear cached CC value. 1359 / 1360* tp->t_flags \|= TF_ACKNOW; 1361 callout_stop(tp->tt_rexmt);	1122 if (tp->cc_send != to.to_ccecho) { 1123 if (taop->tao_ccsent != 0) 1124 goto drop; 1125 else { 1126 rstreason = BANDLIM_UNLIMITED; 1127 goto dropwithreset; 1128 } 1129 } --- 45 unchanged lines hidden (view full) --- 1175 * a cached CC, apply TAO test; if it succeeds, connection is 1176 * half-synchronized. Otherwise, do 3-way handshake: 1177 * SYN-SENT -> SYN-RECEIVED 1178 * SYN-SENT* -> SYN-RECEIVED* 1179 * If there was no CC option, clear cached CC value. 1180 / 1181* tp->t_flags \|= TF_ACKNOW; 1182 callout_stop(tp->tt_rexmt);
1362 if (to.to_flag & TOF_CC) {	1183 if (to.to_flags & TOF_CC) {
1363 if (taop->tao_cc != 0 && 1364 CC_GT(to.to_cc, taop->tao_cc)) { 1365 /* 1366 * update cache and make transition: 1367 * SYN-SENT -> ESTABLISHED* 1368 * SYN-SENT* -> FIN-WAIT-1* 1369 / 1370* taop->tao_cc = to.to_cc; --- 58 unchanged lines hidden (view full) --- 1429 * 1430 * else must be old SYN; drop it. 1431 * else do normal processing. 1432 / 1433* case TCPS_LAST_ACK: 1434 case TCPS_CLOSING: 1435 case TCPS_TIME_WAIT: 1436 if ((thflags & TH_SYN) &&	1184 if (taop->tao_cc != 0 && 1185 CC_GT(to.to_cc, taop->tao_cc)) { 1186 /* 1187 * update cache and make transition: 1188 * SYN-SENT -> ESTABLISHED* 1189 * SYN-SENT* -> FIN-WAIT-1* 1190 / 1191* taop->tao_cc = to.to_cc; --- 58 unchanged lines hidden (view full) --- 1250 * 1251 * else must be old SYN; drop it. 1252 * else do normal processing. 1253 / 1254* case TCPS_LAST_ACK: 1255 case TCPS_CLOSING: 1256 case TCPS_TIME_WAIT: 1257 if ((thflags & TH_SYN) &&
1437 (to.to_flag & TOF_CC) && tp->cc_recv != 0) {	1258 (to.to_flags & TOF_CC) && tp->cc_recv != 0) {
1438 if (tp->t_state == TCPS_TIME_WAIT && 1439 (ticks - tp->t_starttime) > tcp_msl) { 1440 rstreason = BANDLIM_UNLIMITED; 1441 goto dropwithreset; 1442 } 1443 if (CC_GT(to.to_cc, tp->cc_recv)) { 1444 tp = tcp_close(tp); 1445 goto findpcb; --- 91 unchanged lines hidden (view full) --- 1537 } 1538 goto drop; 1539 } 1540 1541 /* 1542 * RFC 1323 PAWS: If we have a timestamp reply on this segment 1543 * and it's less than ts_recent, drop it. 1544 */	1259 if (tp->t_state == TCPS_TIME_WAIT && 1260 (ticks - tp->t_starttime) > tcp_msl) { 1261 rstreason = BANDLIM_UNLIMITED; 1262 goto dropwithreset; 1263 } 1264 if (CC_GT(to.to_cc, tp->cc_recv)) { 1265 tp = tcp_close(tp); 1266 goto findpcb; --- 91 unchanged lines hidden (view full) --- 1358 } 1359 goto drop; 1360 } 1361 1362 /* 1363 * RFC 1323 PAWS: If we have a timestamp reply on this segment 1364 * and it's less than ts_recent, drop it. 1365 */
1545 if ((to.to_flag & TOF_TS) != 0 && tp->ts_recent &&	1366 if ((to.to_flags & TOF_TS) != 0 && tp->ts_recent &&
1546 TSTMP_LT(to.to_tsval, tp->ts_recent)) { 1547 1548 /* Check to see if ts_recent is over 24 days old. / 1549* if ((int)(ticks - tp->ts_recent_age) > TCP_PAWS_IDLE) { 1550 /* 1551 * Invalidate ts_recent. If this segment updates 1552 * ts_recent, the age will be reset later and ts_recent 1553 * will get a valid value. If it does not, setting --- 15 unchanged lines hidden (view full) --- 1569 1570 /* 1571 * T/TCP mechanism 1572 * If T/TCP was negotiated and the segment doesn't have CC, 1573 * or if its CC is wrong then drop the segment. 1574 * RST segments do not have to comply with this. 1575 / 1576* if ((tp->t_flags & (TF_REQ_CC\|TF_RCVD_CC)) == (TF_REQ_CC\|TF_RCVD_CC) &&	1367 TSTMP_LT(to.to_tsval, tp->ts_recent)) { 1368 1369 /* Check to see if ts_recent is over 24 days old. / 1370* if ((int)(ticks - tp->ts_recent_age) > TCP_PAWS_IDLE) { 1371 /* 1372 * Invalidate ts_recent. If this segment updates 1373 * ts_recent, the age will be reset later and ts_recent 1374 * will get a valid value. If it does not, setting --- 15 unchanged lines hidden (view full) --- 1390 1391 /* 1392 * T/TCP mechanism 1393 * If T/TCP was negotiated and the segment doesn't have CC, 1394 * or if its CC is wrong then drop the segment. 1395 * RST segments do not have to comply with this. 1396 / 1397* if ((tp->t_flags & (TF_REQ_CC\|TF_RCVD_CC)) == (TF_REQ_CC\|TF_RCVD_CC) &&
1577 ((to.to_flag & TOF_CC) == 0 \|\| tp->cc_recv != to.to_cc))	1398 ((to.to_flags & TOF_CC) == 0 \|\| tp->cc_recv != to.to_cc))
1578 goto dropafterack; 1579 1580 /* 1581 * In the SYN-RECEIVED state, validate that the packet belongs to 1582 * this connection before trimming the data to fit the receive 1583 * window. Check the sequence number versus IRS since we know 1584 * the sequence numbers haven't wrapped. This is a partial fix 1585 * for the "LAND" DoS attack. --- 103 unchanged lines hidden (view full) --- 1689 } 1690 1691 /* 1692 * If last ACK falls within this segment's sequence numbers, 1693 * record its timestamp. 1694 * NOTE that the test is modified according to the latest 1695 * proposal of the tcplw@cray.com list (Braden 1993/04/26). 1696 */	1399 goto dropafterack; 1400 1401 /* 1402 * In the SYN-RECEIVED state, validate that the packet belongs to 1403 * this connection before trimming the data to fit the receive 1404 * window. Check the sequence number versus IRS since we know 1405 * the sequence numbers haven't wrapped. This is a partial fix 1406 * for the "LAND" DoS attack. --- 103 unchanged lines hidden (view full) --- 1510 } 1511 1512 /* 1513 * If last ACK falls within this segment's sequence numbers, 1514 * record its timestamp. 1515 * NOTE that the test is modified according to the latest 1516 * proposal of the tcplw@cray.com list (Braden 1993/04/26). 1517 */
1697 if ((to.to_flag & TOF_TS) != 0 &&	1518 if ((to.to_flags & TOF_TS) != 0 &&
1698 SEQ_LEQ(th->th_seq, tp->last_ack_sent)) { 1699 tp->ts_recent_age = ticks; 1700 tp->ts_recent = to.to_tsval; 1701 } 1702 1703 /* 1704 * If a SYN is in the window, then this is an 1705 * error and we send an RST and drop the connection. --- 37 unchanged lines hidden (view full) --- 1743 tp->snd_scale = tp->requested_s_scale; 1744 tp->rcv_scale = tp->request_r_scale; 1745 } 1746 /* 1747 * Upon successful completion of 3-way handshake, 1748 * update cache.CC if it was undefined, pass any queued 1749 * data to the user, and advance state appropriately. 1750 */	1519 SEQ_LEQ(th->th_seq, tp->last_ack_sent)) { 1520 tp->ts_recent_age = ticks; 1521 tp->ts_recent = to.to_tsval; 1522 } 1523 1524 /* 1525 * If a SYN is in the window, then this is an 1526 * error and we send an RST and drop the connection. --- 37 unchanged lines hidden (view full) --- 1564 tp->snd_scale = tp->requested_s_scale; 1565 tp->rcv_scale = tp->request_r_scale; 1566 } 1567 /* 1568 * Upon successful completion of 3-way handshake, 1569 * update cache.CC if it was undefined, pass any queued 1570 * data to the user, and advance state appropriately. 1571 */
1751 if ((taop = tcp_gettaocache(inp)) != NULL &&	1572 if ((taop = tcp_gettaocache(&inp->inp_inc)) != NULL &&
1752 taop->tao_cc == 0) 1753 taop->tao_cc = tp->cc_recv; 1754 1755 /* 1756 * Make transitions: 1757 * SYN-RECEIVED -> ESTABLISHED 1758 * SYN-RECEIVED* -> FIN-WAIT-1 1759 / --- 175 unchanged lines hidden* (view full) --- 1935 * If we have a timestamp reply, update smoothed 1936 * round trip time. If no timestamp is present but 1937 * transmit timer is running and timed sequence 1938 * number was acked, update smoothed round trip time. 1939 * Since we now have an rtt measurement, cancel the 1940 * timer backoff (cf., Phil Karn's retransmit alg.). 1941 * Recompute the initial retransmit timer. 1942 */	1573 taop->tao_cc == 0) 1574 taop->tao_cc = tp->cc_recv; 1575 1576 /* 1577 * Make transitions: 1578 * SYN-RECEIVED -> ESTABLISHED 1579 * SYN-RECEIVED* -> FIN-WAIT-1 1580 / --- 175 unchanged lines hidden* (view full) --- 1756 * If we have a timestamp reply, update smoothed 1757 * round trip time. If no timestamp is present but 1758 * transmit timer is running and timed sequence 1759 * number was acked, update smoothed round trip time. 1760 * Since we now have an rtt measurement, cancel the 1761 * timer backoff (cf., Phil Karn's retransmit alg.). 1762 * Recompute the initial retransmit timer. 1763 */
1943 if (to.to_flag & TOF_TS)	1764 if (to.to_flags & TOF_TS)
1944 tcp_xmit_timer(tp, ticks - to.to_tsecr + 1); 1945 else if (tp->t_rtttime && SEQ_GT(th->th_ack, tp->t_rtseq)) 1946 tcp_xmit_timer(tp, ticks - tp->t_rtttime); 1947 1948 /* 1949 * If all outstanding data is acked, stop retransmit 1950 * timer and remember to restart (more output or persist). 1951 * If there is more data to be acked, restart retransmit --- 414 unchanged lines hidden (view full) --- 2366 TH_RST); 2367 else { 2368 if (thflags & TH_SYN) 2369 tlen++; 2370 /* mtod() below is safe as long as hdr dropping is delayed / 2371* tcp_respond(tp, mtod(m, void ), th, m, th->th_seq+tlen, 2372* (tcp_seq)0, TH_RST\|TH_ACK); 2373 }	1765 tcp_xmit_timer(tp, ticks - to.to_tsecr + 1); 1766 else if (tp->t_rtttime && SEQ_GT(th->th_ack, tp->t_rtseq)) 1767 tcp_xmit_timer(tp, ticks - tp->t_rtttime); 1768 1769 /* 1770 * If all outstanding data is acked, stop retransmit 1771 * timer and remember to restart (more output or persist). 1772 * If there is more data to be acked, restart retransmit --- 414 unchanged lines hidden (view full) --- 2187 TH_RST); 2188 else { 2189 if (thflags & TH_SYN) 2190 tlen++; 2191 /* mtod() below is safe as long as hdr dropping is delayed / 2192* tcp_respond(tp, mtod(m, void ), th, m, th->th_seq+tlen, 2193* (tcp_seq)0, TH_RST\|TH_ACK); 2194 }
2374 /* destroy temporarily created socket / 2375* if (dropsocket) 2376 (void) soabort(so);
2377 return; 2378 2379drop: 2380 /* 2381 * Drop space held by incoming segment and return. 2382 / 2383#ifdef TCPDEBUG 2384* if (tp == 0 \|\| (tp->t_inpcb->inp_socket->so_options & SO_DEBUG)) 2385 tcp_trace(TA_DROP, ostate, tp, (void )tcp_saveipgen, 2386* &tcp_savetcp, 0); 2387#endif 2388 m_freem(m);	2195 return; 2196 2197drop: 2198 /* 2199 * Drop space held by incoming segment and return. 2200 / 2201#ifdef TCPDEBUG 2202* if (tp == 0 \|\| (tp->t_inpcb->inp_socket->so_options & SO_DEBUG)) 2203 tcp_trace(TA_DROP, ostate, tp, (void )tcp_saveipgen, 2204* &tcp_savetcp, 0); 2205#endif 2206 m_freem(m);
2389 /* destroy temporarily created socket / 2390* if (dropsocket) 2391 (void) soabort(so);
2392 return; 2393} 2394	2207 return; 2208} 2209
	2210/* 2211 * Parse TCP options and place in tcpopt. 2212 */
2395static void	2213static void
2396tcp_dooptions(tp, cp, cnt, th, to) 2397 struct tcpcb *tp;	2214tcp_dooptions(to, cp, cnt, is_syn) 2215 struct tcpopt *to;
2398 u_char cp; 2399* int cnt;	2216 u_char cp; 2217* int cnt;
2400 struct tcphdr th; 2401* struct tcpopt *to;
2402{	2218{
2403 u_short mss = 0;
2404 int opt, optlen; 2405	2219 int opt, optlen; 2220
	2221 to->to_flags = 0;
2406 for (; cnt > 0; cnt -= optlen, cp += optlen) { 2407 opt = cp[0]; 2408 if (opt == TCPOPT_EOL) 2409 break; 2410 if (opt == TCPOPT_NOP) 2411 optlen = 1; 2412 else { 2413 if (cnt < 2) 2414 break; 2415 optlen = cp[1]; 2416 if (optlen < 2 \|\| optlen > cnt) 2417 break; 2418 } 2419 switch (opt) {	2222 for (; cnt > 0; cnt -= optlen, cp += optlen) { 2223 opt = cp[0]; 2224 if (opt == TCPOPT_EOL) 2225 break; 2226 if (opt == TCPOPT_NOP) 2227 optlen = 1; 2228 else { 2229 if (cnt < 2) 2230 break; 2231 optlen = cp[1]; 2232 if (optlen < 2 \|\| optlen > cnt) 2233 break; 2234 } 2235 switch (opt) {
2420 2421 default: 2422 continue; 2423
2424 case TCPOPT_MAXSEG: 2425 if (optlen != TCPOLEN_MAXSEG) 2426 continue;	2236 case TCPOPT_MAXSEG: 2237 if (optlen != TCPOLEN_MAXSEG) 2238 continue;
2427 if (!(th->th_flags & TH_SYN))	2239 if (!is_syn)
2428 continue;	2240 continue;
2429 bcopy((char ) cp + 2, (char ) &mss, sizeof(mss)); 2430 NTOHS(mss);	2241 to->to_flags \|= TOF_MSS; 2242 bcopy((char )cp + 2, 2243* (char )&to->to_mss, sizeof(to->to_mss)); 2244* NTOHS(to->to_mss);
2431 break;	2245 break;
2432
2433 case TCPOPT_WINDOW: 2434 if (optlen != TCPOLEN_WINDOW) 2435 continue;	2246 case TCPOPT_WINDOW: 2247 if (optlen != TCPOLEN_WINDOW) 2248 continue;
2436 if (!(th->th_flags & TH_SYN))	2249 if (! is_syn)
2437 continue;	2250 continue;
2438 tp->t_flags \|= TF_RCVD_SCALE; 2439 tp->requested_s_scale = min(cp[2], TCP_MAX_WINSHIFT);	2251 to->to_flags \|= TOF_SCALE; 2252 to->to_requested_s_scale = min(cp[2], TCP_MAX_WINSHIFT);
2440 break;	2253 break;
2441
2442 case TCPOPT_TIMESTAMP: 2443 if (optlen != TCPOLEN_TIMESTAMP) 2444 continue;	2254 case TCPOPT_TIMESTAMP: 2255 if (optlen != TCPOLEN_TIMESTAMP) 2256 continue;
2445 to->to_flag \|= TOF_TS;	2257 to->to_flags \|= TOF_TS;
2446 bcopy((char )cp + 2, 2447* (char )&to->to_tsval, sizeof(to->to_tsval)); 2448* NTOHL(to->to_tsval); 2449 bcopy((char )cp + 6, 2450* (char )&to->to_tsecr, sizeof(to->to_tsecr)); 2451* NTOHL(to->to_tsecr);	2258 bcopy((char )cp + 2, 2259* (char )&to->to_tsval, sizeof(to->to_tsval)); 2260* NTOHL(to->to_tsval); 2261 bcopy((char )cp + 6, 2262* (char )&to->to_tsecr, sizeof(to->to_tsecr)); 2263* NTOHL(to->to_tsecr);
2452 2453 /* 2454 * A timestamp received in a SYN makes 2455 * it ok to send timestamp requests and replies. 2456 / 2457* if (th->th_flags & TH_SYN) { 2458 tp->t_flags \|= TF_RCVD_TSTMP; 2459 tp->ts_recent = to->to_tsval; 2460 tp->ts_recent_age = ticks; 2461 }
2462 break; 2463 case TCPOPT_CC: 2464 if (optlen != TCPOLEN_CC) 2465 continue;	2264 break; 2265 case TCPOPT_CC: 2266 if (optlen != TCPOLEN_CC) 2267 continue;
2466 to->to_flag \|= TOF_CC;	2268 to->to_flags \|= TOF_CC;
2467 bcopy((char )cp + 2, 2468* (char )&to->to_cc, sizeof(to->to_cc)); 2469* NTOHL(to->to_cc);	2269 bcopy((char )cp + 2, 2270* (char )&to->to_cc, sizeof(to->to_cc)); 2271* NTOHL(to->to_cc);
2470 /* 2471 * A CC or CC.new option received in a SYN makes 2472 * it ok to send CC in subsequent segments. 2473 / 2474* if (th->th_flags & TH_SYN) 2475 tp->t_flags \|= TF_RCVD_CC;
2476 break; 2477 case TCPOPT_CCNEW: 2478 if (optlen != TCPOLEN_CC) 2479 continue;	2272 break; 2273 case TCPOPT_CCNEW: 2274 if (optlen != TCPOLEN_CC) 2275 continue;
2480 if (!(th->th_flags & TH_SYN))	2276 if (!is_syn)
2481 continue;	2277 continue;
2482 to->to_flag \|= TOF_CCNEW;	2278 to->to_flags \|= TOF_CCNEW;
2483 bcopy((char )cp + 2, 2484* (char )&to->to_cc, sizeof(to->to_cc)); 2485* NTOHL(to->to_cc);	2279 bcopy((char )cp + 2, 2280* (char )&to->to_cc, sizeof(to->to_cc)); 2281* NTOHL(to->to_cc);
2486 /* 2487 * A CC or CC.new option received in a SYN makes 2488 * it ok to send CC in subsequent segments. 2489 / 2490* tp->t_flags \|= TF_RCVD_CC;
2491 break; 2492 case TCPOPT_CCECHO: 2493 if (optlen != TCPOLEN_CC) 2494 continue;	2282 break; 2283 case TCPOPT_CCECHO: 2284 if (optlen != TCPOLEN_CC) 2285 continue;
2495 if (!(th->th_flags & TH_SYN))	2286 if (!is_syn)
2496 continue;	2287 continue;
2497 to->to_flag \|= TOF_CCECHO;	2288 to->to_flags \|= TOF_CCECHO;
2498 bcopy((char )cp + 2, 2499* (char )&to->to_ccecho, sizeof(to->to_ccecho)); 2500* NTOHL(to->to_ccecho); 2501 break;	2289 bcopy((char )cp + 2, 2290* (char )&to->to_ccecho, sizeof(to->to_ccecho)); 2291* NTOHL(to->to_ccecho); 2292 break;
	2293 default: 2294 continue;
2502 } 2503 }	2295 } 2296 }
2504 if (th->th_flags & TH_SYN) 2505 tcp_mss(tp, mss); /* sets t_maxseg */
2506} 2507 2508/* 2509 * Pull out of band byte out of a segment so 2510 * it doesn't appear in the user's data queue. 2511 * It is still reflected in the segment length for 2512 * sequencing purposes. 2513 / --- 156 unchanged lines hidden* (view full) --- 2670 isipv6 = ((inp->inp_vflag & INP_IPV6) != 0) ? 1 : 0; 2671 min_protoh = isipv6 ? sizeof (struct ip6_hdr) + sizeof (struct tcphdr) 2672 : sizeof (struct tcpiphdr); 2673#else 2674#define min_protoh (sizeof (struct tcpiphdr)) 2675#endif 2676#ifdef INET6 2677 if (isipv6)	2297} 2298 2299/* 2300 * Pull out of band byte out of a segment so 2301 * it doesn't appear in the user's data queue. 2302 * It is still reflected in the segment length for 2303 * sequencing purposes. 2304 / --- 156 unchanged lines hidden* (view full) --- 2461 isipv6 = ((inp->inp_vflag & INP_IPV6) != 0) ? 1 : 0; 2462 min_protoh = isipv6 ? sizeof (struct ip6_hdr) + sizeof (struct tcphdr) 2463 : sizeof (struct tcpiphdr); 2464#else 2465#define min_protoh (sizeof (struct tcpiphdr)) 2466#endif 2467#ifdef INET6 2468 if (isipv6)
2678 rt = tcp_rtlookup6(inp);	2469 rt = tcp_rtlookup6(&inp->inp_inc);
2679 else 2680#endif	2470 else 2471#endif
2681 rt = tcp_rtlookup(inp);	2472 rt = tcp_rtlookup(&inp->inp_inc);
2682 if (rt == NULL) { 2683 tp->t_maxopd = tp->t_maxseg = 2684#ifdef INET6 2685 isipv6 ? tcp_v6mssdflt : 2686#endif /* INET6 / 2687* tcp_mssdflt; 2688 return; 2689 } --- 189 unchanged lines hidden (view full) --- 2879 isipv6 = ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0) ? 1 : 0; 2880 min_protoh = isipv6 ? sizeof (struct ip6_hdr) + sizeof (struct tcphdr) 2881 : sizeof (struct tcpiphdr); 2882#else 2883#define min_protoh (sizeof (struct tcpiphdr)) 2884#endif 2885#ifdef INET6 2886 if (isipv6)	2473 if (rt == NULL) { 2474 tp->t_maxopd = tp->t_maxseg = 2475#ifdef INET6 2476 isipv6 ? tcp_v6mssdflt : 2477#endif /* INET6 / 2478* tcp_mssdflt; 2479 return; 2480 } --- 189 unchanged lines hidden (view full) --- 2670 isipv6 = ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0) ? 1 : 0; 2671 min_protoh = isipv6 ? sizeof (struct ip6_hdr) + sizeof (struct tcphdr) 2672 : sizeof (struct tcpiphdr); 2673#else 2674#define min_protoh (sizeof (struct tcpiphdr)) 2675#endif 2676#ifdef INET6 2677 if (isipv6)
2887 rt = tcp_rtlookup6(tp->t_inpcb);	2678 rt = tcp_rtlookup6(&tp->t_inpcb->inp_inc);
2888 else 2889#endif /* INET6 */	2679 else 2680#endif /* INET6 */
2890 rt = tcp_rtlookup(tp->t_inpcb);	2681 rt = tcp_rtlookup(&tp->t_inpcb->inp_inc);
2891 if (rt == NULL) 2892 return 2893#ifdef INET6 2894 isipv6 ? tcp_v6mssdflt : 2895#endif /* INET6 / 2896* tcp_mssdflt; 2897 2898 return rt->rt_ifp->if_mtu - min_protoh; --- 40 unchanged lines hidden ---	2682 if (rt == NULL) 2683 return 2684#ifdef INET6 2685 isipv6 ? tcp_v6mssdflt : 2686#endif /* INET6 / 2687* tcp_mssdflt; 2688 2689 return rt->rt_ifp->if_mtu - min_protoh; --- 40 unchanged lines hidden ---