freebsd-nq/sys/netinet/tcp_usrreq.c
Jonathan Lemon be2ac88c59 Introduce a syncache, which enables FreeBSD to withstand a SYN flood
DoS in an improved fashion over the existing code.

Reviewed by: silby  (in a previous iteration)
Sponsored by: DARPA, NAI Labs
2001-11-22 04:50:44 +00:00

1131 lines
27 KiB
C

/*
* Copyright (c) 1982, 1986, 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* From: @(#)tcp_usrreq.c 8.2 (Berkeley) 1/3/94
* $FreeBSD$
*/
#include "opt_ipsec.h"
#include "opt_inet6.h"
#include "opt_tcpdebug.h"
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
#include <sys/mbuf.h>
#ifdef INET6
#include <sys/domain.h>
#endif /* INET6 */
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/protosw.h>
#include <sys/proc.h>
#include <sys/jail.h>
#include <net/if.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#ifdef INET6
#include <netinet/ip6.h>
#endif
#include <netinet/in_pcb.h>
#ifdef INET6
#include <netinet6/in6_pcb.h>
#endif
#include <netinet/in_var.h>
#include <netinet/ip_var.h>
#ifdef INET6
#include <netinet6/ip6_var.h>
#endif
#include <netinet/tcp.h>
#include <netinet/tcp_fsm.h>
#include <netinet/tcp_seq.h>
#include <netinet/tcp_timer.h>
#include <netinet/tcp_var.h>
#include <netinet/tcpip.h>
#ifdef TCPDEBUG
#include <netinet/tcp_debug.h>
#endif
#ifdef IPSEC
#include <netinet6/ipsec.h>
#endif /*IPSEC*/
/*
* TCP protocol interface to socket abstraction.
*/
extern char *tcpstates[]; /* XXX ??? */
static int tcp_attach __P((struct socket *, struct thread *td));
static int tcp_connect __P((struct tcpcb *, struct sockaddr *,
struct thread *td));
#ifdef INET6
static int tcp6_connect __P((struct tcpcb *, struct sockaddr *,
struct thread *td));
#endif /* INET6 */
static struct tcpcb *
tcp_disconnect __P((struct tcpcb *));
static struct tcpcb *
tcp_usrclosed __P((struct tcpcb *));
#ifdef TCPDEBUG
#define TCPDEBUG0 int ostate = 0
#define TCPDEBUG1() ostate = tp ? tp->t_state : 0
#define TCPDEBUG2(req) if (tp && (so->so_options & SO_DEBUG)) \
tcp_trace(TA_USER, ostate, tp, 0, 0, req)
#else
#define TCPDEBUG0
#define TCPDEBUG1()
#define TCPDEBUG2(req)
#endif
/*
* TCP attaches to socket via pru_attach(), reserving space,
* and an internet control block.
*/
static int
tcp_usr_attach(struct socket *so, int proto, struct thread *td)
{
int s = splnet();
int error;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp = 0;
TCPDEBUG0;
TCPDEBUG1();
if (inp) {
error = EISCONN;
goto out;
}
error = tcp_attach(so, td);
if (error)
goto out;
if ((so->so_options & SO_LINGER) && so->so_linger == 0)
so->so_linger = TCP_LINGERTIME;
tp = sototcpcb(so);
out:
TCPDEBUG2(PRU_ATTACH);
splx(s);
return error;
}
/*
* pru_detach() detaches the TCP protocol from the socket.
* If the protocol state is non-embryonic, then can't
* do this directly: have to initiate a pru_disconnect(),
* which may finish later; embryonic TCB's can just
* be discarded here.
*/
static int
tcp_usr_detach(struct socket *so)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp;
TCPDEBUG0;
if (inp == 0) {
splx(s);
return EINVAL; /* XXX */
}
tp = intotcpcb(inp);
TCPDEBUG1();
tp = tcp_disconnect(tp);
TCPDEBUG2(PRU_DETACH);
splx(s);
return error;
}
#define COMMON_START() TCPDEBUG0; \
do { \
if (inp == 0) { \
splx(s); \
return EINVAL; \
} \
tp = intotcpcb(inp); \
TCPDEBUG1(); \
} while(0)
#define COMMON_END(req) out: TCPDEBUG2(req); splx(s); return error; goto out
/*
* Give the socket an address.
*/
static int
tcp_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp;
struct sockaddr_in *sinp;
COMMON_START();
/*
* Must check for multicast addresses and disallow binding
* to them.
*/
sinp = (struct sockaddr_in *)nam;
if (sinp->sin_family == AF_INET &&
IN_MULTICAST(ntohl(sinp->sin_addr.s_addr))) {
error = EAFNOSUPPORT;
goto out;
}
error = in_pcbbind(inp, nam, td);
if (error)
goto out;
COMMON_END(PRU_BIND);
}
#ifdef INET6
static int
tcp6_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp;
struct sockaddr_in6 *sin6p;
COMMON_START();
/*
* Must check for multicast addresses and disallow binding
* to them.
*/
sin6p = (struct sockaddr_in6 *)nam;
if (sin6p->sin6_family == AF_INET6 &&
IN6_IS_ADDR_MULTICAST(&sin6p->sin6_addr)) {
error = EAFNOSUPPORT;
goto out;
}
inp->inp_vflag &= ~INP_IPV4;
inp->inp_vflag |= INP_IPV6;
if (ip6_mapped_addr_on && (inp->inp_flags & IN6P_IPV6_V6ONLY) == 0) {
if (IN6_IS_ADDR_UNSPECIFIED(&sin6p->sin6_addr))
inp->inp_vflag |= INP_IPV4;
else if (IN6_IS_ADDR_V4MAPPED(&sin6p->sin6_addr)) {
struct sockaddr_in sin;
in6_sin6_2_sin(&sin, sin6p);
inp->inp_vflag |= INP_IPV4;
inp->inp_vflag &= ~INP_IPV6;
error = in_pcbbind(inp, (struct sockaddr *)&sin, td);
goto out;
}
}
error = in6_pcbbind(inp, nam, td);
if (error)
goto out;
COMMON_END(PRU_BIND);
}
#endif /* INET6 */
/*
* Prepare to accept connections.
*/
static int
tcp_usr_listen(struct socket *so, struct thread *td)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp;
COMMON_START();
if (inp->inp_lport == 0)
error = in_pcbbind(inp, (struct sockaddr *)0, td);
if (error == 0)
tp->t_state = TCPS_LISTEN;
COMMON_END(PRU_LISTEN);
}
#ifdef INET6
static int
tcp6_usr_listen(struct socket *so, struct thread *td)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp;
COMMON_START();
if (inp->inp_lport == 0) {
inp->inp_vflag &= ~INP_IPV4;
if (ip6_mapped_addr_on &&
(inp->inp_flags & IN6P_IPV6_V6ONLY) == 0)
inp->inp_vflag |= INP_IPV4;
error = in6_pcbbind(inp, (struct sockaddr *)0, td);
}
if (error == 0)
tp->t_state = TCPS_LISTEN;
COMMON_END(PRU_LISTEN);
}
#endif /* INET6 */
/*
* Initiate connection to peer.
* Create a template for use in transmissions on this connection.
* Enter SYN_SENT state, and mark socket as connecting.
* Start keep-alive timer, and seed output sequence space.
* Send initial segment on connection.
*/
static int
tcp_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp;
struct sockaddr_in *sinp;
COMMON_START();
/*
* Must disallow TCP ``connections'' to multicast addresses.
*/
sinp = (struct sockaddr_in *)nam;
if (sinp->sin_family == AF_INET
&& IN_MULTICAST(ntohl(sinp->sin_addr.s_addr))) {
error = EAFNOSUPPORT;
goto out;
}
if (td && jailed(td->td_proc->p_ucred))
prison_remote_ip(td->td_proc->p_ucred, 0, &sinp->sin_addr.s_addr);
if ((error = tcp_connect(tp, nam, td)) != 0)
goto out;
error = tcp_output(tp);
COMMON_END(PRU_CONNECT);
}
#ifdef INET6
static int
tcp6_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp;
struct sockaddr_in6 *sin6p;
COMMON_START();
/*
* Must disallow TCP ``connections'' to multicast addresses.
*/
sin6p = (struct sockaddr_in6 *)nam;
if (sin6p->sin6_family == AF_INET6
&& IN6_IS_ADDR_MULTICAST(&sin6p->sin6_addr)) {
error = EAFNOSUPPORT;
goto out;
}
if (IN6_IS_ADDR_V4MAPPED(&sin6p->sin6_addr)) {
struct sockaddr_in sin;
if (!ip6_mapped_addr_on ||
(inp->inp_flags & IN6P_IPV6_V6ONLY))
return(EINVAL);
in6_sin6_2_sin(&sin, sin6p);
inp->inp_vflag |= INP_IPV4;
inp->inp_vflag &= ~INP_IPV6;
if ((error = tcp_connect(tp, (struct sockaddr *)&sin, td)) != 0)
goto out;
error = tcp_output(tp);
goto out;
}
inp->inp_vflag &= ~INP_IPV4;
inp->inp_vflag |= INP_IPV6;
if ((error = tcp6_connect(tp, nam, td)) != 0)
goto out;
error = tcp_output(tp);
COMMON_END(PRU_CONNECT);
}
#endif /* INET6 */
/*
* Initiate disconnect from peer.
* If connection never passed embryonic stage, just drop;
* else if don't need to let data drain, then can just drop anyways,
* else have to begin TCP shutdown process: mark socket disconnecting,
* drain unread data, state switch to reflect user close, and
* send segment (e.g. FIN) to peer. Socket will be really disconnected
* when peer sends FIN and acks ours.
*
* SHOULD IMPLEMENT LATER PRU_CONNECT VIA REALLOC TCPCB.
*/
static int
tcp_usr_disconnect(struct socket *so)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp;
COMMON_START();
tp = tcp_disconnect(tp);
COMMON_END(PRU_DISCONNECT);
}
/*
* Accept a connection. Essentially all the work is
* done at higher levels; just return the address
* of the peer, storing through addr.
*/
static int
tcp_usr_accept(struct socket *so, struct sockaddr **nam)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp = NULL;
TCPDEBUG0;
if (so->so_state & SS_ISDISCONNECTED) {
error = ECONNABORTED;
goto out;
}
if (inp == 0) {
splx(s);
return (EINVAL);
}
tp = intotcpcb(inp);
TCPDEBUG1();
in_setpeeraddr(so, nam);
COMMON_END(PRU_ACCEPT);
}
#ifdef INET6
static int
tcp6_usr_accept(struct socket *so, struct sockaddr **nam)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp = NULL;
TCPDEBUG0;
if (so->so_state & SS_ISDISCONNECTED) {
error = ECONNABORTED;
goto out;
}
if (inp == 0) {
splx(s);
return (EINVAL);
}
tp = intotcpcb(inp);
TCPDEBUG1();
in6_mapped_peeraddr(so, nam);
COMMON_END(PRU_ACCEPT);
}
#endif /* INET6 */
/*
* Mark the connection as being incapable of further output.
*/
static int
tcp_usr_shutdown(struct socket *so)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp;
COMMON_START();
socantsendmore(so);
tp = tcp_usrclosed(tp);
if (tp)
error = tcp_output(tp);
COMMON_END(PRU_SHUTDOWN);
}
/*
* After a receive, possibly send window update to peer.
*/
static int
tcp_usr_rcvd(struct socket *so, int flags)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp;
COMMON_START();
tcp_output(tp);
COMMON_END(PRU_RCVD);
}
/*
* Do a send by putting data in output queue and updating urgent
* marker if URG set. Possibly send more data. Unlike the other
* pru_*() routines, the mbuf chains are our responsibility. We
* must either enqueue them or free them. The other pru_* routines
* generally are caller-frees.
*/
static int
tcp_usr_send(struct socket *so, int flags, struct mbuf *m,
struct sockaddr *nam, struct mbuf *control, struct thread *td)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp;
#ifdef INET6
int isipv6;
#endif
TCPDEBUG0;
if (inp == NULL) {
/*
* OOPS! we lost a race, the TCP session got reset after
* we checked SS_CANTSENDMORE, eg: while doing uiomove or a
* network interrupt in the non-splnet() section of sosend().
*/
if (m)
m_freem(m);
if (control)
m_freem(control);
error = ECONNRESET; /* XXX EPIPE? */
tp = NULL;
TCPDEBUG1();
goto out;
}
#ifdef INET6
isipv6 = nam && nam->sa_family == AF_INET6;
#endif /* INET6 */
tp = intotcpcb(inp);
TCPDEBUG1();
if (control) {
/* TCP doesn't do control messages (rights, creds, etc) */
if (control->m_len) {
m_freem(control);
if (m)
m_freem(m);
error = EINVAL;
goto out;
}
m_freem(control); /* empty control, just free it */
}
if(!(flags & PRUS_OOB)) {
sbappend(&so->so_snd, m);
if (nam && tp->t_state < TCPS_SYN_SENT) {
/*
* Do implied connect if not yet connected,
* initialize window to default value, and
* initialize maxseg/maxopd using peer's cached
* MSS.
*/
#ifdef INET6
if (isipv6)
error = tcp6_connect(tp, nam, td);
else
#endif /* INET6 */
error = tcp_connect(tp, nam, td);
if (error)
goto out;
tp->snd_wnd = TTCP_CLIENT_SND_WND;
tcp_mss(tp, -1);
}
if (flags & PRUS_EOF) {
/*
* Close the send side of the connection after
* the data is sent.
*/
socantsendmore(so);
tp = tcp_usrclosed(tp);
}
if (tp != NULL) {
if (flags & PRUS_MORETOCOME)
tp->t_flags |= TF_MORETOCOME;
error = tcp_output(tp);
if (flags & PRUS_MORETOCOME)
tp->t_flags &= ~TF_MORETOCOME;
}
} else {
if (sbspace(&so->so_snd) < -512) {
m_freem(m);
error = ENOBUFS;
goto out;
}
/*
* According to RFC961 (Assigned Protocols),
* the urgent pointer points to the last octet
* of urgent data. We continue, however,
* to consider it to indicate the first octet
* of data past the urgent section.
* Otherwise, snd_up should be one lower.
*/
sbappend(&so->so_snd, m);
if (nam && tp->t_state < TCPS_SYN_SENT) {
/*
* Do implied connect if not yet connected,
* initialize window to default value, and
* initialize maxseg/maxopd using peer's cached
* MSS.
*/
#ifdef INET6
if (isipv6)
error = tcp6_connect(tp, nam, td);
else
#endif /* INET6 */
error = tcp_connect(tp, nam, td);
if (error)
goto out;
tp->snd_wnd = TTCP_CLIENT_SND_WND;
tcp_mss(tp, -1);
}
tp->snd_up = tp->snd_una + so->so_snd.sb_cc;
tp->t_force = 1;
error = tcp_output(tp);
tp->t_force = 0;
}
COMMON_END((flags & PRUS_OOB) ? PRU_SENDOOB :
((flags & PRUS_EOF) ? PRU_SEND_EOF : PRU_SEND));
}
/*
* Abort the TCP.
*/
static int
tcp_usr_abort(struct socket *so)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp;
COMMON_START();
tp = tcp_drop(tp, ECONNABORTED);
COMMON_END(PRU_ABORT);
}
/*
* Receive out-of-band data.
*/
static int
tcp_usr_rcvoob(struct socket *so, struct mbuf *m, int flags)
{
int s = splnet();
int error = 0;
struct inpcb *inp = sotoinpcb(so);
struct tcpcb *tp;
COMMON_START();
if ((so->so_oobmark == 0 &&
(so->so_state & SS_RCVATMARK) == 0) ||
so->so_options & SO_OOBINLINE ||
tp->t_oobflags & TCPOOB_HADDATA) {
error = EINVAL;
goto out;
}
if ((tp->t_oobflags & TCPOOB_HAVEDATA) == 0) {
error = EWOULDBLOCK;
goto out;
}
m->m_len = 1;
*mtod(m, caddr_t) = tp->t_iobc;
if ((flags & MSG_PEEK) == 0)
tp->t_oobflags ^= (TCPOOB_HAVEDATA | TCPOOB_HADDATA);
COMMON_END(PRU_RCVOOB);
}
/* xxx - should be const */
struct pr_usrreqs tcp_usrreqs = {
tcp_usr_abort, tcp_usr_accept, tcp_usr_attach, tcp_usr_bind,
tcp_usr_connect, pru_connect2_notsupp, in_control, tcp_usr_detach,
tcp_usr_disconnect, tcp_usr_listen, in_setpeeraddr, tcp_usr_rcvd,
tcp_usr_rcvoob, tcp_usr_send, pru_sense_null, tcp_usr_shutdown,
in_setsockaddr, sosend, soreceive, sopoll
};
#ifdef INET6
struct pr_usrreqs tcp6_usrreqs = {
tcp_usr_abort, tcp6_usr_accept, tcp_usr_attach, tcp6_usr_bind,
tcp6_usr_connect, pru_connect2_notsupp, in6_control, tcp_usr_detach,
tcp_usr_disconnect, tcp6_usr_listen, in6_mapped_peeraddr, tcp_usr_rcvd,
tcp_usr_rcvoob, tcp_usr_send, pru_sense_null, tcp_usr_shutdown,
in6_mapped_sockaddr, sosend, soreceive, sopoll
};
#endif /* INET6 */
/*
* Common subroutine to open a TCP connection to remote host specified
* by struct sockaddr_in in mbuf *nam. Call in_pcbbind to assign a local
* port number if needed. Call in_pcbladdr to do the routing and to choose
* a local host address (interface). If there is an existing incarnation
* of the same connection in TIME-WAIT state and if the remote host was
* sending CC options and if the connection duration was < MSL, then
* truncate the previous TIME-WAIT state and proceed.
* Initialize connection parameters and enter SYN-SENT state.
*/
static int
tcp_connect(tp, nam, td)
register struct tcpcb *tp;
struct sockaddr *nam;
struct thread *td;
{
struct inpcb *inp = tp->t_inpcb, *oinp;
struct socket *so = inp->inp_socket;
struct tcpcb *otp;
struct sockaddr_in *sin = (struct sockaddr_in *)nam;
struct sockaddr_in *ifaddr;
struct rmxp_tao *taop;
struct rmxp_tao tao_noncached;
int error;
if (inp->inp_lport == 0) {
error = in_pcbbind(inp, (struct sockaddr *)0, td);
if (error)
return error;
}
/*
* Cannot simply call in_pcbconnect, because there might be an
* earlier incarnation of this same connection still in
* TIME_WAIT state, creating an ADDRINUSE error.
*/
error = in_pcbladdr(inp, nam, &ifaddr);
if (error)
return error;
oinp = in_pcblookup_hash(inp->inp_pcbinfo,
sin->sin_addr, sin->sin_port,
inp->inp_laddr.s_addr != INADDR_ANY ? inp->inp_laddr
: ifaddr->sin_addr,
inp->inp_lport, 0, NULL);
if (oinp) {
if (oinp != inp && (otp = intotcpcb(oinp)) != NULL &&
otp->t_state == TCPS_TIME_WAIT &&
(ticks - otp->t_starttime) < tcp_msl &&
(otp->t_flags & TF_RCVD_CC))
otp = tcp_close(otp);
else
return EADDRINUSE;
}
if (inp->inp_laddr.s_addr == INADDR_ANY)
inp->inp_laddr = ifaddr->sin_addr;
inp->inp_faddr = sin->sin_addr;
inp->inp_fport = sin->sin_port;
in_pcbrehash(inp);
/* Compute window scaling to request. */
while (tp->request_r_scale < TCP_MAX_WINSHIFT &&
(TCP_MAXWIN << tp->request_r_scale) < so->so_rcv.sb_hiwat)
tp->request_r_scale++;
soisconnecting(so);
tcpstat.tcps_connattempt++;
tp->t_state = TCPS_SYN_SENT;
callout_reset(tp->tt_keep, tcp_keepinit, tcp_timer_keep, tp);
tp->iss = tcp_new_isn(tp);
tcp_sendseqinit(tp);
/*
* Generate a CC value for this connection and
* check whether CC or CCnew should be used.
*/
if ((taop = tcp_gettaocache(&tp->t_inpcb->inp_inc)) == NULL) {
taop = &tao_noncached;
bzero(taop, sizeof(*taop));
}
tp->cc_send = CC_INC(tcp_ccgen);
if (taop->tao_ccsent != 0 &&
CC_GEQ(tp->cc_send, taop->tao_ccsent)) {
taop->tao_ccsent = tp->cc_send;
} else {
taop->tao_ccsent = 0;
tp->t_flags |= TF_SENDCCNEW;
}
return 0;
}
#ifdef INET6
static int
tcp6_connect(tp, nam, td)
register struct tcpcb *tp;
struct sockaddr *nam;
struct thread *td;
{
struct inpcb *inp = tp->t_inpcb, *oinp;
struct socket *so = inp->inp_socket;
struct tcpcb *otp;
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)nam;
struct in6_addr *addr6;
struct rmxp_tao *taop;
struct rmxp_tao tao_noncached;
int error;
if (inp->inp_lport == 0) {
error = in6_pcbbind(inp, (struct sockaddr *)0, td);
if (error)
return error;
}
/*
* Cannot simply call in_pcbconnect, because there might be an
* earlier incarnation of this same connection still in
* TIME_WAIT state, creating an ADDRINUSE error.
*/
error = in6_pcbladdr(inp, nam, &addr6);
if (error)
return error;
oinp = in6_pcblookup_hash(inp->inp_pcbinfo,
&sin6->sin6_addr, sin6->sin6_port,
IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)
? addr6
: &inp->in6p_laddr,
inp->inp_lport, 0, NULL);
if (oinp) {
if (oinp != inp && (otp = intotcpcb(oinp)) != NULL &&
otp->t_state == TCPS_TIME_WAIT &&
(ticks - otp->t_starttime) < tcp_msl &&
(otp->t_flags & TF_RCVD_CC))
otp = tcp_close(otp);
else
return EADDRINUSE;
}
if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr))
inp->in6p_laddr = *addr6;
inp->in6p_faddr = sin6->sin6_addr;
inp->inp_fport = sin6->sin6_port;
if ((sin6->sin6_flowinfo & IPV6_FLOWINFO_MASK) != NULL)
inp->in6p_flowinfo = sin6->sin6_flowinfo;
in_pcbrehash(inp);
/* Compute window scaling to request. */
while (tp->request_r_scale < TCP_MAX_WINSHIFT &&
(TCP_MAXWIN << tp->request_r_scale) < so->so_rcv.sb_hiwat)
tp->request_r_scale++;
soisconnecting(so);
tcpstat.tcps_connattempt++;
tp->t_state = TCPS_SYN_SENT;
callout_reset(tp->tt_keep, tcp_keepinit, tcp_timer_keep, tp);
tp->iss = tcp_new_isn(tp);
tcp_sendseqinit(tp);
/*
* Generate a CC value for this connection and
* check whether CC or CCnew should be used.
*/
if ((taop = tcp_gettaocache(&tp->t_inpcb->inp_inc)) == NULL) {
taop = &tao_noncached;
bzero(taop, sizeof(*taop));
}
tp->cc_send = CC_INC(tcp_ccgen);
if (taop->tao_ccsent != 0 &&
CC_GEQ(tp->cc_send, taop->tao_ccsent)) {
taop->tao_ccsent = tp->cc_send;
} else {
taop->tao_ccsent = 0;
tp->t_flags |= TF_SENDCCNEW;
}
return 0;
}
#endif /* INET6 */
/*
* The new sockopt interface makes it possible for us to block in the
* copyin/out step (if we take a page fault). Taking a page fault at
* splnet() is probably a Bad Thing. (Since sockets and pcbs both now
* use TSM, there probably isn't any need for this function to run at
* splnet() any more. This needs more examination.)
*/
int
tcp_ctloutput(so, sopt)
struct socket *so;
struct sockopt *sopt;
{
int error, opt, optval, s;
struct inpcb *inp;
struct tcpcb *tp;
error = 0;
s = splnet(); /* XXX */
inp = sotoinpcb(so);
if (inp == NULL) {
splx(s);
return (ECONNRESET);
}
if (sopt->sopt_level != IPPROTO_TCP) {
#ifdef INET6
if (INP_CHECK_SOCKAF(so, AF_INET6))
error = ip6_ctloutput(so, sopt);
else
#endif /* INET6 */
error = ip_ctloutput(so, sopt);
splx(s);
return (error);
}
tp = intotcpcb(inp);
switch (sopt->sopt_dir) {
case SOPT_SET:
switch (sopt->sopt_name) {
case TCP_NODELAY:
case TCP_NOOPT:
error = sooptcopyin(sopt, &optval, sizeof optval,
sizeof optval);
if (error)
break;
switch (sopt->sopt_name) {
case TCP_NODELAY:
opt = TF_NODELAY;
break;
case TCP_NOOPT:
opt = TF_NOOPT;
break;
default:
opt = 0; /* dead code to fool gcc */
break;
}
if (optval)
tp->t_flags |= opt;
else
tp->t_flags &= ~opt;
break;
case TCP_NOPUSH:
error = sooptcopyin(sopt, &optval, sizeof optval,
sizeof optval);
if (error)
break;
if (optval)
tp->t_flags |= TF_NOPUSH;
else {
tp->t_flags &= ~TF_NOPUSH;
error = tcp_output(tp);
}
break;
case TCP_MAXSEG:
error = sooptcopyin(sopt, &optval, sizeof optval,
sizeof optval);
if (error)
break;
if (optval > 0 && optval <= tp->t_maxseg)
tp->t_maxseg = optval;
else
error = EINVAL;
break;
default:
error = ENOPROTOOPT;
break;
}
break;
case SOPT_GET:
switch (sopt->sopt_name) {
case TCP_NODELAY:
optval = tp->t_flags & TF_NODELAY;
break;
case TCP_MAXSEG:
optval = tp->t_maxseg;
break;
case TCP_NOOPT:
optval = tp->t_flags & TF_NOOPT;
break;
case TCP_NOPUSH:
optval = tp->t_flags & TF_NOPUSH;
break;
default:
error = ENOPROTOOPT;
break;
}
if (error == 0)
error = sooptcopyout(sopt, &optval, sizeof optval);
break;
}
splx(s);
return (error);
}
/*
* tcp_sendspace and tcp_recvspace are the default send and receive window
* sizes, respectively. These are obsolescent (this information should
* be set by the route).
*/
u_long tcp_sendspace = 1024*32;
SYSCTL_INT(_net_inet_tcp, TCPCTL_SENDSPACE, sendspace, CTLFLAG_RW,
&tcp_sendspace , 0, "Maximum outgoing TCP datagram size");
u_long tcp_recvspace = 1024*64;
SYSCTL_INT(_net_inet_tcp, TCPCTL_RECVSPACE, recvspace, CTLFLAG_RW,
&tcp_recvspace , 0, "Maximum incoming TCP datagram size");
/*
* Attach TCP protocol to socket, allocating
* internet protocol control block, tcp control block,
* bufer space, and entering LISTEN state if to accept connections.
*/
static int
tcp_attach(so, td)
struct socket *so;
struct thread *td;
{
register struct tcpcb *tp;
struct inpcb *inp;
int error;
#ifdef INET6
int isipv6 = INP_CHECK_SOCKAF(so, AF_INET6) != NULL;
#endif
if (so->so_snd.sb_hiwat == 0 || so->so_rcv.sb_hiwat == 0) {
error = soreserve(so, tcp_sendspace, tcp_recvspace);
if (error)
return (error);
}
error = in_pcballoc(so, &tcbinfo, td);
if (error)
return (error);
inp = sotoinpcb(so);
#ifdef INET6
if (isipv6) {
inp->inp_vflag |= INP_IPV6;
inp->in6p_hops = -1; /* use kernel default */
}
else
#endif
inp->inp_vflag |= INP_IPV4;
tp = tcp_newtcpcb(inp);
if (tp == 0) {
int nofd = so->so_state & SS_NOFDREF; /* XXX */
so->so_state &= ~SS_NOFDREF; /* don't free the socket yet */
#ifdef INET6
if (isipv6)
in6_pcbdetach(inp);
else
#endif
in_pcbdetach(inp);
so->so_state |= nofd;
return (ENOBUFS);
}
tp->t_state = TCPS_CLOSED;
return (0);
}
/*
* Initiate (or continue) disconnect.
* If embryonic state, just send reset (once).
* If in ``let data drain'' option and linger null, just drop.
* Otherwise (hard), mark socket disconnecting and drop
* current input data; switch states based on user close, and
* send segment to peer (with FIN).
*/
static struct tcpcb *
tcp_disconnect(tp)
register struct tcpcb *tp;
{
struct socket *so = tp->t_inpcb->inp_socket;
if (tp->t_state < TCPS_ESTABLISHED)
tp = tcp_close(tp);
else if ((so->so_options & SO_LINGER) && so->so_linger == 0)
tp = tcp_drop(tp, 0);
else {
soisdisconnecting(so);
sbflush(&so->so_rcv);
tp = tcp_usrclosed(tp);
if (tp)
(void) tcp_output(tp);
}
return (tp);
}
/*
* User issued close, and wish to trail through shutdown states:
* if never received SYN, just forget it. If got a SYN from peer,
* but haven't sent FIN, then go to FIN_WAIT_1 state to send peer a FIN.
* If already got a FIN from peer, then almost done; go to LAST_ACK
* state. In all other cases, have already sent FIN to peer (e.g.
* after PRU_SHUTDOWN), and just have to play tedious game waiting
* for peer to send FIN or not respond to keep-alives, etc.
* We can let the user exit from the close as soon as the FIN is acked.
*/
static struct tcpcb *
tcp_usrclosed(tp)
register struct tcpcb *tp;
{
switch (tp->t_state) {
case TCPS_CLOSED:
case TCPS_LISTEN:
tp->t_state = TCPS_CLOSED;
tp = tcp_close(tp);
break;
case TCPS_SYN_SENT:
case TCPS_SYN_RECEIVED:
tp->t_flags |= TF_NEEDFIN;
break;
case TCPS_ESTABLISHED:
tp->t_state = TCPS_FIN_WAIT_1;
break;
case TCPS_CLOSE_WAIT:
tp->t_state = TCPS_LAST_ACK;
break;
}
if (tp && tp->t_state >= TCPS_FIN_WAIT_2) {
soisdisconnected(tp->t_inpcb->inp_socket);
/* To prevent the connection hanging in FIN_WAIT_2 forever. */
if (tp->t_state == TCPS_FIN_WAIT_2)
callout_reset(tp->tt_2msl, tcp_maxidle,
tcp_timer_2msl, tp);
}
return (tp);
}