Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * INET An implementation of the TCP/IP protocol suite for the LINUX
4 * operating system. INET is implemented using the BSD Socket
5 * interface as the means of communication with the user level.
6 *
7 * Implementation of the Transmission Control Protocol(TCP).
8 *
9 * Authors: Ross Biro
10 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
11 * Mark Evans, <evansmp@uhura.aston.ac.uk>
12 * Corey Minyard <wf-rch!minyard@relay.EU.net>
13 * Florian La Roche, <flla@stud.uni-sb.de>
14 * Charles Hedrick, <hedrick@klinzhai.rutgers.edu>
15 * Linus Torvalds, <torvalds@cs.helsinki.fi>
16 * Alan Cox, <gw4pts@gw4pts.ampr.org>
17 * Matthew Dillon, <dillon@apollo.west.oic.com>
18 * Arnt Gulbrandsen, <agulbra@nvg.unit.no>
19 * Jorge Cwik, <jorge@laser.satlink.net>
20 */
21
22/*
23 * Changes: Pedro Roque : Retransmit queue handled by TCP.
24 * : Fragmentation on mtu decrease
25 * : Segment collapse on retransmit
26 * : AF independence
27 *
28 * Linus Torvalds : send_delayed_ack
29 * David S. Miller : Charge memory using the right skb
30 * during syn/ack processing.
31 * David S. Miller : Output engine completely rewritten.
32 * Andrea Arcangeli: SYNACK carry ts_recent in tsecr.
33 * Cacophonix Gaul : draft-minshall-nagle-01
34 * J Hadi Salim : ECN support
35 *
36 */
37
38#define pr_fmt(fmt) "TCP: " fmt
39
40#include <net/tcp.h>
41#include <net/mptcp.h>
42
43#include <linux/compiler.h>
44#include <linux/gfp.h>
45#include <linux/module.h>
46#include <linux/static_key.h>
47
48#include <trace/events/tcp.h>
49
50/* Refresh clocks of a TCP socket,
51 * ensuring monotically increasing values.
52 */
53void tcp_mstamp_refresh(struct tcp_sock *tp)
54{
55 u64 val = tcp_clock_ns();
56
57 tp->tcp_clock_cache = val;
58 tp->tcp_mstamp = div_u64(val, NSEC_PER_USEC);
59}
60
61static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
62 int push_one, gfp_t gfp);
63
64/* Account for new data that has been sent to the network. */
65static void tcp_event_new_data_sent(struct sock *sk, struct sk_buff *skb)
66{
67 struct inet_connection_sock *icsk = inet_csk(sk);
68 struct tcp_sock *tp = tcp_sk(sk);
69 unsigned int prior_packets = tp->packets_out;
70
71 WRITE_ONCE(tp->snd_nxt, TCP_SKB_CB(skb)->end_seq);
72
73 __skb_unlink(skb, &sk->sk_write_queue);
74 tcp_rbtree_insert(&sk->tcp_rtx_queue, skb);
75
76 if (tp->highest_sack == NULL)
77 tp->highest_sack = skb;
78
79 tp->packets_out += tcp_skb_pcount(skb);
80 if (!prior_packets || icsk->icsk_pending == ICSK_TIME_LOSS_PROBE)
81 tcp_rearm_rto(sk);
82
83 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPORIGDATASENT,
84 tcp_skb_pcount(skb));
85}
86
87/* SND.NXT, if window was not shrunk or the amount of shrunk was less than one
88 * window scaling factor due to loss of precision.
89 * If window has been shrunk, what should we make? It is not clear at all.
90 * Using SND.UNA we will fail to open window, SND.NXT is out of window. :-(
91 * Anything in between SND.UNA...SND.UNA+SND.WND also can be already
92 * invalid. OK, let's make this for now:
93 */
94static inline __u32 tcp_acceptable_seq(const struct sock *sk)
95{
96 const struct tcp_sock *tp = tcp_sk(sk);
97
98 if (!before(tcp_wnd_end(tp), tp->snd_nxt) ||
99 (tp->rx_opt.wscale_ok &&
100 ((tp->snd_nxt - tcp_wnd_end(tp)) < (1 << tp->rx_opt.rcv_wscale))))
101 return tp->snd_nxt;
102 else
103 return tcp_wnd_end(tp);
104}
105
106/* Calculate mss to advertise in SYN segment.
107 * RFC1122, RFC1063, draft-ietf-tcpimpl-pmtud-01 state that:
108 *
109 * 1. It is independent of path mtu.
110 * 2. Ideally, it is maximal possible segment size i.e. 65535-40.
111 * 3. For IPv4 it is reasonable to calculate it from maximal MTU of
112 * attached devices, because some buggy hosts are confused by
113 * large MSS.
114 * 4. We do not make 3, we advertise MSS, calculated from first
115 * hop device mtu, but allow to raise it to ip_rt_min_advmss.
116 * This may be overridden via information stored in routing table.
117 * 5. Value 65535 for MSS is valid in IPv6 and means "as large as possible,
118 * probably even Jumbo".
119 */
120static __u16 tcp_advertise_mss(struct sock *sk)
121{
122 struct tcp_sock *tp = tcp_sk(sk);
123 const struct dst_entry *dst = __sk_dst_get(sk);
124 int mss = tp->advmss;
125
126 if (dst) {
127 unsigned int metric = dst_metric_advmss(dst);
128
129 if (metric < mss) {
130 mss = metric;
131 tp->advmss = mss;
132 }
133 }
134
135 return (__u16)mss;
136}
137
138/* RFC2861. Reset CWND after idle period longer RTO to "restart window".
139 * This is the first part of cwnd validation mechanism.
140 */
141void tcp_cwnd_restart(struct sock *sk, s32 delta)
142{
143 struct tcp_sock *tp = tcp_sk(sk);
144 u32 restart_cwnd = tcp_init_cwnd(tp, __sk_dst_get(sk));
145 u32 cwnd = tp->snd_cwnd;
146
147 tcp_ca_event(sk, CA_EVENT_CWND_RESTART);
148
149 tp->snd_ssthresh = tcp_current_ssthresh(sk);
150 restart_cwnd = min(restart_cwnd, cwnd);
151
152 while ((delta -= inet_csk(sk)->icsk_rto) > 0 && cwnd > restart_cwnd)
153 cwnd >>= 1;
154 tp->snd_cwnd = max(cwnd, restart_cwnd);
155 tp->snd_cwnd_stamp = tcp_jiffies32;
156 tp->snd_cwnd_used = 0;
157}
158
159/* Congestion state accounting after a packet has been sent. */
160static void tcp_event_data_sent(struct tcp_sock *tp,
161 struct sock *sk)
162{
163 struct inet_connection_sock *icsk = inet_csk(sk);
164 const u32 now = tcp_jiffies32;
165
166 if (tcp_packets_in_flight(tp) == 0)
167 tcp_ca_event(sk, CA_EVENT_TX_START);
168
169 /* If this is the first data packet sent in response to the
170 * previous received data,
171 * and it is a reply for ato after last received packet,
172 * increase pingpong count.
173 */
174 if (before(tp->lsndtime, icsk->icsk_ack.lrcvtime) &&
175 (u32)(now - icsk->icsk_ack.lrcvtime) < icsk->icsk_ack.ato)
176 inet_csk_inc_pingpong_cnt(sk);
177
178 tp->lsndtime = now;
179}
180
181/* Account for an ACK we sent. */
182static inline void tcp_event_ack_sent(struct sock *sk, unsigned int pkts,
183 u32 rcv_nxt)
184{
185 struct tcp_sock *tp = tcp_sk(sk);
186
187 if (unlikely(tp->compressed_ack)) {
188 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPACKCOMPRESSED,
189 tp->compressed_ack);
190 tp->compressed_ack = 0;
191 if (hrtimer_try_to_cancel(&tp->compressed_ack_timer) == 1)
192 __sock_put(sk);
193 }
194
195 if (unlikely(rcv_nxt != tp->rcv_nxt))
196 return; /* Special ACK sent by DCTCP to reflect ECN */
197 tcp_dec_quickack_mode(sk, pkts);
198 inet_csk_clear_xmit_timer(sk, ICSK_TIME_DACK);
199}
200
201/* Determine a window scaling and initial window to offer.
202 * Based on the assumption that the given amount of space
203 * will be offered. Store the results in the tp structure.
204 * NOTE: for smooth operation initial space offering should
205 * be a multiple of mss if possible. We assume here that mss >= 1.
206 * This MUST be enforced by all callers.
207 */
208void tcp_select_initial_window(const struct sock *sk, int __space, __u32 mss,
209 __u32 *rcv_wnd, __u32 *window_clamp,
210 int wscale_ok, __u8 *rcv_wscale,
211 __u32 init_rcv_wnd)
212{
213 unsigned int space = (__space < 0 ? 0 : __space);
214
215 /* If no clamp set the clamp to the max possible scaled window */
216 if (*window_clamp == 0)
217 (*window_clamp) = (U16_MAX << TCP_MAX_WSCALE);
218 space = min(*window_clamp, space);
219
220 /* Quantize space offering to a multiple of mss if possible. */
221 if (space > mss)
222 space = rounddown(space, mss);
223
224 /* NOTE: offering an initial window larger than 32767
225 * will break some buggy TCP stacks. If the admin tells us
226 * it is likely we could be speaking with such a buggy stack
227 * we will truncate our initial window offering to 32K-1
228 * unless the remote has sent us a window scaling option,
229 * which we interpret as a sign the remote TCP is not
230 * misinterpreting the window field as a signed quantity.
231 */
232 if (sock_net(sk)->ipv4.sysctl_tcp_workaround_signed_windows)
233 (*rcv_wnd) = min(space, MAX_TCP_WINDOW);
234 else
235 (*rcv_wnd) = min_t(u32, space, U16_MAX);
236
237 if (init_rcv_wnd)
238 *rcv_wnd = min(*rcv_wnd, init_rcv_wnd * mss);
239
240 *rcv_wscale = 0;
241 if (wscale_ok) {
242 /* Set window scaling on max possible window */
243 space = max_t(u32, space, sock_net(sk)->ipv4.sysctl_tcp_rmem[2]);
244 space = max_t(u32, space, sysctl_rmem_max);
245 space = min_t(u32, space, *window_clamp);
246 *rcv_wscale = clamp_t(int, ilog2(space) - 15,
247 0, TCP_MAX_WSCALE);
248 }
249 /* Set the clamp no higher than max representable value */
250 (*window_clamp) = min_t(__u32, U16_MAX << (*rcv_wscale), *window_clamp);
251}
252EXPORT_SYMBOL(tcp_select_initial_window);
253
254/* Chose a new window to advertise, update state in tcp_sock for the
255 * socket, and return result with RFC1323 scaling applied. The return
256 * value can be stuffed directly into th->window for an outgoing
257 * frame.
258 */
259static u16 tcp_select_window(struct sock *sk)
260{
261 struct tcp_sock *tp = tcp_sk(sk);
262 u32 old_win = tp->rcv_wnd;
263 u32 cur_win = tcp_receive_window(tp);
264 u32 new_win = __tcp_select_window(sk);
265
266 /* Never shrink the offered window */
267 if (new_win < cur_win) {
268 /* Danger Will Robinson!
269 * Don't update rcv_wup/rcv_wnd here or else
270 * we will not be able to advertise a zero
271 * window in time. --DaveM
272 *
273 * Relax Will Robinson.
274 */
275 if (new_win == 0)
276 NET_INC_STATS(sock_net(sk),
277 LINUX_MIB_TCPWANTZEROWINDOWADV);
278 new_win = ALIGN(cur_win, 1 << tp->rx_opt.rcv_wscale);
279 }
280 tp->rcv_wnd = new_win;
281 tp->rcv_wup = tp->rcv_nxt;
282
283 /* Make sure we do not exceed the maximum possible
284 * scaled window.
285 */
286 if (!tp->rx_opt.rcv_wscale &&
287 sock_net(sk)->ipv4.sysctl_tcp_workaround_signed_windows)
288 new_win = min(new_win, MAX_TCP_WINDOW);
289 else
290 new_win = min(new_win, (65535U << tp->rx_opt.rcv_wscale));
291
292 /* RFC1323 scaling applied */
293 new_win >>= tp->rx_opt.rcv_wscale;
294
295 /* If we advertise zero window, disable fast path. */
296 if (new_win == 0) {
297 tp->pred_flags = 0;
298 if (old_win)
299 NET_INC_STATS(sock_net(sk),
300 LINUX_MIB_TCPTOZEROWINDOWADV);
301 } else if (old_win == 0) {
302 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPFROMZEROWINDOWADV);
303 }
304
305 return new_win;
306}
307
308/* Packet ECN state for a SYN-ACK */
309static void tcp_ecn_send_synack(struct sock *sk, struct sk_buff *skb)
310{
311 const struct tcp_sock *tp = tcp_sk(sk);
312
313 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_CWR;
314 if (!(tp->ecn_flags & TCP_ECN_OK))
315 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_ECE;
316 else if (tcp_ca_needs_ecn(sk) ||
317 tcp_bpf_ca_needs_ecn(sk))
318 INET_ECN_xmit(sk);
319}
320
321/* Packet ECN state for a SYN. */
322static void tcp_ecn_send_syn(struct sock *sk, struct sk_buff *skb)
323{
324 struct tcp_sock *tp = tcp_sk(sk);
325 bool bpf_needs_ecn = tcp_bpf_ca_needs_ecn(sk);
326 bool use_ecn = sock_net(sk)->ipv4.sysctl_tcp_ecn == 1 ||
327 tcp_ca_needs_ecn(sk) || bpf_needs_ecn;
328
329 if (!use_ecn) {
330 const struct dst_entry *dst = __sk_dst_get(sk);
331
332 if (dst && dst_feature(dst, RTAX_FEATURE_ECN))
333 use_ecn = true;
334 }
335
336 tp->ecn_flags = 0;
337
338 if (use_ecn) {
339 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_ECE | TCPHDR_CWR;
340 tp->ecn_flags = TCP_ECN_OK;
341 if (tcp_ca_needs_ecn(sk) || bpf_needs_ecn)
342 INET_ECN_xmit(sk);
343 }
344}
345
346static void tcp_ecn_clear_syn(struct sock *sk, struct sk_buff *skb)
347{
348 if (sock_net(sk)->ipv4.sysctl_tcp_ecn_fallback)
349 /* tp->ecn_flags are cleared at a later point in time when
350 * SYN ACK is ultimatively being received.
351 */
352 TCP_SKB_CB(skb)->tcp_flags &= ~(TCPHDR_ECE | TCPHDR_CWR);
353}
354
355static void
356tcp_ecn_make_synack(const struct request_sock *req, struct tcphdr *th)
357{
358 if (inet_rsk(req)->ecn_ok)
359 th->ece = 1;
360}
361
362/* Set up ECN state for a packet on a ESTABLISHED socket that is about to
363 * be sent.
364 */
365static void tcp_ecn_send(struct sock *sk, struct sk_buff *skb,
366 struct tcphdr *th, int tcp_header_len)
367{
368 struct tcp_sock *tp = tcp_sk(sk);
369
370 if (tp->ecn_flags & TCP_ECN_OK) {
371 /* Not-retransmitted data segment: set ECT and inject CWR. */
372 if (skb->len != tcp_header_len &&
373 !before(TCP_SKB_CB(skb)->seq, tp->snd_nxt)) {
374 INET_ECN_xmit(sk);
375 if (tp->ecn_flags & TCP_ECN_QUEUE_CWR) {
376 tp->ecn_flags &= ~TCP_ECN_QUEUE_CWR;
377 th->cwr = 1;
378 skb_shinfo(skb)->gso_type |= SKB_GSO_TCP_ECN;
379 }
380 } else if (!tcp_ca_needs_ecn(sk)) {
381 /* ACK or retransmitted segment: clear ECT|CE */
382 INET_ECN_dontxmit(sk);
383 }
384 if (tp->ecn_flags & TCP_ECN_DEMAND_CWR)
385 th->ece = 1;
386 }
387}
388
389/* Constructs common control bits of non-data skb. If SYN/FIN is present,
390 * auto increment end seqno.
391 */
392static void tcp_init_nondata_skb(struct sk_buff *skb, u32 seq, u8 flags)
393{
394 skb->ip_summed = CHECKSUM_PARTIAL;
395
396 TCP_SKB_CB(skb)->tcp_flags = flags;
397 TCP_SKB_CB(skb)->sacked = 0;
398
399 tcp_skb_pcount_set(skb, 1);
400
401 TCP_SKB_CB(skb)->seq = seq;
402 if (flags & (TCPHDR_SYN | TCPHDR_FIN))
403 seq++;
404 TCP_SKB_CB(skb)->end_seq = seq;
405}
406
407static inline bool tcp_urg_mode(const struct tcp_sock *tp)
408{
409 return tp->snd_una != tp->snd_up;
410}
411
412#define OPTION_SACK_ADVERTISE (1 << 0)
413#define OPTION_TS (1 << 1)
414#define OPTION_MD5 (1 << 2)
415#define OPTION_WSCALE (1 << 3)
416#define OPTION_FAST_OPEN_COOKIE (1 << 8)
417#define OPTION_SMC (1 << 9)
418#define OPTION_MPTCP (1 << 10)
419
420static void smc_options_write(__be32 *ptr, u16 *options)
421{
422#if IS_ENABLED(CONFIG_SMC)
423 if (static_branch_unlikely(&tcp_have_smc)) {
424 if (unlikely(OPTION_SMC & *options)) {
425 *ptr++ = htonl((TCPOPT_NOP << 24) |
426 (TCPOPT_NOP << 16) |
427 (TCPOPT_EXP << 8) |
428 (TCPOLEN_EXP_SMC_BASE));
429 *ptr++ = htonl(TCPOPT_SMC_MAGIC);
430 }
431 }
432#endif
433}
434
435struct tcp_out_options {
436 u16 options; /* bit field of OPTION_* */
437 u16 mss; /* 0 to disable */
438 u8 ws; /* window scale, 0 to disable */
439 u8 num_sack_blocks; /* number of SACK blocks to include */
440 u8 hash_size; /* bytes in hash_location */
441 u8 bpf_opt_len; /* length of BPF hdr option */
442 __u8 *hash_location; /* temporary pointer, overloaded */
443 __u32 tsval, tsecr; /* need to include OPTION_TS */
444 struct tcp_fastopen_cookie *fastopen_cookie; /* Fast open cookie */
445 struct mptcp_out_options mptcp;
446};
447
448static void mptcp_options_write(__be32 *ptr, const struct tcp_sock *tp,
449 struct tcp_out_options *opts)
450{
451#if IS_ENABLED(CONFIG_MPTCP)
452 if (unlikely(OPTION_MPTCP & opts->options))
453 mptcp_write_options(ptr, tp, &opts->mptcp);
454#endif
455}
456
457#ifdef CONFIG_CGROUP_BPF
458static int bpf_skops_write_hdr_opt_arg0(struct sk_buff *skb,
459 enum tcp_synack_type synack_type)
460{
461 if (unlikely(!skb))
462 return BPF_WRITE_HDR_TCP_CURRENT_MSS;
463
464 if (unlikely(synack_type == TCP_SYNACK_COOKIE))
465 return BPF_WRITE_HDR_TCP_SYNACK_COOKIE;
466
467 return 0;
468}
469
470/* req, syn_skb and synack_type are used when writing synack */
471static void bpf_skops_hdr_opt_len(struct sock *sk, struct sk_buff *skb,
472 struct request_sock *req,
473 struct sk_buff *syn_skb,
474 enum tcp_synack_type synack_type,
475 struct tcp_out_options *opts,
476 unsigned int *remaining)
477{
478 struct bpf_sock_ops_kern sock_ops;
479 int err;
480
481 if (likely(!BPF_SOCK_OPS_TEST_FLAG(tcp_sk(sk),
482 BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG)) ||
483 !*remaining)
484 return;
485
486 /* *remaining has already been aligned to 4 bytes, so *remaining >= 4 */
487
488 /* init sock_ops */
489 memset(&sock_ops, 0, offsetof(struct bpf_sock_ops_kern, temp));
490
491 sock_ops.op = BPF_SOCK_OPS_HDR_OPT_LEN_CB;
492
493 if (req) {
494 /* The listen "sk" cannot be passed here because
495 * it is not locked. It would not make too much
496 * sense to do bpf_setsockopt(listen_sk) based
497 * on individual connection request also.
498 *
499 * Thus, "req" is passed here and the cgroup-bpf-progs
500 * of the listen "sk" will be run.
501 *
502 * "req" is also used here for fastopen even the "sk" here is
503 * a fullsock "child" sk. It is to keep the behavior
504 * consistent between fastopen and non-fastopen on
505 * the bpf programming side.
506 */
507 sock_ops.sk = (struct sock *)req;
508 sock_ops.syn_skb = syn_skb;
509 } else {
510 sock_owned_by_me(sk);
511
512 sock_ops.is_fullsock = 1;
513 sock_ops.sk = sk;
514 }
515
516 sock_ops.args[0] = bpf_skops_write_hdr_opt_arg0(skb, synack_type);
517 sock_ops.remaining_opt_len = *remaining;
518 /* tcp_current_mss() does not pass a skb */
519 if (skb)
520 bpf_skops_init_skb(&sock_ops, skb, 0);
521
522 err = BPF_CGROUP_RUN_PROG_SOCK_OPS_SK(&sock_ops, sk);
523
524 if (err || sock_ops.remaining_opt_len == *remaining)
525 return;
526
527 opts->bpf_opt_len = *remaining - sock_ops.remaining_opt_len;
528 /* round up to 4 bytes */
529 opts->bpf_opt_len = (opts->bpf_opt_len + 3) & ~3;
530
531 *remaining -= opts->bpf_opt_len;
532}
533
534static void bpf_skops_write_hdr_opt(struct sock *sk, struct sk_buff *skb,
535 struct request_sock *req,
536 struct sk_buff *syn_skb,
537 enum tcp_synack_type synack_type,
538 struct tcp_out_options *opts)
539{
540 u8 first_opt_off, nr_written, max_opt_len = opts->bpf_opt_len;
541 struct bpf_sock_ops_kern sock_ops;
542 int err;
543
544 if (likely(!max_opt_len))
545 return;
546
547 memset(&sock_ops, 0, offsetof(struct bpf_sock_ops_kern, temp));
548
549 sock_ops.op = BPF_SOCK_OPS_WRITE_HDR_OPT_CB;
550
551 if (req) {
552 sock_ops.sk = (struct sock *)req;
553 sock_ops.syn_skb = syn_skb;
554 } else {
555 sock_owned_by_me(sk);
556
557 sock_ops.is_fullsock = 1;
558 sock_ops.sk = sk;
559 }
560
561 sock_ops.args[0] = bpf_skops_write_hdr_opt_arg0(skb, synack_type);
562 sock_ops.remaining_opt_len = max_opt_len;
563 first_opt_off = tcp_hdrlen(skb) - max_opt_len;
564 bpf_skops_init_skb(&sock_ops, skb, first_opt_off);
565
566 err = BPF_CGROUP_RUN_PROG_SOCK_OPS_SK(&sock_ops, sk);
567
568 if (err)
569 nr_written = 0;
570 else
571 nr_written = max_opt_len - sock_ops.remaining_opt_len;
572
573 if (nr_written < max_opt_len)
574 memset(skb->data + first_opt_off + nr_written, TCPOPT_NOP,
575 max_opt_len - nr_written);
576}
577#else
578static void bpf_skops_hdr_opt_len(struct sock *sk, struct sk_buff *skb,
579 struct request_sock *req,
580 struct sk_buff *syn_skb,
581 enum tcp_synack_type synack_type,
582 struct tcp_out_options *opts,
583 unsigned int *remaining)
584{
585}
586
587static void bpf_skops_write_hdr_opt(struct sock *sk, struct sk_buff *skb,
588 struct request_sock *req,
589 struct sk_buff *syn_skb,
590 enum tcp_synack_type synack_type,
591 struct tcp_out_options *opts)
592{
593}
594#endif
595
596/* Write previously computed TCP options to the packet.
597 *
598 * Beware: Something in the Internet is very sensitive to the ordering of
599 * TCP options, we learned this through the hard way, so be careful here.
600 * Luckily we can at least blame others for their non-compliance but from
601 * inter-operability perspective it seems that we're somewhat stuck with
602 * the ordering which we have been using if we want to keep working with
603 * those broken things (not that it currently hurts anybody as there isn't
604 * particular reason why the ordering would need to be changed).
605 *
606 * At least SACK_PERM as the first option is known to lead to a disaster
607 * (but it may well be that other scenarios fail similarly).
608 */
609static void tcp_options_write(__be32 *ptr, struct tcp_sock *tp,
610 struct tcp_out_options *opts)
611{
612 u16 options = opts->options; /* mungable copy */
613
614 if (unlikely(OPTION_MD5 & options)) {
615 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
616 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
617 /* overload cookie hash location */
618 opts->hash_location = (__u8 *)ptr;
619 ptr += 4;
620 }
621
622 if (unlikely(opts->mss)) {
623 *ptr++ = htonl((TCPOPT_MSS << 24) |
624 (TCPOLEN_MSS << 16) |
625 opts->mss);
626 }
627
628 if (likely(OPTION_TS & options)) {
629 if (unlikely(OPTION_SACK_ADVERTISE & options)) {
630 *ptr++ = htonl((TCPOPT_SACK_PERM << 24) |
631 (TCPOLEN_SACK_PERM << 16) |
632 (TCPOPT_TIMESTAMP << 8) |
633 TCPOLEN_TIMESTAMP);
634 options &= ~OPTION_SACK_ADVERTISE;
635 } else {
636 *ptr++ = htonl((TCPOPT_NOP << 24) |
637 (TCPOPT_NOP << 16) |
638 (TCPOPT_TIMESTAMP << 8) |
639 TCPOLEN_TIMESTAMP);
640 }
641 *ptr++ = htonl(opts->tsval);
642 *ptr++ = htonl(opts->tsecr);
643 }
644
645 if (unlikely(OPTION_SACK_ADVERTISE & options)) {
646 *ptr++ = htonl((TCPOPT_NOP << 24) |
647 (TCPOPT_NOP << 16) |
648 (TCPOPT_SACK_PERM << 8) |
649 TCPOLEN_SACK_PERM);
650 }
651
652 if (unlikely(OPTION_WSCALE & options)) {
653 *ptr++ = htonl((TCPOPT_NOP << 24) |
654 (TCPOPT_WINDOW << 16) |
655 (TCPOLEN_WINDOW << 8) |
656 opts->ws);
657 }
658
659 if (unlikely(opts->num_sack_blocks)) {
660 struct tcp_sack_block *sp = tp->rx_opt.dsack ?
661 tp->duplicate_sack : tp->selective_acks;
662 int this_sack;
663
664 *ptr++ = htonl((TCPOPT_NOP << 24) |
665 (TCPOPT_NOP << 16) |
666 (TCPOPT_SACK << 8) |
667 (TCPOLEN_SACK_BASE + (opts->num_sack_blocks *
668 TCPOLEN_SACK_PERBLOCK)));
669
670 for (this_sack = 0; this_sack < opts->num_sack_blocks;
671 ++this_sack) {
672 *ptr++ = htonl(sp[this_sack].start_seq);
673 *ptr++ = htonl(sp[this_sack].end_seq);
674 }
675
676 tp->rx_opt.dsack = 0;
677 }
678
679 if (unlikely(OPTION_FAST_OPEN_COOKIE & options)) {
680 struct tcp_fastopen_cookie *foc = opts->fastopen_cookie;
681 u8 *p = (u8 *)ptr;
682 u32 len; /* Fast Open option length */
683
684 if (foc->exp) {
685 len = TCPOLEN_EXP_FASTOPEN_BASE + foc->len;
686 *ptr = htonl((TCPOPT_EXP << 24) | (len << 16) |
687 TCPOPT_FASTOPEN_MAGIC);
688 p += TCPOLEN_EXP_FASTOPEN_BASE;
689 } else {
690 len = TCPOLEN_FASTOPEN_BASE + foc->len;
691 *p++ = TCPOPT_FASTOPEN;
692 *p++ = len;
693 }
694
695 memcpy(p, foc->val, foc->len);
696 if ((len & 3) == 2) {
697 p[foc->len] = TCPOPT_NOP;
698 p[foc->len + 1] = TCPOPT_NOP;
699 }
700 ptr += (len + 3) >> 2;
701 }
702
703 smc_options_write(ptr, &options);
704
705 mptcp_options_write(ptr, tp, opts);
706}
707
708static void smc_set_option(const struct tcp_sock *tp,
709 struct tcp_out_options *opts,
710 unsigned int *remaining)
711{
712#if IS_ENABLED(CONFIG_SMC)
713 if (static_branch_unlikely(&tcp_have_smc)) {
714 if (tp->syn_smc) {
715 if (*remaining >= TCPOLEN_EXP_SMC_BASE_ALIGNED) {
716 opts->options |= OPTION_SMC;
717 *remaining -= TCPOLEN_EXP_SMC_BASE_ALIGNED;
718 }
719 }
720 }
721#endif
722}
723
724static void smc_set_option_cond(const struct tcp_sock *tp,
725 const struct inet_request_sock *ireq,
726 struct tcp_out_options *opts,
727 unsigned int *remaining)
728{
729#if IS_ENABLED(CONFIG_SMC)
730 if (static_branch_unlikely(&tcp_have_smc)) {
731 if (tp->syn_smc && ireq->smc_ok) {
732 if (*remaining >= TCPOLEN_EXP_SMC_BASE_ALIGNED) {
733 opts->options |= OPTION_SMC;
734 *remaining -= TCPOLEN_EXP_SMC_BASE_ALIGNED;
735 }
736 }
737 }
738#endif
739}
740
741static void mptcp_set_option_cond(const struct request_sock *req,
742 struct tcp_out_options *opts,
743 unsigned int *remaining)
744{
745 if (rsk_is_mptcp(req)) {
746 unsigned int size;
747
748 if (mptcp_synack_options(req, &size, &opts->mptcp)) {
749 if (*remaining >= size) {
750 opts->options |= OPTION_MPTCP;
751 *remaining -= size;
752 }
753 }
754 }
755}
756
757/* Compute TCP options for SYN packets. This is not the final
758 * network wire format yet.
759 */
760static unsigned int tcp_syn_options(struct sock *sk, struct sk_buff *skb,
761 struct tcp_out_options *opts,
762 struct tcp_md5sig_key **md5)
763{
764 struct tcp_sock *tp = tcp_sk(sk);
765 unsigned int remaining = MAX_TCP_OPTION_SPACE;
766 struct tcp_fastopen_request *fastopen = tp->fastopen_req;
767
768 *md5 = NULL;
769#ifdef CONFIG_TCP_MD5SIG
770 if (static_branch_unlikely(&tcp_md5_needed) &&
771 rcu_access_pointer(tp->md5sig_info)) {
772 *md5 = tp->af_specific->md5_lookup(sk, sk);
773 if (*md5) {
774 opts->options |= OPTION_MD5;
775 remaining -= TCPOLEN_MD5SIG_ALIGNED;
776 }
777 }
778#endif
779
780 /* We always get an MSS option. The option bytes which will be seen in
781 * normal data packets should timestamps be used, must be in the MSS
782 * advertised. But we subtract them from tp->mss_cache so that
783 * calculations in tcp_sendmsg are simpler etc. So account for this
784 * fact here if necessary. If we don't do this correctly, as a
785 * receiver we won't recognize data packets as being full sized when we
786 * should, and thus we won't abide by the delayed ACK rules correctly.
787 * SACKs don't matter, we never delay an ACK when we have any of those
788 * going out. */
789 opts->mss = tcp_advertise_mss(sk);
790 remaining -= TCPOLEN_MSS_ALIGNED;
791
792 if (likely(sock_net(sk)->ipv4.sysctl_tcp_timestamps && !*md5)) {
793 opts->options |= OPTION_TS;
794 opts->tsval = tcp_skb_timestamp(skb) + tp->tsoffset;
795 opts->tsecr = tp->rx_opt.ts_recent;
796 remaining -= TCPOLEN_TSTAMP_ALIGNED;
797 }
798 if (likely(sock_net(sk)->ipv4.sysctl_tcp_window_scaling)) {
799 opts->ws = tp->rx_opt.rcv_wscale;
800 opts->options |= OPTION_WSCALE;
801 remaining -= TCPOLEN_WSCALE_ALIGNED;
802 }
803 if (likely(sock_net(sk)->ipv4.sysctl_tcp_sack)) {
804 opts->options |= OPTION_SACK_ADVERTISE;
805 if (unlikely(!(OPTION_TS & opts->options)))
806 remaining -= TCPOLEN_SACKPERM_ALIGNED;
807 }
808
809 if (fastopen && fastopen->cookie.len >= 0) {
810 u32 need = fastopen->cookie.len;
811
812 need += fastopen->cookie.exp ? TCPOLEN_EXP_FASTOPEN_BASE :
813 TCPOLEN_FASTOPEN_BASE;
814 need = (need + 3) & ~3U; /* Align to 32 bits */
815 if (remaining >= need) {
816 opts->options |= OPTION_FAST_OPEN_COOKIE;
817 opts->fastopen_cookie = &fastopen->cookie;
818 remaining -= need;
819 tp->syn_fastopen = 1;
820 tp->syn_fastopen_exp = fastopen->cookie.exp ? 1 : 0;
821 }
822 }
823
824 smc_set_option(tp, opts, &remaining);
825
826 if (sk_is_mptcp(sk)) {
827 unsigned int size;
828
829 if (mptcp_syn_options(sk, skb, &size, &opts->mptcp)) {
830 opts->options |= OPTION_MPTCP;
831 remaining -= size;
832 }
833 }
834
835 bpf_skops_hdr_opt_len(sk, skb, NULL, NULL, 0, opts, &remaining);
836
837 return MAX_TCP_OPTION_SPACE - remaining;
838}
839
840/* Set up TCP options for SYN-ACKs. */
841static unsigned int tcp_synack_options(const struct sock *sk,
842 struct request_sock *req,
843 unsigned int mss, struct sk_buff *skb,
844 struct tcp_out_options *opts,
845 const struct tcp_md5sig_key *md5,
846 struct tcp_fastopen_cookie *foc,
847 enum tcp_synack_type synack_type,
848 struct sk_buff *syn_skb)
849{
850 struct inet_request_sock *ireq = inet_rsk(req);
851 unsigned int remaining = MAX_TCP_OPTION_SPACE;
852
853#ifdef CONFIG_TCP_MD5SIG
854 if (md5) {
855 opts->options |= OPTION_MD5;
856 remaining -= TCPOLEN_MD5SIG_ALIGNED;
857
858 /* We can't fit any SACK blocks in a packet with MD5 + TS
859 * options. There was discussion about disabling SACK
860 * rather than TS in order to fit in better with old,
861 * buggy kernels, but that was deemed to be unnecessary.
862 */
863 if (synack_type != TCP_SYNACK_COOKIE)
864 ireq->tstamp_ok &= !ireq->sack_ok;
865 }
866#endif
867
868 /* We always send an MSS option. */
869 opts->mss = mss;
870 remaining -= TCPOLEN_MSS_ALIGNED;
871
872 if (likely(ireq->wscale_ok)) {
873 opts->ws = ireq->rcv_wscale;
874 opts->options |= OPTION_WSCALE;
875 remaining -= TCPOLEN_WSCALE_ALIGNED;
876 }
877 if (likely(ireq->tstamp_ok)) {
878 opts->options |= OPTION_TS;
879 opts->tsval = tcp_skb_timestamp(skb) + tcp_rsk(req)->ts_off;
880 opts->tsecr = req->ts_recent;
881 remaining -= TCPOLEN_TSTAMP_ALIGNED;
882 }
883 if (likely(ireq->sack_ok)) {
884 opts->options |= OPTION_SACK_ADVERTISE;
885 if (unlikely(!ireq->tstamp_ok))
886 remaining -= TCPOLEN_SACKPERM_ALIGNED;
887 }
888 if (foc != NULL && foc->len >= 0) {
889 u32 need = foc->len;
890
891 need += foc->exp ? TCPOLEN_EXP_FASTOPEN_BASE :
892 TCPOLEN_FASTOPEN_BASE;
893 need = (need + 3) & ~3U; /* Align to 32 bits */
894 if (remaining >= need) {
895 opts->options |= OPTION_FAST_OPEN_COOKIE;
896 opts->fastopen_cookie = foc;
897 remaining -= need;
898 }
899 }
900
901 mptcp_set_option_cond(req, opts, &remaining);
902
903 smc_set_option_cond(tcp_sk(sk), ireq, opts, &remaining);
904
905 bpf_skops_hdr_opt_len((struct sock *)sk, skb, req, syn_skb,
906 synack_type, opts, &remaining);
907
908 return MAX_TCP_OPTION_SPACE - remaining;
909}
910
911/* Compute TCP options for ESTABLISHED sockets. This is not the
912 * final wire format yet.
913 */
914static unsigned int tcp_established_options(struct sock *sk, struct sk_buff *skb,
915 struct tcp_out_options *opts,
916 struct tcp_md5sig_key **md5)
917{
918 struct tcp_sock *tp = tcp_sk(sk);
919 unsigned int size = 0;
920 unsigned int eff_sacks;
921
922 opts->options = 0;
923
924 *md5 = NULL;
925#ifdef CONFIG_TCP_MD5SIG
926 if (static_branch_unlikely(&tcp_md5_needed) &&
927 rcu_access_pointer(tp->md5sig_info)) {
928 *md5 = tp->af_specific->md5_lookup(sk, sk);
929 if (*md5) {
930 opts->options |= OPTION_MD5;
931 size += TCPOLEN_MD5SIG_ALIGNED;
932 }
933 }
934#endif
935
936 if (likely(tp->rx_opt.tstamp_ok)) {
937 opts->options |= OPTION_TS;
938 opts->tsval = skb ? tcp_skb_timestamp(skb) + tp->tsoffset : 0;
939 opts->tsecr = tp->rx_opt.ts_recent;
940 size += TCPOLEN_TSTAMP_ALIGNED;
941 }
942
943 /* MPTCP options have precedence over SACK for the limited TCP
944 * option space because a MPTCP connection would be forced to
945 * fall back to regular TCP if a required multipath option is
946 * missing. SACK still gets a chance to use whatever space is
947 * left.
948 */
949 if (sk_is_mptcp(sk)) {
950 unsigned int remaining = MAX_TCP_OPTION_SPACE - size;
951 unsigned int opt_size = 0;
952
953 if (mptcp_established_options(sk, skb, &opt_size, remaining,
954 &opts->mptcp)) {
955 opts->options |= OPTION_MPTCP;
956 size += opt_size;
957 }
958 }
959
960 eff_sacks = tp->rx_opt.num_sacks + tp->rx_opt.dsack;
961 if (unlikely(eff_sacks)) {
962 const unsigned int remaining = MAX_TCP_OPTION_SPACE - size;
963 if (unlikely(remaining < TCPOLEN_SACK_BASE_ALIGNED +
964 TCPOLEN_SACK_PERBLOCK))
965 return size;
966
967 opts->num_sack_blocks =
968 min_t(unsigned int, eff_sacks,
969 (remaining - TCPOLEN_SACK_BASE_ALIGNED) /
970 TCPOLEN_SACK_PERBLOCK);
971
972 size += TCPOLEN_SACK_BASE_ALIGNED +
973 opts->num_sack_blocks * TCPOLEN_SACK_PERBLOCK;
974 }
975
976 if (unlikely(BPF_SOCK_OPS_TEST_FLAG(tp,
977 BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG))) {
978 unsigned int remaining = MAX_TCP_OPTION_SPACE - size;
979
980 bpf_skops_hdr_opt_len(sk, skb, NULL, NULL, 0, opts, &remaining);
981
982 size = MAX_TCP_OPTION_SPACE - remaining;
983 }
984
985 return size;
986}
987
988
989/* TCP SMALL QUEUES (TSQ)
990 *
991 * TSQ goal is to keep small amount of skbs per tcp flow in tx queues (qdisc+dev)
992 * to reduce RTT and bufferbloat.
993 * We do this using a special skb destructor (tcp_wfree).
994 *
995 * Its important tcp_wfree() can be replaced by sock_wfree() in the event skb
996 * needs to be reallocated in a driver.
997 * The invariant being skb->truesize subtracted from sk->sk_wmem_alloc
998 *
999 * Since transmit from skb destructor is forbidden, we use a tasklet
1000 * to process all sockets that eventually need to send more skbs.
1001 * We use one tasklet per cpu, with its own queue of sockets.
1002 */
1003struct tsq_tasklet {
1004 struct tasklet_struct tasklet;
1005 struct list_head head; /* queue of tcp sockets */
1006};
1007static DEFINE_PER_CPU(struct tsq_tasklet, tsq_tasklet);
1008
1009static void tcp_tsq_write(struct sock *sk)
1010{
1011 if ((1 << sk->sk_state) &
1012 (TCPF_ESTABLISHED | TCPF_FIN_WAIT1 | TCPF_CLOSING |
1013 TCPF_CLOSE_WAIT | TCPF_LAST_ACK)) {
1014 struct tcp_sock *tp = tcp_sk(sk);
1015
1016 if (tp->lost_out > tp->retrans_out &&
1017 tp->snd_cwnd > tcp_packets_in_flight(tp)) {
1018 tcp_mstamp_refresh(tp);
1019 tcp_xmit_retransmit_queue(sk);
1020 }
1021
1022 tcp_write_xmit(sk, tcp_current_mss(sk), tp->nonagle,
1023 0, GFP_ATOMIC);
1024 }
1025}
1026
1027static void tcp_tsq_handler(struct sock *sk)
1028{
1029 bh_lock_sock(sk);
1030 if (!sock_owned_by_user(sk))
1031 tcp_tsq_write(sk);
1032 else if (!test_and_set_bit(TCP_TSQ_DEFERRED, &sk->sk_tsq_flags))
1033 sock_hold(sk);
1034 bh_unlock_sock(sk);
1035}
1036/*
1037 * One tasklet per cpu tries to send more skbs.
1038 * We run in tasklet context but need to disable irqs when
1039 * transferring tsq->head because tcp_wfree() might
1040 * interrupt us (non NAPI drivers)
1041 */
1042static void tcp_tasklet_func(struct tasklet_struct *t)
1043{
1044 struct tsq_tasklet *tsq = from_tasklet(tsq, t, tasklet);
1045 LIST_HEAD(list);
1046 unsigned long flags;
1047 struct list_head *q, *n;
1048 struct tcp_sock *tp;
1049 struct sock *sk;
1050
1051 local_irq_save(flags);
1052 list_splice_init(&tsq->head, &list);
1053 local_irq_restore(flags);
1054
1055 list_for_each_safe(q, n, &list) {
1056 tp = list_entry(q, struct tcp_sock, tsq_node);
1057 list_del(&tp->tsq_node);
1058
1059 sk = (struct sock *)tp;
1060 smp_mb__before_atomic();
1061 clear_bit(TSQ_QUEUED, &sk->sk_tsq_flags);
1062
1063 tcp_tsq_handler(sk);
1064 sk_free(sk);
1065 }
1066}
1067
1068#define TCP_DEFERRED_ALL (TCPF_TSQ_DEFERRED | \
1069 TCPF_WRITE_TIMER_DEFERRED | \
1070 TCPF_DELACK_TIMER_DEFERRED | \
1071 TCPF_MTU_REDUCED_DEFERRED)
1072/**
1073 * tcp_release_cb - tcp release_sock() callback
1074 * @sk: socket
1075 *
1076 * called from release_sock() to perform protocol dependent
1077 * actions before socket release.
1078 */
1079void tcp_release_cb(struct sock *sk)
1080{
1081 unsigned long flags, nflags;
1082
1083 /* perform an atomic operation only if at least one flag is set */
1084 do {
1085 flags = sk->sk_tsq_flags;
1086 if (!(flags & TCP_DEFERRED_ALL))
1087 return;
1088 nflags = flags & ~TCP_DEFERRED_ALL;
1089 } while (cmpxchg(&sk->sk_tsq_flags, flags, nflags) != flags);
1090
1091 if (flags & TCPF_TSQ_DEFERRED) {
1092 tcp_tsq_write(sk);
1093 __sock_put(sk);
1094 }
1095 /* Here begins the tricky part :
1096 * We are called from release_sock() with :
1097 * 1) BH disabled
1098 * 2) sk_lock.slock spinlock held
1099 * 3) socket owned by us (sk->sk_lock.owned == 1)
1100 *
1101 * But following code is meant to be called from BH handlers,
1102 * so we should keep BH disabled, but early release socket ownership
1103 */
1104 sock_release_ownership(sk);
1105
1106 if (flags & TCPF_WRITE_TIMER_DEFERRED) {
1107 tcp_write_timer_handler(sk);
1108 __sock_put(sk);
1109 }
1110 if (flags & TCPF_DELACK_TIMER_DEFERRED) {
1111 tcp_delack_timer_handler(sk);
1112 __sock_put(sk);
1113 }
1114 if (flags & TCPF_MTU_REDUCED_DEFERRED) {
1115 inet_csk(sk)->icsk_af_ops->mtu_reduced(sk);
1116 __sock_put(sk);
1117 }
1118}
1119EXPORT_SYMBOL(tcp_release_cb);
1120
1121void __init tcp_tasklet_init(void)
1122{
1123 int i;
1124
1125 for_each_possible_cpu(i) {
1126 struct tsq_tasklet *tsq = &per_cpu(tsq_tasklet, i);
1127
1128 INIT_LIST_HEAD(&tsq->head);
1129 tasklet_setup(&tsq->tasklet, tcp_tasklet_func);
1130 }
1131}
1132
1133/*
1134 * Write buffer destructor automatically called from kfree_skb.
1135 * We can't xmit new skbs from this context, as we might already
1136 * hold qdisc lock.
1137 */
1138void tcp_wfree(struct sk_buff *skb)
1139{
1140 struct sock *sk = skb->sk;
1141 struct tcp_sock *tp = tcp_sk(sk);
1142 unsigned long flags, nval, oval;
1143
1144 /* Keep one reference on sk_wmem_alloc.
1145 * Will be released by sk_free() from here or tcp_tasklet_func()
1146 */
1147 WARN_ON(refcount_sub_and_test(skb->truesize - 1, &sk->sk_wmem_alloc));
1148
1149 /* If this softirq is serviced by ksoftirqd, we are likely under stress.
1150 * Wait until our queues (qdisc + devices) are drained.
1151 * This gives :
1152 * - less callbacks to tcp_write_xmit(), reducing stress (batches)
1153 * - chance for incoming ACK (processed by another cpu maybe)
1154 * to migrate this flow (skb->ooo_okay will be eventually set)
1155 */
1156 if (refcount_read(&sk->sk_wmem_alloc) >= SKB_TRUESIZE(1) && this_cpu_ksoftirqd() == current)
1157 goto out;
1158
1159 for (oval = READ_ONCE(sk->sk_tsq_flags);; oval = nval) {
1160 struct tsq_tasklet *tsq;
1161 bool empty;
1162
1163 if (!(oval & TSQF_THROTTLED) || (oval & TSQF_QUEUED))
1164 goto out;
1165
1166 nval = (oval & ~TSQF_THROTTLED) | TSQF_QUEUED;
1167 nval = cmpxchg(&sk->sk_tsq_flags, oval, nval);
1168 if (nval != oval)
1169 continue;
1170
1171 /* queue this socket to tasklet queue */
1172 local_irq_save(flags);
1173 tsq = this_cpu_ptr(&tsq_tasklet);
1174 empty = list_empty(&tsq->head);
1175 list_add(&tp->tsq_node, &tsq->head);
1176 if (empty)
1177 tasklet_schedule(&tsq->tasklet);
1178 local_irq_restore(flags);
1179 return;
1180 }
1181out:
1182 sk_free(sk);
1183}
1184
1185/* Note: Called under soft irq.
1186 * We can call TCP stack right away, unless socket is owned by user.
1187 */
1188enum hrtimer_restart tcp_pace_kick(struct hrtimer *timer)
1189{
1190 struct tcp_sock *tp = container_of(timer, struct tcp_sock, pacing_timer);
1191 struct sock *sk = (struct sock *)tp;
1192
1193 tcp_tsq_handler(sk);
1194 sock_put(sk);
1195
1196 return HRTIMER_NORESTART;
1197}
1198
1199static void tcp_update_skb_after_send(struct sock *sk, struct sk_buff *skb,
1200 u64 prior_wstamp)
1201{
1202 struct tcp_sock *tp = tcp_sk(sk);
1203
1204 if (sk->sk_pacing_status != SK_PACING_NONE) {
1205 unsigned long rate = sk->sk_pacing_rate;
1206
1207 /* Original sch_fq does not pace first 10 MSS
1208 * Note that tp->data_segs_out overflows after 2^32 packets,
1209 * this is a minor annoyance.
1210 */
1211 if (rate != ~0UL && rate && tp->data_segs_out >= 10) {
1212 u64 len_ns = div64_ul((u64)skb->len * NSEC_PER_SEC, rate);
1213 u64 credit = tp->tcp_wstamp_ns - prior_wstamp;
1214
1215 /* take into account OS jitter */
1216 len_ns -= min_t(u64, len_ns / 2, credit);
1217 tp->tcp_wstamp_ns += len_ns;
1218 }
1219 }
1220 list_move_tail(&skb->tcp_tsorted_anchor, &tp->tsorted_sent_queue);
1221}
1222
1223INDIRECT_CALLABLE_DECLARE(int ip_queue_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl));
1224INDIRECT_CALLABLE_DECLARE(int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl));
1225INDIRECT_CALLABLE_DECLARE(void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb));
1226
1227/* This routine actually transmits TCP packets queued in by
1228 * tcp_do_sendmsg(). This is used by both the initial
1229 * transmission and possible later retransmissions.
1230 * All SKB's seen here are completely headerless. It is our
1231 * job to build the TCP header, and pass the packet down to
1232 * IP so it can do the same plus pass the packet off to the
1233 * device.
1234 *
1235 * We are working here with either a clone of the original
1236 * SKB, or a fresh unique copy made by the retransmit engine.
1237 */
1238static int __tcp_transmit_skb(struct sock *sk, struct sk_buff *skb,
1239 int clone_it, gfp_t gfp_mask, u32 rcv_nxt)
1240{
1241 const struct inet_connection_sock *icsk = inet_csk(sk);
1242 struct inet_sock *inet;
1243 struct tcp_sock *tp;
1244 struct tcp_skb_cb *tcb;
1245 struct tcp_out_options opts;
1246 unsigned int tcp_options_size, tcp_header_size;
1247 struct sk_buff *oskb = NULL;
1248 struct tcp_md5sig_key *md5;
1249 struct tcphdr *th;
1250 u64 prior_wstamp;
1251 int err;
1252
1253 BUG_ON(!skb || !tcp_skb_pcount(skb));
1254 tp = tcp_sk(sk);
1255 prior_wstamp = tp->tcp_wstamp_ns;
1256 tp->tcp_wstamp_ns = max(tp->tcp_wstamp_ns, tp->tcp_clock_cache);
1257 skb->skb_mstamp_ns = tp->tcp_wstamp_ns;
1258 if (clone_it) {
1259 TCP_SKB_CB(skb)->tx.in_flight = TCP_SKB_CB(skb)->end_seq
1260 - tp->snd_una;
1261 oskb = skb;
1262
1263 tcp_skb_tsorted_save(oskb) {
1264 if (unlikely(skb_cloned(oskb)))
1265 skb = pskb_copy(oskb, gfp_mask);
1266 else
1267 skb = skb_clone(oskb, gfp_mask);
1268 } tcp_skb_tsorted_restore(oskb);
1269
1270 if (unlikely(!skb))
1271 return -ENOBUFS;
1272 /* retransmit skbs might have a non zero value in skb->dev
1273 * because skb->dev is aliased with skb->rbnode.rb_left
1274 */
1275 skb->dev = NULL;
1276 }
1277
1278 inet = inet_sk(sk);
1279 tcb = TCP_SKB_CB(skb);
1280 memset(&opts, 0, sizeof(opts));
1281
1282 if (unlikely(tcb->tcp_flags & TCPHDR_SYN)) {
1283 tcp_options_size = tcp_syn_options(sk, skb, &opts, &md5);
1284 } else {
1285 tcp_options_size = tcp_established_options(sk, skb, &opts,
1286 &md5);
1287 /* Force a PSH flag on all (GSO) packets to expedite GRO flush
1288 * at receiver : This slightly improve GRO performance.
1289 * Note that we do not force the PSH flag for non GSO packets,
1290 * because they might be sent under high congestion events,
1291 * and in this case it is better to delay the delivery of 1-MSS
1292 * packets and thus the corresponding ACK packet that would
1293 * release the following packet.
1294 */
1295 if (tcp_skb_pcount(skb) > 1)
1296 tcb->tcp_flags |= TCPHDR_PSH;
1297 }
1298 tcp_header_size = tcp_options_size + sizeof(struct tcphdr);
1299
1300 /* if no packet is in qdisc/device queue, then allow XPS to select
1301 * another queue. We can be called from tcp_tsq_handler()
1302 * which holds one reference to sk.
1303 *
1304 * TODO: Ideally, in-flight pure ACK packets should not matter here.
1305 * One way to get this would be to set skb->truesize = 2 on them.
1306 */
1307 skb->ooo_okay = sk_wmem_alloc_get(sk) < SKB_TRUESIZE(1);
1308
1309 /* If we had to use memory reserve to allocate this skb,
1310 * this might cause drops if packet is looped back :
1311 * Other socket might not have SOCK_MEMALLOC.
1312 * Packets not looped back do not care about pfmemalloc.
1313 */
1314 skb->pfmemalloc = 0;
1315
1316 skb_push(skb, tcp_header_size);
1317 skb_reset_transport_header(skb);
1318
1319 skb_orphan(skb);
1320 skb->sk = sk;
1321 skb->destructor = skb_is_tcp_pure_ack(skb) ? __sock_wfree : tcp_wfree;
1322 refcount_add(skb->truesize, &sk->sk_wmem_alloc);
1323
1324 skb_set_dst_pending_confirm(skb, sk->sk_dst_pending_confirm);
1325
1326 /* Build TCP header and checksum it. */
1327 th = (struct tcphdr *)skb->data;
1328 th->source = inet->inet_sport;
1329 th->dest = inet->inet_dport;
1330 th->seq = htonl(tcb->seq);
1331 th->ack_seq = htonl(rcv_nxt);
1332 *(((__be16 *)th) + 6) = htons(((tcp_header_size >> 2) << 12) |
1333 tcb->tcp_flags);
1334
1335 th->check = 0;
1336 th->urg_ptr = 0;
1337
1338 /* The urg_mode check is necessary during a below snd_una win probe */
1339 if (unlikely(tcp_urg_mode(tp) && before(tcb->seq, tp->snd_up))) {
1340 if (before(tp->snd_up, tcb->seq + 0x10000)) {
1341 th->urg_ptr = htons(tp->snd_up - tcb->seq);
1342 th->urg = 1;
1343 } else if (after(tcb->seq + 0xFFFF, tp->snd_nxt)) {
1344 th->urg_ptr = htons(0xFFFF);
1345 th->urg = 1;
1346 }
1347 }
1348
1349 skb_shinfo(skb)->gso_type = sk->sk_gso_type;
1350 if (likely(!(tcb->tcp_flags & TCPHDR_SYN))) {
1351 th->window = htons(tcp_select_window(sk));
1352 tcp_ecn_send(sk, skb, th, tcp_header_size);
1353 } else {
1354 /* RFC1323: The window in SYN & SYN/ACK segments
1355 * is never scaled.
1356 */
1357 th->window = htons(min(tp->rcv_wnd, 65535U));
1358 }
1359
1360 tcp_options_write((__be32 *)(th + 1), tp, &opts);
1361
1362#ifdef CONFIG_TCP_MD5SIG
1363 /* Calculate the MD5 hash, as we have all we need now */
1364 if (md5) {
1365 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
1366 tp->af_specific->calc_md5_hash(opts.hash_location,
1367 md5, sk, skb);
1368 }
1369#endif
1370
1371 /* BPF prog is the last one writing header option */
1372 bpf_skops_write_hdr_opt(sk, skb, NULL, NULL, 0, &opts);
1373
1374 INDIRECT_CALL_INET(icsk->icsk_af_ops->send_check,
1375 tcp_v6_send_check, tcp_v4_send_check,
1376 sk, skb);
1377
1378 if (likely(tcb->tcp_flags & TCPHDR_ACK))
1379 tcp_event_ack_sent(sk, tcp_skb_pcount(skb), rcv_nxt);
1380
1381 if (skb->len != tcp_header_size) {
1382 tcp_event_data_sent(tp, sk);
1383 tp->data_segs_out += tcp_skb_pcount(skb);
1384 tp->bytes_sent += skb->len - tcp_header_size;
1385 }
1386
1387 if (after(tcb->end_seq, tp->snd_nxt) || tcb->seq == tcb->end_seq)
1388 TCP_ADD_STATS(sock_net(sk), TCP_MIB_OUTSEGS,
1389 tcp_skb_pcount(skb));
1390
1391 tp->segs_out += tcp_skb_pcount(skb);
1392 skb_set_hash_from_sk(skb, sk);
1393 /* OK, its time to fill skb_shinfo(skb)->gso_{segs|size} */
1394 skb_shinfo(skb)->gso_segs = tcp_skb_pcount(skb);
1395 skb_shinfo(skb)->gso_size = tcp_skb_mss(skb);
1396
1397 /* Leave earliest departure time in skb->tstamp (skb->skb_mstamp_ns) */
1398
1399 /* Cleanup our debris for IP stacks */
1400 memset(skb->cb, 0, max(sizeof(struct inet_skb_parm),
1401 sizeof(struct inet6_skb_parm)));
1402
1403 tcp_add_tx_delay(skb, tp);
1404
1405 err = INDIRECT_CALL_INET(icsk->icsk_af_ops->queue_xmit,
1406 inet6_csk_xmit, ip_queue_xmit,
1407 sk, skb, &inet->cork.fl);
1408
1409 if (unlikely(err > 0)) {
1410 tcp_enter_cwr(sk);
1411 err = net_xmit_eval(err);
1412 }
1413 if (!err && oskb) {
1414 tcp_update_skb_after_send(sk, oskb, prior_wstamp);
1415 tcp_rate_skb_sent(sk, oskb);
1416 }
1417 return err;
1418}
1419
1420static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
1421 gfp_t gfp_mask)
1422{
1423 return __tcp_transmit_skb(sk, skb, clone_it, gfp_mask,
1424 tcp_sk(sk)->rcv_nxt);
1425}
1426
1427/* This routine just queues the buffer for sending.
1428 *
1429 * NOTE: probe0 timer is not checked, do not forget tcp_push_pending_frames,
1430 * otherwise socket can stall.
1431 */
1432static void tcp_queue_skb(struct sock *sk, struct sk_buff *skb)
1433{
1434 struct tcp_sock *tp = tcp_sk(sk);
1435
1436 /* Advance write_seq and place onto the write_queue. */
1437 WRITE_ONCE(tp->write_seq, TCP_SKB_CB(skb)->end_seq);
1438 __skb_header_release(skb);
1439 tcp_add_write_queue_tail(sk, skb);
1440 sk_wmem_queued_add(sk, skb->truesize);
1441 sk_mem_charge(sk, skb->truesize);
1442}
1443
1444/* Initialize TSO segments for a packet. */
1445static void tcp_set_skb_tso_segs(struct sk_buff *skb, unsigned int mss_now)
1446{
1447 if (skb->len <= mss_now) {
1448 /* Avoid the costly divide in the normal
1449 * non-TSO case.
1450 */
1451 tcp_skb_pcount_set(skb, 1);
1452 TCP_SKB_CB(skb)->tcp_gso_size = 0;
1453 } else {
1454 tcp_skb_pcount_set(skb, DIV_ROUND_UP(skb->len, mss_now));
1455 TCP_SKB_CB(skb)->tcp_gso_size = mss_now;
1456 }
1457}
1458
1459/* Pcount in the middle of the write queue got changed, we need to do various
1460 * tweaks to fix counters
1461 */
1462static void tcp_adjust_pcount(struct sock *sk, const struct sk_buff *skb, int decr)
1463{
1464 struct tcp_sock *tp = tcp_sk(sk);
1465
1466 tp->packets_out -= decr;
1467
1468 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)
1469 tp->sacked_out -= decr;
1470 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS)
1471 tp->retrans_out -= decr;
1472 if (TCP_SKB_CB(skb)->sacked & TCPCB_LOST)
1473 tp->lost_out -= decr;
1474
1475 /* Reno case is special. Sigh... */
1476 if (tcp_is_reno(tp) && decr > 0)
1477 tp->sacked_out -= min_t(u32, tp->sacked_out, decr);
1478
1479 if (tp->lost_skb_hint &&
1480 before(TCP_SKB_CB(skb)->seq, TCP_SKB_CB(tp->lost_skb_hint)->seq) &&
1481 (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED))
1482 tp->lost_cnt_hint -= decr;
1483
1484 tcp_verify_left_out(tp);
1485}
1486
1487static bool tcp_has_tx_tstamp(const struct sk_buff *skb)
1488{
1489 return TCP_SKB_CB(skb)->txstamp_ack ||
1490 (skb_shinfo(skb)->tx_flags & SKBTX_ANY_TSTAMP);
1491}
1492
1493static void tcp_fragment_tstamp(struct sk_buff *skb, struct sk_buff *skb2)
1494{
1495 struct skb_shared_info *shinfo = skb_shinfo(skb);
1496
1497 if (unlikely(tcp_has_tx_tstamp(skb)) &&
1498 !before(shinfo->tskey, TCP_SKB_CB(skb2)->seq)) {
1499 struct skb_shared_info *shinfo2 = skb_shinfo(skb2);
1500 u8 tsflags = shinfo->tx_flags & SKBTX_ANY_TSTAMP;
1501
1502 shinfo->tx_flags &= ~tsflags;
1503 shinfo2->tx_flags |= tsflags;
1504 swap(shinfo->tskey, shinfo2->tskey);
1505 TCP_SKB_CB(skb2)->txstamp_ack = TCP_SKB_CB(skb)->txstamp_ack;
1506 TCP_SKB_CB(skb)->txstamp_ack = 0;
1507 }
1508}
1509
1510static void tcp_skb_fragment_eor(struct sk_buff *skb, struct sk_buff *skb2)
1511{
1512 TCP_SKB_CB(skb2)->eor = TCP_SKB_CB(skb)->eor;
1513 TCP_SKB_CB(skb)->eor = 0;
1514}
1515
1516/* Insert buff after skb on the write or rtx queue of sk. */
1517static void tcp_insert_write_queue_after(struct sk_buff *skb,
1518 struct sk_buff *buff,
1519 struct sock *sk,
1520 enum tcp_queue tcp_queue)
1521{
1522 if (tcp_queue == TCP_FRAG_IN_WRITE_QUEUE)
1523 __skb_queue_after(&sk->sk_write_queue, skb, buff);
1524 else
1525 tcp_rbtree_insert(&sk->tcp_rtx_queue, buff);
1526}
1527
1528/* Function to create two new TCP segments. Shrinks the given segment
1529 * to the specified size and appends a new segment with the rest of the
1530 * packet to the list. This won't be called frequently, I hope.
1531 * Remember, these are still headerless SKBs at this point.
1532 */
1533int tcp_fragment(struct sock *sk, enum tcp_queue tcp_queue,
1534 struct sk_buff *skb, u32 len,
1535 unsigned int mss_now, gfp_t gfp)
1536{
1537 struct tcp_sock *tp = tcp_sk(sk);
1538 struct sk_buff *buff;
1539 int nsize, old_factor;
1540 long limit;
1541 int nlen;
1542 u8 flags;
1543
1544 if (WARN_ON(len > skb->len))
1545 return -EINVAL;
1546
1547 nsize = skb_headlen(skb) - len;
1548 if (nsize < 0)
1549 nsize = 0;
1550
1551 /* tcp_sendmsg() can overshoot sk_wmem_queued by one full size skb.
1552 * We need some allowance to not penalize applications setting small
1553 * SO_SNDBUF values.
1554 * Also allow first and last skb in retransmit queue to be split.
1555 */
1556 limit = sk->sk_sndbuf + 2 * SKB_TRUESIZE(GSO_MAX_SIZE);
1557 if (unlikely((sk->sk_wmem_queued >> 1) > limit &&
1558 tcp_queue != TCP_FRAG_IN_WRITE_QUEUE &&
1559 skb != tcp_rtx_queue_head(sk) &&
1560 skb != tcp_rtx_queue_tail(sk))) {
1561 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPWQUEUETOOBIG);
1562 return -ENOMEM;
1563 }
1564
1565 if (skb_unclone(skb, gfp))
1566 return -ENOMEM;
1567
1568 /* Get a new skb... force flag on. */
1569 buff = sk_stream_alloc_skb(sk, nsize, gfp, true);
1570 if (!buff)
1571 return -ENOMEM; /* We'll just try again later. */
1572 skb_copy_decrypted(buff, skb);
1573 mptcp_skb_ext_copy(buff, skb);
1574
1575 sk_wmem_queued_add(sk, buff->truesize);
1576 sk_mem_charge(sk, buff->truesize);
1577 nlen = skb->len - len - nsize;
1578 buff->truesize += nlen;
1579 skb->truesize -= nlen;
1580
1581 /* Correct the sequence numbers. */
1582 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len;
1583 TCP_SKB_CB(buff)->end_seq = TCP_SKB_CB(skb)->end_seq;
1584 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq;
1585
1586 /* PSH and FIN should only be set in the second packet. */
1587 flags = TCP_SKB_CB(skb)->tcp_flags;
1588 TCP_SKB_CB(skb)->tcp_flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH);
1589 TCP_SKB_CB(buff)->tcp_flags = flags;
1590 TCP_SKB_CB(buff)->sacked = TCP_SKB_CB(skb)->sacked;
1591 tcp_skb_fragment_eor(skb, buff);
1592
1593 skb_split(skb, buff, len);
1594
1595 buff->ip_summed = CHECKSUM_PARTIAL;
1596
1597 buff->tstamp = skb->tstamp;
1598 tcp_fragment_tstamp(skb, buff);
1599
1600 old_factor = tcp_skb_pcount(skb);
1601
1602 /* Fix up tso_factor for both original and new SKB. */
1603 tcp_set_skb_tso_segs(skb, mss_now);
1604 tcp_set_skb_tso_segs(buff, mss_now);
1605
1606 /* Update delivered info for the new segment */
1607 TCP_SKB_CB(buff)->tx = TCP_SKB_CB(skb)->tx;
1608
1609 /* If this packet has been sent out already, we must
1610 * adjust the various packet counters.
1611 */
1612 if (!before(tp->snd_nxt, TCP_SKB_CB(buff)->end_seq)) {
1613 int diff = old_factor - tcp_skb_pcount(skb) -
1614 tcp_skb_pcount(buff);
1615
1616 if (diff)
1617 tcp_adjust_pcount(sk, skb, diff);
1618 }
1619
1620 /* Link BUFF into the send queue. */
1621 __skb_header_release(buff);
1622 tcp_insert_write_queue_after(skb, buff, sk, tcp_queue);
1623 if (tcp_queue == TCP_FRAG_IN_RTX_QUEUE)
1624 list_add(&buff->tcp_tsorted_anchor, &skb->tcp_tsorted_anchor);
1625
1626 return 0;
1627}
1628
1629/* This is similar to __pskb_pull_tail(). The difference is that pulled
1630 * data is not copied, but immediately discarded.
1631 */
1632static int __pskb_trim_head(struct sk_buff *skb, int len)
1633{
1634 struct skb_shared_info *shinfo;
1635 int i, k, eat;
1636
1637 eat = min_t(int, len, skb_headlen(skb));
1638 if (eat) {
1639 __skb_pull(skb, eat);
1640 len -= eat;
1641 if (!len)
1642 return 0;
1643 }
1644 eat = len;
1645 k = 0;
1646 shinfo = skb_shinfo(skb);
1647 for (i = 0; i < shinfo->nr_frags; i++) {
1648 int size = skb_frag_size(&shinfo->frags[i]);
1649
1650 if (size <= eat) {
1651 skb_frag_unref(skb, i);
1652 eat -= size;
1653 } else {
1654 shinfo->frags[k] = shinfo->frags[i];
1655 if (eat) {
1656 skb_frag_off_add(&shinfo->frags[k], eat);
1657 skb_frag_size_sub(&shinfo->frags[k], eat);
1658 eat = 0;
1659 }
1660 k++;
1661 }
1662 }
1663 shinfo->nr_frags = k;
1664
1665 skb->data_len -= len;
1666 skb->len = skb->data_len;
1667 return len;
1668}
1669
1670/* Remove acked data from a packet in the transmit queue. */
1671int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len)
1672{
1673 u32 delta_truesize;
1674
1675 if (skb_unclone(skb, GFP_ATOMIC))
1676 return -ENOMEM;
1677
1678 delta_truesize = __pskb_trim_head(skb, len);
1679
1680 TCP_SKB_CB(skb)->seq += len;
1681 skb->ip_summed = CHECKSUM_PARTIAL;
1682
1683 if (delta_truesize) {
1684 skb->truesize -= delta_truesize;
1685 sk_wmem_queued_add(sk, -delta_truesize);
1686 sk_mem_uncharge(sk, delta_truesize);
1687 }
1688
1689 /* Any change of skb->len requires recalculation of tso factor. */
1690 if (tcp_skb_pcount(skb) > 1)
1691 tcp_set_skb_tso_segs(skb, tcp_skb_mss(skb));
1692
1693 return 0;
1694}
1695
1696/* Calculate MSS not accounting any TCP options. */
1697static inline int __tcp_mtu_to_mss(struct sock *sk, int pmtu)
1698{
1699 const struct tcp_sock *tp = tcp_sk(sk);
1700 const struct inet_connection_sock *icsk = inet_csk(sk);
1701 int mss_now;
1702
1703 /* Calculate base mss without TCP options:
1704 It is MMS_S - sizeof(tcphdr) of rfc1122
1705 */
1706 mss_now = pmtu - icsk->icsk_af_ops->net_header_len - sizeof(struct tcphdr);
1707
1708 /* IPv6 adds a frag_hdr in case RTAX_FEATURE_ALLFRAG is set */
1709 if (icsk->icsk_af_ops->net_frag_header_len) {
1710 const struct dst_entry *dst = __sk_dst_get(sk);
1711
1712 if (dst && dst_allfrag(dst))
1713 mss_now -= icsk->icsk_af_ops->net_frag_header_len;
1714 }
1715
1716 /* Clamp it (mss_clamp does not include tcp options) */
1717 if (mss_now > tp->rx_opt.mss_clamp)
1718 mss_now = tp->rx_opt.mss_clamp;
1719
1720 /* Now subtract optional transport overhead */
1721 mss_now -= icsk->icsk_ext_hdr_len;
1722
1723 /* Then reserve room for full set of TCP options and 8 bytes of data */
1724 mss_now = max(mss_now, sock_net(sk)->ipv4.sysctl_tcp_min_snd_mss);
1725 return mss_now;
1726}
1727
1728/* Calculate MSS. Not accounting for SACKs here. */
1729int tcp_mtu_to_mss(struct sock *sk, int pmtu)
1730{
1731 /* Subtract TCP options size, not including SACKs */
1732 return __tcp_mtu_to_mss(sk, pmtu) -
1733 (tcp_sk(sk)->tcp_header_len - sizeof(struct tcphdr));
1734}
1735EXPORT_SYMBOL(tcp_mtu_to_mss);
1736
1737/* Inverse of above */
1738int tcp_mss_to_mtu(struct sock *sk, int mss)
1739{
1740 const struct tcp_sock *tp = tcp_sk(sk);
1741 const struct inet_connection_sock *icsk = inet_csk(sk);
1742 int mtu;
1743
1744 mtu = mss +
1745 tp->tcp_header_len +
1746 icsk->icsk_ext_hdr_len +
1747 icsk->icsk_af_ops->net_header_len;
1748
1749 /* IPv6 adds a frag_hdr in case RTAX_FEATURE_ALLFRAG is set */
1750 if (icsk->icsk_af_ops->net_frag_header_len) {
1751 const struct dst_entry *dst = __sk_dst_get(sk);
1752
1753 if (dst && dst_allfrag(dst))
1754 mtu += icsk->icsk_af_ops->net_frag_header_len;
1755 }
1756 return mtu;
1757}
1758EXPORT_SYMBOL(tcp_mss_to_mtu);
1759
1760/* MTU probing init per socket */
1761void tcp_mtup_init(struct sock *sk)
1762{
1763 struct tcp_sock *tp = tcp_sk(sk);
1764 struct inet_connection_sock *icsk = inet_csk(sk);
1765 struct net *net = sock_net(sk);
1766
1767 icsk->icsk_mtup.enabled = net->ipv4.sysctl_tcp_mtu_probing > 1;
1768 icsk->icsk_mtup.search_high = tp->rx_opt.mss_clamp + sizeof(struct tcphdr) +
1769 icsk->icsk_af_ops->net_header_len;
1770 icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, net->ipv4.sysctl_tcp_base_mss);
1771 icsk->icsk_mtup.probe_size = 0;
1772 if (icsk->icsk_mtup.enabled)
1773 icsk->icsk_mtup.probe_timestamp = tcp_jiffies32;
1774}
1775EXPORT_SYMBOL(tcp_mtup_init);
1776
1777/* This function synchronize snd mss to current pmtu/exthdr set.
1778
1779 tp->rx_opt.user_mss is mss set by user by TCP_MAXSEG. It does NOT counts
1780 for TCP options, but includes only bare TCP header.
1781
1782 tp->rx_opt.mss_clamp is mss negotiated at connection setup.
1783 It is minimum of user_mss and mss received with SYN.
1784 It also does not include TCP options.
1785
1786 inet_csk(sk)->icsk_pmtu_cookie is last pmtu, seen by this function.
1787
1788 tp->mss_cache is current effective sending mss, including
1789 all tcp options except for SACKs. It is evaluated,
1790 taking into account current pmtu, but never exceeds
1791 tp->rx_opt.mss_clamp.
1792
1793 NOTE1. rfc1122 clearly states that advertised MSS
1794 DOES NOT include either tcp or ip options.
1795
1796 NOTE2. inet_csk(sk)->icsk_pmtu_cookie and tp->mss_cache
1797 are READ ONLY outside this function. --ANK (980731)
1798 */
1799unsigned int tcp_sync_mss(struct sock *sk, u32 pmtu)
1800{
1801 struct tcp_sock *tp = tcp_sk(sk);
1802 struct inet_connection_sock *icsk = inet_csk(sk);
1803 int mss_now;
1804
1805 if (icsk->icsk_mtup.search_high > pmtu)
1806 icsk->icsk_mtup.search_high = pmtu;
1807
1808 mss_now = tcp_mtu_to_mss(sk, pmtu);
1809 mss_now = tcp_bound_to_half_wnd(tp, mss_now);
1810
1811 /* And store cached results */
1812 icsk->icsk_pmtu_cookie = pmtu;
1813 if (icsk->icsk_mtup.enabled)
1814 mss_now = min(mss_now, tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low));
1815 tp->mss_cache = mss_now;
1816
1817 return mss_now;
1818}
1819EXPORT_SYMBOL(tcp_sync_mss);
1820
1821/* Compute the current effective MSS, taking SACKs and IP options,
1822 * and even PMTU discovery events into account.
1823 */
1824unsigned int tcp_current_mss(struct sock *sk)
1825{
1826 const struct tcp_sock *tp = tcp_sk(sk);
1827 const struct dst_entry *dst = __sk_dst_get(sk);
1828 u32 mss_now;
1829 unsigned int header_len;
1830 struct tcp_out_options opts;
1831 struct tcp_md5sig_key *md5;
1832
1833 mss_now = tp->mss_cache;
1834
1835 if (dst) {
1836 u32 mtu = dst_mtu(dst);
1837 if (mtu != inet_csk(sk)->icsk_pmtu_cookie)
1838 mss_now = tcp_sync_mss(sk, mtu);
1839 }
1840
1841 header_len = tcp_established_options(sk, NULL, &opts, &md5) +
1842 sizeof(struct tcphdr);
1843 /* The mss_cache is sized based on tp->tcp_header_len, which assumes
1844 * some common options. If this is an odd packet (because we have SACK
1845 * blocks etc) then our calculated header_len will be different, and
1846 * we have to adjust mss_now correspondingly */
1847 if (header_len != tp->tcp_header_len) {
1848 int delta = (int) header_len - tp->tcp_header_len;
1849 mss_now -= delta;
1850 }
1851
1852 return mss_now;
1853}
1854
1855/* RFC2861, slow part. Adjust cwnd, after it was not full during one rto.
1856 * As additional protections, we do not touch cwnd in retransmission phases,
1857 * and if application hit its sndbuf limit recently.
1858 */
1859static void tcp_cwnd_application_limited(struct sock *sk)
1860{
1861 struct tcp_sock *tp = tcp_sk(sk);
1862
1863 if (inet_csk(sk)->icsk_ca_state == TCP_CA_Open &&
1864 sk->sk_socket && !test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) {
1865 /* Limited by application or receiver window. */
1866 u32 init_win = tcp_init_cwnd(tp, __sk_dst_get(sk));
1867 u32 win_used = max(tp->snd_cwnd_used, init_win);
1868 if (win_used < tp->snd_cwnd) {
1869 tp->snd_ssthresh = tcp_current_ssthresh(sk);
1870 tp->snd_cwnd = (tp->snd_cwnd + win_used) >> 1;
1871 }
1872 tp->snd_cwnd_used = 0;
1873 }
1874 tp->snd_cwnd_stamp = tcp_jiffies32;
1875}
1876
1877static void tcp_cwnd_validate(struct sock *sk, bool is_cwnd_limited)
1878{
1879 const struct tcp_congestion_ops *ca_ops = inet_csk(sk)->icsk_ca_ops;
1880 struct tcp_sock *tp = tcp_sk(sk);
1881
1882 /* Track the maximum number of outstanding packets in each
1883 * window, and remember whether we were cwnd-limited then.
1884 */
1885 if (!before(tp->snd_una, tp->max_packets_seq) ||
1886 tp->packets_out > tp->max_packets_out ||
1887 is_cwnd_limited) {
1888 tp->max_packets_out = tp->packets_out;
1889 tp->max_packets_seq = tp->snd_nxt;
1890 tp->is_cwnd_limited = is_cwnd_limited;
1891 }
1892
1893 if (tcp_is_cwnd_limited(sk)) {
1894 /* Network is feed fully. */
1895 tp->snd_cwnd_used = 0;
1896 tp->snd_cwnd_stamp = tcp_jiffies32;
1897 } else {
1898 /* Network starves. */
1899 if (tp->packets_out > tp->snd_cwnd_used)
1900 tp->snd_cwnd_used = tp->packets_out;
1901
1902 if (sock_net(sk)->ipv4.sysctl_tcp_slow_start_after_idle &&
1903 (s32)(tcp_jiffies32 - tp->snd_cwnd_stamp) >= inet_csk(sk)->icsk_rto &&
1904 !ca_ops->cong_control)
1905 tcp_cwnd_application_limited(sk);
1906
1907 /* The following conditions together indicate the starvation
1908 * is caused by insufficient sender buffer:
1909 * 1) just sent some data (see tcp_write_xmit)
1910 * 2) not cwnd limited (this else condition)
1911 * 3) no more data to send (tcp_write_queue_empty())
1912 * 4) application is hitting buffer limit (SOCK_NOSPACE)
1913 */
1914 if (tcp_write_queue_empty(sk) && sk->sk_socket &&
1915 test_bit(SOCK_NOSPACE, &sk->sk_socket->flags) &&
1916 (1 << sk->sk_state) & (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT))
1917 tcp_chrono_start(sk, TCP_CHRONO_SNDBUF_LIMITED);
1918 }
1919}
1920
1921/* Minshall's variant of the Nagle send check. */
1922static bool tcp_minshall_check(const struct tcp_sock *tp)
1923{
1924 return after(tp->snd_sml, tp->snd_una) &&
1925 !after(tp->snd_sml, tp->snd_nxt);
1926}
1927
1928/* Update snd_sml if this skb is under mss
1929 * Note that a TSO packet might end with a sub-mss segment
1930 * The test is really :
1931 * if ((skb->len % mss) != 0)
1932 * tp->snd_sml = TCP_SKB_CB(skb)->end_seq;
1933 * But we can avoid doing the divide again given we already have
1934 * skb_pcount = skb->len / mss_now
1935 */
1936static void tcp_minshall_update(struct tcp_sock *tp, unsigned int mss_now,
1937 const struct sk_buff *skb)
1938{
1939 if (skb->len < tcp_skb_pcount(skb) * mss_now)
1940 tp->snd_sml = TCP_SKB_CB(skb)->end_seq;
1941}
1942
1943/* Return false, if packet can be sent now without violation Nagle's rules:
1944 * 1. It is full sized. (provided by caller in %partial bool)
1945 * 2. Or it contains FIN. (already checked by caller)
1946 * 3. Or TCP_CORK is not set, and TCP_NODELAY is set.
1947 * 4. Or TCP_CORK is not set, and all sent packets are ACKed.
1948 * With Minshall's modification: all sent small packets are ACKed.
1949 */
1950static bool tcp_nagle_check(bool partial, const struct tcp_sock *tp,
1951 int nonagle)
1952{
1953 return partial &&
1954 ((nonagle & TCP_NAGLE_CORK) ||
1955 (!nonagle && tp->packets_out && tcp_minshall_check(tp)));
1956}
1957
1958/* Return how many segs we'd like on a TSO packet,
1959 * to send one TSO packet per ms
1960 */
1961static u32 tcp_tso_autosize(const struct sock *sk, unsigned int mss_now,
1962 int min_tso_segs)
1963{
1964 u32 bytes, segs;
1965
1966 bytes = min_t(unsigned long,
1967 sk->sk_pacing_rate >> READ_ONCE(sk->sk_pacing_shift),
1968 sk->sk_gso_max_size - 1 - MAX_TCP_HEADER);
1969
1970 /* Goal is to send at least one packet per ms,
1971 * not one big TSO packet every 100 ms.
1972 * This preserves ACK clocking and is consistent
1973 * with tcp_tso_should_defer() heuristic.
1974 */
1975 segs = max_t(u32, bytes / mss_now, min_tso_segs);
1976
1977 return segs;
1978}
1979
1980/* Return the number of segments we want in the skb we are transmitting.
1981 * See if congestion control module wants to decide; otherwise, autosize.
1982 */
1983static u32 tcp_tso_segs(struct sock *sk, unsigned int mss_now)
1984{
1985 const struct tcp_congestion_ops *ca_ops = inet_csk(sk)->icsk_ca_ops;
1986 u32 min_tso, tso_segs;
1987
1988 min_tso = ca_ops->min_tso_segs ?
1989 ca_ops->min_tso_segs(sk) :
1990 sock_net(sk)->ipv4.sysctl_tcp_min_tso_segs;
1991
1992 tso_segs = tcp_tso_autosize(sk, mss_now, min_tso);
1993 return min_t(u32, tso_segs, sk->sk_gso_max_segs);
1994}
1995
1996/* Returns the portion of skb which can be sent right away */
1997static unsigned int tcp_mss_split_point(const struct sock *sk,
1998 const struct sk_buff *skb,
1999 unsigned int mss_now,
2000 unsigned int max_segs,
2001 int nonagle)
2002{
2003 const struct tcp_sock *tp = tcp_sk(sk);
2004 u32 partial, needed, window, max_len;
2005
2006 window = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
2007 max_len = mss_now * max_segs;
2008
2009 if (likely(max_len <= window && skb != tcp_write_queue_tail(sk)))
2010 return max_len;
2011
2012 needed = min(skb->len, window);
2013
2014 if (max_len <= needed)
2015 return max_len;
2016
2017 partial = needed % mss_now;
2018 /* If last segment is not a full MSS, check if Nagle rules allow us
2019 * to include this last segment in this skb.
2020 * Otherwise, we'll split the skb at last MSS boundary
2021 */
2022 if (tcp_nagle_check(partial != 0, tp, nonagle))
2023 return needed - partial;
2024
2025 return needed;
2026}
2027
2028/* Can at least one segment of SKB be sent right now, according to the
2029 * congestion window rules? If so, return how many segments are allowed.
2030 */
2031static inline unsigned int tcp_cwnd_test(const struct tcp_sock *tp,
2032 const struct sk_buff *skb)
2033{
2034 u32 in_flight, cwnd, halfcwnd;
2035
2036 /* Don't be strict about the congestion window for the final FIN. */
2037 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) &&
2038 tcp_skb_pcount(skb) == 1)
2039 return 1;
2040
2041 in_flight = tcp_packets_in_flight(tp);
2042 cwnd = tp->snd_cwnd;
2043 if (in_flight >= cwnd)
2044 return 0;
2045
2046 /* For better scheduling, ensure we have at least
2047 * 2 GSO packets in flight.
2048 */
2049 halfcwnd = max(cwnd >> 1, 1U);
2050 return min(halfcwnd, cwnd - in_flight);
2051}
2052
2053/* Initialize TSO state of a skb.
2054 * This must be invoked the first time we consider transmitting
2055 * SKB onto the wire.
2056 */
2057static int tcp_init_tso_segs(struct sk_buff *skb, unsigned int mss_now)
2058{
2059 int tso_segs = tcp_skb_pcount(skb);
2060
2061 if (!tso_segs || (tso_segs > 1 && tcp_skb_mss(skb) != mss_now)) {
2062 tcp_set_skb_tso_segs(skb, mss_now);
2063 tso_segs = tcp_skb_pcount(skb);
2064 }
2065 return tso_segs;
2066}
2067
2068
2069/* Return true if the Nagle test allows this packet to be
2070 * sent now.
2071 */
2072static inline bool tcp_nagle_test(const struct tcp_sock *tp, const struct sk_buff *skb,
2073 unsigned int cur_mss, int nonagle)
2074{
2075 /* Nagle rule does not apply to frames, which sit in the middle of the
2076 * write_queue (they have no chances to get new data).
2077 *
2078 * This is implemented in the callers, where they modify the 'nonagle'
2079 * argument based upon the location of SKB in the send queue.
2080 */
2081 if (nonagle & TCP_NAGLE_PUSH)
2082 return true;
2083
2084 /* Don't use the nagle rule for urgent data (or for the final FIN). */
2085 if (tcp_urg_mode(tp) || (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN))
2086 return true;
2087
2088 if (!tcp_nagle_check(skb->len < cur_mss, tp, nonagle))
2089 return true;
2090
2091 return false;
2092}
2093
2094/* Does at least the first segment of SKB fit into the send window? */
2095static bool tcp_snd_wnd_test(const struct tcp_sock *tp,
2096 const struct sk_buff *skb,
2097 unsigned int cur_mss)
2098{
2099 u32 end_seq = TCP_SKB_CB(skb)->end_seq;
2100
2101 if (skb->len > cur_mss)
2102 end_seq = TCP_SKB_CB(skb)->seq + cur_mss;
2103
2104 return !after(end_seq, tcp_wnd_end(tp));
2105}
2106
2107/* Trim TSO SKB to LEN bytes, put the remaining data into a new packet
2108 * which is put after SKB on the list. It is very much like
2109 * tcp_fragment() except that it may make several kinds of assumptions
2110 * in order to speed up the splitting operation. In particular, we
2111 * know that all the data is in scatter-gather pages, and that the
2112 * packet has never been sent out before (and thus is not cloned).
2113 */
2114static int tso_fragment(struct sock *sk, struct sk_buff *skb, unsigned int len,
2115 unsigned int mss_now, gfp_t gfp)
2116{
2117 int nlen = skb->len - len;
2118 struct sk_buff *buff;
2119 u8 flags;
2120
2121 /* All of a TSO frame must be composed of paged data. */
2122 if (skb->len != skb->data_len)
2123 return tcp_fragment(sk, TCP_FRAG_IN_WRITE_QUEUE,
2124 skb, len, mss_now, gfp);
2125
2126 buff = sk_stream_alloc_skb(sk, 0, gfp, true);
2127 if (unlikely(!buff))
2128 return -ENOMEM;
2129 skb_copy_decrypted(buff, skb);
2130 mptcp_skb_ext_copy(buff, skb);
2131
2132 sk_wmem_queued_add(sk, buff->truesize);
2133 sk_mem_charge(sk, buff->truesize);
2134 buff->truesize += nlen;
2135 skb->truesize -= nlen;
2136
2137 /* Correct the sequence numbers. */
2138 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len;
2139 TCP_SKB_CB(buff)->end_seq = TCP_SKB_CB(skb)->end_seq;
2140 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq;
2141
2142 /* PSH and FIN should only be set in the second packet. */
2143 flags = TCP_SKB_CB(skb)->tcp_flags;
2144 TCP_SKB_CB(skb)->tcp_flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH);
2145 TCP_SKB_CB(buff)->tcp_flags = flags;
2146
2147 /* This packet was never sent out yet, so no SACK bits. */
2148 TCP_SKB_CB(buff)->sacked = 0;
2149
2150 tcp_skb_fragment_eor(skb, buff);
2151
2152 buff->ip_summed = CHECKSUM_PARTIAL;
2153 skb_split(skb, buff, len);
2154 tcp_fragment_tstamp(skb, buff);
2155
2156 /* Fix up tso_factor for both original and new SKB. */
2157 tcp_set_skb_tso_segs(skb, mss_now);
2158 tcp_set_skb_tso_segs(buff, mss_now);
2159
2160 /* Link BUFF into the send queue. */
2161 __skb_header_release(buff);
2162 tcp_insert_write_queue_after(skb, buff, sk, TCP_FRAG_IN_WRITE_QUEUE);
2163
2164 return 0;
2165}
2166
2167/* Try to defer sending, if possible, in order to minimize the amount
2168 * of TSO splitting we do. View it as a kind of TSO Nagle test.
2169 *
2170 * This algorithm is from John Heffner.
2171 */
2172static bool tcp_tso_should_defer(struct sock *sk, struct sk_buff *skb,
2173 bool *is_cwnd_limited,
2174 bool *is_rwnd_limited,
2175 u32 max_segs)
2176{
2177 const struct inet_connection_sock *icsk = inet_csk(sk);
2178 u32 send_win, cong_win, limit, in_flight;
2179 struct tcp_sock *tp = tcp_sk(sk);
2180 struct sk_buff *head;
2181 int win_divisor;
2182 s64 delta;
2183
2184 if (icsk->icsk_ca_state >= TCP_CA_Recovery)
2185 goto send_now;
2186
2187 /* Avoid bursty behavior by allowing defer
2188 * only if the last write was recent (1 ms).
2189 * Note that tp->tcp_wstamp_ns can be in the future if we have
2190 * packets waiting in a qdisc or device for EDT delivery.
2191 */
2192 delta = tp->tcp_clock_cache - tp->tcp_wstamp_ns - NSEC_PER_MSEC;
2193 if (delta > 0)
2194 goto send_now;
2195
2196 in_flight = tcp_packets_in_flight(tp);
2197
2198 BUG_ON(tcp_skb_pcount(skb) <= 1);
2199 BUG_ON(tp->snd_cwnd <= in_flight);
2200
2201 send_win = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
2202
2203 /* From in_flight test above, we know that cwnd > in_flight. */
2204 cong_win = (tp->snd_cwnd - in_flight) * tp->mss_cache;
2205
2206 limit = min(send_win, cong_win);
2207
2208 /* If a full-sized TSO skb can be sent, do it. */
2209 if (limit >= max_segs * tp->mss_cache)
2210 goto send_now;
2211
2212 /* Middle in queue won't get any more data, full sendable already? */
2213 if ((skb != tcp_write_queue_tail(sk)) && (limit >= skb->len))
2214 goto send_now;
2215
2216 win_divisor = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_tso_win_divisor);
2217 if (win_divisor) {
2218 u32 chunk = min(tp->snd_wnd, tp->snd_cwnd * tp->mss_cache);
2219
2220 /* If at least some fraction of a window is available,
2221 * just use it.
2222 */
2223 chunk /= win_divisor;
2224 if (limit >= chunk)
2225 goto send_now;
2226 } else {
2227 /* Different approach, try not to defer past a single
2228 * ACK. Receiver should ACK every other full sized
2229 * frame, so if we have space for more than 3 frames
2230 * then send now.
2231 */
2232 if (limit > tcp_max_tso_deferred_mss(tp) * tp->mss_cache)
2233 goto send_now;
2234 }
2235
2236 /* TODO : use tsorted_sent_queue ? */
2237 head = tcp_rtx_queue_head(sk);
2238 if (!head)
2239 goto send_now;
2240 delta = tp->tcp_clock_cache - head->tstamp;
2241 /* If next ACK is likely to come too late (half srtt), do not defer */
2242 if ((s64)(delta - (u64)NSEC_PER_USEC * (tp->srtt_us >> 4)) < 0)
2243 goto send_now;
2244
2245 /* Ok, it looks like it is advisable to defer.
2246 * Three cases are tracked :
2247 * 1) We are cwnd-limited
2248 * 2) We are rwnd-limited
2249 * 3) We are application limited.
2250 */
2251 if (cong_win < send_win) {
2252 if (cong_win <= skb->len) {
2253 *is_cwnd_limited = true;
2254 return true;
2255 }
2256 } else {
2257 if (send_win <= skb->len) {
2258 *is_rwnd_limited = true;
2259 return true;
2260 }
2261 }
2262
2263 /* If this packet won't get more data, do not wait. */
2264 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) ||
2265 TCP_SKB_CB(skb)->eor)
2266 goto send_now;
2267
2268 return true;
2269
2270send_now:
2271 return false;
2272}
2273
2274static inline void tcp_mtu_check_reprobe(struct sock *sk)
2275{
2276 struct inet_connection_sock *icsk = inet_csk(sk);
2277 struct tcp_sock *tp = tcp_sk(sk);
2278 struct net *net = sock_net(sk);
2279 u32 interval;
2280 s32 delta;
2281
2282 interval = net->ipv4.sysctl_tcp_probe_interval;
2283 delta = tcp_jiffies32 - icsk->icsk_mtup.probe_timestamp;
2284 if (unlikely(delta >= interval * HZ)) {
2285 int mss = tcp_current_mss(sk);
2286
2287 /* Update current search range */
2288 icsk->icsk_mtup.probe_size = 0;
2289 icsk->icsk_mtup.search_high = tp->rx_opt.mss_clamp +
2290 sizeof(struct tcphdr) +
2291 icsk->icsk_af_ops->net_header_len;
2292 icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss);
2293
2294 /* Update probe time stamp */
2295 icsk->icsk_mtup.probe_timestamp = tcp_jiffies32;
2296 }
2297}
2298
2299static bool tcp_can_coalesce_send_queue_head(struct sock *sk, int len)
2300{
2301 struct sk_buff *skb, *next;
2302
2303 skb = tcp_send_head(sk);
2304 tcp_for_write_queue_from_safe(skb, next, sk) {
2305 if (len <= skb->len)
2306 break;
2307
2308 if (unlikely(TCP_SKB_CB(skb)->eor) || tcp_has_tx_tstamp(skb))
2309 return false;
2310
2311 len -= skb->len;
2312 }
2313
2314 return true;
2315}
2316
2317/* Create a new MTU probe if we are ready.
2318 * MTU probe is regularly attempting to increase the path MTU by
2319 * deliberately sending larger packets. This discovers routing
2320 * changes resulting in larger path MTUs.
2321 *
2322 * Returns 0 if we should wait to probe (no cwnd available),
2323 * 1 if a probe was sent,
2324 * -1 otherwise
2325 */
2326static int tcp_mtu_probe(struct sock *sk)
2327{
2328 struct inet_connection_sock *icsk = inet_csk(sk);
2329 struct tcp_sock *tp = tcp_sk(sk);
2330 struct sk_buff *skb, *nskb, *next;
2331 struct net *net = sock_net(sk);
2332 int probe_size;
2333 int size_needed;
2334 int copy, len;
2335 int mss_now;
2336 int interval;
2337
2338 /* Not currently probing/verifying,
2339 * not in recovery,
2340 * have enough cwnd, and
2341 * not SACKing (the variable headers throw things off)
2342 */
2343 if (likely(!icsk->icsk_mtup.enabled ||
2344 icsk->icsk_mtup.probe_size ||
2345 inet_csk(sk)->icsk_ca_state != TCP_CA_Open ||
2346 tp->snd_cwnd < 11 ||
2347 tp->rx_opt.num_sacks || tp->rx_opt.dsack))
2348 return -1;
2349
2350 /* Use binary search for probe_size between tcp_mss_base,
2351 * and current mss_clamp. if (search_high - search_low)
2352 * smaller than a threshold, backoff from probing.
2353 */
2354 mss_now = tcp_current_mss(sk);
2355 probe_size = tcp_mtu_to_mss(sk, (icsk->icsk_mtup.search_high +
2356 icsk->icsk_mtup.search_low) >> 1);
2357 size_needed = probe_size + (tp->reordering + 1) * tp->mss_cache;
2358 interval = icsk->icsk_mtup.search_high - icsk->icsk_mtup.search_low;
2359 /* When misfortune happens, we are reprobing actively,
2360 * and then reprobe timer has expired. We stick with current
2361 * probing process by not resetting search range to its orignal.
2362 */
2363 if (probe_size > tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_high) ||
2364 interval < net->ipv4.sysctl_tcp_probe_threshold) {
2365 /* Check whether enough time has elaplased for
2366 * another round of probing.
2367 */
2368 tcp_mtu_check_reprobe(sk);
2369 return -1;
2370 }
2371
2372 /* Have enough data in the send queue to probe? */
2373 if (tp->write_seq - tp->snd_nxt < size_needed)
2374 return -1;
2375
2376 if (tp->snd_wnd < size_needed)
2377 return -1;
2378 if (after(tp->snd_nxt + size_needed, tcp_wnd_end(tp)))
2379 return 0;
2380
2381 /* Do we need to wait to drain cwnd? With none in flight, don't stall */
2382 if (tcp_packets_in_flight(tp) + 2 > tp->snd_cwnd) {
2383 if (!tcp_packets_in_flight(tp))
2384 return -1;
2385 else
2386 return 0;
2387 }
2388
2389 if (!tcp_can_coalesce_send_queue_head(sk, probe_size))
2390 return -1;
2391
2392 /* We're allowed to probe. Build it now. */
2393 nskb = sk_stream_alloc_skb(sk, probe_size, GFP_ATOMIC, false);
2394 if (!nskb)
2395 return -1;
2396 sk_wmem_queued_add(sk, nskb->truesize);
2397 sk_mem_charge(sk, nskb->truesize);
2398
2399 skb = tcp_send_head(sk);
2400 skb_copy_decrypted(nskb, skb);
2401 mptcp_skb_ext_copy(nskb, skb);
2402
2403 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq;
2404 TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size;
2405 TCP_SKB_CB(nskb)->tcp_flags = TCPHDR_ACK;
2406 TCP_SKB_CB(nskb)->sacked = 0;
2407 nskb->csum = 0;
2408 nskb->ip_summed = CHECKSUM_PARTIAL;
2409
2410 tcp_insert_write_queue_before(nskb, skb, sk);
2411 tcp_highest_sack_replace(sk, skb, nskb);
2412
2413 len = 0;
2414 tcp_for_write_queue_from_safe(skb, next, sk) {
2415 copy = min_t(int, skb->len, probe_size - len);
2416 skb_copy_bits(skb, 0, skb_put(nskb, copy), copy);
2417
2418 if (skb->len <= copy) {
2419 /* We've eaten all the data from this skb.
2420 * Throw it away. */
2421 TCP_SKB_CB(nskb)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags;
2422 /* If this is the last SKB we copy and eor is set
2423 * we need to propagate it to the new skb.
2424 */
2425 TCP_SKB_CB(nskb)->eor = TCP_SKB_CB(skb)->eor;
2426 tcp_skb_collapse_tstamp(nskb, skb);
2427 tcp_unlink_write_queue(skb, sk);
2428 sk_wmem_free_skb(sk, skb);
2429 } else {
2430 TCP_SKB_CB(nskb)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags &
2431 ~(TCPHDR_FIN|TCPHDR_PSH);
2432 if (!skb_shinfo(skb)->nr_frags) {
2433 skb_pull(skb, copy);
2434 } else {
2435 __pskb_trim_head(skb, copy);
2436 tcp_set_skb_tso_segs(skb, mss_now);
2437 }
2438 TCP_SKB_CB(skb)->seq += copy;
2439 }
2440
2441 len += copy;
2442
2443 if (len >= probe_size)
2444 break;
2445 }
2446 tcp_init_tso_segs(nskb, nskb->len);
2447
2448 /* We're ready to send. If this fails, the probe will
2449 * be resegmented into mss-sized pieces by tcp_write_xmit().
2450 */
2451 if (!tcp_transmit_skb(sk, nskb, 1, GFP_ATOMIC)) {
2452 /* Decrement cwnd here because we are sending
2453 * effectively two packets. */
2454 tp->snd_cwnd--;
2455 tcp_event_new_data_sent(sk, nskb);
2456
2457 icsk->icsk_mtup.probe_size = tcp_mss_to_mtu(sk, nskb->len);
2458 tp->mtu_probe.probe_seq_start = TCP_SKB_CB(nskb)->seq;
2459 tp->mtu_probe.probe_seq_end = TCP_SKB_CB(nskb)->end_seq;
2460
2461 return 1;
2462 }
2463
2464 return -1;
2465}
2466
2467static bool tcp_pacing_check(struct sock *sk)
2468{
2469 struct tcp_sock *tp = tcp_sk(sk);
2470
2471 if (!tcp_needs_internal_pacing(sk))
2472 return false;
2473
2474 if (tp->tcp_wstamp_ns <= tp->tcp_clock_cache)
2475 return false;
2476
2477 if (!hrtimer_is_queued(&tp->pacing_timer)) {
2478 hrtimer_start(&tp->pacing_timer,
2479 ns_to_ktime(tp->tcp_wstamp_ns),
2480 HRTIMER_MODE_ABS_PINNED_SOFT);
2481 sock_hold(sk);
2482 }
2483 return true;
2484}
2485
2486/* TCP Small Queues :
2487 * Control number of packets in qdisc/devices to two packets / or ~1 ms.
2488 * (These limits are doubled for retransmits)
2489 * This allows for :
2490 * - better RTT estimation and ACK scheduling
2491 * - faster recovery
2492 * - high rates
2493 * Alas, some drivers / subsystems require a fair amount
2494 * of queued bytes to ensure line rate.
2495 * One example is wifi aggregation (802.11 AMPDU)
2496 */
2497static bool tcp_small_queue_check(struct sock *sk, const struct sk_buff *skb,
2498 unsigned int factor)
2499{
2500 unsigned long limit;
2501
2502 limit = max_t(unsigned long,
2503 2 * skb->truesize,
2504 sk->sk_pacing_rate >> READ_ONCE(sk->sk_pacing_shift));
2505 if (sk->sk_pacing_status == SK_PACING_NONE)
2506 limit = min_t(unsigned long, limit,
2507 sock_net(sk)->ipv4.sysctl_tcp_limit_output_bytes);
2508 limit <<= factor;
2509
2510 if (static_branch_unlikely(&tcp_tx_delay_enabled) &&
2511 tcp_sk(sk)->tcp_tx_delay) {
2512 u64 extra_bytes = (u64)sk->sk_pacing_rate * tcp_sk(sk)->tcp_tx_delay;
2513
2514 /* TSQ is based on skb truesize sum (sk_wmem_alloc), so we
2515 * approximate our needs assuming an ~100% skb->truesize overhead.
2516 * USEC_PER_SEC is approximated by 2^20.
2517 * do_div(extra_bytes, USEC_PER_SEC/2) is replaced by a right shift.
2518 */
2519 extra_bytes >>= (20 - 1);
2520 limit += extra_bytes;
2521 }
2522 if (refcount_read(&sk->sk_wmem_alloc) > limit) {
2523 /* Always send skb if rtx queue is empty.
2524 * No need to wait for TX completion to call us back,
2525 * after softirq/tasklet schedule.
2526 * This helps when TX completions are delayed too much.
2527 */
2528 if (tcp_rtx_queue_empty(sk))
2529 return false;
2530
2531 set_bit(TSQ_THROTTLED, &sk->sk_tsq_flags);
2532 /* It is possible TX completion already happened
2533 * before we set TSQ_THROTTLED, so we must
2534 * test again the condition.
2535 */
2536 smp_mb__after_atomic();
2537 if (refcount_read(&sk->sk_wmem_alloc) > limit)
2538 return true;
2539 }
2540 return false;
2541}
2542
2543static void tcp_chrono_set(struct tcp_sock *tp, const enum tcp_chrono new)
2544{
2545 const u32 now = tcp_jiffies32;
2546 enum tcp_chrono old = tp->chrono_type;
2547
2548 if (old > TCP_CHRONO_UNSPEC)
2549 tp->chrono_stat[old - 1] += now - tp->chrono_start;
2550 tp->chrono_start = now;
2551 tp->chrono_type = new;
2552}
2553
2554void tcp_chrono_start(struct sock *sk, const enum tcp_chrono type)
2555{
2556 struct tcp_sock *tp = tcp_sk(sk);
2557
2558 /* If there are multiple conditions worthy of tracking in a
2559 * chronograph then the highest priority enum takes precedence
2560 * over the other conditions. So that if something "more interesting"
2561 * starts happening, stop the previous chrono and start a new one.
2562 */
2563 if (type > tp->chrono_type)
2564 tcp_chrono_set(tp, type);
2565}
2566
2567void tcp_chrono_stop(struct sock *sk, const enum tcp_chrono type)
2568{
2569 struct tcp_sock *tp = tcp_sk(sk);
2570
2571
2572 /* There are multiple conditions worthy of tracking in a
2573 * chronograph, so that the highest priority enum takes
2574 * precedence over the other conditions (see tcp_chrono_start).
2575 * If a condition stops, we only stop chrono tracking if
2576 * it's the "most interesting" or current chrono we are
2577 * tracking and starts busy chrono if we have pending data.
2578 */
2579 if (tcp_rtx_and_write_queues_empty(sk))
2580 tcp_chrono_set(tp, TCP_CHRONO_UNSPEC);
2581 else if (type == tp->chrono_type)
2582 tcp_chrono_set(tp, TCP_CHRONO_BUSY);
2583}
2584
2585/* This routine writes packets to the network. It advances the
2586 * send_head. This happens as incoming acks open up the remote
2587 * window for us.
2588 *
2589 * LARGESEND note: !tcp_urg_mode is overkill, only frames between
2590 * snd_up-64k-mss .. snd_up cannot be large. However, taking into
2591 * account rare use of URG, this is not a big flaw.
2592 *
2593 * Send at most one packet when push_one > 0. Temporarily ignore
2594 * cwnd limit to force at most one packet out when push_one == 2.
2595
2596 * Returns true, if no segments are in flight and we have queued segments,
2597 * but cannot send anything now because of SWS or another problem.
2598 */
2599static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
2600 int push_one, gfp_t gfp)
2601{
2602 struct tcp_sock *tp = tcp_sk(sk);
2603 struct sk_buff *skb;
2604 unsigned int tso_segs, sent_pkts;
2605 int cwnd_quota;
2606 int result;
2607 bool is_cwnd_limited = false, is_rwnd_limited = false;
2608 u32 max_segs;
2609
2610 sent_pkts = 0;
2611
2612 tcp_mstamp_refresh(tp);
2613 if (!push_one) {
2614 /* Do MTU probing. */
2615 result = tcp_mtu_probe(sk);
2616 if (!result) {
2617 return false;
2618 } else if (result > 0) {
2619 sent_pkts = 1;
2620 }
2621 }
2622
2623 max_segs = tcp_tso_segs(sk, mss_now);
2624 while ((skb = tcp_send_head(sk))) {
2625 unsigned int limit;
2626
2627 if (unlikely(tp->repair) && tp->repair_queue == TCP_SEND_QUEUE) {
2628 /* "skb_mstamp_ns" is used as a start point for the retransmit timer */
2629 skb->skb_mstamp_ns = tp->tcp_wstamp_ns = tp->tcp_clock_cache;
2630 list_move_tail(&skb->tcp_tsorted_anchor, &tp->tsorted_sent_queue);
2631 tcp_init_tso_segs(skb, mss_now);
2632 goto repair; /* Skip network transmission */
2633 }
2634
2635 if (tcp_pacing_check(sk))
2636 break;
2637
2638 tso_segs = tcp_init_tso_segs(skb, mss_now);
2639 BUG_ON(!tso_segs);
2640
2641 cwnd_quota = tcp_cwnd_test(tp, skb);
2642 if (!cwnd_quota) {
2643 if (push_one == 2)
2644 /* Force out a loss probe pkt. */
2645 cwnd_quota = 1;
2646 else
2647 break;
2648 }
2649
2650 if (unlikely(!tcp_snd_wnd_test(tp, skb, mss_now))) {
2651 is_rwnd_limited = true;
2652 break;
2653 }
2654
2655 if (tso_segs == 1) {
2656 if (unlikely(!tcp_nagle_test(tp, skb, mss_now,
2657 (tcp_skb_is_last(sk, skb) ?
2658 nonagle : TCP_NAGLE_PUSH))))
2659 break;
2660 } else {
2661 if (!push_one &&
2662 tcp_tso_should_defer(sk, skb, &is_cwnd_limited,
2663 &is_rwnd_limited, max_segs))
2664 break;
2665 }
2666
2667 limit = mss_now;
2668 if (tso_segs > 1 && !tcp_urg_mode(tp))
2669 limit = tcp_mss_split_point(sk, skb, mss_now,
2670 min_t(unsigned int,
2671 cwnd_quota,
2672 max_segs),
2673 nonagle);
2674
2675 if (skb->len > limit &&
2676 unlikely(tso_fragment(sk, skb, limit, mss_now, gfp)))
2677 break;
2678
2679 if (tcp_small_queue_check(sk, skb, 0))
2680 break;
2681
2682 /* Argh, we hit an empty skb(), presumably a thread
2683 * is sleeping in sendmsg()/sk_stream_wait_memory().
2684 * We do not want to send a pure-ack packet and have
2685 * a strange looking rtx queue with empty packet(s).
2686 */
2687 if (TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq)
2688 break;
2689
2690 if (unlikely(tcp_transmit_skb(sk, skb, 1, gfp)))
2691 break;
2692
2693repair:
2694 /* Advance the send_head. This one is sent out.
2695 * This call will increment packets_out.
2696 */
2697 tcp_event_new_data_sent(sk, skb);
2698
2699 tcp_minshall_update(tp, mss_now, skb);
2700 sent_pkts += tcp_skb_pcount(skb);
2701
2702 if (push_one)
2703 break;
2704 }
2705
2706 if (is_rwnd_limited)
2707 tcp_chrono_start(sk, TCP_CHRONO_RWND_LIMITED);
2708 else
2709 tcp_chrono_stop(sk, TCP_CHRONO_RWND_LIMITED);
2710
2711 is_cwnd_limited |= (tcp_packets_in_flight(tp) >= tp->snd_cwnd);
2712 if (likely(sent_pkts || is_cwnd_limited))
2713 tcp_cwnd_validate(sk, is_cwnd_limited);
2714
2715 if (likely(sent_pkts)) {
2716 if (tcp_in_cwnd_reduction(sk))
2717 tp->prr_out += sent_pkts;
2718
2719 /* Send one loss probe per tail loss episode. */
2720 if (push_one != 2)
2721 tcp_schedule_loss_probe(sk, false);
2722 return false;
2723 }
2724 return !tp->packets_out && !tcp_write_queue_empty(sk);
2725}
2726
2727bool tcp_schedule_loss_probe(struct sock *sk, bool advancing_rto)
2728{
2729 struct inet_connection_sock *icsk = inet_csk(sk);
2730 struct tcp_sock *tp = tcp_sk(sk);
2731 u32 timeout, rto_delta_us;
2732 int early_retrans;
2733
2734 /* Don't do any loss probe on a Fast Open connection before 3WHS
2735 * finishes.
2736 */
2737 if (rcu_access_pointer(tp->fastopen_rsk))
2738 return false;
2739
2740 early_retrans = sock_net(sk)->ipv4.sysctl_tcp_early_retrans;
2741 /* Schedule a loss probe in 2*RTT for SACK capable connections
2742 * not in loss recovery, that are either limited by cwnd or application.
2743 */
2744 if ((early_retrans != 3 && early_retrans != 4) ||
2745 !tp->packets_out || !tcp_is_sack(tp) ||
2746 (icsk->icsk_ca_state != TCP_CA_Open &&
2747 icsk->icsk_ca_state != TCP_CA_CWR))
2748 return false;
2749
2750 /* Probe timeout is 2*rtt. Add minimum RTO to account
2751 * for delayed ack when there's one outstanding packet. If no RTT
2752 * sample is available then probe after TCP_TIMEOUT_INIT.
2753 */
2754 if (tp->srtt_us) {
2755 timeout = usecs_to_jiffies(tp->srtt_us >> 2);
2756 if (tp->packets_out == 1)
2757 timeout += TCP_RTO_MIN;
2758 else
2759 timeout += TCP_TIMEOUT_MIN;
2760 } else {
2761 timeout = TCP_TIMEOUT_INIT;
2762 }
2763
2764 /* If the RTO formula yields an earlier time, then use that time. */
2765 rto_delta_us = advancing_rto ?
2766 jiffies_to_usecs(inet_csk(sk)->icsk_rto) :
2767 tcp_rto_delta_us(sk); /* How far in future is RTO? */
2768 if (rto_delta_us > 0)
2769 timeout = min_t(u32, timeout, usecs_to_jiffies(rto_delta_us));
2770
2771 tcp_reset_xmit_timer(sk, ICSK_TIME_LOSS_PROBE, timeout, TCP_RTO_MAX);
2772 return true;
2773}
2774
2775/* Thanks to skb fast clones, we can detect if a prior transmit of
2776 * a packet is still in a qdisc or driver queue.
2777 * In this case, there is very little point doing a retransmit !
2778 */
2779static bool skb_still_in_host_queue(struct sock *sk,
2780 const struct sk_buff *skb)
2781{
2782 if (unlikely(skb_fclone_busy(sk, skb))) {
2783 set_bit(TSQ_THROTTLED, &sk->sk_tsq_flags);
2784 smp_mb__after_atomic();
2785 if (skb_fclone_busy(sk, skb)) {
2786 NET_INC_STATS(sock_net(sk),
2787 LINUX_MIB_TCPSPURIOUS_RTX_HOSTQUEUES);
2788 return true;
2789 }
2790 }
2791 return false;
2792}
2793
2794/* When probe timeout (PTO) fires, try send a new segment if possible, else
2795 * retransmit the last segment.
2796 */
2797void tcp_send_loss_probe(struct sock *sk)
2798{
2799 struct tcp_sock *tp = tcp_sk(sk);
2800 struct sk_buff *skb;
2801 int pcount;
2802 int mss = tcp_current_mss(sk);
2803
2804 /* At most one outstanding TLP */
2805 if (tp->tlp_high_seq)
2806 goto rearm_timer;
2807
2808 tp->tlp_retrans = 0;
2809 skb = tcp_send_head(sk);
2810 if (skb && tcp_snd_wnd_test(tp, skb, mss)) {
2811 pcount = tp->packets_out;
2812 tcp_write_xmit(sk, mss, TCP_NAGLE_OFF, 2, GFP_ATOMIC);
2813 if (tp->packets_out > pcount)
2814 goto probe_sent;
2815 goto rearm_timer;
2816 }
2817 skb = skb_rb_last(&sk->tcp_rtx_queue);
2818 if (unlikely(!skb)) {
2819 WARN_ONCE(tp->packets_out,
2820 "invalid inflight: %u state %u cwnd %u mss %d\n",
2821 tp->packets_out, sk->sk_state, tp->snd_cwnd, mss);
2822 inet_csk(sk)->icsk_pending = 0;
2823 return;
2824 }
2825
2826 if (skb_still_in_host_queue(sk, skb))
2827 goto rearm_timer;
2828
2829 pcount = tcp_skb_pcount(skb);
2830 if (WARN_ON(!pcount))
2831 goto rearm_timer;
2832
2833 if ((pcount > 1) && (skb->len > (pcount - 1) * mss)) {
2834 if (unlikely(tcp_fragment(sk, TCP_FRAG_IN_RTX_QUEUE, skb,
2835 (pcount - 1) * mss, mss,
2836 GFP_ATOMIC)))
2837 goto rearm_timer;
2838 skb = skb_rb_next(skb);
2839 }
2840
2841 if (WARN_ON(!skb || !tcp_skb_pcount(skb)))
2842 goto rearm_timer;
2843
2844 if (__tcp_retransmit_skb(sk, skb, 1))
2845 goto rearm_timer;
2846
2847 tp->tlp_retrans = 1;
2848
2849probe_sent:
2850 /* Record snd_nxt for loss detection. */
2851 tp->tlp_high_seq = tp->snd_nxt;
2852
2853 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPLOSSPROBES);
2854 /* Reset s.t. tcp_rearm_rto will restart timer from now */
2855 inet_csk(sk)->icsk_pending = 0;
2856rearm_timer:
2857 tcp_rearm_rto(sk);
2858}
2859
2860/* Push out any pending frames which were held back due to
2861 * TCP_CORK or attempt at coalescing tiny packets.
2862 * The socket must be locked by the caller.
2863 */
2864void __tcp_push_pending_frames(struct sock *sk, unsigned int cur_mss,
2865 int nonagle)
2866{
2867 /* If we are closed, the bytes will have to remain here.
2868 * In time closedown will finish, we empty the write queue and
2869 * all will be happy.
2870 */
2871 if (unlikely(sk->sk_state == TCP_CLOSE))
2872 return;
2873
2874 if (tcp_write_xmit(sk, cur_mss, nonagle, 0,
2875 sk_gfp_mask(sk, GFP_ATOMIC)))
2876 tcp_check_probe_timer(sk);
2877}
2878
2879/* Send _single_ skb sitting at the send head. This function requires
2880 * true push pending frames to setup probe timer etc.
2881 */
2882void tcp_push_one(struct sock *sk, unsigned int mss_now)
2883{
2884 struct sk_buff *skb = tcp_send_head(sk);
2885
2886 BUG_ON(!skb || skb->len < mss_now);
2887
2888 tcp_write_xmit(sk, mss_now, TCP_NAGLE_PUSH, 1, sk->sk_allocation);
2889}
2890
2891/* This function returns the amount that we can raise the
2892 * usable window based on the following constraints
2893 *
2894 * 1. The window can never be shrunk once it is offered (RFC 793)
2895 * 2. We limit memory per socket
2896 *
2897 * RFC 1122:
2898 * "the suggested [SWS] avoidance algorithm for the receiver is to keep
2899 * RECV.NEXT + RCV.WIN fixed until:
2900 * RCV.BUFF - RCV.USER - RCV.WINDOW >= min(1/2 RCV.BUFF, MSS)"
2901 *
2902 * i.e. don't raise the right edge of the window until you can raise
2903 * it at least MSS bytes.
2904 *
2905 * Unfortunately, the recommended algorithm breaks header prediction,
2906 * since header prediction assumes th->window stays fixed.
2907 *
2908 * Strictly speaking, keeping th->window fixed violates the receiver
2909 * side SWS prevention criteria. The problem is that under this rule
2910 * a stream of single byte packets will cause the right side of the
2911 * window to always advance by a single byte.
2912 *
2913 * Of course, if the sender implements sender side SWS prevention
2914 * then this will not be a problem.
2915 *
2916 * BSD seems to make the following compromise:
2917 *
2918 * If the free space is less than the 1/4 of the maximum
2919 * space available and the free space is less than 1/2 mss,
2920 * then set the window to 0.
2921 * [ Actually, bsd uses MSS and 1/4 of maximal _window_ ]
2922 * Otherwise, just prevent the window from shrinking
2923 * and from being larger than the largest representable value.
2924 *
2925 * This prevents incremental opening of the window in the regime
2926 * where TCP is limited by the speed of the reader side taking
2927 * data out of the TCP receive queue. It does nothing about
2928 * those cases where the window is constrained on the sender side
2929 * because the pipeline is full.
2930 *
2931 * BSD also seems to "accidentally" limit itself to windows that are a
2932 * multiple of MSS, at least until the free space gets quite small.
2933 * This would appear to be a side effect of the mbuf implementation.
2934 * Combining these two algorithms results in the observed behavior
2935 * of having a fixed window size at almost all times.
2936 *
2937 * Below we obtain similar behavior by forcing the offered window to
2938 * a multiple of the mss when it is feasible to do so.
2939 *
2940 * Note, we don't "adjust" for TIMESTAMP or SACK option bytes.
2941 * Regular options like TIMESTAMP are taken into account.
2942 */
2943u32 __tcp_select_window(struct sock *sk)
2944{
2945 struct inet_connection_sock *icsk = inet_csk(sk);
2946 struct tcp_sock *tp = tcp_sk(sk);
2947 /* MSS for the peer's data. Previous versions used mss_clamp
2948 * here. I don't know if the value based on our guesses
2949 * of peer's MSS is better for the performance. It's more correct
2950 * but may be worse for the performance because of rcv_mss
2951 * fluctuations. --SAW 1998/11/1
2952 */
2953 int mss = icsk->icsk_ack.rcv_mss;
2954 int free_space = tcp_space(sk);
2955 int allowed_space = tcp_full_space(sk);
2956 int full_space, window;
2957
2958 if (sk_is_mptcp(sk))
2959 mptcp_space(sk, &free_space, &allowed_space);
2960
2961 full_space = min_t(int, tp->window_clamp, allowed_space);
2962
2963 if (unlikely(mss > full_space)) {
2964 mss = full_space;
2965 if (mss <= 0)
2966 return 0;
2967 }
2968 if (free_space < (full_space >> 1)) {
2969 icsk->icsk_ack.quick = 0;
2970
2971 if (tcp_under_memory_pressure(sk))
2972 tp->rcv_ssthresh = min(tp->rcv_ssthresh,
2973 4U * tp->advmss);
2974
2975 /* free_space might become our new window, make sure we don't
2976 * increase it due to wscale.
2977 */
2978 free_space = round_down(free_space, 1 << tp->rx_opt.rcv_wscale);
2979
2980 /* if free space is less than mss estimate, or is below 1/16th
2981 * of the maximum allowed, try to move to zero-window, else
2982 * tcp_clamp_window() will grow rcv buf up to tcp_rmem[2], and
2983 * new incoming data is dropped due to memory limits.
2984 * With large window, mss test triggers way too late in order
2985 * to announce zero window in time before rmem limit kicks in.
2986 */
2987 if (free_space < (allowed_space >> 4) || free_space < mss)
2988 return 0;
2989 }
2990
2991 if (free_space > tp->rcv_ssthresh)
2992 free_space = tp->rcv_ssthresh;
2993
2994 /* Don't do rounding if we are using window scaling, since the
2995 * scaled window will not line up with the MSS boundary anyway.
2996 */
2997 if (tp->rx_opt.rcv_wscale) {
2998 window = free_space;
2999
3000 /* Advertise enough space so that it won't get scaled away.
3001 * Import case: prevent zero window announcement if
3002 * 1<<rcv_wscale > mss.
3003 */
3004 window = ALIGN(window, (1 << tp->rx_opt.rcv_wscale));
3005 } else {
3006 window = tp->rcv_wnd;
3007 /* Get the largest window that is a nice multiple of mss.
3008 * Window clamp already applied above.
3009 * If our current window offering is within 1 mss of the
3010 * free space we just keep it. This prevents the divide
3011 * and multiply from happening most of the time.
3012 * We also don't do any window rounding when the free space
3013 * is too small.
3014 */
3015 if (window <= free_space - mss || window > free_space)
3016 window = rounddown(free_space, mss);
3017 else if (mss == full_space &&
3018 free_space > window + (full_space >> 1))
3019 window = free_space;
3020 }
3021
3022 return window;
3023}
3024
3025void tcp_skb_collapse_tstamp(struct sk_buff *skb,
3026 const struct sk_buff *next_skb)
3027{
3028 if (unlikely(tcp_has_tx_tstamp(next_skb))) {
3029 const struct skb_shared_info *next_shinfo =
3030 skb_shinfo(next_skb);
3031 struct skb_shared_info *shinfo = skb_shinfo(skb);
3032
3033 shinfo->tx_flags |= next_shinfo->tx_flags & SKBTX_ANY_TSTAMP;
3034 shinfo->tskey = next_shinfo->tskey;
3035 TCP_SKB_CB(skb)->txstamp_ack |=
3036 TCP_SKB_CB(next_skb)->txstamp_ack;
3037 }
3038}
3039
3040/* Collapses two adjacent SKB's during retransmission. */
3041static bool tcp_collapse_retrans(struct sock *sk, struct sk_buff *skb)
3042{
3043 struct tcp_sock *tp = tcp_sk(sk);
3044 struct sk_buff *next_skb = skb_rb_next(skb);
3045 int next_skb_size;
3046
3047 next_skb_size = next_skb->len;
3048
3049 BUG_ON(tcp_skb_pcount(skb) != 1 || tcp_skb_pcount(next_skb) != 1);
3050
3051 if (next_skb_size) {
3052 if (next_skb_size <= skb_availroom(skb))
3053 skb_copy_bits(next_skb, 0, skb_put(skb, next_skb_size),
3054 next_skb_size);
3055 else if (!tcp_skb_shift(skb, next_skb, 1, next_skb_size))
3056 return false;
3057 }
3058 tcp_highest_sack_replace(sk, next_skb, skb);
3059
3060 /* Update sequence range on original skb. */
3061 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(next_skb)->end_seq;
3062
3063 /* Merge over control information. This moves PSH/FIN etc. over */
3064 TCP_SKB_CB(skb)->tcp_flags |= TCP_SKB_CB(next_skb)->tcp_flags;
3065
3066 /* All done, get rid of second SKB and account for it so
3067 * packet counting does not break.
3068 */
3069 TCP_SKB_CB(skb)->sacked |= TCP_SKB_CB(next_skb)->sacked & TCPCB_EVER_RETRANS;
3070 TCP_SKB_CB(skb)->eor = TCP_SKB_CB(next_skb)->eor;
3071
3072 /* changed transmit queue under us so clear hints */
3073 tcp_clear_retrans_hints_partial(tp);
3074 if (next_skb == tp->retransmit_skb_hint)
3075 tp->retransmit_skb_hint = skb;
3076
3077 tcp_adjust_pcount(sk, next_skb, tcp_skb_pcount(next_skb));
3078
3079 tcp_skb_collapse_tstamp(skb, next_skb);
3080
3081 tcp_rtx_queue_unlink_and_free(next_skb, sk);
3082 return true;
3083}
3084
3085/* Check if coalescing SKBs is legal. */
3086static bool tcp_can_collapse(const struct sock *sk, const struct sk_buff *skb)
3087{
3088 if (tcp_skb_pcount(skb) > 1)
3089 return false;
3090 if (skb_cloned(skb))
3091 return false;
3092 /* Some heuristics for collapsing over SACK'd could be invented */
3093 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)
3094 return false;
3095
3096 return true;
3097}
3098
3099/* Collapse packets in the retransmit queue to make to create
3100 * less packets on the wire. This is only done on retransmission.
3101 */
3102static void tcp_retrans_try_collapse(struct sock *sk, struct sk_buff *to,
3103 int space)
3104{
3105 struct tcp_sock *tp = tcp_sk(sk);
3106 struct sk_buff *skb = to, *tmp;
3107 bool first = true;
3108
3109 if (!sock_net(sk)->ipv4.sysctl_tcp_retrans_collapse)
3110 return;
3111 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)
3112 return;
3113
3114 skb_rbtree_walk_from_safe(skb, tmp) {
3115 if (!tcp_can_collapse(sk, skb))
3116 break;
3117
3118 if (!tcp_skb_can_collapse(to, skb))
3119 break;
3120
3121 space -= skb->len;
3122
3123 if (first) {
3124 first = false;
3125 continue;
3126 }
3127
3128 if (space < 0)
3129 break;
3130
3131 if (after(TCP_SKB_CB(skb)->end_seq, tcp_wnd_end(tp)))
3132 break;
3133
3134 if (!tcp_collapse_retrans(sk, to))
3135 break;
3136 }
3137}
3138
3139/* This retransmits one SKB. Policy decisions and retransmit queue
3140 * state updates are done by the caller. Returns non-zero if an
3141 * error occurred which prevented the send.
3142 */
3143int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs)
3144{
3145 struct inet_connection_sock *icsk = inet_csk(sk);
3146 struct tcp_sock *tp = tcp_sk(sk);
3147 unsigned int cur_mss;
3148 int diff, len, err;
3149
3150
3151 /* Inconclusive MTU probe */
3152 if (icsk->icsk_mtup.probe_size)
3153 icsk->icsk_mtup.probe_size = 0;
3154
3155 if (skb_still_in_host_queue(sk, skb))
3156 return -EBUSY;
3157
3158 if (before(TCP_SKB_CB(skb)->seq, tp->snd_una)) {
3159 if (unlikely(before(TCP_SKB_CB(skb)->end_seq, tp->snd_una))) {
3160 WARN_ON_ONCE(1);
3161 return -EINVAL;
3162 }
3163 if (tcp_trim_head(sk, skb, tp->snd_una - TCP_SKB_CB(skb)->seq))
3164 return -ENOMEM;
3165 }
3166
3167 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk))
3168 return -EHOSTUNREACH; /* Routing failure or similar. */
3169
3170 cur_mss = tcp_current_mss(sk);
3171
3172 /* If receiver has shrunk his window, and skb is out of
3173 * new window, do not retransmit it. The exception is the
3174 * case, when window is shrunk to zero. In this case
3175 * our retransmit serves as a zero window probe.
3176 */
3177 if (!before(TCP_SKB_CB(skb)->seq, tcp_wnd_end(tp)) &&
3178 TCP_SKB_CB(skb)->seq != tp->snd_una)
3179 return -EAGAIN;
3180
3181 len = cur_mss * segs;
3182 if (skb->len > len) {
3183 if (tcp_fragment(sk, TCP_FRAG_IN_RTX_QUEUE, skb, len,
3184 cur_mss, GFP_ATOMIC))
3185 return -ENOMEM; /* We'll try again later. */
3186 } else {
3187 if (skb_unclone(skb, GFP_ATOMIC))
3188 return -ENOMEM;
3189
3190 diff = tcp_skb_pcount(skb);
3191 tcp_set_skb_tso_segs(skb, cur_mss);
3192 diff -= tcp_skb_pcount(skb);
3193 if (diff)
3194 tcp_adjust_pcount(sk, skb, diff);
3195 if (skb->len < cur_mss)
3196 tcp_retrans_try_collapse(sk, skb, cur_mss);
3197 }
3198
3199 /* RFC3168, section 6.1.1.1. ECN fallback */
3200 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN_ECN) == TCPHDR_SYN_ECN)
3201 tcp_ecn_clear_syn(sk, skb);
3202
3203 /* Update global and local TCP statistics. */
3204 segs = tcp_skb_pcount(skb);
3205 TCP_ADD_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS, segs);
3206 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)
3207 __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNRETRANS);
3208 tp->total_retrans += segs;
3209 tp->bytes_retrans += skb->len;
3210
3211 /* make sure skb->data is aligned on arches that require it
3212 * and check if ack-trimming & collapsing extended the headroom
3213 * beyond what csum_start can cover.
3214 */
3215 if (unlikely((NET_IP_ALIGN && ((unsigned long)skb->data & 3)) ||
3216 skb_headroom(skb) >= 0xFFFF)) {
3217 struct sk_buff *nskb;
3218
3219 tcp_skb_tsorted_save(skb) {
3220 nskb = __pskb_copy(skb, MAX_TCP_HEADER, GFP_ATOMIC);
3221 if (nskb) {
3222 nskb->dev = NULL;
3223 err = tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC);
3224 } else {
3225 err = -ENOBUFS;
3226 }
3227 } tcp_skb_tsorted_restore(skb);
3228
3229 if (!err) {
3230 tcp_update_skb_after_send(sk, skb, tp->tcp_wstamp_ns);
3231 tcp_rate_skb_sent(sk, skb);
3232 }
3233 } else {
3234 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
3235 }
3236
3237 /* To avoid taking spuriously low RTT samples based on a timestamp
3238 * for a transmit that never happened, always mark EVER_RETRANS
3239 */
3240 TCP_SKB_CB(skb)->sacked |= TCPCB_EVER_RETRANS;
3241
3242 if (BPF_SOCK_OPS_TEST_FLAG(tp, BPF_SOCK_OPS_RETRANS_CB_FLAG))
3243 tcp_call_bpf_3arg(sk, BPF_SOCK_OPS_RETRANS_CB,
3244 TCP_SKB_CB(skb)->seq, segs, err);
3245
3246 if (likely(!err)) {
3247 trace_tcp_retransmit_skb(sk, skb);
3248 } else if (err != -EBUSY) {
3249 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPRETRANSFAIL, segs);
3250 }
3251 return err;
3252}
3253
3254int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs)
3255{
3256 struct tcp_sock *tp = tcp_sk(sk);
3257 int err = __tcp_retransmit_skb(sk, skb, segs);
3258
3259 if (err == 0) {
3260#if FASTRETRANS_DEBUG > 0
3261 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS) {
3262 net_dbg_ratelimited("retrans_out leaked\n");
3263 }
3264#endif
3265 TCP_SKB_CB(skb)->sacked |= TCPCB_RETRANS;
3266 tp->retrans_out += tcp_skb_pcount(skb);
3267 }
3268
3269 /* Save stamp of the first (attempted) retransmit. */
3270 if (!tp->retrans_stamp)
3271 tp->retrans_stamp = tcp_skb_timestamp(skb);
3272
3273 if (tp->undo_retrans < 0)
3274 tp->undo_retrans = 0;
3275 tp->undo_retrans += tcp_skb_pcount(skb);
3276 return err;
3277}
3278
3279/* This gets called after a retransmit timeout, and the initially
3280 * retransmitted data is acknowledged. It tries to continue
3281 * resending the rest of the retransmit queue, until either
3282 * we've sent it all or the congestion window limit is reached.
3283 */
3284void tcp_xmit_retransmit_queue(struct sock *sk)
3285{
3286 const struct inet_connection_sock *icsk = inet_csk(sk);
3287 struct sk_buff *skb, *rtx_head, *hole = NULL;
3288 struct tcp_sock *tp = tcp_sk(sk);
3289 bool rearm_timer = false;
3290 u32 max_segs;
3291 int mib_idx;
3292
3293 if (!tp->packets_out)
3294 return;
3295
3296 rtx_head = tcp_rtx_queue_head(sk);
3297 skb = tp->retransmit_skb_hint ?: rtx_head;
3298 max_segs = tcp_tso_segs(sk, tcp_current_mss(sk));
3299 skb_rbtree_walk_from(skb) {
3300 __u8 sacked;
3301 int segs;
3302
3303 if (tcp_pacing_check(sk))
3304 break;
3305
3306 /* we could do better than to assign each time */
3307 if (!hole)
3308 tp->retransmit_skb_hint = skb;
3309
3310 segs = tp->snd_cwnd - tcp_packets_in_flight(tp);
3311 if (segs <= 0)
3312 break;
3313 sacked = TCP_SKB_CB(skb)->sacked;
3314 /* In case tcp_shift_skb_data() have aggregated large skbs,
3315 * we need to make sure not sending too bigs TSO packets
3316 */
3317 segs = min_t(int, segs, max_segs);
3318
3319 if (tp->retrans_out >= tp->lost_out) {
3320 break;
3321 } else if (!(sacked & TCPCB_LOST)) {
3322 if (!hole && !(sacked & (TCPCB_SACKED_RETRANS|TCPCB_SACKED_ACKED)))
3323 hole = skb;
3324 continue;
3325
3326 } else {
3327 if (icsk->icsk_ca_state != TCP_CA_Loss)
3328 mib_idx = LINUX_MIB_TCPFASTRETRANS;
3329 else
3330 mib_idx = LINUX_MIB_TCPSLOWSTARTRETRANS;
3331 }
3332
3333 if (sacked & (TCPCB_SACKED_ACKED|TCPCB_SACKED_RETRANS))
3334 continue;
3335
3336 if (tcp_small_queue_check(sk, skb, 1))
3337 break;
3338
3339 if (tcp_retransmit_skb(sk, skb, segs))
3340 break;
3341
3342 NET_ADD_STATS(sock_net(sk), mib_idx, tcp_skb_pcount(skb));
3343
3344 if (tcp_in_cwnd_reduction(sk))
3345 tp->prr_out += tcp_skb_pcount(skb);
3346
3347 if (skb == rtx_head &&
3348 icsk->icsk_pending != ICSK_TIME_REO_TIMEOUT)
3349 rearm_timer = true;
3350
3351 }
3352 if (rearm_timer)
3353 tcp_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
3354 inet_csk(sk)->icsk_rto,
3355 TCP_RTO_MAX);
3356}
3357
3358/* We allow to exceed memory limits for FIN packets to expedite
3359 * connection tear down and (memory) recovery.
3360 * Otherwise tcp_send_fin() could be tempted to either delay FIN
3361 * or even be forced to close flow without any FIN.
3362 * In general, we want to allow one skb per socket to avoid hangs
3363 * with edge trigger epoll()
3364 */
3365void sk_forced_mem_schedule(struct sock *sk, int size)
3366{
3367 int amt;
3368
3369 if (size <= sk->sk_forward_alloc)
3370 return;
3371 amt = sk_mem_pages(size);
3372 sk->sk_forward_alloc += amt * SK_MEM_QUANTUM;
3373 sk_memory_allocated_add(sk, amt);
3374
3375 if (mem_cgroup_sockets_enabled && sk->sk_memcg)
3376 mem_cgroup_charge_skmem(sk->sk_memcg, amt);
3377}
3378
3379/* Send a FIN. The caller locks the socket for us.
3380 * We should try to send a FIN packet really hard, but eventually give up.
3381 */
3382void tcp_send_fin(struct sock *sk)
3383{
3384 struct sk_buff *skb, *tskb, *tail = tcp_write_queue_tail(sk);
3385 struct tcp_sock *tp = tcp_sk(sk);
3386
3387 /* Optimization, tack on the FIN if we have one skb in write queue and
3388 * this skb was not yet sent, or we are under memory pressure.
3389 * Note: in the latter case, FIN packet will be sent after a timeout,
3390 * as TCP stack thinks it has already been transmitted.
3391 */
3392 tskb = tail;
3393 if (!tskb && tcp_under_memory_pressure(sk))
3394 tskb = skb_rb_last(&sk->tcp_rtx_queue);
3395
3396 if (tskb) {
3397 TCP_SKB_CB(tskb)->tcp_flags |= TCPHDR_FIN;
3398 TCP_SKB_CB(tskb)->end_seq++;
3399 tp->write_seq++;
3400 if (!tail) {
3401 /* This means tskb was already sent.
3402 * Pretend we included the FIN on previous transmit.
3403 * We need to set tp->snd_nxt to the value it would have
3404 * if FIN had been sent. This is because retransmit path
3405 * does not change tp->snd_nxt.
3406 */
3407 WRITE_ONCE(tp->snd_nxt, tp->snd_nxt + 1);
3408 return;
3409 }
3410 } else {
3411 skb = alloc_skb_fclone(MAX_TCP_HEADER, sk->sk_allocation);
3412 if (unlikely(!skb))
3413 return;
3414
3415 INIT_LIST_HEAD(&skb->tcp_tsorted_anchor);
3416 skb_reserve(skb, MAX_TCP_HEADER);
3417 sk_forced_mem_schedule(sk, skb->truesize);
3418 /* FIN eats a sequence byte, write_seq advanced by tcp_queue_skb(). */
3419 tcp_init_nondata_skb(skb, tp->write_seq,
3420 TCPHDR_ACK | TCPHDR_FIN);
3421 tcp_queue_skb(sk, skb);
3422 }
3423 __tcp_push_pending_frames(sk, tcp_current_mss(sk), TCP_NAGLE_OFF);
3424}
3425
3426/* We get here when a process closes a file descriptor (either due to
3427 * an explicit close() or as a byproduct of exit()'ing) and there
3428 * was unread data in the receive queue. This behavior is recommended
3429 * by RFC 2525, section 2.17. -DaveM
3430 */
3431void tcp_send_active_reset(struct sock *sk, gfp_t priority)
3432{
3433 struct sk_buff *skb;
3434
3435 TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTRSTS);
3436
3437 /* NOTE: No TCP options attached and we never retransmit this. */
3438 skb = alloc_skb(MAX_TCP_HEADER, priority);
3439 if (!skb) {
3440 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED);
3441 return;
3442 }
3443
3444 /* Reserve space for headers and prepare control bits. */
3445 skb_reserve(skb, MAX_TCP_HEADER);
3446 tcp_init_nondata_skb(skb, tcp_acceptable_seq(sk),
3447 TCPHDR_ACK | TCPHDR_RST);
3448 tcp_mstamp_refresh(tcp_sk(sk));
3449 /* Send it off. */
3450 if (tcp_transmit_skb(sk, skb, 0, priority))
3451 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED);
3452
3453 /* skb of trace_tcp_send_reset() keeps the skb that caused RST,
3454 * skb here is different to the troublesome skb, so use NULL
3455 */
3456 trace_tcp_send_reset(sk, NULL);
3457}
3458
3459/* Send a crossed SYN-ACK during socket establishment.
3460 * WARNING: This routine must only be called when we have already sent
3461 * a SYN packet that crossed the incoming SYN that caused this routine
3462 * to get called. If this assumption fails then the initial rcv_wnd
3463 * and rcv_wscale values will not be correct.
3464 */
3465int tcp_send_synack(struct sock *sk)
3466{
3467 struct sk_buff *skb;
3468
3469 skb = tcp_rtx_queue_head(sk);
3470 if (!skb || !(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)) {
3471 pr_err("%s: wrong queue state\n", __func__);
3472 return -EFAULT;
3473 }
3474 if (!(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_ACK)) {
3475 if (skb_cloned(skb)) {
3476 struct sk_buff *nskb;
3477
3478 tcp_skb_tsorted_save(skb) {
3479 nskb = skb_copy(skb, GFP_ATOMIC);
3480 } tcp_skb_tsorted_restore(skb);
3481 if (!nskb)
3482 return -ENOMEM;
3483 INIT_LIST_HEAD(&nskb->tcp_tsorted_anchor);
3484 tcp_highest_sack_replace(sk, skb, nskb);
3485 tcp_rtx_queue_unlink_and_free(skb, sk);
3486 __skb_header_release(nskb);
3487 tcp_rbtree_insert(&sk->tcp_rtx_queue, nskb);
3488 sk_wmem_queued_add(sk, nskb->truesize);
3489 sk_mem_charge(sk, nskb->truesize);
3490 skb = nskb;
3491 }
3492
3493 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_ACK;
3494 tcp_ecn_send_synack(sk, skb);
3495 }
3496 return tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
3497}
3498
3499/**
3500 * tcp_make_synack - Allocate one skb and build a SYNACK packet.
3501 * @sk: listener socket
3502 * @dst: dst entry attached to the SYNACK. It is consumed and caller
3503 * should not use it again.
3504 * @req: request_sock pointer
3505 * @foc: cookie for tcp fast open
3506 * @synack_type: Type of synack to prepare
3507 * @syn_skb: SYN packet just received. It could be NULL for rtx case.
3508 */
3509struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst,
3510 struct request_sock *req,
3511 struct tcp_fastopen_cookie *foc,
3512 enum tcp_synack_type synack_type,
3513 struct sk_buff *syn_skb)
3514{
3515 struct inet_request_sock *ireq = inet_rsk(req);
3516 const struct tcp_sock *tp = tcp_sk(sk);
3517 struct tcp_md5sig_key *md5 = NULL;
3518 struct tcp_out_options opts;
3519 struct sk_buff *skb;
3520 int tcp_header_size;
3521 struct tcphdr *th;
3522 int mss;
3523 u64 now;
3524
3525 skb = alloc_skb(MAX_TCP_HEADER, GFP_ATOMIC);
3526 if (unlikely(!skb)) {
3527 dst_release(dst);
3528 return NULL;
3529 }
3530 /* Reserve space for headers. */
3531 skb_reserve(skb, MAX_TCP_HEADER);
3532
3533 switch (synack_type) {
3534 case TCP_SYNACK_NORMAL:
3535 skb_set_owner_w(skb, req_to_sk(req));
3536 break;
3537 case TCP_SYNACK_COOKIE:
3538 /* Under synflood, we do not attach skb to a socket,
3539 * to avoid false sharing.
3540 */
3541 break;
3542 case TCP_SYNACK_FASTOPEN:
3543 /* sk is a const pointer, because we want to express multiple
3544 * cpu might call us concurrently.
3545 * sk->sk_wmem_alloc in an atomic, we can promote to rw.
3546 */
3547 skb_set_owner_w(skb, (struct sock *)sk);
3548 break;
3549 }
3550 skb_dst_set(skb, dst);
3551
3552 mss = tcp_mss_clamp(tp, dst_metric_advmss(dst));
3553
3554 memset(&opts, 0, sizeof(opts));
3555 now = tcp_clock_ns();
3556#ifdef CONFIG_SYN_COOKIES
3557 if (unlikely(synack_type == TCP_SYNACK_COOKIE && ireq->tstamp_ok))
3558 skb->skb_mstamp_ns = cookie_init_timestamp(req, now);
3559 else
3560#endif
3561 {
3562 skb->skb_mstamp_ns = now;
3563 if (!tcp_rsk(req)->snt_synack) /* Timestamp first SYNACK */
3564 tcp_rsk(req)->snt_synack = tcp_skb_timestamp_us(skb);
3565 }
3566
3567#ifdef CONFIG_TCP_MD5SIG
3568 rcu_read_lock();
3569 md5 = tcp_rsk(req)->af_specific->req_md5_lookup(sk, req_to_sk(req));
3570#endif
3571 skb_set_hash(skb, tcp_rsk(req)->txhash, PKT_HASH_TYPE_L4);
3572 /* bpf program will be interested in the tcp_flags */
3573 TCP_SKB_CB(skb)->tcp_flags = TCPHDR_SYN | TCPHDR_ACK;
3574 tcp_header_size = tcp_synack_options(sk, req, mss, skb, &opts, md5,
3575 foc, synack_type,
3576 syn_skb) + sizeof(*th);
3577
3578 skb_push(skb, tcp_header_size);
3579 skb_reset_transport_header(skb);
3580
3581 th = (struct tcphdr *)skb->data;
3582 memset(th, 0, sizeof(struct tcphdr));
3583 th->syn = 1;
3584 th->ack = 1;
3585 tcp_ecn_make_synack(req, th);
3586 th->source = htons(ireq->ir_num);
3587 th->dest = ireq->ir_rmt_port;
3588 skb->mark = ireq->ir_mark;
3589 skb->ip_summed = CHECKSUM_PARTIAL;
3590 th->seq = htonl(tcp_rsk(req)->snt_isn);
3591 /* XXX data is queued and acked as is. No buffer/window check */
3592 th->ack_seq = htonl(tcp_rsk(req)->rcv_nxt);
3593
3594 /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */
3595 th->window = htons(min(req->rsk_rcv_wnd, 65535U));
3596 tcp_options_write((__be32 *)(th + 1), NULL, &opts);
3597 th->doff = (tcp_header_size >> 2);
3598 __TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTSEGS);
3599
3600#ifdef CONFIG_TCP_MD5SIG
3601 /* Okay, we have all we need - do the md5 hash if needed */
3602 if (md5)
3603 tcp_rsk(req)->af_specific->calc_md5_hash(opts.hash_location,
3604 md5, req_to_sk(req), skb);
3605 rcu_read_unlock();
3606#endif
3607
3608 bpf_skops_write_hdr_opt((struct sock *)sk, skb, req, syn_skb,
3609 synack_type, &opts);
3610
3611 skb->skb_mstamp_ns = now;
3612 tcp_add_tx_delay(skb, tp);
3613
3614 return skb;
3615}
3616EXPORT_SYMBOL(tcp_make_synack);
3617
3618static void tcp_ca_dst_init(struct sock *sk, const struct dst_entry *dst)
3619{
3620 struct inet_connection_sock *icsk = inet_csk(sk);
3621 const struct tcp_congestion_ops *ca;
3622 u32 ca_key = dst_metric(dst, RTAX_CC_ALGO);
3623
3624 if (ca_key == TCP_CA_UNSPEC)
3625 return;
3626
3627 rcu_read_lock();
3628 ca = tcp_ca_find_key(ca_key);
3629 if (likely(ca && bpf_try_module_get(ca, ca->owner))) {
3630 bpf_module_put(icsk->icsk_ca_ops, icsk->icsk_ca_ops->owner);
3631 icsk->icsk_ca_dst_locked = tcp_ca_dst_locked(dst);
3632 icsk->icsk_ca_ops = ca;
3633 }
3634 rcu_read_unlock();
3635}
3636
3637/* Do all connect socket setups that can be done AF independent. */
3638static void tcp_connect_init(struct sock *sk)
3639{
3640 const struct dst_entry *dst = __sk_dst_get(sk);
3641 struct tcp_sock *tp = tcp_sk(sk);
3642 __u8 rcv_wscale;
3643 u32 rcv_wnd;
3644
3645 /* We'll fix this up when we get a response from the other end.
3646 * See tcp_input.c:tcp_rcv_state_process case TCP_SYN_SENT.
3647 */
3648 tp->tcp_header_len = sizeof(struct tcphdr);
3649 if (sock_net(sk)->ipv4.sysctl_tcp_timestamps)
3650 tp->tcp_header_len += TCPOLEN_TSTAMP_ALIGNED;
3651
3652#ifdef CONFIG_TCP_MD5SIG
3653 if (tp->af_specific->md5_lookup(sk, sk))
3654 tp->tcp_header_len += TCPOLEN_MD5SIG_ALIGNED;
3655#endif
3656
3657 /* If user gave his TCP_MAXSEG, record it to clamp */
3658 if (tp->rx_opt.user_mss)
3659 tp->rx_opt.mss_clamp = tp->rx_opt.user_mss;
3660 tp->max_window = 0;
3661 tcp_mtup_init(sk);
3662 tcp_sync_mss(sk, dst_mtu(dst));
3663
3664 tcp_ca_dst_init(sk, dst);
3665
3666 if (!tp->window_clamp)
3667 tp->window_clamp = dst_metric(dst, RTAX_WINDOW);
3668 tp->advmss = tcp_mss_clamp(tp, dst_metric_advmss(dst));
3669
3670 tcp_initialize_rcv_mss(sk);
3671
3672 /* limit the window selection if the user enforce a smaller rx buffer */
3673 if (sk->sk_userlocks & SOCK_RCVBUF_LOCK &&
3674 (tp->window_clamp > tcp_full_space(sk) || tp->window_clamp == 0))
3675 tp->window_clamp = tcp_full_space(sk);
3676
3677 rcv_wnd = tcp_rwnd_init_bpf(sk);
3678 if (rcv_wnd == 0)
3679 rcv_wnd = dst_metric(dst, RTAX_INITRWND);
3680
3681 tcp_select_initial_window(sk, tcp_full_space(sk),
3682 tp->advmss - (tp->rx_opt.ts_recent_stamp ? tp->tcp_header_len - sizeof(struct tcphdr) : 0),
3683 &tp->rcv_wnd,
3684 &tp->window_clamp,
3685 sock_net(sk)->ipv4.sysctl_tcp_window_scaling,
3686 &rcv_wscale,
3687 rcv_wnd);
3688
3689 tp->rx_opt.rcv_wscale = rcv_wscale;
3690 tp->rcv_ssthresh = tp->rcv_wnd;
3691
3692 sk->sk_err = 0;
3693 sock_reset_flag(sk, SOCK_DONE);
3694 tp->snd_wnd = 0;
3695 tcp_init_wl(tp, 0);
3696 tcp_write_queue_purge(sk);
3697 tp->snd_una = tp->write_seq;
3698 tp->snd_sml = tp->write_seq;
3699 tp->snd_up = tp->write_seq;
3700 WRITE_ONCE(tp->snd_nxt, tp->write_seq);
3701
3702 if (likely(!tp->repair))
3703 tp->rcv_nxt = 0;
3704 else
3705 tp->rcv_tstamp = tcp_jiffies32;
3706 tp->rcv_wup = tp->rcv_nxt;
3707 WRITE_ONCE(tp->copied_seq, tp->rcv_nxt);
3708
3709 inet_csk(sk)->icsk_rto = tcp_timeout_init(sk);
3710 inet_csk(sk)->icsk_retransmits = 0;
3711 tcp_clear_retrans(tp);
3712}
3713
3714static void tcp_connect_queue_skb(struct sock *sk, struct sk_buff *skb)
3715{
3716 struct tcp_sock *tp = tcp_sk(sk);
3717 struct tcp_skb_cb *tcb = TCP_SKB_CB(skb);
3718
3719 tcb->end_seq += skb->len;
3720 __skb_header_release(skb);
3721 sk_wmem_queued_add(sk, skb->truesize);
3722 sk_mem_charge(sk, skb->truesize);
3723 WRITE_ONCE(tp->write_seq, tcb->end_seq);
3724 tp->packets_out += tcp_skb_pcount(skb);
3725}
3726
3727/* Build and send a SYN with data and (cached) Fast Open cookie. However,
3728 * queue a data-only packet after the regular SYN, such that regular SYNs
3729 * are retransmitted on timeouts. Also if the remote SYN-ACK acknowledges
3730 * only the SYN sequence, the data are retransmitted in the first ACK.
3731 * If cookie is not cached or other error occurs, falls back to send a
3732 * regular SYN with Fast Open cookie request option.
3733 */
3734static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn)
3735{
3736 struct tcp_sock *tp = tcp_sk(sk);
3737 struct tcp_fastopen_request *fo = tp->fastopen_req;
3738 int space, err = 0;
3739 struct sk_buff *syn_data;
3740
3741 tp->rx_opt.mss_clamp = tp->advmss; /* If MSS is not cached */
3742 if (!tcp_fastopen_cookie_check(sk, &tp->rx_opt.mss_clamp, &fo->cookie))
3743 goto fallback;
3744
3745 /* MSS for SYN-data is based on cached MSS and bounded by PMTU and
3746 * user-MSS. Reserve maximum option space for middleboxes that add
3747 * private TCP options. The cost is reduced data space in SYN :(
3748 */
3749 tp->rx_opt.mss_clamp = tcp_mss_clamp(tp, tp->rx_opt.mss_clamp);
3750
3751 space = __tcp_mtu_to_mss(sk, inet_csk(sk)->icsk_pmtu_cookie) -
3752 MAX_TCP_OPTION_SPACE;
3753
3754 space = min_t(size_t, space, fo->size);
3755
3756 /* limit to order-0 allocations */
3757 space = min_t(size_t, space, SKB_MAX_HEAD(MAX_TCP_HEADER));
3758
3759 syn_data = sk_stream_alloc_skb(sk, space, sk->sk_allocation, false);
3760 if (!syn_data)
3761 goto fallback;
3762 syn_data->ip_summed = CHECKSUM_PARTIAL;
3763 memcpy(syn_data->cb, syn->cb, sizeof(syn->cb));
3764 if (space) {
3765 int copied = copy_from_iter(skb_put(syn_data, space), space,
3766 &fo->data->msg_iter);
3767 if (unlikely(!copied)) {
3768 tcp_skb_tsorted_anchor_cleanup(syn_data);
3769 kfree_skb(syn_data);
3770 goto fallback;
3771 }
3772 if (copied != space) {
3773 skb_trim(syn_data, copied);
3774 space = copied;
3775 }
3776 skb_zcopy_set(syn_data, fo->uarg, NULL);
3777 }
3778 /* No more data pending in inet_wait_for_connect() */
3779 if (space == fo->size)
3780 fo->data = NULL;
3781 fo->copied = space;
3782
3783 tcp_connect_queue_skb(sk, syn_data);
3784 if (syn_data->len)
3785 tcp_chrono_start(sk, TCP_CHRONO_BUSY);
3786
3787 err = tcp_transmit_skb(sk, syn_data, 1, sk->sk_allocation);
3788
3789 syn->skb_mstamp_ns = syn_data->skb_mstamp_ns;
3790
3791 /* Now full SYN+DATA was cloned and sent (or not),
3792 * remove the SYN from the original skb (syn_data)
3793 * we keep in write queue in case of a retransmit, as we
3794 * also have the SYN packet (with no data) in the same queue.
3795 */
3796 TCP_SKB_CB(syn_data)->seq++;
3797 TCP_SKB_CB(syn_data)->tcp_flags = TCPHDR_ACK | TCPHDR_PSH;
3798 if (!err) {
3799 tp->syn_data = (fo->copied > 0);
3800 tcp_rbtree_insert(&sk->tcp_rtx_queue, syn_data);
3801 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPORIGDATASENT);
3802 goto done;
3803 }
3804
3805 /* data was not sent, put it in write_queue */
3806 __skb_queue_tail(&sk->sk_write_queue, syn_data);
3807 tp->packets_out -= tcp_skb_pcount(syn_data);
3808
3809fallback:
3810 /* Send a regular SYN with Fast Open cookie request option */
3811 if (fo->cookie.len > 0)
3812 fo->cookie.len = 0;
3813 err = tcp_transmit_skb(sk, syn, 1, sk->sk_allocation);
3814 if (err)
3815 tp->syn_fastopen = 0;
3816done:
3817 fo->cookie.len = -1; /* Exclude Fast Open option for SYN retries */
3818 return err;
3819}
3820
3821/* Build a SYN and send it off. */
3822int tcp_connect(struct sock *sk)
3823{
3824 struct tcp_sock *tp = tcp_sk(sk);
3825 struct sk_buff *buff;
3826 int err;
3827
3828 tcp_call_bpf(sk, BPF_SOCK_OPS_TCP_CONNECT_CB, 0, NULL);
3829
3830 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk))
3831 return -EHOSTUNREACH; /* Routing failure or similar. */
3832
3833 tcp_connect_init(sk);
3834
3835 if (unlikely(tp->repair)) {
3836 tcp_finish_connect(sk, NULL);
3837 return 0;
3838 }
3839
3840 buff = sk_stream_alloc_skb(sk, 0, sk->sk_allocation, true);
3841 if (unlikely(!buff))
3842 return -ENOBUFS;
3843
3844 tcp_init_nondata_skb(buff, tp->write_seq++, TCPHDR_SYN);
3845 tcp_mstamp_refresh(tp);
3846 tp->retrans_stamp = tcp_time_stamp(tp);
3847 tcp_connect_queue_skb(sk, buff);
3848 tcp_ecn_send_syn(sk, buff);
3849 tcp_rbtree_insert(&sk->tcp_rtx_queue, buff);
3850
3851 /* Send off SYN; include data in Fast Open. */
3852 err = tp->fastopen_req ? tcp_send_syn_data(sk, buff) :
3853 tcp_transmit_skb(sk, buff, 1, sk->sk_allocation);
3854 if (err == -ECONNREFUSED)
3855 return err;
3856
3857 /* We change tp->snd_nxt after the tcp_transmit_skb() call
3858 * in order to make this packet get counted in tcpOutSegs.
3859 */
3860 WRITE_ONCE(tp->snd_nxt, tp->write_seq);
3861 tp->pushed_seq = tp->write_seq;
3862 buff = tcp_send_head(sk);
3863 if (unlikely(buff)) {
3864 WRITE_ONCE(tp->snd_nxt, TCP_SKB_CB(buff)->seq);
3865 tp->pushed_seq = TCP_SKB_CB(buff)->seq;
3866 }
3867 TCP_INC_STATS(sock_net(sk), TCP_MIB_ACTIVEOPENS);
3868
3869 /* Timer for repeating the SYN until an answer. */
3870 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
3871 inet_csk(sk)->icsk_rto, TCP_RTO_MAX);
3872 return 0;
3873}
3874EXPORT_SYMBOL(tcp_connect);
3875
3876/* Send out a delayed ack, the caller does the policy checking
3877 * to see if we should even be here. See tcp_input.c:tcp_ack_snd_check()
3878 * for details.
3879 */
3880void tcp_send_delayed_ack(struct sock *sk)
3881{
3882 struct inet_connection_sock *icsk = inet_csk(sk);
3883 int ato = icsk->icsk_ack.ato;
3884 unsigned long timeout;
3885
3886 if (ato > TCP_DELACK_MIN) {
3887 const struct tcp_sock *tp = tcp_sk(sk);
3888 int max_ato = HZ / 2;
3889
3890 if (inet_csk_in_pingpong_mode(sk) ||
3891 (icsk->icsk_ack.pending & ICSK_ACK_PUSHED))
3892 max_ato = TCP_DELACK_MAX;
3893
3894 /* Slow path, intersegment interval is "high". */
3895
3896 /* If some rtt estimate is known, use it to bound delayed ack.
3897 * Do not use inet_csk(sk)->icsk_rto here, use results of rtt measurements
3898 * directly.
3899 */
3900 if (tp->srtt_us) {
3901 int rtt = max_t(int, usecs_to_jiffies(tp->srtt_us >> 3),
3902 TCP_DELACK_MIN);
3903
3904 if (rtt < max_ato)
3905 max_ato = rtt;
3906 }
3907
3908 ato = min(ato, max_ato);
3909 }
3910
3911 ato = min_t(u32, ato, inet_csk(sk)->icsk_delack_max);
3912
3913 /* Stay within the limit we were given */
3914 timeout = jiffies + ato;
3915
3916 /* Use new timeout only if there wasn't a older one earlier. */
3917 if (icsk->icsk_ack.pending & ICSK_ACK_TIMER) {
3918 /* If delack timer is about to expire, send ACK now. */
3919 if (time_before_eq(icsk->icsk_ack.timeout, jiffies + (ato >> 2))) {
3920 tcp_send_ack(sk);
3921 return;
3922 }
3923
3924 if (!time_before(timeout, icsk->icsk_ack.timeout))
3925 timeout = icsk->icsk_ack.timeout;
3926 }
3927 icsk->icsk_ack.pending |= ICSK_ACK_SCHED | ICSK_ACK_TIMER;
3928 icsk->icsk_ack.timeout = timeout;
3929 sk_reset_timer(sk, &icsk->icsk_delack_timer, timeout);
3930}
3931
3932/* This routine sends an ack and also updates the window. */
3933void __tcp_send_ack(struct sock *sk, u32 rcv_nxt)
3934{
3935 struct sk_buff *buff;
3936
3937 /* If we have been reset, we may not send again. */
3938 if (sk->sk_state == TCP_CLOSE)
3939 return;
3940
3941 /* We are not putting this on the write queue, so
3942 * tcp_transmit_skb() will set the ownership to this
3943 * sock.
3944 */
3945 buff = alloc_skb(MAX_TCP_HEADER,
3946 sk_gfp_mask(sk, GFP_ATOMIC | __GFP_NOWARN));
3947 if (unlikely(!buff)) {
3948 struct inet_connection_sock *icsk = inet_csk(sk);
3949 unsigned long delay;
3950
3951 delay = TCP_DELACK_MAX << icsk->icsk_ack.retry;
3952 if (delay < TCP_RTO_MAX)
3953 icsk->icsk_ack.retry++;
3954 inet_csk_schedule_ack(sk);
3955 icsk->icsk_ack.ato = TCP_ATO_MIN;
3956 inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK, delay, TCP_RTO_MAX);
3957 return;
3958 }
3959
3960 /* Reserve space for headers and prepare control bits. */
3961 skb_reserve(buff, MAX_TCP_HEADER);
3962 tcp_init_nondata_skb(buff, tcp_acceptable_seq(sk), TCPHDR_ACK);
3963
3964 /* We do not want pure acks influencing TCP Small Queues or fq/pacing
3965 * too much.
3966 * SKB_TRUESIZE(max(1 .. 66, MAX_TCP_HEADER)) is unfortunately ~784
3967 */
3968 skb_set_tcp_pure_ack(buff);
3969
3970 /* Send it off, this clears delayed acks for us. */
3971 __tcp_transmit_skb(sk, buff, 0, (__force gfp_t)0, rcv_nxt);
3972}
3973EXPORT_SYMBOL_GPL(__tcp_send_ack);
3974
3975void tcp_send_ack(struct sock *sk)
3976{
3977 __tcp_send_ack(sk, tcp_sk(sk)->rcv_nxt);
3978}
3979
3980/* This routine sends a packet with an out of date sequence
3981 * number. It assumes the other end will try to ack it.
3982 *
3983 * Question: what should we make while urgent mode?
3984 * 4.4BSD forces sending single byte of data. We cannot send
3985 * out of window data, because we have SND.NXT==SND.MAX...
3986 *
3987 * Current solution: to send TWO zero-length segments in urgent mode:
3988 * one is with SEG.SEQ=SND.UNA to deliver urgent pointer, another is
3989 * out-of-date with SND.UNA-1 to probe window.
3990 */
3991static int tcp_xmit_probe_skb(struct sock *sk, int urgent, int mib)
3992{
3993 struct tcp_sock *tp = tcp_sk(sk);
3994 struct sk_buff *skb;
3995
3996 /* We don't queue it, tcp_transmit_skb() sets ownership. */
3997 skb = alloc_skb(MAX_TCP_HEADER,
3998 sk_gfp_mask(sk, GFP_ATOMIC | __GFP_NOWARN));
3999 if (!skb)
4000 return -1;
4001
4002 /* Reserve space for headers and set control bits. */
4003 skb_reserve(skb, MAX_TCP_HEADER);
4004 /* Use a previous sequence. This should cause the other
4005 * end to send an ack. Don't queue or clone SKB, just
4006 * send it.
4007 */
4008 tcp_init_nondata_skb(skb, tp->snd_una - !urgent, TCPHDR_ACK);
4009 NET_INC_STATS(sock_net(sk), mib);
4010 return tcp_transmit_skb(sk, skb, 0, (__force gfp_t)0);
4011}
4012
4013/* Called from setsockopt( ... TCP_REPAIR ) */
4014void tcp_send_window_probe(struct sock *sk)
4015{
4016 if (sk->sk_state == TCP_ESTABLISHED) {
4017 tcp_sk(sk)->snd_wl1 = tcp_sk(sk)->rcv_nxt - 1;
4018 tcp_mstamp_refresh(tcp_sk(sk));
4019 tcp_xmit_probe_skb(sk, 0, LINUX_MIB_TCPWINPROBE);
4020 }
4021}
4022
4023/* Initiate keepalive or window probe from timer. */
4024int tcp_write_wakeup(struct sock *sk, int mib)
4025{
4026 struct tcp_sock *tp = tcp_sk(sk);
4027 struct sk_buff *skb;
4028
4029 if (sk->sk_state == TCP_CLOSE)
4030 return -1;
4031
4032 skb = tcp_send_head(sk);
4033 if (skb && before(TCP_SKB_CB(skb)->seq, tcp_wnd_end(tp))) {
4034 int err;
4035 unsigned int mss = tcp_current_mss(sk);
4036 unsigned int seg_size = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
4037
4038 if (before(tp->pushed_seq, TCP_SKB_CB(skb)->end_seq))
4039 tp->pushed_seq = TCP_SKB_CB(skb)->end_seq;
4040
4041 /* We are probing the opening of a window
4042 * but the window size is != 0
4043 * must have been a result SWS avoidance ( sender )
4044 */
4045 if (seg_size < TCP_SKB_CB(skb)->end_seq - TCP_SKB_CB(skb)->seq ||
4046 skb->len > mss) {
4047 seg_size = min(seg_size, mss);
4048 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH;
4049 if (tcp_fragment(sk, TCP_FRAG_IN_WRITE_QUEUE,
4050 skb, seg_size, mss, GFP_ATOMIC))
4051 return -1;
4052 } else if (!tcp_skb_pcount(skb))
4053 tcp_set_skb_tso_segs(skb, mss);
4054
4055 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH;
4056 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
4057 if (!err)
4058 tcp_event_new_data_sent(sk, skb);
4059 return err;
4060 } else {
4061 if (between(tp->snd_up, tp->snd_una + 1, tp->snd_una + 0xFFFF))
4062 tcp_xmit_probe_skb(sk, 1, mib);
4063 return tcp_xmit_probe_skb(sk, 0, mib);
4064 }
4065}
4066
4067/* A window probe timeout has occurred. If window is not closed send
4068 * a partial packet else a zero probe.
4069 */
4070void tcp_send_probe0(struct sock *sk)
4071{
4072 struct inet_connection_sock *icsk = inet_csk(sk);
4073 struct tcp_sock *tp = tcp_sk(sk);
4074 struct net *net = sock_net(sk);
4075 unsigned long timeout;
4076 int err;
4077
4078 err = tcp_write_wakeup(sk, LINUX_MIB_TCPWINPROBE);
4079
4080 if (tp->packets_out || tcp_write_queue_empty(sk)) {
4081 /* Cancel probe timer, if it is not required. */
4082 icsk->icsk_probes_out = 0;
4083 icsk->icsk_backoff = 0;
4084 icsk->icsk_probes_tstamp = 0;
4085 return;
4086 }
4087
4088 icsk->icsk_probes_out++;
4089 if (err <= 0) {
4090 if (icsk->icsk_backoff < net->ipv4.sysctl_tcp_retries2)
4091 icsk->icsk_backoff++;
4092 timeout = tcp_probe0_when(sk, TCP_RTO_MAX);
4093 } else {
4094 /* If packet was not sent due to local congestion,
4095 * Let senders fight for local resources conservatively.
4096 */
4097 timeout = TCP_RESOURCE_PROBE_INTERVAL;
4098 }
4099
4100 timeout = tcp_clamp_probe0_to_user_timeout(sk, timeout);
4101 tcp_reset_xmit_timer(sk, ICSK_TIME_PROBE0, timeout, TCP_RTO_MAX);
4102}
4103
4104int tcp_rtx_synack(const struct sock *sk, struct request_sock *req)
4105{
4106 const struct tcp_request_sock_ops *af_ops = tcp_rsk(req)->af_specific;
4107 struct flowi fl;
4108 int res;
4109
4110 tcp_rsk(req)->txhash = net_tx_rndhash();
4111 res = af_ops->send_synack(sk, NULL, &fl, req, NULL, TCP_SYNACK_NORMAL,
4112 NULL);
4113 if (!res) {
4114 __TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS);
4115 __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNRETRANS);
4116 if (unlikely(tcp_passive_fastopen(sk)))
4117 tcp_sk(sk)->total_retrans++;
4118 trace_tcp_retransmit_synack(sk, req);
4119 }
4120 return res;
4121}
4122EXPORT_SYMBOL(tcp_rtx_synack);
1/*
2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * Implementation of the Transmission Control Protocol(TCP).
7 *
8 * Authors: Ross Biro
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Mark Evans, <evansmp@uhura.aston.ac.uk>
11 * Corey Minyard <wf-rch!minyard@relay.EU.net>
12 * Florian La Roche, <flla@stud.uni-sb.de>
13 * Charles Hedrick, <hedrick@klinzhai.rutgers.edu>
14 * Linus Torvalds, <torvalds@cs.helsinki.fi>
15 * Alan Cox, <gw4pts@gw4pts.ampr.org>
16 * Matthew Dillon, <dillon@apollo.west.oic.com>
17 * Arnt Gulbrandsen, <agulbra@nvg.unit.no>
18 * Jorge Cwik, <jorge@laser.satlink.net>
19 */
20
21/*
22 * Changes: Pedro Roque : Retransmit queue handled by TCP.
23 * : Fragmentation on mtu decrease
24 * : Segment collapse on retransmit
25 * : AF independence
26 *
27 * Linus Torvalds : send_delayed_ack
28 * David S. Miller : Charge memory using the right skb
29 * during syn/ack processing.
30 * David S. Miller : Output engine completely rewritten.
31 * Andrea Arcangeli: SYNACK carry ts_recent in tsecr.
32 * Cacophonix Gaul : draft-minshall-nagle-01
33 * J Hadi Salim : ECN support
34 *
35 */
36
37#include <net/tcp.h>
38
39#include <linux/compiler.h>
40#include <linux/gfp.h>
41#include <linux/module.h>
42
43/* People can turn this off for buggy TCP's found in printers etc. */
44int sysctl_tcp_retrans_collapse __read_mostly = 1;
45
46/* People can turn this on to work with those rare, broken TCPs that
47 * interpret the window field as a signed quantity.
48 */
49int sysctl_tcp_workaround_signed_windows __read_mostly = 0;
50
51/* This limits the percentage of the congestion window which we
52 * will allow a single TSO frame to consume. Building TSO frames
53 * which are too large can cause TCP streams to be bursty.
54 */
55int sysctl_tcp_tso_win_divisor __read_mostly = 3;
56
57int sysctl_tcp_mtu_probing __read_mostly = 0;
58int sysctl_tcp_base_mss __read_mostly = TCP_BASE_MSS;
59
60/* By default, RFC2861 behavior. */
61int sysctl_tcp_slow_start_after_idle __read_mostly = 1;
62
63int sysctl_tcp_cookie_size __read_mostly = 0; /* TCP_COOKIE_MAX */
64EXPORT_SYMBOL_GPL(sysctl_tcp_cookie_size);
65
66
67/* Account for new data that has been sent to the network. */
68static void tcp_event_new_data_sent(struct sock *sk, struct sk_buff *skb)
69{
70 struct tcp_sock *tp = tcp_sk(sk);
71 unsigned int prior_packets = tp->packets_out;
72
73 tcp_advance_send_head(sk, skb);
74 tp->snd_nxt = TCP_SKB_CB(skb)->end_seq;
75
76 /* Don't override Nagle indefinitely with F-RTO */
77 if (tp->frto_counter == 2)
78 tp->frto_counter = 3;
79
80 tp->packets_out += tcp_skb_pcount(skb);
81 if (!prior_packets)
82 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
83 inet_csk(sk)->icsk_rto, TCP_RTO_MAX);
84}
85
86/* SND.NXT, if window was not shrunk.
87 * If window has been shrunk, what should we make? It is not clear at all.
88 * Using SND.UNA we will fail to open window, SND.NXT is out of window. :-(
89 * Anything in between SND.UNA...SND.UNA+SND.WND also can be already
90 * invalid. OK, let's make this for now:
91 */
92static inline __u32 tcp_acceptable_seq(struct sock *sk)
93{
94 struct tcp_sock *tp = tcp_sk(sk);
95
96 if (!before(tcp_wnd_end(tp), tp->snd_nxt))
97 return tp->snd_nxt;
98 else
99 return tcp_wnd_end(tp);
100}
101
102/* Calculate mss to advertise in SYN segment.
103 * RFC1122, RFC1063, draft-ietf-tcpimpl-pmtud-01 state that:
104 *
105 * 1. It is independent of path mtu.
106 * 2. Ideally, it is maximal possible segment size i.e. 65535-40.
107 * 3. For IPv4 it is reasonable to calculate it from maximal MTU of
108 * attached devices, because some buggy hosts are confused by
109 * large MSS.
110 * 4. We do not make 3, we advertise MSS, calculated from first
111 * hop device mtu, but allow to raise it to ip_rt_min_advmss.
112 * This may be overridden via information stored in routing table.
113 * 5. Value 65535 for MSS is valid in IPv6 and means "as large as possible,
114 * probably even Jumbo".
115 */
116static __u16 tcp_advertise_mss(struct sock *sk)
117{
118 struct tcp_sock *tp = tcp_sk(sk);
119 struct dst_entry *dst = __sk_dst_get(sk);
120 int mss = tp->advmss;
121
122 if (dst) {
123 unsigned int metric = dst_metric_advmss(dst);
124
125 if (metric < mss) {
126 mss = metric;
127 tp->advmss = mss;
128 }
129 }
130
131 return (__u16)mss;
132}
133
134/* RFC2861. Reset CWND after idle period longer RTO to "restart window".
135 * This is the first part of cwnd validation mechanism. */
136static void tcp_cwnd_restart(struct sock *sk, struct dst_entry *dst)
137{
138 struct tcp_sock *tp = tcp_sk(sk);
139 s32 delta = tcp_time_stamp - tp->lsndtime;
140 u32 restart_cwnd = tcp_init_cwnd(tp, dst);
141 u32 cwnd = tp->snd_cwnd;
142
143 tcp_ca_event(sk, CA_EVENT_CWND_RESTART);
144
145 tp->snd_ssthresh = tcp_current_ssthresh(sk);
146 restart_cwnd = min(restart_cwnd, cwnd);
147
148 while ((delta -= inet_csk(sk)->icsk_rto) > 0 && cwnd > restart_cwnd)
149 cwnd >>= 1;
150 tp->snd_cwnd = max(cwnd, restart_cwnd);
151 tp->snd_cwnd_stamp = tcp_time_stamp;
152 tp->snd_cwnd_used = 0;
153}
154
155/* Congestion state accounting after a packet has been sent. */
156static void tcp_event_data_sent(struct tcp_sock *tp,
157 struct sk_buff *skb, struct sock *sk)
158{
159 struct inet_connection_sock *icsk = inet_csk(sk);
160 const u32 now = tcp_time_stamp;
161
162 if (sysctl_tcp_slow_start_after_idle &&
163 (!tp->packets_out && (s32)(now - tp->lsndtime) > icsk->icsk_rto))
164 tcp_cwnd_restart(sk, __sk_dst_get(sk));
165
166 tp->lsndtime = now;
167
168 /* If it is a reply for ato after last received
169 * packet, enter pingpong mode.
170 */
171 if ((u32)(now - icsk->icsk_ack.lrcvtime) < icsk->icsk_ack.ato)
172 icsk->icsk_ack.pingpong = 1;
173}
174
175/* Account for an ACK we sent. */
176static inline void tcp_event_ack_sent(struct sock *sk, unsigned int pkts)
177{
178 tcp_dec_quickack_mode(sk, pkts);
179 inet_csk_clear_xmit_timer(sk, ICSK_TIME_DACK);
180}
181
182/* Determine a window scaling and initial window to offer.
183 * Based on the assumption that the given amount of space
184 * will be offered. Store the results in the tp structure.
185 * NOTE: for smooth operation initial space offering should
186 * be a multiple of mss if possible. We assume here that mss >= 1.
187 * This MUST be enforced by all callers.
188 */
189void tcp_select_initial_window(int __space, __u32 mss,
190 __u32 *rcv_wnd, __u32 *window_clamp,
191 int wscale_ok, __u8 *rcv_wscale,
192 __u32 init_rcv_wnd)
193{
194 unsigned int space = (__space < 0 ? 0 : __space);
195
196 /* If no clamp set the clamp to the max possible scaled window */
197 if (*window_clamp == 0)
198 (*window_clamp) = (65535 << 14);
199 space = min(*window_clamp, space);
200
201 /* Quantize space offering to a multiple of mss if possible. */
202 if (space > mss)
203 space = (space / mss) * mss;
204
205 /* NOTE: offering an initial window larger than 32767
206 * will break some buggy TCP stacks. If the admin tells us
207 * it is likely we could be speaking with such a buggy stack
208 * we will truncate our initial window offering to 32K-1
209 * unless the remote has sent us a window scaling option,
210 * which we interpret as a sign the remote TCP is not
211 * misinterpreting the window field as a signed quantity.
212 */
213 if (sysctl_tcp_workaround_signed_windows)
214 (*rcv_wnd) = min(space, MAX_TCP_WINDOW);
215 else
216 (*rcv_wnd) = space;
217
218 (*rcv_wscale) = 0;
219 if (wscale_ok) {
220 /* Set window scaling on max possible window
221 * See RFC1323 for an explanation of the limit to 14
222 */
223 space = max_t(u32, sysctl_tcp_rmem[2], sysctl_rmem_max);
224 space = min_t(u32, space, *window_clamp);
225 while (space > 65535 && (*rcv_wscale) < 14) {
226 space >>= 1;
227 (*rcv_wscale)++;
228 }
229 }
230
231 /* Set initial window to a value enough for senders starting with
232 * initial congestion window of TCP_DEFAULT_INIT_RCVWND. Place
233 * a limit on the initial window when mss is larger than 1460.
234 */
235 if (mss > (1 << *rcv_wscale)) {
236 int init_cwnd = TCP_DEFAULT_INIT_RCVWND;
237 if (mss > 1460)
238 init_cwnd =
239 max_t(u32, (1460 * TCP_DEFAULT_INIT_RCVWND) / mss, 2);
240 /* when initializing use the value from init_rcv_wnd
241 * rather than the default from above
242 */
243 if (init_rcv_wnd)
244 *rcv_wnd = min(*rcv_wnd, init_rcv_wnd * mss);
245 else
246 *rcv_wnd = min(*rcv_wnd, init_cwnd * mss);
247 }
248
249 /* Set the clamp no higher than max representable value */
250 (*window_clamp) = min(65535U << (*rcv_wscale), *window_clamp);
251}
252EXPORT_SYMBOL(tcp_select_initial_window);
253
254/* Chose a new window to advertise, update state in tcp_sock for the
255 * socket, and return result with RFC1323 scaling applied. The return
256 * value can be stuffed directly into th->window for an outgoing
257 * frame.
258 */
259static u16 tcp_select_window(struct sock *sk)
260{
261 struct tcp_sock *tp = tcp_sk(sk);
262 u32 cur_win = tcp_receive_window(tp);
263 u32 new_win = __tcp_select_window(sk);
264
265 /* Never shrink the offered window */
266 if (new_win < cur_win) {
267 /* Danger Will Robinson!
268 * Don't update rcv_wup/rcv_wnd here or else
269 * we will not be able to advertise a zero
270 * window in time. --DaveM
271 *
272 * Relax Will Robinson.
273 */
274 new_win = ALIGN(cur_win, 1 << tp->rx_opt.rcv_wscale);
275 }
276 tp->rcv_wnd = new_win;
277 tp->rcv_wup = tp->rcv_nxt;
278
279 /* Make sure we do not exceed the maximum possible
280 * scaled window.
281 */
282 if (!tp->rx_opt.rcv_wscale && sysctl_tcp_workaround_signed_windows)
283 new_win = min(new_win, MAX_TCP_WINDOW);
284 else
285 new_win = min(new_win, (65535U << tp->rx_opt.rcv_wscale));
286
287 /* RFC1323 scaling applied */
288 new_win >>= tp->rx_opt.rcv_wscale;
289
290 /* If we advertise zero window, disable fast path. */
291 if (new_win == 0)
292 tp->pred_flags = 0;
293
294 return new_win;
295}
296
297/* Packet ECN state for a SYN-ACK */
298static inline void TCP_ECN_send_synack(struct tcp_sock *tp, struct sk_buff *skb)
299{
300 TCP_SKB_CB(skb)->flags &= ~TCPHDR_CWR;
301 if (!(tp->ecn_flags & TCP_ECN_OK))
302 TCP_SKB_CB(skb)->flags &= ~TCPHDR_ECE;
303}
304
305/* Packet ECN state for a SYN. */
306static inline void TCP_ECN_send_syn(struct sock *sk, struct sk_buff *skb)
307{
308 struct tcp_sock *tp = tcp_sk(sk);
309
310 tp->ecn_flags = 0;
311 if (sysctl_tcp_ecn == 1) {
312 TCP_SKB_CB(skb)->flags |= TCPHDR_ECE | TCPHDR_CWR;
313 tp->ecn_flags = TCP_ECN_OK;
314 }
315}
316
317static __inline__ void
318TCP_ECN_make_synack(struct request_sock *req, struct tcphdr *th)
319{
320 if (inet_rsk(req)->ecn_ok)
321 th->ece = 1;
322}
323
324/* Set up ECN state for a packet on a ESTABLISHED socket that is about to
325 * be sent.
326 */
327static inline void TCP_ECN_send(struct sock *sk, struct sk_buff *skb,
328 int tcp_header_len)
329{
330 struct tcp_sock *tp = tcp_sk(sk);
331
332 if (tp->ecn_flags & TCP_ECN_OK) {
333 /* Not-retransmitted data segment: set ECT and inject CWR. */
334 if (skb->len != tcp_header_len &&
335 !before(TCP_SKB_CB(skb)->seq, tp->snd_nxt)) {
336 INET_ECN_xmit(sk);
337 if (tp->ecn_flags & TCP_ECN_QUEUE_CWR) {
338 tp->ecn_flags &= ~TCP_ECN_QUEUE_CWR;
339 tcp_hdr(skb)->cwr = 1;
340 skb_shinfo(skb)->gso_type |= SKB_GSO_TCP_ECN;
341 }
342 } else {
343 /* ACK or retransmitted segment: clear ECT|CE */
344 INET_ECN_dontxmit(sk);
345 }
346 if (tp->ecn_flags & TCP_ECN_DEMAND_CWR)
347 tcp_hdr(skb)->ece = 1;
348 }
349}
350
351/* Constructs common control bits of non-data skb. If SYN/FIN is present,
352 * auto increment end seqno.
353 */
354static void tcp_init_nondata_skb(struct sk_buff *skb, u32 seq, u8 flags)
355{
356 skb->ip_summed = CHECKSUM_PARTIAL;
357 skb->csum = 0;
358
359 TCP_SKB_CB(skb)->flags = flags;
360 TCP_SKB_CB(skb)->sacked = 0;
361
362 skb_shinfo(skb)->gso_segs = 1;
363 skb_shinfo(skb)->gso_size = 0;
364 skb_shinfo(skb)->gso_type = 0;
365
366 TCP_SKB_CB(skb)->seq = seq;
367 if (flags & (TCPHDR_SYN | TCPHDR_FIN))
368 seq++;
369 TCP_SKB_CB(skb)->end_seq = seq;
370}
371
372static inline int tcp_urg_mode(const struct tcp_sock *tp)
373{
374 return tp->snd_una != tp->snd_up;
375}
376
377#define OPTION_SACK_ADVERTISE (1 << 0)
378#define OPTION_TS (1 << 1)
379#define OPTION_MD5 (1 << 2)
380#define OPTION_WSCALE (1 << 3)
381#define OPTION_COOKIE_EXTENSION (1 << 4)
382
383struct tcp_out_options {
384 u8 options; /* bit field of OPTION_* */
385 u8 ws; /* window scale, 0 to disable */
386 u8 num_sack_blocks; /* number of SACK blocks to include */
387 u8 hash_size; /* bytes in hash_location */
388 u16 mss; /* 0 to disable */
389 __u32 tsval, tsecr; /* need to include OPTION_TS */
390 __u8 *hash_location; /* temporary pointer, overloaded */
391};
392
393/* The sysctl int routines are generic, so check consistency here.
394 */
395static u8 tcp_cookie_size_check(u8 desired)
396{
397 int cookie_size;
398
399 if (desired > 0)
400 /* previously specified */
401 return desired;
402
403 cookie_size = ACCESS_ONCE(sysctl_tcp_cookie_size);
404 if (cookie_size <= 0)
405 /* no default specified */
406 return 0;
407
408 if (cookie_size <= TCP_COOKIE_MIN)
409 /* value too small, specify minimum */
410 return TCP_COOKIE_MIN;
411
412 if (cookie_size >= TCP_COOKIE_MAX)
413 /* value too large, specify maximum */
414 return TCP_COOKIE_MAX;
415
416 if (cookie_size & 1)
417 /* 8-bit multiple, illegal, fix it */
418 cookie_size++;
419
420 return (u8)cookie_size;
421}
422
423/* Write previously computed TCP options to the packet.
424 *
425 * Beware: Something in the Internet is very sensitive to the ordering of
426 * TCP options, we learned this through the hard way, so be careful here.
427 * Luckily we can at least blame others for their non-compliance but from
428 * inter-operatibility perspective it seems that we're somewhat stuck with
429 * the ordering which we have been using if we want to keep working with
430 * those broken things (not that it currently hurts anybody as there isn't
431 * particular reason why the ordering would need to be changed).
432 *
433 * At least SACK_PERM as the first option is known to lead to a disaster
434 * (but it may well be that other scenarios fail similarly).
435 */
436static void tcp_options_write(__be32 *ptr, struct tcp_sock *tp,
437 struct tcp_out_options *opts)
438{
439 u8 options = opts->options; /* mungable copy */
440
441 /* Having both authentication and cookies for security is redundant,
442 * and there's certainly not enough room. Instead, the cookie-less
443 * extension variant is proposed.
444 *
445 * Consider the pessimal case with authentication. The options
446 * could look like:
447 * COOKIE|MD5(20) + MSS(4) + SACK|TS(12) + WSCALE(4) == 40
448 */
449 if (unlikely(OPTION_MD5 & options)) {
450 if (unlikely(OPTION_COOKIE_EXTENSION & options)) {
451 *ptr++ = htonl((TCPOPT_COOKIE << 24) |
452 (TCPOLEN_COOKIE_BASE << 16) |
453 (TCPOPT_MD5SIG << 8) |
454 TCPOLEN_MD5SIG);
455 } else {
456 *ptr++ = htonl((TCPOPT_NOP << 24) |
457 (TCPOPT_NOP << 16) |
458 (TCPOPT_MD5SIG << 8) |
459 TCPOLEN_MD5SIG);
460 }
461 options &= ~OPTION_COOKIE_EXTENSION;
462 /* overload cookie hash location */
463 opts->hash_location = (__u8 *)ptr;
464 ptr += 4;
465 }
466
467 if (unlikely(opts->mss)) {
468 *ptr++ = htonl((TCPOPT_MSS << 24) |
469 (TCPOLEN_MSS << 16) |
470 opts->mss);
471 }
472
473 if (likely(OPTION_TS & options)) {
474 if (unlikely(OPTION_SACK_ADVERTISE & options)) {
475 *ptr++ = htonl((TCPOPT_SACK_PERM << 24) |
476 (TCPOLEN_SACK_PERM << 16) |
477 (TCPOPT_TIMESTAMP << 8) |
478 TCPOLEN_TIMESTAMP);
479 options &= ~OPTION_SACK_ADVERTISE;
480 } else {
481 *ptr++ = htonl((TCPOPT_NOP << 24) |
482 (TCPOPT_NOP << 16) |
483 (TCPOPT_TIMESTAMP << 8) |
484 TCPOLEN_TIMESTAMP);
485 }
486 *ptr++ = htonl(opts->tsval);
487 *ptr++ = htonl(opts->tsecr);
488 }
489
490 /* Specification requires after timestamp, so do it now.
491 *
492 * Consider the pessimal case without authentication. The options
493 * could look like:
494 * MSS(4) + SACK|TS(12) + COOKIE(20) + WSCALE(4) == 40
495 */
496 if (unlikely(OPTION_COOKIE_EXTENSION & options)) {
497 __u8 *cookie_copy = opts->hash_location;
498 u8 cookie_size = opts->hash_size;
499
500 /* 8-bit multiple handled in tcp_cookie_size_check() above,
501 * and elsewhere.
502 */
503 if (0x2 & cookie_size) {
504 __u8 *p = (__u8 *)ptr;
505
506 /* 16-bit multiple */
507 *p++ = TCPOPT_COOKIE;
508 *p++ = TCPOLEN_COOKIE_BASE + cookie_size;
509 *p++ = *cookie_copy++;
510 *p++ = *cookie_copy++;
511 ptr++;
512 cookie_size -= 2;
513 } else {
514 /* 32-bit multiple */
515 *ptr++ = htonl(((TCPOPT_NOP << 24) |
516 (TCPOPT_NOP << 16) |
517 (TCPOPT_COOKIE << 8) |
518 TCPOLEN_COOKIE_BASE) +
519 cookie_size);
520 }
521
522 if (cookie_size > 0) {
523 memcpy(ptr, cookie_copy, cookie_size);
524 ptr += (cookie_size / 4);
525 }
526 }
527
528 if (unlikely(OPTION_SACK_ADVERTISE & options)) {
529 *ptr++ = htonl((TCPOPT_NOP << 24) |
530 (TCPOPT_NOP << 16) |
531 (TCPOPT_SACK_PERM << 8) |
532 TCPOLEN_SACK_PERM);
533 }
534
535 if (unlikely(OPTION_WSCALE & options)) {
536 *ptr++ = htonl((TCPOPT_NOP << 24) |
537 (TCPOPT_WINDOW << 16) |
538 (TCPOLEN_WINDOW << 8) |
539 opts->ws);
540 }
541
542 if (unlikely(opts->num_sack_blocks)) {
543 struct tcp_sack_block *sp = tp->rx_opt.dsack ?
544 tp->duplicate_sack : tp->selective_acks;
545 int this_sack;
546
547 *ptr++ = htonl((TCPOPT_NOP << 24) |
548 (TCPOPT_NOP << 16) |
549 (TCPOPT_SACK << 8) |
550 (TCPOLEN_SACK_BASE + (opts->num_sack_blocks *
551 TCPOLEN_SACK_PERBLOCK)));
552
553 for (this_sack = 0; this_sack < opts->num_sack_blocks;
554 ++this_sack) {
555 *ptr++ = htonl(sp[this_sack].start_seq);
556 *ptr++ = htonl(sp[this_sack].end_seq);
557 }
558
559 tp->rx_opt.dsack = 0;
560 }
561}
562
563/* Compute TCP options for SYN packets. This is not the final
564 * network wire format yet.
565 */
566static unsigned tcp_syn_options(struct sock *sk, struct sk_buff *skb,
567 struct tcp_out_options *opts,
568 struct tcp_md5sig_key **md5) {
569 struct tcp_sock *tp = tcp_sk(sk);
570 struct tcp_cookie_values *cvp = tp->cookie_values;
571 unsigned remaining = MAX_TCP_OPTION_SPACE;
572 u8 cookie_size = (!tp->rx_opt.cookie_out_never && cvp != NULL) ?
573 tcp_cookie_size_check(cvp->cookie_desired) :
574 0;
575
576#ifdef CONFIG_TCP_MD5SIG
577 *md5 = tp->af_specific->md5_lookup(sk, sk);
578 if (*md5) {
579 opts->options |= OPTION_MD5;
580 remaining -= TCPOLEN_MD5SIG_ALIGNED;
581 }
582#else
583 *md5 = NULL;
584#endif
585
586 /* We always get an MSS option. The option bytes which will be seen in
587 * normal data packets should timestamps be used, must be in the MSS
588 * advertised. But we subtract them from tp->mss_cache so that
589 * calculations in tcp_sendmsg are simpler etc. So account for this
590 * fact here if necessary. If we don't do this correctly, as a
591 * receiver we won't recognize data packets as being full sized when we
592 * should, and thus we won't abide by the delayed ACK rules correctly.
593 * SACKs don't matter, we never delay an ACK when we have any of those
594 * going out. */
595 opts->mss = tcp_advertise_mss(sk);
596 remaining -= TCPOLEN_MSS_ALIGNED;
597
598 if (likely(sysctl_tcp_timestamps && *md5 == NULL)) {
599 opts->options |= OPTION_TS;
600 opts->tsval = TCP_SKB_CB(skb)->when;
601 opts->tsecr = tp->rx_opt.ts_recent;
602 remaining -= TCPOLEN_TSTAMP_ALIGNED;
603 }
604 if (likely(sysctl_tcp_window_scaling)) {
605 opts->ws = tp->rx_opt.rcv_wscale;
606 opts->options |= OPTION_WSCALE;
607 remaining -= TCPOLEN_WSCALE_ALIGNED;
608 }
609 if (likely(sysctl_tcp_sack)) {
610 opts->options |= OPTION_SACK_ADVERTISE;
611 if (unlikely(!(OPTION_TS & opts->options)))
612 remaining -= TCPOLEN_SACKPERM_ALIGNED;
613 }
614
615 /* Note that timestamps are required by the specification.
616 *
617 * Odd numbers of bytes are prohibited by the specification, ensuring
618 * that the cookie is 16-bit aligned, and the resulting cookie pair is
619 * 32-bit aligned.
620 */
621 if (*md5 == NULL &&
622 (OPTION_TS & opts->options) &&
623 cookie_size > 0) {
624 int need = TCPOLEN_COOKIE_BASE + cookie_size;
625
626 if (0x2 & need) {
627 /* 32-bit multiple */
628 need += 2; /* NOPs */
629
630 if (need > remaining) {
631 /* try shrinking cookie to fit */
632 cookie_size -= 2;
633 need -= 4;
634 }
635 }
636 while (need > remaining && TCP_COOKIE_MIN <= cookie_size) {
637 cookie_size -= 4;
638 need -= 4;
639 }
640 if (TCP_COOKIE_MIN <= cookie_size) {
641 opts->options |= OPTION_COOKIE_EXTENSION;
642 opts->hash_location = (__u8 *)&cvp->cookie_pair[0];
643 opts->hash_size = cookie_size;
644
645 /* Remember for future incarnations. */
646 cvp->cookie_desired = cookie_size;
647
648 if (cvp->cookie_desired != cvp->cookie_pair_size) {
649 /* Currently use random bytes as a nonce,
650 * assuming these are completely unpredictable
651 * by hostile users of the same system.
652 */
653 get_random_bytes(&cvp->cookie_pair[0],
654 cookie_size);
655 cvp->cookie_pair_size = cookie_size;
656 }
657
658 remaining -= need;
659 }
660 }
661 return MAX_TCP_OPTION_SPACE - remaining;
662}
663
664/* Set up TCP options for SYN-ACKs. */
665static unsigned tcp_synack_options(struct sock *sk,
666 struct request_sock *req,
667 unsigned mss, struct sk_buff *skb,
668 struct tcp_out_options *opts,
669 struct tcp_md5sig_key **md5,
670 struct tcp_extend_values *xvp)
671{
672 struct inet_request_sock *ireq = inet_rsk(req);
673 unsigned remaining = MAX_TCP_OPTION_SPACE;
674 u8 cookie_plus = (xvp != NULL && !xvp->cookie_out_never) ?
675 xvp->cookie_plus :
676 0;
677
678#ifdef CONFIG_TCP_MD5SIG
679 *md5 = tcp_rsk(req)->af_specific->md5_lookup(sk, req);
680 if (*md5) {
681 opts->options |= OPTION_MD5;
682 remaining -= TCPOLEN_MD5SIG_ALIGNED;
683
684 /* We can't fit any SACK blocks in a packet with MD5 + TS
685 * options. There was discussion about disabling SACK
686 * rather than TS in order to fit in better with old,
687 * buggy kernels, but that was deemed to be unnecessary.
688 */
689 ireq->tstamp_ok &= !ireq->sack_ok;
690 }
691#else
692 *md5 = NULL;
693#endif
694
695 /* We always send an MSS option. */
696 opts->mss = mss;
697 remaining -= TCPOLEN_MSS_ALIGNED;
698
699 if (likely(ireq->wscale_ok)) {
700 opts->ws = ireq->rcv_wscale;
701 opts->options |= OPTION_WSCALE;
702 remaining -= TCPOLEN_WSCALE_ALIGNED;
703 }
704 if (likely(ireq->tstamp_ok)) {
705 opts->options |= OPTION_TS;
706 opts->tsval = TCP_SKB_CB(skb)->when;
707 opts->tsecr = req->ts_recent;
708 remaining -= TCPOLEN_TSTAMP_ALIGNED;
709 }
710 if (likely(ireq->sack_ok)) {
711 opts->options |= OPTION_SACK_ADVERTISE;
712 if (unlikely(!ireq->tstamp_ok))
713 remaining -= TCPOLEN_SACKPERM_ALIGNED;
714 }
715
716 /* Similar rationale to tcp_syn_options() applies here, too.
717 * If the <SYN> options fit, the same options should fit now!
718 */
719 if (*md5 == NULL &&
720 ireq->tstamp_ok &&
721 cookie_plus > TCPOLEN_COOKIE_BASE) {
722 int need = cookie_plus; /* has TCPOLEN_COOKIE_BASE */
723
724 if (0x2 & need) {
725 /* 32-bit multiple */
726 need += 2; /* NOPs */
727 }
728 if (need <= remaining) {
729 opts->options |= OPTION_COOKIE_EXTENSION;
730 opts->hash_size = cookie_plus - TCPOLEN_COOKIE_BASE;
731 remaining -= need;
732 } else {
733 /* There's no error return, so flag it. */
734 xvp->cookie_out_never = 1; /* true */
735 opts->hash_size = 0;
736 }
737 }
738 return MAX_TCP_OPTION_SPACE - remaining;
739}
740
741/* Compute TCP options for ESTABLISHED sockets. This is not the
742 * final wire format yet.
743 */
744static unsigned tcp_established_options(struct sock *sk, struct sk_buff *skb,
745 struct tcp_out_options *opts,
746 struct tcp_md5sig_key **md5) {
747 struct tcp_skb_cb *tcb = skb ? TCP_SKB_CB(skb) : NULL;
748 struct tcp_sock *tp = tcp_sk(sk);
749 unsigned size = 0;
750 unsigned int eff_sacks;
751
752#ifdef CONFIG_TCP_MD5SIG
753 *md5 = tp->af_specific->md5_lookup(sk, sk);
754 if (unlikely(*md5)) {
755 opts->options |= OPTION_MD5;
756 size += TCPOLEN_MD5SIG_ALIGNED;
757 }
758#else
759 *md5 = NULL;
760#endif
761
762 if (likely(tp->rx_opt.tstamp_ok)) {
763 opts->options |= OPTION_TS;
764 opts->tsval = tcb ? tcb->when : 0;
765 opts->tsecr = tp->rx_opt.ts_recent;
766 size += TCPOLEN_TSTAMP_ALIGNED;
767 }
768
769 eff_sacks = tp->rx_opt.num_sacks + tp->rx_opt.dsack;
770 if (unlikely(eff_sacks)) {
771 const unsigned remaining = MAX_TCP_OPTION_SPACE - size;
772 opts->num_sack_blocks =
773 min_t(unsigned, eff_sacks,
774 (remaining - TCPOLEN_SACK_BASE_ALIGNED) /
775 TCPOLEN_SACK_PERBLOCK);
776 size += TCPOLEN_SACK_BASE_ALIGNED +
777 opts->num_sack_blocks * TCPOLEN_SACK_PERBLOCK;
778 }
779
780 return size;
781}
782
783/* This routine actually transmits TCP packets queued in by
784 * tcp_do_sendmsg(). This is used by both the initial
785 * transmission and possible later retransmissions.
786 * All SKB's seen here are completely headerless. It is our
787 * job to build the TCP header, and pass the packet down to
788 * IP so it can do the same plus pass the packet off to the
789 * device.
790 *
791 * We are working here with either a clone of the original
792 * SKB, or a fresh unique copy made by the retransmit engine.
793 */
794static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
795 gfp_t gfp_mask)
796{
797 const struct inet_connection_sock *icsk = inet_csk(sk);
798 struct inet_sock *inet;
799 struct tcp_sock *tp;
800 struct tcp_skb_cb *tcb;
801 struct tcp_out_options opts;
802 unsigned tcp_options_size, tcp_header_size;
803 struct tcp_md5sig_key *md5;
804 struct tcphdr *th;
805 int err;
806
807 BUG_ON(!skb || !tcp_skb_pcount(skb));
808
809 /* If congestion control is doing timestamping, we must
810 * take such a timestamp before we potentially clone/copy.
811 */
812 if (icsk->icsk_ca_ops->flags & TCP_CONG_RTT_STAMP)
813 __net_timestamp(skb);
814
815 if (likely(clone_it)) {
816 if (unlikely(skb_cloned(skb)))
817 skb = pskb_copy(skb, gfp_mask);
818 else
819 skb = skb_clone(skb, gfp_mask);
820 if (unlikely(!skb))
821 return -ENOBUFS;
822 }
823
824 inet = inet_sk(sk);
825 tp = tcp_sk(sk);
826 tcb = TCP_SKB_CB(skb);
827 memset(&opts, 0, sizeof(opts));
828
829 if (unlikely(tcb->flags & TCPHDR_SYN))
830 tcp_options_size = tcp_syn_options(sk, skb, &opts, &md5);
831 else
832 tcp_options_size = tcp_established_options(sk, skb, &opts,
833 &md5);
834 tcp_header_size = tcp_options_size + sizeof(struct tcphdr);
835
836 if (tcp_packets_in_flight(tp) == 0) {
837 tcp_ca_event(sk, CA_EVENT_TX_START);
838 skb->ooo_okay = 1;
839 } else
840 skb->ooo_okay = 0;
841
842 skb_push(skb, tcp_header_size);
843 skb_reset_transport_header(skb);
844 skb_set_owner_w(skb, sk);
845
846 /* Build TCP header and checksum it. */
847 th = tcp_hdr(skb);
848 th->source = inet->inet_sport;
849 th->dest = inet->inet_dport;
850 th->seq = htonl(tcb->seq);
851 th->ack_seq = htonl(tp->rcv_nxt);
852 *(((__be16 *)th) + 6) = htons(((tcp_header_size >> 2) << 12) |
853 tcb->flags);
854
855 if (unlikely(tcb->flags & TCPHDR_SYN)) {
856 /* RFC1323: The window in SYN & SYN/ACK segments
857 * is never scaled.
858 */
859 th->window = htons(min(tp->rcv_wnd, 65535U));
860 } else {
861 th->window = htons(tcp_select_window(sk));
862 }
863 th->check = 0;
864 th->urg_ptr = 0;
865
866 /* The urg_mode check is necessary during a below snd_una win probe */
867 if (unlikely(tcp_urg_mode(tp) && before(tcb->seq, tp->snd_up))) {
868 if (before(tp->snd_up, tcb->seq + 0x10000)) {
869 th->urg_ptr = htons(tp->snd_up - tcb->seq);
870 th->urg = 1;
871 } else if (after(tcb->seq + 0xFFFF, tp->snd_nxt)) {
872 th->urg_ptr = htons(0xFFFF);
873 th->urg = 1;
874 }
875 }
876
877 tcp_options_write((__be32 *)(th + 1), tp, &opts);
878 if (likely((tcb->flags & TCPHDR_SYN) == 0))
879 TCP_ECN_send(sk, skb, tcp_header_size);
880
881#ifdef CONFIG_TCP_MD5SIG
882 /* Calculate the MD5 hash, as we have all we need now */
883 if (md5) {
884 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
885 tp->af_specific->calc_md5_hash(opts.hash_location,
886 md5, sk, NULL, skb);
887 }
888#endif
889
890 icsk->icsk_af_ops->send_check(sk, skb);
891
892 if (likely(tcb->flags & TCPHDR_ACK))
893 tcp_event_ack_sent(sk, tcp_skb_pcount(skb));
894
895 if (skb->len != tcp_header_size)
896 tcp_event_data_sent(tp, skb, sk);
897
898 if (after(tcb->end_seq, tp->snd_nxt) || tcb->seq == tcb->end_seq)
899 TCP_ADD_STATS(sock_net(sk), TCP_MIB_OUTSEGS,
900 tcp_skb_pcount(skb));
901
902 err = icsk->icsk_af_ops->queue_xmit(skb, &inet->cork.fl);
903 if (likely(err <= 0))
904 return err;
905
906 tcp_enter_cwr(sk, 1);
907
908 return net_xmit_eval(err);
909}
910
911/* This routine just queues the buffer for sending.
912 *
913 * NOTE: probe0 timer is not checked, do not forget tcp_push_pending_frames,
914 * otherwise socket can stall.
915 */
916static void tcp_queue_skb(struct sock *sk, struct sk_buff *skb)
917{
918 struct tcp_sock *tp = tcp_sk(sk);
919
920 /* Advance write_seq and place onto the write_queue. */
921 tp->write_seq = TCP_SKB_CB(skb)->end_seq;
922 skb_header_release(skb);
923 tcp_add_write_queue_tail(sk, skb);
924 sk->sk_wmem_queued += skb->truesize;
925 sk_mem_charge(sk, skb->truesize);
926}
927
928/* Initialize TSO segments for a packet. */
929static void tcp_set_skb_tso_segs(struct sock *sk, struct sk_buff *skb,
930 unsigned int mss_now)
931{
932 if (skb->len <= mss_now || !sk_can_gso(sk) ||
933 skb->ip_summed == CHECKSUM_NONE) {
934 /* Avoid the costly divide in the normal
935 * non-TSO case.
936 */
937 skb_shinfo(skb)->gso_segs = 1;
938 skb_shinfo(skb)->gso_size = 0;
939 skb_shinfo(skb)->gso_type = 0;
940 } else {
941 skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(skb->len, mss_now);
942 skb_shinfo(skb)->gso_size = mss_now;
943 skb_shinfo(skb)->gso_type = sk->sk_gso_type;
944 }
945}
946
947/* When a modification to fackets out becomes necessary, we need to check
948 * skb is counted to fackets_out or not.
949 */
950static void tcp_adjust_fackets_out(struct sock *sk, struct sk_buff *skb,
951 int decr)
952{
953 struct tcp_sock *tp = tcp_sk(sk);
954
955 if (!tp->sacked_out || tcp_is_reno(tp))
956 return;
957
958 if (after(tcp_highest_sack_seq(tp), TCP_SKB_CB(skb)->seq))
959 tp->fackets_out -= decr;
960}
961
962/* Pcount in the middle of the write queue got changed, we need to do various
963 * tweaks to fix counters
964 */
965static void tcp_adjust_pcount(struct sock *sk, struct sk_buff *skb, int decr)
966{
967 struct tcp_sock *tp = tcp_sk(sk);
968
969 tp->packets_out -= decr;
970
971 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)
972 tp->sacked_out -= decr;
973 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS)
974 tp->retrans_out -= decr;
975 if (TCP_SKB_CB(skb)->sacked & TCPCB_LOST)
976 tp->lost_out -= decr;
977
978 /* Reno case is special. Sigh... */
979 if (tcp_is_reno(tp) && decr > 0)
980 tp->sacked_out -= min_t(u32, tp->sacked_out, decr);
981
982 tcp_adjust_fackets_out(sk, skb, decr);
983
984 if (tp->lost_skb_hint &&
985 before(TCP_SKB_CB(skb)->seq, TCP_SKB_CB(tp->lost_skb_hint)->seq) &&
986 (tcp_is_fack(tp) || (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)))
987 tp->lost_cnt_hint -= decr;
988
989 tcp_verify_left_out(tp);
990}
991
992/* Function to create two new TCP segments. Shrinks the given segment
993 * to the specified size and appends a new segment with the rest of the
994 * packet to the list. This won't be called frequently, I hope.
995 * Remember, these are still headerless SKBs at this point.
996 */
997int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len,
998 unsigned int mss_now)
999{
1000 struct tcp_sock *tp = tcp_sk(sk);
1001 struct sk_buff *buff;
1002 int nsize, old_factor;
1003 int nlen;
1004 u8 flags;
1005
1006 if (WARN_ON(len > skb->len))
1007 return -EINVAL;
1008
1009 nsize = skb_headlen(skb) - len;
1010 if (nsize < 0)
1011 nsize = 0;
1012
1013 if (skb_cloned(skb) &&
1014 skb_is_nonlinear(skb) &&
1015 pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
1016 return -ENOMEM;
1017
1018 /* Get a new skb... force flag on. */
1019 buff = sk_stream_alloc_skb(sk, nsize, GFP_ATOMIC);
1020 if (buff == NULL)
1021 return -ENOMEM; /* We'll just try again later. */
1022
1023 sk->sk_wmem_queued += buff->truesize;
1024 sk_mem_charge(sk, buff->truesize);
1025 nlen = skb->len - len - nsize;
1026 buff->truesize += nlen;
1027 skb->truesize -= nlen;
1028
1029 /* Correct the sequence numbers. */
1030 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len;
1031 TCP_SKB_CB(buff)->end_seq = TCP_SKB_CB(skb)->end_seq;
1032 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq;
1033
1034 /* PSH and FIN should only be set in the second packet. */
1035 flags = TCP_SKB_CB(skb)->flags;
1036 TCP_SKB_CB(skb)->flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH);
1037 TCP_SKB_CB(buff)->flags = flags;
1038 TCP_SKB_CB(buff)->sacked = TCP_SKB_CB(skb)->sacked;
1039
1040 if (!skb_shinfo(skb)->nr_frags && skb->ip_summed != CHECKSUM_PARTIAL) {
1041 /* Copy and checksum data tail into the new buffer. */
1042 buff->csum = csum_partial_copy_nocheck(skb->data + len,
1043 skb_put(buff, nsize),
1044 nsize, 0);
1045
1046 skb_trim(skb, len);
1047
1048 skb->csum = csum_block_sub(skb->csum, buff->csum, len);
1049 } else {
1050 skb->ip_summed = CHECKSUM_PARTIAL;
1051 skb_split(skb, buff, len);
1052 }
1053
1054 buff->ip_summed = skb->ip_summed;
1055
1056 /* Looks stupid, but our code really uses when of
1057 * skbs, which it never sent before. --ANK
1058 */
1059 TCP_SKB_CB(buff)->when = TCP_SKB_CB(skb)->when;
1060 buff->tstamp = skb->tstamp;
1061
1062 old_factor = tcp_skb_pcount(skb);
1063
1064 /* Fix up tso_factor for both original and new SKB. */
1065 tcp_set_skb_tso_segs(sk, skb, mss_now);
1066 tcp_set_skb_tso_segs(sk, buff, mss_now);
1067
1068 /* If this packet has been sent out already, we must
1069 * adjust the various packet counters.
1070 */
1071 if (!before(tp->snd_nxt, TCP_SKB_CB(buff)->end_seq)) {
1072 int diff = old_factor - tcp_skb_pcount(skb) -
1073 tcp_skb_pcount(buff);
1074
1075 if (diff)
1076 tcp_adjust_pcount(sk, skb, diff);
1077 }
1078
1079 /* Link BUFF into the send queue. */
1080 skb_header_release(buff);
1081 tcp_insert_write_queue_after(skb, buff, sk);
1082
1083 return 0;
1084}
1085
1086/* This is similar to __pskb_pull_head() (it will go to core/skbuff.c
1087 * eventually). The difference is that pulled data not copied, but
1088 * immediately discarded.
1089 */
1090static void __pskb_trim_head(struct sk_buff *skb, int len)
1091{
1092 int i, k, eat;
1093
1094 eat = len;
1095 k = 0;
1096 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
1097 if (skb_shinfo(skb)->frags[i].size <= eat) {
1098 put_page(skb_shinfo(skb)->frags[i].page);
1099 eat -= skb_shinfo(skb)->frags[i].size;
1100 } else {
1101 skb_shinfo(skb)->frags[k] = skb_shinfo(skb)->frags[i];
1102 if (eat) {
1103 skb_shinfo(skb)->frags[k].page_offset += eat;
1104 skb_shinfo(skb)->frags[k].size -= eat;
1105 eat = 0;
1106 }
1107 k++;
1108 }
1109 }
1110 skb_shinfo(skb)->nr_frags = k;
1111
1112 skb_reset_tail_pointer(skb);
1113 skb->data_len -= len;
1114 skb->len = skb->data_len;
1115}
1116
1117/* Remove acked data from a packet in the transmit queue. */
1118int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len)
1119{
1120 if (skb_cloned(skb) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
1121 return -ENOMEM;
1122
1123 /* If len == headlen, we avoid __skb_pull to preserve alignment. */
1124 if (unlikely(len < skb_headlen(skb)))
1125 __skb_pull(skb, len);
1126 else
1127 __pskb_trim_head(skb, len - skb_headlen(skb));
1128
1129 TCP_SKB_CB(skb)->seq += len;
1130 skb->ip_summed = CHECKSUM_PARTIAL;
1131
1132 skb->truesize -= len;
1133 sk->sk_wmem_queued -= len;
1134 sk_mem_uncharge(sk, len);
1135 sock_set_flag(sk, SOCK_QUEUE_SHRUNK);
1136
1137 /* Any change of skb->len requires recalculation of tso
1138 * factor and mss.
1139 */
1140 if (tcp_skb_pcount(skb) > 1)
1141 tcp_set_skb_tso_segs(sk, skb, tcp_current_mss(sk));
1142
1143 return 0;
1144}
1145
1146/* Calculate MSS. Not accounting for SACKs here. */
1147int tcp_mtu_to_mss(struct sock *sk, int pmtu)
1148{
1149 struct tcp_sock *tp = tcp_sk(sk);
1150 struct inet_connection_sock *icsk = inet_csk(sk);
1151 int mss_now;
1152
1153 /* Calculate base mss without TCP options:
1154 It is MMS_S - sizeof(tcphdr) of rfc1122
1155 */
1156 mss_now = pmtu - icsk->icsk_af_ops->net_header_len - sizeof(struct tcphdr);
1157
1158 /* Clamp it (mss_clamp does not include tcp options) */
1159 if (mss_now > tp->rx_opt.mss_clamp)
1160 mss_now = tp->rx_opt.mss_clamp;
1161
1162 /* Now subtract optional transport overhead */
1163 mss_now -= icsk->icsk_ext_hdr_len;
1164
1165 /* Then reserve room for full set of TCP options and 8 bytes of data */
1166 if (mss_now < 48)
1167 mss_now = 48;
1168
1169 /* Now subtract TCP options size, not including SACKs */
1170 mss_now -= tp->tcp_header_len - sizeof(struct tcphdr);
1171
1172 return mss_now;
1173}
1174
1175/* Inverse of above */
1176int tcp_mss_to_mtu(struct sock *sk, int mss)
1177{
1178 struct tcp_sock *tp = tcp_sk(sk);
1179 struct inet_connection_sock *icsk = inet_csk(sk);
1180 int mtu;
1181
1182 mtu = mss +
1183 tp->tcp_header_len +
1184 icsk->icsk_ext_hdr_len +
1185 icsk->icsk_af_ops->net_header_len;
1186
1187 return mtu;
1188}
1189
1190/* MTU probing init per socket */
1191void tcp_mtup_init(struct sock *sk)
1192{
1193 struct tcp_sock *tp = tcp_sk(sk);
1194 struct inet_connection_sock *icsk = inet_csk(sk);
1195
1196 icsk->icsk_mtup.enabled = sysctl_tcp_mtu_probing > 1;
1197 icsk->icsk_mtup.search_high = tp->rx_opt.mss_clamp + sizeof(struct tcphdr) +
1198 icsk->icsk_af_ops->net_header_len;
1199 icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, sysctl_tcp_base_mss);
1200 icsk->icsk_mtup.probe_size = 0;
1201}
1202EXPORT_SYMBOL(tcp_mtup_init);
1203
1204/* This function synchronize snd mss to current pmtu/exthdr set.
1205
1206 tp->rx_opt.user_mss is mss set by user by TCP_MAXSEG. It does NOT counts
1207 for TCP options, but includes only bare TCP header.
1208
1209 tp->rx_opt.mss_clamp is mss negotiated at connection setup.
1210 It is minimum of user_mss and mss received with SYN.
1211 It also does not include TCP options.
1212
1213 inet_csk(sk)->icsk_pmtu_cookie is last pmtu, seen by this function.
1214
1215 tp->mss_cache is current effective sending mss, including
1216 all tcp options except for SACKs. It is evaluated,
1217 taking into account current pmtu, but never exceeds
1218 tp->rx_opt.mss_clamp.
1219
1220 NOTE1. rfc1122 clearly states that advertised MSS
1221 DOES NOT include either tcp or ip options.
1222
1223 NOTE2. inet_csk(sk)->icsk_pmtu_cookie and tp->mss_cache
1224 are READ ONLY outside this function. --ANK (980731)
1225 */
1226unsigned int tcp_sync_mss(struct sock *sk, u32 pmtu)
1227{
1228 struct tcp_sock *tp = tcp_sk(sk);
1229 struct inet_connection_sock *icsk = inet_csk(sk);
1230 int mss_now;
1231
1232 if (icsk->icsk_mtup.search_high > pmtu)
1233 icsk->icsk_mtup.search_high = pmtu;
1234
1235 mss_now = tcp_mtu_to_mss(sk, pmtu);
1236 mss_now = tcp_bound_to_half_wnd(tp, mss_now);
1237
1238 /* And store cached results */
1239 icsk->icsk_pmtu_cookie = pmtu;
1240 if (icsk->icsk_mtup.enabled)
1241 mss_now = min(mss_now, tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low));
1242 tp->mss_cache = mss_now;
1243
1244 return mss_now;
1245}
1246EXPORT_SYMBOL(tcp_sync_mss);
1247
1248/* Compute the current effective MSS, taking SACKs and IP options,
1249 * and even PMTU discovery events into account.
1250 */
1251unsigned int tcp_current_mss(struct sock *sk)
1252{
1253 struct tcp_sock *tp = tcp_sk(sk);
1254 struct dst_entry *dst = __sk_dst_get(sk);
1255 u32 mss_now;
1256 unsigned header_len;
1257 struct tcp_out_options opts;
1258 struct tcp_md5sig_key *md5;
1259
1260 mss_now = tp->mss_cache;
1261
1262 if (dst) {
1263 u32 mtu = dst_mtu(dst);
1264 if (mtu != inet_csk(sk)->icsk_pmtu_cookie)
1265 mss_now = tcp_sync_mss(sk, mtu);
1266 }
1267
1268 header_len = tcp_established_options(sk, NULL, &opts, &md5) +
1269 sizeof(struct tcphdr);
1270 /* The mss_cache is sized based on tp->tcp_header_len, which assumes
1271 * some common options. If this is an odd packet (because we have SACK
1272 * blocks etc) then our calculated header_len will be different, and
1273 * we have to adjust mss_now correspondingly */
1274 if (header_len != tp->tcp_header_len) {
1275 int delta = (int) header_len - tp->tcp_header_len;
1276 mss_now -= delta;
1277 }
1278
1279 return mss_now;
1280}
1281
1282/* Congestion window validation. (RFC2861) */
1283static void tcp_cwnd_validate(struct sock *sk)
1284{
1285 struct tcp_sock *tp = tcp_sk(sk);
1286
1287 if (tp->packets_out >= tp->snd_cwnd) {
1288 /* Network is feed fully. */
1289 tp->snd_cwnd_used = 0;
1290 tp->snd_cwnd_stamp = tcp_time_stamp;
1291 } else {
1292 /* Network starves. */
1293 if (tp->packets_out > tp->snd_cwnd_used)
1294 tp->snd_cwnd_used = tp->packets_out;
1295
1296 if (sysctl_tcp_slow_start_after_idle &&
1297 (s32)(tcp_time_stamp - tp->snd_cwnd_stamp) >= inet_csk(sk)->icsk_rto)
1298 tcp_cwnd_application_limited(sk);
1299 }
1300}
1301
1302/* Returns the portion of skb which can be sent right away without
1303 * introducing MSS oddities to segment boundaries. In rare cases where
1304 * mss_now != mss_cache, we will request caller to create a small skb
1305 * per input skb which could be mostly avoided here (if desired).
1306 *
1307 * We explicitly want to create a request for splitting write queue tail
1308 * to a small skb for Nagle purposes while avoiding unnecessary modulos,
1309 * thus all the complexity (cwnd_len is always MSS multiple which we
1310 * return whenever allowed by the other factors). Basically we need the
1311 * modulo only when the receiver window alone is the limiting factor or
1312 * when we would be allowed to send the split-due-to-Nagle skb fully.
1313 */
1314static unsigned int tcp_mss_split_point(struct sock *sk, struct sk_buff *skb,
1315 unsigned int mss_now, unsigned int cwnd)
1316{
1317 struct tcp_sock *tp = tcp_sk(sk);
1318 u32 needed, window, cwnd_len;
1319
1320 window = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
1321 cwnd_len = mss_now * cwnd;
1322
1323 if (likely(cwnd_len <= window && skb != tcp_write_queue_tail(sk)))
1324 return cwnd_len;
1325
1326 needed = min(skb->len, window);
1327
1328 if (cwnd_len <= needed)
1329 return cwnd_len;
1330
1331 return needed - needed % mss_now;
1332}
1333
1334/* Can at least one segment of SKB be sent right now, according to the
1335 * congestion window rules? If so, return how many segments are allowed.
1336 */
1337static inline unsigned int tcp_cwnd_test(struct tcp_sock *tp,
1338 struct sk_buff *skb)
1339{
1340 u32 in_flight, cwnd;
1341
1342 /* Don't be strict about the congestion window for the final FIN. */
1343 if ((TCP_SKB_CB(skb)->flags & TCPHDR_FIN) && tcp_skb_pcount(skb) == 1)
1344 return 1;
1345
1346 in_flight = tcp_packets_in_flight(tp);
1347 cwnd = tp->snd_cwnd;
1348 if (in_flight < cwnd)
1349 return (cwnd - in_flight);
1350
1351 return 0;
1352}
1353
1354/* Initialize TSO state of a skb.
1355 * This must be invoked the first time we consider transmitting
1356 * SKB onto the wire.
1357 */
1358static int tcp_init_tso_segs(struct sock *sk, struct sk_buff *skb,
1359 unsigned int mss_now)
1360{
1361 int tso_segs = tcp_skb_pcount(skb);
1362
1363 if (!tso_segs || (tso_segs > 1 && tcp_skb_mss(skb) != mss_now)) {
1364 tcp_set_skb_tso_segs(sk, skb, mss_now);
1365 tso_segs = tcp_skb_pcount(skb);
1366 }
1367 return tso_segs;
1368}
1369
1370/* Minshall's variant of the Nagle send check. */
1371static inline int tcp_minshall_check(const struct tcp_sock *tp)
1372{
1373 return after(tp->snd_sml, tp->snd_una) &&
1374 !after(tp->snd_sml, tp->snd_nxt);
1375}
1376
1377/* Return 0, if packet can be sent now without violation Nagle's rules:
1378 * 1. It is full sized.
1379 * 2. Or it contains FIN. (already checked by caller)
1380 * 3. Or TCP_NODELAY was set.
1381 * 4. Or TCP_CORK is not set, and all sent packets are ACKed.
1382 * With Minshall's modification: all sent small packets are ACKed.
1383 */
1384static inline int tcp_nagle_check(const struct tcp_sock *tp,
1385 const struct sk_buff *skb,
1386 unsigned mss_now, int nonagle)
1387{
1388 return skb->len < mss_now &&
1389 ((nonagle & TCP_NAGLE_CORK) ||
1390 (!nonagle && tp->packets_out && tcp_minshall_check(tp)));
1391}
1392
1393/* Return non-zero if the Nagle test allows this packet to be
1394 * sent now.
1395 */
1396static inline int tcp_nagle_test(struct tcp_sock *tp, struct sk_buff *skb,
1397 unsigned int cur_mss, int nonagle)
1398{
1399 /* Nagle rule does not apply to frames, which sit in the middle of the
1400 * write_queue (they have no chances to get new data).
1401 *
1402 * This is implemented in the callers, where they modify the 'nonagle'
1403 * argument based upon the location of SKB in the send queue.
1404 */
1405 if (nonagle & TCP_NAGLE_PUSH)
1406 return 1;
1407
1408 /* Don't use the nagle rule for urgent data (or for the final FIN).
1409 * Nagle can be ignored during F-RTO too (see RFC4138).
1410 */
1411 if (tcp_urg_mode(tp) || (tp->frto_counter == 2) ||
1412 (TCP_SKB_CB(skb)->flags & TCPHDR_FIN))
1413 return 1;
1414
1415 if (!tcp_nagle_check(tp, skb, cur_mss, nonagle))
1416 return 1;
1417
1418 return 0;
1419}
1420
1421/* Does at least the first segment of SKB fit into the send window? */
1422static inline int tcp_snd_wnd_test(struct tcp_sock *tp, struct sk_buff *skb,
1423 unsigned int cur_mss)
1424{
1425 u32 end_seq = TCP_SKB_CB(skb)->end_seq;
1426
1427 if (skb->len > cur_mss)
1428 end_seq = TCP_SKB_CB(skb)->seq + cur_mss;
1429
1430 return !after(end_seq, tcp_wnd_end(tp));
1431}
1432
1433/* This checks if the data bearing packet SKB (usually tcp_send_head(sk))
1434 * should be put on the wire right now. If so, it returns the number of
1435 * packets allowed by the congestion window.
1436 */
1437static unsigned int tcp_snd_test(struct sock *sk, struct sk_buff *skb,
1438 unsigned int cur_mss, int nonagle)
1439{
1440 struct tcp_sock *tp = tcp_sk(sk);
1441 unsigned int cwnd_quota;
1442
1443 tcp_init_tso_segs(sk, skb, cur_mss);
1444
1445 if (!tcp_nagle_test(tp, skb, cur_mss, nonagle))
1446 return 0;
1447
1448 cwnd_quota = tcp_cwnd_test(tp, skb);
1449 if (cwnd_quota && !tcp_snd_wnd_test(tp, skb, cur_mss))
1450 cwnd_quota = 0;
1451
1452 return cwnd_quota;
1453}
1454
1455/* Test if sending is allowed right now. */
1456int tcp_may_send_now(struct sock *sk)
1457{
1458 struct tcp_sock *tp = tcp_sk(sk);
1459 struct sk_buff *skb = tcp_send_head(sk);
1460
1461 return skb &&
1462 tcp_snd_test(sk, skb, tcp_current_mss(sk),
1463 (tcp_skb_is_last(sk, skb) ?
1464 tp->nonagle : TCP_NAGLE_PUSH));
1465}
1466
1467/* Trim TSO SKB to LEN bytes, put the remaining data into a new packet
1468 * which is put after SKB on the list. It is very much like
1469 * tcp_fragment() except that it may make several kinds of assumptions
1470 * in order to speed up the splitting operation. In particular, we
1471 * know that all the data is in scatter-gather pages, and that the
1472 * packet has never been sent out before (and thus is not cloned).
1473 */
1474static int tso_fragment(struct sock *sk, struct sk_buff *skb, unsigned int len,
1475 unsigned int mss_now, gfp_t gfp)
1476{
1477 struct sk_buff *buff;
1478 int nlen = skb->len - len;
1479 u8 flags;
1480
1481 /* All of a TSO frame must be composed of paged data. */
1482 if (skb->len != skb->data_len)
1483 return tcp_fragment(sk, skb, len, mss_now);
1484
1485 buff = sk_stream_alloc_skb(sk, 0, gfp);
1486 if (unlikely(buff == NULL))
1487 return -ENOMEM;
1488
1489 sk->sk_wmem_queued += buff->truesize;
1490 sk_mem_charge(sk, buff->truesize);
1491 buff->truesize += nlen;
1492 skb->truesize -= nlen;
1493
1494 /* Correct the sequence numbers. */
1495 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len;
1496 TCP_SKB_CB(buff)->end_seq = TCP_SKB_CB(skb)->end_seq;
1497 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq;
1498
1499 /* PSH and FIN should only be set in the second packet. */
1500 flags = TCP_SKB_CB(skb)->flags;
1501 TCP_SKB_CB(skb)->flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH);
1502 TCP_SKB_CB(buff)->flags = flags;
1503
1504 /* This packet was never sent out yet, so no SACK bits. */
1505 TCP_SKB_CB(buff)->sacked = 0;
1506
1507 buff->ip_summed = skb->ip_summed = CHECKSUM_PARTIAL;
1508 skb_split(skb, buff, len);
1509
1510 /* Fix up tso_factor for both original and new SKB. */
1511 tcp_set_skb_tso_segs(sk, skb, mss_now);
1512 tcp_set_skb_tso_segs(sk, buff, mss_now);
1513
1514 /* Link BUFF into the send queue. */
1515 skb_header_release(buff);
1516 tcp_insert_write_queue_after(skb, buff, sk);
1517
1518 return 0;
1519}
1520
1521/* Try to defer sending, if possible, in order to minimize the amount
1522 * of TSO splitting we do. View it as a kind of TSO Nagle test.
1523 *
1524 * This algorithm is from John Heffner.
1525 */
1526static int tcp_tso_should_defer(struct sock *sk, struct sk_buff *skb)
1527{
1528 struct tcp_sock *tp = tcp_sk(sk);
1529 const struct inet_connection_sock *icsk = inet_csk(sk);
1530 u32 send_win, cong_win, limit, in_flight;
1531 int win_divisor;
1532
1533 if (TCP_SKB_CB(skb)->flags & TCPHDR_FIN)
1534 goto send_now;
1535
1536 if (icsk->icsk_ca_state != TCP_CA_Open)
1537 goto send_now;
1538
1539 /* Defer for less than two clock ticks. */
1540 if (tp->tso_deferred &&
1541 (((u32)jiffies << 1) >> 1) - (tp->tso_deferred >> 1) > 1)
1542 goto send_now;
1543
1544 in_flight = tcp_packets_in_flight(tp);
1545
1546 BUG_ON(tcp_skb_pcount(skb) <= 1 || (tp->snd_cwnd <= in_flight));
1547
1548 send_win = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
1549
1550 /* From in_flight test above, we know that cwnd > in_flight. */
1551 cong_win = (tp->snd_cwnd - in_flight) * tp->mss_cache;
1552
1553 limit = min(send_win, cong_win);
1554
1555 /* If a full-sized TSO skb can be sent, do it. */
1556 if (limit >= sk->sk_gso_max_size)
1557 goto send_now;
1558
1559 /* Middle in queue won't get any more data, full sendable already? */
1560 if ((skb != tcp_write_queue_tail(sk)) && (limit >= skb->len))
1561 goto send_now;
1562
1563 win_divisor = ACCESS_ONCE(sysctl_tcp_tso_win_divisor);
1564 if (win_divisor) {
1565 u32 chunk = min(tp->snd_wnd, tp->snd_cwnd * tp->mss_cache);
1566
1567 /* If at least some fraction of a window is available,
1568 * just use it.
1569 */
1570 chunk /= win_divisor;
1571 if (limit >= chunk)
1572 goto send_now;
1573 } else {
1574 /* Different approach, try not to defer past a single
1575 * ACK. Receiver should ACK every other full sized
1576 * frame, so if we have space for more than 3 frames
1577 * then send now.
1578 */
1579 if (limit > tcp_max_burst(tp) * tp->mss_cache)
1580 goto send_now;
1581 }
1582
1583 /* Ok, it looks like it is advisable to defer. */
1584 tp->tso_deferred = 1 | (jiffies << 1);
1585
1586 return 1;
1587
1588send_now:
1589 tp->tso_deferred = 0;
1590 return 0;
1591}
1592
1593/* Create a new MTU probe if we are ready.
1594 * MTU probe is regularly attempting to increase the path MTU by
1595 * deliberately sending larger packets. This discovers routing
1596 * changes resulting in larger path MTUs.
1597 *
1598 * Returns 0 if we should wait to probe (no cwnd available),
1599 * 1 if a probe was sent,
1600 * -1 otherwise
1601 */
1602static int tcp_mtu_probe(struct sock *sk)
1603{
1604 struct tcp_sock *tp = tcp_sk(sk);
1605 struct inet_connection_sock *icsk = inet_csk(sk);
1606 struct sk_buff *skb, *nskb, *next;
1607 int len;
1608 int probe_size;
1609 int size_needed;
1610 int copy;
1611 int mss_now;
1612
1613 /* Not currently probing/verifying,
1614 * not in recovery,
1615 * have enough cwnd, and
1616 * not SACKing (the variable headers throw things off) */
1617 if (!icsk->icsk_mtup.enabled ||
1618 icsk->icsk_mtup.probe_size ||
1619 inet_csk(sk)->icsk_ca_state != TCP_CA_Open ||
1620 tp->snd_cwnd < 11 ||
1621 tp->rx_opt.num_sacks || tp->rx_opt.dsack)
1622 return -1;
1623
1624 /* Very simple search strategy: just double the MSS. */
1625 mss_now = tcp_current_mss(sk);
1626 probe_size = 2 * tp->mss_cache;
1627 size_needed = probe_size + (tp->reordering + 1) * tp->mss_cache;
1628 if (probe_size > tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_high)) {
1629 /* TODO: set timer for probe_converge_event */
1630 return -1;
1631 }
1632
1633 /* Have enough data in the send queue to probe? */
1634 if (tp->write_seq - tp->snd_nxt < size_needed)
1635 return -1;
1636
1637 if (tp->snd_wnd < size_needed)
1638 return -1;
1639 if (after(tp->snd_nxt + size_needed, tcp_wnd_end(tp)))
1640 return 0;
1641
1642 /* Do we need to wait to drain cwnd? With none in flight, don't stall */
1643 if (tcp_packets_in_flight(tp) + 2 > tp->snd_cwnd) {
1644 if (!tcp_packets_in_flight(tp))
1645 return -1;
1646 else
1647 return 0;
1648 }
1649
1650 /* We're allowed to probe. Build it now. */
1651 if ((nskb = sk_stream_alloc_skb(sk, probe_size, GFP_ATOMIC)) == NULL)
1652 return -1;
1653 sk->sk_wmem_queued += nskb->truesize;
1654 sk_mem_charge(sk, nskb->truesize);
1655
1656 skb = tcp_send_head(sk);
1657
1658 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq;
1659 TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size;
1660 TCP_SKB_CB(nskb)->flags = TCPHDR_ACK;
1661 TCP_SKB_CB(nskb)->sacked = 0;
1662 nskb->csum = 0;
1663 nskb->ip_summed = skb->ip_summed;
1664
1665 tcp_insert_write_queue_before(nskb, skb, sk);
1666
1667 len = 0;
1668 tcp_for_write_queue_from_safe(skb, next, sk) {
1669 copy = min_t(int, skb->len, probe_size - len);
1670 if (nskb->ip_summed)
1671 skb_copy_bits(skb, 0, skb_put(nskb, copy), copy);
1672 else
1673 nskb->csum = skb_copy_and_csum_bits(skb, 0,
1674 skb_put(nskb, copy),
1675 copy, nskb->csum);
1676
1677 if (skb->len <= copy) {
1678 /* We've eaten all the data from this skb.
1679 * Throw it away. */
1680 TCP_SKB_CB(nskb)->flags |= TCP_SKB_CB(skb)->flags;
1681 tcp_unlink_write_queue(skb, sk);
1682 sk_wmem_free_skb(sk, skb);
1683 } else {
1684 TCP_SKB_CB(nskb)->flags |= TCP_SKB_CB(skb)->flags &
1685 ~(TCPHDR_FIN|TCPHDR_PSH);
1686 if (!skb_shinfo(skb)->nr_frags) {
1687 skb_pull(skb, copy);
1688 if (skb->ip_summed != CHECKSUM_PARTIAL)
1689 skb->csum = csum_partial(skb->data,
1690 skb->len, 0);
1691 } else {
1692 __pskb_trim_head(skb, copy);
1693 tcp_set_skb_tso_segs(sk, skb, mss_now);
1694 }
1695 TCP_SKB_CB(skb)->seq += copy;
1696 }
1697
1698 len += copy;
1699
1700 if (len >= probe_size)
1701 break;
1702 }
1703 tcp_init_tso_segs(sk, nskb, nskb->len);
1704
1705 /* We're ready to send. If this fails, the probe will
1706 * be resegmented into mss-sized pieces by tcp_write_xmit(). */
1707 TCP_SKB_CB(nskb)->when = tcp_time_stamp;
1708 if (!tcp_transmit_skb(sk, nskb, 1, GFP_ATOMIC)) {
1709 /* Decrement cwnd here because we are sending
1710 * effectively two packets. */
1711 tp->snd_cwnd--;
1712 tcp_event_new_data_sent(sk, nskb);
1713
1714 icsk->icsk_mtup.probe_size = tcp_mss_to_mtu(sk, nskb->len);
1715 tp->mtu_probe.probe_seq_start = TCP_SKB_CB(nskb)->seq;
1716 tp->mtu_probe.probe_seq_end = TCP_SKB_CB(nskb)->end_seq;
1717
1718 return 1;
1719 }
1720
1721 return -1;
1722}
1723
1724/* This routine writes packets to the network. It advances the
1725 * send_head. This happens as incoming acks open up the remote
1726 * window for us.
1727 *
1728 * LARGESEND note: !tcp_urg_mode is overkill, only frames between
1729 * snd_up-64k-mss .. snd_up cannot be large. However, taking into
1730 * account rare use of URG, this is not a big flaw.
1731 *
1732 * Returns 1, if no segments are in flight and we have queued segments, but
1733 * cannot send anything now because of SWS or another problem.
1734 */
1735static int tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
1736 int push_one, gfp_t gfp)
1737{
1738 struct tcp_sock *tp = tcp_sk(sk);
1739 struct sk_buff *skb;
1740 unsigned int tso_segs, sent_pkts;
1741 int cwnd_quota;
1742 int result;
1743
1744 sent_pkts = 0;
1745
1746 if (!push_one) {
1747 /* Do MTU probing. */
1748 result = tcp_mtu_probe(sk);
1749 if (!result) {
1750 return 0;
1751 } else if (result > 0) {
1752 sent_pkts = 1;
1753 }
1754 }
1755
1756 while ((skb = tcp_send_head(sk))) {
1757 unsigned int limit;
1758
1759 tso_segs = tcp_init_tso_segs(sk, skb, mss_now);
1760 BUG_ON(!tso_segs);
1761
1762 cwnd_quota = tcp_cwnd_test(tp, skb);
1763 if (!cwnd_quota)
1764 break;
1765
1766 if (unlikely(!tcp_snd_wnd_test(tp, skb, mss_now)))
1767 break;
1768
1769 if (tso_segs == 1) {
1770 if (unlikely(!tcp_nagle_test(tp, skb, mss_now,
1771 (tcp_skb_is_last(sk, skb) ?
1772 nonagle : TCP_NAGLE_PUSH))))
1773 break;
1774 } else {
1775 if (!push_one && tcp_tso_should_defer(sk, skb))
1776 break;
1777 }
1778
1779 limit = mss_now;
1780 if (tso_segs > 1 && !tcp_urg_mode(tp))
1781 limit = tcp_mss_split_point(sk, skb, mss_now,
1782 cwnd_quota);
1783
1784 if (skb->len > limit &&
1785 unlikely(tso_fragment(sk, skb, limit, mss_now, gfp)))
1786 break;
1787
1788 TCP_SKB_CB(skb)->when = tcp_time_stamp;
1789
1790 if (unlikely(tcp_transmit_skb(sk, skb, 1, gfp)))
1791 break;
1792
1793 /* Advance the send_head. This one is sent out.
1794 * This call will increment packets_out.
1795 */
1796 tcp_event_new_data_sent(sk, skb);
1797
1798 tcp_minshall_update(tp, mss_now, skb);
1799 sent_pkts++;
1800
1801 if (push_one)
1802 break;
1803 }
1804
1805 if (likely(sent_pkts)) {
1806 tcp_cwnd_validate(sk);
1807 return 0;
1808 }
1809 return !tp->packets_out && tcp_send_head(sk);
1810}
1811
1812/* Push out any pending frames which were held back due to
1813 * TCP_CORK or attempt at coalescing tiny packets.
1814 * The socket must be locked by the caller.
1815 */
1816void __tcp_push_pending_frames(struct sock *sk, unsigned int cur_mss,
1817 int nonagle)
1818{
1819 /* If we are closed, the bytes will have to remain here.
1820 * In time closedown will finish, we empty the write queue and
1821 * all will be happy.
1822 */
1823 if (unlikely(sk->sk_state == TCP_CLOSE))
1824 return;
1825
1826 if (tcp_write_xmit(sk, cur_mss, nonagle, 0, GFP_ATOMIC))
1827 tcp_check_probe_timer(sk);
1828}
1829
1830/* Send _single_ skb sitting at the send head. This function requires
1831 * true push pending frames to setup probe timer etc.
1832 */
1833void tcp_push_one(struct sock *sk, unsigned int mss_now)
1834{
1835 struct sk_buff *skb = tcp_send_head(sk);
1836
1837 BUG_ON(!skb || skb->len < mss_now);
1838
1839 tcp_write_xmit(sk, mss_now, TCP_NAGLE_PUSH, 1, sk->sk_allocation);
1840}
1841
1842/* This function returns the amount that we can raise the
1843 * usable window based on the following constraints
1844 *
1845 * 1. The window can never be shrunk once it is offered (RFC 793)
1846 * 2. We limit memory per socket
1847 *
1848 * RFC 1122:
1849 * "the suggested [SWS] avoidance algorithm for the receiver is to keep
1850 * RECV.NEXT + RCV.WIN fixed until:
1851 * RCV.BUFF - RCV.USER - RCV.WINDOW >= min(1/2 RCV.BUFF, MSS)"
1852 *
1853 * i.e. don't raise the right edge of the window until you can raise
1854 * it at least MSS bytes.
1855 *
1856 * Unfortunately, the recommended algorithm breaks header prediction,
1857 * since header prediction assumes th->window stays fixed.
1858 *
1859 * Strictly speaking, keeping th->window fixed violates the receiver
1860 * side SWS prevention criteria. The problem is that under this rule
1861 * a stream of single byte packets will cause the right side of the
1862 * window to always advance by a single byte.
1863 *
1864 * Of course, if the sender implements sender side SWS prevention
1865 * then this will not be a problem.
1866 *
1867 * BSD seems to make the following compromise:
1868 *
1869 * If the free space is less than the 1/4 of the maximum
1870 * space available and the free space is less than 1/2 mss,
1871 * then set the window to 0.
1872 * [ Actually, bsd uses MSS and 1/4 of maximal _window_ ]
1873 * Otherwise, just prevent the window from shrinking
1874 * and from being larger than the largest representable value.
1875 *
1876 * This prevents incremental opening of the window in the regime
1877 * where TCP is limited by the speed of the reader side taking
1878 * data out of the TCP receive queue. It does nothing about
1879 * those cases where the window is constrained on the sender side
1880 * because the pipeline is full.
1881 *
1882 * BSD also seems to "accidentally" limit itself to windows that are a
1883 * multiple of MSS, at least until the free space gets quite small.
1884 * This would appear to be a side effect of the mbuf implementation.
1885 * Combining these two algorithms results in the observed behavior
1886 * of having a fixed window size at almost all times.
1887 *
1888 * Below we obtain similar behavior by forcing the offered window to
1889 * a multiple of the mss when it is feasible to do so.
1890 *
1891 * Note, we don't "adjust" for TIMESTAMP or SACK option bytes.
1892 * Regular options like TIMESTAMP are taken into account.
1893 */
1894u32 __tcp_select_window(struct sock *sk)
1895{
1896 struct inet_connection_sock *icsk = inet_csk(sk);
1897 struct tcp_sock *tp = tcp_sk(sk);
1898 /* MSS for the peer's data. Previous versions used mss_clamp
1899 * here. I don't know if the value based on our guesses
1900 * of peer's MSS is better for the performance. It's more correct
1901 * but may be worse for the performance because of rcv_mss
1902 * fluctuations. --SAW 1998/11/1
1903 */
1904 int mss = icsk->icsk_ack.rcv_mss;
1905 int free_space = tcp_space(sk);
1906 int full_space = min_t(int, tp->window_clamp, tcp_full_space(sk));
1907 int window;
1908
1909 if (mss > full_space)
1910 mss = full_space;
1911
1912 if (free_space < (full_space >> 1)) {
1913 icsk->icsk_ack.quick = 0;
1914
1915 if (tcp_memory_pressure)
1916 tp->rcv_ssthresh = min(tp->rcv_ssthresh,
1917 4U * tp->advmss);
1918
1919 if (free_space < mss)
1920 return 0;
1921 }
1922
1923 if (free_space > tp->rcv_ssthresh)
1924 free_space = tp->rcv_ssthresh;
1925
1926 /* Don't do rounding if we are using window scaling, since the
1927 * scaled window will not line up with the MSS boundary anyway.
1928 */
1929 window = tp->rcv_wnd;
1930 if (tp->rx_opt.rcv_wscale) {
1931 window = free_space;
1932
1933 /* Advertise enough space so that it won't get scaled away.
1934 * Import case: prevent zero window announcement if
1935 * 1<<rcv_wscale > mss.
1936 */
1937 if (((window >> tp->rx_opt.rcv_wscale) << tp->rx_opt.rcv_wscale) != window)
1938 window = (((window >> tp->rx_opt.rcv_wscale) + 1)
1939 << tp->rx_opt.rcv_wscale);
1940 } else {
1941 /* Get the largest window that is a nice multiple of mss.
1942 * Window clamp already applied above.
1943 * If our current window offering is within 1 mss of the
1944 * free space we just keep it. This prevents the divide
1945 * and multiply from happening most of the time.
1946 * We also don't do any window rounding when the free space
1947 * is too small.
1948 */
1949 if (window <= free_space - mss || window > free_space)
1950 window = (free_space / mss) * mss;
1951 else if (mss == full_space &&
1952 free_space > window + (full_space >> 1))
1953 window = free_space;
1954 }
1955
1956 return window;
1957}
1958
1959/* Collapses two adjacent SKB's during retransmission. */
1960static void tcp_collapse_retrans(struct sock *sk, struct sk_buff *skb)
1961{
1962 struct tcp_sock *tp = tcp_sk(sk);
1963 struct sk_buff *next_skb = tcp_write_queue_next(sk, skb);
1964 int skb_size, next_skb_size;
1965
1966 skb_size = skb->len;
1967 next_skb_size = next_skb->len;
1968
1969 BUG_ON(tcp_skb_pcount(skb) != 1 || tcp_skb_pcount(next_skb) != 1);
1970
1971 tcp_highest_sack_combine(sk, next_skb, skb);
1972
1973 tcp_unlink_write_queue(next_skb, sk);
1974
1975 skb_copy_from_linear_data(next_skb, skb_put(skb, next_skb_size),
1976 next_skb_size);
1977
1978 if (next_skb->ip_summed == CHECKSUM_PARTIAL)
1979 skb->ip_summed = CHECKSUM_PARTIAL;
1980
1981 if (skb->ip_summed != CHECKSUM_PARTIAL)
1982 skb->csum = csum_block_add(skb->csum, next_skb->csum, skb_size);
1983
1984 /* Update sequence range on original skb. */
1985 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(next_skb)->end_seq;
1986
1987 /* Merge over control information. This moves PSH/FIN etc. over */
1988 TCP_SKB_CB(skb)->flags |= TCP_SKB_CB(next_skb)->flags;
1989
1990 /* All done, get rid of second SKB and account for it so
1991 * packet counting does not break.
1992 */
1993 TCP_SKB_CB(skb)->sacked |= TCP_SKB_CB(next_skb)->sacked & TCPCB_EVER_RETRANS;
1994
1995 /* changed transmit queue under us so clear hints */
1996 tcp_clear_retrans_hints_partial(tp);
1997 if (next_skb == tp->retransmit_skb_hint)
1998 tp->retransmit_skb_hint = skb;
1999
2000 tcp_adjust_pcount(sk, next_skb, tcp_skb_pcount(next_skb));
2001
2002 sk_wmem_free_skb(sk, next_skb);
2003}
2004
2005/* Check if coalescing SKBs is legal. */
2006static int tcp_can_collapse(struct sock *sk, struct sk_buff *skb)
2007{
2008 if (tcp_skb_pcount(skb) > 1)
2009 return 0;
2010 /* TODO: SACK collapsing could be used to remove this condition */
2011 if (skb_shinfo(skb)->nr_frags != 0)
2012 return 0;
2013 if (skb_cloned(skb))
2014 return 0;
2015 if (skb == tcp_send_head(sk))
2016 return 0;
2017 /* Some heurestics for collapsing over SACK'd could be invented */
2018 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)
2019 return 0;
2020
2021 return 1;
2022}
2023
2024/* Collapse packets in the retransmit queue to make to create
2025 * less packets on the wire. This is only done on retransmission.
2026 */
2027static void tcp_retrans_try_collapse(struct sock *sk, struct sk_buff *to,
2028 int space)
2029{
2030 struct tcp_sock *tp = tcp_sk(sk);
2031 struct sk_buff *skb = to, *tmp;
2032 int first = 1;
2033
2034 if (!sysctl_tcp_retrans_collapse)
2035 return;
2036 if (TCP_SKB_CB(skb)->flags & TCPHDR_SYN)
2037 return;
2038
2039 tcp_for_write_queue_from_safe(skb, tmp, sk) {
2040 if (!tcp_can_collapse(sk, skb))
2041 break;
2042
2043 space -= skb->len;
2044
2045 if (first) {
2046 first = 0;
2047 continue;
2048 }
2049
2050 if (space < 0)
2051 break;
2052 /* Punt if not enough space exists in the first SKB for
2053 * the data in the second
2054 */
2055 if (skb->len > skb_tailroom(to))
2056 break;
2057
2058 if (after(TCP_SKB_CB(skb)->end_seq, tcp_wnd_end(tp)))
2059 break;
2060
2061 tcp_collapse_retrans(sk, to);
2062 }
2063}
2064
2065/* This retransmits one SKB. Policy decisions and retransmit queue
2066 * state updates are done by the caller. Returns non-zero if an
2067 * error occurred which prevented the send.
2068 */
2069int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
2070{
2071 struct tcp_sock *tp = tcp_sk(sk);
2072 struct inet_connection_sock *icsk = inet_csk(sk);
2073 unsigned int cur_mss;
2074 int err;
2075
2076 /* Inconslusive MTU probe */
2077 if (icsk->icsk_mtup.probe_size) {
2078 icsk->icsk_mtup.probe_size = 0;
2079 }
2080
2081 /* Do not sent more than we queued. 1/4 is reserved for possible
2082 * copying overhead: fragmentation, tunneling, mangling etc.
2083 */
2084 if (atomic_read(&sk->sk_wmem_alloc) >
2085 min(sk->sk_wmem_queued + (sk->sk_wmem_queued >> 2), sk->sk_sndbuf))
2086 return -EAGAIN;
2087
2088 if (before(TCP_SKB_CB(skb)->seq, tp->snd_una)) {
2089 if (before(TCP_SKB_CB(skb)->end_seq, tp->snd_una))
2090 BUG();
2091 if (tcp_trim_head(sk, skb, tp->snd_una - TCP_SKB_CB(skb)->seq))
2092 return -ENOMEM;
2093 }
2094
2095 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk))
2096 return -EHOSTUNREACH; /* Routing failure or similar. */
2097
2098 cur_mss = tcp_current_mss(sk);
2099
2100 /* If receiver has shrunk his window, and skb is out of
2101 * new window, do not retransmit it. The exception is the
2102 * case, when window is shrunk to zero. In this case
2103 * our retransmit serves as a zero window probe.
2104 */
2105 if (!before(TCP_SKB_CB(skb)->seq, tcp_wnd_end(tp)) &&
2106 TCP_SKB_CB(skb)->seq != tp->snd_una)
2107 return -EAGAIN;
2108
2109 if (skb->len > cur_mss) {
2110 if (tcp_fragment(sk, skb, cur_mss, cur_mss))
2111 return -ENOMEM; /* We'll try again later. */
2112 } else {
2113 int oldpcount = tcp_skb_pcount(skb);
2114
2115 if (unlikely(oldpcount > 1)) {
2116 tcp_init_tso_segs(sk, skb, cur_mss);
2117 tcp_adjust_pcount(sk, skb, oldpcount - tcp_skb_pcount(skb));
2118 }
2119 }
2120
2121 tcp_retrans_try_collapse(sk, skb, cur_mss);
2122
2123 /* Some Solaris stacks overoptimize and ignore the FIN on a
2124 * retransmit when old data is attached. So strip it off
2125 * since it is cheap to do so and saves bytes on the network.
2126 */
2127 if (skb->len > 0 &&
2128 (TCP_SKB_CB(skb)->flags & TCPHDR_FIN) &&
2129 tp->snd_una == (TCP_SKB_CB(skb)->end_seq - 1)) {
2130 if (!pskb_trim(skb, 0)) {
2131 /* Reuse, even though it does some unnecessary work */
2132 tcp_init_nondata_skb(skb, TCP_SKB_CB(skb)->end_seq - 1,
2133 TCP_SKB_CB(skb)->flags);
2134 skb->ip_summed = CHECKSUM_NONE;
2135 }
2136 }
2137
2138 /* Make a copy, if the first transmission SKB clone we made
2139 * is still in somebody's hands, else make a clone.
2140 */
2141 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2142
2143 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
2144
2145 if (err == 0) {
2146 /* Update global TCP statistics. */
2147 TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS);
2148
2149 tp->total_retrans++;
2150
2151#if FASTRETRANS_DEBUG > 0
2152 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS) {
2153 if (net_ratelimit())
2154 printk(KERN_DEBUG "retrans_out leaked.\n");
2155 }
2156#endif
2157 if (!tp->retrans_out)
2158 tp->lost_retrans_low = tp->snd_nxt;
2159 TCP_SKB_CB(skb)->sacked |= TCPCB_RETRANS;
2160 tp->retrans_out += tcp_skb_pcount(skb);
2161
2162 /* Save stamp of the first retransmit. */
2163 if (!tp->retrans_stamp)
2164 tp->retrans_stamp = TCP_SKB_CB(skb)->when;
2165
2166 tp->undo_retrans += tcp_skb_pcount(skb);
2167
2168 /* snd_nxt is stored to detect loss of retransmitted segment,
2169 * see tcp_input.c tcp_sacktag_write_queue().
2170 */
2171 TCP_SKB_CB(skb)->ack_seq = tp->snd_nxt;
2172 }
2173 return err;
2174}
2175
2176/* Check if we forward retransmits are possible in the current
2177 * window/congestion state.
2178 */
2179static int tcp_can_forward_retransmit(struct sock *sk)
2180{
2181 const struct inet_connection_sock *icsk = inet_csk(sk);
2182 struct tcp_sock *tp = tcp_sk(sk);
2183
2184 /* Forward retransmissions are possible only during Recovery. */
2185 if (icsk->icsk_ca_state != TCP_CA_Recovery)
2186 return 0;
2187
2188 /* No forward retransmissions in Reno are possible. */
2189 if (tcp_is_reno(tp))
2190 return 0;
2191
2192 /* Yeah, we have to make difficult choice between forward transmission
2193 * and retransmission... Both ways have their merits...
2194 *
2195 * For now we do not retransmit anything, while we have some new
2196 * segments to send. In the other cases, follow rule 3 for
2197 * NextSeg() specified in RFC3517.
2198 */
2199
2200 if (tcp_may_send_now(sk))
2201 return 0;
2202
2203 return 1;
2204}
2205
2206/* This gets called after a retransmit timeout, and the initially
2207 * retransmitted data is acknowledged. It tries to continue
2208 * resending the rest of the retransmit queue, until either
2209 * we've sent it all or the congestion window limit is reached.
2210 * If doing SACK, the first ACK which comes back for a timeout
2211 * based retransmit packet might feed us FACK information again.
2212 * If so, we use it to avoid unnecessarily retransmissions.
2213 */
2214void tcp_xmit_retransmit_queue(struct sock *sk)
2215{
2216 const struct inet_connection_sock *icsk = inet_csk(sk);
2217 struct tcp_sock *tp = tcp_sk(sk);
2218 struct sk_buff *skb;
2219 struct sk_buff *hole = NULL;
2220 u32 last_lost;
2221 int mib_idx;
2222 int fwd_rexmitting = 0;
2223
2224 if (!tp->packets_out)
2225 return;
2226
2227 if (!tp->lost_out)
2228 tp->retransmit_high = tp->snd_una;
2229
2230 if (tp->retransmit_skb_hint) {
2231 skb = tp->retransmit_skb_hint;
2232 last_lost = TCP_SKB_CB(skb)->end_seq;
2233 if (after(last_lost, tp->retransmit_high))
2234 last_lost = tp->retransmit_high;
2235 } else {
2236 skb = tcp_write_queue_head(sk);
2237 last_lost = tp->snd_una;
2238 }
2239
2240 tcp_for_write_queue_from(skb, sk) {
2241 __u8 sacked = TCP_SKB_CB(skb)->sacked;
2242
2243 if (skb == tcp_send_head(sk))
2244 break;
2245 /* we could do better than to assign each time */
2246 if (hole == NULL)
2247 tp->retransmit_skb_hint = skb;
2248
2249 /* Assume this retransmit will generate
2250 * only one packet for congestion window
2251 * calculation purposes. This works because
2252 * tcp_retransmit_skb() will chop up the
2253 * packet to be MSS sized and all the
2254 * packet counting works out.
2255 */
2256 if (tcp_packets_in_flight(tp) >= tp->snd_cwnd)
2257 return;
2258
2259 if (fwd_rexmitting) {
2260begin_fwd:
2261 if (!before(TCP_SKB_CB(skb)->seq, tcp_highest_sack_seq(tp)))
2262 break;
2263 mib_idx = LINUX_MIB_TCPFORWARDRETRANS;
2264
2265 } else if (!before(TCP_SKB_CB(skb)->seq, tp->retransmit_high)) {
2266 tp->retransmit_high = last_lost;
2267 if (!tcp_can_forward_retransmit(sk))
2268 break;
2269 /* Backtrack if necessary to non-L'ed skb */
2270 if (hole != NULL) {
2271 skb = hole;
2272 hole = NULL;
2273 }
2274 fwd_rexmitting = 1;
2275 goto begin_fwd;
2276
2277 } else if (!(sacked & TCPCB_LOST)) {
2278 if (hole == NULL && !(sacked & (TCPCB_SACKED_RETRANS|TCPCB_SACKED_ACKED)))
2279 hole = skb;
2280 continue;
2281
2282 } else {
2283 last_lost = TCP_SKB_CB(skb)->end_seq;
2284 if (icsk->icsk_ca_state != TCP_CA_Loss)
2285 mib_idx = LINUX_MIB_TCPFASTRETRANS;
2286 else
2287 mib_idx = LINUX_MIB_TCPSLOWSTARTRETRANS;
2288 }
2289
2290 if (sacked & (TCPCB_SACKED_ACKED|TCPCB_SACKED_RETRANS))
2291 continue;
2292
2293 if (tcp_retransmit_skb(sk, skb))
2294 return;
2295 NET_INC_STATS_BH(sock_net(sk), mib_idx);
2296
2297 if (skb == tcp_write_queue_head(sk))
2298 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
2299 inet_csk(sk)->icsk_rto,
2300 TCP_RTO_MAX);
2301 }
2302}
2303
2304/* Send a fin. The caller locks the socket for us. This cannot be
2305 * allowed to fail queueing a FIN frame under any circumstances.
2306 */
2307void tcp_send_fin(struct sock *sk)
2308{
2309 struct tcp_sock *tp = tcp_sk(sk);
2310 struct sk_buff *skb = tcp_write_queue_tail(sk);
2311 int mss_now;
2312
2313 /* Optimization, tack on the FIN if we have a queue of
2314 * unsent frames. But be careful about outgoing SACKS
2315 * and IP options.
2316 */
2317 mss_now = tcp_current_mss(sk);
2318
2319 if (tcp_send_head(sk) != NULL) {
2320 TCP_SKB_CB(skb)->flags |= TCPHDR_FIN;
2321 TCP_SKB_CB(skb)->end_seq++;
2322 tp->write_seq++;
2323 } else {
2324 /* Socket is locked, keep trying until memory is available. */
2325 for (;;) {
2326 skb = alloc_skb_fclone(MAX_TCP_HEADER,
2327 sk->sk_allocation);
2328 if (skb)
2329 break;
2330 yield();
2331 }
2332
2333 /* Reserve space for headers and prepare control bits. */
2334 skb_reserve(skb, MAX_TCP_HEADER);
2335 /* FIN eats a sequence byte, write_seq advanced by tcp_queue_skb(). */
2336 tcp_init_nondata_skb(skb, tp->write_seq,
2337 TCPHDR_ACK | TCPHDR_FIN);
2338 tcp_queue_skb(sk, skb);
2339 }
2340 __tcp_push_pending_frames(sk, mss_now, TCP_NAGLE_OFF);
2341}
2342
2343/* We get here when a process closes a file descriptor (either due to
2344 * an explicit close() or as a byproduct of exit()'ing) and there
2345 * was unread data in the receive queue. This behavior is recommended
2346 * by RFC 2525, section 2.17. -DaveM
2347 */
2348void tcp_send_active_reset(struct sock *sk, gfp_t priority)
2349{
2350 struct sk_buff *skb;
2351
2352 /* NOTE: No TCP options attached and we never retransmit this. */
2353 skb = alloc_skb(MAX_TCP_HEADER, priority);
2354 if (!skb) {
2355 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED);
2356 return;
2357 }
2358
2359 /* Reserve space for headers and prepare control bits. */
2360 skb_reserve(skb, MAX_TCP_HEADER);
2361 tcp_init_nondata_skb(skb, tcp_acceptable_seq(sk),
2362 TCPHDR_ACK | TCPHDR_RST);
2363 /* Send it off. */
2364 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2365 if (tcp_transmit_skb(sk, skb, 0, priority))
2366 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED);
2367
2368 TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTRSTS);
2369}
2370
2371/* Send a crossed SYN-ACK during socket establishment.
2372 * WARNING: This routine must only be called when we have already sent
2373 * a SYN packet that crossed the incoming SYN that caused this routine
2374 * to get called. If this assumption fails then the initial rcv_wnd
2375 * and rcv_wscale values will not be correct.
2376 */
2377int tcp_send_synack(struct sock *sk)
2378{
2379 struct sk_buff *skb;
2380
2381 skb = tcp_write_queue_head(sk);
2382 if (skb == NULL || !(TCP_SKB_CB(skb)->flags & TCPHDR_SYN)) {
2383 printk(KERN_DEBUG "tcp_send_synack: wrong queue state\n");
2384 return -EFAULT;
2385 }
2386 if (!(TCP_SKB_CB(skb)->flags & TCPHDR_ACK)) {
2387 if (skb_cloned(skb)) {
2388 struct sk_buff *nskb = skb_copy(skb, GFP_ATOMIC);
2389 if (nskb == NULL)
2390 return -ENOMEM;
2391 tcp_unlink_write_queue(skb, sk);
2392 skb_header_release(nskb);
2393 __tcp_add_write_queue_head(sk, nskb);
2394 sk_wmem_free_skb(sk, skb);
2395 sk->sk_wmem_queued += nskb->truesize;
2396 sk_mem_charge(sk, nskb->truesize);
2397 skb = nskb;
2398 }
2399
2400 TCP_SKB_CB(skb)->flags |= TCPHDR_ACK;
2401 TCP_ECN_send_synack(tcp_sk(sk), skb);
2402 }
2403 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2404 return tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
2405}
2406
2407/* Prepare a SYN-ACK. */
2408struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2409 struct request_sock *req,
2410 struct request_values *rvp)
2411{
2412 struct tcp_out_options opts;
2413 struct tcp_extend_values *xvp = tcp_xv(rvp);
2414 struct inet_request_sock *ireq = inet_rsk(req);
2415 struct tcp_sock *tp = tcp_sk(sk);
2416 const struct tcp_cookie_values *cvp = tp->cookie_values;
2417 struct tcphdr *th;
2418 struct sk_buff *skb;
2419 struct tcp_md5sig_key *md5;
2420 int tcp_header_size;
2421 int mss;
2422 int s_data_desired = 0;
2423
2424 if (cvp != NULL && cvp->s_data_constant && cvp->s_data_desired)
2425 s_data_desired = cvp->s_data_desired;
2426 skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15 + s_data_desired, 1, GFP_ATOMIC);
2427 if (skb == NULL)
2428 return NULL;
2429
2430 /* Reserve space for headers. */
2431 skb_reserve(skb, MAX_TCP_HEADER);
2432
2433 skb_dst_set(skb, dst_clone(dst));
2434
2435 mss = dst_metric_advmss(dst);
2436 if (tp->rx_opt.user_mss && tp->rx_opt.user_mss < mss)
2437 mss = tp->rx_opt.user_mss;
2438
2439 if (req->rcv_wnd == 0) { /* ignored for retransmitted syns */
2440 __u8 rcv_wscale;
2441 /* Set this up on the first call only */
2442 req->window_clamp = tp->window_clamp ? : dst_metric(dst, RTAX_WINDOW);
2443
2444 /* limit the window selection if the user enforce a smaller rx buffer */
2445 if (sk->sk_userlocks & SOCK_RCVBUF_LOCK &&
2446 (req->window_clamp > tcp_full_space(sk) || req->window_clamp == 0))
2447 req->window_clamp = tcp_full_space(sk);
2448
2449 /* tcp_full_space because it is guaranteed to be the first packet */
2450 tcp_select_initial_window(tcp_full_space(sk),
2451 mss - (ireq->tstamp_ok ? TCPOLEN_TSTAMP_ALIGNED : 0),
2452 &req->rcv_wnd,
2453 &req->window_clamp,
2454 ireq->wscale_ok,
2455 &rcv_wscale,
2456 dst_metric(dst, RTAX_INITRWND));
2457 ireq->rcv_wscale = rcv_wscale;
2458 }
2459
2460 memset(&opts, 0, sizeof(opts));
2461#ifdef CONFIG_SYN_COOKIES
2462 if (unlikely(req->cookie_ts))
2463 TCP_SKB_CB(skb)->when = cookie_init_timestamp(req);
2464 else
2465#endif
2466 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2467 tcp_header_size = tcp_synack_options(sk, req, mss,
2468 skb, &opts, &md5, xvp)
2469 + sizeof(*th);
2470
2471 skb_push(skb, tcp_header_size);
2472 skb_reset_transport_header(skb);
2473
2474 th = tcp_hdr(skb);
2475 memset(th, 0, sizeof(struct tcphdr));
2476 th->syn = 1;
2477 th->ack = 1;
2478 TCP_ECN_make_synack(req, th);
2479 th->source = ireq->loc_port;
2480 th->dest = ireq->rmt_port;
2481 /* Setting of flags are superfluous here for callers (and ECE is
2482 * not even correctly set)
2483 */
2484 tcp_init_nondata_skb(skb, tcp_rsk(req)->snt_isn,
2485 TCPHDR_SYN | TCPHDR_ACK);
2486
2487 if (OPTION_COOKIE_EXTENSION & opts.options) {
2488 if (s_data_desired) {
2489 u8 *buf = skb_put(skb, s_data_desired);
2490
2491 /* copy data directly from the listening socket. */
2492 memcpy(buf, cvp->s_data_payload, s_data_desired);
2493 TCP_SKB_CB(skb)->end_seq += s_data_desired;
2494 }
2495
2496 if (opts.hash_size > 0) {
2497 __u32 workspace[SHA_WORKSPACE_WORDS];
2498 u32 *mess = &xvp->cookie_bakery[COOKIE_DIGEST_WORDS];
2499 u32 *tail = &mess[COOKIE_MESSAGE_WORDS-1];
2500
2501 /* Secret recipe depends on the Timestamp, (future)
2502 * Sequence and Acknowledgment Numbers, Initiator
2503 * Cookie, and others handled by IP variant caller.
2504 */
2505 *tail-- ^= opts.tsval;
2506 *tail-- ^= tcp_rsk(req)->rcv_isn + 1;
2507 *tail-- ^= TCP_SKB_CB(skb)->seq + 1;
2508
2509 /* recommended */
2510 *tail-- ^= (((__force u32)th->dest << 16) | (__force u32)th->source);
2511 *tail-- ^= (u32)(unsigned long)cvp; /* per sockopt */
2512
2513 sha_transform((__u32 *)&xvp->cookie_bakery[0],
2514 (char *)mess,
2515 &workspace[0]);
2516 opts.hash_location =
2517 (__u8 *)&xvp->cookie_bakery[0];
2518 }
2519 }
2520
2521 th->seq = htonl(TCP_SKB_CB(skb)->seq);
2522 th->ack_seq = htonl(tcp_rsk(req)->rcv_isn + 1);
2523
2524 /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */
2525 th->window = htons(min(req->rcv_wnd, 65535U));
2526 tcp_options_write((__be32 *)(th + 1), tp, &opts);
2527 th->doff = (tcp_header_size >> 2);
2528 TCP_ADD_STATS(sock_net(sk), TCP_MIB_OUTSEGS, tcp_skb_pcount(skb));
2529
2530#ifdef CONFIG_TCP_MD5SIG
2531 /* Okay, we have all we need - do the md5 hash if needed */
2532 if (md5) {
2533 tcp_rsk(req)->af_specific->calc_md5_hash(opts.hash_location,
2534 md5, NULL, req, skb);
2535 }
2536#endif
2537
2538 return skb;
2539}
2540EXPORT_SYMBOL(tcp_make_synack);
2541
2542/* Do all connect socket setups that can be done AF independent. */
2543static void tcp_connect_init(struct sock *sk)
2544{
2545 struct dst_entry *dst = __sk_dst_get(sk);
2546 struct tcp_sock *tp = tcp_sk(sk);
2547 __u8 rcv_wscale;
2548
2549 /* We'll fix this up when we get a response from the other end.
2550 * See tcp_input.c:tcp_rcv_state_process case TCP_SYN_SENT.
2551 */
2552 tp->tcp_header_len = sizeof(struct tcphdr) +
2553 (sysctl_tcp_timestamps ? TCPOLEN_TSTAMP_ALIGNED : 0);
2554
2555#ifdef CONFIG_TCP_MD5SIG
2556 if (tp->af_specific->md5_lookup(sk, sk) != NULL)
2557 tp->tcp_header_len += TCPOLEN_MD5SIG_ALIGNED;
2558#endif
2559
2560 /* If user gave his TCP_MAXSEG, record it to clamp */
2561 if (tp->rx_opt.user_mss)
2562 tp->rx_opt.mss_clamp = tp->rx_opt.user_mss;
2563 tp->max_window = 0;
2564 tcp_mtup_init(sk);
2565 tcp_sync_mss(sk, dst_mtu(dst));
2566
2567 if (!tp->window_clamp)
2568 tp->window_clamp = dst_metric(dst, RTAX_WINDOW);
2569 tp->advmss = dst_metric_advmss(dst);
2570 if (tp->rx_opt.user_mss && tp->rx_opt.user_mss < tp->advmss)
2571 tp->advmss = tp->rx_opt.user_mss;
2572
2573 tcp_initialize_rcv_mss(sk);
2574
2575 /* limit the window selection if the user enforce a smaller rx buffer */
2576 if (sk->sk_userlocks & SOCK_RCVBUF_LOCK &&
2577 (tp->window_clamp > tcp_full_space(sk) || tp->window_clamp == 0))
2578 tp->window_clamp = tcp_full_space(sk);
2579
2580 tcp_select_initial_window(tcp_full_space(sk),
2581 tp->advmss - (tp->rx_opt.ts_recent_stamp ? tp->tcp_header_len - sizeof(struct tcphdr) : 0),
2582 &tp->rcv_wnd,
2583 &tp->window_clamp,
2584 sysctl_tcp_window_scaling,
2585 &rcv_wscale,
2586 dst_metric(dst, RTAX_INITRWND));
2587
2588 tp->rx_opt.rcv_wscale = rcv_wscale;
2589 tp->rcv_ssthresh = tp->rcv_wnd;
2590
2591 sk->sk_err = 0;
2592 sock_reset_flag(sk, SOCK_DONE);
2593 tp->snd_wnd = 0;
2594 tcp_init_wl(tp, 0);
2595 tp->snd_una = tp->write_seq;
2596 tp->snd_sml = tp->write_seq;
2597 tp->snd_up = tp->write_seq;
2598 tp->rcv_nxt = 0;
2599 tp->rcv_wup = 0;
2600 tp->copied_seq = 0;
2601
2602 inet_csk(sk)->icsk_rto = TCP_TIMEOUT_INIT;
2603 inet_csk(sk)->icsk_retransmits = 0;
2604 tcp_clear_retrans(tp);
2605}
2606
2607/* Build a SYN and send it off. */
2608int tcp_connect(struct sock *sk)
2609{
2610 struct tcp_sock *tp = tcp_sk(sk);
2611 struct sk_buff *buff;
2612 int err;
2613
2614 tcp_connect_init(sk);
2615
2616 buff = alloc_skb_fclone(MAX_TCP_HEADER + 15, sk->sk_allocation);
2617 if (unlikely(buff == NULL))
2618 return -ENOBUFS;
2619
2620 /* Reserve space for headers. */
2621 skb_reserve(buff, MAX_TCP_HEADER);
2622
2623 tp->snd_nxt = tp->write_seq;
2624 tcp_init_nondata_skb(buff, tp->write_seq++, TCPHDR_SYN);
2625 TCP_ECN_send_syn(sk, buff);
2626
2627 /* Send it off. */
2628 TCP_SKB_CB(buff)->when = tcp_time_stamp;
2629 tp->retrans_stamp = TCP_SKB_CB(buff)->when;
2630 skb_header_release(buff);
2631 __tcp_add_write_queue_tail(sk, buff);
2632 sk->sk_wmem_queued += buff->truesize;
2633 sk_mem_charge(sk, buff->truesize);
2634 tp->packets_out += tcp_skb_pcount(buff);
2635 err = tcp_transmit_skb(sk, buff, 1, sk->sk_allocation);
2636 if (err == -ECONNREFUSED)
2637 return err;
2638
2639 /* We change tp->snd_nxt after the tcp_transmit_skb() call
2640 * in order to make this packet get counted in tcpOutSegs.
2641 */
2642 tp->snd_nxt = tp->write_seq;
2643 tp->pushed_seq = tp->write_seq;
2644 TCP_INC_STATS(sock_net(sk), TCP_MIB_ACTIVEOPENS);
2645
2646 /* Timer for repeating the SYN until an answer. */
2647 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
2648 inet_csk(sk)->icsk_rto, TCP_RTO_MAX);
2649 return 0;
2650}
2651EXPORT_SYMBOL(tcp_connect);
2652
2653/* Send out a delayed ack, the caller does the policy checking
2654 * to see if we should even be here. See tcp_input.c:tcp_ack_snd_check()
2655 * for details.
2656 */
2657void tcp_send_delayed_ack(struct sock *sk)
2658{
2659 struct inet_connection_sock *icsk = inet_csk(sk);
2660 int ato = icsk->icsk_ack.ato;
2661 unsigned long timeout;
2662
2663 if (ato > TCP_DELACK_MIN) {
2664 const struct tcp_sock *tp = tcp_sk(sk);
2665 int max_ato = HZ / 2;
2666
2667 if (icsk->icsk_ack.pingpong ||
2668 (icsk->icsk_ack.pending & ICSK_ACK_PUSHED))
2669 max_ato = TCP_DELACK_MAX;
2670
2671 /* Slow path, intersegment interval is "high". */
2672
2673 /* If some rtt estimate is known, use it to bound delayed ack.
2674 * Do not use inet_csk(sk)->icsk_rto here, use results of rtt measurements
2675 * directly.
2676 */
2677 if (tp->srtt) {
2678 int rtt = max(tp->srtt >> 3, TCP_DELACK_MIN);
2679
2680 if (rtt < max_ato)
2681 max_ato = rtt;
2682 }
2683
2684 ato = min(ato, max_ato);
2685 }
2686
2687 /* Stay within the limit we were given */
2688 timeout = jiffies + ato;
2689
2690 /* Use new timeout only if there wasn't a older one earlier. */
2691 if (icsk->icsk_ack.pending & ICSK_ACK_TIMER) {
2692 /* If delack timer was blocked or is about to expire,
2693 * send ACK now.
2694 */
2695 if (icsk->icsk_ack.blocked ||
2696 time_before_eq(icsk->icsk_ack.timeout, jiffies + (ato >> 2))) {
2697 tcp_send_ack(sk);
2698 return;
2699 }
2700
2701 if (!time_before(timeout, icsk->icsk_ack.timeout))
2702 timeout = icsk->icsk_ack.timeout;
2703 }
2704 icsk->icsk_ack.pending |= ICSK_ACK_SCHED | ICSK_ACK_TIMER;
2705 icsk->icsk_ack.timeout = timeout;
2706 sk_reset_timer(sk, &icsk->icsk_delack_timer, timeout);
2707}
2708
2709/* This routine sends an ack and also updates the window. */
2710void tcp_send_ack(struct sock *sk)
2711{
2712 struct sk_buff *buff;
2713
2714 /* If we have been reset, we may not send again. */
2715 if (sk->sk_state == TCP_CLOSE)
2716 return;
2717
2718 /* We are not putting this on the write queue, so
2719 * tcp_transmit_skb() will set the ownership to this
2720 * sock.
2721 */
2722 buff = alloc_skb(MAX_TCP_HEADER, GFP_ATOMIC);
2723 if (buff == NULL) {
2724 inet_csk_schedule_ack(sk);
2725 inet_csk(sk)->icsk_ack.ato = TCP_ATO_MIN;
2726 inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK,
2727 TCP_DELACK_MAX, TCP_RTO_MAX);
2728 return;
2729 }
2730
2731 /* Reserve space for headers and prepare control bits. */
2732 skb_reserve(buff, MAX_TCP_HEADER);
2733 tcp_init_nondata_skb(buff, tcp_acceptable_seq(sk), TCPHDR_ACK);
2734
2735 /* Send it off, this clears delayed acks for us. */
2736 TCP_SKB_CB(buff)->when = tcp_time_stamp;
2737 tcp_transmit_skb(sk, buff, 0, GFP_ATOMIC);
2738}
2739
2740/* This routine sends a packet with an out of date sequence
2741 * number. It assumes the other end will try to ack it.
2742 *
2743 * Question: what should we make while urgent mode?
2744 * 4.4BSD forces sending single byte of data. We cannot send
2745 * out of window data, because we have SND.NXT==SND.MAX...
2746 *
2747 * Current solution: to send TWO zero-length segments in urgent mode:
2748 * one is with SEG.SEQ=SND.UNA to deliver urgent pointer, another is
2749 * out-of-date with SND.UNA-1 to probe window.
2750 */
2751static int tcp_xmit_probe_skb(struct sock *sk, int urgent)
2752{
2753 struct tcp_sock *tp = tcp_sk(sk);
2754 struct sk_buff *skb;
2755
2756 /* We don't queue it, tcp_transmit_skb() sets ownership. */
2757 skb = alloc_skb(MAX_TCP_HEADER, GFP_ATOMIC);
2758 if (skb == NULL)
2759 return -1;
2760
2761 /* Reserve space for headers and set control bits. */
2762 skb_reserve(skb, MAX_TCP_HEADER);
2763 /* Use a previous sequence. This should cause the other
2764 * end to send an ack. Don't queue or clone SKB, just
2765 * send it.
2766 */
2767 tcp_init_nondata_skb(skb, tp->snd_una - !urgent, TCPHDR_ACK);
2768 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2769 return tcp_transmit_skb(sk, skb, 0, GFP_ATOMIC);
2770}
2771
2772/* Initiate keepalive or window probe from timer. */
2773int tcp_write_wakeup(struct sock *sk)
2774{
2775 struct tcp_sock *tp = tcp_sk(sk);
2776 struct sk_buff *skb;
2777
2778 if (sk->sk_state == TCP_CLOSE)
2779 return -1;
2780
2781 if ((skb = tcp_send_head(sk)) != NULL &&
2782 before(TCP_SKB_CB(skb)->seq, tcp_wnd_end(tp))) {
2783 int err;
2784 unsigned int mss = tcp_current_mss(sk);
2785 unsigned int seg_size = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
2786
2787 if (before(tp->pushed_seq, TCP_SKB_CB(skb)->end_seq))
2788 tp->pushed_seq = TCP_SKB_CB(skb)->end_seq;
2789
2790 /* We are probing the opening of a window
2791 * but the window size is != 0
2792 * must have been a result SWS avoidance ( sender )
2793 */
2794 if (seg_size < TCP_SKB_CB(skb)->end_seq - TCP_SKB_CB(skb)->seq ||
2795 skb->len > mss) {
2796 seg_size = min(seg_size, mss);
2797 TCP_SKB_CB(skb)->flags |= TCPHDR_PSH;
2798 if (tcp_fragment(sk, skb, seg_size, mss))
2799 return -1;
2800 } else if (!tcp_skb_pcount(skb))
2801 tcp_set_skb_tso_segs(sk, skb, mss);
2802
2803 TCP_SKB_CB(skb)->flags |= TCPHDR_PSH;
2804 TCP_SKB_CB(skb)->when = tcp_time_stamp;
2805 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
2806 if (!err)
2807 tcp_event_new_data_sent(sk, skb);
2808 return err;
2809 } else {
2810 if (between(tp->snd_up, tp->snd_una + 1, tp->snd_una + 0xFFFF))
2811 tcp_xmit_probe_skb(sk, 1);
2812 return tcp_xmit_probe_skb(sk, 0);
2813 }
2814}
2815
2816/* A window probe timeout has occurred. If window is not closed send
2817 * a partial packet else a zero probe.
2818 */
2819void tcp_send_probe0(struct sock *sk)
2820{
2821 struct inet_connection_sock *icsk = inet_csk(sk);
2822 struct tcp_sock *tp = tcp_sk(sk);
2823 int err;
2824
2825 err = tcp_write_wakeup(sk);
2826
2827 if (tp->packets_out || !tcp_send_head(sk)) {
2828 /* Cancel probe timer, if it is not required. */
2829 icsk->icsk_probes_out = 0;
2830 icsk->icsk_backoff = 0;
2831 return;
2832 }
2833
2834 if (err <= 0) {
2835 if (icsk->icsk_backoff < sysctl_tcp_retries2)
2836 icsk->icsk_backoff++;
2837 icsk->icsk_probes_out++;
2838 inet_csk_reset_xmit_timer(sk, ICSK_TIME_PROBE0,
2839 min(icsk->icsk_rto << icsk->icsk_backoff, TCP_RTO_MAX),
2840 TCP_RTO_MAX);
2841 } else {
2842 /* If packet was not sent due to local congestion,
2843 * do not backoff and do not remember icsk_probes_out.
2844 * Let local senders to fight for local resources.
2845 *
2846 * Use accumulated backoff yet.
2847 */
2848 if (!icsk->icsk_probes_out)
2849 icsk->icsk_probes_out = 1;
2850 inet_csk_reset_xmit_timer(sk, ICSK_TIME_PROBE0,
2851 min(icsk->icsk_rto << icsk->icsk_backoff,
2852 TCP_RESOURCE_PROBE_INTERVAL),
2853 TCP_RTO_MAX);
2854 }
2855}