1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994, 1995
5 * The Regents of the University of California.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * @(#)tcp_sack.c 8.12 (Berkeley) 5/24/95
33 */
34
35 /*-
36 * @@(#)COPYRIGHT 1.1 (NRL) 17 January 1995
37 *
38 * NRL grants permission for redistribution and use in source and binary
39 * forms, with or without modification, of the software and documentation
40 * created at NRL provided that the following conditions are met:
41 *
42 * 1. Redistributions of source code must retain the above copyright
43 * notice, this list of conditions and the following disclaimer.
44 * 2. Redistributions in binary form must reproduce the above copyright
45 * notice, this list of conditions and the following disclaimer in the
46 * documentation and/or other materials provided with the distribution.
47 * 3. All advertising materials mentioning features or use of this software
48 * must display the following acknowledgements:
49 * This product includes software developed by the University of
50 * California, Berkeley and its contributors.
51 * This product includes software developed at the Information
52 * Technology Division, US Naval Research Laboratory.
53 * 4. Neither the name of the NRL nor the names of its contributors
54 * may be used to endorse or promote products derived from this software
55 * without specific prior written permission.
56 *
57 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
58 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
59 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
60 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
61 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
62 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
63 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
64 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
65 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
66 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
67 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
68 *
69 * The views and conclusions contained in the software and documentation
70 * are those of the authors and should not be interpreted as representing
71 * official policies, either expressed or implied, of the US Naval
72 * Research Laboratory (NRL).
73 */
74
75 #include <sys/cdefs.h>
76 #include "opt_inet.h"
77 #include "opt_inet6.h"
78 #include "opt_tcpdebug.h"
79
80 #include <sys/param.h>
81 #include <sys/systm.h>
82 #include <sys/kernel.h>
83 #include <sys/sysctl.h>
84 #include <sys/malloc.h>
85 #include <sys/mbuf.h>
86 #include <sys/proc.h> /* for proc0 declaration */
87 #include <sys/protosw.h>
88 #include <sys/socket.h>
89 #include <sys/socketvar.h>
90 #include <sys/syslog.h>
91 #include <sys/systm.h>
92
93 #include <machine/cpu.h> /* before tcp_seq.h, for tcp_random18() */
94
95 #include <vm/uma.h>
96
97 #include <net/if.h>
98 #include <net/if_var.h>
99 #include <net/route.h>
100 #include <net/vnet.h>
101
102 #include <netinet/in.h>
103 #include <netinet/in_systm.h>
104 #include <netinet/ip.h>
105 #include <netinet/in_var.h>
106 #include <netinet/in_pcb.h>
107 #include <netinet/ip_var.h>
108 #include <netinet/ip6.h>
109 #include <netinet/icmp6.h>
110 #include <netinet6/nd6.h>
111 #include <netinet6/ip6_var.h>
112 #include <netinet6/in6_pcb.h>
113 #include <netinet/tcp.h>
114 #include <netinet/tcp_fsm.h>
115 #include <netinet/tcp_seq.h>
116 #include <netinet/tcp_timer.h>
117 #include <netinet/tcp_var.h>
118 #include <netinet6/tcp6_var.h>
119 #include <netinet/tcpip.h>
120 #ifdef TCPDEBUG
121 #include <netinet/tcp_debug.h>
122 #endif /* TCPDEBUG */
123
124 #include <machine/in_cksum.h>
125
126 VNET_DECLARE(struct uma_zone *, sack_hole_zone);
127 #define V_sack_hole_zone VNET(sack_hole_zone)
128
129 SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
130 "TCP SACK");
131 VNET_DEFINE(int, tcp_do_sack) = 1;
132 #define V_tcp_do_sack VNET(tcp_do_sack)
133 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, enable, CTLFLAG_VNET | CTLFLAG_RW,
134 &VNET_NAME(tcp_do_sack), 0, "Enable/Disable TCP SACK support");
135
136 VNET_DEFINE(int, tcp_sack_maxholes) = 128;
137 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, maxholes, CTLFLAG_VNET | CTLFLAG_RW,
138 &VNET_NAME(tcp_sack_maxholes), 0,
139 "Maximum number of TCP SACK holes allowed per connection");
140
141 VNET_DEFINE(int, tcp_sack_globalmaxholes) = 65536;
142 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalmaxholes, CTLFLAG_VNET | CTLFLAG_RW,
143 &VNET_NAME(tcp_sack_globalmaxholes), 0,
144 "Global maximum number of TCP SACK holes");
145
146 VNET_DEFINE(int, tcp_sack_globalholes) = 0;
147 SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalholes, CTLFLAG_VNET | CTLFLAG_RD,
148 &VNET_NAME(tcp_sack_globalholes), 0,
149 "Global number of TCP SACK holes currently allocated");
150
151 int
tcp_dsack_block_exists(struct tcpcb * tp)152 tcp_dsack_block_exists(struct tcpcb *tp)
153 {
154 /* Return true if a DSACK block exists */
155 if (tp->rcv_numsacks == 0)
156 return (0);
157 if (SEQ_LEQ(tp->sackblks[0].end, tp->rcv_nxt))
158 return(1);
159 return (0);
160 }
161
162 /*
163 * This function will find overlaps with the currently stored sackblocks
164 * and add any overlap as a dsack block upfront
165 */
166 void
tcp_update_dsack_list(struct tcpcb * tp,tcp_seq rcv_start,tcp_seq rcv_end)167 tcp_update_dsack_list(struct tcpcb *tp, tcp_seq rcv_start, tcp_seq rcv_end)
168 {
169 struct sackblk head_blk,mid_blk,saved_blks[MAX_SACK_BLKS];
170 int i, j, n, identical;
171 tcp_seq start, end;
172
173 INP_WLOCK_ASSERT(tp->t_inpcb);
174
175 KASSERT(SEQ_LT(rcv_start, rcv_end), ("rcv_start < rcv_end"));
176
177 if (SEQ_LT(rcv_end, tp->rcv_nxt) ||
178 ((rcv_end == tp->rcv_nxt) &&
179 (tp->rcv_numsacks > 0 ) &&
180 (tp->sackblks[0].end == tp->rcv_nxt))) {
181 saved_blks[0].start = rcv_start;
182 saved_blks[0].end = rcv_end;
183 } else {
184 saved_blks[0].start = saved_blks[0].end = 0;
185 }
186
187 head_blk.start = head_blk.end = 0;
188 mid_blk.start = rcv_start;
189 mid_blk.end = rcv_end;
190 identical = 0;
191
192 for (i = 0; i < tp->rcv_numsacks; i++) {
193 start = tp->sackblks[i].start;
194 end = tp->sackblks[i].end;
195 if (SEQ_LT(rcv_end, start)) {
196 /* pkt left to sack blk */
197 continue;
198 }
199 if (SEQ_GT(rcv_start, end)) {
200 /* pkt right to sack blk */
201 continue;
202 }
203 if (SEQ_GT(tp->rcv_nxt, end)) {
204 if ((SEQ_MAX(rcv_start, start) != SEQ_MIN(rcv_end, end)) &&
205 (SEQ_GT(head_blk.start, SEQ_MAX(rcv_start, start)) ||
206 (head_blk.start == head_blk.end))) {
207 head_blk.start = SEQ_MAX(rcv_start, start);
208 head_blk.end = SEQ_MIN(rcv_end, end);
209 }
210 continue;
211 }
212 if (((head_blk.start == head_blk.end) ||
213 SEQ_LT(start, head_blk.start)) &&
214 (SEQ_GT(end, rcv_start) &&
215 SEQ_LEQ(start, rcv_end))) {
216 head_blk.start = start;
217 head_blk.end = end;
218 }
219 mid_blk.start = SEQ_MIN(mid_blk.start, start);
220 mid_blk.end = SEQ_MAX(mid_blk.end, end);
221 if ((mid_blk.start == start) &&
222 (mid_blk.end == end))
223 identical = 1;
224 }
225 if (SEQ_LT(head_blk.start, head_blk.end)) {
226 /* store overlapping range */
227 saved_blks[0].start = SEQ_MAX(rcv_start, head_blk.start);
228 saved_blks[0].end = SEQ_MIN(rcv_end, head_blk.end);
229 }
230 n = 1;
231 /*
232 * Second, if not ACKed, store the SACK block that
233 * overlaps with the DSACK block unless it is identical
234 */
235 if ((SEQ_LT(tp->rcv_nxt, mid_blk.end) &&
236 !((mid_blk.start == saved_blks[0].start) &&
237 (mid_blk.end == saved_blks[0].end))) ||
238 identical == 1) {
239 saved_blks[n].start = mid_blk.start;
240 saved_blks[n++].end = mid_blk.end;
241 }
242 for (j = 0; (j < tp->rcv_numsacks) && (n < MAX_SACK_BLKS); j++) {
243 if (((SEQ_LT(tp->sackblks[j].end, mid_blk.start) ||
244 SEQ_GT(tp->sackblks[j].start, mid_blk.end)) &&
245 (SEQ_GT(tp->sackblks[j].start, tp->rcv_nxt))))
246 saved_blks[n++] = tp->sackblks[j];
247 }
248 j = 0;
249 for (i = 0; i < n; i++) {
250 /* we can end up with a stale initial entry */
251 if (SEQ_LT(saved_blks[i].start, saved_blks[i].end)) {
252 tp->sackblks[j++] = saved_blks[i];
253 }
254 }
255 tp->rcv_numsacks = j;
256 }
257
258 /*
259 * This function is called upon receipt of new valid data (while not in
260 * header prediction mode), and it updates the ordered list of sacks.
261 */
262 void
tcp_update_sack_list(struct tcpcb * tp,tcp_seq rcv_start,tcp_seq rcv_end)263 tcp_update_sack_list(struct tcpcb *tp, tcp_seq rcv_start, tcp_seq rcv_end)
264 {
265 /*
266 * First reported block MUST be the most recent one. Subsequent
267 * blocks SHOULD be in the order in which they arrived at the
268 * receiver. These two conditions make the implementation fully
269 * compliant with RFC 2018.
270 */
271 struct sackblk head_blk, saved_blks[MAX_SACK_BLKS];
272 int num_head, num_saved, i;
273
274 INP_WLOCK_ASSERT(tp->t_inpcb);
275
276 /* Check arguments. */
277 KASSERT(SEQ_LEQ(rcv_start, rcv_end), ("rcv_start <= rcv_end"));
278
279 if ((rcv_start == rcv_end) &&
280 (tp->rcv_numsacks >= 1) &&
281 (rcv_end == tp->sackblks[0].end)) {
282 /* retaining DSACK block below rcv_nxt (todrop) */
283 head_blk = tp->sackblks[0];
284 } else {
285 /* SACK block for the received segment. */
286 head_blk.start = rcv_start;
287 head_blk.end = rcv_end;
288 }
289
290 /*
291 * Merge updated SACK blocks into head_blk, and save unchanged SACK
292 * blocks into saved_blks[]. num_saved will have the number of the
293 * saved SACK blocks.
294 */
295 num_saved = 0;
296 for (i = 0; i < tp->rcv_numsacks; i++) {
297 tcp_seq start = tp->sackblks[i].start;
298 tcp_seq end = tp->sackblks[i].end;
299 if (SEQ_GEQ(start, end) || SEQ_LEQ(start, tp->rcv_nxt)) {
300 /*
301 * Discard this SACK block.
302 */
303 } else if (SEQ_LEQ(head_blk.start, end) &&
304 SEQ_GEQ(head_blk.end, start)) {
305 /*
306 * Merge this SACK block into head_blk. This SACK
307 * block itself will be discarded.
308 */
309 /*
310 * |-|
311 * |---| merge
312 *
313 * |-|
314 * |---| merge
315 *
316 * |-----|
317 * |-| DSACK smaller
318 *
319 * |-|
320 * |-----| DSACK smaller
321 */
322 if (head_blk.start == end)
323 head_blk.start = start;
324 else if (head_blk.end == start)
325 head_blk.end = end;
326 else {
327 if (SEQ_LT(head_blk.start, start)) {
328 tcp_seq temp = start;
329 start = head_blk.start;
330 head_blk.start = temp;
331 }
332 if (SEQ_GT(head_blk.end, end)) {
333 tcp_seq temp = end;
334 end = head_blk.end;
335 head_blk.end = temp;
336 }
337 if ((head_blk.start != start) ||
338 (head_blk.end != end)) {
339 if ((num_saved >= 1) &&
340 SEQ_GEQ(saved_blks[num_saved-1].start, start) &&
341 SEQ_LEQ(saved_blks[num_saved-1].end, end))
342 num_saved--;
343 saved_blks[num_saved].start = start;
344 saved_blks[num_saved].end = end;
345 num_saved++;
346 }
347 }
348 } else {
349 /*
350 * This block supercedes the prior block
351 */
352 if ((num_saved >= 1) &&
353 SEQ_GEQ(saved_blks[num_saved-1].start, start) &&
354 SEQ_LEQ(saved_blks[num_saved-1].end, end))
355 num_saved--;
356 /*
357 * Save this SACK block.
358 */
359 saved_blks[num_saved].start = start;
360 saved_blks[num_saved].end = end;
361 num_saved++;
362 }
363 }
364
365 /*
366 * Update SACK list in tp->sackblks[].
367 */
368 num_head = 0;
369 if (SEQ_LT(rcv_start, rcv_end)) {
370 /*
371 * The received data segment is an out-of-order segment. Put
372 * head_blk at the top of SACK list.
373 */
374 tp->sackblks[0] = head_blk;
375 num_head = 1;
376 /*
377 * If the number of saved SACK blocks exceeds its limit,
378 * discard the last SACK block.
379 */
380 if (num_saved >= MAX_SACK_BLKS)
381 num_saved--;
382 }
383 if ((rcv_start == rcv_end) &&
384 (rcv_start == tp->sackblks[0].end)) {
385 num_head = 1;
386 }
387 if (num_saved > 0) {
388 /*
389 * Copy the saved SACK blocks back.
390 */
391 bcopy(saved_blks, &tp->sackblks[num_head],
392 sizeof(struct sackblk) * num_saved);
393 }
394
395 /* Save the number of SACK blocks. */
396 tp->rcv_numsacks = num_head + num_saved;
397 }
398
399 void
tcp_clean_dsack_blocks(struct tcpcb * tp)400 tcp_clean_dsack_blocks(struct tcpcb *tp)
401 {
402 struct sackblk saved_blks[MAX_SACK_BLKS];
403 int num_saved, i;
404
405 INP_WLOCK_ASSERT(tp->t_inpcb);
406 /*
407 * Clean up any DSACK blocks that
408 * are in our queue of sack blocks.
409 *
410 */
411 num_saved = 0;
412 for (i = 0; i < tp->rcv_numsacks; i++) {
413 tcp_seq start = tp->sackblks[i].start;
414 tcp_seq end = tp->sackblks[i].end;
415 if (SEQ_GEQ(start, end) || SEQ_LEQ(start, tp->rcv_nxt)) {
416 /*
417 * Discard this D-SACK block.
418 */
419 continue;
420 }
421 /*
422 * Save this SACK block.
423 */
424 saved_blks[num_saved].start = start;
425 saved_blks[num_saved].end = end;
426 num_saved++;
427 }
428 if (num_saved > 0) {
429 /*
430 * Copy the saved SACK blocks back.
431 */
432 bcopy(saved_blks, &tp->sackblks[0],
433 sizeof(struct sackblk) * num_saved);
434 }
435 tp->rcv_numsacks = num_saved;
436 }
437
438 /*
439 * Delete all receiver-side SACK information.
440 */
441 void
tcp_clean_sackreport(struct tcpcb * tp)442 tcp_clean_sackreport(struct tcpcb *tp)
443 {
444 int i;
445
446 INP_WLOCK_ASSERT(tp->t_inpcb);
447 tp->rcv_numsacks = 0;
448 for (i = 0; i < MAX_SACK_BLKS; i++)
449 tp->sackblks[i].start = tp->sackblks[i].end=0;
450 }
451
452 /*
453 * Allocate struct sackhole.
454 */
455 static struct sackhole *
tcp_sackhole_alloc(struct tcpcb * tp,tcp_seq start,tcp_seq end)456 tcp_sackhole_alloc(struct tcpcb *tp, tcp_seq start, tcp_seq end)
457 {
458 struct sackhole *hole;
459
460 if (tp->snd_numholes >= V_tcp_sack_maxholes ||
461 V_tcp_sack_globalholes >= V_tcp_sack_globalmaxholes) {
462 TCPSTAT_INC(tcps_sack_sboverflow);
463 return NULL;
464 }
465
466 hole = (struct sackhole *)uma_zalloc(V_sack_hole_zone, M_NOWAIT);
467 if (hole == NULL)
468 return NULL;
469
470 hole->start = start;
471 hole->end = end;
472 hole->rxmit = start;
473
474 tp->snd_numholes++;
475 atomic_add_int(&V_tcp_sack_globalholes, 1);
476
477 return hole;
478 }
479
480 /*
481 * Free struct sackhole.
482 */
483 static void
tcp_sackhole_free(struct tcpcb * tp,struct sackhole * hole)484 tcp_sackhole_free(struct tcpcb *tp, struct sackhole *hole)
485 {
486
487 uma_zfree(V_sack_hole_zone, hole);
488
489 tp->snd_numholes--;
490 atomic_subtract_int(&V_tcp_sack_globalholes, 1);
491
492 KASSERT(tp->snd_numholes >= 0, ("tp->snd_numholes >= 0"));
493 KASSERT(V_tcp_sack_globalholes >= 0, ("tcp_sack_globalholes >= 0"));
494 }
495
496 /*
497 * Insert new SACK hole into scoreboard.
498 */
499 static struct sackhole *
tcp_sackhole_insert(struct tcpcb * tp,tcp_seq start,tcp_seq end,struct sackhole * after)500 tcp_sackhole_insert(struct tcpcb *tp, tcp_seq start, tcp_seq end,
501 struct sackhole *after)
502 {
503 struct sackhole *hole;
504
505 /* Allocate a new SACK hole. */
506 hole = tcp_sackhole_alloc(tp, start, end);
507 if (hole == NULL)
508 return NULL;
509
510 /* Insert the new SACK hole into scoreboard. */
511 if (after != NULL)
512 TAILQ_INSERT_AFTER(&tp->snd_holes, after, hole, scblink);
513 else
514 TAILQ_INSERT_TAIL(&tp->snd_holes, hole, scblink);
515
516 /* Update SACK hint. */
517 if (tp->sackhint.nexthole == NULL)
518 tp->sackhint.nexthole = hole;
519
520 return hole;
521 }
522
523 /*
524 * Remove SACK hole from scoreboard.
525 */
526 static void
tcp_sackhole_remove(struct tcpcb * tp,struct sackhole * hole)527 tcp_sackhole_remove(struct tcpcb *tp, struct sackhole *hole)
528 {
529
530 /* Update SACK hint. */
531 if (tp->sackhint.nexthole == hole)
532 tp->sackhint.nexthole = TAILQ_NEXT(hole, scblink);
533
534 /* Remove this SACK hole. */
535 TAILQ_REMOVE(&tp->snd_holes, hole, scblink);
536
537 /* Free this SACK hole. */
538 tcp_sackhole_free(tp, hole);
539 }
540
541 /*
542 * Process cumulative ACK and the TCP SACK option to update the scoreboard.
543 * tp->snd_holes is an ordered list of holes (oldest to newest, in terms of
544 * the sequence space).
545 * Returns 1 if incoming ACK has previously unknown SACK information,
546 * 0 otherwise.
547 */
548 int
tcp_sack_doack(struct tcpcb * tp,struct tcpopt * to,tcp_seq th_ack)549 tcp_sack_doack(struct tcpcb *tp, struct tcpopt *to, tcp_seq th_ack)
550 {
551 struct sackhole *cur, *temp;
552 struct sackblk sack, sack_blocks[TCP_MAX_SACK + 1], *sblkp;
553 int i, j, num_sack_blks, sack_changed;
554 int delivered_data, left_edge_delta;
555
556 INP_WLOCK_ASSERT(tp->t_inpcb);
557
558 num_sack_blks = 0;
559 sack_changed = 0;
560 delivered_data = 0;
561 left_edge_delta = 0;
562 /*
563 * If SND.UNA will be advanced by SEG.ACK, and if SACK holes exist,
564 * treat [SND.UNA, SEG.ACK) as if it is a SACK block.
565 * Account changes to SND.UNA always in delivered data.
566 */
567 if (SEQ_LT(tp->snd_una, th_ack) && !TAILQ_EMPTY(&tp->snd_holes)) {
568 left_edge_delta = th_ack - tp->snd_una;
569 sack_blocks[num_sack_blks].start = tp->snd_una;
570 sack_blocks[num_sack_blks++].end = th_ack;
571 /*
572 * Pulling snd_fack forward if we got here
573 * due to DSACK blocks
574 */
575 if (SEQ_LT(tp->snd_fack, th_ack)) {
576 delivered_data += th_ack - tp->snd_una;
577 tp->snd_fack = th_ack;
578 sack_changed = 1;
579 }
580 }
581 /*
582 * Append received valid SACK blocks to sack_blocks[], but only if we
583 * received new blocks from the other side.
584 */
585 if (to->to_flags & TOF_SACK) {
586 for (i = 0; i < to->to_nsacks; i++) {
587 bcopy((to->to_sacks + i * TCPOLEN_SACK),
588 &sack, sizeof(sack));
589 sack.start = ntohl(sack.start);
590 sack.end = ntohl(sack.end);
591 if (SEQ_GT(sack.end, sack.start) &&
592 SEQ_GT(sack.start, tp->snd_una) &&
593 SEQ_GT(sack.start, th_ack) &&
594 SEQ_LT(sack.start, tp->snd_max) &&
595 SEQ_GT(sack.end, tp->snd_una) &&
596 SEQ_LEQ(sack.end, tp->snd_max)) {
597 sack_blocks[num_sack_blks++] = sack;
598 }
599 }
600 }
601 /*
602 * Return if SND.UNA is not advanced and no valid SACK block is
603 * received.
604 */
605 if (num_sack_blks == 0)
606 return (sack_changed);
607
608 /*
609 * Sort the SACK blocks so we can update the scoreboard with just one
610 * pass. The overhead of sorting up to 4+1 elements is less than
611 * making up to 4+1 passes over the scoreboard.
612 */
613 for (i = 0; i < num_sack_blks; i++) {
614 for (j = i + 1; j < num_sack_blks; j++) {
615 if (SEQ_GT(sack_blocks[i].end, sack_blocks[j].end)) {
616 sack = sack_blocks[i];
617 sack_blocks[i] = sack_blocks[j];
618 sack_blocks[j] = sack;
619 }
620 }
621 }
622 if (TAILQ_EMPTY(&tp->snd_holes)) {
623 /*
624 * Empty scoreboard. Need to initialize snd_fack (it may be
625 * uninitialized or have a bogus value). Scoreboard holes
626 * (from the sack blocks received) are created later below
627 * (in the logic that adds holes to the tail of the
628 * scoreboard).
629 */
630 tp->snd_fack = SEQ_MAX(tp->snd_una, th_ack);
631 tp->sackhint.sacked_bytes = 0; /* reset */
632 }
633 /*
634 * In the while-loop below, incoming SACK blocks (sack_blocks[]) and
635 * SACK holes (snd_holes) are traversed from their tails with just
636 * one pass in order to reduce the number of compares especially when
637 * the bandwidth-delay product is large.
638 *
639 * Note: Typically, in the first RTT of SACK recovery, the highest
640 * three or four SACK blocks with the same ack number are received.
641 * In the second RTT, if retransmitted data segments are not lost,
642 * the highest three or four SACK blocks with ack number advancing
643 * are received.
644 */
645 sblkp = &sack_blocks[num_sack_blks - 1]; /* Last SACK block */
646 tp->sackhint.last_sack_ack = sblkp->end;
647 if (SEQ_LT(tp->snd_fack, sblkp->start)) {
648 /*
649 * The highest SACK block is beyond fack. First,
650 * check if there was a successful Rescue Retransmission,
651 * and move this hole left. With normal holes, snd_fack
652 * is always to the right of the end.
653 */
654 if (((temp = TAILQ_LAST(&tp->snd_holes, sackhole_head)) != NULL) &&
655 SEQ_LEQ(tp->snd_fack,temp->end)) {
656 temp->start = SEQ_MAX(tp->snd_fack, SEQ_MAX(tp->snd_una, th_ack));
657 temp->end = sblkp->start;
658 temp->rxmit = temp->start;
659 delivered_data += sblkp->end - sblkp->start;
660 tp->snd_fack = sblkp->end;
661 sblkp--;
662 sack_changed = 1;
663 } else {
664 /*
665 * Append a new SACK hole at the tail. If the
666 * second or later highest SACK blocks are also
667 * beyond the current fack, they will be inserted
668 * by way of hole splitting in the while-loop below.
669 */
670 temp = tcp_sackhole_insert(tp, tp->snd_fack,sblkp->start,NULL);
671 if (temp != NULL) {
672 delivered_data += sblkp->end - sblkp->start;
673 tp->snd_fack = sblkp->end;
674 /* Go to the previous sack block. */
675 sblkp--;
676 sack_changed = 1;
677 } else {
678 /*
679 * We failed to add a new hole based on the current
680 * sack block. Skip over all the sack blocks that
681 * fall completely to the right of snd_fack and
682 * proceed to trim the scoreboard based on the
683 * remaining sack blocks. This also trims the
684 * scoreboard for th_ack (which is sack_blocks[0]).
685 */
686 while (sblkp >= sack_blocks &&
687 SEQ_LT(tp->snd_fack, sblkp->start))
688 sblkp--;
689 if (sblkp >= sack_blocks &&
690 SEQ_LT(tp->snd_fack, sblkp->end)) {
691 delivered_data += sblkp->end - tp->snd_fack;
692 tp->snd_fack = sblkp->end;
693 sack_changed = 1;
694 }
695 }
696 }
697 } else if (SEQ_LT(tp->snd_fack, sblkp->end)) {
698 /* fack is advanced. */
699 delivered_data += sblkp->end - tp->snd_fack;
700 tp->snd_fack = sblkp->end;
701 sack_changed = 1;
702 }
703 cur = TAILQ_LAST(&tp->snd_holes, sackhole_head); /* Last SACK hole. */
704 /*
705 * Since the incoming sack blocks are sorted, we can process them
706 * making one sweep of the scoreboard.
707 */
708 while (sblkp >= sack_blocks && cur != NULL) {
709 if (SEQ_GEQ(sblkp->start, cur->end)) {
710 /*
711 * SACKs data beyond the current hole. Go to the
712 * previous sack block.
713 */
714 sblkp--;
715 continue;
716 }
717 if (SEQ_LEQ(sblkp->end, cur->start)) {
718 /*
719 * SACKs data before the current hole. Go to the
720 * previous hole.
721 */
722 cur = TAILQ_PREV(cur, sackhole_head, scblink);
723 continue;
724 }
725 tp->sackhint.sack_bytes_rexmit -= (cur->rxmit - cur->start);
726 KASSERT(tp->sackhint.sack_bytes_rexmit >= 0,
727 ("sackhint bytes rtx >= 0"));
728 sack_changed = 1;
729 if (SEQ_LEQ(sblkp->start, cur->start)) {
730 /* Data acks at least the beginning of hole. */
731 if (SEQ_GEQ(sblkp->end, cur->end)) {
732 /* Acks entire hole, so delete hole. */
733 delivered_data += (cur->end - cur->start);
734 temp = cur;
735 cur = TAILQ_PREV(cur, sackhole_head, scblink);
736 tcp_sackhole_remove(tp, temp);
737 /*
738 * The sack block may ack all or part of the
739 * next hole too, so continue onto the next
740 * hole.
741 */
742 continue;
743 } else {
744 /* Move start of hole forward. */
745 delivered_data += (sblkp->end - cur->start);
746 cur->start = sblkp->end;
747 cur->rxmit = SEQ_MAX(cur->rxmit, cur->start);
748 }
749 } else {
750 /* Data acks at least the end of hole. */
751 if (SEQ_GEQ(sblkp->end, cur->end)) {
752 /* Move end of hole backward. */
753 delivered_data += (cur->end - sblkp->start);
754 cur->end = sblkp->start;
755 cur->rxmit = SEQ_MIN(cur->rxmit, cur->end);
756 } else {
757 /*
758 * ACKs some data in middle of a hole; need
759 * to split current hole
760 */
761 temp = tcp_sackhole_insert(tp, sblkp->end,
762 cur->end, cur);
763 if (temp != NULL) {
764 if (SEQ_GT(cur->rxmit, temp->rxmit)) {
765 temp->rxmit = cur->rxmit;
766 tp->sackhint.sack_bytes_rexmit
767 += (temp->rxmit
768 - temp->start);
769 }
770 cur->end = sblkp->start;
771 cur->rxmit = SEQ_MIN(cur->rxmit,
772 cur->end);
773 delivered_data += (sblkp->end - sblkp->start);
774 }
775 }
776 }
777 tp->sackhint.sack_bytes_rexmit += (cur->rxmit - cur->start);
778 /*
779 * Testing sblkp->start against cur->start tells us whether
780 * we're done with the sack block or the sack hole.
781 * Accordingly, we advance one or the other.
782 */
783 if (SEQ_LEQ(sblkp->start, cur->start))
784 cur = TAILQ_PREV(cur, sackhole_head, scblink);
785 else
786 sblkp--;
787 }
788 if (!(to->to_flags & TOF_SACK))
789 /*
790 * If this ACK did not contain any
791 * SACK blocks, any only moved the
792 * left edge right, it is a pure
793 * cumulative ACK. Do not count
794 * DupAck for this. Also required
795 * for RFC6675 rescue retransmission.
796 */
797 sack_changed = 0;
798 tp->sackhint.delivered_data = delivered_data;
799 tp->sackhint.sacked_bytes += delivered_data - left_edge_delta;
800 KASSERT((delivered_data >= 0), ("delivered_data < 0"));
801 KASSERT((tp->sackhint.sacked_bytes >= 0), ("sacked_bytes < 0"));
802 return (sack_changed);
803 }
804
805 /*
806 * Free all SACK holes to clear the scoreboard.
807 */
808 void
tcp_free_sackholes(struct tcpcb * tp)809 tcp_free_sackholes(struct tcpcb *tp)
810 {
811 struct sackhole *q;
812
813 INP_WLOCK_ASSERT(tp->t_inpcb);
814 while ((q = TAILQ_FIRST(&tp->snd_holes)) != NULL)
815 tcp_sackhole_remove(tp, q);
816 tp->sackhint.sack_bytes_rexmit = 0;
817
818 KASSERT(tp->snd_numholes == 0, ("tp->snd_numholes == 0"));
819 KASSERT(tp->sackhint.nexthole == NULL,
820 ("tp->sackhint.nexthole == NULL"));
821 }
822
823 /*
824 * Partial ack handling within a sack recovery episode. Keeping this very
825 * simple for now. When a partial ack is received, force snd_cwnd to a value
826 * that will allow the sender to transmit no more than 2 segments. If
827 * necessary, a better scheme can be adopted at a later point, but for now,
828 * the goal is to prevent the sender from bursting a large amount of data in
829 * the midst of sack recovery.
830 */
831 void
tcp_sack_partialack(struct tcpcb * tp,struct tcphdr * th)832 tcp_sack_partialack(struct tcpcb *tp, struct tcphdr *th)
833 {
834 int num_segs = 1;
835 u_int maxseg = tcp_maxseg(tp);
836
837 INP_WLOCK_ASSERT(tp->t_inpcb);
838 tcp_timer_activate(tp, TT_REXMT, 0);
839 tp->t_rtttime = 0;
840 /* Send one or 2 segments based on how much new data was acked. */
841 if ((BYTES_THIS_ACK(tp, th) / maxseg) >= 2)
842 num_segs = 2;
843 tp->snd_cwnd = (tp->sackhint.sack_bytes_rexmit +
844 (tp->snd_nxt - tp->snd_recover) + num_segs * maxseg);
845 if (tp->snd_cwnd > tp->snd_ssthresh)
846 tp->snd_cwnd = tp->snd_ssthresh;
847 tp->t_flags |= TF_ACKNOW;
848 /*
849 * RFC6675 rescue retransmission
850 * Add a hole between th_ack (snd_una is not yet set) and snd_max,
851 * if this was a pure cumulative ACK and no data was send beyond
852 * recovery point. Since the data in the socket has not been freed
853 * at this point, we check if the scoreboard is empty, and the ACK
854 * delivered some new data, indicating a full ACK. Also, if the
855 * recovery point is still at snd_max, we are probably application
856 * limited. However, this inference might not always be true. The
857 * rescue retransmission may rarely be slightly premature
858 * compared to RFC6675.
859 * The corresponding ACK+SACK will cause any further outstanding
860 * segments to be retransmitted. This addresses a corner case, when
861 * the trailing packets of a window are lost and no further data
862 * is available for sending.
863 */
864 if ((V_tcp_do_rfc6675_pipe) &&
865 SEQ_LT(th->th_ack, tp->snd_recover) &&
866 (tp->snd_recover == tp->snd_max) &&
867 TAILQ_EMPTY(&tp->snd_holes) &&
868 (tp->sackhint.delivered_data > 0)) {
869 /*
870 * Exclude FIN sequence space in
871 * the hole for the rescue retransmission,
872 * and also don't create a hole, if only
873 * the ACK for a FIN is outstanding.
874 */
875 tcp_seq highdata = tp->snd_max;
876 if (tp->t_flags & TF_SENTFIN)
877 highdata--;
878 if (th->th_ack != highdata) {
879 tp->snd_fack = th->th_ack;
880 (void)tcp_sackhole_insert(tp, SEQ_MAX(th->th_ack,
881 highdata - maxseg), highdata, NULL);
882 }
883 }
884 (void) tp->t_fb->tfb_tcp_output(tp);
885 }
886
887 #if 0
888 /*
889 * Debug version of tcp_sack_output() that walks the scoreboard. Used for
890 * now to sanity check the hint.
891 */
892 static struct sackhole *
893 tcp_sack_output_debug(struct tcpcb *tp, int *sack_bytes_rexmt)
894 {
895 struct sackhole *p;
896
897 INP_WLOCK_ASSERT(tp->t_inpcb);
898 *sack_bytes_rexmt = 0;
899 TAILQ_FOREACH(p, &tp->snd_holes, scblink) {
900 if (SEQ_LT(p->rxmit, p->end)) {
901 if (SEQ_LT(p->rxmit, tp->snd_una)) {/* old SACK hole */
902 continue;
903 }
904 *sack_bytes_rexmt += (p->rxmit - p->start);
905 break;
906 }
907 *sack_bytes_rexmt += (p->rxmit - p->start);
908 }
909 return (p);
910 }
911 #endif
912
913 /*
914 * Returns the next hole to retransmit and the number of retransmitted bytes
915 * from the scoreboard. We store both the next hole and the number of
916 * retransmitted bytes as hints (and recompute these on the fly upon SACK/ACK
917 * reception). This avoids scoreboard traversals completely.
918 *
919 * The loop here will traverse *at most* one link. Here's the argument. For
920 * the loop to traverse more than 1 link before finding the next hole to
921 * retransmit, we would need to have at least 1 node following the current
922 * hint with (rxmit == end). But, for all holes following the current hint,
923 * (start == rxmit), since we have not yet retransmitted from them.
924 * Therefore, in order to traverse more 1 link in the loop below, we need to
925 * have at least one node following the current hint with (start == rxmit ==
926 * end). But that can't happen, (start == end) means that all the data in
927 * that hole has been sacked, in which case, the hole would have been removed
928 * from the scoreboard.
929 */
930 struct sackhole *
tcp_sack_output(struct tcpcb * tp,int * sack_bytes_rexmt)931 tcp_sack_output(struct tcpcb *tp, int *sack_bytes_rexmt)
932 {
933 struct sackhole *hole = NULL;
934
935 INP_WLOCK_ASSERT(tp->t_inpcb);
936 *sack_bytes_rexmt = tp->sackhint.sack_bytes_rexmit;
937 hole = tp->sackhint.nexthole;
938 if (hole == NULL || SEQ_LT(hole->rxmit, hole->end))
939 goto out;
940 while ((hole = TAILQ_NEXT(hole, scblink)) != NULL) {
941 if (SEQ_LT(hole->rxmit, hole->end)) {
942 tp->sackhint.nexthole = hole;
943 break;
944 }
945 }
946 out:
947 return (hole);
948 }
949
950 /*
951 * After a timeout, the SACK list may be rebuilt. This SACK information
952 * should be used to avoid retransmitting SACKed data. This function
953 * traverses the SACK list to see if snd_nxt should be moved forward.
954 */
955 void
tcp_sack_adjust(struct tcpcb * tp)956 tcp_sack_adjust(struct tcpcb *tp)
957 {
958 struct sackhole *p, *cur = TAILQ_FIRST(&tp->snd_holes);
959
960 INP_WLOCK_ASSERT(tp->t_inpcb);
961 if (cur == NULL)
962 return; /* No holes */
963 if (SEQ_GEQ(tp->snd_nxt, tp->snd_fack))
964 return; /* We're already beyond any SACKed blocks */
965 /*-
966 * Two cases for which we want to advance snd_nxt:
967 * i) snd_nxt lies between end of one hole and beginning of another
968 * ii) snd_nxt lies between end of last hole and snd_fack
969 */
970 while ((p = TAILQ_NEXT(cur, scblink)) != NULL) {
971 if (SEQ_LT(tp->snd_nxt, cur->end))
972 return;
973 if (SEQ_GEQ(tp->snd_nxt, p->start))
974 cur = p;
975 else {
976 tp->snd_nxt = p->start;
977 return;
978 }
979 }
980 if (SEQ_LT(tp->snd_nxt, cur->end))
981 return;
982 tp->snd_nxt = tp->snd_fack;
983 }
984