1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * INET An implementation of the TCP/IP protocol suite for the LINUX 4 * operating system. INET is implemented using the BSD Socket 5 * interface as the means of communication with the user level. 6 * 7 * Implementation of the Transmission Control Protocol(TCP). 8 * 9 * Authors: Ross Biro 10 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 11 * Mark Evans, <evansmp@uhura.aston.ac.uk> 12 * Corey Minyard <wf-rch!minyard@relay.EU.net> 13 * Florian La Roche, <flla@stud.uni-sb.de> 14 * Charles Hedrick, <hedrick@klinzhai.rutgers.edu> 15 * Linus Torvalds, <torvalds@cs.helsinki.fi> 16 * Alan Cox, <gw4pts@gw4pts.ampr.org> 17 * Matthew Dillon, <dillon@apollo.west.oic.com> 18 * Arnt Gulbrandsen, <agulbra@nvg.unit.no> 19 * Jorge Cwik, <jorge@laser.satlink.net> 20 */ 21 22/* 23 * Changes: Pedro Roque : Retransmit queue handled by TCP. 24 * : Fragmentation on mtu decrease 25 * : Segment collapse on retransmit 26 * : AF independence 27 * 28 * Linus Torvalds : send_delayed_ack 29 * David S. Miller : Charge memory using the right skb 30 * during syn/ack processing. 31 * David S. Miller : Output engine completely rewritten. 32 * Andrea Arcangeli: SYNACK carry ts_recent in tsecr. 33 * Cacophonix Gaul : draft-minshall-nagle-01 34 * J Hadi Salim : ECN support 35 * 36 */ 37 38#define pr_fmt(fmt) "TCP: " fmt 39 40#include <net/tcp.h> 41#include <net/mptcp.h> 42 43#include <linux/compiler.h> 44#include <linux/gfp.h> 45#include <linux/module.h> 46#include <linux/static_key.h> 47#ifdef CONFIG_LOWPOWER_PROTOCOL 48#include <net/lowpower_protocol.h> 49#endif /* CONFIG_LOWPOWER_PROTOCOL */ 50#include <trace/events/tcp.h> 51 52/* Refresh clocks of a TCP socket, 53 * ensuring monotically increasing values. 54 */ 55void tcp_mstamp_refresh(struct tcp_sock *tp) 56{ 57 u64 val = tcp_clock_ns(); 58 59 tp->tcp_clock_cache = val; 60 tp->tcp_mstamp = div_u64(val, NSEC_PER_USEC); 61} 62 63static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle, 64 int push_one, gfp_t gfp); 65 66/* Account for new data that has been sent to the network. */ 67static void tcp_event_new_data_sent(struct sock *sk, struct sk_buff *skb) 68{ 69 struct inet_connection_sock *icsk = inet_csk(sk); 70 struct tcp_sock *tp = tcp_sk(sk); 71 unsigned int prior_packets = tp->packets_out; 72 73 WRITE_ONCE(tp->snd_nxt, TCP_SKB_CB(skb)->end_seq); 74 75 __skb_unlink(skb, &sk->sk_write_queue); 76 tcp_rbtree_insert(&sk->tcp_rtx_queue, skb); 77 78 if (tp->highest_sack == NULL) 79 tp->highest_sack = skb; 80 81 tp->packets_out += tcp_skb_pcount(skb); 82 if (!prior_packets || icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) 83 tcp_rearm_rto(sk); 84 85 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPORIGDATASENT, 86 tcp_skb_pcount(skb)); 87 tcp_check_space(sk); 88} 89 90/* SND.NXT, if window was not shrunk or the amount of shrunk was less than one 91 * window scaling factor due to loss of precision. 92 * If window has been shrunk, what should we make? It is not clear at all. 93 * Using SND.UNA we will fail to open window, SND.NXT is out of window. :-( 94 * Anything in between SND.UNA...SND.UNA+SND.WND also can be already 95 * invalid. OK, let's make this for now: 96 */ 97static inline __u32 tcp_acceptable_seq(const struct sock *sk) 98{ 99 const struct tcp_sock *tp = tcp_sk(sk); 100 101 if (!before(tcp_wnd_end(tp), tp->snd_nxt) || 102 (tp->rx_opt.wscale_ok && 103 ((tp->snd_nxt - tcp_wnd_end(tp)) < (1 << tp->rx_opt.rcv_wscale)))) 104 return tp->snd_nxt; 105 else 106 return tcp_wnd_end(tp); 107} 108 109/* Calculate mss to advertise in SYN segment. 110 * RFC1122, RFC1063, draft-ietf-tcpimpl-pmtud-01 state that: 111 * 112 * 1. It is independent of path mtu. 113 * 2. Ideally, it is maximal possible segment size i.e. 65535-40. 114 * 3. For IPv4 it is reasonable to calculate it from maximal MTU of 115 * attached devices, because some buggy hosts are confused by 116 * large MSS. 117 * 4. We do not make 3, we advertise MSS, calculated from first 118 * hop device mtu, but allow to raise it to ip_rt_min_advmss. 119 * This may be overridden via information stored in routing table. 120 * 5. Value 65535 for MSS is valid in IPv6 and means "as large as possible, 121 * probably even Jumbo". 122 */ 123static __u16 tcp_advertise_mss(struct sock *sk) 124{ 125 struct tcp_sock *tp = tcp_sk(sk); 126 const struct dst_entry *dst = __sk_dst_get(sk); 127 int mss = tp->advmss; 128 129 if (dst) { 130 unsigned int metric = dst_metric_advmss(dst); 131 132 if (metric < mss) { 133 mss = metric; 134 tp->advmss = mss; 135 } 136 } 137 138 return (__u16)mss; 139} 140 141/* RFC2861. Reset CWND after idle period longer RTO to "restart window". 142 * This is the first part of cwnd validation mechanism. 143 */ 144void tcp_cwnd_restart(struct sock *sk, s32 delta) 145{ 146 struct tcp_sock *tp = tcp_sk(sk); 147 u32 restart_cwnd = tcp_init_cwnd(tp, __sk_dst_get(sk)); 148 u32 cwnd = tp->snd_cwnd; 149 150 tcp_ca_event(sk, CA_EVENT_CWND_RESTART); 151 152 tp->snd_ssthresh = tcp_current_ssthresh(sk); 153 restart_cwnd = min(restart_cwnd, cwnd); 154 155 while ((delta -= inet_csk(sk)->icsk_rto) > 0 && cwnd > restart_cwnd) 156 cwnd >>= 1; 157 tp->snd_cwnd = max(cwnd, restart_cwnd); 158 tp->snd_cwnd_stamp = tcp_jiffies32; 159 tp->snd_cwnd_used = 0; 160} 161 162/* Congestion state accounting after a packet has been sent. */ 163static void tcp_event_data_sent(struct tcp_sock *tp, 164 struct sock *sk) 165{ 166 struct inet_connection_sock *icsk = inet_csk(sk); 167 const u32 now = tcp_jiffies32; 168 169 if (tcp_packets_in_flight(tp) == 0) 170 tcp_ca_event(sk, CA_EVENT_TX_START); 171 172 tp->lsndtime = now; 173 174 /* If it is a reply for ato after last received 175 * packet, enter pingpong mode. 176 */ 177 if ((u32)(now - icsk->icsk_ack.lrcvtime) < icsk->icsk_ack.ato) 178 inet_csk_enter_pingpong_mode(sk); 179} 180 181/* Account for an ACK we sent. */ 182static inline void tcp_event_ack_sent(struct sock *sk, u32 rcv_nxt) 183{ 184 struct tcp_sock *tp = tcp_sk(sk); 185 186 if (unlikely(tp->compressed_ack)) { 187 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPACKCOMPRESSED, 188 tp->compressed_ack); 189 tp->compressed_ack = 0; 190 if (hrtimer_try_to_cancel(&tp->compressed_ack_timer) == 1) 191 __sock_put(sk); 192 } 193 194 if (unlikely(rcv_nxt != tp->rcv_nxt)) 195 return; /* Special ACK sent by DCTCP to reflect ECN */ 196 tcp_dec_quickack_mode(sk); 197 inet_csk_clear_xmit_timer(sk, ICSK_TIME_DACK); 198} 199 200/* Determine a window scaling and initial window to offer. 201 * Based on the assumption that the given amount of space 202 * will be offered. Store the results in the tp structure. 203 * NOTE: for smooth operation initial space offering should 204 * be a multiple of mss if possible. We assume here that mss >= 1. 205 * This MUST be enforced by all callers. 206 */ 207void tcp_select_initial_window(const struct sock *sk, int __space, __u32 mss, 208 __u32 *rcv_wnd, __u32 *window_clamp, 209 int wscale_ok, __u8 *rcv_wscale, 210 __u32 init_rcv_wnd) 211{ 212 unsigned int space = (__space < 0 ? 0 : __space); 213 214 /* If no clamp set the clamp to the max possible scaled window */ 215 if (*window_clamp == 0) 216 (*window_clamp) = (U16_MAX << TCP_MAX_WSCALE); 217 space = min(*window_clamp, space); 218 219 /* Quantize space offering to a multiple of mss if possible. */ 220 if (space > mss) 221 space = rounddown(space, mss); 222 223 /* NOTE: offering an initial window larger than 32767 224 * will break some buggy TCP stacks. If the admin tells us 225 * it is likely we could be speaking with such a buggy stack 226 * we will truncate our initial window offering to 32K-1 227 * unless the remote has sent us a window scaling option, 228 * which we interpret as a sign the remote TCP is not 229 * misinterpreting the window field as a signed quantity. 230 */ 231 if (sock_net(sk)->ipv4.sysctl_tcp_workaround_signed_windows) 232 (*rcv_wnd) = min(space, MAX_TCP_WINDOW); 233 else 234 (*rcv_wnd) = min_t(u32, space, U16_MAX); 235 236 if (init_rcv_wnd) 237 *rcv_wnd = min(*rcv_wnd, init_rcv_wnd * mss); 238 239 *rcv_wscale = 0; 240 if (wscale_ok) { 241 /* Set window scaling on max possible window */ 242 space = max_t(u32, space, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2])); 243 space = max_t(u32, space, READ_ONCE(sysctl_rmem_max)); 244 space = min_t(u32, space, *window_clamp); 245 *rcv_wscale = clamp_t(int, ilog2(space) - 15, 246 0, TCP_MAX_WSCALE); 247 } 248 /* Set the clamp no higher than max representable value */ 249 (*window_clamp) = min_t(__u32, U16_MAX << (*rcv_wscale), *window_clamp); 250} 251EXPORT_SYMBOL(tcp_select_initial_window); 252 253/* Chose a new window to advertise, update state in tcp_sock for the 254 * socket, and return result with RFC1323 scaling applied. The return 255 * value can be stuffed directly into th->window for an outgoing 256 * frame. 257 */ 258static u16 tcp_select_window(struct sock *sk) 259{ 260 struct tcp_sock *tp = tcp_sk(sk); 261 u32 old_win = tp->rcv_wnd; 262 u32 cur_win = tcp_receive_window(tp); 263 u32 new_win = __tcp_select_window(sk); 264 265 /* Never shrink the offered window */ 266 if (new_win < cur_win) { 267 /* Danger Will Robinson! 268 * Don't update rcv_wup/rcv_wnd here or else 269 * we will not be able to advertise a zero 270 * window in time. --DaveM 271 * 272 * Relax Will Robinson. 273 */ 274 if (new_win == 0) 275 NET_INC_STATS(sock_net(sk), 276 LINUX_MIB_TCPWANTZEROWINDOWADV); 277 new_win = ALIGN(cur_win, 1 << tp->rx_opt.rcv_wscale); 278 } 279 tp->rcv_wnd = new_win; 280 tp->rcv_wup = tp->rcv_nxt; 281 282 /* Make sure we do not exceed the maximum possible 283 * scaled window. 284 */ 285 if (!tp->rx_opt.rcv_wscale && 286 sock_net(sk)->ipv4.sysctl_tcp_workaround_signed_windows) 287 new_win = min(new_win, MAX_TCP_WINDOW); 288 else 289 new_win = min(new_win, (65535U << tp->rx_opt.rcv_wscale)); 290 291 /* RFC1323 scaling applied */ 292 new_win >>= tp->rx_opt.rcv_wscale; 293 294 /* If we advertise zero window, disable fast path. */ 295 if (new_win == 0) { 296 tp->pred_flags = 0; 297 if (old_win) 298 NET_INC_STATS(sock_net(sk), 299 LINUX_MIB_TCPTOZEROWINDOWADV); 300 } else if (old_win == 0) { 301 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPFROMZEROWINDOWADV); 302 } 303 304 return new_win; 305} 306 307/* Packet ECN state for a SYN-ACK */ 308static void tcp_ecn_send_synack(struct sock *sk, struct sk_buff *skb) 309{ 310 const struct tcp_sock *tp = tcp_sk(sk); 311 312 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_CWR; 313 if (!(tp->ecn_flags & TCP_ECN_OK)) 314 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_ECE; 315 else if (tcp_ca_needs_ecn(sk) || 316 tcp_bpf_ca_needs_ecn(sk)) 317 INET_ECN_xmit(sk); 318} 319 320/* Packet ECN state for a SYN. */ 321static void tcp_ecn_send_syn(struct sock *sk, struct sk_buff *skb) 322{ 323 struct tcp_sock *tp = tcp_sk(sk); 324 bool bpf_needs_ecn = tcp_bpf_ca_needs_ecn(sk); 325 bool use_ecn = sock_net(sk)->ipv4.sysctl_tcp_ecn == 1 || 326 tcp_ca_needs_ecn(sk) || bpf_needs_ecn; 327 328 if (!use_ecn) { 329 const struct dst_entry *dst = __sk_dst_get(sk); 330 331 if (dst && dst_feature(dst, RTAX_FEATURE_ECN)) 332 use_ecn = true; 333 } 334 335 tp->ecn_flags = 0; 336 337 if (use_ecn) { 338 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_ECE | TCPHDR_CWR; 339 tp->ecn_flags = TCP_ECN_OK; 340 if (tcp_ca_needs_ecn(sk) || bpf_needs_ecn) 341 INET_ECN_xmit(sk); 342 } 343} 344 345static void tcp_ecn_clear_syn(struct sock *sk, struct sk_buff *skb) 346{ 347 if (sock_net(sk)->ipv4.sysctl_tcp_ecn_fallback) 348 /* tp->ecn_flags are cleared at a later point in time when 349 * SYN ACK is ultimatively being received. 350 */ 351 TCP_SKB_CB(skb)->tcp_flags &= ~(TCPHDR_ECE | TCPHDR_CWR); 352} 353 354static void 355tcp_ecn_make_synack(const struct request_sock *req, struct tcphdr *th) 356{ 357 if (inet_rsk(req)->ecn_ok) 358 th->ece = 1; 359} 360 361/* Set up ECN state for a packet on a ESTABLISHED socket that is about to 362 * be sent. 363 */ 364static void tcp_ecn_send(struct sock *sk, struct sk_buff *skb, 365 struct tcphdr *th, int tcp_header_len) 366{ 367 struct tcp_sock *tp = tcp_sk(sk); 368 369 if (tp->ecn_flags & TCP_ECN_OK) { 370 /* Not-retransmitted data segment: set ECT and inject CWR. */ 371 if (skb->len != tcp_header_len && 372 !before(TCP_SKB_CB(skb)->seq, tp->snd_nxt)) { 373 INET_ECN_xmit(sk); 374 if (tp->ecn_flags & TCP_ECN_QUEUE_CWR) { 375 tp->ecn_flags &= ~TCP_ECN_QUEUE_CWR; 376 th->cwr = 1; 377 skb_shinfo(skb)->gso_type |= SKB_GSO_TCP_ECN; 378 } 379 } else if (!tcp_ca_needs_ecn(sk)) { 380 /* ACK or retransmitted segment: clear ECT|CE */ 381 INET_ECN_dontxmit(sk); 382 } 383 if (tp->ecn_flags & TCP_ECN_DEMAND_CWR) 384 th->ece = 1; 385 } 386} 387 388/* Constructs common control bits of non-data skb. If SYN/FIN is present, 389 * auto increment end seqno. 390 */ 391static void tcp_init_nondata_skb(struct sk_buff *skb, u32 seq, u8 flags) 392{ 393 skb->ip_summed = CHECKSUM_PARTIAL; 394 395 TCP_SKB_CB(skb)->tcp_flags = flags; 396 TCP_SKB_CB(skb)->sacked = 0; 397 398 tcp_skb_pcount_set(skb, 1); 399 400 TCP_SKB_CB(skb)->seq = seq; 401 if (flags & (TCPHDR_SYN | TCPHDR_FIN)) 402 seq++; 403 TCP_SKB_CB(skb)->end_seq = seq; 404} 405 406static inline bool tcp_urg_mode(const struct tcp_sock *tp) 407{ 408 return tp->snd_una != tp->snd_up; 409} 410 411#define OPTION_SACK_ADVERTISE (1 << 0) 412#define OPTION_TS (1 << 1) 413#define OPTION_MD5 (1 << 2) 414#define OPTION_WSCALE (1 << 3) 415#define OPTION_FAST_OPEN_COOKIE (1 << 8) 416#define OPTION_SMC (1 << 9) 417#define OPTION_MPTCP (1 << 10) 418 419static void smc_options_write(__be32 *ptr, u16 *options) 420{ 421#if IS_ENABLED(CONFIG_SMC) 422 if (static_branch_unlikely(&tcp_have_smc)) { 423 if (unlikely(OPTION_SMC & *options)) { 424 *ptr++ = htonl((TCPOPT_NOP << 24) | 425 (TCPOPT_NOP << 16) | 426 (TCPOPT_EXP << 8) | 427 (TCPOLEN_EXP_SMC_BASE)); 428 *ptr++ = htonl(TCPOPT_SMC_MAGIC); 429 } 430 } 431#endif 432} 433 434struct tcp_out_options { 435 u16 options; /* bit field of OPTION_* */ 436 u16 mss; /* 0 to disable */ 437 u8 ws; /* window scale, 0 to disable */ 438 u8 num_sack_blocks; /* number of SACK blocks to include */ 439 u8 hash_size; /* bytes in hash_location */ 440 u8 bpf_opt_len; /* length of BPF hdr option */ 441 __u8 *hash_location; /* temporary pointer, overloaded */ 442 __u32 tsval, tsecr; /* need to include OPTION_TS */ 443 struct tcp_fastopen_cookie *fastopen_cookie; /* Fast open cookie */ 444 struct mptcp_out_options mptcp; 445}; 446 447static void mptcp_options_write(__be32 *ptr, struct tcp_out_options *opts) 448{ 449#if IS_ENABLED(CONFIG_MPTCP) 450 if (unlikely(OPTION_MPTCP & opts->options)) 451 mptcp_write_options(ptr, &opts->mptcp); 452#endif 453} 454 455#ifdef CONFIG_CGROUP_BPF 456static int bpf_skops_write_hdr_opt_arg0(struct sk_buff *skb, 457 enum tcp_synack_type synack_type) 458{ 459 if (unlikely(!skb)) 460 return BPF_WRITE_HDR_TCP_CURRENT_MSS; 461 462 if (unlikely(synack_type == TCP_SYNACK_COOKIE)) 463 return BPF_WRITE_HDR_TCP_SYNACK_COOKIE; 464 465 return 0; 466} 467 468/* req, syn_skb and synack_type are used when writing synack */ 469static void bpf_skops_hdr_opt_len(struct sock *sk, struct sk_buff *skb, 470 struct request_sock *req, 471 struct sk_buff *syn_skb, 472 enum tcp_synack_type synack_type, 473 struct tcp_out_options *opts, 474 unsigned int *remaining) 475{ 476 struct bpf_sock_ops_kern sock_ops; 477 int err; 478 479 if (likely(!BPF_SOCK_OPS_TEST_FLAG(tcp_sk(sk), 480 BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG)) || 481 !*remaining) 482 return; 483 484 /* *remaining has already been aligned to 4 bytes, so *remaining >= 4 */ 485 486 /* init sock_ops */ 487 memset(&sock_ops, 0, offsetof(struct bpf_sock_ops_kern, temp)); 488 489 sock_ops.op = BPF_SOCK_OPS_HDR_OPT_LEN_CB; 490 491 if (req) { 492 /* The listen "sk" cannot be passed here because 493 * it is not locked. It would not make too much 494 * sense to do bpf_setsockopt(listen_sk) based 495 * on individual connection request also. 496 * 497 * Thus, "req" is passed here and the cgroup-bpf-progs 498 * of the listen "sk" will be run. 499 * 500 * "req" is also used here for fastopen even the "sk" here is 501 * a fullsock "child" sk. It is to keep the behavior 502 * consistent between fastopen and non-fastopen on 503 * the bpf programming side. 504 */ 505 sock_ops.sk = (struct sock *)req; 506 sock_ops.syn_skb = syn_skb; 507 } else { 508 sock_owned_by_me(sk); 509 510 sock_ops.is_fullsock = 1; 511 sock_ops.sk = sk; 512 } 513 514 sock_ops.args[0] = bpf_skops_write_hdr_opt_arg0(skb, synack_type); 515 sock_ops.remaining_opt_len = *remaining; 516 /* tcp_current_mss() does not pass a skb */ 517 if (skb) 518 bpf_skops_init_skb(&sock_ops, skb, 0); 519 520 err = BPF_CGROUP_RUN_PROG_SOCK_OPS_SK(&sock_ops, sk); 521 522 if (err || sock_ops.remaining_opt_len == *remaining) 523 return; 524 525 opts->bpf_opt_len = *remaining - sock_ops.remaining_opt_len; 526 /* round up to 4 bytes */ 527 opts->bpf_opt_len = (opts->bpf_opt_len + 3) & ~3; 528 529 *remaining -= opts->bpf_opt_len; 530} 531 532static void bpf_skops_write_hdr_opt(struct sock *sk, struct sk_buff *skb, 533 struct request_sock *req, 534 struct sk_buff *syn_skb, 535 enum tcp_synack_type synack_type, 536 struct tcp_out_options *opts) 537{ 538 u8 first_opt_off, nr_written, max_opt_len = opts->bpf_opt_len; 539 struct bpf_sock_ops_kern sock_ops; 540 int err; 541 542 if (likely(!max_opt_len)) 543 return; 544 545 memset(&sock_ops, 0, offsetof(struct bpf_sock_ops_kern, temp)); 546 547 sock_ops.op = BPF_SOCK_OPS_WRITE_HDR_OPT_CB; 548 549 if (req) { 550 sock_ops.sk = (struct sock *)req; 551 sock_ops.syn_skb = syn_skb; 552 } else { 553 sock_owned_by_me(sk); 554 555 sock_ops.is_fullsock = 1; 556 sock_ops.sk = sk; 557 } 558 559 sock_ops.args[0] = bpf_skops_write_hdr_opt_arg0(skb, synack_type); 560 sock_ops.remaining_opt_len = max_opt_len; 561 first_opt_off = tcp_hdrlen(skb) - max_opt_len; 562 bpf_skops_init_skb(&sock_ops, skb, first_opt_off); 563 564 err = BPF_CGROUP_RUN_PROG_SOCK_OPS_SK(&sock_ops, sk); 565 566 if (err) 567 nr_written = 0; 568 else 569 nr_written = max_opt_len - sock_ops.remaining_opt_len; 570 571 if (nr_written < max_opt_len) 572 memset(skb->data + first_opt_off + nr_written, TCPOPT_NOP, 573 max_opt_len - nr_written); 574} 575#else 576static void bpf_skops_hdr_opt_len(struct sock *sk, struct sk_buff *skb, 577 struct request_sock *req, 578 struct sk_buff *syn_skb, 579 enum tcp_synack_type synack_type, 580 struct tcp_out_options *opts, 581 unsigned int *remaining) 582{ 583} 584 585static void bpf_skops_write_hdr_opt(struct sock *sk, struct sk_buff *skb, 586 struct request_sock *req, 587 struct sk_buff *syn_skb, 588 enum tcp_synack_type synack_type, 589 struct tcp_out_options *opts) 590{ 591} 592#endif 593 594/* Write previously computed TCP options to the packet. 595 * 596 * Beware: Something in the Internet is very sensitive to the ordering of 597 * TCP options, we learned this through the hard way, so be careful here. 598 * Luckily we can at least blame others for their non-compliance but from 599 * inter-operability perspective it seems that we're somewhat stuck with 600 * the ordering which we have been using if we want to keep working with 601 * those broken things (not that it currently hurts anybody as there isn't 602 * particular reason why the ordering would need to be changed). 603 * 604 * At least SACK_PERM as the first option is known to lead to a disaster 605 * (but it may well be that other scenarios fail similarly). 606 */ 607static void tcp_options_write(__be32 *ptr, struct tcp_sock *tp, 608 struct tcp_out_options *opts) 609{ 610 u16 options = opts->options; /* mungable copy */ 611 612 if (unlikely(OPTION_MD5 & options)) { 613 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 614 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 615 /* overload cookie hash location */ 616 opts->hash_location = (__u8 *)ptr; 617 ptr += 4; 618 } 619 620 if (unlikely(opts->mss)) { 621 *ptr++ = htonl((TCPOPT_MSS << 24) | 622 (TCPOLEN_MSS << 16) | 623 opts->mss); 624 } 625 626 if (likely(OPTION_TS & options)) { 627 if (unlikely(OPTION_SACK_ADVERTISE & options)) { 628 *ptr++ = htonl((TCPOPT_SACK_PERM << 24) | 629 (TCPOLEN_SACK_PERM << 16) | 630 (TCPOPT_TIMESTAMP << 8) | 631 TCPOLEN_TIMESTAMP); 632 options &= ~OPTION_SACK_ADVERTISE; 633 } else { 634 *ptr++ = htonl((TCPOPT_NOP << 24) | 635 (TCPOPT_NOP << 16) | 636 (TCPOPT_TIMESTAMP << 8) | 637 TCPOLEN_TIMESTAMP); 638 } 639 *ptr++ = htonl(opts->tsval); 640 *ptr++ = htonl(opts->tsecr); 641 } 642 643 if (unlikely(OPTION_SACK_ADVERTISE & options)) { 644 *ptr++ = htonl((TCPOPT_NOP << 24) | 645 (TCPOPT_NOP << 16) | 646 (TCPOPT_SACK_PERM << 8) | 647 TCPOLEN_SACK_PERM); 648 } 649 650 if (unlikely(OPTION_WSCALE & options)) { 651 *ptr++ = htonl((TCPOPT_NOP << 24) | 652 (TCPOPT_WINDOW << 16) | 653 (TCPOLEN_WINDOW << 8) | 654 opts->ws); 655 } 656 657 if (unlikely(opts->num_sack_blocks)) { 658 struct tcp_sack_block *sp = tp->rx_opt.dsack ? 659 tp->duplicate_sack : tp->selective_acks; 660 int this_sack; 661 662 *ptr++ = htonl((TCPOPT_NOP << 24) | 663 (TCPOPT_NOP << 16) | 664 (TCPOPT_SACK << 8) | 665 (TCPOLEN_SACK_BASE + (opts->num_sack_blocks * 666 TCPOLEN_SACK_PERBLOCK))); 667 668 for (this_sack = 0; this_sack < opts->num_sack_blocks; 669 ++this_sack) { 670 *ptr++ = htonl(sp[this_sack].start_seq); 671 *ptr++ = htonl(sp[this_sack].end_seq); 672 } 673 674 tp->rx_opt.dsack = 0; 675 } 676 677 if (unlikely(OPTION_FAST_OPEN_COOKIE & options)) { 678 struct tcp_fastopen_cookie *foc = opts->fastopen_cookie; 679 u8 *p = (u8 *)ptr; 680 u32 len; /* Fast Open option length */ 681 682 if (foc->exp) { 683 len = TCPOLEN_EXP_FASTOPEN_BASE + foc->len; 684 *ptr = htonl((TCPOPT_EXP << 24) | (len << 16) | 685 TCPOPT_FASTOPEN_MAGIC); 686 p += TCPOLEN_EXP_FASTOPEN_BASE; 687 } else { 688 len = TCPOLEN_FASTOPEN_BASE + foc->len; 689 *p++ = TCPOPT_FASTOPEN; 690 *p++ = len; 691 } 692 693 memcpy(p, foc->val, foc->len); 694 if ((len & 3) == 2) { 695 p[foc->len] = TCPOPT_NOP; 696 p[foc->len + 1] = TCPOPT_NOP; 697 } 698 ptr += (len + 3) >> 2; 699 } 700 701 smc_options_write(ptr, &options); 702 703 mptcp_options_write(ptr, opts); 704} 705 706static void smc_set_option(const struct tcp_sock *tp, 707 struct tcp_out_options *opts, 708 unsigned int *remaining) 709{ 710#if IS_ENABLED(CONFIG_SMC) 711 if (static_branch_unlikely(&tcp_have_smc)) { 712 if (tp->syn_smc) { 713 if (*remaining >= TCPOLEN_EXP_SMC_BASE_ALIGNED) { 714 opts->options |= OPTION_SMC; 715 *remaining -= TCPOLEN_EXP_SMC_BASE_ALIGNED; 716 } 717 } 718 } 719#endif 720} 721 722static void smc_set_option_cond(const struct tcp_sock *tp, 723 const struct inet_request_sock *ireq, 724 struct tcp_out_options *opts, 725 unsigned int *remaining) 726{ 727#if IS_ENABLED(CONFIG_SMC) 728 if (static_branch_unlikely(&tcp_have_smc)) { 729 if (tp->syn_smc && ireq->smc_ok) { 730 if (*remaining >= TCPOLEN_EXP_SMC_BASE_ALIGNED) { 731 opts->options |= OPTION_SMC; 732 *remaining -= TCPOLEN_EXP_SMC_BASE_ALIGNED; 733 } 734 } 735 } 736#endif 737} 738 739static void mptcp_set_option_cond(const struct request_sock *req, 740 struct tcp_out_options *opts, 741 unsigned int *remaining) 742{ 743 if (rsk_is_mptcp(req)) { 744 unsigned int size; 745 746 if (mptcp_synack_options(req, &size, &opts->mptcp)) { 747 if (*remaining >= size) { 748 opts->options |= OPTION_MPTCP; 749 *remaining -= size; 750 } 751 } 752 } 753} 754 755/* Compute TCP options for SYN packets. This is not the final 756 * network wire format yet. 757 */ 758static unsigned int tcp_syn_options(struct sock *sk, struct sk_buff *skb, 759 struct tcp_out_options *opts, 760 struct tcp_md5sig_key **md5) 761{ 762 struct tcp_sock *tp = tcp_sk(sk); 763 unsigned int remaining = MAX_TCP_OPTION_SPACE; 764 struct tcp_fastopen_request *fastopen = tp->fastopen_req; 765 766 *md5 = NULL; 767#ifdef CONFIG_TCP_MD5SIG 768 if (static_branch_unlikely(&tcp_md5_needed) && 769 rcu_access_pointer(tp->md5sig_info)) { 770 *md5 = tp->af_specific->md5_lookup(sk, sk); 771 if (*md5) { 772 opts->options |= OPTION_MD5; 773 remaining -= TCPOLEN_MD5SIG_ALIGNED; 774 } 775 } 776#endif 777 778 /* We always get an MSS option. The option bytes which will be seen in 779 * normal data packets should timestamps be used, must be in the MSS 780 * advertised. But we subtract them from tp->mss_cache so that 781 * calculations in tcp_sendmsg are simpler etc. So account for this 782 * fact here if necessary. If we don't do this correctly, as a 783 * receiver we won't recognize data packets as being full sized when we 784 * should, and thus we won't abide by the delayed ACK rules correctly. 785 * SACKs don't matter, we never delay an ACK when we have any of those 786 * going out. */ 787 opts->mss = tcp_advertise_mss(sk); 788 remaining -= TCPOLEN_MSS_ALIGNED; 789 790 if (likely(READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_timestamps) && !*md5)) { 791 opts->options |= OPTION_TS; 792 opts->tsval = tcp_skb_timestamp(skb) + tp->tsoffset; 793 opts->tsecr = tp->rx_opt.ts_recent; 794 remaining -= TCPOLEN_TSTAMP_ALIGNED; 795 } 796 if (likely(READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_window_scaling))) { 797 opts->ws = tp->rx_opt.rcv_wscale; 798 opts->options |= OPTION_WSCALE; 799 remaining -= TCPOLEN_WSCALE_ALIGNED; 800 } 801 if (likely(READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_sack))) { 802 opts->options |= OPTION_SACK_ADVERTISE; 803 if (unlikely(!(OPTION_TS & opts->options))) 804 remaining -= TCPOLEN_SACKPERM_ALIGNED; 805 } 806 807 if (fastopen && fastopen->cookie.len >= 0) { 808 u32 need = fastopen->cookie.len; 809 810 need += fastopen->cookie.exp ? TCPOLEN_EXP_FASTOPEN_BASE : 811 TCPOLEN_FASTOPEN_BASE; 812 need = (need + 3) & ~3U; /* Align to 32 bits */ 813 if (remaining >= need) { 814 opts->options |= OPTION_FAST_OPEN_COOKIE; 815 opts->fastopen_cookie = &fastopen->cookie; 816 remaining -= need; 817 tp->syn_fastopen = 1; 818 tp->syn_fastopen_exp = fastopen->cookie.exp ? 1 : 0; 819 } 820 } 821 822 smc_set_option(tp, opts, &remaining); 823 824 if (sk_is_mptcp(sk)) { 825 unsigned int size; 826 827 if (mptcp_syn_options(sk, skb, &size, &opts->mptcp)) { 828 opts->options |= OPTION_MPTCP; 829 remaining -= size; 830 } 831 } 832 833 bpf_skops_hdr_opt_len(sk, skb, NULL, NULL, 0, opts, &remaining); 834 835 return MAX_TCP_OPTION_SPACE - remaining; 836} 837 838/* Set up TCP options for SYN-ACKs. */ 839static unsigned int tcp_synack_options(const struct sock *sk, 840 struct request_sock *req, 841 unsigned int mss, struct sk_buff *skb, 842 struct tcp_out_options *opts, 843 const struct tcp_md5sig_key *md5, 844 struct tcp_fastopen_cookie *foc, 845 enum tcp_synack_type synack_type, 846 struct sk_buff *syn_skb) 847{ 848 struct inet_request_sock *ireq = inet_rsk(req); 849 unsigned int remaining = MAX_TCP_OPTION_SPACE; 850 851#ifdef CONFIG_TCP_MD5SIG 852 if (md5) { 853 opts->options |= OPTION_MD5; 854 remaining -= TCPOLEN_MD5SIG_ALIGNED; 855 856 /* We can't fit any SACK blocks in a packet with MD5 + TS 857 * options. There was discussion about disabling SACK 858 * rather than TS in order to fit in better with old, 859 * buggy kernels, but that was deemed to be unnecessary. 860 */ 861 if (synack_type != TCP_SYNACK_COOKIE) 862 ireq->tstamp_ok &= !ireq->sack_ok; 863 } 864#endif 865 866 /* We always send an MSS option. */ 867 opts->mss = mss; 868 remaining -= TCPOLEN_MSS_ALIGNED; 869 870 if (likely(ireq->wscale_ok)) { 871 opts->ws = ireq->rcv_wscale; 872 opts->options |= OPTION_WSCALE; 873 remaining -= TCPOLEN_WSCALE_ALIGNED; 874 } 875 if (likely(ireq->tstamp_ok)) { 876 opts->options |= OPTION_TS; 877 opts->tsval = tcp_skb_timestamp(skb) + tcp_rsk(req)->ts_off; 878 opts->tsecr = READ_ONCE(req->ts_recent); 879 remaining -= TCPOLEN_TSTAMP_ALIGNED; 880 } 881 if (likely(ireq->sack_ok)) { 882 opts->options |= OPTION_SACK_ADVERTISE; 883 if (unlikely(!ireq->tstamp_ok)) 884 remaining -= TCPOLEN_SACKPERM_ALIGNED; 885 } 886 if (foc != NULL && foc->len >= 0) { 887 u32 need = foc->len; 888 889 need += foc->exp ? TCPOLEN_EXP_FASTOPEN_BASE : 890 TCPOLEN_FASTOPEN_BASE; 891 need = (need + 3) & ~3U; /* Align to 32 bits */ 892 if (remaining >= need) { 893 opts->options |= OPTION_FAST_OPEN_COOKIE; 894 opts->fastopen_cookie = foc; 895 remaining -= need; 896 } 897 } 898 899 mptcp_set_option_cond(req, opts, &remaining); 900 901 smc_set_option_cond(tcp_sk(sk), ireq, opts, &remaining); 902 903 bpf_skops_hdr_opt_len((struct sock *)sk, skb, req, syn_skb, 904 synack_type, opts, &remaining); 905 906 return MAX_TCP_OPTION_SPACE - remaining; 907} 908 909/* Compute TCP options for ESTABLISHED sockets. This is not the 910 * final wire format yet. 911 */ 912static unsigned int tcp_established_options(struct sock *sk, struct sk_buff *skb, 913 struct tcp_out_options *opts, 914 struct tcp_md5sig_key **md5) 915{ 916 struct tcp_sock *tp = tcp_sk(sk); 917 unsigned int size = 0; 918 unsigned int eff_sacks; 919 920 opts->options = 0; 921 922 *md5 = NULL; 923#ifdef CONFIG_TCP_MD5SIG 924 if (static_branch_unlikely(&tcp_md5_needed) && 925 rcu_access_pointer(tp->md5sig_info)) { 926 *md5 = tp->af_specific->md5_lookup(sk, sk); 927 if (*md5) { 928 opts->options |= OPTION_MD5; 929 size += TCPOLEN_MD5SIG_ALIGNED; 930 } 931 } 932#endif 933 934 if (likely(tp->rx_opt.tstamp_ok)) { 935 opts->options |= OPTION_TS; 936 opts->tsval = skb ? tcp_skb_timestamp(skb) + tp->tsoffset : 0; 937 opts->tsecr = tp->rx_opt.ts_recent; 938 size += TCPOLEN_TSTAMP_ALIGNED; 939 } 940 941 /* MPTCP options have precedence over SACK for the limited TCP 942 * option space because a MPTCP connection would be forced to 943 * fall back to regular TCP if a required multipath option is 944 * missing. SACK still gets a chance to use whatever space is 945 * left. 946 */ 947 if (sk_is_mptcp(sk)) { 948 unsigned int remaining = MAX_TCP_OPTION_SPACE - size; 949 unsigned int opt_size = 0; 950 951 if (mptcp_established_options(sk, skb, &opt_size, remaining, 952 &opts->mptcp)) { 953 opts->options |= OPTION_MPTCP; 954 size += opt_size; 955 } 956 } 957 958 eff_sacks = tp->rx_opt.num_sacks + tp->rx_opt.dsack; 959 if (unlikely(eff_sacks)) { 960 const unsigned int remaining = MAX_TCP_OPTION_SPACE - size; 961 if (unlikely(remaining < TCPOLEN_SACK_BASE_ALIGNED + 962 TCPOLEN_SACK_PERBLOCK)) 963 return size; 964 965 opts->num_sack_blocks = 966 min_t(unsigned int, eff_sacks, 967 (remaining - TCPOLEN_SACK_BASE_ALIGNED) / 968 TCPOLEN_SACK_PERBLOCK); 969 970 size += TCPOLEN_SACK_BASE_ALIGNED + 971 opts->num_sack_blocks * TCPOLEN_SACK_PERBLOCK; 972 } 973 974 if (unlikely(BPF_SOCK_OPS_TEST_FLAG(tp, 975 BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG))) { 976 unsigned int remaining = MAX_TCP_OPTION_SPACE - size; 977 978 bpf_skops_hdr_opt_len(sk, skb, NULL, NULL, 0, opts, &remaining); 979 980 size = MAX_TCP_OPTION_SPACE - remaining; 981 } 982 983 return size; 984} 985 986 987/* TCP SMALL QUEUES (TSQ) 988 * 989 * TSQ goal is to keep small amount of skbs per tcp flow in tx queues (qdisc+dev) 990 * to reduce RTT and bufferbloat. 991 * We do this using a special skb destructor (tcp_wfree). 992 * 993 * Its important tcp_wfree() can be replaced by sock_wfree() in the event skb 994 * needs to be reallocated in a driver. 995 * The invariant being skb->truesize subtracted from sk->sk_wmem_alloc 996 * 997 * Since transmit from skb destructor is forbidden, we use a tasklet 998 * to process all sockets that eventually need to send more skbs. 999 * We use one tasklet per cpu, with its own queue of sockets. 1000 */ 1001struct tsq_tasklet { 1002 struct tasklet_struct tasklet; 1003 struct list_head head; /* queue of tcp sockets */ 1004}; 1005static DEFINE_PER_CPU(struct tsq_tasklet, tsq_tasklet); 1006 1007static void tcp_tsq_write(struct sock *sk) 1008{ 1009 if ((1 << sk->sk_state) & 1010 (TCPF_ESTABLISHED | TCPF_FIN_WAIT1 | TCPF_CLOSING | 1011 TCPF_CLOSE_WAIT | TCPF_LAST_ACK)) { 1012 struct tcp_sock *tp = tcp_sk(sk); 1013 1014 if (tp->lost_out > tp->retrans_out && 1015 tp->snd_cwnd > tcp_packets_in_flight(tp)) { 1016 tcp_mstamp_refresh(tp); 1017 tcp_xmit_retransmit_queue(sk); 1018 } 1019 1020 tcp_write_xmit(sk, tcp_current_mss(sk), tp->nonagle, 1021 0, GFP_ATOMIC); 1022 } 1023} 1024 1025static void tcp_tsq_handler(struct sock *sk) 1026{ 1027 bh_lock_sock(sk); 1028 if (!sock_owned_by_user(sk)) 1029 tcp_tsq_write(sk); 1030 else if (!test_and_set_bit(TCP_TSQ_DEFERRED, &sk->sk_tsq_flags)) 1031 sock_hold(sk); 1032 bh_unlock_sock(sk); 1033} 1034/* 1035 * One tasklet per cpu tries to send more skbs. 1036 * We run in tasklet context but need to disable irqs when 1037 * transferring tsq->head because tcp_wfree() might 1038 * interrupt us (non NAPI drivers) 1039 */ 1040static void tcp_tasklet_func(unsigned long data) 1041{ 1042 struct tsq_tasklet *tsq = (struct tsq_tasklet *)data; 1043 LIST_HEAD(list); 1044 unsigned long flags; 1045 struct list_head *q, *n; 1046 struct tcp_sock *tp; 1047 struct sock *sk; 1048 1049 local_irq_save(flags); 1050 list_splice_init(&tsq->head, &list); 1051 local_irq_restore(flags); 1052 1053 list_for_each_safe(q, n, &list) { 1054 tp = list_entry(q, struct tcp_sock, tsq_node); 1055 list_del(&tp->tsq_node); 1056 1057 sk = (struct sock *)tp; 1058 smp_mb__before_atomic(); 1059 clear_bit(TSQ_QUEUED, &sk->sk_tsq_flags); 1060 1061 tcp_tsq_handler(sk); 1062 sk_free(sk); 1063 } 1064} 1065 1066#define TCP_DEFERRED_ALL (TCPF_TSQ_DEFERRED | \ 1067 TCPF_WRITE_TIMER_DEFERRED | \ 1068 TCPF_DELACK_TIMER_DEFERRED | \ 1069 TCPF_MTU_REDUCED_DEFERRED) 1070/** 1071 * tcp_release_cb - tcp release_sock() callback 1072 * @sk: socket 1073 * 1074 * called from release_sock() to perform protocol dependent 1075 * actions before socket release. 1076 */ 1077void tcp_release_cb(struct sock *sk) 1078{ 1079 unsigned long flags, nflags; 1080 1081 /* perform an atomic operation only if at least one flag is set */ 1082 do { 1083 flags = sk->sk_tsq_flags; 1084 if (!(flags & TCP_DEFERRED_ALL)) 1085 return; 1086 nflags = flags & ~TCP_DEFERRED_ALL; 1087 } while (cmpxchg(&sk->sk_tsq_flags, flags, nflags) != flags); 1088 1089 if (flags & TCPF_TSQ_DEFERRED) { 1090 tcp_tsq_write(sk); 1091 __sock_put(sk); 1092 } 1093 /* Here begins the tricky part : 1094 * We are called from release_sock() with : 1095 * 1) BH disabled 1096 * 2) sk_lock.slock spinlock held 1097 * 3) socket owned by us (sk->sk_lock.owned == 1) 1098 * 1099 * But following code is meant to be called from BH handlers, 1100 * so we should keep BH disabled, but early release socket ownership 1101 */ 1102 sock_release_ownership(sk); 1103 1104 if (flags & TCPF_WRITE_TIMER_DEFERRED) { 1105 tcp_write_timer_handler(sk); 1106 __sock_put(sk); 1107 } 1108 if (flags & TCPF_DELACK_TIMER_DEFERRED) { 1109 tcp_delack_timer_handler(sk); 1110 __sock_put(sk); 1111 } 1112 if (flags & TCPF_MTU_REDUCED_DEFERRED) { 1113 inet_csk(sk)->icsk_af_ops->mtu_reduced(sk); 1114 __sock_put(sk); 1115 } 1116} 1117EXPORT_SYMBOL(tcp_release_cb); 1118 1119void __init tcp_tasklet_init(void) 1120{ 1121 int i; 1122 1123 for_each_possible_cpu(i) { 1124 struct tsq_tasklet *tsq = &per_cpu(tsq_tasklet, i); 1125 1126 INIT_LIST_HEAD(&tsq->head); 1127 tasklet_init(&tsq->tasklet, 1128 tcp_tasklet_func, 1129 (unsigned long)tsq); 1130 } 1131} 1132 1133/* 1134 * Write buffer destructor automatically called from kfree_skb. 1135 * We can't xmit new skbs from this context, as we might already 1136 * hold qdisc lock. 1137 */ 1138void tcp_wfree(struct sk_buff *skb) 1139{ 1140 struct sock *sk = skb->sk; 1141 struct tcp_sock *tp = tcp_sk(sk); 1142 unsigned long flags, nval, oval; 1143 1144 /* Keep one reference on sk_wmem_alloc. 1145 * Will be released by sk_free() from here or tcp_tasklet_func() 1146 */ 1147 WARN_ON(refcount_sub_and_test(skb->truesize - 1, &sk->sk_wmem_alloc)); 1148 1149 /* If this softirq is serviced by ksoftirqd, we are likely under stress. 1150 * Wait until our queues (qdisc + devices) are drained. 1151 * This gives : 1152 * - less callbacks to tcp_write_xmit(), reducing stress (batches) 1153 * - chance for incoming ACK (processed by another cpu maybe) 1154 * to migrate this flow (skb->ooo_okay will be eventually set) 1155 */ 1156 if (refcount_read(&sk->sk_wmem_alloc) >= SKB_TRUESIZE(1) && this_cpu_ksoftirqd() == current) 1157 goto out; 1158 1159 for (oval = READ_ONCE(sk->sk_tsq_flags);; oval = nval) { 1160 struct tsq_tasklet *tsq; 1161 bool empty; 1162 1163 if (!(oval & TSQF_THROTTLED) || (oval & TSQF_QUEUED)) 1164 goto out; 1165 1166 nval = (oval & ~TSQF_THROTTLED) | TSQF_QUEUED; 1167 nval = cmpxchg(&sk->sk_tsq_flags, oval, nval); 1168 if (nval != oval) 1169 continue; 1170 1171 /* queue this socket to tasklet queue */ 1172 local_irq_save(flags); 1173 tsq = this_cpu_ptr(&tsq_tasklet); 1174 empty = list_empty(&tsq->head); 1175 list_add(&tp->tsq_node, &tsq->head); 1176 if (empty) 1177 tasklet_schedule(&tsq->tasklet); 1178 local_irq_restore(flags); 1179 return; 1180 } 1181out: 1182 sk_free(sk); 1183} 1184 1185/* Note: Called under soft irq. 1186 * We can call TCP stack right away, unless socket is owned by user. 1187 */ 1188enum hrtimer_restart tcp_pace_kick(struct hrtimer *timer) 1189{ 1190 struct tcp_sock *tp = container_of(timer, struct tcp_sock, pacing_timer); 1191 struct sock *sk = (struct sock *)tp; 1192 1193 tcp_tsq_handler(sk); 1194 sock_put(sk); 1195 1196 return HRTIMER_NORESTART; 1197} 1198 1199static void tcp_update_skb_after_send(struct sock *sk, struct sk_buff *skb, 1200 u64 prior_wstamp) 1201{ 1202 struct tcp_sock *tp = tcp_sk(sk); 1203 1204 if (sk->sk_pacing_status != SK_PACING_NONE) { 1205 unsigned long rate = sk->sk_pacing_rate; 1206 1207 /* Original sch_fq does not pace first 10 MSS 1208 * Note that tp->data_segs_out overflows after 2^32 packets, 1209 * this is a minor annoyance. 1210 */ 1211 if (rate != ~0UL && rate && tp->data_segs_out >= 10) { 1212 u64 len_ns = div64_ul((u64)skb->len * NSEC_PER_SEC, rate); 1213 u64 credit = tp->tcp_wstamp_ns - prior_wstamp; 1214 1215 /* take into account OS jitter */ 1216 len_ns -= min_t(u64, len_ns / 2, credit); 1217 tp->tcp_wstamp_ns += len_ns; 1218 } 1219 } 1220 list_move_tail(&skb->tcp_tsorted_anchor, &tp->tsorted_sent_queue); 1221} 1222 1223INDIRECT_CALLABLE_DECLARE(int ip_queue_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl)); 1224INDIRECT_CALLABLE_DECLARE(int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl)); 1225INDIRECT_CALLABLE_DECLARE(void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)); 1226 1227/* This routine actually transmits TCP packets queued in by 1228 * tcp_do_sendmsg(). This is used by both the initial 1229 * transmission and possible later retransmissions. 1230 * All SKB's seen here are completely headerless. It is our 1231 * job to build the TCP header, and pass the packet down to 1232 * IP so it can do the same plus pass the packet off to the 1233 * device. 1234 * 1235 * We are working here with either a clone of the original 1236 * SKB, or a fresh unique copy made by the retransmit engine. 1237 */ 1238static int __tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, 1239 int clone_it, gfp_t gfp_mask, u32 rcv_nxt) 1240{ 1241 const struct inet_connection_sock *icsk = inet_csk(sk); 1242 struct inet_sock *inet; 1243 struct tcp_sock *tp; 1244 struct tcp_skb_cb *tcb; 1245 struct tcp_out_options opts; 1246 unsigned int tcp_options_size, tcp_header_size; 1247 struct sk_buff *oskb = NULL; 1248 struct tcp_md5sig_key *md5; 1249 struct tcphdr *th; 1250 u64 prior_wstamp; 1251 int err; 1252 1253 BUG_ON(!skb || !tcp_skb_pcount(skb)); 1254 tp = tcp_sk(sk); 1255 prior_wstamp = tp->tcp_wstamp_ns; 1256 tp->tcp_wstamp_ns = max(tp->tcp_wstamp_ns, tp->tcp_clock_cache); 1257 skb->skb_mstamp_ns = tp->tcp_wstamp_ns; 1258 if (clone_it) { 1259 TCP_SKB_CB(skb)->tx.in_flight = TCP_SKB_CB(skb)->end_seq 1260 - tp->snd_una; 1261 oskb = skb; 1262 1263 tcp_skb_tsorted_save(oskb) { 1264 if (unlikely(skb_cloned(oskb))) 1265 skb = pskb_copy(oskb, gfp_mask); 1266 else 1267 skb = skb_clone(oskb, gfp_mask); 1268 } tcp_skb_tsorted_restore(oskb); 1269 1270 if (unlikely(!skb)) 1271 return -ENOBUFS; 1272 /* retransmit skbs might have a non zero value in skb->dev 1273 * because skb->dev is aliased with skb->rbnode.rb_left 1274 */ 1275 skb->dev = NULL; 1276 } 1277 1278 inet = inet_sk(sk); 1279 tcb = TCP_SKB_CB(skb); 1280 memset(&opts, 0, sizeof(opts)); 1281 1282 if (unlikely(tcb->tcp_flags & TCPHDR_SYN)) { 1283 tcp_options_size = tcp_syn_options(sk, skb, &opts, &md5); 1284 } else { 1285 tcp_options_size = tcp_established_options(sk, skb, &opts, 1286 &md5); 1287 /* Force a PSH flag on all (GSO) packets to expedite GRO flush 1288 * at receiver : This slightly improve GRO performance. 1289 * Note that we do not force the PSH flag for non GSO packets, 1290 * because they might be sent under high congestion events, 1291 * and in this case it is better to delay the delivery of 1-MSS 1292 * packets and thus the corresponding ACK packet that would 1293 * release the following packet. 1294 */ 1295 if (tcp_skb_pcount(skb) > 1) 1296 tcb->tcp_flags |= TCPHDR_PSH; 1297 } 1298 tcp_header_size = tcp_options_size + sizeof(struct tcphdr); 1299 1300 /* if no packet is in qdisc/device queue, then allow XPS to select 1301 * another queue. We can be called from tcp_tsq_handler() 1302 * which holds one reference to sk. 1303 * 1304 * TODO: Ideally, in-flight pure ACK packets should not matter here. 1305 * One way to get this would be to set skb->truesize = 2 on them. 1306 */ 1307 skb->ooo_okay = sk_wmem_alloc_get(sk) < SKB_TRUESIZE(1); 1308 1309 /* If we had to use memory reserve to allocate this skb, 1310 * this might cause drops if packet is looped back : 1311 * Other socket might not have SOCK_MEMALLOC. 1312 * Packets not looped back do not care about pfmemalloc. 1313 */ 1314 skb->pfmemalloc = 0; 1315 1316 skb_push(skb, tcp_header_size); 1317 skb_reset_transport_header(skb); 1318 1319 skb_orphan(skb); 1320 skb->sk = sk; 1321 skb->destructor = skb_is_tcp_pure_ack(skb) ? __sock_wfree : tcp_wfree; 1322 skb_set_hash_from_sk(skb, sk); 1323 refcount_add(skb->truesize, &sk->sk_wmem_alloc); 1324 1325 skb_set_dst_pending_confirm(skb, READ_ONCE(sk->sk_dst_pending_confirm)); 1326 1327 /* Build TCP header and checksum it. */ 1328 th = (struct tcphdr *)skb->data; 1329 th->source = inet->inet_sport; 1330 th->dest = inet->inet_dport; 1331 th->seq = htonl(tcb->seq); 1332 th->ack_seq = htonl(rcv_nxt); 1333 *(((__be16 *)th) + 6) = htons(((tcp_header_size >> 2) << 12) | 1334 tcb->tcp_flags); 1335 1336 th->check = 0; 1337 th->urg_ptr = 0; 1338 1339 /* The urg_mode check is necessary during a below snd_una win probe */ 1340 if (unlikely(tcp_urg_mode(tp) && before(tcb->seq, tp->snd_up))) { 1341 if (before(tp->snd_up, tcb->seq + 0x10000)) { 1342 th->urg_ptr = htons(tp->snd_up - tcb->seq); 1343 th->urg = 1; 1344 } else if (after(tcb->seq + 0xFFFF, tp->snd_nxt)) { 1345 th->urg_ptr = htons(0xFFFF); 1346 th->urg = 1; 1347 } 1348 } 1349 1350 tcp_options_write((__be32 *)(th + 1), tp, &opts); 1351 skb_shinfo(skb)->gso_type = sk->sk_gso_type; 1352 if (likely(!(tcb->tcp_flags & TCPHDR_SYN))) { 1353 th->window = htons(tcp_select_window(sk)); 1354 tcp_ecn_send(sk, skb, th, tcp_header_size); 1355 } else { 1356 /* RFC1323: The window in SYN & SYN/ACK segments 1357 * is never scaled. 1358 */ 1359 th->window = htons(min(tp->rcv_wnd, 65535U)); 1360 } 1361#ifdef CONFIG_TCP_MD5SIG 1362 /* Calculate the MD5 hash, as we have all we need now */ 1363 if (md5) { 1364 sk_nocaps_add(sk, NETIF_F_GSO_MASK); 1365 tp->af_specific->calc_md5_hash(opts.hash_location, 1366 md5, sk, skb); 1367 } 1368#endif 1369 1370 /* BPF prog is the last one writing header option */ 1371 bpf_skops_write_hdr_opt(sk, skb, NULL, NULL, 0, &opts); 1372 1373 INDIRECT_CALL_INET(icsk->icsk_af_ops->send_check, 1374 tcp_v6_send_check, tcp_v4_send_check, 1375 sk, skb); 1376 1377 if (likely(tcb->tcp_flags & TCPHDR_ACK)) 1378 tcp_event_ack_sent(sk, rcv_nxt); 1379 1380 if (skb->len != tcp_header_size) { 1381 tcp_event_data_sent(tp, sk); 1382 tp->data_segs_out += tcp_skb_pcount(skb); 1383 tp->bytes_sent += skb->len - tcp_header_size; 1384 } 1385 1386 if (after(tcb->end_seq, tp->snd_nxt) || tcb->seq == tcb->end_seq) 1387 TCP_ADD_STATS(sock_net(sk), TCP_MIB_OUTSEGS, 1388 tcp_skb_pcount(skb)); 1389 1390 tp->segs_out += tcp_skb_pcount(skb); 1391 /* OK, its time to fill skb_shinfo(skb)->gso_{segs|size} */ 1392 skb_shinfo(skb)->gso_segs = tcp_skb_pcount(skb); 1393 skb_shinfo(skb)->gso_size = tcp_skb_mss(skb); 1394 1395 /* Leave earliest departure time in skb->tstamp (skb->skb_mstamp_ns) */ 1396 1397 /* Cleanup our debris for IP stacks */ 1398 memset(skb->cb, 0, max(sizeof(struct inet_skb_parm), 1399 sizeof(struct inet6_skb_parm))); 1400 1401 tcp_add_tx_delay(skb, tp); 1402 1403 err = INDIRECT_CALL_INET(icsk->icsk_af_ops->queue_xmit, 1404 inet6_csk_xmit, ip_queue_xmit, 1405 sk, skb, &inet->cork.fl); 1406 1407 if (unlikely(err > 0)) { 1408 tcp_enter_cwr(sk); 1409 err = net_xmit_eval(err); 1410 } 1411 if (!err && oskb) { 1412 tcp_update_skb_after_send(sk, oskb, prior_wstamp); 1413 tcp_rate_skb_sent(sk, oskb); 1414 } 1415 return err; 1416} 1417 1418static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it, 1419 gfp_t gfp_mask) 1420{ 1421 return __tcp_transmit_skb(sk, skb, clone_it, gfp_mask, 1422 tcp_sk(sk)->rcv_nxt); 1423} 1424 1425/* This routine just queues the buffer for sending. 1426 * 1427 * NOTE: probe0 timer is not checked, do not forget tcp_push_pending_frames, 1428 * otherwise socket can stall. 1429 */ 1430static void tcp_queue_skb(struct sock *sk, struct sk_buff *skb) 1431{ 1432 struct tcp_sock *tp = tcp_sk(sk); 1433 1434 /* Advance write_seq and place onto the write_queue. */ 1435 WRITE_ONCE(tp->write_seq, TCP_SKB_CB(skb)->end_seq); 1436 __skb_header_release(skb); 1437 tcp_add_write_queue_tail(sk, skb); 1438 sk_wmem_queued_add(sk, skb->truesize); 1439 sk_mem_charge(sk, skb->truesize); 1440} 1441 1442/* Initialize TSO segments for a packet. */ 1443static void tcp_set_skb_tso_segs(struct sk_buff *skb, unsigned int mss_now) 1444{ 1445 if (skb->len <= mss_now) { 1446 /* Avoid the costly divide in the normal 1447 * non-TSO case. 1448 */ 1449 tcp_skb_pcount_set(skb, 1); 1450 TCP_SKB_CB(skb)->tcp_gso_size = 0; 1451 } else { 1452 tcp_skb_pcount_set(skb, DIV_ROUND_UP(skb->len, mss_now)); 1453 TCP_SKB_CB(skb)->tcp_gso_size = mss_now; 1454 } 1455} 1456 1457/* Pcount in the middle of the write queue got changed, we need to do various 1458 * tweaks to fix counters 1459 */ 1460static void tcp_adjust_pcount(struct sock *sk, const struct sk_buff *skb, int decr) 1461{ 1462 struct tcp_sock *tp = tcp_sk(sk); 1463 1464 tp->packets_out -= decr; 1465 1466 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED) 1467 tp->sacked_out -= decr; 1468 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS) 1469 tp->retrans_out -= decr; 1470 if (TCP_SKB_CB(skb)->sacked & TCPCB_LOST) 1471 tp->lost_out -= decr; 1472 1473 /* Reno case is special. Sigh... */ 1474 if (tcp_is_reno(tp) && decr > 0) 1475 tp->sacked_out -= min_t(u32, tp->sacked_out, decr); 1476 1477 if (tp->lost_skb_hint && 1478 before(TCP_SKB_CB(skb)->seq, TCP_SKB_CB(tp->lost_skb_hint)->seq) && 1479 (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)) 1480 tp->lost_cnt_hint -= decr; 1481 1482 tcp_verify_left_out(tp); 1483} 1484 1485static bool tcp_has_tx_tstamp(const struct sk_buff *skb) 1486{ 1487 return TCP_SKB_CB(skb)->txstamp_ack || 1488 (skb_shinfo(skb)->tx_flags & SKBTX_ANY_TSTAMP); 1489} 1490 1491static void tcp_fragment_tstamp(struct sk_buff *skb, struct sk_buff *skb2) 1492{ 1493 struct skb_shared_info *shinfo = skb_shinfo(skb); 1494 1495 if (unlikely(tcp_has_tx_tstamp(skb)) && 1496 !before(shinfo->tskey, TCP_SKB_CB(skb2)->seq)) { 1497 struct skb_shared_info *shinfo2 = skb_shinfo(skb2); 1498 u8 tsflags = shinfo->tx_flags & SKBTX_ANY_TSTAMP; 1499 1500 shinfo->tx_flags &= ~tsflags; 1501 shinfo2->tx_flags |= tsflags; 1502 swap(shinfo->tskey, shinfo2->tskey); 1503 TCP_SKB_CB(skb2)->txstamp_ack = TCP_SKB_CB(skb)->txstamp_ack; 1504 TCP_SKB_CB(skb)->txstamp_ack = 0; 1505 } 1506} 1507 1508static void tcp_skb_fragment_eor(struct sk_buff *skb, struct sk_buff *skb2) 1509{ 1510 TCP_SKB_CB(skb2)->eor = TCP_SKB_CB(skb)->eor; 1511 TCP_SKB_CB(skb)->eor = 0; 1512} 1513 1514/* Insert buff after skb on the write or rtx queue of sk. */ 1515static void tcp_insert_write_queue_after(struct sk_buff *skb, 1516 struct sk_buff *buff, 1517 struct sock *sk, 1518 enum tcp_queue tcp_queue) 1519{ 1520 if (tcp_queue == TCP_FRAG_IN_WRITE_QUEUE) 1521 __skb_queue_after(&sk->sk_write_queue, skb, buff); 1522 else 1523 tcp_rbtree_insert(&sk->tcp_rtx_queue, buff); 1524} 1525 1526/* Function to create two new TCP segments. Shrinks the given segment 1527 * to the specified size and appends a new segment with the rest of the 1528 * packet to the list. This won't be called frequently, I hope. 1529 * Remember, these are still headerless SKBs at this point. 1530 */ 1531int tcp_fragment(struct sock *sk, enum tcp_queue tcp_queue, 1532 struct sk_buff *skb, u32 len, 1533 unsigned int mss_now, gfp_t gfp) 1534{ 1535 struct tcp_sock *tp = tcp_sk(sk); 1536 struct sk_buff *buff; 1537 int nsize, old_factor; 1538 long limit; 1539 int nlen; 1540 u8 flags; 1541 1542 if (WARN_ON(len > skb->len)) 1543 return -EINVAL; 1544 1545 nsize = skb_headlen(skb) - len; 1546 if (nsize < 0) 1547 nsize = 0; 1548 1549 /* tcp_sendmsg() can overshoot sk_wmem_queued by one full size skb. 1550 * We need some allowance to not penalize applications setting small 1551 * SO_SNDBUF values. 1552 * Also allow first and last skb in retransmit queue to be split. 1553 */ 1554 limit = sk->sk_sndbuf + 2 * SKB_TRUESIZE(GSO_MAX_SIZE); 1555 if (unlikely((sk->sk_wmem_queued >> 1) > limit && 1556 tcp_queue != TCP_FRAG_IN_WRITE_QUEUE && 1557 skb != tcp_rtx_queue_head(sk) && 1558 skb != tcp_rtx_queue_tail(sk))) { 1559 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPWQUEUETOOBIG); 1560 return -ENOMEM; 1561 } 1562 1563 if (skb_unclone(skb, gfp)) 1564 return -ENOMEM; 1565 1566 /* Get a new skb... force flag on. */ 1567 buff = sk_stream_alloc_skb(sk, nsize, gfp, true); 1568 if (!buff) 1569 return -ENOMEM; /* We'll just try again later. */ 1570 skb_copy_decrypted(buff, skb); 1571 1572 sk_wmem_queued_add(sk, buff->truesize); 1573 sk_mem_charge(sk, buff->truesize); 1574 nlen = skb->len - len - nsize; 1575 buff->truesize += nlen; 1576 skb->truesize -= nlen; 1577 1578 /* Correct the sequence numbers. */ 1579 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len; 1580 TCP_SKB_CB(buff)->end_seq = TCP_SKB_CB(skb)->end_seq; 1581 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq; 1582 1583 /* PSH and FIN should only be set in the second packet. */ 1584 flags = TCP_SKB_CB(skb)->tcp_flags; 1585 TCP_SKB_CB(skb)->tcp_flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH); 1586 TCP_SKB_CB(buff)->tcp_flags = flags; 1587 TCP_SKB_CB(buff)->sacked = TCP_SKB_CB(skb)->sacked; 1588 tcp_skb_fragment_eor(skb, buff); 1589 1590 skb_split(skb, buff, len); 1591 1592 buff->ip_summed = CHECKSUM_PARTIAL; 1593 1594 buff->tstamp = skb->tstamp; 1595 tcp_fragment_tstamp(skb, buff); 1596 1597 old_factor = tcp_skb_pcount(skb); 1598 1599 /* Fix up tso_factor for both original and new SKB. */ 1600 tcp_set_skb_tso_segs(skb, mss_now); 1601 tcp_set_skb_tso_segs(buff, mss_now); 1602 1603 /* Update delivered info for the new segment */ 1604 TCP_SKB_CB(buff)->tx = TCP_SKB_CB(skb)->tx; 1605 1606 /* If this packet has been sent out already, we must 1607 * adjust the various packet counters. 1608 */ 1609 if (!before(tp->snd_nxt, TCP_SKB_CB(buff)->end_seq)) { 1610 int diff = old_factor - tcp_skb_pcount(skb) - 1611 tcp_skb_pcount(buff); 1612 1613 if (diff) 1614 tcp_adjust_pcount(sk, skb, diff); 1615 } 1616 1617 /* Link BUFF into the send queue. */ 1618 __skb_header_release(buff); 1619 tcp_insert_write_queue_after(skb, buff, sk, tcp_queue); 1620 if (tcp_queue == TCP_FRAG_IN_RTX_QUEUE) 1621 list_add(&buff->tcp_tsorted_anchor, &skb->tcp_tsorted_anchor); 1622 1623 return 0; 1624} 1625 1626/* This is similar to __pskb_pull_tail(). The difference is that pulled 1627 * data is not copied, but immediately discarded. 1628 */ 1629static int __pskb_trim_head(struct sk_buff *skb, int len) 1630{ 1631 struct skb_shared_info *shinfo; 1632 int i, k, eat; 1633 1634 eat = min_t(int, len, skb_headlen(skb)); 1635 if (eat) { 1636 __skb_pull(skb, eat); 1637 len -= eat; 1638 if (!len) 1639 return 0; 1640 } 1641 eat = len; 1642 k = 0; 1643 shinfo = skb_shinfo(skb); 1644 for (i = 0; i < shinfo->nr_frags; i++) { 1645 int size = skb_frag_size(&shinfo->frags[i]); 1646 1647 if (size <= eat) { 1648 skb_frag_unref(skb, i); 1649 eat -= size; 1650 } else { 1651 shinfo->frags[k] = shinfo->frags[i]; 1652 if (eat) { 1653 skb_frag_off_add(&shinfo->frags[k], eat); 1654 skb_frag_size_sub(&shinfo->frags[k], eat); 1655 eat = 0; 1656 } 1657 k++; 1658 } 1659 } 1660 shinfo->nr_frags = k; 1661 1662 skb->data_len -= len; 1663 skb->len = skb->data_len; 1664 return len; 1665} 1666 1667/* Remove acked data from a packet in the transmit queue. */ 1668int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len) 1669{ 1670 u32 delta_truesize; 1671 1672 if (skb_unclone(skb, GFP_ATOMIC)) 1673 return -ENOMEM; 1674 1675 delta_truesize = __pskb_trim_head(skb, len); 1676 1677 TCP_SKB_CB(skb)->seq += len; 1678 skb->ip_summed = CHECKSUM_PARTIAL; 1679 1680 if (delta_truesize) { 1681 skb->truesize -= delta_truesize; 1682 sk_wmem_queued_add(sk, -delta_truesize); 1683 sk_mem_uncharge(sk, delta_truesize); 1684 } 1685 1686 /* Any change of skb->len requires recalculation of tso factor. */ 1687 if (tcp_skb_pcount(skb) > 1) 1688 tcp_set_skb_tso_segs(skb, tcp_skb_mss(skb)); 1689 1690 return 0; 1691} 1692 1693/* Calculate MSS not accounting any TCP options. */ 1694static inline int __tcp_mtu_to_mss(struct sock *sk, int pmtu) 1695{ 1696 const struct tcp_sock *tp = tcp_sk(sk); 1697 const struct inet_connection_sock *icsk = inet_csk(sk); 1698 int mss_now; 1699 1700 /* Calculate base mss without TCP options: 1701 It is MMS_S - sizeof(tcphdr) of rfc1122 1702 */ 1703 mss_now = pmtu - icsk->icsk_af_ops->net_header_len - sizeof(struct tcphdr); 1704 1705 /* IPv6 adds a frag_hdr in case RTAX_FEATURE_ALLFRAG is set */ 1706 if (icsk->icsk_af_ops->net_frag_header_len) { 1707 const struct dst_entry *dst = __sk_dst_get(sk); 1708 1709 if (dst && dst_allfrag(dst)) 1710 mss_now -= icsk->icsk_af_ops->net_frag_header_len; 1711 } 1712 1713 /* Clamp it (mss_clamp does not include tcp options) */ 1714 if (mss_now > tp->rx_opt.mss_clamp) 1715 mss_now = tp->rx_opt.mss_clamp; 1716 1717 /* Now subtract optional transport overhead */ 1718 mss_now -= icsk->icsk_ext_hdr_len; 1719 1720 /* Then reserve room for full set of TCP options and 8 bytes of data */ 1721 mss_now = max(mss_now, 1722 READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_min_snd_mss)); 1723 return mss_now; 1724} 1725 1726/* Calculate MSS. Not accounting for SACKs here. */ 1727int tcp_mtu_to_mss(struct sock *sk, int pmtu) 1728{ 1729 /* Subtract TCP options size, not including SACKs */ 1730 return __tcp_mtu_to_mss(sk, pmtu) - 1731 (tcp_sk(sk)->tcp_header_len - sizeof(struct tcphdr)); 1732} 1733EXPORT_SYMBOL(tcp_mtu_to_mss); 1734 1735/* Inverse of above */ 1736int tcp_mss_to_mtu(struct sock *sk, int mss) 1737{ 1738 const struct tcp_sock *tp = tcp_sk(sk); 1739 const struct inet_connection_sock *icsk = inet_csk(sk); 1740 int mtu; 1741 1742 mtu = mss + 1743 tp->tcp_header_len + 1744 icsk->icsk_ext_hdr_len + 1745 icsk->icsk_af_ops->net_header_len; 1746 1747 /* IPv6 adds a frag_hdr in case RTAX_FEATURE_ALLFRAG is set */ 1748 if (icsk->icsk_af_ops->net_frag_header_len) { 1749 const struct dst_entry *dst = __sk_dst_get(sk); 1750 1751 if (dst && dst_allfrag(dst)) 1752 mtu += icsk->icsk_af_ops->net_frag_header_len; 1753 } 1754 return mtu; 1755} 1756EXPORT_SYMBOL(tcp_mss_to_mtu); 1757 1758/* MTU probing init per socket */ 1759void tcp_mtup_init(struct sock *sk) 1760{ 1761 struct tcp_sock *tp = tcp_sk(sk); 1762 struct inet_connection_sock *icsk = inet_csk(sk); 1763 struct net *net = sock_net(sk); 1764 1765 icsk->icsk_mtup.enabled = READ_ONCE(net->ipv4.sysctl_tcp_mtu_probing) > 1; 1766 icsk->icsk_mtup.search_high = tp->rx_opt.mss_clamp + sizeof(struct tcphdr) + 1767 icsk->icsk_af_ops->net_header_len; 1768 icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, READ_ONCE(net->ipv4.sysctl_tcp_base_mss)); 1769 icsk->icsk_mtup.probe_size = 0; 1770 if (icsk->icsk_mtup.enabled) 1771 icsk->icsk_mtup.probe_timestamp = tcp_jiffies32; 1772} 1773EXPORT_SYMBOL(tcp_mtup_init); 1774 1775/* This function synchronize snd mss to current pmtu/exthdr set. 1776 1777 tp->rx_opt.user_mss is mss set by user by TCP_MAXSEG. It does NOT counts 1778 for TCP options, but includes only bare TCP header. 1779 1780 tp->rx_opt.mss_clamp is mss negotiated at connection setup. 1781 It is minimum of user_mss and mss received with SYN. 1782 It also does not include TCP options. 1783 1784 inet_csk(sk)->icsk_pmtu_cookie is last pmtu, seen by this function. 1785 1786 tp->mss_cache is current effective sending mss, including 1787 all tcp options except for SACKs. It is evaluated, 1788 taking into account current pmtu, but never exceeds 1789 tp->rx_opt.mss_clamp. 1790 1791 NOTE1. rfc1122 clearly states that advertised MSS 1792 DOES NOT include either tcp or ip options. 1793 1794 NOTE2. inet_csk(sk)->icsk_pmtu_cookie and tp->mss_cache 1795 are READ ONLY outside this function. --ANK (980731) 1796 */ 1797unsigned int tcp_sync_mss(struct sock *sk, u32 pmtu) 1798{ 1799 struct tcp_sock *tp = tcp_sk(sk); 1800 struct inet_connection_sock *icsk = inet_csk(sk); 1801 int mss_now; 1802 1803 if (icsk->icsk_mtup.search_high > pmtu) 1804 icsk->icsk_mtup.search_high = pmtu; 1805 1806 mss_now = tcp_mtu_to_mss(sk, pmtu); 1807 mss_now = tcp_bound_to_half_wnd(tp, mss_now); 1808 1809 /* And store cached results */ 1810 icsk->icsk_pmtu_cookie = pmtu; 1811 if (icsk->icsk_mtup.enabled) 1812 mss_now = min(mss_now, tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low)); 1813 tp->mss_cache = mss_now; 1814 1815 return mss_now; 1816} 1817EXPORT_SYMBOL(tcp_sync_mss); 1818 1819/* Compute the current effective MSS, taking SACKs and IP options, 1820 * and even PMTU discovery events into account. 1821 */ 1822unsigned int tcp_current_mss(struct sock *sk) 1823{ 1824 const struct tcp_sock *tp = tcp_sk(sk); 1825 const struct dst_entry *dst = __sk_dst_get(sk); 1826 u32 mss_now; 1827 unsigned int header_len; 1828 struct tcp_out_options opts; 1829 struct tcp_md5sig_key *md5; 1830 1831 mss_now = tp->mss_cache; 1832 1833 if (dst) { 1834 u32 mtu = dst_mtu(dst); 1835 if (mtu != inet_csk(sk)->icsk_pmtu_cookie) 1836 mss_now = tcp_sync_mss(sk, mtu); 1837 } 1838 1839 header_len = tcp_established_options(sk, NULL, &opts, &md5) + 1840 sizeof(struct tcphdr); 1841 /* The mss_cache is sized based on tp->tcp_header_len, which assumes 1842 * some common options. If this is an odd packet (because we have SACK 1843 * blocks etc) then our calculated header_len will be different, and 1844 * we have to adjust mss_now correspondingly */ 1845 if (header_len != tp->tcp_header_len) { 1846 int delta = (int) header_len - tp->tcp_header_len; 1847 mss_now -= delta; 1848 } 1849 1850 return mss_now; 1851} 1852 1853/* RFC2861, slow part. Adjust cwnd, after it was not full during one rto. 1854 * As additional protections, we do not touch cwnd in retransmission phases, 1855 * and if application hit its sndbuf limit recently. 1856 */ 1857static void tcp_cwnd_application_limited(struct sock *sk) 1858{ 1859 struct tcp_sock *tp = tcp_sk(sk); 1860 1861 if (inet_csk(sk)->icsk_ca_state == TCP_CA_Open && 1862 sk->sk_socket && !test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { 1863 /* Limited by application or receiver window. */ 1864 u32 init_win = tcp_init_cwnd(tp, __sk_dst_get(sk)); 1865 u32 win_used = max(tp->snd_cwnd_used, init_win); 1866 if (win_used < tp->snd_cwnd) { 1867 tp->snd_ssthresh = tcp_current_ssthresh(sk); 1868 tp->snd_cwnd = (tp->snd_cwnd + win_used) >> 1; 1869 } 1870 tp->snd_cwnd_used = 0; 1871 } 1872 tp->snd_cwnd_stamp = tcp_jiffies32; 1873} 1874 1875static void tcp_cwnd_validate(struct sock *sk, bool is_cwnd_limited) 1876{ 1877 const struct tcp_congestion_ops *ca_ops = inet_csk(sk)->icsk_ca_ops; 1878 struct tcp_sock *tp = tcp_sk(sk); 1879 1880 /* Track the strongest available signal of the degree to which the cwnd 1881 * is fully utilized. If cwnd-limited then remember that fact for the 1882 * current window. If not cwnd-limited then track the maximum number of 1883 * outstanding packets in the current window. (If cwnd-limited then we 1884 * chose to not update tp->max_packets_out to avoid an extra else 1885 * clause with no functional impact.) 1886 */ 1887 if (!before(tp->snd_una, tp->cwnd_usage_seq) || 1888 is_cwnd_limited || 1889 (!tp->is_cwnd_limited && 1890 tp->packets_out > tp->max_packets_out)) { 1891 tp->is_cwnd_limited = is_cwnd_limited; 1892 tp->max_packets_out = tp->packets_out; 1893 tp->cwnd_usage_seq = tp->snd_nxt; 1894 } 1895 1896 if (tcp_is_cwnd_limited(sk)) { 1897 /* Network is feed fully. */ 1898 tp->snd_cwnd_used = 0; 1899 tp->snd_cwnd_stamp = tcp_jiffies32; 1900 } else { 1901 /* Network starves. */ 1902 if (tp->packets_out > tp->snd_cwnd_used) 1903 tp->snd_cwnd_used = tp->packets_out; 1904 1905 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_slow_start_after_idle) && 1906 (s32)(tcp_jiffies32 - tp->snd_cwnd_stamp) >= inet_csk(sk)->icsk_rto && 1907 !ca_ops->cong_control) 1908 tcp_cwnd_application_limited(sk); 1909 1910 /* The following conditions together indicate the starvation 1911 * is caused by insufficient sender buffer: 1912 * 1) just sent some data (see tcp_write_xmit) 1913 * 2) not cwnd limited (this else condition) 1914 * 3) no more data to send (tcp_write_queue_empty()) 1915 * 4) application is hitting buffer limit (SOCK_NOSPACE) 1916 */ 1917 if (tcp_write_queue_empty(sk) && sk->sk_socket && 1918 test_bit(SOCK_NOSPACE, &sk->sk_socket->flags) && 1919 (1 << sk->sk_state) & (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) 1920 tcp_chrono_start(sk, TCP_CHRONO_SNDBUF_LIMITED); 1921 } 1922} 1923 1924/* Minshall's variant of the Nagle send check. */ 1925static bool tcp_minshall_check(const struct tcp_sock *tp) 1926{ 1927 return after(tp->snd_sml, tp->snd_una) && 1928 !after(tp->snd_sml, tp->snd_nxt); 1929} 1930 1931/* Update snd_sml if this skb is under mss 1932 * Note that a TSO packet might end with a sub-mss segment 1933 * The test is really : 1934 * if ((skb->len % mss) != 0) 1935 * tp->snd_sml = TCP_SKB_CB(skb)->end_seq; 1936 * But we can avoid doing the divide again given we already have 1937 * skb_pcount = skb->len / mss_now 1938 */ 1939static void tcp_minshall_update(struct tcp_sock *tp, unsigned int mss_now, 1940 const struct sk_buff *skb) 1941{ 1942 if (skb->len < tcp_skb_pcount(skb) * mss_now) 1943 tp->snd_sml = TCP_SKB_CB(skb)->end_seq; 1944} 1945 1946/* Return false, if packet can be sent now without violation Nagle's rules: 1947 * 1. It is full sized. (provided by caller in %partial bool) 1948 * 2. Or it contains FIN. (already checked by caller) 1949 * 3. Or TCP_CORK is not set, and TCP_NODELAY is set. 1950 * 4. Or TCP_CORK is not set, and all sent packets are ACKed. 1951 * With Minshall's modification: all sent small packets are ACKed. 1952 */ 1953static bool tcp_nagle_check(bool partial, const struct tcp_sock *tp, 1954 int nonagle) 1955{ 1956 return partial && 1957 ((nonagle & TCP_NAGLE_CORK) || 1958 (!nonagle && tp->packets_out && tcp_minshall_check(tp))); 1959} 1960 1961/* Return how many segs we'd like on a TSO packet, 1962 * to send one TSO packet per ms 1963 */ 1964static u32 tcp_tso_autosize(const struct sock *sk, unsigned int mss_now, 1965 int min_tso_segs) 1966{ 1967 u32 bytes, segs; 1968 1969 bytes = min_t(unsigned long, 1970 sk->sk_pacing_rate >> READ_ONCE(sk->sk_pacing_shift), 1971 sk->sk_gso_max_size - 1 - MAX_TCP_HEADER); 1972 1973 /* Goal is to send at least one packet per ms, 1974 * not one big TSO packet every 100 ms. 1975 * This preserves ACK clocking and is consistent 1976 * with tcp_tso_should_defer() heuristic. 1977 */ 1978 segs = max_t(u32, bytes / mss_now, min_tso_segs); 1979 1980 return segs; 1981} 1982 1983/* Return the number of segments we want in the skb we are transmitting. 1984 * See if congestion control module wants to decide; otherwise, autosize. 1985 */ 1986static u32 tcp_tso_segs(struct sock *sk, unsigned int mss_now) 1987{ 1988 const struct tcp_congestion_ops *ca_ops = inet_csk(sk)->icsk_ca_ops; 1989 u32 min_tso, tso_segs; 1990 1991 min_tso = ca_ops->min_tso_segs ? 1992 ca_ops->min_tso_segs(sk) : 1993 READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_min_tso_segs); 1994 1995 tso_segs = tcp_tso_autosize(sk, mss_now, min_tso); 1996 return min_t(u32, tso_segs, sk->sk_gso_max_segs); 1997} 1998 1999/* Returns the portion of skb which can be sent right away */ 2000static unsigned int tcp_mss_split_point(const struct sock *sk, 2001 const struct sk_buff *skb, 2002 unsigned int mss_now, 2003 unsigned int max_segs, 2004 int nonagle) 2005{ 2006 const struct tcp_sock *tp = tcp_sk(sk); 2007 u32 partial, needed, window, max_len; 2008 2009 window = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq; 2010 max_len = mss_now * max_segs; 2011 2012 if (likely(max_len <= window && skb != tcp_write_queue_tail(sk))) 2013 return max_len; 2014 2015 needed = min(skb->len, window); 2016 2017 if (max_len <= needed) 2018 return max_len; 2019 2020 partial = needed % mss_now; 2021 /* If last segment is not a full MSS, check if Nagle rules allow us 2022 * to include this last segment in this skb. 2023 * Otherwise, we'll split the skb at last MSS boundary 2024 */ 2025 if (tcp_nagle_check(partial != 0, tp, nonagle)) 2026 return needed - partial; 2027 2028 return needed; 2029} 2030 2031/* Can at least one segment of SKB be sent right now, according to the 2032 * congestion window rules? If so, return how many segments are allowed. 2033 */ 2034static inline unsigned int tcp_cwnd_test(const struct tcp_sock *tp, 2035 const struct sk_buff *skb) 2036{ 2037 u32 in_flight, cwnd, halfcwnd; 2038 2039 /* Don't be strict about the congestion window for the final FIN. */ 2040 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) && 2041 tcp_skb_pcount(skb) == 1) 2042 return 1; 2043 2044 in_flight = tcp_packets_in_flight(tp); 2045 cwnd = tp->snd_cwnd; 2046 if (in_flight >= cwnd) 2047 return 0; 2048 2049 /* For better scheduling, ensure we have at least 2050 * 2 GSO packets in flight. 2051 */ 2052 halfcwnd = max(cwnd >> 1, 1U); 2053 return min(halfcwnd, cwnd - in_flight); 2054} 2055 2056/* Initialize TSO state of a skb. 2057 * This must be invoked the first time we consider transmitting 2058 * SKB onto the wire. 2059 */ 2060static int tcp_init_tso_segs(struct sk_buff *skb, unsigned int mss_now) 2061{ 2062 int tso_segs = tcp_skb_pcount(skb); 2063 2064 if (!tso_segs || (tso_segs > 1 && tcp_skb_mss(skb) != mss_now)) { 2065 tcp_set_skb_tso_segs(skb, mss_now); 2066 tso_segs = tcp_skb_pcount(skb); 2067 } 2068 return tso_segs; 2069} 2070 2071 2072/* Return true if the Nagle test allows this packet to be 2073 * sent now. 2074 */ 2075static inline bool tcp_nagle_test(const struct tcp_sock *tp, const struct sk_buff *skb, 2076 unsigned int cur_mss, int nonagle) 2077{ 2078 /* Nagle rule does not apply to frames, which sit in the middle of the 2079 * write_queue (they have no chances to get new data). 2080 * 2081 * This is implemented in the callers, where they modify the 'nonagle' 2082 * argument based upon the location of SKB in the send queue. 2083 */ 2084 if (nonagle & TCP_NAGLE_PUSH) 2085 return true; 2086 2087 /* Don't use the nagle rule for urgent data (or for the final FIN). */ 2088 if (tcp_urg_mode(tp) || (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN)) 2089 return true; 2090 2091 if (!tcp_nagle_check(skb->len < cur_mss, tp, nonagle)) 2092 return true; 2093 2094 return false; 2095} 2096 2097/* Does at least the first segment of SKB fit into the send window? */ 2098static bool tcp_snd_wnd_test(const struct tcp_sock *tp, 2099 const struct sk_buff *skb, 2100 unsigned int cur_mss) 2101{ 2102 u32 end_seq = TCP_SKB_CB(skb)->end_seq; 2103 2104 if (skb->len > cur_mss) 2105 end_seq = TCP_SKB_CB(skb)->seq + cur_mss; 2106 2107 return !after(end_seq, tcp_wnd_end(tp)); 2108} 2109 2110/* Trim TSO SKB to LEN bytes, put the remaining data into a new packet 2111 * which is put after SKB on the list. It is very much like 2112 * tcp_fragment() except that it may make several kinds of assumptions 2113 * in order to speed up the splitting operation. In particular, we 2114 * know that all the data is in scatter-gather pages, and that the 2115 * packet has never been sent out before (and thus is not cloned). 2116 */ 2117static int tso_fragment(struct sock *sk, struct sk_buff *skb, unsigned int len, 2118 unsigned int mss_now, gfp_t gfp) 2119{ 2120 int nlen = skb->len - len; 2121 struct sk_buff *buff; 2122 u8 flags; 2123 2124 /* All of a TSO frame must be composed of paged data. */ 2125 if (skb->len != skb->data_len) 2126 return tcp_fragment(sk, TCP_FRAG_IN_WRITE_QUEUE, 2127 skb, len, mss_now, gfp); 2128 2129 buff = sk_stream_alloc_skb(sk, 0, gfp, true); 2130 if (unlikely(!buff)) 2131 return -ENOMEM; 2132 skb_copy_decrypted(buff, skb); 2133 2134 sk_wmem_queued_add(sk, buff->truesize); 2135 sk_mem_charge(sk, buff->truesize); 2136 buff->truesize += nlen; 2137 skb->truesize -= nlen; 2138 2139 /* Correct the sequence numbers. */ 2140 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len; 2141 TCP_SKB_CB(buff)->end_seq = TCP_SKB_CB(skb)->end_seq; 2142 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq; 2143 2144 /* PSH and FIN should only be set in the second packet. */ 2145 flags = TCP_SKB_CB(skb)->tcp_flags; 2146 TCP_SKB_CB(skb)->tcp_flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH); 2147 TCP_SKB_CB(buff)->tcp_flags = flags; 2148 2149 /* This packet was never sent out yet, so no SACK bits. */ 2150 TCP_SKB_CB(buff)->sacked = 0; 2151 2152 tcp_skb_fragment_eor(skb, buff); 2153 2154 buff->ip_summed = CHECKSUM_PARTIAL; 2155 skb_split(skb, buff, len); 2156 tcp_fragment_tstamp(skb, buff); 2157 2158 /* Fix up tso_factor for both original and new SKB. */ 2159 tcp_set_skb_tso_segs(skb, mss_now); 2160 tcp_set_skb_tso_segs(buff, mss_now); 2161 2162 /* Link BUFF into the send queue. */ 2163 __skb_header_release(buff); 2164 tcp_insert_write_queue_after(skb, buff, sk, TCP_FRAG_IN_WRITE_QUEUE); 2165 2166 return 0; 2167} 2168 2169/* Try to defer sending, if possible, in order to minimize the amount 2170 * of TSO splitting we do. View it as a kind of TSO Nagle test. 2171 * 2172 * This algorithm is from John Heffner. 2173 */ 2174static bool tcp_tso_should_defer(struct sock *sk, struct sk_buff *skb, 2175 bool *is_cwnd_limited, 2176 bool *is_rwnd_limited, 2177 u32 max_segs) 2178{ 2179 const struct inet_connection_sock *icsk = inet_csk(sk); 2180 u32 send_win, cong_win, limit, in_flight; 2181 struct tcp_sock *tp = tcp_sk(sk); 2182 struct sk_buff *head; 2183 int win_divisor; 2184 s64 delta; 2185 2186 if (icsk->icsk_ca_state >= TCP_CA_Recovery) 2187 goto send_now; 2188 2189 /* Avoid bursty behavior by allowing defer 2190 * only if the last write was recent (1 ms). 2191 * Note that tp->tcp_wstamp_ns can be in the future if we have 2192 * packets waiting in a qdisc or device for EDT delivery. 2193 */ 2194 delta = tp->tcp_clock_cache - tp->tcp_wstamp_ns - NSEC_PER_MSEC; 2195 if (delta > 0) 2196 goto send_now; 2197 2198 in_flight = tcp_packets_in_flight(tp); 2199 2200 BUG_ON(tcp_skb_pcount(skb) <= 1); 2201 BUG_ON(tp->snd_cwnd <= in_flight); 2202 2203 send_win = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq; 2204 2205 /* From in_flight test above, we know that cwnd > in_flight. */ 2206 cong_win = (tp->snd_cwnd - in_flight) * tp->mss_cache; 2207 2208 limit = min(send_win, cong_win); 2209 2210 /* If a full-sized TSO skb can be sent, do it. */ 2211 if (limit >= max_segs * tp->mss_cache) 2212 goto send_now; 2213 2214 /* Middle in queue won't get any more data, full sendable already? */ 2215 if ((skb != tcp_write_queue_tail(sk)) && (limit >= skb->len)) 2216 goto send_now; 2217 2218 win_divisor = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_tso_win_divisor); 2219 if (win_divisor) { 2220 u32 chunk = min(tp->snd_wnd, tp->snd_cwnd * tp->mss_cache); 2221 2222 /* If at least some fraction of a window is available, 2223 * just use it. 2224 */ 2225 chunk /= win_divisor; 2226 if (limit >= chunk) 2227 goto send_now; 2228 } else { 2229 /* Different approach, try not to defer past a single 2230 * ACK. Receiver should ACK every other full sized 2231 * frame, so if we have space for more than 3 frames 2232 * then send now. 2233 */ 2234 if (limit > tcp_max_tso_deferred_mss(tp) * tp->mss_cache) 2235 goto send_now; 2236 } 2237 2238 /* TODO : use tsorted_sent_queue ? */ 2239 head = tcp_rtx_queue_head(sk); 2240 if (!head) 2241 goto send_now; 2242 delta = tp->tcp_clock_cache - head->tstamp; 2243 /* If next ACK is likely to come too late (half srtt), do not defer */ 2244 if ((s64)(delta - (u64)NSEC_PER_USEC * (tp->srtt_us >> 4)) < 0) 2245 goto send_now; 2246 2247 /* Ok, it looks like it is advisable to defer. 2248 * Three cases are tracked : 2249 * 1) We are cwnd-limited 2250 * 2) We are rwnd-limited 2251 * 3) We are application limited. 2252 */ 2253 if (cong_win < send_win) { 2254 if (cong_win <= skb->len) { 2255 *is_cwnd_limited = true; 2256 return true; 2257 } 2258 } else { 2259 if (send_win <= skb->len) { 2260 *is_rwnd_limited = true; 2261 return true; 2262 } 2263 } 2264 2265 /* If this packet won't get more data, do not wait. */ 2266 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) || 2267 TCP_SKB_CB(skb)->eor) 2268 goto send_now; 2269 2270 return true; 2271 2272send_now: 2273 return false; 2274} 2275 2276static inline void tcp_mtu_check_reprobe(struct sock *sk) 2277{ 2278 struct inet_connection_sock *icsk = inet_csk(sk); 2279 struct tcp_sock *tp = tcp_sk(sk); 2280 struct net *net = sock_net(sk); 2281 u32 interval; 2282 s32 delta; 2283 2284 interval = READ_ONCE(net->ipv4.sysctl_tcp_probe_interval); 2285 delta = tcp_jiffies32 - icsk->icsk_mtup.probe_timestamp; 2286 if (unlikely(delta >= interval * HZ)) { 2287 int mss = tcp_current_mss(sk); 2288 2289 /* Update current search range */ 2290 icsk->icsk_mtup.probe_size = 0; 2291 icsk->icsk_mtup.search_high = tp->rx_opt.mss_clamp + 2292 sizeof(struct tcphdr) + 2293 icsk->icsk_af_ops->net_header_len; 2294 icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss); 2295 2296 /* Update probe time stamp */ 2297 icsk->icsk_mtup.probe_timestamp = tcp_jiffies32; 2298 } 2299} 2300 2301static bool tcp_can_coalesce_send_queue_head(struct sock *sk, int len) 2302{ 2303 struct sk_buff *skb, *next; 2304 2305 skb = tcp_send_head(sk); 2306 tcp_for_write_queue_from_safe(skb, next, sk) { 2307 if (len <= skb->len) 2308 break; 2309 2310 if (unlikely(TCP_SKB_CB(skb)->eor) || tcp_has_tx_tstamp(skb)) 2311 return false; 2312 2313 len -= skb->len; 2314 } 2315 2316 return true; 2317} 2318 2319/* Create a new MTU probe if we are ready. 2320 * MTU probe is regularly attempting to increase the path MTU by 2321 * deliberately sending larger packets. This discovers routing 2322 * changes resulting in larger path MTUs. 2323 * 2324 * Returns 0 if we should wait to probe (no cwnd available), 2325 * 1 if a probe was sent, 2326 * -1 otherwise 2327 */ 2328static int tcp_mtu_probe(struct sock *sk) 2329{ 2330 struct inet_connection_sock *icsk = inet_csk(sk); 2331 struct tcp_sock *tp = tcp_sk(sk); 2332 struct sk_buff *skb, *nskb, *next; 2333 struct net *net = sock_net(sk); 2334 int probe_size; 2335 int size_needed; 2336 int copy, len; 2337 int mss_now; 2338 int interval; 2339 2340 /* Not currently probing/verifying, 2341 * not in recovery, 2342 * have enough cwnd, and 2343 * not SACKing (the variable headers throw things off) 2344 */ 2345 if (likely(!icsk->icsk_mtup.enabled || 2346 icsk->icsk_mtup.probe_size || 2347 inet_csk(sk)->icsk_ca_state != TCP_CA_Open || 2348 tp->snd_cwnd < 11 || 2349 tp->rx_opt.num_sacks || tp->rx_opt.dsack)) 2350 return -1; 2351 2352 /* Use binary search for probe_size between tcp_mss_base, 2353 * and current mss_clamp. if (search_high - search_low) 2354 * smaller than a threshold, backoff from probing. 2355 */ 2356 mss_now = tcp_current_mss(sk); 2357 probe_size = tcp_mtu_to_mss(sk, (icsk->icsk_mtup.search_high + 2358 icsk->icsk_mtup.search_low) >> 1); 2359 size_needed = probe_size + (tp->reordering + 1) * tp->mss_cache; 2360 interval = icsk->icsk_mtup.search_high - icsk->icsk_mtup.search_low; 2361 /* When misfortune happens, we are reprobing actively, 2362 * and then reprobe timer has expired. We stick with current 2363 * probing process by not resetting search range to its orignal. 2364 */ 2365 if (probe_size > tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_high) || 2366 interval < READ_ONCE(net->ipv4.sysctl_tcp_probe_threshold)) { 2367 /* Check whether enough time has elaplased for 2368 * another round of probing. 2369 */ 2370 tcp_mtu_check_reprobe(sk); 2371 return -1; 2372 } 2373 2374 /* Have enough data in the send queue to probe? */ 2375 if (tp->write_seq - tp->snd_nxt < size_needed) 2376 return -1; 2377 2378 if (tp->snd_wnd < size_needed) 2379 return -1; 2380 if (after(tp->snd_nxt + size_needed, tcp_wnd_end(tp))) 2381 return 0; 2382 2383 /* Do we need to wait to drain cwnd? With none in flight, don't stall */ 2384 if (tcp_packets_in_flight(tp) + 2 > tp->snd_cwnd) { 2385 if (!tcp_packets_in_flight(tp)) 2386 return -1; 2387 else 2388 return 0; 2389 } 2390 2391 if (!tcp_can_coalesce_send_queue_head(sk, probe_size)) 2392 return -1; 2393 2394 /* We're allowed to probe. Build it now. */ 2395 nskb = sk_stream_alloc_skb(sk, probe_size, GFP_ATOMIC, false); 2396 if (!nskb) 2397 return -1; 2398 sk_wmem_queued_add(sk, nskb->truesize); 2399 sk_mem_charge(sk, nskb->truesize); 2400 2401 skb = tcp_send_head(sk); 2402 skb_copy_decrypted(nskb, skb); 2403 2404 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq; 2405 TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size; 2406 TCP_SKB_CB(nskb)->tcp_flags = TCPHDR_ACK; 2407 TCP_SKB_CB(nskb)->sacked = 0; 2408 nskb->csum = 0; 2409 nskb->ip_summed = CHECKSUM_PARTIAL; 2410 2411 tcp_insert_write_queue_before(nskb, skb, sk); 2412 tcp_highest_sack_replace(sk, skb, nskb); 2413 2414 len = 0; 2415 tcp_for_write_queue_from_safe(skb, next, sk) { 2416 copy = min_t(int, skb->len, probe_size - len); 2417 skb_copy_bits(skb, 0, skb_put(nskb, copy), copy); 2418 2419 if (skb->len <= copy) { 2420 /* We've eaten all the data from this skb. 2421 * Throw it away. */ 2422 TCP_SKB_CB(nskb)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags; 2423 /* If this is the last SKB we copy and eor is set 2424 * we need to propagate it to the new skb. 2425 */ 2426 TCP_SKB_CB(nskb)->eor = TCP_SKB_CB(skb)->eor; 2427 tcp_skb_collapse_tstamp(nskb, skb); 2428 tcp_unlink_write_queue(skb, sk); 2429 sk_wmem_free_skb(sk, skb); 2430 } else { 2431 TCP_SKB_CB(nskb)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags & 2432 ~(TCPHDR_FIN|TCPHDR_PSH); 2433 if (!skb_shinfo(skb)->nr_frags) { 2434 skb_pull(skb, copy); 2435 } else { 2436 __pskb_trim_head(skb, copy); 2437 tcp_set_skb_tso_segs(skb, mss_now); 2438 } 2439 TCP_SKB_CB(skb)->seq += copy; 2440 } 2441 2442 len += copy; 2443 2444 if (len >= probe_size) 2445 break; 2446 } 2447 tcp_init_tso_segs(nskb, nskb->len); 2448 2449 /* We're ready to send. If this fails, the probe will 2450 * be resegmented into mss-sized pieces by tcp_write_xmit(). 2451 */ 2452 if (!tcp_transmit_skb(sk, nskb, 1, GFP_ATOMIC)) { 2453 /* Decrement cwnd here because we are sending 2454 * effectively two packets. */ 2455 tp->snd_cwnd--; 2456 tcp_event_new_data_sent(sk, nskb); 2457 2458 icsk->icsk_mtup.probe_size = tcp_mss_to_mtu(sk, nskb->len); 2459 tp->mtu_probe.probe_seq_start = TCP_SKB_CB(nskb)->seq; 2460 tp->mtu_probe.probe_seq_end = TCP_SKB_CB(nskb)->end_seq; 2461 2462 return 1; 2463 } 2464 2465 return -1; 2466} 2467 2468static bool tcp_pacing_check(struct sock *sk) 2469{ 2470 struct tcp_sock *tp = tcp_sk(sk); 2471 2472 if (!tcp_needs_internal_pacing(sk)) 2473 return false; 2474 2475 if (tp->tcp_wstamp_ns <= tp->tcp_clock_cache) 2476 return false; 2477 2478 if (!hrtimer_is_queued(&tp->pacing_timer)) { 2479 hrtimer_start(&tp->pacing_timer, 2480 ns_to_ktime(tp->tcp_wstamp_ns), 2481 HRTIMER_MODE_ABS_PINNED_SOFT); 2482 sock_hold(sk); 2483 } 2484 return true; 2485} 2486 2487static bool tcp_rtx_queue_empty_or_single_skb(const struct sock *sk) 2488{ 2489 const struct rb_node *node = sk->tcp_rtx_queue.rb_node; 2490 2491 /* No skb in the rtx queue. */ 2492 if (!node) 2493 return true; 2494 2495 /* Only one skb in rtx queue. */ 2496 return !node->rb_left && !node->rb_right; 2497} 2498 2499/* TCP Small Queues : 2500 * Control number of packets in qdisc/devices to two packets / or ~1 ms. 2501 * (These limits are doubled for retransmits) 2502 * This allows for : 2503 * - better RTT estimation and ACK scheduling 2504 * - faster recovery 2505 * - high rates 2506 * Alas, some drivers / subsystems require a fair amount 2507 * of queued bytes to ensure line rate. 2508 * One example is wifi aggregation (802.11 AMPDU) 2509 */ 2510static bool tcp_small_queue_check(struct sock *sk, const struct sk_buff *skb, 2511 unsigned int factor) 2512{ 2513 unsigned long limit; 2514 2515 limit = max_t(unsigned long, 2516 2 * skb->truesize, 2517 sk->sk_pacing_rate >> READ_ONCE(sk->sk_pacing_shift)); 2518 if (sk->sk_pacing_status == SK_PACING_NONE) 2519 limit = min_t(unsigned long, limit, 2520 READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_limit_output_bytes)); 2521 limit <<= factor; 2522 2523 if (static_branch_unlikely(&tcp_tx_delay_enabled) && 2524 tcp_sk(sk)->tcp_tx_delay) { 2525 u64 extra_bytes = (u64)sk->sk_pacing_rate * tcp_sk(sk)->tcp_tx_delay; 2526 2527 /* TSQ is based on skb truesize sum (sk_wmem_alloc), so we 2528 * approximate our needs assuming an ~100% skb->truesize overhead. 2529 * USEC_PER_SEC is approximated by 2^20. 2530 * do_div(extra_bytes, USEC_PER_SEC/2) is replaced by a right shift. 2531 */ 2532 extra_bytes >>= (20 - 1); 2533 limit += extra_bytes; 2534 } 2535 if (refcount_read(&sk->sk_wmem_alloc) > limit) { 2536 /* Always send skb if rtx queue is empty or has one skb. 2537 * No need to wait for TX completion to call us back, 2538 * after softirq/tasklet schedule. 2539 * This helps when TX completions are delayed too much. 2540 */ 2541 if (tcp_rtx_queue_empty_or_single_skb(sk)) 2542 return false; 2543 2544 set_bit(TSQ_THROTTLED, &sk->sk_tsq_flags); 2545 /* It is possible TX completion already happened 2546 * before we set TSQ_THROTTLED, so we must 2547 * test again the condition. 2548 */ 2549 smp_mb__after_atomic(); 2550 if (refcount_read(&sk->sk_wmem_alloc) > limit) 2551 return true; 2552 } 2553 return false; 2554} 2555 2556static void tcp_chrono_set(struct tcp_sock *tp, const enum tcp_chrono new) 2557{ 2558 const u32 now = tcp_jiffies32; 2559 enum tcp_chrono old = tp->chrono_type; 2560 2561 if (old > TCP_CHRONO_UNSPEC) 2562 tp->chrono_stat[old - 1] += now - tp->chrono_start; 2563 tp->chrono_start = now; 2564 tp->chrono_type = new; 2565} 2566 2567void tcp_chrono_start(struct sock *sk, const enum tcp_chrono type) 2568{ 2569 struct tcp_sock *tp = tcp_sk(sk); 2570 2571 /* If there are multiple conditions worthy of tracking in a 2572 * chronograph then the highest priority enum takes precedence 2573 * over the other conditions. So that if something "more interesting" 2574 * starts happening, stop the previous chrono and start a new one. 2575 */ 2576 if (type > tp->chrono_type) 2577 tcp_chrono_set(tp, type); 2578} 2579 2580void tcp_chrono_stop(struct sock *sk, const enum tcp_chrono type) 2581{ 2582 struct tcp_sock *tp = tcp_sk(sk); 2583 2584 2585 /* There are multiple conditions worthy of tracking in a 2586 * chronograph, so that the highest priority enum takes 2587 * precedence over the other conditions (see tcp_chrono_start). 2588 * If a condition stops, we only stop chrono tracking if 2589 * it's the "most interesting" or current chrono we are 2590 * tracking and starts busy chrono if we have pending data. 2591 */ 2592 if (tcp_rtx_and_write_queues_empty(sk)) 2593 tcp_chrono_set(tp, TCP_CHRONO_UNSPEC); 2594 else if (type == tp->chrono_type) 2595 tcp_chrono_set(tp, TCP_CHRONO_BUSY); 2596} 2597 2598/* This routine writes packets to the network. It advances the 2599 * send_head. This happens as incoming acks open up the remote 2600 * window for us. 2601 * 2602 * LARGESEND note: !tcp_urg_mode is overkill, only frames between 2603 * snd_up-64k-mss .. snd_up cannot be large. However, taking into 2604 * account rare use of URG, this is not a big flaw. 2605 * 2606 * Send at most one packet when push_one > 0. Temporarily ignore 2607 * cwnd limit to force at most one packet out when push_one == 2. 2608 2609 * Returns true, if no segments are in flight and we have queued segments, 2610 * but cannot send anything now because of SWS or another problem. 2611 */ 2612static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle, 2613 int push_one, gfp_t gfp) 2614{ 2615 struct tcp_sock *tp = tcp_sk(sk); 2616 struct sk_buff *skb; 2617 unsigned int tso_segs, sent_pkts; 2618 int cwnd_quota; 2619 int result; 2620 bool is_cwnd_limited = false, is_rwnd_limited = false; 2621 u32 max_segs; 2622 2623 sent_pkts = 0; 2624 2625 tcp_mstamp_refresh(tp); 2626 if (!push_one) { 2627 /* Do MTU probing. */ 2628 result = tcp_mtu_probe(sk); 2629 if (!result) { 2630 return false; 2631 } else if (result > 0) { 2632 sent_pkts = 1; 2633 } 2634 } 2635 2636 max_segs = tcp_tso_segs(sk, mss_now); 2637 while ((skb = tcp_send_head(sk))) { 2638 unsigned int limit; 2639 2640 if (unlikely(tp->repair) && tp->repair_queue == TCP_SEND_QUEUE) { 2641 /* "skb_mstamp_ns" is used as a start point for the retransmit timer */ 2642 skb->skb_mstamp_ns = tp->tcp_wstamp_ns = tp->tcp_clock_cache; 2643 list_move_tail(&skb->tcp_tsorted_anchor, &tp->tsorted_sent_queue); 2644 tcp_init_tso_segs(skb, mss_now); 2645 goto repair; /* Skip network transmission */ 2646 } 2647 2648 if (tcp_pacing_check(sk)) 2649 break; 2650 2651 tso_segs = tcp_init_tso_segs(skb, mss_now); 2652 BUG_ON(!tso_segs); 2653 2654 cwnd_quota = tcp_cwnd_test(tp, skb); 2655 if (!cwnd_quota) { 2656 if (push_one == 2) 2657 /* Force out a loss probe pkt. */ 2658 cwnd_quota = 1; 2659 else 2660 break; 2661 } 2662 2663 if (unlikely(!tcp_snd_wnd_test(tp, skb, mss_now))) { 2664 is_rwnd_limited = true; 2665 break; 2666 } 2667 2668 if (tso_segs == 1) { 2669 if (unlikely(!tcp_nagle_test(tp, skb, mss_now, 2670 (tcp_skb_is_last(sk, skb) ? 2671 nonagle : TCP_NAGLE_PUSH)))) 2672 break; 2673 } else { 2674 if (!push_one && 2675 tcp_tso_should_defer(sk, skb, &is_cwnd_limited, 2676 &is_rwnd_limited, max_segs)) 2677 break; 2678 } 2679 2680 limit = mss_now; 2681 if (tso_segs > 1 && !tcp_urg_mode(tp)) 2682 limit = tcp_mss_split_point(sk, skb, mss_now, 2683 min_t(unsigned int, 2684 cwnd_quota, 2685 max_segs), 2686 nonagle); 2687 2688 if (skb->len > limit && 2689 unlikely(tso_fragment(sk, skb, limit, mss_now, gfp))) 2690 break; 2691 2692 if (tcp_small_queue_check(sk, skb, 0)) 2693 break; 2694 2695 /* Argh, we hit an empty skb(), presumably a thread 2696 * is sleeping in sendmsg()/sk_stream_wait_memory(). 2697 * We do not want to send a pure-ack packet and have 2698 * a strange looking rtx queue with empty packet(s). 2699 */ 2700 if (TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq) 2701 break; 2702 2703 if (unlikely(tcp_transmit_skb(sk, skb, 1, gfp))) 2704 break; 2705 2706repair: 2707 /* Advance the send_head. This one is sent out. 2708 * This call will increment packets_out. 2709 */ 2710 tcp_event_new_data_sent(sk, skb); 2711 2712 tcp_minshall_update(tp, mss_now, skb); 2713 sent_pkts += tcp_skb_pcount(skb); 2714 2715 if (push_one) 2716 break; 2717 } 2718 2719 if (is_rwnd_limited) 2720 tcp_chrono_start(sk, TCP_CHRONO_RWND_LIMITED); 2721 else 2722 tcp_chrono_stop(sk, TCP_CHRONO_RWND_LIMITED); 2723 2724 is_cwnd_limited |= (tcp_packets_in_flight(tp) >= tp->snd_cwnd); 2725 if (likely(sent_pkts || is_cwnd_limited)) 2726 tcp_cwnd_validate(sk, is_cwnd_limited); 2727 2728 if (likely(sent_pkts)) { 2729 if (tcp_in_cwnd_reduction(sk)) 2730 tp->prr_out += sent_pkts; 2731 2732 /* Send one loss probe per tail loss episode. */ 2733 if (push_one != 2) 2734 tcp_schedule_loss_probe(sk, false); 2735 return false; 2736 } 2737 return !tp->packets_out && !tcp_write_queue_empty(sk); 2738} 2739 2740bool tcp_schedule_loss_probe(struct sock *sk, bool advancing_rto) 2741{ 2742 struct inet_connection_sock *icsk = inet_csk(sk); 2743 struct tcp_sock *tp = tcp_sk(sk); 2744 u32 timeout, timeout_us, rto_delta_us; 2745 int early_retrans; 2746 2747 /* Don't do any loss probe on a Fast Open connection before 3WHS 2748 * finishes. 2749 */ 2750 if (rcu_access_pointer(tp->fastopen_rsk)) 2751 return false; 2752 2753 early_retrans = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_early_retrans); 2754 /* Schedule a loss probe in 2*RTT for SACK capable connections 2755 * not in loss recovery, that are either limited by cwnd or application. 2756 */ 2757 if ((early_retrans != 3 && early_retrans != 4) || 2758 !tp->packets_out || !tcp_is_sack(tp) || 2759 (icsk->icsk_ca_state != TCP_CA_Open && 2760 icsk->icsk_ca_state != TCP_CA_CWR)) 2761 return false; 2762 2763 /* Probe timeout is 2*rtt. Add minimum RTO to account 2764 * for delayed ack when there's one outstanding packet. If no RTT 2765 * sample is available then probe after TCP_TIMEOUT_INIT. 2766 */ 2767 if (tp->srtt_us) { 2768 timeout_us = tp->srtt_us >> 2; 2769 if (tp->packets_out == 1) 2770 timeout_us += tcp_rto_min_us(sk); 2771 else 2772 timeout_us += TCP_TIMEOUT_MIN_US; 2773 timeout = usecs_to_jiffies(timeout_us); 2774 } else { 2775 timeout = TCP_TIMEOUT_INIT; 2776 } 2777 2778 /* If the RTO formula yields an earlier time, then use that time. */ 2779 rto_delta_us = advancing_rto ? 2780 jiffies_to_usecs(inet_csk(sk)->icsk_rto) : 2781 tcp_rto_delta_us(sk); /* How far in future is RTO? */ 2782 if (rto_delta_us > 0) 2783 timeout = min_t(u32, timeout, usecs_to_jiffies(rto_delta_us)); 2784 2785 tcp_reset_xmit_timer(sk, ICSK_TIME_LOSS_PROBE, timeout, TCP_RTO_MAX); 2786 return true; 2787} 2788 2789/* Thanks to skb fast clones, we can detect if a prior transmit of 2790 * a packet is still in a qdisc or driver queue. 2791 * In this case, there is very little point doing a retransmit ! 2792 */ 2793static bool skb_still_in_host_queue(const struct sock *sk, 2794 const struct sk_buff *skb) 2795{ 2796 if (unlikely(skb_fclone_busy(sk, skb))) { 2797 NET_INC_STATS(sock_net(sk), 2798 LINUX_MIB_TCPSPURIOUS_RTX_HOSTQUEUES); 2799 return true; 2800 } 2801 return false; 2802} 2803 2804/* When probe timeout (PTO) fires, try send a new segment if possible, else 2805 * retransmit the last segment. 2806 */ 2807void tcp_send_loss_probe(struct sock *sk) 2808{ 2809 struct tcp_sock *tp = tcp_sk(sk); 2810 struct sk_buff *skb; 2811 int pcount; 2812 int mss = tcp_current_mss(sk); 2813 2814 /* At most one outstanding TLP */ 2815 if (tp->tlp_high_seq) 2816 goto rearm_timer; 2817 2818 tp->tlp_retrans = 0; 2819 skb = tcp_send_head(sk); 2820 if (skb && tcp_snd_wnd_test(tp, skb, mss)) { 2821 pcount = tp->packets_out; 2822 tcp_write_xmit(sk, mss, TCP_NAGLE_OFF, 2, GFP_ATOMIC); 2823 if (tp->packets_out > pcount) 2824 goto probe_sent; 2825 goto rearm_timer; 2826 } 2827 skb = skb_rb_last(&sk->tcp_rtx_queue); 2828 if (unlikely(!skb)) { 2829 WARN_ONCE(tp->packets_out, 2830 "invalid inflight: %u state %u cwnd %u mss %d\n", 2831 tp->packets_out, sk->sk_state, tp->snd_cwnd, mss); 2832 inet_csk(sk)->icsk_pending = 0; 2833 return; 2834 } 2835 2836 if (skb_still_in_host_queue(sk, skb)) 2837 goto rearm_timer; 2838 2839 pcount = tcp_skb_pcount(skb); 2840 if (WARN_ON(!pcount)) 2841 goto rearm_timer; 2842 2843 if ((pcount > 1) && (skb->len > (pcount - 1) * mss)) { 2844 if (unlikely(tcp_fragment(sk, TCP_FRAG_IN_RTX_QUEUE, skb, 2845 (pcount - 1) * mss, mss, 2846 GFP_ATOMIC))) 2847 goto rearm_timer; 2848 skb = skb_rb_next(skb); 2849 } 2850 2851 if (WARN_ON(!skb || !tcp_skb_pcount(skb))) 2852 goto rearm_timer; 2853 2854 if (__tcp_retransmit_skb(sk, skb, 1)) 2855 goto rearm_timer; 2856 2857 tp->tlp_retrans = 1; 2858 2859probe_sent: 2860 /* Record snd_nxt for loss detection. */ 2861 tp->tlp_high_seq = tp->snd_nxt; 2862 2863 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPLOSSPROBES); 2864 /* Reset s.t. tcp_rearm_rto will restart timer from now */ 2865 inet_csk(sk)->icsk_pending = 0; 2866rearm_timer: 2867 tcp_rearm_rto(sk); 2868} 2869 2870/* Push out any pending frames which were held back due to 2871 * TCP_CORK or attempt at coalescing tiny packets. 2872 * The socket must be locked by the caller. 2873 */ 2874void __tcp_push_pending_frames(struct sock *sk, unsigned int cur_mss, 2875 int nonagle) 2876{ 2877 /* If we are closed, the bytes will have to remain here. 2878 * In time closedown will finish, we empty the write queue and 2879 * all will be happy. 2880 */ 2881 if (unlikely(sk->sk_state == TCP_CLOSE)) 2882 return; 2883 2884 if (tcp_write_xmit(sk, cur_mss, nonagle, 0, 2885 sk_gfp_mask(sk, GFP_ATOMIC))) 2886 tcp_check_probe_timer(sk); 2887} 2888 2889/* Send _single_ skb sitting at the send head. This function requires 2890 * true push pending frames to setup probe timer etc. 2891 */ 2892void tcp_push_one(struct sock *sk, unsigned int mss_now) 2893{ 2894 struct sk_buff *skb = tcp_send_head(sk); 2895 2896 BUG_ON(!skb || skb->len < mss_now); 2897 2898 tcp_write_xmit(sk, mss_now, TCP_NAGLE_PUSH, 1, sk->sk_allocation); 2899} 2900 2901/* This function returns the amount that we can raise the 2902 * usable window based on the following constraints 2903 * 2904 * 1. The window can never be shrunk once it is offered (RFC 793) 2905 * 2. We limit memory per socket 2906 * 2907 * RFC 1122: 2908 * "the suggested [SWS] avoidance algorithm for the receiver is to keep 2909 * RECV.NEXT + RCV.WIN fixed until: 2910 * RCV.BUFF - RCV.USER - RCV.WINDOW >= min(1/2 RCV.BUFF, MSS)" 2911 * 2912 * i.e. don't raise the right edge of the window until you can raise 2913 * it at least MSS bytes. 2914 * 2915 * Unfortunately, the recommended algorithm breaks header prediction, 2916 * since header prediction assumes th->window stays fixed. 2917 * 2918 * Strictly speaking, keeping th->window fixed violates the receiver 2919 * side SWS prevention criteria. The problem is that under this rule 2920 * a stream of single byte packets will cause the right side of the 2921 * window to always advance by a single byte. 2922 * 2923 * Of course, if the sender implements sender side SWS prevention 2924 * then this will not be a problem. 2925 * 2926 * BSD seems to make the following compromise: 2927 * 2928 * If the free space is less than the 1/4 of the maximum 2929 * space available and the free space is less than 1/2 mss, 2930 * then set the window to 0. 2931 * [ Actually, bsd uses MSS and 1/4 of maximal _window_ ] 2932 * Otherwise, just prevent the window from shrinking 2933 * and from being larger than the largest representable value. 2934 * 2935 * This prevents incremental opening of the window in the regime 2936 * where TCP is limited by the speed of the reader side taking 2937 * data out of the TCP receive queue. It does nothing about 2938 * those cases where the window is constrained on the sender side 2939 * because the pipeline is full. 2940 * 2941 * BSD also seems to "accidentally" limit itself to windows that are a 2942 * multiple of MSS, at least until the free space gets quite small. 2943 * This would appear to be a side effect of the mbuf implementation. 2944 * Combining these two algorithms results in the observed behavior 2945 * of having a fixed window size at almost all times. 2946 * 2947 * Below we obtain similar behavior by forcing the offered window to 2948 * a multiple of the mss when it is feasible to do so. 2949 * 2950 * Note, we don't "adjust" for TIMESTAMP or SACK option bytes. 2951 * Regular options like TIMESTAMP are taken into account. 2952 */ 2953u32 __tcp_select_window(struct sock *sk) 2954{ 2955 struct inet_connection_sock *icsk = inet_csk(sk); 2956 struct tcp_sock *tp = tcp_sk(sk); 2957 /* MSS for the peer's data. Previous versions used mss_clamp 2958 * here. I don't know if the value based on our guesses 2959 * of peer's MSS is better for the performance. It's more correct 2960 * but may be worse for the performance because of rcv_mss 2961 * fluctuations. --SAW 1998/11/1 2962 */ 2963 int mss = icsk->icsk_ack.rcv_mss; 2964 int free_space = tcp_space(sk); 2965 int allowed_space = tcp_full_space(sk); 2966 int full_space, window; 2967 2968 if (sk_is_mptcp(sk)) 2969 mptcp_space(sk, &free_space, &allowed_space); 2970 2971 full_space = min_t(int, tp->window_clamp, allowed_space); 2972 2973 if (unlikely(mss > full_space)) { 2974 mss = full_space; 2975 if (mss <= 0) 2976 return 0; 2977 } 2978 if (free_space < (full_space >> 1)) { 2979 icsk->icsk_ack.quick = 0; 2980 2981 if (tcp_under_memory_pressure(sk)) 2982 tp->rcv_ssthresh = min(tp->rcv_ssthresh, 2983 4U * tp->advmss); 2984 2985 /* free_space might become our new window, make sure we don't 2986 * increase it due to wscale. 2987 */ 2988 free_space = round_down(free_space, 1 << tp->rx_opt.rcv_wscale); 2989 2990 /* if free space is less than mss estimate, or is below 1/16th 2991 * of the maximum allowed, try to move to zero-window, else 2992 * tcp_clamp_window() will grow rcv buf up to tcp_rmem[2], and 2993 * new incoming data is dropped due to memory limits. 2994 * With large window, mss test triggers way too late in order 2995 * to announce zero window in time before rmem limit kicks in. 2996 */ 2997 if (free_space < (allowed_space >> 4) || free_space < mss) 2998 return 0; 2999 } 3000 3001 if (free_space > tp->rcv_ssthresh) 3002 free_space = tp->rcv_ssthresh; 3003 3004 /* Don't do rounding if we are using window scaling, since the 3005 * scaled window will not line up with the MSS boundary anyway. 3006 */ 3007 if (tp->rx_opt.rcv_wscale) { 3008 window = free_space; 3009 3010 /* Advertise enough space so that it won't get scaled away. 3011 * Import case: prevent zero window announcement if 3012 * 1<<rcv_wscale > mss. 3013 */ 3014 window = ALIGN(window, (1 << tp->rx_opt.rcv_wscale)); 3015 } else { 3016 window = tp->rcv_wnd; 3017 /* Get the largest window that is a nice multiple of mss. 3018 * Window clamp already applied above. 3019 * If our current window offering is within 1 mss of the 3020 * free space we just keep it. This prevents the divide 3021 * and multiply from happening most of the time. 3022 * We also don't do any window rounding when the free space 3023 * is too small. 3024 */ 3025 if (window <= free_space - mss || window > free_space) 3026 window = rounddown(free_space, mss); 3027 else if (mss == full_space && 3028 free_space > window + (full_space >> 1)) 3029 window = free_space; 3030 } 3031 3032 return window; 3033} 3034 3035void tcp_skb_collapse_tstamp(struct sk_buff *skb, 3036 const struct sk_buff *next_skb) 3037{ 3038 if (unlikely(tcp_has_tx_tstamp(next_skb))) { 3039 const struct skb_shared_info *next_shinfo = 3040 skb_shinfo(next_skb); 3041 struct skb_shared_info *shinfo = skb_shinfo(skb); 3042 3043 shinfo->tx_flags |= next_shinfo->tx_flags & SKBTX_ANY_TSTAMP; 3044 shinfo->tskey = next_shinfo->tskey; 3045 TCP_SKB_CB(skb)->txstamp_ack |= 3046 TCP_SKB_CB(next_skb)->txstamp_ack; 3047 } 3048} 3049 3050/* Collapses two adjacent SKB's during retransmission. */ 3051static bool tcp_collapse_retrans(struct sock *sk, struct sk_buff *skb) 3052{ 3053 struct tcp_sock *tp = tcp_sk(sk); 3054 struct sk_buff *next_skb = skb_rb_next(skb); 3055 int next_skb_size; 3056 3057 next_skb_size = next_skb->len; 3058 3059 BUG_ON(tcp_skb_pcount(skb) != 1 || tcp_skb_pcount(next_skb) != 1); 3060 3061 if (next_skb_size) { 3062 if (next_skb_size <= skb_availroom(skb)) 3063 skb_copy_bits(next_skb, 0, skb_put(skb, next_skb_size), 3064 next_skb_size); 3065 else if (!tcp_skb_shift(skb, next_skb, 1, next_skb_size)) 3066 return false; 3067 } 3068 tcp_highest_sack_replace(sk, next_skb, skb); 3069 3070 /* Update sequence range on original skb. */ 3071 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(next_skb)->end_seq; 3072 3073 /* Merge over control information. This moves PSH/FIN etc. over */ 3074 TCP_SKB_CB(skb)->tcp_flags |= TCP_SKB_CB(next_skb)->tcp_flags; 3075 3076 /* All done, get rid of second SKB and account for it so 3077 * packet counting does not break. 3078 */ 3079 TCP_SKB_CB(skb)->sacked |= TCP_SKB_CB(next_skb)->sacked & TCPCB_EVER_RETRANS; 3080 TCP_SKB_CB(skb)->eor = TCP_SKB_CB(next_skb)->eor; 3081 3082 /* changed transmit queue under us so clear hints */ 3083 tcp_clear_retrans_hints_partial(tp); 3084 if (next_skb == tp->retransmit_skb_hint) 3085 tp->retransmit_skb_hint = skb; 3086 3087 tcp_adjust_pcount(sk, next_skb, tcp_skb_pcount(next_skb)); 3088 3089 tcp_skb_collapse_tstamp(skb, next_skb); 3090 3091 tcp_rtx_queue_unlink_and_free(next_skb, sk); 3092 return true; 3093} 3094 3095/* Check if coalescing SKBs is legal. */ 3096static bool tcp_can_collapse(const struct sock *sk, const struct sk_buff *skb) 3097{ 3098 if (tcp_skb_pcount(skb) > 1) 3099 return false; 3100 if (skb_cloned(skb)) 3101 return false; 3102 /* Some heuristics for collapsing over SACK'd could be invented */ 3103 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED) 3104 return false; 3105 3106 return true; 3107} 3108 3109/* Collapse packets in the retransmit queue to make to create 3110 * less packets on the wire. This is only done on retransmission. 3111 */ 3112static void tcp_retrans_try_collapse(struct sock *sk, struct sk_buff *to, 3113 int space) 3114{ 3115 struct tcp_sock *tp = tcp_sk(sk); 3116 struct sk_buff *skb = to, *tmp; 3117 bool first = true; 3118 3119 if (!READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_retrans_collapse)) 3120 return; 3121 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN) 3122 return; 3123 3124 skb_rbtree_walk_from_safe(skb, tmp) { 3125 if (!tcp_can_collapse(sk, skb)) 3126 break; 3127 3128 if (!tcp_skb_can_collapse(to, skb)) 3129 break; 3130 3131 space -= skb->len; 3132 3133 if (first) { 3134 first = false; 3135 continue; 3136 } 3137 3138 if (space < 0) 3139 break; 3140 3141 if (after(TCP_SKB_CB(skb)->end_seq, tcp_wnd_end(tp))) 3142 break; 3143 3144 if (!tcp_collapse_retrans(sk, to)) 3145 break; 3146 } 3147} 3148 3149/* This retransmits one SKB. Policy decisions and retransmit queue 3150 * state updates are done by the caller. Returns non-zero if an 3151 * error occurred which prevented the send. 3152 */ 3153int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs) 3154{ 3155 struct inet_connection_sock *icsk = inet_csk(sk); 3156 struct tcp_sock *tp = tcp_sk(sk); 3157 unsigned int cur_mss; 3158 int diff, len, err; 3159 int avail_wnd; 3160 3161 /* Inconclusive MTU probe */ 3162 if (icsk->icsk_mtup.probe_size) 3163 icsk->icsk_mtup.probe_size = 0; 3164 3165 /* Do not sent more than we queued. 1/4 is reserved for possible 3166 * copying overhead: fragmentation, tunneling, mangling etc. 3167 */ 3168 if (refcount_read(&sk->sk_wmem_alloc) > 3169 min_t(u32, sk->sk_wmem_queued + (sk->sk_wmem_queued >> 2), 3170 sk->sk_sndbuf)) 3171 return -EAGAIN; 3172 3173 if (skb_still_in_host_queue(sk, skb)) 3174 return -EBUSY; 3175 3176start: 3177 if (before(TCP_SKB_CB(skb)->seq, tp->snd_una)) { 3178 if (unlikely(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)) { 3179 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_SYN; 3180 TCP_SKB_CB(skb)->seq++; 3181 goto start; 3182 } 3183 if (unlikely(before(TCP_SKB_CB(skb)->end_seq, tp->snd_una))) { 3184 WARN_ON_ONCE(1); 3185 return -EINVAL; 3186 } 3187 if (tcp_trim_head(sk, skb, tp->snd_una - TCP_SKB_CB(skb)->seq)) 3188 return -ENOMEM; 3189 } 3190 3191 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk)) 3192 return -EHOSTUNREACH; /* Routing failure or similar. */ 3193 3194 cur_mss = tcp_current_mss(sk); 3195 avail_wnd = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq; 3196 3197 /* If receiver has shrunk his window, and skb is out of 3198 * new window, do not retransmit it. The exception is the 3199 * case, when window is shrunk to zero. In this case 3200 * our retransmit of one segment serves as a zero window probe. 3201 */ 3202 if (avail_wnd <= 0) { 3203 if (TCP_SKB_CB(skb)->seq != tp->snd_una) 3204 return -EAGAIN; 3205 avail_wnd = cur_mss; 3206 } 3207 3208 len = cur_mss * segs; 3209 if (len > avail_wnd) { 3210 len = rounddown(avail_wnd, cur_mss); 3211 if (!len) 3212 len = avail_wnd; 3213 } 3214 if (skb->len > len) { 3215 if (tcp_fragment(sk, TCP_FRAG_IN_RTX_QUEUE, skb, len, 3216 cur_mss, GFP_ATOMIC)) 3217 return -ENOMEM; /* We'll try again later. */ 3218 } else { 3219 if (skb_unclone(skb, GFP_ATOMIC)) 3220 return -ENOMEM; 3221 3222 diff = tcp_skb_pcount(skb); 3223 tcp_set_skb_tso_segs(skb, cur_mss); 3224 diff -= tcp_skb_pcount(skb); 3225 if (diff) 3226 tcp_adjust_pcount(sk, skb, diff); 3227 avail_wnd = min_t(int, avail_wnd, cur_mss); 3228 if (skb->len < avail_wnd) 3229 tcp_retrans_try_collapse(sk, skb, avail_wnd); 3230 } 3231 3232 /* RFC3168, section 6.1.1.1. ECN fallback */ 3233 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN_ECN) == TCPHDR_SYN_ECN) 3234 tcp_ecn_clear_syn(sk, skb); 3235 3236 /* Update global and local TCP statistics. */ 3237 segs = tcp_skb_pcount(skb); 3238 TCP_ADD_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS, segs); 3239 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN) 3240 __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNRETRANS); 3241 tp->total_retrans += segs; 3242 tp->bytes_retrans += skb->len; 3243 3244 /* make sure skb->data is aligned on arches that require it 3245 * and check if ack-trimming & collapsing extended the headroom 3246 * beyond what csum_start can cover. 3247 */ 3248 if (unlikely((NET_IP_ALIGN && ((unsigned long)skb->data & 3)) || 3249 skb_headroom(skb) >= 0xFFFF)) { 3250 struct sk_buff *nskb; 3251 3252 tcp_skb_tsorted_save(skb) { 3253 nskb = __pskb_copy(skb, MAX_TCP_HEADER, GFP_ATOMIC); 3254 if (nskb) { 3255 nskb->dev = NULL; 3256 err = tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC); 3257 } else { 3258 err = -ENOBUFS; 3259 } 3260 } tcp_skb_tsorted_restore(skb); 3261 3262 if (!err) { 3263 tcp_update_skb_after_send(sk, skb, tp->tcp_wstamp_ns); 3264 tcp_rate_skb_sent(sk, skb); 3265 } 3266 } else { 3267 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC); 3268 } 3269 3270 /* To avoid taking spuriously low RTT samples based on a timestamp 3271 * for a transmit that never happened, always mark EVER_RETRANS 3272 */ 3273 TCP_SKB_CB(skb)->sacked |= TCPCB_EVER_RETRANS; 3274 3275 if (BPF_SOCK_OPS_TEST_FLAG(tp, BPF_SOCK_OPS_RETRANS_CB_FLAG)) 3276 tcp_call_bpf_3arg(sk, BPF_SOCK_OPS_RETRANS_CB, 3277 TCP_SKB_CB(skb)->seq, segs, err); 3278 3279 if (likely(!err)) { 3280 trace_tcp_retransmit_skb(sk, skb); 3281 } else if (err != -EBUSY) { 3282 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPRETRANSFAIL, segs); 3283 } 3284 return err; 3285} 3286 3287int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs) 3288{ 3289 struct tcp_sock *tp = tcp_sk(sk); 3290 int err = __tcp_retransmit_skb(sk, skb, segs); 3291 3292 if (err == 0) { 3293#if FASTRETRANS_DEBUG > 0 3294 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS) { 3295 net_dbg_ratelimited("retrans_out leaked\n"); 3296 } 3297#endif 3298 TCP_SKB_CB(skb)->sacked |= TCPCB_RETRANS; 3299 tp->retrans_out += tcp_skb_pcount(skb); 3300 } 3301 3302 /* Save stamp of the first (attempted) retransmit. */ 3303 if (!tp->retrans_stamp) 3304 tp->retrans_stamp = tcp_skb_timestamp(skb); 3305 3306 if (tp->undo_retrans < 0) 3307 tp->undo_retrans = 0; 3308 tp->undo_retrans += tcp_skb_pcount(skb); 3309 return err; 3310} 3311 3312/* This gets called after a retransmit timeout, and the initially 3313 * retransmitted data is acknowledged. It tries to continue 3314 * resending the rest of the retransmit queue, until either 3315 * we've sent it all or the congestion window limit is reached. 3316 */ 3317void tcp_xmit_retransmit_queue(struct sock *sk) 3318{ 3319 const struct inet_connection_sock *icsk = inet_csk(sk); 3320 struct sk_buff *skb, *rtx_head, *hole = NULL; 3321 struct tcp_sock *tp = tcp_sk(sk); 3322 bool rearm_timer = false; 3323 u32 max_segs; 3324 int mib_idx; 3325 3326 if (!tp->packets_out) 3327 return; 3328 3329 rtx_head = tcp_rtx_queue_head(sk); 3330 skb = tp->retransmit_skb_hint ?: rtx_head; 3331 max_segs = tcp_tso_segs(sk, tcp_current_mss(sk)); 3332 skb_rbtree_walk_from(skb) { 3333 __u8 sacked; 3334 int segs; 3335 3336 if (tcp_pacing_check(sk)) 3337 break; 3338 3339 /* we could do better than to assign each time */ 3340 if (!hole) 3341 tp->retransmit_skb_hint = skb; 3342 3343 segs = tp->snd_cwnd - tcp_packets_in_flight(tp); 3344 if (segs <= 0) 3345 break; 3346 sacked = TCP_SKB_CB(skb)->sacked; 3347 /* In case tcp_shift_skb_data() have aggregated large skbs, 3348 * we need to make sure not sending too bigs TSO packets 3349 */ 3350 segs = min_t(int, segs, max_segs); 3351 3352 if (tp->retrans_out >= tp->lost_out) { 3353 break; 3354 } else if (!(sacked & TCPCB_LOST)) { 3355 if (!hole && !(sacked & (TCPCB_SACKED_RETRANS|TCPCB_SACKED_ACKED))) 3356 hole = skb; 3357 continue; 3358 3359 } else { 3360 if (icsk->icsk_ca_state != TCP_CA_Loss) 3361 mib_idx = LINUX_MIB_TCPFASTRETRANS; 3362 else 3363 mib_idx = LINUX_MIB_TCPSLOWSTARTRETRANS; 3364 } 3365 3366 if (sacked & (TCPCB_SACKED_ACKED|TCPCB_SACKED_RETRANS)) 3367 continue; 3368 3369 if (tcp_small_queue_check(sk, skb, 1)) 3370 break; 3371 3372 if (tcp_retransmit_skb(sk, skb, segs)) 3373 break; 3374 3375 NET_ADD_STATS(sock_net(sk), mib_idx, tcp_skb_pcount(skb)); 3376 3377 if (tcp_in_cwnd_reduction(sk)) 3378 tp->prr_out += tcp_skb_pcount(skb); 3379 3380 if (skb == rtx_head && 3381 icsk->icsk_pending != ICSK_TIME_REO_TIMEOUT) 3382 rearm_timer = true; 3383 3384 } 3385 if (rearm_timer) 3386 tcp_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 3387 inet_csk(sk)->icsk_rto, 3388 TCP_RTO_MAX); 3389} 3390 3391/* We allow to exceed memory limits for FIN packets to expedite 3392 * connection tear down and (memory) recovery. 3393 * Otherwise tcp_send_fin() could be tempted to either delay FIN 3394 * or even be forced to close flow without any FIN. 3395 * In general, we want to allow one skb per socket to avoid hangs 3396 * with edge trigger epoll() 3397 */ 3398void sk_forced_mem_schedule(struct sock *sk, int size) 3399{ 3400 int delta, amt; 3401 3402 delta = size - sk->sk_forward_alloc; 3403 if (delta <= 0) 3404 return; 3405 amt = sk_mem_pages(delta); 3406 sk->sk_forward_alloc += amt * SK_MEM_QUANTUM; 3407 sk_memory_allocated_add(sk, amt); 3408 3409 if (mem_cgroup_sockets_enabled && sk->sk_memcg) 3410 mem_cgroup_charge_skmem(sk->sk_memcg, amt); 3411} 3412 3413/* Send a FIN. The caller locks the socket for us. 3414 * We should try to send a FIN packet really hard, but eventually give up. 3415 */ 3416void tcp_send_fin(struct sock *sk) 3417{ 3418 struct sk_buff *skb, *tskb, *tail = tcp_write_queue_tail(sk); 3419 struct tcp_sock *tp = tcp_sk(sk); 3420 3421 /* Optimization, tack on the FIN if we have one skb in write queue and 3422 * this skb was not yet sent, or we are under memory pressure. 3423 * Note: in the latter case, FIN packet will be sent after a timeout, 3424 * as TCP stack thinks it has already been transmitted. 3425 */ 3426 tskb = tail; 3427 if (!tskb && tcp_under_memory_pressure(sk)) 3428 tskb = skb_rb_last(&sk->tcp_rtx_queue); 3429 3430 if (tskb) { 3431 TCP_SKB_CB(tskb)->tcp_flags |= TCPHDR_FIN; 3432 TCP_SKB_CB(tskb)->end_seq++; 3433 tp->write_seq++; 3434 if (!tail) { 3435 /* This means tskb was already sent. 3436 * Pretend we included the FIN on previous transmit. 3437 * We need to set tp->snd_nxt to the value it would have 3438 * if FIN had been sent. This is because retransmit path 3439 * does not change tp->snd_nxt. 3440 */ 3441 WRITE_ONCE(tp->snd_nxt, tp->snd_nxt + 1); 3442 return; 3443 } 3444 } else { 3445 skb = alloc_skb_fclone(MAX_TCP_HEADER, 3446 sk_gfp_mask(sk, GFP_ATOMIC | 3447 __GFP_NOWARN)); 3448 if (unlikely(!skb)) 3449 return; 3450 3451 INIT_LIST_HEAD(&skb->tcp_tsorted_anchor); 3452 skb_reserve(skb, MAX_TCP_HEADER); 3453 sk_forced_mem_schedule(sk, skb->truesize); 3454 /* FIN eats a sequence byte, write_seq advanced by tcp_queue_skb(). */ 3455 tcp_init_nondata_skb(skb, tp->write_seq, 3456 TCPHDR_ACK | TCPHDR_FIN); 3457 tcp_queue_skb(sk, skb); 3458 } 3459 __tcp_push_pending_frames(sk, tcp_current_mss(sk), TCP_NAGLE_OFF); 3460} 3461 3462/* We get here when a process closes a file descriptor (either due to 3463 * an explicit close() or as a byproduct of exit()'ing) and there 3464 * was unread data in the receive queue. This behavior is recommended 3465 * by RFC 2525, section 2.17. -DaveM 3466 */ 3467void tcp_send_active_reset(struct sock *sk, gfp_t priority) 3468{ 3469 struct sk_buff *skb; 3470 3471 TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTRSTS); 3472 3473 /* NOTE: No TCP options attached and we never retransmit this. */ 3474 skb = alloc_skb(MAX_TCP_HEADER, priority); 3475 if (!skb) { 3476 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED); 3477 return; 3478 } 3479 3480 /* Reserve space for headers and prepare control bits. */ 3481 skb_reserve(skb, MAX_TCP_HEADER); 3482 tcp_init_nondata_skb(skb, tcp_acceptable_seq(sk), 3483 TCPHDR_ACK | TCPHDR_RST); 3484 tcp_mstamp_refresh(tcp_sk(sk)); 3485 /* Send it off. */ 3486 if (tcp_transmit_skb(sk, skb, 0, priority)) 3487 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED); 3488 3489 /* skb of trace_tcp_send_reset() keeps the skb that caused RST, 3490 * skb here is different to the troublesome skb, so use NULL 3491 */ 3492 trace_tcp_send_reset(sk, NULL); 3493} 3494 3495/* Send a crossed SYN-ACK during socket establishment. 3496 * WARNING: This routine must only be called when we have already sent 3497 * a SYN packet that crossed the incoming SYN that caused this routine 3498 * to get called. If this assumption fails then the initial rcv_wnd 3499 * and rcv_wscale values will not be correct. 3500 */ 3501int tcp_send_synack(struct sock *sk) 3502{ 3503 struct sk_buff *skb; 3504 3505 skb = tcp_rtx_queue_head(sk); 3506 if (!skb || !(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)) { 3507 pr_err("%s: wrong queue state\n", __func__); 3508 return -EFAULT; 3509 } 3510 if (!(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_ACK)) { 3511 if (skb_cloned(skb)) { 3512 struct sk_buff *nskb; 3513 3514 tcp_skb_tsorted_save(skb) { 3515 nskb = skb_copy(skb, GFP_ATOMIC); 3516 } tcp_skb_tsorted_restore(skb); 3517 if (!nskb) 3518 return -ENOMEM; 3519 INIT_LIST_HEAD(&nskb->tcp_tsorted_anchor); 3520 tcp_highest_sack_replace(sk, skb, nskb); 3521 tcp_rtx_queue_unlink_and_free(skb, sk); 3522 __skb_header_release(nskb); 3523 tcp_rbtree_insert(&sk->tcp_rtx_queue, nskb); 3524 sk_wmem_queued_add(sk, nskb->truesize); 3525 sk_mem_charge(sk, nskb->truesize); 3526 skb = nskb; 3527 } 3528 3529 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_ACK; 3530 tcp_ecn_send_synack(sk, skb); 3531 } 3532 return tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC); 3533} 3534 3535/** 3536 * tcp_make_synack - Allocate one skb and build a SYNACK packet. 3537 * @sk: listener socket 3538 * @dst: dst entry attached to the SYNACK. It is consumed and caller 3539 * should not use it again. 3540 * @req: request_sock pointer 3541 * @foc: cookie for tcp fast open 3542 * @synack_type: Type of synack to prepare 3543 * @syn_skb: SYN packet just received. It could be NULL for rtx case. 3544 */ 3545struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, 3546 struct request_sock *req, 3547 struct tcp_fastopen_cookie *foc, 3548 enum tcp_synack_type synack_type, 3549 struct sk_buff *syn_skb) 3550{ 3551 struct inet_request_sock *ireq = inet_rsk(req); 3552 const struct tcp_sock *tp = tcp_sk(sk); 3553 struct tcp_md5sig_key *md5 = NULL; 3554 struct tcp_out_options opts; 3555 struct sk_buff *skb; 3556 int tcp_header_size; 3557 struct tcphdr *th; 3558 int mss; 3559 u64 now; 3560 3561 skb = alloc_skb(MAX_TCP_HEADER, GFP_ATOMIC); 3562 if (unlikely(!skb)) { 3563 dst_release(dst); 3564 return NULL; 3565 } 3566 /* Reserve space for headers. */ 3567 skb_reserve(skb, MAX_TCP_HEADER); 3568 3569 switch (synack_type) { 3570 case TCP_SYNACK_NORMAL: 3571 skb_set_owner_w(skb, req_to_sk(req)); 3572 break; 3573 case TCP_SYNACK_COOKIE: 3574 /* Under synflood, we do not attach skb to a socket, 3575 * to avoid false sharing. 3576 */ 3577 break; 3578 case TCP_SYNACK_FASTOPEN: 3579 /* sk is a const pointer, because we want to express multiple 3580 * cpu might call us concurrently. 3581 * sk->sk_wmem_alloc in an atomic, we can promote to rw. 3582 */ 3583 skb_set_owner_w(skb, (struct sock *)sk); 3584 break; 3585 } 3586 skb_dst_set(skb, dst); 3587 3588 mss = tcp_mss_clamp(tp, dst_metric_advmss(dst)); 3589 3590 memset(&opts, 0, sizeof(opts)); 3591 now = tcp_clock_ns(); 3592#ifdef CONFIG_SYN_COOKIES 3593 if (unlikely(synack_type == TCP_SYNACK_COOKIE && ireq->tstamp_ok)) 3594 skb->skb_mstamp_ns = cookie_init_timestamp(req, now); 3595 else 3596#endif 3597 { 3598 skb->skb_mstamp_ns = now; 3599 if (!tcp_rsk(req)->snt_synack) /* Timestamp first SYNACK */ 3600 tcp_rsk(req)->snt_synack = tcp_skb_timestamp_us(skb); 3601 } 3602 3603#ifdef CONFIG_TCP_MD5SIG 3604 rcu_read_lock(); 3605 md5 = tcp_rsk(req)->af_specific->req_md5_lookup(sk, req_to_sk(req)); 3606#endif 3607 skb_set_hash(skb, tcp_rsk(req)->txhash, PKT_HASH_TYPE_L4); 3608 /* bpf program will be interested in the tcp_flags */ 3609 TCP_SKB_CB(skb)->tcp_flags = TCPHDR_SYN | TCPHDR_ACK; 3610 tcp_header_size = tcp_synack_options(sk, req, mss, skb, &opts, md5, 3611 foc, synack_type, 3612 syn_skb) + sizeof(*th); 3613 3614 skb_push(skb, tcp_header_size); 3615 skb_reset_transport_header(skb); 3616 3617 th = (struct tcphdr *)skb->data; 3618 memset(th, 0, sizeof(struct tcphdr)); 3619 th->syn = 1; 3620 th->ack = 1; 3621 tcp_ecn_make_synack(req, th); 3622 th->source = htons(ireq->ir_num); 3623 th->dest = ireq->ir_rmt_port; 3624 skb->mark = ireq->ir_mark; 3625 skb->ip_summed = CHECKSUM_PARTIAL; 3626 th->seq = htonl(tcp_rsk(req)->snt_isn); 3627 /* XXX data is queued and acked as is. No buffer/window check */ 3628 th->ack_seq = htonl(tcp_rsk(req)->rcv_nxt); 3629 3630 /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */ 3631 th->window = htons(min(req->rsk_rcv_wnd, 65535U)); 3632 tcp_options_write((__be32 *)(th + 1), NULL, &opts); 3633 th->doff = (tcp_header_size >> 2); 3634 TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTSEGS); 3635 3636#ifdef CONFIG_TCP_MD5SIG 3637 /* Okay, we have all we need - do the md5 hash if needed */ 3638 if (md5) 3639 tcp_rsk(req)->af_specific->calc_md5_hash(opts.hash_location, 3640 md5, req_to_sk(req), skb); 3641 rcu_read_unlock(); 3642#endif 3643 3644 bpf_skops_write_hdr_opt((struct sock *)sk, skb, req, syn_skb, 3645 synack_type, &opts); 3646 3647 skb->skb_mstamp_ns = now; 3648 tcp_add_tx_delay(skb, tp); 3649 3650 return skb; 3651} 3652EXPORT_SYMBOL(tcp_make_synack); 3653 3654static void tcp_ca_dst_init(struct sock *sk, const struct dst_entry *dst) 3655{ 3656 struct inet_connection_sock *icsk = inet_csk(sk); 3657 const struct tcp_congestion_ops *ca; 3658 u32 ca_key = dst_metric(dst, RTAX_CC_ALGO); 3659 3660 if (ca_key == TCP_CA_UNSPEC) 3661 return; 3662 3663 rcu_read_lock(); 3664 ca = tcp_ca_find_key(ca_key); 3665 if (likely(ca && bpf_try_module_get(ca, ca->owner))) { 3666 bpf_module_put(icsk->icsk_ca_ops, icsk->icsk_ca_ops->owner); 3667 icsk->icsk_ca_dst_locked = tcp_ca_dst_locked(dst); 3668 icsk->icsk_ca_ops = ca; 3669 } 3670 rcu_read_unlock(); 3671} 3672 3673/* Do all connect socket setups that can be done AF independent. */ 3674static void tcp_connect_init(struct sock *sk) 3675{ 3676 const struct dst_entry *dst = __sk_dst_get(sk); 3677 struct tcp_sock *tp = tcp_sk(sk); 3678 __u8 rcv_wscale; 3679 u32 rcv_wnd; 3680 3681 /* We'll fix this up when we get a response from the other end. 3682 * See tcp_input.c:tcp_rcv_state_process case TCP_SYN_SENT. 3683 */ 3684 tp->tcp_header_len = sizeof(struct tcphdr); 3685 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_timestamps)) 3686 tp->tcp_header_len += TCPOLEN_TSTAMP_ALIGNED; 3687 3688#ifdef CONFIG_TCP_MD5SIG 3689 if (tp->af_specific->md5_lookup(sk, sk)) 3690 tp->tcp_header_len += TCPOLEN_MD5SIG_ALIGNED; 3691#endif 3692 3693 /* If user gave his TCP_MAXSEG, record it to clamp */ 3694 if (tp->rx_opt.user_mss) 3695 tp->rx_opt.mss_clamp = tp->rx_opt.user_mss; 3696 tp->max_window = 0; 3697 tcp_mtup_init(sk); 3698 tcp_sync_mss(sk, dst_mtu(dst)); 3699 3700 tcp_ca_dst_init(sk, dst); 3701 3702 if (!tp->window_clamp) 3703 tp->window_clamp = dst_metric(dst, RTAX_WINDOW); 3704 tp->advmss = tcp_mss_clamp(tp, dst_metric_advmss(dst)); 3705 3706 tcp_initialize_rcv_mss(sk); 3707 3708 /* limit the window selection if the user enforce a smaller rx buffer */ 3709 if (sk->sk_userlocks & SOCK_RCVBUF_LOCK && 3710 (tp->window_clamp > tcp_full_space(sk) || tp->window_clamp == 0)) 3711 tp->window_clamp = tcp_full_space(sk); 3712 3713 rcv_wnd = tcp_rwnd_init_bpf(sk); 3714 if (rcv_wnd == 0) 3715 rcv_wnd = dst_metric(dst, RTAX_INITRWND); 3716 3717 tcp_select_initial_window(sk, tcp_full_space(sk), 3718 tp->advmss - (tp->rx_opt.ts_recent_stamp ? tp->tcp_header_len - sizeof(struct tcphdr) : 0), 3719 &tp->rcv_wnd, 3720 &tp->window_clamp, 3721 READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_window_scaling), 3722 &rcv_wscale, 3723 rcv_wnd); 3724 3725#ifdef CONFIG_LOWPOWER_PROTOCOL 3726 tp->rcv_wnd = TCP_RCV_WND_INIT; 3727#endif /* CONFIG_LOWPOWER_PROTOCOL */ 3728 tp->rx_opt.rcv_wscale = rcv_wscale; 3729 tp->rcv_ssthresh = tp->rcv_wnd; 3730 3731 sk->sk_err = 0; 3732 sock_reset_flag(sk, SOCK_DONE); 3733 tp->snd_wnd = 0; 3734 tcp_init_wl(tp, 0); 3735 tcp_write_queue_purge(sk); 3736 tp->snd_una = tp->write_seq; 3737 tp->snd_sml = tp->write_seq; 3738 tp->snd_up = tp->write_seq; 3739 WRITE_ONCE(tp->snd_nxt, tp->write_seq); 3740 3741 if (likely(!tp->repair)) 3742 tp->rcv_nxt = 0; 3743 else 3744 tp->rcv_tstamp = tcp_jiffies32; 3745 tp->rcv_wup = tp->rcv_nxt; 3746 WRITE_ONCE(tp->copied_seq, tp->rcv_nxt); 3747 3748 inet_csk(sk)->icsk_rto = tcp_timeout_init(sk); 3749 inet_csk(sk)->icsk_retransmits = 0; 3750 tcp_clear_retrans(tp); 3751} 3752 3753static void tcp_connect_queue_skb(struct sock *sk, struct sk_buff *skb) 3754{ 3755 struct tcp_sock *tp = tcp_sk(sk); 3756 struct tcp_skb_cb *tcb = TCP_SKB_CB(skb); 3757 3758 tcb->end_seq += skb->len; 3759 __skb_header_release(skb); 3760 sk_wmem_queued_add(sk, skb->truesize); 3761 sk_mem_charge(sk, skb->truesize); 3762 WRITE_ONCE(tp->write_seq, tcb->end_seq); 3763 tp->packets_out += tcp_skb_pcount(skb); 3764} 3765 3766/* Build and send a SYN with data and (cached) Fast Open cookie. However, 3767 * queue a data-only packet after the regular SYN, such that regular SYNs 3768 * are retransmitted on timeouts. Also if the remote SYN-ACK acknowledges 3769 * only the SYN sequence, the data are retransmitted in the first ACK. 3770 * If cookie is not cached or other error occurs, falls back to send a 3771 * regular SYN with Fast Open cookie request option. 3772 */ 3773static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn) 3774{ 3775 struct inet_connection_sock *icsk = inet_csk(sk); 3776 struct tcp_sock *tp = tcp_sk(sk); 3777 struct tcp_fastopen_request *fo = tp->fastopen_req; 3778 int space, err = 0; 3779 struct sk_buff *syn_data; 3780 3781 tp->rx_opt.mss_clamp = tp->advmss; /* If MSS is not cached */ 3782 if (!tcp_fastopen_cookie_check(sk, &tp->rx_opt.mss_clamp, &fo->cookie)) 3783 goto fallback; 3784 3785 /* MSS for SYN-data is based on cached MSS and bounded by PMTU and 3786 * user-MSS. Reserve maximum option space for middleboxes that add 3787 * private TCP options. The cost is reduced data space in SYN :( 3788 */ 3789 tp->rx_opt.mss_clamp = tcp_mss_clamp(tp, tp->rx_opt.mss_clamp); 3790 /* Sync mss_cache after updating the mss_clamp */ 3791 tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); 3792 3793 space = __tcp_mtu_to_mss(sk, icsk->icsk_pmtu_cookie) - 3794 MAX_TCP_OPTION_SPACE; 3795 3796 space = min_t(size_t, space, fo->size); 3797 3798 /* limit to order-0 allocations */ 3799 space = min_t(size_t, space, SKB_MAX_HEAD(MAX_TCP_HEADER)); 3800 3801 syn_data = sk_stream_alloc_skb(sk, space, sk->sk_allocation, false); 3802 if (!syn_data) 3803 goto fallback; 3804 syn_data->ip_summed = CHECKSUM_PARTIAL; 3805 memcpy(syn_data->cb, syn->cb, sizeof(syn->cb)); 3806 if (space) { 3807 int copied = copy_from_iter(skb_put(syn_data, space), space, 3808 &fo->data->msg_iter); 3809 if (unlikely(!copied)) { 3810 tcp_skb_tsorted_anchor_cleanup(syn_data); 3811 kfree_skb(syn_data); 3812 goto fallback; 3813 } 3814 if (copied != space) { 3815 skb_trim(syn_data, copied); 3816 space = copied; 3817 } 3818 skb_zcopy_set(syn_data, fo->uarg, NULL); 3819 } 3820 /* No more data pending in inet_wait_for_connect() */ 3821 if (space == fo->size) 3822 fo->data = NULL; 3823 fo->copied = space; 3824 3825 tcp_connect_queue_skb(sk, syn_data); 3826 if (syn_data->len) 3827 tcp_chrono_start(sk, TCP_CHRONO_BUSY); 3828 3829 err = tcp_transmit_skb(sk, syn_data, 1, sk->sk_allocation); 3830 3831 syn->skb_mstamp_ns = syn_data->skb_mstamp_ns; 3832 3833 /* Now full SYN+DATA was cloned and sent (or not), 3834 * remove the SYN from the original skb (syn_data) 3835 * we keep in write queue in case of a retransmit, as we 3836 * also have the SYN packet (with no data) in the same queue. 3837 */ 3838 TCP_SKB_CB(syn_data)->seq++; 3839 TCP_SKB_CB(syn_data)->tcp_flags = TCPHDR_ACK | TCPHDR_PSH; 3840 if (!err) { 3841 tp->syn_data = (fo->copied > 0); 3842 tcp_rbtree_insert(&sk->tcp_rtx_queue, syn_data); 3843 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPORIGDATASENT); 3844 goto done; 3845 } 3846 3847 /* data was not sent, put it in write_queue */ 3848 __skb_queue_tail(&sk->sk_write_queue, syn_data); 3849 tp->packets_out -= tcp_skb_pcount(syn_data); 3850 3851fallback: 3852 /* Send a regular SYN with Fast Open cookie request option */ 3853 if (fo->cookie.len > 0) 3854 fo->cookie.len = 0; 3855 err = tcp_transmit_skb(sk, syn, 1, sk->sk_allocation); 3856 if (err) 3857 tp->syn_fastopen = 0; 3858done: 3859 fo->cookie.len = -1; /* Exclude Fast Open option for SYN retries */ 3860 return err; 3861} 3862 3863/* Build a SYN and send it off. */ 3864int tcp_connect(struct sock *sk) 3865{ 3866 struct tcp_sock *tp = tcp_sk(sk); 3867 struct sk_buff *buff; 3868 int err; 3869 3870 tcp_call_bpf(sk, BPF_SOCK_OPS_TCP_CONNECT_CB, 0, NULL); 3871 3872 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk)) 3873 return -EHOSTUNREACH; /* Routing failure or similar. */ 3874 3875 tcp_connect_init(sk); 3876 3877 if (unlikely(tp->repair)) { 3878 tcp_finish_connect(sk, NULL); 3879 return 0; 3880 } 3881 3882 buff = sk_stream_alloc_skb(sk, 0, sk->sk_allocation, true); 3883 if (unlikely(!buff)) 3884 return -ENOBUFS; 3885 3886 tcp_init_nondata_skb(buff, tp->write_seq++, TCPHDR_SYN); 3887 tcp_mstamp_refresh(tp); 3888 tp->retrans_stamp = tcp_time_stamp(tp); 3889 tcp_connect_queue_skb(sk, buff); 3890 tcp_ecn_send_syn(sk, buff); 3891 tcp_rbtree_insert(&sk->tcp_rtx_queue, buff); 3892 3893 /* Send off SYN; include data in Fast Open. */ 3894 err = tp->fastopen_req ? tcp_send_syn_data(sk, buff) : 3895 tcp_transmit_skb(sk, buff, 1, sk->sk_allocation); 3896 if (err == -ECONNREFUSED) 3897 return err; 3898 3899 /* We change tp->snd_nxt after the tcp_transmit_skb() call 3900 * in order to make this packet get counted in tcpOutSegs. 3901 */ 3902 WRITE_ONCE(tp->snd_nxt, tp->write_seq); 3903 tp->pushed_seq = tp->write_seq; 3904 buff = tcp_send_head(sk); 3905 if (unlikely(buff)) { 3906 WRITE_ONCE(tp->snd_nxt, TCP_SKB_CB(buff)->seq); 3907 tp->pushed_seq = TCP_SKB_CB(buff)->seq; 3908 } 3909 TCP_INC_STATS(sock_net(sk), TCP_MIB_ACTIVEOPENS); 3910 3911 /* Timer for repeating the SYN until an answer. */ 3912 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 3913 inet_csk(sk)->icsk_rto, TCP_RTO_MAX); 3914 return 0; 3915} 3916EXPORT_SYMBOL(tcp_connect); 3917 3918/* Send out a delayed ack, the caller does the policy checking 3919 * to see if we should even be here. See tcp_input.c:tcp_ack_snd_check() 3920 * for details. 3921 */ 3922void tcp_send_delayed_ack(struct sock *sk) 3923{ 3924 struct inet_connection_sock *icsk = inet_csk(sk); 3925 int ato = icsk->icsk_ack.ato; 3926 unsigned long timeout; 3927 3928 if (ato > TCP_DELACK_MIN) { 3929 const struct tcp_sock *tp = tcp_sk(sk); 3930 int max_ato = HZ / 2; 3931 3932 if (inet_csk_in_pingpong_mode(sk) || 3933 (icsk->icsk_ack.pending & ICSK_ACK_PUSHED)) 3934 max_ato = TCP_DELACK_MAX; 3935 3936 /* Slow path, intersegment interval is "high". */ 3937 3938 /* If some rtt estimate is known, use it to bound delayed ack. 3939 * Do not use inet_csk(sk)->icsk_rto here, use results of rtt measurements 3940 * directly. 3941 */ 3942 if (tp->srtt_us) { 3943 int rtt = max_t(int, usecs_to_jiffies(tp->srtt_us >> 3), 3944 TCP_DELACK_MIN); 3945 3946 if (rtt < max_ato) 3947 max_ato = rtt; 3948 } 3949 3950 ato = min(ato, max_ato); 3951 } 3952 3953 ato = min_t(u32, ato, inet_csk(sk)->icsk_delack_max); 3954 3955 /* Stay within the limit we were given */ 3956 timeout = jiffies + ato; 3957 3958 /* Use new timeout only if there wasn't a older one earlier. */ 3959 if (icsk->icsk_ack.pending & ICSK_ACK_TIMER) { 3960 /* If delack timer is about to expire, send ACK now. */ 3961 if (time_before_eq(icsk->icsk_ack.timeout, jiffies + (ato >> 2))) { 3962 tcp_send_ack(sk); 3963 return; 3964 } 3965 3966 if (!time_before(timeout, icsk->icsk_ack.timeout)) 3967 timeout = icsk->icsk_ack.timeout; 3968 } 3969 icsk->icsk_ack.pending |= ICSK_ACK_SCHED | ICSK_ACK_TIMER; 3970 icsk->icsk_ack.timeout = timeout; 3971 sk_reset_timer(sk, &icsk->icsk_delack_timer, timeout); 3972} 3973 3974/* This routine sends an ack and also updates the window. */ 3975void __tcp_send_ack(struct sock *sk, u32 rcv_nxt) 3976{ 3977 struct sk_buff *buff; 3978 3979 /* If we have been reset, we may not send again. */ 3980 if (sk->sk_state == TCP_CLOSE) 3981 return; 3982 3983 /* We are not putting this on the write queue, so 3984 * tcp_transmit_skb() will set the ownership to this 3985 * sock. 3986 */ 3987 buff = alloc_skb(MAX_TCP_HEADER, 3988 sk_gfp_mask(sk, GFP_ATOMIC | __GFP_NOWARN)); 3989 if (unlikely(!buff)) { 3990 struct inet_connection_sock *icsk = inet_csk(sk); 3991 unsigned long delay; 3992 3993 delay = TCP_DELACK_MAX << icsk->icsk_ack.retry; 3994 if (delay < TCP_RTO_MAX) 3995 icsk->icsk_ack.retry++; 3996 inet_csk_schedule_ack(sk); 3997 icsk->icsk_ack.ato = TCP_ATO_MIN; 3998 inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK, delay, TCP_RTO_MAX); 3999 return; 4000 } 4001 4002 /* Reserve space for headers and prepare control bits. */ 4003 skb_reserve(buff, MAX_TCP_HEADER); 4004 tcp_init_nondata_skb(buff, tcp_acceptable_seq(sk), TCPHDR_ACK); 4005 4006 /* We do not want pure acks influencing TCP Small Queues or fq/pacing 4007 * too much. 4008 * SKB_TRUESIZE(max(1 .. 66, MAX_TCP_HEADER)) is unfortunately ~784 4009 */ 4010 skb_set_tcp_pure_ack(buff); 4011 4012 /* Send it off, this clears delayed acks for us. */ 4013 __tcp_transmit_skb(sk, buff, 0, (__force gfp_t)0, rcv_nxt); 4014} 4015EXPORT_SYMBOL_GPL(__tcp_send_ack); 4016 4017void tcp_send_ack(struct sock *sk) 4018{ 4019 __tcp_send_ack(sk, tcp_sk(sk)->rcv_nxt); 4020} 4021 4022/* This routine sends a packet with an out of date sequence 4023 * number. It assumes the other end will try to ack it. 4024 * 4025 * Question: what should we make while urgent mode? 4026 * 4.4BSD forces sending single byte of data. We cannot send 4027 * out of window data, because we have SND.NXT==SND.MAX... 4028 * 4029 * Current solution: to send TWO zero-length segments in urgent mode: 4030 * one is with SEG.SEQ=SND.UNA to deliver urgent pointer, another is 4031 * out-of-date with SND.UNA-1 to probe window. 4032 */ 4033static int tcp_xmit_probe_skb(struct sock *sk, int urgent, int mib) 4034{ 4035 struct tcp_sock *tp = tcp_sk(sk); 4036 struct sk_buff *skb; 4037 4038 /* We don't queue it, tcp_transmit_skb() sets ownership. */ 4039 skb = alloc_skb(MAX_TCP_HEADER, 4040 sk_gfp_mask(sk, GFP_ATOMIC | __GFP_NOWARN)); 4041 if (!skb) 4042 return -1; 4043 4044 /* Reserve space for headers and set control bits. */ 4045 skb_reserve(skb, MAX_TCP_HEADER); 4046 /* Use a previous sequence. This should cause the other 4047 * end to send an ack. Don't queue or clone SKB, just 4048 * send it. 4049 */ 4050 tcp_init_nondata_skb(skb, tp->snd_una - !urgent, TCPHDR_ACK); 4051 NET_INC_STATS(sock_net(sk), mib); 4052 return tcp_transmit_skb(sk, skb, 0, (__force gfp_t)0); 4053} 4054 4055/* Called from setsockopt( ... TCP_REPAIR ) */ 4056void tcp_send_window_probe(struct sock *sk) 4057{ 4058 if (sk->sk_state == TCP_ESTABLISHED) { 4059 tcp_sk(sk)->snd_wl1 = tcp_sk(sk)->rcv_nxt - 1; 4060 tcp_mstamp_refresh(tcp_sk(sk)); 4061 tcp_xmit_probe_skb(sk, 0, LINUX_MIB_TCPWINPROBE); 4062 } 4063} 4064 4065/* Initiate keepalive or window probe from timer. */ 4066int tcp_write_wakeup(struct sock *sk, int mib) 4067{ 4068 struct tcp_sock *tp = tcp_sk(sk); 4069 struct sk_buff *skb; 4070 4071 if (sk->sk_state == TCP_CLOSE) 4072 return -1; 4073 4074 skb = tcp_send_head(sk); 4075 if (skb && before(TCP_SKB_CB(skb)->seq, tcp_wnd_end(tp))) { 4076 int err; 4077 unsigned int mss = tcp_current_mss(sk); 4078 unsigned int seg_size = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq; 4079 4080 if (before(tp->pushed_seq, TCP_SKB_CB(skb)->end_seq)) 4081 tp->pushed_seq = TCP_SKB_CB(skb)->end_seq; 4082 4083 /* We are probing the opening of a window 4084 * but the window size is != 0 4085 * must have been a result SWS avoidance ( sender ) 4086 */ 4087 if (seg_size < TCP_SKB_CB(skb)->end_seq - TCP_SKB_CB(skb)->seq || 4088 skb->len > mss) { 4089 seg_size = min(seg_size, mss); 4090 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH; 4091 if (tcp_fragment(sk, TCP_FRAG_IN_WRITE_QUEUE, 4092 skb, seg_size, mss, GFP_ATOMIC)) 4093 return -1; 4094 } else if (!tcp_skb_pcount(skb)) 4095 tcp_set_skb_tso_segs(skb, mss); 4096 4097 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH; 4098 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC); 4099 if (!err) 4100 tcp_event_new_data_sent(sk, skb); 4101 return err; 4102 } else { 4103 if (between(tp->snd_up, tp->snd_una + 1, tp->snd_una + 0xFFFF)) 4104 tcp_xmit_probe_skb(sk, 1, mib); 4105 return tcp_xmit_probe_skb(sk, 0, mib); 4106 } 4107} 4108 4109/* A window probe timeout has occurred. If window is not closed send 4110 * a partial packet else a zero probe. 4111 */ 4112void tcp_send_probe0(struct sock *sk) 4113{ 4114 struct inet_connection_sock *icsk = inet_csk(sk); 4115 struct tcp_sock *tp = tcp_sk(sk); 4116 unsigned long timeout; 4117 int err; 4118 4119 err = tcp_write_wakeup(sk, LINUX_MIB_TCPWINPROBE); 4120 4121 if (tp->packets_out || tcp_write_queue_empty(sk)) { 4122 /* Cancel probe timer, if it is not required. */ 4123 icsk->icsk_probes_out = 0; 4124 icsk->icsk_backoff = 0; 4125 icsk->icsk_probes_tstamp = 0; 4126 return; 4127 } 4128 4129 icsk->icsk_probes_out++; 4130 if (err <= 0) { 4131 if (icsk->icsk_backoff < READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_retries2)) 4132 icsk->icsk_backoff++; 4133 timeout = tcp_probe0_when(sk, TCP_RTO_MAX); 4134 } else { 4135 /* If packet was not sent due to local congestion, 4136 * Let senders fight for local resources conservatively. 4137 */ 4138 timeout = TCP_RESOURCE_PROBE_INTERVAL; 4139 } 4140 4141 timeout = tcp_clamp_probe0_to_user_timeout(sk, timeout); 4142 tcp_reset_xmit_timer(sk, ICSK_TIME_PROBE0, timeout, TCP_RTO_MAX); 4143} 4144 4145int tcp_rtx_synack(const struct sock *sk, struct request_sock *req) 4146{ 4147 const struct tcp_request_sock_ops *af_ops = tcp_rsk(req)->af_specific; 4148 struct flowi fl; 4149 int res; 4150 4151 tcp_rsk(req)->txhash = net_tx_rndhash(); 4152 res = af_ops->send_synack(sk, NULL, &fl, req, NULL, TCP_SYNACK_NORMAL, 4153 NULL); 4154 if (!res) { 4155 TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS); 4156 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNRETRANS); 4157 if (unlikely(tcp_passive_fastopen(sk))) 4158 tcp_sk(sk)->total_retrans++; 4159 trace_tcp_retransmit_synack(sk, req); 4160 } 4161 return res; 4162} 4163EXPORT_SYMBOL(tcp_rtx_synack); 4164