2 * Copyright (c) 2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vppinfra/sparse_vec.h>
17 #include <vnet/tcp/tcp_packet.h>
18 #include <vnet/tcp/tcp.h>
19 #include <vnet/session/session.h>
22 static char *tcp_error_strings[] = {
23 #define tcp_error(n,s) s,
24 #include <vnet/tcp/tcp_error.def>
28 /* All TCP nodes have the same outgoing arcs */
29 #define foreach_tcp_state_next \
30 _ (DROP4, "ip4-drop") \
31 _ (DROP6, "ip6-drop") \
32 _ (TCP4_OUTPUT, "tcp4-output") \
33 _ (TCP6_OUTPUT, "tcp6-output")
35 typedef enum _tcp_established_next
37 #define _(s,n) TCP_ESTABLISHED_NEXT_##s,
38 foreach_tcp_state_next
40 TCP_ESTABLISHED_N_NEXT,
41 } tcp_established_next_t;
43 typedef enum _tcp_rcv_process_next
45 #define _(s,n) TCP_RCV_PROCESS_NEXT_##s,
46 foreach_tcp_state_next
48 TCP_RCV_PROCESS_N_NEXT,
49 } tcp_rcv_process_next_t;
51 typedef enum _tcp_syn_sent_next
53 #define _(s,n) TCP_SYN_SENT_NEXT_##s,
54 foreach_tcp_state_next
57 } tcp_syn_sent_next_t;
59 typedef enum _tcp_listen_next
61 #define _(s,n) TCP_LISTEN_NEXT_##s,
62 foreach_tcp_state_next
67 /* Generic, state independent indices */
68 typedef enum _tcp_state_next
70 #define _(s,n) TCP_NEXT_##s,
71 foreach_tcp_state_next
76 #define tcp_next_output(is_ip4) (is_ip4 ? TCP_NEXT_TCP4_OUTPUT \
77 : TCP_NEXT_TCP6_OUTPUT)
79 #define tcp_next_drop(is_ip4) (is_ip4 ? TCP_NEXT_DROP4 \
82 vlib_node_registration_t tcp4_established_node;
83 vlib_node_registration_t tcp6_established_node;
86 * Validate segment sequence number. As per RFC793:
88 * Segment Receive Test
90 * ------- ------- -------------------------------------------
91 * 0 0 SEG.SEQ = RCV.NXT
92 * 0 >0 RCV.NXT =< SEG.SEQ < RCV.NXT+RCV.WND
94 * >0 >0 RCV.NXT =< SEG.SEQ < RCV.NXT+RCV.WND
95 * or RCV.NXT =< SEG.SEQ+SEG.LEN-1 < RCV.NXT+RCV.WND
97 * This ultimately consists in checking if segment falls within the window.
98 * The one important difference compared to RFC793 is that we use rcv_las,
99 * or the rcv_nxt at last ack sent instead of rcv_nxt since that's the
100 * peer's reference when computing our receive window.
103 * seq_leq (end_seq, tc->rcv_las + tc->rcv_wnd) && seq_geq (seq, tc->rcv_las)
104 * however, is too strict when we have retransmits. Instead we just check that
105 * the seq is not beyond the right edge and that the end of the segment is not
106 * less than the left edge.
108 * N.B. rcv_nxt and rcv_wnd are both updated in this node if acks are sent, so
109 * use rcv_nxt in the right edge window test instead of rcv_las.
113 tcp_segment_in_rcv_wnd (tcp_connection_t * tc, u32 seq, u32 end_seq)
115 return (seq_geq (end_seq, tc->rcv_las)
116 && seq_leq (seq, tc->rcv_nxt + tc->rcv_wnd));
120 * Parse TCP header options.
122 * @param th TCP header
123 * @param to TCP options data structure to be populated
124 * @return -1 if parsing failed
127 tcp_options_parse (tcp_header_t * th, tcp_options_t * to)
130 u8 opt_len, opts_len, kind;
134 opts_len = (tcp_doff (th) << 2) - sizeof (tcp_header_t);
135 data = (const u8 *) (th + 1);
137 /* Zero out all flags but those set in SYN */
138 to->flags &= (TCP_OPTS_FLAG_SACK_PERMITTED | TCP_OPTS_FLAG_WSCALE
139 | TCP_OPTS_FLAG_SACK);
141 for (; opts_len > 0; opts_len -= opt_len, data += opt_len)
145 /* Get options length */
146 if (kind == TCP_OPTION_EOL)
148 else if (kind == TCP_OPTION_NOOP)
160 /* weird option length */
161 if (opt_len < 2 || opt_len > opts_len)
169 if ((opt_len == TCP_OPTION_LEN_MSS) && tcp_syn (th))
171 to->flags |= TCP_OPTS_FLAG_MSS;
172 to->mss = clib_net_to_host_u16 (*(u16 *) (data + 2));
175 case TCP_OPTION_WINDOW_SCALE:
176 if ((opt_len == TCP_OPTION_LEN_WINDOW_SCALE) && tcp_syn (th))
178 to->flags |= TCP_OPTS_FLAG_WSCALE;
179 to->wscale = data[2];
180 if (to->wscale > TCP_MAX_WND_SCALE)
182 clib_warning ("Illegal window scaling value: %d",
184 to->wscale = TCP_MAX_WND_SCALE;
188 case TCP_OPTION_TIMESTAMP:
189 if (opt_len == TCP_OPTION_LEN_TIMESTAMP)
191 to->flags |= TCP_OPTS_FLAG_TSTAMP;
192 to->tsval = clib_net_to_host_u32 (*(u32 *) (data + 2));
193 to->tsecr = clib_net_to_host_u32 (*(u32 *) (data + 6));
196 case TCP_OPTION_SACK_PERMITTED:
197 if (opt_len == TCP_OPTION_LEN_SACK_PERMITTED && tcp_syn (th))
198 to->flags |= TCP_OPTS_FLAG_SACK_PERMITTED;
200 case TCP_OPTION_SACK_BLOCK:
201 /* If SACK permitted was not advertised or a SYN, break */
202 if ((to->flags & TCP_OPTS_FLAG_SACK_PERMITTED) == 0 || tcp_syn (th))
205 /* If too short or not correctly formatted, break */
206 if (opt_len < 10 || ((opt_len - 2) % TCP_OPTION_LEN_SACK_BLOCK))
209 to->flags |= TCP_OPTS_FLAG_SACK;
210 to->n_sack_blocks = (opt_len - 2) / TCP_OPTION_LEN_SACK_BLOCK;
211 vec_reset_length (to->sacks);
212 for (j = 0; j < to->n_sack_blocks; j++)
214 b.start = clib_net_to_host_u32 (*(u32 *) (data + 2 + 8 * j));
215 b.end = clib_net_to_host_u32 (*(u32 *) (data + 6 + 8 * j));
216 vec_add1 (to->sacks, b);
220 /* Nothing to see here */
228 * RFC1323: Check against wrapped sequence numbers (PAWS). If we have
229 * timestamp to echo and it's less than tsval_recent, drop segment
230 * but still send an ACK in order to retain TCP's mechanism for detecting
231 * and recovering from half-open connections
233 * Or at least that's what the theory says. It seems that this might not work
234 * very well with packet reordering and fast retransmit. XXX
237 tcp_segment_check_paws (tcp_connection_t * tc)
239 return tcp_opts_tstamp (&tc->rcv_opts) && tc->tsval_recent
240 && timestamp_lt (tc->rcv_opts.tsval, tc->tsval_recent);
244 * Update tsval recent
247 tcp_update_timestamp (tcp_connection_t * tc, u32 seq, u32 seq_end)
250 * RFC1323: If Last.ACK.sent falls within the range of sequence numbers
251 * of an incoming segment:
252 * SEG.SEQ <= Last.ACK.sent < SEG.SEQ + SEG.LEN
253 * then the TSval from the segment is copied to TS.Recent;
254 * otherwise, the TSval is ignored.
256 if (tcp_opts_tstamp (&tc->rcv_opts) && seq_leq (seq, tc->rcv_las)
257 && seq_leq (tc->rcv_las, seq_end))
259 ASSERT (timestamp_leq (tc->tsval_recent, tc->rcv_opts.tsval));
260 tc->tsval_recent = tc->rcv_opts.tsval;
261 tc->tsval_recent_age = tcp_time_now_w_thread (tc->c_thread_index);
266 * Validate incoming segment as per RFC793 p. 69 and RFC1323 p. 19
268 * It first verifies if segment has a wrapped sequence number (PAWS) and then
269 * does the processing associated to the first four steps (ignoring security
270 * and precedence): sequence number, rst bit and syn bit checks.
272 * @return 0 if segments passes validation.
275 tcp_segment_validate (vlib_main_t * vm, tcp_connection_t * tc0,
276 vlib_buffer_t * b0, tcp_header_t * th0,
277 u32 * next0, u32 * error0)
279 /* We could get a burst of RSTs interleaved with acks */
280 if (PREDICT_FALSE (tc0->state == TCP_STATE_CLOSED))
282 tcp_send_reset (tc0);
283 *error0 = TCP_ERROR_CONNECTION_CLOSED;
287 if (PREDICT_FALSE (!tcp_ack (th0) && !tcp_rst (th0) && !tcp_syn (th0)))
289 *error0 = TCP_ERROR_SEGMENT_INVALID;
293 if (PREDICT_FALSE (tcp_options_parse (th0, &tc0->rcv_opts)))
295 clib_warning ("options parse error");
296 *error0 = TCP_ERROR_OPTIONS;
300 if (PREDICT_FALSE (tcp_segment_check_paws (tc0)))
302 *error0 = TCP_ERROR_PAWS;
304 clib_warning ("paws failed\n%U", format_tcp_connection, tc0, 2);
305 TCP_EVT_DBG (TCP_EVT_PAWS_FAIL, tc0, vnet_buffer (b0)->tcp.seq_number,
306 vnet_buffer (b0)->tcp.seq_end);
308 /* If it just so happens that a segment updates tsval_recent for a
309 * segment over 24 days old, invalidate tsval_recent. */
310 if (timestamp_lt (tc0->tsval_recent_age + TCP_PAWS_IDLE,
311 tcp_time_now_w_thread (tc0->c_thread_index)))
313 /* Age isn't reset until we get a valid tsval (bsd inspired) */
314 tc0->tsval_recent = 0;
315 clib_warning ("paws failed - really old segment. REALLY?");
319 /* Drop after ack if not rst */
322 tcp_make_ack (tc0, b0);
323 TCP_EVT_DBG (TCP_EVT_DUPACK_SENT, tc0, vnet_buffer (b0)->tcp);
330 /* 1st: check sequence number */
331 if (!tcp_segment_in_rcv_wnd (tc0, vnet_buffer (b0)->tcp.seq_number,
332 vnet_buffer (b0)->tcp.seq_end))
334 *error0 = TCP_ERROR_RCV_WND;
335 /* If our window is 0 and the packet is in sequence, let it pass
336 * through for ack processing. It should be dropped later. */
337 if (!(tc0->rcv_wnd == 0
338 && tc0->rcv_nxt == vnet_buffer (b0)->tcp.seq_number))
340 /* If not RST, send dup ack */
343 tcp_make_ack (tc0, b0);
344 TCP_EVT_DBG (TCP_EVT_DUPACK_SENT, tc0, vnet_buffer (b0)->tcp);
351 /* 2nd: check the RST bit */
352 if (PREDICT_FALSE (tcp_rst (th0)))
354 tcp_connection_reset (tc0);
355 *error0 = TCP_ERROR_RST_RCVD;
359 /* 3rd: check security and precedence (skip) */
361 /* 4th: check the SYN bit */
362 if (PREDICT_FALSE (tcp_syn (th0)))
364 /* TODO implement RFC 5961 */
365 if (tc0->state == TCP_STATE_SYN_RCVD)
367 tcp_make_synack (tc0, b0);
368 TCP_EVT_DBG (TCP_EVT_SYN_RCVD, tc0, 0);
372 tcp_make_ack (tc0, b0);
373 TCP_EVT_DBG (TCP_EVT_SYNACK_RCVD, tc0);
378 /* If segment in window, save timestamp */
379 tcp_update_timestamp (tc0, vnet_buffer (b0)->tcp.seq_number,
380 vnet_buffer (b0)->tcp.seq_end);
384 *next0 = tcp_next_drop (tc0->c_is_ip4);
387 *next0 = tcp_next_output (tc0->c_is_ip4);
392 tcp_rcv_ack_is_acceptable (tcp_connection_t * tc0, vlib_buffer_t * tb0)
394 /* SND.UNA =< SEG.ACK =< SND.NXT */
395 return (seq_leq (tc0->snd_una, vnet_buffer (tb0)->tcp.ack_number)
396 && seq_leq (vnet_buffer (tb0)->tcp.ack_number, tc0->snd_nxt));
400 * Compute smoothed RTT as per VJ's '88 SIGCOMM and RFC6298
402 * Note that although the original article, srtt and rttvar are scaled
403 * to minimize round-off errors, here we don't. Instead, we rely on
404 * better precision time measurements.
406 * TODO support us rtt resolution
409 tcp_estimate_rtt (tcp_connection_t * tc, u32 mrtt)
415 err = mrtt - tc->srtt;
417 /* XXX Drop in RTT results in RTTVAR increase and bigger RTO.
418 * The increase should be bound */
419 tc->srtt = clib_max ((int) tc->srtt + (err >> 3), 1);
420 diff = (clib_abs (err) - (int) tc->rttvar) >> 2;
421 tc->rttvar = clib_max ((int) tc->rttvar + diff, 1);
425 /* First measurement. */
427 tc->rttvar = mrtt >> 1;
432 tcp_update_rto (tcp_connection_t * tc)
434 tc->rto = clib_min (tc->srtt + (tc->rttvar << 2), TCP_RTO_MAX);
435 tc->rto = clib_max (tc->rto, TCP_RTO_MIN);
439 * Update RTT estimate and RTO timer
441 * Measure RTT: We have two sources of RTT measurements: TSOPT and ACK
442 * timing. Middle boxes are known to fiddle with TCP options so we
443 * should give higher priority to ACK timing.
445 * This should be called only if previously sent bytes have been acked.
447 * return 1 if valid rtt 0 otherwise
450 tcp_update_rtt (tcp_connection_t * tc, u32 ack)
454 /* Karn's rule, part 1. Don't use retransmitted segments to estimate
455 * RTT because they're ambiguous. */
456 if (tcp_in_cong_recovery (tc) || tc->sack_sb.sacked_bytes)
458 if (tcp_in_recovery (tc))
463 if (tc->rtt_ts && seq_geq (ack, tc->rtt_seq))
465 tc->mrtt_us = tcp_time_now_us (tc->c_thread_index) - tc->rtt_ts;
466 mrtt = clib_max ((u32) (tc->mrtt_us * THZ), 1);
468 /* As per RFC7323 TSecr can be used for RTTM only if the segment advances
469 * snd_una, i.e., the left side of the send window:
470 * seq_lt (tc->snd_una, ack). This is a condition for calling update_rtt */
471 else if (tcp_opts_tstamp (&tc->rcv_opts) && tc->rcv_opts.tsecr)
473 u32 now = tcp_time_now_w_thread (tc->c_thread_index);
474 mrtt = clib_max (now - tc->rcv_opts.tsecr, 1);
477 /* Ignore dubious measurements */
478 if (mrtt == 0 || mrtt > TCP_RTT_MAX)
481 tcp_estimate_rtt (tc, mrtt);
485 /* Allow measuring of a new RTT */
488 /* If we got here something must've been ACKed so make sure boff is 0,
489 * even if mrtt is not valid since we update the rto lower */
497 * Dequeue bytes for connections that have received acks in last burst
500 tcp_handle_postponed_dequeues (tcp_worker_ctx_t * wrk)
502 u32 thread_index = wrk->vm->thread_index;
503 u32 *pending_deq_acked;
504 tcp_connection_t *tc;
507 if (!vec_len (wrk->pending_deq_acked))
510 pending_deq_acked = wrk->pending_deq_acked;
511 for (i = 0; i < vec_len (pending_deq_acked); i++)
513 tc = tcp_connection_get (pending_deq_acked[i], thread_index);
514 tc->flags &= ~TCP_CONN_DEQ_PENDING;
516 /* Dequeue the newly ACKed bytes */
517 stream_session_dequeue_drop (&tc->connection, tc->burst_acked);
519 tcp_validate_txf_size (tc, tc->snd_una_max - tc->snd_una);
521 /* If everything has been acked, stop retransmit timer
522 * otherwise update. */
523 tcp_retransmit_timer_update (tc);
525 _vec_len (wrk->pending_deq_acked) = 0;
529 tcp_program_dequeue (tcp_worker_ctx_t * wrk, tcp_connection_t * tc)
531 if (!(tc->flags & TCP_CONN_DEQ_PENDING))
533 vec_add1 (wrk->pending_deq_acked, tc->c_c_index);
534 tc->flags |= TCP_CONN_DEQ_PENDING;
536 tc->burst_acked += tc->bytes_acked + tc->sack_sb.snd_una_adv;
540 * Check if duplicate ack as per RFC5681 Sec. 2
543 tcp_ack_is_dupack (tcp_connection_t * tc, vlib_buffer_t * b, u32 prev_snd_wnd,
546 return ((vnet_buffer (b)->tcp.ack_number == prev_snd_una)
547 && seq_gt (tc->snd_una_max, tc->snd_una)
548 && (vnet_buffer (b)->tcp.seq_end == vnet_buffer (b)->tcp.seq_number)
549 && (prev_snd_wnd == tc->snd_wnd));
553 * Checks if ack is a congestion control event.
556 tcp_ack_is_cc_event (tcp_connection_t * tc, vlib_buffer_t * b,
557 u32 prev_snd_wnd, u32 prev_snd_una, u8 * is_dack)
559 /* Check if ack is duplicate. Per RFC 6675, ACKs that SACK new data are
560 * defined to be 'duplicate' */
561 *is_dack = tc->sack_sb.last_sacked_bytes
562 || tcp_ack_is_dupack (tc, b, prev_snd_wnd, prev_snd_una);
564 return ((*is_dack || tcp_in_cong_recovery (tc)) && !tcp_is_lost_fin (tc));
568 scoreboard_hole_index (sack_scoreboard_t * sb, sack_scoreboard_hole_t * hole)
570 ASSERT (!pool_is_free_index (sb->holes, hole - sb->holes));
571 return hole - sb->holes;
575 scoreboard_hole_bytes (sack_scoreboard_hole_t * hole)
577 return hole->end - hole->start;
580 sack_scoreboard_hole_t *
581 scoreboard_get_hole (sack_scoreboard_t * sb, u32 index)
583 if (index != TCP_INVALID_SACK_HOLE_INDEX)
584 return pool_elt_at_index (sb->holes, index);
588 sack_scoreboard_hole_t *
589 scoreboard_next_hole (sack_scoreboard_t * sb, sack_scoreboard_hole_t * hole)
591 if (hole->next != TCP_INVALID_SACK_HOLE_INDEX)
592 return pool_elt_at_index (sb->holes, hole->next);
596 sack_scoreboard_hole_t *
597 scoreboard_prev_hole (sack_scoreboard_t * sb, sack_scoreboard_hole_t * hole)
599 if (hole->prev != TCP_INVALID_SACK_HOLE_INDEX)
600 return pool_elt_at_index (sb->holes, hole->prev);
604 sack_scoreboard_hole_t *
605 scoreboard_first_hole (sack_scoreboard_t * sb)
607 if (sb->head != TCP_INVALID_SACK_HOLE_INDEX)
608 return pool_elt_at_index (sb->holes, sb->head);
612 sack_scoreboard_hole_t *
613 scoreboard_last_hole (sack_scoreboard_t * sb)
615 if (sb->tail != TCP_INVALID_SACK_HOLE_INDEX)
616 return pool_elt_at_index (sb->holes, sb->tail);
621 scoreboard_remove_hole (sack_scoreboard_t * sb, sack_scoreboard_hole_t * hole)
623 sack_scoreboard_hole_t *next, *prev;
625 if (hole->next != TCP_INVALID_SACK_HOLE_INDEX)
627 next = pool_elt_at_index (sb->holes, hole->next);
628 next->prev = hole->prev;
632 sb->tail = hole->prev;
635 if (hole->prev != TCP_INVALID_SACK_HOLE_INDEX)
637 prev = pool_elt_at_index (sb->holes, hole->prev);
638 prev->next = hole->next;
642 sb->head = hole->next;
645 if (scoreboard_hole_index (sb, hole) == sb->cur_rxt_hole)
646 sb->cur_rxt_hole = TCP_INVALID_SACK_HOLE_INDEX;
648 /* Poison the entry */
650 clib_memset (hole, 0xfe, sizeof (*hole));
652 pool_put (sb->holes, hole);
655 static sack_scoreboard_hole_t *
656 scoreboard_insert_hole (sack_scoreboard_t * sb, u32 prev_index,
659 sack_scoreboard_hole_t *hole, *next, *prev;
662 pool_get (sb->holes, hole);
663 clib_memset (hole, 0, sizeof (*hole));
667 hole_index = scoreboard_hole_index (sb, hole);
669 prev = scoreboard_get_hole (sb, prev_index);
672 hole->prev = prev_index;
673 hole->next = prev->next;
675 if ((next = scoreboard_next_hole (sb, hole)))
676 next->prev = hole_index;
678 sb->tail = hole_index;
680 prev->next = hole_index;
684 sb->head = hole_index;
685 hole->prev = TCP_INVALID_SACK_HOLE_INDEX;
686 hole->next = TCP_INVALID_SACK_HOLE_INDEX;
693 scoreboard_update_bytes (tcp_connection_t * tc, sack_scoreboard_t * sb)
695 sack_scoreboard_hole_t *left, *right;
696 u32 bytes = 0, blks = 0;
699 sb->sacked_bytes = 0;
700 left = scoreboard_last_hole (sb);
704 if (seq_gt (sb->high_sacked, left->end))
706 bytes = sb->high_sacked - left->end;
710 while ((right = left)
711 && bytes < (TCP_DUPACK_THRESHOLD - 1) * tc->snd_mss
712 && blks < TCP_DUPACK_THRESHOLD
713 /* left not updated if above conditions fail */
714 && (left = scoreboard_prev_hole (sb, right)))
716 bytes += right->start - left->end;
720 /* left is first lost */
725 sb->lost_bytes += scoreboard_hole_bytes (right);
727 left = scoreboard_prev_hole (sb, right);
729 bytes += right->start - left->end;
731 while ((right = left));
734 sb->sacked_bytes = bytes;
738 * Figure out the next hole to retransmit
740 * Follows logic proposed in RFC6675 Sec. 4, NextSeg()
742 sack_scoreboard_hole_t *
743 scoreboard_next_rxt_hole (sack_scoreboard_t * sb,
744 sack_scoreboard_hole_t * start,
745 u8 have_unsent, u8 * can_rescue, u8 * snd_limited)
747 sack_scoreboard_hole_t *hole = 0;
749 hole = start ? start : scoreboard_first_hole (sb);
750 while (hole && seq_leq (hole->end, sb->high_rxt) && hole->is_lost)
751 hole = scoreboard_next_hole (sb, hole);
753 /* Nothing, return */
756 sb->cur_rxt_hole = TCP_INVALID_SACK_HOLE_INDEX;
760 /* Rule (1): if higher than rxt, less than high_sacked and lost */
761 if (hole->is_lost && seq_lt (hole->start, sb->high_sacked))
763 sb->cur_rxt_hole = scoreboard_hole_index (sb, hole);
767 /* Rule (2): available unsent data */
770 sb->cur_rxt_hole = TCP_INVALID_SACK_HOLE_INDEX;
773 /* Rule (3): if hole not lost */
774 else if (seq_lt (hole->start, sb->high_sacked))
777 sb->cur_rxt_hole = scoreboard_hole_index (sb, hole);
779 /* Rule (4): if hole beyond high_sacked */
782 ASSERT (seq_geq (hole->start, sb->high_sacked));
785 /* HighRxt MUST NOT be updated */
790 if (hole && seq_lt (sb->high_rxt, hole->start))
791 sb->high_rxt = hole->start;
797 scoreboard_init_high_rxt (sack_scoreboard_t * sb, u32 snd_una)
799 sack_scoreboard_hole_t *hole;
800 hole = scoreboard_first_hole (sb);
803 snd_una = seq_gt (snd_una, hole->start) ? snd_una : hole->start;
804 sb->cur_rxt_hole = sb->head;
806 sb->high_rxt = snd_una;
807 sb->rescue_rxt = snd_una - 1;
811 scoreboard_init (sack_scoreboard_t * sb)
813 sb->head = TCP_INVALID_SACK_HOLE_INDEX;
814 sb->tail = TCP_INVALID_SACK_HOLE_INDEX;
815 sb->cur_rxt_hole = TCP_INVALID_SACK_HOLE_INDEX;
819 scoreboard_clear (sack_scoreboard_t * sb)
821 sack_scoreboard_hole_t *hole;
822 while ((hole = scoreboard_first_hole (sb)))
824 scoreboard_remove_hole (sb, hole);
826 ASSERT (sb->head == sb->tail && sb->head == TCP_INVALID_SACK_HOLE_INDEX);
827 ASSERT (pool_elts (sb->holes) == 0);
828 sb->sacked_bytes = 0;
829 sb->last_sacked_bytes = 0;
830 sb->last_bytes_delivered = 0;
835 sb->cur_rxt_hole = TCP_INVALID_SACK_HOLE_INDEX;
839 * Test that scoreboard is sane after recovery
841 * Returns 1 if scoreboard is empty or if first hole beyond
845 tcp_scoreboard_is_sane_post_recovery (tcp_connection_t * tc)
847 sack_scoreboard_hole_t *hole;
848 hole = scoreboard_first_hole (&tc->sack_sb);
849 return (!hole || (seq_geq (hole->start, tc->snd_una)
850 && seq_lt (hole->end, tc->snd_una_max)));
854 tcp_rcv_sacks (tcp_connection_t * tc, u32 ack)
856 sack_scoreboard_t *sb = &tc->sack_sb;
857 sack_block_t *blk, tmp;
858 sack_scoreboard_hole_t *hole, *next_hole, *last_hole;
859 u32 blk_index = 0, old_sacked_bytes, hole_index;
862 sb->last_sacked_bytes = 0;
863 sb->last_bytes_delivered = 0;
866 if (!tcp_opts_sack (&tc->rcv_opts)
867 && sb->head == TCP_INVALID_SACK_HOLE_INDEX)
870 old_sacked_bytes = sb->sacked_bytes;
872 /* Remove invalid blocks */
873 blk = tc->rcv_opts.sacks;
874 while (blk < vec_end (tc->rcv_opts.sacks))
876 if (seq_lt (blk->start, blk->end)
877 && seq_gt (blk->start, tc->snd_una)
878 && seq_gt (blk->start, ack) && seq_leq (blk->end, tc->snd_una_max))
883 vec_del1 (tc->rcv_opts.sacks, blk - tc->rcv_opts.sacks);
886 /* Add block for cumulative ack */
887 if (seq_gt (ack, tc->snd_una))
889 tmp.start = tc->snd_una;
891 vec_add1 (tc->rcv_opts.sacks, tmp);
894 if (vec_len (tc->rcv_opts.sacks) == 0)
897 tcp_scoreboard_trace_add (tc, ack);
899 /* Make sure blocks are ordered */
900 for (i = 0; i < vec_len (tc->rcv_opts.sacks); i++)
901 for (j = i + 1; j < vec_len (tc->rcv_opts.sacks); j++)
902 if (seq_lt (tc->rcv_opts.sacks[j].start, tc->rcv_opts.sacks[i].start))
904 tmp = tc->rcv_opts.sacks[i];
905 tc->rcv_opts.sacks[i] = tc->rcv_opts.sacks[j];
906 tc->rcv_opts.sacks[j] = tmp;
909 if (sb->head == TCP_INVALID_SACK_HOLE_INDEX)
911 /* If no holes, insert the first that covers all outstanding bytes */
912 last_hole = scoreboard_insert_hole (sb, TCP_INVALID_SACK_HOLE_INDEX,
913 tc->snd_una, tc->snd_una_max);
914 sb->tail = scoreboard_hole_index (sb, last_hole);
915 tmp = tc->rcv_opts.sacks[vec_len (tc->rcv_opts.sacks) - 1];
916 sb->high_sacked = tmp.end;
920 /* If we have holes but snd_una_max is beyond the last hole, update
922 tmp = tc->rcv_opts.sacks[vec_len (tc->rcv_opts.sacks) - 1];
923 last_hole = scoreboard_last_hole (sb);
924 if (seq_gt (tc->snd_una_max, last_hole->end))
926 if (seq_geq (last_hole->start, sb->high_sacked))
928 last_hole->end = tc->snd_una_max;
930 /* New hole after high sacked block */
931 else if (seq_lt (sb->high_sacked, tc->snd_una_max))
933 scoreboard_insert_hole (sb, sb->tail, sb->high_sacked,
937 /* Keep track of max byte sacked for when the last hole
939 if (seq_gt (tmp.end, sb->high_sacked))
940 sb->high_sacked = tmp.end;
943 /* Walk the holes with the SACK blocks */
944 hole = pool_elt_at_index (sb->holes, sb->head);
945 while (hole && blk_index < vec_len (tc->rcv_opts.sacks))
947 blk = &tc->rcv_opts.sacks[blk_index];
948 if (seq_leq (blk->start, hole->start))
950 /* Block covers hole. Remove hole */
951 if (seq_geq (blk->end, hole->end))
953 next_hole = scoreboard_next_hole (sb, hole);
955 /* Byte accounting: snd_una needs to be advanced */
960 if (seq_lt (ack, next_hole->start))
961 sb->snd_una_adv = next_hole->start - ack;
962 sb->last_bytes_delivered +=
963 next_hole->start - hole->end;
967 ASSERT (seq_geq (sb->high_sacked, ack));
968 sb->snd_una_adv = sb->high_sacked - ack;
969 sb->last_bytes_delivered += sb->high_sacked - hole->end;
973 scoreboard_remove_hole (sb, hole);
976 /* Partial 'head' overlap */
979 if (seq_gt (blk->end, hole->start))
981 hole->start = blk->end;
988 /* Hole must be split */
989 if (seq_lt (blk->end, hole->end))
991 hole_index = scoreboard_hole_index (sb, hole);
992 next_hole = scoreboard_insert_hole (sb, hole_index, blk->end,
995 /* Pool might've moved */
996 hole = scoreboard_get_hole (sb, hole_index);
997 hole->end = blk->start;
999 ASSERT (hole->next == scoreboard_hole_index (sb, next_hole));
1001 else if (seq_lt (blk->start, hole->end))
1003 hole->end = blk->start;
1005 hole = scoreboard_next_hole (sb, hole);
1009 if (pool_elts (sb->holes) == 1)
1011 hole = scoreboard_first_hole (sb);
1012 if (hole->start == ack + sb->snd_una_adv
1013 && hole->end == tc->snd_una_max)
1014 scoreboard_remove_hole (sb, hole);
1017 scoreboard_update_bytes (tc, sb);
1018 sb->last_sacked_bytes = sb->sacked_bytes
1019 - (old_sacked_bytes - sb->last_bytes_delivered);
1020 ASSERT (sb->last_sacked_bytes <= sb->sacked_bytes || tcp_in_recovery (tc));
1021 ASSERT (sb->sacked_bytes == 0 || tcp_in_recovery (tc)
1022 || sb->sacked_bytes < tc->snd_una_max - seq_max (tc->snd_una, ack));
1023 ASSERT (sb->last_sacked_bytes + sb->lost_bytes <= tc->snd_una_max
1024 - seq_max (tc->snd_una, ack) || tcp_in_recovery (tc));
1025 ASSERT (sb->head == TCP_INVALID_SACK_HOLE_INDEX || tcp_in_recovery (tc)
1026 || sb->holes[sb->head].start == ack + sb->snd_una_adv);
1027 TCP_EVT_DBG (TCP_EVT_CC_SCOREBOARD, tc);
1031 * Try to update snd_wnd based on feedback received from peer.
1033 * If successful, and new window is 'effectively' 0, activate persist
1037 tcp_update_snd_wnd (tcp_connection_t * tc, u32 seq, u32 ack, u32 snd_wnd)
1039 /* If (SND.WL1 < SEG.SEQ or (SND.WL1 = SEG.SEQ and SND.WL2 =< SEG.ACK)), set
1040 * SND.WND <- SEG.WND, set SND.WL1 <- SEG.SEQ, and set SND.WL2 <- SEG.ACK */
1041 if (seq_lt (tc->snd_wl1, seq)
1042 || (tc->snd_wl1 == seq && seq_leq (tc->snd_wl2, ack)))
1044 tc->snd_wnd = snd_wnd;
1047 TCP_EVT_DBG (TCP_EVT_SND_WND, tc);
1049 if (PREDICT_FALSE (tc->snd_wnd < tc->snd_mss))
1051 /* Set persist timer if not set and we just got 0 wnd */
1052 if (!tcp_timer_is_active (tc, TCP_TIMER_PERSIST)
1053 && !tcp_timer_is_active (tc, TCP_TIMER_RETRANSMIT))
1054 tcp_persist_timer_set (tc);
1058 tcp_persist_timer_reset (tc);
1059 if (PREDICT_FALSE (!tcp_in_recovery (tc) && tc->rto_boff > 0))
1062 tcp_update_rto (tc);
1069 * Init loss recovery/fast recovery.
1071 * Triggered by dup acks as opposed to timer timeout. Note that cwnd is
1072 * updated in @ref tcp_cc_handle_event after fast retransmit
1075 tcp_cc_init_congestion (tcp_connection_t * tc)
1077 tcp_fastrecovery_on (tc);
1078 tc->snd_congestion = tc->snd_una_max;
1079 tc->cwnd_acc_bytes = 0;
1080 tc->snd_rxt_bytes = 0;
1081 tc->prev_ssthresh = tc->ssthresh;
1082 tc->prev_cwnd = tc->cwnd;
1083 tc->cc_algo->congestion (tc);
1084 TCP_EVT_DBG (TCP_EVT_CC_EVT, tc, 4);
1088 tcp_cc_recovery_exit (tcp_connection_t * tc)
1091 tcp_update_rto (tc);
1093 tc->snd_nxt = tc->snd_una_max;
1094 tcp_recovery_off (tc);
1095 TCP_EVT_DBG (TCP_EVT_CC_EVT, tc, 3);
1099 tcp_cc_fastrecovery_exit (tcp_connection_t * tc)
1101 tc->cc_algo->recovered (tc);
1102 tc->snd_rxt_bytes = 0;
1103 tc->rcv_dupacks = 0;
1104 tc->snd_nxt = tc->snd_una_max;
1105 tc->snd_rxt_bytes = 0;
1107 tcp_fastrecovery_off (tc);
1108 tcp_fastrecovery_1_smss_off (tc);
1109 tcp_fastrecovery_first_off (tc);
1111 TCP_EVT_DBG (TCP_EVT_CC_EVT, tc, 3);
1115 tcp_cc_congestion_undo (tcp_connection_t * tc)
1117 tc->cwnd = tc->prev_cwnd;
1118 tc->ssthresh = tc->prev_ssthresh;
1119 tc->snd_nxt = tc->snd_una_max;
1120 tc->rcv_dupacks = 0;
1121 if (tcp_in_recovery (tc))
1122 tcp_cc_recovery_exit (tc);
1123 else if (tcp_in_fastrecovery (tc))
1124 tcp_cc_fastrecovery_exit (tc);
1125 ASSERT (tc->rto_boff == 0);
1126 TCP_EVT_DBG (TCP_EVT_CC_EVT, tc, 5);
1130 tcp_cc_is_spurious_timeout_rxt (tcp_connection_t * tc)
1132 return (tcp_in_recovery (tc) && tc->rto_boff == 1
1134 && tcp_opts_tstamp (&tc->rcv_opts)
1135 && timestamp_lt (tc->rcv_opts.tsecr, tc->snd_rxt_ts));
1139 tcp_cc_is_spurious_fast_rxt (tcp_connection_t * tc)
1141 return (tcp_in_fastrecovery (tc)
1142 && tc->cwnd > tc->ssthresh + 3 * tc->snd_mss);
1146 tcp_cc_is_spurious_retransmit (tcp_connection_t * tc)
1148 return (tcp_cc_is_spurious_timeout_rxt (tc)
1149 || tcp_cc_is_spurious_fast_rxt (tc));
1153 tcp_cc_recover (tcp_connection_t * tc)
1155 ASSERT (tcp_in_cong_recovery (tc));
1156 if (tcp_cc_is_spurious_retransmit (tc))
1158 tcp_cc_congestion_undo (tc);
1162 if (tcp_in_recovery (tc))
1163 tcp_cc_recovery_exit (tc);
1164 else if (tcp_in_fastrecovery (tc))
1165 tcp_cc_fastrecovery_exit (tc);
1167 ASSERT (tc->rto_boff == 0);
1168 ASSERT (!tcp_in_cong_recovery (tc));
1169 ASSERT (tcp_scoreboard_is_sane_post_recovery (tc));
1174 tcp_cc_update (tcp_connection_t * tc, vlib_buffer_t * b)
1176 ASSERT (!tcp_in_cong_recovery (tc) || tcp_is_lost_fin (tc));
1178 /* Congestion avoidance */
1179 tcp_cc_rcv_ack (tc);
1181 /* If a cumulative ack, make sure dupacks is 0 */
1182 tc->rcv_dupacks = 0;
1184 /* When dupacks hits the threshold we only enter fast retransmit if
1185 * cumulative ack covers more than snd_congestion. Should snd_una
1186 * wrap this test may fail under otherwise valid circumstances.
1187 * Therefore, proactively update snd_congestion when wrap detected. */
1189 (seq_leq (tc->snd_congestion, tc->snd_una - tc->bytes_acked)
1190 && seq_gt (tc->snd_congestion, tc->snd_una)))
1191 tc->snd_congestion = tc->snd_una - 1;
1195 tcp_should_fastrecover_sack (tcp_connection_t * tc)
1197 return (TCP_DUPACK_THRESHOLD - 1) * tc->snd_mss < tc->sack_sb.sacked_bytes;
1201 tcp_should_fastrecover (tcp_connection_t * tc)
1203 return (tc->rcv_dupacks == TCP_DUPACK_THRESHOLD
1204 || tcp_should_fastrecover_sack (tc));
1208 tcp_program_fastretransmit (tcp_worker_ctx_t * wrk, tcp_connection_t * tc)
1210 if (!(tc->flags & TCP_CONN_FRXT_PENDING))
1212 vec_add1 (wrk->pending_fast_rxt, tc->c_c_index);
1213 tc->flags |= TCP_CONN_FRXT_PENDING;
1218 tcp_do_fastretransmits (tcp_worker_ctx_t * wrk)
1220 u32 *ongoing_fast_rxt, burst_bytes, sent_bytes, thread_index;
1221 u32 max_burst_size, burst_size, n_segs = 0, n_segs_now;
1222 tcp_connection_t *tc;
1226 if (vec_len (wrk->pending_fast_rxt) == 0
1227 && vec_len (wrk->postponed_fast_rxt) == 0)
1230 thread_index = wrk->vm->thread_index;
1231 last_cpu_time = wrk->vm->clib_time.last_cpu_time;
1232 ongoing_fast_rxt = wrk->ongoing_fast_rxt;
1233 vec_append (ongoing_fast_rxt, wrk->postponed_fast_rxt);
1234 vec_append (ongoing_fast_rxt, wrk->pending_fast_rxt);
1236 _vec_len (wrk->postponed_fast_rxt) = 0;
1237 _vec_len (wrk->pending_fast_rxt) = 0;
1239 max_burst_size = VLIB_FRAME_SIZE / vec_len (ongoing_fast_rxt);
1240 max_burst_size = clib_max (max_burst_size, 1);
1242 for (i = 0; i < vec_len (ongoing_fast_rxt); i++)
1244 if (n_segs >= VLIB_FRAME_SIZE)
1246 vec_add1 (wrk->postponed_fast_rxt, ongoing_fast_rxt[i]);
1250 tc = tcp_connection_get (ongoing_fast_rxt[i], thread_index);
1251 tc->flags &= ~TCP_CONN_FRXT_PENDING;
1253 if (!tcp_in_fastrecovery (tc))
1256 burst_size = clib_min (max_burst_size, VLIB_FRAME_SIZE - n_segs);
1257 burst_bytes = transport_connection_tx_pacer_burst (&tc->connection,
1259 burst_size = clib_min (burst_size, burst_bytes / tc->snd_mss);
1262 tcp_program_fastretransmit (wrk, tc);
1266 n_segs_now = tcp_fast_retransmit (wrk, tc, burst_size);
1267 sent_bytes = clib_min (n_segs_now * tc->snd_mss, burst_bytes);
1268 transport_connection_tx_pacer_update_bytes (&tc->connection,
1270 n_segs += n_segs_now;
1272 _vec_len (ongoing_fast_rxt) = 0;
1273 wrk->ongoing_fast_rxt = ongoing_fast_rxt;
1277 * One function to rule them all ... and in the darkness bind them
1280 tcp_cc_handle_event (tcp_connection_t * tc, u32 is_dack)
1284 if (tcp_in_fastrecovery (tc) && tcp_opts_sack_permitted (&tc->rcv_opts))
1286 if (tc->bytes_acked)
1288 tcp_program_fastretransmit (tcp_get_worker (tc->c_thread_index), tc);
1292 * Duplicate ACK. Check if we should enter fast recovery, or if already in
1293 * it account for the bytes that left the network.
1295 else if (is_dack && !tcp_in_recovery (tc))
1297 TCP_EVT_DBG (TCP_EVT_DUPACK_RCVD, tc, 1);
1298 ASSERT (tc->snd_una != tc->snd_una_max
1299 || tc->sack_sb.last_sacked_bytes);
1303 /* Pure duplicate ack. If some data got acked, it's handled lower */
1304 if (tc->rcv_dupacks > TCP_DUPACK_THRESHOLD && !tc->bytes_acked)
1306 ASSERT (tcp_in_fastrecovery (tc));
1307 tc->cc_algo->rcv_cong_ack (tc, TCP_CC_DUPACK);
1310 else if (tcp_should_fastrecover (tc))
1314 ASSERT (!tcp_in_fastrecovery (tc));
1316 /* Heuristic to catch potential late dupacks
1317 * after fast retransmit exits */
1318 if (is_dack && tc->snd_una == tc->snd_congestion
1319 && timestamp_leq (tc->rcv_opts.tsecr, tc->tsecr_last_ack))
1321 tc->rcv_dupacks = 0;
1325 tcp_cc_init_congestion (tc);
1326 tc->cc_algo->rcv_cong_ack (tc, TCP_CC_DUPACK);
1328 if (tcp_opts_sack_permitted (&tc->rcv_opts))
1330 tc->cwnd = tc->ssthresh;
1331 scoreboard_init_high_rxt (&tc->sack_sb, tc->snd_una);
1335 /* Post retransmit update cwnd to ssthresh and account for the
1336 * three segments that have left the network and should've been
1337 * buffered at the receiver XXX */
1338 tc->cwnd = tc->ssthresh + 3 * tc->snd_mss;
1341 /* Constrain rate until we get a partial ack */
1342 pacer_wnd = clib_max (0.1 * tc->cwnd, 2 * tc->snd_mss);
1343 tcp_connection_tx_pacer_reset (tc, pacer_wnd,
1344 0 /* start bucket */ );
1345 tcp_program_fastretransmit (tcp_get_worker (tc->c_thread_index),
1349 else if (!tc->bytes_acked
1350 || (tc->bytes_acked && !tcp_in_cong_recovery (tc)))
1352 tc->cc_algo->rcv_cong_ack (tc, TCP_CC_DUPACK);
1358 /* Don't allow entry in fast recovery if still in recovery, for now */
1359 else if (0 && is_dack && tcp_in_recovery (tc))
1361 /* If of of the two conditions lower hold, reset dupacks because
1362 * we're probably after timeout (RFC6582 heuristics).
1363 * If Cumulative ack does not cover more than congestion threshold,
1365 * 1) The following doesn't hold: The congestion window is greater
1366 * than SMSS bytes and the difference between highest_ack
1367 * and prev_highest_ack is at most 4*SMSS bytes
1368 * 2) Echoed timestamp in the last non-dup ack does not equal the
1371 if (seq_leq (tc->snd_una, tc->snd_congestion)
1372 && ((!(tc->cwnd > tc->snd_mss
1373 && tc->bytes_acked <= 4 * tc->snd_mss))
1374 || (tc->rcv_opts.tsecr != tc->tsecr_last_ack)))
1376 tc->rcv_dupacks = 0;
1381 if (!tc->bytes_acked)
1385 TCP_EVT_DBG (TCP_EVT_CC_PACK, tc);
1388 * Legitimate ACK. 1) See if we can exit recovery
1391 if (seq_geq (tc->snd_una, tc->snd_congestion))
1393 tcp_retransmit_timer_update (tc);
1395 /* If spurious return, we've already updated everything */
1396 if (tcp_cc_recover (tc))
1398 tc->tsecr_last_ack = tc->rcv_opts.tsecr;
1402 tc->snd_nxt = tc->snd_una_max;
1404 /* Treat as congestion avoidance ack */
1405 tcp_cc_rcv_ack (tc);
1410 * Legitimate ACK. 2) If PARTIAL ACK try to retransmit
1413 /* Update the pacing rate. For the first partial ack we move from
1414 * the artificially constrained rate to the one after congestion */
1415 tcp_connection_tx_pacer_update (tc);
1417 /* XXX limit this only to first partial ack? */
1418 tcp_retransmit_timer_force_update (tc);
1420 /* RFC6675: If the incoming ACK is a cumulative acknowledgment,
1421 * reset dupacks to 0. Also needed if in congestion recovery */
1422 tc->rcv_dupacks = 0;
1424 /* Post RTO timeout don't try anything fancy */
1425 if (tcp_in_recovery (tc))
1427 tcp_cc_rcv_ack (tc);
1428 transport_add_tx_event (&tc->connection);
1432 /* Remove retransmitted bytes that have been delivered */
1433 if (tcp_opts_sack_permitted (&tc->rcv_opts))
1435 ASSERT (tc->bytes_acked + tc->sack_sb.snd_una_adv
1436 >= tc->sack_sb.last_bytes_delivered
1437 || (tc->flags & TCP_CONN_FINSNT));
1439 /* If we have sacks and we haven't gotten an ack beyond high_rxt,
1440 * remove sacked bytes delivered */
1441 if (seq_lt (tc->snd_una, tc->sack_sb.high_rxt))
1443 rxt_delivered = tc->bytes_acked + tc->sack_sb.snd_una_adv
1444 - tc->sack_sb.last_bytes_delivered;
1445 ASSERT (tc->snd_rxt_bytes >= rxt_delivered);
1446 tc->snd_rxt_bytes -= rxt_delivered;
1450 /* Apparently all retransmitted holes have been acked */
1451 tc->snd_rxt_bytes = 0;
1452 tc->sack_sb.high_rxt = tc->snd_una;
1457 tcp_fastrecovery_first_on (tc);
1458 /* Reuse last bytes delivered to track total bytes acked */
1459 tc->sack_sb.last_bytes_delivered += tc->bytes_acked;
1460 if (tc->snd_rxt_bytes > tc->bytes_acked)
1461 tc->snd_rxt_bytes -= tc->bytes_acked;
1463 tc->snd_rxt_bytes = 0;
1466 tc->cc_algo->rcv_cong_ack (tc, TCP_CC_PARTIALACK);
1469 * Since this was a partial ack, try to retransmit some more data
1471 tcp_program_fastretransmit (tcp_get_worker (tc->c_thread_index), tc);
1475 * Process incoming ACK
1478 tcp_rcv_ack (tcp_worker_ctx_t * wrk, tcp_connection_t * tc, vlib_buffer_t * b,
1479 tcp_header_t * th, u32 * next, u32 * error)
1481 u32 prev_snd_wnd, prev_snd_una;
1484 TCP_EVT_DBG (TCP_EVT_CC_STAT, tc);
1486 /* If the ACK acks something not yet sent (SEG.ACK > SND.NXT) */
1487 if (PREDICT_FALSE (seq_gt (vnet_buffer (b)->tcp.ack_number, tc->snd_nxt)))
1489 /* When we entered recovery, we reset snd_nxt to snd_una. Seems peer
1490 * still has the data so accept the ack */
1491 if (tcp_in_recovery (tc)
1492 && seq_leq (vnet_buffer (b)->tcp.ack_number, tc->snd_congestion))
1494 tc->snd_nxt = vnet_buffer (b)->tcp.ack_number;
1495 if (seq_gt (tc->snd_nxt, tc->snd_una_max))
1496 tc->snd_una_max = tc->snd_nxt;
1500 /* If we have outstanding data and this is within the window, accept it,
1501 * probably retransmit has timed out. Otherwise ACK segment and then
1503 if (seq_gt (vnet_buffer (b)->tcp.ack_number, tc->snd_una_max))
1505 tcp_make_ack (tc, b);
1506 *next = tcp_next_output (tc->c_is_ip4);
1507 *error = TCP_ERROR_ACK_FUTURE;
1508 TCP_EVT_DBG (TCP_EVT_ACK_RCV_ERR, tc, 0,
1509 vnet_buffer (b)->tcp.ack_number);
1513 TCP_EVT_DBG (TCP_EVT_ACK_RCV_ERR, tc, 2,
1514 vnet_buffer (b)->tcp.ack_number);
1516 tc->snd_nxt = vnet_buffer (b)->tcp.ack_number;
1519 /* If old ACK, probably it's an old dupack */
1520 if (PREDICT_FALSE (seq_lt (vnet_buffer (b)->tcp.ack_number, tc->snd_una)))
1522 *error = TCP_ERROR_ACK_OLD;
1523 TCP_EVT_DBG (TCP_EVT_ACK_RCV_ERR, tc, 1,
1524 vnet_buffer (b)->tcp.ack_number);
1525 if (tcp_in_fastrecovery (tc) && tc->rcv_dupacks == TCP_DUPACK_THRESHOLD)
1526 tcp_cc_handle_event (tc, 1);
1527 /* Don't drop yet */
1532 * Looks okay, process feedback
1535 if (tcp_opts_sack_permitted (&tc->rcv_opts))
1536 tcp_rcv_sacks (tc, vnet_buffer (b)->tcp.ack_number);
1538 prev_snd_wnd = tc->snd_wnd;
1539 prev_snd_una = tc->snd_una;
1540 tcp_update_snd_wnd (tc, vnet_buffer (b)->tcp.seq_number,
1541 vnet_buffer (b)->tcp.ack_number,
1542 clib_net_to_host_u16 (th->window) << tc->snd_wscale);
1543 tc->bytes_acked = vnet_buffer (b)->tcp.ack_number - tc->snd_una;
1544 tc->snd_una = vnet_buffer (b)->tcp.ack_number + tc->sack_sb.snd_una_adv;
1545 tcp_validate_txf_size (tc, tc->bytes_acked);
1547 if (tc->bytes_acked)
1549 tcp_program_dequeue (wrk, tc);
1550 tcp_update_rtt (tc, vnet_buffer (b)->tcp.ack_number);
1553 TCP_EVT_DBG (TCP_EVT_ACK_RCVD, tc);
1556 * Check if we have congestion event
1559 if (tcp_ack_is_cc_event (tc, b, prev_snd_wnd, prev_snd_una, &is_dack))
1561 tcp_cc_handle_event (tc, is_dack);
1562 if (!tcp_in_cong_recovery (tc))
1564 *error = TCP_ERROR_ACK_DUP;
1565 if (vnet_buffer (b)->tcp.data_len || tcp_is_fin (th))
1571 * Update congestion control (slow start/congestion avoidance)
1573 tcp_cc_update (tc, b);
1574 *error = TCP_ERROR_ACK_OK;
1579 tcp_sack_vector_is_sane (sack_block_t * sacks)
1582 for (i = 1; i < vec_len (sacks); i++)
1584 if (sacks[i - 1].end == sacks[i].start)
1591 * Build SACK list as per RFC2018.
1593 * Makes sure the first block contains the segment that generated the current
1594 * ACK and the following ones are the ones most recently reported in SACK
1597 * @param tc TCP connection for which the SACK list is updated
1598 * @param start Start sequence number of the newest SACK block
1599 * @param end End sequence of the newest SACK block
1602 tcp_update_sack_list (tcp_connection_t * tc, u32 start, u32 end)
1604 sack_block_t *new_list = 0, *block = 0;
1607 /* If the first segment is ooo add it to the list. Last write might've moved
1608 * rcv_nxt over the first segment. */
1609 if (seq_lt (tc->rcv_nxt, start))
1611 vec_add2 (new_list, block, 1);
1612 block->start = start;
1616 /* Find the blocks still worth keeping. */
1617 for (i = 0; i < vec_len (tc->snd_sacks); i++)
1619 /* Discard if rcv_nxt advanced beyond current block */
1620 if (seq_leq (tc->snd_sacks[i].start, tc->rcv_nxt))
1623 /* Merge or drop if segment overlapped by the new segment */
1624 if (block && (seq_geq (tc->snd_sacks[i].end, new_list[0].start)
1625 && seq_leq (tc->snd_sacks[i].start, new_list[0].end)))
1627 if (seq_lt (tc->snd_sacks[i].start, new_list[0].start))
1628 new_list[0].start = tc->snd_sacks[i].start;
1629 if (seq_lt (new_list[0].end, tc->snd_sacks[i].end))
1630 new_list[0].end = tc->snd_sacks[i].end;
1634 /* Save to new SACK list if we have space. */
1635 if (vec_len (new_list) < TCP_MAX_SACK_BLOCKS)
1637 vec_add1 (new_list, tc->snd_sacks[i]);
1641 clib_warning ("sack discarded");
1645 ASSERT (vec_len (new_list) <= TCP_MAX_SACK_BLOCKS);
1647 /* Replace old vector with new one */
1648 vec_free (tc->snd_sacks);
1649 tc->snd_sacks = new_list;
1651 /* Segments should not 'touch' */
1652 ASSERT (tcp_sack_vector_is_sane (tc->snd_sacks));
1656 tcp_sack_list_bytes (tcp_connection_t * tc)
1659 for (i = 0; i < vec_len (tc->snd_sacks); i++)
1660 bytes += tc->snd_sacks[i].end - tc->snd_sacks[i].start;
1664 /** Enqueue data for delivery to application */
1666 tcp_session_enqueue_data (tcp_connection_t * tc, vlib_buffer_t * b,
1669 int written, error = TCP_ERROR_ENQUEUED;
1671 ASSERT (seq_geq (vnet_buffer (b)->tcp.seq_number, tc->rcv_nxt));
1673 written = session_enqueue_stream_connection (&tc->connection, b, 0,
1674 1 /* queue event */ , 1);
1676 TCP_EVT_DBG (TCP_EVT_INPUT, tc, 0, data_len, written);
1678 /* Update rcv_nxt */
1679 if (PREDICT_TRUE (written == data_len))
1681 tc->rcv_nxt += written;
1683 /* If more data written than expected, account for out-of-order bytes. */
1684 else if (written > data_len)
1686 tc->rcv_nxt += written;
1688 /* Send ACK confirming the update */
1689 tc->flags |= TCP_CONN_SNDACK;
1690 TCP_EVT_DBG (TCP_EVT_CC_INPUT, tc, data_len, written);
1692 else if (written > 0)
1694 /* We've written something but FIFO is probably full now */
1695 tc->rcv_nxt += written;
1697 /* Depending on how fast the app is, all remaining buffers in burst will
1698 * not be enqueued. Inform peer */
1699 tc->flags |= TCP_CONN_SNDACK;
1701 error = TCP_ERROR_PARTIALLY_ENQUEUED;
1705 tc->flags |= TCP_CONN_SNDACK;
1706 return TCP_ERROR_FIFO_FULL;
1709 /* Update SACK list if need be */
1710 if (tcp_opts_sack_permitted (&tc->rcv_opts))
1712 /* Remove SACK blocks that have been delivered */
1713 tcp_update_sack_list (tc, tc->rcv_nxt, tc->rcv_nxt);
1719 /** Enqueue out-of-order data */
1721 tcp_session_enqueue_ooo (tcp_connection_t * tc, vlib_buffer_t * b,
1724 stream_session_t *s0;
1727 ASSERT (seq_gt (vnet_buffer (b)->tcp.seq_number, tc->rcv_nxt));
1730 /* Enqueue out-of-order data with relative offset */
1731 rv = session_enqueue_stream_connection (&tc->connection, b,
1732 vnet_buffer (b)->tcp.seq_number -
1733 tc->rcv_nxt, 0 /* queue event */ ,
1736 /* Nothing written */
1739 TCP_EVT_DBG (TCP_EVT_INPUT, tc, 1, data_len, 0);
1740 return TCP_ERROR_FIFO_FULL;
1743 TCP_EVT_DBG (TCP_EVT_INPUT, tc, 1, data_len, data_len);
1745 /* Update SACK list if in use */
1746 if (tcp_opts_sack_permitted (&tc->rcv_opts))
1748 ooo_segment_t *newest;
1751 s0 = session_get (tc->c_s_index, tc->c_thread_index);
1753 /* Get the newest segment from the fifo */
1754 newest = svm_fifo_newest_ooo_segment (s0->server_rx_fifo);
1757 offset = ooo_segment_offset (s0->server_rx_fifo, newest);
1758 ASSERT (offset <= vnet_buffer (b)->tcp.seq_number - tc->rcv_nxt);
1759 start = tc->rcv_nxt + offset;
1760 end = start + ooo_segment_length (s0->server_rx_fifo, newest);
1761 tcp_update_sack_list (tc, start, end);
1762 svm_fifo_newest_ooo_segment_reset (s0->server_rx_fifo);
1763 TCP_EVT_DBG (TCP_EVT_CC_SACKS, tc);
1767 return TCP_ERROR_ENQUEUED_OOO;
1771 * Check if ACK could be delayed. If ack can be delayed, it should return
1772 * true for a full frame. If we're always acking return 0.
1775 tcp_can_delack (tcp_connection_t * tc)
1777 /* Send ack if ... */
1779 /* just sent a rcv wnd 0 */
1780 || (tc->flags & TCP_CONN_SENT_RCV_WND0) != 0
1781 /* constrained to send ack */
1782 || (tc->flags & TCP_CONN_SNDACK) != 0
1783 /* we're almost out of tx wnd */
1784 || tcp_available_cc_snd_space (tc) < 4 * tc->snd_mss)
1791 tcp_buffer_discard_bytes (vlib_buffer_t * b, u32 n_bytes_to_drop)
1793 u32 discard, first = b->current_length;
1794 vlib_main_t *vm = vlib_get_main ();
1796 /* Handle multi-buffer segments */
1797 if (n_bytes_to_drop > b->current_length)
1799 if (!(b->flags & VLIB_BUFFER_NEXT_PRESENT))
1803 discard = clib_min (n_bytes_to_drop, b->current_length);
1804 vlib_buffer_advance (b, discard);
1805 b = vlib_get_buffer (vm, b->next_buffer);
1806 n_bytes_to_drop -= discard;
1808 while (n_bytes_to_drop);
1809 if (n_bytes_to_drop > first)
1810 b->total_length_not_including_first_buffer -= n_bytes_to_drop - first;
1813 vlib_buffer_advance (b, n_bytes_to_drop);
1814 vnet_buffer (b)->tcp.data_len -= n_bytes_to_drop;
1819 * Receive buffer for connection and handle acks
1821 * It handles both in order or out-of-order data.
1824 tcp_segment_rcv (tcp_connection_t * tc, vlib_buffer_t * b, u32 * next0)
1826 u32 error, n_bytes_to_drop, n_data_bytes;
1828 vlib_buffer_advance (b, vnet_buffer (b)->tcp.data_offset);
1829 n_data_bytes = vnet_buffer (b)->tcp.data_len;
1830 ASSERT (n_data_bytes);
1832 /* Handle out-of-order data */
1833 if (PREDICT_FALSE (vnet_buffer (b)->tcp.seq_number != tc->rcv_nxt))
1835 /* Old sequence numbers allowed through because they overlapped
1837 if (seq_lt (vnet_buffer (b)->tcp.seq_number, tc->rcv_nxt))
1839 /* Completely in the past (possible retransmit). Ack
1840 * retransmissions since we may not have any data to send */
1841 if (seq_leq (vnet_buffer (b)->tcp.seq_end, tc->rcv_nxt))
1843 tcp_make_ack (tc, b);
1844 error = TCP_ERROR_SEGMENT_OLD;
1845 *next0 = tcp_next_output (tc->c_is_ip4);
1849 /* Chop off the bytes in the past and see if what is left
1850 * can be enqueued in order */
1851 n_bytes_to_drop = tc->rcv_nxt - vnet_buffer (b)->tcp.seq_number;
1852 n_data_bytes -= n_bytes_to_drop;
1853 vnet_buffer (b)->tcp.seq_number = tc->rcv_nxt;
1854 if (tcp_buffer_discard_bytes (b, n_bytes_to_drop))
1856 error = TCP_ERROR_SEGMENT_OLD;
1857 *next0 = tcp_next_drop (tc->c_is_ip4);
1863 /* RFC2581: Enqueue and send DUPACK for fast retransmit */
1864 error = tcp_session_enqueue_ooo (tc, b, n_data_bytes);
1865 *next0 = tcp_next_output (tc->c_is_ip4);
1866 tcp_make_ack (tc, b);
1867 vnet_buffer (b)->tcp.flags = TCP_BUF_FLAG_DUPACK;
1868 TCP_EVT_DBG (TCP_EVT_DUPACK_SENT, tc, vnet_buffer (b)->tcp);
1874 /* In order data, enqueue. Fifo figures out by itself if any out-of-order
1875 * segments can be enqueued after fifo tail offset changes. */
1876 error = tcp_session_enqueue_data (tc, b, n_data_bytes);
1877 if (tcp_can_delack (tc))
1879 *next0 = tcp_next_drop (tc->c_is_ip4);
1880 if (!tcp_timer_is_active (tc, TCP_TIMER_DELACK))
1881 tcp_timer_set (tc, TCP_TIMER_DELACK, TCP_DELACK_TIME);
1885 *next0 = tcp_next_output (tc->c_is_ip4);
1886 tcp_make_ack (tc, b);
1894 tcp_header_t tcp_header;
1895 tcp_connection_t tcp_connection;
1899 format_tcp_rx_trace (u8 * s, va_list * args)
1901 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1902 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1903 tcp_rx_trace_t *t = va_arg (*args, tcp_rx_trace_t *);
1904 u32 indent = format_get_indent (s);
1906 s = format (s, "%U\n%U%U",
1907 format_tcp_header, &t->tcp_header, 128,
1908 format_white_space, indent,
1909 format_tcp_connection, &t->tcp_connection, 1);
1915 format_tcp_rx_trace_short (u8 * s, va_list * args)
1917 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1918 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1919 tcp_rx_trace_t *t = va_arg (*args, tcp_rx_trace_t *);
1921 s = format (s, "%d -> %d (%U)",
1922 clib_net_to_host_u16 (t->tcp_header.dst_port),
1923 clib_net_to_host_u16 (t->tcp_header.src_port), format_tcp_state,
1924 t->tcp_connection.state);
1930 tcp_set_rx_trace_data (tcp_rx_trace_t * t0, tcp_connection_t * tc0,
1931 tcp_header_t * th0, vlib_buffer_t * b0, u8 is_ip4)
1935 clib_memcpy (&t0->tcp_connection, tc0, sizeof (t0->tcp_connection));
1939 th0 = tcp_buffer_hdr (b0);
1941 clib_memcpy (&t0->tcp_header, th0, sizeof (t0->tcp_header));
1945 tcp_established_trace_frame (vlib_main_t * vm, vlib_node_runtime_t * node,
1946 vlib_frame_t * frame, u8 is_ip4)
1950 n_left = frame->n_vectors;
1951 from = vlib_frame_vector_args (frame);
1955 tcp_connection_t *tc0;
1962 b0 = vlib_get_buffer (vm, bi0);
1964 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1966 t0 = vlib_add_trace (vm, node, b0, sizeof (*t0));
1967 tc0 = tcp_connection_get (vnet_buffer (b0)->tcp.connection_index,
1969 th0 = tcp_buffer_hdr (b0);
1970 tcp_set_rx_trace_data (t0, tc0, th0, b0, is_ip4);
1979 tcp_node_inc_counter_i (vlib_main_t * vm, u32 tcp4_node, u32 tcp6_node,
1980 u8 is_ip4, u32 evt, u32 val)
1983 vlib_node_increment_counter (vm, tcp4_node, evt, val);
1985 vlib_node_increment_counter (vm, tcp6_node, evt, val);
1988 #define tcp_maybe_inc_counter(node_id, err, count) \
1990 if (next0 != tcp_next_drop (is_ip4)) \
1991 tcp_node_inc_counter_i (vm, tcp4_##node_id##_node.index, \
1992 tcp6_##node_id##_node.index, is_ip4, err, \
1995 #define tcp_inc_counter(node_id, err, count) \
1996 tcp_node_inc_counter_i (vm, tcp4_##node_id##_node.index, \
1997 tcp6_##node_id##_node.index, is_ip4, \
1999 #define tcp_maybe_inc_err_counter(cnts, err) \
2001 cnts[err] += (next0 != tcp_next_drop (is_ip4)); \
2003 #define tcp_inc_err_counter(cnts, err, val) \
2007 #define tcp_store_err_counters(node_id, cnts) \
2010 for (i = 0; i < TCP_N_ERROR; i++) \
2012 tcp_inc_counter(node_id, i, cnts[i]); \
2017 tcp46_established_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
2018 vlib_frame_t * frame, int is_ip4)
2020 u32 thread_index = vm->thread_index, errors = 0;
2021 tcp_worker_ctx_t *wrk = tcp_get_worker (thread_index);
2022 u32 n_left_from, next_index, *from, *to_next;
2023 u16 err_counters[TCP_N_ERROR] = { 0 };
2026 if (node->flags & VLIB_NODE_FLAG_TRACE)
2027 tcp_established_trace_frame (vm, node, frame, is_ip4);
2029 from = vlib_frame_vector_args (frame);
2030 n_left_from = frame->n_vectors;
2031 next_index = node->cached_next_index;
2033 while (n_left_from > 0)
2037 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2038 while (n_left_from > 0 && n_left_to_next > 0)
2042 tcp_header_t *th0 = 0;
2043 tcp_connection_t *tc0;
2044 u32 next0 = tcp_next_drop (is_ip4), error0 = TCP_ERROR_ACK_OK;
2046 if (n_left_from > 1)
2049 pb = vlib_get_buffer (vm, from[1]);
2050 vlib_prefetch_buffer_header (pb, LOAD);
2051 CLIB_PREFETCH (pb->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
2059 n_left_to_next -= 1;
2061 b0 = vlib_get_buffer (vm, bi0);
2062 tc0 = tcp_connection_get (vnet_buffer (b0)->tcp.connection_index,
2065 if (PREDICT_FALSE (tc0 == 0))
2067 error0 = TCP_ERROR_INVALID_CONNECTION;
2071 th0 = tcp_buffer_hdr (b0);
2072 /* N.B. buffer is rewritten if segment is ooo. Thus, th0 becomes a
2073 * dangling reference. */
2074 is_fin = tcp_is_fin (th0);
2076 /* SYNs, FINs and data consume sequence numbers */
2077 vnet_buffer (b0)->tcp.seq_end = vnet_buffer (b0)->tcp.seq_number
2078 + tcp_is_syn (th0) + is_fin + vnet_buffer (b0)->tcp.data_len;
2080 /* TODO header prediction fast path */
2082 /* 1-4: check SEQ, RST, SYN */
2083 if (PREDICT_FALSE (tcp_segment_validate (vm, tc0, b0, th0, &next0,
2086 tcp_maybe_inc_err_counter (err_counters, error0);
2087 TCP_EVT_DBG (TCP_EVT_SEG_INVALID, tc0, vnet_buffer (b0)->tcp);
2091 /* 5: check the ACK field */
2092 if (PREDICT_FALSE (tcp_rcv_ack (wrk, tc0, b0, th0, &next0,
2095 tcp_maybe_inc_err_counter (err_counters, error0);
2099 /* 6: check the URG bit TODO */
2101 /* 7: process the segment text */
2102 if (vnet_buffer (b0)->tcp.data_len)
2104 error0 = tcp_segment_rcv (tc0, b0, &next0);
2105 tcp_maybe_inc_err_counter (err_counters, error0);
2108 /* 8: check the FIN bit */
2109 if (PREDICT_FALSE (is_fin))
2111 /* Enter CLOSE-WAIT and notify session. To avoid lingering
2112 * in CLOSE-WAIT, set timer (reuse WAITCLOSE). */
2113 /* Account for the FIN if nothing else was received */
2114 if (vnet_buffer (b0)->tcp.data_len == 0)
2116 tcp_make_ack (tc0, b0);
2117 next0 = tcp_next_output (tc0->c_is_ip4);
2118 tc0->state = TCP_STATE_CLOSE_WAIT;
2119 stream_session_disconnect_notify (&tc0->connection);
2120 tcp_timer_update (tc0, TCP_TIMER_WAITCLOSE, TCP_CLOSEWAIT_TIME);
2121 TCP_EVT_DBG (TCP_EVT_FIN_RCVD, tc0);
2122 tcp_inc_err_counter (err_counters, TCP_ERROR_FIN_RCVD, 1);
2126 b0->error = node->errors[error0];
2127 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
2128 n_left_to_next, bi0, next0);
2131 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2134 errors = session_manager_flush_enqueue_events (TRANSPORT_PROTO_TCP,
2136 err_counters[TCP_ERROR_EVENT_FIFO_FULL] = errors;
2137 tcp_store_err_counters (established, err_counters);
2138 tcp_handle_postponed_dequeues (wrk);
2139 tcp_flush_frame_to_output (wrk, is_ip4);
2141 return frame->n_vectors;
2145 tcp4_established (vlib_main_t * vm, vlib_node_runtime_t * node,
2146 vlib_frame_t * from_frame)
2148 return tcp46_established_inline (vm, node, from_frame, 1 /* is_ip4 */ );
2152 tcp6_established (vlib_main_t * vm, vlib_node_runtime_t * node,
2153 vlib_frame_t * from_frame)
2155 return tcp46_established_inline (vm, node, from_frame, 0 /* is_ip4 */ );
2159 VLIB_REGISTER_NODE (tcp4_established_node) =
2161 .function = tcp4_established,
2162 .name = "tcp4-established",
2163 /* Takes a vector of packets. */
2164 .vector_size = sizeof (u32),
2165 .n_errors = TCP_N_ERROR,
2166 .error_strings = tcp_error_strings,
2167 .n_next_nodes = TCP_ESTABLISHED_N_NEXT,
2170 #define _(s,n) [TCP_ESTABLISHED_NEXT_##s] = n,
2171 foreach_tcp_state_next
2174 .format_trace = format_tcp_rx_trace_short,
2178 VLIB_NODE_FUNCTION_MULTIARCH (tcp4_established_node, tcp4_established);
2181 VLIB_REGISTER_NODE (tcp6_established_node) =
2183 .function = tcp6_established,
2184 .name = "tcp6-established",
2185 /* Takes a vector of packets. */
2186 .vector_size = sizeof (u32),
2187 .n_errors = TCP_N_ERROR,
2188 .error_strings = tcp_error_strings,
2189 .n_next_nodes = TCP_ESTABLISHED_N_NEXT,
2192 #define _(s,n) [TCP_ESTABLISHED_NEXT_##s] = n,
2193 foreach_tcp_state_next
2196 .format_trace = format_tcp_rx_trace_short,
2201 VLIB_NODE_FUNCTION_MULTIARCH (tcp6_established_node, tcp6_established);
2203 vlib_node_registration_t tcp4_syn_sent_node;
2204 vlib_node_registration_t tcp6_syn_sent_node;
2207 tcp_lookup_is_valid (tcp_connection_t * tc, tcp_header_t * hdr)
2209 transport_connection_t *tmp = 0;
2216 if (tc->c_lcl_port == 0 && tc->state == TCP_STATE_LISTEN)
2219 u8 is_valid = (tc->c_lcl_port == hdr->dst_port
2220 && (tc->state == TCP_STATE_LISTEN
2221 || tc->c_rmt_port == hdr->src_port));
2225 handle = session_lookup_half_open_handle (&tc->connection);
2226 tmp = session_lookup_half_open_connection (handle & 0xFFFFFFFF,
2227 tc->c_proto, tc->c_is_ip4);
2231 if (tmp->lcl_port == hdr->dst_port
2232 && tmp->rmt_port == hdr->src_port)
2234 TCP_DBG ("half-open is valid!");
2242 * Lookup transport connection
2244 static tcp_connection_t *
2245 tcp_lookup_connection (u32 fib_index, vlib_buffer_t * b, u8 thread_index,
2249 transport_connection_t *tconn;
2250 tcp_connection_t *tc;
2255 ip4 = vlib_buffer_get_current (b);
2256 tcp = ip4_next_header (ip4);
2257 tconn = session_lookup_connection_wt4 (fib_index,
2262 TRANSPORT_PROTO_TCP,
2263 thread_index, &is_filtered);
2264 tc = tcp_get_connection_from_transport (tconn);
2265 ASSERT (tcp_lookup_is_valid (tc, tcp));
2270 ip6 = vlib_buffer_get_current (b);
2271 tcp = ip6_next_header (ip6);
2272 tconn = session_lookup_connection_wt6 (fib_index,
2277 TRANSPORT_PROTO_TCP,
2278 thread_index, &is_filtered);
2279 tc = tcp_get_connection_from_transport (tconn);
2280 ASSERT (tcp_lookup_is_valid (tc, tcp));
2286 tcp46_syn_sent_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
2287 vlib_frame_t * from_frame, int is_ip4)
2289 tcp_main_t *tm = vnet_get_tcp_main ();
2290 u32 n_left_from, next_index, *from, *to_next;
2291 u32 my_thread_index = vm->thread_index, errors = 0;
2293 from = vlib_frame_vector_args (from_frame);
2294 n_left_from = from_frame->n_vectors;
2296 next_index = node->cached_next_index;
2298 while (n_left_from > 0)
2302 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2304 while (n_left_from > 0 && n_left_to_next > 0)
2306 u32 bi0, ack0, seq0;
2309 tcp_header_t *tcp0 = 0;
2310 tcp_connection_t *tc0;
2311 tcp_connection_t *new_tc0;
2312 u32 next0 = tcp_next_drop (is_ip4), error0 = TCP_ERROR_ENQUEUED;
2319 n_left_to_next -= 1;
2321 b0 = vlib_get_buffer (vm, bi0);
2323 tcp_half_open_connection_get (vnet_buffer (b0)->
2324 tcp.connection_index);
2325 if (PREDICT_FALSE (tc0 == 0))
2327 error0 = TCP_ERROR_INVALID_CONNECTION;
2331 /* Half-open completed recently but the connection was't removed
2332 * yet by the owning thread */
2333 if (PREDICT_FALSE (tc0->flags & TCP_CONN_HALF_OPEN_DONE))
2335 /* Make sure the connection actually exists */
2336 ASSERT (tcp_lookup_connection (tc0->c_fib_index, b0,
2337 my_thread_index, is_ip4));
2341 ack0 = vnet_buffer (b0)->tcp.ack_number;
2342 seq0 = vnet_buffer (b0)->tcp.seq_number;
2343 tcp0 = tcp_buffer_hdr (b0);
2345 /* Crude check to see if the connection handle does not match
2346 * the packet. Probably connection just switched to established */
2347 if (PREDICT_FALSE (tcp0->dst_port != tc0->c_lcl_port
2348 || tcp0->src_port != tc0->c_rmt_port))
2352 (!tcp_ack (tcp0) && !tcp_rst (tcp0) && !tcp_syn (tcp0)))
2355 /* SYNs, FINs and data consume sequence numbers */
2356 vnet_buffer (b0)->tcp.seq_end = seq0 + tcp_is_syn (tcp0)
2357 + tcp_is_fin (tcp0) + vnet_buffer (b0)->tcp.data_len;
2360 * 1. check the ACK bit
2364 * If the ACK bit is set
2365 * If SEG.ACK =< ISS, or SEG.ACK > SND.NXT, send a reset (unless
2366 * the RST bit is set, if so drop the segment and return)
2367 * <SEQ=SEG.ACK><CTL=RST>
2368 * and discard the segment. Return.
2369 * If SND.UNA =< SEG.ACK =< SND.NXT then the ACK is acceptable.
2373 if (seq_leq (ack0, tc0->iss) || seq_gt (ack0, tc0->snd_nxt))
2375 clib_warning ("ack not in rcv wnd");
2376 if (!tcp_rst (tcp0))
2377 tcp_send_reset_w_pkt (tc0, b0, is_ip4);
2381 /* Make sure ACK is valid */
2382 if (seq_gt (tc0->snd_una, ack0))
2384 clib_warning ("ack invalid");
2390 * 2. check the RST bit
2395 /* If ACK is acceptable, signal client that peer is not
2396 * willing to accept connection and drop connection*/
2398 tcp_connection_reset (tc0);
2403 * 3. check the security and precedence (skipped)
2407 * 4. check the SYN bit
2410 /* No SYN flag. Drop. */
2411 if (!tcp_syn (tcp0))
2413 clib_warning ("not synack");
2418 if (tcp_options_parse (tcp0, &tc0->rcv_opts))
2420 clib_warning ("options parse fail");
2424 /* Valid SYN or SYN-ACK. Move connection from half-open pool to
2425 * current thread pool. */
2426 pool_get (tm->connections[my_thread_index], new_tc0);
2427 clib_memcpy (new_tc0, tc0, sizeof (*new_tc0));
2428 new_tc0->c_c_index = new_tc0 - tm->connections[my_thread_index];
2429 new_tc0->c_thread_index = my_thread_index;
2430 new_tc0->rcv_nxt = vnet_buffer (b0)->tcp.seq_end;
2431 new_tc0->irs = seq0;
2432 new_tc0->timers[TCP_TIMER_ESTABLISH] = TCP_TIMER_HANDLE_INVALID;
2433 new_tc0->timers[TCP_TIMER_RETRANSMIT_SYN] =
2434 TCP_TIMER_HANDLE_INVALID;
2435 new_tc0->sw_if_index = vnet_buffer (b0)->sw_if_index[VLIB_RX];
2437 /* If this is not the owning thread, wait for syn retransmit to
2438 * expire and cleanup then */
2439 if (tcp_half_open_connection_cleanup (tc0))
2440 tc0->flags |= TCP_CONN_HALF_OPEN_DONE;
2442 if (tcp_opts_tstamp (&new_tc0->rcv_opts))
2444 new_tc0->tsval_recent = new_tc0->rcv_opts.tsval;
2445 new_tc0->tsval_recent_age = tcp_time_now ();
2448 if (tcp_opts_wscale (&new_tc0->rcv_opts))
2449 new_tc0->snd_wscale = new_tc0->rcv_opts.wscale;
2451 new_tc0->snd_wnd = clib_net_to_host_u16 (tcp0->window)
2452 << new_tc0->snd_wscale;
2453 new_tc0->snd_wl1 = seq0;
2454 new_tc0->snd_wl2 = ack0;
2456 tcp_connection_init_vars (new_tc0);
2458 /* SYN-ACK: See if we can switch to ESTABLISHED state */
2459 if (PREDICT_TRUE (tcp_ack (tcp0)))
2461 /* Our SYN is ACKed: we have iss < ack = snd_una */
2463 /* TODO Dequeue acknowledged segments if we support Fast Open */
2464 new_tc0->snd_una = ack0;
2465 new_tc0->state = TCP_STATE_ESTABLISHED;
2467 /* Make sure las is initialized for the wnd computation */
2468 new_tc0->rcv_las = new_tc0->rcv_nxt;
2470 /* Notify app that we have connection. If session layer can't
2471 * allocate session send reset */
2472 if (session_stream_connect_notify (&new_tc0->connection, 0))
2474 clib_warning ("connect notify fail");
2475 tcp_send_reset_w_pkt (new_tc0, b0, is_ip4);
2476 tcp_connection_cleanup (new_tc0);
2480 /* Make sure after data segment processing ACK is sent */
2481 new_tc0->flags |= TCP_CONN_SNDACK;
2483 /* Update rtt with the syn-ack sample */
2484 tcp_update_rtt (new_tc0, vnet_buffer (b0)->tcp.ack_number);
2485 TCP_EVT_DBG (TCP_EVT_SYNACK_RCVD, new_tc0);
2487 /* SYN: Simultaneous open. Change state to SYN-RCVD and send SYN-ACK */
2490 new_tc0->state = TCP_STATE_SYN_RCVD;
2492 /* Notify app that we have connection */
2493 if (session_stream_connect_notify (&new_tc0->connection, 0))
2495 tcp_connection_cleanup (new_tc0);
2496 tcp_send_reset_w_pkt (tc0, b0, is_ip4);
2497 TCP_EVT_DBG (TCP_EVT_RST_SENT, tc0);
2502 tcp_init_snd_vars (tc0);
2503 tcp_make_synack (new_tc0, b0);
2504 next0 = tcp_next_output (is_ip4);
2509 /* Read data, if any */
2510 if (PREDICT_FALSE (vnet_buffer (b0)->tcp.data_len))
2512 clib_warning ("rcvd data in syn-sent");
2513 error0 = tcp_segment_rcv (new_tc0, b0, &next0);
2514 if (error0 == TCP_ERROR_ACK_OK)
2515 error0 = TCP_ERROR_SYN_ACKS_RCVD;
2516 tcp_maybe_inc_counter (syn_sent, error0, 1);
2520 tcp_make_ack (new_tc0, b0);
2521 next0 = tcp_next_output (new_tc0->c_is_ip4);
2526 b0->error = error0 ? node->errors[error0] : 0;
2528 ((b0->flags & VLIB_BUFFER_IS_TRACED) && tcp0 != 0))
2530 t0 = vlib_add_trace (vm, node, b0, sizeof (*t0));
2531 clib_memcpy (&t0->tcp_header, tcp0, sizeof (t0->tcp_header));
2532 clib_memcpy (&t0->tcp_connection, tc0,
2533 sizeof (t0->tcp_connection));
2536 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
2537 n_left_to_next, bi0, next0);
2540 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2543 errors = session_manager_flush_enqueue_events (TRANSPORT_PROTO_TCP,
2545 tcp_inc_counter (syn_sent, TCP_ERROR_EVENT_FIFO_FULL, errors);
2546 return from_frame->n_vectors;
2550 tcp4_syn_sent (vlib_main_t * vm, vlib_node_runtime_t * node,
2551 vlib_frame_t * from_frame)
2553 return tcp46_syn_sent_inline (vm, node, from_frame, 1 /* is_ip4 */ );
2557 tcp6_syn_sent_rcv (vlib_main_t * vm, vlib_node_runtime_t * node,
2558 vlib_frame_t * from_frame)
2560 return tcp46_syn_sent_inline (vm, node, from_frame, 0 /* is_ip4 */ );
2564 VLIB_REGISTER_NODE (tcp4_syn_sent_node) =
2566 .function = tcp4_syn_sent,
2567 .name = "tcp4-syn-sent",
2568 /* Takes a vector of packets. */
2569 .vector_size = sizeof (u32),
2570 .n_errors = TCP_N_ERROR,
2571 .error_strings = tcp_error_strings,
2572 .n_next_nodes = TCP_SYN_SENT_N_NEXT,
2575 #define _(s,n) [TCP_SYN_SENT_NEXT_##s] = n,
2576 foreach_tcp_state_next
2579 .format_trace = format_tcp_rx_trace_short,
2583 VLIB_NODE_FUNCTION_MULTIARCH (tcp4_syn_sent_node, tcp4_syn_sent);
2586 VLIB_REGISTER_NODE (tcp6_syn_sent_node) =
2588 .function = tcp6_syn_sent_rcv,
2589 .name = "tcp6-syn-sent",
2590 /* Takes a vector of packets. */
2591 .vector_size = sizeof (u32),
2592 .n_errors = TCP_N_ERROR,
2593 .error_strings = tcp_error_strings,
2594 .n_next_nodes = TCP_SYN_SENT_N_NEXT,
2597 #define _(s,n) [TCP_SYN_SENT_NEXT_##s] = n,
2598 foreach_tcp_state_next
2601 .format_trace = format_tcp_rx_trace_short,
2605 VLIB_NODE_FUNCTION_MULTIARCH (tcp6_syn_sent_node, tcp6_syn_sent_rcv);
2607 vlib_node_registration_t tcp4_rcv_process_node;
2608 vlib_node_registration_t tcp6_rcv_process_node;
2611 * Handles reception for all states except LISTEN, SYN-SENT and ESTABLISHED
2612 * as per RFC793 p. 64
2615 tcp46_rcv_process_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
2616 vlib_frame_t * from_frame, int is_ip4)
2618 u32 n_left_from, next_index, *from, *to_next, n_fins = 0;
2619 u32 my_thread_index = vm->thread_index, errors = 0;
2620 tcp_worker_ctx_t *wrk = tcp_get_worker (my_thread_index);
2622 from = vlib_frame_vector_args (from_frame);
2623 n_left_from = from_frame->n_vectors;
2624 next_index = node->cached_next_index;
2626 while (n_left_from > 0)
2630 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2632 while (n_left_from > 0 && n_left_to_next > 0)
2636 tcp_header_t *tcp0 = 0;
2637 tcp_connection_t *tc0;
2638 u32 next0 = tcp_next_drop (is_ip4), error0 = TCP_ERROR_NONE;
2646 n_left_to_next -= 1;
2648 b0 = vlib_get_buffer (vm, bi0);
2649 tc0 = tcp_connection_get (vnet_buffer (b0)->tcp.connection_index,
2651 if (PREDICT_FALSE (tc0 == 0))
2653 error0 = TCP_ERROR_INVALID_CONNECTION;
2657 tcp0 = tcp_buffer_hdr (b0);
2658 is_fin0 = tcp_is_fin (tcp0);
2660 /* SYNs, FINs and data consume sequence numbers */
2661 vnet_buffer (b0)->tcp.seq_end = vnet_buffer (b0)->tcp.seq_number
2662 + tcp_is_syn (tcp0) + is_fin0 + vnet_buffer (b0)->tcp.data_len;
2666 tcp_connection_t *tmp;
2667 tmp = tcp_lookup_connection (tc0->c_fib_index, b0,
2668 my_thread_index, is_ip4);
2669 if (tmp->state != tc0->state)
2671 clib_warning ("state changed");
2677 * Special treatment for CLOSED
2679 if (PREDICT_FALSE (tc0->state == TCP_STATE_CLOSED))
2681 error0 = TCP_ERROR_CONNECTION_CLOSED;
2686 * For all other states (except LISTEN)
2689 /* 1-4: check SEQ, RST, SYN */
2690 if (PREDICT_FALSE (tcp_segment_validate (vm, tc0, b0, tcp0,
2693 tcp_maybe_inc_counter (rcv_process, error0, 1);
2697 /* 5: check the ACK field */
2700 case TCP_STATE_SYN_RCVD:
2702 * If the segment acknowledgment is not acceptable, form a
2704 * <SEQ=SEG.ACK><CTL=RST>
2707 if (!tcp_rcv_ack_is_acceptable (tc0, b0))
2709 TCP_DBG ("connection not accepted");
2710 tcp_send_reset_w_pkt (tc0, b0, is_ip4);
2711 error0 = TCP_ERROR_ACK_INVALID;
2715 /* Update rtt and rto */
2716 tcp_update_rtt (tc0, vnet_buffer (b0)->tcp.ack_number);
2718 /* Switch state to ESTABLISHED */
2719 tc0->state = TCP_STATE_ESTABLISHED;
2720 TCP_EVT_DBG (TCP_EVT_STATE_CHANGE, tc0);
2722 /* Initialize session variables */
2723 tc0->snd_una = vnet_buffer (b0)->tcp.ack_number;
2724 tc0->snd_wnd = clib_net_to_host_u16 (tcp0->window)
2725 << tc0->rcv_opts.wscale;
2726 tc0->snd_wl1 = vnet_buffer (b0)->tcp.seq_number;
2727 tc0->snd_wl2 = vnet_buffer (b0)->tcp.ack_number;
2729 /* Reset SYN-ACK retransmit and SYN_RCV establish timers */
2730 tcp_retransmit_timer_reset (tc0);
2731 tcp_timer_reset (tc0, TCP_TIMER_ESTABLISH);
2732 stream_session_accept_notify (&tc0->connection);
2733 error0 = TCP_ERROR_ACK_OK;
2735 case TCP_STATE_ESTABLISHED:
2736 /* We can get packets in established state here because they
2737 * were enqueued before state change */
2738 if (tcp_rcv_ack (wrk, tc0, b0, tcp0, &next0, &error0))
2740 tcp_maybe_inc_counter (rcv_process, error0, 1);
2745 case TCP_STATE_FIN_WAIT_1:
2746 /* In addition to the processing for the ESTABLISHED state, if
2747 * our FIN is now acknowledged then enter FIN-WAIT-2 and
2748 * continue processing in that state. */
2749 if (tcp_rcv_ack (wrk, tc0, b0, tcp0, &next0, &error0))
2751 tcp_maybe_inc_counter (rcv_process, error0, 1);
2755 /* Still have to send the FIN */
2756 if (tc0->flags & TCP_CONN_FINPNDG)
2758 /* TX fifo finally drained */
2759 if (!session_tx_fifo_max_dequeue (&tc0->connection))
2762 /* If FIN is ACKed */
2763 else if (tc0->snd_una == tc0->snd_una_max)
2765 tc0->state = TCP_STATE_FIN_WAIT_2;
2766 TCP_EVT_DBG (TCP_EVT_STATE_CHANGE, tc0);
2768 /* Stop all retransmit timers because we have nothing more
2769 * to send. Enable waitclose though because we're willing to
2770 * wait for peer's FIN but not indefinitely. */
2771 tcp_connection_timers_reset (tc0);
2772 tcp_timer_update (tc0, TCP_TIMER_WAITCLOSE, TCP_2MSL_TIME);
2775 case TCP_STATE_FIN_WAIT_2:
2776 /* In addition to the processing for the ESTABLISHED state, if
2777 * the retransmission queue is empty, the user's CLOSE can be
2778 * acknowledged ("ok") but do not delete the TCB. */
2779 if (tcp_rcv_ack (wrk, tc0, b0, tcp0, &next0, &error0))
2781 tcp_maybe_inc_counter (rcv_process, error0, 1);
2785 case TCP_STATE_CLOSE_WAIT:
2786 /* Do the same processing as for the ESTABLISHED state. */
2787 if (tcp_rcv_ack (wrk, tc0, b0, tcp0, &next0, &error0))
2789 tcp_maybe_inc_counter (rcv_process, error0, 1);
2792 if (tc0->flags & TCP_CONN_FINPNDG)
2794 /* TX fifo finally drained */
2795 if (!session_tx_fifo_max_dequeue (&tc0->connection))
2798 tcp_connection_timers_reset (tc0);
2799 tc0->state = TCP_STATE_LAST_ACK;
2800 tcp_timer_update (tc0, TCP_TIMER_WAITCLOSE,
2805 case TCP_STATE_CLOSING:
2806 /* In addition to the processing for the ESTABLISHED state, if
2807 * the ACK acknowledges our FIN then enter the TIME-WAIT state,
2808 * otherwise ignore the segment. */
2809 if (tcp_rcv_ack (wrk, tc0, b0, tcp0, &next0, &error0))
2811 tcp_maybe_inc_counter (rcv_process, error0, 1);
2815 tc0->state = TCP_STATE_TIME_WAIT;
2816 TCP_EVT_DBG (TCP_EVT_STATE_CHANGE, tc0);
2817 tcp_timer_update (tc0, TCP_TIMER_WAITCLOSE, TCP_TIMEWAIT_TIME);
2821 case TCP_STATE_LAST_ACK:
2822 /* The only thing that [should] arrive in this state is an
2823 * acknowledgment of our FIN. If our FIN is now acknowledged,
2824 * delete the TCB, enter the CLOSED state, and return. */
2826 if (!tcp_rcv_ack_is_acceptable (tc0, b0))
2828 error0 = TCP_ERROR_ACK_INVALID;
2831 error0 = TCP_ERROR_ACK_OK;
2832 tc0->snd_una = vnet_buffer (b0)->tcp.ack_number;
2833 /* Apparently our ACK for the peer's FIN was lost */
2834 if (is_fin0 && tc0->snd_una != tc0->snd_una_max)
2840 tc0->state = TCP_STATE_CLOSED;
2841 TCP_EVT_DBG (TCP_EVT_STATE_CHANGE, tc0);
2843 /* Don't free the connection from the data path since
2844 * we can't ensure that we have no packets already enqueued
2845 * to output. Rely instead on the waitclose timer */
2846 tcp_connection_timers_reset (tc0);
2847 tcp_timer_update (tc0, TCP_TIMER_WAITCLOSE, 1);
2852 case TCP_STATE_TIME_WAIT:
2853 /* The only thing that can arrive in this state is a
2854 * retransmission of the remote FIN. Acknowledge it, and restart
2855 * the 2 MSL timeout. */
2857 if (tcp_rcv_ack (wrk, tc0, b0, tcp0, &next0, &error0))
2859 tcp_maybe_inc_counter (rcv_process, error0, 1);
2863 tcp_make_ack (tc0, b0);
2864 next0 = tcp_next_output (is_ip4);
2865 tcp_timer_update (tc0, TCP_TIMER_WAITCLOSE, TCP_TIMEWAIT_TIME);
2873 /* 6: check the URG bit TODO */
2875 /* 7: process the segment text */
2878 case TCP_STATE_ESTABLISHED:
2879 case TCP_STATE_FIN_WAIT_1:
2880 case TCP_STATE_FIN_WAIT_2:
2881 if (vnet_buffer (b0)->tcp.data_len)
2883 error0 = tcp_segment_rcv (tc0, b0, &next0);
2884 tcp_maybe_inc_counter (rcv_process, error0, 1);
2889 case TCP_STATE_CLOSE_WAIT:
2890 case TCP_STATE_CLOSING:
2891 case TCP_STATE_LAST_ACK:
2892 case TCP_STATE_TIME_WAIT:
2893 /* This should not occur, since a FIN has been received from the
2894 * remote side. Ignore the segment text. */
2898 /* 8: check the FIN bit */
2904 case TCP_STATE_ESTABLISHED:
2905 case TCP_STATE_SYN_RCVD:
2906 /* Send FIN-ACK notify app and enter CLOSE-WAIT */
2907 tcp_connection_timers_reset (tc0);
2908 tcp_make_fin (tc0, b0);
2910 tc0->snd_una_max = tc0->snd_nxt;
2911 tcp_retransmit_timer_set (tc0);
2912 next0 = tcp_next_output (tc0->c_is_ip4);
2913 stream_session_disconnect_notify (&tc0->connection);
2914 tc0->state = TCP_STATE_CLOSE_WAIT;
2915 TCP_EVT_DBG (TCP_EVT_STATE_CHANGE, tc0);
2917 case TCP_STATE_CLOSE_WAIT:
2918 case TCP_STATE_CLOSING:
2919 case TCP_STATE_LAST_ACK:
2922 case TCP_STATE_FIN_WAIT_1:
2923 tc0->state = TCP_STATE_CLOSING;
2924 tcp_make_ack (tc0, b0);
2925 next0 = tcp_next_output (is_ip4);
2926 TCP_EVT_DBG (TCP_EVT_STATE_CHANGE, tc0);
2927 /* Wait for ACK but not forever */
2928 tcp_timer_update (tc0, TCP_TIMER_WAITCLOSE, TCP_2MSL_TIME);
2930 case TCP_STATE_FIN_WAIT_2:
2931 /* Got FIN, send ACK! Be more aggressive with resource cleanup */
2932 tc0->state = TCP_STATE_TIME_WAIT;
2933 tcp_connection_timers_reset (tc0);
2934 tcp_timer_update (tc0, TCP_TIMER_WAITCLOSE, TCP_TIMEWAIT_TIME);
2935 tcp_make_ack (tc0, b0);
2936 next0 = tcp_next_output (is_ip4);
2937 TCP_EVT_DBG (TCP_EVT_STATE_CHANGE, tc0);
2939 case TCP_STATE_TIME_WAIT:
2940 /* Remain in the TIME-WAIT state. Restart the time-wait
2943 tcp_timer_update (tc0, TCP_TIMER_WAITCLOSE, TCP_TIMEWAIT_TIME);
2946 TCP_EVT_DBG (TCP_EVT_FIN_RCVD, tc0);
2950 b0->error = error0 ? node->errors[error0] : 0;
2952 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
2954 tcp_rx_trace_t *t0 =
2955 vlib_add_trace (vm, node, b0, sizeof (*t0));
2956 tcp_set_rx_trace_data (t0, tc0, tcp0, b0, is_ip4);
2959 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
2960 n_left_to_next, bi0, next0);
2963 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2966 errors = session_manager_flush_enqueue_events (TRANSPORT_PROTO_TCP,
2968 tcp_inc_counter (rcv_process, TCP_ERROR_EVENT_FIFO_FULL, errors);
2969 tcp_inc_counter (rcv_process, TCP_ERROR_FIN_RCVD, n_fins);
2970 tcp_handle_postponed_dequeues (wrk);
2971 return from_frame->n_vectors;
2975 tcp4_rcv_process (vlib_main_t * vm, vlib_node_runtime_t * node,
2976 vlib_frame_t * from_frame)
2978 return tcp46_rcv_process_inline (vm, node, from_frame, 1 /* is_ip4 */ );
2982 tcp6_rcv_process (vlib_main_t * vm, vlib_node_runtime_t * node,
2983 vlib_frame_t * from_frame)
2985 return tcp46_rcv_process_inline (vm, node, from_frame, 0 /* is_ip4 */ );
2989 VLIB_REGISTER_NODE (tcp4_rcv_process_node) =
2991 .function = tcp4_rcv_process,
2992 .name = "tcp4-rcv-process",
2993 /* Takes a vector of packets. */
2994 .vector_size = sizeof (u32),
2995 .n_errors = TCP_N_ERROR,
2996 .error_strings = tcp_error_strings,
2997 .n_next_nodes = TCP_RCV_PROCESS_N_NEXT,
3000 #define _(s,n) [TCP_RCV_PROCESS_NEXT_##s] = n,
3001 foreach_tcp_state_next
3004 .format_trace = format_tcp_rx_trace_short,
3008 VLIB_NODE_FUNCTION_MULTIARCH (tcp4_rcv_process_node, tcp4_rcv_process);
3011 VLIB_REGISTER_NODE (tcp6_rcv_process_node) =
3013 .function = tcp6_rcv_process,
3014 .name = "tcp6-rcv-process",
3015 /* Takes a vector of packets. */
3016 .vector_size = sizeof (u32),
3017 .n_errors = TCP_N_ERROR,
3018 .error_strings = tcp_error_strings,
3019 .n_next_nodes = TCP_RCV_PROCESS_N_NEXT,
3022 #define _(s,n) [TCP_RCV_PROCESS_NEXT_##s] = n,
3023 foreach_tcp_state_next
3026 .format_trace = format_tcp_rx_trace_short,
3030 VLIB_NODE_FUNCTION_MULTIARCH (tcp6_rcv_process_node, tcp6_rcv_process);
3032 vlib_node_registration_t tcp4_listen_node;
3033 vlib_node_registration_t tcp6_listen_node;
3036 * LISTEN state processing as per RFC 793 p. 65
3039 tcp46_listen_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
3040 vlib_frame_t * from_frame, int is_ip4)
3042 u32 n_left_from, next_index, *from, *to_next, n_syns = 0;
3043 u32 my_thread_index = vm->thread_index;
3045 from = vlib_frame_vector_args (from_frame);
3046 n_left_from = from_frame->n_vectors;
3048 next_index = node->cached_next_index;
3050 while (n_left_from > 0)
3054 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
3056 while (n_left_from > 0 && n_left_to_next > 0)
3061 tcp_header_t *th0 = 0;
3062 tcp_connection_t *lc0;
3065 tcp_connection_t *child0;
3066 u32 error0 = TCP_ERROR_NONE, next0 = tcp_next_drop (is_ip4);
3073 n_left_to_next -= 1;
3075 b0 = vlib_get_buffer (vm, bi0);
3076 lc0 = tcp_listener_get (vnet_buffer (b0)->tcp.connection_index);
3080 ip40 = vlib_buffer_get_current (b0);
3081 th0 = ip4_next_header (ip40);
3085 ip60 = vlib_buffer_get_current (b0);
3086 th0 = ip6_next_header (ip60);
3089 /* Create child session. For syn-flood protection use filter */
3091 /* 1. first check for an RST: handled in dispatch */
3092 /* if (tcp_rst (th0))
3095 /* 2. second check for an ACK: handled in dispatch */
3096 /* if (tcp_ack (th0))
3098 tcp_send_reset (b0, is_ip4);
3102 /* 3. check for a SYN (did that already) */
3104 /* Make sure connection wasn't just created */
3105 child0 = tcp_lookup_connection (lc0->c_fib_index, b0,
3106 my_thread_index, is_ip4);
3107 if (PREDICT_FALSE (child0->state != TCP_STATE_LISTEN))
3109 error0 = TCP_ERROR_CREATE_EXISTS;
3113 /* Create child session and send SYN-ACK */
3114 child0 = tcp_connection_new (my_thread_index);
3115 child0->c_lcl_port = th0->dst_port;
3116 child0->c_rmt_port = th0->src_port;
3117 child0->c_is_ip4 = is_ip4;
3118 child0->state = TCP_STATE_SYN_RCVD;
3119 child0->c_fib_index = lc0->c_fib_index;
3123 child0->c_lcl_ip4.as_u32 = ip40->dst_address.as_u32;
3124 child0->c_rmt_ip4.as_u32 = ip40->src_address.as_u32;
3128 clib_memcpy (&child0->c_lcl_ip6, &ip60->dst_address,
3129 sizeof (ip6_address_t));
3130 clib_memcpy (&child0->c_rmt_ip6, &ip60->src_address,
3131 sizeof (ip6_address_t));
3134 if (tcp_options_parse (th0, &child0->rcv_opts))
3136 clib_warning ("options parse fail");
3140 child0->irs = vnet_buffer (b0)->tcp.seq_number;
3141 child0->rcv_nxt = vnet_buffer (b0)->tcp.seq_number + 1;
3142 child0->rcv_las = child0->rcv_nxt;
3143 child0->sw_if_index = vnet_buffer (b0)->sw_if_index[VLIB_RX];
3145 /* RFC1323: TSval timestamps sent on {SYN} and {SYN,ACK}
3146 * segments are used to initialize PAWS. */
3147 if (tcp_opts_tstamp (&child0->rcv_opts))
3149 child0->tsval_recent = child0->rcv_opts.tsval;
3150 child0->tsval_recent_age = tcp_time_now ();
3153 if (tcp_opts_wscale (&child0->rcv_opts))
3154 child0->snd_wscale = child0->rcv_opts.wscale;
3156 child0->snd_wnd = clib_net_to_host_u16 (th0->window)
3157 << child0->snd_wscale;
3158 child0->snd_wl1 = vnet_buffer (b0)->tcp.seq_number;
3159 child0->snd_wl2 = vnet_buffer (b0)->tcp.ack_number;
3161 tcp_connection_init_vars (child0);
3162 TCP_EVT_DBG (TCP_EVT_SYN_RCVD, child0, 1);
3164 if (stream_session_accept (&child0->connection, lc0->c_s_index,
3167 clib_warning ("session accept fail");
3168 tcp_connection_cleanup (child0);
3169 error0 = TCP_ERROR_CREATE_SESSION_FAIL;
3173 /* Reuse buffer to make syn-ack and send */
3174 tcp_make_synack (child0, b0);
3175 next0 = tcp_next_output (is_ip4);
3176 tcp_timer_set (child0, TCP_TIMER_ESTABLISH, TCP_SYN_RCVD_TIME);
3179 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
3181 t0 = vlib_add_trace (vm, node, b0, sizeof (*t0));
3182 clib_memcpy (&t0->tcp_header, th0, sizeof (t0->tcp_header));
3183 clib_memcpy (&t0->tcp_connection, lc0,
3184 sizeof (t0->tcp_connection));
3187 n_syns += (error0 == TCP_ERROR_NONE);
3188 b0->error = node->errors[error0];
3190 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
3191 n_left_to_next, bi0, next0);
3194 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
3197 tcp_inc_counter (listen, TCP_ERROR_SYNS_RCVD, n_syns);
3198 return from_frame->n_vectors;
3202 tcp4_listen (vlib_main_t * vm, vlib_node_runtime_t * node,
3203 vlib_frame_t * from_frame)
3205 return tcp46_listen_inline (vm, node, from_frame, 1 /* is_ip4 */ );
3209 tcp6_listen (vlib_main_t * vm, vlib_node_runtime_t * node,
3210 vlib_frame_t * from_frame)
3212 return tcp46_listen_inline (vm, node, from_frame, 0 /* is_ip4 */ );
3216 VLIB_REGISTER_NODE (tcp4_listen_node) =
3218 .function = tcp4_listen,
3219 .name = "tcp4-listen",
3220 /* Takes a vector of packets. */
3221 .vector_size = sizeof (u32),
3222 .n_errors = TCP_N_ERROR,
3223 .error_strings = tcp_error_strings,
3224 .n_next_nodes = TCP_LISTEN_N_NEXT,
3227 #define _(s,n) [TCP_LISTEN_NEXT_##s] = n,
3228 foreach_tcp_state_next
3231 .format_trace = format_tcp_rx_trace_short,
3235 VLIB_NODE_FUNCTION_MULTIARCH (tcp4_listen_node, tcp4_listen);
3238 VLIB_REGISTER_NODE (tcp6_listen_node) =
3240 .function = tcp6_listen,
3241 .name = "tcp6-listen",
3242 /* Takes a vector of packets. */
3243 .vector_size = sizeof (u32),
3244 .n_errors = TCP_N_ERROR,
3245 .error_strings = tcp_error_strings,
3246 .n_next_nodes = TCP_LISTEN_N_NEXT,
3249 #define _(s,n) [TCP_LISTEN_NEXT_##s] = n,
3250 foreach_tcp_state_next
3253 .format_trace = format_tcp_rx_trace_short,
3257 VLIB_NODE_FUNCTION_MULTIARCH (tcp6_listen_node, tcp6_listen);
3259 vlib_node_registration_t tcp4_input_node;
3260 vlib_node_registration_t tcp6_input_node;
3262 typedef enum _tcp_input_next
3264 TCP_INPUT_NEXT_DROP,
3265 TCP_INPUT_NEXT_LISTEN,
3266 TCP_INPUT_NEXT_RCV_PROCESS,
3267 TCP_INPUT_NEXT_SYN_SENT,
3268 TCP_INPUT_NEXT_ESTABLISHED,
3269 TCP_INPUT_NEXT_RESET,
3270 TCP_INPUT_NEXT_PUNT,
3274 #define foreach_tcp4_input_next \
3275 _ (DROP, "ip4-drop") \
3276 _ (LISTEN, "tcp4-listen") \
3277 _ (RCV_PROCESS, "tcp4-rcv-process") \
3278 _ (SYN_SENT, "tcp4-syn-sent") \
3279 _ (ESTABLISHED, "tcp4-established") \
3280 _ (RESET, "tcp4-reset") \
3281 _ (PUNT, "ip4-punt")
3283 #define foreach_tcp6_input_next \
3284 _ (DROP, "ip6-drop") \
3285 _ (LISTEN, "tcp6-listen") \
3286 _ (RCV_PROCESS, "tcp6-rcv-process") \
3287 _ (SYN_SENT, "tcp6-syn-sent") \
3288 _ (ESTABLISHED, "tcp6-established") \
3289 _ (RESET, "tcp6-reset") \
3290 _ (PUNT, "ip6-punt")
3292 #define filter_flags (TCP_FLAG_SYN|TCP_FLAG_ACK|TCP_FLAG_RST|TCP_FLAG_FIN)
3295 tcp_input_trace_frame (vlib_main_t * vm, vlib_node_runtime_t * node,
3296 vlib_buffer_t ** bs, u32 n_bufs, u8 is_ip4)
3298 tcp_connection_t *tc;
3303 for (i = 0; i < n_bufs; i++)
3305 if (bs[i]->flags & VLIB_BUFFER_IS_TRACED)
3307 t = vlib_add_trace (vm, node, bs[i], sizeof (*t));
3308 tc = tcp_connection_get (vnet_buffer (bs[i])->tcp.connection_index,
3310 tcp = vlib_buffer_get_current (bs[i]);
3311 tcp_set_rx_trace_data (t, tc, tcp, bs[i], is_ip4);
3317 tcp_input_set_error_next (tcp_main_t * tm, u16 * next, u32 * error, u8 is_ip4)
3319 if (*error == TCP_ERROR_FILTERED)
3321 *next = TCP_INPUT_NEXT_DROP;
3323 else if ((is_ip4 && tm->punt_unknown4) || (!is_ip4 && tm->punt_unknown6))
3325 *next = TCP_INPUT_NEXT_PUNT;
3326 *error = TCP_ERROR_PUNT;
3330 *next = TCP_INPUT_NEXT_RESET;
3331 *error = TCP_ERROR_NO_LISTENER;
3335 static inline tcp_connection_t *
3336 tcp_input_lookup_buffer (vlib_buffer_t * b, u8 thread_index, u32 * error,
3339 u32 fib_index = vnet_buffer (b)->ip.fib_index;
3340 int n_advance_bytes, n_data_bytes;
3341 transport_connection_t *tc;
3347 ip4_header_t *ip4 = vlib_buffer_get_current (b);
3348 tcp = ip4_next_header (ip4);
3349 vnet_buffer (b)->tcp.hdr_offset = (u8 *) tcp - (u8 *) ip4;
3350 n_advance_bytes = (ip4_header_bytes (ip4) + tcp_header_bytes (tcp));
3351 n_data_bytes = clib_net_to_host_u16 (ip4->length) - n_advance_bytes;
3353 /* Length check. Checksum computed by ipx_local no need to compute again */
3354 if (PREDICT_FALSE (n_advance_bytes < 0))
3356 *error = TCP_ERROR_LENGTH;
3360 tc = session_lookup_connection_wt4 (fib_index, &ip4->dst_address,
3361 &ip4->src_address, tcp->dst_port,
3362 tcp->src_port, TRANSPORT_PROTO_TCP,
3363 thread_index, &is_filtered);
3367 ip6_header_t *ip6 = vlib_buffer_get_current (b);
3368 tcp = ip6_next_header (ip6);
3369 vnet_buffer (b)->tcp.hdr_offset = (u8 *) tcp - (u8 *) ip6;
3370 n_advance_bytes = tcp_header_bytes (tcp);
3371 n_data_bytes = clib_net_to_host_u16 (ip6->payload_length)
3373 n_advance_bytes += sizeof (ip6[0]);
3375 if (PREDICT_FALSE (n_advance_bytes < 0))
3377 *error = TCP_ERROR_LENGTH;
3381 tc = session_lookup_connection_wt6 (fib_index, &ip6->dst_address,
3382 &ip6->src_address, tcp->dst_port,
3383 tcp->src_port, TRANSPORT_PROTO_TCP,
3384 thread_index, &is_filtered);
3387 vnet_buffer (b)->tcp.seq_number = clib_net_to_host_u32 (tcp->seq_number);
3388 vnet_buffer (b)->tcp.ack_number = clib_net_to_host_u32 (tcp->ack_number);
3389 vnet_buffer (b)->tcp.data_offset = n_advance_bytes;
3390 vnet_buffer (b)->tcp.data_len = n_data_bytes;
3391 vnet_buffer (b)->tcp.flags = 0;
3393 *error = is_filtered ? TCP_ERROR_FILTERED : *error;
3395 return tcp_get_connection_from_transport (tc);
3399 tcp_input_dispatch_buffer (tcp_main_t * tm, tcp_connection_t * tc,
3400 vlib_buffer_t * b, u16 * next, u32 * error)
3405 tcp = tcp_buffer_hdr (b);
3406 flags = tcp->flags & filter_flags;
3407 *next = tm->dispatch_table[tc->state][flags].next;
3408 *error = tm->dispatch_table[tc->state][flags].error;
3410 if (PREDICT_FALSE (*error == TCP_ERROR_DISPATCH
3411 || *next == TCP_INPUT_NEXT_RESET))
3413 /* Overload tcp flags to store state */
3414 tcp_state_t state = tc->state;
3415 vnet_buffer (b)->tcp.flags = tc->state;
3417 if (*error == TCP_ERROR_DISPATCH)
3418 clib_warning ("disp error state %U flags %U", format_tcp_state,
3419 state, format_tcp_flags, (int) flags);
3424 tcp46_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
3425 vlib_frame_t * frame, int is_ip4)
3427 u32 n_left_from, *from, thread_index = vm->thread_index;
3428 tcp_main_t *tm = vnet_get_tcp_main ();
3429 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
3430 u16 nexts[VLIB_FRAME_SIZE], *next;
3432 tcp_set_time_now (tcp_get_worker (thread_index));
3434 from = vlib_frame_vector_args (frame);
3435 n_left_from = frame->n_vectors;
3436 vlib_get_buffers (vm, from, bufs, n_left_from);
3441 while (n_left_from >= 4)
3443 u32 error0 = TCP_ERROR_NO_LISTENER, error1 = TCP_ERROR_NO_LISTENER;
3444 tcp_connection_t *tc0, *tc1;
3447 vlib_prefetch_buffer_header (b[2], STORE);
3448 CLIB_PREFETCH (b[2]->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
3450 vlib_prefetch_buffer_header (b[3], STORE);
3451 CLIB_PREFETCH (b[3]->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
3454 next[0] = next[1] = TCP_INPUT_NEXT_DROP;
3456 tc0 = tcp_input_lookup_buffer (b[0], thread_index, &error0, is_ip4);
3457 tc1 = tcp_input_lookup_buffer (b[1], thread_index, &error1, is_ip4);
3459 if (PREDICT_TRUE (!tc0 + !tc1 == 0))
3461 ASSERT (tcp_lookup_is_valid (tc0, tcp_buffer_hdr (b[0])));
3462 ASSERT (tcp_lookup_is_valid (tc1, tcp_buffer_hdr (b[1])));
3464 vnet_buffer (b[0])->tcp.connection_index = tc0->c_c_index;
3465 vnet_buffer (b[1])->tcp.connection_index = tc1->c_c_index;
3467 tcp_input_dispatch_buffer (tm, tc0, b[0], &next[0], &error0);
3468 tcp_input_dispatch_buffer (tm, tc1, b[1], &next[1], &error1);
3472 if (PREDICT_TRUE (tc0 != 0))
3474 ASSERT (tcp_lookup_is_valid (tc0, tcp_buffer_hdr (b[0])));
3475 vnet_buffer (b[0])->tcp.connection_index = tc0->c_c_index;
3476 tcp_input_dispatch_buffer (tm, tc0, b[0], &next[0], &error0);
3479 tcp_input_set_error_next (tm, &next[0], &error0, is_ip4);
3481 if (PREDICT_TRUE (tc1 != 0))
3483 ASSERT (tcp_lookup_is_valid (tc1, tcp_buffer_hdr (b[1])));
3484 vnet_buffer (b[1])->tcp.connection_index = tc1->c_c_index;
3485 tcp_input_dispatch_buffer (tm, tc1, b[1], &next[1], &error1);
3488 tcp_input_set_error_next (tm, &next[1], &error1, is_ip4);
3495 while (n_left_from > 0)
3497 tcp_connection_t *tc0;
3498 u32 error0 = TCP_ERROR_NO_LISTENER;
3500 if (n_left_from > 1)
3502 vlib_prefetch_buffer_header (b[1], STORE);
3503 CLIB_PREFETCH (b[1]->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
3506 next[0] = TCP_INPUT_NEXT_DROP;
3507 tc0 = tcp_input_lookup_buffer (b[0], thread_index, &error0, is_ip4);
3508 if (PREDICT_TRUE (tc0 != 0))
3510 ASSERT (tcp_lookup_is_valid (tc0, tcp_buffer_hdr (b[0])));
3511 vnet_buffer (b[0])->tcp.connection_index = tc0->c_c_index;
3512 tcp_input_dispatch_buffer (tm, tc0, b[0], &next[0], &error0);
3515 tcp_input_set_error_next (tm, &next[0], &error0, is_ip4);
3522 if (PREDICT_FALSE (node->flags & VLIB_NODE_FLAG_TRACE))
3523 tcp_input_trace_frame (vm, node, bufs, frame->n_vectors, is_ip4);
3525 vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
3526 return frame->n_vectors;
3530 tcp4_input (vlib_main_t * vm, vlib_node_runtime_t * node,
3531 vlib_frame_t * from_frame)
3533 return tcp46_input_inline (vm, node, from_frame, 1 /* is_ip4 */ );
3537 tcp6_input (vlib_main_t * vm, vlib_node_runtime_t * node,
3538 vlib_frame_t * from_frame)
3540 return tcp46_input_inline (vm, node, from_frame, 0 /* is_ip4 */ );
3544 VLIB_REGISTER_NODE (tcp4_input_node) =
3546 .function = tcp4_input,
3547 .name = "tcp4-input",
3548 /* Takes a vector of packets. */
3549 .vector_size = sizeof (u32),
3550 .n_errors = TCP_N_ERROR,
3551 .error_strings = tcp_error_strings,
3552 .n_next_nodes = TCP_INPUT_N_NEXT,
3555 #define _(s,n) [TCP_INPUT_NEXT_##s] = n,
3556 foreach_tcp4_input_next
3559 .format_buffer = format_tcp_header,
3560 .format_trace = format_tcp_rx_trace,
3564 VLIB_NODE_FUNCTION_MULTIARCH (tcp4_input_node, tcp4_input);
3567 VLIB_REGISTER_NODE (tcp6_input_node) =
3569 .function = tcp6_input,
3570 .name = "tcp6-input",
3571 /* Takes a vector of packets. */
3572 .vector_size = sizeof (u32),
3573 .n_errors = TCP_N_ERROR,
3574 .error_strings = tcp_error_strings,
3575 .n_next_nodes = TCP_INPUT_N_NEXT,
3578 #define _(s,n) [TCP_INPUT_NEXT_##s] = n,
3579 foreach_tcp6_input_next
3582 .format_buffer = format_tcp_header,
3583 .format_trace = format_tcp_rx_trace,
3587 VLIB_NODE_FUNCTION_MULTIARCH (tcp6_input_node, tcp6_input);
3590 tcp_dispatch_table_init (tcp_main_t * tm)
3593 for (i = 0; i < ARRAY_LEN (tm->dispatch_table); i++)
3594 for (j = 0; j < ARRAY_LEN (tm->dispatch_table[i]); j++)
3596 tm->dispatch_table[i][j].next = TCP_INPUT_NEXT_DROP;
3597 tm->dispatch_table[i][j].error = TCP_ERROR_DISPATCH;
3600 #define _(t,f,n,e) \
3602 tm->dispatch_table[TCP_STATE_##t][f].next = (n); \
3603 tm->dispatch_table[TCP_STATE_##t][f].error = (e); \
3606 /* SYNs for new connections -> tcp-listen. */
3607 _(LISTEN, TCP_FLAG_SYN, TCP_INPUT_NEXT_LISTEN, TCP_ERROR_NONE);
3608 _(LISTEN, TCP_FLAG_ACK, TCP_INPUT_NEXT_RESET, TCP_ERROR_NONE);
3609 _(LISTEN, TCP_FLAG_RST, TCP_INPUT_NEXT_DROP, TCP_ERROR_RST_RCVD);
3610 _(LISTEN, TCP_FLAG_FIN | TCP_FLAG_ACK, TCP_INPUT_NEXT_RESET,
3612 /* ACK for for a SYN-ACK -> tcp-rcv-process. */
3613 _(SYN_RCVD, TCP_FLAG_ACK, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3614 _(SYN_RCVD, TCP_FLAG_RST, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3615 _(SYN_RCVD, TCP_FLAG_RST | TCP_FLAG_ACK, TCP_INPUT_NEXT_RCV_PROCESS,
3617 _(SYN_RCVD, TCP_FLAG_SYN, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3618 _(SYN_RCVD, TCP_FLAG_FIN | TCP_FLAG_ACK, TCP_INPUT_NEXT_RCV_PROCESS,
3620 /* SYN-ACK for a SYN */
3621 _(SYN_SENT, TCP_FLAG_SYN | TCP_FLAG_ACK, TCP_INPUT_NEXT_SYN_SENT,
3623 _(SYN_SENT, TCP_FLAG_ACK, TCP_INPUT_NEXT_SYN_SENT, TCP_ERROR_NONE);
3624 _(SYN_SENT, TCP_FLAG_RST, TCP_INPUT_NEXT_SYN_SENT, TCP_ERROR_NONE);
3625 _(SYN_SENT, TCP_FLAG_RST | TCP_FLAG_ACK, TCP_INPUT_NEXT_SYN_SENT,
3627 /* ACK for for established connection -> tcp-established. */
3628 _(ESTABLISHED, TCP_FLAG_ACK, TCP_INPUT_NEXT_ESTABLISHED, TCP_ERROR_NONE);
3629 /* FIN for for established connection -> tcp-established. */
3630 _(ESTABLISHED, TCP_FLAG_FIN, TCP_INPUT_NEXT_ESTABLISHED, TCP_ERROR_NONE);
3631 _(ESTABLISHED, TCP_FLAG_FIN | TCP_FLAG_ACK, TCP_INPUT_NEXT_ESTABLISHED,
3633 _(ESTABLISHED, TCP_FLAG_RST, TCP_INPUT_NEXT_ESTABLISHED, TCP_ERROR_NONE);
3634 _(ESTABLISHED, TCP_FLAG_RST | TCP_FLAG_ACK, TCP_INPUT_NEXT_ESTABLISHED,
3636 _(ESTABLISHED, TCP_FLAG_SYN, TCP_INPUT_NEXT_ESTABLISHED, TCP_ERROR_NONE);
3637 _(ESTABLISHED, TCP_FLAG_SYN | TCP_FLAG_ACK, TCP_INPUT_NEXT_ESTABLISHED,
3639 /* ACK or FIN-ACK to our FIN */
3640 _(FIN_WAIT_1, TCP_FLAG_ACK, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3641 _(FIN_WAIT_1, TCP_FLAG_ACK | TCP_FLAG_FIN, TCP_INPUT_NEXT_RCV_PROCESS,
3643 /* FIN in reply to our FIN from the other side */
3644 _(FIN_WAIT_1, TCP_FLAG_FIN, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3645 _(FIN_WAIT_1, TCP_FLAG_RST, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3646 _(CLOSING, TCP_FLAG_ACK, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3647 /* FIN confirming that the peer (app) has closed */
3648 _(FIN_WAIT_2, TCP_FLAG_FIN, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3649 _(FIN_WAIT_2, TCP_FLAG_ACK, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3650 _(FIN_WAIT_2, TCP_FLAG_FIN | TCP_FLAG_ACK, TCP_INPUT_NEXT_RCV_PROCESS,
3652 _(CLOSE_WAIT, TCP_FLAG_ACK, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3653 _(CLOSE_WAIT, TCP_FLAG_FIN | TCP_FLAG_ACK, TCP_INPUT_NEXT_RCV_PROCESS,
3655 _(LAST_ACK, TCP_FLAG_ACK, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3656 _(LAST_ACK, TCP_FLAG_FIN, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3657 _(LAST_ACK, TCP_FLAG_FIN | TCP_FLAG_ACK, TCP_INPUT_NEXT_RCV_PROCESS,
3659 _(LAST_ACK, TCP_FLAG_RST, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3660 _(LAST_ACK, TCP_FLAG_SYN, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3661 _(TIME_WAIT, TCP_FLAG_FIN, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3662 _(TIME_WAIT, TCP_FLAG_FIN | TCP_FLAG_ACK, TCP_INPUT_NEXT_RCV_PROCESS,
3664 _(TIME_WAIT, TCP_FLAG_RST, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3665 _(TIME_WAIT, TCP_FLAG_ACK, TCP_INPUT_NEXT_RCV_PROCESS, TCP_ERROR_NONE);
3666 _(CLOSED, TCP_FLAG_ACK, TCP_INPUT_NEXT_DROP, TCP_ERROR_CONNECTION_CLOSED);
3667 _(CLOSED, TCP_FLAG_RST, TCP_INPUT_NEXT_DROP, TCP_ERROR_CONNECTION_CLOSED);
3668 _(CLOSED, TCP_FLAG_FIN | TCP_FLAG_ACK, TCP_INPUT_NEXT_DROP,
3669 TCP_ERROR_CONNECTION_CLOSED);
3673 static clib_error_t *
3674 tcp_input_init (vlib_main_t * vm)
3676 clib_error_t *error = 0;
3677 tcp_main_t *tm = vnet_get_tcp_main ();
3679 if ((error = vlib_call_init_function (vm, tcp_init)))
3682 /* Initialize dispatch table. */
3683 tcp_dispatch_table_init (tm);
3688 VLIB_INIT_FUNCTION (tcp_input_init);
3691 * fd.io coding-style-patch-verification: ON
3694 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob