1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * INET An implementation of the TCP/IP protocol suite for the LINUX 4 * operating system. INET is implemented using the BSD Socket 5 * interface as the means of communication with the user level. 6 * 7 * Implementation of the Transmission Control Protocol(TCP). 8 * 9 * Authors: Ross Biro 10 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 11 * Mark Evans, <evansmp@uhura.aston.ac.uk> 12 * Corey Minyard <wf-rch!minyard@relay.EU.net> 13 * Florian La Roche, <flla@stud.uni-sb.de> 14 * Charles Hedrick, <hedrick@klinzhai.rutgers.edu> 15 * Linus Torvalds, <torvalds@cs.helsinki.fi> 16 * Alan Cox, <gw4pts@gw4pts.ampr.org> 17 * Matthew Dillon, <dillon@apollo.west.oic.com> 18 * Arnt Gulbrandsen, <agulbra@nvg.unit.no> 19 * Jorge Cwik, <jorge@laser.satlink.net> 20 */ 21 22 /* 23 * Changes: Pedro Roque : Retransmit queue handled by TCP. 24 * : Fragmentation on mtu decrease 25 * : Segment collapse on retransmit 26 * : AF independence 27 * 28 * Linus Torvalds : send_delayed_ack 29 * David S. Miller : Charge memory using the right skb 30 * during syn/ack processing. 31 * David S. Miller : Output engine completely rewritten. 32 * Andrea Arcangeli: SYNACK carry ts_recent in tsecr. 33 * Cacophonix Gaul : draft-minshall-nagle-01 34 * J Hadi Salim : ECN support 35 * 36 */ 37 38 #define pr_fmt(fmt) "TCP: " fmt 39 40 #include <net/tcp.h> 41 #include <net/mptcp.h> 42 43 #include <linux/compiler.h> 44 #include <linux/gfp.h> 45 #include <linux/module.h> 46 #include <linux/static_key.h> 47 48 #include <trace/events/tcp.h> 49 50 /* Refresh clocks of a TCP socket, 51 * ensuring monotically increasing values. 52 */ tcp_mstamp_refresh(struct tcp_sock * tp)53 void tcp_mstamp_refresh(struct tcp_sock *tp) 54 { 55 u64 val = tcp_clock_ns(); 56 57 tp->tcp_clock_cache = val; 58 tp->tcp_mstamp = div_u64(val, NSEC_PER_USEC); 59 } 60 61 static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle, 62 int push_one, gfp_t gfp); 63 64 /* Account for new data that has been sent to the network. */ tcp_event_new_data_sent(struct sock * sk,struct sk_buff * skb)65 static void tcp_event_new_data_sent(struct sock *sk, struct sk_buff *skb) 66 { 67 struct inet_connection_sock *icsk = inet_csk(sk); 68 struct tcp_sock *tp = tcp_sk(sk); 69 unsigned int prior_packets = tp->packets_out; 70 71 WRITE_ONCE(tp->snd_nxt, TCP_SKB_CB(skb)->end_seq); 72 73 __skb_unlink(skb, &sk->sk_write_queue); 74 tcp_rbtree_insert(&sk->tcp_rtx_queue, skb); 75 76 if (tp->highest_sack == NULL) 77 tp->highest_sack = skb; 78 79 tp->packets_out += tcp_skb_pcount(skb); 80 if (!prior_packets || icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) 81 tcp_rearm_rto(sk); 82 83 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPORIGDATASENT, 84 tcp_skb_pcount(skb)); 85 } 86 87 /* SND.NXT, if window was not shrunk or the amount of shrunk was less than one 88 * window scaling factor due to loss of precision. 89 * If window has been shrunk, what should we make? It is not clear at all. 90 * Using SND.UNA we will fail to open window, SND.NXT is out of window. :-( 91 * Anything in between SND.UNA...SND.UNA+SND.WND also can be already 92 * invalid. OK, let's make this for now: 93 */ tcp_acceptable_seq(const struct sock * sk)94 static inline __u32 tcp_acceptable_seq(const struct sock *sk) 95 { 96 const struct tcp_sock *tp = tcp_sk(sk); 97 98 if (!before(tcp_wnd_end(tp), tp->snd_nxt) || 99 (tp->rx_opt.wscale_ok && 100 ((tp->snd_nxt - tcp_wnd_end(tp)) < (1 << tp->rx_opt.rcv_wscale)))) 101 return tp->snd_nxt; 102 else 103 return tcp_wnd_end(tp); 104 } 105 106 /* Calculate mss to advertise in SYN segment. 107 * RFC1122, RFC1063, draft-ietf-tcpimpl-pmtud-01 state that: 108 * 109 * 1. It is independent of path mtu. 110 * 2. Ideally, it is maximal possible segment size i.e. 65535-40. 111 * 3. For IPv4 it is reasonable to calculate it from maximal MTU of 112 * attached devices, because some buggy hosts are confused by 113 * large MSS. 114 * 4. We do not make 3, we advertise MSS, calculated from first 115 * hop device mtu, but allow to raise it to ip_rt_min_advmss. 116 * This may be overridden via information stored in routing table. 117 * 5. Value 65535 for MSS is valid in IPv6 and means "as large as possible, 118 * probably even Jumbo". 119 */ tcp_advertise_mss(struct sock * sk)120 static __u16 tcp_advertise_mss(struct sock *sk) 121 { 122 struct tcp_sock *tp = tcp_sk(sk); 123 const struct dst_entry *dst = __sk_dst_get(sk); 124 int mss = tp->advmss; 125 126 if (dst) { 127 unsigned int metric = dst_metric_advmss(dst); 128 129 if (metric < mss) { 130 mss = metric; 131 tp->advmss = mss; 132 } 133 } 134 135 return (__u16)mss; 136 } 137 138 /* RFC2861. Reset CWND after idle period longer RTO to "restart window". 139 * This is the first part of cwnd validation mechanism. 140 */ tcp_cwnd_restart(struct sock * sk,s32 delta)141 void tcp_cwnd_restart(struct sock *sk, s32 delta) 142 { 143 struct tcp_sock *tp = tcp_sk(sk); 144 u32 restart_cwnd = tcp_init_cwnd(tp, __sk_dst_get(sk)); 145 u32 cwnd = tp->snd_cwnd; 146 147 tcp_ca_event(sk, CA_EVENT_CWND_RESTART); 148 149 tp->snd_ssthresh = tcp_current_ssthresh(sk); 150 restart_cwnd = min(restart_cwnd, cwnd); 151 152 while ((delta -= inet_csk(sk)->icsk_rto) > 0 && cwnd > restart_cwnd) 153 cwnd >>= 1; 154 tp->snd_cwnd = max(cwnd, restart_cwnd); 155 tp->snd_cwnd_stamp = tcp_jiffies32; 156 tp->snd_cwnd_used = 0; 157 } 158 159 /* Congestion state accounting after a packet has been sent. */ tcp_event_data_sent(struct tcp_sock * tp,struct sock * sk)160 static void tcp_event_data_sent(struct tcp_sock *tp, 161 struct sock *sk) 162 { 163 struct inet_connection_sock *icsk = inet_csk(sk); 164 const u32 now = tcp_jiffies32; 165 166 if (tcp_packets_in_flight(tp) == 0) 167 tcp_ca_event(sk, CA_EVENT_TX_START); 168 169 /* If this is the first data packet sent in response to the 170 * previous received data, 171 * and it is a reply for ato after last received packet, 172 * increase pingpong count. 173 */ 174 if (before(tp->lsndtime, icsk->icsk_ack.lrcvtime) && 175 (u32)(now - icsk->icsk_ack.lrcvtime) < icsk->icsk_ack.ato) 176 inet_csk_inc_pingpong_cnt(sk); 177 178 tp->lsndtime = now; 179 } 180 181 /* Account for an ACK we sent. */ tcp_event_ack_sent(struct sock * sk,unsigned int pkts,u32 rcv_nxt)182 static inline void tcp_event_ack_sent(struct sock *sk, unsigned int pkts, 183 u32 rcv_nxt) 184 { 185 struct tcp_sock *tp = tcp_sk(sk); 186 187 if (unlikely(tp->compressed_ack)) { 188 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPACKCOMPRESSED, 189 tp->compressed_ack); 190 tp->compressed_ack = 0; 191 if (hrtimer_try_to_cancel(&tp->compressed_ack_timer) == 1) 192 __sock_put(sk); 193 } 194 195 if (unlikely(rcv_nxt != tp->rcv_nxt)) 196 return; /* Special ACK sent by DCTCP to reflect ECN */ 197 tcp_dec_quickack_mode(sk, pkts); 198 inet_csk_clear_xmit_timer(sk, ICSK_TIME_DACK); 199 } 200 201 /* Determine a window scaling and initial window to offer. 202 * Based on the assumption that the given amount of space 203 * will be offered. Store the results in the tp structure. 204 * NOTE: for smooth operation initial space offering should 205 * be a multiple of mss if possible. We assume here that mss >= 1. 206 * This MUST be enforced by all callers. 207 */ tcp_select_initial_window(const struct sock * sk,int __space,__u32 mss,__u32 * rcv_wnd,__u32 * window_clamp,int wscale_ok,__u8 * rcv_wscale,__u32 init_rcv_wnd)208 void tcp_select_initial_window(const struct sock *sk, int __space, __u32 mss, 209 __u32 *rcv_wnd, __u32 *window_clamp, 210 int wscale_ok, __u8 *rcv_wscale, 211 __u32 init_rcv_wnd) 212 { 213 unsigned int space = (__space < 0 ? 0 : __space); 214 215 /* If no clamp set the clamp to the max possible scaled window */ 216 if (*window_clamp == 0) 217 (*window_clamp) = (U16_MAX << TCP_MAX_WSCALE); 218 space = min(*window_clamp, space); 219 220 /* Quantize space offering to a multiple of mss if possible. */ 221 if (space > mss) 222 space = rounddown(space, mss); 223 224 /* NOTE: offering an initial window larger than 32767 225 * will break some buggy TCP stacks. If the admin tells us 226 * it is likely we could be speaking with such a buggy stack 227 * we will truncate our initial window offering to 32K-1 228 * unless the remote has sent us a window scaling option, 229 * which we interpret as a sign the remote TCP is not 230 * misinterpreting the window field as a signed quantity. 231 */ 232 if (sock_net(sk)->ipv4.sysctl_tcp_workaround_signed_windows) 233 (*rcv_wnd) = min(space, MAX_TCP_WINDOW); 234 else 235 (*rcv_wnd) = min_t(u32, space, U16_MAX); 236 237 if (init_rcv_wnd) 238 *rcv_wnd = min(*rcv_wnd, init_rcv_wnd * mss); 239 240 *rcv_wscale = 0; 241 if (wscale_ok) { 242 /* Set window scaling on max possible window */ 243 space = max_t(u32, space, sock_net(sk)->ipv4.sysctl_tcp_rmem[2]); 244 space = max_t(u32, space, sysctl_rmem_max); 245 space = min_t(u32, space, *window_clamp); 246 *rcv_wscale = clamp_t(int, ilog2(space) - 15, 247 0, TCP_MAX_WSCALE); 248 } 249 /* Set the clamp no higher than max representable value */ 250 (*window_clamp) = min_t(__u32, U16_MAX << (*rcv_wscale), *window_clamp); 251 } 252 EXPORT_SYMBOL(tcp_select_initial_window); 253 254 /* Chose a new window to advertise, update state in tcp_sock for the 255 * socket, and return result with RFC1323 scaling applied. The return 256 * value can be stuffed directly into th->window for an outgoing 257 * frame. 258 */ tcp_select_window(struct sock * sk)259 static u16 tcp_select_window(struct sock *sk) 260 { 261 struct tcp_sock *tp = tcp_sk(sk); 262 u32 old_win = tp->rcv_wnd; 263 u32 cur_win = tcp_receive_window(tp); 264 u32 new_win = __tcp_select_window(sk); 265 266 /* Never shrink the offered window */ 267 if (new_win < cur_win) { 268 /* Danger Will Robinson! 269 * Don't update rcv_wup/rcv_wnd here or else 270 * we will not be able to advertise a zero 271 * window in time. --DaveM 272 * 273 * Relax Will Robinson. 274 */ 275 if (new_win == 0) 276 NET_INC_STATS(sock_net(sk), 277 LINUX_MIB_TCPWANTZEROWINDOWADV); 278 new_win = ALIGN(cur_win, 1 << tp->rx_opt.rcv_wscale); 279 } 280 tp->rcv_wnd = new_win; 281 tp->rcv_wup = tp->rcv_nxt; 282 283 /* Make sure we do not exceed the maximum possible 284 * scaled window. 285 */ 286 if (!tp->rx_opt.rcv_wscale && 287 sock_net(sk)->ipv4.sysctl_tcp_workaround_signed_windows) 288 new_win = min(new_win, MAX_TCP_WINDOW); 289 else 290 new_win = min(new_win, (65535U << tp->rx_opt.rcv_wscale)); 291 292 /* RFC1323 scaling applied */ 293 new_win >>= tp->rx_opt.rcv_wscale; 294 295 /* If we advertise zero window, disable fast path. */ 296 if (new_win == 0) { 297 tp->pred_flags = 0; 298 if (old_win) 299 NET_INC_STATS(sock_net(sk), 300 LINUX_MIB_TCPTOZEROWINDOWADV); 301 } else if (old_win == 0) { 302 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPFROMZEROWINDOWADV); 303 } 304 305 return new_win; 306 } 307 308 /* Packet ECN state for a SYN-ACK */ tcp_ecn_send_synack(struct sock * sk,struct sk_buff * skb)309 static void tcp_ecn_send_synack(struct sock *sk, struct sk_buff *skb) 310 { 311 const struct tcp_sock *tp = tcp_sk(sk); 312 313 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_CWR; 314 if (!(tp->ecn_flags & TCP_ECN_OK)) 315 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_ECE; 316 else if (tcp_ca_needs_ecn(sk) || 317 tcp_bpf_ca_needs_ecn(sk)) 318 INET_ECN_xmit(sk); 319 } 320 321 /* Packet ECN state for a SYN. */ tcp_ecn_send_syn(struct sock * sk,struct sk_buff * skb)322 static void tcp_ecn_send_syn(struct sock *sk, struct sk_buff *skb) 323 { 324 struct tcp_sock *tp = tcp_sk(sk); 325 bool bpf_needs_ecn = tcp_bpf_ca_needs_ecn(sk); 326 bool use_ecn = sock_net(sk)->ipv4.sysctl_tcp_ecn == 1 || 327 tcp_ca_needs_ecn(sk) || bpf_needs_ecn; 328 329 if (!use_ecn) { 330 const struct dst_entry *dst = __sk_dst_get(sk); 331 332 if (dst && dst_feature(dst, RTAX_FEATURE_ECN)) 333 use_ecn = true; 334 } 335 336 tp->ecn_flags = 0; 337 338 if (use_ecn) { 339 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_ECE | TCPHDR_CWR; 340 tp->ecn_flags = TCP_ECN_OK; 341 if (tcp_ca_needs_ecn(sk) || bpf_needs_ecn) 342 INET_ECN_xmit(sk); 343 } 344 } 345 tcp_ecn_clear_syn(struct sock * sk,struct sk_buff * skb)346 static void tcp_ecn_clear_syn(struct sock *sk, struct sk_buff *skb) 347 { 348 if (sock_net(sk)->ipv4.sysctl_tcp_ecn_fallback) 349 /* tp->ecn_flags are cleared at a later point in time when 350 * SYN ACK is ultimatively being received. 351 */ 352 TCP_SKB_CB(skb)->tcp_flags &= ~(TCPHDR_ECE | TCPHDR_CWR); 353 } 354 355 static void tcp_ecn_make_synack(const struct request_sock * req,struct tcphdr * th)356 tcp_ecn_make_synack(const struct request_sock *req, struct tcphdr *th) 357 { 358 if (inet_rsk(req)->ecn_ok) 359 th->ece = 1; 360 } 361 362 /* Set up ECN state for a packet on a ESTABLISHED socket that is about to 363 * be sent. 364 */ tcp_ecn_send(struct sock * sk,struct sk_buff * skb,struct tcphdr * th,int tcp_header_len)365 static void tcp_ecn_send(struct sock *sk, struct sk_buff *skb, 366 struct tcphdr *th, int tcp_header_len) 367 { 368 struct tcp_sock *tp = tcp_sk(sk); 369 370 if (tp->ecn_flags & TCP_ECN_OK) { 371 /* Not-retransmitted data segment: set ECT and inject CWR. */ 372 if (skb->len != tcp_header_len && 373 !before(TCP_SKB_CB(skb)->seq, tp->snd_nxt)) { 374 INET_ECN_xmit(sk); 375 if (tp->ecn_flags & TCP_ECN_QUEUE_CWR) { 376 tp->ecn_flags &= ~TCP_ECN_QUEUE_CWR; 377 th->cwr = 1; 378 skb_shinfo(skb)->gso_type |= SKB_GSO_TCP_ECN; 379 } 380 } else if (!tcp_ca_needs_ecn(sk)) { 381 /* ACK or retransmitted segment: clear ECT|CE */ 382 INET_ECN_dontxmit(sk); 383 } 384 if (tp->ecn_flags & TCP_ECN_DEMAND_CWR) 385 th->ece = 1; 386 } 387 } 388 389 /* Constructs common control bits of non-data skb. If SYN/FIN is present, 390 * auto increment end seqno. 391 */ tcp_init_nondata_skb(struct sk_buff * skb,u32 seq,u8 flags)392 static void tcp_init_nondata_skb(struct sk_buff *skb, u32 seq, u8 flags) 393 { 394 skb->ip_summed = CHECKSUM_PARTIAL; 395 396 TCP_SKB_CB(skb)->tcp_flags = flags; 397 TCP_SKB_CB(skb)->sacked = 0; 398 399 tcp_skb_pcount_set(skb, 1); 400 401 TCP_SKB_CB(skb)->seq = seq; 402 if (flags & (TCPHDR_SYN | TCPHDR_FIN)) 403 seq++; 404 TCP_SKB_CB(skb)->end_seq = seq; 405 } 406 tcp_urg_mode(const struct tcp_sock * tp)407 static inline bool tcp_urg_mode(const struct tcp_sock *tp) 408 { 409 return tp->snd_una != tp->snd_up; 410 } 411 412 #define OPTION_SACK_ADVERTISE (1 << 0) 413 #define OPTION_TS (1 << 1) 414 #define OPTION_MD5 (1 << 2) 415 #define OPTION_WSCALE (1 << 3) 416 #define OPTION_FAST_OPEN_COOKIE (1 << 8) 417 #define OPTION_SMC (1 << 9) 418 #define OPTION_MPTCP (1 << 10) 419 smc_options_write(__be32 * ptr,u16 * options)420 static void smc_options_write(__be32 *ptr, u16 *options) 421 { 422 #if IS_ENABLED(CONFIG_SMC) 423 if (static_branch_unlikely(&tcp_have_smc)) { 424 if (unlikely(OPTION_SMC & *options)) { 425 *ptr++ = htonl((TCPOPT_NOP << 24) | 426 (TCPOPT_NOP << 16) | 427 (TCPOPT_EXP << 8) | 428 (TCPOLEN_EXP_SMC_BASE)); 429 *ptr++ = htonl(TCPOPT_SMC_MAGIC); 430 } 431 } 432 #endif 433 } 434 435 struct tcp_out_options { 436 u16 options; /* bit field of OPTION_* */ 437 u16 mss; /* 0 to disable */ 438 u8 ws; /* window scale, 0 to disable */ 439 u8 num_sack_blocks; /* number of SACK blocks to include */ 440 u8 hash_size; /* bytes in hash_location */ 441 u8 bpf_opt_len; /* length of BPF hdr option */ 442 __u8 *hash_location; /* temporary pointer, overloaded */ 443 __u32 tsval, tsecr; /* need to include OPTION_TS */ 444 struct tcp_fastopen_cookie *fastopen_cookie; /* Fast open cookie */ 445 struct mptcp_out_options mptcp; 446 }; 447 mptcp_options_write(__be32 * ptr,struct tcp_out_options * opts)448 static void mptcp_options_write(__be32 *ptr, struct tcp_out_options *opts) 449 { 450 #if IS_ENABLED(CONFIG_MPTCP) 451 if (unlikely(OPTION_MPTCP & opts->options)) 452 mptcp_write_options(ptr, &opts->mptcp); 453 #endif 454 } 455 456 #ifdef CONFIG_CGROUP_BPF bpf_skops_write_hdr_opt_arg0(struct sk_buff * skb,enum tcp_synack_type synack_type)457 static int bpf_skops_write_hdr_opt_arg0(struct sk_buff *skb, 458 enum tcp_synack_type synack_type) 459 { 460 if (unlikely(!skb)) 461 return BPF_WRITE_HDR_TCP_CURRENT_MSS; 462 463 if (unlikely(synack_type == TCP_SYNACK_COOKIE)) 464 return BPF_WRITE_HDR_TCP_SYNACK_COOKIE; 465 466 return 0; 467 } 468 469 /* req, syn_skb and synack_type are used when writing synack */ bpf_skops_hdr_opt_len(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct sk_buff * syn_skb,enum tcp_synack_type synack_type,struct tcp_out_options * opts,unsigned int * remaining)470 static void bpf_skops_hdr_opt_len(struct sock *sk, struct sk_buff *skb, 471 struct request_sock *req, 472 struct sk_buff *syn_skb, 473 enum tcp_synack_type synack_type, 474 struct tcp_out_options *opts, 475 unsigned int *remaining) 476 { 477 struct bpf_sock_ops_kern sock_ops; 478 int err; 479 480 if (likely(!BPF_SOCK_OPS_TEST_FLAG(tcp_sk(sk), 481 BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG)) || 482 !*remaining) 483 return; 484 485 /* *remaining has already been aligned to 4 bytes, so *remaining >= 4 */ 486 487 /* init sock_ops */ 488 memset(&sock_ops, 0, offsetof(struct bpf_sock_ops_kern, temp)); 489 490 sock_ops.op = BPF_SOCK_OPS_HDR_OPT_LEN_CB; 491 492 if (req) { 493 /* The listen "sk" cannot be passed here because 494 * it is not locked. It would not make too much 495 * sense to do bpf_setsockopt(listen_sk) based 496 * on individual connection request also. 497 * 498 * Thus, "req" is passed here and the cgroup-bpf-progs 499 * of the listen "sk" will be run. 500 * 501 * "req" is also used here for fastopen even the "sk" here is 502 * a fullsock "child" sk. It is to keep the behavior 503 * consistent between fastopen and non-fastopen on 504 * the bpf programming side. 505 */ 506 sock_ops.sk = (struct sock *)req; 507 sock_ops.syn_skb = syn_skb; 508 } else { 509 sock_owned_by_me(sk); 510 511 sock_ops.is_fullsock = 1; 512 sock_ops.sk = sk; 513 } 514 515 sock_ops.args[0] = bpf_skops_write_hdr_opt_arg0(skb, synack_type); 516 sock_ops.remaining_opt_len = *remaining; 517 /* tcp_current_mss() does not pass a skb */ 518 if (skb) 519 bpf_skops_init_skb(&sock_ops, skb, 0); 520 521 err = BPF_CGROUP_RUN_PROG_SOCK_OPS_SK(&sock_ops, sk); 522 523 if (err || sock_ops.remaining_opt_len == *remaining) 524 return; 525 526 opts->bpf_opt_len = *remaining - sock_ops.remaining_opt_len; 527 /* round up to 4 bytes */ 528 opts->bpf_opt_len = (opts->bpf_opt_len + 3) & ~3; 529 530 *remaining -= opts->bpf_opt_len; 531 } 532 bpf_skops_write_hdr_opt(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct sk_buff * syn_skb,enum tcp_synack_type synack_type,struct tcp_out_options * opts)533 static void bpf_skops_write_hdr_opt(struct sock *sk, struct sk_buff *skb, 534 struct request_sock *req, 535 struct sk_buff *syn_skb, 536 enum tcp_synack_type synack_type, 537 struct tcp_out_options *opts) 538 { 539 u8 first_opt_off, nr_written, max_opt_len = opts->bpf_opt_len; 540 struct bpf_sock_ops_kern sock_ops; 541 int err; 542 543 if (likely(!max_opt_len)) 544 return; 545 546 memset(&sock_ops, 0, offsetof(struct bpf_sock_ops_kern, temp)); 547 548 sock_ops.op = BPF_SOCK_OPS_WRITE_HDR_OPT_CB; 549 550 if (req) { 551 sock_ops.sk = (struct sock *)req; 552 sock_ops.syn_skb = syn_skb; 553 } else { 554 sock_owned_by_me(sk); 555 556 sock_ops.is_fullsock = 1; 557 sock_ops.sk = sk; 558 } 559 560 sock_ops.args[0] = bpf_skops_write_hdr_opt_arg0(skb, synack_type); 561 sock_ops.remaining_opt_len = max_opt_len; 562 first_opt_off = tcp_hdrlen(skb) - max_opt_len; 563 bpf_skops_init_skb(&sock_ops, skb, first_opt_off); 564 565 err = BPF_CGROUP_RUN_PROG_SOCK_OPS_SK(&sock_ops, sk); 566 567 if (err) 568 nr_written = 0; 569 else 570 nr_written = max_opt_len - sock_ops.remaining_opt_len; 571 572 if (nr_written < max_opt_len) 573 memset(skb->data + first_opt_off + nr_written, TCPOPT_NOP, 574 max_opt_len - nr_written); 575 } 576 #else bpf_skops_hdr_opt_len(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct sk_buff * syn_skb,enum tcp_synack_type synack_type,struct tcp_out_options * opts,unsigned int * remaining)577 static void bpf_skops_hdr_opt_len(struct sock *sk, struct sk_buff *skb, 578 struct request_sock *req, 579 struct sk_buff *syn_skb, 580 enum tcp_synack_type synack_type, 581 struct tcp_out_options *opts, 582 unsigned int *remaining) 583 { 584 } 585 bpf_skops_write_hdr_opt(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct sk_buff * syn_skb,enum tcp_synack_type synack_type,struct tcp_out_options * opts)586 static void bpf_skops_write_hdr_opt(struct sock *sk, struct sk_buff *skb, 587 struct request_sock *req, 588 struct sk_buff *syn_skb, 589 enum tcp_synack_type synack_type, 590 struct tcp_out_options *opts) 591 { 592 } 593 #endif 594 595 /* Write previously computed TCP options to the packet. 596 * 597 * Beware: Something in the Internet is very sensitive to the ordering of 598 * TCP options, we learned this through the hard way, so be careful here. 599 * Luckily we can at least blame others for their non-compliance but from 600 * inter-operability perspective it seems that we're somewhat stuck with 601 * the ordering which we have been using if we want to keep working with 602 * those broken things (not that it currently hurts anybody as there isn't 603 * particular reason why the ordering would need to be changed). 604 * 605 * At least SACK_PERM as the first option is known to lead to a disaster 606 * (but it may well be that other scenarios fail similarly). 607 */ tcp_options_write(__be32 * ptr,struct tcp_sock * tp,struct tcp_out_options * opts)608 static void tcp_options_write(__be32 *ptr, struct tcp_sock *tp, 609 struct tcp_out_options *opts) 610 { 611 u16 options = opts->options; /* mungable copy */ 612 613 if (unlikely(OPTION_MD5 & options)) { 614 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 615 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 616 /* overload cookie hash location */ 617 opts->hash_location = (__u8 *)ptr; 618 ptr += 4; 619 } 620 621 if (unlikely(opts->mss)) { 622 *ptr++ = htonl((TCPOPT_MSS << 24) | 623 (TCPOLEN_MSS << 16) | 624 opts->mss); 625 } 626 627 if (likely(OPTION_TS & options)) { 628 if (unlikely(OPTION_SACK_ADVERTISE & options)) { 629 *ptr++ = htonl((TCPOPT_SACK_PERM << 24) | 630 (TCPOLEN_SACK_PERM << 16) | 631 (TCPOPT_TIMESTAMP << 8) | 632 TCPOLEN_TIMESTAMP); 633 options &= ~OPTION_SACK_ADVERTISE; 634 } else { 635 *ptr++ = htonl((TCPOPT_NOP << 24) | 636 (TCPOPT_NOP << 16) | 637 (TCPOPT_TIMESTAMP << 8) | 638 TCPOLEN_TIMESTAMP); 639 } 640 *ptr++ = htonl(opts->tsval); 641 *ptr++ = htonl(opts->tsecr); 642 } 643 644 if (unlikely(OPTION_SACK_ADVERTISE & options)) { 645 *ptr++ = htonl((TCPOPT_NOP << 24) | 646 (TCPOPT_NOP << 16) | 647 (TCPOPT_SACK_PERM << 8) | 648 TCPOLEN_SACK_PERM); 649 } 650 651 if (unlikely(OPTION_WSCALE & options)) { 652 *ptr++ = htonl((TCPOPT_NOP << 24) | 653 (TCPOPT_WINDOW << 16) | 654 (TCPOLEN_WINDOW << 8) | 655 opts->ws); 656 } 657 658 if (unlikely(opts->num_sack_blocks)) { 659 struct tcp_sack_block *sp = tp->rx_opt.dsack ? 660 tp->duplicate_sack : tp->selective_acks; 661 int this_sack; 662 663 *ptr++ = htonl((TCPOPT_NOP << 24) | 664 (TCPOPT_NOP << 16) | 665 (TCPOPT_SACK << 8) | 666 (TCPOLEN_SACK_BASE + (opts->num_sack_blocks * 667 TCPOLEN_SACK_PERBLOCK))); 668 669 for (this_sack = 0; this_sack < opts->num_sack_blocks; 670 ++this_sack) { 671 *ptr++ = htonl(sp[this_sack].start_seq); 672 *ptr++ = htonl(sp[this_sack].end_seq); 673 } 674 675 tp->rx_opt.dsack = 0; 676 } 677 678 if (unlikely(OPTION_FAST_OPEN_COOKIE & options)) { 679 struct tcp_fastopen_cookie *foc = opts->fastopen_cookie; 680 u8 *p = (u8 *)ptr; 681 u32 len; /* Fast Open option length */ 682 683 if (foc->exp) { 684 len = TCPOLEN_EXP_FASTOPEN_BASE + foc->len; 685 *ptr = htonl((TCPOPT_EXP << 24) | (len << 16) | 686 TCPOPT_FASTOPEN_MAGIC); 687 p += TCPOLEN_EXP_FASTOPEN_BASE; 688 } else { 689 len = TCPOLEN_FASTOPEN_BASE + foc->len; 690 *p++ = TCPOPT_FASTOPEN; 691 *p++ = len; 692 } 693 694 memcpy(p, foc->val, foc->len); 695 if ((len & 3) == 2) { 696 p[foc->len] = TCPOPT_NOP; 697 p[foc->len + 1] = TCPOPT_NOP; 698 } 699 ptr += (len + 3) >> 2; 700 } 701 702 smc_options_write(ptr, &options); 703 704 mptcp_options_write(ptr, opts); 705 } 706 smc_set_option(const struct tcp_sock * tp,struct tcp_out_options * opts,unsigned int * remaining)707 static void smc_set_option(const struct tcp_sock *tp, 708 struct tcp_out_options *opts, 709 unsigned int *remaining) 710 { 711 #if IS_ENABLED(CONFIG_SMC) 712 if (static_branch_unlikely(&tcp_have_smc)) { 713 if (tp->syn_smc) { 714 if (*remaining >= TCPOLEN_EXP_SMC_BASE_ALIGNED) { 715 opts->options |= OPTION_SMC; 716 *remaining -= TCPOLEN_EXP_SMC_BASE_ALIGNED; 717 } 718 } 719 } 720 #endif 721 } 722 smc_set_option_cond(const struct tcp_sock * tp,const struct inet_request_sock * ireq,struct tcp_out_options * opts,unsigned int * remaining)723 static void smc_set_option_cond(const struct tcp_sock *tp, 724 const struct inet_request_sock *ireq, 725 struct tcp_out_options *opts, 726 unsigned int *remaining) 727 { 728 #if IS_ENABLED(CONFIG_SMC) 729 if (static_branch_unlikely(&tcp_have_smc)) { 730 if (tp->syn_smc && ireq->smc_ok) { 731 if (*remaining >= TCPOLEN_EXP_SMC_BASE_ALIGNED) { 732 opts->options |= OPTION_SMC; 733 *remaining -= TCPOLEN_EXP_SMC_BASE_ALIGNED; 734 } 735 } 736 } 737 #endif 738 } 739 mptcp_set_option_cond(const struct request_sock * req,struct tcp_out_options * opts,unsigned int * remaining)740 static void mptcp_set_option_cond(const struct request_sock *req, 741 struct tcp_out_options *opts, 742 unsigned int *remaining) 743 { 744 if (rsk_is_mptcp(req)) { 745 unsigned int size; 746 747 if (mptcp_synack_options(req, &size, &opts->mptcp)) { 748 if (*remaining >= size) { 749 opts->options |= OPTION_MPTCP; 750 *remaining -= size; 751 } 752 } 753 } 754 } 755 756 /* Compute TCP options for SYN packets. This is not the final 757 * network wire format yet. 758 */ tcp_syn_options(struct sock * sk,struct sk_buff * skb,struct tcp_out_options * opts,struct tcp_md5sig_key ** md5)759 static unsigned int tcp_syn_options(struct sock *sk, struct sk_buff *skb, 760 struct tcp_out_options *opts, 761 struct tcp_md5sig_key **md5) 762 { 763 struct tcp_sock *tp = tcp_sk(sk); 764 unsigned int remaining = MAX_TCP_OPTION_SPACE; 765 struct tcp_fastopen_request *fastopen = tp->fastopen_req; 766 767 *md5 = NULL; 768 #ifdef CONFIG_TCP_MD5SIG 769 if (static_branch_unlikely(&tcp_md5_needed) && 770 rcu_access_pointer(tp->md5sig_info)) { 771 *md5 = tp->af_specific->md5_lookup(sk, sk); 772 if (*md5) { 773 opts->options |= OPTION_MD5; 774 remaining -= TCPOLEN_MD5SIG_ALIGNED; 775 } 776 } 777 #endif 778 779 /* We always get an MSS option. The option bytes which will be seen in 780 * normal data packets should timestamps be used, must be in the MSS 781 * advertised. But we subtract them from tp->mss_cache so that 782 * calculations in tcp_sendmsg are simpler etc. So account for this 783 * fact here if necessary. If we don't do this correctly, as a 784 * receiver we won't recognize data packets as being full sized when we 785 * should, and thus we won't abide by the delayed ACK rules correctly. 786 * SACKs don't matter, we never delay an ACK when we have any of those 787 * going out. */ 788 opts->mss = tcp_advertise_mss(sk); 789 remaining -= TCPOLEN_MSS_ALIGNED; 790 791 if (likely(sock_net(sk)->ipv4.sysctl_tcp_timestamps && !*md5)) { 792 opts->options |= OPTION_TS; 793 opts->tsval = tcp_skb_timestamp(skb) + tp->tsoffset; 794 opts->tsecr = tp->rx_opt.ts_recent; 795 remaining -= TCPOLEN_TSTAMP_ALIGNED; 796 } 797 if (likely(sock_net(sk)->ipv4.sysctl_tcp_window_scaling)) { 798 opts->ws = tp->rx_opt.rcv_wscale; 799 opts->options |= OPTION_WSCALE; 800 remaining -= TCPOLEN_WSCALE_ALIGNED; 801 } 802 if (likely(sock_net(sk)->ipv4.sysctl_tcp_sack)) { 803 opts->options |= OPTION_SACK_ADVERTISE; 804 if (unlikely(!(OPTION_TS & opts->options))) 805 remaining -= TCPOLEN_SACKPERM_ALIGNED; 806 } 807 808 if (fastopen && fastopen->cookie.len >= 0) { 809 u32 need = fastopen->cookie.len; 810 811 need += fastopen->cookie.exp ? TCPOLEN_EXP_FASTOPEN_BASE : 812 TCPOLEN_FASTOPEN_BASE; 813 need = (need + 3) & ~3U; /* Align to 32 bits */ 814 if (remaining >= need) { 815 opts->options |= OPTION_FAST_OPEN_COOKIE; 816 opts->fastopen_cookie = &fastopen->cookie; 817 remaining -= need; 818 tp->syn_fastopen = 1; 819 tp->syn_fastopen_exp = fastopen->cookie.exp ? 1 : 0; 820 } 821 } 822 823 smc_set_option(tp, opts, &remaining); 824 825 if (sk_is_mptcp(sk)) { 826 unsigned int size; 827 828 if (mptcp_syn_options(sk, skb, &size, &opts->mptcp)) { 829 opts->options |= OPTION_MPTCP; 830 remaining -= size; 831 } 832 } 833 834 bpf_skops_hdr_opt_len(sk, skb, NULL, NULL, 0, opts, &remaining); 835 836 return MAX_TCP_OPTION_SPACE - remaining; 837 } 838 839 /* Set up TCP options for SYN-ACKs. */ tcp_synack_options(const struct sock * sk,struct request_sock * req,unsigned int mss,struct sk_buff * skb,struct tcp_out_options * opts,const struct tcp_md5sig_key * md5,struct tcp_fastopen_cookie * foc,enum tcp_synack_type synack_type,struct sk_buff * syn_skb)840 static unsigned int tcp_synack_options(const struct sock *sk, 841 struct request_sock *req, 842 unsigned int mss, struct sk_buff *skb, 843 struct tcp_out_options *opts, 844 const struct tcp_md5sig_key *md5, 845 struct tcp_fastopen_cookie *foc, 846 enum tcp_synack_type synack_type, 847 struct sk_buff *syn_skb) 848 { 849 struct inet_request_sock *ireq = inet_rsk(req); 850 unsigned int remaining = MAX_TCP_OPTION_SPACE; 851 852 #ifdef CONFIG_TCP_MD5SIG 853 if (md5) { 854 opts->options |= OPTION_MD5; 855 remaining -= TCPOLEN_MD5SIG_ALIGNED; 856 857 /* We can't fit any SACK blocks in a packet with MD5 + TS 858 * options. There was discussion about disabling SACK 859 * rather than TS in order to fit in better with old, 860 * buggy kernels, but that was deemed to be unnecessary. 861 */ 862 if (synack_type != TCP_SYNACK_COOKIE) 863 ireq->tstamp_ok &= !ireq->sack_ok; 864 } 865 #endif 866 867 /* We always send an MSS option. */ 868 opts->mss = mss; 869 remaining -= TCPOLEN_MSS_ALIGNED; 870 871 if (likely(ireq->wscale_ok)) { 872 opts->ws = ireq->rcv_wscale; 873 opts->options |= OPTION_WSCALE; 874 remaining -= TCPOLEN_WSCALE_ALIGNED; 875 } 876 if (likely(ireq->tstamp_ok)) { 877 opts->options |= OPTION_TS; 878 opts->tsval = tcp_skb_timestamp(skb) + tcp_rsk(req)->ts_off; 879 opts->tsecr = req->ts_recent; 880 remaining -= TCPOLEN_TSTAMP_ALIGNED; 881 } 882 if (likely(ireq->sack_ok)) { 883 opts->options |= OPTION_SACK_ADVERTISE; 884 if (unlikely(!ireq->tstamp_ok)) 885 remaining -= TCPOLEN_SACKPERM_ALIGNED; 886 } 887 if (foc != NULL && foc->len >= 0) { 888 u32 need = foc->len; 889 890 need += foc->exp ? TCPOLEN_EXP_FASTOPEN_BASE : 891 TCPOLEN_FASTOPEN_BASE; 892 need = (need + 3) & ~3U; /* Align to 32 bits */ 893 if (remaining >= need) { 894 opts->options |= OPTION_FAST_OPEN_COOKIE; 895 opts->fastopen_cookie = foc; 896 remaining -= need; 897 } 898 } 899 900 mptcp_set_option_cond(req, opts, &remaining); 901 902 smc_set_option_cond(tcp_sk(sk), ireq, opts, &remaining); 903 904 bpf_skops_hdr_opt_len((struct sock *)sk, skb, req, syn_skb, 905 synack_type, opts, &remaining); 906 907 return MAX_TCP_OPTION_SPACE - remaining; 908 } 909 910 /* Compute TCP options for ESTABLISHED sockets. This is not the 911 * final wire format yet. 912 */ tcp_established_options(struct sock * sk,struct sk_buff * skb,struct tcp_out_options * opts,struct tcp_md5sig_key ** md5)913 static unsigned int tcp_established_options(struct sock *sk, struct sk_buff *skb, 914 struct tcp_out_options *opts, 915 struct tcp_md5sig_key **md5) 916 { 917 struct tcp_sock *tp = tcp_sk(sk); 918 unsigned int size = 0; 919 unsigned int eff_sacks; 920 921 opts->options = 0; 922 923 *md5 = NULL; 924 #ifdef CONFIG_TCP_MD5SIG 925 if (static_branch_unlikely(&tcp_md5_needed) && 926 rcu_access_pointer(tp->md5sig_info)) { 927 *md5 = tp->af_specific->md5_lookup(sk, sk); 928 if (*md5) { 929 opts->options |= OPTION_MD5; 930 size += TCPOLEN_MD5SIG_ALIGNED; 931 } 932 } 933 #endif 934 935 if (likely(tp->rx_opt.tstamp_ok)) { 936 opts->options |= OPTION_TS; 937 opts->tsval = skb ? tcp_skb_timestamp(skb) + tp->tsoffset : 0; 938 opts->tsecr = tp->rx_opt.ts_recent; 939 size += TCPOLEN_TSTAMP_ALIGNED; 940 } 941 942 /* MPTCP options have precedence over SACK for the limited TCP 943 * option space because a MPTCP connection would be forced to 944 * fall back to regular TCP if a required multipath option is 945 * missing. SACK still gets a chance to use whatever space is 946 * left. 947 */ 948 if (sk_is_mptcp(sk)) { 949 unsigned int remaining = MAX_TCP_OPTION_SPACE - size; 950 unsigned int opt_size = 0; 951 952 if (mptcp_established_options(sk, skb, &opt_size, remaining, 953 &opts->mptcp)) { 954 opts->options |= OPTION_MPTCP; 955 size += opt_size; 956 } 957 } 958 959 eff_sacks = tp->rx_opt.num_sacks + tp->rx_opt.dsack; 960 if (unlikely(eff_sacks)) { 961 const unsigned int remaining = MAX_TCP_OPTION_SPACE - size; 962 if (unlikely(remaining < TCPOLEN_SACK_BASE_ALIGNED + 963 TCPOLEN_SACK_PERBLOCK)) 964 return size; 965 966 opts->num_sack_blocks = 967 min_t(unsigned int, eff_sacks, 968 (remaining - TCPOLEN_SACK_BASE_ALIGNED) / 969 TCPOLEN_SACK_PERBLOCK); 970 971 size += TCPOLEN_SACK_BASE_ALIGNED + 972 opts->num_sack_blocks * TCPOLEN_SACK_PERBLOCK; 973 } 974 975 if (unlikely(BPF_SOCK_OPS_TEST_FLAG(tp, 976 BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG))) { 977 unsigned int remaining = MAX_TCP_OPTION_SPACE - size; 978 979 bpf_skops_hdr_opt_len(sk, skb, NULL, NULL, 0, opts, &remaining); 980 981 size = MAX_TCP_OPTION_SPACE - remaining; 982 } 983 984 return size; 985 } 986 987 988 /* TCP SMALL QUEUES (TSQ) 989 * 990 * TSQ goal is to keep small amount of skbs per tcp flow in tx queues (qdisc+dev) 991 * to reduce RTT and bufferbloat. 992 * We do this using a special skb destructor (tcp_wfree). 993 * 994 * Its important tcp_wfree() can be replaced by sock_wfree() in the event skb 995 * needs to be reallocated in a driver. 996 * The invariant being skb->truesize subtracted from sk->sk_wmem_alloc 997 * 998 * Since transmit from skb destructor is forbidden, we use a tasklet 999 * to process all sockets that eventually need to send more skbs. 1000 * We use one tasklet per cpu, with its own queue of sockets. 1001 */ 1002 struct tsq_tasklet { 1003 struct tasklet_struct tasklet; 1004 struct list_head head; /* queue of tcp sockets */ 1005 }; 1006 static DEFINE_PER_CPU(struct tsq_tasklet, tsq_tasklet); 1007 tcp_tsq_write(struct sock * sk)1008 static void tcp_tsq_write(struct sock *sk) 1009 { 1010 if ((1 << sk->sk_state) & 1011 (TCPF_ESTABLISHED | TCPF_FIN_WAIT1 | TCPF_CLOSING | 1012 TCPF_CLOSE_WAIT | TCPF_LAST_ACK)) { 1013 struct tcp_sock *tp = tcp_sk(sk); 1014 1015 if (tp->lost_out > tp->retrans_out && 1016 tp->snd_cwnd > tcp_packets_in_flight(tp)) { 1017 tcp_mstamp_refresh(tp); 1018 tcp_xmit_retransmit_queue(sk); 1019 } 1020 1021 tcp_write_xmit(sk, tcp_current_mss(sk), tp->nonagle, 1022 0, GFP_ATOMIC); 1023 } 1024 } 1025 tcp_tsq_handler(struct sock * sk)1026 static void tcp_tsq_handler(struct sock *sk) 1027 { 1028 bh_lock_sock(sk); 1029 if (!sock_owned_by_user(sk)) 1030 tcp_tsq_write(sk); 1031 else if (!test_and_set_bit(TCP_TSQ_DEFERRED, &sk->sk_tsq_flags)) 1032 sock_hold(sk); 1033 bh_unlock_sock(sk); 1034 } 1035 /* 1036 * One tasklet per cpu tries to send more skbs. 1037 * We run in tasklet context but need to disable irqs when 1038 * transferring tsq->head because tcp_wfree() might 1039 * interrupt us (non NAPI drivers) 1040 */ tcp_tasklet_func(unsigned long data)1041 static void tcp_tasklet_func(unsigned long data) 1042 { 1043 struct tsq_tasklet *tsq = (struct tsq_tasklet *)data; 1044 LIST_HEAD(list); 1045 unsigned long flags; 1046 struct list_head *q, *n; 1047 struct tcp_sock *tp; 1048 struct sock *sk; 1049 1050 local_irq_save(flags); 1051 list_splice_init(&tsq->head, &list); 1052 local_irq_restore(flags); 1053 1054 list_for_each_safe(q, n, &list) { 1055 tp = list_entry(q, struct tcp_sock, tsq_node); 1056 list_del(&tp->tsq_node); 1057 1058 sk = (struct sock *)tp; 1059 smp_mb__before_atomic(); 1060 clear_bit(TSQ_QUEUED, &sk->sk_tsq_flags); 1061 1062 tcp_tsq_handler(sk); 1063 sk_free(sk); 1064 } 1065 } 1066 1067 #define TCP_DEFERRED_ALL (TCPF_TSQ_DEFERRED | \ 1068 TCPF_WRITE_TIMER_DEFERRED | \ 1069 TCPF_DELACK_TIMER_DEFERRED | \ 1070 TCPF_MTU_REDUCED_DEFERRED) 1071 /** 1072 * tcp_release_cb - tcp release_sock() callback 1073 * @sk: socket 1074 * 1075 * called from release_sock() to perform protocol dependent 1076 * actions before socket release. 1077 */ tcp_release_cb(struct sock * sk)1078 void tcp_release_cb(struct sock *sk) 1079 { 1080 unsigned long flags, nflags; 1081 1082 /* perform an atomic operation only if at least one flag is set */ 1083 do { 1084 flags = sk->sk_tsq_flags; 1085 if (!(flags & TCP_DEFERRED_ALL)) 1086 return; 1087 nflags = flags & ~TCP_DEFERRED_ALL; 1088 } while (cmpxchg(&sk->sk_tsq_flags, flags, nflags) != flags); 1089 1090 if (flags & TCPF_TSQ_DEFERRED) { 1091 tcp_tsq_write(sk); 1092 __sock_put(sk); 1093 } 1094 /* Here begins the tricky part : 1095 * We are called from release_sock() with : 1096 * 1) BH disabled 1097 * 2) sk_lock.slock spinlock held 1098 * 3) socket owned by us (sk->sk_lock.owned == 1) 1099 * 1100 * But following code is meant to be called from BH handlers, 1101 * so we should keep BH disabled, but early release socket ownership 1102 */ 1103 sock_release_ownership(sk); 1104 1105 if (flags & TCPF_WRITE_TIMER_DEFERRED) { 1106 tcp_write_timer_handler(sk); 1107 __sock_put(sk); 1108 } 1109 if (flags & TCPF_DELACK_TIMER_DEFERRED) { 1110 tcp_delack_timer_handler(sk); 1111 __sock_put(sk); 1112 } 1113 if (flags & TCPF_MTU_REDUCED_DEFERRED) { 1114 inet_csk(sk)->icsk_af_ops->mtu_reduced(sk); 1115 __sock_put(sk); 1116 } 1117 } 1118 EXPORT_SYMBOL(tcp_release_cb); 1119 tcp_tasklet_init(void)1120 void __init tcp_tasklet_init(void) 1121 { 1122 int i; 1123 1124 for_each_possible_cpu(i) { 1125 struct tsq_tasklet *tsq = &per_cpu(tsq_tasklet, i); 1126 1127 INIT_LIST_HEAD(&tsq->head); 1128 tasklet_init(&tsq->tasklet, 1129 tcp_tasklet_func, 1130 (unsigned long)tsq); 1131 } 1132 } 1133 1134 /* 1135 * Write buffer destructor automatically called from kfree_skb. 1136 * We can't xmit new skbs from this context, as we might already 1137 * hold qdisc lock. 1138 */ tcp_wfree(struct sk_buff * skb)1139 void tcp_wfree(struct sk_buff *skb) 1140 { 1141 struct sock *sk = skb->sk; 1142 struct tcp_sock *tp = tcp_sk(sk); 1143 unsigned long flags, nval, oval; 1144 1145 /* Keep one reference on sk_wmem_alloc. 1146 * Will be released by sk_free() from here or tcp_tasklet_func() 1147 */ 1148 WARN_ON(refcount_sub_and_test(skb->truesize - 1, &sk->sk_wmem_alloc)); 1149 1150 /* If this softirq is serviced by ksoftirqd, we are likely under stress. 1151 * Wait until our queues (qdisc + devices) are drained. 1152 * This gives : 1153 * - less callbacks to tcp_write_xmit(), reducing stress (batches) 1154 * - chance for incoming ACK (processed by another cpu maybe) 1155 * to migrate this flow (skb->ooo_okay will be eventually set) 1156 */ 1157 if (refcount_read(&sk->sk_wmem_alloc) >= SKB_TRUESIZE(1) && this_cpu_ksoftirqd() == current) 1158 goto out; 1159 1160 for (oval = READ_ONCE(sk->sk_tsq_flags);; oval = nval) { 1161 struct tsq_tasklet *tsq; 1162 bool empty; 1163 1164 if (!(oval & TSQF_THROTTLED) || (oval & TSQF_QUEUED)) 1165 goto out; 1166 1167 nval = (oval & ~TSQF_THROTTLED) | TSQF_QUEUED; 1168 nval = cmpxchg(&sk->sk_tsq_flags, oval, nval); 1169 if (nval != oval) 1170 continue; 1171 1172 /* queue this socket to tasklet queue */ 1173 local_irq_save(flags); 1174 tsq = this_cpu_ptr(&tsq_tasklet); 1175 empty = list_empty(&tsq->head); 1176 list_add(&tp->tsq_node, &tsq->head); 1177 if (empty) 1178 tasklet_schedule(&tsq->tasklet); 1179 local_irq_restore(flags); 1180 return; 1181 } 1182 out: 1183 sk_free(sk); 1184 } 1185 1186 /* Note: Called under soft irq. 1187 * We can call TCP stack right away, unless socket is owned by user. 1188 */ tcp_pace_kick(struct hrtimer * timer)1189 enum hrtimer_restart tcp_pace_kick(struct hrtimer *timer) 1190 { 1191 struct tcp_sock *tp = container_of(timer, struct tcp_sock, pacing_timer); 1192 struct sock *sk = (struct sock *)tp; 1193 1194 tcp_tsq_handler(sk); 1195 sock_put(sk); 1196 1197 return HRTIMER_NORESTART; 1198 } 1199 tcp_update_skb_after_send(struct sock * sk,struct sk_buff * skb,u64 prior_wstamp)1200 static void tcp_update_skb_after_send(struct sock *sk, struct sk_buff *skb, 1201 u64 prior_wstamp) 1202 { 1203 struct tcp_sock *tp = tcp_sk(sk); 1204 1205 if (sk->sk_pacing_status != SK_PACING_NONE) { 1206 unsigned long rate = sk->sk_pacing_rate; 1207 1208 /* Original sch_fq does not pace first 10 MSS 1209 * Note that tp->data_segs_out overflows after 2^32 packets, 1210 * this is a minor annoyance. 1211 */ 1212 if (rate != ~0UL && rate && tp->data_segs_out >= 10) { 1213 u64 len_ns = div64_ul((u64)skb->len * NSEC_PER_SEC, rate); 1214 u64 credit = tp->tcp_wstamp_ns - prior_wstamp; 1215 1216 /* take into account OS jitter */ 1217 len_ns -= min_t(u64, len_ns / 2, credit); 1218 tp->tcp_wstamp_ns += len_ns; 1219 } 1220 } 1221 list_move_tail(&skb->tcp_tsorted_anchor, &tp->tsorted_sent_queue); 1222 } 1223 1224 INDIRECT_CALLABLE_DECLARE(int ip_queue_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl)); 1225 INDIRECT_CALLABLE_DECLARE(int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl)); 1226 INDIRECT_CALLABLE_DECLARE(void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)); 1227 1228 /* This routine actually transmits TCP packets queued in by 1229 * tcp_do_sendmsg(). This is used by both the initial 1230 * transmission and possible later retransmissions. 1231 * All SKB's seen here are completely headerless. It is our 1232 * job to build the TCP header, and pass the packet down to 1233 * IP so it can do the same plus pass the packet off to the 1234 * device. 1235 * 1236 * We are working here with either a clone of the original 1237 * SKB, or a fresh unique copy made by the retransmit engine. 1238 */ __tcp_transmit_skb(struct sock * sk,struct sk_buff * skb,int clone_it,gfp_t gfp_mask,u32 rcv_nxt)1239 static int __tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, 1240 int clone_it, gfp_t gfp_mask, u32 rcv_nxt) 1241 { 1242 const struct inet_connection_sock *icsk = inet_csk(sk); 1243 struct inet_sock *inet; 1244 struct tcp_sock *tp; 1245 struct tcp_skb_cb *tcb; 1246 struct tcp_out_options opts; 1247 unsigned int tcp_options_size, tcp_header_size; 1248 struct sk_buff *oskb = NULL; 1249 struct tcp_md5sig_key *md5; 1250 struct tcphdr *th; 1251 u64 prior_wstamp; 1252 int err; 1253 1254 BUG_ON(!skb || !tcp_skb_pcount(skb)); 1255 tp = tcp_sk(sk); 1256 prior_wstamp = tp->tcp_wstamp_ns; 1257 tp->tcp_wstamp_ns = max(tp->tcp_wstamp_ns, tp->tcp_clock_cache); 1258 skb->skb_mstamp_ns = tp->tcp_wstamp_ns; 1259 if (clone_it) { 1260 TCP_SKB_CB(skb)->tx.in_flight = TCP_SKB_CB(skb)->end_seq 1261 - tp->snd_una; 1262 oskb = skb; 1263 1264 tcp_skb_tsorted_save(oskb) { 1265 if (unlikely(skb_cloned(oskb))) 1266 skb = pskb_copy(oskb, gfp_mask); 1267 else 1268 skb = skb_clone(oskb, gfp_mask); 1269 } tcp_skb_tsorted_restore(oskb); 1270 1271 if (unlikely(!skb)) 1272 return -ENOBUFS; 1273 /* retransmit skbs might have a non zero value in skb->dev 1274 * because skb->dev is aliased with skb->rbnode.rb_left 1275 */ 1276 skb->dev = NULL; 1277 } 1278 1279 inet = inet_sk(sk); 1280 tcb = TCP_SKB_CB(skb); 1281 memset(&opts, 0, sizeof(opts)); 1282 1283 if (unlikely(tcb->tcp_flags & TCPHDR_SYN)) { 1284 tcp_options_size = tcp_syn_options(sk, skb, &opts, &md5); 1285 } else { 1286 tcp_options_size = tcp_established_options(sk, skb, &opts, 1287 &md5); 1288 /* Force a PSH flag on all (GSO) packets to expedite GRO flush 1289 * at receiver : This slightly improve GRO performance. 1290 * Note that we do not force the PSH flag for non GSO packets, 1291 * because they might be sent under high congestion events, 1292 * and in this case it is better to delay the delivery of 1-MSS 1293 * packets and thus the corresponding ACK packet that would 1294 * release the following packet. 1295 */ 1296 if (tcp_skb_pcount(skb) > 1) 1297 tcb->tcp_flags |= TCPHDR_PSH; 1298 } 1299 tcp_header_size = tcp_options_size + sizeof(struct tcphdr); 1300 1301 /* if no packet is in qdisc/device queue, then allow XPS to select 1302 * another queue. We can be called from tcp_tsq_handler() 1303 * which holds one reference to sk. 1304 * 1305 * TODO: Ideally, in-flight pure ACK packets should not matter here. 1306 * One way to get this would be to set skb->truesize = 2 on them. 1307 */ 1308 skb->ooo_okay = sk_wmem_alloc_get(sk) < SKB_TRUESIZE(1); 1309 1310 /* If we had to use memory reserve to allocate this skb, 1311 * this might cause drops if packet is looped back : 1312 * Other socket might not have SOCK_MEMALLOC. 1313 * Packets not looped back do not care about pfmemalloc. 1314 */ 1315 skb->pfmemalloc = 0; 1316 1317 skb_push(skb, tcp_header_size); 1318 skb_reset_transport_header(skb); 1319 1320 skb_orphan(skb); 1321 skb->sk = sk; 1322 skb->destructor = skb_is_tcp_pure_ack(skb) ? __sock_wfree : tcp_wfree; 1323 skb_set_hash_from_sk(skb, sk); 1324 refcount_add(skb->truesize, &sk->sk_wmem_alloc); 1325 1326 skb_set_dst_pending_confirm(skb, sk->sk_dst_pending_confirm); 1327 1328 /* Build TCP header and checksum it. */ 1329 th = (struct tcphdr *)skb->data; 1330 th->source = inet->inet_sport; 1331 th->dest = inet->inet_dport; 1332 th->seq = htonl(tcb->seq); 1333 th->ack_seq = htonl(rcv_nxt); 1334 *(((__be16 *)th) + 6) = htons(((tcp_header_size >> 2) << 12) | 1335 tcb->tcp_flags); 1336 1337 th->check = 0; 1338 th->urg_ptr = 0; 1339 1340 /* The urg_mode check is necessary during a below snd_una win probe */ 1341 if (unlikely(tcp_urg_mode(tp) && before(tcb->seq, tp->snd_up))) { 1342 if (before(tp->snd_up, tcb->seq + 0x10000)) { 1343 th->urg_ptr = htons(tp->snd_up - tcb->seq); 1344 th->urg = 1; 1345 } else if (after(tcb->seq + 0xFFFF, tp->snd_nxt)) { 1346 th->urg_ptr = htons(0xFFFF); 1347 th->urg = 1; 1348 } 1349 } 1350 1351 tcp_options_write((__be32 *)(th + 1), tp, &opts); 1352 skb_shinfo(skb)->gso_type = sk->sk_gso_type; 1353 if (likely(!(tcb->tcp_flags & TCPHDR_SYN))) { 1354 th->window = htons(tcp_select_window(sk)); 1355 tcp_ecn_send(sk, skb, th, tcp_header_size); 1356 } else { 1357 /* RFC1323: The window in SYN & SYN/ACK segments 1358 * is never scaled. 1359 */ 1360 th->window = htons(min(tp->rcv_wnd, 65535U)); 1361 } 1362 #ifdef CONFIG_TCP_MD5SIG 1363 /* Calculate the MD5 hash, as we have all we need now */ 1364 if (md5) { 1365 sk_nocaps_add(sk, NETIF_F_GSO_MASK); 1366 tp->af_specific->calc_md5_hash(opts.hash_location, 1367 md5, sk, skb); 1368 } 1369 #endif 1370 1371 /* BPF prog is the last one writing header option */ 1372 bpf_skops_write_hdr_opt(sk, skb, NULL, NULL, 0, &opts); 1373 1374 INDIRECT_CALL_INET(icsk->icsk_af_ops->send_check, 1375 tcp_v6_send_check, tcp_v4_send_check, 1376 sk, skb); 1377 1378 if (likely(tcb->tcp_flags & TCPHDR_ACK)) 1379 tcp_event_ack_sent(sk, tcp_skb_pcount(skb), rcv_nxt); 1380 1381 if (skb->len != tcp_header_size) { 1382 tcp_event_data_sent(tp, sk); 1383 tp->data_segs_out += tcp_skb_pcount(skb); 1384 tp->bytes_sent += skb->len - tcp_header_size; 1385 } 1386 1387 if (after(tcb->end_seq, tp->snd_nxt) || tcb->seq == tcb->end_seq) 1388 TCP_ADD_STATS(sock_net(sk), TCP_MIB_OUTSEGS, 1389 tcp_skb_pcount(skb)); 1390 1391 tp->segs_out += tcp_skb_pcount(skb); 1392 /* OK, its time to fill skb_shinfo(skb)->gso_{segs|size} */ 1393 skb_shinfo(skb)->gso_segs = tcp_skb_pcount(skb); 1394 skb_shinfo(skb)->gso_size = tcp_skb_mss(skb); 1395 1396 /* Leave earliest departure time in skb->tstamp (skb->skb_mstamp_ns) */ 1397 1398 /* Cleanup our debris for IP stacks */ 1399 memset(skb->cb, 0, max(sizeof(struct inet_skb_parm), 1400 sizeof(struct inet6_skb_parm))); 1401 1402 tcp_add_tx_delay(skb, tp); 1403 1404 err = INDIRECT_CALL_INET(icsk->icsk_af_ops->queue_xmit, 1405 inet6_csk_xmit, ip_queue_xmit, 1406 sk, skb, &inet->cork.fl); 1407 1408 if (unlikely(err > 0)) { 1409 tcp_enter_cwr(sk); 1410 err = net_xmit_eval(err); 1411 } 1412 if (!err && oskb) { 1413 tcp_update_skb_after_send(sk, oskb, prior_wstamp); 1414 tcp_rate_skb_sent(sk, oskb); 1415 } 1416 return err; 1417 } 1418 tcp_transmit_skb(struct sock * sk,struct sk_buff * skb,int clone_it,gfp_t gfp_mask)1419 static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it, 1420 gfp_t gfp_mask) 1421 { 1422 return __tcp_transmit_skb(sk, skb, clone_it, gfp_mask, 1423 tcp_sk(sk)->rcv_nxt); 1424 } 1425 1426 /* This routine just queues the buffer for sending. 1427 * 1428 * NOTE: probe0 timer is not checked, do not forget tcp_push_pending_frames, 1429 * otherwise socket can stall. 1430 */ tcp_queue_skb(struct sock * sk,struct sk_buff * skb)1431 static void tcp_queue_skb(struct sock *sk, struct sk_buff *skb) 1432 { 1433 struct tcp_sock *tp = tcp_sk(sk); 1434 1435 /* Advance write_seq and place onto the write_queue. */ 1436 WRITE_ONCE(tp->write_seq, TCP_SKB_CB(skb)->end_seq); 1437 __skb_header_release(skb); 1438 tcp_add_write_queue_tail(sk, skb); 1439 sk_wmem_queued_add(sk, skb->truesize); 1440 sk_mem_charge(sk, skb->truesize); 1441 } 1442 1443 /* Initialize TSO segments for a packet. */ tcp_set_skb_tso_segs(struct sk_buff * skb,unsigned int mss_now)1444 static void tcp_set_skb_tso_segs(struct sk_buff *skb, unsigned int mss_now) 1445 { 1446 if (skb->len <= mss_now) { 1447 /* Avoid the costly divide in the normal 1448 * non-TSO case. 1449 */ 1450 tcp_skb_pcount_set(skb, 1); 1451 TCP_SKB_CB(skb)->tcp_gso_size = 0; 1452 } else { 1453 tcp_skb_pcount_set(skb, DIV_ROUND_UP(skb->len, mss_now)); 1454 TCP_SKB_CB(skb)->tcp_gso_size = mss_now; 1455 } 1456 } 1457 1458 /* Pcount in the middle of the write queue got changed, we need to do various 1459 * tweaks to fix counters 1460 */ tcp_adjust_pcount(struct sock * sk,const struct sk_buff * skb,int decr)1461 static void tcp_adjust_pcount(struct sock *sk, const struct sk_buff *skb, int decr) 1462 { 1463 struct tcp_sock *tp = tcp_sk(sk); 1464 1465 tp->packets_out -= decr; 1466 1467 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED) 1468 tp->sacked_out -= decr; 1469 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS) 1470 tp->retrans_out -= decr; 1471 if (TCP_SKB_CB(skb)->sacked & TCPCB_LOST) 1472 tp->lost_out -= decr; 1473 1474 /* Reno case is special. Sigh... */ 1475 if (tcp_is_reno(tp) && decr > 0) 1476 tp->sacked_out -= min_t(u32, tp->sacked_out, decr); 1477 1478 if (tp->lost_skb_hint && 1479 before(TCP_SKB_CB(skb)->seq, TCP_SKB_CB(tp->lost_skb_hint)->seq) && 1480 (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)) 1481 tp->lost_cnt_hint -= decr; 1482 1483 tcp_verify_left_out(tp); 1484 } 1485 tcp_has_tx_tstamp(const struct sk_buff * skb)1486 static bool tcp_has_tx_tstamp(const struct sk_buff *skb) 1487 { 1488 return TCP_SKB_CB(skb)->txstamp_ack || 1489 (skb_shinfo(skb)->tx_flags & SKBTX_ANY_TSTAMP); 1490 } 1491 tcp_fragment_tstamp(struct sk_buff * skb,struct sk_buff * skb2)1492 static void tcp_fragment_tstamp(struct sk_buff *skb, struct sk_buff *skb2) 1493 { 1494 struct skb_shared_info *shinfo = skb_shinfo(skb); 1495 1496 if (unlikely(tcp_has_tx_tstamp(skb)) && 1497 !before(shinfo->tskey, TCP_SKB_CB(skb2)->seq)) { 1498 struct skb_shared_info *shinfo2 = skb_shinfo(skb2); 1499 u8 tsflags = shinfo->tx_flags & SKBTX_ANY_TSTAMP; 1500 1501 shinfo->tx_flags &= ~tsflags; 1502 shinfo2->tx_flags |= tsflags; 1503 swap(shinfo->tskey, shinfo2->tskey); 1504 TCP_SKB_CB(skb2)->txstamp_ack = TCP_SKB_CB(skb)->txstamp_ack; 1505 TCP_SKB_CB(skb)->txstamp_ack = 0; 1506 } 1507 } 1508 tcp_skb_fragment_eor(struct sk_buff * skb,struct sk_buff * skb2)1509 static void tcp_skb_fragment_eor(struct sk_buff *skb, struct sk_buff *skb2) 1510 { 1511 TCP_SKB_CB(skb2)->eor = TCP_SKB_CB(skb)->eor; 1512 TCP_SKB_CB(skb)->eor = 0; 1513 } 1514 1515 /* Insert buff after skb on the write or rtx queue of sk. */ tcp_insert_write_queue_after(struct sk_buff * skb,struct sk_buff * buff,struct sock * sk,enum tcp_queue tcp_queue)1516 static void tcp_insert_write_queue_after(struct sk_buff *skb, 1517 struct sk_buff *buff, 1518 struct sock *sk, 1519 enum tcp_queue tcp_queue) 1520 { 1521 if (tcp_queue == TCP_FRAG_IN_WRITE_QUEUE) 1522 __skb_queue_after(&sk->sk_write_queue, skb, buff); 1523 else 1524 tcp_rbtree_insert(&sk->tcp_rtx_queue, buff); 1525 } 1526 1527 /* Function to create two new TCP segments. Shrinks the given segment 1528 * to the specified size and appends a new segment with the rest of the 1529 * packet to the list. This won't be called frequently, I hope. 1530 * Remember, these are still headerless SKBs at this point. 1531 */ tcp_fragment(struct sock * sk,enum tcp_queue tcp_queue,struct sk_buff * skb,u32 len,unsigned int mss_now,gfp_t gfp)1532 int tcp_fragment(struct sock *sk, enum tcp_queue tcp_queue, 1533 struct sk_buff *skb, u32 len, 1534 unsigned int mss_now, gfp_t gfp) 1535 { 1536 struct tcp_sock *tp = tcp_sk(sk); 1537 struct sk_buff *buff; 1538 int nsize, old_factor; 1539 long limit; 1540 int nlen; 1541 u8 flags; 1542 1543 if (WARN_ON(len > skb->len)) 1544 return -EINVAL; 1545 1546 nsize = skb_headlen(skb) - len; 1547 if (nsize < 0) 1548 nsize = 0; 1549 1550 /* tcp_sendmsg() can overshoot sk_wmem_queued by one full size skb. 1551 * We need some allowance to not penalize applications setting small 1552 * SO_SNDBUF values. 1553 * Also allow first and last skb in retransmit queue to be split. 1554 */ 1555 limit = sk->sk_sndbuf + 2 * SKB_TRUESIZE(GSO_MAX_SIZE); 1556 if (unlikely((sk->sk_wmem_queued >> 1) > limit && 1557 tcp_queue != TCP_FRAG_IN_WRITE_QUEUE && 1558 skb != tcp_rtx_queue_head(sk) && 1559 skb != tcp_rtx_queue_tail(sk))) { 1560 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPWQUEUETOOBIG); 1561 return -ENOMEM; 1562 } 1563 1564 if (skb_unclone(skb, gfp)) 1565 return -ENOMEM; 1566 1567 /* Get a new skb... force flag on. */ 1568 buff = sk_stream_alloc_skb(sk, nsize, gfp, true); 1569 if (!buff) 1570 return -ENOMEM; /* We'll just try again later. */ 1571 skb_copy_decrypted(buff, skb); 1572 1573 sk_wmem_queued_add(sk, buff->truesize); 1574 sk_mem_charge(sk, buff->truesize); 1575 nlen = skb->len - len - nsize; 1576 buff->truesize += nlen; 1577 skb->truesize -= nlen; 1578 1579 /* Correct the sequence numbers. */ 1580 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len; 1581 TCP_SKB_CB(buff)->end_seq = TCP_SKB_CB(skb)->end_seq; 1582 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq; 1583 1584 /* PSH and FIN should only be set in the second packet. */ 1585 flags = TCP_SKB_CB(skb)->tcp_flags; 1586 TCP_SKB_CB(skb)->tcp_flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH); 1587 TCP_SKB_CB(buff)->tcp_flags = flags; 1588 TCP_SKB_CB(buff)->sacked = TCP_SKB_CB(skb)->sacked; 1589 tcp_skb_fragment_eor(skb, buff); 1590 1591 skb_split(skb, buff, len); 1592 1593 buff->ip_summed = CHECKSUM_PARTIAL; 1594 1595 buff->tstamp = skb->tstamp; 1596 tcp_fragment_tstamp(skb, buff); 1597 1598 old_factor = tcp_skb_pcount(skb); 1599 1600 /* Fix up tso_factor for both original and new SKB. */ 1601 tcp_set_skb_tso_segs(skb, mss_now); 1602 tcp_set_skb_tso_segs(buff, mss_now); 1603 1604 /* Update delivered info for the new segment */ 1605 TCP_SKB_CB(buff)->tx = TCP_SKB_CB(skb)->tx; 1606 1607 /* If this packet has been sent out already, we must 1608 * adjust the various packet counters. 1609 */ 1610 if (!before(tp->snd_nxt, TCP_SKB_CB(buff)->end_seq)) { 1611 int diff = old_factor - tcp_skb_pcount(skb) - 1612 tcp_skb_pcount(buff); 1613 1614 if (diff) 1615 tcp_adjust_pcount(sk, skb, diff); 1616 } 1617 1618 /* Link BUFF into the send queue. */ 1619 __skb_header_release(buff); 1620 tcp_insert_write_queue_after(skb, buff, sk, tcp_queue); 1621 if (tcp_queue == TCP_FRAG_IN_RTX_QUEUE) 1622 list_add(&buff->tcp_tsorted_anchor, &skb->tcp_tsorted_anchor); 1623 1624 return 0; 1625 } 1626 1627 /* This is similar to __pskb_pull_tail(). The difference is that pulled 1628 * data is not copied, but immediately discarded. 1629 */ __pskb_trim_head(struct sk_buff * skb,int len)1630 static int __pskb_trim_head(struct sk_buff *skb, int len) 1631 { 1632 struct skb_shared_info *shinfo; 1633 int i, k, eat; 1634 1635 eat = min_t(int, len, skb_headlen(skb)); 1636 if (eat) { 1637 __skb_pull(skb, eat); 1638 len -= eat; 1639 if (!len) 1640 return 0; 1641 } 1642 eat = len; 1643 k = 0; 1644 shinfo = skb_shinfo(skb); 1645 for (i = 0; i < shinfo->nr_frags; i++) { 1646 int size = skb_frag_size(&shinfo->frags[i]); 1647 1648 if (size <= eat) { 1649 skb_frag_unref(skb, i); 1650 eat -= size; 1651 } else { 1652 shinfo->frags[k] = shinfo->frags[i]; 1653 if (eat) { 1654 skb_frag_off_add(&shinfo->frags[k], eat); 1655 skb_frag_size_sub(&shinfo->frags[k], eat); 1656 eat = 0; 1657 } 1658 k++; 1659 } 1660 } 1661 shinfo->nr_frags = k; 1662 1663 skb->data_len -= len; 1664 skb->len = skb->data_len; 1665 return len; 1666 } 1667 1668 /* Remove acked data from a packet in the transmit queue. */ tcp_trim_head(struct sock * sk,struct sk_buff * skb,u32 len)1669 int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len) 1670 { 1671 u32 delta_truesize; 1672 1673 if (skb_unclone(skb, GFP_ATOMIC)) 1674 return -ENOMEM; 1675 1676 delta_truesize = __pskb_trim_head(skb, len); 1677 1678 TCP_SKB_CB(skb)->seq += len; 1679 skb->ip_summed = CHECKSUM_PARTIAL; 1680 1681 if (delta_truesize) { 1682 skb->truesize -= delta_truesize; 1683 sk_wmem_queued_add(sk, -delta_truesize); 1684 sk_mem_uncharge(sk, delta_truesize); 1685 } 1686 1687 /* Any change of skb->len requires recalculation of tso factor. */ 1688 if (tcp_skb_pcount(skb) > 1) 1689 tcp_set_skb_tso_segs(skb, tcp_skb_mss(skb)); 1690 1691 return 0; 1692 } 1693 1694 /* Calculate MSS not accounting any TCP options. */ __tcp_mtu_to_mss(struct sock * sk,int pmtu)1695 static inline int __tcp_mtu_to_mss(struct sock *sk, int pmtu) 1696 { 1697 const struct tcp_sock *tp = tcp_sk(sk); 1698 const struct inet_connection_sock *icsk = inet_csk(sk); 1699 int mss_now; 1700 1701 /* Calculate base mss without TCP options: 1702 It is MMS_S - sizeof(tcphdr) of rfc1122 1703 */ 1704 mss_now = pmtu - icsk->icsk_af_ops->net_header_len - sizeof(struct tcphdr); 1705 1706 /* IPv6 adds a frag_hdr in case RTAX_FEATURE_ALLFRAG is set */ 1707 if (icsk->icsk_af_ops->net_frag_header_len) { 1708 const struct dst_entry *dst = __sk_dst_get(sk); 1709 1710 if (dst && dst_allfrag(dst)) 1711 mss_now -= icsk->icsk_af_ops->net_frag_header_len; 1712 } 1713 1714 /* Clamp it (mss_clamp does not include tcp options) */ 1715 if (mss_now > tp->rx_opt.mss_clamp) 1716 mss_now = tp->rx_opt.mss_clamp; 1717 1718 /* Now subtract optional transport overhead */ 1719 mss_now -= icsk->icsk_ext_hdr_len; 1720 1721 /* Then reserve room for full set of TCP options and 8 bytes of data */ 1722 mss_now = max(mss_now, sock_net(sk)->ipv4.sysctl_tcp_min_snd_mss); 1723 return mss_now; 1724 } 1725 1726 /* Calculate MSS. Not accounting for SACKs here. */ tcp_mtu_to_mss(struct sock * sk,int pmtu)1727 int tcp_mtu_to_mss(struct sock *sk, int pmtu) 1728 { 1729 /* Subtract TCP options size, not including SACKs */ 1730 return __tcp_mtu_to_mss(sk, pmtu) - 1731 (tcp_sk(sk)->tcp_header_len - sizeof(struct tcphdr)); 1732 } 1733 EXPORT_SYMBOL(tcp_mtu_to_mss); 1734 1735 /* Inverse of above */ tcp_mss_to_mtu(struct sock * sk,int mss)1736 int tcp_mss_to_mtu(struct sock *sk, int mss) 1737 { 1738 const struct tcp_sock *tp = tcp_sk(sk); 1739 const struct inet_connection_sock *icsk = inet_csk(sk); 1740 int mtu; 1741 1742 mtu = mss + 1743 tp->tcp_header_len + 1744 icsk->icsk_ext_hdr_len + 1745 icsk->icsk_af_ops->net_header_len; 1746 1747 /* IPv6 adds a frag_hdr in case RTAX_FEATURE_ALLFRAG is set */ 1748 if (icsk->icsk_af_ops->net_frag_header_len) { 1749 const struct dst_entry *dst = __sk_dst_get(sk); 1750 1751 if (dst && dst_allfrag(dst)) 1752 mtu += icsk->icsk_af_ops->net_frag_header_len; 1753 } 1754 return mtu; 1755 } 1756 EXPORT_SYMBOL(tcp_mss_to_mtu); 1757 1758 /* MTU probing init per socket */ tcp_mtup_init(struct sock * sk)1759 void tcp_mtup_init(struct sock *sk) 1760 { 1761 struct tcp_sock *tp = tcp_sk(sk); 1762 struct inet_connection_sock *icsk = inet_csk(sk); 1763 struct net *net = sock_net(sk); 1764 1765 icsk->icsk_mtup.enabled = net->ipv4.sysctl_tcp_mtu_probing > 1; 1766 icsk->icsk_mtup.search_high = tp->rx_opt.mss_clamp + sizeof(struct tcphdr) + 1767 icsk->icsk_af_ops->net_header_len; 1768 icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, net->ipv4.sysctl_tcp_base_mss); 1769 icsk->icsk_mtup.probe_size = 0; 1770 if (icsk->icsk_mtup.enabled) 1771 icsk->icsk_mtup.probe_timestamp = tcp_jiffies32; 1772 } 1773 EXPORT_SYMBOL(tcp_mtup_init); 1774 1775 /* This function synchronize snd mss to current pmtu/exthdr set. 1776 1777 tp->rx_opt.user_mss is mss set by user by TCP_MAXSEG. It does NOT counts 1778 for TCP options, but includes only bare TCP header. 1779 1780 tp->rx_opt.mss_clamp is mss negotiated at connection setup. 1781 It is minimum of user_mss and mss received with SYN. 1782 It also does not include TCP options. 1783 1784 inet_csk(sk)->icsk_pmtu_cookie is last pmtu, seen by this function. 1785 1786 tp->mss_cache is current effective sending mss, including 1787 all tcp options except for SACKs. It is evaluated, 1788 taking into account current pmtu, but never exceeds 1789 tp->rx_opt.mss_clamp. 1790 1791 NOTE1. rfc1122 clearly states that advertised MSS 1792 DOES NOT include either tcp or ip options. 1793 1794 NOTE2. inet_csk(sk)->icsk_pmtu_cookie and tp->mss_cache 1795 are READ ONLY outside this function. --ANK (980731) 1796 */ tcp_sync_mss(struct sock * sk,u32 pmtu)1797 unsigned int tcp_sync_mss(struct sock *sk, u32 pmtu) 1798 { 1799 struct tcp_sock *tp = tcp_sk(sk); 1800 struct inet_connection_sock *icsk = inet_csk(sk); 1801 int mss_now; 1802 1803 if (icsk->icsk_mtup.search_high > pmtu) 1804 icsk->icsk_mtup.search_high = pmtu; 1805 1806 mss_now = tcp_mtu_to_mss(sk, pmtu); 1807 mss_now = tcp_bound_to_half_wnd(tp, mss_now); 1808 1809 /* And store cached results */ 1810 icsk->icsk_pmtu_cookie = pmtu; 1811 if (icsk->icsk_mtup.enabled) 1812 mss_now = min(mss_now, tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low)); 1813 tp->mss_cache = mss_now; 1814 1815 return mss_now; 1816 } 1817 EXPORT_SYMBOL(tcp_sync_mss); 1818 1819 /* Compute the current effective MSS, taking SACKs and IP options, 1820 * and even PMTU discovery events into account. 1821 */ tcp_current_mss(struct sock * sk)1822 unsigned int tcp_current_mss(struct sock *sk) 1823 { 1824 const struct tcp_sock *tp = tcp_sk(sk); 1825 const struct dst_entry *dst = __sk_dst_get(sk); 1826 u32 mss_now; 1827 unsigned int header_len; 1828 struct tcp_out_options opts; 1829 struct tcp_md5sig_key *md5; 1830 1831 mss_now = tp->mss_cache; 1832 1833 if (dst) { 1834 u32 mtu = dst_mtu(dst); 1835 if (mtu != inet_csk(sk)->icsk_pmtu_cookie) 1836 mss_now = tcp_sync_mss(sk, mtu); 1837 } 1838 1839 header_len = tcp_established_options(sk, NULL, &opts, &md5) + 1840 sizeof(struct tcphdr); 1841 /* The mss_cache is sized based on tp->tcp_header_len, which assumes 1842 * some common options. If this is an odd packet (because we have SACK 1843 * blocks etc) then our calculated header_len will be different, and 1844 * we have to adjust mss_now correspondingly */ 1845 if (header_len != tp->tcp_header_len) { 1846 int delta = (int) header_len - tp->tcp_header_len; 1847 mss_now -= delta; 1848 } 1849 1850 return mss_now; 1851 } 1852 1853 /* RFC2861, slow part. Adjust cwnd, after it was not full during one rto. 1854 * As additional protections, we do not touch cwnd in retransmission phases, 1855 * and if application hit its sndbuf limit recently. 1856 */ tcp_cwnd_application_limited(struct sock * sk)1857 static void tcp_cwnd_application_limited(struct sock *sk) 1858 { 1859 struct tcp_sock *tp = tcp_sk(sk); 1860 1861 if (inet_csk(sk)->icsk_ca_state == TCP_CA_Open && 1862 sk->sk_socket && !test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { 1863 /* Limited by application or receiver window. */ 1864 u32 init_win = tcp_init_cwnd(tp, __sk_dst_get(sk)); 1865 u32 win_used = max(tp->snd_cwnd_used, init_win); 1866 if (win_used < tp->snd_cwnd) { 1867 tp->snd_ssthresh = tcp_current_ssthresh(sk); 1868 tp->snd_cwnd = (tp->snd_cwnd + win_used) >> 1; 1869 } 1870 tp->snd_cwnd_used = 0; 1871 } 1872 tp->snd_cwnd_stamp = tcp_jiffies32; 1873 } 1874 tcp_cwnd_validate(struct sock * sk,bool is_cwnd_limited)1875 static void tcp_cwnd_validate(struct sock *sk, bool is_cwnd_limited) 1876 { 1877 const struct tcp_congestion_ops *ca_ops = inet_csk(sk)->icsk_ca_ops; 1878 struct tcp_sock *tp = tcp_sk(sk); 1879 1880 /* Track the maximum number of outstanding packets in each 1881 * window, and remember whether we were cwnd-limited then. 1882 */ 1883 if (!before(tp->snd_una, tp->max_packets_seq) || 1884 tp->packets_out > tp->max_packets_out || 1885 is_cwnd_limited) { 1886 tp->max_packets_out = tp->packets_out; 1887 tp->max_packets_seq = tp->snd_nxt; 1888 tp->is_cwnd_limited = is_cwnd_limited; 1889 } 1890 1891 if (tcp_is_cwnd_limited(sk)) { 1892 /* Network is feed fully. */ 1893 tp->snd_cwnd_used = 0; 1894 tp->snd_cwnd_stamp = tcp_jiffies32; 1895 } else { 1896 /* Network starves. */ 1897 if (tp->packets_out > tp->snd_cwnd_used) 1898 tp->snd_cwnd_used = tp->packets_out; 1899 1900 if (sock_net(sk)->ipv4.sysctl_tcp_slow_start_after_idle && 1901 (s32)(tcp_jiffies32 - tp->snd_cwnd_stamp) >= inet_csk(sk)->icsk_rto && 1902 !ca_ops->cong_control) 1903 tcp_cwnd_application_limited(sk); 1904 1905 /* The following conditions together indicate the starvation 1906 * is caused by insufficient sender buffer: 1907 * 1) just sent some data (see tcp_write_xmit) 1908 * 2) not cwnd limited (this else condition) 1909 * 3) no more data to send (tcp_write_queue_empty()) 1910 * 4) application is hitting buffer limit (SOCK_NOSPACE) 1911 */ 1912 if (tcp_write_queue_empty(sk) && sk->sk_socket && 1913 test_bit(SOCK_NOSPACE, &sk->sk_socket->flags) && 1914 (1 << sk->sk_state) & (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)) 1915 tcp_chrono_start(sk, TCP_CHRONO_SNDBUF_LIMITED); 1916 } 1917 } 1918 1919 /* Minshall's variant of the Nagle send check. */ tcp_minshall_check(const struct tcp_sock * tp)1920 static bool tcp_minshall_check(const struct tcp_sock *tp) 1921 { 1922 return after(tp->snd_sml, tp->snd_una) && 1923 !after(tp->snd_sml, tp->snd_nxt); 1924 } 1925 1926 /* Update snd_sml if this skb is under mss 1927 * Note that a TSO packet might end with a sub-mss segment 1928 * The test is really : 1929 * if ((skb->len % mss) != 0) 1930 * tp->snd_sml = TCP_SKB_CB(skb)->end_seq; 1931 * But we can avoid doing the divide again given we already have 1932 * skb_pcount = skb->len / mss_now 1933 */ tcp_minshall_update(struct tcp_sock * tp,unsigned int mss_now,const struct sk_buff * skb)1934 static void tcp_minshall_update(struct tcp_sock *tp, unsigned int mss_now, 1935 const struct sk_buff *skb) 1936 { 1937 if (skb->len < tcp_skb_pcount(skb) * mss_now) 1938 tp->snd_sml = TCP_SKB_CB(skb)->end_seq; 1939 } 1940 1941 /* Return false, if packet can be sent now without violation Nagle's rules: 1942 * 1. It is full sized. (provided by caller in %partial bool) 1943 * 2. Or it contains FIN. (already checked by caller) 1944 * 3. Or TCP_CORK is not set, and TCP_NODELAY is set. 1945 * 4. Or TCP_CORK is not set, and all sent packets are ACKed. 1946 * With Minshall's modification: all sent small packets are ACKed. 1947 */ tcp_nagle_check(bool partial,const struct tcp_sock * tp,int nonagle)1948 static bool tcp_nagle_check(bool partial, const struct tcp_sock *tp, 1949 int nonagle) 1950 { 1951 return partial && 1952 ((nonagle & TCP_NAGLE_CORK) || 1953 (!nonagle && tp->packets_out && tcp_minshall_check(tp))); 1954 } 1955 1956 /* Return how many segs we'd like on a TSO packet, 1957 * to send one TSO packet per ms 1958 */ tcp_tso_autosize(const struct sock * sk,unsigned int mss_now,int min_tso_segs)1959 static u32 tcp_tso_autosize(const struct sock *sk, unsigned int mss_now, 1960 int min_tso_segs) 1961 { 1962 u32 bytes, segs; 1963 1964 bytes = min_t(unsigned long, 1965 sk->sk_pacing_rate >> READ_ONCE(sk->sk_pacing_shift), 1966 sk->sk_gso_max_size - 1 - MAX_TCP_HEADER); 1967 1968 /* Goal is to send at least one packet per ms, 1969 * not one big TSO packet every 100 ms. 1970 * This preserves ACK clocking and is consistent 1971 * with tcp_tso_should_defer() heuristic. 1972 */ 1973 segs = max_t(u32, bytes / mss_now, min_tso_segs); 1974 1975 return segs; 1976 } 1977 1978 /* Return the number of segments we want in the skb we are transmitting. 1979 * See if congestion control module wants to decide; otherwise, autosize. 1980 */ tcp_tso_segs(struct sock * sk,unsigned int mss_now)1981 static u32 tcp_tso_segs(struct sock *sk, unsigned int mss_now) 1982 { 1983 const struct tcp_congestion_ops *ca_ops = inet_csk(sk)->icsk_ca_ops; 1984 u32 min_tso, tso_segs; 1985 1986 min_tso = ca_ops->min_tso_segs ? 1987 ca_ops->min_tso_segs(sk) : 1988 sock_net(sk)->ipv4.sysctl_tcp_min_tso_segs; 1989 1990 tso_segs = tcp_tso_autosize(sk, mss_now, min_tso); 1991 return min_t(u32, tso_segs, sk->sk_gso_max_segs); 1992 } 1993 1994 /* Returns the portion of skb which can be sent right away */ tcp_mss_split_point(const struct sock * sk,const struct sk_buff * skb,unsigned int mss_now,unsigned int max_segs,int nonagle)1995 static unsigned int tcp_mss_split_point(const struct sock *sk, 1996 const struct sk_buff *skb, 1997 unsigned int mss_now, 1998 unsigned int max_segs, 1999 int nonagle) 2000 { 2001 const struct tcp_sock *tp = tcp_sk(sk); 2002 u32 partial, needed, window, max_len; 2003 2004 window = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq; 2005 max_len = mss_now * max_segs; 2006 2007 if (likely(max_len <= window && skb != tcp_write_queue_tail(sk))) 2008 return max_len; 2009 2010 needed = min(skb->len, window); 2011 2012 if (max_len <= needed) 2013 return max_len; 2014 2015 partial = needed % mss_now; 2016 /* If last segment is not a full MSS, check if Nagle rules allow us 2017 * to include this last segment in this skb. 2018 * Otherwise, we'll split the skb at last MSS boundary 2019 */ 2020 if (tcp_nagle_check(partial != 0, tp, nonagle)) 2021 return needed - partial; 2022 2023 return needed; 2024 } 2025 2026 /* Can at least one segment of SKB be sent right now, according to the 2027 * congestion window rules? If so, return how many segments are allowed. 2028 */ tcp_cwnd_test(const struct tcp_sock * tp,const struct sk_buff * skb)2029 static inline unsigned int tcp_cwnd_test(const struct tcp_sock *tp, 2030 const struct sk_buff *skb) 2031 { 2032 u32 in_flight, cwnd, halfcwnd; 2033 2034 /* Don't be strict about the congestion window for the final FIN. */ 2035 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) && 2036 tcp_skb_pcount(skb) == 1) 2037 return 1; 2038 2039 in_flight = tcp_packets_in_flight(tp); 2040 cwnd = tp->snd_cwnd; 2041 if (in_flight >= cwnd) 2042 return 0; 2043 2044 /* For better scheduling, ensure we have at least 2045 * 2 GSO packets in flight. 2046 */ 2047 halfcwnd = max(cwnd >> 1, 1U); 2048 return min(halfcwnd, cwnd - in_flight); 2049 } 2050 2051 /* Initialize TSO state of a skb. 2052 * This must be invoked the first time we consider transmitting 2053 * SKB onto the wire. 2054 */ tcp_init_tso_segs(struct sk_buff * skb,unsigned int mss_now)2055 static int tcp_init_tso_segs(struct sk_buff *skb, unsigned int mss_now) 2056 { 2057 int tso_segs = tcp_skb_pcount(skb); 2058 2059 if (!tso_segs || (tso_segs > 1 && tcp_skb_mss(skb) != mss_now)) { 2060 tcp_set_skb_tso_segs(skb, mss_now); 2061 tso_segs = tcp_skb_pcount(skb); 2062 } 2063 return tso_segs; 2064 } 2065 2066 2067 /* Return true if the Nagle test allows this packet to be 2068 * sent now. 2069 */ tcp_nagle_test(const struct tcp_sock * tp,const struct sk_buff * skb,unsigned int cur_mss,int nonagle)2070 static inline bool tcp_nagle_test(const struct tcp_sock *tp, const struct sk_buff *skb, 2071 unsigned int cur_mss, int nonagle) 2072 { 2073 /* Nagle rule does not apply to frames, which sit in the middle of the 2074 * write_queue (they have no chances to get new data). 2075 * 2076 * This is implemented in the callers, where they modify the 'nonagle' 2077 * argument based upon the location of SKB in the send queue. 2078 */ 2079 if (nonagle & TCP_NAGLE_PUSH) 2080 return true; 2081 2082 /* Don't use the nagle rule for urgent data (or for the final FIN). */ 2083 if (tcp_urg_mode(tp) || (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN)) 2084 return true; 2085 2086 if (!tcp_nagle_check(skb->len < cur_mss, tp, nonagle)) 2087 return true; 2088 2089 return false; 2090 } 2091 2092 /* Does at least the first segment of SKB fit into the send window? */ tcp_snd_wnd_test(const struct tcp_sock * tp,const struct sk_buff * skb,unsigned int cur_mss)2093 static bool tcp_snd_wnd_test(const struct tcp_sock *tp, 2094 const struct sk_buff *skb, 2095 unsigned int cur_mss) 2096 { 2097 u32 end_seq = TCP_SKB_CB(skb)->end_seq; 2098 2099 if (skb->len > cur_mss) 2100 end_seq = TCP_SKB_CB(skb)->seq + cur_mss; 2101 2102 return !after(end_seq, tcp_wnd_end(tp)); 2103 } 2104 2105 /* Trim TSO SKB to LEN bytes, put the remaining data into a new packet 2106 * which is put after SKB on the list. It is very much like 2107 * tcp_fragment() except that it may make several kinds of assumptions 2108 * in order to speed up the splitting operation. In particular, we 2109 * know that all the data is in scatter-gather pages, and that the 2110 * packet has never been sent out before (and thus is not cloned). 2111 */ tso_fragment(struct sock * sk,struct sk_buff * skb,unsigned int len,unsigned int mss_now,gfp_t gfp)2112 static int tso_fragment(struct sock *sk, struct sk_buff *skb, unsigned int len, 2113 unsigned int mss_now, gfp_t gfp) 2114 { 2115 int nlen = skb->len - len; 2116 struct sk_buff *buff; 2117 u8 flags; 2118 2119 /* All of a TSO frame must be composed of paged data. */ 2120 if (skb->len != skb->data_len) 2121 return tcp_fragment(sk, TCP_FRAG_IN_WRITE_QUEUE, 2122 skb, len, mss_now, gfp); 2123 2124 buff = sk_stream_alloc_skb(sk, 0, gfp, true); 2125 if (unlikely(!buff)) 2126 return -ENOMEM; 2127 skb_copy_decrypted(buff, skb); 2128 2129 sk_wmem_queued_add(sk, buff->truesize); 2130 sk_mem_charge(sk, buff->truesize); 2131 buff->truesize += nlen; 2132 skb->truesize -= nlen; 2133 2134 /* Correct the sequence numbers. */ 2135 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len; 2136 TCP_SKB_CB(buff)->end_seq = TCP_SKB_CB(skb)->end_seq; 2137 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq; 2138 2139 /* PSH and FIN should only be set in the second packet. */ 2140 flags = TCP_SKB_CB(skb)->tcp_flags; 2141 TCP_SKB_CB(skb)->tcp_flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH); 2142 TCP_SKB_CB(buff)->tcp_flags = flags; 2143 2144 /* This packet was never sent out yet, so no SACK bits. */ 2145 TCP_SKB_CB(buff)->sacked = 0; 2146 2147 tcp_skb_fragment_eor(skb, buff); 2148 2149 buff->ip_summed = CHECKSUM_PARTIAL; 2150 skb_split(skb, buff, len); 2151 tcp_fragment_tstamp(skb, buff); 2152 2153 /* Fix up tso_factor for both original and new SKB. */ 2154 tcp_set_skb_tso_segs(skb, mss_now); 2155 tcp_set_skb_tso_segs(buff, mss_now); 2156 2157 /* Link BUFF into the send queue. */ 2158 __skb_header_release(buff); 2159 tcp_insert_write_queue_after(skb, buff, sk, TCP_FRAG_IN_WRITE_QUEUE); 2160 2161 return 0; 2162 } 2163 2164 /* Try to defer sending, if possible, in order to minimize the amount 2165 * of TSO splitting we do. View it as a kind of TSO Nagle test. 2166 * 2167 * This algorithm is from John Heffner. 2168 */ tcp_tso_should_defer(struct sock * sk,struct sk_buff * skb,bool * is_cwnd_limited,bool * is_rwnd_limited,u32 max_segs)2169 static bool tcp_tso_should_defer(struct sock *sk, struct sk_buff *skb, 2170 bool *is_cwnd_limited, 2171 bool *is_rwnd_limited, 2172 u32 max_segs) 2173 { 2174 const struct inet_connection_sock *icsk = inet_csk(sk); 2175 u32 send_win, cong_win, limit, in_flight; 2176 struct tcp_sock *tp = tcp_sk(sk); 2177 struct sk_buff *head; 2178 int win_divisor; 2179 s64 delta; 2180 2181 if (icsk->icsk_ca_state >= TCP_CA_Recovery) 2182 goto send_now; 2183 2184 /* Avoid bursty behavior by allowing defer 2185 * only if the last write was recent (1 ms). 2186 * Note that tp->tcp_wstamp_ns can be in the future if we have 2187 * packets waiting in a qdisc or device for EDT delivery. 2188 */ 2189 delta = tp->tcp_clock_cache - tp->tcp_wstamp_ns - NSEC_PER_MSEC; 2190 if (delta > 0) 2191 goto send_now; 2192 2193 in_flight = tcp_packets_in_flight(tp); 2194 2195 BUG_ON(tcp_skb_pcount(skb) <= 1); 2196 BUG_ON(tp->snd_cwnd <= in_flight); 2197 2198 send_win = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq; 2199 2200 /* From in_flight test above, we know that cwnd > in_flight. */ 2201 cong_win = (tp->snd_cwnd - in_flight) * tp->mss_cache; 2202 2203 limit = min(send_win, cong_win); 2204 2205 /* If a full-sized TSO skb can be sent, do it. */ 2206 if (limit >= max_segs * tp->mss_cache) 2207 goto send_now; 2208 2209 /* Middle in queue won't get any more data, full sendable already? */ 2210 if ((skb != tcp_write_queue_tail(sk)) && (limit >= skb->len)) 2211 goto send_now; 2212 2213 win_divisor = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_tso_win_divisor); 2214 if (win_divisor) { 2215 u32 chunk = min(tp->snd_wnd, tp->snd_cwnd * tp->mss_cache); 2216 2217 /* If at least some fraction of a window is available, 2218 * just use it. 2219 */ 2220 chunk /= win_divisor; 2221 if (limit >= chunk) 2222 goto send_now; 2223 } else { 2224 /* Different approach, try not to defer past a single 2225 * ACK. Receiver should ACK every other full sized 2226 * frame, so if we have space for more than 3 frames 2227 * then send now. 2228 */ 2229 if (limit > tcp_max_tso_deferred_mss(tp) * tp->mss_cache) 2230 goto send_now; 2231 } 2232 2233 /* TODO : use tsorted_sent_queue ? */ 2234 head = tcp_rtx_queue_head(sk); 2235 if (!head) 2236 goto send_now; 2237 delta = tp->tcp_clock_cache - head->tstamp; 2238 /* If next ACK is likely to come too late (half srtt), do not defer */ 2239 if ((s64)(delta - (u64)NSEC_PER_USEC * (tp->srtt_us >> 4)) < 0) 2240 goto send_now; 2241 2242 /* Ok, it looks like it is advisable to defer. 2243 * Three cases are tracked : 2244 * 1) We are cwnd-limited 2245 * 2) We are rwnd-limited 2246 * 3) We are application limited. 2247 */ 2248 if (cong_win < send_win) { 2249 if (cong_win <= skb->len) { 2250 *is_cwnd_limited = true; 2251 return true; 2252 } 2253 } else { 2254 if (send_win <= skb->len) { 2255 *is_rwnd_limited = true; 2256 return true; 2257 } 2258 } 2259 2260 /* If this packet won't get more data, do not wait. */ 2261 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) || 2262 TCP_SKB_CB(skb)->eor) 2263 goto send_now; 2264 2265 return true; 2266 2267 send_now: 2268 return false; 2269 } 2270 tcp_mtu_check_reprobe(struct sock * sk)2271 static inline void tcp_mtu_check_reprobe(struct sock *sk) 2272 { 2273 struct inet_connection_sock *icsk = inet_csk(sk); 2274 struct tcp_sock *tp = tcp_sk(sk); 2275 struct net *net = sock_net(sk); 2276 u32 interval; 2277 s32 delta; 2278 2279 interval = net->ipv4.sysctl_tcp_probe_interval; 2280 delta = tcp_jiffies32 - icsk->icsk_mtup.probe_timestamp; 2281 if (unlikely(delta >= interval * HZ)) { 2282 int mss = tcp_current_mss(sk); 2283 2284 /* Update current search range */ 2285 icsk->icsk_mtup.probe_size = 0; 2286 icsk->icsk_mtup.search_high = tp->rx_opt.mss_clamp + 2287 sizeof(struct tcphdr) + 2288 icsk->icsk_af_ops->net_header_len; 2289 icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss); 2290 2291 /* Update probe time stamp */ 2292 icsk->icsk_mtup.probe_timestamp = tcp_jiffies32; 2293 } 2294 } 2295 tcp_can_coalesce_send_queue_head(struct sock * sk,int len)2296 static bool tcp_can_coalesce_send_queue_head(struct sock *sk, int len) 2297 { 2298 struct sk_buff *skb, *next; 2299 2300 skb = tcp_send_head(sk); 2301 tcp_for_write_queue_from_safe(skb, next, sk) { 2302 if (len <= skb->len) 2303 break; 2304 2305 if (unlikely(TCP_SKB_CB(skb)->eor) || tcp_has_tx_tstamp(skb)) 2306 return false; 2307 2308 len -= skb->len; 2309 } 2310 2311 return true; 2312 } 2313 2314 /* Create a new MTU probe if we are ready. 2315 * MTU probe is regularly attempting to increase the path MTU by 2316 * deliberately sending larger packets. This discovers routing 2317 * changes resulting in larger path MTUs. 2318 * 2319 * Returns 0 if we should wait to probe (no cwnd available), 2320 * 1 if a probe was sent, 2321 * -1 otherwise 2322 */ tcp_mtu_probe(struct sock * sk)2323 static int tcp_mtu_probe(struct sock *sk) 2324 { 2325 struct inet_connection_sock *icsk = inet_csk(sk); 2326 struct tcp_sock *tp = tcp_sk(sk); 2327 struct sk_buff *skb, *nskb, *next; 2328 struct net *net = sock_net(sk); 2329 int probe_size; 2330 int size_needed; 2331 int copy, len; 2332 int mss_now; 2333 int interval; 2334 2335 /* Not currently probing/verifying, 2336 * not in recovery, 2337 * have enough cwnd, and 2338 * not SACKing (the variable headers throw things off) 2339 */ 2340 if (likely(!icsk->icsk_mtup.enabled || 2341 icsk->icsk_mtup.probe_size || 2342 inet_csk(sk)->icsk_ca_state != TCP_CA_Open || 2343 tp->snd_cwnd < 11 || 2344 tp->rx_opt.num_sacks || tp->rx_opt.dsack)) 2345 return -1; 2346 2347 /* Use binary search for probe_size between tcp_mss_base, 2348 * and current mss_clamp. if (search_high - search_low) 2349 * smaller than a threshold, backoff from probing. 2350 */ 2351 mss_now = tcp_current_mss(sk); 2352 probe_size = tcp_mtu_to_mss(sk, (icsk->icsk_mtup.search_high + 2353 icsk->icsk_mtup.search_low) >> 1); 2354 size_needed = probe_size + (tp->reordering + 1) * tp->mss_cache; 2355 interval = icsk->icsk_mtup.search_high - icsk->icsk_mtup.search_low; 2356 /* When misfortune happens, we are reprobing actively, 2357 * and then reprobe timer has expired. We stick with current 2358 * probing process by not resetting search range to its orignal. 2359 */ 2360 if (probe_size > tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_high) || 2361 interval < net->ipv4.sysctl_tcp_probe_threshold) { 2362 /* Check whether enough time has elaplased for 2363 * another round of probing. 2364 */ 2365 tcp_mtu_check_reprobe(sk); 2366 return -1; 2367 } 2368 2369 /* Have enough data in the send queue to probe? */ 2370 if (tp->write_seq - tp->snd_nxt < size_needed) 2371 return -1; 2372 2373 if (tp->snd_wnd < size_needed) 2374 return -1; 2375 if (after(tp->snd_nxt + size_needed, tcp_wnd_end(tp))) 2376 return 0; 2377 2378 /* Do we need to wait to drain cwnd? With none in flight, don't stall */ 2379 if (tcp_packets_in_flight(tp) + 2 > tp->snd_cwnd) { 2380 if (!tcp_packets_in_flight(tp)) 2381 return -1; 2382 else 2383 return 0; 2384 } 2385 2386 if (!tcp_can_coalesce_send_queue_head(sk, probe_size)) 2387 return -1; 2388 2389 /* We're allowed to probe. Build it now. */ 2390 nskb = sk_stream_alloc_skb(sk, probe_size, GFP_ATOMIC, false); 2391 if (!nskb) 2392 return -1; 2393 sk_wmem_queued_add(sk, nskb->truesize); 2394 sk_mem_charge(sk, nskb->truesize); 2395 2396 skb = tcp_send_head(sk); 2397 skb_copy_decrypted(nskb, skb); 2398 2399 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq; 2400 TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size; 2401 TCP_SKB_CB(nskb)->tcp_flags = TCPHDR_ACK; 2402 TCP_SKB_CB(nskb)->sacked = 0; 2403 nskb->csum = 0; 2404 nskb->ip_summed = CHECKSUM_PARTIAL; 2405 2406 tcp_insert_write_queue_before(nskb, skb, sk); 2407 tcp_highest_sack_replace(sk, skb, nskb); 2408 2409 len = 0; 2410 tcp_for_write_queue_from_safe(skb, next, sk) { 2411 copy = min_t(int, skb->len, probe_size - len); 2412 skb_copy_bits(skb, 0, skb_put(nskb, copy), copy); 2413 2414 if (skb->len <= copy) { 2415 /* We've eaten all the data from this skb. 2416 * Throw it away. */ 2417 TCP_SKB_CB(nskb)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags; 2418 /* If this is the last SKB we copy and eor is set 2419 * we need to propagate it to the new skb. 2420 */ 2421 TCP_SKB_CB(nskb)->eor = TCP_SKB_CB(skb)->eor; 2422 tcp_skb_collapse_tstamp(nskb, skb); 2423 tcp_unlink_write_queue(skb, sk); 2424 sk_wmem_free_skb(sk, skb); 2425 } else { 2426 TCP_SKB_CB(nskb)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags & 2427 ~(TCPHDR_FIN|TCPHDR_PSH); 2428 if (!skb_shinfo(skb)->nr_frags) { 2429 skb_pull(skb, copy); 2430 } else { 2431 __pskb_trim_head(skb, copy); 2432 tcp_set_skb_tso_segs(skb, mss_now); 2433 } 2434 TCP_SKB_CB(skb)->seq += copy; 2435 } 2436 2437 len += copy; 2438 2439 if (len >= probe_size) 2440 break; 2441 } 2442 tcp_init_tso_segs(nskb, nskb->len); 2443 2444 /* We're ready to send. If this fails, the probe will 2445 * be resegmented into mss-sized pieces by tcp_write_xmit(). 2446 */ 2447 if (!tcp_transmit_skb(sk, nskb, 1, GFP_ATOMIC)) { 2448 /* Decrement cwnd here because we are sending 2449 * effectively two packets. */ 2450 tp->snd_cwnd--; 2451 tcp_event_new_data_sent(sk, nskb); 2452 2453 icsk->icsk_mtup.probe_size = tcp_mss_to_mtu(sk, nskb->len); 2454 tp->mtu_probe.probe_seq_start = TCP_SKB_CB(nskb)->seq; 2455 tp->mtu_probe.probe_seq_end = TCP_SKB_CB(nskb)->end_seq; 2456 2457 return 1; 2458 } 2459 2460 return -1; 2461 } 2462 tcp_pacing_check(struct sock * sk)2463 static bool tcp_pacing_check(struct sock *sk) 2464 { 2465 struct tcp_sock *tp = tcp_sk(sk); 2466 2467 if (!tcp_needs_internal_pacing(sk)) 2468 return false; 2469 2470 if (tp->tcp_wstamp_ns <= tp->tcp_clock_cache) 2471 return false; 2472 2473 if (!hrtimer_is_queued(&tp->pacing_timer)) { 2474 hrtimer_start(&tp->pacing_timer, 2475 ns_to_ktime(tp->tcp_wstamp_ns), 2476 HRTIMER_MODE_ABS_PINNED_SOFT); 2477 sock_hold(sk); 2478 } 2479 return true; 2480 } 2481 2482 /* TCP Small Queues : 2483 * Control number of packets in qdisc/devices to two packets / or ~1 ms. 2484 * (These limits are doubled for retransmits) 2485 * This allows for : 2486 * - better RTT estimation and ACK scheduling 2487 * - faster recovery 2488 * - high rates 2489 * Alas, some drivers / subsystems require a fair amount 2490 * of queued bytes to ensure line rate. 2491 * One example is wifi aggregation (802.11 AMPDU) 2492 */ tcp_small_queue_check(struct sock * sk,const struct sk_buff * skb,unsigned int factor)2493 static bool tcp_small_queue_check(struct sock *sk, const struct sk_buff *skb, 2494 unsigned int factor) 2495 { 2496 unsigned long limit; 2497 2498 limit = max_t(unsigned long, 2499 2 * skb->truesize, 2500 sk->sk_pacing_rate >> READ_ONCE(sk->sk_pacing_shift)); 2501 if (sk->sk_pacing_status == SK_PACING_NONE) 2502 limit = min_t(unsigned long, limit, 2503 sock_net(sk)->ipv4.sysctl_tcp_limit_output_bytes); 2504 limit <<= factor; 2505 2506 if (static_branch_unlikely(&tcp_tx_delay_enabled) && 2507 tcp_sk(sk)->tcp_tx_delay) { 2508 u64 extra_bytes = (u64)sk->sk_pacing_rate * tcp_sk(sk)->tcp_tx_delay; 2509 2510 /* TSQ is based on skb truesize sum (sk_wmem_alloc), so we 2511 * approximate our needs assuming an ~100% skb->truesize overhead. 2512 * USEC_PER_SEC is approximated by 2^20. 2513 * do_div(extra_bytes, USEC_PER_SEC/2) is replaced by a right shift. 2514 */ 2515 extra_bytes >>= (20 - 1); 2516 limit += extra_bytes; 2517 } 2518 if (refcount_read(&sk->sk_wmem_alloc) > limit) { 2519 /* Always send skb if rtx queue is empty. 2520 * No need to wait for TX completion to call us back, 2521 * after softirq/tasklet schedule. 2522 * This helps when TX completions are delayed too much. 2523 */ 2524 if (tcp_rtx_queue_empty(sk)) 2525 return false; 2526 2527 set_bit(TSQ_THROTTLED, &sk->sk_tsq_flags); 2528 /* It is possible TX completion already happened 2529 * before we set TSQ_THROTTLED, so we must 2530 * test again the condition. 2531 */ 2532 smp_mb__after_atomic(); 2533 if (refcount_read(&sk->sk_wmem_alloc) > limit) 2534 return true; 2535 } 2536 return false; 2537 } 2538 tcp_chrono_set(struct tcp_sock * tp,const enum tcp_chrono new)2539 static void tcp_chrono_set(struct tcp_sock *tp, const enum tcp_chrono new) 2540 { 2541 const u32 now = tcp_jiffies32; 2542 enum tcp_chrono old = tp->chrono_type; 2543 2544 if (old > TCP_CHRONO_UNSPEC) 2545 tp->chrono_stat[old - 1] += now - tp->chrono_start; 2546 tp->chrono_start = now; 2547 tp->chrono_type = new; 2548 } 2549 tcp_chrono_start(struct sock * sk,const enum tcp_chrono type)2550 void tcp_chrono_start(struct sock *sk, const enum tcp_chrono type) 2551 { 2552 struct tcp_sock *tp = tcp_sk(sk); 2553 2554 /* If there are multiple conditions worthy of tracking in a 2555 * chronograph then the highest priority enum takes precedence 2556 * over the other conditions. So that if something "more interesting" 2557 * starts happening, stop the previous chrono and start a new one. 2558 */ 2559 if (type > tp->chrono_type) 2560 tcp_chrono_set(tp, type); 2561 } 2562 tcp_chrono_stop(struct sock * sk,const enum tcp_chrono type)2563 void tcp_chrono_stop(struct sock *sk, const enum tcp_chrono type) 2564 { 2565 struct tcp_sock *tp = tcp_sk(sk); 2566 2567 2568 /* There are multiple conditions worthy of tracking in a 2569 * chronograph, so that the highest priority enum takes 2570 * precedence over the other conditions (see tcp_chrono_start). 2571 * If a condition stops, we only stop chrono tracking if 2572 * it's the "most interesting" or current chrono we are 2573 * tracking and starts busy chrono if we have pending data. 2574 */ 2575 if (tcp_rtx_and_write_queues_empty(sk)) 2576 tcp_chrono_set(tp, TCP_CHRONO_UNSPEC); 2577 else if (type == tp->chrono_type) 2578 tcp_chrono_set(tp, TCP_CHRONO_BUSY); 2579 } 2580 2581 /* This routine writes packets to the network. It advances the 2582 * send_head. This happens as incoming acks open up the remote 2583 * window for us. 2584 * 2585 * LARGESEND note: !tcp_urg_mode is overkill, only frames between 2586 * snd_up-64k-mss .. snd_up cannot be large. However, taking into 2587 * account rare use of URG, this is not a big flaw. 2588 * 2589 * Send at most one packet when push_one > 0. Temporarily ignore 2590 * cwnd limit to force at most one packet out when push_one == 2. 2591 2592 * Returns true, if no segments are in flight and we have queued segments, 2593 * but cannot send anything now because of SWS or another problem. 2594 */ tcp_write_xmit(struct sock * sk,unsigned int mss_now,int nonagle,int push_one,gfp_t gfp)2595 static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle, 2596 int push_one, gfp_t gfp) 2597 { 2598 struct tcp_sock *tp = tcp_sk(sk); 2599 struct sk_buff *skb; 2600 unsigned int tso_segs, sent_pkts; 2601 int cwnd_quota; 2602 int result; 2603 bool is_cwnd_limited = false, is_rwnd_limited = false; 2604 u32 max_segs; 2605 2606 sent_pkts = 0; 2607 2608 tcp_mstamp_refresh(tp); 2609 if (!push_one) { 2610 /* Do MTU probing. */ 2611 result = tcp_mtu_probe(sk); 2612 if (!result) { 2613 return false; 2614 } else if (result > 0) { 2615 sent_pkts = 1; 2616 } 2617 } 2618 2619 max_segs = tcp_tso_segs(sk, mss_now); 2620 while ((skb = tcp_send_head(sk))) { 2621 unsigned int limit; 2622 2623 if (unlikely(tp->repair) && tp->repair_queue == TCP_SEND_QUEUE) { 2624 /* "skb_mstamp_ns" is used as a start point for the retransmit timer */ 2625 skb->skb_mstamp_ns = tp->tcp_wstamp_ns = tp->tcp_clock_cache; 2626 list_move_tail(&skb->tcp_tsorted_anchor, &tp->tsorted_sent_queue); 2627 tcp_init_tso_segs(skb, mss_now); 2628 goto repair; /* Skip network transmission */ 2629 } 2630 2631 if (tcp_pacing_check(sk)) 2632 break; 2633 2634 tso_segs = tcp_init_tso_segs(skb, mss_now); 2635 BUG_ON(!tso_segs); 2636 2637 cwnd_quota = tcp_cwnd_test(tp, skb); 2638 if (!cwnd_quota) { 2639 if (push_one == 2) 2640 /* Force out a loss probe pkt. */ 2641 cwnd_quota = 1; 2642 else 2643 break; 2644 } 2645 2646 if (unlikely(!tcp_snd_wnd_test(tp, skb, mss_now))) { 2647 is_rwnd_limited = true; 2648 break; 2649 } 2650 2651 if (tso_segs == 1) { 2652 if (unlikely(!tcp_nagle_test(tp, skb, mss_now, 2653 (tcp_skb_is_last(sk, skb) ? 2654 nonagle : TCP_NAGLE_PUSH)))) 2655 break; 2656 } else { 2657 if (!push_one && 2658 tcp_tso_should_defer(sk, skb, &is_cwnd_limited, 2659 &is_rwnd_limited, max_segs)) 2660 break; 2661 } 2662 2663 limit = mss_now; 2664 if (tso_segs > 1 && !tcp_urg_mode(tp)) 2665 limit = tcp_mss_split_point(sk, skb, mss_now, 2666 min_t(unsigned int, 2667 cwnd_quota, 2668 max_segs), 2669 nonagle); 2670 2671 if (skb->len > limit && 2672 unlikely(tso_fragment(sk, skb, limit, mss_now, gfp))) 2673 break; 2674 2675 if (tcp_small_queue_check(sk, skb, 0)) 2676 break; 2677 2678 /* Argh, we hit an empty skb(), presumably a thread 2679 * is sleeping in sendmsg()/sk_stream_wait_memory(). 2680 * We do not want to send a pure-ack packet and have 2681 * a strange looking rtx queue with empty packet(s). 2682 */ 2683 if (TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq) 2684 break; 2685 2686 if (unlikely(tcp_transmit_skb(sk, skb, 1, gfp))) 2687 break; 2688 2689 repair: 2690 /* Advance the send_head. This one is sent out. 2691 * This call will increment packets_out. 2692 */ 2693 tcp_event_new_data_sent(sk, skb); 2694 2695 tcp_minshall_update(tp, mss_now, skb); 2696 sent_pkts += tcp_skb_pcount(skb); 2697 2698 if (push_one) 2699 break; 2700 } 2701 2702 if (is_rwnd_limited) 2703 tcp_chrono_start(sk, TCP_CHRONO_RWND_LIMITED); 2704 else 2705 tcp_chrono_stop(sk, TCP_CHRONO_RWND_LIMITED); 2706 2707 is_cwnd_limited |= (tcp_packets_in_flight(tp) >= tp->snd_cwnd); 2708 if (likely(sent_pkts || is_cwnd_limited)) 2709 tcp_cwnd_validate(sk, is_cwnd_limited); 2710 2711 if (likely(sent_pkts)) { 2712 if (tcp_in_cwnd_reduction(sk)) 2713 tp->prr_out += sent_pkts; 2714 2715 /* Send one loss probe per tail loss episode. */ 2716 if (push_one != 2) 2717 tcp_schedule_loss_probe(sk, false); 2718 return false; 2719 } 2720 return !tp->packets_out && !tcp_write_queue_empty(sk); 2721 } 2722 tcp_schedule_loss_probe(struct sock * sk,bool advancing_rto)2723 bool tcp_schedule_loss_probe(struct sock *sk, bool advancing_rto) 2724 { 2725 struct inet_connection_sock *icsk = inet_csk(sk); 2726 struct tcp_sock *tp = tcp_sk(sk); 2727 u32 timeout, rto_delta_us; 2728 int early_retrans; 2729 2730 /* Don't do any loss probe on a Fast Open connection before 3WHS 2731 * finishes. 2732 */ 2733 if (rcu_access_pointer(tp->fastopen_rsk)) 2734 return false; 2735 2736 early_retrans = sock_net(sk)->ipv4.sysctl_tcp_early_retrans; 2737 /* Schedule a loss probe in 2*RTT for SACK capable connections 2738 * not in loss recovery, that are either limited by cwnd or application. 2739 */ 2740 if ((early_retrans != 3 && early_retrans != 4) || 2741 !tp->packets_out || !tcp_is_sack(tp) || 2742 (icsk->icsk_ca_state != TCP_CA_Open && 2743 icsk->icsk_ca_state != TCP_CA_CWR)) 2744 return false; 2745 2746 /* Probe timeout is 2*rtt. Add minimum RTO to account 2747 * for delayed ack when there's one outstanding packet. If no RTT 2748 * sample is available then probe after TCP_TIMEOUT_INIT. 2749 */ 2750 if (tp->srtt_us) { 2751 timeout = usecs_to_jiffies(tp->srtt_us >> 2); 2752 if (tp->packets_out == 1) 2753 timeout += TCP_RTO_MIN; 2754 else 2755 timeout += TCP_TIMEOUT_MIN; 2756 } else { 2757 timeout = TCP_TIMEOUT_INIT; 2758 } 2759 2760 /* If the RTO formula yields an earlier time, then use that time. */ 2761 rto_delta_us = advancing_rto ? 2762 jiffies_to_usecs(inet_csk(sk)->icsk_rto) : 2763 tcp_rto_delta_us(sk); /* How far in future is RTO? */ 2764 if (rto_delta_us > 0) 2765 timeout = min_t(u32, timeout, usecs_to_jiffies(rto_delta_us)); 2766 2767 tcp_reset_xmit_timer(sk, ICSK_TIME_LOSS_PROBE, timeout, TCP_RTO_MAX); 2768 return true; 2769 } 2770 2771 /* Thanks to skb fast clones, we can detect if a prior transmit of 2772 * a packet is still in a qdisc or driver queue. 2773 * In this case, there is very little point doing a retransmit ! 2774 */ skb_still_in_host_queue(const struct sock * sk,const struct sk_buff * skb)2775 static bool skb_still_in_host_queue(const struct sock *sk, 2776 const struct sk_buff *skb) 2777 { 2778 if (unlikely(skb_fclone_busy(sk, skb))) { 2779 NET_INC_STATS(sock_net(sk), 2780 LINUX_MIB_TCPSPURIOUS_RTX_HOSTQUEUES); 2781 return true; 2782 } 2783 return false; 2784 } 2785 2786 /* When probe timeout (PTO) fires, try send a new segment if possible, else 2787 * retransmit the last segment. 2788 */ tcp_send_loss_probe(struct sock * sk)2789 void tcp_send_loss_probe(struct sock *sk) 2790 { 2791 struct tcp_sock *tp = tcp_sk(sk); 2792 struct sk_buff *skb; 2793 int pcount; 2794 int mss = tcp_current_mss(sk); 2795 2796 /* At most one outstanding TLP */ 2797 if (tp->tlp_high_seq) 2798 goto rearm_timer; 2799 2800 tp->tlp_retrans = 0; 2801 skb = tcp_send_head(sk); 2802 if (skb && tcp_snd_wnd_test(tp, skb, mss)) { 2803 pcount = tp->packets_out; 2804 tcp_write_xmit(sk, mss, TCP_NAGLE_OFF, 2, GFP_ATOMIC); 2805 if (tp->packets_out > pcount) 2806 goto probe_sent; 2807 goto rearm_timer; 2808 } 2809 skb = skb_rb_last(&sk->tcp_rtx_queue); 2810 if (unlikely(!skb)) { 2811 WARN_ONCE(tp->packets_out, 2812 "invalid inflight: %u state %u cwnd %u mss %d\n", 2813 tp->packets_out, sk->sk_state, tp->snd_cwnd, mss); 2814 inet_csk(sk)->icsk_pending = 0; 2815 return; 2816 } 2817 2818 if (skb_still_in_host_queue(sk, skb)) 2819 goto rearm_timer; 2820 2821 pcount = tcp_skb_pcount(skb); 2822 if (WARN_ON(!pcount)) 2823 goto rearm_timer; 2824 2825 if ((pcount > 1) && (skb->len > (pcount - 1) * mss)) { 2826 if (unlikely(tcp_fragment(sk, TCP_FRAG_IN_RTX_QUEUE, skb, 2827 (pcount - 1) * mss, mss, 2828 GFP_ATOMIC))) 2829 goto rearm_timer; 2830 skb = skb_rb_next(skb); 2831 } 2832 2833 if (WARN_ON(!skb || !tcp_skb_pcount(skb))) 2834 goto rearm_timer; 2835 2836 if (__tcp_retransmit_skb(sk, skb, 1)) 2837 goto rearm_timer; 2838 2839 tp->tlp_retrans = 1; 2840 2841 probe_sent: 2842 /* Record snd_nxt for loss detection. */ 2843 tp->tlp_high_seq = tp->snd_nxt; 2844 2845 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPLOSSPROBES); 2846 /* Reset s.t. tcp_rearm_rto will restart timer from now */ 2847 inet_csk(sk)->icsk_pending = 0; 2848 rearm_timer: 2849 tcp_rearm_rto(sk); 2850 } 2851 2852 /* Push out any pending frames which were held back due to 2853 * TCP_CORK or attempt at coalescing tiny packets. 2854 * The socket must be locked by the caller. 2855 */ __tcp_push_pending_frames(struct sock * sk,unsigned int cur_mss,int nonagle)2856 void __tcp_push_pending_frames(struct sock *sk, unsigned int cur_mss, 2857 int nonagle) 2858 { 2859 /* If we are closed, the bytes will have to remain here. 2860 * In time closedown will finish, we empty the write queue and 2861 * all will be happy. 2862 */ 2863 if (unlikely(sk->sk_state == TCP_CLOSE)) 2864 return; 2865 2866 if (tcp_write_xmit(sk, cur_mss, nonagle, 0, 2867 sk_gfp_mask(sk, GFP_ATOMIC))) 2868 tcp_check_probe_timer(sk); 2869 } 2870 2871 /* Send _single_ skb sitting at the send head. This function requires 2872 * true push pending frames to setup probe timer etc. 2873 */ tcp_push_one(struct sock * sk,unsigned int mss_now)2874 void tcp_push_one(struct sock *sk, unsigned int mss_now) 2875 { 2876 struct sk_buff *skb = tcp_send_head(sk); 2877 2878 BUG_ON(!skb || skb->len < mss_now); 2879 2880 tcp_write_xmit(sk, mss_now, TCP_NAGLE_PUSH, 1, sk->sk_allocation); 2881 } 2882 2883 /* This function returns the amount that we can raise the 2884 * usable window based on the following constraints 2885 * 2886 * 1. The window can never be shrunk once it is offered (RFC 793) 2887 * 2. We limit memory per socket 2888 * 2889 * RFC 1122: 2890 * "the suggested [SWS] avoidance algorithm for the receiver is to keep 2891 * RECV.NEXT + RCV.WIN fixed until: 2892 * RCV.BUFF - RCV.USER - RCV.WINDOW >= min(1/2 RCV.BUFF, MSS)" 2893 * 2894 * i.e. don't raise the right edge of the window until you can raise 2895 * it at least MSS bytes. 2896 * 2897 * Unfortunately, the recommended algorithm breaks header prediction, 2898 * since header prediction assumes th->window stays fixed. 2899 * 2900 * Strictly speaking, keeping th->window fixed violates the receiver 2901 * side SWS prevention criteria. The problem is that under this rule 2902 * a stream of single byte packets will cause the right side of the 2903 * window to always advance by a single byte. 2904 * 2905 * Of course, if the sender implements sender side SWS prevention 2906 * then this will not be a problem. 2907 * 2908 * BSD seems to make the following compromise: 2909 * 2910 * If the free space is less than the 1/4 of the maximum 2911 * space available and the free space is less than 1/2 mss, 2912 * then set the window to 0. 2913 * [ Actually, bsd uses MSS and 1/4 of maximal _window_ ] 2914 * Otherwise, just prevent the window from shrinking 2915 * and from being larger than the largest representable value. 2916 * 2917 * This prevents incremental opening of the window in the regime 2918 * where TCP is limited by the speed of the reader side taking 2919 * data out of the TCP receive queue. It does nothing about 2920 * those cases where the window is constrained on the sender side 2921 * because the pipeline is full. 2922 * 2923 * BSD also seems to "accidentally" limit itself to windows that are a 2924 * multiple of MSS, at least until the free space gets quite small. 2925 * This would appear to be a side effect of the mbuf implementation. 2926 * Combining these two algorithms results in the observed behavior 2927 * of having a fixed window size at almost all times. 2928 * 2929 * Below we obtain similar behavior by forcing the offered window to 2930 * a multiple of the mss when it is feasible to do so. 2931 * 2932 * Note, we don't "adjust" for TIMESTAMP or SACK option bytes. 2933 * Regular options like TIMESTAMP are taken into account. 2934 */ __tcp_select_window(struct sock * sk)2935 u32 __tcp_select_window(struct sock *sk) 2936 { 2937 struct inet_connection_sock *icsk = inet_csk(sk); 2938 struct tcp_sock *tp = tcp_sk(sk); 2939 /* MSS for the peer's data. Previous versions used mss_clamp 2940 * here. I don't know if the value based on our guesses 2941 * of peer's MSS is better for the performance. It's more correct 2942 * but may be worse for the performance because of rcv_mss 2943 * fluctuations. --SAW 1998/11/1 2944 */ 2945 int mss = icsk->icsk_ack.rcv_mss; 2946 int free_space = tcp_space(sk); 2947 int allowed_space = tcp_full_space(sk); 2948 int full_space, window; 2949 2950 if (sk_is_mptcp(sk)) 2951 mptcp_space(sk, &free_space, &allowed_space); 2952 2953 full_space = min_t(int, tp->window_clamp, allowed_space); 2954 2955 if (unlikely(mss > full_space)) { 2956 mss = full_space; 2957 if (mss <= 0) 2958 return 0; 2959 } 2960 if (free_space < (full_space >> 1)) { 2961 icsk->icsk_ack.quick = 0; 2962 2963 if (tcp_under_memory_pressure(sk)) 2964 tp->rcv_ssthresh = min(tp->rcv_ssthresh, 2965 4U * tp->advmss); 2966 2967 /* free_space might become our new window, make sure we don't 2968 * increase it due to wscale. 2969 */ 2970 free_space = round_down(free_space, 1 << tp->rx_opt.rcv_wscale); 2971 2972 /* if free space is less than mss estimate, or is below 1/16th 2973 * of the maximum allowed, try to move to zero-window, else 2974 * tcp_clamp_window() will grow rcv buf up to tcp_rmem[2], and 2975 * new incoming data is dropped due to memory limits. 2976 * With large window, mss test triggers way too late in order 2977 * to announce zero window in time before rmem limit kicks in. 2978 */ 2979 if (free_space < (allowed_space >> 4) || free_space < mss) 2980 return 0; 2981 } 2982 2983 if (free_space > tp->rcv_ssthresh) 2984 free_space = tp->rcv_ssthresh; 2985 2986 /* Don't do rounding if we are using window scaling, since the 2987 * scaled window will not line up with the MSS boundary anyway. 2988 */ 2989 if (tp->rx_opt.rcv_wscale) { 2990 window = free_space; 2991 2992 /* Advertise enough space so that it won't get scaled away. 2993 * Import case: prevent zero window announcement if 2994 * 1<<rcv_wscale > mss. 2995 */ 2996 window = ALIGN(window, (1 << tp->rx_opt.rcv_wscale)); 2997 } else { 2998 window = tp->rcv_wnd; 2999 /* Get the largest window that is a nice multiple of mss. 3000 * Window clamp already applied above. 3001 * If our current window offering is within 1 mss of the 3002 * free space we just keep it. This prevents the divide 3003 * and multiply from happening most of the time. 3004 * We also don't do any window rounding when the free space 3005 * is too small. 3006 */ 3007 if (window <= free_space - mss || window > free_space) 3008 window = rounddown(free_space, mss); 3009 else if (mss == full_space && 3010 free_space > window + (full_space >> 1)) 3011 window = free_space; 3012 } 3013 3014 return window; 3015 } 3016 tcp_skb_collapse_tstamp(struct sk_buff * skb,const struct sk_buff * next_skb)3017 void tcp_skb_collapse_tstamp(struct sk_buff *skb, 3018 const struct sk_buff *next_skb) 3019 { 3020 if (unlikely(tcp_has_tx_tstamp(next_skb))) { 3021 const struct skb_shared_info *next_shinfo = 3022 skb_shinfo(next_skb); 3023 struct skb_shared_info *shinfo = skb_shinfo(skb); 3024 3025 shinfo->tx_flags |= next_shinfo->tx_flags & SKBTX_ANY_TSTAMP; 3026 shinfo->tskey = next_shinfo->tskey; 3027 TCP_SKB_CB(skb)->txstamp_ack |= 3028 TCP_SKB_CB(next_skb)->txstamp_ack; 3029 } 3030 } 3031 3032 /* Collapses two adjacent SKB's during retransmission. */ tcp_collapse_retrans(struct sock * sk,struct sk_buff * skb)3033 static bool tcp_collapse_retrans(struct sock *sk, struct sk_buff *skb) 3034 { 3035 struct tcp_sock *tp = tcp_sk(sk); 3036 struct sk_buff *next_skb = skb_rb_next(skb); 3037 int next_skb_size; 3038 3039 next_skb_size = next_skb->len; 3040 3041 BUG_ON(tcp_skb_pcount(skb) != 1 || tcp_skb_pcount(next_skb) != 1); 3042 3043 if (next_skb_size) { 3044 if (next_skb_size <= skb_availroom(skb)) 3045 skb_copy_bits(next_skb, 0, skb_put(skb, next_skb_size), 3046 next_skb_size); 3047 else if (!tcp_skb_shift(skb, next_skb, 1, next_skb_size)) 3048 return false; 3049 } 3050 tcp_highest_sack_replace(sk, next_skb, skb); 3051 3052 /* Update sequence range on original skb. */ 3053 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(next_skb)->end_seq; 3054 3055 /* Merge over control information. This moves PSH/FIN etc. over */ 3056 TCP_SKB_CB(skb)->tcp_flags |= TCP_SKB_CB(next_skb)->tcp_flags; 3057 3058 /* All done, get rid of second SKB and account for it so 3059 * packet counting does not break. 3060 */ 3061 TCP_SKB_CB(skb)->sacked |= TCP_SKB_CB(next_skb)->sacked & TCPCB_EVER_RETRANS; 3062 TCP_SKB_CB(skb)->eor = TCP_SKB_CB(next_skb)->eor; 3063 3064 /* changed transmit queue under us so clear hints */ 3065 tcp_clear_retrans_hints_partial(tp); 3066 if (next_skb == tp->retransmit_skb_hint) 3067 tp->retransmit_skb_hint = skb; 3068 3069 tcp_adjust_pcount(sk, next_skb, tcp_skb_pcount(next_skb)); 3070 3071 tcp_skb_collapse_tstamp(skb, next_skb); 3072 3073 tcp_rtx_queue_unlink_and_free(next_skb, sk); 3074 return true; 3075 } 3076 3077 /* Check if coalescing SKBs is legal. */ tcp_can_collapse(const struct sock * sk,const struct sk_buff * skb)3078 static bool tcp_can_collapse(const struct sock *sk, const struct sk_buff *skb) 3079 { 3080 if (tcp_skb_pcount(skb) > 1) 3081 return false; 3082 if (skb_cloned(skb)) 3083 return false; 3084 /* Some heuristics for collapsing over SACK'd could be invented */ 3085 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED) 3086 return false; 3087 3088 return true; 3089 } 3090 3091 /* Collapse packets in the retransmit queue to make to create 3092 * less packets on the wire. This is only done on retransmission. 3093 */ tcp_retrans_try_collapse(struct sock * sk,struct sk_buff * to,int space)3094 static void tcp_retrans_try_collapse(struct sock *sk, struct sk_buff *to, 3095 int space) 3096 { 3097 struct tcp_sock *tp = tcp_sk(sk); 3098 struct sk_buff *skb = to, *tmp; 3099 bool first = true; 3100 3101 if (!sock_net(sk)->ipv4.sysctl_tcp_retrans_collapse) 3102 return; 3103 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN) 3104 return; 3105 3106 skb_rbtree_walk_from_safe(skb, tmp) { 3107 if (!tcp_can_collapse(sk, skb)) 3108 break; 3109 3110 if (!tcp_skb_can_collapse(to, skb)) 3111 break; 3112 3113 space -= skb->len; 3114 3115 if (first) { 3116 first = false; 3117 continue; 3118 } 3119 3120 if (space < 0) 3121 break; 3122 3123 if (after(TCP_SKB_CB(skb)->end_seq, tcp_wnd_end(tp))) 3124 break; 3125 3126 if (!tcp_collapse_retrans(sk, to)) 3127 break; 3128 } 3129 } 3130 3131 /* This retransmits one SKB. Policy decisions and retransmit queue 3132 * state updates are done by the caller. Returns non-zero if an 3133 * error occurred which prevented the send. 3134 */ __tcp_retransmit_skb(struct sock * sk,struct sk_buff * skb,int segs)3135 int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs) 3136 { 3137 struct inet_connection_sock *icsk = inet_csk(sk); 3138 struct tcp_sock *tp = tcp_sk(sk); 3139 unsigned int cur_mss; 3140 int diff, len, err; 3141 3142 3143 /* Inconclusive MTU probe */ 3144 if (icsk->icsk_mtup.probe_size) 3145 icsk->icsk_mtup.probe_size = 0; 3146 3147 /* Do not sent more than we queued. 1/4 is reserved for possible 3148 * copying overhead: fragmentation, tunneling, mangling etc. 3149 */ 3150 if (refcount_read(&sk->sk_wmem_alloc) > 3151 min_t(u32, sk->sk_wmem_queued + (sk->sk_wmem_queued >> 2), 3152 sk->sk_sndbuf)) 3153 return -EAGAIN; 3154 3155 if (skb_still_in_host_queue(sk, skb)) 3156 return -EBUSY; 3157 3158 if (before(TCP_SKB_CB(skb)->seq, tp->snd_una)) { 3159 if (unlikely(before(TCP_SKB_CB(skb)->end_seq, tp->snd_una))) { 3160 WARN_ON_ONCE(1); 3161 return -EINVAL; 3162 } 3163 if (tcp_trim_head(sk, skb, tp->snd_una - TCP_SKB_CB(skb)->seq)) 3164 return -ENOMEM; 3165 } 3166 3167 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk)) 3168 return -EHOSTUNREACH; /* Routing failure or similar. */ 3169 3170 cur_mss = tcp_current_mss(sk); 3171 3172 /* If receiver has shrunk his window, and skb is out of 3173 * new window, do not retransmit it. The exception is the 3174 * case, when window is shrunk to zero. In this case 3175 * our retransmit serves as a zero window probe. 3176 */ 3177 if (!before(TCP_SKB_CB(skb)->seq, tcp_wnd_end(tp)) && 3178 TCP_SKB_CB(skb)->seq != tp->snd_una) 3179 return -EAGAIN; 3180 3181 len = cur_mss * segs; 3182 if (skb->len > len) { 3183 if (tcp_fragment(sk, TCP_FRAG_IN_RTX_QUEUE, skb, len, 3184 cur_mss, GFP_ATOMIC)) 3185 return -ENOMEM; /* We'll try again later. */ 3186 } else { 3187 if (skb_unclone(skb, GFP_ATOMIC)) 3188 return -ENOMEM; 3189 3190 diff = tcp_skb_pcount(skb); 3191 tcp_set_skb_tso_segs(skb, cur_mss); 3192 diff -= tcp_skb_pcount(skb); 3193 if (diff) 3194 tcp_adjust_pcount(sk, skb, diff); 3195 if (skb->len < cur_mss) 3196 tcp_retrans_try_collapse(sk, skb, cur_mss); 3197 } 3198 3199 /* RFC3168, section 6.1.1.1. ECN fallback */ 3200 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN_ECN) == TCPHDR_SYN_ECN) 3201 tcp_ecn_clear_syn(sk, skb); 3202 3203 /* Update global and local TCP statistics. */ 3204 segs = tcp_skb_pcount(skb); 3205 TCP_ADD_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS, segs); 3206 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN) 3207 __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNRETRANS); 3208 tp->total_retrans += segs; 3209 tp->bytes_retrans += skb->len; 3210 3211 /* make sure skb->data is aligned on arches that require it 3212 * and check if ack-trimming & collapsing extended the headroom 3213 * beyond what csum_start can cover. 3214 */ 3215 if (unlikely((NET_IP_ALIGN && ((unsigned long)skb->data & 3)) || 3216 skb_headroom(skb) >= 0xFFFF)) { 3217 struct sk_buff *nskb; 3218 3219 tcp_skb_tsorted_save(skb) { 3220 nskb = __pskb_copy(skb, MAX_TCP_HEADER, GFP_ATOMIC); 3221 if (nskb) { 3222 nskb->dev = NULL; 3223 err = tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC); 3224 } else { 3225 err = -ENOBUFS; 3226 } 3227 } tcp_skb_tsorted_restore(skb); 3228 3229 if (!err) { 3230 tcp_update_skb_after_send(sk, skb, tp->tcp_wstamp_ns); 3231 tcp_rate_skb_sent(sk, skb); 3232 } 3233 } else { 3234 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC); 3235 } 3236 3237 /* To avoid taking spuriously low RTT samples based on a timestamp 3238 * for a transmit that never happened, always mark EVER_RETRANS 3239 */ 3240 TCP_SKB_CB(skb)->sacked |= TCPCB_EVER_RETRANS; 3241 3242 if (BPF_SOCK_OPS_TEST_FLAG(tp, BPF_SOCK_OPS_RETRANS_CB_FLAG)) 3243 tcp_call_bpf_3arg(sk, BPF_SOCK_OPS_RETRANS_CB, 3244 TCP_SKB_CB(skb)->seq, segs, err); 3245 3246 if (likely(!err)) { 3247 trace_tcp_retransmit_skb(sk, skb); 3248 } else if (err != -EBUSY) { 3249 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPRETRANSFAIL, segs); 3250 } 3251 return err; 3252 } 3253 tcp_retransmit_skb(struct sock * sk,struct sk_buff * skb,int segs)3254 int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs) 3255 { 3256 struct tcp_sock *tp = tcp_sk(sk); 3257 int err = __tcp_retransmit_skb(sk, skb, segs); 3258 3259 if (err == 0) { 3260 #if FASTRETRANS_DEBUG > 0 3261 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS) { 3262 net_dbg_ratelimited("retrans_out leaked\n"); 3263 } 3264 #endif 3265 TCP_SKB_CB(skb)->sacked |= TCPCB_RETRANS; 3266 tp->retrans_out += tcp_skb_pcount(skb); 3267 } 3268 3269 /* Save stamp of the first (attempted) retransmit. */ 3270 if (!tp->retrans_stamp) 3271 tp->retrans_stamp = tcp_skb_timestamp(skb); 3272 3273 if (tp->undo_retrans < 0) 3274 tp->undo_retrans = 0; 3275 tp->undo_retrans += tcp_skb_pcount(skb); 3276 return err; 3277 } 3278 3279 /* This gets called after a retransmit timeout, and the initially 3280 * retransmitted data is acknowledged. It tries to continue 3281 * resending the rest of the retransmit queue, until either 3282 * we've sent it all or the congestion window limit is reached. 3283 */ tcp_xmit_retransmit_queue(struct sock * sk)3284 void tcp_xmit_retransmit_queue(struct sock *sk) 3285 { 3286 const struct inet_connection_sock *icsk = inet_csk(sk); 3287 struct sk_buff *skb, *rtx_head, *hole = NULL; 3288 struct tcp_sock *tp = tcp_sk(sk); 3289 bool rearm_timer = false; 3290 u32 max_segs; 3291 int mib_idx; 3292 3293 if (!tp->packets_out) 3294 return; 3295 3296 rtx_head = tcp_rtx_queue_head(sk); 3297 skb = tp->retransmit_skb_hint ?: rtx_head; 3298 max_segs = tcp_tso_segs(sk, tcp_current_mss(sk)); 3299 skb_rbtree_walk_from(skb) { 3300 __u8 sacked; 3301 int segs; 3302 3303 if (tcp_pacing_check(sk)) 3304 break; 3305 3306 /* we could do better than to assign each time */ 3307 if (!hole) 3308 tp->retransmit_skb_hint = skb; 3309 3310 segs = tp->snd_cwnd - tcp_packets_in_flight(tp); 3311 if (segs <= 0) 3312 break; 3313 sacked = TCP_SKB_CB(skb)->sacked; 3314 /* In case tcp_shift_skb_data() have aggregated large skbs, 3315 * we need to make sure not sending too bigs TSO packets 3316 */ 3317 segs = min_t(int, segs, max_segs); 3318 3319 if (tp->retrans_out >= tp->lost_out) { 3320 break; 3321 } else if (!(sacked & TCPCB_LOST)) { 3322 if (!hole && !(sacked & (TCPCB_SACKED_RETRANS|TCPCB_SACKED_ACKED))) 3323 hole = skb; 3324 continue; 3325 3326 } else { 3327 if (icsk->icsk_ca_state != TCP_CA_Loss) 3328 mib_idx = LINUX_MIB_TCPFASTRETRANS; 3329 else 3330 mib_idx = LINUX_MIB_TCPSLOWSTARTRETRANS; 3331 } 3332 3333 if (sacked & (TCPCB_SACKED_ACKED|TCPCB_SACKED_RETRANS)) 3334 continue; 3335 3336 if (tcp_small_queue_check(sk, skb, 1)) 3337 break; 3338 3339 if (tcp_retransmit_skb(sk, skb, segs)) 3340 break; 3341 3342 NET_ADD_STATS(sock_net(sk), mib_idx, tcp_skb_pcount(skb)); 3343 3344 if (tcp_in_cwnd_reduction(sk)) 3345 tp->prr_out += tcp_skb_pcount(skb); 3346 3347 if (skb == rtx_head && 3348 icsk->icsk_pending != ICSK_TIME_REO_TIMEOUT) 3349 rearm_timer = true; 3350 3351 } 3352 if (rearm_timer) 3353 tcp_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 3354 inet_csk(sk)->icsk_rto, 3355 TCP_RTO_MAX); 3356 } 3357 3358 /* We allow to exceed memory limits for FIN packets to expedite 3359 * connection tear down and (memory) recovery. 3360 * Otherwise tcp_send_fin() could be tempted to either delay FIN 3361 * or even be forced to close flow without any FIN. 3362 * In general, we want to allow one skb per socket to avoid hangs 3363 * with edge trigger epoll() 3364 */ sk_forced_mem_schedule(struct sock * sk,int size)3365 void sk_forced_mem_schedule(struct sock *sk, int size) 3366 { 3367 int amt; 3368 3369 if (size <= sk->sk_forward_alloc) 3370 return; 3371 amt = sk_mem_pages(size); 3372 sk->sk_forward_alloc += amt * SK_MEM_QUANTUM; 3373 sk_memory_allocated_add(sk, amt); 3374 3375 if (mem_cgroup_sockets_enabled && sk->sk_memcg) 3376 mem_cgroup_charge_skmem(sk->sk_memcg, amt); 3377 } 3378 3379 /* Send a FIN. The caller locks the socket for us. 3380 * We should try to send a FIN packet really hard, but eventually give up. 3381 */ tcp_send_fin(struct sock * sk)3382 void tcp_send_fin(struct sock *sk) 3383 { 3384 struct sk_buff *skb, *tskb, *tail = tcp_write_queue_tail(sk); 3385 struct tcp_sock *tp = tcp_sk(sk); 3386 3387 /* Optimization, tack on the FIN if we have one skb in write queue and 3388 * this skb was not yet sent, or we are under memory pressure. 3389 * Note: in the latter case, FIN packet will be sent after a timeout, 3390 * as TCP stack thinks it has already been transmitted. 3391 */ 3392 tskb = tail; 3393 if (!tskb && tcp_under_memory_pressure(sk)) 3394 tskb = skb_rb_last(&sk->tcp_rtx_queue); 3395 3396 if (tskb) { 3397 TCP_SKB_CB(tskb)->tcp_flags |= TCPHDR_FIN; 3398 TCP_SKB_CB(tskb)->end_seq++; 3399 tp->write_seq++; 3400 if (!tail) { 3401 /* This means tskb was already sent. 3402 * Pretend we included the FIN on previous transmit. 3403 * We need to set tp->snd_nxt to the value it would have 3404 * if FIN had been sent. This is because retransmit path 3405 * does not change tp->snd_nxt. 3406 */ 3407 WRITE_ONCE(tp->snd_nxt, tp->snd_nxt + 1); 3408 return; 3409 } 3410 } else { 3411 skb = alloc_skb_fclone(MAX_TCP_HEADER, sk->sk_allocation); 3412 if (unlikely(!skb)) 3413 return; 3414 3415 INIT_LIST_HEAD(&skb->tcp_tsorted_anchor); 3416 skb_reserve(skb, MAX_TCP_HEADER); 3417 sk_forced_mem_schedule(sk, skb->truesize); 3418 /* FIN eats a sequence byte, write_seq advanced by tcp_queue_skb(). */ 3419 tcp_init_nondata_skb(skb, tp->write_seq, 3420 TCPHDR_ACK | TCPHDR_FIN); 3421 tcp_queue_skb(sk, skb); 3422 } 3423 __tcp_push_pending_frames(sk, tcp_current_mss(sk), TCP_NAGLE_OFF); 3424 } 3425 3426 /* We get here when a process closes a file descriptor (either due to 3427 * an explicit close() or as a byproduct of exit()'ing) and there 3428 * was unread data in the receive queue. This behavior is recommended 3429 * by RFC 2525, section 2.17. -DaveM 3430 */ tcp_send_active_reset(struct sock * sk,gfp_t priority)3431 void tcp_send_active_reset(struct sock *sk, gfp_t priority) 3432 { 3433 struct sk_buff *skb; 3434 3435 TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTRSTS); 3436 3437 /* NOTE: No TCP options attached and we never retransmit this. */ 3438 skb = alloc_skb(MAX_TCP_HEADER, priority); 3439 if (!skb) { 3440 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED); 3441 return; 3442 } 3443 3444 /* Reserve space for headers and prepare control bits. */ 3445 skb_reserve(skb, MAX_TCP_HEADER); 3446 tcp_init_nondata_skb(skb, tcp_acceptable_seq(sk), 3447 TCPHDR_ACK | TCPHDR_RST); 3448 tcp_mstamp_refresh(tcp_sk(sk)); 3449 /* Send it off. */ 3450 if (tcp_transmit_skb(sk, skb, 0, priority)) 3451 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED); 3452 3453 /* skb of trace_tcp_send_reset() keeps the skb that caused RST, 3454 * skb here is different to the troublesome skb, so use NULL 3455 */ 3456 trace_tcp_send_reset(sk, NULL); 3457 } 3458 3459 /* Send a crossed SYN-ACK during socket establishment. 3460 * WARNING: This routine must only be called when we have already sent 3461 * a SYN packet that crossed the incoming SYN that caused this routine 3462 * to get called. If this assumption fails then the initial rcv_wnd 3463 * and rcv_wscale values will not be correct. 3464 */ tcp_send_synack(struct sock * sk)3465 int tcp_send_synack(struct sock *sk) 3466 { 3467 struct sk_buff *skb; 3468 3469 skb = tcp_rtx_queue_head(sk); 3470 if (!skb || !(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)) { 3471 pr_err("%s: wrong queue state\n", __func__); 3472 return -EFAULT; 3473 } 3474 if (!(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_ACK)) { 3475 if (skb_cloned(skb)) { 3476 struct sk_buff *nskb; 3477 3478 tcp_skb_tsorted_save(skb) { 3479 nskb = skb_copy(skb, GFP_ATOMIC); 3480 } tcp_skb_tsorted_restore(skb); 3481 if (!nskb) 3482 return -ENOMEM; 3483 INIT_LIST_HEAD(&nskb->tcp_tsorted_anchor); 3484 tcp_highest_sack_replace(sk, skb, nskb); 3485 tcp_rtx_queue_unlink_and_free(skb, sk); 3486 __skb_header_release(nskb); 3487 tcp_rbtree_insert(&sk->tcp_rtx_queue, nskb); 3488 sk_wmem_queued_add(sk, nskb->truesize); 3489 sk_mem_charge(sk, nskb->truesize); 3490 skb = nskb; 3491 } 3492 3493 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_ACK; 3494 tcp_ecn_send_synack(sk, skb); 3495 } 3496 return tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC); 3497 } 3498 3499 /** 3500 * tcp_make_synack - Allocate one skb and build a SYNACK packet. 3501 * @sk: listener socket 3502 * @dst: dst entry attached to the SYNACK. It is consumed and caller 3503 * should not use it again. 3504 * @req: request_sock pointer 3505 * @foc: cookie for tcp fast open 3506 * @synack_type: Type of synack to prepare 3507 * @syn_skb: SYN packet just received. It could be NULL for rtx case. 3508 */ tcp_make_synack(const struct sock * sk,struct dst_entry * dst,struct request_sock * req,struct tcp_fastopen_cookie * foc,enum tcp_synack_type synack_type,struct sk_buff * syn_skb)3509 struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, 3510 struct request_sock *req, 3511 struct tcp_fastopen_cookie *foc, 3512 enum tcp_synack_type synack_type, 3513 struct sk_buff *syn_skb) 3514 { 3515 struct inet_request_sock *ireq = inet_rsk(req); 3516 const struct tcp_sock *tp = tcp_sk(sk); 3517 struct tcp_md5sig_key *md5 = NULL; 3518 struct tcp_out_options opts; 3519 struct sk_buff *skb; 3520 int tcp_header_size; 3521 struct tcphdr *th; 3522 int mss; 3523 u64 now; 3524 3525 skb = alloc_skb(MAX_TCP_HEADER, GFP_ATOMIC); 3526 if (unlikely(!skb)) { 3527 dst_release(dst); 3528 return NULL; 3529 } 3530 /* Reserve space for headers. */ 3531 skb_reserve(skb, MAX_TCP_HEADER); 3532 3533 switch (synack_type) { 3534 case TCP_SYNACK_NORMAL: 3535 skb_set_owner_w(skb, req_to_sk(req)); 3536 break; 3537 case TCP_SYNACK_COOKIE: 3538 /* Under synflood, we do not attach skb to a socket, 3539 * to avoid false sharing. 3540 */ 3541 break; 3542 case TCP_SYNACK_FASTOPEN: 3543 /* sk is a const pointer, because we want to express multiple 3544 * cpu might call us concurrently. 3545 * sk->sk_wmem_alloc in an atomic, we can promote to rw. 3546 */ 3547 skb_set_owner_w(skb, (struct sock *)sk); 3548 break; 3549 } 3550 skb_dst_set(skb, dst); 3551 3552 mss = tcp_mss_clamp(tp, dst_metric_advmss(dst)); 3553 3554 memset(&opts, 0, sizeof(opts)); 3555 now = tcp_clock_ns(); 3556 #ifdef CONFIG_SYN_COOKIES 3557 if (unlikely(synack_type == TCP_SYNACK_COOKIE && ireq->tstamp_ok)) 3558 skb->skb_mstamp_ns = cookie_init_timestamp(req, now); 3559 else 3560 #endif 3561 { 3562 skb->skb_mstamp_ns = now; 3563 if (!tcp_rsk(req)->snt_synack) /* Timestamp first SYNACK */ 3564 tcp_rsk(req)->snt_synack = tcp_skb_timestamp_us(skb); 3565 } 3566 3567 #ifdef CONFIG_TCP_MD5SIG 3568 rcu_read_lock(); 3569 md5 = tcp_rsk(req)->af_specific->req_md5_lookup(sk, req_to_sk(req)); 3570 #endif 3571 skb_set_hash(skb, tcp_rsk(req)->txhash, PKT_HASH_TYPE_L4); 3572 /* bpf program will be interested in the tcp_flags */ 3573 TCP_SKB_CB(skb)->tcp_flags = TCPHDR_SYN | TCPHDR_ACK; 3574 tcp_header_size = tcp_synack_options(sk, req, mss, skb, &opts, md5, 3575 foc, synack_type, 3576 syn_skb) + sizeof(*th); 3577 3578 skb_push(skb, tcp_header_size); 3579 skb_reset_transport_header(skb); 3580 3581 th = (struct tcphdr *)skb->data; 3582 memset(th, 0, sizeof(struct tcphdr)); 3583 th->syn = 1; 3584 th->ack = 1; 3585 tcp_ecn_make_synack(req, th); 3586 th->source = htons(ireq->ir_num); 3587 th->dest = ireq->ir_rmt_port; 3588 skb->mark = ireq->ir_mark; 3589 skb->ip_summed = CHECKSUM_PARTIAL; 3590 th->seq = htonl(tcp_rsk(req)->snt_isn); 3591 /* XXX data is queued and acked as is. No buffer/window check */ 3592 th->ack_seq = htonl(tcp_rsk(req)->rcv_nxt); 3593 3594 /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */ 3595 th->window = htons(min(req->rsk_rcv_wnd, 65535U)); 3596 tcp_options_write((__be32 *)(th + 1), NULL, &opts); 3597 th->doff = (tcp_header_size >> 2); 3598 __TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTSEGS); 3599 3600 #ifdef CONFIG_TCP_MD5SIG 3601 /* Okay, we have all we need - do the md5 hash if needed */ 3602 if (md5) 3603 tcp_rsk(req)->af_specific->calc_md5_hash(opts.hash_location, 3604 md5, req_to_sk(req), skb); 3605 rcu_read_unlock(); 3606 #endif 3607 3608 bpf_skops_write_hdr_opt((struct sock *)sk, skb, req, syn_skb, 3609 synack_type, &opts); 3610 3611 skb->skb_mstamp_ns = now; 3612 tcp_add_tx_delay(skb, tp); 3613 3614 return skb; 3615 } 3616 EXPORT_SYMBOL(tcp_make_synack); 3617 tcp_ca_dst_init(struct sock * sk,const struct dst_entry * dst)3618 static void tcp_ca_dst_init(struct sock *sk, const struct dst_entry *dst) 3619 { 3620 struct inet_connection_sock *icsk = inet_csk(sk); 3621 const struct tcp_congestion_ops *ca; 3622 u32 ca_key = dst_metric(dst, RTAX_CC_ALGO); 3623 3624 if (ca_key == TCP_CA_UNSPEC) 3625 return; 3626 3627 rcu_read_lock(); 3628 ca = tcp_ca_find_key(ca_key); 3629 if (likely(ca && bpf_try_module_get(ca, ca->owner))) { 3630 bpf_module_put(icsk->icsk_ca_ops, icsk->icsk_ca_ops->owner); 3631 icsk->icsk_ca_dst_locked = tcp_ca_dst_locked(dst); 3632 icsk->icsk_ca_ops = ca; 3633 } 3634 rcu_read_unlock(); 3635 } 3636 3637 /* Do all connect socket setups that can be done AF independent. */ tcp_connect_init(struct sock * sk)3638 static void tcp_connect_init(struct sock *sk) 3639 { 3640 const struct dst_entry *dst = __sk_dst_get(sk); 3641 struct tcp_sock *tp = tcp_sk(sk); 3642 __u8 rcv_wscale; 3643 u32 rcv_wnd; 3644 3645 /* We'll fix this up when we get a response from the other end. 3646 * See tcp_input.c:tcp_rcv_state_process case TCP_SYN_SENT. 3647 */ 3648 tp->tcp_header_len = sizeof(struct tcphdr); 3649 if (sock_net(sk)->ipv4.sysctl_tcp_timestamps) 3650 tp->tcp_header_len += TCPOLEN_TSTAMP_ALIGNED; 3651 3652 #ifdef CONFIG_TCP_MD5SIG 3653 if (tp->af_specific->md5_lookup(sk, sk)) 3654 tp->tcp_header_len += TCPOLEN_MD5SIG_ALIGNED; 3655 #endif 3656 3657 /* If user gave his TCP_MAXSEG, record it to clamp */ 3658 if (tp->rx_opt.user_mss) 3659 tp->rx_opt.mss_clamp = tp->rx_opt.user_mss; 3660 tp->max_window = 0; 3661 tcp_mtup_init(sk); 3662 tcp_sync_mss(sk, dst_mtu(dst)); 3663 3664 tcp_ca_dst_init(sk, dst); 3665 3666 if (!tp->window_clamp) 3667 tp->window_clamp = dst_metric(dst, RTAX_WINDOW); 3668 tp->advmss = tcp_mss_clamp(tp, dst_metric_advmss(dst)); 3669 3670 tcp_initialize_rcv_mss(sk); 3671 3672 /* limit the window selection if the user enforce a smaller rx buffer */ 3673 if (sk->sk_userlocks & SOCK_RCVBUF_LOCK && 3674 (tp->window_clamp > tcp_full_space(sk) || tp->window_clamp == 0)) 3675 tp->window_clamp = tcp_full_space(sk); 3676 3677 rcv_wnd = tcp_rwnd_init_bpf(sk); 3678 if (rcv_wnd == 0) 3679 rcv_wnd = dst_metric(dst, RTAX_INITRWND); 3680 3681 tcp_select_initial_window(sk, tcp_full_space(sk), 3682 tp->advmss - (tp->rx_opt.ts_recent_stamp ? tp->tcp_header_len - sizeof(struct tcphdr) : 0), 3683 &tp->rcv_wnd, 3684 &tp->window_clamp, 3685 sock_net(sk)->ipv4.sysctl_tcp_window_scaling, 3686 &rcv_wscale, 3687 rcv_wnd); 3688 3689 tp->rx_opt.rcv_wscale = rcv_wscale; 3690 tp->rcv_ssthresh = tp->rcv_wnd; 3691 3692 sk->sk_err = 0; 3693 sock_reset_flag(sk, SOCK_DONE); 3694 tp->snd_wnd = 0; 3695 tcp_init_wl(tp, 0); 3696 tcp_write_queue_purge(sk); 3697 tp->snd_una = tp->write_seq; 3698 tp->snd_sml = tp->write_seq; 3699 tp->snd_up = tp->write_seq; 3700 WRITE_ONCE(tp->snd_nxt, tp->write_seq); 3701 3702 if (likely(!tp->repair)) 3703 tp->rcv_nxt = 0; 3704 else 3705 tp->rcv_tstamp = tcp_jiffies32; 3706 tp->rcv_wup = tp->rcv_nxt; 3707 WRITE_ONCE(tp->copied_seq, tp->rcv_nxt); 3708 3709 inet_csk(sk)->icsk_rto = tcp_timeout_init(sk); 3710 inet_csk(sk)->icsk_retransmits = 0; 3711 tcp_clear_retrans(tp); 3712 } 3713 tcp_connect_queue_skb(struct sock * sk,struct sk_buff * skb)3714 static void tcp_connect_queue_skb(struct sock *sk, struct sk_buff *skb) 3715 { 3716 struct tcp_sock *tp = tcp_sk(sk); 3717 struct tcp_skb_cb *tcb = TCP_SKB_CB(skb); 3718 3719 tcb->end_seq += skb->len; 3720 __skb_header_release(skb); 3721 sk_wmem_queued_add(sk, skb->truesize); 3722 sk_mem_charge(sk, skb->truesize); 3723 WRITE_ONCE(tp->write_seq, tcb->end_seq); 3724 tp->packets_out += tcp_skb_pcount(skb); 3725 } 3726 3727 /* Build and send a SYN with data and (cached) Fast Open cookie. However, 3728 * queue a data-only packet after the regular SYN, such that regular SYNs 3729 * are retransmitted on timeouts. Also if the remote SYN-ACK acknowledges 3730 * only the SYN sequence, the data are retransmitted in the first ACK. 3731 * If cookie is not cached or other error occurs, falls back to send a 3732 * regular SYN with Fast Open cookie request option. 3733 */ tcp_send_syn_data(struct sock * sk,struct sk_buff * syn)3734 static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn) 3735 { 3736 struct tcp_sock *tp = tcp_sk(sk); 3737 struct tcp_fastopen_request *fo = tp->fastopen_req; 3738 int space, err = 0; 3739 struct sk_buff *syn_data; 3740 3741 tp->rx_opt.mss_clamp = tp->advmss; /* If MSS is not cached */ 3742 if (!tcp_fastopen_cookie_check(sk, &tp->rx_opt.mss_clamp, &fo->cookie)) 3743 goto fallback; 3744 3745 /* MSS for SYN-data is based on cached MSS and bounded by PMTU and 3746 * user-MSS. Reserve maximum option space for middleboxes that add 3747 * private TCP options. The cost is reduced data space in SYN :( 3748 */ 3749 tp->rx_opt.mss_clamp = tcp_mss_clamp(tp, tp->rx_opt.mss_clamp); 3750 3751 space = __tcp_mtu_to_mss(sk, inet_csk(sk)->icsk_pmtu_cookie) - 3752 MAX_TCP_OPTION_SPACE; 3753 3754 space = min_t(size_t, space, fo->size); 3755 3756 /* limit to order-0 allocations */ 3757 space = min_t(size_t, space, SKB_MAX_HEAD(MAX_TCP_HEADER)); 3758 3759 syn_data = sk_stream_alloc_skb(sk, space, sk->sk_allocation, false); 3760 if (!syn_data) 3761 goto fallback; 3762 syn_data->ip_summed = CHECKSUM_PARTIAL; 3763 memcpy(syn_data->cb, syn->cb, sizeof(syn->cb)); 3764 if (space) { 3765 int copied = copy_from_iter(skb_put(syn_data, space), space, 3766 &fo->data->msg_iter); 3767 if (unlikely(!copied)) { 3768 tcp_skb_tsorted_anchor_cleanup(syn_data); 3769 kfree_skb(syn_data); 3770 goto fallback; 3771 } 3772 if (copied != space) { 3773 skb_trim(syn_data, copied); 3774 space = copied; 3775 } 3776 skb_zcopy_set(syn_data, fo->uarg, NULL); 3777 } 3778 /* No more data pending in inet_wait_for_connect() */ 3779 if (space == fo->size) 3780 fo->data = NULL; 3781 fo->copied = space; 3782 3783 tcp_connect_queue_skb(sk, syn_data); 3784 if (syn_data->len) 3785 tcp_chrono_start(sk, TCP_CHRONO_BUSY); 3786 3787 err = tcp_transmit_skb(sk, syn_data, 1, sk->sk_allocation); 3788 3789 syn->skb_mstamp_ns = syn_data->skb_mstamp_ns; 3790 3791 /* Now full SYN+DATA was cloned and sent (or not), 3792 * remove the SYN from the original skb (syn_data) 3793 * we keep in write queue in case of a retransmit, as we 3794 * also have the SYN packet (with no data) in the same queue. 3795 */ 3796 TCP_SKB_CB(syn_data)->seq++; 3797 TCP_SKB_CB(syn_data)->tcp_flags = TCPHDR_ACK | TCPHDR_PSH; 3798 if (!err) { 3799 tp->syn_data = (fo->copied > 0); 3800 tcp_rbtree_insert(&sk->tcp_rtx_queue, syn_data); 3801 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPORIGDATASENT); 3802 goto done; 3803 } 3804 3805 /* data was not sent, put it in write_queue */ 3806 __skb_queue_tail(&sk->sk_write_queue, syn_data); 3807 tp->packets_out -= tcp_skb_pcount(syn_data); 3808 3809 fallback: 3810 /* Send a regular SYN with Fast Open cookie request option */ 3811 if (fo->cookie.len > 0) 3812 fo->cookie.len = 0; 3813 err = tcp_transmit_skb(sk, syn, 1, sk->sk_allocation); 3814 if (err) 3815 tp->syn_fastopen = 0; 3816 done: 3817 fo->cookie.len = -1; /* Exclude Fast Open option for SYN retries */ 3818 return err; 3819 } 3820 3821 /* Build a SYN and send it off. */ tcp_connect(struct sock * sk)3822 int tcp_connect(struct sock *sk) 3823 { 3824 struct tcp_sock *tp = tcp_sk(sk); 3825 struct sk_buff *buff; 3826 int err; 3827 3828 tcp_call_bpf(sk, BPF_SOCK_OPS_TCP_CONNECT_CB, 0, NULL); 3829 3830 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk)) 3831 return -EHOSTUNREACH; /* Routing failure or similar. */ 3832 3833 tcp_connect_init(sk); 3834 3835 if (unlikely(tp->repair)) { 3836 tcp_finish_connect(sk, NULL); 3837 return 0; 3838 } 3839 3840 buff = sk_stream_alloc_skb(sk, 0, sk->sk_allocation, true); 3841 if (unlikely(!buff)) 3842 return -ENOBUFS; 3843 3844 tcp_init_nondata_skb(buff, tp->write_seq++, TCPHDR_SYN); 3845 tcp_mstamp_refresh(tp); 3846 tp->retrans_stamp = tcp_time_stamp(tp); 3847 tcp_connect_queue_skb(sk, buff); 3848 tcp_ecn_send_syn(sk, buff); 3849 tcp_rbtree_insert(&sk->tcp_rtx_queue, buff); 3850 3851 /* Send off SYN; include data in Fast Open. */ 3852 err = tp->fastopen_req ? tcp_send_syn_data(sk, buff) : 3853 tcp_transmit_skb(sk, buff, 1, sk->sk_allocation); 3854 if (err == -ECONNREFUSED) 3855 return err; 3856 3857 /* We change tp->snd_nxt after the tcp_transmit_skb() call 3858 * in order to make this packet get counted in tcpOutSegs. 3859 */ 3860 WRITE_ONCE(tp->snd_nxt, tp->write_seq); 3861 tp->pushed_seq = tp->write_seq; 3862 buff = tcp_send_head(sk); 3863 if (unlikely(buff)) { 3864 WRITE_ONCE(tp->snd_nxt, TCP_SKB_CB(buff)->seq); 3865 tp->pushed_seq = TCP_SKB_CB(buff)->seq; 3866 } 3867 TCP_INC_STATS(sock_net(sk), TCP_MIB_ACTIVEOPENS); 3868 3869 /* Timer for repeating the SYN until an answer. */ 3870 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 3871 inet_csk(sk)->icsk_rto, TCP_RTO_MAX); 3872 return 0; 3873 } 3874 EXPORT_SYMBOL(tcp_connect); 3875 3876 /* Send out a delayed ack, the caller does the policy checking 3877 * to see if we should even be here. See tcp_input.c:tcp_ack_snd_check() 3878 * for details. 3879 */ tcp_send_delayed_ack(struct sock * sk)3880 void tcp_send_delayed_ack(struct sock *sk) 3881 { 3882 struct inet_connection_sock *icsk = inet_csk(sk); 3883 int ato = icsk->icsk_ack.ato; 3884 unsigned long timeout; 3885 3886 if (ato > TCP_DELACK_MIN) { 3887 const struct tcp_sock *tp = tcp_sk(sk); 3888 int max_ato = HZ / 2; 3889 3890 if (inet_csk_in_pingpong_mode(sk) || 3891 (icsk->icsk_ack.pending & ICSK_ACK_PUSHED)) 3892 max_ato = TCP_DELACK_MAX; 3893 3894 /* Slow path, intersegment interval is "high". */ 3895 3896 /* If some rtt estimate is known, use it to bound delayed ack. 3897 * Do not use inet_csk(sk)->icsk_rto here, use results of rtt measurements 3898 * directly. 3899 */ 3900 if (tp->srtt_us) { 3901 int rtt = max_t(int, usecs_to_jiffies(tp->srtt_us >> 3), 3902 TCP_DELACK_MIN); 3903 3904 if (rtt < max_ato) 3905 max_ato = rtt; 3906 } 3907 3908 ato = min(ato, max_ato); 3909 } 3910 3911 ato = min_t(u32, ato, inet_csk(sk)->icsk_delack_max); 3912 3913 /* Stay within the limit we were given */ 3914 timeout = jiffies + ato; 3915 3916 /* Use new timeout only if there wasn't a older one earlier. */ 3917 if (icsk->icsk_ack.pending & ICSK_ACK_TIMER) { 3918 /* If delack timer is about to expire, send ACK now. */ 3919 if (time_before_eq(icsk->icsk_ack.timeout, jiffies + (ato >> 2))) { 3920 tcp_send_ack(sk); 3921 return; 3922 } 3923 3924 if (!time_before(timeout, icsk->icsk_ack.timeout)) 3925 timeout = icsk->icsk_ack.timeout; 3926 } 3927 icsk->icsk_ack.pending |= ICSK_ACK_SCHED | ICSK_ACK_TIMER; 3928 icsk->icsk_ack.timeout = timeout; 3929 sk_reset_timer(sk, &icsk->icsk_delack_timer, timeout); 3930 } 3931 3932 /* This routine sends an ack and also updates the window. */ __tcp_send_ack(struct sock * sk,u32 rcv_nxt)3933 void __tcp_send_ack(struct sock *sk, u32 rcv_nxt) 3934 { 3935 struct sk_buff *buff; 3936 3937 /* If we have been reset, we may not send again. */ 3938 if (sk->sk_state == TCP_CLOSE) 3939 return; 3940 3941 /* We are not putting this on the write queue, so 3942 * tcp_transmit_skb() will set the ownership to this 3943 * sock. 3944 */ 3945 buff = alloc_skb(MAX_TCP_HEADER, 3946 sk_gfp_mask(sk, GFP_ATOMIC | __GFP_NOWARN)); 3947 if (unlikely(!buff)) { 3948 struct inet_connection_sock *icsk = inet_csk(sk); 3949 unsigned long delay; 3950 3951 delay = TCP_DELACK_MAX << icsk->icsk_ack.retry; 3952 if (delay < TCP_RTO_MAX) 3953 icsk->icsk_ack.retry++; 3954 inet_csk_schedule_ack(sk); 3955 icsk->icsk_ack.ato = TCP_ATO_MIN; 3956 inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK, delay, TCP_RTO_MAX); 3957 return; 3958 } 3959 3960 /* Reserve space for headers and prepare control bits. */ 3961 skb_reserve(buff, MAX_TCP_HEADER); 3962 tcp_init_nondata_skb(buff, tcp_acceptable_seq(sk), TCPHDR_ACK); 3963 3964 /* We do not want pure acks influencing TCP Small Queues or fq/pacing 3965 * too much. 3966 * SKB_TRUESIZE(max(1 .. 66, MAX_TCP_HEADER)) is unfortunately ~784 3967 */ 3968 skb_set_tcp_pure_ack(buff); 3969 3970 /* Send it off, this clears delayed acks for us. */ 3971 __tcp_transmit_skb(sk, buff, 0, (__force gfp_t)0, rcv_nxt); 3972 } 3973 EXPORT_SYMBOL_GPL(__tcp_send_ack); 3974 tcp_send_ack(struct sock * sk)3975 void tcp_send_ack(struct sock *sk) 3976 { 3977 __tcp_send_ack(sk, tcp_sk(sk)->rcv_nxt); 3978 } 3979 3980 /* This routine sends a packet with an out of date sequence 3981 * number. It assumes the other end will try to ack it. 3982 * 3983 * Question: what should we make while urgent mode? 3984 * 4.4BSD forces sending single byte of data. We cannot send 3985 * out of window data, because we have SND.NXT==SND.MAX... 3986 * 3987 * Current solution: to send TWO zero-length segments in urgent mode: 3988 * one is with SEG.SEQ=SND.UNA to deliver urgent pointer, another is 3989 * out-of-date with SND.UNA-1 to probe window. 3990 */ tcp_xmit_probe_skb(struct sock * sk,int urgent,int mib)3991 static int tcp_xmit_probe_skb(struct sock *sk, int urgent, int mib) 3992 { 3993 struct tcp_sock *tp = tcp_sk(sk); 3994 struct sk_buff *skb; 3995 3996 /* We don't queue it, tcp_transmit_skb() sets ownership. */ 3997 skb = alloc_skb(MAX_TCP_HEADER, 3998 sk_gfp_mask(sk, GFP_ATOMIC | __GFP_NOWARN)); 3999 if (!skb) 4000 return -1; 4001 4002 /* Reserve space for headers and set control bits. */ 4003 skb_reserve(skb, MAX_TCP_HEADER); 4004 /* Use a previous sequence. This should cause the other 4005 * end to send an ack. Don't queue or clone SKB, just 4006 * send it. 4007 */ 4008 tcp_init_nondata_skb(skb, tp->snd_una - !urgent, TCPHDR_ACK); 4009 NET_INC_STATS(sock_net(sk), mib); 4010 return tcp_transmit_skb(sk, skb, 0, (__force gfp_t)0); 4011 } 4012 4013 /* Called from setsockopt( ... TCP_REPAIR ) */ tcp_send_window_probe(struct sock * sk)4014 void tcp_send_window_probe(struct sock *sk) 4015 { 4016 if (sk->sk_state == TCP_ESTABLISHED) { 4017 tcp_sk(sk)->snd_wl1 = tcp_sk(sk)->rcv_nxt - 1; 4018 tcp_mstamp_refresh(tcp_sk(sk)); 4019 tcp_xmit_probe_skb(sk, 0, LINUX_MIB_TCPWINPROBE); 4020 } 4021 } 4022 4023 /* Initiate keepalive or window probe from timer. */ tcp_write_wakeup(struct sock * sk,int mib)4024 int tcp_write_wakeup(struct sock *sk, int mib) 4025 { 4026 struct tcp_sock *tp = tcp_sk(sk); 4027 struct sk_buff *skb; 4028 4029 if (sk->sk_state == TCP_CLOSE) 4030 return -1; 4031 4032 skb = tcp_send_head(sk); 4033 if (skb && before(TCP_SKB_CB(skb)->seq, tcp_wnd_end(tp))) { 4034 int err; 4035 unsigned int mss = tcp_current_mss(sk); 4036 unsigned int seg_size = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq; 4037 4038 if (before(tp->pushed_seq, TCP_SKB_CB(skb)->end_seq)) 4039 tp->pushed_seq = TCP_SKB_CB(skb)->end_seq; 4040 4041 /* We are probing the opening of a window 4042 * but the window size is != 0 4043 * must have been a result SWS avoidance ( sender ) 4044 */ 4045 if (seg_size < TCP_SKB_CB(skb)->end_seq - TCP_SKB_CB(skb)->seq || 4046 skb->len > mss) { 4047 seg_size = min(seg_size, mss); 4048 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH; 4049 if (tcp_fragment(sk, TCP_FRAG_IN_WRITE_QUEUE, 4050 skb, seg_size, mss, GFP_ATOMIC)) 4051 return -1; 4052 } else if (!tcp_skb_pcount(skb)) 4053 tcp_set_skb_tso_segs(skb, mss); 4054 4055 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH; 4056 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC); 4057 if (!err) 4058 tcp_event_new_data_sent(sk, skb); 4059 return err; 4060 } else { 4061 if (between(tp->snd_up, tp->snd_una + 1, tp->snd_una + 0xFFFF)) 4062 tcp_xmit_probe_skb(sk, 1, mib); 4063 return tcp_xmit_probe_skb(sk, 0, mib); 4064 } 4065 } 4066 4067 /* A window probe timeout has occurred. If window is not closed send 4068 * a partial packet else a zero probe. 4069 */ tcp_send_probe0(struct sock * sk)4070 void tcp_send_probe0(struct sock *sk) 4071 { 4072 struct inet_connection_sock *icsk = inet_csk(sk); 4073 struct tcp_sock *tp = tcp_sk(sk); 4074 struct net *net = sock_net(sk); 4075 unsigned long timeout; 4076 int err; 4077 4078 err = tcp_write_wakeup(sk, LINUX_MIB_TCPWINPROBE); 4079 4080 if (tp->packets_out || tcp_write_queue_empty(sk)) { 4081 /* Cancel probe timer, if it is not required. */ 4082 icsk->icsk_probes_out = 0; 4083 icsk->icsk_backoff = 0; 4084 icsk->icsk_probes_tstamp = 0; 4085 return; 4086 } 4087 4088 icsk->icsk_probes_out++; 4089 if (err <= 0) { 4090 if (icsk->icsk_backoff < net->ipv4.sysctl_tcp_retries2) 4091 icsk->icsk_backoff++; 4092 timeout = tcp_probe0_when(sk, TCP_RTO_MAX); 4093 } else { 4094 /* If packet was not sent due to local congestion, 4095 * Let senders fight for local resources conservatively. 4096 */ 4097 timeout = TCP_RESOURCE_PROBE_INTERVAL; 4098 } 4099 4100 timeout = tcp_clamp_probe0_to_user_timeout(sk, timeout); 4101 tcp_reset_xmit_timer(sk, ICSK_TIME_PROBE0, timeout, TCP_RTO_MAX); 4102 } 4103 tcp_rtx_synack(const struct sock * sk,struct request_sock * req)4104 int tcp_rtx_synack(const struct sock *sk, struct request_sock *req) 4105 { 4106 const struct tcp_request_sock_ops *af_ops = tcp_rsk(req)->af_specific; 4107 struct flowi fl; 4108 int res; 4109 4110 tcp_rsk(req)->txhash = net_tx_rndhash(); 4111 res = af_ops->send_synack(sk, NULL, &fl, req, NULL, TCP_SYNACK_NORMAL, 4112 NULL); 4113 if (!res) { 4114 __TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS); 4115 __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNRETRANS); 4116 if (unlikely(tcp_passive_fastopen(sk))) 4117 tcp_sk(sk)->total_retrans++; 4118 trace_tcp_retransmit_synack(sk, req); 4119 } 4120 return res; 4121 } 4122 EXPORT_SYMBOL(tcp_rtx_synack); 4123