1 /**
2 * @file
3 * Transmission Control Protocol, incoming traffic
4 *
5 * The input processing functions of the TCP layer.
6 *
7 * These functions are generally called in the order (ip_input() ->)
8 * tcp_input() -> * tcp_process() -> tcp_receive() (-> application).
9 *
10 */
11
12 /*
13 * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
14 * All rights reserved.
15 *
16 * Redistribution and use in source and binary forms, with or without modification,
17 * are permitted provided that the following conditions are met:
18 *
19 * 1. Redistributions of source code must retain the above copyright notice,
20 * this list of conditions and the following disclaimer.
21 * 2. Redistributions in binary form must reproduce the above copyright notice,
22 * this list of conditions and the following disclaimer in the documentation
23 * and/or other materials provided with the distribution.
24 * 3. The name of the author may not be used to endorse or promote products
25 * derived from this software without specific prior written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
28 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
29 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
30 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
31 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
32 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
35 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
36 * OF SUCH DAMAGE.
37 *
38 * This file is part of the lwIP TCP/IP stack.
39 *
40 * Author: Adam Dunkels <adam@sics.se>
41 *
42 */
43
44 #include "lwip/opt.h"
45
46 #if LWIP_TCP /* don't build if not configured for use in lwipopts.h */
47
48 #include "lwip/priv/tcp_priv.h"
49 #include "lwip/def.h"
50 #include "lwip/ip_addr.h"
51 #include "lwip/netif.h"
52 #include "lwip/mem.h"
53 #include "lwip/memp.h"
54 #include "lwip/inet_chksum.h"
55 #include "lwip/stats.h"
56 #include "lwip/ip6.h"
57 #include "lwip/ip6_addr.h"
58 #if LWIP_ND6_TCP_REACHABILITY_HINTS
59 #include "lwip/nd6.h"
60 #endif /* LWIP_ND6_TCP_REACHABILITY_HINTS */
61
62 #include <string.h>
63
64 #ifdef LWIP_HOOK_FILENAME
65 #include LWIP_HOOK_FILENAME
66 #endif
67
68 /** Initial CWND calculation as defined RFC 2581 */
69 #define LWIP_TCP_CALC_INITIAL_CWND(mss) ((tcpwnd_size_t)LWIP_MIN((4U * (mss)), LWIP_MAX((2U * (mss)), 4380U)))
70
71 /* These variables are global to all functions involved in the input
72 processing of TCP segments. They are set by the tcp_input()
73 function. */
74 static struct tcp_seg inseg;
75 static struct tcp_hdr *tcphdr;
76 static u16_t tcphdr_optlen;
77 static u16_t tcphdr_opt1len;
78 static u8_t *tcphdr_opt2;
79 static u16_t tcp_optidx;
80 static u32_t seqno, ackno;
81 static tcpwnd_size_t recv_acked;
82 static u16_t tcplen;
83 static u8_t flags;
84
85 static u8_t recv_flags;
86 static struct pbuf *recv_data;
87
88 struct tcp_pcb *tcp_input_pcb;
89
90 /* Forward declarations. */
91 static err_t tcp_process(struct tcp_pcb *pcb);
92 static void tcp_receive(struct tcp_pcb *pcb);
93 static void tcp_parseopt(struct tcp_pcb *pcb);
94
95 static void tcp_listen_input(struct tcp_pcb_listen *pcb);
96 static void tcp_timewait_input(struct tcp_pcb *pcb);
97
98 static int tcp_input_delayed_close(struct tcp_pcb *pcb);
99
100 #if LWIP_TCP_SACK_OUT
101 static void tcp_add_sack(struct tcp_pcb *pcb, u32_t left, u32_t right);
102 static void tcp_remove_sacks_lt(struct tcp_pcb *pcb, u32_t seq);
103 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
104 static void tcp_remove_sacks_gt(struct tcp_pcb *pcb, u32_t seq);
105 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
106 #endif /* LWIP_TCP_SACK_OUT */
107
108 /**
109 * The initial input processing of TCP. It verifies the TCP header, demultiplexes
110 * the segment between the PCBs and passes it on to tcp_process(), which implements
111 * the TCP finite state machine. This function is called by the IP layer (in
112 * ip_input()).
113 *
114 * @param p received TCP segment to process (p->payload pointing to the TCP header)
115 * @param inp network interface on which this segment was received
116 */
117 void
tcp_input(struct pbuf * p,struct netif * inp)118 tcp_input(struct pbuf *p, struct netif *inp)
119 {
120 struct tcp_pcb *pcb, *prev;
121 struct tcp_pcb_listen *lpcb;
122 #if SO_REUSE
123 struct tcp_pcb *lpcb_prev = NULL;
124 struct tcp_pcb_listen *lpcb_any = NULL;
125 #endif /* SO_REUSE */
126 u8_t hdrlen_bytes;
127 err_t err;
128
129 LWIP_UNUSED_ARG(inp);
130 LWIP_ASSERT_CORE_LOCKED();
131 LWIP_ASSERT("tcp_input: invalid pbuf", p != NULL);
132
133 PERF_START;
134
135 TCP_STATS_INC(tcp.recv);
136 MIB2_STATS_INC(mib2.tcpinsegs);
137
138 tcphdr = (struct tcp_hdr *)p->payload;
139
140 #if TCP_INPUT_DEBUG
141 tcp_debug_print(tcphdr);
142 #endif
143
144 /* Check that TCP header fits in payload */
145 if (p->len < TCP_HLEN) {
146 /* drop short packets */
147 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: short packet (%"U16_F" bytes) discarded\n", p->tot_len));
148 TCP_STATS_INC(tcp.lenerr);
149 goto dropped;
150 }
151
152 /* Don't even process incoming broadcasts/multicasts. */
153 if (ip_addr_isbroadcast(ip_current_dest_addr(), ip_current_netif()) ||
154 ip_addr_ismulticast(ip_current_dest_addr())) {
155 TCP_STATS_INC(tcp.proterr);
156 goto dropped;
157 }
158
159 #if CHECKSUM_CHECK_TCP
160 IF__NETIF_CHECKSUM_ENABLED(inp, NETIF_CHECKSUM_CHECK_TCP) {
161 /* Verify TCP checksum. */
162 u16_t chksum = ip_chksum_pseudo(p, IP_PROTO_TCP, p->tot_len,
163 ip_current_src_addr(), ip_current_dest_addr());
164 if (chksum != 0) {
165 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packet discarded due to failing checksum 0x%04"X16_F"\n",
166 chksum));
167 tcp_debug_print(tcphdr);
168 TCP_STATS_INC(tcp.chkerr);
169 goto dropped;
170 }
171 }
172 #endif /* CHECKSUM_CHECK_TCP */
173
174 /* sanity-check header length */
175 hdrlen_bytes = TCPH_HDRLEN_BYTES(tcphdr);
176 if ((hdrlen_bytes < TCP_HLEN) || (hdrlen_bytes > p->tot_len)) {
177 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: invalid header length (%"U16_F")\n", (u16_t)hdrlen_bytes));
178 TCP_STATS_INC(tcp.lenerr);
179 goto dropped;
180 }
181
182 /* Move the payload pointer in the pbuf so that it points to the
183 TCP data instead of the TCP header. */
184 tcphdr_optlen = (u16_t)(hdrlen_bytes - TCP_HLEN);
185 tcphdr_opt2 = NULL;
186 if (p->len >= hdrlen_bytes) {
187 /* all options are in the first pbuf */
188 tcphdr_opt1len = tcphdr_optlen;
189 pbuf_remove_header(p, hdrlen_bytes); /* cannot fail */
190 } else {
191 u16_t opt2len;
192 /* TCP header fits into first pbuf, options don't - data is in the next pbuf */
193 /* there must be a next pbuf, due to hdrlen_bytes sanity check above */
194 LWIP_ASSERT("p->next != NULL", p->next != NULL);
195
196 /* advance over the TCP header (cannot fail) */
197 pbuf_remove_header(p, TCP_HLEN);
198
199 /* determine how long the first and second parts of the options are */
200 tcphdr_opt1len = p->len;
201 opt2len = (u16_t)(tcphdr_optlen - tcphdr_opt1len);
202
203 /* options continue in the next pbuf: set p to zero length and hide the
204 options in the next pbuf (adjusting p->tot_len) */
205 pbuf_remove_header(p, tcphdr_opt1len);
206
207 /* check that the options fit in the second pbuf */
208 if (opt2len > p->next->len) {
209 /* drop short packets */
210 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: options overflow second pbuf (%"U16_F" bytes)\n", p->next->len));
211 TCP_STATS_INC(tcp.lenerr);
212 goto dropped;
213 }
214
215 /* remember the pointer to the second part of the options */
216 tcphdr_opt2 = (u8_t *)p->next->payload;
217
218 /* advance p->next to point after the options, and manually
219 adjust p->tot_len to keep it consistent with the changed p->next */
220 pbuf_remove_header(p->next, opt2len);
221 p->tot_len = (u16_t)(p->tot_len - opt2len);
222
223 LWIP_ASSERT("p->len == 0", p->len == 0);
224 LWIP_ASSERT("p->tot_len == p->next->tot_len", p->tot_len == p->next->tot_len);
225 }
226
227 /* Convert fields in TCP header to host byte order. */
228 tcphdr->src = lwip_ntohs(tcphdr->src);
229 tcphdr->dest = lwip_ntohs(tcphdr->dest);
230 seqno = tcphdr->seqno = lwip_ntohl(tcphdr->seqno);
231 ackno = tcphdr->ackno = lwip_ntohl(tcphdr->ackno);
232 tcphdr->wnd = lwip_ntohs(tcphdr->wnd);
233
234 flags = TCPH_FLAGS(tcphdr);
235 tcplen = p->tot_len;
236 if (flags & (TCP_FIN | TCP_SYN)) {
237 tcplen++;
238 if (tcplen < p->tot_len) {
239 /* u16_t overflow, cannot handle this */
240 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: length u16_t overflow, cannot handle this\n"));
241 TCP_STATS_INC(tcp.lenerr);
242 goto dropped;
243 }
244 }
245
246 /* Demultiplex an incoming segment. First, we check if it is destined
247 for an active connection. */
248 prev = NULL;
249
250 for (pcb = tcp_active_pcbs; pcb != NULL; pcb = pcb->next) {
251 LWIP_ASSERT("tcp_input: active pcb->state != CLOSED", pcb->state != CLOSED);
252 LWIP_ASSERT("tcp_input: active pcb->state != TIME-WAIT", pcb->state != TIME_WAIT);
253 LWIP_ASSERT("tcp_input: active pcb->state != LISTEN", pcb->state != LISTEN);
254
255 /* check if PCB is bound to specific netif */
256 if ((pcb->netif_idx != NETIF_NO_INDEX) &&
257 (pcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
258 prev = pcb;
259 continue;
260 }
261
262 if (pcb->remote_port == tcphdr->src &&
263 pcb->local_port == tcphdr->dest &&
264 ip_addr_cmp(&pcb->remote_ip, ip_current_src_addr()) &&
265 ip_addr_cmp(&pcb->local_ip, ip_current_dest_addr())) {
266 /* Move this PCB to the front of the list so that subsequent
267 lookups will be faster (we exploit locality in TCP segment
268 arrivals). */
269 LWIP_ASSERT("tcp_input: pcb->next != pcb (before cache)", pcb->next != pcb);
270 if (prev != NULL) {
271 prev->next = pcb->next;
272 pcb->next = tcp_active_pcbs;
273 tcp_active_pcbs = pcb;
274 } else {
275 TCP_STATS_INC(tcp.cachehit);
276 }
277 LWIP_ASSERT("tcp_input: pcb->next != pcb (after cache)", pcb->next != pcb);
278 break;
279 }
280 prev = pcb;
281 }
282
283 if (pcb == NULL) {
284 /* If it did not go to an active connection, we check the connections
285 in the TIME-WAIT state. */
286 for (pcb = tcp_tw_pcbs; pcb != NULL; pcb = pcb->next) {
287 LWIP_ASSERT("tcp_input: TIME-WAIT pcb->state == TIME-WAIT", pcb->state == TIME_WAIT);
288
289 /* check if PCB is bound to specific netif */
290 if ((pcb->netif_idx != NETIF_NO_INDEX) &&
291 (pcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
292 continue;
293 }
294
295 if (pcb->remote_port == tcphdr->src &&
296 pcb->local_port == tcphdr->dest &&
297 ip_addr_cmp(&pcb->remote_ip, ip_current_src_addr()) &&
298 ip_addr_cmp(&pcb->local_ip, ip_current_dest_addr())) {
299 /* We don't really care enough to move this PCB to the front
300 of the list since we are not very likely to receive that
301 many segments for connections in TIME-WAIT. */
302 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for TIME_WAITing connection.\n"));
303 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
304 if (LWIP_HOOK_TCP_INPACKET_PCB(pcb, tcphdr, tcphdr_optlen, tcphdr_opt1len,
305 tcphdr_opt2, p) == ERR_OK)
306 #endif
307 {
308 tcp_timewait_input(pcb);
309 }
310 pbuf_free(p);
311 return;
312 }
313 }
314
315 /* Finally, if we still did not get a match, we check all PCBs that
316 are LISTENing for incoming connections. */
317 prev = NULL;
318 for (lpcb = tcp_listen_pcbs.listen_pcbs; lpcb != NULL; lpcb = lpcb->next) {
319 /* check if PCB is bound to specific netif */
320 if ((lpcb->netif_idx != NETIF_NO_INDEX) &&
321 (lpcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
322 prev = (struct tcp_pcb *)lpcb;
323 continue;
324 }
325
326 if (lpcb->local_port == tcphdr->dest) {
327 if (IP_IS_ANY_TYPE_VAL(lpcb->local_ip)) {
328 /* found an ANY TYPE (IPv4/IPv6) match */
329 #if SO_REUSE
330 lpcb_any = lpcb;
331 lpcb_prev = prev;
332 #else /* SO_REUSE */
333 break;
334 #endif /* SO_REUSE */
335 } else if (IP_ADDR_PCB_VERSION_MATCH_EXACT(lpcb, ip_current_dest_addr())) {
336 if (ip_addr_cmp(&lpcb->local_ip, ip_current_dest_addr())) {
337 /* found an exact match */
338 break;
339 } else if (ip_addr_isany(&lpcb->local_ip)) {
340 /* found an ANY-match */
341 #if SO_REUSE
342 lpcb_any = lpcb;
343 lpcb_prev = prev;
344 #else /* SO_REUSE */
345 break;
346 #endif /* SO_REUSE */
347 }
348 }
349 }
350 prev = (struct tcp_pcb *)lpcb;
351 }
352 #if SO_REUSE
353 /* first try specific local IP */
354 if (lpcb == NULL) {
355 /* only pass to ANY if no specific local IP has been found */
356 lpcb = lpcb_any;
357 prev = lpcb_prev;
358 }
359 #endif /* SO_REUSE */
360 if (lpcb != NULL) {
361 /* Move this PCB to the front of the list so that subsequent
362 lookups will be faster (we exploit locality in TCP segment
363 arrivals). */
364 if (prev != NULL) {
365 ((struct tcp_pcb_listen *)prev)->next = lpcb->next;
366 /* our successor is the remainder of the listening list */
367 lpcb->next = tcp_listen_pcbs.listen_pcbs;
368 /* put this listening pcb at the head of the listening list */
369 tcp_listen_pcbs.listen_pcbs = lpcb;
370 } else {
371 TCP_STATS_INC(tcp.cachehit);
372 }
373
374 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for LISTENing connection.\n"));
375 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
376 if (LWIP_HOOK_TCP_INPACKET_PCB((struct tcp_pcb *)lpcb, tcphdr, tcphdr_optlen,
377 tcphdr_opt1len, tcphdr_opt2, p) == ERR_OK)
378 #endif
379 {
380 tcp_listen_input(lpcb);
381 }
382 pbuf_free(p);
383 return;
384 }
385 }
386
387 #if TCP_INPUT_DEBUG
388 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("+-+-+-+-+-+-+-+-+-+-+-+-+-+- tcp_input: flags "));
389 tcp_debug_print_flags(TCPH_FLAGS(tcphdr));
390 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n"));
391 #endif /* TCP_INPUT_DEBUG */
392
393
394 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
395 if ((pcb != NULL) && LWIP_HOOK_TCP_INPACKET_PCB(pcb, tcphdr, tcphdr_optlen,
396 tcphdr_opt1len, tcphdr_opt2, p) != ERR_OK) {
397 pbuf_free(p);
398 return;
399 }
400 #endif
401 if (pcb != NULL) {
402 /* The incoming segment belongs to a connection. */
403 #if TCP_INPUT_DEBUG
404 tcp_debug_print_state(pcb->state);
405 #endif /* TCP_INPUT_DEBUG */
406
407 /* Set up a tcp_seg structure. */
408 inseg.next = NULL;
409 inseg.len = p->tot_len;
410 inseg.p = p;
411 inseg.tcphdr = tcphdr;
412
413 recv_data = NULL;
414 recv_flags = 0;
415 recv_acked = 0;
416
417 if (flags & TCP_PSH) {
418 p->flags |= PBUF_FLAG_PUSH;
419 }
420
421 /* If there is data which was previously "refused" by upper layer */
422 if (pcb->refused_data != NULL) {
423 if ((tcp_process_refused_data(pcb) == ERR_ABRT) ||
424 ((pcb->refused_data != NULL) && (tcplen > 0))) {
425 /* pcb has been aborted or refused data is still refused and the new
426 segment contains data */
427 if (pcb->rcv_ann_wnd == 0) {
428 /* this is a zero-window probe, we respond to it with current RCV.NXT
429 and drop the data segment */
430 tcp_send_empty_ack(pcb);
431 }
432 TCP_STATS_INC(tcp.drop);
433 MIB2_STATS_INC(mib2.tcpinerrs);
434 goto aborted;
435 }
436 }
437 tcp_input_pcb = pcb;
438 err = tcp_process(pcb);
439 /* A return value of ERR_ABRT means that tcp_abort() was called
440 and that the pcb has been freed. If so, we don't do anything. */
441 if (err != ERR_ABRT) {
442 if (recv_flags & TF_RESET) {
443 /* TF_RESET means that the connection was reset by the other
444 end. We then call the error callback to inform the
445 application that the connection is dead before we
446 deallocate the PCB. */
447 TCP_EVENT_ERR(pcb->state, pcb->errf, pcb->callback_arg, ERR_RST);
448 tcp_pcb_remove(&tcp_active_pcbs, pcb);
449 tcp_free(pcb);
450 } else {
451 err = ERR_OK;
452 /* If the application has registered a "sent" function to be
453 called when new send buffer space is available, we call it
454 now. */
455 if (recv_acked > 0) {
456 u16_t acked16;
457 #if LWIP_WND_SCALE
458 /* recv_acked is u32_t but the sent callback only takes a u16_t,
459 so we might have to call it multiple times. */
460 u32_t acked = recv_acked;
461 while (acked > 0) {
462 acked16 = (u16_t)LWIP_MIN(acked, 0xffffu);
463 acked -= acked16;
464 #else
465 {
466 acked16 = recv_acked;
467 #endif
468 TCP_EVENT_SENT(pcb, (u16_t)acked16, err);
469 if (err == ERR_ABRT) {
470 goto aborted;
471 }
472 }
473 recv_acked = 0;
474 }
475 if (tcp_input_delayed_close(pcb)) {
476 goto aborted;
477 }
478 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
479 while (recv_data != NULL) {
480 struct pbuf *rest = NULL;
481 pbuf_split_64k(recv_data, &rest);
482 #else /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
483 if (recv_data != NULL) {
484 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
485
486 LWIP_ASSERT("pcb->refused_data == NULL", pcb->refused_data == NULL);
487 if (pcb->flags & TF_RXCLOSED) {
488 /* received data although already closed -> abort (send RST) to
489 notify the remote host that not all data has been processed */
490 pbuf_free(recv_data);
491 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
492 if (rest != NULL) {
493 pbuf_free(rest);
494 }
495 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
496 tcp_abort(pcb);
497 goto aborted;
498 }
499
500 /* Notify application that data has been received. */
501 TCP_EVENT_RECV(pcb, recv_data, ERR_OK, err);
502 if (err == ERR_ABRT) {
503 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
504 if (rest != NULL) {
505 pbuf_free(rest);
506 }
507 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
508 goto aborted;
509 }
510
511 /* If the upper layer can't receive this data, store it */
512 if (err != ERR_OK) {
513 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
514 if (rest != NULL) {
515 pbuf_cat(recv_data, rest);
516 }
517 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
518 pcb->refused_data = recv_data;
519 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: keep incoming packet, because pcb is \"full\"\n"));
520 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
521 break;
522 } else {
523 /* Upper layer received the data, go on with the rest if > 64K */
524 recv_data = rest;
525 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
526 }
527 }
528
529 /* If a FIN segment was received, we call the callback
530 function with a NULL buffer to indicate EOF. */
531 if (recv_flags & TF_GOT_FIN) {
532 if (pcb->refused_data != NULL) {
533 /* Delay this if we have refused data. */
534 pcb->refused_data->flags |= PBUF_FLAG_TCP_FIN;
535 } else {
536 /* correct rcv_wnd as the application won't call tcp_recved()
537 for the FIN's seqno */
538 if (pcb->rcv_wnd != TCP_WND_MAX(pcb)) {
539 pcb->rcv_wnd++;
540 }
541 TCP_EVENT_CLOSED(pcb, err);
542 if (err == ERR_ABRT) {
543 goto aborted;
544 }
545 }
546 }
547
548 tcp_input_pcb = NULL;
549 if (tcp_input_delayed_close(pcb)) {
550 goto aborted;
551 }
552 /* Try to send something out. */
553 tcp_output(pcb);
554 #if TCP_INPUT_DEBUG
555 #if TCP_DEBUG
556 tcp_debug_print_state(pcb->state);
557 #endif /* TCP_DEBUG */
558 #endif /* TCP_INPUT_DEBUG */
559 }
560 }
561 /* Jump target if pcb has been aborted in a callback (by calling tcp_abort()).
562 Below this line, 'pcb' may not be dereferenced! */
563 aborted:
564 tcp_input_pcb = NULL;
565 recv_data = NULL;
566
567 /* give up our reference to inseg.p */
568 if (inseg.p != NULL) {
569 pbuf_free(inseg.p);
570 inseg.p = NULL;
571 }
572 } else {
573 /* If no matching PCB was found, send a TCP RST (reset) to the
574 sender. */
575 LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_input: no PCB match found, resetting.\n"));
576 if (!(TCPH_FLAGS(tcphdr) & TCP_RST)) {
577 TCP_STATS_INC(tcp.proterr);
578 TCP_STATS_INC(tcp.drop);
579 tcp_rst(NULL, ackno, seqno + tcplen, ip_current_dest_addr(),
580 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
581 }
582 pbuf_free(p);
583 }
584
585 LWIP_ASSERT("tcp_input: tcp_pcbs_sane()", tcp_pcbs_sane());
586 PERF_STOP("tcp_input");
587 return;
588 dropped:
589 TCP_STATS_INC(tcp.drop);
590 MIB2_STATS_INC(mib2.tcpinerrs);
591 pbuf_free(p);
592 }
593
594 /** Called from tcp_input to check for TF_CLOSED flag. This results in closing
595 * and deallocating a pcb at the correct place to ensure noone references it
596 * any more.
597 * @returns 1 if the pcb has been closed and deallocated, 0 otherwise
598 */
599 static int
600 tcp_input_delayed_close(struct tcp_pcb *pcb)
601 {
602 LWIP_ASSERT("tcp_input_delayed_close: invalid pcb", pcb != NULL);
603
604 if (recv_flags & TF_CLOSED) {
605 /* The connection has been closed and we will deallocate the
606 PCB. */
607 if (!(pcb->flags & TF_RXCLOSED)) {
608 /* Connection closed although the application has only shut down the
609 tx side: call the PCB's err callback and indicate the closure to
610 ensure the application doesn't continue using the PCB. */
611 TCP_EVENT_ERR(pcb->state, pcb->errf, pcb->callback_arg, ERR_CLSD);
612 }
613 tcp_pcb_remove(&tcp_active_pcbs, pcb);
614 tcp_free(pcb);
615 return 1;
616 }
617 return 0;
618 }
619
620 /**
621 * Called by tcp_input() when a segment arrives for a listening
622 * connection (from tcp_input()).
623 *
624 * @param pcb the tcp_pcb_listen for which a segment arrived
625 *
626 * @note the segment which arrived is saved in global variables, therefore only the pcb
627 * involved is passed as a parameter to this function
628 */
629 static void
630 tcp_listen_input(struct tcp_pcb_listen *pcb)
631 {
632 struct tcp_pcb *npcb;
633 u32_t iss;
634 err_t rc;
635
636 if (flags & TCP_RST) {
637 /* An incoming RST should be ignored. Return. */
638 return;
639 }
640
641 LWIP_ASSERT("tcp_listen_input: invalid pcb", pcb != NULL);
642
643 /* In the LISTEN state, we check for incoming SYN segments,
644 creates a new PCB, and responds with a SYN|ACK. */
645 if (flags & TCP_ACK) {
646 /* For incoming segments with the ACK flag set, respond with a
647 RST. */
648 LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_listen_input: ACK in LISTEN, sending reset\n"));
649 tcp_rst((const struct tcp_pcb *)pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
650 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
651 } else if (flags & TCP_SYN) {
652 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection request %"U16_F" -> %"U16_F".\n", tcphdr->src, tcphdr->dest));
653 #if TCP_LISTEN_BACKLOG
654 if (pcb->accepts_pending >= pcb->backlog) {
655 LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: listen backlog exceeded for port %"U16_F"\n", tcphdr->dest));
656 return;
657 }
658 #endif /* TCP_LISTEN_BACKLOG */
659 npcb = tcp_alloc(pcb->prio);
660 /* If a new PCB could not be created (probably due to lack of memory),
661 we don't do anything, but rely on the sender will retransmit the
662 SYN at a time when we have more memory available. */
663 if (npcb == NULL) {
664 err_t err;
665 LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: could not allocate PCB\n"));
666 TCP_STATS_INC(tcp.memerr);
667 TCP_EVENT_ACCEPT(pcb, NULL, pcb->callback_arg, ERR_MEM, err);
668 LWIP_UNUSED_ARG(err); /* err not useful here */
669 return;
670 }
671 #if TCP_LISTEN_BACKLOG
672 pcb->accepts_pending++;
673 tcp_set_flags(npcb, TF_BACKLOGPEND);
674 #endif /* TCP_LISTEN_BACKLOG */
675 /* Set up the new PCB. */
676 ip_addr_copy(npcb->local_ip, *ip_current_dest_addr());
677 ip_addr_copy(npcb->remote_ip, *ip_current_src_addr());
678 npcb->local_port = pcb->local_port;
679 npcb->remote_port = tcphdr->src;
680 npcb->state = SYN_RCVD;
681 npcb->rcv_nxt = seqno + 1;
682 npcb->rcv_ann_right_edge = npcb->rcv_nxt;
683 iss = tcp_next_iss(npcb);
684 npcb->snd_wl2 = iss;
685 npcb->snd_nxt = iss;
686 npcb->lastack = iss;
687 npcb->snd_lbb = iss;
688 npcb->snd_wl1 = seqno - 1;/* initialise to seqno-1 to force window update */
689 npcb->callback_arg = pcb->callback_arg;
690 #if LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG
691 npcb->listener = pcb;
692 #endif /* LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG */
693 /* inherit socket options */
694 npcb->so_options = pcb->so_options & SOF_INHERITED;
695 npcb->netif_idx = pcb->netif_idx;
696 /* Register the new PCB so that we can begin receiving segments
697 for it. */
698 TCP_REG_ACTIVE(npcb);
699
700 /* Parse any options in the SYN. */
701 tcp_parseopt(npcb);
702 npcb->snd_wnd = tcphdr->wnd;
703 npcb->snd_wnd_max = npcb->snd_wnd;
704
705 #if TCP_CALCULATE_EFF_SEND_MSS
706 npcb->mss = tcp_eff_send_mss(npcb->mss, &npcb->local_ip, &npcb->remote_ip);
707 #endif /* TCP_CALCULATE_EFF_SEND_MSS */
708
709 MIB2_STATS_INC(mib2.tcppassiveopens);
710
711 #if LWIP_TCP_PCB_NUM_EXT_ARGS
712 if (tcp_ext_arg_invoke_callbacks_passive_open(pcb, npcb) != ERR_OK) {
713 tcp_abandon(npcb, 0);
714 return;
715 }
716 #endif
717
718 /* Send a SYN|ACK together with the MSS option. */
719 rc = tcp_enqueue_flags(npcb, TCP_SYN | TCP_ACK);
720 if (rc != ERR_OK) {
721 tcp_abandon(npcb, 0);
722 return;
723 }
724 tcp_output(npcb);
725 }
726 return;
727 }
728
729 /**
730 * Called by tcp_input() when a segment arrives for a connection in
731 * TIME_WAIT.
732 *
733 * @param pcb the tcp_pcb for which a segment arrived
734 *
735 * @note the segment which arrived is saved in global variables, therefore only the pcb
736 * involved is passed as a parameter to this function
737 */
738 static void
739 tcp_timewait_input(struct tcp_pcb *pcb)
740 {
741 /* RFC 1337: in TIME_WAIT, ignore RST and ACK FINs + any 'acceptable' segments */
742 /* RFC 793 3.9 Event Processing - Segment Arrives:
743 * - first check sequence number - we skip that one in TIME_WAIT (always
744 * acceptable since we only send ACKs)
745 * - second check the RST bit (... return) */
746 if (flags & TCP_RST) {
747 return;
748 }
749
750 LWIP_ASSERT("tcp_timewait_input: invalid pcb", pcb != NULL);
751
752 /* - fourth, check the SYN bit, */
753 if (flags & TCP_SYN) {
754 /* If an incoming segment is not acceptable, an acknowledgment
755 should be sent in reply */
756 if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd)) {
757 /* If the SYN is in the window it is an error, send a reset */
758 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
759 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
760 return;
761 }
762 } else if (flags & TCP_FIN) {
763 /* - eighth, check the FIN bit: Remain in the TIME-WAIT state.
764 Restart the 2 MSL time-wait timeout.*/
765 pcb->tmr = tcp_ticks;
766 }
767
768 if ((tcplen > 0)) {
769 /* Acknowledge data, FIN or out-of-window SYN */
770 tcp_ack_now(pcb);
771 tcp_output(pcb);
772 }
773 return;
774 }
775
776 /**
777 * Implements the TCP state machine. Called by tcp_input. In some
778 * states tcp_receive() is called to receive data. The tcp_seg
779 * argument will be freed by the caller (tcp_input()) unless the
780 * recv_data pointer in the pcb is set.
781 *
782 * @param pcb the tcp_pcb for which a segment arrived
783 *
784 * @note the segment which arrived is saved in global variables, therefore only the pcb
785 * involved is passed as a parameter to this function
786 */
787 static err_t
788 tcp_process(struct tcp_pcb *pcb)
789 {
790 struct tcp_seg *rseg;
791 u8_t acceptable = 0;
792 err_t err;
793
794 err = ERR_OK;
795
796 LWIP_ASSERT("tcp_process: invalid pcb", pcb != NULL);
797
798 /* Process incoming RST segments. */
799 if (flags & TCP_RST) {
800 /* First, determine if the reset is acceptable. */
801 if (pcb->state == SYN_SENT) {
802 /* "In the SYN-SENT state (a RST received in response to an initial SYN),
803 the RST is acceptable if the ACK field acknowledges the SYN." */
804 if (ackno == pcb->snd_nxt) {
805 acceptable = 1;
806 }
807 } else {
808 /* "In all states except SYN-SENT, all reset (RST) segments are validated
809 by checking their SEQ-fields." */
810 if (seqno == pcb->rcv_nxt) {
811 acceptable = 1;
812 } else if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt,
813 pcb->rcv_nxt + pcb->rcv_wnd)) {
814 /* If the sequence number is inside the window, we send a challenge ACK
815 and wait for a re-send with matching sequence number.
816 This follows RFC 5961 section 3.2 and addresses CVE-2004-0230
817 (RST spoofing attack), which is present in RFC 793 RST handling. */
818 tcp_ack_now(pcb);
819 }
820 }
821
822 if (acceptable) {
823 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: Connection RESET\n"));
824 LWIP_ASSERT("tcp_input: pcb->state != CLOSED", pcb->state != CLOSED);
825 recv_flags |= TF_RESET;
826 tcp_clear_flags(pcb, TF_ACK_DELAY);
827 return ERR_RST;
828 } else {
829 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
830 seqno, pcb->rcv_nxt));
831 LWIP_DEBUGF(TCP_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
832 seqno, pcb->rcv_nxt));
833 return ERR_OK;
834 }
835 }
836
837 if ((flags & TCP_SYN) && (pcb->state != SYN_SENT && pcb->state != SYN_RCVD)) {
838 /* Cope with new connection attempt after remote end crashed */
839 tcp_ack_now(pcb);
840 return ERR_OK;
841 }
842
843 if ((pcb->flags & TF_RXCLOSED) == 0) {
844 /* Update the PCB (in)activity timer unless rx is closed (see tcp_shutdown) */
845 pcb->tmr = tcp_ticks;
846 }
847 pcb->keep_cnt_sent = 0;
848 pcb->persist_probe = 0;
849
850 tcp_parseopt(pcb);
851
852 /* Do different things depending on the TCP state. */
853 switch (pcb->state) {
854 case SYN_SENT:
855 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("SYN-SENT: ackno %"U32_F" pcb->snd_nxt %"U32_F" unacked %s %"U32_F"\n",
856 ackno, pcb->snd_nxt, pcb->unacked ? "" : " empty:",
857 pcb->unacked ? lwip_ntohl(pcb->unacked->tcphdr->seqno) : 0));
858 /* received SYN ACK with expected sequence number? */
859 if ((flags & TCP_ACK) && (flags & TCP_SYN)
860 && (ackno == pcb->lastack + 1)) {
861 pcb->rcv_nxt = seqno + 1;
862 pcb->rcv_ann_right_edge = pcb->rcv_nxt;
863 pcb->lastack = ackno;
864 pcb->snd_wnd = tcphdr->wnd;
865 pcb->snd_wnd_max = pcb->snd_wnd;
866 pcb->snd_wl1 = seqno - 1; /* initialise to seqno - 1 to force window update */
867 pcb->state = ESTABLISHED;
868
869 #if TCP_CALCULATE_EFF_SEND_MSS
870 pcb->mss = tcp_eff_send_mss(pcb->mss, &pcb->local_ip, &pcb->remote_ip);
871 #endif /* TCP_CALCULATE_EFF_SEND_MSS */
872
873 pcb->cwnd = LWIP_TCP_CALC_INITIAL_CWND(pcb->mss);
874 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_process (SENT): cwnd %"TCPWNDSIZE_F
875 " ssthresh %"TCPWNDSIZE_F"\n",
876 pcb->cwnd, pcb->ssthresh));
877 LWIP_ASSERT("pcb->snd_queuelen > 0", (pcb->snd_queuelen > 0));
878 --pcb->snd_queuelen;
879 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_process: SYN-SENT --queuelen %"TCPWNDSIZE_F"\n", (tcpwnd_size_t)pcb->snd_queuelen));
880 rseg = pcb->unacked;
881 if (rseg == NULL) {
882 /* might happen if tcp_output fails in tcp_rexmit_rto()
883 in which case the segment is on the unsent list */
884 rseg = pcb->unsent;
885 LWIP_ASSERT("no segment to free", rseg != NULL);
886 pcb->unsent = rseg->next;
887 } else {
888 pcb->unacked = rseg->next;
889 }
890 tcp_seg_free(rseg);
891
892 /* If there's nothing left to acknowledge, stop the retransmit
893 timer, otherwise reset it to start again */
894 if (pcb->unacked == NULL) {
895 pcb->rtime = -1;
896 } else {
897 pcb->rtime = 0;
898 pcb->nrtx = 0;
899 }
900
901 /* Call the user specified function to call when successfully
902 * connected. */
903 TCP_EVENT_CONNECTED(pcb, ERR_OK, err);
904 if (err == ERR_ABRT) {
905 return ERR_ABRT;
906 }
907 tcp_ack_now(pcb);
908 }
909 /* received ACK? possibly a half-open connection */
910 else if (flags & TCP_ACK) {
911 /* send a RST to bring the other side in a non-synchronized state. */
912 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
913 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
914 /* Resend SYN immediately (don't wait for rto timeout) to establish
915 connection faster, but do not send more SYNs than we otherwise would
916 have, or we might get caught in a loop on loopback interfaces. */
917 if (pcb->nrtx < TCP_SYNMAXRTX) {
918 pcb->rtime = 0;
919 tcp_rexmit_rto(pcb);
920 }
921 }
922 break;
923 case SYN_RCVD:
924 if (flags & TCP_ACK) {
925 /* expected ACK number? */
926 if (TCP_SEQ_BETWEEN(ackno, pcb->lastack + 1, pcb->snd_nxt)) {
927 pcb->state = ESTABLISHED;
928 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection established %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
929 #if LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG
930 if (pcb->listener == NULL) {
931 /* listen pcb might be closed by now */
932 err = ERR_VAL;
933 } else
934 #endif /* LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG */
935 {
936 #if LWIP_CALLBACK_API
937 LWIP_ASSERT("pcb->listener->accept != NULL", pcb->listener->accept != NULL);
938 #endif
939 tcp_backlog_accepted(pcb);
940 /* Call the accept function. */
941 TCP_EVENT_ACCEPT(pcb->listener, pcb, pcb->callback_arg, ERR_OK, err);
942 }
943 if (err != ERR_OK) {
944 /* If the accept function returns with an error, we abort
945 * the connection. */
946 /* Already aborted? */
947 if (err != ERR_ABRT) {
948 tcp_abort(pcb);
949 }
950 return ERR_ABRT;
951 }
952 /* If there was any data contained within this ACK,
953 * we'd better pass it on to the application as well. */
954 tcp_receive(pcb);
955
956 /* Prevent ACK for SYN to generate a sent event */
957 if (recv_acked != 0) {
958 recv_acked--;
959 }
960
961 pcb->cwnd = LWIP_TCP_CALC_INITIAL_CWND(pcb->mss);
962 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_process (SYN_RCVD): cwnd %"TCPWNDSIZE_F
963 " ssthresh %"TCPWNDSIZE_F"\n",
964 pcb->cwnd, pcb->ssthresh));
965
966 if (recv_flags & TF_GOT_FIN) {
967 tcp_ack_now(pcb);
968 pcb->state = CLOSE_WAIT;
969 }
970 } else {
971 /* incorrect ACK number, send RST */
972 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
973 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
974 }
975 } else if ((flags & TCP_SYN) && (seqno == pcb->rcv_nxt - 1)) {
976 /* Looks like another copy of the SYN - retransmit our SYN-ACK */
977 tcp_rexmit(pcb);
978 }
979 break;
980 case CLOSE_WAIT:
981 /* FALLTHROUGH */
982 case ESTABLISHED:
983 tcp_receive(pcb);
984 if (recv_flags & TF_GOT_FIN) { /* passive close */
985 tcp_ack_now(pcb);
986 pcb->state = CLOSE_WAIT;
987 }
988 break;
989 case FIN_WAIT_1:
990 tcp_receive(pcb);
991 if (recv_flags & TF_GOT_FIN) {
992 if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt) &&
993 pcb->unsent == NULL) {
994 LWIP_DEBUGF(TCP_DEBUG,
995 ("TCP connection closed: FIN_WAIT_1 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
996 tcp_ack_now(pcb);
997 tcp_pcb_purge(pcb);
998 TCP_RMV_ACTIVE(pcb);
999 pcb->state = TIME_WAIT;
1000 TCP_REG(&tcp_tw_pcbs, pcb);
1001 } else {
1002 tcp_ack_now(pcb);
1003 pcb->state = CLOSING;
1004 }
1005 } else if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt) &&
1006 pcb->unsent == NULL) {
1007 pcb->state = FIN_WAIT_2;
1008 }
1009 break;
1010 case FIN_WAIT_2:
1011 tcp_receive(pcb);
1012 if (recv_flags & TF_GOT_FIN) {
1013 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: FIN_WAIT_2 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1014 tcp_ack_now(pcb);
1015 tcp_pcb_purge(pcb);
1016 TCP_RMV_ACTIVE(pcb);
1017 pcb->state = TIME_WAIT;
1018 TCP_REG(&tcp_tw_pcbs, pcb);
1019 }
1020 break;
1021 case CLOSING:
1022 tcp_receive(pcb);
1023 if ((flags & TCP_ACK) && ackno == pcb->snd_nxt && pcb->unsent == NULL) {
1024 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: CLOSING %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1025 tcp_pcb_purge(pcb);
1026 TCP_RMV_ACTIVE(pcb);
1027 pcb->state = TIME_WAIT;
1028 TCP_REG(&tcp_tw_pcbs, pcb);
1029 }
1030 break;
1031 case LAST_ACK:
1032 tcp_receive(pcb);
1033 if ((flags & TCP_ACK) && ackno == pcb->snd_nxt && pcb->unsent == NULL) {
1034 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: LAST_ACK %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1035 /* bugfix #21699: don't set pcb->state to CLOSED here or we risk leaking segments */
1036 recv_flags |= TF_CLOSED;
1037 }
1038 break;
1039 default:
1040 break;
1041 }
1042 return ERR_OK;
1043 }
1044
1045 #if TCP_QUEUE_OOSEQ
1046 /**
1047 * Insert segment into the list (segments covered with new one will be deleted)
1048 *
1049 * Called from tcp_receive()
1050 */
1051 static void
1052 tcp_oos_insert_segment(struct tcp_seg *cseg, struct tcp_seg *next)
1053 {
1054 struct tcp_seg *old_seg;
1055
1056 LWIP_ASSERT("tcp_oos_insert_segment: invalid cseg", cseg != NULL);
1057
1058 if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
1059 /* received segment overlaps all following segments */
1060 tcp_segs_free(next);
1061 next = NULL;
1062 } else {
1063 /* delete some following segments
1064 oos queue may have segments with FIN flag */
1065 while (next &&
1066 TCP_SEQ_GEQ((seqno + cseg->len),
1067 (next->tcphdr->seqno + next->len))) {
1068 /* cseg with FIN already processed */
1069 if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
1070 TCPH_SET_FLAG(cseg->tcphdr, TCP_FIN);
1071 }
1072 old_seg = next;
1073 next = next->next;
1074 tcp_seg_free(old_seg);
1075 }
1076 if (next &&
1077 TCP_SEQ_GT(seqno + cseg->len, next->tcphdr->seqno)) {
1078 /* We need to trim the incoming segment. */
1079 cseg->len = (u16_t)(next->tcphdr->seqno - seqno);
1080 pbuf_realloc(cseg->p, cseg->len);
1081 }
1082 }
1083 cseg->next = next;
1084 }
1085 #endif /* TCP_QUEUE_OOSEQ */
1086
1087 /** Remove segments from a list if the incoming ACK acknowledges them */
1088 static struct tcp_seg *
1089 tcp_free_acked_segments(struct tcp_pcb *pcb, struct tcp_seg *seg_list, const char *dbg_list_name,
1090 struct tcp_seg *dbg_other_seg_list)
1091 {
1092 struct tcp_seg *next;
1093 u16_t clen;
1094
1095 LWIP_UNUSED_ARG(dbg_list_name);
1096 LWIP_UNUSED_ARG(dbg_other_seg_list);
1097
1098 while (seg_list != NULL &&
1099 TCP_SEQ_LEQ(lwip_ntohl(seg_list->tcphdr->seqno) +
1100 TCP_TCPLEN(seg_list), ackno)) {
1101 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: removing %"U32_F":%"U32_F" from pcb->%s\n",
1102 lwip_ntohl(seg_list->tcphdr->seqno),
1103 lwip_ntohl(seg_list->tcphdr->seqno) + TCP_TCPLEN(seg_list),
1104 dbg_list_name));
1105
1106 next = seg_list;
1107 seg_list = seg_list->next;
1108
1109 clen = pbuf_clen(next->p);
1110 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_receive: queuelen %"TCPWNDSIZE_F" ... ",
1111 (tcpwnd_size_t)pcb->snd_queuelen));
1112 LWIP_ASSERT("pcb->snd_queuelen >= pbuf_clen(next->p)", (pcb->snd_queuelen >= clen));
1113
1114 pcb->snd_queuelen = (u16_t)(pcb->snd_queuelen - clen);
1115 recv_acked = (tcpwnd_size_t)(recv_acked + next->len);
1116 tcp_seg_free(next);
1117
1118 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("%"TCPWNDSIZE_F" (after freeing %s)\n",
1119 (tcpwnd_size_t)pcb->snd_queuelen,
1120 dbg_list_name));
1121 if (pcb->snd_queuelen != 0) {
1122 LWIP_ASSERT("tcp_receive: valid queue length",
1123 seg_list != NULL || dbg_other_seg_list != NULL);
1124 }
1125 }
1126 return seg_list;
1127 }
1128
1129 /**
1130 * Called by tcp_process. Checks if the given segment is an ACK for outstanding
1131 * data, and if so frees the memory of the buffered data. Next, it places the
1132 * segment on any of the receive queues (pcb->recved or pcb->ooseq). If the segment
1133 * is buffered, the pbuf is referenced by pbuf_ref so that it will not be freed until
1134 * it has been removed from the buffer.
1135 *
1136 * If the incoming segment constitutes an ACK for a segment that was used for RTT
1137 * estimation, the RTT is estimated here as well.
1138 *
1139 * Called from tcp_process().
1140 */
1141 static void
1142 tcp_receive(struct tcp_pcb *pcb)
1143 {
1144 s16_t m;
1145 u32_t right_wnd_edge;
1146 int found_dupack = 0;
1147
1148 LWIP_ASSERT("tcp_receive: invalid pcb", pcb != NULL);
1149 LWIP_ASSERT("tcp_receive: wrong state", pcb->state >= ESTABLISHED);
1150
1151 if (flags & TCP_ACK) {
1152 right_wnd_edge = pcb->snd_wnd + pcb->snd_wl2;
1153
1154 /* Update window. */
1155 if (TCP_SEQ_LT(pcb->snd_wl1, seqno) ||
1156 (pcb->snd_wl1 == seqno && TCP_SEQ_LT(pcb->snd_wl2, ackno)) ||
1157 (pcb->snd_wl2 == ackno && (u32_t)SND_WND_SCALE(pcb, tcphdr->wnd) > pcb->snd_wnd)) {
1158 pcb->snd_wnd = SND_WND_SCALE(pcb, tcphdr->wnd);
1159 /* keep track of the biggest window announced by the remote host to calculate
1160 the maximum segment size */
1161 if (pcb->snd_wnd_max < pcb->snd_wnd) {
1162 pcb->snd_wnd_max = pcb->snd_wnd;
1163 }
1164 pcb->snd_wl1 = seqno;
1165 pcb->snd_wl2 = ackno;
1166 LWIP_DEBUGF(TCP_WND_DEBUG, ("tcp_receive: window update %"TCPWNDSIZE_F"\n", pcb->snd_wnd));
1167 #if TCP_WND_DEBUG
1168 } else {
1169 if (pcb->snd_wnd != (tcpwnd_size_t)SND_WND_SCALE(pcb, tcphdr->wnd)) {
1170 LWIP_DEBUGF(TCP_WND_DEBUG,
1171 ("tcp_receive: no window update lastack %"U32_F" ackno %"
1172 U32_F" wl1 %"U32_F" seqno %"U32_F" wl2 %"U32_F"\n",
1173 pcb->lastack, ackno, pcb->snd_wl1, seqno, pcb->snd_wl2));
1174 }
1175 #endif /* TCP_WND_DEBUG */
1176 }
1177
1178 /* (From Stevens TCP/IP Illustrated Vol II, p970.) Its only a
1179 * duplicate ack if:
1180 * 1) It doesn't ACK new data
1181 * 2) length of received packet is zero (i.e. no payload)
1182 * 3) the advertised window hasn't changed
1183 * 4) There is outstanding unacknowledged data (retransmission timer running)
1184 * 5) The ACK is == biggest ACK sequence number so far seen (snd_una)
1185 *
1186 * If it passes all five, should process as a dupack:
1187 * a) dupacks < 3: do nothing
1188 * b) dupacks == 3: fast retransmit
1189 * c) dupacks > 3: increase cwnd
1190 *
1191 * If it only passes 1-3, should reset dupack counter (and add to
1192 * stats, which we don't do in lwIP)
1193 *
1194 * If it only passes 1, should reset dupack counter
1195 *
1196 */
1197
1198 /* Clause 1 */
1199 if (TCP_SEQ_LEQ(ackno, pcb->lastack)) {
1200 /* Clause 2 */
1201 if (tcplen == 0) {
1202 /* Clause 3 */
1203 if (pcb->snd_wl2 + pcb->snd_wnd == right_wnd_edge) {
1204 /* Clause 4 */
1205 if (pcb->rtime >= 0) {
1206 /* Clause 5 */
1207 if (pcb->lastack == ackno) {
1208 found_dupack = 1;
1209 if ((u8_t)(pcb->dupacks + 1) > pcb->dupacks) {
1210 ++pcb->dupacks;
1211 }
1212 if (pcb->dupacks > 3) {
1213 /* Inflate the congestion window */
1214 TCP_WND_INC(pcb->cwnd, pcb->mss);
1215 }
1216 if (pcb->dupacks >= 3) {
1217 /* Do fast retransmit (checked via TF_INFR, not via dupacks count) */
1218 tcp_rexmit_fast(pcb);
1219 }
1220 }
1221 }
1222 }
1223 }
1224 /* If Clause (1) or more is true, but not a duplicate ack, reset
1225 * count of consecutive duplicate acks */
1226 if (!found_dupack) {
1227 pcb->dupacks = 0;
1228 }
1229 } else if (TCP_SEQ_BETWEEN(ackno, pcb->lastack + 1, pcb->snd_nxt)) {
1230 /* We come here when the ACK acknowledges new data. */
1231 tcpwnd_size_t acked;
1232
1233 /* Reset the "IN Fast Retransmit" flag, since we are no longer
1234 in fast retransmit. Also reset the congestion window to the
1235 slow start threshold. */
1236 if (pcb->flags & TF_INFR) {
1237 tcp_clear_flags(pcb, TF_INFR);
1238 pcb->cwnd = pcb->ssthresh;
1239 pcb->bytes_acked = 0;
1240 }
1241
1242 /* Reset the number of retransmissions. */
1243 pcb->nrtx = 0;
1244
1245 /* Reset the retransmission time-out. */
1246 pcb->rto = (s16_t)((pcb->sa >> 3) + pcb->sv);
1247
1248 /* Record how much data this ACK acks */
1249 acked = (tcpwnd_size_t)(ackno - pcb->lastack);
1250
1251 /* Reset the fast retransmit variables. */
1252 pcb->dupacks = 0;
1253 pcb->lastack = ackno;
1254
1255 /* Update the congestion control variables (cwnd and
1256 ssthresh). */
1257 if (pcb->state >= ESTABLISHED) {
1258 if (pcb->cwnd < pcb->ssthresh) {
1259 tcpwnd_size_t increase;
1260 /* limit to 1 SMSS segment during period following RTO */
1261 u8_t num_seg = (pcb->flags & TF_RTO) ? 1 : 2;
1262 /* RFC 3465, section 2.2 Slow Start */
1263 increase = LWIP_MIN(acked, (tcpwnd_size_t)(num_seg * pcb->mss));
1264 TCP_WND_INC(pcb->cwnd, increase);
1265 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: slow start cwnd %"TCPWNDSIZE_F"\n", pcb->cwnd));
1266 } else {
1267 /* RFC 3465, section 2.1 Congestion Avoidance */
1268 TCP_WND_INC(pcb->bytes_acked, acked);
1269 if (pcb->bytes_acked >= pcb->cwnd) {
1270 pcb->bytes_acked = (tcpwnd_size_t)(pcb->bytes_acked - pcb->cwnd);
1271 TCP_WND_INC(pcb->cwnd, pcb->mss);
1272 }
1273 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: congestion avoidance cwnd %"TCPWNDSIZE_F"\n", pcb->cwnd));
1274 }
1275 }
1276 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: ACK for %"U32_F", unacked->seqno %"U32_F":%"U32_F"\n",
1277 ackno,
1278 pcb->unacked != NULL ?
1279 lwip_ntohl(pcb->unacked->tcphdr->seqno) : 0,
1280 pcb->unacked != NULL ?
1281 lwip_ntohl(pcb->unacked->tcphdr->seqno) + TCP_TCPLEN(pcb->unacked) : 0));
1282
1283 /* Remove segment from the unacknowledged list if the incoming
1284 ACK acknowledges them. */
1285 pcb->unacked = tcp_free_acked_segments(pcb, pcb->unacked, "unacked", pcb->unsent);
1286 /* We go through the ->unsent list to see if any of the segments
1287 on the list are acknowledged by the ACK. This may seem
1288 strange since an "unsent" segment shouldn't be acked. The
1289 rationale is that lwIP puts all outstanding segments on the
1290 ->unsent list after a retransmission, so these segments may
1291 in fact have been sent once. */
1292 pcb->unsent = tcp_free_acked_segments(pcb, pcb->unsent, "unsent", pcb->unacked);
1293
1294 /* If there's nothing left to acknowledge, stop the retransmit
1295 timer, otherwise reset it to start again */
1296 if (pcb->unacked == NULL) {
1297 pcb->rtime = -1;
1298 } else {
1299 pcb->rtime = 0;
1300 }
1301
1302 pcb->polltmr = 0;
1303
1304 #if TCP_OVERSIZE
1305 if (pcb->unsent == NULL) {
1306 pcb->unsent_oversize = 0;
1307 }
1308 #endif /* TCP_OVERSIZE */
1309
1310 #if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
1311 if (ip_current_is_v6()) {
1312 /* Inform neighbor reachability of forward progress. */
1313 nd6_reachability_hint(ip6_current_src_addr());
1314 }
1315 #endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
1316
1317 pcb->snd_buf = (tcpwnd_size_t)(pcb->snd_buf + recv_acked);
1318 /* check if this ACK ends our retransmission of in-flight data */
1319 if (pcb->flags & TF_RTO) {
1320 /* RTO is done if
1321 1) both queues are empty or
1322 2) unacked is empty and unsent head contains data not part of RTO or
1323 3) unacked head contains data not part of RTO */
1324 if (pcb->unacked == NULL) {
1325 if ((pcb->unsent == NULL) ||
1326 (TCP_SEQ_LEQ(pcb->rto_end, lwip_ntohl(pcb->unsent->tcphdr->seqno)))) {
1327 tcp_clear_flags(pcb, TF_RTO);
1328 }
1329 } else if (TCP_SEQ_LEQ(pcb->rto_end, lwip_ntohl(pcb->unacked->tcphdr->seqno))) {
1330 tcp_clear_flags(pcb, TF_RTO);
1331 }
1332 }
1333 /* End of ACK for new data processing. */
1334 } else {
1335 /* Out of sequence ACK, didn't really ack anything */
1336 tcp_send_empty_ack(pcb);
1337 }
1338
1339 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: pcb->rttest %"U32_F" rtseq %"U32_F" ackno %"U32_F"\n",
1340 pcb->rttest, pcb->rtseq, ackno));
1341
1342 /* RTT estimation calculations. This is done by checking if the
1343 incoming segment acknowledges the segment we use to take a
1344 round-trip time measurement. */
1345 if (pcb->rttest && TCP_SEQ_LT(pcb->rtseq, ackno)) {
1346 /* diff between this shouldn't exceed 32K since this are tcp timer ticks
1347 and a round-trip shouldn't be that long... */
1348 m = (s16_t)(tcp_ticks - pcb->rttest);
1349
1350 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: experienced rtt %"U16_F" ticks (%"U16_F" msec).\n",
1351 m, (u16_t)(m * TCP_SLOW_INTERVAL)));
1352
1353 /* This is taken directly from VJs original code in his paper */
1354 m = (s16_t)(m - (pcb->sa >> 3));
1355 pcb->sa = (s16_t)(pcb->sa + m);
1356 if (m < 0) {
1357 m = (s16_t) - m;
1358 }
1359 m = (s16_t)(m - (pcb->sv >> 2));
1360 pcb->sv = (s16_t)(pcb->sv + m);
1361 pcb->rto = (s16_t)((pcb->sa >> 3) + pcb->sv);
1362
1363 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: RTO %"U16_F" (%"U16_F" milliseconds)\n",
1364 pcb->rto, (u16_t)(pcb->rto * TCP_SLOW_INTERVAL)));
1365
1366 pcb->rttest = 0;
1367 }
1368 }
1369
1370 /* If the incoming segment contains data, we must process it
1371 further unless the pcb already received a FIN.
1372 (RFC 793, chapter 3.9, "SEGMENT ARRIVES" in states CLOSE-WAIT, CLOSING,
1373 LAST-ACK and TIME-WAIT: "Ignore the segment text.") */
1374 if ((tcplen > 0) && (pcb->state < CLOSE_WAIT)) {
1375 /* This code basically does three things:
1376
1377 +) If the incoming segment contains data that is the next
1378 in-sequence data, this data is passed to the application. This
1379 might involve trimming the first edge of the data. The rcv_nxt
1380 variable and the advertised window are adjusted.
1381
1382 +) If the incoming segment has data that is above the next
1383 sequence number expected (->rcv_nxt), the segment is placed on
1384 the ->ooseq queue. This is done by finding the appropriate
1385 place in the ->ooseq queue (which is ordered by sequence
1386 number) and trim the segment in both ends if needed. An
1387 immediate ACK is sent to indicate that we received an
1388 out-of-sequence segment.
1389
1390 +) Finally, we check if the first segment on the ->ooseq queue
1391 now is in sequence (i.e., if rcv_nxt >= ooseq->seqno). If
1392 rcv_nxt > ooseq->seqno, we must trim the first edge of the
1393 segment on ->ooseq before we adjust rcv_nxt. The data in the
1394 segments that are now on sequence are chained onto the
1395 incoming segment so that we only need to call the application
1396 once.
1397 */
1398
1399 /* First, we check if we must trim the first edge. We have to do
1400 this if the sequence number of the incoming segment is less
1401 than rcv_nxt, and the sequence number plus the length of the
1402 segment is larger than rcv_nxt. */
1403 /* if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)) {
1404 if (TCP_SEQ_LT(pcb->rcv_nxt, seqno + tcplen)) {*/
1405 if (TCP_SEQ_BETWEEN(pcb->rcv_nxt, seqno + 1, seqno + tcplen - 1)) {
1406 /* Trimming the first edge is done by pushing the payload
1407 pointer in the pbuf downwards. This is somewhat tricky since
1408 we do not want to discard the full contents of the pbuf up to
1409 the new starting point of the data since we have to keep the
1410 TCP header which is present in the first pbuf in the chain.
1411
1412 What is done is really quite a nasty hack: the first pbuf in
1413 the pbuf chain is pointed to by inseg.p. Since we need to be
1414 able to deallocate the whole pbuf, we cannot change this
1415 inseg.p pointer to point to any of the later pbufs in the
1416 chain. Instead, we point the ->payload pointer in the first
1417 pbuf to data in one of the later pbufs. We also set the
1418 inseg.data pointer to point to the right place. This way, the
1419 ->p pointer will still point to the first pbuf, but the
1420 ->p->payload pointer will point to data in another pbuf.
1421
1422 After we are done with adjusting the pbuf pointers we must
1423 adjust the ->data pointer in the seg and the segment
1424 length.*/
1425
1426 struct pbuf *p = inseg.p;
1427 u32_t off32 = pcb->rcv_nxt - seqno;
1428 u16_t new_tot_len, off;
1429 LWIP_ASSERT("inseg.p != NULL", inseg.p);
1430 LWIP_ASSERT("insane offset!", (off32 < 0xffff));
1431 off = (u16_t)off32;
1432 LWIP_ASSERT("pbuf too short!", (((s32_t)inseg.p->tot_len) >= off));
1433 inseg.len -= off;
1434 new_tot_len = (u16_t)(inseg.p->tot_len - off);
1435 while (p->len < off) {
1436 off -= p->len;
1437 /* all pbufs up to and including this one have len==0, so tot_len is equal */
1438 p->tot_len = new_tot_len;
1439 p->len = 0;
1440 p = p->next;
1441 }
1442 /* cannot fail... */
1443 pbuf_remove_header(p, off);
1444 inseg.tcphdr->seqno = seqno = pcb->rcv_nxt;
1445 } else {
1446 if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)) {
1447 /* the whole segment is < rcv_nxt */
1448 /* must be a duplicate of a packet that has already been correctly handled */
1449
1450 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: duplicate seqno %"U32_F"\n", seqno));
1451 tcp_ack_now(pcb);
1452 }
1453 }
1454
1455 /* The sequence number must be within the window (above rcv_nxt
1456 and below rcv_nxt + rcv_wnd) in order to be further
1457 processed. */
1458 if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt,
1459 pcb->rcv_nxt + pcb->rcv_wnd - 1)) {
1460 if (pcb->rcv_nxt == seqno) {
1461 /* The incoming segment is the next in sequence. We check if
1462 we have to trim the end of the segment and update rcv_nxt
1463 and pass the data to the application. */
1464 tcplen = TCP_TCPLEN(&inseg);
1465
1466 if (tcplen > pcb->rcv_wnd) {
1467 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1468 ("tcp_receive: other end overran receive window"
1469 "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
1470 seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
1471 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1472 /* Must remove the FIN from the header as we're trimming
1473 * that byte of sequence-space from the packet */
1474 TCPH_FLAGS_SET(inseg.tcphdr, TCPH_FLAGS(inseg.tcphdr) & ~(unsigned int)TCP_FIN);
1475 }
1476 /* Adjust length of segment to fit in the window. */
1477 TCPWND_CHECK16(pcb->rcv_wnd);
1478 inseg.len = (u16_t)pcb->rcv_wnd;
1479 if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
1480 inseg.len -= 1;
1481 }
1482 pbuf_realloc(inseg.p, inseg.len);
1483 tcplen = TCP_TCPLEN(&inseg);
1484 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd\n",
1485 (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
1486 }
1487 #if TCP_QUEUE_OOSEQ
1488 /* Received in-sequence data, adjust ooseq data if:
1489 - FIN has been received or
1490 - inseq overlaps with ooseq */
1491 if (pcb->ooseq != NULL) {
1492 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1493 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1494 ("tcp_receive: received in-order FIN, binning ooseq queue\n"));
1495 /* Received in-order FIN means anything that was received
1496 * out of order must now have been received in-order, so
1497 * bin the ooseq queue */
1498 while (pcb->ooseq != NULL) {
1499 struct tcp_seg *old_ooseq = pcb->ooseq;
1500 pcb->ooseq = pcb->ooseq->next;
1501 tcp_seg_free(old_ooseq);
1502 }
1503 } else {
1504 struct tcp_seg *next = pcb->ooseq;
1505 /* Remove all segments on ooseq that are covered by inseg already.
1506 * FIN is copied from ooseq to inseg if present. */
1507 while (next &&
1508 TCP_SEQ_GEQ(seqno + tcplen,
1509 next->tcphdr->seqno + next->len)) {
1510 struct tcp_seg *tmp;
1511 /* inseg cannot have FIN here (already processed above) */
1512 if ((TCPH_FLAGS(next->tcphdr) & TCP_FIN) != 0 &&
1513 (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) == 0) {
1514 TCPH_SET_FLAG(inseg.tcphdr, TCP_FIN);
1515 tcplen = TCP_TCPLEN(&inseg);
1516 }
1517 tmp = next;
1518 next = next->next;
1519 tcp_seg_free(tmp);
1520 }
1521 /* Now trim right side of inseg if it overlaps with the first
1522 * segment on ooseq */
1523 if (next &&
1524 TCP_SEQ_GT(seqno + tcplen,
1525 next->tcphdr->seqno)) {
1526 /* inseg cannot have FIN here (already processed above) */
1527 inseg.len = (u16_t)(next->tcphdr->seqno - seqno);
1528 if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
1529 inseg.len -= 1;
1530 }
1531 pbuf_realloc(inseg.p, inseg.len);
1532 tcplen = TCP_TCPLEN(&inseg);
1533 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to ooseq queue\n",
1534 (seqno + tcplen) == next->tcphdr->seqno);
1535 }
1536 pcb->ooseq = next;
1537 }
1538 }
1539 #endif /* TCP_QUEUE_OOSEQ */
1540
1541 pcb->rcv_nxt = seqno + tcplen;
1542
1543 /* Update the receiver's (our) window. */
1544 LWIP_ASSERT("tcp_receive: tcplen > rcv_wnd\n", pcb->rcv_wnd >= tcplen);
1545 pcb->rcv_wnd -= tcplen;
1546
1547 tcp_update_rcv_ann_wnd(pcb);
1548
1549 /* If there is data in the segment, we make preparations to
1550 pass this up to the application. The ->recv_data variable
1551 is used for holding the pbuf that goes to the
1552 application. The code for reassembling out-of-sequence data
1553 chains its data on this pbuf as well.
1554
1555 If the segment was a FIN, we set the TF_GOT_FIN flag that will
1556 be used to indicate to the application that the remote side has
1557 closed its end of the connection. */
1558 if (inseg.p->tot_len > 0) {
1559 recv_data = inseg.p;
1560 /* Since this pbuf now is the responsibility of the
1561 application, we delete our reference to it so that we won't
1562 (mistakingly) deallocate it. */
1563 inseg.p = NULL;
1564 }
1565 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1566 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: received FIN.\n"));
1567 recv_flags |= TF_GOT_FIN;
1568 }
1569
1570 #if TCP_QUEUE_OOSEQ
1571 /* We now check if we have segments on the ->ooseq queue that
1572 are now in sequence. */
1573 while (pcb->ooseq != NULL &&
1574 pcb->ooseq->tcphdr->seqno == pcb->rcv_nxt) {
1575
1576 struct tcp_seg *cseg = pcb->ooseq;
1577 seqno = pcb->ooseq->tcphdr->seqno;
1578
1579 pcb->rcv_nxt += TCP_TCPLEN(cseg);
1580 LWIP_ASSERT("tcp_receive: ooseq tcplen > rcv_wnd\n",
1581 pcb->rcv_wnd >= TCP_TCPLEN(cseg));
1582 pcb->rcv_wnd -= TCP_TCPLEN(cseg);
1583
1584 tcp_update_rcv_ann_wnd(pcb);
1585
1586 if (cseg->p->tot_len > 0) {
1587 /* Chain this pbuf onto the pbuf that we will pass to
1588 the application. */
1589 /* With window scaling, this can overflow recv_data->tot_len, but
1590 that's not a problem since we explicitly fix that before passing
1591 recv_data to the application. */
1592 if (recv_data) {
1593 pbuf_cat(recv_data, cseg->p);
1594 } else {
1595 recv_data = cseg->p;
1596 }
1597 cseg->p = NULL;
1598 }
1599 if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
1600 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: dequeued FIN.\n"));
1601 recv_flags |= TF_GOT_FIN;
1602 if (pcb->state == ESTABLISHED) { /* force passive close or we can move to active close */
1603 pcb->state = CLOSE_WAIT;
1604 }
1605 }
1606
1607 pcb->ooseq = cseg->next;
1608 tcp_seg_free(cseg);
1609 }
1610 #if LWIP_TCP_SACK_OUT
1611 if (pcb->flags & TF_SACK) {
1612 if (pcb->ooseq != NULL) {
1613 /* Some segments may have been removed from ooseq, let's remove all SACKs that
1614 describe anything before the new beginning of that list. */
1615 tcp_remove_sacks_lt(pcb, pcb->ooseq->tcphdr->seqno);
1616 } else if (LWIP_TCP_SACK_VALID(pcb, 0)) {
1617 /* ooseq has been cleared. Nothing to SACK */
1618 memset(pcb->rcv_sacks, 0, sizeof(pcb->rcv_sacks));
1619 }
1620 }
1621 #endif /* LWIP_TCP_SACK_OUT */
1622 #endif /* TCP_QUEUE_OOSEQ */
1623
1624
1625 /* Acknowledge the segment(s). */
1626 tcp_ack(pcb);
1627
1628 #if LWIP_TCP_SACK_OUT
1629 if (LWIP_TCP_SACK_VALID(pcb, 0)) {
1630 /* Normally the ACK for the data received could be piggy-backed on a data packet,
1631 but lwIP currently does not support including SACKs in data packets. So we force
1632 it to respond with an empty ACK packet (only if there is at least one SACK to be sent).
1633 NOTE: tcp_send_empty_ack() on success clears the ACK flags (set by tcp_ack()) */
1634 tcp_send_empty_ack(pcb);
1635 }
1636 #endif /* LWIP_TCP_SACK_OUT */
1637
1638 #if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
1639 if (ip_current_is_v6()) {
1640 /* Inform neighbor reachability of forward progress. */
1641 nd6_reachability_hint(ip6_current_src_addr());
1642 }
1643 #endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
1644
1645 } else {
1646 /* We get here if the incoming segment is out-of-sequence. */
1647
1648 #if TCP_QUEUE_OOSEQ
1649 /* We queue the segment on the ->ooseq queue. */
1650 if (pcb->ooseq == NULL) {
1651 pcb->ooseq = tcp_seg_copy(&inseg);
1652 #if LWIP_TCP_SACK_OUT
1653 if (pcb->flags & TF_SACK) {
1654 /* All the SACKs should be invalid, so we can simply store the most recent one: */
1655 pcb->rcv_sacks[0].left = seqno;
1656 pcb->rcv_sacks[0].right = seqno + inseg.len;
1657 }
1658 #endif /* LWIP_TCP_SACK_OUT */
1659 } else {
1660 /* If the queue is not empty, we walk through the queue and
1661 try to find a place where the sequence number of the
1662 incoming segment is between the sequence numbers of the
1663 previous and the next segment on the ->ooseq queue. That is
1664 the place where we put the incoming segment. If needed, we
1665 trim the second edges of the previous and the incoming
1666 segment so that it will fit into the sequence.
1667
1668 If the incoming segment has the same sequence number as a
1669 segment on the ->ooseq queue, we discard the segment that
1670 contains less data. */
1671
1672 #if LWIP_TCP_SACK_OUT
1673 /* This is the left edge of the lowest possible SACK range.
1674 It may start before the newly received segment (possibly adjusted below). */
1675 u32_t sackbeg = TCP_SEQ_LT(seqno, pcb->ooseq->tcphdr->seqno) ? seqno : pcb->ooseq->tcphdr->seqno;
1676 #endif /* LWIP_TCP_SACK_OUT */
1677 struct tcp_seg *next, *prev = NULL;
1678 for (next = pcb->ooseq; next != NULL; next = next->next) {
1679 if (seqno == next->tcphdr->seqno) {
1680 /* The sequence number of the incoming segment is the
1681 same as the sequence number of the segment on
1682 ->ooseq. We check the lengths to see which one to
1683 discard. */
1684 if (inseg.len > next->len) {
1685 /* The incoming segment is larger than the old
1686 segment. We replace some segments with the new
1687 one. */
1688 struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1689 if (cseg != NULL) {
1690 if (prev != NULL) {
1691 prev->next = cseg;
1692 } else {
1693 pcb->ooseq = cseg;
1694 }
1695 tcp_oos_insert_segment(cseg, next);
1696 }
1697 break;
1698 } else {
1699 /* Either the lengths are the same or the incoming
1700 segment was smaller than the old one; in either
1701 case, we ditch the incoming segment. */
1702 break;
1703 }
1704 } else {
1705 if (prev == NULL) {
1706 if (TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {
1707 /* The sequence number of the incoming segment is lower
1708 than the sequence number of the first segment on the
1709 queue. We put the incoming segment first on the
1710 queue. */
1711 struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1712 if (cseg != NULL) {
1713 pcb->ooseq = cseg;
1714 tcp_oos_insert_segment(cseg, next);
1715 }
1716 break;
1717 }
1718 } else {
1719 /*if (TCP_SEQ_LT(prev->tcphdr->seqno, seqno) &&
1720 TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {*/
1721 if (TCP_SEQ_BETWEEN(seqno, prev->tcphdr->seqno + 1, next->tcphdr->seqno - 1)) {
1722 /* The sequence number of the incoming segment is in
1723 between the sequence numbers of the previous and
1724 the next segment on ->ooseq. We trim trim the previous
1725 segment, delete next segments that included in received segment
1726 and trim received, if needed. */
1727 struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1728 if (cseg != NULL) {
1729 if (TCP_SEQ_GT(prev->tcphdr->seqno + prev->len, seqno)) {
1730 /* We need to trim the prev segment. */
1731 prev->len = (u16_t)(seqno - prev->tcphdr->seqno);
1732 pbuf_realloc(prev->p, prev->len);
1733 }
1734 prev->next = cseg;
1735 tcp_oos_insert_segment(cseg, next);
1736 }
1737 break;
1738 }
1739 }
1740
1741 #if LWIP_TCP_SACK_OUT
1742 /* The new segment goes after the 'next' one. If there is a "hole" in sequence numbers
1743 between 'prev' and the beginning of 'next', we want to move sackbeg. */
1744 if (prev != NULL && prev->tcphdr->seqno + prev->len != next->tcphdr->seqno) {
1745 sackbeg = next->tcphdr->seqno;
1746 }
1747 #endif /* LWIP_TCP_SACK_OUT */
1748
1749 /* We don't use 'prev' below, so let's set it to current 'next'.
1750 This way even if we break the loop below, 'prev' will be pointing
1751 at the segment right in front of the newly added one. */
1752 prev = next;
1753
1754 /* If the "next" segment is the last segment on the
1755 ooseq queue, we add the incoming segment to the end
1756 of the list. */
1757 if (next->next == NULL &&
1758 TCP_SEQ_GT(seqno, next->tcphdr->seqno)) {
1759 if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
1760 /* segment "next" already contains all data */
1761 break;
1762 }
1763 next->next = tcp_seg_copy(&inseg);
1764 if (next->next != NULL) {
1765 if (TCP_SEQ_GT(next->tcphdr->seqno + next->len, seqno)) {
1766 /* We need to trim the last segment. */
1767 next->len = (u16_t)(seqno - next->tcphdr->seqno);
1768 pbuf_realloc(next->p, next->len);
1769 }
1770 /* check if the remote side overruns our receive window */
1771 if (TCP_SEQ_GT((u32_t)tcplen + seqno, pcb->rcv_nxt + (u32_t)pcb->rcv_wnd)) {
1772 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1773 ("tcp_receive: other end overran receive window"
1774 "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
1775 seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
1776 if (TCPH_FLAGS(next->next->tcphdr) & TCP_FIN) {
1777 /* Must remove the FIN from the header as we're trimming
1778 * that byte of sequence-space from the packet */
1779 TCPH_FLAGS_SET(next->next->tcphdr, TCPH_FLAGS(next->next->tcphdr) & ~TCP_FIN);
1780 }
1781 /* Adjust length of segment to fit in the window. */
1782 next->next->len = (u16_t)(pcb->rcv_nxt + pcb->rcv_wnd - seqno);
1783 pbuf_realloc(next->next->p, next->next->len);
1784 tcplen = TCP_TCPLEN(next->next);
1785 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd\n",
1786 (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
1787 }
1788 }
1789 break;
1790 }
1791 }
1792 }
1793
1794 #if LWIP_TCP_SACK_OUT
1795 if (pcb->flags & TF_SACK) {
1796 if (prev == NULL) {
1797 /* The new segment is at the beginning. sackbeg should already be set properly.
1798 We need to find the right edge. */
1799 next = pcb->ooseq;
1800 } else if (prev->next != NULL) {
1801 /* The new segment was added after 'prev'. If there is a "hole" between 'prev' and 'prev->next',
1802 we need to move sackbeg. After that we should find the right edge. */
1803 next = prev->next;
1804 if (prev->tcphdr->seqno + prev->len != next->tcphdr->seqno) {
1805 sackbeg = next->tcphdr->seqno;
1806 }
1807 } else {
1808 next = NULL;
1809 }
1810 if (next != NULL) {
1811 u32_t sackend = next->tcphdr->seqno;
1812 for ( ; (next != NULL) && (sackend == next->tcphdr->seqno); next = next->next) {
1813 sackend += next->len;
1814 }
1815 tcp_add_sack(pcb, sackbeg, sackend);
1816 }
1817 }
1818 #endif /* LWIP_TCP_SACK_OUT */
1819 }
1820 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
1821 {
1822 /* Check that the data on ooseq doesn't exceed one of the limits
1823 and throw away everything above that limit. */
1824 #ifdef TCP_OOSEQ_BYTES_LIMIT
1825 const u32_t ooseq_max_blen = TCP_OOSEQ_BYTES_LIMIT(pcb);
1826 u32_t ooseq_blen = 0;
1827 #endif
1828 #ifdef TCP_OOSEQ_PBUFS_LIMIT
1829 const u16_t ooseq_max_qlen = TCP_OOSEQ_PBUFS_LIMIT(pcb);
1830 u16_t ooseq_qlen = 0;
1831 #endif
1832 struct tcp_seg *next, *prev = NULL;
1833 for (next = pcb->ooseq; next != NULL; prev = next, next = next->next) {
1834 struct pbuf *p = next->p;
1835 int stop_here = 0;
1836 #ifdef TCP_OOSEQ_BYTES_LIMIT
1837 ooseq_blen += p->tot_len;
1838 if (ooseq_blen > ooseq_max_blen) {
1839 stop_here = 1;
1840 }
1841 #endif
1842 #ifdef TCP_OOSEQ_PBUFS_LIMIT
1843 ooseq_qlen += pbuf_clen(p);
1844 if (ooseq_qlen > ooseq_max_qlen) {
1845 stop_here = 1;
1846 }
1847 #endif
1848 if (stop_here) {
1849 #if LWIP_TCP_SACK_OUT
1850 if (pcb->flags & TF_SACK) {
1851 /* Let's remove all SACKs from next's seqno up. */
1852 tcp_remove_sacks_gt(pcb, next->tcphdr->seqno);
1853 }
1854 #endif /* LWIP_TCP_SACK_OUT */
1855 /* too much ooseq data, dump this and everything after it */
1856 tcp_segs_free(next);
1857 if (prev == NULL) {
1858 /* first ooseq segment is too much, dump the whole queue */
1859 pcb->ooseq = NULL;
1860 } else {
1861 /* just dump 'next' and everything after it */
1862 prev->next = NULL;
1863 }
1864 break;
1865 }
1866 }
1867 }
1868 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
1869 #endif /* TCP_QUEUE_OOSEQ */
1870
1871 /* We send the ACK packet after we've (potentially) dealt with SACKs,
1872 so they can be included in the acknowledgment. */
1873 tcp_send_empty_ack(pcb);
1874 }
1875 } else {
1876 /* The incoming segment is not within the window. */
1877 tcp_send_empty_ack(pcb);
1878 }
1879 } else {
1880 /* Segments with length 0 is taken care of here. Segments that
1881 fall out of the window are ACKed. */
1882 if (!TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd - 1)) {
1883 tcp_ack_now(pcb);
1884 }
1885 }
1886 }
1887
1888 static u8_t
1889 tcp_get_next_optbyte(void)
1890 {
1891 u16_t optidx = tcp_optidx++;
1892 if ((tcphdr_opt2 == NULL) || (optidx < tcphdr_opt1len)) {
1893 u8_t *opts = (u8_t *)tcphdr + TCP_HLEN;
1894 return opts[optidx];
1895 } else {
1896 u8_t idx = (u8_t)(optidx - tcphdr_opt1len);
1897 return tcphdr_opt2[idx];
1898 }
1899 }
1900
1901 /**
1902 * Parses the options contained in the incoming segment.
1903 *
1904 * Called from tcp_listen_input() and tcp_process().
1905 * Currently, only the MSS option is supported!
1906 *
1907 * @param pcb the tcp_pcb for which a segment arrived
1908 */
1909 static void
1910 tcp_parseopt(struct tcp_pcb *pcb)
1911 {
1912 u8_t data;
1913 u16_t mss;
1914 #if LWIP_TCP_TIMESTAMPS
1915 u32_t tsval;
1916 #endif
1917
1918 LWIP_ASSERT("tcp_parseopt: invalid pcb", pcb != NULL);
1919
1920 /* Parse the TCP MSS option, if present. */
1921 if (tcphdr_optlen != 0) {
1922 for (tcp_optidx = 0; tcp_optidx < tcphdr_optlen; ) {
1923 u8_t opt = tcp_get_next_optbyte();
1924 switch (opt) {
1925 case LWIP_TCP_OPT_EOL:
1926 /* End of options. */
1927 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: EOL\n"));
1928 return;
1929 case LWIP_TCP_OPT_NOP:
1930 /* NOP option. */
1931 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: NOP\n"));
1932 break;
1933 case LWIP_TCP_OPT_MSS:
1934 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: MSS\n"));
1935 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_MSS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_MSS) > tcphdr_optlen) {
1936 /* Bad length */
1937 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1938 return;
1939 }
1940 /* An MSS option with the right option length. */
1941 mss = (u16_t)(tcp_get_next_optbyte() << 8);
1942 mss |= tcp_get_next_optbyte();
1943 /* Limit the mss to the configured TCP_MSS and prevent division by zero */
1944 pcb->mss = ((mss > TCP_MSS) || (mss == 0)) ? TCP_MSS : mss;
1945 break;
1946 #if LWIP_WND_SCALE
1947 case LWIP_TCP_OPT_WS:
1948 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: WND_SCALE\n"));
1949 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_WS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_WS) > tcphdr_optlen) {
1950 /* Bad length */
1951 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1952 return;
1953 }
1954 /* An WND_SCALE option with the right option length. */
1955 data = tcp_get_next_optbyte();
1956 /* If syn was received with wnd scale option,
1957 activate wnd scale opt, but only if this is not a retransmission */
1958 if ((flags & TCP_SYN) && !(pcb->flags & TF_WND_SCALE)) {
1959 pcb->snd_scale = data;
1960 if (pcb->snd_scale > 14U) {
1961 pcb->snd_scale = 14U;
1962 }
1963 pcb->rcv_scale = TCP_RCV_SCALE;
1964 tcp_set_flags(pcb, TF_WND_SCALE);
1965 /* window scaling is enabled, we can use the full receive window */
1966 LWIP_ASSERT("window not at default value", pcb->rcv_wnd == TCPWND_MIN16(TCP_WND));
1967 LWIP_ASSERT("window not at default value", pcb->rcv_ann_wnd == TCPWND_MIN16(TCP_WND));
1968 pcb->rcv_wnd = pcb->rcv_ann_wnd = TCP_WND;
1969 }
1970 break;
1971 #endif /* LWIP_WND_SCALE */
1972 #if LWIP_TCP_TIMESTAMPS
1973 case LWIP_TCP_OPT_TS:
1974 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: TS\n"));
1975 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_TS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_TS) > tcphdr_optlen) {
1976 /* Bad length */
1977 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1978 return;
1979 }
1980 /* TCP timestamp option with valid length */
1981 tsval = tcp_get_next_optbyte();
1982 tsval |= (tcp_get_next_optbyte() << 8);
1983 tsval |= (tcp_get_next_optbyte() << 16);
1984 tsval |= (tcp_get_next_optbyte() << 24);
1985 if (flags & TCP_SYN) {
1986 pcb->ts_recent = lwip_ntohl(tsval);
1987 /* Enable sending timestamps in every segment now that we know
1988 the remote host supports it. */
1989 tcp_set_flags(pcb, TF_TIMESTAMP);
1990 } else if (TCP_SEQ_BETWEEN(pcb->ts_lastacksent, seqno, seqno + tcplen)) {
1991 pcb->ts_recent = lwip_ntohl(tsval);
1992 }
1993 /* Advance to next option (6 bytes already read) */
1994 tcp_optidx += LWIP_TCP_OPT_LEN_TS - 6;
1995 break;
1996 #endif /* LWIP_TCP_TIMESTAMPS */
1997 #if LWIP_TCP_SACK_OUT
1998 case LWIP_TCP_OPT_SACK_PERM:
1999 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: SACK_PERM\n"));
2000 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_SACK_PERM || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_SACK_PERM) > tcphdr_optlen) {
2001 /* Bad length */
2002 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
2003 return;
2004 }
2005 /* TCP SACK_PERM option with valid length */
2006 if (flags & TCP_SYN) {
2007 /* We only set it if we receive it in a SYN (or SYN+ACK) packet */
2008 tcp_set_flags(pcb, TF_SACK);
2009 }
2010 break;
2011 #endif /* LWIP_TCP_SACK_OUT */
2012 default:
2013 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: other\n"));
2014 data = tcp_get_next_optbyte();
2015 if (data < 2) {
2016 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
2017 /* If the length field is zero, the options are malformed
2018 and we don't process them further. */
2019 return;
2020 }
2021 /* All other options have a length field, so that we easily
2022 can skip past them. */
2023 tcp_optidx += data - 2;
2024 }
2025 }
2026 }
2027 }
2028
2029 void
2030 tcp_trigger_input_pcb_close(void)
2031 {
2032 recv_flags |= TF_CLOSED;
2033 }
2034
2035 #if LWIP_TCP_SACK_OUT
2036 /**
2037 * Called by tcp_receive() to add new SACK entry.
2038 *
2039 * The new SACK entry will be placed at the beginning of rcv_sacks[], as the newest one.
2040 * Existing SACK entries will be "pushed back", to preserve their order.
2041 * This is the behavior described in RFC 2018, section 4.
2042 *
2043 * @param pcb the tcp_pcb for which a segment arrived
2044 * @param left the left side of the SACK (the first sequence number)
2045 * @param right the right side of the SACK (the first sequence number past this SACK)
2046 */
2047 static void
2048 tcp_add_sack(struct tcp_pcb *pcb, u32_t left, u32_t right)
2049 {
2050 u8_t i;
2051 u8_t unused_idx;
2052
2053 if ((pcb->flags & TF_SACK) == 0 || !TCP_SEQ_LT(left, right)) {
2054 return;
2055 }
2056
2057 /* First, let's remove all SACKs that are no longer needed (because they overlap with the newest one),
2058 while moving all other SACKs forward.
2059 We run this loop for all entries, until we find the first invalid one.
2060 There is no point checking after that. */
2061 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2062 /* We only want to use SACK at [i] if it doesn't overlap with left:right range.
2063 It does not overlap if its right side is before the newly added SACK,
2064 or if its left side is after the newly added SACK.
2065 NOTE: The equality should not really happen, but it doesn't hurt. */
2066 if (TCP_SEQ_LEQ(pcb->rcv_sacks[i].right, left) || TCP_SEQ_LEQ(right, pcb->rcv_sacks[i].left)) {
2067 if (unused_idx != i) {
2068 /* We don't need to copy if it's already in the right spot */
2069 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2070 }
2071 ++unused_idx;
2072 }
2073 }
2074
2075 /* Now 'unused_idx' is the index of the first invalid SACK entry,
2076 anywhere between 0 (no valid entries) and LWIP_TCP_MAX_SACK_NUM (all entries are valid).
2077 We want to clear this and all following SACKs.
2078 However, we will be adding another one in the front (and shifting everything else back).
2079 So let's just iterate from the back, and set each entry to the one to the left if it's valid,
2080 or to 0 if it is not. */
2081 for (i = LWIP_TCP_MAX_SACK_NUM - 1; i > 0; --i) {
2082 /* [i] is the index we are setting, and the value should be at index [i-1],
2083 or 0 if that index is unused (>= unused_idx). */
2084 if (i - 1 >= unused_idx) {
2085 /* [i-1] is unused. Let's clear [i]. */
2086 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2087 } else {
2088 pcb->rcv_sacks[i] = pcb->rcv_sacks[i - 1];
2089 }
2090 }
2091
2092 /* And now we can store the newest SACK */
2093 pcb->rcv_sacks[0].left = left;
2094 pcb->rcv_sacks[0].right = right;
2095 }
2096
2097 /**
2098 * Called to remove a range of SACKs.
2099 *
2100 * SACK entries will be removed or adjusted to not acknowledge any sequence
2101 * numbers that are less than 'seq' passed. It not only invalidates entries,
2102 * but also moves all entries that are still valid to the beginning.
2103 *
2104 * @param pcb the tcp_pcb to modify
2105 * @param seq the lowest sequence number to keep in SACK entries
2106 */
2107 static void
2108 tcp_remove_sacks_lt(struct tcp_pcb *pcb, u32_t seq)
2109 {
2110 u8_t i;
2111 u8_t unused_idx;
2112
2113 /* We run this loop for all entries, until we find the first invalid one.
2114 There is no point checking after that. */
2115 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2116 /* We only want to use SACK at index [i] if its right side is > 'seq'. */
2117 if (TCP_SEQ_GT(pcb->rcv_sacks[i].right, seq)) {
2118 if (unused_idx != i) {
2119 /* We only copy it if it's not in the right spot already. */
2120 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2121 }
2122 /* NOTE: It is possible that its left side is < 'seq', in which case we should adjust it. */
2123 if (TCP_SEQ_LT(pcb->rcv_sacks[unused_idx].left, seq)) {
2124 pcb->rcv_sacks[unused_idx].left = seq;
2125 }
2126 ++unused_idx;
2127 }
2128 }
2129
2130 /* We also need to invalidate everything from 'unused_idx' till the end */
2131 for (i = unused_idx; i < LWIP_TCP_MAX_SACK_NUM; ++i) {
2132 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2133 }
2134 }
2135
2136 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
2137 /**
2138 * Called to remove a range of SACKs.
2139 *
2140 * SACK entries will be removed or adjusted to not acknowledge any sequence
2141 * numbers that are greater than (or equal to) 'seq' passed. It not only invalidates entries,
2142 * but also moves all entries that are still valid to the beginning.
2143 *
2144 * @param pcb the tcp_pcb to modify
2145 * @param seq the highest sequence number to keep in SACK entries
2146 */
2147 static void
2148 tcp_remove_sacks_gt(struct tcp_pcb *pcb, u32_t seq)
2149 {
2150 u8_t i;
2151 u8_t unused_idx;
2152
2153 /* We run this loop for all entries, until we find the first invalid one.
2154 There is no point checking after that. */
2155 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2156 /* We only want to use SACK at index [i] if its left side is < 'seq'. */
2157 if (TCP_SEQ_LT(pcb->rcv_sacks[i].left, seq)) {
2158 if (unused_idx != i) {
2159 /* We only copy it if it's not in the right spot already. */
2160 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2161 }
2162 /* NOTE: It is possible that its right side is > 'seq', in which case we should adjust it. */
2163 if (TCP_SEQ_GT(pcb->rcv_sacks[unused_idx].right, seq)) {
2164 pcb->rcv_sacks[unused_idx].right = seq;
2165 }
2166 ++unused_idx;
2167 }
2168 }
2169
2170 /* We also need to invalidate everything from 'unused_idx' till the end */
2171 for (i = unused_idx; i < LWIP_TCP_MAX_SACK_NUM; ++i) {
2172 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2173 }
2174 }
2175 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
2176
2177 #endif /* LWIP_TCP_SACK_OUT */
2178
2179 #endif /* LWIP_TCP */
2180