• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /**
2  * @file
3  * Transmission Control Protocol, outgoing traffic
4  *
5  * The output functions of TCP.
6  *
7  * There are two distinct ways for TCP segments to get sent:
8  * - queued data: these are segments transferring data or segments containing
9  *   SYN or FIN (which both count as one sequence number). They are created as
10  *   struct @ref pbuf together with a struct tcp_seg and enqueue to the
11  *   unsent list of the pcb. They are sent by tcp_output:
12  *   - @ref tcp_write : creates data segments
13  *   - @ref tcp_split_unsent_seg : splits a data segment
14  *   - @ref tcp_enqueue_flags : creates SYN-only or FIN-only segments
15  *   - @ref tcp_output / tcp_output_segment : finalize the tcp header
16  *      (e.g. sequence numbers, options, checksum) and output to IP
17  *   - the various tcp_rexmit functions shuffle around segments between the
18  *     unsent an unacked lists to retransmit them
19  *   - tcp_create_segment and tcp_pbuf_prealloc allocate pbuf and
20  *     segment for these functions
21  * - direct send: these segments don't contain data but control the connection
22  *   behaviour. They are created as pbuf only and sent directly without
23  *   enqueueing them:
24  *   - @ref tcp_send_empty_ack sends an ACK-only segment
25  *   - @ref tcp_rst sends a RST segment
26  *   - @ref tcp_keepalive sends a keepalive segment
27  *   - @ref tcp_zero_window_probe sends a window probe segment
28  *   - tcp_output_alloc_header allocates a header-only pbuf for these functions
29  */
30 
31 /*
32  * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
33  * All rights reserved.
34  *
35  * Redistribution and use in source and binary forms, with or without modification,
36  * are permitted provided that the following conditions are met:
37  *
38  * 1. Redistributions of source code must retain the above copyright notice,
39  *    this list of conditions and the following disclaimer.
40  * 2. Redistributions in binary form must reproduce the above copyright notice,
41  *    this list of conditions and the following disclaimer in the documentation
42  *    and/or other materials provided with the distribution.
43  * 3. The name of the author may not be used to endorse or promote products
44  *    derived from this software without specific prior written permission.
45  *
46  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
47  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
48  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
49  * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
50  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
51  * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
52  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
53  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
54  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
55  * OF SUCH DAMAGE.
56  *
57  * This file is part of the lwIP TCP/IP stack.
58  *
59  * Author: Adam Dunkels <adam@sics.se>
60  *
61  */
62 
63 #include "lwip/opt.h"
64 
65 #if LWIP_TCP /* don't build if not configured for use in lwipopts.h */
66 
67 #include "lwip/priv/tcp_priv.h"
68 #include "lwip/def.h"
69 #include "lwip/mem.h"
70 #include "lwip/memp.h"
71 #include "lwip/ip_addr.h"
72 #include "lwip/netif.h"
73 #include "lwip/inet_chksum.h"
74 #include "lwip/stats.h"
75 #include "lwip/ip6.h"
76 #include "lwip/ip6_addr.h"
77 #if LWIP_TCP_TIMESTAMPS
78 #include "lwip/sys.h"
79 #endif
80 
81 #include <string.h>
82 
83 #ifdef LWIP_HOOK_FILENAME
84 #include LWIP_HOOK_FILENAME
85 #endif
86 
87 /* Allow to add custom TCP header options by defining this hook */
88 #ifdef LWIP_HOOK_TCP_OUT_TCPOPT_LENGTH
89 #define LWIP_TCP_OPT_LENGTH_SEGMENT(flags, pcb) LWIP_HOOK_TCP_OUT_TCPOPT_LENGTH(pcb, LWIP_TCP_OPT_LENGTH(flags))
90 #else
91 #define LWIP_TCP_OPT_LENGTH_SEGMENT(flags, pcb) LWIP_TCP_OPT_LENGTH(flags)
92 #endif
93 
94 /* Define some copy-macros for checksum-on-copy so that the code looks
95    nicer by preventing too many ifdef's. */
96 #if TCP_CHECKSUM_ON_COPY
97 #define TCP_DATA_COPY(dst, src, len, seg) do { \
98   tcp_seg_add_chksum(LWIP_CHKSUM_COPY(dst, src, len), \
99                      len, &seg->chksum, &seg->chksum_swapped); \
100   seg->flags |= TF_SEG_DATA_CHECKSUMMED; } while(0)
101 #define TCP_DATA_COPY2(dst, src, len, chksum, chksum_swapped)  \
102   tcp_seg_add_chksum(LWIP_CHKSUM_COPY(dst, src, len), len, chksum, chksum_swapped);
103 #else /* TCP_CHECKSUM_ON_COPY*/
104 #define TCP_DATA_COPY(dst, src, len, seg)                     MEMCPY(dst, src, len)
105 #define TCP_DATA_COPY2(dst, src, len, chksum, chksum_swapped) MEMCPY(dst, src, len)
106 #endif /* TCP_CHECKSUM_ON_COPY*/
107 
108 /** Define this to 1 for an extra check that the output checksum is valid
109  * (usefule when the checksum is generated by the application, not the stack) */
110 #ifndef TCP_CHECKSUM_ON_COPY_SANITY_CHECK
111 #define TCP_CHECKSUM_ON_COPY_SANITY_CHECK   0
112 #endif
113 /* Allow to override the failure of sanity check from warning to e.g. hard failure */
114 #if TCP_CHECKSUM_ON_COPY_SANITY_CHECK
115 #ifndef TCP_CHECKSUM_ON_COPY_SANITY_CHECK_FAIL
116 #define TCP_CHECKSUM_ON_COPY_SANITY_CHECK_FAIL(msg) LWIP_DEBUGF(TCP_DEBUG | LWIP_DBG_LEVEL_WARNING, msg)
117 #endif
118 #endif
119 
120 #if TCP_OVERSIZE
121 /** The size of segment pbufs created when TCP_OVERSIZE is enabled */
122 #ifndef TCP_OVERSIZE_CALC_LENGTH
123 #define TCP_OVERSIZE_CALC_LENGTH(length) ((length) + TCP_OVERSIZE)
124 #endif
125 #endif
126 
127 /* Forward declarations.*/
128 static err_t tcp_output_segment(struct tcp_seg *seg, struct tcp_pcb *pcb, struct netif *netif);
129 
130 /* tcp_route: common code that returns a fixed bound netif or calls ip_route */
131 static struct netif *
tcp_route(const struct tcp_pcb * pcb,const ip_addr_t * src,const ip_addr_t * dst)132 tcp_route(const struct tcp_pcb *pcb, const ip_addr_t *src, const ip_addr_t *dst)
133 {
134   LWIP_UNUSED_ARG(src); /* in case IPv4-only and source-based routing is disabled */
135 #ifdef LOSCFG_NET_CONTAINER
136   struct net_group *group = get_net_group_from_tcp_pcb(pcb);
137   LWIP_ERROR("tcp_route: invalid net group", group != NULL, return NULL);
138 #endif
139 
140   if ((pcb != NULL) && (pcb->netif_idx != NETIF_NO_INDEX)) {
141 #ifdef LOSCFG_NET_CONTAINER
142     return netif_get_by_index(pcb->netif_idx, group);
143 #else
144     return netif_get_by_index(pcb->netif_idx);
145 #endif
146   } else {
147 #ifdef LOSCFG_NET_CONTAINER
148     return ip_route(src, dst, group);
149 #else
150     return ip_route(src, dst);
151 #endif
152   }
153 }
154 
155 /**
156  * Create a TCP segment with prefilled header.
157  *
158  * Called by @ref tcp_write, @ref tcp_enqueue_flags and @ref tcp_split_unsent_seg
159  *
160  * @param pcb Protocol control block for the TCP connection.
161  * @param p pbuf that is used to hold the TCP header.
162  * @param hdrflags TCP flags for header.
163  * @param seqno TCP sequence number of this packet
164  * @param optflags options to include in TCP header
165  * @return a new tcp_seg pointing to p, or NULL.
166  * The TCP header is filled in except ackno and wnd.
167  * p is freed on failure.
168  */
169 static struct tcp_seg *
tcp_create_segment(const struct tcp_pcb * pcb,struct pbuf * p,u8_t hdrflags,u32_t seqno,u8_t optflags)170 tcp_create_segment(const struct tcp_pcb *pcb, struct pbuf *p, u8_t hdrflags, u32_t seqno, u8_t optflags)
171 {
172   struct tcp_seg *seg;
173   u8_t optlen;
174 
175   LWIP_ASSERT("tcp_create_segment: invalid pcb", pcb != NULL);
176   LWIP_ASSERT("tcp_create_segment: invalid pbuf", p != NULL);
177 
178   optlen = LWIP_TCP_OPT_LENGTH_SEGMENT(optflags, pcb);
179 
180   if ((seg = (struct tcp_seg *)memp_malloc(MEMP_TCP_SEG)) == NULL) {
181     LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("tcp_create_segment: no memory.\n"));
182     pbuf_free(p);
183     return NULL;
184   }
185   seg->flags = optflags;
186   seg->next = NULL;
187   seg->p = p;
188   LWIP_ASSERT("p->tot_len >= optlen", p->tot_len >= optlen);
189   seg->len = p->tot_len - optlen;
190 #if TCP_OVERSIZE_DBGCHECK
191   seg->oversize_left = 0;
192 #endif /* TCP_OVERSIZE_DBGCHECK */
193 #if TCP_CHECKSUM_ON_COPY
194   seg->chksum = 0;
195   seg->chksum_swapped = 0;
196   /* check optflags */
197   LWIP_ASSERT("invalid optflags passed: TF_SEG_DATA_CHECKSUMMED",
198               (optflags & TF_SEG_DATA_CHECKSUMMED) == 0);
199 #endif /* TCP_CHECKSUM_ON_COPY */
200 
201   /* build TCP header */
202   if (pbuf_add_header(p, TCP_HLEN)) {
203     LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("tcp_create_segment: no room for TCP header in pbuf.\n"));
204     TCP_STATS_INC(tcp.err);
205     tcp_seg_free(seg);
206     return NULL;
207   }
208   seg->tcphdr = (struct tcp_hdr *)seg->p->payload;
209   seg->tcphdr->src = lwip_htons(pcb->local_port);
210   seg->tcphdr->dest = lwip_htons(pcb->remote_port);
211   seg->tcphdr->seqno = lwip_htonl(seqno);
212   /* ackno is set in tcp_output */
213   TCPH_HDRLEN_FLAGS_SET(seg->tcphdr, (5 + optlen / 4), hdrflags);
214   /* wnd and chksum are set in tcp_output */
215   seg->tcphdr->urgp = 0;
216   return seg;
217 }
218 
219 /**
220  * Allocate a PBUF_RAM pbuf, perhaps with extra space at the end.
221  *
222  * This function is like pbuf_alloc(layer, length, PBUF_RAM) except
223  * there may be extra bytes available at the end.
224  *
225  * Called by @ref tcp_write
226  *
227  * @param layer flag to define header size.
228  * @param length size of the pbuf's payload.
229  * @param max_length maximum usable size of payload+oversize.
230  * @param oversize pointer to a u16_t that will receive the number of usable tail bytes.
231  * @param pcb The TCP connection that will enqueue the pbuf.
232  * @param apiflags API flags given to tcp_write.
233  * @param first_seg true when this pbuf will be used in the first enqueued segment.
234  */
235 #if TCP_OVERSIZE
236 static struct pbuf *
tcp_pbuf_prealloc(pbuf_layer layer,u16_t length,u16_t max_length,u16_t * oversize,const struct tcp_pcb * pcb,u8_t apiflags,u8_t first_seg)237 tcp_pbuf_prealloc(pbuf_layer layer, u16_t length, u16_t max_length,
238                   u16_t *oversize, const struct tcp_pcb *pcb, u8_t apiflags,
239                   u8_t first_seg)
240 {
241   struct pbuf *p;
242   u16_t alloc = length;
243 
244   LWIP_ASSERT("tcp_pbuf_prealloc: invalid oversize", oversize != NULL);
245   LWIP_ASSERT("tcp_pbuf_prealloc: invalid pcb", pcb != NULL);
246 
247 #if LWIP_NETIF_TX_SINGLE_PBUF
248   LWIP_UNUSED_ARG(max_length);
249   LWIP_UNUSED_ARG(pcb);
250   LWIP_UNUSED_ARG(apiflags);
251   LWIP_UNUSED_ARG(first_seg);
252   alloc = max_length;
253 #else /* LWIP_NETIF_TX_SINGLE_PBUF */
254   if (length < max_length) {
255     /* Should we allocate an oversized pbuf, or just the minimum
256      * length required? If tcp_write is going to be called again
257      * before this segment is transmitted, we want the oversized
258      * buffer. If the segment will be transmitted immediately, we can
259      * save memory by allocating only length. We use a simple
260      * heuristic based on the following information:
261      *
262      * Did the user set TCP_WRITE_FLAG_MORE?
263      *
264      * Will the Nagle algorithm defer transmission of this segment?
265      */
266     if ((apiflags & TCP_WRITE_FLAG_MORE) ||
267         (!(pcb->flags & TF_NODELAY) &&
268          (!first_seg ||
269           pcb->unsent != NULL ||
270           pcb->unacked != NULL))) {
271       alloc = LWIP_MIN(max_length, LWIP_MEM_ALIGN_SIZE(TCP_OVERSIZE_CALC_LENGTH(length)));
272     }
273   }
274 #endif /* LWIP_NETIF_TX_SINGLE_PBUF */
275   p = pbuf_alloc(layer, alloc, PBUF_RAM);
276   if (p == NULL) {
277     return NULL;
278   }
279   LWIP_ASSERT("need unchained pbuf", p->next == NULL);
280   *oversize = p->len - length;
281   /* trim p->len to the currently used size */
282   p->len = p->tot_len = length;
283   return p;
284 }
285 #else /* TCP_OVERSIZE */
286 #define tcp_pbuf_prealloc(layer, length, mx, os, pcb, api, fst) pbuf_alloc((layer), (length), PBUF_RAM)
287 #endif /* TCP_OVERSIZE */
288 
289 #if TCP_CHECKSUM_ON_COPY
290 /** Add a checksum of newly added data to the segment.
291  *
292  * Called by tcp_write and tcp_split_unsent_seg.
293  */
294 static void
tcp_seg_add_chksum(u16_t chksum,u16_t len,u16_t * seg_chksum,u8_t * seg_chksum_swapped)295 tcp_seg_add_chksum(u16_t chksum, u16_t len, u16_t *seg_chksum,
296                    u8_t *seg_chksum_swapped)
297 {
298   u32_t helper;
299   /* add chksum to old chksum and fold to u16_t */
300   helper = chksum + *seg_chksum;
301   chksum = FOLD_U32T(helper);
302   if ((len & 1) != 0) {
303     *seg_chksum_swapped = 1 - *seg_chksum_swapped;
304     chksum = SWAP_BYTES_IN_WORD(chksum);
305   }
306   *seg_chksum = chksum;
307 }
308 #endif /* TCP_CHECKSUM_ON_COPY */
309 
310 /** Checks if tcp_write is allowed or not (checks state, snd_buf and snd_queuelen).
311  *
312  * @param pcb the tcp pcb to check for
313  * @param len length of data to send (checked agains snd_buf)
314  * @return ERR_OK if tcp_write is allowed to proceed, another err_t otherwise
315  */
316 static err_t
tcp_write_checks(struct tcp_pcb * pcb,u16_t len)317 tcp_write_checks(struct tcp_pcb *pcb, u16_t len)
318 {
319   LWIP_ASSERT("tcp_write_checks: invalid pcb", pcb != NULL);
320 
321   /* connection is in invalid state for data transmission? */
322   if ((pcb->state != ESTABLISHED) &&
323       (pcb->state != CLOSE_WAIT) &&
324       (pcb->state != SYN_SENT) &&
325       (pcb->state != SYN_RCVD)) {
326     LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_STATE | LWIP_DBG_LEVEL_SEVERE, ("tcp_write() called in invalid state\n"));
327     return ERR_CONN;
328   } else if (len == 0) {
329     return ERR_OK;
330   }
331 
332   /* fail on too much data */
333   if (len > pcb->snd_buf) {
334     LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_LEVEL_SEVERE, ("tcp_write: too much data (len=%"U16_F" > snd_buf=%"TCPWNDSIZE_F")\n",
335                 len, pcb->snd_buf));
336     tcp_set_flags(pcb, TF_NAGLEMEMERR);
337     return ERR_MEM;
338   }
339 
340   LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_write: queuelen: %"TCPWNDSIZE_F"\n", (tcpwnd_size_t)pcb->snd_queuelen));
341 
342   /* If total number of pbufs on the unsent/unacked queues exceeds the
343    * configured maximum, return an error */
344   /* check for configured max queuelen and possible overflow */
345   if (pcb->snd_queuelen >= LWIP_MIN(TCP_SND_QUEUELEN, (TCP_SNDQUEUELEN_OVERFLOW + 1))) {
346     LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_LEVEL_SEVERE, ("tcp_write: too long queue %"U16_F" (max %"U16_F")\n",
347                 pcb->snd_queuelen, (u16_t)TCP_SND_QUEUELEN));
348     TCP_STATS_INC(tcp.memerr);
349     tcp_set_flags(pcb, TF_NAGLEMEMERR);
350     return ERR_MEM;
351   }
352   if (pcb->snd_queuelen != 0) {
353     LWIP_ASSERT("tcp_write: pbufs on queue => at least one queue non-empty",
354                 pcb->unacked != NULL || pcb->unsent != NULL);
355   } else {
356     LWIP_ASSERT("tcp_write: no pbufs on queue => both queues empty",
357                 pcb->unacked == NULL && pcb->unsent == NULL);
358   }
359   return ERR_OK;
360 }
361 
362 /**
363  * @ingroup tcp_raw
364  * Write data for sending (but does not send it immediately).
365  *
366  * It waits in the expectation of more data being sent soon (as
367  * it can send them more efficiently by combining them together).
368  * To prompt the system to send data now, call tcp_output() after
369  * calling tcp_write().
370  *
371  * This function enqueues the data pointed to by the argument dataptr. The length of
372  * the data is passed as the len parameter. The apiflags can be one or more of:
373  * - TCP_WRITE_FLAG_COPY: indicates whether the new memory should be allocated
374  *   for the data to be copied into. If this flag is not given, no new memory
375  *   should be allocated and the data should only be referenced by pointer. This
376  *   also means that the memory behind dataptr must not change until the data is
377  *   ACKed by the remote host
378  * - TCP_WRITE_FLAG_MORE: indicates that more data follows. If this is omitted,
379  *   the PSH flag is set in the last segment created by this call to tcp_write.
380  *   If this flag is given, the PSH flag is not set.
381  *
382  * The tcp_write() function will fail and return ERR_MEM if the length
383  * of the data exceeds the current send buffer size or if the length of
384  * the queue of outgoing segment is larger than the upper limit defined
385  * in lwipopts.h. The number of bytes available in the output queue can
386  * be retrieved with the tcp_sndbuf() function.
387  *
388  * The proper way to use this function is to call the function with at
389  * most tcp_sndbuf() bytes of data. If the function returns ERR_MEM,
390  * the application should wait until some of the currently enqueued
391  * data has been successfully received by the other host and try again.
392  *
393  * @param pcb Protocol control block for the TCP connection to enqueue data for.
394  * @param arg Pointer to the data to be enqueued for sending.
395  * @param len Data length in bytes
396  * @param apiflags combination of following flags :
397  * - TCP_WRITE_FLAG_COPY (0x01) data will be copied into memory belonging to the stack
398  * - TCP_WRITE_FLAG_MORE (0x02) for TCP connection, PSH flag will not be set on last segment sent,
399  * @return ERR_OK if enqueued, another err_t on error
400  */
401 err_t
tcp_write(struct tcp_pcb * pcb,const void * arg,u16_t len,u8_t apiflags)402 tcp_write(struct tcp_pcb *pcb, const void *arg, u16_t len, u8_t apiflags)
403 {
404   struct pbuf *concat_p = NULL;
405   struct tcp_seg *last_unsent = NULL, *seg = NULL, *prev_seg = NULL, *queue = NULL;
406   u16_t pos = 0; /* position in 'arg' data */
407   u16_t queuelen;
408   u8_t optlen;
409   u8_t optflags = 0;
410 #if TCP_OVERSIZE
411   u16_t oversize = 0;
412   u16_t oversize_used = 0;
413 #if TCP_OVERSIZE_DBGCHECK
414   u16_t oversize_add = 0;
415 #endif /* TCP_OVERSIZE_DBGCHECK*/
416 #endif /* TCP_OVERSIZE */
417   u16_t extendlen = 0;
418 #if TCP_CHECKSUM_ON_COPY
419   u16_t concat_chksum = 0;
420   u8_t concat_chksum_swapped = 0;
421   u16_t concat_chksummed = 0;
422 #endif /* TCP_CHECKSUM_ON_COPY */
423   err_t err;
424   u16_t mss_local;
425 
426   LWIP_ERROR("tcp_write: invalid pcb", pcb != NULL, return ERR_ARG);
427 
428   /* don't allocate segments bigger than half the maximum window we ever received */
429   mss_local = LWIP_MIN(pcb->mss, TCPWND_MIN16(pcb->snd_wnd_max / 2));
430   mss_local = mss_local ? mss_local : pcb->mss;
431 
432   LWIP_ASSERT_CORE_LOCKED();
433 
434 #if LWIP_NETIF_TX_SINGLE_PBUF
435   /* Always copy to try to create single pbufs for TX */
436   apiflags |= TCP_WRITE_FLAG_COPY;
437 #endif /* LWIP_NETIF_TX_SINGLE_PBUF */
438 
439   LWIP_DEBUGF(TCP_OUTPUT_DEBUG, ("tcp_write(pcb=%p, data=%p, len=%"U16_F", apiflags=%"U16_F")\n",
440                                  (void *)pcb, arg, len, (u16_t)apiflags));
441   LWIP_ERROR("tcp_write: arg == NULL (programmer violates API)",
442              arg != NULL, return ERR_ARG;);
443 
444   err = tcp_write_checks(pcb, len);
445   if (err != ERR_OK) {
446     return err;
447   }
448   queuelen = pcb->snd_queuelen;
449 
450 #if LWIP_TCP_TIMESTAMPS
451   if ((pcb->flags & TF_TIMESTAMP)) {
452     /* Make sure the timestamp option is only included in data segments if we
453        agreed about it with the remote host. */
454     optflags = TF_SEG_OPTS_TS;
455     optlen = LWIP_TCP_OPT_LENGTH_SEGMENT(TF_SEG_OPTS_TS, pcb);
456     /* ensure that segments can hold at least one data byte... */
457     mss_local = LWIP_MAX(mss_local, LWIP_TCP_OPT_LEN_TS + 1);
458   } else
459 #endif /* LWIP_TCP_TIMESTAMPS */
460   {
461     optlen = LWIP_TCP_OPT_LENGTH_SEGMENT(0, pcb);
462   }
463 
464 
465   /*
466    * TCP segmentation is done in three phases with increasing complexity:
467    *
468    * 1. Copy data directly into an oversized pbuf.
469    * 2. Chain a new pbuf to the end of pcb->unsent.
470    * 3. Create new segments.
471    *
472    * We may run out of memory at any point. In that case we must
473    * return ERR_MEM and not change anything in pcb. Therefore, all
474    * changes are recorded in local variables and committed at the end
475    * of the function. Some pcb fields are maintained in local copies:
476    *
477    * queuelen = pcb->snd_queuelen
478    * oversize = pcb->unsent_oversize
479    *
480    * These variables are set consistently by the phases:
481    *
482    * seg points to the last segment tampered with.
483    *
484    * pos records progress as data is segmented.
485    */
486 
487   /* Find the tail of the unsent queue. */
488   if (pcb->unsent != NULL) {
489     u16_t space;
490     u16_t unsent_optlen;
491 
492     /* @todo: this could be sped up by keeping last_unsent in the pcb */
493     for (last_unsent = pcb->unsent; last_unsent->next != NULL;
494          last_unsent = last_unsent->next);
495 
496     /* Usable space at the end of the last unsent segment */
497     unsent_optlen = LWIP_TCP_OPT_LENGTH_SEGMENT(last_unsent->flags, pcb);
498     LWIP_ASSERT("mss_local is too small", mss_local >= last_unsent->len + unsent_optlen);
499     space = mss_local - (last_unsent->len + unsent_optlen);
500 
501     /*
502      * Phase 1: Copy data directly into an oversized pbuf.
503      *
504      * The number of bytes copied is recorded in the oversize_used
505      * variable. The actual copying is done at the bottom of the
506      * function.
507      */
508 #if TCP_OVERSIZE
509 #if TCP_OVERSIZE_DBGCHECK
510     /* check that pcb->unsent_oversize matches last_unsent->oversize_left */
511     LWIP_ASSERT("unsent_oversize mismatch (pcb vs. last_unsent)",
512                 pcb->unsent_oversize == last_unsent->oversize_left);
513 #endif /* TCP_OVERSIZE_DBGCHECK */
514     oversize = pcb->unsent_oversize;
515     if (oversize > 0) {
516       LWIP_ASSERT("inconsistent oversize vs. space", oversize <= space);
517       seg = last_unsent;
518       oversize_used = LWIP_MIN(space, LWIP_MIN(oversize, len));
519       pos += oversize_used;
520       oversize -= oversize_used;
521       space -= oversize_used;
522     }
523     /* now we are either finished or oversize is zero */
524     LWIP_ASSERT("inconsistent oversize vs. len", (oversize == 0) || (pos == len));
525 #endif /* TCP_OVERSIZE */
526 
527 #if !LWIP_NETIF_TX_SINGLE_PBUF
528     /*
529      * Phase 2: Chain a new pbuf to the end of pcb->unsent.
530      *
531      * As an exception when NOT copying the data, if the given data buffer
532      * directly follows the last unsent data buffer in memory, extend the last
533      * ROM pbuf reference to the buffer, thus saving a ROM pbuf allocation.
534      *
535      * We don't extend segments containing SYN/FIN flags or options
536      * (len==0). The new pbuf is kept in concat_p and pbuf_cat'ed at
537      * the end.
538      *
539      * This phase is skipped for LWIP_NETIF_TX_SINGLE_PBUF as we could only execute
540      * it after rexmit puts a segment from unacked to unsent and at this point,
541      * oversize info is lost.
542      */
543     if ((pos < len) && (space > 0) && (last_unsent->len > 0)) {
544       u16_t seglen = LWIP_MIN(space, len - pos);
545       seg = last_unsent;
546 
547       /* Create a pbuf with a copy or reference to seglen bytes. We
548        * can use PBUF_RAW here since the data appears in the middle of
549        * a segment. A header will never be prepended. */
550       if (apiflags & TCP_WRITE_FLAG_COPY) {
551         /* Data is copied */
552         if ((concat_p = tcp_pbuf_prealloc(PBUF_RAW, seglen, space, &oversize, pcb, apiflags, 1)) == NULL) {
553           LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
554                       ("tcp_write : could not allocate memory for pbuf copy size %"U16_F"\n",
555                        seglen));
556           goto memerr;
557         }
558 #if TCP_OVERSIZE_DBGCHECK
559         oversize_add = oversize;
560 #endif /* TCP_OVERSIZE_DBGCHECK */
561         TCP_DATA_COPY2(concat_p->payload, (const u8_t *)arg + pos, seglen, &concat_chksum, &concat_chksum_swapped);
562 #if TCP_CHECKSUM_ON_COPY
563         concat_chksummed += seglen;
564 #endif /* TCP_CHECKSUM_ON_COPY */
565         queuelen += pbuf_clen(concat_p);
566       } else {
567         /* Data is not copied */
568         /* If the last unsent pbuf is of type PBUF_ROM, try to extend it. */
569         struct pbuf *p;
570         for (p = last_unsent->p; p->next != NULL; p = p->next);
571         if (((p->type_internal & (PBUF_TYPE_FLAG_STRUCT_DATA_CONTIGUOUS | PBUF_TYPE_FLAG_DATA_VOLATILE)) == 0) &&
572             (const u8_t *)p->payload + p->len == (const u8_t *)arg) {
573           LWIP_ASSERT("tcp_write: ROM pbufs cannot be oversized", pos == 0);
574           extendlen = seglen;
575         } else {
576           if ((concat_p = pbuf_alloc(PBUF_RAW, seglen, PBUF_ROM)) == NULL) {
577             LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
578                         ("tcp_write: could not allocate memory for zero-copy pbuf\n"));
579             goto memerr;
580           }
581           /* reference the non-volatile payload data */
582           ((struct pbuf_rom *)concat_p)->payload = (const u8_t *)arg + pos;
583           queuelen += pbuf_clen(concat_p);
584         }
585 #if TCP_CHECKSUM_ON_COPY
586         /* calculate the checksum of nocopy-data */
587         tcp_seg_add_chksum(~inet_chksum((const u8_t *)arg + pos, seglen), seglen,
588                            &concat_chksum, &concat_chksum_swapped);
589         concat_chksummed += seglen;
590 #endif /* TCP_CHECKSUM_ON_COPY */
591       }
592 
593       pos += seglen;
594     }
595 #endif /* !LWIP_NETIF_TX_SINGLE_PBUF */
596   } else {
597 #if TCP_OVERSIZE
598     LWIP_ASSERT("unsent_oversize mismatch (pcb->unsent is NULL)",
599                 pcb->unsent_oversize == 0);
600 #endif /* TCP_OVERSIZE */
601   }
602 
603   /*
604    * Phase 3: Create new segments.
605    *
606    * The new segments are chained together in the local 'queue'
607    * variable, ready to be appended to pcb->unsent.
608    */
609   while (pos < len) {
610     struct pbuf *p;
611     u16_t left = len - pos;
612     u16_t max_len = mss_local - optlen;
613     u16_t seglen = LWIP_MIN(left, max_len);
614 #if TCP_CHECKSUM_ON_COPY
615     u16_t chksum = 0;
616     u8_t chksum_swapped = 0;
617 #endif /* TCP_CHECKSUM_ON_COPY */
618 
619     if (apiflags & TCP_WRITE_FLAG_COPY) {
620       /* If copy is set, memory should be allocated and data copied
621        * into pbuf */
622       if ((p = tcp_pbuf_prealloc(PBUF_TRANSPORT, seglen + optlen, mss_local, &oversize, pcb, apiflags, queue == NULL)) == NULL) {
623         LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("tcp_write : could not allocate memory for pbuf copy size %"U16_F"\n", seglen));
624         goto memerr;
625       }
626       LWIP_ASSERT("tcp_write: check that first pbuf can hold the complete seglen",
627                   (p->len >= seglen));
628       TCP_DATA_COPY2((char *)p->payload + optlen, (const u8_t *)arg + pos, seglen, &chksum, &chksum_swapped);
629     } else {
630       /* Copy is not set: First allocate a pbuf for holding the data.
631        * Since the referenced data is available at least until it is
632        * sent out on the link (as it has to be ACKed by the remote
633        * party) we can safely use PBUF_ROM instead of PBUF_REF here.
634        */
635       struct pbuf *p2;
636 #if TCP_OVERSIZE
637       LWIP_ASSERT("oversize == 0", oversize == 0);
638 #endif /* TCP_OVERSIZE */
639       if ((p2 = pbuf_alloc(PBUF_TRANSPORT, seglen, PBUF_ROM)) == NULL) {
640         LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("tcp_write: could not allocate memory for zero-copy pbuf\n"));
641         goto memerr;
642       }
643 #if TCP_CHECKSUM_ON_COPY
644       /* calculate the checksum of nocopy-data */
645       chksum = ~inet_chksum((const u8_t *)arg + pos, seglen);
646       if (seglen & 1) {
647         chksum_swapped = 1;
648         chksum = SWAP_BYTES_IN_WORD(chksum);
649       }
650 #endif /* TCP_CHECKSUM_ON_COPY */
651       /* reference the non-volatile payload data */
652       ((struct pbuf_rom *)p2)->payload = (const u8_t *)arg + pos;
653 
654       /* Second, allocate a pbuf for the headers. */
655       if ((p = pbuf_alloc(PBUF_TRANSPORT, optlen, PBUF_RAM)) == NULL) {
656         /* If allocation fails, we have to deallocate the data pbuf as
657          * well. */
658         pbuf_free(p2);
659         LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("tcp_write: could not allocate memory for header pbuf\n"));
660         goto memerr;
661       }
662       /* Concatenate the headers and data pbufs together. */
663       pbuf_cat(p/*header*/, p2/*data*/);
664     }
665 
666     queuelen += pbuf_clen(p);
667 
668     /* Now that there are more segments queued, we check again if the
669      * length of the queue exceeds the configured maximum or
670      * overflows. */
671     if (queuelen > LWIP_MIN(TCP_SND_QUEUELEN, TCP_SNDQUEUELEN_OVERFLOW)) {
672       LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("tcp_write: queue too long %"U16_F" (%d)\n",
673                   queuelen, (int)TCP_SND_QUEUELEN));
674       pbuf_free(p);
675       goto memerr;
676     }
677 
678     if ((seg = tcp_create_segment(pcb, p, 0, pcb->snd_lbb + pos, optflags)) == NULL) {
679       goto memerr;
680     }
681 #if TCP_OVERSIZE_DBGCHECK
682     seg->oversize_left = oversize;
683 #endif /* TCP_OVERSIZE_DBGCHECK */
684 #if TCP_CHECKSUM_ON_COPY
685     seg->chksum = chksum;
686     seg->chksum_swapped = chksum_swapped;
687     seg->flags |= TF_SEG_DATA_CHECKSUMMED;
688 #endif /* TCP_CHECKSUM_ON_COPY */
689 
690     /* first segment of to-be-queued data? */
691     if (queue == NULL) {
692       queue = seg;
693     } else {
694       /* Attach the segment to the end of the queued segments */
695       LWIP_ASSERT("prev_seg != NULL", prev_seg != NULL);
696       prev_seg->next = seg;
697     }
698     /* remember last segment of to-be-queued data for next iteration */
699     prev_seg = seg;
700 
701     LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_TRACE, ("tcp_write: queueing %"U32_F":%"U32_F"\n",
702                 lwip_ntohl(seg->tcphdr->seqno),
703                 lwip_ntohl(seg->tcphdr->seqno) + TCP_TCPLEN(seg)));
704 
705     pos += seglen;
706   }
707 
708   /*
709    * All three segmentation phases were successful. We can commit the
710    * transaction.
711    */
712 #if TCP_OVERSIZE_DBGCHECK
713   if ((last_unsent != NULL) && (oversize_add != 0)) {
714     last_unsent->oversize_left += oversize_add;
715   }
716 #endif /* TCP_OVERSIZE_DBGCHECK */
717 
718   /*
719    * Phase 1: If data has been added to the preallocated tail of
720    * last_unsent, we update the length fields of the pbuf chain.
721    */
722 #if TCP_OVERSIZE
723   if (oversize_used > 0) {
724     struct pbuf *p;
725     /* Bump tot_len of whole chain, len of tail */
726     for (p = last_unsent->p; p; p = p->next) {
727       p->tot_len += oversize_used;
728       if (p->next == NULL) {
729         TCP_DATA_COPY((char *)p->payload + p->len, arg, oversize_used, last_unsent);
730         p->len += oversize_used;
731       }
732     }
733     last_unsent->len += oversize_used;
734 #if TCP_OVERSIZE_DBGCHECK
735     LWIP_ASSERT("last_unsent->oversize_left >= oversize_used",
736                 last_unsent->oversize_left >= oversize_used);
737     last_unsent->oversize_left -= oversize_used;
738 #endif /* TCP_OVERSIZE_DBGCHECK */
739   }
740   pcb->unsent_oversize = oversize;
741 #endif /* TCP_OVERSIZE */
742 
743   /*
744    * Phase 2: concat_p can be concatenated onto last_unsent->p, unless we
745    * determined that the last ROM pbuf can be extended to include the new data.
746    */
747   if (concat_p != NULL) {
748     LWIP_ASSERT("tcp_write: cannot concatenate when pcb->unsent is empty",
749                 (last_unsent != NULL));
750     pbuf_cat(last_unsent->p, concat_p);
751     last_unsent->len += concat_p->tot_len;
752   } else if (extendlen > 0) {
753     struct pbuf *p;
754     LWIP_ASSERT("tcp_write: extension of reference requires reference",
755                 last_unsent != NULL && last_unsent->p != NULL);
756     for (p = last_unsent->p; p->next != NULL; p = p->next) {
757       p->tot_len += extendlen;
758     }
759     p->tot_len += extendlen;
760     p->len += extendlen;
761     last_unsent->len += extendlen;
762   }
763 
764 #if TCP_CHECKSUM_ON_COPY
765   if (concat_chksummed) {
766     LWIP_ASSERT("tcp_write: concat checksum needs concatenated data",
767                 concat_p != NULL || extendlen > 0);
768     /*if concat checksumm swapped - swap it back */
769     if (concat_chksum_swapped) {
770       concat_chksum = SWAP_BYTES_IN_WORD(concat_chksum);
771     }
772     tcp_seg_add_chksum(concat_chksum, concat_chksummed, &last_unsent->chksum,
773                        &last_unsent->chksum_swapped);
774     last_unsent->flags |= TF_SEG_DATA_CHECKSUMMED;
775   }
776 #endif /* TCP_CHECKSUM_ON_COPY */
777 
778   /*
779    * Phase 3: Append queue to pcb->unsent. Queue may be NULL, but that
780    * is harmless
781    */
782   if (last_unsent == NULL) {
783     pcb->unsent = queue;
784   } else {
785     last_unsent->next = queue;
786   }
787 
788   /*
789    * Finally update the pcb state.
790    */
791   pcb->snd_lbb += len;
792   pcb->snd_buf -= len;
793   pcb->snd_queuelen = queuelen;
794 
795   LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_write: %"S16_F" (after enqueued)\n",
796                                pcb->snd_queuelen));
797   if (pcb->snd_queuelen != 0) {
798     LWIP_ASSERT("tcp_write: valid queue length",
799                 pcb->unacked != NULL || pcb->unsent != NULL);
800   }
801 
802   /* Set the PSH flag in the last segment that we enqueued. */
803   if (seg != NULL && seg->tcphdr != NULL && ((apiflags & TCP_WRITE_FLAG_MORE) == 0)) {
804     TCPH_SET_FLAG(seg->tcphdr, TCP_PSH);
805   }
806 
807   return ERR_OK;
808 memerr:
809   tcp_set_flags(pcb, TF_NAGLEMEMERR);
810   TCP_STATS_INC(tcp.memerr);
811 
812   if (concat_p != NULL) {
813     pbuf_free(concat_p);
814   }
815   if (queue != NULL) {
816     tcp_segs_free(queue);
817   }
818   if (pcb->snd_queuelen != 0) {
819     LWIP_ASSERT("tcp_write: valid queue length", pcb->unacked != NULL ||
820                 pcb->unsent != NULL);
821   }
822   LWIP_DEBUGF(TCP_QLEN_DEBUG | LWIP_DBG_STATE, ("tcp_write: %"S16_F" (with mem err)\n", pcb->snd_queuelen));
823   return ERR_MEM;
824 }
825 
826 /**
827  * Split segment on the head of the unsent queue.  If return is not
828  * ERR_OK, existing head remains intact
829  *
830  * The split is accomplished by creating a new TCP segment and pbuf
831  * which holds the remainder payload after the split.  The original
832  * pbuf is trimmed to new length.  This allows splitting of read-only
833  * pbufs
834  *
835  * @param pcb the tcp_pcb for which to split the unsent head
836  * @param split the amount of payload to remain in the head
837  */
838 err_t
tcp_split_unsent_seg(struct tcp_pcb * pcb,u16_t split)839 tcp_split_unsent_seg(struct tcp_pcb *pcb, u16_t split)
840 {
841   struct tcp_seg *seg = NULL, *useg = NULL;
842   struct pbuf *p = NULL;
843   u8_t optlen;
844   u8_t optflags;
845   u8_t split_flags;
846   u8_t remainder_flags;
847   u16_t remainder;
848   u16_t offset;
849 #if TCP_CHECKSUM_ON_COPY
850   u16_t chksum = 0;
851   u8_t chksum_swapped = 0;
852   struct pbuf *q;
853 #endif /* TCP_CHECKSUM_ON_COPY */
854 
855   LWIP_ASSERT("tcp_split_unsent_seg: invalid pcb", pcb != NULL);
856 
857   useg = pcb->unsent;
858   if (useg == NULL) {
859     return ERR_MEM;
860   }
861 
862   if (split == 0) {
863     LWIP_ASSERT("Can't split segment into length 0", 0);
864     return ERR_VAL;
865   }
866 
867   if (useg->len <= split) {
868     return ERR_OK;
869   }
870 
871   LWIP_ASSERT("split <= mss", split <= pcb->mss);
872   LWIP_ASSERT("useg->len > 0", useg->len > 0);
873 
874   /* We should check that we don't exceed TCP_SND_QUEUELEN but we need
875    * to split this packet so we may actually exceed the max value by
876    * one!
877    */
878   LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_enqueue: split_unsent_seg: %u\n", (unsigned int)pcb->snd_queuelen));
879 
880   optflags = useg->flags;
881 #if TCP_CHECKSUM_ON_COPY
882   /* Remove since checksum is not stored until after tcp_create_segment() */
883   optflags &= ~TF_SEG_DATA_CHECKSUMMED;
884 #endif /* TCP_CHECKSUM_ON_COPY */
885   optlen = LWIP_TCP_OPT_LENGTH(optflags);
886   remainder = useg->len - split;
887 
888   /* Create new pbuf for the remainder of the split */
889   p = pbuf_alloc(PBUF_TRANSPORT, remainder + optlen, PBUF_RAM);
890   if (p == NULL) {
891     LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
892                 ("tcp_split_unsent_seg: could not allocate memory for pbuf remainder %u\n", remainder));
893     goto memerr;
894   }
895 
896   /* Offset into the original pbuf is past TCP/IP headers, options, and split amount */
897   offset = useg->p->tot_len - useg->len + split;
898   /* Copy remainder into new pbuf, headers and options will not be filled out */
899   if (pbuf_copy_partial(useg->p, (u8_t *)p->payload + optlen, remainder, offset ) != remainder) {
900     LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
901                 ("tcp_split_unsent_seg: could not copy pbuf remainder %u\n", remainder));
902     goto memerr;
903   }
904 #if TCP_CHECKSUM_ON_COPY
905   /* calculate the checksum on remainder data */
906   tcp_seg_add_chksum(~inet_chksum((const u8_t *)p->payload + optlen, remainder), remainder,
907                      &chksum, &chksum_swapped);
908 #endif /* TCP_CHECKSUM_ON_COPY */
909 
910   /* Options are created when calling tcp_output() */
911 
912   /* Migrate flags from original segment */
913   split_flags = TCPH_FLAGS(useg->tcphdr);
914   remainder_flags = 0; /* ACK added in tcp_output() */
915 
916   if (split_flags & TCP_PSH) {
917     split_flags &= ~TCP_PSH;
918     remainder_flags |= TCP_PSH;
919   }
920   if (split_flags & TCP_FIN) {
921     split_flags &= ~TCP_FIN;
922     remainder_flags |= TCP_FIN;
923   }
924   /* SYN should be left on split, RST should not be present with data */
925 
926   seg = tcp_create_segment(pcb, p, remainder_flags, lwip_ntohl(useg->tcphdr->seqno) + split, optflags);
927   if (seg == NULL) {
928     p = NULL; /* Freed by tcp_create_segment */
929     LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_LEVEL_SERIOUS,
930                 ("tcp_split_unsent_seg: could not create new TCP segment\n"));
931     goto memerr;
932   }
933 
934 #if TCP_CHECKSUM_ON_COPY
935   seg->chksum = chksum;
936   seg->chksum_swapped = chksum_swapped;
937   seg->flags |= TF_SEG_DATA_CHECKSUMMED;
938 #endif /* TCP_CHECKSUM_ON_COPY */
939 
940   /* Remove this segment from the queue since trimming it may free pbufs */
941   pcb->snd_queuelen -= pbuf_clen(useg->p);
942 
943   /* Trim the original pbuf into our split size.  At this point our remainder segment must be setup
944   successfully because we are modifying the original segment */
945   pbuf_realloc(useg->p, useg->p->tot_len - remainder);
946   useg->len -= remainder;
947   TCPH_SET_FLAG(useg->tcphdr, split_flags);
948 #if TCP_OVERSIZE_DBGCHECK
949   /* By trimming, realloc may have actually shrunk the pbuf, so clear oversize_left */
950   useg->oversize_left = 0;
951 #endif /* TCP_OVERSIZE_DBGCHECK */
952 
953   /* Add back to the queue with new trimmed pbuf */
954   pcb->snd_queuelen += pbuf_clen(useg->p);
955 
956 #if TCP_CHECKSUM_ON_COPY
957   /* The checksum on the split segment is now incorrect. We need to re-run it over the split */
958   useg->chksum = 0;
959   useg->chksum_swapped = 0;
960   q = useg->p;
961   offset = q->tot_len - useg->len; /* Offset due to exposed headers */
962 
963   /* Advance to the pbuf where the offset ends */
964   while (q != NULL && offset > q->len) {
965     offset -= q->len;
966     q = q->next;
967   }
968   LWIP_ASSERT("Found start of payload pbuf", q != NULL);
969   /* Checksum the first payload pbuf accounting for offset, then other pbufs are all payload */
970   for (; q != NULL; offset = 0, q = q->next) {
971     tcp_seg_add_chksum(~inet_chksum((const u8_t *)q->payload + offset, q->len - offset), q->len - offset,
972                        &useg->chksum, &useg->chksum_swapped);
973   }
974 #endif /* TCP_CHECKSUM_ON_COPY */
975 
976   /* Update number of segments on the queues. Note that length now may
977    * exceed TCP_SND_QUEUELEN! We don't have to touch pcb->snd_buf
978    * because the total amount of data is constant when packet is split */
979   pcb->snd_queuelen += pbuf_clen(seg->p);
980 
981   /* Finally insert remainder into queue after split (which stays head) */
982   seg->next = useg->next;
983   useg->next = seg;
984 
985 #if TCP_OVERSIZE
986   /* If remainder is last segment on the unsent, ensure we clear the oversize amount
987    * because the remainder is always sized to the exact remaining amount */
988   if (seg->next == NULL) {
989     pcb->unsent_oversize = 0;
990   }
991 #endif /* TCP_OVERSIZE */
992 
993   return ERR_OK;
994 memerr:
995   TCP_STATS_INC(tcp.memerr);
996 
997   LWIP_ASSERT("seg == NULL", seg == NULL);
998   if (p != NULL) {
999     pbuf_free(p);
1000   }
1001 
1002   return ERR_MEM;
1003 }
1004 
1005 /**
1006  * Called by tcp_close() to send a segment including FIN flag but not data.
1007  * This FIN may be added to an existing segment or a new, otherwise empty
1008  * segment is enqueued.
1009  *
1010  * @param pcb the tcp_pcb over which to send a segment
1011  * @return ERR_OK if sent, another err_t otherwise
1012  */
1013 err_t
tcp_send_fin(struct tcp_pcb * pcb)1014 tcp_send_fin(struct tcp_pcb *pcb)
1015 {
1016   LWIP_ASSERT("tcp_send_fin: invalid pcb", pcb != NULL);
1017 
1018   /* first, try to add the fin to the last unsent segment */
1019   if (pcb->unsent != NULL) {
1020     struct tcp_seg *last_unsent;
1021     for (last_unsent = pcb->unsent; last_unsent->next != NULL;
1022          last_unsent = last_unsent->next);
1023 
1024     if ((TCPH_FLAGS(last_unsent->tcphdr) & (TCP_SYN | TCP_FIN | TCP_RST)) == 0) {
1025       /* no SYN/FIN/RST flag in the header, we can add the FIN flag */
1026       TCPH_SET_FLAG(last_unsent->tcphdr, TCP_FIN);
1027       tcp_set_flags(pcb, TF_FIN);
1028       return ERR_OK;
1029     }
1030   }
1031   /* no data, no length, flags, copy=1, no optdata */
1032   return tcp_enqueue_flags(pcb, TCP_FIN);
1033 }
1034 
1035 /**
1036  * Enqueue SYN or FIN for transmission.
1037  *
1038  * Called by @ref tcp_connect, tcp_listen_input, and @ref tcp_close
1039  * (via @ref tcp_send_fin)
1040  *
1041  * @param pcb Protocol control block for the TCP connection.
1042  * @param flags TCP header flags to set in the outgoing segment.
1043  */
1044 err_t
tcp_enqueue_flags(struct tcp_pcb * pcb,u8_t flags)1045 tcp_enqueue_flags(struct tcp_pcb *pcb, u8_t flags)
1046 {
1047   struct pbuf *p;
1048   struct tcp_seg *seg;
1049   u8_t optflags = 0;
1050   u8_t optlen = 0;
1051 
1052   LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_enqueue_flags: queuelen: %"U16_F"\n", (u16_t)pcb->snd_queuelen));
1053 
1054   LWIP_ASSERT("tcp_enqueue_flags: need either TCP_SYN or TCP_FIN in flags (programmer violates API)",
1055               (flags & (TCP_SYN | TCP_FIN)) != 0);
1056   LWIP_ASSERT("tcp_enqueue_flags: invalid pcb", pcb != NULL);
1057 
1058   /* No need to check pcb->snd_queuelen if only SYN or FIN are allowed! */
1059 
1060   /* Get options for this segment. This is a special case since this is the
1061      only place where a SYN can be sent. */
1062   if (flags & TCP_SYN) {
1063     optflags = TF_SEG_OPTS_MSS;
1064 #if LWIP_WND_SCALE
1065     if ((pcb->state != SYN_RCVD) || (pcb->flags & TF_WND_SCALE)) {
1066       /* In a <SYN,ACK> (sent in state SYN_RCVD), the window scale option may only
1067          be sent if we received a window scale option from the remote host. */
1068       optflags |= TF_SEG_OPTS_WND_SCALE;
1069     }
1070 #endif /* LWIP_WND_SCALE */
1071 #if LWIP_TCP_SACK_OUT
1072     if ((pcb->state != SYN_RCVD) || (pcb->flags & TF_SACK)) {
1073       /* In a <SYN,ACK> (sent in state SYN_RCVD), the SACK_PERM option may only
1074          be sent if we received a SACK_PERM option from the remote host. */
1075       optflags |= TF_SEG_OPTS_SACK_PERM;
1076     }
1077 #endif /* LWIP_TCP_SACK_OUT */
1078   }
1079 #if LWIP_TCP_TIMESTAMPS
1080   if ((pcb->flags & TF_TIMESTAMP) || ((flags & TCP_SYN) && (pcb->state != SYN_RCVD))) {
1081     /* Make sure the timestamp option is only included in data segments if we
1082        agreed about it with the remote host (and in active open SYN segments). */
1083     optflags |= TF_SEG_OPTS_TS;
1084   }
1085 #endif /* LWIP_TCP_TIMESTAMPS */
1086   optlen = LWIP_TCP_OPT_LENGTH_SEGMENT(optflags, pcb);
1087 
1088   /* Allocate pbuf with room for TCP header + options */
1089   if ((p = pbuf_alloc(PBUF_TRANSPORT, optlen, PBUF_RAM)) == NULL) {
1090     tcp_set_flags(pcb, TF_NAGLEMEMERR);
1091     TCP_STATS_INC(tcp.memerr);
1092     return ERR_MEM;
1093   }
1094   LWIP_ASSERT("tcp_enqueue_flags: check that first pbuf can hold optlen",
1095               (p->len >= optlen));
1096 
1097   /* Allocate memory for tcp_seg, and fill in fields. */
1098   if ((seg = tcp_create_segment(pcb, p, flags, pcb->snd_lbb, optflags)) == NULL) {
1099     tcp_set_flags(pcb, TF_NAGLEMEMERR);
1100     TCP_STATS_INC(tcp.memerr);
1101     return ERR_MEM;
1102   }
1103   LWIP_ASSERT("seg->tcphdr not aligned", ((mem_ptr_t)seg->tcphdr % LWIP_MIN(MEM_ALIGNMENT, 4)) == 0);
1104   LWIP_ASSERT("tcp_enqueue_flags: invalid segment length", seg->len == 0);
1105 
1106   LWIP_DEBUGF(TCP_OUTPUT_DEBUG | LWIP_DBG_TRACE,
1107               ("tcp_enqueue_flags: queueing %"U32_F":%"U32_F" (0x%"X16_F")\n",
1108                lwip_ntohl(seg->tcphdr->seqno),
1109                lwip_ntohl(seg->tcphdr->seqno) + TCP_TCPLEN(seg),
1110                (u16_t)flags));
1111 
1112   /* Now append seg to pcb->unsent queue */
1113   if (pcb->unsent == NULL) {
1114     pcb->unsent = seg;
1115   } else {
1116     struct tcp_seg *useg;
1117     for (useg = pcb->unsent; useg->next != NULL; useg = useg->next);
1118     useg->next = seg;
1119   }
1120 #if TCP_OVERSIZE
1121   /* The new unsent tail has no space */
1122   pcb->unsent_oversize = 0;
1123 #endif /* TCP_OVERSIZE */
1124 
1125   /* SYN and FIN bump the sequence number */
1126   if ((flags & TCP_SYN) || (flags & TCP_FIN)) {
1127     pcb->snd_lbb++;
1128     /* optlen does not influence snd_buf */
1129   }
1130   if (flags & TCP_FIN) {
1131     tcp_set_flags(pcb, TF_FIN);
1132   }
1133 
1134   /* update number of segments on the queues */
1135   pcb->snd_queuelen += pbuf_clen(seg->p);
1136   LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_enqueue_flags: %"S16_F" (after enqueued)\n", pcb->snd_queuelen));
1137   if (pcb->snd_queuelen != 0) {
1138     LWIP_ASSERT("tcp_enqueue_flags: invalid queue length",
1139                 pcb->unacked != NULL || pcb->unsent != NULL);
1140   }
1141 
1142   return ERR_OK;
1143 }
1144 
1145 #if LWIP_TCP_TIMESTAMPS
1146 /* Build a timestamp option (12 bytes long) at the specified options pointer)
1147  *
1148  * @param pcb tcp_pcb
1149  * @param opts option pointer where to store the timestamp option
1150  */
1151 static void
tcp_build_timestamp_option(const struct tcp_pcb * pcb,u32_t * opts)1152 tcp_build_timestamp_option(const struct tcp_pcb *pcb, u32_t *opts)
1153 {
1154   LWIP_ASSERT("tcp_build_timestamp_option: invalid pcb", pcb != NULL);
1155 
1156   /* Pad with two NOP options to make everything nicely aligned */
1157   opts[0] = PP_HTONL(0x0101080A);
1158   opts[1] = lwip_htonl(sys_now());
1159   opts[2] = lwip_htonl(pcb->ts_recent);
1160 }
1161 #endif
1162 
1163 #if LWIP_TCP_SACK_OUT
1164 /**
1165  * Calculates the number of SACK entries that should be generated.
1166  * It takes into account whether TF_SACK flag is set,
1167  * the number of SACK entries in tcp_pcb that are valid,
1168  * as well as the available options size.
1169  *
1170  * @param pcb tcp_pcb
1171  * @param optlen the length of other TCP options (in bytes)
1172  * @return the number of SACK ranges that can be used
1173  */
1174 static u8_t
tcp_get_num_sacks(const struct tcp_pcb * pcb,u8_t optlen)1175 tcp_get_num_sacks(const struct tcp_pcb *pcb, u8_t optlen)
1176 {
1177   u8_t num_sacks = 0;
1178 
1179   LWIP_ASSERT("tcp_get_num_sacks: invalid pcb", pcb != NULL);
1180 
1181   if (pcb->flags & TF_SACK) {
1182     u8_t i;
1183 
1184     /* The first SACK takes up 12 bytes (it includes SACK header and two NOP options),
1185        each additional one - 8 bytes. */
1186     optlen += 12;
1187 
1188     /* Max options size = 40, number of SACK array entries = LWIP_TCP_MAX_SACK_NUM */
1189     for (i = 0; (i < LWIP_TCP_MAX_SACK_NUM) && (optlen <= TCP_MAX_OPTION_BYTES) &&
1190          LWIP_TCP_SACK_VALID(pcb, i); ++i) {
1191       ++num_sacks;
1192       optlen += 8;
1193     }
1194   }
1195 
1196   return num_sacks;
1197 }
1198 
1199 /** Build a SACK option (12 or more bytes long) at the specified options pointer)
1200  *
1201  * @param pcb tcp_pcb
1202  * @param opts option pointer where to store the SACK option
1203  * @param num_sacks the number of SACKs to store
1204  */
1205 static void
tcp_build_sack_option(const struct tcp_pcb * pcb,u32_t * opts,u8_t num_sacks)1206 tcp_build_sack_option(const struct tcp_pcb *pcb, u32_t *opts, u8_t num_sacks)
1207 {
1208   u8_t i;
1209 
1210   LWIP_ASSERT("tcp_build_sack_option: invalid pcb", pcb != NULL);
1211   LWIP_ASSERT("tcp_build_sack_option: invalid opts", opts != NULL);
1212 
1213   /* Pad with two NOP options to make everything nicely aligned.
1214      We add the length (of just the SACK option, not the NOPs in front of it),
1215      which is 2B of header, plus 8B for each SACK. */
1216   *(opts++) = PP_HTONL(0x01010500 + 2 + num_sacks * 8);
1217 
1218   for (i = 0; i < num_sacks; ++i) {
1219     *(opts++) = lwip_htonl(pcb->rcv_sacks[i].left);
1220     *(opts++) = lwip_htonl(pcb->rcv_sacks[i].right);
1221   }
1222 }
1223 
1224 #endif
1225 
1226 #if LWIP_WND_SCALE
1227 /** Build a window scale option (3 bytes long) at the specified options pointer)
1228  *
1229  * @param opts option pointer where to store the window scale option
1230  */
1231 static void
tcp_build_wnd_scale_option(u32_t * opts)1232 tcp_build_wnd_scale_option(u32_t *opts)
1233 {
1234   LWIP_ASSERT("tcp_build_wnd_scale_option: invalid opts", opts != NULL);
1235 
1236   /* Pad with one NOP option to make everything nicely aligned */
1237   opts[0] = PP_HTONL(0x01030300 | TCP_RCV_SCALE);
1238 }
1239 #endif
1240 
1241 /**
1242  * @ingroup tcp_raw
1243  * Find out what we can send and send it
1244  *
1245  * @param pcb Protocol control block for the TCP connection to send data
1246  * @return ERR_OK if data has been sent or nothing to send
1247  *         another err_t on error
1248  */
1249 err_t
tcp_output(struct tcp_pcb * pcb)1250 tcp_output(struct tcp_pcb *pcb)
1251 {
1252   struct tcp_seg *seg, *useg;
1253   u32_t wnd, snd_nxt;
1254   err_t err;
1255   struct netif *netif;
1256 #if TCP_CWND_DEBUG
1257   s16_t i = 0;
1258 #endif /* TCP_CWND_DEBUG */
1259 
1260   LWIP_ASSERT_CORE_LOCKED();
1261 
1262   LWIP_ASSERT("tcp_output: invalid pcb", pcb != NULL);
1263   /* pcb->state LISTEN not allowed here */
1264   LWIP_ASSERT("don't call tcp_output for listen-pcbs",
1265               pcb->state != LISTEN);
1266 
1267   /* First, check if we are invoked by the TCP input processing
1268      code. If so, we do not output anything. Instead, we rely on the
1269      input processing code to call us when input processing is done
1270      with. */
1271   if (tcp_input_pcb == pcb) {
1272     return ERR_OK;
1273   }
1274 
1275   wnd = LWIP_MIN(pcb->snd_wnd, pcb->cwnd);
1276 
1277   seg = pcb->unsent;
1278 
1279   if (seg == NULL) {
1280     LWIP_DEBUGF(TCP_OUTPUT_DEBUG, ("tcp_output: nothing to send (%p)\n",
1281                                    (void *)pcb->unsent));
1282     LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_output: snd_wnd %"TCPWNDSIZE_F
1283                                  ", cwnd %"TCPWNDSIZE_F", wnd %"U32_F
1284                                  ", seg == NULL, ack %"U32_F"\n",
1285                                  pcb->snd_wnd, pcb->cwnd, wnd, pcb->lastack));
1286 
1287     /* If the TF_ACK_NOW flag is set and the ->unsent queue is empty, construct
1288      * an empty ACK segment and send it. */
1289     if (pcb->flags & TF_ACK_NOW) {
1290       return tcp_send_empty_ack(pcb);
1291     }
1292     /* nothing to send: shortcut out of here */
1293     goto output_done;
1294   } else {
1295     LWIP_DEBUGF(TCP_CWND_DEBUG,
1296                 ("tcp_output: snd_wnd %"TCPWNDSIZE_F", cwnd %"TCPWNDSIZE_F", wnd %"U32_F
1297                  ", effwnd %"U32_F", seq %"U32_F", ack %"U32_F"\n",
1298                  pcb->snd_wnd, pcb->cwnd, wnd,
1299                  lwip_ntohl(seg->tcphdr->seqno) - pcb->lastack + seg->len,
1300                  lwip_ntohl(seg->tcphdr->seqno), pcb->lastack));
1301   }
1302 
1303   netif = tcp_route(pcb, &pcb->local_ip, &pcb->remote_ip);
1304   if (netif == NULL) {
1305     return ERR_RTE;
1306   }
1307 
1308   /* If we don't have a local IP address, we get one from netif */
1309   if (ip_addr_isany(&pcb->local_ip)) {
1310     const ip_addr_t *local_ip = ip_netif_get_local_ip(netif, &pcb->remote_ip);
1311     if (local_ip == NULL) {
1312       return ERR_RTE;
1313     }
1314     ip_addr_copy(pcb->local_ip, *local_ip);
1315   }
1316 
1317   /* Handle the current segment not fitting within the window */
1318   if (lwip_ntohl(seg->tcphdr->seqno) - pcb->lastack + seg->len > wnd) {
1319     /* We need to start the persistent timer when the next unsent segment does not fit
1320      * within the remaining (could be 0) send window and RTO timer is not running (we
1321      * have no in-flight data). If window is still too small after persist timer fires,
1322      * then we split the segment. We don't consider the congestion window since a cwnd
1323      * smaller than 1 SMSS implies in-flight data
1324      */
1325     if (wnd == pcb->snd_wnd && pcb->unacked == NULL && pcb->persist_backoff == 0) {
1326       pcb->persist_cnt = 0;
1327       pcb->persist_backoff = 1;
1328       pcb->persist_probe = 0;
1329     }
1330     /* We need an ACK, but can't send data now, so send an empty ACK */
1331     if (pcb->flags & TF_ACK_NOW) {
1332       return tcp_send_empty_ack(pcb);
1333     }
1334     goto output_done;
1335   }
1336   /* Stop persist timer, above conditions are not active */
1337   pcb->persist_backoff = 0;
1338 
1339   /* useg should point to last segment on unacked queue */
1340   useg = pcb->unacked;
1341   if (useg != NULL) {
1342     for (; useg->next != NULL; useg = useg->next);
1343   }
1344   /* data available and window allows it to be sent? */
1345   while (seg != NULL &&
1346          lwip_ntohl(seg->tcphdr->seqno) - pcb->lastack + seg->len <= wnd) {
1347     LWIP_ASSERT("RST not expected here!",
1348                 (TCPH_FLAGS(seg->tcphdr) & TCP_RST) == 0);
1349     /* Stop sending if the nagle algorithm would prevent it
1350      * Don't stop:
1351      * - if tcp_write had a memory error before (prevent delayed ACK timeout) or
1352      * - if FIN was already enqueued for this PCB (SYN is always alone in a segment -
1353      *   either seg->next != NULL or pcb->unacked == NULL;
1354      *   RST is no sent using tcp_write/tcp_output.
1355      */
1356     if ((tcp_do_output_nagle(pcb) == 0) &&
1357         ((pcb->flags & (TF_NAGLEMEMERR | TF_FIN)) == 0)) {
1358       break;
1359     }
1360 #if TCP_CWND_DEBUG
1361     LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_output: snd_wnd %"TCPWNDSIZE_F", cwnd %"TCPWNDSIZE_F", wnd %"U32_F", effwnd %"U32_F", seq %"U32_F", ack %"U32_F", i %"S16_F"\n",
1362                                  pcb->snd_wnd, pcb->cwnd, wnd,
1363                                  lwip_ntohl(seg->tcphdr->seqno) + seg->len -
1364                                  pcb->lastack,
1365                                  lwip_ntohl(seg->tcphdr->seqno), pcb->lastack, i));
1366     ++i;
1367 #endif /* TCP_CWND_DEBUG */
1368 
1369     if (pcb->state != SYN_SENT) {
1370       TCPH_SET_FLAG(seg->tcphdr, TCP_ACK);
1371     }
1372 
1373     err = tcp_output_segment(seg, pcb, netif);
1374     if (err != ERR_OK) {
1375       /* segment could not be sent, for whatever reason */
1376       tcp_set_flags(pcb, TF_NAGLEMEMERR);
1377       return err;
1378     }
1379 #if TCP_OVERSIZE_DBGCHECK
1380     seg->oversize_left = 0;
1381 #endif /* TCP_OVERSIZE_DBGCHECK */
1382     pcb->unsent = seg->next;
1383     if (pcb->state != SYN_SENT) {
1384       tcp_clear_flags(pcb, TF_ACK_DELAY | TF_ACK_NOW);
1385     }
1386     snd_nxt = lwip_ntohl(seg->tcphdr->seqno) + TCP_TCPLEN(seg);
1387     if (TCP_SEQ_LT(pcb->snd_nxt, snd_nxt)) {
1388       pcb->snd_nxt = snd_nxt;
1389     }
1390     /* put segment on unacknowledged list if length > 0 */
1391     if (TCP_TCPLEN(seg) > 0) {
1392       seg->next = NULL;
1393       /* unacked list is empty? */
1394       if (pcb->unacked == NULL) {
1395         pcb->unacked = seg;
1396         useg = seg;
1397         /* unacked list is not empty? */
1398       } else {
1399         /* In the case of fast retransmit, the packet should not go to the tail
1400          * of the unacked queue, but rather somewhere before it. We need to check for
1401          * this case. -STJ Jul 27, 2004 */
1402         if (TCP_SEQ_LT(lwip_ntohl(seg->tcphdr->seqno), lwip_ntohl(useg->tcphdr->seqno))) {
1403           /* add segment to before tail of unacked list, keeping the list sorted */
1404           struct tcp_seg **cur_seg = &(pcb->unacked);
1405           while (*cur_seg &&
1406                  TCP_SEQ_LT(lwip_ntohl((*cur_seg)->tcphdr->seqno), lwip_ntohl(seg->tcphdr->seqno))) {
1407             cur_seg = &((*cur_seg)->next );
1408           }
1409           seg->next = (*cur_seg);
1410           (*cur_seg) = seg;
1411         } else {
1412           /* add segment to tail of unacked list */
1413           useg->next = seg;
1414           useg = useg->next;
1415         }
1416       }
1417       /* do not queue empty segments on the unacked list */
1418     } else {
1419       tcp_seg_free(seg);
1420     }
1421     seg = pcb->unsent;
1422   }
1423 #if TCP_OVERSIZE
1424   if (pcb->unsent == NULL) {
1425     /* last unsent has been removed, reset unsent_oversize */
1426     pcb->unsent_oversize = 0;
1427   }
1428 #endif /* TCP_OVERSIZE */
1429 
1430 output_done:
1431   tcp_clear_flags(pcb, TF_NAGLEMEMERR);
1432   return ERR_OK;
1433 }
1434 
1435 /** Check if a segment's pbufs are used by someone else than TCP.
1436  * This can happen on retransmission if the pbuf of this segment is still
1437  * referenced by the netif driver due to deferred transmission.
1438  * This is the case (only!) if someone down the TX call path called
1439  * pbuf_ref() on one of the pbufs!
1440  *
1441  * @arg seg the tcp segment to check
1442  * @return 1 if ref != 1, 0 if ref == 1
1443  */
1444 static int
tcp_output_segment_busy(const struct tcp_seg * seg)1445 tcp_output_segment_busy(const struct tcp_seg *seg)
1446 {
1447   LWIP_ASSERT("tcp_output_segment_busy: invalid seg", seg != NULL);
1448 
1449   /* We only need to check the first pbuf here:
1450      If a pbuf is queued for transmission, a driver calls pbuf_ref(),
1451      which only changes the ref count of the first pbuf */
1452   if (seg->p->ref != 1) {
1453     /* other reference found */
1454     return 1;
1455   }
1456   /* no other references found */
1457   return 0;
1458 }
1459 
1460 /**
1461  * Called by tcp_output() to actually send a TCP segment over IP.
1462  *
1463  * @param seg the tcp_seg to send
1464  * @param pcb the tcp_pcb for the TCP connection used to send the segment
1465  * @param netif the netif used to send the segment
1466  */
1467 static err_t
tcp_output_segment(struct tcp_seg * seg,struct tcp_pcb * pcb,struct netif * netif)1468 tcp_output_segment(struct tcp_seg *seg, struct tcp_pcb *pcb, struct netif *netif)
1469 {
1470   err_t err;
1471   u16_t len;
1472   u32_t *opts;
1473 #if TCP_CHECKSUM_ON_COPY
1474   int seg_chksum_was_swapped = 0;
1475 #endif
1476 
1477   LWIP_ASSERT("tcp_output_segment: invalid seg", seg != NULL);
1478   LWIP_ASSERT("tcp_output_segment: invalid pcb", pcb != NULL);
1479   LWIP_ASSERT("tcp_output_segment: invalid netif", netif != NULL);
1480 
1481   if (tcp_output_segment_busy(seg)) {
1482     /* This should not happen: rexmit functions should have checked this.
1483        However, since this function modifies p->len, we must not continue in this case. */
1484     LWIP_DEBUGF(TCP_RTO_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("tcp_output_segment: segment busy\n"));
1485     return ERR_OK;
1486   }
1487 
1488   /* The TCP header has already been constructed, but the ackno and
1489    wnd fields remain. */
1490   seg->tcphdr->ackno = lwip_htonl(pcb->rcv_nxt);
1491 
1492   /* advertise our receive window size in this TCP segment */
1493 #if LWIP_WND_SCALE
1494   if (seg->flags & TF_SEG_OPTS_WND_SCALE) {
1495     /* The Window field in a SYN segment itself (the only type where we send
1496        the window scale option) is never scaled. */
1497     seg->tcphdr->wnd = lwip_htons(TCPWND_MIN16(pcb->rcv_ann_wnd));
1498   } else
1499 #endif /* LWIP_WND_SCALE */
1500   {
1501     seg->tcphdr->wnd = lwip_htons(TCPWND_MIN16(RCV_WND_SCALE(pcb, pcb->rcv_ann_wnd)));
1502   }
1503 
1504   pcb->rcv_ann_right_edge = pcb->rcv_nxt + pcb->rcv_ann_wnd;
1505 
1506   /* Add any requested options.  NB MSS option is only set on SYN
1507      packets, so ignore it here */
1508   /* cast through void* to get rid of alignment warnings */
1509   opts = (u32_t *)(void *)(seg->tcphdr + 1);
1510   if (seg->flags & TF_SEG_OPTS_MSS) {
1511     u16_t mss;
1512 #if TCP_CALCULATE_EFF_SEND_MSS
1513     mss = tcp_eff_send_mss_netif(TCP_MSS, netif, &pcb->remote_ip);
1514 #else /* TCP_CALCULATE_EFF_SEND_MSS */
1515     mss = TCP_MSS;
1516 #endif /* TCP_CALCULATE_EFF_SEND_MSS */
1517     *opts = TCP_BUILD_MSS_OPTION(mss);
1518     opts += 1;
1519   }
1520 #if LWIP_TCP_TIMESTAMPS
1521   pcb->ts_lastacksent = pcb->rcv_nxt;
1522 
1523   if (seg->flags & TF_SEG_OPTS_TS) {
1524     tcp_build_timestamp_option(pcb, opts);
1525     opts += 3;
1526   }
1527 #endif
1528 #if LWIP_WND_SCALE
1529   if (seg->flags & TF_SEG_OPTS_WND_SCALE) {
1530     tcp_build_wnd_scale_option(opts);
1531     opts += 1;
1532   }
1533 #endif
1534 #if LWIP_TCP_SACK_OUT
1535   if (seg->flags & TF_SEG_OPTS_SACK_PERM) {
1536     /* Pad with two NOP options to make everything nicely aligned
1537      * NOTE: When we send both timestamp and SACK_PERM options,
1538      * we could use the first two NOPs before the timestamp to store SACK_PERM option,
1539      * but that would complicate the code.
1540      */
1541     *(opts++) = PP_HTONL(0x01010402);
1542   }
1543 #endif
1544 
1545   /* Set retransmission timer running if it is not currently enabled
1546      This must be set before checking the route. */
1547   if (pcb->rtime < 0) {
1548     pcb->rtime = 0;
1549   }
1550 
1551   if (pcb->rttest == 0) {
1552     pcb->rttest = tcp_ticks;
1553     pcb->rtseq = lwip_ntohl(seg->tcphdr->seqno);
1554 
1555     LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_output_segment: rtseq %"U32_F"\n", pcb->rtseq));
1556   }
1557   LWIP_DEBUGF(TCP_OUTPUT_DEBUG, ("tcp_output_segment: %"U32_F":%"U32_F"\n",
1558                                  lwip_htonl(seg->tcphdr->seqno), lwip_htonl(seg->tcphdr->seqno) +
1559                                  seg->len));
1560 
1561   len = (u16_t)((u8_t *)seg->tcphdr - (u8_t *)seg->p->payload);
1562   if (len == 0) {
1563     /** Exclude retransmitted segments from this count. */
1564     MIB2_STATS_INC(mib2.tcpoutsegs);
1565   }
1566 
1567   seg->p->len -= len;
1568   seg->p->tot_len -= len;
1569 
1570   seg->p->payload = seg->tcphdr;
1571 
1572   seg->tcphdr->chksum = 0;
1573 
1574 #ifdef LWIP_HOOK_TCP_OUT_ADD_TCPOPTS
1575   opts = LWIP_HOOK_TCP_OUT_ADD_TCPOPTS(seg->p, seg->tcphdr, pcb, opts);
1576 #endif
1577   LWIP_ASSERT("options not filled", (u8_t *)opts == ((u8_t *)(seg->tcphdr + 1)) + LWIP_TCP_OPT_LENGTH_SEGMENT(seg->flags, pcb));
1578 
1579 #if CHECKSUM_GEN_TCP
1580   IF__NETIF_CHECKSUM_ENABLED(netif, NETIF_CHECKSUM_GEN_TCP) {
1581 #if TCP_CHECKSUM_ON_COPY
1582     u32_t acc;
1583 #if TCP_CHECKSUM_ON_COPY_SANITY_CHECK
1584     u16_t chksum_slow = ip_chksum_pseudo(seg->p, IP_PROTO_TCP,
1585                                          seg->p->tot_len, &pcb->local_ip, &pcb->remote_ip);
1586 #endif /* TCP_CHECKSUM_ON_COPY_SANITY_CHECK */
1587     if ((seg->flags & TF_SEG_DATA_CHECKSUMMED) == 0) {
1588       LWIP_ASSERT("data included but not checksummed",
1589                   seg->p->tot_len == TCPH_HDRLEN_BYTES(seg->tcphdr));
1590     }
1591 
1592     /* rebuild TCP header checksum (TCP header changes for retransmissions!) */
1593     acc = ip_chksum_pseudo_partial(seg->p, IP_PROTO_TCP,
1594                                    seg->p->tot_len, TCPH_HDRLEN_BYTES(seg->tcphdr), &pcb->local_ip, &pcb->remote_ip);
1595     /* add payload checksum */
1596     if (seg->chksum_swapped) {
1597       seg_chksum_was_swapped = 1;
1598       seg->chksum = SWAP_BYTES_IN_WORD(seg->chksum);
1599       seg->chksum_swapped = 0;
1600     }
1601     acc = (u16_t)~acc + seg->chksum;
1602     seg->tcphdr->chksum = (u16_t)~FOLD_U32T(acc);
1603 #if TCP_CHECKSUM_ON_COPY_SANITY_CHECK
1604     if (chksum_slow != seg->tcphdr->chksum) {
1605       TCP_CHECKSUM_ON_COPY_SANITY_CHECK_FAIL(
1606         ("tcp_output_segment: calculated checksum is %"X16_F" instead of %"X16_F"\n",
1607          seg->tcphdr->chksum, chksum_slow));
1608       seg->tcphdr->chksum = chksum_slow;
1609     }
1610 #endif /* TCP_CHECKSUM_ON_COPY_SANITY_CHECK */
1611 #else /* TCP_CHECKSUM_ON_COPY */
1612     seg->tcphdr->chksum = ip_chksum_pseudo(seg->p, IP_PROTO_TCP,
1613                                            seg->p->tot_len, &pcb->local_ip, &pcb->remote_ip);
1614 #endif /* TCP_CHECKSUM_ON_COPY */
1615   }
1616 #endif /* CHECKSUM_GEN_TCP */
1617   TCP_STATS_INC(tcp.xmit);
1618 
1619   NETIF_SET_HINTS(netif, &(pcb->netif_hints));
1620   err = ip_output_if(seg->p, &pcb->local_ip, &pcb->remote_ip, pcb->ttl,
1621                      pcb->tos, IP_PROTO_TCP, netif);
1622   NETIF_RESET_HINTS(netif);
1623 
1624 #if TCP_CHECKSUM_ON_COPY
1625   if (seg_chksum_was_swapped) {
1626     /* if data is added to this segment later, chksum needs to be swapped,
1627        so restore this now */
1628     seg->chksum = SWAP_BYTES_IN_WORD(seg->chksum);
1629     seg->chksum_swapped = 1;
1630   }
1631 #endif
1632 
1633   return err;
1634 }
1635 
1636 /**
1637  * Requeue all unacked segments for retransmission
1638  *
1639  * Called by tcp_slowtmr() for slow retransmission.
1640  *
1641  * @param pcb the tcp_pcb for which to re-enqueue all unacked segments
1642  */
1643 err_t
tcp_rexmit_rto_prepare(struct tcp_pcb * pcb)1644 tcp_rexmit_rto_prepare(struct tcp_pcb *pcb)
1645 {
1646   struct tcp_seg *seg;
1647 
1648   LWIP_ASSERT("tcp_rexmit_rto_prepare: invalid pcb", pcb != NULL);
1649 
1650   if (pcb->unacked == NULL) {
1651     return ERR_VAL;
1652   }
1653 
1654   /* Move all unacked segments to the head of the unsent queue.
1655      However, give up if any of the unsent pbufs are still referenced by the
1656      netif driver due to deferred transmission. No point loading the link further
1657      if it is struggling to flush its buffered writes. */
1658   for (seg = pcb->unacked; seg->next != NULL; seg = seg->next) {
1659     if (tcp_output_segment_busy(seg)) {
1660       LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_rexmit_rto: segment busy\n"));
1661       return ERR_VAL;
1662     }
1663   }
1664   if (tcp_output_segment_busy(seg)) {
1665     LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_rexmit_rto: segment busy\n"));
1666     return ERR_VAL;
1667   }
1668   /* concatenate unsent queue after unacked queue */
1669   seg->next = pcb->unsent;
1670 #if TCP_OVERSIZE_DBGCHECK
1671   /* if last unsent changed, we need to update unsent_oversize */
1672   if (pcb->unsent == NULL) {
1673     pcb->unsent_oversize = seg->oversize_left;
1674   }
1675 #endif /* TCP_OVERSIZE_DBGCHECK */
1676   /* unsent queue is the concatenated queue (of unacked, unsent) */
1677   pcb->unsent = pcb->unacked;
1678   /* unacked queue is now empty */
1679   pcb->unacked = NULL;
1680 
1681   /* Mark RTO in-progress */
1682   tcp_set_flags(pcb, TF_RTO);
1683   /* Record the next byte following retransmit */
1684   pcb->rto_end = lwip_ntohl(seg->tcphdr->seqno) + TCP_TCPLEN(seg);
1685   /* Don't take any RTT measurements after retransmitting. */
1686   pcb->rttest = 0;
1687 
1688   return ERR_OK;
1689 }
1690 
1691 /**
1692  * Requeue all unacked segments for retransmission
1693  *
1694  * Called by tcp_slowtmr() for slow retransmission.
1695  *
1696  * @param pcb the tcp_pcb for which to re-enqueue all unacked segments
1697  */
1698 void
tcp_rexmit_rto_commit(struct tcp_pcb * pcb)1699 tcp_rexmit_rto_commit(struct tcp_pcb *pcb)
1700 {
1701   LWIP_ASSERT("tcp_rexmit_rto_commit: invalid pcb", pcb != NULL);
1702 
1703   /* increment number of retransmissions */
1704   if (pcb->nrtx < 0xFF) {
1705     ++pcb->nrtx;
1706   }
1707   /* Do the actual retransmission */
1708   tcp_output(pcb);
1709 }
1710 
1711 /**
1712  * Requeue all unacked segments for retransmission
1713  *
1714  * Called by tcp_process() only, tcp_slowtmr() needs to do some things between
1715  * "prepare" and "commit".
1716  *
1717  * @param pcb the tcp_pcb for which to re-enqueue all unacked segments
1718  */
1719 void
tcp_rexmit_rto(struct tcp_pcb * pcb)1720 tcp_rexmit_rto(struct tcp_pcb *pcb)
1721 {
1722   LWIP_ASSERT("tcp_rexmit_rto: invalid pcb", pcb != NULL);
1723 
1724   if (tcp_rexmit_rto_prepare(pcb) == ERR_OK) {
1725     tcp_rexmit_rto_commit(pcb);
1726   }
1727 }
1728 
1729 /**
1730  * Requeue the first unacked segment for retransmission
1731  *
1732  * Called by tcp_receive() for fast retransmit.
1733  *
1734  * @param pcb the tcp_pcb for which to retransmit the first unacked segment
1735  */
1736 err_t
tcp_rexmit(struct tcp_pcb * pcb)1737 tcp_rexmit(struct tcp_pcb *pcb)
1738 {
1739   struct tcp_seg *seg;
1740   struct tcp_seg **cur_seg;
1741 
1742   LWIP_ASSERT("tcp_rexmit: invalid pcb", pcb != NULL);
1743 
1744   if (pcb->unacked == NULL) {
1745     return ERR_VAL;
1746   }
1747 
1748   seg = pcb->unacked;
1749 
1750   /* Give up if the segment is still referenced by the netif driver
1751      due to deferred transmission. */
1752   if (tcp_output_segment_busy(seg)) {
1753     LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_rexmit busy\n"));
1754     return ERR_VAL;
1755   }
1756 
1757   /* Move the first unacked segment to the unsent queue */
1758   /* Keep the unsent queue sorted. */
1759   pcb->unacked = seg->next;
1760 
1761   cur_seg = &(pcb->unsent);
1762   while (*cur_seg &&
1763          TCP_SEQ_LT(lwip_ntohl((*cur_seg)->tcphdr->seqno), lwip_ntohl(seg->tcphdr->seqno))) {
1764     cur_seg = &((*cur_seg)->next );
1765   }
1766   seg->next = *cur_seg;
1767   *cur_seg = seg;
1768 #if TCP_OVERSIZE
1769   if (seg->next == NULL) {
1770     /* the retransmitted segment is last in unsent, so reset unsent_oversize */
1771     pcb->unsent_oversize = 0;
1772   }
1773 #endif /* TCP_OVERSIZE */
1774 
1775   if (pcb->nrtx < 0xFF) {
1776     ++pcb->nrtx;
1777   }
1778 
1779   /* Don't take any rtt measurements after retransmitting. */
1780   pcb->rttest = 0;
1781 
1782   /* Do the actual retransmission. */
1783   MIB2_STATS_INC(mib2.tcpretranssegs);
1784   /* No need to call tcp_output: we are always called from tcp_input()
1785      and thus tcp_output directly returns. */
1786   return ERR_OK;
1787 }
1788 
1789 
1790 /**
1791  * Handle retransmission after three dupacks received
1792  *
1793  * @param pcb the tcp_pcb for which to retransmit the first unacked segment
1794  */
1795 void
tcp_rexmit_fast(struct tcp_pcb * pcb)1796 tcp_rexmit_fast(struct tcp_pcb *pcb)
1797 {
1798   LWIP_ASSERT("tcp_rexmit_fast: invalid pcb", pcb != NULL);
1799 
1800   if (pcb->unacked != NULL && !(pcb->flags & TF_INFR)) {
1801     /* This is fast retransmit. Retransmit the first unacked segment. */
1802     LWIP_DEBUGF(TCP_FR_DEBUG,
1803                 ("tcp_receive: dupacks %"U16_F" (%"U32_F
1804                  "), fast retransmit %"U32_F"\n",
1805                  (u16_t)pcb->dupacks, pcb->lastack,
1806                  lwip_ntohl(pcb->unacked->tcphdr->seqno)));
1807     if (tcp_rexmit(pcb) == ERR_OK) {
1808       /* Set ssthresh to half of the minimum of the current
1809        * cwnd and the advertised window */
1810       pcb->ssthresh = LWIP_MIN(pcb->cwnd, pcb->snd_wnd) / 2;
1811 
1812       /* The minimum value for ssthresh should be 2 MSS */
1813       if (pcb->ssthresh < (2U * pcb->mss)) {
1814         LWIP_DEBUGF(TCP_FR_DEBUG,
1815                     ("tcp_receive: The minimum value for ssthresh %"TCPWNDSIZE_F
1816                      " should be min 2 mss %"U16_F"...\n",
1817                      pcb->ssthresh, (u16_t)(2 * pcb->mss)));
1818         pcb->ssthresh = 2 * pcb->mss;
1819       }
1820 
1821       pcb->cwnd = pcb->ssthresh + 3 * pcb->mss;
1822       tcp_set_flags(pcb, TF_INFR);
1823 
1824       /* Reset the retransmission timer to prevent immediate rto retransmissions */
1825       pcb->rtime = 0;
1826     }
1827   }
1828 }
1829 
1830 static struct pbuf *
tcp_output_alloc_header_common(u32_t ackno,u16_t optlen,u16_t datalen,u32_t seqno_be,u16_t src_port,u16_t dst_port,u8_t flags,u16_t wnd)1831 tcp_output_alloc_header_common(u32_t ackno, u16_t optlen, u16_t datalen,
1832                         u32_t seqno_be /* already in network byte order */,
1833                         u16_t src_port, u16_t dst_port, u8_t flags, u16_t wnd)
1834 {
1835   struct tcp_hdr *tcphdr;
1836   struct pbuf *p;
1837 
1838   p = pbuf_alloc(PBUF_IP, TCP_HLEN + optlen + datalen, PBUF_RAM);
1839   if (p != NULL) {
1840     LWIP_ASSERT("check that first pbuf can hold struct tcp_hdr",
1841                 (p->len >= TCP_HLEN + optlen));
1842     tcphdr = (struct tcp_hdr *)p->payload;
1843     tcphdr->src = lwip_htons(src_port);
1844     tcphdr->dest = lwip_htons(dst_port);
1845     tcphdr->seqno = seqno_be;
1846     tcphdr->ackno = lwip_htonl(ackno);
1847     TCPH_HDRLEN_FLAGS_SET(tcphdr, (5 + optlen / 4), flags);
1848     tcphdr->wnd = lwip_htons(wnd);
1849     tcphdr->chksum = 0;
1850     tcphdr->urgp = 0;
1851   }
1852   return p;
1853 }
1854 
1855 /** Allocate a pbuf and create a tcphdr at p->payload, used for output
1856  * functions other than the default tcp_output -> tcp_output_segment
1857  * (e.g. tcp_send_empty_ack, etc.)
1858  *
1859  * @param pcb tcp pcb for which to send a packet (used to initialize tcp_hdr)
1860  * @param optlen length of header-options
1861  * @param datalen length of tcp data to reserve in pbuf
1862  * @param seqno_be seqno in network byte order (big-endian)
1863  * @return pbuf with p->payload being the tcp_hdr
1864  */
1865 static struct pbuf *
tcp_output_alloc_header(struct tcp_pcb * pcb,u16_t optlen,u16_t datalen,u32_t seqno_be)1866 tcp_output_alloc_header(struct tcp_pcb *pcb, u16_t optlen, u16_t datalen,
1867                         u32_t seqno_be /* already in network byte order */)
1868 {
1869   struct pbuf *p;
1870 
1871   LWIP_ASSERT("tcp_output_alloc_header: invalid pcb", pcb != NULL);
1872 
1873   p = tcp_output_alloc_header_common(pcb->rcv_nxt, optlen, datalen,
1874     seqno_be, pcb->local_port, pcb->remote_port, TCP_ACK,
1875     TCPWND_MIN16(RCV_WND_SCALE(pcb, pcb->rcv_ann_wnd)));
1876   if (p != NULL) {
1877     /* If we're sending a packet, update the announced right window edge */
1878     pcb->rcv_ann_right_edge = pcb->rcv_nxt + pcb->rcv_ann_wnd;
1879   }
1880   return p;
1881 }
1882 
1883 /* Fill in options for control segments */
1884 static void
tcp_output_fill_options(const struct tcp_pcb * pcb,struct pbuf * p,u8_t optflags,u8_t num_sacks)1885 tcp_output_fill_options(const struct tcp_pcb *pcb, struct pbuf *p, u8_t optflags, u8_t num_sacks)
1886 {
1887   struct tcp_hdr *tcphdr;
1888   u32_t *opts;
1889   u16_t sacks_len = 0;
1890 
1891   LWIP_ASSERT("tcp_output_fill_options: invalid pbuf", p != NULL);
1892 
1893   tcphdr = (struct tcp_hdr *)p->payload;
1894   opts = (u32_t *)(void *)(tcphdr + 1);
1895 
1896   /* NB. MSS and window scale options are only sent on SYNs, so ignore them here */
1897 
1898 #if LWIP_TCP_TIMESTAMPS
1899   if (optflags & TF_SEG_OPTS_TS) {
1900     tcp_build_timestamp_option(pcb, opts);
1901     opts += 3;
1902   }
1903 #endif
1904 
1905 #if LWIP_TCP_SACK_OUT
1906   if (pcb && (num_sacks > 0)) {
1907     tcp_build_sack_option(pcb, opts, num_sacks);
1908     /* 1 word for SACKs header (including 2xNOP), and 2 words for each SACK */
1909     sacks_len = 1 + num_sacks * 2;
1910     opts += sacks_len;
1911   }
1912 #else
1913   LWIP_UNUSED_ARG(num_sacks);
1914 #endif
1915 
1916 #ifdef LWIP_HOOK_TCP_OUT_ADD_TCPOPTS
1917   opts = LWIP_HOOK_TCP_OUT_ADD_TCPOPTS(p, tcphdr, pcb, opts);
1918 #endif
1919 
1920   LWIP_UNUSED_ARG(pcb);
1921   LWIP_UNUSED_ARG(sacks_len);
1922   LWIP_ASSERT("options not filled", (u8_t *)opts == ((u8_t *)(tcphdr + 1)) + sacks_len * 4 + LWIP_TCP_OPT_LENGTH_SEGMENT(optflags, pcb));
1923   LWIP_UNUSED_ARG(optflags); /* for LWIP_NOASSERT */
1924   LWIP_UNUSED_ARG(opts); /* for LWIP_NOASSERT */
1925 }
1926 
1927 /** Output a control segment pbuf to IP.
1928  *
1929  * Called from tcp_rst, tcp_send_empty_ack, tcp_keepalive and tcp_zero_window_probe,
1930  * this function combines selecting a netif for transmission, generating the tcp
1931  * header checksum and calling ip_output_if while handling netif hints and stats.
1932  */
1933 static err_t
tcp_output_control_segment(const struct tcp_pcb * pcb,struct pbuf * p,const ip_addr_t * src,const ip_addr_t * dst)1934 tcp_output_control_segment(const struct tcp_pcb *pcb, struct pbuf *p,
1935                            const ip_addr_t *src, const ip_addr_t *dst)
1936 {
1937   err_t err;
1938   struct netif *netif;
1939 
1940   LWIP_ASSERT("tcp_output_control_segment: invalid pbuf", p != NULL);
1941 
1942   netif = tcp_route(pcb, src, dst);
1943   if (netif == NULL) {
1944     err = ERR_RTE;
1945   } else {
1946     u8_t ttl, tos;
1947 #if CHECKSUM_GEN_TCP
1948     IF__NETIF_CHECKSUM_ENABLED(netif, NETIF_CHECKSUM_GEN_TCP) {
1949       struct tcp_hdr *tcphdr = (struct tcp_hdr *)p->payload;
1950       tcphdr->chksum = ip_chksum_pseudo(p, IP_PROTO_TCP, p->tot_len,
1951                                         src, dst);
1952     }
1953 #endif
1954     if (pcb != NULL) {
1955       NETIF_SET_HINTS(netif, LWIP_CONST_CAST(struct netif_hint*, &(pcb->netif_hints)));
1956       ttl = pcb->ttl;
1957       tos = pcb->tos;
1958     } else {
1959       /* Send output with hardcoded TTL/HL since we have no access to the pcb */
1960       ttl = TCP_TTL;
1961       tos = 0;
1962     }
1963     TCP_STATS_INC(tcp.xmit);
1964     err = ip_output_if(p, src, dst, ttl, tos, IP_PROTO_TCP, netif);
1965     NETIF_RESET_HINTS(netif);
1966   }
1967   pbuf_free(p);
1968   return err;
1969 }
1970 
1971 /**
1972  * Send a TCP RESET packet (empty segment with RST flag set) either to
1973  * abort a connection or to show that there is no matching local connection
1974  * for a received segment.
1975  *
1976  * Called by tcp_abort() (to abort a local connection), tcp_input() (if no
1977  * matching local pcb was found), tcp_listen_input() (if incoming segment
1978  * has ACK flag set) and tcp_process() (received segment in the wrong state)
1979  *
1980  * Since a RST segment is in most cases not sent for an active connection,
1981  * tcp_rst() has a number of arguments that are taken from a tcp_pcb for
1982  * most other segment output functions.
1983  *
1984  * @param pcb TCP pcb (may be NULL if no pcb is available)
1985  * @param seqno the sequence number to use for the outgoing segment
1986  * @param ackno the acknowledge number to use for the outgoing segment
1987  * @param local_ip the local IP address to send the segment from
1988  * @param remote_ip the remote IP address to send the segment to
1989  * @param local_port the local TCP port to send the segment from
1990  * @param remote_port the remote TCP port to send the segment to
1991  */
1992 void
tcp_rst(const struct tcp_pcb * pcb,u32_t seqno,u32_t ackno,const ip_addr_t * local_ip,const ip_addr_t * remote_ip,u16_t local_port,u16_t remote_port)1993 tcp_rst(const struct tcp_pcb *pcb, u32_t seqno, u32_t ackno,
1994         const ip_addr_t *local_ip, const ip_addr_t *remote_ip,
1995         u16_t local_port, u16_t remote_port)
1996 {
1997   struct pbuf *p;
1998   u16_t wnd;
1999   u8_t optlen;
2000 
2001   LWIP_ASSERT("tcp_rst: invalid local_ip", local_ip != NULL);
2002   LWIP_ASSERT("tcp_rst: invalid remote_ip", remote_ip != NULL);
2003 
2004   optlen = LWIP_TCP_OPT_LENGTH_SEGMENT(0, pcb);
2005 
2006 #if LWIP_WND_SCALE
2007   wnd = PP_HTONS(((TCP_WND >> TCP_RCV_SCALE) & 0xFFFF));
2008 #else
2009   wnd = PP_HTONS(TCP_WND);
2010 #endif
2011 
2012   p = tcp_output_alloc_header_common(ackno, optlen, 0, lwip_htonl(seqno), local_port,
2013     remote_port, TCP_RST | TCP_ACK, wnd);
2014   if (p == NULL) {
2015     LWIP_DEBUGF(TCP_DEBUG, ("tcp_rst: could not allocate memory for pbuf\n"));
2016     return;
2017   }
2018   tcp_output_fill_options(pcb, p, 0, 0);
2019 
2020   MIB2_STATS_INC(mib2.tcpoutrsts);
2021 
2022   tcp_output_control_segment(pcb, p, local_ip, remote_ip);
2023   LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_rst: seqno %"U32_F" ackno %"U32_F".\n", seqno, ackno));
2024 }
2025 
2026 /**
2027  * Send an ACK without data.
2028  *
2029  * @param pcb Protocol control block for the TCP connection to send the ACK
2030  */
2031 err_t
tcp_send_empty_ack(struct tcp_pcb * pcb)2032 tcp_send_empty_ack(struct tcp_pcb *pcb)
2033 {
2034   err_t err;
2035   struct pbuf *p;
2036   u8_t optlen, optflags = 0;
2037   u8_t num_sacks = 0;
2038 
2039   LWIP_ASSERT("tcp_send_empty_ack: invalid pcb", pcb != NULL);
2040 
2041 #if LWIP_TCP_TIMESTAMPS
2042   if (pcb->flags & TF_TIMESTAMP) {
2043     optflags = TF_SEG_OPTS_TS;
2044   }
2045 #endif
2046   optlen = LWIP_TCP_OPT_LENGTH_SEGMENT(optflags, pcb);
2047 
2048 #if LWIP_TCP_SACK_OUT
2049   /* For now, SACKs are only sent with empty ACKs */
2050   if ((num_sacks = tcp_get_num_sacks(pcb, optlen)) > 0) {
2051     optlen += 4 + num_sacks * 8; /* 4 bytes for header (including 2*NOP), plus 8B for each SACK */
2052   }
2053 #endif
2054 
2055   p = tcp_output_alloc_header(pcb, optlen, 0, lwip_htonl(pcb->snd_nxt));
2056   if (p == NULL) {
2057     /* let tcp_fasttmr retry sending this ACK */
2058     tcp_set_flags(pcb, TF_ACK_DELAY | TF_ACK_NOW);
2059     LWIP_DEBUGF(TCP_OUTPUT_DEBUG, ("tcp_output: (ACK) could not allocate pbuf\n"));
2060     return ERR_BUF;
2061   }
2062   tcp_output_fill_options(pcb, p, optflags, num_sacks);
2063 
2064 #if LWIP_TCP_TIMESTAMPS
2065   pcb->ts_lastacksent = pcb->rcv_nxt;
2066 #endif
2067 
2068   LWIP_DEBUGF(TCP_OUTPUT_DEBUG,
2069               ("tcp_output: sending ACK for %"U32_F"\n", pcb->rcv_nxt));
2070   err = tcp_output_control_segment(pcb, p, &pcb->local_ip, &pcb->remote_ip);
2071   if (err != ERR_OK) {
2072     /* let tcp_fasttmr retry sending this ACK */
2073     tcp_set_flags(pcb, TF_ACK_DELAY | TF_ACK_NOW);
2074   } else {
2075     /* remove ACK flags from the PCB, as we sent an empty ACK now */
2076     tcp_clear_flags(pcb, TF_ACK_DELAY | TF_ACK_NOW);
2077   }
2078 
2079   return err;
2080 }
2081 
2082 /**
2083  * Send keepalive packets to keep a connection active although
2084  * no data is sent over it.
2085  *
2086  * Called by tcp_slowtmr()
2087  *
2088  * @param pcb the tcp_pcb for which to send a keepalive packet
2089  */
2090 err_t
tcp_keepalive(struct tcp_pcb * pcb)2091 tcp_keepalive(struct tcp_pcb *pcb)
2092 {
2093   err_t err;
2094   struct pbuf *p;
2095   u8_t optlen = LWIP_TCP_OPT_LENGTH_SEGMENT(0, pcb);
2096 
2097   LWIP_ASSERT("tcp_keepalive: invalid pcb", pcb != NULL);
2098 
2099   LWIP_DEBUGF(TCP_DEBUG, ("tcp_keepalive: sending KEEPALIVE probe to "));
2100   ip_addr_debug_print_val(TCP_DEBUG, pcb->remote_ip);
2101   LWIP_DEBUGF(TCP_DEBUG, ("\n"));
2102 
2103   LWIP_DEBUGF(TCP_DEBUG, ("tcp_keepalive: tcp_ticks %"U32_F"   pcb->tmr %"U32_F" pcb->keep_cnt_sent %"U16_F"\n",
2104                           tcp_ticks, pcb->tmr, (u16_t)pcb->keep_cnt_sent));
2105 
2106   p = tcp_output_alloc_header(pcb, optlen, 0, lwip_htonl(pcb->snd_nxt - 1));
2107   if (p == NULL) {
2108     LWIP_DEBUGF(TCP_DEBUG,
2109                 ("tcp_keepalive: could not allocate memory for pbuf\n"));
2110     return ERR_MEM;
2111   }
2112   tcp_output_fill_options(pcb, p, 0, 0);
2113   err = tcp_output_control_segment(pcb, p, &pcb->local_ip, &pcb->remote_ip);
2114 
2115   LWIP_DEBUGF(TCP_DEBUG, ("tcp_keepalive: seqno %"U32_F" ackno %"U32_F" err %d.\n",
2116                           pcb->snd_nxt - 1, pcb->rcv_nxt, (int)err));
2117   return err;
2118 }
2119 
2120 /**
2121  * Send persist timer zero-window probes to keep a connection active
2122  * when a window update is lost.
2123  *
2124  * Called by tcp_slowtmr()
2125  *
2126  * @param pcb the tcp_pcb for which to send a zero-window probe packet
2127  */
2128 err_t
tcp_zero_window_probe(struct tcp_pcb * pcb)2129 tcp_zero_window_probe(struct tcp_pcb *pcb)
2130 {
2131   err_t err;
2132   struct pbuf *p;
2133   struct tcp_hdr *tcphdr;
2134   struct tcp_seg *seg;
2135   u16_t len;
2136   u8_t is_fin;
2137   u32_t snd_nxt;
2138   u8_t optlen = LWIP_TCP_OPT_LENGTH_SEGMENT(0, pcb);
2139 
2140   LWIP_ASSERT("tcp_zero_window_probe: invalid pcb", pcb != NULL);
2141 
2142   LWIP_DEBUGF(TCP_DEBUG, ("tcp_zero_window_probe: sending ZERO WINDOW probe to "));
2143   ip_addr_debug_print_val(TCP_DEBUG, pcb->remote_ip);
2144   LWIP_DEBUGF(TCP_DEBUG, ("\n"));
2145 
2146   LWIP_DEBUGF(TCP_DEBUG,
2147               ("tcp_zero_window_probe: tcp_ticks %"U32_F
2148                "   pcb->tmr %"U32_F" pcb->keep_cnt_sent %"U16_F"\n",
2149                tcp_ticks, pcb->tmr, (u16_t)pcb->keep_cnt_sent));
2150 
2151   /* Only consider unsent, persist timer should be off when there is data in-flight */
2152   seg = pcb->unsent;
2153   if (seg == NULL) {
2154     /* Not expected, persist timer should be off when the send buffer is empty */
2155     return ERR_OK;
2156   }
2157 
2158   /* increment probe count. NOTE: we record probe even if it fails
2159      to actually transmit due to an error. This ensures memory exhaustion/
2160      routing problem doesn't leave a zero-window pcb as an indefinite zombie.
2161      RTO mechanism has similar behavior, see pcb->nrtx */
2162   if (pcb->persist_probe < 0xFF) {
2163     ++pcb->persist_probe;
2164   }
2165 
2166   is_fin = ((TCPH_FLAGS(seg->tcphdr) & TCP_FIN) != 0) && (seg->len == 0);
2167   /* we want to send one seqno: either FIN or data (no options) */
2168   len = is_fin ? 0 : 1;
2169 
2170   p = tcp_output_alloc_header(pcb, optlen, len, seg->tcphdr->seqno);
2171   if (p == NULL) {
2172     LWIP_DEBUGF(TCP_DEBUG, ("tcp_zero_window_probe: no memory for pbuf\n"));
2173     return ERR_MEM;
2174   }
2175   tcphdr = (struct tcp_hdr *)p->payload;
2176 
2177   if (is_fin) {
2178     /* FIN segment, no data */
2179     TCPH_FLAGS_SET(tcphdr, TCP_ACK | TCP_FIN);
2180   } else {
2181     /* Data segment, copy in one byte from the head of the unacked queue */
2182     char *d = ((char *)p->payload + TCP_HLEN);
2183     /* Depending on whether the segment has already been sent (unacked) or not
2184        (unsent), seg->p->payload points to the IP header or TCP header.
2185        Ensure we copy the first TCP data byte: */
2186     pbuf_copy_partial(seg->p, d, 1, seg->p->tot_len - seg->len);
2187   }
2188 
2189   /* The byte may be acknowledged without the window being opened. */
2190   snd_nxt = lwip_ntohl(seg->tcphdr->seqno) + 1;
2191   if (TCP_SEQ_LT(pcb->snd_nxt, snd_nxt)) {
2192     pcb->snd_nxt = snd_nxt;
2193   }
2194   tcp_output_fill_options(pcb, p, 0, 0);
2195 
2196   err = tcp_output_control_segment(pcb, p, &pcb->local_ip, &pcb->remote_ip);
2197 
2198   LWIP_DEBUGF(TCP_DEBUG, ("tcp_zero_window_probe: seqno %"U32_F
2199                           " ackno %"U32_F" err %d.\n",
2200                           pcb->snd_nxt - 1, pcb->rcv_nxt, (int)err));
2201   return err;
2202 }
2203 #endif /* LWIP_TCP */
2204