1 /**
2 * @file
3 * Transmission Control Protocol, incoming traffic
4 *
5 * The input processing functions of the TCP layer.
6 *
7 * These functions are generally called in the order (ip_input() ->)
8 * tcp_input() -> * tcp_process() -> tcp_receive() (-> application).
9 *
10 */
11
12 /*
13 * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
14 * All rights reserved.
15 *
16 * Redistribution and use in source and binary forms, with or without modification,
17 * are permitted provided that the following conditions are met:
18 *
19 * 1. Redistributions of source code must retain the above copyright notice,
20 * this list of conditions and the following disclaimer.
21 * 2. Redistributions in binary form must reproduce the above copyright notice,
22 * this list of conditions and the following disclaimer in the documentation
23 * and/or other materials provided with the distribution.
24 * 3. The name of the author may not be used to endorse or promote products
25 * derived from this software without specific prior written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
28 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
29 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
30 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
31 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
32 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
35 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
36 * OF SUCH DAMAGE.
37 *
38 * This file is part of the lwIP TCP/IP stack.
39 *
40 * Author: Adam Dunkels <adam@sics.se>
41 *
42 */
43
44 #include "lwip/opt.h"
45
46 #if LWIP_TCP /* don't build if not configured for use in lwipopts.h */
47
48 #include "lwip/priv/tcp_priv.h"
49 #include "lwip/def.h"
50 #include "lwip/ip_addr.h"
51 #include "lwip/netif.h"
52 #include "lwip/mem.h"
53 #include "lwip/memp.h"
54 #include "lwip/inet_chksum.h"
55 #include "lwip/stats.h"
56 #include "lwip/ip6.h"
57 #include "lwip/ip6_addr.h"
58 #if LWIP_ND6_TCP_REACHABILITY_HINTS
59 #include "lwip/nd6.h"
60 #endif /* LWIP_ND6_TCP_REACHABILITY_HINTS */
61
62 #include <string.h>
63
64 #ifdef LWIP_HOOK_FILENAME
65 #include LWIP_HOOK_FILENAME
66 #endif
67
68 /** Initial CWND calculation as defined RFC 2581 */
69 #define LWIP_TCP_CALC_INITIAL_CWND(mss) ((tcpwnd_size_t)LWIP_MIN((4U * (mss)), LWIP_MAX((2U * (mss)), 4380U)))
70
71 /* These variables are global to all functions involved in the input
72 processing of TCP segments. They are set by the tcp_input()
73 function. */
74 static struct tcp_seg inseg;
75 static struct tcp_hdr *tcphdr;
76 static u16_t tcphdr_optlen;
77 static u16_t tcphdr_opt1len;
78 static u8_t *tcphdr_opt2;
79 static u16_t tcp_optidx;
80 static u32_t seqno, ackno;
81 static tcpwnd_size_t recv_acked;
82 static u16_t tcplen;
83 static u8_t flags;
84
85 static u8_t recv_flags;
86 static struct pbuf *recv_data;
87
88 struct tcp_pcb *tcp_input_pcb;
89
90 /* Forward declarations. */
91 static err_t tcp_process(struct tcp_pcb *pcb);
92 static void tcp_receive(struct tcp_pcb *pcb);
93 static void tcp_parseopt(struct tcp_pcb *pcb);
94
95 static void tcp_listen_input(struct tcp_pcb_listen *pcb);
96 static void tcp_timewait_input(struct tcp_pcb *pcb);
97
98 static int tcp_input_delayed_close(struct tcp_pcb *pcb);
99
100 #if LWIP_TCP_SACK_OUT
101 static void tcp_add_sack(struct tcp_pcb *pcb, u32_t left, u32_t right);
102 static void tcp_remove_sacks_lt(struct tcp_pcb *pcb, u32_t seq);
103 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
104 static void tcp_remove_sacks_gt(struct tcp_pcb *pcb, u32_t seq);
105 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
106 #endif /* LWIP_TCP_SACK_OUT */
107
108 /**
109 * The initial input processing of TCP. It verifies the TCP header, demultiplexes
110 * the segment between the PCBs and passes it on to tcp_process(), which implements
111 * the TCP finite state machine. This function is called by the IP layer (in
112 * ip_input()).
113 *
114 * @param p received TCP segment to process (p->payload pointing to the TCP header)
115 * @param inp network interface on which this segment was received
116 */
117 void
tcp_input(struct pbuf * p,struct netif * inp)118 tcp_input(struct pbuf *p, struct netif *inp)
119 {
120 struct tcp_pcb *pcb, *prev;
121 struct tcp_pcb_listen *lpcb;
122 #ifdef LOSCFG_NET_CONTAINER
123 struct net_group *group = get_net_group_from_netif(inp);
124 #endif
125 #if SO_REUSE
126 struct tcp_pcb *lpcb_prev = NULL;
127 struct tcp_pcb_listen *lpcb_any = NULL;
128 #endif /* SO_REUSE */
129 u8_t hdrlen_bytes;
130 err_t err;
131
132 LWIP_UNUSED_ARG(inp);
133 LWIP_ASSERT_CORE_LOCKED();
134 LWIP_ASSERT("tcp_input: invalid pbuf", p != NULL);
135
136 PERF_START;
137
138 TCP_STATS_INC(tcp.recv);
139 MIB2_STATS_INC(mib2.tcpinsegs);
140
141 tcphdr = (struct tcp_hdr *)p->payload;
142
143 #if TCP_INPUT_DEBUG
144 tcp_debug_print(tcphdr);
145 #endif
146
147 /* Check that TCP header fits in payload */
148 if (p->len < TCP_HLEN) {
149 /* drop short packets */
150 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: short packet (%"U16_F" bytes) discarded\n", p->tot_len));
151 TCP_STATS_INC(tcp.lenerr);
152 goto dropped;
153 }
154
155 /* Don't even process incoming broadcasts/multicasts. */
156 if (ip_addr_isbroadcast(ip_current_dest_addr(), ip_current_netif()) ||
157 ip_addr_ismulticast(ip_current_dest_addr())) {
158 TCP_STATS_INC(tcp.proterr);
159 goto dropped;
160 }
161
162 #if CHECKSUM_CHECK_TCP
163 IF__NETIF_CHECKSUM_ENABLED(inp, NETIF_CHECKSUM_CHECK_TCP) {
164 /* Verify TCP checksum. */
165 u16_t chksum = ip_chksum_pseudo(p, IP_PROTO_TCP, p->tot_len,
166 ip_current_src_addr(), ip_current_dest_addr());
167 if (chksum != 0) {
168 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packet discarded due to failing checksum 0x%04"X16_F"\n",
169 chksum));
170 tcp_debug_print(tcphdr);
171 TCP_STATS_INC(tcp.chkerr);
172 goto dropped;
173 }
174 }
175 #endif /* CHECKSUM_CHECK_TCP */
176
177 /* sanity-check header length */
178 hdrlen_bytes = TCPH_HDRLEN_BYTES(tcphdr);
179 if ((hdrlen_bytes < TCP_HLEN) || (hdrlen_bytes > p->tot_len)) {
180 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: invalid header length (%"U16_F")\n", (u16_t)hdrlen_bytes));
181 TCP_STATS_INC(tcp.lenerr);
182 goto dropped;
183 }
184
185 /* Move the payload pointer in the pbuf so that it points to the
186 TCP data instead of the TCP header. */
187 tcphdr_optlen = (u16_t)(hdrlen_bytes - TCP_HLEN);
188 tcphdr_opt2 = NULL;
189 if (p->len >= hdrlen_bytes) {
190 /* all options are in the first pbuf */
191 tcphdr_opt1len = tcphdr_optlen;
192 pbuf_remove_header(p, hdrlen_bytes); /* cannot fail */
193 } else {
194 u16_t opt2len;
195 /* TCP header fits into first pbuf, options don't - data is in the next pbuf */
196 /* there must be a next pbuf, due to hdrlen_bytes sanity check above */
197 LWIP_ASSERT("p->next != NULL", p->next != NULL);
198
199 /* advance over the TCP header (cannot fail) */
200 pbuf_remove_header(p, TCP_HLEN);
201
202 /* determine how long the first and second parts of the options are */
203 tcphdr_opt1len = p->len;
204 opt2len = (u16_t)(tcphdr_optlen - tcphdr_opt1len);
205
206 /* options continue in the next pbuf: set p to zero length and hide the
207 options in the next pbuf (adjusting p->tot_len) */
208 pbuf_remove_header(p, tcphdr_opt1len);
209
210 /* check that the options fit in the second pbuf */
211 if (opt2len > p->next->len) {
212 /* drop short packets */
213 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: options overflow second pbuf (%"U16_F" bytes)\n", p->next->len));
214 TCP_STATS_INC(tcp.lenerr);
215 goto dropped;
216 }
217
218 /* remember the pointer to the second part of the options */
219 tcphdr_opt2 = (u8_t *)p->next->payload;
220
221 /* advance p->next to point after the options, and manually
222 adjust p->tot_len to keep it consistent with the changed p->next */
223 pbuf_remove_header(p->next, opt2len);
224 p->tot_len = (u16_t)(p->tot_len - opt2len);
225
226 LWIP_ASSERT("p->len == 0", p->len == 0);
227 LWIP_ASSERT("p->tot_len == p->next->tot_len", p->tot_len == p->next->tot_len);
228 }
229
230 /* Convert fields in TCP header to host byte order. */
231 tcphdr->src = lwip_ntohs(tcphdr->src);
232 tcphdr->dest = lwip_ntohs(tcphdr->dest);
233 seqno = tcphdr->seqno = lwip_ntohl(tcphdr->seqno);
234 ackno = tcphdr->ackno = lwip_ntohl(tcphdr->ackno);
235 tcphdr->wnd = lwip_ntohs(tcphdr->wnd);
236
237 flags = TCPH_FLAGS(tcphdr);
238 tcplen = p->tot_len;
239 if (flags & (TCP_FIN | TCP_SYN)) {
240 tcplen++;
241 if (tcplen < p->tot_len) {
242 /* u16_t overflow, cannot handle this */
243 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: length u16_t overflow, cannot handle this\n"));
244 TCP_STATS_INC(tcp.lenerr);
245 goto dropped;
246 }
247 }
248
249 /* Demultiplex an incoming segment. First, we check if it is destined
250 for an active connection. */
251 prev = NULL;
252
253 for (pcb = tcp_active_pcbs; pcb != NULL; pcb = pcb->next) {
254 LWIP_ASSERT("tcp_input: active pcb->state != CLOSED", pcb->state != CLOSED);
255 LWIP_ASSERT("tcp_input: active pcb->state != TIME-WAIT", pcb->state != TIME_WAIT);
256 LWIP_ASSERT("tcp_input: active pcb->state != LISTEN", pcb->state != LISTEN);
257
258 /* check if PCB is bound to specific netif */
259 if ((pcb->netif_idx != NETIF_NO_INDEX) &&
260 (pcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
261 prev = pcb;
262 continue;
263 }
264
265 #ifdef LOSCFG_NET_CONTAINER
266 if (group == get_net_group_from_tcp_pcb(pcb) &&
267 pcb->remote_port == tcphdr->src &&
268 #else
269 if (pcb->remote_port == tcphdr->src &&
270 #endif
271 pcb->local_port == tcphdr->dest &&
272 ip_addr_eq(&pcb->remote_ip, ip_current_src_addr()) &&
273 ip_addr_eq(&pcb->local_ip, ip_current_dest_addr())) {
274 /* Move this PCB to the front of the list so that subsequent
275 lookups will be faster (we exploit locality in TCP segment
276 arrivals). */
277 LWIP_ASSERT("tcp_input: pcb->next != pcb (before cache)", pcb->next != pcb);
278 if (prev != NULL) {
279 prev->next = pcb->next;
280 pcb->next = tcp_active_pcbs;
281 tcp_active_pcbs = pcb;
282 } else {
283 TCP_STATS_INC(tcp.cachehit);
284 }
285 LWIP_ASSERT("tcp_input: pcb->next != pcb (after cache)", pcb->next != pcb);
286 break;
287 }
288 prev = pcb;
289 }
290
291 if (pcb == NULL) {
292 /* If it did not go to an active connection, we check the connections
293 in the TIME-WAIT state. */
294 for (pcb = tcp_tw_pcbs; pcb != NULL; pcb = pcb->next) {
295 LWIP_ASSERT("tcp_input: TIME-WAIT pcb->state == TIME-WAIT", pcb->state == TIME_WAIT);
296
297 /* check if PCB is bound to specific netif */
298 if ((pcb->netif_idx != NETIF_NO_INDEX) &&
299 (pcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
300 continue;
301 }
302
303 #ifdef LOSCFG_NET_CONTAINER
304 if (group == get_net_group_from_tcp_pcb(pcb) &&
305 pcb->remote_port == tcphdr->src &&
306 #else
307 if (pcb->remote_port == tcphdr->src &&
308 #endif
309 pcb->local_port == tcphdr->dest &&
310 ip_addr_eq(&pcb->remote_ip, ip_current_src_addr()) &&
311 ip_addr_eq(&pcb->local_ip, ip_current_dest_addr())) {
312 /* We don't really care enough to move this PCB to the front
313 of the list since we are not very likely to receive that
314 many segments for connections in TIME-WAIT. */
315 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for TIME_WAITing connection.\n"));
316 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
317 if (LWIP_HOOK_TCP_INPACKET_PCB(pcb, tcphdr, tcphdr_optlen, tcphdr_opt1len,
318 tcphdr_opt2, p) == ERR_OK)
319 #endif
320 {
321 tcp_timewait_input(pcb);
322 }
323 pbuf_free(p);
324 return;
325 }
326 }
327
328 /* Finally, if we still did not get a match, we check all PCBs that
329 are LISTENing for incoming connections. */
330 prev = NULL;
331 for (lpcb = tcp_listen_pcbs.listen_pcbs; lpcb != NULL; lpcb = lpcb->next) {
332 /* check if PCB is bound to specific netif */
333 if ((lpcb->netif_idx != NETIF_NO_INDEX) &&
334 (lpcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
335 prev = (struct tcp_pcb *)lpcb;
336 continue;
337 }
338
339 #ifdef LOSCFG_NET_CONTAINER
340 if (group == get_net_group_from_tcp_pcb((struct tcp_pcb *)lpcb) && lpcb->local_port == tcphdr->dest) {
341 #else
342 if (lpcb->local_port == tcphdr->dest) {
343 #endif
344 if (IP_IS_ANY_TYPE_VAL(lpcb->local_ip)) {
345 /* found an ANY TYPE (IPv4/IPv6) match */
346 #if SO_REUSE
347 lpcb_any = lpcb;
348 lpcb_prev = prev;
349 #else /* SO_REUSE */
350 break;
351 #endif /* SO_REUSE */
352 } else if (IP_ADDR_PCB_VERSION_MATCH_EXACT(lpcb, ip_current_dest_addr())) {
353 if (ip_addr_eq(&lpcb->local_ip, ip_current_dest_addr())) {
354 /* found an exact match */
355 break;
356 } else if (ip_addr_isany(&lpcb->local_ip)) {
357 /* found an ANY-match */
358 #if SO_REUSE
359 lpcb_any = lpcb;
360 lpcb_prev = prev;
361 #else /* SO_REUSE */
362 break;
363 #endif /* SO_REUSE */
364 }
365 }
366 }
367 prev = (struct tcp_pcb *)lpcb;
368 }
369 #if SO_REUSE
370 /* first try specific local IP */
371 if (lpcb == NULL) {
372 /* only pass to ANY if no specific local IP has been found */
373 lpcb = lpcb_any;
374 prev = lpcb_prev;
375 }
376 #endif /* SO_REUSE */
377 if (lpcb != NULL) {
378 /* Move this PCB to the front of the list so that subsequent
379 lookups will be faster (we exploit locality in TCP segment
380 arrivals). */
381 if (prev != NULL) {
382 ((struct tcp_pcb_listen *)prev)->next = lpcb->next;
383 /* our successor is the remainder of the listening list */
384 lpcb->next = tcp_listen_pcbs.listen_pcbs;
385 /* put this listening pcb at the head of the listening list */
386 tcp_listen_pcbs.listen_pcbs = lpcb;
387 } else {
388 TCP_STATS_INC(tcp.cachehit);
389 }
390
391 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for LISTENing connection.\n"));
392 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
393 if (LWIP_HOOK_TCP_INPACKET_PCB((struct tcp_pcb *)lpcb, tcphdr, tcphdr_optlen,
394 tcphdr_opt1len, tcphdr_opt2, p) == ERR_OK)
395 #endif
396 {
397 tcp_listen_input(lpcb);
398 }
399 pbuf_free(p);
400 return;
401 }
402 }
403
404 #if TCP_INPUT_DEBUG
405 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("+-+-+-+-+-+-+-+-+-+-+-+-+-+- tcp_input: flags "));
406 tcp_debug_print_flags(TCPH_FLAGS(tcphdr));
407 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n"));
408 #endif /* TCP_INPUT_DEBUG */
409
410
411 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
412 if ((pcb != NULL) && LWIP_HOOK_TCP_INPACKET_PCB(pcb, tcphdr, tcphdr_optlen,
413 tcphdr_opt1len, tcphdr_opt2, p) != ERR_OK) {
414 pbuf_free(p);
415 return;
416 }
417 #endif
418 if (pcb != NULL) {
419 /* The incoming segment belongs to a connection. */
420 #if TCP_INPUT_DEBUG
421 tcp_debug_print_state(pcb->state);
422 #endif /* TCP_INPUT_DEBUG */
423
424 /* Set up a tcp_seg structure. */
425 inseg.next = NULL;
426 inseg.len = p->tot_len;
427 inseg.p = p;
428 inseg.tcphdr = tcphdr;
429
430 recv_data = NULL;
431 recv_flags = 0;
432 recv_acked = 0;
433
434 if (flags & TCP_PSH) {
435 p->flags |= PBUF_FLAG_PUSH;
436 }
437
438 /* If there is data which was previously "refused" by upper layer */
439 if (pcb->refused_data != NULL) {
440 if ((tcp_process_refused_data(pcb) == ERR_ABRT) ||
441 ((pcb->refused_data != NULL) && (tcplen > 0))) {
442 /* pcb has been aborted or refused data is still refused and the new
443 segment contains data */
444 if (pcb->rcv_ann_wnd == 0) {
445 /* this is a zero-window probe, we respond to it with current RCV.NXT
446 and drop the data segment */
447 tcp_send_empty_ack(pcb);
448 }
449 TCP_STATS_INC(tcp.drop);
450 MIB2_STATS_INC(mib2.tcpinerrs);
451 goto aborted;
452 }
453 }
454 tcp_input_pcb = pcb;
455 err = tcp_process(pcb);
456 /* A return value of ERR_ABRT means that tcp_abort() was called
457 and that the pcb has been freed. If so, we don't do anything. */
458 if (err != ERR_ABRT) {
459 if (recv_flags & TF_RESET) {
460 /* TF_RESET means that the connection was reset by the other
461 end. We then call the error callback to inform the
462 application that the connection is dead before we
463 deallocate the PCB. */
464 TCP_EVENT_ERR(pcb->state, pcb->errf, pcb->callback_arg, ERR_RST);
465 tcp_pcb_remove(&tcp_active_pcbs, pcb);
466 tcp_free(pcb);
467 } else {
468 err = ERR_OK;
469 /* If the application has registered a "sent" function to be
470 called when new send buffer space is available, we call it
471 now. */
472 if (recv_acked > 0) {
473 u16_t acked16;
474 #if LWIP_WND_SCALE
475 /* recv_acked is u32_t but the sent callback only takes a u16_t,
476 so we might have to call it multiple times. */
477 u32_t acked = recv_acked;
478 while (acked > 0) {
479 acked16 = (u16_t)LWIP_MIN(acked, 0xffffu);
480 acked -= acked16;
481 #else
482 {
483 acked16 = recv_acked;
484 #endif
485 TCP_EVENT_SENT(pcb, (u16_t)acked16, err);
486 if (err == ERR_ABRT) {
487 goto aborted;
488 }
489 }
490 recv_acked = 0;
491 }
492 if (tcp_input_delayed_close(pcb)) {
493 goto aborted;
494 }
495 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
496 while (recv_data != NULL) {
497 struct pbuf *rest = NULL;
498 pbuf_split_64k(recv_data, &rest);
499 #else /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
500 if (recv_data != NULL) {
501 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
502
503 LWIP_ASSERT("pcb->refused_data == NULL", pcb->refused_data == NULL);
504 if (pcb->flags & TF_RXCLOSED) {
505 /* received data although already closed -> abort (send RST) to
506 notify the remote host that not all data has been processed */
507 pbuf_free(recv_data);
508 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
509 if (rest != NULL) {
510 pbuf_free(rest);
511 }
512 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
513 tcp_abort(pcb);
514 goto aborted;
515 }
516
517 /* Notify application that data has been received. */
518 TCP_EVENT_RECV(pcb, recv_data, ERR_OK, err);
519 if (err == ERR_ABRT) {
520 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
521 if (rest != NULL) {
522 pbuf_free(rest);
523 }
524 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
525 goto aborted;
526 }
527
528 /* If the upper layer can't receive this data, store it */
529 if (err != ERR_OK) {
530 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
531 if (rest != NULL) {
532 pbuf_cat(recv_data, rest);
533 }
534 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
535 pcb->refused_data = recv_data;
536 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: keep incoming packet, because pcb is \"full\"\n"));
537 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
538 break;
539 } else {
540 /* Upper layer received the data, go on with the rest if > 64K */
541 recv_data = rest;
542 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
543 }
544 }
545
546 /* If a FIN segment was received, we call the callback
547 function with a NULL buffer to indicate EOF. */
548 if (recv_flags & TF_GOT_FIN) {
549 if (pcb->refused_data != NULL) {
550 /* Delay this if we have refused data. */
551 pcb->refused_data->flags |= PBUF_FLAG_TCP_FIN;
552 } else {
553 /* correct rcv_wnd as the application won't call tcp_recved()
554 for the FIN's seqno */
555 if (pcb->rcv_wnd != TCP_WND_MAX(pcb)) {
556 pcb->rcv_wnd++;
557 }
558 TCP_EVENT_CLOSED(pcb, err);
559 if (err == ERR_ABRT) {
560 goto aborted;
561 }
562 }
563 }
564
565 tcp_input_pcb = NULL;
566 if (tcp_input_delayed_close(pcb)) {
567 goto aborted;
568 }
569 /* Try to send something out. */
570 tcp_output(pcb);
571 #if TCP_INPUT_DEBUG
572 #if TCP_DEBUG
573 tcp_debug_print_state(pcb->state);
574 #endif /* TCP_DEBUG */
575 #endif /* TCP_INPUT_DEBUG */
576 }
577 }
578 /* Jump target if pcb has been aborted in a callback (by calling tcp_abort()).
579 Below this line, 'pcb' may not be dereferenced! */
580 aborted:
581 tcp_input_pcb = NULL;
582 recv_data = NULL;
583
584 /* give up our reference to inseg.p */
585 if (inseg.p != NULL) {
586 pbuf_free(inseg.p);
587 inseg.p = NULL;
588 }
589 } else {
590 /* If no matching PCB was found, send a TCP RST (reset) to the
591 sender. */
592 LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_input: no PCB match found, resetting.\n"));
593 if (!(TCPH_FLAGS(tcphdr) & TCP_RST)) {
594 TCP_STATS_INC(tcp.proterr);
595 TCP_STATS_INC(tcp.drop);
596 tcp_rst_netif(ip_data.current_input_netif, ackno, seqno + tcplen, ip_current_dest_addr(),
597 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
598 }
599 pbuf_free(p);
600 }
601
602 LWIP_ASSERT("tcp_input: tcp_pcbs_sane()", tcp_pcbs_sane());
603 PERF_STOP("tcp_input");
604 return;
605 dropped:
606 TCP_STATS_INC(tcp.drop);
607 MIB2_STATS_INC(mib2.tcpinerrs);
608 pbuf_free(p);
609 }
610
611 /** Called from tcp_input to check for TF_CLOSED flag. This results in closing
612 * and deallocating a pcb at the correct place to ensure no one references it
613 * any more.
614 * @returns 1 if the pcb has been closed and deallocated, 0 otherwise
615 */
616 static int
617 tcp_input_delayed_close(struct tcp_pcb *pcb)
618 {
619 LWIP_ASSERT("tcp_input_delayed_close: invalid pcb", pcb != NULL);
620
621 if (recv_flags & TF_CLOSED) {
622 /* The connection has been closed and we will deallocate the
623 PCB. */
624 if (!(pcb->flags & TF_RXCLOSED)) {
625 /* Connection closed although the application has only shut down the
626 tx side: call the PCB's err callback and indicate the closure to
627 ensure the application doesn't continue using the PCB. */
628 TCP_EVENT_ERR(pcb->state, pcb->errf, pcb->callback_arg, ERR_CLSD);
629 }
630 tcp_pcb_remove(&tcp_active_pcbs, pcb);
631 tcp_free(pcb);
632 return 1;
633 }
634 return 0;
635 }
636
637 /**
638 * Called by tcp_input() when a segment arrives for a listening
639 * connection (from tcp_input()).
640 *
641 * @param pcb the tcp_pcb_listen for which a segment arrived
642 *
643 * @note the segment which arrived is saved in global variables, therefore only the pcb
644 * involved is passed as a parameter to this function
645 */
646 static void
647 tcp_listen_input(struct tcp_pcb_listen *pcb)
648 {
649 struct tcp_pcb *npcb;
650 u32_t iss;
651 err_t rc;
652
653 if (flags & TCP_RST) {
654 /* An incoming RST should be ignored. Return. */
655 return;
656 }
657
658 LWIP_ASSERT("tcp_listen_input: invalid pcb", pcb != NULL);
659
660 #ifdef LOSCFG_NET_CONTAINER
661 struct net_group *group = get_net_group_from_tcp_pcb((struct tcp_pcb *)pcb);
662 #endif
663 /* In the LISTEN state, we check for incoming SYN segments,
664 creates a new PCB, and responds with a SYN|ACK. */
665 if (flags & TCP_ACK) {
666 /* For incoming segments with the ACK flag set, respond with a
667 RST. */
668 LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_listen_input: ACK in LISTEN, sending reset\n"));
669 tcp_rst_netif(ip_data.current_input_netif, ackno, seqno + tcplen, ip_current_dest_addr(),
670 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
671 } else if (flags & TCP_SYN) {
672 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection request %"U16_F" -> %"U16_F".\n", tcphdr->src, tcphdr->dest));
673 #if TCP_LISTEN_BACKLOG
674 if (pcb->accepts_pending >= pcb->backlog) {
675 LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: listen backlog exceeded for port %"U16_F"\n", tcphdr->dest));
676 return;
677 }
678 #endif /* TCP_LISTEN_BACKLOG */
679 npcb = tcp_alloc(pcb->prio);
680 /* If a new PCB could not be created (probably due to lack of memory),
681 we don't do anything, but rely on the sender will retransmit the
682 SYN at a time when we have more memory available. */
683 if (npcb == NULL) {
684 err_t err;
685 LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: could not allocate PCB\n"));
686 TCP_STATS_INC(tcp.memerr);
687 TCP_EVENT_ACCEPT(pcb, NULL, pcb->callback_arg, ERR_MEM, err);
688 LWIP_UNUSED_ARG(err); /* err not useful here */
689 return;
690 }
691 #ifdef LOSCFG_NET_CONTAINER
692 set_tcp_pcb_net_group(npcb, group);
693 #endif
694 #if TCP_LISTEN_BACKLOG
695 pcb->accepts_pending++;
696 tcp_set_flags(npcb, TF_BACKLOGPEND);
697 #endif /* TCP_LISTEN_BACKLOG */
698 /* Set up the new PCB. */
699 ip_addr_copy(npcb->local_ip, *ip_current_dest_addr());
700 ip_addr_copy(npcb->remote_ip, *ip_current_src_addr());
701 npcb->local_port = pcb->local_port;
702 npcb->remote_port = tcphdr->src;
703 npcb->state = SYN_RCVD;
704 npcb->rcv_nxt = seqno + 1;
705 npcb->rcv_ann_right_edge = npcb->rcv_nxt;
706 iss = tcp_next_iss(npcb);
707 npcb->snd_wl2 = iss;
708 npcb->snd_nxt = iss;
709 npcb->lastack = iss;
710 npcb->snd_lbb = iss;
711 npcb->snd_wl1 = seqno - 1;/* initialise to seqno-1 to force window update */
712 npcb->callback_arg = pcb->callback_arg;
713 #if LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG
714 npcb->listener = pcb;
715 #endif /* LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG */
716 #if LWIP_VLAN_PCP
717 npcb->netif_hints.tci = pcb->netif_hints.tci;
718 #endif /* LWIP_VLAN_PCP */
719 /* inherit socket options */
720 npcb->so_options = pcb->so_options & SOF_INHERITED;
721 npcb->netif_idx = pcb->netif_idx;
722 /* Register the new PCB so that we can begin receiving segments
723 for it. */
724 TCP_REG_ACTIVE(npcb);
725
726 /* Parse any options in the SYN. */
727 tcp_parseopt(npcb);
728 npcb->snd_wnd = tcphdr->wnd;
729 npcb->snd_wnd_max = npcb->snd_wnd;
730
731 #if TCP_CALCULATE_EFF_SEND_MSS
732 #ifdef LOSCFG_NET_CONTAINER
733 npcb->mss = tcp_eff_send_mss(npcb->mss, &npcb->local_ip, &npcb->remote_ip, group);
734 #else
735 npcb->mss = tcp_eff_send_mss(npcb->mss, &npcb->local_ip, &npcb->remote_ip);
736 #endif
737 #endif /* TCP_CALCULATE_EFF_SEND_MSS */
738
739 MIB2_STATS_INC(mib2.tcppassiveopens);
740
741 #if LWIP_TCP_PCB_NUM_EXT_ARGS
742 if (tcp_ext_arg_invoke_callbacks_passive_open(pcb, npcb) != ERR_OK) {
743 tcp_abandon(npcb, 0);
744 return;
745 }
746 #endif
747
748 /* Send a SYN|ACK together with the MSS option. */
749 rc = tcp_enqueue_flags(npcb, TCP_SYN | TCP_ACK);
750 if (rc != ERR_OK) {
751 tcp_abandon(npcb, 0);
752 return;
753 }
754 tcp_output(npcb);
755 }
756 return;
757 }
758
759 /**
760 * Called by tcp_input() when a segment arrives for a connection in
761 * TIME_WAIT.
762 *
763 * @param pcb the tcp_pcb for which a segment arrived
764 *
765 * @note the segment which arrived is saved in global variables, therefore only the pcb
766 * involved is passed as a parameter to this function
767 */
768 static void
769 tcp_timewait_input(struct tcp_pcb *pcb)
770 {
771 /* RFC 1337: in TIME_WAIT, ignore RST and ACK FINs + any 'acceptable' segments */
772 /* RFC 793 3.9 Event Processing - Segment Arrives:
773 * - first check sequence number - we skip that one in TIME_WAIT (always
774 * acceptable since we only send ACKs)
775 * - second check the RST bit (... return) */
776 if (flags & TCP_RST) {
777 return;
778 }
779
780 LWIP_ASSERT("tcp_timewait_input: invalid pcb", pcb != NULL);
781
782 /* - fourth, check the SYN bit, */
783 if (flags & TCP_SYN) {
784 /* If an incoming segment is not acceptable, an acknowledgment
785 should be sent in reply */
786 if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd)) {
787 /* If the SYN is in the window it is an error, send a reset */
788 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
789 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
790 return;
791 }
792 } else if (flags & TCP_FIN) {
793 /* - eighth, check the FIN bit: Remain in the TIME-WAIT state.
794 Restart the 2 MSL time-wait timeout.*/
795 pcb->tmr = tcp_ticks;
796 }
797
798 if ((tcplen > 0)) {
799 /* Acknowledge data, FIN or out-of-window SYN */
800 tcp_ack_now(pcb);
801 tcp_output(pcb);
802 }
803 return;
804 }
805
806 /**
807 * Implements the TCP state machine. Called by tcp_input. In some
808 * states tcp_receive() is called to receive data. The tcp_seg
809 * argument will be freed by the caller (tcp_input()) unless the
810 * recv_data pointer in the pcb is set.
811 *
812 * @param pcb the tcp_pcb for which a segment arrived
813 *
814 * @note the segment which arrived is saved in global variables, therefore only the pcb
815 * involved is passed as a parameter to this function
816 */
817 static err_t
818 tcp_process(struct tcp_pcb *pcb)
819 {
820 struct tcp_seg *rseg;
821 u8_t acceptable = 0;
822 err_t err;
823
824 err = ERR_OK;
825 #ifdef LOSCFG_NET_CONTAINER
826 struct net_group *group = get_net_group_from_tcp_pcb(pcb);
827 #endif
828
829 LWIP_ASSERT("tcp_process: invalid pcb", pcb != NULL);
830
831 /* Process incoming RST segments. */
832 if (flags & TCP_RST) {
833 /* First, determine if the reset is acceptable. */
834 if (pcb->state == SYN_SENT) {
835 /* "In the SYN-SENT state (a RST received in response to an initial SYN),
836 the RST is acceptable if the ACK field acknowledges the SYN." */
837 if (ackno == pcb->snd_nxt) {
838 acceptable = 1;
839 }
840 } else {
841 /* "In all states except SYN-SENT, all reset (RST) segments are validated
842 by checking their SEQ-fields." */
843 if (seqno == pcb->rcv_nxt) {
844 acceptable = 1;
845 } else if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt,
846 pcb->rcv_nxt + pcb->rcv_wnd)) {
847 /* If the sequence number is inside the window, we send a challenge ACK
848 and wait for a re-send with matching sequence number.
849 This follows RFC 5961 section 3.2 and addresses CVE-2004-0230
850 (RST spoofing attack), which is present in RFC 793 RST handling. */
851 tcp_ack_now(pcb);
852 }
853 }
854
855 if (acceptable) {
856 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: Connection RESET\n"));
857 LWIP_ASSERT("tcp_input: pcb->state != CLOSED", pcb->state != CLOSED);
858 recv_flags |= TF_RESET;
859 tcp_clear_flags(pcb, TF_ACK_DELAY);
860 return ERR_RST;
861 } else {
862 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
863 seqno, pcb->rcv_nxt));
864 LWIP_DEBUGF(TCP_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
865 seqno, pcb->rcv_nxt));
866 return ERR_OK;
867 }
868 }
869
870 if ((flags & TCP_SYN) && (pcb->state != SYN_SENT && pcb->state != SYN_RCVD)) {
871 /* Cope with new connection attempt after remote end crashed */
872 tcp_ack_now(pcb);
873 return ERR_OK;
874 }
875
876 if ((pcb->flags & TF_RXCLOSED) == 0) {
877 /* Update the PCB (in)activity timer unless rx is closed (see tcp_shutdown) */
878 pcb->tmr = tcp_ticks;
879 }
880 pcb->keep_cnt_sent = 0;
881 pcb->persist_probe = 0;
882
883 tcp_parseopt(pcb);
884
885 if (flags & TCP_SYN) {
886 /* accept SYN only in 2 states: */
887 if ((pcb->state != SYN_SENT) && (pcb->state != SYN_RCVD)) {
888 return ERR_OK;
889 }
890 }
891
892 /* Do different things depending on the TCP state. */
893 switch (pcb->state) {
894 case SYN_SENT:
895 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("SYN-SENT: ackno %"U32_F" pcb->snd_nxt %"U32_F" unacked %s %"U32_F"\n",
896 ackno, pcb->snd_nxt, pcb->unacked ? "" : " empty:",
897 pcb->unacked ? lwip_ntohl(pcb->unacked->tcphdr->seqno) : 0));
898 /* received SYN ACK with expected sequence number? */
899 if ((flags & TCP_ACK) && (flags & TCP_SYN)
900 && (ackno == pcb->lastack + 1)) {
901 pcb->rcv_nxt = seqno + 1;
902 pcb->rcv_ann_right_edge = pcb->rcv_nxt;
903 pcb->lastack = ackno;
904 pcb->snd_wnd = tcphdr->wnd;
905 pcb->snd_wnd_max = pcb->snd_wnd;
906 pcb->snd_wl1 = seqno - 1; /* initialise to seqno - 1 to force window update */
907 pcb->state = ESTABLISHED;
908
909 #if TCP_CALCULATE_EFF_SEND_MSS
910 #ifdef LOSCFG_NET_CONTAINER
911 pcb->mss = tcp_eff_send_mss(pcb->mss, &pcb->local_ip, &pcb->remote_ip, group);
912 #else
913 pcb->mss = tcp_eff_send_mss(pcb->mss, &pcb->local_ip, &pcb->remote_ip);
914 #endif
915 #endif /* TCP_CALCULATE_EFF_SEND_MSS */
916
917 pcb->cwnd = LWIP_TCP_CALC_INITIAL_CWND(pcb->mss);
918 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_process (SENT): cwnd %"TCPWNDSIZE_F
919 " ssthresh %"TCPWNDSIZE_F"\n",
920 pcb->cwnd, pcb->ssthresh));
921 LWIP_ASSERT("pcb->snd_queuelen > 0", (pcb->snd_queuelen > 0));
922 --pcb->snd_queuelen;
923 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_process: SYN-SENT --queuelen %"TCPWNDSIZE_F"\n", (tcpwnd_size_t)pcb->snd_queuelen));
924 rseg = pcb->unacked;
925 if (rseg == NULL) {
926 /* might happen if tcp_output fails in tcp_rexmit_rto()
927 in which case the segment is on the unsent list */
928 rseg = pcb->unsent;
929 LWIP_ASSERT("no segment to free", rseg != NULL);
930 pcb->unsent = rseg->next;
931 } else {
932 pcb->unacked = rseg->next;
933 }
934 tcp_seg_free(rseg);
935
936 /* If there's nothing left to acknowledge, stop the retransmit
937 timer, otherwise reset it to start again */
938 if (pcb->unacked == NULL) {
939 pcb->rtime = -1;
940 } else {
941 pcb->rtime = 0;
942 pcb->nrtx = 0;
943 }
944
945 /* Call the user specified function to call when successfully
946 * connected. */
947 TCP_EVENT_CONNECTED(pcb, ERR_OK, err);
948 if (err == ERR_ABRT) {
949 return ERR_ABRT;
950 }
951 tcp_ack_now(pcb);
952 }
953 /* received ACK? possibly a half-open connection */
954 else if (flags & TCP_ACK) {
955 /* send a RST to bring the other side in a non-synchronized state. */
956 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
957 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
958 /* Resend SYN immediately (don't wait for rto timeout) to establish
959 connection faster, but do not send more SYNs than we otherwise would
960 have, or we might get caught in a loop on loopback interfaces. */
961 if (pcb->nrtx < TCP_SYNMAXRTX) {
962 pcb->rtime = 0;
963 tcp_rexmit_rto(pcb);
964 }
965 }
966 break;
967 case SYN_RCVD:
968 if (flags & TCP_SYN) {
969 if (seqno == pcb->rcv_nxt - 1) {
970 /* Looks like another copy of the SYN - retransmit our SYN-ACK */
971 tcp_rexmit(pcb);
972 }
973 } else if (flags & TCP_ACK) {
974 /* expected ACK number? */
975 if (TCP_SEQ_BETWEEN(ackno, pcb->lastack + 1, pcb->snd_nxt)) {
976 pcb->state = ESTABLISHED;
977 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection established %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
978 #if LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG
979 if (pcb->listener == NULL) {
980 /* listen pcb might be closed by now */
981 err = ERR_VAL;
982 } else
983 #endif /* LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG */
984 {
985 #if LWIP_CALLBACK_API
986 LWIP_ASSERT("pcb->listener->accept != NULL", pcb->listener->accept != NULL);
987 #endif
988 tcp_backlog_accepted(pcb);
989 /* Call the accept function. */
990 TCP_EVENT_ACCEPT(pcb->listener, pcb, pcb->callback_arg, ERR_OK, err);
991 }
992 if (err != ERR_OK) {
993 /* If the accept function returns with an error, we abort
994 * the connection. */
995 /* Already aborted? */
996 if (err != ERR_ABRT) {
997 tcp_abort(pcb);
998 }
999 return ERR_ABRT;
1000 }
1001 /* If there was any data contained within this ACK,
1002 * we'd better pass it on to the application as well. */
1003 tcp_receive(pcb);
1004
1005 /* Prevent ACK for SYN to generate a sent event */
1006 if (recv_acked != 0) {
1007 recv_acked--;
1008 }
1009
1010 pcb->cwnd = LWIP_TCP_CALC_INITIAL_CWND(pcb->mss);
1011 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_process (SYN_RCVD): cwnd %"TCPWNDSIZE_F
1012 " ssthresh %"TCPWNDSIZE_F"\n",
1013 pcb->cwnd, pcb->ssthresh));
1014
1015 if (recv_flags & TF_GOT_FIN) {
1016 tcp_ack_now(pcb);
1017 pcb->state = CLOSE_WAIT;
1018 }
1019 } else {
1020 /* incorrect ACK number, send RST */
1021 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
1022 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
1023 }
1024 }
1025 break;
1026 case CLOSE_WAIT:
1027 /* FALLTHROUGH */
1028 case ESTABLISHED:
1029 tcp_receive(pcb);
1030 if (recv_flags & TF_GOT_FIN) { /* passive close */
1031 tcp_ack_now(pcb);
1032 pcb->state = CLOSE_WAIT;
1033 }
1034 break;
1035 case FIN_WAIT_1:
1036 tcp_receive(pcb);
1037 if (recv_flags & TF_GOT_FIN) {
1038 if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt) &&
1039 pcb->unsent == NULL) {
1040 LWIP_DEBUGF(TCP_DEBUG,
1041 ("TCP connection closed: FIN_WAIT_1 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1042 tcp_ack_now(pcb);
1043 tcp_pcb_purge(pcb);
1044 TCP_RMV_ACTIVE(pcb);
1045 pcb->state = TIME_WAIT;
1046 TCP_REG(&tcp_tw_pcbs, pcb);
1047 } else {
1048 tcp_ack_now(pcb);
1049 pcb->state = CLOSING;
1050 }
1051 } else if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt) &&
1052 pcb->unsent == NULL) {
1053 pcb->state = FIN_WAIT_2;
1054 }
1055 break;
1056 case FIN_WAIT_2:
1057 tcp_receive(pcb);
1058 if (recv_flags & TF_GOT_FIN) {
1059 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: FIN_WAIT_2 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1060 tcp_ack_now(pcb);
1061 tcp_pcb_purge(pcb);
1062 TCP_RMV_ACTIVE(pcb);
1063 pcb->state = TIME_WAIT;
1064 TCP_REG(&tcp_tw_pcbs, pcb);
1065 }
1066 break;
1067 case CLOSING:
1068 tcp_receive(pcb);
1069 if ((flags & TCP_ACK) && ackno == pcb->snd_nxt && pcb->unsent == NULL) {
1070 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: CLOSING %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1071 tcp_pcb_purge(pcb);
1072 TCP_RMV_ACTIVE(pcb);
1073 pcb->state = TIME_WAIT;
1074 TCP_REG(&tcp_tw_pcbs, pcb);
1075 }
1076 break;
1077 case LAST_ACK:
1078 tcp_receive(pcb);
1079 if ((flags & TCP_ACK) && ackno == pcb->snd_nxt && pcb->unsent == NULL) {
1080 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: LAST_ACK %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1081 /* bugfix #21699: don't set pcb->state to CLOSED here or we risk leaking segments */
1082 recv_flags |= TF_CLOSED;
1083 }
1084 break;
1085 default:
1086 break;
1087 }
1088 return ERR_OK;
1089 }
1090
1091 #if TCP_QUEUE_OOSEQ
1092 /**
1093 * Insert segment into the list (segments covered with new one will be deleted)
1094 *
1095 * Called from tcp_receive()
1096 */
1097 static void
1098 tcp_oos_insert_segment(struct tcp_seg *cseg, struct tcp_seg *next)
1099 {
1100 struct tcp_seg *old_seg;
1101
1102 LWIP_ASSERT("tcp_oos_insert_segment: invalid cseg", cseg != NULL);
1103
1104 if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
1105 /* received segment overlaps all following segments */
1106 tcp_segs_free(next);
1107 next = NULL;
1108 } else {
1109 /* delete some following segments
1110 oos queue may have segments with FIN flag */
1111 while (next &&
1112 TCP_SEQ_GEQ((seqno + cseg->len),
1113 (next->tcphdr->seqno + next->len))) {
1114 /* cseg with FIN already processed */
1115 if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
1116 TCPH_SET_FLAG(cseg->tcphdr, TCP_FIN);
1117 }
1118 old_seg = next;
1119 next = next->next;
1120 tcp_seg_free(old_seg);
1121 }
1122 if (next &&
1123 TCP_SEQ_GT(seqno + cseg->len, next->tcphdr->seqno)) {
1124 /* We need to trim the incoming segment. */
1125 cseg->len = (u16_t)(next->tcphdr->seqno - seqno);
1126 pbuf_realloc(cseg->p, cseg->len);
1127 }
1128 }
1129 cseg->next = next;
1130 }
1131 #endif /* TCP_QUEUE_OOSEQ */
1132
1133 /** Remove segments from a list if the incoming ACK acknowledges them */
1134 static struct tcp_seg *
1135 tcp_free_acked_segments(struct tcp_pcb *pcb, struct tcp_seg *seg_list, const char *dbg_list_name,
1136 struct tcp_seg *dbg_other_seg_list)
1137 {
1138 struct tcp_seg *next;
1139 u16_t clen;
1140
1141 LWIP_UNUSED_ARG(dbg_list_name);
1142 LWIP_UNUSED_ARG(dbg_other_seg_list);
1143
1144 while (seg_list != NULL &&
1145 TCP_SEQ_LEQ(lwip_ntohl(seg_list->tcphdr->seqno) +
1146 TCP_TCPLEN(seg_list), ackno)) {
1147 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: removing %"U32_F":%"U32_F" from pcb->%s\n",
1148 lwip_ntohl(seg_list->tcphdr->seqno),
1149 lwip_ntohl(seg_list->tcphdr->seqno) + TCP_TCPLEN(seg_list),
1150 dbg_list_name));
1151
1152 next = seg_list;
1153 seg_list = seg_list->next;
1154
1155 clen = pbuf_clen(next->p);
1156 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_receive: queuelen %"TCPWNDSIZE_F" ... ",
1157 (tcpwnd_size_t)pcb->snd_queuelen));
1158 LWIP_ASSERT("pcb->snd_queuelen >= pbuf_clen(next->p)", (pcb->snd_queuelen >= clen));
1159
1160 pcb->snd_queuelen = (u16_t)(pcb->snd_queuelen - clen);
1161 recv_acked = (tcpwnd_size_t)(recv_acked + next->len);
1162 tcp_seg_free(next);
1163
1164 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("%"TCPWNDSIZE_F" (after freeing %s)\n",
1165 (tcpwnd_size_t)pcb->snd_queuelen,
1166 dbg_list_name));
1167 if (pcb->snd_queuelen != 0) {
1168 LWIP_ASSERT("tcp_receive: valid queue length",
1169 seg_list != NULL || dbg_other_seg_list != NULL);
1170 }
1171 }
1172 return seg_list;
1173 }
1174
1175 /**
1176 * Called by tcp_process. Checks if the given segment is an ACK for outstanding
1177 * data, and if so frees the memory of the buffered data. Next, it places the
1178 * segment on any of the receive queues (pcb->recved or pcb->ooseq). If the segment
1179 * is buffered, the pbuf is referenced by pbuf_ref so that it will not be freed until
1180 * it has been removed from the buffer.
1181 *
1182 * If the incoming segment constitutes an ACK for a segment that was used for RTT
1183 * estimation, the RTT is estimated here as well.
1184 *
1185 * Called from tcp_process().
1186 */
1187 static void
1188 tcp_receive(struct tcp_pcb *pcb)
1189 {
1190 s16_t m;
1191 u32_t right_wnd_edge;
1192
1193 LWIP_ASSERT("tcp_receive: invalid pcb", pcb != NULL);
1194 LWIP_ASSERT("tcp_receive: wrong state", pcb->state >= ESTABLISHED);
1195
1196 if (flags & TCP_ACK) {
1197 right_wnd_edge = pcb->snd_wnd + pcb->snd_wl2;
1198
1199 /* Update window. */
1200 if (TCP_SEQ_LT(pcb->snd_wl1, seqno) ||
1201 (pcb->snd_wl1 == seqno && TCP_SEQ_LT(pcb->snd_wl2, ackno)) ||
1202 (pcb->snd_wl2 == ackno && (u32_t)SND_WND_SCALE(pcb, tcphdr->wnd) > pcb->snd_wnd)) {
1203 pcb->snd_wnd = SND_WND_SCALE(pcb, tcphdr->wnd);
1204 /* keep track of the biggest window announced by the remote host to calculate
1205 the maximum segment size */
1206 if (pcb->snd_wnd_max < pcb->snd_wnd) {
1207 pcb->snd_wnd_max = pcb->snd_wnd;
1208 }
1209 pcb->snd_wl1 = seqno;
1210 pcb->snd_wl2 = ackno;
1211 LWIP_DEBUGF(TCP_WND_DEBUG, ("tcp_receive: window update %"TCPWNDSIZE_F"\n", pcb->snd_wnd));
1212 #if TCP_WND_DEBUG
1213 } else {
1214 if (pcb->snd_wnd != (tcpwnd_size_t)SND_WND_SCALE(pcb, tcphdr->wnd)) {
1215 LWIP_DEBUGF(TCP_WND_DEBUG,
1216 ("tcp_receive: no window update lastack %"U32_F" ackno %"
1217 U32_F" wl1 %"U32_F" seqno %"U32_F" wl2 %"U32_F"\n",
1218 pcb->lastack, ackno, pcb->snd_wl1, seqno, pcb->snd_wl2));
1219 }
1220 #endif /* TCP_WND_DEBUG */
1221 }
1222
1223 /* (From Stevens TCP/IP Illustrated Vol II, p970.) Its only a
1224 * duplicate ack if:
1225 * 1) It doesn't ACK new data
1226 * 2) length of received packet is zero (i.e. no payload)
1227 * 3) the advertised window hasn't changed
1228 * 4) There is outstanding unacknowledged data (retransmission timer running)
1229 * 5) The ACK is == biggest ACK sequence number so far seen (snd_una)
1230 *
1231 * If it passes all five, should process as a dupack:
1232 * a) dupacks < 3: do nothing
1233 * b) dupacks == 3: fast retransmit
1234 * c) dupacks > 3: increase cwnd
1235 *
1236 * If it only passes 1-3, should reset dupack counter (and add to
1237 * stats, which we don't do in lwIP)
1238 *
1239 * If it only passes 1, should reset dupack counter
1240 *
1241 */
1242
1243 /* Clause 1 */
1244 if (TCP_SEQ_LEQ(ackno, pcb->lastack)) {
1245 /* Clause 2 */
1246 if (tcplen == 0) {
1247 /* Clause 3 */
1248 if (pcb->snd_wl2 + pcb->snd_wnd == right_wnd_edge) {
1249 /* Clause 4 */
1250 if (pcb->rtime >= 0) {
1251 /* Clause 5 */
1252 if (pcb->lastack == ackno) {
1253 if ((u8_t)(pcb->dupacks + 1) > pcb->dupacks) {
1254 ++pcb->dupacks;
1255 }
1256 if (pcb->dupacks > 3) {
1257 /* Inflate the congestion window */
1258 TCP_WND_INC(pcb->cwnd, pcb->mss);
1259 }
1260 if (pcb->dupacks >= 3) {
1261 /* Do fast retransmit (checked via TF_INFR, not via dupacks count) */
1262 tcp_rexmit_fast(pcb);
1263 }
1264 }
1265 }
1266 }
1267 }
1268 } else if (TCP_SEQ_BETWEEN(ackno, pcb->lastack + 1, pcb->snd_nxt)) {
1269 /* We come here when the ACK acknowledges new data. */
1270 tcpwnd_size_t acked;
1271
1272 /* Reset the "IN Fast Retransmit" flag, since we are no longer
1273 in fast retransmit. Also reset the congestion window to the
1274 slow start threshold. */
1275 if (pcb->flags & TF_INFR) {
1276 tcp_clear_flags(pcb, TF_INFR);
1277 pcb->cwnd = pcb->ssthresh;
1278 pcb->bytes_acked = 0;
1279 }
1280
1281 /* Reset the number of retransmissions. */
1282 pcb->nrtx = 0;
1283
1284 /* Reset the retransmission time-out. */
1285 pcb->rto = (s16_t)((pcb->sa >> 3) + pcb->sv);
1286
1287 /* Record how much data this ACK acks */
1288 acked = (tcpwnd_size_t)(ackno - pcb->lastack);
1289
1290 /* Reset the fast retransmit variables. */
1291 pcb->dupacks = 0;
1292 pcb->lastack = ackno;
1293
1294 /* Update the congestion control variables (cwnd and
1295 ssthresh). */
1296 if (pcb->state >= ESTABLISHED) {
1297 if (pcb->cwnd < pcb->ssthresh) {
1298 tcpwnd_size_t increase;
1299 /* limit to 1 SMSS segment during period following RTO */
1300 u8_t num_seg = (pcb->flags & TF_RTO) ? 1 : 2;
1301 /* RFC 3465, section 2.2 Slow Start */
1302 increase = LWIP_MIN(acked, (tcpwnd_size_t)(num_seg * pcb->mss));
1303 TCP_WND_INC(pcb->cwnd, increase);
1304 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: slow start cwnd %"TCPWNDSIZE_F"\n", pcb->cwnd));
1305 } else {
1306 /* RFC 3465, section 2.1 Congestion Avoidance */
1307 TCP_WND_INC(pcb->bytes_acked, acked);
1308 if (pcb->bytes_acked >= pcb->cwnd) {
1309 pcb->bytes_acked = (tcpwnd_size_t)(pcb->bytes_acked - pcb->cwnd);
1310 TCP_WND_INC(pcb->cwnd, pcb->mss);
1311 }
1312 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: congestion avoidance cwnd %"TCPWNDSIZE_F"\n", pcb->cwnd));
1313 }
1314 }
1315 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: ACK for %"U32_F", unacked->seqno %"U32_F":%"U32_F"\n",
1316 ackno,
1317 pcb->unacked != NULL ?
1318 lwip_ntohl(pcb->unacked->tcphdr->seqno) : 0,
1319 pcb->unacked != NULL ?
1320 lwip_ntohl(pcb->unacked->tcphdr->seqno) + TCP_TCPLEN(pcb->unacked) : 0));
1321
1322 /* Remove segment from the unacknowledged list if the incoming
1323 ACK acknowledges them. */
1324 pcb->unacked = tcp_free_acked_segments(pcb, pcb->unacked, "unacked", pcb->unsent);
1325 /* We go through the ->unsent list to see if any of the segments
1326 on the list are acknowledged by the ACK. This may seem
1327 strange since an "unsent" segment shouldn't be acked. The
1328 rationale is that lwIP puts all outstanding segments on the
1329 ->unsent list after a retransmission, so these segments may
1330 in fact have been sent once. */
1331 pcb->unsent = tcp_free_acked_segments(pcb, pcb->unsent, "unsent", pcb->unacked);
1332
1333 /* If there's nothing left to acknowledge, stop the retransmit
1334 timer, otherwise reset it to start again */
1335 if (pcb->unacked == NULL) {
1336 pcb->rtime = -1;
1337 } else {
1338 pcb->rtime = 0;
1339 }
1340
1341 pcb->polltmr = 0;
1342
1343 #if TCP_OVERSIZE
1344 if (pcb->unsent == NULL) {
1345 pcb->unsent_oversize = 0;
1346 }
1347 #endif /* TCP_OVERSIZE */
1348
1349 #if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
1350 if (ip_current_is_v6()) {
1351 /* Inform neighbor reachability of forward progress. */
1352 nd6_reachability_hint(ip6_current_src_addr());
1353 }
1354 #endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
1355
1356 pcb->snd_buf = (tcpwnd_size_t)(pcb->snd_buf + recv_acked);
1357 /* check if this ACK ends our retransmission of in-flight data */
1358 if (pcb->flags & TF_RTO) {
1359 /* RTO is done if
1360 1) both queues are empty or
1361 2) unacked is empty and unsent head contains data not part of RTO or
1362 3) unacked head contains data not part of RTO */
1363 if (pcb->unacked == NULL) {
1364 if ((pcb->unsent == NULL) ||
1365 (TCP_SEQ_LEQ(pcb->rto_end, lwip_ntohl(pcb->unsent->tcphdr->seqno)))) {
1366 tcp_clear_flags(pcb, TF_RTO);
1367 }
1368 } else if (TCP_SEQ_LEQ(pcb->rto_end, lwip_ntohl(pcb->unacked->tcphdr->seqno))) {
1369 tcp_clear_flags(pcb, TF_RTO);
1370 }
1371 }
1372 /* End of ACK for new data processing. */
1373 } else {
1374 /* Out of sequence ACK, didn't really ack anything */
1375 tcp_send_empty_ack(pcb);
1376 }
1377
1378 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: pcb->rttest %"U32_F" rtseq %"U32_F" ackno %"U32_F"\n",
1379 pcb->rttest, pcb->rtseq, ackno));
1380
1381 /* RTT estimation calculations. This is done by checking if the
1382 incoming segment acknowledges the segment we use to take a
1383 round-trip time measurement. */
1384 if (pcb->rttest && TCP_SEQ_LT(pcb->rtseq, ackno)) {
1385 /* diff between this shouldn't exceed 32K since this are tcp timer ticks
1386 and a round-trip shouldn't be that long... */
1387 m = (s16_t)(tcp_ticks - pcb->rttest);
1388
1389 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: experienced rtt %"U16_F" ticks (%"U16_F" msec).\n",
1390 m, (u16_t)(m * TCP_SLOW_INTERVAL)));
1391
1392 /* This is taken directly from VJs original code in his paper */
1393 m = (s16_t)(m - (pcb->sa >> 3));
1394 pcb->sa = (s16_t)(pcb->sa + m);
1395 if (m < 0) {
1396 m = (s16_t) - m;
1397 }
1398 m = (s16_t)(m - (pcb->sv >> 2));
1399 pcb->sv = (s16_t)(pcb->sv + m);
1400 pcb->rto = (s16_t)((pcb->sa >> 3) + pcb->sv);
1401
1402 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: RTO %"U16_F" (%"U16_F" milliseconds)\n",
1403 pcb->rto, (u16_t)(pcb->rto * TCP_SLOW_INTERVAL)));
1404
1405 pcb->rttest = 0;
1406 }
1407 }
1408
1409 /* If the incoming segment contains data, we must process it
1410 further unless the pcb already received a FIN.
1411 (RFC 793, chapter 3.9, "SEGMENT ARRIVES" in states CLOSE-WAIT, CLOSING,
1412 LAST-ACK and TIME-WAIT: "Ignore the segment text.") */
1413 if ((tcplen > 0) && (pcb->state < CLOSE_WAIT)) {
1414 /* This code basically does three things:
1415
1416 +) If the incoming segment contains data that is the next
1417 in-sequence data, this data is passed to the application. This
1418 might involve trimming the first edge of the data. The rcv_nxt
1419 variable and the advertised window are adjusted.
1420
1421 +) If the incoming segment has data that is above the next
1422 sequence number expected (->rcv_nxt), the segment is placed on
1423 the ->ooseq queue. This is done by finding the appropriate
1424 place in the ->ooseq queue (which is ordered by sequence
1425 number) and trim the segment in both ends if needed. An
1426 immediate ACK is sent to indicate that we received an
1427 out-of-sequence segment.
1428
1429 +) Finally, we check if the first segment on the ->ooseq queue
1430 now is in sequence (i.e., if rcv_nxt >= ooseq->seqno). If
1431 rcv_nxt > ooseq->seqno, we must trim the first edge of the
1432 segment on ->ooseq before we adjust rcv_nxt. The data in the
1433 segments that are now on sequence are chained onto the
1434 incoming segment so that we only need to call the application
1435 once.
1436 */
1437
1438 /* First, we check if we must trim the first edge. We have to do
1439 this if the sequence number of the incoming segment is less
1440 than rcv_nxt, and the sequence number plus the length of the
1441 segment is larger than rcv_nxt. */
1442 /* if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)) {
1443 if (TCP_SEQ_LT(pcb->rcv_nxt, seqno + tcplen)) {*/
1444 if (TCP_SEQ_BETWEEN(pcb->rcv_nxt, seqno + 1, seqno + tcplen - 1)) {
1445 /* Trimming the first edge is done by pushing the payload
1446 pointer in the pbuf downwards. This is somewhat tricky since
1447 we do not want to discard the full contents of the pbuf up to
1448 the new starting point of the data since we have to keep the
1449 TCP header which is present in the first pbuf in the chain.
1450
1451 What is done is really quite a nasty hack: the first pbuf in
1452 the pbuf chain is pointed to by inseg.p. Since we need to be
1453 able to deallocate the whole pbuf, we cannot change this
1454 inseg.p pointer to point to any of the later pbufs in the
1455 chain. Instead, we point the ->payload pointer in the first
1456 pbuf to data in one of the later pbufs. We also set the
1457 inseg.data pointer to point to the right place. This way, the
1458 ->p pointer will still point to the first pbuf, but the
1459 ->p->payload pointer will point to data in another pbuf.
1460
1461 After we are done with adjusting the pbuf pointers we must
1462 adjust the ->data pointer in the seg and the segment
1463 length.*/
1464
1465 struct pbuf *p = inseg.p;
1466 u32_t off32 = pcb->rcv_nxt - seqno;
1467 u16_t new_tot_len, off;
1468 LWIP_ASSERT("inseg.p != NULL", inseg.p);
1469 LWIP_ASSERT("insane offset!", (off32 < 0xffff));
1470 off = (u16_t)off32;
1471 LWIP_ASSERT("pbuf too short!", (((s32_t)inseg.p->tot_len) >= off));
1472 inseg.len -= off;
1473 new_tot_len = (u16_t)(inseg.p->tot_len - off);
1474 while (p->len < off) {
1475 off -= p->len;
1476 /* all pbufs up to and including this one have len==0, so tot_len is equal */
1477 p->tot_len = new_tot_len;
1478 p->len = 0;
1479 p = p->next;
1480 }
1481 /* cannot fail... */
1482 pbuf_remove_header(p, off);
1483 inseg.tcphdr->seqno = seqno = pcb->rcv_nxt;
1484 } else {
1485 if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)) {
1486 /* the whole segment is < rcv_nxt */
1487 /* must be a duplicate of a packet that has already been correctly handled */
1488
1489 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: duplicate seqno %"U32_F"\n", seqno));
1490 tcp_ack_now(pcb);
1491 }
1492 }
1493
1494 /* The sequence number must be within the window (above rcv_nxt
1495 and below rcv_nxt + rcv_wnd) in order to be further
1496 processed. */
1497 if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt,
1498 pcb->rcv_nxt + pcb->rcv_wnd - 1)) {
1499 if (pcb->rcv_nxt == seqno) {
1500 /* The incoming segment is the next in sequence. We check if
1501 we have to trim the end of the segment and update rcv_nxt
1502 and pass the data to the application. */
1503 tcplen = TCP_TCPLEN(&inseg);
1504
1505 if (tcplen > pcb->rcv_wnd) {
1506 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1507 ("tcp_receive: other end overran receive window"
1508 "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
1509 seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
1510 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1511 /* Must remove the FIN from the header as we're trimming
1512 * that byte of sequence-space from the packet */
1513 TCPH_FLAGS_SET(inseg.tcphdr, TCPH_FLAGS(inseg.tcphdr) & ~(unsigned int)TCP_FIN);
1514 }
1515 /* Adjust length of segment to fit in the window. */
1516 TCPWND_CHECK16(pcb->rcv_wnd);
1517 inseg.len = (u16_t)pcb->rcv_wnd;
1518 if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
1519 inseg.len -= 1;
1520 }
1521 pbuf_realloc(inseg.p, inseg.len);
1522 tcplen = TCP_TCPLEN(&inseg);
1523 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd",
1524 (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
1525 }
1526 #if TCP_QUEUE_OOSEQ
1527 /* Received in-sequence data, adjust ooseq data if:
1528 - FIN has been received or
1529 - inseq overlaps with ooseq */
1530 if (pcb->ooseq != NULL) {
1531 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1532 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1533 ("tcp_receive: received in-order FIN, binning ooseq queue\n"));
1534 /* Received in-order FIN means anything that was received
1535 * out of order must now have been received in-order, so
1536 * bin the ooseq queue */
1537 while (pcb->ooseq != NULL) {
1538 struct tcp_seg *old_ooseq = pcb->ooseq;
1539 pcb->ooseq = pcb->ooseq->next;
1540 tcp_seg_free(old_ooseq);
1541 }
1542 } else {
1543 struct tcp_seg *next = pcb->ooseq;
1544 /* Remove all segments on ooseq that are covered by inseg already.
1545 * FIN is copied from ooseq to inseg if present. */
1546 while (next &&
1547 TCP_SEQ_GEQ(seqno + tcplen,
1548 next->tcphdr->seqno + next->len)) {
1549 struct tcp_seg *tmp;
1550 /* inseg cannot have FIN here (already processed above) */
1551 if ((TCPH_FLAGS(next->tcphdr) & TCP_FIN) != 0 &&
1552 (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) == 0) {
1553 TCPH_SET_FLAG(inseg.tcphdr, TCP_FIN);
1554 tcplen = TCP_TCPLEN(&inseg);
1555 }
1556 tmp = next;
1557 next = next->next;
1558 tcp_seg_free(tmp);
1559 }
1560 /* Now trim right side of inseg if it overlaps with the first
1561 * segment on ooseq */
1562 if (next &&
1563 TCP_SEQ_GT(seqno + tcplen,
1564 next->tcphdr->seqno)) {
1565 /* inseg cannot have FIN here (already processed above) */
1566 inseg.len = (u16_t)(next->tcphdr->seqno - seqno);
1567 if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
1568 inseg.len -= 1;
1569 }
1570 pbuf_realloc(inseg.p, inseg.len);
1571 tcplen = TCP_TCPLEN(&inseg);
1572 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to ooseq queue",
1573 (seqno + tcplen) == next->tcphdr->seqno);
1574 }
1575 pcb->ooseq = next;
1576 }
1577 }
1578 #endif /* TCP_QUEUE_OOSEQ */
1579
1580 pcb->rcv_nxt = seqno + tcplen;
1581
1582 /* Update the receiver's (our) window. */
1583 LWIP_ASSERT("tcp_receive: tcplen > rcv_wnd", pcb->rcv_wnd >= tcplen);
1584 pcb->rcv_wnd -= tcplen;
1585
1586 tcp_update_rcv_ann_wnd(pcb);
1587
1588 /* If there is data in the segment, we make preparations to
1589 pass this up to the application. The ->recv_data variable
1590 is used for holding the pbuf that goes to the
1591 application. The code for reassembling out-of-sequence data
1592 chains its data on this pbuf as well.
1593
1594 If the segment was a FIN, we set the TF_GOT_FIN flag that will
1595 be used to indicate to the application that the remote side has
1596 closed its end of the connection. */
1597 if (inseg.p->tot_len > 0) {
1598 recv_data = inseg.p;
1599 /* Since this pbuf now is the responsibility of the
1600 application, we delete our reference to it so that we won't
1601 (mistakenly) deallocate it. */
1602 inseg.p = NULL;
1603 }
1604 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1605 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: received FIN.\n"));
1606 recv_flags |= TF_GOT_FIN;
1607 }
1608
1609 #if TCP_QUEUE_OOSEQ
1610 /* We now check if we have segments on the ->ooseq queue that
1611 are now in sequence. */
1612 while (pcb->ooseq != NULL &&
1613 pcb->ooseq->tcphdr->seqno == pcb->rcv_nxt) {
1614
1615 struct tcp_seg *cseg = pcb->ooseq;
1616 seqno = pcb->ooseq->tcphdr->seqno;
1617
1618 pcb->rcv_nxt += TCP_TCPLEN(cseg);
1619 LWIP_ASSERT("tcp_receive: ooseq tcplen > rcv_wnd",
1620 pcb->rcv_wnd >= TCP_TCPLEN(cseg));
1621 pcb->rcv_wnd -= TCP_TCPLEN(cseg);
1622
1623 tcp_update_rcv_ann_wnd(pcb);
1624
1625 if (cseg->p->tot_len > 0) {
1626 /* Chain this pbuf onto the pbuf that we will pass to
1627 the application. */
1628 /* With window scaling, this can overflow recv_data->tot_len, but
1629 that's not a problem since we explicitly fix that before passing
1630 recv_data to the application. */
1631 if (recv_data) {
1632 pbuf_cat(recv_data, cseg->p);
1633 } else {
1634 recv_data = cseg->p;
1635 }
1636 cseg->p = NULL;
1637 }
1638 if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
1639 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: dequeued FIN.\n"));
1640 recv_flags |= TF_GOT_FIN;
1641 if (pcb->state == ESTABLISHED) { /* force passive close or we can move to active close */
1642 pcb->state = CLOSE_WAIT;
1643 }
1644 }
1645
1646 pcb->ooseq = cseg->next;
1647 tcp_seg_free(cseg);
1648 }
1649 #if LWIP_TCP_SACK_OUT
1650 if (pcb->flags & TF_SACK) {
1651 if (pcb->ooseq != NULL) {
1652 /* Some segments may have been removed from ooseq, let's remove all SACKs that
1653 describe anything before the new beginning of that list. */
1654 tcp_remove_sacks_lt(pcb, pcb->ooseq->tcphdr->seqno);
1655 } else if (LWIP_TCP_SACK_VALID(pcb, 0)) {
1656 /* ooseq has been cleared. Nothing to SACK */
1657 memset(pcb->rcv_sacks, 0, sizeof(pcb->rcv_sacks));
1658 }
1659 }
1660 #endif /* LWIP_TCP_SACK_OUT */
1661 #endif /* TCP_QUEUE_OOSEQ */
1662
1663
1664 /* Acknowledge the segment(s). */
1665 tcp_ack(pcb);
1666
1667 #if LWIP_TCP_SACK_OUT
1668 if (LWIP_TCP_SACK_VALID(pcb, 0)) {
1669 /* Normally the ACK for the data received could be piggy-backed on a data packet,
1670 but lwIP currently does not support including SACKs in data packets. So we force
1671 it to respond with an empty ACK packet (only if there is at least one SACK to be sent).
1672 NOTE: tcp_send_empty_ack() on success clears the ACK flags (set by tcp_ack()) */
1673 tcp_send_empty_ack(pcb);
1674 }
1675 #endif /* LWIP_TCP_SACK_OUT */
1676
1677 #if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
1678 if (ip_current_is_v6()) {
1679 /* Inform neighbor reachability of forward progress. */
1680 nd6_reachability_hint(ip6_current_src_addr());
1681 }
1682 #endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
1683
1684 } else {
1685 /* We get here if the incoming segment is out-of-sequence. */
1686
1687 #if TCP_QUEUE_OOSEQ
1688 /* We queue the segment on the ->ooseq queue. */
1689 if (pcb->ooseq == NULL) {
1690 pcb->ooseq = tcp_seg_copy(&inseg);
1691 #if LWIP_TCP_SACK_OUT
1692 if (pcb->flags & TF_SACK) {
1693 /* All the SACKs should be invalid, so we can simply store the most recent one: */
1694 pcb->rcv_sacks[0].left = seqno;
1695 pcb->rcv_sacks[0].right = seqno + inseg.len;
1696 }
1697 #endif /* LWIP_TCP_SACK_OUT */
1698 } else {
1699 /* If the queue is not empty, we walk through the queue and
1700 try to find a place where the sequence number of the
1701 incoming segment is between the sequence numbers of the
1702 previous and the next segment on the ->ooseq queue. That is
1703 the place where we put the incoming segment. If needed, we
1704 trim the second edges of the previous and the incoming
1705 segment so that it will fit into the sequence.
1706
1707 If the incoming segment has the same sequence number as a
1708 segment on the ->ooseq queue, we discard the segment that
1709 contains less data. */
1710
1711 #if LWIP_TCP_SACK_OUT
1712 /* This is the left edge of the lowest possible SACK range.
1713 It may start before the newly received segment (possibly adjusted below). */
1714 u32_t sackbeg = TCP_SEQ_LT(seqno, pcb->ooseq->tcphdr->seqno) ? seqno : pcb->ooseq->tcphdr->seqno;
1715 #endif /* LWIP_TCP_SACK_OUT */
1716 struct tcp_seg *next, *prev = NULL;
1717 for (next = pcb->ooseq; next != NULL; next = next->next) {
1718 if (seqno == next->tcphdr->seqno) {
1719 /* The sequence number of the incoming segment is the
1720 same as the sequence number of the segment on
1721 ->ooseq. We check the lengths to see which one to
1722 discard. */
1723 if (inseg.len > next->len) {
1724 struct tcp_seg* cseg;
1725
1726 /* If next segment is the last segment in ooseq
1727 and smaller than inseg, that means it has been
1728 trimmed before to fit our window, so we just
1729 break here. */
1730 if (next->next == NULL) {
1731 break;
1732 }
1733
1734 /* The incoming segment is larger than the old
1735 segment. We replace some segments with the new
1736 one. */
1737 cseg = tcp_seg_copy(&inseg);
1738 if (cseg != NULL) {
1739 if (prev != NULL) {
1740 prev->next = cseg;
1741 } else {
1742 pcb->ooseq = cseg;
1743 }
1744 tcp_oos_insert_segment(cseg, next);
1745 }
1746 break;
1747 } else {
1748 /* Either the lengths are the same or the incoming
1749 segment was smaller than the old one; in either
1750 case, we ditch the incoming segment. */
1751 break;
1752 }
1753 } else {
1754 if (prev == NULL) {
1755 if (TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {
1756 /* The sequence number of the incoming segment is lower
1757 than the sequence number of the first segment on the
1758 queue. We put the incoming segment first on the
1759 queue. */
1760 struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1761 if (cseg != NULL) {
1762 pcb->ooseq = cseg;
1763 tcp_oos_insert_segment(cseg, next);
1764 }
1765 break;
1766 }
1767 } else {
1768 /*if (TCP_SEQ_LT(prev->tcphdr->seqno, seqno) &&
1769 TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {*/
1770 if (TCP_SEQ_BETWEEN(seqno, prev->tcphdr->seqno + 1, next->tcphdr->seqno - 1)) {
1771 /* The sequence number of the incoming segment is in
1772 between the sequence numbers of the previous and
1773 the next segment on ->ooseq. We trim trim the previous
1774 segment, delete next segments that included in received segment
1775 and trim received, if needed. */
1776 struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1777 if (cseg != NULL) {
1778 if (TCP_SEQ_GT(prev->tcphdr->seqno + prev->len, seqno)) {
1779 /* We need to trim the prev segment. */
1780 prev->len = (u16_t)(seqno - prev->tcphdr->seqno);
1781 pbuf_realloc(prev->p, prev->len);
1782 }
1783 prev->next = cseg;
1784 tcp_oos_insert_segment(cseg, next);
1785 }
1786 break;
1787 }
1788 }
1789
1790 #if LWIP_TCP_SACK_OUT
1791 /* The new segment goes after the 'next' one. If there is a "hole" in sequence numbers
1792 between 'prev' and the beginning of 'next', we want to move sackbeg. */
1793 if (prev != NULL && prev->tcphdr->seqno + prev->len != next->tcphdr->seqno) {
1794 sackbeg = next->tcphdr->seqno;
1795 }
1796 #endif /* LWIP_TCP_SACK_OUT */
1797
1798 /* We don't use 'prev' below, so let's set it to current 'next'.
1799 This way even if we break the loop below, 'prev' will be pointing
1800 at the segment right in front of the newly added one. */
1801 prev = next;
1802
1803 /* If the "next" segment is the last segment on the
1804 ooseq queue, we add the incoming segment to the end
1805 of the list. */
1806 if (next->next == NULL &&
1807 TCP_SEQ_GT(seqno, next->tcphdr->seqno)) {
1808 if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
1809 /* segment "next" already contains all data */
1810 break;
1811 }
1812 next->next = tcp_seg_copy(&inseg);
1813 if (next->next != NULL) {
1814 if (TCP_SEQ_GT(next->tcphdr->seqno + next->len, seqno)) {
1815 /* We need to trim the last segment. */
1816 next->len = (u16_t)(seqno - next->tcphdr->seqno);
1817 pbuf_realloc(next->p, next->len);
1818 }
1819 /* check if the remote side overruns our receive window */
1820 if (TCP_SEQ_GT((u32_t)tcplen + seqno, pcb->rcv_nxt + (u32_t)pcb->rcv_wnd)) {
1821 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1822 ("tcp_receive: other end overran receive window"
1823 "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
1824 seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
1825 if (TCPH_FLAGS(next->next->tcphdr) & TCP_FIN) {
1826 /* Must remove the FIN from the header as we're trimming
1827 * that byte of sequence-space from the packet */
1828 TCPH_FLAGS_SET(next->next->tcphdr, TCPH_FLAGS(next->next->tcphdr) & ~TCP_FIN);
1829 }
1830 /* Adjust length of segment to fit in the window. */
1831 next->next->len = (u16_t)(pcb->rcv_nxt + pcb->rcv_wnd - seqno);
1832 pbuf_realloc(next->next->p, next->next->len);
1833 tcplen = TCP_TCPLEN(next->next);
1834 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd",
1835 (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
1836 }
1837 }
1838 break;
1839 }
1840 }
1841 }
1842
1843 #if LWIP_TCP_SACK_OUT
1844 if (pcb->flags & TF_SACK) {
1845 if (prev == NULL) {
1846 /* The new segment is at the beginning. sackbeg should already be set properly.
1847 We need to find the right edge. */
1848 next = pcb->ooseq;
1849 } else if (prev->next != NULL) {
1850 /* The new segment was added after 'prev'. If there is a "hole" between 'prev' and 'prev->next',
1851 we need to move sackbeg. After that we should find the right edge. */
1852 next = prev->next;
1853 if (prev->tcphdr->seqno + prev->len != next->tcphdr->seqno) {
1854 sackbeg = next->tcphdr->seqno;
1855 }
1856 } else {
1857 next = NULL;
1858 }
1859 if (next != NULL) {
1860 u32_t sackend = next->tcphdr->seqno;
1861 for ( ; (next != NULL) && (sackend == next->tcphdr->seqno); next = next->next) {
1862 sackend += next->len;
1863 }
1864 tcp_add_sack(pcb, sackbeg, sackend);
1865 }
1866 }
1867 #endif /* LWIP_TCP_SACK_OUT */
1868 }
1869 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
1870 {
1871 /* Check that the data on ooseq doesn't exceed one of the limits
1872 and throw away everything above that limit. */
1873 #ifdef TCP_OOSEQ_BYTES_LIMIT
1874 const u32_t ooseq_max_blen = TCP_OOSEQ_BYTES_LIMIT(pcb);
1875 u32_t ooseq_blen = 0;
1876 #endif
1877 #ifdef TCP_OOSEQ_PBUFS_LIMIT
1878 const u16_t ooseq_max_qlen = TCP_OOSEQ_PBUFS_LIMIT(pcb);
1879 u16_t ooseq_qlen = 0;
1880 #endif
1881 struct tcp_seg *next, *prev = NULL;
1882 for (next = pcb->ooseq; next != NULL; prev = next, next = next->next) {
1883 struct pbuf *p = next->p;
1884 int stop_here = 0;
1885 #ifdef TCP_OOSEQ_BYTES_LIMIT
1886 ooseq_blen += p->tot_len;
1887 if (ooseq_blen > ooseq_max_blen) {
1888 stop_here = 1;
1889 }
1890 #endif
1891 #ifdef TCP_OOSEQ_PBUFS_LIMIT
1892 ooseq_qlen += pbuf_clen(p);
1893 if (ooseq_qlen > ooseq_max_qlen) {
1894 stop_here = 1;
1895 }
1896 #endif
1897 if (stop_here) {
1898 #if LWIP_TCP_SACK_OUT
1899 if (pcb->flags & TF_SACK) {
1900 /* Let's remove all SACKs from next's seqno up. */
1901 tcp_remove_sacks_gt(pcb, next->tcphdr->seqno);
1902 }
1903 #endif /* LWIP_TCP_SACK_OUT */
1904 /* too much ooseq data, dump this and everything after it */
1905 tcp_segs_free(next);
1906 if (prev == NULL) {
1907 /* first ooseq segment is too much, dump the whole queue */
1908 pcb->ooseq = NULL;
1909 } else {
1910 /* just dump 'next' and everything after it */
1911 prev->next = NULL;
1912 }
1913 break;
1914 }
1915 }
1916 }
1917 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
1918 #endif /* TCP_QUEUE_OOSEQ */
1919
1920 /* We send the ACK packet after we've (potentially) dealt with SACKs,
1921 so they can be included in the acknowledgment. */
1922 tcp_send_empty_ack(pcb);
1923 }
1924 } else {
1925 /* The incoming segment is not within the window. */
1926 tcp_send_empty_ack(pcb);
1927 }
1928 } else {
1929 /* Segments with length 0 is taken care of here. Segments that
1930 fall out of the window are ACKed. */
1931 if (!TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd - 1)) {
1932 tcp_ack_now(pcb);
1933 }
1934 }
1935 }
1936
1937 static u8_t
1938 tcp_get_next_optbyte(void)
1939 {
1940 u16_t optidx = tcp_optidx++;
1941 if ((tcphdr_opt2 == NULL) || (optidx < tcphdr_opt1len)) {
1942 u8_t *opts = (u8_t *)tcphdr + TCP_HLEN;
1943 return opts[optidx];
1944 } else {
1945 u8_t idx = (u8_t)(optidx - tcphdr_opt1len);
1946 return tcphdr_opt2[idx];
1947 }
1948 }
1949
1950 /**
1951 * Parses the options contained in the incoming segment.
1952 *
1953 * Called from tcp_listen_input() and tcp_process().
1954 * Currently, only the MSS option is supported!
1955 *
1956 * @param pcb the tcp_pcb for which a segment arrived
1957 */
1958 static void
1959 tcp_parseopt(struct tcp_pcb *pcb)
1960 {
1961 u8_t data;
1962 u16_t mss;
1963 #if LWIP_TCP_TIMESTAMPS
1964 u32_t tsval;
1965 #endif
1966
1967 LWIP_ASSERT("tcp_parseopt: invalid pcb", pcb != NULL);
1968
1969 /* Parse the TCP MSS option, if present. */
1970 if (tcphdr_optlen != 0) {
1971 for (tcp_optidx = 0; tcp_optidx < tcphdr_optlen; ) {
1972 u8_t opt = tcp_get_next_optbyte();
1973 switch (opt) {
1974 case LWIP_TCP_OPT_EOL:
1975 /* End of options. */
1976 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: EOL\n"));
1977 return;
1978 case LWIP_TCP_OPT_NOP:
1979 /* NOP option. */
1980 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: NOP\n"));
1981 break;
1982 case LWIP_TCP_OPT_MSS:
1983 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: MSS\n"));
1984 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_MSS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_MSS) > tcphdr_optlen) {
1985 /* Bad length */
1986 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1987 return;
1988 }
1989 /* An MSS option with the right option length. */
1990 mss = (u16_t)(tcp_get_next_optbyte() << 8);
1991 mss |= tcp_get_next_optbyte();
1992 /* Limit the mss to the configured TCP_MSS and prevent division by zero */
1993 pcb->mss = ((mss > TCP_MSS) || (mss == 0)) ? TCP_MSS : mss;
1994 break;
1995 #if LWIP_WND_SCALE
1996 case LWIP_TCP_OPT_WS:
1997 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: WND_SCALE\n"));
1998 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_WS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_WS) > tcphdr_optlen) {
1999 /* Bad length */
2000 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
2001 return;
2002 }
2003 /* An WND_SCALE option with the right option length. */
2004 data = tcp_get_next_optbyte();
2005 /* If syn was received with wnd scale option,
2006 activate wnd scale opt, but only if this is not a retransmission */
2007 if ((flags & TCP_SYN) && !(pcb->flags & TF_WND_SCALE)) {
2008 pcb->snd_scale = data;
2009 if (pcb->snd_scale > 14U) {
2010 pcb->snd_scale = 14U;
2011 }
2012 pcb->rcv_scale = TCP_RCV_SCALE;
2013 tcp_set_flags(pcb, TF_WND_SCALE);
2014 /* window scaling is enabled, we can use the full receive window */
2015 LWIP_ASSERT("window not at default value", pcb->rcv_wnd == TCPWND_MIN16(TCP_WND));
2016 LWIP_ASSERT("window not at default value", pcb->rcv_ann_wnd == TCPWND_MIN16(TCP_WND));
2017 pcb->rcv_wnd = pcb->rcv_ann_wnd = TCP_WND;
2018 }
2019 break;
2020 #endif /* LWIP_WND_SCALE */
2021 #if LWIP_TCP_TIMESTAMPS
2022 case LWIP_TCP_OPT_TS:
2023 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: TS\n"));
2024 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_TS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_TS) > tcphdr_optlen) {
2025 /* Bad length */
2026 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
2027 return;
2028 }
2029 /* TCP timestamp option with valid length */
2030 tsval = tcp_get_next_optbyte();
2031 tsval |= (tcp_get_next_optbyte() << 8);
2032 tsval |= (tcp_get_next_optbyte() << 16);
2033 tsval |= (tcp_get_next_optbyte() << 24);
2034 if (flags & TCP_SYN) {
2035 pcb->ts_recent = lwip_ntohl(tsval);
2036 /* Enable sending timestamps in every segment now that we know
2037 the remote host supports it. */
2038 tcp_set_flags(pcb, TF_TIMESTAMP);
2039 } else if (TCP_SEQ_BETWEEN(pcb->ts_lastacksent, seqno, seqno + tcplen)) {
2040 pcb->ts_recent = lwip_ntohl(tsval);
2041 }
2042 /* Advance to next option (6 bytes already read) */
2043 tcp_optidx += LWIP_TCP_OPT_LEN_TS - 6;
2044 break;
2045 #endif /* LWIP_TCP_TIMESTAMPS */
2046 #if LWIP_TCP_SACK_OUT
2047 case LWIP_TCP_OPT_SACK_PERM:
2048 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: SACK_PERM\n"));
2049 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_SACK_PERM || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_SACK_PERM) > tcphdr_optlen) {
2050 /* Bad length */
2051 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
2052 return;
2053 }
2054 /* TCP SACK_PERM option with valid length */
2055 if (flags & TCP_SYN) {
2056 /* We only set it if we receive it in a SYN (or SYN+ACK) packet */
2057 tcp_set_flags(pcb, TF_SACK);
2058 }
2059 break;
2060 #endif /* LWIP_TCP_SACK_OUT */
2061 default:
2062 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: other\n"));
2063 data = tcp_get_next_optbyte();
2064 if (data < 2) {
2065 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
2066 /* If the length field is zero, the options are malformed
2067 and we don't process them further. */
2068 return;
2069 }
2070 /* All other options have a length field, so that we easily
2071 can skip past them. */
2072 tcp_optidx += data - 2;
2073 }
2074 }
2075 }
2076 }
2077
2078 void
2079 tcp_trigger_input_pcb_close(void)
2080 {
2081 recv_flags |= TF_CLOSED;
2082 }
2083
2084 #if LWIP_TCP_SACK_OUT
2085 /**
2086 * Called by tcp_receive() to add new SACK entry.
2087 *
2088 * The new SACK entry will be placed at the beginning of rcv_sacks[], as the newest one.
2089 * Existing SACK entries will be "pushed back", to preserve their order.
2090 * This is the behavior described in RFC 2018, section 4.
2091 *
2092 * @param pcb the tcp_pcb for which a segment arrived
2093 * @param left the left side of the SACK (the first sequence number)
2094 * @param right the right side of the SACK (the first sequence number past this SACK)
2095 */
2096 static void
2097 tcp_add_sack(struct tcp_pcb *pcb, u32_t left, u32_t right)
2098 {
2099 u8_t i;
2100 u8_t unused_idx;
2101
2102 if ((pcb->flags & TF_SACK) == 0 || !TCP_SEQ_LT(left, right)) {
2103 return;
2104 }
2105
2106 /* First, let's remove all SACKs that are no longer needed (because they overlap with the newest one),
2107 while moving all other SACKs forward.
2108 We run this loop for all entries, until we find the first invalid one.
2109 There is no point checking after that. */
2110 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2111 /* We only want to use SACK at [i] if it doesn't overlap with left:right range.
2112 It does not overlap if its right side is before the newly added SACK,
2113 or if its left side is after the newly added SACK.
2114 NOTE: The equality should not really happen, but it doesn't hurt. */
2115 if (TCP_SEQ_LEQ(pcb->rcv_sacks[i].right, left) || TCP_SEQ_LEQ(right, pcb->rcv_sacks[i].left)) {
2116 if (unused_idx != i) {
2117 /* We don't need to copy if it's already in the right spot */
2118 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2119 }
2120 ++unused_idx;
2121 }
2122 }
2123
2124 /* Now 'unused_idx' is the index of the first invalid SACK entry,
2125 anywhere between 0 (no valid entries) and LWIP_TCP_MAX_SACK_NUM (all entries are valid).
2126 We want to clear this and all following SACKs.
2127 However, we will be adding another one in the front (and shifting everything else back).
2128 So let's just iterate from the back, and set each entry to the one to the left if it's valid,
2129 or to 0 if it is not. */
2130 for (i = LWIP_TCP_MAX_SACK_NUM - 1; i > 0; --i) {
2131 /* [i] is the index we are setting, and the value should be at index [i-1],
2132 or 0 if that index is unused (>= unused_idx). */
2133 if (i - 1 >= unused_idx) {
2134 /* [i-1] is unused. Let's clear [i]. */
2135 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2136 } else {
2137 pcb->rcv_sacks[i] = pcb->rcv_sacks[i - 1];
2138 }
2139 }
2140
2141 /* And now we can store the newest SACK */
2142 pcb->rcv_sacks[0].left = left;
2143 pcb->rcv_sacks[0].right = right;
2144 }
2145
2146 /**
2147 * Called to remove a range of SACKs.
2148 *
2149 * SACK entries will be removed or adjusted to not acknowledge any sequence
2150 * numbers that are less than 'seq' passed. It not only invalidates entries,
2151 * but also moves all entries that are still valid to the beginning.
2152 *
2153 * @param pcb the tcp_pcb to modify
2154 * @param seq the lowest sequence number to keep in SACK entries
2155 */
2156 static void
2157 tcp_remove_sacks_lt(struct tcp_pcb *pcb, u32_t seq)
2158 {
2159 u8_t i;
2160 u8_t unused_idx;
2161
2162 /* We run this loop for all entries, until we find the first invalid one.
2163 There is no point checking after that. */
2164 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2165 /* We only want to use SACK at index [i] if its right side is > 'seq'. */
2166 if (TCP_SEQ_GT(pcb->rcv_sacks[i].right, seq)) {
2167 if (unused_idx != i) {
2168 /* We only copy it if it's not in the right spot already. */
2169 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2170 }
2171 /* NOTE: It is possible that its left side is < 'seq', in which case we should adjust it. */
2172 if (TCP_SEQ_LT(pcb->rcv_sacks[unused_idx].left, seq)) {
2173 pcb->rcv_sacks[unused_idx].left = seq;
2174 }
2175 ++unused_idx;
2176 }
2177 }
2178
2179 /* We also need to invalidate everything from 'unused_idx' till the end */
2180 for (i = unused_idx; i < LWIP_TCP_MAX_SACK_NUM; ++i) {
2181 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2182 }
2183 }
2184
2185 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
2186 /**
2187 * Called to remove a range of SACKs.
2188 *
2189 * SACK entries will be removed or adjusted to not acknowledge any sequence
2190 * numbers that are greater than (or equal to) 'seq' passed. It not only invalidates entries,
2191 * but also moves all entries that are still valid to the beginning.
2192 *
2193 * @param pcb the tcp_pcb to modify
2194 * @param seq the highest sequence number to keep in SACK entries
2195 */
2196 static void
2197 tcp_remove_sacks_gt(struct tcp_pcb *pcb, u32_t seq)
2198 {
2199 u8_t i;
2200 u8_t unused_idx;
2201
2202 /* We run this loop for all entries, until we find the first invalid one.
2203 There is no point checking after that. */
2204 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2205 /* We only want to use SACK at index [i] if its left side is < 'seq'. */
2206 if (TCP_SEQ_LT(pcb->rcv_sacks[i].left, seq)) {
2207 if (unused_idx != i) {
2208 /* We only copy it if it's not in the right spot already. */
2209 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2210 }
2211 /* NOTE: It is possible that its right side is > 'seq', in which case we should adjust it. */
2212 if (TCP_SEQ_GT(pcb->rcv_sacks[unused_idx].right, seq)) {
2213 pcb->rcv_sacks[unused_idx].right = seq;
2214 }
2215 ++unused_idx;
2216 }
2217 }
2218
2219 /* We also need to invalidate everything from 'unused_idx' till the end */
2220 for (i = unused_idx; i < LWIP_TCP_MAX_SACK_NUM; ++i) {
2221 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2222 }
2223 }
2224 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
2225
2226 #endif /* LWIP_TCP_SACK_OUT */
2227
2228 #endif /* LWIP_TCP */
2229