1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * INET An implementation of the TCP/IP protocol suite for the LINUX
4 * operating system. INET is implemented using the BSD Socket
5 * interface as the means of communication with the user level.
6 *
7 * Implementation of the Transmission Control Protocol(TCP).
8 *
9 * Authors: Ross Biro
10 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
11 * Mark Evans, <evansmp@uhura.aston.ac.uk>
12 * Corey Minyard <wf-rch!minyard@relay.EU.net>
13 * Florian La Roche, <flla@stud.uni-sb.de>
14 * Charles Hedrick, <hedrick@klinzhai.rutgers.edu>
15 * Linus Torvalds, <torvalds@cs.helsinki.fi>
16 * Alan Cox, <gw4pts@gw4pts.ampr.org>
17 * Matthew Dillon, <dillon@apollo.west.oic.com>
18 * Arnt Gulbrandsen, <agulbra@nvg.unit.no>
19 * Jorge Cwik, <jorge@laser.satlink.net>
20 */
21
22 /*
23 * Changes: Pedro Roque : Retransmit queue handled by TCP.
24 * : Fragmentation on mtu decrease
25 * : Segment collapse on retransmit
26 * : AF independence
27 *
28 * Linus Torvalds : send_delayed_ack
29 * David S. Miller : Charge memory using the right skb
30 * during syn/ack processing.
31 * David S. Miller : Output engine completely rewritten.
32 * Andrea Arcangeli: SYNACK carry ts_recent in tsecr.
33 * Cacophonix Gaul : draft-minshall-nagle-01
34 * J Hadi Salim : ECN support
35 *
36 */
37
38 #define pr_fmt(fmt) "TCP: " fmt
39
40 #include <net/tcp.h>
41 #include <net/mptcp.h>
42
43 #include <linux/compiler.h>
44 #include <linux/gfp.h>
45 #include <linux/module.h>
46 #include <linux/static_key.h>
47 #ifdef CONFIG_LOWPOWER_PROTOCOL
48 #include <net/lowpower_protocol.h>
49 #endif /* CONFIG_LOWPOWER_PROTOCOL */
50 #include <trace/events/tcp.h>
51
52 /* Refresh clocks of a TCP socket,
53 * ensuring monotically increasing values.
54 */
tcp_mstamp_refresh(struct tcp_sock * tp)55 void tcp_mstamp_refresh(struct tcp_sock *tp)
56 {
57 u64 val = tcp_clock_ns();
58
59 tp->tcp_clock_cache = val;
60 tp->tcp_mstamp = div_u64(val, NSEC_PER_USEC);
61 }
62
63 static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
64 int push_one, gfp_t gfp);
65
66 /* Account for new data that has been sent to the network. */
tcp_event_new_data_sent(struct sock * sk,struct sk_buff * skb)67 static void tcp_event_new_data_sent(struct sock *sk, struct sk_buff *skb)
68 {
69 struct inet_connection_sock *icsk = inet_csk(sk);
70 struct tcp_sock *tp = tcp_sk(sk);
71 unsigned int prior_packets = tp->packets_out;
72
73 WRITE_ONCE(tp->snd_nxt, TCP_SKB_CB(skb)->end_seq);
74
75 __skb_unlink(skb, &sk->sk_write_queue);
76 tcp_rbtree_insert(&sk->tcp_rtx_queue, skb);
77
78 if (tp->highest_sack == NULL)
79 tp->highest_sack = skb;
80
81 tp->packets_out += tcp_skb_pcount(skb);
82 if (!prior_packets || icsk->icsk_pending == ICSK_TIME_LOSS_PROBE)
83 tcp_rearm_rto(sk);
84
85 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPORIGDATASENT,
86 tcp_skb_pcount(skb));
87 tcp_check_space(sk);
88 }
89
90 /* SND.NXT, if window was not shrunk or the amount of shrunk was less than one
91 * window scaling factor due to loss of precision.
92 * If window has been shrunk, what should we make? It is not clear at all.
93 * Using SND.UNA we will fail to open window, SND.NXT is out of window. :-(
94 * Anything in between SND.UNA...SND.UNA+SND.WND also can be already
95 * invalid. OK, let's make this for now:
96 */
tcp_acceptable_seq(const struct sock * sk)97 static inline __u32 tcp_acceptable_seq(const struct sock *sk)
98 {
99 const struct tcp_sock *tp = tcp_sk(sk);
100
101 if (!before(tcp_wnd_end(tp), tp->snd_nxt) ||
102 (tp->rx_opt.wscale_ok &&
103 ((tp->snd_nxt - tcp_wnd_end(tp)) < (1 << tp->rx_opt.rcv_wscale))))
104 return tp->snd_nxt;
105 else
106 return tcp_wnd_end(tp);
107 }
108
109 /* Calculate mss to advertise in SYN segment.
110 * RFC1122, RFC1063, draft-ietf-tcpimpl-pmtud-01 state that:
111 *
112 * 1. It is independent of path mtu.
113 * 2. Ideally, it is maximal possible segment size i.e. 65535-40.
114 * 3. For IPv4 it is reasonable to calculate it from maximal MTU of
115 * attached devices, because some buggy hosts are confused by
116 * large MSS.
117 * 4. We do not make 3, we advertise MSS, calculated from first
118 * hop device mtu, but allow to raise it to ip_rt_min_advmss.
119 * This may be overridden via information stored in routing table.
120 * 5. Value 65535 for MSS is valid in IPv6 and means "as large as possible,
121 * probably even Jumbo".
122 */
tcp_advertise_mss(struct sock * sk)123 static __u16 tcp_advertise_mss(struct sock *sk)
124 {
125 struct tcp_sock *tp = tcp_sk(sk);
126 const struct dst_entry *dst = __sk_dst_get(sk);
127 int mss = tp->advmss;
128
129 if (dst) {
130 unsigned int metric = dst_metric_advmss(dst);
131
132 if (metric < mss) {
133 mss = metric;
134 tp->advmss = mss;
135 }
136 }
137
138 return (__u16)mss;
139 }
140
141 /* RFC2861. Reset CWND after idle period longer RTO to "restart window".
142 * This is the first part of cwnd validation mechanism.
143 */
tcp_cwnd_restart(struct sock * sk,s32 delta)144 void tcp_cwnd_restart(struct sock *sk, s32 delta)
145 {
146 struct tcp_sock *tp = tcp_sk(sk);
147 u32 restart_cwnd = tcp_init_cwnd(tp, __sk_dst_get(sk));
148 u32 cwnd = tp->snd_cwnd;
149
150 tcp_ca_event(sk, CA_EVENT_CWND_RESTART);
151
152 tp->snd_ssthresh = tcp_current_ssthresh(sk);
153 restart_cwnd = min(restart_cwnd, cwnd);
154
155 while ((delta -= inet_csk(sk)->icsk_rto) > 0 && cwnd > restart_cwnd)
156 cwnd >>= 1;
157 tp->snd_cwnd = max(cwnd, restart_cwnd);
158 tp->snd_cwnd_stamp = tcp_jiffies32;
159 tp->snd_cwnd_used = 0;
160 }
161
162 /* Congestion state accounting after a packet has been sent. */
tcp_event_data_sent(struct tcp_sock * tp,struct sock * sk)163 static void tcp_event_data_sent(struct tcp_sock *tp,
164 struct sock *sk)
165 {
166 struct inet_connection_sock *icsk = inet_csk(sk);
167 const u32 now = tcp_jiffies32;
168
169 if (tcp_packets_in_flight(tp) == 0)
170 tcp_ca_event(sk, CA_EVENT_TX_START);
171
172 tp->lsndtime = now;
173
174 /* If it is a reply for ato after last received
175 * packet, enter pingpong mode.
176 */
177 if ((u32)(now - icsk->icsk_ack.lrcvtime) < icsk->icsk_ack.ato)
178 inet_csk_enter_pingpong_mode(sk);
179 }
180
181 /* Account for an ACK we sent. */
tcp_event_ack_sent(struct sock * sk,u32 rcv_nxt)182 static inline void tcp_event_ack_sent(struct sock *sk, u32 rcv_nxt)
183 {
184 struct tcp_sock *tp = tcp_sk(sk);
185
186 if (unlikely(tp->compressed_ack)) {
187 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPACKCOMPRESSED,
188 tp->compressed_ack);
189 tp->compressed_ack = 0;
190 if (hrtimer_try_to_cancel(&tp->compressed_ack_timer) == 1)
191 __sock_put(sk);
192 }
193
194 if (unlikely(rcv_nxt != tp->rcv_nxt))
195 return; /* Special ACK sent by DCTCP to reflect ECN */
196 tcp_dec_quickack_mode(sk);
197 inet_csk_clear_xmit_timer(sk, ICSK_TIME_DACK);
198 }
199
200 /* Determine a window scaling and initial window to offer.
201 * Based on the assumption that the given amount of space
202 * will be offered. Store the results in the tp structure.
203 * NOTE: for smooth operation initial space offering should
204 * be a multiple of mss if possible. We assume here that mss >= 1.
205 * This MUST be enforced by all callers.
206 */
tcp_select_initial_window(const struct sock * sk,int __space,__u32 mss,__u32 * rcv_wnd,__u32 * window_clamp,int wscale_ok,__u8 * rcv_wscale,__u32 init_rcv_wnd)207 void tcp_select_initial_window(const struct sock *sk, int __space, __u32 mss,
208 __u32 *rcv_wnd, __u32 *window_clamp,
209 int wscale_ok, __u8 *rcv_wscale,
210 __u32 init_rcv_wnd)
211 {
212 unsigned int space = (__space < 0 ? 0 : __space);
213
214 /* If no clamp set the clamp to the max possible scaled window */
215 if (*window_clamp == 0)
216 (*window_clamp) = (U16_MAX << TCP_MAX_WSCALE);
217 space = min(*window_clamp, space);
218
219 /* Quantize space offering to a multiple of mss if possible. */
220 if (space > mss)
221 space = rounddown(space, mss);
222
223 /* NOTE: offering an initial window larger than 32767
224 * will break some buggy TCP stacks. If the admin tells us
225 * it is likely we could be speaking with such a buggy stack
226 * we will truncate our initial window offering to 32K-1
227 * unless the remote has sent us a window scaling option,
228 * which we interpret as a sign the remote TCP is not
229 * misinterpreting the window field as a signed quantity.
230 */
231 if (sock_net(sk)->ipv4.sysctl_tcp_workaround_signed_windows)
232 (*rcv_wnd) = min(space, MAX_TCP_WINDOW);
233 else
234 (*rcv_wnd) = min_t(u32, space, U16_MAX);
235
236 if (init_rcv_wnd)
237 *rcv_wnd = min(*rcv_wnd, init_rcv_wnd * mss);
238
239 *rcv_wscale = 0;
240 if (wscale_ok) {
241 /* Set window scaling on max possible window */
242 space = max_t(u32, space, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2]));
243 space = max_t(u32, space, READ_ONCE(sysctl_rmem_max));
244 space = min_t(u32, space, *window_clamp);
245 *rcv_wscale = clamp_t(int, ilog2(space) - 15,
246 0, TCP_MAX_WSCALE);
247 }
248 /* Set the clamp no higher than max representable value */
249 (*window_clamp) = min_t(__u32, U16_MAX << (*rcv_wscale), *window_clamp);
250 }
251 EXPORT_SYMBOL(tcp_select_initial_window);
252
253 /* Chose a new window to advertise, update state in tcp_sock for the
254 * socket, and return result with RFC1323 scaling applied. The return
255 * value can be stuffed directly into th->window for an outgoing
256 * frame.
257 */
tcp_select_window(struct sock * sk)258 static u16 tcp_select_window(struct sock *sk)
259 {
260 struct tcp_sock *tp = tcp_sk(sk);
261 u32 old_win = tp->rcv_wnd;
262 u32 cur_win = tcp_receive_window(tp);
263 u32 new_win = __tcp_select_window(sk);
264
265 /* Never shrink the offered window */
266 if (new_win < cur_win) {
267 /* Danger Will Robinson!
268 * Don't update rcv_wup/rcv_wnd here or else
269 * we will not be able to advertise a zero
270 * window in time. --DaveM
271 *
272 * Relax Will Robinson.
273 */
274 if (new_win == 0)
275 NET_INC_STATS(sock_net(sk),
276 LINUX_MIB_TCPWANTZEROWINDOWADV);
277 new_win = ALIGN(cur_win, 1 << tp->rx_opt.rcv_wscale);
278 }
279 tp->rcv_wnd = new_win;
280 tp->rcv_wup = tp->rcv_nxt;
281
282 /* Make sure we do not exceed the maximum possible
283 * scaled window.
284 */
285 if (!tp->rx_opt.rcv_wscale &&
286 sock_net(sk)->ipv4.sysctl_tcp_workaround_signed_windows)
287 new_win = min(new_win, MAX_TCP_WINDOW);
288 else
289 new_win = min(new_win, (65535U << tp->rx_opt.rcv_wscale));
290
291 /* RFC1323 scaling applied */
292 new_win >>= tp->rx_opt.rcv_wscale;
293
294 /* If we advertise zero window, disable fast path. */
295 if (new_win == 0) {
296 tp->pred_flags = 0;
297 if (old_win)
298 NET_INC_STATS(sock_net(sk),
299 LINUX_MIB_TCPTOZEROWINDOWADV);
300 } else if (old_win == 0) {
301 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPFROMZEROWINDOWADV);
302 }
303
304 return new_win;
305 }
306
307 /* Packet ECN state for a SYN-ACK */
tcp_ecn_send_synack(struct sock * sk,struct sk_buff * skb)308 static void tcp_ecn_send_synack(struct sock *sk, struct sk_buff *skb)
309 {
310 const struct tcp_sock *tp = tcp_sk(sk);
311
312 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_CWR;
313 if (!(tp->ecn_flags & TCP_ECN_OK))
314 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_ECE;
315 else if (tcp_ca_needs_ecn(sk) ||
316 tcp_bpf_ca_needs_ecn(sk))
317 INET_ECN_xmit(sk);
318 }
319
320 /* Packet ECN state for a SYN. */
tcp_ecn_send_syn(struct sock * sk,struct sk_buff * skb)321 static void tcp_ecn_send_syn(struct sock *sk, struct sk_buff *skb)
322 {
323 struct tcp_sock *tp = tcp_sk(sk);
324 bool bpf_needs_ecn = tcp_bpf_ca_needs_ecn(sk);
325 bool use_ecn = sock_net(sk)->ipv4.sysctl_tcp_ecn == 1 ||
326 tcp_ca_needs_ecn(sk) || bpf_needs_ecn;
327
328 if (!use_ecn) {
329 const struct dst_entry *dst = __sk_dst_get(sk);
330
331 if (dst && dst_feature(dst, RTAX_FEATURE_ECN))
332 use_ecn = true;
333 }
334
335 tp->ecn_flags = 0;
336
337 if (use_ecn) {
338 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_ECE | TCPHDR_CWR;
339 tp->ecn_flags = TCP_ECN_OK;
340 if (tcp_ca_needs_ecn(sk) || bpf_needs_ecn)
341 INET_ECN_xmit(sk);
342 }
343 }
344
tcp_ecn_clear_syn(struct sock * sk,struct sk_buff * skb)345 static void tcp_ecn_clear_syn(struct sock *sk, struct sk_buff *skb)
346 {
347 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_ecn_fallback))
348 /* tp->ecn_flags are cleared at a later point in time when
349 * SYN ACK is ultimatively being received.
350 */
351 TCP_SKB_CB(skb)->tcp_flags &= ~(TCPHDR_ECE | TCPHDR_CWR);
352 }
353
354 static void
tcp_ecn_make_synack(const struct request_sock * req,struct tcphdr * th)355 tcp_ecn_make_synack(const struct request_sock *req, struct tcphdr *th)
356 {
357 if (inet_rsk(req)->ecn_ok)
358 th->ece = 1;
359 }
360
361 /* Set up ECN state for a packet on a ESTABLISHED socket that is about to
362 * be sent.
363 */
tcp_ecn_send(struct sock * sk,struct sk_buff * skb,struct tcphdr * th,int tcp_header_len)364 static void tcp_ecn_send(struct sock *sk, struct sk_buff *skb,
365 struct tcphdr *th, int tcp_header_len)
366 {
367 struct tcp_sock *tp = tcp_sk(sk);
368
369 if (tp->ecn_flags & TCP_ECN_OK) {
370 /* Not-retransmitted data segment: set ECT and inject CWR. */
371 if (skb->len != tcp_header_len &&
372 !before(TCP_SKB_CB(skb)->seq, tp->snd_nxt)) {
373 INET_ECN_xmit(sk);
374 if (tp->ecn_flags & TCP_ECN_QUEUE_CWR) {
375 tp->ecn_flags &= ~TCP_ECN_QUEUE_CWR;
376 th->cwr = 1;
377 skb_shinfo(skb)->gso_type |= SKB_GSO_TCP_ECN;
378 }
379 } else if (!tcp_ca_needs_ecn(sk)) {
380 /* ACK or retransmitted segment: clear ECT|CE */
381 INET_ECN_dontxmit(sk);
382 }
383 if (tp->ecn_flags & TCP_ECN_DEMAND_CWR)
384 th->ece = 1;
385 }
386 }
387
388 /* Constructs common control bits of non-data skb. If SYN/FIN is present,
389 * auto increment end seqno.
390 */
tcp_init_nondata_skb(struct sk_buff * skb,u32 seq,u8 flags)391 static void tcp_init_nondata_skb(struct sk_buff *skb, u32 seq, u8 flags)
392 {
393 skb->ip_summed = CHECKSUM_PARTIAL;
394
395 TCP_SKB_CB(skb)->tcp_flags = flags;
396 TCP_SKB_CB(skb)->sacked = 0;
397
398 tcp_skb_pcount_set(skb, 1);
399
400 TCP_SKB_CB(skb)->seq = seq;
401 if (flags & (TCPHDR_SYN | TCPHDR_FIN))
402 seq++;
403 TCP_SKB_CB(skb)->end_seq = seq;
404 }
405
tcp_urg_mode(const struct tcp_sock * tp)406 static inline bool tcp_urg_mode(const struct tcp_sock *tp)
407 {
408 return tp->snd_una != tp->snd_up;
409 }
410
411 #define OPTION_SACK_ADVERTISE (1 << 0)
412 #define OPTION_TS (1 << 1)
413 #define OPTION_MD5 (1 << 2)
414 #define OPTION_WSCALE (1 << 3)
415 #define OPTION_FAST_OPEN_COOKIE (1 << 8)
416 #define OPTION_SMC (1 << 9)
417 #define OPTION_MPTCP (1 << 10)
418
smc_options_write(__be32 * ptr,u16 * options)419 static void smc_options_write(__be32 *ptr, u16 *options)
420 {
421 #if IS_ENABLED(CONFIG_SMC)
422 if (static_branch_unlikely(&tcp_have_smc)) {
423 if (unlikely(OPTION_SMC & *options)) {
424 *ptr++ = htonl((TCPOPT_NOP << 24) |
425 (TCPOPT_NOP << 16) |
426 (TCPOPT_EXP << 8) |
427 (TCPOLEN_EXP_SMC_BASE));
428 *ptr++ = htonl(TCPOPT_SMC_MAGIC);
429 }
430 }
431 #endif
432 }
433
434 struct tcp_out_options {
435 u16 options; /* bit field of OPTION_* */
436 u16 mss; /* 0 to disable */
437 u8 ws; /* window scale, 0 to disable */
438 u8 num_sack_blocks; /* number of SACK blocks to include */
439 u8 hash_size; /* bytes in hash_location */
440 u8 bpf_opt_len; /* length of BPF hdr option */
441 __u8 *hash_location; /* temporary pointer, overloaded */
442 __u32 tsval, tsecr; /* need to include OPTION_TS */
443 struct tcp_fastopen_cookie *fastopen_cookie; /* Fast open cookie */
444 struct mptcp_out_options mptcp;
445 };
446
mptcp_options_write(__be32 * ptr,struct tcp_out_options * opts)447 static void mptcp_options_write(__be32 *ptr, struct tcp_out_options *opts)
448 {
449 #if IS_ENABLED(CONFIG_MPTCP)
450 if (unlikely(OPTION_MPTCP & opts->options))
451 mptcp_write_options(ptr, &opts->mptcp);
452 #endif
453 }
454
455 #ifdef CONFIG_CGROUP_BPF
bpf_skops_write_hdr_opt_arg0(struct sk_buff * skb,enum tcp_synack_type synack_type)456 static int bpf_skops_write_hdr_opt_arg0(struct sk_buff *skb,
457 enum tcp_synack_type synack_type)
458 {
459 if (unlikely(!skb))
460 return BPF_WRITE_HDR_TCP_CURRENT_MSS;
461
462 if (unlikely(synack_type == TCP_SYNACK_COOKIE))
463 return BPF_WRITE_HDR_TCP_SYNACK_COOKIE;
464
465 return 0;
466 }
467
468 /* req, syn_skb and synack_type are used when writing synack */
bpf_skops_hdr_opt_len(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct sk_buff * syn_skb,enum tcp_synack_type synack_type,struct tcp_out_options * opts,unsigned int * remaining)469 static void bpf_skops_hdr_opt_len(struct sock *sk, struct sk_buff *skb,
470 struct request_sock *req,
471 struct sk_buff *syn_skb,
472 enum tcp_synack_type synack_type,
473 struct tcp_out_options *opts,
474 unsigned int *remaining)
475 {
476 struct bpf_sock_ops_kern sock_ops;
477 int err;
478
479 if (likely(!BPF_SOCK_OPS_TEST_FLAG(tcp_sk(sk),
480 BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG)) ||
481 !*remaining)
482 return;
483
484 /* *remaining has already been aligned to 4 bytes, so *remaining >= 4 */
485
486 /* init sock_ops */
487 memset(&sock_ops, 0, offsetof(struct bpf_sock_ops_kern, temp));
488
489 sock_ops.op = BPF_SOCK_OPS_HDR_OPT_LEN_CB;
490
491 if (req) {
492 /* The listen "sk" cannot be passed here because
493 * it is not locked. It would not make too much
494 * sense to do bpf_setsockopt(listen_sk) based
495 * on individual connection request also.
496 *
497 * Thus, "req" is passed here and the cgroup-bpf-progs
498 * of the listen "sk" will be run.
499 *
500 * "req" is also used here for fastopen even the "sk" here is
501 * a fullsock "child" sk. It is to keep the behavior
502 * consistent between fastopen and non-fastopen on
503 * the bpf programming side.
504 */
505 sock_ops.sk = (struct sock *)req;
506 sock_ops.syn_skb = syn_skb;
507 } else {
508 sock_owned_by_me(sk);
509
510 sock_ops.is_fullsock = 1;
511 sock_ops.sk = sk;
512 }
513
514 sock_ops.args[0] = bpf_skops_write_hdr_opt_arg0(skb, synack_type);
515 sock_ops.remaining_opt_len = *remaining;
516 /* tcp_current_mss() does not pass a skb */
517 if (skb)
518 bpf_skops_init_skb(&sock_ops, skb, 0);
519
520 err = BPF_CGROUP_RUN_PROG_SOCK_OPS_SK(&sock_ops, sk);
521
522 if (err || sock_ops.remaining_opt_len == *remaining)
523 return;
524
525 opts->bpf_opt_len = *remaining - sock_ops.remaining_opt_len;
526 /* round up to 4 bytes */
527 opts->bpf_opt_len = (opts->bpf_opt_len + 3) & ~3;
528
529 *remaining -= opts->bpf_opt_len;
530 }
531
bpf_skops_write_hdr_opt(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct sk_buff * syn_skb,enum tcp_synack_type synack_type,struct tcp_out_options * opts)532 static void bpf_skops_write_hdr_opt(struct sock *sk, struct sk_buff *skb,
533 struct request_sock *req,
534 struct sk_buff *syn_skb,
535 enum tcp_synack_type synack_type,
536 struct tcp_out_options *opts)
537 {
538 u8 first_opt_off, nr_written, max_opt_len = opts->bpf_opt_len;
539 struct bpf_sock_ops_kern sock_ops;
540 int err;
541
542 if (likely(!max_opt_len))
543 return;
544
545 memset(&sock_ops, 0, offsetof(struct bpf_sock_ops_kern, temp));
546
547 sock_ops.op = BPF_SOCK_OPS_WRITE_HDR_OPT_CB;
548
549 if (req) {
550 sock_ops.sk = (struct sock *)req;
551 sock_ops.syn_skb = syn_skb;
552 } else {
553 sock_owned_by_me(sk);
554
555 sock_ops.is_fullsock = 1;
556 sock_ops.sk = sk;
557 }
558
559 sock_ops.args[0] = bpf_skops_write_hdr_opt_arg0(skb, synack_type);
560 sock_ops.remaining_opt_len = max_opt_len;
561 first_opt_off = tcp_hdrlen(skb) - max_opt_len;
562 bpf_skops_init_skb(&sock_ops, skb, first_opt_off);
563
564 err = BPF_CGROUP_RUN_PROG_SOCK_OPS_SK(&sock_ops, sk);
565
566 if (err)
567 nr_written = 0;
568 else
569 nr_written = max_opt_len - sock_ops.remaining_opt_len;
570
571 if (nr_written < max_opt_len)
572 memset(skb->data + first_opt_off + nr_written, TCPOPT_NOP,
573 max_opt_len - nr_written);
574 }
575 #else
bpf_skops_hdr_opt_len(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct sk_buff * syn_skb,enum tcp_synack_type synack_type,struct tcp_out_options * opts,unsigned int * remaining)576 static void bpf_skops_hdr_opt_len(struct sock *sk, struct sk_buff *skb,
577 struct request_sock *req,
578 struct sk_buff *syn_skb,
579 enum tcp_synack_type synack_type,
580 struct tcp_out_options *opts,
581 unsigned int *remaining)
582 {
583 }
584
bpf_skops_write_hdr_opt(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct sk_buff * syn_skb,enum tcp_synack_type synack_type,struct tcp_out_options * opts)585 static void bpf_skops_write_hdr_opt(struct sock *sk, struct sk_buff *skb,
586 struct request_sock *req,
587 struct sk_buff *syn_skb,
588 enum tcp_synack_type synack_type,
589 struct tcp_out_options *opts)
590 {
591 }
592 #endif
593
594 /* Write previously computed TCP options to the packet.
595 *
596 * Beware: Something in the Internet is very sensitive to the ordering of
597 * TCP options, we learned this through the hard way, so be careful here.
598 * Luckily we can at least blame others for their non-compliance but from
599 * inter-operability perspective it seems that we're somewhat stuck with
600 * the ordering which we have been using if we want to keep working with
601 * those broken things (not that it currently hurts anybody as there isn't
602 * particular reason why the ordering would need to be changed).
603 *
604 * At least SACK_PERM as the first option is known to lead to a disaster
605 * (but it may well be that other scenarios fail similarly).
606 */
tcp_options_write(__be32 * ptr,struct tcp_sock * tp,struct tcp_out_options * opts)607 static void tcp_options_write(__be32 *ptr, struct tcp_sock *tp,
608 struct tcp_out_options *opts)
609 {
610 u16 options = opts->options; /* mungable copy */
611
612 if (unlikely(OPTION_MD5 & options)) {
613 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
614 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
615 /* overload cookie hash location */
616 opts->hash_location = (__u8 *)ptr;
617 ptr += 4;
618 }
619
620 if (unlikely(opts->mss)) {
621 *ptr++ = htonl((TCPOPT_MSS << 24) |
622 (TCPOLEN_MSS << 16) |
623 opts->mss);
624 }
625
626 if (likely(OPTION_TS & options)) {
627 if (unlikely(OPTION_SACK_ADVERTISE & options)) {
628 *ptr++ = htonl((TCPOPT_SACK_PERM << 24) |
629 (TCPOLEN_SACK_PERM << 16) |
630 (TCPOPT_TIMESTAMP << 8) |
631 TCPOLEN_TIMESTAMP);
632 options &= ~OPTION_SACK_ADVERTISE;
633 } else {
634 *ptr++ = htonl((TCPOPT_NOP << 24) |
635 (TCPOPT_NOP << 16) |
636 (TCPOPT_TIMESTAMP << 8) |
637 TCPOLEN_TIMESTAMP);
638 }
639 *ptr++ = htonl(opts->tsval);
640 *ptr++ = htonl(opts->tsecr);
641 }
642
643 if (unlikely(OPTION_SACK_ADVERTISE & options)) {
644 *ptr++ = htonl((TCPOPT_NOP << 24) |
645 (TCPOPT_NOP << 16) |
646 (TCPOPT_SACK_PERM << 8) |
647 TCPOLEN_SACK_PERM);
648 }
649
650 if (unlikely(OPTION_WSCALE & options)) {
651 *ptr++ = htonl((TCPOPT_NOP << 24) |
652 (TCPOPT_WINDOW << 16) |
653 (TCPOLEN_WINDOW << 8) |
654 opts->ws);
655 }
656
657 if (unlikely(opts->num_sack_blocks)) {
658 struct tcp_sack_block *sp = tp->rx_opt.dsack ?
659 tp->duplicate_sack : tp->selective_acks;
660 int this_sack;
661
662 *ptr++ = htonl((TCPOPT_NOP << 24) |
663 (TCPOPT_NOP << 16) |
664 (TCPOPT_SACK << 8) |
665 (TCPOLEN_SACK_BASE + (opts->num_sack_blocks *
666 TCPOLEN_SACK_PERBLOCK)));
667
668 for (this_sack = 0; this_sack < opts->num_sack_blocks;
669 ++this_sack) {
670 *ptr++ = htonl(sp[this_sack].start_seq);
671 *ptr++ = htonl(sp[this_sack].end_seq);
672 }
673
674 tp->rx_opt.dsack = 0;
675 }
676
677 if (unlikely(OPTION_FAST_OPEN_COOKIE & options)) {
678 struct tcp_fastopen_cookie *foc = opts->fastopen_cookie;
679 u8 *p = (u8 *)ptr;
680 u32 len; /* Fast Open option length */
681
682 if (foc->exp) {
683 len = TCPOLEN_EXP_FASTOPEN_BASE + foc->len;
684 *ptr = htonl((TCPOPT_EXP << 24) | (len << 16) |
685 TCPOPT_FASTOPEN_MAGIC);
686 p += TCPOLEN_EXP_FASTOPEN_BASE;
687 } else {
688 len = TCPOLEN_FASTOPEN_BASE + foc->len;
689 *p++ = TCPOPT_FASTOPEN;
690 *p++ = len;
691 }
692
693 memcpy(p, foc->val, foc->len);
694 if ((len & 3) == 2) {
695 p[foc->len] = TCPOPT_NOP;
696 p[foc->len + 1] = TCPOPT_NOP;
697 }
698 ptr += (len + 3) >> 2;
699 }
700
701 smc_options_write(ptr, &options);
702
703 mptcp_options_write(ptr, opts);
704 }
705
smc_set_option(const struct tcp_sock * tp,struct tcp_out_options * opts,unsigned int * remaining)706 static void smc_set_option(const struct tcp_sock *tp,
707 struct tcp_out_options *opts,
708 unsigned int *remaining)
709 {
710 #if IS_ENABLED(CONFIG_SMC)
711 if (static_branch_unlikely(&tcp_have_smc)) {
712 if (tp->syn_smc) {
713 if (*remaining >= TCPOLEN_EXP_SMC_BASE_ALIGNED) {
714 opts->options |= OPTION_SMC;
715 *remaining -= TCPOLEN_EXP_SMC_BASE_ALIGNED;
716 }
717 }
718 }
719 #endif
720 }
721
smc_set_option_cond(const struct tcp_sock * tp,const struct inet_request_sock * ireq,struct tcp_out_options * opts,unsigned int * remaining)722 static void smc_set_option_cond(const struct tcp_sock *tp,
723 const struct inet_request_sock *ireq,
724 struct tcp_out_options *opts,
725 unsigned int *remaining)
726 {
727 #if IS_ENABLED(CONFIG_SMC)
728 if (static_branch_unlikely(&tcp_have_smc)) {
729 if (tp->syn_smc && ireq->smc_ok) {
730 if (*remaining >= TCPOLEN_EXP_SMC_BASE_ALIGNED) {
731 opts->options |= OPTION_SMC;
732 *remaining -= TCPOLEN_EXP_SMC_BASE_ALIGNED;
733 }
734 }
735 }
736 #endif
737 }
738
mptcp_set_option_cond(const struct request_sock * req,struct tcp_out_options * opts,unsigned int * remaining)739 static void mptcp_set_option_cond(const struct request_sock *req,
740 struct tcp_out_options *opts,
741 unsigned int *remaining)
742 {
743 if (rsk_is_mptcp(req)) {
744 unsigned int size;
745
746 if (mptcp_synack_options(req, &size, &opts->mptcp)) {
747 if (*remaining >= size) {
748 opts->options |= OPTION_MPTCP;
749 *remaining -= size;
750 }
751 }
752 }
753 }
754
755 /* Compute TCP options for SYN packets. This is not the final
756 * network wire format yet.
757 */
tcp_syn_options(struct sock * sk,struct sk_buff * skb,struct tcp_out_options * opts,struct tcp_md5sig_key ** md5)758 static unsigned int tcp_syn_options(struct sock *sk, struct sk_buff *skb,
759 struct tcp_out_options *opts,
760 struct tcp_md5sig_key **md5)
761 {
762 struct tcp_sock *tp = tcp_sk(sk);
763 unsigned int remaining = MAX_TCP_OPTION_SPACE;
764 struct tcp_fastopen_request *fastopen = tp->fastopen_req;
765
766 *md5 = NULL;
767 #ifdef CONFIG_TCP_MD5SIG
768 if (static_branch_unlikely(&tcp_md5_needed) &&
769 rcu_access_pointer(tp->md5sig_info)) {
770 *md5 = tp->af_specific->md5_lookup(sk, sk);
771 if (*md5) {
772 opts->options |= OPTION_MD5;
773 remaining -= TCPOLEN_MD5SIG_ALIGNED;
774 }
775 }
776 #endif
777
778 /* We always get an MSS option. The option bytes which will be seen in
779 * normal data packets should timestamps be used, must be in the MSS
780 * advertised. But we subtract them from tp->mss_cache so that
781 * calculations in tcp_sendmsg are simpler etc. So account for this
782 * fact here if necessary. If we don't do this correctly, as a
783 * receiver we won't recognize data packets as being full sized when we
784 * should, and thus we won't abide by the delayed ACK rules correctly.
785 * SACKs don't matter, we never delay an ACK when we have any of those
786 * going out. */
787 opts->mss = tcp_advertise_mss(sk);
788 remaining -= TCPOLEN_MSS_ALIGNED;
789
790 if (likely(READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_timestamps) && !*md5)) {
791 opts->options |= OPTION_TS;
792 opts->tsval = tcp_skb_timestamp(skb) + tp->tsoffset;
793 opts->tsecr = tp->rx_opt.ts_recent;
794 remaining -= TCPOLEN_TSTAMP_ALIGNED;
795 }
796 if (likely(READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_window_scaling))) {
797 opts->ws = tp->rx_opt.rcv_wscale;
798 opts->options |= OPTION_WSCALE;
799 remaining -= TCPOLEN_WSCALE_ALIGNED;
800 }
801 if (likely(READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_sack))) {
802 opts->options |= OPTION_SACK_ADVERTISE;
803 if (unlikely(!(OPTION_TS & opts->options)))
804 remaining -= TCPOLEN_SACKPERM_ALIGNED;
805 }
806
807 if (fastopen && fastopen->cookie.len >= 0) {
808 u32 need = fastopen->cookie.len;
809
810 need += fastopen->cookie.exp ? TCPOLEN_EXP_FASTOPEN_BASE :
811 TCPOLEN_FASTOPEN_BASE;
812 need = (need + 3) & ~3U; /* Align to 32 bits */
813 if (remaining >= need) {
814 opts->options |= OPTION_FAST_OPEN_COOKIE;
815 opts->fastopen_cookie = &fastopen->cookie;
816 remaining -= need;
817 tp->syn_fastopen = 1;
818 tp->syn_fastopen_exp = fastopen->cookie.exp ? 1 : 0;
819 }
820 }
821
822 smc_set_option(tp, opts, &remaining);
823
824 if (sk_is_mptcp(sk)) {
825 unsigned int size;
826
827 if (mptcp_syn_options(sk, skb, &size, &opts->mptcp)) {
828 opts->options |= OPTION_MPTCP;
829 remaining -= size;
830 }
831 }
832
833 bpf_skops_hdr_opt_len(sk, skb, NULL, NULL, 0, opts, &remaining);
834
835 return MAX_TCP_OPTION_SPACE - remaining;
836 }
837
838 /* Set up TCP options for SYN-ACKs. */
tcp_synack_options(const struct sock * sk,struct request_sock * req,unsigned int mss,struct sk_buff * skb,struct tcp_out_options * opts,const struct tcp_md5sig_key * md5,struct tcp_fastopen_cookie * foc,enum tcp_synack_type synack_type,struct sk_buff * syn_skb)839 static unsigned int tcp_synack_options(const struct sock *sk,
840 struct request_sock *req,
841 unsigned int mss, struct sk_buff *skb,
842 struct tcp_out_options *opts,
843 const struct tcp_md5sig_key *md5,
844 struct tcp_fastopen_cookie *foc,
845 enum tcp_synack_type synack_type,
846 struct sk_buff *syn_skb)
847 {
848 struct inet_request_sock *ireq = inet_rsk(req);
849 unsigned int remaining = MAX_TCP_OPTION_SPACE;
850
851 #ifdef CONFIG_TCP_MD5SIG
852 if (md5) {
853 opts->options |= OPTION_MD5;
854 remaining -= TCPOLEN_MD5SIG_ALIGNED;
855
856 /* We can't fit any SACK blocks in a packet with MD5 + TS
857 * options. There was discussion about disabling SACK
858 * rather than TS in order to fit in better with old,
859 * buggy kernels, but that was deemed to be unnecessary.
860 */
861 if (synack_type != TCP_SYNACK_COOKIE)
862 ireq->tstamp_ok &= !ireq->sack_ok;
863 }
864 #endif
865
866 /* We always send an MSS option. */
867 opts->mss = mss;
868 remaining -= TCPOLEN_MSS_ALIGNED;
869
870 if (likely(ireq->wscale_ok)) {
871 opts->ws = ireq->rcv_wscale;
872 opts->options |= OPTION_WSCALE;
873 remaining -= TCPOLEN_WSCALE_ALIGNED;
874 }
875 if (likely(ireq->tstamp_ok)) {
876 opts->options |= OPTION_TS;
877 opts->tsval = tcp_skb_timestamp(skb) + tcp_rsk(req)->ts_off;
878 opts->tsecr = READ_ONCE(req->ts_recent);
879 remaining -= TCPOLEN_TSTAMP_ALIGNED;
880 }
881 if (likely(ireq->sack_ok)) {
882 opts->options |= OPTION_SACK_ADVERTISE;
883 if (unlikely(!ireq->tstamp_ok))
884 remaining -= TCPOLEN_SACKPERM_ALIGNED;
885 }
886 if (foc != NULL && foc->len >= 0) {
887 u32 need = foc->len;
888
889 need += foc->exp ? TCPOLEN_EXP_FASTOPEN_BASE :
890 TCPOLEN_FASTOPEN_BASE;
891 need = (need + 3) & ~3U; /* Align to 32 bits */
892 if (remaining >= need) {
893 opts->options |= OPTION_FAST_OPEN_COOKIE;
894 opts->fastopen_cookie = foc;
895 remaining -= need;
896 }
897 }
898
899 mptcp_set_option_cond(req, opts, &remaining);
900
901 smc_set_option_cond(tcp_sk(sk), ireq, opts, &remaining);
902
903 bpf_skops_hdr_opt_len((struct sock *)sk, skb, req, syn_skb,
904 synack_type, opts, &remaining);
905
906 return MAX_TCP_OPTION_SPACE - remaining;
907 }
908
909 /* Compute TCP options for ESTABLISHED sockets. This is not the
910 * final wire format yet.
911 */
tcp_established_options(struct sock * sk,struct sk_buff * skb,struct tcp_out_options * opts,struct tcp_md5sig_key ** md5)912 static unsigned int tcp_established_options(struct sock *sk, struct sk_buff *skb,
913 struct tcp_out_options *opts,
914 struct tcp_md5sig_key **md5)
915 {
916 struct tcp_sock *tp = tcp_sk(sk);
917 unsigned int size = 0;
918 unsigned int eff_sacks;
919
920 opts->options = 0;
921
922 *md5 = NULL;
923 #ifdef CONFIG_TCP_MD5SIG
924 if (static_branch_unlikely(&tcp_md5_needed) &&
925 rcu_access_pointer(tp->md5sig_info)) {
926 *md5 = tp->af_specific->md5_lookup(sk, sk);
927 if (*md5) {
928 opts->options |= OPTION_MD5;
929 size += TCPOLEN_MD5SIG_ALIGNED;
930 }
931 }
932 #endif
933
934 if (likely(tp->rx_opt.tstamp_ok)) {
935 opts->options |= OPTION_TS;
936 opts->tsval = skb ? tcp_skb_timestamp(skb) + tp->tsoffset : 0;
937 opts->tsecr = tp->rx_opt.ts_recent;
938 size += TCPOLEN_TSTAMP_ALIGNED;
939 }
940
941 /* MPTCP options have precedence over SACK for the limited TCP
942 * option space because a MPTCP connection would be forced to
943 * fall back to regular TCP if a required multipath option is
944 * missing. SACK still gets a chance to use whatever space is
945 * left.
946 */
947 if (sk_is_mptcp(sk)) {
948 unsigned int remaining = MAX_TCP_OPTION_SPACE - size;
949 unsigned int opt_size = 0;
950
951 if (mptcp_established_options(sk, skb, &opt_size, remaining,
952 &opts->mptcp)) {
953 opts->options |= OPTION_MPTCP;
954 size += opt_size;
955 }
956 }
957
958 eff_sacks = tp->rx_opt.num_sacks + tp->rx_opt.dsack;
959 if (unlikely(eff_sacks)) {
960 const unsigned int remaining = MAX_TCP_OPTION_SPACE - size;
961 if (unlikely(remaining < TCPOLEN_SACK_BASE_ALIGNED +
962 TCPOLEN_SACK_PERBLOCK))
963 return size;
964
965 opts->num_sack_blocks =
966 min_t(unsigned int, eff_sacks,
967 (remaining - TCPOLEN_SACK_BASE_ALIGNED) /
968 TCPOLEN_SACK_PERBLOCK);
969
970 size += TCPOLEN_SACK_BASE_ALIGNED +
971 opts->num_sack_blocks * TCPOLEN_SACK_PERBLOCK;
972 }
973
974 if (unlikely(BPF_SOCK_OPS_TEST_FLAG(tp,
975 BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG))) {
976 unsigned int remaining = MAX_TCP_OPTION_SPACE - size;
977
978 bpf_skops_hdr_opt_len(sk, skb, NULL, NULL, 0, opts, &remaining);
979
980 size = MAX_TCP_OPTION_SPACE - remaining;
981 }
982
983 return size;
984 }
985
986
987 /* TCP SMALL QUEUES (TSQ)
988 *
989 * TSQ goal is to keep small amount of skbs per tcp flow in tx queues (qdisc+dev)
990 * to reduce RTT and bufferbloat.
991 * We do this using a special skb destructor (tcp_wfree).
992 *
993 * Its important tcp_wfree() can be replaced by sock_wfree() in the event skb
994 * needs to be reallocated in a driver.
995 * The invariant being skb->truesize subtracted from sk->sk_wmem_alloc
996 *
997 * Since transmit from skb destructor is forbidden, we use a tasklet
998 * to process all sockets that eventually need to send more skbs.
999 * We use one tasklet per cpu, with its own queue of sockets.
1000 */
1001 struct tsq_tasklet {
1002 struct tasklet_struct tasklet;
1003 struct list_head head; /* queue of tcp sockets */
1004 };
1005 static DEFINE_PER_CPU(struct tsq_tasklet, tsq_tasklet);
1006
tcp_tsq_write(struct sock * sk)1007 static void tcp_tsq_write(struct sock *sk)
1008 {
1009 if ((1 << sk->sk_state) &
1010 (TCPF_ESTABLISHED | TCPF_FIN_WAIT1 | TCPF_CLOSING |
1011 TCPF_CLOSE_WAIT | TCPF_LAST_ACK)) {
1012 struct tcp_sock *tp = tcp_sk(sk);
1013
1014 if (tp->lost_out > tp->retrans_out &&
1015 tp->snd_cwnd > tcp_packets_in_flight(tp)) {
1016 tcp_mstamp_refresh(tp);
1017 tcp_xmit_retransmit_queue(sk);
1018 }
1019
1020 tcp_write_xmit(sk, tcp_current_mss(sk), tp->nonagle,
1021 0, GFP_ATOMIC);
1022 }
1023 }
1024
tcp_tsq_handler(struct sock * sk)1025 static void tcp_tsq_handler(struct sock *sk)
1026 {
1027 bh_lock_sock(sk);
1028 if (!sock_owned_by_user(sk))
1029 tcp_tsq_write(sk);
1030 else if (!test_and_set_bit(TCP_TSQ_DEFERRED, &sk->sk_tsq_flags))
1031 sock_hold(sk);
1032 bh_unlock_sock(sk);
1033 }
1034 /*
1035 * One tasklet per cpu tries to send more skbs.
1036 * We run in tasklet context but need to disable irqs when
1037 * transferring tsq->head because tcp_wfree() might
1038 * interrupt us (non NAPI drivers)
1039 */
tcp_tasklet_func(unsigned long data)1040 static void tcp_tasklet_func(unsigned long data)
1041 {
1042 struct tsq_tasklet *tsq = (struct tsq_tasklet *)data;
1043 LIST_HEAD(list);
1044 unsigned long flags;
1045 struct list_head *q, *n;
1046 struct tcp_sock *tp;
1047 struct sock *sk;
1048
1049 local_irq_save(flags);
1050 list_splice_init(&tsq->head, &list);
1051 local_irq_restore(flags);
1052
1053 list_for_each_safe(q, n, &list) {
1054 tp = list_entry(q, struct tcp_sock, tsq_node);
1055 list_del(&tp->tsq_node);
1056
1057 sk = (struct sock *)tp;
1058 smp_mb__before_atomic();
1059 clear_bit(TSQ_QUEUED, &sk->sk_tsq_flags);
1060
1061 tcp_tsq_handler(sk);
1062 sk_free(sk);
1063 }
1064 }
1065
1066 #define TCP_DEFERRED_ALL (TCPF_TSQ_DEFERRED | \
1067 TCPF_WRITE_TIMER_DEFERRED | \
1068 TCPF_DELACK_TIMER_DEFERRED | \
1069 TCPF_MTU_REDUCED_DEFERRED)
1070 /**
1071 * tcp_release_cb - tcp release_sock() callback
1072 * @sk: socket
1073 *
1074 * called from release_sock() to perform protocol dependent
1075 * actions before socket release.
1076 */
tcp_release_cb(struct sock * sk)1077 void tcp_release_cb(struct sock *sk)
1078 {
1079 unsigned long flags, nflags;
1080
1081 /* perform an atomic operation only if at least one flag is set */
1082 do {
1083 flags = sk->sk_tsq_flags;
1084 if (!(flags & TCP_DEFERRED_ALL))
1085 return;
1086 nflags = flags & ~TCP_DEFERRED_ALL;
1087 } while (cmpxchg(&sk->sk_tsq_flags, flags, nflags) != flags);
1088
1089 if (flags & TCPF_TSQ_DEFERRED) {
1090 tcp_tsq_write(sk);
1091 __sock_put(sk);
1092 }
1093 /* Here begins the tricky part :
1094 * We are called from release_sock() with :
1095 * 1) BH disabled
1096 * 2) sk_lock.slock spinlock held
1097 * 3) socket owned by us (sk->sk_lock.owned == 1)
1098 *
1099 * But following code is meant to be called from BH handlers,
1100 * so we should keep BH disabled, but early release socket ownership
1101 */
1102 sock_release_ownership(sk);
1103
1104 if (flags & TCPF_WRITE_TIMER_DEFERRED) {
1105 tcp_write_timer_handler(sk);
1106 __sock_put(sk);
1107 }
1108 if (flags & TCPF_DELACK_TIMER_DEFERRED) {
1109 tcp_delack_timer_handler(sk);
1110 __sock_put(sk);
1111 }
1112 if (flags & TCPF_MTU_REDUCED_DEFERRED) {
1113 inet_csk(sk)->icsk_af_ops->mtu_reduced(sk);
1114 __sock_put(sk);
1115 }
1116 }
1117 EXPORT_SYMBOL(tcp_release_cb);
1118
tcp_tasklet_init(void)1119 void __init tcp_tasklet_init(void)
1120 {
1121 int i;
1122
1123 for_each_possible_cpu(i) {
1124 struct tsq_tasklet *tsq = &per_cpu(tsq_tasklet, i);
1125
1126 INIT_LIST_HEAD(&tsq->head);
1127 tasklet_init(&tsq->tasklet,
1128 tcp_tasklet_func,
1129 (unsigned long)tsq);
1130 }
1131 }
1132
1133 /*
1134 * Write buffer destructor automatically called from kfree_skb.
1135 * We can't xmit new skbs from this context, as we might already
1136 * hold qdisc lock.
1137 */
tcp_wfree(struct sk_buff * skb)1138 void tcp_wfree(struct sk_buff *skb)
1139 {
1140 struct sock *sk = skb->sk;
1141 struct tcp_sock *tp = tcp_sk(sk);
1142 unsigned long flags, nval, oval;
1143
1144 /* Keep one reference on sk_wmem_alloc.
1145 * Will be released by sk_free() from here or tcp_tasklet_func()
1146 */
1147 WARN_ON(refcount_sub_and_test(skb->truesize - 1, &sk->sk_wmem_alloc));
1148
1149 /* If this softirq is serviced by ksoftirqd, we are likely under stress.
1150 * Wait until our queues (qdisc + devices) are drained.
1151 * This gives :
1152 * - less callbacks to tcp_write_xmit(), reducing stress (batches)
1153 * - chance for incoming ACK (processed by another cpu maybe)
1154 * to migrate this flow (skb->ooo_okay will be eventually set)
1155 */
1156 if (refcount_read(&sk->sk_wmem_alloc) >= SKB_TRUESIZE(1) && this_cpu_ksoftirqd() == current)
1157 goto out;
1158
1159 for (oval = READ_ONCE(sk->sk_tsq_flags);; oval = nval) {
1160 struct tsq_tasklet *tsq;
1161 bool empty;
1162
1163 if (!(oval & TSQF_THROTTLED) || (oval & TSQF_QUEUED))
1164 goto out;
1165
1166 nval = (oval & ~TSQF_THROTTLED) | TSQF_QUEUED;
1167 nval = cmpxchg(&sk->sk_tsq_flags, oval, nval);
1168 if (nval != oval)
1169 continue;
1170
1171 /* queue this socket to tasklet queue */
1172 local_irq_save(flags);
1173 tsq = this_cpu_ptr(&tsq_tasklet);
1174 empty = list_empty(&tsq->head);
1175 list_add(&tp->tsq_node, &tsq->head);
1176 if (empty)
1177 tasklet_schedule(&tsq->tasklet);
1178 local_irq_restore(flags);
1179 return;
1180 }
1181 out:
1182 sk_free(sk);
1183 }
1184
1185 /* Note: Called under soft irq.
1186 * We can call TCP stack right away, unless socket is owned by user.
1187 */
tcp_pace_kick(struct hrtimer * timer)1188 enum hrtimer_restart tcp_pace_kick(struct hrtimer *timer)
1189 {
1190 struct tcp_sock *tp = container_of(timer, struct tcp_sock, pacing_timer);
1191 struct sock *sk = (struct sock *)tp;
1192
1193 tcp_tsq_handler(sk);
1194 sock_put(sk);
1195
1196 return HRTIMER_NORESTART;
1197 }
1198
tcp_update_skb_after_send(struct sock * sk,struct sk_buff * skb,u64 prior_wstamp)1199 static void tcp_update_skb_after_send(struct sock *sk, struct sk_buff *skb,
1200 u64 prior_wstamp)
1201 {
1202 struct tcp_sock *tp = tcp_sk(sk);
1203
1204 if (sk->sk_pacing_status != SK_PACING_NONE) {
1205 unsigned long rate = sk->sk_pacing_rate;
1206
1207 /* Original sch_fq does not pace first 10 MSS
1208 * Note that tp->data_segs_out overflows after 2^32 packets,
1209 * this is a minor annoyance.
1210 */
1211 if (rate != ~0UL && rate && tp->data_segs_out >= 10) {
1212 u64 len_ns = div64_ul((u64)skb->len * NSEC_PER_SEC, rate);
1213 u64 credit = tp->tcp_wstamp_ns - prior_wstamp;
1214
1215 /* take into account OS jitter */
1216 len_ns -= min_t(u64, len_ns / 2, credit);
1217 tp->tcp_wstamp_ns += len_ns;
1218 }
1219 }
1220 list_move_tail(&skb->tcp_tsorted_anchor, &tp->tsorted_sent_queue);
1221 }
1222
1223 INDIRECT_CALLABLE_DECLARE(int ip_queue_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl));
1224 INDIRECT_CALLABLE_DECLARE(int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl));
1225 INDIRECT_CALLABLE_DECLARE(void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb));
1226
1227 /* This routine actually transmits TCP packets queued in by
1228 * tcp_do_sendmsg(). This is used by both the initial
1229 * transmission and possible later retransmissions.
1230 * All SKB's seen here are completely headerless. It is our
1231 * job to build the TCP header, and pass the packet down to
1232 * IP so it can do the same plus pass the packet off to the
1233 * device.
1234 *
1235 * We are working here with either a clone of the original
1236 * SKB, or a fresh unique copy made by the retransmit engine.
1237 */
__tcp_transmit_skb(struct sock * sk,struct sk_buff * skb,int clone_it,gfp_t gfp_mask,u32 rcv_nxt)1238 static int __tcp_transmit_skb(struct sock *sk, struct sk_buff *skb,
1239 int clone_it, gfp_t gfp_mask, u32 rcv_nxt)
1240 {
1241 const struct inet_connection_sock *icsk = inet_csk(sk);
1242 struct inet_sock *inet;
1243 struct tcp_sock *tp;
1244 struct tcp_skb_cb *tcb;
1245 struct tcp_out_options opts;
1246 unsigned int tcp_options_size, tcp_header_size;
1247 struct sk_buff *oskb = NULL;
1248 struct tcp_md5sig_key *md5;
1249 struct tcphdr *th;
1250 u64 prior_wstamp;
1251 int err;
1252
1253 BUG_ON(!skb || !tcp_skb_pcount(skb));
1254 tp = tcp_sk(sk);
1255 prior_wstamp = tp->tcp_wstamp_ns;
1256 tp->tcp_wstamp_ns = max(tp->tcp_wstamp_ns, tp->tcp_clock_cache);
1257 skb->skb_mstamp_ns = tp->tcp_wstamp_ns;
1258 if (clone_it) {
1259 TCP_SKB_CB(skb)->tx.in_flight = TCP_SKB_CB(skb)->end_seq
1260 - tp->snd_una;
1261 oskb = skb;
1262
1263 tcp_skb_tsorted_save(oskb) {
1264 if (unlikely(skb_cloned(oskb)))
1265 skb = pskb_copy(oskb, gfp_mask);
1266 else
1267 skb = skb_clone(oskb, gfp_mask);
1268 } tcp_skb_tsorted_restore(oskb);
1269
1270 if (unlikely(!skb))
1271 return -ENOBUFS;
1272 /* retransmit skbs might have a non zero value in skb->dev
1273 * because skb->dev is aliased with skb->rbnode.rb_left
1274 */
1275 skb->dev = NULL;
1276 }
1277
1278 inet = inet_sk(sk);
1279 tcb = TCP_SKB_CB(skb);
1280 memset(&opts, 0, sizeof(opts));
1281
1282 if (unlikely(tcb->tcp_flags & TCPHDR_SYN)) {
1283 tcp_options_size = tcp_syn_options(sk, skb, &opts, &md5);
1284 } else {
1285 tcp_options_size = tcp_established_options(sk, skb, &opts,
1286 &md5);
1287 /* Force a PSH flag on all (GSO) packets to expedite GRO flush
1288 * at receiver : This slightly improve GRO performance.
1289 * Note that we do not force the PSH flag for non GSO packets,
1290 * because they might be sent under high congestion events,
1291 * and in this case it is better to delay the delivery of 1-MSS
1292 * packets and thus the corresponding ACK packet that would
1293 * release the following packet.
1294 */
1295 if (tcp_skb_pcount(skb) > 1)
1296 tcb->tcp_flags |= TCPHDR_PSH;
1297 }
1298 tcp_header_size = tcp_options_size + sizeof(struct tcphdr);
1299
1300 /* if no packet is in qdisc/device queue, then allow XPS to select
1301 * another queue. We can be called from tcp_tsq_handler()
1302 * which holds one reference to sk.
1303 *
1304 * TODO: Ideally, in-flight pure ACK packets should not matter here.
1305 * One way to get this would be to set skb->truesize = 2 on them.
1306 */
1307 skb->ooo_okay = sk_wmem_alloc_get(sk) < SKB_TRUESIZE(1);
1308
1309 /* If we had to use memory reserve to allocate this skb,
1310 * this might cause drops if packet is looped back :
1311 * Other socket might not have SOCK_MEMALLOC.
1312 * Packets not looped back do not care about pfmemalloc.
1313 */
1314 skb->pfmemalloc = 0;
1315
1316 skb_push(skb, tcp_header_size);
1317 skb_reset_transport_header(skb);
1318
1319 skb_orphan(skb);
1320 skb->sk = sk;
1321 skb->destructor = skb_is_tcp_pure_ack(skb) ? __sock_wfree : tcp_wfree;
1322 skb_set_hash_from_sk(skb, sk);
1323 refcount_add(skb->truesize, &sk->sk_wmem_alloc);
1324
1325 skb_set_dst_pending_confirm(skb, READ_ONCE(sk->sk_dst_pending_confirm));
1326
1327 /* Build TCP header and checksum it. */
1328 th = (struct tcphdr *)skb->data;
1329 th->source = inet->inet_sport;
1330 th->dest = inet->inet_dport;
1331 th->seq = htonl(tcb->seq);
1332 th->ack_seq = htonl(rcv_nxt);
1333 *(((__be16 *)th) + 6) = htons(((tcp_header_size >> 2) << 12) |
1334 tcb->tcp_flags);
1335
1336 th->check = 0;
1337 th->urg_ptr = 0;
1338
1339 /* The urg_mode check is necessary during a below snd_una win probe */
1340 if (unlikely(tcp_urg_mode(tp) && before(tcb->seq, tp->snd_up))) {
1341 if (before(tp->snd_up, tcb->seq + 0x10000)) {
1342 th->urg_ptr = htons(tp->snd_up - tcb->seq);
1343 th->urg = 1;
1344 } else if (after(tcb->seq + 0xFFFF, tp->snd_nxt)) {
1345 th->urg_ptr = htons(0xFFFF);
1346 th->urg = 1;
1347 }
1348 }
1349
1350 tcp_options_write((__be32 *)(th + 1), tp, &opts);
1351 skb_shinfo(skb)->gso_type = sk->sk_gso_type;
1352 if (likely(!(tcb->tcp_flags & TCPHDR_SYN))) {
1353 th->window = htons(tcp_select_window(sk));
1354 tcp_ecn_send(sk, skb, th, tcp_header_size);
1355 } else {
1356 /* RFC1323: The window in SYN & SYN/ACK segments
1357 * is never scaled.
1358 */
1359 th->window = htons(min(tp->rcv_wnd, 65535U));
1360 }
1361 #ifdef CONFIG_TCP_MD5SIG
1362 /* Calculate the MD5 hash, as we have all we need now */
1363 if (md5) {
1364 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
1365 tp->af_specific->calc_md5_hash(opts.hash_location,
1366 md5, sk, skb);
1367 }
1368 #endif
1369
1370 /* BPF prog is the last one writing header option */
1371 bpf_skops_write_hdr_opt(sk, skb, NULL, NULL, 0, &opts);
1372
1373 INDIRECT_CALL_INET(icsk->icsk_af_ops->send_check,
1374 tcp_v6_send_check, tcp_v4_send_check,
1375 sk, skb);
1376
1377 if (likely(tcb->tcp_flags & TCPHDR_ACK))
1378 tcp_event_ack_sent(sk, rcv_nxt);
1379
1380 if (skb->len != tcp_header_size) {
1381 tcp_event_data_sent(tp, sk);
1382 tp->data_segs_out += tcp_skb_pcount(skb);
1383 tp->bytes_sent += skb->len - tcp_header_size;
1384 }
1385
1386 if (after(tcb->end_seq, tp->snd_nxt) || tcb->seq == tcb->end_seq)
1387 TCP_ADD_STATS(sock_net(sk), TCP_MIB_OUTSEGS,
1388 tcp_skb_pcount(skb));
1389
1390 tp->segs_out += tcp_skb_pcount(skb);
1391 /* OK, its time to fill skb_shinfo(skb)->gso_{segs|size} */
1392 skb_shinfo(skb)->gso_segs = tcp_skb_pcount(skb);
1393 skb_shinfo(skb)->gso_size = tcp_skb_mss(skb);
1394
1395 /* Leave earliest departure time in skb->tstamp (skb->skb_mstamp_ns) */
1396
1397 /* Cleanup our debris for IP stacks */
1398 memset(skb->cb, 0, max(sizeof(struct inet_skb_parm),
1399 sizeof(struct inet6_skb_parm)));
1400
1401 tcp_add_tx_delay(skb, tp);
1402
1403 err = INDIRECT_CALL_INET(icsk->icsk_af_ops->queue_xmit,
1404 inet6_csk_xmit, ip_queue_xmit,
1405 sk, skb, &inet->cork.fl);
1406
1407 if (unlikely(err > 0)) {
1408 tcp_enter_cwr(sk);
1409 err = net_xmit_eval(err);
1410 }
1411 if (!err && oskb) {
1412 tcp_update_skb_after_send(sk, oskb, prior_wstamp);
1413 tcp_rate_skb_sent(sk, oskb);
1414 }
1415 return err;
1416 }
1417
tcp_transmit_skb(struct sock * sk,struct sk_buff * skb,int clone_it,gfp_t gfp_mask)1418 static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
1419 gfp_t gfp_mask)
1420 {
1421 return __tcp_transmit_skb(sk, skb, clone_it, gfp_mask,
1422 tcp_sk(sk)->rcv_nxt);
1423 }
1424
1425 /* This routine just queues the buffer for sending.
1426 *
1427 * NOTE: probe0 timer is not checked, do not forget tcp_push_pending_frames,
1428 * otherwise socket can stall.
1429 */
tcp_queue_skb(struct sock * sk,struct sk_buff * skb)1430 static void tcp_queue_skb(struct sock *sk, struct sk_buff *skb)
1431 {
1432 struct tcp_sock *tp = tcp_sk(sk);
1433
1434 /* Advance write_seq and place onto the write_queue. */
1435 WRITE_ONCE(tp->write_seq, TCP_SKB_CB(skb)->end_seq);
1436 __skb_header_release(skb);
1437 tcp_add_write_queue_tail(sk, skb);
1438 sk_wmem_queued_add(sk, skb->truesize);
1439 sk_mem_charge(sk, skb->truesize);
1440 }
1441
1442 /* Initialize TSO segments for a packet. */
tcp_set_skb_tso_segs(struct sk_buff * skb,unsigned int mss_now)1443 static void tcp_set_skb_tso_segs(struct sk_buff *skb, unsigned int mss_now)
1444 {
1445 if (skb->len <= mss_now) {
1446 /* Avoid the costly divide in the normal
1447 * non-TSO case.
1448 */
1449 tcp_skb_pcount_set(skb, 1);
1450 TCP_SKB_CB(skb)->tcp_gso_size = 0;
1451 } else {
1452 tcp_skb_pcount_set(skb, DIV_ROUND_UP(skb->len, mss_now));
1453 TCP_SKB_CB(skb)->tcp_gso_size = mss_now;
1454 }
1455 }
1456
1457 /* Pcount in the middle of the write queue got changed, we need to do various
1458 * tweaks to fix counters
1459 */
tcp_adjust_pcount(struct sock * sk,const struct sk_buff * skb,int decr)1460 static void tcp_adjust_pcount(struct sock *sk, const struct sk_buff *skb, int decr)
1461 {
1462 struct tcp_sock *tp = tcp_sk(sk);
1463
1464 tp->packets_out -= decr;
1465
1466 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)
1467 tp->sacked_out -= decr;
1468 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS)
1469 tp->retrans_out -= decr;
1470 if (TCP_SKB_CB(skb)->sacked & TCPCB_LOST)
1471 tp->lost_out -= decr;
1472
1473 /* Reno case is special. Sigh... */
1474 if (tcp_is_reno(tp) && decr > 0)
1475 tp->sacked_out -= min_t(u32, tp->sacked_out, decr);
1476
1477 if (tp->lost_skb_hint &&
1478 before(TCP_SKB_CB(skb)->seq, TCP_SKB_CB(tp->lost_skb_hint)->seq) &&
1479 (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED))
1480 tp->lost_cnt_hint -= decr;
1481
1482 tcp_verify_left_out(tp);
1483 }
1484
tcp_has_tx_tstamp(const struct sk_buff * skb)1485 static bool tcp_has_tx_tstamp(const struct sk_buff *skb)
1486 {
1487 return TCP_SKB_CB(skb)->txstamp_ack ||
1488 (skb_shinfo(skb)->tx_flags & SKBTX_ANY_TSTAMP);
1489 }
1490
tcp_fragment_tstamp(struct sk_buff * skb,struct sk_buff * skb2)1491 static void tcp_fragment_tstamp(struct sk_buff *skb, struct sk_buff *skb2)
1492 {
1493 struct skb_shared_info *shinfo = skb_shinfo(skb);
1494
1495 if (unlikely(tcp_has_tx_tstamp(skb)) &&
1496 !before(shinfo->tskey, TCP_SKB_CB(skb2)->seq)) {
1497 struct skb_shared_info *shinfo2 = skb_shinfo(skb2);
1498 u8 tsflags = shinfo->tx_flags & SKBTX_ANY_TSTAMP;
1499
1500 shinfo->tx_flags &= ~tsflags;
1501 shinfo2->tx_flags |= tsflags;
1502 swap(shinfo->tskey, shinfo2->tskey);
1503 TCP_SKB_CB(skb2)->txstamp_ack = TCP_SKB_CB(skb)->txstamp_ack;
1504 TCP_SKB_CB(skb)->txstamp_ack = 0;
1505 }
1506 }
1507
tcp_skb_fragment_eor(struct sk_buff * skb,struct sk_buff * skb2)1508 static void tcp_skb_fragment_eor(struct sk_buff *skb, struct sk_buff *skb2)
1509 {
1510 TCP_SKB_CB(skb2)->eor = TCP_SKB_CB(skb)->eor;
1511 TCP_SKB_CB(skb)->eor = 0;
1512 }
1513
1514 /* Insert buff after skb on the write or rtx queue of sk. */
tcp_insert_write_queue_after(struct sk_buff * skb,struct sk_buff * buff,struct sock * sk,enum tcp_queue tcp_queue)1515 static void tcp_insert_write_queue_after(struct sk_buff *skb,
1516 struct sk_buff *buff,
1517 struct sock *sk,
1518 enum tcp_queue tcp_queue)
1519 {
1520 if (tcp_queue == TCP_FRAG_IN_WRITE_QUEUE)
1521 __skb_queue_after(&sk->sk_write_queue, skb, buff);
1522 else
1523 tcp_rbtree_insert(&sk->tcp_rtx_queue, buff);
1524 }
1525
1526 /* Function to create two new TCP segments. Shrinks the given segment
1527 * to the specified size and appends a new segment with the rest of the
1528 * packet to the list. This won't be called frequently, I hope.
1529 * Remember, these are still headerless SKBs at this point.
1530 */
tcp_fragment(struct sock * sk,enum tcp_queue tcp_queue,struct sk_buff * skb,u32 len,unsigned int mss_now,gfp_t gfp)1531 int tcp_fragment(struct sock *sk, enum tcp_queue tcp_queue,
1532 struct sk_buff *skb, u32 len,
1533 unsigned int mss_now, gfp_t gfp)
1534 {
1535 struct tcp_sock *tp = tcp_sk(sk);
1536 struct sk_buff *buff;
1537 int nsize, old_factor;
1538 long limit;
1539 int nlen;
1540 u8 flags;
1541
1542 if (WARN_ON(len > skb->len))
1543 return -EINVAL;
1544
1545 nsize = skb_headlen(skb) - len;
1546 if (nsize < 0)
1547 nsize = 0;
1548
1549 /* tcp_sendmsg() can overshoot sk_wmem_queued by one full size skb.
1550 * We need some allowance to not penalize applications setting small
1551 * SO_SNDBUF values.
1552 * Also allow first and last skb in retransmit queue to be split.
1553 */
1554 limit = sk->sk_sndbuf + 2 * SKB_TRUESIZE(GSO_MAX_SIZE);
1555 if (unlikely((sk->sk_wmem_queued >> 1) > limit &&
1556 tcp_queue != TCP_FRAG_IN_WRITE_QUEUE &&
1557 skb != tcp_rtx_queue_head(sk) &&
1558 skb != tcp_rtx_queue_tail(sk))) {
1559 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPWQUEUETOOBIG);
1560 return -ENOMEM;
1561 }
1562
1563 if (skb_unclone(skb, gfp))
1564 return -ENOMEM;
1565
1566 /* Get a new skb... force flag on. */
1567 buff = sk_stream_alloc_skb(sk, nsize, gfp, true);
1568 if (!buff)
1569 return -ENOMEM; /* We'll just try again later. */
1570 skb_copy_decrypted(buff, skb);
1571
1572 sk_wmem_queued_add(sk, buff->truesize);
1573 sk_mem_charge(sk, buff->truesize);
1574 nlen = skb->len - len - nsize;
1575 buff->truesize += nlen;
1576 skb->truesize -= nlen;
1577
1578 /* Correct the sequence numbers. */
1579 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len;
1580 TCP_SKB_CB(buff)->end_seq = TCP_SKB_CB(skb)->end_seq;
1581 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq;
1582
1583 /* PSH and FIN should only be set in the second packet. */
1584 flags = TCP_SKB_CB(skb)->tcp_flags;
1585 TCP_SKB_CB(skb)->tcp_flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH);
1586 TCP_SKB_CB(buff)->tcp_flags = flags;
1587 TCP_SKB_CB(buff)->sacked = TCP_SKB_CB(skb)->sacked;
1588 tcp_skb_fragment_eor(skb, buff);
1589
1590 skb_split(skb, buff, len);
1591
1592 buff->ip_summed = CHECKSUM_PARTIAL;
1593
1594 buff->tstamp = skb->tstamp;
1595 tcp_fragment_tstamp(skb, buff);
1596
1597 old_factor = tcp_skb_pcount(skb);
1598
1599 /* Fix up tso_factor for both original and new SKB. */
1600 tcp_set_skb_tso_segs(skb, mss_now);
1601 tcp_set_skb_tso_segs(buff, mss_now);
1602
1603 /* Update delivered info for the new segment */
1604 TCP_SKB_CB(buff)->tx = TCP_SKB_CB(skb)->tx;
1605
1606 /* If this packet has been sent out already, we must
1607 * adjust the various packet counters.
1608 */
1609 if (!before(tp->snd_nxt, TCP_SKB_CB(buff)->end_seq)) {
1610 int diff = old_factor - tcp_skb_pcount(skb) -
1611 tcp_skb_pcount(buff);
1612
1613 if (diff)
1614 tcp_adjust_pcount(sk, skb, diff);
1615 }
1616
1617 /* Link BUFF into the send queue. */
1618 __skb_header_release(buff);
1619 tcp_insert_write_queue_after(skb, buff, sk, tcp_queue);
1620 if (tcp_queue == TCP_FRAG_IN_RTX_QUEUE)
1621 list_add(&buff->tcp_tsorted_anchor, &skb->tcp_tsorted_anchor);
1622
1623 return 0;
1624 }
1625
1626 /* This is similar to __pskb_pull_tail(). The difference is that pulled
1627 * data is not copied, but immediately discarded.
1628 */
__pskb_trim_head(struct sk_buff * skb,int len)1629 static int __pskb_trim_head(struct sk_buff *skb, int len)
1630 {
1631 struct skb_shared_info *shinfo;
1632 int i, k, eat;
1633
1634 eat = min_t(int, len, skb_headlen(skb));
1635 if (eat) {
1636 __skb_pull(skb, eat);
1637 len -= eat;
1638 if (!len)
1639 return 0;
1640 }
1641 eat = len;
1642 k = 0;
1643 shinfo = skb_shinfo(skb);
1644 for (i = 0; i < shinfo->nr_frags; i++) {
1645 int size = skb_frag_size(&shinfo->frags[i]);
1646
1647 if (size <= eat) {
1648 skb_frag_unref(skb, i);
1649 eat -= size;
1650 } else {
1651 shinfo->frags[k] = shinfo->frags[i];
1652 if (eat) {
1653 skb_frag_off_add(&shinfo->frags[k], eat);
1654 skb_frag_size_sub(&shinfo->frags[k], eat);
1655 eat = 0;
1656 }
1657 k++;
1658 }
1659 }
1660 shinfo->nr_frags = k;
1661
1662 skb->data_len -= len;
1663 skb->len = skb->data_len;
1664 return len;
1665 }
1666
1667 /* Remove acked data from a packet in the transmit queue. */
tcp_trim_head(struct sock * sk,struct sk_buff * skb,u32 len)1668 int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len)
1669 {
1670 u32 delta_truesize;
1671
1672 if (skb_unclone(skb, GFP_ATOMIC))
1673 return -ENOMEM;
1674
1675 delta_truesize = __pskb_trim_head(skb, len);
1676
1677 TCP_SKB_CB(skb)->seq += len;
1678 skb->ip_summed = CHECKSUM_PARTIAL;
1679
1680 if (delta_truesize) {
1681 skb->truesize -= delta_truesize;
1682 sk_wmem_queued_add(sk, -delta_truesize);
1683 sk_mem_uncharge(sk, delta_truesize);
1684 }
1685
1686 /* Any change of skb->len requires recalculation of tso factor. */
1687 if (tcp_skb_pcount(skb) > 1)
1688 tcp_set_skb_tso_segs(skb, tcp_skb_mss(skb));
1689
1690 return 0;
1691 }
1692
1693 /* Calculate MSS not accounting any TCP options. */
__tcp_mtu_to_mss(struct sock * sk,int pmtu)1694 static inline int __tcp_mtu_to_mss(struct sock *sk, int pmtu)
1695 {
1696 const struct tcp_sock *tp = tcp_sk(sk);
1697 const struct inet_connection_sock *icsk = inet_csk(sk);
1698 int mss_now;
1699
1700 /* Calculate base mss without TCP options:
1701 It is MMS_S - sizeof(tcphdr) of rfc1122
1702 */
1703 mss_now = pmtu - icsk->icsk_af_ops->net_header_len - sizeof(struct tcphdr);
1704
1705 /* IPv6 adds a frag_hdr in case RTAX_FEATURE_ALLFRAG is set */
1706 if (icsk->icsk_af_ops->net_frag_header_len) {
1707 const struct dst_entry *dst = __sk_dst_get(sk);
1708
1709 if (dst && dst_allfrag(dst))
1710 mss_now -= icsk->icsk_af_ops->net_frag_header_len;
1711 }
1712
1713 /* Clamp it (mss_clamp does not include tcp options) */
1714 if (mss_now > tp->rx_opt.mss_clamp)
1715 mss_now = tp->rx_opt.mss_clamp;
1716
1717 /* Now subtract optional transport overhead */
1718 mss_now -= icsk->icsk_ext_hdr_len;
1719
1720 /* Then reserve room for full set of TCP options and 8 bytes of data */
1721 mss_now = max(mss_now,
1722 READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_min_snd_mss));
1723 return mss_now;
1724 }
1725
1726 /* Calculate MSS. Not accounting for SACKs here. */
tcp_mtu_to_mss(struct sock * sk,int pmtu)1727 int tcp_mtu_to_mss(struct sock *sk, int pmtu)
1728 {
1729 /* Subtract TCP options size, not including SACKs */
1730 return __tcp_mtu_to_mss(sk, pmtu) -
1731 (tcp_sk(sk)->tcp_header_len - sizeof(struct tcphdr));
1732 }
1733 EXPORT_SYMBOL(tcp_mtu_to_mss);
1734
1735 /* Inverse of above */
tcp_mss_to_mtu(struct sock * sk,int mss)1736 int tcp_mss_to_mtu(struct sock *sk, int mss)
1737 {
1738 const struct tcp_sock *tp = tcp_sk(sk);
1739 const struct inet_connection_sock *icsk = inet_csk(sk);
1740 int mtu;
1741
1742 mtu = mss +
1743 tp->tcp_header_len +
1744 icsk->icsk_ext_hdr_len +
1745 icsk->icsk_af_ops->net_header_len;
1746
1747 /* IPv6 adds a frag_hdr in case RTAX_FEATURE_ALLFRAG is set */
1748 if (icsk->icsk_af_ops->net_frag_header_len) {
1749 const struct dst_entry *dst = __sk_dst_get(sk);
1750
1751 if (dst && dst_allfrag(dst))
1752 mtu += icsk->icsk_af_ops->net_frag_header_len;
1753 }
1754 return mtu;
1755 }
1756 EXPORT_SYMBOL(tcp_mss_to_mtu);
1757
1758 /* MTU probing init per socket */
tcp_mtup_init(struct sock * sk)1759 void tcp_mtup_init(struct sock *sk)
1760 {
1761 struct tcp_sock *tp = tcp_sk(sk);
1762 struct inet_connection_sock *icsk = inet_csk(sk);
1763 struct net *net = sock_net(sk);
1764
1765 icsk->icsk_mtup.enabled = READ_ONCE(net->ipv4.sysctl_tcp_mtu_probing) > 1;
1766 icsk->icsk_mtup.search_high = tp->rx_opt.mss_clamp + sizeof(struct tcphdr) +
1767 icsk->icsk_af_ops->net_header_len;
1768 icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, READ_ONCE(net->ipv4.sysctl_tcp_base_mss));
1769 icsk->icsk_mtup.probe_size = 0;
1770 if (icsk->icsk_mtup.enabled)
1771 icsk->icsk_mtup.probe_timestamp = tcp_jiffies32;
1772 }
1773 EXPORT_SYMBOL(tcp_mtup_init);
1774
1775 /* This function synchronize snd mss to current pmtu/exthdr set.
1776
1777 tp->rx_opt.user_mss is mss set by user by TCP_MAXSEG. It does NOT counts
1778 for TCP options, but includes only bare TCP header.
1779
1780 tp->rx_opt.mss_clamp is mss negotiated at connection setup.
1781 It is minimum of user_mss and mss received with SYN.
1782 It also does not include TCP options.
1783
1784 inet_csk(sk)->icsk_pmtu_cookie is last pmtu, seen by this function.
1785
1786 tp->mss_cache is current effective sending mss, including
1787 all tcp options except for SACKs. It is evaluated,
1788 taking into account current pmtu, but never exceeds
1789 tp->rx_opt.mss_clamp.
1790
1791 NOTE1. rfc1122 clearly states that advertised MSS
1792 DOES NOT include either tcp or ip options.
1793
1794 NOTE2. inet_csk(sk)->icsk_pmtu_cookie and tp->mss_cache
1795 are READ ONLY outside this function. --ANK (980731)
1796 */
tcp_sync_mss(struct sock * sk,u32 pmtu)1797 unsigned int tcp_sync_mss(struct sock *sk, u32 pmtu)
1798 {
1799 struct tcp_sock *tp = tcp_sk(sk);
1800 struct inet_connection_sock *icsk = inet_csk(sk);
1801 int mss_now;
1802
1803 if (icsk->icsk_mtup.search_high > pmtu)
1804 icsk->icsk_mtup.search_high = pmtu;
1805
1806 mss_now = tcp_mtu_to_mss(sk, pmtu);
1807 mss_now = tcp_bound_to_half_wnd(tp, mss_now);
1808
1809 /* And store cached results */
1810 icsk->icsk_pmtu_cookie = pmtu;
1811 if (icsk->icsk_mtup.enabled)
1812 mss_now = min(mss_now, tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low));
1813 tp->mss_cache = mss_now;
1814
1815 return mss_now;
1816 }
1817 EXPORT_SYMBOL(tcp_sync_mss);
1818
1819 /* Compute the current effective MSS, taking SACKs and IP options,
1820 * and even PMTU discovery events into account.
1821 */
tcp_current_mss(struct sock * sk)1822 unsigned int tcp_current_mss(struct sock *sk)
1823 {
1824 const struct tcp_sock *tp = tcp_sk(sk);
1825 const struct dst_entry *dst = __sk_dst_get(sk);
1826 u32 mss_now;
1827 unsigned int header_len;
1828 struct tcp_out_options opts;
1829 struct tcp_md5sig_key *md5;
1830
1831 mss_now = tp->mss_cache;
1832
1833 if (dst) {
1834 u32 mtu = dst_mtu(dst);
1835 if (mtu != inet_csk(sk)->icsk_pmtu_cookie)
1836 mss_now = tcp_sync_mss(sk, mtu);
1837 }
1838
1839 header_len = tcp_established_options(sk, NULL, &opts, &md5) +
1840 sizeof(struct tcphdr);
1841 /* The mss_cache is sized based on tp->tcp_header_len, which assumes
1842 * some common options. If this is an odd packet (because we have SACK
1843 * blocks etc) then our calculated header_len will be different, and
1844 * we have to adjust mss_now correspondingly */
1845 if (header_len != tp->tcp_header_len) {
1846 int delta = (int) header_len - tp->tcp_header_len;
1847 mss_now -= delta;
1848 }
1849
1850 return mss_now;
1851 }
1852
1853 /* RFC2861, slow part. Adjust cwnd, after it was not full during one rto.
1854 * As additional protections, we do not touch cwnd in retransmission phases,
1855 * and if application hit its sndbuf limit recently.
1856 */
tcp_cwnd_application_limited(struct sock * sk)1857 static void tcp_cwnd_application_limited(struct sock *sk)
1858 {
1859 struct tcp_sock *tp = tcp_sk(sk);
1860
1861 if (inet_csk(sk)->icsk_ca_state == TCP_CA_Open &&
1862 sk->sk_socket && !test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) {
1863 /* Limited by application or receiver window. */
1864 u32 init_win = tcp_init_cwnd(tp, __sk_dst_get(sk));
1865 u32 win_used = max(tp->snd_cwnd_used, init_win);
1866 if (win_used < tp->snd_cwnd) {
1867 tp->snd_ssthresh = tcp_current_ssthresh(sk);
1868 tp->snd_cwnd = (tp->snd_cwnd + win_used) >> 1;
1869 }
1870 tp->snd_cwnd_used = 0;
1871 }
1872 tp->snd_cwnd_stamp = tcp_jiffies32;
1873 }
1874
tcp_cwnd_validate(struct sock * sk,bool is_cwnd_limited)1875 static void tcp_cwnd_validate(struct sock *sk, bool is_cwnd_limited)
1876 {
1877 const struct tcp_congestion_ops *ca_ops = inet_csk(sk)->icsk_ca_ops;
1878 struct tcp_sock *tp = tcp_sk(sk);
1879
1880 /* Track the strongest available signal of the degree to which the cwnd
1881 * is fully utilized. If cwnd-limited then remember that fact for the
1882 * current window. If not cwnd-limited then track the maximum number of
1883 * outstanding packets in the current window. (If cwnd-limited then we
1884 * chose to not update tp->max_packets_out to avoid an extra else
1885 * clause with no functional impact.)
1886 */
1887 if (!before(tp->snd_una, tp->cwnd_usage_seq) ||
1888 is_cwnd_limited ||
1889 (!tp->is_cwnd_limited &&
1890 tp->packets_out > tp->max_packets_out)) {
1891 tp->is_cwnd_limited = is_cwnd_limited;
1892 tp->max_packets_out = tp->packets_out;
1893 tp->cwnd_usage_seq = tp->snd_nxt;
1894 }
1895
1896 if (tcp_is_cwnd_limited(sk)) {
1897 /* Network is feed fully. */
1898 tp->snd_cwnd_used = 0;
1899 tp->snd_cwnd_stamp = tcp_jiffies32;
1900 } else {
1901 /* Network starves. */
1902 if (tp->packets_out > tp->snd_cwnd_used)
1903 tp->snd_cwnd_used = tp->packets_out;
1904
1905 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_slow_start_after_idle) &&
1906 (s32)(tcp_jiffies32 - tp->snd_cwnd_stamp) >= inet_csk(sk)->icsk_rto &&
1907 !ca_ops->cong_control)
1908 tcp_cwnd_application_limited(sk);
1909
1910 /* The following conditions together indicate the starvation
1911 * is caused by insufficient sender buffer:
1912 * 1) just sent some data (see tcp_write_xmit)
1913 * 2) not cwnd limited (this else condition)
1914 * 3) no more data to send (tcp_write_queue_empty())
1915 * 4) application is hitting buffer limit (SOCK_NOSPACE)
1916 */
1917 if (tcp_write_queue_empty(sk) && sk->sk_socket &&
1918 test_bit(SOCK_NOSPACE, &sk->sk_socket->flags) &&
1919 (1 << sk->sk_state) & (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT))
1920 tcp_chrono_start(sk, TCP_CHRONO_SNDBUF_LIMITED);
1921 }
1922 }
1923
1924 /* Minshall's variant of the Nagle send check. */
tcp_minshall_check(const struct tcp_sock * tp)1925 static bool tcp_minshall_check(const struct tcp_sock *tp)
1926 {
1927 return after(tp->snd_sml, tp->snd_una) &&
1928 !after(tp->snd_sml, tp->snd_nxt);
1929 }
1930
1931 /* Update snd_sml if this skb is under mss
1932 * Note that a TSO packet might end with a sub-mss segment
1933 * The test is really :
1934 * if ((skb->len % mss) != 0)
1935 * tp->snd_sml = TCP_SKB_CB(skb)->end_seq;
1936 * But we can avoid doing the divide again given we already have
1937 * skb_pcount = skb->len / mss_now
1938 */
tcp_minshall_update(struct tcp_sock * tp,unsigned int mss_now,const struct sk_buff * skb)1939 static void tcp_minshall_update(struct tcp_sock *tp, unsigned int mss_now,
1940 const struct sk_buff *skb)
1941 {
1942 if (skb->len < tcp_skb_pcount(skb) * mss_now)
1943 tp->snd_sml = TCP_SKB_CB(skb)->end_seq;
1944 }
1945
1946 /* Return false, if packet can be sent now without violation Nagle's rules:
1947 * 1. It is full sized. (provided by caller in %partial bool)
1948 * 2. Or it contains FIN. (already checked by caller)
1949 * 3. Or TCP_CORK is not set, and TCP_NODELAY is set.
1950 * 4. Or TCP_CORK is not set, and all sent packets are ACKed.
1951 * With Minshall's modification: all sent small packets are ACKed.
1952 */
tcp_nagle_check(bool partial,const struct tcp_sock * tp,int nonagle)1953 static bool tcp_nagle_check(bool partial, const struct tcp_sock *tp,
1954 int nonagle)
1955 {
1956 return partial &&
1957 ((nonagle & TCP_NAGLE_CORK) ||
1958 (!nonagle && tp->packets_out && tcp_minshall_check(tp)));
1959 }
1960
1961 /* Return how many segs we'd like on a TSO packet,
1962 * to send one TSO packet per ms
1963 */
tcp_tso_autosize(const struct sock * sk,unsigned int mss_now,int min_tso_segs)1964 static u32 tcp_tso_autosize(const struct sock *sk, unsigned int mss_now,
1965 int min_tso_segs)
1966 {
1967 u32 bytes, segs;
1968
1969 bytes = min_t(unsigned long,
1970 sk->sk_pacing_rate >> READ_ONCE(sk->sk_pacing_shift),
1971 sk->sk_gso_max_size - 1 - MAX_TCP_HEADER);
1972
1973 /* Goal is to send at least one packet per ms,
1974 * not one big TSO packet every 100 ms.
1975 * This preserves ACK clocking and is consistent
1976 * with tcp_tso_should_defer() heuristic.
1977 */
1978 segs = max_t(u32, bytes / mss_now, min_tso_segs);
1979
1980 return segs;
1981 }
1982
1983 /* Return the number of segments we want in the skb we are transmitting.
1984 * See if congestion control module wants to decide; otherwise, autosize.
1985 */
tcp_tso_segs(struct sock * sk,unsigned int mss_now)1986 static u32 tcp_tso_segs(struct sock *sk, unsigned int mss_now)
1987 {
1988 const struct tcp_congestion_ops *ca_ops = inet_csk(sk)->icsk_ca_ops;
1989 u32 min_tso, tso_segs;
1990
1991 min_tso = ca_ops->min_tso_segs ?
1992 ca_ops->min_tso_segs(sk) :
1993 READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_min_tso_segs);
1994
1995 tso_segs = tcp_tso_autosize(sk, mss_now, min_tso);
1996 return min_t(u32, tso_segs, sk->sk_gso_max_segs);
1997 }
1998
1999 /* Returns the portion of skb which can be sent right away */
tcp_mss_split_point(const struct sock * sk,const struct sk_buff * skb,unsigned int mss_now,unsigned int max_segs,int nonagle)2000 static unsigned int tcp_mss_split_point(const struct sock *sk,
2001 const struct sk_buff *skb,
2002 unsigned int mss_now,
2003 unsigned int max_segs,
2004 int nonagle)
2005 {
2006 const struct tcp_sock *tp = tcp_sk(sk);
2007 u32 partial, needed, window, max_len;
2008
2009 window = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
2010 max_len = mss_now * max_segs;
2011
2012 if (likely(max_len <= window && skb != tcp_write_queue_tail(sk)))
2013 return max_len;
2014
2015 needed = min(skb->len, window);
2016
2017 if (max_len <= needed)
2018 return max_len;
2019
2020 partial = needed % mss_now;
2021 /* If last segment is not a full MSS, check if Nagle rules allow us
2022 * to include this last segment in this skb.
2023 * Otherwise, we'll split the skb at last MSS boundary
2024 */
2025 if (tcp_nagle_check(partial != 0, tp, nonagle))
2026 return needed - partial;
2027
2028 return needed;
2029 }
2030
2031 /* Can at least one segment of SKB be sent right now, according to the
2032 * congestion window rules? If so, return how many segments are allowed.
2033 */
tcp_cwnd_test(const struct tcp_sock * tp,const struct sk_buff * skb)2034 static inline unsigned int tcp_cwnd_test(const struct tcp_sock *tp,
2035 const struct sk_buff *skb)
2036 {
2037 u32 in_flight, cwnd, halfcwnd;
2038
2039 /* Don't be strict about the congestion window for the final FIN. */
2040 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) &&
2041 tcp_skb_pcount(skb) == 1)
2042 return 1;
2043
2044 in_flight = tcp_packets_in_flight(tp);
2045 cwnd = tp->snd_cwnd;
2046 if (in_flight >= cwnd)
2047 return 0;
2048
2049 /* For better scheduling, ensure we have at least
2050 * 2 GSO packets in flight.
2051 */
2052 halfcwnd = max(cwnd >> 1, 1U);
2053 return min(halfcwnd, cwnd - in_flight);
2054 }
2055
2056 /* Initialize TSO state of a skb.
2057 * This must be invoked the first time we consider transmitting
2058 * SKB onto the wire.
2059 */
tcp_init_tso_segs(struct sk_buff * skb,unsigned int mss_now)2060 static int tcp_init_tso_segs(struct sk_buff *skb, unsigned int mss_now)
2061 {
2062 int tso_segs = tcp_skb_pcount(skb);
2063
2064 if (!tso_segs || (tso_segs > 1 && tcp_skb_mss(skb) != mss_now)) {
2065 tcp_set_skb_tso_segs(skb, mss_now);
2066 tso_segs = tcp_skb_pcount(skb);
2067 }
2068 return tso_segs;
2069 }
2070
2071
2072 /* Return true if the Nagle test allows this packet to be
2073 * sent now.
2074 */
tcp_nagle_test(const struct tcp_sock * tp,const struct sk_buff * skb,unsigned int cur_mss,int nonagle)2075 static inline bool tcp_nagle_test(const struct tcp_sock *tp, const struct sk_buff *skb,
2076 unsigned int cur_mss, int nonagle)
2077 {
2078 /* Nagle rule does not apply to frames, which sit in the middle of the
2079 * write_queue (they have no chances to get new data).
2080 *
2081 * This is implemented in the callers, where they modify the 'nonagle'
2082 * argument based upon the location of SKB in the send queue.
2083 */
2084 if (nonagle & TCP_NAGLE_PUSH)
2085 return true;
2086
2087 /* Don't use the nagle rule for urgent data (or for the final FIN). */
2088 if (tcp_urg_mode(tp) || (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN))
2089 return true;
2090
2091 if (!tcp_nagle_check(skb->len < cur_mss, tp, nonagle))
2092 return true;
2093
2094 return false;
2095 }
2096
2097 /* Does at least the first segment of SKB fit into the send window? */
tcp_snd_wnd_test(const struct tcp_sock * tp,const struct sk_buff * skb,unsigned int cur_mss)2098 static bool tcp_snd_wnd_test(const struct tcp_sock *tp,
2099 const struct sk_buff *skb,
2100 unsigned int cur_mss)
2101 {
2102 u32 end_seq = TCP_SKB_CB(skb)->end_seq;
2103
2104 if (skb->len > cur_mss)
2105 end_seq = TCP_SKB_CB(skb)->seq + cur_mss;
2106
2107 return !after(end_seq, tcp_wnd_end(tp));
2108 }
2109
2110 /* Trim TSO SKB to LEN bytes, put the remaining data into a new packet
2111 * which is put after SKB on the list. It is very much like
2112 * tcp_fragment() except that it may make several kinds of assumptions
2113 * in order to speed up the splitting operation. In particular, we
2114 * know that all the data is in scatter-gather pages, and that the
2115 * packet has never been sent out before (and thus is not cloned).
2116 */
tso_fragment(struct sock * sk,struct sk_buff * skb,unsigned int len,unsigned int mss_now,gfp_t gfp)2117 static int tso_fragment(struct sock *sk, struct sk_buff *skb, unsigned int len,
2118 unsigned int mss_now, gfp_t gfp)
2119 {
2120 int nlen = skb->len - len;
2121 struct sk_buff *buff;
2122 u8 flags;
2123
2124 /* All of a TSO frame must be composed of paged data. */
2125 if (skb->len != skb->data_len)
2126 return tcp_fragment(sk, TCP_FRAG_IN_WRITE_QUEUE,
2127 skb, len, mss_now, gfp);
2128
2129 buff = sk_stream_alloc_skb(sk, 0, gfp, true);
2130 if (unlikely(!buff))
2131 return -ENOMEM;
2132 skb_copy_decrypted(buff, skb);
2133
2134 sk_wmem_queued_add(sk, buff->truesize);
2135 sk_mem_charge(sk, buff->truesize);
2136 buff->truesize += nlen;
2137 skb->truesize -= nlen;
2138
2139 /* Correct the sequence numbers. */
2140 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len;
2141 TCP_SKB_CB(buff)->end_seq = TCP_SKB_CB(skb)->end_seq;
2142 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq;
2143
2144 /* PSH and FIN should only be set in the second packet. */
2145 flags = TCP_SKB_CB(skb)->tcp_flags;
2146 TCP_SKB_CB(skb)->tcp_flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH);
2147 TCP_SKB_CB(buff)->tcp_flags = flags;
2148
2149 /* This packet was never sent out yet, so no SACK bits. */
2150 TCP_SKB_CB(buff)->sacked = 0;
2151
2152 tcp_skb_fragment_eor(skb, buff);
2153
2154 buff->ip_summed = CHECKSUM_PARTIAL;
2155 skb_split(skb, buff, len);
2156 tcp_fragment_tstamp(skb, buff);
2157
2158 /* Fix up tso_factor for both original and new SKB. */
2159 tcp_set_skb_tso_segs(skb, mss_now);
2160 tcp_set_skb_tso_segs(buff, mss_now);
2161
2162 /* Link BUFF into the send queue. */
2163 __skb_header_release(buff);
2164 tcp_insert_write_queue_after(skb, buff, sk, TCP_FRAG_IN_WRITE_QUEUE);
2165
2166 return 0;
2167 }
2168
2169 /* Try to defer sending, if possible, in order to minimize the amount
2170 * of TSO splitting we do. View it as a kind of TSO Nagle test.
2171 *
2172 * This algorithm is from John Heffner.
2173 */
tcp_tso_should_defer(struct sock * sk,struct sk_buff * skb,bool * is_cwnd_limited,bool * is_rwnd_limited,u32 max_segs)2174 static bool tcp_tso_should_defer(struct sock *sk, struct sk_buff *skb,
2175 bool *is_cwnd_limited,
2176 bool *is_rwnd_limited,
2177 u32 max_segs)
2178 {
2179 const struct inet_connection_sock *icsk = inet_csk(sk);
2180 u32 send_win, cong_win, limit, in_flight;
2181 struct tcp_sock *tp = tcp_sk(sk);
2182 struct sk_buff *head;
2183 int win_divisor;
2184 s64 delta;
2185
2186 if (icsk->icsk_ca_state >= TCP_CA_Recovery)
2187 goto send_now;
2188
2189 /* Avoid bursty behavior by allowing defer
2190 * only if the last write was recent (1 ms).
2191 * Note that tp->tcp_wstamp_ns can be in the future if we have
2192 * packets waiting in a qdisc or device for EDT delivery.
2193 */
2194 delta = tp->tcp_clock_cache - tp->tcp_wstamp_ns - NSEC_PER_MSEC;
2195 if (delta > 0)
2196 goto send_now;
2197
2198 in_flight = tcp_packets_in_flight(tp);
2199
2200 BUG_ON(tcp_skb_pcount(skb) <= 1);
2201 BUG_ON(tp->snd_cwnd <= in_flight);
2202
2203 send_win = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
2204
2205 /* From in_flight test above, we know that cwnd > in_flight. */
2206 cong_win = (tp->snd_cwnd - in_flight) * tp->mss_cache;
2207
2208 limit = min(send_win, cong_win);
2209
2210 /* If a full-sized TSO skb can be sent, do it. */
2211 if (limit >= max_segs * tp->mss_cache)
2212 goto send_now;
2213
2214 /* Middle in queue won't get any more data, full sendable already? */
2215 if ((skb != tcp_write_queue_tail(sk)) && (limit >= skb->len))
2216 goto send_now;
2217
2218 win_divisor = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_tso_win_divisor);
2219 if (win_divisor) {
2220 u32 chunk = min(tp->snd_wnd, tp->snd_cwnd * tp->mss_cache);
2221
2222 /* If at least some fraction of a window is available,
2223 * just use it.
2224 */
2225 chunk /= win_divisor;
2226 if (limit >= chunk)
2227 goto send_now;
2228 } else {
2229 /* Different approach, try not to defer past a single
2230 * ACK. Receiver should ACK every other full sized
2231 * frame, so if we have space for more than 3 frames
2232 * then send now.
2233 */
2234 if (limit > tcp_max_tso_deferred_mss(tp) * tp->mss_cache)
2235 goto send_now;
2236 }
2237
2238 /* TODO : use tsorted_sent_queue ? */
2239 head = tcp_rtx_queue_head(sk);
2240 if (!head)
2241 goto send_now;
2242 delta = tp->tcp_clock_cache - head->tstamp;
2243 /* If next ACK is likely to come too late (half srtt), do not defer */
2244 if ((s64)(delta - (u64)NSEC_PER_USEC * (tp->srtt_us >> 4)) < 0)
2245 goto send_now;
2246
2247 /* Ok, it looks like it is advisable to defer.
2248 * Three cases are tracked :
2249 * 1) We are cwnd-limited
2250 * 2) We are rwnd-limited
2251 * 3) We are application limited.
2252 */
2253 if (cong_win < send_win) {
2254 if (cong_win <= skb->len) {
2255 *is_cwnd_limited = true;
2256 return true;
2257 }
2258 } else {
2259 if (send_win <= skb->len) {
2260 *is_rwnd_limited = true;
2261 return true;
2262 }
2263 }
2264
2265 /* If this packet won't get more data, do not wait. */
2266 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) ||
2267 TCP_SKB_CB(skb)->eor)
2268 goto send_now;
2269
2270 return true;
2271
2272 send_now:
2273 return false;
2274 }
2275
tcp_mtu_check_reprobe(struct sock * sk)2276 static inline void tcp_mtu_check_reprobe(struct sock *sk)
2277 {
2278 struct inet_connection_sock *icsk = inet_csk(sk);
2279 struct tcp_sock *tp = tcp_sk(sk);
2280 struct net *net = sock_net(sk);
2281 u32 interval;
2282 s32 delta;
2283
2284 interval = READ_ONCE(net->ipv4.sysctl_tcp_probe_interval);
2285 delta = tcp_jiffies32 - icsk->icsk_mtup.probe_timestamp;
2286 if (unlikely(delta >= interval * HZ)) {
2287 int mss = tcp_current_mss(sk);
2288
2289 /* Update current search range */
2290 icsk->icsk_mtup.probe_size = 0;
2291 icsk->icsk_mtup.search_high = tp->rx_opt.mss_clamp +
2292 sizeof(struct tcphdr) +
2293 icsk->icsk_af_ops->net_header_len;
2294 icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss);
2295
2296 /* Update probe time stamp */
2297 icsk->icsk_mtup.probe_timestamp = tcp_jiffies32;
2298 }
2299 }
2300
tcp_can_coalesce_send_queue_head(struct sock * sk,int len)2301 static bool tcp_can_coalesce_send_queue_head(struct sock *sk, int len)
2302 {
2303 struct sk_buff *skb, *next;
2304
2305 skb = tcp_send_head(sk);
2306 tcp_for_write_queue_from_safe(skb, next, sk) {
2307 if (len <= skb->len)
2308 break;
2309
2310 if (unlikely(TCP_SKB_CB(skb)->eor) || tcp_has_tx_tstamp(skb))
2311 return false;
2312
2313 len -= skb->len;
2314 }
2315
2316 return true;
2317 }
2318
2319 /* Create a new MTU probe if we are ready.
2320 * MTU probe is regularly attempting to increase the path MTU by
2321 * deliberately sending larger packets. This discovers routing
2322 * changes resulting in larger path MTUs.
2323 *
2324 * Returns 0 if we should wait to probe (no cwnd available),
2325 * 1 if a probe was sent,
2326 * -1 otherwise
2327 */
tcp_mtu_probe(struct sock * sk)2328 static int tcp_mtu_probe(struct sock *sk)
2329 {
2330 struct inet_connection_sock *icsk = inet_csk(sk);
2331 struct tcp_sock *tp = tcp_sk(sk);
2332 struct sk_buff *skb, *nskb, *next;
2333 struct net *net = sock_net(sk);
2334 int probe_size;
2335 int size_needed;
2336 int copy, len;
2337 int mss_now;
2338 int interval;
2339
2340 /* Not currently probing/verifying,
2341 * not in recovery,
2342 * have enough cwnd, and
2343 * not SACKing (the variable headers throw things off)
2344 */
2345 if (likely(!icsk->icsk_mtup.enabled ||
2346 icsk->icsk_mtup.probe_size ||
2347 inet_csk(sk)->icsk_ca_state != TCP_CA_Open ||
2348 tp->snd_cwnd < 11 ||
2349 tp->rx_opt.num_sacks || tp->rx_opt.dsack))
2350 return -1;
2351
2352 /* Use binary search for probe_size between tcp_mss_base,
2353 * and current mss_clamp. if (search_high - search_low)
2354 * smaller than a threshold, backoff from probing.
2355 */
2356 mss_now = tcp_current_mss(sk);
2357 probe_size = tcp_mtu_to_mss(sk, (icsk->icsk_mtup.search_high +
2358 icsk->icsk_mtup.search_low) >> 1);
2359 size_needed = probe_size + (tp->reordering + 1) * tp->mss_cache;
2360 interval = icsk->icsk_mtup.search_high - icsk->icsk_mtup.search_low;
2361 /* When misfortune happens, we are reprobing actively,
2362 * and then reprobe timer has expired. We stick with current
2363 * probing process by not resetting search range to its orignal.
2364 */
2365 if (probe_size > tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_high) ||
2366 interval < READ_ONCE(net->ipv4.sysctl_tcp_probe_threshold)) {
2367 /* Check whether enough time has elaplased for
2368 * another round of probing.
2369 */
2370 tcp_mtu_check_reprobe(sk);
2371 return -1;
2372 }
2373
2374 /* Have enough data in the send queue to probe? */
2375 if (tp->write_seq - tp->snd_nxt < size_needed)
2376 return -1;
2377
2378 if (tp->snd_wnd < size_needed)
2379 return -1;
2380 if (after(tp->snd_nxt + size_needed, tcp_wnd_end(tp)))
2381 return 0;
2382
2383 /* Do we need to wait to drain cwnd? With none in flight, don't stall */
2384 if (tcp_packets_in_flight(tp) + 2 > tp->snd_cwnd) {
2385 if (!tcp_packets_in_flight(tp))
2386 return -1;
2387 else
2388 return 0;
2389 }
2390
2391 if (!tcp_can_coalesce_send_queue_head(sk, probe_size))
2392 return -1;
2393
2394 /* We're allowed to probe. Build it now. */
2395 nskb = sk_stream_alloc_skb(sk, probe_size, GFP_ATOMIC, false);
2396 if (!nskb)
2397 return -1;
2398 sk_wmem_queued_add(sk, nskb->truesize);
2399 sk_mem_charge(sk, nskb->truesize);
2400
2401 skb = tcp_send_head(sk);
2402 skb_copy_decrypted(nskb, skb);
2403
2404 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq;
2405 TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size;
2406 TCP_SKB_CB(nskb)->tcp_flags = TCPHDR_ACK;
2407 TCP_SKB_CB(nskb)->sacked = 0;
2408 nskb->csum = 0;
2409 nskb->ip_summed = CHECKSUM_PARTIAL;
2410
2411 tcp_insert_write_queue_before(nskb, skb, sk);
2412 tcp_highest_sack_replace(sk, skb, nskb);
2413
2414 len = 0;
2415 tcp_for_write_queue_from_safe(skb, next, sk) {
2416 copy = min_t(int, skb->len, probe_size - len);
2417 skb_copy_bits(skb, 0, skb_put(nskb, copy), copy);
2418
2419 if (skb->len <= copy) {
2420 /* We've eaten all the data from this skb.
2421 * Throw it away. */
2422 TCP_SKB_CB(nskb)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags;
2423 /* If this is the last SKB we copy and eor is set
2424 * we need to propagate it to the new skb.
2425 */
2426 TCP_SKB_CB(nskb)->eor = TCP_SKB_CB(skb)->eor;
2427 tcp_skb_collapse_tstamp(nskb, skb);
2428 tcp_unlink_write_queue(skb, sk);
2429 sk_wmem_free_skb(sk, skb);
2430 } else {
2431 TCP_SKB_CB(nskb)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags &
2432 ~(TCPHDR_FIN|TCPHDR_PSH);
2433 if (!skb_shinfo(skb)->nr_frags) {
2434 skb_pull(skb, copy);
2435 } else {
2436 __pskb_trim_head(skb, copy);
2437 tcp_set_skb_tso_segs(skb, mss_now);
2438 }
2439 TCP_SKB_CB(skb)->seq += copy;
2440 }
2441
2442 len += copy;
2443
2444 if (len >= probe_size)
2445 break;
2446 }
2447 tcp_init_tso_segs(nskb, nskb->len);
2448
2449 /* We're ready to send. If this fails, the probe will
2450 * be resegmented into mss-sized pieces by tcp_write_xmit().
2451 */
2452 if (!tcp_transmit_skb(sk, nskb, 1, GFP_ATOMIC)) {
2453 /* Decrement cwnd here because we are sending
2454 * effectively two packets. */
2455 tp->snd_cwnd--;
2456 tcp_event_new_data_sent(sk, nskb);
2457
2458 icsk->icsk_mtup.probe_size = tcp_mss_to_mtu(sk, nskb->len);
2459 tp->mtu_probe.probe_seq_start = TCP_SKB_CB(nskb)->seq;
2460 tp->mtu_probe.probe_seq_end = TCP_SKB_CB(nskb)->end_seq;
2461
2462 return 1;
2463 }
2464
2465 return -1;
2466 }
2467
tcp_pacing_check(struct sock * sk)2468 static bool tcp_pacing_check(struct sock *sk)
2469 {
2470 struct tcp_sock *tp = tcp_sk(sk);
2471
2472 if (!tcp_needs_internal_pacing(sk))
2473 return false;
2474
2475 if (tp->tcp_wstamp_ns <= tp->tcp_clock_cache)
2476 return false;
2477
2478 if (!hrtimer_is_queued(&tp->pacing_timer)) {
2479 hrtimer_start(&tp->pacing_timer,
2480 ns_to_ktime(tp->tcp_wstamp_ns),
2481 HRTIMER_MODE_ABS_PINNED_SOFT);
2482 sock_hold(sk);
2483 }
2484 return true;
2485 }
2486
tcp_rtx_queue_empty_or_single_skb(const struct sock * sk)2487 static bool tcp_rtx_queue_empty_or_single_skb(const struct sock *sk)
2488 {
2489 const struct rb_node *node = sk->tcp_rtx_queue.rb_node;
2490
2491 /* No skb in the rtx queue. */
2492 if (!node)
2493 return true;
2494
2495 /* Only one skb in rtx queue. */
2496 return !node->rb_left && !node->rb_right;
2497 }
2498
2499 /* TCP Small Queues :
2500 * Control number of packets in qdisc/devices to two packets / or ~1 ms.
2501 * (These limits are doubled for retransmits)
2502 * This allows for :
2503 * - better RTT estimation and ACK scheduling
2504 * - faster recovery
2505 * - high rates
2506 * Alas, some drivers / subsystems require a fair amount
2507 * of queued bytes to ensure line rate.
2508 * One example is wifi aggregation (802.11 AMPDU)
2509 */
tcp_small_queue_check(struct sock * sk,const struct sk_buff * skb,unsigned int factor)2510 static bool tcp_small_queue_check(struct sock *sk, const struct sk_buff *skb,
2511 unsigned int factor)
2512 {
2513 unsigned long limit;
2514
2515 limit = max_t(unsigned long,
2516 2 * skb->truesize,
2517 sk->sk_pacing_rate >> READ_ONCE(sk->sk_pacing_shift));
2518 if (sk->sk_pacing_status == SK_PACING_NONE)
2519 limit = min_t(unsigned long, limit,
2520 READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_limit_output_bytes));
2521 limit <<= factor;
2522
2523 if (static_branch_unlikely(&tcp_tx_delay_enabled) &&
2524 tcp_sk(sk)->tcp_tx_delay) {
2525 u64 extra_bytes = (u64)sk->sk_pacing_rate * tcp_sk(sk)->tcp_tx_delay;
2526
2527 /* TSQ is based on skb truesize sum (sk_wmem_alloc), so we
2528 * approximate our needs assuming an ~100% skb->truesize overhead.
2529 * USEC_PER_SEC is approximated by 2^20.
2530 * do_div(extra_bytes, USEC_PER_SEC/2) is replaced by a right shift.
2531 */
2532 extra_bytes >>= (20 - 1);
2533 limit += extra_bytes;
2534 }
2535 if (refcount_read(&sk->sk_wmem_alloc) > limit) {
2536 /* Always send skb if rtx queue is empty or has one skb.
2537 * No need to wait for TX completion to call us back,
2538 * after softirq/tasklet schedule.
2539 * This helps when TX completions are delayed too much.
2540 */
2541 if (tcp_rtx_queue_empty_or_single_skb(sk))
2542 return false;
2543
2544 set_bit(TSQ_THROTTLED, &sk->sk_tsq_flags);
2545 /* It is possible TX completion already happened
2546 * before we set TSQ_THROTTLED, so we must
2547 * test again the condition.
2548 */
2549 smp_mb__after_atomic();
2550 if (refcount_read(&sk->sk_wmem_alloc) > limit)
2551 return true;
2552 }
2553 return false;
2554 }
2555
tcp_chrono_set(struct tcp_sock * tp,const enum tcp_chrono new)2556 static void tcp_chrono_set(struct tcp_sock *tp, const enum tcp_chrono new)
2557 {
2558 const u32 now = tcp_jiffies32;
2559 enum tcp_chrono old = tp->chrono_type;
2560
2561 if (old > TCP_CHRONO_UNSPEC)
2562 tp->chrono_stat[old - 1] += now - tp->chrono_start;
2563 tp->chrono_start = now;
2564 tp->chrono_type = new;
2565 }
2566
tcp_chrono_start(struct sock * sk,const enum tcp_chrono type)2567 void tcp_chrono_start(struct sock *sk, const enum tcp_chrono type)
2568 {
2569 struct tcp_sock *tp = tcp_sk(sk);
2570
2571 /* If there are multiple conditions worthy of tracking in a
2572 * chronograph then the highest priority enum takes precedence
2573 * over the other conditions. So that if something "more interesting"
2574 * starts happening, stop the previous chrono and start a new one.
2575 */
2576 if (type > tp->chrono_type)
2577 tcp_chrono_set(tp, type);
2578 }
2579
tcp_chrono_stop(struct sock * sk,const enum tcp_chrono type)2580 void tcp_chrono_stop(struct sock *sk, const enum tcp_chrono type)
2581 {
2582 struct tcp_sock *tp = tcp_sk(sk);
2583
2584
2585 /* There are multiple conditions worthy of tracking in a
2586 * chronograph, so that the highest priority enum takes
2587 * precedence over the other conditions (see tcp_chrono_start).
2588 * If a condition stops, we only stop chrono tracking if
2589 * it's the "most interesting" or current chrono we are
2590 * tracking and starts busy chrono if we have pending data.
2591 */
2592 if (tcp_rtx_and_write_queues_empty(sk))
2593 tcp_chrono_set(tp, TCP_CHRONO_UNSPEC);
2594 else if (type == tp->chrono_type)
2595 tcp_chrono_set(tp, TCP_CHRONO_BUSY);
2596 }
2597
2598 /* This routine writes packets to the network. It advances the
2599 * send_head. This happens as incoming acks open up the remote
2600 * window for us.
2601 *
2602 * LARGESEND note: !tcp_urg_mode is overkill, only frames between
2603 * snd_up-64k-mss .. snd_up cannot be large. However, taking into
2604 * account rare use of URG, this is not a big flaw.
2605 *
2606 * Send at most one packet when push_one > 0. Temporarily ignore
2607 * cwnd limit to force at most one packet out when push_one == 2.
2608
2609 * Returns true, if no segments are in flight and we have queued segments,
2610 * but cannot send anything now because of SWS or another problem.
2611 */
tcp_write_xmit(struct sock * sk,unsigned int mss_now,int nonagle,int push_one,gfp_t gfp)2612 static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
2613 int push_one, gfp_t gfp)
2614 {
2615 struct tcp_sock *tp = tcp_sk(sk);
2616 struct sk_buff *skb;
2617 unsigned int tso_segs, sent_pkts;
2618 int cwnd_quota;
2619 int result;
2620 bool is_cwnd_limited = false, is_rwnd_limited = false;
2621 u32 max_segs;
2622
2623 sent_pkts = 0;
2624
2625 tcp_mstamp_refresh(tp);
2626 if (!push_one) {
2627 /* Do MTU probing. */
2628 result = tcp_mtu_probe(sk);
2629 if (!result) {
2630 return false;
2631 } else if (result > 0) {
2632 sent_pkts = 1;
2633 }
2634 }
2635
2636 max_segs = tcp_tso_segs(sk, mss_now);
2637 while ((skb = tcp_send_head(sk))) {
2638 unsigned int limit;
2639
2640 if (unlikely(tp->repair) && tp->repair_queue == TCP_SEND_QUEUE) {
2641 /* "skb_mstamp_ns" is used as a start point for the retransmit timer */
2642 skb->skb_mstamp_ns = tp->tcp_wstamp_ns = tp->tcp_clock_cache;
2643 list_move_tail(&skb->tcp_tsorted_anchor, &tp->tsorted_sent_queue);
2644 tcp_init_tso_segs(skb, mss_now);
2645 goto repair; /* Skip network transmission */
2646 }
2647
2648 if (tcp_pacing_check(sk))
2649 break;
2650
2651 tso_segs = tcp_init_tso_segs(skb, mss_now);
2652 BUG_ON(!tso_segs);
2653
2654 cwnd_quota = tcp_cwnd_test(tp, skb);
2655 if (!cwnd_quota) {
2656 if (push_one == 2)
2657 /* Force out a loss probe pkt. */
2658 cwnd_quota = 1;
2659 else
2660 break;
2661 }
2662
2663 if (unlikely(!tcp_snd_wnd_test(tp, skb, mss_now))) {
2664 is_rwnd_limited = true;
2665 break;
2666 }
2667
2668 if (tso_segs == 1) {
2669 if (unlikely(!tcp_nagle_test(tp, skb, mss_now,
2670 (tcp_skb_is_last(sk, skb) ?
2671 nonagle : TCP_NAGLE_PUSH))))
2672 break;
2673 } else {
2674 if (!push_one &&
2675 tcp_tso_should_defer(sk, skb, &is_cwnd_limited,
2676 &is_rwnd_limited, max_segs))
2677 break;
2678 }
2679
2680 limit = mss_now;
2681 if (tso_segs > 1 && !tcp_urg_mode(tp))
2682 limit = tcp_mss_split_point(sk, skb, mss_now,
2683 min_t(unsigned int,
2684 cwnd_quota,
2685 max_segs),
2686 nonagle);
2687
2688 if (skb->len > limit &&
2689 unlikely(tso_fragment(sk, skb, limit, mss_now, gfp)))
2690 break;
2691
2692 if (tcp_small_queue_check(sk, skb, 0))
2693 break;
2694
2695 /* Argh, we hit an empty skb(), presumably a thread
2696 * is sleeping in sendmsg()/sk_stream_wait_memory().
2697 * We do not want to send a pure-ack packet and have
2698 * a strange looking rtx queue with empty packet(s).
2699 */
2700 if (TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq)
2701 break;
2702
2703 if (unlikely(tcp_transmit_skb(sk, skb, 1, gfp)))
2704 break;
2705
2706 repair:
2707 /* Advance the send_head. This one is sent out.
2708 * This call will increment packets_out.
2709 */
2710 tcp_event_new_data_sent(sk, skb);
2711
2712 tcp_minshall_update(tp, mss_now, skb);
2713 sent_pkts += tcp_skb_pcount(skb);
2714
2715 if (push_one)
2716 break;
2717 }
2718
2719 if (is_rwnd_limited)
2720 tcp_chrono_start(sk, TCP_CHRONO_RWND_LIMITED);
2721 else
2722 tcp_chrono_stop(sk, TCP_CHRONO_RWND_LIMITED);
2723
2724 is_cwnd_limited |= (tcp_packets_in_flight(tp) >= tp->snd_cwnd);
2725 if (likely(sent_pkts || is_cwnd_limited))
2726 tcp_cwnd_validate(sk, is_cwnd_limited);
2727
2728 if (likely(sent_pkts)) {
2729 if (tcp_in_cwnd_reduction(sk))
2730 tp->prr_out += sent_pkts;
2731
2732 /* Send one loss probe per tail loss episode. */
2733 if (push_one != 2)
2734 tcp_schedule_loss_probe(sk, false);
2735 return false;
2736 }
2737 return !tp->packets_out && !tcp_write_queue_empty(sk);
2738 }
2739
tcp_schedule_loss_probe(struct sock * sk,bool advancing_rto)2740 bool tcp_schedule_loss_probe(struct sock *sk, bool advancing_rto)
2741 {
2742 struct inet_connection_sock *icsk = inet_csk(sk);
2743 struct tcp_sock *tp = tcp_sk(sk);
2744 u32 timeout, timeout_us, rto_delta_us;
2745 int early_retrans;
2746
2747 /* Don't do any loss probe on a Fast Open connection before 3WHS
2748 * finishes.
2749 */
2750 if (rcu_access_pointer(tp->fastopen_rsk))
2751 return false;
2752
2753 early_retrans = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_early_retrans);
2754 /* Schedule a loss probe in 2*RTT for SACK capable connections
2755 * not in loss recovery, that are either limited by cwnd or application.
2756 */
2757 if ((early_retrans != 3 && early_retrans != 4) ||
2758 !tp->packets_out || !tcp_is_sack(tp) ||
2759 (icsk->icsk_ca_state != TCP_CA_Open &&
2760 icsk->icsk_ca_state != TCP_CA_CWR))
2761 return false;
2762
2763 /* Probe timeout is 2*rtt. Add minimum RTO to account
2764 * for delayed ack when there's one outstanding packet. If no RTT
2765 * sample is available then probe after TCP_TIMEOUT_INIT.
2766 */
2767 if (tp->srtt_us) {
2768 timeout_us = tp->srtt_us >> 2;
2769 if (tp->packets_out == 1)
2770 timeout_us += tcp_rto_min_us(sk);
2771 else
2772 timeout_us += TCP_TIMEOUT_MIN_US;
2773 timeout = usecs_to_jiffies(timeout_us);
2774 } else {
2775 timeout = TCP_TIMEOUT_INIT;
2776 }
2777
2778 /* If the RTO formula yields an earlier time, then use that time. */
2779 rto_delta_us = advancing_rto ?
2780 jiffies_to_usecs(inet_csk(sk)->icsk_rto) :
2781 tcp_rto_delta_us(sk); /* How far in future is RTO? */
2782 if (rto_delta_us > 0)
2783 timeout = min_t(u32, timeout, usecs_to_jiffies(rto_delta_us));
2784
2785 tcp_reset_xmit_timer(sk, ICSK_TIME_LOSS_PROBE, timeout, TCP_RTO_MAX);
2786 return true;
2787 }
2788
2789 /* Thanks to skb fast clones, we can detect if a prior transmit of
2790 * a packet is still in a qdisc or driver queue.
2791 * In this case, there is very little point doing a retransmit !
2792 */
skb_still_in_host_queue(const struct sock * sk,const struct sk_buff * skb)2793 static bool skb_still_in_host_queue(const struct sock *sk,
2794 const struct sk_buff *skb)
2795 {
2796 if (unlikely(skb_fclone_busy(sk, skb))) {
2797 NET_INC_STATS(sock_net(sk),
2798 LINUX_MIB_TCPSPURIOUS_RTX_HOSTQUEUES);
2799 return true;
2800 }
2801 return false;
2802 }
2803
2804 /* When probe timeout (PTO) fires, try send a new segment if possible, else
2805 * retransmit the last segment.
2806 */
tcp_send_loss_probe(struct sock * sk)2807 void tcp_send_loss_probe(struct sock *sk)
2808 {
2809 struct tcp_sock *tp = tcp_sk(sk);
2810 struct sk_buff *skb;
2811 int pcount;
2812 int mss = tcp_current_mss(sk);
2813
2814 /* At most one outstanding TLP */
2815 if (tp->tlp_high_seq)
2816 goto rearm_timer;
2817
2818 tp->tlp_retrans = 0;
2819 skb = tcp_send_head(sk);
2820 if (skb && tcp_snd_wnd_test(tp, skb, mss)) {
2821 pcount = tp->packets_out;
2822 tcp_write_xmit(sk, mss, TCP_NAGLE_OFF, 2, GFP_ATOMIC);
2823 if (tp->packets_out > pcount)
2824 goto probe_sent;
2825 goto rearm_timer;
2826 }
2827 skb = skb_rb_last(&sk->tcp_rtx_queue);
2828 if (unlikely(!skb)) {
2829 WARN_ONCE(tp->packets_out,
2830 "invalid inflight: %u state %u cwnd %u mss %d\n",
2831 tp->packets_out, sk->sk_state, tp->snd_cwnd, mss);
2832 inet_csk(sk)->icsk_pending = 0;
2833 return;
2834 }
2835
2836 if (skb_still_in_host_queue(sk, skb))
2837 goto rearm_timer;
2838
2839 pcount = tcp_skb_pcount(skb);
2840 if (WARN_ON(!pcount))
2841 goto rearm_timer;
2842
2843 if ((pcount > 1) && (skb->len > (pcount - 1) * mss)) {
2844 if (unlikely(tcp_fragment(sk, TCP_FRAG_IN_RTX_QUEUE, skb,
2845 (pcount - 1) * mss, mss,
2846 GFP_ATOMIC)))
2847 goto rearm_timer;
2848 skb = skb_rb_next(skb);
2849 }
2850
2851 if (WARN_ON(!skb || !tcp_skb_pcount(skb)))
2852 goto rearm_timer;
2853
2854 if (__tcp_retransmit_skb(sk, skb, 1))
2855 goto rearm_timer;
2856
2857 tp->tlp_retrans = 1;
2858
2859 probe_sent:
2860 /* Record snd_nxt for loss detection. */
2861 tp->tlp_high_seq = tp->snd_nxt;
2862
2863 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPLOSSPROBES);
2864 /* Reset s.t. tcp_rearm_rto will restart timer from now */
2865 inet_csk(sk)->icsk_pending = 0;
2866 rearm_timer:
2867 tcp_rearm_rto(sk);
2868 }
2869
2870 /* Push out any pending frames which were held back due to
2871 * TCP_CORK or attempt at coalescing tiny packets.
2872 * The socket must be locked by the caller.
2873 */
__tcp_push_pending_frames(struct sock * sk,unsigned int cur_mss,int nonagle)2874 void __tcp_push_pending_frames(struct sock *sk, unsigned int cur_mss,
2875 int nonagle)
2876 {
2877 /* If we are closed, the bytes will have to remain here.
2878 * In time closedown will finish, we empty the write queue and
2879 * all will be happy.
2880 */
2881 if (unlikely(sk->sk_state == TCP_CLOSE))
2882 return;
2883
2884 if (tcp_write_xmit(sk, cur_mss, nonagle, 0,
2885 sk_gfp_mask(sk, GFP_ATOMIC)))
2886 tcp_check_probe_timer(sk);
2887 }
2888
2889 /* Send _single_ skb sitting at the send head. This function requires
2890 * true push pending frames to setup probe timer etc.
2891 */
tcp_push_one(struct sock * sk,unsigned int mss_now)2892 void tcp_push_one(struct sock *sk, unsigned int mss_now)
2893 {
2894 struct sk_buff *skb = tcp_send_head(sk);
2895
2896 BUG_ON(!skb || skb->len < mss_now);
2897
2898 tcp_write_xmit(sk, mss_now, TCP_NAGLE_PUSH, 1, sk->sk_allocation);
2899 }
2900
2901 /* This function returns the amount that we can raise the
2902 * usable window based on the following constraints
2903 *
2904 * 1. The window can never be shrunk once it is offered (RFC 793)
2905 * 2. We limit memory per socket
2906 *
2907 * RFC 1122:
2908 * "the suggested [SWS] avoidance algorithm for the receiver is to keep
2909 * RECV.NEXT + RCV.WIN fixed until:
2910 * RCV.BUFF - RCV.USER - RCV.WINDOW >= min(1/2 RCV.BUFF, MSS)"
2911 *
2912 * i.e. don't raise the right edge of the window until you can raise
2913 * it at least MSS bytes.
2914 *
2915 * Unfortunately, the recommended algorithm breaks header prediction,
2916 * since header prediction assumes th->window stays fixed.
2917 *
2918 * Strictly speaking, keeping th->window fixed violates the receiver
2919 * side SWS prevention criteria. The problem is that under this rule
2920 * a stream of single byte packets will cause the right side of the
2921 * window to always advance by a single byte.
2922 *
2923 * Of course, if the sender implements sender side SWS prevention
2924 * then this will not be a problem.
2925 *
2926 * BSD seems to make the following compromise:
2927 *
2928 * If the free space is less than the 1/4 of the maximum
2929 * space available and the free space is less than 1/2 mss,
2930 * then set the window to 0.
2931 * [ Actually, bsd uses MSS and 1/4 of maximal _window_ ]
2932 * Otherwise, just prevent the window from shrinking
2933 * and from being larger than the largest representable value.
2934 *
2935 * This prevents incremental opening of the window in the regime
2936 * where TCP is limited by the speed of the reader side taking
2937 * data out of the TCP receive queue. It does nothing about
2938 * those cases where the window is constrained on the sender side
2939 * because the pipeline is full.
2940 *
2941 * BSD also seems to "accidentally" limit itself to windows that are a
2942 * multiple of MSS, at least until the free space gets quite small.
2943 * This would appear to be a side effect of the mbuf implementation.
2944 * Combining these two algorithms results in the observed behavior
2945 * of having a fixed window size at almost all times.
2946 *
2947 * Below we obtain similar behavior by forcing the offered window to
2948 * a multiple of the mss when it is feasible to do so.
2949 *
2950 * Note, we don't "adjust" for TIMESTAMP or SACK option bytes.
2951 * Regular options like TIMESTAMP are taken into account.
2952 */
__tcp_select_window(struct sock * sk)2953 u32 __tcp_select_window(struct sock *sk)
2954 {
2955 struct inet_connection_sock *icsk = inet_csk(sk);
2956 struct tcp_sock *tp = tcp_sk(sk);
2957 /* MSS for the peer's data. Previous versions used mss_clamp
2958 * here. I don't know if the value based on our guesses
2959 * of peer's MSS is better for the performance. It's more correct
2960 * but may be worse for the performance because of rcv_mss
2961 * fluctuations. --SAW 1998/11/1
2962 */
2963 int mss = icsk->icsk_ack.rcv_mss;
2964 int free_space = tcp_space(sk);
2965 int allowed_space = tcp_full_space(sk);
2966 int full_space, window;
2967
2968 if (sk_is_mptcp(sk))
2969 mptcp_space(sk, &free_space, &allowed_space);
2970
2971 full_space = min_t(int, tp->window_clamp, allowed_space);
2972
2973 if (unlikely(mss > full_space)) {
2974 mss = full_space;
2975 if (mss <= 0)
2976 return 0;
2977 }
2978 if (free_space < (full_space >> 1)) {
2979 icsk->icsk_ack.quick = 0;
2980
2981 if (tcp_under_memory_pressure(sk))
2982 tp->rcv_ssthresh = min(tp->rcv_ssthresh,
2983 4U * tp->advmss);
2984
2985 /* free_space might become our new window, make sure we don't
2986 * increase it due to wscale.
2987 */
2988 free_space = round_down(free_space, 1 << tp->rx_opt.rcv_wscale);
2989
2990 /* if free space is less than mss estimate, or is below 1/16th
2991 * of the maximum allowed, try to move to zero-window, else
2992 * tcp_clamp_window() will grow rcv buf up to tcp_rmem[2], and
2993 * new incoming data is dropped due to memory limits.
2994 * With large window, mss test triggers way too late in order
2995 * to announce zero window in time before rmem limit kicks in.
2996 */
2997 if (free_space < (allowed_space >> 4) || free_space < mss)
2998 return 0;
2999 }
3000
3001 if (free_space > tp->rcv_ssthresh)
3002 free_space = tp->rcv_ssthresh;
3003
3004 /* Don't do rounding if we are using window scaling, since the
3005 * scaled window will not line up with the MSS boundary anyway.
3006 */
3007 if (tp->rx_opt.rcv_wscale) {
3008 window = free_space;
3009
3010 /* Advertise enough space so that it won't get scaled away.
3011 * Import case: prevent zero window announcement if
3012 * 1<<rcv_wscale > mss.
3013 */
3014 window = ALIGN(window, (1 << tp->rx_opt.rcv_wscale));
3015 } else {
3016 window = tp->rcv_wnd;
3017 /* Get the largest window that is a nice multiple of mss.
3018 * Window clamp already applied above.
3019 * If our current window offering is within 1 mss of the
3020 * free space we just keep it. This prevents the divide
3021 * and multiply from happening most of the time.
3022 * We also don't do any window rounding when the free space
3023 * is too small.
3024 */
3025 if (window <= free_space - mss || window > free_space)
3026 window = rounddown(free_space, mss);
3027 else if (mss == full_space &&
3028 free_space > window + (full_space >> 1))
3029 window = free_space;
3030 }
3031
3032 return window;
3033 }
3034
tcp_skb_collapse_tstamp(struct sk_buff * skb,const struct sk_buff * next_skb)3035 void tcp_skb_collapse_tstamp(struct sk_buff *skb,
3036 const struct sk_buff *next_skb)
3037 {
3038 if (unlikely(tcp_has_tx_tstamp(next_skb))) {
3039 const struct skb_shared_info *next_shinfo =
3040 skb_shinfo(next_skb);
3041 struct skb_shared_info *shinfo = skb_shinfo(skb);
3042
3043 shinfo->tx_flags |= next_shinfo->tx_flags & SKBTX_ANY_TSTAMP;
3044 shinfo->tskey = next_shinfo->tskey;
3045 TCP_SKB_CB(skb)->txstamp_ack |=
3046 TCP_SKB_CB(next_skb)->txstamp_ack;
3047 }
3048 }
3049
3050 /* Collapses two adjacent SKB's during retransmission. */
tcp_collapse_retrans(struct sock * sk,struct sk_buff * skb)3051 static bool tcp_collapse_retrans(struct sock *sk, struct sk_buff *skb)
3052 {
3053 struct tcp_sock *tp = tcp_sk(sk);
3054 struct sk_buff *next_skb = skb_rb_next(skb);
3055 int next_skb_size;
3056
3057 next_skb_size = next_skb->len;
3058
3059 BUG_ON(tcp_skb_pcount(skb) != 1 || tcp_skb_pcount(next_skb) != 1);
3060
3061 if (next_skb_size) {
3062 if (next_skb_size <= skb_availroom(skb))
3063 skb_copy_bits(next_skb, 0, skb_put(skb, next_skb_size),
3064 next_skb_size);
3065 else if (!tcp_skb_shift(skb, next_skb, 1, next_skb_size))
3066 return false;
3067 }
3068 tcp_highest_sack_replace(sk, next_skb, skb);
3069
3070 /* Update sequence range on original skb. */
3071 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(next_skb)->end_seq;
3072
3073 /* Merge over control information. This moves PSH/FIN etc. over */
3074 TCP_SKB_CB(skb)->tcp_flags |= TCP_SKB_CB(next_skb)->tcp_flags;
3075
3076 /* All done, get rid of second SKB and account for it so
3077 * packet counting does not break.
3078 */
3079 TCP_SKB_CB(skb)->sacked |= TCP_SKB_CB(next_skb)->sacked & TCPCB_EVER_RETRANS;
3080 TCP_SKB_CB(skb)->eor = TCP_SKB_CB(next_skb)->eor;
3081
3082 /* changed transmit queue under us so clear hints */
3083 tcp_clear_retrans_hints_partial(tp);
3084 if (next_skb == tp->retransmit_skb_hint)
3085 tp->retransmit_skb_hint = skb;
3086
3087 tcp_adjust_pcount(sk, next_skb, tcp_skb_pcount(next_skb));
3088
3089 tcp_skb_collapse_tstamp(skb, next_skb);
3090
3091 tcp_rtx_queue_unlink_and_free(next_skb, sk);
3092 return true;
3093 }
3094
3095 /* Check if coalescing SKBs is legal. */
tcp_can_collapse(const struct sock * sk,const struct sk_buff * skb)3096 static bool tcp_can_collapse(const struct sock *sk, const struct sk_buff *skb)
3097 {
3098 if (tcp_skb_pcount(skb) > 1)
3099 return false;
3100 if (skb_cloned(skb))
3101 return false;
3102 /* Some heuristics for collapsing over SACK'd could be invented */
3103 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)
3104 return false;
3105
3106 return true;
3107 }
3108
3109 /* Collapse packets in the retransmit queue to make to create
3110 * less packets on the wire. This is only done on retransmission.
3111 */
tcp_retrans_try_collapse(struct sock * sk,struct sk_buff * to,int space)3112 static void tcp_retrans_try_collapse(struct sock *sk, struct sk_buff *to,
3113 int space)
3114 {
3115 struct tcp_sock *tp = tcp_sk(sk);
3116 struct sk_buff *skb = to, *tmp;
3117 bool first = true;
3118
3119 if (!READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_retrans_collapse))
3120 return;
3121 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)
3122 return;
3123
3124 skb_rbtree_walk_from_safe(skb, tmp) {
3125 if (!tcp_can_collapse(sk, skb))
3126 break;
3127
3128 if (!tcp_skb_can_collapse(to, skb))
3129 break;
3130
3131 space -= skb->len;
3132
3133 if (first) {
3134 first = false;
3135 continue;
3136 }
3137
3138 if (space < 0)
3139 break;
3140
3141 if (after(TCP_SKB_CB(skb)->end_seq, tcp_wnd_end(tp)))
3142 break;
3143
3144 if (!tcp_collapse_retrans(sk, to))
3145 break;
3146 }
3147 }
3148
3149 /* This retransmits one SKB. Policy decisions and retransmit queue
3150 * state updates are done by the caller. Returns non-zero if an
3151 * error occurred which prevented the send.
3152 */
__tcp_retransmit_skb(struct sock * sk,struct sk_buff * skb,int segs)3153 int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs)
3154 {
3155 struct inet_connection_sock *icsk = inet_csk(sk);
3156 struct tcp_sock *tp = tcp_sk(sk);
3157 unsigned int cur_mss;
3158 int diff, len, err;
3159 int avail_wnd;
3160
3161 /* Inconclusive MTU probe */
3162 if (icsk->icsk_mtup.probe_size)
3163 icsk->icsk_mtup.probe_size = 0;
3164
3165 /* Do not sent more than we queued. 1/4 is reserved for possible
3166 * copying overhead: fragmentation, tunneling, mangling etc.
3167 */
3168 if (refcount_read(&sk->sk_wmem_alloc) >
3169 min_t(u32, sk->sk_wmem_queued + (sk->sk_wmem_queued >> 2),
3170 sk->sk_sndbuf))
3171 return -EAGAIN;
3172
3173 if (skb_still_in_host_queue(sk, skb))
3174 return -EBUSY;
3175
3176 start:
3177 if (before(TCP_SKB_CB(skb)->seq, tp->snd_una)) {
3178 if (unlikely(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)) {
3179 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_SYN;
3180 TCP_SKB_CB(skb)->seq++;
3181 goto start;
3182 }
3183 if (unlikely(before(TCP_SKB_CB(skb)->end_seq, tp->snd_una))) {
3184 WARN_ON_ONCE(1);
3185 return -EINVAL;
3186 }
3187 if (tcp_trim_head(sk, skb, tp->snd_una - TCP_SKB_CB(skb)->seq))
3188 return -ENOMEM;
3189 }
3190
3191 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk))
3192 return -EHOSTUNREACH; /* Routing failure or similar. */
3193
3194 cur_mss = tcp_current_mss(sk);
3195 avail_wnd = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
3196
3197 /* If receiver has shrunk his window, and skb is out of
3198 * new window, do not retransmit it. The exception is the
3199 * case, when window is shrunk to zero. In this case
3200 * our retransmit of one segment serves as a zero window probe.
3201 */
3202 if (avail_wnd <= 0) {
3203 if (TCP_SKB_CB(skb)->seq != tp->snd_una)
3204 return -EAGAIN;
3205 avail_wnd = cur_mss;
3206 }
3207
3208 len = cur_mss * segs;
3209 if (len > avail_wnd) {
3210 len = rounddown(avail_wnd, cur_mss);
3211 if (!len)
3212 len = avail_wnd;
3213 }
3214 if (skb->len > len) {
3215 if (tcp_fragment(sk, TCP_FRAG_IN_RTX_QUEUE, skb, len,
3216 cur_mss, GFP_ATOMIC))
3217 return -ENOMEM; /* We'll try again later. */
3218 } else {
3219 if (skb_unclone(skb, GFP_ATOMIC))
3220 return -ENOMEM;
3221
3222 diff = tcp_skb_pcount(skb);
3223 tcp_set_skb_tso_segs(skb, cur_mss);
3224 diff -= tcp_skb_pcount(skb);
3225 if (diff)
3226 tcp_adjust_pcount(sk, skb, diff);
3227 avail_wnd = min_t(int, avail_wnd, cur_mss);
3228 if (skb->len < avail_wnd)
3229 tcp_retrans_try_collapse(sk, skb, avail_wnd);
3230 }
3231
3232 /* RFC3168, section 6.1.1.1. ECN fallback */
3233 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN_ECN) == TCPHDR_SYN_ECN)
3234 tcp_ecn_clear_syn(sk, skb);
3235
3236 /* Update global and local TCP statistics. */
3237 segs = tcp_skb_pcount(skb);
3238 TCP_ADD_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS, segs);
3239 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)
3240 __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNRETRANS);
3241 tp->total_retrans += segs;
3242 tp->bytes_retrans += skb->len;
3243
3244 /* make sure skb->data is aligned on arches that require it
3245 * and check if ack-trimming & collapsing extended the headroom
3246 * beyond what csum_start can cover.
3247 */
3248 if (unlikely((NET_IP_ALIGN && ((unsigned long)skb->data & 3)) ||
3249 skb_headroom(skb) >= 0xFFFF)) {
3250 struct sk_buff *nskb;
3251
3252 tcp_skb_tsorted_save(skb) {
3253 nskb = __pskb_copy(skb, MAX_TCP_HEADER, GFP_ATOMIC);
3254 if (nskb) {
3255 nskb->dev = NULL;
3256 err = tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC);
3257 } else {
3258 err = -ENOBUFS;
3259 }
3260 } tcp_skb_tsorted_restore(skb);
3261
3262 if (!err) {
3263 tcp_update_skb_after_send(sk, skb, tp->tcp_wstamp_ns);
3264 tcp_rate_skb_sent(sk, skb);
3265 }
3266 } else {
3267 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
3268 }
3269
3270 /* To avoid taking spuriously low RTT samples based on a timestamp
3271 * for a transmit that never happened, always mark EVER_RETRANS
3272 */
3273 TCP_SKB_CB(skb)->sacked |= TCPCB_EVER_RETRANS;
3274
3275 if (BPF_SOCK_OPS_TEST_FLAG(tp, BPF_SOCK_OPS_RETRANS_CB_FLAG))
3276 tcp_call_bpf_3arg(sk, BPF_SOCK_OPS_RETRANS_CB,
3277 TCP_SKB_CB(skb)->seq, segs, err);
3278
3279 if (likely(!err)) {
3280 trace_tcp_retransmit_skb(sk, skb);
3281 } else if (err != -EBUSY) {
3282 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPRETRANSFAIL, segs);
3283 }
3284 return err;
3285 }
3286
tcp_retransmit_skb(struct sock * sk,struct sk_buff * skb,int segs)3287 int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs)
3288 {
3289 struct tcp_sock *tp = tcp_sk(sk);
3290 int err = __tcp_retransmit_skb(sk, skb, segs);
3291
3292 if (err == 0) {
3293 #if FASTRETRANS_DEBUG > 0
3294 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS) {
3295 net_dbg_ratelimited("retrans_out leaked\n");
3296 }
3297 #endif
3298 TCP_SKB_CB(skb)->sacked |= TCPCB_RETRANS;
3299 tp->retrans_out += tcp_skb_pcount(skb);
3300 }
3301
3302 /* Save stamp of the first (attempted) retransmit. */
3303 if (!tp->retrans_stamp)
3304 tp->retrans_stamp = tcp_skb_timestamp(skb);
3305
3306 if (tp->undo_retrans < 0)
3307 tp->undo_retrans = 0;
3308 tp->undo_retrans += tcp_skb_pcount(skb);
3309 return err;
3310 }
3311
3312 /* This gets called after a retransmit timeout, and the initially
3313 * retransmitted data is acknowledged. It tries to continue
3314 * resending the rest of the retransmit queue, until either
3315 * we've sent it all or the congestion window limit is reached.
3316 */
tcp_xmit_retransmit_queue(struct sock * sk)3317 void tcp_xmit_retransmit_queue(struct sock *sk)
3318 {
3319 const struct inet_connection_sock *icsk = inet_csk(sk);
3320 struct sk_buff *skb, *rtx_head, *hole = NULL;
3321 struct tcp_sock *tp = tcp_sk(sk);
3322 bool rearm_timer = false;
3323 u32 max_segs;
3324 int mib_idx;
3325
3326 if (!tp->packets_out)
3327 return;
3328
3329 rtx_head = tcp_rtx_queue_head(sk);
3330 skb = tp->retransmit_skb_hint ?: rtx_head;
3331 max_segs = tcp_tso_segs(sk, tcp_current_mss(sk));
3332 skb_rbtree_walk_from(skb) {
3333 __u8 sacked;
3334 int segs;
3335
3336 if (tcp_pacing_check(sk))
3337 break;
3338
3339 /* we could do better than to assign each time */
3340 if (!hole)
3341 tp->retransmit_skb_hint = skb;
3342
3343 segs = tp->snd_cwnd - tcp_packets_in_flight(tp);
3344 if (segs <= 0)
3345 break;
3346 sacked = TCP_SKB_CB(skb)->sacked;
3347 /* In case tcp_shift_skb_data() have aggregated large skbs,
3348 * we need to make sure not sending too bigs TSO packets
3349 */
3350 segs = min_t(int, segs, max_segs);
3351
3352 if (tp->retrans_out >= tp->lost_out) {
3353 break;
3354 } else if (!(sacked & TCPCB_LOST)) {
3355 if (!hole && !(sacked & (TCPCB_SACKED_RETRANS|TCPCB_SACKED_ACKED)))
3356 hole = skb;
3357 continue;
3358
3359 } else {
3360 if (icsk->icsk_ca_state != TCP_CA_Loss)
3361 mib_idx = LINUX_MIB_TCPFASTRETRANS;
3362 else
3363 mib_idx = LINUX_MIB_TCPSLOWSTARTRETRANS;
3364 }
3365
3366 if (sacked & (TCPCB_SACKED_ACKED|TCPCB_SACKED_RETRANS))
3367 continue;
3368
3369 if (tcp_small_queue_check(sk, skb, 1))
3370 break;
3371
3372 if (tcp_retransmit_skb(sk, skb, segs))
3373 break;
3374
3375 NET_ADD_STATS(sock_net(sk), mib_idx, tcp_skb_pcount(skb));
3376
3377 if (tcp_in_cwnd_reduction(sk))
3378 tp->prr_out += tcp_skb_pcount(skb);
3379
3380 if (skb == rtx_head &&
3381 icsk->icsk_pending != ICSK_TIME_REO_TIMEOUT)
3382 rearm_timer = true;
3383
3384 }
3385 if (rearm_timer)
3386 tcp_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
3387 inet_csk(sk)->icsk_rto,
3388 TCP_RTO_MAX);
3389 }
3390
3391 /* We allow to exceed memory limits for FIN packets to expedite
3392 * connection tear down and (memory) recovery.
3393 * Otherwise tcp_send_fin() could be tempted to either delay FIN
3394 * or even be forced to close flow without any FIN.
3395 * In general, we want to allow one skb per socket to avoid hangs
3396 * with edge trigger epoll()
3397 */
sk_forced_mem_schedule(struct sock * sk,int size)3398 void sk_forced_mem_schedule(struct sock *sk, int size)
3399 {
3400 int delta, amt;
3401
3402 delta = size - sk->sk_forward_alloc;
3403 if (delta <= 0)
3404 return;
3405 amt = sk_mem_pages(delta);
3406 sk->sk_forward_alloc += amt * SK_MEM_QUANTUM;
3407 sk_memory_allocated_add(sk, amt);
3408
3409 if (mem_cgroup_sockets_enabled && sk->sk_memcg)
3410 mem_cgroup_charge_skmem(sk->sk_memcg, amt);
3411 }
3412
3413 /* Send a FIN. The caller locks the socket for us.
3414 * We should try to send a FIN packet really hard, but eventually give up.
3415 */
tcp_send_fin(struct sock * sk)3416 void tcp_send_fin(struct sock *sk)
3417 {
3418 struct sk_buff *skb, *tskb, *tail = tcp_write_queue_tail(sk);
3419 struct tcp_sock *tp = tcp_sk(sk);
3420
3421 /* Optimization, tack on the FIN if we have one skb in write queue and
3422 * this skb was not yet sent, or we are under memory pressure.
3423 * Note: in the latter case, FIN packet will be sent after a timeout,
3424 * as TCP stack thinks it has already been transmitted.
3425 */
3426 tskb = tail;
3427 if (!tskb && tcp_under_memory_pressure(sk))
3428 tskb = skb_rb_last(&sk->tcp_rtx_queue);
3429
3430 if (tskb) {
3431 TCP_SKB_CB(tskb)->tcp_flags |= TCPHDR_FIN;
3432 TCP_SKB_CB(tskb)->end_seq++;
3433 tp->write_seq++;
3434 if (!tail) {
3435 /* This means tskb was already sent.
3436 * Pretend we included the FIN on previous transmit.
3437 * We need to set tp->snd_nxt to the value it would have
3438 * if FIN had been sent. This is because retransmit path
3439 * does not change tp->snd_nxt.
3440 */
3441 WRITE_ONCE(tp->snd_nxt, tp->snd_nxt + 1);
3442 return;
3443 }
3444 } else {
3445 skb = alloc_skb_fclone(MAX_TCP_HEADER,
3446 sk_gfp_mask(sk, GFP_ATOMIC |
3447 __GFP_NOWARN));
3448 if (unlikely(!skb))
3449 return;
3450
3451 INIT_LIST_HEAD(&skb->tcp_tsorted_anchor);
3452 skb_reserve(skb, MAX_TCP_HEADER);
3453 sk_forced_mem_schedule(sk, skb->truesize);
3454 /* FIN eats a sequence byte, write_seq advanced by tcp_queue_skb(). */
3455 tcp_init_nondata_skb(skb, tp->write_seq,
3456 TCPHDR_ACK | TCPHDR_FIN);
3457 tcp_queue_skb(sk, skb);
3458 }
3459 __tcp_push_pending_frames(sk, tcp_current_mss(sk), TCP_NAGLE_OFF);
3460 }
3461
3462 /* We get here when a process closes a file descriptor (either due to
3463 * an explicit close() or as a byproduct of exit()'ing) and there
3464 * was unread data in the receive queue. This behavior is recommended
3465 * by RFC 2525, section 2.17. -DaveM
3466 */
tcp_send_active_reset(struct sock * sk,gfp_t priority)3467 void tcp_send_active_reset(struct sock *sk, gfp_t priority)
3468 {
3469 struct sk_buff *skb;
3470
3471 TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTRSTS);
3472
3473 /* NOTE: No TCP options attached and we never retransmit this. */
3474 skb = alloc_skb(MAX_TCP_HEADER, priority);
3475 if (!skb) {
3476 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED);
3477 return;
3478 }
3479
3480 /* Reserve space for headers and prepare control bits. */
3481 skb_reserve(skb, MAX_TCP_HEADER);
3482 tcp_init_nondata_skb(skb, tcp_acceptable_seq(sk),
3483 TCPHDR_ACK | TCPHDR_RST);
3484 tcp_mstamp_refresh(tcp_sk(sk));
3485 /* Send it off. */
3486 if (tcp_transmit_skb(sk, skb, 0, priority))
3487 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED);
3488
3489 /* skb of trace_tcp_send_reset() keeps the skb that caused RST,
3490 * skb here is different to the troublesome skb, so use NULL
3491 */
3492 trace_tcp_send_reset(sk, NULL);
3493 }
3494
3495 /* Send a crossed SYN-ACK during socket establishment.
3496 * WARNING: This routine must only be called when we have already sent
3497 * a SYN packet that crossed the incoming SYN that caused this routine
3498 * to get called. If this assumption fails then the initial rcv_wnd
3499 * and rcv_wscale values will not be correct.
3500 */
tcp_send_synack(struct sock * sk)3501 int tcp_send_synack(struct sock *sk)
3502 {
3503 struct sk_buff *skb;
3504
3505 skb = tcp_rtx_queue_head(sk);
3506 if (!skb || !(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)) {
3507 pr_err("%s: wrong queue state\n", __func__);
3508 return -EFAULT;
3509 }
3510 if (!(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_ACK)) {
3511 if (skb_cloned(skb)) {
3512 struct sk_buff *nskb;
3513
3514 tcp_skb_tsorted_save(skb) {
3515 nskb = skb_copy(skb, GFP_ATOMIC);
3516 } tcp_skb_tsorted_restore(skb);
3517 if (!nskb)
3518 return -ENOMEM;
3519 INIT_LIST_HEAD(&nskb->tcp_tsorted_anchor);
3520 tcp_highest_sack_replace(sk, skb, nskb);
3521 tcp_rtx_queue_unlink_and_free(skb, sk);
3522 __skb_header_release(nskb);
3523 tcp_rbtree_insert(&sk->tcp_rtx_queue, nskb);
3524 sk_wmem_queued_add(sk, nskb->truesize);
3525 sk_mem_charge(sk, nskb->truesize);
3526 skb = nskb;
3527 }
3528
3529 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_ACK;
3530 tcp_ecn_send_synack(sk, skb);
3531 }
3532 return tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
3533 }
3534
3535 /**
3536 * tcp_make_synack - Allocate one skb and build a SYNACK packet.
3537 * @sk: listener socket
3538 * @dst: dst entry attached to the SYNACK. It is consumed and caller
3539 * should not use it again.
3540 * @req: request_sock pointer
3541 * @foc: cookie for tcp fast open
3542 * @synack_type: Type of synack to prepare
3543 * @syn_skb: SYN packet just received. It could be NULL for rtx case.
3544 */
tcp_make_synack(const struct sock * sk,struct dst_entry * dst,struct request_sock * req,struct tcp_fastopen_cookie * foc,enum tcp_synack_type synack_type,struct sk_buff * syn_skb)3545 struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst,
3546 struct request_sock *req,
3547 struct tcp_fastopen_cookie *foc,
3548 enum tcp_synack_type synack_type,
3549 struct sk_buff *syn_skb)
3550 {
3551 struct inet_request_sock *ireq = inet_rsk(req);
3552 const struct tcp_sock *tp = tcp_sk(sk);
3553 struct tcp_md5sig_key *md5 = NULL;
3554 struct tcp_out_options opts;
3555 struct sk_buff *skb;
3556 int tcp_header_size;
3557 struct tcphdr *th;
3558 int mss;
3559 u64 now;
3560
3561 skb = alloc_skb(MAX_TCP_HEADER, GFP_ATOMIC);
3562 if (unlikely(!skb)) {
3563 dst_release(dst);
3564 return NULL;
3565 }
3566 /* Reserve space for headers. */
3567 skb_reserve(skb, MAX_TCP_HEADER);
3568
3569 switch (synack_type) {
3570 case TCP_SYNACK_NORMAL:
3571 skb_set_owner_w(skb, req_to_sk(req));
3572 break;
3573 case TCP_SYNACK_COOKIE:
3574 /* Under synflood, we do not attach skb to a socket,
3575 * to avoid false sharing.
3576 */
3577 break;
3578 case TCP_SYNACK_FASTOPEN:
3579 /* sk is a const pointer, because we want to express multiple
3580 * cpu might call us concurrently.
3581 * sk->sk_wmem_alloc in an atomic, we can promote to rw.
3582 */
3583 skb_set_owner_w(skb, (struct sock *)sk);
3584 break;
3585 }
3586 skb_dst_set(skb, dst);
3587
3588 mss = tcp_mss_clamp(tp, dst_metric_advmss(dst));
3589
3590 memset(&opts, 0, sizeof(opts));
3591 now = tcp_clock_ns();
3592 #ifdef CONFIG_SYN_COOKIES
3593 if (unlikely(synack_type == TCP_SYNACK_COOKIE && ireq->tstamp_ok))
3594 skb->skb_mstamp_ns = cookie_init_timestamp(req, now);
3595 else
3596 #endif
3597 {
3598 skb->skb_mstamp_ns = now;
3599 if (!tcp_rsk(req)->snt_synack) /* Timestamp first SYNACK */
3600 tcp_rsk(req)->snt_synack = tcp_skb_timestamp_us(skb);
3601 }
3602
3603 #ifdef CONFIG_TCP_MD5SIG
3604 rcu_read_lock();
3605 md5 = tcp_rsk(req)->af_specific->req_md5_lookup(sk, req_to_sk(req));
3606 #endif
3607 skb_set_hash(skb, tcp_rsk(req)->txhash, PKT_HASH_TYPE_L4);
3608 /* bpf program will be interested in the tcp_flags */
3609 TCP_SKB_CB(skb)->tcp_flags = TCPHDR_SYN | TCPHDR_ACK;
3610 tcp_header_size = tcp_synack_options(sk, req, mss, skb, &opts, md5,
3611 foc, synack_type,
3612 syn_skb) + sizeof(*th);
3613
3614 skb_push(skb, tcp_header_size);
3615 skb_reset_transport_header(skb);
3616
3617 th = (struct tcphdr *)skb->data;
3618 memset(th, 0, sizeof(struct tcphdr));
3619 th->syn = 1;
3620 th->ack = 1;
3621 tcp_ecn_make_synack(req, th);
3622 th->source = htons(ireq->ir_num);
3623 th->dest = ireq->ir_rmt_port;
3624 skb->mark = ireq->ir_mark;
3625 skb->ip_summed = CHECKSUM_PARTIAL;
3626 th->seq = htonl(tcp_rsk(req)->snt_isn);
3627 /* XXX data is queued and acked as is. No buffer/window check */
3628 th->ack_seq = htonl(tcp_rsk(req)->rcv_nxt);
3629
3630 /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */
3631 th->window = htons(min(req->rsk_rcv_wnd, 65535U));
3632 tcp_options_write((__be32 *)(th + 1), NULL, &opts);
3633 th->doff = (tcp_header_size >> 2);
3634 TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTSEGS);
3635
3636 #ifdef CONFIG_TCP_MD5SIG
3637 /* Okay, we have all we need - do the md5 hash if needed */
3638 if (md5)
3639 tcp_rsk(req)->af_specific->calc_md5_hash(opts.hash_location,
3640 md5, req_to_sk(req), skb);
3641 rcu_read_unlock();
3642 #endif
3643
3644 bpf_skops_write_hdr_opt((struct sock *)sk, skb, req, syn_skb,
3645 synack_type, &opts);
3646
3647 skb->skb_mstamp_ns = now;
3648 tcp_add_tx_delay(skb, tp);
3649
3650 return skb;
3651 }
3652 EXPORT_SYMBOL(tcp_make_synack);
3653
tcp_ca_dst_init(struct sock * sk,const struct dst_entry * dst)3654 static void tcp_ca_dst_init(struct sock *sk, const struct dst_entry *dst)
3655 {
3656 struct inet_connection_sock *icsk = inet_csk(sk);
3657 const struct tcp_congestion_ops *ca;
3658 u32 ca_key = dst_metric(dst, RTAX_CC_ALGO);
3659
3660 if (ca_key == TCP_CA_UNSPEC)
3661 return;
3662
3663 rcu_read_lock();
3664 ca = tcp_ca_find_key(ca_key);
3665 if (likely(ca && bpf_try_module_get(ca, ca->owner))) {
3666 bpf_module_put(icsk->icsk_ca_ops, icsk->icsk_ca_ops->owner);
3667 icsk->icsk_ca_dst_locked = tcp_ca_dst_locked(dst);
3668 icsk->icsk_ca_ops = ca;
3669 }
3670 rcu_read_unlock();
3671 }
3672
3673 /* Do all connect socket setups that can be done AF independent. */
tcp_connect_init(struct sock * sk)3674 static void tcp_connect_init(struct sock *sk)
3675 {
3676 const struct dst_entry *dst = __sk_dst_get(sk);
3677 struct tcp_sock *tp = tcp_sk(sk);
3678 __u8 rcv_wscale;
3679 u32 rcv_wnd;
3680
3681 /* We'll fix this up when we get a response from the other end.
3682 * See tcp_input.c:tcp_rcv_state_process case TCP_SYN_SENT.
3683 */
3684 tp->tcp_header_len = sizeof(struct tcphdr);
3685 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_timestamps))
3686 tp->tcp_header_len += TCPOLEN_TSTAMP_ALIGNED;
3687
3688 #ifdef CONFIG_TCP_MD5SIG
3689 if (tp->af_specific->md5_lookup(sk, sk))
3690 tp->tcp_header_len += TCPOLEN_MD5SIG_ALIGNED;
3691 #endif
3692
3693 /* If user gave his TCP_MAXSEG, record it to clamp */
3694 if (tp->rx_opt.user_mss)
3695 tp->rx_opt.mss_clamp = tp->rx_opt.user_mss;
3696 tp->max_window = 0;
3697 tcp_mtup_init(sk);
3698 tcp_sync_mss(sk, dst_mtu(dst));
3699
3700 tcp_ca_dst_init(sk, dst);
3701
3702 if (!tp->window_clamp)
3703 tp->window_clamp = dst_metric(dst, RTAX_WINDOW);
3704 tp->advmss = tcp_mss_clamp(tp, dst_metric_advmss(dst));
3705
3706 tcp_initialize_rcv_mss(sk);
3707
3708 /* limit the window selection if the user enforce a smaller rx buffer */
3709 if (sk->sk_userlocks & SOCK_RCVBUF_LOCK &&
3710 (tp->window_clamp > tcp_full_space(sk) || tp->window_clamp == 0))
3711 tp->window_clamp = tcp_full_space(sk);
3712
3713 rcv_wnd = tcp_rwnd_init_bpf(sk);
3714 if (rcv_wnd == 0)
3715 rcv_wnd = dst_metric(dst, RTAX_INITRWND);
3716
3717 tcp_select_initial_window(sk, tcp_full_space(sk),
3718 tp->advmss - (tp->rx_opt.ts_recent_stamp ? tp->tcp_header_len - sizeof(struct tcphdr) : 0),
3719 &tp->rcv_wnd,
3720 &tp->window_clamp,
3721 READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_window_scaling),
3722 &rcv_wscale,
3723 rcv_wnd);
3724
3725 #ifdef CONFIG_LOWPOWER_PROTOCOL
3726 tp->rcv_wnd = TCP_RCV_WND_INIT;
3727 #endif /* CONFIG_LOWPOWER_PROTOCOL */
3728 tp->rx_opt.rcv_wscale = rcv_wscale;
3729 tp->rcv_ssthresh = tp->rcv_wnd;
3730
3731 sk->sk_err = 0;
3732 sock_reset_flag(sk, SOCK_DONE);
3733 tp->snd_wnd = 0;
3734 tcp_init_wl(tp, 0);
3735 tcp_write_queue_purge(sk);
3736 tp->snd_una = tp->write_seq;
3737 tp->snd_sml = tp->write_seq;
3738 tp->snd_up = tp->write_seq;
3739 WRITE_ONCE(tp->snd_nxt, tp->write_seq);
3740
3741 if (likely(!tp->repair))
3742 tp->rcv_nxt = 0;
3743 else
3744 tp->rcv_tstamp = tcp_jiffies32;
3745 tp->rcv_wup = tp->rcv_nxt;
3746 WRITE_ONCE(tp->copied_seq, tp->rcv_nxt);
3747
3748 inet_csk(sk)->icsk_rto = tcp_timeout_init(sk);
3749 inet_csk(sk)->icsk_retransmits = 0;
3750 tcp_clear_retrans(tp);
3751 }
3752
tcp_connect_queue_skb(struct sock * sk,struct sk_buff * skb)3753 static void tcp_connect_queue_skb(struct sock *sk, struct sk_buff *skb)
3754 {
3755 struct tcp_sock *tp = tcp_sk(sk);
3756 struct tcp_skb_cb *tcb = TCP_SKB_CB(skb);
3757
3758 tcb->end_seq += skb->len;
3759 __skb_header_release(skb);
3760 sk_wmem_queued_add(sk, skb->truesize);
3761 sk_mem_charge(sk, skb->truesize);
3762 WRITE_ONCE(tp->write_seq, tcb->end_seq);
3763 tp->packets_out += tcp_skb_pcount(skb);
3764 }
3765
3766 /* Build and send a SYN with data and (cached) Fast Open cookie. However,
3767 * queue a data-only packet after the regular SYN, such that regular SYNs
3768 * are retransmitted on timeouts. Also if the remote SYN-ACK acknowledges
3769 * only the SYN sequence, the data are retransmitted in the first ACK.
3770 * If cookie is not cached or other error occurs, falls back to send a
3771 * regular SYN with Fast Open cookie request option.
3772 */
tcp_send_syn_data(struct sock * sk,struct sk_buff * syn)3773 static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn)
3774 {
3775 struct inet_connection_sock *icsk = inet_csk(sk);
3776 struct tcp_sock *tp = tcp_sk(sk);
3777 struct tcp_fastopen_request *fo = tp->fastopen_req;
3778 int space, err = 0;
3779 struct sk_buff *syn_data;
3780
3781 tp->rx_opt.mss_clamp = tp->advmss; /* If MSS is not cached */
3782 if (!tcp_fastopen_cookie_check(sk, &tp->rx_opt.mss_clamp, &fo->cookie))
3783 goto fallback;
3784
3785 /* MSS for SYN-data is based on cached MSS and bounded by PMTU and
3786 * user-MSS. Reserve maximum option space for middleboxes that add
3787 * private TCP options. The cost is reduced data space in SYN :(
3788 */
3789 tp->rx_opt.mss_clamp = tcp_mss_clamp(tp, tp->rx_opt.mss_clamp);
3790 /* Sync mss_cache after updating the mss_clamp */
3791 tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
3792
3793 space = __tcp_mtu_to_mss(sk, icsk->icsk_pmtu_cookie) -
3794 MAX_TCP_OPTION_SPACE;
3795
3796 space = min_t(size_t, space, fo->size);
3797
3798 /* limit to order-0 allocations */
3799 space = min_t(size_t, space, SKB_MAX_HEAD(MAX_TCP_HEADER));
3800
3801 syn_data = sk_stream_alloc_skb(sk, space, sk->sk_allocation, false);
3802 if (!syn_data)
3803 goto fallback;
3804 syn_data->ip_summed = CHECKSUM_PARTIAL;
3805 memcpy(syn_data->cb, syn->cb, sizeof(syn->cb));
3806 if (space) {
3807 int copied = copy_from_iter(skb_put(syn_data, space), space,
3808 &fo->data->msg_iter);
3809 if (unlikely(!copied)) {
3810 tcp_skb_tsorted_anchor_cleanup(syn_data);
3811 kfree_skb(syn_data);
3812 goto fallback;
3813 }
3814 if (copied != space) {
3815 skb_trim(syn_data, copied);
3816 space = copied;
3817 }
3818 skb_zcopy_set(syn_data, fo->uarg, NULL);
3819 }
3820 /* No more data pending in inet_wait_for_connect() */
3821 if (space == fo->size)
3822 fo->data = NULL;
3823 fo->copied = space;
3824
3825 tcp_connect_queue_skb(sk, syn_data);
3826 if (syn_data->len)
3827 tcp_chrono_start(sk, TCP_CHRONO_BUSY);
3828
3829 err = tcp_transmit_skb(sk, syn_data, 1, sk->sk_allocation);
3830
3831 syn->skb_mstamp_ns = syn_data->skb_mstamp_ns;
3832
3833 /* Now full SYN+DATA was cloned and sent (or not),
3834 * remove the SYN from the original skb (syn_data)
3835 * we keep in write queue in case of a retransmit, as we
3836 * also have the SYN packet (with no data) in the same queue.
3837 */
3838 TCP_SKB_CB(syn_data)->seq++;
3839 TCP_SKB_CB(syn_data)->tcp_flags = TCPHDR_ACK | TCPHDR_PSH;
3840 if (!err) {
3841 tp->syn_data = (fo->copied > 0);
3842 tcp_rbtree_insert(&sk->tcp_rtx_queue, syn_data);
3843 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPORIGDATASENT);
3844 goto done;
3845 }
3846
3847 /* data was not sent, put it in write_queue */
3848 __skb_queue_tail(&sk->sk_write_queue, syn_data);
3849 tp->packets_out -= tcp_skb_pcount(syn_data);
3850
3851 fallback:
3852 /* Send a regular SYN with Fast Open cookie request option */
3853 if (fo->cookie.len > 0)
3854 fo->cookie.len = 0;
3855 err = tcp_transmit_skb(sk, syn, 1, sk->sk_allocation);
3856 if (err)
3857 tp->syn_fastopen = 0;
3858 done:
3859 fo->cookie.len = -1; /* Exclude Fast Open option for SYN retries */
3860 return err;
3861 }
3862
3863 /* Build a SYN and send it off. */
tcp_connect(struct sock * sk)3864 int tcp_connect(struct sock *sk)
3865 {
3866 struct tcp_sock *tp = tcp_sk(sk);
3867 struct sk_buff *buff;
3868 int err;
3869
3870 tcp_call_bpf(sk, BPF_SOCK_OPS_TCP_CONNECT_CB, 0, NULL);
3871
3872 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk))
3873 return -EHOSTUNREACH; /* Routing failure or similar. */
3874
3875 tcp_connect_init(sk);
3876
3877 if (unlikely(tp->repair)) {
3878 tcp_finish_connect(sk, NULL);
3879 return 0;
3880 }
3881
3882 buff = sk_stream_alloc_skb(sk, 0, sk->sk_allocation, true);
3883 if (unlikely(!buff))
3884 return -ENOBUFS;
3885
3886 tcp_init_nondata_skb(buff, tp->write_seq++, TCPHDR_SYN);
3887 tcp_mstamp_refresh(tp);
3888 tp->retrans_stamp = tcp_time_stamp(tp);
3889 tcp_connect_queue_skb(sk, buff);
3890 tcp_ecn_send_syn(sk, buff);
3891 tcp_rbtree_insert(&sk->tcp_rtx_queue, buff);
3892
3893 /* Send off SYN; include data in Fast Open. */
3894 err = tp->fastopen_req ? tcp_send_syn_data(sk, buff) :
3895 tcp_transmit_skb(sk, buff, 1, sk->sk_allocation);
3896 if (err == -ECONNREFUSED)
3897 return err;
3898
3899 /* We change tp->snd_nxt after the tcp_transmit_skb() call
3900 * in order to make this packet get counted in tcpOutSegs.
3901 */
3902 WRITE_ONCE(tp->snd_nxt, tp->write_seq);
3903 tp->pushed_seq = tp->write_seq;
3904 buff = tcp_send_head(sk);
3905 if (unlikely(buff)) {
3906 WRITE_ONCE(tp->snd_nxt, TCP_SKB_CB(buff)->seq);
3907 tp->pushed_seq = TCP_SKB_CB(buff)->seq;
3908 }
3909 TCP_INC_STATS(sock_net(sk), TCP_MIB_ACTIVEOPENS);
3910
3911 /* Timer for repeating the SYN until an answer. */
3912 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
3913 inet_csk(sk)->icsk_rto, TCP_RTO_MAX);
3914 return 0;
3915 }
3916 EXPORT_SYMBOL(tcp_connect);
3917
3918 /* Send out a delayed ack, the caller does the policy checking
3919 * to see if we should even be here. See tcp_input.c:tcp_ack_snd_check()
3920 * for details.
3921 */
tcp_send_delayed_ack(struct sock * sk)3922 void tcp_send_delayed_ack(struct sock *sk)
3923 {
3924 struct inet_connection_sock *icsk = inet_csk(sk);
3925 int ato = icsk->icsk_ack.ato;
3926 unsigned long timeout;
3927
3928 if (ato > TCP_DELACK_MIN) {
3929 const struct tcp_sock *tp = tcp_sk(sk);
3930 int max_ato = HZ / 2;
3931
3932 if (inet_csk_in_pingpong_mode(sk) ||
3933 (icsk->icsk_ack.pending & ICSK_ACK_PUSHED))
3934 max_ato = TCP_DELACK_MAX;
3935
3936 /* Slow path, intersegment interval is "high". */
3937
3938 /* If some rtt estimate is known, use it to bound delayed ack.
3939 * Do not use inet_csk(sk)->icsk_rto here, use results of rtt measurements
3940 * directly.
3941 */
3942 if (tp->srtt_us) {
3943 int rtt = max_t(int, usecs_to_jiffies(tp->srtt_us >> 3),
3944 TCP_DELACK_MIN);
3945
3946 if (rtt < max_ato)
3947 max_ato = rtt;
3948 }
3949
3950 ato = min(ato, max_ato);
3951 }
3952
3953 ato = min_t(u32, ato, inet_csk(sk)->icsk_delack_max);
3954
3955 /* Stay within the limit we were given */
3956 timeout = jiffies + ato;
3957
3958 /* Use new timeout only if there wasn't a older one earlier. */
3959 if (icsk->icsk_ack.pending & ICSK_ACK_TIMER) {
3960 /* If delack timer is about to expire, send ACK now. */
3961 if (time_before_eq(icsk->icsk_ack.timeout, jiffies + (ato >> 2))) {
3962 tcp_send_ack(sk);
3963 return;
3964 }
3965
3966 if (!time_before(timeout, icsk->icsk_ack.timeout))
3967 timeout = icsk->icsk_ack.timeout;
3968 }
3969 icsk->icsk_ack.pending |= ICSK_ACK_SCHED | ICSK_ACK_TIMER;
3970 icsk->icsk_ack.timeout = timeout;
3971 sk_reset_timer(sk, &icsk->icsk_delack_timer, timeout);
3972 }
3973
3974 /* This routine sends an ack and also updates the window. */
__tcp_send_ack(struct sock * sk,u32 rcv_nxt)3975 void __tcp_send_ack(struct sock *sk, u32 rcv_nxt)
3976 {
3977 struct sk_buff *buff;
3978
3979 /* If we have been reset, we may not send again. */
3980 if (sk->sk_state == TCP_CLOSE)
3981 return;
3982
3983 /* We are not putting this on the write queue, so
3984 * tcp_transmit_skb() will set the ownership to this
3985 * sock.
3986 */
3987 buff = alloc_skb(MAX_TCP_HEADER,
3988 sk_gfp_mask(sk, GFP_ATOMIC | __GFP_NOWARN));
3989 if (unlikely(!buff)) {
3990 struct inet_connection_sock *icsk = inet_csk(sk);
3991 unsigned long delay;
3992
3993 delay = TCP_DELACK_MAX << icsk->icsk_ack.retry;
3994 if (delay < TCP_RTO_MAX)
3995 icsk->icsk_ack.retry++;
3996 inet_csk_schedule_ack(sk);
3997 icsk->icsk_ack.ato = TCP_ATO_MIN;
3998 inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK, delay, TCP_RTO_MAX);
3999 return;
4000 }
4001
4002 /* Reserve space for headers and prepare control bits. */
4003 skb_reserve(buff, MAX_TCP_HEADER);
4004 tcp_init_nondata_skb(buff, tcp_acceptable_seq(sk), TCPHDR_ACK);
4005
4006 /* We do not want pure acks influencing TCP Small Queues or fq/pacing
4007 * too much.
4008 * SKB_TRUESIZE(max(1 .. 66, MAX_TCP_HEADER)) is unfortunately ~784
4009 */
4010 skb_set_tcp_pure_ack(buff);
4011
4012 /* Send it off, this clears delayed acks for us. */
4013 __tcp_transmit_skb(sk, buff, 0, (__force gfp_t)0, rcv_nxt);
4014 }
4015 EXPORT_SYMBOL_GPL(__tcp_send_ack);
4016
tcp_send_ack(struct sock * sk)4017 void tcp_send_ack(struct sock *sk)
4018 {
4019 __tcp_send_ack(sk, tcp_sk(sk)->rcv_nxt);
4020 }
4021
4022 /* This routine sends a packet with an out of date sequence
4023 * number. It assumes the other end will try to ack it.
4024 *
4025 * Question: what should we make while urgent mode?
4026 * 4.4BSD forces sending single byte of data. We cannot send
4027 * out of window data, because we have SND.NXT==SND.MAX...
4028 *
4029 * Current solution: to send TWO zero-length segments in urgent mode:
4030 * one is with SEG.SEQ=SND.UNA to deliver urgent pointer, another is
4031 * out-of-date with SND.UNA-1 to probe window.
4032 */
tcp_xmit_probe_skb(struct sock * sk,int urgent,int mib)4033 static int tcp_xmit_probe_skb(struct sock *sk, int urgent, int mib)
4034 {
4035 struct tcp_sock *tp = tcp_sk(sk);
4036 struct sk_buff *skb;
4037
4038 /* We don't queue it, tcp_transmit_skb() sets ownership. */
4039 skb = alloc_skb(MAX_TCP_HEADER,
4040 sk_gfp_mask(sk, GFP_ATOMIC | __GFP_NOWARN));
4041 if (!skb)
4042 return -1;
4043
4044 /* Reserve space for headers and set control bits. */
4045 skb_reserve(skb, MAX_TCP_HEADER);
4046 /* Use a previous sequence. This should cause the other
4047 * end to send an ack. Don't queue or clone SKB, just
4048 * send it.
4049 */
4050 tcp_init_nondata_skb(skb, tp->snd_una - !urgent, TCPHDR_ACK);
4051 NET_INC_STATS(sock_net(sk), mib);
4052 return tcp_transmit_skb(sk, skb, 0, (__force gfp_t)0);
4053 }
4054
4055 /* Called from setsockopt( ... TCP_REPAIR ) */
tcp_send_window_probe(struct sock * sk)4056 void tcp_send_window_probe(struct sock *sk)
4057 {
4058 if (sk->sk_state == TCP_ESTABLISHED) {
4059 tcp_sk(sk)->snd_wl1 = tcp_sk(sk)->rcv_nxt - 1;
4060 tcp_mstamp_refresh(tcp_sk(sk));
4061 tcp_xmit_probe_skb(sk, 0, LINUX_MIB_TCPWINPROBE);
4062 }
4063 }
4064
4065 /* Initiate keepalive or window probe from timer. */
tcp_write_wakeup(struct sock * sk,int mib)4066 int tcp_write_wakeup(struct sock *sk, int mib)
4067 {
4068 struct tcp_sock *tp = tcp_sk(sk);
4069 struct sk_buff *skb;
4070
4071 if (sk->sk_state == TCP_CLOSE)
4072 return -1;
4073
4074 skb = tcp_send_head(sk);
4075 if (skb && before(TCP_SKB_CB(skb)->seq, tcp_wnd_end(tp))) {
4076 int err;
4077 unsigned int mss = tcp_current_mss(sk);
4078 unsigned int seg_size = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
4079
4080 if (before(tp->pushed_seq, TCP_SKB_CB(skb)->end_seq))
4081 tp->pushed_seq = TCP_SKB_CB(skb)->end_seq;
4082
4083 /* We are probing the opening of a window
4084 * but the window size is != 0
4085 * must have been a result SWS avoidance ( sender )
4086 */
4087 if (seg_size < TCP_SKB_CB(skb)->end_seq - TCP_SKB_CB(skb)->seq ||
4088 skb->len > mss) {
4089 seg_size = min(seg_size, mss);
4090 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH;
4091 if (tcp_fragment(sk, TCP_FRAG_IN_WRITE_QUEUE,
4092 skb, seg_size, mss, GFP_ATOMIC))
4093 return -1;
4094 } else if (!tcp_skb_pcount(skb))
4095 tcp_set_skb_tso_segs(skb, mss);
4096
4097 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH;
4098 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
4099 if (!err)
4100 tcp_event_new_data_sent(sk, skb);
4101 return err;
4102 } else {
4103 if (between(tp->snd_up, tp->snd_una + 1, tp->snd_una + 0xFFFF))
4104 tcp_xmit_probe_skb(sk, 1, mib);
4105 return tcp_xmit_probe_skb(sk, 0, mib);
4106 }
4107 }
4108
4109 /* A window probe timeout has occurred. If window is not closed send
4110 * a partial packet else a zero probe.
4111 */
tcp_send_probe0(struct sock * sk)4112 void tcp_send_probe0(struct sock *sk)
4113 {
4114 struct inet_connection_sock *icsk = inet_csk(sk);
4115 struct tcp_sock *tp = tcp_sk(sk);
4116 unsigned long timeout;
4117 int err;
4118
4119 err = tcp_write_wakeup(sk, LINUX_MIB_TCPWINPROBE);
4120
4121 if (tp->packets_out || tcp_write_queue_empty(sk)) {
4122 /* Cancel probe timer, if it is not required. */
4123 icsk->icsk_probes_out = 0;
4124 icsk->icsk_backoff = 0;
4125 icsk->icsk_probes_tstamp = 0;
4126 return;
4127 }
4128
4129 icsk->icsk_probes_out++;
4130 if (err <= 0) {
4131 if (icsk->icsk_backoff < READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_retries2))
4132 icsk->icsk_backoff++;
4133 timeout = tcp_probe0_when(sk, TCP_RTO_MAX);
4134 } else {
4135 /* If packet was not sent due to local congestion,
4136 * Let senders fight for local resources conservatively.
4137 */
4138 timeout = TCP_RESOURCE_PROBE_INTERVAL;
4139 }
4140
4141 timeout = tcp_clamp_probe0_to_user_timeout(sk, timeout);
4142 tcp_reset_xmit_timer(sk, ICSK_TIME_PROBE0, timeout, TCP_RTO_MAX);
4143 }
4144
tcp_rtx_synack(const struct sock * sk,struct request_sock * req)4145 int tcp_rtx_synack(const struct sock *sk, struct request_sock *req)
4146 {
4147 const struct tcp_request_sock_ops *af_ops = tcp_rsk(req)->af_specific;
4148 struct flowi fl;
4149 int res;
4150
4151 tcp_rsk(req)->txhash = net_tx_rndhash();
4152 res = af_ops->send_synack(sk, NULL, &fl, req, NULL, TCP_SYNACK_NORMAL,
4153 NULL);
4154 if (!res) {
4155 TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS);
4156 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNRETRANS);
4157 if (unlikely(tcp_passive_fastopen(sk)))
4158 tcp_sk(sk)->total_retrans++;
4159 trace_tcp_retransmit_synack(sk, req);
4160 }
4161 return res;
4162 }
4163 EXPORT_SYMBOL(tcp_rtx_synack);
4164