1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * INET An implementation of the TCP/IP protocol suite for the LINUX
4 * operating system. INET is implemented using the BSD Socket
5 * interface as the means of communication with the user level.
6 *
7 * Implementation of the Transmission Control Protocol(TCP).
8 *
9 * Authors: Ross Biro
10 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
11 * Mark Evans, <evansmp@uhura.aston.ac.uk>
12 * Corey Minyard <wf-rch!minyard@relay.EU.net>
13 * Florian La Roche, <flla@stud.uni-sb.de>
14 * Charles Hedrick, <hedrick@klinzhai.rutgers.edu>
15 * Linus Torvalds, <torvalds@cs.helsinki.fi>
16 * Alan Cox, <gw4pts@gw4pts.ampr.org>
17 * Matthew Dillon, <dillon@apollo.west.oic.com>
18 * Arnt Gulbrandsen, <agulbra@nvg.unit.no>
19 * Jorge Cwik, <jorge@laser.satlink.net>
20 */
21
22 /*
23 * Changes: Pedro Roque : Retransmit queue handled by TCP.
24 * : Fragmentation on mtu decrease
25 * : Segment collapse on retransmit
26 * : AF independence
27 *
28 * Linus Torvalds : send_delayed_ack
29 * David S. Miller : Charge memory using the right skb
30 * during syn/ack processing.
31 * David S. Miller : Output engine completely rewritten.
32 * Andrea Arcangeli: SYNACK carry ts_recent in tsecr.
33 * Cacophonix Gaul : draft-minshall-nagle-01
34 * J Hadi Salim : ECN support
35 *
36 */
37
38 #define pr_fmt(fmt) "TCP: " fmt
39
40 #include <net/tcp.h>
41 #include <net/mptcp.h>
42 #include <net/proto_memory.h>
43
44 #include <linux/compiler.h>
45 #include <linux/gfp.h>
46 #include <linux/module.h>
47 #include <linux/static_key.h>
48 #include <linux/skbuff_ref.h>
49
50 #include <trace/events/tcp.h>
51
52 /* Refresh clocks of a TCP socket,
53 * ensuring monotically increasing values.
54 */
tcp_mstamp_refresh(struct tcp_sock * tp)55 void tcp_mstamp_refresh(struct tcp_sock *tp)
56 {
57 u64 val = tcp_clock_ns();
58
59 tp->tcp_clock_cache = val;
60 tp->tcp_mstamp = div_u64(val, NSEC_PER_USEC);
61 }
62
63 static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
64 int push_one, gfp_t gfp);
65
66 /* Account for new data that has been sent to the network. */
tcp_event_new_data_sent(struct sock * sk,struct sk_buff * skb)67 static void tcp_event_new_data_sent(struct sock *sk, struct sk_buff *skb)
68 {
69 struct inet_connection_sock *icsk = inet_csk(sk);
70 struct tcp_sock *tp = tcp_sk(sk);
71 unsigned int prior_packets = tp->packets_out;
72
73 WRITE_ONCE(tp->snd_nxt, TCP_SKB_CB(skb)->end_seq);
74
75 __skb_unlink(skb, &sk->sk_write_queue);
76 tcp_rbtree_insert(&sk->tcp_rtx_queue, skb);
77
78 if (tp->highest_sack == NULL)
79 tp->highest_sack = skb;
80
81 tp->packets_out += tcp_skb_pcount(skb);
82 if (!prior_packets || icsk->icsk_pending == ICSK_TIME_LOSS_PROBE)
83 tcp_rearm_rto(sk);
84
85 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPORIGDATASENT,
86 tcp_skb_pcount(skb));
87 tcp_check_space(sk);
88 }
89
90 /* SND.NXT, if window was not shrunk or the amount of shrunk was less than one
91 * window scaling factor due to loss of precision.
92 * If window has been shrunk, what should we make? It is not clear at all.
93 * Using SND.UNA we will fail to open window, SND.NXT is out of window. :-(
94 * Anything in between SND.UNA...SND.UNA+SND.WND also can be already
95 * invalid. OK, let's make this for now:
96 */
tcp_acceptable_seq(const struct sock * sk)97 static inline __u32 tcp_acceptable_seq(const struct sock *sk)
98 {
99 const struct tcp_sock *tp = tcp_sk(sk);
100
101 if (!before(tcp_wnd_end(tp), tp->snd_nxt) ||
102 (tp->rx_opt.wscale_ok &&
103 ((tp->snd_nxt - tcp_wnd_end(tp)) < (1 << tp->rx_opt.rcv_wscale))))
104 return tp->snd_nxt;
105 else
106 return tcp_wnd_end(tp);
107 }
108
109 /* Calculate mss to advertise in SYN segment.
110 * RFC1122, RFC1063, draft-ietf-tcpimpl-pmtud-01 state that:
111 *
112 * 1. It is independent of path mtu.
113 * 2. Ideally, it is maximal possible segment size i.e. 65535-40.
114 * 3. For IPv4 it is reasonable to calculate it from maximal MTU of
115 * attached devices, because some buggy hosts are confused by
116 * large MSS.
117 * 4. We do not make 3, we advertise MSS, calculated from first
118 * hop device mtu, but allow to raise it to ip_rt_min_advmss.
119 * This may be overridden via information stored in routing table.
120 * 5. Value 65535 for MSS is valid in IPv6 and means "as large as possible,
121 * probably even Jumbo".
122 */
tcp_advertise_mss(struct sock * sk)123 static __u16 tcp_advertise_mss(struct sock *sk)
124 {
125 struct tcp_sock *tp = tcp_sk(sk);
126 const struct dst_entry *dst = __sk_dst_get(sk);
127 int mss = tp->advmss;
128
129 if (dst) {
130 unsigned int metric = dst_metric_advmss(dst);
131
132 if (metric < mss) {
133 mss = metric;
134 tp->advmss = mss;
135 }
136 }
137
138 return (__u16)mss;
139 }
140
141 /* RFC2861. Reset CWND after idle period longer RTO to "restart window".
142 * This is the first part of cwnd validation mechanism.
143 */
tcp_cwnd_restart(struct sock * sk,s32 delta)144 void tcp_cwnd_restart(struct sock *sk, s32 delta)
145 {
146 struct tcp_sock *tp = tcp_sk(sk);
147 u32 restart_cwnd = tcp_init_cwnd(tp, __sk_dst_get(sk));
148 u32 cwnd = tcp_snd_cwnd(tp);
149
150 tcp_ca_event(sk, CA_EVENT_CWND_RESTART);
151
152 tp->snd_ssthresh = tcp_current_ssthresh(sk);
153 restart_cwnd = min(restart_cwnd, cwnd);
154
155 while ((delta -= inet_csk(sk)->icsk_rto) > 0 && cwnd > restart_cwnd)
156 cwnd >>= 1;
157 tcp_snd_cwnd_set(tp, max(cwnd, restart_cwnd));
158 tp->snd_cwnd_stamp = tcp_jiffies32;
159 tp->snd_cwnd_used = 0;
160 }
161
162 /* Congestion state accounting after a packet has been sent. */
tcp_event_data_sent(struct tcp_sock * tp,struct sock * sk)163 static void tcp_event_data_sent(struct tcp_sock *tp,
164 struct sock *sk)
165 {
166 struct inet_connection_sock *icsk = inet_csk(sk);
167 const u32 now = tcp_jiffies32;
168
169 if (tcp_packets_in_flight(tp) == 0)
170 tcp_ca_event(sk, CA_EVENT_TX_START);
171
172 tp->lsndtime = now;
173
174 /* If it is a reply for ato after last received
175 * packet, increase pingpong count.
176 */
177 if ((u32)(now - icsk->icsk_ack.lrcvtime) < icsk->icsk_ack.ato)
178 inet_csk_inc_pingpong_cnt(sk);
179 }
180
181 /* Account for an ACK we sent. */
tcp_event_ack_sent(struct sock * sk,u32 rcv_nxt)182 static inline void tcp_event_ack_sent(struct sock *sk, u32 rcv_nxt)
183 {
184 struct tcp_sock *tp = tcp_sk(sk);
185
186 if (unlikely(tp->compressed_ack)) {
187 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPACKCOMPRESSED,
188 tp->compressed_ack);
189 tp->compressed_ack = 0;
190 if (hrtimer_try_to_cancel(&tp->compressed_ack_timer) == 1)
191 __sock_put(sk);
192 }
193
194 if (unlikely(rcv_nxt != tp->rcv_nxt))
195 return; /* Special ACK sent by DCTCP to reflect ECN */
196 tcp_dec_quickack_mode(sk);
197 inet_csk_clear_xmit_timer(sk, ICSK_TIME_DACK);
198 }
199
200 /* Determine a window scaling and initial window to offer.
201 * Based on the assumption that the given amount of space
202 * will be offered. Store the results in the tp structure.
203 * NOTE: for smooth operation initial space offering should
204 * be a multiple of mss if possible. We assume here that mss >= 1.
205 * This MUST be enforced by all callers.
206 */
tcp_select_initial_window(const struct sock * sk,int __space,__u32 mss,__u32 * rcv_wnd,__u32 * __window_clamp,int wscale_ok,__u8 * rcv_wscale,__u32 init_rcv_wnd)207 void tcp_select_initial_window(const struct sock *sk, int __space, __u32 mss,
208 __u32 *rcv_wnd, __u32 *__window_clamp,
209 int wscale_ok, __u8 *rcv_wscale,
210 __u32 init_rcv_wnd)
211 {
212 unsigned int space = (__space < 0 ? 0 : __space);
213 u32 window_clamp = READ_ONCE(*__window_clamp);
214
215 /* If no clamp set the clamp to the max possible scaled window */
216 if (window_clamp == 0)
217 window_clamp = (U16_MAX << TCP_MAX_WSCALE);
218 space = min(window_clamp, space);
219
220 /* Quantize space offering to a multiple of mss if possible. */
221 if (space > mss)
222 space = rounddown(space, mss);
223
224 /* NOTE: offering an initial window larger than 32767
225 * will break some buggy TCP stacks. If the admin tells us
226 * it is likely we could be speaking with such a buggy stack
227 * we will truncate our initial window offering to 32K-1
228 * unless the remote has sent us a window scaling option,
229 * which we interpret as a sign the remote TCP is not
230 * misinterpreting the window field as a signed quantity.
231 */
232 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_workaround_signed_windows))
233 (*rcv_wnd) = min(space, MAX_TCP_WINDOW);
234 else
235 (*rcv_wnd) = space;
236
237 if (init_rcv_wnd)
238 *rcv_wnd = min(*rcv_wnd, init_rcv_wnd * mss);
239
240 *rcv_wscale = 0;
241 if (wscale_ok) {
242 /* Set window scaling on max possible window */
243 space = max_t(u32, space, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2]));
244 space = max_t(u32, space, READ_ONCE(sysctl_rmem_max));
245 space = min_t(u32, space, window_clamp);
246 *rcv_wscale = clamp_t(int, ilog2(space) - 15,
247 0, TCP_MAX_WSCALE);
248 }
249 /* Set the clamp no higher than max representable value */
250 WRITE_ONCE(*__window_clamp,
251 min_t(__u32, U16_MAX << (*rcv_wscale), window_clamp));
252 }
253 EXPORT_SYMBOL(tcp_select_initial_window);
254
255 /* Chose a new window to advertise, update state in tcp_sock for the
256 * socket, and return result with RFC1323 scaling applied. The return
257 * value can be stuffed directly into th->window for an outgoing
258 * frame.
259 */
tcp_select_window(struct sock * sk)260 static u16 tcp_select_window(struct sock *sk)
261 {
262 struct tcp_sock *tp = tcp_sk(sk);
263 struct net *net = sock_net(sk);
264 u32 old_win = tp->rcv_wnd;
265 u32 cur_win, new_win;
266
267 /* Make the window 0 if we failed to queue the data because we
268 * are out of memory. The window is temporary, so we don't store
269 * it on the socket.
270 */
271 if (unlikely(inet_csk(sk)->icsk_ack.pending & ICSK_ACK_NOMEM))
272 return 0;
273
274 cur_win = tcp_receive_window(tp);
275 new_win = __tcp_select_window(sk);
276 if (new_win < cur_win) {
277 /* Danger Will Robinson!
278 * Don't update rcv_wup/rcv_wnd here or else
279 * we will not be able to advertise a zero
280 * window in time. --DaveM
281 *
282 * Relax Will Robinson.
283 */
284 if (!READ_ONCE(net->ipv4.sysctl_tcp_shrink_window) || !tp->rx_opt.rcv_wscale) {
285 /* Never shrink the offered window */
286 if (new_win == 0)
287 NET_INC_STATS(net, LINUX_MIB_TCPWANTZEROWINDOWADV);
288 new_win = ALIGN(cur_win, 1 << tp->rx_opt.rcv_wscale);
289 }
290 }
291
292 tp->rcv_wnd = new_win;
293 tp->rcv_wup = tp->rcv_nxt;
294
295 /* Make sure we do not exceed the maximum possible
296 * scaled window.
297 */
298 if (!tp->rx_opt.rcv_wscale &&
299 READ_ONCE(net->ipv4.sysctl_tcp_workaround_signed_windows))
300 new_win = min(new_win, MAX_TCP_WINDOW);
301 else
302 new_win = min(new_win, (65535U << tp->rx_opt.rcv_wscale));
303
304 /* RFC1323 scaling applied */
305 new_win >>= tp->rx_opt.rcv_wscale;
306
307 /* If we advertise zero window, disable fast path. */
308 if (new_win == 0) {
309 tp->pred_flags = 0;
310 if (old_win)
311 NET_INC_STATS(net, LINUX_MIB_TCPTOZEROWINDOWADV);
312 } else if (old_win == 0) {
313 NET_INC_STATS(net, LINUX_MIB_TCPFROMZEROWINDOWADV);
314 }
315
316 return new_win;
317 }
318
319 /* Packet ECN state for a SYN-ACK */
tcp_ecn_send_synack(struct sock * sk,struct sk_buff * skb)320 static void tcp_ecn_send_synack(struct sock *sk, struct sk_buff *skb)
321 {
322 const struct tcp_sock *tp = tcp_sk(sk);
323
324 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_CWR;
325 if (!(tp->ecn_flags & TCP_ECN_OK))
326 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_ECE;
327 else if (tcp_ca_needs_ecn(sk) ||
328 tcp_bpf_ca_needs_ecn(sk))
329 INET_ECN_xmit(sk);
330 }
331
332 /* Packet ECN state for a SYN. */
tcp_ecn_send_syn(struct sock * sk,struct sk_buff * skb)333 static void tcp_ecn_send_syn(struct sock *sk, struct sk_buff *skb)
334 {
335 struct tcp_sock *tp = tcp_sk(sk);
336 bool bpf_needs_ecn = tcp_bpf_ca_needs_ecn(sk);
337 bool use_ecn = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_ecn) == 1 ||
338 tcp_ca_needs_ecn(sk) || bpf_needs_ecn;
339
340 if (!use_ecn) {
341 const struct dst_entry *dst = __sk_dst_get(sk);
342
343 if (dst && dst_feature(dst, RTAX_FEATURE_ECN))
344 use_ecn = true;
345 }
346
347 tp->ecn_flags = 0;
348
349 if (use_ecn) {
350 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_ECE | TCPHDR_CWR;
351 tp->ecn_flags = TCP_ECN_OK;
352 if (tcp_ca_needs_ecn(sk) || bpf_needs_ecn)
353 INET_ECN_xmit(sk);
354 }
355 }
356
tcp_ecn_clear_syn(struct sock * sk,struct sk_buff * skb)357 static void tcp_ecn_clear_syn(struct sock *sk, struct sk_buff *skb)
358 {
359 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_ecn_fallback))
360 /* tp->ecn_flags are cleared at a later point in time when
361 * SYN ACK is ultimatively being received.
362 */
363 TCP_SKB_CB(skb)->tcp_flags &= ~(TCPHDR_ECE | TCPHDR_CWR);
364 }
365
366 static void
tcp_ecn_make_synack(const struct request_sock * req,struct tcphdr * th)367 tcp_ecn_make_synack(const struct request_sock *req, struct tcphdr *th)
368 {
369 if (inet_rsk(req)->ecn_ok)
370 th->ece = 1;
371 }
372
373 /* Set up ECN state for a packet on a ESTABLISHED socket that is about to
374 * be sent.
375 */
tcp_ecn_send(struct sock * sk,struct sk_buff * skb,struct tcphdr * th,int tcp_header_len)376 static void tcp_ecn_send(struct sock *sk, struct sk_buff *skb,
377 struct tcphdr *th, int tcp_header_len)
378 {
379 struct tcp_sock *tp = tcp_sk(sk);
380
381 if (tp->ecn_flags & TCP_ECN_OK) {
382 /* Not-retransmitted data segment: set ECT and inject CWR. */
383 if (skb->len != tcp_header_len &&
384 !before(TCP_SKB_CB(skb)->seq, tp->snd_nxt)) {
385 INET_ECN_xmit(sk);
386 if (tp->ecn_flags & TCP_ECN_QUEUE_CWR) {
387 tp->ecn_flags &= ~TCP_ECN_QUEUE_CWR;
388 th->cwr = 1;
389 skb_shinfo(skb)->gso_type |= SKB_GSO_TCP_ECN;
390 }
391 } else if (!tcp_ca_needs_ecn(sk)) {
392 /* ACK or retransmitted segment: clear ECT|CE */
393 INET_ECN_dontxmit(sk);
394 }
395 if (tp->ecn_flags & TCP_ECN_DEMAND_CWR)
396 th->ece = 1;
397 }
398 }
399
400 /* Constructs common control bits of non-data skb. If SYN/FIN is present,
401 * auto increment end seqno.
402 */
tcp_init_nondata_skb(struct sk_buff * skb,u32 seq,u8 flags)403 static void tcp_init_nondata_skb(struct sk_buff *skb, u32 seq, u8 flags)
404 {
405 skb->ip_summed = CHECKSUM_PARTIAL;
406
407 TCP_SKB_CB(skb)->tcp_flags = flags;
408
409 tcp_skb_pcount_set(skb, 1);
410
411 TCP_SKB_CB(skb)->seq = seq;
412 if (flags & (TCPHDR_SYN | TCPHDR_FIN))
413 seq++;
414 TCP_SKB_CB(skb)->end_seq = seq;
415 }
416
tcp_urg_mode(const struct tcp_sock * tp)417 static inline bool tcp_urg_mode(const struct tcp_sock *tp)
418 {
419 return tp->snd_una != tp->snd_up;
420 }
421
422 #define OPTION_SACK_ADVERTISE BIT(0)
423 #define OPTION_TS BIT(1)
424 #define OPTION_MD5 BIT(2)
425 #define OPTION_WSCALE BIT(3)
426 #define OPTION_FAST_OPEN_COOKIE BIT(8)
427 #define OPTION_SMC BIT(9)
428 #define OPTION_MPTCP BIT(10)
429 #define OPTION_AO BIT(11)
430
smc_options_write(__be32 * ptr,u16 * options)431 static void smc_options_write(__be32 *ptr, u16 *options)
432 {
433 #if IS_ENABLED(CONFIG_SMC)
434 if (static_branch_unlikely(&tcp_have_smc)) {
435 if (unlikely(OPTION_SMC & *options)) {
436 *ptr++ = htonl((TCPOPT_NOP << 24) |
437 (TCPOPT_NOP << 16) |
438 (TCPOPT_EXP << 8) |
439 (TCPOLEN_EXP_SMC_BASE));
440 *ptr++ = htonl(TCPOPT_SMC_MAGIC);
441 }
442 }
443 #endif
444 }
445
446 struct tcp_out_options {
447 u16 options; /* bit field of OPTION_* */
448 u16 mss; /* 0 to disable */
449 u8 ws; /* window scale, 0 to disable */
450 u8 num_sack_blocks; /* number of SACK blocks to include */
451 u8 hash_size; /* bytes in hash_location */
452 u8 bpf_opt_len; /* length of BPF hdr option */
453 __u8 *hash_location; /* temporary pointer, overloaded */
454 __u32 tsval, tsecr; /* need to include OPTION_TS */
455 struct tcp_fastopen_cookie *fastopen_cookie; /* Fast open cookie */
456 struct mptcp_out_options mptcp;
457 };
458
mptcp_options_write(struct tcphdr * th,__be32 * ptr,struct tcp_sock * tp,struct tcp_out_options * opts)459 static void mptcp_options_write(struct tcphdr *th, __be32 *ptr,
460 struct tcp_sock *tp,
461 struct tcp_out_options *opts)
462 {
463 #if IS_ENABLED(CONFIG_MPTCP)
464 if (unlikely(OPTION_MPTCP & opts->options))
465 mptcp_write_options(th, ptr, tp, &opts->mptcp);
466 #endif
467 }
468
469 #ifdef CONFIG_CGROUP_BPF
bpf_skops_write_hdr_opt_arg0(struct sk_buff * skb,enum tcp_synack_type synack_type)470 static int bpf_skops_write_hdr_opt_arg0(struct sk_buff *skb,
471 enum tcp_synack_type synack_type)
472 {
473 if (unlikely(!skb))
474 return BPF_WRITE_HDR_TCP_CURRENT_MSS;
475
476 if (unlikely(synack_type == TCP_SYNACK_COOKIE))
477 return BPF_WRITE_HDR_TCP_SYNACK_COOKIE;
478
479 return 0;
480 }
481
482 /* req, syn_skb and synack_type are used when writing synack */
bpf_skops_hdr_opt_len(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct sk_buff * syn_skb,enum tcp_synack_type synack_type,struct tcp_out_options * opts,unsigned int * remaining)483 static void bpf_skops_hdr_opt_len(struct sock *sk, struct sk_buff *skb,
484 struct request_sock *req,
485 struct sk_buff *syn_skb,
486 enum tcp_synack_type synack_type,
487 struct tcp_out_options *opts,
488 unsigned int *remaining)
489 {
490 struct bpf_sock_ops_kern sock_ops;
491 int err;
492
493 if (likely(!BPF_SOCK_OPS_TEST_FLAG(tcp_sk(sk),
494 BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG)) ||
495 !*remaining)
496 return;
497
498 /* *remaining has already been aligned to 4 bytes, so *remaining >= 4 */
499
500 /* init sock_ops */
501 memset(&sock_ops, 0, offsetof(struct bpf_sock_ops_kern, temp));
502
503 sock_ops.op = BPF_SOCK_OPS_HDR_OPT_LEN_CB;
504
505 if (req) {
506 /* The listen "sk" cannot be passed here because
507 * it is not locked. It would not make too much
508 * sense to do bpf_setsockopt(listen_sk) based
509 * on individual connection request also.
510 *
511 * Thus, "req" is passed here and the cgroup-bpf-progs
512 * of the listen "sk" will be run.
513 *
514 * "req" is also used here for fastopen even the "sk" here is
515 * a fullsock "child" sk. It is to keep the behavior
516 * consistent between fastopen and non-fastopen on
517 * the bpf programming side.
518 */
519 sock_ops.sk = (struct sock *)req;
520 sock_ops.syn_skb = syn_skb;
521 } else {
522 sock_owned_by_me(sk);
523
524 sock_ops.is_fullsock = 1;
525 sock_ops.sk = sk;
526 }
527
528 sock_ops.args[0] = bpf_skops_write_hdr_opt_arg0(skb, synack_type);
529 sock_ops.remaining_opt_len = *remaining;
530 /* tcp_current_mss() does not pass a skb */
531 if (skb)
532 bpf_skops_init_skb(&sock_ops, skb, 0);
533
534 err = BPF_CGROUP_RUN_PROG_SOCK_OPS_SK(&sock_ops, sk);
535
536 if (err || sock_ops.remaining_opt_len == *remaining)
537 return;
538
539 opts->bpf_opt_len = *remaining - sock_ops.remaining_opt_len;
540 /* round up to 4 bytes */
541 opts->bpf_opt_len = (opts->bpf_opt_len + 3) & ~3;
542
543 *remaining -= opts->bpf_opt_len;
544 }
545
bpf_skops_write_hdr_opt(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct sk_buff * syn_skb,enum tcp_synack_type synack_type,struct tcp_out_options * opts)546 static void bpf_skops_write_hdr_opt(struct sock *sk, struct sk_buff *skb,
547 struct request_sock *req,
548 struct sk_buff *syn_skb,
549 enum tcp_synack_type synack_type,
550 struct tcp_out_options *opts)
551 {
552 u8 first_opt_off, nr_written, max_opt_len = opts->bpf_opt_len;
553 struct bpf_sock_ops_kern sock_ops;
554 int err;
555
556 if (likely(!max_opt_len))
557 return;
558
559 memset(&sock_ops, 0, offsetof(struct bpf_sock_ops_kern, temp));
560
561 sock_ops.op = BPF_SOCK_OPS_WRITE_HDR_OPT_CB;
562
563 if (req) {
564 sock_ops.sk = (struct sock *)req;
565 sock_ops.syn_skb = syn_skb;
566 } else {
567 sock_owned_by_me(sk);
568
569 sock_ops.is_fullsock = 1;
570 sock_ops.sk = sk;
571 }
572
573 sock_ops.args[0] = bpf_skops_write_hdr_opt_arg0(skb, synack_type);
574 sock_ops.remaining_opt_len = max_opt_len;
575 first_opt_off = tcp_hdrlen(skb) - max_opt_len;
576 bpf_skops_init_skb(&sock_ops, skb, first_opt_off);
577
578 err = BPF_CGROUP_RUN_PROG_SOCK_OPS_SK(&sock_ops, sk);
579
580 if (err)
581 nr_written = 0;
582 else
583 nr_written = max_opt_len - sock_ops.remaining_opt_len;
584
585 if (nr_written < max_opt_len)
586 memset(skb->data + first_opt_off + nr_written, TCPOPT_NOP,
587 max_opt_len - nr_written);
588 }
589 #else
bpf_skops_hdr_opt_len(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct sk_buff * syn_skb,enum tcp_synack_type synack_type,struct tcp_out_options * opts,unsigned int * remaining)590 static void bpf_skops_hdr_opt_len(struct sock *sk, struct sk_buff *skb,
591 struct request_sock *req,
592 struct sk_buff *syn_skb,
593 enum tcp_synack_type synack_type,
594 struct tcp_out_options *opts,
595 unsigned int *remaining)
596 {
597 }
598
bpf_skops_write_hdr_opt(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct sk_buff * syn_skb,enum tcp_synack_type synack_type,struct tcp_out_options * opts)599 static void bpf_skops_write_hdr_opt(struct sock *sk, struct sk_buff *skb,
600 struct request_sock *req,
601 struct sk_buff *syn_skb,
602 enum tcp_synack_type synack_type,
603 struct tcp_out_options *opts)
604 {
605 }
606 #endif
607
process_tcp_ao_options(struct tcp_sock * tp,const struct tcp_request_sock * tcprsk,struct tcp_out_options * opts,struct tcp_key * key,__be32 * ptr)608 static __be32 *process_tcp_ao_options(struct tcp_sock *tp,
609 const struct tcp_request_sock *tcprsk,
610 struct tcp_out_options *opts,
611 struct tcp_key *key, __be32 *ptr)
612 {
613 #ifdef CONFIG_TCP_AO
614 u8 maclen = tcp_ao_maclen(key->ao_key);
615
616 if (tcprsk) {
617 u8 aolen = maclen + sizeof(struct tcp_ao_hdr);
618
619 *ptr++ = htonl((TCPOPT_AO << 24) | (aolen << 16) |
620 (tcprsk->ao_keyid << 8) |
621 (tcprsk->ao_rcv_next));
622 } else {
623 struct tcp_ao_key *rnext_key;
624 struct tcp_ao_info *ao_info;
625
626 ao_info = rcu_dereference_check(tp->ao_info,
627 lockdep_sock_is_held(&tp->inet_conn.icsk_inet.sk));
628 rnext_key = READ_ONCE(ao_info->rnext_key);
629 if (WARN_ON_ONCE(!rnext_key))
630 return ptr;
631 *ptr++ = htonl((TCPOPT_AO << 24) |
632 (tcp_ao_len(key->ao_key) << 16) |
633 (key->ao_key->sndid << 8) |
634 (rnext_key->rcvid));
635 }
636 opts->hash_location = (__u8 *)ptr;
637 ptr += maclen / sizeof(*ptr);
638 if (unlikely(maclen % sizeof(*ptr))) {
639 memset(ptr, TCPOPT_NOP, sizeof(*ptr));
640 ptr++;
641 }
642 #endif
643 return ptr;
644 }
645
646 /* Write previously computed TCP options to the packet.
647 *
648 * Beware: Something in the Internet is very sensitive to the ordering of
649 * TCP options, we learned this through the hard way, so be careful here.
650 * Luckily we can at least blame others for their non-compliance but from
651 * inter-operability perspective it seems that we're somewhat stuck with
652 * the ordering which we have been using if we want to keep working with
653 * those broken things (not that it currently hurts anybody as there isn't
654 * particular reason why the ordering would need to be changed).
655 *
656 * At least SACK_PERM as the first option is known to lead to a disaster
657 * (but it may well be that other scenarios fail similarly).
658 */
tcp_options_write(struct tcphdr * th,struct tcp_sock * tp,const struct tcp_request_sock * tcprsk,struct tcp_out_options * opts,struct tcp_key * key)659 static void tcp_options_write(struct tcphdr *th, struct tcp_sock *tp,
660 const struct tcp_request_sock *tcprsk,
661 struct tcp_out_options *opts,
662 struct tcp_key *key)
663 {
664 __be32 *ptr = (__be32 *)(th + 1);
665 u16 options = opts->options; /* mungable copy */
666
667 if (tcp_key_is_md5(key)) {
668 *ptr++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
669 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
670 /* overload cookie hash location */
671 opts->hash_location = (__u8 *)ptr;
672 ptr += 4;
673 } else if (tcp_key_is_ao(key)) {
674 ptr = process_tcp_ao_options(tp, tcprsk, opts, key, ptr);
675 }
676 if (unlikely(opts->mss)) {
677 *ptr++ = htonl((TCPOPT_MSS << 24) |
678 (TCPOLEN_MSS << 16) |
679 opts->mss);
680 }
681
682 if (likely(OPTION_TS & options)) {
683 if (unlikely(OPTION_SACK_ADVERTISE & options)) {
684 *ptr++ = htonl((TCPOPT_SACK_PERM << 24) |
685 (TCPOLEN_SACK_PERM << 16) |
686 (TCPOPT_TIMESTAMP << 8) |
687 TCPOLEN_TIMESTAMP);
688 options &= ~OPTION_SACK_ADVERTISE;
689 } else {
690 *ptr++ = htonl((TCPOPT_NOP << 24) |
691 (TCPOPT_NOP << 16) |
692 (TCPOPT_TIMESTAMP << 8) |
693 TCPOLEN_TIMESTAMP);
694 }
695 *ptr++ = htonl(opts->tsval);
696 *ptr++ = htonl(opts->tsecr);
697 }
698
699 if (unlikely(OPTION_SACK_ADVERTISE & options)) {
700 *ptr++ = htonl((TCPOPT_NOP << 24) |
701 (TCPOPT_NOP << 16) |
702 (TCPOPT_SACK_PERM << 8) |
703 TCPOLEN_SACK_PERM);
704 }
705
706 if (unlikely(OPTION_WSCALE & options)) {
707 *ptr++ = htonl((TCPOPT_NOP << 24) |
708 (TCPOPT_WINDOW << 16) |
709 (TCPOLEN_WINDOW << 8) |
710 opts->ws);
711 }
712
713 if (unlikely(opts->num_sack_blocks)) {
714 struct tcp_sack_block *sp = tp->rx_opt.dsack ?
715 tp->duplicate_sack : tp->selective_acks;
716 int this_sack;
717
718 *ptr++ = htonl((TCPOPT_NOP << 24) |
719 (TCPOPT_NOP << 16) |
720 (TCPOPT_SACK << 8) |
721 (TCPOLEN_SACK_BASE + (opts->num_sack_blocks *
722 TCPOLEN_SACK_PERBLOCK)));
723
724 for (this_sack = 0; this_sack < opts->num_sack_blocks;
725 ++this_sack) {
726 *ptr++ = htonl(sp[this_sack].start_seq);
727 *ptr++ = htonl(sp[this_sack].end_seq);
728 }
729
730 tp->rx_opt.dsack = 0;
731 }
732
733 if (unlikely(OPTION_FAST_OPEN_COOKIE & options)) {
734 struct tcp_fastopen_cookie *foc = opts->fastopen_cookie;
735 u8 *p = (u8 *)ptr;
736 u32 len; /* Fast Open option length */
737
738 if (foc->exp) {
739 len = TCPOLEN_EXP_FASTOPEN_BASE + foc->len;
740 *ptr = htonl((TCPOPT_EXP << 24) | (len << 16) |
741 TCPOPT_FASTOPEN_MAGIC);
742 p += TCPOLEN_EXP_FASTOPEN_BASE;
743 } else {
744 len = TCPOLEN_FASTOPEN_BASE + foc->len;
745 *p++ = TCPOPT_FASTOPEN;
746 *p++ = len;
747 }
748
749 memcpy(p, foc->val, foc->len);
750 if ((len & 3) == 2) {
751 p[foc->len] = TCPOPT_NOP;
752 p[foc->len + 1] = TCPOPT_NOP;
753 }
754 ptr += (len + 3) >> 2;
755 }
756
757 smc_options_write(ptr, &options);
758
759 mptcp_options_write(th, ptr, tp, opts);
760 }
761
smc_set_option(const struct tcp_sock * tp,struct tcp_out_options * opts,unsigned int * remaining)762 static void smc_set_option(const struct tcp_sock *tp,
763 struct tcp_out_options *opts,
764 unsigned int *remaining)
765 {
766 #if IS_ENABLED(CONFIG_SMC)
767 if (static_branch_unlikely(&tcp_have_smc)) {
768 if (tp->syn_smc) {
769 if (*remaining >= TCPOLEN_EXP_SMC_BASE_ALIGNED) {
770 opts->options |= OPTION_SMC;
771 *remaining -= TCPOLEN_EXP_SMC_BASE_ALIGNED;
772 }
773 }
774 }
775 #endif
776 }
777
smc_set_option_cond(const struct tcp_sock * tp,const struct inet_request_sock * ireq,struct tcp_out_options * opts,unsigned int * remaining)778 static void smc_set_option_cond(const struct tcp_sock *tp,
779 const struct inet_request_sock *ireq,
780 struct tcp_out_options *opts,
781 unsigned int *remaining)
782 {
783 #if IS_ENABLED(CONFIG_SMC)
784 if (static_branch_unlikely(&tcp_have_smc)) {
785 if (tp->syn_smc && ireq->smc_ok) {
786 if (*remaining >= TCPOLEN_EXP_SMC_BASE_ALIGNED) {
787 opts->options |= OPTION_SMC;
788 *remaining -= TCPOLEN_EXP_SMC_BASE_ALIGNED;
789 }
790 }
791 }
792 #endif
793 }
794
mptcp_set_option_cond(const struct request_sock * req,struct tcp_out_options * opts,unsigned int * remaining)795 static void mptcp_set_option_cond(const struct request_sock *req,
796 struct tcp_out_options *opts,
797 unsigned int *remaining)
798 {
799 if (rsk_is_mptcp(req)) {
800 unsigned int size;
801
802 if (mptcp_synack_options(req, &size, &opts->mptcp)) {
803 if (*remaining >= size) {
804 opts->options |= OPTION_MPTCP;
805 *remaining -= size;
806 }
807 }
808 }
809 }
810
811 /* Compute TCP options for SYN packets. This is not the final
812 * network wire format yet.
813 */
tcp_syn_options(struct sock * sk,struct sk_buff * skb,struct tcp_out_options * opts,struct tcp_key * key)814 static unsigned int tcp_syn_options(struct sock *sk, struct sk_buff *skb,
815 struct tcp_out_options *opts,
816 struct tcp_key *key)
817 {
818 struct tcp_sock *tp = tcp_sk(sk);
819 unsigned int remaining = MAX_TCP_OPTION_SPACE;
820 struct tcp_fastopen_request *fastopen = tp->fastopen_req;
821 bool timestamps;
822
823 /* Better than switch (key.type) as it has static branches */
824 if (tcp_key_is_md5(key)) {
825 timestamps = false;
826 opts->options |= OPTION_MD5;
827 remaining -= TCPOLEN_MD5SIG_ALIGNED;
828 } else {
829 timestamps = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_timestamps);
830 if (tcp_key_is_ao(key)) {
831 opts->options |= OPTION_AO;
832 remaining -= tcp_ao_len_aligned(key->ao_key);
833 }
834 }
835
836 /* We always get an MSS option. The option bytes which will be seen in
837 * normal data packets should timestamps be used, must be in the MSS
838 * advertised. But we subtract them from tp->mss_cache so that
839 * calculations in tcp_sendmsg are simpler etc. So account for this
840 * fact here if necessary. If we don't do this correctly, as a
841 * receiver we won't recognize data packets as being full sized when we
842 * should, and thus we won't abide by the delayed ACK rules correctly.
843 * SACKs don't matter, we never delay an ACK when we have any of those
844 * going out. */
845 opts->mss = tcp_advertise_mss(sk);
846 remaining -= TCPOLEN_MSS_ALIGNED;
847
848 if (likely(timestamps)) {
849 opts->options |= OPTION_TS;
850 opts->tsval = tcp_skb_timestamp_ts(tp->tcp_usec_ts, skb) + tp->tsoffset;
851 opts->tsecr = tp->rx_opt.ts_recent;
852 remaining -= TCPOLEN_TSTAMP_ALIGNED;
853 }
854 if (likely(READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_window_scaling))) {
855 opts->ws = tp->rx_opt.rcv_wscale;
856 opts->options |= OPTION_WSCALE;
857 remaining -= TCPOLEN_WSCALE_ALIGNED;
858 }
859 if (likely(READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_sack))) {
860 opts->options |= OPTION_SACK_ADVERTISE;
861 if (unlikely(!(OPTION_TS & opts->options)))
862 remaining -= TCPOLEN_SACKPERM_ALIGNED;
863 }
864
865 if (fastopen && fastopen->cookie.len >= 0) {
866 u32 need = fastopen->cookie.len;
867
868 need += fastopen->cookie.exp ? TCPOLEN_EXP_FASTOPEN_BASE :
869 TCPOLEN_FASTOPEN_BASE;
870 need = (need + 3) & ~3U; /* Align to 32 bits */
871 if (remaining >= need) {
872 opts->options |= OPTION_FAST_OPEN_COOKIE;
873 opts->fastopen_cookie = &fastopen->cookie;
874 remaining -= need;
875 tp->syn_fastopen = 1;
876 tp->syn_fastopen_exp = fastopen->cookie.exp ? 1 : 0;
877 }
878 }
879
880 smc_set_option(tp, opts, &remaining);
881
882 if (sk_is_mptcp(sk)) {
883 unsigned int size;
884
885 if (mptcp_syn_options(sk, skb, &size, &opts->mptcp)) {
886 opts->options |= OPTION_MPTCP;
887 remaining -= size;
888 }
889 }
890
891 bpf_skops_hdr_opt_len(sk, skb, NULL, NULL, 0, opts, &remaining);
892
893 return MAX_TCP_OPTION_SPACE - remaining;
894 }
895
896 /* Set up TCP options for SYN-ACKs. */
tcp_synack_options(const struct sock * sk,struct request_sock * req,unsigned int mss,struct sk_buff * skb,struct tcp_out_options * opts,const struct tcp_key * key,struct tcp_fastopen_cookie * foc,enum tcp_synack_type synack_type,struct sk_buff * syn_skb)897 static unsigned int tcp_synack_options(const struct sock *sk,
898 struct request_sock *req,
899 unsigned int mss, struct sk_buff *skb,
900 struct tcp_out_options *opts,
901 const struct tcp_key *key,
902 struct tcp_fastopen_cookie *foc,
903 enum tcp_synack_type synack_type,
904 struct sk_buff *syn_skb)
905 {
906 struct inet_request_sock *ireq = inet_rsk(req);
907 unsigned int remaining = MAX_TCP_OPTION_SPACE;
908
909 if (tcp_key_is_md5(key)) {
910 opts->options |= OPTION_MD5;
911 remaining -= TCPOLEN_MD5SIG_ALIGNED;
912
913 /* We can't fit any SACK blocks in a packet with MD5 + TS
914 * options. There was discussion about disabling SACK
915 * rather than TS in order to fit in better with old,
916 * buggy kernels, but that was deemed to be unnecessary.
917 */
918 if (synack_type != TCP_SYNACK_COOKIE)
919 ireq->tstamp_ok &= !ireq->sack_ok;
920 } else if (tcp_key_is_ao(key)) {
921 opts->options |= OPTION_AO;
922 remaining -= tcp_ao_len_aligned(key->ao_key);
923 ireq->tstamp_ok &= !ireq->sack_ok;
924 }
925
926 /* We always send an MSS option. */
927 opts->mss = mss;
928 remaining -= TCPOLEN_MSS_ALIGNED;
929
930 if (likely(ireq->wscale_ok)) {
931 opts->ws = ireq->rcv_wscale;
932 opts->options |= OPTION_WSCALE;
933 remaining -= TCPOLEN_WSCALE_ALIGNED;
934 }
935 if (likely(ireq->tstamp_ok)) {
936 opts->options |= OPTION_TS;
937 opts->tsval = tcp_skb_timestamp_ts(tcp_rsk(req)->req_usec_ts, skb) +
938 tcp_rsk(req)->ts_off;
939 opts->tsecr = READ_ONCE(req->ts_recent);
940 remaining -= TCPOLEN_TSTAMP_ALIGNED;
941 }
942 if (likely(ireq->sack_ok)) {
943 opts->options |= OPTION_SACK_ADVERTISE;
944 if (unlikely(!ireq->tstamp_ok))
945 remaining -= TCPOLEN_SACKPERM_ALIGNED;
946 }
947 if (foc != NULL && foc->len >= 0) {
948 u32 need = foc->len;
949
950 need += foc->exp ? TCPOLEN_EXP_FASTOPEN_BASE :
951 TCPOLEN_FASTOPEN_BASE;
952 need = (need + 3) & ~3U; /* Align to 32 bits */
953 if (remaining >= need) {
954 opts->options |= OPTION_FAST_OPEN_COOKIE;
955 opts->fastopen_cookie = foc;
956 remaining -= need;
957 }
958 }
959
960 mptcp_set_option_cond(req, opts, &remaining);
961
962 smc_set_option_cond(tcp_sk(sk), ireq, opts, &remaining);
963
964 bpf_skops_hdr_opt_len((struct sock *)sk, skb, req, syn_skb,
965 synack_type, opts, &remaining);
966
967 return MAX_TCP_OPTION_SPACE - remaining;
968 }
969
970 /* Compute TCP options for ESTABLISHED sockets. This is not the
971 * final wire format yet.
972 */
tcp_established_options(struct sock * sk,struct sk_buff * skb,struct tcp_out_options * opts,struct tcp_key * key)973 static unsigned int tcp_established_options(struct sock *sk, struct sk_buff *skb,
974 struct tcp_out_options *opts,
975 struct tcp_key *key)
976 {
977 struct tcp_sock *tp = tcp_sk(sk);
978 unsigned int size = 0;
979 unsigned int eff_sacks;
980
981 opts->options = 0;
982
983 /* Better than switch (key.type) as it has static branches */
984 if (tcp_key_is_md5(key)) {
985 opts->options |= OPTION_MD5;
986 size += TCPOLEN_MD5SIG_ALIGNED;
987 } else if (tcp_key_is_ao(key)) {
988 opts->options |= OPTION_AO;
989 size += tcp_ao_len_aligned(key->ao_key);
990 }
991
992 if (likely(tp->rx_opt.tstamp_ok)) {
993 opts->options |= OPTION_TS;
994 opts->tsval = skb ? tcp_skb_timestamp_ts(tp->tcp_usec_ts, skb) +
995 tp->tsoffset : 0;
996 opts->tsecr = tp->rx_opt.ts_recent;
997 size += TCPOLEN_TSTAMP_ALIGNED;
998 }
999
1000 /* MPTCP options have precedence over SACK for the limited TCP
1001 * option space because a MPTCP connection would be forced to
1002 * fall back to regular TCP if a required multipath option is
1003 * missing. SACK still gets a chance to use whatever space is
1004 * left.
1005 */
1006 if (sk_is_mptcp(sk)) {
1007 unsigned int remaining = MAX_TCP_OPTION_SPACE - size;
1008 unsigned int opt_size = 0;
1009
1010 if (mptcp_established_options(sk, skb, &opt_size, remaining,
1011 &opts->mptcp)) {
1012 opts->options |= OPTION_MPTCP;
1013 size += opt_size;
1014 }
1015 }
1016
1017 eff_sacks = tp->rx_opt.num_sacks + tp->rx_opt.dsack;
1018 if (unlikely(eff_sacks)) {
1019 const unsigned int remaining = MAX_TCP_OPTION_SPACE - size;
1020 if (unlikely(remaining < TCPOLEN_SACK_BASE_ALIGNED +
1021 TCPOLEN_SACK_PERBLOCK))
1022 return size;
1023
1024 opts->num_sack_blocks =
1025 min_t(unsigned int, eff_sacks,
1026 (remaining - TCPOLEN_SACK_BASE_ALIGNED) /
1027 TCPOLEN_SACK_PERBLOCK);
1028
1029 size += TCPOLEN_SACK_BASE_ALIGNED +
1030 opts->num_sack_blocks * TCPOLEN_SACK_PERBLOCK;
1031 }
1032
1033 if (unlikely(BPF_SOCK_OPS_TEST_FLAG(tp,
1034 BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG))) {
1035 unsigned int remaining = MAX_TCP_OPTION_SPACE - size;
1036
1037 bpf_skops_hdr_opt_len(sk, skb, NULL, NULL, 0, opts, &remaining);
1038
1039 size = MAX_TCP_OPTION_SPACE - remaining;
1040 }
1041
1042 return size;
1043 }
1044
1045
1046 /* TCP SMALL QUEUES (TSQ)
1047 *
1048 * TSQ goal is to keep small amount of skbs per tcp flow in tx queues (qdisc+dev)
1049 * to reduce RTT and bufferbloat.
1050 * We do this using a special skb destructor (tcp_wfree).
1051 *
1052 * Its important tcp_wfree() can be replaced by sock_wfree() in the event skb
1053 * needs to be reallocated in a driver.
1054 * The invariant being skb->truesize subtracted from sk->sk_wmem_alloc
1055 *
1056 * Since transmit from skb destructor is forbidden, we use a tasklet
1057 * to process all sockets that eventually need to send more skbs.
1058 * We use one tasklet per cpu, with its own queue of sockets.
1059 */
1060 struct tsq_tasklet {
1061 struct tasklet_struct tasklet;
1062 struct list_head head; /* queue of tcp sockets */
1063 };
1064 static DEFINE_PER_CPU(struct tsq_tasklet, tsq_tasklet);
1065
tcp_tsq_write(struct sock * sk)1066 static void tcp_tsq_write(struct sock *sk)
1067 {
1068 if ((1 << sk->sk_state) &
1069 (TCPF_ESTABLISHED | TCPF_FIN_WAIT1 | TCPF_CLOSING |
1070 TCPF_CLOSE_WAIT | TCPF_LAST_ACK)) {
1071 struct tcp_sock *tp = tcp_sk(sk);
1072
1073 if (tp->lost_out > tp->retrans_out &&
1074 tcp_snd_cwnd(tp) > tcp_packets_in_flight(tp)) {
1075 tcp_mstamp_refresh(tp);
1076 tcp_xmit_retransmit_queue(sk);
1077 }
1078
1079 tcp_write_xmit(sk, tcp_current_mss(sk), tp->nonagle,
1080 0, GFP_ATOMIC);
1081 }
1082 }
1083
tcp_tsq_handler(struct sock * sk)1084 static void tcp_tsq_handler(struct sock *sk)
1085 {
1086 bh_lock_sock(sk);
1087 if (!sock_owned_by_user(sk))
1088 tcp_tsq_write(sk);
1089 else if (!test_and_set_bit(TCP_TSQ_DEFERRED, &sk->sk_tsq_flags))
1090 sock_hold(sk);
1091 bh_unlock_sock(sk);
1092 }
1093 /*
1094 * One tasklet per cpu tries to send more skbs.
1095 * We run in tasklet context but need to disable irqs when
1096 * transferring tsq->head because tcp_wfree() might
1097 * interrupt us (non NAPI drivers)
1098 */
tcp_tasklet_func(struct tasklet_struct * t)1099 static void tcp_tasklet_func(struct tasklet_struct *t)
1100 {
1101 struct tsq_tasklet *tsq = from_tasklet(tsq, t, tasklet);
1102 LIST_HEAD(list);
1103 unsigned long flags;
1104 struct list_head *q, *n;
1105 struct tcp_sock *tp;
1106 struct sock *sk;
1107
1108 local_irq_save(flags);
1109 list_splice_init(&tsq->head, &list);
1110 local_irq_restore(flags);
1111
1112 list_for_each_safe(q, n, &list) {
1113 tp = list_entry(q, struct tcp_sock, tsq_node);
1114 list_del(&tp->tsq_node);
1115
1116 sk = (struct sock *)tp;
1117 smp_mb__before_atomic();
1118 clear_bit(TSQ_QUEUED, &sk->sk_tsq_flags);
1119
1120 tcp_tsq_handler(sk);
1121 sk_free(sk);
1122 }
1123 }
1124
1125 #define TCP_DEFERRED_ALL (TCPF_TSQ_DEFERRED | \
1126 TCPF_WRITE_TIMER_DEFERRED | \
1127 TCPF_DELACK_TIMER_DEFERRED | \
1128 TCPF_MTU_REDUCED_DEFERRED | \
1129 TCPF_ACK_DEFERRED)
1130 /**
1131 * tcp_release_cb - tcp release_sock() callback
1132 * @sk: socket
1133 *
1134 * called from release_sock() to perform protocol dependent
1135 * actions before socket release.
1136 */
tcp_release_cb(struct sock * sk)1137 void tcp_release_cb(struct sock *sk)
1138 {
1139 unsigned long flags = smp_load_acquire(&sk->sk_tsq_flags);
1140 unsigned long nflags;
1141
1142 /* perform an atomic operation only if at least one flag is set */
1143 do {
1144 if (!(flags & TCP_DEFERRED_ALL))
1145 return;
1146 nflags = flags & ~TCP_DEFERRED_ALL;
1147 } while (!try_cmpxchg(&sk->sk_tsq_flags, &flags, nflags));
1148
1149 if (flags & TCPF_TSQ_DEFERRED) {
1150 tcp_tsq_write(sk);
1151 __sock_put(sk);
1152 }
1153
1154 if (flags & TCPF_WRITE_TIMER_DEFERRED) {
1155 tcp_write_timer_handler(sk);
1156 __sock_put(sk);
1157 }
1158 if (flags & TCPF_DELACK_TIMER_DEFERRED) {
1159 tcp_delack_timer_handler(sk);
1160 __sock_put(sk);
1161 }
1162 if (flags & TCPF_MTU_REDUCED_DEFERRED) {
1163 inet_csk(sk)->icsk_af_ops->mtu_reduced(sk);
1164 __sock_put(sk);
1165 }
1166 if ((flags & TCPF_ACK_DEFERRED) && inet_csk_ack_scheduled(sk))
1167 tcp_send_ack(sk);
1168 }
1169 EXPORT_SYMBOL(tcp_release_cb);
1170
tcp_tasklet_init(void)1171 void __init tcp_tasklet_init(void)
1172 {
1173 int i;
1174
1175 for_each_possible_cpu(i) {
1176 struct tsq_tasklet *tsq = &per_cpu(tsq_tasklet, i);
1177
1178 INIT_LIST_HEAD(&tsq->head);
1179 tasklet_setup(&tsq->tasklet, tcp_tasklet_func);
1180 }
1181 }
1182
1183 /*
1184 * Write buffer destructor automatically called from kfree_skb.
1185 * We can't xmit new skbs from this context, as we might already
1186 * hold qdisc lock.
1187 */
tcp_wfree(struct sk_buff * skb)1188 void tcp_wfree(struct sk_buff *skb)
1189 {
1190 struct sock *sk = skb->sk;
1191 struct tcp_sock *tp = tcp_sk(sk);
1192 unsigned long flags, nval, oval;
1193 struct tsq_tasklet *tsq;
1194 bool empty;
1195
1196 /* Keep one reference on sk_wmem_alloc.
1197 * Will be released by sk_free() from here or tcp_tasklet_func()
1198 */
1199 WARN_ON(refcount_sub_and_test(skb->truesize - 1, &sk->sk_wmem_alloc));
1200
1201 /* If this softirq is serviced by ksoftirqd, we are likely under stress.
1202 * Wait until our queues (qdisc + devices) are drained.
1203 * This gives :
1204 * - less callbacks to tcp_write_xmit(), reducing stress (batches)
1205 * - chance for incoming ACK (processed by another cpu maybe)
1206 * to migrate this flow (skb->ooo_okay will be eventually set)
1207 */
1208 if (refcount_read(&sk->sk_wmem_alloc) >= SKB_TRUESIZE(1) && this_cpu_ksoftirqd() == current)
1209 goto out;
1210
1211 oval = smp_load_acquire(&sk->sk_tsq_flags);
1212 do {
1213 if (!(oval & TSQF_THROTTLED) || (oval & TSQF_QUEUED))
1214 goto out;
1215
1216 nval = (oval & ~TSQF_THROTTLED) | TSQF_QUEUED;
1217 } while (!try_cmpxchg(&sk->sk_tsq_flags, &oval, nval));
1218
1219 /* queue this socket to tasklet queue */
1220 local_irq_save(flags);
1221 tsq = this_cpu_ptr(&tsq_tasklet);
1222 empty = list_empty(&tsq->head);
1223 list_add(&tp->tsq_node, &tsq->head);
1224 if (empty)
1225 tasklet_schedule(&tsq->tasklet);
1226 local_irq_restore(flags);
1227 return;
1228 out:
1229 sk_free(sk);
1230 }
1231
1232 /* Note: Called under soft irq.
1233 * We can call TCP stack right away, unless socket is owned by user.
1234 */
tcp_pace_kick(struct hrtimer * timer)1235 enum hrtimer_restart tcp_pace_kick(struct hrtimer *timer)
1236 {
1237 struct tcp_sock *tp = container_of(timer, struct tcp_sock, pacing_timer);
1238 struct sock *sk = (struct sock *)tp;
1239
1240 tcp_tsq_handler(sk);
1241 sock_put(sk);
1242
1243 return HRTIMER_NORESTART;
1244 }
1245
tcp_update_skb_after_send(struct sock * sk,struct sk_buff * skb,u64 prior_wstamp)1246 static void tcp_update_skb_after_send(struct sock *sk, struct sk_buff *skb,
1247 u64 prior_wstamp)
1248 {
1249 struct tcp_sock *tp = tcp_sk(sk);
1250
1251 if (sk->sk_pacing_status != SK_PACING_NONE) {
1252 unsigned long rate = READ_ONCE(sk->sk_pacing_rate);
1253
1254 /* Original sch_fq does not pace first 10 MSS
1255 * Note that tp->data_segs_out overflows after 2^32 packets,
1256 * this is a minor annoyance.
1257 */
1258 if (rate != ~0UL && rate && tp->data_segs_out >= 10) {
1259 u64 len_ns = div64_ul((u64)skb->len * NSEC_PER_SEC, rate);
1260 u64 credit = tp->tcp_wstamp_ns - prior_wstamp;
1261
1262 /* take into account OS jitter */
1263 len_ns -= min_t(u64, len_ns / 2, credit);
1264 tp->tcp_wstamp_ns += len_ns;
1265 }
1266 }
1267 list_move_tail(&skb->tcp_tsorted_anchor, &tp->tsorted_sent_queue);
1268 }
1269
1270 INDIRECT_CALLABLE_DECLARE(int ip_queue_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl));
1271 INDIRECT_CALLABLE_DECLARE(int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl));
1272 INDIRECT_CALLABLE_DECLARE(void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb));
1273
1274 /* This routine actually transmits TCP packets queued in by
1275 * tcp_do_sendmsg(). This is used by both the initial
1276 * transmission and possible later retransmissions.
1277 * All SKB's seen here are completely headerless. It is our
1278 * job to build the TCP header, and pass the packet down to
1279 * IP so it can do the same plus pass the packet off to the
1280 * device.
1281 *
1282 * We are working here with either a clone of the original
1283 * SKB, or a fresh unique copy made by the retransmit engine.
1284 */
__tcp_transmit_skb(struct sock * sk,struct sk_buff * skb,int clone_it,gfp_t gfp_mask,u32 rcv_nxt)1285 static int __tcp_transmit_skb(struct sock *sk, struct sk_buff *skb,
1286 int clone_it, gfp_t gfp_mask, u32 rcv_nxt)
1287 {
1288 const struct inet_connection_sock *icsk = inet_csk(sk);
1289 struct inet_sock *inet;
1290 struct tcp_sock *tp;
1291 struct tcp_skb_cb *tcb;
1292 struct tcp_out_options opts;
1293 unsigned int tcp_options_size, tcp_header_size;
1294 struct sk_buff *oskb = NULL;
1295 struct tcp_key key;
1296 struct tcphdr *th;
1297 u64 prior_wstamp;
1298 int err;
1299
1300 BUG_ON(!skb || !tcp_skb_pcount(skb));
1301 tp = tcp_sk(sk);
1302 prior_wstamp = tp->tcp_wstamp_ns;
1303 tp->tcp_wstamp_ns = max(tp->tcp_wstamp_ns, tp->tcp_clock_cache);
1304 skb_set_delivery_time(skb, tp->tcp_wstamp_ns, SKB_CLOCK_MONOTONIC);
1305 if (clone_it) {
1306 oskb = skb;
1307
1308 tcp_skb_tsorted_save(oskb) {
1309 if (unlikely(skb_cloned(oskb)))
1310 skb = pskb_copy(oskb, gfp_mask);
1311 else
1312 skb = skb_clone(oskb, gfp_mask);
1313 } tcp_skb_tsorted_restore(oskb);
1314
1315 if (unlikely(!skb))
1316 return -ENOBUFS;
1317 /* retransmit skbs might have a non zero value in skb->dev
1318 * because skb->dev is aliased with skb->rbnode.rb_left
1319 */
1320 skb->dev = NULL;
1321 }
1322
1323 inet = inet_sk(sk);
1324 tcb = TCP_SKB_CB(skb);
1325 memset(&opts, 0, sizeof(opts));
1326
1327 tcp_get_current_key(sk, &key);
1328 if (unlikely(tcb->tcp_flags & TCPHDR_SYN)) {
1329 tcp_options_size = tcp_syn_options(sk, skb, &opts, &key);
1330 } else {
1331 tcp_options_size = tcp_established_options(sk, skb, &opts, &key);
1332 /* Force a PSH flag on all (GSO) packets to expedite GRO flush
1333 * at receiver : This slightly improve GRO performance.
1334 * Note that we do not force the PSH flag for non GSO packets,
1335 * because they might be sent under high congestion events,
1336 * and in this case it is better to delay the delivery of 1-MSS
1337 * packets and thus the corresponding ACK packet that would
1338 * release the following packet.
1339 */
1340 if (tcp_skb_pcount(skb) > 1)
1341 tcb->tcp_flags |= TCPHDR_PSH;
1342 }
1343 tcp_header_size = tcp_options_size + sizeof(struct tcphdr);
1344
1345 /* We set skb->ooo_okay to one if this packet can select
1346 * a different TX queue than prior packets of this flow,
1347 * to avoid self inflicted reorders.
1348 * The 'other' queue decision is based on current cpu number
1349 * if XPS is enabled, or sk->sk_txhash otherwise.
1350 * We can switch to another (and better) queue if:
1351 * 1) No packet with payload is in qdisc/device queues.
1352 * Delays in TX completion can defeat the test
1353 * even if packets were already sent.
1354 * 2) Or rtx queue is empty.
1355 * This mitigates above case if ACK packets for
1356 * all prior packets were already processed.
1357 */
1358 skb->ooo_okay = sk_wmem_alloc_get(sk) < SKB_TRUESIZE(1) ||
1359 tcp_rtx_queue_empty(sk);
1360
1361 /* If we had to use memory reserve to allocate this skb,
1362 * this might cause drops if packet is looped back :
1363 * Other socket might not have SOCK_MEMALLOC.
1364 * Packets not looped back do not care about pfmemalloc.
1365 */
1366 skb->pfmemalloc = 0;
1367
1368 skb_push(skb, tcp_header_size);
1369 skb_reset_transport_header(skb);
1370
1371 skb_orphan(skb);
1372 skb->sk = sk;
1373 skb->destructor = skb_is_tcp_pure_ack(skb) ? __sock_wfree : tcp_wfree;
1374 refcount_add(skb->truesize, &sk->sk_wmem_alloc);
1375
1376 skb_set_dst_pending_confirm(skb, READ_ONCE(sk->sk_dst_pending_confirm));
1377
1378 /* Build TCP header and checksum it. */
1379 th = (struct tcphdr *)skb->data;
1380 th->source = inet->inet_sport;
1381 th->dest = inet->inet_dport;
1382 th->seq = htonl(tcb->seq);
1383 th->ack_seq = htonl(rcv_nxt);
1384 *(((__be16 *)th) + 6) = htons(((tcp_header_size >> 2) << 12) |
1385 tcb->tcp_flags);
1386
1387 th->check = 0;
1388 th->urg_ptr = 0;
1389
1390 /* The urg_mode check is necessary during a below snd_una win probe */
1391 if (unlikely(tcp_urg_mode(tp) && before(tcb->seq, tp->snd_up))) {
1392 if (before(tp->snd_up, tcb->seq + 0x10000)) {
1393 th->urg_ptr = htons(tp->snd_up - tcb->seq);
1394 th->urg = 1;
1395 } else if (after(tcb->seq + 0xFFFF, tp->snd_nxt)) {
1396 th->urg_ptr = htons(0xFFFF);
1397 th->urg = 1;
1398 }
1399 }
1400
1401 skb_shinfo(skb)->gso_type = sk->sk_gso_type;
1402 if (likely(!(tcb->tcp_flags & TCPHDR_SYN))) {
1403 th->window = htons(tcp_select_window(sk));
1404 tcp_ecn_send(sk, skb, th, tcp_header_size);
1405 } else {
1406 /* RFC1323: The window in SYN & SYN/ACK segments
1407 * is never scaled.
1408 */
1409 th->window = htons(min(tp->rcv_wnd, 65535U));
1410 }
1411
1412 tcp_options_write(th, tp, NULL, &opts, &key);
1413
1414 if (tcp_key_is_md5(&key)) {
1415 #ifdef CONFIG_TCP_MD5SIG
1416 /* Calculate the MD5 hash, as we have all we need now */
1417 sk_gso_disable(sk);
1418 tp->af_specific->calc_md5_hash(opts.hash_location,
1419 key.md5_key, sk, skb);
1420 #endif
1421 } else if (tcp_key_is_ao(&key)) {
1422 int err;
1423
1424 err = tcp_ao_transmit_skb(sk, skb, key.ao_key, th,
1425 opts.hash_location);
1426 if (err) {
1427 kfree_skb_reason(skb, SKB_DROP_REASON_NOT_SPECIFIED);
1428 return -ENOMEM;
1429 }
1430 }
1431
1432 /* BPF prog is the last one writing header option */
1433 bpf_skops_write_hdr_opt(sk, skb, NULL, NULL, 0, &opts);
1434
1435 INDIRECT_CALL_INET(icsk->icsk_af_ops->send_check,
1436 tcp_v6_send_check, tcp_v4_send_check,
1437 sk, skb);
1438
1439 if (likely(tcb->tcp_flags & TCPHDR_ACK))
1440 tcp_event_ack_sent(sk, rcv_nxt);
1441
1442 if (skb->len != tcp_header_size) {
1443 tcp_event_data_sent(tp, sk);
1444 tp->data_segs_out += tcp_skb_pcount(skb);
1445 tp->bytes_sent += skb->len - tcp_header_size;
1446 }
1447
1448 if (after(tcb->end_seq, tp->snd_nxt) || tcb->seq == tcb->end_seq)
1449 TCP_ADD_STATS(sock_net(sk), TCP_MIB_OUTSEGS,
1450 tcp_skb_pcount(skb));
1451
1452 tp->segs_out += tcp_skb_pcount(skb);
1453 skb_set_hash_from_sk(skb, sk);
1454 /* OK, its time to fill skb_shinfo(skb)->gso_{segs|size} */
1455 skb_shinfo(skb)->gso_segs = tcp_skb_pcount(skb);
1456 skb_shinfo(skb)->gso_size = tcp_skb_mss(skb);
1457
1458 /* Leave earliest departure time in skb->tstamp (skb->skb_mstamp_ns) */
1459
1460 /* Cleanup our debris for IP stacks */
1461 memset(skb->cb, 0, max(sizeof(struct inet_skb_parm),
1462 sizeof(struct inet6_skb_parm)));
1463
1464 tcp_add_tx_delay(skb, tp);
1465
1466 err = INDIRECT_CALL_INET(icsk->icsk_af_ops->queue_xmit,
1467 inet6_csk_xmit, ip_queue_xmit,
1468 sk, skb, &inet->cork.fl);
1469
1470 if (unlikely(err > 0)) {
1471 tcp_enter_cwr(sk);
1472 err = net_xmit_eval(err);
1473 }
1474 if (!err && oskb) {
1475 tcp_update_skb_after_send(sk, oskb, prior_wstamp);
1476 tcp_rate_skb_sent(sk, oskb);
1477 }
1478 return err;
1479 }
1480
tcp_transmit_skb(struct sock * sk,struct sk_buff * skb,int clone_it,gfp_t gfp_mask)1481 static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
1482 gfp_t gfp_mask)
1483 {
1484 return __tcp_transmit_skb(sk, skb, clone_it, gfp_mask,
1485 tcp_sk(sk)->rcv_nxt);
1486 }
1487
1488 /* This routine just queues the buffer for sending.
1489 *
1490 * NOTE: probe0 timer is not checked, do not forget tcp_push_pending_frames,
1491 * otherwise socket can stall.
1492 */
tcp_queue_skb(struct sock * sk,struct sk_buff * skb)1493 static void tcp_queue_skb(struct sock *sk, struct sk_buff *skb)
1494 {
1495 struct tcp_sock *tp = tcp_sk(sk);
1496
1497 /* Advance write_seq and place onto the write_queue. */
1498 WRITE_ONCE(tp->write_seq, TCP_SKB_CB(skb)->end_seq);
1499 __skb_header_release(skb);
1500 tcp_add_write_queue_tail(sk, skb);
1501 sk_wmem_queued_add(sk, skb->truesize);
1502 sk_mem_charge(sk, skb->truesize);
1503 }
1504
1505 /* Initialize TSO segments for a packet. */
tcp_set_skb_tso_segs(struct sk_buff * skb,unsigned int mss_now)1506 static int tcp_set_skb_tso_segs(struct sk_buff *skb, unsigned int mss_now)
1507 {
1508 int tso_segs;
1509
1510 if (skb->len <= mss_now) {
1511 /* Avoid the costly divide in the normal
1512 * non-TSO case.
1513 */
1514 TCP_SKB_CB(skb)->tcp_gso_size = 0;
1515 tcp_skb_pcount_set(skb, 1);
1516 return 1;
1517 }
1518 TCP_SKB_CB(skb)->tcp_gso_size = mss_now;
1519 tso_segs = DIV_ROUND_UP(skb->len, mss_now);
1520 tcp_skb_pcount_set(skb, tso_segs);
1521 return tso_segs;
1522 }
1523
1524 /* Pcount in the middle of the write queue got changed, we need to do various
1525 * tweaks to fix counters
1526 */
tcp_adjust_pcount(struct sock * sk,const struct sk_buff * skb,int decr)1527 static void tcp_adjust_pcount(struct sock *sk, const struct sk_buff *skb, int decr)
1528 {
1529 struct tcp_sock *tp = tcp_sk(sk);
1530
1531 tp->packets_out -= decr;
1532
1533 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)
1534 tp->sacked_out -= decr;
1535 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS)
1536 tp->retrans_out -= decr;
1537 if (TCP_SKB_CB(skb)->sacked & TCPCB_LOST)
1538 tp->lost_out -= decr;
1539
1540 /* Reno case is special. Sigh... */
1541 if (tcp_is_reno(tp) && decr > 0)
1542 tp->sacked_out -= min_t(u32, tp->sacked_out, decr);
1543
1544 if (tp->lost_skb_hint &&
1545 before(TCP_SKB_CB(skb)->seq, TCP_SKB_CB(tp->lost_skb_hint)->seq) &&
1546 (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED))
1547 tp->lost_cnt_hint -= decr;
1548
1549 tcp_verify_left_out(tp);
1550 }
1551
tcp_has_tx_tstamp(const struct sk_buff * skb)1552 static bool tcp_has_tx_tstamp(const struct sk_buff *skb)
1553 {
1554 return TCP_SKB_CB(skb)->txstamp_ack ||
1555 (skb_shinfo(skb)->tx_flags & SKBTX_ANY_TSTAMP);
1556 }
1557
tcp_fragment_tstamp(struct sk_buff * skb,struct sk_buff * skb2)1558 static void tcp_fragment_tstamp(struct sk_buff *skb, struct sk_buff *skb2)
1559 {
1560 struct skb_shared_info *shinfo = skb_shinfo(skb);
1561
1562 if (unlikely(tcp_has_tx_tstamp(skb)) &&
1563 !before(shinfo->tskey, TCP_SKB_CB(skb2)->seq)) {
1564 struct skb_shared_info *shinfo2 = skb_shinfo(skb2);
1565 u8 tsflags = shinfo->tx_flags & SKBTX_ANY_TSTAMP;
1566
1567 shinfo->tx_flags &= ~tsflags;
1568 shinfo2->tx_flags |= tsflags;
1569 swap(shinfo->tskey, shinfo2->tskey);
1570 TCP_SKB_CB(skb2)->txstamp_ack = TCP_SKB_CB(skb)->txstamp_ack;
1571 TCP_SKB_CB(skb)->txstamp_ack = 0;
1572 }
1573 }
1574
tcp_skb_fragment_eor(struct sk_buff * skb,struct sk_buff * skb2)1575 static void tcp_skb_fragment_eor(struct sk_buff *skb, struct sk_buff *skb2)
1576 {
1577 TCP_SKB_CB(skb2)->eor = TCP_SKB_CB(skb)->eor;
1578 TCP_SKB_CB(skb)->eor = 0;
1579 }
1580
1581 /* Insert buff after skb on the write or rtx queue of sk. */
tcp_insert_write_queue_after(struct sk_buff * skb,struct sk_buff * buff,struct sock * sk,enum tcp_queue tcp_queue)1582 static void tcp_insert_write_queue_after(struct sk_buff *skb,
1583 struct sk_buff *buff,
1584 struct sock *sk,
1585 enum tcp_queue tcp_queue)
1586 {
1587 if (tcp_queue == TCP_FRAG_IN_WRITE_QUEUE)
1588 __skb_queue_after(&sk->sk_write_queue, skb, buff);
1589 else
1590 tcp_rbtree_insert(&sk->tcp_rtx_queue, buff);
1591 }
1592
1593 /* Function to create two new TCP segments. Shrinks the given segment
1594 * to the specified size and appends a new segment with the rest of the
1595 * packet to the list. This won't be called frequently, I hope.
1596 * Remember, these are still headerless SKBs at this point.
1597 */
tcp_fragment(struct sock * sk,enum tcp_queue tcp_queue,struct sk_buff * skb,u32 len,unsigned int mss_now,gfp_t gfp)1598 int tcp_fragment(struct sock *sk, enum tcp_queue tcp_queue,
1599 struct sk_buff *skb, u32 len,
1600 unsigned int mss_now, gfp_t gfp)
1601 {
1602 struct tcp_sock *tp = tcp_sk(sk);
1603 struct sk_buff *buff;
1604 int old_factor;
1605 long limit;
1606 int nlen;
1607 u8 flags;
1608
1609 if (WARN_ON(len > skb->len))
1610 return -EINVAL;
1611
1612 DEBUG_NET_WARN_ON_ONCE(skb_headlen(skb));
1613
1614 /* tcp_sendmsg() can overshoot sk_wmem_queued by one full size skb.
1615 * We need some allowance to not penalize applications setting small
1616 * SO_SNDBUF values.
1617 * Also allow first and last skb in retransmit queue to be split.
1618 */
1619 limit = sk->sk_sndbuf + 2 * SKB_TRUESIZE(GSO_LEGACY_MAX_SIZE);
1620 if (unlikely((sk->sk_wmem_queued >> 1) > limit &&
1621 tcp_queue != TCP_FRAG_IN_WRITE_QUEUE &&
1622 skb != tcp_rtx_queue_head(sk) &&
1623 skb != tcp_rtx_queue_tail(sk))) {
1624 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPWQUEUETOOBIG);
1625 return -ENOMEM;
1626 }
1627
1628 if (skb_unclone_keeptruesize(skb, gfp))
1629 return -ENOMEM;
1630
1631 /* Get a new skb... force flag on. */
1632 buff = tcp_stream_alloc_skb(sk, gfp, true);
1633 if (!buff)
1634 return -ENOMEM; /* We'll just try again later. */
1635 skb_copy_decrypted(buff, skb);
1636 mptcp_skb_ext_copy(buff, skb);
1637
1638 sk_wmem_queued_add(sk, buff->truesize);
1639 sk_mem_charge(sk, buff->truesize);
1640 nlen = skb->len - len;
1641 buff->truesize += nlen;
1642 skb->truesize -= nlen;
1643
1644 /* Correct the sequence numbers. */
1645 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len;
1646 TCP_SKB_CB(buff)->end_seq = TCP_SKB_CB(skb)->end_seq;
1647 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq;
1648
1649 /* PSH and FIN should only be set in the second packet. */
1650 flags = TCP_SKB_CB(skb)->tcp_flags;
1651 TCP_SKB_CB(skb)->tcp_flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH);
1652 TCP_SKB_CB(buff)->tcp_flags = flags;
1653 TCP_SKB_CB(buff)->sacked = TCP_SKB_CB(skb)->sacked;
1654 tcp_skb_fragment_eor(skb, buff);
1655
1656 skb_split(skb, buff, len);
1657
1658 skb_set_delivery_time(buff, skb->tstamp, SKB_CLOCK_MONOTONIC);
1659 tcp_fragment_tstamp(skb, buff);
1660
1661 old_factor = tcp_skb_pcount(skb);
1662
1663 /* Fix up tso_factor for both original and new SKB. */
1664 tcp_set_skb_tso_segs(skb, mss_now);
1665 tcp_set_skb_tso_segs(buff, mss_now);
1666
1667 /* Update delivered info for the new segment */
1668 TCP_SKB_CB(buff)->tx = TCP_SKB_CB(skb)->tx;
1669
1670 /* If this packet has been sent out already, we must
1671 * adjust the various packet counters.
1672 */
1673 if (!before(tp->snd_nxt, TCP_SKB_CB(buff)->end_seq)) {
1674 int diff = old_factor - tcp_skb_pcount(skb) -
1675 tcp_skb_pcount(buff);
1676
1677 if (diff)
1678 tcp_adjust_pcount(sk, skb, diff);
1679 }
1680
1681 /* Link BUFF into the send queue. */
1682 __skb_header_release(buff);
1683 tcp_insert_write_queue_after(skb, buff, sk, tcp_queue);
1684 if (tcp_queue == TCP_FRAG_IN_RTX_QUEUE)
1685 list_add(&buff->tcp_tsorted_anchor, &skb->tcp_tsorted_anchor);
1686
1687 return 0;
1688 }
1689
1690 /* This is similar to __pskb_pull_tail(). The difference is that pulled
1691 * data is not copied, but immediately discarded.
1692 */
__pskb_trim_head(struct sk_buff * skb,int len)1693 static int __pskb_trim_head(struct sk_buff *skb, int len)
1694 {
1695 struct skb_shared_info *shinfo;
1696 int i, k, eat;
1697
1698 DEBUG_NET_WARN_ON_ONCE(skb_headlen(skb));
1699 eat = len;
1700 k = 0;
1701 shinfo = skb_shinfo(skb);
1702 for (i = 0; i < shinfo->nr_frags; i++) {
1703 int size = skb_frag_size(&shinfo->frags[i]);
1704
1705 if (size <= eat) {
1706 skb_frag_unref(skb, i);
1707 eat -= size;
1708 } else {
1709 shinfo->frags[k] = shinfo->frags[i];
1710 if (eat) {
1711 skb_frag_off_add(&shinfo->frags[k], eat);
1712 skb_frag_size_sub(&shinfo->frags[k], eat);
1713 eat = 0;
1714 }
1715 k++;
1716 }
1717 }
1718 shinfo->nr_frags = k;
1719
1720 skb->data_len -= len;
1721 skb->len = skb->data_len;
1722 return len;
1723 }
1724
1725 /* Remove acked data from a packet in the transmit queue. */
tcp_trim_head(struct sock * sk,struct sk_buff * skb,u32 len)1726 int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len)
1727 {
1728 u32 delta_truesize;
1729
1730 if (skb_unclone_keeptruesize(skb, GFP_ATOMIC))
1731 return -ENOMEM;
1732
1733 delta_truesize = __pskb_trim_head(skb, len);
1734
1735 TCP_SKB_CB(skb)->seq += len;
1736
1737 skb->truesize -= delta_truesize;
1738 sk_wmem_queued_add(sk, -delta_truesize);
1739 if (!skb_zcopy_pure(skb))
1740 sk_mem_uncharge(sk, delta_truesize);
1741
1742 /* Any change of skb->len requires recalculation of tso factor. */
1743 if (tcp_skb_pcount(skb) > 1)
1744 tcp_set_skb_tso_segs(skb, tcp_skb_mss(skb));
1745
1746 return 0;
1747 }
1748
1749 /* Calculate MSS not accounting any TCP options. */
__tcp_mtu_to_mss(struct sock * sk,int pmtu)1750 static inline int __tcp_mtu_to_mss(struct sock *sk, int pmtu)
1751 {
1752 const struct tcp_sock *tp = tcp_sk(sk);
1753 const struct inet_connection_sock *icsk = inet_csk(sk);
1754 int mss_now;
1755
1756 /* Calculate base mss without TCP options:
1757 It is MMS_S - sizeof(tcphdr) of rfc1122
1758 */
1759 mss_now = pmtu - icsk->icsk_af_ops->net_header_len - sizeof(struct tcphdr);
1760
1761 /* Clamp it (mss_clamp does not include tcp options) */
1762 if (mss_now > tp->rx_opt.mss_clamp)
1763 mss_now = tp->rx_opt.mss_clamp;
1764
1765 /* Now subtract optional transport overhead */
1766 mss_now -= icsk->icsk_ext_hdr_len;
1767
1768 /* Then reserve room for full set of TCP options and 8 bytes of data */
1769 mss_now = max(mss_now,
1770 READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_min_snd_mss));
1771 return mss_now;
1772 }
1773
1774 /* Calculate MSS. Not accounting for SACKs here. */
tcp_mtu_to_mss(struct sock * sk,int pmtu)1775 int tcp_mtu_to_mss(struct sock *sk, int pmtu)
1776 {
1777 /* Subtract TCP options size, not including SACKs */
1778 return __tcp_mtu_to_mss(sk, pmtu) -
1779 (tcp_sk(sk)->tcp_header_len - sizeof(struct tcphdr));
1780 }
1781 EXPORT_SYMBOL(tcp_mtu_to_mss);
1782
1783 /* Inverse of above */
tcp_mss_to_mtu(struct sock * sk,int mss)1784 int tcp_mss_to_mtu(struct sock *sk, int mss)
1785 {
1786 const struct tcp_sock *tp = tcp_sk(sk);
1787 const struct inet_connection_sock *icsk = inet_csk(sk);
1788
1789 return mss +
1790 tp->tcp_header_len +
1791 icsk->icsk_ext_hdr_len +
1792 icsk->icsk_af_ops->net_header_len;
1793 }
1794 EXPORT_SYMBOL(tcp_mss_to_mtu);
1795
1796 /* MTU probing init per socket */
tcp_mtup_init(struct sock * sk)1797 void tcp_mtup_init(struct sock *sk)
1798 {
1799 struct tcp_sock *tp = tcp_sk(sk);
1800 struct inet_connection_sock *icsk = inet_csk(sk);
1801 struct net *net = sock_net(sk);
1802
1803 icsk->icsk_mtup.enabled = READ_ONCE(net->ipv4.sysctl_tcp_mtu_probing) > 1;
1804 icsk->icsk_mtup.search_high = tp->rx_opt.mss_clamp + sizeof(struct tcphdr) +
1805 icsk->icsk_af_ops->net_header_len;
1806 icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, READ_ONCE(net->ipv4.sysctl_tcp_base_mss));
1807 icsk->icsk_mtup.probe_size = 0;
1808 if (icsk->icsk_mtup.enabled)
1809 icsk->icsk_mtup.probe_timestamp = tcp_jiffies32;
1810 }
1811 EXPORT_SYMBOL(tcp_mtup_init);
1812
1813 /* This function synchronize snd mss to current pmtu/exthdr set.
1814
1815 tp->rx_opt.user_mss is mss set by user by TCP_MAXSEG. It does NOT counts
1816 for TCP options, but includes only bare TCP header.
1817
1818 tp->rx_opt.mss_clamp is mss negotiated at connection setup.
1819 It is minimum of user_mss and mss received with SYN.
1820 It also does not include TCP options.
1821
1822 inet_csk(sk)->icsk_pmtu_cookie is last pmtu, seen by this function.
1823
1824 tp->mss_cache is current effective sending mss, including
1825 all tcp options except for SACKs. It is evaluated,
1826 taking into account current pmtu, but never exceeds
1827 tp->rx_opt.mss_clamp.
1828
1829 NOTE1. rfc1122 clearly states that advertised MSS
1830 DOES NOT include either tcp or ip options.
1831
1832 NOTE2. inet_csk(sk)->icsk_pmtu_cookie and tp->mss_cache
1833 are READ ONLY outside this function. --ANK (980731)
1834 */
tcp_sync_mss(struct sock * sk,u32 pmtu)1835 unsigned int tcp_sync_mss(struct sock *sk, u32 pmtu)
1836 {
1837 struct tcp_sock *tp = tcp_sk(sk);
1838 struct inet_connection_sock *icsk = inet_csk(sk);
1839 int mss_now;
1840
1841 if (icsk->icsk_mtup.search_high > pmtu)
1842 icsk->icsk_mtup.search_high = pmtu;
1843
1844 mss_now = tcp_mtu_to_mss(sk, pmtu);
1845 mss_now = tcp_bound_to_half_wnd(tp, mss_now);
1846
1847 /* And store cached results */
1848 icsk->icsk_pmtu_cookie = pmtu;
1849 if (icsk->icsk_mtup.enabled)
1850 mss_now = min(mss_now, tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low));
1851 tp->mss_cache = mss_now;
1852
1853 return mss_now;
1854 }
1855 EXPORT_SYMBOL(tcp_sync_mss);
1856
1857 /* Compute the current effective MSS, taking SACKs and IP options,
1858 * and even PMTU discovery events into account.
1859 */
tcp_current_mss(struct sock * sk)1860 unsigned int tcp_current_mss(struct sock *sk)
1861 {
1862 const struct tcp_sock *tp = tcp_sk(sk);
1863 const struct dst_entry *dst = __sk_dst_get(sk);
1864 u32 mss_now;
1865 unsigned int header_len;
1866 struct tcp_out_options opts;
1867 struct tcp_key key;
1868
1869 mss_now = tp->mss_cache;
1870
1871 if (dst) {
1872 u32 mtu = dst_mtu(dst);
1873 if (mtu != inet_csk(sk)->icsk_pmtu_cookie)
1874 mss_now = tcp_sync_mss(sk, mtu);
1875 }
1876 tcp_get_current_key(sk, &key);
1877 header_len = tcp_established_options(sk, NULL, &opts, &key) +
1878 sizeof(struct tcphdr);
1879 /* The mss_cache is sized based on tp->tcp_header_len, which assumes
1880 * some common options. If this is an odd packet (because we have SACK
1881 * blocks etc) then our calculated header_len will be different, and
1882 * we have to adjust mss_now correspondingly */
1883 if (header_len != tp->tcp_header_len) {
1884 int delta = (int) header_len - tp->tcp_header_len;
1885 mss_now -= delta;
1886 }
1887
1888 return mss_now;
1889 }
1890
1891 /* RFC2861, slow part. Adjust cwnd, after it was not full during one rto.
1892 * As additional protections, we do not touch cwnd in retransmission phases,
1893 * and if application hit its sndbuf limit recently.
1894 */
tcp_cwnd_application_limited(struct sock * sk)1895 static void tcp_cwnd_application_limited(struct sock *sk)
1896 {
1897 struct tcp_sock *tp = tcp_sk(sk);
1898
1899 if (inet_csk(sk)->icsk_ca_state == TCP_CA_Open &&
1900 sk->sk_socket && !test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) {
1901 /* Limited by application or receiver window. */
1902 u32 init_win = tcp_init_cwnd(tp, __sk_dst_get(sk));
1903 u32 win_used = max(tp->snd_cwnd_used, init_win);
1904 if (win_used < tcp_snd_cwnd(tp)) {
1905 tp->snd_ssthresh = tcp_current_ssthresh(sk);
1906 tcp_snd_cwnd_set(tp, (tcp_snd_cwnd(tp) + win_used) >> 1);
1907 }
1908 tp->snd_cwnd_used = 0;
1909 }
1910 tp->snd_cwnd_stamp = tcp_jiffies32;
1911 }
1912
tcp_cwnd_validate(struct sock * sk,bool is_cwnd_limited)1913 static void tcp_cwnd_validate(struct sock *sk, bool is_cwnd_limited)
1914 {
1915 const struct tcp_congestion_ops *ca_ops = inet_csk(sk)->icsk_ca_ops;
1916 struct tcp_sock *tp = tcp_sk(sk);
1917
1918 /* Track the strongest available signal of the degree to which the cwnd
1919 * is fully utilized. If cwnd-limited then remember that fact for the
1920 * current window. If not cwnd-limited then track the maximum number of
1921 * outstanding packets in the current window. (If cwnd-limited then we
1922 * chose to not update tp->max_packets_out to avoid an extra else
1923 * clause with no functional impact.)
1924 */
1925 if (!before(tp->snd_una, tp->cwnd_usage_seq) ||
1926 is_cwnd_limited ||
1927 (!tp->is_cwnd_limited &&
1928 tp->packets_out > tp->max_packets_out)) {
1929 tp->is_cwnd_limited = is_cwnd_limited;
1930 tp->max_packets_out = tp->packets_out;
1931 tp->cwnd_usage_seq = tp->snd_nxt;
1932 }
1933
1934 if (tcp_is_cwnd_limited(sk)) {
1935 /* Network is feed fully. */
1936 tp->snd_cwnd_used = 0;
1937 tp->snd_cwnd_stamp = tcp_jiffies32;
1938 } else {
1939 /* Network starves. */
1940 if (tp->packets_out > tp->snd_cwnd_used)
1941 tp->snd_cwnd_used = tp->packets_out;
1942
1943 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_slow_start_after_idle) &&
1944 (s32)(tcp_jiffies32 - tp->snd_cwnd_stamp) >= inet_csk(sk)->icsk_rto &&
1945 !ca_ops->cong_control)
1946 tcp_cwnd_application_limited(sk);
1947
1948 /* The following conditions together indicate the starvation
1949 * is caused by insufficient sender buffer:
1950 * 1) just sent some data (see tcp_write_xmit)
1951 * 2) not cwnd limited (this else condition)
1952 * 3) no more data to send (tcp_write_queue_empty())
1953 * 4) application is hitting buffer limit (SOCK_NOSPACE)
1954 */
1955 if (tcp_write_queue_empty(sk) && sk->sk_socket &&
1956 test_bit(SOCK_NOSPACE, &sk->sk_socket->flags) &&
1957 (1 << sk->sk_state) & (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT))
1958 tcp_chrono_start(sk, TCP_CHRONO_SNDBUF_LIMITED);
1959 }
1960 }
1961
1962 /* Minshall's variant of the Nagle send check. */
tcp_minshall_check(const struct tcp_sock * tp)1963 static bool tcp_minshall_check(const struct tcp_sock *tp)
1964 {
1965 return after(tp->snd_sml, tp->snd_una) &&
1966 !after(tp->snd_sml, tp->snd_nxt);
1967 }
1968
1969 /* Update snd_sml if this skb is under mss
1970 * Note that a TSO packet might end with a sub-mss segment
1971 * The test is really :
1972 * if ((skb->len % mss) != 0)
1973 * tp->snd_sml = TCP_SKB_CB(skb)->end_seq;
1974 * But we can avoid doing the divide again given we already have
1975 * skb_pcount = skb->len / mss_now
1976 */
tcp_minshall_update(struct tcp_sock * tp,unsigned int mss_now,const struct sk_buff * skb)1977 static void tcp_minshall_update(struct tcp_sock *tp, unsigned int mss_now,
1978 const struct sk_buff *skb)
1979 {
1980 if (skb->len < tcp_skb_pcount(skb) * mss_now)
1981 tp->snd_sml = TCP_SKB_CB(skb)->end_seq;
1982 }
1983
1984 /* Return false, if packet can be sent now without violation Nagle's rules:
1985 * 1. It is full sized. (provided by caller in %partial bool)
1986 * 2. Or it contains FIN. (already checked by caller)
1987 * 3. Or TCP_CORK is not set, and TCP_NODELAY is set.
1988 * 4. Or TCP_CORK is not set, and all sent packets are ACKed.
1989 * With Minshall's modification: all sent small packets are ACKed.
1990 */
tcp_nagle_check(bool partial,const struct tcp_sock * tp,int nonagle)1991 static bool tcp_nagle_check(bool partial, const struct tcp_sock *tp,
1992 int nonagle)
1993 {
1994 return partial &&
1995 ((nonagle & TCP_NAGLE_CORK) ||
1996 (!nonagle && tp->packets_out && tcp_minshall_check(tp)));
1997 }
1998
1999 /* Return how many segs we'd like on a TSO packet,
2000 * depending on current pacing rate, and how close the peer is.
2001 *
2002 * Rationale is:
2003 * - For close peers, we rather send bigger packets to reduce
2004 * cpu costs, because occasional losses will be repaired fast.
2005 * - For long distance/rtt flows, we would like to get ACK clocking
2006 * with 1 ACK per ms.
2007 *
2008 * Use min_rtt to help adapt TSO burst size, with smaller min_rtt resulting
2009 * in bigger TSO bursts. We we cut the RTT-based allowance in half
2010 * for every 2^9 usec (aka 512 us) of RTT, so that the RTT-based allowance
2011 * is below 1500 bytes after 6 * ~500 usec = 3ms.
2012 */
tcp_tso_autosize(const struct sock * sk,unsigned int mss_now,int min_tso_segs)2013 static u32 tcp_tso_autosize(const struct sock *sk, unsigned int mss_now,
2014 int min_tso_segs)
2015 {
2016 unsigned long bytes;
2017 u32 r;
2018
2019 bytes = READ_ONCE(sk->sk_pacing_rate) >> READ_ONCE(sk->sk_pacing_shift);
2020
2021 r = tcp_min_rtt(tcp_sk(sk)) >> READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_tso_rtt_log);
2022 if (r < BITS_PER_TYPE(sk->sk_gso_max_size))
2023 bytes += sk->sk_gso_max_size >> r;
2024
2025 bytes = min_t(unsigned long, bytes, sk->sk_gso_max_size);
2026
2027 return max_t(u32, bytes / mss_now, min_tso_segs);
2028 }
2029
2030 /* Return the number of segments we want in the skb we are transmitting.
2031 * See if congestion control module wants to decide; otherwise, autosize.
2032 */
tcp_tso_segs(struct sock * sk,unsigned int mss_now)2033 static u32 tcp_tso_segs(struct sock *sk, unsigned int mss_now)
2034 {
2035 const struct tcp_congestion_ops *ca_ops = inet_csk(sk)->icsk_ca_ops;
2036 u32 min_tso, tso_segs;
2037
2038 min_tso = ca_ops->min_tso_segs ?
2039 ca_ops->min_tso_segs(sk) :
2040 READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_min_tso_segs);
2041
2042 tso_segs = tcp_tso_autosize(sk, mss_now, min_tso);
2043 return min_t(u32, tso_segs, sk->sk_gso_max_segs);
2044 }
2045
2046 /* Returns the portion of skb which can be sent right away */
tcp_mss_split_point(const struct sock * sk,const struct sk_buff * skb,unsigned int mss_now,unsigned int max_segs,int nonagle)2047 static unsigned int tcp_mss_split_point(const struct sock *sk,
2048 const struct sk_buff *skb,
2049 unsigned int mss_now,
2050 unsigned int max_segs,
2051 int nonagle)
2052 {
2053 const struct tcp_sock *tp = tcp_sk(sk);
2054 u32 partial, needed, window, max_len;
2055
2056 window = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
2057 max_len = mss_now * max_segs;
2058
2059 if (likely(max_len <= window && skb != tcp_write_queue_tail(sk)))
2060 return max_len;
2061
2062 needed = min(skb->len, window);
2063
2064 if (max_len <= needed)
2065 return max_len;
2066
2067 partial = needed % mss_now;
2068 /* If last segment is not a full MSS, check if Nagle rules allow us
2069 * to include this last segment in this skb.
2070 * Otherwise, we'll split the skb at last MSS boundary
2071 */
2072 if (tcp_nagle_check(partial != 0, tp, nonagle))
2073 return needed - partial;
2074
2075 return needed;
2076 }
2077
2078 /* Can at least one segment of SKB be sent right now, according to the
2079 * congestion window rules? If so, return how many segments are allowed.
2080 */
tcp_cwnd_test(const struct tcp_sock * tp)2081 static u32 tcp_cwnd_test(const struct tcp_sock *tp)
2082 {
2083 u32 in_flight, cwnd, halfcwnd;
2084
2085 in_flight = tcp_packets_in_flight(tp);
2086 cwnd = tcp_snd_cwnd(tp);
2087 if (in_flight >= cwnd)
2088 return 0;
2089
2090 /* For better scheduling, ensure we have at least
2091 * 2 GSO packets in flight.
2092 */
2093 halfcwnd = max(cwnd >> 1, 1U);
2094 return min(halfcwnd, cwnd - in_flight);
2095 }
2096
2097 /* Initialize TSO state of a skb.
2098 * This must be invoked the first time we consider transmitting
2099 * SKB onto the wire.
2100 */
tcp_init_tso_segs(struct sk_buff * skb,unsigned int mss_now)2101 static int tcp_init_tso_segs(struct sk_buff *skb, unsigned int mss_now)
2102 {
2103 int tso_segs = tcp_skb_pcount(skb);
2104
2105 if (!tso_segs || (tso_segs > 1 && tcp_skb_mss(skb) != mss_now))
2106 return tcp_set_skb_tso_segs(skb, mss_now);
2107
2108 return tso_segs;
2109 }
2110
2111
2112 /* Return true if the Nagle test allows this packet to be
2113 * sent now.
2114 */
tcp_nagle_test(const struct tcp_sock * tp,const struct sk_buff * skb,unsigned int cur_mss,int nonagle)2115 static inline bool tcp_nagle_test(const struct tcp_sock *tp, const struct sk_buff *skb,
2116 unsigned int cur_mss, int nonagle)
2117 {
2118 /* Nagle rule does not apply to frames, which sit in the middle of the
2119 * write_queue (they have no chances to get new data).
2120 *
2121 * This is implemented in the callers, where they modify the 'nonagle'
2122 * argument based upon the location of SKB in the send queue.
2123 */
2124 if (nonagle & TCP_NAGLE_PUSH)
2125 return true;
2126
2127 /* Don't use the nagle rule for urgent data (or for the final FIN). */
2128 if (tcp_urg_mode(tp) || (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN))
2129 return true;
2130
2131 if (!tcp_nagle_check(skb->len < cur_mss, tp, nonagle))
2132 return true;
2133
2134 return false;
2135 }
2136
2137 /* Does at least the first segment of SKB fit into the send window? */
tcp_snd_wnd_test(const struct tcp_sock * tp,const struct sk_buff * skb,unsigned int cur_mss)2138 static bool tcp_snd_wnd_test(const struct tcp_sock *tp,
2139 const struct sk_buff *skb,
2140 unsigned int cur_mss)
2141 {
2142 u32 end_seq = TCP_SKB_CB(skb)->end_seq;
2143
2144 if (skb->len > cur_mss)
2145 end_seq = TCP_SKB_CB(skb)->seq + cur_mss;
2146
2147 return !after(end_seq, tcp_wnd_end(tp));
2148 }
2149
2150 /* Trim TSO SKB to LEN bytes, put the remaining data into a new packet
2151 * which is put after SKB on the list. It is very much like
2152 * tcp_fragment() except that it may make several kinds of assumptions
2153 * in order to speed up the splitting operation. In particular, we
2154 * know that all the data is in scatter-gather pages, and that the
2155 * packet has never been sent out before (and thus is not cloned).
2156 */
tso_fragment(struct sock * sk,struct sk_buff * skb,unsigned int len,unsigned int mss_now,gfp_t gfp)2157 static int tso_fragment(struct sock *sk, struct sk_buff *skb, unsigned int len,
2158 unsigned int mss_now, gfp_t gfp)
2159 {
2160 int nlen = skb->len - len;
2161 struct sk_buff *buff;
2162 u8 flags;
2163
2164 /* All of a TSO frame must be composed of paged data. */
2165 DEBUG_NET_WARN_ON_ONCE(skb->len != skb->data_len);
2166
2167 buff = tcp_stream_alloc_skb(sk, gfp, true);
2168 if (unlikely(!buff))
2169 return -ENOMEM;
2170 skb_copy_decrypted(buff, skb);
2171 mptcp_skb_ext_copy(buff, skb);
2172
2173 sk_wmem_queued_add(sk, buff->truesize);
2174 sk_mem_charge(sk, buff->truesize);
2175 buff->truesize += nlen;
2176 skb->truesize -= nlen;
2177
2178 /* Correct the sequence numbers. */
2179 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len;
2180 TCP_SKB_CB(buff)->end_seq = TCP_SKB_CB(skb)->end_seq;
2181 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(buff)->seq;
2182
2183 /* PSH and FIN should only be set in the second packet. */
2184 flags = TCP_SKB_CB(skb)->tcp_flags;
2185 TCP_SKB_CB(skb)->tcp_flags = flags & ~(TCPHDR_FIN | TCPHDR_PSH);
2186 TCP_SKB_CB(buff)->tcp_flags = flags;
2187
2188 tcp_skb_fragment_eor(skb, buff);
2189
2190 skb_split(skb, buff, len);
2191 tcp_fragment_tstamp(skb, buff);
2192
2193 /* Fix up tso_factor for both original and new SKB. */
2194 tcp_set_skb_tso_segs(skb, mss_now);
2195 tcp_set_skb_tso_segs(buff, mss_now);
2196
2197 /* Link BUFF into the send queue. */
2198 __skb_header_release(buff);
2199 tcp_insert_write_queue_after(skb, buff, sk, TCP_FRAG_IN_WRITE_QUEUE);
2200
2201 return 0;
2202 }
2203
2204 /* Try to defer sending, if possible, in order to minimize the amount
2205 * of TSO splitting we do. View it as a kind of TSO Nagle test.
2206 *
2207 * This algorithm is from John Heffner.
2208 */
tcp_tso_should_defer(struct sock * sk,struct sk_buff * skb,bool * is_cwnd_limited,bool * is_rwnd_limited,u32 max_segs)2209 static bool tcp_tso_should_defer(struct sock *sk, struct sk_buff *skb,
2210 bool *is_cwnd_limited,
2211 bool *is_rwnd_limited,
2212 u32 max_segs)
2213 {
2214 const struct inet_connection_sock *icsk = inet_csk(sk);
2215 u32 send_win, cong_win, limit, in_flight;
2216 struct tcp_sock *tp = tcp_sk(sk);
2217 struct sk_buff *head;
2218 int win_divisor;
2219 s64 delta;
2220
2221 if (icsk->icsk_ca_state >= TCP_CA_Recovery)
2222 goto send_now;
2223
2224 /* Avoid bursty behavior by allowing defer
2225 * only if the last write was recent (1 ms).
2226 * Note that tp->tcp_wstamp_ns can be in the future if we have
2227 * packets waiting in a qdisc or device for EDT delivery.
2228 */
2229 delta = tp->tcp_clock_cache - tp->tcp_wstamp_ns - NSEC_PER_MSEC;
2230 if (delta > 0)
2231 goto send_now;
2232
2233 in_flight = tcp_packets_in_flight(tp);
2234
2235 BUG_ON(tcp_skb_pcount(skb) <= 1);
2236 BUG_ON(tcp_snd_cwnd(tp) <= in_flight);
2237
2238 send_win = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
2239
2240 /* From in_flight test above, we know that cwnd > in_flight. */
2241 cong_win = (tcp_snd_cwnd(tp) - in_flight) * tp->mss_cache;
2242
2243 limit = min(send_win, cong_win);
2244
2245 /* If a full-sized TSO skb can be sent, do it. */
2246 if (limit >= max_segs * tp->mss_cache)
2247 goto send_now;
2248
2249 /* Middle in queue won't get any more data, full sendable already? */
2250 if ((skb != tcp_write_queue_tail(sk)) && (limit >= skb->len))
2251 goto send_now;
2252
2253 win_divisor = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_tso_win_divisor);
2254 if (win_divisor) {
2255 u32 chunk = min(tp->snd_wnd, tcp_snd_cwnd(tp) * tp->mss_cache);
2256
2257 /* If at least some fraction of a window is available,
2258 * just use it.
2259 */
2260 chunk /= win_divisor;
2261 if (limit >= chunk)
2262 goto send_now;
2263 } else {
2264 /* Different approach, try not to defer past a single
2265 * ACK. Receiver should ACK every other full sized
2266 * frame, so if we have space for more than 3 frames
2267 * then send now.
2268 */
2269 if (limit > tcp_max_tso_deferred_mss(tp) * tp->mss_cache)
2270 goto send_now;
2271 }
2272
2273 /* TODO : use tsorted_sent_queue ? */
2274 head = tcp_rtx_queue_head(sk);
2275 if (!head)
2276 goto send_now;
2277 delta = tp->tcp_clock_cache - head->tstamp;
2278 /* If next ACK is likely to come too late (half srtt), do not defer */
2279 if ((s64)(delta - (u64)NSEC_PER_USEC * (tp->srtt_us >> 4)) < 0)
2280 goto send_now;
2281
2282 /* Ok, it looks like it is advisable to defer.
2283 * Three cases are tracked :
2284 * 1) We are cwnd-limited
2285 * 2) We are rwnd-limited
2286 * 3) We are application limited.
2287 */
2288 if (cong_win < send_win) {
2289 if (cong_win <= skb->len) {
2290 *is_cwnd_limited = true;
2291 return true;
2292 }
2293 } else {
2294 if (send_win <= skb->len) {
2295 *is_rwnd_limited = true;
2296 return true;
2297 }
2298 }
2299
2300 /* If this packet won't get more data, do not wait. */
2301 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) ||
2302 TCP_SKB_CB(skb)->eor)
2303 goto send_now;
2304
2305 return true;
2306
2307 send_now:
2308 return false;
2309 }
2310
tcp_mtu_check_reprobe(struct sock * sk)2311 static inline void tcp_mtu_check_reprobe(struct sock *sk)
2312 {
2313 struct inet_connection_sock *icsk = inet_csk(sk);
2314 struct tcp_sock *tp = tcp_sk(sk);
2315 struct net *net = sock_net(sk);
2316 u32 interval;
2317 s32 delta;
2318
2319 interval = READ_ONCE(net->ipv4.sysctl_tcp_probe_interval);
2320 delta = tcp_jiffies32 - icsk->icsk_mtup.probe_timestamp;
2321 if (unlikely(delta >= interval * HZ)) {
2322 int mss = tcp_current_mss(sk);
2323
2324 /* Update current search range */
2325 icsk->icsk_mtup.probe_size = 0;
2326 icsk->icsk_mtup.search_high = tp->rx_opt.mss_clamp +
2327 sizeof(struct tcphdr) +
2328 icsk->icsk_af_ops->net_header_len;
2329 icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss);
2330
2331 /* Update probe time stamp */
2332 icsk->icsk_mtup.probe_timestamp = tcp_jiffies32;
2333 }
2334 }
2335
tcp_can_coalesce_send_queue_head(struct sock * sk,int len)2336 static bool tcp_can_coalesce_send_queue_head(struct sock *sk, int len)
2337 {
2338 struct sk_buff *skb, *next;
2339
2340 skb = tcp_send_head(sk);
2341 tcp_for_write_queue_from_safe(skb, next, sk) {
2342 if (len <= skb->len)
2343 break;
2344
2345 if (tcp_has_tx_tstamp(skb) || !tcp_skb_can_collapse(skb, next))
2346 return false;
2347
2348 len -= skb->len;
2349 }
2350
2351 return true;
2352 }
2353
tcp_clone_payload(struct sock * sk,struct sk_buff * to,int probe_size)2354 static int tcp_clone_payload(struct sock *sk, struct sk_buff *to,
2355 int probe_size)
2356 {
2357 skb_frag_t *lastfrag = NULL, *fragto = skb_shinfo(to)->frags;
2358 int i, todo, len = 0, nr_frags = 0;
2359 const struct sk_buff *skb;
2360
2361 if (!sk_wmem_schedule(sk, to->truesize + probe_size))
2362 return -ENOMEM;
2363
2364 skb_queue_walk(&sk->sk_write_queue, skb) {
2365 const skb_frag_t *fragfrom = skb_shinfo(skb)->frags;
2366
2367 if (skb_headlen(skb))
2368 return -EINVAL;
2369
2370 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++, fragfrom++) {
2371 if (len >= probe_size)
2372 goto commit;
2373 todo = min_t(int, skb_frag_size(fragfrom),
2374 probe_size - len);
2375 len += todo;
2376 if (lastfrag &&
2377 skb_frag_page(fragfrom) == skb_frag_page(lastfrag) &&
2378 skb_frag_off(fragfrom) == skb_frag_off(lastfrag) +
2379 skb_frag_size(lastfrag)) {
2380 skb_frag_size_add(lastfrag, todo);
2381 continue;
2382 }
2383 if (unlikely(nr_frags == MAX_SKB_FRAGS))
2384 return -E2BIG;
2385 skb_frag_page_copy(fragto, fragfrom);
2386 skb_frag_off_copy(fragto, fragfrom);
2387 skb_frag_size_set(fragto, todo);
2388 nr_frags++;
2389 lastfrag = fragto++;
2390 }
2391 }
2392 commit:
2393 WARN_ON_ONCE(len != probe_size);
2394 for (i = 0; i < nr_frags; i++)
2395 skb_frag_ref(to, i);
2396
2397 skb_shinfo(to)->nr_frags = nr_frags;
2398 to->truesize += probe_size;
2399 to->len += probe_size;
2400 to->data_len += probe_size;
2401 __skb_header_release(to);
2402 return 0;
2403 }
2404
2405 /* tcp_mtu_probe() and tcp_grow_skb() can both eat an skb (src) if
2406 * all its payload was moved to another one (dst).
2407 * Make sure to transfer tcp_flags, eor, and tstamp.
2408 */
tcp_eat_one_skb(struct sock * sk,struct sk_buff * dst,struct sk_buff * src)2409 static void tcp_eat_one_skb(struct sock *sk,
2410 struct sk_buff *dst,
2411 struct sk_buff *src)
2412 {
2413 TCP_SKB_CB(dst)->tcp_flags |= TCP_SKB_CB(src)->tcp_flags;
2414 TCP_SKB_CB(dst)->eor = TCP_SKB_CB(src)->eor;
2415 tcp_skb_collapse_tstamp(dst, src);
2416 tcp_unlink_write_queue(src, sk);
2417 tcp_wmem_free_skb(sk, src);
2418 }
2419
2420 /* Create a new MTU probe if we are ready.
2421 * MTU probe is regularly attempting to increase the path MTU by
2422 * deliberately sending larger packets. This discovers routing
2423 * changes resulting in larger path MTUs.
2424 *
2425 * Returns 0 if we should wait to probe (no cwnd available),
2426 * 1 if a probe was sent,
2427 * -1 otherwise
2428 */
tcp_mtu_probe(struct sock * sk)2429 static int tcp_mtu_probe(struct sock *sk)
2430 {
2431 struct inet_connection_sock *icsk = inet_csk(sk);
2432 struct tcp_sock *tp = tcp_sk(sk);
2433 struct sk_buff *skb, *nskb, *next;
2434 struct net *net = sock_net(sk);
2435 int probe_size;
2436 int size_needed;
2437 int copy, len;
2438 int mss_now;
2439 int interval;
2440
2441 /* Not currently probing/verifying,
2442 * not in recovery,
2443 * have enough cwnd, and
2444 * not SACKing (the variable headers throw things off)
2445 */
2446 if (likely(!icsk->icsk_mtup.enabled ||
2447 icsk->icsk_mtup.probe_size ||
2448 inet_csk(sk)->icsk_ca_state != TCP_CA_Open ||
2449 tcp_snd_cwnd(tp) < 11 ||
2450 tp->rx_opt.num_sacks || tp->rx_opt.dsack))
2451 return -1;
2452
2453 /* Use binary search for probe_size between tcp_mss_base,
2454 * and current mss_clamp. if (search_high - search_low)
2455 * smaller than a threshold, backoff from probing.
2456 */
2457 mss_now = tcp_current_mss(sk);
2458 probe_size = tcp_mtu_to_mss(sk, (icsk->icsk_mtup.search_high +
2459 icsk->icsk_mtup.search_low) >> 1);
2460 size_needed = probe_size + (tp->reordering + 1) * tp->mss_cache;
2461 interval = icsk->icsk_mtup.search_high - icsk->icsk_mtup.search_low;
2462 /* When misfortune happens, we are reprobing actively,
2463 * and then reprobe timer has expired. We stick with current
2464 * probing process by not resetting search range to its orignal.
2465 */
2466 if (probe_size > tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_high) ||
2467 interval < READ_ONCE(net->ipv4.sysctl_tcp_probe_threshold)) {
2468 /* Check whether enough time has elaplased for
2469 * another round of probing.
2470 */
2471 tcp_mtu_check_reprobe(sk);
2472 return -1;
2473 }
2474
2475 /* Have enough data in the send queue to probe? */
2476 if (tp->write_seq - tp->snd_nxt < size_needed)
2477 return -1;
2478
2479 if (tp->snd_wnd < size_needed)
2480 return -1;
2481 if (after(tp->snd_nxt + size_needed, tcp_wnd_end(tp)))
2482 return 0;
2483
2484 /* Do we need to wait to drain cwnd? With none in flight, don't stall */
2485 if (tcp_packets_in_flight(tp) + 2 > tcp_snd_cwnd(tp)) {
2486 if (!tcp_packets_in_flight(tp))
2487 return -1;
2488 else
2489 return 0;
2490 }
2491
2492 if (!tcp_can_coalesce_send_queue_head(sk, probe_size))
2493 return -1;
2494
2495 /* We're allowed to probe. Build it now. */
2496 nskb = tcp_stream_alloc_skb(sk, GFP_ATOMIC, false);
2497 if (!nskb)
2498 return -1;
2499
2500 /* build the payload, and be prepared to abort if this fails. */
2501 if (tcp_clone_payload(sk, nskb, probe_size)) {
2502 tcp_skb_tsorted_anchor_cleanup(nskb);
2503 consume_skb(nskb);
2504 return -1;
2505 }
2506 sk_wmem_queued_add(sk, nskb->truesize);
2507 sk_mem_charge(sk, nskb->truesize);
2508
2509 skb = tcp_send_head(sk);
2510 skb_copy_decrypted(nskb, skb);
2511 mptcp_skb_ext_copy(nskb, skb);
2512
2513 TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq;
2514 TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size;
2515 TCP_SKB_CB(nskb)->tcp_flags = TCPHDR_ACK;
2516
2517 tcp_insert_write_queue_before(nskb, skb, sk);
2518 tcp_highest_sack_replace(sk, skb, nskb);
2519
2520 len = 0;
2521 tcp_for_write_queue_from_safe(skb, next, sk) {
2522 copy = min_t(int, skb->len, probe_size - len);
2523
2524 if (skb->len <= copy) {
2525 tcp_eat_one_skb(sk, nskb, skb);
2526 } else {
2527 TCP_SKB_CB(nskb)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags &
2528 ~(TCPHDR_FIN|TCPHDR_PSH);
2529 __pskb_trim_head(skb, copy);
2530 tcp_set_skb_tso_segs(skb, mss_now);
2531 TCP_SKB_CB(skb)->seq += copy;
2532 }
2533
2534 len += copy;
2535
2536 if (len >= probe_size)
2537 break;
2538 }
2539 tcp_init_tso_segs(nskb, nskb->len);
2540
2541 /* We're ready to send. If this fails, the probe will
2542 * be resegmented into mss-sized pieces by tcp_write_xmit().
2543 */
2544 if (!tcp_transmit_skb(sk, nskb, 1, GFP_ATOMIC)) {
2545 /* Decrement cwnd here because we are sending
2546 * effectively two packets. */
2547 tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) - 1);
2548 tcp_event_new_data_sent(sk, nskb);
2549
2550 icsk->icsk_mtup.probe_size = tcp_mss_to_mtu(sk, nskb->len);
2551 tp->mtu_probe.probe_seq_start = TCP_SKB_CB(nskb)->seq;
2552 tp->mtu_probe.probe_seq_end = TCP_SKB_CB(nskb)->end_seq;
2553
2554 return 1;
2555 }
2556
2557 return -1;
2558 }
2559
tcp_pacing_check(struct sock * sk)2560 static bool tcp_pacing_check(struct sock *sk)
2561 {
2562 struct tcp_sock *tp = tcp_sk(sk);
2563
2564 if (!tcp_needs_internal_pacing(sk))
2565 return false;
2566
2567 if (tp->tcp_wstamp_ns <= tp->tcp_clock_cache)
2568 return false;
2569
2570 if (!hrtimer_is_queued(&tp->pacing_timer)) {
2571 hrtimer_start(&tp->pacing_timer,
2572 ns_to_ktime(tp->tcp_wstamp_ns),
2573 HRTIMER_MODE_ABS_PINNED_SOFT);
2574 sock_hold(sk);
2575 }
2576 return true;
2577 }
2578
tcp_rtx_queue_empty_or_single_skb(const struct sock * sk)2579 static bool tcp_rtx_queue_empty_or_single_skb(const struct sock *sk)
2580 {
2581 const struct rb_node *node = sk->tcp_rtx_queue.rb_node;
2582
2583 /* No skb in the rtx queue. */
2584 if (!node)
2585 return true;
2586
2587 /* Only one skb in rtx queue. */
2588 return !node->rb_left && !node->rb_right;
2589 }
2590
2591 /* TCP Small Queues :
2592 * Control number of packets in qdisc/devices to two packets / or ~1 ms.
2593 * (These limits are doubled for retransmits)
2594 * This allows for :
2595 * - better RTT estimation and ACK scheduling
2596 * - faster recovery
2597 * - high rates
2598 * Alas, some drivers / subsystems require a fair amount
2599 * of queued bytes to ensure line rate.
2600 * One example is wifi aggregation (802.11 AMPDU)
2601 */
tcp_small_queue_check(struct sock * sk,const struct sk_buff * skb,unsigned int factor)2602 static bool tcp_small_queue_check(struct sock *sk, const struct sk_buff *skb,
2603 unsigned int factor)
2604 {
2605 unsigned long limit;
2606
2607 limit = max_t(unsigned long,
2608 2 * skb->truesize,
2609 READ_ONCE(sk->sk_pacing_rate) >> READ_ONCE(sk->sk_pacing_shift));
2610 if (sk->sk_pacing_status == SK_PACING_NONE)
2611 limit = min_t(unsigned long, limit,
2612 READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_limit_output_bytes));
2613 limit <<= factor;
2614
2615 if (static_branch_unlikely(&tcp_tx_delay_enabled) &&
2616 tcp_sk(sk)->tcp_tx_delay) {
2617 u64 extra_bytes = (u64)READ_ONCE(sk->sk_pacing_rate) *
2618 tcp_sk(sk)->tcp_tx_delay;
2619
2620 /* TSQ is based on skb truesize sum (sk_wmem_alloc), so we
2621 * approximate our needs assuming an ~100% skb->truesize overhead.
2622 * USEC_PER_SEC is approximated by 2^20.
2623 * do_div(extra_bytes, USEC_PER_SEC/2) is replaced by a right shift.
2624 */
2625 extra_bytes >>= (20 - 1);
2626 limit += extra_bytes;
2627 }
2628 if (refcount_read(&sk->sk_wmem_alloc) > limit) {
2629 /* Always send skb if rtx queue is empty or has one skb.
2630 * No need to wait for TX completion to call us back,
2631 * after softirq/tasklet schedule.
2632 * This helps when TX completions are delayed too much.
2633 */
2634 if (tcp_rtx_queue_empty_or_single_skb(sk))
2635 return false;
2636
2637 set_bit(TSQ_THROTTLED, &sk->sk_tsq_flags);
2638 /* It is possible TX completion already happened
2639 * before we set TSQ_THROTTLED, so we must
2640 * test again the condition.
2641 */
2642 smp_mb__after_atomic();
2643 if (refcount_read(&sk->sk_wmem_alloc) > limit)
2644 return true;
2645 }
2646 return false;
2647 }
2648
tcp_chrono_set(struct tcp_sock * tp,const enum tcp_chrono new)2649 static void tcp_chrono_set(struct tcp_sock *tp, const enum tcp_chrono new)
2650 {
2651 const u32 now = tcp_jiffies32;
2652 enum tcp_chrono old = tp->chrono_type;
2653
2654 if (old > TCP_CHRONO_UNSPEC)
2655 tp->chrono_stat[old - 1] += now - tp->chrono_start;
2656 tp->chrono_start = now;
2657 tp->chrono_type = new;
2658 }
2659
tcp_chrono_start(struct sock * sk,const enum tcp_chrono type)2660 void tcp_chrono_start(struct sock *sk, const enum tcp_chrono type)
2661 {
2662 struct tcp_sock *tp = tcp_sk(sk);
2663
2664 /* If there are multiple conditions worthy of tracking in a
2665 * chronograph then the highest priority enum takes precedence
2666 * over the other conditions. So that if something "more interesting"
2667 * starts happening, stop the previous chrono and start a new one.
2668 */
2669 if (type > tp->chrono_type)
2670 tcp_chrono_set(tp, type);
2671 }
2672
tcp_chrono_stop(struct sock * sk,const enum tcp_chrono type)2673 void tcp_chrono_stop(struct sock *sk, const enum tcp_chrono type)
2674 {
2675 struct tcp_sock *tp = tcp_sk(sk);
2676
2677
2678 /* There are multiple conditions worthy of tracking in a
2679 * chronograph, so that the highest priority enum takes
2680 * precedence over the other conditions (see tcp_chrono_start).
2681 * If a condition stops, we only stop chrono tracking if
2682 * it's the "most interesting" or current chrono we are
2683 * tracking and starts busy chrono if we have pending data.
2684 */
2685 if (tcp_rtx_and_write_queues_empty(sk))
2686 tcp_chrono_set(tp, TCP_CHRONO_UNSPEC);
2687 else if (type == tp->chrono_type)
2688 tcp_chrono_set(tp, TCP_CHRONO_BUSY);
2689 }
2690
2691 /* First skb in the write queue is smaller than ideal packet size.
2692 * Check if we can move payload from the second skb in the queue.
2693 */
tcp_grow_skb(struct sock * sk,struct sk_buff * skb,int amount)2694 static void tcp_grow_skb(struct sock *sk, struct sk_buff *skb, int amount)
2695 {
2696 struct sk_buff *next_skb = skb->next;
2697 unsigned int nlen;
2698
2699 if (tcp_skb_is_last(sk, skb))
2700 return;
2701
2702 if (!tcp_skb_can_collapse(skb, next_skb))
2703 return;
2704
2705 nlen = min_t(u32, amount, next_skb->len);
2706 if (!nlen || !skb_shift(skb, next_skb, nlen))
2707 return;
2708
2709 TCP_SKB_CB(skb)->end_seq += nlen;
2710 TCP_SKB_CB(next_skb)->seq += nlen;
2711
2712 if (!next_skb->len) {
2713 /* In case FIN is set, we need to update end_seq */
2714 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(next_skb)->end_seq;
2715
2716 tcp_eat_one_skb(sk, skb, next_skb);
2717 }
2718 }
2719
2720 /* This routine writes packets to the network. It advances the
2721 * send_head. This happens as incoming acks open up the remote
2722 * window for us.
2723 *
2724 * LARGESEND note: !tcp_urg_mode is overkill, only frames between
2725 * snd_up-64k-mss .. snd_up cannot be large. However, taking into
2726 * account rare use of URG, this is not a big flaw.
2727 *
2728 * Send at most one packet when push_one > 0. Temporarily ignore
2729 * cwnd limit to force at most one packet out when push_one == 2.
2730
2731 * Returns true, if no segments are in flight and we have queued segments,
2732 * but cannot send anything now because of SWS or another problem.
2733 */
tcp_write_xmit(struct sock * sk,unsigned int mss_now,int nonagle,int push_one,gfp_t gfp)2734 static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
2735 int push_one, gfp_t gfp)
2736 {
2737 struct tcp_sock *tp = tcp_sk(sk);
2738 struct sk_buff *skb;
2739 unsigned int tso_segs, sent_pkts;
2740 u32 cwnd_quota, max_segs;
2741 int result;
2742 bool is_cwnd_limited = false, is_rwnd_limited = false;
2743
2744 sent_pkts = 0;
2745
2746 tcp_mstamp_refresh(tp);
2747 if (!push_one) {
2748 /* Do MTU probing. */
2749 result = tcp_mtu_probe(sk);
2750 if (!result) {
2751 return false;
2752 } else if (result > 0) {
2753 sent_pkts = 1;
2754 }
2755 }
2756
2757 max_segs = tcp_tso_segs(sk, mss_now);
2758 while ((skb = tcp_send_head(sk))) {
2759 unsigned int limit;
2760 int missing_bytes;
2761
2762 if (unlikely(tp->repair) && tp->repair_queue == TCP_SEND_QUEUE) {
2763 /* "skb_mstamp_ns" is used as a start point for the retransmit timer */
2764 tp->tcp_wstamp_ns = tp->tcp_clock_cache;
2765 skb_set_delivery_time(skb, tp->tcp_wstamp_ns, SKB_CLOCK_MONOTONIC);
2766 list_move_tail(&skb->tcp_tsorted_anchor, &tp->tsorted_sent_queue);
2767 tcp_init_tso_segs(skb, mss_now);
2768 goto repair; /* Skip network transmission */
2769 }
2770
2771 if (tcp_pacing_check(sk))
2772 break;
2773
2774 cwnd_quota = tcp_cwnd_test(tp);
2775 if (!cwnd_quota) {
2776 if (push_one == 2)
2777 /* Force out a loss probe pkt. */
2778 cwnd_quota = 1;
2779 else
2780 break;
2781 }
2782 cwnd_quota = min(cwnd_quota, max_segs);
2783 missing_bytes = cwnd_quota * mss_now - skb->len;
2784 if (missing_bytes > 0)
2785 tcp_grow_skb(sk, skb, missing_bytes);
2786
2787 tso_segs = tcp_set_skb_tso_segs(skb, mss_now);
2788
2789 if (unlikely(!tcp_snd_wnd_test(tp, skb, mss_now))) {
2790 is_rwnd_limited = true;
2791 break;
2792 }
2793
2794 if (tso_segs == 1) {
2795 if (unlikely(!tcp_nagle_test(tp, skb, mss_now,
2796 (tcp_skb_is_last(sk, skb) ?
2797 nonagle : TCP_NAGLE_PUSH))))
2798 break;
2799 } else {
2800 if (!push_one &&
2801 tcp_tso_should_defer(sk, skb, &is_cwnd_limited,
2802 &is_rwnd_limited, max_segs))
2803 break;
2804 }
2805
2806 limit = mss_now;
2807 if (tso_segs > 1 && !tcp_urg_mode(tp))
2808 limit = tcp_mss_split_point(sk, skb, mss_now,
2809 cwnd_quota,
2810 nonagle);
2811
2812 if (skb->len > limit &&
2813 unlikely(tso_fragment(sk, skb, limit, mss_now, gfp)))
2814 break;
2815
2816 if (tcp_small_queue_check(sk, skb, 0))
2817 break;
2818
2819 /* Argh, we hit an empty skb(), presumably a thread
2820 * is sleeping in sendmsg()/sk_stream_wait_memory().
2821 * We do not want to send a pure-ack packet and have
2822 * a strange looking rtx queue with empty packet(s).
2823 */
2824 if (TCP_SKB_CB(skb)->end_seq == TCP_SKB_CB(skb)->seq)
2825 break;
2826
2827 if (unlikely(tcp_transmit_skb(sk, skb, 1, gfp)))
2828 break;
2829
2830 repair:
2831 /* Advance the send_head. This one is sent out.
2832 * This call will increment packets_out.
2833 */
2834 tcp_event_new_data_sent(sk, skb);
2835
2836 tcp_minshall_update(tp, mss_now, skb);
2837 sent_pkts += tcp_skb_pcount(skb);
2838
2839 if (push_one)
2840 break;
2841 }
2842
2843 if (is_rwnd_limited)
2844 tcp_chrono_start(sk, TCP_CHRONO_RWND_LIMITED);
2845 else
2846 tcp_chrono_stop(sk, TCP_CHRONO_RWND_LIMITED);
2847
2848 is_cwnd_limited |= (tcp_packets_in_flight(tp) >= tcp_snd_cwnd(tp));
2849 if (likely(sent_pkts || is_cwnd_limited))
2850 tcp_cwnd_validate(sk, is_cwnd_limited);
2851
2852 if (likely(sent_pkts)) {
2853 if (tcp_in_cwnd_reduction(sk))
2854 tp->prr_out += sent_pkts;
2855
2856 /* Send one loss probe per tail loss episode. */
2857 if (push_one != 2)
2858 tcp_schedule_loss_probe(sk, false);
2859 return false;
2860 }
2861 return !tp->packets_out && !tcp_write_queue_empty(sk);
2862 }
2863
tcp_schedule_loss_probe(struct sock * sk,bool advancing_rto)2864 bool tcp_schedule_loss_probe(struct sock *sk, bool advancing_rto)
2865 {
2866 struct inet_connection_sock *icsk = inet_csk(sk);
2867 struct tcp_sock *tp = tcp_sk(sk);
2868 u32 timeout, timeout_us, rto_delta_us;
2869 int early_retrans;
2870
2871 /* Don't do any loss probe on a Fast Open connection before 3WHS
2872 * finishes.
2873 */
2874 if (rcu_access_pointer(tp->fastopen_rsk))
2875 return false;
2876
2877 early_retrans = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_early_retrans);
2878 /* Schedule a loss probe in 2*RTT for SACK capable connections
2879 * not in loss recovery, that are either limited by cwnd or application.
2880 */
2881 if ((early_retrans != 3 && early_retrans != 4) ||
2882 !tp->packets_out || !tcp_is_sack(tp) ||
2883 (icsk->icsk_ca_state != TCP_CA_Open &&
2884 icsk->icsk_ca_state != TCP_CA_CWR))
2885 return false;
2886
2887 /* Probe timeout is 2*rtt. Add minimum RTO to account
2888 * for delayed ack when there's one outstanding packet. If no RTT
2889 * sample is available then probe after TCP_TIMEOUT_INIT.
2890 */
2891 if (tp->srtt_us) {
2892 timeout_us = tp->srtt_us >> 2;
2893 if (tp->packets_out == 1)
2894 timeout_us += tcp_rto_min_us(sk);
2895 else
2896 timeout_us += TCP_TIMEOUT_MIN_US;
2897 timeout = usecs_to_jiffies(timeout_us);
2898 } else {
2899 timeout = TCP_TIMEOUT_INIT;
2900 }
2901
2902 /* If the RTO formula yields an earlier time, then use that time. */
2903 rto_delta_us = advancing_rto ?
2904 jiffies_to_usecs(inet_csk(sk)->icsk_rto) :
2905 tcp_rto_delta_us(sk); /* How far in future is RTO? */
2906 if (rto_delta_us > 0)
2907 timeout = min_t(u32, timeout, usecs_to_jiffies(rto_delta_us));
2908
2909 tcp_reset_xmit_timer(sk, ICSK_TIME_LOSS_PROBE, timeout, TCP_RTO_MAX);
2910 return true;
2911 }
2912
2913 /* Thanks to skb fast clones, we can detect if a prior transmit of
2914 * a packet is still in a qdisc or driver queue.
2915 * In this case, there is very little point doing a retransmit !
2916 */
skb_still_in_host_queue(struct sock * sk,const struct sk_buff * skb)2917 static bool skb_still_in_host_queue(struct sock *sk,
2918 const struct sk_buff *skb)
2919 {
2920 if (unlikely(skb_fclone_busy(sk, skb))) {
2921 set_bit(TSQ_THROTTLED, &sk->sk_tsq_flags);
2922 smp_mb__after_atomic();
2923 if (skb_fclone_busy(sk, skb)) {
2924 NET_INC_STATS(sock_net(sk),
2925 LINUX_MIB_TCPSPURIOUS_RTX_HOSTQUEUES);
2926 return true;
2927 }
2928 }
2929 return false;
2930 }
2931
2932 /* When probe timeout (PTO) fires, try send a new segment if possible, else
2933 * retransmit the last segment.
2934 */
tcp_send_loss_probe(struct sock * sk)2935 void tcp_send_loss_probe(struct sock *sk)
2936 {
2937 struct tcp_sock *tp = tcp_sk(sk);
2938 struct sk_buff *skb;
2939 int pcount;
2940 int mss = tcp_current_mss(sk);
2941
2942 /* At most one outstanding TLP */
2943 if (tp->tlp_high_seq)
2944 goto rearm_timer;
2945
2946 tp->tlp_retrans = 0;
2947 skb = tcp_send_head(sk);
2948 if (skb && tcp_snd_wnd_test(tp, skb, mss)) {
2949 pcount = tp->packets_out;
2950 tcp_write_xmit(sk, mss, TCP_NAGLE_OFF, 2, GFP_ATOMIC);
2951 if (tp->packets_out > pcount)
2952 goto probe_sent;
2953 goto rearm_timer;
2954 }
2955 skb = skb_rb_last(&sk->tcp_rtx_queue);
2956 if (unlikely(!skb)) {
2957 WARN_ONCE(tp->packets_out,
2958 "invalid inflight: %u state %u cwnd %u mss %d\n",
2959 tp->packets_out, sk->sk_state, tcp_snd_cwnd(tp), mss);
2960 inet_csk(sk)->icsk_pending = 0;
2961 return;
2962 }
2963
2964 if (skb_still_in_host_queue(sk, skb))
2965 goto rearm_timer;
2966
2967 pcount = tcp_skb_pcount(skb);
2968 if (WARN_ON(!pcount))
2969 goto rearm_timer;
2970
2971 if ((pcount > 1) && (skb->len > (pcount - 1) * mss)) {
2972 if (unlikely(tcp_fragment(sk, TCP_FRAG_IN_RTX_QUEUE, skb,
2973 (pcount - 1) * mss, mss,
2974 GFP_ATOMIC)))
2975 goto rearm_timer;
2976 skb = skb_rb_next(skb);
2977 }
2978
2979 if (WARN_ON(!skb || !tcp_skb_pcount(skb)))
2980 goto rearm_timer;
2981
2982 if (__tcp_retransmit_skb(sk, skb, 1))
2983 goto rearm_timer;
2984
2985 tp->tlp_retrans = 1;
2986
2987 probe_sent:
2988 /* Record snd_nxt for loss detection. */
2989 tp->tlp_high_seq = tp->snd_nxt;
2990
2991 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPLOSSPROBES);
2992 /* Reset s.t. tcp_rearm_rto will restart timer from now */
2993 inet_csk(sk)->icsk_pending = 0;
2994 rearm_timer:
2995 tcp_rearm_rto(sk);
2996 }
2997
2998 /* Push out any pending frames which were held back due to
2999 * TCP_CORK or attempt at coalescing tiny packets.
3000 * The socket must be locked by the caller.
3001 */
__tcp_push_pending_frames(struct sock * sk,unsigned int cur_mss,int nonagle)3002 void __tcp_push_pending_frames(struct sock *sk, unsigned int cur_mss,
3003 int nonagle)
3004 {
3005 /* If we are closed, the bytes will have to remain here.
3006 * In time closedown will finish, we empty the write queue and
3007 * all will be happy.
3008 */
3009 if (unlikely(sk->sk_state == TCP_CLOSE))
3010 return;
3011
3012 if (tcp_write_xmit(sk, cur_mss, nonagle, 0,
3013 sk_gfp_mask(sk, GFP_ATOMIC)))
3014 tcp_check_probe_timer(sk);
3015 }
3016
3017 /* Send _single_ skb sitting at the send head. This function requires
3018 * true push pending frames to setup probe timer etc.
3019 */
tcp_push_one(struct sock * sk,unsigned int mss_now)3020 void tcp_push_one(struct sock *sk, unsigned int mss_now)
3021 {
3022 struct sk_buff *skb = tcp_send_head(sk);
3023
3024 BUG_ON(!skb || skb->len < mss_now);
3025
3026 tcp_write_xmit(sk, mss_now, TCP_NAGLE_PUSH, 1, sk->sk_allocation);
3027 }
3028
3029 /* This function returns the amount that we can raise the
3030 * usable window based on the following constraints
3031 *
3032 * 1. The window can never be shrunk once it is offered (RFC 793)
3033 * 2. We limit memory per socket
3034 *
3035 * RFC 1122:
3036 * "the suggested [SWS] avoidance algorithm for the receiver is to keep
3037 * RECV.NEXT + RCV.WIN fixed until:
3038 * RCV.BUFF - RCV.USER - RCV.WINDOW >= min(1/2 RCV.BUFF, MSS)"
3039 *
3040 * i.e. don't raise the right edge of the window until you can raise
3041 * it at least MSS bytes.
3042 *
3043 * Unfortunately, the recommended algorithm breaks header prediction,
3044 * since header prediction assumes th->window stays fixed.
3045 *
3046 * Strictly speaking, keeping th->window fixed violates the receiver
3047 * side SWS prevention criteria. The problem is that under this rule
3048 * a stream of single byte packets will cause the right side of the
3049 * window to always advance by a single byte.
3050 *
3051 * Of course, if the sender implements sender side SWS prevention
3052 * then this will not be a problem.
3053 *
3054 * BSD seems to make the following compromise:
3055 *
3056 * If the free space is less than the 1/4 of the maximum
3057 * space available and the free space is less than 1/2 mss,
3058 * then set the window to 0.
3059 * [ Actually, bsd uses MSS and 1/4 of maximal _window_ ]
3060 * Otherwise, just prevent the window from shrinking
3061 * and from being larger than the largest representable value.
3062 *
3063 * This prevents incremental opening of the window in the regime
3064 * where TCP is limited by the speed of the reader side taking
3065 * data out of the TCP receive queue. It does nothing about
3066 * those cases where the window is constrained on the sender side
3067 * because the pipeline is full.
3068 *
3069 * BSD also seems to "accidentally" limit itself to windows that are a
3070 * multiple of MSS, at least until the free space gets quite small.
3071 * This would appear to be a side effect of the mbuf implementation.
3072 * Combining these two algorithms results in the observed behavior
3073 * of having a fixed window size at almost all times.
3074 *
3075 * Below we obtain similar behavior by forcing the offered window to
3076 * a multiple of the mss when it is feasible to do so.
3077 *
3078 * Note, we don't "adjust" for TIMESTAMP or SACK option bytes.
3079 * Regular options like TIMESTAMP are taken into account.
3080 */
__tcp_select_window(struct sock * sk)3081 u32 __tcp_select_window(struct sock *sk)
3082 {
3083 struct inet_connection_sock *icsk = inet_csk(sk);
3084 struct tcp_sock *tp = tcp_sk(sk);
3085 struct net *net = sock_net(sk);
3086 /* MSS for the peer's data. Previous versions used mss_clamp
3087 * here. I don't know if the value based on our guesses
3088 * of peer's MSS is better for the performance. It's more correct
3089 * but may be worse for the performance because of rcv_mss
3090 * fluctuations. --SAW 1998/11/1
3091 */
3092 int mss = icsk->icsk_ack.rcv_mss;
3093 int free_space = tcp_space(sk);
3094 int allowed_space = tcp_full_space(sk);
3095 int full_space, window;
3096
3097 if (sk_is_mptcp(sk))
3098 mptcp_space(sk, &free_space, &allowed_space);
3099
3100 full_space = min_t(int, tp->window_clamp, allowed_space);
3101
3102 if (unlikely(mss > full_space)) {
3103 mss = full_space;
3104 if (mss <= 0)
3105 return 0;
3106 }
3107
3108 /* Only allow window shrink if the sysctl is enabled and we have
3109 * a non-zero scaling factor in effect.
3110 */
3111 if (READ_ONCE(net->ipv4.sysctl_tcp_shrink_window) && tp->rx_opt.rcv_wscale)
3112 goto shrink_window_allowed;
3113
3114 /* do not allow window to shrink */
3115
3116 if (free_space < (full_space >> 1)) {
3117 icsk->icsk_ack.quick = 0;
3118
3119 if (tcp_under_memory_pressure(sk))
3120 tcp_adjust_rcv_ssthresh(sk);
3121
3122 /* free_space might become our new window, make sure we don't
3123 * increase it due to wscale.
3124 */
3125 free_space = round_down(free_space, 1 << tp->rx_opt.rcv_wscale);
3126
3127 /* if free space is less than mss estimate, or is below 1/16th
3128 * of the maximum allowed, try to move to zero-window, else
3129 * tcp_clamp_window() will grow rcv buf up to tcp_rmem[2], and
3130 * new incoming data is dropped due to memory limits.
3131 * With large window, mss test triggers way too late in order
3132 * to announce zero window in time before rmem limit kicks in.
3133 */
3134 if (free_space < (allowed_space >> 4) || free_space < mss)
3135 return 0;
3136 }
3137
3138 if (free_space > tp->rcv_ssthresh)
3139 free_space = tp->rcv_ssthresh;
3140
3141 /* Don't do rounding if we are using window scaling, since the
3142 * scaled window will not line up with the MSS boundary anyway.
3143 */
3144 if (tp->rx_opt.rcv_wscale) {
3145 window = free_space;
3146
3147 /* Advertise enough space so that it won't get scaled away.
3148 * Import case: prevent zero window announcement if
3149 * 1<<rcv_wscale > mss.
3150 */
3151 window = ALIGN(window, (1 << tp->rx_opt.rcv_wscale));
3152 } else {
3153 window = tp->rcv_wnd;
3154 /* Get the largest window that is a nice multiple of mss.
3155 * Window clamp already applied above.
3156 * If our current window offering is within 1 mss of the
3157 * free space we just keep it. This prevents the divide
3158 * and multiply from happening most of the time.
3159 * We also don't do any window rounding when the free space
3160 * is too small.
3161 */
3162 if (window <= free_space - mss || window > free_space)
3163 window = rounddown(free_space, mss);
3164 else if (mss == full_space &&
3165 free_space > window + (full_space >> 1))
3166 window = free_space;
3167 }
3168
3169 return window;
3170
3171 shrink_window_allowed:
3172 /* new window should always be an exact multiple of scaling factor */
3173 free_space = round_down(free_space, 1 << tp->rx_opt.rcv_wscale);
3174
3175 if (free_space < (full_space >> 1)) {
3176 icsk->icsk_ack.quick = 0;
3177
3178 if (tcp_under_memory_pressure(sk))
3179 tcp_adjust_rcv_ssthresh(sk);
3180
3181 /* if free space is too low, return a zero window */
3182 if (free_space < (allowed_space >> 4) || free_space < mss ||
3183 free_space < (1 << tp->rx_opt.rcv_wscale))
3184 return 0;
3185 }
3186
3187 if (free_space > tp->rcv_ssthresh) {
3188 free_space = tp->rcv_ssthresh;
3189 /* new window should always be an exact multiple of scaling factor
3190 *
3191 * For this case, we ALIGN "up" (increase free_space) because
3192 * we know free_space is not zero here, it has been reduced from
3193 * the memory-based limit, and rcv_ssthresh is not a hard limit
3194 * (unlike sk_rcvbuf).
3195 */
3196 free_space = ALIGN(free_space, (1 << tp->rx_opt.rcv_wscale));
3197 }
3198
3199 return free_space;
3200 }
3201
tcp_skb_collapse_tstamp(struct sk_buff * skb,const struct sk_buff * next_skb)3202 void tcp_skb_collapse_tstamp(struct sk_buff *skb,
3203 const struct sk_buff *next_skb)
3204 {
3205 if (unlikely(tcp_has_tx_tstamp(next_skb))) {
3206 const struct skb_shared_info *next_shinfo =
3207 skb_shinfo(next_skb);
3208 struct skb_shared_info *shinfo = skb_shinfo(skb);
3209
3210 shinfo->tx_flags |= next_shinfo->tx_flags & SKBTX_ANY_TSTAMP;
3211 shinfo->tskey = next_shinfo->tskey;
3212 TCP_SKB_CB(skb)->txstamp_ack |=
3213 TCP_SKB_CB(next_skb)->txstamp_ack;
3214 }
3215 }
3216
3217 /* Collapses two adjacent SKB's during retransmission. */
tcp_collapse_retrans(struct sock * sk,struct sk_buff * skb)3218 static bool tcp_collapse_retrans(struct sock *sk, struct sk_buff *skb)
3219 {
3220 struct tcp_sock *tp = tcp_sk(sk);
3221 struct sk_buff *next_skb = skb_rb_next(skb);
3222 int next_skb_size;
3223
3224 next_skb_size = next_skb->len;
3225
3226 BUG_ON(tcp_skb_pcount(skb) != 1 || tcp_skb_pcount(next_skb) != 1);
3227
3228 if (next_skb_size && !tcp_skb_shift(skb, next_skb, 1, next_skb_size))
3229 return false;
3230
3231 tcp_highest_sack_replace(sk, next_skb, skb);
3232
3233 /* Update sequence range on original skb. */
3234 TCP_SKB_CB(skb)->end_seq = TCP_SKB_CB(next_skb)->end_seq;
3235
3236 /* Merge over control information. This moves PSH/FIN etc. over */
3237 TCP_SKB_CB(skb)->tcp_flags |= TCP_SKB_CB(next_skb)->tcp_flags;
3238
3239 /* All done, get rid of second SKB and account for it so
3240 * packet counting does not break.
3241 */
3242 TCP_SKB_CB(skb)->sacked |= TCP_SKB_CB(next_skb)->sacked & TCPCB_EVER_RETRANS;
3243 TCP_SKB_CB(skb)->eor = TCP_SKB_CB(next_skb)->eor;
3244
3245 /* changed transmit queue under us so clear hints */
3246 tcp_clear_retrans_hints_partial(tp);
3247 if (next_skb == tp->retransmit_skb_hint)
3248 tp->retransmit_skb_hint = skb;
3249
3250 tcp_adjust_pcount(sk, next_skb, tcp_skb_pcount(next_skb));
3251
3252 tcp_skb_collapse_tstamp(skb, next_skb);
3253
3254 tcp_rtx_queue_unlink_and_free(next_skb, sk);
3255 return true;
3256 }
3257
3258 /* Check if coalescing SKBs is legal. */
tcp_can_collapse(const struct sock * sk,const struct sk_buff * skb)3259 static bool tcp_can_collapse(const struct sock *sk, const struct sk_buff *skb)
3260 {
3261 if (tcp_skb_pcount(skb) > 1)
3262 return false;
3263 if (skb_cloned(skb))
3264 return false;
3265 if (!skb_frags_readable(skb))
3266 return false;
3267 /* Some heuristics for collapsing over SACK'd could be invented */
3268 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_ACKED)
3269 return false;
3270
3271 return true;
3272 }
3273
3274 /* Collapse packets in the retransmit queue to make to create
3275 * less packets on the wire. This is only done on retransmission.
3276 */
tcp_retrans_try_collapse(struct sock * sk,struct sk_buff * to,int space)3277 static void tcp_retrans_try_collapse(struct sock *sk, struct sk_buff *to,
3278 int space)
3279 {
3280 struct tcp_sock *tp = tcp_sk(sk);
3281 struct sk_buff *skb = to, *tmp;
3282 bool first = true;
3283
3284 if (!READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_retrans_collapse))
3285 return;
3286 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)
3287 return;
3288
3289 skb_rbtree_walk_from_safe(skb, tmp) {
3290 if (!tcp_can_collapse(sk, skb))
3291 break;
3292
3293 if (!tcp_skb_can_collapse(to, skb))
3294 break;
3295
3296 space -= skb->len;
3297
3298 if (first) {
3299 first = false;
3300 continue;
3301 }
3302
3303 if (space < 0)
3304 break;
3305
3306 if (after(TCP_SKB_CB(skb)->end_seq, tcp_wnd_end(tp)))
3307 break;
3308
3309 if (!tcp_collapse_retrans(sk, to))
3310 break;
3311 }
3312 }
3313
3314 /* This retransmits one SKB. Policy decisions and retransmit queue
3315 * state updates are done by the caller. Returns non-zero if an
3316 * error occurred which prevented the send.
3317 */
__tcp_retransmit_skb(struct sock * sk,struct sk_buff * skb,int segs)3318 int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs)
3319 {
3320 struct inet_connection_sock *icsk = inet_csk(sk);
3321 struct tcp_sock *tp = tcp_sk(sk);
3322 unsigned int cur_mss;
3323 int diff, len, err;
3324 int avail_wnd;
3325
3326 /* Inconclusive MTU probe */
3327 if (icsk->icsk_mtup.probe_size)
3328 icsk->icsk_mtup.probe_size = 0;
3329
3330 if (skb_still_in_host_queue(sk, skb))
3331 return -EBUSY;
3332
3333 start:
3334 if (before(TCP_SKB_CB(skb)->seq, tp->snd_una)) {
3335 if (unlikely(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)) {
3336 TCP_SKB_CB(skb)->tcp_flags &= ~TCPHDR_SYN;
3337 TCP_SKB_CB(skb)->seq++;
3338 goto start;
3339 }
3340 if (unlikely(before(TCP_SKB_CB(skb)->end_seq, tp->snd_una))) {
3341 WARN_ON_ONCE(1);
3342 return -EINVAL;
3343 }
3344 if (tcp_trim_head(sk, skb, tp->snd_una - TCP_SKB_CB(skb)->seq))
3345 return -ENOMEM;
3346 }
3347
3348 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk))
3349 return -EHOSTUNREACH; /* Routing failure or similar. */
3350
3351 cur_mss = tcp_current_mss(sk);
3352 avail_wnd = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
3353
3354 /* If receiver has shrunk his window, and skb is out of
3355 * new window, do not retransmit it. The exception is the
3356 * case, when window is shrunk to zero. In this case
3357 * our retransmit of one segment serves as a zero window probe.
3358 */
3359 if (avail_wnd <= 0) {
3360 if (TCP_SKB_CB(skb)->seq != tp->snd_una)
3361 return -EAGAIN;
3362 avail_wnd = cur_mss;
3363 }
3364
3365 len = cur_mss * segs;
3366 if (len > avail_wnd) {
3367 len = rounddown(avail_wnd, cur_mss);
3368 if (!len)
3369 len = avail_wnd;
3370 }
3371 if (skb->len > len) {
3372 if (tcp_fragment(sk, TCP_FRAG_IN_RTX_QUEUE, skb, len,
3373 cur_mss, GFP_ATOMIC))
3374 return -ENOMEM; /* We'll try again later. */
3375 } else {
3376 if (skb_unclone_keeptruesize(skb, GFP_ATOMIC))
3377 return -ENOMEM;
3378
3379 diff = tcp_skb_pcount(skb);
3380 tcp_set_skb_tso_segs(skb, cur_mss);
3381 diff -= tcp_skb_pcount(skb);
3382 if (diff)
3383 tcp_adjust_pcount(sk, skb, diff);
3384 avail_wnd = min_t(int, avail_wnd, cur_mss);
3385 if (skb->len < avail_wnd)
3386 tcp_retrans_try_collapse(sk, skb, avail_wnd);
3387 }
3388
3389 /* RFC3168, section 6.1.1.1. ECN fallback */
3390 if ((TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN_ECN) == TCPHDR_SYN_ECN)
3391 tcp_ecn_clear_syn(sk, skb);
3392
3393 /* Update global and local TCP statistics. */
3394 segs = tcp_skb_pcount(skb);
3395 TCP_ADD_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS, segs);
3396 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)
3397 __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNRETRANS);
3398 tp->total_retrans += segs;
3399 tp->bytes_retrans += skb->len;
3400
3401 /* make sure skb->data is aligned on arches that require it
3402 * and check if ack-trimming & collapsing extended the headroom
3403 * beyond what csum_start can cover.
3404 */
3405 if (unlikely((NET_IP_ALIGN && ((unsigned long)skb->data & 3)) ||
3406 skb_headroom(skb) >= 0xFFFF)) {
3407 struct sk_buff *nskb;
3408
3409 tcp_skb_tsorted_save(skb) {
3410 nskb = __pskb_copy(skb, MAX_TCP_HEADER, GFP_ATOMIC);
3411 if (nskb) {
3412 nskb->dev = NULL;
3413 err = tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC);
3414 } else {
3415 err = -ENOBUFS;
3416 }
3417 } tcp_skb_tsorted_restore(skb);
3418
3419 if (!err) {
3420 tcp_update_skb_after_send(sk, skb, tp->tcp_wstamp_ns);
3421 tcp_rate_skb_sent(sk, skb);
3422 }
3423 } else {
3424 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
3425 }
3426
3427 if (BPF_SOCK_OPS_TEST_FLAG(tp, BPF_SOCK_OPS_RETRANS_CB_FLAG))
3428 tcp_call_bpf_3arg(sk, BPF_SOCK_OPS_RETRANS_CB,
3429 TCP_SKB_CB(skb)->seq, segs, err);
3430
3431 if (likely(!err)) {
3432 trace_tcp_retransmit_skb(sk, skb);
3433 } else if (err != -EBUSY) {
3434 NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPRETRANSFAIL, segs);
3435 }
3436
3437 /* To avoid taking spuriously low RTT samples based on a timestamp
3438 * for a transmit that never happened, always mark EVER_RETRANS
3439 */
3440 TCP_SKB_CB(skb)->sacked |= TCPCB_EVER_RETRANS;
3441
3442 return err;
3443 }
3444
tcp_retransmit_skb(struct sock * sk,struct sk_buff * skb,int segs)3445 int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs)
3446 {
3447 struct tcp_sock *tp = tcp_sk(sk);
3448 int err = __tcp_retransmit_skb(sk, skb, segs);
3449
3450 if (err == 0) {
3451 #if FASTRETRANS_DEBUG > 0
3452 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS) {
3453 net_dbg_ratelimited("retrans_out leaked\n");
3454 }
3455 #endif
3456 TCP_SKB_CB(skb)->sacked |= TCPCB_RETRANS;
3457 tp->retrans_out += tcp_skb_pcount(skb);
3458 }
3459
3460 /* Save stamp of the first (attempted) retransmit. */
3461 if (!tp->retrans_stamp)
3462 tp->retrans_stamp = tcp_skb_timestamp_ts(tp->tcp_usec_ts, skb);
3463
3464 if (tp->undo_retrans < 0)
3465 tp->undo_retrans = 0;
3466 tp->undo_retrans += tcp_skb_pcount(skb);
3467 return err;
3468 }
3469
3470 /* This gets called after a retransmit timeout, and the initially
3471 * retransmitted data is acknowledged. It tries to continue
3472 * resending the rest of the retransmit queue, until either
3473 * we've sent it all or the congestion window limit is reached.
3474 */
tcp_xmit_retransmit_queue(struct sock * sk)3475 void tcp_xmit_retransmit_queue(struct sock *sk)
3476 {
3477 const struct inet_connection_sock *icsk = inet_csk(sk);
3478 struct sk_buff *skb, *rtx_head, *hole = NULL;
3479 struct tcp_sock *tp = tcp_sk(sk);
3480 bool rearm_timer = false;
3481 u32 max_segs;
3482 int mib_idx;
3483
3484 if (!tp->packets_out)
3485 return;
3486
3487 rtx_head = tcp_rtx_queue_head(sk);
3488 skb = tp->retransmit_skb_hint ?: rtx_head;
3489 max_segs = tcp_tso_segs(sk, tcp_current_mss(sk));
3490 skb_rbtree_walk_from(skb) {
3491 __u8 sacked;
3492 int segs;
3493
3494 if (tcp_pacing_check(sk))
3495 break;
3496
3497 /* we could do better than to assign each time */
3498 if (!hole)
3499 tp->retransmit_skb_hint = skb;
3500
3501 segs = tcp_snd_cwnd(tp) - tcp_packets_in_flight(tp);
3502 if (segs <= 0)
3503 break;
3504 sacked = TCP_SKB_CB(skb)->sacked;
3505 /* In case tcp_shift_skb_data() have aggregated large skbs,
3506 * we need to make sure not sending too bigs TSO packets
3507 */
3508 segs = min_t(int, segs, max_segs);
3509
3510 if (tp->retrans_out >= tp->lost_out) {
3511 break;
3512 } else if (!(sacked & TCPCB_LOST)) {
3513 if (!hole && !(sacked & (TCPCB_SACKED_RETRANS|TCPCB_SACKED_ACKED)))
3514 hole = skb;
3515 continue;
3516
3517 } else {
3518 if (icsk->icsk_ca_state != TCP_CA_Loss)
3519 mib_idx = LINUX_MIB_TCPFASTRETRANS;
3520 else
3521 mib_idx = LINUX_MIB_TCPSLOWSTARTRETRANS;
3522 }
3523
3524 if (sacked & (TCPCB_SACKED_ACKED|TCPCB_SACKED_RETRANS))
3525 continue;
3526
3527 if (tcp_small_queue_check(sk, skb, 1))
3528 break;
3529
3530 if (tcp_retransmit_skb(sk, skb, segs))
3531 break;
3532
3533 NET_ADD_STATS(sock_net(sk), mib_idx, tcp_skb_pcount(skb));
3534
3535 if (tcp_in_cwnd_reduction(sk))
3536 tp->prr_out += tcp_skb_pcount(skb);
3537
3538 if (skb == rtx_head &&
3539 icsk->icsk_pending != ICSK_TIME_REO_TIMEOUT)
3540 rearm_timer = true;
3541
3542 }
3543 if (rearm_timer)
3544 tcp_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
3545 inet_csk(sk)->icsk_rto,
3546 TCP_RTO_MAX);
3547 }
3548
3549 /* We allow to exceed memory limits for FIN packets to expedite
3550 * connection tear down and (memory) recovery.
3551 * Otherwise tcp_send_fin() could be tempted to either delay FIN
3552 * or even be forced to close flow without any FIN.
3553 * In general, we want to allow one skb per socket to avoid hangs
3554 * with edge trigger epoll()
3555 */
sk_forced_mem_schedule(struct sock * sk,int size)3556 void sk_forced_mem_schedule(struct sock *sk, int size)
3557 {
3558 int delta, amt;
3559
3560 delta = size - sk->sk_forward_alloc;
3561 if (delta <= 0)
3562 return;
3563 amt = sk_mem_pages(delta);
3564 sk_forward_alloc_add(sk, amt << PAGE_SHIFT);
3565 sk_memory_allocated_add(sk, amt);
3566
3567 if (mem_cgroup_sockets_enabled && sk->sk_memcg)
3568 mem_cgroup_charge_skmem(sk->sk_memcg, amt,
3569 gfp_memcg_charge() | __GFP_NOFAIL);
3570 }
3571
3572 /* Send a FIN. The caller locks the socket for us.
3573 * We should try to send a FIN packet really hard, but eventually give up.
3574 */
tcp_send_fin(struct sock * sk)3575 void tcp_send_fin(struct sock *sk)
3576 {
3577 struct sk_buff *skb, *tskb, *tail = tcp_write_queue_tail(sk);
3578 struct tcp_sock *tp = tcp_sk(sk);
3579
3580 /* Optimization, tack on the FIN if we have one skb in write queue and
3581 * this skb was not yet sent, or we are under memory pressure.
3582 * Note: in the latter case, FIN packet will be sent after a timeout,
3583 * as TCP stack thinks it has already been transmitted.
3584 */
3585 tskb = tail;
3586 if (!tskb && tcp_under_memory_pressure(sk))
3587 tskb = skb_rb_last(&sk->tcp_rtx_queue);
3588
3589 if (tskb) {
3590 TCP_SKB_CB(tskb)->tcp_flags |= TCPHDR_FIN;
3591 TCP_SKB_CB(tskb)->end_seq++;
3592 tp->write_seq++;
3593 if (!tail) {
3594 /* This means tskb was already sent.
3595 * Pretend we included the FIN on previous transmit.
3596 * We need to set tp->snd_nxt to the value it would have
3597 * if FIN had been sent. This is because retransmit path
3598 * does not change tp->snd_nxt.
3599 */
3600 WRITE_ONCE(tp->snd_nxt, tp->snd_nxt + 1);
3601 return;
3602 }
3603 } else {
3604 skb = alloc_skb_fclone(MAX_TCP_HEADER,
3605 sk_gfp_mask(sk, GFP_ATOMIC |
3606 __GFP_NOWARN));
3607 if (unlikely(!skb))
3608 return;
3609
3610 INIT_LIST_HEAD(&skb->tcp_tsorted_anchor);
3611 skb_reserve(skb, MAX_TCP_HEADER);
3612 sk_forced_mem_schedule(sk, skb->truesize);
3613 /* FIN eats a sequence byte, write_seq advanced by tcp_queue_skb(). */
3614 tcp_init_nondata_skb(skb, tp->write_seq,
3615 TCPHDR_ACK | TCPHDR_FIN);
3616 tcp_queue_skb(sk, skb);
3617 }
3618 __tcp_push_pending_frames(sk, tcp_current_mss(sk), TCP_NAGLE_OFF);
3619 }
3620
3621 /* We get here when a process closes a file descriptor (either due to
3622 * an explicit close() or as a byproduct of exit()'ing) and there
3623 * was unread data in the receive queue. This behavior is recommended
3624 * by RFC 2525, section 2.17. -DaveM
3625 */
tcp_send_active_reset(struct sock * sk,gfp_t priority,enum sk_rst_reason reason)3626 void tcp_send_active_reset(struct sock *sk, gfp_t priority,
3627 enum sk_rst_reason reason)
3628 {
3629 struct sk_buff *skb;
3630
3631 TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTRSTS);
3632
3633 /* NOTE: No TCP options attached and we never retransmit this. */
3634 skb = alloc_skb(MAX_TCP_HEADER, priority);
3635 if (!skb) {
3636 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED);
3637 return;
3638 }
3639
3640 /* Reserve space for headers and prepare control bits. */
3641 skb_reserve(skb, MAX_TCP_HEADER);
3642 tcp_init_nondata_skb(skb, tcp_acceptable_seq(sk),
3643 TCPHDR_ACK | TCPHDR_RST);
3644 tcp_mstamp_refresh(tcp_sk(sk));
3645 /* Send it off. */
3646 if (tcp_transmit_skb(sk, skb, 0, priority))
3647 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPABORTFAILED);
3648
3649 /* skb of trace_tcp_send_reset() keeps the skb that caused RST,
3650 * skb here is different to the troublesome skb, so use NULL
3651 */
3652 trace_tcp_send_reset(sk, NULL, reason);
3653 }
3654
3655 /* Send a crossed SYN-ACK during socket establishment.
3656 * WARNING: This routine must only be called when we have already sent
3657 * a SYN packet that crossed the incoming SYN that caused this routine
3658 * to get called. If this assumption fails then the initial rcv_wnd
3659 * and rcv_wscale values will not be correct.
3660 */
tcp_send_synack(struct sock * sk)3661 int tcp_send_synack(struct sock *sk)
3662 {
3663 struct sk_buff *skb;
3664
3665 skb = tcp_rtx_queue_head(sk);
3666 if (!skb || !(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)) {
3667 pr_err("%s: wrong queue state\n", __func__);
3668 return -EFAULT;
3669 }
3670 if (!(TCP_SKB_CB(skb)->tcp_flags & TCPHDR_ACK)) {
3671 if (skb_cloned(skb)) {
3672 struct sk_buff *nskb;
3673
3674 tcp_skb_tsorted_save(skb) {
3675 nskb = skb_copy(skb, GFP_ATOMIC);
3676 } tcp_skb_tsorted_restore(skb);
3677 if (!nskb)
3678 return -ENOMEM;
3679 INIT_LIST_HEAD(&nskb->tcp_tsorted_anchor);
3680 tcp_highest_sack_replace(sk, skb, nskb);
3681 tcp_rtx_queue_unlink_and_free(skb, sk);
3682 __skb_header_release(nskb);
3683 tcp_rbtree_insert(&sk->tcp_rtx_queue, nskb);
3684 sk_wmem_queued_add(sk, nskb->truesize);
3685 sk_mem_charge(sk, nskb->truesize);
3686 skb = nskb;
3687 }
3688
3689 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_ACK;
3690 tcp_ecn_send_synack(sk, skb);
3691 }
3692 return tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
3693 }
3694
3695 /**
3696 * tcp_make_synack - Allocate one skb and build a SYNACK packet.
3697 * @sk: listener socket
3698 * @dst: dst entry attached to the SYNACK. It is consumed and caller
3699 * should not use it again.
3700 * @req: request_sock pointer
3701 * @foc: cookie for tcp fast open
3702 * @synack_type: Type of synack to prepare
3703 * @syn_skb: SYN packet just received. It could be NULL for rtx case.
3704 */
tcp_make_synack(const struct sock * sk,struct dst_entry * dst,struct request_sock * req,struct tcp_fastopen_cookie * foc,enum tcp_synack_type synack_type,struct sk_buff * syn_skb)3705 struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst,
3706 struct request_sock *req,
3707 struct tcp_fastopen_cookie *foc,
3708 enum tcp_synack_type synack_type,
3709 struct sk_buff *syn_skb)
3710 {
3711 struct inet_request_sock *ireq = inet_rsk(req);
3712 const struct tcp_sock *tp = tcp_sk(sk);
3713 struct tcp_out_options opts;
3714 struct tcp_key key = {};
3715 struct sk_buff *skb;
3716 int tcp_header_size;
3717 struct tcphdr *th;
3718 int mss;
3719 u64 now;
3720
3721 skb = alloc_skb(MAX_TCP_HEADER, GFP_ATOMIC);
3722 if (unlikely(!skb)) {
3723 dst_release(dst);
3724 return NULL;
3725 }
3726 /* Reserve space for headers. */
3727 skb_reserve(skb, MAX_TCP_HEADER);
3728
3729 switch (synack_type) {
3730 case TCP_SYNACK_NORMAL:
3731 skb_set_owner_w(skb, req_to_sk(req));
3732 break;
3733 case TCP_SYNACK_COOKIE:
3734 /* Under synflood, we do not attach skb to a socket,
3735 * to avoid false sharing.
3736 */
3737 break;
3738 case TCP_SYNACK_FASTOPEN:
3739 /* sk is a const pointer, because we want to express multiple
3740 * cpu might call us concurrently.
3741 * sk->sk_wmem_alloc in an atomic, we can promote to rw.
3742 */
3743 skb_set_owner_w(skb, (struct sock *)sk);
3744 break;
3745 }
3746 skb_dst_set(skb, dst);
3747
3748 mss = tcp_mss_clamp(tp, dst_metric_advmss(dst));
3749
3750 memset(&opts, 0, sizeof(opts));
3751 now = tcp_clock_ns();
3752 #ifdef CONFIG_SYN_COOKIES
3753 if (unlikely(synack_type == TCP_SYNACK_COOKIE && ireq->tstamp_ok))
3754 skb_set_delivery_time(skb, cookie_init_timestamp(req, now),
3755 SKB_CLOCK_MONOTONIC);
3756 else
3757 #endif
3758 {
3759 skb_set_delivery_time(skb, now, SKB_CLOCK_MONOTONIC);
3760 if (!tcp_rsk(req)->snt_synack) /* Timestamp first SYNACK */
3761 tcp_rsk(req)->snt_synack = tcp_skb_timestamp_us(skb);
3762 }
3763
3764 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
3765 rcu_read_lock();
3766 #endif
3767 if (tcp_rsk_used_ao(req)) {
3768 #ifdef CONFIG_TCP_AO
3769 struct tcp_ao_key *ao_key = NULL;
3770 u8 keyid = tcp_rsk(req)->ao_keyid;
3771 u8 rnext = tcp_rsk(req)->ao_rcv_next;
3772
3773 ao_key = tcp_sk(sk)->af_specific->ao_lookup(sk, req_to_sk(req),
3774 keyid, -1);
3775 /* If there is no matching key - avoid sending anything,
3776 * especially usigned segments. It could try harder and lookup
3777 * for another peer-matching key, but the peer has requested
3778 * ao_keyid (RFC5925 RNextKeyID), so let's keep it simple here.
3779 */
3780 if (unlikely(!ao_key)) {
3781 trace_tcp_ao_synack_no_key(sk, keyid, rnext);
3782 rcu_read_unlock();
3783 kfree_skb(skb);
3784 net_warn_ratelimited("TCP-AO: the keyid %u from SYN packet is not present - not sending SYNACK\n",
3785 keyid);
3786 return NULL;
3787 }
3788 key.ao_key = ao_key;
3789 key.type = TCP_KEY_AO;
3790 #endif
3791 } else {
3792 #ifdef CONFIG_TCP_MD5SIG
3793 key.md5_key = tcp_rsk(req)->af_specific->req_md5_lookup(sk,
3794 req_to_sk(req));
3795 if (key.md5_key)
3796 key.type = TCP_KEY_MD5;
3797 #endif
3798 }
3799 skb_set_hash(skb, READ_ONCE(tcp_rsk(req)->txhash), PKT_HASH_TYPE_L4);
3800 /* bpf program will be interested in the tcp_flags */
3801 TCP_SKB_CB(skb)->tcp_flags = TCPHDR_SYN | TCPHDR_ACK;
3802 tcp_header_size = tcp_synack_options(sk, req, mss, skb, &opts,
3803 &key, foc, synack_type, syn_skb)
3804 + sizeof(*th);
3805
3806 skb_push(skb, tcp_header_size);
3807 skb_reset_transport_header(skb);
3808
3809 th = (struct tcphdr *)skb->data;
3810 memset(th, 0, sizeof(struct tcphdr));
3811 th->syn = 1;
3812 th->ack = 1;
3813 tcp_ecn_make_synack(req, th);
3814 th->source = htons(ireq->ir_num);
3815 th->dest = ireq->ir_rmt_port;
3816 skb->mark = ireq->ir_mark;
3817 skb->ip_summed = CHECKSUM_PARTIAL;
3818 th->seq = htonl(tcp_rsk(req)->snt_isn);
3819 /* XXX data is queued and acked as is. No buffer/window check */
3820 th->ack_seq = htonl(tcp_rsk(req)->rcv_nxt);
3821
3822 /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */
3823 th->window = htons(min(req->rsk_rcv_wnd, 65535U));
3824 tcp_options_write(th, NULL, tcp_rsk(req), &opts, &key);
3825 th->doff = (tcp_header_size >> 2);
3826 TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTSEGS);
3827
3828 /* Okay, we have all we need - do the md5 hash if needed */
3829 if (tcp_key_is_md5(&key)) {
3830 #ifdef CONFIG_TCP_MD5SIG
3831 tcp_rsk(req)->af_specific->calc_md5_hash(opts.hash_location,
3832 key.md5_key, req_to_sk(req), skb);
3833 #endif
3834 } else if (tcp_key_is_ao(&key)) {
3835 #ifdef CONFIG_TCP_AO
3836 tcp_rsk(req)->af_specific->ao_synack_hash(opts.hash_location,
3837 key.ao_key, req, skb,
3838 opts.hash_location - (u8 *)th, 0);
3839 #endif
3840 }
3841 #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
3842 rcu_read_unlock();
3843 #endif
3844
3845 bpf_skops_write_hdr_opt((struct sock *)sk, skb, req, syn_skb,
3846 synack_type, &opts);
3847
3848 skb_set_delivery_time(skb, now, SKB_CLOCK_MONOTONIC);
3849 tcp_add_tx_delay(skb, tp);
3850
3851 return skb;
3852 }
3853 EXPORT_SYMBOL(tcp_make_synack);
3854
tcp_ca_dst_init(struct sock * sk,const struct dst_entry * dst)3855 static void tcp_ca_dst_init(struct sock *sk, const struct dst_entry *dst)
3856 {
3857 struct inet_connection_sock *icsk = inet_csk(sk);
3858 const struct tcp_congestion_ops *ca;
3859 u32 ca_key = dst_metric(dst, RTAX_CC_ALGO);
3860
3861 if (ca_key == TCP_CA_UNSPEC)
3862 return;
3863
3864 rcu_read_lock();
3865 ca = tcp_ca_find_key(ca_key);
3866 if (likely(ca && bpf_try_module_get(ca, ca->owner))) {
3867 bpf_module_put(icsk->icsk_ca_ops, icsk->icsk_ca_ops->owner);
3868 icsk->icsk_ca_dst_locked = tcp_ca_dst_locked(dst);
3869 icsk->icsk_ca_ops = ca;
3870 }
3871 rcu_read_unlock();
3872 }
3873
3874 /* Do all connect socket setups that can be done AF independent. */
tcp_connect_init(struct sock * sk)3875 static void tcp_connect_init(struct sock *sk)
3876 {
3877 const struct dst_entry *dst = __sk_dst_get(sk);
3878 struct tcp_sock *tp = tcp_sk(sk);
3879 __u8 rcv_wscale;
3880 u32 rcv_wnd;
3881
3882 /* We'll fix this up when we get a response from the other end.
3883 * See tcp_input.c:tcp_rcv_state_process case TCP_SYN_SENT.
3884 */
3885 tp->tcp_header_len = sizeof(struct tcphdr);
3886 if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_timestamps))
3887 tp->tcp_header_len += TCPOLEN_TSTAMP_ALIGNED;
3888
3889 tcp_ao_connect_init(sk);
3890
3891 /* If user gave his TCP_MAXSEG, record it to clamp */
3892 if (tp->rx_opt.user_mss)
3893 tp->rx_opt.mss_clamp = tp->rx_opt.user_mss;
3894 tp->max_window = 0;
3895 tcp_mtup_init(sk);
3896 tcp_sync_mss(sk, dst_mtu(dst));
3897
3898 tcp_ca_dst_init(sk, dst);
3899
3900 if (!tp->window_clamp)
3901 WRITE_ONCE(tp->window_clamp, dst_metric(dst, RTAX_WINDOW));
3902 tp->advmss = tcp_mss_clamp(tp, dst_metric_advmss(dst));
3903
3904 tcp_initialize_rcv_mss(sk);
3905
3906 /* limit the window selection if the user enforce a smaller rx buffer */
3907 if (sk->sk_userlocks & SOCK_RCVBUF_LOCK &&
3908 (tp->window_clamp > tcp_full_space(sk) || tp->window_clamp == 0))
3909 WRITE_ONCE(tp->window_clamp, tcp_full_space(sk));
3910
3911 rcv_wnd = tcp_rwnd_init_bpf(sk);
3912 if (rcv_wnd == 0)
3913 rcv_wnd = dst_metric(dst, RTAX_INITRWND);
3914
3915 tcp_select_initial_window(sk, tcp_full_space(sk),
3916 tp->advmss - (tp->rx_opt.ts_recent_stamp ? tp->tcp_header_len - sizeof(struct tcphdr) : 0),
3917 &tp->rcv_wnd,
3918 &tp->window_clamp,
3919 READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_window_scaling),
3920 &rcv_wscale,
3921 rcv_wnd);
3922
3923 tp->rx_opt.rcv_wscale = rcv_wscale;
3924 tp->rcv_ssthresh = tp->rcv_wnd;
3925
3926 WRITE_ONCE(sk->sk_err, 0);
3927 sock_reset_flag(sk, SOCK_DONE);
3928 tp->snd_wnd = 0;
3929 tcp_init_wl(tp, 0);
3930 tcp_write_queue_purge(sk);
3931 tp->snd_una = tp->write_seq;
3932 tp->snd_sml = tp->write_seq;
3933 tp->snd_up = tp->write_seq;
3934 WRITE_ONCE(tp->snd_nxt, tp->write_seq);
3935
3936 if (likely(!tp->repair))
3937 tp->rcv_nxt = 0;
3938 else
3939 tp->rcv_tstamp = tcp_jiffies32;
3940 tp->rcv_wup = tp->rcv_nxt;
3941 WRITE_ONCE(tp->copied_seq, tp->rcv_nxt);
3942
3943 inet_csk(sk)->icsk_rto = tcp_timeout_init(sk);
3944 inet_csk(sk)->icsk_retransmits = 0;
3945 tcp_clear_retrans(tp);
3946 }
3947
tcp_connect_queue_skb(struct sock * sk,struct sk_buff * skb)3948 static void tcp_connect_queue_skb(struct sock *sk, struct sk_buff *skb)
3949 {
3950 struct tcp_sock *tp = tcp_sk(sk);
3951 struct tcp_skb_cb *tcb = TCP_SKB_CB(skb);
3952
3953 tcb->end_seq += skb->len;
3954 __skb_header_release(skb);
3955 sk_wmem_queued_add(sk, skb->truesize);
3956 sk_mem_charge(sk, skb->truesize);
3957 WRITE_ONCE(tp->write_seq, tcb->end_seq);
3958 tp->packets_out += tcp_skb_pcount(skb);
3959 }
3960
3961 /* Build and send a SYN with data and (cached) Fast Open cookie. However,
3962 * queue a data-only packet after the regular SYN, such that regular SYNs
3963 * are retransmitted on timeouts. Also if the remote SYN-ACK acknowledges
3964 * only the SYN sequence, the data are retransmitted in the first ACK.
3965 * If cookie is not cached or other error occurs, falls back to send a
3966 * regular SYN with Fast Open cookie request option.
3967 */
tcp_send_syn_data(struct sock * sk,struct sk_buff * syn)3968 static int tcp_send_syn_data(struct sock *sk, struct sk_buff *syn)
3969 {
3970 struct inet_connection_sock *icsk = inet_csk(sk);
3971 struct tcp_sock *tp = tcp_sk(sk);
3972 struct tcp_fastopen_request *fo = tp->fastopen_req;
3973 struct page_frag *pfrag = sk_page_frag(sk);
3974 struct sk_buff *syn_data;
3975 int space, err = 0;
3976
3977 tp->rx_opt.mss_clamp = tp->advmss; /* If MSS is not cached */
3978 if (!tcp_fastopen_cookie_check(sk, &tp->rx_opt.mss_clamp, &fo->cookie))
3979 goto fallback;
3980
3981 /* MSS for SYN-data is based on cached MSS and bounded by PMTU and
3982 * user-MSS. Reserve maximum option space for middleboxes that add
3983 * private TCP options. The cost is reduced data space in SYN :(
3984 */
3985 tp->rx_opt.mss_clamp = tcp_mss_clamp(tp, tp->rx_opt.mss_clamp);
3986 /* Sync mss_cache after updating the mss_clamp */
3987 tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
3988
3989 space = __tcp_mtu_to_mss(sk, icsk->icsk_pmtu_cookie) -
3990 MAX_TCP_OPTION_SPACE;
3991
3992 space = min_t(size_t, space, fo->size);
3993
3994 if (space &&
3995 !skb_page_frag_refill(min_t(size_t, space, PAGE_SIZE),
3996 pfrag, sk->sk_allocation))
3997 goto fallback;
3998 syn_data = tcp_stream_alloc_skb(sk, sk->sk_allocation, false);
3999 if (!syn_data)
4000 goto fallback;
4001 memcpy(syn_data->cb, syn->cb, sizeof(syn->cb));
4002 if (space) {
4003 space = min_t(size_t, space, pfrag->size - pfrag->offset);
4004 space = tcp_wmem_schedule(sk, space);
4005 }
4006 if (space) {
4007 space = copy_page_from_iter(pfrag->page, pfrag->offset,
4008 space, &fo->data->msg_iter);
4009 if (unlikely(!space)) {
4010 tcp_skb_tsorted_anchor_cleanup(syn_data);
4011 kfree_skb(syn_data);
4012 goto fallback;
4013 }
4014 skb_fill_page_desc(syn_data, 0, pfrag->page,
4015 pfrag->offset, space);
4016 page_ref_inc(pfrag->page);
4017 pfrag->offset += space;
4018 skb_len_add(syn_data, space);
4019 skb_zcopy_set(syn_data, fo->uarg, NULL);
4020 }
4021 /* No more data pending in inet_wait_for_connect() */
4022 if (space == fo->size)
4023 fo->data = NULL;
4024 fo->copied = space;
4025
4026 tcp_connect_queue_skb(sk, syn_data);
4027 if (syn_data->len)
4028 tcp_chrono_start(sk, TCP_CHRONO_BUSY);
4029
4030 err = tcp_transmit_skb(sk, syn_data, 1, sk->sk_allocation);
4031
4032 skb_set_delivery_time(syn, syn_data->skb_mstamp_ns, SKB_CLOCK_MONOTONIC);
4033
4034 /* Now full SYN+DATA was cloned and sent (or not),
4035 * remove the SYN from the original skb (syn_data)
4036 * we keep in write queue in case of a retransmit, as we
4037 * also have the SYN packet (with no data) in the same queue.
4038 */
4039 TCP_SKB_CB(syn_data)->seq++;
4040 TCP_SKB_CB(syn_data)->tcp_flags = TCPHDR_ACK | TCPHDR_PSH;
4041 if (!err) {
4042 tp->syn_data = (fo->copied > 0);
4043 tcp_rbtree_insert(&sk->tcp_rtx_queue, syn_data);
4044 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPORIGDATASENT);
4045 goto done;
4046 }
4047
4048 /* data was not sent, put it in write_queue */
4049 __skb_queue_tail(&sk->sk_write_queue, syn_data);
4050 tp->packets_out -= tcp_skb_pcount(syn_data);
4051
4052 fallback:
4053 /* Send a regular SYN with Fast Open cookie request option */
4054 if (fo->cookie.len > 0)
4055 fo->cookie.len = 0;
4056 err = tcp_transmit_skb(sk, syn, 1, sk->sk_allocation);
4057 if (err)
4058 tp->syn_fastopen = 0;
4059 done:
4060 fo->cookie.len = -1; /* Exclude Fast Open option for SYN retries */
4061 return err;
4062 }
4063
4064 /* Build a SYN and send it off. */
tcp_connect(struct sock * sk)4065 int tcp_connect(struct sock *sk)
4066 {
4067 struct tcp_sock *tp = tcp_sk(sk);
4068 struct sk_buff *buff;
4069 int err;
4070
4071 tcp_call_bpf(sk, BPF_SOCK_OPS_TCP_CONNECT_CB, 0, NULL);
4072
4073 #if defined(CONFIG_TCP_MD5SIG) && defined(CONFIG_TCP_AO)
4074 /* Has to be checked late, after setting daddr/saddr/ops.
4075 * Return error if the peer has both a md5 and a tcp-ao key
4076 * configured as this is ambiguous.
4077 */
4078 if (unlikely(rcu_dereference_protected(tp->md5sig_info,
4079 lockdep_sock_is_held(sk)))) {
4080 bool needs_ao = !!tp->af_specific->ao_lookup(sk, sk, -1, -1);
4081 bool needs_md5 = !!tp->af_specific->md5_lookup(sk, sk);
4082 struct tcp_ao_info *ao_info;
4083
4084 ao_info = rcu_dereference_check(tp->ao_info,
4085 lockdep_sock_is_held(sk));
4086 if (ao_info) {
4087 /* This is an extra check: tcp_ao_required() in
4088 * tcp_v{4,6}_parse_md5_keys() should prevent adding
4089 * md5 keys on ao_required socket.
4090 */
4091 needs_ao |= ao_info->ao_required;
4092 WARN_ON_ONCE(ao_info->ao_required && needs_md5);
4093 }
4094 if (needs_md5 && needs_ao)
4095 return -EKEYREJECTED;
4096
4097 /* If we have a matching md5 key and no matching tcp-ao key
4098 * then free up ao_info if allocated.
4099 */
4100 if (needs_md5) {
4101 tcp_ao_destroy_sock(sk, false);
4102 } else if (needs_ao) {
4103 tcp_clear_md5_list(sk);
4104 kfree(rcu_replace_pointer(tp->md5sig_info, NULL,
4105 lockdep_sock_is_held(sk)));
4106 }
4107 }
4108 #endif
4109 #ifdef CONFIG_TCP_AO
4110 if (unlikely(rcu_dereference_protected(tp->ao_info,
4111 lockdep_sock_is_held(sk)))) {
4112 /* Don't allow connecting if ao is configured but no
4113 * matching key is found.
4114 */
4115 if (!tp->af_specific->ao_lookup(sk, sk, -1, -1))
4116 return -EKEYREJECTED;
4117 }
4118 #endif
4119
4120 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk))
4121 return -EHOSTUNREACH; /* Routing failure or similar. */
4122
4123 tcp_connect_init(sk);
4124
4125 if (unlikely(tp->repair)) {
4126 tcp_finish_connect(sk, NULL);
4127 return 0;
4128 }
4129
4130 buff = tcp_stream_alloc_skb(sk, sk->sk_allocation, true);
4131 if (unlikely(!buff))
4132 return -ENOBUFS;
4133
4134 tcp_init_nondata_skb(buff, tp->write_seq++, TCPHDR_SYN);
4135 tcp_mstamp_refresh(tp);
4136 tp->retrans_stamp = tcp_time_stamp_ts(tp);
4137 tcp_connect_queue_skb(sk, buff);
4138 tcp_ecn_send_syn(sk, buff);
4139 tcp_rbtree_insert(&sk->tcp_rtx_queue, buff);
4140
4141 /* Send off SYN; include data in Fast Open. */
4142 err = tp->fastopen_req ? tcp_send_syn_data(sk, buff) :
4143 tcp_transmit_skb(sk, buff, 1, sk->sk_allocation);
4144 if (err == -ECONNREFUSED)
4145 return err;
4146
4147 /* We change tp->snd_nxt after the tcp_transmit_skb() call
4148 * in order to make this packet get counted in tcpOutSegs.
4149 */
4150 WRITE_ONCE(tp->snd_nxt, tp->write_seq);
4151 tp->pushed_seq = tp->write_seq;
4152 buff = tcp_send_head(sk);
4153 if (unlikely(buff)) {
4154 WRITE_ONCE(tp->snd_nxt, TCP_SKB_CB(buff)->seq);
4155 tp->pushed_seq = TCP_SKB_CB(buff)->seq;
4156 }
4157 TCP_INC_STATS(sock_net(sk), TCP_MIB_ACTIVEOPENS);
4158
4159 /* Timer for repeating the SYN until an answer. */
4160 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
4161 inet_csk(sk)->icsk_rto, TCP_RTO_MAX);
4162 return 0;
4163 }
4164 EXPORT_SYMBOL(tcp_connect);
4165
tcp_delack_max(const struct sock * sk)4166 u32 tcp_delack_max(const struct sock *sk)
4167 {
4168 u32 delack_from_rto_min = max(tcp_rto_min(sk), 2) - 1;
4169
4170 return min(inet_csk(sk)->icsk_delack_max, delack_from_rto_min);
4171 }
4172
4173 /* Send out a delayed ack, the caller does the policy checking
4174 * to see if we should even be here. See tcp_input.c:tcp_ack_snd_check()
4175 * for details.
4176 */
tcp_send_delayed_ack(struct sock * sk)4177 void tcp_send_delayed_ack(struct sock *sk)
4178 {
4179 struct inet_connection_sock *icsk = inet_csk(sk);
4180 int ato = icsk->icsk_ack.ato;
4181 unsigned long timeout;
4182
4183 if (ato > TCP_DELACK_MIN) {
4184 const struct tcp_sock *tp = tcp_sk(sk);
4185 int max_ato = HZ / 2;
4186
4187 if (inet_csk_in_pingpong_mode(sk) ||
4188 (icsk->icsk_ack.pending & ICSK_ACK_PUSHED))
4189 max_ato = TCP_DELACK_MAX;
4190
4191 /* Slow path, intersegment interval is "high". */
4192
4193 /* If some rtt estimate is known, use it to bound delayed ack.
4194 * Do not use inet_csk(sk)->icsk_rto here, use results of rtt measurements
4195 * directly.
4196 */
4197 if (tp->srtt_us) {
4198 int rtt = max_t(int, usecs_to_jiffies(tp->srtt_us >> 3),
4199 TCP_DELACK_MIN);
4200
4201 if (rtt < max_ato)
4202 max_ato = rtt;
4203 }
4204
4205 ato = min(ato, max_ato);
4206 }
4207
4208 ato = min_t(u32, ato, tcp_delack_max(sk));
4209
4210 /* Stay within the limit we were given */
4211 timeout = jiffies + ato;
4212
4213 /* Use new timeout only if there wasn't a older one earlier. */
4214 if (icsk->icsk_ack.pending & ICSK_ACK_TIMER) {
4215 /* If delack timer is about to expire, send ACK now. */
4216 if (time_before_eq(icsk->icsk_ack.timeout, jiffies + (ato >> 2))) {
4217 tcp_send_ack(sk);
4218 return;
4219 }
4220
4221 if (!time_before(timeout, icsk->icsk_ack.timeout))
4222 timeout = icsk->icsk_ack.timeout;
4223 }
4224 icsk->icsk_ack.pending |= ICSK_ACK_SCHED | ICSK_ACK_TIMER;
4225 icsk->icsk_ack.timeout = timeout;
4226 sk_reset_timer(sk, &icsk->icsk_delack_timer, timeout);
4227 }
4228
4229 /* This routine sends an ack and also updates the window. */
__tcp_send_ack(struct sock * sk,u32 rcv_nxt)4230 void __tcp_send_ack(struct sock *sk, u32 rcv_nxt)
4231 {
4232 struct sk_buff *buff;
4233
4234 /* If we have been reset, we may not send again. */
4235 if (sk->sk_state == TCP_CLOSE)
4236 return;
4237
4238 /* We are not putting this on the write queue, so
4239 * tcp_transmit_skb() will set the ownership to this
4240 * sock.
4241 */
4242 buff = alloc_skb(MAX_TCP_HEADER,
4243 sk_gfp_mask(sk, GFP_ATOMIC | __GFP_NOWARN));
4244 if (unlikely(!buff)) {
4245 struct inet_connection_sock *icsk = inet_csk(sk);
4246 unsigned long delay;
4247
4248 delay = TCP_DELACK_MAX << icsk->icsk_ack.retry;
4249 if (delay < TCP_RTO_MAX)
4250 icsk->icsk_ack.retry++;
4251 inet_csk_schedule_ack(sk);
4252 icsk->icsk_ack.ato = TCP_ATO_MIN;
4253 inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK, delay, TCP_RTO_MAX);
4254 return;
4255 }
4256
4257 /* Reserve space for headers and prepare control bits. */
4258 skb_reserve(buff, MAX_TCP_HEADER);
4259 tcp_init_nondata_skb(buff, tcp_acceptable_seq(sk), TCPHDR_ACK);
4260
4261 /* We do not want pure acks influencing TCP Small Queues or fq/pacing
4262 * too much.
4263 * SKB_TRUESIZE(max(1 .. 66, MAX_TCP_HEADER)) is unfortunately ~784
4264 */
4265 skb_set_tcp_pure_ack(buff);
4266
4267 /* Send it off, this clears delayed acks for us. */
4268 __tcp_transmit_skb(sk, buff, 0, (__force gfp_t)0, rcv_nxt);
4269 }
4270 EXPORT_SYMBOL_GPL(__tcp_send_ack);
4271
tcp_send_ack(struct sock * sk)4272 void tcp_send_ack(struct sock *sk)
4273 {
4274 __tcp_send_ack(sk, tcp_sk(sk)->rcv_nxt);
4275 }
4276
4277 /* This routine sends a packet with an out of date sequence
4278 * number. It assumes the other end will try to ack it.
4279 *
4280 * Question: what should we make while urgent mode?
4281 * 4.4BSD forces sending single byte of data. We cannot send
4282 * out of window data, because we have SND.NXT==SND.MAX...
4283 *
4284 * Current solution: to send TWO zero-length segments in urgent mode:
4285 * one is with SEG.SEQ=SND.UNA to deliver urgent pointer, another is
4286 * out-of-date with SND.UNA-1 to probe window.
4287 */
tcp_xmit_probe_skb(struct sock * sk,int urgent,int mib)4288 static int tcp_xmit_probe_skb(struct sock *sk, int urgent, int mib)
4289 {
4290 struct tcp_sock *tp = tcp_sk(sk);
4291 struct sk_buff *skb;
4292
4293 /* We don't queue it, tcp_transmit_skb() sets ownership. */
4294 skb = alloc_skb(MAX_TCP_HEADER,
4295 sk_gfp_mask(sk, GFP_ATOMIC | __GFP_NOWARN));
4296 if (!skb)
4297 return -1;
4298
4299 /* Reserve space for headers and set control bits. */
4300 skb_reserve(skb, MAX_TCP_HEADER);
4301 /* Use a previous sequence. This should cause the other
4302 * end to send an ack. Don't queue or clone SKB, just
4303 * send it.
4304 */
4305 tcp_init_nondata_skb(skb, tp->snd_una - !urgent, TCPHDR_ACK);
4306 NET_INC_STATS(sock_net(sk), mib);
4307 return tcp_transmit_skb(sk, skb, 0, (__force gfp_t)0);
4308 }
4309
4310 /* Called from setsockopt( ... TCP_REPAIR ) */
tcp_send_window_probe(struct sock * sk)4311 void tcp_send_window_probe(struct sock *sk)
4312 {
4313 if (sk->sk_state == TCP_ESTABLISHED) {
4314 tcp_sk(sk)->snd_wl1 = tcp_sk(sk)->rcv_nxt - 1;
4315 tcp_mstamp_refresh(tcp_sk(sk));
4316 tcp_xmit_probe_skb(sk, 0, LINUX_MIB_TCPWINPROBE);
4317 }
4318 }
4319
4320 /* Initiate keepalive or window probe from timer. */
tcp_write_wakeup(struct sock * sk,int mib)4321 int tcp_write_wakeup(struct sock *sk, int mib)
4322 {
4323 struct tcp_sock *tp = tcp_sk(sk);
4324 struct sk_buff *skb;
4325
4326 if (sk->sk_state == TCP_CLOSE)
4327 return -1;
4328
4329 skb = tcp_send_head(sk);
4330 if (skb && before(TCP_SKB_CB(skb)->seq, tcp_wnd_end(tp))) {
4331 int err;
4332 unsigned int mss = tcp_current_mss(sk);
4333 unsigned int seg_size = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
4334
4335 if (before(tp->pushed_seq, TCP_SKB_CB(skb)->end_seq))
4336 tp->pushed_seq = TCP_SKB_CB(skb)->end_seq;
4337
4338 /* We are probing the opening of a window
4339 * but the window size is != 0
4340 * must have been a result SWS avoidance ( sender )
4341 */
4342 if (seg_size < TCP_SKB_CB(skb)->end_seq - TCP_SKB_CB(skb)->seq ||
4343 skb->len > mss) {
4344 seg_size = min(seg_size, mss);
4345 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH;
4346 if (tcp_fragment(sk, TCP_FRAG_IN_WRITE_QUEUE,
4347 skb, seg_size, mss, GFP_ATOMIC))
4348 return -1;
4349 } else if (!tcp_skb_pcount(skb))
4350 tcp_set_skb_tso_segs(skb, mss);
4351
4352 TCP_SKB_CB(skb)->tcp_flags |= TCPHDR_PSH;
4353 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
4354 if (!err)
4355 tcp_event_new_data_sent(sk, skb);
4356 return err;
4357 } else {
4358 if (between(tp->snd_up, tp->snd_una + 1, tp->snd_una + 0xFFFF))
4359 tcp_xmit_probe_skb(sk, 1, mib);
4360 return tcp_xmit_probe_skb(sk, 0, mib);
4361 }
4362 }
4363
4364 /* A window probe timeout has occurred. If window is not closed send
4365 * a partial packet else a zero probe.
4366 */
tcp_send_probe0(struct sock * sk)4367 void tcp_send_probe0(struct sock *sk)
4368 {
4369 struct inet_connection_sock *icsk = inet_csk(sk);
4370 struct tcp_sock *tp = tcp_sk(sk);
4371 struct net *net = sock_net(sk);
4372 unsigned long timeout;
4373 int err;
4374
4375 err = tcp_write_wakeup(sk, LINUX_MIB_TCPWINPROBE);
4376
4377 if (tp->packets_out || tcp_write_queue_empty(sk)) {
4378 /* Cancel probe timer, if it is not required. */
4379 icsk->icsk_probes_out = 0;
4380 icsk->icsk_backoff = 0;
4381 icsk->icsk_probes_tstamp = 0;
4382 return;
4383 }
4384
4385 icsk->icsk_probes_out++;
4386 if (err <= 0) {
4387 if (icsk->icsk_backoff < READ_ONCE(net->ipv4.sysctl_tcp_retries2))
4388 icsk->icsk_backoff++;
4389 timeout = tcp_probe0_when(sk, TCP_RTO_MAX);
4390 } else {
4391 /* If packet was not sent due to local congestion,
4392 * Let senders fight for local resources conservatively.
4393 */
4394 timeout = TCP_RESOURCE_PROBE_INTERVAL;
4395 }
4396
4397 timeout = tcp_clamp_probe0_to_user_timeout(sk, timeout);
4398 tcp_reset_xmit_timer(sk, ICSK_TIME_PROBE0, timeout, TCP_RTO_MAX);
4399 }
4400
tcp_rtx_synack(const struct sock * sk,struct request_sock * req)4401 int tcp_rtx_synack(const struct sock *sk, struct request_sock *req)
4402 {
4403 const struct tcp_request_sock_ops *af_ops = tcp_rsk(req)->af_specific;
4404 struct flowi fl;
4405 int res;
4406
4407 /* Paired with WRITE_ONCE() in sock_setsockopt() */
4408 if (READ_ONCE(sk->sk_txrehash) == SOCK_TXREHASH_ENABLED)
4409 WRITE_ONCE(tcp_rsk(req)->txhash, net_tx_rndhash());
4410 res = af_ops->send_synack(sk, NULL, &fl, req, NULL, TCP_SYNACK_NORMAL,
4411 NULL);
4412 if (!res) {
4413 TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS);
4414 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNRETRANS);
4415 if (unlikely(tcp_passive_fastopen(sk))) {
4416 /* sk has const attribute because listeners are lockless.
4417 * However in this case, we are dealing with a passive fastopen
4418 * socket thus we can change total_retrans value.
4419 */
4420 tcp_sk_rw(sk)->total_retrans++;
4421 }
4422 trace_tcp_retransmit_synack(sk, req);
4423 }
4424 return res;
4425 }
4426 EXPORT_SYMBOL(tcp_rtx_synack);
4427