1 /* $OpenBSD: tcp_timer.c,v 1.76 2024/01/28 20:34:25 bluhm Exp $ */
2 /* $NetBSD: tcp_timer.c,v 1.14 1996/02/13 23:44:09 christos Exp $ */
3
4 /*
5 * Copyright (c) 1982, 1986, 1988, 1990, 1993
6 * The Regents of the University of California. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * @(#)tcp_timer.c 8.1 (Berkeley) 6/10/93
33 */
34
35 #include <sys/param.h>
36 #include <sys/systm.h>
37 #include <sys/mbuf.h>
38 #include <sys/socket.h>
39 #include <sys/socketvar.h>
40 #include <sys/protosw.h>
41 #include <sys/kernel.h>
42 #include <sys/pool.h>
43
44 #include <net/route.h>
45
46 #include <netinet/in.h>
47 #include <netinet/ip.h>
48 #include <netinet/in_pcb.h>
49 #include <netinet/ip_var.h>
50 #include <netinet/tcp.h>
51 #include <netinet/tcp_fsm.h>
52 #include <netinet/tcp_timer.h>
53 #include <netinet/tcp_var.h>
54 #include <netinet/tcp_debug.h>
55 #include <netinet/ip_icmp.h>
56 #include <netinet/tcp_seq.h>
57
58 /*
59 * Locks used to protect struct members in this file:
60 * T tcp_timer_mtx global tcp timer data structures
61 */
62
63 int tcp_always_keepalive;
64 int tcp_keepidle;
65 int tcp_keepintvl;
66 int tcp_maxpersistidle; /* max idle time in persist */
67 int tcp_maxidle; /* [T] max idle time for keep alive */
68
69 /*
70 * Time to delay the ACK. This is initialized in tcp_init(), unless
71 * its patched.
72 */
73 int tcp_delack_msecs;
74
75 void tcp_timer_rexmt(void *);
76 void tcp_timer_persist(void *);
77 void tcp_timer_keep(void *);
78 void tcp_timer_2msl(void *);
79 void tcp_timer_reaper(void *);
80 void tcp_timer_delack(void *);
81
82 const tcp_timer_func_t tcp_timer_funcs[TCPT_NTIMERS] = {
83 tcp_timer_rexmt,
84 tcp_timer_persist,
85 tcp_timer_keep,
86 tcp_timer_2msl,
87 tcp_timer_reaper,
88 tcp_timer_delack,
89 };
90
91 /*
92 * Timer state initialization, called from tcp_init().
93 */
94 void
tcp_timer_init(void)95 tcp_timer_init(void)
96 {
97
98 if (tcp_keepidle == 0)
99 tcp_keepidle = TCPTV_KEEP_IDLE;
100
101 if (tcp_keepintvl == 0)
102 tcp_keepintvl = TCPTV_KEEPINTVL;
103
104 if (tcp_maxpersistidle == 0)
105 tcp_maxpersistidle = TCPTV_KEEP_IDLE;
106
107 if (tcp_delack_msecs == 0)
108 tcp_delack_msecs = TCP_DELACK_MSECS;
109 }
110
111 /*
112 * Callout to process delayed ACKs for a TCPCB.
113 */
114 void
tcp_timer_delack(void * arg)115 tcp_timer_delack(void *arg)
116 {
117 struct tcpcb *otp = NULL, *tp = arg;
118 short ostate;
119
120 /*
121 * If tcp_output() wasn't able to transmit the ACK
122 * for whatever reason, it will restart the delayed
123 * ACK callout.
124 */
125 NET_LOCK();
126 /* Ignore canceled timeouts or timeouts that have been rescheduled. */
127 if (!ISSET((tp)->t_flags, TF_TMR_DELACK) ||
128 timeout_pending(&tp->t_timer[TCPT_DELACK]))
129 goto out;
130 CLR((tp)->t_flags, TF_TMR_DELACK);
131
132 if (tp->t_inpcb->inp_socket->so_options & SO_DEBUG) {
133 otp = tp;
134 ostate = tp->t_state;
135 }
136 tp->t_flags |= TF_ACKNOW;
137 (void) tcp_output(tp);
138 if (otp)
139 tcp_trace(TA_TIMER, ostate, tp, otp, NULL, TCPT_DELACK, 0);
140 out:
141 NET_UNLOCK();
142 }
143
144 /*
145 * Tcp protocol timeout routine called every 500 ms.
146 * Updates the timers in all active tcb's and
147 * causes finite state machine actions if timers expire.
148 */
149 void
tcp_slowtimo(void)150 tcp_slowtimo(void)
151 {
152 mtx_enter(&tcp_timer_mtx);
153 tcp_maxidle = TCPTV_KEEPCNT * tcp_keepintvl;
154 tcp_iss += TCP_ISSINCR2/PR_SLOWHZ; /* increment iss */
155 mtx_leave(&tcp_timer_mtx);
156 }
157
158 /*
159 * Cancel all timers for TCP tp.
160 */
161 void
tcp_canceltimers(struct tcpcb * tp)162 tcp_canceltimers(struct tcpcb *tp)
163 {
164 int i;
165
166 for (i = 0; i < TCPT_NTIMERS; i++)
167 TCP_TIMER_DISARM(tp, i);
168 }
169
170 int tcp_backoff[TCP_MAXRXTSHIFT + 1] =
171 { 1, 2, 4, 8, 16, 32, 64, 64, 64, 64, 64, 64, 64 };
172
173 int tcp_totbackoff = 511; /* sum of tcp_backoff[] */
174
175 /*
176 * TCP timer processing.
177 */
178
179 void tcp_timer_freesack(struct tcpcb *);
180
181 void
tcp_timer_freesack(struct tcpcb * tp)182 tcp_timer_freesack(struct tcpcb *tp)
183 {
184 struct sackhole *p, *q;
185 /*
186 * Free SACK holes for 2MSL and REXMT timers.
187 */
188 q = tp->snd_holes;
189 while (q != NULL) {
190 p = q;
191 q = q->next;
192 pool_put(&sackhl_pool, p);
193 }
194 tp->snd_holes = 0;
195 }
196
197 void
tcp_timer_rexmt(void * arg)198 tcp_timer_rexmt(void *arg)
199 {
200 struct tcpcb *otp = NULL, *tp = arg;
201 struct inpcb *inp;
202 uint32_t rto;
203 short ostate;
204
205 NET_LOCK();
206 inp = tp->t_inpcb;
207
208 /* Ignore canceled timeouts or timeouts that have been rescheduled. */
209 if (!ISSET((tp)->t_flags, TF_TMR_REXMT) ||
210 timeout_pending(&tp->t_timer[TCPT_REXMT]))
211 goto out;
212 CLR((tp)->t_flags, TF_TMR_REXMT);
213
214 if ((tp->t_flags & TF_PMTUD_PEND) && inp &&
215 SEQ_GEQ(tp->t_pmtud_th_seq, tp->snd_una) &&
216 SEQ_LT(tp->t_pmtud_th_seq, (int)(tp->snd_una + tp->t_maxseg))) {
217 struct sockaddr_in sin;
218 struct icmp icmp;
219
220 /* TF_PMTUD_PEND is set in tcp_ctlinput() which is IPv4 only */
221 KASSERT(!ISSET(inp->inp_flags, INP_IPV6));
222 tp->t_flags &= ~TF_PMTUD_PEND;
223
224 /* XXX create fake icmp message with relevant entries */
225 icmp.icmp_nextmtu = tp->t_pmtud_nextmtu;
226 icmp.icmp_ip.ip_len = tp->t_pmtud_ip_len;
227 icmp.icmp_ip.ip_hl = tp->t_pmtud_ip_hl;
228 icmp.icmp_ip.ip_dst = inp->inp_faddr;
229 icmp_mtudisc(&icmp, inp->inp_rtableid);
230
231 /*
232 * Notify all connections to the same peer about
233 * new mss and trigger retransmit.
234 */
235 bzero(&sin, sizeof(sin));
236 sin.sin_len = sizeof(sin);
237 sin.sin_family = AF_INET;
238 sin.sin_addr = inp->inp_faddr;
239 in_pcbnotifyall(&tcbtable, &sin, inp->inp_rtableid, EMSGSIZE,
240 tcp_mtudisc);
241 goto out;
242 }
243
244 tcp_timer_freesack(tp);
245 if (++tp->t_rxtshift > TCP_MAXRXTSHIFT) {
246 tp->t_rxtshift = TCP_MAXRXTSHIFT;
247 tcpstat_inc(tcps_timeoutdrop);
248 tp = tcp_drop(tp, tp->t_softerror ?
249 tp->t_softerror : ETIMEDOUT);
250 goto out;
251 }
252 if (inp->inp_socket->so_options & SO_DEBUG) {
253 otp = tp;
254 ostate = tp->t_state;
255 }
256 tcpstat_inc(tcps_rexmttimeo);
257 rto = TCP_REXMTVAL(tp);
258 if (rto < tp->t_rttmin)
259 rto = tp->t_rttmin;
260 TCPT_RANGESET(tp->t_rxtcur,
261 rto * tcp_backoff[tp->t_rxtshift],
262 tp->t_rttmin, TCPTV_REXMTMAX);
263 TCP_TIMER_ARM(tp, TCPT_REXMT, tp->t_rxtcur);
264
265 /*
266 * If we are losing and we are trying path MTU discovery,
267 * try turning it off. This will avoid black holes in
268 * the network which suppress or fail to send "packet
269 * too big" ICMP messages. We should ideally do
270 * lots more sophisticated searching to find the right
271 * value here...
272 */
273 if (ip_mtudisc && inp &&
274 TCPS_HAVEESTABLISHED(tp->t_state) &&
275 tp->t_rxtshift > TCP_MAXRXTSHIFT / 6) {
276 struct rtentry *rt = NULL;
277
278 /* No data to send means path mtu is not a problem */
279 if (!inp->inp_socket->so_snd.sb_cc)
280 goto leave;
281
282 rt = in_pcbrtentry(inp);
283 /* Check if path MTU discovery is disabled already */
284 if (rt && (rt->rt_flags & RTF_HOST) &&
285 (rt->rt_locks & RTV_MTU))
286 goto leave;
287
288 rt = NULL;
289 switch(tp->pf) {
290 #ifdef INET6
291 case PF_INET6:
292 /*
293 * We can not turn off path MTU for IPv6.
294 * Do nothing for now, maybe lower to
295 * minimum MTU.
296 */
297 break;
298 #endif
299 case PF_INET:
300 rt = icmp_mtudisc_clone(inp->inp_faddr,
301 inp->inp_rtableid, 0);
302 break;
303 }
304 if (rt != NULL) {
305 /* Disable path MTU discovery */
306 if ((rt->rt_locks & RTV_MTU) == 0) {
307 rt->rt_locks |= RTV_MTU;
308 in_rtchange(inp, 0);
309 }
310
311 rtfree(rt);
312 }
313 leave:
314 ;
315 }
316
317 /*
318 * If losing, let the lower level know and try for
319 * a better route. Also, if we backed off this far,
320 * our srtt estimate is probably bogus. Clobber it
321 * so we'll take the next rtt measurement as our srtt;
322 * move the current srtt into rttvar to keep the current
323 * retransmit times until then.
324 */
325 if (tp->t_rxtshift > TCP_MAXRXTSHIFT / 4) {
326 in_losing(inp);
327 tp->t_rttvar += (tp->t_srtt >> TCP_RTT_SHIFT);
328 tp->t_srtt = 0;
329 }
330 tp->snd_nxt = tp->snd_una;
331 /*
332 * Note: We overload snd_last to function also as the
333 * snd_last variable described in RFC 2582
334 */
335 tp->snd_last = tp->snd_max;
336 /*
337 * If timing a segment in this window, stop the timer.
338 */
339 tp->t_rtttime = 0;
340 #ifdef TCP_ECN
341 /*
342 * if ECN is enabled, there might be a broken firewall which
343 * blocks ecn packets. fall back to non-ecn.
344 */
345 if ((tp->t_state == TCPS_SYN_SENT || tp->t_state == TCPS_SYN_RECEIVED)
346 && tcp_do_ecn && !(tp->t_flags & TF_DISABLE_ECN))
347 tp->t_flags |= TF_DISABLE_ECN;
348 #endif
349 /*
350 * Close the congestion window down to one segment
351 * (we'll open it by one segment for each ack we get).
352 * Since we probably have a window's worth of unacked
353 * data accumulated, this "slow start" keeps us from
354 * dumping all that data as back-to-back packets (which
355 * might overwhelm an intermediate gateway).
356 *
357 * There are two phases to the opening: Initially we
358 * open by one mss on each ack. This makes the window
359 * size increase exponentially with time. If the
360 * window is larger than the path can handle, this
361 * exponential growth results in dropped packet(s)
362 * almost immediately. To get more time between
363 * drops but still "push" the network to take advantage
364 * of improving conditions, we switch from exponential
365 * to linear window opening at some threshold size.
366 * For a threshold, we use half the current window
367 * size, truncated to a multiple of the mss.
368 *
369 * (the minimum cwnd that will give us exponential
370 * growth is 2 mss. We don't allow the threshold
371 * to go below this.)
372 */
373 {
374 u_long win;
375
376 win = ulmin(tp->snd_wnd, tp->snd_cwnd) / 2 / tp->t_maxseg;
377 if (win < 2)
378 win = 2;
379 tp->snd_cwnd = tp->t_maxseg;
380 tp->snd_ssthresh = win * tp->t_maxseg;
381 tp->t_dupacks = 0;
382 #ifdef TCP_ECN
383 tp->snd_last = tp->snd_max;
384 tp->t_flags |= TF_SEND_CWR;
385 #endif
386 #if 1 /* TCP_ECN */
387 tcpstat_inc(tcps_cwr_timeout);
388 #endif
389 }
390 (void) tcp_output(tp);
391 if (otp)
392 tcp_trace(TA_TIMER, ostate, tp, otp, NULL, TCPT_REXMT, 0);
393 out:
394 NET_UNLOCK();
395 }
396
397 void
tcp_timer_persist(void * arg)398 tcp_timer_persist(void *arg)
399 {
400 struct tcpcb *otp = NULL, *tp = arg;
401 uint32_t rto;
402 short ostate;
403 uint64_t now;
404
405 NET_LOCK();
406 /* Ignore canceled timeouts or timeouts that have been rescheduled. */
407 if (!ISSET((tp)->t_flags, TF_TMR_PERSIST) ||
408 timeout_pending(&tp->t_timer[TCPT_PERSIST]))
409 goto out;
410 CLR((tp)->t_flags, TF_TMR_PERSIST);
411
412 if (TCP_TIMER_ISARMED(tp, TCPT_REXMT))
413 goto out;
414
415 if (tp->t_inpcb->inp_socket->so_options & SO_DEBUG) {
416 otp = tp;
417 ostate = tp->t_state;
418 }
419 tcpstat_inc(tcps_persisttimeo);
420 /*
421 * Hack: if the peer is dead/unreachable, we do not
422 * time out if the window is closed. After a full
423 * backoff, drop the connection if the idle time
424 * (no responses to probes) reaches the maximum
425 * backoff that we would use if retransmitting.
426 */
427 rto = TCP_REXMTVAL(tp);
428 if (rto < tp->t_rttmin)
429 rto = tp->t_rttmin;
430 now = tcp_now();
431 if (tp->t_rxtshift == TCP_MAXRXTSHIFT &&
432 ((now - tp->t_rcvtime) >= tcp_maxpersistidle ||
433 (now - tp->t_rcvtime) >= rto * tcp_totbackoff)) {
434 tcpstat_inc(tcps_persistdrop);
435 tp = tcp_drop(tp, ETIMEDOUT);
436 goto out;
437 }
438 tcp_setpersist(tp);
439 tp->t_force = 1;
440 (void) tcp_output(tp);
441 tp->t_force = 0;
442 if (otp)
443 tcp_trace(TA_TIMER, ostate, tp, otp, NULL, TCPT_PERSIST, 0);
444 out:
445 NET_UNLOCK();
446 }
447
448 void
tcp_timer_keep(void * arg)449 tcp_timer_keep(void *arg)
450 {
451 struct tcpcb *otp = NULL, *tp = arg;
452 short ostate;
453
454 NET_LOCK();
455 /* Ignore canceled timeouts or timeouts that have been rescheduled. */
456 if (!ISSET((tp)->t_flags, TF_TMR_KEEP) ||
457 timeout_pending(&tp->t_timer[TCPT_KEEP]))
458 goto out;
459 CLR((tp)->t_flags, TF_TMR_KEEP);
460
461 if (tp->t_inpcb->inp_socket->so_options & SO_DEBUG) {
462 otp = tp;
463 ostate = tp->t_state;
464 }
465 tcpstat_inc(tcps_keeptimeo);
466 if (TCPS_HAVEESTABLISHED(tp->t_state) == 0)
467 goto dropit;
468 if ((tcp_always_keepalive ||
469 tp->t_inpcb->inp_socket->so_options & SO_KEEPALIVE) &&
470 tp->t_state <= TCPS_CLOSING) {
471 int maxidle;
472 uint64_t now;
473
474 maxidle = READ_ONCE(tcp_maxidle);
475 now = tcp_now();
476 if ((maxidle > 0) &&
477 ((now - tp->t_rcvtime) >= tcp_keepidle + maxidle))
478 goto dropit;
479 /*
480 * Send a packet designed to force a response
481 * if the peer is up and reachable:
482 * either an ACK if the connection is still alive,
483 * or an RST if the peer has closed the connection
484 * due to timeout or reboot.
485 * Using sequence number tp->snd_una-1
486 * causes the transmitted zero-length segment
487 * to lie outside the receive window;
488 * by the protocol spec, this requires the
489 * correspondent TCP to respond.
490 */
491 tcpstat_inc(tcps_keepprobe);
492 tcp_respond(tp, mtod(tp->t_template, caddr_t),
493 NULL, tp->rcv_nxt, tp->snd_una - 1, 0, 0, now);
494 TCP_TIMER_ARM(tp, TCPT_KEEP, tcp_keepintvl);
495 } else
496 TCP_TIMER_ARM(tp, TCPT_KEEP, tcp_keepidle);
497 if (otp)
498 tcp_trace(TA_TIMER, ostate, tp, otp, NULL, TCPT_KEEP, 0);
499 out:
500 NET_UNLOCK();
501 return;
502
503 dropit:
504 tcpstat_inc(tcps_keepdrops);
505 tp = tcp_drop(tp, ETIMEDOUT);
506 NET_UNLOCK();
507 }
508
509 void
tcp_timer_2msl(void * arg)510 tcp_timer_2msl(void *arg)
511 {
512 struct tcpcb *otp = NULL, *tp = arg;
513 short ostate;
514 int maxidle;
515 uint64_t now;
516
517 NET_LOCK();
518 /* Ignore canceled timeouts or timeouts that have been rescheduled. */
519 if (!ISSET((tp)->t_flags, TF_TMR_2MSL) ||
520 timeout_pending(&tp->t_timer[TCPT_2MSL]))
521 goto out;
522 CLR((tp)->t_flags, TF_TMR_2MSL);
523
524 if (tp->t_inpcb->inp_socket->so_options & SO_DEBUG) {
525 otp = tp;
526 ostate = tp->t_state;
527 }
528 tcp_timer_freesack(tp);
529
530 maxidle = READ_ONCE(tcp_maxidle);
531 now = tcp_now();
532 if (tp->t_state != TCPS_TIME_WAIT &&
533 ((maxidle == 0) || ((now - tp->t_rcvtime) <= maxidle)))
534 TCP_TIMER_ARM(tp, TCPT_2MSL, tcp_keepintvl);
535 else
536 tp = tcp_close(tp);
537 if (otp)
538 tcp_trace(TA_TIMER, ostate, tp, otp, NULL, TCPT_2MSL, 0);
539 out:
540 NET_UNLOCK();
541 }
542
543 void
tcp_timer_reaper(void * arg)544 tcp_timer_reaper(void *arg)
545 {
546 struct tcpcb *tp = arg;
547
548 /*
549 * This timer is necessary to delay the pool_put() after all timers
550 * have finished, even if they were sleeping to grab the net lock.
551 * Putting the pool_put() in a timer is sufficient as all timers run
552 * from the same timeout thread. Note that neither softnet thread nor
553 * user process may access the tcpcb after arming the reaper timer.
554 * Freeing may run in parallel as it does not grab the net lock.
555 */
556 pool_put(&tcpcb_pool, tp);
557 tcpstat_inc(tcps_closed);
558 }
559