1 /**
2 * @file
3 * Transmission Control Protocol, incoming traffic
4 *
5 * The input processing functions of the TCP layer.
6 *
7 * These functions are generally called in the order (ip_input() ->)
8 * tcp_input() -> * tcp_process() -> tcp_receive() (-> application).
9 *
10 */
11
12 /*
13 * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
14 * All rights reserved.
15 *
16 * Redistribution and use in source and binary forms, with or without modification,
17 * are permitted provided that the following conditions are met:
18 *
19 * 1. Redistributions of source code must retain the above copyright notice,
20 * this list of conditions and the following disclaimer.
21 * 2. Redistributions in binary form must reproduce the above copyright notice,
22 * this list of conditions and the following disclaimer in the documentation
23 * and/or other materials provided with the distribution.
24 * 3. The name of the author may not be used to endorse or promote products
25 * derived from this software without specific prior written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
28 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
29 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
30 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
31 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
32 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
35 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
36 * OF SUCH DAMAGE.
37 *
38 * This file is part of the lwIP TCP/IP stack.
39 *
40 * Author: Adam Dunkels <adam@sics.se>
41 *
42 */
43
44 #include "lwip/opt.h"
45
46 #if LWIP_TCP /* don't build if not configured for use in lwipopts.h */
47
48 #include "lwip/priv/tcp_priv.h"
49 #include "lwip/def.h"
50 #include "lwip/ip_addr.h"
51 #include "lwip/netif.h"
52 #include "lwip/mem.h"
53 #include "lwip/memp.h"
54 #include "lwip/inet_chksum.h"
55 #include "lwip/stats.h"
56 #include "lwip/ip6.h"
57 #include "lwip/ip6_addr.h"
58 #if LWIP_ND6_TCP_REACHABILITY_HINTS
59 #include "lwip/nd6.h"
60 #endif /* LWIP_ND6_TCP_REACHABILITY_HINTS */
61
62 #include <string.h>
63
64 #ifdef LWIP_HOOK_FILENAME
65 #include LWIP_HOOK_FILENAME
66 #endif
67
68 /** Initial CWND calculation as defined RFC 2581 */
69 #define LWIP_TCP_CALC_INITIAL_CWND(mss) ((tcpwnd_size_t)LWIP_MIN((4U * (mss)), LWIP_MAX((2U * (mss)), 4380U)))
70
71 /* These variables are global to all functions involved in the input
72 processing of TCP segments. They are set by the tcp_input()
73 function. */
74 static struct tcp_seg inseg;
75 static struct tcp_hdr *tcphdr;
76 static u16_t tcphdr_optlen;
77 static u16_t tcphdr_opt1len;
78 static u8_t *tcphdr_opt2;
79 static u16_t tcp_optidx;
80 static u32_t seqno, ackno;
81 static tcpwnd_size_t recv_acked;
82 static u16_t tcplen;
83 static u8_t flags;
84
85 static u8_t recv_flags;
86 static struct pbuf *recv_data;
87
88 struct tcp_pcb *tcp_input_pcb;
89
90 /* Forward declarations. */
91 static err_t tcp_process(struct tcp_pcb *pcb);
92 static void tcp_receive(struct tcp_pcb *pcb);
93 static void tcp_parseopt(struct tcp_pcb *pcb);
94
95 static void tcp_listen_input(struct tcp_pcb_listen *pcb);
96 static void tcp_timewait_input(struct tcp_pcb *pcb);
97
98 static int tcp_input_delayed_close(struct tcp_pcb *pcb);
99
100 #if LWIP_TCP_SACK_OUT
101 static void tcp_add_sack(struct tcp_pcb *pcb, u32_t left, u32_t right);
102 static void tcp_remove_sacks_lt(struct tcp_pcb *pcb, u32_t seq);
103 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
104 static void tcp_remove_sacks_gt(struct tcp_pcb *pcb, u32_t seq);
105 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
106 #endif /* LWIP_TCP_SACK_OUT */
107
108 /**
109 * The initial input processing of TCP. It verifies the TCP header, demultiplexes
110 * the segment between the PCBs and passes it on to tcp_process(), which implements
111 * the TCP finite state machine. This function is called by the IP layer (in
112 * ip_input()).
113 *
114 * @param p received TCP segment to process (p->payload pointing to the TCP header)
115 * @param inp network interface on which this segment was received
116 */
117 void
tcp_input(struct pbuf * p,struct netif * inp)118 tcp_input(struct pbuf *p, struct netif *inp)
119 {
120 struct tcp_pcb *pcb, *prev;
121 struct tcp_pcb_listen *lpcb;
122 #if SO_REUSE
123 struct tcp_pcb *lpcb_prev = NULL;
124 struct tcp_pcb_listen *lpcb_any = NULL;
125 #endif /* SO_REUSE */
126 u8_t hdrlen_bytes;
127 err_t err;
128
129 LWIP_UNUSED_ARG(inp);
130 LWIP_ASSERT_CORE_LOCKED();
131 LWIP_ASSERT("tcp_input: invalid pbuf", p != NULL);
132
133 PERF_START;
134
135 TCP_STATS_INC(tcp.recv);
136 MIB2_STATS_INC(mib2.tcpinsegs);
137
138 tcphdr = (struct tcp_hdr *)p->payload;
139
140 #if TCP_INPUT_DEBUG
141 tcp_debug_print(tcphdr);
142 #endif
143
144 /* Check that TCP header fits in payload */
145 if (p->len < TCP_HLEN) {
146 /* drop short packets */
147 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: short packet (%"U16_F" bytes) discarded\n", p->tot_len));
148 TCP_STATS_INC(tcp.lenerr);
149 goto dropped;
150 }
151
152 /* Don't even process incoming broadcasts/multicasts. */
153 if (ip_addr_isbroadcast(ip_current_dest_addr(), ip_current_netif()) ||
154 ip_addr_ismulticast(ip_current_dest_addr())) {
155 TCP_STATS_INC(tcp.proterr);
156 goto dropped;
157 }
158
159 #if CHECKSUM_CHECK_TCP
160 IF__NETIF_CHECKSUM_ENABLED(inp, NETIF_CHECKSUM_CHECK_TCP) {
161 /* Verify TCP checksum. */
162 u16_t chksum = ip_chksum_pseudo(p, IP_PROTO_TCP, p->tot_len,
163 ip_current_src_addr(), ip_current_dest_addr());
164 if (chksum != 0) {
165 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packet discarded due to failing checksum 0x%04"X16_F"\n",
166 chksum));
167 tcp_debug_print(tcphdr);
168 TCP_STATS_INC(tcp.chkerr);
169 goto dropped;
170 }
171 }
172 #endif /* CHECKSUM_CHECK_TCP */
173
174 /* sanity-check header length */
175 hdrlen_bytes = TCPH_HDRLEN_BYTES(tcphdr);
176 if ((hdrlen_bytes < TCP_HLEN) || (hdrlen_bytes > p->tot_len)) {
177 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: invalid header length (%"U16_F")\n", (u16_t)hdrlen_bytes));
178 TCP_STATS_INC(tcp.lenerr);
179 goto dropped;
180 }
181
182 /* Move the payload pointer in the pbuf so that it points to the
183 TCP data instead of the TCP header. */
184 tcphdr_optlen = (u16_t)(hdrlen_bytes - TCP_HLEN);
185 tcphdr_opt2 = NULL;
186 if (p->len >= hdrlen_bytes) {
187 /* all options are in the first pbuf */
188 tcphdr_opt1len = tcphdr_optlen;
189 pbuf_remove_header(p, hdrlen_bytes); /* cannot fail */
190 } else {
191 u16_t opt2len;
192 /* TCP header fits into first pbuf, options don't - data is in the next pbuf */
193 /* there must be a next pbuf, due to hdrlen_bytes sanity check above */
194 LWIP_ASSERT("p->next != NULL", p->next != NULL);
195
196 /* advance over the TCP header (cannot fail) */
197 pbuf_remove_header(p, TCP_HLEN);
198
199 /* determine how long the first and second parts of the options are */
200 tcphdr_opt1len = p->len;
201 opt2len = (u16_t)(tcphdr_optlen - tcphdr_opt1len);
202
203 /* options continue in the next pbuf: set p to zero length and hide the
204 options in the next pbuf (adjusting p->tot_len) */
205 pbuf_remove_header(p, tcphdr_opt1len);
206
207 /* check that the options fit in the second pbuf */
208 if (opt2len > p->next->len) {
209 /* drop short packets */
210 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: options overflow second pbuf (%"U16_F" bytes)\n", p->next->len));
211 TCP_STATS_INC(tcp.lenerr);
212 goto dropped;
213 }
214
215 /* remember the pointer to the second part of the options */
216 tcphdr_opt2 = (u8_t *)p->next->payload;
217
218 /* advance p->next to point after the options, and manually
219 adjust p->tot_len to keep it consistent with the changed p->next */
220 pbuf_remove_header(p->next, opt2len);
221 p->tot_len = (u16_t)(p->tot_len - opt2len);
222
223 LWIP_ASSERT("p->len == 0", p->len == 0);
224 LWIP_ASSERT("p->tot_len == p->next->tot_len", p->tot_len == p->next->tot_len);
225 }
226
227 /* Convert fields in TCP header to host byte order. */
228 tcphdr->src = lwip_ntohs(tcphdr->src);
229 tcphdr->dest = lwip_ntohs(tcphdr->dest);
230 seqno = tcphdr->seqno = lwip_ntohl(tcphdr->seqno);
231 ackno = tcphdr->ackno = lwip_ntohl(tcphdr->ackno);
232 tcphdr->wnd = lwip_ntohs(tcphdr->wnd);
233
234 flags = TCPH_FLAGS(tcphdr);
235 tcplen = p->tot_len;
236 if (flags & (TCP_FIN | TCP_SYN)) {
237 tcplen++;
238 if (tcplen < p->tot_len) {
239 /* u16_t overflow, cannot handle this */
240 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: length u16_t overflow, cannot handle this\n"));
241 TCP_STATS_INC(tcp.lenerr);
242 goto dropped;
243 }
244 }
245
246 /* Demultiplex an incoming segment. First, we check if it is destined
247 for an active connection. */
248 prev = NULL;
249
250 for (pcb = tcp_active_pcbs; pcb != NULL; pcb = pcb->next) {
251 LWIP_ASSERT("tcp_input: active pcb->state != CLOSED", pcb->state != CLOSED);
252 LWIP_ASSERT("tcp_input: active pcb->state != TIME-WAIT", pcb->state != TIME_WAIT);
253 LWIP_ASSERT("tcp_input: active pcb->state != LISTEN", pcb->state != LISTEN);
254
255 /* check if PCB is bound to specific netif */
256 if ((pcb->netif_idx != NETIF_NO_INDEX) &&
257 (pcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
258 prev = pcb;
259 continue;
260 }
261
262 if (pcb->remote_port == tcphdr->src &&
263 pcb->local_port == tcphdr->dest &&
264 ip_addr_eq(&pcb->remote_ip, ip_current_src_addr()) &&
265 ip_addr_eq(&pcb->local_ip, ip_current_dest_addr())) {
266 /* Move this PCB to the front of the list so that subsequent
267 lookups will be faster (we exploit locality in TCP segment
268 arrivals). */
269 LWIP_ASSERT("tcp_input: pcb->next != pcb (before cache)", pcb->next != pcb);
270 if (prev != NULL) {
271 prev->next = pcb->next;
272 pcb->next = tcp_active_pcbs;
273 tcp_active_pcbs = pcb;
274 } else {
275 TCP_STATS_INC(tcp.cachehit);
276 }
277 LWIP_ASSERT("tcp_input: pcb->next != pcb (after cache)", pcb->next != pcb);
278 break;
279 }
280 prev = pcb;
281 }
282
283 if (pcb == NULL) {
284 /* If it did not go to an active connection, we check the connections
285 in the TIME-WAIT state. */
286 for (pcb = tcp_tw_pcbs; pcb != NULL; pcb = pcb->next) {
287 LWIP_ASSERT("tcp_input: TIME-WAIT pcb->state == TIME-WAIT", pcb->state == TIME_WAIT);
288
289 /* check if PCB is bound to specific netif */
290 if ((pcb->netif_idx != NETIF_NO_INDEX) &&
291 (pcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
292 continue;
293 }
294
295 if (pcb->remote_port == tcphdr->src &&
296 pcb->local_port == tcphdr->dest &&
297 ip_addr_eq(&pcb->remote_ip, ip_current_src_addr()) &&
298 ip_addr_eq(&pcb->local_ip, ip_current_dest_addr())) {
299 /* We don't really care enough to move this PCB to the front
300 of the list since we are not very likely to receive that
301 many segments for connections in TIME-WAIT. */
302 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for TIME_WAITing connection.\n"));
303 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
304 if (LWIP_HOOK_TCP_INPACKET_PCB(pcb, tcphdr, tcphdr_optlen, tcphdr_opt1len,
305 tcphdr_opt2, p) == ERR_OK)
306 #endif
307 {
308 tcp_timewait_input(pcb);
309 }
310 pbuf_free(p);
311 return;
312 }
313 }
314
315 /* Finally, if we still did not get a match, we check all PCBs that
316 are LISTENing for incoming connections. */
317 prev = NULL;
318 for (lpcb = tcp_listen_pcbs.listen_pcbs; lpcb != NULL; lpcb = lpcb->next) {
319 /* check if PCB is bound to specific netif */
320 if ((lpcb->netif_idx != NETIF_NO_INDEX) &&
321 (lpcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
322 prev = (struct tcp_pcb *)lpcb;
323 continue;
324 }
325
326 if (lpcb->local_port == tcphdr->dest) {
327 if (IP_IS_ANY_TYPE_VAL(lpcb->local_ip)) {
328 /* found an ANY TYPE (IPv4/IPv6) match */
329 #if SO_REUSE
330 lpcb_any = lpcb;
331 lpcb_prev = prev;
332 #else /* SO_REUSE */
333 break;
334 #endif /* SO_REUSE */
335 } else if (IP_ADDR_PCB_VERSION_MATCH_EXACT(lpcb, ip_current_dest_addr())) {
336 if (ip_addr_eq(&lpcb->local_ip, ip_current_dest_addr())) {
337 /* found an exact match */
338 break;
339 } else if (ip_addr_isany(&lpcb->local_ip)) {
340 /* found an ANY-match */
341 #if SO_REUSE
342 lpcb_any = lpcb;
343 lpcb_prev = prev;
344 #else /* SO_REUSE */
345 break;
346 #endif /* SO_REUSE */
347 }
348 }
349 }
350 prev = (struct tcp_pcb *)lpcb;
351 }
352 #if SO_REUSE
353 /* first try specific local IP */
354 if (lpcb == NULL) {
355 /* only pass to ANY if no specific local IP has been found */
356 lpcb = lpcb_any;
357 prev = lpcb_prev;
358 }
359 #endif /* SO_REUSE */
360 if (lpcb != NULL) {
361 /* Move this PCB to the front of the list so that subsequent
362 lookups will be faster (we exploit locality in TCP segment
363 arrivals). */
364 if (prev != NULL) {
365 ((struct tcp_pcb_listen *)prev)->next = lpcb->next;
366 /* our successor is the remainder of the listening list */
367 lpcb->next = tcp_listen_pcbs.listen_pcbs;
368 /* put this listening pcb at the head of the listening list */
369 tcp_listen_pcbs.listen_pcbs = lpcb;
370 } else {
371 TCP_STATS_INC(tcp.cachehit);
372 }
373
374 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for LISTENing connection.\n"));
375 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
376 if (LWIP_HOOK_TCP_INPACKET_PCB((struct tcp_pcb *)lpcb, tcphdr, tcphdr_optlen,
377 tcphdr_opt1len, tcphdr_opt2, p) == ERR_OK)
378 #endif
379 {
380 tcp_listen_input(lpcb);
381 }
382 pbuf_free(p);
383 return;
384 }
385 }
386
387 #if TCP_INPUT_DEBUG
388 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("+-+-+-+-+-+-+-+-+-+-+-+-+-+- tcp_input: flags "));
389 tcp_debug_print_flags(TCPH_FLAGS(tcphdr));
390 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n"));
391 #endif /* TCP_INPUT_DEBUG */
392
393
394 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
395 if ((pcb != NULL) && LWIP_HOOK_TCP_INPACKET_PCB(pcb, tcphdr, tcphdr_optlen,
396 tcphdr_opt1len, tcphdr_opt2, p) != ERR_OK) {
397 pbuf_free(p);
398 return;
399 }
400 #endif
401 if (pcb != NULL) {
402 /* The incoming segment belongs to a connection. */
403 #if TCP_INPUT_DEBUG
404 tcp_debug_print_state(pcb->state);
405 #endif /* TCP_INPUT_DEBUG */
406
407 /* Set up a tcp_seg structure. */
408 inseg.next = NULL;
409 inseg.len = p->tot_len;
410 inseg.p = p;
411 inseg.tcphdr = tcphdr;
412
413 recv_data = NULL;
414 recv_flags = 0;
415 recv_acked = 0;
416
417 if (flags & TCP_PSH) {
418 p->flags |= PBUF_FLAG_PUSH;
419 }
420
421 /* If there is data which was previously "refused" by upper layer */
422 if (pcb->refused_data != NULL) {
423 if ((tcp_process_refused_data(pcb) == ERR_ABRT) ||
424 ((pcb->refused_data != NULL) && (tcplen > 0))) {
425 /* pcb has been aborted or refused data is still refused and the new
426 segment contains data */
427 if (pcb->rcv_ann_wnd == 0) {
428 /* this is a zero-window probe, we respond to it with current RCV.NXT
429 and drop the data segment */
430 tcp_send_empty_ack(pcb);
431 }
432 TCP_STATS_INC(tcp.drop);
433 MIB2_STATS_INC(mib2.tcpinerrs);
434 goto aborted;
435 }
436 }
437 tcp_input_pcb = pcb;
438 err = tcp_process(pcb);
439 /* A return value of ERR_ABRT means that tcp_abort() was called
440 and that the pcb has been freed. If so, we don't do anything. */
441 if (err != ERR_ABRT) {
442 if (recv_flags & TF_RESET) {
443 /* TF_RESET means that the connection was reset by the other
444 end. We then call the error callback to inform the
445 application that the connection is dead before we
446 deallocate the PCB. */
447 TCP_EVENT_ERR(pcb->state, pcb->errf, pcb->callback_arg, ERR_RST);
448 tcp_pcb_remove(&tcp_active_pcbs, pcb);
449 tcp_free(pcb);
450 } else {
451 err = ERR_OK;
452 /* If the application has registered a "sent" function to be
453 called when new send buffer space is available, we call it
454 now. */
455 if (recv_acked > 0) {
456 u16_t acked16;
457 #if LWIP_WND_SCALE
458 /* recv_acked is u32_t but the sent callback only takes a u16_t,
459 so we might have to call it multiple times. */
460 u32_t acked = recv_acked;
461 while (acked > 0) {
462 acked16 = (u16_t)LWIP_MIN(acked, 0xffffu);
463 acked -= acked16;
464 #else
465 {
466 acked16 = recv_acked;
467 #endif
468 TCP_EVENT_SENT(pcb, (u16_t)acked16, err);
469 if (err == ERR_ABRT) {
470 goto aborted;
471 }
472 }
473 recv_acked = 0;
474 }
475 if (tcp_input_delayed_close(pcb)) {
476 goto aborted;
477 }
478 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
479 while (recv_data != NULL) {
480 struct pbuf *rest = NULL;
481 pbuf_split_64k(recv_data, &rest);
482 #else /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
483 if (recv_data != NULL) {
484 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
485
486 LWIP_ASSERT("pcb->refused_data == NULL", pcb->refused_data == NULL);
487 if (pcb->flags & TF_RXCLOSED) {
488 /* received data although already closed -> abort (send RST) to
489 notify the remote host that not all data has been processed */
490 pbuf_free(recv_data);
491 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
492 if (rest != NULL) {
493 pbuf_free(rest);
494 }
495 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
496 tcp_abort(pcb);
497 goto aborted;
498 }
499
500 /* Notify application that data has been received. */
501 TCP_EVENT_RECV(pcb, recv_data, ERR_OK, err);
502 if (err == ERR_ABRT) {
503 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
504 if (rest != NULL) {
505 pbuf_free(rest);
506 }
507 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
508 goto aborted;
509 }
510
511 /* If the upper layer can't receive this data, store it */
512 if (err != ERR_OK) {
513 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
514 if (rest != NULL) {
515 pbuf_cat(recv_data, rest);
516 }
517 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
518 pcb->refused_data = recv_data;
519 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: keep incoming packet, because pcb is \"full\"\n"));
520 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
521 break;
522 } else {
523 /* Upper layer received the data, go on with the rest if > 64K */
524 recv_data = rest;
525 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
526 }
527 }
528
529 /* If a FIN segment was received, we call the callback
530 function with a NULL buffer to indicate EOF. */
531 if (recv_flags & TF_GOT_FIN) {
532 if (pcb->refused_data != NULL) {
533 /* Delay this if we have refused data. */
534 pcb->refused_data->flags |= PBUF_FLAG_TCP_FIN;
535 } else {
536 /* correct rcv_wnd as the application won't call tcp_recved()
537 for the FIN's seqno */
538 if (pcb->rcv_wnd != TCP_WND_MAX(pcb)) {
539 pcb->rcv_wnd++;
540 }
541 TCP_EVENT_CLOSED(pcb, err);
542 if (err == ERR_ABRT) {
543 goto aborted;
544 }
545 }
546 }
547
548 tcp_input_pcb = NULL;
549 if (tcp_input_delayed_close(pcb)) {
550 goto aborted;
551 }
552 /* Try to send something out. */
553 tcp_output(pcb);
554 #if TCP_INPUT_DEBUG
555 #if TCP_DEBUG
556 tcp_debug_print_state(pcb->state);
557 #endif /* TCP_DEBUG */
558 #endif /* TCP_INPUT_DEBUG */
559 }
560 }
561 /* Jump target if pcb has been aborted in a callback (by calling tcp_abort()).
562 Below this line, 'pcb' may not be dereferenced! */
563 aborted:
564 tcp_input_pcb = NULL;
565 recv_data = NULL;
566
567 /* give up our reference to inseg.p */
568 if (inseg.p != NULL) {
569 pbuf_free(inseg.p);
570 inseg.p = NULL;
571 }
572 } else {
573 /* If no matching PCB was found, send a TCP RST (reset) to the
574 sender. */
575 LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_input: no PCB match found, resetting.\n"));
576 if (!(TCPH_FLAGS(tcphdr) & TCP_RST)) {
577 TCP_STATS_INC(tcp.proterr);
578 TCP_STATS_INC(tcp.drop);
579 tcp_rst_netif(ip_data.current_input_netif, ackno, seqno + tcplen, ip_current_dest_addr(),
580 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
581 }
582 pbuf_free(p);
583 }
584
585 LWIP_ASSERT("tcp_input: tcp_pcbs_sane()", tcp_pcbs_sane());
586 PERF_STOP("tcp_input");
587 return;
588 dropped:
589 TCP_STATS_INC(tcp.drop);
590 MIB2_STATS_INC(mib2.tcpinerrs);
591 pbuf_free(p);
592 }
593
594 /** Called from tcp_input to check for TF_CLOSED flag. This results in closing
595 * and deallocating a pcb at the correct place to ensure no one references it
596 * any more.
597 * @returns 1 if the pcb has been closed and deallocated, 0 otherwise
598 */
599 static int
600 tcp_input_delayed_close(struct tcp_pcb *pcb)
601 {
602 LWIP_ASSERT("tcp_input_delayed_close: invalid pcb", pcb != NULL);
603
604 if (recv_flags & TF_CLOSED) {
605 /* The connection has been closed and we will deallocate the
606 PCB. */
607 if (!(pcb->flags & TF_RXCLOSED)) {
608 /* Connection closed although the application has only shut down the
609 tx side: call the PCB's err callback and indicate the closure to
610 ensure the application doesn't continue using the PCB. */
611 TCP_EVENT_ERR(pcb->state, pcb->errf, pcb->callback_arg, ERR_CLSD);
612 }
613 tcp_pcb_remove(&tcp_active_pcbs, pcb);
614 tcp_free(pcb);
615 return 1;
616 }
617 return 0;
618 }
619
620 /**
621 * Called by tcp_input() when a segment arrives for a listening
622 * connection (from tcp_input()).
623 *
624 * @param pcb the tcp_pcb_listen for which a segment arrived
625 *
626 * @note the segment which arrived is saved in global variables, therefore only the pcb
627 * involved is passed as a parameter to this function
628 */
629 static void
630 tcp_listen_input(struct tcp_pcb_listen *pcb)
631 {
632 struct tcp_pcb *npcb;
633 u32_t iss;
634 err_t rc;
635
636 if (flags & TCP_RST) {
637 /* An incoming RST should be ignored. Return. */
638 return;
639 }
640
641 LWIP_ASSERT("tcp_listen_input: invalid pcb", pcb != NULL);
642
643 /* In the LISTEN state, we check for incoming SYN segments,
644 creates a new PCB, and responds with a SYN|ACK. */
645 if (flags & TCP_ACK) {
646 /* For incoming segments with the ACK flag set, respond with a
647 RST. */
648 LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_listen_input: ACK in LISTEN, sending reset\n"));
649 tcp_rst_netif(ip_data.current_input_netif, ackno, seqno + tcplen, ip_current_dest_addr(),
650 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
651 } else if (flags & TCP_SYN) {
652 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection request %"U16_F" -> %"U16_F".\n", tcphdr->src, tcphdr->dest));
653 #if TCP_LISTEN_BACKLOG
654 if (pcb->accepts_pending >= pcb->backlog) {
655 LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: listen backlog exceeded for port %"U16_F"\n", tcphdr->dest));
656 return;
657 }
658 #endif /* TCP_LISTEN_BACKLOG */
659 npcb = tcp_alloc(pcb->prio);
660 /* If a new PCB could not be created (probably due to lack of memory),
661 we don't do anything, but rely on the sender will retransmit the
662 SYN at a time when we have more memory available. */
663 if (npcb == NULL) {
664 err_t err;
665 LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: could not allocate PCB\n"));
666 TCP_STATS_INC(tcp.memerr);
667 TCP_EVENT_ACCEPT(pcb, NULL, pcb->callback_arg, ERR_MEM, err);
668 LWIP_UNUSED_ARG(err); /* err not useful here */
669 return;
670 }
671 #if TCP_LISTEN_BACKLOG
672 pcb->accepts_pending++;
673 tcp_set_flags(npcb, TF_BACKLOGPEND);
674 #endif /* TCP_LISTEN_BACKLOG */
675 /* Set up the new PCB. */
676 ip_addr_copy(npcb->local_ip, *ip_current_dest_addr());
677 ip_addr_copy(npcb->remote_ip, *ip_current_src_addr());
678 npcb->local_port = pcb->local_port;
679 npcb->remote_port = tcphdr->src;
680 npcb->state = SYN_RCVD;
681 npcb->rcv_nxt = seqno + 1;
682 npcb->rcv_ann_right_edge = npcb->rcv_nxt;
683 iss = tcp_next_iss(npcb);
684 npcb->snd_wl2 = iss;
685 npcb->snd_nxt = iss;
686 npcb->lastack = iss;
687 npcb->snd_lbb = iss;
688 npcb->snd_wl1 = seqno - 1;/* initialise to seqno-1 to force window update */
689 npcb->callback_arg = pcb->callback_arg;
690 #if LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG
691 npcb->listener = pcb;
692 #endif /* LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG */
693 #if LWIP_VLAN_PCP
694 npcb->netif_hints.tci = pcb->netif_hints.tci;
695 #endif /* LWIP_VLAN_PCP */
696 /* inherit socket options */
697 npcb->so_options = pcb->so_options & SOF_INHERITED;
698 npcb->netif_idx = pcb->netif_idx;
699 /* Register the new PCB so that we can begin receiving segments
700 for it. */
701 TCP_REG_ACTIVE(npcb);
702
703 /* Parse any options in the SYN. */
704 tcp_parseopt(npcb);
705 npcb->snd_wnd = tcphdr->wnd;
706 npcb->snd_wnd_max = npcb->snd_wnd;
707
708 #if TCP_CALCULATE_EFF_SEND_MSS
709 npcb->mss = tcp_eff_send_mss(npcb->mss, &npcb->local_ip, &npcb->remote_ip);
710 #endif /* TCP_CALCULATE_EFF_SEND_MSS */
711
712 MIB2_STATS_INC(mib2.tcppassiveopens);
713
714 #if LWIP_TCP_PCB_NUM_EXT_ARGS
715 if (tcp_ext_arg_invoke_callbacks_passive_open(pcb, npcb) != ERR_OK) {
716 tcp_abandon(npcb, 0);
717 return;
718 }
719 #endif
720
721 /* Send a SYN|ACK together with the MSS option. */
722 rc = tcp_enqueue_flags(npcb, TCP_SYN | TCP_ACK);
723 if (rc != ERR_OK) {
724 tcp_abandon(npcb, 0);
725 return;
726 }
727 tcp_output(npcb);
728 }
729 return;
730 }
731
732 /**
733 * Called by tcp_input() when a segment arrives for a connection in
734 * TIME_WAIT.
735 *
736 * @param pcb the tcp_pcb for which a segment arrived
737 *
738 * @note the segment which arrived is saved in global variables, therefore only the pcb
739 * involved is passed as a parameter to this function
740 */
741 static void
742 tcp_timewait_input(struct tcp_pcb *pcb)
743 {
744 /* RFC 1337: in TIME_WAIT, ignore RST and ACK FINs + any 'acceptable' segments */
745 /* RFC 793 3.9 Event Processing - Segment Arrives:
746 * - first check sequence number - we skip that one in TIME_WAIT (always
747 * acceptable since we only send ACKs)
748 * - second check the RST bit (... return) */
749 if (flags & TCP_RST) {
750 return;
751 }
752
753 LWIP_ASSERT("tcp_timewait_input: invalid pcb", pcb != NULL);
754
755 /* - fourth, check the SYN bit, */
756 if (flags & TCP_SYN) {
757 /* If an incoming segment is not acceptable, an acknowledgment
758 should be sent in reply */
759 if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd)) {
760 /* If the SYN is in the window it is an error, send a reset */
761 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
762 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
763 return;
764 }
765 } else if (flags & TCP_FIN) {
766 /* - eighth, check the FIN bit: Remain in the TIME-WAIT state.
767 Restart the 2 MSL time-wait timeout.*/
768 pcb->tmr = tcp_ticks;
769 }
770
771 if ((tcplen > 0)) {
772 /* Acknowledge data, FIN or out-of-window SYN */
773 tcp_ack_now(pcb);
774 tcp_output(pcb);
775 }
776 return;
777 }
778
779 /**
780 * Implements the TCP state machine. Called by tcp_input. In some
781 * states tcp_receive() is called to receive data. The tcp_seg
782 * argument will be freed by the caller (tcp_input()) unless the
783 * recv_data pointer in the pcb is set.
784 *
785 * @param pcb the tcp_pcb for which a segment arrived
786 *
787 * @note the segment which arrived is saved in global variables, therefore only the pcb
788 * involved is passed as a parameter to this function
789 */
790 static err_t
791 tcp_process(struct tcp_pcb *pcb)
792 {
793 struct tcp_seg *rseg;
794 u8_t acceptable = 0;
795 err_t err;
796
797 err = ERR_OK;
798
799 LWIP_ASSERT("tcp_process: invalid pcb", pcb != NULL);
800
801 /* Process incoming RST segments. */
802 if (flags & TCP_RST) {
803 /* First, determine if the reset is acceptable. */
804 if (pcb->state == SYN_SENT) {
805 /* "In the SYN-SENT state (a RST received in response to an initial SYN),
806 the RST is acceptable if the ACK field acknowledges the SYN." */
807 if (ackno == pcb->snd_nxt) {
808 acceptable = 1;
809 }
810 } else {
811 /* "In all states except SYN-SENT, all reset (RST) segments are validated
812 by checking their SEQ-fields." */
813 if (seqno == pcb->rcv_nxt) {
814 acceptable = 1;
815 } else if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt,
816 pcb->rcv_nxt + pcb->rcv_wnd)) {
817 /* If the sequence number is inside the window, we send a challenge ACK
818 and wait for a re-send with matching sequence number.
819 This follows RFC 5961 section 3.2 and addresses CVE-2004-0230
820 (RST spoofing attack), which is present in RFC 793 RST handling. */
821 tcp_ack_now(pcb);
822 }
823 }
824
825 if (acceptable) {
826 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: Connection RESET\n"));
827 LWIP_ASSERT("tcp_input: pcb->state != CLOSED", pcb->state != CLOSED);
828 recv_flags |= TF_RESET;
829 tcp_clear_flags(pcb, TF_ACK_DELAY);
830 return ERR_RST;
831 } else {
832 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
833 seqno, pcb->rcv_nxt));
834 LWIP_DEBUGF(TCP_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
835 seqno, pcb->rcv_nxt));
836 return ERR_OK;
837 }
838 }
839
840 if ((flags & TCP_SYN) && (pcb->state != SYN_SENT && pcb->state != SYN_RCVD)) {
841 /* Cope with new connection attempt after remote end crashed */
842 tcp_ack_now(pcb);
843 return ERR_OK;
844 }
845
846 if ((pcb->flags & TF_RXCLOSED) == 0) {
847 /* Update the PCB (in)activity timer unless rx is closed (see tcp_shutdown) */
848 pcb->tmr = tcp_ticks;
849 }
850 pcb->keep_cnt_sent = 0;
851 pcb->persist_probe = 0;
852
853 tcp_parseopt(pcb);
854
855 if (flags & TCP_SYN) {
856 /* accept SYN only in 2 states: */
857 if ((pcb->state != SYN_SENT) && (pcb->state != SYN_RCVD)) {
858 return ERR_OK;
859 }
860 }
861
862 /* Do different things depending on the TCP state. */
863 switch (pcb->state) {
864 case SYN_SENT:
865 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("SYN-SENT: ackno %"U32_F" pcb->snd_nxt %"U32_F" unacked %s %"U32_F"\n",
866 ackno, pcb->snd_nxt, pcb->unacked ? "" : " empty:",
867 pcb->unacked ? lwip_ntohl(pcb->unacked->tcphdr->seqno) : 0));
868 /* received SYN ACK with expected sequence number? */
869 if ((flags & TCP_ACK) && (flags & TCP_SYN)
870 && (ackno == pcb->lastack + 1)) {
871 pcb->rcv_nxt = seqno + 1;
872 pcb->rcv_ann_right_edge = pcb->rcv_nxt;
873 pcb->lastack = ackno;
874 pcb->snd_wnd = tcphdr->wnd;
875 pcb->snd_wnd_max = pcb->snd_wnd;
876 pcb->snd_wl1 = seqno - 1; /* initialise to seqno - 1 to force window update */
877 pcb->state = ESTABLISHED;
878
879 #if TCP_CALCULATE_EFF_SEND_MSS
880 pcb->mss = tcp_eff_send_mss(pcb->mss, &pcb->local_ip, &pcb->remote_ip);
881 #endif /* TCP_CALCULATE_EFF_SEND_MSS */
882
883 pcb->cwnd = LWIP_TCP_CALC_INITIAL_CWND(pcb->mss);
884 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_process (SENT): cwnd %"TCPWNDSIZE_F
885 " ssthresh %"TCPWNDSIZE_F"\n",
886 pcb->cwnd, pcb->ssthresh));
887 LWIP_ASSERT("pcb->snd_queuelen > 0", (pcb->snd_queuelen > 0));
888 --pcb->snd_queuelen;
889 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_process: SYN-SENT --queuelen %"TCPWNDSIZE_F"\n", (tcpwnd_size_t)pcb->snd_queuelen));
890 rseg = pcb->unacked;
891 if (rseg == NULL) {
892 /* might happen if tcp_output fails in tcp_rexmit_rto()
893 in which case the segment is on the unsent list */
894 rseg = pcb->unsent;
895 LWIP_ASSERT("no segment to free", rseg != NULL);
896 pcb->unsent = rseg->next;
897 } else {
898 pcb->unacked = rseg->next;
899 }
900 tcp_seg_free(rseg);
901
902 /* If there's nothing left to acknowledge, stop the retransmit
903 timer, otherwise reset it to start again */
904 if (pcb->unacked == NULL) {
905 pcb->rtime = -1;
906 } else {
907 pcb->rtime = 0;
908 pcb->nrtx = 0;
909 }
910
911 /* Call the user specified function to call when successfully
912 * connected. */
913 TCP_EVENT_CONNECTED(pcb, ERR_OK, err);
914 if (err == ERR_ABRT) {
915 return ERR_ABRT;
916 }
917 tcp_ack_now(pcb);
918 }
919 /* received ACK? possibly a half-open connection */
920 else if (flags & TCP_ACK) {
921 /* send a RST to bring the other side in a non-synchronized state. */
922 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
923 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
924 /* Resend SYN immediately (don't wait for rto timeout) to establish
925 connection faster, but do not send more SYNs than we otherwise would
926 have, or we might get caught in a loop on loopback interfaces. */
927 if (pcb->nrtx < TCP_SYNMAXRTX) {
928 pcb->rtime = 0;
929 tcp_rexmit_rto(pcb);
930 }
931 }
932 break;
933 case SYN_RCVD:
934 if (flags & TCP_SYN) {
935 if (seqno == pcb->rcv_nxt - 1) {
936 /* Looks like another copy of the SYN - retransmit our SYN-ACK */
937 tcp_rexmit(pcb);
938 }
939 } else if (flags & TCP_ACK) {
940 /* expected ACK number? */
941 if (TCP_SEQ_BETWEEN(ackno, pcb->lastack + 1, pcb->snd_nxt)) {
942 pcb->state = ESTABLISHED;
943 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection established %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
944 #if LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG
945 if (pcb->listener == NULL) {
946 /* listen pcb might be closed by now */
947 err = ERR_VAL;
948 } else
949 #endif /* LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG */
950 {
951 #if LWIP_CALLBACK_API
952 LWIP_ASSERT("pcb->listener->accept != NULL", pcb->listener->accept != NULL);
953 #endif
954 tcp_backlog_accepted(pcb);
955 /* Call the accept function. */
956 TCP_EVENT_ACCEPT(pcb->listener, pcb, pcb->callback_arg, ERR_OK, err);
957 }
958 if (err != ERR_OK) {
959 /* If the accept function returns with an error, we abort
960 * the connection. */
961 /* Already aborted? */
962 if (err != ERR_ABRT) {
963 tcp_abort(pcb);
964 }
965 return ERR_ABRT;
966 }
967 /* If there was any data contained within this ACK,
968 * we'd better pass it on to the application as well. */
969 tcp_receive(pcb);
970
971 /* Prevent ACK for SYN to generate a sent event */
972 if (recv_acked != 0) {
973 recv_acked--;
974 }
975
976 pcb->cwnd = LWIP_TCP_CALC_INITIAL_CWND(pcb->mss);
977 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_process (SYN_RCVD): cwnd %"TCPWNDSIZE_F
978 " ssthresh %"TCPWNDSIZE_F"\n",
979 pcb->cwnd, pcb->ssthresh));
980
981 if (recv_flags & TF_GOT_FIN) {
982 tcp_ack_now(pcb);
983 pcb->state = CLOSE_WAIT;
984 }
985 } else {
986 /* incorrect ACK number, send RST */
987 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
988 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
989 }
990 }
991 break;
992 case CLOSE_WAIT:
993 /* FALLTHROUGH */
994 case ESTABLISHED:
995 tcp_receive(pcb);
996 if (recv_flags & TF_GOT_FIN) { /* passive close */
997 tcp_ack_now(pcb);
998 pcb->state = CLOSE_WAIT;
999 }
1000 break;
1001 case FIN_WAIT_1:
1002 tcp_receive(pcb);
1003 if (recv_flags & TF_GOT_FIN) {
1004 if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt) &&
1005 pcb->unsent == NULL) {
1006 LWIP_DEBUGF(TCP_DEBUG,
1007 ("TCP connection closed: FIN_WAIT_1 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1008 tcp_ack_now(pcb);
1009 tcp_pcb_purge(pcb);
1010 TCP_RMV_ACTIVE(pcb);
1011 pcb->state = TIME_WAIT;
1012 TCP_REG(&tcp_tw_pcbs, pcb);
1013 } else {
1014 tcp_ack_now(pcb);
1015 pcb->state = CLOSING;
1016 }
1017 } else if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt) &&
1018 pcb->unsent == NULL) {
1019 pcb->state = FIN_WAIT_2;
1020 }
1021 break;
1022 case FIN_WAIT_2:
1023 tcp_receive(pcb);
1024 if (recv_flags & TF_GOT_FIN) {
1025 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: FIN_WAIT_2 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1026 tcp_ack_now(pcb);
1027 tcp_pcb_purge(pcb);
1028 TCP_RMV_ACTIVE(pcb);
1029 pcb->state = TIME_WAIT;
1030 TCP_REG(&tcp_tw_pcbs, pcb);
1031 }
1032 break;
1033 case CLOSING:
1034 tcp_receive(pcb);
1035 if ((flags & TCP_ACK) && ackno == pcb->snd_nxt && pcb->unsent == NULL) {
1036 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: CLOSING %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1037 tcp_pcb_purge(pcb);
1038 TCP_RMV_ACTIVE(pcb);
1039 pcb->state = TIME_WAIT;
1040 TCP_REG(&tcp_tw_pcbs, pcb);
1041 }
1042 break;
1043 case LAST_ACK:
1044 tcp_receive(pcb);
1045 if ((flags & TCP_ACK) && ackno == pcb->snd_nxt && pcb->unsent == NULL) {
1046 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: LAST_ACK %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1047 /* bugfix #21699: don't set pcb->state to CLOSED here or we risk leaking segments */
1048 recv_flags |= TF_CLOSED;
1049 }
1050 break;
1051 default:
1052 break;
1053 }
1054 return ERR_OK;
1055 }
1056
1057 #if TCP_QUEUE_OOSEQ
1058 /**
1059 * Insert segment into the list (segments covered with new one will be deleted)
1060 *
1061 * Called from tcp_receive()
1062 */
1063 static void
1064 tcp_oos_insert_segment(struct tcp_seg *cseg, struct tcp_seg *next)
1065 {
1066 struct tcp_seg *old_seg;
1067
1068 LWIP_ASSERT("tcp_oos_insert_segment: invalid cseg", cseg != NULL);
1069
1070 if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
1071 /* received segment overlaps all following segments */
1072 tcp_segs_free(next);
1073 next = NULL;
1074 } else {
1075 /* delete some following segments
1076 oos queue may have segments with FIN flag */
1077 while (next &&
1078 TCP_SEQ_GEQ((seqno + cseg->len),
1079 (next->tcphdr->seqno + next->len))) {
1080 /* cseg with FIN already processed */
1081 if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
1082 TCPH_SET_FLAG(cseg->tcphdr, TCP_FIN);
1083 }
1084 old_seg = next;
1085 next = next->next;
1086 tcp_seg_free(old_seg);
1087 }
1088 if (next &&
1089 TCP_SEQ_GT(seqno + cseg->len, next->tcphdr->seqno)) {
1090 /* We need to trim the incoming segment. */
1091 cseg->len = (u16_t)(next->tcphdr->seqno - seqno);
1092 pbuf_realloc(cseg->p, cseg->len);
1093 }
1094 }
1095 cseg->next = next;
1096 }
1097 #endif /* TCP_QUEUE_OOSEQ */
1098
1099 /** Remove segments from a list if the incoming ACK acknowledges them */
1100 static struct tcp_seg *
1101 tcp_free_acked_segments(struct tcp_pcb *pcb, struct tcp_seg *seg_list, const char *dbg_list_name,
1102 struct tcp_seg *dbg_other_seg_list)
1103 {
1104 struct tcp_seg *next;
1105 u16_t clen;
1106
1107 LWIP_UNUSED_ARG(dbg_list_name);
1108 LWIP_UNUSED_ARG(dbg_other_seg_list);
1109
1110 while (seg_list != NULL &&
1111 TCP_SEQ_LEQ(lwip_ntohl(seg_list->tcphdr->seqno) +
1112 TCP_TCPLEN(seg_list), ackno)) {
1113 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: removing %"U32_F":%"U32_F" from pcb->%s\n",
1114 lwip_ntohl(seg_list->tcphdr->seqno),
1115 lwip_ntohl(seg_list->tcphdr->seqno) + TCP_TCPLEN(seg_list),
1116 dbg_list_name));
1117
1118 next = seg_list;
1119 seg_list = seg_list->next;
1120
1121 clen = pbuf_clen(next->p);
1122 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_receive: queuelen %"TCPWNDSIZE_F" ... ",
1123 (tcpwnd_size_t)pcb->snd_queuelen));
1124 LWIP_ASSERT("pcb->snd_queuelen >= pbuf_clen(next->p)", (pcb->snd_queuelen >= clen));
1125
1126 pcb->snd_queuelen = (u16_t)(pcb->snd_queuelen - clen);
1127 recv_acked = (tcpwnd_size_t)(recv_acked + next->len);
1128 tcp_seg_free(next);
1129
1130 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("%"TCPWNDSIZE_F" (after freeing %s)\n",
1131 (tcpwnd_size_t)pcb->snd_queuelen,
1132 dbg_list_name));
1133 if (pcb->snd_queuelen != 0) {
1134 LWIP_ASSERT("tcp_receive: valid queue length",
1135 seg_list != NULL || dbg_other_seg_list != NULL);
1136 }
1137 }
1138 return seg_list;
1139 }
1140
1141 /**
1142 * Called by tcp_process. Checks if the given segment is an ACK for outstanding
1143 * data, and if so frees the memory of the buffered data. Next, it places the
1144 * segment on any of the receive queues (pcb->recved or pcb->ooseq). If the segment
1145 * is buffered, the pbuf is referenced by pbuf_ref so that it will not be freed until
1146 * it has been removed from the buffer.
1147 *
1148 * If the incoming segment constitutes an ACK for a segment that was used for RTT
1149 * estimation, the RTT is estimated here as well.
1150 *
1151 * Called from tcp_process().
1152 */
1153 static void
1154 tcp_receive(struct tcp_pcb *pcb)
1155 {
1156 s16_t m;
1157 u32_t right_wnd_edge;
1158
1159 LWIP_ASSERT("tcp_receive: invalid pcb", pcb != NULL);
1160 LWIP_ASSERT("tcp_receive: wrong state", pcb->state >= ESTABLISHED);
1161
1162 if (flags & TCP_ACK) {
1163 right_wnd_edge = pcb->snd_wnd + pcb->snd_wl2;
1164
1165 /* Update window. */
1166 if (TCP_SEQ_LT(pcb->snd_wl1, seqno) ||
1167 (pcb->snd_wl1 == seqno && TCP_SEQ_LT(pcb->snd_wl2, ackno)) ||
1168 (pcb->snd_wl2 == ackno && (u32_t)SND_WND_SCALE(pcb, tcphdr->wnd) > pcb->snd_wnd)) {
1169 pcb->snd_wnd = SND_WND_SCALE(pcb, tcphdr->wnd);
1170 /* keep track of the biggest window announced by the remote host to calculate
1171 the maximum segment size */
1172 if (pcb->snd_wnd_max < pcb->snd_wnd) {
1173 pcb->snd_wnd_max = pcb->snd_wnd;
1174 }
1175 pcb->snd_wl1 = seqno;
1176 pcb->snd_wl2 = ackno;
1177 LWIP_DEBUGF(TCP_WND_DEBUG, ("tcp_receive: window update %"TCPWNDSIZE_F"\n", pcb->snd_wnd));
1178 #if TCP_WND_DEBUG
1179 } else {
1180 if (pcb->snd_wnd != (tcpwnd_size_t)SND_WND_SCALE(pcb, tcphdr->wnd)) {
1181 LWIP_DEBUGF(TCP_WND_DEBUG,
1182 ("tcp_receive: no window update lastack %"U32_F" ackno %"
1183 U32_F" wl1 %"U32_F" seqno %"U32_F" wl2 %"U32_F"\n",
1184 pcb->lastack, ackno, pcb->snd_wl1, seqno, pcb->snd_wl2));
1185 }
1186 #endif /* TCP_WND_DEBUG */
1187 }
1188
1189 /* (From Stevens TCP/IP Illustrated Vol II, p970.) Its only a
1190 * duplicate ack if:
1191 * 1) It doesn't ACK new data
1192 * 2) length of received packet is zero (i.e. no payload)
1193 * 3) the advertised window hasn't changed
1194 * 4) There is outstanding unacknowledged data (retransmission timer running)
1195 * 5) The ACK is == biggest ACK sequence number so far seen (snd_una)
1196 *
1197 * If it passes all five, should process as a dupack:
1198 * a) dupacks < 3: do nothing
1199 * b) dupacks == 3: fast retransmit
1200 * c) dupacks > 3: increase cwnd
1201 *
1202 * If it only passes 1-3, should reset dupack counter (and add to
1203 * stats, which we don't do in lwIP)
1204 *
1205 * If it only passes 1, should reset dupack counter
1206 *
1207 */
1208
1209 /* Clause 1 */
1210 if (TCP_SEQ_LEQ(ackno, pcb->lastack)) {
1211 /* Clause 2 */
1212 if (tcplen == 0) {
1213 /* Clause 3 */
1214 if (pcb->snd_wl2 + pcb->snd_wnd == right_wnd_edge) {
1215 /* Clause 4 */
1216 if (pcb->rtime >= 0) {
1217 /* Clause 5 */
1218 if (pcb->lastack == ackno) {
1219 if ((u8_t)(pcb->dupacks + 1) > pcb->dupacks) {
1220 ++pcb->dupacks;
1221 }
1222 if (pcb->dupacks > 3) {
1223 /* Inflate the congestion window */
1224 TCP_WND_INC(pcb->cwnd, pcb->mss);
1225 }
1226 if (pcb->dupacks >= 3) {
1227 /* Do fast retransmit (checked via TF_INFR, not via dupacks count) */
1228 tcp_rexmit_fast(pcb);
1229 }
1230 }
1231 }
1232 }
1233 }
1234 } else if (TCP_SEQ_BETWEEN(ackno, pcb->lastack + 1, pcb->snd_nxt)) {
1235 /* We come here when the ACK acknowledges new data. */
1236 tcpwnd_size_t acked;
1237
1238 /* Reset the "IN Fast Retransmit" flag, since we are no longer
1239 in fast retransmit. Also reset the congestion window to the
1240 slow start threshold. */
1241 if (pcb->flags & TF_INFR) {
1242 tcp_clear_flags(pcb, TF_INFR);
1243 pcb->cwnd = pcb->ssthresh;
1244 pcb->bytes_acked = 0;
1245 }
1246
1247 /* Reset the number of retransmissions. */
1248 pcb->nrtx = 0;
1249
1250 /* Reset the retransmission time-out. */
1251 pcb->rto = (s16_t)((pcb->sa >> 3) + pcb->sv);
1252
1253 /* Record how much data this ACK acks */
1254 acked = (tcpwnd_size_t)(ackno - pcb->lastack);
1255
1256 /* Reset the fast retransmit variables. */
1257 pcb->dupacks = 0;
1258 pcb->lastack = ackno;
1259
1260 /* Update the congestion control variables (cwnd and
1261 ssthresh). */
1262 if (pcb->state >= ESTABLISHED) {
1263 if (pcb->cwnd < pcb->ssthresh) {
1264 tcpwnd_size_t increase;
1265 /* limit to 1 SMSS segment during period following RTO */
1266 u8_t num_seg = (pcb->flags & TF_RTO) ? 1 : 2;
1267 /* RFC 3465, section 2.2 Slow Start */
1268 increase = LWIP_MIN(acked, (tcpwnd_size_t)(num_seg * pcb->mss));
1269 TCP_WND_INC(pcb->cwnd, increase);
1270 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: slow start cwnd %"TCPWNDSIZE_F"\n", pcb->cwnd));
1271 } else {
1272 /* RFC 3465, section 2.1 Congestion Avoidance */
1273 TCP_WND_INC(pcb->bytes_acked, acked);
1274 if (pcb->bytes_acked >= pcb->cwnd) {
1275 pcb->bytes_acked = (tcpwnd_size_t)(pcb->bytes_acked - pcb->cwnd);
1276 TCP_WND_INC(pcb->cwnd, pcb->mss);
1277 }
1278 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: congestion avoidance cwnd %"TCPWNDSIZE_F"\n", pcb->cwnd));
1279 }
1280 }
1281 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: ACK for %"U32_F", unacked->seqno %"U32_F":%"U32_F"\n",
1282 ackno,
1283 pcb->unacked != NULL ?
1284 lwip_ntohl(pcb->unacked->tcphdr->seqno) : 0,
1285 pcb->unacked != NULL ?
1286 lwip_ntohl(pcb->unacked->tcphdr->seqno) + TCP_TCPLEN(pcb->unacked) : 0));
1287
1288 /* Remove segment from the unacknowledged list if the incoming
1289 ACK acknowledges them. */
1290 pcb->unacked = tcp_free_acked_segments(pcb, pcb->unacked, "unacked", pcb->unsent);
1291 /* We go through the ->unsent list to see if any of the segments
1292 on the list are acknowledged by the ACK. This may seem
1293 strange since an "unsent" segment shouldn't be acked. The
1294 rationale is that lwIP puts all outstanding segments on the
1295 ->unsent list after a retransmission, so these segments may
1296 in fact have been sent once. */
1297 pcb->unsent = tcp_free_acked_segments(pcb, pcb->unsent, "unsent", pcb->unacked);
1298
1299 /* If there's nothing left to acknowledge, stop the retransmit
1300 timer, otherwise reset it to start again */
1301 if (pcb->unacked == NULL) {
1302 pcb->rtime = -1;
1303 } else {
1304 pcb->rtime = 0;
1305 }
1306
1307 pcb->polltmr = 0;
1308
1309 #if TCP_OVERSIZE
1310 if (pcb->unsent == NULL) {
1311 pcb->unsent_oversize = 0;
1312 }
1313 #endif /* TCP_OVERSIZE */
1314
1315 #if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
1316 if (ip_current_is_v6()) {
1317 /* Inform neighbor reachability of forward progress. */
1318 nd6_reachability_hint(ip6_current_src_addr());
1319 }
1320 #endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
1321
1322 pcb->snd_buf = (tcpwnd_size_t)(pcb->snd_buf + recv_acked);
1323 /* check if this ACK ends our retransmission of in-flight data */
1324 if (pcb->flags & TF_RTO) {
1325 /* RTO is done if
1326 1) both queues are empty or
1327 2) unacked is empty and unsent head contains data not part of RTO or
1328 3) unacked head contains data not part of RTO */
1329 if (pcb->unacked == NULL) {
1330 if ((pcb->unsent == NULL) ||
1331 (TCP_SEQ_LEQ(pcb->rto_end, lwip_ntohl(pcb->unsent->tcphdr->seqno)))) {
1332 tcp_clear_flags(pcb, TF_RTO);
1333 }
1334 } else if (TCP_SEQ_LEQ(pcb->rto_end, lwip_ntohl(pcb->unacked->tcphdr->seqno))) {
1335 tcp_clear_flags(pcb, TF_RTO);
1336 }
1337 }
1338 /* End of ACK for new data processing. */
1339 } else {
1340 /* Out of sequence ACK, didn't really ack anything */
1341 tcp_send_empty_ack(pcb);
1342 }
1343
1344 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: pcb->rttest %"U32_F" rtseq %"U32_F" ackno %"U32_F"\n",
1345 pcb->rttest, pcb->rtseq, ackno));
1346
1347 /* RTT estimation calculations. This is done by checking if the
1348 incoming segment acknowledges the segment we use to take a
1349 round-trip time measurement. */
1350 if (pcb->rttest && TCP_SEQ_LT(pcb->rtseq, ackno)) {
1351 /* diff between this shouldn't exceed 32K since this are tcp timer ticks
1352 and a round-trip shouldn't be that long... */
1353 m = (s16_t)(tcp_ticks - pcb->rttest);
1354
1355 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: experienced rtt %"U16_F" ticks (%"U16_F" msec).\n",
1356 m, (u16_t)(m * TCP_SLOW_INTERVAL)));
1357
1358 /* This is taken directly from VJs original code in his paper */
1359 m = (s16_t)(m - (pcb->sa >> 3));
1360 pcb->sa = (s16_t)(pcb->sa + m);
1361 if (m < 0) {
1362 m = (s16_t) - m;
1363 }
1364 m = (s16_t)(m - (pcb->sv >> 2));
1365 pcb->sv = (s16_t)(pcb->sv + m);
1366 pcb->rto = (s16_t)((pcb->sa >> 3) + pcb->sv);
1367
1368 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: RTO %"U16_F" (%"U16_F" milliseconds)\n",
1369 pcb->rto, (u16_t)(pcb->rto * TCP_SLOW_INTERVAL)));
1370
1371 pcb->rttest = 0;
1372 }
1373 }
1374
1375 /* If the incoming segment contains data, we must process it
1376 further unless the pcb already received a FIN.
1377 (RFC 793, chapter 3.9, "SEGMENT ARRIVES" in states CLOSE-WAIT, CLOSING,
1378 LAST-ACK and TIME-WAIT: "Ignore the segment text.") */
1379 if ((tcplen > 0) && (pcb->state < CLOSE_WAIT)) {
1380 /* This code basically does three things:
1381
1382 +) If the incoming segment contains data that is the next
1383 in-sequence data, this data is passed to the application. This
1384 might involve trimming the first edge of the data. The rcv_nxt
1385 variable and the advertised window are adjusted.
1386
1387 +) If the incoming segment has data that is above the next
1388 sequence number expected (->rcv_nxt), the segment is placed on
1389 the ->ooseq queue. This is done by finding the appropriate
1390 place in the ->ooseq queue (which is ordered by sequence
1391 number) and trim the segment in both ends if needed. An
1392 immediate ACK is sent to indicate that we received an
1393 out-of-sequence segment.
1394
1395 +) Finally, we check if the first segment on the ->ooseq queue
1396 now is in sequence (i.e., if rcv_nxt >= ooseq->seqno). If
1397 rcv_nxt > ooseq->seqno, we must trim the first edge of the
1398 segment on ->ooseq before we adjust rcv_nxt. The data in the
1399 segments that are now on sequence are chained onto the
1400 incoming segment so that we only need to call the application
1401 once.
1402 */
1403
1404 /* First, we check if we must trim the first edge. We have to do
1405 this if the sequence number of the incoming segment is less
1406 than rcv_nxt, and the sequence number plus the length of the
1407 segment is larger than rcv_nxt. */
1408 /* if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)) {
1409 if (TCP_SEQ_LT(pcb->rcv_nxt, seqno + tcplen)) {*/
1410 if (TCP_SEQ_BETWEEN(pcb->rcv_nxt, seqno + 1, seqno + tcplen - 1)) {
1411 /* Trimming the first edge is done by pushing the payload
1412 pointer in the pbuf downwards. This is somewhat tricky since
1413 we do not want to discard the full contents of the pbuf up to
1414 the new starting point of the data since we have to keep the
1415 TCP header which is present in the first pbuf in the chain.
1416
1417 What is done is really quite a nasty hack: the first pbuf in
1418 the pbuf chain is pointed to by inseg.p. Since we need to be
1419 able to deallocate the whole pbuf, we cannot change this
1420 inseg.p pointer to point to any of the later pbufs in the
1421 chain. Instead, we point the ->payload pointer in the first
1422 pbuf to data in one of the later pbufs. We also set the
1423 inseg.data pointer to point to the right place. This way, the
1424 ->p pointer will still point to the first pbuf, but the
1425 ->p->payload pointer will point to data in another pbuf.
1426
1427 After we are done with adjusting the pbuf pointers we must
1428 adjust the ->data pointer in the seg and the segment
1429 length.*/
1430
1431 struct pbuf *p = inseg.p;
1432 u32_t off32 = pcb->rcv_nxt - seqno;
1433 u16_t new_tot_len, off;
1434 LWIP_ASSERT("inseg.p != NULL", inseg.p);
1435 LWIP_ASSERT("insane offset!", (off32 < 0xffff));
1436 off = (u16_t)off32;
1437 LWIP_ASSERT("pbuf too short!", (((s32_t)inseg.p->tot_len) >= off));
1438 inseg.len -= off;
1439 new_tot_len = (u16_t)(inseg.p->tot_len - off);
1440 while (p->len < off) {
1441 off -= p->len;
1442 /* all pbufs up to and including this one have len==0, so tot_len is equal */
1443 p->tot_len = new_tot_len;
1444 p->len = 0;
1445 p = p->next;
1446 }
1447 /* cannot fail... */
1448 pbuf_remove_header(p, off);
1449 inseg.tcphdr->seqno = seqno = pcb->rcv_nxt;
1450 } else {
1451 if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)) {
1452 /* the whole segment is < rcv_nxt */
1453 /* must be a duplicate of a packet that has already been correctly handled */
1454
1455 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: duplicate seqno %"U32_F"\n", seqno));
1456 tcp_ack_now(pcb);
1457 }
1458 }
1459
1460 /* The sequence number must be within the window (above rcv_nxt
1461 and below rcv_nxt + rcv_wnd) in order to be further
1462 processed. */
1463 if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt,
1464 pcb->rcv_nxt + pcb->rcv_wnd - 1)) {
1465 if (pcb->rcv_nxt == seqno) {
1466 /* The incoming segment is the next in sequence. We check if
1467 we have to trim the end of the segment and update rcv_nxt
1468 and pass the data to the application. */
1469 tcplen = TCP_TCPLEN(&inseg);
1470
1471 if (tcplen > pcb->rcv_wnd) {
1472 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1473 ("tcp_receive: other end overran receive window"
1474 "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
1475 seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
1476 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1477 /* Must remove the FIN from the header as we're trimming
1478 * that byte of sequence-space from the packet */
1479 TCPH_FLAGS_SET(inseg.tcphdr, TCPH_FLAGS(inseg.tcphdr) & ~(unsigned int)TCP_FIN);
1480 }
1481 /* Adjust length of segment to fit in the window. */
1482 TCPWND_CHECK16(pcb->rcv_wnd);
1483 inseg.len = (u16_t)pcb->rcv_wnd;
1484 if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
1485 inseg.len -= 1;
1486 }
1487 pbuf_realloc(inseg.p, inseg.len);
1488 tcplen = TCP_TCPLEN(&inseg);
1489 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd",
1490 (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
1491 }
1492 #if TCP_QUEUE_OOSEQ
1493 /* Received in-sequence data, adjust ooseq data if:
1494 - FIN has been received or
1495 - inseq overlaps with ooseq */
1496 if (pcb->ooseq != NULL) {
1497 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1498 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1499 ("tcp_receive: received in-order FIN, binning ooseq queue\n"));
1500 /* Received in-order FIN means anything that was received
1501 * out of order must now have been received in-order, so
1502 * bin the ooseq queue */
1503 while (pcb->ooseq != NULL) {
1504 struct tcp_seg *old_ooseq = pcb->ooseq;
1505 pcb->ooseq = pcb->ooseq->next;
1506 tcp_seg_free(old_ooseq);
1507 }
1508 } else {
1509 struct tcp_seg *next = pcb->ooseq;
1510 /* Remove all segments on ooseq that are covered by inseg already.
1511 * FIN is copied from ooseq to inseg if present. */
1512 while (next &&
1513 TCP_SEQ_GEQ(seqno + tcplen,
1514 next->tcphdr->seqno + next->len)) {
1515 struct tcp_seg *tmp;
1516 /* inseg cannot have FIN here (already processed above) */
1517 if ((TCPH_FLAGS(next->tcphdr) & TCP_FIN) != 0 &&
1518 (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) == 0) {
1519 TCPH_SET_FLAG(inseg.tcphdr, TCP_FIN);
1520 tcplen = TCP_TCPLEN(&inseg);
1521 }
1522 tmp = next;
1523 next = next->next;
1524 tcp_seg_free(tmp);
1525 }
1526 /* Now trim right side of inseg if it overlaps with the first
1527 * segment on ooseq */
1528 if (next &&
1529 TCP_SEQ_GT(seqno + tcplen,
1530 next->tcphdr->seqno)) {
1531 /* inseg cannot have FIN here (already processed above) */
1532 inseg.len = (u16_t)(next->tcphdr->seqno - seqno);
1533 if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
1534 inseg.len -= 1;
1535 }
1536 pbuf_realloc(inseg.p, inseg.len);
1537 tcplen = TCP_TCPLEN(&inseg);
1538 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to ooseq queue",
1539 (seqno + tcplen) == next->tcphdr->seqno);
1540 }
1541 pcb->ooseq = next;
1542 }
1543 }
1544 #endif /* TCP_QUEUE_OOSEQ */
1545
1546 pcb->rcv_nxt = seqno + tcplen;
1547
1548 /* Update the receiver's (our) window. */
1549 LWIP_ASSERT("tcp_receive: tcplen > rcv_wnd", pcb->rcv_wnd >= tcplen);
1550 pcb->rcv_wnd -= tcplen;
1551
1552 tcp_update_rcv_ann_wnd(pcb);
1553
1554 /* If there is data in the segment, we make preparations to
1555 pass this up to the application. The ->recv_data variable
1556 is used for holding the pbuf that goes to the
1557 application. The code for reassembling out-of-sequence data
1558 chains its data on this pbuf as well.
1559
1560 If the segment was a FIN, we set the TF_GOT_FIN flag that will
1561 be used to indicate to the application that the remote side has
1562 closed its end of the connection. */
1563 if (inseg.p->tot_len > 0) {
1564 recv_data = inseg.p;
1565 /* Since this pbuf now is the responsibility of the
1566 application, we delete our reference to it so that we won't
1567 (mistakingly) deallocate it. */
1568 inseg.p = NULL;
1569 }
1570 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1571 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: received FIN.\n"));
1572 recv_flags |= TF_GOT_FIN;
1573 }
1574
1575 #if TCP_QUEUE_OOSEQ
1576 /* We now check if we have segments on the ->ooseq queue that
1577 are now in sequence. */
1578 while (pcb->ooseq != NULL &&
1579 pcb->ooseq->tcphdr->seqno == pcb->rcv_nxt) {
1580
1581 struct tcp_seg *cseg = pcb->ooseq;
1582 seqno = pcb->ooseq->tcphdr->seqno;
1583
1584 pcb->rcv_nxt += TCP_TCPLEN(cseg);
1585 LWIP_ASSERT("tcp_receive: ooseq tcplen > rcv_wnd",
1586 pcb->rcv_wnd >= TCP_TCPLEN(cseg));
1587 pcb->rcv_wnd -= TCP_TCPLEN(cseg);
1588
1589 tcp_update_rcv_ann_wnd(pcb);
1590
1591 if (cseg->p->tot_len > 0) {
1592 /* Chain this pbuf onto the pbuf that we will pass to
1593 the application. */
1594 /* With window scaling, this can overflow recv_data->tot_len, but
1595 that's not a problem since we explicitly fix that before passing
1596 recv_data to the application. */
1597 if (recv_data) {
1598 pbuf_cat(recv_data, cseg->p);
1599 } else {
1600 recv_data = cseg->p;
1601 }
1602 cseg->p = NULL;
1603 }
1604 if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
1605 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: dequeued FIN.\n"));
1606 recv_flags |= TF_GOT_FIN;
1607 if (pcb->state == ESTABLISHED) { /* force passive close or we can move to active close */
1608 pcb->state = CLOSE_WAIT;
1609 }
1610 }
1611
1612 pcb->ooseq = cseg->next;
1613 tcp_seg_free(cseg);
1614 }
1615 #if LWIP_TCP_SACK_OUT
1616 if (pcb->flags & TF_SACK) {
1617 if (pcb->ooseq != NULL) {
1618 /* Some segments may have been removed from ooseq, let's remove all SACKs that
1619 describe anything before the new beginning of that list. */
1620 tcp_remove_sacks_lt(pcb, pcb->ooseq->tcphdr->seqno);
1621 } else if (LWIP_TCP_SACK_VALID(pcb, 0)) {
1622 /* ooseq has been cleared. Nothing to SACK */
1623 memset(pcb->rcv_sacks, 0, sizeof(pcb->rcv_sacks));
1624 }
1625 }
1626 #endif /* LWIP_TCP_SACK_OUT */
1627 #endif /* TCP_QUEUE_OOSEQ */
1628
1629
1630 /* Acknowledge the segment(s). */
1631 tcp_ack(pcb);
1632
1633 #if LWIP_TCP_SACK_OUT
1634 if (LWIP_TCP_SACK_VALID(pcb, 0)) {
1635 /* Normally the ACK for the data received could be piggy-backed on a data packet,
1636 but lwIP currently does not support including SACKs in data packets. So we force
1637 it to respond with an empty ACK packet (only if there is at least one SACK to be sent).
1638 NOTE: tcp_send_empty_ack() on success clears the ACK flags (set by tcp_ack()) */
1639 tcp_send_empty_ack(pcb);
1640 }
1641 #endif /* LWIP_TCP_SACK_OUT */
1642
1643 #if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
1644 if (ip_current_is_v6()) {
1645 /* Inform neighbor reachability of forward progress. */
1646 nd6_reachability_hint(ip6_current_src_addr());
1647 }
1648 #endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
1649
1650 } else {
1651 /* We get here if the incoming segment is out-of-sequence. */
1652
1653 #if TCP_QUEUE_OOSEQ
1654 /* We queue the segment on the ->ooseq queue. */
1655 if (pcb->ooseq == NULL) {
1656 pcb->ooseq = tcp_seg_copy(&inseg);
1657 #if LWIP_TCP_SACK_OUT
1658 if (pcb->flags & TF_SACK) {
1659 /* All the SACKs should be invalid, so we can simply store the most recent one: */
1660 pcb->rcv_sacks[0].left = seqno;
1661 pcb->rcv_sacks[0].right = seqno + inseg.len;
1662 }
1663 #endif /* LWIP_TCP_SACK_OUT */
1664 } else {
1665 /* If the queue is not empty, we walk through the queue and
1666 try to find a place where the sequence number of the
1667 incoming segment is between the sequence numbers of the
1668 previous and the next segment on the ->ooseq queue. That is
1669 the place where we put the incoming segment. If needed, we
1670 trim the second edges of the previous and the incoming
1671 segment so that it will fit into the sequence.
1672
1673 If the incoming segment has the same sequence number as a
1674 segment on the ->ooseq queue, we discard the segment that
1675 contains less data. */
1676
1677 #if LWIP_TCP_SACK_OUT
1678 /* This is the left edge of the lowest possible SACK range.
1679 It may start before the newly received segment (possibly adjusted below). */
1680 u32_t sackbeg = TCP_SEQ_LT(seqno, pcb->ooseq->tcphdr->seqno) ? seqno : pcb->ooseq->tcphdr->seqno;
1681 #endif /* LWIP_TCP_SACK_OUT */
1682 struct tcp_seg *next, *prev = NULL;
1683 for (next = pcb->ooseq; next != NULL; next = next->next) {
1684 if (seqno == next->tcphdr->seqno) {
1685 /* The sequence number of the incoming segment is the
1686 same as the sequence number of the segment on
1687 ->ooseq. We check the lengths to see which one to
1688 discard. */
1689 if (inseg.len > next->len) {
1690 /* The incoming segment is larger than the old
1691 segment. We replace some segments with the new
1692 one. */
1693 struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1694 if (cseg != NULL) {
1695 if (prev != NULL) {
1696 prev->next = cseg;
1697 } else {
1698 pcb->ooseq = cseg;
1699 }
1700 tcp_oos_insert_segment(cseg, next);
1701 }
1702 break;
1703 } else {
1704 /* Either the lengths are the same or the incoming
1705 segment was smaller than the old one; in either
1706 case, we ditch the incoming segment. */
1707 break;
1708 }
1709 } else {
1710 if (prev == NULL) {
1711 if (TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {
1712 /* The sequence number of the incoming segment is lower
1713 than the sequence number of the first segment on the
1714 queue. We put the incoming segment first on the
1715 queue. */
1716 struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1717 if (cseg != NULL) {
1718 pcb->ooseq = cseg;
1719 tcp_oos_insert_segment(cseg, next);
1720 }
1721 break;
1722 }
1723 } else {
1724 /*if (TCP_SEQ_LT(prev->tcphdr->seqno, seqno) &&
1725 TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {*/
1726 if (TCP_SEQ_BETWEEN(seqno, prev->tcphdr->seqno + 1, next->tcphdr->seqno - 1)) {
1727 /* The sequence number of the incoming segment is in
1728 between the sequence numbers of the previous and
1729 the next segment on ->ooseq. We trim trim the previous
1730 segment, delete next segments that included in received segment
1731 and trim received, if needed. */
1732 struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1733 if (cseg != NULL) {
1734 if (TCP_SEQ_GT(prev->tcphdr->seqno + prev->len, seqno)) {
1735 /* We need to trim the prev segment. */
1736 prev->len = (u16_t)(seqno - prev->tcphdr->seqno);
1737 pbuf_realloc(prev->p, prev->len);
1738 }
1739 prev->next = cseg;
1740 tcp_oos_insert_segment(cseg, next);
1741 }
1742 break;
1743 }
1744 }
1745
1746 #if LWIP_TCP_SACK_OUT
1747 /* The new segment goes after the 'next' one. If there is a "hole" in sequence numbers
1748 between 'prev' and the beginning of 'next', we want to move sackbeg. */
1749 if (prev != NULL && prev->tcphdr->seqno + prev->len != next->tcphdr->seqno) {
1750 sackbeg = next->tcphdr->seqno;
1751 }
1752 #endif /* LWIP_TCP_SACK_OUT */
1753
1754 /* We don't use 'prev' below, so let's set it to current 'next'.
1755 This way even if we break the loop below, 'prev' will be pointing
1756 at the segment right in front of the newly added one. */
1757 prev = next;
1758
1759 /* If the "next" segment is the last segment on the
1760 ooseq queue, we add the incoming segment to the end
1761 of the list. */
1762 if (next->next == NULL &&
1763 TCP_SEQ_GT(seqno, next->tcphdr->seqno)) {
1764 if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
1765 /* segment "next" already contains all data */
1766 break;
1767 }
1768 next->next = tcp_seg_copy(&inseg);
1769 if (next->next != NULL) {
1770 if (TCP_SEQ_GT(next->tcphdr->seqno + next->len, seqno)) {
1771 /* We need to trim the last segment. */
1772 next->len = (u16_t)(seqno - next->tcphdr->seqno);
1773 pbuf_realloc(next->p, next->len);
1774 }
1775 /* check if the remote side overruns our receive window */
1776 if (TCP_SEQ_GT((u32_t)tcplen + seqno, pcb->rcv_nxt + (u32_t)pcb->rcv_wnd)) {
1777 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1778 ("tcp_receive: other end overran receive window"
1779 "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
1780 seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
1781 if (TCPH_FLAGS(next->next->tcphdr) & TCP_FIN) {
1782 /* Must remove the FIN from the header as we're trimming
1783 * that byte of sequence-space from the packet */
1784 TCPH_FLAGS_SET(next->next->tcphdr, TCPH_FLAGS(next->next->tcphdr) & ~TCP_FIN);
1785 }
1786 /* Adjust length of segment to fit in the window. */
1787 next->next->len = (u16_t)(pcb->rcv_nxt + pcb->rcv_wnd - seqno);
1788 pbuf_realloc(next->next->p, next->next->len);
1789 tcplen = TCP_TCPLEN(next->next);
1790 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd",
1791 (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
1792 }
1793 }
1794 break;
1795 }
1796 }
1797 }
1798
1799 #if LWIP_TCP_SACK_OUT
1800 if (pcb->flags & TF_SACK) {
1801 if (prev == NULL) {
1802 /* The new segment is at the beginning. sackbeg should already be set properly.
1803 We need to find the right edge. */
1804 next = pcb->ooseq;
1805 } else if (prev->next != NULL) {
1806 /* The new segment was added after 'prev'. If there is a "hole" between 'prev' and 'prev->next',
1807 we need to move sackbeg. After that we should find the right edge. */
1808 next = prev->next;
1809 if (prev->tcphdr->seqno + prev->len != next->tcphdr->seqno) {
1810 sackbeg = next->tcphdr->seqno;
1811 }
1812 } else {
1813 next = NULL;
1814 }
1815 if (next != NULL) {
1816 u32_t sackend = next->tcphdr->seqno;
1817 for ( ; (next != NULL) && (sackend == next->tcphdr->seqno); next = next->next) {
1818 sackend += next->len;
1819 }
1820 tcp_add_sack(pcb, sackbeg, sackend);
1821 }
1822 }
1823 #endif /* LWIP_TCP_SACK_OUT */
1824 }
1825 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
1826 {
1827 /* Check that the data on ooseq doesn't exceed one of the limits
1828 and throw away everything above that limit. */
1829 #ifdef TCP_OOSEQ_BYTES_LIMIT
1830 const u32_t ooseq_max_blen = TCP_OOSEQ_BYTES_LIMIT(pcb);
1831 u32_t ooseq_blen = 0;
1832 #endif
1833 #ifdef TCP_OOSEQ_PBUFS_LIMIT
1834 const u16_t ooseq_max_qlen = TCP_OOSEQ_PBUFS_LIMIT(pcb);
1835 u16_t ooseq_qlen = 0;
1836 #endif
1837 struct tcp_seg *next, *prev = NULL;
1838 for (next = pcb->ooseq; next != NULL; prev = next, next = next->next) {
1839 struct pbuf *p = next->p;
1840 int stop_here = 0;
1841 #ifdef TCP_OOSEQ_BYTES_LIMIT
1842 ooseq_blen += p->tot_len;
1843 if (ooseq_blen > ooseq_max_blen) {
1844 stop_here = 1;
1845 }
1846 #endif
1847 #ifdef TCP_OOSEQ_PBUFS_LIMIT
1848 ooseq_qlen += pbuf_clen(p);
1849 if (ooseq_qlen > ooseq_max_qlen) {
1850 stop_here = 1;
1851 }
1852 #endif
1853 if (stop_here) {
1854 #if LWIP_TCP_SACK_OUT
1855 if (pcb->flags & TF_SACK) {
1856 /* Let's remove all SACKs from next's seqno up. */
1857 tcp_remove_sacks_gt(pcb, next->tcphdr->seqno);
1858 }
1859 #endif /* LWIP_TCP_SACK_OUT */
1860 /* too much ooseq data, dump this and everything after it */
1861 tcp_segs_free(next);
1862 if (prev == NULL) {
1863 /* first ooseq segment is too much, dump the whole queue */
1864 pcb->ooseq = NULL;
1865 } else {
1866 /* just dump 'next' and everything after it */
1867 prev->next = NULL;
1868 }
1869 break;
1870 }
1871 }
1872 }
1873 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
1874 #endif /* TCP_QUEUE_OOSEQ */
1875
1876 /* We send the ACK packet after we've (potentially) dealt with SACKs,
1877 so they can be included in the acknowledgment. */
1878 tcp_send_empty_ack(pcb);
1879 }
1880 } else {
1881 /* The incoming segment is not within the window. */
1882 tcp_send_empty_ack(pcb);
1883 }
1884 } else {
1885 /* Segments with length 0 is taken care of here. Segments that
1886 fall out of the window are ACKed. */
1887 if (!TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd - 1)) {
1888 tcp_ack_now(pcb);
1889 }
1890 }
1891 }
1892
1893 static u8_t
1894 tcp_get_next_optbyte(void)
1895 {
1896 u16_t optidx = tcp_optidx++;
1897 if ((tcphdr_opt2 == NULL) || (optidx < tcphdr_opt1len)) {
1898 u8_t *opts = (u8_t *)tcphdr + TCP_HLEN;
1899 return opts[optidx];
1900 } else {
1901 u8_t idx = (u8_t)(optidx - tcphdr_opt1len);
1902 return tcphdr_opt2[idx];
1903 }
1904 }
1905
1906 /**
1907 * Parses the options contained in the incoming segment.
1908 *
1909 * Called from tcp_listen_input() and tcp_process().
1910 * Currently, only the MSS option is supported!
1911 *
1912 * @param pcb the tcp_pcb for which a segment arrived
1913 */
1914 static void
1915 tcp_parseopt(struct tcp_pcb *pcb)
1916 {
1917 u8_t data;
1918 u16_t mss;
1919 #if LWIP_TCP_TIMESTAMPS
1920 u32_t tsval;
1921 #endif
1922
1923 LWIP_ASSERT("tcp_parseopt: invalid pcb", pcb != NULL);
1924
1925 /* Parse the TCP MSS option, if present. */
1926 if (tcphdr_optlen != 0) {
1927 for (tcp_optidx = 0; tcp_optidx < tcphdr_optlen; ) {
1928 u8_t opt = tcp_get_next_optbyte();
1929 switch (opt) {
1930 case LWIP_TCP_OPT_EOL:
1931 /* End of options. */
1932 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: EOL\n"));
1933 return;
1934 case LWIP_TCP_OPT_NOP:
1935 /* NOP option. */
1936 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: NOP\n"));
1937 break;
1938 case LWIP_TCP_OPT_MSS:
1939 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: MSS\n"));
1940 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_MSS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_MSS) > tcphdr_optlen) {
1941 /* Bad length */
1942 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1943 return;
1944 }
1945 /* An MSS option with the right option length. */
1946 mss = (u16_t)(tcp_get_next_optbyte() << 8);
1947 mss |= tcp_get_next_optbyte();
1948 /* Limit the mss to the configured TCP_MSS and prevent division by zero */
1949 pcb->mss = ((mss > TCP_MSS) || (mss == 0)) ? TCP_MSS : mss;
1950 break;
1951 #if LWIP_WND_SCALE
1952 case LWIP_TCP_OPT_WS:
1953 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: WND_SCALE\n"));
1954 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_WS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_WS) > tcphdr_optlen) {
1955 /* Bad length */
1956 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1957 return;
1958 }
1959 /* An WND_SCALE option with the right option length. */
1960 data = tcp_get_next_optbyte();
1961 /* If syn was received with wnd scale option,
1962 activate wnd scale opt, but only if this is not a retransmission */
1963 if ((flags & TCP_SYN) && !(pcb->flags & TF_WND_SCALE)) {
1964 pcb->snd_scale = data;
1965 if (pcb->snd_scale > 14U) {
1966 pcb->snd_scale = 14U;
1967 }
1968 pcb->rcv_scale = TCP_RCV_SCALE;
1969 tcp_set_flags(pcb, TF_WND_SCALE);
1970 /* window scaling is enabled, we can use the full receive window */
1971 LWIP_ASSERT("window not at default value", pcb->rcv_wnd == TCPWND_MIN16(TCP_WND));
1972 LWIP_ASSERT("window not at default value", pcb->rcv_ann_wnd == TCPWND_MIN16(TCP_WND));
1973 pcb->rcv_wnd = pcb->rcv_ann_wnd = TCP_WND;
1974 }
1975 break;
1976 #endif /* LWIP_WND_SCALE */
1977 #if LWIP_TCP_TIMESTAMPS
1978 case LWIP_TCP_OPT_TS:
1979 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: TS\n"));
1980 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_TS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_TS) > tcphdr_optlen) {
1981 /* Bad length */
1982 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1983 return;
1984 }
1985 /* TCP timestamp option with valid length */
1986 tsval = tcp_get_next_optbyte();
1987 tsval |= (tcp_get_next_optbyte() << 8);
1988 tsval |= (tcp_get_next_optbyte() << 16);
1989 tsval |= (tcp_get_next_optbyte() << 24);
1990 if (flags & TCP_SYN) {
1991 pcb->ts_recent = lwip_ntohl(tsval);
1992 /* Enable sending timestamps in every segment now that we know
1993 the remote host supports it. */
1994 tcp_set_flags(pcb, TF_TIMESTAMP);
1995 } else if (TCP_SEQ_BETWEEN(pcb->ts_lastacksent, seqno, seqno + tcplen)) {
1996 pcb->ts_recent = lwip_ntohl(tsval);
1997 }
1998 /* Advance to next option (6 bytes already read) */
1999 tcp_optidx += LWIP_TCP_OPT_LEN_TS - 6;
2000 break;
2001 #endif /* LWIP_TCP_TIMESTAMPS */
2002 #if LWIP_TCP_SACK_OUT
2003 case LWIP_TCP_OPT_SACK_PERM:
2004 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: SACK_PERM\n"));
2005 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_SACK_PERM || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_SACK_PERM) > tcphdr_optlen) {
2006 /* Bad length */
2007 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
2008 return;
2009 }
2010 /* TCP SACK_PERM option with valid length */
2011 if (flags & TCP_SYN) {
2012 /* We only set it if we receive it in a SYN (or SYN+ACK) packet */
2013 tcp_set_flags(pcb, TF_SACK);
2014 }
2015 break;
2016 #endif /* LWIP_TCP_SACK_OUT */
2017 default:
2018 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: other\n"));
2019 data = tcp_get_next_optbyte();
2020 if (data < 2) {
2021 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
2022 /* If the length field is zero, the options are malformed
2023 and we don't process them further. */
2024 return;
2025 }
2026 /* All other options have a length field, so that we easily
2027 can skip past them. */
2028 tcp_optidx += data - 2;
2029 }
2030 }
2031 }
2032 }
2033
2034 void
2035 tcp_trigger_input_pcb_close(void)
2036 {
2037 recv_flags |= TF_CLOSED;
2038 }
2039
2040 #if LWIP_TCP_SACK_OUT
2041 /**
2042 * Called by tcp_receive() to add new SACK entry.
2043 *
2044 * The new SACK entry will be placed at the beginning of rcv_sacks[], as the newest one.
2045 * Existing SACK entries will be "pushed back", to preserve their order.
2046 * This is the behavior described in RFC 2018, section 4.
2047 *
2048 * @param pcb the tcp_pcb for which a segment arrived
2049 * @param left the left side of the SACK (the first sequence number)
2050 * @param right the right side of the SACK (the first sequence number past this SACK)
2051 */
2052 static void
2053 tcp_add_sack(struct tcp_pcb *pcb, u32_t left, u32_t right)
2054 {
2055 u8_t i;
2056 u8_t unused_idx;
2057
2058 if ((pcb->flags & TF_SACK) == 0 || !TCP_SEQ_LT(left, right)) {
2059 return;
2060 }
2061
2062 /* First, let's remove all SACKs that are no longer needed (because they overlap with the newest one),
2063 while moving all other SACKs forward.
2064 We run this loop for all entries, until we find the first invalid one.
2065 There is no point checking after that. */
2066 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2067 /* We only want to use SACK at [i] if it doesn't overlap with left:right range.
2068 It does not overlap if its right side is before the newly added SACK,
2069 or if its left side is after the newly added SACK.
2070 NOTE: The equality should not really happen, but it doesn't hurt. */
2071 if (TCP_SEQ_LEQ(pcb->rcv_sacks[i].right, left) || TCP_SEQ_LEQ(right, pcb->rcv_sacks[i].left)) {
2072 if (unused_idx != i) {
2073 /* We don't need to copy if it's already in the right spot */
2074 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2075 }
2076 ++unused_idx;
2077 }
2078 }
2079
2080 /* Now 'unused_idx' is the index of the first invalid SACK entry,
2081 anywhere between 0 (no valid entries) and LWIP_TCP_MAX_SACK_NUM (all entries are valid).
2082 We want to clear this and all following SACKs.
2083 However, we will be adding another one in the front (and shifting everything else back).
2084 So let's just iterate from the back, and set each entry to the one to the left if it's valid,
2085 or to 0 if it is not. */
2086 for (i = LWIP_TCP_MAX_SACK_NUM - 1; i > 0; --i) {
2087 /* [i] is the index we are setting, and the value should be at index [i-1],
2088 or 0 if that index is unused (>= unused_idx). */
2089 if (i - 1 >= unused_idx) {
2090 /* [i-1] is unused. Let's clear [i]. */
2091 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2092 } else {
2093 pcb->rcv_sacks[i] = pcb->rcv_sacks[i - 1];
2094 }
2095 }
2096
2097 /* And now we can store the newest SACK */
2098 pcb->rcv_sacks[0].left = left;
2099 pcb->rcv_sacks[0].right = right;
2100 }
2101
2102 /**
2103 * Called to remove a range of SACKs.
2104 *
2105 * SACK entries will be removed or adjusted to not acknowledge any sequence
2106 * numbers that are less than 'seq' passed. It not only invalidates entries,
2107 * but also moves all entries that are still valid to the beginning.
2108 *
2109 * @param pcb the tcp_pcb to modify
2110 * @param seq the lowest sequence number to keep in SACK entries
2111 */
2112 static void
2113 tcp_remove_sacks_lt(struct tcp_pcb *pcb, u32_t seq)
2114 {
2115 u8_t i;
2116 u8_t unused_idx;
2117
2118 /* We run this loop for all entries, until we find the first invalid one.
2119 There is no point checking after that. */
2120 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2121 /* We only want to use SACK at index [i] if its right side is > 'seq'. */
2122 if (TCP_SEQ_GT(pcb->rcv_sacks[i].right, seq)) {
2123 if (unused_idx != i) {
2124 /* We only copy it if it's not in the right spot already. */
2125 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2126 }
2127 /* NOTE: It is possible that its left side is < 'seq', in which case we should adjust it. */
2128 if (TCP_SEQ_LT(pcb->rcv_sacks[unused_idx].left, seq)) {
2129 pcb->rcv_sacks[unused_idx].left = seq;
2130 }
2131 ++unused_idx;
2132 }
2133 }
2134
2135 /* We also need to invalidate everything from 'unused_idx' till the end */
2136 for (i = unused_idx; i < LWIP_TCP_MAX_SACK_NUM; ++i) {
2137 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2138 }
2139 }
2140
2141 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
2142 /**
2143 * Called to remove a range of SACKs.
2144 *
2145 * SACK entries will be removed or adjusted to not acknowledge any sequence
2146 * numbers that are greater than (or equal to) 'seq' passed. It not only invalidates entries,
2147 * but also moves all entries that are still valid to the beginning.
2148 *
2149 * @param pcb the tcp_pcb to modify
2150 * @param seq the highest sequence number to keep in SACK entries
2151 */
2152 static void
2153 tcp_remove_sacks_gt(struct tcp_pcb *pcb, u32_t seq)
2154 {
2155 u8_t i;
2156 u8_t unused_idx;
2157
2158 /* We run this loop for all entries, until we find the first invalid one.
2159 There is no point checking after that. */
2160 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2161 /* We only want to use SACK at index [i] if its left side is < 'seq'. */
2162 if (TCP_SEQ_LT(pcb->rcv_sacks[i].left, seq)) {
2163 if (unused_idx != i) {
2164 /* We only copy it if it's not in the right spot already. */
2165 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2166 }
2167 /* NOTE: It is possible that its right side is > 'seq', in which case we should adjust it. */
2168 if (TCP_SEQ_GT(pcb->rcv_sacks[unused_idx].right, seq)) {
2169 pcb->rcv_sacks[unused_idx].right = seq;
2170 }
2171 ++unused_idx;
2172 }
2173 }
2174
2175 /* We also need to invalidate everything from 'unused_idx' till the end */
2176 for (i = unused_idx; i < LWIP_TCP_MAX_SACK_NUM; ++i) {
2177 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2178 }
2179 }
2180 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
2181
2182 #endif /* LWIP_TCP_SACK_OUT */
2183
2184 #endif /* LWIP_TCP */
2185