tcp_subr.c source code [xnu/bsd/netinet/tcp_subr.c]

1	/*
2	* Copyright (c) 2000-2018 Apple Inc. All rights reserved.
3	*
4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5	*
6	* This file contains Original Code and/or Modifications of Original Code
7	* as defined in and that are subject to the Apple Public Source License
8	* Version 2.0 (the 'License'). You may not use this file except in
9	* compliance with the License. The rights granted to you under the License
10	* may not be used to create, or enable the creation or redistribution of,
11	* unlawful or unlicensed copies of an Apple operating system, or to
12	* circumvent, violate, or enable the circumvention or violation of, any
13	* terms of an Apple operating system software license agreement.
14	*
15	* Please obtain a copy of the License at
16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
17	*
18	* The Original Code and all software distributed under the License are
19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23	* Please see the License for the specific language governing rights and
24	* limitations under the License.
25	*
26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27	*/
28	/*
29	* Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
30	* The Regents of the University of California. All rights reserved.
31	*
32	* Redistribution and use in source and binary forms, with or without
33	* modification, are permitted provided that the following conditions
34	* are met:
35	* 1. Redistributions of source code must retain the above copyright
36	* notice, this list of conditions and the following disclaimer.
37	* 2. Redistributions in binary form must reproduce the above copyright
38	* notice, this list of conditions and the following disclaimer in the
39	* documentation and/or other materials provided with the distribution.
40	* 3. All advertising materials mentioning features or use of this software
41	* must display the following acknowledgement:
42	* This product includes software developed by the University of
43	* California, Berkeley and its contributors.
44	* 4. Neither the name of the University nor the names of its contributors
45	* may be used to endorse or promote products derived from this software
46	* without specific prior written permission.
47	*
48	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58	* SUCH DAMAGE.
59	*
60	* @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95
61	*/
62	/*
63	* NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
64	* support for mandatory and extensible security protections. This notice
65	* is included in support of clause 2.2 (b) of the Apple Public License,
66	* Version 2.0.
67	*/
68
69	#include <sys/param.h>
70	#include <sys/systm.h>
71	#include <sys/callout.h>
72	#include <sys/kernel.h>
73	#include <sys/sysctl.h>
74	#include <sys/malloc.h>
75	#include <sys/mbuf.h>
76	#include <sys/domain.h>
77	#include <sys/proc.h>
78	#include <sys/kauth.h>
79	#include <sys/socket.h>
80	#include <sys/socketvar.h>
81	#include <sys/protosw.h>
82	#include <sys/random.h>
83	#include <sys/syslog.h>
84	#include <sys/mcache.h>
85	#include <kern/locks.h>
86	#include <kern/zalloc.h>
87
88	#include <dev/random/randomdev.h>
89
90	#include <net/route.h>
91	#include <net/if.h>
92	#include <net/content_filter.h>
93	#include <net/ntstat.h>
94
95	#define tcp_minmssoverload fring
96	#define _IP_VHL
97	#include <netinet/in.h>
98	#include <netinet/in_systm.h>
99	#include <netinet/ip.h>
100	#include <netinet/ip_icmp.h>
101	#if INET6
102	#include <netinet/ip6.h>
103	#include <netinet/icmp6.h>
104	#endif
105	#include <netinet/in_pcb.h>
106	#if INET6
107	#include <netinet6/in6_pcb.h>
108	#endif
109	#include <netinet/in_var.h>
110	#include <netinet/ip_var.h>
111	#include <netinet/icmp_var.h>
112	#if INET6
113	#include <netinet6/ip6_var.h>
114	#endif
115	#include <netinet/mptcp_var.h>
116	#include <netinet/tcp.h>
117	#include <netinet/tcp_fsm.h>
118	#include <netinet/tcp_seq.h>
119	#include <netinet/tcp_timer.h>
120	#include <netinet/tcp_var.h>
121	#include <netinet/tcp_cc.h>
122	#include <netinet/tcp_cache.h>
123	#include <kern/thread_call.h>
124
125	#if INET6
126	#include <netinet6/tcp6_var.h>
127	#endif
128	#include <netinet/tcpip.h>
129	#if TCPDEBUG
130	#include <netinet/tcp_debug.h>
131	#endif
132	#include <netinet6/ip6protosw.h>
133
134	#if IPSEC
135	#include <netinet6/ipsec.h>
136	#if INET6
137	#include <netinet6/ipsec6.h>
138	#endif
139	#endif /* IPSEC */
140
141	#if NECP
142	#include <net/necp.h>
143	#endif /* NECP */
144
145	#undef tcp_minmssoverload
146
147	#if CONFIG_MACF_NET
148	#include <security/mac_framework.h>
149	#endif /* MAC_NET */
150
151	#include <corecrypto/ccaes.h>
152	#include <libkern/crypto/aes.h>
153	#include <libkern/crypto/md5.h>
154	#include <sys/kdebug.h>
155	#include <mach/sdt.h>
156
157	#include <netinet/lro_ext.h>
158
159	#define DBG_FNC_TCP_CLOSE NETDBG_CODE(DBG_NETTCP, ((5 << 8) \| 2))
160
161	static tcp_cc tcp_ccgen;
162	extern int tcp_lq_overflow;
163
164	extern struct tcptimerlist tcp_timer_list;
165	extern struct tcptailq tcp_tw_tailq;
166
167	SYSCTL_SKMEM_TCP_INT(TCPCTL_MSSDFLT, mssdflt, CTLFLAG_RW \| CTLFLAG_LOCKED,
168	int, tcp_mssdflt, TCP_MSS, "Default TCP Maximum Segment Size");
169
170	#if INET6
171	SYSCTL_SKMEM_TCP_INT(TCPCTL_V6MSSDFLT, v6mssdflt,
172	CTLFLAG_RW \| CTLFLAG_LOCKED, int, tcp_v6mssdflt, TCP6_MSS,
173	"Default TCP Maximum Segment Size for IPv6");
174	#endif
175
176	int tcp_sysctl_fastopenkey(struct sysctl_oid , void* , int*,
177	struct sysctl_req *);
178	SYSCTL_PROC(_net_inet_tcp, OID_AUTO, fastopen_key, CTLTYPE_STRING \| CTLFLAG_WR,
179	`0`, `0`, tcp_sysctl_fastopenkey, "S", "TCP Fastopen key");
180
181	/ Current count of half-open TFO connections /
182	int tcp_tfo_halfcnt = `0`;
183
184	/ Maximum of half-open TFO connection backlog /
185	SYSCTL_SKMEM_TCP_INT(OID_AUTO, fastopen_backlog,
186	CTLFLAG_RW \| CTLFLAG_LOCKED, int, tcp_tfo_backlog, `10`,
187	"Backlog queue for half-open TFO connections");
188
189	SYSCTL_SKMEM_TCP_INT(OID_AUTO, fastopen, CTLFLAG_RW \| CTLFLAG_LOCKED,
190	int, tcp_fastopen, TCP_FASTOPEN_CLIENT \| TCP_FASTOPEN_SERVER,
191	"Enable TCP Fastopen (RFC 7413)");
192
193	SYSCTL_SKMEM_TCP_INT(OID_AUTO, now_init, CTLFLAG_RD \| CTLFLAG_LOCKED,
194	uint32_t, tcp_now_init, `0`, "Initial tcp now value");
195
196	SYSCTL_SKMEM_TCP_INT(OID_AUTO, microuptime_init, CTLFLAG_RD \| CTLFLAG_LOCKED,
197	uint32_t, tcp_microuptime_init, `0`, "Initial tcp uptime value in micro seconds");
198
199	/*
200	* Minimum MSS we accept and use. This prevents DoS attacks where
201	* we are forced to a ridiculous low MSS like 20 and send hundreds
202	* of packets instead of one. The effect scales with the available
203	* bandwidth and quickly saturates the CPU and network interface
204	* with packet generation and sending. Set to zero to disable MINMSS
205	* checking. This setting prevents us from sending too small packets.
206	*/
207	SYSCTL_SKMEM_TCP_INT(OID_AUTO, minmss, CTLFLAG_RW \| CTLFLAG_LOCKED,
208	int, tcp_minmss, TCP_MINMSS, "Minmum TCP Maximum Segment Size");
209	int tcp_do_rfc1323 = `1`;
210	#if (DEVELOPMENT \|\| DEBUG)
211	SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323,
212	CTLFLAG_RW \| CTLFLAG_LOCKED, &tcp_do_rfc1323, `0`,
213	"Enable rfc1323 (high performance TCP) extensions");
214	#endif /* (DEVELOPMENT \|\| DEBUG) */
215
216	// Not used
217	static int tcp_do_rfc1644 = `0`;
218	SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1644, rfc1644,
219	CTLFLAG_RW \| CTLFLAG_LOCKED, &tcp_do_rfc1644, `0`,
220	"Enable rfc1644 (TTCP) extensions");
221
222	SYSCTL_SKMEM_TCP_INT(OID_AUTO, do_tcpdrain, CTLFLAG_RW \| CTLFLAG_LOCKED,
223	static int, do_tcpdrain, `0`,
224	"Enable tcp_drain routine for extra help when low on mbufs");
225
226	SYSCTL_INT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD \| CTLFLAG_LOCKED,
227	&tcbinfo.ipi_count, `0`, "Number of active PCBs");
228
229	SYSCTL_INT(_net_inet_tcp, OID_AUTO, tw_pcbcount, CTLFLAG_RD \| CTLFLAG_LOCKED,
230	&tcbinfo.ipi_twcount, `0`, "Number of pcbs in time-wait state");
231
232	SYSCTL_SKMEM_TCP_INT(OID_AUTO, icmp_may_rst, CTLFLAG_RW \| CTLFLAG_LOCKED,
233	static int, icmp_may_rst, `1`,
234	"Certain ICMP unreachable messages may abort connections in SYN_SENT");
235
236	static int tcp_strict_rfc1948 = `0`;
237	static int tcp_isn_reseed_interval = `0`;
238	#if (DEVELOPMENT \|\| DEBUG)
239	SYSCTL_INT(_net_inet_tcp, OID_AUTO, strict_rfc1948, CTLFLAG_RW \| CTLFLAG_LOCKED,
240	&tcp_strict_rfc1948, `0`, "Determines if RFC1948 is followed exactly");
241
242	SYSCTL_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval,
243	CTLFLAG_RW \| CTLFLAG_LOCKED,
244	&tcp_isn_reseed_interval, `0`, "Seconds between reseeding of ISN secret");
245	#endif /* (DEVELOPMENT \|\| DEBUG) */
246
247	SYSCTL_SKMEM_TCP_INT(OID_AUTO, rtt_min, CTLFLAG_RW \| CTLFLAG_LOCKED,
248	int, tcp_TCPTV_MIN, `100`, "min rtt value allowed");
249
250	SYSCTL_SKMEM_TCP_INT(OID_AUTO, rexmt_slop, CTLFLAG_RW,
251	int, tcp_rexmt_slop, TCPTV_REXMTSLOP, "Slop added to retransmit timeout");
252
253	SYSCTL_SKMEM_TCP_INT(OID_AUTO, randomize_ports, CTLFLAG_RW \| CTLFLAG_LOCKED,
254	__private_extern__ int , tcp_use_randomport, `0`,
255	"Randomize TCP port numbers");
256
257	SYSCTL_SKMEM_TCP_INT(OID_AUTO, win_scale_factor, CTLFLAG_RW \| CTLFLAG_LOCKED,
258	__private_extern__ int, tcp_win_scale, `3`, "Window scaling factor");
259
260	static void tcp_cleartaocache(void);
261	static void tcp_notify(struct inpcb , int*);
262
263	struct zone *sack_hole_zone;
264	struct zone *tcp_reass_zone;
265	struct zone *tcp_bwmeas_zone;
266	struct zone *tcp_rxt_seg_zone;
267
268	extern int slowlink_wsize; / window correction for slow links /
269	extern int path_mtu_discovery;
270
271	static void tcp_sbrcv_grow_rwin(struct tcpcb tp, struct* sockbuf *sb);
272
273	#define TCP_BWMEAS_BURST_MINSIZE 6
274	#define TCP_BWMEAS_BURST_MAXSIZE 25
275
276	static uint32_t bwmeas_elm_size;
277
278	/*
279	* Target size of TCP PCB hash tables. Must be a power of two.
280	*
281	* Note that this can be overridden by the kernel environment
282	* variable net.inet.tcp.tcbhashsize
283	*/
284	#ifndef TCBHASHSIZE
285	#define TCBHASHSIZE CONFIG_TCBHASHSIZE
286	#endif
287
288	__private_extern__ int tcp_tcbhashsize = TCBHASHSIZE;
289	SYSCTL_INT(_net_inet_tcp, OID_AUTO, tcbhashsize, CTLFLAG_RD \| CTLFLAG_LOCKED,
290	&tcp_tcbhashsize, `0`, "Size of TCP control-block hashtable");
291
292	/*
293	* This is the actual shape of what we allocate using the zone
294	* allocator. Doing it this way allows us to protect both structures
295	* using the same generation count, and also eliminates the overhead
296	* of allocating tcpcbs separately. By hiding the structure here,
297	* we avoid changing most of the rest of the code (although it needs
298	* to be changed, eventually, for greater efficiency).
299	*/
300	#define ALIGNMENT 32
301	struct inp_tp {
302	struct inpcb inp;
303	struct tcpcb tcb __attribute__((aligned(ALIGNMENT)));
304	};
305	#undef ALIGNMENT
306
307	int get_inpcb_str_size(void);
308	int get_tcp_str_size(void);
309
310	static void tcpcb_to_otcpcb(struct tcpcb , struct* otcpcb *);
311
312	static lck_attr_t *tcp_uptime_mtx_attr = NULL;
313	static lck_grp_t *tcp_uptime_mtx_grp = NULL;
314	static lck_grp_attr_t *tcp_uptime_mtx_grp_attr = NULL;
315	int tcp_notsent_lowat_check(struct socket *so);
316	static void tcp_flow_lim_stats(struct ifnet_stats_per_flow *ifs,
317	struct if_lim_perf_stat *stat);
318	static void tcp_flow_ecn_perf_stats(struct ifnet_stats_per_flow *ifs,
319	struct if_tcp_ecn_perf_stat *stat);
320
321	static aes_encrypt_ctx tfo_ctx; / Crypto-context for TFO /
322
323	void
324	tcp_tfo_gen_cookie(struct inpcb inp, u_char out, size_t blk_size)
325	{
326	u_char in[CCAES_BLOCK_SIZE];
327	#if INET6
328	int isipv6 = inp->inp_vflag & INP_IPV6;
329	#endif
330
331	VERIFY(blk_size == CCAES_BLOCK_SIZE);
332
333	bzero(&in[`0`], CCAES_BLOCK_SIZE);
334	bzero(&out[`0`], CCAES_BLOCK_SIZE);
335
336	#if INET6
337	if (isipv6)
338	memcpy(in, &inp->in6p_faddr, sizeof(struct in6_addr));
339	else
340	#endif /* INET6 */
341	memcpy(in, &inp->inp_faddr, sizeof(struct in_addr));
342
343	aes_encrypt_cbc(in, NULL, `1`, out, &tfo_ctx);
344	}
345
346	__private_extern__ int
347	tcp_sysctl_fastopenkey(__unused struct sysctl_oid oidp, __unused void* *arg1,
348	__unused int arg2, struct sysctl_req *req)
349	{
350	int error = `0`;
351	/*
352	* TFO-key is expressed as a string in hex format
353	* (+1 to account for \0 char)
354	*/
355	char keystring[TCP_FASTOPEN_KEYLEN * `2` + `1`];
356	u_int32_t key[TCP_FASTOPEN_KEYLEN / sizeof(u_int32_t)];
357	int i;
358
359	/ -1, because newlen is len without the terminating \0 character /
360	if (req->newlen != (sizeof(keystring) - `1`)) {
361	error = EINVAL;
362	goto exit;
363	}
364
365	/*
366	* sysctl_io_string copies keystring into the oldptr of the sysctl_req.
367	* Make sure everything is zero, to avoid putting garbage in there or
368	* leaking the stack.
369	*/
370	bzero(keystring, sizeof(keystring));
371
372	error = sysctl_io_string(req, keystring, sizeof(keystring), `0`, NULL);
373	if (error)
374	goto exit;
375
376	for (i = `0`; i < (TCP_FASTOPEN_KEYLEN / sizeof(u_int32_t)); i++) {
377	/*
378	* We jump over the keystring in 8-character (4 byte in hex)
379	* steps
380	*/
381	if (sscanf(&keystring[i * `8`], "%8x", &key[i]) != `1`) {
382	error = EINVAL;
383	goto exit;
384	}
385	}
386
387	aes_encrypt_key128((u_char *)key, &tfo_ctx);
388
389	exit:
390	return (error);
391	}
392
393	int
394	get_inpcb_str_size(void)
395	{
396	return (sizeof(struct inpcb));
397	}
398
399	int
400	get_tcp_str_size(void)
401	{
402	return (sizeof(struct tcpcb));
403	}
404
405	static int scale_to_powerof2(int size);
406
407	/*
408	* This helper routine returns one of the following scaled value of size:
409	* 1. Rounded down power of two value of size if the size value passed as
410	* argument is not a power of two and the rounded up value overflows.
411	* OR
412	* 2. Rounded up power of two value of size if the size value passed as
413	* argument is not a power of two and the rounded up value does not overflow
414	* OR
415	* 3. Same value as argument size if it is already a power of two.
416	*/
417	static int
418	scale_to_powerof2(int size) {
419	/ Handle special case of size = 0 /
420	int ret = size ? size : `1`;
421
422	if (!powerof2(ret)) {
423	while (!powerof2(size)) {
424	/*
425	* Clear out least significant
426	* set bit till size is left with
427	* its highest set bit at which point
428	* it is rounded down power of two.
429	*/
430	size = size & (size -`1`);
431	}
432
433	/ Check for overflow when rounding up /
434	if (`0` == (size << `1`)) {
435	ret = size;
436	} else {
437	ret = size << `1`;
438	}
439	}
440
441	return (ret);
442	}
443
444	static void
445	tcp_tfo_init(void)
446	{
447	u_char key[TCP_FASTOPEN_KEYLEN];
448
449	read_frandom(key, sizeof(key));
450	aes_encrypt_key128(key, &tfo_ctx);
451	}
452
453	/*
454	* Tcp initialization
455	*/
456	void
457	tcp_init(struct protosw pp, struct* domain *dp)
458	{
459	#pragma unused(dp)
460	static int tcp_initialized = `0`;
461	vm_size_t str_size;
462	struct inpcbinfo *pcbinfo;
463
464	VERIFY((pp->pr_flags & (PR_INITIALIZED\|PR_ATTACHED)) == PR_ATTACHED);
465
466	if (tcp_initialized)
467	return;
468	tcp_initialized = `1`;
469
470	tcp_ccgen = `1`;
471	tcp_cleartaocache();
472
473	tcp_keepinit = TCPTV_KEEP_INIT;
474	tcp_keepidle = TCPTV_KEEP_IDLE;
475	tcp_keepintvl = TCPTV_KEEPINTVL;
476	tcp_keepcnt = TCPTV_KEEPCNT;
477	tcp_maxpersistidle = TCPTV_KEEP_IDLE;
478	tcp_msl = TCPTV_MSL;
479
480	microuptime(&tcp_uptime);
481	read_frandom(&tcp_now, sizeof(tcp_now));
482
483	/ Starts tcp internal clock at a random value /
484	tcp_now = tcp_now & `0x3fffffff`;
485
486	/ expose initial uptime/now via systcl for utcp to keep time sync /
487	tcp_now_init = tcp_now;
488	tcp_microuptime_init =
489	tcp_uptime.tv_usec + (tcp_uptime.tv_sec * USEC_PER_SEC);
490	SYSCTL_SKMEM_UPDATE_FIELD(tcp.microuptime_init, tcp_microuptime_init);
491	SYSCTL_SKMEM_UPDATE_FIELD(tcp.now_init, tcp_now_init);
492
493	tcp_tfo_init();
494
495	LIST_INIT(&tcb);
496	tcbinfo.ipi_listhead = &tcb;
497
498	pcbinfo = &tcbinfo;
499	/*
500	* allocate lock group attribute and group for tcp pcb mutexes
501	*/
502	pcbinfo->ipi_lock_grp_attr = lck_grp_attr_alloc_init();
503	pcbinfo->ipi_lock_grp = lck_grp_alloc_init("tcppcb",
504	pcbinfo->ipi_lock_grp_attr);
505
506	/*
507	* allocate the lock attribute for tcp pcb mutexes
508	*/
509	pcbinfo->ipi_lock_attr = lck_attr_alloc_init();
510
511	if ((pcbinfo->ipi_lock = lck_rw_alloc_init(pcbinfo->ipi_lock_grp,
512	pcbinfo->ipi_lock_attr)) == NULL) {
513	panic("%s: unable to allocate PCB lock\n", __func__);
514	/ NOTREACHED /
515	}
516
517	if (tcp_tcbhashsize == `0`) {
518	/ Set to default /
519	tcp_tcbhashsize = `512`;
520	}
521
522	if (!powerof2(tcp_tcbhashsize)) {
523	int old_hash_size = tcp_tcbhashsize;
524	tcp_tcbhashsize = scale_to_powerof2(tcp_tcbhashsize);
525	/ Lower limit of 16 /
526	if (tcp_tcbhashsize < `16`) {
527	tcp_tcbhashsize = `16`;
528	}
529	printf("WARNING: TCB hash size not a power of 2, "
530	"scaled from %d to %d.\n",
531	old_hash_size,
532	tcp_tcbhashsize);
533	}
534
535	tcbinfo.ipi_hashbase = hashinit(tcp_tcbhashsize, M_PCB,
536	&tcbinfo.ipi_hashmask);
537	tcbinfo.ipi_porthashbase = hashinit(tcp_tcbhashsize, M_PCB,
538	&tcbinfo.ipi_porthashmask);
539	str_size = P2ROUNDUP(sizeof(struct inp_tp), sizeof(u_int64_t));
540	tcbinfo.ipi_zone = zinit(str_size, `120000`*str_size, `8192`, "tcpcb");
541	zone_change(tcbinfo.ipi_zone, Z_CALLERACCT, FALSE);
542	zone_change(tcbinfo.ipi_zone, Z_EXPAND, TRUE);
543
544	tcbinfo.ipi_gc = tcp_gc;
545	tcbinfo.ipi_timer = tcp_itimer;
546	in_pcbinfo_attach(&tcbinfo);
547
548	str_size = P2ROUNDUP(sizeof(struct sackhole), sizeof(u_int64_t));
549	sack_hole_zone = zinit(str_size, `120000`*str_size, `8192`,
550	"sack_hole zone");
551	zone_change(sack_hole_zone, Z_CALLERACCT, FALSE);
552	zone_change(sack_hole_zone, Z_EXPAND, TRUE);
553
554	str_size = P2ROUNDUP(sizeof(struct tseg_qent), sizeof(u_int64_t));
555	tcp_reass_zone = zinit(str_size, (nmbclusters >> `4`) * str_size,
556	`0`, "tcp_reass_zone");
557	if (tcp_reass_zone == NULL) {
558	panic("%s: failed allocating tcp_reass_zone", __func__);
559	/ NOTREACHED /
560	}
561	zone_change(tcp_reass_zone, Z_CALLERACCT, FALSE);
562	zone_change(tcp_reass_zone, Z_EXPAND, TRUE);
563
564	bwmeas_elm_size = P2ROUNDUP(sizeof(struct bwmeas), sizeof(u_int64_t));
565	tcp_bwmeas_zone = zinit(bwmeas_elm_size, (`100` * bwmeas_elm_size), `0`,
566	"tcp_bwmeas_zone");
567	if (tcp_bwmeas_zone == NULL) {
568	panic("%s: failed allocating tcp_bwmeas_zone", __func__);
569	/ NOTREACHED /
570	}
571	zone_change(tcp_bwmeas_zone, Z_CALLERACCT, FALSE);
572	zone_change(tcp_bwmeas_zone, Z_EXPAND, TRUE);
573
574	str_size = P2ROUNDUP(sizeof(struct tcp_ccstate), sizeof(u_int64_t));
575	tcp_cc_zone = zinit(str_size, `20000` * str_size, `0`, "tcp_cc_zone");
576	zone_change(tcp_cc_zone, Z_CALLERACCT, FALSE);
577	zone_change(tcp_cc_zone, Z_EXPAND, TRUE);
578
579	str_size = P2ROUNDUP(sizeof(struct tcp_rxt_seg), sizeof(u_int64_t));
580	tcp_rxt_seg_zone = zinit(str_size, `10000` * str_size, `0`,
581	"tcp_rxt_seg_zone");
582	zone_change(tcp_rxt_seg_zone, Z_CALLERACCT, FALSE);
583	zone_change(tcp_rxt_seg_zone, Z_EXPAND, TRUE);
584
585	#if INET6
586	#define TCP_MINPROTOHDR (sizeof(struct ip6_hdr) + sizeof(struct tcphdr))
587	#else /* INET6 */
588	#define TCP_MINPROTOHDR (sizeof(struct tcpiphdr))
589	#endif /* INET6 */
590	if (max_protohdr < TCP_MINPROTOHDR) {
591	_max_protohdr = TCP_MINPROTOHDR;
592	_max_protohdr = max_protohdr; / round it up /
593	}
594	if (max_linkhdr + max_protohdr > MCLBYTES)
595	panic("tcp_init");
596	#undef TCP_MINPROTOHDR
597
598	/ Initialize time wait and timer lists /
599	TAILQ_INIT(&tcp_tw_tailq);
600
601	bzero(&tcp_timer_list, sizeof(tcp_timer_list));
602	LIST_INIT(&tcp_timer_list.lhead);
603	/*
604	* allocate lock group attribute, group and attribute for
605	* the tcp timer list
606	*/
607	tcp_timer_list.mtx_grp_attr = lck_grp_attr_alloc_init();
608	tcp_timer_list.mtx_grp = lck_grp_alloc_init("tcptimerlist",
609	tcp_timer_list.mtx_grp_attr);
610	tcp_timer_list.mtx_attr = lck_attr_alloc_init();
611	if ((tcp_timer_list.mtx = lck_mtx_alloc_init(tcp_timer_list.mtx_grp,
612	tcp_timer_list.mtx_attr)) == NULL) {
613	panic("failed to allocate memory for tcp_timer_list.mtx\n");
614	};
615	tcp_timer_list.call = thread_call_allocate(tcp_run_timerlist, NULL);
616	if (tcp_timer_list.call == NULL) {
617	panic("failed to allocate call entry 1 in tcp_init\n");
618	}
619
620	/*
621	* allocate lock group attribute, group and attribute for
622	* tcp_uptime_lock
623	*/
624	tcp_uptime_mtx_grp_attr = lck_grp_attr_alloc_init();
625	tcp_uptime_mtx_grp = lck_grp_alloc_init("tcpuptime",
626	tcp_uptime_mtx_grp_attr);
627	tcp_uptime_mtx_attr = lck_attr_alloc_init();
628	tcp_uptime_lock = lck_spin_alloc_init(tcp_uptime_mtx_grp,
629	tcp_uptime_mtx_attr);
630
631	/ Initialize TCP LRO data structures /
632	tcp_lro_init();
633
634	/ Initialize TCP Cache /
635	tcp_cache_init();
636
637	/*
638	* If more than 60 MB of mbuf pool is available, increase the
639	* maximum allowed receive and send socket buffer size.
640	*/
641	if (nmbclusters > `30720`) {
642	tcp_autorcvbuf_max = `2` * `1024` * `1024`;
643	tcp_autosndbuf_max = `2` * `1024` * `1024`;
644
645	SYSCTL_SKMEM_UPDATE_FIELD(tcp.autorcvbufmax, tcp_autorcvbuf_max);
646	SYSCTL_SKMEM_UPDATE_FIELD(tcp.autosndbufmax, tcp_autosndbuf_max);
647	}
648	}
649
650	/*
651	* Fill in the IP and TCP headers for an outgoing packet, given the tcpcb.
652	* tcp_template used to store this data in mbufs, but we now recopy it out
653	* of the tcpcb each time to conserve mbufs.
654	*/
655	void
656	tcp_fillheaders(struct tcpcb tp, void* ip_ptr, void* *tcp_ptr)
657	{
658	struct inpcb *inp = tp->t_inpcb;
659	struct tcphdr tcp_hdr = (struct* tcphdr *)tcp_ptr;
660
661	#if INET6
662	if ((inp->inp_vflag & INP_IPV6) != `0`) {
663	struct ip6_hdr *ip6;
664
665	ip6 = (struct ip6_hdr *)ip_ptr;
666	ip6->ip6_flow = (ip6->ip6_flow & ~IPV6_FLOWINFO_MASK) \|
667	(inp->inp_flow & IPV6_FLOWINFO_MASK);
668	ip6->ip6_vfc = (ip6->ip6_vfc & ~IPV6_VERSION_MASK) \|
669	(IPV6_VERSION & IPV6_VERSION_MASK);
670	ip6->ip6_plen = htons(sizeof(struct tcphdr));
671	ip6->ip6_nxt = IPPROTO_TCP;
672	ip6->ip6_hlim = `0`;
673	ip6->ip6_src = inp->in6p_laddr;
674	ip6->ip6_dst = inp->in6p_faddr;
675	tcp_hdr->th_sum = in6_pseudo(&inp->in6p_laddr, &inp->in6p_faddr,
676	htonl(sizeof (struct tcphdr) + IPPROTO_TCP));
677	} else
678	#endif
679	{
680	struct ip ip = (struct* ip *) ip_ptr;
681
682	ip->ip_vhl = IP_VHL_BORING;
683	ip->ip_tos = `0`;
684	ip->ip_len = `0`;
685	ip->ip_id = `0`;
686	ip->ip_off = `0`;
687	ip->ip_ttl = `0`;
688	ip->ip_sum = `0`;
689	ip->ip_p = IPPROTO_TCP;
690	ip->ip_src = inp->inp_laddr;
691	ip->ip_dst = inp->inp_faddr;
692	tcp_hdr->th_sum =
693	in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
694	htons(sizeof(struct tcphdr) + IPPROTO_TCP));
695	}
696
697	tcp_hdr->th_sport = inp->inp_lport;
698	tcp_hdr->th_dport = inp->inp_fport;
699	tcp_hdr->th_seq = `0`;
700	tcp_hdr->th_ack = `0`;
701	tcp_hdr->th_x2 = `0`;
702	tcp_hdr->th_off = `5`;
703	tcp_hdr->th_flags = `0`;
704	tcp_hdr->th_win = `0`;
705	tcp_hdr->th_urp = `0`;
706	}
707
708	/*
709	* Create template to be used to send tcp packets on a connection.
710	* Allocates an mbuf and fills in a skeletal tcp/ip header. The only
711	* use for this function is in keepalives, which use tcp_respond.
712	*/
713	struct tcptemp *
714	tcp_maketemplate(struct tcpcb *tp)
715	{
716	struct mbuf *m;
717	struct tcptemp *n;
718
719	m = m_get(M_DONTWAIT, MT_HEADER);
720	if (m == NULL)
721	return (`0`);
722	m->m_len = sizeof(struct tcptemp);
723	n = mtod(m, struct tcptemp *);
724
725	tcp_fillheaders(tp, (void )&n->tt_ipgen, (void* *)&n->tt_t);
726	return (n);
727	}
728
729	/*
730	* Send a single message to the TCP at address specified by
731	* the given TCP/IP header. If m == 0, then we make a copy
732	* of the tcpiphdr at ti and send directly to the addressed host.
733	* This is used to force keep alive messages out using the TCP
734	* template for a connection. If flags are given then we send
735	* a message back to the TCP which originated the * segment ti,
736	* and discard the mbuf containing it and any other attached mbufs.
737	*
738	* In any case the ack and sequence number of the transmitted
739	* segment are as specified by the parameters.
740	*
741	* NOTE: If m != NULL, then ti must point to inside the mbuf.
742	*/
743	void
744	tcp_respond(struct tcpcb tp, void* ipgen, struct* tcphdr th, struct* mbuf *m,
745	tcp_seq ack, tcp_seq seq, int flags, struct tcp_respond_args *tra)
746	{
747	int tlen;
748	int win = `0`;
749	struct route *ro = `0`;
750	struct route sro;
751	struct ip *ip;
752	struct tcphdr *nth;
753	#if INET6
754	struct route_in6 *ro6 = `0`;
755	struct route_in6 sro6;
756	struct ip6_hdr *ip6;
757	int isipv6;
758	#endif /* INET6 */
759	struct ifnet *outif;
760	int sotc = SO_TC_UNSPEC;
761
762	#if INET6
763	isipv6 = IP_VHL_V(((struct ip *)ipgen)->ip_vhl) == `6`;
764	ip6 = ipgen;
765	#endif /* INET6 */
766	ip = ipgen;
767
768	if (tp) {
769	if (!(flags & TH_RST)) {
770	win = tcp_sbspace(tp);
771	if (win > (int32_t)TCP_MAXWIN << tp->rcv_scale)
772	win = (int32_t)TCP_MAXWIN << tp->rcv_scale;
773	}
774	#if INET6
775	if (isipv6)
776	ro6 = &tp->t_inpcb->in6p_route;
777	else
778	#endif /* INET6 */
779	ro = &tp->t_inpcb->inp_route;
780	} else {
781	#if INET6
782	if (isipv6) {
783	ro6 = &sro6;
784	bzero(ro6, sizeof(*ro6));
785	} else
786	#endif /* INET6 */
787	{
788	ro = &sro;
789	bzero(ro, sizeof(*ro));
790	}
791	}
792	if (m == `0`) {
793	m = m_gethdr(M_DONTWAIT, MT_HEADER); / MAC-OK /
794	if (m == NULL)
795	return;
796	tlen = `0`;
797	m->m_data += max_linkhdr;
798	#if INET6
799	if (isipv6) {
800	VERIFY((MHLEN - max_linkhdr) >=
801	(sizeof (ip6) + sizeof* (*nth)));
802	bcopy((caddr_t)ip6, mtod(m, caddr_t),
803	sizeof(struct ip6_hdr));
804	ip6 = mtod(m, struct ip6_hdr *);
805	nth = (struct tcphdr )(void* *)(ip6 + `1`);
806	} else
807	#endif /* INET6 */
808	{
809	VERIFY((MHLEN - max_linkhdr) >=
810	(sizeof (ip) + sizeof* (*nth)));
811	bcopy((caddr_t)ip, mtod(m, caddr_t), sizeof(struct ip));
812	ip = mtod(m, struct ip *);
813	nth = (struct tcphdr )(void* *)(ip + `1`);
814	}
815	bcopy((caddr_t)th, (caddr_t)nth, sizeof(struct tcphdr));
816	#if MPTCP
817	if ((tp) && (tp->t_mpflags & TMPF_RESET))
818	flags = (TH_RST \| TH_ACK);
819	else
820	#endif
821	flags = TH_ACK;
822	} else {
823	m_freem(m->m_next);
824	m->m_next = `0`;
825	m->m_data = (caddr_t)ipgen;
826	/ m_len is set later /
827	tlen = `0`;
828	#define xchg(a, b, type) { type t; t = a; a = b; b = t; }
829	#if INET6
830	if (isipv6) {
831	/ Expect 32-bit aligned IP on strict-align platforms /
832	IP6_HDR_STRICT_ALIGNMENT_CHECK(ip6);
833	xchg(ip6->ip6_dst, ip6->ip6_src, struct in6_addr);
834	nth = (struct tcphdr )(void* *)(ip6 + `1`);
835	} else
836	#endif /* INET6 */
837	{
838	/ Expect 32-bit aligned IP on strict-align platforms /
839	IP_HDR_STRICT_ALIGNMENT_CHECK(ip);
840	xchg(ip->ip_dst.s_addr, ip->ip_src.s_addr, n_long);
841	nth = (struct tcphdr )(void* *)(ip + `1`);
842	}
843	if (th != nth) {
844	/*
845	* this is usually a case when an extension header
846	* exists between the IPv6 header and the
847	* TCP header.
848	*/
849	nth->th_sport = th->th_sport;
850	nth->th_dport = th->th_dport;
851	}
852	xchg(nth->th_dport, nth->th_sport, n_short);
853	#undef xchg
854	}
855	#if INET6
856	if (isipv6) {
857	ip6->ip6_plen = htons((u_short)(sizeof (struct tcphdr) +
858	tlen));
859	tlen += sizeof (struct ip6_hdr) + sizeof (struct tcphdr);
860	} else
861	#endif
862	{
863	tlen += sizeof (struct tcpiphdr);
864	ip->ip_len = tlen;
865	ip->ip_ttl = ip_defttl;
866	}
867	m->m_len = tlen;
868	m->m_pkthdr.len = tlen;
869	m->m_pkthdr.rcvif = `0`;
870	#if CONFIG_MACF_NET
871	if (tp != NULL && tp->t_inpcb != NULL) {
872	/*
873	* Packet is associated with a socket, so allow the
874	* label of the response to reflect the socket label.
875	*/
876	mac_mbuf_label_associate_inpcb(tp->t_inpcb, m);
877	} else {
878	/*
879	* Packet is not associated with a socket, so possibly
880	* update the label in place.
881	*/
882	mac_netinet_tcp_reply(m);
883	}
884	#endif
885
886	nth->th_seq = htonl(seq);
887	nth->th_ack = htonl(ack);
888	nth->th_x2 = `0`;
889	nth->th_off = sizeof (struct tcphdr) >> `2`;
890	nth->th_flags = flags;
891	if (tp)
892	nth->th_win = htons((u_short) (win >> tp->rcv_scale));
893	else
894	nth->th_win = htons((u_short)win);
895	nth->th_urp = `0`;
896	#if INET6
897	if (isipv6) {
898	nth->th_sum = `0`;
899	nth->th_sum = in6_pseudo(&ip6->ip6_src, &ip6->ip6_dst,
900	htonl((tlen - sizeof (struct ip6_hdr)) + IPPROTO_TCP));
901	m->m_pkthdr.csum_flags = CSUM_TCPIPV6;
902	m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
903	ip6->ip6_hlim = in6_selecthlim(tp ? tp->t_inpcb : NULL,
904	ro6 && ro6->ro_rt ? ro6->ro_rt->rt_ifp : NULL);
905	} else
906	#endif /* INET6 */
907	{
908	nth->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
909	htons((u_short)(tlen - sizeof(struct ip) + ip->ip_p)));
910	m->m_pkthdr.csum_flags = CSUM_TCP;
911	m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
912	}
913	#if TCPDEBUG
914	if (tp == NULL \|\| (tp->t_inpcb->inp_socket->so_options & SO_DEBUG))
915	tcp_trace(TA_OUTPUT, `0`, tp, mtod(m, void *), th, `0`);
916	#endif
917
918	#if NECP
919	necp_mark_packet_from_socket(m, tp ? tp->t_inpcb : NULL, `0`, `0`, `0`);
920	#endif /* NECP */
921
922	#if IPSEC
923	if (tp != NULL && tp->t_inpcb->inp_sp != NULL &&
924	ipsec_setsocket(m, tp ? tp->t_inpcb->inp_socket : NULL) != `0`) {
925	m_freem(m);
926	return;
927	}
928	#endif
929
930	if (tp != NULL) {
931	u_int32_t svc_flags = `0`;
932	if (isipv6) {
933	svc_flags \|= PKT_SCF_IPV6;
934	}
935	sotc = tp->t_inpcb->inp_socket->so_traffic_class;
936	set_packet_service_class(m, tp->t_inpcb->inp_socket,
937	sotc, svc_flags);
938
939	/ Embed flowhash and flow control flags /
940	m->m_pkthdr.pkt_flowsrc = FLOWSRC_INPCB;
941	m->m_pkthdr.pkt_flowid = tp->t_inpcb->inp_flowhash;
942	m->m_pkthdr.pkt_flags \|= (PKTF_FLOW_ID \| PKTF_FLOW_LOCALSRC \| PKTF_FLOW_ADV);
943	m->m_pkthdr.pkt_proto = IPPROTO_TCP;
944	m->m_pkthdr.tx_tcp_pid = tp->t_inpcb->inp_socket->last_pid;
945	m->m_pkthdr.tx_tcp_e_pid = tp->t_inpcb->inp_socket->e_pid;
946	}
947
948	#if INET6
949	if (isipv6) {
950	struct ip6_out_args ip6oa;
951	bzero(&ip6oa, sizeof(ip6oa));
952	ip6oa.ip6oa_boundif = tra->ifscope;
953	ip6oa.ip6oa_flags = IP6OAF_SELECT_SRCIF \| IP6OAF_BOUND_SRCADDR;
954	ip6oa.ip6oa_sotc = SO_TC_UNSPEC;
955	ip6oa.ip6oa_netsvctype = _NET_SERVICE_TYPE_UNSPEC;
956
957	if (tra->ifscope != IFSCOPE_NONE)
958	ip6oa.ip6oa_flags \|= IP6OAF_BOUND_IF;
959	if (tra->nocell)
960	ip6oa.ip6oa_flags \|= IP6OAF_NO_CELLULAR;
961	if (tra->noexpensive)
962	ip6oa.ip6oa_flags \|= IP6OAF_NO_EXPENSIVE;
963	if (tra->awdl_unrestricted)
964	ip6oa.ip6oa_flags \|= IP6OAF_AWDL_UNRESTRICTED;
965	if (tra->intcoproc_allowed)
966	ip6oa.ip6oa_flags \|= IP6OAF_INTCOPROC_ALLOWED;
967	ip6oa.ip6oa_sotc = sotc;
968	if (tp != NULL) {
969	if ((tp->t_inpcb->inp_socket->so_flags1 & SOF1_QOSMARKING_ALLOWED))
970	ip6oa.ip6oa_flags \|= IP6OAF_QOSMARKING_ALLOWED;
971	ip6oa.ip6oa_netsvctype = tp->t_inpcb->inp_socket->so_netsvctype;
972	}
973	(void) ip6_output(m, NULL, ro6, IPV6_OUTARGS, NULL,
974	NULL, &ip6oa);
975
976	if (tp != NULL && ro6 != NULL && ro6->ro_rt != NULL &&
977	(outif = ro6->ro_rt->rt_ifp) !=
978	tp->t_inpcb->in6p_last_outifp) {
979	tp->t_inpcb->in6p_last_outifp = outif;
980	}
981
982	if (ro6 == &sro6)
983	ROUTE_RELEASE(ro6);
984	} else
985	#endif /* INET6 */
986	{
987	struct ip_out_args ipoa;
988	bzero(&ipoa, sizeof(ipoa));
989	ipoa.ipoa_boundif = tra->ifscope;
990	ipoa.ipoa_flags = IPOAF_SELECT_SRCIF \| IPOAF_BOUND_SRCADDR;
991	ipoa.ipoa_sotc = SO_TC_UNSPEC;
992	ipoa.ipoa_netsvctype = _NET_SERVICE_TYPE_UNSPEC;
993
994	if (tra->ifscope != IFSCOPE_NONE)
995	ipoa.ipoa_flags \|= IPOAF_BOUND_IF;
996	if (tra->nocell)
997	ipoa.ipoa_flags \|= IPOAF_NO_CELLULAR;
998	if (tra->noexpensive)
999	ipoa.ipoa_flags \|= IPOAF_NO_EXPENSIVE;
1000	if (tra->awdl_unrestricted)
1001	ipoa.ipoa_flags \|= IPOAF_AWDL_UNRESTRICTED;
1002	ipoa.ipoa_sotc = sotc;
1003	if (tp != NULL) {
1004	if ((tp->t_inpcb->inp_socket->so_flags1 & SOF1_QOSMARKING_ALLOWED))
1005	ipoa.ipoa_flags \|= IPOAF_QOSMARKING_ALLOWED;
1006	ipoa.ipoa_netsvctype = tp->t_inpcb->inp_socket->so_netsvctype;
1007	}
1008	if (ro != &sro) {
1009	/ Copy the cached route and take an extra reference /
1010	inp_route_copyout(tp->t_inpcb, &sro);
1011	}
1012	/*
1013	* For consistency, pass a local route copy.
1014	*/
1015	(void) ip_output(m, NULL, &sro, IP_OUTARGS, NULL, &ipoa);
1016
1017	if (tp != NULL && sro.ro_rt != NULL &&
1018	(outif = sro.ro_rt->rt_ifp) !=
1019	tp->t_inpcb->inp_last_outifp) {
1020	tp->t_inpcb->inp_last_outifp = outif;
1021
1022	}
1023	if (ro != &sro) {
1024	/ Synchronize cached PCB route /
1025	inp_route_copyin(tp->t_inpcb, &sro);
1026	} else {
1027	ROUTE_RELEASE(&sro);
1028	}
1029	}
1030	}
1031
1032	/*
1033	* Create a new TCP control block, making an
1034	* empty reassembly queue and hooking it to the argument
1035	* protocol control block. The `inp' parameter must have
1036	* come from the zone allocator set up in tcp_init().
1037	*/
1038	struct tcpcb *
1039	tcp_newtcpcb(struct inpcb *inp)
1040	{
1041	struct inp_tp *it;
1042	struct tcpcb *tp;
1043	struct socket *so = inp->inp_socket;
1044	#if INET6
1045	int isipv6 = (inp->inp_vflag & INP_IPV6) != `0`;
1046	#endif /* INET6 */
1047
1048	calculate_tcp_clock();
1049
1050	if ((so->so_flags1 & SOF1_CACHED_IN_SOCK_LAYER) == `0`) {
1051	it = (struct inp_tp )(void* *)inp;
1052	tp = &it->tcb;
1053	} else {
1054	tp = (struct tcpcb )(void* *)inp->inp_saved_ppcb;
1055	}
1056
1057	bzero((char ) tp, sizeof(struct* tcpcb));
1058	LIST_INIT(&tp->t_segq);
1059	tp->t_maxseg = tp->t_maxopd =
1060	#if INET6
1061	isipv6 ? tcp_v6mssdflt :
1062	#endif /* INET6 */
1063	tcp_mssdflt;
1064
1065	if (tcp_do_rfc1323)
1066	tp->t_flags = (TF_REQ_SCALE\|TF_REQ_TSTMP);
1067	if (tcp_do_sack)
1068	tp->t_flagsext \|= TF_SACK_ENABLE;
1069
1070	TAILQ_INIT(&tp->snd_holes);
1071	SLIST_INIT(&tp->t_rxt_segments);
1072	SLIST_INIT(&tp->t_notify_ack);
1073	tp->t_inpcb = inp;
1074	/*
1075	* Init srtt to TCPTV_SRTTBASE (0), so we can tell that we have no
1076	* rtt estimate. Set rttvar so that srtt + 4 * rttvar gives
1077	* reasonable initial retransmit time.
1078	*/
1079	tp->t_srtt = TCPTV_SRTTBASE;
1080	tp->t_rttvar =
1081	((TCPTV_RTOBASE - TCPTV_SRTTBASE) << TCP_RTTVAR_SHIFT) / `4`;
1082	tp->t_rttmin = tcp_TCPTV_MIN;
1083	tp->t_rxtcur = TCPTV_RTOBASE;
1084
1085	if (tcp_use_newreno)
1086	/ use newreno by default /
1087	tp->tcp_cc_index = TCP_CC_ALGO_NEWRENO_INDEX;
1088	else
1089	tp->tcp_cc_index = TCP_CC_ALGO_CUBIC_INDEX;
1090
1091	tcp_cc_allocate_state(tp);
1092
1093	if (CC_ALGO(tp)->init != NULL)
1094	CC_ALGO(tp)->init(tp);
1095
1096	tp->snd_cwnd = TCP_CC_CWND_INIT_BYTES;
1097	tp->snd_ssthresh = TCP_MAXWIN << TCP_MAX_WINSHIFT;
1098	tp->snd_ssthresh_prev = TCP_MAXWIN << TCP_MAX_WINSHIFT;
1099	tp->t_rcvtime = tcp_now;
1100	tp->tentry.timer_start = tcp_now;
1101	tp->t_persist_timeout = tcp_max_persist_timeout;
1102	tp->t_persist_stop = `0`;
1103	tp->t_flagsext \|= TF_RCVUNACK_WAITSS;
1104	tp->t_rexmtthresh = tcprexmtthresh;
1105
1106	/ Enable bandwidth measurement on this connection /
1107	tp->t_flagsext \|= TF_MEASURESNDBW;
1108	if (tp->t_bwmeas == NULL) {
1109	tp->t_bwmeas = tcp_bwmeas_alloc(tp);
1110	if (tp->t_bwmeas == NULL)
1111	tp->t_flagsext &= ~TF_MEASURESNDBW;
1112	}
1113
1114	/ Clear time wait tailq entry /
1115	tp->t_twentry.tqe_next = NULL;
1116	tp->t_twentry.tqe_prev = NULL;
1117
1118	/*
1119	* IPv4 TTL initialization is necessary for an IPv6 socket as well,
1120	* because the socket may be bound to an IPv6 wildcard address,
1121	* which may match an IPv4-mapped IPv6 address.
1122	*/
1123	inp->inp_ip_ttl = ip_defttl;
1124	inp->inp_ppcb = (caddr_t)tp;
1125	return (tp); / XXX /
1126	}
1127
1128	/*
1129	* Drop a TCP connection, reporting
1130	* the specified error. If connection is synchronized,
1131	* then send a RST to peer.
1132	*/
1133	struct tcpcb *
1134	tcp_drop(struct tcpcb tp, int* errno)
1135	{
1136	struct socket *so = tp->t_inpcb->inp_socket;
1137	#if CONFIG_DTRACE
1138	struct inpcb *inp = tp->t_inpcb;
1139	#endif
1140
1141	if (TCPS_HAVERCVDSYN(tp->t_state)) {
1142	DTRACE_TCP4(state__change, void, NULL, struct inpcb *, inp,
1143	struct tcpcb *, tp, int32_t, TCPS_CLOSED);
1144	tp->t_state = TCPS_CLOSED;
1145	(void) tcp_output(tp);
1146	tcpstat.tcps_drops++;
1147	} else
1148	tcpstat.tcps_conndrops++;
1149	if (errno == ETIMEDOUT && tp->t_softerror)
1150	errno = tp->t_softerror;
1151	so->so_error = errno;
1152	return (tcp_close(tp));
1153	}
1154
1155	void
1156	tcp_getrt_rtt(struct tcpcb tp, struct* rtentry *rt)
1157	{
1158	u_int32_t rtt = rt->rt_rmx.rmx_rtt;
1159	int isnetlocal = (tp->t_flags & TF_LOCAL);
1160
1161	if (rtt != `0`) {
1162	/*
1163	* XXX the lock bit for RTT indicates that the value
1164	* is also a minimum value; this is subject to time.
1165	*/
1166	if (rt->rt_rmx.rmx_locks & RTV_RTT)
1167	tp->t_rttmin = rtt / (RTM_RTTUNIT / TCP_RETRANSHZ);
1168	else
1169	tp->t_rttmin = isnetlocal ? tcp_TCPTV_MIN :
1170	TCPTV_REXMTMIN;
1171	tp->t_srtt =
1172	rtt / (RTM_RTTUNIT / (TCP_RETRANSHZ * TCP_RTT_SCALE));
1173	tcpstat.tcps_usedrtt++;
1174	if (rt->rt_rmx.rmx_rttvar) {
1175	tp->t_rttvar = rt->rt_rmx.rmx_rttvar /
1176	(RTM_RTTUNIT / (TCP_RETRANSHZ * TCP_RTTVAR_SCALE));
1177	tcpstat.tcps_usedrttvar++;
1178	} else {
1179	/ default variation is +- 1 rtt /
1180	tp->t_rttvar =
1181	tp->t_srtt * TCP_RTTVAR_SCALE / TCP_RTT_SCALE;
1182	}
1183	TCPT_RANGESET(tp->t_rxtcur,
1184	((tp->t_srtt >> `2`) + tp->t_rttvar) >> `1`,
1185	tp->t_rttmin, TCPTV_REXMTMAX,
1186	TCP_ADD_REXMTSLOP(tp));
1187	}
1188	}
1189
1190	static inline void
1191	tcp_create_ifnet_stats_per_flow(struct tcpcb *tp,
1192	struct ifnet_stats_per_flow *ifs)
1193	{
1194	struct inpcb *inp;
1195	struct socket *so;
1196	if (tp == NULL \|\| ifs == NULL)
1197	return;
1198
1199	bzero(ifs, sizeof(*ifs));
1200	inp = tp->t_inpcb;
1201	so = inp->inp_socket;
1202
1203	ifs->ipv4 = (inp->inp_vflag & INP_IPV6) ? `0` : `1`;
1204	ifs->local = (tp->t_flags & TF_LOCAL) ? `1` : `0`;
1205	ifs->connreset = (so->so_error == ECONNRESET) ? `1` : `0`;
1206	ifs->conntimeout = (so->so_error == ETIMEDOUT) ? `1` : `0`;
1207	ifs->ecn_flags = tp->ecn_flags;
1208	ifs->txretransmitbytes = tp->t_stat.txretransmitbytes;
1209	ifs->rxoutoforderbytes = tp->t_stat.rxoutoforderbytes;
1210	ifs->rxmitpkts = tp->t_stat.rxmitpkts;
1211	ifs->rcvoopack = tp->t_rcvoopack;
1212	ifs->pawsdrop = tp->t_pawsdrop;
1213	ifs->sack_recovery_episodes = tp->t_sack_recovery_episode;
1214	ifs->reordered_pkts = tp->t_reordered_pkts;
1215	ifs->dsack_sent = tp->t_dsack_sent;
1216	ifs->dsack_recvd = tp->t_dsack_recvd;
1217	ifs->srtt = tp->t_srtt;
1218	ifs->rttupdated = tp->t_rttupdated;
1219	ifs->rttvar = tp->t_rttvar;
1220	ifs->rttmin = get_base_rtt(tp);
1221	if (tp->t_bwmeas != NULL && tp->t_bwmeas->bw_sndbw_max > `0`) {
1222	ifs->bw_sndbw_max = tp->t_bwmeas->bw_sndbw_max;
1223	} else {
1224	ifs->bw_sndbw_max = `0`;
1225	}
1226	if (tp->t_bwmeas!= NULL && tp->t_bwmeas->bw_rcvbw_max > `0`) {
1227	ifs->bw_rcvbw_max = tp->t_bwmeas->bw_rcvbw_max;
1228	} else {
1229	ifs->bw_rcvbw_max = `0`;
1230	}
1231	ifs->bk_txpackets = so->so_tc_stats[MBUF_TC_BK].txpackets;
1232	ifs->txpackets = inp->inp_stat->txpackets;
1233	ifs->rxpackets = inp->inp_stat->rxpackets;
1234	}
1235
1236	static inline void
1237	tcp_flow_ecn_perf_stats(struct ifnet_stats_per_flow *ifs,
1238	struct if_tcp_ecn_perf_stat *stat)
1239	{
1240	u_int64_t curval, oldval;
1241	stat->total_txpkts += ifs->txpackets;
1242	stat->total_rxpkts += ifs->rxpackets;
1243	stat->total_rxmitpkts += ifs->rxmitpkts;
1244	stat->total_oopkts += ifs->rcvoopack;
1245	stat->total_reorderpkts += (ifs->reordered_pkts +
1246	ifs->pawsdrop + ifs->dsack_sent + ifs->dsack_recvd);
1247
1248	/ Average RTT /
1249	curval = ifs->srtt >> TCP_RTT_SHIFT;
1250	if (curval > `0` && ifs->rttupdated >= `16`) {
1251	if (stat->rtt_avg == `0`) {
1252	stat->rtt_avg = curval;
1253	} else {
1254	oldval = stat->rtt_avg;
1255	stat->rtt_avg = ((oldval << `4`) - oldval + curval) >> `4`;
1256	}
1257	}
1258
1259	/ RTT variance /
1260	curval = ifs->rttvar >> TCP_RTTVAR_SHIFT;
1261	if (curval > `0` && ifs->rttupdated >= `16`) {
1262	if (stat->rtt_var == `0`) {
1263	stat->rtt_var = curval;
1264	} else {
1265	oldval = stat->rtt_var;
1266	stat->rtt_var =
1267	((oldval << `4`) - oldval + curval) >> `4`;
1268	}
1269	}
1270
1271	/ SACK episodes /
1272	stat->sack_episodes += ifs->sack_recovery_episodes;
1273	if (ifs->connreset)
1274	stat->rst_drop++;
1275	}
1276
1277	static inline void
1278	tcp_flow_lim_stats(struct ifnet_stats_per_flow *ifs,
1279	struct if_lim_perf_stat *stat)
1280	{
1281	u_int64_t curval, oldval;
1282
1283	stat->lim_total_txpkts += ifs->txpackets;
1284	stat->lim_total_rxpkts += ifs->rxpackets;
1285	stat->lim_total_retxpkts += ifs->rxmitpkts;
1286	stat->lim_total_oopkts += ifs->rcvoopack;
1287
1288	if (ifs->bw_sndbw_max > `0`) {
1289	/ convert from bytes per ms to bits per second /
1290	ifs->bw_sndbw_max *= `8000`;
1291	stat->lim_ul_max_bandwidth = max(stat->lim_ul_max_bandwidth,
1292	ifs->bw_sndbw_max);
1293	}
1294
1295	if (ifs->bw_rcvbw_max > `0`) {
1296	/ convert from bytes per ms to bits per second /
1297	ifs->bw_rcvbw_max *= `8000`;
1298	stat->lim_dl_max_bandwidth = max(stat->lim_dl_max_bandwidth,
1299	ifs->bw_rcvbw_max);
1300	}
1301
1302	/ Average RTT /
1303	curval = ifs->srtt >> TCP_RTT_SHIFT;
1304	if (curval > `0` && ifs->rttupdated >= `16`) {
1305	if (stat->lim_rtt_average == `0`) {
1306	stat->lim_rtt_average = curval;
1307	} else {
1308	oldval = stat->lim_rtt_average;
1309	stat->lim_rtt_average =
1310	((oldval << `4`) - oldval + curval) >> `4`;
1311	}
1312	}
1313
1314	/ RTT variance /
1315	curval = ifs->rttvar >> TCP_RTTVAR_SHIFT;
1316	if (curval > `0` && ifs->rttupdated >= `16`) {
1317	if (stat->lim_rtt_variance == `0`) {
1318	stat->lim_rtt_variance = curval;
1319	} else {
1320	oldval = stat->lim_rtt_variance;
1321	stat->lim_rtt_variance =
1322	((oldval << `4`) - oldval + curval) >> `4`;
1323	}
1324	}
1325
1326	if (stat->lim_rtt_min == `0`) {
1327	stat->lim_rtt_min = ifs->rttmin;
1328	} else {
1329	stat->lim_rtt_min = min(stat->lim_rtt_min, ifs->rttmin);
1330	}
1331
1332	/ connection timeouts /
1333	stat->lim_conn_attempts++;
1334	if (ifs->conntimeout)
1335	stat->lim_conn_timeouts++;
1336
1337	/ bytes sent using background delay-based algorithms /
1338	stat->lim_bk_txpkts += ifs->bk_txpackets;
1339
1340	}
1341
1342	/*
1343	* Close a TCP control block:
1344	* discard all space held by the tcp
1345	* discard internet protocol block
1346	* wake up any sleepers
1347	*/
1348	struct tcpcb *
1349	tcp_close(struct tcpcb *tp)
1350	{
1351	struct inpcb *inp = tp->t_inpcb;
1352	struct socket *so = inp->inp_socket;
1353	#if INET6
1354	int isipv6 = (inp->inp_vflag & INP_IPV6) != `0`;
1355	#endif /* INET6 */
1356	struct route *ro;
1357	struct rtentry *rt;
1358	int dosavessthresh;
1359	struct ifnet_stats_per_flow ifs;
1360
1361	/ tcp_close was called previously, bail /
1362	if (inp->inp_ppcb == NULL)
1363	return (NULL);
1364
1365	tcp_canceltimers(tp);
1366	KERNEL_DEBUG(DBG_FNC_TCP_CLOSE \| DBG_FUNC_START, tp, `0`, `0`, `0`, `0`);
1367
1368	/*
1369	* If another thread for this tcp is currently in ip (indicated by
1370	* the TF_SENDINPROG flag), defer the cleanup until after it returns
1371	* back to tcp. This is done to serialize the close until after all
1372	* pending output is finished, in order to avoid having the PCB be
1373	* detached and the cached route cleaned, only for ip to cache the
1374	* route back into the PCB again. Note that we've cleared all the
1375	* timers at this point. Set TF_CLOSING to indicate to tcp_output()
1376	* that is should call us again once it returns from ip; at that
1377	* point both flags should be cleared and we can proceed further
1378	* with the cleanup.
1379	*/
1380	if ((tp->t_flags & TF_CLOSING) \|\|
1381	inp->inp_sndinprog_cnt > `0`) {
1382	tp->t_flags \|= TF_CLOSING;
1383	return (NULL);
1384	}
1385
1386	DTRACE_TCP4(state__change, void, NULL, struct inpcb *, inp,
1387	struct tcpcb *, tp, int32_t, TCPS_CLOSED);
1388
1389	#if INET6
1390	ro = (isipv6 ? (struct route *)&inp->in6p_route : &inp->inp_route);
1391	#else
1392	ro = &inp->inp_route;
1393	#endif
1394	rt = ro->ro_rt;
1395	if (rt != NULL)
1396	RT_LOCK_SPIN(rt);
1397
1398	/*
1399	* If we got enough samples through the srtt filter,
1400	* save the rtt and rttvar in the routing entry.
1401	* 'Enough' is arbitrarily defined as the 16 samples.
1402	* 16 samples is enough for the srtt filter to converge
1403	* to within 5% of the correct value; fewer samples and
1404	* we could save a very bogus rtt.
1405	*
1406	* Don't update the default route's characteristics and don't
1407	* update anything that the user "locked".
1408	*/
1409	if (tp->t_rttupdated >= `16`) {
1410	u_int32_t i = `0`;
1411
1412	#if INET6
1413	if (isipv6) {
1414	struct sockaddr_in6 *sin6;
1415
1416	if (rt == NULL)
1417	goto no_valid_rt;
1418	sin6 = (struct sockaddr_in6 )(void* *)rt_key(rt);
1419	if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))
1420	goto no_valid_rt;
1421	}
1422	else
1423	#endif /* INET6 */
1424	if (ROUTE_UNUSABLE(ro) \|\|
1425	SIN(rt_key(rt))->sin_addr.s_addr == INADDR_ANY) {
1426	DTRACE_TCP4(state__change, void, NULL,
1427	struct inpcb , inp, struct* tcpcb *, tp,
1428	int32_t, TCPS_CLOSED);
1429	tp->t_state = TCPS_CLOSED;
1430	goto no_valid_rt;
1431	}
1432
1433	RT_LOCK_ASSERT_HELD(rt);
1434	if ((rt->rt_rmx.rmx_locks & RTV_RTT) == `0`) {
1435	i = tp->t_srtt *
1436	(RTM_RTTUNIT / (TCP_RETRANSHZ * TCP_RTT_SCALE));
1437	if (rt->rt_rmx.rmx_rtt && i)
1438	/*
1439	* filter this update to half the old & half
1440	* the new values, converting scale.
1441	* See route.h and tcp_var.h for a
1442	* description of the scaling constants.
1443	*/
1444	rt->rt_rmx.rmx_rtt =
1445	(rt->rt_rmx.rmx_rtt + i) / `2`;
1446	else
1447	rt->rt_rmx.rmx_rtt = i;
1448	tcpstat.tcps_cachedrtt++;
1449	}
1450	if ((rt->rt_rmx.rmx_locks & RTV_RTTVAR) == `0`) {
1451	i = tp->t_rttvar *
1452	(RTM_RTTUNIT / (TCP_RETRANSHZ * TCP_RTTVAR_SCALE));
1453	if (rt->rt_rmx.rmx_rttvar && i)
1454	rt->rt_rmx.rmx_rttvar =
1455	(rt->rt_rmx.rmx_rttvar + i) / `2`;
1456	else
1457	rt->rt_rmx.rmx_rttvar = i;
1458	tcpstat.tcps_cachedrttvar++;
1459	}
1460	/*
1461	* The old comment here said:
1462	* update the pipelimit (ssthresh) if it has been updated
1463	* already or if a pipesize was specified & the threshhold
1464	* got below half the pipesize. I.e., wait for bad news
1465	* before we start updating, then update on both good
1466	* and bad news.
1467	*
1468	* But we want to save the ssthresh even if no pipesize is
1469	* specified explicitly in the route, because such
1470	* connections still have an implicit pipesize specified
1471	* by the global tcp_sendspace. In the absence of a reliable
1472	* way to calculate the pipesize, it will have to do.
1473	*/
1474	i = tp->snd_ssthresh;
1475	if (rt->rt_rmx.rmx_sendpipe != `0`)
1476	dosavessthresh = (i < rt->rt_rmx.rmx_sendpipe / `2`);
1477	else
1478	dosavessthresh = (i < so->so_snd.sb_hiwat / `2`);
1479	if (((rt->rt_rmx.rmx_locks & RTV_SSTHRESH) == `0` &&
1480	i != `0` && rt->rt_rmx.rmx_ssthresh != `0`) \|\|
1481	dosavessthresh) {
1482	/*
1483	* convert the limit from user data bytes to
1484	* packets then to packet data bytes.
1485	*/
1486	i = (i + tp->t_maxseg / `2`) / tp->t_maxseg;
1487	if (i < `2`)
1488	i = `2`;
1489	i *= (u_int32_t)(tp->t_maxseg +
1490	#if INET6
1491	isipv6 ? sizeof (struct ip6_hdr) +
1492	sizeof (struct tcphdr) :
1493	#endif /* INET6 */
1494	sizeof (struct tcpiphdr));
1495	if (rt->rt_rmx.rmx_ssthresh)
1496	rt->rt_rmx.rmx_ssthresh =
1497	(rt->rt_rmx.rmx_ssthresh + i) / `2`;
1498	else
1499	rt->rt_rmx.rmx_ssthresh = i;
1500	tcpstat.tcps_cachedssthresh++;
1501	}
1502	}
1503
1504	/*
1505	* Mark route for deletion if no information is cached.
1506	*/
1507	if (rt != NULL && (so->so_flags & SOF_OVERFLOW) && tcp_lq_overflow) {
1508	if (!(rt->rt_rmx.rmx_locks & RTV_RTT) &&
1509	rt->rt_rmx.rmx_rtt == `0`) {
1510	rt->rt_flags \|= RTF_DELCLONE;
1511	}
1512	}
1513
1514	no_valid_rt:
1515	if (rt != NULL)
1516	RT_UNLOCK(rt);
1517
1518	/ free the reassembly queue, if any /
1519	(void) tcp_freeq(tp);
1520
1521	/ performance stats per interface /
1522	tcp_create_ifnet_stats_per_flow(tp, &ifs);
1523	tcp_update_stats_per_flow(&ifs, inp->inp_last_outifp);
1524
1525	tcp_free_sackholes(tp);
1526	tcp_notify_ack_free(tp);
1527
1528	inp_decr_sndbytes_allunsent(so, tp->snd_una);
1529
1530	if (tp->t_bwmeas != NULL) {
1531	tcp_bwmeas_free(tp);
1532	}
1533	tcp_rxtseg_clean(tp);
1534	/ Free the packet list /
1535	if (tp->t_pktlist_head != NULL)
1536	m_freem_list(tp->t_pktlist_head);
1537	TCP_PKTLIST_CLEAR(tp);
1538
1539	if (so->so_flags1 & SOF1_CACHED_IN_SOCK_LAYER)
1540	inp->inp_saved_ppcb = (caddr_t) tp;
1541
1542	tp->t_state = TCPS_CLOSED;
1543
1544	/*
1545	* Issue a wakeup before detach so that we don't miss
1546	* a wakeup
1547	*/
1548	sodisconnectwakeup(so);
1549
1550	/*
1551	* Clean up any LRO state
1552	*/
1553	if (tp->t_flagsext & TF_LRO_OFFLOADED) {
1554	tcp_lro_remove_state(inp->inp_laddr, inp->inp_faddr,
1555	inp->inp_lport, inp->inp_fport);
1556	tp->t_flagsext &= ~TF_LRO_OFFLOADED;
1557	}
1558
1559	/*
1560	* If this is a socket that does not want to wakeup the device
1561	* for it's traffic, the application might need to know that the
1562	* socket is closed, send a notification.
1563	*/
1564	if ((so->so_options & SO_NOWAKEFROMSLEEP) &&
1565	inp->inp_state != INPCB_STATE_DEAD &&
1566	!(inp->inp_flags2 & INP2_TIMEWAIT))
1567	socket_post_kev_msg_closed(so);
1568
1569	if (CC_ALGO(tp)->cleanup != NULL) {
1570	CC_ALGO(tp)->cleanup(tp);
1571	}
1572
1573	if (tp->t_ccstate != NULL) {
1574	zfree(tcp_cc_zone, tp->t_ccstate);
1575	tp->t_ccstate = NULL;
1576	}
1577	tp->tcp_cc_index = TCP_CC_ALGO_NONE;
1578
1579	/ Can happen if we close the socket before receiving the third ACK /
1580	if ((tp->t_tfo_flags & TFO_F_COOKIE_VALID)) {
1581	OSDecrementAtomic(&tcp_tfo_halfcnt);
1582
1583	/ Panic if something has gone terribly wrong. /
1584	VERIFY(tcp_tfo_halfcnt >= `0`);
1585
1586	tp->t_tfo_flags &= ~TFO_F_COOKIE_VALID;
1587	}
1588
1589	#if INET6
1590	if (SOCK_CHECK_DOM(so, PF_INET6))
1591	in6_pcbdetach(inp);
1592	else
1593	#endif /* INET6 */
1594	in_pcbdetach(inp);
1595
1596	/*
1597	* Call soisdisconnected after detach because it might unlock the socket
1598	*/
1599	soisdisconnected(so);
1600	tcpstat.tcps_closed++;
1601	KERNEL_DEBUG(DBG_FNC_TCP_CLOSE \| DBG_FUNC_END,
1602	tcpstat.tcps_closed, `0`, `0`, `0`, `0`);
1603	return (NULL);
1604	}
1605
1606	int
1607	tcp_freeq(struct tcpcb *tp)
1608	{
1609	struct tseg_qent *q;
1610	int rv = `0`;
1611
1612	while ((q = LIST_FIRST(&tp->t_segq)) != NULL) {
1613	LIST_REMOVE(q, tqe_q);
1614	m_freem(q->tqe_m);
1615	zfree(tcp_reass_zone, q);
1616	rv = `1`;
1617	}
1618	tp->t_reassqlen = `0`;
1619	return (rv);
1620	}
1621
1622
1623	/*
1624	* Walk the tcpbs, if existing, and flush the reassembly queue,
1625	* if there is one when do_tcpdrain is enabled
1626	* Also defunct the extended background idle socket
1627	* Do it next time if the pcbinfo lock is in use
1628	*/
1629	void
1630	tcp_drain(void)
1631	{
1632	struct inpcb *inp;
1633	struct tcpcb *tp;
1634
1635	if (!lck_rw_try_lock_exclusive(tcbinfo.ipi_lock))
1636	return;
1637
1638	LIST_FOREACH(inp, tcbinfo.ipi_listhead, inp_list) {
1639	if (in_pcb_checkstate(inp, WNT_ACQUIRE, `0`) !=
1640	WNT_STOPUSING) {
1641	socket_lock(inp->inp_socket, `1`);
1642	if (in_pcb_checkstate(inp, WNT_RELEASE, `1`)
1643	== WNT_STOPUSING) {
1644	/ lost a race, try the next one /
1645	socket_unlock(inp->inp_socket, `1`);
1646	continue;
1647	}
1648	tp = intotcpcb(inp);
1649
1650	if (do_tcpdrain)
1651	tcp_freeq(tp);
1652
1653	so_drain_extended_bk_idle(inp->inp_socket);
1654
1655	socket_unlock(inp->inp_socket, `1`);
1656	}
1657	}
1658	lck_rw_done(tcbinfo.ipi_lock);
1659
1660	}
1661
1662	/*
1663	* Notify a tcp user of an asynchronous error;
1664	* store error as soft error, but wake up user
1665	* (for now, won't do anything until can select for soft error).
1666	*
1667	* Do not wake up user since there currently is no mechanism for
1668	* reporting soft errors (yet - a kqueue filter may be added).
1669	*/
1670	static void
1671	tcp_notify(struct inpcb inp, int* error)
1672	{
1673	struct tcpcb *tp;
1674
1675	if (inp == NULL \|\| (inp->inp_state == INPCB_STATE_DEAD))
1676	return; / pcb is gone already /
1677
1678	tp = (struct tcpcb *)inp->inp_ppcb;
1679
1680	VERIFY(tp != NULL);
1681	/*
1682	* Ignore some errors if we are hooked up.
1683	* If connection hasn't completed, has retransmitted several times,
1684	* and receives a second error, give up now. This is better
1685	* than waiting a long time to establish a connection that
1686	* can never complete.
1687	*/
1688	if (tp->t_state == TCPS_ESTABLISHED &&
1689	(error == EHOSTUNREACH \|\| error == ENETUNREACH \|\|
1690	error == EHOSTDOWN)) {
1691	if (inp->inp_route.ro_rt) {
1692	rtfree(inp->inp_route.ro_rt);
1693	inp->inp_route.ro_rt = (struct rtentry *)NULL;
1694	}
1695	} else if (tp->t_state < TCPS_ESTABLISHED && tp->t_rxtshift > `3` &&
1696	tp->t_softerror)
1697	tcp_drop(tp, error);
1698	else
1699	tp->t_softerror = error;
1700	#if 0
1701	wakeup((caddr_t) &so->so_timeo);
1702	sorwakeup(so);
1703	sowwakeup(so);
1704	#endif
1705	}
1706
1707	struct bwmeas *
1708	tcp_bwmeas_alloc(struct tcpcb *tp)
1709	{
1710	struct bwmeas *elm;
1711	elm = zalloc(tcp_bwmeas_zone);
1712	if (elm == NULL)
1713	return (elm);
1714
1715	bzero(elm, bwmeas_elm_size);
1716	elm->bw_minsizepkts = TCP_BWMEAS_BURST_MINSIZE;
1717	elm->bw_minsize = elm->bw_minsizepkts * tp->t_maxseg;
1718	return (elm);
1719	}
1720
1721	void
1722	tcp_bwmeas_free(struct tcpcb *tp)
1723	{
1724	zfree(tcp_bwmeas_zone, tp->t_bwmeas);
1725	tp->t_bwmeas = NULL;
1726	tp->t_flagsext &= ~(TF_MEASURESNDBW);
1727	}
1728
1729	int
1730	get_tcp_inp_list(struct inpcb *inp_list, int* n, inp_gen_t gencnt)
1731	{
1732	struct tcpcb *tp;
1733	struct inpcb *inp;
1734	int i = `0`;
1735
1736	LIST_FOREACH(inp, tcbinfo.ipi_listhead, inp_list) {
1737	if (inp->inp_gencnt <= gencnt &&
1738	inp->inp_state != INPCB_STATE_DEAD)
1739	inp_list[i++] = inp;
1740	if (i >= n)
1741	break;
1742	}
1743
1744	TAILQ_FOREACH(tp, &tcp_tw_tailq, t_twentry) {
1745	inp = tp->t_inpcb;
1746	if (inp->inp_gencnt <= gencnt &&
1747	inp->inp_state != INPCB_STATE_DEAD)
1748	inp_list[i++] = inp;
1749	if (i >= n)
1750	break;
1751	}
1752	return (i);
1753	}
1754
1755	/*
1756	* tcpcb_to_otcpcb copies specific bits of a tcpcb to a otcpcb format.
1757	* The otcpcb data structure is passed to user space and must not change.
1758	*/
1759	static void
1760	tcpcb_to_otcpcb(struct tcpcb tp, struct* otcpcb *otp)
1761	{
1762	otp->t_segq = (uint32_t)VM_KERNEL_ADDRPERM(tp->t_segq.lh_first);
1763	otp->t_dupacks = tp->t_dupacks;
1764	otp->t_timer[TCPT_REXMT_EXT] = tp->t_timer[TCPT_REXMT];
1765	otp->t_timer[TCPT_PERSIST_EXT] = tp->t_timer[TCPT_PERSIST];
1766	otp->t_timer[TCPT_KEEP_EXT] = tp->t_timer[TCPT_KEEP];
1767	otp->t_timer[TCPT_2MSL_EXT] = tp->t_timer[TCPT_2MSL];
1768	otp->t_inpcb =
1769	(_TCPCB_PTR(struct inpcb *))VM_KERNEL_ADDRPERM(tp->t_inpcb);
1770	otp->t_state = tp->t_state;
1771	otp->t_flags = tp->t_flags;
1772	otp->t_force = (tp->t_flagsext & TF_FORCE) ? `1` : `0`;
1773	otp->snd_una = tp->snd_una;
1774	otp->snd_max = tp->snd_max;
1775	otp->snd_nxt = tp->snd_nxt;
1776	otp->snd_up = tp->snd_up;
1777	otp->snd_wl1 = tp->snd_wl1;
1778	otp->snd_wl2 = tp->snd_wl2;
1779	otp->iss = tp->iss;
1780	otp->irs = tp->irs;
1781	otp->rcv_nxt = tp->rcv_nxt;
1782	otp->rcv_adv = tp->rcv_adv;
1783	otp->rcv_wnd = tp->rcv_wnd;
1784	otp->rcv_up = tp->rcv_up;
1785	otp->snd_wnd = tp->snd_wnd;
1786	otp->snd_cwnd = tp->snd_cwnd;
1787	otp->snd_ssthresh = tp->snd_ssthresh;
1788	otp->t_maxopd = tp->t_maxopd;
1789	otp->t_rcvtime = tp->t_rcvtime;
1790	otp->t_starttime = tp->t_starttime;
1791	otp->t_rtttime = tp->t_rtttime;
1792	otp->t_rtseq = tp->t_rtseq;
1793	otp->t_rxtcur = tp->t_rxtcur;
1794	otp->t_maxseg = tp->t_maxseg;
1795	otp->t_srtt = tp->t_srtt;
1796	otp->t_rttvar = tp->t_rttvar;
1797	otp->t_rxtshift = tp->t_rxtshift;
1798	otp->t_rttmin = tp->t_rttmin;
1799	otp->t_rttupdated = tp->t_rttupdated;
1800	otp->max_sndwnd = tp->max_sndwnd;
1801	otp->t_softerror = tp->t_softerror;
1802	otp->t_oobflags = tp->t_oobflags;
1803	otp->t_iobc = tp->t_iobc;
1804	otp->snd_scale = tp->snd_scale;
1805	otp->rcv_scale = tp->rcv_scale;
1806	otp->request_r_scale = tp->request_r_scale;
1807	otp->requested_s_scale = tp->requested_s_scale;
1808	otp->ts_recent = tp->ts_recent;
1809	otp->ts_recent_age = tp->ts_recent_age;
1810	otp->last_ack_sent = tp->last_ack_sent;
1811	otp->cc_send = `0`;
1812	otp->cc_recv = `0`;
1813	otp->snd_recover = tp->snd_recover;
1814	otp->snd_cwnd_prev = tp->snd_cwnd_prev;
1815	otp->snd_ssthresh_prev = tp->snd_ssthresh_prev;
1816	otp->t_badrxtwin = `0`;
1817	}
1818
1819	static int
1820	tcp_pcblist SYSCTL_HANDLER_ARGS
1821	{
1822	#pragma unused(oidp, arg1, arg2)
1823	int error, i = `0`, n;
1824	struct inpcb **inp_list;
1825	inp_gen_t gencnt;
1826	struct xinpgen xig;
1827
1828	/*
1829	* The process of preparing the TCB list is too time-consuming and
1830	* resource-intensive to repeat twice on every request.
1831	*/
1832	lck_rw_lock_shared(tcbinfo.ipi_lock);
1833	if (req->oldptr == USER_ADDR_NULL) {
1834	n = tcbinfo.ipi_count;
1835	req->oldidx = `2` * (sizeof(xig))
1836	+ (n + n/`8`) * sizeof(struct xtcpcb);
1837	lck_rw_done(tcbinfo.ipi_lock);
1838	return (`0`);
1839	}
1840
1841	if (req->newptr != USER_ADDR_NULL) {
1842	lck_rw_done(tcbinfo.ipi_lock);
1843	return (EPERM);
1844	}
1845
1846	/*
1847	* OK, now we're committed to doing something.
1848	*/
1849	gencnt = tcbinfo.ipi_gencnt;
1850	n = tcbinfo.ipi_count;
1851
1852	bzero(&xig, sizeof(xig));
1853	xig.xig_len = sizeof(xig);
1854	xig.xig_count = n;
1855	xig.xig_gen = gencnt;
1856	xig.xig_sogen = so_gencnt;
1857	error = SYSCTL_OUT(req, &xig, sizeof(xig));
1858	if (error) {
1859	lck_rw_done(tcbinfo.ipi_lock);
1860	return (error);
1861	}
1862	/*
1863	* We are done if there is no pcb
1864	*/
1865	if (n == `0`) {
1866	lck_rw_done(tcbinfo.ipi_lock);
1867	return (`0`);
1868	}
1869
1870	inp_list = _MALLOC(n * sizeof (*inp_list), M_TEMP, M_WAITOK);
1871	if (inp_list == `0`) {
1872	lck_rw_done(tcbinfo.ipi_lock);
1873	return (ENOMEM);
1874	}
1875
1876	n = get_tcp_inp_list(inp_list, n, gencnt);
1877
1878	error = `0`;
1879	for (i = `0`; i < n; i++) {
1880	struct xtcpcb xt;
1881	caddr_t inp_ppcb;
1882	struct inpcb *inp;
1883
1884	inp = inp_list[i];
1885
1886	if (in_pcb_checkstate(inp, WNT_ACQUIRE, `0`) == WNT_STOPUSING)
1887	continue;
1888	socket_lock(inp->inp_socket, `1`);
1889	if (in_pcb_checkstate(inp, WNT_RELEASE, `1`) == WNT_STOPUSING) {
1890	socket_unlock(inp->inp_socket, `1`);
1891	continue;
1892	}
1893	if (inp->inp_gencnt > gencnt) {
1894	socket_unlock(inp->inp_socket, `1`);
1895	continue;
1896	}
1897
1898	bzero(&xt, sizeof(xt));
1899	xt.xt_len = sizeof(xt);
1900	/ XXX should avoid extra copy /
1901	inpcb_to_compat(inp, &xt.xt_inp);
1902	inp_ppcb = inp->inp_ppcb;
1903	if (inp_ppcb != NULL) {
1904	tcpcb_to_otcpcb((struct tcpcb )(void* *)inp_ppcb,
1905	&xt.xt_tp);
1906	} else {
1907	bzero((char ) &xt.xt_tp, sizeof*(xt.xt_tp));
1908	}
1909	if (inp->inp_socket)
1910	sotoxsocket(inp->inp_socket, &xt.xt_socket);
1911
1912	socket_unlock(inp->inp_socket, `1`);
1913
1914	error = SYSCTL_OUT(req, &xt, sizeof(xt));
1915	}
1916	if (!error) {
1917	/*
1918	* Give the user an updated idea of our state.
1919	* If the generation differs from what we told
1920	* her before, she knows that something happened
1921	* while we were processing this request, and it
1922	* might be necessary to retry.
1923	*/
1924	bzero(&xig, sizeof(xig));
1925	xig.xig_len = sizeof(xig);
1926	xig.xig_gen = tcbinfo.ipi_gencnt;
1927	xig.xig_sogen = so_gencnt;
1928	xig.xig_count = tcbinfo.ipi_count;
1929	error = SYSCTL_OUT(req, &xig, sizeof(xig));
1930	}
1931	FREE(inp_list, M_TEMP);
1932	lck_rw_done(tcbinfo.ipi_lock);
1933	return (error);
1934	}
1935
1936	SYSCTL_PROC(_net_inet_tcp, TCPCTL_PCBLIST, pcblist,
1937	CTLTYPE_STRUCT \| CTLFLAG_RD \| CTLFLAG_LOCKED, `0`, `0`,
1938	tcp_pcblist, "S,xtcpcb", "List of active TCP connections");
1939
1940	#if !CONFIG_EMBEDDED
1941
1942	static void
1943	tcpcb_to_xtcpcb64(struct tcpcb tp, struct* xtcpcb64 *otp)
1944	{
1945	otp->t_segq = (uint32_t)VM_KERNEL_ADDRPERM(tp->t_segq.lh_first);
1946	otp->t_dupacks = tp->t_dupacks;
1947	otp->t_timer[TCPT_REXMT_EXT] = tp->t_timer[TCPT_REXMT];
1948	otp->t_timer[TCPT_PERSIST_EXT] = tp->t_timer[TCPT_PERSIST];
1949	otp->t_timer[TCPT_KEEP_EXT] = tp->t_timer[TCPT_KEEP];
1950	otp->t_timer[TCPT_2MSL_EXT] = tp->t_timer[TCPT_2MSL];
1951	otp->t_state = tp->t_state;
1952	otp->t_flags = tp->t_flags;
1953	otp->t_force = (tp->t_flagsext & TF_FORCE) ? `1` : `0`;
1954	otp->snd_una = tp->snd_una;
1955	otp->snd_max = tp->snd_max;
1956	otp->snd_nxt = tp->snd_nxt;
1957	otp->snd_up = tp->snd_up;
1958	otp->snd_wl1 = tp->snd_wl1;
1959	otp->snd_wl2 = tp->snd_wl2;
1960	otp->iss = tp->iss;
1961	otp->irs = tp->irs;
1962	otp->rcv_nxt = tp->rcv_nxt;
1963	otp->rcv_adv = tp->rcv_adv;
1964	otp->rcv_wnd = tp->rcv_wnd;
1965	otp->rcv_up = tp->rcv_up;
1966	otp->snd_wnd = tp->snd_wnd;
1967	otp->snd_cwnd = tp->snd_cwnd;
1968	otp->snd_ssthresh = tp->snd_ssthresh;
1969	otp->t_maxopd = tp->t_maxopd;
1970	otp->t_rcvtime = tp->t_rcvtime;
1971	otp->t_starttime = tp->t_starttime;
1972	otp->t_rtttime = tp->t_rtttime;
1973	otp->t_rtseq = tp->t_rtseq;
1974	otp->t_rxtcur = tp->t_rxtcur;
1975	otp->t_maxseg = tp->t_maxseg;
1976	otp->t_srtt = tp->t_srtt;
1977	otp->t_rttvar = tp->t_rttvar;
1978	otp->t_rxtshift = tp->t_rxtshift;
1979	otp->t_rttmin = tp->t_rttmin;
1980	otp->t_rttupdated = tp->t_rttupdated;
1981	otp->max_sndwnd = tp->max_sndwnd;
1982	otp->t_softerror = tp->t_softerror;
1983	otp->t_oobflags = tp->t_oobflags;
1984	otp->t_iobc = tp->t_iobc;
1985	otp->snd_scale = tp->snd_scale;
1986	otp->rcv_scale = tp->rcv_scale;
1987	otp->request_r_scale = tp->request_r_scale;
1988	otp->requested_s_scale = tp->requested_s_scale;
1989	otp->ts_recent = tp->ts_recent;
1990	otp->ts_recent_age = tp->ts_recent_age;
1991	otp->last_ack_sent = tp->last_ack_sent;
1992	otp->cc_send = `0`;
1993	otp->cc_recv = `0`;
1994	otp->snd_recover = tp->snd_recover;
1995	otp->snd_cwnd_prev = tp->snd_cwnd_prev;
1996	otp->snd_ssthresh_prev = tp->snd_ssthresh_prev;
1997	otp->t_badrxtwin = `0`;
1998	}
1999
2000
2001	static int
2002	tcp_pcblist64 SYSCTL_HANDLER_ARGS
2003	{
2004	#pragma unused(oidp, arg1, arg2)
2005	int error, i = `0`, n;
2006	struct inpcb **inp_list;
2007	inp_gen_t gencnt;
2008	struct xinpgen xig;
2009
2010	/*
2011	* The process of preparing the TCB list is too time-consuming and
2012	* resource-intensive to repeat twice on every request.
2013	*/
2014	lck_rw_lock_shared(tcbinfo.ipi_lock);
2015	if (req->oldptr == USER_ADDR_NULL) {
2016	n = tcbinfo.ipi_count;
2017	req->oldidx = `2` * (sizeof(xig))
2018	+ (n + n/`8`) * sizeof(struct xtcpcb64);
2019	lck_rw_done(tcbinfo.ipi_lock);
2020	return (`0`);
2021	}
2022
2023	if (req->newptr != USER_ADDR_NULL) {
2024	lck_rw_done(tcbinfo.ipi_lock);
2025	return (EPERM);
2026	}
2027
2028	/*
2029	* OK, now we're committed to doing something.
2030	*/
2031	gencnt = tcbinfo.ipi_gencnt;
2032	n = tcbinfo.ipi_count;
2033
2034	bzero(&xig, sizeof(xig));
2035	xig.xig_len = sizeof(xig);
2036	xig.xig_count = n;
2037	xig.xig_gen = gencnt;
2038	xig.xig_sogen = so_gencnt;
2039	error = SYSCTL_OUT(req, &xig, sizeof(xig));
2040	if (error) {
2041	lck_rw_done(tcbinfo.ipi_lock);
2042	return (error);
2043	}
2044	/*
2045	* We are done if there is no pcb
2046	*/
2047	if (n == `0`) {
2048	lck_rw_done(tcbinfo.ipi_lock);
2049	return (`0`);
2050	}
2051
2052	inp_list = _MALLOC(n * sizeof (*inp_list), M_TEMP, M_WAITOK);
2053	if (inp_list == `0`) {
2054	lck_rw_done(tcbinfo.ipi_lock);
2055	return (ENOMEM);
2056	}
2057
2058	n = get_tcp_inp_list(inp_list, n, gencnt);
2059
2060	error = `0`;
2061	for (i = `0`; i < n; i++) {
2062	struct xtcpcb64 xt;
2063	struct inpcb *inp;
2064
2065	inp = inp_list[i];
2066
2067	if (in_pcb_checkstate(inp, WNT_ACQUIRE, `0`) == WNT_STOPUSING)
2068	continue;
2069	socket_lock(inp->inp_socket, `1`);
2070	if (in_pcb_checkstate(inp, WNT_RELEASE, `1`) == WNT_STOPUSING) {
2071	socket_unlock(inp->inp_socket, `1`);
2072	continue;
2073	}
2074	if (inp->inp_gencnt > gencnt) {
2075	socket_unlock(inp->inp_socket, `1`);
2076	continue;
2077	}
2078
2079	bzero(&xt, sizeof(xt));
2080	xt.xt_len = sizeof(xt);
2081	inpcb_to_xinpcb64(inp, &xt.xt_inpcb);
2082	xt.xt_inpcb.inp_ppcb =
2083	(uint64_t)VM_KERNEL_ADDRPERM(inp->inp_ppcb);
2084	if (inp->inp_ppcb != NULL)
2085	tcpcb_to_xtcpcb64((struct tcpcb *)inp->inp_ppcb,
2086	&xt);
2087	if (inp->inp_socket)
2088	sotoxsocket64(inp->inp_socket,
2089	&xt.xt_inpcb.xi_socket);
2090
2091	socket_unlock(inp->inp_socket, `1`);
2092
2093	error = SYSCTL_OUT(req, &xt, sizeof(xt));
2094	}
2095	if (!error) {
2096	/*
2097	* Give the user an updated idea of our state.
2098	* If the generation differs from what we told
2099	* her before, she knows that something happened
2100	* while we were processing this request, and it
2101	* might be necessary to retry.
2102	*/
2103	bzero(&xig, sizeof(xig));
2104	xig.xig_len = sizeof(xig);
2105	xig.xig_gen = tcbinfo.ipi_gencnt;
2106	xig.xig_sogen = so_gencnt;
2107	xig.xig_count = tcbinfo.ipi_count;
2108	error = SYSCTL_OUT(req, &xig, sizeof(xig));
2109	}
2110	FREE(inp_list, M_TEMP);
2111	lck_rw_done(tcbinfo.ipi_lock);
2112	return (error);
2113	}
2114
2115	SYSCTL_PROC(_net_inet_tcp, OID_AUTO, pcblist64,
2116	CTLTYPE_STRUCT \| CTLFLAG_RD \| CTLFLAG_LOCKED, `0`, `0`,
2117	tcp_pcblist64, "S,xtcpcb64", "List of active TCP connections");
2118
2119	#endif /* !CONFIG_EMBEDDED */
2120
2121	static int
2122	tcp_pcblist_n SYSCTL_HANDLER_ARGS
2123	{
2124	#pragma unused(oidp, arg1, arg2)
2125	int error = `0`;
2126
2127	error = get_pcblist_n(IPPROTO_TCP, req, &tcbinfo);
2128
2129	return (error);
2130	}
2131
2132
2133	SYSCTL_PROC(_net_inet_tcp, OID_AUTO, pcblist_n,
2134	CTLTYPE_STRUCT \| CTLFLAG_RD \| CTLFLAG_LOCKED, `0`, `0`,
2135	tcp_pcblist_n, "S,xtcpcb_n", "List of active TCP connections");
2136
2137	static int
2138	tcp_progress_indicators SYSCTL_HANDLER_ARGS
2139	{
2140	#pragma unused(oidp, arg1, arg2)
2141
2142	return (ntstat_tcp_progress_indicators(req));
2143	}
2144
2145	SYSCTL_PROC(_net_inet_tcp, OID_AUTO, progress,
2146	CTLTYPE_STRUCT \| CTLFLAG_RW \| CTLFLAG_LOCKED \| CTLFLAG_ANYBODY, `0`, `0`,
2147	tcp_progress_indicators, "S", "Various items that indicate the current state of progress on the link");
2148
2149
2150	__private_extern__ void
2151	tcp_get_ports_used(uint32_t ifindex, int protocol, uint32_t flags,
2152	bitstr_t *bitfield)
2153	{
2154	inpcb_get_ports_used(ifindex, protocol, flags, bitfield,
2155	&tcbinfo);
2156	}
2157
2158	__private_extern__ uint32_t
2159	tcp_count_opportunistic(unsigned int ifindex, u_int32_t flags)
2160	{
2161	return (inpcb_count_opportunistic(ifindex, &tcbinfo, flags));
2162	}
2163
2164	__private_extern__ uint32_t
2165	tcp_find_anypcb_byaddr(struct ifaddr *ifa)
2166	{
2167	return (inpcb_find_anypcb_byaddr(ifa, &tcbinfo));
2168	}
2169
2170	static void
2171	tcp_handle_msgsize(struct ip ip, struct* inpcb *inp)
2172	{
2173	struct rtentry *rt = NULL;
2174	u_short ifscope = IFSCOPE_NONE;
2175	int mtu;
2176	struct sockaddr_in icmpsrc = {
2177	sizeof (struct sockaddr_in),
2178	AF_INET, `0`, { `0` },
2179	{ `0`, `0`, `0`, `0`, `0`, `0`, `0`, `0` } };
2180	struct icmp *icp = NULL;
2181
2182	icp = (struct icmp )(void* *)
2183	((caddr_t)ip - offsetof(struct icmp, icmp_ip));
2184
2185	icmpsrc.sin_addr = icp->icmp_ip.ip_dst;
2186
2187	/*
2188	* MTU discovery:
2189	* If we got a needfrag and there is a host route to the
2190	* original destination, and the MTU is not locked, then
2191	* set the MTU in the route to the suggested new value
2192	* (if given) and then notify as usual. The ULPs will
2193	* notice that the MTU has changed and adapt accordingly.
2194	* If no new MTU was suggested, then we guess a new one
2195	* less than the current value. If the new MTU is
2196	* unreasonably small (defined by sysctl tcp_minmss), then
2197	* we reset the MTU to the interface value and enable the
2198	* lock bit, indicating that we are no longer doing MTU
2199	* discovery.
2200	*/
2201	if (ROUTE_UNUSABLE(&(inp->inp_route)) == false)
2202	rt = inp->inp_route.ro_rt;
2203
2204	/*
2205	* icmp6_mtudisc_update scopes the routing lookup
2206	* to the incoming interface (delivered from mbuf
2207	* packet header.
2208	* That is mostly ok but for asymmetric networks
2209	* that may be an issue.
2210	* Frag needed OR Packet too big really communicates
2211	* MTU for the out data path.
2212	* Take the interface scope from cached route or
2213	* the last outgoing interface from inp
2214	*/
2215	if (rt != NULL)
2216	ifscope = (rt->rt_ifp != NULL) ?
2217	rt->rt_ifp->if_index : IFSCOPE_NONE;
2218	else
2219	ifscope = (inp->inp_last_outifp != NULL) ?
2220	inp->inp_last_outifp->if_index : IFSCOPE_NONE;
2221
2222	if ((rt == NULL) \|\|
2223	!(rt->rt_flags & RTF_HOST) \|\|
2224	(rt->rt_flags & (RTF_CLONING \| RTF_PRCLONING))) {
2225	rt = rtalloc1_scoped((struct sockaddr *)&icmpsrc, `0`,
2226	RTF_CLONING \| RTF_PRCLONING, ifscope);
2227	} else if (rt) {
2228	RT_LOCK(rt);
2229	rtref(rt);
2230	RT_UNLOCK(rt);
2231	}
2232
2233	if (rt != NULL) {
2234	RT_LOCK(rt);
2235	if ((rt->rt_flags & RTF_HOST) &&
2236	!(rt->rt_rmx.rmx_locks & RTV_MTU)) {
2237	mtu = ntohs(icp->icmp_nextmtu);
2238	/*
2239	* XXX Stock BSD has changed the following
2240	* to compare with icp->icmp_ip.ip_len
2241	* to converge faster when sent packet
2242	* < route's MTU. We may want to adopt
2243	* that change.
2244	*/
2245	if (mtu == `0`)
2246	mtu = ip_next_mtu(rt->rt_rmx.
2247	rmx_mtu, `1`);
2248	#if DEBUG_MTUDISC
2249	printf("MTU for %s reduced to %d\n",
2250	inet_ntop(AF_INET,
2251	&icmpsrc.sin_addr, ipv4str,
2252	sizeof (ipv4str)), mtu);
2253	#endif
2254	if (mtu < max(`296`, (tcp_minmss +
2255	sizeof (struct tcpiphdr)))) {
2256	rt->rt_rmx.rmx_locks \|= RTV_MTU;
2257	} else if (rt->rt_rmx.rmx_mtu > mtu) {
2258	rt->rt_rmx.rmx_mtu = mtu;
2259	}
2260	}
2261	RT_UNLOCK(rt);
2262	rtfree(rt);
2263	}
2264	}
2265
2266	void
2267	tcp_ctlinput(int cmd, struct sockaddr sa, void* vip, __unused struct* ifnet *ifp)
2268	{
2269	tcp_seq icmp_tcp_seq;
2270	struct ip *ip = vip;
2271	struct in_addr faddr;
2272	struct inpcb *inp;
2273	struct tcpcb *tp;
2274	struct tcphdr *th;
2275	struct icmp *icp;
2276	void (notify)(struct* inpcb , int*) = tcp_notify;
2277
2278	faddr = ((struct sockaddr_in )(void* *)sa)->sin_addr;
2279	if (sa->sa_family != AF_INET \|\| faddr.s_addr == INADDR_ANY)
2280	return;
2281
2282	if ((unsigned)cmd >= PRC_NCMDS)
2283	return;
2284
2285	/ Source quench is deprecated /
2286	if (cmd == PRC_QUENCH)
2287	return;
2288
2289	if (cmd == PRC_MSGSIZE)
2290	notify = tcp_mtudisc;
2291	else if (icmp_may_rst && (cmd == PRC_UNREACH_ADMIN_PROHIB \|\|
2292	cmd == PRC_UNREACH_PORT \|\| cmd == PRC_UNREACH_PROTOCOL \|\|
2293	cmd == PRC_TIMXCEED_INTRANS) && ip)
2294	notify = tcp_drop_syn_sent;
2295	/*
2296	* Hostdead is ugly because it goes linearly through all PCBs.
2297	* XXX: We never get this from ICMP, otherwise it makes an
2298	* excellent DoS attack on machines with many connections.
2299	*/
2300	else if (cmd == PRC_HOSTDEAD)
2301	ip = NULL;
2302	else if (inetctlerrmap[cmd] == `0` && !PRC_IS_REDIRECT(cmd))
2303	return;
2304
2305
2306	if (ip == NULL) {
2307	in_pcbnotifyall(&tcbinfo, faddr, inetctlerrmap[cmd], notify);
2308	return;
2309	}
2310
2311	icp = (struct icmp )(void* *)
2312	((caddr_t)ip - offsetof(struct icmp, icmp_ip));
2313	th = (struct tcphdr )(void* *)((caddr_t)ip + (IP_VHL_HL(ip->ip_vhl) << `2`));
2314	icmp_tcp_seq = ntohl(th->th_seq);
2315
2316	inp = in_pcblookup_hash(&tcbinfo, faddr, th->th_dport,
2317	ip->ip_src, th->th_sport, `0`, NULL);
2318
2319	if (inp == NULL \|\|
2320	inp->inp_socket == NULL) {
2321	return;
2322	}
2323
2324	socket_lock(inp->inp_socket, `1`);
2325	if (in_pcb_checkstate(inp, WNT_RELEASE, `1`) ==
2326	WNT_STOPUSING) {
2327	socket_unlock(inp->inp_socket, `1`);
2328	return;
2329	}
2330
2331	if (PRC_IS_REDIRECT(cmd)) {
2332	/ signal EHOSTDOWN, as it flushes the cached route /
2333	(*notify)(inp, EHOSTDOWN);
2334	} else {
2335	tp = intotcpcb(inp);
2336	if (SEQ_GEQ(icmp_tcp_seq, tp->snd_una) &&
2337	SEQ_LT(icmp_tcp_seq, tp->snd_max)) {
2338	if (cmd == PRC_MSGSIZE)
2339	tcp_handle_msgsize(ip, inp);
2340
2341	(*notify)(inp, inetctlerrmap[cmd]);
2342	}
2343	}
2344	socket_unlock(inp->inp_socket, `1`);
2345	}
2346
2347	#if INET6
2348	void
2349	tcp6_ctlinput(int cmd, struct sockaddr sa, void* d, __unused struct* ifnet *ifp)
2350	{
2351	tcp_seq icmp_tcp_seq;
2352	struct in6_addr *dst;
2353	struct tcphdr *th;
2354	void (notify)(struct* inpcb , int*) = tcp_notify;
2355	struct ip6_hdr *ip6;
2356	struct mbuf *m;
2357	struct inpcb *inp;
2358	struct tcpcb *tp;
2359	struct icmp6_hdr *icmp6;
2360	struct ip6ctlparam *ip6cp = NULL;
2361	const struct sockaddr_in6 *sa6_src = NULL;
2362	unsigned int mtu;
2363	unsigned int off;
2364
2365	if (sa->sa_family != AF_INET6 \|\|
2366	sa->sa_len != sizeof(struct sockaddr_in6))
2367	return;
2368
2369	/ Source quench is deprecated /
2370	if (cmd == PRC_QUENCH)
2371	return;
2372
2373	if ((unsigned)cmd >= PRC_NCMDS)
2374	return;
2375
2376	/ if the parameter is from icmp6, decode it. /
2377	if (d != NULL) {
2378	ip6cp = (struct ip6ctlparam *)d;
2379	icmp6 = ip6cp->ip6c_icmp6;
2380	m = ip6cp->ip6c_m;
2381	ip6 = ip6cp->ip6c_ip6;
2382	off = ip6cp->ip6c_off;
2383	sa6_src = ip6cp->ip6c_src;
2384	dst = ip6cp->ip6c_finaldst;
2385	} else {
2386	m = NULL;
2387	ip6 = NULL;
2388	off = `0`; / fool gcc /
2389	sa6_src = &sa6_any;
2390	dst = NULL;
2391	}
2392
2393	if (cmd == PRC_MSGSIZE)
2394	notify = tcp_mtudisc;
2395	else if (icmp_may_rst && (cmd == PRC_UNREACH_ADMIN_PROHIB \|\|
2396	cmd == PRC_UNREACH_PORT \|\| cmd == PRC_TIMXCEED_INTRANS) &&
2397	ip6 != NULL)
2398	notify = tcp_drop_syn_sent;
2399	/*
2400	* Hostdead is ugly because it goes linearly through all PCBs.
2401	* XXX: We never get this from ICMP, otherwise it makes an
2402	* excellent DoS attack on machines with many connections.
2403	*/
2404	else if (cmd == PRC_HOSTDEAD)
2405	ip6 = NULL;
2406	else if (inet6ctlerrmap[cmd] == `0` && !PRC_IS_REDIRECT(cmd))
2407	return;
2408
2409
2410	if (ip6 == NULL) {
2411	in6_pcbnotify(&tcbinfo, sa, `0`, (struct sockaddr *)(size_t)sa6_src,
2412	`0`, cmd, NULL, notify);
2413	return;
2414	}
2415
2416	if (m == NULL \|\|
2417	(m->m_pkthdr.len < (int32_t) (off + offsetof(struct tcphdr, th_ack))))
2418	return;
2419
2420	th = (struct tcphdr )(void* *)mtodo(m, off);
2421	icmp_tcp_seq = ntohl(th->th_seq);
2422
2423	if (cmd == PRC_MSGSIZE) {
2424	mtu = ntohl(icmp6->icmp6_mtu);
2425	/*
2426	* If no alternative MTU was proposed, or the proposed
2427	* MTU was too small, set to the min.
2428	*/
2429	if (mtu < IPV6_MMTU)
2430	mtu = IPV6_MMTU - `8`;
2431	}
2432
2433	inp = in6_pcblookup_hash(&tcbinfo, &ip6->ip6_dst, th->th_dport,
2434	&ip6->ip6_src, th->th_sport, `0`, NULL);
2435
2436	if (inp == NULL \|\|
2437	inp->inp_socket == NULL) {
2438	return;
2439	}
2440
2441	socket_lock(inp->inp_socket, `1`);
2442	if (in_pcb_checkstate(inp, WNT_RELEASE, `1`) ==
2443	WNT_STOPUSING) {
2444	socket_unlock(inp->inp_socket, `1`);
2445	return;
2446	}
2447
2448	if (PRC_IS_REDIRECT(cmd)) {
2449	/ signal EHOSTDOWN, as it flushes the cached route /
2450	(*notify)(inp, EHOSTDOWN);
2451	} else {
2452	tp = intotcpcb(inp);
2453	if (SEQ_GEQ(icmp_tcp_seq, tp->snd_una) &&
2454	SEQ_LT(icmp_tcp_seq, tp->snd_max)) {
2455	if (cmd == PRC_MSGSIZE) {
2456	/*
2457	* Only process the offered MTU if it
2458	* is smaller than the current one.
2459	*/
2460	if (mtu < tp->t_maxseg +
2461	(sizeof (th) + sizeof* (*ip6)))
2462	(*notify)(inp, inetctlerrmap[cmd]);
2463	} else
2464	(*notify)(inp, inetctlerrmap[cmd]);
2465	}
2466	}
2467	socket_unlock(inp->inp_socket, `1`);
2468	}
2469	#endif /* INET6 */
2470
2471
2472	/*
2473	* Following is where TCP initial sequence number generation occurs.
2474	*
2475	* There are two places where we must use initial sequence numbers:
2476	* 1. In SYN-ACK packets.
2477	* 2. In SYN packets.
2478	*
2479	* The ISNs in SYN-ACK packets have no monotonicity requirement,
2480	* and should be as unpredictable as possible to avoid the possibility
2481	* of spoofing and/or connection hijacking. To satisfy this
2482	* requirement, SYN-ACK ISNs are generated via the arc4random()
2483	* function. If exact RFC 1948 compliance is requested via sysctl,
2484	* these ISNs will be generated just like those in SYN packets.
2485	*
2486	* The ISNs in SYN packets must be monotonic; TIME_WAIT recycling
2487	* depends on this property. In addition, these ISNs should be
2488	* unguessable so as to prevent connection hijacking. To satisfy
2489	* the requirements of this situation, the algorithm outlined in
2490	* RFC 1948 is used to generate sequence numbers.
2491	*
2492	* For more information on the theory of operation, please see
2493	* RFC 1948.
2494	*
2495	* Implementation details:
2496	*
2497	* Time is based off the system timer, and is corrected so that it
2498	* increases by one megabyte per second. This allows for proper
2499	* recycling on high speed LANs while still leaving over an hour
2500	* before rollover.
2501	*
2502	* Two sysctls control the generation of ISNs:
2503	*
2504	* net.inet.tcp.isn_reseed_interval controls the number of seconds
2505	* between seeding of isn_secret. This is normally set to zero,
2506	* as reseeding should not be necessary.
2507	*
2508	* net.inet.tcp.strict_rfc1948 controls whether RFC 1948 is followed
2509	* strictly. When strict compliance is requested, reseeding is
2510	* disabled and SYN-ACKs will be generated in the same manner as
2511	* SYNs. Strict mode is disabled by default.
2512	*
2513	*/
2514
2515	#define ISN_BYTES_PER_SECOND 1048576
2516
2517	tcp_seq
2518	tcp_new_isn(struct tcpcb *tp)
2519	{
2520	u_int32_t md5_buffer[`4`];
2521	tcp_seq new_isn;
2522	struct timeval timenow;
2523	u_char isn_secret[`32`];
2524	int isn_last_reseed = `0`;
2525	MD5_CTX isn_ctx;
2526
2527	/ Use arc4random for SYN-ACKs when not in exact RFC1948 mode. /
2528	if (((tp->t_state == TCPS_LISTEN) \|\| (tp->t_state == TCPS_TIME_WAIT)) &&
2529	tcp_strict_rfc1948 == `0`)
2530	#ifdef __APPLE__
2531	return (RandomULong());
2532	#else
2533	return (arc4random());
2534	#endif
2535	getmicrotime(&timenow);
2536
2537	/ Seed if this is the first use, reseed if requested. /
2538	if ((isn_last_reseed == `0`) \|\|
2539	((tcp_strict_rfc1948 == `0`) && (tcp_isn_reseed_interval > `0`) &&
2540	(((u_int)isn_last_reseed + (u_int)tcp_isn_reseed_interval*hz)
2541	< (u_int)timenow.tv_sec))) {
2542	#ifdef __APPLE__
2543	read_frandom(&isn_secret, sizeof(isn_secret));
2544	#else
2545	read_random_unlimited(&isn_secret, sizeof(isn_secret));
2546	#endif
2547	isn_last_reseed = timenow.tv_sec;
2548	}
2549
2550	/ Compute the md5 hash and return the ISN. /
2551	MD5Init(&isn_ctx);
2552	MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_fport,
2553	sizeof(u_short));
2554	MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_lport,
2555	sizeof(u_short));
2556	#if INET6
2557	if ((tp->t_inpcb->inp_vflag & INP_IPV6) != `0`) {
2558	MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_faddr,
2559	sizeof(struct in6_addr));
2560	MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_laddr,
2561	sizeof(struct in6_addr));
2562	} else
2563	#endif
2564	{
2565	MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_faddr,
2566	sizeof(struct in_addr));
2567	MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_laddr,
2568	sizeof(struct in_addr));
2569	}
2570	MD5Update(&isn_ctx, (u_char ) &isn_secret, sizeof*(isn_secret));
2571	MD5Final((u_char *) &md5_buffer, &isn_ctx);
2572	new_isn = (tcp_seq) md5_buffer[`0`];
2573	new_isn += timenow.tv_sec * (ISN_BYTES_PER_SECOND / hz);
2574	return (new_isn);
2575	}
2576
2577
2578	/*
2579	* When a specific ICMP unreachable message is received and the
2580	* connection state is SYN-SENT, drop the connection. This behavior
2581	* is controlled by the icmp_may_rst sysctl.
2582	*/
2583	void
2584	tcp_drop_syn_sent(struct inpcb inp, int* errno)
2585	{
2586	struct tcpcb *tp = intotcpcb(inp);
2587
2588	if (tp && tp->t_state == TCPS_SYN_SENT)
2589	tcp_drop(tp, errno);
2590	}
2591
2592	/*
2593	* When `need fragmentation' ICMP is received, update our idea of the MSS
2594	* based on the new value in the route. Also nudge TCP to send something,
2595	* since we know the packet we just sent was dropped.
2596	* This duplicates some code in the tcp_mss() function in tcp_input.c.
2597	*/
2598	void
2599	tcp_mtudisc(
2600	struct inpcb *inp,
2601	__unused int errno
2602	)
2603	{
2604	struct tcpcb *tp = intotcpcb(inp);
2605	struct rtentry *rt;
2606	struct rmxp_tao *taop;
2607	struct socket *so = inp->inp_socket;
2608	int offered;
2609	int mss;
2610	u_int32_t mtu;
2611	u_int32_t protoHdrOverhead = sizeof (struct tcpiphdr);
2612	#if INET6
2613	int isipv6 = (tp->t_inpcb->inp_vflag & INP_IPV6) != `0`;
2614
2615	if (isipv6)
2616	protoHdrOverhead = sizeof(struct ip6_hdr) +
2617	sizeof(struct tcphdr);
2618	#endif /* INET6 */
2619
2620	if (tp) {
2621	#if INET6
2622	if (isipv6)
2623	rt = tcp_rtlookup6(inp, IFSCOPE_NONE);
2624	else
2625	#endif /* INET6 */
2626	rt = tcp_rtlookup(inp, IFSCOPE_NONE);
2627	if (!rt \|\| !rt->rt_rmx.rmx_mtu) {
2628	tp->t_maxopd = tp->t_maxseg =
2629	#if INET6
2630	isipv6 ? tcp_v6mssdflt :
2631	#endif /* INET6 */
2632	tcp_mssdflt;
2633
2634	/ Route locked during lookup above /
2635	if (rt != NULL)
2636	RT_UNLOCK(rt);
2637	return;
2638	}
2639	taop = rmx_taop(rt->rt_rmx);
2640	offered = taop->tao_mssopt;
2641	mtu = rt->rt_rmx.rmx_mtu;
2642
2643	/ Route locked during lookup above /
2644	RT_UNLOCK(rt);
2645
2646	#if NECP
2647	// Adjust MTU if necessary.
2648	mtu = necp_socket_get_effective_mtu(inp, mtu);
2649	#endif /* NECP */
2650	mss = mtu - protoHdrOverhead;
2651
2652	if (offered)
2653	mss = min(mss, offered);
2654	/*
2655	* XXX - The above conditional probably violates the TCP
2656	* spec. The problem is that, since we don't know the
2657	* other end's MSS, we are supposed to use a conservative
2658	* default. But, if we do that, then MTU discovery will
2659	* never actually take place, because the conservative
2660	* default is much less than the MTUs typically seen
2661	* on the Internet today. For the moment, we'll sweep
2662	* this under the carpet.
2663	*
2664	* The conservative default might not actually be a problem
2665	* if the only case this occurs is when sending an initial
2666	* SYN with options and data to a host we've never talked
2667	* to before. Then, they will reply with an MSS value which
2668	* will get recorded and the new parameters should get
2669	* recomputed. For Further Study.
2670	*/
2671	if (tp->t_maxopd <= mss)
2672	return;
2673	tp->t_maxopd = mss;
2674
2675	if ((tp->t_flags & (TF_REQ_TSTMP\|TF_NOOPT)) == TF_REQ_TSTMP &&
2676	(tp->t_flags & TF_RCVD_TSTMP) == TF_RCVD_TSTMP)
2677	mss -= TCPOLEN_TSTAMP_APPA;
2678
2679	#if MPTCP
2680	mss -= mptcp_adj_mss(tp, TRUE);
2681	#endif
2682	if (so->so_snd.sb_hiwat < mss)
2683	mss = so->so_snd.sb_hiwat;
2684
2685	tp->t_maxseg = mss;
2686
2687	ASSERT(tp->t_maxseg);
2688
2689	/*
2690	* Reset the slow-start flight size as it may depends on the
2691	* new MSS
2692	*/
2693	if (CC_ALGO(tp)->cwnd_init != NULL)
2694	CC_ALGO(tp)->cwnd_init(tp);
2695	tcpstat.tcps_mturesent++;
2696	tp->t_rtttime = `0`;
2697	tp->snd_nxt = tp->snd_una;
2698	tcp_output(tp);
2699	}
2700	}
2701
2702	/*
2703	* Look-up the routing entry to the peer of this inpcb. If no route
2704	* is found and it cannot be allocated the return NULL. This routine
2705	* is called by TCP routines that access the rmx structure and by tcp_mss
2706	* to get the interface MTU. If a route is found, this routine will
2707	* hold the rtentry lock; the caller is responsible for unlocking.
2708	*/
2709	struct rtentry *
2710	tcp_rtlookup(struct inpcb inp, unsigned* int input_ifscope)
2711	{
2712	struct route *ro;
2713	struct rtentry *rt;
2714	struct tcpcb *tp;
2715
2716	LCK_MTX_ASSERT(rnh_lock, LCK_MTX_ASSERT_NOTOWNED);
2717
2718	ro = &inp->inp_route;
2719	if ((rt = ro->ro_rt) != NULL)
2720	RT_LOCK(rt);
2721
2722	if (ROUTE_UNUSABLE(ro)) {
2723	if (rt != NULL) {
2724	RT_UNLOCK(rt);
2725	rt = NULL;
2726	}
2727	ROUTE_RELEASE(ro);
2728	/ No route yet, so try to acquire one /
2729	if (inp->inp_faddr.s_addr != INADDR_ANY) {
2730	unsigned int ifscope;
2731
2732	ro->ro_dst.sa_family = AF_INET;
2733	ro->ro_dst.sa_len = sizeof(struct sockaddr_in);
2734	((struct sockaddr_in )(void* *)&ro->ro_dst)->sin_addr =
2735	inp->inp_faddr;
2736
2737	/*
2738	* If the socket was bound to an interface, then
2739	* the bound-to-interface takes precedence over
2740	* the inbound interface passed in by the caller
2741	* (if we get here as part of the output path then
2742	* input_ifscope is IFSCOPE_NONE).
2743	*/
2744	ifscope = (inp->inp_flags & INP_BOUND_IF) ?
2745	inp->inp_boundifp->if_index : input_ifscope;
2746
2747	rtalloc_scoped(ro, ifscope);
2748	if ((rt = ro->ro_rt) != NULL)
2749	RT_LOCK(rt);
2750	}
2751	}
2752	if (rt != NULL)
2753	RT_LOCK_ASSERT_HELD(rt);
2754
2755	/*
2756	* Update MTU discovery determination. Don't do it if:
2757	* 1) it is disabled via the sysctl
2758	* 2) the route isn't up
2759	* 3) the MTU is locked (if it is, then discovery has been
2760	* disabled)
2761	*/
2762
2763	tp = intotcpcb(inp);
2764
2765	if (!path_mtu_discovery \|\| ((rt != NULL) &&
2766	(!(rt->rt_flags & RTF_UP) \|\| (rt->rt_rmx.rmx_locks & RTV_MTU))))
2767	tp->t_flags &= ~TF_PMTUD;
2768	else
2769	tp->t_flags \|= TF_PMTUD;
2770
2771	if (rt != NULL && rt->rt_ifp != NULL) {
2772	somultipages(inp->inp_socket,
2773	(rt->rt_ifp->if_hwassist & IFNET_MULTIPAGES));
2774	tcp_set_tso(tp, rt->rt_ifp);
2775	soif2kcl(inp->inp_socket,
2776	(rt->rt_ifp->if_eflags & IFEF_2KCL));
2777	tcp_set_ecn(tp, rt->rt_ifp);
2778	if (inp->inp_last_outifp == NULL) {
2779	inp->inp_last_outifp = rt->rt_ifp;
2780
2781	}
2782	}
2783
2784	/ Note if the peer is local /
2785	if (rt != NULL && !(rt->rt_ifp->if_flags & IFF_POINTOPOINT) &&
2786	(rt->rt_gateway->sa_family == AF_LINK \|\|
2787	rt->rt_ifp->if_flags & IFF_LOOPBACK \|\|
2788	in_localaddr(inp->inp_faddr))) {
2789	tp->t_flags \|= TF_LOCAL;
2790	}
2791
2792	/*
2793	* Caller needs to call RT_UNLOCK(rt).
2794	*/
2795	return (rt);
2796	}
2797
2798	#if INET6
2799	struct rtentry *
2800	tcp_rtlookup6(struct inpcb inp, unsigned* int input_ifscope)
2801	{
2802	struct route_in6 *ro6;
2803	struct rtentry *rt;
2804	struct tcpcb *tp;
2805
2806	LCK_MTX_ASSERT(rnh_lock, LCK_MTX_ASSERT_NOTOWNED);
2807
2808	ro6 = &inp->in6p_route;
2809	if ((rt = ro6->ro_rt) != NULL)
2810	RT_LOCK(rt);
2811
2812	if (ROUTE_UNUSABLE(ro6)) {
2813	if (rt != NULL) {
2814	RT_UNLOCK(rt);
2815	rt = NULL;
2816	}
2817	ROUTE_RELEASE(ro6);
2818	/ No route yet, so try to acquire one /
2819	if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
2820	struct sockaddr_in6 *dst6;
2821	unsigned int ifscope;
2822
2823	dst6 = (struct sockaddr_in6 *)&ro6->ro_dst;
2824	dst6->sin6_family = AF_INET6;
2825	dst6->sin6_len = sizeof(*dst6);
2826	dst6->sin6_addr = inp->in6p_faddr;
2827
2828	/*
2829	* If the socket was bound to an interface, then
2830	* the bound-to-interface takes precedence over
2831	* the inbound interface passed in by the caller
2832	* (if we get here as part of the output path then
2833	* input_ifscope is IFSCOPE_NONE).
2834	*/
2835	ifscope = (inp->inp_flags & INP_BOUND_IF) ?
2836	inp->inp_boundifp->if_index : input_ifscope;
2837
2838	rtalloc_scoped((struct route *)ro6, ifscope);
2839	if ((rt = ro6->ro_rt) != NULL)
2840	RT_LOCK(rt);
2841	}
2842	}
2843	if (rt != NULL)
2844	RT_LOCK_ASSERT_HELD(rt);
2845
2846	/*
2847	* Update path MTU Discovery determination
2848	* while looking up the route:
2849	* 1) we have a valid route to the destination
2850	* 2) the MTU is not locked (if it is, then discovery has been
2851	* disabled)
2852	*/
2853
2854
2855	tp = intotcpcb(inp);
2856
2857	/*
2858	* Update MTU discovery determination. Don't do it if:
2859	* 1) it is disabled via the sysctl
2860	* 2) the route isn't up
2861	* 3) the MTU is locked (if it is, then discovery has been
2862	* disabled)
2863	*/
2864
2865	if (!path_mtu_discovery \|\| ((rt != NULL) &&
2866	(!(rt->rt_flags & RTF_UP) \|\| (rt->rt_rmx.rmx_locks & RTV_MTU))))
2867	tp->t_flags &= ~TF_PMTUD;
2868	else
2869	tp->t_flags \|= TF_PMTUD;
2870
2871	if (rt != NULL && rt->rt_ifp != NULL) {
2872	somultipages(inp->inp_socket,
2873	(rt->rt_ifp->if_hwassist & IFNET_MULTIPAGES));
2874	tcp_set_tso(tp, rt->rt_ifp);
2875	soif2kcl(inp->inp_socket,
2876	(rt->rt_ifp->if_eflags & IFEF_2KCL));
2877	tcp_set_ecn(tp, rt->rt_ifp);
2878	if (inp->inp_last_outifp == NULL) {
2879	inp->inp_last_outifp = rt->rt_ifp;
2880	}
2881
2882	/ Note if the peer is local /
2883	if (!(rt->rt_ifp->if_flags & IFF_POINTOPOINT) &&
2884	(IN6_IS_ADDR_LOOPBACK(&inp->in6p_faddr) \|\|
2885	IN6_IS_ADDR_LINKLOCAL(&inp->in6p_faddr) \|\|
2886	rt->rt_gateway->sa_family == AF_LINK \|\|
2887	in6_localaddr(&inp->in6p_faddr))) {
2888	tp->t_flags \|= TF_LOCAL;
2889	}
2890	}
2891
2892	/*
2893	* Caller needs to call RT_UNLOCK(rt).
2894	*/
2895	return (rt);
2896	}
2897	#endif /* INET6 */
2898
2899	#if IPSEC
2900	/ compute ESP/AH header size for TCP, including outer IP header. /
2901	size_t
2902	ipsec_hdrsiz_tcp(struct tcpcb *tp)
2903	{
2904	struct inpcb *inp;
2905	struct mbuf *m;
2906	size_t hdrsiz;
2907	struct ip *ip;
2908	#if INET6
2909	struct ip6_hdr *ip6 = NULL;
2910	#endif /* INET6 */
2911	struct tcphdr *th;
2912
2913	if ((tp == NULL) \|\| ((inp = tp->t_inpcb) == NULL))
2914	return (`0`);
2915	MGETHDR(m, M_DONTWAIT, MT_DATA); / MAC-OK /
2916	if (!m)
2917	return (`0`);
2918
2919	#if INET6
2920	if ((inp->inp_vflag & INP_IPV6) != `0`) {
2921	ip6 = mtod(m, struct ip6_hdr *);
2922	th = (struct tcphdr )(void* *)(ip6 + `1`);
2923	m->m_pkthdr.len = m->m_len =
2924	sizeof(struct ip6_hdr) + sizeof(struct tcphdr);
2925	tcp_fillheaders(tp, ip6, th);
2926	hdrsiz = ipsec6_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
2927	} else
2928	#endif /* INET6 */
2929	{
2930	ip = mtod(m, struct ip *);
2931	th = (struct tcphdr *)(ip + `1`);
2932	m->m_pkthdr.len = m->m_len = sizeof(struct tcpiphdr);
2933	tcp_fillheaders(tp, ip, th);
2934	hdrsiz = ipsec4_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
2935	}
2936	m_free(m);
2937	return (hdrsiz);
2938	}
2939	#endif /* IPSEC */
2940
2941	/*
2942	* Return a pointer to the cached information about the remote host.
2943	* The cached information is stored in the protocol specific part of
2944	* the route metrics.
2945	*/
2946	struct rmxp_tao *
2947	tcp_gettaocache(struct inpcb *inp)
2948	{
2949	struct rtentry *rt;
2950	struct rmxp_tao *taop;
2951
2952	#if INET6
2953	if ((inp->inp_vflag & INP_IPV6) != `0`)
2954	rt = tcp_rtlookup6(inp, IFSCOPE_NONE);
2955	else
2956	#endif /* INET6 */
2957	rt = tcp_rtlookup(inp, IFSCOPE_NONE);
2958
2959	/ Make sure this is a host route and is up. /
2960	if (rt == NULL \|\|
2961	(rt->rt_flags & (RTF_UP\|RTF_HOST)) != (RTF_UP\|RTF_HOST)) {
2962	/ Route locked during lookup above /
2963	if (rt != NULL)
2964	RT_UNLOCK(rt);
2965	return (NULL);
2966	}
2967
2968	taop = rmx_taop(rt->rt_rmx);
2969	/ Route locked during lookup above /
2970	RT_UNLOCK(rt);
2971	return (taop);
2972	}
2973
2974	/*
2975	* Clear all the TAO cache entries, called from tcp_init.
2976	*
2977	* XXX
2978	* This routine is just an empty one, because we assume that the routing
2979	* routing tables are initialized at the same time when TCP, so there is
2980	* nothing in the cache left over.
2981	*/
2982	static void
2983	tcp_cleartaocache(void)
2984	{
2985	}
2986
2987	int
2988	tcp_lock(struct socket so, int* refcount, void *lr)
2989	{
2990	void *lr_saved;
2991
2992	if (lr == NULL)
2993	lr_saved = __builtin_return_address(`0`);
2994	else
2995	lr_saved = lr;
2996
2997	retry:
2998	if (so->so_pcb != NULL) {
2999	if (so->so_flags & SOF_MP_SUBFLOW) {
3000	struct mptcb *mp_tp = tptomptp(sototcpcb(so));
3001	VERIFY(mp_tp);
3002
3003	mpte_lock_assert_notheld(mp_tp->mpt_mpte);
3004
3005	mpte_lock(mp_tp->mpt_mpte);
3006
3007	/*
3008	* Check if we became non-MPTCP while waiting for the lock.
3009	* If yes, we have to retry to grab the right lock.
3010	*/
3011	if (!(so->so_flags & SOF_MP_SUBFLOW)) {
3012	mpte_unlock(mp_tp->mpt_mpte);
3013	goto retry;
3014	}
3015	} else {
3016	lck_mtx_lock(&((struct inpcb *)so->so_pcb)->inpcb_mtx);
3017
3018	if (so->so_flags & SOF_MP_SUBFLOW) {
3019	/*
3020	* While waiting for the lock, we might have
3021	* become MPTCP-enabled (see mptcp_subflow_socreate).
3022	*/
3023	lck_mtx_unlock(&((struct inpcb *)so->so_pcb)->inpcb_mtx);
3024	goto retry;
3025	}
3026	}
3027	} else {
3028	panic("tcp_lock: so=%p NO PCB! lr=%p lrh= %s\n",
3029	so, lr_saved, solockhistory_nr(so));
3030	/ NOTREACHED /
3031	}
3032
3033	if (so->so_usecount < `0`) {
3034	panic("tcp_lock: so=%p so_pcb=%p lr=%p ref=%x lrh= %s\n",
3035	so, so->so_pcb, lr_saved, so->so_usecount,
3036	solockhistory_nr(so));
3037	/ NOTREACHED /
3038	}
3039	if (refcount)
3040	so->so_usecount++;
3041	so->lock_lr[so->next_lock_lr] = lr_saved;
3042	so->next_lock_lr = (so->next_lock_lr+`1`) % SO_LCKDBG_MAX;
3043	return (`0`);
3044	}
3045
3046	int
3047	tcp_unlock(struct socket so, int* refcount, void *lr)
3048	{
3049	void *lr_saved;
3050
3051	if (lr == NULL)
3052	lr_saved = __builtin_return_address(`0`);
3053	else
3054	lr_saved = lr;
3055
3056	#ifdef MORE_TCPLOCK_DEBUG
3057	printf("tcp_unlock: so=0x%llx sopcb=0x%llx lock=0x%llx ref=%x "
3058	"lr=0x%llx\n", (uint64_t)VM_KERNEL_ADDRPERM(so),
3059	(uint64_t)VM_KERNEL_ADDRPERM(so->so_pcb),
3060	(uint64_t)VM_KERNEL_ADDRPERM(&(sotoinpcb(so)->inpcb_mtx)),
3061	so->so_usecount, (uint64_t)VM_KERNEL_ADDRPERM(lr_saved));
3062	#endif
3063	if (refcount)
3064	so->so_usecount--;
3065
3066	if (so->so_usecount < `0`) {
3067	panic("tcp_unlock: so=%p usecount=%x lrh= %s\n",
3068	so, so->so_usecount, solockhistory_nr(so));
3069	/ NOTREACHED /
3070	}
3071	if (so->so_pcb == NULL) {
3072	panic("tcp_unlock: so=%p NO PCB usecount=%x lr=%p lrh= %s\n",
3073	so, so->so_usecount, lr_saved, solockhistory_nr(so));
3074	/ NOTREACHED /
3075	} else {
3076	so->unlock_lr[so->next_unlock_lr] = lr_saved;
3077	so->next_unlock_lr = (so->next_unlock_lr+`1`) % SO_LCKDBG_MAX;
3078
3079	if (so->so_flags & SOF_MP_SUBFLOW) {
3080	struct mptcb *mp_tp = tptomptp(sototcpcb(so));
3081
3082	VERIFY(mp_tp);
3083	mpte_lock_assert_held(mp_tp->mpt_mpte);
3084
3085	mpte_unlock(mp_tp->mpt_mpte);
3086	} else {
3087	LCK_MTX_ASSERT(&((struct inpcb *)so->so_pcb)->inpcb_mtx,
3088	LCK_MTX_ASSERT_OWNED);
3089	lck_mtx_unlock(&((struct inpcb *)so->so_pcb)->inpcb_mtx);
3090	}
3091	}
3092	return (`0`);
3093	}
3094
3095	lck_mtx_t *
3096	tcp_getlock(struct socket so, int* flags)
3097	{
3098	struct inpcb *inp = sotoinpcb(so);
3099
3100	if (so->so_pcb) {
3101	if (so->so_usecount < `0`)
3102	panic("tcp_getlock: so=%p usecount=%x lrh= %s\n",
3103	so, so->so_usecount, solockhistory_nr(so));
3104
3105	if (so->so_flags & SOF_MP_SUBFLOW) {
3106	struct mptcb *mp_tp = tptomptp(sototcpcb(so));
3107
3108	return (mpte_getlock(mp_tp->mpt_mpte, flags));
3109	} else {
3110	return (&inp->inpcb_mtx);
3111	}
3112	} else {
3113	panic("tcp_getlock: so=%p NULL so_pcb %s\n",
3114	so, solockhistory_nr(so));
3115	return (so->so_proto->pr_domain->dom_mtx);
3116	}
3117	}
3118
3119	/*
3120	* Determine if we can grow the recieve socket buffer to avoid sending
3121	* a zero window update to the peer. We allow even socket buffers that
3122	* have fixed size (set by the application) to grow if the resource
3123	* constraints are met. They will also be trimmed after the application
3124	* reads data.
3125	*/
3126	static void
3127	tcp_sbrcv_grow_rwin(struct tcpcb tp, struct* sockbuf *sb)
3128	{
3129	u_int32_t rcvbufinc = tp->t_maxseg << `4`;
3130	u_int32_t rcvbuf = sb->sb_hiwat;
3131	struct socket *so = tp->t_inpcb->inp_socket;
3132
3133	if (tcp_recv_bg == `1` \|\| IS_TCP_RECV_BG(so))
3134	return;
3135	/*
3136	* If message delivery is enabled, do not count
3137	* unordered bytes in receive buffer towards hiwat
3138	*/
3139	if (so->so_flags & SOF_ENABLE_MSGS)
3140	rcvbuf = rcvbuf - so->so_msg_state->msg_uno_bytes;
3141
3142	if (tcp_do_autorcvbuf == `1` &&
3143	tcp_cansbgrow(sb) &&
3144	(tp->t_flags & TF_SLOWLINK) == `0` &&
3145	(so->so_flags1 & SOF1_EXTEND_BK_IDLE_WANTED) == `0` &&
3146	(rcvbuf - sb->sb_cc) < rcvbufinc &&
3147	rcvbuf < tcp_autorcvbuf_max &&
3148	(sb->sb_idealsize > `0` &&
3149	sb->sb_hiwat <= (sb->sb_idealsize + rcvbufinc))) {
3150	sbreserve(sb,
3151	min((sb->sb_hiwat + rcvbufinc), tcp_autorcvbuf_max));
3152	}
3153	}
3154
3155	int32_t
3156	tcp_sbspace(struct tcpcb *tp)
3157	{
3158	struct socket *so = tp->t_inpcb->inp_socket;
3159	struct sockbuf *sb = &so->so_rcv;
3160	u_int32_t rcvbuf;
3161	int32_t space;
3162	int32_t pending = `0`;
3163
3164	tcp_sbrcv_grow_rwin(tp, sb);
3165
3166	/ hiwat might have changed /
3167	rcvbuf = sb->sb_hiwat;
3168
3169	/*
3170	* If message delivery is enabled, do not count
3171	* unordered bytes in receive buffer towards hiwat mark.
3172	* This value is used to return correct rwnd that does
3173	* not reflect the extra unordered bytes added to the
3174	* receive socket buffer.
3175	*/
3176	if (so->so_flags & SOF_ENABLE_MSGS)
3177	rcvbuf = rcvbuf - so->so_msg_state->msg_uno_bytes;
3178
3179	space = ((int32_t) imin((rcvbuf - sb->sb_cc),
3180	(sb->sb_mbmax - sb->sb_mbcnt)));
3181	if (space < `0`)
3182	space = `0`;
3183
3184	#if CONTENT_FILTER
3185	/ Compensate for data being processed by content filters /
3186	pending = cfil_sock_data_space(sb);
3187	#endif /* CONTENT_FILTER */
3188	if (pending > space)
3189	space = `0`;
3190	else
3191	space -= pending;
3192
3193	/*
3194	* Avoid increasing window size if the current window
3195	* is already very low, we could be in "persist" mode and
3196	* we could break some apps (see rdar://5409343)
3197	*/
3198
3199	if (space < tp->t_maxseg)
3200	return (space);
3201
3202	/ Clip window size for slower link /
3203
3204	if (((tp->t_flags & TF_SLOWLINK) != `0`) && slowlink_wsize > `0`)
3205	return (imin(space, slowlink_wsize));
3206
3207	return (space);
3208	}
3209	/*
3210	* Checks TCP Segment Offloading capability for a given connection
3211	* and interface pair.
3212	*/
3213	void
3214	tcp_set_tso(struct tcpcb tp, struct* ifnet *ifp)
3215	{
3216	#if INET6
3217	struct inpcb *inp;
3218	int isipv6;
3219	#endif /* INET6 */
3220	#if MPTCP
3221	/*
3222	* We can't use TSO if this tcpcb belongs to an MPTCP session.
3223	*/
3224	if (tp->t_mpflags & TMPF_MPTCP_TRUE) {
3225	tp->t_flags &= ~TF_TSO;
3226	return;
3227	}
3228	#endif
3229	#if INET6
3230	inp = tp->t_inpcb;
3231	isipv6 = (inp->inp_vflag & INP_IPV6) != `0`;
3232
3233	if (isipv6) {
3234	if (ifp && (ifp->if_hwassist & IFNET_TSO_IPV6)) {
3235	tp->t_flags \|= TF_TSO;
3236	if (ifp->if_tso_v6_mtu != `0`)
3237	tp->tso_max_segment_size = ifp->if_tso_v6_mtu;
3238	else
3239	tp->tso_max_segment_size = TCP_MAXWIN;
3240	} else
3241	tp->t_flags &= ~TF_TSO;
3242
3243	} else
3244	#endif /* INET6 */
3245
3246	{
3247	if (ifp && (ifp->if_hwassist & IFNET_TSO_IPV4)) {
3248	tp->t_flags \|= TF_TSO;
3249	if (ifp->if_tso_v4_mtu != `0`)
3250	tp->tso_max_segment_size = ifp->if_tso_v4_mtu;
3251	else
3252	tp->tso_max_segment_size = TCP_MAXWIN;
3253	} else
3254	tp->t_flags &= ~TF_TSO;
3255	}
3256	}
3257
3258	#define TIMEVAL_TO_TCPHZ(_tv_) ((_tv_).tv_sec * TCP_RETRANSHZ + \
3259	(_tv_).tv_usec / TCP_RETRANSHZ_TO_USEC)
3260
3261	/*
3262	* Function to calculate the tcp clock. The tcp clock will get updated
3263	* at the boundaries of the tcp layer. This is done at 3 places:
3264	* 1. Right before processing an input tcp packet
3265	* 2. Whenever a connection wants to access the network using tcp_usrreqs
3266	* 3. When a tcp timer fires or before tcp slow timeout
3267	*
3268	*/
3269
3270	void
3271	calculate_tcp_clock(void)
3272	{
3273	struct timeval tv = tcp_uptime;
3274	struct timeval interval = {`0`, TCP_RETRANSHZ_TO_USEC};
3275	struct timeval now, hold_now;
3276	uint32_t incr = `0`;
3277
3278	microuptime(&now);
3279
3280	/*
3281	* Update coarse-grained networking timestamp (in sec.); the idea
3282	* is to update the counter returnable via net_uptime() when
3283	* we read time.
3284	*/
3285	net_update_uptime_with_time(&now);
3286
3287	timevaladd(&tv, &interval);
3288	if (timevalcmp(&now, &tv, >)) {
3289	/ time to update the clock /
3290	lck_spin_lock(tcp_uptime_lock);
3291	if (timevalcmp(&tcp_uptime, &now, >=)) {
3292	/ clock got updated while waiting for the lock /
3293	lck_spin_unlock(tcp_uptime_lock);
3294	return;
3295	}
3296
3297	microuptime(&now);
3298	hold_now = now;
3299	tv = tcp_uptime;
3300	timevalsub(&now, &tv);
3301
3302	incr = TIMEVAL_TO_TCPHZ(now);
3303	if (incr > `0`) {
3304	tcp_uptime = hold_now;
3305	tcp_now += incr;
3306	}
3307
3308	lck_spin_unlock(tcp_uptime_lock);
3309	}
3310	}
3311
3312	/*
3313	* Compute receive window scaling that we are going to request
3314	* for this connection based on sb_hiwat. Try to leave some
3315	* room to potentially increase the window size upto a maximum
3316	* defined by the constant tcp_autorcvbuf_max.
3317	*/
3318	void
3319	tcp_set_max_rwinscale(struct tcpcb tp, struct* socket so, struct* ifnet *ifp)
3320	{
3321	uint32_t maxsockbufsize;
3322	uint32_t rcvbuf_max;
3323
3324	if (!tcp_do_rfc1323) {
3325	tp->request_r_scale = `0`;
3326	return;
3327	}
3328
3329	/*
3330	* When we start a connection and don't know about the interface, set
3331	* the scaling factor simply to the max - we can always announce less.
3332	*/
3333	if (!ifp \|\| (IFNET_IS_CELLULAR(ifp) && (ifp->if_eflags & IFEF_3CA)))
3334	rcvbuf_max = (tcp_autorcvbuf_max << `1`);
3335	else
3336	rcvbuf_max = tcp_autorcvbuf_max;
3337
3338	tp->request_r_scale = max(tcp_win_scale, tp->request_r_scale);
3339	maxsockbufsize = ((so->so_rcv.sb_flags & SB_USRSIZE) != `0`) ?
3340	so->so_rcv.sb_hiwat : rcvbuf_max;
3341
3342	while (tp->request_r_scale < TCP_MAX_WINSHIFT &&
3343	(TCP_MAXWIN << tp->request_r_scale) < maxsockbufsize)
3344	tp->request_r_scale++;
3345	tp->request_r_scale = min(tp->request_r_scale, TCP_MAX_WINSHIFT);
3346
3347	}
3348
3349	int
3350	tcp_notsent_lowat_check(struct socket *so)
3351	{
3352	struct inpcb *inp = sotoinpcb(so);
3353	struct tcpcb *tp = NULL;
3354	int notsent = `0`;
3355
3356	if (inp != NULL) {
3357	tp = intotcpcb(inp);
3358	}
3359
3360	if (tp == NULL) {
3361	return (`0`);
3362	}
3363
3364	notsent = so->so_snd.sb_cc -
3365	(tp->snd_nxt - tp->snd_una);
3366
3367	/*
3368	* When we send a FIN or SYN, not_sent can be negative.
3369	* In that case also we need to send a write event to the
3370	* process if it is waiting. In the FIN case, it will
3371	* get an error from send because cantsendmore will be set.
3372	*/
3373	if (notsent <= tp->t_notsent_lowat) {
3374	return (`1`);
3375	}
3376
3377	/*
3378	* When Nagle's algorithm is not disabled, it is better
3379	* to wakeup the client until there is atleast one
3380	* maxseg of data to write.
3381	*/
3382	if ((tp->t_flags & TF_NODELAY) == `0` &&
3383	notsent > `0` && notsent < tp->t_maxseg) {
3384	return (`1`);
3385	}
3386	return (`0`);
3387	}
3388
3389	void
3390	tcp_rxtseg_insert(struct tcpcb *tp, tcp_seq start, tcp_seq end)
3391	{
3392	struct tcp_rxt_seg rxseg = NULL, prev = NULL, *next = NULL;
3393	u_int32_t rxcount = `0`;
3394
3395	if (SLIST_EMPTY(&tp->t_rxt_segments))
3396	tp->t_dsack_lastuna = tp->snd_una;
3397	/*
3398	* First check if there is a segment already existing for this
3399	* sequence space.
3400	*/
3401
3402	SLIST_FOREACH(rxseg, &tp->t_rxt_segments, rx_link) {
3403	if (SEQ_GT(rxseg->rx_start, start))
3404	break;
3405	prev = rxseg;
3406	}
3407	next = rxseg;
3408
3409	/ check if prev seg is for this sequence /
3410	if (prev != NULL && SEQ_LEQ(prev->rx_start, start) &&
3411	SEQ_GEQ(prev->rx_end, end)) {
3412	prev->rx_count++;
3413	return;
3414	}
3415
3416	/*
3417	* There are a couple of possibilities at this point.
3418	* 1. prev overlaps with the beginning of this sequence
3419	* 2. next overlaps with the end of this sequence
3420	* 3. there is no overlap.
3421	*/
3422
3423	if (prev != NULL && SEQ_GT(prev->rx_end, start)) {
3424	if (prev->rx_start == start && SEQ_GT(end, prev->rx_end)) {
3425	start = prev->rx_end + `1`;
3426	prev->rx_count++;
3427	} else {
3428	prev->rx_end = (start - `1`);
3429	rxcount = prev->rx_count;
3430	}
3431	}
3432
3433	if (next != NULL && SEQ_LT(next->rx_start, end)) {
3434	if (SEQ_LEQ(next->rx_end, end)) {
3435	end = next->rx_start - `1`;
3436	next->rx_count++;
3437	} else {
3438	next->rx_start = end + `1`;
3439	rxcount = next->rx_count;
3440	}
3441	}
3442	if (!SEQ_LT(start, end))
3443	return;
3444
3445	rxseg = (struct tcp_rxt_seg *) zalloc(tcp_rxt_seg_zone);
3446	if (rxseg == NULL) {
3447	return;
3448	}
3449	bzero(rxseg, sizeof(*rxseg));
3450	rxseg->rx_start = start;
3451	rxseg->rx_end = end;
3452	rxseg->rx_count = rxcount + `1`;
3453
3454	if (prev != NULL) {
3455	SLIST_INSERT_AFTER(prev, rxseg, rx_link);
3456	} else {
3457	SLIST_INSERT_HEAD(&tp->t_rxt_segments, rxseg, rx_link);
3458	}
3459	}
3460
3461	struct tcp_rxt_seg *
3462	tcp_rxtseg_find(struct tcpcb *tp, tcp_seq start, tcp_seq end)
3463	{
3464	struct tcp_rxt_seg *rxseg;
3465	if (SLIST_EMPTY(&tp->t_rxt_segments))
3466	return (NULL);
3467
3468	SLIST_FOREACH(rxseg, &tp->t_rxt_segments, rx_link) {
3469	if (SEQ_LEQ(rxseg->rx_start, start) &&
3470	SEQ_GEQ(rxseg->rx_end, end))
3471	return (rxseg);
3472	if (SEQ_GT(rxseg->rx_start, start))
3473	break;
3474	}
3475	return (NULL);
3476	}
3477
3478	void
3479	tcp_rxtseg_clean(struct tcpcb *tp)
3480	{
3481	struct tcp_rxt_seg rxseg, next;
3482
3483	SLIST_FOREACH_SAFE(rxseg, &tp->t_rxt_segments, rx_link, next) {
3484	SLIST_REMOVE(&tp->t_rxt_segments, rxseg,
3485	tcp_rxt_seg, rx_link);
3486	zfree(tcp_rxt_seg_zone, rxseg);
3487	}
3488	tp->t_dsack_lastuna = tp->snd_max;
3489	}
3490
3491	boolean_t
3492	tcp_rxtseg_detect_bad_rexmt(struct tcpcb *tp, tcp_seq th_ack)
3493	{
3494	boolean_t bad_rexmt;
3495	struct tcp_rxt_seg *rxseg;
3496
3497	if (SLIST_EMPTY(&tp->t_rxt_segments))
3498	return (FALSE);
3499
3500	/*
3501	* If all of the segments in this window are not cumulatively
3502	* acknowledged, then there can still be undetected packet loss.
3503	* Do not restore congestion window in that case.
3504	*/
3505	if (SEQ_LT(th_ack, tp->snd_recover))
3506	return (FALSE);
3507
3508	bad_rexmt = TRUE;
3509	SLIST_FOREACH(rxseg, &tp->t_rxt_segments, rx_link) {
3510	if (rxseg->rx_count > `1` \|\|
3511	!(rxseg->rx_flags & TCP_RXT_SPURIOUS)) {
3512	bad_rexmt = FALSE;
3513	break;
3514	}
3515	}
3516	return (bad_rexmt);
3517	}
3518
3519	boolean_t
3520	tcp_rxtseg_dsack_for_tlp(struct tcpcb *tp)
3521	{
3522	boolean_t dsack_for_tlp = FALSE;
3523	struct tcp_rxt_seg *rxseg;
3524	if (SLIST_EMPTY(&tp->t_rxt_segments))
3525	return (FALSE);
3526
3527	SLIST_FOREACH(rxseg, &tp->t_rxt_segments, rx_link) {
3528	if (rxseg->rx_count == `1` &&
3529	SLIST_NEXT(rxseg, rx_link) == NULL &&
3530	(rxseg->rx_flags & TCP_RXT_DSACK_FOR_TLP)) {
3531	dsack_for_tlp = TRUE;
3532	break;
3533	}
3534	}
3535	return (dsack_for_tlp);
3536	}
3537
3538	u_int32_t
3539	tcp_rxtseg_total_size(struct tcpcb *tp)
3540	{
3541	struct tcp_rxt_seg *rxseg;
3542	u_int32_t total_size = `0`;
3543
3544	SLIST_FOREACH(rxseg, &tp->t_rxt_segments, rx_link) {
3545	total_size += (rxseg->rx_end - rxseg->rx_start) + `1`;
3546	}
3547	return (total_size);
3548	}
3549
3550	void
3551	tcp_get_connectivity_status(struct tcpcb *tp,
3552	struct tcp_conn_status *connstatus)
3553	{
3554	if (tp == NULL \|\| connstatus == NULL)
3555	return;
3556	bzero(connstatus, sizeof(*connstatus));
3557	if (tp->t_rxtshift >= TCP_CONNECTIVITY_PROBES_MAX) {
3558	if (TCPS_HAVEESTABLISHED(tp->t_state)) {
3559	connstatus->write_probe_failed = `1`;
3560	} else {
3561	connstatus->conn_probe_failed = `1`;
3562	}
3563	}
3564	if (tp->t_rtimo_probes >= TCP_CONNECTIVITY_PROBES_MAX)
3565	connstatus->read_probe_failed = `1`;
3566	if (tp->t_inpcb != NULL && tp->t_inpcb->inp_last_outifp != NULL &&
3567	(tp->t_inpcb->inp_last_outifp->if_eflags & IFEF_PROBE_CONNECTIVITY))
3568	connstatus->probe_activated = `1`;
3569	}
3570
3571	boolean_t
3572	tfo_enabled(const struct tcpcb *tp)
3573	{
3574	return ((tp->t_flagsext & TF_FASTOPEN)? TRUE : FALSE);
3575	}
3576
3577	void
3578	tcp_disable_tfo(struct tcpcb *tp)
3579	{
3580	tp->t_flagsext &= ~TF_FASTOPEN;
3581	}
3582
3583	static struct mbuf *
3584	tcp_make_keepalive_frame(struct tcpcb tp, struct* ifnet *ifp,
3585	boolean_t is_probe)
3586	{
3587	struct inpcb *inp = tp->t_inpcb;
3588	struct tcphdr *th;
3589	u_int8_t *data;
3590	int win = `0`;
3591	struct mbuf *m;
3592
3593	/*
3594	* The code assumes the IP + TCP headers fit in an mbuf packet header
3595	*/
3596	_CASSERT(sizeof(struct ip) + sizeof(struct tcphdr) <= _MHLEN);
3597	_CASSERT(sizeof(struct ip6_hdr) + sizeof(struct tcphdr) <= _MHLEN);
3598
3599	MGETHDR(m, M_WAIT, MT_HEADER);
3600	if (m == NULL) {
3601	return (NULL);
3602	}
3603	m->m_pkthdr.pkt_proto = IPPROTO_TCP;
3604
3605	data = mbuf_datastart(m);
3606
3607	if (inp->inp_vflag & INP_IPV4) {
3608	bzero(data, sizeof(struct ip) + sizeof(struct tcphdr));
3609	th = (struct tcphdr )(void* ) (data + sizeof(struct* ip));
3610	m->m_len = sizeof(struct ip) + sizeof(struct tcphdr);
3611	m->m_pkthdr.len = m->m_len;
3612	} else {
3613	VERIFY(inp->inp_vflag & INP_IPV6);
3614
3615	bzero(data, sizeof(struct ip6_hdr)
3616	+ sizeof(struct tcphdr));
3617	th = (struct tcphdr )(void* )(data + sizeof(struct* ip6_hdr));
3618	m->m_len = sizeof(struct ip6_hdr) +
3619	sizeof(struct tcphdr);
3620	m->m_pkthdr.len = m->m_len;
3621	}
3622
3623	tcp_fillheaders(tp, data, th);
3624
3625	if (inp->inp_vflag & INP_IPV4) {
3626	struct ip *ip;
3627
3628	ip = (__typeof__(ip))(void *)data;
3629
3630	ip->ip_id = rfc6864 ? `0` : ip_randomid();
3631	ip->ip_off = htons(IP_DF);
3632	ip->ip_len = htons(sizeof(struct ip) + sizeof(struct tcphdr));
3633	ip->ip_ttl = inp->inp_ip_ttl;
3634	ip->ip_tos \|= (inp->inp_ip_tos & ~IPTOS_ECN_MASK);
3635	ip->ip_sum = in_cksum_hdr(ip);
3636	} else {
3637	struct ip6_hdr *ip6;
3638
3639	ip6 = (__typeof__(ip6))(void *)data;
3640
3641	ip6->ip6_plen = htons(sizeof(struct tcphdr));
3642	ip6->ip6_hlim = in6_selecthlim(inp, ifp);
3643	ip6->ip6_flow = ip6->ip6_flow & ~IPV6_FLOW_ECN_MASK;
3644
3645	if (IN6_IS_SCOPE_EMBED(&ip6->ip6_src))
3646	ip6->ip6_src.s6_addr16[`1`] = `0`;
3647	if (IN6_IS_SCOPE_EMBED(&ip6->ip6_dst))
3648	ip6->ip6_dst.s6_addr16[`1`] = `0`;
3649	}
3650	th->th_flags = TH_ACK;
3651
3652	win = tcp_sbspace(tp);
3653	if (win > ((int32_t)TCP_MAXWIN << tp->rcv_scale))
3654	win = (int32_t)TCP_MAXWIN << tp->rcv_scale;
3655	th->th_win = htons((u_short) (win >> tp->rcv_scale));
3656
3657	if (is_probe) {
3658	th->th_seq = htonl(tp->snd_una - `1`);
3659	} else {
3660	th->th_seq = htonl(tp->snd_una);
3661	}
3662	th->th_ack = htonl(tp->rcv_nxt);
3663
3664	/ Force recompute TCP checksum to be the final value /
3665	th->th_sum = `0`;
3666	if (inp->inp_vflag & INP_IPV4) {
3667	th->th_sum = inet_cksum(m, IPPROTO_TCP,
3668	sizeof(struct ip), sizeof(struct tcphdr));
3669	} else {
3670	th->th_sum = inet6_cksum(m, IPPROTO_TCP,
3671	sizeof(struct ip6_hdr), sizeof(struct tcphdr));
3672	}
3673
3674	return (m);
3675	}
3676
3677	void
3678	tcp_fill_keepalive_offload_frames(ifnet_t ifp,
3679	struct ifnet_keepalive_offload_frame *frames_array,
3680	u_int32_t frames_array_count, size_t frame_data_offset,
3681	u_int32_t *used_frames_count)
3682	{
3683	struct inpcb *inp;
3684	inp_gen_t gencnt;
3685	u_int32_t frame_index = *used_frames_count;
3686
3687	if (ifp == NULL \|\| frames_array == NULL \|\|
3688	frames_array_count == `0` \|\|
3689	frame_index >= frames_array_count \|\|
3690	frame_data_offset >= IFNET_KEEPALIVE_OFFLOAD_FRAME_DATA_SIZE)
3691	return;
3692
3693	/*
3694	* This function is called outside the regular TCP processing
3695	* so we need to update the TCP clock.
3696	*/
3697	calculate_tcp_clock();
3698
3699	lck_rw_lock_shared(tcbinfo.ipi_lock);
3700	gencnt = tcbinfo.ipi_gencnt;
3701	LIST_FOREACH(inp, tcbinfo.ipi_listhead, inp_list) {
3702	struct socket *so;
3703	struct ifnet_keepalive_offload_frame *frame;
3704	struct mbuf *m = NULL;
3705	struct tcpcb *tp = intotcpcb(inp);
3706
3707	if (frame_index >= frames_array_count)
3708	break;
3709
3710	if (inp->inp_gencnt > gencnt \|\|
3711	inp->inp_state == INPCB_STATE_DEAD)
3712	continue;
3713
3714	if ((so = inp->inp_socket) == NULL \|\|
3715	(so->so_state & SS_DEFUNCT))
3716	continue;
3717	/*
3718	* check for keepalive offload flag without socket
3719	* lock to avoid a deadlock
3720	*/
3721	if (!(inp->inp_flags2 & INP2_KEEPALIVE_OFFLOAD)) {
3722	continue;
3723	}
3724
3725	if (!(inp->inp_vflag & (INP_IPV4 \| INP_IPV6))) {
3726	continue;
3727	}
3728	if (inp->inp_ppcb == NULL \|\|
3729	in_pcb_checkstate(inp, WNT_ACQUIRE, `0`) == WNT_STOPUSING)
3730	continue;
3731	socket_lock(so, `1`);
3732	/ Release the want count /
3733	if (inp->inp_ppcb == NULL \|\|
3734	(in_pcb_checkstate(inp, WNT_RELEASE, `1`) == WNT_STOPUSING)) {
3735	socket_unlock(so, `1`);
3736	continue;
3737	}
3738	if ((inp->inp_vflag & INP_IPV4) &&
3739	(inp->inp_laddr.s_addr == INADDR_ANY \|\|
3740	inp->inp_faddr.s_addr == INADDR_ANY)) {
3741	socket_unlock(so, `1`);
3742	continue;
3743	}
3744	if ((inp->inp_vflag & INP_IPV6) &&
3745	(IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) \|\|
3746	IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr))) {
3747	socket_unlock(so, `1`);
3748	continue;
3749	}
3750	if (inp->inp_lport == `0` \|\| inp->inp_fport == `0`) {
3751	socket_unlock(so, `1`);
3752	continue;
3753	}
3754	if (inp->inp_last_outifp == NULL \|\|
3755	inp->inp_last_outifp->if_index != ifp->if_index) {
3756	socket_unlock(so, `1`);
3757	continue;
3758	}
3759	if ((inp->inp_vflag & INP_IPV4) && frame_data_offset +
3760	sizeof(struct ip) + sizeof(struct tcphdr) >
3761	IFNET_KEEPALIVE_OFFLOAD_FRAME_DATA_SIZE) {
3762	socket_unlock(so, `1`);
3763	continue;
3764	} else if (!(inp->inp_vflag & INP_IPV4) && frame_data_offset +
3765	sizeof(struct ip6_hdr) + sizeof(struct tcphdr) >
3766	IFNET_KEEPALIVE_OFFLOAD_FRAME_DATA_SIZE) {
3767	socket_unlock(so, `1`);
3768	continue;
3769	}
3770	/*
3771	* There is no point in waking up the device for connections
3772	* that are not established. Long lived connection are meant
3773	* for processes that will sent and receive data
3774	*/
3775	if (tp->t_state != TCPS_ESTABLISHED) {
3776	socket_unlock(so, `1`);
3777	continue;
3778	}
3779	/*
3780	* This inp has all the information that is needed to
3781	* generate an offload frame.
3782	*/
3783	frame = &frames_array[frame_index];
3784	frame->type = IFNET_KEEPALIVE_OFFLOAD_FRAME_TCP;
3785	frame->ether_type = (inp->inp_vflag & INP_IPV4) ?
3786	IFNET_KEEPALIVE_OFFLOAD_FRAME_ETHERTYPE_IPV4 :
3787	IFNET_KEEPALIVE_OFFLOAD_FRAME_ETHERTYPE_IPV6;
3788	frame->interval = tp->t_keepidle > `0` ? tp->t_keepidle :
3789	tcp_keepidle;
3790	frame->keep_cnt = TCP_CONN_KEEPCNT(tp);
3791	frame->keep_retry = TCP_CONN_KEEPINTVL(tp);
3792	frame->local_port = ntohs(inp->inp_lport);
3793	frame->remote_port = ntohs(inp->inp_fport);
3794	frame->local_seq = tp->snd_nxt;
3795	frame->remote_seq = tp->rcv_nxt;
3796	if (inp->inp_vflag & INP_IPV4) {
3797	frame->length = frame_data_offset +
3798	sizeof(struct ip) + sizeof(struct tcphdr);
3799	frame->reply_length = frame->length;
3800
3801	frame->addr_length = sizeof(struct in_addr);
3802	bcopy(&inp->inp_laddr, frame->local_addr,
3803	sizeof(struct in_addr));
3804	bcopy(&inp->inp_faddr, frame->remote_addr,
3805	sizeof(struct in_addr));
3806	} else {
3807	struct in6_addr *ip6;
3808
3809	frame->length = frame_data_offset +
3810	sizeof(struct ip6_hdr) + sizeof(struct tcphdr);
3811	frame->reply_length = frame->length;
3812
3813	frame->addr_length = sizeof(struct in6_addr);
3814	ip6 = (struct in6_addr )(void* *)frame->local_addr;
3815	bcopy(&inp->in6p_laddr, ip6, sizeof(struct in6_addr));
3816	if (IN6_IS_SCOPE_EMBED(ip6))
3817	ip6->s6_addr16[`1`] = `0`;
3818
3819	ip6 = (struct in6_addr )(void* *)frame->remote_addr;
3820	bcopy(&inp->in6p_faddr, ip6, sizeof(struct in6_addr));
3821	if (IN6_IS_SCOPE_EMBED(ip6))
3822	ip6->s6_addr16[`1`] = `0`;
3823	}
3824
3825	/*
3826	* First the probe
3827	*/
3828	m = tcp_make_keepalive_frame(tp, ifp, TRUE);
3829	if (m == NULL) {
3830	socket_unlock(so, `1`);
3831	continue;
3832	}
3833	bcopy(m->m_data, frame->data + frame_data_offset,
3834	m->m_len);
3835	m_freem(m);
3836
3837	/*
3838	* Now the response packet to incoming probes
3839	*/
3840	m = tcp_make_keepalive_frame(tp, ifp, FALSE);
3841	if (m == NULL) {
3842	socket_unlock(so, `1`);
3843	continue;
3844	}
3845	bcopy(m->m_data, frame->reply_data + frame_data_offset,
3846	m->m_len);
3847	m_freem(m);
3848
3849	frame_index++;
3850	socket_unlock(so, `1`);
3851	}
3852	lck_rw_done(tcbinfo.ipi_lock);
3853	*used_frames_count = frame_index;
3854	}
3855
3856	errno_t
3857	tcp_notify_ack_id_valid(struct tcpcb tp, struct* socket *so,
3858	u_int32_t notify_id)
3859	{
3860	struct tcp_notify_ack_marker *elm;
3861
3862	if (so->so_snd.sb_cc == `0`)
3863	return (ENOBUFS);
3864
3865	SLIST_FOREACH(elm, &tp->t_notify_ack, notify_next) {
3866	/ Duplicate id is not allowed /
3867	if (elm->notify_id == notify_id)
3868	return (EINVAL);
3869	/ Duplicate position is not allowed /
3870	if (elm->notify_snd_una == tp->snd_una + so->so_snd.sb_cc)
3871	return (EINVAL);
3872	}
3873	return (`0`);
3874	}
3875
3876	errno_t
3877	tcp_add_notify_ack_marker(struct tcpcb *tp, u_int32_t notify_id)
3878	{
3879	struct tcp_notify_ack_marker nm, elm = NULL;
3880	struct socket *so = tp->t_inpcb->inp_socket;
3881
3882	MALLOC(nm, struct tcp_notify_ack_marker , sizeof* (*nm),
3883	M_TEMP, M_WAIT \| M_ZERO);
3884	if (nm == NULL)
3885	return (ENOMEM);
3886	nm->notify_id = notify_id;
3887	nm->notify_snd_una = tp->snd_una + so->so_snd.sb_cc;
3888
3889	SLIST_FOREACH(elm, &tp->t_notify_ack, notify_next) {
3890	if (SEQ_GT(nm->notify_snd_una, elm->notify_snd_una))
3891	break;
3892	}
3893
3894	if (elm == NULL) {
3895	VERIFY(SLIST_EMPTY(&tp->t_notify_ack));
3896	SLIST_INSERT_HEAD(&tp->t_notify_ack, nm, notify_next);
3897	} else {
3898	SLIST_INSERT_AFTER(elm, nm, notify_next);
3899	}
3900	tp->t_notify_ack_count++;
3901	return (`0`);
3902	}
3903
3904	void
3905	tcp_notify_ack_free(struct tcpcb *tp)
3906	{
3907	struct tcp_notify_ack_marker elm, next;
3908	if (SLIST_EMPTY(&tp->t_notify_ack))
3909	return;
3910
3911	SLIST_FOREACH_SAFE(elm, &tp->t_notify_ack, notify_next, next) {
3912	SLIST_REMOVE(&tp->t_notify_ack, elm, tcp_notify_ack_marker,
3913	notify_next);
3914	FREE(elm, M_TEMP);
3915	}
3916	SLIST_INIT(&tp->t_notify_ack);
3917	tp->t_notify_ack_count = `0`;
3918	}
3919
3920	inline void
3921	tcp_notify_acknowledgement(struct tcpcb tp, struct* socket *so)
3922	{
3923	struct tcp_notify_ack_marker *elm;
3924
3925	elm = SLIST_FIRST(&tp->t_notify_ack);
3926	if (SEQ_GEQ(tp->snd_una, elm->notify_snd_una)) {
3927	soevent(so, SO_FILT_HINT_LOCKED \| SO_FILT_HINT_NOTIFY_ACK);
3928	}
3929	}
3930
3931	void
3932	tcp_get_notify_ack_count(struct tcpcb *tp,
3933	struct tcp_notify_ack_complete *retid)
3934	{
3935	struct tcp_notify_ack_marker *elm;
3936	size_t complete = `0`;
3937
3938	SLIST_FOREACH(elm, &tp->t_notify_ack, notify_next) {
3939	if (SEQ_GEQ(tp->snd_una, elm->notify_snd_una))
3940	complete++;
3941	else
3942	break;
3943	}
3944	retid->notify_pending = tp->t_notify_ack_count - complete;
3945	retid->notify_complete_count = min(TCP_MAX_NOTIFY_ACK, complete);
3946	}
3947
3948	void
3949	tcp_get_notify_ack_ids(struct tcpcb *tp,
3950	struct tcp_notify_ack_complete *retid)
3951	{
3952	size_t i = `0`;
3953	struct tcp_notify_ack_marker elm, next;
3954
3955	SLIST_FOREACH_SAFE(elm, &tp->t_notify_ack, notify_next, next) {
3956	if (i >= retid->notify_complete_count)
3957	break;
3958	if (SEQ_GEQ(tp->snd_una, elm->notify_snd_una)) {
3959	retid->notify_complete_id[i++] = elm->notify_id;
3960	SLIST_REMOVE(&tp->t_notify_ack, elm,
3961	tcp_notify_ack_marker, notify_next);
3962	FREE(elm, M_TEMP);
3963	tp->t_notify_ack_count--;
3964	} else {
3965	break;
3966	}
3967	}
3968	}
3969
3970	bool
3971	tcp_notify_ack_active(struct socket *so)
3972	{
3973	if ((SOCK_DOM(so) == PF_INET \|\| SOCK_DOM(so) == PF_INET6) &&
3974	SOCK_TYPE(so) == SOCK_STREAM) {
3975	struct tcpcb *tp = intotcpcb(sotoinpcb(so));
3976
3977	if (!SLIST_EMPTY(&tp->t_notify_ack)) {
3978	struct tcp_notify_ack_marker *elm;
3979	elm = SLIST_FIRST(&tp->t_notify_ack);
3980	if (SEQ_GEQ(tp->snd_una, elm->notify_snd_una))
3981	return (true);
3982	}
3983	}
3984	return (false);
3985	}
3986
3987	inline int32_t
3988	inp_get_sndbytes_allunsent(struct socket *so, u_int32_t th_ack)
3989	{
3990	struct inpcb *inp = sotoinpcb(so);
3991	struct tcpcb *tp = intotcpcb(inp);
3992
3993	if ((so->so_snd.sb_flags & SB_SNDBYTE_CNT) &&
3994	so->so_snd.sb_cc > `0`) {
3995	int32_t unsent, sent;
3996	sent = tp->snd_max - th_ack;
3997	if (tp->t_flags & TF_SENTFIN)
3998	sent--;
3999	unsent = so->so_snd.sb_cc - sent;
4000	return (unsent);
4001	}
4002	return (`0`);
4003	}
4004
4005	#define IFP_PER_FLOW_STAT(_ipv4_, _stat_) { \
4006	if (_ipv4_) { \
4007	ifp->if_ipv4_stat->_stat_++; \
4008	} else { \
4009	ifp->if_ipv6_stat->_stat_++; \
4010	} \
4011	}
4012
4013	#define FLOW_ECN_ENABLED(_flags_) \
4014	((_flags_ & (TE_ECN_ON)) == (TE_ECN_ON))
4015
4016	void tcp_update_stats_per_flow(struct ifnet_stats_per_flow *ifs,
4017	struct ifnet *ifp)
4018	{
4019	if (ifp == NULL \|\| !IF_FULLY_ATTACHED(ifp))
4020	return;
4021
4022	ifnet_lock_shared(ifp);
4023	if (ifs->ecn_flags & TE_SETUPSENT) {
4024	if (ifs->ecn_flags & TE_CLIENT_SETUP) {
4025	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_client_setup);
4026	if (FLOW_ECN_ENABLED(ifs->ecn_flags)) {
4027	IFP_PER_FLOW_STAT(ifs->ipv4,
4028	ecn_client_success);
4029	} else if (ifs->ecn_flags & TE_LOST_SYN) {
4030	IFP_PER_FLOW_STAT(ifs->ipv4,
4031	ecn_syn_lost);
4032	} else {
4033	IFP_PER_FLOW_STAT(ifs->ipv4,
4034	ecn_peer_nosupport);
4035	}
4036	} else {
4037	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_server_setup);
4038	if (FLOW_ECN_ENABLED(ifs->ecn_flags)) {
4039	IFP_PER_FLOW_STAT(ifs->ipv4,
4040	ecn_server_success);
4041	} else if (ifs->ecn_flags & TE_LOST_SYN) {
4042	IFP_PER_FLOW_STAT(ifs->ipv4,
4043	ecn_synack_lost);
4044	} else {
4045	IFP_PER_FLOW_STAT(ifs->ipv4,
4046	ecn_peer_nosupport);
4047	}
4048	}
4049	} else {
4050	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_off_conn);
4051	}
4052	if (FLOW_ECN_ENABLED(ifs->ecn_flags)) {
4053	if (ifs->ecn_flags & TE_RECV_ECN_CE) {
4054	tcpstat.tcps_ecn_conn_recv_ce++;
4055	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_conn_recv_ce);
4056	}
4057	if (ifs->ecn_flags & TE_RECV_ECN_ECE) {
4058	tcpstat.tcps_ecn_conn_recv_ece++;
4059	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_conn_recv_ece);
4060	}
4061	if (ifs->ecn_flags & (TE_RECV_ECN_CE \| TE_RECV_ECN_ECE)) {
4062	if (ifs->txretransmitbytes > `0` \|\|
4063	ifs->rxoutoforderbytes > `0`) {
4064	tcpstat.tcps_ecn_conn_pl_ce++;
4065	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_conn_plce);
4066	} else {
4067	tcpstat.tcps_ecn_conn_nopl_ce++;
4068	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_conn_noplce);
4069	}
4070	} else {
4071	if (ifs->txretransmitbytes > `0` \|\|
4072	ifs->rxoutoforderbytes > `0`) {
4073	tcpstat.tcps_ecn_conn_plnoce++;
4074	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_conn_plnoce);
4075	}
4076	}
4077	}
4078
4079	/ Other stats are interesting for non-local connections only /
4080	if (ifs->local) {
4081	ifnet_lock_done(ifp);
4082	return;
4083	}
4084
4085	if (ifs->ipv4) {
4086	ifp->if_ipv4_stat->timestamp = net_uptime();
4087	if (FLOW_ECN_ENABLED(ifs->ecn_flags)) {
4088	tcp_flow_ecn_perf_stats(ifs, &ifp->if_ipv4_stat->ecn_on);
4089	} else {
4090	tcp_flow_ecn_perf_stats(ifs, &ifp->if_ipv4_stat->ecn_off);
4091	}
4092	} else {
4093	ifp->if_ipv6_stat->timestamp = net_uptime();
4094	if (FLOW_ECN_ENABLED(ifs->ecn_flags)) {
4095	tcp_flow_ecn_perf_stats(ifs, &ifp->if_ipv6_stat->ecn_on);
4096	} else {
4097	tcp_flow_ecn_perf_stats(ifs, &ifp->if_ipv6_stat->ecn_off);
4098	}
4099	}
4100
4101	if (ifs->rxmit_drop) {
4102	if (FLOW_ECN_ENABLED(ifs->ecn_flags)) {
4103	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_on.rxmit_drop);
4104	} else {
4105	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_off.rxmit_drop);
4106	}
4107	}
4108	if (ifs->ecn_fallback_synloss)
4109	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_fallback_synloss);
4110	if (ifs->ecn_fallback_droprst)
4111	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_fallback_droprst);
4112	if (ifs->ecn_fallback_droprxmt)
4113	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_fallback_droprxmt);
4114	if (ifs->ecn_fallback_ce)
4115	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_fallback_ce);
4116	if (ifs->ecn_fallback_reorder)
4117	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_fallback_reorder);
4118	if (ifs->ecn_recv_ce > `0`)
4119	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_recv_ce);
4120	if (ifs->ecn_recv_ece > `0`)
4121	IFP_PER_FLOW_STAT(ifs->ipv4, ecn_recv_ece);
4122
4123	tcp_flow_lim_stats(ifs, &ifp->if_lim_stat);
4124	ifnet_lock_done(ifp);
4125	}
4126

Browse the source code of xnu/bsd/netinet/tcp_subr.c