Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2954 lines
99 KiB

// -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
//
// Copyright (c) 1985-2000 Microsoft Corporation
//
// This file is part of the Microsoft Research IPv6 Network Protocol Stack.
// You should have received a copy of the Microsoft End-User License Agreement
// for this software along with this release; see the file "license.txt".
// If not, please see http://www.research.microsoft.com/msripv6/license.htm,
// or write to Microsoft Research, One Microsoft Way, Redmond, WA 98052-6399.
//
// Abstract:
//
// Code for TCP connection management.
//
// This file contains the code handling TCP connection related requests,
// such as connecting and disconnecting.
//
#include "oscfg.h"
#include "ndis.h"
#include "ip6imp.h"
#include "ip6def.h"
#include "tdi.h"
#include "tdint.h"
#include "tdistat.h"
#include "queue.h"
#include "transprt.h"
#include "addr.h"
#include "tcp.h"
#include "tcb.h"
#include "tcpconn.h"
#include "tcpsend.h"
#include "tcprcv.h"
#include "tcpdeliv.h"
#include "info.h"
#include "tcpcfg.h"
#include "route.h"
#include "security.h"
#include "tcpmd5.h"
#include "md5.h"
#include "crypto\rc4.h"
SLIST_HEADER ConnReqFree; // Connection request free list.
//
// ISN globals.
//
#define ISN_KEY_SIZE 256 // 2048 bits.
#define ISN_DEF_RAND_STORE_SIZE 256
#define ISN_MIN_RAND_STORE_SIZE 1
#define ISN_MAX_RAND_STORE_SIZE 16384
typedef struct _ISN_RAND_STORE {
MD5_CONTEXT Md5Context;
ulong iBuf;
ushort* pBuf;
} ISN_RAND_STORE, *PISN_RAND_STORE;
RC4_KEYSTRUCT ISNRC4Key;
PISN_RAND_STORE ISNStore;
uint ISNStoreSize = ISN_DEF_RAND_STORE_SIZE;
uint ISNStoreMask;
SeqNum ISNMonotonicPortion = 0;
int ISNCredits;
int ISNLastIsnUpdateTime;
int ISNMaxCredits;
extern PDRIVER_OBJECT TCPDriverObject;
KSPIN_LOCK ConnReqFreeLock; // Lock to protect conn req free list.
uint NumConnReq; // Current number of ConnReqs.
uint MaxConnReq = 0xffffffff; // Maximum allowed number of ConnReqs.
uint ConnPerBlock = MAX_CONN_PER_BLOCK;
uint NextConnBlock = 0; // Cached index of next unfilled block.
uint MaxAllocatedConnBlocks = 0; // Current number of blocks in the
// ConnTable.
TCPConnBlock **ConnTable = NULL; // The current connection table.
KSPIN_LOCK ConnTableLock;
extern KSPIN_LOCK AddrObjTableLock;
extern KSPIN_LOCK TCBTableLock;
extern void RemoveConnFromAO(AddrObj *AO, TCPConn *Conn);
//
// All of the init code can be discarded.
//
#ifdef ALLOC_PRAGMA
int InitTCPConn(void);
int InitISNGenerator(void);
void UnloadISNGenerator(void);
int GetRandBits();
uint GetDeltaTime();
#pragma alloc_text(INIT, InitTCPConn)
#pragma alloc_text(INIT, InitISNGenerator)
#pragma alloc_text(PAGE, UnloadISNGenerator)
#endif // ALLOC_PRAGMA
void CompleteConnReq(TCB *CmpltTCB, TDI_STATUS Status);
//* UnloadISNGenerator - Unload the support for the ISN generator.
//
// Called when we are unloading the driver.
//
void // Returns: Nothing.
UnloadISNGenerator(void)
{
CCHAR i;
ASSERT(ISNStore);
for (i = 0; i < KeNumberProcessors; i++) {
if (ISNStore[i].pBuf != NULL) {
ExFreePool(ISNStore[i].pBuf);
ISNStore[i].pBuf = NULL;
}
}
ExFreePool(ISNStore);
ISNStore = NULL;
}
//* InitISNGenerator - Initialize the support for the ISN generator.
//
// Called when the driver is loaded. Get 2048 bits of randomness and
// use them to create an RC4 key.
//
int //Returns: TRUE if successful.
InitISNGenerator(void)
{
ULONG cBits = 0;
ULONG i;
ULONG cProcs = KeNumberProcessors;
ULONG ISNRandomValue;
unsigned char pBuf[ISN_KEY_SIZE];
//
// Start with the credits that would last for 1 tick.
//
ISNMaxCredits = ISNCredits = MAX_ISN_INCREMENTABLE_CONNECTIONS_PER_100MS;
ISNLastIsnUpdateTime = (int)X100NSTOMS(KeQueryInterruptTime());
if (!GetSystemRandomBits(pBuf, ISN_KEY_SIZE)) {
return FALSE;
}
//
// Generate the key control structure.
//
rc4_key(&ISNRC4Key, ISN_KEY_SIZE, pBuf);
//
// Initalialize the current sequence number to a random value.
//
rc4(&ISNRC4Key, sizeof(SeqNum), (uchar*)&ISNMonotonicPortion);
//
// Obtain a random value to be used along with the invariants to compute
// the MD5 hash.
//
rc4(&ISNRC4Key, sizeof(ISNRandomValue), (uchar*)&ISNRandomValue);
//
// Round down the store size to power of 2. Verify in range.
//
while ((ISNStoreSize = ISNStoreSize >> 1) != 0) {
cBits++;
}
ISNStoreSize = 1 << cBits;
if (ISNStoreSize < ISN_MIN_RAND_STORE_SIZE ||
ISNStoreSize > ISN_MAX_RAND_STORE_SIZE) {
ISNStoreSize = ISN_DEF_RAND_STORE_SIZE;
}
//
// The mask is store size - 1.
//
ISNStoreMask = ISNStoreSize - 1;
//
// Initialize the random ISN store. One array/index per processor.
//
ISNStore = ExAllocatePool(NonPagedPool, cProcs * sizeof(ISN_RAND_STORE));
if (ISNStore == NULL) {
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_RARE,
"Tcpip: failed to allocate ISN rand store\n"));
return FALSE;
}
RtlZeroMemory(ISNStore, sizeof(ISN_RAND_STORE) * cProcs);
for (i = 0; i < cProcs; i++) {
ISNStore[i].pBuf = ExAllocatePool(NonPagedPool,
sizeof(ushort) * ISNStoreSize);
if (ISNStore[i].pBuf == NULL) {
goto error1;
}
rc4(&ISNRC4Key,
sizeof(ushort) * ISNStoreSize,
(uchar*)ISNStore[i].pBuf);
//
// Initialize structures required to call the MD5 transform.
//
MD5InitializeData(&ISNStore[i].Md5Context, ISNRandomValue);
}
return TRUE;
error1:
UnloadISNGenerator();
return FALSE;
}
//* GetRandomISN - Gets a random Initial Sequence Number.
//
// Called when an Initial Sequence Number (ISN) is needed. Calls crypto
// functions for random number generation.
//
void // Returns: Nothing.
GetRandomISN(
SeqNum *Seq, // Returned sequence number
uchar *TcbInvariants) // Connection invariants
{
ulong randbits;
ulong iProc;
PMD5_CONTEXT Md5Context;
//
// Raise IRQL to DISPATCH so that we don't get swapped out while accessing
// the processor specific array. Check to see if already at DISPATCH
// before doing the work.
//
ASSERT(KeGetCurrentIrql() >= DISPATCH_LEVEL);
iProc = KeGetCurrentProcessorNumber();
//
// Add the random number only if the number of connections that can
// increment the sequence number within this time period is non zero.
// [Note: This could make the ISNCredits less than 0, but it is not a
// problem].
//
if ((ISNCredits > 0) && (InterlockedDecrement((PLONG)&ISNCredits) > 0)) {
randbits = GetRandBits();
//
// We want to add between 16K and 32K of random, so adjust. There are
// 15 bits of randomness, just ensure that the high order bit is set
// and we have >= 16K and <= (32K-1)::14bits of randomness.
//
randbits &= 0x7FFF;
randbits |= 0x4000;
} else {
int Delta = GetDeltaTime();
if (Delta > 0) {
randbits = GetRandBits();
//
// We can add anywhere from 256 to 512 per ms.
//
randbits &= 0x1FF;
randbits |= 0x100;
randbits *= Delta;
} else {
randbits = 0;
}
}
//
// Update global CurISN. InterlockedExchangeAdd returns initial value
// (not the added value).
//
*Seq = InterlockedExchangeAdd((PLONG)&ISNMonotonicPortion, randbits);
//
// Move the invariants from the connection.
//
Md5Context = &ISNStore[iProc].Md5Context;
MD5InitializeScratch(Md5Context);
RtlCopyMemory(Md5Context->Data, TcbInvariants, TCP_MD5_DATA_LENGTH);
TransformMD5(Md5Context->Scratch, Md5Context->Data);
//
// Add the Invariant hash to the sequence number.
//
*Seq += (ULONG)(Md5Context->Scratch[0]);
return;
}
//* GetRandBits
//
// Returns 16 random bits from the random number array generated using RC4.
// When the store is exhausted, it will be replenished.
//
int // Returns: 16 bits of random data.
GetRandBits()
{
ulong iStore;
int randbits;
ulong iProc = KeGetCurrentProcessorNumber();
//
// Get index into the random store. Mask performs mod operation.
//
iStore = ++ISNStore[iProc].iBuf & ISNStoreMask;
ASSERT(iStore < ISNStoreSize);
randbits = ISNStore[iProc].pBuf[iStore];
if (iStore == 0) {
rc4(&ISNRC4Key,
sizeof(ushort) * ISNStoreSize,
(uchar*) ISNStore[iProc].pBuf);
}
return randbits;
}
//* GetRandBits
//
// Tracks the time-based updates of ISN. It will return the time elapsed since
// the last time this function was called. This would be used by the caller to
// increment the ISN by an appropriate amount. Note that the maximum value
// is function returns is 200 MS.
//
uint // Returns: Delta time in milli-seconds.
GetDeltaTime()
{
//
// If the time has changed since the ISN was updated last time, it
// can be incremented now.
//
int PreviousUpdateTime, Delta;
int CurrentUpdateTime = (int)X100NSTOMS(KeQueryInterruptTime());
PreviousUpdateTime = InterlockedExchange((PLONG)&ISNLastIsnUpdateTime,
CurrentUpdateTime);
Delta = CurrentUpdateTime - PreviousUpdateTime;
if (Delta > 0) {
return MIN(Delta, 200);
} else {
return 0;
}
}
//
// Routines for handling conn refcount going to 0.
//
//* DummyDone - Called when nothing to do.
//
// Called with TCPConnBlock.cb_lock held.
//
void // Returns: Nothing.
DummyDone(TCPConn *Conn, // Connection going to 0.
KIRQL PreLockIrql) // IRQL prior to TCPConnBlock.cb_lock acquisition.
{
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, PreLockIrql);
}
//* DummyCmplt - Dummy close completion routine.
void
DummyCmplt(PVOID Dummy1, uint Dummy2, uint Dummy3)
{
UNREFERENCED_PARAMETER(Dummy1);
UNREFERENCED_PARAMETER(Dummy2);
UNREFERENCED_PARAMETER(Dummy3);
}
//* CloseDone - Called when we need to complete a close.
//
// Called with TCPConnBlock.cb_lock held.
//
void // Returns: Nothing.
CloseDone(TCPConn *Conn, // Connection going to 0.
KIRQL Irql0) // IRQL prior to TCPConnBlock.cb_lock acquisition.
{
RequestCompleteRoutine Rtn; // Completion routine.
PVOID Context; // User context for completion routine.
AddrObj *AO;
KIRQL Irql1, Irql2;
ASSERT(Conn->tc_flags & CONN_CLOSING);
Rtn = Conn->tc_rtn;
Context = Conn->tc_rtncontext;
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql0);
KeAcquireSpinLock(&AddrObjTableLock, &Irql0);
KeAcquireSpinLock(&Conn->tc_ConnBlock->cb_lock, &Irql1);
if ((AO = Conn->tc_ao) != NULL) {
CHECK_STRUCT(AO, ao);
// It's associated.
KeAcquireSpinLock(&AO->ao_lock, &Irql2);
RemoveConnFromAO(AO, Conn);
// We've pulled him from the AO, we can free the lock now.
KeReleaseSpinLock(&AO->ao_lock, Irql2);
}
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql1);
KeReleaseSpinLock(&AddrObjTableLock, Irql0);
ExFreePool(Conn);
(*Rtn)(Context, TDI_SUCCESS, 0);
}
//* DisassocDone - Called when we need to complete a disassociate.
//
// Called with TCPConnBlock.cb_lock held.
//
void // Returns: Nothing.
DisassocDone(TCPConn *Conn, // Connection going to 0.
KIRQL Irql0) // IRQL prior to TCPConnBlock.cb_lock acquisition.
{
RequestCompleteRoutine Rtn; // Completion routine.
PVOID Context; // User context for completion routine.
AddrObj *AO;
uint NeedClose = FALSE;
KIRQL Irql1, Irql2;
ASSERT(Conn->tc_flags & CONN_DISACC);
ASSERT(!(Conn->tc_flags & CONN_CLOSING));
ASSERT(Conn->tc_refcnt == 0);
Rtn = Conn->tc_rtn;
Context = Conn->tc_rtncontext;
Conn->tc_refcnt = 1;
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql0);
KeAcquireSpinLock(&AddrObjTableLock, &Irql0);
KeAcquireSpinLock(&Conn->tc_ConnBlock->cb_lock, &Irql1);
if (!(Conn->tc_flags & CONN_CLOSING)) {
AO = Conn->tc_ao;
if (AO != NULL) {
KeAcquireSpinLock(&AO->ao_lock, &Irql2);
RemoveConnFromAO(AO, Conn);
KeReleaseSpinLock(&AO->ao_lock, Irql2);
}
ASSERT(Conn->tc_refcnt == 1);
Conn->tc_flags &= ~CONN_DISACC;
} else
NeedClose = TRUE;
Conn->tc_refcnt = 0;
KeReleaseSpinLock(&AddrObjTableLock, Irql1);
if (NeedClose) {
CloseDone(Conn, Irql0);
} else {
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql0);
(*Rtn)(Context, TDI_SUCCESS, 0);
}
}
//* FreeConnReq - Free a connection request structure.
//
// Called to free a connection request structure.
//
void // Returns: Nothing.
FreeConnReq(
TCPConnReq *FreedReq) // Connection request structure to be freed.
{
PSLIST_ENTRY BufferLink;
CHECK_STRUCT(FreedReq, tcr);
BufferLink = CONTAINING_RECORD(&(FreedReq->tcr_req.tr_q.q_next),
SLIST_ENTRY, Next);
ExInterlockedPushEntrySList(&ConnReqFree, BufferLink, &ConnReqFreeLock);
}
//* GetConnReq - Get a connection request structure.
//
// Called to get a connection request structure.
//
TCPConnReq * // Returns: Pointer to ConnReq structure, or NULL if none.
GetConnReq(void) // Nothing.
{
TCPConnReq *Temp;
PSLIST_ENTRY BufferLink;
Queue *QueuePtr;
TCPReq *ReqPtr;
BufferLink = ExInterlockedPopEntrySList(&ConnReqFree, &ConnReqFreeLock);
if (BufferLink != NULL) {
QueuePtr = CONTAINING_RECORD(BufferLink, Queue, q_next);
ReqPtr = CONTAINING_RECORD(QueuePtr, TCPReq, tr_q);
Temp = CONTAINING_RECORD(ReqPtr, TCPConnReq, tcr_req);
CHECK_STRUCT(Temp, tcr);
} else {
if (NumConnReq < MaxConnReq)
Temp = ExAllocatePool(NonPagedPool, sizeof(TCPConnReq));
else
Temp = NULL;
if (Temp != NULL) {
ExInterlockedAddUlong((PULONG)&NumConnReq, 1, &ConnReqFreeLock);
#if DBG
Temp->tcr_req.tr_sig = tr_signature;
Temp->tcr_sig = tcr_signature;
#endif
}
}
return Temp;
}
//* GetConnFromConnID - Get a Connection from a connection ID.
//
// Called to obtain a Connection pointer from a ConnID. We don't actually
// check the connection pointer here, but we do bounds check the input ConnID
// and make sure the instance fields match.
// If successful, returns with TCPConnBlock.cb_lock held.
//
TCPConn * // Returns: Pointer to the TCPConn, or NULL.
GetConnFromConnID(
uint ConnID, // Connection ID to find a pointer for.
KIRQL* Irql) // Receives IRQL prior to TCPConnBlock.cb_lock acquisition.
{
uint ConnIndex = CONN_INDEX(ConnID);
uint ConnBlockId = CONN_BLOCKID(ConnID);
TCPConn *MatchingConn = NULL;
TCPConnBlock *ConnBlock;
if (ConnIndex < MAX_CONN_PER_BLOCK && ConnBlockId < MaxAllocatedConnBlocks) {
ConnBlock = ConnTable[ConnBlockId];
if (ConnBlock) {
MatchingConn = ConnBlock->cb_conn[ConnIndex];
}
if (MatchingConn != NULL) {
KeAcquireSpinLock(&ConnBlock->cb_lock, Irql);
//
// Revalidate under lock that the conn is still in conn table.
//
MatchingConn = ConnBlock->cb_conn[ConnIndex];
if (MatchingConn != NULL) {
CHECK_STRUCT(MatchingConn, tc);
if (MatchingConn->tc_inst != CONN_INST(ConnID)) {
MatchingConn = NULL;
KeReleaseSpinLock(&ConnBlock->cb_lock, *Irql);
}
} else {
KeReleaseSpinLock(&ConnBlock->cb_lock, *Irql);
}
}
} else
MatchingConn = NULL;
return MatchingConn;
}
//* GetConnID - Get a ConnTable slot.
//
// Called during OpenConnection to find a free slot in the ConnTable and
// set it up with a connection.
// If successful, returns with TCPConnBlock.cb_lock held.
//
uint // Returns: A ConnId to use.
GetConnID(
TCPConn *NewConn, // Connection to enter into slot.
KIRQL *Irql0) // Receives IRQL prior to TCPConnBlock.cb_lock
// acquisition.
{
uint CurrConnID = NewConn->tc_connid;
uint i, j, BlockID, ConnIndex;
//
// If NewConn contains a valid ConnID and that location is unoccupied,
// reuse it.
//
if (CurrConnID != INVALID_CONN_ID &&
!NewConn->tc_ConnBlock->cb_conn[CONN_INDEX(CurrConnID)]) {
KeAcquireSpinLock(&NewConn->tc_ConnBlock->cb_lock, Irql0);
//
// Reconfirm under lock that the location is unoccupied and, if so,
// claim it.
//
if (!NewConn->tc_ConnBlock->cb_conn[CONN_INDEX(CurrConnID)]) {
NewConn->tc_ConnBlock->cb_conn[CONN_INDEX(CurrConnID)] = NewConn;
NewConn->tc_ConnBlock->cb_freecons--;
NewConn->tc_inst = NewConn->tc_ConnBlock->cb_conninst++;
NewConn->tc_connid = MAKE_CONN_ID(CONN_INDEX(CurrConnID),
NewConn->tc_ConnBlock->cb_blockid,
NewConn->tc_inst);
return NewConn->tc_connid;
}
KeReleaseSpinLock(&NewConn->tc_ConnBlock->cb_lock, *Irql0);
}
//
// NewConn's last spot is taken; search from the block from which
// a ConnID was claimed most recently.
//
if (MaxAllocatedConnBlocks) {
//
// Capture the global counters without acquiring the lock.
//
uint TempMaxAllocatedConnBlocks = MaxAllocatedConnBlocks;
uint TempNextConnBlock = NextConnBlock;
for (i = 0; i < TempMaxAllocatedConnBlocks; i++) {
BlockID = (TempNextConnBlock + i) % TempMaxAllocatedConnBlocks;
if (!ConnTable[BlockID] || !ConnTable[BlockID]->cb_freecons) {
continue;
}
//
// Reconfirm under lock that the TCPConnBlock has free slots.
//
KeAcquireSpinLock(&ConnTable[BlockID]->cb_lock, Irql0);
if (!ConnTable[BlockID]->cb_freecons) {
KeReleaseSpinLock(&ConnTable[BlockID]->cb_lock, *Irql0);
continue;
}
for (j = 0; j < MAX_CONN_PER_BLOCK; j++) {
ConnIndex = (ConnTable[BlockID]->cb_nextfree + j) %
MAX_CONN_PER_BLOCK;
if (ConnTable[BlockID]->cb_conn[ConnIndex]) {
continue;
}
//
// Found the free slot; fill it in.
//
ConnTable[BlockID]->cb_conn[ConnIndex] = NewConn;
ConnTable[BlockID]->cb_nextfree = ConnIndex + 1;
ConnTable[BlockID]->cb_freecons--;
if (!ConnTable[BlockID]->cb_freecons) {
InterlockedCompareExchange((PLONG)&NextConnBlock,
TempNextConnBlock,
TempNextConnBlock + 1);
}
NewConn->tc_ConnBlock = ConnTable[BlockID];
NewConn->tc_inst = ConnTable[BlockID]->cb_conninst++;
NewConn->tc_connid = MAKE_CONN_ID(ConnIndex, BlockID,
NewConn->tc_inst);
return NewConn->tc_connid;
}
KeReleaseSpinLock(&ConnTable[BlockID]->cb_lock, *Irql0);
}
}
//
// The entire table is occupied; if we have room to grow,
// allocate a new block.
//
KeAcquireSpinLock(&ConnTableLock, Irql0);
if (MaxAllocatedConnBlocks < MaxConnBlocks) {
TCPConnBlock* ConnBlock;
BlockID = MaxAllocatedConnBlocks;
ConnBlock = ExAllocatePool(NonPagedPool, sizeof(TCPConnBlock));
if (ConnBlock) {
RtlZeroMemory(ConnBlock, sizeof(TCPConnBlock));
KeInitializeSpinLock(&ConnBlock->cb_lock);
KeAcquireSpinLockAtDpcLevel(&ConnBlock->cb_lock);
ConnBlock->cb_blockid = BlockID;
ConnBlock->cb_freecons = MAX_CONN_PER_BLOCK - 1;
ConnBlock->cb_nextfree = 1;
ConnBlock->cb_conninst = 2;
ConnBlock->cb_conn[0] = NewConn;
NewConn->tc_ConnBlock = ConnBlock;
NewConn->tc_inst = 1;
NewConn->tc_connid = MAKE_CONN_ID(0, BlockID, NewConn->tc_inst);
ConnTable[BlockID] = ConnBlock;
InterlockedIncrement((PLONG)&MaxAllocatedConnBlocks);
KeReleaseSpinLockFromDpcLevel(&ConnTableLock);
return NewConn->tc_connid;
}
}
KeReleaseSpinLock(&ConnTableLock, *Irql0);
return INVALID_CONN_ID;
}
//* FreeConnID - Free a ConnTable slot.
//
// Called when we're done with a ConnID. We assume the caller holds the lock
// on the TCPConnBlock when we are called.
//
void // Returns: Nothing.
FreeConnID(
TCPConn *Conn) // Conn to be freed.
{
uint ConnIndex = CONN_INDEX(Conn->tc_connid); // Index into conn table.
uint BlockID = CONN_BLOCKID(Conn->tc_connid);
TCPConnBlock* ConnBlock = Conn->tc_ConnBlock;
ASSERT(ConnIndex < MAX_CONN_PER_BLOCK);
ASSERT(BlockID < MaxAllocatedConnBlocks);
ASSERT(ConnBlock->cb_conn[ConnIndex] != NULL);
if (ConnBlock->cb_conn[ConnIndex]) {
ConnBlock->cb_conn[ConnIndex] = NULL;
ConnBlock->cb_freecons++;
ConnBlock->cb_nextfree = ConnIndex;
ASSERT(ConnBlock->cb_freecons <= MAX_CONN_PER_BLOCK);
} else {
ABORT();
}
}
//* MapIPError - Map an IP error to a TDI error.
//
// Called to map an input IP error code to a TDI error code. If we can't,
// we return the provided default.
//
TDI_STATUS // Returns: Mapped TDI error.
MapIPError(
IP_STATUS IPError, // Error code to be mapped.
TDI_STATUS Default) // Default error code to return.
{
switch (IPError) {
case IP_DEST_NO_ROUTE:
return TDI_DEST_NET_UNREACH;
case IP_DEST_ADDR_UNREACHABLE:
return TDI_DEST_HOST_UNREACH;
case IP_UNRECOGNIZED_NEXT_HEADER:
return TDI_DEST_PROT_UNREACH;
case IP_DEST_PORT_UNREACHABLE:
return TDI_DEST_PORT_UNREACH;
default:
return Default;
}
}
//* FinishRemoveTCBFromConn - Finish removing a TCB from a conn structure.
//
// Called when we have the locks we need and we just want to pull the
// TCB off the connection.
//
void // Returns: Nothing.
FinishRemoveTCBFromConn(
TCB *RemovedTCB) // TCB to be removed.
{
TCPConn *Conn;
AddrObj *AO;
KIRQL Irql;
TCPConnBlock *ConnBlock = NULL;
if (((Conn = RemovedTCB->tcb_conn) != NULL) &&
(Conn->tc_tcb == RemovedTCB)) {
CHECK_STRUCT(Conn, tc);
ConnBlock = Conn->tc_ConnBlock;
KeAcquireSpinLock(&ConnBlock->cb_lock, &Irql);
AO = Conn->tc_ao;
if (AO != NULL) {
KeAcquireSpinLockAtDpcLevel(&AO->ao_lock);
if (AO_VALID(AO)) {
KeAcquireSpinLockAtDpcLevel(&RemovedTCB->tcb_lock);
// Need to double check this is still correct.
if (Conn == RemovedTCB->tcb_conn) {
// Everything still looks good.
REMOVEQ(&Conn->tc_q);
PUSHQ(&AO->ao_idleq, &Conn->tc_q);
} else
Conn = RemovedTCB->tcb_conn;
} else {
KeAcquireSpinLockAtDpcLevel(&RemovedTCB->tcb_lock);
Conn = RemovedTCB->tcb_conn;
}
KeReleaseSpinLockFromDpcLevel(&AO->ao_lock);
} else {
KeAcquireSpinLockAtDpcLevel(&RemovedTCB->tcb_lock);
Conn = RemovedTCB->tcb_conn;
}
if (Conn != NULL) {
if (Conn->tc_tcb == RemovedTCB)
Conn->tc_tcb = NULL;
else
ASSERT(Conn->tc_tcb == NULL);
}
KeReleaseSpinLockFromDpcLevel(&RemovedTCB->tcb_lock);
KeReleaseSpinLock(&ConnBlock->cb_lock, Irql);
}
}
//* RemoveTCBFromConn - Remove a TCB from a Conn structure.
//
// Called when we need to disassociate a TCB from a connection structure.
// All we do is get the appropriate locks and call FinishRemoveTCBFromConn.
//
void // Returns: Nothing.
RemoveTCBFromConn(
TCB *RemovedTCB) // TCB to be removed.
{
CHECK_STRUCT(RemovedTCB, tcb);
FinishRemoveTCBFromConn(RemovedTCB);
}
//* RemoveConnFromTCB - Remove a conn from a TCB.
//
// Called when we want to break the final association between a connection
// and a TCB.
//
void // Returns: Nothing.
RemoveConnFromTCB(
TCB *RemoveTCB) // TCB to be removed.
{
ConnDoneRtn DoneRtn = NULL;
KIRQL Irql = 0;
TCPConn *Conn;
if ((Conn = RemoveTCB->tcb_conn) != NULL) {
KeAcquireSpinLock(&Conn->tc_ConnBlock->cb_lock, &Irql);
KeAcquireSpinLockAtDpcLevel(&RemoveTCB->tcb_lock);
CHECK_STRUCT(Conn, tc);
if (--(Conn->tc_refcnt) == 0)
DoneRtn = Conn->tc_donertn;
RemoveTCB->tcb_conn = NULL;
KeReleaseSpinLockFromDpcLevel(&RemoveTCB->tcb_lock);
}
if (DoneRtn != NULL)
(*DoneRtn)(Conn, Irql);
else if (Conn) {
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql);
}
}
//* CloseTCB - Close a TCB.
//
// Called when we are done with a TCB, and want to free it. We'll remove
// him from any tables that he's in, and destroy any outstanding requests.
//
void // Returns: Nothing.
CloseTCB(
TCB *ClosedTCB, // TCB to be closed.
KIRQL OldIrql) // IRQL prior to acquiring TCB lock.
{
uchar OrigState = ClosedTCB->tcb_state;
TDI_STATUS Status;
uint OKToFree;
CHECK_STRUCT(ClosedTCB, tcb);
ASSERT(ClosedTCB->tcb_refcnt == 0);
ASSERT(ClosedTCB->tcb_state != TCB_CLOSED);
ASSERT(ClosedTCB->tcb_pending & DEL_PENDING);
//
// We'll check to make sure that our state isn't CLOSED. This should never
// happen, since nobody should call TryToCloseTCB when the state is
// closed, or take the reference count if we're closing. Nevertheless,
// we'll double check as a safety measure.
//
if (ClosedTCB->tcb_state == TCB_CLOSED) {
KeReleaseSpinLock(&ClosedTCB->tcb_lock, OldIrql);
return;
}
//
// Update SNMP counters. If we're in SYN-SENT or SYN-RCVD, this is a
// failed connection attempt. If we're in ESTABLISED or CLOSE-WAIT,
// treat this as an 'Established Reset' event.
//
if (ClosedTCB->tcb_state == TCB_SYN_SENT ||
ClosedTCB->tcb_state == TCB_SYN_RCVD)
TStats.ts_attemptfails++;
else
if (ClosedTCB->tcb_state == TCB_ESTAB ||
ClosedTCB->tcb_state == TCB_CLOSE_WAIT) {
TStats.ts_estabresets++;
InterlockedDecrement((PLONG)&TStats.ts_currestab);
ASSERT(*(int *)&TStats.ts_currestab >= 0);
}
ClosedTCB->tcb_state = TCB_CLOSED;
KeReleaseSpinLockFromDpcLevel(&ClosedTCB->tcb_lock);
//
// Remove the TCB from it's associated TCPConn structure, if it has one.
//
FinishRemoveTCBFromConn(ClosedTCB);
KeAcquireSpinLockAtDpcLevel(&TCBTableLock);
KeAcquireSpinLockAtDpcLevel(&ClosedTCB->tcb_lock);
OKToFree = RemoveTCB(ClosedTCB);
//
// He's been pulled from the appropriate places so nobody can find him.
// Free the locks, and proceed to destroy any requests, etc.
//
KeReleaseSpinLockFromDpcLevel(&ClosedTCB->tcb_lock);
KeReleaseSpinLock(&TCBTableLock, OldIrql);
if ((SYNC_STATE(OrigState) || OrigState == TCB_SYN_RCVD) &&
!GRACEFUL_CLOSED_STATE(OrigState)) {
if (ClosedTCB->tcb_flags & NEED_RST)
SendRSTFromTCB(ClosedTCB);
}
//
// Release our references on our NTE and RCE.
// We won't be sending anymore on this TCB.
//
if (ClosedTCB->tcb_nte != NULL)
ReleaseNTE(ClosedTCB->tcb_nte);
if (ClosedTCB->tcb_rce != NULL)
ReleaseRCE(ClosedTCB->tcb_rce);
if (ClosedTCB->tcb_closereason & TCB_CLOSE_RST)
Status = TDI_CONNECTION_RESET;
else if (ClosedTCB->tcb_closereason & TCB_CLOSE_ABORTED)
Status = TDI_CONNECTION_ABORTED;
else if (ClosedTCB->tcb_closereason & TCB_CLOSE_TIMEOUT)
Status = MapIPError(ClosedTCB->tcb_error, TDI_TIMED_OUT);
else if (ClosedTCB->tcb_closereason & TCB_CLOSE_REFUSED)
Status = TDI_CONN_REFUSED;
else if (ClosedTCB->tcb_closereason & TCB_CLOSE_UNREACH)
Status = MapIPError(ClosedTCB->tcb_error, TDI_DEST_UNREACHABLE);
else
Status = TDI_SUCCESS;
//
// Now complete any outstanding requests on the TCB.
//
if (ClosedTCB->tcb_abortreq != NULL) {
TCPAbortReq* AbortReq = ClosedTCB->tcb_abortreq;
(*AbortReq->tar_rtn)(AbortReq->tar_context, TDI_SUCCESS, 0);
}
if (ClosedTCB->tcb_connreq != NULL) {
TCPConnReq *ConnReq = ClosedTCB->tcb_connreq;
CHECK_STRUCT(ConnReq, tcr);
(*ConnReq->tcr_req.tr_rtn)(ConnReq->tcr_req.tr_context, Status, 0);
FreeConnReq(ConnReq);
}
if (ClosedTCB->tcb_discwait != NULL) {
TCPConnReq *ConnReq = ClosedTCB->tcb_discwait;
CHECK_STRUCT(ConnReq, tcr);
(*ConnReq->tcr_req.tr_rtn)(ConnReq->tcr_req.tr_context, Status, 0);
FreeConnReq(ConnReq);
}
while (!EMPTYQ(&ClosedTCB->tcb_sendq)) {
TCPReq *Req;
TCPSendReq *SendReq;
long Result;
DEQUEUE(&ClosedTCB->tcb_sendq, Req, TCPReq, tr_q);
CHECK_STRUCT(Req, tr);
SendReq = (TCPSendReq *)Req;
CHECK_STRUCT(SendReq, tsr);
//
// Set the status before dropping the ref count.
//
SendReq->tsr_req.tr_status = Status;
//
// Decrement the initial reference put on the buffer when it was
// allocated. This reference would have been decremented if the
// send had been acknowledged, but then the send would not still
// be on the tcb_sendq.
//
Result = InterlockedDecrement(&(SendReq->tsr_refcnt));
ASSERT(Result >= 0);
if (Result <= 0) {
// If we've sent directly from this send, NULL out the next
// pointer for the last buffer in the chain.
if (SendReq->tsr_lastbuf != NULL) {
NDIS_BUFFER_LINKAGE(SendReq->tsr_lastbuf) = NULL;
SendReq->tsr_lastbuf = NULL;
}
(*Req->tr_rtn)(Req->tr_context, Status, 0);
FreeSendReq(SendReq);
}
}
while (ClosedTCB->tcb_rcvhead != NULL) {
TCPRcvReq *RcvReq;
RcvReq = ClosedTCB->tcb_rcvhead;
CHECK_STRUCT(RcvReq, trr);
ClosedTCB->tcb_rcvhead = RcvReq->trr_next;
(*RcvReq->trr_rtn)(RcvReq->trr_context, Status, 0);
FreeRcvReq(RcvReq);
}
while (ClosedTCB->tcb_exprcv != NULL) {
TCPRcvReq *RcvReq;
RcvReq = ClosedTCB->tcb_exprcv;
CHECK_STRUCT(RcvReq, trr);
ClosedTCB->tcb_exprcv = RcvReq->trr_next;
(*RcvReq->trr_rtn)(RcvReq->trr_context, Status, 0);
FreeRcvReq(RcvReq);
}
if (ClosedTCB->tcb_pendhead != NULL)
FreePacketChain(ClosedTCB->tcb_pendhead);
if (ClosedTCB->tcb_urgpending != NULL)
FreePacketChain(ClosedTCB->tcb_urgpending);
while (ClosedTCB->tcb_raq != NULL) {
TCPRAHdr *Hdr;
Hdr = ClosedTCB->tcb_raq;
CHECK_STRUCT(Hdr, trh);
ClosedTCB->tcb_raq = Hdr->trh_next;
if (Hdr->trh_buffer != NULL)
FreePacketChain(Hdr->trh_buffer);
ExFreePool(Hdr);
}
RemoveConnFromTCB(ClosedTCB);
if (OKToFree) {
FreeTCB(ClosedTCB);
} else {
KeAcquireSpinLock(&TCBTableLock, &OldIrql);
ClosedTCB->tcb_walkcount--;
if (ClosedTCB->tcb_walkcount == 0) {
FreeTCB(ClosedTCB);
}
KeReleaseSpinLock(&TCBTableLock, OldIrql);
}
}
//* TryToCloseTCB - Try to close a TCB.
//
// Called when we need to close a TCB, but don't know if we can.
// If the reference count is 0, we'll call CloseTCB to deal with it.
// Otherwise we'll set the DELETE_PENDING bit and deal with it when the
// ref. count goes to 0. We assume the TCB is locked when we are called.
//
void // Returns: Nothing.
TryToCloseTCB (
TCB *ClosedTCB, // TCB to be closed.
uchar Reason, // Reason we're closing.
KIRQL PreLockIrql) // IRQL prior to acquiring the TCB lock.
{
CHECK_STRUCT(ClosedTCB, tcb);
ASSERT(ClosedTCB->tcb_state != TCB_CLOSED);
ClosedTCB->tcb_closereason |= Reason;
if (ClosedTCB->tcb_pending & DEL_PENDING) {
KeReleaseSpinLock(&ClosedTCB->tcb_lock, PreLockIrql);
return;
}
ClosedTCB->tcb_pending |= DEL_PENDING;
ClosedTCB->tcb_slowcount++;
ClosedTCB->tcb_fastchk |= TCP_FLAG_SLOW;
if (ClosedTCB->tcb_refcnt == 0)
CloseTCB(ClosedTCB, PreLockIrql);
else {
KeReleaseSpinLock(&ClosedTCB->tcb_lock, PreLockIrql);
}
}
//* DerefTCB - Dereference a TCB.
//
// Called when we're done with a TCB, and want to let exclusive user
// have a shot. We dec. the refcount, and if it goes to zero and there
// are pending actions, we'll perform one of the pending actions.
//
void // Returns: Nothing.
DerefTCB(
TCB *DoneTCB, // TCB to be dereffed.
KIRQL PreLockIrql) // IRQL prior to acquiring the TCB lock.
{
ASSERT(DoneTCB->tcb_refcnt != 0);
if (--DoneTCB->tcb_refcnt == 0) {
if (DoneTCB->tcb_pending == 0) {
KeReleaseSpinLock(&DoneTCB->tcb_lock, PreLockIrql);
return;
} else {
if (DoneTCB->tcb_pending & RST_PENDING) {
DoneTCB->tcb_refcnt++;
NotifyOfDisc(DoneTCB, TDI_CONNECTION_RESET, &PreLockIrql);
KeAcquireSpinLock(&DoneTCB->tcb_lock, &PreLockIrql);
DerefTCB(DoneTCB, PreLockIrql);
return;
}
if (DoneTCB->tcb_pending & DEL_PENDING)
CloseTCB(DoneTCB, PreLockIrql);
else
DbgBreakPoint(); // Fatal condition.
return;
}
}
KeReleaseSpinLock(&DoneTCB->tcb_lock, PreLockIrql);
return;
}
//* CalculateMSSForTCB - Update MSS, etc. after PMTU changes.
//
// Calculate our connection's MSS based on our PMTU, the sizes
// of various headers, and the remote side's advertised MSS.
// It's expected that this routine will be called whenever
// our cached copy of the PMTU has been updated to a new value.
//
void
CalculateMSSForTCB(
TCB *ThisTCB) // The TCB we're running our calculations on.
{
uint PMTU;
IPSecProc *IPSecToDo;
uint TrailerLength = 0;
uint IPSecBytes = 0;
uint Dummy;
ASSERT(ThisTCB->tcb_pmtu != 0); // Should be set before entering.
ASSERT(ThisTCB->tcb_rce != NULL);
//
// First check that the PMTU size is reasonable. IP won't
// let it get below minimum, but we have our own maximum since
// currently TCP can only handle an MSS that fits in 16 bits.
// TBD: If we add IPv6 Jumbogram support, we should also add LFN
// TBD: support to TCP and change this to handle a larger MSS.
//
PMTU = ThisTCB->tcb_pmtu;
if (PMTU > 65535) {
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_RARE,
"TCPSend: PMTU update value too large %u\n", PMTU));
PMTU = 65535;
}
//
// Determine size of IPSec headers, if any.
//
IPSecToDo = OutboundSPLookup(&ThisTCB->tcb_saddr, &ThisTCB->tcb_daddr,
IP_PROTOCOL_TCP,
net_short(ThisTCB->tcb_sport),
net_short(ThisTCB->tcb_dport),
ThisTCB->tcb_rce->NTE->IF, &Dummy);
if (IPSecToDo != NULL) {
//
// Calculate the space needed for the IPSec headers.
//
IPSecBytes = IPSecBytesToInsert(IPSecToDo, &Dummy, &TrailerLength);
FreeIPSecToDo(IPSecToDo, IPSecToDo->BundleSize);
IPSecBytes += TrailerLength;
}
IF_TCPDBG(TCP_DEBUG_MSS) {
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
"CalculateMSSForTCB: IPSecBytes is %u\n", IPSecBytes));
}
//
// Subtract out the header sizes to yield the TCP MSS.
// If there is an ESP trailer on this connection, round down
// the MSS to allow the trailer to end on a 4-byte boundary.
//
PMTU -= sizeof(IPv6Header) + sizeof(TCPHeader) + IPSecBytes;
if (TrailerLength)
PMTU -= (PMTU & 3);
//
// Don't let MSS exceed what our peer advertised, regardless of how
// large the Path MTU is.
//
IF_TCPDBG(TCP_DEBUG_MSS) {
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
"CalculateMSSForTCB: Old MSS is %u ", ThisTCB->tcb_mss));
}
ThisTCB->tcb_mss = (ushort)MIN(PMTU, ThisTCB->tcb_remmss);
IF_TCPDBG(TCP_DEBUG_MSS) {
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
"New MSS is %u\n", ThisTCB->tcb_mss));
}
ASSERT(ThisTCB->tcb_mss != 0);
//
// We don't want our Congestion Window to be smaller than one maximum
// segment, so we may need to increase it when our MSS grows.
//
if (ThisTCB->tcb_cwin < ThisTCB->tcb_mss) {
ThisTCB->tcb_cwin = ThisTCB->tcb_mss;
//
// Make sure the slow start threshold is at
// least 2 segments.
//
if (ThisTCB->tcb_ssthresh < ((uint) ThisTCB->tcb_mss * 2)) {
ThisTCB->tcb_ssthresh = ThisTCB->tcb_mss * 2;
}
}
}
//** TdiOpenConnection - Open a connection.
//
// This is the TDI Open Connection entry point. We open a connection,
// and save the caller's connection context. A TCPConn structure is allocated
// here, but a TCB isn't allocated until the Connect or Listen is done.
//
TDI_STATUS // Returns: Status of attempt to open connection.
TdiOpenConnection(
PTDI_REQUEST Request, // This TDI request.
PVOID Context) // Connection context to be save for connection.
{
TCPConn *NewConn; // The newly opened connection.
KIRQL OldIrql; // Irql prior to acquiring TCPConnBlock lock.
uint ConnID; // New ConnID.
TDI_STATUS Status; // Status of this request.
NewConn = ExAllocatePool(NonPagedPool, sizeof(TCPConn));
if (NewConn != NULL) {
//
// We allocated a connection.
//
RtlZeroMemory(NewConn, sizeof(TCPConn));
#if DBG
NewConn->tc_sig = tc_signature;
#endif
NewConn->tc_tcb = NULL;
NewConn->tc_ao = NULL;
NewConn->tc_context = Context;
NewConn->tc_connid = INVALID_CONN_ID;
ConnID = GetConnID(NewConn, &OldIrql);
if (ConnID != INVALID_CONN_ID) {
//
// We successfully got a ConnID.
//
Request->Handle.ConnectionContext = (CONNECTION_CONTEXT)UIntToPtr(ConnID);
NewConn->tc_refcnt = 0;
NewConn->tc_flags = 0;
NewConn->tc_tcbflags = NAGLING | (BSDUrgent ? BSD_URGENT : 0);
if (DefaultRcvWin != 0) {
NewConn->tc_window = DefaultRcvWin;
NewConn->tc_flags |= CONN_WINSET;
} else
NewConn->tc_window = DEFAULT_RCV_WIN;
NewConn->tc_donertn = DummyDone;
NewConn->tc_owningpid = HandleToUlong(PsGetCurrentProcessId());
Status = TDI_SUCCESS;
KeReleaseSpinLock(&NewConn->tc_ConnBlock->cb_lock, OldIrql);
} else {
ExFreePool(NewConn);
Status = TDI_NO_RESOURCES;
}
return Status;
}
//
// Couldn't get a connection.
//
return TDI_NO_RESOURCES;
}
//* RemoveConnFromAO - Remove a connection from an AddrObj.
//
// A little utility routine to remove a connection from an AddrObj.
// We run down the connections on the AO, and when we find him we splice
// him out. We assume the caller holds the locks on the AddrObj and the
// TCPConnBlock lock.
//
void // Returns: Nothing.
RemoveConnFromAO(
AddrObj *AO, // AddrObj to remove from.
TCPConn *Conn) // Conn to remove.
{
CHECK_STRUCT(AO, ao);
CHECK_STRUCT(Conn, tc);
REMOVEQ(&Conn->tc_q);
Conn->tc_ao = NULL;
}
//* TdiCloseConnection - Close a connection.
//
// Called when the user is done with a connection, and wants to close it.
// We look the connection up in our table, and if we find it we'll remove
// the connection from the AddrObj it's associate with (if any). If there's
// a TCB associated with the connection we'll close it also.
//
// There are some interesting wrinkles related to closing while a TCB
// is still referencing the connection (i.e. tc_refcnt != 0) or while a
// disassociate address is in progress. See below for more details.
//
TDI_STATUS // Returns: Status of attempt to close.
TdiCloseConnection(
PTDI_REQUEST Request) // Request identifying connection to be closed.
{
uint ConnID = PtrToUlong(Request->Handle.ConnectionContext);
KIRQL Irql0;
TCPConn *Conn;
TDI_STATUS Status;
//
// We have the locks we need. Try to find a connection.
//
Conn = GetConnFromConnID(ConnID, &Irql0);
if (Conn != NULL) {
KIRQL Irql1;
TCB *ConnTCB;
//
// We found the connection. Free the ConnID and mark the connection
// as closing.
//
CHECK_STRUCT(Conn, tc);
FreeConnID(Conn);
Conn->tc_flags |= CONN_CLOSING;
//
// See if there's a TCB referencing this connection.
// If there is, we'll need to wait until he's done before closing him.
// We'll hurry the process along if we still have a pointer to him.
//
if (Conn->tc_refcnt != 0) {
RequestCompleteRoutine Rtn;
PVOID Context;
//
// A connection still references him. Save the current rtn stuff
// in case we are in the middle of disassociating him from an
// address, and store the caller's callback routine and our done
// routine.
//
Rtn = Conn->tc_rtn;
Context = Conn->tc_rtncontext;
Conn->tc_rtn = Request->RequestNotifyObject;
Conn->tc_rtncontext = Request->RequestContext;
Conn->tc_donertn = CloseDone;
//
// See if we're in the middle of disassociating him.
//
if (Conn->tc_flags & CONN_DISACC) {
//
// We are disassociating him. We'll free the conn table lock
// now and fail the disassociate request. Note that when
// we free the lock the refcount could go to zero. This is
// OK, because we've already stored the neccessary info. in
// the connection so the caller will get called back if it
// does. From this point out we return PENDING, so a callback
// is OK. We've marked him as closing, so the disassoc done
// routine will bail out if we've interrupted him. If the ref.
// count does go to zero, Conn->tc_tcb would have to be NULL,
// so in that case we'll just fall out of this routine.
//
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql0);
(*Rtn)(Context, (uint) TDI_REQ_ABORTED, 0);
KeAcquireSpinLock(&Conn->tc_ConnBlock->cb_lock, &Irql0);
}
ConnTCB = Conn->tc_tcb;
if (ConnTCB != NULL) {
CHECK_STRUCT(ConnTCB, tcb);
//
// We have a TCB. Take the lock on him and get ready to
// close him.
//
KeAcquireSpinLock(&ConnTCB->tcb_lock, &Irql1);
if (ConnTCB->tcb_state != TCB_CLOSED) {
ConnTCB->tcb_flags |= NEED_RST;
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql1);
if (!CLOSING(ConnTCB))
TryToCloseTCB(ConnTCB, TCB_CLOSE_ABORTED, Irql0);
else
KeReleaseSpinLock(&ConnTCB->tcb_lock, Irql0);
return TDI_PENDING;
} else {
//
// He's already closing. This should be harmless, but
// check this case.
//
KeReleaseSpinLock(&ConnTCB->tcb_lock, Irql1);
}
}
Status = TDI_PENDING;
} else {
//
// We have a connection that we can close. Finish the close.
//
Conn->tc_rtn = DummyCmplt;
CloseDone(Conn, Irql0);
return TDI_SUCCESS;
}
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql0);
} else
Status = TDI_INVALID_CONNECTION;
//
// We're done with the connection. Go ahead and free him.
//
return Status;
}
//* TdiAssociateAddress - Associate an address with a connection.
//
// Called to associate an address with a connection. We do a minimal
// amount of sanity checking, and then put the connection on the AddrObj's
// list.
//
TDI_STATUS // Returns: Status of attempt to associate.
TdiAssociateAddress(
PTDI_REQUEST Request, // Structure for this request.
HANDLE AddrHandle) // Address handle to associate connection with.
{
KIRQL Irql0, Irql1; // One per lock nesting level.
AddrObj *AO;
uint ConnID = PtrToUlong(Request->Handle.ConnectionContext);
TCPConn *Conn;
TDI_STATUS Status;
AO = (AddrObj *)AddrHandle;
CHECK_STRUCT(AO, ao);
Conn = GetConnFromConnID(ConnID, &Irql0);
KeAcquireSpinLock(&AO->ao_lock, &Irql1);
if (!AO_VALID(AO)) {
KeReleaseSpinLock(&AO->ao_lock, Irql1);
if (Conn != NULL) {
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql0);
}
return TDI_INVALID_PARAMETER;
}
if (Conn != NULL) {
CHECK_STRUCT(Conn, tc);
if (Conn->tc_ao != NULL) {
//
// It's already associated. Error out.
//
KdBreakPoint();
Status = TDI_ALREADY_ASSOCIATED;
} else {
Conn->tc_ao = AO;
ASSERT(Conn->tc_tcb == NULL);
PUSHQ(&AO->ao_idleq, &Conn->tc_q);
Status = TDI_SUCCESS;
}
KeReleaseSpinLock(&AO->ao_lock, Irql1);
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql0);
return Status;
} else
Status = TDI_INVALID_CONNECTION;
KeReleaseSpinLock(&AO->ao_lock, Irql1);
return Status;
}
//* TdiDisAssociateAddress - Disassociate a connection from an address.
//
// The TDI entry point to disassociate a connection from an address. The
// connection must actually be associated and not connected to anything.
//
TDI_STATUS // Returns: Status of request.
TdiDisAssociateAddress(
PTDI_REQUEST Request) // Structure for this request.
{
uint ConnID = PtrToUlong(Request->Handle.ConnectionContext);
KIRQL Irql0, Irql1, Irql2; // One per lock nesting level.
TCPConn *Conn;
AddrObj *AO;
TDI_STATUS Status;
KeAcquireSpinLock(&AddrObjTableLock, &Irql0);
Conn = GetConnFromConnID(ConnID, &Irql1);
if (Conn != NULL) {
//
// The connection actually exists!
//
CHECK_STRUCT(Conn, tc);
AO = Conn->tc_ao;
if (AO != NULL) {
CHECK_STRUCT(AO, ao);
//
// And it's associated.
//
KeAcquireSpinLock(&AO->ao_lock, &Irql2);
//
// If there's no connection currently active, go ahead and remove
// him from the AddrObj. If a connection is active error the
// request out.
//
if (Conn->tc_tcb == NULL) {
if (Conn->tc_refcnt == 0) {
RemoveConnFromAO(AO, Conn);
Status = TDI_SUCCESS;
} else {
//
// He shouldn't be closing, or we couldn't have found him.
//
ASSERT(!(Conn->tc_flags & CONN_CLOSING));
Conn->tc_rtn = Request->RequestNotifyObject;
Conn->tc_rtncontext = Request->RequestContext;
Conn->tc_donertn = DisassocDone;
Conn->tc_flags |= CONN_DISACC;
Status = TDI_PENDING;
}
} else
Status = TDI_CONNECTION_ACTIVE;
KeReleaseSpinLock(&AO->ao_lock, Irql2);
} else
Status = TDI_NOT_ASSOCIATED;
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql1);
} else
Status = TDI_INVALID_CONNECTION;
KeReleaseSpinLock(&AddrObjTableLock, Irql0);
return Status;
}
//* InitTCBFromConn - Initialize a TCB from information in a Connection.
//
// Called from Connect and Listen processing to initialize a new TCB from
// information in the connection. We assume the AddrObjTableLock and
// TCPConnBlock locks are held when we are called, or that the caller has some
// other way of making sure that the referenced AO doesn't go away in the
// middle of operation.
//
// Input: Conn - Connection to initialize from.
// NewTCB - TCB to be initialized.
// Addr - Remote addressing and option info for NewTCB.
// AOLocked - True if the called has the address object locked.
//
//
TDI_STATUS // Returns: TDI_STATUS of init attempt.
InitTCBFromConn(
TCPConn *Conn, // Connection to initialize from.
TCB *NewTCB, // TCB to be initialized.
PTDI_CONNECTION_INFORMATION Addr, // Remove addr info, etc. for NewTCB.
uint AOLocked) // True if caller has addr object lock.
{
KIRQL OldIrql;
CHECK_STRUCT(Conn, tc);
//
// We have a connection. Make sure it's associated with an address and
// doesn't already have a TCB attached.
//
if (Conn->tc_flags & CONN_INVALID)
return TDI_INVALID_CONNECTION;
if (Conn->tc_tcb == NULL) {
AddrObj *ConnAO;
ConnAO = Conn->tc_ao;
if (ConnAO != NULL) {
CHECK_STRUCT(ConnAO, ao);
if (!AOLocked) {
KeAcquireSpinLock(&ConnAO->ao_lock, &OldIrql);
}
if (!(NewTCB->tcb_flags & ACCEPT_PENDING)) {
//
// These fields are already initialized
// when ACCEPT_PENDING is on.
//
NewTCB->tcb_saddr = ConnAO->ao_addr;
NewTCB->tcb_sscope_id = ConnAO->ao_scope_id;
NewTCB->tcb_sport = ConnAO->ao_port;
NewTCB->tcb_defaultwin = Conn->tc_window;
NewTCB->tcb_rcvwin = Conn->tc_window;
}
NewTCB->tcb_rcvind = ConnAO->ao_rcv;
NewTCB->tcb_ricontext = ConnAO->ao_rcvcontext;
if (NewTCB->tcb_rcvind == NULL)
NewTCB->tcb_rcvhndlr = PendData;
else
NewTCB->tcb_rcvhndlr = IndicateData;
NewTCB->tcb_conncontext = Conn->tc_context;
NewTCB->tcb_flags |= Conn->tc_tcbflags;
if (Conn->tc_flags & CONN_WINSET)
NewTCB->tcb_flags |= WINDOW_SET;
if (NewTCB->tcb_flags & KEEPALIVE) {
NewTCB->tcb_alive = TCPTime;
NewTCB->tcb_kacount = 0;
}
NewTCB->tcb_hops = ConnAO->ao_ucast_hops;
if (!AOLocked) {
KeReleaseSpinLock(&ConnAO->ao_lock, OldIrql);
}
return TDI_SUCCESS;
} else
return TDI_NOT_ASSOCIATED;
} else
return TDI_CONNECTION_ACTIVE;
}
//* TdiConnect - Establish a connection.
//
// The TDI connection establishment routine. Called when the client wants to
// establish a connection, we validate his incoming parameters and kick
// things off by sending a SYN.
//
// Note: The format of the timeout (TO) parameter is system specific -
// we use a macro to convert to ticks.
//
TDI_STATUS // Returns: Status of attempt to connect.
TdiConnect(
PTDI_REQUEST Request, // This command request.
void *TO, // How long to wait for request.
PTDI_CONNECTION_INFORMATION RequestAddr, // Describes the destination.
PTDI_CONNECTION_INFORMATION ReturnAddr) // Where to return information.
{
TCPConnReq *ConnReq; // Connection request to use.
IPv6Addr DestAddr;
ulong DestScopeId;
ushort DestPort;
TCPConn *Conn;
TCB *NewTCB;
uint ConnID = PtrToUlong(Request->Handle.ConnectionContext);
KIRQL Irql0, Irql1, Irql2; // One per lock nesting level.
AddrObj *AO;
TDI_STATUS Status;
IP_STATUS IPStatus;
TCP_TIME *Timeout;
NetTableEntry *NTE;
NetTableEntryOrInterface *NTEorIF;
//
// First, get and validate the remote address.
//
if (RequestAddr == NULL || RequestAddr->RemoteAddress == NULL ||
!GetAddress((PTRANSPORT_ADDRESS)RequestAddr->RemoteAddress, &DestAddr,
&DestScopeId, &DestPort))
return TDI_BAD_ADDR;
//
// REVIEW: IPv4 performed other remote address sanity checks here.
// REVIEW: E.g., should we check that remote addr isn't multicast?
//
//
// REVIEW: I can't find an RFC which states 0 is not a valid port number.
//
if (DestPort == 0)
return TDI_BAD_ADDR;
//
// Get a connection request. If we can't, bail out now.
//
ConnReq = GetConnReq();
if (ConnReq == NULL)
return TDI_NO_RESOURCES;
//
// Get a TCB, assuming we'll need one.
//
NewTCB = AllocTCB();
if (NewTCB == NULL) {
// Couldn't get a TCB.
FreeConnReq(ConnReq);
return TDI_NO_RESOURCES;
}
Timeout = (TCP_TIME *)TO;
if (Timeout != NULL && !INFINITE_CONN_TO(*Timeout)) {
ulong Ticks = TCP_TIME_TO_TICKS(*Timeout);
if (Ticks > MAX_CONN_TO_TICKS)
Ticks = MAX_CONN_TO_TICKS;
else
Ticks++;
ConnReq->tcr_timeout = (ushort)Ticks;
} else
ConnReq->tcr_timeout = 0;
ConnReq->tcr_flags = 0;
ConnReq->tcr_conninfo = ReturnAddr;
ConnReq->tcr_addrinfo = NULL;
ConnReq->tcr_req.tr_rtn = Request->RequestNotifyObject;
ConnReq->tcr_req.tr_context = Request->RequestContext;
NewTCB->tcb_daddr = DestAddr;
NewTCB->tcb_dscope_id = DestScopeId;
NewTCB->tcb_dport = DestPort;
//
// Now find the real connection.
//
KeAcquireSpinLock(&AddrObjTableLock, &Irql0);
Conn = GetConnFromConnID(ConnID, &Irql1);
if (Conn != NULL) {
uint Inserted;
CHECK_STRUCT(Conn, tc);
//
// We found the connection. Check for an associated address object.
//
AO = Conn->tc_ao;
if (AO != NULL) {
KeAcquireSpinLock(&AO->ao_lock, &Irql2);
CHECK_STRUCT(AO, ao);
Status = InitTCBFromConn(Conn, NewTCB, RequestAddr, TRUE);
if (Status == TDI_SUCCESS) {
//
// We've initialized our TCB. Mark it that we initiated this
// connection (i.e. active open). Also, we're done with the
// AddrObjTable, so we can free it's lock.
//
NewTCB->tcb_flags |= ACTIVE_OPEN;
KeReleaseSpinLock(&AddrObjTableLock, Irql2);
//
// Initialize our routing state validation counter.
// We need to do this before acquiring an NTE or an RCE
// (to avoid missing any changes which may occur while
// we're in the process of acquiring them).
//
NewTCB->tcb_routing = RouteCacheValidationCounter;
//
// Determine NTE to send on (if user cares).
//
if (IsUnspecified(&NewTCB->tcb_saddr)) {
//
// Caller didn't specify a source address.
// Let the routing code pick one.
//
NTE = NULL;
NTEorIF = NULL;
} else {
//
// Our TCB has a specific source address. Determine
// which NTE corresponds to it and the scope id.
//
NTE = FindNetworkWithAddress(&NewTCB->tcb_saddr,
NewTCB->tcb_sscope_id);
if (NTE == NULL) {
//
// Bad source address. We don't have a network with
// the requested address. Error out.
//
// REVIEW: Will the AddrObj code even let this happen?
//
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_USER_ERROR,
"TdiConnect: Bad source address\n"));
KeReleaseSpinLock(&AO->ao_lock, Irql1);
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql0);
Status = TDI_BAD_ADDR;
goto error;
}
NTEorIF = CastFromNTE(NTE);
}
//
// Get the route.
//
ASSERT(NewTCB->tcb_rce == NULL);
IPStatus = RouteToDestination(&DestAddr, DestScopeId,
NTEorIF, RTD_FLAG_NORMAL,
&NewTCB->tcb_rce);
if (IPStatus != IP_SUCCESS) {
//
// Failed to get a route to the destination. Error out.
//
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INTERNAL_ERROR,
"TdiConnect: Failed to get route to dest.\n"));
KeReleaseSpinLock(&AO->ao_lock, Irql1);
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql0);
if ((IPStatus == IP_PARAMETER_PROBLEM) ||
(IPStatus == IP_BAD_ROUTE))
Status = TDI_BAD_ADDR;
else if (IPStatus == IP_NO_RESOURCES)
Status = TDI_NO_RESOURCES;
else
Status = TDI_DEST_UNREACHABLE;
goto error;
}
ASSERT(NewTCB->tcb_rce != NULL);
if (IsDisconnectedAndNotLoopbackRCE(NewTCB->tcb_rce)) {
//
// Fail new connection requests for TCBs with a
// disconnected outgoing interface, except when a
// loopback route is used.
//
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INTERNAL_ERROR,
"TdiConnect: Interface disconnected.\n"));
KeReleaseSpinLock(&AO->ao_lock, Irql1);
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql0);
//
// Drop the reference on the route we obtained.
//
ReleaseRCE(NewTCB->tcb_rce);
Status = TDI_DEST_NET_UNREACH;
goto error;
}
//
// OK, we got a route. Enter the TCB into the connection
// and send a SYN.
//
KeAcquireSpinLock(&NewTCB->tcb_lock, &Irql2);
Conn->tc_tcb = NewTCB;
Conn->tc_refcnt++;
NewTCB->tcb_conn = Conn;
NewTCB->tcb_connid = Conn->tc_connid;
REMOVEQ(&Conn->tc_q);
ENQUEUE(&AO->ao_activeq, &Conn->tc_q);
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql2);
KeReleaseSpinLock(&AO->ao_lock, Irql1);
//
// Initialize path-specific TCB settings, based on the RCE:
//
// If packets on the path will be looped back in software,
// don't use the Nagle algorithm for this TCB.
//
if (IsLoopbackRCE(NewTCB->tcb_rce)) {
NewTCB->tcb_flags &= ~NAGLING;
}
//
// Keep a reference for the NTE we're using.
// This prevents the NTE from going away should we release
// our RCE, and also makes for easy comparisons.
//
if (NTE == NULL) {
//
// We let the routing code pick the source NTE above.
// Remember this NTE and address for later use.
//
NewTCB->tcb_nte = NewTCB->tcb_rce->NTE;
AddRefNTE(NewTCB->tcb_nte);
NewTCB->tcb_saddr = NewTCB->tcb_nte->Address;
NewTCB->tcb_sscope_id =
DetermineScopeId(&NewTCB->tcb_saddr,
NewTCB->tcb_nte->IF);
} else {
//
// Remember the NTE we found above.
// We already hold a reference on it.
//
NewTCB->tcb_nte = NTE;
}
//
// Similarly, the routing code may have picked
// the destination scope id if it was left unspecified.
// REVIEW - getpeername will not return the new DestScopeId.
//
DestScopeId = DetermineScopeId(&NewTCB->tcb_daddr,
NewTCB->tcb_rce->NTE->IF);
ASSERT((NewTCB->tcb_dscope_id == DestScopeId) ||
(NewTCB->tcb_dscope_id == 0));
NewTCB->tcb_dscope_id = DestScopeId;
//
// Initialize our Maximum Segment Size (MSS).
// Cache our current Path Maximum Transmission Unit (PMTU)
// so that we'll know if it changes.
//
NewTCB->tcb_pmtu = GetEffectivePathMTUFromRCE(NewTCB->tcb_rce);
IF_TCPDBG(TCP_DEBUG_MSS) {
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
"TCP TdiConnect: PMTU from RCE is %d\n",
NewTCB->tcb_pmtu));
}
NewTCB->tcb_remmss = MAXUSHORT;
NewTCB->tcb_security = SecurityStateValidationCounter;
CalculateMSSForTCB(NewTCB);
// Now initialize our send state.
InitSendState(NewTCB);
NewTCB->tcb_refcnt = 1;
NewTCB->tcb_state = TCB_SYN_SENT;
TStats.ts_activeopens++;
// Need to put the ConnReq on the TCB now, in case the timer
// fires after we've inserted.
NewTCB->tcb_connreq = ConnReq;
KeReleaseSpinLock(&NewTCB->tcb_lock, Irql0);
Inserted = InsertTCB(NewTCB);
KeAcquireSpinLock(&NewTCB->tcb_lock, &Irql0);
if (!Inserted) {
// Insert failed. We must already have a connection. Pull
// the connreq from the TCB first, so we can return the
// correct error code for it.
NewTCB->tcb_connreq = NULL;
TryToCloseTCB(NewTCB, TCB_CLOSE_ABORTED, Irql0);
KeAcquireSpinLock(&NewTCB->tcb_lock, &Irql0);
DerefTCB(NewTCB, Irql0);
FreeConnReq(ConnReq);
return TDI_ADDR_IN_USE;
}
// If it's closing somehow, stop now. It can't have gone to
// closed, as we hold a reference on it. It could have gone
// to some other state (for example SYN-RCVD) so we need to
// check that now too.
if (!CLOSING(NewTCB) && NewTCB->tcb_state == TCB_SYN_SENT) {
SendSYN(NewTCB, Irql0);
KeAcquireSpinLock(&NewTCB->tcb_lock, &Irql0);
}
DerefTCB(NewTCB, Irql0);
return TDI_PENDING;
} else
KeReleaseSpinLock(&AO->ao_lock, Irql2);
} else
Status = TDI_NOT_ASSOCIATED;
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql1);
} else
Status = TDI_INVALID_CONNECTION;
KeReleaseSpinLock(&AddrObjTableLock, Irql0);
error:
if (NTE != NULL)
ReleaseNTE(NTE);
FreeTCB(NewTCB);
FreeConnReq(ConnReq);
return Status;
}
//* TdiListen - Listen for a connection.
//
// The TDI listen handling routine. Called when the client wants to
// post a listen, we validate his incoming parameters, allocate a TCB
// and return.
//
TDI_STATUS // Returns: Status of attempt to connect.
TdiListen(
PTDI_REQUEST Request, // Structure for this request.
ushort Flags, // Listen flags for listen.
PTDI_CONNECTION_INFORMATION AcceptableAddr, // Acceptable remote addrs.
PTDI_CONNECTION_INFORMATION ConnectedAddr) // Where to return conn addr.
{
TCPConnReq *ConnReq; // Connection request to use.
IPv6Addr RemoteAddr; // Remote address to take conn. from.
ulong RemoteScopeId; // Scope identifier for remote addr (0 is none).
ushort RemotePort; // Acceptable remote port.
TCPConn *Conn; // Pointer to the Connection being listened upon.
TCB *NewTCB; // Pointer to the new TCB we'll use.
uint ConnID = PtrToUlong(Request->Handle.ConnectionContext);
KIRQL OldIrql; // Save IRQL value prior to taking lock.
TDI_STATUS Status;
//
// If we've been given remote addressing criteria, check it out.
//
if (AcceptableAddr != NULL && AcceptableAddr->RemoteAddress != NULL) {
if (!GetAddress((PTRANSPORT_ADDRESS)AcceptableAddr->RemoteAddress,
&RemoteAddr, &RemoteScopeId, &RemotePort))
return TDI_BAD_ADDR;
//
// REVIEW: IPv4 version did some other address sanity checks here.
// REVIEW: E.g., should we check that remote addr isn't multicast?
//
} else {
RemoteAddr = UnspecifiedAddr;
RemoteScopeId = 0;
RemotePort = 0;
}
//
// The remote address is valid. Get a ConnReq, and maybe a TCB.
//
ConnReq = GetConnReq();
if (ConnReq == NULL)
return TDI_NO_RESOURCES; // Couldn't get one.
//
// Now try to get a TCB.
//
NewTCB = AllocTCB();
if (NewTCB == NULL) {
//
// Couldn't get a TCB. Return an error.
//
FreeConnReq(ConnReq);
return TDI_NO_RESOURCES;
}
//
// We have the resources we need. Initialize them, and then check the
// state of the connection.
//
ConnReq->tcr_flags = Flags;
ConnReq->tcr_conninfo = ConnectedAddr;
ConnReq->tcr_addrinfo = NULL;
ConnReq->tcr_req.tr_rtn = Request->RequestNotifyObject;
ConnReq->tcr_req.tr_context = Request->RequestContext;
NewTCB->tcb_connreq = ConnReq;
NewTCB->tcb_daddr = RemoteAddr;
NewTCB->tcb_dscope_id = RemoteScopeId;
NewTCB->tcb_dport = RemotePort;
NewTCB->tcb_state = TCB_LISTEN;
//
// Now find the real connection. If we find it, we'll make sure it's
// associated.
//
Conn = GetConnFromConnID(ConnID, &OldIrql);
if (Conn != NULL) {
AddrObj *ConnAO;
CHECK_STRUCT(Conn, tc);
//
// We have a connection. Make sure it's associated with an address and
// doesn't already have a TCB attached.
//
ConnAO = Conn->tc_ao;
if (ConnAO != NULL) {
CHECK_STRUCT(ConnAO, ao);
KeAcquireSpinLockAtDpcLevel(&ConnAO->ao_lock);
if (AO_VALID(ConnAO)) {
Status = InitTCBFromConn(Conn, NewTCB, AcceptableAddr, TRUE);
} else {
Status = TDI_ADDR_INVALID;
}
if (Status == TDI_SUCCESS) {
//
// The initialization worked. Assign the new TCB to the
// connection, and return.
//
REMOVEQ(&Conn->tc_q);
PUSHQ(&ConnAO->ao_listenq, &Conn->tc_q);
Conn->tc_tcb = NewTCB;
NewTCB->tcb_conn = Conn;
NewTCB->tcb_connid = Conn->tc_connid;
Conn->tc_refcnt++;
ConnAO->ao_listencnt++;
KeReleaseSpinLockFromDpcLevel(&ConnAO->ao_lock);
Status = TDI_PENDING;
} else {
FreeTCB(NewTCB);
KeReleaseSpinLockFromDpcLevel(&ConnAO->ao_lock);
}
} else {
FreeTCB(NewTCB);
Status = TDI_NOT_ASSOCIATED;
}
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, OldIrql);
} else {
FreeTCB(NewTCB);
Status = TDI_INVALID_CONNECTION;
}
//
// We're all done.
//
if (Status != TDI_PENDING) {
FreeConnReq(ConnReq);
}
return Status;
}
//* InitRCE - Initialize an RCE.
//
// A utility routine to open an RCE and determine the maximum segment size
// for a connection. This function is called with the TCB lock held
// when transitioning out of the SYN_SENT or LISTEN states.
//
void // Returns: Nothing.
InitRCE(
TCB *NewTCB) // TCB for which an RCE is to be opened.
{
IP_STATUS Status;
//
// We are called when receiving an incoming connection attempt,
// so tcb_saddr will always be initialized.
//
ASSERT(! IsUnspecified(&NewTCB->tcb_saddr));
//
// If we don't already have an NTE for this connection, get one now.
//
if (NewTCB->tcb_nte == NULL) {
//
// Initialize our routing state validation counter.
// We need to do this before acquiring an NTE or an RCE
// (to avoid missing any changes which may occur while
// we're in the process of acquiring them).
//
NewTCB->tcb_routing = RouteCacheValidationCounter;
NewTCB->tcb_nte = FindNetworkWithAddress(&NewTCB->tcb_saddr,
NewTCB->tcb_sscope_id);
if (NewTCB->tcb_nte == NULL) {
//
// Failed to get an NTE corresponding to this source address.
//
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INTERNAL_ERROR,
"TCP InitRCE: Can't find the NTE for address?!?\n"));
goto ErrorReturn;
}
}
//
// Get the route.
//
ASSERT(NewTCB->tcb_rce == NULL);
Status = RouteToDestination(&NewTCB->tcb_daddr, NewTCB->tcb_dscope_id,
CastFromNTE(NewTCB->tcb_nte), RTD_FLAG_NORMAL,
&NewTCB->tcb_rce);
if (Status != IP_SUCCESS) {
//
// Failed to get a route to the destination.
//
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INTERNAL_ERROR,
"TCP InitRCE: Can't get a route?!?\n"));
ErrorReturn:
//
// Until we have a real route, use conservative values.
//
NewTCB->tcb_pmtu = IPv6_MINIMUM_MTU;
NewTCB->tcb_mss = (ushort)MIN(DEFAULT_MSS, NewTCB->tcb_remmss);
return;
}
//
// Initialize path-specific TCB settings, based on the RCE:
//
// If packets on the path will be looped back in software,
// don't use the Nagle algorithm for this TCB.
//
if (IsLoopbackRCE(NewTCB->tcb_rce)) {
NewTCB->tcb_flags &= ~NAGLING;
}
//
// Initialize the maximum segement size (MSS) for this connection.
// Cache our current Path Maximum Transmission Unit (PMTU)
// so that we'll know if it changes.
//
NewTCB->tcb_pmtu = GetEffectivePathMTUFromRCE(NewTCB->tcb_rce);
IF_TCPDBG(TCP_DEBUG_MSS) {
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
"TCP InitRCE: PMTU from RCE is %d\n", NewTCB->tcb_pmtu));
}
NewTCB->tcb_security = SecurityStateValidationCounter;
CalculateMSSForTCB(NewTCB);
}
//* AcceptConn - Accept a connection on a TCB.
//
// Called to accept a connection on a TCB, either from an incoming
// receive segment or via a user's accept. We initialize the RCE
// and the send state, and send out a SYN. We assume the TCB is locked
// and referenced when we get it.
//
void // Returns: Nothing.
AcceptConn(
TCB *AcceptTCB, // TCB to accept on.
KIRQL PreLockIrql) // IRQL prior to acquiring TCB lock.
{
CHECK_STRUCT(AcceptTCB, tcb);
ASSERT(AcceptTCB->tcb_refcnt != 0);
InitRCE(AcceptTCB);
InitSendState(AcceptTCB);
AdjustRcvWin(AcceptTCB);
SendSYN(AcceptTCB, PreLockIrql);
KeAcquireSpinLock(&AcceptTCB->tcb_lock, &PreLockIrql);
DerefTCB(AcceptTCB, PreLockIrql);
}
//* TdiAccept - Accept a connection.
//
// The TDI accept routine. Called when the client wants to
// accept a connection for which a listen had previously completed. We
// examine the state of the connection - it has to be in SYN-RCVD, with
// a TCB, with no pending connreq, etc.
//
TDI_STATUS // Returns: Status of attempt to connect.
TdiAccept(
PTDI_REQUEST Request, // Structure for this request.
PTDI_CONNECTION_INFORMATION AcceptInfo, // Info for this accept.
PTDI_CONNECTION_INFORMATION ConnectedInfo) // Where to return conn addr.
{
TCPConnReq *ConnReq; // ConnReq we'll use for this connection.
uint ConnID = PtrToUlong(Request->Handle.ConnectionContext);
TCPConn *Conn; // Connection being accepted upon.
TCB *AcceptTCB; // TCB for Conn.
KIRQL Irql0, Irql1; // One per lock nesting level.
TDI_STATUS Status;
//
// First, get the ConnReq we'll need.
//
ConnReq = GetConnReq();
if (ConnReq == NULL)
return TDI_NO_RESOURCES;
ConnReq->tcr_conninfo = ConnectedInfo;
ConnReq->tcr_addrinfo = NULL;
ConnReq->tcr_req.tr_rtn = Request->RequestNotifyObject;
ConnReq->tcr_req.tr_context = Request->RequestContext;
//
// Now look up the connection.
//
Conn = GetConnFromConnID(ConnID, &Irql0);
if (Conn != NULL) {
CHECK_STRUCT(Conn, tc);
//
// We have the connection. Make sure is has a TCB, and that the
// TCB is in the SYN-RCVD state, etc.
//
AcceptTCB = Conn->tc_tcb;
if (AcceptTCB != NULL) {
CHECK_STRUCT(AcceptTCB, tcb);
KeAcquireSpinLock(&AcceptTCB->tcb_lock, &Irql1);
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql1);
if (!CLOSING(AcceptTCB) && AcceptTCB->tcb_state == TCB_SYN_RCVD) {
//
// State is valid. Make sure this TCB had a delayed accept on
// it, and that there is currently no connect request pending.
//
if (!(AcceptTCB->tcb_flags & CONN_ACCEPTED) &&
AcceptTCB->tcb_connreq == NULL) {
AcceptTCB->tcb_connreq = ConnReq;
AcceptTCB->tcb_flags |= CONN_ACCEPTED;
AcceptTCB->tcb_refcnt++;
//
// Everything's set. Accept the connection now.
//
AcceptConn(AcceptTCB, Irql0);
return TDI_PENDING;
}
}
KeReleaseSpinLock(&AcceptTCB->tcb_lock, Irql0);
Status = TDI_INVALID_CONNECTION;
goto error;
}
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql0);
}
Status = TDI_INVALID_CONNECTION;
error:
FreeConnReq(ConnReq);
return Status;
}
//* TdiDisConnect - Disconnect a connection.
//
// The TDI disconnection routine. Called when the client wants to disconnect
// a connection. There are two types of disconnection we support, graceful
// and abortive. A graceful close will cause us to send a FIN and not complete
// the request until we get the ACK back. An abortive close causes us to send
// a RST. In that case we'll just get things going and return immediately.
//
// Note: The format of the Timeout (TO) is system specific - we use
// a macro to convert to ticks.
//
TDI_STATUS // Returns: Status of attempt to disconnect.
TdiDisconnect(
PTDI_REQUEST Request, // Structure for this request.
void *TO, // How long to wait.
ushort Flags, // Type of disconnect.
PTDI_CONNECTION_INFORMATION DiscConnInfo, // Ignored.
PTDI_CONNECTION_INFORMATION ReturnInfo, // Ignored.
TCPAbortReq *AbortReq) // Space for pending abort.
{
TCPConnReq *ConnReq; // Connection request to use.
TCPConn *Conn;
TCB *DiscTCB;
KIRQL Irql0, Irql1; // One per lock nesting level.
TDI_STATUS Status;
TCP_TIME *Timeout;
UNREFERENCED_PARAMETER(DiscConnInfo);
UNREFERENCED_PARAMETER(ReturnInfo);
Conn = GetConnFromConnID(PtrToUlong(Request->Handle.ConnectionContext),
&Irql0);
if (Conn != NULL) {
CHECK_STRUCT(Conn, tc);
DiscTCB = Conn->tc_tcb;
if (DiscTCB != NULL) {
CHECK_STRUCT(DiscTCB, tcb);
KeAcquireSpinLock(&DiscTCB->tcb_lock, &Irql1);
//
// We have the TCB. See what kind of disconnect this is.
//
if (Flags & TDI_DISCONNECT_ABORT) {
//
// This is an abortive disconnect. If we're not already
// closed or closing, blow the connection away.
//
if (DiscTCB->tcb_state != TCB_CLOSED) {
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql1);
if (AbortReq != NULL) {
if (DiscTCB->tcb_abortreq == NULL) {
AbortReq->tar_rtn = Request->RequestNotifyObject;
AbortReq->tar_context = Request->RequestContext;
DiscTCB->tcb_abortreq = AbortReq;
Status = TDI_PENDING;
} else {
Status = TDI_SUCCESS;
}
} else {
Status = TDI_SUCCESS;
}
if (!CLOSING(DiscTCB)) {
DiscTCB->tcb_flags |= NEED_RST;
TryToCloseTCB(DiscTCB, TCB_CLOSE_ABORTED,
Irql0);
} else
KeReleaseSpinLock(&DiscTCB->tcb_lock, Irql0);
return Status;
} else {
//
// The TCB isn't connected.
//
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql1);
KeReleaseSpinLock(&DiscTCB->tcb_lock, Irql0);
return TDI_INVALID_STATE;
}
} else {
//
// This is not an abortive close. For graceful close we'll
// need a ConnReq.
//
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql1);
//
// Make sure we aren't in the middle of an abortive close.
//
if (CLOSING(DiscTCB)) {
KeReleaseSpinLock(&DiscTCB->tcb_lock, Irql0);
return TDI_INVALID_CONNECTION;
}
ConnReq = GetConnReq();
if (ConnReq != NULL) {
//
// Got the ConnReq. See if this is a DISCONNECT_WAIT
// primitive or not.
//
ConnReq->tcr_flags = 0;
ConnReq->tcr_conninfo = NULL;
ConnReq->tcr_addrinfo = NULL;
ConnReq->tcr_req.tr_rtn = Request->RequestNotifyObject;
ConnReq->tcr_req.tr_context = Request->RequestContext;
if (!(Flags & TDI_DISCONNECT_WAIT)) {
Timeout = (TCP_TIME *)TO;
if (Timeout != NULL && !INFINITE_CONN_TO(*Timeout)) {
ulong Ticks = TCP_TIME_TO_TICKS(*Timeout);
if (Ticks > MAX_CONN_TO_TICKS)
Ticks = MAX_CONN_TO_TICKS;
else
Ticks++;
ConnReq->tcr_timeout = (ushort)Ticks;
} else
ConnReq->tcr_timeout = 0;
//
// OK, we're just about set. We need to update
// the TCB state, and send the FIN.
//
if (DiscTCB->tcb_state == TCB_ESTAB) {
DiscTCB->tcb_state = TCB_FIN_WAIT1;
//
// Since we left established, we're off the fast
// receive path.
//
DiscTCB->tcb_slowcount++;
DiscTCB->tcb_fastchk |= TCP_FLAG_SLOW;
} else
if (DiscTCB->tcb_state == TCB_CLOSE_WAIT)
DiscTCB->tcb_state = TCB_LAST_ACK;
else {
KeReleaseSpinLock(&DiscTCB->tcb_lock, Irql0);
FreeConnReq(ConnReq);
return TDI_INVALID_STATE;
}
// Update SNMP info.
InterlockedDecrement((PLONG)&TStats.ts_currestab);
ASSERT(*(int *)&TStats.ts_currestab >= 0);
ASSERT(DiscTCB->tcb_connreq == NULL);
DiscTCB->tcb_connreq = ConnReq;
DiscTCB->tcb_flags |= FIN_NEEDED;
DiscTCB->tcb_refcnt++;
TCPSend(DiscTCB, Irql0);
return TDI_PENDING;
} else {
//
// This is a DISC_WAIT request.
//
ConnReq->tcr_timeout = 0;
if (DiscTCB->tcb_discwait == NULL) {
DiscTCB->tcb_discwait = ConnReq;
Status = TDI_PENDING;
} else {
FreeConnReq(ConnReq);
Status = TDI_INVALID_STATE;
}
KeReleaseSpinLock(&DiscTCB->tcb_lock, Irql0);
return Status;
}
} else {
//
// Couldn't get a ConnReq.
//
KeReleaseSpinLock(&DiscTCB->tcb_lock, Irql0);
return TDI_NO_RESOURCES;
}
}
} else
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql0);
}
//
// No Conn, or no TCB on conn. Return an error.
//
return TDI_INVALID_CONNECTION;
}
//* OKToNotify - See if it's OK to notify about a DISC.
//
// A little utility function, called to see it it's OK to notify the client
// of an incoming FIN.
//
uint // Returns: TRUE if it's OK, False otherwise.
OKToNotify(
TCB *NotifyTCB) // TCB to check.
{
CHECK_STRUCT(NotifyTCB, tcb);
if (NotifyTCB->tcb_pendingcnt == 0 && NotifyTCB->tcb_urgcnt == 0 &&
NotifyTCB->tcb_rcvhead == NULL && NotifyTCB->tcb_exprcv == NULL)
return TRUE;
else
return FALSE;
}
//* NotifyOfDisc - Notify a client that a TCB is being disconnected.
//
// Called when we're disconnecting a TCB because we've received a FIN or
// RST from the remote peer, or because we're aborting for some reason.
// We'll complete a DISCONNECT_WAIT request if we have one, or try and
// issue an indication otherwise. This is only done if we're in a
// synchronized state and not in TIMED-WAIT.
//
// May be called with TCB lock held. Or not.
//
void // Returns: Nothing.
NotifyOfDisc(
TCB *DiscTCB, // TCB we're notifying.
TDI_STATUS Status, // Status code for notification.
PKIRQL IrqlPtr) // Indicates TCB is locked with given IRQL.
{
KIRQL Irql0, Irql1;
TCPConnReq *DiscReq;
TCPConn *Conn;
AddrObj *DiscAO;
PVOID ConnContext;
CHECK_STRUCT(DiscTCB, tcb);
ASSERT(DiscTCB->tcb_refcnt != 0);
//
// See if we already hold the TCB lock, grab it if not.
//
if (IrqlPtr != NULL) {
Irql0 = *IrqlPtr;
} else {
KeAcquireSpinLock(&DiscTCB->tcb_lock, &Irql0);
}
if (SYNC_STATE(DiscTCB->tcb_state) &&
!(DiscTCB->tcb_flags & DISC_NOTIFIED)) {
//
// We can't notify him if there's still data to be taken.
//
if (Status == TDI_GRACEFUL_DISC) {
if (!OKToNotify(DiscTCB)) {
DiscTCB->tcb_flags |= DISC_PENDING;
KeReleaseSpinLock(&DiscTCB->tcb_lock, Irql0);
return;
}
if (DiscTCB->tcb_pending & RST_PENDING) {
KeReleaseSpinLock(&DiscTCB->tcb_lock, Irql0);
return;
}
} else {
if (DiscTCB->tcb_flags & (IN_RCV_IND | IN_DELIV_URG)) {
DiscTCB->tcb_pending |= RST_PENDING;
KeReleaseSpinLock(&DiscTCB->tcb_lock, Irql0);
return;
}
DiscTCB->tcb_pending &= ~RST_PENDING;
}
DiscTCB->tcb_flags |= DISC_NOTIFIED;
DiscTCB->tcb_flags &= ~DISC_PENDING;
//
// We're in a state where a disconnect is meaningful, and we haven't
// already notified the client.
// See if we have a DISC-WAIT request pending.
//
if ((DiscReq = DiscTCB->tcb_discwait) != NULL) {
//
// We have a disconnect wait request. Complete it and we're done.
//
DiscTCB->tcb_discwait = NULL;
KeReleaseSpinLock(&DiscTCB->tcb_lock, Irql0);
(*DiscReq->tcr_req.tr_rtn)(DiscReq->tcr_req.tr_context, Status, 0);
FreeConnReq(DiscReq);
return;
}
//
// No DISC-WAIT. Find the AddrObj for the connection, and see if
// there is a disconnect handler registered.
//
ConnContext = DiscTCB->tcb_conncontext;
KeReleaseSpinLock(&DiscTCB->tcb_lock, Irql0);
KeAcquireSpinLock(&AddrObjTableLock, &Irql0);
if ((Conn = DiscTCB->tcb_conn) != NULL) {
CHECK_STRUCT(Conn, tc);
KeAcquireSpinLock(&Conn->tc_ConnBlock->cb_lock, &Irql1);
DiscAO = Conn->tc_ao;
if (DiscAO != NULL) {
KIRQL Irql2;
PDisconnectEvent DiscEvent;
PVOID DiscContext;
CHECK_STRUCT(DiscAO, ao);
KeAcquireSpinLock(&DiscAO->ao_lock, &Irql2);
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql2);
KeReleaseSpinLock(&AddrObjTableLock, Irql1);
DiscEvent = DiscAO->ao_disconnect;
DiscContext = DiscAO->ao_disconncontext;
if (DiscEvent != NULL) {
REF_AO(DiscAO);
KeReleaseSpinLock(&DiscAO->ao_lock, Irql0);
IF_TCPDBG(TCP_DEBUG_CLOSE) {
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
"TCP: indicating %s disconnect\n",
(Status == TDI_GRACEFUL_DISC) ?
"graceful" : "abortive"));
}
(*DiscEvent)(DiscContext, ConnContext, 0, NULL, 0,
NULL, (Status == TDI_GRACEFUL_DISC) ?
TDI_DISCONNECT_RELEASE :
TDI_DISCONNECT_ABORT);
DELAY_DEREF_AO(DiscAO);
return;
} else {
KeReleaseSpinLock(&DiscAO->ao_lock, Irql0);
return;
}
}
KeReleaseSpinLock(&Conn->tc_ConnBlock->cb_lock, Irql1);
}
KeReleaseSpinLock(&AddrObjTableLock, Irql0);
return;
}
KeReleaseSpinLock(&DiscTCB->tcb_lock, Irql0);
}
//* GracefulClose - Complete the transition to a gracefully closed state.
//
// Called when we need to complete the transition to a gracefully closed
// state, either TIME_WAIT or CLOSED. This completion involves removing
// the TCB from it's associated connection (if it has one), notifying the
// upper layer client either via completing a request or calling a disc.
// notification handler, and actually doing the transition.
//
// The tricky part here is if we need to notify him (instead of completing
// a graceful disconnect request). We can't notify him if there is pending
// data on the connection, so in that case we have to pend the disconnect
// notification until we deliver the data.
//
void // Returns: Nothing.
GracefulClose(
TCB *CloseTCB, // TCB to transition.
uint ToTimeWait, // TRUE if we're going to TIME_WAIT, FALSE if
// we're going to close the TCB.
uint Notify, // TRUE if via notification, FALSE if via completing
// a disconnect request.
KIRQL PreLockIrql) // IRQL prior to acquiring TCB lock.
{
CHECK_STRUCT(CloseTCB, tcb);
ASSERT(CloseTCB->tcb_refcnt != 0);
//
// First, see if we need to notify the client of a FIN.
//
if (Notify) {
//
// We do need to notify him. See if it's OK to do so.
//
if (OKToNotify(CloseTCB)) {
//
// We can notify him. Change his state, pull him from the conn.,
// and notify him.
//
if (ToTimeWait) {
//
// Save the time we went into time wait, in case we need to
// scavenge.
//
CloseTCB->tcb_alive = SystemUpTime();
CloseTCB->tcb_state = TCB_TIME_WAIT;
KeReleaseSpinLock(&CloseTCB->tcb_lock, PreLockIrql);
} else {
//
// He's going to close. Mark him as closing with TryToCloseTCB
// (he won't actually close since we have a ref. on him). We
// do this so that anyone touching him after we free the
// lock will fail.
//
TryToCloseTCB(CloseTCB, TDI_SUCCESS, PreLockIrql);
}
RemoveTCBFromConn(CloseTCB);
NotifyOfDisc(CloseTCB, TDI_GRACEFUL_DISC, NULL);
} else {
//
// Can't notify him now. Set the appropriate flags, and return.
//
CloseTCB->tcb_flags |= (GC_PENDING |
(ToTimeWait ? TW_PENDING : 0));
DerefTCB(CloseTCB, PreLockIrql);
return;
}
} else {
//
// We're not notifying this guy, we just need to complete a conn. req.
// We need to check and see if he's been notified, and if not
// we'll complete the request and notify him later.
//
if (CloseTCB->tcb_flags & DISC_NOTIFIED) {
//
// He's been notified.
//
if (ToTimeWait) {
//
// Save the time we went into time wait, in case we need to
// scavenge.
//
CloseTCB->tcb_alive = SystemUpTime();
CloseTCB->tcb_state = TCB_TIME_WAIT;
KeReleaseSpinLock(&CloseTCB->tcb_lock, PreLockIrql);
} else {
//
// Mark him as closed. See comments above.
//
TryToCloseTCB(CloseTCB, TDI_SUCCESS, PreLockIrql);
}
RemoveTCBFromConn(CloseTCB);
KeAcquireSpinLock(&CloseTCB->tcb_lock, &PreLockIrql);
CompleteConnReq(CloseTCB, TDI_SUCCESS);
KeReleaseSpinLock(&CloseTCB->tcb_lock, PreLockIrql);
} else {
//
// He hasn't been notified. He should be pending already.
//
ASSERT(CloseTCB->tcb_flags & DISC_PENDING);
CloseTCB->tcb_flags |= (GC_PENDING |
(ToTimeWait ? TW_PENDING : 0));
CompleteConnReq(CloseTCB, TDI_SUCCESS);
DerefTCB(CloseTCB, PreLockIrql);
return;
}
}
//
// If we're going to TIME_WAIT, start the TIME_WAIT timer now.
// Otherwise close the TCB.
//
KeAcquireSpinLock(&CloseTCB->tcb_lock, &PreLockIrql);
if (!CLOSING(CloseTCB) && ToTimeWait) {
START_TCB_TIMER(CloseTCB->tcb_rexmittimer, MAX_REXMIT_TO);
KeReleaseSpinLock(&CloseTCB->tcb_lock, PreLockIrql);
RemoveConnFromTCB(CloseTCB);
KeAcquireSpinLock(&CloseTCB->tcb_lock, &PreLockIrql);
}
DerefTCB(CloseTCB, PreLockIrql);
}
#if 0 // REVIEW: Unused function?
//* ConnCheckPassed - Check to see if we have exceeded the connect limit.
//
// Called when a SYN is received to determine whether we will accept
// the incoming connection. If there is an empty slot or if the IP address
// is already in the table, we accept it.
//
int // Returns: TRUE is connect is accepted, FALSE if rejected.
ConnCheckPassed(
IPv6Addr *Src, // Source address of incoming connection.
ulong Prt) // Destination port of incoming connection.
{
UNREFERENCED_PARAMETER(Src);
UNREFERENCED_PARAMETER(Prt);
return TRUE;
}
#endif
void InitAddrChecks()
{
return;
}
//* EnumerateConnectionList - Enumerate Connection List database.
//
// This routine enumerates the contents of the connection limit database.
//
// Note: The comments found with this routine upon IPv6 port imply that
// there may have been code here once that actually did something.
// What's here now is a no-op.
//
void // Returns: Nothing.
EnumerateConnectionList(
uchar *Buffer, // Buffer to fill with connection list entries.
ulong BufferSize, // Size of Buffer in bytes.
ulong *EntriesReturned, // Where to put the number of entries returned.
ulong *EntriesAvailable) // Where to return number of avail conn. entries.
{
UNREFERENCED_PARAMETER(Buffer);
UNREFERENCED_PARAMETER(BufferSize);
*EntriesAvailable = 0;
*EntriesReturned = 0;
return;
}
#pragma BEGIN_INIT
//* InitTCPConn - Initialize TCP connection management code.
//
// Called during init time to initialize our TCP connection management.
//
int // Returns: TRUE.
InitTCPConn(
void) // Input: Nothing.
{
ExInitializeSListHead(&ConnReqFree);
KeInitializeSpinLock(&ConnReqFreeLock);
KeInitializeSpinLock(&ConnTableLock);
MaxAllocatedConnBlocks = 0;
ConnTable = ExAllocatePool(NonPagedPool,
MaxConnBlocks * sizeof(TCPConnBlock *));
if (ConnTable == NULL) {
return FALSE;
}
return TRUE;
}
#pragma END_INIT
//* UnloadTCPConn
//
// Cleanup and prepare for stack unload.
//
void
UnloadTCPConn(void)
{
PSLIST_ENTRY BufferLink;
KIRQL OldIrql;
TCPConnBlock **OldTable;
while ((BufferLink = ExInterlockedPopEntrySList(&ConnReqFree,
&ConnReqFreeLock))
!= NULL) {
Queue *QueuePtr = CONTAINING_RECORD(BufferLink, Queue, q_next);
TCPReq *Req = CONTAINING_RECORD(QueuePtr, TCPReq, tr_q);
TCPConnReq *ConnReq = CONTAINING_RECORD(Req, TCPConnReq, tcr_req);
CHECK_STRUCT(ConnReq, tcr);
ExFreePool(ConnReq);
}
KeAcquireSpinLock(&ConnTableLock, &OldIrql);
OldTable = ConnTable;
ConnTable = NULL;
KeReleaseSpinLock(&ConnTableLock, OldIrql);
if (OldTable != NULL) {
uint i;
for (i = 0; i < MaxAllocatedConnBlocks; i++) {
ExFreePool(OldTable[i]);
}
ExFreePool(OldTable);
}
}