|
|
/*++
Copyright (c) 1990-2000 Microsoft Corporation
Module Name:
TCPRCV.C - TCP receive protocol code.
Abstract:
This file contains the code for handling incoming TCP packets.
Author:
[Environment:]
kernel mode only
[Notes:]
optional-notes
Revision History:
--*/
#include "precomp.h"
#include "addr.h"
#include "tcp.h"
#include "tcb.h"
#include "tcpconn.h"
#include "tcpsend.h"
#include "tcprcv.h"
#include "tcpdeliv.h"
#include "tlcommon.h"
#include "info.h"
#include "tcpcfg.h"
#include "secfltr.h"
CACHE_LINE_KSPIN_LOCK SynAttLock;CACHE_LINE_ULONG TCBDelayRtnCount;CACHE_LINE_ULONG TCBDelayRtnLimit;CACHE_LINE_ULONG TCBDelayQRoundRobinIndex;
typedef struct CACHE_ALIGN CPUDelayQ { DEFINE_LOCK_STRUCTURE(TCBDelayLock) Queue TCBDelayQ;} CPUDelayQ;C_ASSERT(sizeof(CPUDelayQ) % MAX_CACHE_LINE_SIZE == 0);C_ASSERT(__alignof(CPUDelayQ) == MAX_CACHE_LINE_SIZE);
CPUDelayQ *PerCPUDelayQ;
// Maximum possible window size. By default it is 16 bit value
// if window scaling is enabled this can be set thru registry.
uint MaxRcvWin = 0xffff;uint MaxDupAcks;#define TCB_DELAY_RTN_LIMIT 4
#if DBG
ulong DbgTcpHwChkSumOk = 0;ulong DbgTcpHwChkSumErr = 0;ulong DbgDnsProb = 0;#endif
extern uint Time_Proc;extern CTELock *pTWTCBTableLock;extern CTELock *pTCBTableLock;
#if IRPFIX
extern PDEVICE_OBJECT TCPDeviceObject;#endif
extern Queue TWQueue;extern ulong CurrentTCBs;extern ulong MaxFreeTcbs;extern IPInfo LocalNetInfo;
#define PERSIST_TIMEOUT MS_TO_TICKS(500)
voidSendTWtcbACK(TWTCB *ACKTcb, uint Partition, CTELockHandle TCBHandle);
voidReInsert2MSL(TWTCB *RemovedTCB);
void ResetSendNext(TCB *SeqTCB, SeqNum NewSeq);
void ResetAndFastSend(TCB *SeqTCB, SeqNum NewSeq, uint NewCWin);
void GetRandomISN(PULONG SeqNum);
extern uint TcpHostOpts;extern BOOLEAN fAcdLoadedG;
extern NTSTATUS TCPPrepareIrpForCancel(PTCP_CONTEXT TcpContext, PIRP Irp, PDRIVER_CANCEL CancelRoutine);
extern void TCPRequestComplete(void *Context, uint Status, uint UnUsed);
void TCPCancelRequest(PDEVICE_OBJECT Device, PIRP Irp);
//
// All of the init code can be discarded.
//
int InitTCPRcv(void);void UnInitTCPRcv(void);
#ifdef ALLOC_PRAGMA
#pragma alloc_text(INIT, InitTCPRcv)
#pragma alloc_text(INIT, UnInitTCPRcv)
#endif
//* AdjustRcvWin - Adjust the receive window on a TCB.
//
// A utility routine that adjusts the receive window to an even multiple of
// the local segment size. We round it up to the next closest multiple, or
// leave it alone if it's already an event multiple. We assume we have
// exclusive access to the input TCB.
//
// Input: WinTCB - TCB to be adjusted.
//
// Returns: Nothing.
//
voidAdjustRcvWin(TCB *WinTCB){ ushort LocalMSS; uchar FoundMSS; ulong SegmentsInWindow; uint ScaledMaxRcvWin;
ASSERT(WinTCB->tcb_defaultwin != 0); ASSERT(WinTCB->tcb_rcvwin != 0); ASSERT(WinTCB->tcb_remmss != 0);
if (WinTCB->tcb_flags & WINDOW_SET) return;
// First, get the local MSS by calling IP.
FoundMSS = (*LocalNetInfo.ipi_getlocalmtu)(WinTCB->tcb_saddr, &LocalMSS);
// If we didn't find it, error out.
if (!FoundMSS) { //ASSERT(FALSE);
return; } LocalMSS -= sizeof(TCPHeader); LocalMSS = MIN(LocalMSS, WinTCB->tcb_remmss);
// Compute the actual maximum receive window, accounting for the presence
// of window scaling on this particular connection. This value is used
// in the computations below, rather than the cross-connection maximum.
ScaledMaxRcvWin = TCP_MAXWIN << WinTCB->tcb_rcvwinscale;
// Make sure we have at least 4 segments in window, if that wouldn't make
// the window too big.
SegmentsInWindow = WinTCB->tcb_defaultwin / (ulong)LocalMSS;
if (SegmentsInWindow < 4) {
// We have fewer than four segments in the window. Round up to 4
// if we can do so without exceeding the maximum window size; otherwise
// use the maximum multiple that we can fit in 64K. The exception is if
// we can only fit one integral multiple in the window - in that case
// we'll use a window equal to the scaled maximum.
if (LocalMSS <= (ScaledMaxRcvWin / 4)) { WinTCB->tcb_defaultwin = (uint)(4 * LocalMSS); } else { ulong SegmentsInMaxWindow;
// Figure out the maximum number of segments we could possibly
// fit in a window. If this is > 1, use that as the basis for
// our window size. Otherwise use a maximum size window.
SegmentsInMaxWindow = ScaledMaxRcvWin / (ulong)LocalMSS; if (SegmentsInMaxWindow != 1) WinTCB->tcb_defaultwin = SegmentsInMaxWindow * (ulong)LocalMSS; else WinTCB->tcb_defaultwin = ScaledMaxRcvWin; }
WinTCB->tcb_rcvwin = WinTCB->tcb_defaultwin;
} else { // If it's not already an even multiple, bump the default and current
// windows to the nearest multiple.
if ((SegmentsInWindow * (ulong)LocalMSS) != WinTCB->tcb_defaultwin) { ulong NewWindow;
NewWindow = (SegmentsInWindow + 1) * (ulong)LocalMSS;
// Don't let the new window be > 64K
// or what ever is set (if window scaling is enabled)
if (NewWindow <= ScaledMaxRcvWin) { WinTCB->tcb_defaultwin = (uint)NewWindow; WinTCB->tcb_rcvwin = (uint)NewWindow; } } }}
//* CompleteRcvs - Complete rcvs on a TCB.
//
// Called when we need to complete rcvs on a TCB. We'll pull things from
// the TCB's rcv queue, as long as there are rcvs that have the PUSH bit
// set.
//
// Input: CmpltTCB - TCB to complete on.
//
// Returns: Nothing.
//
voidCompleteRcvs(TCB * CmpltTCB){ CTELockHandle TCBHandle; TCPRcvReq *CurrReq, *NextReq, *IndReq;#if TRACE_EVENT
PTDI_DATA_REQUEST_NOTIFY_ROUTINE CPCallBack; WMIData WMIInfo;#endif
CTEStructAssert(CmpltTCB, tcb); ASSERT(CmpltTCB->tcb_refcnt != 0);
CTEGetLock(&CmpltTCB->tcb_lock, &TCBHandle);
if (!CLOSING(CmpltTCB) && !(CmpltTCB->tcb_flags & RCV_CMPLTING) && (CmpltTCB->tcb_rcvhead != NULL)) {
CmpltTCB->tcb_flags |= RCV_CMPLTING;
for (;;) {
CurrReq = CmpltTCB->tcb_rcvhead; IndReq = NULL; do { CTEStructAssert(CurrReq, trr);
if (CurrReq->trr_flags & TRR_PUSHED) { // Need to complete this one. If this is the current rcv
// advance the current rcv to the next one in the list.
// Then set the list head to the next one in the list.
NextReq = CurrReq->trr_next; if (CmpltTCB->tcb_currcv == CurrReq) CmpltTCB->tcb_currcv = NextReq;
CmpltTCB->tcb_rcvhead = NextReq;
if (NextReq == NULL) {
// We've just removed the last buffer. Set the
// rcvhandler to PendData, in case something
// comes in during the callback.
ASSERT(CmpltTCB->tcb_rcvhndlr != IndicateData); CmpltTCB->tcb_rcvhndlr = PendData; } CTEFreeLock(&CmpltTCB->tcb_lock, TCBHandle); if (CurrReq->trr_uflags != NULL) *(CurrReq->trr_uflags) = TDI_RECEIVE_NORMAL | TDI_RECEIVE_ENTIRE_MESSAGE;#if TRACE_EVENT
CPCallBack = TCPCPHandlerRoutine; if (CPCallBack != NULL) { ulong GroupType;
WMIInfo.wmi_destaddr = CmpltTCB->tcb_daddr; WMIInfo.wmi_destport = CmpltTCB->tcb_dport; WMIInfo.wmi_srcaddr = CmpltTCB->tcb_saddr; WMIInfo.wmi_srcport = CmpltTCB->tcb_sport; WMIInfo.wmi_size = CurrReq->trr_size; WMIInfo.wmi_context = CmpltTCB->tcb_cpcontext;
GroupType = EVENT_TRACE_GROUP_TCPIP + EVENT_TRACE_TYPE_RECEIVE; (*CPCallBack) (GroupType, (PVOID) &WMIInfo, sizeof(WMIInfo), NULL); }#endif
(*CurrReq->trr_rtn) (CurrReq->trr_context, TDI_SUCCESS, CurrReq->trr_amt); if (IndReq != NULL) FreeRcvReq(CurrReq); else IndReq = CurrReq; CTEGetLock(&CmpltTCB->tcb_lock, &TCBHandle); CurrReq = CmpltTCB->tcb_rcvhead;
} else // This one isn't to be completed, so bail out.
break; } while (CurrReq != NULL);
// Now see if we've completed all of the requests. If we have, we
// may need to deal with pending data and/or reset the rcv. handler.
if (CurrReq == NULL) { // We've completed everything that can be, so stop the push
// timer. We don't stop it if CurrReq isn't NULL because we
// want to make sure later data is eventually pushed.
STOP_TCB_TIMER_R(CmpltTCB, PUSH_TIMER);
ASSERT(IndReq != NULL); // No more recv. requests.
if (CmpltTCB->tcb_pendhead == NULL) {
FreeRcvReq(IndReq); // No pending data. Set the rcv. handler to either PendData
// or IndicateData.
if (!(CmpltTCB->tcb_flags & (DISC_PENDING | GC_PENDING))) { if (CmpltTCB->tcb_rcvind != NULL && CmpltTCB->tcb_indicated == 0) CmpltTCB->tcb_rcvhndlr = IndicateData; else CmpltTCB->tcb_rcvhndlr = PendData; } else { goto Complete_Notify; }
} else { // We have pending data to deal with.
if (CmpltTCB->tcb_rcvind != NULL && ((CmpltTCB->tcb_indicated == 0) || (CmpltTCB->tcb_moreflag == 4))) {
// There's a rcv. indicate handler on this TCB. Call
// the indicate handler with the pending data.
IndicatePendingData(CmpltTCB, IndReq, TCBHandle); SendACK(CmpltTCB); CTEGetLock(&CmpltTCB->tcb_lock, &TCBHandle); // See if a buffer has been posted. If so, we'll need
// to check and see if it needs to be completed.
if (CmpltTCB->tcb_rcvhead != NULL) continue; else { // If the pending head is now NULL, we've used up
// all the data.
if (CmpltTCB->tcb_pendhead == NULL && (CmpltTCB->tcb_flags & (DISC_PENDING | GC_PENDING))) goto Complete_Notify; }
} else { // No indicate handler, so nothing to do. The rcv.
// handler should already be set to PendData.
FreeRcvReq(IndReq); ASSERT(CmpltTCB->tcb_rcvhndlr == PendData); } } } else { if (IndReq != NULL) FreeRcvReq(IndReq); }
break; } CmpltTCB->tcb_flags &= ~RCV_CMPLTING; } CTEFreeLock(&CmpltTCB->tcb_lock, TCBHandle); return;
Complete_Notify: // Something is pending. Figure out what it is, and do
// it.
if (CmpltTCB->tcb_flags & GC_PENDING) { CmpltTCB->tcb_flags &= ~RCV_CMPLTING; // Bump the refcnt, because GracefulClose will
// deref the TCB and we're not really done with
// it yet.
REFERENCE_TCB(CmpltTCB);
//it is okay to ignore the tw state since we are returning frome here
//anyway, without touching the tcb.
GracefulClose(CmpltTCB, CmpltTCB->tcb_flags & TW_PENDING, TRUE, TCBHandle);
} else if (CmpltTCB->tcb_flags & DISC_PENDING) { CmpltTCB->tcb_flags &= ~DISC_PENDING; CTEFreeLock(&CmpltTCB->tcb_lock, TCBHandle); NotifyOfDisc(CmpltTCB, NULL, TDI_GRACEFUL_DISC);
CTEGetLock(&CmpltTCB->tcb_lock, &TCBHandle); CmpltTCB->tcb_flags &= ~RCV_CMPLTING; CTEFreeLock(&CmpltTCB->tcb_lock, TCBHandle); } else { ASSERT(FALSE); CTEFreeLock(&CmpltTCB->tcb_lock, TCBHandle); }
return;
}
//* CompleteSends - Complete TCP send requests.
//
// Called when we need to complete a chain of send-requests pulled off a TCB
// during our ACK processing.
//
// Input: SendQ - non-empty chain of TCPSendReq structures.
//
// Returns: nothing.
//
voidCompleteSends(Queue* SendQ){ Queue* CurrentQ = QHEAD(SendQ); TCPReq* Req; ASSERT(!EMPTYQ(SendQ)); do { Req = QSTRUCT(TCPReq, CurrentQ, tr_q); CurrentQ = QNEXT(CurrentQ); CTEStructAssert(Req, tr); (*Req->tr_rtn)(Req->tr_context, Req->tr_status, Req->tr_status == TDI_SUCCESS ? ((TCPSendReq*)Req)->tsr_size : 0); FreeSendReq((TCPSendReq*)Req); } while (CurrentQ != QEND(SendQ)); INITQ(SendQ);}
//* ProcessPerCpuTCBDelayQ - Process TCBs on the delayed Q on this cpu.
//
// Called at various times to process TCBs on the delayed Q.
//
// Input: Proc - Index into the per-processor delay queues.
// OrigIrql - The callers IRQL.
// StopTicks - Optional pointer to KeQueryTickCount value after
// which processing should stop. This is used to
// limit the time spent at DISPATCH_LEVEL.
// ItemsProcessed - Optional output pointer where the number of items
// processed is stored. (Caller takes responsibility
// for initializing this counter if used.)
//
// Returns: TRUE if processing was stopped due to time constraint. FALSE
// otherwise, or if no time constraint was given.
//
LOGICALProcessPerCpuTCBDelayQ(int Proc, KIRQL OrigIrql, const LARGE_INTEGER* StopTicks, ulong *ItemsProcessed){ CPUDelayQ* CpuQ; Queue* Item; TCB *DelayTCB; CTELockHandle TCBHandle; LARGE_INTEGER Ticks; LOGICAL TimeConstrained = FALSE;
CpuQ = &PerCPUDelayQ[Proc];
while ((Item = InterlockedDequeueIfNotEmptyAtIrql(&CpuQ->TCBDelayQ, &CpuQ->TCBDelayLock, OrigIrql)) != NULL) { DelayTCB = STRUCT_OF(TCB, Item, tcb_delayq); CTEStructAssert(DelayTCB, tcb);
CTEGetLockAtIrql(&DelayTCB->tcb_lock, OrigIrql, &TCBHandle);
ASSERT(DelayTCB->tcb_refcnt != 0); ASSERT(DelayTCB->tcb_flags & IN_DELAY_Q);
while (!CLOSING(DelayTCB) && (DelayTCB->tcb_flags & DELAYED_FLAGS)) {
if (DelayTCB->tcb_flags & NEED_RCV_CMPLT) { DelayTCB->tcb_flags &= ~NEED_RCV_CMPLT; CTEFreeLockAtIrql(&DelayTCB->tcb_lock, OrigIrql, TCBHandle); CompleteRcvs(DelayTCB); CTEGetLockAtIrql(&DelayTCB->tcb_lock, OrigIrql, &TCBHandle); } if (DelayTCB->tcb_flags & NEED_OUTPUT) { DelayTCB->tcb_flags &= ~NEED_OUTPUT; REFERENCE_TCB(DelayTCB); TCPSend(DelayTCB, TCBHandle); CTEGetLockAtIrql(&DelayTCB->tcb_lock, OrigIrql, &TCBHandle); } if (DelayTCB->tcb_flags & NEED_ACK) { DelayTCB->tcb_flags &= ~NEED_ACK; CTEFreeLockAtIrql(&DelayTCB->tcb_lock, OrigIrql, TCBHandle); SendACK(DelayTCB); CTEGetLockAtIrql(&DelayTCB->tcb_lock, OrigIrql, &TCBHandle); } }
if (CLOSING(DelayTCB) && (DelayTCB->tcb_flags & NEED_OUTPUT) && DATA_RCV_STATE(DelayTCB->tcb_state) && (DelayTCB->tcb_closereason & TCB_CLOSE_RST)) {#if DBG
DbgDnsProb++;#endif
DelayTCB->tcb_flags &= ~NEED_OUTPUT; REFERENCE_TCB(DelayTCB);
TCPSend(DelayTCB, TCBHandle); CTEGetLockAtIrql(&DelayTCB->tcb_lock, OrigIrql, &TCBHandle); }
DelayTCB->tcb_flags &= ~IN_DELAY_Q; DerefTCB(DelayTCB, TCBHandle);
if (ItemsProcessed) { (*ItemsProcessed)++; }
// If a time constraint was given, bail out if we've past it.
//
if (StopTicks) { KeQueryTickCount(&Ticks); if (Ticks.QuadPart > StopTicks->QuadPart) { TimeConstrained = TRUE; break; } } }
return TimeConstrained;}
//* ProcessTCBDelayQ - Process TCBs on the delayed Q.
//
// Called at various times to process TCBs on the delayed Q.
//
// Input: Nothing.
//
// Returns: Nothing.
//
voidProcessTCBDelayQ(void){ uint i; uint Index; LOGICAL TimeConstrained; KIRQL OrigIrql; ulong ItemsProcessed; LARGE_INTEGER TicksDelta; LARGE_INTEGER StopTicks;
// Check for recursion. We do not stop recursion completely, only
// limit it. This is done to allow multiple threads to process the
// TCBDelayQ simultaneously.
CTEInterlockedIncrementLong(&TCBDelayRtnCount.Value);
if (TCBDelayRtnCount.Value > TCBDelayRtnLimit.Value) { CTEInterlockedDecrementLong(&TCBDelayRtnCount.Value); return; }
OrigIrql = KeGetCurrentIrql();
// Constrain ProcessPerCpuTCBDelayQ to run only for 100 ms maximum.
//
ItemsProcessed = 0; TicksDelta.HighPart = 0; TicksDelta.LowPart = (100 * 10 * 1000) / KeQueryTimeIncrement(); KeQueryTickCount(&StopTicks); StopTicks.QuadPart = StopTicks.QuadPart + TicksDelta.QuadPart;
for (i = 0; i < Time_Proc; i++) {
// The order in which we process the delay queues is round-robined
// each time we enter this routine. This gives a bit of fairness
// to TCBs in all queues in the event that we exit this routine
// due to time contraints. Therefore, calculate the Index of
// the delay queue as the following:
//
Index = (i + TCBDelayQRoundRobinIndex.Value) % Time_Proc;
// We are just peeking at the queue to prevent taking it's
// lock uneccessarily.
//
if (!EMPTYQ(&PerCPUDelayQ[Index].TCBDelayQ)) {
TimeConstrained = ProcessPerCpuTCBDelayQ(Index, OrigIrql, &StopTicks, &ItemsProcessed);
if (TimeConstrained) { KdPrintEx((DPFLTR_TCPIP_ID, DPFLTR_INFO_LEVEL, "ProcessTCBDelayQ: Processed %u TCBs before " "time expired.\n", ItemsProcessed)); break; } } }
// Update the starting queue index for next time this routine is called.
// Affects of non-synchronized increment here are negligible.
// Ever-incrementing doesn't matter either because of the '% Time_Proc'
// above.
//
TCBDelayQRoundRobinIndex.Value++;
CTEInterlockedDecrementLong(&TCBDelayRtnCount.Value);}
//* DelayAction - Put a TCB on the queue for a delayed action.
//
// Called when we want to put a TCB on the DelayQ for a delayed action at
// rcv. complete or some other time. The lock on the TCB must be held when
// this is called.
//
// Input: DelayTCB - TCB which we're going to sched.
// Action - Action we're scheduling.
//
// Returns: Nothing.
//
voidDelayAction(TCB * DelayTCB, uint Action){ // Schedule the completion.
//
DelayTCB->tcb_flags |= Action; if (!(DelayTCB->tcb_flags & IN_DELAY_Q)) { uint Proc;#if MILLEN
Proc = 0;#else // MILLEN
Proc = KeGetCurrentProcessorNumber();#endif // !MILLEN
DelayTCB->tcb_flags |= IN_DELAY_Q; REFERENCE_TCB(DelayTCB); // Reference this for later.
//We may not be running timer dpcs on all the processors
if (!(Proc < Time_Proc)) { Proc = 0; }
InterlockedEnqueueAtDpcLevel(&PerCPUDelayQ[Proc].TCBDelayQ, &DelayTCB->tcb_delayq, &PerCPUDelayQ[Proc].TCBDelayLock); }}
uintHandleTWTCB(TWTCB * RcvTCB, uint flags, SeqNum *seq, uint Partition, CTELockHandle Handle){ uint Sendreset = FALSE; CTELockHandle TcbHandle;
//ASSERT(RcvTCB->twtcb_state == TCB_TIME_WAIT);
//check if this is the duplicate of last Fin segment
//if yes, sendack
//handle duplicate FIN and seq =< rcvnext by droping and sending ack
//and reenter tim_wait state for 2MSL
// send reset if seq > rcvnext, since app has already sent Fin
// if RST, delete this twtcb
// if SYN and if seq > rcvnext, we can do
// 1. delete twtcb and send rst, wait for SYN retry as is done today.
// 2. Tell tcprcv to acept this syn and use ISS+128000
if (SEQ_LTE(*seq, RcvTCB->twtcb_rcvnext) && (flags & TCP_FLAG_FIN)) { //remove twqueue and reinsert in 2MSL queue
ReInsert2MSL(RcvTCB); SendTWtcbACK(RcvTCB, Partition, Handle);
return Sendreset; }
if ((flags & TCP_FLAG_SYN) && SEQ_LTE(*seq, RcvTCB->twtcb_rcvnext)) { CTEFreeLockFromDPC(&pTWTCBTableLock[Partition], TcbHandle); return Sendreset; }
//if syn is set, we may want to close the tcb here
if ((flags & TCP_FLAG_SYN) || (flags & TCP_FLAG_RST)) {
//delete from delta queue
//and insert it in free twtcb list.
//Note that this requires release of tcblock, acquire twtcblock and then
//re acquire tcb lock.
if (flags & TCP_FLAG_SYN) { Sendreset = TRUE; *seq = RcvTCB->twtcb_sendnext+128000; }
RemoveTWTCB(RcvTCB, Partition); CTEFreeLockFromDPC(&pTWTCBTableLock[Partition], TcbHandle); FreeTWTCB(RcvTCB);
} else {
//just drop silently
CTEFreeLockFromDPC(&pTWTCBTableLock[Partition], TcbHandle); }
return Sendreset;}
//* TCPRcvComplete - Handle a receive complete.
//
// Called by the lower layers when we're done receiving. If we have any work
// to do, we use this time to do it.
//
// Input: Nothing.
//
// Returns: Nothing.
//
voidTCPRcvComplete(void){ ProcessTCBDelayQ();}
//* CompleteConnReq - Complete a connection request on a TCB.
//
// A utility function to complete a connection request on a TCB. We remove
// the connreq, and put it on the ConnReqCmpltQ where it will be picked
// off later during RcvCmplt processing. We assume the TCB lock is held when
// we're called.
//
// Input: CmpltTCB - TCB from which to complete.
// OptInfo - IP OptInfo for completeion.
// Status - Status to complete with.
//
// Returns: Nothing.
//
voidCompleteConnReq(TCB * CmpltTCB, IPOptInfo * OptInfo, TDI_STATUS Status){ TCPConnReq *ConnReq; CTELockHandle QueueHandle;
CTEStructAssert(CmpltTCB, tcb);
ConnReq = CmpltTCB->tcb_connreq; if (ConnReq != NULL) {
uint FastChk;
// There's a connreq on this TCB. Fill in the connection information
// before returning it.
if (TCB_TIMER_RUNNING_R(CmpltTCB, CONN_TIMER)) STOP_TCB_TIMER_R(CmpltTCB, CONN_TIMER);
CmpltTCB->tcb_connreq = NULL; UpdateConnInfo(ConnReq->tcr_conninfo, OptInfo, CmpltTCB->tcb_daddr, CmpltTCB->tcb_dport); if (ConnReq->tcr_addrinfo) { UpdateConnInfo(ConnReq->tcr_addrinfo, OptInfo, CmpltTCB->tcb_saddr, CmpltTCB->tcb_sport); }
ConnReq->tcr_req.tr_status = Status;
// In order to complete this request directly, we must block further
// receive-processing until this connect-indication is complete.
// We require that any caller of this routine must already hold
// a reference to the TCB so that the dereference below does not drop
// the reference-count to zero.
FastChk = (CmpltTCB->tcb_fastchk & TCP_FLAG_IN_RCV) ^ TCP_FLAG_IN_RCV; CmpltTCB->tcb_fastchk |= FastChk; CTEFreeLockFromDPC(&CmpltTCB->tcb_lock, QueueHandle = KeGetCurrentIrql()); (ConnReq->tcr_req.tr_rtn)(ConnReq->tcr_req.tr_context, ConnReq->tcr_req.tr_status, 0); FreeConnReq(ConnReq); CTEGetLockAtDPC(&CmpltTCB->tcb_lock, &QueueHandle); CmpltTCB->tcb_fastchk &= ~FastChk; if (CmpltTCB->tcb_flags & SEND_AFTER_RCV) { CmpltTCB->tcb_flags &= ~SEND_AFTER_RCV; DelayAction(CmpltTCB, NEED_OUTPUT); } }#if DBG
else { ASSERT((CmpltTCB->tcb_state == TCB_SYN_RCVD) && (CmpltTCB->tcb_fastchk & TCP_FLAG_ACCEPT_PENDING)); }#endif
}
voidSynAttChk(AddrObj * ListenAO, TCB * AcceptTCB)//
// function to check whether certain thresholds relevant to containing a
// SYN attack are being crossed.
//
// This function is called from FindListenConn when a connection has been
// found to handle the SYN request
//
{ BOOLEAN RexmitCntChanged = FALSE; CTELockHandle Handle;
CTEGetLockAtDPC(&SynAttLock.Lock, &Handle);
if (AcceptTCB) {
uint maxRexmitCnt;
//
// Decrement the # of conn. in half open state
//
ASSERT(TCPHalfOpen != 0); TCPHalfOpen--;
maxRexmitCnt = MIN(MaxConnectResponseRexmitCountTmp, MaxConnectResponseRexmitCount);
if (AcceptTCB->tcb_rexmitcnt >= maxRexmitCnt) { BOOLEAN Trigger; ASSERT(TCPHalfOpenRetried != 0); Trigger = (TCPHalfOpen < TCPMaxHalfOpen) || (--TCPHalfOpenRetried <= TCPMaxHalfOpenRetriedLW); if (Trigger && (MaxConnectResponseRexmitCountTmp == ADAPTED_MAX_CONNECT_RESPONSE_REXMIT_CNT)) { MaxConnectResponseRexmitCountTmp = MAX_CONNECT_RESPONSE_REXMIT_CNT; } }
} else if (ListenAO) {
//
// We are putting a connection in the syn_rcvd state. Check
// if we have reached the threshold. If we have reduce the
// number of retries to a lower value.
//
if ((++TCPHalfOpen >= TCPMaxHalfOpen) && (MaxConnectResponseRexmitCountTmp == MAX_CONNECT_RESPONSE_REXMIT_CNT)) { if (TCPHalfOpenRetried >= TCPMaxHalfOpenRetried) {
MaxConnectResponseRexmitCountTmp = ADAPTED_MAX_CONNECT_RESPONSE_REXMIT_CNT; RexmitCntChanged = TRUE; } } //
// if this connection limit for a port was reached earlier.
// Check if the lower watermark is getting hit now.
//
if (ListenAO->ConnLimitReached) { ListenAO->ConnLimitReached = FALSE; if (!RexmitCntChanged && (MaxConnectResponseRexmitCountTmp == ADAPTED_MAX_CONNECT_RESPONSE_REXMIT_CNT)) {
ASSERT(TCPPortsExhausted > 0); //
// The fact that FindListenConn found a connection on the port
// indicates that we had a connection available. This port
// was therefore not exhausted of connections. Set state
// appropriately. If the port has no more connections now,
// it will get added to the Exhausted count next time a syn for
// the port comes along.
//
ASSERT(TCPPortsExhausted != 0); if (--TCPPortsExhausted <= TCPMaxPortsExhaustedLW) {
MaxConnectResponseRexmitCountTmp = MAX_CONNECT_RESPONSE_REXMIT_CNT;
} } }
} else { TCPHalfOpen--; }
CTEFreeLockFromDPC(&SynAttLock.Lock, Handle); return;}
BOOLEANDelayedAcceptConn(AddrObj * ListenAO, IPAddr Src, ushort SrcPort,TCB *AcceptTCB){ CTELockHandle Handle; // Lock handle on AO, TCB.
TCPConn *CurrentConn = NULL; CTELockHandle ConnHandle; Queue *Temp; TCPConnReq *ConnReq = NULL; BOOLEAN FoundConn = FALSE;
CTEStructAssert(ListenAO, ao); CTEGetLockAtDPC(&ListenAO->ao_lock, &Handle); CTEFreeLockFromDPC(&AddrObjTableLock.Lock, DISPATCH_LEVEL);
if (AO_VALID(ListenAO)) {
if (ListenAO->ao_connect != NULL) { uchar TAddress[TCP_TA_SIZE]; PVOID ConnContext; PConnectEvent Event; PVOID EventContext; TDI_STATUS Status; PTCP_CONTEXT TcpContext = NULL;#if !MILLEN
ConnectEventInfo *EventInfo;#else // !MILLEN
ConnectEventInfo EventInfo;#endif // MILLEN
// He has a connect handler. Put the transport address together,
// and call him. We also need to get the necessary resources
// first.
Event = ListenAO->ao_connect; EventContext = ListenAO->ao_conncontext; REF_AO(ListenAO); CTEFreeLockFromDPC(&ListenAO->ao_lock, Handle);
//ao referenced
ConnReq = GetConnReq();
if (AcceptTCB != NULL && ConnReq != NULL) {
BuildTDIAddress(TAddress, Src, SrcPort);
IF_TCPDBG(TCP_DEBUG_CONNECT) { TCPTRACE(("indicating connect request\n")); }
Status = (*Event) (EventContext, TCP_TA_SIZE, (PTRANSPORT_ADDRESS) TAddress, 0, NULL, AcceptTCB->tcb_opt.ioi_optlength, AcceptTCB->tcb_opt.ioi_options, &ConnContext, &EventInfo);
if (Status == TDI_MORE_PROCESSING) {#if !MILLEN
PIO_STACK_LOCATION IrpSp; PTDI_REQUEST_KERNEL_ACCEPT AcceptRequest;
IrpSp = IoGetCurrentIrpStackLocation(EventInfo);
Status = TCPPrepareIrpForCancel( (PTCP_CONTEXT) IrpSp->FileObject->FsContext, EventInfo, TCPCancelRequest );
if (!NT_SUCCESS(Status)) { Status = TDI_NOT_ACCEPTED; EventInfo = NULL; goto AcceptIrpCancelled; }
// He accepted it. Find the connection on the AddrObj.
//check this out
//KdPrintEx((DPFLTR_TCPIP_ID, DPFLTR_INFO_LEVEL,"EP: Conn accepted for %x\n",AcceptTCB));
IF_TCPDBG(TCP_DEBUG_CONNECT) { TCPTRACE(( "connect indication accepted, queueing request\n" )); }
AcceptRequest = (PTDI_REQUEST_KERNEL_ACCEPT) & (IrpSp->Parameters); ConnReq->tcr_conninfo = AcceptRequest->ReturnConnectionInformation; if (AcceptRequest->RequestConnectionInformation && AcceptRequest->RequestConnectionInformation->RemoteAddress) { ConnReq->tcr_addrinfo = AcceptRequest->RequestConnectionInformation; } else { ConnReq->tcr_addrinfo = NULL; } ConnReq->tcr_req.tr_rtn = TCPRequestComplete; ConnReq->tcr_req.tr_context = EventInfo; AcceptTCB->tcb_connreq = ConnReq;
#else // !MILLEN
ConnReq->tcr_req.tr_rtn = EventInfo.cei_rtn; ConnReq->tcr_req.tr_context = EventInfo.cei_context; ConnReq->tcr_conninfo = EventInfo.cei_conninfo; ConnReq->tcr_addrinfo = NULL;#endif // MILLEN
CurrentConn = NULL;
#if !MILLEN
if ((IrpSp->FileObject->DeviceObject == TCPDeviceObject) && (PtrToUlong(IrpSp->FileObject->FsContext2) == TDI_CONNECTION_FILE) && ((TcpContext = IrpSp->FileObject->FsContext) != NULL) && ((CurrentConn = GetConnFromConnID( PtrToUlong(TcpContext->Handle.ConnectionContext), &ConnHandle)) != NULL) && (CurrentConn->tc_context == ConnContext) && !(CurrentConn->tc_flags & CONN_INVALID)) {
// Found the Conn structure!!
// Don't have to loop below.
CTEStructAssert(CurrentConn, tc);
Status = InitTCBFromConn(CurrentConn, AcceptTCB, AcceptRequest->RequestConnectionInformation, TRUE );
if (Status == TDI_SUCCESS) { FoundConn = TRUE;
ASSERT(AcceptTCB->tcb_state == TCB_SYN_RCVD);
AcceptTCB->tcb_conn = CurrentConn; AcceptTCB->tcb_connid = CurrentConn->tc_connid; CurrentConn->tc_tcb = AcceptTCB; CurrentConn->tc_refcnt++;
// Move him from the idle q to the active
// queue.
CTEGetLockAtDPC(&ListenAO->ao_lock, &Handle);
REMOVEQ(&CurrentConn->tc_q); PUSHQ(&ListenAO->ao_activeq, &CurrentConn->tc_q); } else { CTEFreeLockFromDPC(&((CurrentConn->tc_ConnBlock)->cb_lock), ConnHandle); }
} else {#endif // !MILLEN
if (CurrentConn) { CTEFreeLockFromDPC(&((CurrentConn->tc_ConnBlock)->cb_lock), ConnHandle); }
//slow path
//ao is referenced
Temp = QHEAD(&ListenAO->ao_idleq);;
Status = TDI_INVALID_CONNECTION;
while (Temp != QEND(&ListenAO->ao_idleq)) {
CurrentConn = QSTRUCT(TCPConn, Temp, tc_q);
CTEGetLockAtDPC(&(CurrentConn->tc_ConnBlock->cb_lock), &ConnHandle);#if DBG
CurrentConn->tc_ConnBlock->line = (uint) __LINE__; CurrentConn->tc_ConnBlock->module = (uchar *) __FILE__;#endif
CTEStructAssert(CurrentConn, tc);
if ((CurrentConn->tc_context == ConnContext) && !(CurrentConn->tc_flags & CONN_INVALID)) {
// We think we have a match. The connection
// shouldn't have a TCB associated with it. If it
// does, it's an error. InitTCBFromConn will
// handle all this.
Status = InitTCBFromConn(CurrentConn, AcceptTCB,#if !MILLEN
AcceptRequest->RequestConnectionInformation,#else // !MILLEN
EventInfo.cei_acceptinfo,#endif // MILLEN
TRUE);
if (Status == TDI_SUCCESS) {
FoundConn = TRUE; AcceptTCB->tcb_conn = CurrentConn; AcceptTCB->tcb_connid = CurrentConn->tc_connid; CurrentConn->tc_tcb = AcceptTCB;
CTEGetLockAtDPC(&ListenAO->ao_lock, &Handle);
// Move him from the idle q to the active
// queue.
REMOVEQ(&CurrentConn->tc_q); ENQUEUE(&ListenAO->ao_activeq, &CurrentConn->tc_q);
} else {
CTEFreeLockFromDPC(&(CurrentConn->tc_ConnBlock->cb_lock), ConnHandle); }
// In any case, we're done now.
break;
}
CTEFreeLockFromDPC(&(CurrentConn->tc_ConnBlock->cb_lock), ConnHandle); Temp = QNEXT(Temp); }#if !MILLEN
}#endif // !MILLEN
if (FoundConn) { LOCKED_DELAY_DEREF_AO(ListenAO); CTEFreeLockFromDPC(&ListenAO->ao_lock, Handle); CTEFreeLockFromDPC(&(CurrentConn->tc_ConnBlock->cb_lock), ConnHandle); } else { Handle = DISPATCH_LEVEL; CTEGetLockAtDPC(&AcceptTCB->tcb_lock, &Handle); REFERENCE_TCB(AcceptTCB); CompleteConnReq(AcceptTCB, &AcceptTCB->tcb_opt, Status); DerefTCB(AcceptTCB, Handle); DELAY_DEREF_AO(ListenAO); }
return FoundConn;
}else { //tdi_more_processing
if (ConnReq) { FreeConnReq(ConnReq); }
}
// event handler call failed for some reason
// kick in the synattack code
if (SynAttackProtect) { CTELockHandle Handle;
//
// If we need to Trigger to a lower retry count
//
if (!ListenAO->ConnLimitReached) { ListenAO->ConnLimitReached = TRUE; CTEGetLockAtDPC(&SynAttLock.Lock, &Handle); if ((++TCPPortsExhausted >= TCPMaxPortsExhausted) && (MaxConnectResponseRexmitCountTmp == MAX_CONNECT_RESPONSE_REXMIT_CNT)) {
MaxConnectResponseRexmitCountTmp = ADAPTED_MAX_CONNECT_RESPONSE_REXMIT_CNT; } CTEFreeLockFromDPC(&SynAttLock.Lock, Handle); } }
#if !MILLEN
AcceptIrpCancelled:#endif // !MILLEN
// The event handler didn't take it. Dereference it, free
// the resources, and return NULL.
DELAY_DEREF_AO(ListenAO); return FALSE;
} else {
// We couldn't get a valid tcb or getconnreq
if (ConnReq) { FreeConnReq(ConnReq); } DELAY_DEREF_AO(ListenAO); return FALSE;
}
}else { //ao_connect != null
CTEFreeLockFromDPC(&ListenAO->ao_lock, Handle); }
return FALSE; } //AO not valid
return FALSE;
}
BOOLEANInitSynTCB(SYNTCB *SynTcb, IPAddr Src, IPAddr Dest, TCPHeader UNALIGNED *TCPH, TCPRcvInfo *RcvInfo){
CTELockHandle Handle;
SynTcb->syntcb_state = TCB_SYN_RCVD; SynTcb->syntcb_flags |= CONN_ACCEPTED;
SynTcb->syntcb_refcnt = 1; SynTcb->syntcb_defaultwin = DEFAULT_RCV_WIN; SynTcb->syntcb_rcvwin = DEFAULT_RCV_WIN;
if (DefaultRcvWin) { SynTcb->syntcb_rcvwinscale = 0;
if (TcpHostOpts & TCP_FLAG_WS) { while ((SynTcb->syntcb_rcvwinscale < TCP_MAX_WINSHIFT) && ((TCP_MAXWIN << SynTcb->syntcb_rcvwinscale) < (int)DefaultRcvWin)) { SynTcb->syntcb_rcvwinscale++; }
}else{
if (DefaultRcvWin > 0xFFFF) { SynTcb->syntcb_defaultwin = 0xFFFF; SynTcb->syntcb_rcvwin = 0xFFFF; } } }
SynTcb->syntcb_daddr = Src; SynTcb->syntcb_saddr = Dest; SynTcb->syntcb_dport = TCPH->tcp_src; SynTcb->syntcb_sport = TCPH->tcp_dest; SynTcb->syntcb_rcvnext = ++(RcvInfo->tri_seq); SynTcb->syntcb_sendwin = RcvInfo->tri_window; SynTcb->syntcb_sendmax = SynTcb->syntcb_sendnext;
//
// Find Remote MSS and also if WS, TS or
//sack options are negotiated.
//
SynTcb->syntcb_sndwinscale = 0; SynTcb->syntcb_remmss = FindMSSAndOptions(TCPH, (TCB *)SynTcb,TRUE);
if (SynTcb->syntcb_remmss <= ALIGNED_TS_OPT_SIZE) {
//turn off TS if mss is not sufficient to
//hold TS fileds.
SynTcb->syntcb_tcpopts &= ~TCP_FLAG_TS; }
if (!InsertSynTCB(SynTcb, &Handle)){
FreeSynTCB(SynTcb); return FALSE; }
SynTcb->syntcb_rexmitcnt = 0; SynTcb->syntcb_rtt = 0; SynTcb->syntcb_smrtt = 0; SynTcb->syntcb_delta = MS_TO_TICKS(6000); SynTcb->syntcb_rexmit = MS_TO_TICKS(3000);
SendSYNOnSynTCB(SynTcb, Handle);
// The Rexmit interval has to be doubled here..
SynTcb->syntcb_rexmit = MIN( SynTcb->syntcb_rexmit << 1, MAX_REXMIT_TO );
TStats.ts_passiveopens++;
return TRUE;}
//* FindListenConn - Find (or fabricate) a listening connection.
//
// Called by our Receive handler to decide what to do about an incoming
// SYN. We walk down the list of connections associated with the destination
// address, and if we find any in the listening state that can be used for
// the incoming request we'll take them, possibly returning a listen in the
// process. If we don't find any appropriate listening connections, we'll
// call the Connect Event handler if one is registerd. If all else fails,
// we'll return NULL and the SYN will be RST.
//
// The caller must hold the AddrObjTableLock before calling this routine,
// and that lock must have been taken at DPC level. This routine will free
// that lock back to DPC level.
//
// Input: ListenAO - Pointer to AddrObj for local address.
// Src - Source IP address of SYN.
// SrcPort - Source port of SYN.
// OptInfo - IP options info from SYN.
//
// Returns: Pointer to found TCB, or NULL if we can't find one.
//
TCB *FindListenConn(AddrObj *ListenAO, IPAddr Src, IPAddr Dest, ushort SrcPort, IPOptInfo *OptInfo, TCPHeader UNALIGNED *TCPH, TCPRcvInfo *RcvInfo, BOOLEAN *syn){ CTELockHandle Handle; // Lock handle on AO, TCB.
TCB *CurrentTCB = NULL; TCPConn *CurrentConn = NULL; TCPConnReq *ConnReq = NULL; CTELockHandle ConnHandle; Queue *Temp; uint FoundConn = FALSE;
CTEStructAssert(ListenAO, ao);
CTEGetLockAtDPC(&ListenAO->ao_lock, &Handle);
CTEFreeLockFromDPC(&AddrObjTableLock.Lock, DISPATCH_LEVEL);
// We have the lock on the AddrObj. Walk down it's list, looking
// for connections in the listening state.
if (AO_VALID(ListenAO)) { if (ListenAO->ao_listencnt != 0) { CTELockHandle TCBHandle;
Temp = QHEAD(&ListenAO->ao_listenq); while (Temp != QEND(&ListenAO->ao_listenq)) {
CurrentConn = QSTRUCT(TCPConn, Temp, tc_q);
ListenAO->ao_usecnt++;
CTEFreeLockFromDPC(&ListenAO->ao_lock, DISPATCH_LEVEL);
CTEGetLockAtDPC(&(CurrentConn->tc_ConnBlock->cb_lock), &ConnHandle);#if DBG
CurrentConn->tc_ConnBlock->line = (uint) __LINE__; CurrentConn->tc_ConnBlock->module = (uchar *) __FILE__;#endif
CTEStructAssert(CurrentConn, tc);
CTEGetLockAtDPC(&ListenAO->ao_lock, &ConnHandle);
ListenAO->ao_usecnt--;
// If this TCB is in the listening state, with no delete
// pending, it's a candidate. Look at the pending listen
// info. to see if we should take it.
if (((CurrentTCB = CurrentConn->tc_tcb) != NULL) && CurrentTCB->tcb_state == TCB_LISTEN) {
CTEStructAssert(CurrentTCB, tcb); ASSERT(CurrentTCB->tcb_state == TCB_LISTEN);
CTEGetLockAtDPC(&CurrentTCB->tcb_lock, &TCBHandle);
if (CurrentTCB->tcb_state == TCB_LISTEN && !PENDING_ACTION(CurrentTCB)) {
// Need to see if we can take it.
// See if the addresses specifed in the ConnReq
// match.
if ((IP_ADDR_EQUAL(CurrentTCB->tcb_daddr, NULL_IP_ADDR) || IP_ADDR_EQUAL(CurrentTCB->tcb_daddr, Src)) && (CurrentTCB->tcb_dport == 0 || CurrentTCB->tcb_dport == SrcPort)) { FoundConn = TRUE; break; } // Otherwise, this didn't match, so we'll check the
// next one.
} CTEFreeLockFromDPC(&CurrentTCB->tcb_lock, TCBHandle); } CTEFreeLockFromDPC(&(CurrentConn->tc_ConnBlock->cb_lock), ConnHandle); Temp = QNEXT(Temp); }
//..with ao_lock held
// See why we've exited the loop.
if (FoundConn) {
CTEStructAssert(CurrentTCB, tcb);
// We exited because we found a TCB. If it's pre-accepted,
// we're done.
REFERENCE_TCB(CurrentTCB);
ASSERT(CurrentTCB->tcb_connreq != NULL);
ConnReq = CurrentTCB->tcb_connreq;
// If QUERY_ACCEPT isn't set, turn on the CONN_ACCEPTED bit.
if (!(ConnReq->tcr_flags & TCR_FLAG_QUERY_ACCEPT)) {
CurrentTCB->tcb_flags |= CONN_ACCEPTED; // If CONN_ACCEPTED, Tdi Accept is not called
// again. So, get ISN when we are with in conn table lock
#if MILLEN
//just use tcb_sendnext to hold hash value
//for randisn
CurrentTCB->tcb_sendnext = TCB_HASH(CurrentTCB->tcb_daddr, CurrentTCB->tcb_dport, CurrentTCB->tcb_saddr, CurrentTCB->tcb_sport);
#endif
GetRandomISN(&CurrentTCB->tcb_sendnext); } CurrentTCB->tcb_state = TCB_SYN_RCVD;
ListenAO->ao_listencnt--;
// Since he's no longer listening, remove him from the listen
// queue and put him on the active queue.
REMOVEQ(&CurrentConn->tc_q); ENQUEUE(&ListenAO->ao_activeq, &CurrentConn->tc_q); if (SynAttackProtect) { SynAttChk(ListenAO,NULL); }
CTEFreeLockFromDPC(&CurrentTCB->tcb_lock, TCBHandle); CTEFreeLockFromDPC(&ListenAO->ao_lock, Handle); CTEFreeLockFromDPC(&(CurrentConn->tc_ConnBlock->cb_lock), ConnHandle); return CurrentTCB; } else { // Since we have a listening count, this should never happen
// if that count was non-zero initially.
// We currently don't keep a good count on ao_listencnt when
// the IRPs are cancelled.
// ASSERT(FALSE);
} } // We didn't find a matching TCB. If there's a connect indication
// handler, call it now to find a connection to accept on.
//AO_lock is held
ASSERT(FoundConn == FALSE);
if (SynAttackProtect){
SYNTCB *AcceptTCB;
AcceptTCB = AllocSynTCB();
if (AcceptTCB) {
CTEFreeLockFromDPC(&ListenAO->ao_lock, Handle);
#if MILLEN
//just use tcb_sendnext to hold hash value
//for randisn
AcceptTCB->syntcb_sendnext = TCB_HASH(AcceptTCB->syntcb_daddr, AcceptTCB->syntcb_dport, AcceptTCB->syntcb_saddr, AcceptTCB->syntcb_sport);#endif
GetRandomISN(&AcceptTCB->syntcb_sendnext);
//KdPrintEx((DPFLTR_TCPIP_ID, DPFLTR_INFO_LEVEL,"EP:FLC allocated SP TCB %x\n",AcceptTCB));
if (InitSynTCB(AcceptTCB,Src,Dest,TCPH,RcvInfo)){ *syn = TRUE; SynAttChk(ListenAO, NULL); }
return NULL; } else { //resource problem bail out
//KdPrintEx((DPFLTR_TCPIP_ID, DPFLTR_INFO_LEVEL,"EP:FLC Failed to allocate TCB\n"));
CTEFreeLockFromDPC(&ListenAO->ao_lock, Handle); return NULL; } }
if (ListenAO->ao_connect != NULL) { uchar TAddress[TCP_TA_SIZE]; PVOID ConnContext; PConnectEvent Event; PVOID EventContext; TDI_STATUS Status; TCB *AcceptTCB; TCPConnReq *ConnReq; PTCP_CONTEXT TcpContext = NULL;#if !MILLEN
ConnectEventInfo *EventInfo;#else // !MILLEN
ConnectEventInfo EventInfo;#endif // MILLEN
// He has a connect handler. Put the transport address together,
// and call him. We also need to get the necessary resources
// first.
Event = ListenAO->ao_connect; EventContext = ListenAO->ao_conncontext; REF_AO(ListenAO); CTEFreeLockFromDPC(&ListenAO->ao_lock, Handle);
//ao referenced
AcceptTCB = AllocTCB(); ConnReq = GetConnReq();
if (AcceptTCB != NULL && ConnReq != NULL) { //Event = ListenAO->ao_connect;
//EventContext = ListenAO->ao_conncontext;
BuildTDIAddress(TAddress, Src, SrcPort); //REF_AO(ListenAO);
AcceptTCB->tcb_state = TCB_LISTEN; AcceptTCB->tcb_connreq = ConnReq; AcceptTCB->tcb_flags |= CONN_ACCEPTED;
//CTEFreeLockFromDPC(&ListenAO->ao_lock, Handle);
//CTEFreeLockFromDPC(&ConnTableLock, ConnHandle);
IF_TCPDBG(TCP_DEBUG_CONNECT) { TCPTRACE(("indicating connect request\n")); }
Status = (*Event) (EventContext, TCP_TA_SIZE, (PTRANSPORT_ADDRESS) TAddress, 0, NULL, OptInfo->ioi_optlength, OptInfo->ioi_options, &ConnContext, &EventInfo);
if (Status == TDI_MORE_PROCESSING) {#if !MILLEN
PIO_STACK_LOCATION IrpSp; PTDI_REQUEST_KERNEL_ACCEPT AcceptRequest;
IrpSp = IoGetCurrentIrpStackLocation(EventInfo);
Status = TCPPrepareIrpForCancel( (PTCP_CONTEXT) IrpSp->FileObject->FsContext, EventInfo, TCPCancelRequest );
if (!NT_SUCCESS(Status)) { Status = TDI_NOT_ACCEPTED; EventInfo = NULL; goto AcceptIrpCancelled; }
// He accepted it. Find the connection on the AddrObj.
{
IF_TCPDBG(TCP_DEBUG_CONNECT) { TCPTRACE(( "connect indication accepted, queueing request\n" )); }
AcceptRequest = (PTDI_REQUEST_KERNEL_ACCEPT) & (IrpSp->Parameters); ConnReq->tcr_conninfo = AcceptRequest->ReturnConnectionInformation; if (AcceptRequest->RequestConnectionInformation && AcceptRequest->RequestConnectionInformation->RemoteAddress) { ConnReq->tcr_addrinfo = AcceptRequest->RequestConnectionInformation; } else { ConnReq->tcr_addrinfo = NULL; } ConnReq->tcr_req.tr_rtn = TCPRequestComplete; ConnReq->tcr_req.tr_context = EventInfo; ConnReq->tcr_flags = 0; }
#else // !MILLEN
ConnReq->tcr_req.tr_rtn = EventInfo.cei_rtn; ConnReq->tcr_req.tr_context = EventInfo.cei_context; ConnReq->tcr_conninfo = EventInfo.cei_conninfo; ConnReq->tcr_addrinfo = NULL;#endif // MILLEN
CurrentConn = NULL;
#if !MILLEN
if ((IrpSp->FileObject->DeviceObject == TCPDeviceObject) && (PtrToUlong(IrpSp->FileObject->FsContext2) == TDI_CONNECTION_FILE) && ((TcpContext = IrpSp->FileObject->FsContext) != NULL) && ((CurrentConn = GetConnFromConnID( PtrToUlong(TcpContext->Handle.ConnectionContext), &ConnHandle)) != NULL) && (CurrentConn->tc_context == ConnContext) && !(CurrentConn->tc_flags & CONN_INVALID)) { // Found the Conn structure!!
// Don't have to loop below.
CTEStructAssert(CurrentConn, tc);
AcceptTCB->tcb_refcnt = 0; REFERENCE_TCB(AcceptTCB); Status = InitTCBFromConn(CurrentConn, AcceptTCB, AcceptRequest->RequestConnectionInformation, TRUE );
if (Status == TDI_SUCCESS) { FoundConn = TRUE; AcceptTCB->tcb_state = TCB_SYN_RCVD; AcceptTCB->tcb_conn = CurrentConn; AcceptTCB->tcb_connid = CurrentConn->tc_connid; CurrentConn->tc_tcb = AcceptTCB; CurrentConn->tc_refcnt++;
GetRandomISN(&AcceptTCB->tcb_sendnext); // Move him from the idle q to the active
// queue.
CTEGetLockAtDPC(&ListenAO->ao_lock, &Handle);
REMOVEQ(&CurrentConn->tc_q); PUSHQ(&ListenAO->ao_activeq, &CurrentConn->tc_q); } else {
CTEFreeLockFromDPC(&((CurrentConn->tc_ConnBlock)->cb_lock), ConnHandle); }
} else {#endif // !MILLEN
if (CurrentConn) { CTEFreeLockFromDPC(&((CurrentConn->tc_ConnBlock)->cb_lock), ConnHandle); } //slow path
//ao is referenced
Temp = QHEAD(&ListenAO->ao_idleq);; CurrentTCB = NULL; Status = TDI_INVALID_CONNECTION;
while (Temp != QEND(&ListenAO->ao_idleq)) {
CurrentConn = QSTRUCT(TCPConn, Temp, tc_q);
CTEGetLockAtDPC(&(CurrentConn->tc_ConnBlock->cb_lock), &ConnHandle);#if DBG
CurrentConn->tc_ConnBlock->line = (uint) __LINE__; CurrentConn->tc_ConnBlock->module = (uchar *) __FILE__;#endif
CTEStructAssert(CurrentConn, tc); if ((CurrentConn->tc_context == ConnContext) && !(CurrentConn->tc_flags & CONN_INVALID)) {
// We think we have a match. The connection
// shouldn't have a TCB associated with it. If it
// does, it's an error. InitTCBFromConn will
// handle all this.
AcceptTCB->tcb_refcnt = 0; REFERENCE_TCB(AcceptTCB); Status = InitTCBFromConn(CurrentConn, AcceptTCB,#if !MILLEN
AcceptRequest->RequestConnectionInformation,#else // !MILLEN
EventInfo.cei_acceptinfo,#endif // MILLEN
TRUE);
if (Status == TDI_SUCCESS) { FoundConn = TRUE; AcceptTCB->tcb_state = TCB_SYN_RCVD; AcceptTCB->tcb_conn = CurrentConn; AcceptTCB->tcb_connid = CurrentConn->tc_connid; CurrentConn->tc_tcb = AcceptTCB; CurrentConn->tc_refcnt++;
#if MILLEN
//just use tcb_sendnext to hold hash value
//for randisn
AcceptTCB->tcb_sendnext = TCB_HASH(AcceptTCB->tcb_daddr, AcceptTCB->tcb_dport, AcceptTCB->tcb_saddr, AcceptTCB->tcb_sport);#endif
GetRandomISN(&AcceptTCB->tcb_sendnext); CTEGetLockAtDPC(&ListenAO->ao_lock, &Handle);
// Move him from the idle q to the active
// queue.
REMOVEQ(&CurrentConn->tc_q); ENQUEUE(&ListenAO->ao_activeq, &CurrentConn->tc_q); } else {
CTEFreeLockFromDPC(&(CurrentConn->tc_ConnBlock->cb_lock), ConnHandle); }
// In any case, we're done now.
break;
} CTEFreeLockFromDPC(&(CurrentConn->tc_ConnBlock->cb_lock), ConnHandle); Temp = QNEXT(Temp); }#if !MILLEN
}#endif // !MILLEN
if (!FoundConn) { // Didn't find a match, or had an error. Status
// code is set.
// Complete the ConnReq and free the resources.
CTEGetLockAtDPC(&AcceptTCB->tcb_lock, &Handle); CompleteConnReq(AcceptTCB, OptInfo, Status); CTEFreeLockFromDPC(&AcceptTCB->tcb_lock, Handle); FreeTCB(AcceptTCB); AcceptTCB = NULL; } else { if (SynAttackProtect) { SynAttChk(ListenAO, NULL); } }
if (FoundConn) { LOCKED_DELAY_DEREF_AO(ListenAO); CTEFreeLockFromDPC(&ListenAO->ao_lock, Handle); CTEFreeLockFromDPC(&(CurrentConn->tc_ConnBlock->cb_lock), ConnHandle); } else {
DELAY_DEREF_AO(ListenAO); }
return AcceptTCB;
} //tdi_more_processing
// event handler call failed for some reason
// kick in the synattack code
if (SynAttackProtect) { CTELockHandle Handle;
//
// If we need to Trigger to a lower retry count
//
if (!ListenAO->ConnLimitReached) { ListenAO->ConnLimitReached = TRUE; CTEGetLockAtDPC(&SynAttLock.Lock, &Handle); if ((++TCPPortsExhausted >= TCPMaxPortsExhausted) && (MaxConnectResponseRexmitCountTmp == MAX_CONNECT_RESPONSE_REXMIT_CNT)) {
MaxConnectResponseRexmitCountTmp = ADAPTED_MAX_CONNECT_RESPONSE_REXMIT_CNT; } CTEFreeLockFromDPC(&SynAttLock.Lock, Handle); } }
#if !MILLEN
AcceptIrpCancelled:#endif // !MILLEN
// The event handler didn't take it. Dereference it, free
// the resources, and return NULL.
FreeConnReq(ConnReq); FreeTCB(AcceptTCB); DELAY_DEREF_AO(ListenAO); return NULL;
} else { // We couldn't get a needed resources. Free any that we
// did get, and fall through to the 'return NULL' code.
DELAY_DEREF_AO(ListenAO);
if (ConnReq != NULL) FreeConnReq(ConnReq); if (AcceptTCB != NULL) FreeTCB(AcceptTCB);
}
} else { //ao_connect != null
CTEFreeLockFromDPC(&ListenAO->ao_lock, Handle); }
return NULL; } // If we get here, the address object wasn't valid.
CTEFreeLockFromDPC(&ListenAO->ao_lock, Handle); return NULL;}
//* FindMSS - Find the MSS option in a segment.
//
// Called when a SYN is received to find the MSS option in a segment. If we
// don't find one, we assume the worst and return 536.
//
// Input: TCPH - TCP header to be searched.
//
// Returns: MSS to be used.
//
ushortFindMSS(TCPHeader UNALIGNED * TCPH){ uint OptSize; uchar *OptPtr;
OptSize = TCP_HDR_SIZE(TCPH) - sizeof(TCPHeader);
OptPtr = (uchar *) (TCPH + 1);
while (OptSize) {
if (*OptPtr == TCP_OPT_EOL) break;
if (*OptPtr == TCP_OPT_NOP) { OptPtr++; OptSize--; continue; } if (*OptPtr == TCP_OPT_MSS) { if (OptPtr[1] == MSS_OPT_SIZE) { ushort TempMss = *(ushort UNALIGNED *) (OptPtr + 2); if (TempMss != 0) return net_short(TempMss); else break; // MSS size of 0, use default.
} else break; // Bad option size, use default.
} else { // Unknown option.
if (OptPtr[1] == 0 || OptPtr[1] > OptSize) break; // Bad option length, bail out.
OptSize -= OptPtr[1]; OptPtr += OptPtr[1]; } }
return MAX_REMOTE_MSS;
}
// FindMSSAndOptions
//
// Called when a SYN is received to find the MSS option in a segment. If we
// don't find one, we assume the worst and return 536.
//
// Also, parses incoming header for Window scaling, timestamp and SACK
// options. Note that we will enable these options for the connection
// only if they are enabled on this host.
//
//
// Input: TCPH - TCP header to be searched.
//
// Returns: MSS to be used.
//
ushortFindMSSAndOptions(TCPHeader UNALIGNED * TCPH, TCB * SynTCB, BOOLEAN syn){ uint OptSize; uchar *OptPtr; ushort TempMss = 0; BOOLEAN WinScale = FALSE; ushort SYN = 0; ushort tcboptions; uint tcbdefwin; short rcvwinscale=0,sndwinscale=0; int tsupdate=0,tsrecent=0;
OptSize = TCP_HDR_SIZE(TCPH) - sizeof(TCPHeader); OptPtr = (uchar *) (TCPH + 1); SYN = (TCPH->tcp_flags & TCP_FLAG_SYN);
if (syn) { tcboptions = ((SYNTCB *)SynTCB)->syntcb_tcpopts; } else { tcboptions = SynTCB->tcb_tcpopts; }
while ((int)OptSize > 0) {
if (*OptPtr == TCP_OPT_EOL) break;
if (*OptPtr == TCP_OPT_NOP) { OptPtr++; OptSize--; continue; } if ((*OptPtr == TCP_OPT_MSS) && (OptSize >= MSS_OPT_SIZE)) {
if (SYN && (OptPtr[1] == MSS_OPT_SIZE)) { TempMss = 0; TempMss = *(ushort UNALIGNED *) (OptPtr + 2);
if (TempMss != 0) { TempMss = net_short(TempMss); } } OptSize -= MSS_OPT_SIZE; OptPtr += MSS_OPT_SIZE;
} else if ((*OptPtr == TCP_OPT_WS) && (OptSize >= WS_OPT_SIZE)) {
if (SYN && (OptPtr[1] == WS_OPT_SIZE) && (TcpHostOpts & TCP_FLAG_WS)) {
sndwinscale = (uint)OptPtr[2];
IF_TCPDBG(TCP_DEBUG_1323) { TCPTRACE(("WS option %x", sndwinscale)); } tcboptions |= TCP_FLAG_WS; WinScale = TRUE; } OptSize -= WS_OPT_SIZE; OptPtr += WS_OPT_SIZE;
} else if ((*OptPtr == TCP_OPT_TS) && (OptSize >= TS_OPT_SIZE)) { // Time stamp options
if ((OptPtr[1] == TS_OPT_SIZE) && (TcpHostOpts & TCP_FLAG_TS)) { int tsval = *(int UNALIGNED *)&OptPtr[2];
tcboptions |= TCP_FLAG_TS; if (SYN) { tsupdate = TCPTime; tsrecent = net_long(tsval); } IF_TCPDBG(TCP_DEBUG_1323) { TCPTRACE(("TS option %x", SynTCB)); } } OptSize -= TS_OPT_SIZE; OptPtr += TS_OPT_SIZE;
} else if ((*OptPtr == TCP_SACK_PERMITTED_OPT) && (OptSize >= SACK_PERMITTED_OPT_SIZE)) { // SACK OPtions
if ((OptPtr[1] == SACK_PERMITTED_OPT_SIZE) && (TcpHostOpts & TCP_FLAG_SACK)) {
tcboptions |= TCP_FLAG_SACK; IF_TCPDBG(TCP_DEBUG_SACK) { TCPTRACE(("Rcvd SACK_OPT %x\n", SynTCB)); } } OptSize -= SACK_PERMITTED_OPT_SIZE; OptPtr += SACK_PERMITTED_OPT_SIZE;
} else { // Unknown option.
if (OptSize > 1) { if (OptPtr[1] == 0 || OptPtr[1] > OptSize) { break; // Bad option length, bail out.
}
OptSize -= OptPtr[1]; OptPtr += OptPtr[1]; } else { break; } } }
if (WinScale) { if (sndwinscale > TCP_MAX_WINSHIFT) { sndwinscale = TCP_MAX_WINSHIFT; } }
if (syn) { ((SYNTCB *)SynTCB)->syntcb_tcpopts = tcboptions; ((SYNTCB *)SynTCB)->syntcb_tsupdatetime = tsupdate; ((SYNTCB *)SynTCB)->syntcb_tsrecent = tsrecent; if (!WinScale && (DefaultRcvWin > 0xFFFF)) { ((SYNTCB *)SynTCB)->syntcb_defaultwin = 0xFFFF; ((SYNTCB *)SynTCB)->syntcb_rcvwin = 0xFFFF; ((SYNTCB *)SynTCB)->syntcb_rcvwinscale = 0; } ((SYNTCB *)SynTCB)->syntcb_sndwinscale = sndwinscale;
} else { SynTCB->tcb_tcpopts = tcboptions; SynTCB->tcb_tsupdatetime = tsupdate; SynTCB->tcb_tsrecent = tsrecent;
if (!WinScale && (DefaultRcvWin > 0xFFFF)) { SynTCB->tcb_defaultwin = 0xFFFF; SynTCB->tcb_rcvwin = 0xFFFF; SynTCB->tcb_rcvwinscale = 0; }
SynTCB->tcb_sndwinscale = sndwinscale; }
if (TempMss) { return (TempMss); } else { return MAX_REMOTE_MSS; }}
//* ACKAndDrop - Acknowledge a segment, and drop it.
//
// Called from within the receive code when we need to drop a segment that's
// outside the receive window.
//
// Input: RI - Receive info for incoming segment.
// RcvTCB - TCB for incoming segment.
//
// Returns: Nothing.
//
voidACKAndDrop(TCPRcvInfo * RI, TCB * RcvTCB){ CTELockHandle Handle;
Handle = DISPATCH_LEVEL;
if (!(RI->tri_flags & TCP_FLAG_RST)) { CTEFreeLockFromDPC(&RcvTCB->tcb_lock, Handle); SendACK(RcvTCB); CTEGetLockAtDPC(&RcvTCB->tcb_lock, &Handle); } DerefTCB(RcvTCB, Handle);
}
//* ACKData - Acknowledge data.
//
// Called from the receive handler to acknowledge data. We're given the
// TCB and the new value of senduna. We walk down the send q. pulling
// off sends and putting them on the complete q until we hit the end
// or we acknowledge the specified number of bytes of data.
//
// NOTE: We manipulate the send refcnt and acked flag without taking a lock.
// This is OK in the VxD version where locks don't mean anything anyway, but
// in the port to NT we'll need to add locking. The lock will have to be
// taken in the transmit complete routine. We can't use a lock in the TCB,
// since the TCB could go away before the transmit complete happens, and a lock
// in the TSR would be overkill, so it's probably best to use a global lock
// for this. If that causes too much contention, we could use a set of locks
// and pass a pointer to the appropriate lock back as part of the transmit
// confirm context. This lock pointer would also need to be stored in the
// TCB.
//
// Input: ACKTcb - TCB from which to pull data.
// SendUNA - New value of send una.
// SendQ - Queue to be filled with ACK'd requests.
//
// Returns: Nothing.
//
voidACKData(TCB * ACKTcb, SeqNum SendUNA, Queue* SendQ){ Queue *End, *Current; // End and current elements.
Queue *TempQ, *EndQ; Queue *LastCmplt; // Last one we completed.
TCPSendReq *CurrentTSR; // Current send req we're
// looking at.
PNDIS_BUFFER CurrentBuffer; // Current NDIS_BUFFER.
uint Updated = FALSE; uint BufLength; int Amount, OrigAmount; long Result; CTELockHandle Handle; uint Temp;
Queue *DummytmpQ;
#if TRACE_EVENT
PTDI_DATA_REQUEST_NOTIFY_ROUTINE CPCallBack; WMIData WMIInfo;#endif
CTEStructAssert(ACKTcb, tcb);
CheckTCBSends(ACKTcb);
Amount = SendUNA - ACKTcb->tcb_senduna; ASSERT(Amount > 0);
// if the receiver is acking something for which we have
// a sack entry, remove it.
if (ACKTcb->tcb_SackRcvd) { SackListEntry *Prev, *Current;
Prev = STRUCT_OF(SackListEntry, &ACKTcb->tcb_SackRcvd, next); Current = ACKTcb->tcb_SackRcvd;
// Scan the list for old sack entries and purge them
while ((Current != NULL) && SEQ_GT(SendUNA, Current->begin)) { Prev->next = Current->next;
IF_TCPDBG(TCP_DEBUG_SACK) { TCPTRACE(("ACKData:Purging old entries %x %d %d\n", Current, Current->begin, Current->end)); } CTEFreeMem(Current); Current = Prev->next; } }
// Do a quick check to see if this acks everything that we have. If it does,
// handle it right away. We can only do this in the ESTABLISHED state,
// because we blindly update sendnext, and that can only work if we
// haven't sent a FIN.
if ((Amount == (int)ACKTcb->tcb_unacked) && ACKTcb->tcb_state == TCB_ESTAB) {
// Everything is acked.
ASSERT(!EMPTYQ(&ACKTcb->tcb_sendq));
TempQ = ACKTcb->tcb_sendq.q_next;
INITQ(&ACKTcb->tcb_sendq);
ACKTcb->tcb_sendnext = SendUNA; ACKTcb->tcb_senduna = SendUNA;
ASSERT(ACKTcb->tcb_sendnext == ACKTcb->tcb_sendmax); ACKTcb->tcb_cursend = NULL; ACKTcb->tcb_sendbuf = NULL; ACKTcb->tcb_sendofs = 0; ACKTcb->tcb_sendsize = 0; ACKTcb->tcb_unacked = 0;
#if ACK_DEBUG
ACKTcb->tcb_ack_history[ACKTcb->tcb_history_index].sequence = SendUNA; ACKTcb->tcb_ack_history[ACKTcb->tcb_history_index].unacked = ACKTcb->tcb_unacked;
ACKTcb->tcb_history_index++; if (ACKTcb->tcb_history_index >= NUM_ACK_HISTORY_ITEMS) { ACKTcb->tcb_history_index = 0; }#endif // ACK_DEBUG
// Now walk down the list of send requests. If the reference count
// has gone to 0, put it on the send complete queue.
EndQ = &ACKTcb->tcb_sendq; do { CurrentTSR = STRUCT_OF(TCPSendReq, QSTRUCT(TCPReq, TempQ, tr_q), tsr_req);
CTEStructAssert(CurrentTSR, tsr);
TempQ = CurrentTSR->tsr_req.tr_q.q_next;
CurrentTSR->tsr_req.tr_status = TDI_SUCCESS; Result = CTEInterlockedDecrementLong(&CurrentTSR->tsr_refcnt);
ASSERT(Result >= 0);
#if TRACE_EVENT
CPCallBack = TCPCPHandlerRoutine; if (CPCallBack != NULL) { ulong GroupType;
WMIInfo.wmi_destaddr = ACKTcb->tcb_daddr; WMIInfo.wmi_destport = ACKTcb->tcb_dport; WMIInfo.wmi_srcaddr = ACKTcb->tcb_saddr; WMIInfo.wmi_srcport = ACKTcb->tcb_sport; WMIInfo.wmi_size = CurrentTSR->tsr_size; WMIInfo.wmi_context = ACKTcb->tcb_cpcontext;
GroupType = EVENT_TRACE_GROUP_TCPIP + EVENT_TRACE_TYPE_SEND; (*CPCallBack)(GroupType, (PVOID)&WMIInfo, sizeof(WMIInfo), NULL); }#endif
if ((Result <= 0) && !(CurrentTSR->tsr_flags & TSR_FLAG_SEND_AND_DISC)) { // No more references are outstanding, the send can be
// completed.
// If we've sent directly from this send, NULL out the next
// pointer for the last buffer in the chain.
if (CurrentTSR->tsr_lastbuf != NULL) { NDIS_BUFFER_LINKAGE(CurrentTSR->tsr_lastbuf) = NULL; CurrentTSR->tsr_lastbuf = NULL; } ACKTcb->tcb_totaltime += (TCPTime - CurrentTSR->tsr_time); Temp = ACKTcb->tcb_bcountlow; ACKTcb->tcb_bcountlow += CurrentTSR->tsr_size; ACKTcb->tcb_bcounthi += (Temp > ACKTcb->tcb_bcountlow ? 1 : 0);
ENQUEUE(SendQ, &CurrentTSR->tsr_req.tr_q); } } while (TempQ != EndQ);
CheckTCBSends(ACKTcb); return; }
OrigAmount = Amount; End = QEND(&ACKTcb->tcb_sendq); Current = QHEAD(&ACKTcb->tcb_sendq);
LastCmplt = NULL;
while (Amount > 0 && Current != End) { CurrentTSR = STRUCT_OF(TCPSendReq, QSTRUCT(TCPReq, Current, tr_q), tsr_req); CTEStructAssert(CurrentTSR, tsr);
if (Amount >= (int)CurrentTSR->tsr_unasize) { // This is completely acked. Just advance to the next one.
Amount -= CurrentTSR->tsr_unasize;
LastCmplt = Current;
Current = QNEXT(Current); continue; } // This one is only partially acked. Update his offset and NDIS buffer
// pointer, and break out. We know that Amount is < the unacked size
// in this buffer, we we can walk the NDIS buffer chain without fear
// of falling off the end.
CurrentBuffer = CurrentTSR->tsr_buffer; ASSERT(CurrentBuffer != NULL); ASSERT(Amount < (int)CurrentTSR->tsr_unasize); CurrentTSR->tsr_unasize -= Amount;
BufLength = NdisBufferLength(CurrentBuffer) - CurrentTSR->tsr_offset;
if (Amount >= (int)BufLength) { do { Amount -= BufLength; CurrentBuffer = NDIS_BUFFER_LINKAGE(CurrentBuffer); ASSERT(CurrentBuffer != NULL); BufLength = NdisBufferLength(CurrentBuffer); } while (Amount >= (int)BufLength);
CurrentTSR->tsr_offset = Amount; CurrentTSR->tsr_buffer = CurrentBuffer;
} else CurrentTSR->tsr_offset += Amount;
Amount = 0;
break; }
// We should always be able to remove at least Amount bytes, except in
// the case where a FIN has been sent. In that case we should be off
// by exactly one. In the debug builds we'll check this.
ASSERT(0 == Amount || ((ACKTcb->tcb_flags & FIN_SENT) && (1 == Amount)));
if (SEQ_GT(SendUNA, ACKTcb->tcb_sendnext)) {
if (Current != End) { // Need to reevaluate CurrentTSR, in case we bailed out of the
// above loop after updating Current but before updating
// CurrentTSR.
CurrentTSR = STRUCT_OF(TCPSendReq, QSTRUCT(TCPReq, Current, tr_q), tsr_req); CTEStructAssert(CurrentTSR, tsr); ACKTcb->tcb_cursend = CurrentTSR; ACKTcb->tcb_sendbuf = CurrentTSR->tsr_buffer; ACKTcb->tcb_sendofs = CurrentTSR->tsr_offset; ACKTcb->tcb_sendsize = CurrentTSR->tsr_unasize; } else { ACKTcb->tcb_cursend = NULL; ACKTcb->tcb_sendbuf = NULL; ACKTcb->tcb_sendofs = 0; ACKTcb->tcb_sendsize = 0; }
ACKTcb->tcb_sendnext = SendUNA; } // Now update tcb_unacked with the amount we tried to ack minus the
// amount we didn't ack (Amount should be 0 or 1 here).
ASSERT(Amount == 0 || Amount == 1);
if (ACKTcb->tcb_unacked) {
ASSERT(ACKTcb->tcb_unacked >= (uint)OrigAmount - Amount); ACKTcb->tcb_unacked -= OrigAmount - Amount; }
#if ACK_DEBUG
ACKTcb->tcb_ack_history[ACKTcb->tcb_history_index].sequence = SendUNA; ACKTcb->tcb_ack_history[ACKTcb->tcb_history_index].unacked = ACKTcb->tcb_unacked;
ACKTcb->tcb_history_index++; if (ACKTcb->tcb_history_index >= NUM_ACK_HISTORY_ITEMS) { ACKTcb->tcb_history_index = 0; }#endif // ACK_DEBUG
ASSERT(*(int *)&ACKTcb->tcb_unacked >= 0);
ACKTcb->tcb_senduna = SendUNA;
// If we've acked any here, LastCmplt will be non-null, and Current will
// point to the send that should be at the start of the queue. Splice
// out the completed ones and put them on the end of the send completed
// queue, and update the TCB send q.
if (LastCmplt != NULL) { Queue *FirstCmplt; TCPSendReq *FirstTSR, *EndTSR;
ASSERT(!EMPTYQ(&ACKTcb->tcb_sendq));
FirstCmplt = QHEAD(&ACKTcb->tcb_sendq);
// If we've acked everything, just reinit the queue.
if (Current == End) { INITQ(&ACKTcb->tcb_sendq); } else { // There's still something on the queue. Just update it.
ACKTcb->tcb_sendq.q_next = Current; Current->q_prev = &ACKTcb->tcb_sendq; }
CheckTCBSends(ACKTcb);
// Now walk down the lists of things acked. If the refcnt on the send
// is 0, go ahead and put him on the send complete Q. Otherwise set
// the ACKed bit in the send, and he'll be completed when the count
// goes to 0 in the transmit confirm.
//
// Note that we haven't done any locking here. This will probably
// need to change in the port to NT.
// Set FirstTSR to the first TSR we'll complete, and EndTSR to be
// the first TSR that isn't completed.
FirstTSR = STRUCT_OF(TCPSendReq, QSTRUCT(TCPReq, FirstCmplt, tr_q), tsr_req); EndTSR = STRUCT_OF(TCPSendReq, QSTRUCT(TCPReq, Current, tr_q), tsr_req);
CTEStructAssert(FirstTSR, tsr); ASSERT(FirstTSR != EndTSR);
// Now walk the list of ACKed TSRs. If we can complete one, put him
// on the complete queue.
while (FirstTSR != EndTSR) {
TempQ = QNEXT(&FirstTSR->tsr_req.tr_q);
CTEStructAssert(FirstTSR, tsr); FirstTSR->tsr_req.tr_status = TDI_SUCCESS;
// The tsr_lastbuf->Next field is zapped to 0 when the tsr_refcnt
// goes to 0, so we don't need to do it here.
#if TRACE_EVENT
CPCallBack = TCPCPHandlerRoutine; if (CPCallBack != NULL) { ulong GroupType;
WMIInfo.wmi_destaddr = ACKTcb->tcb_daddr; WMIInfo.wmi_destport = ACKTcb->tcb_dport; WMIInfo.wmi_srcaddr = ACKTcb->tcb_saddr; WMIInfo.wmi_srcport = ACKTcb->tcb_sport; WMIInfo.wmi_size = FirstTSR->tsr_size; WMIInfo.wmi_context = ACKTcb->tcb_cpcontext;
GroupType = EVENT_TRACE_GROUP_TCPIP + EVENT_TRACE_TYPE_SEND; (*CPCallBack)(GroupType, (PVOID)&WMIInfo, sizeof(WMIInfo), NULL); }#endif
// Decrement the reference put on the send buffer when it was
// initialized indicating the send has been acknowledged.
if (!(FirstTSR->tsr_flags & TSR_FLAG_SEND_AND_DISC)) {
Result = CTEInterlockedDecrementLong(&FirstTSR->tsr_refcnt);
ASSERT(Result >= 0);
if (Result <= 0) { // No more references are outstanding, the send can be
// completed.
// If we've sent directly from this send, NULL out the next
// pointer for the last buffer in the chain.
if (FirstTSR->tsr_lastbuf != NULL) { NDIS_BUFFER_LINKAGE(FirstTSR->tsr_lastbuf) = NULL; FirstTSR->tsr_lastbuf = NULL; } ACKTcb->tcb_totaltime += (TCPTime - FirstTSR->tsr_time); Temp = ACKTcb->tcb_bcountlow; ACKTcb->tcb_bcountlow += FirstTSR->tsr_size; ACKTcb->tcb_bcounthi += (Temp > ACKTcb->tcb_bcountlow ? 1 : 0);
ENQUEUE(SendQ, &FirstTSR->tsr_req.tr_q); } } else { if (EMPTYQ(&ACKTcb->tcb_sendq) && (FirstTSR->tsr_flags & TSR_FLAG_SEND_AND_DISC)) { ENQUEUE(&ACKTcb->tcb_sendq, &FirstTSR->tsr_req.tr_q); ACKTcb->tcb_fastchk |= TCP_FLAG_REQUEUE_FROM_SEND_AND_DISC; //this will be deleted when CloseTCB will be called on this.
CheckTCBSends(ACKTcb); break; } }
FirstTSR = STRUCT_OF(TCPSendReq, QSTRUCT(TCPReq, TempQ, tr_q), tsr_req); } }}
//* TrimRcvBuf - Trim the front edge of a receive buffer.
//
// A utility routine to trim the front of a receive buffer. We take in a
// a count (which may be 0) and adjust the pointer in the first buffer in
// the chain by that much. If there isn't that much in the first buffer,
// we move onto the next one. If we run out of buffers we'll return a pointer
// to the last buffer in the chain, with a size of 0. It's the caller's
// responsibility to catch this.
//
// Input: RcvBuf - Buffer to be trimmed.
// Count - Amount to be trimmed.
//
// Returns: A pointer to the new start, or NULL.
//
IPRcvBuf *TrimRcvBuf(IPRcvBuf * RcvBuf, uint Count){ uint TrimThisTime;
ASSERT(RcvBuf != NULL);
while (Count) { ASSERT(RcvBuf != NULL);
TrimThisTime = MIN(Count, RcvBuf->ipr_size); Count -= TrimThisTime; RcvBuf->ipr_buffer += TrimThisTime; if ((RcvBuf->ipr_size -= TrimThisTime) == 0) { if (RcvBuf->ipr_next != NULL) RcvBuf = RcvBuf->ipr_next; else { // Ran out of buffers. Just return this one.
break; } } }
return RcvBuf;
}
//* FreeRBChain - Free an RB chain.
//
// Called to free a chain of RBs. If we're the owner of each RB, we'll
// free it.
//
// Input: RBChain - RBChain to be freed.
//
// Returns: Nothing.
//
voidFreeRBChain(IPRcvBuf * RBChain){ while (RBChain != NULL) {
if (RBChain->ipr_owner == IPR_OWNER_TCP) { IPRcvBuf *Temp;
Temp = RBChain->ipr_next; FreeTcpIpr(RBChain); RBChain = Temp; } else RBChain = RBChain->ipr_next; }
}
IPRcvBuf DummyBuf;
//* PullFromRAQ - Pull segments from the reassembly queue.
//
// Called when we've received frames out of order, and have some segments
// on the reassembly queue. We'll walk down the reassembly list, segments that
// are overlapped by the current rcv. next variable. When we get
// to one that doesn't completely overlap we'll trim it to fit the next
// rcv. seq. number, and pull it from the queue.
//
// Input: RcvTCB - TCB to pull from.
// RcvInfo - Pointer to TCPRcvInfo structure for current seg.
// Size - Pointer to size for current segment. We'll update
// this when we're done.
//
// Returns: Nothing.
//
IPRcvBuf *PullFromRAQ(TCB * RcvTCB, TCPRcvInfo * RcvInfo, uint * Size){ TCPRAHdr *CurrentTRH; // Current TCP RA Header being examined.
TCPRAHdr *TempTRH; // Temporary variable.
SeqNum NextSeq; // Next sequence number we want.
IPRcvBuf *NewBuf; SeqNum NextTRHSeq; // Seq. number immediately after
// current TRH.
int Overlap; // Overlap between current TRH and
// NextSeq.
CTEStructAssert(RcvTCB, tcb);
CurrentTRH = RcvTCB->tcb_raq; NextSeq = RcvTCB->tcb_rcvnext;
while (CurrentTRH != NULL) { CTEStructAssert(CurrentTRH, trh); ASSERT(!(CurrentTRH->trh_flags & TCP_FLAG_SYN));
if (SEQ_LT(NextSeq, CurrentTRH->trh_start)) {#if DBG
*Size = 0;#endif
//invalidate Sack Block
if ((RcvTCB->tcb_tcpopts & TCP_FLAG_SACK) && RcvTCB->tcb_SackBlock) { int i; for (i = 0; i < 3; i++) { if ((RcvTCB->tcb_SackBlock->Mask[i] != 0) && (SEQ_LT(RcvTCB->tcb_SackBlock->Block[i].end, CurrentTRH->trh_start))) { RcvTCB->tcb_SackBlock->Mask[i] = 0; } } }
return NULL; // The next TRH starts too far down.
} NextTRHSeq = CurrentTRH->trh_start + CurrentTRH->trh_size + ((CurrentTRH->trh_flags & TCP_FLAG_FIN) ? 1 : 0);
if (SEQ_GTE(NextSeq, NextTRHSeq)) { // The current TRH is overlapped completely. Free it and continue.
FreeRBChain(CurrentTRH->trh_buffer); TempTRH = CurrentTRH->trh_next; CTEFreeMem(CurrentTRH); CurrentTRH = TempTRH; RcvTCB->tcb_raq = TempTRH; if (TempTRH == NULL) { // We've just cleaned off the RAQ. We can go back on the
// fast path now.
if (--(RcvTCB->tcb_slowcount) == 0) { RcvTCB->tcb_fastchk &= ~TCP_FLAG_SLOW; CheckTCBRcv(RcvTCB); } break; } } else { Overlap = NextSeq - CurrentTRH->trh_start; RcvInfo->tri_seq = NextSeq; RcvInfo->tri_flags = CurrentTRH->trh_flags; RcvInfo->tri_urgent = CurrentTRH->trh_urg;
if (Overlap != (int)CurrentTRH->trh_size) { NewBuf = FreePartialRB(CurrentTRH->trh_buffer, Overlap); *Size = CurrentTRH->trh_size - Overlap; } else { // This completely overlaps the data in this segment, but the
// sequence number doesn't overlap completely. There must
// be a FIN in the TRH. If we called FreePartialRB with this
// we'd end up returning NULL, which is the signal for failure.
// Instead we'll just return some bogus value that nobody
// will look at with a size of 0.
FreeRBChain(CurrentTRH->trh_buffer); ASSERT(CurrentTRH->trh_flags & TCP_FLAG_FIN); NewBuf = &DummyBuf; *Size = 0; }
RcvTCB->tcb_raq = CurrentTRH->trh_next; if (RcvTCB->tcb_raq == NULL) { // We've just cleaned off the RAQ. We can go back on the
// fast path now.
if (--(RcvTCB->tcb_slowcount) == 0) { RcvTCB->tcb_fastchk &= ~TCP_FLAG_SLOW; CheckTCBRcv(RcvTCB); } } CTEFreeMem(CurrentTRH); return NewBuf; }
}
#if DBG
*Size = 0;#endif
//invalidate Sack Block
if (RcvTCB->tcb_tcpopts & TCP_FLAG_SACK && RcvTCB->tcb_SackBlock) { RcvTCB->tcb_SackBlock->Mask[0] = 0; RcvTCB->tcb_SackBlock->Mask[1] = 0; RcvTCB->tcb_SackBlock->Mask[2] = 0; RcvTCB->tcb_SackBlock->Mask[3] = 0; } return NULL;
}
//* CreateTRH - Create a TCP reassembly header.
//
// This function tries to create a TCP reassembly header. We take as input
// a pointer to the previous TRH in the chain, the RcvBuffer to put on,
// etc. and try to create and link in a TRH. The caller must hold the lock
// on the TCB when this is called.
//
// Input: PrevTRH - Pointer to TRH to insert after.
// RcvBuf - Pointer to IP RcvBuf chain.
// RcvInfo - Pointer to RcvInfo for this TRH.
// Size - Size in bytes of data.
//
// Returns: TRUE if we created it, FALSE otherwise.
//
uintCreateTRH(TCPRAHdr * PrevTRH, IPRcvBuf * RcvBuf, TCPRcvInfo * RcvInfo, int Size){ TCPRAHdr *NewTRH; IPRcvBuf *NewRcvBuf;
ASSERT((Size > 0) || (RcvInfo->tri_flags & TCP_FLAG_FIN));
NewTRH = CTEAllocMemLow(sizeof(TCPRAHdr), 'SPCT'); if (NewTRH == NULL) { return FALSE; }
#if DBG
NewTRH->trh_sig = trh_signature;#endif
NewRcvBuf = AllocTcpIpr(Size, 'SPCT'); if (NewRcvBuf == NULL) { CTEFreeMem(NewTRH); return FALSE; } if (Size != 0) CopyRcvToBuffer(NewRcvBuf->ipr_buffer, RcvBuf, Size, 0);
NewTRH->trh_start = RcvInfo->tri_seq; NewTRH->trh_flags = RcvInfo->tri_flags; NewTRH->trh_size = Size; NewTRH->trh_urg = RcvInfo->tri_urgent; NewTRH->trh_buffer = NewRcvBuf; NewTRH->trh_end = NewRcvBuf;
NewTRH->trh_next = PrevTRH->trh_next; PrevTRH->trh_next = NewTRH; return TRUE;
}
// SendSackInACK - SEnd SACK block in acknowledgement
//
// Called if incoming data is in the window but left edge
// is not advanced because incoming seq > rcvnext.
// This routine scans the queued up data, constructs SACK block
// points the block in tcb for SendACK.
//
// Entry RcvTCB
// IncomingSeq Seq num of Data coming in
//
// Returns Nothing
voidSendSackInACK(TCB * RcvTCB, SeqNum IncomingSeq){ TCPRAHdr *PrevTRH, *CurrentTRH; // Prev. and current TRH
// pointers.
SeqNum NextSeq, NextTRHSeq; // Seq. number of first byte
SACKSendBlock *SackBlock; CTELockHandle TableHandle = 0; int i, j;
CTEStructAssert(RcvTCB, tcb);
// If we have a SACK block use it else create one.
// Note that we use max of 4 sack blocks
// Sack block structure:
// First long word holds index of the
// 4 sack blocks, starting from 1. zero
// in index field means no sack block
//
// !--------!--------!--------!--------!
// | 1 | 2 | 3 | 4 |
// -------------------------------------
// | |
// -------------------------------------
// | |
// -------------------------------------
// Allocate a block if it is not already there
if (RcvTCB->tcb_SackBlock == NULL) {
SackBlock = CTEAllocMemN((sizeof(SACKSendBlock)), 'sPCT');
if (SackBlock == NULL) {
TableHandle = DISPATCH_LEVEL;
// Resources failure. Just try to send ack
// and leave the resource handling to some one else
CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle);
SendACK(RcvTCB); return;
} else { RcvTCB->tcb_SackBlock = SackBlock; //Initialize the first entry to indicate that this is the new one
NdisZeroMemory(SackBlock, sizeof(SACKSendBlock));
}
} else SackBlock = RcvTCB->tcb_SackBlock;
IF_TCPDBG(TCP_DEBUG_SACK) { TCPTRACE(("SendSackInACK %x %x %d\n", SackBlock, RcvTCB, IncomingSeq)); }
PrevTRH = STRUCT_OF(TCPRAHdr, &RcvTCB->tcb_raq, trh_next); CurrentTRH = PrevTRH->trh_next;
while (CurrentTRH != NULL) { CTEStructAssert(CurrentTRH, trh);
ASSERT(!(CurrentTRH->trh_flags & TCP_FLAG_SYN));
NextTRHSeq = CurrentTRH->trh_start + CurrentTRH->trh_size + ((CurrentTRH->trh_flags & TCP_FLAG_FIN) ? 1 : 0);
if ((SackBlock->Mask[0] != (uchar) - 1) && (SEQ_LTE(CurrentTRH->trh_start, IncomingSeq) && SEQ_LTE(IncomingSeq, NextTRHSeq))) {
if (SackBlock->Mask[0] == 0) { //This is the only sack block
SackBlock->Block[0].begin = CurrentTRH->trh_start; SackBlock->Block[0].end = NextTRHSeq; SackBlock->Mask[0] = (uchar) - 1; //Make it valid
} else {
if (!((SEQ_LTE(CurrentTRH->trh_start, SackBlock->Block[0].begin) && SEQ_GTE(NextTRHSeq, SackBlock->Block[0].end)) || (SEQ_LTE(CurrentTRH->trh_start, SackBlock->Block[0].begin) && SEQ_LTE(SackBlock->Block[0].begin, NextTRHSeq)) || (SEQ_LTE(CurrentTRH->trh_start, SackBlock->Block[0].end) && SEQ_LTE(SackBlock->Block[0].end, NextTRHSeq)))) {
// Push the blocks down and fill the top
for (i = 2; i >= 0; i--) { SackBlock->Block[i + 1].begin = SackBlock->Block[i].begin; SackBlock->Block[i + 1].end = SackBlock->Block[i].end; SackBlock->Mask[i + 1] = -SackBlock->Mask[i];
} } SackBlock->Block[0].begin = CurrentTRH->trh_start; SackBlock->Block[0].end = NextTRHSeq; SackBlock->Mask[0] = (uchar) - 1;
IF_TCPDBG(TCP_DEBUG_SACK) { TCPTRACE(("Sack 0 %d %d \n", CurrentTRH->trh_start, NextTRHSeq)); }
}
} else {
// process all the sack blocks to see if the currentTRH is
// valid for those blocks
for (i = 1; i <= 3; i++) { if ((SackBlock->Mask[i] != 0) && (SEQ_LTE(CurrentTRH->trh_start, SackBlock->Block[i].begin) && SEQ_LTE(SackBlock->Block[i].begin, NextTRHSeq))) {
SackBlock->Block[i].begin = CurrentTRH->trh_start; SackBlock->Block[i].end = NextTRHSeq; SackBlock->Mask[i] = (uchar) - 1; } } }
PrevTRH = CurrentTRH; CurrentTRH = CurrentTRH->trh_next;
} //while
//Check and set the blocks traversed for validity
for (i = 0; i <= 3; i++) {
if (SackBlock->Mask[i] != (uchar) - 1) { SackBlock->Mask[i] = 0; } else { SackBlock->Mask[i] = 1;
IF_TCPDBG(TCP_DEBUG_SACK) { TCPTRACE(("Sack in ack %x %d %d\n", i, SackBlock->Block[i].begin, SackBlock->Block[i].end)); } } }
// Make sure that there are no duplicates
for (i = 0; i < 3; i++) {
if (SackBlock->Mask[i]) { for (j = i + 1; j < 4; j++) { if (SackBlock->Mask[j] && (SackBlock->Block[i].begin == SackBlock->Block[j].begin)) IF_TCPDBG(TCP_DEBUG_SACK) { TCPTRACE(("Duplicates!!\n")); } } } }
TableHandle = DISPATCH_LEVEL;
CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle);
SendACK(RcvTCB);
}
//* PutOnRAQ - Put a segment on the reassembly queue.
//
// Called during segment reception to put a segment on the reassembly
// queue. We try to use as few reassembly headers as possible, so if this
// segment has some overlap with an existing entry in the queue we'll just
// update the existing entry. If there is no overlap we'll create a new
// reassembly header. Combining URGENT data with non-URGENT data is tricky.
// If we get a segment that has urgent data that overlaps the front of a
// reassembly header we'll always mark the whole chunk as urgent - the value
// of the urgent pointer will mark the end of urgent data, so this is OK. If it
// only overlaps at the end, however, we won't combine, since we would have to
// mark previously non-urgent data as urgent. We'll trim the
// front of the incoming segment and create a new reassembly header. Also,
// if we have non-urgent data that overlaps at the front of a reassembly
// header containing urgent data we can't combine these two, since again we
// would mark non-urgent data as urgent.
// Our search will stop if we find an entry with a FIN.
// We assume that the TCB lock is held by the caller.
//
// Entry: RcvTCB - TCB on which to reassemble.
// RcvInfo - Pointer to RcvInfo for new segment.
// RcvBuf - IP RcvBuf chain for this segment.
// Size - Size in bytes of data in this segment.
//
// Returns: TRUE or FALSE if it could not put RcvBuf on Queue
//
BOOLEANPutOnRAQ(TCB * RcvTCB, TCPRcvInfo * RcvInfo, IPRcvBuf * RcvBuf, uint Size){ TCPRAHdr *PrevTRH, *CurrentTRH; // Prev. and current TRH
// pointers.
SeqNum NextSeq; // Seq. number of first byte
// after segment being
// reassembled.
SeqNum NextTRHSeq; // Seq. number of first byte
// after current TRH.
uint Created;
CTEStructAssert(RcvTCB, tcb); ASSERT(RcvTCB->tcb_rcvnext != RcvInfo->tri_seq); ASSERT(!(RcvInfo->tri_flags & TCP_FLAG_SYN)); NextSeq = RcvInfo->tri_seq + Size + ((RcvInfo->tri_flags & TCP_FLAG_FIN) ? 1 : 0);
PrevTRH = STRUCT_OF(TCPRAHdr, &RcvTCB->tcb_raq, trh_next); CurrentTRH = PrevTRH->trh_next;
// Walk down the reassembly queue, looking for the correct place to
// insert this, until we hit the end.
while (CurrentTRH != NULL) { CTEStructAssert(CurrentTRH, trh);
ASSERT(!(CurrentTRH->trh_flags & TCP_FLAG_SYN)); NextTRHSeq = CurrentTRH->trh_start + CurrentTRH->trh_size + ((CurrentTRH->trh_flags & TCP_FLAG_FIN) ? 1 : 0);
// First, see if it starts beyond the end of the current TRH.
if (SEQ_LTE(RcvInfo->tri_seq, NextTRHSeq)) { // We know the incoming segment doesn't start beyond the end
// of this TRH, so we'll either create a new TRH in front of
// this one or we'll merge the new segment onto this TRH.
// If the end of the current segment is in front of the start
// of the current TRH, we'll need to create a new TRH. Otherwise
// we'll merge these two.
if (SEQ_LT(NextSeq, CurrentTRH->trh_start)) break; else { // There's some overlap. If there's actually data in the
// incoming segment we'll merge it.
if (Size != 0) { int FrontOverlap, BackOverlap; IPRcvBuf *NewRB;
// We need to merge. If there's a FIN on the incoming
// segment that would fall inside this current TRH, we
// have a protocol violation from the remote peer. In this
// case just return, discarding the incoming segment.
if ((RcvInfo->tri_flags & TCP_FLAG_FIN) && SEQ_LTE(NextSeq, NextTRHSeq)) return TRUE;
// We have some overlap. Figure out how much.
FrontOverlap = CurrentTRH->trh_start - RcvInfo->tri_seq; if (FrontOverlap > 0) { // Have overlap in front. Allocate an IPRcvBuf to
// to hold it, and copy it, unless we would have to
// combine non-urgent with urgent.
if (!(RcvInfo->tri_flags & TCP_FLAG_URG) && (CurrentTRH->trh_flags & TCP_FLAG_URG)) { if (CreateTRH(PrevTRH, RcvBuf, RcvInfo, CurrentTRH->trh_start - RcvInfo->tri_seq)) { PrevTRH = PrevTRH->trh_next; CurrentTRH = PrevTRH->trh_next; } FrontOverlap = 0;
} else { NewRB = AllocTcpIpr(FrontOverlap, 'BPCT'); if (NewRB == NULL) { return TRUE; // Couldn't get the buffer.
}
CopyRcvToBuffer(NewRB->ipr_buffer, RcvBuf, FrontOverlap, 0); CurrentTRH->trh_size += FrontOverlap; NewRB->ipr_next = CurrentTRH->trh_buffer; CurrentTRH->trh_buffer = NewRB; CurrentTRH->trh_start = RcvInfo->tri_seq; } } // We've updated the starting sequence number of this TRH
// if we needed to. Now look for back overlap. There can't
// be any back overlap if the current TRH has a FIN. Also
// we'll need to check for urgent data if there is back
// overlap.
if (!(CurrentTRH->trh_flags & TCP_FLAG_FIN)) { BackOverlap = RcvInfo->tri_seq + Size - NextTRHSeq; if ((BackOverlap > 0) && (RcvInfo->tri_flags & TCP_FLAG_URG) && !(CurrentTRH->trh_flags & TCP_FLAG_URG) && (FrontOverlap <= 0)) { int AmountToTrim; // The incoming segment has urgent data and overlaps
// on the back but not the front, and the current
// TRH has no urgent data. We can't combine into
// this TRH, so trim the front of the incoming
// segment to NextTRHSeq and move to the next
// TRH.
AmountToTrim = NextTRHSeq - RcvInfo->tri_seq; ASSERT(AmountToTrim >= 0); ASSERT(AmountToTrim < (int)Size); RcvBuf = FreePartialRB(RcvBuf, (uint) AmountToTrim); RcvInfo->tri_seq += AmountToTrim; RcvInfo->tri_urgent -= AmountToTrim; PrevTRH = CurrentTRH; CurrentTRH = PrevTRH->trh_next; //Adjust the incoming size too...
Size -= AmountToTrim; continue; } } else BackOverlap = 0;
// Now if we have back overlap, copy it.
if (BackOverlap > 0) { // We have back overlap. Get a buffer to copy it into.
// If we can't get one, we won't just return, because
// we may have updated the front and may need to
// update the urgent info.
NewRB = AllocTcpIpr(BackOverlap, 'BPCT'); if (NewRB != NULL) { // Got the buffer.
CopyRcvToBuffer(NewRB->ipr_buffer, RcvBuf, BackOverlap, NextTRHSeq - RcvInfo->tri_seq); CurrentTRH->trh_size += BackOverlap; NewRB->ipr_next = CurrentTRH->trh_end->ipr_next; CurrentTRH->trh_end->ipr_next = NewRB; CurrentTRH->trh_end = NewRB;
// This data segment could also contain a FIN. If
// so, just set the TRH flag.
//
// N.B. If there's another reassembly header after
// the current one, the data that we're about
// to put on the current header might already be
// on that subsequent header which, in that event,
// will already have the FIN flag set.
// Check for that case before recording the FIN.
if ((RcvInfo->tri_flags & TCP_FLAG_FIN) && !CurrentTRH->trh_next) { CurrentTRH->trh_flags |= TCP_FLAG_FIN; } } } // Everything should be consistent now. If there's an
// urgent data pointer in the incoming segment, update the
// one in the TRH now.
if (RcvInfo->tri_flags & TCP_FLAG_URG) { SeqNum UrgSeq; // Have an urgent pointer. If the current TRH already
// has an urgent pointer, see which is bigger. Otherwise
// just use this one.
UrgSeq = RcvInfo->tri_seq + RcvInfo->tri_urgent; if (CurrentTRH->trh_flags & TCP_FLAG_URG) { SeqNum TRHUrgSeq;
TRHUrgSeq = CurrentTRH->trh_start + CurrentTRH->trh_urg; if (SEQ_LT(UrgSeq, TRHUrgSeq)) UrgSeq = TRHUrgSeq; } else CurrentTRH->trh_flags |= TCP_FLAG_URG;
CurrentTRH->trh_urg = UrgSeq - CurrentTRH->trh_start; } } else { // We have a 0 length segment. The only interesting thing
// here is if there's a FIN on the segment. If there is,
// and the seq. # of the incoming segment is exactly after
// the current TRH, OR matches the FIN in the current TRH,
// we note it.
if (RcvInfo->tri_flags & TCP_FLAG_FIN) { if (!(CurrentTRH->trh_flags & TCP_FLAG_FIN)) { if (SEQ_EQ(NextTRHSeq, RcvInfo->tri_seq)) CurrentTRH->trh_flags |= TCP_FLAG_FIN; else ASSERT(0); } else { ASSERT(SEQ_EQ((NextTRHSeq - 1), RcvInfo->tri_seq)); } } } return TRUE; } } else { // Look at the next TRH, unless the current TRH has a FIN. If he
// has a FIN, we won't save any data beyond that anyway.
if (CurrentTRH->trh_flags & TCP_FLAG_FIN) return TRUE;
PrevTRH = CurrentTRH; CurrentTRH = PrevTRH->trh_next; } }
// When we get here, we need to create a new TRH. If we create one and
// there was previously nothing on the reassembly queue, we'll have to
// move off the fast receive path.
CurrentTRH = RcvTCB->tcb_raq; Created = CreateTRH(PrevTRH, RcvBuf, RcvInfo, (int)Size);
if (Created && CurrentTRH == NULL) { RcvTCB->tcb_slowcount++; RcvTCB->tcb_fastchk |= TCP_FLAG_SLOW; CheckTCBRcv(RcvTCB); } else if (!Created) {
// Caller needs to know about this failure
// to free resources
return FALSE; } return TRUE;}
//* HandleFastXmit - Handles fast retransmit
//
// Called by TCPRcv to transmit a segment
// without waiting for re-transmit timeout to fire.
//
// Entry: RcvTCB - Connection context for this Rcv
// RcvInfo - Pointer to rcvd TCP Header information
//
// Returns: TRUE if the segment got retransmitted, FALSE
// in all other cases.
//
BOOLEANHandleFastXmit(TCB *RcvTCB, TCPRcvInfo *RcvInfo){ uint CWin;
RcvTCB->tcb_dup++;
if ((RcvTCB->tcb_dup == MaxDupAcks)) {
//
// Okay. Time to retransmit the segment the
// receiver is asking for
//
STOP_TCB_TIMER_R(RcvTCB, RXMIT_TIMER);
RcvTCB->tcb_rtt = 0;
if (!(RcvTCB->tcb_flags & FLOW_CNTLD)) {
//
// Don't let the slow start threshold go
// below 2 segments
//
RcvTCB->tcb_ssthresh = MAX( MIN(RcvTCB->tcb_cwin, RcvTCB->tcb_sendwin) / 2, (uint) RcvTCB->tcb_mss * 2); }
//
// Recall the segment in question and send it
// out. Note that tcb_lock will be
// dereferenced by the caller
//
CWin = RcvTCB->tcb_ssthresh + (MaxDupAcks + 1) * RcvTCB->tcb_mss;
ResetAndFastSend(RcvTCB, RcvTCB->tcb_senduna, CWin);
return TRUE;
} else if ((RcvTCB->tcb_dup > MaxDupAcks)) {
int SendWin; uint AmtOutstanding, AmtUnsent;
if (SEQ_EQ(RcvTCB->tcb_senduna, RcvInfo->tri_ack) && (SEQ_LT(RcvTCB->tcb_sendwl1, RcvInfo->tri_seq) || (SEQ_EQ(RcvTCB->tcb_sendwl1, RcvInfo->tri_seq) && SEQ_LTE(RcvTCB->tcb_sendwl2,RcvInfo->tri_ack)))) {
RcvTCB->tcb_sendwin = RcvInfo->tri_window; RcvTCB->tcb_maxwin = MAX(RcvTCB->tcb_maxwin, RcvInfo->tri_window); RcvTCB->tcb_sendwl1 = RcvInfo->tri_seq; RcvTCB->tcb_sendwl2 = RcvInfo->tri_ack; }
//
// Update the cwin to reflect the fact that
// the dup ack indicates the previous frame
// was received by the receiver
//
RcvTCB->tcb_cwin += RcvTCB->tcb_mss; if ((RcvTCB->tcb_cwin + RcvTCB->tcb_mss) < RcvTCB->tcb_sendwin) { AmtOutstanding = (uint) (RcvTCB->tcb_sendnext - RcvTCB->tcb_senduna); AmtUnsent = RcvTCB->tcb_unacked - AmtOutstanding;
SendWin = (int)(MIN(RcvTCB->tcb_sendwin, RcvTCB->tcb_cwin) - AmtOutstanding);
if (SendWin < RcvTCB->tcb_mss) { RcvTCB->tcb_force = 1; } }
} else if ((RcvTCB->tcb_dup < MaxDupAcks)) {
int SendWin; uint AmtOutstanding, AmtUnsent;
if (SEQ_EQ(RcvTCB->tcb_senduna, RcvInfo->tri_ack) && (SEQ_LT(RcvTCB->tcb_sendwl1, RcvInfo->tri_seq) || (SEQ_EQ(RcvTCB->tcb_sendwl1, RcvInfo->tri_seq) && SEQ_LTE(RcvTCB->tcb_sendwl2, RcvInfo->tri_ack)))) {
RcvTCB->tcb_sendwin = RcvInfo->tri_window; RcvTCB->tcb_maxwin = MAX(RcvTCB->tcb_maxwin, RcvInfo->tri_window);
RcvTCB->tcb_sendwl1 = RcvInfo->tri_seq; RcvTCB->tcb_sendwl2 = RcvInfo->tri_ack;
//
// Since we've updated the window,
// remember to send some more.
//
} //
// Check if we need to set tcb_force.
//
if ((RcvTCB->tcb_cwin + RcvTCB->tcb_mss) < RcvTCB->tcb_sendwin) {
AmtOutstanding = (uint) (RcvTCB->tcb_sendnext - RcvTCB->tcb_senduna);
AmtUnsent = RcvTCB->tcb_unacked - AmtOutstanding;
SendWin = (int)(MIN(RcvTCB->tcb_sendwin, RcvTCB->tcb_cwin) - AmtOutstanding); if (SendWin < RcvTCB->tcb_mss) { RcvTCB->tcb_force = 1; } }
} // End of all MaxDupAck cases
return FALSE;
}
//* TCPRcv - Receive a TCP segment.
//
// This is the routine called by IP when we need to receive a TCP segment.
// In general, we follow the RFC 793 event processing section pretty closely,
// but there is a 'fast path' where we make some quick checks on the incoming
// segment, and if it matches we deliver it immediately.
//
// Entry: IPContext - IPContext identifying physical i/f that
// received the data.
// Dest - IPAddr of destionation.
// Src - IPAddr of source.
// LocalAddr - Local address of network which caused this to be
// received.
// SrcAddr - Address of local interface which received the packet
// IPH - IP Header.
// IPHLength - Bytes in IPH.
// RcvBuf - Pointer to receive buffer chain containing data.
// Size - Size in bytes of data received.
// IsBCast - Boolean indicator of whether or not this came in as
// a bcast.
// Protocol - Protocol this came in on - should be TCP.
// OptInfo - Pointer to info structure for received options.
//
// Returns: Status of reception. Anything other than IP_SUCCESS will cause
// IP to send a 'port unreachable' message.
//
IP_STATUSTCPRcv(void *IPContext, IPAddr Dest, IPAddr Src, IPAddr LocalAddr, IPAddr SrcAddr, IPHeader UNALIGNED * IPH, uint IPHLength, IPRcvBuf * RcvBuf, uint Size, uchar IsBCast, uchar Protocol, IPOptInfo * OptInfo){ TCPHeader UNALIGNED *TCPH; // The TCP header.
TCB *RcvTCB; // TCB on which to receive the packet.
TWTCB *RcvTWTCB;
CTELockHandle TableHandle = 0, TCBHandle = 0; TCPRcvInfo RcvInfo; // Local swapped copy of rcv info.
uint DataOffset; // Offset from start of header to data.
uint Actions; uint BytesTaken; uint NewSize; uint index; uint Partition; PNDIS_PACKET OffLoadPkt; CTELockHandle TWTableHandle; int tsval; //Timestamp value
int tsecr; //Timestamp to be echoed
BOOLEAN time_stamp = FALSE; BOOLEAN ChkSumOk = FALSE; SeqNum UpdatedSeqNum=0; BOOLEAN UseUpdatedSeqNum=FALSE;#if TRACE_EVENT
PTDI_DATA_REQUEST_NOTIFY_ROUTINE CPCallBack; WMIData WMIInfo;#endif
CheckRBList(RcvBuf, Size);
TCPSIncrementInSegCount();
// Checksum it, to make sure it's valid.
TCPH = (TCPHeader *) RcvBuf->ipr_buffer;
if (!IsBCast) {
if (RcvBuf->ipr_pClientCnt) {
PNDIS_PACKET_EXTENSION PktExt; NDIS_TCP_IP_CHECKSUM_PACKET_INFO ChksumPktInfo;
if (RcvBuf->ipr_pMdl) { OffLoadPkt = NDIS_GET_ORIGINAL_PACKET((PNDIS_PACKET) RcvBuf->ipr_RcvContext); if (!OffLoadPkt) { OffLoadPkt = (PNDIS_PACKET) RcvBuf->ipr_RcvContext; } } else { OffLoadPkt = (PNDIS_PACKET) RcvBuf->ipr_pClientCnt; }
PktExt = NDIS_PACKET_EXTENSION_FROM_PACKET(OffLoadPkt);
ChksumPktInfo.Value = PtrToUlong(PktExt->NdisPacketInfo[TcpIpChecksumPacketInfo]);
if (ChksumPktInfo.Receive.NdisPacketTcpChecksumSucceeded) { ChkSumOk = TRUE;#if DBG
DbgTcpHwChkSumOk++;#endif
} else if (ChksumPktInfo.Receive.NdisPacketTcpChecksumFailed) {#if DBG
DbgTcpHwChkSumErr++;#endif
TStats.ts_inerrs++; return IP_SUCCESS; } } if (!ChkSumOk) { if (XsumRcvBuf(PHXSUM(Src, Dest, PROTOCOL_TCP, Size), RcvBuf) == 0xffff){ ChkSumOk = TRUE; } } else {
// Pretch the rcv buffer in to cache
// to improve copy performance
#if !MILLEN
PrefetchRcvBuf(RcvBuf);#endif
} if ((Size >= sizeof(TCPHeader)) && ChkSumOk) { // The packet is valid. Get the info we need and byte swap it,
// and then try to find a matching TCB.
RcvInfo.tri_seq = net_long(TCPH->tcp_seq); RcvInfo.tri_ack = net_long(TCPH->tcp_ack); RcvInfo.tri_window = (uint) net_short(TCPH->tcp_window); RcvInfo.tri_urgent = (uint) net_short(TCPH->tcp_urgent); RcvInfo.tri_flags = (uint) TCPH->tcp_flags; DataOffset = TCP_HDR_SIZE(TCPH);
if (DataOffset <= Size) {
Size -= DataOffset; ASSERT(DataOffset <= RcvBuf->ipr_size); RcvBuf->ipr_size -= DataOffset; RcvBuf->ipr_buffer += DataOffset; RcvBuf->ipr_RcvOffset += DataOffset;
//CTEGetLockAtDPC(&TCBTableLock, &TableHandle);
// FindTCB will lock tcbtablelock, returns with tcb_lock
// held, if found.
RcvTCB = FindTCB(Dest, Src, TCPH->tcp_src, TCPH->tcp_dest, &TCBHandle, TRUE, &index); Partition = GET_PARTITION(index); if (RcvTCB == NULL) {
CTEGetLockAtDPC(&pTWTCBTableLock[Partition], &TableHandle);
RcvTWTCB = FindTCBTW(Dest, Src, TCPH->tcp_src, TCPH->tcp_dest, index);
if (RcvTWTCB != NULL) {
// Found one. Already locked.
// entering twtcbtable and tcb lock held
// released in the following routine.
UpdatedSeqNum = RcvInfo.tri_seq;
if (HandleTWTCB(RcvTWTCB, RcvInfo.tri_flags, &UpdatedSeqNum, Partition, TCBHandle)) { // New syn handling code while in time_wait ..
UseUpdatedSeqNum=TRUE;
} else {
return (IP_SUCCESS); } } else {
BOOLEAN reset=FALSE; CTEFreeLockFromDPC(&pTWTCBTableLock[Partition], TableHandle);
RcvTCB = FindSynTCB(Dest, Src, TCPH->tcp_src, TCPH->tcp_dest, &TCBHandle, TRUE, index,&reset); if (RcvTCB == NULL ) { if (reset) { SynAttChk(NULL, NULL); SendRSTFromHeader(TCPH, Size, Src, Dest, OptInfo); return IP_SUCCESS; } } else {
if ((RcvInfo.tri_flags & TCP_FLAG_RST) || (RcvInfo.tri_flags & TCP_FLAG_SYN)) {
//This needs to be closed here instead of
//handling this all the way down
SynAttChk(NULL, RcvTCB);
TryToCloseTCB(RcvTCB,TCB_CLOSE_ABORTED,TCBHandle); return IP_SUCCESS;
}
//update options
if (OptInfo->ioi_options != NULL) { if (!(RcvTCB->tcb_flags & CLIENT_OPTIONS)) { (*LocalNetInfo.ipi_updateopts) ( OptInfo, &RcvTCB->tcb_opt, Src, NULL_IP_ADDR); } } } }
} if (RcvTCB == NULL) {
uchar DType;
// Didn't find a matching TCB. If this segment carries a SYN,
// find a matching address object and see it it has a listen
// indication. If it does, call it. Otherwise send a RST
// back to the sender.
// Make sure that the source address isn't a broadcast
// before proceeding.
if ((*LocalNetInfo.ipi_invalidsrc) (Src)) {
return IP_SUCCESS; } // If it doesn't have a SYN (and only a SYN), we'll send a
// reset.
if ((RcvInfo.tri_flags & (TCP_FLAG_SYN | TCP_FLAG_ACK | TCP_FLAG_RST)) == TCP_FLAG_SYN) { AddrObj *AO;
//
// This segment had a SYN.
//
//
CTEGetLockAtDPC(&AddrObjTableLock.Lock, &TableHandle);
// See if we are filtering the
// destination interface/port.
//
if ((!SecurityFilteringEnabled || IsPermittedSecurityFilter( LocalAddr, IPContext, PROTOCOL_TCP, (ulong) net_short(TCPH->tcp_dest)))) {
//
// Find a matching address object, and then try
// and find a listening connection on that AO.
//
AO = GetBestAddrObj(Dest, TCPH->tcp_dest, PROTOCOL_TCP, TRUE);
//NTQFE 68201
if (AO && AO->ao_connect == NULL) {
//
//Lets see if there is one more addr obj
//matching the incoming request with
//ao_connect != NULL
//
AddrObj *tmpAO;
tmpAO = GetNextBestAddrObj(Dest, TCPH->tcp_dest, PROTOCOL_TCP, AO, TRUE);
if (tmpAO != NULL) { AO = tmpAO; } } if (AO != NULL) {
BOOLEAN syntcb = FALSE; //
// Found an AO. Try and find a listening
// connection. FindListenConn will free the
//lock on the AddrObjTable.
//
RcvTCB = NULL;
RcvTCB = FindListenConn(AO, Src, Dest, TCPH->tcp_src, OptInfo, TCPH, &RcvInfo, &syntcb);
if (RcvTCB != NULL) { uint Inserted;
CTEStructAssert(RcvTCB, tcb); CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle);
//
// We found a listening connection.
// Initialize it now, and if it is
//actually to be accepted we'll
// send a SYN-ACK also.
//
ASSERT(RcvTCB->tcb_state == TCB_SYN_RCVD);
if (UseUpdatedSeqNum) { RcvTCB->tcb_sendnext = UpdatedSeqNum; }
RcvTCB->tcb_daddr = Src; RcvTCB->tcb_saddr = Dest; RcvTCB->tcb_dport = TCPH->tcp_src; RcvTCB->tcb_sport = TCPH->tcp_dest; RcvTCB->tcb_rcvnext = ++RcvInfo.tri_seq; RcvTCB->tcb_sendwin = RcvInfo.tri_window;
//
// Find Remote MSS and also if WS, TS or
//sack options are negotiated.
//
RcvTCB->tcb_sndwinscale = 0; RcvTCB->tcb_remmss = FindMSSAndOptions(TCPH, RcvTCB,FALSE);
if (RcvTCB->tcb_remmss <= ALIGNED_TS_OPT_SIZE) {
//turn off TS if mss is not sufficient to
//hold TS fileds.
RcvTCB->tcb_tcpopts &= ~TCP_FLAG_TS; }
TStats.ts_passiveopens++; RcvTCB->tcb_fastchk |= TCP_FLAG_IN_RCV; CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle);
Inserted = InsertTCB(RcvTCB);
//
// Get the lock on it, and see if it's been
// accepted.
//
CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle); if (!Inserted) {
// Couldn't insert it!.
CompleteConnReq(RcvTCB, OptInfo, TDI_CONNECTION_ABORTED);
TryToCloseTCB(RcvTCB, TCB_CLOSE_ABORTED, DISPATCH_LEVEL); CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle); DerefTCB(RcvTCB, TableHandle); return IP_SUCCESS; } RcvTCB->tcb_fastchk &= ~TCP_FLAG_IN_RCV;
if (RcvTCB->tcb_flags & SEND_AFTER_RCV) { RcvTCB->tcb_flags &= ~SEND_AFTER_RCV; DelayAction(RcvTCB, NEED_OUTPUT); } // We'll need to update the options, in any case.
if (OptInfo->ioi_options != NULL) { if (!(RcvTCB->tcb_flags & CLIENT_OPTIONS)) { (*LocalNetInfo.ipi_updateopts) ( OptInfo, &RcvTCB->tcb_opt, Src, NULL_IP_ADDR); } } if (RcvTCB->tcb_flags & CONN_ACCEPTED) {
//
// The connection was accepted. Finish
// the initialization, and send the
// SYN ack.
//
AcceptConn(RcvTCB, DISPATCH_LEVEL);
return IP_SUCCESS; } else {
//
// We don't know what to do about the
// connection yet. Return the pending
// listen, dereference the connection,
// and return.
//
CompleteConnReq(RcvTCB, OptInfo, TDI_SUCCESS);
DerefTCB(RcvTCB, DISPATCH_LEVEL); return IP_SUCCESS; }
}
if (syntcb) { return IP_SUCCESS; }
//
// No listening connection. AddrObjTableLock
// was released by FindListenConn. Fall
// through to send RST code.
//
} else { //
// No address object. Free the lock, and fall
// through to the send RST code.
//
CTEFreeLockFromDPC(&AddrObjTableLock.Lock, TableHandle); } } else {
//
// Operation not permitted. Free the lock, and
// fall through to the send RST code.
//
CTEFreeLockFromDPC(&AddrObjTableLock.Lock, TableHandle); }
} // Toss out any segments containing RST.
if (RcvInfo.tri_flags & TCP_FLAG_RST) return IP_SUCCESS;
//
// Not a SYN, no AddrObj available, or port filtered.
// Send a RST back.
//
SendRSTFromHeader(TCPH, Size, Src, Dest, OptInfo);
return IP_SUCCESS; } //
//TCB is already locked
//
CheckTCBRcv(RcvTCB);
if ( (RcvTCB->tcb_flags & KEEPALIVE) && (RcvTCB->tcb_conn != NULL) ) START_TCB_TIMER_R(RcvTCB, KA_TIMER, RcvTCB->tcb_conn->tc_tcbkatime);
RcvTCB->tcb_kacount = 0;
//scale the incoming window
if (!(RcvInfo.tri_flags & TCP_FLAG_SYN)) { RcvInfo.tri_window = ((uint) net_short(TCPH->tcp_window) << RcvTCB->tcb_sndwinscale); }
//
// We need to check if Time stamp or Sack options are present.
//
if (RcvTCB->tcb_tcpopts) {
int OptSize; uchar *OptPtr; OptSize = TCP_HDR_SIZE(TCPH) - sizeof(TCPHeader); OptPtr = (uchar *) (TCPH + 1);
while (OptSize > 0) {
if (*OptPtr == TCP_OPT_EOL) break;
if (*OptPtr == TCP_OPT_NOP) { OptPtr++; OptSize--; continue; } if ((*OptPtr == TCP_OPT_TS) && (OptSize > 1) && (OptPtr[1] == TS_OPT_SIZE) && (RcvTCB->tcb_tcpopts & TCP_FLAG_TS)) {
// remember timestamp and the the echoed time stamp
time_stamp = TRUE; tsval = *(int UNALIGNED *)&OptPtr[2]; tsval = net_long(tsval); tsecr = *(int UNALIGNED *)&OptPtr[6]; tsecr = net_long(tsecr);
} else if ((*OptPtr == TCP_OPT_SACK) && (OptSize > 1) && (RcvTCB->tcb_tcpopts & TCP_FLAG_SACK)) {
SackSeg UNALIGNED *SackPtr;
SackListEntry *SackList, *Prev, *Current; ushort SackOptionLength;
int i;
//SACK Option processing
(uchar *) SackPtr = OptPtr + 2;
SackOptionLength = OptPtr[1];
ASSERT(SackOptionLength <= 32);
//
// If the incoming sack blocks are with in this
// send window Just chain them.
// When there are some retransmissions, this list
// will be checked to see if retransmission can be
// skipped.
// Note that when the send window is slided, the
// sack list must be cleandup.
//
Prev = STRUCT_OF(SackListEntry, &RcvTCB->tcb_SackRcvd, next); Current = RcvTCB->tcb_SackRcvd;
// Scan the list for old sack entries and purge them
while ((Current != NULL) && SEQ_GT(RcvInfo.tri_ack, Current->begin)) { Prev->next = Current->next;
IF_TCPDBG(TCP_DEBUG_SACK) { TCPTRACE(("Purging old entries %x %d %d\n", Current, Current->begin, Current->end)); } CTEFreeMem(Current); Current = Prev->next;
}
//
//Process each sack block in the incoming segment
// 8 bytes per block!
//
for (i = 0; i < (SackOptionLength >> 3); i++) {
SeqNum SakBegin, SakEnd;
// Get the rcvd bytes begin and end offset
SakBegin = net_long(SackPtr->begin); SakEnd = net_long(SackPtr->end);
ASSERT(SEQ_GT(SakEnd, SakBegin));
// Sanity check this Sack Block against our
// send variables
if (!(SEQ_GTE(SakBegin, RcvTCB->tcb_senduna) && SEQ_LT(SakBegin, RcvTCB->tcb_sendmax) && SEQ_GT(SakEnd, RcvTCB->tcb_senduna) && SEQ_LTE(SakEnd, RcvTCB->tcb_sendmax))) {
SackPtr++; continue; } IF_TCPDBG(TCP_DEBUG_SACK) { TCPTRACE(("In sack entry opt %d %d\n", i, RcvTCB->tcb_senduna)); }
Prev = STRUCT_OF(SackListEntry, &RcvTCB->tcb_SackRcvd, next); Current = RcvTCB->tcb_SackRcvd;
//
// scan the list and insert the incoming sack
// block in the right place, taking care of
// overlaps, if any.
//
while (Current != NULL) {
if (SEQ_GT(Current->begin, SakBegin)) {
//
// Check if this sack block fills the
// hole from previous entry. If so,
// just update the end seq number.
//
if ((Prev != RcvTCB->tcb_SackRcvd) && SEQ_EQ(Prev->end, SakBegin)) {
Prev->end = SakEnd;
IF_TCPDBG(TCP_DEBUG_SACK) { TCPTRACE(("updating prev %x %d %d %x\n", Prev, Prev->begin, Prev->end, RcvTCB)); }
//
//Make sure that next entry is not
//an overlap.
//
if (SEQ_LTE(Current->begin, SakEnd)) {
ASSERT(SEQ_GT(Current->begin, Prev->begin)); Prev->end = Current->end; Prev->next = Current->next; CTEFreeMem(Current);
Current = Prev; //
// Now we need to scan forward
// and check if sackend
// spans several entries
//
{ SackListEntry *tmpcurrent = Current->next;
while (tmpcurrent && SEQ_GTE(Current->end, tmpcurrent->end)) { Current->next = tmpcurrent->next; CTEFreeMem(tmpcurrent); tmpcurrent = Current->next; }
//
// above check pointed
// tmpcurrent whose end is
// > sakend
// Check if the tmpcurrent
// entry begin is overlapped
//
if (tmpcurrent && SEQ_GTE(Current->end, tmpcurrent->begin)) {
Current->end = tmpcurrent->end; Current->next = tmpcurrent->next; CTEFreeMem(tmpcurrent);
} }
} break;
} else if (SEQ_LTE(Current->begin, SakEnd)) {
//
// Current is continuation(may be
// with overlap) of incoming
// sack pair. Update current
//
IF_TCPDBG(TCP_DEBUG_SACK) { TCPTRACE(("updating in back overlap %x %d %d %d %d\n", Current, Current->begin, Current->end, SakBegin, SakEnd)); }
Current->begin = SakBegin;
//
// If the end shoots out of the
// current end new end will be the
// current end
// (overlaps at the tail too)
// may overlap several entries.
// So, check them all.
//
if (SEQ_GT(SakEnd, Current->end)) { SackListEntry *tmpcurrent = Current->next; Current->end = SakEnd;
while (tmpcurrent && SEQ_GTE(Current->end, tmpcurrent->end)) { Current->next = tmpcurrent->next; CTEFreeMem(tmpcurrent); tmpcurrent = Current->next; }
//
// above check pointed
// tmpcurrent whose end is >
// sakend. Check if the
// tmpcurrent entry begin is
// overlapped
//
if (tmpcurrent && SEQ_GTE(Current->end, tmpcurrent->begin)) {
Current->end = tmpcurrent->end; Current->next = tmpcurrent->next; CTEFreeMem(tmpcurrent);
} } break;
} else {
//
//This is the place where we
//insert the new entry
//
SackList = CTEAllocMemN(sizeof(SackListEntry), 'sPCT'); if (SackList == NULL) {
TCPTRACE(("No mem for sack List \n")); goto no_mem; } IF_TCPDBG(TCP_DEBUG_SACK) { TCPTRACE(("Inserting Sackentry %x %d %d %x\n", SackList, SakBegin, SakEnd, RcvTCB)); }
SackList->begin = SakBegin; SackList->end = SakEnd; Prev->next = SackList; SackList->next = Current; break; }
} else if (SEQ_EQ(Current->begin, SakBegin)) {
SackListEntry *tmpcurrent = Current->next; //
// Make sure that the new SakEnd is
// not overlapping any other sak
// entries.
//
if (tmpcurrent && SEQ_GTE(SakEnd, tmpcurrent->begin)) {
Current->end = SakEnd;
//
//Sure, this sack overlaps next
//entry.
//
while (tmpcurrent && SEQ_GTE(Current->end, tmpcurrent->end)) { Current->next = tmpcurrent->next; CTEFreeMem(tmpcurrent); tmpcurrent = Current->next; }
//
// above check pointed tmpcurrent
// whose end is > sakend
// Check if the tmpcurrent entry
// begin is overlapped
//
if (tmpcurrent && SEQ_GTE(Current->end, tmpcurrent->begin)) {
Current->end = tmpcurrent->end; Current->next = tmpcurrent->next; CTEFreeMem(tmpcurrent);
} break;
} else {
//
// This can still be a duplicate
// Make sure that SakEnd is really
// greater than Current->end
//
if (SEQ_GT(SakEnd, Current->end)) {
IF_TCPDBG(TCP_DEBUG_SACK) { TCPTRACE(("updating current %x %d %d %d\n", Current, Current->begin, Current->end, SakEnd)); }
Current->end = SakEnd; } break; }
//SakBegin > Current->begin
} else if (SEQ_LTE(SakEnd, Current->end)) {
//
//The incoming sack end is within the
//current end so, this overlaps the
//existing sack entry ignore this.
//
break; //
// incoming seq begin overlaps the
// current end update the current end.
//
} else if (SEQ_LTE(SakBegin, Current->end)) {
//
//Sakend might well ovelap next
//several entries. Scan for it.
//
SackListEntry *tmpcurrent = Current->next;
Current->end = SakEnd;
while (tmpcurrent && SEQ_GTE(Current->end, tmpcurrent->end)) { Current->next = tmpcurrent->next; CTEFreeMem(tmpcurrent); tmpcurrent = Current->next; }
//
// above check pointed tmpcurrent
// whose end is > sakend
// Check if the tmpcurrent entry begin
// is overlapped
//
if (tmpcurrent && SEQ_GTE(Current->end, tmpcurrent->begin)) {
Current->end = tmpcurrent->end; Current->next = tmpcurrent->next; CTEFreeMem(tmpcurrent);
} break;
} Prev = Current; Current = Current->next;
} //while
if (Current == NULL) { // this is the new sack entry
// create the entry and hang it on tcb.
SackList = CTEAllocMemN(sizeof(SackListEntry), 'sPCT');
if (SackList == NULL) { TCPTRACE(("No mem for sack List \n")); goto no_mem; } Prev->next = SackList; SackList->next = NULL; SackList->begin = SakBegin; SackList->end = SakEnd;
IF_TCPDBG(TCP_DEBUG_SACK) { TCPTRACE(("Inserting new Sackentry %x %d %d %x\n", SackList, SackList->begin, SackList->end, RcvTCB->tcb_SackRcvd)); } } //advance sack ptr to the next sack block
// check for consistency????
SackPtr++;
} //for
} //unknown options
if (OptSize > 1) {
if (OptPtr[1] == 0 || OptPtr[1] > OptSize) break; // Bad option length, bail out.
OptSize -= OptPtr[1]; OptPtr += OptPtr[1]; } else break;
} //while
no_mem:;
} // if ack is with in the sequence space,that is
// this seq number is next expected or repeat of previous
// segment but the right edge is new for us,
// record the time stamp val of the remote, which will be echoed
if (time_stamp && TS_GTE(tsval, RcvTCB->tcb_tsrecent) && SEQ_LTE(RcvInfo.tri_seq, RcvTCB->tcb_lastack)) {
RcvTCB->tcb_tsupdatetime = TCPTime; RcvTCB->tcb_tsrecent = tsval; }
//
// Do the fast path check. We can hit the fast path if the
// incoming sequence number matches our receive next and the
// masked flags match our 'predicted' flags.
// Also, include PAWS check
//
if (RcvTCB->tcb_rcvnext == RcvInfo.tri_seq && (!time_stamp || TS_GTE(tsval, RcvTCB->tcb_tsrecent)) && (RcvInfo.tri_flags & TCP_FLAGS_ALL) == RcvTCB->tcb_fastchk) { uint CWin; Queue SendQ;
INITQ(&SendQ); Actions = 0; REFERENCE_TCB(RcvTCB);
//
// The fast path. We know all we have to do here is ack
// sends and deliver data. First try and ack data.
//
if (SEQ_LT(RcvTCB->tcb_senduna, RcvInfo.tri_ack) && SEQ_LTE(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) {
uint MSS; uint Amount = RcvInfo.tri_ack - RcvTCB->tcb_senduna;
//
// The ack acknowledes something. Pull the
// appropriate amount off the send q.
//
ACKData(RcvTCB, RcvInfo.tri_ack, &SendQ);
//
// If this acknowledges something we were running an
// RTT on, update that stuff now.
//
{ short RTT; BOOLEAN fUpdateRtt = FALSE;
//
//if timestamp is true, get the RTT using the echoed
//timestamp.
//
if (time_stamp && tsecr) { RTT = TCPTime - tsecr; fUpdateRtt = TRUE; } else { if (RcvTCB->tcb_rtt != 0 && SEQ_GT(RcvInfo.tri_ack, RcvTCB->tcb_rttseq)) { fUpdateRtt = TRUE; RTT = (short)(TCPTime - RcvTCB->tcb_rtt); } }
if (fUpdateRtt) {
RcvTCB->tcb_rtt = 0; RTT -= (RcvTCB->tcb_smrtt >> 3); //alpha = 1/8
RcvTCB->tcb_smrtt += RTT;
RTT = (RTT >= 0 ? RTT : -RTT); RTT -= (RcvTCB->tcb_delta >> 3); RcvTCB->tcb_delta += RTT + RTT; //Beta of
//1/4 instead
// of 1/8
RcvTCB->tcb_rexmit = MIN(MAX(REXMIT_TO(RcvTCB), MIN_RETRAN_TICKS)+1, MAX_REXMIT_TO); } }
// Update the congestion window now.
CWin = RcvTCB->tcb_cwin; MSS = RcvTCB->tcb_mss; if (CWin < RcvTCB->tcb_maxwin) { if (CWin < RcvTCB->tcb_ssthresh) CWin += (RcvTCB->tcb_flags & SCALE_CWIN) ? Amount : MSS; else CWin += MAX((MSS * MSS) / CWin, 1);
RcvTCB->tcb_cwin = CWin; } ASSERT(*(int *)&RcvTCB->tcb_cwin > 0);
//
// We've acknowledged something, so reset the rexmit
// count. If there's still stuff outstanding, restart
// the rexmit timer.
//
RcvTCB->tcb_rexmitcnt = 0; if (SEQ_EQ(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) STOP_TCB_TIMER_R(RcvTCB, RXMIT_TIMER); else START_TCB_TIMER_R(RcvTCB, RXMIT_TIMER, RcvTCB->tcb_rexmit);
//
// Since we've acknowledged data, we need to update
// the window.
//
RcvTCB->tcb_sendwin = RcvInfo.tri_window; RcvTCB->tcb_maxwin = MAX(RcvTCB->tcb_maxwin, RcvInfo.tri_window); RcvTCB->tcb_sendwl1 = RcvInfo.tri_seq; RcvTCB->tcb_sendwl2 = RcvInfo.tri_ack; // We've updated the window, remember to send some more.
Actions = (RcvTCB->tcb_unacked ? NEED_OUTPUT : 0);
{ //
// If the receiver has already sent dup acks, but
// we are not sending because the SendWin is less
// than a segment, then to avoid time outs on the
// previous send (receiver is waiting for
// retransmitted data but we are not sending the
// segment..) prematurely
// timeout (set rexmittimer to 1 tick)
//
int SendWin; uint AmtOutstanding, AmtUnsent;
AmtOutstanding = (uint) (RcvTCB->tcb_sendnext - RcvTCB->tcb_senduna); AmtUnsent = RcvTCB->tcb_unacked - AmtOutstanding;
SendWin = (int)(MIN(RcvTCB->tcb_sendwin, RcvTCB->tcb_cwin) - AmtOutstanding);
if ((RcvTCB->tcb_dup >= MaxDupAcks) && ((int)RcvTCB->tcb_ssthresh > 0)) { //
// Fast retransmitted frame is acked
// Set cwin to ssthresh so that cwin grows
// linearly from here
//
RcvTCB->tcb_cwin = RcvTCB->tcb_ssthresh; } }
RcvTCB->tcb_dup = 0;
} else {
//
// It doesn't ack anything. If it's an ack for something
// larger than we've sent then ACKAndDrop it, otherwise
// ignore it.
//
if (SEQ_GT(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) { ACKAndDrop(&RcvInfo, RcvTCB); return IP_SUCCESS; } //
// If it is a pure duplicate ack, check if it is
// time to retransmit immediately
//
else if ((Size == 0) && SEQ_EQ(RcvTCB->tcb_senduna, RcvInfo.tri_ack) && (SEQ_LT(RcvTCB->tcb_senduna, RcvTCB->tcb_sendmax)) && (RcvTCB->tcb_sendwin == RcvInfo.tri_window) && RcvInfo.tri_window ) {
// See of fast rexmit can be done
if (HandleFastXmit(RcvTCB, &RcvInfo)) {
return IP_SUCCESS; } Actions = (RcvTCB->tcb_unacked ? NEED_OUTPUT : 0);
} else { // not a pure duplicate ack (size == 0 )
// Size !=0 or recvr is advertizing new window.
// update the window and check if
// anything needs to be sent
RcvTCB->tcb_dup = 0;
if (SEQ_EQ(RcvTCB->tcb_senduna, RcvInfo.tri_ack) && (SEQ_LT(RcvTCB->tcb_sendwl1, RcvInfo.tri_seq) || (SEQ_EQ(RcvTCB->tcb_sendwl1, RcvInfo.tri_seq) && SEQ_LTE(RcvTCB->tcb_sendwl2, RcvInfo.tri_ack)))) { RcvTCB->tcb_sendwin = RcvInfo.tri_window; RcvTCB->tcb_maxwin = MAX(RcvTCB->tcb_maxwin, RcvInfo.tri_window); RcvTCB->tcb_sendwl1 = RcvInfo.tri_seq; RcvTCB->tcb_sendwl2 = RcvInfo.tri_ack;
//
// Since we've updated the window, remember to
// send some more.
//
Actions = (RcvTCB->tcb_unacked ? NEED_OUTPUT : 0); } } // for SEQ_EQ(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)
// case
}
NewSize = MIN((int)Size, RcvTCB->tcb_rcvwin); if (NewSize != 0) { RcvTCB->tcb_fastchk |= TCP_FLAG_IN_RCV; BytesTaken = (*RcvTCB->tcb_rcvhndlr) (RcvTCB, RcvInfo.tri_flags, RcvBuf, NewSize); RcvTCB->tcb_rcvnext += BytesTaken; RcvTCB->tcb_rcvwin -= BytesTaken; CheckTCBRcv(RcvTCB);
RcvTCB->tcb_fastchk &= ~TCP_FLAG_IN_RCV;
Actions |= (RcvTCB->tcb_flags & SEND_AFTER_RCV ? NEED_OUTPUT : 0);
RcvTCB->tcb_flags &= ~SEND_AFTER_RCV; if (BytesTaken != NewSize) {
Actions |= NEED_ACK; RcvTCB->tcb_rcvdsegs = 0; STOP_TCB_TIMER_R(RcvTCB, DELACK_TIMER);
} else {
if (RcvTCB->tcb_rcvdsegs != RcvTCB->tcb_numdelacks) { RcvTCB->tcb_rcvdsegs++; RcvTCB->tcb_flags |= ACK_DELAYED; ASSERT(RcvTCB->tcb_delackticks); START_TCB_TIMER_R(RcvTCB, DELACK_TIMER, RcvTCB->tcb_delackticks); } else { Actions |= NEED_ACK; RcvTCB->tcb_rcvdsegs = 0; STOP_TCB_TIMER_R(RcvTCB, DELACK_TIMER); }
} } else { //
// The new size is 0. If the original size was not 0,
// we must have a 0 rcv. win and hence need to send an
// ACK to this probe.
//
Actions |= (Size ? NEED_ACK : 0); }
if (Actions) DelayAction(RcvTCB, Actions);
TableHandle = DISPATCH_LEVEL; DerefTCB(RcvTCB, TableHandle);
if (!EMPTYQ(&SendQ)) { CompleteSends(&SendQ); }
return IP_SUCCESS; } TableHandle = DISPATCH_LEVEL; //
// Make sure we can handle this frame. We can't handle it if
// we're in SYN_RCVD and the accept is still pending, or we're
// in a non-established state and already in the receive
// handler.
//
if ((RcvTCB->tcb_state == TCB_SYN_RCVD && !(RcvTCB->tcb_flags & CONN_ACCEPTED)) || (RcvTCB->tcb_state != TCB_ESTAB && (RcvTCB->tcb_fastchk & TCP_FLAG_IN_RCV))) { CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle); return IP_SUCCESS; } if ((RcvTCB->tcb_state == TCB_SYN_RCVD) && (RcvInfo.tri_flags & TCP_FLAG_ACK) && (RcvInfo.tri_flags & TCP_FLAG_SYN)) {
//
// This is bogus. SYN..ACK for already accpeted SYN.
// Reset this.
//
CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle); SendRSTFromHeader(TCPH, Size, Src, Dest, OptInfo); return IP_SUCCESS; } //
// If it's closed, it's a temporary zombie TCB. Reset the
// sender.
//
if (RcvTCB->tcb_state == TCB_CLOSED || CLOSING(RcvTCB) || ((RcvTCB->tcb_flags & (GC_PENDING | TW_PENDING)) == GC_PENDING)) { CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle); SendRSTFromHeader(TCPH, Size, Src, Dest, OptInfo); return IP_SUCCESS; }
//
// At this point, we have a connection, and it's locked.
// Following the 'Segment Arrives' section of 793, the next
// thing to check is if this connection is in SynSent state.
//
if (RcvTCB->tcb_state == TCB_SYN_SENT) {
ASSERT(RcvTCB->tcb_flags & ACTIVE_OPEN);
//
// Check the ACK bit. Since we don't send data with our
// SYNs, the check we make is for the ack to exactly match
// our SND.NXT.
//
if (RcvInfo.tri_flags & TCP_FLAG_ACK) {
// ACK is set.
if (!SEQ_EQ(RcvInfo.tri_ack, RcvTCB->tcb_sendnext)) { // Bad ACK value.
CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle); // Send a RST back at him.
SendRSTFromHeader(TCPH, Size, Src, Dest, OptInfo); return IP_SUCCESS; } } if (RcvInfo.tri_flags & TCP_FLAG_RST) {
//
// There's an acceptable RST. We'll persist here,
// sending another SYN in PERSIST_TIMEOUT ms, until we
// fail from too many retrys.
//
if (!(RcvTCB->tcb_fastchk & TCP_FLAG_RST_WHILE_SYN)) { RcvTCB->tcb_fastchk |= TCP_FLAG_RST_WHILE_SYN; RcvTCB->tcb_slowcount++; }
if (RcvTCB->tcb_rexmitcnt == MaxConnectRexmitCount) { //
// We've had a positive refusal, and one more rexmit
// would time us out, so close the connection now.
//
REFERENCE_TCB(RcvTCB); CompleteConnReq(RcvTCB, OptInfo, TDI_CONN_REFUSED);
TryToCloseTCB(RcvTCB, TCB_CLOSE_REFUSED, TableHandle); CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle); DerefTCB(RcvTCB, TableHandle); } else { START_TCB_TIMER_R(RcvTCB, RXMIT_TIMER, PERSIST_TIMEOUT); CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle); } return IP_SUCCESS; } // See if we have a SYN. If we do, we're going to change state
// somehow (either to ESTABLISHED or SYN_RCVD).
if (RcvInfo.tri_flags & TCP_FLAG_SYN) { REFERENCE_TCB(RcvTCB);
// We have a SYN. Go ahead and record the sequence number and
// window info.
RcvTCB->tcb_rcvnext = ++RcvInfo.tri_seq;
if (RcvInfo.tri_flags & TCP_FLAG_URG) {
// Urgent data. Update the pointer.
if (RcvInfo.tri_urgent != 0) RcvInfo.tri_urgent--; else RcvInfo.tri_flags &= ~TCP_FLAG_URG; } //
// get remote mss and also enable ws, ts or sack options
// if they are negotiated and if the host supports them.
//
RcvTCB->tcb_sndwinscale = 0; RcvTCB->tcb_remmss = FindMSSAndOptions(TCPH, RcvTCB,FALSE);
//
// If there are options, update them now. We already
// have an RCE open, so if we have new options we'll
// have to close it and open a new one.
//
if (OptInfo->ioi_options != NULL) { if (!(RcvTCB->tcb_flags & CLIENT_OPTIONS)) { (*LocalNetInfo.ipi_updateopts) (OptInfo, &RcvTCB->tcb_opt, Src, NULL_IP_ADDR); (*LocalNetInfo.ipi_closerce) (RcvTCB->tcb_rce); InitRCE(RcvTCB); } } else { RcvTCB->tcb_mss = MIN(RcvTCB->tcb_mss, RcvTCB->tcb_remmss);
ASSERT(RcvTCB->tcb_mss > 0); ValidateMSS(RcvTCB); }
RcvTCB->tcb_rexmitcnt = 0; STOP_TCB_TIMER_R(RcvTCB, RXMIT_TIMER);
AdjustRcvWin(RcvTCB);
if (RcvInfo.tri_flags & TCP_FLAG_ACK) { // Our SYN has been acked. Update SND.UNA and stop the
// retrans timer.
RcvTCB->tcb_senduna = RcvInfo.tri_ack; RcvTCB->tcb_sendwin = RcvInfo.tri_window; RcvTCB->tcb_maxwin = RcvInfo.tri_window; RcvTCB->tcb_sendwl1 = RcvInfo.tri_seq; RcvTCB->tcb_sendwl2 = RcvInfo.tri_ack;#if TRACE_EVENT
CPCallBack = TCPCPHandlerRoutine; if (CPCallBack != NULL) { ulong GroupType;
WMIInfo.wmi_destaddr = RcvTCB->tcb_daddr; WMIInfo.wmi_destport = RcvTCB->tcb_dport; WMIInfo.wmi_srcaddr = RcvTCB->tcb_saddr; WMIInfo.wmi_srcport = RcvTCB->tcb_sport; WMIInfo.wmi_size = 0; WMIInfo.wmi_context = RcvTCB->tcb_cpcontext;
GroupType = EVENT_TRACE_GROUP_TCPIP + EVENT_TRACE_TYPE_CONNECT; (*CPCallBack) (GroupType, (PVOID)&WMIInfo, sizeof(WMIInfo), NULL); }#endif
GoToEstab(RcvTCB);
//
// Set a bit that informs TCBTimeout to notify
// the automatic connection driver of this new
// connection. Only set this flag if we
// have binded succesfully with the automatic
// connection driver.
//
if (fAcdLoadedG) START_TCB_TIMER_R(RcvTCB, ACD_TIMER, 2);
//
// Remove whatever command exists on this
// connection.
//
CompleteConnReq(RcvTCB, OptInfo, TDI_SUCCESS);
//
// If data has been queued, send the first data
// segment with an ACK. Otherwise, send a pure ACK.
//
if (RcvTCB->tcb_unacked) { REFERENCE_TCB(RcvTCB); TCPSend(RcvTCB, TableHandle); } else { CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle); SendACK(RcvTCB); }
//
// Now handle other data and controls. To do this
// we need to reaquire the lock, and make sure we
// haven't started closing it.
//
CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle); if (!CLOSING(RcvTCB)) { //
// We haven't started closing it. Turn off the
// SYN flag and continue processing.
//
RcvInfo.tri_flags &= ~TCP_FLAG_SYN; if ((RcvInfo.tri_flags & TCP_FLAGS_ALL) != TCP_FLAG_ACK || Size != 0) goto NotSYNSent; } DerefTCB(RcvTCB, TableHandle); return IP_SUCCESS; } else { // A SYN, but not an ACK. Go to SYN_RCVD.
RcvTCB->tcb_state = TCB_SYN_RCVD; RcvTCB->tcb_sendnext = RcvTCB->tcb_senduna; SendSYN(RcvTCB, TableHandle);
CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle); DerefTCB(RcvTCB, TableHandle); return IP_SUCCESS; }
} else { // No SYN, just toss the frame.
CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle); return IP_SUCCESS; }
} REFERENCE_TCB(RcvTCB);
NotSYNSent:
//do not allow buffer ownership via slow path
if (RcvBuf) RcvBuf->ipr_pMdl = NULL;
// Check for PAWS(RFC 1323)
// Check for tsrecent and tsval wrap around
if (time_stamp && !(RcvInfo.tri_flags & TCP_FLAG_RST) && RcvTCB->tcb_tsrecent && TS_LT(tsval, RcvTCB->tcb_tsrecent)) {
// Time stamp is not valid
// Check if this is because the last update is
// 24 days old
if ((int)(TCPTime - RcvTCB->tcb_tsupdatetime) > PAWS_IDLE) { //invalidate the ts
RcvTCB->tcb_tsrecent = 0; } else { ACKAndDrop(&RcvInfo, RcvTCB);
return IP_SUCCESS; } } //
// Not in the SYN-SENT state. Check the sequence number. If my
// window is 0, I'll truncate all incoming frames but look at
// some of the control fields. Otherwise I'll try and make
// this segment fit into the window.
//
if (RcvTCB->tcb_rcvwin != 0) { int StateSize; // Size, including state info.
SeqNum LastValidSeq; // Sequence number of last valid
// byte at RWE.
//
// We are offering a window. If this segment starts in
// front of my receive window, clip off the front part.
//Check for the sanity of received sequence.
//This is to fix the 1 bit error(MSB) case in the rcv seq.
// Also, check the incoming size.
//
if ((SEQ_LT(RcvInfo.tri_seq, RcvTCB->tcb_rcvnext)) && ((int)Size >= 0) && (RcvTCB->tcb_rcvnext - RcvInfo.tri_seq) > 0) {
int AmountToClip, FinByte;
if (RcvInfo.tri_flags & TCP_FLAG_SYN) { //
// Had a SYN. Clip it off and update the seq number.
// This will be clipped off in the next if.
// Allow AckAndDrop routine to see the incoming SYN!
// RcvInfo.tri_flags &= ~TCP_FLAG_SYN;
//
RcvInfo.tri_seq++; RcvInfo.tri_urgent--; } // Advance the receive buffer to point at the new data.
AmountToClip = RcvTCB->tcb_rcvnext - RcvInfo.tri_seq; ASSERT(AmountToClip >= 0);
//
// If there's a FIN on this segment, we'll need to
// account for it.
//
FinByte = ((RcvInfo.tri_flags & TCP_FLAG_FIN) ? 1 : 0);
if (AmountToClip >= (((int)Size) + FinByte)) { //
// Falls entirely before the window. We have more
// special case code here - if the ack. number
// acks something, we'll go ahead and take it,
// faking the sequence number to be rcvnext. This
// prevents problems on full duplex connections,
// where data has been received but not acked,
// and retransmission timers reset the seq. number
// to below our rcvnext.
//
if ((RcvInfo.tri_flags & TCP_FLAG_ACK) && SEQ_LT(RcvTCB->tcb_senduna, RcvInfo.tri_ack) && SEQ_LTE(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) { //
// This contains valid ACK info. Fudge the info
// to get through the rest of this.
//
Size = 0; AmountToClip = 0; RcvInfo.tri_seq = RcvTCB->tcb_rcvnext; RcvInfo.tri_flags &= ~(TCP_FLAG_SYN | TCP_FLAG_FIN | TCP_FLAG_RST | TCP_FLAG_URG);#if DBG
FinByte = 1; // Fake out assert below.
#endif
} else { ACKAndDrop(&RcvInfo, RcvTCB); return IP_SUCCESS; } } if (RcvInfo.tri_flags & TCP_FLAG_SYN) { RcvInfo.tri_flags &= ~TCP_FLAG_SYN; } //
// Trim what we have to. If we can't trim enough, the
// frame is too short. This shouldn't happen, but it
// it does we'll drop the frame.
//
Size -= AmountToClip; RcvInfo.tri_seq += AmountToClip; RcvInfo.tri_urgent -= AmountToClip; RcvBuf = TrimRcvBuf(RcvBuf, AmountToClip); ASSERT(RcvBuf != NULL); ASSERT(RcvBuf->ipr_size != 0 || (Size == 0 && FinByte));
RcvBuf->ipr_pMdl = NULL;
if (*(int *)&RcvInfo.tri_urgent < 0) { RcvInfo.tri_urgent = 0; RcvInfo.tri_flags &= ~TCP_FLAG_URG; } } //
// We've made sure the front is OK. Now make sure part of
// it doesn't fall outside of the right edge of the
// window. If it does, we'll truncate the frame (removing
// the FIN, if any). If we truncate the whole frame we'll
// ACKAndDrop it.
//
StateSize = Size + ((RcvInfo.tri_flags & TCP_FLAG_SYN) ? 1 : 0) + ((RcvInfo.tri_flags & TCP_FLAG_FIN) ? 1 : 0);
if (StateSize) StateSize--;
//
// Now the incoming sequence number (RcvInfo.tri_seq) +
// StateSize it the last sequence number in the segment.
// If this is greater than the last valid byte in the
// window, we have some overlap to chop off.
//
ASSERT(StateSize >= 0); LastValidSeq = RcvTCB->tcb_rcvnext + RcvTCB->tcb_rcvwin - 1; if (SEQ_GT(RcvInfo.tri_seq + StateSize, LastValidSeq)) { int AmountToChop;
//
// At least some part of the frame is outside of our
// window. See if it starts outside our window.
//
if (SEQ_GT(RcvInfo.tri_seq, LastValidSeq)) { //
// Falls entirely outside the window. We have
// special case code to deal with a pure ack that
// falls exactly at our right window edge.
// Otherwise we ack and drop it.
//
if ( !SEQ_EQ(RcvInfo.tri_seq, LastValidSeq + 1) || Size != 0 || (RcvInfo.tri_flags & (TCP_FLAG_SYN | TCP_FLAG_FIN)) ) { ACKAndDrop(&RcvInfo, RcvTCB); return IP_SUCCESS; } } else {
//
// At least some part of it is in the window. If
// there's a FIN, chop that off and see if that
// moves us inside.
//
if (RcvInfo.tri_flags & TCP_FLAG_FIN) { RcvInfo.tri_flags &= ~TCP_FLAG_FIN; StateSize--; }
// Now figure out how much to chop off.
AmountToChop = (RcvInfo.tri_seq + StateSize) - LastValidSeq; ASSERT(AmountToChop >= 0); Size -= AmountToChop; RcvBuf->ipr_pMdl = NULL;
} } } else { if (!SEQ_EQ(RcvTCB->tcb_rcvnext, RcvInfo.tri_seq)) {
//
// If there's a RST on this segment, and he's only off
// by 1, take it anyway. This can happen if the remote
// peer is probing and sends with the seq. # after the
// probe.
//
if (!(RcvInfo.tri_flags & TCP_FLAG_RST) || !(SEQ_EQ(RcvTCB->tcb_rcvnext, (RcvInfo.tri_seq - 1)))) { ACKAndDrop(&RcvInfo, RcvTCB); return IP_SUCCESS; } else RcvInfo.tri_seq = RcvTCB->tcb_rcvnext; } //
// He's in sequence, but we have a window of 0. Truncate the
// size, and clear any sequence consuming bits.
//
if (Size != 0 || (RcvInfo.tri_flags & (TCP_FLAG_SYN | TCP_FLAG_FIN))) { RcvInfo.tri_flags &= ~(TCP_FLAG_SYN | TCP_FLAG_FIN); Size = 0; if (!(RcvInfo.tri_flags & TCP_FLAG_RST)) DelayAction(RcvTCB, NEED_ACK); } }
//
// At this point, the segment is in our window and does not
// overlap on either end. If it's the next seq number we
// expect, we can handle the data now. Otherwise we'll queue
// it for later. In either case we'll handle RST and ACK
// information right now.
//
ASSERT((*(int *)&Size) >= 0);
// Now, following 793, we check the RST bit.
if (RcvInfo.tri_flags & TCP_FLAG_RST) { uchar Reason;
//
// We can't go back into the LISTEN state from SYN-RCVD
// here, because we may have notified the client via a
// listen completing or a connect indication. So, if came
// from an active open we'll give back a 'connection
// refused' notice. For all other cases
// we'll just destroy the connection.
//
if (RcvTCB->tcb_state == TCB_SYN_RCVD) { if (RcvTCB->tcb_flags & ACTIVE_OPEN) Reason = TCB_CLOSE_REFUSED; else Reason = TCB_CLOSE_RST; } else Reason = TCB_CLOSE_RST;
TryToCloseTCB(RcvTCB, Reason, TableHandle); CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle);
if (RcvTCB->tcb_state != TCB_TIME_WAIT) { CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle); RemoveTCBFromConn(RcvTCB); NotifyOfDisc(RcvTCB, OptInfo, TDI_CONNECTION_RESET); CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle); } DerefTCB(RcvTCB, TableHandle); return IP_SUCCESS; } // Next check the SYN bit.
if (RcvInfo.tri_flags & TCP_FLAG_SYN) { //
// Again, we can't quietly go back into the LISTEN state
// here, even if we came from a passive open.
//
TryToCloseTCB(RcvTCB, TCB_CLOSE_ABORTED, TableHandle); SendRSTFromHeader(TCPH, Size, Src, Dest, OptInfo);
CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle);
if (RcvTCB->tcb_state != TCB_TIME_WAIT) { CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle); RemoveTCBFromConn(RcvTCB); NotifyOfDisc(RcvTCB, OptInfo, TDI_CONNECTION_RESET); CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle); } DerefTCB(RcvTCB, TableHandle); return IP_SUCCESS; } // Check the ACK field. If it's not on drop the segment.
if (RcvInfo.tri_flags & TCP_FLAG_ACK) { uint UpdateWindow;
// If we're in SYN-RCVD, go to ESTABLISHED.
if (RcvTCB->tcb_state == TCB_SYN_RCVD) { if (SEQ_LT(RcvTCB->tcb_senduna, RcvInfo.tri_ack) && SEQ_LTE(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) { // The ack is valid.
if (SynAttackProtect) {
SynAttChk(NULL, RcvTCB);
if (RcvTCB->tcb_fastchk & TCP_FLAG_ACCEPT_PENDING) { AddrObj *AO; BOOLEAN stat=FALSE;
//KdPrintEx((DPFLTR_TCPIP_ID, DPFLTR_INFO_LEVEL,"EP:relookup %x\n",RcvTCB));
//
// We will be reiniting the tcprexmitcnt to 0.
// If we are configured for syn-attack
// protection and the rexmit cnt is >1,
// decrement the count of connections that are
// in the half-open-retried state. Check
// whether we are below a low-watermark. If we
// are, increase the rexmit count back to
// configured values
//
//Check if we still have the listening endpoint
CTEGetLockAtDPC(&AddrObjTableLock.Lock, &TableHandle); AO = GetBestAddrObj(Dest, TCPH->tcp_dest, PROTOCOL_TCP, TRUE);
if (AO && AO->ao_connect == NULL) {
//
// Lets see if there is one more addr obj
// matching the incoming request with
// ao_connect != NULL
//
AddrObj *tmpAO;
tmpAO = GetNextBestAddrObj(Dest, TCPH->tcp_dest, PROTOCOL_TCP, AO, TRUE);
if (tmpAO != NULL) { AO = tmpAO; } }
if (AO != NULL) { stat = DelayedAcceptConn(AO,Src,TCPH->tcp_src,RcvTCB); } else { CTEFreeLockFromDPC(&AddrObjTableLock.Lock, TableHandle); }
if (!stat) { //send RST
//DerefTCB(RcvTCB, TableHandle);
DEREFERENCE_TCB(RcvTCB); TryToCloseTCB(RcvTCB, TCB_CLOSE_REFUSED, TableHandle); SendRSTFromHeader(TCPH, Size, Src, Dest, OptInfo); return IP_SUCCESS; } else { RcvTCB->tcb_fastchk &= ~TCP_FLAG_ACCEPT_PENDING; //complete accpt irp immdtly
//CompleteConnReq(RcvTCB, &RcvTCB->tcb_opt, TDI_SUCCESS);
} }
} RcvTCB->tcb_rexmitcnt = 0; STOP_TCB_TIMER_R(RcvTCB, RXMIT_TIMER); RcvTCB->tcb_senduna++; RcvTCB->tcb_sendwin = RcvInfo.tri_window; RcvTCB->tcb_maxwin = RcvInfo.tri_window; RcvTCB->tcb_sendwl1 = RcvInfo.tri_seq; RcvTCB->tcb_sendwl2 = RcvInfo.tri_ack; GoToEstab(RcvTCB);#if TRACE_EVENT
CPCallBack = TCPCPHandlerRoutine; if (CPCallBack != NULL) { ulong GroupType;
WMIInfo.wmi_destaddr = RcvTCB->tcb_daddr; WMIInfo.wmi_destport = RcvTCB->tcb_dport; WMIInfo.wmi_srcaddr = RcvTCB->tcb_saddr; WMIInfo.wmi_srcport = RcvTCB->tcb_sport; WMIInfo.wmi_size = 0; WMIInfo.wmi_context = RcvTCB->tcb_cpcontext;
GroupType = EVENT_TRACE_GROUP_TCPIP + EVENT_TRACE_TYPE_ACCEPT; (*CPCallBack) (GroupType, (PVOID)&WMIInfo, sizeof(WMIInfo), NULL); }#endif
// Now complete whatever we can here.
CompleteConnReq(RcvTCB, OptInfo, TDI_SUCCESS); } else {
if (SynAttackProtect) { SynAttChk(NULL, RcvTCB); }
DerefTCB(RcvTCB, TableHandle); SendRSTFromHeader(TCPH, Size, Src, Dest, OptInfo); return IP_SUCCESS; } } else { Queue SendQ;
INITQ(&SendQ);
// We're not in SYN-RCVD. See if this acknowledges anything.
if (SEQ_LT(RcvTCB->tcb_senduna, RcvInfo.tri_ack) && SEQ_LTE(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) { uint CWin; uint Amount = RcvInfo.tri_ack - RcvTCB->tcb_senduna;
//
// The ack acknowledes something. Pull the
// appropriate amount off the send q.
//
ACKData(RcvTCB, RcvInfo.tri_ack, &SendQ);
//
// If this acknowledges something we were running
// an RTT on, update that stuff now.
//
{ short RTT; BOOLEAN fUpdateRtt = FALSE;
//
// if timestamp is true, get the RTT using the
// echoed timestamp.
//
if (time_stamp && tsecr) { RTT = TCPTime - tsecr; fUpdateRtt = TRUE; } else { if (RcvTCB->tcb_rtt != 0 && SEQ_GT(RcvInfo.tri_ack, RcvTCB->tcb_rttseq)) { RTT = (short)(TCPTime - RcvTCB->tcb_rtt); fUpdateRtt = TRUE; } }
if (fUpdateRtt) {
RcvTCB->tcb_rtt = 0; RTT -= (RcvTCB->tcb_smrtt >> 3); RcvTCB->tcb_smrtt += RTT;
RTT = (RTT >= 0 ? RTT : -RTT); RTT -= (RcvTCB->tcb_delta >> 3); RcvTCB->tcb_delta += RTT + RTT;
RcvTCB->tcb_rexmit = MIN(MAX(REXMIT_TO(RcvTCB), MIN_RETRAN_TICKS)+1, MAX_REXMIT_TO); } }
//
// If we're probing for a PMTU black hole we've
// found one, so turn off
// the detection. The size is already down, so
// leave it there.
//
if (RcvTCB->tcb_flags & PMTU_BH_PROBE) { RcvTCB->tcb_flags &= ~PMTU_BH_PROBE; RcvTCB->tcb_bhprobecnt = 0; if (--(RcvTCB->tcb_slowcount) == 0) { RcvTCB->tcb_fastchk &= ~TCP_FLAG_SLOW; CheckTCBRcv(RcvTCB); } } // Update the congestion window now.
CWin = RcvTCB->tcb_cwin; if (CWin < RcvTCB->tcb_maxwin) { if (CWin < RcvTCB->tcb_ssthresh) CWin += (RcvTCB->tcb_flags & SCALE_CWIN) ? Amount : RcvTCB->tcb_mss; else CWin += MAX((RcvTCB->tcb_mss * RcvTCB->tcb_mss) / CWin, 1);
RcvTCB->tcb_cwin = MIN(CWin, RcvTCB->tcb_maxwin); }
if ((RcvTCB->tcb_dup > 0) && ((int)RcvTCB->tcb_ssthresh > 0)) { //
// Fast retransmitted frame is acked
// Set cwin to ssthresh so that cwin grows
// linearly from here
//
RcvTCB->tcb_cwin = RcvTCB->tcb_ssthresh; }
RcvTCB->tcb_dup = 0;
ASSERT(*(int *)&RcvTCB->tcb_cwin > 0);
//
// We've acknowledged something, so reset the
// rexmit count. If there's still stuff
// outstanding, restart the rexmit timer.
//
RcvTCB->tcb_rexmitcnt = 0; if (!SEQ_EQ(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) START_TCB_TIMER_R(RcvTCB, RXMIT_TIMER, RcvTCB->tcb_rexmit); else STOP_TCB_TIMER_R(RcvTCB, RXMIT_TIMER);
//
// If we've sent a FIN, and this acknowledges it, we
// need to complete the client's close request and
// possibly transition our state.
//
if (RcvTCB->tcb_flags & FIN_SENT) { //
// We have sent a FIN. See if it's been
// acknowledged. Once we've sent a FIN,
// tcb_sendmax can't advance, so our FIN must
// have seq. number tcb_sendmax - 1. Thus our
// FIN is acknowledged if the incoming ack is
// equal to tcb_sendmax.
//
if (SEQ_EQ(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) { //
// He's acked our FIN. Turn off the flags,
// and complete the request. We'll leave the
// FIN_OUTSTANDING flag alone, to force
// early outs in the send code.
//
RcvTCB->tcb_flags &= ~(FIN_NEEDED | FIN_SENT);
ASSERT(RcvTCB->tcb_unacked == 0); ASSERT(RcvTCB->tcb_sendnext == RcvTCB->tcb_sendmax);
//
// Now figure out what we need to do. In
// FIN_WAIT1 or FIN_WAIT, just complete
// the disconnect req. and continue.
// Otherwise, it's a bit trickier,
// since we can't complete the connreq
// until we remove the TCB from it's
// connection.
//
switch (RcvTCB->tcb_state) { ushort ConnReqTimeout = 0;
case TCB_FIN_WAIT1:
RcvTCB->tcb_state = TCB_FIN_WAIT2;
if (RcvTCB->tcb_fastchk & TCP_FLAG_SEND_AND_DISC) { //RcvTCB->tcb_flags |= DISC_NOTIFIED;
} else { if (RcvTCB->tcb_connreq) { ConnReqTimeout = RcvTCB->tcb_connreq->tcr_timeout; } CompleteConnReq(RcvTCB, OptInfo, TDI_SUCCESS); }
//
// Start a timer in case we never get
// out of FIN_WAIT2. Set the retransmit
// count high to force a timeout the
// first time the timer fires.
//
if (ConnReqTimeout) { RcvTCB->tcb_rexmitcnt = 1; } else { RcvTCB->tcb_rexmitcnt = (uchar) MaxDataRexmitCount; ConnReqTimeout = (ushort)FinWait2TO; }
START_TCB_TIMER_R(RcvTCB, RXMIT_TIMER, ConnReqTimeout);
//Fall through to FIN-WAIT-2 processing.
case TCB_FIN_WAIT2: break; case TCB_CLOSING:
//
//Note that we do not care about
//return stat from GracefulClose
//since we do not touch the tcb
//anyway, anymore, even if it is in
//time_wait.
//
GracefulClose(RcvTCB, TRUE, FALSE, TableHandle); if (!EMPTYQ(&SendQ)) { CompleteSends(&SendQ); } return IP_SUCCESS; break; case TCB_LAST_ACK: GracefulClose(RcvTCB, FALSE, FALSE, TableHandle); if (!EMPTYQ(&SendQ)) { CompleteSends(&SendQ); } return IP_SUCCESS; break; default: ASSERT(0); break; } } } UpdateWindow = TRUE;
} else { //
// It doesn't ack anything. If it's an ack for
// something larger than we've sent then
// ACKAndDrop it, otherwise ignore it. If we're in
// FIN_WAIT2, we'll restart the timer.
// We don't make this check above because we know no
// data can be acked when we're in FIN_WAIT2.
//
if (RcvTCB->tcb_state == TCB_FIN_WAIT2) START_TCB_TIMER_R(RcvTCB, RXMIT_TIMER, (ushort) FinWait2TO);
if (SEQ_GT(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) { ACKAndDrop(&RcvInfo, RcvTCB); return IP_SUCCESS;
} else if ((Size == 0) && SEQ_EQ(RcvTCB->tcb_senduna, RcvInfo.tri_ack) && (SEQ_LT(RcvTCB->tcb_senduna, RcvTCB->tcb_sendmax)) && (RcvTCB->tcb_sendwin == RcvInfo.tri_window) && RcvInfo.tri_window) {
// See if fast rexmit can be done
if(HandleFastXmit(RcvTCB, &RcvInfo)){ return IP_SUCCESS; } Actions = (RcvTCB->tcb_unacked ? NEED_OUTPUT : 0); } else {
// Now update the window if we can.
if (SEQ_EQ(RcvTCB->tcb_senduna, RcvInfo.tri_ack) && (SEQ_LT(RcvTCB->tcb_sendwl1, RcvInfo.tri_seq) || (SEQ_EQ(RcvTCB->tcb_sendwl1, RcvInfo.tri_seq) && SEQ_LTE(RcvTCB->tcb_sendwl2, RcvInfo.tri_ack)))) { UpdateWindow = TRUE; } else UpdateWindow = FALSE; } }
if (UpdateWindow) { RcvTCB->tcb_sendwin = RcvInfo.tri_window; RcvTCB->tcb_maxwin = MAX(RcvTCB->tcb_maxwin, RcvInfo.tri_window); RcvTCB->tcb_sendwl1 = RcvInfo.tri_seq; RcvTCB->tcb_sendwl2 = RcvInfo.tri_ack; if (RcvInfo.tri_window == 0) { // We've got a zero window.
if (!EMPTYQ(&RcvTCB->tcb_sendq)) { RcvTCB->tcb_flags &= ~NEED_OUTPUT; RcvTCB->tcb_rexmitcnt = 0; START_TCB_TIMER_R(RcvTCB, RXMIT_TIMER, RcvTCB->tcb_rexmit); if (!(RcvTCB->tcb_flags & FLOW_CNTLD)) { RcvTCB->tcb_flags |= FLOW_CNTLD; RcvTCB->tcb_slowcount++; RcvTCB->tcb_fastchk |= TCP_FLAG_SLOW; CheckTCBRcv(RcvTCB); } } } else { if (RcvTCB->tcb_flags & FLOW_CNTLD) {
RcvTCB->tcb_rexmitcnt = 0;
RcvTCB->tcb_rexmit = MIN(MAX(REXMIT_TO(RcvTCB), MIN_RETRAN_TICKS), MAX_REXMIT_TO);
//if (!TCB_TIMER_RUNNING(RcvTCB, RXMIT_TIMER)) {
START_TCB_TIMER_R(RcvTCB, RXMIT_TIMER, RcvTCB->tcb_rexmit); //}
RcvTCB->tcb_flags &= ~(FLOW_CNTLD | FORCE_OUTPUT); //
// Reset send next to the left edge of the
// window, because it might be at
// senduna+1 if we've been probing.
//
ResetSendNext(RcvTCB, RcvTCB->tcb_senduna); if (--(RcvTCB->tcb_slowcount) == 0) { RcvTCB->tcb_fastchk &= ~TCP_FLAG_SLOW; CheckTCBRcv(RcvTCB); } } //
// Since we've updated the window, see if we
// can send some more.
//
if (RcvTCB->tcb_unacked != 0 || (RcvTCB->tcb_flags & FIN_NEEDED)) DelayAction(RcvTCB, NEED_OUTPUT);
} }
if (!EMPTYQ(&SendQ)) { CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle); CompleteSends(&SendQ); CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle); } }
//
// We've handled all the acknowledgment stuff. If the size
// is greater than 0 or important bits are set process it // further, otherwise it's a pure ack and we're done with
// it.
//
if (Size > 0 || (RcvInfo.tri_flags & TCP_FLAG_FIN)) {
//
// If we're not in a state where we can process
// incoming data or FINs, there's no point in going
// further. Just send an ack and drop this segment.
//
if (!DATA_RCV_STATE(RcvTCB->tcb_state) || (RcvTCB->tcb_flags & GC_PENDING)) { ACKAndDrop(&RcvInfo, RcvTCB); return IP_SUCCESS; } //
// If it's in sequence process it now, otherwise
// reassemble it.
//
if (SEQ_EQ(RcvInfo.tri_seq, RcvTCB->tcb_rcvnext)) {
//
// If we're already in the recv. handler, this is a
// duplicate. We'll just toss it.
//
if (RcvTCB->tcb_fastchk & TCP_FLAG_IN_RCV) { DerefTCB(RcvTCB, TableHandle); return IP_SUCCESS; } RcvTCB->tcb_fastchk |= TCP_FLAG_IN_RCV;
//
// Now loop, pulling things from the reassembly
// queue, until the queue is empty, or we can't
// take all of the data, or we hit a FIN.
//
do {
// Handle urgent data, if any.
if (RcvInfo.tri_flags & TCP_FLAG_URG) { HandleUrgent(RcvTCB, &RcvInfo, RcvBuf, &Size);
//
// Since we may have freed the lock, we
// need to recheck and see if we're
// closing here.
//
if (CLOSING(RcvTCB)) break;
}
//
// OK, the data is in sequence, we've updated
// the reassembly queue and handled any urgent
// data. If we have any data go ahead and
// process it now.
//
if (Size > 0) {
BytesTaken = (*RcvTCB->tcb_rcvhndlr) (RcvTCB, RcvInfo.tri_flags, RcvBuf, Size); RcvTCB->tcb_rcvnext += BytesTaken; RcvTCB->tcb_rcvwin -= BytesTaken;
CheckTCBRcv(RcvTCB);
if (RcvTCB->tcb_rcvdsegs != RcvTCB->tcb_numdelacks){ RcvTCB->tcb_flags |= ACK_DELAYED; RcvTCB->tcb_rcvdsegs++; ASSERT(RcvTCB->tcb_delackticks); START_TCB_TIMER_R(RcvTCB, DELACK_TIMER, RcvTCB->tcb_delackticks); } else { DelayAction(RcvTCB, NEED_ACK); RcvTCB->tcb_rcvdsegs = 0; STOP_TCB_TIMER_R(RcvTCB, DELACK_TIMER); }
if (BytesTaken != Size) { //
// We didn't take everything we could.
// No use in further processing, just
// bail out.
//
DelayAction(RcvTCB, NEED_ACK); break; } //
// If we're closing now, we're done, so
// get out.
//
if (CLOSING(RcvTCB)) break; } //
// See if we need to advance over some urgent
// data.
//
if (RcvTCB->tcb_flags & URG_VALID) { uint AdvanceNeeded;
//
// We only need to adv if we're not doing
// urgent inline. Urg inline also has some
// implications for when we can clear the
// URG_VALID flag. If we're not doing
// urgent inline, we can clear it when
// rcvnext advances beyond urgent end.
// If we are doing inline, we clear it
// when rcvnext advances one receive
// window beyond urgend.
//
if (!(RcvTCB->tcb_flags & URG_INLINE)) {
if (RcvTCB->tcb_rcvnext == RcvTCB->tcb_urgstart) RcvTCB->tcb_rcvnext = RcvTCB->tcb_urgend + 1; else ASSERT(SEQ_LT(RcvTCB->tcb_rcvnext, RcvTCB->tcb_urgstart) || SEQ_GT(RcvTCB->tcb_rcvnext, RcvTCB->tcb_urgend)); AdvanceNeeded = 0; } else AdvanceNeeded = RcvTCB->tcb_defaultwin;
// See if we can clear the URG_VALID flag.
if (SEQ_GT(RcvTCB->tcb_rcvnext - AdvanceNeeded, RcvTCB->tcb_urgend)) { RcvTCB->tcb_flags &= ~URG_VALID; if (--(RcvTCB->tcb_slowcount) == 0) { RcvTCB->tcb_fastchk &= ~TCP_FLAG_SLOW; CheckTCBRcv(RcvTCB); } } } //
// We've handled the data. If the FIN bit is
// set, we have more processing.
//
if (RcvInfo.tri_flags & TCP_FLAG_FIN) { uint Notify = FALSE; uint DelayAck = TRUE;
RcvTCB->tcb_rcvnext++;
PushData(RcvTCB);
switch (RcvTCB->tcb_state) {
case TCB_SYN_RCVD: //
// I don't think we can get here - we
// should have discarded the frame if it
// had no ACK, or gone to established if
// it did.
//
ASSERT(0); case TCB_ESTAB: RcvTCB->tcb_state = TCB_CLOSE_WAIT; //
// We left established, we're off the
// fast path.
//
RcvTCB->tcb_slowcount++; RcvTCB->tcb_fastchk |= TCP_FLAG_SLOW; CheckTCBRcv(RcvTCB);
Notify = TRUE; break; case TCB_FIN_WAIT1:
RcvTCB->tcb_state = TCB_CLOSING; DelayAck = FALSE; //RcvTCB->tcb_refcnt++;
CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle);
SendACK(RcvTCB);
CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle);
Notify = TRUE; break; case TCB_FIN_WAIT2:
// Stop the FIN_WAIT2 timer.
DelayAck = FALSE;
STOP_TCB_TIMER_R(RcvTCB, RXMIT_TIMER);
REFERENCE_TCB(RcvTCB);
CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle);
SendACK(RcvTCB);
CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle);
if (RcvTCB->tcb_fastchk & TCP_FLAG_SEND_AND_DISC) { GracefulClose(RcvTCB, TRUE, FALSE, TableHandle); } else { GracefulClose(RcvTCB, TRUE, TRUE, TableHandle); }
//
//graceful close has put this tcb in
//timewait state should not access
//small tw tcb at this point
//
CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle);
DerefTCB(RcvTCB, TableHandle);
return IP_SUCCESS;
break; default: ASSERT(0); break; }
if (DelayAck) { DelayAction(RcvTCB, NEED_ACK); } if (Notify) { CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle); NotifyOfDisc(RcvTCB, OptInfo, TDI_GRACEFUL_DISC); CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle); } break; // Exit out of WHILE loop.
} // If the reassembly queue isn't empty, get what we
// can now.
RcvBuf = PullFromRAQ(RcvTCB, &RcvInfo, &Size);
if (RcvBuf) RcvBuf->ipr_pMdl = NULL;
CheckRBList(RcvBuf, Size);
} while (RcvBuf != NULL);
RcvTCB->tcb_fastchk &= ~TCP_FLAG_IN_RCV; if (RcvTCB->tcb_flags & SEND_AFTER_RCV) { RcvTCB->tcb_flags &= ~SEND_AFTER_RCV; DelayAction(RcvTCB, NEED_OUTPUT); } DerefTCB(RcvTCB, TableHandle); return IP_SUCCESS;
} else {
// It's not in sequence. Since it needs further processing,
// put in on the reassembly queue.
if (DATA_RCV_STATE(RcvTCB->tcb_state) && !(RcvTCB->tcb_flags & GC_PENDING)) { PutOnRAQ(RcvTCB, &RcvInfo, RcvBuf, Size);
//
//If SACK option is active, we need to construct
// SACK Blocks in ack
//
if (RcvTCB->tcb_tcpopts & TCP_FLAG_SACK) {
SendSackInACK(RcvTCB, RcvInfo.tri_seq); } else { CTEFreeLockFromDPC(&RcvTCB->tcb_lock, TableHandle);
SendACK(RcvTCB); }
CTEGetLockAtDPC(&RcvTCB->tcb_lock, &TableHandle); DerefTCB(RcvTCB, TableHandle); } else ACKAndDrop(&RcvInfo, RcvTCB);
return IP_SUCCESS; } } } else { // No ACK. Just drop the segment and return.
DerefTCB(RcvTCB, TableHandle); return IP_SUCCESS; }
DerefTCB(RcvTCB, TableHandle); } else { // DataOffset <= Size
TStats.ts_inerrs++; } } else { TStats.ts_inerrs++; } } else { // IsBCast
TStats.ts_inerrs++; } return IP_SUCCESS;}
#pragma BEGIN_INIT
//* InitTCPRcv - Initialize TCP receive side.
//
// Called during init time to initialize our TCP receive side.
//
// Input: Nothing.
//
// Returns: TRUE.
//
intInitTCPRcv(void){ uint i;
//Allocate Time_Proc number of delayqueues
PerCPUDelayQ = CTEAllocMemBoot(Time_Proc * sizeof(CPUDelayQ));
if (PerCPUDelayQ == NULL) { return FALSE; }
for (i = 0; i < Time_Proc; i++) { CTEInitLock(&PerCPUDelayQ[i].TCBDelayLock); INITQ(&PerCPUDelayQ[i].TCBDelayQ); }
TCBDelayRtnCount.Value = 0;
#if MILLEN
TCBDelayRtnLimit.Value = 1;#else // MILLEN
TCBDelayRtnLimit.Value = KeNumberProcessors; if (TCBDelayRtnLimit.Value > TCB_DELAY_RTN_LIMIT) TCBDelayRtnLimit.Value = TCB_DELAY_RTN_LIMIT;#endif // !MILLEN
DummyBuf.ipr_owner = IPR_OWNER_IP; DummyBuf.ipr_size = 0; DummyBuf.ipr_next = 0; DummyBuf.ipr_buffer = NULL; return TRUE;}
//* UnInitTCPRcv - Uninitialize our receive side.
//
// Called if initialization fails to uninitialize our receive side.
//
//
// Input: Nothing.
//
// Returns: Nothing.
//
voidUnInitTCPRcv(void){
}
#pragma END_INIT
|
