mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4100 lines
152 KiB
4100 lines
152 KiB
// -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
|
|
//
|
|
// Copyright (c) 1985-2000 Microsoft Corporation
|
|
//
|
|
// This file is part of the Microsoft Research IPv6 Network Protocol Stack.
|
|
// You should have received a copy of the Microsoft End-User License Agreement
|
|
// for this software along with this release; see the file "license.txt".
|
|
// If not, please see http://www.research.microsoft.com/msripv6/license.htm,
|
|
// or write to Microsoft Research, One Microsoft Way, Redmond, WA 98052-6399.
|
|
//
|
|
// Abstract:
|
|
//
|
|
// TCP receive code.
|
|
//
|
|
// This file contains the code for handling incoming TCP packets.
|
|
//
|
|
|
|
|
|
#include "oscfg.h"
|
|
#include "ndis.h"
|
|
#include "ip6imp.h"
|
|
#include "ip6def.h"
|
|
#include "icmp.h"
|
|
#include "tdi.h"
|
|
#include "tdint.h"
|
|
#include "tdistat.h"
|
|
#include "queue.h"
|
|
#include "transprt.h"
|
|
#include "addr.h"
|
|
#include "tcp.h"
|
|
#include "tcb.h"
|
|
#include "tcpconn.h"
|
|
#include "tcpsend.h"
|
|
#include "tcprcv.h"
|
|
#include "tcpdeliv.h"
|
|
#include "info.h"
|
|
#include "tcpcfg.h"
|
|
#include "route.h"
|
|
#include "security.h"
|
|
|
|
uint RequestCompleteFlags;
|
|
|
|
Queue ConnRequestCompleteQ;
|
|
Queue SendCompleteQ;
|
|
|
|
Queue TCBDelayQ;
|
|
|
|
KSPIN_LOCK RequestCompleteLock;
|
|
KSPIN_LOCK TCBDelayLock;
|
|
|
|
ulong TCBDelayRtnCount;
|
|
ulong TCBDelayRtnLimit;
|
|
#define TCB_DELAY_RTN_LIMIT 4
|
|
|
|
uint MaxDupAcks = 2;
|
|
|
|
extern KSPIN_LOCK TCBTableLock;
|
|
extern KSPIN_LOCK AddrObjTableLock;
|
|
|
|
|
|
#define PERSIST_TIMEOUT MS_TO_TICKS(500)
|
|
|
|
void ResetSendNext(TCB *SeqTCB, SeqNum NewSeq);
|
|
|
|
NTSTATUS TCPPrepareIrpForCancel(PTCP_CONTEXT TcpContext, PIRP Irp,
|
|
PDRIVER_CANCEL CancelRoutine);
|
|
|
|
extern void TCPRequestComplete(void *Context, unsigned int Status,
|
|
unsigned int UnUsed);
|
|
|
|
VOID TCPCancelRequest(PDEVICE_OBJECT Device, PIRP Irp);
|
|
|
|
//
|
|
// All of the init code can be discarded.
|
|
//
|
|
#ifdef ALLOC_PRAGMA
|
|
|
|
int InitTCPRcv(void);
|
|
|
|
#pragma alloc_text(INIT, InitTCPRcv)
|
|
|
|
#endif // ALLOC_PRAGMA
|
|
|
|
|
|
//* AdjustRcvWin - Adjust the receive window on a TCB.
|
|
//
|
|
// A utility routine that adjusts the receive window to an even multiple of
|
|
// the local segment size. We round it up to the next closest multiple, or
|
|
// leave it alone if it's already an event multiple. We assume we have
|
|
// exclusive access to the input TCB.
|
|
//
|
|
void // Returns: Nothing.
|
|
AdjustRcvWin(
|
|
TCB *WinTCB) // TCB to be adjusted.
|
|
{
|
|
ushort LocalMSS;
|
|
uchar FoundMSS;
|
|
ulong SegmentsInWindow;
|
|
|
|
ASSERT(WinTCB->tcb_defaultwin != 0);
|
|
ASSERT(WinTCB->tcb_rcvwin != 0);
|
|
ASSERT(WinTCB->tcb_remmss != 0);
|
|
|
|
if (WinTCB->tcb_flags & WINDOW_SET)
|
|
return;
|
|
|
|
#if 0
|
|
//
|
|
// First, get the local MSS by calling IP.
|
|
//
|
|
|
|
// REVIEW: IPv4 had code here to call down to IP to get the local MTU
|
|
// REVIEW: corresponding to this source address. Result in "LocalMSS",
|
|
// REVIEW: status of call in "FoundMSS".
|
|
//
|
|
// REVIEW: Why did they do this? tcb_mss is already set by this point!
|
|
//
|
|
|
|
if (!FoundMSS) {
|
|
//
|
|
// Didn't find it, error out.
|
|
//
|
|
ASSERT(FALSE);
|
|
return;
|
|
}
|
|
LocalMSS -= sizeof(TCPHeader);
|
|
LocalMSS = MIN(LocalMSS, WinTCB->tcb_remmss);
|
|
#else
|
|
LocalMSS = WinTCB->tcb_mss;
|
|
#endif
|
|
|
|
SegmentsInWindow = WinTCB->tcb_defaultwin / (ulong)LocalMSS;
|
|
|
|
//
|
|
// Make sure we have at least 4 segments in window, if that wouldn't make
|
|
// the window too big.
|
|
//
|
|
if (SegmentsInWindow < 4) {
|
|
//
|
|
// We have fewer than four segments in the window. Round up to 4
|
|
// if we can do so without exceeding the maximum window size; otherwise
|
|
// use the maximum multiple that we can fit in 64K. The exception is
|
|
// if we can only fit one integral multiple in the window - in that
|
|
// case we'll use a window of 0xffff.
|
|
//
|
|
if (LocalMSS <= (0xffff/4)) {
|
|
WinTCB->tcb_defaultwin = (uint)(4 * LocalMSS);
|
|
} else {
|
|
ulong SegmentsInMaxWindow;
|
|
|
|
//
|
|
// Figure out the maximum number of segments we could possibly
|
|
// fit in a window. If this is > 1, use that as the basis for
|
|
// our window size. Otherwise use a maximum size window.
|
|
//
|
|
SegmentsInMaxWindow = 0xffff/(ulong)LocalMSS;
|
|
if (SegmentsInMaxWindow != 1)
|
|
WinTCB->tcb_defaultwin = SegmentsInMaxWindow * (ulong)LocalMSS;
|
|
else
|
|
WinTCB->tcb_defaultwin = 0xffff;
|
|
}
|
|
|
|
WinTCB->tcb_rcvwin = WinTCB->tcb_defaultwin;
|
|
|
|
} else {
|
|
//
|
|
// If it's not already an even multiple, bump the default and current
|
|
// windows to the nearest multiple.
|
|
//
|
|
if ((SegmentsInWindow * (ulong)LocalMSS) != WinTCB->tcb_defaultwin) {
|
|
ulong NewWindow;
|
|
|
|
NewWindow = (SegmentsInWindow + 1) * (ulong)LocalMSS;
|
|
|
|
// Don't let the new window be > 64K.
|
|
if (NewWindow <= 0xffff) {
|
|
WinTCB->tcb_defaultwin = (uint)NewWindow;
|
|
WinTCB->tcb_rcvwin = (uint)NewWindow;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
//* CompleteRcvs - Complete receives on a TCB.
|
|
//
|
|
// Called when we need to complete receives on a TCB. We'll pull things from
|
|
// the TCB's receive queue, as long as there are receives that have the PUSH
|
|
// bit set.
|
|
//
|
|
void // Returns: Nothing.
|
|
CompleteRcvs(
|
|
TCB *CmpltTCB) // TCB to complete on.
|
|
{
|
|
KIRQL OldIrql;
|
|
TCPRcvReq *CurrReq, *NextReq, *IndReq;
|
|
|
|
CHECK_STRUCT(CmpltTCB, tcb);
|
|
ASSERT(CmpltTCB->tcb_refcnt != 0);
|
|
|
|
KeAcquireSpinLock(&CmpltTCB->tcb_lock, &OldIrql);
|
|
|
|
if (!CLOSING(CmpltTCB) && !(CmpltTCB->tcb_flags & RCV_CMPLTING)
|
|
&& (CmpltTCB->tcb_rcvhead != NULL)) {
|
|
|
|
CmpltTCB->tcb_flags |= RCV_CMPLTING;
|
|
|
|
for (;;) {
|
|
|
|
CurrReq = CmpltTCB->tcb_rcvhead;
|
|
IndReq = NULL;
|
|
do {
|
|
CHECK_STRUCT(CurrReq, trr);
|
|
|
|
if (CurrReq->trr_flags & TRR_PUSHED) {
|
|
//
|
|
// Need to complete this one. If this is the current
|
|
// receive then advance the current receive to the next
|
|
// one in the list. Then set the list head to the next
|
|
// one in the list.
|
|
//
|
|
ASSERT(CurrReq->trr_amt != 0 ||
|
|
!DATA_RCV_STATE(CmpltTCB->tcb_state));
|
|
|
|
NextReq = CurrReq->trr_next;
|
|
if (CmpltTCB->tcb_currcv == CurrReq)
|
|
CmpltTCB->tcb_currcv = NextReq;
|
|
|
|
CmpltTCB->tcb_rcvhead = NextReq;
|
|
|
|
if (NextReq == NULL) {
|
|
//
|
|
// We've just removed the last buffer. Set the
|
|
// rcvhandler to PendData, in case something
|
|
// comes in during the callback.
|
|
//
|
|
ASSERT(CmpltTCB->tcb_rcvhndlr != IndicateData);
|
|
CmpltTCB->tcb_rcvhndlr = PendData;
|
|
}
|
|
|
|
KeReleaseSpinLock(&CmpltTCB->tcb_lock, OldIrql);
|
|
if (CurrReq->trr_uflags != NULL)
|
|
*(CurrReq->trr_uflags) =
|
|
TDI_RECEIVE_NORMAL | TDI_RECEIVE_ENTIRE_MESSAGE;
|
|
|
|
(*CurrReq->trr_rtn)(CurrReq->trr_context, TDI_SUCCESS,
|
|
CurrReq->trr_amt);
|
|
if (IndReq != NULL)
|
|
FreeRcvReq(CurrReq);
|
|
else
|
|
IndReq = CurrReq;
|
|
KeAcquireSpinLock(&CmpltTCB->tcb_lock, &OldIrql);
|
|
CurrReq = CmpltTCB->tcb_rcvhead;
|
|
|
|
} else
|
|
// This one isn't to be completed, so bail out.
|
|
break;
|
|
} while (CurrReq != NULL);
|
|
|
|
//
|
|
// Now see if we've completed all of the requests. If we have,
|
|
// we may need to deal with pending data and/or reset the receive
|
|
// handler.
|
|
//
|
|
if (CurrReq == NULL) {
|
|
//
|
|
// We've completed everything that can be, so stop the push
|
|
// timer. We don't stop it if CurrReq isn't NULL because we
|
|
// want to make sure later data is eventually pushed.
|
|
//
|
|
STOP_TCB_TIMER(CmpltTCB->tcb_pushtimer);
|
|
|
|
ASSERT(IndReq != NULL);
|
|
//
|
|
// No more receive requests.
|
|
//
|
|
if (CmpltTCB->tcb_pendhead == NULL) {
|
|
FreeRcvReq(IndReq);
|
|
//
|
|
// No pending data. Set the receive handler to either
|
|
// PendData or IndicateData.
|
|
//
|
|
if (!(CmpltTCB->tcb_flags & (DISC_PENDING | GC_PENDING))) {
|
|
if (CmpltTCB->tcb_rcvind != NULL &&
|
|
CmpltTCB->tcb_indicated == 0)
|
|
CmpltTCB->tcb_rcvhndlr = IndicateData;
|
|
else
|
|
CmpltTCB->tcb_rcvhndlr = PendData;
|
|
} else {
|
|
goto Complete_Notify;
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// We have pending data to deal with.
|
|
//
|
|
if (CmpltTCB->tcb_rcvind != NULL &&
|
|
CmpltTCB->tcb_indicated == 0) {
|
|
//
|
|
// There's a receive indicate handler on this TCB.
|
|
// Call the indicate handler with the pending data.
|
|
//
|
|
IndicatePendingData(CmpltTCB, IndReq, OldIrql);
|
|
SendACK(CmpltTCB);
|
|
KeAcquireSpinLock(&CmpltTCB->tcb_lock, &OldIrql);
|
|
|
|
//
|
|
// See if a buffer has been posted. If so, we'll need
|
|
// to check and see if it needs to be completed.
|
|
//
|
|
if (CmpltTCB->tcb_rcvhead != NULL)
|
|
continue;
|
|
else {
|
|
//
|
|
// If the pending head is now NULL, we've used up
|
|
// all the data.
|
|
//
|
|
if (CmpltTCB->tcb_pendhead == NULL &&
|
|
(CmpltTCB->tcb_flags &
|
|
(DISC_PENDING | GC_PENDING)))
|
|
goto Complete_Notify;
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// No indicate handler, so nothing to do. The receive
|
|
// handler should already be set to PendData.
|
|
//
|
|
FreeRcvReq(IndReq);
|
|
ASSERT(CmpltTCB->tcb_rcvhndlr == PendData);
|
|
}
|
|
}
|
|
} else {
|
|
if (IndReq != NULL)
|
|
FreeRcvReq(IndReq);
|
|
ASSERT(CmpltTCB->tcb_rcvhndlr == BufferData);
|
|
}
|
|
|
|
break;
|
|
}
|
|
CmpltTCB->tcb_flags &= ~RCV_CMPLTING;
|
|
}
|
|
KeReleaseSpinLock(&CmpltTCB->tcb_lock, OldIrql);
|
|
return;
|
|
|
|
Complete_Notify:
|
|
//
|
|
// Something is pending. Figure out what it is, and do it.
|
|
//
|
|
if (CmpltTCB->tcb_flags & GC_PENDING) {
|
|
CmpltTCB->tcb_flags &= ~RCV_CMPLTING;
|
|
//
|
|
// Bump the refcnt, because GracefulClose will deref the TCB
|
|
// and we're not really done with it yet.
|
|
//
|
|
CmpltTCB->tcb_refcnt++;
|
|
GracefulClose(CmpltTCB, CmpltTCB->tcb_flags & TW_PENDING, TRUE,
|
|
OldIrql);
|
|
} else
|
|
if (CmpltTCB->tcb_flags & DISC_PENDING) {
|
|
CmpltTCB->tcb_flags &= ~DISC_PENDING;
|
|
KeReleaseSpinLock(&CmpltTCB->tcb_lock, OldIrql);
|
|
NotifyOfDisc(CmpltTCB, TDI_GRACEFUL_DISC);
|
|
|
|
KeAcquireSpinLock(&CmpltTCB->tcb_lock, &OldIrql);
|
|
CmpltTCB->tcb_flags &= ~RCV_CMPLTING;
|
|
KeReleaseSpinLock(&CmpltTCB->tcb_lock, OldIrql);
|
|
} else {
|
|
ASSERT(FALSE);
|
|
KeReleaseSpinLock(&CmpltTCB->tcb_lock, OldIrql);
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
//* ProcessTCBDelayQ - Process TCBs on the delayed Q.
|
|
//
|
|
// Called at various times to process TCBs on the delayed Q.
|
|
//
|
|
void // Returns: Nothing.
|
|
ProcessTCBDelayQ(
|
|
void) // Nothing.
|
|
{
|
|
KIRQL OldIrql;
|
|
TCB *DelayTCB;
|
|
|
|
KeAcquireSpinLock(&TCBDelayLock, &OldIrql);
|
|
|
|
//
|
|
// Check for recursion. We do not stop recursion completely, only
|
|
// limit it. This is done to allow multiple threads to process the
|
|
// TCBDelayQ simultaneously.
|
|
//
|
|
TCBDelayRtnCount++;
|
|
if (TCBDelayRtnCount > TCBDelayRtnLimit) {
|
|
TCBDelayRtnCount--;
|
|
KeReleaseSpinLock(&TCBDelayLock, OldIrql);
|
|
return;
|
|
}
|
|
|
|
while (!EMPTYQ(&TCBDelayQ)) {
|
|
|
|
DEQUEUE(&TCBDelayQ, DelayTCB, TCB, tcb_delayq);
|
|
CHECK_STRUCT(DelayTCB, tcb);
|
|
ASSERT(DelayTCB->tcb_refcnt != 0);
|
|
ASSERT(DelayTCB->tcb_flags & IN_DELAY_Q);
|
|
KeReleaseSpinLock(&TCBDelayLock, OldIrql);
|
|
|
|
KeAcquireSpinLock(&DelayTCB->tcb_lock, &OldIrql);
|
|
|
|
while (!CLOSING(DelayTCB) && (DelayTCB->tcb_flags & DELAYED_FLAGS)) {
|
|
|
|
if (DelayTCB->tcb_flags & NEED_RCV_CMPLT) {
|
|
DelayTCB->tcb_flags &= ~NEED_RCV_CMPLT;
|
|
KeReleaseSpinLock(&DelayTCB->tcb_lock, OldIrql);
|
|
CompleteRcvs(DelayTCB);
|
|
KeAcquireSpinLock(&DelayTCB->tcb_lock, &OldIrql);
|
|
}
|
|
|
|
if (DelayTCB->tcb_flags & NEED_OUTPUT) {
|
|
DelayTCB->tcb_flags &= ~NEED_OUTPUT;
|
|
DelayTCB->tcb_refcnt++;
|
|
TCPSend(DelayTCB, OldIrql);
|
|
KeAcquireSpinLock(&DelayTCB->tcb_lock, &OldIrql);
|
|
}
|
|
|
|
if (DelayTCB->tcb_flags & NEED_ACK) {
|
|
DelayTCB->tcb_flags &= ~NEED_ACK;
|
|
KeReleaseSpinLock(&DelayTCB->tcb_lock, OldIrql);
|
|
SendACK(DelayTCB);
|
|
KeAcquireSpinLock(&DelayTCB->tcb_lock, &OldIrql);
|
|
}
|
|
}
|
|
|
|
DelayTCB->tcb_flags &= ~IN_DELAY_Q;
|
|
DerefTCB(DelayTCB, OldIrql);
|
|
KeAcquireSpinLock(&TCBDelayLock, &OldIrql);
|
|
}
|
|
|
|
TCBDelayRtnCount--;
|
|
KeReleaseSpinLock(&TCBDelayLock, OldIrql);
|
|
}
|
|
|
|
|
|
//* DelayAction - Put a TCB on the queue for a delayed action.
|
|
//
|
|
// Called when we want to put a TCB on the DelayQ for a delayed action at
|
|
// receive complete or some other time. The lock on the TCB must be held
|
|
// when this is called.
|
|
//
|
|
void // Returns: Nothing.
|
|
DelayAction(
|
|
TCB *DelayTCB, // TCP which we're going to schedule.
|
|
uint Action) // Action we're scheduling.
|
|
{
|
|
//
|
|
// Schedule the completion.
|
|
//
|
|
KeAcquireSpinLockAtDpcLevel(&TCBDelayLock);
|
|
DelayTCB->tcb_flags |= Action;
|
|
if (!(DelayTCB->tcb_flags & IN_DELAY_Q)) {
|
|
DelayTCB->tcb_flags |= IN_DELAY_Q;
|
|
DelayTCB->tcb_refcnt++; // Reference this for later.
|
|
ENQUEUE(&TCBDelayQ, &DelayTCB->tcb_delayq);
|
|
}
|
|
KeReleaseSpinLockFromDpcLevel(&TCBDelayLock);
|
|
}
|
|
|
|
//* TCPRcvComplete - Handle a receive complete.
|
|
//
|
|
// Called by the lower layers when we're done receiving. We look to see
|
|
// if we have and pending requests to complete. If we do, we complete them.
|
|
// Then we look to see if we have any TCBs pending for output. If we do,
|
|
// we get them going.
|
|
//
|
|
void // Returns: Nothing.
|
|
TCPRcvComplete(
|
|
void) // Nothing.
|
|
{
|
|
KIRQL OldIrql;
|
|
TCPReq *Req;
|
|
|
|
if (RequestCompleteFlags & ANY_REQUEST_COMPLETE) {
|
|
KeAcquireSpinLock(&RequestCompleteLock, &OldIrql);
|
|
if (!(RequestCompleteFlags & IN_RCV_COMPLETE)) {
|
|
RequestCompleteFlags |= IN_RCV_COMPLETE;
|
|
do {
|
|
if (RequestCompleteFlags & CONN_REQUEST_COMPLETE) {
|
|
if (!EMPTYQ(&ConnRequestCompleteQ)) {
|
|
DEQUEUE(&ConnRequestCompleteQ, Req, TCPReq, tr_q);
|
|
CHECK_STRUCT(Req, tr);
|
|
CHECK_STRUCT(*(TCPConnReq **)&Req, tcr);
|
|
|
|
KeReleaseSpinLock(&RequestCompleteLock, OldIrql);
|
|
(*Req->tr_rtn)(Req->tr_context, Req->tr_status, 0);
|
|
FreeConnReq((TCPConnReq *)Req);
|
|
KeAcquireSpinLock(&RequestCompleteLock, &OldIrql);
|
|
|
|
} else
|
|
RequestCompleteFlags &= ~CONN_REQUEST_COMPLETE;
|
|
}
|
|
|
|
if (RequestCompleteFlags & SEND_REQUEST_COMPLETE) {
|
|
if (!EMPTYQ(&SendCompleteQ)) {
|
|
TCPSendReq *SendReq;
|
|
|
|
DEQUEUE(&SendCompleteQ, Req, TCPReq, tr_q);
|
|
CHECK_STRUCT(Req, tr);
|
|
SendReq = (TCPSendReq *)Req;
|
|
CHECK_STRUCT(SendReq, tsr);
|
|
|
|
KeReleaseSpinLock(&RequestCompleteLock, OldIrql);
|
|
(*Req->tr_rtn)(Req->tr_context, Req->tr_status,
|
|
Req->tr_status == TDI_SUCCESS ? SendReq->tsr_size
|
|
: 0);
|
|
FreeSendReq((TCPSendReq *)Req);
|
|
KeAcquireSpinLock(&RequestCompleteLock, &OldIrql);
|
|
|
|
} else
|
|
RequestCompleteFlags &= ~SEND_REQUEST_COMPLETE;
|
|
}
|
|
|
|
} while (RequestCompleteFlags & ANY_REQUEST_COMPLETE);
|
|
|
|
RequestCompleteFlags &= ~IN_RCV_COMPLETE;
|
|
}
|
|
KeReleaseSpinLock(&RequestCompleteLock, OldIrql);
|
|
}
|
|
|
|
ProcessTCBDelayQ();
|
|
}
|
|
|
|
|
|
//* CompleteConnReq - Complete a connection request on a TCB.
|
|
//
|
|
// A utility function to complete a connection request on a TCB. We remove
|
|
// the connreq, and put it on the ConnReqCmpltQ where it will be picked
|
|
// off later during RcvCmplt processing. We assume the TCB lock is held when
|
|
// we're called.
|
|
//
|
|
void // Returns: Nothing.
|
|
CompleteConnReq(
|
|
TCB *CmpltTCB, // TCB from which to complete.
|
|
TDI_STATUS Status) // Status to complete with.
|
|
{
|
|
TCPConnReq *ConnReq;
|
|
|
|
CHECK_STRUCT(CmpltTCB, tcb);
|
|
|
|
ConnReq = CmpltTCB->tcb_connreq;
|
|
if (ConnReq != NULL) {
|
|
//
|
|
// There's a connreq on this TCB. Fill in the connection information
|
|
// before returning it.
|
|
//
|
|
CmpltTCB->tcb_connreq = NULL;
|
|
UpdateConnInfo(ConnReq->tcr_conninfo, &CmpltTCB->tcb_daddr,
|
|
CmpltTCB->tcb_dscope_id, CmpltTCB->tcb_dport);
|
|
if (ConnReq->tcr_addrinfo) {
|
|
UpdateConnInfo(ConnReq->tcr_addrinfo, &CmpltTCB->tcb_saddr,
|
|
CmpltTCB->tcb_sscope_id, CmpltTCB->tcb_sport);
|
|
}
|
|
|
|
ConnReq->tcr_req.tr_status = Status;
|
|
KeAcquireSpinLockAtDpcLevel(&RequestCompleteLock);
|
|
RequestCompleteFlags |= CONN_REQUEST_COMPLETE;
|
|
ENQUEUE(&ConnRequestCompleteQ, &ConnReq->tcr_req.tr_q);
|
|
KeReleaseSpinLockFromDpcLevel(&RequestCompleteLock);
|
|
|
|
} else if (!((CmpltTCB->tcb_state == TCB_SYN_RCVD) &&
|
|
(CmpltTCB->tcb_flags & ACCEPT_PENDING))) {
|
|
//
|
|
// This should not happen except
|
|
// in the case of SynAttackProtect.
|
|
//
|
|
|
|
ASSERT(FALSE);
|
|
}
|
|
|
|
}
|
|
|
|
//* DelayedAcceptConn - Process delayed-connect request.
|
|
//
|
|
// Called by TCPRcv when SynAttackProtection is turned on, when a final
|
|
// ACK arrives in response to our SYN-ACK. Indicate the connect request to
|
|
// ULP and if it is accepted init TCB and move con to appropriate queue on AO.
|
|
// The caller must hold the AddrObjTableLock before calling this routine,
|
|
// and that lock must have been taken at DPC level. This routine will free
|
|
// that lock back to DPC level.
|
|
// Returns TRUE if the request is accepted.
|
|
//
|
|
BOOLEAN
|
|
DelayedAcceptConn(
|
|
AddrObj *ListenAO, // AddrObj for local address.
|
|
IPv6Addr *Src, // Source IP address of SYN.
|
|
ulong SrcScopeId, // Scope id of source address (0 for non-scope addr).
|
|
ushort SrcPort, // Source port of SYN.
|
|
TCB *AcceptTCB) // Pre-accepted TCB
|
|
{
|
|
TCPConn *CurrentConn = NULL;
|
|
Queue *Temp;
|
|
TCPConnReq *ConnReq = NULL;
|
|
BOOLEAN FoundConn = FALSE;
|
|
|
|
CHECK_STRUCT(ListenAO, ao);
|
|
KeAcquireSpinLockAtDpcLevel(&ListenAO->ao_lock);
|
|
KeReleaseSpinLockFromDpcLevel(&AddrObjTableLock);
|
|
|
|
if (AO_VALID(ListenAO)) {
|
|
if (ListenAO->ao_connect != NULL) {
|
|
uchar TAddress[TCP_TA_SIZE];
|
|
PVOID ConnContext;
|
|
PConnectEvent Event;
|
|
PVOID EventContext;
|
|
TDI_STATUS Status;
|
|
PTCP_CONTEXT TcpContext = NULL;
|
|
ConnectEventInfo *EventInfo;
|
|
|
|
// He has a connect handler. Put the transport address together,
|
|
// and call him. We also need to get the necessary resources
|
|
// first.
|
|
|
|
Event = ListenAO->ao_connect;
|
|
EventContext = ListenAO->ao_conncontext;
|
|
REF_AO(ListenAO);
|
|
|
|
KeReleaseSpinLockFromDpcLevel(&ListenAO->ao_lock);
|
|
|
|
ConnReq = GetConnReq();
|
|
|
|
if (AcceptTCB != NULL && ConnReq != NULL) {
|
|
BuildTDIAddress(TAddress, Src, SrcScopeId, SrcPort);
|
|
|
|
IF_TCPDBG(TCP_DEBUG_CONNECT) {
|
|
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
|
|
"indicating connect request\n"));
|
|
}
|
|
|
|
Status = (*Event) (EventContext, TCP_TA_SIZE,
|
|
(PTRANSPORT_ADDRESS) TAddress, 0, NULL,
|
|
0, NULL,
|
|
&ConnContext, &EventInfo);
|
|
|
|
if (Status == TDI_MORE_PROCESSING) {
|
|
PIO_STACK_LOCATION IrpSp;
|
|
PTDI_REQUEST_KERNEL_ACCEPT AcceptRequest;
|
|
|
|
IrpSp = IoGetCurrentIrpStackLocation(EventInfo);
|
|
|
|
Status = TCPPrepareIrpForCancel(
|
|
(PTCP_CONTEXT) IrpSp->FileObject->FsContext,
|
|
EventInfo,
|
|
TCPCancelRequest
|
|
);
|
|
|
|
if (!NT_SUCCESS(Status)) {
|
|
Status = TDI_NOT_ACCEPTED;
|
|
EventInfo = NULL;
|
|
goto AcceptIrpCancelled;
|
|
}
|
|
|
|
//
|
|
// He accepted it. Find the connection on the AddrObj.
|
|
//
|
|
|
|
|
|
IF_TCPDBG(TCP_DEBUG_CONNECT) {
|
|
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
|
|
"connect indication accepted, queueing request\n"
|
|
));
|
|
}
|
|
|
|
AcceptRequest = (PTDI_REQUEST_KERNEL_ACCEPT)
|
|
& (IrpSp->Parameters);
|
|
ConnReq->tcr_conninfo =
|
|
AcceptRequest->ReturnConnectionInformation;
|
|
if (AcceptRequest->RequestConnectionInformation &&
|
|
AcceptRequest->RequestConnectionInformation->
|
|
RemoteAddress) {
|
|
ConnReq->tcr_addrinfo =
|
|
AcceptRequest->RequestConnectionInformation;
|
|
} else {
|
|
ConnReq->tcr_addrinfo = NULL;
|
|
}
|
|
|
|
ConnReq->tcr_req.tr_rtn = TCPRequestComplete;
|
|
ConnReq->tcr_req.tr_context = EventInfo;
|
|
AcceptTCB->tcb_connreq = ConnReq;
|
|
SearchAO:
|
|
|
|
KeAcquireSpinLockAtDpcLevel(&ListenAO->ao_lock);
|
|
|
|
Temp = QHEAD(&ListenAO->ao_idleq);;
|
|
|
|
Status = TDI_INVALID_CONNECTION;
|
|
|
|
while (Temp != QEND(&ListenAO->ao_idleq)) {
|
|
|
|
CurrentConn = QSTRUCT(TCPConn, Temp, tc_q);
|
|
CHECK_STRUCT(CurrentConn, tc);
|
|
if ((CurrentConn->tc_context == ConnContext) &&
|
|
!(CurrentConn->tc_flags & CONN_INVALID)) {
|
|
|
|
|
|
//
|
|
// We need to lock its TCPConnBlock, with care.
|
|
// We'll ref the TCPConn so it can't go away,
|
|
// then unlock the AO (which is already ref'd),
|
|
// then relock. Note that tc_refcnt is updated
|
|
// under ao_lock for any associated TCPConn.
|
|
// If things have changed, go back and try again.
|
|
//
|
|
++CurrentConn->tc_refcnt;
|
|
KeReleaseSpinLockFromDpcLevel(&ListenAO->ao_lock);
|
|
|
|
KeAcquireSpinLockAtDpcLevel(
|
|
&CurrentConn->tc_ConnBlock->cb_lock);
|
|
|
|
//
|
|
// Now that we've got the lock, we need to consider
|
|
// the following possibilities:
|
|
//
|
|
// * a disassociate was initiated
|
|
// * a close was initiated
|
|
// * accept completed
|
|
// * listen completed
|
|
// * connect completed
|
|
//
|
|
// The first two require that we clean up,
|
|
// by calling the tc_donertn. For the last three,
|
|
// we have nothing to do, but tc_donertn points at
|
|
// DummyDone, so go ahead and call it anyway;
|
|
// it'll release the TCPConnBlock lock for us.
|
|
//
|
|
if (--CurrentConn->tc_refcnt == 0 &&
|
|
((CurrentConn->tc_flags & CONN_INVALID) ||
|
|
(CurrentConn->tc_tcb != NULL))) {
|
|
ConnDoneRtn DoneRtn = CurrentConn->tc_donertn;
|
|
DoneRtn(CurrentConn, DISPATCH_LEVEL);
|
|
goto SearchAO;
|
|
}
|
|
|
|
KeAcquireSpinLockAtDpcLevel(&ListenAO->ao_lock);
|
|
|
|
|
|
// We think we have a match. The connection
|
|
// shouldn't have a TCB associated with it. If it
|
|
// does, it's an error. InitTCBFromConn will
|
|
// handle all this.
|
|
|
|
Status = InitTCBFromConn(CurrentConn,
|
|
AcceptTCB,
|
|
AcceptRequest->RequestConnectionInformation,
|
|
TRUE);
|
|
|
|
if (Status == TDI_SUCCESS) {
|
|
FoundConn = TRUE;
|
|
|
|
KeAcquireSpinLockAtDpcLevel(&AcceptTCB->tcb_lock);
|
|
AcceptTCB->tcb_conn = CurrentConn;
|
|
CurrentConn->tc_tcb = AcceptTCB;
|
|
KeReleaseSpinLockFromDpcLevel(&AcceptTCB->tcb_lock);
|
|
CurrentConn->tc_refcnt++;
|
|
|
|
|
|
// Move him from the idle q to the active
|
|
// queue.
|
|
|
|
REMOVEQ(&CurrentConn->tc_q);
|
|
ENQUEUE(&ListenAO->ao_activeq,
|
|
&CurrentConn->tc_q);
|
|
} else
|
|
KeReleaseSpinLockFromDpcLevel(
|
|
&CurrentConn->tc_ConnBlock->cb_lock);
|
|
|
|
|
|
// In any case, we're done now.
|
|
break;
|
|
|
|
}
|
|
|
|
Temp = QNEXT(Temp);
|
|
}
|
|
|
|
if (!FoundConn) {
|
|
CompleteConnReq(AcceptTCB, Status);
|
|
}
|
|
|
|
LOCKED_DELAY_DEREF_AO(ListenAO);
|
|
KeReleaseSpinLockFromDpcLevel(&ListenAO->ao_lock);
|
|
if (FoundConn) {
|
|
KeReleaseSpinLockFromDpcLevel(
|
|
&CurrentConn->tc_ConnBlock->cb_lock);
|
|
}
|
|
|
|
return FoundConn;
|
|
}
|
|
|
|
//
|
|
// The event handler didn't take it. Dereference it, free
|
|
// the resources, and return NULL.
|
|
//
|
|
}
|
|
|
|
AcceptIrpCancelled:
|
|
//
|
|
// We couldn't get a valid tcb or getconnreq
|
|
//
|
|
|
|
if (ConnReq) {
|
|
FreeConnReq(ConnReq);
|
|
}
|
|
DELAY_DEREF_AO(ListenAO);
|
|
return FALSE;
|
|
|
|
} // ao_connect != null
|
|
|
|
} // AO not valid
|
|
|
|
KeReleaseSpinLockFromDpcLevel(&ListenAO->ao_lock);
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//* FindListenConn - Find (or fabricate) a listening connection.
|
|
//
|
|
// Called by our Receive handler to decide what to do about an incoming
|
|
// SYN. We walk down the list of connections associated with the destination
|
|
// address, and if we find any in the listening state that can be used for
|
|
// the incoming request we'll take them, possibly returning a listen in the
|
|
// process. If we don't find any appropriate listening connections, we'll
|
|
// call the Connect Event handler if one is registered. If all else fails,
|
|
// we'll return NULL and the SYN will be RST.
|
|
//
|
|
// The caller must hold the AddrObjTableLock before calling this routine,
|
|
// and that lock must have been taken at DPC level. This routine will free
|
|
// that lock back to DPC level.
|
|
//
|
|
TCB * // Returns: Pointer to found TCB, or NULL if we can't find one.
|
|
FindListenConn(
|
|
AddrObj *ListenAO, // AddrObj for local address.
|
|
IPv6Addr *Src, // Source IP address of SYN.
|
|
ulong SrcScopeId, // Scope id of source address (0 for non-scope addr).
|
|
ushort SrcPort) // Source port of SYN.
|
|
{
|
|
TCB *CurrentTCB = NULL;
|
|
TCPConn *CurrentConn = NULL;
|
|
TCPConnReq *ConnReq = NULL;
|
|
Queue *Temp;
|
|
uint FoundConn = FALSE;
|
|
|
|
CHECK_STRUCT(ListenAO, ao);
|
|
|
|
KeAcquireSpinLockAtDpcLevel(&ListenAO->ao_lock);
|
|
|
|
KeReleaseSpinLockFromDpcLevel(&AddrObjTableLock);
|
|
|
|
//
|
|
// We have the lock on the AddrObj. Walk down its list, looking
|
|
// for connections in the listening state.
|
|
//
|
|
if (AO_VALID(ListenAO)) {
|
|
if (ListenAO->ao_listencnt != 0) {
|
|
|
|
Temp = QHEAD(&ListenAO->ao_listenq);
|
|
while (Temp != QEND(&ListenAO->ao_listenq)) {
|
|
|
|
CurrentConn = QSTRUCT(TCPConn, Temp, tc_q);
|
|
CHECK_STRUCT(CurrentConn, tc);
|
|
|
|
KeReleaseSpinLockFromDpcLevel(&ListenAO->ao_lock);
|
|
KeAcquireSpinLockAtDpcLevel(&CurrentConn->tc_ConnBlock->cb_lock);
|
|
KeAcquireSpinLockAtDpcLevel(&ListenAO->ao_lock);
|
|
|
|
//
|
|
// If this TCB is in the listening state, with no delete
|
|
// pending, it's a candidate. Look at the pending listen
|
|
// information to see if we should take it.
|
|
//
|
|
if ((CurrentTCB = CurrentConn->tc_tcb) != NULL &&
|
|
CurrentTCB->tcb_state == TCB_LISTEN) {
|
|
|
|
CHECK_STRUCT(CurrentTCB, tcb);
|
|
|
|
KeAcquireSpinLockAtDpcLevel(&CurrentTCB->tcb_lock);
|
|
|
|
if (CurrentTCB->tcb_state == TCB_LISTEN &&
|
|
!PENDING_ACTION(CurrentTCB)) {
|
|
|
|
//
|
|
// Need to see if we can take it.
|
|
// See if the addresses specifed in the ConnReq match.
|
|
//
|
|
if ((IsUnspecified(&CurrentTCB->tcb_daddr) ||
|
|
(IP6_ADDR_EQUAL(&CurrentTCB->tcb_daddr, Src) &&
|
|
(CurrentTCB->tcb_dscope_id == SrcScopeId))) &&
|
|
(CurrentTCB->tcb_dport == 0 ||
|
|
CurrentTCB->tcb_dport == SrcPort)) {
|
|
FoundConn = TRUE;
|
|
break;
|
|
}
|
|
|
|
//
|
|
// Otherwise, this didn't match, so we'll check the
|
|
// next one.
|
|
//
|
|
}
|
|
KeReleaseSpinLockFromDpcLevel(&CurrentTCB->tcb_lock);
|
|
}
|
|
KeReleaseSpinLockFromDpcLevel(&CurrentConn->tc_ConnBlock->cb_lock);
|
|
|
|
Temp = QNEXT(Temp);;
|
|
}
|
|
|
|
//
|
|
// See why we've exited the loop.
|
|
//
|
|
if (FoundConn) {
|
|
CHECK_STRUCT(CurrentTCB, tcb);
|
|
|
|
//
|
|
// We exited because we found a TCB. If it's pre-accepted,
|
|
// we're done.
|
|
//
|
|
CurrentTCB->tcb_refcnt++;
|
|
|
|
ASSERT(CurrentTCB->tcb_connreq != NULL);
|
|
|
|
ConnReq = CurrentTCB->tcb_connreq;
|
|
//
|
|
// If QUERY_ACCEPT isn't set, turn on the CONN_ACCEPTED bit.
|
|
//
|
|
if (!(ConnReq->tcr_flags & TDI_QUERY_ACCEPT))
|
|
CurrentTCB->tcb_flags |= CONN_ACCEPTED;
|
|
|
|
CurrentTCB->tcb_state = TCB_SYN_RCVD;
|
|
|
|
CurrentTCB->tcb_hops = ListenAO->ao_ucast_hops;
|
|
|
|
ListenAO->ao_listencnt--;
|
|
|
|
//
|
|
// Since he's no longer listening, remove him from the listen
|
|
// queue and put him on the active queue.
|
|
//
|
|
REMOVEQ(&CurrentConn->tc_q);
|
|
ENQUEUE(&ListenAO->ao_activeq, &CurrentConn->tc_q);
|
|
|
|
KeReleaseSpinLockFromDpcLevel(&CurrentTCB->tcb_lock);
|
|
KeReleaseSpinLockFromDpcLevel(&ListenAO->ao_lock);
|
|
KeReleaseSpinLockFromDpcLevel(&CurrentConn->tc_ConnBlock->cb_lock);
|
|
return CurrentTCB;
|
|
}
|
|
}
|
|
|
|
|
|
//
|
|
// We didn't find a matching TCB.
|
|
//
|
|
|
|
ASSERT(FoundConn == FALSE);
|
|
|
|
if (SynAttackProtect) {
|
|
TCB *AcceptTCB = NULL;
|
|
//
|
|
// No need to hold ao_lock any more.
|
|
//
|
|
|
|
KeReleaseSpinLockFromDpcLevel(&ListenAO->ao_lock);
|
|
|
|
//
|
|
// SynAttack protection is on. Just initialize
|
|
// this TCB and send SYN-ACK. When final
|
|
// ACK is seen we will indicate about this
|
|
// connection arrival to upper layer.
|
|
//
|
|
|
|
AcceptTCB = AllocTCB();
|
|
|
|
if (AcceptTCB) {
|
|
|
|
AcceptTCB->tcb_state = TCB_SYN_RCVD;
|
|
AcceptTCB->tcb_connreq = NULL;
|
|
AcceptTCB->tcb_flags |= CONN_ACCEPTED;
|
|
AcceptTCB->tcb_flags |= ACCEPT_PENDING;
|
|
AcceptTCB->tcb_refcnt = 1;
|
|
AcceptTCB->tcb_defaultwin = DEFAULT_RCV_WIN;
|
|
AcceptTCB->tcb_rcvwin = DEFAULT_RCV_WIN;
|
|
|
|
IF_TCPDBG(TCP_DEBUG_CONNECT) {
|
|
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
|
|
"Allocated SP TCB %x\n", (PCHAR)AcceptTCB));
|
|
}
|
|
|
|
}
|
|
|
|
|
|
return AcceptTCB;
|
|
|
|
}
|
|
//
|
|
// If there's a connect indication
|
|
// handler, call it now to find a connection to accept on.
|
|
//
|
|
|
|
|
|
if (ListenAO->ao_connect != NULL) {
|
|
uchar TAddress[TCP_TA_SIZE];
|
|
PVOID ConnContext;
|
|
PConnectEvent Event;
|
|
PVOID EventContext;
|
|
TDI_STATUS Status;
|
|
TCB *AcceptTCB;
|
|
ConnectEventInfo *EventInfo;
|
|
|
|
//
|
|
// He has a connect handler. Put the transport address together,
|
|
// and call him. We also need to get the necessary resources
|
|
// first.
|
|
//
|
|
|
|
Event = ListenAO->ao_connect;
|
|
EventContext = ListenAO->ao_conncontext;
|
|
REF_AO(ListenAO);
|
|
KeReleaseSpinLockFromDpcLevel(&ListenAO->ao_lock);
|
|
|
|
AcceptTCB = AllocTCB();
|
|
ConnReq = GetConnReq();
|
|
|
|
if (AcceptTCB != NULL && ConnReq != NULL) {
|
|
BuildTDIAddress(TAddress, Src, SrcScopeId, SrcPort);
|
|
|
|
AcceptTCB->tcb_state = TCB_LISTEN;
|
|
AcceptTCB->tcb_connreq = ConnReq;
|
|
AcceptTCB->tcb_flags |= CONN_ACCEPTED;
|
|
|
|
IF_TCPDBG(TCP_DEBUG_CONNECT) {
|
|
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
|
|
"indicating connect request\n"));
|
|
}
|
|
|
|
Status = (*Event)(EventContext, TCP_TA_SIZE,
|
|
(PTRANSPORT_ADDRESS)TAddress, 0, NULL,
|
|
0, NULL,
|
|
&ConnContext, &EventInfo);
|
|
|
|
if (Status == TDI_MORE_PROCESSING) {
|
|
PIO_STACK_LOCATION IrpSp;
|
|
PTDI_REQUEST_KERNEL_ACCEPT AcceptRequest;
|
|
|
|
IrpSp = IoGetCurrentIrpStackLocation(EventInfo);
|
|
|
|
Status = TCPPrepareIrpForCancel(
|
|
(PTCP_CONTEXT) IrpSp->FileObject->FsContext,
|
|
EventInfo, TCPCancelRequest);
|
|
|
|
if (!NT_SUCCESS(Status)) {
|
|
Status = TDI_NOT_ACCEPTED;
|
|
EventInfo = NULL;
|
|
goto AcceptIrpCancelled;
|
|
}
|
|
|
|
//
|
|
// He accepted it. Find the connection on the AddrObj.
|
|
//
|
|
{
|
|
IF_TCPDBG(TCP_DEBUG_CONNECT) {
|
|
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
|
|
"connect indication accepted,"
|
|
" queueing request\n"));
|
|
}
|
|
|
|
AcceptRequest = (PTDI_REQUEST_KERNEL_ACCEPT)
|
|
&(IrpSp->Parameters);
|
|
ConnReq->tcr_conninfo =
|
|
AcceptRequest->ReturnConnectionInformation;
|
|
if (AcceptRequest->RequestConnectionInformation &&
|
|
AcceptRequest->RequestConnectionInformation->
|
|
RemoteAddress) {
|
|
ConnReq->tcr_addrinfo =
|
|
AcceptRequest->RequestConnectionInformation;
|
|
} else {
|
|
ConnReq->tcr_addrinfo = NULL;
|
|
}
|
|
ConnReq->tcr_req.tr_rtn = TCPRequestComplete;
|
|
ConnReq->tcr_req.tr_context = EventInfo;
|
|
}
|
|
SearchAO:
|
|
KeAcquireSpinLockAtDpcLevel(&ListenAO->ao_lock);
|
|
Temp = QHEAD(&ListenAO->ao_idleq);
|
|
CurrentTCB = NULL;
|
|
Status = TDI_INVALID_CONNECTION;
|
|
|
|
while (Temp != QEND(&ListenAO->ao_idleq)) {
|
|
|
|
CurrentConn = QSTRUCT(TCPConn, Temp, tc_q);
|
|
|
|
CHECK_STRUCT(CurrentConn, tc);
|
|
if ((CurrentConn->tc_context == ConnContext) &&
|
|
!(CurrentConn->tc_flags & CONN_INVALID)) {
|
|
|
|
//
|
|
// We need to lock its TCPConnBlock, with care.
|
|
// We'll ref the TCPConn so it can't go away,
|
|
// then unlock the AO (which is already ref'd),
|
|
// then relock. Note that tc_refcnt is updated
|
|
// under ao_lock for any associated TCPConn.
|
|
// If things have changed, go back and try again.
|
|
//
|
|
++CurrentConn->tc_refcnt;
|
|
KeReleaseSpinLockFromDpcLevel(&ListenAO->ao_lock);
|
|
|
|
KeAcquireSpinLockAtDpcLevel(
|
|
&CurrentConn->tc_ConnBlock->cb_lock);
|
|
|
|
//
|
|
// Now that we've got the lock, we need to consider
|
|
// the following possibilities:
|
|
//
|
|
// * a disassociate was initiated
|
|
// * a close was initiated
|
|
// * accept completed
|
|
// * listen completed
|
|
// * connect completed
|
|
//
|
|
// The first two require that we clean up,
|
|
// by calling the tc_donertn. For the last three,
|
|
// we have nothing to do, but tc_donertn points at
|
|
// DummyDone, so go ahead and call it anyway;
|
|
// it'll release the TCPConnBlock lock for us.
|
|
//
|
|
if (--CurrentConn->tc_refcnt == 0 &&
|
|
((CurrentConn->tc_flags & CONN_INVALID) ||
|
|
(CurrentConn->tc_tcb != NULL))) {
|
|
ConnDoneRtn DoneRtn = CurrentConn->tc_donertn;
|
|
DoneRtn(CurrentConn, DISPATCH_LEVEL);
|
|
goto SearchAO;
|
|
}
|
|
|
|
KeAcquireSpinLockAtDpcLevel(&ListenAO->ao_lock);
|
|
|
|
//
|
|
// We think we have a match. The connection
|
|
// shouldn't have a TCB associated with it. If it
|
|
// does, it's an error. InitTCBFromConn will
|
|
// handle all this.
|
|
//
|
|
AcceptTCB->tcb_refcnt = 1;
|
|
Status = InitTCBFromConn(CurrentConn, AcceptTCB,
|
|
AcceptRequest->RequestConnectionInformation,
|
|
TRUE);
|
|
if (Status == TDI_SUCCESS) {
|
|
FoundConn = TRUE;
|
|
AcceptTCB->tcb_state = TCB_SYN_RCVD;
|
|
AcceptTCB->tcb_conn = CurrentConn;
|
|
AcceptTCB->tcb_connid = CurrentConn->tc_connid;
|
|
CurrentConn->tc_tcb = AcceptTCB;
|
|
CurrentConn->tc_refcnt++;
|
|
|
|
//
|
|
// Move him from the idle queue to the
|
|
// active queue.
|
|
//
|
|
REMOVEQ(&CurrentConn->tc_q);
|
|
ENQUEUE(&ListenAO->ao_activeq,
|
|
&CurrentConn->tc_q);
|
|
} else
|
|
KeReleaseSpinLockFromDpcLevel(
|
|
&CurrentConn->tc_ConnBlock->cb_lock);
|
|
|
|
// In any case, we're done now.
|
|
break;
|
|
}
|
|
Temp = QNEXT(Temp);
|
|
}
|
|
|
|
if (!FoundConn) {
|
|
//
|
|
// Didn't find a match, or had an error.
|
|
// Status code is set.
|
|
// Complete the ConnReq and free the resources.
|
|
//
|
|
CompleteConnReq(AcceptTCB, Status);
|
|
FreeTCB(AcceptTCB);
|
|
AcceptTCB = NULL;
|
|
}
|
|
|
|
LOCKED_DELAY_DEREF_AO(ListenAO);
|
|
KeReleaseSpinLockFromDpcLevel(&ListenAO->ao_lock);
|
|
if (FoundConn) {
|
|
KeReleaseSpinLockFromDpcLevel(
|
|
&CurrentConn->tc_ConnBlock->cb_lock);
|
|
}
|
|
|
|
return AcceptTCB;
|
|
}
|
|
}
|
|
AcceptIrpCancelled:
|
|
//
|
|
// We couldn't get a needed resource or event handler
|
|
// did not take this. Free any that we
|
|
// did get, and fall through to the 'return NULL' code.
|
|
//
|
|
if (ConnReq != NULL)
|
|
FreeConnReq(ConnReq);
|
|
if (AcceptTCB != NULL)
|
|
FreeTCB(AcceptTCB);
|
|
DELAY_DEREF_AO(ListenAO);
|
|
|
|
} else {
|
|
//
|
|
// No event handler, or no resource.
|
|
// Free the locks, and return NULL.
|
|
//
|
|
KeReleaseSpinLockFromDpcLevel(&ListenAO->ao_lock);
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
//
|
|
// If we get here, the address object wasn't valid.
|
|
//
|
|
KeReleaseSpinLockFromDpcLevel(&ListenAO->ao_lock);
|
|
return NULL;
|
|
}
|
|
|
|
|
|
//* FindMSS - Find the MSS option in a segment.
|
|
//
|
|
// Called when a SYN is received to find the MSS option in a segment.
|
|
// If we don't find one, we assume the worst and return one based on
|
|
// the minimum MTU.
|
|
//
|
|
ushort // Returns: MSS to be used.
|
|
FindMSS(
|
|
TCPHeader UNALIGNED *TCP) // TCP header to be searched.
|
|
{
|
|
uint OptSize;
|
|
uchar *OptPtr;
|
|
|
|
OptSize = TCP_HDR_SIZE(TCP) - sizeof(TCPHeader);
|
|
OptPtr = (uchar *)(TCP + 1);
|
|
|
|
while (OptSize) {
|
|
|
|
if (*OptPtr == TCP_OPT_EOL)
|
|
break;
|
|
|
|
if (*OptPtr == TCP_OPT_NOP) {
|
|
OptPtr++;
|
|
OptSize--;
|
|
continue;
|
|
}
|
|
|
|
if (*OptPtr == TCP_OPT_MSS) {
|
|
if (OptPtr[1] == MSS_OPT_SIZE) {
|
|
ushort TempMss = *(ushort UNALIGNED *)(OptPtr + 2);
|
|
if (TempMss != 0)
|
|
return net_short(TempMss);
|
|
else
|
|
break; // MSS size of 0, use default.
|
|
} else
|
|
break; // Bad option size, use default.
|
|
} else {
|
|
//
|
|
// Unknown option. Skip over it.
|
|
//
|
|
if (OptPtr[1] == 0 || OptPtr[1] > OptSize)
|
|
break; // Bad option length, bail out.
|
|
|
|
OptSize -= OptPtr[1];
|
|
OptPtr += OptPtr[1];
|
|
}
|
|
}
|
|
|
|
return DEFAULT_MSS;
|
|
}
|
|
|
|
|
|
//* ACKAndDrop - Acknowledge a segment, and drop it.
|
|
//
|
|
// Called from within the receive code when we need to drop a segment that's
|
|
// outside the receive window.
|
|
//
|
|
void // Returns: Nothing.
|
|
ACKAndDrop(
|
|
TCPRcvInfo *RI, // Receive info for incoming segment.
|
|
TCB *RcvTCB) // TCB for incoming segment.
|
|
{
|
|
|
|
if (!(RI->tri_flags & TCP_FLAG_RST)) {
|
|
|
|
if (RcvTCB->tcb_state == TCB_TIME_WAIT) {
|
|
//
|
|
// In TIME_WAIT, we only ACK duplicates/retransmissions
|
|
// of our peer's FIN segment.
|
|
//
|
|
// REVIEW: We're currently fairly loose on the sequence
|
|
// number check here.
|
|
//
|
|
if ((RI->tri_flags & TCP_FLAG_FIN) &&
|
|
SEQ_LTE(RI->tri_seq, RcvTCB->tcb_rcvnext)) {
|
|
// Restart 2MSL timer and proceed with sending the ACK.
|
|
START_TCB_TIMER(RcvTCB->tcb_rexmittimer, MAX_REXMIT_TO);
|
|
} else {
|
|
// Drop this segment without an ACK.
|
|
DerefTCB(RcvTCB, DISPATCH_LEVEL);
|
|
return;
|
|
}
|
|
}
|
|
|
|
KeReleaseSpinLockFromDpcLevel(&RcvTCB->tcb_lock);
|
|
|
|
SendACK(RcvTCB);
|
|
|
|
KeAcquireSpinLockAtDpcLevel(&RcvTCB->tcb_lock);
|
|
}
|
|
DerefTCB(RcvTCB, DISPATCH_LEVEL);
|
|
}
|
|
|
|
|
|
//* ACKData - Acknowledge data.
|
|
//
|
|
// Called from the receive handler to acknowledge data. We're given the
|
|
// TCB and the new value of senduna. We walk down the send queue pulling
|
|
// off sends and putting them on the complete queue until we hit the end
|
|
// or we acknowledge the specified number of bytes of data.
|
|
//
|
|
// NOTE: We manipulate the send refcnt and acked flag without taking a lock.
|
|
// This is OK in the VxD version where locks don't mean anything anyway, but
|
|
// in the port to NT we'll need to add locking. The lock will have to be
|
|
// taken in the transmit complete routine. We can't use a lock in the TCB,
|
|
// since the TCB could go away before the transmit complete happens, and a
|
|
// lock in the TSR would be overkill, so it's probably best to use a global
|
|
// lock for this. If that causes too much contention, we could use a set of
|
|
// locks and pass a pointer to the appropriate lock back as part of the
|
|
// transmit confirm context. This lock pointer would also need to be stored
|
|
// in the TCB.
|
|
//
|
|
void // Returns: Nothing.
|
|
ACKData(
|
|
TCB *ACKTcb, // TCB from which to pull data.
|
|
SeqNum SendUNA) // New value of send una.
|
|
{
|
|
Queue *End, *Current; // End and current elements.
|
|
Queue *TempQ, *EndQ;
|
|
Queue *LastCmplt; // Last one we completed.
|
|
TCPSendReq *CurrentTSR; // Current send req we're looking at.
|
|
PNDIS_BUFFER CurrentBuffer; // Current NDIS_BUFFER.
|
|
uint Updated = FALSE;
|
|
uint BufLength;
|
|
int Amount, OrigAmount;
|
|
long Result;
|
|
KIRQL OldIrql;
|
|
uint Temp;
|
|
|
|
CHECK_STRUCT(ACKTcb, tcb);
|
|
|
|
CheckTCBSends(ACKTcb);
|
|
|
|
Amount = SendUNA - ACKTcb->tcb_senduna;
|
|
ASSERT(Amount > 0);
|
|
|
|
//
|
|
// Since this is an acknowledgement of receipt by our peer for previously
|
|
// unacknowledged data, it implies forward reachablility.
|
|
//
|
|
if (ACKTcb->tcb_rce != NULL)
|
|
ConfirmForwardReachability(ACKTcb->tcb_rce);
|
|
|
|
//
|
|
// Do a quick check to see if this acks everything that we have. If it
|
|
// does, handle it right away. We can only do this in the ESTABLISHED
|
|
// state, because we blindly update sendnext, and that can only work if we
|
|
// haven't sent a FIN.
|
|
//
|
|
if ((Amount == (int) ACKTcb->tcb_unacked) &&
|
|
ACKTcb->tcb_state == TCB_ESTAB) {
|
|
|
|
//
|
|
// Everything is acked.
|
|
//
|
|
ASSERT(!EMPTYQ(&ACKTcb->tcb_sendq));
|
|
|
|
TempQ = ACKTcb->tcb_sendq.q_next;
|
|
|
|
INITQ(&ACKTcb->tcb_sendq);
|
|
|
|
ACKTcb->tcb_sendnext = SendUNA;
|
|
ACKTcb->tcb_senduna = SendUNA;
|
|
|
|
ASSERT(ACKTcb->tcb_sendnext == ACKTcb->tcb_sendmax);
|
|
ACKTcb->tcb_cursend = NULL;
|
|
ACKTcb->tcb_sendbuf = NULL;
|
|
ACKTcb->tcb_sendofs = 0;
|
|
ACKTcb->tcb_sendsize = 0;
|
|
ACKTcb->tcb_unacked = 0;
|
|
|
|
//
|
|
// Now walk down the list of send requests. If the reference count
|
|
// has gone to 0, put it on the send complete queue.
|
|
//
|
|
KeAcquireSpinLock(&RequestCompleteLock, &OldIrql);
|
|
EndQ = &ACKTcb->tcb_sendq;
|
|
do {
|
|
CurrentTSR = CONTAINING_RECORD(QSTRUCT(TCPReq, TempQ, tr_q),
|
|
TCPSendReq, tsr_req);
|
|
|
|
CHECK_STRUCT(CurrentTSR, tsr);
|
|
|
|
TempQ = CurrentTSR->tsr_req.tr_q.q_next;
|
|
|
|
CurrentTSR->tsr_req.tr_status = TDI_SUCCESS;
|
|
Result = InterlockedDecrement(&CurrentTSR->tsr_refcnt);
|
|
|
|
ASSERT(Result >= 0);
|
|
|
|
if (Result <= 0) {
|
|
// No more references are outstanding, the send can be
|
|
// completed.
|
|
|
|
// If we've sent directly from this send, NULL out the next
|
|
// pointer for the last buffer in the chain.
|
|
if (CurrentTSR->tsr_lastbuf != NULL) {
|
|
NDIS_BUFFER_LINKAGE(CurrentTSR->tsr_lastbuf) = NULL;
|
|
CurrentTSR->tsr_lastbuf = NULL;
|
|
}
|
|
ACKTcb->tcb_totaltime += (TCPTime - CurrentTSR->tsr_time);
|
|
Temp = ACKTcb->tcb_bcountlow;
|
|
ACKTcb->tcb_bcountlow += CurrentTSR->tsr_size;
|
|
ACKTcb->tcb_bcounthi += (Temp > ACKTcb->tcb_bcountlow ? 1 : 0);
|
|
|
|
ENQUEUE(&SendCompleteQ, &CurrentTSR->tsr_req.tr_q);
|
|
}
|
|
|
|
} while (TempQ != EndQ);
|
|
|
|
RequestCompleteFlags |= SEND_REQUEST_COMPLETE;
|
|
KeReleaseSpinLock(&RequestCompleteLock, OldIrql);
|
|
|
|
CheckTCBSends(ACKTcb);
|
|
return;
|
|
}
|
|
|
|
OrigAmount = Amount;
|
|
End = QEND(&ACKTcb->tcb_sendq);
|
|
Current = QHEAD(&ACKTcb->tcb_sendq);
|
|
|
|
LastCmplt = NULL;
|
|
|
|
while (Amount > 0 && Current != End) {
|
|
CurrentTSR = CONTAINING_RECORD(QSTRUCT(TCPReq, Current, tr_q),
|
|
TCPSendReq, tsr_req);
|
|
CHECK_STRUCT(CurrentTSR, tsr);
|
|
|
|
if (Amount >= (int) CurrentTSR->tsr_unasize) {
|
|
// This is completely acked. Just advance to the next one.
|
|
Amount -= CurrentTSR->tsr_unasize;
|
|
|
|
LastCmplt = Current;
|
|
|
|
Current = QNEXT(Current);
|
|
continue;
|
|
}
|
|
|
|
//
|
|
// This one is only partially acked. Update his offset and NDIS buffer
|
|
// pointer, and break out. We know that Amount is < the unacked size
|
|
// in this buffer, we we can walk the NDIS buffer chain without fear
|
|
// of falling off the end.
|
|
//
|
|
CurrentBuffer = CurrentTSR->tsr_buffer;
|
|
ASSERT(CurrentBuffer != NULL);
|
|
ASSERT(Amount < (int) CurrentTSR->tsr_unasize);
|
|
CurrentTSR->tsr_unasize -= Amount;
|
|
|
|
BufLength = NdisBufferLength(CurrentBuffer) - CurrentTSR->tsr_offset;
|
|
|
|
if (Amount >= (int) BufLength) {
|
|
do {
|
|
Amount -= BufLength;
|
|
CurrentBuffer = NDIS_BUFFER_LINKAGE(CurrentBuffer);
|
|
ASSERT(CurrentBuffer != NULL);
|
|
BufLength = NdisBufferLength(CurrentBuffer);
|
|
} while (Amount >= (int) BufLength);
|
|
|
|
CurrentTSR->tsr_offset = Amount;
|
|
CurrentTSR->tsr_buffer = CurrentBuffer;
|
|
|
|
} else
|
|
CurrentTSR->tsr_offset += Amount;
|
|
|
|
Amount = 0;
|
|
|
|
break;
|
|
}
|
|
|
|
#if DBG
|
|
//
|
|
// We should always be able to remove at least Amount bytes, except in
|
|
// the case where a FIN has been sent. In that case we should be off
|
|
// by exactly one. In the debug builds we'll check this.
|
|
//
|
|
if (Amount != 0 && (!(ACKTcb->tcb_flags & FIN_SENT) || Amount != 1))
|
|
DbgBreakPoint();
|
|
#endif
|
|
|
|
if (SEQ_GT(SendUNA, ACKTcb->tcb_sendnext)) {
|
|
|
|
if (Current != End) {
|
|
//
|
|
// Need to reevaluate CurrentTSR, in case we bailed out of the
|
|
// above loop after updating Current but before updating
|
|
// CurrentTSR.
|
|
//
|
|
CurrentTSR = CONTAINING_RECORD(QSTRUCT(TCPReq, Current, tr_q),
|
|
TCPSendReq, tsr_req);
|
|
CHECK_STRUCT(CurrentTSR, tsr);
|
|
ACKTcb->tcb_cursend = CurrentTSR;
|
|
ACKTcb->tcb_sendbuf = CurrentTSR->tsr_buffer;
|
|
ACKTcb->tcb_sendofs = CurrentTSR->tsr_offset;
|
|
ACKTcb->tcb_sendsize = CurrentTSR->tsr_unasize;
|
|
} else {
|
|
ACKTcb->tcb_cursend = NULL;
|
|
ACKTcb->tcb_sendbuf = NULL;
|
|
ACKTcb->tcb_sendofs = 0;
|
|
ACKTcb->tcb_sendsize = 0;
|
|
}
|
|
|
|
ACKTcb->tcb_sendnext = SendUNA;
|
|
}
|
|
|
|
//
|
|
// Now update tcb_unacked with the amount we tried to ack minus the
|
|
// amount we didn't ack (Amount should be 0 or 1 here).
|
|
//
|
|
ASSERT(Amount == 0 || Amount == 1);
|
|
|
|
ACKTcb->tcb_unacked -= OrigAmount - Amount;
|
|
ASSERT(*(int *)&ACKTcb->tcb_unacked >= 0);
|
|
|
|
ACKTcb->tcb_senduna = SendUNA;
|
|
|
|
//
|
|
// If we've acked any here, LastCmplt will be non-null, and Current will
|
|
// point to the send that should be at the start of the queue. Splice
|
|
// out the completed ones and put them on the end of the send completed
|
|
// queue, and update the TCB send queue.
|
|
//
|
|
if (LastCmplt != NULL) {
|
|
Queue *FirstCmplt;
|
|
TCPSendReq *FirstTSR, *EndTSR;
|
|
|
|
ASSERT(!EMPTYQ(&ACKTcb->tcb_sendq));
|
|
|
|
FirstCmplt = QHEAD(&ACKTcb->tcb_sendq);
|
|
|
|
//
|
|
// If we've acked everything, just reinit the queue.
|
|
//
|
|
if (Current == End) {
|
|
INITQ(&ACKTcb->tcb_sendq);
|
|
} else {
|
|
//
|
|
// There's still something on the queue. Just update it.
|
|
//
|
|
ACKTcb->tcb_sendq.q_next = Current;
|
|
Current->q_prev = &ACKTcb->tcb_sendq;
|
|
}
|
|
|
|
CheckTCBSends(ACKTcb);
|
|
|
|
//
|
|
// Now walk down the lists of things acked. If the refcnt on the send
|
|
// is 0, go ahead and put him on the send complete Q. Otherwise set
|
|
// the ACKed bit in the send, and he'll be completed when the count
|
|
// goes to 0 in the transmit confirm.
|
|
//
|
|
// Note that we haven't done any locking here. This will probably
|
|
// need to change in the port to NT.
|
|
//
|
|
// Set FirstTSR to the first TSR we'll complete, and EndTSR to be
|
|
// the first TSR that isn't completed.
|
|
//
|
|
FirstTSR = CONTAINING_RECORD(QSTRUCT(TCPReq, FirstCmplt, tr_q),
|
|
TCPSendReq, tsr_req);
|
|
EndTSR = CONTAINING_RECORD(QSTRUCT(TCPReq, Current, tr_q),
|
|
TCPSendReq, tsr_req);
|
|
|
|
CHECK_STRUCT(FirstTSR, tsr);
|
|
ASSERT(FirstTSR != EndTSR);
|
|
|
|
//
|
|
// Now walk the list of ACKed TSRs. If we can complete one, put him
|
|
// on the complete queue.
|
|
//
|
|
KeAcquireSpinLockAtDpcLevel(&RequestCompleteLock);
|
|
while (FirstTSR != EndTSR) {
|
|
|
|
TempQ = QNEXT(&FirstTSR->tsr_req.tr_q);
|
|
|
|
CHECK_STRUCT(FirstTSR, tsr);
|
|
FirstTSR->tsr_req.tr_status = TDI_SUCCESS;
|
|
|
|
//
|
|
// The tsr_lastbuf->Next field is zapped to 0 when the tsr_refcnt
|
|
// goes to 0, so we don't need to do it here.
|
|
//
|
|
// Decrement the reference put on the send buffer when it was
|
|
// initialized indicating the send has been acknowledged.
|
|
//
|
|
Result = InterlockedDecrement(&(FirstTSR->tsr_refcnt));
|
|
|
|
ASSERT(Result >= 0);
|
|
if (Result <= 0) {
|
|
//
|
|
// No more references are outstanding, the send can be
|
|
// completed.
|
|
//
|
|
// If we've sent directly from this send, NULL out the next
|
|
// pointer for the last buffer in the chain.
|
|
//
|
|
if (FirstTSR->tsr_lastbuf != NULL) {
|
|
NDIS_BUFFER_LINKAGE(FirstTSR->tsr_lastbuf) = NULL;
|
|
FirstTSR->tsr_lastbuf = NULL;
|
|
}
|
|
|
|
ACKTcb->tcb_totaltime += (TCPTime - CurrentTSR->tsr_time);
|
|
Temp = ACKTcb->tcb_bcountlow;
|
|
ACKTcb->tcb_bcountlow += CurrentTSR->tsr_size;
|
|
ACKTcb->tcb_bcounthi += (Temp > ACKTcb->tcb_bcountlow ? 1 : 0);
|
|
ENQUEUE(&SendCompleteQ, &FirstTSR->tsr_req.tr_q);
|
|
}
|
|
|
|
FirstTSR = CONTAINING_RECORD(QSTRUCT(TCPReq, TempQ, tr_q),
|
|
TCPSendReq, tsr_req);
|
|
}
|
|
RequestCompleteFlags |= SEND_REQUEST_COMPLETE;
|
|
KeReleaseSpinLockFromDpcLevel(&RequestCompleteLock);
|
|
}
|
|
}
|
|
|
|
|
|
//* TrimPacket - Trim the leading edge of a Packet.
|
|
//
|
|
// A utility routine to trim the front of a Packet. We take in an amount
|
|
// to trim off (which may be 0) and adjust the pointer in the first buffer
|
|
// in the chain forward by that much. If there isn't that much in the first
|
|
// buffer, we move onto the next one. If we run out of buffers we'll return
|
|
// a pointer to the last buffer in the chain, with a size of 0. It's the
|
|
// caller's responsibility to catch this.
|
|
// REVIEW - Move this to subr.c?
|
|
//
|
|
IPv6Packet * // Returns: A pointer to the new start, or NULL.
|
|
TrimPacket(
|
|
IPv6Packet *Packet, // Packet to be trimmed.
|
|
uint TrimAmount) // Amount to be trimmed.
|
|
{
|
|
uint TrimThisTime;
|
|
|
|
ASSERT(Packet != NULL);
|
|
|
|
while (TrimAmount) {
|
|
ASSERT(Packet != NULL);
|
|
|
|
TrimThisTime = MIN(TrimAmount, Packet->ContigSize);
|
|
|
|
TrimAmount -= TrimThisTime;
|
|
Packet->Position += TrimThisTime;
|
|
(uchar *)Packet->Data += TrimThisTime;
|
|
Packet->TotalSize -= TrimThisTime;
|
|
if ((Packet->ContigSize -= TrimThisTime) == 0) {
|
|
//
|
|
// Ran out of space in current buffer.
|
|
// Check for possibility of more data buffers in current packet.
|
|
//
|
|
if (Packet->TotalSize != 0) {
|
|
//
|
|
// Get more contiguous data.
|
|
//
|
|
PacketPullupSubr(Packet, 0, 1, 0);
|
|
continue;
|
|
}
|
|
|
|
//
|
|
// Couldn't do a pullup, so see if there's another packet
|
|
// hanging on this chain.
|
|
//
|
|
if (Packet->Next != NULL) {
|
|
IPv6Packet *Temp;
|
|
|
|
//
|
|
// There's another packet following. Toss this one.
|
|
//
|
|
Temp = Packet;
|
|
Packet = Packet->Next;
|
|
Temp->Next = NULL;
|
|
FreePacketChain(Temp);
|
|
} else {
|
|
//
|
|
// Ran out of Packets. Just return this one.
|
|
//
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
return Packet;
|
|
}
|
|
|
|
|
|
//* FreePacketChain - Free a Packet chain.
|
|
//
|
|
// Called to free a chain of IPv6Packets. Only want to free that which
|
|
// we (the TCP/IPv6 stack) have allocated. Don't try to free anything
|
|
// passed up to us from lower layers.
|
|
//
|
|
void // Returns: Nothing.
|
|
FreePacketChain(
|
|
IPv6Packet *Packet) // First Packet in chain to be freed.
|
|
{
|
|
void *Aux;
|
|
|
|
while (Packet != NULL) {
|
|
|
|
PacketPullupCleanup(Packet);
|
|
|
|
if (Packet->Flags & PACKET_OURS) {
|
|
IPv6Packet *Temp;
|
|
|
|
Temp = Packet;
|
|
Packet = Packet->Next;
|
|
ExFreePool(Temp);
|
|
} else
|
|
Packet = Packet->Next;
|
|
}
|
|
}
|
|
|
|
|
|
IPv6Packet DummyPacket;
|
|
|
|
//* PullFromRAQ - Pull segments from the reassembly queue.
|
|
//
|
|
// Called when we've received frames out of order, and have some segments
|
|
// on the reassembly queue. We'll walk down the reassembly list, segments
|
|
// that are overlapped by the current receive next variable. When we get
|
|
// to one that doesn't completely overlap we'll trim it to fit the next
|
|
// receive sequence number, and pull it from the queue.
|
|
//
|
|
IPv6Packet *
|
|
PullFromRAQ(
|
|
TCB *RcvTCB, // TCB to pull from.
|
|
TCPRcvInfo *RcvInfo, // TCPRcvInfo structure for current segment.
|
|
uint *Size) // Where to update the size of the current segment.
|
|
{
|
|
TCPRAHdr *CurrentTRH; // Current TCP RA Header being examined.
|
|
TCPRAHdr *TempTRH; // Temporary variable.
|
|
SeqNum NextSeq; // Next sequence number we want.
|
|
IPv6Packet *NewPacket; // Packet after trimming.
|
|
SeqNum NextTRHSeq; // Sequence number immediately after current TRH.
|
|
int Overlap; // Overlap between current TRH and NextSeq.
|
|
|
|
CHECK_STRUCT(RcvTCB, tcb);
|
|
|
|
CurrentTRH = RcvTCB->tcb_raq;
|
|
NextSeq = RcvTCB->tcb_rcvnext;
|
|
|
|
while (CurrentTRH != NULL) {
|
|
CHECK_STRUCT(CurrentTRH, trh);
|
|
ASSERT(!(CurrentTRH->trh_flags & TCP_FLAG_SYN));
|
|
|
|
if (SEQ_LT(NextSeq, CurrentTRH->trh_start)) {
|
|
#if DBG
|
|
*Size = 0;
|
|
#endif
|
|
return NULL; // The next TRH starts too far down.
|
|
}
|
|
|
|
NextTRHSeq = CurrentTRH->trh_start + CurrentTRH->trh_size +
|
|
((CurrentTRH->trh_flags & TCP_FLAG_FIN) ? 1 : 0);
|
|
|
|
if (SEQ_GTE(NextSeq, NextTRHSeq)) {
|
|
//
|
|
// The current TRH is overlapped completely. Free it and continue.
|
|
//
|
|
FreePacketChain(CurrentTRH->trh_buffer);
|
|
TempTRH = CurrentTRH->trh_next;
|
|
ExFreePool(CurrentTRH);
|
|
CurrentTRH = TempTRH;
|
|
RcvTCB->tcb_raq = TempTRH;
|
|
if (TempTRH == NULL) {
|
|
//
|
|
// We've just cleaned off the RAQ. We can go back on the
|
|
// fast path now.
|
|
//
|
|
if (--(RcvTCB->tcb_slowcount) == 0) {
|
|
RcvTCB->tcb_fastchk &= ~TCP_FLAG_SLOW;
|
|
CheckTCBRcv(RcvTCB);
|
|
}
|
|
break;
|
|
}
|
|
} else {
|
|
Overlap = NextSeq - CurrentTRH->trh_start;
|
|
RcvInfo->tri_seq = NextSeq;
|
|
RcvInfo->tri_flags = CurrentTRH->trh_flags;
|
|
RcvInfo->tri_urgent = CurrentTRH->trh_urg;
|
|
|
|
if (Overlap != (int) CurrentTRH->trh_size) {
|
|
NewPacket = TrimPacket(CurrentTRH->trh_buffer, Overlap);
|
|
*Size = CurrentTRH->trh_size - Overlap;
|
|
} else {
|
|
//
|
|
// This completely overlaps the data in this segment, but the
|
|
// sequence number doesn't overlap completely. There must
|
|
// be a FIN in the TRH. We'll just return some bogus value
|
|
// that nobody will look at with a size of 0.
|
|
//
|
|
FreePacketChain(CurrentTRH->trh_buffer);
|
|
ASSERT(CurrentTRH->trh_flags & TCP_FLAG_FIN);
|
|
NewPacket =&DummyPacket;
|
|
*Size = 0;
|
|
}
|
|
|
|
RcvTCB->tcb_raq = CurrentTRH->trh_next;
|
|
if (RcvTCB->tcb_raq == NULL) {
|
|
//
|
|
// We've just cleaned off the RAQ. We can go back on the
|
|
// fast path now.
|
|
//
|
|
if (--(RcvTCB->tcb_slowcount) == 0) {
|
|
RcvTCB->tcb_fastchk &= ~TCP_FLAG_SLOW;
|
|
CheckTCBRcv(RcvTCB);
|
|
}
|
|
|
|
}
|
|
ExFreePool(CurrentTRH);
|
|
return NewPacket;
|
|
}
|
|
}
|
|
|
|
#if DBG
|
|
*Size = 0;
|
|
#endif
|
|
return NULL;
|
|
}
|
|
|
|
|
|
//* CreateTRH - Create a TCP reassembly header.
|
|
//
|
|
// This function tries to create a TCP reassembly header. We take as input
|
|
// a pointer to the previous TRH in the chain, the IPv6Packet to put on,
|
|
// etc. and try to create and link in a TRH. The caller must hold the lock
|
|
// on the TCB when this is called.
|
|
//
|
|
uint // Returns: TRUE if we created it, FALSE otherwise.
|
|
CreateTRH(
|
|
TCPRAHdr *PrevTRH, // TRH to insert after.
|
|
IPv6Packet *Packet, // IP Packet chain.
|
|
TCPRcvInfo *RcvInfo, // RcvInfo for this TRH.
|
|
int Size) // Size in bytes of data.
|
|
{
|
|
TCPRAHdr *NewTRH;
|
|
IPv6Packet *NewPacket;
|
|
|
|
ASSERT((Size > 0) || (RcvInfo->tri_flags & TCP_FLAG_FIN));
|
|
|
|
NewTRH = ExAllocatePoolWithTagPriority(NonPagedPool, sizeof(TCPRAHdr),
|
|
TCP6_TAG, LowPoolPriority);
|
|
if (NewTRH == NULL)
|
|
return FALSE;
|
|
|
|
NewPacket = ExAllocatePoolWithTagPriority(NonPagedPool,
|
|
sizeof(IPv6Packet) + Size,
|
|
TCP6_TAG, LowPoolPriority);
|
|
if (NewPacket == NULL) {
|
|
ExFreePool(NewTRH);
|
|
return FALSE;
|
|
}
|
|
|
|
#if DBG
|
|
NewTRH->trh_sig = trh_signature;
|
|
#endif
|
|
NewPacket->Next = NULL;
|
|
NewPacket->Position = 0;
|
|
NewPacket->FlatData = (uchar *)(NewPacket + 1);
|
|
NewPacket->Data = NewPacket->FlatData;
|
|
NewPacket->ContigSize = (uint)Size;
|
|
NewPacket->TotalSize = (uint)Size;
|
|
NewPacket->NdisPacket = NULL;
|
|
NewPacket->AuxList = NULL;
|
|
NewPacket->Flags = PACKET_OURS;
|
|
if (Size != 0)
|
|
CopyPacketToBuffer(NewPacket->Data, Packet, Size, Packet->Position);
|
|
|
|
NewTRH->trh_start = RcvInfo->tri_seq;
|
|
NewTRH->trh_flags = RcvInfo->tri_flags;
|
|
NewTRH->trh_size = Size;
|
|
NewTRH->trh_urg = RcvInfo->tri_urgent;
|
|
NewTRH->trh_buffer = NewPacket;
|
|
NewTRH->trh_end = NewPacket;
|
|
|
|
NewTRH->trh_next = PrevTRH->trh_next;
|
|
PrevTRH->trh_next = NewTRH;
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
//* PutOnRAQ - Put a segment on the reassembly queue.
|
|
//
|
|
// Called during segment reception to put a segment on the reassembly
|
|
// queue. We try to use as few reassembly headers as possible, so if this
|
|
// segment has some overlap with an existing entry in the queue we'll just
|
|
// update the existing entry. If there is no overlap we'll create a new
|
|
// reassembly header. Combining URGENT data with non-URGENT data is tricky.
|
|
// If we get a segment that has urgent data that overlaps the front of a
|
|
// reassembly header we'll always mark the whole chunk as urgent - the value
|
|
// of the urgent pointer will mark the end of urgent data, so this is OK.
|
|
// If it only overlaps at the end, however, we won't combine, since we would
|
|
// have to mark previously non-urgent data as urgent. We'll trim the
|
|
// front of the incoming segment and create a new reassembly header. Also,
|
|
// if we have non-urgent data that overlaps at the front of a reassembly
|
|
// header containing urgent data we can't combine these two, since again we
|
|
// would mark non-urgent data as urgent.
|
|
// Our search will stop if we find an entry with a FIN.
|
|
// We assume that the TCB lock is held by the caller.
|
|
//
|
|
uint // Returns: TRUE if successful, FALSE otherwise.
|
|
PutOnRAQ(
|
|
TCB *RcvTCB, // TCB on which to reassemble.
|
|
TCPRcvInfo *RcvInfo, // RcvInfo for new segment.
|
|
IPv6Packet *Packet, // Packet chain for this segment.
|
|
uint Size) // Size in bytes of data in this segment.
|
|
{
|
|
TCPRAHdr *PrevTRH; // Previous reassembly header.
|
|
TCPRAHdr *CurrentTRH; // Current reassembly header.
|
|
SeqNum NextSeq; // Seq num of 1st byte after seg being reassembled.
|
|
SeqNum NextTRHSeq; // Sequence number of 1st byte after current TRH.
|
|
uint Created;
|
|
|
|
CHECK_STRUCT(RcvTCB, tcb);
|
|
ASSERT(RcvTCB->tcb_rcvnext != RcvInfo->tri_seq);
|
|
ASSERT(!(RcvInfo->tri_flags & TCP_FLAG_SYN));
|
|
|
|
NextSeq = RcvInfo->tri_seq + Size +
|
|
((RcvInfo->tri_flags & TCP_FLAG_FIN) ? 1 : 0);
|
|
|
|
PrevTRH = CONTAINING_RECORD(&RcvTCB->tcb_raq, TCPRAHdr, trh_next);
|
|
CurrentTRH = PrevTRH->trh_next;
|
|
|
|
//
|
|
// Walk down the reassembly queue, looking for the correct place to
|
|
// insert this, until we hit the end.
|
|
//
|
|
while (CurrentTRH != NULL) {
|
|
CHECK_STRUCT(CurrentTRH, trh);
|
|
|
|
ASSERT(!(CurrentTRH->trh_flags & TCP_FLAG_SYN));
|
|
NextTRHSeq = CurrentTRH->trh_start + CurrentTRH->trh_size +
|
|
((CurrentTRH->trh_flags & TCP_FLAG_FIN) ? 1 : 0);
|
|
|
|
//
|
|
// First, see if it starts beyond the end of the current TRH.
|
|
//
|
|
if (SEQ_LTE(RcvInfo->tri_seq, NextTRHSeq)) {
|
|
//
|
|
// We know the incoming segment doesn't start beyond the end
|
|
// of this TRH, so we'll either create a new TRH in front of
|
|
// this one or we'll merge the new segment onto this TRH.
|
|
// If the end of the current segment is in front of the start
|
|
// of the current TRH, we'll need to create a new TRH. Otherwise
|
|
// we'll merge these two.
|
|
//
|
|
if (SEQ_LT(NextSeq, CurrentTRH->trh_start))
|
|
break;
|
|
else {
|
|
//
|
|
// There's some overlap. If there's actually data in the
|
|
// incoming segment we'll merge it.
|
|
//
|
|
if (Size != 0) {
|
|
int FrontOverlap, BackOverlap;
|
|
IPv6Packet *NewPacket;
|
|
|
|
//
|
|
// We need to merge. If there's a FIN on the incoming
|
|
// segment that would fall inside this current TRH, we
|
|
// have a protocol violation from the remote peer. In
|
|
// this case just return, discarding the incoming segment.
|
|
//
|
|
if ((RcvInfo->tri_flags & TCP_FLAG_FIN) &&
|
|
SEQ_LTE(NextSeq, NextTRHSeq))
|
|
return TRUE;
|
|
|
|
//
|
|
// We have some overlap. Figure out how much.
|
|
//
|
|
FrontOverlap = CurrentTRH->trh_start - RcvInfo->tri_seq;
|
|
if (FrontOverlap > 0) {
|
|
//
|
|
// Have overlap in front. Allocate an IPv6Packet to
|
|
// to hold it, and copy it, unless we would have to
|
|
// combine non-urgent with urgent.
|
|
//
|
|
if (!(RcvInfo->tri_flags & TCP_FLAG_URG) &&
|
|
(CurrentTRH->trh_flags & TCP_FLAG_URG)) {
|
|
if (CreateTRH(PrevTRH, Packet, RcvInfo,
|
|
CurrentTRH->trh_start - RcvInfo->tri_seq)) {
|
|
PrevTRH = PrevTRH->trh_next;
|
|
CurrentTRH = PrevTRH->trh_next;
|
|
}
|
|
FrontOverlap = 0;
|
|
} else {
|
|
NewPacket = ExAllocatePoolWithTagPriority(
|
|
NonPagedPool,
|
|
sizeof(IPv6Packet) + FrontOverlap,
|
|
TCP6_TAG, LowPoolPriority);
|
|
if (NewPacket == NULL) {
|
|
// Couldn't allocate memory.
|
|
return TRUE;
|
|
}
|
|
NewPacket->Position = 0;
|
|
NewPacket->FlatData = (uchar *)(NewPacket + 1);
|
|
NewPacket->Data = NewPacket->FlatData;
|
|
NewPacket->ContigSize = FrontOverlap;
|
|
NewPacket->TotalSize = FrontOverlap;
|
|
NewPacket->NdisPacket = NULL;
|
|
NewPacket->AuxList = NULL;
|
|
NewPacket->Flags = PACKET_OURS;
|
|
CopyPacketToBuffer(NewPacket->Data, Packet,
|
|
FrontOverlap, Packet->Position);
|
|
CurrentTRH->trh_size += FrontOverlap;
|
|
|
|
//
|
|
// Put our new packet on the front of this
|
|
// reassembly header's packet list.
|
|
//
|
|
NewPacket->Next = CurrentTRH->trh_buffer;
|
|
CurrentTRH->trh_buffer = NewPacket;
|
|
CurrentTRH->trh_start = RcvInfo->tri_seq;
|
|
}
|
|
}
|
|
|
|
//
|
|
// We've updated the starting sequence number of this TRH
|
|
// if we needed to. Now look for back overlap. There
|
|
// can't be any back overlap if the current TRH has a FIN.
|
|
// Also we'll need to check for urgent data if there is
|
|
// back overlap.
|
|
//
|
|
if (!(CurrentTRH->trh_flags & TCP_FLAG_FIN)) {
|
|
BackOverlap = RcvInfo->tri_seq + Size - NextTRHSeq;
|
|
if ((BackOverlap > 0) &&
|
|
(RcvInfo->tri_flags & TCP_FLAG_URG) &&
|
|
!(CurrentTRH->trh_flags & TCP_FLAG_URG) &&
|
|
(FrontOverlap <= 0)) {
|
|
int AmountToTrim;
|
|
//
|
|
// The incoming segment has urgent data and
|
|
// overlaps on the back but not the front, and the
|
|
// current TRH has no urgent data. We can't
|
|
// combine into this TRH, so trim the front of the
|
|
// incoming segment to NextTRHSeq and move to the
|
|
// next TRH.
|
|
AmountToTrim = NextTRHSeq - RcvInfo->tri_seq;
|
|
ASSERT(AmountToTrim >= 0);
|
|
ASSERT(AmountToTrim < (int) Size);
|
|
Packet = TrimPacket(Packet, (uint)AmountToTrim);
|
|
RcvInfo->tri_seq += AmountToTrim;
|
|
RcvInfo->tri_urgent -= AmountToTrim;
|
|
PrevTRH = CurrentTRH;
|
|
CurrentTRH = PrevTRH->trh_next;
|
|
Size -= AmountToTrim;
|
|
continue;
|
|
}
|
|
} else
|
|
BackOverlap = 0;
|
|
|
|
//
|
|
// Now if we have back overlap, copy it.
|
|
//
|
|
if (BackOverlap > 0) {
|
|
//
|
|
// We have back overlap. Get a buffer to copy it into.
|
|
// If we can't get one, we won't just return, because
|
|
// we may have updated the front and may need to
|
|
// update the urgent info.
|
|
//
|
|
NewPacket = ExAllocatePoolWithTagPriority(
|
|
NonPagedPool,
|
|
sizeof(IPv6Packet) + BackOverlap,
|
|
TCP6_TAG, LowPoolPriority);
|
|
if (NewPacket != NULL) {
|
|
// Allocation succeeded.
|
|
NewPacket->Position = 0;
|
|
NewPacket->FlatData = (uchar *)(NewPacket + 1);
|
|
NewPacket->Data = NewPacket->FlatData;
|
|
NewPacket->ContigSize = BackOverlap;
|
|
NewPacket->TotalSize = BackOverlap;
|
|
NewPacket->NdisPacket = NULL;
|
|
NewPacket->AuxList = NULL;
|
|
NewPacket->Flags = PACKET_OURS;
|
|
CopyPacketToBuffer(NewPacket->Data, Packet,
|
|
BackOverlap, Packet->Position +
|
|
NextTRHSeq - RcvInfo->tri_seq);
|
|
CurrentTRH->trh_size += BackOverlap;
|
|
NewPacket->Next = CurrentTRH->trh_end->Next;
|
|
CurrentTRH->trh_end->Next = NewPacket;
|
|
CurrentTRH->trh_end = NewPacket;
|
|
|
|
//
|
|
// This segment could also have FIN set.
|
|
// If it does, set the TRH flag.
|
|
//
|
|
// N.B. If there's another reassembly header after
|
|
// the current one, the data that we're about to
|
|
// put on the current header might already be
|
|
// on that subsequent header which, in that event,
|
|
// will already have the FIN flag set.
|
|
// Check for that case before recording the FIN.
|
|
//
|
|
if ((RcvInfo->tri_flags & TCP_FLAG_FIN) &&
|
|
!CurrentTRH->trh_next) {
|
|
CurrentTRH->trh_flags |= TCP_FLAG_FIN;
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Everything should be consistent now. If there's an
|
|
// urgent data pointer in the incoming segment, update the
|
|
// one in the TRH now.
|
|
//
|
|
if (RcvInfo->tri_flags & TCP_FLAG_URG) {
|
|
SeqNum UrgSeq;
|
|
//
|
|
// Have an urgent pointer. If the current TRH already
|
|
// has an urgent pointer, see which is bigger.
|
|
// Otherwise just use this one.
|
|
//
|
|
UrgSeq = RcvInfo->tri_seq + RcvInfo->tri_urgent;
|
|
if (CurrentTRH->trh_flags & TCP_FLAG_URG) {
|
|
SeqNum TRHUrgSeq;
|
|
|
|
TRHUrgSeq = CurrentTRH->trh_start +
|
|
CurrentTRH->trh_urg;
|
|
if (SEQ_LT(UrgSeq, TRHUrgSeq))
|
|
UrgSeq = TRHUrgSeq;
|
|
} else
|
|
CurrentTRH->trh_flags |= TCP_FLAG_URG;
|
|
|
|
CurrentTRH->trh_urg = UrgSeq - CurrentTRH->trh_start;
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// We have a 0 length segment. The only interesting thing
|
|
// here is if there's a FIN on the segment. If there is,
|
|
// and the seq. # of the incoming segment is exactly after
|
|
// the current TRH, OR matches the FIN in the current TRH,
|
|
// we note it.
|
|
if (RcvInfo->tri_flags & TCP_FLAG_FIN) {
|
|
if (!(CurrentTRH->trh_flags & TCP_FLAG_FIN)) {
|
|
if (SEQ_EQ(NextTRHSeq, RcvInfo->tri_seq))
|
|
CurrentTRH->trh_flags |= TCP_FLAG_FIN;
|
|
else
|
|
KdBreakPoint();
|
|
}
|
|
else {
|
|
if (!(SEQ_EQ((NextTRHSeq-1), RcvInfo->tri_seq))) {
|
|
KdBreakPoint();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return TRUE;
|
|
}
|
|
} else {
|
|
//
|
|
// Look at the next TRH, unless the current TRH has a FIN. If he
|
|
// has a FIN, we won't save any data beyond that anyway.
|
|
//
|
|
if (CurrentTRH->trh_flags & TCP_FLAG_FIN)
|
|
return TRUE;
|
|
|
|
PrevTRH = CurrentTRH;
|
|
CurrentTRH = PrevTRH->trh_next;
|
|
}
|
|
}
|
|
|
|
//
|
|
// When we get here, we need to create a new TRH. If we create one and
|
|
// there was previously nothing on the reassembly queue, we'll have to
|
|
// move off the fast receive path.
|
|
//
|
|
CurrentTRH = RcvTCB->tcb_raq;
|
|
Created = CreateTRH(PrevTRH, Packet, RcvInfo, (int)Size);
|
|
|
|
if (Created && CurrentTRH == NULL) {
|
|
RcvTCB->tcb_slowcount++;
|
|
RcvTCB->tcb_fastchk |= TCP_FLAG_SLOW;
|
|
CheckTCBRcv(RcvTCB);
|
|
} else if (!Created) {
|
|
return FALSE;
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
//* HandleFastXmit - Handles fast retransmit algorithm. See RFC 2581.
|
|
//
|
|
// Called by TCPReceive to determine if we should retransmit a segment
|
|
// without waiting for retransmit timeout to fire.
|
|
//
|
|
BOOLEAN // Returns: TRUE if the segment got retransmitted, FALSE otherwise.
|
|
HandleFastXmit(
|
|
TCB *RcvTCB, // Connection context for this receive.
|
|
TCPRcvInfo *RcvInfo) // Pointer to rcvd TCP Header information.
|
|
{
|
|
uint CWin;
|
|
|
|
RcvTCB->tcb_dupacks++;
|
|
|
|
if (RcvTCB->tcb_dupacks == MaxDupAcks) {
|
|
//
|
|
// We're going to do a fast retransmit.
|
|
// Stop the retransmit timer and any round-trip time
|
|
// calculations we might have been running.
|
|
//
|
|
STOP_TCB_TIMER(RcvTCB->tcb_rexmittimer);
|
|
RcvTCB->tcb_rtt = 0;
|
|
|
|
if (!(RcvTCB->tcb_flags & FLOW_CNTLD)) {
|
|
//
|
|
// Don't let the slow start threshold go
|
|
// below 2 segments.
|
|
//
|
|
RcvTCB->tcb_ssthresh =
|
|
MAX(MIN(RcvTCB->tcb_cwin, RcvTCB->tcb_sendwin) / 2,
|
|
(uint) RcvTCB->tcb_mss * 2);
|
|
}
|
|
|
|
//
|
|
// Inflate the congestion window by the number of segments
|
|
// which have presumably left the network.
|
|
//
|
|
CWin = RcvTCB->tcb_ssthresh + (MaxDupAcks * RcvTCB->tcb_mss);
|
|
|
|
//
|
|
// Recall the segment in question and send it out.
|
|
// Note that tcb_lock will be dereferenced by the caller.
|
|
//
|
|
ResetAndFastSend(RcvTCB, RcvTCB->tcb_senduna, CWin);
|
|
|
|
return TRUE;
|
|
|
|
} else {
|
|
|
|
int SendWin;
|
|
uint AmtOutstanding;
|
|
|
|
//
|
|
// REVIEW: At least the first part of this check is redundant.
|
|
//
|
|
if (SEQ_EQ(RcvTCB->tcb_senduna, RcvInfo->tri_ack) &&
|
|
(SEQ_LT(RcvTCB->tcb_sendwl1, RcvInfo->tri_seq) ||
|
|
(SEQ_EQ(RcvTCB->tcb_sendwl1, RcvInfo->tri_seq) &&
|
|
SEQ_LTE(RcvTCB->tcb_sendwl2, RcvInfo->tri_ack)))) {
|
|
|
|
RcvTCB->tcb_sendwin = RcvInfo->tri_window;
|
|
RcvTCB->tcb_maxwin = MAX(RcvTCB->tcb_maxwin, RcvInfo->tri_window);
|
|
RcvTCB->tcb_sendwl1 = RcvInfo->tri_seq;
|
|
RcvTCB->tcb_sendwl2 = RcvInfo->tri_ack;
|
|
}
|
|
|
|
if (RcvTCB->tcb_dupacks > MaxDupAcks) {
|
|
//
|
|
// Update the congestion window to reflect the fact that the
|
|
// duplicate ack presumably indicates that the previous frame
|
|
// was received by our peer and has thus left the network.
|
|
//
|
|
RcvTCB->tcb_cwin += RcvTCB->tcb_mss;
|
|
}
|
|
|
|
//
|
|
// Check if we need to set tcb_force.
|
|
//
|
|
if ((RcvTCB->tcb_cwin + RcvTCB->tcb_mss) < RcvTCB->tcb_sendwin) {
|
|
AmtOutstanding = (uint)(RcvTCB->tcb_sendnext -
|
|
RcvTCB->tcb_senduna);
|
|
|
|
SendWin = (int)(MIN(RcvTCB->tcb_sendwin, RcvTCB->tcb_cwin) -
|
|
AmtOutstanding);
|
|
|
|
if (SendWin < RcvTCB->tcb_mss) {
|
|
RcvTCB->tcb_force = 1;
|
|
}
|
|
}
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
//* TCPReceive - Receive an incoming TCP segment.
|
|
//
|
|
// This is the routine called by IPv6 when we need to receive a TCP segment.
|
|
// In general, we follow the RFC 793 event processing section pretty closely,
|
|
// but there is a 'fast path' where we make some quick checks on the incoming
|
|
// segment, and if it matches we deliver it immediately.
|
|
//
|
|
uchar // Returns: next header value (always IP_PROTOCOL_NONE for TCP).
|
|
TCPReceive(
|
|
IPv6Packet *Packet) // Packet IP handed up to us.
|
|
{
|
|
NetTableEntry *NTE;
|
|
TCPHeader UNALIGNED *TCP; // The TCP header.
|
|
uint DataOffset; // Offset from start of TCP header to data.
|
|
ushort Checksum;
|
|
TCPRcvInfo RcvInfo; // Local swapped copy of receive info.
|
|
uint SrcScopeId; // Scope id of remote address, if applicable.
|
|
uint DestScopeId; // Scope id of local address, if applicable.
|
|
TCB *RcvTCB; // TCB on which to receive the packet.
|
|
uint Inserted;
|
|
uint Actions; // Flags for future actions to be performed.
|
|
uint BytesTaken;
|
|
uint NewSize;
|
|
BOOLEAN UseIsn = FALSE;
|
|
SeqNum Isn = 0;
|
|
|
|
//
|
|
// REVIEW: Expediency hacks to get something working.
|
|
//
|
|
uint Size; // Probably safe to just change name to PayloadLength below.
|
|
|
|
//
|
|
// TCP only works with unicast addresses. If this packet was
|
|
// received on a unicast address, then Packet->NTEorIF will be an
|
|
// NTE. So drop packets if we don't have an NTE.
|
|
// (IPv6HeaderReceive checks validity.) But the converse isn't
|
|
// true, we could have an NTE here that is associated with the
|
|
// anycast/multicast address we received the packet on. So to
|
|
// guard against that, we verify that our NTE's address is the
|
|
// destination given in the packet.
|
|
//
|
|
if (!IsNTE(Packet->NTEorIF) ||
|
|
!IP6_ADDR_EQUAL(AlignAddr(&Packet->IP->Dest),
|
|
&(NTE = CastToNTE(Packet->NTEorIF))->Address)) {
|
|
// Packet's destination was not a valid unicast address of ours.
|
|
return IP_PROTOCOL_NONE; // Drop packet.
|
|
}
|
|
|
|
TStats.ts_insegs++;
|
|
|
|
//
|
|
// Verify that we have enough contiguous data to overlay a TCPHeader
|
|
// structure on the incoming packet. Then do so.
|
|
//
|
|
if (! PacketPullup(Packet, sizeof(TCPHeader), 1, 0)) {
|
|
// Pullup failed.
|
|
TStats.ts_inerrs++;
|
|
if (Packet->TotalSize < sizeof(TCPHeader)) {
|
|
BadPayloadLength:
|
|
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET,
|
|
"TCPv6: data buffer too small to contain TCP header\n"));
|
|
ICMPv6SendError(Packet,
|
|
ICMPv6_PARAMETER_PROBLEM,
|
|
ICMPv6_ERRONEOUS_HEADER_FIELD,
|
|
FIELD_OFFSET(IPv6Header, PayloadLength),
|
|
IP_PROTOCOL_NONE, FALSE);
|
|
}
|
|
return IP_PROTOCOL_NONE; // Drop packet.
|
|
}
|
|
TCP = (TCPHeader UNALIGNED *)Packet->Data;
|
|
|
|
//
|
|
// Verify checksum.
|
|
//
|
|
Checksum = ChecksumPacket(Packet->NdisPacket, Packet->Position,
|
|
Packet->FlatData, Packet->TotalSize,
|
|
Packet->SrcAddr, AlignAddr(&Packet->IP->Dest),
|
|
IP_PROTOCOL_TCP);
|
|
if (Checksum != 0xffff) {
|
|
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR,
|
|
"TCPv6: Checksum failed %0x\n", Checksum));
|
|
TStats.ts_inerrs++;
|
|
return IP_PROTOCOL_NONE; // Drop packet.
|
|
}
|
|
|
|
//
|
|
// Now that we can read the header, pull out the header length field.
|
|
// Verify that we have enough contiguous data to hold any TCP options
|
|
// that may be present in the header, and skip over the entire header.
|
|
//
|
|
DataOffset = TCP_HDR_SIZE(TCP);
|
|
if (! PacketPullup(Packet, DataOffset, 1, 0)) {
|
|
TStats.ts_inerrs++;
|
|
if (Packet->TotalSize < DataOffset)
|
|
goto BadPayloadLength;
|
|
return IP_PROTOCOL_NONE; // Drop packet.
|
|
}
|
|
TCP = (TCPHeader UNALIGNED *)Packet->Data;
|
|
|
|
AdjustPacketParams(Packet, DataOffset);
|
|
Size = Packet->TotalSize;
|
|
|
|
//
|
|
// Verify IPSec was performed.
|
|
//
|
|
if (InboundSecurityCheck(Packet, IP_PROTOCOL_TCP, net_short(TCP->tcp_src),
|
|
net_short(TCP->tcp_dest), NTE->IF) != TRUE) {
|
|
//
|
|
// No policy was found or the policy indicated to drop the packet.
|
|
//
|
|
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR,
|
|
"TCPReceive: IPSec Policy caused packet to be dropped\n"));
|
|
return IP_PROTOCOL_NONE; // Drop packet.
|
|
}
|
|
|
|
//
|
|
// The packet is valid.
|
|
// Get the info we need and byte swap it.
|
|
//
|
|
RcvInfo.tri_seq = net_long(TCP->tcp_seq);
|
|
RcvInfo.tri_ack = net_long(TCP->tcp_ack);
|
|
RcvInfo.tri_window = (uint)net_short(TCP->tcp_window);
|
|
RcvInfo.tri_urgent = (uint)net_short(TCP->tcp_urgent);
|
|
RcvInfo.tri_flags = (uint)TCP->tcp_flags;
|
|
|
|
//
|
|
// Determine the appropriate scope id for our packet's addresses.
|
|
// Note that multicast addresses were forbidden above.
|
|
// We use DetermineScopeId instead of just indexing into ZoneIndices
|
|
// because we need the "user-level" scope id here.
|
|
//
|
|
SrcScopeId = DetermineScopeId(Packet->SrcAddr, NTE->IF);
|
|
DestScopeId = DetermineScopeId(&NTE->Address, NTE->IF);
|
|
|
|
//
|
|
// See if we have a TCP Control Block for this connection.
|
|
//
|
|
KeAcquireSpinLockAtDpcLevel(&TCBTableLock);
|
|
RcvTCB = FindTCB(AlignAddr(&Packet->IP->Dest), Packet->SrcAddr,
|
|
DestScopeId, SrcScopeId, TCP->tcp_dest, TCP->tcp_src);
|
|
|
|
if (RcvTCB == NULL) {
|
|
uchar DType;
|
|
|
|
//
|
|
// Didn't find a matching TCB, which means incoming segment doesn't
|
|
// belong to an existing connection.
|
|
//
|
|
KeReleaseSpinLockFromDpcLevel(&TCBTableLock);
|
|
|
|
//
|
|
// Make sure that the source address is reasonable
|
|
// before proceeding.
|
|
//
|
|
ASSERT(!IsInvalidSourceAddress(Packet->SrcAddr));
|
|
if (IsUnspecified(Packet->SrcAddr)) {
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
//
|
|
// If this segment carries a SYN (and only a SYN), it's a
|
|
// connection initiation request.
|
|
//
|
|
if ((RcvInfo.tri_flags & (TCP_FLAG_SYN | TCP_FLAG_ACK |
|
|
TCP_FLAG_RST)) == TCP_FLAG_SYN) {
|
|
AddrObj *AO;
|
|
|
|
ValidNewConnectionRequest:
|
|
|
|
//
|
|
// We need to look for a matching address object.
|
|
// Want match for local address (+ scope id for scoped addresses),
|
|
// port and protocol.
|
|
//
|
|
KeAcquireSpinLockAtDpcLevel(&AddrObjTableLock);
|
|
AO = GetBestAddrObj(AlignAddr(&Packet->IP->Dest),
|
|
DestScopeId, TCP->tcp_dest,
|
|
IP_PROTOCOL_TCP, NTE->IF);
|
|
if (AO == NULL) {
|
|
//
|
|
// No address object. Free the lock, and send a RST.
|
|
//
|
|
KeReleaseSpinLockFromDpcLevel(&AddrObjTableLock);
|
|
goto SendReset;
|
|
}
|
|
|
|
//
|
|
// Found an AO. See if it has a listen indication.
|
|
// FindListenConn will free the lock on the AddrObjTable.
|
|
//
|
|
RcvTCB = FindListenConn(AO, Packet->SrcAddr, SrcScopeId,
|
|
TCP->tcp_src);
|
|
if (RcvTCB == NULL) {
|
|
//
|
|
// No listening connection. AddrObjTableLock was
|
|
// released by FindListenConn. Just send a RST.
|
|
//
|
|
goto SendReset;
|
|
}
|
|
|
|
CHECK_STRUCT(RcvTCB, tcb);
|
|
KeAcquireSpinLockAtDpcLevel(&RcvTCB->tcb_lock);
|
|
//
|
|
// We found a listening connection. Initialize
|
|
// it now, and if it is actually to be accepted
|
|
// we'll send a SYN-ACK also.
|
|
//
|
|
ASSERT(RcvTCB->tcb_state == TCB_SYN_RCVD);
|
|
|
|
RcvTCB->tcb_daddr = *Packet->SrcAddr;
|
|
RcvTCB->tcb_saddr = Packet->IP->Dest;
|
|
RcvTCB->tcb_dscope_id = SrcScopeId;
|
|
RcvTCB->tcb_sscope_id = DestScopeId;
|
|
RcvTCB->tcb_dport = TCP->tcp_src;
|
|
RcvTCB->tcb_sport = TCP->tcp_dest;
|
|
RcvTCB->tcb_rcvnext = ++RcvInfo.tri_seq;
|
|
RcvTCB->tcb_rcvwinwatch = RcvTCB->tcb_rcvnext;
|
|
if (UseIsn) {
|
|
RcvTCB->tcb_sendnext = Isn;
|
|
} else {
|
|
GetRandomISN(&RcvTCB->tcb_sendnext, (uchar*)&RcvTCB->tcb_md5data);
|
|
}
|
|
RcvTCB->tcb_sendwin = RcvInfo.tri_window;
|
|
RcvTCB->tcb_remmss = FindMSS(TCP);
|
|
TStats.ts_passiveopens++;
|
|
RcvTCB->tcb_fastchk |= TCP_FLAG_IN_RCV;
|
|
KeReleaseSpinLockFromDpcLevel(&RcvTCB->tcb_lock);
|
|
|
|
Inserted = InsertTCB(RcvTCB);
|
|
|
|
//
|
|
// Get the lock on it, and see if it's been accepted.
|
|
//
|
|
KeAcquireSpinLockAtDpcLevel(&RcvTCB->tcb_lock);
|
|
if (!Inserted) {
|
|
// Couldn't insert it!.
|
|
CompleteConnReq(RcvTCB, TDI_CONNECTION_ABORTED);
|
|
RcvTCB->tcb_refcnt--;
|
|
TryToCloseTCB(RcvTCB, TCB_CLOSE_ABORTED, DISPATCH_LEVEL);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
RcvTCB->tcb_fastchk &= ~TCP_FLAG_IN_RCV;
|
|
if (RcvTCB->tcb_flags & SEND_AFTER_RCV) {
|
|
RcvTCB->tcb_flags &= ~SEND_AFTER_RCV;
|
|
DelayAction(RcvTCB, NEED_OUTPUT);
|
|
}
|
|
|
|
if (RcvTCB->tcb_flags & CONN_ACCEPTED) {
|
|
//
|
|
// The connection was accepted. Finish the
|
|
// initialization, and send the SYN ack.
|
|
//
|
|
AcceptConn(RcvTCB, DISPATCH_LEVEL);
|
|
return IP_PROTOCOL_NONE;
|
|
} else {
|
|
//
|
|
// We don't know what to do about the
|
|
// connection yet. Return the pending listen,
|
|
// dereference the connection, and return.
|
|
//
|
|
CompleteConnReq(RcvTCB, TDI_SUCCESS);
|
|
DerefTCB(RcvTCB, DISPATCH_LEVEL);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
}
|
|
|
|
SendReset:
|
|
//
|
|
// Not a SYN, no AddrObj available, or port filtered.
|
|
// Send a RST back to the sender.
|
|
//
|
|
SendRSTFromHeader(TCP, Packet->TotalSize, Packet->SrcAddr, SrcScopeId,
|
|
AlignAddr(&Packet->IP->Dest), DestScopeId);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
//
|
|
// We found a matching TCB. Get the lock on it, and continue.
|
|
//
|
|
KeAcquireSpinLockAtDpcLevel(&RcvTCB->tcb_lock);
|
|
KeReleaseSpinLockFromDpcLevel(&TCBTableLock);
|
|
|
|
//
|
|
// Do the fast path check. We can hit the fast path if the incoming
|
|
// sequence number matches our receive next and the masked flags
|
|
// match our 'predicted' flags.
|
|
//
|
|
CheckTCBRcv(RcvTCB);
|
|
RcvTCB->tcb_alive = TCPTime;
|
|
|
|
if (RcvTCB->tcb_rcvnext == RcvInfo.tri_seq &&
|
|
(RcvInfo.tri_flags & TCP_FLAGS_ALL) == RcvTCB->tcb_fastchk) {
|
|
|
|
Actions = 0;
|
|
RcvTCB->tcb_refcnt++;
|
|
|
|
//
|
|
// The fast path. We know all we have to do here is ack sends and
|
|
// deliver data. First try and ack data.
|
|
//
|
|
if (SEQ_LT(RcvTCB->tcb_senduna, RcvInfo.tri_ack) &&
|
|
SEQ_LTE(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) {
|
|
uint CWin;
|
|
uint MSS;
|
|
|
|
//
|
|
// The ack acknowledges something. Pull the
|
|
// appropriate amount off the send q.
|
|
//
|
|
ACKData(RcvTCB, RcvInfo.tri_ack);
|
|
|
|
//
|
|
// If this acknowledges something we were running a RTT on,
|
|
// update that stuff now.
|
|
//
|
|
if (RcvTCB->tcb_rtt != 0 && SEQ_GT(RcvInfo.tri_ack,
|
|
RcvTCB->tcb_rttseq)) {
|
|
short RTT;
|
|
|
|
RTT = (short)(TCPTime - RcvTCB->tcb_rtt);
|
|
RcvTCB->tcb_rtt = 0;
|
|
RTT -= (RcvTCB->tcb_smrtt >> 3);
|
|
RcvTCB->tcb_smrtt += RTT;
|
|
RTT = (RTT >= 0 ? RTT : -RTT);
|
|
RTT -= (RcvTCB->tcb_delta >> 3);
|
|
RcvTCB->tcb_delta += RTT + RTT;
|
|
RcvTCB->tcb_rexmit = MIN(MAX(REXMIT_TO(RcvTCB),
|
|
MIN_RETRAN_TICKS),
|
|
MAX_REXMIT_TO);
|
|
}
|
|
|
|
if ((RcvTCB->tcb_dupacks >= MaxDupAcks) &&
|
|
((int)RcvTCB->tcb_ssthresh > 0)) {
|
|
//
|
|
// We were in fast retransmit mode, so this ACK is for
|
|
// our fast retransmitted frame. Set cwin to ssthresh
|
|
// so that cwin grows linearly from here.
|
|
//
|
|
RcvTCB->tcb_cwin = RcvTCB->tcb_ssthresh;
|
|
|
|
} else {
|
|
|
|
//
|
|
// Update the congestion window now.
|
|
//
|
|
CWin = RcvTCB->tcb_cwin;
|
|
MSS = RcvTCB->tcb_mss;
|
|
if (CWin < RcvTCB->tcb_maxwin) {
|
|
if (CWin < RcvTCB->tcb_ssthresh)
|
|
CWin += MSS;
|
|
else
|
|
CWin += (MSS * MSS)/CWin;
|
|
|
|
RcvTCB->tcb_cwin = CWin;
|
|
}
|
|
}
|
|
ASSERT(*(int *)&RcvTCB->tcb_cwin > 0);
|
|
|
|
//
|
|
// Since this isn't a duplicate ACK, reset the counter.
|
|
//
|
|
RcvTCB->tcb_dupacks = 0;
|
|
|
|
//
|
|
// We've acknowledged something, so reset the rexmit count.
|
|
// If there's still stuff outstanding, restart the rexmit
|
|
// timer.
|
|
//
|
|
RcvTCB->tcb_rexmitcnt = 0;
|
|
if (SEQ_EQ(RcvInfo.tri_ack, RcvTCB->tcb_sendmax))
|
|
STOP_TCB_TIMER(RcvTCB->tcb_rexmittimer);
|
|
else
|
|
START_TCB_TIMER(RcvTCB->tcb_rexmittimer, RcvTCB->tcb_rexmit);
|
|
|
|
//
|
|
// Since we've acknowledged data, we need to update the window.
|
|
//
|
|
RcvTCB->tcb_sendwin = RcvInfo.tri_window;
|
|
RcvTCB->tcb_maxwin = MAX(RcvTCB->tcb_maxwin, RcvInfo.tri_window);
|
|
RcvTCB->tcb_sendwl1 = RcvInfo.tri_seq;
|
|
RcvTCB->tcb_sendwl2 = RcvInfo.tri_ack;
|
|
|
|
//
|
|
// We've updated the window, remember to send some more.
|
|
//
|
|
Actions = (RcvTCB->tcb_unacked ? NEED_OUTPUT : 0);
|
|
|
|
} else {
|
|
//
|
|
// It doesn't ack anything. If it's an ack for something
|
|
// larger than we've sent then ACKAndDrop it.
|
|
//
|
|
if (SEQ_GT(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) {
|
|
ACKAndDrop(&RcvInfo, RcvTCB);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
//
|
|
// If it is a pure duplicate ack, check if we should
|
|
// do a fast retransmit.
|
|
//
|
|
if ((Size == 0) && SEQ_EQ(RcvTCB->tcb_senduna, RcvInfo.tri_ack) &&
|
|
SEQ_LT(RcvTCB->tcb_senduna, RcvTCB->tcb_sendmax) &&
|
|
(RcvTCB->tcb_sendwin == RcvInfo.tri_window) &&
|
|
RcvInfo.tri_window) {
|
|
|
|
//
|
|
// See if fast rexmit can be done.
|
|
//
|
|
if (HandleFastXmit(RcvTCB, &RcvInfo)) {
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
Actions = (RcvTCB->tcb_unacked ? NEED_OUTPUT : 0);
|
|
|
|
} else {
|
|
|
|
//
|
|
// Not a pure duplicate ack (Size != 0 or peer is
|
|
// advertising a new windows). Reset counter.
|
|
//
|
|
RcvTCB->tcb_dupacks = 0;
|
|
|
|
//
|
|
// If the ack matches our existing UNA, we need to see if
|
|
// we can update the window.
|
|
//
|
|
if (SEQ_EQ(RcvTCB->tcb_senduna, RcvInfo.tri_ack) &&
|
|
(SEQ_LT(RcvTCB->tcb_sendwl1, RcvInfo.tri_seq) ||
|
|
(SEQ_EQ(RcvTCB->tcb_sendwl1, RcvInfo.tri_seq) &&
|
|
SEQ_LTE(RcvTCB->tcb_sendwl2, RcvInfo.tri_ack)))) {
|
|
RcvTCB->tcb_sendwin = RcvInfo.tri_window;
|
|
RcvTCB->tcb_maxwin = MAX(RcvTCB->tcb_maxwin,
|
|
RcvInfo.tri_window);
|
|
RcvTCB->tcb_sendwl1 = RcvInfo.tri_seq;
|
|
RcvTCB->tcb_sendwl2 = RcvInfo.tri_ack;
|
|
//
|
|
// Since we've updated the window, remember to send
|
|
// some more.
|
|
//
|
|
Actions = (RcvTCB->tcb_unacked ? NEED_OUTPUT : 0);
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Check to see if this packet contains any useable data.
|
|
//
|
|
NewSize = MIN((int) Size, RcvTCB->tcb_rcvwin);
|
|
if (NewSize != 0) {
|
|
RcvTCB->tcb_fastchk |= TCP_FLAG_IN_RCV;
|
|
BytesTaken = (*RcvTCB->tcb_rcvhndlr)(RcvTCB, RcvInfo.tri_flags,
|
|
Packet, NewSize);
|
|
RcvTCB->tcb_rcvnext += BytesTaken;
|
|
RcvTCB->tcb_rcvwin -= BytesTaken;
|
|
CheckTCBRcv(RcvTCB);
|
|
|
|
RcvTCB->tcb_fastchk &= ~TCP_FLAG_IN_RCV;
|
|
|
|
//
|
|
// If our peer is sending into an expanded window, then our
|
|
// peer must have received our ACK advertising said window.
|
|
// Take this as proof of forward reachability.
|
|
//
|
|
if (SEQ_GTE(RcvInfo.tri_seq + (int)NewSize,
|
|
RcvTCB->tcb_rcvwinwatch)) {
|
|
RcvTCB->tcb_rcvwinwatch = RcvTCB->tcb_rcvnext +
|
|
RcvTCB->tcb_rcvwin;
|
|
if (RcvTCB->tcb_rce != NULL)
|
|
ConfirmForwardReachability(RcvTCB->tcb_rce);
|
|
}
|
|
|
|
Actions |= (RcvTCB->tcb_flags & SEND_AFTER_RCV ? NEED_OUTPUT : 0);
|
|
|
|
RcvTCB->tcb_flags &= ~SEND_AFTER_RCV;
|
|
if ((RcvTCB->tcb_flags & ACK_DELAYED) ||
|
|
(BytesTaken != NewSize)) {
|
|
Actions |= NEED_ACK;
|
|
} else {
|
|
RcvTCB->tcb_flags |= ACK_DELAYED;
|
|
START_TCB_TIMER(RcvTCB->tcb_delacktimer, DEL_ACK_TICKS);
|
|
}
|
|
} else {
|
|
//
|
|
// The new size is 0. If the original size was not 0, we must
|
|
// have a 0 receive win and hence need to send an ACK to this
|
|
// probe.
|
|
//
|
|
Actions |= (Size ? NEED_ACK : 0);
|
|
}
|
|
|
|
if (Actions)
|
|
DelayAction(RcvTCB, Actions);
|
|
|
|
DerefTCB(RcvTCB, DISPATCH_LEVEL);
|
|
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
//
|
|
// This is the non-fast path.
|
|
//
|
|
|
|
//
|
|
// If we found a matching TCB in TIME_WAIT, and the received segment
|
|
// carries a SYN (and only a SYN), and the received segment has a sequence
|
|
// greater than the last received, kill the TIME_WAIT TCB and use its
|
|
// next sequence number to generate the initial sequence number of a
|
|
// new incarnation.
|
|
//
|
|
if ((RcvTCB->tcb_state == TCB_TIME_WAIT) &&
|
|
((RcvInfo.tri_flags & (TCP_FLAG_SYN | TCP_FLAG_ACK | TCP_FLAG_RST))
|
|
== TCP_FLAG_SYN) &&
|
|
SEQ_GT(RcvInfo.tri_seq, RcvTCB->tcb_rcvnext)) {
|
|
|
|
Isn = RcvTCB->tcb_sendnext + 128000;
|
|
UseIsn = TRUE;
|
|
STOP_TCB_TIMER(RcvTCB->tcb_rexmittimer);
|
|
TryToCloseTCB(RcvTCB, TCB_CLOSE_SUCCESS, DISPATCH_LEVEL);
|
|
RcvTCB = NULL;
|
|
goto ValidNewConnectionRequest;
|
|
}
|
|
|
|
//
|
|
// Make sure we can handle this frame. We can't handle it if we're
|
|
// in SYN_RCVD and the accept is still pending, or we're in a
|
|
// non-established state and already in the receive handler.
|
|
//
|
|
if ((RcvTCB->tcb_state == TCB_SYN_RCVD &&
|
|
!(RcvTCB->tcb_flags & CONN_ACCEPTED)) ||
|
|
(RcvTCB->tcb_state != TCB_ESTAB && (RcvTCB->tcb_fastchk &
|
|
TCP_FLAG_IN_RCV))) {
|
|
KeReleaseSpinLockFromDpcLevel(&RcvTCB->tcb_lock);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
//
|
|
// If it's closed, it's a temporary zombie TCB. Reset the sender.
|
|
//
|
|
if (RcvTCB->tcb_state == TCB_CLOSED || CLOSING(RcvTCB) ||
|
|
((RcvTCB->tcb_flags & (GC_PENDING | TW_PENDING)) == GC_PENDING)) {
|
|
KeReleaseSpinLockFromDpcLevel(&RcvTCB->tcb_lock);
|
|
SendRSTFromHeader(TCP, Packet->TotalSize, Packet->SrcAddr, SrcScopeId,
|
|
AlignAddr(&Packet->IP->Dest), DestScopeId);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
//
|
|
// At this point, we have a connection, and it's locked. Following
|
|
// the 'Segment Arrives' section of 793, the next thing to check is
|
|
// if this connection is in SynSent state.
|
|
//
|
|
if (RcvTCB->tcb_state == TCB_SYN_SENT) {
|
|
|
|
ASSERT(RcvTCB->tcb_flags & ACTIVE_OPEN);
|
|
|
|
//
|
|
// Check the ACK bit. Since we don't send data with our SYNs, the
|
|
// check we make is for the ack to exactly match our SND.NXT.
|
|
//
|
|
if (RcvInfo.tri_flags & TCP_FLAG_ACK) {
|
|
// ACK is set.
|
|
if (!SEQ_EQ(RcvInfo.tri_ack, RcvTCB->tcb_sendnext)) {
|
|
// Bad ACK value.
|
|
KeReleaseSpinLockFromDpcLevel(&RcvTCB->tcb_lock);
|
|
// Send a RST back at him.
|
|
SendRSTFromHeader(TCP, Packet->TotalSize,
|
|
Packet->SrcAddr, SrcScopeId,
|
|
AlignAddr(&Packet->IP->Dest), DestScopeId);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
}
|
|
|
|
if (RcvInfo.tri_flags & TCP_FLAG_RST) {
|
|
//
|
|
// There's an acceptable RST. We'll persist here, sending
|
|
// another SYN in PERSIST_TIMEOUT ms, until we fail from too
|
|
// many retries.
|
|
//
|
|
if (RcvTCB->tcb_rexmitcnt == MaxConnectRexmitCount) {
|
|
//
|
|
// We've had a positive refusal, and one more rexmit
|
|
// would time us out, so close the connection now.
|
|
//
|
|
CompleteConnReq(RcvTCB, TDI_CONN_REFUSED);
|
|
|
|
TryToCloseTCB(RcvTCB, TCB_CLOSE_REFUSED, DISPATCH_LEVEL);
|
|
} else {
|
|
START_TCB_TIMER(RcvTCB->tcb_rexmittimer, PERSIST_TIMEOUT);
|
|
KeReleaseSpinLockFromDpcLevel(&RcvTCB->tcb_lock);
|
|
}
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
//
|
|
// See if we have a SYN. If we do, we're going to change state
|
|
// somehow (either to ESTABLISHED or SYN_RCVD).
|
|
//
|
|
if (RcvInfo.tri_flags & TCP_FLAG_SYN) {
|
|
RcvTCB->tcb_refcnt++;
|
|
//
|
|
// We have a SYN. Go ahead and record the sequence number and
|
|
// window info.
|
|
//
|
|
RcvTCB->tcb_rcvnext = ++RcvInfo.tri_seq;
|
|
RcvTCB->tcb_rcvwinwatch = RcvTCB->tcb_rcvnext;
|
|
|
|
if (RcvInfo.tri_flags & TCP_FLAG_URG) {
|
|
// Urgent data. Update the pointer.
|
|
if (RcvInfo.tri_urgent != 0)
|
|
RcvInfo.tri_urgent--;
|
|
else
|
|
RcvInfo.tri_flags &= ~TCP_FLAG_URG;
|
|
}
|
|
|
|
RcvTCB->tcb_remmss = FindMSS(TCP);
|
|
RcvTCB->tcb_mss = MIN(RcvTCB->tcb_mss, RcvTCB->tcb_remmss);
|
|
ASSERT(RcvTCB->tcb_mss > 0);
|
|
|
|
RcvTCB->tcb_rexmitcnt = 0;
|
|
STOP_TCB_TIMER(RcvTCB->tcb_rexmittimer);
|
|
|
|
AdjustRcvWin(RcvTCB);
|
|
|
|
if (RcvInfo.tri_flags & TCP_FLAG_ACK) {
|
|
//
|
|
// Our SYN has been acked. Update SND.UNA and stop the
|
|
// retrans timer.
|
|
//
|
|
RcvTCB->tcb_senduna = RcvInfo.tri_ack;
|
|
RcvTCB->tcb_sendwin = RcvInfo.tri_window;
|
|
RcvTCB->tcb_maxwin = RcvInfo.tri_window;
|
|
RcvTCB->tcb_sendwl1 = RcvInfo.tri_seq;
|
|
RcvTCB->tcb_sendwl2 = RcvInfo.tri_ack;
|
|
GoToEstab(RcvTCB);
|
|
|
|
//
|
|
// We know our peer received our SYN.
|
|
//
|
|
if (RcvTCB->tcb_rce != NULL)
|
|
ConfirmForwardReachability(RcvTCB->tcb_rce);
|
|
|
|
//
|
|
// Remove whatever command exists on this connection.
|
|
//
|
|
CompleteConnReq(RcvTCB, TDI_SUCCESS);
|
|
|
|
//
|
|
// If data has been queued already, send the first data segment
|
|
// with the ACK. Otherwise, send a pure ACK.
|
|
//
|
|
if (RcvTCB->tcb_unacked) {
|
|
RcvTCB->tcb_refcnt++;
|
|
TCPSend(RcvTCB, DISPATCH_LEVEL);
|
|
} else {
|
|
KeReleaseSpinLockFromDpcLevel(&RcvTCB->tcb_lock);
|
|
SendACK(RcvTCB);
|
|
}
|
|
|
|
//
|
|
// Now handle other data and controls. To do this we need
|
|
// to reaquire the lock, and make sure we haven't started
|
|
// closing it.
|
|
//
|
|
KeAcquireSpinLockAtDpcLevel(&RcvTCB->tcb_lock);
|
|
if (!CLOSING(RcvTCB)) {
|
|
//
|
|
// We haven't started closing it. Turn off the
|
|
// SYN flag and continue processing.
|
|
//
|
|
RcvInfo.tri_flags &= ~TCP_FLAG_SYN;
|
|
if ((RcvInfo.tri_flags & TCP_FLAGS_ALL) !=
|
|
TCP_FLAG_ACK || Size != 0)
|
|
goto NotSYNSent;
|
|
}
|
|
DerefTCB(RcvTCB, DISPATCH_LEVEL);
|
|
return IP_PROTOCOL_NONE;
|
|
} else {
|
|
//
|
|
// A SYN, but not an ACK. Go to SYN_RCVD.
|
|
//
|
|
RcvTCB->tcb_state = TCB_SYN_RCVD;
|
|
RcvTCB->tcb_sendnext = RcvTCB->tcb_senduna;
|
|
SendSYN(RcvTCB, DISPATCH_LEVEL);
|
|
|
|
KeAcquireSpinLockAtDpcLevel(&RcvTCB->tcb_lock);
|
|
DerefTCB(RcvTCB, DISPATCH_LEVEL);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// No SYN, just toss the frame.
|
|
//
|
|
KeReleaseSpinLockFromDpcLevel(&RcvTCB->tcb_lock);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
}
|
|
|
|
RcvTCB->tcb_refcnt++;
|
|
|
|
NotSYNSent:
|
|
//
|
|
// Not in the SYN-SENT state. Check the sequence number. If my window
|
|
// is 0, I'll truncate all incoming frames but look at some of the
|
|
// control fields. Otherwise I'll try and make this segment fit into
|
|
// the window.
|
|
//
|
|
if (RcvTCB->tcb_rcvwin != 0) {
|
|
int StateSize; // Size, including state info.
|
|
SeqNum LastValidSeq; // Sequence number of last valid byte at RWE.
|
|
|
|
//
|
|
// We are offering a window. If this segment starts in front of my
|
|
// receive window, clip off the front part.
|
|
//
|
|
if (SEQ_LT(RcvInfo.tri_seq, RcvTCB->tcb_rcvnext)) {
|
|
int AmountToClip, FinByte;
|
|
|
|
if (RcvInfo.tri_flags & TCP_FLAG_SYN) {
|
|
//
|
|
// Had a SYN. Clip it off and update the sequence number.
|
|
//
|
|
RcvInfo.tri_flags &= ~TCP_FLAG_SYN;
|
|
RcvInfo.tri_seq++;
|
|
RcvInfo.tri_urgent--;
|
|
}
|
|
|
|
//
|
|
// Advance the receive buffer to point at the new data.
|
|
//
|
|
AmountToClip = RcvTCB->tcb_rcvnext - RcvInfo.tri_seq;
|
|
ASSERT(AmountToClip >= 0);
|
|
|
|
//
|
|
// If there's a FIN on this segment, account for it.
|
|
//
|
|
FinByte = ((RcvInfo.tri_flags & TCP_FLAG_FIN) ? 1: 0);
|
|
|
|
if (AmountToClip >= (((int) Size) + FinByte)) {
|
|
//
|
|
// Falls entirely before the window. We have more special
|
|
// case code here - if the ack number acks something,
|
|
// we'll go ahead and take it, faking the sequence number
|
|
// to be rcvnext. This prevents problems on full duplex
|
|
// connections, where data has been received but not acked,
|
|
// and retransmission timers reset the seq number to
|
|
// below our rcvnext.
|
|
//
|
|
if ((RcvInfo.tri_flags & TCP_FLAG_ACK) &&
|
|
SEQ_LT(RcvTCB->tcb_senduna, RcvInfo.tri_ack) &&
|
|
SEQ_LTE(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) {
|
|
//
|
|
// This contains valid ACK info. Fudge the information
|
|
// to get through the rest of this.
|
|
//
|
|
Size = 0;
|
|
AmountToClip = 0;
|
|
RcvInfo.tri_seq = RcvTCB->tcb_rcvnext;
|
|
RcvInfo.tri_flags &= ~(TCP_FLAG_SYN | TCP_FLAG_FIN |
|
|
TCP_FLAG_RST | TCP_FLAG_URG);
|
|
#if DBG
|
|
FinByte = 1; // Fake out assert below.
|
|
#endif
|
|
} else {
|
|
ACKAndDrop(&RcvInfo, RcvTCB);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Trim what we have to. If we can't trim enough, the frame
|
|
// is too short. This shouldn't happen, but it it does we'll
|
|
// drop the frame.
|
|
//
|
|
Size -= AmountToClip;
|
|
RcvInfo.tri_seq += AmountToClip;
|
|
RcvInfo.tri_urgent -= AmountToClip;
|
|
Packet = TrimPacket(Packet, AmountToClip);
|
|
|
|
if (*(int *)&RcvInfo.tri_urgent < 0) {
|
|
RcvInfo.tri_urgent = 0;
|
|
RcvInfo.tri_flags &= ~TCP_FLAG_URG;
|
|
}
|
|
}
|
|
|
|
//
|
|
// We've made sure the front is OK. Now make sure part of it
|
|
// doesn't fall after the window. If it does, we'll truncate the
|
|
// frame (removing the FIN, if any). If we truncate the whole
|
|
// frame we'll ACKAndDrop it.
|
|
//
|
|
StateSize = Size + ((RcvInfo.tri_flags & TCP_FLAG_SYN) ? 1: 0) +
|
|
((RcvInfo.tri_flags & TCP_FLAG_FIN) ? 1: 0);
|
|
|
|
if (StateSize)
|
|
StateSize--;
|
|
|
|
//
|
|
// Now the incoming sequence number (RcvInfo.tri_seq) + StateSize
|
|
// it the last sequence number in the segment. If this is greater
|
|
// than the last valid byte in the window, we have some overlap
|
|
// to chop off.
|
|
//
|
|
ASSERT(StateSize >= 0);
|
|
LastValidSeq = RcvTCB->tcb_rcvnext + RcvTCB->tcb_rcvwin - 1;
|
|
if (SEQ_GT(RcvInfo.tri_seq + StateSize, LastValidSeq)) {
|
|
int AmountToChop;
|
|
|
|
//
|
|
// At least some part of the frame is outside of our window.
|
|
// See if it starts outside our window.
|
|
//
|
|
if (SEQ_GT(RcvInfo.tri_seq, LastValidSeq)) {
|
|
//
|
|
// Falls entirely outside the window. We have special
|
|
// case code to deal with a pure ack that falls exactly at
|
|
// our right window edge. Otherwise we ack and drop it.
|
|
//
|
|
if (!SEQ_EQ(RcvInfo.tri_seq, LastValidSeq+1) || Size != 0
|
|
|| (RcvInfo.tri_flags & (TCP_FLAG_SYN | TCP_FLAG_FIN))) {
|
|
ACKAndDrop(&RcvInfo, RcvTCB);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
} else {
|
|
//
|
|
// At least some part of it is in the window. If there's a
|
|
// FIN, chop that off and see if that moves us inside.
|
|
//
|
|
if (RcvInfo.tri_flags & TCP_FLAG_FIN) {
|
|
RcvInfo.tri_flags &= ~TCP_FLAG_FIN;
|
|
StateSize--;
|
|
}
|
|
|
|
//
|
|
// Now figure out how much to chop off.
|
|
//
|
|
AmountToChop = (RcvInfo.tri_seq + StateSize) - LastValidSeq;
|
|
ASSERT(AmountToChop >= 0);
|
|
Size -= AmountToChop;
|
|
}
|
|
}
|
|
} else {
|
|
if (!SEQ_EQ(RcvTCB->tcb_rcvnext, RcvInfo.tri_seq)) {
|
|
//
|
|
// If there's a RST on this segment, and he's only off by 1,
|
|
// take it anyway. This can happen if the remote peer is
|
|
// probing and sends with the seq number after the probe.
|
|
//
|
|
if (!(RcvInfo.tri_flags & TCP_FLAG_RST) ||
|
|
!(SEQ_EQ(RcvTCB->tcb_rcvnext, (RcvInfo.tri_seq - 1)))) {
|
|
ACKAndDrop(&RcvInfo, RcvTCB);
|
|
return IP_PROTOCOL_NONE;
|
|
} else
|
|
RcvInfo.tri_seq = RcvTCB->tcb_rcvnext;
|
|
}
|
|
|
|
//
|
|
// He's in sequence, but we have a window of 0. Truncate the
|
|
// size, and clear any sequence consuming bits.
|
|
//
|
|
if (Size != 0 || (RcvInfo.tri_flags &
|
|
(TCP_FLAG_SYN | TCP_FLAG_FIN))) {
|
|
RcvInfo.tri_flags &= ~(TCP_FLAG_SYN | TCP_FLAG_FIN);
|
|
Size = 0;
|
|
if (!(RcvInfo.tri_flags & TCP_FLAG_RST))
|
|
DelayAction(RcvTCB, NEED_ACK);
|
|
}
|
|
}
|
|
|
|
//
|
|
// At this point, the segment is in our window and does not overlap
|
|
// on either end. If it's the next sequence number we expect, we can
|
|
// handle the data now. Otherwise we'll queue it for later. In either
|
|
// case we'll handle RST and ACK information right now.
|
|
//
|
|
ASSERT((*(int *)&Size) >= 0);
|
|
|
|
//
|
|
// Now, following 793, we check the RST bit.
|
|
//
|
|
if (RcvInfo.tri_flags & TCP_FLAG_RST) {
|
|
uchar Reason;
|
|
//
|
|
// We can't go back into the LISTEN state from SYN-RCVD here,
|
|
// because we may have notified the client via a listen completing
|
|
// or a connect indication. So, if came from an active open we'll
|
|
// give back a 'connection refused' notice. For all other cases
|
|
// we'll just destroy the connection.
|
|
//
|
|
if (RcvTCB->tcb_state == TCB_SYN_RCVD) {
|
|
if (RcvTCB->tcb_flags & ACTIVE_OPEN)
|
|
Reason = TCB_CLOSE_REFUSED;
|
|
else
|
|
Reason = TCB_CLOSE_RST;
|
|
} else
|
|
Reason = TCB_CLOSE_RST;
|
|
|
|
TryToCloseTCB(RcvTCB, Reason, DISPATCH_LEVEL);
|
|
KeAcquireSpinLockAtDpcLevel(&RcvTCB->tcb_lock);
|
|
|
|
if (RcvTCB->tcb_state != TCB_TIME_WAIT) {
|
|
KeReleaseSpinLockFromDpcLevel(&RcvTCB->tcb_lock);
|
|
RemoveTCBFromConn(RcvTCB);
|
|
NotifyOfDisc(RcvTCB, TDI_CONNECTION_RESET);
|
|
KeAcquireSpinLockAtDpcLevel(&RcvTCB->tcb_lock);
|
|
}
|
|
|
|
DerefTCB(RcvTCB, DISPATCH_LEVEL);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
//
|
|
// Next check the SYN bit.
|
|
//
|
|
if (RcvInfo.tri_flags & TCP_FLAG_SYN) {
|
|
//
|
|
// Again, we can't quietly go back into the LISTEN state here, even
|
|
// if we came from a passive open.
|
|
//
|
|
TryToCloseTCB(RcvTCB, TCB_CLOSE_ABORTED, DISPATCH_LEVEL);
|
|
SendRSTFromHeader(TCP, Size, Packet->SrcAddr, SrcScopeId,
|
|
AlignAddr(&Packet->IP->Dest), DestScopeId);
|
|
|
|
KeAcquireSpinLockAtDpcLevel(&RcvTCB->tcb_lock);
|
|
|
|
if (RcvTCB->tcb_state != TCB_TIME_WAIT) {
|
|
KeReleaseSpinLockFromDpcLevel(&RcvTCB->tcb_lock);
|
|
RemoveTCBFromConn(RcvTCB);
|
|
NotifyOfDisc(RcvTCB, TDI_CONNECTION_RESET);
|
|
KeAcquireSpinLockAtDpcLevel(&RcvTCB->tcb_lock);
|
|
}
|
|
|
|
DerefTCB(RcvTCB, DISPATCH_LEVEL);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
//
|
|
// Check the ACK field. If it's not on drop the segment.
|
|
//
|
|
if (RcvInfo.tri_flags & TCP_FLAG_ACK) {
|
|
uint UpdateWindow;
|
|
|
|
//
|
|
// If we're in SYN-RCVD, go to ESTABLISHED.
|
|
//
|
|
if (RcvTCB->tcb_state == TCB_SYN_RCVD) {
|
|
if (SEQ_LT(RcvTCB->tcb_senduna, RcvInfo.tri_ack) &&
|
|
SEQ_LTE(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) {
|
|
//
|
|
// The ack is valid.
|
|
//
|
|
|
|
if (SynAttackProtect) {
|
|
|
|
//
|
|
// If we have not yet indicated this
|
|
// Connection to upper layer, do it now.
|
|
//
|
|
|
|
if (RcvTCB->tcb_flags & ACCEPT_PENDING) {
|
|
AddrObj *AO;
|
|
BOOLEAN Status=FALSE;
|
|
|
|
//
|
|
// We already have a refcnt on this TCB.
|
|
//
|
|
KeReleaseSpinLockFromDpcLevel(&RcvTCB->tcb_lock);
|
|
|
|
//
|
|
// Check if we still have the listening endpoint.
|
|
//
|
|
KeAcquireSpinLockAtDpcLevel(&AddrObjTableLock);
|
|
AO = GetBestAddrObj(AlignAddr(&Packet->IP->Dest),
|
|
DestScopeId, TCP->tcp_dest,
|
|
IP_PROTOCOL_TCP, NTE->IF);
|
|
|
|
if (AO != NULL) {
|
|
Status = DelayedAcceptConn(AO,Packet->SrcAddr,
|
|
SrcScopeId, TCP->tcp_src,RcvTCB);
|
|
} else {
|
|
KeReleaseSpinLockFromDpcLevel(&AddrObjTableLock);
|
|
}
|
|
|
|
KeAcquireSpinLockAtDpcLevel(&RcvTCB->tcb_lock);
|
|
|
|
if (!Status) {
|
|
//
|
|
// Delayed Accepance failed. Send RST.
|
|
//
|
|
RcvTCB->tcb_refcnt--;
|
|
TryToCloseTCB(RcvTCB, TCB_CLOSE_REFUSED, DISPATCH_LEVEL);
|
|
SendRSTFromHeader(TCP, Packet->TotalSize,
|
|
Packet->SrcAddr, SrcScopeId,
|
|
AlignAddr(&Packet->IP->Dest), DestScopeId);
|
|
return IP_SUCCESS;
|
|
} else {
|
|
RcvTCB->tcb_flags &= ~ACCEPT_PENDING;
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
RcvTCB->tcb_rexmitcnt = 0;
|
|
STOP_TCB_TIMER(RcvTCB->tcb_rexmittimer);
|
|
RcvTCB->tcb_senduna++;
|
|
RcvTCB->tcb_sendwin = RcvInfo.tri_window;
|
|
RcvTCB->tcb_maxwin = RcvInfo.tri_window;
|
|
RcvTCB->tcb_sendwl1 = RcvInfo.tri_seq;
|
|
RcvTCB->tcb_sendwl2 = RcvInfo.tri_ack;
|
|
GoToEstab(RcvTCB);
|
|
|
|
//
|
|
// We know our peer received our SYN.
|
|
//
|
|
if (RcvTCB->tcb_rce != NULL)
|
|
ConfirmForwardReachability(RcvTCB->tcb_rce);
|
|
|
|
//
|
|
// Now complete whatever we can here.
|
|
//
|
|
CompleteConnReq(RcvTCB, TDI_SUCCESS);
|
|
} else {
|
|
DerefTCB(RcvTCB, DISPATCH_LEVEL);
|
|
SendRSTFromHeader(TCP, Size, Packet->SrcAddr, SrcScopeId,
|
|
AlignAddr(&Packet->IP->Dest), DestScopeId);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
} else {
|
|
//
|
|
// We're not in SYN-RCVD. See if this acknowledges anything.
|
|
//
|
|
if (SEQ_LT(RcvTCB->tcb_senduna, RcvInfo.tri_ack) &&
|
|
SEQ_LTE(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) {
|
|
uint CWin;
|
|
|
|
//
|
|
// The ack acknowledes something. Pull the
|
|
// appropriate amount off the send q.
|
|
//
|
|
ACKData(RcvTCB, RcvInfo.tri_ack);
|
|
|
|
//
|
|
// If this acknowledges something we were running a RTT on,
|
|
// update that stuff now.
|
|
//
|
|
if (RcvTCB->tcb_rtt != 0 && SEQ_GT(RcvInfo.tri_ack,
|
|
RcvTCB->tcb_rttseq)) {
|
|
short RTT;
|
|
|
|
RTT = (short)(TCPTime - RcvTCB->tcb_rtt);
|
|
RcvTCB->tcb_rtt = 0;
|
|
RTT -= (RcvTCB->tcb_smrtt >> 3);
|
|
RcvTCB->tcb_smrtt += RTT;
|
|
RTT = (RTT >= 0 ? RTT : -RTT);
|
|
RTT -= (RcvTCB->tcb_delta >> 3);
|
|
RcvTCB->tcb_delta += RTT + RTT;
|
|
RcvTCB->tcb_rexmit = MIN(MAX(REXMIT_TO(RcvTCB),
|
|
MIN_RETRAN_TICKS),
|
|
MAX_REXMIT_TO);
|
|
}
|
|
|
|
//
|
|
// If we're probing for a PMTU black hole then we've found
|
|
// one, so turn off the detection. The size is already
|
|
// down, so leave it there.
|
|
//
|
|
if (RcvTCB->tcb_flags & PMTU_BH_PROBE) {
|
|
RcvTCB->tcb_flags &= ~PMTU_BH_PROBE;
|
|
RcvTCB->tcb_bhprobecnt = 0;
|
|
if (--(RcvTCB->tcb_slowcount) == 0) {
|
|
RcvTCB->tcb_fastchk &= ~TCP_FLAG_SLOW;
|
|
CheckTCBRcv(RcvTCB);
|
|
}
|
|
}
|
|
|
|
if ((RcvTCB->tcb_dupacks >= MaxDupAcks) &&
|
|
((int)RcvTCB->tcb_ssthresh > 0)) {
|
|
//
|
|
// We were in fast retransmit mode, so this ACK is for
|
|
// our fast retransmitted frame. Set cwin to ssthresh
|
|
// so that cwin grows linearly from here.
|
|
//
|
|
RcvTCB->tcb_cwin = RcvTCB->tcb_ssthresh;
|
|
|
|
} else {
|
|
//
|
|
// Update the congestion window now.
|
|
//
|
|
CWin = RcvTCB->tcb_cwin;
|
|
if (CWin < RcvTCB->tcb_maxwin) {
|
|
if (CWin < RcvTCB->tcb_ssthresh)
|
|
CWin += RcvTCB->tcb_mss;
|
|
else
|
|
CWin += (RcvTCB->tcb_mss * RcvTCB->tcb_mss)/CWin;
|
|
|
|
RcvTCB->tcb_cwin = MIN(CWin, RcvTCB->tcb_maxwin);
|
|
}
|
|
}
|
|
ASSERT(*(int *)&RcvTCB->tcb_cwin > 0);
|
|
|
|
//
|
|
// Since this isn't a duplicate ACK, reset the counter.
|
|
//
|
|
RcvTCB->tcb_dupacks = 0;
|
|
|
|
//
|
|
// We've acknowledged something, so reset the rexmit count.
|
|
// If there's still stuff outstanding, restart the rexmit
|
|
// timer.
|
|
//
|
|
RcvTCB->tcb_rexmitcnt = 0;
|
|
if (!SEQ_EQ(RcvInfo.tri_ack, RcvTCB->tcb_sendmax))
|
|
START_TCB_TIMER(RcvTCB->tcb_rexmittimer,
|
|
RcvTCB->tcb_rexmit);
|
|
else
|
|
STOP_TCB_TIMER(RcvTCB->tcb_rexmittimer);
|
|
|
|
//
|
|
// If we've sent a FIN, and this acknowledges it, we
|
|
// need to complete the client's close request and
|
|
// possibly transition our state.
|
|
//
|
|
if (RcvTCB->tcb_flags & FIN_SENT) {
|
|
//
|
|
// We have sent a FIN. See if it's been acknowledged.
|
|
// Once we've sent a FIN, tcb_sendmax can't advance,
|
|
// so our FIN must have sequence num tcb_sendmax - 1.
|
|
// Thus our FIN is acknowledged if the incoming ack is
|
|
// equal to tcb_sendmax.
|
|
//
|
|
if (SEQ_EQ(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) {
|
|
//
|
|
// He's acked our FIN. Turn off the flags,
|
|
// and complete the request. We'll leave the
|
|
// FIN_OUTSTANDING flag alone, to force early
|
|
// outs in the send code.
|
|
//
|
|
RcvTCB->tcb_flags &= ~(FIN_NEEDED | FIN_SENT);
|
|
|
|
ASSERT(RcvTCB->tcb_unacked == 0);
|
|
ASSERT(RcvTCB->tcb_sendnext == RcvTCB->tcb_sendmax);
|
|
|
|
//
|
|
// Now figure out what we need to do. In FIN_WAIT1
|
|
// or FIN_WAIT, just complete the disconnect
|
|
// request and continue. Otherwise, it's a bit
|
|
// trickier, since we can't complete the connreq
|
|
// until we remove the TCB from it's connection.
|
|
//
|
|
switch (RcvTCB->tcb_state) {
|
|
|
|
case TCB_FIN_WAIT1:
|
|
RcvTCB->tcb_state = TCB_FIN_WAIT2;
|
|
CompleteConnReq(RcvTCB, TDI_SUCCESS);
|
|
|
|
//
|
|
// Start a timer in case we never get
|
|
// out of FIN_WAIT2. Set the retransmit
|
|
// count high to force a timeout the
|
|
// first time the timer fires.
|
|
//
|
|
RcvTCB->tcb_rexmitcnt = (uchar)MaxDataRexmitCount;
|
|
START_TCB_TIMER(RcvTCB->tcb_rexmittimer,
|
|
(ushort)FinWait2TO);
|
|
|
|
// Fall through to FIN-WAIT-2 processing.
|
|
case TCB_FIN_WAIT2:
|
|
break;
|
|
case TCB_CLOSING:
|
|
GracefulClose(RcvTCB, TRUE, FALSE, DISPATCH_LEVEL);
|
|
return IP_PROTOCOL_NONE;
|
|
break;
|
|
case TCB_LAST_ACK:
|
|
GracefulClose(RcvTCB, FALSE, FALSE,
|
|
DISPATCH_LEVEL);
|
|
return IP_PROTOCOL_NONE;
|
|
break;
|
|
default:
|
|
KdBreakPoint();
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
UpdateWindow = TRUE;
|
|
} else {
|
|
//
|
|
// It doesn't ack anything. If we're in FIN_WAIT2,
|
|
// we'll restart the timer. We don't make this check
|
|
// above because we know no data can be acked when we're
|
|
// in FIN_WAIT2.
|
|
//
|
|
if (RcvTCB->tcb_state == TCB_FIN_WAIT2)
|
|
START_TCB_TIMER(RcvTCB->tcb_rexmittimer, (ushort)FinWait2TO);
|
|
|
|
//
|
|
// If it's an ack for something larger than
|
|
// we've sent then ACKAndDrop it.
|
|
//
|
|
if (SEQ_GT(RcvInfo.tri_ack, RcvTCB->tcb_sendmax)) {
|
|
ACKAndDrop(&RcvInfo, RcvTCB);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
//
|
|
// If it is a pure duplicate ack, check if we should
|
|
// do a fast retransmit.
|
|
//
|
|
if ((Size == 0) &&
|
|
SEQ_EQ(RcvTCB->tcb_senduna, RcvInfo.tri_ack) &&
|
|
SEQ_LT(RcvTCB->tcb_senduna, RcvTCB->tcb_sendmax) &&
|
|
(RcvTCB->tcb_sendwin == RcvInfo.tri_window) &&
|
|
RcvInfo.tri_window) {
|
|
|
|
//
|
|
// See if fast rexmit can be done.
|
|
//
|
|
if (HandleFastXmit(RcvTCB, &RcvInfo)) {
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// Not a pure duplicate ack (Size != 0 or peer is
|
|
// advertising a new window). Reset counter.
|
|
//
|
|
RcvTCB->tcb_dupacks = 0;
|
|
|
|
//
|
|
// See if we should update the window.
|
|
//
|
|
if (SEQ_EQ(RcvTCB->tcb_senduna, RcvInfo.tri_ack) &&
|
|
(SEQ_LT(RcvTCB->tcb_sendwl1, RcvInfo.tri_seq) ||
|
|
(SEQ_EQ(RcvTCB->tcb_sendwl1, RcvInfo.tri_seq) &&
|
|
SEQ_LTE(RcvTCB->tcb_sendwl2, RcvInfo.tri_ack)))){
|
|
UpdateWindow = TRUE;
|
|
} else
|
|
UpdateWindow = FALSE;
|
|
}
|
|
}
|
|
|
|
if (UpdateWindow) {
|
|
RcvTCB->tcb_sendwin = RcvInfo.tri_window;
|
|
RcvTCB->tcb_maxwin = MAX(RcvTCB->tcb_maxwin,
|
|
RcvInfo.tri_window);
|
|
RcvTCB->tcb_sendwl1 = RcvInfo.tri_seq;
|
|
RcvTCB->tcb_sendwl2 = RcvInfo.tri_ack;
|
|
if (RcvInfo.tri_window == 0) {
|
|
//
|
|
// We've got a zero window.
|
|
//
|
|
if (!EMPTYQ(&RcvTCB->tcb_sendq)) {
|
|
RcvTCB->tcb_flags &= ~NEED_OUTPUT;
|
|
RcvTCB->tcb_rexmitcnt = 0;
|
|
START_TCB_TIMER(RcvTCB->tcb_rexmittimer,
|
|
RcvTCB->tcb_rexmit);
|
|
if (!(RcvTCB->tcb_flags & FLOW_CNTLD)) {
|
|
RcvTCB->tcb_flags |= FLOW_CNTLD;
|
|
RcvTCB->tcb_slowcount++;
|
|
RcvTCB->tcb_fastchk |= TCP_FLAG_SLOW;
|
|
CheckTCBRcv(RcvTCB);
|
|
}
|
|
}
|
|
} else {
|
|
if (RcvTCB->tcb_flags & FLOW_CNTLD) {
|
|
RcvTCB->tcb_rexmitcnt = 0;
|
|
RcvTCB->tcb_flags &= ~(FLOW_CNTLD | FORCE_OUTPUT);
|
|
//
|
|
// Reset send next to the left edge of the window,
|
|
// because it might be at senduna+1 if we've been
|
|
// probing.
|
|
//
|
|
ResetSendNext(RcvTCB, RcvTCB->tcb_senduna);
|
|
if (--(RcvTCB->tcb_slowcount) == 0) {
|
|
RcvTCB->tcb_fastchk &= ~TCP_FLAG_SLOW;
|
|
CheckTCBRcv(RcvTCB);
|
|
}
|
|
}
|
|
|
|
//
|
|
// Since we've updated the window, see if we can send
|
|
// some more.
|
|
//
|
|
if (RcvTCB->tcb_unacked != 0 ||
|
|
(RcvTCB->tcb_flags & FIN_NEEDED))
|
|
DelayAction(RcvTCB, NEED_OUTPUT);
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// We've handled all the acknowledgment stuff. If the size
|
|
// is greater than 0 or important bits are set process it further,
|
|
// otherwise it's a pure ack and we're done with it.
|
|
//
|
|
if (Size > 0 || (RcvInfo.tri_flags & TCP_FLAG_FIN)) {
|
|
//
|
|
// If we're not in a state where we can process incoming data
|
|
// or FINs, there's no point in going further. Just send an
|
|
// ack and drop this segment.
|
|
//
|
|
if (!DATA_RCV_STATE(RcvTCB->tcb_state) ||
|
|
(RcvTCB->tcb_flags & GC_PENDING)) {
|
|
ACKAndDrop(&RcvInfo, RcvTCB);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
//
|
|
// If our peer is sending into an expanded window, then our
|
|
// peer must have received our ACK advertising said window.
|
|
// Take this as proof of forward reachability.
|
|
// Note: we have no guarantee this is timely.
|
|
//
|
|
if (SEQ_GTE(RcvInfo.tri_seq + (int)Size,
|
|
RcvTCB->tcb_rcvwinwatch)) {
|
|
RcvTCB->tcb_rcvwinwatch = RcvTCB->tcb_rcvnext +
|
|
RcvTCB->tcb_rcvwin;
|
|
if (RcvTCB->tcb_rce != NULL)
|
|
ConfirmForwardReachability(RcvTCB->tcb_rce);
|
|
}
|
|
|
|
//
|
|
// If it's in sequence process it now, otherwise reassemble it.
|
|
//
|
|
if (SEQ_EQ(RcvInfo.tri_seq, RcvTCB->tcb_rcvnext)) {
|
|
//
|
|
// If we're already in the receive handler, this is a
|
|
// duplicate. We'll just toss it.
|
|
//
|
|
if (RcvTCB->tcb_fastchk & TCP_FLAG_IN_RCV) {
|
|
DerefTCB(RcvTCB, DISPATCH_LEVEL);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
RcvTCB->tcb_fastchk |= TCP_FLAG_IN_RCV;
|
|
|
|
//
|
|
// Now loop, pulling things from the reassembly queue,
|
|
// until the queue is empty, or we can't take all of the
|
|
// data, or we hit a FIN.
|
|
//
|
|
do {
|
|
//
|
|
// Handle urgent data, if any.
|
|
//
|
|
if (RcvInfo.tri_flags & TCP_FLAG_URG) {
|
|
HandleUrgent(RcvTCB, &RcvInfo, Packet, &Size);
|
|
|
|
//
|
|
// Since we may have freed the lock, we need to
|
|
// recheck and see if we're closing here.
|
|
//
|
|
if (CLOSING(RcvTCB))
|
|
break;
|
|
}
|
|
|
|
//
|
|
// OK, the data is in sequence, we've updated the
|
|
// reassembly queue and handled any urgent data. If we
|
|
// have any data go ahead and process it now.
|
|
//
|
|
if (Size > 0) {
|
|
BytesTaken = (*RcvTCB->tcb_rcvhndlr)
|
|
(RcvTCB, RcvInfo.tri_flags, Packet, Size);
|
|
RcvTCB->tcb_rcvnext += BytesTaken;
|
|
RcvTCB->tcb_rcvwin -= BytesTaken;
|
|
|
|
CheckTCBRcv(RcvTCB);
|
|
if (RcvTCB->tcb_flags & ACK_DELAYED)
|
|
DelayAction(RcvTCB, NEED_ACK);
|
|
else {
|
|
RcvTCB->tcb_flags |= ACK_DELAYED;
|
|
START_TCB_TIMER(RcvTCB->tcb_delacktimer,
|
|
DEL_ACK_TICKS);
|
|
}
|
|
|
|
if (BytesTaken != Size) {
|
|
//
|
|
// We didn't take everything we could. No
|
|
// use in further processing, just bail
|
|
// out.
|
|
//
|
|
DelayAction(RcvTCB, NEED_ACK);
|
|
break;
|
|
}
|
|
|
|
//
|
|
// If we're closing now, we're done, so get out.
|
|
//
|
|
if (CLOSING(RcvTCB))
|
|
break;
|
|
}
|
|
|
|
//
|
|
// See if we need to advance over some urgent data.
|
|
//
|
|
if (RcvTCB->tcb_flags & URG_VALID) {
|
|
uint AdvanceNeeded;
|
|
|
|
//
|
|
// We only need to advance if we're not doing
|
|
// urgent inline. Urgent inline also has some
|
|
// implications for when we can clear the URG_VALID
|
|
// flag. If we're not doing urgent inline, we can
|
|
// clear it when rcvnext advances beyond urgent
|
|
// end. If we are doing urgent inline, we clear it
|
|
// when rcvnext advances one receive window beyond
|
|
// urgend.
|
|
//
|
|
if (!(RcvTCB->tcb_flags & URG_INLINE)) {
|
|
if (RcvTCB->tcb_rcvnext == RcvTCB->tcb_urgstart) {
|
|
RcvTCB->tcb_rcvnext = RcvTCB->tcb_urgend + 1;
|
|
} else {
|
|
ASSERT(SEQ_LT(RcvTCB->tcb_rcvnext,
|
|
RcvTCB->tcb_urgstart) ||
|
|
SEQ_GT(RcvTCB->tcb_rcvnext,
|
|
RcvTCB->tcb_urgend));
|
|
}
|
|
AdvanceNeeded = 0;
|
|
} else
|
|
AdvanceNeeded = RcvTCB->tcb_defaultwin;
|
|
|
|
//
|
|
// See if we can clear the URG_VALID flag.
|
|
//
|
|
if (SEQ_GT(RcvTCB->tcb_rcvnext - AdvanceNeeded,
|
|
RcvTCB->tcb_urgend)) {
|
|
RcvTCB->tcb_flags &= ~URG_VALID;
|
|
if (--(RcvTCB->tcb_slowcount) == 0) {
|
|
RcvTCB->tcb_fastchk &= ~TCP_FLAG_SLOW;
|
|
CheckTCBRcv(RcvTCB);
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// We've handled the data. If the FIN bit is set, we
|
|
// have more processing.
|
|
//
|
|
if (RcvInfo.tri_flags & TCP_FLAG_FIN) {
|
|
uint Notify = FALSE;
|
|
|
|
RcvTCB->tcb_rcvnext++;
|
|
DelayAction(RcvTCB, NEED_ACK);
|
|
|
|
PushData(RcvTCB);
|
|
|
|
switch (RcvTCB->tcb_state) {
|
|
|
|
case TCB_SYN_RCVD:
|
|
//
|
|
// I don't think we can get here - we
|
|
// should have discarded the frame if it
|
|
// had no ACK, or gone to established if
|
|
// it did.
|
|
//
|
|
KdBreakPoint();
|
|
case TCB_ESTAB:
|
|
RcvTCB->tcb_state = TCB_CLOSE_WAIT;
|
|
//
|
|
// We left established, we're off the
|
|
// fast path.
|
|
//
|
|
RcvTCB->tcb_slowcount++;
|
|
RcvTCB->tcb_fastchk |= TCP_FLAG_SLOW;
|
|
CheckTCBRcv(RcvTCB);
|
|
Notify = TRUE;
|
|
break;
|
|
case TCB_FIN_WAIT1:
|
|
RcvTCB->tcb_state = TCB_CLOSING;
|
|
Notify = TRUE;
|
|
break;
|
|
case TCB_FIN_WAIT2:
|
|
//
|
|
// Stop the FIN_WAIT2 timer.
|
|
//
|
|
STOP_TCB_TIMER(RcvTCB->tcb_rexmittimer);
|
|
RcvTCB->tcb_refcnt++;
|
|
GracefulClose(RcvTCB, TRUE, TRUE, DISPATCH_LEVEL);
|
|
KeAcquireSpinLockAtDpcLevel(&RcvTCB->tcb_lock);
|
|
break;
|
|
default:
|
|
KdBreakPoint();
|
|
break;
|
|
}
|
|
|
|
if (Notify) {
|
|
KeReleaseSpinLockFromDpcLevel(&RcvTCB->tcb_lock);
|
|
NotifyOfDisc(RcvTCB, TDI_GRACEFUL_DISC);
|
|
KeAcquireSpinLockAtDpcLevel(&RcvTCB->tcb_lock);
|
|
}
|
|
|
|
break; // Exit out of WHILE loop.
|
|
}
|
|
|
|
//
|
|
// If the reassembly queue isn't empty, get what we
|
|
// can now.
|
|
//
|
|
Packet = PullFromRAQ(RcvTCB, &RcvInfo, &Size);
|
|
CheckPacketList(Packet, Size);
|
|
|
|
} while (Packet != NULL);
|
|
|
|
RcvTCB->tcb_fastchk &= ~TCP_FLAG_IN_RCV;
|
|
if (RcvTCB->tcb_flags & SEND_AFTER_RCV) {
|
|
RcvTCB->tcb_flags &= ~SEND_AFTER_RCV;
|
|
DelayAction(RcvTCB, NEED_OUTPUT);
|
|
}
|
|
|
|
DerefTCB(RcvTCB, DISPATCH_LEVEL);
|
|
return IP_PROTOCOL_NONE;
|
|
|
|
} else {
|
|
|
|
//
|
|
// It's not in sequence. Since it needs further
|
|
// processing, put in on the reassembly queue.
|
|
//
|
|
if (DATA_RCV_STATE(RcvTCB->tcb_state) &&
|
|
!(RcvTCB->tcb_flags & GC_PENDING)) {
|
|
PutOnRAQ(RcvTCB, &RcvInfo, Packet, Size);
|
|
KeReleaseSpinLockFromDpcLevel(&RcvTCB->tcb_lock);
|
|
SendACK(RcvTCB);
|
|
KeAcquireSpinLockAtDpcLevel(&RcvTCB->tcb_lock);
|
|
DerefTCB(RcvTCB, DISPATCH_LEVEL);
|
|
} else
|
|
ACKAndDrop(&RcvInfo, RcvTCB);
|
|
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// No ACK. Just drop the segment and return.
|
|
//
|
|
DerefTCB(RcvTCB, DISPATCH_LEVEL);
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
DerefTCB(RcvTCB, DISPATCH_LEVEL);
|
|
|
|
return IP_PROTOCOL_NONE;
|
|
}
|
|
|
|
|
|
//* TCPControlReceive - handler for TCP control messages.
|
|
//
|
|
// This routine is called if we receive an ICMPv6 error message that
|
|
// was generated by some remote site as a result of receiving a TCP
|
|
// packet from us.
|
|
//
|
|
uchar
|
|
TCPControlReceive(
|
|
IPv6Packet *Packet, // Packet handed to us by ICMPv6ErrorReceive.
|
|
StatusArg *StatArg) // Error Code, Argument, and invoking IP header.
|
|
{
|
|
KIRQL Irql0, Irql1; // One per lock nesting level.
|
|
TCB *StatusTCB;
|
|
SeqNum DropSeq;
|
|
TCPHeader UNALIGNED *InvokingTCP;
|
|
Interface *IF = Packet->NTEorIF->IF;
|
|
uint SrcScopeId, DestScopeId;
|
|
|
|
//
|
|
// The next thing in the packet should be the TCP header of the
|
|
// original packet which invoked this error.
|
|
//
|
|
if (! PacketPullup(Packet, sizeof(TCPHeader), 1, 0)) {
|
|
// Pullup failed.
|
|
if (Packet->TotalSize < sizeof(TCPHeader))
|
|
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET,
|
|
"TCPv6: Packet too small to contain TCP header "
|
|
"from invoking packet\n"));
|
|
return IP_PROTOCOL_NONE; // Drop packet.
|
|
}
|
|
InvokingTCP = (TCPHeader UNALIGNED *)Packet->Data;
|
|
|
|
//
|
|
// Determining the scope identifiers for the addresses in the
|
|
// invoking packet is potentially problematic, since we have
|
|
// no way to be certain which interface we sent the packet on.
|
|
// Use the interface the icmp error arrived on to determine
|
|
// the scope ids for both the local and remote addresses.
|
|
//
|
|
SrcScopeId = DetermineScopeId(AlignAddr(&StatArg->IP->Source), IF);
|
|
DestScopeId = DetermineScopeId(AlignAddr(&StatArg->IP->Dest), IF);
|
|
|
|
//
|
|
// Find the TCB for the connection this packet was sent on.
|
|
//
|
|
KeAcquireSpinLock(&TCBTableLock, &Irql0);
|
|
StatusTCB = FindTCB(AlignAddr(&StatArg->IP->Source),
|
|
AlignAddr(&StatArg->IP->Dest),
|
|
SrcScopeId, DestScopeId,
|
|
InvokingTCP->tcp_src, InvokingTCP->tcp_dest);
|
|
if (StatusTCB != NULL) {
|
|
//
|
|
// Found one. Get the lock on it, and continue.
|
|
//
|
|
CHECK_STRUCT(StatusTCB, tcb);
|
|
|
|
KeAcquireSpinLock(&StatusTCB->tcb_lock, &Irql1);
|
|
KeReleaseSpinLock(&TCBTableLock, Irql1);
|
|
|
|
//
|
|
// Make sure the TCB is in a state that is interesting.
|
|
//
|
|
// We also drop packets for TCBs where we don't already have
|
|
// an RCE, since any ICMP errors we get for packets we haven't
|
|
// sent are likely to be spoofed.
|
|
//
|
|
if (StatusTCB->tcb_state == TCB_CLOSED ||
|
|
StatusTCB->tcb_state == TCB_TIME_WAIT ||
|
|
CLOSING(StatusTCB) ||
|
|
StatusTCB->tcb_rce == NULL) {
|
|
//
|
|
// Connection is already closing, or too new to have sent
|
|
// anything yet. Leave it be.
|
|
//
|
|
KeReleaseSpinLock(&StatusTCB->tcb_lock, Irql0);
|
|
return IP_PROTOCOL_NONE; // Discard error packet.
|
|
}
|
|
|
|
switch (StatArg->Status) {
|
|
case IP_UNRECOGNIZED_NEXT_HEADER:
|
|
//
|
|
// Destination protocol unreachable.
|
|
// We treat this as a fatal errors. Close the connection.
|
|
//
|
|
StatusTCB->tcb_error = StatArg->Status;
|
|
StatusTCB->tcb_refcnt++;
|
|
TryToCloseTCB(StatusTCB, TCB_CLOSE_UNREACH, Irql0);
|
|
|
|
RemoveTCBFromConn(StatusTCB);
|
|
NotifyOfDisc(StatusTCB,
|
|
MapIPError(StatArg->Status, TDI_DEST_UNREACHABLE));
|
|
KeAcquireSpinLock(&StatusTCB->tcb_lock, &Irql1);
|
|
DerefTCB(StatusTCB, Irql1);
|
|
return IP_PROTOCOL_NONE; // Done with packet.
|
|
break;
|
|
|
|
case IP_DEST_NO_ROUTE:
|
|
case IP_DEST_ADDR_UNREACHABLE:
|
|
case IP_DEST_PORT_UNREACHABLE:
|
|
case IP_DEST_PROHIBITED:
|
|
case IP_BAD_ROUTE:
|
|
case IP_HOP_LIMIT_EXCEEDED:
|
|
case IP_REASSEMBLY_TIME_EXCEEDED:
|
|
case IP_PARAMETER_PROBLEM:
|
|
//
|
|
// Soft errors. Save the error in case it times out.
|
|
//
|
|
StatusTCB->tcb_error = StatArg->Status;
|
|
break;
|
|
|
|
case IP_PACKET_TOO_BIG: {
|
|
uint PMTU;
|
|
|
|
IF_TCPDBG(TCP_DEBUG_MSS) {
|
|
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INFO_TCPDBG,
|
|
"TCPControlReceive: Got Packet Too Big\n"));
|
|
}
|
|
|
|
//
|
|
// We sent a TCP datagram which was too big for the path to
|
|
// our destination. That packet was dropped by the router
|
|
// which sent us this error message. The Arg value is TRUE
|
|
// if this Packet Too Big reduced our PMTU, FALSE otherwise.
|
|
//
|
|
if (!StatArg->Arg)
|
|
break;
|
|
|
|
//
|
|
// Our PMTU was reduced. Find out what it is now.
|
|
//
|
|
PMTU = GetEffectivePathMTUFromRCE(StatusTCB->tcb_rce);
|
|
|
|
//
|
|
// Update fields based on new PMTU.
|
|
//
|
|
StatusTCB->tcb_pmtu = PMTU;
|
|
StatusTCB->tcb_security = SecurityStateValidationCounter;
|
|
CalculateMSSForTCB(StatusTCB);
|
|
|
|
//
|
|
// Since our PMTU was reduced, we know that this is the first
|
|
// Packet Too Big we've received about this bottleneck.
|
|
// We should retransmit so long as this is for a legitimate
|
|
// outstanding packet (i.e. sequence number is is greater than
|
|
// the last acked and less than our current send next).
|
|
//
|
|
DropSeq = net_long(InvokingTCP->tcp_seq);
|
|
if ((SEQ_GTE(DropSeq, StatusTCB->tcb_senduna) &&
|
|
SEQ_LT(DropSeq, StatusTCB->tcb_sendnext))) {
|
|
//
|
|
// Need to initiate a retransmit.
|
|
//
|
|
ResetSendNext(StatusTCB, DropSeq);
|
|
|
|
//
|
|
// WINBUG #242757 11-27-2000 richdr TCP resp. to Packet Too Big
|
|
// RFC 1981 states that "a retransmission caused by a Packet
|
|
// Too Big message should not change the congestion window.
|
|
// It should, however, trigger the slow-start mechanism."
|
|
// The code below would appear to be broken. However, the
|
|
// IPv4 stack works this way.
|
|
//
|
|
|
|
//
|
|
// Set the congestion window to allow only one packet.
|
|
// This may prevent us from sending anything if we
|
|
// didn't just set sendnext to senduna. This is OK,
|
|
// we'll retransmit later, or send when we get an ack.
|
|
//
|
|
StatusTCB->tcb_cwin = StatusTCB->tcb_mss;
|
|
|
|
DelayAction(StatusTCB, NEED_OUTPUT);
|
|
}
|
|
}
|
|
break;
|
|
|
|
default:
|
|
// Should never happen.
|
|
KdBreakPoint();
|
|
break;
|
|
}
|
|
|
|
KeReleaseSpinLock(&StatusTCB->tcb_lock, Irql0);
|
|
} else {
|
|
//
|
|
// Couldn't find a matching TCB. Connection probably went away since
|
|
// we sent the offending packet. Just free the lock and return.
|
|
//
|
|
KeReleaseSpinLock(&TCBTableLock, Irql0);
|
|
}
|
|
|
|
return IP_PROTOCOL_NONE; // Done with packet.
|
|
}
|
|
|
|
#pragma BEGIN_INIT
|
|
|
|
//* InitTCPRcv - Initialize TCP receive side.
|
|
//
|
|
// Called during init time to initialize our TCP receive side.
|
|
//
|
|
int // Returns: TRUE.
|
|
InitTCPRcv(
|
|
void) // Nothing.
|
|
{
|
|
ExInitializeSListHead(&TCPRcvReqFree);
|
|
|
|
KeInitializeSpinLock(&RequestCompleteLock);
|
|
KeInitializeSpinLock(&TCBDelayLock);
|
|
KeInitializeSpinLock(&TCPRcvReqFreeLock);
|
|
INITQ(&ConnRequestCompleteQ);
|
|
INITQ(&SendCompleteQ);
|
|
INITQ(&TCBDelayQ);
|
|
RequestCompleteFlags = 0;
|
|
TCBDelayRtnCount = 0;
|
|
|
|
TCBDelayRtnLimit = (uint) KeNumberProcessors;
|
|
if (TCBDelayRtnLimit > TCB_DELAY_RTN_LIMIT)
|
|
TCBDelayRtnLimit = TCB_DELAY_RTN_LIMIT;
|
|
|
|
RtlZeroMemory(&DummyPacket, sizeof DummyPacket);
|
|
DummyPacket.Flags = PACKET_OURS;
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
#pragma END_INIT
|
|
|
|
//* UnloadTCPRcv
|
|
//
|
|
// Cleanup and prepare for stack unload.
|
|
//
|
|
void
|
|
UnloadTCPRcv(void)
|
|
{
|
|
PSLIST_ENTRY BufferLink;
|
|
|
|
while ((BufferLink = ExInterlockedPopEntrySList(&TCPRcvReqFree,
|
|
&TCPRcvReqFreeLock))
|
|
!= NULL) {
|
|
TCPRcvReq *RcvReq = CONTAINING_RECORD(BufferLink, TCPRcvReq, trr_next);
|
|
|
|
CHECK_STRUCT(RcvReq, trr);
|
|
ExFreePool(RcvReq);
|
|
}
|
|
}
|