/*
* tcp_time_wait_processing() handles processing of incoming packets when
* the tcp_t is in the TIME_WAIT state.
*
* A TIME_WAIT tcp_t that has an associated open TCP end point (not in
* detached state) is never put on the time wait list.
*/
void
tcp_time_wait_processing(tcp_t *tcp, mblk_t *mp, uint32_t seg_seq,
uint32_t seg_ack, int seg_len, tcpha_t *tcpha, ip_recv_attr_t *ira)
{
int32_t bytes_acked;
int32_t gap;
int32_t rgap;
tcp_opt_t tcpopt;
uint_t flags;
uint32_t new_swnd = 0;
conn_t *nconnp;
conn_t *connp = tcp->tcp_connp;
tcp_stack_t *tcps = tcp->tcp_tcps;
BUMP_LOCAL(tcp->tcp_ibsegs);
DTRACE_PROBE2(tcp__trace__recv, mblk_t *, mp, tcp_t *, tcp);
flags = (unsigned int)tcpha->tha_flags & 0xFF;
new_swnd = ntohs(tcpha->tha_win) <<
((tcpha->tha_flags & TH_SYN) ? 0 : tcp->tcp_snd_ws);
if (tcp->tcp_snd_ts_ok) {
if (!tcp_paws_check(tcp, tcpha, &tcpopt)) {
tcp_xmit_ctl(NULL, tcp, tcp->tcp_snxt,
tcp->tcp_rnxt, TH_ACK);
goto done;
}
}
gap = seg_seq - tcp->tcp_rnxt;
rgap = tcp->tcp_rwnd - (gap + seg_len);
if (gap < 0) {
TCPS_BUMP_MIB(tcps, tcpInDataDupSegs);
TCPS_UPDATE_MIB(tcps, tcpInDataDupBytes,
(seg_len > -gap ? -gap : seg_len));
seg_len += gap;
if (seg_len < 0 || (seg_len == 0 && !(flags & TH_FIN))) {
if (flags & TH_RST) {
goto done;
}
if ((flags & TH_FIN) && seg_len == -1) {
/*
* When TCP receives a duplicate FIN in
* TIME_WAIT state, restart the 2 MSL timer.
* See page 73 in RFC 793. Make sure this TCP
* is already on the TIME_WAIT list. If not,
* just restart the timer.
*/
if (TCP_IS_DETACHED(tcp)) {
if (tcp_time_wait_remove(tcp, NULL) ==
B_TRUE) {
tcp_time_wait_append(tcp);
TCP_DBGSTAT(tcps,
tcp_rput_time_wait);
}
} else {
ASSERT(tcp != NULL);
TCP_TIMER_RESTART(tcp,
tcps->tcps_time_wait_interval);
}
tcp_xmit_ctl(NULL, tcp, tcp->tcp_snxt,
tcp->tcp_rnxt, TH_ACK);
goto done;
}
flags |= TH_ACK_NEEDED;
seg_len = 0;
goto process_ack;
}
/* Fix seg_seq, and chew the gap off the front. */
seg_seq = tcp->tcp_rnxt;
}
if ((flags & TH_SYN) && gap > 0 && rgap < 0) {
/*
* Make sure that when we accept the connection, pick
* an ISS greater than (tcp_snxt + ISS_INCR/2) for the
* old connection.
*
* The next ISS generated is equal to tcp_iss_incr_extra
* + ISS_INCR/2 + other components depending on the
* value of tcp_strong_iss. We pre-calculate the new
* ISS here and compare with tcp_snxt to determine if
* we need to make adjustment to tcp_iss_incr_extra.
*
* The above calculation is ugly and is a
* waste of CPU cycles...
*/
uint32_t new_iss = tcps->tcps_iss_incr_extra;
int32_t adj;
ip_stack_t *ipst = tcps->tcps_netstack->netstack_ip;
switch (tcps->tcps_strong_iss) {
case 2: {
/* Add time and MD5 components. */
uint32_t answer[4];
struct {
uint32_t ports;
in6_addr_t src;
in6_addr_t dst;
} arg;
MD5_CTX context;
mutex_enter(&tcps->tcps_iss_key_lock);
context = tcps->tcps_iss_key;
mutex_exit(&tcps->tcps_iss_key_lock);
arg.ports = connp->conn_ports;
/* We use MAPPED addresses in tcp_iss_init */
arg.src = connp->conn_laddr_v6;
arg.dst = connp->conn_faddr_v6;
MD5Update(&context, (uchar_t *)&arg,
sizeof (arg));
MD5Final((uchar_t *)answer, &context);
answer[0] ^= answer[1] ^ answer[2] ^ answer[3];
new_iss += (gethrtime() >> ISS_NSEC_SHT) + answer[0];
break;
}
case 1:
/* Add time component and min random (i.e. 1). */
new_iss += (gethrtime() >> ISS_NSEC_SHT) + 1;
break;
default:
/* Add only time component. */
new_iss += (uint32_t)gethrestime_sec() * ISS_INCR;
break;
}
if ((adj = (int32_t)(tcp->tcp_snxt - new_iss)) > 0) {
/*
* New ISS not guaranteed to be ISS_INCR/2
* ahead of the current tcp_snxt, so add the
* difference to tcp_iss_incr_extra.
*/
tcps->tcps_iss_incr_extra += adj;
}
/*
* If tcp_clean_death() can not perform the task now,
* drop the SYN packet and let the other side re-xmit.
* Otherwise pass the SYN packet back in, since the
* old tcp state has been cleaned up or freed.
*/
if (tcp_clean_death(tcp, 0) == -1)
goto done;
nconnp = ipcl_classify(mp, ira, ipst);
if (nconnp != NULL) {
TCP_STAT(tcps, tcp_time_wait_syn_success);
/* Drops ref on nconnp */
tcp_reinput(nconnp, mp, ira, ipst);
return;
}
goto done;
}
/*
* Return SNMP stuff in buffer in mpdata.
*/
mblk_t *
tcp_snmp_get(queue_t *q, mblk_t *mpctl, boolean_t legacy_req)
{
mblk_t *mpdata;
mblk_t *mp_conn_ctl = NULL;
mblk_t *mp_conn_tail;
mblk_t *mp_attr_ctl = NULL;
mblk_t *mp_attr_tail;
mblk_t *mp6_conn_ctl = NULL;
mblk_t *mp6_conn_tail;
mblk_t *mp6_attr_ctl = NULL;
mblk_t *mp6_attr_tail;
struct opthdr *optp;
mib2_tcpConnEntry_t tce;
mib2_tcp6ConnEntry_t tce6;
mib2_transportMLPEntry_t mlp;
connf_t *connfp;
int i;
boolean_t ispriv;
zoneid_t zoneid;
int v4_conn_idx;
int v6_conn_idx;
conn_t *connp = Q_TO_CONN(q);
tcp_stack_t *tcps;
ip_stack_t *ipst;
mblk_t *mp2ctl;
mib2_tcp_t tcp_mib;
size_t tcp_mib_size, tce_size, tce6_size;
/*
* make a copy of the original message
*/
mp2ctl = copymsg(mpctl);
if (mpctl == NULL ||
(mpdata = mpctl->b_cont) == NULL ||
(mp_conn_ctl = copymsg(mpctl)) == NULL ||
(mp_attr_ctl = copymsg(mpctl)) == NULL ||
(mp6_conn_ctl = copymsg(mpctl)) == NULL ||
(mp6_attr_ctl = copymsg(mpctl)) == NULL) {
freemsg(mp_conn_ctl);
freemsg(mp_attr_ctl);
freemsg(mp6_conn_ctl);
freemsg(mp6_attr_ctl);
freemsg(mpctl);
freemsg(mp2ctl);
return (NULL);
}
ipst = connp->conn_netstack->netstack_ip;
tcps = connp->conn_netstack->netstack_tcp;
if (legacy_req) {
tcp_mib_size = LEGACY_MIB_SIZE(&tcp_mib, mib2_tcp_t);
tce_size = LEGACY_MIB_SIZE(&tce, mib2_tcpConnEntry_t);
tce6_size = LEGACY_MIB_SIZE(&tce6, mib2_tcp6ConnEntry_t);
} else {
tcp_mib_size = sizeof (mib2_tcp_t);
tce_size = sizeof (mib2_tcpConnEntry_t);
tce6_size = sizeof (mib2_tcp6ConnEntry_t);
}
bzero(&tcp_mib, sizeof (tcp_mib));
/* build table of connections -- need count in fixed part */
SET_MIB(tcp_mib.tcpRtoAlgorithm, 4); /* vanj */
SET_MIB(tcp_mib.tcpRtoMin, tcps->tcps_rexmit_interval_min);
SET_MIB(tcp_mib.tcpRtoMax, tcps->tcps_rexmit_interval_max);
SET_MIB(tcp_mib.tcpMaxConn, -1);
SET_MIB(tcp_mib.tcpCurrEstab, 0);
ispriv =
secpolicy_ip_config((Q_TO_CONN(q))->conn_cred, B_TRUE) == 0;
zoneid = Q_TO_CONN(q)->conn_zoneid;
v4_conn_idx = v6_conn_idx = 0;
mp_conn_tail = mp_attr_tail = mp6_conn_tail = mp6_attr_tail = NULL;
for (i = 0; i < CONN_G_HASH_SIZE; i++) {
ipst = tcps->tcps_netstack->netstack_ip;
connfp = &ipst->ips_ipcl_globalhash_fanout[i];
connp = NULL;
while ((connp =
ipcl_get_next_conn(connfp, connp, IPCL_TCPCONN)) != NULL) {
tcp_t *tcp;
boolean_t needattr;
if (connp->conn_zoneid != zoneid)
continue; /* not in this zone */
tcp = connp->conn_tcp;
TCPS_UPDATE_MIB(tcps, tcpHCInSegs, tcp->tcp_ibsegs);
tcp->tcp_ibsegs = 0;
TCPS_UPDATE_MIB(tcps, tcpHCOutSegs, tcp->tcp_obsegs);
tcp->tcp_obsegs = 0;
tce6.tcp6ConnState = tce.tcpConnState =
tcp_snmp_state(tcp);
if (tce.tcpConnState == MIB2_TCP_established ||
tce.tcpConnState == MIB2_TCP_closeWait)
BUMP_MIB(&tcp_mib, tcpCurrEstab);
needattr = B_FALSE;
bzero(&mlp, sizeof (mlp));
if (connp->conn_mlp_type != mlptSingle) {
if (connp->conn_mlp_type == mlptShared ||
connp->conn_mlp_type == mlptBoth)
mlp.tme_flags |= MIB2_TMEF_SHARED;
if (connp->conn_mlp_type == mlptPrivate ||
connp->conn_mlp_type == mlptBoth)
mlp.tme_flags |= MIB2_TMEF_PRIVATE;
needattr = B_TRUE;
}
if (connp->conn_anon_mlp) {
mlp.tme_flags |= MIB2_TMEF_ANONMLP;
needattr = B_TRUE;
}
switch (connp->conn_mac_mode) {
case CONN_MAC_DEFAULT:
break;
case CONN_MAC_AWARE:
mlp.tme_flags |= MIB2_TMEF_MACEXEMPT;
needattr = B_TRUE;
break;
case CONN_MAC_IMPLICIT:
mlp.tme_flags |= MIB2_TMEF_MACIMPLICIT;
needattr = B_TRUE;
break;
}
if (connp->conn_ixa->ixa_tsl != NULL) {
ts_label_t *tsl;
tsl = connp->conn_ixa->ixa_tsl;
mlp.tme_flags |= MIB2_TMEF_IS_LABELED;
mlp.tme_doi = label2doi(tsl);
mlp.tme_label = *label2bslabel(tsl);
needattr = B_TRUE;
}
/* Create a message to report on IPv6 entries */
if (connp->conn_ipversion == IPV6_VERSION) {
tce6.tcp6ConnLocalAddress = connp->conn_laddr_v6;
tce6.tcp6ConnRemAddress = connp->conn_faddr_v6;
tce6.tcp6ConnLocalPort = ntohs(connp->conn_lport);
tce6.tcp6ConnRemPort = ntohs(connp->conn_fport);
if (connp->conn_ixa->ixa_flags & IXAF_SCOPEID_SET) {
tce6.tcp6ConnIfIndex =
connp->conn_ixa->ixa_scopeid;
} else {
tce6.tcp6ConnIfIndex = connp->conn_bound_if;
}
/* Don't want just anybody seeing these... */
if (ispriv) {
tce6.tcp6ConnEntryInfo.ce_snxt =
tcp->tcp_snxt;
tce6.tcp6ConnEntryInfo.ce_suna =
tcp->tcp_suna;
tce6.tcp6ConnEntryInfo.ce_rnxt =
tcp->tcp_rnxt;
tce6.tcp6ConnEntryInfo.ce_rack =
tcp->tcp_rack;
} else {
/*
* Netstat, unfortunately, uses this to
* get send/receive queue sizes. How to fix?
* Why not compute the difference only?
*/
tce6.tcp6ConnEntryInfo.ce_snxt =
tcp->tcp_snxt - tcp->tcp_suna;
tce6.tcp6ConnEntryInfo.ce_suna = 0;
tce6.tcp6ConnEntryInfo.ce_rnxt =
tcp->tcp_rnxt - tcp->tcp_rack;
tce6.tcp6ConnEntryInfo.ce_rack = 0;
}
tce6.tcp6ConnEntryInfo.ce_swnd = tcp->tcp_swnd;
tce6.tcp6ConnEntryInfo.ce_rwnd = tcp->tcp_rwnd;
tce6.tcp6ConnEntryInfo.ce_rto = tcp->tcp_rto;
tce6.tcp6ConnEntryInfo.ce_mss = tcp->tcp_mss;
tce6.tcp6ConnEntryInfo.ce_state = tcp->tcp_state;
tce6.tcp6ConnCreationProcess =
(connp->conn_cpid < 0) ? MIB2_UNKNOWN_PROCESS :
connp->conn_cpid;
tce6.tcp6ConnCreationTime = connp->conn_open_time;
(void) snmp_append_data2(mp6_conn_ctl->b_cont,
&mp6_conn_tail, (char *)&tce6, tce6_size);
mlp.tme_connidx = v6_conn_idx++;
if (needattr)
(void) snmp_append_data2(mp6_attr_ctl->b_cont,
&mp6_attr_tail, (char *)&mlp, sizeof (mlp));
}
/*
* Create an IPv4 table entry for IPv4 entries and also
* for IPv6 entries which are bound to in6addr_any
* but don't have IPV6_V6ONLY set.
* (i.e. anything an IPv4 peer could connect to)
*/
if (connp->conn_ipversion == IPV4_VERSION ||
(tcp->tcp_state <= TCPS_LISTEN &&
!connp->conn_ipv6_v6only &&
IN6_IS_ADDR_UNSPECIFIED(&connp->conn_laddr_v6))) {
if (connp->conn_ipversion == IPV6_VERSION) {
tce.tcpConnRemAddress = INADDR_ANY;
tce.tcpConnLocalAddress = INADDR_ANY;
} else {
tce.tcpConnRemAddress =
connp->conn_faddr_v4;
tce.tcpConnLocalAddress =
connp->conn_laddr_v4;
}
tce.tcpConnLocalPort = ntohs(connp->conn_lport);
tce.tcpConnRemPort = ntohs(connp->conn_fport);
/* Don't want just anybody seeing these... */
if (ispriv) {
tce.tcpConnEntryInfo.ce_snxt =
tcp->tcp_snxt;
tce.tcpConnEntryInfo.ce_suna =
tcp->tcp_suna;
tce.tcpConnEntryInfo.ce_rnxt =
tcp->tcp_rnxt;
tce.tcpConnEntryInfo.ce_rack =
tcp->tcp_rack;
} else {
/*
* Netstat, unfortunately, uses this to
* get send/receive queue sizes. How
* to fix?
* Why not compute the difference only?
*/
tce.tcpConnEntryInfo.ce_snxt =
tcp->tcp_snxt - tcp->tcp_suna;
tce.tcpConnEntryInfo.ce_suna = 0;
tce.tcpConnEntryInfo.ce_rnxt =
tcp->tcp_rnxt - tcp->tcp_rack;
tce.tcpConnEntryInfo.ce_rack = 0;
}
tce.tcpConnEntryInfo.ce_swnd = tcp->tcp_swnd;
tce.tcpConnEntryInfo.ce_rwnd = tcp->tcp_rwnd;
tce.tcpConnEntryInfo.ce_rto = tcp->tcp_rto;
tce.tcpConnEntryInfo.ce_mss = tcp->tcp_mss;
tce.tcpConnEntryInfo.ce_state =
tcp->tcp_state;
tce.tcpConnCreationProcess =
(connp->conn_cpid < 0) ?
MIB2_UNKNOWN_PROCESS :
connp->conn_cpid;
tce.tcpConnCreationTime = connp->conn_open_time;
(void) snmp_append_data2(mp_conn_ctl->b_cont,
&mp_conn_tail, (char *)&tce, tce_size);
mlp.tme_connidx = v4_conn_idx++;
if (needattr)
(void) snmp_append_data2(
mp_attr_ctl->b_cont,
&mp_attr_tail, (char *)&mlp,
sizeof (mlp));
}
}
}
tcp_sum_mib(tcps, &tcp_mib);
/* Fixed length structure for IPv4 and IPv6 counters */
SET_MIB(tcp_mib.tcpConnTableSize, tce_size);
SET_MIB(tcp_mib.tcp6ConnTableSize, tce6_size);
/*
* Synchronize 32- and 64-bit counters. Note that tcpInSegs and
* tcpOutSegs are not updated anywhere in TCP. The new 64 bits
* counters are used. Hence the old counters' values in tcp_sc_mib
* are always 0.
*/
SYNC32_MIB(&tcp_mib, tcpInSegs, tcpHCInSegs);
SYNC32_MIB(&tcp_mib, tcpOutSegs, tcpHCOutSegs);
optp = (struct opthdr *)&mpctl->b_rptr[sizeof (struct T_optmgmt_ack)];
optp->level = MIB2_TCP;
optp->name = 0;
(void) snmp_append_data(mpdata, (char *)&tcp_mib, tcp_mib_size);
optp->len = msgdsize(mpdata);
qreply(q, mpctl);
/* table of connections... */
optp = (struct opthdr *)&mp_conn_ctl->b_rptr[
sizeof (struct T_optmgmt_ack)];
optp->level = MIB2_TCP;
optp->name = MIB2_TCP_CONN;
optp->len = msgdsize(mp_conn_ctl->b_cont);
qreply(q, mp_conn_ctl);
/* table of MLP attributes... */
optp = (struct opthdr *)&mp_attr_ctl->b_rptr[
sizeof (struct T_optmgmt_ack)];
optp->level = MIB2_TCP;
optp->name = EXPER_XPORT_MLP;
optp->len = msgdsize(mp_attr_ctl->b_cont);
if (optp->len == 0)
freemsg(mp_attr_ctl);
else
qreply(q, mp_attr_ctl);
/* table of IPv6 connections... */
optp = (struct opthdr *)&mp6_conn_ctl->b_rptr[
sizeof (struct T_optmgmt_ack)];
optp->level = MIB2_TCP6;
optp->name = MIB2_TCP6_CONN;
optp->len = msgdsize(mp6_conn_ctl->b_cont);
qreply(q, mp6_conn_ctl);
/* table of IPv6 MLP attributes... */
optp = (struct opthdr *)&mp6_attr_ctl->b_rptr[
sizeof (struct T_optmgmt_ack)];
optp->level = MIB2_TCP6;
optp->name = EXPER_XPORT_MLP;
optp->len = msgdsize(mp6_attr_ctl->b_cont);
if (optp->len == 0)
freemsg(mp6_attr_ctl);
else
qreply(q, mp6_attr_ctl);
return (mp2ctl);
}