1 /**
2 * @file
3 * Transmission Control Protocol, incoming traffic
4 *
5 * The input processing functions of the TCP layer.
6 *
7 * These functions are generally called in the order (ip_input() ->)
8 * tcp_input() -> * tcp_process() -> tcp_receive() (-> application).
9 *
10 */
11
12 /*
13 * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
14 * All rights reserved.
15 *
16 * Redistribution and use in source and binary forms, with or without modification,
17 * are permitted provided that the following conditions are met:
18 *
19 * 1. Redistributions of source code must retain the above copyright notice,
20 * this list of conditions and the following disclaimer.
21 * 2. Redistributions in binary form must reproduce the above copyright notice,
22 * this list of conditions and the following disclaimer in the documentation
23 * and/or other materials provided with the distribution.
24 * 3. The name of the author may not be used to endorse or promote products
25 * derived from this software without specific prior written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
28 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
29 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
30 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
31 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
32 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
35 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
36 * OF SUCH DAMAGE.
37 *
38 * This file is part of the lwIP TCP/IP stack.
39 *
40 * Author: Adam Dunkels <[email protected]>
41 *
42 */
43
44 #include "lwip/opt.h"
45
46 #if LWIP_TCP /* don't build if not configured for use in lwipopts.h */
47
48 #include "lwip/priv/tcp_priv.h"
49 #include "lwip/def.h"
50 #include "lwip/ip_addr.h"
51 #include "lwip/netif.h"
52 #include "lwip/mem.h"
53 #include "lwip/memp.h"
54 #include "lwip/inet_chksum.h"
55 #include "lwip/stats.h"
56 #include "lwip/ip6.h"
57 #include "lwip/ip6_addr.h"
58 #if LWIP_ND6_TCP_REACHABILITY_HINTS
59 #include "lwip/nd6.h"
60 #endif /* LWIP_ND6_TCP_REACHABILITY_HINTS */
61
62 #include <string.h>
63
64 #ifdef LWIP_HOOK_FILENAME
65 #include LWIP_HOOK_FILENAME
66 #endif
67
68 /** Initial CWND calculation as defined RFC 2581 */
69 #define LWIP_TCP_CALC_INITIAL_CWND(mss) ((tcpwnd_size_t)LWIP_MIN((4U * (mss)), LWIP_MAX((2U * (mss)), 4380U)))
70
71 /* These variables are global to all functions involved in the input
72 processing of TCP segments. They are set by the tcp_input()
73 function. */
74 static struct tcp_seg inseg;
75 static struct tcp_hdr *tcphdr;
76 static u16_t tcphdr_optlen;
77 static u16_t tcphdr_opt1len;
78 static u8_t *tcphdr_opt2;
79 static u16_t tcp_optidx;
80 static u32_t seqno, ackno;
81 static tcpwnd_size_t recv_acked;
82 static u16_t tcplen;
83 static u8_t flags;
84
85 static u8_t recv_flags;
86 static struct pbuf *recv_data;
87
88 struct tcp_pcb *tcp_input_pcb;
89
90 /* Forward declarations. */
91 static err_t tcp_process(struct tcp_pcb *pcb);
92 static void tcp_receive(struct tcp_pcb *pcb);
93 static void tcp_parseopt(struct tcp_pcb *pcb);
94
95 static void tcp_listen_input(struct tcp_pcb_listen *pcb);
96 static void tcp_timewait_input(struct tcp_pcb *pcb);
97
98 static int tcp_input_delayed_close(struct tcp_pcb *pcb);
99
100 #if LWIP_TCP_SACK_OUT
101 static void tcp_add_sack(struct tcp_pcb *pcb, u32_t left, u32_t right);
102 static void tcp_remove_sacks_lt(struct tcp_pcb *pcb, u32_t seq);
103 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
104 static void tcp_remove_sacks_gt(struct tcp_pcb *pcb, u32_t seq);
105 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
106 #endif /* LWIP_TCP_SACK_OUT */
107
108 /**
109 * The initial input processing of TCP. It verifies the TCP header, demultiplexes
110 * the segment between the PCBs and passes it on to tcp_process(), which implements
111 * the TCP finite state machine. This function is called by the IP layer (in
112 * ip_input()).
113 *
114 * @param p received TCP segment to process (p->payload pointing to the TCP header)
115 * @param inp network interface on which this segment was received
116 */
117 void
tcp_input(struct pbuf * p,struct netif * inp)118 tcp_input(struct pbuf *p, struct netif *inp)
119 {
120 struct tcp_pcb *pcb, *prev;
121 struct tcp_pcb_listen *lpcb;
122 #if SO_REUSE
123 struct tcp_pcb *lpcb_prev = NULL;
124 struct tcp_pcb_listen *lpcb_any = NULL;
125 #endif /* SO_REUSE */
126 u8_t hdrlen_bytes;
127 err_t err;
128
129 LWIP_UNUSED_ARG(inp);
130 LWIP_ASSERT_CORE_LOCKED();
131 LWIP_ASSERT("tcp_input: invalid pbuf", p != NULL);
132
133 PERF_START;
134
135 TCP_STATS_INC(tcp.recv);
136 MIB2_STATS_INC(mib2.tcpinsegs);
137
138 tcphdr = (struct tcp_hdr *)p->payload;
139
140 #if TCP_INPUT_DEBUG
141 tcp_debug_print(tcphdr);
142 #endif
143
144 /* Check that TCP header fits in payload */
145 if (p->len < TCP_HLEN) {
146 /* drop short packets */
147 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: short packet (%"U16_F" bytes) discarded\n", p->tot_len));
148 TCP_STATS_INC(tcp.lenerr);
149 goto dropped;
150 }
151
152 /* Don't even process incoming broadcasts/multicasts. */
153 if (ip_addr_isbroadcast(ip_current_dest_addr(), ip_current_netif()) ||
154 ip_addr_ismulticast(ip_current_dest_addr())) {
155 TCP_STATS_INC(tcp.proterr);
156 goto dropped;
157 }
158
159 #if CHECKSUM_CHECK_TCP
160 IF__NETIF_CHECKSUM_ENABLED(inp, NETIF_CHECKSUM_CHECK_TCP) {
161 /* Verify TCP checksum. */
162 u16_t chksum = ip_chksum_pseudo(p, IP_PROTO_TCP, p->tot_len,
163 ip_current_src_addr(), ip_current_dest_addr());
164 if (chksum != 0) {
165 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packet discarded due to failing checksum 0x%04"X16_F"\n",
166 chksum));
167 tcp_debug_print(tcphdr);
168 TCP_STATS_INC(tcp.chkerr);
169 goto dropped;
170 }
171 }
172 #endif /* CHECKSUM_CHECK_TCP */
173
174 /* sanity-check header length */
175 hdrlen_bytes = TCPH_HDRLEN_BYTES(tcphdr);
176 if ((hdrlen_bytes < TCP_HLEN) || (hdrlen_bytes > p->tot_len)) {
177 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: invalid header length (%"U16_F")\n", (u16_t)hdrlen_bytes));
178 TCP_STATS_INC(tcp.lenerr);
179 goto dropped;
180 }
181
182 /* Move the payload pointer in the pbuf so that it points to the
183 TCP data instead of the TCP header. */
184 tcphdr_optlen = (u16_t)(hdrlen_bytes - TCP_HLEN);
185 tcphdr_opt2 = NULL;
186 if (p->len >= hdrlen_bytes) {
187 /* all options are in the first pbuf */
188 tcphdr_opt1len = tcphdr_optlen;
189 pbuf_remove_header(p, hdrlen_bytes); /* cannot fail */
190 } else {
191 u16_t opt2len;
192 /* TCP header fits into first pbuf, options don't - data is in the next pbuf */
193 /* there must be a next pbuf, due to hdrlen_bytes sanity check above */
194 LWIP_ASSERT("p->next != NULL", p->next != NULL);
195
196 /* advance over the TCP header (cannot fail) */
197 pbuf_remove_header(p, TCP_HLEN);
198
199 /* determine how long the first and second parts of the options are */
200 tcphdr_opt1len = p->len;
201 opt2len = (u16_t)(tcphdr_optlen - tcphdr_opt1len);
202
203 /* options continue in the next pbuf: set p to zero length and hide the
204 options in the next pbuf (adjusting p->tot_len) */
205 pbuf_remove_header(p, tcphdr_opt1len);
206
207 /* check that the options fit in the second pbuf */
208 if (opt2len > p->next->len) {
209 /* drop short packets */
210 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: options overflow second pbuf (%"U16_F" bytes)\n", p->next->len));
211 TCP_STATS_INC(tcp.lenerr);
212 goto dropped;
213 }
214
215 /* remember the pointer to the second part of the options */
216 tcphdr_opt2 = (u8_t *)p->next->payload;
217
218 /* advance p->next to point after the options, and manually
219 adjust p->tot_len to keep it consistent with the changed p->next */
220 pbuf_remove_header(p->next, opt2len);
221 p->tot_len = (u16_t)(p->tot_len - opt2len);
222
223 LWIP_ASSERT("p->len == 0", p->len == 0);
224 LWIP_ASSERT("p->tot_len == p->next->tot_len", p->tot_len == p->next->tot_len);
225 }
226
227 /* Convert fields in TCP header to host byte order. */
228 tcphdr->src = lwip_ntohs(tcphdr->src);
229 tcphdr->dest = lwip_ntohs(tcphdr->dest);
230 seqno = tcphdr->seqno = lwip_ntohl(tcphdr->seqno);
231 ackno = tcphdr->ackno = lwip_ntohl(tcphdr->ackno);
232 tcphdr->wnd = lwip_ntohs(tcphdr->wnd);
233
234 flags = TCPH_FLAGS(tcphdr);
235 tcplen = p->tot_len;
236 if (flags & (TCP_FIN | TCP_SYN)) {
237 tcplen++;
238 if (tcplen < p->tot_len) {
239 /* u16_t overflow, cannot handle this */
240 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: length u16_t overflow, cannot handle this\n"));
241 TCP_STATS_INC(tcp.lenerr);
242 goto dropped;
243 }
244 }
245
246 /* Demultiplex an incoming segment. First, we check if it is destined
247 for an active connection. */
248 prev = NULL;
249
250 for (pcb = tcp_active_pcbs; pcb != NULL; pcb = pcb->next) {
251 LWIP_ASSERT("tcp_input: active pcb->state != CLOSED", pcb->state != CLOSED);
252 LWIP_ASSERT("tcp_input: active pcb->state != TIME-WAIT", pcb->state != TIME_WAIT);
253 LWIP_ASSERT("tcp_input: active pcb->state != LISTEN", pcb->state != LISTEN);
254
255 /* check if PCB is bound to specific netif */
256 if ((pcb->netif_idx != NETIF_NO_INDEX) &&
257 (pcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
258 prev = pcb;
259 continue;
260 }
261
262 if (pcb->remote_port == tcphdr->src &&
263 pcb->local_port == tcphdr->dest &&
264 ip_addr_cmp(&pcb->remote_ip, ip_current_src_addr()) &&
265 ip_addr_cmp(&pcb->local_ip, ip_current_dest_addr())) {
266 /* Move this PCB to the front of the list so that subsequent
267 lookups will be faster (we exploit locality in TCP segment
268 arrivals). */
269 LWIP_ASSERT("tcp_input: pcb->next != pcb (before cache)", pcb->next != pcb);
270 if (prev != NULL) {
271 prev->next = pcb->next;
272 pcb->next = tcp_active_pcbs;
273 tcp_active_pcbs = pcb;
274 } else {
275 TCP_STATS_INC(tcp.cachehit);
276 }
277 LWIP_ASSERT("tcp_input: pcb->next != pcb (after cache)", pcb->next != pcb);
278 break;
279 }
280 prev = pcb;
281 }
282
283 if (pcb == NULL) {
284 /* If it did not go to an active connection, we check the connections
285 in the TIME-WAIT state. */
286 for (pcb = tcp_tw_pcbs; pcb != NULL; pcb = pcb->next) {
287 LWIP_ASSERT("tcp_input: TIME-WAIT pcb->state == TIME-WAIT", pcb->state == TIME_WAIT);
288
289 /* check if PCB is bound to specific netif */
290 if ((pcb->netif_idx != NETIF_NO_INDEX) &&
291 (pcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
292 continue;
293 }
294
295 if (pcb->remote_port == tcphdr->src &&
296 pcb->local_port == tcphdr->dest &&
297 ip_addr_cmp(&pcb->remote_ip, ip_current_src_addr()) &&
298 ip_addr_cmp(&pcb->local_ip, ip_current_dest_addr())) {
299 /* We don't really care enough to move this PCB to the front
300 of the list since we are not very likely to receive that
301 many segments for connections in TIME-WAIT. */
302 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for TIME_WAITing connection.\n"));
303 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
304 if (LWIP_HOOK_TCP_INPACKET_PCB(pcb, tcphdr, tcphdr_optlen, tcphdr_opt1len,
305 tcphdr_opt2, p) == ERR_OK)
306 #endif
307 {
308 tcp_timewait_input(pcb);
309 }
310 pbuf_free(p);
311 return;
312 }
313 }
314
315 /* Finally, if we still did not get a match, we check all PCBs that
316 are LISTENing for incoming connections. */
317 prev = NULL;
318 for (lpcb = tcp_listen_pcbs.listen_pcbs; lpcb != NULL; lpcb = lpcb->next) {
319 /* check if PCB is bound to specific netif */
320 if ((lpcb->netif_idx != NETIF_NO_INDEX) &&
321 (lpcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
322 prev = (struct tcp_pcb *)lpcb;
323 continue;
324 }
325
326 if (lpcb->local_port == tcphdr->dest) {
327 if (IP_IS_ANY_TYPE_VAL(lpcb->local_ip)) {
328 /* found an ANY TYPE (IPv4/IPv6) match */
329 #if SO_REUSE
330 lpcb_any = lpcb;
331 lpcb_prev = prev;
332 #else /* SO_REUSE */
333 break;
334 #endif /* SO_REUSE */
335 } else if (IP_ADDR_PCB_VERSION_MATCH_EXACT(lpcb, ip_current_dest_addr())) {
336 if (ip_addr_cmp(&lpcb->local_ip, ip_current_dest_addr())) {
337 /* found an exact match */
338 break;
339 } else if (ip_addr_isany(&lpcb->local_ip)) {
340 /* found an ANY-match */
341 #if SO_REUSE
342 lpcb_any = lpcb;
343 lpcb_prev = prev;
344 #else /* SO_REUSE */
345 break;
346 #endif /* SO_REUSE */
347 }
348 }
349 }
350 prev = (struct tcp_pcb *)lpcb;
351 }
352 #if SO_REUSE
353 /* first try specific local IP */
354 if (lpcb == NULL) {
355 /* only pass to ANY if no specific local IP has been found */
356 lpcb = lpcb_any;
357 prev = lpcb_prev;
358 }
359 #endif /* SO_REUSE */
360 if (lpcb != NULL) {
361 /* Move this PCB to the front of the list so that subsequent
362 lookups will be faster (we exploit locality in TCP segment
363 arrivals). */
364 if (prev != NULL) {
365 ((struct tcp_pcb_listen *)prev)->next = lpcb->next;
366 /* our successor is the remainder of the listening list */
367 lpcb->next = tcp_listen_pcbs.listen_pcbs;
368 /* put this listening pcb at the head of the listening list */
369 tcp_listen_pcbs.listen_pcbs = lpcb;
370 } else {
371 TCP_STATS_INC(tcp.cachehit);
372 }
373
374 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for LISTENing connection.\n"));
375 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
376 if (LWIP_HOOK_TCP_INPACKET_PCB((struct tcp_pcb *)lpcb, tcphdr, tcphdr_optlen,
377 tcphdr_opt1len, tcphdr_opt2, p) == ERR_OK)
378 #endif
379 {
380 tcp_listen_input(lpcb);
381 }
382 pbuf_free(p);
383 return;
384 }
385 }
386
387 #if TCP_INPUT_DEBUG
388 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("+-+-+-+-+-+-+-+-+-+-+-+-+-+- tcp_input: flags "));
389 tcp_debug_print_flags(TCPH_FLAGS(tcphdr));
390 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n"));
391 #endif /* TCP_INPUT_DEBUG */
392
393
394 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
395 if ((pcb != NULL) && LWIP_HOOK_TCP_INPACKET_PCB(pcb, tcphdr, tcphdr_optlen,
396 tcphdr_opt1len, tcphdr_opt2, p) != ERR_OK) {
397 pbuf_free(p);
398 return;
399 }
400 #endif
401 if (pcb != NULL) {
402 /* The incoming segment belongs to a connection. */
403 #if TCP_INPUT_DEBUG
404 tcp_debug_print_state(pcb->state);
405 #endif /* TCP_INPUT_DEBUG */
406
407 /* Set up a tcp_seg structure. */
408 inseg.next = NULL;
409 inseg.len = p->tot_len;
410 inseg.p = p;
411 inseg.tcphdr = tcphdr;
412
413 recv_data = NULL;
414 recv_flags = 0;
415 recv_acked = 0;
416
417 if (flags & TCP_PSH) {
418 p->flags |= PBUF_FLAG_PUSH;
419 }
420
421 /* If there is data which was previously "refused" by upper layer */
422 if (pcb->refused_data != NULL) {
423 if ((tcp_process_refused_data(pcb) == ERR_ABRT) ||
424 ((pcb->refused_data != NULL) && (tcplen > 0))) {
425 /* pcb has been aborted or refused data is still refused and the new
426 segment contains data */
427 if (pcb->rcv_ann_wnd == 0) {
428 /* this is a zero-window probe, we respond to it with current RCV.NXT
429 and drop the data segment */
430 tcp_send_empty_ack(pcb);
431 }
432 TCP_STATS_INC(tcp.drop);
433 MIB2_STATS_INC(mib2.tcpinerrs);
434 goto aborted;
435 }
436 }
437 tcp_input_pcb = pcb;
438 err = tcp_process(pcb);
439 /* A return value of ERR_ABRT means that tcp_abort() was called
440 and that the pcb has been freed. If so, we don't do anything. */
441 if (err != ERR_ABRT) {
442 if (recv_flags & TF_RESET) {
443 /* TF_RESET means that the connection was reset by the other
444 end. We then call the error callback to inform the
445 application that the connection is dead before we
446 deallocate the PCB. */
447 TCP_EVENT_ERR(pcb->state, pcb->errf, pcb->callback_arg, ERR_RST);
448 tcp_pcb_remove(&tcp_active_pcbs, pcb);
449 tcp_free(pcb);
450 } else {
451 err = ERR_OK;
452 /* If the application has registered a "sent" function to be
453 called when new send buffer space is available, we call it
454 now. */
455 if (recv_acked > 0) {
456 u16_t acked16;
457 #if LWIP_WND_SCALE
458 /* recv_acked is u32_t but the sent callback only takes a u16_t,
459 so we might have to call it multiple times. */
460 u32_t acked = recv_acked;
461 while (acked > 0) {
462 acked16 = (u16_t)LWIP_MIN(acked, 0xffffu);
463 acked -= acked16;
464 #else
465 {
466 acked16 = recv_acked;
467 #endif
468 TCP_EVENT_SENT(pcb, (u16_t)acked16, err);
469 if (err == ERR_ABRT) {
470 goto aborted;
471 }
472 }
473 recv_acked = 0;
474 }
475 if (tcp_input_delayed_close(pcb)) {
476 goto aborted;
477 }
478 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
479 while (recv_data != NULL) {
480 struct pbuf *rest = NULL;
481 pbuf_split_64k(recv_data, &rest);
482 #else /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
483 if (recv_data != NULL) {
484 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
485
486 LWIP_ASSERT("pcb->refused_data == NULL", pcb->refused_data == NULL);
487 if (pcb->flags & TF_RXCLOSED) {
488 /* received data although already closed -> abort (send RST) to
489 notify the remote host that not all data has been processed */
490 pbuf_free(recv_data);
491 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
492 if (rest != NULL) {
493 pbuf_free(rest);
494 }
495 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
496 tcp_abort(pcb);
497 goto aborted;
498 }
499
500 /* Notify application that data has been received. */
501 TCP_EVENT_RECV(pcb, recv_data, ERR_OK, err);
502 if (err == ERR_ABRT) {
503 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
504 if (rest != NULL) {
505 pbuf_free(rest);
506 }
507 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
508 goto aborted;
509 }
510
511 /* If the upper layer can't receive this data, store it */
512 if (err != ERR_OK) {
513 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
514 if (rest != NULL) {
515 pbuf_cat(recv_data, rest);
516 }
517 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
518 pcb->refused_data = recv_data;
519 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: keep incoming packet, because pcb is \"full\"\n"));
520 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
521 break;
522 } else {
523 /* Upper layer received the data, go on with the rest if > 64K */
524 recv_data = rest;
525 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
526 }
527 }
528
529 /* If a FIN segment was received, we call the callback
530 function with a NULL buffer to indicate EOF. */
531 if (recv_flags & TF_GOT_FIN) {
532 if (pcb->refused_data != NULL) {
533 /* Delay this if we have refused data. */
534 pcb->refused_data->flags |= PBUF_FLAG_TCP_FIN;
535 } else {
536 /* correct rcv_wnd as the application won't call tcp_recved()
537 for the FIN's seqno */
538 if (pcb->rcv_wnd != TCP_WND_MAX(pcb)) {
539 pcb->rcv_wnd++;
540 }
541 TCP_EVENT_CLOSED(pcb, err);
542 if (err == ERR_ABRT) {
543 goto aborted;
544 }
545 }
546 }
547
548 tcp_input_pcb = NULL;
549 if (tcp_input_delayed_close(pcb)) {
550 goto aborted;
551 }
552 /* Try to send something out. */
553 tcp_output(pcb);
554 #if TCP_INPUT_DEBUG
555 #if TCP_DEBUG
556 tcp_debug_print_state(pcb->state);
557 #endif /* TCP_DEBUG */
558 #endif /* TCP_INPUT_DEBUG */
559 }
560 }
561 /* Jump target if pcb has been aborted in a callback (by calling tcp_abort()).
562 Below this line, 'pcb' may not be dereferenced! */
563 aborted:
564 tcp_input_pcb = NULL;
565 recv_data = NULL;
566
567 /* give up our reference to inseg.p */
568 if (inseg.p != NULL) {
569 pbuf_free(inseg.p);
570 inseg.p = NULL;
571 }
572 } else {
573 /* If no matching PCB was found, send a TCP RST (reset) to the
574 sender. */
575 LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_input: no PCB match found, resetting.\n"));
576 if (!(TCPH_FLAGS(tcphdr) & TCP_RST)) {
577 TCP_STATS_INC(tcp.proterr);
578 TCP_STATS_INC(tcp.drop);
579 tcp_rst(NULL, ackno, seqno + tcplen, ip_current_dest_addr(),
580 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
581 }
582 pbuf_free(p);
583 }
584
585 LWIP_ASSERT("tcp_input: tcp_pcbs_sane()", tcp_pcbs_sane());
586 PERF_STOP("tcp_input");
587 return;
588 dropped:
589 TCP_STATS_INC(tcp.drop);
590 MIB2_STATS_INC(mib2.tcpinerrs);
591 pbuf_free(p);
592 }
593
594 /** Called from tcp_input to check for TF_CLOSED flag. This results in closing
595 * and deallocating a pcb at the correct place to ensure noone references it
596 * any more.
597 * @returns 1 if the pcb has been closed and deallocated, 0 otherwise
598 */
599 static int
600 tcp_input_delayed_close(struct tcp_pcb *pcb)
601 {
602 LWIP_ASSERT("tcp_input_delayed_close: invalid pcb", pcb != NULL);
603
604 if (recv_flags & TF_CLOSED) {
605 /* The connection has been closed and we will deallocate the
606 PCB. */
607 if (!(pcb->flags & TF_RXCLOSED)) {
608 /* Connection closed although the application has only shut down the
609 tx side: call the PCB's err callback and indicate the closure to
610 ensure the application doesn't continue using the PCB. */
611 TCP_EVENT_ERR(pcb->state, pcb->errf, pcb->callback_arg, ERR_CLSD);
612 }
613 tcp_pcb_remove(&tcp_active_pcbs, pcb);
614 tcp_free(pcb);
615 return 1;
616 }
617 return 0;
618 }
619
620 /**
621 * Called by tcp_input() when a segment arrives for a listening
622 * connection (from tcp_input()).
623 *
624 * @param pcb the tcp_pcb_listen for which a segment arrived
625 *
626 * @note the segment which arrived is saved in global variables, therefore only the pcb
627 * involved is passed as a parameter to this function
628 */
629 static void
630 tcp_listen_input(struct tcp_pcb_listen *pcb)
631 {
632 struct tcp_pcb *npcb;
633 u32_t iss;
634 err_t rc;
635
636 if (flags & TCP_RST) {
637 /* An incoming RST should be ignored. Return. */
638 return;
639 }
640
641 LWIP_ASSERT("tcp_listen_input: invalid pcb", pcb != NULL);
642
643 /* In the LISTEN state, we check for incoming SYN segments,
644 creates a new PCB, and responds with a SYN|ACK. */
645 if (flags & TCP_ACK) {
646 /* For incoming segments with the ACK flag set, respond with a
647 RST. */
648 LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_listen_input: ACK in LISTEN, sending reset\n"));
649 tcp_rst((const struct tcp_pcb *)pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
650 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
651 } else if (flags & TCP_SYN) {
652 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection request %"U16_F" -> %"U16_F".\n", tcphdr->src, tcphdr->dest));
653 #if TCP_LISTEN_BACKLOG
654 if (pcb->accepts_pending >= pcb->backlog) {
655 LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: listen backlog exceeded for port %"U16_F"\n", tcphdr->dest));
656 return;
657 }
658 #endif /* TCP_LISTEN_BACKLOG */
659 npcb = tcp_alloc(pcb->prio);
660 /* If a new PCB could not be created (probably due to lack of memory),
661 we don't do anything, but rely on the sender will retransmit the
662 SYN at a time when we have more memory available. */
663 if (npcb == NULL) {
664 err_t err;
665 LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: could not allocate PCB\n"));
666 TCP_STATS_INC(tcp.memerr);
667 TCP_EVENT_ACCEPT(pcb, NULL, pcb->callback_arg, ERR_MEM, err);
668 LWIP_UNUSED_ARG(err); /* err not useful here */
669 return;
670 }
671 #if TCP_LISTEN_BACKLOG
672 pcb->accepts_pending++;
673 tcp_set_flags(npcb, TF_BACKLOGPEND);
674 #endif /* TCP_LISTEN_BACKLOG */
675 /* Set up the new PCB. */
676 ip_addr_copy(npcb->local_ip, *ip_current_dest_addr());
677 ip_addr_copy(npcb->remote_ip, *ip_current_src_addr());
678 npcb->local_port = pcb->local_port;
679 npcb->remote_port = tcphdr->src;
680 npcb->state = SYN_RCVD;
681 npcb->rcv_nxt = seqno + 1;
682 npcb->rcv_ann_right_edge = npcb->rcv_nxt;
683 iss = tcp_next_iss(npcb);
684 npcb->snd_wl2 = iss;
685 npcb->snd_nxt = iss;
686 npcb->lastack = iss;
687 npcb->snd_lbb = iss;
688 npcb->snd_wl1 = seqno - 1;/* initialise to seqno-1 to force window update */
689 npcb->callback_arg = pcb->callback_arg;
690 #if LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG
691 npcb->listener = pcb;
692 #endif /* LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG */
693 #if LWIP_VLAN_PCP
694 npcb->netif_hints.tci = pcb->netif_hints.tci;
695 #endif /* LWIP_VLAN_PCP */
696 /* inherit socket options */
697 npcb->so_options = pcb->so_options & SOF_INHERITED;
698 npcb->netif_idx = pcb->netif_idx;
699 /* Register the new PCB so that we can begin receiving segments
700 for it. */
701 TCP_REG_ACTIVE(npcb);
702
703 /* Parse any options in the SYN. */
704 tcp_parseopt(npcb);
705 npcb->snd_wnd = tcphdr->wnd;
706 npcb->snd_wnd_max = npcb->snd_wnd;
707
708 #if TCP_CALCULATE_EFF_SEND_MSS
709 npcb->mss = tcp_eff_send_mss(npcb->mss, &npcb->local_ip, &npcb->remote_ip);
710 #endif /* TCP_CALCULATE_EFF_SEND_MSS */
711
712 MIB2_STATS_INC(mib2.tcppassiveopens);
713
714 #if LWIP_TCP_PCB_NUM_EXT_ARGS
715 if (tcp_ext_arg_invoke_callbacks_passive_open(pcb, npcb) != ERR_OK) {
716 tcp_abandon(npcb, 0);
717 return;
718 }
719 #endif
720
721 /* Send a SYN|ACK together with the MSS option. */
722 rc = tcp_enqueue_flags(npcb, TCP_SYN | TCP_ACK);
723 if (rc != ERR_OK) {
724 tcp_abandon(npcb, 0);
725 return;
726 }
727 tcp_output(npcb);
728 }
729 return;
730 }
731
732 /**
733 * Called by tcp_input() when a segment arrives for a connection in
734 * TIME_WAIT.
735 *
736 * @param pcb the tcp_pcb for which a segment arrived
737 *
738 * @note the segment which arrived is saved in global variables, therefore only the pcb
739 * involved is passed as a parameter to this function
740 */
741 static void
742 tcp_timewait_input(struct tcp_pcb *pcb)
743 {
744 /* RFC 1337: in TIME_WAIT, ignore RST and ACK FINs + any 'acceptable' segments */
745 /* RFC 793 3.9 Event Processing - Segment Arrives:
746 * - first check sequence number - we skip that one in TIME_WAIT (always
747 * acceptable since we only send ACKs)
748 * - second check the RST bit (... return) */
749 if (flags & TCP_RST) {
750 return;
751 }
752
753 LWIP_ASSERT("tcp_timewait_input: invalid pcb", pcb != NULL);
754
755 /* - fourth, check the SYN bit, */
756 if (flags & TCP_SYN) {
757 /* If an incoming segment is not acceptable, an acknowledgment
758 should be sent in reply */
759 if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd)) {
760 /* If the SYN is in the window it is an error, send a reset */
761 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
762 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
763 return;
764 }
765 } else if (flags & TCP_FIN) {
766 /* - eighth, check the FIN bit: Remain in the TIME-WAIT state.
767 Restart the 2 MSL time-wait timeout.*/
768 pcb->tmr = tcp_ticks;
769 }
770
771 if ((tcplen > 0)) {
772 /* Acknowledge data, FIN or out-of-window SYN */
773 tcp_ack_now(pcb);
774 tcp_output(pcb);
775 }
776 return;
777 }
778
779 /**
780 * Implements the TCP state machine. Called by tcp_input. In some
781 * states tcp_receive() is called to receive data. The tcp_seg
782 * argument will be freed by the caller (tcp_input()) unless the
783 * recv_data pointer in the pcb is set.
784 *
785 * @param pcb the tcp_pcb for which a segment arrived
786 *
787 * @note the segment which arrived is saved in global variables, therefore only the pcb
788 * involved is passed as a parameter to this function
789 */
790 static err_t
791 tcp_process(struct tcp_pcb *pcb)
792 {
793 struct tcp_seg *rseg;
794 u8_t acceptable = 0;
795 err_t err;
796
797 err = ERR_OK;
798
799 LWIP_ASSERT("tcp_process: invalid pcb", pcb != NULL);
800
801 /* Process incoming RST segments. */
802 if (flags & TCP_RST) {
803 /* First, determine if the reset is acceptable. */
804 if (pcb->state == SYN_SENT) {
805 /* "In the SYN-SENT state (a RST received in response to an initial SYN),
806 the RST is acceptable if the ACK field acknowledges the SYN." */
807 if (ackno == pcb->snd_nxt) {
808 acceptable = 1;
809 }
810 } else {
811 /* "In all states except SYN-SENT, all reset (RST) segments are validated
812 by checking their SEQ-fields." */
813 if (seqno == pcb->rcv_nxt) {
814 acceptable = 1;
815 } else if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt,
816 pcb->rcv_nxt + pcb->rcv_wnd)) {
817 /* If the sequence number is inside the window, we send a challenge ACK
818 and wait for a re-send with matching sequence number.
819 This follows RFC 5961 section 3.2 and addresses CVE-2004-0230
820 (RST spoofing attack), which is present in RFC 793 RST handling. */
821 tcp_ack_now(pcb);
822 }
823 }
824
825 if (acceptable) {
826 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: Connection RESET\n"));
827 LWIP_ASSERT("tcp_input: pcb->state != CLOSED", pcb->state != CLOSED);
828 recv_flags |= TF_RESET;
829 tcp_clear_flags(pcb, TF_ACK_DELAY);
830 return ERR_RST;
831 } else {
832 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
833 seqno, pcb->rcv_nxt));
834 LWIP_DEBUGF(TCP_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
835 seqno, pcb->rcv_nxt));
836 return ERR_OK;
837 }
838 }
839
840 if ((flags & TCP_SYN) && (pcb->state != SYN_SENT && pcb->state != SYN_RCVD)) {
841 /* Cope with new connection attempt after remote end crashed */
842 tcp_ack_now(pcb);
843 return ERR_OK;
844 }
845
846 if ((pcb->flags & TF_RXCLOSED) == 0) {
847 /* Update the PCB (in)activity timer unless rx is closed (see tcp_shutdown) */
848 pcb->tmr = tcp_ticks;
849 }
850 pcb->keep_cnt_sent = 0;
851 pcb->persist_probe = 0;
852
853 tcp_parseopt(pcb);
854
855 /* Do different things depending on the TCP state. */
856 switch (pcb->state) {
857 case SYN_SENT:
858 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("SYN-SENT: ackno %"U32_F" pcb->snd_nxt %"U32_F" unacked %s %"U32_F"\n",
859 ackno, pcb->snd_nxt, pcb->unacked ? "" : " empty:",
860 pcb->unacked ? lwip_ntohl(pcb->unacked->tcphdr->seqno) : 0));
861 /* received SYN ACK with expected sequence number? */
862 if ((flags & TCP_ACK) && (flags & TCP_SYN)
863 && (ackno == pcb->lastack + 1)) {
864 pcb->rcv_nxt = seqno + 1;
865 pcb->rcv_ann_right_edge = pcb->rcv_nxt;
866 pcb->lastack = ackno;
867 pcb->snd_wnd = tcphdr->wnd;
868 pcb->snd_wnd_max = pcb->snd_wnd;
869 pcb->snd_wl1 = seqno - 1; /* initialise to seqno - 1 to force window update */
870 pcb->state = ESTABLISHED;
871
872 #if TCP_CALCULATE_EFF_SEND_MSS
873 pcb->mss = tcp_eff_send_mss(pcb->mss, &pcb->local_ip, &pcb->remote_ip);
874 #endif /* TCP_CALCULATE_EFF_SEND_MSS */
875
876 pcb->cwnd = LWIP_TCP_CALC_INITIAL_CWND(pcb->mss);
877 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_process (SENT): cwnd %"TCPWNDSIZE_F
878 " ssthresh %"TCPWNDSIZE_F"\n",
879 pcb->cwnd, pcb->ssthresh));
880 LWIP_ASSERT("pcb->snd_queuelen > 0", (pcb->snd_queuelen > 0));
881 --pcb->snd_queuelen;
882 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_process: SYN-SENT --queuelen %"TCPWNDSIZE_F"\n", (tcpwnd_size_t)pcb->snd_queuelen));
883 rseg = pcb->unacked;
884 if (rseg == NULL) {
885 /* might happen if tcp_output fails in tcp_rexmit_rto()
886 in which case the segment is on the unsent list */
887 rseg = pcb->unsent;
888 LWIP_ASSERT("no segment to free", rseg != NULL);
889 pcb->unsent = rseg->next;
890 } else {
891 pcb->unacked = rseg->next;
892 }
893 tcp_seg_free(rseg);
894
895 /* If there's nothing left to acknowledge, stop the retransmit
896 timer, otherwise reset it to start again */
897 if (pcb->unacked == NULL) {
898 pcb->rtime = -1;
899 } else {
900 pcb->rtime = 0;
901 pcb->nrtx = 0;
902 }
903
904 /* Call the user specified function to call when successfully
905 * connected. */
906 TCP_EVENT_CONNECTED(pcb, ERR_OK, err);
907 if (err == ERR_ABRT) {
908 return ERR_ABRT;
909 }
910 tcp_ack_now(pcb);
911 }
912 /* received ACK? possibly a half-open connection */
913 else if (flags & TCP_ACK) {
914 /* send a RST to bring the other side in a non-synchronized state. */
915 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
916 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
917 /* Resend SYN immediately (don't wait for rto timeout) to establish
918 connection faster, but do not send more SYNs than we otherwise would
919 have, or we might get caught in a loop on loopback interfaces. */
920 if (pcb->nrtx < TCP_SYNMAXRTX) {
921 pcb->rtime = 0;
922 tcp_rexmit_rto(pcb);
923 }
924 }
925 break;
926 case SYN_RCVD:
927 if (flags & TCP_ACK) {
928 /* expected ACK number? */
929 if (TCP_SEQ_BETWEEN(ackno, pcb->lastack + 1, pcb->snd_nxt)) {
930 pcb->state = ESTABLISHED;
931 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection established %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
932 #if LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG
933 if (pcb->listener == NULL) {
934 /* listen pcb might be closed by now */
935 err = ERR_VAL;
936 } else
937 #endif /* LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG */
938 {
939 #if LWIP_CALLBACK_API
940 LWIP_ASSERT("pcb->listener->accept != NULL", pcb->listener->accept != NULL);
941 #endif
942 tcp_backlog_accepted(pcb);
943 /* Call the accept function. */
944 TCP_EVENT_ACCEPT(pcb->listener, pcb, pcb->callback_arg, ERR_OK, err);
945 }
946 if (err != ERR_OK) {
947 /* If the accept function returns with an error, we abort
948 * the connection. */
949 /* Already aborted? */
950 if (err != ERR_ABRT) {
951 tcp_abort(pcb);
952 }
953 return ERR_ABRT;
954 }
955 /* If there was any data contained within this ACK,
956 * we'd better pass it on to the application as well. */
957 tcp_receive(pcb);
958
959 /* Prevent ACK for SYN to generate a sent event */
960 if (recv_acked != 0) {
961 recv_acked--;
962 }
963
964 pcb->cwnd = LWIP_TCP_CALC_INITIAL_CWND(pcb->mss);
965 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_process (SYN_RCVD): cwnd %"TCPWNDSIZE_F
966 " ssthresh %"TCPWNDSIZE_F"\n",
967 pcb->cwnd, pcb->ssthresh));
968
969 if (recv_flags & TF_GOT_FIN) {
970 tcp_ack_now(pcb);
971 pcb->state = CLOSE_WAIT;
972 }
973 } else {
974 /* incorrect ACK number, send RST */
975 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
976 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
977 }
978 } else if ((flags & TCP_SYN) && (seqno == pcb->rcv_nxt - 1)) {
979 /* Looks like another copy of the SYN - retransmit our SYN-ACK */
980 tcp_rexmit(pcb);
981 }
982 break;
983 case CLOSE_WAIT:
984 /* FALLTHROUGH */
985 case ESTABLISHED:
986 tcp_receive(pcb);
987 if (recv_flags & TF_GOT_FIN) { /* passive close */
988 tcp_ack_now(pcb);
989 pcb->state = CLOSE_WAIT;
990 }
991 break;
992 case FIN_WAIT_1:
993 tcp_receive(pcb);
994 if (recv_flags & TF_GOT_FIN) {
995 if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt) &&
996 pcb->unsent == NULL) {
997 LWIP_DEBUGF(TCP_DEBUG,
998 ("TCP connection closed: FIN_WAIT_1 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
999 tcp_ack_now(pcb);
1000 tcp_pcb_purge(pcb);
1001 TCP_RMV_ACTIVE(pcb);
1002 pcb->state = TIME_WAIT;
1003 TCP_REG(&tcp_tw_pcbs, pcb);
1004 } else {
1005 tcp_ack_now(pcb);
1006 pcb->state = CLOSING;
1007 }
1008 } else if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt) &&
1009 pcb->unsent == NULL) {
1010 pcb->state = FIN_WAIT_2;
1011 }
1012 break;
1013 case FIN_WAIT_2:
1014 tcp_receive(pcb);
1015 if (recv_flags & TF_GOT_FIN) {
1016 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: FIN_WAIT_2 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1017 tcp_ack_now(pcb);
1018 tcp_pcb_purge(pcb);
1019 TCP_RMV_ACTIVE(pcb);
1020 pcb->state = TIME_WAIT;
1021 TCP_REG(&tcp_tw_pcbs, pcb);
1022 }
1023 break;
1024 case CLOSING:
1025 tcp_receive(pcb);
1026 if ((flags & TCP_ACK) && ackno == pcb->snd_nxt && pcb->unsent == NULL) {
1027 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: CLOSING %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1028 tcp_pcb_purge(pcb);
1029 TCP_RMV_ACTIVE(pcb);
1030 pcb->state = TIME_WAIT;
1031 TCP_REG(&tcp_tw_pcbs, pcb);
1032 }
1033 break;
1034 case LAST_ACK:
1035 tcp_receive(pcb);
1036 if ((flags & TCP_ACK) && ackno == pcb->snd_nxt && pcb->unsent == NULL) {
1037 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: LAST_ACK %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1038 /* bugfix #21699: don't set pcb->state to CLOSED here or we risk leaking segments */
1039 recv_flags |= TF_CLOSED;
1040 }
1041 break;
1042 default:
1043 break;
1044 }
1045 return ERR_OK;
1046 }
1047
1048 #if TCP_QUEUE_OOSEQ
1049 /**
1050 * Insert segment into the list (segments covered with new one will be deleted)
1051 *
1052 * Called from tcp_receive()
1053 */
1054 static void
1055 tcp_oos_insert_segment(struct tcp_seg *cseg, struct tcp_seg *next)
1056 {
1057 struct tcp_seg *old_seg;
1058
1059 LWIP_ASSERT("tcp_oos_insert_segment: invalid cseg", cseg != NULL);
1060
1061 if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
1062 /* received segment overlaps all following segments */
1063 tcp_segs_free(next);
1064 next = NULL;
1065 } else {
1066 /* delete some following segments
1067 oos queue may have segments with FIN flag */
1068 while (next &&
1069 TCP_SEQ_GEQ((seqno + cseg->len),
1070 (next->tcphdr->seqno + next->len))) {
1071 /* cseg with FIN already processed */
1072 if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
1073 TCPH_SET_FLAG(cseg->tcphdr, TCP_FIN);
1074 }
1075 old_seg = next;
1076 next = next->next;
1077 tcp_seg_free(old_seg);
1078 }
1079 if (next &&
1080 TCP_SEQ_GT(seqno + cseg->len, next->tcphdr->seqno)) {
1081 /* We need to trim the incoming segment. */
1082 cseg->len = (u16_t)(next->tcphdr->seqno - seqno);
1083 pbuf_realloc(cseg->p, cseg->len);
1084 }
1085 }
1086 cseg->next = next;
1087 }
1088 #endif /* TCP_QUEUE_OOSEQ */
1089
1090 /** Remove segments from a list if the incoming ACK acknowledges them */
1091 static struct tcp_seg *
1092 tcp_free_acked_segments(struct tcp_pcb *pcb, struct tcp_seg *seg_list, const char *dbg_list_name,
1093 struct tcp_seg *dbg_other_seg_list)
1094 {
1095 struct tcp_seg *next;
1096 u16_t clen;
1097
1098 LWIP_UNUSED_ARG(dbg_list_name);
1099 LWIP_UNUSED_ARG(dbg_other_seg_list);
1100
1101 while (seg_list != NULL &&
1102 TCP_SEQ_LEQ(lwip_ntohl(seg_list->tcphdr->seqno) +
1103 TCP_TCPLEN(seg_list), ackno)) {
1104 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: removing %"U32_F":%"U32_F" from pcb->%s\n",
1105 lwip_ntohl(seg_list->tcphdr->seqno),
1106 lwip_ntohl(seg_list->tcphdr->seqno) + TCP_TCPLEN(seg_list),
1107 dbg_list_name));
1108
1109 next = seg_list;
1110 seg_list = seg_list->next;
1111
1112 clen = pbuf_clen(next->p);
1113 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_receive: queuelen %"TCPWNDSIZE_F" ... ",
1114 (tcpwnd_size_t)pcb->snd_queuelen));
1115 LWIP_ASSERT("pcb->snd_queuelen >= pbuf_clen(next->p)", (pcb->snd_queuelen >= clen));
1116
1117 pcb->snd_queuelen = (u16_t)(pcb->snd_queuelen - clen);
1118 recv_acked = (tcpwnd_size_t)(recv_acked + next->len);
1119 tcp_seg_free(next);
1120
1121 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("%"TCPWNDSIZE_F" (after freeing %s)\n",
1122 (tcpwnd_size_t)pcb->snd_queuelen,
1123 dbg_list_name));
1124 if (pcb->snd_queuelen != 0) {
1125 LWIP_ASSERT("tcp_receive: valid queue length",
1126 seg_list != NULL || dbg_other_seg_list != NULL);
1127 }
1128 }
1129 return seg_list;
1130 }
1131
1132 /**
1133 * Called by tcp_process. Checks if the given segment is an ACK for outstanding
1134 * data, and if so frees the memory of the buffered data. Next, it places the
1135 * segment on any of the receive queues (pcb->recved or pcb->ooseq). If the segment
1136 * is buffered, the pbuf is referenced by pbuf_ref so that it will not be freed until
1137 * it has been removed from the buffer.
1138 *
1139 * If the incoming segment constitutes an ACK for a segment that was used for RTT
1140 * estimation, the RTT is estimated here as well.
1141 *
1142 * Called from tcp_process().
1143 */
1144 static void
1145 tcp_receive(struct tcp_pcb *pcb)
1146 {
1147 s16_t m;
1148 u32_t right_wnd_edge;
1149
1150 LWIP_ASSERT("tcp_receive: invalid pcb", pcb != NULL);
1151 LWIP_ASSERT("tcp_receive: wrong state", pcb->state >= ESTABLISHED);
1152
1153 if (flags & TCP_ACK) {
1154 right_wnd_edge = pcb->snd_wnd + pcb->snd_wl2;
1155
1156 /* Update window. */
1157 if (TCP_SEQ_LT(pcb->snd_wl1, seqno) ||
1158 (pcb->snd_wl1 == seqno && TCP_SEQ_LT(pcb->snd_wl2, ackno)) ||
1159 (pcb->snd_wl2 == ackno && (u32_t)SND_WND_SCALE(pcb, tcphdr->wnd) > pcb->snd_wnd)) {
1160 pcb->snd_wnd = SND_WND_SCALE(pcb, tcphdr->wnd);
1161 /* keep track of the biggest window announced by the remote host to calculate
1162 the maximum segment size */
1163 if (pcb->snd_wnd_max < pcb->snd_wnd) {
1164 pcb->snd_wnd_max = pcb->snd_wnd;
1165 }
1166 pcb->snd_wl1 = seqno;
1167 pcb->snd_wl2 = ackno;
1168 LWIP_DEBUGF(TCP_WND_DEBUG, ("tcp_receive: window update %"TCPWNDSIZE_F"\n", pcb->snd_wnd));
1169 #if TCP_WND_DEBUG
1170 } else {
1171 if (pcb->snd_wnd != (tcpwnd_size_t)SND_WND_SCALE(pcb, tcphdr->wnd)) {
1172 LWIP_DEBUGF(TCP_WND_DEBUG,
1173 ("tcp_receive: no window update lastack %"U32_F" ackno %"
1174 U32_F" wl1 %"U32_F" seqno %"U32_F" wl2 %"U32_F"\n",
1175 pcb->lastack, ackno, pcb->snd_wl1, seqno, pcb->snd_wl2));
1176 }
1177 #endif /* TCP_WND_DEBUG */
1178 }
1179
1180 /* (From Stevens TCP/IP Illustrated Vol II, p970.) Its only a
1181 * duplicate ack if:
1182 * 1) It doesn't ACK new data
1183 * 2) length of received packet is zero (i.e. no payload)
1184 * 3) the advertised window hasn't changed
1185 * 4) There is outstanding unacknowledged data (retransmission timer running)
1186 * 5) The ACK is == biggest ACK sequence number so far seen (snd_una)
1187 *
1188 * If it passes all five, should process as a dupack:
1189 * a) dupacks < 3: do nothing
1190 * b) dupacks == 3: fast retransmit
1191 * c) dupacks > 3: increase cwnd
1192 *
1193 * If it only passes 1-3, should reset dupack counter (and add to
1194 * stats, which we don't do in lwIP)
1195 *
1196 * If it only passes 1, should reset dupack counter
1197 *
1198 */
1199
1200 /* Clause 1 */
1201 if (TCP_SEQ_LEQ(ackno, pcb->lastack)) {
1202 /* Clause 2 */
1203 if (tcplen == 0) {
1204 /* Clause 3 */
1205 if (pcb->snd_wl2 + pcb->snd_wnd == right_wnd_edge) {
1206 /* Clause 4 */
1207 if (pcb->rtime >= 0) {
1208 /* Clause 5 */
1209 if (pcb->lastack == ackno) {
1210 if ((u8_t)(pcb->dupacks + 1) > pcb->dupacks) {
1211 ++pcb->dupacks;
1212 }
1213 if (pcb->dupacks > 3) {
1214 /* Inflate the congestion window */
1215 TCP_WND_INC(pcb->cwnd, pcb->mss);
1216 }
1217 if (pcb->dupacks >= 3) {
1218 /* Do fast retransmit (checked via TF_INFR, not via dupacks count) */
1219 tcp_rexmit_fast(pcb);
1220 }
1221 }
1222 }
1223 }
1224 }
1225 } else if (TCP_SEQ_BETWEEN(ackno, pcb->lastack + 1, pcb->snd_nxt)) {
1226 /* We come here when the ACK acknowledges new data. */
1227 tcpwnd_size_t acked;
1228
1229 /* Reset the "IN Fast Retransmit" flag, since we are no longer
1230 in fast retransmit. Also reset the congestion window to the
1231 slow start threshold. */
1232 if (pcb->flags & TF_INFR) {
1233 tcp_clear_flags(pcb, TF_INFR);
1234 pcb->cwnd = pcb->ssthresh;
1235 pcb->bytes_acked = 0;
1236 }
1237
1238 /* Reset the number of retransmissions. */
1239 pcb->nrtx = 0;
1240
1241 /* Reset the retransmission time-out. */
1242 pcb->rto = (s16_t)((pcb->sa >> 3) + pcb->sv);
1243
1244 /* Record how much data this ACK acks */
1245 acked = (tcpwnd_size_t)(ackno - pcb->lastack);
1246
1247 /* Reset the fast retransmit variables. */
1248 pcb->dupacks = 0;
1249 pcb->lastack = ackno;
1250
1251 /* Update the congestion control variables (cwnd and
1252 ssthresh). */
1253 if (pcb->state >= ESTABLISHED) {
1254 if (pcb->cwnd < pcb->ssthresh) {
1255 tcpwnd_size_t increase;
1256 /* limit to 1 SMSS segment during period following RTO */
1257 u8_t num_seg = (pcb->flags & TF_RTO) ? 1 : 2;
1258 /* RFC 3465, section 2.2 Slow Start */
1259 increase = LWIP_MIN(acked, (tcpwnd_size_t)(num_seg * pcb->mss));
1260 TCP_WND_INC(pcb->cwnd, increase);
1261 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: slow start cwnd %"TCPWNDSIZE_F"\n", pcb->cwnd));
1262 } else {
1263 /* RFC 3465, section 2.1 Congestion Avoidance */
1264 TCP_WND_INC(pcb->bytes_acked, acked);
1265 if (pcb->bytes_acked >= pcb->cwnd) {
1266 pcb->bytes_acked = (tcpwnd_size_t)(pcb->bytes_acked - pcb->cwnd);
1267 TCP_WND_INC(pcb->cwnd, pcb->mss);
1268 }
1269 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: congestion avoidance cwnd %"TCPWNDSIZE_F"\n", pcb->cwnd));
1270 }
1271 }
1272 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: ACK for %"U32_F", unacked->seqno %"U32_F":%"U32_F"\n",
1273 ackno,
1274 pcb->unacked != NULL ?
1275 lwip_ntohl(pcb->unacked->tcphdr->seqno) : 0,
1276 pcb->unacked != NULL ?
1277 lwip_ntohl(pcb->unacked->tcphdr->seqno) + TCP_TCPLEN(pcb->unacked) : 0));
1278
1279 /* Remove segment from the unacknowledged list if the incoming
1280 ACK acknowledges them. */
1281 pcb->unacked = tcp_free_acked_segments(pcb, pcb->unacked, "unacked", pcb->unsent);
1282 /* We go through the ->unsent list to see if any of the segments
1283 on the list are acknowledged by the ACK. This may seem
1284 strange since an "unsent" segment shouldn't be acked. The
1285 rationale is that lwIP puts all outstanding segments on the
1286 ->unsent list after a retransmission, so these segments may
1287 in fact have been sent once. */
1288 pcb->unsent = tcp_free_acked_segments(pcb, pcb->unsent, "unsent", pcb->unacked);
1289
1290 /* If there's nothing left to acknowledge, stop the retransmit
1291 timer, otherwise reset it to start again */
1292 if (pcb->unacked == NULL) {
1293 pcb->rtime = -1;
1294 } else {
1295 pcb->rtime = 0;
1296 }
1297
1298 pcb->polltmr = 0;
1299
1300 #if TCP_OVERSIZE
1301 if (pcb->unsent == NULL) {
1302 pcb->unsent_oversize = 0;
1303 }
1304 #endif /* TCP_OVERSIZE */
1305
1306 #if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
1307 if (ip_current_is_v6()) {
1308 /* Inform neighbor reachability of forward progress. */
1309 nd6_reachability_hint(ip6_current_src_addr());
1310 }
1311 #endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
1312
1313 pcb->snd_buf = (tcpwnd_size_t)(pcb->snd_buf + recv_acked);
1314 /* check if this ACK ends our retransmission of in-flight data */
1315 if (pcb->flags & TF_RTO) {
1316 /* RTO is done if
1317 1) both queues are empty or
1318 2) unacked is empty and unsent head contains data not part of RTO or
1319 3) unacked head contains data not part of RTO */
1320 if (pcb->unacked == NULL) {
1321 if ((pcb->unsent == NULL) ||
1322 (TCP_SEQ_LEQ(pcb->rto_end, lwip_ntohl(pcb->unsent->tcphdr->seqno)))) {
1323 tcp_clear_flags(pcb, TF_RTO);
1324 }
1325 } else if (TCP_SEQ_LEQ(pcb->rto_end, lwip_ntohl(pcb->unacked->tcphdr->seqno))) {
1326 tcp_clear_flags(pcb, TF_RTO);
1327 }
1328 }
1329 /* End of ACK for new data processing. */
1330 } else {
1331 /* Out of sequence ACK, didn't really ack anything */
1332 tcp_send_empty_ack(pcb);
1333 }
1334
1335 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: pcb->rttest %"U32_F" rtseq %"U32_F" ackno %"U32_F"\n",
1336 pcb->rttest, pcb->rtseq, ackno));
1337
1338 /* RTT estimation calculations. This is done by checking if the
1339 incoming segment acknowledges the segment we use to take a
1340 round-trip time measurement. */
1341 if (pcb->rttest && TCP_SEQ_LT(pcb->rtseq, ackno)) {
1342 /* diff between this shouldn't exceed 32K since this are tcp timer ticks
1343 and a round-trip shouldn't be that long... */
1344 m = (s16_t)(tcp_ticks - pcb->rttest);
1345
1346 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: experienced rtt %"U16_F" ticks (%"U16_F" msec).\n",
1347 m, (u16_t)(m * TCP_SLOW_INTERVAL)));
1348
1349 /* This is taken directly from VJs original code in his paper */
1350 m = (s16_t)(m - (pcb->sa >> 3));
1351 pcb->sa = (s16_t)(pcb->sa + m);
1352 if (m < 0) {
1353 m = (s16_t) - m;
1354 }
1355 m = (s16_t)(m - (pcb->sv >> 2));
1356 pcb->sv = (s16_t)(pcb->sv + m);
1357 pcb->rto = (s16_t)((pcb->sa >> 3) + pcb->sv);
1358
1359 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: RTO %"U16_F" (%"U16_F" milliseconds)\n",
1360 pcb->rto, (u16_t)(pcb->rto * TCP_SLOW_INTERVAL)));
1361
1362 pcb->rttest = 0;
1363 }
1364 }
1365
1366 /* If the incoming segment contains data, we must process it
1367 further unless the pcb already received a FIN.
1368 (RFC 793, chapter 3.9, "SEGMENT ARRIVES" in states CLOSE-WAIT, CLOSING,
1369 LAST-ACK and TIME-WAIT: "Ignore the segment text.") */
1370 if ((tcplen > 0) && (pcb->state < CLOSE_WAIT)) {
1371 /* This code basically does three things:
1372
1373 +) If the incoming segment contains data that is the next
1374 in-sequence data, this data is passed to the application. This
1375 might involve trimming the first edge of the data. The rcv_nxt
1376 variable and the advertised window are adjusted.
1377
1378 +) If the incoming segment has data that is above the next
1379 sequence number expected (->rcv_nxt), the segment is placed on
1380 the ->ooseq queue. This is done by finding the appropriate
1381 place in the ->ooseq queue (which is ordered by sequence
1382 number) and trim the segment in both ends if needed. An
1383 immediate ACK is sent to indicate that we received an
1384 out-of-sequence segment.
1385
1386 +) Finally, we check if the first segment on the ->ooseq queue
1387 now is in sequence (i.e., if rcv_nxt >= ooseq->seqno). If
1388 rcv_nxt > ooseq->seqno, we must trim the first edge of the
1389 segment on ->ooseq before we adjust rcv_nxt. The data in the
1390 segments that are now on sequence are chained onto the
1391 incoming segment so that we only need to call the application
1392 once.
1393 */
1394
1395 /* First, we check if we must trim the first edge. We have to do
1396 this if the sequence number of the incoming segment is less
1397 than rcv_nxt, and the sequence number plus the length of the
1398 segment is larger than rcv_nxt. */
1399 /* if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)) {
1400 if (TCP_SEQ_LT(pcb->rcv_nxt, seqno + tcplen)) {*/
1401 if (TCP_SEQ_BETWEEN(pcb->rcv_nxt, seqno + 1, seqno + tcplen - 1)) {
1402 /* Trimming the first edge is done by pushing the payload
1403 pointer in the pbuf downwards. This is somewhat tricky since
1404 we do not want to discard the full contents of the pbuf up to
1405 the new starting point of the data since we have to keep the
1406 TCP header which is present in the first pbuf in the chain.
1407
1408 What is done is really quite a nasty hack: the first pbuf in
1409 the pbuf chain is pointed to by inseg.p. Since we need to be
1410 able to deallocate the whole pbuf, we cannot change this
1411 inseg.p pointer to point to any of the later pbufs in the
1412 chain. Instead, we point the ->payload pointer in the first
1413 pbuf to data in one of the later pbufs. We also set the
1414 inseg.data pointer to point to the right place. This way, the
1415 ->p pointer will still point to the first pbuf, but the
1416 ->p->payload pointer will point to data in another pbuf.
1417
1418 After we are done with adjusting the pbuf pointers we must
1419 adjust the ->data pointer in the seg and the segment
1420 length.*/
1421
1422 struct pbuf *p = inseg.p;
1423 u32_t off32 = pcb->rcv_nxt - seqno;
1424 u16_t new_tot_len, off;
1425 LWIP_ASSERT("inseg.p != NULL", inseg.p);
1426 LWIP_ASSERT("insane offset!", (off32 < 0xffff));
1427 off = (u16_t)off32;
1428 LWIP_ASSERT("pbuf too short!", (((s32_t)inseg.p->tot_len) >= off));
1429 inseg.len -= off;
1430 new_tot_len = (u16_t)(inseg.p->tot_len - off);
1431 while (p->len < off) {
1432 off -= p->len;
1433 /* all pbufs up to and including this one have len==0, so tot_len is equal */
1434 p->tot_len = new_tot_len;
1435 p->len = 0;
1436 p = p->next;
1437 }
1438 /* cannot fail... */
1439 pbuf_remove_header(p, off);
1440 inseg.tcphdr->seqno = seqno = pcb->rcv_nxt;
1441 } else {
1442 if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)) {
1443 /* the whole segment is < rcv_nxt */
1444 /* must be a duplicate of a packet that has already been correctly handled */
1445
1446 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: duplicate seqno %"U32_F"\n", seqno));
1447 tcp_ack_now(pcb);
1448 }
1449 }
1450
1451 /* The sequence number must be within the window (above rcv_nxt
1452 and below rcv_nxt + rcv_wnd) in order to be further
1453 processed. */
1454 if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt,
1455 pcb->rcv_nxt + pcb->rcv_wnd - 1)) {
1456 if (pcb->rcv_nxt == seqno) {
1457 /* The incoming segment is the next in sequence. We check if
1458 we have to trim the end of the segment and update rcv_nxt
1459 and pass the data to the application. */
1460 tcplen = TCP_TCPLEN(&inseg);
1461
1462 if (tcplen > pcb->rcv_wnd) {
1463 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1464 ("tcp_receive: other end overran receive window"
1465 "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
1466 seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
1467 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1468 /* Must remove the FIN from the header as we're trimming
1469 * that byte of sequence-space from the packet */
1470 TCPH_FLAGS_SET(inseg.tcphdr, TCPH_FLAGS(inseg.tcphdr) & ~(unsigned int)TCP_FIN);
1471 }
1472 /* Adjust length of segment to fit in the window. */
1473 TCPWND_CHECK16(pcb->rcv_wnd);
1474 inseg.len = (u16_t)pcb->rcv_wnd;
1475 if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
1476 inseg.len -= 1;
1477 }
1478 pbuf_realloc(inseg.p, inseg.len);
1479 tcplen = TCP_TCPLEN(&inseg);
1480 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd\n",
1481 (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
1482 }
1483 #if TCP_QUEUE_OOSEQ
1484 /* Received in-sequence data, adjust ooseq data if:
1485 - FIN has been received or
1486 - inseq overlaps with ooseq */
1487 if (pcb->ooseq != NULL) {
1488 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1489 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1490 ("tcp_receive: received in-order FIN, binning ooseq queue\n"));
1491 /* Received in-order FIN means anything that was received
1492 * out of order must now have been received in-order, so
1493 * bin the ooseq queue */
1494 while (pcb->ooseq != NULL) {
1495 struct tcp_seg *old_ooseq = pcb->ooseq;
1496 pcb->ooseq = pcb->ooseq->next;
1497 tcp_seg_free(old_ooseq);
1498 }
1499 } else {
1500 struct tcp_seg *next = pcb->ooseq;
1501 /* Remove all segments on ooseq that are covered by inseg already.
1502 * FIN is copied from ooseq to inseg if present. */
1503 while (next &&
1504 TCP_SEQ_GEQ(seqno + tcplen,
1505 next->tcphdr->seqno + next->len)) {
1506 struct tcp_seg *tmp;
1507 /* inseg cannot have FIN here (already processed above) */
1508 if ((TCPH_FLAGS(next->tcphdr) & TCP_FIN) != 0 &&
1509 (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) == 0) {
1510 TCPH_SET_FLAG(inseg.tcphdr, TCP_FIN);
1511 tcplen = TCP_TCPLEN(&inseg);
1512 }
1513 tmp = next;
1514 next = next->next;
1515 tcp_seg_free(tmp);
1516 }
1517 /* Now trim right side of inseg if it overlaps with the first
1518 * segment on ooseq */
1519 if (next &&
1520 TCP_SEQ_GT(seqno + tcplen,
1521 next->tcphdr->seqno)) {
1522 /* inseg cannot have FIN here (already processed above) */
1523 inseg.len = (u16_t)(next->tcphdr->seqno - seqno);
1524 if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
1525 inseg.len -= 1;
1526 }
1527 pbuf_realloc(inseg.p, inseg.len);
1528 tcplen = TCP_TCPLEN(&inseg);
1529 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to ooseq queue\n",
1530 (seqno + tcplen) == next->tcphdr->seqno);
1531 }
1532 pcb->ooseq = next;
1533 }
1534 }
1535 #endif /* TCP_QUEUE_OOSEQ */
1536
1537 pcb->rcv_nxt = seqno + tcplen;
1538
1539 /* Update the receiver's (our) window. */
1540 LWIP_ASSERT("tcp_receive: tcplen > rcv_wnd\n", pcb->rcv_wnd >= tcplen);
1541 pcb->rcv_wnd -= tcplen;
1542
1543 tcp_update_rcv_ann_wnd(pcb);
1544
1545 /* If there is data in the segment, we make preparations to
1546 pass this up to the application. The ->recv_data variable
1547 is used for holding the pbuf that goes to the
1548 application. The code for reassembling out-of-sequence data
1549 chains its data on this pbuf as well.
1550
1551 If the segment was a FIN, we set the TF_GOT_FIN flag that will
1552 be used to indicate to the application that the remote side has
1553 closed its end of the connection. */
1554 if (inseg.p->tot_len > 0) {
1555 recv_data = inseg.p;
1556 /* Since this pbuf now is the responsibility of the
1557 application, we delete our reference to it so that we won't
1558 (mistakingly) deallocate it. */
1559 inseg.p = NULL;
1560 }
1561 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1562 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: received FIN.\n"));
1563 recv_flags |= TF_GOT_FIN;
1564 }
1565
1566 #if TCP_QUEUE_OOSEQ
1567 /* We now check if we have segments on the ->ooseq queue that
1568 are now in sequence. */
1569 while (pcb->ooseq != NULL &&
1570 pcb->ooseq->tcphdr->seqno == pcb->rcv_nxt) {
1571
1572 struct tcp_seg *cseg = pcb->ooseq;
1573 seqno = pcb->ooseq->tcphdr->seqno;
1574
1575 pcb->rcv_nxt += TCP_TCPLEN(cseg);
1576 LWIP_ASSERT("tcp_receive: ooseq tcplen > rcv_wnd\n",
1577 pcb->rcv_wnd >= TCP_TCPLEN(cseg));
1578 pcb->rcv_wnd -= TCP_TCPLEN(cseg);
1579
1580 tcp_update_rcv_ann_wnd(pcb);
1581
1582 if (cseg->p->tot_len > 0) {
1583 /* Chain this pbuf onto the pbuf that we will pass to
1584 the application. */
1585 /* With window scaling, this can overflow recv_data->tot_len, but
1586 that's not a problem since we explicitly fix that before passing
1587 recv_data to the application. */
1588 if (recv_data) {
1589 pbuf_cat(recv_data, cseg->p);
1590 } else {
1591 recv_data = cseg->p;
1592 }
1593 cseg->p = NULL;
1594 }
1595 if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
1596 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: dequeued FIN.\n"));
1597 recv_flags |= TF_GOT_FIN;
1598 if (pcb->state == ESTABLISHED) { /* force passive close or we can move to active close */
1599 pcb->state = CLOSE_WAIT;
1600 }
1601 }
1602
1603 pcb->ooseq = cseg->next;
1604 tcp_seg_free(cseg);
1605 }
1606 #if LWIP_TCP_SACK_OUT
1607 if (pcb->flags & TF_SACK) {
1608 if (pcb->ooseq != NULL) {
1609 /* Some segments may have been removed from ooseq, let's remove all SACKs that
1610 describe anything before the new beginning of that list. */
1611 tcp_remove_sacks_lt(pcb, pcb->ooseq->tcphdr->seqno);
1612 } else if (LWIP_TCP_SACK_VALID(pcb, 0)) {
1613 /* ooseq has been cleared. Nothing to SACK */
1614 memset(pcb->rcv_sacks, 0, sizeof(pcb->rcv_sacks));
1615 }
1616 }
1617 #endif /* LWIP_TCP_SACK_OUT */
1618 #endif /* TCP_QUEUE_OOSEQ */
1619
1620
1621 /* Acknowledge the segment(s). */
1622 tcp_ack(pcb);
1623
1624 #if LWIP_TCP_SACK_OUT
1625 if (LWIP_TCP_SACK_VALID(pcb, 0)) {
1626 /* Normally the ACK for the data received could be piggy-backed on a data packet,
1627 but lwIP currently does not support including SACKs in data packets. So we force
1628 it to respond with an empty ACK packet (only if there is at least one SACK to be sent).
1629 NOTE: tcp_send_empty_ack() on success clears the ACK flags (set by tcp_ack()) */
1630 tcp_send_empty_ack(pcb);
1631 }
1632 #endif /* LWIP_TCP_SACK_OUT */
1633
1634 #if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
1635 if (ip_current_is_v6()) {
1636 /* Inform neighbor reachability of forward progress. */
1637 nd6_reachability_hint(ip6_current_src_addr());
1638 }
1639 #endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
1640
1641 } else {
1642 /* We get here if the incoming segment is out-of-sequence. */
1643
1644 #if TCP_QUEUE_OOSEQ
1645 /* We queue the segment on the ->ooseq queue. */
1646 if (pcb->ooseq == NULL) {
1647 pcb->ooseq = tcp_seg_copy(&inseg);
1648 #if LWIP_TCP_SACK_OUT
1649 if (pcb->flags & TF_SACK) {
1650 /* All the SACKs should be invalid, so we can simply store the most recent one: */
1651 pcb->rcv_sacks[0].left = seqno;
1652 pcb->rcv_sacks[0].right = seqno + inseg.len;
1653 }
1654 #endif /* LWIP_TCP_SACK_OUT */
1655 } else {
1656 /* If the queue is not empty, we walk through the queue and
1657 try to find a place where the sequence number of the
1658 incoming segment is between the sequence numbers of the
1659 previous and the next segment on the ->ooseq queue. That is
1660 the place where we put the incoming segment. If needed, we
1661 trim the second edges of the previous and the incoming
1662 segment so that it will fit into the sequence.
1663
1664 If the incoming segment has the same sequence number as a
1665 segment on the ->ooseq queue, we discard the segment that
1666 contains less data. */
1667
1668 #if LWIP_TCP_SACK_OUT
1669 /* This is the left edge of the lowest possible SACK range.
1670 It may start before the newly received segment (possibly adjusted below). */
1671 u32_t sackbeg = TCP_SEQ_LT(seqno, pcb->ooseq->tcphdr->seqno) ? seqno : pcb->ooseq->tcphdr->seqno;
1672 #endif /* LWIP_TCP_SACK_OUT */
1673 struct tcp_seg *next, *prev = NULL;
1674 for (next = pcb->ooseq; next != NULL; next = next->next) {
1675 if (seqno == next->tcphdr->seqno) {
1676 /* The sequence number of the incoming segment is the
1677 same as the sequence number of the segment on
1678 ->ooseq. We check the lengths to see which one to
1679 discard. */
1680 if (inseg.len > next->len) {
1681 /* The incoming segment is larger than the old
1682 segment. We replace some segments with the new
1683 one. */
1684 struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1685 if (cseg != NULL) {
1686 if (prev != NULL) {
1687 prev->next = cseg;
1688 } else {
1689 pcb->ooseq = cseg;
1690 }
1691 tcp_oos_insert_segment(cseg, next);
1692 }
1693 break;
1694 } else {
1695 /* Either the lengths are the same or the incoming
1696 segment was smaller than the old one; in either
1697 case, we ditch the incoming segment. */
1698 break;
1699 }
1700 } else {
1701 if (prev == NULL) {
1702 if (TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {
1703 /* The sequence number of the incoming segment is lower
1704 than the sequence number of the first segment on the
1705 queue. We put the incoming segment first on the
1706 queue. */
1707 struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1708 if (cseg != NULL) {
1709 pcb->ooseq = cseg;
1710 tcp_oos_insert_segment(cseg, next);
1711 }
1712 break;
1713 }
1714 } else {
1715 /*if (TCP_SEQ_LT(prev->tcphdr->seqno, seqno) &&
1716 TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {*/
1717 if (TCP_SEQ_BETWEEN(seqno, prev->tcphdr->seqno + 1, next->tcphdr->seqno - 1)) {
1718 /* The sequence number of the incoming segment is in
1719 between the sequence numbers of the previous and
1720 the next segment on ->ooseq. We trim trim the previous
1721 segment, delete next segments that included in received segment
1722 and trim received, if needed. */
1723 struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1724 if (cseg != NULL) {
1725 if (TCP_SEQ_GT(prev->tcphdr->seqno + prev->len, seqno)) {
1726 /* We need to trim the prev segment. */
1727 prev->len = (u16_t)(seqno - prev->tcphdr->seqno);
1728 pbuf_realloc(prev->p, prev->len);
1729 }
1730 prev->next = cseg;
1731 tcp_oos_insert_segment(cseg, next);
1732 }
1733 break;
1734 }
1735 }
1736
1737 #if LWIP_TCP_SACK_OUT
1738 /* The new segment goes after the 'next' one. If there is a "hole" in sequence numbers
1739 between 'prev' and the beginning of 'next', we want to move sackbeg. */
1740 if (prev != NULL && prev->tcphdr->seqno + prev->len != next->tcphdr->seqno) {
1741 sackbeg = next->tcphdr->seqno;
1742 }
1743 #endif /* LWIP_TCP_SACK_OUT */
1744
1745 /* We don't use 'prev' below, so let's set it to current 'next'.
1746 This way even if we break the loop below, 'prev' will be pointing
1747 at the segment right in front of the newly added one. */
1748 prev = next;
1749
1750 /* If the "next" segment is the last segment on the
1751 ooseq queue, we add the incoming segment to the end
1752 of the list. */
1753 if (next->next == NULL &&
1754 TCP_SEQ_GT(seqno, next->tcphdr->seqno)) {
1755 if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
1756 /* segment "next" already contains all data */
1757 break;
1758 }
1759 next->next = tcp_seg_copy(&inseg);
1760 if (next->next != NULL) {
1761 if (TCP_SEQ_GT(next->tcphdr->seqno + next->len, seqno)) {
1762 /* We need to trim the last segment. */
1763 next->len = (u16_t)(seqno - next->tcphdr->seqno);
1764 pbuf_realloc(next->p, next->len);
1765 }
1766 /* check if the remote side overruns our receive window */
1767 if (TCP_SEQ_GT((u32_t)tcplen + seqno, pcb->rcv_nxt + (u32_t)pcb->rcv_wnd)) {
1768 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1769 ("tcp_receive: other end overran receive window"
1770 "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
1771 seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
1772 if (TCPH_FLAGS(next->next->tcphdr) & TCP_FIN) {
1773 /* Must remove the FIN from the header as we're trimming
1774 * that byte of sequence-space from the packet */
1775 TCPH_FLAGS_SET(next->next->tcphdr, TCPH_FLAGS(next->next->tcphdr) & ~TCP_FIN);
1776 }
1777 /* Adjust length of segment to fit in the window. */
1778 next->next->len = (u16_t)(pcb->rcv_nxt + pcb->rcv_wnd - seqno);
1779 pbuf_realloc(next->next->p, next->next->len);
1780 tcplen = TCP_TCPLEN(next->next);
1781 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd\n",
1782 (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
1783 }
1784 }
1785 break;
1786 }
1787 }
1788 }
1789
1790 #if LWIP_TCP_SACK_OUT
1791 if (pcb->flags & TF_SACK) {
1792 if (prev == NULL) {
1793 /* The new segment is at the beginning. sackbeg should already be set properly.
1794 We need to find the right edge. */
1795 next = pcb->ooseq;
1796 } else if (prev->next != NULL) {
1797 /* The new segment was added after 'prev'. If there is a "hole" between 'prev' and 'prev->next',
1798 we need to move sackbeg. After that we should find the right edge. */
1799 next = prev->next;
1800 if (prev->tcphdr->seqno + prev->len != next->tcphdr->seqno) {
1801 sackbeg = next->tcphdr->seqno;
1802 }
1803 } else {
1804 next = NULL;
1805 }
1806 if (next != NULL) {
1807 u32_t sackend = next->tcphdr->seqno;
1808 for ( ; (next != NULL) && (sackend == next->tcphdr->seqno); next = next->next) {
1809 sackend += next->len;
1810 }
1811 tcp_add_sack(pcb, sackbeg, sackend);
1812 }
1813 }
1814 #endif /* LWIP_TCP_SACK_OUT */
1815 }
1816 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
1817 {
1818 /* Check that the data on ooseq doesn't exceed one of the limits
1819 and throw away everything above that limit. */
1820 #ifdef TCP_OOSEQ_BYTES_LIMIT
1821 const u32_t ooseq_max_blen = TCP_OOSEQ_BYTES_LIMIT(pcb);
1822 u32_t ooseq_blen = 0;
1823 #endif
1824 #ifdef TCP_OOSEQ_PBUFS_LIMIT
1825 const u16_t ooseq_max_qlen = TCP_OOSEQ_PBUFS_LIMIT(pcb);
1826 u16_t ooseq_qlen = 0;
1827 #endif
1828 struct tcp_seg *next, *prev = NULL;
1829 for (next = pcb->ooseq; next != NULL; prev = next, next = next->next) {
1830 struct pbuf *p = next->p;
1831 int stop_here = 0;
1832 #ifdef TCP_OOSEQ_BYTES_LIMIT
1833 ooseq_blen += p->tot_len;
1834 if (ooseq_blen > ooseq_max_blen) {
1835 stop_here = 1;
1836 }
1837 #endif
1838 #ifdef TCP_OOSEQ_PBUFS_LIMIT
1839 ooseq_qlen += pbuf_clen(p);
1840 if (ooseq_qlen > ooseq_max_qlen) {
1841 stop_here = 1;
1842 }
1843 #endif
1844 if (stop_here) {
1845 #if LWIP_TCP_SACK_OUT
1846 if (pcb->flags & TF_SACK) {
1847 /* Let's remove all SACKs from next's seqno up. */
1848 tcp_remove_sacks_gt(pcb, next->tcphdr->seqno);
1849 }
1850 #endif /* LWIP_TCP_SACK_OUT */
1851 /* too much ooseq data, dump this and everything after it */
1852 tcp_segs_free(next);
1853 if (prev == NULL) {
1854 /* first ooseq segment is too much, dump the whole queue */
1855 pcb->ooseq = NULL;
1856 } else {
1857 /* just dump 'next' and everything after it */
1858 prev->next = NULL;
1859 }
1860 break;
1861 }
1862 }
1863 }
1864 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
1865 #endif /* TCP_QUEUE_OOSEQ */
1866
1867 /* We send the ACK packet after we've (potentially) dealt with SACKs,
1868 so they can be included in the acknowledgment. */
1869 tcp_send_empty_ack(pcb);
1870 }
1871 } else {
1872 /* The incoming segment is not within the window. */
1873 tcp_send_empty_ack(pcb);
1874 }
1875 } else {
1876 /* Segments with length 0 is taken care of here. Segments that
1877 fall out of the window are ACKed. */
1878 if (!TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd - 1)) {
1879 tcp_ack_now(pcb);
1880 }
1881 }
1882 }
1883
1884 static u8_t
1885 tcp_get_next_optbyte(void)
1886 {
1887 u16_t optidx = tcp_optidx++;
1888 if ((tcphdr_opt2 == NULL) || (optidx < tcphdr_opt1len)) {
1889 u8_t *opts = (u8_t *)tcphdr + TCP_HLEN;
1890 return opts[optidx];
1891 } else {
1892 u8_t idx = (u8_t)(optidx - tcphdr_opt1len);
1893 return tcphdr_opt2[idx];
1894 }
1895 }
1896
1897 /**
1898 * Parses the options contained in the incoming segment.
1899 *
1900 * Called from tcp_listen_input() and tcp_process().
1901 * Currently, only the MSS option is supported!
1902 *
1903 * @param pcb the tcp_pcb for which a segment arrived
1904 */
1905 static void
1906 tcp_parseopt(struct tcp_pcb *pcb)
1907 {
1908 u8_t data;
1909 u16_t mss;
1910 #if LWIP_TCP_TIMESTAMPS
1911 u32_t tsval;
1912 #endif
1913
1914 LWIP_ASSERT("tcp_parseopt: invalid pcb", pcb != NULL);
1915
1916 /* Parse the TCP MSS option, if present. */
1917 if (tcphdr_optlen != 0) {
1918 for (tcp_optidx = 0; tcp_optidx < tcphdr_optlen; ) {
1919 u8_t opt = tcp_get_next_optbyte();
1920 switch (opt) {
1921 case LWIP_TCP_OPT_EOL:
1922 /* End of options. */
1923 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: EOL\n"));
1924 return;
1925 case LWIP_TCP_OPT_NOP:
1926 /* NOP option. */
1927 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: NOP\n"));
1928 break;
1929 case LWIP_TCP_OPT_MSS:
1930 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: MSS\n"));
1931 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_MSS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_MSS) > tcphdr_optlen) {
1932 /* Bad length */
1933 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1934 return;
1935 }
1936 /* An MSS option with the right option length. */
1937 mss = (u16_t)(tcp_get_next_optbyte() << 8);
1938 mss |= tcp_get_next_optbyte();
1939 /* Limit the mss to the configured TCP_MSS and prevent division by zero */
1940 pcb->mss = ((mss > TCP_MSS) || (mss == 0)) ? TCP_MSS : mss;
1941 break;
1942 #if LWIP_WND_SCALE
1943 case LWIP_TCP_OPT_WS:
1944 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: WND_SCALE\n"));
1945 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_WS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_WS) > tcphdr_optlen) {
1946 /* Bad length */
1947 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1948 return;
1949 }
1950 /* An WND_SCALE option with the right option length. */
1951 data = tcp_get_next_optbyte();
1952 /* If syn was received with wnd scale option,
1953 activate wnd scale opt, but only if this is not a retransmission */
1954 if ((flags & TCP_SYN) && !(pcb->flags & TF_WND_SCALE)) {
1955 pcb->snd_scale = data;
1956 if (pcb->snd_scale > 14U) {
1957 pcb->snd_scale = 14U;
1958 }
1959 pcb->rcv_scale = TCP_RCV_SCALE;
1960 tcp_set_flags(pcb, TF_WND_SCALE);
1961 /* window scaling is enabled, we can use the full receive window */
1962 LWIP_ASSERT("window not at default value", pcb->rcv_wnd == TCPWND_MIN16(TCP_WND));
1963 LWIP_ASSERT("window not at default value", pcb->rcv_ann_wnd == TCPWND_MIN16(TCP_WND));
1964 pcb->rcv_wnd = pcb->rcv_ann_wnd = TCP_WND;
1965 }
1966 break;
1967 #endif /* LWIP_WND_SCALE */
1968 #if LWIP_TCP_TIMESTAMPS
1969 case LWIP_TCP_OPT_TS:
1970 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: TS\n"));
1971 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_TS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_TS) > tcphdr_optlen) {
1972 /* Bad length */
1973 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1974 return;
1975 }
1976 /* TCP timestamp option with valid length */
1977 tsval = tcp_get_next_optbyte();
1978 tsval |= (tcp_get_next_optbyte() << 8);
1979 tsval |= (tcp_get_next_optbyte() << 16);
1980 tsval |= (tcp_get_next_optbyte() << 24);
1981 if (flags & TCP_SYN) {
1982 pcb->ts_recent = lwip_ntohl(tsval);
1983 /* Enable sending timestamps in every segment now that we know
1984 the remote host supports it. */
1985 tcp_set_flags(pcb, TF_TIMESTAMP);
1986 } else if (TCP_SEQ_BETWEEN(pcb->ts_lastacksent, seqno, seqno + tcplen)) {
1987 pcb->ts_recent = lwip_ntohl(tsval);
1988 }
1989 /* Advance to next option (6 bytes already read) */
1990 tcp_optidx += LWIP_TCP_OPT_LEN_TS - 6;
1991 break;
1992 #endif /* LWIP_TCP_TIMESTAMPS */
1993 #if LWIP_TCP_SACK_OUT
1994 case LWIP_TCP_OPT_SACK_PERM:
1995 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: SACK_PERM\n"));
1996 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_SACK_PERM || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_SACK_PERM) > tcphdr_optlen) {
1997 /* Bad length */
1998 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1999 return;
2000 }
2001 /* TCP SACK_PERM option with valid length */
2002 if (flags & TCP_SYN) {
2003 /* We only set it if we receive it in a SYN (or SYN+ACK) packet */
2004 tcp_set_flags(pcb, TF_SACK);
2005 }
2006 break;
2007 #endif /* LWIP_TCP_SACK_OUT */
2008 default:
2009 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: other\n"));
2010 data = tcp_get_next_optbyte();
2011 if (data < 2) {
2012 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
2013 /* If the length field is zero, the options are malformed
2014 and we don't process them further. */
2015 return;
2016 }
2017 /* All other options have a length field, so that we easily
2018 can skip past them. */
2019 tcp_optidx += data - 2;
2020 }
2021 }
2022 }
2023 }
2024
2025 void
2026 tcp_trigger_input_pcb_close(void)
2027 {
2028 recv_flags |= TF_CLOSED;
2029 }
2030
2031 #if LWIP_TCP_SACK_OUT
2032 /**
2033 * Called by tcp_receive() to add new SACK entry.
2034 *
2035 * The new SACK entry will be placed at the beginning of rcv_sacks[], as the newest one.
2036 * Existing SACK entries will be "pushed back", to preserve their order.
2037 * This is the behavior described in RFC 2018, section 4.
2038 *
2039 * @param pcb the tcp_pcb for which a segment arrived
2040 * @param left the left side of the SACK (the first sequence number)
2041 * @param right the right side of the SACK (the first sequence number past this SACK)
2042 */
2043 static void
2044 tcp_add_sack(struct tcp_pcb *pcb, u32_t left, u32_t right)
2045 {
2046 u8_t i;
2047 u8_t unused_idx;
2048
2049 if ((pcb->flags & TF_SACK) == 0 || !TCP_SEQ_LT(left, right)) {
2050 return;
2051 }
2052
2053 /* First, let's remove all SACKs that are no longer needed (because they overlap with the newest one),
2054 while moving all other SACKs forward.
2055 We run this loop for all entries, until we find the first invalid one.
2056 There is no point checking after that. */
2057 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2058 /* We only want to use SACK at [i] if it doesn't overlap with left:right range.
2059 It does not overlap if its right side is before the newly added SACK,
2060 or if its left side is after the newly added SACK.
2061 NOTE: The equality should not really happen, but it doesn't hurt. */
2062 if (TCP_SEQ_LEQ(pcb->rcv_sacks[i].right, left) || TCP_SEQ_LEQ(right, pcb->rcv_sacks[i].left)) {
2063 if (unused_idx != i) {
2064 /* We don't need to copy if it's already in the right spot */
2065 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2066 }
2067 ++unused_idx;
2068 }
2069 }
2070
2071 /* Now 'unused_idx' is the index of the first invalid SACK entry,
2072 anywhere between 0 (no valid entries) and LWIP_TCP_MAX_SACK_NUM (all entries are valid).
2073 We want to clear this and all following SACKs.
2074 However, we will be adding another one in the front (and shifting everything else back).
2075 So let's just iterate from the back, and set each entry to the one to the left if it's valid,
2076 or to 0 if it is not. */
2077 for (i = LWIP_TCP_MAX_SACK_NUM - 1; i > 0; --i) {
2078 /* [i] is the index we are setting, and the value should be at index [i-1],
2079 or 0 if that index is unused (>= unused_idx). */
2080 if (i - 1 >= unused_idx) {
2081 /* [i-1] is unused. Let's clear [i]. */
2082 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2083 } else {
2084 pcb->rcv_sacks[i] = pcb->rcv_sacks[i - 1];
2085 }
2086 }
2087
2088 /* And now we can store the newest SACK */
2089 pcb->rcv_sacks[0].left = left;
2090 pcb->rcv_sacks[0].right = right;
2091 }
2092
2093 /**
2094 * Called to remove a range of SACKs.
2095 *
2096 * SACK entries will be removed or adjusted to not acknowledge any sequence
2097 * numbers that are less than 'seq' passed. It not only invalidates entries,
2098 * but also moves all entries that are still valid to the beginning.
2099 *
2100 * @param pcb the tcp_pcb to modify
2101 * @param seq the lowest sequence number to keep in SACK entries
2102 */
2103 static void
2104 tcp_remove_sacks_lt(struct tcp_pcb *pcb, u32_t seq)
2105 {
2106 u8_t i;
2107 u8_t unused_idx;
2108
2109 /* We run this loop for all entries, until we find the first invalid one.
2110 There is no point checking after that. */
2111 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2112 /* We only want to use SACK at index [i] if its right side is > 'seq'. */
2113 if (TCP_SEQ_GT(pcb->rcv_sacks[i].right, seq)) {
2114 if (unused_idx != i) {
2115 /* We only copy it if it's not in the right spot already. */
2116 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2117 }
2118 /* NOTE: It is possible that its left side is < 'seq', in which case we should adjust it. */
2119 if (TCP_SEQ_LT(pcb->rcv_sacks[unused_idx].left, seq)) {
2120 pcb->rcv_sacks[unused_idx].left = seq;
2121 }
2122 ++unused_idx;
2123 }
2124 }
2125
2126 /* We also need to invalidate everything from 'unused_idx' till the end */
2127 for (i = unused_idx; i < LWIP_TCP_MAX_SACK_NUM; ++i) {
2128 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2129 }
2130 }
2131
2132 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
2133 /**
2134 * Called to remove a range of SACKs.
2135 *
2136 * SACK entries will be removed or adjusted to not acknowledge any sequence
2137 * numbers that are greater than (or equal to) 'seq' passed. It not only invalidates entries,
2138 * but also moves all entries that are still valid to the beginning.
2139 *
2140 * @param pcb the tcp_pcb to modify
2141 * @param seq the highest sequence number to keep in SACK entries
2142 */
2143 static void
2144 tcp_remove_sacks_gt(struct tcp_pcb *pcb, u32_t seq)
2145 {
2146 u8_t i;
2147 u8_t unused_idx;
2148
2149 /* We run this loop for all entries, until we find the first invalid one.
2150 There is no point checking after that. */
2151 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2152 /* We only want to use SACK at index [i] if its left side is < 'seq'. */
2153 if (TCP_SEQ_LT(pcb->rcv_sacks[i].left, seq)) {
2154 if (unused_idx != i) {
2155 /* We only copy it if it's not in the right spot already. */
2156 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2157 }
2158 /* NOTE: It is possible that its right side is > 'seq', in which case we should adjust it. */
2159 if (TCP_SEQ_GT(pcb->rcv_sacks[unused_idx].right, seq)) {
2160 pcb->rcv_sacks[unused_idx].right = seq;
2161 }
2162 ++unused_idx;
2163 }
2164 }
2165
2166 /* We also need to invalidate everything from 'unused_idx' till the end */
2167 for (i = unused_idx; i < LWIP_TCP_MAX_SACK_NUM; ++i) {
2168 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2169 }
2170 }
2171 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
2172
2173 #endif /* LWIP_TCP_SACK_OUT */
2174
2175 #endif /* LWIP_TCP */
2176