1 /**
2 * @file
3 * Transmission Control Protocol, incoming traffic
4 *
5 * The input processing functions of the TCP layer.
6 *
7 * These functions are generally called in the order (ip_input() ->)
8 * tcp_input() -> * tcp_process() -> tcp_receive() (-> application).
9 *
10 */
11
12 /*
13 * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
14 * All rights reserved.
15 *
16 * Redistribution and use in source and binary forms, with or without modification,
17 * are permitted provided that the following conditions are met:
18 *
19 * 1. Redistributions of source code must retain the above copyright notice,
20 * this list of conditions and the following disclaimer.
21 * 2. Redistributions in binary form must reproduce the above copyright notice,
22 * this list of conditions and the following disclaimer in the documentation
23 * and/or other materials provided with the distribution.
24 * 3. The name of the author may not be used to endorse or promote products
25 * derived from this software without specific prior written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
28 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
29 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
30 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
31 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
32 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
35 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
36 * OF SUCH DAMAGE.
37 *
38 * This file is part of the lwIP TCP/IP stack.
39 *
40 * Author: Adam Dunkels <[email protected]>
41 *
42 */
43
44 #include "lwip/opt.h"
45
46 #if LWIP_TCP /* don't build if not configured for use in lwipopts.h */
47
48 #include "lwip/priv/tcp_priv.h"
49 #include "lwip/def.h"
50 #include "lwip/ip_addr.h"
51 #include "lwip/netif.h"
52 #include "lwip/mem.h"
53 #include "lwip/memp.h"
54 #include "lwip/inet_chksum.h"
55 #include "lwip/stats.h"
56 #include "lwip/ip6.h"
57 #include "lwip/ip6_addr.h"
58 #if LWIP_ND6_TCP_REACHABILITY_HINTS
59 #include "lwip/nd6.h"
60 #endif /* LWIP_ND6_TCP_REACHABILITY_HINTS */
61
62 #include <string.h>
63
64 #ifdef LWIP_HOOK_FILENAME
65 #include LWIP_HOOK_FILENAME
66 #endif
67
68 /** Initial CWND calculation as defined RFC 2581 */
69 #define LWIP_TCP_CALC_INITIAL_CWND(mss) ((tcpwnd_size_t)LWIP_MIN((4U * (mss)), LWIP_MAX((2U * (mss)), 4380U)))
70
71 /* These variables are global to all functions involved in the input
72 processing of TCP segments. They are set by the tcp_input()
73 function. */
74 static struct tcp_seg inseg;
75 static struct tcp_hdr *tcphdr;
76 static u16_t tcphdr_optlen;
77 static u16_t tcphdr_opt1len;
78 static u8_t *tcphdr_opt2;
79 static u16_t tcp_optidx;
80 static u32_t seqno, ackno;
81 static tcpwnd_size_t recv_acked;
82 static u16_t tcplen;
83 static u8_t flags;
84
85 static u8_t recv_flags;
86 static struct pbuf *recv_data;
87
88 struct tcp_pcb *tcp_input_pcb;
89
90 /* Forward declarations. */
91 static err_t tcp_process(struct tcp_pcb *pcb);
92 static void tcp_receive(struct tcp_pcb *pcb);
93 static void tcp_parseopt(struct tcp_pcb *pcb);
94
95 static void tcp_listen_input(struct tcp_pcb_listen *pcb);
96 static void tcp_timewait_input(struct tcp_pcb *pcb);
97
98 static int tcp_input_delayed_close(struct tcp_pcb *pcb);
99
100 #if LWIP_TCP_SACK_OUT
101 static void tcp_add_sack(struct tcp_pcb *pcb, u32_t left, u32_t right);
102 static void tcp_remove_sacks_lt(struct tcp_pcb *pcb, u32_t seq);
103 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
104 static void tcp_remove_sacks_gt(struct tcp_pcb *pcb, u32_t seq);
105 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
106 #endif /* LWIP_TCP_SACK_OUT */
107
108 /**
109 * The initial input processing of TCP. It verifies the TCP header, demultiplexes
110 * the segment between the PCBs and passes it on to tcp_process(), which implements
111 * the TCP finite state machine. This function is called by the IP layer (in
112 * ip_input()).
113 *
114 * @param p received TCP segment to process (p->payload pointing to the TCP header)
115 * @param inp network interface on which this segment was received
116 */
117 void
tcp_input(struct pbuf * p,struct netif * inp)118 tcp_input(struct pbuf *p, struct netif *inp)
119 {
120 struct tcp_pcb *pcb, *prev;
121 struct tcp_pcb_listen *lpcb;
122 #if SO_REUSE
123 struct tcp_pcb *lpcb_prev = NULL;
124 struct tcp_pcb_listen *lpcb_any = NULL;
125 #endif /* SO_REUSE */
126 u8_t hdrlen_bytes;
127 err_t err;
128
129 LWIP_UNUSED_ARG(inp);
130 LWIP_ASSERT_CORE_LOCKED();
131 LWIP_ASSERT("tcp_input: invalid pbuf", p != NULL);
132
133 PERF_START;
134
135 TCP_STATS_INC(tcp.recv);
136 MIB2_STATS_INC(mib2.tcpinsegs);
137
138 tcphdr = (struct tcp_hdr *)p->payload;
139
140 #if TCP_INPUT_DEBUG
141 tcp_debug_print(tcphdr);
142 #endif
143
144 /* Check that TCP header fits in payload */
145 if (p->len < TCP_HLEN) {
146 /* drop short packets */
147 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: short packet (%"U16_F" bytes) discarded\n", p->tot_len));
148 TCP_STATS_INC(tcp.lenerr);
149 goto dropped;
150 }
151
152 /* Don't even process incoming broadcasts/multicasts. */
153 if (ip_addr_isbroadcast(ip_current_dest_addr(), ip_current_netif()) ||
154 ip_addr_ismulticast(ip_current_dest_addr())) {
155 TCP_STATS_INC(tcp.proterr);
156 goto dropped;
157 }
158
159 #if CHECKSUM_CHECK_TCP
160 IF__NETIF_CHECKSUM_ENABLED(inp, NETIF_CHECKSUM_CHECK_TCP) {
161 /* Verify TCP checksum. */
162 u16_t chksum = ip_chksum_pseudo(p, IP_PROTO_TCP, p->tot_len,
163 ip_current_src_addr(), ip_current_dest_addr());
164 if (chksum != 0) {
165 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packet discarded due to failing checksum 0x%04"X16_F"\n",
166 chksum));
167 tcp_debug_print(tcphdr);
168 TCP_STATS_INC(tcp.chkerr);
169 goto dropped;
170 }
171 }
172 #endif /* CHECKSUM_CHECK_TCP */
173
174 /* sanity-check header length */
175 hdrlen_bytes = TCPH_HDRLEN_BYTES(tcphdr);
176 if ((hdrlen_bytes < TCP_HLEN) || (hdrlen_bytes > p->tot_len)) {
177 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: invalid header length (%"U16_F")\n", (u16_t)hdrlen_bytes));
178 TCP_STATS_INC(tcp.lenerr);
179 goto dropped;
180 }
181
182 /* Move the payload pointer in the pbuf so that it points to the
183 TCP data instead of the TCP header. */
184 tcphdr_optlen = (u16_t)(hdrlen_bytes - TCP_HLEN);
185 tcphdr_opt2 = NULL;
186 if (p->len >= hdrlen_bytes) {
187 /* all options are in the first pbuf */
188 tcphdr_opt1len = tcphdr_optlen;
189 pbuf_remove_header(p, hdrlen_bytes); /* cannot fail */
190 } else {
191 u16_t opt2len;
192 /* TCP header fits into first pbuf, options don't - data is in the next pbuf */
193 /* there must be a next pbuf, due to hdrlen_bytes sanity check above */
194 LWIP_ASSERT("p->next != NULL", p->next != NULL);
195
196 /* advance over the TCP header (cannot fail) */
197 pbuf_remove_header(p, TCP_HLEN);
198
199 /* determine how long the first and second parts of the options are */
200 tcphdr_opt1len = p->len;
201 opt2len = (u16_t)(tcphdr_optlen - tcphdr_opt1len);
202
203 /* options continue in the next pbuf: set p to zero length and hide the
204 options in the next pbuf (adjusting p->tot_len) */
205 pbuf_remove_header(p, tcphdr_opt1len);
206
207 /* check that the options fit in the second pbuf */
208 if (opt2len > p->next->len) {
209 /* drop short packets */
210 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: options overflow second pbuf (%"U16_F" bytes)\n", p->next->len));
211 TCP_STATS_INC(tcp.lenerr);
212 goto dropped;
213 }
214
215 /* remember the pointer to the second part of the options */
216 tcphdr_opt2 = (u8_t *)p->next->payload;
217
218 /* advance p->next to point after the options, and manually
219 adjust p->tot_len to keep it consistent with the changed p->next */
220 pbuf_remove_header(p->next, opt2len);
221 p->tot_len = (u16_t)(p->tot_len - opt2len);
222
223 LWIP_ASSERT("p->len == 0", p->len == 0);
224 LWIP_ASSERT("p->tot_len == p->next->tot_len", p->tot_len == p->next->tot_len);
225 }
226
227 /* Convert fields in TCP header to host byte order. */
228 tcphdr->src = lwip_ntohs(tcphdr->src);
229 tcphdr->dest = lwip_ntohs(tcphdr->dest);
230 seqno = tcphdr->seqno = lwip_ntohl(tcphdr->seqno);
231 ackno = tcphdr->ackno = lwip_ntohl(tcphdr->ackno);
232 tcphdr->wnd = lwip_ntohs(tcphdr->wnd);
233
234 flags = TCPH_FLAGS(tcphdr);
235 tcplen = p->tot_len;
236 if (flags & (TCP_FIN | TCP_SYN)) {
237 tcplen++;
238 if (tcplen < p->tot_len) {
239 /* u16_t overflow, cannot handle this */
240 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: length u16_t overflow, cannot handle this\n"));
241 TCP_STATS_INC(tcp.lenerr);
242 goto dropped;
243 }
244 }
245
246 /* Demultiplex an incoming segment. First, we check if it is destined
247 for an active connection. */
248 prev = NULL;
249
250 for (pcb = tcp_active_pcbs; pcb != NULL; pcb = pcb->next) {
251 LWIP_ASSERT("tcp_input: active pcb->state != CLOSED", pcb->state != CLOSED);
252 LWIP_ASSERT("tcp_input: active pcb->state != TIME-WAIT", pcb->state != TIME_WAIT);
253 LWIP_ASSERT("tcp_input: active pcb->state != LISTEN", pcb->state != LISTEN);
254
255 /* check if PCB is bound to specific netif */
256 if ((pcb->netif_idx != NETIF_NO_INDEX) &&
257 (pcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
258 prev = pcb;
259 continue;
260 }
261
262 if (pcb->remote_port == tcphdr->src &&
263 pcb->local_port == tcphdr->dest &&
264 ip_addr_cmp(&pcb->remote_ip, ip_current_src_addr()) &&
265 ip_addr_cmp(&pcb->local_ip, ip_current_dest_addr())) {
266 /* Move this PCB to the front of the list so that subsequent
267 lookups will be faster (we exploit locality in TCP segment
268 arrivals). */
269 LWIP_ASSERT("tcp_input: pcb->next != pcb (before cache)", pcb->next != pcb);
270 if (prev != NULL) {
271 prev->next = pcb->next;
272 pcb->next = tcp_active_pcbs;
273 tcp_active_pcbs = pcb;
274 } else {
275 TCP_STATS_INC(tcp.cachehit);
276 }
277 LWIP_ASSERT("tcp_input: pcb->next != pcb (after cache)", pcb->next != pcb);
278 break;
279 }
280 prev = pcb;
281 }
282
283 if (pcb == NULL) {
284 /* If it did not go to an active connection, we check the connections
285 in the TIME-WAIT state. */
286 for (pcb = tcp_tw_pcbs; pcb != NULL; pcb = pcb->next) {
287 LWIP_ASSERT("tcp_input: TIME-WAIT pcb->state == TIME-WAIT", pcb->state == TIME_WAIT);
288
289 /* check if PCB is bound to specific netif */
290 if ((pcb->netif_idx != NETIF_NO_INDEX) &&
291 (pcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
292 continue;
293 }
294
295 if (pcb->remote_port == tcphdr->src &&
296 pcb->local_port == tcphdr->dest &&
297 ip_addr_cmp(&pcb->remote_ip, ip_current_src_addr()) &&
298 ip_addr_cmp(&pcb->local_ip, ip_current_dest_addr())) {
299 /* We don't really care enough to move this PCB to the front
300 of the list since we are not very likely to receive that
301 many segments for connections in TIME-WAIT. */
302 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for TIME_WAITing connection.\n"));
303 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
304 if (LWIP_HOOK_TCP_INPACKET_PCB(pcb, tcphdr, tcphdr_optlen, tcphdr_opt1len,
305 tcphdr_opt2, p) == ERR_OK)
306 #endif
307 {
308 tcp_timewait_input(pcb);
309 }
310 pbuf_free(p);
311 return;
312 }
313 }
314
315 /* Finally, if we still did not get a match, we check all PCBs that
316 are LISTENing for incoming connections. */
317 prev = NULL;
318 for (lpcb = tcp_listen_pcbs.listen_pcbs; lpcb != NULL; lpcb = lpcb->next) {
319 /* check if PCB is bound to specific netif */
320 if ((lpcb->netif_idx != NETIF_NO_INDEX) &&
321 (lpcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
322 prev = (struct tcp_pcb *)lpcb;
323 continue;
324 }
325
326 if (lpcb->local_port == tcphdr->dest) {
327 if (IP_IS_ANY_TYPE_VAL(lpcb->local_ip)) {
328 /* found an ANY TYPE (IPv4/IPv6) match */
329 #if SO_REUSE
330 lpcb_any = lpcb;
331 lpcb_prev = prev;
332 #else /* SO_REUSE */
333 break;
334 #endif /* SO_REUSE */
335 } else if (IP_ADDR_PCB_VERSION_MATCH_EXACT(lpcb, ip_current_dest_addr())) {
336 if (ip_addr_cmp(&lpcb->local_ip, ip_current_dest_addr())) {
337 /* found an exact match */
338 break;
339 } else if (ip_addr_isany(&lpcb->local_ip)) {
340 /* found an ANY-match */
341 #if SO_REUSE
342 lpcb_any = lpcb;
343 lpcb_prev = prev;
344 #else /* SO_REUSE */
345 break;
346 #endif /* SO_REUSE */
347 }
348 }
349 }
350 prev = (struct tcp_pcb *)lpcb;
351 }
352 #if SO_REUSE
353 /* first try specific local IP */
354 if (lpcb == NULL) {
355 /* only pass to ANY if no specific local IP has been found */
356 lpcb = lpcb_any;
357 prev = lpcb_prev;
358 }
359 #endif /* SO_REUSE */
360 if (lpcb != NULL) {
361 /* Move this PCB to the front of the list so that subsequent
362 lookups will be faster (we exploit locality in TCP segment
363 arrivals). */
364 if (prev != NULL) {
365 ((struct tcp_pcb_listen *)prev)->next = lpcb->next;
366 /* our successor is the remainder of the listening list */
367 lpcb->next = tcp_listen_pcbs.listen_pcbs;
368 /* put this listening pcb at the head of the listening list */
369 tcp_listen_pcbs.listen_pcbs = lpcb;
370 } else {
371 TCP_STATS_INC(tcp.cachehit);
372 }
373
374 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for LISTENing connection.\n"));
375 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
376 if (LWIP_HOOK_TCP_INPACKET_PCB((struct tcp_pcb *)lpcb, tcphdr, tcphdr_optlen,
377 tcphdr_opt1len, tcphdr_opt2, p) == ERR_OK)
378 #endif
379 {
380 tcp_listen_input(lpcb);
381 }
382 pbuf_free(p);
383 return;
384 }
385 }
386
387 #if TCP_INPUT_DEBUG
388 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("+-+-+-+-+-+-+-+-+-+-+-+-+-+- tcp_input: flags "));
389 tcp_debug_print_flags(TCPH_FLAGS(tcphdr));
390 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n"));
391 #endif /* TCP_INPUT_DEBUG */
392
393
394 #ifdef LWIP_HOOK_TCP_INPACKET_PCB
395 if ((pcb != NULL) && LWIP_HOOK_TCP_INPACKET_PCB(pcb, tcphdr, tcphdr_optlen,
396 tcphdr_opt1len, tcphdr_opt2, p) != ERR_OK) {
397 pbuf_free(p);
398 return;
399 }
400 #endif
401 if (pcb != NULL) {
402 /* The incoming segment belongs to a connection. */
403 #if TCP_INPUT_DEBUG
404 tcp_debug_print_state(pcb->state);
405 #endif /* TCP_INPUT_DEBUG */
406
407 /* Set up a tcp_seg structure. */
408 inseg.next = NULL;
409 inseg.len = p->tot_len;
410 inseg.p = p;
411 inseg.tcphdr = tcphdr;
412
413 recv_data = NULL;
414 recv_flags = 0;
415 recv_acked = 0;
416
417 if (flags & TCP_PSH) {
418 p->flags |= PBUF_FLAG_PUSH;
419 }
420
421 /* If there is data which was previously "refused" by upper layer */
422 if (pcb->refused_data != NULL) {
423 if ((tcp_process_refused_data(pcb) == ERR_ABRT) ||
424 ((pcb->refused_data != NULL) && (tcplen > 0))) {
425 /* pcb has been aborted or refused data is still refused and the new
426 segment contains data */
427 if (pcb->rcv_ann_wnd == 0) {
428 /* this is a zero-window probe, we respond to it with current RCV.NXT
429 and drop the data segment */
430 tcp_send_empty_ack(pcb);
431 }
432 TCP_STATS_INC(tcp.drop);
433 MIB2_STATS_INC(mib2.tcpinerrs);
434 goto aborted;
435 }
436 }
437 tcp_input_pcb = pcb;
438 err = tcp_process(pcb);
439 /* A return value of ERR_ABRT means that tcp_abort() was called
440 and that the pcb has been freed. If so, we don't do anything. */
441 if (err != ERR_ABRT) {
442 if (recv_flags & TF_RESET) {
443 /* TF_RESET means that the connection was reset by the other
444 end. We then call the error callback to inform the
445 application that the connection is dead before we
446 deallocate the PCB. */
447 TCP_EVENT_ERR(pcb->state, pcb->errf, pcb->callback_arg, ERR_RST);
448 tcp_pcb_remove(&tcp_active_pcbs, pcb);
449 tcp_free(pcb);
450 } else {
451 err = ERR_OK;
452 /* If the application has registered a "sent" function to be
453 called when new send buffer space is available, we call it
454 now. */
455 if (recv_acked > 0) {
456 u16_t acked16;
457 #if LWIP_WND_SCALE
458 /* recv_acked is u32_t but the sent callback only takes a u16_t,
459 so we might have to call it multiple times. */
460 u32_t acked = recv_acked;
461 while (acked > 0) {
462 acked16 = (u16_t)LWIP_MIN(acked, 0xffffu);
463 acked -= acked16;
464 #else
465 {
466 acked16 = recv_acked;
467 #endif
468 TCP_EVENT_SENT(pcb, (u16_t)acked16, err);
469 if (err == ERR_ABRT) {
470 goto aborted;
471 }
472 }
473 recv_acked = 0;
474 }
475 if (tcp_input_delayed_close(pcb)) {
476 goto aborted;
477 }
478 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
479 while (recv_data != NULL) {
480 struct pbuf *rest = NULL;
481 pbuf_split_64k(recv_data, &rest);
482 #else /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
483 if (recv_data != NULL) {
484 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
485
486 LWIP_ASSERT("pcb->refused_data == NULL", pcb->refused_data == NULL);
487 if (pcb->flags & TF_RXCLOSED) {
488 /* received data although already closed -> abort (send RST) to
489 notify the remote host that not all data has been processed */
490 pbuf_free(recv_data);
491 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
492 if (rest != NULL) {
493 pbuf_free(rest);
494 }
495 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
496 tcp_abort(pcb);
497 goto aborted;
498 }
499
500 /* Notify application that data has been received. */
501 TCP_EVENT_RECV(pcb, recv_data, ERR_OK, err);
502 if (err == ERR_ABRT) {
503 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
504 if (rest != NULL) {
505 pbuf_free(rest);
506 }
507 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
508 goto aborted;
509 }
510
511 /* If the upper layer can't receive this data, store it */
512 if (err != ERR_OK) {
513 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
514 if (rest != NULL) {
515 pbuf_cat(recv_data, rest);
516 }
517 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
518 pcb->refused_data = recv_data;
519 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: keep incoming packet, because pcb is \"full\"\n"));
520 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
521 break;
522 } else {
523 /* Upper layer received the data, go on with the rest if > 64K */
524 recv_data = rest;
525 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
526 }
527 }
528
529 /* If a FIN segment was received, we call the callback
530 function with a NULL buffer to indicate EOF. */
531 if (recv_flags & TF_GOT_FIN) {
532 if (pcb->refused_data != NULL) {
533 /* Delay this if we have refused data. */
534 pcb->refused_data->flags |= PBUF_FLAG_TCP_FIN;
535 } else {
536 /* correct rcv_wnd as the application won't call tcp_recved()
537 for the FIN's seqno */
538 if (pcb->rcv_wnd != TCP_WND_MAX(pcb)) {
539 pcb->rcv_wnd++;
540 }
541 TCP_EVENT_CLOSED(pcb, err);
542 if (err == ERR_ABRT) {
543 goto aborted;
544 }
545 }
546 }
547
548 tcp_input_pcb = NULL;
549 if (tcp_input_delayed_close(pcb)) {
550 goto aborted;
551 }
552 /* Try to send something out. */
553 tcp_output(pcb);
554 #if TCP_INPUT_DEBUG
555 #if TCP_DEBUG
556 tcp_debug_print_state(pcb->state);
557 #endif /* TCP_DEBUG */
558 #endif /* TCP_INPUT_DEBUG */
559 }
560 }
561 /* Jump target if pcb has been aborted in a callback (by calling tcp_abort()).
562 Below this line, 'pcb' may not be dereferenced! */
563 aborted:
564 tcp_input_pcb = NULL;
565 recv_data = NULL;
566
567 /* give up our reference to inseg.p */
568 if (inseg.p != NULL) {
569 pbuf_free(inseg.p);
570 inseg.p = NULL;
571 }
572 } else {
573 /* If no matching PCB was found, send a TCP RST (reset) to the
574 sender. */
575 LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_input: no PCB match found, resetting.\n"));
576 if (!(TCPH_FLAGS(tcphdr) & TCP_RST)) {
577 TCP_STATS_INC(tcp.proterr);
578 TCP_STATS_INC(tcp.drop);
579 tcp_rst(NULL, ackno, seqno + tcplen, ip_current_dest_addr(),
580 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
581 }
582 pbuf_free(p);
583 }
584
585 LWIP_ASSERT("tcp_input: tcp_pcbs_sane()", tcp_pcbs_sane());
586 PERF_STOP("tcp_input");
587 return;
588 dropped:
589 TCP_STATS_INC(tcp.drop);
590 MIB2_STATS_INC(mib2.tcpinerrs);
591 pbuf_free(p);
592 }
593
594 /** Called from tcp_input to check for TF_CLOSED flag. This results in closing
595 * and deallocating a pcb at the correct place to ensure noone references it
596 * any more.
597 * @returns 1 if the pcb has been closed and deallocated, 0 otherwise
598 */
599 static int
600 tcp_input_delayed_close(struct tcp_pcb *pcb)
601 {
602 LWIP_ASSERT("tcp_input_delayed_close: invalid pcb", pcb != NULL);
603
604 if (recv_flags & TF_CLOSED) {
605 /* The connection has been closed and we will deallocate the
606 PCB. */
607 if (!(pcb->flags & TF_RXCLOSED)) {
608 /* Connection closed although the application has only shut down the
609 tx side: call the PCB's err callback and indicate the closure to
610 ensure the application doesn't continue using the PCB. */
611 TCP_EVENT_ERR(pcb->state, pcb->errf, pcb->callback_arg, ERR_CLSD);
612 }
613 tcp_pcb_remove(&tcp_active_pcbs, pcb);
614 tcp_free(pcb);
615 return 1;
616 }
617 return 0;
618 }
619
620 /**
621 * Called by tcp_input() when a segment arrives for a listening
622 * connection (from tcp_input()).
623 *
624 * @param pcb the tcp_pcb_listen for which a segment arrived
625 *
626 * @note the segment which arrived is saved in global variables, therefore only the pcb
627 * involved is passed as a parameter to this function
628 */
629 static void
630 tcp_listen_input(struct tcp_pcb_listen *pcb)
631 {
632 struct tcp_pcb *npcb;
633 u32_t iss;
634 err_t rc;
635
636 if (flags & TCP_RST) {
637 /* An incoming RST should be ignored. Return. */
638 return;
639 }
640
641 LWIP_ASSERT("tcp_listen_input: invalid pcb", pcb != NULL);
642
643 /* In the LISTEN state, we check for incoming SYN segments,
644 creates a new PCB, and responds with a SYN|ACK. */
645 if (flags & TCP_ACK) {
646 /* For incoming segments with the ACK flag set, respond with a
647 RST. */
648 LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_listen_input: ACK in LISTEN, sending reset\n"));
649 tcp_rst((const struct tcp_pcb *)pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
650 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
651 } else if (flags & TCP_SYN) {
652 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection request %"U16_F" -> %"U16_F".\n", tcphdr->src, tcphdr->dest));
653 #if TCP_LISTEN_BACKLOG
654 if (pcb->accepts_pending >= pcb->backlog) {
655 LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: listen backlog exceeded for port %"U16_F"\n", tcphdr->dest));
656 return;
657 }
658 #endif /* TCP_LISTEN_BACKLOG */
659 npcb = tcp_alloc(pcb->prio);
660 /* If a new PCB could not be created (probably due to lack of memory),
661 we don't do anything, but rely on the sender will retransmit the
662 SYN at a time when we have more memory available. */
663 if (npcb == NULL) {
664 err_t err;
665 LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: could not allocate PCB\n"));
666 TCP_STATS_INC(tcp.memerr);
667 TCP_EVENT_ACCEPT(pcb, NULL, pcb->callback_arg, ERR_MEM, err);
668 LWIP_UNUSED_ARG(err); /* err not useful here */
669 return;
670 }
671 #if TCP_LISTEN_BACKLOG
672 pcb->accepts_pending++;
673 tcp_set_flags(npcb, TF_BACKLOGPEND);
674 #endif /* TCP_LISTEN_BACKLOG */
675 /* Set up the new PCB. */
676 ip_addr_copy(npcb->local_ip, *ip_current_dest_addr());
677 ip_addr_copy(npcb->remote_ip, *ip_current_src_addr());
678 npcb->local_port = pcb->local_port;
679 npcb->remote_port = tcphdr->src;
680 npcb->state = SYN_RCVD;
681 npcb->rcv_nxt = seqno + 1;
682 npcb->rcv_ann_right_edge = npcb->rcv_nxt;
683 iss = tcp_next_iss(npcb);
684 npcb->snd_wl2 = iss;
685 npcb->snd_nxt = iss;
686 npcb->lastack = iss;
687 npcb->snd_lbb = iss;
688 npcb->snd_wl1 = seqno - 1;/* initialise to seqno-1 to force window update */
689 npcb->callback_arg = pcb->callback_arg;
690 #if LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG
691 npcb->listener = pcb;
692 #endif /* LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG */
693 /* inherit socket options */
694 npcb->so_options = pcb->so_options & SOF_INHERITED;
695 npcb->netif_idx = pcb->netif_idx;
696 /* Register the new PCB so that we can begin receiving segments
697 for it. */
698 TCP_REG_ACTIVE(npcb);
699
700 /* Parse any options in the SYN. */
701 tcp_parseopt(npcb);
702 npcb->snd_wnd = tcphdr->wnd;
703 npcb->snd_wnd_max = npcb->snd_wnd;
704
705 #if TCP_CALCULATE_EFF_SEND_MSS
706 npcb->mss = tcp_eff_send_mss(npcb->mss, &npcb->local_ip, &npcb->remote_ip);
707 #endif /* TCP_CALCULATE_EFF_SEND_MSS */
708
709 MIB2_STATS_INC(mib2.tcppassiveopens);
710
711 #if LWIP_TCP_PCB_NUM_EXT_ARGS
712 if (tcp_ext_arg_invoke_callbacks_passive_open(pcb, npcb) != ERR_OK) {
713 tcp_abandon(npcb, 0);
714 return;
715 }
716 #endif
717
718 /* Send a SYN|ACK together with the MSS option. */
719 rc = tcp_enqueue_flags(npcb, TCP_SYN | TCP_ACK);
720 if (rc != ERR_OK) {
721 tcp_abandon(npcb, 0);
722 return;
723 }
724 tcp_output(npcb);
725 }
726 return;
727 }
728
729 /**
730 * Called by tcp_input() when a segment arrives for a connection in
731 * TIME_WAIT.
732 *
733 * @param pcb the tcp_pcb for which a segment arrived
734 *
735 * @note the segment which arrived is saved in global variables, therefore only the pcb
736 * involved is passed as a parameter to this function
737 */
738 static void
739 tcp_timewait_input(struct tcp_pcb *pcb)
740 {
741 /* RFC 1337: in TIME_WAIT, ignore RST and ACK FINs + any 'acceptable' segments */
742 /* RFC 793 3.9 Event Processing - Segment Arrives:
743 * - first check sequence number - we skip that one in TIME_WAIT (always
744 * acceptable since we only send ACKs)
745 * - second check the RST bit (... return) */
746 if (flags & TCP_RST) {
747 return;
748 }
749
750 LWIP_ASSERT("tcp_timewait_input: invalid pcb", pcb != NULL);
751
752 /* - fourth, check the SYN bit, */
753 if (flags & TCP_SYN) {
754 /* If an incoming segment is not acceptable, an acknowledgment
755 should be sent in reply */
756 if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd)) {
757 /* If the SYN is in the window it is an error, send a reset */
758 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
759 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
760 return;
761 }
762 } else if (flags & TCP_FIN) {
763 /* - eighth, check the FIN bit: Remain in the TIME-WAIT state.
764 Restart the 2 MSL time-wait timeout.*/
765 pcb->tmr = tcp_ticks;
766 }
767
768 if ((tcplen > 0)) {
769 /* Acknowledge data, FIN or out-of-window SYN */
770 tcp_ack_now(pcb);
771 tcp_output(pcb);
772 }
773 return;
774 }
775
776 /**
777 * Implements the TCP state machine. Called by tcp_input. In some
778 * states tcp_receive() is called to receive data. The tcp_seg
779 * argument will be freed by the caller (tcp_input()) unless the
780 * recv_data pointer in the pcb is set.
781 *
782 * @param pcb the tcp_pcb for which a segment arrived
783 *
784 * @note the segment which arrived is saved in global variables, therefore only the pcb
785 * involved is passed as a parameter to this function
786 */
787 static err_t
788 tcp_process(struct tcp_pcb *pcb)
789 {
790 struct tcp_seg *rseg;
791 u8_t acceptable = 0;
792 err_t err;
793
794 err = ERR_OK;
795
796 LWIP_ASSERT("tcp_process: invalid pcb", pcb != NULL);
797
798 /* Process incoming RST segments. */
799 if (flags & TCP_RST) {
800 /* First, determine if the reset is acceptable. */
801 if (pcb->state == SYN_SENT) {
802 /* "In the SYN-SENT state (a RST received in response to an initial SYN),
803 the RST is acceptable if the ACK field acknowledges the SYN." */
804 if (ackno == pcb->snd_nxt) {
805 acceptable = 1;
806 }
807 } else {
808 /* "In all states except SYN-SENT, all reset (RST) segments are validated
809 by checking their SEQ-fields." */
810 if (seqno == pcb->rcv_nxt) {
811 acceptable = 1;
812 } else if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt,
813 pcb->rcv_nxt + pcb->rcv_wnd)) {
814 /* If the sequence number is inside the window, we send a challenge ACK
815 and wait for a re-send with matching sequence number.
816 This follows RFC 5961 section 3.2 and addresses CVE-2004-0230
817 (RST spoofing attack), which is present in RFC 793 RST handling. */
818 tcp_ack_now(pcb);
819 }
820 }
821
822 if (acceptable) {
823 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: Connection RESET\n"));
824 LWIP_ASSERT("tcp_input: pcb->state != CLOSED", pcb->state != CLOSED);
825 recv_flags |= TF_RESET;
826 tcp_clear_flags(pcb, TF_ACK_DELAY);
827 return ERR_RST;
828 } else {
829 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
830 seqno, pcb->rcv_nxt));
831 LWIP_DEBUGF(TCP_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
832 seqno, pcb->rcv_nxt));
833 return ERR_OK;
834 }
835 }
836
837 if ((flags & TCP_SYN) && (pcb->state != SYN_SENT && pcb->state != SYN_RCVD)) {
838 /* Cope with new connection attempt after remote end crashed */
839 tcp_ack_now(pcb);
840 return ERR_OK;
841 }
842
843 if ((pcb->flags & TF_RXCLOSED) == 0) {
844 /* Update the PCB (in)activity timer unless rx is closed (see tcp_shutdown) */
845 pcb->tmr = tcp_ticks;
846 }
847 pcb->keep_cnt_sent = 0;
848 pcb->persist_probe = 0;
849
850 tcp_parseopt(pcb);
851
852 /* Do different things depending on the TCP state. */
853 switch (pcb->state) {
854 case SYN_SENT:
855 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("SYN-SENT: ackno %"U32_F" pcb->snd_nxt %"U32_F" unacked %"U32_F"\n", ackno,
856 pcb->snd_nxt, lwip_ntohl(pcb->unacked->tcphdr->seqno)));
857 /* received SYN ACK with expected sequence number? */
858 if ((flags & TCP_ACK) && (flags & TCP_SYN)
859 && (ackno == pcb->lastack + 1)) {
860 pcb->rcv_nxt = seqno + 1;
861 pcb->rcv_ann_right_edge = pcb->rcv_nxt;
862 pcb->lastack = ackno;
863 pcb->snd_wnd = tcphdr->wnd;
864 pcb->snd_wnd_max = pcb->snd_wnd;
865 pcb->snd_wl1 = seqno - 1; /* initialise to seqno - 1 to force window update */
866 pcb->state = ESTABLISHED;
867
868 #if TCP_CALCULATE_EFF_SEND_MSS
869 pcb->mss = tcp_eff_send_mss(pcb->mss, &pcb->local_ip, &pcb->remote_ip);
870 #endif /* TCP_CALCULATE_EFF_SEND_MSS */
871
872 pcb->cwnd = LWIP_TCP_CALC_INITIAL_CWND(pcb->mss);
873 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_process (SENT): cwnd %"TCPWNDSIZE_F
874 " ssthresh %"TCPWNDSIZE_F"\n",
875 pcb->cwnd, pcb->ssthresh));
876 LWIP_ASSERT("pcb->snd_queuelen > 0", (pcb->snd_queuelen > 0));
877 --pcb->snd_queuelen;
878 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_process: SYN-SENT --queuelen %"TCPWNDSIZE_F"\n", (tcpwnd_size_t)pcb->snd_queuelen));
879 rseg = pcb->unacked;
880 if (rseg == NULL) {
881 /* might happen if tcp_output fails in tcp_rexmit_rto()
882 in which case the segment is on the unsent list */
883 rseg = pcb->unsent;
884 LWIP_ASSERT("no segment to free", rseg != NULL);
885 pcb->unsent = rseg->next;
886 } else {
887 pcb->unacked = rseg->next;
888 }
889 tcp_seg_free(rseg);
890
891 /* If there's nothing left to acknowledge, stop the retransmit
892 timer, otherwise reset it to start again */
893 if (pcb->unacked == NULL) {
894 pcb->rtime = -1;
895 } else {
896 pcb->rtime = 0;
897 pcb->nrtx = 0;
898 }
899
900 /* Call the user specified function to call when successfully
901 * connected. */
902 TCP_EVENT_CONNECTED(pcb, ERR_OK, err);
903 if (err == ERR_ABRT) {
904 return ERR_ABRT;
905 }
906 tcp_ack_now(pcb);
907 }
908 /* received ACK? possibly a half-open connection */
909 else if (flags & TCP_ACK) {
910 /* send a RST to bring the other side in a non-synchronized state. */
911 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
912 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
913 /* Resend SYN immediately (don't wait for rto timeout) to establish
914 connection faster, but do not send more SYNs than we otherwise would
915 have, or we might get caught in a loop on loopback interfaces. */
916 if (pcb->nrtx < TCP_SYNMAXRTX) {
917 pcb->rtime = 0;
918 tcp_rexmit_rto(pcb);
919 }
920 }
921 break;
922 case SYN_RCVD:
923 if (flags & TCP_ACK) {
924 /* expected ACK number? */
925 if (TCP_SEQ_BETWEEN(ackno, pcb->lastack + 1, pcb->snd_nxt)) {
926 pcb->state = ESTABLISHED;
927 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection established %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
928 #if LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG
929 if (pcb->listener == NULL) {
930 /* listen pcb might be closed by now */
931 err = ERR_VAL;
932 } else
933 #endif /* LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG */
934 {
935 #if LWIP_CALLBACK_API
936 LWIP_ASSERT("pcb->listener->accept != NULL", pcb->listener->accept != NULL);
937 #endif
938 tcp_backlog_accepted(pcb);
939 /* Call the accept function. */
940 TCP_EVENT_ACCEPT(pcb->listener, pcb, pcb->callback_arg, ERR_OK, err);
941 }
942 if (err != ERR_OK) {
943 /* If the accept function returns with an error, we abort
944 * the connection. */
945 /* Already aborted? */
946 if (err != ERR_ABRT) {
947 tcp_abort(pcb);
948 }
949 return ERR_ABRT;
950 }
951 /* If there was any data contained within this ACK,
952 * we'd better pass it on to the application as well. */
953 tcp_receive(pcb);
954
955 /* Prevent ACK for SYN to generate a sent event */
956 if (recv_acked != 0) {
957 recv_acked--;
958 }
959
960 pcb->cwnd = LWIP_TCP_CALC_INITIAL_CWND(pcb->mss);
961 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_process (SYN_RCVD): cwnd %"TCPWNDSIZE_F
962 " ssthresh %"TCPWNDSIZE_F"\n",
963 pcb->cwnd, pcb->ssthresh));
964
965 if (recv_flags & TF_GOT_FIN) {
966 tcp_ack_now(pcb);
967 pcb->state = CLOSE_WAIT;
968 }
969 } else {
970 /* incorrect ACK number, send RST */
971 tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
972 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
973 }
974 } else if ((flags & TCP_SYN) && (seqno == pcb->rcv_nxt - 1)) {
975 /* Looks like another copy of the SYN - retransmit our SYN-ACK */
976 tcp_rexmit(pcb);
977 }
978 break;
979 case CLOSE_WAIT:
980 /* FALLTHROUGH */
981 case ESTABLISHED:
982 tcp_receive(pcb);
983 if (recv_flags & TF_GOT_FIN) { /* passive close */
984 tcp_ack_now(pcb);
985 pcb->state = CLOSE_WAIT;
986 }
987 break;
988 case FIN_WAIT_1:
989 tcp_receive(pcb);
990 if (recv_flags & TF_GOT_FIN) {
991 if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt) &&
992 pcb->unsent == NULL) {
993 LWIP_DEBUGF(TCP_DEBUG,
994 ("TCP connection closed: FIN_WAIT_1 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
995 tcp_ack_now(pcb);
996 tcp_pcb_purge(pcb);
997 TCP_RMV_ACTIVE(pcb);
998 pcb->state = TIME_WAIT;
999 TCP_REG(&tcp_tw_pcbs, pcb);
1000 } else {
1001 tcp_ack_now(pcb);
1002 pcb->state = CLOSING;
1003 }
1004 } else if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt) &&
1005 pcb->unsent == NULL) {
1006 pcb->state = FIN_WAIT_2;
1007 }
1008 break;
1009 case FIN_WAIT_2:
1010 tcp_receive(pcb);
1011 if (recv_flags & TF_GOT_FIN) {
1012 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: FIN_WAIT_2 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1013 tcp_ack_now(pcb);
1014 tcp_pcb_purge(pcb);
1015 TCP_RMV_ACTIVE(pcb);
1016 pcb->state = TIME_WAIT;
1017 TCP_REG(&tcp_tw_pcbs, pcb);
1018 }
1019 break;
1020 case CLOSING:
1021 tcp_receive(pcb);
1022 if ((flags & TCP_ACK) && ackno == pcb->snd_nxt && pcb->unsent == NULL) {
1023 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: CLOSING %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1024 tcp_pcb_purge(pcb);
1025 TCP_RMV_ACTIVE(pcb);
1026 pcb->state = TIME_WAIT;
1027 TCP_REG(&tcp_tw_pcbs, pcb);
1028 }
1029 break;
1030 case LAST_ACK:
1031 tcp_receive(pcb);
1032 if ((flags & TCP_ACK) && ackno == pcb->snd_nxt && pcb->unsent == NULL) {
1033 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: LAST_ACK %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1034 /* bugfix #21699: don't set pcb->state to CLOSED here or we risk leaking segments */
1035 recv_flags |= TF_CLOSED;
1036 }
1037 break;
1038 default:
1039 break;
1040 }
1041 return ERR_OK;
1042 }
1043
1044 #if TCP_QUEUE_OOSEQ
1045 /**
1046 * Insert segment into the list (segments covered with new one will be deleted)
1047 *
1048 * Called from tcp_receive()
1049 */
1050 static void
1051 tcp_oos_insert_segment(struct tcp_seg *cseg, struct tcp_seg *next)
1052 {
1053 struct tcp_seg *old_seg;
1054
1055 LWIP_ASSERT("tcp_oos_insert_segment: invalid cseg", cseg != NULL);
1056
1057 if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
1058 /* received segment overlaps all following segments */
1059 tcp_segs_free(next);
1060 next = NULL;
1061 } else {
1062 /* delete some following segments
1063 oos queue may have segments with FIN flag */
1064 while (next &&
1065 TCP_SEQ_GEQ((seqno + cseg->len),
1066 (next->tcphdr->seqno + next->len))) {
1067 /* cseg with FIN already processed */
1068 if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
1069 TCPH_SET_FLAG(cseg->tcphdr, TCP_FIN);
1070 }
1071 old_seg = next;
1072 next = next->next;
1073 tcp_seg_free(old_seg);
1074 }
1075 if (next &&
1076 TCP_SEQ_GT(seqno + cseg->len, next->tcphdr->seqno)) {
1077 /* We need to trim the incoming segment. */
1078 cseg->len = (u16_t)(next->tcphdr->seqno - seqno);
1079 pbuf_realloc(cseg->p, cseg->len);
1080 }
1081 }
1082 cseg->next = next;
1083 }
1084 #endif /* TCP_QUEUE_OOSEQ */
1085
1086 /** Remove segments from a list if the incoming ACK acknowledges them */
1087 static struct tcp_seg *
1088 tcp_free_acked_segments(struct tcp_pcb *pcb, struct tcp_seg *seg_list, const char *dbg_list_name,
1089 struct tcp_seg *dbg_other_seg_list)
1090 {
1091 struct tcp_seg *next;
1092 u16_t clen;
1093
1094 LWIP_UNUSED_ARG(dbg_list_name);
1095 LWIP_UNUSED_ARG(dbg_other_seg_list);
1096
1097 while (seg_list != NULL &&
1098 TCP_SEQ_LEQ(lwip_ntohl(seg_list->tcphdr->seqno) +
1099 TCP_TCPLEN(seg_list), ackno)) {
1100 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: removing %"U32_F":%"U32_F" from pcb->%s\n",
1101 lwip_ntohl(seg_list->tcphdr->seqno),
1102 lwip_ntohl(seg_list->tcphdr->seqno) + TCP_TCPLEN(seg_list),
1103 dbg_list_name));
1104
1105 next = seg_list;
1106 seg_list = seg_list->next;
1107
1108 clen = pbuf_clen(next->p);
1109 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_receive: queuelen %"TCPWNDSIZE_F" ... ",
1110 (tcpwnd_size_t)pcb->snd_queuelen));
1111 LWIP_ASSERT("pcb->snd_queuelen >= pbuf_clen(next->p)", (pcb->snd_queuelen >= clen));
1112
1113 pcb->snd_queuelen = (u16_t)(pcb->snd_queuelen - clen);
1114 recv_acked = (tcpwnd_size_t)(recv_acked + next->len);
1115 tcp_seg_free(next);
1116
1117 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("%"TCPWNDSIZE_F" (after freeing %s)\n",
1118 (tcpwnd_size_t)pcb->snd_queuelen,
1119 dbg_list_name));
1120 if (pcb->snd_queuelen != 0) {
1121 LWIP_ASSERT("tcp_receive: valid queue length",
1122 seg_list != NULL || dbg_other_seg_list != NULL);
1123 }
1124 }
1125 return seg_list;
1126 }
1127
1128 /**
1129 * Called by tcp_process. Checks if the given segment is an ACK for outstanding
1130 * data, and if so frees the memory of the buffered data. Next, it places the
1131 * segment on any of the receive queues (pcb->recved or pcb->ooseq). If the segment
1132 * is buffered, the pbuf is referenced by pbuf_ref so that it will not be freed until
1133 * it has been removed from the buffer.
1134 *
1135 * If the incoming segment constitutes an ACK for a segment that was used for RTT
1136 * estimation, the RTT is estimated here as well.
1137 *
1138 * Called from tcp_process().
1139 */
1140 static void
1141 tcp_receive(struct tcp_pcb *pcb)
1142 {
1143 s16_t m;
1144 u32_t right_wnd_edge;
1145 int found_dupack = 0;
1146
1147 LWIP_ASSERT("tcp_receive: invalid pcb", pcb != NULL);
1148 LWIP_ASSERT("tcp_receive: wrong state", pcb->state >= ESTABLISHED);
1149
1150 if (flags & TCP_ACK) {
1151 right_wnd_edge = pcb->snd_wnd + pcb->snd_wl2;
1152
1153 /* Update window. */
1154 if (TCP_SEQ_LT(pcb->snd_wl1, seqno) ||
1155 (pcb->snd_wl1 == seqno && TCP_SEQ_LT(pcb->snd_wl2, ackno)) ||
1156 (pcb->snd_wl2 == ackno && (u32_t)SND_WND_SCALE(pcb, tcphdr->wnd) > pcb->snd_wnd)) {
1157 pcb->snd_wnd = SND_WND_SCALE(pcb, tcphdr->wnd);
1158 /* keep track of the biggest window announced by the remote host to calculate
1159 the maximum segment size */
1160 if (pcb->snd_wnd_max < pcb->snd_wnd) {
1161 pcb->snd_wnd_max = pcb->snd_wnd;
1162 }
1163 pcb->snd_wl1 = seqno;
1164 pcb->snd_wl2 = ackno;
1165 LWIP_DEBUGF(TCP_WND_DEBUG, ("tcp_receive: window update %"TCPWNDSIZE_F"\n", pcb->snd_wnd));
1166 #if TCP_WND_DEBUG
1167 } else {
1168 if (pcb->snd_wnd != (tcpwnd_size_t)SND_WND_SCALE(pcb, tcphdr->wnd)) {
1169 LWIP_DEBUGF(TCP_WND_DEBUG,
1170 ("tcp_receive: no window update lastack %"U32_F" ackno %"
1171 U32_F" wl1 %"U32_F" seqno %"U32_F" wl2 %"U32_F"\n",
1172 pcb->lastack, ackno, pcb->snd_wl1, seqno, pcb->snd_wl2));
1173 }
1174 #endif /* TCP_WND_DEBUG */
1175 }
1176
1177 /* (From Stevens TCP/IP Illustrated Vol II, p970.) Its only a
1178 * duplicate ack if:
1179 * 1) It doesn't ACK new data
1180 * 2) length of received packet is zero (i.e. no payload)
1181 * 3) the advertised window hasn't changed
1182 * 4) There is outstanding unacknowledged data (retransmission timer running)
1183 * 5) The ACK is == biggest ACK sequence number so far seen (snd_una)
1184 *
1185 * If it passes all five, should process as a dupack:
1186 * a) dupacks < 3: do nothing
1187 * b) dupacks == 3: fast retransmit
1188 * c) dupacks > 3: increase cwnd
1189 *
1190 * If it only passes 1-3, should reset dupack counter (and add to
1191 * stats, which we don't do in lwIP)
1192 *
1193 * If it only passes 1, should reset dupack counter
1194 *
1195 */
1196
1197 /* Clause 1 */
1198 if (TCP_SEQ_LEQ(ackno, pcb->lastack)) {
1199 /* Clause 2 */
1200 if (tcplen == 0) {
1201 /* Clause 3 */
1202 if (pcb->snd_wl2 + pcb->snd_wnd == right_wnd_edge) {
1203 /* Clause 4 */
1204 if (pcb->rtime >= 0) {
1205 /* Clause 5 */
1206 if (pcb->lastack == ackno) {
1207 found_dupack = 1;
1208 if ((u8_t)(pcb->dupacks + 1) > pcb->dupacks) {
1209 ++pcb->dupacks;
1210 }
1211 if (pcb->dupacks > 3) {
1212 /* Inflate the congestion window */
1213 TCP_WND_INC(pcb->cwnd, pcb->mss);
1214 }
1215 if (pcb->dupacks >= 3) {
1216 /* Do fast retransmit (checked via TF_INFR, not via dupacks count) */
1217 tcp_rexmit_fast(pcb);
1218 }
1219 }
1220 }
1221 }
1222 }
1223 /* If Clause (1) or more is true, but not a duplicate ack, reset
1224 * count of consecutive duplicate acks */
1225 if (!found_dupack) {
1226 pcb->dupacks = 0;
1227 }
1228 } else if (TCP_SEQ_BETWEEN(ackno, pcb->lastack + 1, pcb->snd_nxt)) {
1229 /* We come here when the ACK acknowledges new data. */
1230 tcpwnd_size_t acked;
1231
1232 /* Reset the "IN Fast Retransmit" flag, since we are no longer
1233 in fast retransmit. Also reset the congestion window to the
1234 slow start threshold. */
1235 if (pcb->flags & TF_INFR) {
1236 tcp_clear_flags(pcb, TF_INFR);
1237 pcb->cwnd = pcb->ssthresh;
1238 pcb->bytes_acked = 0;
1239 }
1240
1241 /* Reset the number of retransmissions. */
1242 pcb->nrtx = 0;
1243
1244 /* Reset the retransmission time-out. */
1245 pcb->rto = (s16_t)((pcb->sa >> 3) + pcb->sv);
1246
1247 /* Record how much data this ACK acks */
1248 acked = (tcpwnd_size_t)(ackno - pcb->lastack);
1249
1250 /* Reset the fast retransmit variables. */
1251 pcb->dupacks = 0;
1252 pcb->lastack = ackno;
1253
1254 /* Update the congestion control variables (cwnd and
1255 ssthresh). */
1256 if (pcb->state >= ESTABLISHED) {
1257 if (pcb->cwnd < pcb->ssthresh) {
1258 tcpwnd_size_t increase;
1259 /* limit to 1 SMSS segment during period following RTO */
1260 u8_t num_seg = (pcb->flags & TF_RTO) ? 1 : 2;
1261 /* RFC 3465, section 2.2 Slow Start */
1262 increase = LWIP_MIN(acked, (tcpwnd_size_t)(num_seg * pcb->mss));
1263 TCP_WND_INC(pcb->cwnd, increase);
1264 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: slow start cwnd %"TCPWNDSIZE_F"\n", pcb->cwnd));
1265 } else {
1266 /* RFC 3465, section 2.1 Congestion Avoidance */
1267 TCP_WND_INC(pcb->bytes_acked, acked);
1268 if (pcb->bytes_acked >= pcb->cwnd) {
1269 pcb->bytes_acked = (tcpwnd_size_t)(pcb->bytes_acked - pcb->cwnd);
1270 TCP_WND_INC(pcb->cwnd, pcb->mss);
1271 }
1272 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: congestion avoidance cwnd %"TCPWNDSIZE_F"\n", pcb->cwnd));
1273 }
1274 }
1275 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: ACK for %"U32_F", unacked->seqno %"U32_F":%"U32_F"\n",
1276 ackno,
1277 pcb->unacked != NULL ?
1278 lwip_ntohl(pcb->unacked->tcphdr->seqno) : 0,
1279 pcb->unacked != NULL ?
1280 lwip_ntohl(pcb->unacked->tcphdr->seqno) + TCP_TCPLEN(pcb->unacked) : 0));
1281
1282 /* Remove segment from the unacknowledged list if the incoming
1283 ACK acknowledges them. */
1284 pcb->unacked = tcp_free_acked_segments(pcb, pcb->unacked, "unacked", pcb->unsent);
1285 /* We go through the ->unsent list to see if any of the segments
1286 on the list are acknowledged by the ACK. This may seem
1287 strange since an "unsent" segment shouldn't be acked. The
1288 rationale is that lwIP puts all outstanding segments on the
1289 ->unsent list after a retransmission, so these segments may
1290 in fact have been sent once. */
1291 pcb->unsent = tcp_free_acked_segments(pcb, pcb->unsent, "unsent", pcb->unacked);
1292
1293 /* If there's nothing left to acknowledge, stop the retransmit
1294 timer, otherwise reset it to start again */
1295 if (pcb->unacked == NULL) {
1296 pcb->rtime = -1;
1297 } else {
1298 pcb->rtime = 0;
1299 }
1300
1301 pcb->polltmr = 0;
1302
1303 #if TCP_OVERSIZE
1304 if (pcb->unsent == NULL) {
1305 pcb->unsent_oversize = 0;
1306 }
1307 #endif /* TCP_OVERSIZE */
1308
1309 #if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
1310 if (ip_current_is_v6()) {
1311 /* Inform neighbor reachability of forward progress. */
1312 nd6_reachability_hint(ip6_current_src_addr());
1313 }
1314 #endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
1315
1316 pcb->snd_buf = (tcpwnd_size_t)(pcb->snd_buf + recv_acked);
1317 /* check if this ACK ends our retransmission of in-flight data */
1318 if (pcb->flags & TF_RTO) {
1319 /* RTO is done if
1320 1) both queues are empty or
1321 2) unacked is empty and unsent head contains data not part of RTO or
1322 3) unacked head contains data not part of RTO */
1323 if (pcb->unacked == NULL) {
1324 if ((pcb->unsent == NULL) ||
1325 (TCP_SEQ_LEQ(pcb->rto_end, lwip_ntohl(pcb->unsent->tcphdr->seqno)))) {
1326 tcp_clear_flags(pcb, TF_RTO);
1327 }
1328 } else if (TCP_SEQ_LEQ(pcb->rto_end, lwip_ntohl(pcb->unacked->tcphdr->seqno))) {
1329 tcp_clear_flags(pcb, TF_RTO);
1330 }
1331 }
1332 /* End of ACK for new data processing. */
1333 } else {
1334 /* Out of sequence ACK, didn't really ack anything */
1335 tcp_send_empty_ack(pcb);
1336 }
1337
1338 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: pcb->rttest %"U32_F" rtseq %"U32_F" ackno %"U32_F"\n",
1339 pcb->rttest, pcb->rtseq, ackno));
1340
1341 /* RTT estimation calculations. This is done by checking if the
1342 incoming segment acknowledges the segment we use to take a
1343 round-trip time measurement. */
1344 if (pcb->rttest && TCP_SEQ_LT(pcb->rtseq, ackno)) {
1345 /* diff between this shouldn't exceed 32K since this are tcp timer ticks
1346 and a round-trip shouldn't be that long... */
1347 m = (s16_t)(tcp_ticks - pcb->rttest);
1348
1349 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: experienced rtt %"U16_F" ticks (%"U16_F" msec).\n",
1350 m, (u16_t)(m * TCP_SLOW_INTERVAL)));
1351
1352 /* This is taken directly from VJs original code in his paper */
1353 m = (s16_t)(m - (pcb->sa >> 3));
1354 pcb->sa = (s16_t)(pcb->sa + m);
1355 if (m < 0) {
1356 m = (s16_t) - m;
1357 }
1358 m = (s16_t)(m - (pcb->sv >> 2));
1359 pcb->sv = (s16_t)(pcb->sv + m);
1360 pcb->rto = (s16_t)((pcb->sa >> 3) + pcb->sv);
1361
1362 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: RTO %"U16_F" (%"U16_F" milliseconds)\n",
1363 pcb->rto, (u16_t)(pcb->rto * TCP_SLOW_INTERVAL)));
1364
1365 pcb->rttest = 0;
1366 }
1367 }
1368
1369 /* If the incoming segment contains data, we must process it
1370 further unless the pcb already received a FIN.
1371 (RFC 793, chapter 3.9, "SEGMENT ARRIVES" in states CLOSE-WAIT, CLOSING,
1372 LAST-ACK and TIME-WAIT: "Ignore the segment text.") */
1373 if ((tcplen > 0) && (pcb->state < CLOSE_WAIT)) {
1374 /* This code basically does three things:
1375
1376 +) If the incoming segment contains data that is the next
1377 in-sequence data, this data is passed to the application. This
1378 might involve trimming the first edge of the data. The rcv_nxt
1379 variable and the advertised window are adjusted.
1380
1381 +) If the incoming segment has data that is above the next
1382 sequence number expected (->rcv_nxt), the segment is placed on
1383 the ->ooseq queue. This is done by finding the appropriate
1384 place in the ->ooseq queue (which is ordered by sequence
1385 number) and trim the segment in both ends if needed. An
1386 immediate ACK is sent to indicate that we received an
1387 out-of-sequence segment.
1388
1389 +) Finally, we check if the first segment on the ->ooseq queue
1390 now is in sequence (i.e., if rcv_nxt >= ooseq->seqno). If
1391 rcv_nxt > ooseq->seqno, we must trim the first edge of the
1392 segment on ->ooseq before we adjust rcv_nxt. The data in the
1393 segments that are now on sequence are chained onto the
1394 incoming segment so that we only need to call the application
1395 once.
1396 */
1397
1398 /* First, we check if we must trim the first edge. We have to do
1399 this if the sequence number of the incoming segment is less
1400 than rcv_nxt, and the sequence number plus the length of the
1401 segment is larger than rcv_nxt. */
1402 /* if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)) {
1403 if (TCP_SEQ_LT(pcb->rcv_nxt, seqno + tcplen)) {*/
1404 if (TCP_SEQ_BETWEEN(pcb->rcv_nxt, seqno + 1, seqno + tcplen - 1)) {
1405 /* Trimming the first edge is done by pushing the payload
1406 pointer in the pbuf downwards. This is somewhat tricky since
1407 we do not want to discard the full contents of the pbuf up to
1408 the new starting point of the data since we have to keep the
1409 TCP header which is present in the first pbuf in the chain.
1410
1411 What is done is really quite a nasty hack: the first pbuf in
1412 the pbuf chain is pointed to by inseg.p. Since we need to be
1413 able to deallocate the whole pbuf, we cannot change this
1414 inseg.p pointer to point to any of the later pbufs in the
1415 chain. Instead, we point the ->payload pointer in the first
1416 pbuf to data in one of the later pbufs. We also set the
1417 inseg.data pointer to point to the right place. This way, the
1418 ->p pointer will still point to the first pbuf, but the
1419 ->p->payload pointer will point to data in another pbuf.
1420
1421 After we are done with adjusting the pbuf pointers we must
1422 adjust the ->data pointer in the seg and the segment
1423 length.*/
1424
1425 struct pbuf *p = inseg.p;
1426 u32_t off32 = pcb->rcv_nxt - seqno;
1427 u16_t new_tot_len, off;
1428 LWIP_ASSERT("inseg.p != NULL", inseg.p);
1429 LWIP_ASSERT("insane offset!", (off32 < 0xffff));
1430 off = (u16_t)off32;
1431 LWIP_ASSERT("pbuf too short!", (((s32_t)inseg.p->tot_len) >= off));
1432 inseg.len -= off;
1433 new_tot_len = (u16_t)(inseg.p->tot_len - off);
1434 while (p->len < off) {
1435 off -= p->len;
1436 /* all pbufs up to and including this one have len==0, so tot_len is equal */
1437 p->tot_len = new_tot_len;
1438 p->len = 0;
1439 p = p->next;
1440 }
1441 /* cannot fail... */
1442 pbuf_remove_header(p, off);
1443 inseg.tcphdr->seqno = seqno = pcb->rcv_nxt;
1444 } else {
1445 if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)) {
1446 /* the whole segment is < rcv_nxt */
1447 /* must be a duplicate of a packet that has already been correctly handled */
1448
1449 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: duplicate seqno %"U32_F"\n", seqno));
1450 tcp_ack_now(pcb);
1451 }
1452 }
1453
1454 /* The sequence number must be within the window (above rcv_nxt
1455 and below rcv_nxt + rcv_wnd) in order to be further
1456 processed. */
1457 if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt,
1458 pcb->rcv_nxt + pcb->rcv_wnd - 1)) {
1459 if (pcb->rcv_nxt == seqno) {
1460 /* The incoming segment is the next in sequence. We check if
1461 we have to trim the end of the segment and update rcv_nxt
1462 and pass the data to the application. */
1463 tcplen = TCP_TCPLEN(&inseg);
1464
1465 if (tcplen > pcb->rcv_wnd) {
1466 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1467 ("tcp_receive: other end overran receive window"
1468 "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
1469 seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
1470 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1471 /* Must remove the FIN from the header as we're trimming
1472 * that byte of sequence-space from the packet */
1473 TCPH_FLAGS_SET(inseg.tcphdr, TCPH_FLAGS(inseg.tcphdr) & ~(unsigned int)TCP_FIN);
1474 }
1475 /* Adjust length of segment to fit in the window. */
1476 TCPWND_CHECK16(pcb->rcv_wnd);
1477 inseg.len = (u16_t)pcb->rcv_wnd;
1478 if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
1479 inseg.len -= 1;
1480 }
1481 pbuf_realloc(inseg.p, inseg.len);
1482 tcplen = TCP_TCPLEN(&inseg);
1483 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd\n",
1484 (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
1485 }
1486 #if TCP_QUEUE_OOSEQ
1487 /* Received in-sequence data, adjust ooseq data if:
1488 - FIN has been received or
1489 - inseq overlaps with ooseq */
1490 if (pcb->ooseq != NULL) {
1491 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1492 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1493 ("tcp_receive: received in-order FIN, binning ooseq queue\n"));
1494 /* Received in-order FIN means anything that was received
1495 * out of order must now have been received in-order, so
1496 * bin the ooseq queue */
1497 while (pcb->ooseq != NULL) {
1498 struct tcp_seg *old_ooseq = pcb->ooseq;
1499 pcb->ooseq = pcb->ooseq->next;
1500 tcp_seg_free(old_ooseq);
1501 }
1502 } else {
1503 struct tcp_seg *next = pcb->ooseq;
1504 /* Remove all segments on ooseq that are covered by inseg already.
1505 * FIN is copied from ooseq to inseg if present. */
1506 while (next &&
1507 TCP_SEQ_GEQ(seqno + tcplen,
1508 next->tcphdr->seqno + next->len)) {
1509 struct tcp_seg *tmp;
1510 /* inseg cannot have FIN here (already processed above) */
1511 if ((TCPH_FLAGS(next->tcphdr) & TCP_FIN) != 0 &&
1512 (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) == 0) {
1513 TCPH_SET_FLAG(inseg.tcphdr, TCP_FIN);
1514 tcplen = TCP_TCPLEN(&inseg);
1515 }
1516 tmp = next;
1517 next = next->next;
1518 tcp_seg_free(tmp);
1519 }
1520 /* Now trim right side of inseg if it overlaps with the first
1521 * segment on ooseq */
1522 if (next &&
1523 TCP_SEQ_GT(seqno + tcplen,
1524 next->tcphdr->seqno)) {
1525 /* inseg cannot have FIN here (already processed above) */
1526 inseg.len = (u16_t)(next->tcphdr->seqno - seqno);
1527 if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
1528 inseg.len -= 1;
1529 }
1530 pbuf_realloc(inseg.p, inseg.len);
1531 tcplen = TCP_TCPLEN(&inseg);
1532 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to ooseq queue\n",
1533 (seqno + tcplen) == next->tcphdr->seqno);
1534 }
1535 pcb->ooseq = next;
1536 }
1537 }
1538 #endif /* TCP_QUEUE_OOSEQ */
1539
1540 pcb->rcv_nxt = seqno + tcplen;
1541
1542 /* Update the receiver's (our) window. */
1543 LWIP_ASSERT("tcp_receive: tcplen > rcv_wnd\n", pcb->rcv_wnd >= tcplen);
1544 pcb->rcv_wnd -= tcplen;
1545
1546 tcp_update_rcv_ann_wnd(pcb);
1547
1548 /* If there is data in the segment, we make preparations to
1549 pass this up to the application. The ->recv_data variable
1550 is used for holding the pbuf that goes to the
1551 application. The code for reassembling out-of-sequence data
1552 chains its data on this pbuf as well.
1553
1554 If the segment was a FIN, we set the TF_GOT_FIN flag that will
1555 be used to indicate to the application that the remote side has
1556 closed its end of the connection. */
1557 if (inseg.p->tot_len > 0) {
1558 recv_data = inseg.p;
1559 /* Since this pbuf now is the responsibility of the
1560 application, we delete our reference to it so that we won't
1561 (mistakingly) deallocate it. */
1562 inseg.p = NULL;
1563 }
1564 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1565 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: received FIN.\n"));
1566 recv_flags |= TF_GOT_FIN;
1567 }
1568
1569 #if TCP_QUEUE_OOSEQ
1570 /* We now check if we have segments on the ->ooseq queue that
1571 are now in sequence. */
1572 while (pcb->ooseq != NULL &&
1573 pcb->ooseq->tcphdr->seqno == pcb->rcv_nxt) {
1574
1575 struct tcp_seg *cseg = pcb->ooseq;
1576 seqno = pcb->ooseq->tcphdr->seqno;
1577
1578 pcb->rcv_nxt += TCP_TCPLEN(cseg);
1579 LWIP_ASSERT("tcp_receive: ooseq tcplen > rcv_wnd\n",
1580 pcb->rcv_wnd >= TCP_TCPLEN(cseg));
1581 pcb->rcv_wnd -= TCP_TCPLEN(cseg);
1582
1583 tcp_update_rcv_ann_wnd(pcb);
1584
1585 if (cseg->p->tot_len > 0) {
1586 /* Chain this pbuf onto the pbuf that we will pass to
1587 the application. */
1588 /* With window scaling, this can overflow recv_data->tot_len, but
1589 that's not a problem since we explicitly fix that before passing
1590 recv_data to the application. */
1591 if (recv_data) {
1592 pbuf_cat(recv_data, cseg->p);
1593 } else {
1594 recv_data = cseg->p;
1595 }
1596 cseg->p = NULL;
1597 }
1598 if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
1599 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: dequeued FIN.\n"));
1600 recv_flags |= TF_GOT_FIN;
1601 if (pcb->state == ESTABLISHED) { /* force passive close or we can move to active close */
1602 pcb->state = CLOSE_WAIT;
1603 }
1604 }
1605
1606 pcb->ooseq = cseg->next;
1607 tcp_seg_free(cseg);
1608 }
1609 #if LWIP_TCP_SACK_OUT
1610 if (pcb->flags & TF_SACK) {
1611 if (pcb->ooseq != NULL) {
1612 /* Some segments may have been removed from ooseq, let's remove all SACKs that
1613 describe anything before the new beginning of that list. */
1614 tcp_remove_sacks_lt(pcb, pcb->ooseq->tcphdr->seqno);
1615 } else if (LWIP_TCP_SACK_VALID(pcb, 0)) {
1616 /* ooseq has been cleared. Nothing to SACK */
1617 memset(pcb->rcv_sacks, 0, sizeof(pcb->rcv_sacks));
1618 }
1619 }
1620 #endif /* LWIP_TCP_SACK_OUT */
1621 #endif /* TCP_QUEUE_OOSEQ */
1622
1623
1624 /* Acknowledge the segment(s). */
1625 tcp_ack(pcb);
1626
1627 #if LWIP_TCP_SACK_OUT
1628 if (LWIP_TCP_SACK_VALID(pcb, 0)) {
1629 /* Normally the ACK for the data received could be piggy-backed on a data packet,
1630 but lwIP currently does not support including SACKs in data packets. So we force
1631 it to respond with an empty ACK packet (only if there is at least one SACK to be sent).
1632 NOTE: tcp_send_empty_ack() on success clears the ACK flags (set by tcp_ack()) */
1633 tcp_send_empty_ack(pcb);
1634 }
1635 #endif /* LWIP_TCP_SACK_OUT */
1636
1637 #if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
1638 if (ip_current_is_v6()) {
1639 /* Inform neighbor reachability of forward progress. */
1640 nd6_reachability_hint(ip6_current_src_addr());
1641 }
1642 #endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
1643
1644 } else {
1645 /* We get here if the incoming segment is out-of-sequence. */
1646
1647 #if TCP_QUEUE_OOSEQ
1648 /* We queue the segment on the ->ooseq queue. */
1649 if (pcb->ooseq == NULL) {
1650 pcb->ooseq = tcp_seg_copy(&inseg);
1651 #if LWIP_TCP_SACK_OUT
1652 if (pcb->flags & TF_SACK) {
1653 /* All the SACKs should be invalid, so we can simply store the most recent one: */
1654 pcb->rcv_sacks[0].left = seqno;
1655 pcb->rcv_sacks[0].right = seqno + inseg.len;
1656 }
1657 #endif /* LWIP_TCP_SACK_OUT */
1658 } else {
1659 /* If the queue is not empty, we walk through the queue and
1660 try to find a place where the sequence number of the
1661 incoming segment is between the sequence numbers of the
1662 previous and the next segment on the ->ooseq queue. That is
1663 the place where we put the incoming segment. If needed, we
1664 trim the second edges of the previous and the incoming
1665 segment so that it will fit into the sequence.
1666
1667 If the incoming segment has the same sequence number as a
1668 segment on the ->ooseq queue, we discard the segment that
1669 contains less data. */
1670
1671 #if LWIP_TCP_SACK_OUT
1672 /* This is the left edge of the lowest possible SACK range.
1673 It may start before the newly received segment (possibly adjusted below). */
1674 u32_t sackbeg = TCP_SEQ_LT(seqno, pcb->ooseq->tcphdr->seqno) ? seqno : pcb->ooseq->tcphdr->seqno;
1675 #endif /* LWIP_TCP_SACK_OUT */
1676 struct tcp_seg *next, *prev = NULL;
1677 for (next = pcb->ooseq; next != NULL; next = next->next) {
1678 if (seqno == next->tcphdr->seqno) {
1679 /* The sequence number of the incoming segment is the
1680 same as the sequence number of the segment on
1681 ->ooseq. We check the lengths to see which one to
1682 discard. */
1683 if (inseg.len > next->len) {
1684 /* The incoming segment is larger than the old
1685 segment. We replace some segments with the new
1686 one. */
1687 struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1688 if (cseg != NULL) {
1689 if (prev != NULL) {
1690 prev->next = cseg;
1691 } else {
1692 pcb->ooseq = cseg;
1693 }
1694 tcp_oos_insert_segment(cseg, next);
1695 }
1696 break;
1697 } else {
1698 /* Either the lengths are the same or the incoming
1699 segment was smaller than the old one; in either
1700 case, we ditch the incoming segment. */
1701 break;
1702 }
1703 } else {
1704 if (prev == NULL) {
1705 if (TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {
1706 /* The sequence number of the incoming segment is lower
1707 than the sequence number of the first segment on the
1708 queue. We put the incoming segment first on the
1709 queue. */
1710 struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1711 if (cseg != NULL) {
1712 pcb->ooseq = cseg;
1713 tcp_oos_insert_segment(cseg, next);
1714 }
1715 break;
1716 }
1717 } else {
1718 /*if (TCP_SEQ_LT(prev->tcphdr->seqno, seqno) &&
1719 TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {*/
1720 if (TCP_SEQ_BETWEEN(seqno, prev->tcphdr->seqno + 1, next->tcphdr->seqno - 1)) {
1721 /* The sequence number of the incoming segment is in
1722 between the sequence numbers of the previous and
1723 the next segment on ->ooseq. We trim trim the previous
1724 segment, delete next segments that included in received segment
1725 and trim received, if needed. */
1726 struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1727 if (cseg != NULL) {
1728 if (TCP_SEQ_GT(prev->tcphdr->seqno + prev->len, seqno)) {
1729 /* We need to trim the prev segment. */
1730 prev->len = (u16_t)(seqno - prev->tcphdr->seqno);
1731 pbuf_realloc(prev->p, prev->len);
1732 }
1733 prev->next = cseg;
1734 tcp_oos_insert_segment(cseg, next);
1735 }
1736 break;
1737 }
1738 }
1739
1740 #if LWIP_TCP_SACK_OUT
1741 /* The new segment goes after the 'next' one. If there is a "hole" in sequence numbers
1742 between 'prev' and the beginning of 'next', we want to move sackbeg. */
1743 if (prev != NULL && prev->tcphdr->seqno + prev->len != next->tcphdr->seqno) {
1744 sackbeg = next->tcphdr->seqno;
1745 }
1746 #endif /* LWIP_TCP_SACK_OUT */
1747
1748 /* We don't use 'prev' below, so let's set it to current 'next'.
1749 This way even if we break the loop below, 'prev' will be pointing
1750 at the segment right in front of the newly added one. */
1751 prev = next;
1752
1753 /* If the "next" segment is the last segment on the
1754 ooseq queue, we add the incoming segment to the end
1755 of the list. */
1756 if (next->next == NULL &&
1757 TCP_SEQ_GT(seqno, next->tcphdr->seqno)) {
1758 if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
1759 /* segment "next" already contains all data */
1760 break;
1761 }
1762 next->next = tcp_seg_copy(&inseg);
1763 if (next->next != NULL) {
1764 if (TCP_SEQ_GT(next->tcphdr->seqno + next->len, seqno)) {
1765 /* We need to trim the last segment. */
1766 next->len = (u16_t)(seqno - next->tcphdr->seqno);
1767 pbuf_realloc(next->p, next->len);
1768 }
1769 /* check if the remote side overruns our receive window */
1770 if (TCP_SEQ_GT((u32_t)tcplen + seqno, pcb->rcv_nxt + (u32_t)pcb->rcv_wnd)) {
1771 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1772 ("tcp_receive: other end overran receive window"
1773 "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
1774 seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
1775 if (TCPH_FLAGS(next->next->tcphdr) & TCP_FIN) {
1776 /* Must remove the FIN from the header as we're trimming
1777 * that byte of sequence-space from the packet */
1778 TCPH_FLAGS_SET(next->next->tcphdr, TCPH_FLAGS(next->next->tcphdr) & ~TCP_FIN);
1779 }
1780 /* Adjust length of segment to fit in the window. */
1781 next->next->len = (u16_t)(pcb->rcv_nxt + pcb->rcv_wnd - seqno);
1782 pbuf_realloc(next->next->p, next->next->len);
1783 tcplen = TCP_TCPLEN(next->next);
1784 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd\n",
1785 (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
1786 }
1787 }
1788 break;
1789 }
1790 }
1791 }
1792
1793 #if LWIP_TCP_SACK_OUT
1794 if (pcb->flags & TF_SACK) {
1795 if (prev == NULL) {
1796 /* The new segment is at the beginning. sackbeg should already be set properly.
1797 We need to find the right edge. */
1798 next = pcb->ooseq;
1799 } else if (prev->next != NULL) {
1800 /* The new segment was added after 'prev'. If there is a "hole" between 'prev' and 'prev->next',
1801 we need to move sackbeg. After that we should find the right edge. */
1802 next = prev->next;
1803 if (prev->tcphdr->seqno + prev->len != next->tcphdr->seqno) {
1804 sackbeg = next->tcphdr->seqno;
1805 }
1806 } else {
1807 next = NULL;
1808 }
1809 if (next != NULL) {
1810 u32_t sackend = next->tcphdr->seqno;
1811 for ( ; (next != NULL) && (sackend == next->tcphdr->seqno); next = next->next) {
1812 sackend += next->len;
1813 }
1814 tcp_add_sack(pcb, sackbeg, sackend);
1815 }
1816 }
1817 #endif /* LWIP_TCP_SACK_OUT */
1818 }
1819 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
1820 {
1821 /* Check that the data on ooseq doesn't exceed one of the limits
1822 and throw away everything above that limit. */
1823 #ifdef TCP_OOSEQ_BYTES_LIMIT
1824 const u32_t ooseq_max_blen = TCP_OOSEQ_BYTES_LIMIT(pcb);
1825 u32_t ooseq_blen = 0;
1826 #endif
1827 #ifdef TCP_OOSEQ_PBUFS_LIMIT
1828 const u16_t ooseq_max_qlen = TCP_OOSEQ_PBUFS_LIMIT(pcb);
1829 u16_t ooseq_qlen = 0;
1830 #endif
1831 struct tcp_seg *next, *prev = NULL;
1832 for (next = pcb->ooseq; next != NULL; prev = next, next = next->next) {
1833 struct pbuf *p = next->p;
1834 int stop_here = 0;
1835 #ifdef TCP_OOSEQ_BYTES_LIMIT
1836 ooseq_blen += p->tot_len;
1837 if (ooseq_blen > ooseq_max_blen) {
1838 stop_here = 1;
1839 }
1840 #endif
1841 #ifdef TCP_OOSEQ_PBUFS_LIMIT
1842 ooseq_qlen += pbuf_clen(p);
1843 if (ooseq_qlen > ooseq_max_qlen) {
1844 stop_here = 1;
1845 }
1846 #endif
1847 if (stop_here) {
1848 #if LWIP_TCP_SACK_OUT
1849 if (pcb->flags & TF_SACK) {
1850 /* Let's remove all SACKs from next's seqno up. */
1851 tcp_remove_sacks_gt(pcb, next->tcphdr->seqno);
1852 }
1853 #endif /* LWIP_TCP_SACK_OUT */
1854 /* too much ooseq data, dump this and everything after it */
1855 tcp_segs_free(next);
1856 if (prev == NULL) {
1857 /* first ooseq segment is too much, dump the whole queue */
1858 pcb->ooseq = NULL;
1859 } else {
1860 /* just dump 'next' and everything after it */
1861 prev->next = NULL;
1862 }
1863 break;
1864 }
1865 }
1866 }
1867 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
1868 #endif /* TCP_QUEUE_OOSEQ */
1869
1870 /* We send the ACK packet after we've (potentially) dealt with SACKs,
1871 so they can be included in the acknowledgment. */
1872 tcp_send_empty_ack(pcb);
1873 }
1874 } else {
1875 /* The incoming segment is not within the window. */
1876 tcp_send_empty_ack(pcb);
1877 }
1878 } else {
1879 /* Segments with length 0 is taken care of here. Segments that
1880 fall out of the window are ACKed. */
1881 if (!TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd - 1)) {
1882 tcp_ack_now(pcb);
1883 }
1884 }
1885 }
1886
1887 static u8_t
1888 tcp_get_next_optbyte(void)
1889 {
1890 u16_t optidx = tcp_optidx++;
1891 if ((tcphdr_opt2 == NULL) || (optidx < tcphdr_opt1len)) {
1892 u8_t *opts = (u8_t *)tcphdr + TCP_HLEN;
1893 return opts[optidx];
1894 } else {
1895 u8_t idx = (u8_t)(optidx - tcphdr_opt1len);
1896 return tcphdr_opt2[idx];
1897 }
1898 }
1899
1900 /**
1901 * Parses the options contained in the incoming segment.
1902 *
1903 * Called from tcp_listen_input() and tcp_process().
1904 * Currently, only the MSS option is supported!
1905 *
1906 * @param pcb the tcp_pcb for which a segment arrived
1907 */
1908 static void
1909 tcp_parseopt(struct tcp_pcb *pcb)
1910 {
1911 u8_t data;
1912 u16_t mss;
1913 #if LWIP_TCP_TIMESTAMPS
1914 u32_t tsval;
1915 #endif
1916
1917 LWIP_ASSERT("tcp_parseopt: invalid pcb", pcb != NULL);
1918
1919 /* Parse the TCP MSS option, if present. */
1920 if (tcphdr_optlen != 0) {
1921 for (tcp_optidx = 0; tcp_optidx < tcphdr_optlen; ) {
1922 u8_t opt = tcp_get_next_optbyte();
1923 switch (opt) {
1924 case LWIP_TCP_OPT_EOL:
1925 /* End of options. */
1926 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: EOL\n"));
1927 return;
1928 case LWIP_TCP_OPT_NOP:
1929 /* NOP option. */
1930 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: NOP\n"));
1931 break;
1932 case LWIP_TCP_OPT_MSS:
1933 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: MSS\n"));
1934 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_MSS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_MSS) > tcphdr_optlen) {
1935 /* Bad length */
1936 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1937 return;
1938 }
1939 /* An MSS option with the right option length. */
1940 mss = (u16_t)(tcp_get_next_optbyte() << 8);
1941 mss |= tcp_get_next_optbyte();
1942 /* Limit the mss to the configured TCP_MSS and prevent division by zero */
1943 pcb->mss = ((mss > TCP_MSS) || (mss == 0)) ? TCP_MSS : mss;
1944 break;
1945 #if LWIP_WND_SCALE
1946 case LWIP_TCP_OPT_WS:
1947 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: WND_SCALE\n"));
1948 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_WS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_WS) > tcphdr_optlen) {
1949 /* Bad length */
1950 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1951 return;
1952 }
1953 /* An WND_SCALE option with the right option length. */
1954 data = tcp_get_next_optbyte();
1955 /* If syn was received with wnd scale option,
1956 activate wnd scale opt, but only if this is not a retransmission */
1957 if ((flags & TCP_SYN) && !(pcb->flags & TF_WND_SCALE)) {
1958 pcb->snd_scale = data;
1959 if (pcb->snd_scale > 14U) {
1960 pcb->snd_scale = 14U;
1961 }
1962 pcb->rcv_scale = TCP_RCV_SCALE;
1963 tcp_set_flags(pcb, TF_WND_SCALE);
1964 /* window scaling is enabled, we can use the full receive window */
1965 LWIP_ASSERT("window not at default value", pcb->rcv_wnd == TCPWND_MIN16(TCP_WND));
1966 LWIP_ASSERT("window not at default value", pcb->rcv_ann_wnd == TCPWND_MIN16(TCP_WND));
1967 pcb->rcv_wnd = pcb->rcv_ann_wnd = TCP_WND;
1968 }
1969 break;
1970 #endif /* LWIP_WND_SCALE */
1971 #if LWIP_TCP_TIMESTAMPS
1972 case LWIP_TCP_OPT_TS:
1973 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: TS\n"));
1974 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_TS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_TS) > tcphdr_optlen) {
1975 /* Bad length */
1976 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1977 return;
1978 }
1979 /* TCP timestamp option with valid length */
1980 tsval = tcp_get_next_optbyte();
1981 tsval |= (tcp_get_next_optbyte() << 8);
1982 tsval |= (tcp_get_next_optbyte() << 16);
1983 tsval |= (tcp_get_next_optbyte() << 24);
1984 if (flags & TCP_SYN) {
1985 pcb->ts_recent = lwip_ntohl(tsval);
1986 /* Enable sending timestamps in every segment now that we know
1987 the remote host supports it. */
1988 tcp_set_flags(pcb, TF_TIMESTAMP);
1989 } else if (TCP_SEQ_BETWEEN(pcb->ts_lastacksent, seqno, seqno + tcplen)) {
1990 pcb->ts_recent = lwip_ntohl(tsval);
1991 }
1992 /* Advance to next option (6 bytes already read) */
1993 tcp_optidx += LWIP_TCP_OPT_LEN_TS - 6;
1994 break;
1995 #endif /* LWIP_TCP_TIMESTAMPS */
1996 #if LWIP_TCP_SACK_OUT
1997 case LWIP_TCP_OPT_SACK_PERM:
1998 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: SACK_PERM\n"));
1999 if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_SACK_PERM || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_SACK_PERM) > tcphdr_optlen) {
2000 /* Bad length */
2001 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
2002 return;
2003 }
2004 /* TCP SACK_PERM option with valid length */
2005 if (flags & TCP_SYN) {
2006 /* We only set it if we receive it in a SYN (or SYN+ACK) packet */
2007 tcp_set_flags(pcb, TF_SACK);
2008 }
2009 break;
2010 #endif /* LWIP_TCP_SACK_OUT */
2011 default:
2012 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: other\n"));
2013 data = tcp_get_next_optbyte();
2014 if (data < 2) {
2015 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
2016 /* If the length field is zero, the options are malformed
2017 and we don't process them further. */
2018 return;
2019 }
2020 /* All other options have a length field, so that we easily
2021 can skip past them. */
2022 tcp_optidx += data - 2;
2023 }
2024 }
2025 }
2026 }
2027
2028 void
2029 tcp_trigger_input_pcb_close(void)
2030 {
2031 recv_flags |= TF_CLOSED;
2032 }
2033
2034 #if LWIP_TCP_SACK_OUT
2035 /**
2036 * Called by tcp_receive() to add new SACK entry.
2037 *
2038 * The new SACK entry will be placed at the beginning of rcv_sacks[], as the newest one.
2039 * Existing SACK entries will be "pushed back", to preserve their order.
2040 * This is the behavior described in RFC 2018, section 4.
2041 *
2042 * @param pcb the tcp_pcb for which a segment arrived
2043 * @param left the left side of the SACK (the first sequence number)
2044 * @param right the right side of the SACK (the first sequence number past this SACK)
2045 */
2046 static void
2047 tcp_add_sack(struct tcp_pcb *pcb, u32_t left, u32_t right)
2048 {
2049 u8_t i;
2050 u8_t unused_idx;
2051
2052 if ((pcb->flags & TF_SACK) == 0 || !TCP_SEQ_LT(left, right)) {
2053 return;
2054 }
2055
2056 /* First, let's remove all SACKs that are no longer needed (because they overlap with the newest one),
2057 while moving all other SACKs forward.
2058 We run this loop for all entries, until we find the first invalid one.
2059 There is no point checking after that. */
2060 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2061 /* We only want to use SACK at [i] if it doesn't overlap with left:right range.
2062 It does not overlap if its right side is before the newly added SACK,
2063 or if its left side is after the newly added SACK.
2064 NOTE: The equality should not really happen, but it doesn't hurt. */
2065 if (TCP_SEQ_LEQ(pcb->rcv_sacks[i].right, left) || TCP_SEQ_LEQ(right, pcb->rcv_sacks[i].left)) {
2066 if (unused_idx != i) {
2067 /* We don't need to copy if it's already in the right spot */
2068 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2069 }
2070 ++unused_idx;
2071 }
2072 }
2073
2074 /* Now 'unused_idx' is the index of the first invalid SACK entry,
2075 anywhere between 0 (no valid entries) and LWIP_TCP_MAX_SACK_NUM (all entries are valid).
2076 We want to clear this and all following SACKs.
2077 However, we will be adding another one in the front (and shifting everything else back).
2078 So let's just iterate from the back, and set each entry to the one to the left if it's valid,
2079 or to 0 if it is not. */
2080 for (i = LWIP_TCP_MAX_SACK_NUM - 1; i > 0; --i) {
2081 /* [i] is the index we are setting, and the value should be at index [i-1],
2082 or 0 if that index is unused (>= unused_idx). */
2083 if (i - 1 >= unused_idx) {
2084 /* [i-1] is unused. Let's clear [i]. */
2085 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2086 } else {
2087 pcb->rcv_sacks[i] = pcb->rcv_sacks[i - 1];
2088 }
2089 }
2090
2091 /* And now we can store the newest SACK */
2092 pcb->rcv_sacks[0].left = left;
2093 pcb->rcv_sacks[0].right = right;
2094 }
2095
2096 /**
2097 * Called to remove a range of SACKs.
2098 *
2099 * SACK entries will be removed or adjusted to not acknowledge any sequence
2100 * numbers that are less than 'seq' passed. It not only invalidates entries,
2101 * but also moves all entries that are still valid to the beginning.
2102 *
2103 * @param pcb the tcp_pcb to modify
2104 * @param seq the lowest sequence number to keep in SACK entries
2105 */
2106 static void
2107 tcp_remove_sacks_lt(struct tcp_pcb *pcb, u32_t seq)
2108 {
2109 u8_t i;
2110 u8_t unused_idx;
2111
2112 /* We run this loop for all entries, until we find the first invalid one.
2113 There is no point checking after that. */
2114 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2115 /* We only want to use SACK at index [i] if its right side is > 'seq'. */
2116 if (TCP_SEQ_GT(pcb->rcv_sacks[i].right, seq)) {
2117 if (unused_idx != i) {
2118 /* We only copy it if it's not in the right spot already. */
2119 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2120 }
2121 /* NOTE: It is possible that its left side is < 'seq', in which case we should adjust it. */
2122 if (TCP_SEQ_LT(pcb->rcv_sacks[unused_idx].left, seq)) {
2123 pcb->rcv_sacks[unused_idx].left = seq;
2124 }
2125 ++unused_idx;
2126 }
2127 }
2128
2129 /* We also need to invalidate everything from 'unused_idx' till the end */
2130 for (i = unused_idx; i < LWIP_TCP_MAX_SACK_NUM; ++i) {
2131 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2132 }
2133 }
2134
2135 #if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
2136 /**
2137 * Called to remove a range of SACKs.
2138 *
2139 * SACK entries will be removed or adjusted to not acknowledge any sequence
2140 * numbers that are greater than (or equal to) 'seq' passed. It not only invalidates entries,
2141 * but also moves all entries that are still valid to the beginning.
2142 *
2143 * @param pcb the tcp_pcb to modify
2144 * @param seq the highest sequence number to keep in SACK entries
2145 */
2146 static void
2147 tcp_remove_sacks_gt(struct tcp_pcb *pcb, u32_t seq)
2148 {
2149 u8_t i;
2150 u8_t unused_idx;
2151
2152 /* We run this loop for all entries, until we find the first invalid one.
2153 There is no point checking after that. */
2154 for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2155 /* We only want to use SACK at index [i] if its left side is < 'seq'. */
2156 if (TCP_SEQ_LT(pcb->rcv_sacks[i].left, seq)) {
2157 if (unused_idx != i) {
2158 /* We only copy it if it's not in the right spot already. */
2159 pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2160 }
2161 /* NOTE: It is possible that its right side is > 'seq', in which case we should adjust it. */
2162 if (TCP_SEQ_GT(pcb->rcv_sacks[unused_idx].right, seq)) {
2163 pcb->rcv_sacks[unused_idx].right = seq;
2164 }
2165 ++unused_idx;
2166 }
2167 }
2168
2169 /* We also need to invalidate everything from 'unused_idx' till the end */
2170 for (i = unused_idx; i < LWIP_TCP_MAX_SACK_NUM; ++i) {
2171 pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2172 }
2173 }
2174 #endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
2175
2176 #endif /* LWIP_TCP_SACK_OUT */
2177
2178 #endif /* LWIP_TCP */
2179