| blob | 8266a05c386e3c1ee4f4257571c6601233128ab9 |
1 /* LWIP service - tcpsock.c - TCP sockets */
2 /*
3 * This module implements support for TCP sockets based on lwIP's core TCP PCB
4 * module, which is largely but not fully cooperative with exactly what we want
5 * to achieve, with as a result that this module is rather complicated.
6 *
7 * Each socket has a send queue and a receive queue. Both are using lwIP's own
8 * (pbuf) buffers, which largely come out of the main 512-byte buffer pool.
9 * The buffers on the send queue are allocated and freed by us--the latter only
10 * once they are no longer in use by lwIP as well. A bit counterintuitively,
11 * we deliberately use a smaller lwIP per-PCB TCP send buffer limit
12 * (TCP_SND_BUF) in the lwIP send configuration (lwipopts.h) in order to more
13 * easily trigger conditions where we cannot enqueue data (or the final FIN)
14 * right away. This way, we get to test the internal logic of this module a
15 * lot more easily. The small lwIP send queue size should not have any impact
16 * on performance, as our own per-socket send queues can be much larger and we
17 * enqueue more of that on the lwIP PCB as soon as we can in all cases.
18 *
19 * The receive queue consists of whatever buffers were given to us by lwIP, but
20 * since those may be many buffers with small amounts of data each, we perform
21 * fairly aggressive merging of consecutive buffers. The intended result is
22 * that we waste no more than 50% of memory within the receive queue. Merging
23 * requires memory copies, which makes it expensive, but we do not configure
24 * lwIP with enough buffers to make running out of buffers a non-issue, so this
25 * trade-off is necessary. Practical experience and measurements of the merge
26 * policy will have to show whether and how the current policy may be improved.
27 *
28 * As can be expected, the connection close semantics are by far the most
29 * complicated part of this module. We attempt to get rid of the lwIP PCB as
30 * soon as we can, letting lwIP take care of the TIME_WAIT state for example.
31 * However, there are various conditions that have to be met before we can
32 * forget about the PCB here--most importantly, that none of our sent data
33 * blocks are still referenced by lwIP because they have not yet been sent or
34 * acknowledged. We can only free the data blocks once lwIP is done with them.
35 *
36 * We do consider the TCP state of lwIP's PCB, in order to avoid duplicating
37 * full state tracking here. However, we do not look at a socket's TCP state
38 * while in a lwIP-generated event for that socket, because the state may not
39 * necessarily reflect the (correct or new) TCP state of the connection, nor
40 * may the PCB be available--this is the case for error events. For these
41 * reasons we use a few internal TCPF_ flags to perform partial state tracking.
42 *
43 * More generally, we tend to access lwIP PCB fields directly only when lwIP's
44 * own BSD API implementation does that too and there is no better alternative.
45 * One example of this is the check to see if our FIN was acknowledged, for
46 * SO_LINGER support. In terms of maintenance, our hope is that if lwIP's API
47 * changes later, we can change our code to imitate whatever lwIP's BSD API
48 * implementation does at that point.
49 */
51 #include <sys/socketvar.h>
52 #include <netinet/in.h>
53 #include <netinet/tcp.h>
54 #include <netinet/ip_var.h>
55 #include <netinet/tcp_timer.h>
56 #include <netinet/tcp_var.h>
57 #include <netinet/tcp_fsm.h>
59 /*
60 * Unfortunately, NetBSD and lwIP have different definitions of a few relevant
61 * preprocessor variables. Make sure we do not attempt to use the NetBSD one
62 * where it matters. We do need one of the NetBSD definitions though.
63 */
65 #undef TF_NODELAY
66 #undef TCP_MSS
74 /*
75 * The number of TCP sockets (NR_TCPSOCK) is defined in the lwIP configuration.
76 */
78 /*
79 * We fully control the send buffer, so we can let its size be set to whatever
80 * we want. The receive buffer is different: if it is smaller than the window
81 * size, we may have to refuse data that lwIP hands us, at which point more
82 * incoming data will cause lwIP to abort the TCP connection--even aside from
83 * performance issues. Therefore, we must make sure the receive buffer is
84 * larger than the TCP window at all times.
85 */
93 /*
94 * The total number of buffers that may in use for TCP socket send queues. The
95 * goal is to allow at least some progress to be made on receiving from TCP
96 * sockets and on differently-typed sockets, at least as long as the LWIP
97 * service can manage to allocate the memory it wants. For the case that it
98 * does not, we can only reactively kill off TCP sockets and/or free enqueued
99 * ethernet packets, neither of which is currently implemented (TODO).
100 */
101 #define TCP_MAX_SENDBUFS (mempool_max_buffers() * 3 / 4)
103 /* Polling intervals, in 500-millsecond units. */
139 /* A bunch of macros that are just for convenience. */
140 #define tcpsock_get_id(tcp) (SOCKID_TCP | (sockid_t)((tcp) - tcp_array))
141 #define tcpsock_get_ipsock(tcp) (&(tcp)->tcp_ipsock)
142 #define tcpsock_get_sock(tcp) (ipsock_get_sock(tcpsock_get_ipsock(tcp)))
143 #define tcpsock_get_sndbuf(tcp) (ipsock_get_sndbuf(tcpsock_get_ipsock(tcp)))
144 #define tcpsock_get_rcvbuf(tcp) (ipsock_get_rcvbuf(tcpsock_get_ipsock(tcp)))
145 #define tcpsock_is_ipv6(tcp) (ipsock_is_ipv6(tcpsock_get_ipsock(tcp)))
146 #define tcpsock_is_shutdown(tcp,fl) \
147 (sockevent_is_shutdown(tcpsock_get_sock(tcp), fl))
148 #define tcpsock_is_listening(tcp) \
149 (sockevent_is_listening(tcpsock_get_sock(tcp)))
150 #define tcpsock_get_flags(tcp) (ipsock_get_flags(tcpsock_get_ipsock(tcp)))
151 #define tcpsock_set_flag(tcp,fl) \
152 (ipsock_set_flag(tcpsock_get_ipsock(tcp), fl))
153 #define tcpsock_clear_flag(tcp,fl) \
154 (ipsock_clear_flag(tcpsock_get_ipsock(tcp), fl))
159 /* The CTL_NET {PF_INET,PF_INET6} IPPROTO_TCP subtree. */
160 /* TODO: add many more and make some of them writable.. */
179 };
186 /*
187 * Initialize the TCP sockets module.
188 */
189 void
191 {
194 /* Initialize the list of free TCP sockets. */
201 /* Initialize other variables. */
204 /* Register the net.inet.tcp and net.inet6.tcp6 RMIB subtrees. */
207 }
209 /*
210 * Initialize the state of a TCP socket's send queue.
211 */
212 static void
214 {
222 }
224 /*
225 * Initialize the state of a TCP socket's receive queue.
226 */
227 static void
229 {
236 }
238 /*
239 * Create a TCP socket.
240 */
241 sockid_t
244 {
255 }
262 /*
263 * Initialize the structure. Do not memset it to zero, as it is still
264 * part of the linked free list. Initialization may still fail. When
265 * adding new fields, make sure to change tcpsock_clone() accordingly.
266 */
284 }
286 /*
287 * Create a TCP socket for the TCP PCB 'pcb' which identifies a new connection
288 * incoming on listening socket 'listener'. The new socket is essentially a
289 * "clone" of the listening TCP socket, in that it should inherit any settings
290 * from the listening socket. The socket has not yet been accepted by userland
291 * so add it to the queue of connetions pending for the listening socket. On
292 * success, return OK. On failure, return a negative error code.
293 */
294 static int
296 {
304 /*
305 * Initialize the structure. Do not memset it to zero, as it is still
306 * part of the linked free list. Initialization may still fail. Most
307 * settings should be inherited from the listening socket here, rather
308 * than being initialized to their default state.
309 */
320 /*
321 * Remove the new socket from the free list, and add it to the queue of
322 * the listening socket--in this order, because the same next pointer
323 * is used for both.
324 */
332 }
334 /*
335 * Allocate a buffer from the pool, using the standard pool size. The returned
336 * buffer is a single element--never a chain.
337 */
340 {
348 }
350 /*
351 * Free the given buffer. Ensure that pbuf_free() will not attempt to free the
352 * next buffer(s) in the chain as well. This may be called for pbufs other
353 * than those allocated with tcpsock_alloc_buf().
354 */
355 static void
357 {
359 /*
360 * Resetting the length is currently not necessary, but better safe
361 * than sorry..
362 */
367 }
369 /*
370 * Clear the send queue of a TCP socket. The caller must ensure that lwIP will
371 * no longer access any of data on the send queue.
372 */
373 static void
375 {
384 tcpsock_sendbufs--;
387 }
390 }
392 /*
393 * Clear the receive queue of a TCP socket. If 'ack_data' is set, also
394 * acknowledge the previous contents of the receive queue to lwIP.
395 */
396 static size_t
398 {
408 tcpsock_recvbufs--;
411 }
413 /*
414 * From now on, we will basically be discarding incoming data as fast
415 * as possible, to keep the full window open at all times.
416 */
423 }
425 /*
426 * The TCP socket's PCB has been detached from the socket, typically because
427 * the connection was aborted, either by us or by lwIP. Either way, any TCP
428 * connection is gone. Clear the socket's send queue, remove the socket from
429 * a listening socket's queue, and if the socket itself is ready and allowed to
430 * be freed, free it now. The socket is ready to be freed if it was either on
431 * a listening queue or being closed already. The socket is allowed to be
432 * freed only if 'may_free' is TRUE. If the socket is not freed, its receive
433 * queue is left as is, as it may still have data to be received by userland.
434 */
435 static int
437 {
442 /*
443 * Free any data on the send queue. This is safe to do right now,
444 * because the PCB has been aborted (or was already gone). We must be
445 * very careful about clearing the send queue in all other situations.
446 */
449 /*
450 * If this was a socket pending acceptance, remove it from the
451 * corresponding listener socket's queue, and free it. Otherwise, free
452 * the socket only if it suspended a graceful close operation.
453 */
459 /*
460 * The listener socket's backlog count should be adjusted by
461 * lwIP whenever the PCB is freed up, so we need (and must) not
462 * attempt to do that here.
463 */
469 /*
470 * Do not free the socket if 'may_free' is FALSE. That flag may be set
471 * if we are currently in the second tcpsock_close() call on the
472 * socket, in which case sockevent_is_closing() is TRUE but we must
473 * still not free the socket now: doing so would derail libsockevent.
474 */
479 }
482 }
484 /*
485 * Abort the lwIP PCB for the given socket, using tcp_abort(). If the PCB is
486 * connected, this will cause the connection to be reset. The PCB, which must
487 * have still been present before the call, will be gone after the call.
488 */
489 static void
491 {
506 }
508 /*
509 * Close the lwIP PCB for the given socket, using tcp_close(). If the PCB is
510 * connected, its graceful close will be finished by lwIP in the background.
511 * The PCB, which must have still been present before the call, will be gone
512 * after the call.
513 */
514 static void
516 {
517 err_t err;
527 }
535 }
537 /*
538 * Return TRUE if all conditions are met for closing the TCP socket's PCB, or
539 * FALSE if they are not. Upon calling this function, the socket's PCB must
540 * still be around.
541 */
542 static int
544 {
548 /*
549 * Regular closing of the PCB requires three conditions to be met:
550 *
551 * 1. all our data has been transmitted AND acknowledged, so that we do
552 * not risk corruption in case there are still unsent or unack'ed
553 * data buffers that may otherwise be recycled too soon;
554 * 2. we have sent our FIN to the peer; and,
555 * 3. we have received a FIN from the peer.
556 */
559 }
561 /*
562 * The given socket is ready to be closed as per the tcpsock_may_close() rules.
563 * This implies that its send queue is already empty. Gracefully close the
564 * PCB. In addition, if the socket is being closed gracefully, meaning we
565 * suspended an earlier tcpsock_close() call (and as such already emptied the
566 * receive queue as well), then tell libsockevent that the close is finished,
567 * freeing the socket. Return TRUE if the socket has indeed been freed this
568 * way, or FALSE if the socket is still around.
569 */
570 static int
572 {
577 /*
578 * If we get here, we have already shut down the sending side of the
579 * PCB. Technically, we are interested only in shutting down the
580 * receiving side of the PCB here, so that lwIP may decide to recycle
581 * the socket later etcetera. We call tcp_close() because we do not
582 * want to rely on tcp_shutdown(RX) doing the exact same thing.
583 * However, we do rely on the fact that the PCB is not immediately
584 * destroyed by the tcp_close() call: otherwise we may have to return
585 * ERR_ABRT if this function is called from a lwIP-generated event.
586 */
589 /*
590 * If we suspended an earlier tcpsock_close() call, we have to tell
591 * libsockevent that the close operation is now complete.
592 */
601 }
603 /*
604 * Attempt to start or resume enqueuing data and/or a FIN to send on the given
605 * TCP socket. Return TRUE if anything at all could be newly enqueued on the
606 * lwIP PCB, even if less than desired. In that case, the caller should try to
607 * send whatever was enqueued, and if applicable, check if the socket may now
608 * be closed (due to the FIN being enqueued). In particular, in any situation
609 * where the socket may be in the process of being closed, the caller must use
610 * tcpsock_may_close() if TRUE is returned. Return FALSE if nothing new could
611 * be enqueued, in which case no send attempt need to be made either.
612 */
613 static int
615 {
619 err_t err;
627 /*
628 * Attempt to enqueue more unsent data, if any, on the PCB's send
629 * queue.
630 */
637 /*
638 * We may maintain a non-NULL unsent pointer even when there is
639 * nothing more to send right now, because the tail buffer may
640 * be filled up further later on.
641 */
653 /* Try to enqueue more data for sending. */
656 else
662 /*
663 * Since tcp_write() enqueues data only, it should only return
664 * out-of-memory errors; no fatal ones. In any case, stop.
665 */
670 }
672 /* We have successfully enqueued data. */
682 }
686 }
688 /*
689 * If all pending data has been enqueued for sending, and we should
690 * shut down the sending end of the socket, try that now.
691 */
699 /*
700 * We have successfully enqueued a FIN. The caller is
701 * now responsible for checking whether the PCB and
702 * possibly even the socket object can now be freed.
703 */
710 /*
711 * FIXME: the resolution for lwIP bug #47485 has taken
712 * away even more control over the closing process from
713 * us, making tracking sockets especially for SO_LINGER
714 * even harder. For now, we simply effectively undo
715 * the patch by clearing TF_CLOSEPEND if tcp_shutdown()
716 * returns ERR_MEM. This will not be sustainable in
717 * the long term, though.
718 */
722 }
723 }
726 }
728 /*
729 * Request lwIP to start sending any enqueued data and/or FIN on the TCP
730 * socket's lwIP PCB. On success, return OK. On failure, return a negative
731 * error code, after cleaning up the socket, freeing the PCB. If the socket
732 * was already being closed, also free the socket object in that case; the
733 * caller must then not touch the socket object anymore upon return. If the
734 * socket object is not freed, and if 'raise_error' is TRUE, raise the error
735 * on the socket object.
736 */
737 static int
739 {
740 err_t err;
745 /*
746 * If we have enqueued something, ask lwIP to send TCP packets now.
747 * This may result in a fatal error, in which case we clean up the
748 * socket and return the error to the caller. Since cleaning up the
749 * socket may free the socket object, and the caller cannot tell
750 * whether that will happen or has happened, also possibly raise the
751 * error on the socket object if it is not gone. As such, callers that
752 * set 'raise_error' to FALSE must know for sure that the socket was
753 * not being closed, for example because the caller is processing a
754 * (send) call from userland.
755 */
766 }
767 /* Otherwise, do not touch the socket object anymore! */
772 }
774 /*
775 * Callback from lwIP. The given number of data bytes have been acknowledged
776 * as received by the remote end. Dequeue and free data from the TCP socket's
777 * send queue as appropriate.
778 */
779 static err_t
781 {
795 /*
796 * First see if we can free up whole buffers. Check against the head
797 * buffer's 'len' rather than 'tot_len', or we may end up leaving an
798 * empty buffer on the chain.
799 */
812 }
815 tcpsock_sendbufs--;
818 }
820 /*
821 * The rest of the given length is for less than the current head
822 * buffer.
823 */
830 }
841 /*
842 * If we emptied the send queue, and we already managed to send a FIN
843 * earlier, we may now have met all requirements to close the socket's
844 * PCB. Otherwise, we may also be able to send more now, so try to
845 * resume sending. Since we are invoked from the "sent" event,
846 * tcp_output() will not actually process anything, and so we do not
847 * call it either. If we did, we would have to deal with errors here.
848 */
855 /*
856 * If we now manage to enqueue a FIN, we may be ready to close
857 * the PCB after all.
858 */
863 }
864 }
866 /* The user may also be able to send more now. */
870 }
872 /*
873 * Check whether any (additional) data previously received on a TCP socket
874 * should be acknowledged, possibly allowing the remote end to send additional
875 * data as a result.
876 */
877 static void
879 {
884 /*
885 * We must make sure that at all times, we can still add an entire
886 * window's worth of data to the receive queue. If the amount of free
887 * space drops below that threshold, we stop acknowledging received
888 * data. The user may change the receive buffer size at all times; we
889 * update the window size lazily as appropriate.
890 */
894 /*
895 * The number of bytes that lwIP can still give us at any time
896 * is represented as 'left'. The number of bytes that we still
897 * allow to be stored in the receive queue is represented as
898 * 'delta'. We must make sure that 'left' does not ever exceed
899 * 'delta' while acknowledging as many bytes as possible under
900 * that rule.
901 */
917 }
918 }
919 }
921 /*
922 * Attempt to merge two consecutive underfilled buffers in the receive queue of
923 * a TCP socket, freeing up one of the two buffers as a result. The first
924 * (oldest) buffer is 'ptail', and the pointer to this buffer is stored at
925 * 'pnext'. The second (new) buffer is 'pbuf', which is already attached to
926 * the first buffer. The second buffer may be followed by additional buffers
927 * with even more new data. Return TRUE if buffers have been merged, in which
928 * case the pointer at 'pnext' may have changed, and no assumptions should be
929 * made about whether 'ptail' and 'pbuf' still exist in any form. Return FALSE
930 * if no merging was necessary or if no new buffer could be allocated.
931 */
932 static int
934 {
940 /*
941 * Unfortunately, we cannot figure out what kind of pbuf we were given
942 * by the lower layers, so we cannot merge two buffers without first
943 * allocating a third. Once we have done that, though, we can easily
944 * merge more into that new buffer. For now we use the following
945 * policies:
946 *
947 * 1. if two consecutive lwIP-provided buffers are both used less than
948 * half the size of a full buffer, try to allocate a new buffer and
949 * copy both lwIP-provided buffers into that new buffer, freeing up
950 * the pair afterwards;
951 * 2. if the tail buffer on the chain is allocated by us and not yet
952 * full, and the next buffer's contents can be added to the tail
953 * buffer in their entirety, do just that.
954 *
955 * Obviously there is a trade-off between the performance overhead of
956 * copying and the resource overhead of keeping less-than-full buffers
957 * on the receive queue, but this policy should both keep actual memory
958 * usage to no more than twice the receive queue length and prevent
959 * excessive copying. The policy deliberately performs more aggressive
960 * merging into a buffer that we allocated ourselves.
961 */
964 /*
965 * Case #1.
966 */
981 /* For now, we need not inherit any flags from either pbuf. */
985 /* One allocated, two about to be deallocated. */
987 tcpsock_recvbufs--;
994 /*
995 * Case #2.
996 */
1005 tcpsock_recvbufs--;
1012 }
1014 /*
1015 * Callback from lwIP. New data or flags have been received on a TCP socket.
1016 */
1017 static err_t
1020 {
1028 /*
1029 * lwIP should never provide anything other than ERR_OK in 'err', and
1030 * it is not clear what we should do if it would. If lwIP ever changes
1031 * in this regard, we will likely have to change this code accordingly.
1032 */
1036 /* If the given buffer is NULL, we have received a FIN. */
1040 /* Userland may now receive EOF. */
1044 /*
1045 * If we were in the process of closing the socket, and we
1046 * receive a FIN before our FIN got acknowledged, we close the
1047 * socket anyway, as described in tcpsock_close(). However, if
1048 * there is still unacknowledged outgoing data or we did not
1049 * even manage to send our FIN yet, hold off closing the socket
1050 * for now.
1051 */
1056 }
1058 /*
1059 * If the socket is being closed, receiving new data should cause a
1060 * reset.
1061 */
1066 /* Do not touch the socket object anymore! */
1071 }
1073 /*
1074 * If the socket has already been shut down for reading, discard the
1075 * incoming data and do nothing else.
1076 */
1083 }
1085 /*
1086 * We deliberately ignore the PBUF_FLAG_PUSH flag. This flag would
1087 * enable the receive functionality to delay delivering "un-pushed"
1088 * data to applications. The implementation of this scheme could track
1089 * the amount of data up to and including the last-pushed segment using
1090 * a "tr_push_len" field or so. Deciding when to deliver "un-pushed"
1091 * data after all is a bit tricker though. As far as I can tell, the
1092 * BSDs do not implement anything like that. Windows does, and this
1093 * results in interaction problems with even more lightweight TCP/IP
1094 * stacks that do not send the TCP PSH flag. Currently, there is no
1095 * obvious benefit for us to support delaying data delivery like that.
1096 * In addition, testing its implementation reliably would be difficult.
1097 */
1101 /*
1102 * Count the number of buffers that are now owned by us. The new total
1103 * of buffers owned by us must not exceed the size of the memory pool.
1104 * Any more would indicate an accounting error. Note that
1105 * tcpsock_recvbufs is currently used for debugging only!
1106 */
1110 /*
1111 * The pre-tail pointer points to whatever is pointing to the tail
1112 * buffer. The latter pointer may be the 'tr_head' field in our
1113 * tcpsock structure, or the 'next' field in the penultimate buffer,
1114 * or NULL if there are currently no buffers on the receive queue.
1115 */
1129 }
1140 }
1142 /*
1143 * Chop up the chain into individual buffers. This is necessary as we
1144 * overload 'tot_len' to mean "space available in the buffer", as we
1145 * want for buffers allocated by us as part of buffer merges. Also get
1146 * a pointer to the pointer to the new penultimate tail buffer. Due to
1147 * merging, the chain may already be empty by now, though.
1148 */
1154 }
1156 }
1167 /*
1168 * Note that tr_len may now exceed the receive buffer size in the
1169 * highly exceptional case that the user is adjusting the latter after
1170 * the socket had already received data.
1171 */
1173 /* See if we can immediately acknowledge some or all of the data. */
1176 /* Also wake up any receivers now. */
1180 }
1182 /*
1183 * Callback from lwIP. The PCB corresponding to the socket identified by 'arg'
1184 * has been closed by lwIP, with the reason specified in 'err': either the
1185 * connection has been aborted locally (ERR_ABRT), it has been reset by the
1186 * remote end (ERR_RST), or it is closed due to state transitions (ERR_CLSD).
1187 */
1188 static void
1190 {
1198 /* The original PCB is now gone, or will be shortly. */
1201 /*
1202 * Clean up the socket. As a result it may be freed, in which case we
1203 * must not touch it anymore. No need to return ERR_ABRT from here, as
1204 * the PCB has been aborted already.
1205 */
1210 /*
1211 * We may get here if the socket is shut down for writing and
1212 * we already received a FIN from the remote side, thus putting
1213 * the socket in LAST_ACK state, and we receive that last
1214 * acknowledgment. There is nothing more we need to do.
1215 *
1216 * We will never get here in the other case that ERR_CLSD is
1217 * raised, which is when the socket is reset because of
1218 * unacknowledged data while closing: we handle the
1219 * reset-on-ACK case ourselves in tcpsock_close(), and the
1220 * socket is in closing state after that.
1221 */
1225 /*
1226 * Anything else should be an error directly from lwIP;
1227 * currently either ERR_ABRT and ERR_RST. Covert it to a
1228 * regular error and set it on the socket. Doing so will also
1229 * raise the appropriate events.
1230 */
1231 /*
1232 * Unfortunately, lwIP is not throwing accurate errors even
1233 * when it can. We convert some errors to reflect more
1234 * accurately the most likely cause.
1235 *
1236 * TODO: fix lwIP in this regard..
1237 */
1244 }
1245 }
1248 }
1249 }
1251 /*
1252 * Callback from lwIP. Perform regular checks on a TCP socket. This function
1253 * is called one per five seconds on connected sockets, and twice per second on
1254 * closing sockets.
1255 */
1256 static err_t
1258 {
1260 err_t err;
1266 /*
1267 * If we ended up running out of buffers earlier, try resuming any send
1268 * requests now, both for enqueuing TCP data with lwIP and for user
1269 * requests.
1270 */
1275 /* See if we can enqueue more data with lwIP. */
1277 /* In some cases, we can now close the PCB. */
1280 /*
1281 * The PCB is definitely gone here, and the
1282 * entire socket object may be gone now too.
1283 * Do not touch either anymore!
1284 */
1287 }
1289 /*
1290 * If actually sending the data fails, the PCB will be
1291 * gone, and the socket object may be gone as well. Do
1292 * not touch either anymore in that case!
1293 */
1296 }
1298 /*
1299 * If we ran out of buffers earlier, it may be possible to take
1300 * in more data from a user process now, even if we did not
1301 * manage to enqueue any more pending data with lwIP.
1302 */
1308 /*
1309 * If the send buffer is full, we will no longer call
1310 * tcp_output(), which means we may also miss out on fatal
1311 * errors that would otherwise kill the connection (e.g., no
1312 * route). As a result, the connection may erroneously
1313 * continue to exist for a long time. To avoid this, we call
1314 * tcp_output() every once in a while when there are still
1315 * unsent data.
1316 */
1326 }
1327 /* Otherwise do not touch the socket object anymore! */
1330 }
1331 }
1333 /*
1334 * If we are closing the socket, and we sent a FIN, see if the FIN got
1335 * acknowledged. If so, finish closing the socket. Unfortunately, we
1336 * can perform this check by polling only. TODO: change lwIP..
1337 */
1344 }
1347 }
1349 /*
1350 * Bind a TCP socket to a local address.
1351 */
1352 static int
1355 {
1357 ip_addr_t ipaddr;
1359 err_t err;
1373 }
1375 /*
1376 * Callback from lwIP. A new connection 'pcb' has arrived on the listening
1377 * socket identified by 'arg'. Note that 'pcb' may be NULL in the case that
1378 * lwIP could not accept the connection itself.
1379 */
1380 static err_t
1382 {
1388 /*
1389 * If the given PCB is NULL, then lwIP ran out of memory allocating a
1390 * PCB for the new connection. There is nothing we can do with that
1391 * information. Also check 'err' just to make sure.
1392 */
1396 /*
1397 * The TCP socket is the listening socket, but the PCB is for the
1398 * incoming connection.
1399 */
1401 /*
1402 * We could not allocate the resources necessary to accept the
1403 * connection. Abort it immediately.
1404 */
1408 }
1410 /*
1411 * The connection has not yet been accepted, and thus should still be
1412 * considered on the listen queue.
1413 */
1416 /* Set the callback functions. */
1425 }
1427 /*
1428 * Put a TCP socket in listening mode.
1429 */
1430 static int
1432 {
1435 err_t err;
1437 /* The maximum backlog value must not exceed its field size. */
1440 /*
1441 * Allow only CLOSED sockets to enter listening mode. If the socket
1442 * was already in listening mode, allow its backlog value to be
1443 * updated, even if it was shut down already (making this a no-op).
1444 */
1449 /*
1450 * If the socket was not already in listening mode, put it in that mode
1451 * now. That involves switching PCBs as lwIP attempts to save memory
1452 * by replacing the original PCB with a smaller one. If the socket was
1453 * already in listening mode, simply update its backlog value--this has
1454 * no effect on the sockets already in the backlog.
1455 */
1459 /*
1460 * If the socket has not been bound to a port yet, do that
1461 * first. This does mean that the listen call may fail with
1462 * side effects, but that is acceptable in this case.
1463 */
1470 }
1472 /*
1473 * Clear the argument on the PCB that is about to be replaced,
1474 * because if we do not, once the PCB is reused (which does not
1475 * clear the argument), we might get weird events. Do this
1476 * before the tcp_listen() call, because we should no longer
1477 * access the old PCB afterwards (even if we can).
1478 */
1488 }
1495 /* Initialize the queue head for sockets pending acceptance. */
1501 }
1503 /*
1504 * Callback from lwIP. A socket connection attempt has succeeded. Note that
1505 * failed socket events will trigger the tcpsock_event_err() callback instead.
1506 */
1507 static err_t
1509 {
1516 /*
1517 * If lwIP ever changes so that this callback is called for connect
1518 * failures as well, then we need to change the code here accordingly.
1519 */
1528 }
1530 /*
1531 * Connect a TCP socket to a remote address.
1532 */
1533 static int
1536 {
1538 ip_addr_t dst_addr;
1540 err_t err;
1543 /*
1544 * Listening sockets may not have a PCB, so we use higher-level flags
1545 * to throw the correct error code for those instead.
1546 */
1550 /*
1551 * If there is no longer any PCB, we obviously cannot perform the
1552 * connection, but POSIX is not clear on which error to return. We
1553 * copy NetBSD's.
1554 */
1558 /*
1559 * The only state from which a connection can be initiated, is CLOSED.
1560 * Some of the other states require distinct error codes, though.
1561 */
1571 }
1573 /*
1574 * Get the destination address, and attempt to start connecting. If
1575 * the socket was not bound before, or it was bound to a port only,
1576 * then lwIP will select a source address for us. We cannot do this
1577 * ourselves even if we wanted to: it is impossible to re-bind a TCP
1578 * PCB in the case it was previously bound to a port only.
1579 */
1585 tcpsock_event_connected);
1587 /*
1588 * Note that various tcp_connect() error cases will leave the PCB with
1589 * a newly set local and remote IP address anyway. We should be
1590 * careful not to rely on the addresses being as they were before.
1591 */
1595 /* Set the other callback functions. */
1601 /*
1602 * Set a flag so that we can correct lwIP's error codes in case the
1603 * connection fails.
1604 */
1608 }
1610 /*
1611 * Test whether any new connections are pending on a listening TCP socket.
1612 */
1613 static int
1615 {
1618 /* Is this socket in listening mode at all? */
1622 /* Are there any connections to accept right now? */
1626 /* If the socket has been shut down, we return ECONNABORTED. */
1630 /* Otherwise, wait for a new connection first. */
1632 }
1634 /*
1635 * Accept a connection on a listening TCP socket, creating a new TCP socket.
1636 */
1637 static sockid_t
1641 {
1648 /* Below, we must not assume that the listener has a PCB. */
1662 /*
1663 * Set 'newsockp' to NULL so that libsockevent knows we already cloned
1664 * the socket, and it must not be reinitialized anymore.
1665 */
1668 }
1670 /*
1671 * Perform preliminary checks on a send request.
1672 */
1673 static int
1677 {
1679 /*
1680 * Reject calls with unknown flags. Since libsockevent strips out the
1681 * flags it handles itself here, we only have to test for ones we can
1682 * not handle. Currently, there are no send flags that we support.
1683 */
1688 }
1690 /*
1691 * Test whether the given number of data bytes can be sent on a TCP socket.
1692 */
1693 static int
1695 {
1715 }
1723 else
1725 }
1727 /*
1728 * Send data on a TCP socket.
1729 */
1730 static int
1736 {
1758 /*
1759 * First see if we can fit any more data in the current tail buffer.
1760 * If so, we set 'ptail' to point to it and 'tail_off' to the previous
1761 * length of the tail buffer, while optimistically extending it to
1762 * include the new data. If not, we set them to NULL/0.
1763 */
1769 /*
1770 * Optimistically extend the head buffer to include whatever
1771 * fits in it. This is needed for util_copy_data().
1772 */
1782 }
1784 /*
1785 * Then, if there is more to send, allocate new buffers as needed. If
1786 * we run out of memory, work with whatever we did manage to grab.
1787 */
1793 /*
1794 * Chances are that we will end up suspending this send
1795 * request because of being out of buffers. We try to
1796 * resume such requests from the polling function.
1797 */
1801 }
1803 tcpsock_sendbufs++;
1807 else
1816 }
1818 /*
1819 * Copy in the data and continue, unless we did not manage to find
1820 * enough space to even meet the low send watermark, in which case we
1821 * undo any allocation and suspend the call until later.
1822 */
1824 /*
1825 * Optimistically attach the new buffers to the tail, also for
1826 * util_copy_data(). We undo all this if the copy fails.
1827 */
1843 /* Undo the modifications made so far. */
1848 tcpsock_sendbufs--;
1853 }
1859 }
1862 }
1864 /* Attach the new buffers, if any, to the buffer tail. */
1869 /*
1870 * Due to our earlier optimistic modifications, this
1871 * may or may not be redundant.
1872 */
1874 }
1882 }
1886 }
1887 }
1891 /*
1892 * See if we can send any of the data we just enqueued. The socket is
1893 * still open as we are still processing a call from userland on it;
1894 * this saves us from having to deal with the cases that the following
1895 * calls end up freeing the socket object.
1896 */
1899 /*
1900 * That did not go well. Return the error immediately if we
1901 * had not made any progress earlier. Otherwise, return our
1902 * partial progress and leave the error to be picked up later.
1903 */
1910 }
1914 }
1916 /*
1917 * Perform preliminary checks on a receive request.
1918 */
1919 static int
1922 {
1924 /*
1925 * Reject calls with unknown flags. Since libsockevent strips out the
1926 * flags it handles itself here, we only have to test for ones we can
1927 * not handle.
1928 */
1933 }
1935 /*
1936 * Return TRUE if receive calls may wait for more data to come in on the
1937 * connection, or FALSE if we already know that that is not going to happen.
1938 */
1939 static int
1941 {
1945 }
1947 /*
1948 * Test whether data can be received on a TCP socket, and if so, how many bytes
1949 * of data.
1950 */
1951 static int
1953 {
1957 /* If there is and never was a connection, refuse the call at all. */
1962 /*
1963 * If we are certain that no more data will come in later, ignore the
1964 * low receive watermark. Otherwise, bound it to the size of the
1965 * receive buffer, or receive calls may block forever.
1966 */
1977 }
1980 }
1982 /*
1983 * Receive data on a TCP socket.
1984 */
1985 static int
1992 {
1998 /* See if we can receive at all, and if so, how much at most. */
2012 /* Copy out the data to the caller. */
2017 /* Unless peeking, remove the data from the receive queue. */
2021 /* Dequeue and free as many entire buffers as possible. */
2036 tcpsock_recvbufs--;
2039 }
2041 /*
2042 * If only part of the (new) head buffer is consumed, adjust
2043 * the saved offset into that buffer.
2044 */
2051 }
2061 }
2063 /*
2064 * The receive buffer has shrunk, so there may now be space to
2065 * receive more data.
2066 */
2072 /* Advance the current copy position, and see if we are done. */
2076 else
2078 }
2080 /*
2081 * Update the set of flag-type socket options on a TCP socket.
2082 */
2083 static void
2085 {
2093 else
2098 else
2100 }
2102 /*
2103 * Prepare a helper structure for IP-level option processing.
2104 */
2105 static void
2107 {
2117 }
2119 /*
2120 * Set socket options on a TCP socket.
2121 */
2122 static int
2125 {
2134 /* Handle TCP-level options. */
2143 /*
2144 * This option is not supported for TCP sockets; it
2145 * would not even make sense. However, named(8)
2146 * insists on trying to set it anyway. We accept the
2147 * request but ignore the value, not even returning
2148 * what was set through getsockopt(2).
2149 */
2157 /*
2158 * This option is not supported at all, but to save
2159 * ourselves from having to remember the current state
2160 * for getsockopt(2), we also refuse to enable it.
2161 */
2166 }
2173 /*
2174 * lwIP's listening TCP PCBs do not have this field.
2175 * If this ever becomes an issue, we can create our own
2176 * shadow flag and do the inheritance ourselves.
2177 */
2187 else
2194 /*
2195 * lwIP's listening TCP PCBs do not have these fields.
2196 */
2207 /*
2208 * The given value is unsigned, but lwIP stores the
2209 * value in milliseconds in a uint32_t field, so we
2210 * have to limit large values to whatever fits in the
2211 * field anyway.
2212 */
2215 else
2220 else
2226 /* lwIP's listening TCP PCBs do not have this field. */
2240 }
2243 }
2245 /* Handle all other options at the IP level. */
2250 }
2252 /*
2253 * Retrieve socket options on a TCP socket.
2254 */
2255 static int
2258 {
2266 /* Handle TCP-level options. */
2275 len);
2276 }
2283 /* lwIP's listening TCP PCBs do not have this field. */
2290 len);
2293 /* lwIP's listening TCP PCBs do not have this field. */
2297 /* This option is read-only at this time. */
2301 len);
2304 /* lwIP's listening TCP PCBs do not have this field. */
2311 len);
2314 /* lwIP's listening TCP PCBs do not have this field. */
2321 len);
2324 /* lwIP's listening TCP PCBs do not have this field. */
2331 len);
2332 }
2335 }
2337 /* Handle all other options at the IP level. */
2342 }
2344 /*
2345 * Retrieve the local socket address of a TCP socket.
2346 */
2347 static int
2350 {
2360 }
2362 /*
2363 * Retrieve the remote socket address of a TCP socket.
2364 */
2365 static int
2368 {
2379 }
2381 /*
2382 * Perform a TCP half-close on a TCP socket. This operation may not complete
2383 * immediately due to memory conditions, in which case it will be completed at
2384 * a later time.
2385 */
2386 static void
2388 {
2392 /*
2393 * Attempt to send the FIN. If a fatal error occurs as a result, raise
2394 * it as an asynchronous error, because this function's callers cannot
2395 * do much with it. That happens to match the way these functions are
2396 * used elsewhere. In any case, as a result, the PCB may be closed.
2397 * However, we are never called from a situation where the socket is
2398 * being closed here, so the socket object will not be freed either.
2399 */
2405 else
2407 }
2408 }
2410 /*
2411 * Shut down a TCP socket for reading and/or writing.
2412 */
2413 static int
2415 {
2418 /*
2419 * If the PCB is gone, we want to allow shutdowns for reading but not
2420 * writing: shutting down for writing affects the PCB, shutting down
2421 * for reading does not. Also, if the PCB is in CLOSED state, we would
2422 * not know how to deal with subsequent operations after a shutdown for
2423 * writing, so forbid such calls altogether.
2424 */
2429 /*
2430 * Handle listening sockets as a special case. Shutting down a
2431 * listening socket frees its PCB. Sockets pending on the accept queue
2432 * may still be accepted, but after that, accept(2) will start
2433 * returning ECONNABORTED. This feature allows multi-process server
2434 * applications to shut down gracefully, supposedly..
2435 */
2441 }
2443 /*
2444 * We control shutdown-for-reading locally, and intentially do not tell
2445 * lwIP about it: if we do that and also shut down for writing, the PCB
2446 * may disappear (now or eventually), which is not what we want.
2447 * Instead, we only tell lwIP to shut down for reading once we actually
2448 * want to get rid of the PCB, using tcp_close(). In the meantime, if
2449 * the socket is shut down for reading by the user, we simply discard
2450 * received data as fast as we can--one out of a number of possible
2451 * design choices there, and (reportedly) the one used by the BSDs.
2452 */
2456 /*
2457 * Shutting down for writing a connecting socket simply closes its PCB.
2458 * Closing a PCB in SYN_SENT state simply deallocates it, so this can
2459 * not fail. On the other hand, for connected sockets we want to send
2460 * a FIN, which may fail due to memory shortage, in which case we have
2461 * to try again later..
2462 */
2468 }
2471 }
2473 /*
2474 * Close a TCP socket. Complete the operation immediately if possible, or
2475 * otherwise initiate the closing process and complete it later, notifying
2476 * libsockevent about that as well. Depending on linger settings, this
2477 * function may be called twice on the same socket: the first time with the
2478 * 'force' flag cleared, and the second time with the 'force' flag set.
2479 */
2480 static int
2482 {
2489 /*
2490 * If this was a listening socket, so abort and clean up any and all
2491 * connections on its listener queue. Note that the listening socket
2492 * may or may not have a PCB at this point.
2493 */
2501 }
2502 }
2504 /*
2505 * Clear the receive queue, and make sure that we no longer add new
2506 * data to it. The latter is relevant only for the case that we end up
2507 * returning SUSPEND below. Remember whether there were bytes left,
2508 * because we should reset the connection if there were.
2509 */
2514 /*
2515 * If the socket is connected, perform a graceful shutdown, unless 1)
2516 * we are asked to force-close the socket, or 2) if the local side has
2517 * not consumed all data, as per RFC 1122 Sec.4.2.2.13. Normally lwIP
2518 * would take care of the second point, but we may have data in our
2519 * receive buffer of which lwIP is not aware.
2520 *
2521 * Implementing proper linger support is somewhat difficult with lwIP.
2522 * In particular, we cannot reliably wait for our FIN to be ACK'ed by
2523 * the other side in all cases:
2524 *
2525 * - the lwIP TCP transition from states CLOSING to TIME_WAIT does not
2526 * trigger any event and once in the TIME_WAIT state, the poll event
2527 * no longer triggers either;
2528 * - the lwIP TCP transition from states FIN_WAIT_1 and FIN_WAIT_2 to
2529 * TIME_WAIT will trigger a receive event, but it is not clear
2530 * whether we can reliably check that our FIN was ACK'ed from there.
2531 *
2532 * That means we have to compromise. Instead of the proper approach,
2533 * we complete our side of the close operation whenever:
2534 *
2535 * 1. all of or data was acknowledged, AND,
2536 * 2. our FIN was sent, AND,
2537 * 3a. our FIN was acknowledged, OR,
2538 * 3b. we received a FIN from the other side.
2539 *
2540 * With the addition of the rule 3b, we do not run into the above
2541 * reliability problems, but we may return from SO_LINGER-blocked close
2542 * calls too early and thus give callers a false impression of success.
2543 * TODO: if lwIP ever gets improved on this point, the code in this
2544 * module should be rewritten to make use of the improvements.
2545 *
2546 * The set of rules is basically the same as for closing the PCB early
2547 * as per tcpsock_may_close(), except with the check for our FIN being
2548 * acknowledged. Unfortunately only the FIN_WAIT_2, TIME_WAIT, and
2549 * (reentered) CLOSED TCP states guarantee that there are no
2550 * unacknowledged data segments anymore, so we may have to wait for
2551 * reaching any one of these before we can actually finish closing the
2552 * socket with tcp_close().
2553 *
2554 * In addition, lwIP does not tell us when our FIN gets acknowledged,
2555 * so we have to use polling and direct access to lwIP's PCB fields
2556 * instead, just like lwIP's BSD API does. There is no other way.
2557 * Also, we may not even be able to send the FIN right away, in which
2558 * case we must defer that until later.
2559 */
2567 /* FALLTHROUGH */
2571 /* First check if we should abort the connection. */
2575 /*
2576 * If we have not sent a FIN yet, try sending it now;
2577 * if all other conditions are met for closing the
2578 * socket, successful FIN transmission will complete
2579 * the close. Otherwise, perform the close check
2580 * explicitly.
2581 */
2587 /*
2588 * If at this point the PCB is gone, we managed to
2589 * close the connection immediately, and the socket has
2590 * already been cleaned up by now. This may occur if
2591 * there is no unacknowledged data and we already
2592 * received a FIN earlier on.
2593 */
2597 /*
2598 * Complete the close operation at a later time.
2599 * Adjust the polling interval, so that we can detect
2600 * completion of the close as quickly as possible.
2601 */
2603 TCP_POLL_CLOSE_INTERVAL);
2608 /*
2609 * The connection is either not yet established, or
2610 * already in a state where we can close it right now.
2611 */
2613 }
2614 }
2616 /*
2617 * Abort the connection is the PCB is still around, and clean up the
2618 * socket. We cannot let tcpsock_cleanup() free the socket object yet,
2619 * because we are still in the callback from libsockevent, and the
2620 * latter cannot handle the socket object being freed from here.
2621 */
2628 }
2630 /*
2631 * Free up a closed TCP socket.
2632 */
2633 static void
2635 {
2645 }
2647 /* This table maps TCP states from lwIP numbers to NetBSD numbers. */
2663 };
2665 /*
2666 * Fill the given kinfo_pcb sysctl(7) structure with information about the TCP
2667 * PCB identified by the given pointer.
2668 */
2669 static void
2671 {
2675 /*
2676 * Not all TCP PCBs have an associated tcpsock structure. We are
2677 * careful enough clearing the callback argument for PCBs on any of the
2678 * TCP lists that we can use that callback argument to determine
2679 * whether there is an associated tcpsock structure, although with one
2680 * exception: PCBs for incoming connections that have not yet been
2681 * fully established (i.e., in SYN_RCVD state). These will have the
2682 * callback argument of the listening socket (which itself may already
2683 * have been deallocated at this point) but should not be considered as
2684 * associated with the listening socket's tcpsock structure.
2685 */
2691 /* TODO: change this so that sockstat(1) may work one day. */
2694 /* No tcpsock. Could also be in TIME_WAIT state etc. */
2698 }
2704 /* TODO: this needs work, but does anything rely on it? */
2706 }
2708 /* Careful with the LISTEN state here (see below). */
2712 /*
2713 * The PCBs for listening sockets are actually smaller. Thus, for
2714 * listening sockets, do not attempt to access any of the fields beyond
2715 * those provided in the smaller structure.
2716 */
2732 }
2733 }
2734 }
2736 /*
2737 * Given either NULL or a previously returned TCP PCB pointer, return the first
2738 * or next TCP PCB pointer, or NULL if there are no more. The current
2739 * implementation supports only one concurrent iteration at once.
2740 */
2743 {
2756 }
2759 }
2761 /*
2762 * Obtain the list of TCP protocol control blocks, for sysctl(7).
2763 */
2764 static ssize_t
2767 {
2770 }
2793 };