1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/stream.h> 28 #include <sys/strsun.h> 29 #include <sys/strsubr.h> 30 #include <sys/debug.h> 31 #include <sys/sdt.h> 32 #include <sys/cmn_err.h> 33 #include <sys/tihdr.h> 34 35 #include <inet/common.h> 36 #include <inet/optcom.h> 37 #include <inet/ip.h> 38 #include <inet/ip_if.h> 39 #include <inet/ip_impl.h> 40 #include <inet/tcp.h> 41 #include <inet/tcp_impl.h> 42 #include <inet/ipsec_impl.h> 43 #include <inet/ipclassifier.h> 44 #include <inet/ipp_common.h> 45 #include <inet/ip_if.h> 46 47 /* 48 * This file implements TCP fusion - a protocol-less data path for TCP 49 * loopback connections. The fusion of two local TCP endpoints occurs 50 * at connection establishment time. Various conditions (see details 51 * in tcp_fuse()) need to be met for fusion to be successful. If it 52 * fails, we fall back to the regular TCP data path; if it succeeds, 53 * both endpoints proceed to use tcp_fuse_output() as the transmit path. 54 * tcp_fuse_output() enqueues application data directly onto the peer's 55 * receive queue; no protocol processing is involved. 56 * 57 * Sychronization is handled by squeue and the mutex tcp_non_sq_lock. 58 * One of the requirements for fusion to succeed is that both endpoints 59 * need to be using the same squeue. This ensures that neither side 60 * can disappear while the other side is still sending data. Flow 61 * control information is manipulated outside the squeue, so the 62 * tcp_non_sq_lock must be held when touching tcp_flow_stopped. 63 */ 64 65 /* 66 * Setting this to false means we disable fusion altogether and 67 * loopback connections would go through the protocol paths. 68 */ 69 boolean_t do_tcp_fusion = B_TRUE; 70 71 /* 72 * Return true if this connection needs some IP functionality 73 */ 74 static boolean_t 75 tcp_loopback_needs_ip(tcp_t *tcp, netstack_t *ns) 76 { 77 ipsec_stack_t *ipss = ns->netstack_ipsec; 78 79 /* 80 * If ire is not cached, do not use fusion 81 */ 82 if (tcp->tcp_connp->conn_ire_cache == NULL) { 83 /* 84 * There is no need to hold conn_lock here because when called 85 * from tcp_fuse() there can be no window where conn_ire_cache 86 * can change. This is not true when called from 87 * tcp_fuse_output() as conn_ire_cache can become null just 88 * after the check. It will be necessary to recheck for a NULL 89 * conn_ire_cache in tcp_fuse_output() to avoid passing a 90 * stale ill pointer to FW_HOOKS. 91 */ 92 return (B_TRUE); 93 } 94 if (tcp->tcp_ipversion == IPV4_VERSION) { 95 if (tcp->tcp_ip_hdr_len != IP_SIMPLE_HDR_LENGTH) 96 return (B_TRUE); 97 if (CONN_OUTBOUND_POLICY_PRESENT(tcp->tcp_connp, ipss)) 98 return (B_TRUE); 99 if (CONN_INBOUND_POLICY_PRESENT(tcp->tcp_connp, ipss)) 100 return (B_TRUE); 101 } else { 102 if (tcp->tcp_ip_hdr_len != IPV6_HDR_LEN) 103 return (B_TRUE); 104 if (CONN_OUTBOUND_POLICY_PRESENT_V6(tcp->tcp_connp, ipss)) 105 return (B_TRUE); 106 if (CONN_INBOUND_POLICY_PRESENT_V6(tcp->tcp_connp, ipss)) 107 return (B_TRUE); 108 } 109 if (!CONN_IS_LSO_MD_FASTPATH(tcp->tcp_connp)) 110 return (B_TRUE); 111 return (B_FALSE); 112 } 113 114 115 /* 116 * This routine gets called by the eager tcp upon changing state from 117 * SYN_RCVD to ESTABLISHED. It fuses a direct path between itself 118 * and the active connect tcp such that the regular tcp processings 119 * may be bypassed under allowable circumstances. Because the fusion 120 * requires both endpoints to be in the same squeue, it does not work 121 * for simultaneous active connects because there is no easy way to 122 * switch from one squeue to another once the connection is created. 123 * This is different from the eager tcp case where we assign it the 124 * same squeue as the one given to the active connect tcp during open. 125 */ 126 void 127 tcp_fuse(tcp_t *tcp, uchar_t *iphdr, tcph_t *tcph) 128 { 129 conn_t *peer_connp, *connp = tcp->tcp_connp; 130 tcp_t *peer_tcp; 131 tcp_stack_t *tcps = tcp->tcp_tcps; 132 netstack_t *ns; 133 ip_stack_t *ipst = tcps->tcps_netstack->netstack_ip; 134 135 ASSERT(!tcp->tcp_fused); 136 ASSERT(tcp->tcp_loopback); 137 ASSERT(tcp->tcp_loopback_peer == NULL); 138 /* 139 * We need to inherit tcp_recv_hiwater of the listener tcp, 140 * but we can't really use tcp_listener since we get here after 141 * sending up T_CONN_IND and tcp_wput_accept() may be called 142 * independently, at which point tcp_listener is cleared; 143 * this is why we use tcp_saved_listener. The listener itself 144 * is guaranteed to be around until tcp_accept_finish() is called 145 * on this eager -- this won't happen until we're done since we're 146 * inside the eager's perimeter now. 147 * 148 * We can also get called in the case were a connection needs 149 * to be re-fused. In this case tcp_saved_listener will be 150 * NULL but tcp_refuse will be true. 151 */ 152 ASSERT(tcp->tcp_saved_listener != NULL || tcp->tcp_refuse); 153 /* 154 * Lookup peer endpoint; search for the remote endpoint having 155 * the reversed address-port quadruplet in ESTABLISHED state, 156 * which is guaranteed to be unique in the system. Zone check 157 * is applied accordingly for loopback address, but not for 158 * local address since we want fusion to happen across Zones. 159 */ 160 if (tcp->tcp_ipversion == IPV4_VERSION) { 161 peer_connp = ipcl_conn_tcp_lookup_reversed_ipv4(connp, 162 (ipha_t *)iphdr, tcph, ipst); 163 } else { 164 peer_connp = ipcl_conn_tcp_lookup_reversed_ipv6(connp, 165 (ip6_t *)iphdr, tcph, ipst); 166 } 167 168 /* 169 * We can only proceed if peer exists, resides in the same squeue 170 * as our conn and is not raw-socket. We also restrict fusion to 171 * endpoints of the same type (STREAMS or non-STREAMS). The squeue 172 * assignment of this eager tcp was done earlier at the time of SYN 173 * processing in ip_fanout_tcp{_v6}. Note that similar squeues by 174 * itself doesn't guarantee a safe condition to fuse, hence we perform 175 * additional tests below. 176 */ 177 ASSERT(peer_connp == NULL || peer_connp != connp); 178 if (peer_connp == NULL || peer_connp->conn_sqp != connp->conn_sqp || 179 !IPCL_IS_TCP(peer_connp) || 180 IPCL_IS_NONSTR(connp) != IPCL_IS_NONSTR(peer_connp)) { 181 if (peer_connp != NULL) { 182 TCP_STAT(tcps, tcp_fusion_unqualified); 183 CONN_DEC_REF(peer_connp); 184 } 185 return; 186 } 187 peer_tcp = peer_connp->conn_tcp; /* active connect tcp */ 188 189 ASSERT(peer_tcp != NULL && peer_tcp != tcp && !peer_tcp->tcp_fused); 190 ASSERT(peer_tcp->tcp_loopback_peer == NULL); 191 ASSERT(peer_connp->conn_sqp == connp->conn_sqp); 192 193 /* 194 * Due to IRE changes the peer and us might not agree on tcp_loopback. 195 * We bail in that case. 196 */ 197 if (!peer_tcp->tcp_loopback) { 198 TCP_STAT(tcps, tcp_fusion_unqualified); 199 CONN_DEC_REF(peer_connp); 200 return; 201 } 202 /* 203 * Fuse the endpoints; we perform further checks against both 204 * tcp endpoints to ensure that a fusion is allowed to happen. 205 * In particular we bail out for non-simple TCP/IP or if IPsec/ 206 * IPQoS policy/kernel SSL exists. We also need to check if 207 * the connection is quiescent to cover the case when we are 208 * trying to re-enable fusion after IPobservability is turned off. 209 */ 210 ns = tcps->tcps_netstack; 211 ipst = ns->netstack_ip; 212 213 if (!tcp->tcp_unfusable && !peer_tcp->tcp_unfusable && 214 !tcp_loopback_needs_ip(tcp, ns) && 215 !tcp_loopback_needs_ip(peer_tcp, ns) && 216 tcp->tcp_kssl_ent == NULL && 217 tcp->tcp_xmit_head == NULL && peer_tcp->tcp_xmit_head == NULL && 218 !IPP_ENABLED(IPP_LOCAL_OUT|IPP_LOCAL_IN, ipst)) { 219 mblk_t *mp; 220 queue_t *peer_rq = peer_tcp->tcp_rq; 221 222 ASSERT(!TCP_IS_DETACHED(peer_tcp)); 223 ASSERT(tcp->tcp_fused_sigurg_mp == NULL || 224 (!IPCL_IS_NONSTR(connp) && tcp->tcp_refuse)); 225 ASSERT(peer_tcp->tcp_fused_sigurg_mp == NULL || 226 (!IPCL_IS_NONSTR(peer_connp) && peer_tcp->tcp_refuse)); 227 ASSERT(tcp->tcp_kssl_ctx == NULL); 228 229 /* 230 * We need to drain data on both endpoints during unfuse. 231 * If we need to send up SIGURG at the time of draining, 232 * we want to be sure that an mblk is readily available. 233 * This is why we pre-allocate the M_PCSIG mblks for both 234 * endpoints which will only be used during/after unfuse. 235 * The mblk might already exist if we are doing a re-fuse. 236 */ 237 if (!IPCL_IS_NONSTR(tcp->tcp_connp)) { 238 ASSERT(!IPCL_IS_NONSTR(peer_tcp->tcp_connp)); 239 240 if (tcp->tcp_fused_sigurg_mp == NULL) { 241 if ((mp = allocb(1, BPRI_HI)) == NULL) 242 goto failed; 243 tcp->tcp_fused_sigurg_mp = mp; 244 } 245 246 if (peer_tcp->tcp_fused_sigurg_mp == NULL) { 247 if ((mp = allocb(1, BPRI_HI)) == NULL) 248 goto failed; 249 peer_tcp->tcp_fused_sigurg_mp = mp; 250 } 251 252 if ((mp = allocb(sizeof (struct stroptions), 253 BPRI_HI)) == NULL) 254 goto failed; 255 } 256 257 /* Fuse both endpoints */ 258 peer_tcp->tcp_loopback_peer = tcp; 259 tcp->tcp_loopback_peer = peer_tcp; 260 peer_tcp->tcp_fused = tcp->tcp_fused = B_TRUE; 261 262 /* 263 * We never use regular tcp paths in fusion and should 264 * therefore clear tcp_unsent on both endpoints. Having 265 * them set to non-zero values means asking for trouble 266 * especially after unfuse, where we may end up sending 267 * through regular tcp paths which expect xmit_list and 268 * friends to be correctly setup. 269 */ 270 peer_tcp->tcp_unsent = tcp->tcp_unsent = 0; 271 272 tcp_timers_stop(tcp); 273 tcp_timers_stop(peer_tcp); 274 275 if (!tcp->tcp_refuse) { 276 /* 277 * Set receive buffer and max packet size for the 278 * active open tcp. 279 * eager's values will be set in tcp_accept_finish. 280 */ 281 282 (void) tcp_rwnd_set(peer_tcp, 283 peer_tcp->tcp_recv_hiwater); 284 285 /* 286 * Set the write offset value to zero since we won't 287 * be needing any room for TCP/IP headers. 288 */ 289 if (!IPCL_IS_NONSTR(peer_tcp->tcp_connp)) { 290 struct stroptions *stropt; 291 292 DB_TYPE(mp) = M_SETOPTS; 293 mp->b_wptr += sizeof (*stropt); 294 295 stropt = (struct stroptions *)mp->b_rptr; 296 stropt->so_flags = SO_WROFF; 297 stropt->so_wroff = 0; 298 299 /* Send the options up */ 300 putnext(peer_rq, mp); 301 } else { 302 struct sock_proto_props sopp; 303 304 /* The peer is a non-STREAMS end point */ 305 ASSERT(IPCL_IS_TCP(peer_connp)); 306 307 sopp.sopp_flags = SOCKOPT_WROFF; 308 sopp.sopp_wroff = 0; 309 (*peer_connp->conn_upcalls->su_set_proto_props) 310 (peer_connp->conn_upper_handle, &sopp); 311 } 312 } else { 313 /* 314 * Endpoints are being re-fused, so options will not 315 * be sent up. In case of STREAMS, free the stroptions 316 * mblk. 317 */ 318 if (!IPCL_IS_NONSTR(connp)) 319 freemsg(mp); 320 } 321 tcp->tcp_refuse = B_FALSE; 322 peer_tcp->tcp_refuse = B_FALSE; 323 } else { 324 TCP_STAT(tcps, tcp_fusion_unqualified); 325 } 326 CONN_DEC_REF(peer_connp); 327 return; 328 329 failed: 330 if (tcp->tcp_fused_sigurg_mp != NULL) { 331 freeb(tcp->tcp_fused_sigurg_mp); 332 tcp->tcp_fused_sigurg_mp = NULL; 333 } 334 if (peer_tcp->tcp_fused_sigurg_mp != NULL) { 335 freeb(peer_tcp->tcp_fused_sigurg_mp); 336 peer_tcp->tcp_fused_sigurg_mp = NULL; 337 } 338 CONN_DEC_REF(peer_connp); 339 } 340 341 /* 342 * Unfuse a previously-fused pair of tcp loopback endpoints. 343 */ 344 void 345 tcp_unfuse(tcp_t *tcp) 346 { 347 tcp_t *peer_tcp = tcp->tcp_loopback_peer; 348 tcp_stack_t *tcps = tcp->tcp_tcps; 349 350 ASSERT(tcp->tcp_fused && peer_tcp != NULL); 351 ASSERT(peer_tcp->tcp_fused && peer_tcp->tcp_loopback_peer == tcp); 352 ASSERT(tcp->tcp_connp->conn_sqp == peer_tcp->tcp_connp->conn_sqp); 353 ASSERT(tcp->tcp_unsent == 0 && peer_tcp->tcp_unsent == 0); 354 355 /* 356 * Cancel any pending push timers. 357 */ 358 if (tcp->tcp_push_tid != 0) { 359 (void) TCP_TIMER_CANCEL(tcp, tcp->tcp_push_tid); 360 tcp->tcp_push_tid = 0; 361 } 362 if (peer_tcp->tcp_push_tid != 0) { 363 (void) TCP_TIMER_CANCEL(peer_tcp, peer_tcp->tcp_push_tid); 364 peer_tcp->tcp_push_tid = 0; 365 } 366 367 /* 368 * Drain any pending data; Note that in case of a detached tcp, the 369 * draining will happen later after the tcp is unfused. For non- 370 * urgent data, this can be handled by the regular tcp_rcv_drain(). 371 * If we have urgent data sitting in the receive list, we will 372 * need to send up a SIGURG signal first before draining the data. 373 * All of these will be handled by the code in tcp_fuse_rcv_drain() 374 * when called from tcp_rcv_drain(). 375 */ 376 if (!TCP_IS_DETACHED(tcp)) { 377 (void) tcp_fuse_rcv_drain(tcp->tcp_rq, tcp, 378 &tcp->tcp_fused_sigurg_mp); 379 } 380 if (!TCP_IS_DETACHED(peer_tcp)) { 381 (void) tcp_fuse_rcv_drain(peer_tcp->tcp_rq, peer_tcp, 382 &peer_tcp->tcp_fused_sigurg_mp); 383 } 384 385 /* Lift up any flow-control conditions */ 386 mutex_enter(&tcp->tcp_non_sq_lock); 387 if (tcp->tcp_flow_stopped) { 388 tcp_clrqfull(tcp); 389 TCP_STAT(tcps, tcp_fusion_backenabled); 390 } 391 mutex_exit(&tcp->tcp_non_sq_lock); 392 393 mutex_enter(&peer_tcp->tcp_non_sq_lock); 394 if (peer_tcp->tcp_flow_stopped) { 395 tcp_clrqfull(peer_tcp); 396 TCP_STAT(tcps, tcp_fusion_backenabled); 397 } 398 mutex_exit(&peer_tcp->tcp_non_sq_lock); 399 400 /* 401 * Update th_seq and th_ack in the header template 402 */ 403 U32_TO_ABE32(tcp->tcp_snxt, tcp->tcp_tcph->th_seq); 404 U32_TO_ABE32(tcp->tcp_rnxt, tcp->tcp_tcph->th_ack); 405 U32_TO_ABE32(peer_tcp->tcp_snxt, peer_tcp->tcp_tcph->th_seq); 406 U32_TO_ABE32(peer_tcp->tcp_rnxt, peer_tcp->tcp_tcph->th_ack); 407 408 /* Unfuse the endpoints */ 409 peer_tcp->tcp_fused = tcp->tcp_fused = B_FALSE; 410 peer_tcp->tcp_loopback_peer = tcp->tcp_loopback_peer = NULL; 411 } 412 413 /* 414 * Fusion output routine used to handle urgent data sent by STREAMS based 415 * endpoints. This routine is called by tcp_fuse_output() for handling 416 * non-M_DATA mblks. 417 */ 418 void 419 tcp_fuse_output_urg(tcp_t *tcp, mblk_t *mp) 420 { 421 mblk_t *mp1; 422 struct T_exdata_ind *tei; 423 tcp_t *peer_tcp = tcp->tcp_loopback_peer; 424 mblk_t *head, *prev_head = NULL; 425 tcp_stack_t *tcps = tcp->tcp_tcps; 426 427 ASSERT(tcp->tcp_fused); 428 ASSERT(peer_tcp != NULL && peer_tcp->tcp_loopback_peer == tcp); 429 ASSERT(!IPCL_IS_NONSTR(tcp->tcp_connp)); 430 ASSERT(DB_TYPE(mp) == M_PROTO || DB_TYPE(mp) == M_PCPROTO); 431 ASSERT(mp->b_cont != NULL && DB_TYPE(mp->b_cont) == M_DATA); 432 ASSERT(MBLKL(mp) >= sizeof (*tei) && MBLKL(mp->b_cont) > 0); 433 434 /* 435 * Urgent data arrives in the form of T_EXDATA_REQ from above. 436 * Each occurence denotes a new urgent pointer. For each new 437 * urgent pointer we signal (SIGURG) the receiving app to indicate 438 * that it needs to go into urgent mode. This is similar to the 439 * urgent data handling in the regular tcp. We don't need to keep 440 * track of where the urgent pointer is, because each T_EXDATA_REQ 441 * "advances" the urgent pointer for us. 442 * 443 * The actual urgent data carried by T_EXDATA_REQ is then prepended 444 * by a T_EXDATA_IND before being enqueued behind any existing data 445 * destined for the receiving app. There is only a single urgent 446 * pointer (out-of-band mark) for a given tcp. If the new urgent 447 * data arrives before the receiving app reads some existing urgent 448 * data, the previous marker is lost. This behavior is emulated 449 * accordingly below, by removing any existing T_EXDATA_IND messages 450 * and essentially converting old urgent data into non-urgent. 451 */ 452 ASSERT(tcp->tcp_valid_bits & TCP_URG_VALID); 453 /* Let sender get out of urgent mode */ 454 tcp->tcp_valid_bits &= ~TCP_URG_VALID; 455 456 /* 457 * This flag indicates that a signal needs to be sent up. 458 * This flag will only get cleared once SIGURG is delivered and 459 * is not affected by the tcp_fused flag -- delivery will still 460 * happen even after an endpoint is unfused, to handle the case 461 * where the sending endpoint immediately closes/unfuses after 462 * sending urgent data and the accept is not yet finished. 463 */ 464 peer_tcp->tcp_fused_sigurg = B_TRUE; 465 466 /* Reuse T_EXDATA_REQ mblk for T_EXDATA_IND */ 467 DB_TYPE(mp) = M_PROTO; 468 tei = (struct T_exdata_ind *)mp->b_rptr; 469 tei->PRIM_type = T_EXDATA_IND; 470 tei->MORE_flag = 0; 471 mp->b_wptr = (uchar_t *)&tei[1]; 472 473 TCP_STAT(tcps, tcp_fusion_urg); 474 BUMP_MIB(&tcps->tcps_mib, tcpOutUrg); 475 476 head = peer_tcp->tcp_rcv_list; 477 while (head != NULL) { 478 /* 479 * Remove existing T_EXDATA_IND, keep the data which follows 480 * it and relink our list. Note that we don't modify the 481 * tcp_rcv_last_tail since it never points to T_EXDATA_IND. 482 */ 483 if (DB_TYPE(head) != M_DATA) { 484 mp1 = head; 485 486 ASSERT(DB_TYPE(mp1->b_cont) == M_DATA); 487 head = mp1->b_cont; 488 mp1->b_cont = NULL; 489 head->b_next = mp1->b_next; 490 mp1->b_next = NULL; 491 if (prev_head != NULL) 492 prev_head->b_next = head; 493 if (peer_tcp->tcp_rcv_list == mp1) 494 peer_tcp->tcp_rcv_list = head; 495 if (peer_tcp->tcp_rcv_last_head == mp1) 496 peer_tcp->tcp_rcv_last_head = head; 497 freeb(mp1); 498 } 499 prev_head = head; 500 head = head->b_next; 501 } 502 } 503 504 /* 505 * Fusion output routine, called by tcp_output() and tcp_wput_proto(). 506 * If we are modifying any member that can be changed outside the squeue, 507 * like tcp_flow_stopped, we need to take tcp_non_sq_lock. 508 */ 509 boolean_t 510 tcp_fuse_output(tcp_t *tcp, mblk_t *mp, uint32_t send_size) 511 { 512 tcp_t *peer_tcp = tcp->tcp_loopback_peer; 513 boolean_t flow_stopped, peer_data_queued = B_FALSE; 514 boolean_t urgent = (DB_TYPE(mp) != M_DATA); 515 boolean_t push = B_TRUE; 516 mblk_t *mp1 = mp; 517 ill_t *ilp, *olp; 518 ipif_t *iifp, *oifp; 519 ipha_t *ipha; 520 ip6_t *ip6h; 521 tcph_t *tcph; 522 uint_t ip_hdr_len; 523 uint32_t seq; 524 uint32_t recv_size = send_size; 525 tcp_stack_t *tcps = tcp->tcp_tcps; 526 netstack_t *ns = tcps->tcps_netstack; 527 ip_stack_t *ipst = ns->netstack_ip; 528 529 ASSERT(tcp->tcp_fused); 530 ASSERT(peer_tcp != NULL && peer_tcp->tcp_loopback_peer == tcp); 531 ASSERT(tcp->tcp_connp->conn_sqp == peer_tcp->tcp_connp->conn_sqp); 532 ASSERT(DB_TYPE(mp) == M_DATA || DB_TYPE(mp) == M_PROTO || 533 DB_TYPE(mp) == M_PCPROTO); 534 535 /* If this connection requires IP, unfuse and use regular path */ 536 if (tcp_loopback_needs_ip(tcp, ns) || 537 tcp_loopback_needs_ip(peer_tcp, ns) || 538 IPP_ENABLED(IPP_LOCAL_OUT|IPP_LOCAL_IN, ipst) || 539 (tcp->tcp_ipversion == IPV4_VERSION && 540 ipst->ips_ip4_observe.he_interested) || 541 (tcp->tcp_ipversion == IPV6_VERSION && 542 ipst->ips_ip6_observe.he_interested)) { 543 TCP_STAT(tcps, tcp_fusion_aborted); 544 tcp->tcp_refuse = B_TRUE; 545 peer_tcp->tcp_refuse = B_TRUE; 546 547 bcopy(peer_tcp->tcp_tcph, &tcp->tcp_saved_tcph, 548 sizeof (tcph_t)); 549 bcopy(tcp->tcp_tcph, &peer_tcp->tcp_saved_tcph, 550 sizeof (tcph_t)); 551 if (tcp->tcp_ipversion == IPV4_VERSION) { 552 bcopy(peer_tcp->tcp_ipha, &tcp->tcp_saved_ipha, 553 sizeof (ipha_t)); 554 bcopy(tcp->tcp_ipha, &peer_tcp->tcp_saved_ipha, 555 sizeof (ipha_t)); 556 } else { 557 bcopy(peer_tcp->tcp_ip6h, &tcp->tcp_saved_ip6h, 558 sizeof (ip6_t)); 559 bcopy(tcp->tcp_ip6h, &peer_tcp->tcp_saved_ip6h, 560 sizeof (ip6_t)); 561 } 562 goto unfuse; 563 } 564 565 if (send_size == 0) { 566 freemsg(mp); 567 return (B_TRUE); 568 } 569 570 /* 571 * Handle urgent data; we either send up SIGURG to the peer now 572 * or do it later when we drain, in case the peer is detached 573 * or if we're short of memory for M_PCSIG mblk. 574 */ 575 if (urgent) { 576 tcp_fuse_output_urg(tcp, mp); 577 578 mp1 = mp->b_cont; 579 } 580 581 if (tcp->tcp_ipversion == IPV4_VERSION && 582 (HOOKS4_INTERESTED_LOOPBACK_IN(ipst) || 583 HOOKS4_INTERESTED_LOOPBACK_OUT(ipst)) || 584 tcp->tcp_ipversion == IPV6_VERSION && 585 (HOOKS6_INTERESTED_LOOPBACK_IN(ipst) || 586 HOOKS6_INTERESTED_LOOPBACK_OUT(ipst))) { 587 /* 588 * Build ip and tcp header to satisfy FW_HOOKS. 589 * We only build it when any hook is present. 590 */ 591 if ((mp1 = tcp_xmit_mp(tcp, mp1, tcp->tcp_mss, NULL, NULL, 592 tcp->tcp_snxt, B_TRUE, NULL, B_FALSE)) == NULL) 593 /* If tcp_xmit_mp fails, use regular path */ 594 goto unfuse; 595 596 /* 597 * The ipif and ill can be safely referenced under the 598 * protection of conn_lock - see head of function comment for 599 * conn_get_held_ipif(). It is necessary to check that both 600 * the ipif and ill can be looked up (i.e. not condemned). If 601 * not, bail out and unfuse this connection. 602 */ 603 mutex_enter(&peer_tcp->tcp_connp->conn_lock); 604 if ((peer_tcp->tcp_connp->conn_ire_cache == NULL) || 605 (peer_tcp->tcp_connp->conn_ire_cache->ire_marks & 606 IRE_MARK_CONDEMNED) || 607 ((oifp = peer_tcp->tcp_connp->conn_ire_cache->ire_ipif) 608 == NULL) || 609 (!IPIF_CAN_LOOKUP(oifp)) || 610 ((olp = oifp->ipif_ill) == NULL) || 611 (ill_check_and_refhold(olp) != 0)) { 612 mutex_exit(&peer_tcp->tcp_connp->conn_lock); 613 goto unfuse; 614 } 615 mutex_exit(&peer_tcp->tcp_connp->conn_lock); 616 617 /* PFHooks: LOOPBACK_OUT */ 618 if (tcp->tcp_ipversion == IPV4_VERSION) { 619 ipha = (ipha_t *)mp1->b_rptr; 620 621 DTRACE_PROBE4(ip4__loopback__out__start, 622 ill_t *, NULL, ill_t *, olp, 623 ipha_t *, ipha, mblk_t *, mp1); 624 FW_HOOKS(ipst->ips_ip4_loopback_out_event, 625 ipst->ips_ipv4firewall_loopback_out, 626 NULL, olp, ipha, mp1, mp1, 0, ipst); 627 DTRACE_PROBE1(ip4__loopback__out__end, mblk_t *, mp1); 628 } else { 629 ip6h = (ip6_t *)mp1->b_rptr; 630 631 DTRACE_PROBE4(ip6__loopback__out__start, 632 ill_t *, NULL, ill_t *, olp, 633 ip6_t *, ip6h, mblk_t *, mp1); 634 FW_HOOKS6(ipst->ips_ip6_loopback_out_event, 635 ipst->ips_ipv6firewall_loopback_out, 636 NULL, olp, ip6h, mp1, mp1, 0, ipst); 637 DTRACE_PROBE1(ip6__loopback__out__end, mblk_t *, mp1); 638 } 639 ill_refrele(olp); 640 641 if (mp1 == NULL) 642 goto unfuse; 643 644 /* 645 * The ipif and ill can be safely referenced under the 646 * protection of conn_lock - see head of function comment for 647 * conn_get_held_ipif(). It is necessary to check that both 648 * the ipif and ill can be looked up (i.e. not condemned). If 649 * not, bail out and unfuse this connection. 650 */ 651 mutex_enter(&tcp->tcp_connp->conn_lock); 652 if ((tcp->tcp_connp->conn_ire_cache == NULL) || 653 (tcp->tcp_connp->conn_ire_cache->ire_marks & 654 IRE_MARK_CONDEMNED) || 655 ((iifp = tcp->tcp_connp->conn_ire_cache->ire_ipif) 656 == NULL) || 657 (!IPIF_CAN_LOOKUP(iifp)) || 658 ((ilp = iifp->ipif_ill) == NULL) || 659 (ill_check_and_refhold(ilp) != 0)) { 660 mutex_exit(&tcp->tcp_connp->conn_lock); 661 goto unfuse; 662 } 663 mutex_exit(&tcp->tcp_connp->conn_lock); 664 665 /* PFHooks: LOOPBACK_IN */ 666 if (tcp->tcp_ipversion == IPV4_VERSION) { 667 DTRACE_PROBE4(ip4__loopback__in__start, 668 ill_t *, ilp, ill_t *, NULL, 669 ipha_t *, ipha, mblk_t *, mp1); 670 FW_HOOKS(ipst->ips_ip4_loopback_in_event, 671 ipst->ips_ipv4firewall_loopback_in, 672 ilp, NULL, ipha, mp1, mp1, 0, ipst); 673 DTRACE_PROBE1(ip4__loopback__in__end, mblk_t *, mp1); 674 ill_refrele(ilp); 675 if (mp1 == NULL) 676 goto unfuse; 677 678 ip_hdr_len = IPH_HDR_LENGTH(ipha); 679 } else { 680 DTRACE_PROBE4(ip6__loopback__in__start, 681 ill_t *, ilp, ill_t *, NULL, 682 ip6_t *, ip6h, mblk_t *, mp1); 683 FW_HOOKS6(ipst->ips_ip6_loopback_in_event, 684 ipst->ips_ipv6firewall_loopback_in, 685 ilp, NULL, ip6h, mp1, mp1, 0, ipst); 686 DTRACE_PROBE1(ip6__loopback__in__end, mblk_t *, mp1); 687 ill_refrele(ilp); 688 if (mp1 == NULL) 689 goto unfuse; 690 691 ip_hdr_len = ip_hdr_length_v6(mp1, ip6h); 692 } 693 694 /* Data length might be changed by FW_HOOKS */ 695 tcph = (tcph_t *)&mp1->b_rptr[ip_hdr_len]; 696 seq = ABE32_TO_U32(tcph->th_seq); 697 recv_size += seq - tcp->tcp_snxt; 698 699 /* 700 * The message duplicated by tcp_xmit_mp is freed. 701 * Note: the original message passed in remains unchanged. 702 */ 703 freemsg(mp1); 704 } 705 706 /* 707 * Enqueue data into the peer's receive list; we may or may not 708 * drain the contents depending on the conditions below. 709 * 710 * For non-STREAMS sockets we normally queue data directly in the 711 * socket by calling the su_recv upcall. However, if the peer is 712 * detached we use tcp_rcv_enqueue() instead. Queued data will be 713 * drained when the accept completes (in tcp_accept_finish()). 714 */ 715 if (IPCL_IS_NONSTR(peer_tcp->tcp_connp) && 716 !TCP_IS_DETACHED(peer_tcp)) { 717 int error; 718 int flags = 0; 719 720 if ((tcp->tcp_valid_bits & TCP_URG_VALID) && 721 (tcp->tcp_urg == tcp->tcp_snxt)) { 722 flags = MSG_OOB; 723 (*peer_tcp->tcp_connp->conn_upcalls->su_signal_oob) 724 (peer_tcp->tcp_connp->conn_upper_handle, 0); 725 tcp->tcp_valid_bits &= ~TCP_URG_VALID; 726 } 727 if ((*peer_tcp->tcp_connp->conn_upcalls->su_recv)( 728 peer_tcp->tcp_connp->conn_upper_handle, mp, recv_size, 729 flags, &error, &push) < 0) { 730 ASSERT(error != EOPNOTSUPP); 731 peer_data_queued = B_TRUE; 732 } 733 } else { 734 if (IPCL_IS_NONSTR(peer_tcp->tcp_connp) && 735 (tcp->tcp_valid_bits & TCP_URG_VALID) && 736 (tcp->tcp_urg == tcp->tcp_snxt)) { 737 /* 738 * Can not deal with urgent pointers 739 * that arrive before the connection has been 740 * accept()ed. 741 */ 742 tcp->tcp_valid_bits &= ~TCP_URG_VALID; 743 freemsg(mp); 744 return (B_TRUE); 745 } 746 747 tcp_rcv_enqueue(peer_tcp, mp, recv_size); 748 749 /* In case it wrapped around and also to keep it constant */ 750 peer_tcp->tcp_rwnd += recv_size; 751 } 752 753 /* 754 * Exercise flow-control when needed; we will get back-enabled 755 * in either tcp_accept_finish(), tcp_unfuse(), or when data is 756 * consumed. If peer endpoint is detached, we emulate streams flow 757 * control by checking the peer's queue size and high water mark; 758 * otherwise we simply use canputnext() to decide if we need to stop 759 * our flow. 760 * 761 * Since we are accessing our tcp_flow_stopped and might modify it, 762 * we need to take tcp->tcp_non_sq_lock. 763 */ 764 mutex_enter(&tcp->tcp_non_sq_lock); 765 flow_stopped = tcp->tcp_flow_stopped; 766 if ((TCP_IS_DETACHED(peer_tcp) && 767 (peer_tcp->tcp_rcv_cnt >= peer_tcp->tcp_recv_hiwater)) || 768 (!TCP_IS_DETACHED(peer_tcp) && 769 !IPCL_IS_NONSTR(peer_tcp->tcp_connp) && 770 !canputnext(peer_tcp->tcp_rq))) { 771 peer_data_queued = B_TRUE; 772 } 773 774 if (!flow_stopped && (peer_data_queued || 775 (TCP_UNSENT_BYTES(tcp) >= tcp->tcp_xmit_hiwater))) { 776 tcp_setqfull(tcp); 777 flow_stopped = B_TRUE; 778 TCP_STAT(tcps, tcp_fusion_flowctl); 779 DTRACE_PROBE3(tcp__fuse__output__flowctl, tcp_t *, tcp, 780 uint_t, send_size, uint_t, peer_tcp->tcp_rcv_cnt); 781 } else if (flow_stopped && !peer_data_queued && 782 (TCP_UNSENT_BYTES(tcp) <= tcp->tcp_xmit_lowater)) { 783 tcp_clrqfull(tcp); 784 TCP_STAT(tcps, tcp_fusion_backenabled); 785 flow_stopped = B_FALSE; 786 } 787 mutex_exit(&tcp->tcp_non_sq_lock); 788 789 ipst->ips_loopback_packets++; 790 tcp->tcp_last_sent_len = send_size; 791 792 /* Need to adjust the following SNMP MIB-related variables */ 793 tcp->tcp_snxt += send_size; 794 tcp->tcp_suna = tcp->tcp_snxt; 795 peer_tcp->tcp_rnxt += recv_size; 796 peer_tcp->tcp_rack = peer_tcp->tcp_rnxt; 797 798 BUMP_MIB(&tcps->tcps_mib, tcpOutDataSegs); 799 UPDATE_MIB(&tcps->tcps_mib, tcpOutDataBytes, send_size); 800 801 BUMP_MIB(&tcps->tcps_mib, tcpInSegs); 802 BUMP_MIB(&tcps->tcps_mib, tcpInDataInorderSegs); 803 UPDATE_MIB(&tcps->tcps_mib, tcpInDataInorderBytes, send_size); 804 805 BUMP_LOCAL(tcp->tcp_obsegs); 806 BUMP_LOCAL(peer_tcp->tcp_ibsegs); 807 808 DTRACE_PROBE2(tcp__fuse__output, tcp_t *, tcp, uint_t, send_size); 809 810 if (!IPCL_IS_NONSTR(peer_tcp->tcp_connp) && 811 !TCP_IS_DETACHED(peer_tcp)) { 812 /* 813 * Drain the peer's receive queue it has urgent data or if 814 * we're not flow-controlled. 815 */ 816 if (urgent || !flow_stopped) { 817 ASSERT(peer_tcp->tcp_rcv_list != NULL); 818 /* 819 * For TLI-based streams, a thread in tcp_accept_swap() 820 * can race with us. That thread will ensure that the 821 * correct peer_tcp->tcp_rq is globally visible before 822 * peer_tcp->tcp_detached is visible as clear, but we 823 * must also ensure that the load of tcp_rq cannot be 824 * reordered to be before the tcp_detached check. 825 */ 826 membar_consumer(); 827 (void) tcp_fuse_rcv_drain(peer_tcp->tcp_rq, peer_tcp, 828 NULL); 829 } 830 } 831 return (B_TRUE); 832 unfuse: 833 tcp_unfuse(tcp); 834 return (B_FALSE); 835 } 836 837 /* 838 * This routine gets called to deliver data upstream on a fused or 839 * previously fused tcp loopback endpoint; the latter happens only 840 * when there is a pending SIGURG signal plus urgent data that can't 841 * be sent upstream in the past. 842 */ 843 boolean_t 844 tcp_fuse_rcv_drain(queue_t *q, tcp_t *tcp, mblk_t **sigurg_mpp) 845 { 846 mblk_t *mp; 847 conn_t *connp = tcp->tcp_connp; 848 849 #ifdef DEBUG 850 uint_t cnt = 0; 851 #endif 852 tcp_stack_t *tcps = tcp->tcp_tcps; 853 tcp_t *peer_tcp = tcp->tcp_loopback_peer; 854 855 ASSERT(tcp->tcp_loopback); 856 ASSERT(tcp->tcp_fused || tcp->tcp_fused_sigurg); 857 ASSERT(!tcp->tcp_fused || tcp->tcp_loopback_peer != NULL); 858 ASSERT(IPCL_IS_NONSTR(connp) || sigurg_mpp != NULL || tcp->tcp_fused); 859 860 /* No need for the push timer now, in case it was scheduled */ 861 if (tcp->tcp_push_tid != 0) { 862 (void) TCP_TIMER_CANCEL(tcp, tcp->tcp_push_tid); 863 tcp->tcp_push_tid = 0; 864 } 865 /* 866 * If there's urgent data sitting in receive list and we didn't 867 * get a chance to send up a SIGURG signal, make sure we send 868 * it first before draining in order to ensure that SIOCATMARK 869 * works properly. 870 */ 871 if (tcp->tcp_fused_sigurg) { 872 ASSERT(!IPCL_IS_NONSTR(tcp->tcp_connp)); 873 874 tcp->tcp_fused_sigurg = B_FALSE; 875 /* 876 * sigurg_mpp is normally NULL, i.e. when we're still 877 * fused and didn't get here because of tcp_unfuse(). 878 * In this case try hard to allocate the M_PCSIG mblk. 879 */ 880 if (sigurg_mpp == NULL && 881 (mp = allocb(1, BPRI_HI)) == NULL && 882 (mp = allocb_tryhard(1)) == NULL) { 883 /* Alloc failed; try again next time */ 884 tcp->tcp_push_tid = TCP_TIMER(tcp, 885 tcp_push_timer, 886 MSEC_TO_TICK( 887 tcps->tcps_push_timer_interval)); 888 return (B_TRUE); 889 } else if (sigurg_mpp != NULL) { 890 /* 891 * Use the supplied M_PCSIG mblk; it means we're 892 * either unfused or in the process of unfusing, 893 * and the drain must happen now. 894 */ 895 mp = *sigurg_mpp; 896 *sigurg_mpp = NULL; 897 } 898 ASSERT(mp != NULL); 899 900 /* Send up the signal */ 901 DB_TYPE(mp) = M_PCSIG; 902 *mp->b_wptr++ = (uchar_t)SIGURG; 903 putnext(q, mp); 904 905 /* 906 * Let the regular tcp_rcv_drain() path handle 907 * draining the data if we're no longer fused. 908 */ 909 if (!tcp->tcp_fused) 910 return (B_FALSE); 911 } 912 913 /* Drain the data */ 914 while ((mp = tcp->tcp_rcv_list) != NULL) { 915 tcp->tcp_rcv_list = mp->b_next; 916 mp->b_next = NULL; 917 #ifdef DEBUG 918 cnt += msgdsize(mp); 919 #endif 920 ASSERT(!IPCL_IS_NONSTR(connp)); 921 putnext(q, mp); 922 TCP_STAT(tcps, tcp_fusion_putnext); 923 } 924 925 #ifdef DEBUG 926 ASSERT(cnt == tcp->tcp_rcv_cnt); 927 #endif 928 tcp->tcp_rcv_last_head = NULL; 929 tcp->tcp_rcv_last_tail = NULL; 930 tcp->tcp_rcv_cnt = 0; 931 tcp->tcp_rwnd = tcp->tcp_recv_hiwater; 932 933 mutex_enter(&peer_tcp->tcp_non_sq_lock); 934 if (peer_tcp->tcp_flow_stopped && (TCP_UNSENT_BYTES(peer_tcp) <= 935 peer_tcp->tcp_xmit_lowater)) { 936 tcp_clrqfull(peer_tcp); 937 TCP_STAT(tcps, tcp_fusion_backenabled); 938 } 939 mutex_exit(&peer_tcp->tcp_non_sq_lock); 940 941 return (B_TRUE); 942 } 943 944 /* 945 * Calculate the size of receive buffer for a fused tcp endpoint. 946 */ 947 size_t 948 tcp_fuse_set_rcv_hiwat(tcp_t *tcp, size_t rwnd) 949 { 950 tcp_stack_t *tcps = tcp->tcp_tcps; 951 952 ASSERT(tcp->tcp_fused); 953 954 /* Ensure that value is within the maximum upper bound */ 955 if (rwnd > tcps->tcps_max_buf) 956 rwnd = tcps->tcps_max_buf; 957 /* 958 * Round up to system page size in case SO_RCVBUF is modified 959 * after SO_SNDBUF; the latter is also similarly rounded up. 960 */ 961 rwnd = P2ROUNDUP_TYPED(rwnd, PAGESIZE, size_t); 962 963 /* 964 * Record high water mark, this is used for flow-control 965 * purposes in tcp_fuse_output(). 966 */ 967 tcp->tcp_recv_hiwater = rwnd; 968 tcp->tcp_rwnd = tcp->tcp_recv_hiwater; 969 return (rwnd); 970 } 971 972 /* 973 * Calculate the maximum outstanding unread data block for a fused tcp endpoint. 974 */ 975 int 976 tcp_fuse_maxpsz(tcp_t *tcp) 977 { 978 tcp_t *peer_tcp = tcp->tcp_loopback_peer; 979 uint_t sndbuf = tcp->tcp_xmit_hiwater; 980 uint_t maxpsz = sndbuf; 981 982 ASSERT(tcp->tcp_fused); 983 ASSERT(peer_tcp != NULL); 984 ASSERT(peer_tcp->tcp_recv_hiwater != 0); 985 /* 986 * In the fused loopback case, we want the stream head to split 987 * up larger writes into smaller chunks for a more accurate flow- 988 * control accounting. Our maxpsz is half of the sender's send 989 * buffer or the receiver's receive buffer, whichever is smaller. 990 * We round up the buffer to system page size due to the lack of 991 * TCP MSS concept in Fusion. 992 */ 993 if (maxpsz > peer_tcp->tcp_recv_hiwater) 994 maxpsz = peer_tcp->tcp_recv_hiwater; 995 maxpsz = P2ROUNDUP_TYPED(maxpsz, PAGESIZE, uint_t) >> 1; 996 997 return (maxpsz); 998 } 999 1000 /* 1001 * Called to release flow control. 1002 */ 1003 void 1004 tcp_fuse_backenable(tcp_t *tcp) 1005 { 1006 tcp_t *peer_tcp = tcp->tcp_loopback_peer; 1007 1008 ASSERT(tcp->tcp_fused); 1009 ASSERT(peer_tcp != NULL && peer_tcp->tcp_fused); 1010 ASSERT(peer_tcp->tcp_loopback_peer == tcp); 1011 ASSERT(!TCP_IS_DETACHED(tcp)); 1012 ASSERT(tcp->tcp_connp->conn_sqp == 1013 peer_tcp->tcp_connp->conn_sqp); 1014 1015 if (tcp->tcp_rcv_list != NULL) 1016 (void) tcp_fuse_rcv_drain(tcp->tcp_rq, tcp, NULL); 1017 1018 mutex_enter(&peer_tcp->tcp_non_sq_lock); 1019 if (peer_tcp->tcp_flow_stopped && 1020 (TCP_UNSENT_BYTES(peer_tcp) <= 1021 peer_tcp->tcp_xmit_lowater)) { 1022 tcp_clrqfull(peer_tcp); 1023 } 1024 mutex_exit(&peer_tcp->tcp_non_sq_lock); 1025 1026 TCP_STAT(tcp->tcp_tcps, tcp_fusion_backenabled); 1027 } 1028
Indexes created Sun Nov 08 03:03:56 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.