Coverage Report

Created: 2024-09-08 06:39

/src/tinyusb/lib/lwip/src/core/tcp_in.c
Line
Count
Source (jump to first uncovered line)
1
/**
2
 * @file
3
 * Transmission Control Protocol, incoming traffic
4
 *
5
 * The input processing functions of the TCP layer.
6
 *
7
 * These functions are generally called in the order (ip_input() ->)
8
 * tcp_input() -> * tcp_process() -> tcp_receive() (-> application).
9
 *
10
 */
11
12
/*
13
 * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
14
 * All rights reserved.
15
 *
16
 * Redistribution and use in source and binary forms, with or without modification,
17
 * are permitted provided that the following conditions are met:
18
 *
19
 * 1. Redistributions of source code must retain the above copyright notice,
20
 *    this list of conditions and the following disclaimer.
21
 * 2. Redistributions in binary form must reproduce the above copyright notice,
22
 *    this list of conditions and the following disclaimer in the documentation
23
 *    and/or other materials provided with the distribution.
24
 * 3. The name of the author may not be used to endorse or promote products
25
 *    derived from this software without specific prior written permission.
26
 *
27
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
28
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
29
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
30
 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
31
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
32
 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
35
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
36
 * OF SUCH DAMAGE.
37
 *
38
 * This file is part of the lwIP TCP/IP stack.
39
 *
40
 * Author: Adam Dunkels <adam@sics.se>
41
 *
42
 */
43
44
#include "lwip/opt.h"
45
46
#if LWIP_TCP /* don't build if not configured for use in lwipopts.h */
47
48
#include "lwip/priv/tcp_priv.h"
49
#include "lwip/def.h"
50
#include "lwip/ip_addr.h"
51
#include "lwip/netif.h"
52
#include "lwip/mem.h"
53
#include "lwip/memp.h"
54
#include "lwip/inet_chksum.h"
55
#include "lwip/stats.h"
56
#include "lwip/ip6.h"
57
#include "lwip/ip6_addr.h"
58
#if LWIP_ND6_TCP_REACHABILITY_HINTS
59
#include "lwip/nd6.h"
60
#endif /* LWIP_ND6_TCP_REACHABILITY_HINTS */
61
62
#include <string.h>
63
64
#ifdef LWIP_HOOK_FILENAME
65
#include LWIP_HOOK_FILENAME
66
#endif
67
68
/** Initial CWND calculation as defined RFC 2581 */
69
0
#define LWIP_TCP_CALC_INITIAL_CWND(mss) ((tcpwnd_size_t)LWIP_MIN((4U * (mss)), LWIP_MAX((2U * (mss)), 4380U)))
70
71
/* These variables are global to all functions involved in the input
72
   processing of TCP segments. They are set by the tcp_input()
73
   function. */
74
static struct tcp_seg inseg;
75
static struct tcp_hdr *tcphdr;
76
static u16_t tcphdr_optlen;
77
static u16_t tcphdr_opt1len;
78
static u8_t *tcphdr_opt2;
79
static u16_t tcp_optidx;
80
static u32_t seqno, ackno;
81
static tcpwnd_size_t recv_acked;
82
static u16_t tcplen;
83
static u8_t flags;
84
85
static u8_t recv_flags;
86
static struct pbuf *recv_data;
87
88
struct tcp_pcb *tcp_input_pcb;
89
90
/* Forward declarations. */
91
static err_t tcp_process(struct tcp_pcb *pcb);
92
static void tcp_receive(struct tcp_pcb *pcb);
93
static void tcp_parseopt(struct tcp_pcb *pcb);
94
95
static void tcp_listen_input(struct tcp_pcb_listen *pcb);
96
static void tcp_timewait_input(struct tcp_pcb *pcb);
97
98
static int tcp_input_delayed_close(struct tcp_pcb *pcb);
99
100
#if LWIP_TCP_SACK_OUT
101
static void tcp_add_sack(struct tcp_pcb *pcb, u32_t left, u32_t right);
102
static void tcp_remove_sacks_lt(struct tcp_pcb *pcb, u32_t seq);
103
#if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
104
static void tcp_remove_sacks_gt(struct tcp_pcb *pcb, u32_t seq);
105
#endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
106
#endif /* LWIP_TCP_SACK_OUT */
107
108
/**
109
 * The initial input processing of TCP. It verifies the TCP header, demultiplexes
110
 * the segment between the PCBs and passes it on to tcp_process(), which implements
111
 * the TCP finite state machine. This function is called by the IP layer (in
112
 * ip_input()).
113
 *
114
 * @param p received TCP segment to process (p->payload pointing to the TCP header)
115
 * @param inp network interface on which this segment was received
116
 */
117
void
118
tcp_input(struct pbuf *p, struct netif *inp)
119
0
{
120
0
  struct tcp_pcb *pcb, *prev;
121
0
  struct tcp_pcb_listen *lpcb;
122
#if SO_REUSE
123
  struct tcp_pcb *lpcb_prev = NULL;
124
  struct tcp_pcb_listen *lpcb_any = NULL;
125
#endif /* SO_REUSE */
126
0
  u8_t hdrlen_bytes;
127
0
  err_t err;
128
129
0
  LWIP_UNUSED_ARG(inp);
130
0
  LWIP_ASSERT_CORE_LOCKED();
131
0
  LWIP_ASSERT("tcp_input: invalid pbuf", p != NULL);
132
133
0
  PERF_START;
134
135
0
  TCP_STATS_INC(tcp.recv);
136
0
  MIB2_STATS_INC(mib2.tcpinsegs);
137
138
0
  tcphdr = (struct tcp_hdr *)p->payload;
139
140
#if TCP_INPUT_DEBUG
141
  tcp_debug_print(tcphdr);
142
#endif
143
144
  /* Check that TCP header fits in payload */
145
0
  if (p->len < TCP_HLEN) {
146
    /* drop short packets */
147
0
    LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: short packet (%"U16_F" bytes) discarded\n", p->tot_len));
148
0
    TCP_STATS_INC(tcp.lenerr);
149
0
    goto dropped;
150
0
  }
151
152
  /* Don't even process incoming broadcasts/multicasts. */
153
0
  if (ip_addr_isbroadcast(ip_current_dest_addr(), ip_current_netif()) ||
154
0
      ip_addr_ismulticast(ip_current_dest_addr())) {
155
0
    TCP_STATS_INC(tcp.proterr);
156
0
    goto dropped;
157
0
  }
158
159
0
#if CHECKSUM_CHECK_TCP
160
0
  IF__NETIF_CHECKSUM_ENABLED(inp, NETIF_CHECKSUM_CHECK_TCP) {
161
    /* Verify TCP checksum. */
162
0
    u16_t chksum = ip_chksum_pseudo(p, IP_PROTO_TCP, p->tot_len,
163
0
                                    ip_current_src_addr(), ip_current_dest_addr());
164
0
    if (chksum != 0) {
165
0
      LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packet discarded due to failing checksum 0x%04"X16_F"\n",
166
0
                                    chksum));
167
0
      tcp_debug_print(tcphdr);
168
0
      TCP_STATS_INC(tcp.chkerr);
169
0
      goto dropped;
170
0
    }
171
0
  }
172
0
#endif /* CHECKSUM_CHECK_TCP */
173
174
  /* sanity-check header length */
175
0
  hdrlen_bytes = TCPH_HDRLEN_BYTES(tcphdr);
176
0
  if ((hdrlen_bytes < TCP_HLEN) || (hdrlen_bytes > p->tot_len)) {
177
0
    LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: invalid header length (%"U16_F")\n", (u16_t)hdrlen_bytes));
178
0
    TCP_STATS_INC(tcp.lenerr);
179
0
    goto dropped;
180
0
  }
181
182
  /* Move the payload pointer in the pbuf so that it points to the
183
     TCP data instead of the TCP header. */
184
0
  tcphdr_optlen = (u16_t)(hdrlen_bytes - TCP_HLEN);
185
0
  tcphdr_opt2 = NULL;
186
0
  if (p->len >= hdrlen_bytes) {
187
    /* all options are in the first pbuf */
188
0
    tcphdr_opt1len = tcphdr_optlen;
189
0
    pbuf_remove_header(p, hdrlen_bytes); /* cannot fail */
190
0
  } else {
191
0
    u16_t opt2len;
192
    /* TCP header fits into first pbuf, options don't - data is in the next pbuf */
193
    /* there must be a next pbuf, due to hdrlen_bytes sanity check above */
194
0
    LWIP_ASSERT("p->next != NULL", p->next != NULL);
195
196
    /* advance over the TCP header (cannot fail) */
197
0
    pbuf_remove_header(p, TCP_HLEN);
198
199
    /* determine how long the first and second parts of the options are */
200
0
    tcphdr_opt1len = p->len;
201
0
    opt2len = (u16_t)(tcphdr_optlen - tcphdr_opt1len);
202
203
    /* options continue in the next pbuf: set p to zero length and hide the
204
        options in the next pbuf (adjusting p->tot_len) */
205
0
    pbuf_remove_header(p, tcphdr_opt1len);
206
207
    /* check that the options fit in the second pbuf */
208
0
    if (opt2len > p->next->len) {
209
      /* drop short packets */
210
0
      LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: options overflow second pbuf (%"U16_F" bytes)\n", p->next->len));
211
0
      TCP_STATS_INC(tcp.lenerr);
212
0
      goto dropped;
213
0
    }
214
215
    /* remember the pointer to the second part of the options */
216
0
    tcphdr_opt2 = (u8_t *)p->next->payload;
217
218
    /* advance p->next to point after the options, and manually
219
        adjust p->tot_len to keep it consistent with the changed p->next */
220
0
    pbuf_remove_header(p->next, opt2len);
221
0
    p->tot_len = (u16_t)(p->tot_len - opt2len);
222
223
0
    LWIP_ASSERT("p->len == 0", p->len == 0);
224
0
    LWIP_ASSERT("p->tot_len == p->next->tot_len", p->tot_len == p->next->tot_len);
225
0
  }
226
227
  /* Convert fields in TCP header to host byte order. */
228
0
  tcphdr->src = lwip_ntohs(tcphdr->src);
229
0
  tcphdr->dest = lwip_ntohs(tcphdr->dest);
230
0
  seqno = tcphdr->seqno = lwip_ntohl(tcphdr->seqno);
231
0
  ackno = tcphdr->ackno = lwip_ntohl(tcphdr->ackno);
232
0
  tcphdr->wnd = lwip_ntohs(tcphdr->wnd);
233
234
0
  flags = TCPH_FLAGS(tcphdr);
235
0
  tcplen = p->tot_len;
236
0
  if (flags & (TCP_FIN | TCP_SYN)) {
237
0
    tcplen++;
238
0
    if (tcplen < p->tot_len) {
239
      /* u16_t overflow, cannot handle this */
240
0
      LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: length u16_t overflow, cannot handle this\n"));
241
0
      TCP_STATS_INC(tcp.lenerr);
242
0
      goto dropped;
243
0
    }
244
0
  }
245
246
  /* Demultiplex an incoming segment. First, we check if it is destined
247
     for an active connection. */
248
0
  prev = NULL;
249
250
0
  for (pcb = tcp_active_pcbs; pcb != NULL; pcb = pcb->next) {
251
0
    LWIP_ASSERT("tcp_input: active pcb->state != CLOSED", pcb->state != CLOSED);
252
0
    LWIP_ASSERT("tcp_input: active pcb->state != TIME-WAIT", pcb->state != TIME_WAIT);
253
0
    LWIP_ASSERT("tcp_input: active pcb->state != LISTEN", pcb->state != LISTEN);
254
255
    /* check if PCB is bound to specific netif */
256
0
    if ((pcb->netif_idx != NETIF_NO_INDEX) &&
257
0
        (pcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
258
0
      prev = pcb;
259
0
      continue;
260
0
    }
261
262
0
    if (pcb->remote_port == tcphdr->src &&
263
0
        pcb->local_port == tcphdr->dest &&
264
0
        ip_addr_cmp(&pcb->remote_ip, ip_current_src_addr()) &&
265
0
        ip_addr_cmp(&pcb->local_ip, ip_current_dest_addr())) {
266
      /* Move this PCB to the front of the list so that subsequent
267
         lookups will be faster (we exploit locality in TCP segment
268
         arrivals). */
269
0
      LWIP_ASSERT("tcp_input: pcb->next != pcb (before cache)", pcb->next != pcb);
270
0
      if (prev != NULL) {
271
0
        prev->next = pcb->next;
272
0
        pcb->next = tcp_active_pcbs;
273
0
        tcp_active_pcbs = pcb;
274
0
      } else {
275
0
        TCP_STATS_INC(tcp.cachehit);
276
0
      }
277
0
      LWIP_ASSERT("tcp_input: pcb->next != pcb (after cache)", pcb->next != pcb);
278
0
      break;
279
0
    }
280
0
    prev = pcb;
281
0
  }
282
283
0
  if (pcb == NULL) {
284
    /* If it did not go to an active connection, we check the connections
285
       in the TIME-WAIT state. */
286
0
    for (pcb = tcp_tw_pcbs; pcb != NULL; pcb = pcb->next) {
287
0
      LWIP_ASSERT("tcp_input: TIME-WAIT pcb->state == TIME-WAIT", pcb->state == TIME_WAIT);
288
289
      /* check if PCB is bound to specific netif */
290
0
      if ((pcb->netif_idx != NETIF_NO_INDEX) &&
291
0
          (pcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
292
0
        continue;
293
0
      }
294
295
0
      if (pcb->remote_port == tcphdr->src &&
296
0
          pcb->local_port == tcphdr->dest &&
297
0
          ip_addr_cmp(&pcb->remote_ip, ip_current_src_addr()) &&
298
0
          ip_addr_cmp(&pcb->local_ip, ip_current_dest_addr())) {
299
        /* We don't really care enough to move this PCB to the front
300
           of the list since we are not very likely to receive that
301
           many segments for connections in TIME-WAIT. */
302
0
        LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for TIME_WAITing connection.\n"));
303
#ifdef LWIP_HOOK_TCP_INPACKET_PCB
304
        if (LWIP_HOOK_TCP_INPACKET_PCB(pcb, tcphdr, tcphdr_optlen, tcphdr_opt1len,
305
                                       tcphdr_opt2, p) == ERR_OK)
306
#endif
307
0
        {
308
0
          tcp_timewait_input(pcb);
309
0
        }
310
0
        pbuf_free(p);
311
0
        return;
312
0
      }
313
0
    }
314
315
    /* Finally, if we still did not get a match, we check all PCBs that
316
       are LISTENing for incoming connections. */
317
0
    prev = NULL;
318
0
    for (lpcb = tcp_listen_pcbs.listen_pcbs; lpcb != NULL; lpcb = lpcb->next) {
319
      /* check if PCB is bound to specific netif */
320
0
      if ((lpcb->netif_idx != NETIF_NO_INDEX) &&
321
0
          (lpcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
322
0
        prev = (struct tcp_pcb *)lpcb;
323
0
        continue;
324
0
      }
325
326
0
      if (lpcb->local_port == tcphdr->dest) {
327
0
        if (IP_IS_ANY_TYPE_VAL(lpcb->local_ip)) {
328
          /* found an ANY TYPE (IPv4/IPv6) match */
329
#if SO_REUSE
330
          lpcb_any = lpcb;
331
          lpcb_prev = prev;
332
#else /* SO_REUSE */
333
0
          break;
334
0
#endif /* SO_REUSE */
335
0
        } else if (IP_ADDR_PCB_VERSION_MATCH_EXACT(lpcb, ip_current_dest_addr())) {
336
0
          if (ip_addr_cmp(&lpcb->local_ip, ip_current_dest_addr())) {
337
            /* found an exact match */
338
0
            break;
339
0
          } else if (ip_addr_isany(&lpcb->local_ip)) {
340
            /* found an ANY-match */
341
#if SO_REUSE
342
            lpcb_any = lpcb;
343
            lpcb_prev = prev;
344
#else /* SO_REUSE */
345
0
            break;
346
0
#endif /* SO_REUSE */
347
0
          }
348
0
        }
349
0
      }
350
0
      prev = (struct tcp_pcb *)lpcb;
351
0
    }
352
#if SO_REUSE
353
    /* first try specific local IP */
354
    if (lpcb == NULL) {
355
      /* only pass to ANY if no specific local IP has been found */
356
      lpcb = lpcb_any;
357
      prev = lpcb_prev;
358
    }
359
#endif /* SO_REUSE */
360
0
    if (lpcb != NULL) {
361
      /* Move this PCB to the front of the list so that subsequent
362
         lookups will be faster (we exploit locality in TCP segment
363
         arrivals). */
364
0
      if (prev != NULL) {
365
0
        ((struct tcp_pcb_listen *)prev)->next = lpcb->next;
366
        /* our successor is the remainder of the listening list */
367
0
        lpcb->next = tcp_listen_pcbs.listen_pcbs;
368
        /* put this listening pcb at the head of the listening list */
369
0
        tcp_listen_pcbs.listen_pcbs = lpcb;
370
0
      } else {
371
0
        TCP_STATS_INC(tcp.cachehit);
372
0
      }
373
374
0
      LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for LISTENing connection.\n"));
375
#ifdef LWIP_HOOK_TCP_INPACKET_PCB
376
      if (LWIP_HOOK_TCP_INPACKET_PCB((struct tcp_pcb *)lpcb, tcphdr, tcphdr_optlen,
377
                                     tcphdr_opt1len, tcphdr_opt2, p) == ERR_OK)
378
#endif
379
0
      {
380
0
        tcp_listen_input(lpcb);
381
0
      }
382
0
      pbuf_free(p);
383
0
      return;
384
0
    }
385
0
  }
386
387
#if TCP_INPUT_DEBUG
388
  LWIP_DEBUGF(TCP_INPUT_DEBUG, ("+-+-+-+-+-+-+-+-+-+-+-+-+-+- tcp_input: flags "));
389
  tcp_debug_print_flags(TCPH_FLAGS(tcphdr));
390
  LWIP_DEBUGF(TCP_INPUT_DEBUG, ("-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n"));
391
#endif /* TCP_INPUT_DEBUG */
392
393
394
#ifdef LWIP_HOOK_TCP_INPACKET_PCB
395
  if ((pcb != NULL) && LWIP_HOOK_TCP_INPACKET_PCB(pcb, tcphdr, tcphdr_optlen,
396
      tcphdr_opt1len, tcphdr_opt2, p) != ERR_OK) {
397
    pbuf_free(p);
398
    return;
399
  }
400
#endif
401
0
  if (pcb != NULL) {
402
    /* The incoming segment belongs to a connection. */
403
#if TCP_INPUT_DEBUG
404
    tcp_debug_print_state(pcb->state);
405
#endif /* TCP_INPUT_DEBUG */
406
407
    /* Set up a tcp_seg structure. */
408
0
    inseg.next = NULL;
409
0
    inseg.len = p->tot_len;
410
0
    inseg.p = p;
411
0
    inseg.tcphdr = tcphdr;
412
413
0
    recv_data = NULL;
414
0
    recv_flags = 0;
415
0
    recv_acked = 0;
416
417
0
    if (flags & TCP_PSH) {
418
0
      p->flags |= PBUF_FLAG_PUSH;
419
0
    }
420
421
    /* If there is data which was previously "refused" by upper layer */
422
0
    if (pcb->refused_data != NULL) {
423
0
      if ((tcp_process_refused_data(pcb) == ERR_ABRT) ||
424
0
          ((pcb->refused_data != NULL) && (tcplen > 0))) {
425
        /* pcb has been aborted or refused data is still refused and the new
426
           segment contains data */
427
0
        if (pcb->rcv_ann_wnd == 0) {
428
          /* this is a zero-window probe, we respond to it with current RCV.NXT
429
          and drop the data segment */
430
0
          tcp_send_empty_ack(pcb);
431
0
        }
432
0
        TCP_STATS_INC(tcp.drop);
433
0
        MIB2_STATS_INC(mib2.tcpinerrs);
434
0
        goto aborted;
435
0
      }
436
0
    }
437
0
    tcp_input_pcb = pcb;
438
0
    err = tcp_process(pcb);
439
    /* A return value of ERR_ABRT means that tcp_abort() was called
440
       and that the pcb has been freed. If so, we don't do anything. */
441
0
    if (err != ERR_ABRT) {
442
0
      if (recv_flags & TF_RESET) {
443
        /* TF_RESET means that the connection was reset by the other
444
           end. We then call the error callback to inform the
445
           application that the connection is dead before we
446
           deallocate the PCB. */
447
0
        TCP_EVENT_ERR(pcb->state, pcb->errf, pcb->callback_arg, ERR_RST);
448
0
        tcp_pcb_remove(&tcp_active_pcbs, pcb);
449
0
        tcp_free(pcb);
450
0
      } else {
451
0
        err = ERR_OK;
452
        /* If the application has registered a "sent" function to be
453
           called when new send buffer space is available, we call it
454
           now. */
455
0
        if (recv_acked > 0) {
456
0
          u16_t acked16;
457
#if LWIP_WND_SCALE
458
          /* recv_acked is u32_t but the sent callback only takes a u16_t,
459
             so we might have to call it multiple times. */
460
          u32_t acked = recv_acked;
461
          while (acked > 0) {
462
            acked16 = (u16_t)LWIP_MIN(acked, 0xffffu);
463
            acked -= acked16;
464
#else
465
0
          {
466
0
            acked16 = recv_acked;
467
0
#endif
468
0
            TCP_EVENT_SENT(pcb, (u16_t)acked16, err);
469
0
            if (err == ERR_ABRT) {
470
0
              goto aborted;
471
0
            }
472
0
          }
473
0
          recv_acked = 0;
474
0
        }
475
0
        if (tcp_input_delayed_close(pcb)) {
476
0
          goto aborted;
477
0
        }
478
#if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
479
        while (recv_data != NULL) {
480
          struct pbuf *rest = NULL;
481
          pbuf_split_64k(recv_data, &rest);
482
#else /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
483
0
        if (recv_data != NULL) {
484
0
#endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
485
486
0
          LWIP_ASSERT("pcb->refused_data == NULL", pcb->refused_data == NULL);
487
0
          if (pcb->flags & TF_RXCLOSED) {
488
            /* received data although already closed -> abort (send RST) to
489
               notify the remote host that not all data has been processed */
490
0
            pbuf_free(recv_data);
491
#if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
492
            if (rest != NULL) {
493
              pbuf_free(rest);
494
            }
495
#endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
496
0
            tcp_abort(pcb);
497
0
            goto aborted;
498
0
          }
499
500
          /* Notify application that data has been received. */
501
0
          TCP_EVENT_RECV(pcb, recv_data, ERR_OK, err);
502
0
          if (err == ERR_ABRT) {
503
#if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
504
            if (rest != NULL) {
505
              pbuf_free(rest);
506
            }
507
#endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
508
0
            goto aborted;
509
0
          }
510
511
          /* If the upper layer can't receive this data, store it */
512
0
          if (err != ERR_OK) {
513
#if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
514
            if (rest != NULL) {
515
              pbuf_cat(recv_data, rest);
516
            }
517
#endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
518
0
            pcb->refused_data = recv_data;
519
0
            LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: keep incoming packet, because pcb is \"full\"\n"));
520
#if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
521
            break;
522
          } else {
523
            /* Upper layer received the data, go on with the rest if > 64K */
524
            recv_data = rest;
525
#endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
526
0
          }
527
0
        }
528
529
        /* If a FIN segment was received, we call the callback
530
           function with a NULL buffer to indicate EOF. */
531
0
        if (recv_flags & TF_GOT_FIN) {
532
0
          if (pcb->refused_data != NULL) {
533
            /* Delay this if we have refused data. */
534
0
            pcb->refused_data->flags |= PBUF_FLAG_TCP_FIN;
535
0
          } else {
536
            /* correct rcv_wnd as the application won't call tcp_recved()
537
               for the FIN's seqno */
538
0
            if (pcb->rcv_wnd != TCP_WND_MAX(pcb)) {
539
0
              pcb->rcv_wnd++;
540
0
            }
541
0
            TCP_EVENT_CLOSED(pcb, err);
542
0
            if (err == ERR_ABRT) {
543
0
              goto aborted;
544
0
            }
545
0
          }
546
0
        }
547
548
0
        tcp_input_pcb = NULL;
549
0
        if (tcp_input_delayed_close(pcb)) {
550
0
          goto aborted;
551
0
        }
552
        /* Try to send something out. */
553
0
        tcp_output(pcb);
554
#if TCP_INPUT_DEBUG
555
#if TCP_DEBUG
556
        tcp_debug_print_state(pcb->state);
557
#endif /* TCP_DEBUG */
558
#endif /* TCP_INPUT_DEBUG */
559
0
      }
560
0
    }
561
    /* Jump target if pcb has been aborted in a callback (by calling tcp_abort()).
562
       Below this line, 'pcb' may not be dereferenced! */
563
0
aborted:
564
0
    tcp_input_pcb = NULL;
565
0
    recv_data = NULL;
566
567
    /* give up our reference to inseg.p */
568
0
    if (inseg.p != NULL) {
569
0
      pbuf_free(inseg.p);
570
0
      inseg.p = NULL;
571
0
    }
572
0
  } else {
573
    /* If no matching PCB was found, send a TCP RST (reset) to the
574
       sender. */
575
0
    LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_input: no PCB match found, resetting.\n"));
576
0
    if (!(TCPH_FLAGS(tcphdr) & TCP_RST)) {
577
0
      TCP_STATS_INC(tcp.proterr);
578
0
      TCP_STATS_INC(tcp.drop);
579
0
      tcp_rst(NULL, ackno, seqno + tcplen, ip_current_dest_addr(),
580
0
              ip_current_src_addr(), tcphdr->dest, tcphdr->src);
581
0
    }
582
0
    pbuf_free(p);
583
0
  }
584
585
0
  LWIP_ASSERT("tcp_input: tcp_pcbs_sane()", tcp_pcbs_sane());
586
0
  PERF_STOP("tcp_input");
587
0
  return;
588
0
dropped:
589
0
  TCP_STATS_INC(tcp.drop);
590
0
  MIB2_STATS_INC(mib2.tcpinerrs);
591
0
  pbuf_free(p);
592
0
}
593
594
/** Called from tcp_input to check for TF_CLOSED flag. This results in closing
595
 * and deallocating a pcb at the correct place to ensure noone references it
596
 * any more.
597
 * @returns 1 if the pcb has been closed and deallocated, 0 otherwise
598
 */
599
static int
600
tcp_input_delayed_close(struct tcp_pcb *pcb)
601
0
{
602
0
  LWIP_ASSERT("tcp_input_delayed_close: invalid pcb", pcb != NULL);
603
604
0
  if (recv_flags & TF_CLOSED) {
605
    /* The connection has been closed and we will deallocate the
606
        PCB. */
607
0
    if (!(pcb->flags & TF_RXCLOSED)) {
608
      /* Connection closed although the application has only shut down the
609
          tx side: call the PCB's err callback and indicate the closure to
610
          ensure the application doesn't continue using the PCB. */
611
0
      TCP_EVENT_ERR(pcb->state, pcb->errf, pcb->callback_arg, ERR_CLSD);
612
0
    }
613
0
    tcp_pcb_remove(&tcp_active_pcbs, pcb);
614
0
    tcp_free(pcb);
615
0
    return 1;
616
0
  }
617
0
  return 0;
618
0
}
619
620
/**
621
 * Called by tcp_input() when a segment arrives for a listening
622
 * connection (from tcp_input()).
623
 *
624
 * @param pcb the tcp_pcb_listen for which a segment arrived
625
 *
626
 * @note the segment which arrived is saved in global variables, therefore only the pcb
627
 *       involved is passed as a parameter to this function
628
 */
629
static void
630
tcp_listen_input(struct tcp_pcb_listen *pcb)
631
0
{
632
0
  struct tcp_pcb *npcb;
633
0
  u32_t iss;
634
0
  err_t rc;
635
636
0
  if (flags & TCP_RST) {
637
    /* An incoming RST should be ignored. Return. */
638
0
    return;
639
0
  }
640
641
0
  LWIP_ASSERT("tcp_listen_input: invalid pcb", pcb != NULL);
642
643
  /* In the LISTEN state, we check for incoming SYN segments,
644
     creates a new PCB, and responds with a SYN|ACK. */
645
0
  if (flags & TCP_ACK) {
646
    /* For incoming segments with the ACK flag set, respond with a
647
       RST. */
648
0
    LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_listen_input: ACK in LISTEN, sending reset\n"));
649
0
    tcp_rst((const struct tcp_pcb *)pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
650
0
            ip_current_src_addr(), tcphdr->dest, tcphdr->src);
651
0
  } else if (flags & TCP_SYN) {
652
0
    LWIP_DEBUGF(TCP_DEBUG, ("TCP connection request %"U16_F" -> %"U16_F".\n", tcphdr->src, tcphdr->dest));
653
#if TCP_LISTEN_BACKLOG
654
    if (pcb->accepts_pending >= pcb->backlog) {
655
      LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: listen backlog exceeded for port %"U16_F"\n", tcphdr->dest));
656
      return;
657
    }
658
#endif /* TCP_LISTEN_BACKLOG */
659
0
    npcb = tcp_alloc(pcb->prio);
660
    /* If a new PCB could not be created (probably due to lack of memory),
661
       we don't do anything, but rely on the sender will retransmit the
662
       SYN at a time when we have more memory available. */
663
0
    if (npcb == NULL) {
664
0
      err_t err;
665
0
      LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: could not allocate PCB\n"));
666
0
      TCP_STATS_INC(tcp.memerr);
667
0
      TCP_EVENT_ACCEPT(pcb, NULL, pcb->callback_arg, ERR_MEM, err);
668
0
      LWIP_UNUSED_ARG(err); /* err not useful here */
669
0
      return;
670
0
    }
671
#if TCP_LISTEN_BACKLOG
672
    pcb->accepts_pending++;
673
    tcp_set_flags(npcb, TF_BACKLOGPEND);
674
#endif /* TCP_LISTEN_BACKLOG */
675
    /* Set up the new PCB. */
676
0
    ip_addr_copy(npcb->local_ip, *ip_current_dest_addr());
677
0
    ip_addr_copy(npcb->remote_ip, *ip_current_src_addr());
678
0
    npcb->local_port = pcb->local_port;
679
0
    npcb->remote_port = tcphdr->src;
680
0
    npcb->state = SYN_RCVD;
681
0
    npcb->rcv_nxt = seqno + 1;
682
0
    npcb->rcv_ann_right_edge = npcb->rcv_nxt;
683
0
    iss = tcp_next_iss(npcb);
684
0
    npcb->snd_wl2 = iss;
685
0
    npcb->snd_nxt = iss;
686
0
    npcb->lastack = iss;
687
0
    npcb->snd_lbb = iss;
688
0
    npcb->snd_wl1 = seqno - 1;/* initialise to seqno-1 to force window update */
689
0
    npcb->callback_arg = pcb->callback_arg;
690
0
#if LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG
691
0
    npcb->listener = pcb;
692
0
#endif /* LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG */
693
    /* inherit socket options */
694
0
    npcb->so_options = pcb->so_options & SOF_INHERITED;
695
0
    npcb->netif_idx = pcb->netif_idx;
696
    /* Register the new PCB so that we can begin receiving segments
697
       for it. */
698
0
    TCP_REG_ACTIVE(npcb);
699
700
    /* Parse any options in the SYN. */
701
0
    tcp_parseopt(npcb);
702
0
    npcb->snd_wnd = tcphdr->wnd;
703
0
    npcb->snd_wnd_max = npcb->snd_wnd;
704
705
0
#if TCP_CALCULATE_EFF_SEND_MSS
706
0
    npcb->mss = tcp_eff_send_mss(npcb->mss, &npcb->local_ip, &npcb->remote_ip);
707
0
#endif /* TCP_CALCULATE_EFF_SEND_MSS */
708
709
0
    MIB2_STATS_INC(mib2.tcppassiveopens);
710
711
#if LWIP_TCP_PCB_NUM_EXT_ARGS
712
    if (tcp_ext_arg_invoke_callbacks_passive_open(pcb, npcb) != ERR_OK) {
713
      tcp_abandon(npcb, 0);
714
      return;
715
    }
716
#endif
717
718
    /* Send a SYN|ACK together with the MSS option. */
719
0
    rc = tcp_enqueue_flags(npcb, TCP_SYN | TCP_ACK);
720
0
    if (rc != ERR_OK) {
721
0
      tcp_abandon(npcb, 0);
722
0
      return;
723
0
    }
724
0
    tcp_output(npcb);
725
0
  }
726
0
  return;
727
0
}
728
729
/**
730
 * Called by tcp_input() when a segment arrives for a connection in
731
 * TIME_WAIT.
732
 *
733
 * @param pcb the tcp_pcb for which a segment arrived
734
 *
735
 * @note the segment which arrived is saved in global variables, therefore only the pcb
736
 *       involved is passed as a parameter to this function
737
 */
738
static void
739
tcp_timewait_input(struct tcp_pcb *pcb)
740
0
{
741
  /* RFC 1337: in TIME_WAIT, ignore RST and ACK FINs + any 'acceptable' segments */
742
  /* RFC 793 3.9 Event Processing - Segment Arrives:
743
   * - first check sequence number - we skip that one in TIME_WAIT (always
744
   *   acceptable since we only send ACKs)
745
   * - second check the RST bit (... return) */
746
0
  if (flags & TCP_RST) {
747
0
    return;
748
0
  }
749
750
0
  LWIP_ASSERT("tcp_timewait_input: invalid pcb", pcb != NULL);
751
752
  /* - fourth, check the SYN bit, */
753
0
  if (flags & TCP_SYN) {
754
    /* If an incoming segment is not acceptable, an acknowledgment
755
       should be sent in reply */
756
0
    if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd)) {
757
      /* If the SYN is in the window it is an error, send a reset */
758
0
      tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
759
0
              ip_current_src_addr(), tcphdr->dest, tcphdr->src);
760
0
      return;
761
0
    }
762
0
  } else if (flags & TCP_FIN) {
763
    /* - eighth, check the FIN bit: Remain in the TIME-WAIT state.
764
         Restart the 2 MSL time-wait timeout.*/
765
0
    pcb->tmr = tcp_ticks;
766
0
  }
767
768
0
  if ((tcplen > 0)) {
769
    /* Acknowledge data, FIN or out-of-window SYN */
770
0
    tcp_ack_now(pcb);
771
0
    tcp_output(pcb);
772
0
  }
773
0
  return;
774
0
}
775
776
/**
777
 * Implements the TCP state machine. Called by tcp_input. In some
778
 * states tcp_receive() is called to receive data. The tcp_seg
779
 * argument will be freed by the caller (tcp_input()) unless the
780
 * recv_data pointer in the pcb is set.
781
 *
782
 * @param pcb the tcp_pcb for which a segment arrived
783
 *
784
 * @note the segment which arrived is saved in global variables, therefore only the pcb
785
 *       involved is passed as a parameter to this function
786
 */
787
static err_t
788
tcp_process(struct tcp_pcb *pcb)
789
0
{
790
0
  struct tcp_seg *rseg;
791
0
  u8_t acceptable = 0;
792
0
  err_t err;
793
794
0
  err = ERR_OK;
795
796
0
  LWIP_ASSERT("tcp_process: invalid pcb", pcb != NULL);
797
798
  /* Process incoming RST segments. */
799
0
  if (flags & TCP_RST) {
800
    /* First, determine if the reset is acceptable. */
801
0
    if (pcb->state == SYN_SENT) {
802
      /* "In the SYN-SENT state (a RST received in response to an initial SYN),
803
          the RST is acceptable if the ACK field acknowledges the SYN." */
804
0
      if (ackno == pcb->snd_nxt) {
805
0
        acceptable = 1;
806
0
      }
807
0
    } else {
808
      /* "In all states except SYN-SENT, all reset (RST) segments are validated
809
          by checking their SEQ-fields." */
810
0
      if (seqno == pcb->rcv_nxt) {
811
0
        acceptable = 1;
812
0
      } else  if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt,
813
0
                                  pcb->rcv_nxt + pcb->rcv_wnd)) {
814
        /* If the sequence number is inside the window, we send a challenge ACK
815
           and wait for a re-send with matching sequence number.
816
           This follows RFC 5961 section 3.2 and addresses CVE-2004-0230
817
           (RST spoofing attack), which is present in RFC 793 RST handling. */
818
0
        tcp_ack_now(pcb);
819
0
      }
820
0
    }
821
822
0
    if (acceptable) {
823
0
      LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: Connection RESET\n"));
824
0
      LWIP_ASSERT("tcp_input: pcb->state != CLOSED", pcb->state != CLOSED);
825
0
      recv_flags |= TF_RESET;
826
0
      tcp_clear_flags(pcb, TF_ACK_DELAY);
827
0
      return ERR_RST;
828
0
    } else {
829
0
      LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
830
0
                                    seqno, pcb->rcv_nxt));
831
0
      LWIP_DEBUGF(TCP_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
832
0
                              seqno, pcb->rcv_nxt));
833
0
      return ERR_OK;
834
0
    }
835
0
  }
836
837
0
  if ((flags & TCP_SYN) && (pcb->state != SYN_SENT && pcb->state != SYN_RCVD)) {
838
    /* Cope with new connection attempt after remote end crashed */
839
0
    tcp_ack_now(pcb);
840
0
    return ERR_OK;
841
0
  }
842
843
0
  if ((pcb->flags & TF_RXCLOSED) == 0) {
844
    /* Update the PCB (in)activity timer unless rx is closed (see tcp_shutdown) */
845
0
    pcb->tmr = tcp_ticks;
846
0
  }
847
0
  pcb->keep_cnt_sent = 0;
848
0
  pcb->persist_probe = 0;
849
850
0
  tcp_parseopt(pcb);
851
852
  /* Do different things depending on the TCP state. */
853
0
  switch (pcb->state) {
854
0
    case SYN_SENT:
855
0
      LWIP_DEBUGF(TCP_INPUT_DEBUG, ("SYN-SENT: ackno %"U32_F" pcb->snd_nxt %"U32_F" unacked %"U32_F"\n", ackno,
856
0
                                    pcb->snd_nxt, lwip_ntohl(pcb->unacked->tcphdr->seqno)));
857
      /* received SYN ACK with expected sequence number? */
858
0
      if ((flags & TCP_ACK) && (flags & TCP_SYN)
859
0
          && (ackno == pcb->lastack + 1)) {
860
0
        pcb->rcv_nxt = seqno + 1;
861
0
        pcb->rcv_ann_right_edge = pcb->rcv_nxt;
862
0
        pcb->lastack = ackno;
863
0
        pcb->snd_wnd = tcphdr->wnd;
864
0
        pcb->snd_wnd_max = pcb->snd_wnd;
865
0
        pcb->snd_wl1 = seqno - 1; /* initialise to seqno - 1 to force window update */
866
0
        pcb->state = ESTABLISHED;
867
868
0
#if TCP_CALCULATE_EFF_SEND_MSS
869
0
        pcb->mss = tcp_eff_send_mss(pcb->mss, &pcb->local_ip, &pcb->remote_ip);
870
0
#endif /* TCP_CALCULATE_EFF_SEND_MSS */
871
872
0
        pcb->cwnd = LWIP_TCP_CALC_INITIAL_CWND(pcb->mss);
873
0
        LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_process (SENT): cwnd %"TCPWNDSIZE_F
874
0
                                     " ssthresh %"TCPWNDSIZE_F"\n",
875
0
                                     pcb->cwnd, pcb->ssthresh));
876
0
        LWIP_ASSERT("pcb->snd_queuelen > 0", (pcb->snd_queuelen > 0));
877
0
        --pcb->snd_queuelen;
878
0
        LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_process: SYN-SENT --queuelen %"TCPWNDSIZE_F"\n", (tcpwnd_size_t)pcb->snd_queuelen));
879
0
        rseg = pcb->unacked;
880
0
        if (rseg == NULL) {
881
          /* might happen if tcp_output fails in tcp_rexmit_rto()
882
             in which case the segment is on the unsent list */
883
0
          rseg = pcb->unsent;
884
0
          LWIP_ASSERT("no segment to free", rseg != NULL);
885
0
          pcb->unsent = rseg->next;
886
0
        } else {
887
0
          pcb->unacked = rseg->next;
888
0
        }
889
0
        tcp_seg_free(rseg);
890
891
        /* If there's nothing left to acknowledge, stop the retransmit
892
           timer, otherwise reset it to start again */
893
0
        if (pcb->unacked == NULL) {
894
0
          pcb->rtime = -1;
895
0
        } else {
896
0
          pcb->rtime = 0;
897
0
          pcb->nrtx = 0;
898
0
        }
899
900
        /* Call the user specified function to call when successfully
901
         * connected. */
902
0
        TCP_EVENT_CONNECTED(pcb, ERR_OK, err);
903
0
        if (err == ERR_ABRT) {
904
0
          return ERR_ABRT;
905
0
        }
906
0
        tcp_ack_now(pcb);
907
0
      }
908
      /* received ACK? possibly a half-open connection */
909
0
      else if (flags & TCP_ACK) {
910
        /* send a RST to bring the other side in a non-synchronized state. */
911
0
        tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
912
0
                ip_current_src_addr(), tcphdr->dest, tcphdr->src);
913
        /* Resend SYN immediately (don't wait for rto timeout) to establish
914
          connection faster, but do not send more SYNs than we otherwise would
915
          have, or we might get caught in a loop on loopback interfaces. */
916
0
        if (pcb->nrtx < TCP_SYNMAXRTX) {
917
0
          pcb->rtime = 0;
918
0
          tcp_rexmit_rto(pcb);
919
0
        }
920
0
      }
921
0
      break;
922
0
    case SYN_RCVD:
923
0
      if (flags & TCP_ACK) {
924
        /* expected ACK number? */
925
0
        if (TCP_SEQ_BETWEEN(ackno, pcb->lastack + 1, pcb->snd_nxt)) {
926
0
          pcb->state = ESTABLISHED;
927
0
          LWIP_DEBUGF(TCP_DEBUG, ("TCP connection established %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
928
0
#if LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG
929
0
          if (pcb->listener == NULL) {
930
            /* listen pcb might be closed by now */
931
0
            err = ERR_VAL;
932
0
          } else
933
0
#endif /* LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG */
934
0
          {
935
0
#if LWIP_CALLBACK_API
936
0
            LWIP_ASSERT("pcb->listener->accept != NULL", pcb->listener->accept != NULL);
937
0
#endif
938
0
            tcp_backlog_accepted(pcb);
939
            /* Call the accept function. */
940
0
            TCP_EVENT_ACCEPT(pcb->listener, pcb, pcb->callback_arg, ERR_OK, err);
941
0
          }
942
0
          if (err != ERR_OK) {
943
            /* If the accept function returns with an error, we abort
944
             * the connection. */
945
            /* Already aborted? */
946
0
            if (err != ERR_ABRT) {
947
0
              tcp_abort(pcb);
948
0
            }
949
0
            return ERR_ABRT;
950
0
          }
951
          /* If there was any data contained within this ACK,
952
           * we'd better pass it on to the application as well. */
953
0
          tcp_receive(pcb);
954
955
          /* Prevent ACK for SYN to generate a sent event */
956
0
          if (recv_acked != 0) {
957
0
            recv_acked--;
958
0
          }
959
960
0
          pcb->cwnd = LWIP_TCP_CALC_INITIAL_CWND(pcb->mss);
961
0
          LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_process (SYN_RCVD): cwnd %"TCPWNDSIZE_F
962
0
                                       " ssthresh %"TCPWNDSIZE_F"\n",
963
0
                                       pcb->cwnd, pcb->ssthresh));
964
965
0
          if (recv_flags & TF_GOT_FIN) {
966
0
            tcp_ack_now(pcb);
967
0
            pcb->state = CLOSE_WAIT;
968
0
          }
969
0
        } else {
970
          /* incorrect ACK number, send RST */
971
0
          tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(),
972
0
                  ip_current_src_addr(), tcphdr->dest, tcphdr->src);
973
0
        }
974
0
      } else if ((flags & TCP_SYN) && (seqno == pcb->rcv_nxt - 1)) {
975
        /* Looks like another copy of the SYN - retransmit our SYN-ACK */
976
0
        tcp_rexmit(pcb);
977
0
      }
978
0
      break;
979
0
    case CLOSE_WAIT:
980
    /* FALLTHROUGH */
981
0
    case ESTABLISHED:
982
0
      tcp_receive(pcb);
983
0
      if (recv_flags & TF_GOT_FIN) { /* passive close */
984
0
        tcp_ack_now(pcb);
985
0
        pcb->state = CLOSE_WAIT;
986
0
      }
987
0
      break;
988
0
    case FIN_WAIT_1:
989
0
      tcp_receive(pcb);
990
0
      if (recv_flags & TF_GOT_FIN) {
991
0
        if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt) &&
992
0
            pcb->unsent == NULL) {
993
0
          LWIP_DEBUGF(TCP_DEBUG,
994
0
                      ("TCP connection closed: FIN_WAIT_1 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
995
0
          tcp_ack_now(pcb);
996
0
          tcp_pcb_purge(pcb);
997
0
          TCP_RMV_ACTIVE(pcb);
998
0
          pcb->state = TIME_WAIT;
999
0
          TCP_REG(&tcp_tw_pcbs, pcb);
1000
0
        } else {
1001
0
          tcp_ack_now(pcb);
1002
0
          pcb->state = CLOSING;
1003
0
        }
1004
0
      } else if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt) &&
1005
0
                 pcb->unsent == NULL) {
1006
0
        pcb->state = FIN_WAIT_2;
1007
0
      }
1008
0
      break;
1009
0
    case FIN_WAIT_2:
1010
0
      tcp_receive(pcb);
1011
0
      if (recv_flags & TF_GOT_FIN) {
1012
0
        LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: FIN_WAIT_2 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1013
0
        tcp_ack_now(pcb);
1014
0
        tcp_pcb_purge(pcb);
1015
0
        TCP_RMV_ACTIVE(pcb);
1016
0
        pcb->state = TIME_WAIT;
1017
0
        TCP_REG(&tcp_tw_pcbs, pcb);
1018
0
      }
1019
0
      break;
1020
0
    case CLOSING:
1021
0
      tcp_receive(pcb);
1022
0
      if ((flags & TCP_ACK) && ackno == pcb->snd_nxt && pcb->unsent == NULL) {
1023
0
        LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: CLOSING %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1024
0
        tcp_pcb_purge(pcb);
1025
0
        TCP_RMV_ACTIVE(pcb);
1026
0
        pcb->state = TIME_WAIT;
1027
0
        TCP_REG(&tcp_tw_pcbs, pcb);
1028
0
      }
1029
0
      break;
1030
0
    case LAST_ACK:
1031
0
      tcp_receive(pcb);
1032
0
      if ((flags & TCP_ACK) && ackno == pcb->snd_nxt && pcb->unsent == NULL) {
1033
0
        LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: LAST_ACK %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
1034
        /* bugfix #21699: don't set pcb->state to CLOSED here or we risk leaking segments */
1035
0
        recv_flags |= TF_CLOSED;
1036
0
      }
1037
0
      break;
1038
0
    default:
1039
0
      break;
1040
0
  }
1041
0
  return ERR_OK;
1042
0
}
1043
1044
#if TCP_QUEUE_OOSEQ
1045
/**
1046
 * Insert segment into the list (segments covered with new one will be deleted)
1047
 *
1048
 * Called from tcp_receive()
1049
 */
1050
static void
1051
tcp_oos_insert_segment(struct tcp_seg *cseg, struct tcp_seg *next)
1052
0
{
1053
0
  struct tcp_seg *old_seg;
1054
1055
0
  LWIP_ASSERT("tcp_oos_insert_segment: invalid cseg", cseg != NULL);
1056
1057
0
  if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
1058
    /* received segment overlaps all following segments */
1059
0
    tcp_segs_free(next);
1060
0
    next = NULL;
1061
0
  } else {
1062
    /* delete some following segments
1063
       oos queue may have segments with FIN flag */
1064
0
    while (next &&
1065
0
           TCP_SEQ_GEQ((seqno + cseg->len),
1066
0
                       (next->tcphdr->seqno + next->len))) {
1067
      /* cseg with FIN already processed */
1068
0
      if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
1069
0
        TCPH_SET_FLAG(cseg->tcphdr, TCP_FIN);
1070
0
      }
1071
0
      old_seg = next;
1072
0
      next = next->next;
1073
0
      tcp_seg_free(old_seg);
1074
0
    }
1075
0
    if (next &&
1076
0
        TCP_SEQ_GT(seqno + cseg->len, next->tcphdr->seqno)) {
1077
      /* We need to trim the incoming segment. */
1078
0
      cseg->len = (u16_t)(next->tcphdr->seqno - seqno);
1079
0
      pbuf_realloc(cseg->p, cseg->len);
1080
0
    }
1081
0
  }
1082
0
  cseg->next = next;
1083
0
}
1084
#endif /* TCP_QUEUE_OOSEQ */
1085
1086
/** Remove segments from a list if the incoming ACK acknowledges them */
1087
static struct tcp_seg *
1088
tcp_free_acked_segments(struct tcp_pcb *pcb, struct tcp_seg *seg_list, const char *dbg_list_name,
1089
                        struct tcp_seg *dbg_other_seg_list)
1090
0
{
1091
0
  struct tcp_seg *next;
1092
0
  u16_t clen;
1093
1094
0
  LWIP_UNUSED_ARG(dbg_list_name);
1095
0
  LWIP_UNUSED_ARG(dbg_other_seg_list);
1096
1097
0
  while (seg_list != NULL &&
1098
0
         TCP_SEQ_LEQ(lwip_ntohl(seg_list->tcphdr->seqno) +
1099
0
                     TCP_TCPLEN(seg_list), ackno)) {
1100
0
    LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: removing %"U32_F":%"U32_F" from pcb->%s\n",
1101
0
                                  lwip_ntohl(seg_list->tcphdr->seqno),
1102
0
                                  lwip_ntohl(seg_list->tcphdr->seqno) + TCP_TCPLEN(seg_list),
1103
0
                                  dbg_list_name));
1104
1105
0
    next = seg_list;
1106
0
    seg_list = seg_list->next;
1107
1108
0
    clen = pbuf_clen(next->p);
1109
0
    LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_receive: queuelen %"TCPWNDSIZE_F" ... ",
1110
0
                                 (tcpwnd_size_t)pcb->snd_queuelen));
1111
0
    LWIP_ASSERT("pcb->snd_queuelen >= pbuf_clen(next->p)", (pcb->snd_queuelen >= clen));
1112
1113
0
    pcb->snd_queuelen = (u16_t)(pcb->snd_queuelen - clen);
1114
0
    recv_acked = (tcpwnd_size_t)(recv_acked + next->len);
1115
0
    tcp_seg_free(next);
1116
1117
0
    LWIP_DEBUGF(TCP_QLEN_DEBUG, ("%"TCPWNDSIZE_F" (after freeing %s)\n",
1118
0
                                 (tcpwnd_size_t)pcb->snd_queuelen,
1119
0
                                 dbg_list_name));
1120
0
    if (pcb->snd_queuelen != 0) {
1121
0
      LWIP_ASSERT("tcp_receive: valid queue length",
1122
0
                  seg_list != NULL || dbg_other_seg_list != NULL);
1123
0
    }
1124
0
  }
1125
0
  return seg_list;
1126
0
}
1127
1128
/**
1129
 * Called by tcp_process. Checks if the given segment is an ACK for outstanding
1130
 * data, and if so frees the memory of the buffered data. Next, it places the
1131
 * segment on any of the receive queues (pcb->recved or pcb->ooseq). If the segment
1132
 * is buffered, the pbuf is referenced by pbuf_ref so that it will not be freed until
1133
 * it has been removed from the buffer.
1134
 *
1135
 * If the incoming segment constitutes an ACK for a segment that was used for RTT
1136
 * estimation, the RTT is estimated here as well.
1137
 *
1138
 * Called from tcp_process().
1139
 */
1140
static void
1141
tcp_receive(struct tcp_pcb *pcb)
1142
0
{
1143
0
  s16_t m;
1144
0
  u32_t right_wnd_edge;
1145
0
  int found_dupack = 0;
1146
1147
0
  LWIP_ASSERT("tcp_receive: invalid pcb", pcb != NULL);
1148
0
  LWIP_ASSERT("tcp_receive: wrong state", pcb->state >= ESTABLISHED);
1149
1150
0
  if (flags & TCP_ACK) {
1151
0
    right_wnd_edge = pcb->snd_wnd + pcb->snd_wl2;
1152
1153
    /* Update window. */
1154
0
    if (TCP_SEQ_LT(pcb->snd_wl1, seqno) ||
1155
0
        (pcb->snd_wl1 == seqno && TCP_SEQ_LT(pcb->snd_wl2, ackno)) ||
1156
0
        (pcb->snd_wl2 == ackno && (u32_t)SND_WND_SCALE(pcb, tcphdr->wnd) > pcb->snd_wnd)) {
1157
0
      pcb->snd_wnd = SND_WND_SCALE(pcb, tcphdr->wnd);
1158
      /* keep track of the biggest window announced by the remote host to calculate
1159
         the maximum segment size */
1160
0
      if (pcb->snd_wnd_max < pcb->snd_wnd) {
1161
0
        pcb->snd_wnd_max = pcb->snd_wnd;
1162
0
      }
1163
0
      pcb->snd_wl1 = seqno;
1164
0
      pcb->snd_wl2 = ackno;
1165
0
      LWIP_DEBUGF(TCP_WND_DEBUG, ("tcp_receive: window update %"TCPWNDSIZE_F"\n", pcb->snd_wnd));
1166
#if TCP_WND_DEBUG
1167
    } else {
1168
      if (pcb->snd_wnd != (tcpwnd_size_t)SND_WND_SCALE(pcb, tcphdr->wnd)) {
1169
        LWIP_DEBUGF(TCP_WND_DEBUG,
1170
                    ("tcp_receive: no window update lastack %"U32_F" ackno %"
1171
                     U32_F" wl1 %"U32_F" seqno %"U32_F" wl2 %"U32_F"\n",
1172
                     pcb->lastack, ackno, pcb->snd_wl1, seqno, pcb->snd_wl2));
1173
      }
1174
#endif /* TCP_WND_DEBUG */
1175
0
    }
1176
1177
    /* (From Stevens TCP/IP Illustrated Vol II, p970.) Its only a
1178
     * duplicate ack if:
1179
     * 1) It doesn't ACK new data
1180
     * 2) length of received packet is zero (i.e. no payload)
1181
     * 3) the advertised window hasn't changed
1182
     * 4) There is outstanding unacknowledged data (retransmission timer running)
1183
     * 5) The ACK is == biggest ACK sequence number so far seen (snd_una)
1184
     *
1185
     * If it passes all five, should process as a dupack:
1186
     * a) dupacks < 3: do nothing
1187
     * b) dupacks == 3: fast retransmit
1188
     * c) dupacks > 3: increase cwnd
1189
     *
1190
     * If it only passes 1-3, should reset dupack counter (and add to
1191
     * stats, which we don't do in lwIP)
1192
     *
1193
     * If it only passes 1, should reset dupack counter
1194
     *
1195
     */
1196
1197
    /* Clause 1 */
1198
0
    if (TCP_SEQ_LEQ(ackno, pcb->lastack)) {
1199
      /* Clause 2 */
1200
0
      if (tcplen == 0) {
1201
        /* Clause 3 */
1202
0
        if (pcb->snd_wl2 + pcb->snd_wnd == right_wnd_edge) {
1203
          /* Clause 4 */
1204
0
          if (pcb->rtime >= 0) {
1205
            /* Clause 5 */
1206
0
            if (pcb->lastack == ackno) {
1207
0
              found_dupack = 1;
1208
0
              if ((u8_t)(pcb->dupacks + 1) > pcb->dupacks) {
1209
0
                ++pcb->dupacks;
1210
0
              }
1211
0
              if (pcb->dupacks > 3) {
1212
                /* Inflate the congestion window */
1213
0
                TCP_WND_INC(pcb->cwnd, pcb->mss);
1214
0
              }
1215
0
              if (pcb->dupacks >= 3) {
1216
                /* Do fast retransmit (checked via TF_INFR, not via dupacks count) */
1217
0
                tcp_rexmit_fast(pcb);
1218
0
              }
1219
0
            }
1220
0
          }
1221
0
        }
1222
0
      }
1223
      /* If Clause (1) or more is true, but not a duplicate ack, reset
1224
       * count of consecutive duplicate acks */
1225
0
      if (!found_dupack) {
1226
0
        pcb->dupacks = 0;
1227
0
      }
1228
0
    } else if (TCP_SEQ_BETWEEN(ackno, pcb->lastack + 1, pcb->snd_nxt)) {
1229
      /* We come here when the ACK acknowledges new data. */
1230
0
      tcpwnd_size_t acked;
1231
1232
      /* Reset the "IN Fast Retransmit" flag, since we are no longer
1233
         in fast retransmit. Also reset the congestion window to the
1234
         slow start threshold. */
1235
0
      if (pcb->flags & TF_INFR) {
1236
0
        tcp_clear_flags(pcb, TF_INFR);
1237
0
        pcb->cwnd = pcb->ssthresh;
1238
0
        pcb->bytes_acked = 0;
1239
0
      }
1240
1241
      /* Reset the number of retransmissions. */
1242
0
      pcb->nrtx = 0;
1243
1244
      /* Reset the retransmission time-out. */
1245
0
      pcb->rto = (s16_t)((pcb->sa >> 3) + pcb->sv);
1246
1247
      /* Record how much data this ACK acks */
1248
0
      acked = (tcpwnd_size_t)(ackno - pcb->lastack);
1249
1250
      /* Reset the fast retransmit variables. */
1251
0
      pcb->dupacks = 0;
1252
0
      pcb->lastack = ackno;
1253
1254
      /* Update the congestion control variables (cwnd and
1255
         ssthresh). */
1256
0
      if (pcb->state >= ESTABLISHED) {
1257
0
        if (pcb->cwnd < pcb->ssthresh) {
1258
0
          tcpwnd_size_t increase;
1259
          /* limit to 1 SMSS segment during period following RTO */
1260
0
          u8_t num_seg = (pcb->flags & TF_RTO) ? 1 : 2;
1261
          /* RFC 3465, section 2.2 Slow Start */
1262
0
          increase = LWIP_MIN(acked, (tcpwnd_size_t)(num_seg * pcb->mss));
1263
0
          TCP_WND_INC(pcb->cwnd, increase);
1264
0
          LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: slow start cwnd %"TCPWNDSIZE_F"\n", pcb->cwnd));
1265
0
        } else {
1266
          /* RFC 3465, section 2.1 Congestion Avoidance */
1267
0
          TCP_WND_INC(pcb->bytes_acked, acked);
1268
0
          if (pcb->bytes_acked >= pcb->cwnd) {
1269
0
            pcb->bytes_acked = (tcpwnd_size_t)(pcb->bytes_acked - pcb->cwnd);
1270
0
            TCP_WND_INC(pcb->cwnd, pcb->mss);
1271
0
          }
1272
0
          LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: congestion avoidance cwnd %"TCPWNDSIZE_F"\n", pcb->cwnd));
1273
0
        }
1274
0
      }
1275
0
      LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: ACK for %"U32_F", unacked->seqno %"U32_F":%"U32_F"\n",
1276
0
                                    ackno,
1277
0
                                    pcb->unacked != NULL ?
1278
0
                                    lwip_ntohl(pcb->unacked->tcphdr->seqno) : 0,
1279
0
                                    pcb->unacked != NULL ?
1280
0
                                    lwip_ntohl(pcb->unacked->tcphdr->seqno) + TCP_TCPLEN(pcb->unacked) : 0));
1281
1282
      /* Remove segment from the unacknowledged list if the incoming
1283
         ACK acknowledges them. */
1284
0
      pcb->unacked = tcp_free_acked_segments(pcb, pcb->unacked, "unacked", pcb->unsent);
1285
      /* We go through the ->unsent list to see if any of the segments
1286
         on the list are acknowledged by the ACK. This may seem
1287
         strange since an "unsent" segment shouldn't be acked. The
1288
         rationale is that lwIP puts all outstanding segments on the
1289
         ->unsent list after a retransmission, so these segments may
1290
         in fact have been sent once. */
1291
0
      pcb->unsent = tcp_free_acked_segments(pcb, pcb->unsent, "unsent", pcb->unacked);
1292
1293
      /* If there's nothing left to acknowledge, stop the retransmit
1294
         timer, otherwise reset it to start again */
1295
0
      if (pcb->unacked == NULL) {
1296
0
        pcb->rtime = -1;
1297
0
      } else {
1298
0
        pcb->rtime = 0;
1299
0
      }
1300
1301
0
      pcb->polltmr = 0;
1302
1303
0
#if TCP_OVERSIZE
1304
0
      if (pcb->unsent == NULL) {
1305
0
        pcb->unsent_oversize = 0;
1306
0
      }
1307
0
#endif /* TCP_OVERSIZE */
1308
1309
#if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
1310
      if (ip_current_is_v6()) {
1311
        /* Inform neighbor reachability of forward progress. */
1312
        nd6_reachability_hint(ip6_current_src_addr());
1313
      }
1314
#endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
1315
1316
0
      pcb->snd_buf = (tcpwnd_size_t)(pcb->snd_buf + recv_acked);
1317
      /* check if this ACK ends our retransmission of in-flight data */
1318
0
      if (pcb->flags & TF_RTO) {
1319
        /* RTO is done if
1320
            1) both queues are empty or
1321
            2) unacked is empty and unsent head contains data not part of RTO or
1322
            3) unacked head contains data not part of RTO */
1323
0
        if (pcb->unacked == NULL) {
1324
0
          if ((pcb->unsent == NULL) ||
1325
0
              (TCP_SEQ_LEQ(pcb->rto_end, lwip_ntohl(pcb->unsent->tcphdr->seqno)))) {
1326
0
            tcp_clear_flags(pcb, TF_RTO);
1327
0
          }
1328
0
        } else if (TCP_SEQ_LEQ(pcb->rto_end, lwip_ntohl(pcb->unacked->tcphdr->seqno))) {
1329
0
          tcp_clear_flags(pcb, TF_RTO);
1330
0
        }
1331
0
      }
1332
      /* End of ACK for new data processing. */
1333
0
    } else {
1334
      /* Out of sequence ACK, didn't really ack anything */
1335
0
      tcp_send_empty_ack(pcb);
1336
0
    }
1337
1338
0
    LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: pcb->rttest %"U32_F" rtseq %"U32_F" ackno %"U32_F"\n",
1339
0
                                pcb->rttest, pcb->rtseq, ackno));
1340
1341
    /* RTT estimation calculations. This is done by checking if the
1342
       incoming segment acknowledges the segment we use to take a
1343
       round-trip time measurement. */
1344
0
    if (pcb->rttest && TCP_SEQ_LT(pcb->rtseq, ackno)) {
1345
      /* diff between this shouldn't exceed 32K since this are tcp timer ticks
1346
         and a round-trip shouldn't be that long... */
1347
0
      m = (s16_t)(tcp_ticks - pcb->rttest);
1348
1349
0
      LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: experienced rtt %"U16_F" ticks (%"U16_F" msec).\n",
1350
0
                                  m, (u16_t)(m * TCP_SLOW_INTERVAL)));
1351
1352
      /* This is taken directly from VJs original code in his paper */
1353
0
      m = (s16_t)(m - (pcb->sa >> 3));
1354
0
      pcb->sa = (s16_t)(pcb->sa + m);
1355
0
      if (m < 0) {
1356
0
        m = (s16_t) - m;
1357
0
      }
1358
0
      m = (s16_t)(m - (pcb->sv >> 2));
1359
0
      pcb->sv = (s16_t)(pcb->sv + m);
1360
0
      pcb->rto = (s16_t)((pcb->sa >> 3) + pcb->sv);
1361
1362
0
      LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: RTO %"U16_F" (%"U16_F" milliseconds)\n",
1363
0
                                  pcb->rto, (u16_t)(pcb->rto * TCP_SLOW_INTERVAL)));
1364
1365
0
      pcb->rttest = 0;
1366
0
    }
1367
0
  }
1368
1369
  /* If the incoming segment contains data, we must process it
1370
     further unless the pcb already received a FIN.
1371
     (RFC 793, chapter 3.9, "SEGMENT ARRIVES" in states CLOSE-WAIT, CLOSING,
1372
     LAST-ACK and TIME-WAIT: "Ignore the segment text.") */
1373
0
  if ((tcplen > 0) && (pcb->state < CLOSE_WAIT)) {
1374
    /* This code basically does three things:
1375
1376
    +) If the incoming segment contains data that is the next
1377
    in-sequence data, this data is passed to the application. This
1378
    might involve trimming the first edge of the data. The rcv_nxt
1379
    variable and the advertised window are adjusted.
1380
1381
    +) If the incoming segment has data that is above the next
1382
    sequence number expected (->rcv_nxt), the segment is placed on
1383
    the ->ooseq queue. This is done by finding the appropriate
1384
    place in the ->ooseq queue (which is ordered by sequence
1385
    number) and trim the segment in both ends if needed. An
1386
    immediate ACK is sent to indicate that we received an
1387
    out-of-sequence segment.
1388
1389
    +) Finally, we check if the first segment on the ->ooseq queue
1390
    now is in sequence (i.e., if rcv_nxt >= ooseq->seqno). If
1391
    rcv_nxt > ooseq->seqno, we must trim the first edge of the
1392
    segment on ->ooseq before we adjust rcv_nxt. The data in the
1393
    segments that are now on sequence are chained onto the
1394
    incoming segment so that we only need to call the application
1395
    once.
1396
    */
1397
1398
    /* First, we check if we must trim the first edge. We have to do
1399
       this if the sequence number of the incoming segment is less
1400
       than rcv_nxt, and the sequence number plus the length of the
1401
       segment is larger than rcv_nxt. */
1402
    /*    if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)) {
1403
          if (TCP_SEQ_LT(pcb->rcv_nxt, seqno + tcplen)) {*/
1404
0
    if (TCP_SEQ_BETWEEN(pcb->rcv_nxt, seqno + 1, seqno + tcplen - 1)) {
1405
      /* Trimming the first edge is done by pushing the payload
1406
         pointer in the pbuf downwards. This is somewhat tricky since
1407
         we do not want to discard the full contents of the pbuf up to
1408
         the new starting point of the data since we have to keep the
1409
         TCP header which is present in the first pbuf in the chain.
1410
1411
         What is done is really quite a nasty hack: the first pbuf in
1412
         the pbuf chain is pointed to by inseg.p. Since we need to be
1413
         able to deallocate the whole pbuf, we cannot change this
1414
         inseg.p pointer to point to any of the later pbufs in the
1415
         chain. Instead, we point the ->payload pointer in the first
1416
         pbuf to data in one of the later pbufs. We also set the
1417
         inseg.data pointer to point to the right place. This way, the
1418
         ->p pointer will still point to the first pbuf, but the
1419
         ->p->payload pointer will point to data in another pbuf.
1420
1421
         After we are done with adjusting the pbuf pointers we must
1422
         adjust the ->data pointer in the seg and the segment
1423
         length.*/
1424
1425
0
      struct pbuf *p = inseg.p;
1426
0
      u32_t off32 = pcb->rcv_nxt - seqno;
1427
0
      u16_t new_tot_len, off;
1428
0
      LWIP_ASSERT("inseg.p != NULL", inseg.p);
1429
0
      LWIP_ASSERT("insane offset!", (off32 < 0xffff));
1430
0
      off = (u16_t)off32;
1431
0
      LWIP_ASSERT("pbuf too short!", (((s32_t)inseg.p->tot_len) >= off));
1432
0
      inseg.len -= off;
1433
0
      new_tot_len = (u16_t)(inseg.p->tot_len - off);
1434
0
      while (p->len < off) {
1435
0
        off -= p->len;
1436
        /* all pbufs up to and including this one have len==0, so tot_len is equal */
1437
0
        p->tot_len = new_tot_len;
1438
0
        p->len = 0;
1439
0
        p = p->next;
1440
0
      }
1441
      /* cannot fail... */
1442
0
      pbuf_remove_header(p, off);
1443
0
      inseg.tcphdr->seqno = seqno = pcb->rcv_nxt;
1444
0
    } else {
1445
0
      if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)) {
1446
        /* the whole segment is < rcv_nxt */
1447
        /* must be a duplicate of a packet that has already been correctly handled */
1448
1449
0
        LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: duplicate seqno %"U32_F"\n", seqno));
1450
0
        tcp_ack_now(pcb);
1451
0
      }
1452
0
    }
1453
1454
    /* The sequence number must be within the window (above rcv_nxt
1455
       and below rcv_nxt + rcv_wnd) in order to be further
1456
       processed. */
1457
0
    if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt,
1458
0
                        pcb->rcv_nxt + pcb->rcv_wnd - 1)) {
1459
0
      if (pcb->rcv_nxt == seqno) {
1460
        /* The incoming segment is the next in sequence. We check if
1461
           we have to trim the end of the segment and update rcv_nxt
1462
           and pass the data to the application. */
1463
0
        tcplen = TCP_TCPLEN(&inseg);
1464
1465
0
        if (tcplen > pcb->rcv_wnd) {
1466
0
          LWIP_DEBUGF(TCP_INPUT_DEBUG,
1467
0
                      ("tcp_receive: other end overran receive window"
1468
0
                       "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
1469
0
                       seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
1470
0
          if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1471
            /* Must remove the FIN from the header as we're trimming
1472
             * that byte of sequence-space from the packet */
1473
0
            TCPH_FLAGS_SET(inseg.tcphdr, TCPH_FLAGS(inseg.tcphdr) & ~(unsigned int)TCP_FIN);
1474
0
          }
1475
          /* Adjust length of segment to fit in the window. */
1476
0
          TCPWND_CHECK16(pcb->rcv_wnd);
1477
0
          inseg.len = (u16_t)pcb->rcv_wnd;
1478
0
          if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
1479
0
            inseg.len -= 1;
1480
0
          }
1481
0
          pbuf_realloc(inseg.p, inseg.len);
1482
0
          tcplen = TCP_TCPLEN(&inseg);
1483
0
          LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd\n",
1484
0
                      (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
1485
0
        }
1486
0
#if TCP_QUEUE_OOSEQ
1487
        /* Received in-sequence data, adjust ooseq data if:
1488
           - FIN has been received or
1489
           - inseq overlaps with ooseq */
1490
0
        if (pcb->ooseq != NULL) {
1491
0
          if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1492
0
            LWIP_DEBUGF(TCP_INPUT_DEBUG,
1493
0
                        ("tcp_receive: received in-order FIN, binning ooseq queue\n"));
1494
            /* Received in-order FIN means anything that was received
1495
             * out of order must now have been received in-order, so
1496
             * bin the ooseq queue */
1497
0
            while (pcb->ooseq != NULL) {
1498
0
              struct tcp_seg *old_ooseq = pcb->ooseq;
1499
0
              pcb->ooseq = pcb->ooseq->next;
1500
0
              tcp_seg_free(old_ooseq);
1501
0
            }
1502
0
          } else {
1503
0
            struct tcp_seg *next = pcb->ooseq;
1504
            /* Remove all segments on ooseq that are covered by inseg already.
1505
             * FIN is copied from ooseq to inseg if present. */
1506
0
            while (next &&
1507
0
                   TCP_SEQ_GEQ(seqno + tcplen,
1508
0
                               next->tcphdr->seqno + next->len)) {
1509
0
              struct tcp_seg *tmp;
1510
              /* inseg cannot have FIN here (already processed above) */
1511
0
              if ((TCPH_FLAGS(next->tcphdr) & TCP_FIN) != 0 &&
1512
0
                  (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) == 0) {
1513
0
                TCPH_SET_FLAG(inseg.tcphdr, TCP_FIN);
1514
0
                tcplen = TCP_TCPLEN(&inseg);
1515
0
              }
1516
0
              tmp = next;
1517
0
              next = next->next;
1518
0
              tcp_seg_free(tmp);
1519
0
            }
1520
            /* Now trim right side of inseg if it overlaps with the first
1521
             * segment on ooseq */
1522
0
            if (next &&
1523
0
                TCP_SEQ_GT(seqno + tcplen,
1524
0
                           next->tcphdr->seqno)) {
1525
              /* inseg cannot have FIN here (already processed above) */
1526
0
              inseg.len = (u16_t)(next->tcphdr->seqno - seqno);
1527
0
              if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
1528
0
                inseg.len -= 1;
1529
0
              }
1530
0
              pbuf_realloc(inseg.p, inseg.len);
1531
0
              tcplen = TCP_TCPLEN(&inseg);
1532
0
              LWIP_ASSERT("tcp_receive: segment not trimmed correctly to ooseq queue\n",
1533
0
                          (seqno + tcplen) == next->tcphdr->seqno);
1534
0
            }
1535
0
            pcb->ooseq = next;
1536
0
          }
1537
0
        }
1538
0
#endif /* TCP_QUEUE_OOSEQ */
1539
1540
0
        pcb->rcv_nxt = seqno + tcplen;
1541
1542
        /* Update the receiver's (our) window. */
1543
0
        LWIP_ASSERT("tcp_receive: tcplen > rcv_wnd\n", pcb->rcv_wnd >= tcplen);
1544
0
        pcb->rcv_wnd -= tcplen;
1545
1546
0
        tcp_update_rcv_ann_wnd(pcb);
1547
1548
        /* If there is data in the segment, we make preparations to
1549
           pass this up to the application. The ->recv_data variable
1550
           is used for holding the pbuf that goes to the
1551
           application. The code for reassembling out-of-sequence data
1552
           chains its data on this pbuf as well.
1553
1554
           If the segment was a FIN, we set the TF_GOT_FIN flag that will
1555
           be used to indicate to the application that the remote side has
1556
           closed its end of the connection. */
1557
0
        if (inseg.p->tot_len > 0) {
1558
0
          recv_data = inseg.p;
1559
          /* Since this pbuf now is the responsibility of the
1560
             application, we delete our reference to it so that we won't
1561
             (mistakingly) deallocate it. */
1562
0
          inseg.p = NULL;
1563
0
        }
1564
0
        if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1565
0
          LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: received FIN.\n"));
1566
0
          recv_flags |= TF_GOT_FIN;
1567
0
        }
1568
1569
0
#if TCP_QUEUE_OOSEQ
1570
        /* We now check if we have segments on the ->ooseq queue that
1571
           are now in sequence. */
1572
0
        while (pcb->ooseq != NULL &&
1573
0
               pcb->ooseq->tcphdr->seqno == pcb->rcv_nxt) {
1574
1575
0
          struct tcp_seg *cseg = pcb->ooseq;
1576
0
          seqno = pcb->ooseq->tcphdr->seqno;
1577
1578
0
          pcb->rcv_nxt += TCP_TCPLEN(cseg);
1579
0
          LWIP_ASSERT("tcp_receive: ooseq tcplen > rcv_wnd\n",
1580
0
                      pcb->rcv_wnd >= TCP_TCPLEN(cseg));
1581
0
          pcb->rcv_wnd -= TCP_TCPLEN(cseg);
1582
1583
0
          tcp_update_rcv_ann_wnd(pcb);
1584
1585
0
          if (cseg->p->tot_len > 0) {
1586
            /* Chain this pbuf onto the pbuf that we will pass to
1587
               the application. */
1588
            /* With window scaling, this can overflow recv_data->tot_len, but
1589
               that's not a problem since we explicitly fix that before passing
1590
               recv_data to the application. */
1591
0
            if (recv_data) {
1592
0
              pbuf_cat(recv_data, cseg->p);
1593
0
            } else {
1594
0
              recv_data = cseg->p;
1595
0
            }
1596
0
            cseg->p = NULL;
1597
0
          }
1598
0
          if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
1599
0
            LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: dequeued FIN.\n"));
1600
0
            recv_flags |= TF_GOT_FIN;
1601
0
            if (pcb->state == ESTABLISHED) { /* force passive close or we can move to active close */
1602
0
              pcb->state = CLOSE_WAIT;
1603
0
            }
1604
0
          }
1605
1606
0
          pcb->ooseq = cseg->next;
1607
0
          tcp_seg_free(cseg);
1608
0
        }
1609
#if LWIP_TCP_SACK_OUT
1610
        if (pcb->flags & TF_SACK) {
1611
          if (pcb->ooseq != NULL) {
1612
            /* Some segments may have been removed from ooseq, let's remove all SACKs that
1613
               describe anything before the new beginning of that list. */
1614
            tcp_remove_sacks_lt(pcb, pcb->ooseq->tcphdr->seqno);
1615
          } else if (LWIP_TCP_SACK_VALID(pcb, 0)) {
1616
            /* ooseq has been cleared. Nothing to SACK */
1617
            memset(pcb->rcv_sacks, 0, sizeof(pcb->rcv_sacks));
1618
          }
1619
        }
1620
#endif /* LWIP_TCP_SACK_OUT */
1621
0
#endif /* TCP_QUEUE_OOSEQ */
1622
1623
1624
        /* Acknowledge the segment(s). */
1625
0
        tcp_ack(pcb);
1626
1627
#if LWIP_TCP_SACK_OUT
1628
        if (LWIP_TCP_SACK_VALID(pcb, 0)) {
1629
          /* Normally the ACK for the data received could be piggy-backed on a data packet,
1630
             but lwIP currently does not support including SACKs in data packets. So we force
1631
             it to respond with an empty ACK packet (only if there is at least one SACK to be sent).
1632
             NOTE: tcp_send_empty_ack() on success clears the ACK flags (set by tcp_ack()) */
1633
          tcp_send_empty_ack(pcb);
1634
        }
1635
#endif /* LWIP_TCP_SACK_OUT */
1636
1637
#if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
1638
        if (ip_current_is_v6()) {
1639
          /* Inform neighbor reachability of forward progress. */
1640
          nd6_reachability_hint(ip6_current_src_addr());
1641
        }
1642
#endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
1643
1644
0
      } else {
1645
        /* We get here if the incoming segment is out-of-sequence. */
1646
1647
0
#if TCP_QUEUE_OOSEQ
1648
        /* We queue the segment on the ->ooseq queue. */
1649
0
        if (pcb->ooseq == NULL) {
1650
0
          pcb->ooseq = tcp_seg_copy(&inseg);
1651
#if LWIP_TCP_SACK_OUT
1652
          if (pcb->flags & TF_SACK) {
1653
            /* All the SACKs should be invalid, so we can simply store the most recent one: */
1654
            pcb->rcv_sacks[0].left = seqno;
1655
            pcb->rcv_sacks[0].right = seqno + inseg.len;
1656
          }
1657
#endif /* LWIP_TCP_SACK_OUT */
1658
0
        } else {
1659
          /* If the queue is not empty, we walk through the queue and
1660
             try to find a place where the sequence number of the
1661
             incoming segment is between the sequence numbers of the
1662
             previous and the next segment on the ->ooseq queue. That is
1663
             the place where we put the incoming segment. If needed, we
1664
             trim the second edges of the previous and the incoming
1665
             segment so that it will fit into the sequence.
1666
1667
             If the incoming segment has the same sequence number as a
1668
             segment on the ->ooseq queue, we discard the segment that
1669
             contains less data. */
1670
1671
#if LWIP_TCP_SACK_OUT
1672
          /* This is the left edge of the lowest possible SACK range.
1673
             It may start before the newly received segment (possibly adjusted below). */
1674
          u32_t sackbeg = TCP_SEQ_LT(seqno, pcb->ooseq->tcphdr->seqno) ? seqno : pcb->ooseq->tcphdr->seqno;
1675
#endif /* LWIP_TCP_SACK_OUT */
1676
0
          struct tcp_seg *next, *prev = NULL;
1677
0
          for (next = pcb->ooseq; next != NULL; next = next->next) {
1678
0
            if (seqno == next->tcphdr->seqno) {
1679
              /* The sequence number of the incoming segment is the
1680
                 same as the sequence number of the segment on
1681
                 ->ooseq. We check the lengths to see which one to
1682
                 discard. */
1683
0
              if (inseg.len > next->len) {
1684
                /* The incoming segment is larger than the old
1685
                   segment. We replace some segments with the new
1686
                   one. */
1687
0
                struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1688
0
                if (cseg != NULL) {
1689
0
                  if (prev != NULL) {
1690
0
                    prev->next = cseg;
1691
0
                  } else {
1692
0
                    pcb->ooseq = cseg;
1693
0
                  }
1694
0
                  tcp_oos_insert_segment(cseg, next);
1695
0
                }
1696
0
                break;
1697
0
              } else {
1698
                /* Either the lengths are the same or the incoming
1699
                   segment was smaller than the old one; in either
1700
                   case, we ditch the incoming segment. */
1701
0
                break;
1702
0
              }
1703
0
            } else {
1704
0
              if (prev == NULL) {
1705
0
                if (TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {
1706
                  /* The sequence number of the incoming segment is lower
1707
                     than the sequence number of the first segment on the
1708
                     queue. We put the incoming segment first on the
1709
                     queue. */
1710
0
                  struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1711
0
                  if (cseg != NULL) {
1712
0
                    pcb->ooseq = cseg;
1713
0
                    tcp_oos_insert_segment(cseg, next);
1714
0
                  }
1715
0
                  break;
1716
0
                }
1717
0
              } else {
1718
                /*if (TCP_SEQ_LT(prev->tcphdr->seqno, seqno) &&
1719
                  TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {*/
1720
0
                if (TCP_SEQ_BETWEEN(seqno, prev->tcphdr->seqno + 1, next->tcphdr->seqno - 1)) {
1721
                  /* The sequence number of the incoming segment is in
1722
                     between the sequence numbers of the previous and
1723
                     the next segment on ->ooseq. We trim trim the previous
1724
                     segment, delete next segments that included in received segment
1725
                     and trim received, if needed. */
1726
0
                  struct tcp_seg *cseg = tcp_seg_copy(&inseg);
1727
0
                  if (cseg != NULL) {
1728
0
                    if (TCP_SEQ_GT(prev->tcphdr->seqno + prev->len, seqno)) {
1729
                      /* We need to trim the prev segment. */
1730
0
                      prev->len = (u16_t)(seqno - prev->tcphdr->seqno);
1731
0
                      pbuf_realloc(prev->p, prev->len);
1732
0
                    }
1733
0
                    prev->next = cseg;
1734
0
                    tcp_oos_insert_segment(cseg, next);
1735
0
                  }
1736
0
                  break;
1737
0
                }
1738
0
              }
1739
1740
#if LWIP_TCP_SACK_OUT
1741
              /* The new segment goes after the 'next' one. If there is a "hole" in sequence numbers
1742
                 between 'prev' and the beginning of 'next', we want to move sackbeg. */
1743
              if (prev != NULL && prev->tcphdr->seqno + prev->len != next->tcphdr->seqno) {
1744
                sackbeg = next->tcphdr->seqno;
1745
              }
1746
#endif /* LWIP_TCP_SACK_OUT */
1747
1748
              /* We don't use 'prev' below, so let's set it to current 'next'.
1749
                 This way even if we break the loop below, 'prev' will be pointing
1750
                 at the segment right in front of the newly added one. */
1751
0
              prev = next;
1752
1753
              /* If the "next" segment is the last segment on the
1754
                 ooseq queue, we add the incoming segment to the end
1755
                 of the list. */
1756
0
              if (next->next == NULL &&
1757
0
                  TCP_SEQ_GT(seqno, next->tcphdr->seqno)) {
1758
0
                if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
1759
                  /* segment "next" already contains all data */
1760
0
                  break;
1761
0
                }
1762
0
                next->next = tcp_seg_copy(&inseg);
1763
0
                if (next->next != NULL) {
1764
0
                  if (TCP_SEQ_GT(next->tcphdr->seqno + next->len, seqno)) {
1765
                    /* We need to trim the last segment. */
1766
0
                    next->len = (u16_t)(seqno - next->tcphdr->seqno);
1767
0
                    pbuf_realloc(next->p, next->len);
1768
0
                  }
1769
                  /* check if the remote side overruns our receive window */
1770
0
                  if (TCP_SEQ_GT((u32_t)tcplen + seqno, pcb->rcv_nxt + (u32_t)pcb->rcv_wnd)) {
1771
0
                    LWIP_DEBUGF(TCP_INPUT_DEBUG,
1772
0
                                ("tcp_receive: other end overran receive window"
1773
0
                                 "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
1774
0
                                 seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
1775
0
                    if (TCPH_FLAGS(next->next->tcphdr) & TCP_FIN) {
1776
                      /* Must remove the FIN from the header as we're trimming
1777
                       * that byte of sequence-space from the packet */
1778
0
                      TCPH_FLAGS_SET(next->next->tcphdr, TCPH_FLAGS(next->next->tcphdr) & ~TCP_FIN);
1779
0
                    }
1780
                    /* Adjust length of segment to fit in the window. */
1781
0
                    next->next->len = (u16_t)(pcb->rcv_nxt + pcb->rcv_wnd - seqno);
1782
0
                    pbuf_realloc(next->next->p, next->next->len);
1783
0
                    tcplen = TCP_TCPLEN(next->next);
1784
0
                    LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd\n",
1785
0
                                (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
1786
0
                  }
1787
0
                }
1788
0
                break;
1789
0
              }
1790
0
            }
1791
0
          }
1792
1793
#if LWIP_TCP_SACK_OUT
1794
          if (pcb->flags & TF_SACK) {
1795
            if (prev == NULL) {
1796
              /* The new segment is at the beginning. sackbeg should already be set properly.
1797
                 We need to find the right edge. */
1798
              next = pcb->ooseq;
1799
            } else if (prev->next != NULL) {
1800
              /* The new segment was added after 'prev'. If there is a "hole" between 'prev' and 'prev->next',
1801
                 we need to move sackbeg. After that we should find the right edge. */
1802
              next = prev->next;
1803
              if (prev->tcphdr->seqno + prev->len != next->tcphdr->seqno) {
1804
                sackbeg = next->tcphdr->seqno;
1805
              }
1806
            } else {
1807
              next = NULL;
1808
            }
1809
            if (next != NULL) {
1810
              u32_t sackend = next->tcphdr->seqno;
1811
              for ( ; (next != NULL) && (sackend == next->tcphdr->seqno); next = next->next) {
1812
                sackend += next->len;
1813
              }
1814
              tcp_add_sack(pcb, sackbeg, sackend);
1815
            }
1816
          }
1817
#endif /* LWIP_TCP_SACK_OUT */
1818
0
        }
1819
#if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
1820
        {
1821
          /* Check that the data on ooseq doesn't exceed one of the limits
1822
             and throw away everything above that limit. */
1823
#ifdef TCP_OOSEQ_BYTES_LIMIT
1824
          const u32_t ooseq_max_blen = TCP_OOSEQ_BYTES_LIMIT(pcb);
1825
          u32_t ooseq_blen = 0;
1826
#endif
1827
#ifdef TCP_OOSEQ_PBUFS_LIMIT
1828
          const u16_t ooseq_max_qlen = TCP_OOSEQ_PBUFS_LIMIT(pcb);
1829
          u16_t ooseq_qlen = 0;
1830
#endif
1831
          struct tcp_seg *next, *prev = NULL;
1832
          for (next = pcb->ooseq; next != NULL; prev = next, next = next->next) {
1833
            struct pbuf *p = next->p;
1834
            int stop_here = 0;
1835
#ifdef TCP_OOSEQ_BYTES_LIMIT
1836
            ooseq_blen += p->tot_len;
1837
            if (ooseq_blen > ooseq_max_blen) {
1838
              stop_here = 1;
1839
            }
1840
#endif
1841
#ifdef TCP_OOSEQ_PBUFS_LIMIT
1842
            ooseq_qlen += pbuf_clen(p);
1843
            if (ooseq_qlen > ooseq_max_qlen) {
1844
              stop_here = 1;
1845
            }
1846
#endif
1847
            if (stop_here) {
1848
#if LWIP_TCP_SACK_OUT
1849
              if (pcb->flags & TF_SACK) {
1850
                /* Let's remove all SACKs from next's seqno up. */
1851
                tcp_remove_sacks_gt(pcb, next->tcphdr->seqno);
1852
              }
1853
#endif /* LWIP_TCP_SACK_OUT */
1854
              /* too much ooseq data, dump this and everything after it */
1855
              tcp_segs_free(next);
1856
              if (prev == NULL) {
1857
                /* first ooseq segment is too much, dump the whole queue */
1858
                pcb->ooseq = NULL;
1859
              } else {
1860
                /* just dump 'next' and everything after it */
1861
                prev->next = NULL;
1862
              }
1863
              break;
1864
            }
1865
          }
1866
        }
1867
#endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
1868
0
#endif /* TCP_QUEUE_OOSEQ */
1869
1870
        /* We send the ACK packet after we've (potentially) dealt with SACKs,
1871
           so they can be included in the acknowledgment. */
1872
0
        tcp_send_empty_ack(pcb);
1873
0
      }
1874
0
    } else {
1875
      /* The incoming segment is not within the window. */
1876
0
      tcp_send_empty_ack(pcb);
1877
0
    }
1878
0
  } else {
1879
    /* Segments with length 0 is taken care of here. Segments that
1880
       fall out of the window are ACKed. */
1881
0
    if (!TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd - 1)) {
1882
0
      tcp_ack_now(pcb);
1883
0
    }
1884
0
  }
1885
0
}
1886
1887
static u8_t
1888
tcp_get_next_optbyte(void)
1889
0
{
1890
0
  u16_t optidx = tcp_optidx++;
1891
0
  if ((tcphdr_opt2 == NULL) || (optidx < tcphdr_opt1len)) {
1892
0
    u8_t *opts = (u8_t *)tcphdr + TCP_HLEN;
1893
0
    return opts[optidx];
1894
0
  } else {
1895
0
    u8_t idx = (u8_t)(optidx - tcphdr_opt1len);
1896
0
    return tcphdr_opt2[idx];
1897
0
  }
1898
0
}
1899
1900
/**
1901
 * Parses the options contained in the incoming segment.
1902
 *
1903
 * Called from tcp_listen_input() and tcp_process().
1904
 * Currently, only the MSS option is supported!
1905
 *
1906
 * @param pcb the tcp_pcb for which a segment arrived
1907
 */
1908
static void
1909
tcp_parseopt(struct tcp_pcb *pcb)
1910
0
{
1911
0
  u8_t data;
1912
0
  u16_t mss;
1913
#if LWIP_TCP_TIMESTAMPS
1914
  u32_t tsval;
1915
#endif
1916
1917
0
  LWIP_ASSERT("tcp_parseopt: invalid pcb", pcb != NULL);
1918
1919
  /* Parse the TCP MSS option, if present. */
1920
0
  if (tcphdr_optlen != 0) {
1921
0
    for (tcp_optidx = 0; tcp_optidx < tcphdr_optlen; ) {
1922
0
      u8_t opt = tcp_get_next_optbyte();
1923
0
      switch (opt) {
1924
0
        case LWIP_TCP_OPT_EOL:
1925
          /* End of options. */
1926
0
          LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: EOL\n"));
1927
0
          return;
1928
0
        case LWIP_TCP_OPT_NOP:
1929
          /* NOP option. */
1930
0
          LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: NOP\n"));
1931
0
          break;
1932
0
        case LWIP_TCP_OPT_MSS:
1933
0
          LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: MSS\n"));
1934
0
          if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_MSS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_MSS) > tcphdr_optlen) {
1935
            /* Bad length */
1936
0
            LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1937
0
            return;
1938
0
          }
1939
          /* An MSS option with the right option length. */
1940
0
          mss = (u16_t)(tcp_get_next_optbyte() << 8);
1941
0
          mss |= tcp_get_next_optbyte();
1942
          /* Limit the mss to the configured TCP_MSS and prevent division by zero */
1943
0
          pcb->mss = ((mss > TCP_MSS) || (mss == 0)) ? TCP_MSS : mss;
1944
0
          break;
1945
#if LWIP_WND_SCALE
1946
        case LWIP_TCP_OPT_WS:
1947
          LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: WND_SCALE\n"));
1948
          if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_WS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_WS) > tcphdr_optlen) {
1949
            /* Bad length */
1950
            LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1951
            return;
1952
          }
1953
          /* An WND_SCALE option with the right option length. */
1954
          data = tcp_get_next_optbyte();
1955
          /* If syn was received with wnd scale option,
1956
             activate wnd scale opt, but only if this is not a retransmission */
1957
          if ((flags & TCP_SYN) && !(pcb->flags & TF_WND_SCALE)) {
1958
            pcb->snd_scale = data;
1959
            if (pcb->snd_scale > 14U) {
1960
              pcb->snd_scale = 14U;
1961
            }
1962
            pcb->rcv_scale = TCP_RCV_SCALE;
1963
            tcp_set_flags(pcb, TF_WND_SCALE);
1964
            /* window scaling is enabled, we can use the full receive window */
1965
            LWIP_ASSERT("window not at default value", pcb->rcv_wnd == TCPWND_MIN16(TCP_WND));
1966
            LWIP_ASSERT("window not at default value", pcb->rcv_ann_wnd == TCPWND_MIN16(TCP_WND));
1967
            pcb->rcv_wnd = pcb->rcv_ann_wnd = TCP_WND;
1968
          }
1969
          break;
1970
#endif /* LWIP_WND_SCALE */
1971
#if LWIP_TCP_TIMESTAMPS
1972
        case LWIP_TCP_OPT_TS:
1973
          LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: TS\n"));
1974
          if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_TS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_TS) > tcphdr_optlen) {
1975
            /* Bad length */
1976
            LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1977
            return;
1978
          }
1979
          /* TCP timestamp option with valid length */
1980
          tsval = tcp_get_next_optbyte();
1981
          tsval |= (tcp_get_next_optbyte() << 8);
1982
          tsval |= (tcp_get_next_optbyte() << 16);
1983
          tsval |= (tcp_get_next_optbyte() << 24);
1984
          if (flags & TCP_SYN) {
1985
            pcb->ts_recent = lwip_ntohl(tsval);
1986
            /* Enable sending timestamps in every segment now that we know
1987
               the remote host supports it. */
1988
            tcp_set_flags(pcb, TF_TIMESTAMP);
1989
          } else if (TCP_SEQ_BETWEEN(pcb->ts_lastacksent, seqno, seqno + tcplen)) {
1990
            pcb->ts_recent = lwip_ntohl(tsval);
1991
          }
1992
          /* Advance to next option (6 bytes already read) */
1993
          tcp_optidx += LWIP_TCP_OPT_LEN_TS - 6;
1994
          break;
1995
#endif /* LWIP_TCP_TIMESTAMPS */
1996
#if LWIP_TCP_SACK_OUT
1997
        case LWIP_TCP_OPT_SACK_PERM:
1998
          LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: SACK_PERM\n"));
1999
          if (tcp_get_next_optbyte() != LWIP_TCP_OPT_LEN_SACK_PERM || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_SACK_PERM) > tcphdr_optlen) {
2000
            /* Bad length */
2001
            LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
2002
            return;
2003
          }
2004
          /* TCP SACK_PERM option with valid length */
2005
          if (flags & TCP_SYN) {
2006
            /* We only set it if we receive it in a SYN (or SYN+ACK) packet */
2007
            tcp_set_flags(pcb, TF_SACK);
2008
          }
2009
          break;
2010
#endif /* LWIP_TCP_SACK_OUT */
2011
0
        default:
2012
0
          LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: other\n"));
2013
0
          data = tcp_get_next_optbyte();
2014
0
          if (data < 2) {
2015
0
            LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
2016
            /* If the length field is zero, the options are malformed
2017
               and we don't process them further. */
2018
0
            return;
2019
0
          }
2020
          /* All other options have a length field, so that we easily
2021
             can skip past them. */
2022
0
          tcp_optidx += data - 2;
2023
0
      }
2024
0
    }
2025
0
  }
2026
0
}
2027
2028
void
2029
tcp_trigger_input_pcb_close(void)
2030
0
{
2031
0
  recv_flags |= TF_CLOSED;
2032
0
}
2033
2034
#if LWIP_TCP_SACK_OUT
2035
/**
2036
 * Called by tcp_receive() to add new SACK entry.
2037
 *
2038
 * The new SACK entry will be placed at the beginning of rcv_sacks[], as the newest one.
2039
 * Existing SACK entries will be "pushed back", to preserve their order.
2040
 * This is the behavior described in RFC 2018, section 4.
2041
 *
2042
 * @param pcb the tcp_pcb for which a segment arrived
2043
 * @param left the left side of the SACK (the first sequence number)
2044
 * @param right the right side of the SACK (the first sequence number past this SACK)
2045
 */
2046
static void
2047
tcp_add_sack(struct tcp_pcb *pcb, u32_t left, u32_t right)
2048
{
2049
  u8_t i;
2050
  u8_t unused_idx;
2051
2052
  if ((pcb->flags & TF_SACK) == 0 || !TCP_SEQ_LT(left, right)) {
2053
    return;
2054
  }
2055
2056
  /* First, let's remove all SACKs that are no longer needed (because they overlap with the newest one),
2057
     while moving all other SACKs forward.
2058
     We run this loop for all entries, until we find the first invalid one.
2059
     There is no point checking after that. */
2060
  for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2061
    /* We only want to use SACK at [i] if it doesn't overlap with left:right range.
2062
       It does not overlap if its right side is before the newly added SACK,
2063
       or if its left side is after the newly added SACK.
2064
       NOTE: The equality should not really happen, but it doesn't hurt. */
2065
    if (TCP_SEQ_LEQ(pcb->rcv_sacks[i].right, left) || TCP_SEQ_LEQ(right, pcb->rcv_sacks[i].left)) {
2066
      if (unused_idx != i) {
2067
        /* We don't need to copy if it's already in the right spot */
2068
        pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2069
      }
2070
      ++unused_idx;
2071
    }
2072
  }
2073
2074
  /* Now 'unused_idx' is the index of the first invalid SACK entry,
2075
     anywhere between 0 (no valid entries) and LWIP_TCP_MAX_SACK_NUM (all entries are valid).
2076
     We want to clear this and all following SACKs.
2077
     However, we will be adding another one in the front (and shifting everything else back).
2078
     So let's just iterate from the back, and set each entry to the one to the left if it's valid,
2079
     or to 0 if it is not. */
2080
  for (i = LWIP_TCP_MAX_SACK_NUM - 1; i > 0; --i) {
2081
    /* [i] is the index we are setting, and the value should be at index [i-1],
2082
       or 0 if that index is unused (>= unused_idx). */
2083
    if (i - 1 >= unused_idx) {
2084
      /* [i-1] is unused. Let's clear [i]. */
2085
      pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2086
    } else {
2087
      pcb->rcv_sacks[i] = pcb->rcv_sacks[i - 1];
2088
    }
2089
  }
2090
2091
  /* And now we can store the newest SACK */
2092
  pcb->rcv_sacks[0].left = left;
2093
  pcb->rcv_sacks[0].right = right;
2094
}
2095
2096
/**
2097
 * Called to remove a range of SACKs.
2098
 *
2099
 * SACK entries will be removed or adjusted to not acknowledge any sequence
2100
 * numbers that are less than 'seq' passed. It not only invalidates entries,
2101
 * but also moves all entries that are still valid to the beginning.
2102
 *
2103
 * @param pcb the tcp_pcb to modify
2104
 * @param seq the lowest sequence number to keep in SACK entries
2105
 */
2106
static void
2107
tcp_remove_sacks_lt(struct tcp_pcb *pcb, u32_t seq)
2108
{
2109
  u8_t i;
2110
  u8_t unused_idx;
2111
2112
  /* We run this loop for all entries, until we find the first invalid one.
2113
     There is no point checking after that. */
2114
  for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2115
    /* We only want to use SACK at index [i] if its right side is > 'seq'. */
2116
    if (TCP_SEQ_GT(pcb->rcv_sacks[i].right, seq)) {
2117
      if (unused_idx != i) {
2118
        /* We only copy it if it's not in the right spot already. */
2119
        pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2120
      }
2121
      /* NOTE: It is possible that its left side is < 'seq', in which case we should adjust it. */
2122
      if (TCP_SEQ_LT(pcb->rcv_sacks[unused_idx].left, seq)) {
2123
        pcb->rcv_sacks[unused_idx].left = seq;
2124
      }
2125
      ++unused_idx;
2126
    }
2127
  }
2128
2129
  /* We also need to invalidate everything from 'unused_idx' till the end */
2130
  for (i = unused_idx; i < LWIP_TCP_MAX_SACK_NUM; ++i) {
2131
    pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2132
  }
2133
}
2134
2135
#if defined(TCP_OOSEQ_BYTES_LIMIT) || defined(TCP_OOSEQ_PBUFS_LIMIT)
2136
/**
2137
 * Called to remove a range of SACKs.
2138
 *
2139
 * SACK entries will be removed or adjusted to not acknowledge any sequence
2140
 * numbers that are greater than (or equal to) 'seq' passed. It not only invalidates entries,
2141
 * but also moves all entries that are still valid to the beginning.
2142
 *
2143
 * @param pcb the tcp_pcb to modify
2144
 * @param seq the highest sequence number to keep in SACK entries
2145
 */
2146
static void
2147
tcp_remove_sacks_gt(struct tcp_pcb *pcb, u32_t seq)
2148
{
2149
  u8_t i;
2150
  u8_t unused_idx;
2151
2152
  /* We run this loop for all entries, until we find the first invalid one.
2153
     There is no point checking after that. */
2154
  for (i = unused_idx = 0; (i < LWIP_TCP_MAX_SACK_NUM) && LWIP_TCP_SACK_VALID(pcb, i); ++i) {
2155
    /* We only want to use SACK at index [i] if its left side is < 'seq'. */
2156
    if (TCP_SEQ_LT(pcb->rcv_sacks[i].left, seq)) {
2157
      if (unused_idx != i) {
2158
        /* We only copy it if it's not in the right spot already. */
2159
        pcb->rcv_sacks[unused_idx] = pcb->rcv_sacks[i];
2160
      }
2161
      /* NOTE: It is possible that its right side is > 'seq', in which case we should adjust it. */
2162
      if (TCP_SEQ_GT(pcb->rcv_sacks[unused_idx].right, seq)) {
2163
        pcb->rcv_sacks[unused_idx].right = seq;
2164
      }
2165
      ++unused_idx;
2166
    }
2167
  }
2168
2169
  /* We also need to invalidate everything from 'unused_idx' till the end */
2170
  for (i = unused_idx; i < LWIP_TCP_MAX_SACK_NUM; ++i) {
2171
    pcb->rcv_sacks[i].left = pcb->rcv_sacks[i].right = 0;
2172
  }
2173
}
2174
#endif /* TCP_OOSEQ_BYTES_LIMIT || TCP_OOSEQ_PBUFS_LIMIT */
2175
2176
#endif /* LWIP_TCP_SACK_OUT */
2177
2178
#endif /* LWIP_TCP */