1/*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994, 1995 5 * The Regents of the University of California. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33/*- 34 * 35 * NRL grants permission for redistribution and use in source and binary 36 * forms, with or without modification, of the software and documentation 37 * created at NRL provided that the following conditions are met: 38 * 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. All advertising materials mentioning features or use of this software 45 * must display the following acknowledgements: 46 * This product includes software developed by the University of 47 * California, Berkeley and its contributors. 48 * This product includes software developed at the Information 49 * Technology Division, US Naval Research Laboratory. 50 * 4. Neither the name of the NRL nor the names of its contributors 51 * may be used to endorse or promote products derived from this software 52 * without specific prior written permission. 53 * 54 * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS 55 * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 56 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 57 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR 58 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 59 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 60 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 61 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 62 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 63 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 64 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 65 * 66 * The views and conclusions contained in the software and documentation 67 * are those of the authors and should not be interpreted as representing 68 * official policies, either expressed or implied, of the US Naval 69 * Research Laboratory (NRL). 70 */ 71 72#include <sys/cdefs.h> 73#include "opt_inet.h" 74#include "opt_inet6.h" 75 76#include <sys/param.h> 77#include <sys/systm.h> 78#include <sys/kernel.h> 79#include <sys/sysctl.h> 80#include <sys/malloc.h> 81#include <sys/mbuf.h> 82#include <sys/proc.h> /* for proc0 declaration */ 83#include <sys/protosw.h> 84#include <sys/socket.h> 85#include <sys/socketvar.h> 86#include <sys/syslog.h> 87#include <sys/systm.h> 88 89#include <machine/cpu.h> /* before tcp_seq.h, for tcp_random18() */ 90 91#include <vm/uma.h> 92 93#include <net/if.h> 94#include <net/if_var.h> 95#include <net/route.h> 96#include <net/vnet.h> 97 98#include <netinet/in.h> 99#include <netinet/in_systm.h> 100#include <netinet/ip.h> 101#include <netinet/in_var.h> 102#include <netinet/in_pcb.h> 103#include <netinet/ip_var.h> 104#include <netinet/ip6.h> 105#include <netinet/icmp6.h> 106#include <netinet6/nd6.h> 107#include <netinet6/ip6_var.h> 108#include <netinet6/in6_pcb.h> 109#include <netinet/tcp.h> 110#include <netinet/tcp_fsm.h> 111#include <netinet/tcp_seq.h> 112#include <netinet/tcp_timer.h> 113#include <netinet/tcp_var.h> 114#include <netinet/tcpip.h> 115#include <netinet/cc/cc.h> 116 117#include <machine/in_cksum.h> 118 119VNET_DECLARE(struct uma_zone *, sack_hole_zone); 120#define V_sack_hole_zone VNET(sack_hole_zone) 121 122SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 123 "TCP SACK"); 124 125VNET_DEFINE(int, tcp_do_sack) = 1; 126SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, enable, CTLFLAG_VNET | CTLFLAG_RW, 127 &VNET_NAME(tcp_do_sack), 0, 128 "Enable/Disable TCP SACK support"); 129 130VNET_DEFINE(int, tcp_do_newsack) = 1; 131SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, revised, CTLFLAG_VNET | CTLFLAG_RW, 132 &VNET_NAME(tcp_do_newsack), 0, 133 "Use revised SACK loss recovery per RFC 6675"); 134 135VNET_DEFINE(int, tcp_do_lrd) = 1; 136SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, lrd, CTLFLAG_VNET | CTLFLAG_RW, 137 &VNET_NAME(tcp_do_lrd), 1, 138 "Perform Lost Retransmission Detection"); 139 140VNET_DEFINE(int, tcp_sack_tso) = 0; 141SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, tso, CTLFLAG_VNET | CTLFLAG_RW, 142 &VNET_NAME(tcp_sack_tso), 0, 143 "Allow TSO during SACK loss recovery"); 144 145VNET_DEFINE(int, tcp_sack_maxholes) = 128; 146SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, maxholes, CTLFLAG_VNET | CTLFLAG_RW, 147 &VNET_NAME(tcp_sack_maxholes), 0, 148 "Maximum number of TCP SACK holes allowed per connection"); 149 150VNET_DEFINE(int, tcp_sack_globalmaxholes) = 65536; 151SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalmaxholes, CTLFLAG_VNET | CTLFLAG_RW, 152 &VNET_NAME(tcp_sack_globalmaxholes), 0, 153 "Global maximum number of TCP SACK holes"); 154 155VNET_DEFINE(int, tcp_sack_globalholes) = 0; 156SYSCTL_INT(_net_inet_tcp_sack, OID_AUTO, globalholes, CTLFLAG_VNET | CTLFLAG_RD, 157 &VNET_NAME(tcp_sack_globalholes), 0, 158 "Global number of TCP SACK holes currently allocated"); 159 160int 161tcp_dsack_block_exists(struct tcpcb *tp) 162{ 163 /* Return true if a DSACK block exists */ 164 if (tp->rcv_numsacks == 0) 165 return (0); 166 if (SEQ_LEQ(tp->sackblks[0].end, tp->rcv_nxt)) 167 return(1); 168 return (0); 169} 170 171/* 172 * This function will find overlaps with the currently stored sackblocks 173 * and add any overlap as a dsack block upfront 174 */ 175void 176tcp_update_dsack_list(struct tcpcb *tp, tcp_seq rcv_start, tcp_seq rcv_end) 177{ 178 struct sackblk head_blk,mid_blk,saved_blks[MAX_SACK_BLKS]; 179 int i, j, n, identical; 180 tcp_seq start, end; 181 182 INP_WLOCK_ASSERT(tptoinpcb(tp)); 183 184 KASSERT(SEQ_LT(rcv_start, rcv_end), ("rcv_start < rcv_end")); 185 186 if (SEQ_LT(rcv_end, tp->rcv_nxt) || 187 ((rcv_end == tp->rcv_nxt) && 188 (tp->rcv_numsacks > 0 ) && 189 (tp->sackblks[0].end == tp->rcv_nxt))) { 190 saved_blks[0].start = rcv_start; 191 saved_blks[0].end = rcv_end; 192 } else { 193 saved_blks[0].start = saved_blks[0].end = 0; 194 } 195 196 head_blk.start = head_blk.end = 0; 197 mid_blk.start = rcv_start; 198 mid_blk.end = rcv_end; 199 identical = 0; 200 201 for (i = 0; i < tp->rcv_numsacks; i++) { 202 start = tp->sackblks[i].start; 203 end = tp->sackblks[i].end; 204 if (SEQ_LT(rcv_end, start)) { 205 /* pkt left to sack blk */ 206 continue; 207 } 208 if (SEQ_GT(rcv_start, end)) { 209 /* pkt right to sack blk */ 210 continue; 211 } 212 if (SEQ_GT(tp->rcv_nxt, end)) { 213 if ((SEQ_MAX(rcv_start, start) != SEQ_MIN(rcv_end, end)) && 214 (SEQ_GT(head_blk.start, SEQ_MAX(rcv_start, start)) || 215 (head_blk.start == head_blk.end))) { 216 head_blk.start = SEQ_MAX(rcv_start, start); 217 head_blk.end = SEQ_MIN(rcv_end, end); 218 } 219 continue; 220 } 221 if (((head_blk.start == head_blk.end) || 222 SEQ_LT(start, head_blk.start)) && 223 (SEQ_GT(end, rcv_start) && 224 SEQ_LEQ(start, rcv_end))) { 225 head_blk.start = start; 226 head_blk.end = end; 227 } 228 mid_blk.start = SEQ_MIN(mid_blk.start, start); 229 mid_blk.end = SEQ_MAX(mid_blk.end, end); 230 if ((mid_blk.start == start) && 231 (mid_blk.end == end)) 232 identical = 1; 233 } 234 if (SEQ_LT(head_blk.start, head_blk.end)) { 235 /* store overlapping range */ 236 saved_blks[0].start = SEQ_MAX(rcv_start, head_blk.start); 237 saved_blks[0].end = SEQ_MIN(rcv_end, head_blk.end); 238 } 239 n = 1; 240 /* 241 * Second, if not ACKed, store the SACK block that 242 * overlaps with the DSACK block unless it is identical 243 */ 244 if ((SEQ_LT(tp->rcv_nxt, mid_blk.end) && 245 !((mid_blk.start == saved_blks[0].start) && 246 (mid_blk.end == saved_blks[0].end))) || 247 identical == 1) { 248 saved_blks[n].start = mid_blk.start; 249 saved_blks[n++].end = mid_blk.end; 250 } 251 for (j = 0; (j < tp->rcv_numsacks) && (n < MAX_SACK_BLKS); j++) { 252 if (((SEQ_LT(tp->sackblks[j].end, mid_blk.start) || 253 SEQ_GT(tp->sackblks[j].start, mid_blk.end)) && 254 (SEQ_GT(tp->sackblks[j].start, tp->rcv_nxt)))) 255 saved_blks[n++] = tp->sackblks[j]; 256 } 257 j = 0; 258 for (i = 0; i < n; i++) { 259 /* we can end up with a stale initial entry */ 260 if (SEQ_LT(saved_blks[i].start, saved_blks[i].end)) { 261 tp->sackblks[j++] = saved_blks[i]; 262 } 263 } 264 tp->rcv_numsacks = j; 265} 266 267/* 268 * This function is called upon receipt of new valid data (while not in 269 * header prediction mode), and it updates the ordered list of sacks. 270 */ 271void 272tcp_update_sack_list(struct tcpcb *tp, tcp_seq rcv_start, tcp_seq rcv_end) 273{ 274 /* 275 * First reported block MUST be the most recent one. Subsequent 276 * blocks SHOULD be in the order in which they arrived at the 277 * receiver. These two conditions make the implementation fully 278 * compliant with RFC 2018. 279 */ 280 struct sackblk head_blk, saved_blks[MAX_SACK_BLKS]; 281 int num_head, num_saved, i; 282 283 INP_WLOCK_ASSERT(tptoinpcb(tp)); 284 285 /* Check arguments. */ 286 KASSERT(SEQ_LEQ(rcv_start, rcv_end), ("rcv_start <= rcv_end")); 287 288 if ((rcv_start == rcv_end) && 289 (tp->rcv_numsacks >= 1) && 290 (rcv_end == tp->sackblks[0].end)) { 291 /* retaining DSACK block below rcv_nxt (todrop) */ 292 head_blk = tp->sackblks[0]; 293 } else { 294 /* SACK block for the received segment. */ 295 head_blk.start = rcv_start; 296 head_blk.end = rcv_end; 297 } 298 299 /* 300 * Merge updated SACK blocks into head_blk, and save unchanged SACK 301 * blocks into saved_blks[]. num_saved will have the number of the 302 * saved SACK blocks. 303 */ 304 num_saved = 0; 305 for (i = 0; i < tp->rcv_numsacks; i++) { 306 tcp_seq start = tp->sackblks[i].start; 307 tcp_seq end = tp->sackblks[i].end; 308 if (SEQ_GEQ(start, end) || SEQ_LEQ(start, tp->rcv_nxt)) { 309 /* 310 * Discard this SACK block. 311 */ 312 } else if (SEQ_LEQ(head_blk.start, end) && 313 SEQ_GEQ(head_blk.end, start)) { 314 /* 315 * Merge this SACK block into head_blk. This SACK 316 * block itself will be discarded. 317 */ 318 /* 319 * |-| 320 * |---| merge 321 * 322 * |-| 323 * |---| merge 324 * 325 * |-----| 326 * |-| DSACK smaller 327 * 328 * |-| 329 * |-----| DSACK smaller 330 */ 331 if (head_blk.start == end) 332 head_blk.start = start; 333 else if (head_blk.end == start) 334 head_blk.end = end; 335 else { 336 if (SEQ_LT(head_blk.start, start)) { 337 tcp_seq temp = start; 338 start = head_blk.start; 339 head_blk.start = temp; 340 } 341 if (SEQ_GT(head_blk.end, end)) { 342 tcp_seq temp = end; 343 end = head_blk.end; 344 head_blk.end = temp; 345 } 346 if ((head_blk.start != start) || 347 (head_blk.end != end)) { 348 if ((num_saved >= 1) && 349 SEQ_GEQ(saved_blks[num_saved-1].start, start) && 350 SEQ_LEQ(saved_blks[num_saved-1].end, end)) 351 num_saved--; 352 saved_blks[num_saved].start = start; 353 saved_blks[num_saved].end = end; 354 num_saved++; 355 } 356 } 357 } else { 358 /* 359 * This block supercedes the prior block 360 */ 361 if ((num_saved >= 1) && 362 SEQ_GEQ(saved_blks[num_saved-1].start, start) && 363 SEQ_LEQ(saved_blks[num_saved-1].end, end)) 364 num_saved--; 365 /* 366 * Save this SACK block. 367 */ 368 saved_blks[num_saved].start = start; 369 saved_blks[num_saved].end = end; 370 num_saved++; 371 } 372 } 373 374 /* 375 * Update SACK list in tp->sackblks[]. 376 */ 377 num_head = 0; 378 if (SEQ_LT(rcv_start, rcv_end)) { 379 /* 380 * The received data segment is an out-of-order segment. Put 381 * head_blk at the top of SACK list. 382 */ 383 tp->sackblks[0] = head_blk; 384 num_head = 1; 385 /* 386 * If the number of saved SACK blocks exceeds its limit, 387 * discard the last SACK block. 388 */ 389 if (num_saved >= MAX_SACK_BLKS) 390 num_saved--; 391 } 392 if ((rcv_start == rcv_end) && 393 (rcv_start == tp->sackblks[0].end)) { 394 num_head = 1; 395 } 396 if (num_saved > 0) { 397 /* 398 * Copy the saved SACK blocks back. 399 */ 400 bcopy(saved_blks, &tp->sackblks[num_head], 401 sizeof(struct sackblk) * num_saved); 402 } 403 404 /* Save the number of SACK blocks. */ 405 tp->rcv_numsacks = num_head + num_saved; 406} 407 408void 409tcp_clean_dsack_blocks(struct tcpcb *tp) 410{ 411 struct sackblk saved_blks[MAX_SACK_BLKS]; 412 int num_saved, i; 413 414 INP_WLOCK_ASSERT(tptoinpcb(tp)); 415 /* 416 * Clean up any DSACK blocks that 417 * are in our queue of sack blocks. 418 * 419 */ 420 num_saved = 0; 421 for (i = 0; i < tp->rcv_numsacks; i++) { 422 tcp_seq start = tp->sackblks[i].start; 423 tcp_seq end = tp->sackblks[i].end; 424 if (SEQ_GEQ(start, end) || SEQ_LEQ(start, tp->rcv_nxt)) { 425 /* 426 * Discard this D-SACK block. 427 */ 428 continue; 429 } 430 /* 431 * Save this SACK block. 432 */ 433 saved_blks[num_saved].start = start; 434 saved_blks[num_saved].end = end; 435 num_saved++; 436 } 437 if (num_saved > 0) { 438 /* 439 * Copy the saved SACK blocks back. 440 */ 441 bcopy(saved_blks, &tp->sackblks[0], 442 sizeof(struct sackblk) * num_saved); 443 } 444 tp->rcv_numsacks = num_saved; 445} 446 447/* 448 * Delete all receiver-side SACK information. 449 */ 450void 451tcp_clean_sackreport(struct tcpcb *tp) 452{ 453 int i; 454 455 INP_WLOCK_ASSERT(tptoinpcb(tp)); 456 tp->rcv_numsacks = 0; 457 for (i = 0; i < MAX_SACK_BLKS; i++) 458 tp->sackblks[i].start = tp->sackblks[i].end=0; 459} 460 461/* 462 * Allocate struct sackhole. 463 */ 464static struct sackhole * 465tcp_sackhole_alloc(struct tcpcb *tp, tcp_seq start, tcp_seq end) 466{ 467 struct sackhole *hole; 468 469 if (tp->snd_numholes >= V_tcp_sack_maxholes || 470 V_tcp_sack_globalholes >= V_tcp_sack_globalmaxholes) { 471 TCPSTAT_INC(tcps_sack_sboverflow); 472 return NULL; 473 } 474 475 hole = (struct sackhole *)uma_zalloc(V_sack_hole_zone, M_NOWAIT); 476 if (hole == NULL) 477 return NULL; 478 479 hole->start = start; 480 hole->end = end; 481 hole->rxmit = start; 482 483 tp->snd_numholes++; 484 atomic_add_int(&V_tcp_sack_globalholes, 1); 485 486 return hole; 487} 488 489/* 490 * Free struct sackhole. 491 */ 492static void 493tcp_sackhole_free(struct tcpcb *tp, struct sackhole *hole) 494{ 495 496 uma_zfree(V_sack_hole_zone, hole); 497 498 tp->snd_numholes--; 499 atomic_subtract_int(&V_tcp_sack_globalholes, 1); 500 501 KASSERT(tp->snd_numholes >= 0, ("tp->snd_numholes >= 0")); 502 KASSERT(V_tcp_sack_globalholes >= 0, ("tcp_sack_globalholes >= 0")); 503} 504 505/* 506 * Insert new SACK hole into scoreboard. 507 */ 508static struct sackhole * 509tcp_sackhole_insert(struct tcpcb *tp, tcp_seq start, tcp_seq end, 510 struct sackhole *after) 511{ 512 struct sackhole *hole; 513 514 /* Allocate a new SACK hole. */ 515 hole = tcp_sackhole_alloc(tp, start, end); 516 if (hole == NULL) 517 return NULL; 518 519 /* Insert the new SACK hole into scoreboard. */ 520 if (after != NULL) 521 TAILQ_INSERT_AFTER(&tp->snd_holes, after, hole, scblink); 522 else 523 TAILQ_INSERT_TAIL(&tp->snd_holes, hole, scblink); 524 525 /* Update SACK hint. */ 526 if (tp->sackhint.nexthole == NULL) 527 tp->sackhint.nexthole = hole; 528 529 return hole; 530} 531 532/* 533 * Remove SACK hole from scoreboard. 534 */ 535static void 536tcp_sackhole_remove(struct tcpcb *tp, struct sackhole *hole) 537{ 538 539 /* Update SACK hint. */ 540 if (tp->sackhint.nexthole == hole) 541 tp->sackhint.nexthole = TAILQ_NEXT(hole, scblink); 542 543 /* Remove this SACK hole. */ 544 TAILQ_REMOVE(&tp->snd_holes, hole, scblink); 545 546 /* Free this SACK hole. */ 547 tcp_sackhole_free(tp, hole); 548} 549 550/* 551 * Process cumulative ACK and the TCP SACK option to update the scoreboard. 552 * tp->snd_holes is an ordered list of holes (oldest to newest, in terms of 553 * the sequence space). 554 * Returns SACK_NEWLOSS if incoming ACK indicates ongoing loss (hole split, new hole), 555 * SACK_CHANGE if incoming ACK has previously unknown SACK information, 556 * SACK_NOCHANGE otherwise. 557 */ 558sackstatus_t 559tcp_sack_doack(struct tcpcb *tp, struct tcpopt *to, tcp_seq th_ack) 560{ 561 struct sackhole *cur, *temp; 562 struct sackblk sack, sack_blocks[TCP_MAX_SACK + 1], *sblkp; 563 int i, j, num_sack_blks; 564 sackstatus_t sack_changed; 565 int delivered_data, left_edge_delta; 566 int maxseg = tp->t_maxseg - MAX_TCPOPTLEN; 567 568 tcp_seq loss_hiack = 0; 569 int loss_thresh = 0; 570 int loss_sblks = 0; 571 int notlost_bytes = 0; 572 573 INP_WLOCK_ASSERT(tptoinpcb(tp)); 574 575 num_sack_blks = 0; 576 sack_changed = SACK_NOCHANGE; 577 delivered_data = 0; 578 left_edge_delta = 0; 579 /* 580 * If SND.UNA will be advanced by SEG.ACK, and if SACK holes exist, 581 * treat [SND.UNA, SEG.ACK) as if it is a SACK block. 582 * Account changes to SND.UNA always in delivered data. 583 */ 584 if (SEQ_LT(tp->snd_una, th_ack) && !TAILQ_EMPTY(&tp->snd_holes)) { 585 left_edge_delta = th_ack - tp->snd_una; 586 sack_blocks[num_sack_blks].start = tp->snd_una; 587 sack_blocks[num_sack_blks++].end = th_ack; 588 /* 589 * Pulling snd_fack forward if we got here 590 * due to DSACK blocks 591 */ 592 if (SEQ_LT(tp->snd_fack, th_ack)) { 593 delivered_data += th_ack - tp->snd_una; 594 tp->snd_fack = th_ack; 595 sack_changed = SACK_CHANGE; 596 } 597 } 598 /* 599 * Append received valid SACK blocks to sack_blocks[], but only if we 600 * received new blocks from the other side. 601 */ 602 if (to->to_flags & TOF_SACK) { 603 for (i = 0; i < to->to_nsacks; i++) { 604 bcopy((to->to_sacks + i * TCPOLEN_SACK), 605 &sack, sizeof(sack)); 606 sack.start = ntohl(sack.start); 607 sack.end = ntohl(sack.end); 608 if (SEQ_GT(sack.end, sack.start) && 609 SEQ_GT(sack.start, tp->snd_una) && 610 SEQ_GT(sack.start, th_ack) && 611 SEQ_LT(sack.start, tp->snd_max) && 612 SEQ_GT(sack.end, tp->snd_una) && 613 SEQ_LEQ(sack.end, tp->snd_max) && 614 ((sack.end - sack.start) >= maxseg || 615 SEQ_GEQ(sack.end, tp->snd_max))) { 616 sack_blocks[num_sack_blks++] = sack; 617 } else if (SEQ_LEQ(sack.start, th_ack) && 618 SEQ_LEQ(sack.end, th_ack)) { 619 /* 620 * Its a D-SACK block. 621 */ 622 tcp_record_dsack(tp, sack.start, sack.end, 0); 623 } 624 } 625 } 626 /* 627 * Return if SND.UNA is not advanced and no valid SACK block is 628 * received. 629 */ 630 if (num_sack_blks == 0) 631 return (sack_changed); 632 633 /* 634 * Sort the SACK blocks so we can update the scoreboard with just one 635 * pass. The overhead of sorting up to 4+1 elements is less than 636 * making up to 4+1 passes over the scoreboard. 637 */ 638 for (i = 0; i < num_sack_blks; i++) { 639 for (j = i + 1; j < num_sack_blks; j++) { 640 if (SEQ_GT(sack_blocks[i].end, sack_blocks[j].end)) { 641 sack = sack_blocks[i]; 642 sack_blocks[i] = sack_blocks[j]; 643 sack_blocks[j] = sack; 644 } 645 } 646 } 647 if (TAILQ_EMPTY(&tp->snd_holes)) { 648 /* 649 * Empty scoreboard. Need to initialize snd_fack (it may be 650 * uninitialized or have a bogus value). Scoreboard holes 651 * (from the sack blocks received) are created later below 652 * (in the logic that adds holes to the tail of the 653 * scoreboard). 654 */ 655 tp->snd_fack = SEQ_MAX(tp->snd_una, th_ack); 656 tp->sackhint.sacked_bytes = 0; /* reset */ 657 tp->sackhint.hole_bytes = 0; 658 } 659 /* 660 * In the while-loop below, incoming SACK blocks (sack_blocks[]) and 661 * SACK holes (snd_holes) are traversed from their tails with just 662 * one pass in order to reduce the number of compares especially when 663 * the bandwidth-delay product is large. 664 * 665 * Note: Typically, in the first RTT of SACK recovery, the highest 666 * three or four SACK blocks with the same ack number are received. 667 * In the second RTT, if retransmitted data segments are not lost, 668 * the highest three or four SACK blocks with ack number advancing 669 * are received. 670 */ 671 sblkp = &sack_blocks[num_sack_blks - 1]; /* Last SACK block */ 672 tp->sackhint.last_sack_ack = sblkp->end; 673 if (SEQ_LT(tp->snd_fack, sblkp->start)) { 674 /* 675 * The highest SACK block is beyond fack. First, 676 * check if there was a successful Rescue Retransmission, 677 * and move this hole left. With normal holes, snd_fack 678 * is always to the right of the end. 679 */ 680 if (((temp = TAILQ_LAST(&tp->snd_holes, sackhole_head)) != NULL) && 681 SEQ_LEQ(tp->snd_fack,temp->end)) { 682 tp->sackhint.hole_bytes -= temp->end - temp->start; 683 temp->start = SEQ_MAX(tp->snd_fack, SEQ_MAX(tp->snd_una, th_ack)); 684 temp->end = sblkp->start; 685 temp->rxmit = temp->start; 686 delivered_data += sblkp->end - sblkp->start; 687 tp->sackhint.hole_bytes += temp->end - temp->start; 688 KASSERT(tp->sackhint.hole_bytes >= 0, 689 ("sackhint hole bytes >= 0")); 690 tp->snd_fack = sblkp->end; 691 sblkp--; 692 sack_changed = SACK_NEWLOSS; 693 } else { 694 /* 695 * Append a new SACK hole at the tail. If the 696 * second or later highest SACK blocks are also 697 * beyond the current fack, they will be inserted 698 * by way of hole splitting in the while-loop below. 699 */ 700 temp = tcp_sackhole_insert(tp, tp->snd_fack,sblkp->start,NULL); 701 if (temp != NULL) { 702 delivered_data += sblkp->end - sblkp->start; 703 tp->sackhint.hole_bytes += temp->end - temp->start; 704 tp->snd_fack = sblkp->end; 705 /* Go to the previous sack block. */ 706 sblkp--; 707 sack_changed = SACK_CHANGE; 708 } else { 709 /* 710 * We failed to add a new hole based on the current 711 * sack block. Skip over all the sack blocks that 712 * fall completely to the right of snd_fack and 713 * proceed to trim the scoreboard based on the 714 * remaining sack blocks. This also trims the 715 * scoreboard for th_ack (which is sack_blocks[0]). 716 */ 717 while (sblkp >= sack_blocks && 718 SEQ_LT(tp->snd_fack, sblkp->start)) 719 sblkp--; 720 if (sblkp >= sack_blocks && 721 SEQ_LT(tp->snd_fack, sblkp->end)) { 722 delivered_data += sblkp->end - tp->snd_fack; 723 tp->snd_fack = sblkp->end; 724 /* 725 * While the Scoreboard didn't change in 726 * size, we only ended up here because 727 * some SACK data had to be dismissed. 728 */ 729 sack_changed = SACK_NEWLOSS; 730 } 731 } 732 } 733 } else if (SEQ_LT(tp->snd_fack, sblkp->end)) { 734 /* fack is advanced. */ 735 delivered_data += sblkp->end - tp->snd_fack; 736 tp->snd_fack = sblkp->end; 737 sack_changed = SACK_CHANGE; 738 } 739 cur = TAILQ_LAST(&tp->snd_holes, sackhole_head); /* Last SACK hole. */ 740 loss_hiack = tp->snd_fack; 741 742 /* 743 * Since the incoming sack blocks are sorted, we can process them 744 * making one sweep of the scoreboard. 745 */ 746 while (cur != NULL) { 747 if (!(sblkp >= sack_blocks)) { 748 if (((loss_sblks >= tcprexmtthresh) || 749 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 750 break; 751 loss_thresh += loss_hiack - cur->end; 752 loss_hiack = cur->start; 753 loss_sblks++; 754 if (!((loss_sblks >= tcprexmtthresh) || 755 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) { 756 notlost_bytes += cur->end - cur->start; 757 } else { 758 break; 759 } 760 cur = TAILQ_PREV(cur, sackhole_head, scblink); 761 continue; 762 } 763 if (SEQ_GEQ(sblkp->start, cur->end)) { 764 /* 765 * SACKs data beyond the current hole. Go to the 766 * previous sack block. 767 */ 768 sblkp--; 769 continue; 770 } 771 if (SEQ_LEQ(sblkp->end, cur->start)) { 772 /* 773 * SACKs data before the current hole. Go to the 774 * previous hole. 775 */ 776 loss_thresh += loss_hiack - cur->end; 777 loss_hiack = cur->start; 778 loss_sblks++; 779 if (!((loss_sblks >= tcprexmtthresh) || 780 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 781 notlost_bytes += cur->end - cur->start; 782 cur = TAILQ_PREV(cur, sackhole_head, scblink); 783 continue; 784 } 785 tp->sackhint.sack_bytes_rexmit -= 786 (SEQ_MIN(cur->rxmit, cur->end) - cur->start); 787 KASSERT(tp->sackhint.sack_bytes_rexmit >= 0, 788 ("sackhint bytes rtx >= 0")); 789 sack_changed = SACK_CHANGE; 790 if (SEQ_LEQ(sblkp->start, cur->start)) { 791 /* Data acks at least the beginning of hole. */ 792 if (SEQ_GEQ(sblkp->end, cur->end)) { 793 /* Acks entire hole, so delete hole. */ 794 delivered_data += (cur->end - cur->start); 795 temp = cur; 796 cur = TAILQ_PREV(cur, sackhole_head, scblink); 797 tp->sackhint.hole_bytes -= temp->end - temp->start; 798 tcp_sackhole_remove(tp, temp); 799 /* 800 * The sack block may ack all or part of the 801 * next hole too, so continue onto the next 802 * hole. 803 */ 804 continue; 805 } else { 806 /* Move start of hole forward. */ 807 delivered_data += (sblkp->end - cur->start); 808 tp->sackhint.hole_bytes -= sblkp->end - cur->start; 809 cur->start = sblkp->end; 810 cur->rxmit = SEQ_MAX(cur->rxmit, cur->start); 811 } 812 } else { 813 /* Data acks at least the end of hole. */ 814 if (SEQ_GEQ(sblkp->end, cur->end)) { 815 /* Move end of hole backward. */ 816 delivered_data += (cur->end - sblkp->start); 817 tp->sackhint.hole_bytes -= cur->end - sblkp->start; 818 cur->end = sblkp->start; 819 cur->rxmit = SEQ_MIN(cur->rxmit, cur->end); 820 if ((tp->t_flags & TF_LRD) && SEQ_GEQ(cur->rxmit, cur->end)) 821 cur->rxmit = tp->snd_recover; 822 } else { 823 /* 824 * ACKs some data in middle of a hole; need 825 * to split current hole 826 */ 827 temp = tcp_sackhole_insert(tp, sblkp->end, 828 cur->end, cur); 829 sack_changed = SACK_NEWLOSS; 830 if (temp != NULL) { 831 if (SEQ_GT(cur->rxmit, temp->rxmit)) { 832 temp->rxmit = cur->rxmit; 833 tp->sackhint.sack_bytes_rexmit += 834 (SEQ_MIN(temp->rxmit, 835 temp->end) - temp->start); 836 } 837 tp->sackhint.hole_bytes -= sblkp->end - sblkp->start; 838 loss_thresh += loss_hiack - temp->end; 839 loss_hiack = temp->start; 840 loss_sblks++; 841 if (!((loss_sblks >= tcprexmtthresh) || 842 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 843 notlost_bytes += temp->end - temp->start; 844 cur->end = sblkp->start; 845 cur->rxmit = SEQ_MIN(cur->rxmit, 846 cur->end); 847 if ((tp->t_flags & TF_LRD) && SEQ_GEQ(cur->rxmit, cur->end)) 848 cur->rxmit = tp->snd_recover; 849 delivered_data += (sblkp->end - sblkp->start); 850 } 851 } 852 } 853 tp->sackhint.sack_bytes_rexmit += 854 (SEQ_MIN(cur->rxmit, cur->end) - cur->start); 855 /* 856 * Testing sblkp->start against cur->start tells us whether 857 * we're done with the sack block or the sack hole. 858 * Accordingly, we advance one or the other. 859 */ 860 if (SEQ_LEQ(sblkp->start, cur->start)) { 861 loss_thresh += loss_hiack - cur->end; 862 loss_hiack = cur->start; 863 loss_sblks++; 864 if (!((loss_sblks >= tcprexmtthresh) || 865 (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) 866 notlost_bytes += cur->end - cur->start; 867 cur = TAILQ_PREV(cur, sackhole_head, scblink); 868 } else { 869 sblkp--; 870 } 871 } 872 873 KASSERT(!(TAILQ_EMPTY(&tp->snd_holes) && (tp->sackhint.hole_bytes != 0)), 874 ("SACK scoreboard empty, but accounting non-zero\n")); 875 876 KASSERT(notlost_bytes <= tp->sackhint.hole_bytes, 877 ("SACK: more bytes marked notlost than in scoreboard holes")); 878 879 if (!(to->to_flags & TOF_SACK)) 880 /* 881 * If this ACK did not contain any 882 * SACK blocks, any only moved the 883 * left edge right, it is a pure 884 * cumulative ACK. Do not count 885 * DupAck for this. Also required 886 * for RFC6675 rescue retransmission. 887 */ 888 sack_changed = SACK_NOCHANGE; 889 tp->sackhint.delivered_data = delivered_data; 890 tp->sackhint.sacked_bytes += delivered_data - left_edge_delta; 891 tp->sackhint.lost_bytes = tp->sackhint.hole_bytes - notlost_bytes; 892 KASSERT((delivered_data >= 0), ("delivered_data < 0")); 893 KASSERT((tp->sackhint.sacked_bytes >= 0), ("sacked_bytes < 0")); 894 return (sack_changed); 895} 896 897/* 898 * Free all SACK holes to clear the scoreboard. 899 */ 900void 901tcp_free_sackholes(struct tcpcb *tp) 902{ 903 struct sackhole *q; 904 905 INP_WLOCK_ASSERT(tptoinpcb(tp)); 906 while ((q = TAILQ_FIRST(&tp->snd_holes)) != NULL) 907 tcp_sackhole_remove(tp, q); 908 tp->sackhint.sack_bytes_rexmit = 0; 909 tp->sackhint.delivered_data = 0; 910 tp->sackhint.sacked_bytes = 0; 911 tp->sackhint.hole_bytes = 0; 912 tp->sackhint.lost_bytes = 0; 913 914 KASSERT(tp->snd_numholes == 0, ("tp->snd_numholes == 0")); 915 KASSERT(tp->sackhint.nexthole == NULL, 916 ("tp->sackhint.nexthole == NULL")); 917} 918 919/* 920 * Resend all the currently existing SACK holes of 921 * the scoreboard. This is in line with the Errata to 922 * RFC 2018, which allows the use of SACK data past 923 * an RTO to good effect typically. 924 */ 925void 926tcp_resend_sackholes(struct tcpcb *tp) 927{ 928 struct sackhole *p; 929 930 INP_WLOCK_ASSERT(tptoinpcb(tp)); 931 TAILQ_FOREACH(p, &tp->snd_holes, scblink) { 932 p->rxmit = p->start; 933 } 934 tp->sackhint.nexthole = TAILQ_FIRST(&tp->snd_holes); 935 tp->sackhint.sack_bytes_rexmit = 0; 936} 937 938/* 939 * Partial ack handling within a sack recovery episode. Keeping this very 940 * simple for now. When a partial ack is received, force snd_cwnd to a value 941 * that will allow the sender to transmit no more than 2 segments. If 942 * necessary, a better scheme can be adopted at a later point, but for now, 943 * the goal is to prevent the sender from bursting a large amount of data in 944 * the midst of sack recovery. 945 */ 946void 947tcp_sack_partialack(struct tcpcb *tp, struct tcphdr *th, u_int *maxsegp) 948{ 949 struct sackhole *temp; 950 int num_segs = 1; 951 u_int maxseg; 952 953 INP_WLOCK_ASSERT(tptoinpcb(tp)); 954 955 if (*maxsegp == 0) { 956 *maxsegp = tcp_maxseg(tp); 957 } 958 maxseg = *maxsegp; 959 tcp_timer_activate(tp, TT_REXMT, 0); 960 tp->t_rtttime = 0; 961 /* Send one or 2 segments based on how much new data was acked. */ 962 if ((BYTES_THIS_ACK(tp, th) / maxseg) >= 2) 963 num_segs = 2; 964 if (V_tcp_do_newsack) { 965 tp->snd_cwnd = imax(tp->snd_nxt - th->th_ack + 966 tp->sackhint.sack_bytes_rexmit - 967 tp->sackhint.sacked_bytes - 968 tp->sackhint.lost_bytes, maxseg) + 969 num_segs * maxseg; 970 } else { 971 tp->snd_cwnd = (tp->sackhint.sack_bytes_rexmit + 972 imax(0, tp->snd_nxt - tp->snd_recover) + 973 num_segs * maxseg); 974 } 975 if (tp->snd_cwnd > tp->snd_ssthresh) 976 tp->snd_cwnd = tp->snd_ssthresh; 977 tp->t_flags |= TF_ACKNOW; 978 /* 979 * RFC6675 rescue retransmission 980 * Add a hole between th_ack (snd_una is not yet set) and snd_max, 981 * if this was a pure cumulative ACK and no data was send beyond 982 * recovery point. Since the data in the socket has not been freed 983 * at this point, we check if the scoreboard is empty, and the ACK 984 * delivered some new data, indicating a full ACK. Also, if the 985 * recovery point is still at snd_max, we are probably application 986 * limited. However, this inference might not always be true. The 987 * rescue retransmission may rarely be slightly premature 988 * compared to RFC6675. 989 * The corresponding ACK+SACK will cause any further outstanding 990 * segments to be retransmitted. This addresses a corner case, when 991 * the trailing packets of a window are lost and no further data 992 * is available for sending. 993 */ 994 if ((V_tcp_do_newsack) && 995 SEQ_LT(th->th_ack, tp->snd_recover) && 996 TAILQ_EMPTY(&tp->snd_holes) && 997 (tp->sackhint.delivered_data > 0)) { 998 /* 999 * Exclude FIN sequence space in 1000 * the hole for the rescue retransmission, 1001 * and also don't create a hole, if only 1002 * the ACK for a FIN is outstanding. 1003 */ 1004 tcp_seq highdata = tp->snd_max; 1005 if (tp->t_flags & TF_SENTFIN) 1006 highdata--; 1007 highdata = SEQ_MIN(highdata, tp->snd_recover); 1008 if (SEQ_LT(th->th_ack, highdata)) { 1009 tp->snd_fack = th->th_ack; 1010 if ((temp = tcp_sackhole_insert(tp, SEQ_MAX(th->th_ack, 1011 highdata - maxseg), highdata, NULL)) != NULL) { 1012 tp->sackhint.hole_bytes += 1013 temp->end - temp->start; 1014 } 1015 } 1016 } 1017 (void) tcp_output(tp); 1018} 1019 1020/* 1021 * Returns the next hole to retransmit and the number of retransmitted bytes 1022 * from the scoreboard. We store both the next hole and the number of 1023 * retransmitted bytes as hints (and recompute these on the fly upon SACK/ACK 1024 * reception). This avoids scoreboard traversals completely. 1025 * 1026 * The loop here will traverse *at most* one link. Here's the argument. For 1027 * the loop to traverse more than 1 link before finding the next hole to 1028 * retransmit, we would need to have at least 1 node following the current 1029 * hint with (rxmit == end). But, for all holes following the current hint, 1030 * (start == rxmit), since we have not yet retransmitted from them. 1031 * Therefore, in order to traverse more 1 link in the loop below, we need to 1032 * have at least one node following the current hint with (start == rxmit == 1033 * end). But that can't happen, (start == end) means that all the data in 1034 * that hole has been sacked, in which case, the hole would have been removed 1035 * from the scoreboard. 1036 */ 1037struct sackhole * 1038tcp_sack_output(struct tcpcb *tp, int *sack_bytes_rexmt) 1039{ 1040 struct sackhole *hole = NULL; 1041 1042 INP_WLOCK_ASSERT(tptoinpcb(tp)); 1043 *sack_bytes_rexmt = tp->sackhint.sack_bytes_rexmit; 1044 hole = tp->sackhint.nexthole; 1045 if (hole == NULL) 1046 return (hole); 1047 if (SEQ_GEQ(hole->rxmit, hole->end)) { 1048 for (;;) { 1049 hole = TAILQ_NEXT(hole, scblink); 1050 if (hole == NULL) 1051 return (hole); 1052 if (SEQ_LT(hole->rxmit, hole->end)) { 1053 tp->sackhint.nexthole = hole; 1054 break; 1055 } 1056 } 1057 } 1058 KASSERT(SEQ_LT(hole->start, hole->end), ("%s: hole.start >= hole.end", __func__)); 1059 if (!(V_tcp_do_newsack)) { 1060 KASSERT(SEQ_LT(hole->start, tp->snd_fack), ("%s: hole.start >= snd.fack", __func__)); 1061 KASSERT(SEQ_LT(hole->end, tp->snd_fack), ("%s: hole.end >= snd.fack", __func__)); 1062 KASSERT(SEQ_LT(hole->rxmit, tp->snd_fack), ("%s: hole.rxmit >= snd.fack", __func__)); 1063 if (SEQ_GEQ(hole->start, hole->end) || 1064 SEQ_GEQ(hole->start, tp->snd_fack) || 1065 SEQ_GEQ(hole->end, tp->snd_fack) || 1066 SEQ_GEQ(hole->rxmit, tp->snd_fack)) { 1067 log(LOG_CRIT,"tcp: invalid SACK hole (%u-%u,%u) vs fwd ack %u, ignoring.\n", 1068 hole->start, hole->end, hole->rxmit, tp->snd_fack); 1069 return (NULL); 1070 } 1071 } 1072 return (hole); 1073} 1074 1075/* 1076 * After a timeout, the SACK list may be rebuilt. This SACK information 1077 * should be used to avoid retransmitting SACKed data. This function 1078 * traverses the SACK list to see if snd_nxt should be moved forward. 1079 */ 1080void 1081tcp_sack_adjust(struct tcpcb *tp) 1082{ 1083 struct sackhole *p, *cur = TAILQ_FIRST(&tp->snd_holes); 1084 1085 INP_WLOCK_ASSERT(tptoinpcb(tp)); 1086 if (cur == NULL) { 1087 /* No holes */ 1088 return; 1089 } 1090 if (SEQ_GEQ(tp->snd_nxt, tp->snd_fack)) { 1091 /* We're already beyond any SACKed blocks */ 1092 return; 1093 } 1094 /*- 1095 * Two cases for which we want to advance snd_nxt: 1096 * i) snd_nxt lies between end of one hole and beginning of another 1097 * ii) snd_nxt lies between end of last hole and snd_fack 1098 */ 1099 while ((p = TAILQ_NEXT(cur, scblink)) != NULL) { 1100 if (SEQ_LT(tp->snd_nxt, cur->end)) { 1101 return; 1102 } 1103 if (SEQ_GEQ(tp->snd_nxt, p->start)) { 1104 cur = p; 1105 } else { 1106 tp->snd_nxt = p->start; 1107 return; 1108 } 1109 } 1110 if (SEQ_LT(tp->snd_nxt, cur->end)) { 1111 return; 1112 } 1113 tp->snd_nxt = tp->snd_fack; 1114} 1115 1116/* 1117 * Lost Retransmission Detection 1118 * Check is FACK is beyond the rexmit of the leftmost hole. 1119 * If yes, we restart sending from still existing holes, 1120 * and adjust cwnd via the congestion control module. 1121 */ 1122void 1123tcp_sack_lost_retransmission(struct tcpcb *tp, struct tcphdr *th) 1124{ 1125 struct sackhole *temp; 1126 1127 if (IN_RECOVERY(tp->t_flags) && 1128 SEQ_GT(tp->snd_fack, tp->snd_recover) && 1129 ((temp = TAILQ_FIRST(&tp->snd_holes)) != NULL) && 1130 SEQ_GEQ(temp->rxmit, temp->end) && 1131 SEQ_GEQ(tp->snd_fack, temp->rxmit)) { 1132 TCPSTAT_INC(tcps_sack_lostrexmt); 1133 /* 1134 * Start retransmissions from the first hole, and 1135 * subsequently all other remaining holes, including 1136 * those, which had been sent completely before. 1137 */ 1138 tp->sackhint.nexthole = temp; 1139 TAILQ_FOREACH(temp, &tp->snd_holes, scblink) { 1140 if (SEQ_GEQ(tp->snd_fack, temp->rxmit) && 1141 SEQ_GEQ(temp->rxmit, temp->end)) 1142 temp->rxmit = temp->start; 1143 } 1144 /* 1145 * Remember the old ssthresh, to deduct the beta factor used 1146 * by the CC module. Finally, set cwnd to ssthresh just 1147 * prior to invoking another cwnd reduction by the CC 1148 * module, to not shrink it excessively. 1149 */ 1150 tp->snd_cwnd = tp->snd_ssthresh; 1151 /* 1152 * Formally exit recovery, and let the CC module adjust 1153 * ssthresh as intended. 1154 */ 1155 EXIT_RECOVERY(tp->t_flags); 1156 cc_cong_signal(tp, th, CC_NDUPACK); 1157 /* 1158 * For PRR, adjust recover_fs as if this new reduction 1159 * initialized this variable. 1160 * cwnd will be adjusted by SACK or PRR processing 1161 * subsequently, only set it to a safe value here. 1162 */ 1163 tp->snd_cwnd = tcp_maxseg(tp); 1164 tp->sackhint.recover_fs = (tp->snd_max - tp->snd_una) - 1165 tp->sackhint.recover_fs; 1166 } 1167} 1168