Currently, we add TCP options only to SYN+ACK reply to peer's SYN
(i.e. passive open). For consistency, add them also when we send
SYN ourselves (active open). In both cases, we add just MSS option
currently.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The IP stack drops any TCP segment which doesn't fit into our
receive window. However, we still must accept Zero Window Probe
segments, which are segments, usually with data length of 1, which
a peer sends to us after we stayed with zero window for some time.
In this case, we need to repeat an ACK with the old ack number.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
It's rather confusing to not see current TCP state in any way (it
makes distinguishing different TCP contexts very hard). And nobody
can know/remember that it's printed with CONFIG_NET_DEBUG_TCP
defined. So, just make it be printed always (initially I thought
about printing just numeric value if CONFIG_NET_DEBUG_TCP isn't
defined, but why, if we can print symbolic name easily).
Also, add a hint that defining CONFIG_NET_DEBUG_TCP will still
print even more info (like unacked pkt list) - similarly to
similar helpful hints we have in other parts of net shell.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This one converts "raw" timeout value to use K_MSEC() macro
in order to make clear how long the timeout is.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Previously, there was a boolean CONFIG_NET_TCP_TIME_WAIT setting
("master switch") and numeric CONFIG_NET_TCP_2MSL_TIME setting,
both named not ideally (there were both NET_TCP_TIME_WAIT and
CONFIG_NET_TCP_TIME_WAIT symbols in the source, with very different
meaning; "2MSL_TIME" was also a roundabout way to refer to
TIME_WAIT state time). In addition to that, some code was defining
adhoc, hardcoded duplicates for these settings.
CONFIG_NET_TCP_2MSL_TIME was also measured in seconds, giving
poor precision control for this resource-tying setting.
Instead, replace them all with the single
CONFIG_NET_TCP_TIME_WAIT_DELAY setting, measured in milliseconds.
The value of 0 means that TIME_WAIT state is skipped.
Fixes: #7459
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Similar to UDP, some drivers can make use of the following functions:
net_tcp_get_hdr()
net_tcp_set_hdr()
Let's expose them as <net/tcp.h> and change all internal references
to "tcp_internal.h".
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
After successful send, the packet is automatically cleared, so
trying to call print_send_info() on it leads to errors:
[net/pkt] [ERR] net_pkt_tcp_data: NULL fragment data!
[net/tcp] [ERR] net_tcp_get_hdr: NULL TCP header!
(if error logging enabled).
This change is similar to how print_send_info() is called in
existing send_reset() function of this source file.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
According to RFC 793 we should wait for FIN in FIN_WAIT_1 and
FIN_WAIT_2 states. Receiving ACK in FIN_WAIT_1 just moves us to
FIN_WAIT_2 state.
Right now TCP connection is never closed if FIN is not received
in FIN_WAIT_2 state. Fix that by keeping fin_timer active in
FIN_WAIT_2 state, but canceling it just after FIN is received.
Fixes: 124c067027 ("net: tcp: Cancel the fin_timer on FIN message
in FIN_WAIT1 state")
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Instead of one global statistics, collect statistics information
separately for each network interface. This per interface statistics
collection is optional but turned on by default. It can be turned
off if needed, in which case only global statistics are collected.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
SYN flood causes crash in RX thread due to NULL pointer access. After
the crash available RX memory is zero, hence echo server does not
respond to echo request.
Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Move core TCP functionality from net_context.c to tcp.c. Create empty
functions that the compiler can remove if TCP is not configured. As a
result remove TCP ifdefs from net_context.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Queue a TCP FIN packet when needed if the socket was connected or
listening and where FIN wasn't already received.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Refactor sendto() code so that destination address and its validity
is checked first, followed by offloading verification. Move context
and shutdown checks into TCP queueing function.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Move IP address settings from net_if to separate structs.
This is needed for VLAN support.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If context is bound to IPv6 unspecified addresss and some port
number, then unspecified address is passed in TCP reset packet
message preparation. Eventually packet dropped at the peer.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Zephyr doesn't have luxury to create re-transmit timer per packet. So
it has different methods to handle packets in queue. But re-sending
packets on valid ack messages causing issues.
E.g. A TCP node sent two packets (packet-1, packet-2). Peer replied
two ACKs (ACK-1 and ACK-2), and these two ACK's are at rx_thread
queue. Now ACK-1 is handled and reference of packet-1 is freed
from sent list. Then if condiftion (valid ACK and connection
state is ESTABLISHED) notices that, sent list is not empty.
Restart the timer, modify sent flag and resend packets in a
list. Here packet-2 is sent again, even though ACK-2 is already
received. Situation is worse if there are more packets in the
list.
So only start the re-transmit timer in-case queue is not empty. It
allows rx_thread to handle all incoming packets (in this e.g ACKs).
When the re-trasmit timer expires, it sends the packets which
are left in queue.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
prepare_segment() returned NULL in case of any error, which then
net_context_send() translated into -EINVAL. That's highly confusing
though, because a common case of failure for prepare_segment() is
being unable to allocate data fragment(s) (for TCP header, etc.)
So, return output pkt by reference, and detailed error status as
a return value.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This field is set and maintained, but not actually used for anything.
The only purpose for it would be to validate ACK numbers from peer,
but such a validation is now implemented by using send_seq field
directly.
Fixes: #4653
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Case #1: If ACK received and our retransmit (i.e. unacked) queue is
empty, it's error. It's incorrect because TCP requires ACK to set for
every packet of established connection. For example, if we didn't
send anything to peer, but it sends us new data, it will reuse the
older ack number. It doesn't acknowledge anything new on our side,
but it's not an error in any way.
Case #2: If retransmit queue is only partially acknowledged, it's an
error. Consider that we have 2 packets in the queue, with sequence
numbers (inclusive) 100-199 and 200-399. There's nothing wrong if
we receive ACK with number 200 - it just acknowledges first packet,
we can remove and finish processing. Second packet remains in the
queue to be acknowledged later.
Fixes: #5504
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Per RFC 793:
A new acknowledgment (called an "acceptable ack"), is one for which
the inequality below holds:
SND.UNA < SEG.ACK =< SND.NXT
If acknowledgement is received for sequence number which wasn't yet
sent, log an error and ignore it.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Right now in FIN_WAIT1 state, if we receive FIN+ACK message, then
tcp state changed to FIN_WAIT2 on ACK flag and immediately on FIN
flag state changed to TIME_WAIT. Then final ACK is prepared and sent
(in queue at-least) to peer. Again immediately state changed to
TCP_CLOSED, where context is freed. net_context_put frees context
and releases tcp connection. Final ACK packet which is in queue
is dropped.
As a side effect of freed ACK packet, peer device keep on sending
FIN+ACK messages (that's why we see a lot of "TCP spurious
retransimission" messages in wireshark). As a result
of context free (respective connection handler also removed), we see
lot of packets dropped at connection input handler and replying with
ICMP error messages (destination unreachable).
To fix this issue, timewait timer support is required. When tcp
connection state changed to TIMEWAIT state, it should wait until
TIMEWAIT_TIMETOUT before changing state to TCP_CLOSED. It's
appropriate to close the tcp connection after timewait timer expiry.
Note: Right now timeout value is constant (250ms). But it should
be 2 * MSL (Maximum segment lifetime).
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
The original fragment chain of incoming packet will be lost and leaked
in case of early error, add frag back to packet and
let the caller do unref.
Fixes#4323
Signed-off-by: june li <junelizh@foxmail.com>
Add a generic function for TCP option parsing. So far we're
interested only in MSS option value, so that's what it handles.
Use it to parse MSS value in net_context incoming SYN packet
handler.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
MSS is Maximum Segment Size (data payload) of TCP. In SYN packets,
each side of the connection shares an MSS it wants to use (receive)
via the corresponding TCP option. If the option is not available,
the RFC mandates use of the value 536.
This patch handles storage of the send MSS (in the TCP structure,
in TCP backlog), with follow up patch handling actual parsing it
from the SYN TCP options.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The expire function can call net_context_unref() which tries to
get a semaphore with K_FOREVER. This is not allowed in interrupt
context. To overcome this, run the expire functionality from
system work queue instead.
Fixes#4683
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add option to set initial Retransmission Timeout value. The value is
different from NET_TCP_ACK_TIMEOUT since latter affects TCP states
timeout when waiting for ACK for example.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
There were decrements of TCP sequence numbers, inherited from FNET
stack implementation, as was used as an initial base. RFC793 does
not specify conditions for decrementing sequence numbers, so such
decrements are an artifact of FNET implementation. In Zephyr code,
we had to compensate for these decrements by extra increments
(including an increment-by-2). So, remove decrements and associated
extra increments to simplify the code.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
If the caller has passed net_pkt to prepare_segment(), then
it is caller responsibility to unref it in a case of error.
Fixes#4292
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Instead of hard coded 1280 bytes MSS, use the MTU of the link
for MSS. The minimal MSS is still 1280 which is mandated by
IPv6 RFC.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This reverts commit 817245c564.
In certain cases the peer seems to discard the FIN packet we are
sending, which means that the TCP stream is not closed properly.
This needs more work so revert this for time being.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If network context is closed, send FIN by placing it to the end
of send queue instead of sending it immediately. This way all
pending data is sent before the connection is closed.
Jira: ZEP-1853
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This is very unlikely to happen but the device will access null
pointer if we do not properly check the return value of header
check function.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Using memcpy() to copy net_pkt is not safe because there are
pointers inside. So use the new net_pkt_clone() to do that.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
k_delayed_work_cancel now only fail if it hasn't been submitted which
means it is not in use anyway so it safe to reset its data regardless
of its return.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
If we are not in ESTABLISHED state, then there is no need to
try to resend any pending data packets.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If the expire send timer expires, then it sends the packet.
If that happens, then we must not try to send the same packet
again if we receive ACK etc. which can cause re-sends to happen.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If the packet sending is slow then we must NOT increment the ref
count when re-sending it. This is unlikely but can happen if there
are lot of debug prints etc. extra activities that prevent the driver
to actually send the packet fast enough.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that the sent flag is only set after we have really
sent the packet and the driver has verified that.
If the net_pkt_set_sent() is called while still in tcp.c, then
depending on how fast the device is, it might happen that the
retry timer expires before the packet is actually sent. This was
seen in frdm-k64f with ethernet and various debug prints activated.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The second 'const' is misguided, indicating that the returns pointer
value itself cannot be changed, but since pointers are passed by value
anyway this is not useful and was generating warnings with XCC.
The leading 'const' indicates that the memory pointed to is constant,
which is all we needed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is needed in order to get information which function is
doing the ref. With inline function this was not possible.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
