2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Implementation of the Transmission Control Protocol(TCP).
8 * Version: $Id: tcp_timer.c,v 1.88 2002/02/01 22:01:04 davem Exp $
10 * Authors: Ross Biro, <bir7@leland.Stanford.Edu>
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Mark Evans, <evansmp@uhura.aston.ac.uk>
13 * Corey Minyard <wf-rch!minyard@relay.EU.net>
14 * Florian La Roche, <flla@stud.uni-sb.de>
15 * Charles Hedrick, <hedrick@klinzhai.rutgers.edu>
16 * Linus Torvalds, <torvalds@cs.helsinki.fi>
17 * Alan Cox, <gw4pts@gw4pts.ampr.org>
18 * Matthew Dillon, <dillon@apollo.west.oic.com>
19 * Arnt Gulbrandsen, <agulbra@nvg.unit.no>
20 * Jorge Cwik, <jorge@laser.satlink.net>
23 #include <linux/module.h>
26 int sysctl_tcp_syn_retries = TCP_SYN_RETRIES;
27 int sysctl_tcp_synack_retries = TCP_SYNACK_RETRIES;
28 int sysctl_tcp_keepalive_time = TCP_KEEPALIVE_TIME;
29 int sysctl_tcp_keepalive_probes = TCP_KEEPALIVE_PROBES;
30 int sysctl_tcp_keepalive_intvl = TCP_KEEPALIVE_INTVL;
31 int sysctl_tcp_retries1 = TCP_RETR1;
32 int sysctl_tcp_retries2 = TCP_RETR2;
33 int sysctl_tcp_orphan_retries;
35 static void tcp_write_timer(unsigned long);
36 static void tcp_delack_timer(unsigned long);
37 static void tcp_keepalive_timer (unsigned long data);
40 const char tcp_timer_bug_msg[] = KERN_DEBUG "tcpbug: unknown timer value\n";
44 * Using different timers for retransmit, delayed acks and probes
45 * We may wish use just one timer maintaining a list of expire jiffies
49 void tcp_init_xmit_timers(struct sock *sk)
51 struct tcp_opt *tp = tcp_sk(sk);
53 init_timer(&tp->retransmit_timer);
54 tp->retransmit_timer.function=&tcp_write_timer;
55 tp->retransmit_timer.data = (unsigned long) sk;
58 init_timer(&tp->delack_timer);
59 tp->delack_timer.function=&tcp_delack_timer;
60 tp->delack_timer.data = (unsigned long) sk;
63 init_timer(&sk->sk_timer);
64 sk->sk_timer.function = &tcp_keepalive_timer;
65 sk->sk_timer.data = (unsigned long)sk;
68 void tcp_clear_xmit_timers(struct sock *sk)
70 struct tcp_opt *tp = tcp_sk(sk);
73 sk_stop_timer(sk, &tp->retransmit_timer);
77 sk_stop_timer(sk, &tp->delack_timer);
79 sk_stop_timer(sk, &sk->sk_timer);
82 static void tcp_write_err(struct sock *sk)
84 sk->sk_err = sk->sk_err_soft ? : ETIMEDOUT;
85 sk->sk_error_report(sk);
88 NET_INC_STATS_BH(LINUX_MIB_TCPABORTONTIMEOUT);
91 /* Do not allow orphaned sockets to eat all our resources.
92 * This is direct violation of TCP specs, but it is required
93 * to prevent DoS attacks. It is called when a retransmission timeout
94 * or zero probe timeout occurs on orphaned socket.
96 * Criterium is still not confirmed experimentally and may change.
97 * We kill the socket, if:
98 * 1. If number of orphaned sockets exceeds an administratively configured
100 * 2. If we have strong memory pressure.
102 static int tcp_out_of_resources(struct sock *sk, int do_reset)
104 struct tcp_opt *tp = tcp_sk(sk);
105 int orphans = atomic_read(&tcp_orphan_count);
107 /* If peer does not open window for long time, or did not transmit
108 * anything for long time, penalize it. */
109 if ((s32)(tcp_time_stamp - tp->lsndtime) > 2*TCP_RTO_MAX || !do_reset)
112 /* If some dubious ICMP arrived, penalize even more. */
116 if (orphans >= sysctl_tcp_max_orphans ||
117 (sk->sk_wmem_queued > SOCK_MIN_SNDBUF &&
118 atomic_read(&tcp_memory_allocated) > sysctl_tcp_mem[2])) {
120 printk(KERN_INFO "Out of socket memory\n");
122 /* Catch exceptional cases, when connection requires reset.
123 * 1. Last segment was sent recently. */
124 if ((s32)(tcp_time_stamp - tp->lsndtime) <= TCP_TIMEWAIT_LEN ||
125 /* 2. Window is closed. */
126 (!tp->snd_wnd && !tcp_get_pcount(&tp->packets_out)))
129 tcp_send_active_reset(sk, GFP_ATOMIC);
131 NET_INC_STATS_BH(LINUX_MIB_TCPABORTONMEMORY);
137 /* Calculate maximal number or retries on an orphaned socket. */
138 static int tcp_orphan_retries(struct sock *sk, int alive)
140 int retries = sysctl_tcp_orphan_retries; /* May be zero. */
142 /* We know from an ICMP that something is wrong. */
143 if (sk->sk_err_soft && !alive)
146 /* However, if socket sent something recently, select some safe
147 * number of retries. 8 corresponds to >100 seconds with minimal
149 if (retries == 0 && alive)
154 /* A write timeout has occurred. Process the after effects. */
155 static int tcp_write_timeout(struct sock *sk)
157 struct tcp_opt *tp = tcp_sk(sk);
160 if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) {
162 dst_negative_advice(&sk->sk_dst_cache);
163 retry_until = tp->syn_retries ? : sysctl_tcp_syn_retries;
165 if (tp->retransmits >= sysctl_tcp_retries1) {
166 /* NOTE. draft-ietf-tcpimpl-pmtud-01.txt requires pmtu black
169 It is place to make it. It is not made. I do not want
170 to make it. It is disguisting. It does not work in any
171 case. Let me to cite the same draft, which requires for
172 us to implement this:
174 "The one security concern raised by this memo is that ICMP black holes
175 are often caused by over-zealous security administrators who block
176 all ICMP messages. It is vitally important that those who design and
177 deploy security systems understand the impact of strict filtering on
178 upper-layer protocols. The safest web site in the world is worthless
179 if most TCP implementations cannot transfer data from it. It would
180 be far nicer to have all of the black holes fixed rather than fixing
181 all of the TCP implementations."
186 dst_negative_advice(&sk->sk_dst_cache);
189 retry_until = sysctl_tcp_retries2;
190 if (sock_flag(sk, SOCK_DEAD)) {
191 int alive = (tp->rto < TCP_RTO_MAX);
193 retry_until = tcp_orphan_retries(sk, alive);
195 if (tcp_out_of_resources(sk, alive || tp->retransmits < retry_until))
200 if (tp->retransmits >= retry_until) {
201 /* Has it gone just too far? */
208 static void tcp_delack_timer(unsigned long data)
210 struct sock *sk = (struct sock*)data;
211 struct tcp_opt *tp = tcp_sk(sk);
214 if (sock_owned_by_user(sk)) {
215 /* Try again later. */
217 NET_INC_STATS_BH(LINUX_MIB_DELAYEDACKLOCKED);
218 sk_reset_timer(sk, &tp->delack_timer, jiffies + TCP_DELACK_MIN);
222 sk_stream_mem_reclaim(sk);
224 if (sk->sk_state == TCP_CLOSE || !(tp->ack.pending & TCP_ACK_TIMER))
227 if (time_after(tp->ack.timeout, jiffies)) {
228 sk_reset_timer(sk, &tp->delack_timer, tp->ack.timeout);
231 tp->ack.pending &= ~TCP_ACK_TIMER;
233 if (skb_queue_len(&tp->ucopy.prequeue)) {
236 NET_ADD_STATS_BH(LINUX_MIB_TCPSCHEDULERFAILED,
237 skb_queue_len(&tp->ucopy.prequeue));
239 while ((skb = __skb_dequeue(&tp->ucopy.prequeue)) != NULL)
240 sk->sk_backlog_rcv(sk, skb);
242 tp->ucopy.memory = 0;
245 if (tcp_ack_scheduled(tp)) {
246 if (!tp->ack.pingpong) {
247 /* Delayed ACK missed: inflate ATO. */
248 tp->ack.ato = min(tp->ack.ato << 1, tp->rto);
250 /* Delayed ACK missed: leave pingpong mode and
253 tp->ack.pingpong = 0;
254 tp->ack.ato = TCP_ATO_MIN;
257 NET_INC_STATS_BH(LINUX_MIB_DELAYEDACKS);
262 if (tcp_memory_pressure)
263 sk_stream_mem_reclaim(sk);
269 static void tcp_probe_timer(struct sock *sk)
271 struct tcp_opt *tp = tcp_sk(sk);
274 if (tcp_get_pcount(&tp->packets_out) || !sk->sk_send_head) {
279 /* *WARNING* RFC 1122 forbids this
281 * It doesn't AFAIK, because we kill the retransmit timer -AK
283 * FIXME: We ought not to do it, Solaris 2.5 actually has fixing
284 * this behaviour in Solaris down as a bug fix. [AC]
286 * Let me to explain. probes_out is zeroed by incoming ACKs
287 * even if they advertise zero window. Hence, connection is killed only
288 * if we received no ACKs for normal connection timeout. It is not killed
289 * only because window stays zero for some time, window may be zero
290 * until armageddon and even later. We are in full accordance
291 * with RFCs, only probe timer combines both retransmission timeout
292 * and probe timeout in one bottle. --ANK
294 max_probes = sysctl_tcp_retries2;
296 if (sock_flag(sk, SOCK_DEAD)) {
297 int alive = ((tp->rto<<tp->backoff) < TCP_RTO_MAX);
299 max_probes = tcp_orphan_retries(sk, alive);
301 if (tcp_out_of_resources(sk, alive || tp->probes_out <= max_probes))
305 if (tp->probes_out > max_probes) {
308 /* Only send another probe if we didn't close things up. */
314 * The TCP retransmit timer.
317 static void tcp_retransmit_timer(struct sock *sk)
319 struct tcp_opt *tp = tcp_sk(sk);
321 if (!tcp_get_pcount(&tp->packets_out))
324 BUG_TRAP(!skb_queue_empty(&sk->sk_write_queue));
326 if (!tp->snd_wnd && !sock_flag(sk, SOCK_DEAD) &&
327 !((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV))) {
328 /* Receiver dastardly shrinks window. Our retransmits
329 * become zero probes, but we should not timeout this
330 * connection. If the socket is an orphan, time it out,
331 * we cannot allow such beasts to hang infinitely.
334 if (net_ratelimit()) {
335 struct inet_opt *inet = inet_sk(sk);
336 printk(KERN_DEBUG "TCP: Treason uncloaked! Peer %u.%u.%u.%u:%u/%u shrinks window %u:%u. Repaired.\n",
337 NIPQUAD(inet->daddr), htons(inet->dport),
338 inet->num, tp->snd_una, tp->snd_nxt);
341 if (tcp_time_stamp - tp->rcv_tstamp > TCP_RTO_MAX) {
345 tcp_enter_loss(sk, 0);
346 tcp_retransmit_skb(sk, skb_peek(&sk->sk_write_queue));
348 goto out_reset_timer;
351 if (tcp_write_timeout(sk))
354 if (tp->retransmits == 0) {
355 if (tp->ca_state == TCP_CA_Disorder || tp->ca_state == TCP_CA_Recovery) {
357 if (tp->ca_state == TCP_CA_Recovery)
358 NET_INC_STATS_BH(LINUX_MIB_TCPSACKRECOVERYFAIL);
360 NET_INC_STATS_BH(LINUX_MIB_TCPSACKFAILURES);
362 if (tp->ca_state == TCP_CA_Recovery)
363 NET_INC_STATS_BH(LINUX_MIB_TCPRENORECOVERYFAIL);
365 NET_INC_STATS_BH(LINUX_MIB_TCPRENOFAILURES);
367 } else if (tp->ca_state == TCP_CA_Loss) {
368 NET_INC_STATS_BH(LINUX_MIB_TCPLOSSFAILURES);
370 NET_INC_STATS_BH(LINUX_MIB_TCPTIMEOUTS);
374 if (tcp_use_frto(sk)) {
377 tcp_enter_loss(sk, 0);
380 if (tcp_retransmit_skb(sk, skb_peek(&sk->sk_write_queue)) > 0) {
381 /* Retransmission failed because of local congestion,
384 if (!tp->retransmits)
386 tcp_reset_xmit_timer(sk, TCP_TIME_RETRANS,
387 min(tp->rto, TCP_RESOURCE_PROBE_INTERVAL));
391 /* Increase the timeout each time we retransmit. Note that
392 * we do not increase the rtt estimate. rto is initialized
393 * from rtt, but increases here. Jacobson (SIGCOMM 88) suggests
394 * that doubling rto each time is the least we can get away with.
395 * In KA9Q, Karn uses this for the first few times, and then
396 * goes to quadratic. netBSD doubles, but only goes up to *64,
397 * and clamps at 1 to 64 sec afterwards. Note that 120 sec is
398 * defined in the protocol as the maximum possible RTT. I guess
399 * we'll have to use something other than TCP to talk to the
400 * University of Mars.
402 * PAWS allows us longer timeouts and large windows, so once
403 * implemented ftp to mars will work nicely. We will have to fix
404 * the 120 second clamps though!
410 tp->rto = min(tp->rto << 1, TCP_RTO_MAX);
411 tcp_reset_xmit_timer(sk, TCP_TIME_RETRANS, tp->rto);
412 if (tp->retransmits > sysctl_tcp_retries1)
418 static void tcp_write_timer(unsigned long data)
420 struct sock *sk = (struct sock*)data;
421 struct tcp_opt *tp = tcp_sk(sk);
425 if (sock_owned_by_user(sk)) {
426 /* Try again later */
427 sk_reset_timer(sk, &tp->retransmit_timer, jiffies + (HZ / 20));
431 if (sk->sk_state == TCP_CLOSE || !tp->pending)
434 if (time_after(tp->timeout, jiffies)) {
435 sk_reset_timer(sk, &tp->retransmit_timer, tp->timeout);
443 case TCP_TIME_RETRANS:
444 tcp_retransmit_timer(sk);
446 case TCP_TIME_PROBE0:
453 sk_stream_mem_reclaim(sk);
460 * Timer for listening sockets
463 static void tcp_synack_timer(struct sock *sk)
465 struct tcp_opt *tp = tcp_sk(sk);
466 struct tcp_listen_opt *lopt = tp->listen_opt;
467 int max_retries = tp->syn_retries ? : sysctl_tcp_synack_retries;
468 int thresh = max_retries;
469 unsigned long now = jiffies;
470 struct open_request **reqp, *req;
473 if (lopt == NULL || lopt->qlen == 0)
476 /* Normally all the openreqs are young and become mature
477 * (i.e. converted to established socket) for first timeout.
478 * If synack was not acknowledged for 3 seconds, it means
479 * one of the following things: synack was lost, ack was lost,
480 * rtt is high or nobody planned to ack (i.e. synflood).
481 * When server is a bit loaded, queue is populated with old
482 * open requests, reducing effective size of queue.
483 * When server is well loaded, queue size reduces to zero
484 * after several minutes of work. It is not synflood,
485 * it is normal operation. The solution is pruning
486 * too old entries overriding normal timeout, when
487 * situation becomes dangerous.
489 * Essentially, we reserve half of room for young
490 * embrions; and abort old ones without pity, if old
491 * ones are about to clog our table.
493 if (lopt->qlen>>(lopt->max_qlen_log-1)) {
494 #ifdef CONFIG_ACCEPT_QUEUES
497 for(i=0; i < NUM_ACCEPT_QUEUES; i++)
498 young += lopt->qlen_young[i];
502 int young = (lopt->qlen_young<<1);
506 if (lopt->qlen < young)
513 if (tp->defer_accept)
514 max_retries = tp->defer_accept;
516 budget = 2*(TCP_SYNQ_HSIZE/(TCP_TIMEOUT_INIT/TCP_SYNQ_INTERVAL));
517 i = lopt->clock_hand;
520 reqp=&lopt->syn_table[i];
521 while ((req = *reqp) != NULL) {
522 if (time_after_eq(now, req->expires)) {
523 if ((req->retrans < thresh ||
524 (req->acked && req->retrans < max_retries))
525 && !req->class->rtx_syn_ack(sk, req, NULL)) {
528 if (req->retrans++ == 0)
529 #ifdef CONFIG_ACCEPT_QUEUES
530 lopt->qlen_young[req->acceptq_class]--;
534 timeo = min((TCP_TIMEOUT_INIT << req->retrans), TCP_RTO_MAX);
535 req->expires = now + timeo;
536 reqp = &req->dl_next;
540 /* Drop this request */
541 write_lock(&tp->syn_wait_lock);
542 *reqp = req->dl_next;
543 write_unlock(&tp->syn_wait_lock);
545 if (req->retrans == 0)
546 #ifdef CONFIG_ACCEPT_QUEUES
547 lopt->qlen_young[req->acceptq_class]--;
551 tcp_openreq_free(req);
554 reqp = &req->dl_next;
557 i = (i+1)&(TCP_SYNQ_HSIZE-1);
559 } while (--budget > 0);
561 lopt->clock_hand = i;
564 tcp_reset_keepalive_timer(sk, TCP_SYNQ_INTERVAL);
567 void tcp_delete_keepalive_timer (struct sock *sk)
569 sk_stop_timer(sk, &sk->sk_timer);
572 void tcp_reset_keepalive_timer (struct sock *sk, unsigned long len)
574 sk_reset_timer(sk, &sk->sk_timer, jiffies + len);
577 void tcp_set_keepalive(struct sock *sk, int val)
579 if ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))
582 if (val && !sock_flag(sk, SOCK_KEEPOPEN))
583 tcp_reset_keepalive_timer(sk, keepalive_time_when(tcp_sk(sk)));
585 tcp_delete_keepalive_timer(sk);
589 static void tcp_keepalive_timer (unsigned long data)
591 struct sock *sk = (struct sock *) data;
592 struct tcp_opt *tp = tcp_sk(sk);
595 /* Only process if socket is not in use. */
597 if (sock_owned_by_user(sk)) {
598 /* Try again later. */
599 tcp_reset_keepalive_timer (sk, HZ/20);
603 if (sk->sk_state == TCP_LISTEN) {
604 tcp_synack_timer(sk);
608 if (sk->sk_state == TCP_FIN_WAIT2 && sock_flag(sk, SOCK_DEAD)) {
609 if (tp->linger2 >= 0) {
610 int tmo = tcp_fin_time(tp) - TCP_TIMEWAIT_LEN;
613 tcp_time_wait(sk, TCP_FIN_WAIT2, tmo);
617 tcp_send_active_reset(sk, GFP_ATOMIC);
621 if (!sock_flag(sk, SOCK_KEEPOPEN) || sk->sk_state == TCP_CLOSE)
624 elapsed = keepalive_time_when(tp);
626 /* It is alive without keepalive 8) */
627 if (tcp_get_pcount(&tp->packets_out) || sk->sk_send_head)
630 elapsed = tcp_time_stamp - tp->rcv_tstamp;
632 if (elapsed >= keepalive_time_when(tp)) {
633 if ((!tp->keepalive_probes && tp->probes_out >= sysctl_tcp_keepalive_probes) ||
634 (tp->keepalive_probes && tp->probes_out >= tp->keepalive_probes)) {
635 tcp_send_active_reset(sk, GFP_ATOMIC);
639 if (tcp_write_wakeup(sk) <= 0) {
641 elapsed = keepalive_intvl_when(tp);
643 /* If keepalive was lost due to local congestion,
646 elapsed = TCP_RESOURCE_PROBE_INTERVAL;
649 /* It is tp->rcv_tstamp + keepalive_time_when(tp) */
650 elapsed = keepalive_time_when(tp) - elapsed;
654 sk_stream_mem_reclaim(sk);
657 tcp_reset_keepalive_timer (sk, elapsed);
668 EXPORT_SYMBOL(tcp_clear_xmit_timers);
669 EXPORT_SYMBOL(tcp_delete_keepalive_timer);
670 EXPORT_SYMBOL(tcp_init_xmit_timers);
671 EXPORT_SYMBOL(tcp_reset_keepalive_timer);
673 EXPORT_SYMBOL(tcp_timer_bug_msg);