tcp_rcv_established函数的工作原理是把数据包的处理分为2类:fast path和slow path,其含义显而易见。这样分类的目的当然是加快数据包的处理,因为在正常情况下,数据包是按顺序到达的,网络状况也是稳定的,这时可以按照fast path直接把数据包存放到receive queue了。而在其他的情况下则需要走slow path流程了。
在协议栈中,是用头部预测来实现的,每个tcp sock有个pred_flags成员,它就是判别的依据
Either the data transaction is taking place in only one direction (which means that we are the receiver and not transmitting any data) or in the case where we are sending out data also, the window advertised from the other end is constant. The latter means that we have not transmitted any data from our side for quite some time but are receiving data from the other end. The receive window advertised by the other end is constant.
1 在tcp_data_queue中接收到乱序数据包
2 在tcp_prune_queue中用完缓存并且开始丢弃数据包
3 在tcp_urgent_check中遇到紧急指针
4 在tcp_select_window中发送的通告窗口下降到0.
1 When we have read past an urgent byte in tcp_recvmsg() . Wehave gotten an urgent byte and we remain in the slow path mode until we receive the urgent byte because it is handled in the slow path in tcp_rcv_established().
2 当在tcp_data_queue中乱序队列由于gap被填充而处理完毕时,运行tcp_fast_path_check。
3 tcp_ack_update_window()中更新了通告窗口。
/*
* TCP receive function for the ESTABLISHED state.
*
* It is split into a fast path and a slow path. The fast path is
* disabled when:
* - A zero window was announced from us - zero window probing
* is only handled properly in the slow path.
* - Out of order segments arrived.
* - Urgent data is expected.
* - There is no buffer space left
* - Unexpected TCP flags/window values/header lengths are received
* (detected by checking the TCP header against pred_flags)
* - Data is sent in both directions. Fast path only supports pure senders
* or pure receivers (this means either the sequence number or the ack
* value must stay constant)
* - Unexpected TCP option.
*
* When these conditions are not satisfied it drops into a standard
* receive procedure patterned after RFC793 to handle all cases.
* The first three cases are guaranteed by proper pred_flags setting,
* the rest is checked inline. Fast processing is turned on in
* tcp_data_queue when everything is OK.
*/
void tcp_rcv_established(struct sock *sk, struct sk_buff *skb,
const struct tcphdr *th, unsigned int len)
{
struct tcp_sock *tp = tcp_sk(sk);
skb\_mstamp\_get(&tp->tcp\_mstamp);
if (unlikely(!sk->sk\_rx\_dst)) /\* 路由为空,则重新设置路由 \*/
inet\_csk(sk)->icsk\_af\_ops->sk\_rx\_dst\_set(sk, skb);
/\*
\* Header prediction.
\* The code loosely follows the one in the famous
\* "30 instruction TCP receive" Van Jacobson mail.
\*
\* Van's trick is to deposit buffers into socket queue
\* on a device interrupt, to call tcp\_recv function
\* on the receive process context and checksum and copy
\* the buffer to user space. smart...
\*
\* Our current scheme is not silly either but we take the
\* extra cost of the net\_bh soft interrupt processing...
\* We do checksum and copy also but from device to kernel.
\*/
tp->rx\_opt.saw\_tstamp = 0;
/\* pred\_flags is 0xS?10 << 16 + snd\_wnd
\* if header\_prediction is to be made
\* 'S' will always be tp->tcp\_header\_len >> 2
\* '?' will be 0 for the fast path, otherwise pred\_flags is 0 to
\* turn it off (when there are holes in the receive
\* space for instance)
\* PSH flag is ignored.
\*/
/\* 快路检查&& 序号正确 && ack序号正确
TCP_HP_BITS的作用就是排除flag中的PSH标志位。只有在头部预测满足并且数据包以正确的顺序(该数据包的第一个序号就是下个要接收的序号)到达时才进入fast path
*/
if ((tcp\_flag\_word(th) & TCP\_HP\_BITS) == tp->pred\_flags &&
TCP\_SKB\_CB(skb)->seq == tp->rcv\_nxt &&
!after(TCP\_SKB\_CB(skb)->ack\_seq, tp->snd\_nxt)) {
int tcp\_header\_len = tp->tcp\_header\_len; /\* tcp头部长度 \*/
/\* Timestamp header prediction: tcp\_header\_len
\* is automatically equal to th->doff\*4 due to pred\_flags
\* match.
\*/
/\* Check timestamp \*/ /\* 有时间戳选项 \*/
if (tcp\_header\_len == sizeof(struct tcphdr) + TCPOLEN\_TSTAMP\_ALIGNED) {
/\* No? Slow path! /\* 解析时间戳选项失败,执行慢路 \*/
if (!tcp\_parse\_aligned\_timestamp(tp, th))
goto slow\_path;
/\* If PAWS failed, check it more carefully in slow path
\*/
/\* 序号回转,执行慢路 如果获取到的时间戳值 小于 下一个发送的tcp 段的时间搓
回显值 ?? paws检测 接收到的tcp段序号 是预期的但是时间戳值早过 发生了序号回卷??????
新的接收的数据段的时间戳)比ts_recent(对端发送过来的数据(也就是上一次)的最新的一个时间戳)小,则我们要进入slow path 处理paws。
*/
if ((s32)(tp->rx_opt.rcv_tsval - tp->rx_opt.ts_recent) < 0)
goto slow_path;
/\* DO NOT update ts\_recent here, if checksum fails
\* and timestamp was corrupted part, it will result
\* in a hung connection since we will drop all
\* future packets due to the PAWS test.
\*/
}
if (len <= tcp\_header\_len) { /\* 无数据该代码段是依据时戳选项来检查PAWS(Protect Against Wrapped Sequence numbers)。
如果发送来的仅是一个TCP头的话(没有捎带数据或者接收端检测到有乱序数据这些情况时都会发送一个纯粹的ACK包) */
/* Bulk data transfer: sender
主要的工作如下
1 保存对方的最近时戳 tcp_store_ts_recent。通过前面的if判断可以看出tcp总是回显2次时戳回显直接最先到达的数据包的时戳,
rcv_wup只在发送数据(这时回显时戳)时重置为rcv_nxt,所以接收到前一次回显后第一个数据包后,rcv_nxt增加了,但是
rcv_wup没有更新,所以后面的数据包处理时不会调用该函数来保存时戳。
2 ACK处理。这个函数非常复杂,包含了拥塞控制机制,确认处理等等。
3 检查是否有数据待发送 tcp_data_snd_check。
*/
if (len == tcp_header_len) {
/* Predicted packet is in window by definition.
* seq == rcv_nxt and rcv_wup <= rcv_nxt.
* Hence, check seq<=rcv_wup reduces to:
*//*
有时间戳选项
&& 所有接收的数据段均确认完毕
保存时间戳
/*static void tcp_store_ts_recent(struct tcp_sock *tp)
{
tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval;
tp->rx_opt.ts_recent_stamp = get_seconds();
}
*/
if (tcp_header_len ==
(sizeof(struct tcphdr) + TCPOLEN_TSTAMP_ALIGNED) &&
tp->rcv_nxt == tp->rcv_wup)
tcp_store_ts_recent(tp);
/\* We know that such packets are checksummed
\* on entry.
\*/ /\* 输入/快速路径ack处理 \*/
tcp\_ack(sk, skb, 0);
\_\_kfree\_skb(skb);
/\* 检查是否有数据要发送,并检查发送缓冲区大小
收到ack了,给数据包一次发送机会,tcp\_push\_pending\_frames\*/
tcp\_data\_snd\_check(sk);
return;
} else { /\* Header too small \*/
/\* 数据多小,比头部都小,错包 \*/
TCP\_INC\_STATS(sock\_net(sk), TCP\_MIB\_INERRS);
goto discard;
}
} else { /\* 有数据 且通过了首部预测检测 说明收到的段符合预期 开始处理数据\*/
int eaten = 0;
bool fragstolen = false;
/\* 进程上下文 \*/
if (tp->ucopy.task == current &&
/\* 期待读取的和期待接收的序号一致也就是
正在接收的段序号 和尚未从内核空间复制到用户空间的段最前的序号相等\*/
tp->copied\_seq == tp->rcv\_nxt &&
len - tcp\_header\_len <= tp->ucopy.len && /\* 数据<= 待读取长度(小于用户空间缓存) \*/
/\* 控制块被用户空间锁定 \*/
sock\_owned\_by\_user(sk)) {
\_\_set\_current\_state(TASK\_RUNNING); /\* 设置状态为running??? \*/
/\* 拷贝数据到msghdr \*/
if (!tcp\_copy\_to\_iovec(sk, skb, tcp\_header\_len)) {
/\* Predicted packet is in window by definition.
\* seq == rcv\_nxt and rcv\_wup <= rcv\_nxt.
\* Hence, check seq<=rcv\_wup reduces to:
\*/ /\* 有时间戳选项&& 收到的数据段均已确认,更新时间戳 \*/
if (tcp\_header\_len ==
(sizeof(struct tcphdr) +
TCPOLEN\_TSTAMP\_ALIGNED) &&
tp->rcv\_nxt == tp->rcv\_wup)
tcp\_store\_ts\_recent(tp);
tcp\_rcv\_rtt\_measure\_ts(sk, skb); /\* 接收端RTT估算 \*/
\_\_skb\_pull(skb, tcp\_header\_len);
/\* 更新期望接收的序号 \*/
tcp\_rcv\_nxt\_update(tp, TCP\_SKB\_CB(skb)->end\_seq);
NET\_INC\_STATS(sock\_net(sk),
LINUX\_MIB\_TCPHPHITSTOUSER);
eaten = 1;
}
}
/\* 未拷贝数据到用户空间,或者拷贝失败----没有把数据放到ucopy中 \*/
if (!eaten) {
if (tcp\_checksum\_complete(skb))
goto csum\_error;
/\* skb长度> 预分配长度 \*/
if ((int)skb->truesize > sk->sk\_forward\_alloc)
goto step5;
/\* Predicted packet is in window by definition.
\* seq == rcv\_nxt and rcv\_wup <= rcv\_nxt.
\* Hence, check seq<=rcv\_wup reduces to:
\*/ /\* 有时间戳选项,且数据均已确认完毕,则更新时间戳 \*/
if (tcp\_header\_len ==
(sizeof(struct tcphdr) + TCPOLEN\_TSTAMP\_ALIGNED) &&
tp->rcv\_nxt == tp->rcv\_wup)//在收到这个数据包之前,没有发送包也没有收到其他数据包,并且这个包不是乱序包
tcp\_store\_ts\_recent(tp);
tcp\_rcv\_rtt\_measure\_ts(sk, skb);
NET\_INC\_STATS(sock\_net(sk), LINUX\_MIB\_TCPHPHITS);
/\* Bulk data transfer: receiver \*/ /\* 数据加入接收队列 添加数据到sk\_receive\_queue中
会删除 tcp 首部 将数据包添加到队列中缓存起来 等待进程读取 同时设置改skb的宿主
释放回调函数 更新传输控制块已使用接收缓存总量 同时update tp->rcv\_nxt, also update tp->bytes\_received\*/
eaten = tcp\_queue\_rcv(sk, skb, tcp\_header\_len,
&fragstolen);
}
tcp\_event\_data\_recv(sk, skb);//inet\_csk\_schedule\_ack, 更新rtt
/\* 确认序号确认了数据 \*/
if (TCP\_SKB\_CB(skb)->ack\_seq != tp->snd\_una) {
/\* Well, only one small jumplet in fast path... \*/
tcp\_ack(sk, skb, FLAG\_DATA);/\* 处理ack \*/
tcp\_data\_snd\_check(sk); /\* 检查是否有数据要发送,需要则发送 \*/
if (!inet\_csk\_ack\_scheduled(sk)) /\* 没有ack要发送 在tcp\_event\_data\_recv标记过,但可能ack已经发出了,就不用检测是否要发送了\*/
goto no\_ack;
}
/\* 检查是否有ack要发送,需要则发送 \*/
\_\_tcp\_ack\_snd\_check(sk, 0);
no_ack:
if (eaten)
kfree_skb_partial(skb, fragstolen);
sk->sk_data_ready(sk);
return;
}
}
slow_path:
/* 长度错误|| 校验和错误 */
if (len < (th->doff << 2) || tcp_checksum_complete(skb))
goto csum_error;
/* 无ack,无rst,无syn */
if (!th->ack && !th->rst && !th->syn)
goto discard;
/\*
\* Standard slow path.
/\* 种种校验
\*/
if (!tcp\_validate\_incoming(sk, skb, th, 1))
return;
step5:
/* 处理ack */
if (tcp_ack(sk, skb, FLAG_SLOWPATH | FLAG_UPDATE_TS_RECENT) < 0)
goto discard;
/* 计算rtt */
tcp_rcv_rtt_measure_ts(sk, skb);
/\* Process urgent data. \*/
/\* 处理紧急数据 \*/
tcp\_urg(sk, skb, th);
/\* step 7: process the segment text数据段处理 \*/
tcp\_data\_queue(sk, skb);
tcp\_data\_snd\_check(sk);/\* 发送数据检查,有则发送 \*/
tcp\_ack\_snd\_check(sk);/\* 发送ack检查,有则发送 \*/
return;
csum_error:
TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
discard:
tcp_drop(sk, skb);
}
/* There is something which you must keep in mind when you analyze the
* behavior of the tp->ato delayed ack timeout interval. When a
* connection starts up, we want to ack as quickly as possible. The
* problem is that "good" TCP's do slow start at the beginning of data
* transmission. The means that until we send the first few ACK's the
* sender will sit on his end and only queue most of his data, because
* he can only send snd_cwnd unacked packets at any given time. For
* each ACK we send, he increments snd_cwnd and transmits more of his
* queue. -DaveM
*/
static void tcp_event_data_recv(struct sock *sk, struct sk_buff *skb)
{
struct tcp_sock *tp = tcp_sk(sk);
struct inet_connection_sock *icsk = inet_csk(sk);
u32 now;
inet\_csk\_schedule\_ack(sk);/\* 接收到了数据,设置ACK需调度标志\*/
---------------------------------
icsk->icsk\_ack.lrcvtime = now;
tcp\_ecn\_check\_ce(tp, skb);
if (skb->len >= 128)
tcp\_grow\_window(sk, skb);
}
/*
rcv_ssthresh是当前的接收窗口大小的一个阀值,其初始值就置为rcv_wnd。它跟rcv_wnd配合工作,
当本地socket收到数据报,并满足一定条件时,增长rcv_ssthresh的值,在下一次发送数据报组建TCP首部时,
需要通告对方当前的接收窗口大小,这时需要更新rcv_wnd,此时rcv_wnd的取值不能超过rcv_ssthresh的值。
两者配合,达到一个滑动窗口大小缓慢增长的效果。
*/
static void tcp_grow_window(struct sock *sk, const struct sk_buff *skb)
{
struct tcp_sock *tp = tcp_sk(sk);
/\* Check #1 \*/
if (tp->rcv\_ssthresh < tp->window\_clamp &&
(int)tp->rcv\_ssthresh < tcp\_space(sk) &&
!tcp\_under\_memory\_pressure(sk)) {
int incr;
/\* Check #2. Increase window, if skb with such overhead
\* will fit to rcvbuf in future.
\*/
if (tcp\_win\_from\_space(skb->truesize) <= skb->len)
incr = 2 \* tp->advmss;
else
incr = \_\_tcp\_grow\_window(sk, skb);
if (incr) {
incr = max\_t(int, incr, 2 \* skb->len);
tp->rcv\_ssthresh = min(tp->rcv\_ssthresh + incr,
tp->window\_clamp);
inet\_csk(sk)->icsk\_ack.quick |= 1;
}
}
}
/* Does PAWS and seqno based validation of an incoming segment, flags will
* play significant role here.
*/
static bool tcp_validate_incoming(struct sock *sk, struct sk_buff *skb,
const struct tcphdr *th, int syn_inerr)
{
struct tcp_sock *tp = tcp_sk(sk);
bool rst_seq_match = false;
/\* RFC1323: H1. Apply PAWS check first.
PAWS丢弃数据包要满足以下条件
1 The difference between the timestamp value obtained in the current segmentand last seen timestamp on the incoming TCP segment
should be more than TCP\_PAWS\_WINDOW (= 1), which means that if the segment that was transmitted 1 clock tick before the segment
that reached here earlier TCP seq should be acceptable. It may be because of reordering of the segments that the latter reached earlier.
2 the 24 days have not elapsed since last time timestamp was stored,
3 tcp\_disordered\_ack返回0.
static inline bool tcp\_paws\_discard(const struct sock \*sk,
const struct sk\_buff \*skb)
{
const struct tcp\_sock \*tp = tcp\_sk(sk);
return !tcp\_paws\_check(&tp->rx\_opt, TCP\_PAWS\_WINDOW) &&
!tcp\_disordered\_ack(sk, skb);
}
>tcp\_paws\_discard
|
|-->tcp\_disordered\_ack
其中关键是local方通过tcp\_disordered\_ack函数对一个刚收到的数据分段进行判断,下面我们对该函数的判断逻辑进行下总结:
大前提:该收到分段的TS值表明有回绕现象发生
a)若该分段不是一个纯ACK,则丢弃。因为显然这个分段所携带的数据是一个老数据了,不是local方目前希望接收的(参见PAWS的处理依据一节)
b)若该分段不是local所希望接收的,则丢弃。这个原因很显然
c)若该分段是一个纯ACK,但该ACK并不是一个重复ACK(由local方后续数据正确到达所引发的),则丢弃。因为显然该ACK是一个老的ACK,并不是由于为了加快local方重发而在每收到一个丢失分段后的分段而发出的ACK。
d)若该分段是一个ACK,且为重复ACK,并且该ACK的TS值超过了local方那个丢失分段后的重发rto,则丢弃。因为显然此时local方已经重发了那个导致此重复ACK产生的分段,因此再收到此重复ACK就可以直接丢弃。
e)若该分段是一个ACK,且为重复ACK,但是没有超过一个rto的时间,则不能丢弃,因为这正代表peer方收到了local方发出的丢失分段后的分段,local方要对此ACK进行处理(例如立刻重传)
这里有一个重要概念需要理解,即在出现TS问题后,纯ACK和带ACK的数据分段二者是显著不同的,对于后者,可以立刻丢弃掉,因为从一个窗口的某个seq到下一个窗口的同一个seq过程中,
一定有窗口变化曾经发生过,从而TS记录值ts\_recent也一定更新过,此时一定可以通过PAWS进行丢弃处理。但是对于前者,一个纯ACK,就不能简单丢弃了,因为有这样一个现象是合理的,
即假定local方的接收缓存很大,并且peer方在发送时很快就回绕了,于是在local方的某个分段丢失后,peer方需要在每收到的后续分段时发送重复ACK,而此时该重发ACK的ack\_seq就是这个丢失分段的序号,
而该重发ACK的seq已经是回绕后的重复序号了,尽管此时到底是回绕后的那个重复ACK还是之前的那个同样序号seq的重复ACK,对于local方来都需要处理(立刻启动重发动作),而不能简单丢弃掉。
来自 http://abcdxyzk.github.io/blog/2015/04/01/kernel-net-estab/
\*/
if (tcp\_fast\_parse\_options(skb, th, tp) && tp->rx\_opt.saw\_tstamp &&
tcp\_paws\_discard(sk, skb)) {
if (!th->rst) {
NET\_INC\_STATS(sock\_net(sk), LINUX\_MIB\_PAWSESTABREJECTED);
if (!tcp\_oow\_rate\_limited(sock\_net(sk), skb,
LINUX\_MIB\_TCPACKSKIPPEDPAWS,
&tp->last\_oow\_ack\_time))
tcp\_send\_dupack(sk, skb);
goto discard;
}
/\* Reset is accepted even if it did not pass PAWS. \*/
}
/\* Step 1: check sequence number
检查数据包的序号是否正确,该判断失败后调用tcp\_send\_dupack发送一个duplicate acknowledge(未设置RST标志位时)。
由rcv\_wup的更新时机(发送ACK时的tcp\_select\_window)可知位于序号rcv\_wup前面的数据都已确认,
所以待检查数据包的结束序号至少要大于该值;同时开始序号要落在接收窗口内
\*/
if (!tcp\_sequence(tp, TCP\_SKB\_CB(skb)->seq, TCP\_SKB\_CB(skb)->end\_seq)) {
/\* RFC793, page 37: "In all states except SYN-SENT, all reset
\* (RST) segments are validated by checking their SEQ-fields."
\* And page 69: "If an incoming segment is not acceptable,
\* an acknowledgment should be sent in reply (unless the RST
\* bit is set, if so drop the segment and return)".
\*/
if (!th->rst) {
if (th->syn)
goto syn\_challenge;
if (!tcp\_oow\_rate\_limited(sock\_net(sk), skb,
LINUX\_MIB\_TCPACKSKIPPEDSEQ,
&tp->last\_oow\_ack\_time))
tcp\_send\_dupack(sk, skb);
} else if (tcp\_reset\_check(sk, skb)) {
tcp\_reset(sk);
}
goto discard;
}
/\* Step 2: check RST bit 如果设置了RST,则调用tcp\_reset处理\*/
if (th->rst) {
/\* RFC 5961 3.2 (extend to match against (RCV.NXT - 1) after a
\* FIN and SACK too if available):
\* If seq num matches RCV.NXT or (RCV.NXT - 1) after a FIN, or
\* the right-most SACK block,
\* then
\* RESET the connection
\* else
\* Send a challenge ACK
\*/
if (TCP\_SKB\_CB(skb)->seq == tp->rcv\_nxt ||
tcp\_reset\_check(sk, skb)) {
rst\_seq\_match = true;
} else if (tcp\_is\_sack(tp) && tp->rx\_opt.num\_sacks > 0) {
struct tcp\_sack\_block \*sp = &tp->selective\_acks\[0\];
int max\_sack = sp\[0\].end\_seq;
int this\_sack;
for (this\_sack = 1; this\_sack < tp->rx\_opt.num\_sacks;
++this\_sack) {
max\_sack = after(sp\[this\_sack\].end\_seq,
max\_sack) ?
sp\[this\_sack\].end\_seq : max\_sack;
}
if (TCP\_SKB\_CB(skb)->seq == max\_sack)
rst\_seq\_match = true;
}
if (rst\_seq\_match)
tcp\_reset(sk);
else {
/\* Disable TFO if RST is out-of-order
\* and no data has been received
\* for current active TFO socket
\*/
if (tp->syn\_fastopen && !tp->data\_segs\_in &&
sk->sk\_state == TCP\_ESTABLISHED)
tcp\_fastopen\_active\_disable(sk);
tcp\_send\_challenge\_ack(sk, skb);
}
goto discard;
}
/\* step 3: check security and precedence \[ignored\] \*/
/\* step 4: Check for a SYN
\* RFC 5961 4.2 : Send a challenge ack
检查SYN,因为重发的SYN和原来的SYN之间不会发送数据,所以这2个SYN的序号是相同的
\*/
if (th->syn) {
syn_challenge:
if (syn_inerr)
TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNCHALLENGE);
tcp_send_challenge_ack(sk, skb);
goto discard;
}
return true;
discard:
tcp_drop(sk, skb);
return false;
}
/* Does PAWS and seqno based validation of an incoming segment, flags will
* play significant role here.
*/
static bool tcp_validate_incoming(struct sock *sk, struct sk_buff *skb,
const struct tcphdr *th, int syn_inerr)
{
struct tcp_sock *tp = tcp_sk(sk);
bool rst_seq_match = false;
/\* RFC1323: H1. Apply PAWS check first.
PAWS丢弃数据包要满足以下条件
1 The difference between the timestamp value obtained in the current segmentand last seen timestamp on the incoming TCP segment
should be more than TCP\_PAWS\_WINDOW (= 1), which means that if the segment that was transmitted 1 clock tick before the segment
that reached here earlier TCP seq should be acceptable. It may be because of reordering of the segments that the latter reached earlier.
2 the 24 days have not elapsed since last time timestamp was stored,
3 tcp\_disordered\_ack返回0.
static inline bool tcp\_paws\_discard(const struct sock \*sk,
const struct sk\_buff \*skb)
{
const struct tcp\_sock \*tp = tcp\_sk(sk);
return !tcp\_paws\_check(&tp->rx\_opt, TCP\_PAWS\_WINDOW) &&
!tcp\_disordered\_ack(sk, skb);
}
>tcp\_paws\_discard
|
|-->tcp\_disordered\_ack
其中关键是local方通过tcp\_disordered\_ack函数对一个刚收到的数据分段进行判断,下面我们对该函数的判断逻辑进行下总结:
大前提:该收到分段的TS值表明有回绕现象发生
a)若该分段不是一个纯ACK,则丢弃。因为显然这个分段所携带的数据是一个老数据了,不是local方目前希望接收的(参见PAWS的处理依据一节)
b)若该分段不是local所希望接收的,则丢弃。这个原因很显然
c)若该分段是一个纯ACK,但该ACK并不是一个重复ACK(由local方后续数据正确到达所引发的),则丢弃。因为显然该ACK是一个老的ACK,并不是由于为了加快local方重发而在每收到一个丢失分段后的分段而发出的ACK。
d)若该分段是一个ACK,且为重复ACK,并且该ACK的TS值超过了local方那个丢失分段后的重发rto,则丢弃。因为显然此时local方已经重发了那个导致此重复ACK产生的分段,因此再收到此重复ACK就可以直接丢弃。
e)若该分段是一个ACK,且为重复ACK,但是没有超过一个rto的时间,则不能丢弃,因为这正代表peer方收到了local方发出的丢失分段后的分段,local方要对此ACK进行处理(例如立刻重传)
这里有一个重要概念需要理解,即在出现TS问题后,纯ACK和带ACK的数据分段二者是显著不同的,对于后者,可以立刻丢弃掉,因为从一个窗口的某个seq到下一个窗口的同一个seq过程中,
一定有窗口变化曾经发生过,从而TS记录值ts\_recent也一定更新过,此时一定可以通过PAWS进行丢弃处理。但是对于前者,一个纯ACK,就不能简单丢弃了,因为有这样一个现象是合理的,
即假定local方的接收缓存很大,并且peer方在发送时很快就回绕了,于是在local方的某个分段丢失后,peer方需要在每收到的后续分段时发送重复ACK,而此时该重发ACK的ack\_seq就是这个丢失分段的序号,
而该重发ACK的seq已经是回绕后的重复序号了,尽管此时到底是回绕后的那个重复ACK还是之前的那个同样序号seq的重复ACK,对于local方来都需要处理(立刻启动重发动作),而不能简单丢弃掉。
来自 http://abcdxyzk.github.io/blog/2015/04/01/kernel-net-estab/
\*/
if (tcp\_fast\_parse\_options(skb, th, tp) && tp->rx\_opt.saw\_tstamp &&
tcp\_paws\_discard(sk, skb)) {
if (!th->rst) {
NET\_INC\_STATS(sock\_net(sk), LINUX\_MIB\_PAWSESTABREJECTED);
if (!tcp\_oow\_rate\_limited(sock\_net(sk), skb,
LINUX\_MIB\_TCPACKSKIPPEDPAWS,
&tp->last\_oow\_ack\_time))
tcp\_send\_dupack(sk, skb);
goto discard;
}
/\* Reset is accepted even if it did not pass PAWS. \*/
}
/\* Step 1: check sequence number
检查数据包的序号是否正确,该判断失败后调用tcp\_send\_dupack发送一个duplicate acknowledge(未设置RST标志位时)。
由rcv\_wup的更新时机(发送ACK时的tcp\_select\_window)可知位于序号rcv\_wup前面的数据都已确认,
所以待检查数据包的结束序号至少要大于该值;同时开始序号要落在接收窗口内
\*/
if (!tcp\_sequence(tp, TCP\_SKB\_CB(skb)->seq, TCP\_SKB\_CB(skb)->end\_seq)) {
/\* RFC793, page 37: "In all states except SYN-SENT, all reset
\* (RST) segments are validated by checking their SEQ-fields."
\* And page 69: "If an incoming segment is not acceptable,
\* an acknowledgment should be sent in reply (unless the RST
\* bit is set, if so drop the segment and return)".
\*/
if (!th->rst) {
if (th->syn)
goto syn\_challenge;
if (!tcp\_oow\_rate\_limited(sock\_net(sk), skb,
LINUX\_MIB\_TCPACKSKIPPEDSEQ,
&tp->last\_oow\_ack\_time))
tcp\_send\_dupack(sk, skb);
} else if (tcp\_reset\_check(sk, skb)) {
tcp\_reset(sk);
}
goto discard;
}
/\* Step 2: check RST bit 如果设置了RST,则调用tcp\_reset处理\*/
if (th->rst) {
/\* RFC 5961 3.2 (extend to match against (RCV.NXT - 1) after a
\* FIN and SACK too if available):
\* If seq num matches RCV.NXT or (RCV.NXT - 1) after a FIN, or
\* the right-most SACK block,
\* then
\* RESET the connection
\* else
\* Send a challenge ACK
\*/
if (TCP\_SKB\_CB(skb)->seq == tp->rcv\_nxt ||
tcp\_reset\_check(sk, skb)) {
rst\_seq\_match = true;
} else if (tcp\_is\_sack(tp) && tp->rx\_opt.num\_sacks > 0) {
struct tcp\_sack\_block \*sp = &tp->selective\_acks\[0\];
int max\_sack = sp\[0\].end\_seq;
int this\_sack;
for (this\_sack = 1; this\_sack < tp->rx\_opt.num\_sacks;
++this\_sack) {
max\_sack = after(sp\[this\_sack\].end\_seq,
max\_sack) ?
sp\[this\_sack\].end\_seq : max\_sack;
}
if (TCP\_SKB\_CB(skb)->seq == max\_sack)
rst\_seq\_match = true;
}
if (rst\_seq\_match)
tcp\_reset(sk);
else {
/\* Disable TFO if RST is out-of-order
\* and no data has been received
\* for current active TFO socket
\*/
if (tp->syn\_fastopen && !tp->data\_segs\_in &&
sk->sk\_state == TCP\_ESTABLISHED)
tcp\_fastopen\_active\_disable(sk);
tcp\_send\_challenge\_ack(sk, skb);
}
goto discard;
}
/\* step 3: check security and precedence \[ignored\] \*/
/\* step 4: Check for a SYN
\* RFC 5961 4.2 : Send a challenge ack
检查SYN,因为重发的SYN和原来的SYN之间不会发送数据,所以这2个SYN的序号是相同的
\*/
if (th->syn) {
syn_challenge:
if (syn_inerr)
TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNCHALLENGE);
tcp_send_challenge_ack(sk, skb);
goto discard;
}
return true;
discard:
tcp_drop(sk, skb);
return false;
}
从上述分析过程中可知:
/* 进程上下文 */
if (tp->ucopy.task == current &&
/* 期待读取的和期待接收的序号一致也就是
正在接收的段序号 和尚未从内核空间复制到用户空间的段最前的序号相等*/
tp->copied_seq == tp->rcv_nxt &&
len - tcp_header_len <= tp->ucopy.len && /* 数据<= 待读取长度(小于用户空间缓存) */
/* 控制块被用户空间锁定 */
sock_owned_by_user(sk)) {//此时用户进程正在recv 从内核获取数据 (用户进程正在休眠)
除了 recvmsg系统调用接收数据外,还有主动将数据从内核空间copy 到用户空间,注意:复制时 不应该将tcp 首部复制到用户空间
手机扫一扫
移动阅读更方便
你可能感兴趣的文章