Wrong unackseq calculation locked conn->tx_unacked at non-zero values
even if all ACKs were received. Thus unbuffered psock_tcp_send() never completed.
If the remote TCP receiver advertised TCP window size greater than 64 KB
and TCP ACK packets returned to the NuttX TCP sender with a significant delay,
tx_unacked variable overflowed and further TCP send stalled forever
(until TCP re-connection).
If the udp socket not connected, it is possible to have
multi-different destination address in each iob entry,
update the remote address every time to avoid sent to the
incorrect destination.
Signed-off-by: chao.an <anchao@xiaomi.com>
after correct:
client: server
connect ns_bind --> create new conn --> create_ept
accept --> set conn->psock to newpsock
Signed-off-by: ligd <liguiding1@xiaomi.com>
Fix the arp address changed if netdev renew, since the
arp table should be cleared when the netdev carrier off
Signed-off-by: songlinzhang <songlinzhang@xiaomi.com>
Reference RFC1122:
https://datatracker.ietf.org/doc/html/rfc1122
----------------------------------------------
4.1.3 SPECIFIC ISSUES
4.1.3.1 Ports
If a datagram arrives addressed to a UDP port for which
there is no pending LISTEN call, UDP SHOULD send an ICMP
Port Unreachable message.
Signed-off-by: chao.an <anchao@xiaomi.com>
Gregory Nutt has submitted the SGA
Haltian Ltd has submitted the SGA
as a result we can migrate the licenses to Apache.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
While it's a neat idea, it doesn't work well in reality.
* Many of modern tcp stacks don't obey the "ack every other packet"
rule these days. (Linux, macOS, ...)
* Even if a traditional TCP implementation is assumed, we can't
predict/control which packets are acked reliably. For example,
window updates can easily mess up our strategy.
tcp_timer: eliminated false decrements of conn->timer in case of multiple network adapters.
The false timer decrements sometimes provoked TCP spurious retransmissions due to premature timeouts.
The resulting time complexities are as follows:
* devif_callback_alloc() time complexity is O(1) (i.e. O(n) to fill the whole list).
* devif_callback_free() time complexity is O(1) (i.e. O(n) to empty the whole list).
* devif_conn_event() time complexity is O(n).
In case of enabled packet forwarding mode, packets were forwarded in a reverse order
because of LIFO behavior of the connection event list.
The issue exposed only during high network traffic. Thus the event list started to grow
that resulted in changing the order of packets inside of groups of several packets
like the following: 3, 2, 1, 6, 5, 4, 8, 7 etc.
Remarks concerning the connection event list implementation:
* Now the queue (list) is FIFO as it should be.
* The list is singly linked.
* The list has a head pointer (inside of outer net_driver_s structure),
and a tail pointer is added into outer net_driver_s structure.
* The list item is devif_callback_s structure.
It still has two pointers to two different list chains (*nxtconn and *nxtdev).
* As before the first argument (*dev) of the list functions can be NULL,
while the other argument (*list) is effective (not NULL).
* An extra (*tail) argument is added to devif_callback_alloc()
and devif_conn_callback_free() functions.
* devif_callback_alloc() time complexity is O(1) (i.e. O(n) to fill the whole list).
* devif_callback_free() time complexity is O(n) (i.e. O(n^2) to empty the whole list).
* devif_conn_event() time complexity is O(n).
Because of this, it will take some time to detangle the licensing under net/. Many new features, original features were added to the NuttX network. Clearly, any references to Adam Dunkels in the files that implement these new features that have no counterpart in uIP 1.0 are errors.
This PR removes the references and converts the license headers to Apache 2.0 where possible. The affected files include only (1) the implementation of IPv6 (including neighbor support under ICMPv6) and (2) Raw sockets. Neither of these features are present in uIP 1.0 and the licenses can be freely updated.
Gregory Nutt has submitted the SGA
UVC Ingenieure has submitted the SGA
Max Holtzberg has submitted the ICLA
as a result we can migrate the licenses to Apache.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
Summary:
- The critical section was added in Mar 2018 to improve
stability in SMP mode
- However, I noticed that this critical section is no longer
needed
Impact:
- None
Testing:
- Tested with spresense:wifi_smp and spresense:rndis_smp
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
* Do not accept the window in old segments.
Implement SND.WL1/WL2 things in the RFC.
* Do not accept the window in the segment w/o ACK bit set.
The window is an offset from the ack seq.
(maybe it's simpler to just drop segments w/o ACK though)
* Subtract snd_wnd by the amount of the ack advancement.
Fix a wrong assertion in:
```
commit 98ec46d726
Author: YAMAMOTO Takashi <yamamoto@midokura.com>
Date: Tue Jul 20 09:10:43 2021 +0900
tcp_send_buffered.c: fix iob allocation deadlock
Ensure to put the wrb back onto the write_q when blocking
on iob allocation. Otherwise, it can deadlock with other
threads doing the same thing.
```
I forget to submit this with https://github.com/apache/incubator-nuttx/pull/4257
With an applictation using mbedtls, I observed retransmitted segments
with corrupted user data, detected by the peer tls during mac processing.
Looking at the packet dump, I suspect that a wrb which has been put back
onto the write_q for retransmission was partially sent but fully acked.
Note: it's normal for a retransmission to be acked before sent.
In that case, the bug fixed in this commit would cause the wrb have
a wrong sequence number, possibly the same as the next wrb. It matches
what I saw in the packet dump. That is, the broken segments contain the
payload identical to one of the previous segment.
Consider a bi-directional TCP connection:
1. we use all IOBs for tx queue
2. we advertize zero recv window because we have no free IOBs
3. if the peer tcp does the same thing,
both sides advertize zero window and can not drain the tx queue.
For a similar stall to happen, the peer doesn't need to be
a naive tcp implementation like nuttx. A naive application blocking
on send() without draining its read buffer is enough.
(Probably such an application should be fixed to drain rx even
when tx is full. However, it's another story.)
This commit avoids the situation by prevent tx from grabbing
the all IOBs in the first place. (assuming CONFIG_IOB_THROTTLE > 0)
Since we do not have the Nagle's algorithm,
the TCP_NODELAY socket option is enabled by default.
Change-Id: I0c8619bb06cf418f7eded5bd72ac512b349cacc5
Signed-off-by: chao.an <anchao@xiaomi.com>
Since a SOL option IP_TTL exist, we should rename this IP_TTL
in netconfig.h to avoid confusion.
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
Change-Id: Ib04c36553f23bce8d362e97294a8b83eaa050cf3
quote from https://man7.org/linux/man-pages/man2/sendfile.2.html:
If offset is not NULL, then it points to a variable holding the
file offset from which sendfile() will start reading data from
in_fd. When sendfile() returns, this variable will be set to the
offset of the byte following the last byte that was read. If
offset is not NULL, then sendfile() does not modify the file
offset of in_fd; otherwise the file offset is adjusted to reflect
the number of bytes read from in_fd.
If offset is NULL, then data will be read from in_fd starting at
the file offset, and the file offset will be updated by the call.
The change also align with the implementation at:
libs/libc/misc/lib_sendfile.c
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: I607944f40b04f76731af7b205dcd319b0637fa04
1. change all window relative value type to uint32_t
2. move window range validity check(UINT16_MAX) before assembling TCP header
Signed-off-by: chao.an <anchao@xiaomi.com>
Reason:
When user call rpmsg_socket_close() at the same time
rpmsg_socket_ns_unbind() is called by remote CPU,
then will meet multi-access to rpmsg_socket_device_destroy()
Fix:
reuse recvlock to handle this
Change-Id: I8f33658f19c56a4000382ff9355ff052c45afea0
Signed-off-by: ligd <liguiding1@xiaomi.com>
tcp_close disposes the connection immediately if it's called in
TCP_LAST_ACK. If it happens, we will end up with responding the
last ACK with a RST.
This commit fixes it by making tcp_close wait for the completion
of the passive close.
This fixes connection closing issues with CONFIG_NET_TCP_WRITE_BUFFERS.
Because TCP_CLOSE is used for both of input and output for tcp_callback,
the close callback and the send callback confuses each other as
the following. As it effectively disposes the connection immediately,
we end up with responding to the consequent ACK and FIN/ACK from the peer
with RSTs.
tcp_timer
-> tcp_close_eventhandler
returns TCP_CLOSE (meaning an active close)
-> psock_send_eventhandler
called with TCP_CLOSE from tcp_close_eventhandler, misinterpet as
a passive close.
-> tcp_lost_connection
-> tcp_shutdown_monitor
-> tcp_callback
-> tcp_close_eventhandler
misinterpret TCP_CLOSE from itself as
a passive close
The current code just leave the window value from the segment
from the peer. It doesn't make sense.
Instead, always use 0.
This matches what NetBSD and Linux do.
(As far as I read their code correctly.)
* It doesn't make sense to have this conditional on our own
SO_KEEPALIVE support. (CONFIG_NET_TCP_KEEPALIVE)
Actually we don't have a control on the peer tcp stack,
who decides to send us keep-alive probes.
* We should respond them for non ESTABLISHED states. eg. FIN_WAIT_2
See also:
https://github.com/apache/incubator-nuttx/pull/3919#issuecomment-868248576
Do not bother to preserve segment boundaries in the tcp
readahead queues.
* Avoid wasting the tail IOB space for each segments.
Instead, pack the newly received data into the tail space
of the last IOB. Also, advertise the tail space as
a part of the window.
* Use IOB chain directly. Eliminate IOB queue overhead.
* Allow to accept only a part of a segment.
* This change improves the memory efficiency.
And probably more importantly, allows less-confusing
recv window advertisement behavior.
Previously, even when we advertise N bytes window,
we often couldn't actually accept N bytes. Depending on
the segment sizes and IOB configurations, it was causing
segment drops.
Also, the previous code was moving the right edge of the
window back and forth too often, even when nothing in
the system was competing on the IOBs. Shrinking the
window that way is a kinda well known recipe to confuse
the peer stack.
* Move the code to advance rcvseq for user data from tcp_input
to receive handlers.
Motivation: allow partial ack.
* If we drop a segment, ignore FIN as well. Note than tcp FIN bit is
logically after the user data in the same segment.
I assume this was just an oversight because I couldn't
find any obvious reason to special-case only the first IOB.
The commit message of the original commit is cited below.
```
commit bf21056001
Author: chao.an <anchao@xiaomi.com>
Date: Fri Nov 27 09:50:38 2020 +0800
net/tcp: fallback to unthrottle pool to avoid deadlock
Add a fallback mechanism to ensure that there are still available
iobs for an free connection, Guarantees all connections will have
a minimum threshold iob to keep the connection not be hanged.
Change-Id: I59bed98d135ccd1f16264b9ccacdd1b0d91261de
Signed-off-by: chao.an <anchao@xiaomi.com>
```
* Fixes the case where the window was small but not zero.
* tcp_recvfrom: Remove tcp_ackhandler. Instead, simply schedule TX for
a possible window update and make tcp_appsend decide.
* Replace rcv_wnd (the last advertized window size value) with
rcv_adv. (the window edge sequence number advertized to the peer)
rcv_wnd was complicated to deal with because its base (rcvseq) is
also moving.
* tcp_appsend: Send a window update even if there are no other reasons
to send an ack.
Namely, send an update if it increases the window by
* 2 * mss
* or the half of the max possible window size
Gregory Nutt is the copyright holder for those files and he has submitted the
SGA as a result we can migrate the licenses to Apache.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
NuttX provides the UDP_BINDTODEVICE socket option. This is a UDP protocol-specific implementation of the semi-standard Linux SO_BINDTODEVICE socket option: "SO_BINDTODEVICE forces packets on the socket to only egress the bound interface, regardless of what the IP routing table would normally choose. Similarly only packets which ingress the bound interface will be received on the socket, packets from other interfaces will not be delivered to the socket." https://codingrelic.geekhold.com/2009/10/code-snippet-sobindtodevice.html
If CONFIG_NET_UDP_BINDTODEVICE is selected and a UDP socket is bound to the device, then unrecognized packets UDP packets must not be dropped, but must be forwarded along to the bound socket unconditionally.
It the typical case, this should have no impact. It does effect the applications that use DHCP and do select the UDP_BINDTODEVICE socket option.
This PR replace existing improper logic in the code and also the improper attempts to fix problems from PR #3601 and PR #3598. Those changes are improper because they expose DHCP appliction dependencies in the OS, breaking modularity and independence of the OS and application.
Tested with stm32f4discovery:netnsh with CONFIG_NET_UDP_BINDTODEVICE. A proper DHCP test setup is needed, however.
Several licenses were missed in the initial work
David Sidrane has submitted the ICLA and we can migrate the licenses
to Apache.
Gregory Nutt has submitted the SGA and we can migrate the licenses
to Apache.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
Summary:
- In arp_wait_setup() and arp_wait_cancel(), g_arp_waiters
is protected by a critical section.
- However, I noticed that arp_notify() does not protect the
g_arp_waiters that would cause memory corruption
- This commit fixes the issue.
Impact:
- None
Testing:
- Tested with spresense:rndis_smp, spresense:rndis
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
Summary:
- In arp_send(), arp_wait_setup() adds a notify object to g_arp_waiters
which is removed in arp_wait() in normal case.
- However, in timeout and error cases, the object was not removed and
caused memory corruption.
- This commit fixes this issue.
Impact:
- None
Testing:
- Tested with spresense:rndis_smp
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
My recent changes to buffered tcp send broke this. [1]
One of my local apps using non-blocking tcp is working
again with this fix.
[1]
```
commit 837e1a72a4
Author: YAMAMOTO Takashi <yamamoto@midokura.com>
Date: Mon Mar 15 16:19:42 2021 +0900
tcp_send_buffered.c: improve tcp write buffering
```
reset the connection refcount if SYN retry count has elapsed
Assertion:
up_assert: Assertion failed at file:tcp/tcp_conn.c line: 764 task: netdev_wq
N/A
Signed-off-by: chao.an <anchao@xiaomi.com>
Add more sanity checks to avoid TCP moniter start fail if the
TCP handle unestablished, the dup(2) operation should work at any time
Signed-off-by: chao.an <anchao@xiaomi.com>
Forget to remove in:
commit e223f60c09
Author: Peter Bee <bijunda1@xiaomi.com>
Date: Tue Dec 1 14:55:16 2020 +0800
net/socket: move si_send/recv into sendmsg/recvmsg
Implement si_send/sendto/recvfrom with si_sendmsg/recvmsg, instead of
the other way round.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Summary:
- Based on the discussion (PR#2772), let me revert the commit
Impact:
- None
Testing:
- N/A
This reverts commit ec8bf5c8c1.
Suggested-by: YAMAMOTO Takashi <yamamoto@midokura.com>
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
Implement si_send/sendto/recvfrom with si_sendmsg/recvmsg, instead of
the other way round.
Change-Id: I7b858556996e0862df22807a6edf6d7cfe6518fc
Signed-off-by: Peter Bee <bijunda1@xiaomi.com>
to avoid the user create socket under the real filesystem
which isn't supported by nuttx VFS yet.
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: Ib04c90e9c3c5a215bfda65515498d81e5f834895
this change to support receive the udp data from the specified
port without obtaining the address.
e.g: disable the Bootstrap flag on dhcpc handshake
Reference:
RFC1542: Clarifications and Extensions for the Bootstrap Protocol.
Signed-off-by: chao.an <anchao@xiaomi.com>
Summary:
- This commit adds DEBUGASSERT() to check the IOB size
Impact:
- None
Testing:
- Tested with sabre-6quad:netnsh with QEMU
Signed-off-by: Masayuki Ishikawa <Masayuki.Ishikawa@jp.sony.com>
Request the TCP ACK to estimate the receive window after handle
any data already buffered in a read-ahead buffer.
Change-Id: Id998a1125dd2991d73ba4bef081ddcb7adea4f0d
Signed-off-by: chao.an <anchao@xiaomi.com>
Urgent data preceded "normal" data in the TCP payload. If the urgent data is larger than the size of the TCP payload, this indicates that the entire payload is urgent data and that urgent data continues in the next packet.
This case was handled correctly for the case where urgent data was present but was not being handled correctly in the case where the urgent data was NOT present.
fallback to usrsock if the features are not implemented locally
Change-Id: I46e2d6452d7edd3fa5b3d508945511cd48f22ebb
Signed-off-by: chao.an <anchao@xiaomi.com>
RFC2001: TCP Slow Start, Congestion Avoidance, Fast Retransmit,
and Fast Recovery Algorithms
...
3. Fast Retransmit
Modifications to the congestion avoidance algorithm were proposed in
1990 [3]. Before describing the change, realize that TCP may
generate an immediate acknowledgment (a duplicate ACK) when an out-
of-order segment is received (Section 4.2.2.21 of [1], with a note
that one reason for doing so was for the experimental fast-
retransmit algorithm). This duplicate ACK should not be delayed.
The purpose of this duplicate ACK is to let the other end know that a
segment was received out of order, and to tell it what sequence
number is expected.
Since TCP does not know whether a duplicate ACK is caused by a lost
segment or just a reordering of segments, it waits for a small number
of duplicate ACKs to be received. It is assumed that if there is
just a reordering of the segments, there will be only one or two
duplicate ACKs before the reordered segment is processed, which will
then generate a new ACK. If three or more duplicate ACKs are
received in a row, it is a strong indication that a segment has been
lost. TCP then performs a retransmission of what appears to be the
missing segment, without waiting for a retransmission timer to
expire.
Change-Id: Ie2cbcecab507c3d831f74390a6a85e0c5c8e0652
Signed-off-by: chao.an <anchao@xiaomi.com>
The number of available iobs is already sub in iob_navail(true) on line 114
net/tcp/tcp_recvwindow.c:
...
73 uint16_t tcp_get_recvwindow(FAR struct net_driver_s *dev)
...
114 niob_avail = iob_navail(true);
Change-Id: I230927904d8db08ed8d95d7fa18c5c5fce08aa5e
Signed-off-by: chao.an <anchao@xiaomi.com>
Add a fallback mechanism to ensure that there are still available
iobs for an free connection, Guarantees all connections will have
a minimum threshold iob to keep the connection not be hanged.
Change-Id: I59bed98d135ccd1f16264b9ccacdd1b0d91261de
Signed-off-by: chao.an <anchao@xiaomi.com>
Patch fixes following build error when
CONFIG_NET_IPv6 && !CONFIG_NET_ICMPv6 && CONFIG_NET_ETHERNET:
nuttx/staging/libnet.a(neighbor_ethernet_out.o): In function `neighbor_ethernet_out':
nuttx/net/neighbor/neighbor_ethernet_out.c:188: undefined reference to `icmpv6_solicit'
IPv6 without ICMPv6 is not very useful, but at least this patch
allows neighbor_ethernet_out() to be used with a packet socket or
with multicast address (point-to-point IPv6 links) even in that case.
Signed-off-by: Juha Niskanen <juha.niskanen@haltian.com>
The following nxstyle errors are known.
They are a part of the copyright notice.
net/igmp/igmp_poll.c:22:82: error: Long line found
net/igmp/igmp_poll.c:29:82: error: Long line found
The following nxstyle errors are known.
They are a part of the copyright notice.
net/igmp/igmp_mcastmac.c:22:82: error: Long line found
net/igmp/igmp_mcastmac.c:29:82: error: Long line found
The following nxstyle errors are intentionally left
because they are a part of the copyright notice.
net/igmp/igmp_join.c:22:82: error: Long line found
net/igmp/igmp_join.c:29:82: error: Long line found