* Copyright (c) 2011 The NetBSD Foundation, Inc.

/*
* Copyright (c) 2011 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
* by Coyote Point Systems, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/

/*
* Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
* methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
* Truncation (MSLT).
*
* MSLT and VTW were contributed by Coyote Point Systems, Inc.
*
* Even after a TCP session enters the TIME_WAIT state, its corresponding
* socket and protocol control blocks (PCBs) stick around until the TCP
* Maximum Segment Lifetime (MSL) expires. On a host whose workload
* necessarily creates and closes down many TCP sockets, the sockets & PCBs
* for TCP sessions in TIME_WAIT state amount to many megabytes of dead
* weight in RAM.
*
* Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
* a class based on the nearness of the peer. Corresponding to each class
* is an MSL, and a session uses the MSL of its class. The classes are
* loopback (local host equals remote host), local (local host and remote
* host are on the same link/subnet), and remote (local host and remote
* host communicate via one or more gateways). Classes corresponding to
* nearer peers have lower MSLs by default: 2 seconds for loopback, 10
* seconds for local, 60 seconds for remote. Loopback and local sessions
* expire more quickly when MSLT is used.
*
* Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
* dead weight with a compact representation of the session, called a
* "vestigial PCB". VTW data structures are designed to be very fast and
* memory-efficient: for fast insertion and lookup of vestigial PCBs,
* the PCBs are stored in a hash table that is designed to minimize the
* number of cacheline visits per lookup/insertion. The memory both
* for vestigial PCBs and for elements of the PCB hashtable come from
* fixed-size pools, and linked data structures exploit this to conserve
* memory by representing references with a narrow index/offset from the
* start of a pool instead of a pointer. When space for new vestigial PCBs
* runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
* VTW cooperates with MSLT.
*
* It may help to think of VTW as a "FIN cache" by analogy to the SYN
* cache.
*
* A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
* sessions as fast as it can is approximately 17% idle when VTW is active
* versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
* when VTW is active (approximately 64k vestigial PCBs are created) than
* when it is inactive.
*/

#include <sys/cdefs.h>

#ifdef _KERNEL_OPT
#include "opt_ddb.h"
#include "opt_inet.h"
#include "opt_inet_csum.h"
#include "opt_tcp_debug.h"
#endif

#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kmem.h>
#include <sys/mbuf.h>
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/errno.h>
#include <sys/syslog.h>
#include <sys/pool.h>
#include <sys/domain.h>
#include <sys/kernel.h>
#include <net/if.h>
#include <net/if_types.h>

#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/in_pcb.h>
#include <netinet/in_var.h>
#include <netinet/ip_var.h>
#include <netinet/in_offload.h>
#include <netinet/ip6.h>
#include <netinet6/ip6_var.h>
#include <netinet6/in6_pcb.h>
#include <netinet6/ip6_var.h>
#include <netinet6/in6_var.h>
#include <netinet/icmp6.h>

#include <netinet/tcp.h>
#include <netinet/tcp_fsm.h>
#include <netinet/tcp_seq.h>
#include <netinet/tcp_timer.h>
#include <netinet/tcp_var.h>
#include <netinet/tcp_private.h>

#include <netinet/tcp_vtw.h>

__KERNEL_RCSID(0, "$NetBSD: tcp_vtw.c,v 1.25 2024/10/07 23:17:00 jakllsch Exp $");

#define db_trace(__a, __b) do { } while (/*CONSTCOND*/0)

static void vtw_debug_init(void);

fatp_ctl_t fat_tcpv4;
fatp_ctl_t fat_tcpv6;
vtw_ctl_t vtw_tcpv4[VTW_NCLASS];
vtw_ctl_t vtw_tcpv6[VTW_NCLASS];
vtw_stats_t vtw_stats;

/* We provide state for the lookup_ports iterator.
* As currently we are netlock-protected, there is one.
* If we were finer-grain, we would have one per CPU.
* I do not want to be in the business of alloc/free.
* The best alternate would be allocate on the caller's
* stack, but that would require them to know the struct,
* or at least the size.
* See how she goes.
*/
struct tcp_ports_iterator {
union {
struct in_addr v4;
struct in6_addr v6;
} addr;
u_int port;

uint32_t wild : 1;

vtw_ctl_t *ctl;
fatp_t *fp;

uint16_t slot_idx;
uint16_t ctl_idx;
};

static struct tcp_ports_iterator tcp_ports_iterator_v4;
static struct tcp_ports_iterator tcp_ports_iterator_v6;

static int vtw_age(vtw_ctl_t *, struct timeval *);

/*!\brief allocate a fat pointer from a collection.
*/
static fatp_t *
fatp_alloc(fatp_ctl_t *fat)
{
fatp_t *fp = 0;

if (fat->nfree) {
fp = fat->free;
if (fp) {
fat->free = fatp_next(fat, fp);
--fat->nfree;
++fat->nalloc;
fp->nxt = 0;

KASSERT(!fp->inuse);
}
}

return fp;
}

/*!\brief free a fat pointer.
*/
static void
fatp_free(fatp_ctl_t *fat, fatp_t *fp)
{
if (fp) {
KASSERT(!fp->inuse);
KASSERT(!fp->nxt);

fp->nxt = fatp_index(fat, fat->free);
fat->free = fp;

++fat->nfree;
--fat->nalloc;
}
}

/*!\brief initialise a collection of fat pointers.
*
*\param n # hash buckets
*\param m total # fat pointers to allocate
*
* We allocate 2x as much, as we have two hashes: full and lport only.
*/
static void
fatp_init(fatp_ctl_t *fat, uint32_t n, uint32_t m,
fatp_t *fat_base, fatp_t **fat_hash)
{
fatp_t *fp;

KASSERT(n <= FATP_MAX / 2);

fat->hash = fat_hash;
fat->base = fat_base;

fat->port = &fat->hash[m];

fat->mask = m - 1; // ASSERT is power of 2 (m)
fat->lim = fat->base + 2*n - 1;
fat->nfree = 0;
fat->nalloc = 2*n;

/* Initialise the free list.
*/
for (fp = fat->lim; fp >= fat->base; --fp) {
fatp_free(fat, fp);
}
}

/*
* The `xtra' is XORed into the tag stored.
*/
static uint32_t fatp_xtra[] = {
0x11111111,0x22222222,0x33333333,0x44444444,
0x55555555,0x66666666,0x77777777,0x88888888,
0x12121212,0x21212121,0x34343434,0x43434343,
0x56565656,0x65656565,0x78787878,0x87878787,
0x11221122,0x22112211,0x33443344,0x44334433,
0x55665566,0x66556655,0x77887788,0x88778877,
0x11112222,0x22221111,0x33334444,0x44443333,
0x55556666,0x66665555,0x77778888,0x88887777,
};

/*!\brief turn a {fatp_t*,slot} into an integral key.
*
* The key can be used to obtain the fatp_t, and the slot,
* as it directly encodes them.
*/
static inline uint32_t
fatp_key(fatp_ctl_t *fat, fatp_t *fp, uint32_t slot)
{
CTASSERT(CACHE_LINE_SIZE == 32 ||
CACHE_LINE_SIZE == 64 ||
CACHE_LINE_SIZE == 128 ||
CACHE_LINE_SIZE == 256);

switch (fatp_ntags()) {
case 7:
return (fatp_index(fat, fp) << 3) | slot;
case 15:
return (fatp_index(fat, fp) << 4) | slot;
case 31:
return (fatp_index(fat, fp) << 5) | slot;
default:
KASSERT(0 && "no support, for no good reason");
return ~0;
}
}

static inline uint32_t
fatp_slot_from_key(fatp_ctl_t *fat, uint32_t key)
{
CTASSERT(CACHE_LINE_SIZE == 32 ||
CACHE_LINE_SIZE == 64 ||
CACHE_LINE_SIZE == 128 ||
CACHE_LINE_SIZE == 256);

switch (fatp_ntags()) {
case 7:
return key & 7;
case 15:
return key & 15;
case 31:
return key & 31;
default:
KASSERT(0 && "no support, for no good reason");
return ~0;
}
}

static inline fatp_t *
fatp_from_key(fatp_ctl_t *fat, uint32_t key)
{
CTASSERT(CACHE_LINE_SIZE == 32 ||
CACHE_LINE_SIZE == 64 ||
CACHE_LINE_SIZE == 128 ||
CACHE_LINE_SIZE == 256);

switch (fatp_ntags()) {
case 7:
key >>= 3;
break;
case 15:
key >>= 4;
break;
case 31:
key >>= 5;
break;
default:
KASSERT(0 && "no support, for no good reason");
return 0;
}

return key ? fat->base + key - 1 : 0;
}

static inline uint32_t
idx_encode(vtw_ctl_t *ctl, uint32_t idx)
{
return (idx << ctl->idx_bits) | idx;
}

static inline uint32_t
idx_decode(vtw_ctl_t *ctl, uint32_t bits)
{
uint32_t idx = bits & ctl->idx_mask;

if (idx_encode(ctl, idx) == bits)
return idx;
else
return ~0;
}

/*!\brief insert index into fatp hash
*
*\param idx - index of element being placed in hash chain
*\param tag - 32-bit tag identifier
*
*\returns
* value which can be used to locate entry.
*
*\note
* we rely on the fact that there are unused high bits in the index
* for verification purposes on lookup.
*/

static inline uint32_t
fatp_vtw_inshash(fatp_ctl_t *fat, uint32_t idx, uint32_t tag, int which,
void *dbg)
{
fatp_t *fp;
fatp_t **hash = (which ? fat->port : fat->hash);
int i;

fp = hash[tag & fat->mask];

while (!fp || fatp_full(fp)) {
fatp_t *fq;

/* All entries are inuse at the top level.
* We allocate a spare, and push the top level
* down one. All entries in the fp we push down
* (think of a tape worm here) will be expelled sooner than
* any entries added subsequently to this hash bucket.
* This is a property of the time waits we are exploiting.
*/

fq = fatp_alloc(fat);
if (!fq) {
vtw_age(fat->vtw, 0);
fp = hash[tag & fat->mask];
continue;
}

fq->inuse = 0;
fq->nxt = fatp_index(fat, fp);

hash[tag & fat->mask] = fq;

fp = fq;
}

KASSERT(!fatp_full(fp));

/* Fill highest index first. Lookup is lowest first.
*/
for (i = fatp_ntags(); --i >= 0; ) {
if (!((1 << i) & fp->inuse)) {
break;
}
}

fp->inuse |= 1 << i;
fp->tag[i] = tag ^ idx_encode(fat->vtw, idx) ^ fatp_xtra[i];

db_trace(KTR_VTW
, (fp, "fat: inuse %5.5x tag[%x] %8.8x"
, fp->inuse
, i, fp->tag[i]));

return fatp_key(fat, fp, i);
}

static inline int
vtw_alive(const vtw_t *vtw)
{
return vtw->hashed && vtw->expire.tv_sec;
}

static inline uint32_t
vtw_index_v4(vtw_ctl_t *ctl, vtw_v4_t *v4)
{
if (ctl->base.v4 <= v4 && v4 <= ctl->lim.v4)
return v4 - ctl->base.v4;

KASSERT(0 && "vtw out of bounds");

return ~0;
}

static inline uint32_t
vtw_index_v6(vtw_ctl_t *ctl, vtw_v6_t *v6)
{
if (ctl->base.v6 <= v6 && v6 <= ctl->lim.v6)
return v6 - ctl->base.v6;

KASSERT(0 && "vtw out of bounds");

return ~0;
}

static inline uint32_t
vtw_index(vtw_ctl_t *ctl, vtw_t *vtw)
{
if (ctl->clidx)
ctl = ctl->ctl;

if (ctl->is_v4)
return vtw_index_v4(ctl, (vtw_v4_t *)vtw);

if (ctl->is_v6)
return vtw_index_v6(ctl, (vtw_v6_t *)vtw);

KASSERT(0 && "neither 4 nor 6. most curious.");

return ~0;
}

static inline vtw_t *
vtw_from_index(vtw_ctl_t *ctl, uint32_t idx)
{
if (ctl->clidx)
ctl = ctl->ctl;

/* See if the index looks like it might be an index.
* Bits on outside of the valid index bits is a give away.
*/
idx = idx_decode(ctl, idx);

if (idx == ~0) {
return 0;
} else if (ctl->is_v4) {
vtw_v4_t *vtw = ctl->base.v4 + idx;

return (ctl->base.v4 <= vtw && vtw <= ctl->lim.v4)
? &vtw->common : 0;
} else if (ctl->is_v6) {
vtw_v6_t *vtw = ctl->base.v6 + idx;

return (ctl->base.v6 <= vtw && vtw <= ctl->lim.v6)
? &vtw->common : 0;
} else {
KASSERT(0 && "badness");
return 0;
}
}

/*!\brief return the next vtw after this one.
*
* Due to the differing sizes of the entries in differing
* arenas, we have to ensure we ++ the correct pointer type.
*
* Also handles wrap.
*/
static inline vtw_t *
vtw_next(vtw_ctl_t *ctl, vtw_t *vtw)
{
if (ctl->is_v4) {
vtw_v4_t *v4 = (void*)vtw;

vtw = &(++v4)->common;
} else {
vtw_v6_t *v6 = (void*)vtw;

vtw = &(++v6)->common;
}

if (vtw > ctl->lim.v)
vtw = ctl->base.v;

return vtw;
}

/*!\brief remove entry from FATP hash chains
*/
static inline void
vtw_unhash(vtw_ctl_t *ctl, vtw_t *vtw)
{
fatp_ctl_t *fat = ctl->fat;
fatp_t *fp;
uint32_t key = vtw->key;
uint32_t tag, slot, idx;
vtw_v4_t *v4 = (void*)vtw;
vtw_v6_t *v6 = (void*)vtw;

if (!vtw->hashed) {
KASSERT(0 && "unhashed");
return;
}

if (fat->vtw->is_v4) {
tag = v4_tag(v4->faddr, v4->fport, v4->laddr, v4->lport);
} else if (fat->vtw->is_v6) {
tag = v6_tag(&v6->faddr, v6->fport, &v6->laddr, v6->lport);
} else {
tag = 0;
KASSERT(0 && "not reached");
}

/* Remove from fat->hash[]
*/
slot = fatp_slot_from_key(fat, key);
fp = fatp_from_key(fat, key);
idx = vtw_index(ctl, vtw);

db_trace(KTR_VTW
, (fp, "fat: del inuse %5.5x slot %x idx %x key %x tag %x"
, fp->inuse, slot, idx, key, tag));

KASSERT(fp->inuse & (1 << slot));
KASSERT(fp->tag[slot] == (tag ^ idx_encode(ctl, idx)
^ fatp_xtra[slot]));

if ((fp->inuse & (1 << slot))
&& fp->tag[slot] == (tag ^ idx_encode(ctl, idx)
^ fatp_xtra[slot])) {
fp->inuse ^= 1 << slot;
fp->tag[slot] = 0;

/* When we delete entries, we do not compact. This is
* due to temporality. We add entries, and they
* (eventually) expire. Older entries will be further
* down the chain.
*/
if (!fp->inuse) {
uint32_t hi = tag & fat->mask;
fatp_t *fq = 0;
fatp_t *fr = fat->hash[hi];

while (fr && fr != fp) {
fr = fatp_next(fat, fq = fr);
}

if (fr == fp) {
if (fq) {
fq->nxt = fp->nxt;
fp->nxt = 0;
fatp_free(fat, fp);
} else {
KASSERT(fat->hash[hi] == fp);

if (fp->nxt) {
fat->hash[hi]
= fatp_next(fat, fp);
fp->nxt = 0;
fatp_free(fat, fp);
} else {
/* retain for next use.
*/
;
}
}
} else {
fr = fat->hash[hi];

do {
db_trace(KTR_VTW
, (fr
, "fat:*del inuse %5.5x"
" nxt %x"
, fr->inuse, fr->nxt));

fr = fatp_next(fat, fq = fr);
} while (fr && fr != fp);

KASSERT(0 && "oops");
}
}
vtw->key ^= ~0;
}

if (fat->vtw->is_v4) {
tag = v4_port_tag(v4->lport);
} else if (fat->vtw->is_v6) {
tag = v6_port_tag(v6->lport);
}

/* Remove from fat->port[]
*/
key = vtw->port_key;
slot = fatp_slot_from_key(fat, key);
fp = fatp_from_key(fat, key);
idx = vtw_index(ctl, vtw);

db_trace(KTR_VTW
, (fp, "fatport: del inuse %5.5x"
" slot %x idx %x key %x tag %x"
, fp->inuse, slot, idx, key, tag));

KASSERT(fp->inuse & (1 << slot));
KASSERT(fp->tag[slot] == (tag ^ idx_encode(ctl, idx)
^ fatp_xtra[slot]));

if ((fp->inuse & (1 << slot))
&& fp->tag[slot] == (tag ^ idx_encode(ctl, idx)
^ fatp_xtra[slot])) {
fp->inuse ^= 1 << slot;
fp->tag[slot] = 0;

if (!fp->inuse) {
uint32_t hi = tag & fat->mask;
fatp_t *fq = 0;
fatp_t *fr = fat->port[hi];

while (fr && fr != fp) {
fr = fatp_next(fat, fq = fr);
}

if (fr == fp) {
if (fq) {
fq->nxt = fp->nxt;
fp->nxt = 0;
fatp_free(fat, fp);
} else {
KASSERT(fat->port[hi] == fp);

if (fp->nxt) {
fat->port[hi]
= fatp_next(fat, fp);
fp->nxt = 0;
fatp_free(fat, fp);
} else {
/* retain for next use.
*/
;
}
}
}
}
vtw->port_key ^= ~0;
}

vtw->hashed = 0;
}

/*!\brief remove entry from hash, possibly free.
*/
void
vtw_del(vtw_ctl_t *ctl, vtw_t *vtw)
{
KASSERT(mutex_owned(softnet_lock));

if (vtw->hashed) {
++vtw_stats.del;
vtw_unhash(ctl, vtw);
}

/* We only delete the oldest entry.
*/
if (vtw != ctl->oldest.v)
return;

--ctl->nalloc;
++ctl->nfree;

vtw->expire.tv_sec = 0;
vtw->expire.tv_usec = ~0;

if (!ctl->nalloc)
ctl->oldest.v = 0;

ctl->oldest.v = vtw_next(ctl, vtw);
}

/*!\brief insert vestigial timewait in hash chain
*/
static void
vtw_inshash_v4(vtw_ctl_t *ctl, vtw_t *vtw)
{
uint32_t idx = vtw_index(ctl, vtw);
uint32_t tag;
vtw_v4_t *v4 = (void*)vtw;

KASSERT(mutex_owned(softnet_lock));
KASSERT(!vtw->hashed);
KASSERT(ctl->clidx == vtw->msl_class);

++vtw_stats.ins;

tag = v4_tag(v4->faddr, v4->fport,
v4->laddr, v4->lport);

vtw->key = fatp_vtw_inshash(ctl->fat, idx, tag, 0, vtw);

db_trace(KTR_VTW, (ctl
, "vtw: ins %8.8x:%4.4x %8.8x:%4.4x"
" tag %8.8x key %8.8x"
, v4->faddr, v4->fport
, v4->laddr, v4->lport
, tag
, vtw->key));

tag = v4_port_tag(v4->lport);
vtw->port_key = fatp_vtw_inshash(ctl->fat, idx, tag, 1, vtw);

db_trace(KTR_VTW, (ctl, "vtw: ins %P - %4.4x tag %8.8x key %8.8x"
, v4->lport, v4->lport
, tag
, vtw->key));

vtw->hashed = 1;
}

/*!\brief insert vestigial timewait in hash chain
*/
static void
vtw_inshash_v6(vtw_ctl_t *ctl, vtw_t *vtw)
{
uint32_t idx = vtw_index(ctl, vtw);
uint32_t tag;
vtw_v6_t *v6 = (void*)vtw;

KASSERT(mutex_owned(softnet_lock));
KASSERT(!vtw->hashed);
KASSERT(ctl->clidx == vtw->msl_class);

++vtw_stats.ins;

tag = v6_tag(&v6->faddr, v6->fport,
&v6->laddr, v6->lport);

vtw->key = fatp_vtw_inshash(ctl->fat, idx, tag, 0, vtw);

tag = v6_port_tag(v6->lport);
vtw->port_key = fatp_vtw_inshash(ctl->fat, idx, tag, 1, vtw);

db_trace(KTR_VTW, (ctl, "vtw: ins %P - %4.4x tag %8.8x key %8.8x"
, v6->lport, v6->lport
, tag
, vtw->key));

vtw->hashed = 1;
}

static vtw_t *
vtw_lookup_hash_v4(vtw_ctl_t *ctl, uint32_t faddr, uint16_t fport
, uint32_t laddr, uint16_t lport
, int which)
{
vtw_v4_t *v4;
vtw_t *vtw;
uint32_t tag;
fatp_t *fp;
int i;
uint32_t fatps = 0, probes = 0, losings = 0;

if (!ctl || !ctl->fat)
return 0;

++vtw_stats.look[which];

if (which) {
tag = v4_port_tag(lport);
fp = ctl->fat->port[tag & ctl->fat->mask];
} else {
tag = v4_tag(faddr, fport, laddr, lport);
fp = ctl->fat->hash[tag & ctl->fat->mask];
}

while (fp && fp->inuse) {
uint32_t inuse = fp->inuse;

++fatps;

for (i = 0; inuse && i < fatp_ntags(); ++i) {
uint32_t idx;

if (!(inuse & (1 << i)))
continue;

inuse ^= 1 << i;

++probes;
++vtw_stats.probe[which];

idx = fp->tag[i] ^ tag ^ fatp_xtra[i];
vtw = vtw_from_index(ctl, idx);

if (!vtw) {
/* Hopefully fast path.
*/
db_trace(KTR_VTW
, (fp, "vtw: fast %A:%P %A:%P"
" idx %x tag %x"
, faddr, fport
, laddr, lport
, idx, tag));
continue;
}

v4 = (void*)vtw;

/* The de-referencing of vtw is what we want to avoid.
* Losing.
*/
if (vtw_alive(vtw)
&& ((which ? vtw->port_key : vtw->key)
== fatp_key(ctl->fat, fp, i))
&& (which
|| (v4->faddr == faddr && v4->laddr == laddr
&& v4->fport == fport))
&& v4->lport == lport) {
++vtw_stats.hit[which];

db_trace(KTR_VTW
, (fp, "vtw: hit %8.8x:%4.4x"
" %8.8x:%4.4x idx %x key %x"
, faddr, fport
, laddr, lport
, idx_decode(ctl, idx), vtw->key));

KASSERT(vtw->hashed);

goto out;
}
++vtw_stats.losing[which];
++losings;

if (vtw_alive(vtw)) {
db_trace(KTR_VTW
, (fp, "vtw:!mis %8.8x:%4.4x"
" %8.8x:%4.4x key %x tag %x"
, faddr, fport
, laddr, lport
, fatp_key(ctl->fat, fp, i)
, v4_tag(faddr, fport
, laddr, lport)));
db_trace(KTR_VTW
, (vtw, "vtw:!mis %8.8x:%4.4x"
" %8.8x:%4.4x key %x tag %x"
, v4->faddr, v4->fport
, v4->laddr, v4->lport
, vtw->key
, v4_tag(v4->faddr, v4->fport
, v4->laddr, v4->lport)));

if (vtw->key == fatp_key(ctl->fat, fp, i)) {
db_trace(KTR_VTW
, (vtw, "vtw:!mis %8.8x:%4.4x"
" %8.8x:%4.4x key %x"
" which %x"
, v4->faddr, v4->fport
, v4->laddr, v4->lport
, vtw->key
, which));

} else {
db_trace(KTR_VTW
, (vtw
, "vtw:!mis"
" key %8.8x != %8.8x"
" idx %x i %x which %x"
, vtw->key
, fatp_key(ctl->fat, fp, i)
, idx_decode(ctl, idx)
, i
, which));
}
} else {
db_trace(KTR_VTW
, (fp
, "vtw:!mis free entry"
" idx %x vtw %p which %x"
, idx_decode(ctl, idx)
, vtw, which));
}
}

if (fp->nxt) {
fp = fatp_next(ctl->fat, fp);
} else {
break;
}
}
++vtw_stats.miss[which];
vtw = 0;
out:
if (fatps > vtw_stats.max_chain[which])
vtw_stats.max_chain[which] = fatps;
if (probes > vtw_stats.max_probe[which])
vtw_stats.max_probe[which] = probes;
if (losings > vtw_stats.max_loss[which])
vtw_stats.max_loss[which] = losings;

return vtw;
}

static vtw_t *
vtw_lookup_hash_v6(vtw_ctl_t *ctl, const struct in6_addr *faddr, uint16_t fport
, const struct in6_addr *laddr, uint16_t lport
, int which)
{
vtw_v6_t *v6;
vtw_t *vtw;
uint32_t tag;
fatp_t *fp;
int i;
uint32_t fatps = 0, probes = 0, losings = 0;

++vtw_stats.look[which];

if (!ctl || !ctl->fat)
return 0;

if (which) {
tag = v6_port_tag(lport);
fp = ctl->fat->port[tag & ctl->fat->mask];
} else {
tag = v6_tag(faddr, fport, laddr, lport);
fp = ctl->fat->hash[tag & ctl->fat->mask];
}

while (fp && fp->inuse) {
uint32_t inuse = fp->inuse;

++fatps;

for (i = 0; inuse && i < fatp_ntags(); ++i) {
uint32_t idx;

if (!(inuse & (1 << i)))
continue;

inuse ^= 1 << i;

++probes;
++vtw_stats.probe[which];

idx = fp->tag[i] ^ tag ^ fatp_xtra[i];
vtw = vtw_from_index(ctl, idx);

db_trace(KTR_VTW
, (fp, "probe: %2d %6A:%4.4x %6A:%4.4x idx %x"
, i
, db_store(faddr, sizeof (*faddr)), fport
, db_store(laddr, sizeof (*laddr)), lport
, idx_decode(ctl, idx)));

if (!vtw) {
/* Hopefully fast path.
*/
continue;
}

v6 = (void*)vtw;

if (vtw_alive(vtw)
&& ((which ? vtw->port_key : vtw->key)
== fatp_key(ctl->fat, fp, i))
&& v6->lport == lport
&& (which
|| (v6->fport == fport
&& !bcmp(&v6->faddr, faddr, sizeof (*faddr))
&& !bcmp(&v6->laddr, laddr
, sizeof (*laddr))))) {
++vtw_stats.hit[which];

KASSERT(vtw->hashed);
goto out;
} else {
++vtw_stats.losing[which];
++losings;
}
}

if (fp->nxt) {
fp = fatp_next(ctl->fat, fp);
} else {
break;
}
}
++vtw_stats.miss[which];
vtw = 0;
out:
if (fatps > vtw_stats.max_chain[which])
vtw_stats.max_chain[which] = fatps;
if (probes > vtw_stats.max_probe[which])
vtw_stats.max_probe[which] = probes;
if (losings > vtw_stats.max_loss[which])
vtw_stats.max_loss[which] = losings;

return vtw;
}

/*!\brief port iterator
*/
static vtw_t *
vtw_next_port_v4(struct tcp_ports_iterator *it)
{
vtw_ctl_t *ctl = it->ctl;
vtw_v4_t *v4;
vtw_t *vtw;
uint32_t tag;
uint16_t lport = it->port;
fatp_t *fp;
int i;
uint32_t fatps = 0, probes = 0, losings = 0;

tag = v4_port_tag(lport);
if (!it->fp) {
it->fp = ctl->fat->port[tag & ctl->fat->mask];
it->slot_idx = 0;
}
fp = it->fp;

while (fp) {
uint32_t inuse = fp->inuse;

++fatps;

for (i = it->slot_idx; inuse && i < fatp_ntags(); ++i) {
uint32_t idx;

if (!(inuse & (1 << i)))
continue;

inuse &= ~0U << i;

if (i < it->slot_idx)
continue;

++vtw_stats.probe[1];
++probes;

idx = fp->tag[i] ^ tag ^ fatp_xtra[i];
vtw = vtw_from_index(ctl, idx);

if (!vtw) {
/* Hopefully fast path.
*/
continue;
}

v4 = (void*)vtw;

if (vtw_alive(vtw)
&& vtw->port_key == fatp_key(ctl->fat, fp, i)
&& v4->lport == lport) {
++vtw_stats.hit[1];

it->slot_idx = i + 1;

goto out;
} else if (vtw_alive(vtw)) {
++vtw_stats.losing[1];
++losings;

db_trace(KTR_VTW
, (vtw, "vtw:!mis"
" port %8.8x:%4.4x %8.8x:%4.4x"
" key %x port %x"
, v4->faddr, v4->fport
, v4->laddr, v4->lport
, vtw->key
, lport));
} else {
/* Really losing here. We are coming
* up with references to free entries.
* Might find it better to use
* traditional, or need another
* add-hockery. The other add-hockery
* would be to pul more into into the
* cache line to reject the false
* hits.
*/
++vtw_stats.losing[1];
++losings;
db_trace(KTR_VTW
, (fp, "vtw:!mis port %x"
" - free entry idx %x vtw %p"
, lport
, idx_decode(ctl, idx)
, vtw));
}
}

if (fp->nxt) {
it->fp = fp = fatp_next(ctl->fat, fp);
it->slot_idx = 0;
} else {
it->fp = 0;
break;
}
}
++vtw_stats.miss[1];

vtw = 0;
out:
if (fatps > vtw_stats.max_chain[1])
vtw_stats.max_chain[1] = fatps;
if (probes > vtw_stats.max_probe[1])
vtw_stats.max_probe[1] = probes;
if (losings > vtw_stats.max_loss[1])
vtw_stats.max_loss[1] = losings;

return vtw;
}

/*!\brief port iterator
*/
static vtw_t *
vtw_next_port_v6(struct tcp_ports_iterator *it)
{
vtw_ctl_t *ctl = it->ctl;
vtw_v6_t *v6;
vtw_t *vtw;
uint32_t tag;
uint16_t lport = it->port;
fatp_t *fp;
int i;
uint32_t fatps = 0, probes = 0, losings = 0;

tag = v6_port_tag(lport);
if (!it->fp) {
it->fp = ctl->fat->port[tag & ctl->fat->mask];
it->slot_idx = 0;
}
fp = it->fp;

while (fp) {
uint32_t inuse = fp->inuse;

++fatps;

for (i = it->slot_idx; inuse && i < fatp_ntags(); ++i) {
uint32_t idx;

if (!(inuse & (1 << i)))
continue;

inuse &= ~0U << i;

if (i < it->slot_idx)
continue;

++vtw_stats.probe[1];
++probes;

idx = fp->tag[i] ^ tag ^ fatp_xtra[i];
vtw = vtw_from_index(ctl, idx);

if (!vtw) {
/* Hopefully fast path.
*/
continue;
}

v6 = (void*)vtw;

db_trace(KTR_VTW
, (vtw, "vtw: i %x idx %x fp->tag %x"
" tag %x xtra %x"
, i, idx_decode(ctl, idx)
, fp->tag[i], tag, fatp_xtra[i]));

if (vtw_alive(vtw)
&& vtw->port_key == fatp_key(ctl->fat, fp, i)
&& v6->lport == lport) {
++vtw_stats.hit[1];

db_trace(KTR_VTW
, (fp, "vtw: nxt port %P - %4.4x"
" idx %x key %x"
, lport, lport
, idx_decode(ctl, idx), vtw->key));

it->slot_idx = i + 1;
goto out;
} else if (vtw_alive(vtw)) {
++vtw_stats.losing[1];

db_trace(KTR_VTW
, (vtw, "vtw:!mis port %6A:%4.4x"
" %6A:%4.4x key %x port %x"
, db_store(&v6->faddr
, sizeof (v6->faddr))
, v6->fport
, db_store(&v6->laddr
, sizeof (v6->faddr))
, v6->lport
, vtw->key
, lport));
} else {
/* Really losing here. We are coming
* up with references to free entries.
* Might find it better to use
* traditional, or need another
* add-hockery. The other add-hockery
* would be to pul more into into the
* cache line to reject the false
* hits.
*/
++vtw_stats.losing[1];
++losings;

db_trace(KTR_VTW
, (fp
, "vtw:!mis port %x"
" - free entry idx %x vtw %p"
, lport, idx_decode(ctl, idx)
, vtw));
}
}

if (fp->nxt) {
it->fp = fp = fatp_next(ctl->fat, fp);
it->slot_idx = 0;
} else {
it->fp = 0;
break;
}
}
++vtw_stats.miss[1];

vtw = 0;
out:
if (fatps > vtw_stats.max_chain[1])
vtw_stats.max_chain[1] = fatps;
if (probes > vtw_stats.max_probe[1])
vtw_stats.max_probe[1] = probes;
if (losings > vtw_stats.max_loss[1])
vtw_stats.max_loss[1] = losings;

return vtw;
}

/*!\brief initialise the VTW allocation arena
*
* There are 1+3 allocation classes:
* 0 classless
* {1,2,3} MSL-class based allocation
*
* The allocation arenas are all initialised. Classless gets all the
* space. MSL-class based divides the arena, so that allocation
* within a class can proceed without having to consider entries
* (aka: cache lines) from different classes.
*
* Usually, we are completely classless or class-based, but there can be
* transition periods, corresponding to dynamic adjustments in the config
* by the operator.
*/
static void
vtw_init(fatp_ctl_t *fat, vtw_ctl_t *ctl, const uint32_t n, vtw_t *ctl_base_v)
{
int class_n, i;
vtw_t *base;

ctl->base.v = ctl_base_v;

if (ctl->is_v4) {
ctl->lim.v4 = ctl->base.v4 + n - 1;
ctl->alloc.v4 = ctl->base.v4;
} else {
ctl->lim.v6 = ctl->base.v6 + n - 1;
ctl->alloc.v6 = ctl->base.v6;
}

ctl->nfree = n;
ctl->ctl = ctl;

ctl->idx_bits = 32;
for (ctl->idx_mask = ~0; (ctl->idx_mask & (n-1)) == n-1; ) {
ctl->idx_mask >>= 1;
ctl->idx_bits -= 1;
}

ctl->idx_mask <<= 1;
ctl->idx_mask |= 1;
ctl->idx_bits += 1;

ctl->fat = fat;
fat->vtw = ctl;

/* Divide the resources equally amongst the classes.
* This is not optimal, as the different classes
* arrive and leave at different rates, but it is
* the best I can do for now.
*/
class_n = n / (VTW_NCLASS-1);
base = ctl->base.v;

for (i = 1; i < VTW_NCLASS; ++i) {
int j;

ctl[i] = ctl[0];
ctl[i].clidx = i;

ctl[i].base.v = base;
ctl[i].alloc = ctl[i].base;

for (j = 0; j < class_n - 1; ++j) {
if (tcp_msl_enable)
base->msl_class = i;
base = vtw_next(ctl, base);
}

ctl[i].lim.v = base;
base = vtw_next(ctl, base);
ctl[i].nfree = class_n;
}

vtw_debug_init();
}

/*!\brief map class to TCP MSL
*/
static inline uint32_t
class_to_msl(int msl_class)
{
switch (msl_class) {
case 0:
case 1:
return tcp_msl_remote ? tcp_msl_remote : (TCPTV_MSL >> 0);
case 2:
return tcp_msl_local ? tcp_msl_local : (TCPTV_MSL >> 1);
default:
return tcp_msl_loop ? tcp_msl_loop : (TCPTV_MSL >> 2);
}
}

/*!\brief map TCP MSL to class
*/
static inline uint32_t
msl_to_class(int msl)
{
if (tcp_msl_enable) {
if (msl <= (tcp_msl_loop ? tcp_msl_loop : (TCPTV_MSL >> 2)))
return 1+2;
if (msl <= (tcp_msl_local ? tcp_msl_local : (TCPTV_MSL >> 1)))
return 1+1;
return 1;
}
return 0;
}

/*!\brief allocate a vtw entry
*/
static inline vtw_t *
vtw_alloc(vtw_ctl_t *ctl)
{
vtw_t *vtw = 0;
int stuck = 0;
int avail = ctl ? (ctl->nalloc + ctl->nfree) : 0;
int msl;

KASSERT(mutex_owned(softnet_lock));

/* If no resources, we will not get far.
*/
if (!ctl || !ctl->base.v4 || avail <= 0)
return 0;

/* Obtain a free one.
*/
while (!ctl->nfree) {
vtw_age(ctl, 0);

if (++stuck > avail) {
/* When in transition between
* schemes (classless, classed) we
* can be stuck having to await the
* expiration of cross-allocated entries.
*
* Returning zero means we will fall back to the
* traditional TIME_WAIT handling, except in the
* case of a re-shed, in which case we cannot
* perform the reshecd, but will retain the extant
* entry.
*/
db_trace(KTR_VTW
, (ctl, "vtw:!none free in class %x %x/%x"
, ctl->clidx
, ctl->nalloc, ctl->nfree));

return 0;
}
}

vtw = ctl->alloc.v;

if (vtw->msl_class != ctl->clidx) {
/* Usurping rules:
* 0 -> {1,2,3} or {1,2,3} -> 0
*/
KASSERT(!vtw->msl_class || !ctl->clidx);

if (vtw->hashed || vtw->expire.tv_sec) {
/* As this is owned by some other class,
* we must wait for it to expire it.
* This will only happen on class/classless
* transitions, which are guaranteed to progress
* to completion in small finite time, barring bugs.
*/
db_trace(KTR_VTW
, (ctl, "vtw:!%p class %x!=%x %x:%x%s"
, vtw, vtw->msl_class, ctl->clidx
, vtw->expire.tv_sec
, vtw->expire.tv_usec
, vtw->hashed ? " hashed" : ""));

return 0;
}

db_trace(KTR_VTW
, (ctl, "vtw:!%p usurped from %x to %x"
, vtw, vtw->msl_class, ctl->clidx));

vtw->msl_class = ctl->clidx;
}

if (vtw_alive(vtw)) {
KASSERT(0 && "next free not free");
return 0;
}

/* Advance allocation pointer.
*/
ctl->alloc.v = vtw_next(ctl, vtw);

--ctl->nfree;
++ctl->nalloc;

msl = (2 * class_to_msl(ctl->clidx) * 1000) / PR_SLOWHZ; // msec

/* mark expiration
*/
getmicrouptime(&vtw->expire);

/* Move expiration into the future.
*/
vtw->expire.tv_sec += msl / 1000;
vtw->expire.tv_usec += 1000 * (msl % 1000);

while (vtw->expire.tv_usec >= 1000*1000) {
vtw->expire.tv_usec -= 1000*1000;
vtw->expire.tv_sec += 1;
}

if (!ctl->oldest.v)
ctl->oldest.v = vtw;

return vtw;
}

/*!\brief expiration
*/
static int
vtw_age(vtw_ctl_t *ctl, struct timeval *_when)
{
vtw_t *vtw;
struct timeval then, *when = _when;
int maxtries = 0;

if (!ctl->oldest.v) {
KASSERT(!ctl->nalloc);
return 0;
}

for (vtw = ctl->oldest.v; vtw && ctl->nalloc; ) {
if (++maxtries > ctl->nalloc)
break;

if (vtw->msl_class != ctl->clidx) {
db_trace(KTR_VTW
, (vtw, "vtw:!age class mismatch %x != %x"
, vtw->msl_class, ctl->clidx));
/* XXXX
* See if the appropriate action is to skip to the next.
* XXXX
*/
ctl->oldest.v = vtw = vtw_next(ctl, vtw);
continue;
}
if (!when) {
/* Latch oldest timeval if none specified.
*/
then = vtw->expire;
when = &then;
}

if (!timercmp(&vtw->expire, when, <=))
break;

db_trace(KTR_VTW
, (vtw, "vtw: expire %x %8.8x:%8.8x %x/%x"
, ctl->clidx
, vtw->expire.tv_sec
, vtw->expire.tv_usec
, ctl->nalloc
, ctl->nfree));

if (!_when)
++vtw_stats.kill;

vtw_del(ctl, vtw);
vtw = ctl->oldest.v;
}

return ctl->nalloc; // # remaining allocated
}

static callout_t vtw_cs;

/*!\brief notice the passage of time.
* It seems to be getting faster. What happened to the year?
*/
static void
vtw_tick(void *arg)
{
struct timeval now;
int i, cnt = 0;

getmicrouptime(&now);

db_trace(KTR_VTW, (arg, "vtk: tick - now %8.8x:%8.8x"
, now.tv_sec, now.tv_usec));

mutex_enter(softnet_lock);

for (i = 0; i < VTW_NCLASS; ++i) {
cnt += vtw_age(&vtw_tcpv4[i], &now);
cnt += vtw_age(&vtw_tcpv6[i], &now);
}

/* Keep ticks coming while we need them.
*/
if (cnt)
callout_schedule(&vtw_cs, hz / 5);
else {
tcp_vtw_was_enabled = 0;
tcbtable.vestige = 0;
}
mutex_exit(softnet_lock);
}

/* inpcb_lookup_locals assist for handling vestigial entries.
*/
static void *
tcp_init_ports_v4(struct in_addr addr, u_int port, int wild)
{
struct tcp_ports_iterator *it = &tcp_ports_iterator_v4;

bzero(it, sizeof (*it));

/* Note: the reference to vtw_tcpv4[0] is fine.
* We do not need per-class iteration. We just
* need to get to the fat, and there is one
* shared fat.
*/
if (vtw_tcpv4[0].fat) {
it->addr.v4 = addr;
it->port = port;
it->wild = !!wild;
it->ctl = &vtw_tcpv4[0];

++vtw_stats.look[1];
}

return it;
}

/*!\brief export an IPv4 vtw.
*/
static int
vtw_export_v4(vtw_ctl_t *ctl, vtw_t *vtw, vestigial_inpcb_t *res)
{
vtw_v4_t *v4 = (void*)vtw;

bzero(res, sizeof (*res));

if (ctl && vtw) {
if (!ctl->clidx && vtw->msl_class)
ctl += vtw->msl_class;
else
KASSERT(ctl->clidx == vtw->msl_class);

res->valid = 1;
res->v4 = 1;

res->faddr.v4.s_addr = v4->faddr;
res->laddr.v4.s_addr = v4->laddr;
res->fport = v4->fport;
res->lport = v4->lport;
res->vtw = vtw; // netlock held over call(s)
res->ctl = ctl;
res->reuse_addr = vtw->reuse_addr;
res->reuse_port = vtw->reuse_port;
res->snd_nxt = vtw->snd_nxt;
res->rcv_nxt = vtw->rcv_nxt;
res->rcv_wnd = vtw->rcv_wnd;
res->uid = vtw->uid;
}

return res->valid;
}

/*!\brief return next port in the port iterator. yowza.
*/
static int
tcp_next_port_v4(void *arg, struct vestigial_inpcb *res)
{
struct tcp_ports_iterator *it = arg;
vtw_t *vtw = 0;

if (it->ctl)
vtw = vtw_next_port_v4(it);

if (!vtw)
it->ctl = 0;

return vtw_export_v4(it->ctl, vtw, res);
}

static int
tcp_lookup_v4(struct in_addr faddr, uint16_t fport,
struct in_addr laddr, uint16_t lport,
struct vestigial_inpcb *res)
{
vtw_t *vtw;
vtw_ctl_t *ctl;

db_trace(KTR_VTW
, (res, "vtw: lookup %A:%P %A:%P"
, faddr, fport
, laddr, lport));

vtw = vtw_lookup_hash_v4((ctl = &vtw_tcpv4[0])
, faddr.s_addr, fport
, laddr.s_addr, lport, 0);

return vtw_export_v4(ctl, vtw, res);
}

/* inpcb_lookup_locals assist for handling vestigial entries.
*/
static void *
tcp_init_ports_v6(const struct in6_addr *addr, u_int port, int wild)
{
struct tcp_ports_iterator *it = &tcp_ports_iterator_v6;

bzero(it, sizeof (*it));

/* Note: the reference to vtw_tcpv6[0] is fine.
* We do not need per-class iteration. We just
* need to get to the fat, and there is one
* shared fat.
*/
if (vtw_tcpv6[0].fat) {
it->addr.v6 = *addr;
it->port = port;
it->wild = !!wild;
it->ctl = &vtw_tcpv6[0];

++vtw_stats.look[1];
}

return it;
}

/*!\brief export an IPv6 vtw.
*/
static int
vtw_export_v6(vtw_ctl_t *ctl, vtw_t *vtw, vestigial_inpcb_t *res)
{
vtw_v6_t *v6 = (void*)vtw;

bzero(res, sizeof (*res));

if (ctl && vtw) {
if (!ctl->clidx && vtw->msl_class)
ctl += vtw->msl_class;
else
KASSERT(ctl->clidx == vtw->msl_class);

res->valid = 1;
res->v4 = 0;

res->faddr.v6 = v6->faddr;
res->laddr.v6 = v6->laddr;
res->fport = v6->fport;
res->lport = v6->lport;
res->vtw = vtw; // netlock held over call(s)
res->ctl = ctl;

res->v6only = vtw->v6only;
res->reuse_addr = vtw->reuse_addr;
res->reuse_port = vtw->reuse_port;

res->snd_nxt = vtw->snd_nxt;
res->rcv_nxt = vtw->rcv_nxt;
res->rcv_wnd = vtw->rcv_wnd;
res->uid = vtw->uid;
}

return res->valid;
}

static int
tcp_next_port_v6(void *arg, struct vestigial_inpcb *res)
{
struct tcp_ports_iterator *it = arg;
vtw_t *vtw = 0;

if (it->ctl)
vtw = vtw_next_port_v6(it);

if (!vtw)
it->ctl = 0;

return vtw_export_v6(it->ctl, vtw, res);
}

static int
tcp_lookup_v6(const struct in6_addr *faddr, uint16_t fport,
const struct in6_addr *laddr, uint16_t lport,
struct vestigial_inpcb *res)
{
vtw_ctl_t *ctl;
vtw_t *vtw;

db_trace(KTR_VTW
, (res, "vtw: lookup %6A:%P %6A:%P"
, db_store(faddr, sizeof (*faddr)), fport
, db_store(laddr, sizeof (*laddr)), lport));

vtw = vtw_lookup_hash_v6((ctl = &vtw_tcpv6[0])
, faddr, fport
, laddr, lport, 0);

return vtw_export_v6(ctl, vtw, res);
}

static vestigial_hooks_t tcp_hooks = {
.init_ports4 = tcp_init_ports_v4,
.next_port4 = tcp_next_port_v4,
.lookup4 = tcp_lookup_v4,
.init_ports6 = tcp_init_ports_v6,
.next_port6 = tcp_next_port_v6,
.lookup6 = tcp_lookup_v6,
};

static bool
vtw_select(int af, fatp_ctl_t **fatp, vtw_ctl_t **ctlp)
{
fatp_ctl_t *fat;
vtw_ctl_t *ctl;

switch (af) {
case AF_INET:
fat = &fat_tcpv4;
ctl = &vtw_tcpv4[0];
break;
case AF_INET6:
fat = &fat_tcpv6;
ctl = &vtw_tcpv6[0];
break;
default:
return false;
}
if (fatp != NULL)
*fatp = fat;
if (ctlp != NULL)
*ctlp = ctl;
return true;
}

/*!\brief initialize controlling instance
*/
static int
vtw_control_init(int af)
{
fatp_ctl_t *fat;
vtw_ctl_t *ctl;
fatp_t *fat_base;
fatp_t **fat_hash;
vtw_t *ctl_base_v;
uint32_t n, m;
size_t sz;

KASSERT(powerof2(tcp_vtw_entries));

if (!vtw_select(af, &fat, &ctl))
return EAFNOSUPPORT;

if (fat->hash != NULL) {
KASSERT(fat->base != NULL && ctl->base.v != NULL);
return 0;
}

/* Allocate 10% more capacity in the fat pointers.
* We should only need ~#hash additional based on
* how they age, but TIME_WAIT assassination could cause
* sparse fat pointer utilisation.
*/
m = 512;
n = 2*m + (11 * (tcp_vtw_entries / fatp_ntags())) / 10;
sz = (ctl->is_v4 ? sizeof(vtw_v4_t) : sizeof(vtw_v6_t));

fat_hash = kmem_zalloc(2*m * sizeof(fatp_t *), KM_SLEEP);
fat_base = kmem_zalloc(2*n * sizeof(fatp_t), KM_SLEEP);
ctl_base_v = kmem_zalloc(tcp_vtw_entries * sz, KM_SLEEP);
fatp_init(fat, n, m, fat_base, fat_hash);
vtw_init(fat, ctl, tcp_vtw_entries, ctl_base_v);

return 0;
}

/*!\brief select controlling instance
*/
static vtw_ctl_t *
vtw_control(int af, uint32_t msl)
{
fatp_ctl_t *fat;
vtw_ctl_t *ctl;
int msl_class = msl_to_class(msl);

if (!vtw_select(af, &fat, &ctl))
return NULL;

if (!fat->base || !ctl->base.v)
return NULL;

if (!tcp_vtw_was_enabled) {
/* This guarantees is timer ticks until we no longer need them.
*/
tcp_vtw_was_enabled = 1;

callout_schedule(&vtw_cs, hz / 5);

tcbtable.vestige = &tcp_hooks;
}

return ctl + msl_class;
}

/*!\brief add TCP pcb to vestigial timewait
*/
int
vtw_add(int af, struct tcpcb *tp)
{
#ifdef VTW_DEBUG
int enable;
#endif
vtw_ctl_t *ctl;
vtw_t *vtw;

KASSERT(mutex_owned(softnet_lock));

ctl = vtw_control(af, tp->t_msl);
if (!ctl)
return 0;

#ifdef VTW_DEBUG
enable = (af == AF_INET) ? tcp4_vtw_enable : tcp6_vtw_enable;
#endif

vtw = vtw_alloc(ctl);

if (vtw) {
vtw->snd_nxt = tp->snd_nxt;
vtw->rcv_nxt = tp->rcv_nxt;

switch (af) {
case AF_INET: {
struct inpcb *inp = tp->t_inpcb;
vtw_v4_t *v4 = (void*)vtw;

v4->faddr = in4p_faddr(inp).s_addr;
v4->laddr = in4p_laddr(inp).s_addr;
v4->fport = inp->inp_fport;
v4->lport = inp->inp_lport;

vtw->reuse_port = !!(inp->inp_socket->so_options
& SO_REUSEPORT);
vtw->reuse_addr = !!(inp->inp_socket->so_options
& SO_REUSEADDR);
vtw->v6only = 0;
vtw->uid = inp->inp_socket->so_uidinfo->ui_uid;

vtw_inshash_v4(ctl, vtw);

#ifdef VTW_DEBUG
/* Immediate lookup (connected and port) to
* ensure at least that works!
*/
if (enable & 4) {
KASSERT(vtw_lookup_hash_v4
(ctl
, in4p_faddr(inp).s_addr, inp->inp_fport
, in4p_laddr(inp).s_addr, inp->inp_lport
, 0)
== vtw);
KASSERT(vtw_lookup_hash_v4
(ctl
, in4p_faddr(inp).s_addr, inp->inp_fport
, in4p_laddr(inp).s_addr, inp->inp_lport
, 1));
}
/* Immediate port iterator functionality check: not wild
*/
if (enable & 8) {
struct tcp_ports_iterator *it;
struct vestigial_inpcb res;
int cnt = 0;

it = tcp_init_ports_v4(in4p_laddr(inp)
, inp->inp_lport, 0);

while (tcp_next_port_v4(it, &res)) {
++cnt;
}
KASSERT(cnt);
}
/* Immediate port iterator functionality check: wild
*/
if (enable & 16) {
struct tcp_ports_iterator *it;
struct vestigial_inpcb res;
struct in_addr any;
int cnt = 0;

any.s_addr = htonl(INADDR_ANY);

it = tcp_init_ports_v4(any, inp->inp_lport, 1);

while (tcp_next_port_v4(it, &res)) {
++cnt;
}
KASSERT(cnt);
}
#endif /* VTW_DEBUG */
break;
}

case AF_INET6: {
struct inpcb *inp = tp->t_inpcb;
vtw_v6_t *v6 = (void*)vtw;

v6->faddr = in6p_faddr(inp);
v6->laddr = in6p_laddr(inp);
v6->fport = inp->inp_fport;
v6->lport = inp->inp_lport;

vtw->reuse_port = !!(inp->inp_socket->so_options
& SO_REUSEPORT);
vtw->reuse_addr = !!(inp->inp_socket->so_options
& SO_REUSEADDR);
vtw->v6only = !!(inp->inp_flags
& IN6P_IPV6_V6ONLY);
vtw->uid = inp->inp_socket->so_uidinfo->ui_uid;

vtw_inshash_v6(ctl, vtw);
#ifdef VTW_DEBUG
/* Immediate lookup (connected and port) to
* ensure at least that works!
*/
if (enable & 4) {
KASSERT(vtw_lookup_hash_v6(ctl
, &in6p_faddr(inp), inp->inp_fport
, &in6p_laddr(inp), inp->inp_lport
, 0)
== vtw);
KASSERT(vtw_lookup_hash_v6
(ctl
, &in6p_faddr(inp), inp->inp_fport
, &in6p_laddr(inp), inp->inp_lport
, 1));
}
/* Immediate port iterator functionality check: not wild
*/
if (enable & 8) {
struct tcp_ports_iterator *it;
struct vestigial_inpcb res;
int cnt = 0;

it = tcp_init_ports_v6(&in6p_laddr(inp)
, inp->inp_lport, 0);

while (tcp_next_port_v6(it, &res)) {
++cnt;
}
KASSERT(cnt);
}
/* Immediate port iterator functionality check: wild
*/
if (enable & 16) {
struct tcp_ports_iterator *it;
struct vestigial_inpcb res;
static struct in6_addr any = IN6ADDR_ANY_INIT;
int cnt = 0;

it = tcp_init_ports_v6(&any
, inp->inp_lport, 1);

while (tcp_next_port_v6(it, &res)) {
++cnt;
}
KASSERT(cnt);
}
#endif /* VTW_DEBUG */
break;
}
}

tcp_canceltimers(tp);
tp = tcp_close(tp);
KASSERT(!tp);

return 1;
}

return 0;
}

/*!\brief restart timer for vestigial time-wait entry
*/
static void
vtw_restart_v4(vestigial_inpcb_t *vp)
{
vtw_v4_t copy = *(vtw_v4_t*)vp->vtw;
vtw_t *vtw;
vtw_t *cp = &copy.common;
vtw_ctl_t *ctl;

KASSERT(mutex_owned(softnet_lock));

db_trace(KTR_VTW
, (vp->vtw, "vtw: restart %A:%P %A:%P"
, vp->faddr.v4.s_addr, vp->fport
, vp->laddr.v4.s_addr, vp->lport));

/* Class might have changed, so have a squiz.
*/
ctl = vtw_control(AF_INET, class_to_msl(cp->msl_class));
vtw = vtw_alloc(ctl);

if (vtw) {
vtw_v4_t *v4 = (void*)vtw;

/* Safe now to unhash the old entry
*/
vtw_del(vp->ctl, vp->vtw);

vtw->snd_nxt = cp->snd_nxt;
vtw->rcv_nxt = cp->rcv_nxt;

v4->faddr = copy.faddr;
v4->laddr = copy.laddr;
v4->fport = copy.fport;
v4->lport = copy.lport;

vtw->reuse_port = cp->reuse_port;
vtw->reuse_addr = cp->reuse_addr;
vtw->v6only = 0;
vtw->uid = cp->uid;

vtw_inshash_v4(ctl, vtw);
}

vp->valid = 0;
}

/*!\brief restart timer for vestigial time-wait entry
*/
static void
vtw_restart_v6(vestigial_inpcb_t *vp)
{
vtw_v6_t copy = *(vtw_v6_t*)vp->vtw;
vtw_t *vtw;
vtw_t *cp = &copy.common;
vtw_ctl_t *ctl;

KASSERT(mutex_owned(softnet_lock));

db_trace(KTR_VTW
, (vp->vtw, "vtw: restart %6A:%P %6A:%P"
, db_store(&vp->faddr.v6, sizeof (vp->faddr.v6))
, vp->fport
, db_store(&vp->laddr.v6, sizeof (vp->laddr.v6))
, vp->lport));

/* Class might have changed, so have a squiz.
*/
ctl = vtw_control(AF_INET6, class_to_msl(cp->msl_class));
vtw = vtw_alloc(ctl);

if (vtw) {
vtw_v6_t *v6 = (void*)vtw;

/* Safe now to unhash the old entry
*/
vtw_del(vp->ctl, vp->vtw);

vtw->snd_nxt = cp->snd_nxt;
vtw->rcv_nxt = cp->rcv_nxt;

v6->faddr = copy.faddr;
v6->laddr = copy.laddr;
v6->fport = copy.fport;
v6->lport = copy.lport;

vtw->reuse_port = cp->reuse_port;
vtw->reuse_addr = cp->reuse_addr;
vtw->v6only = cp->v6only;
vtw->uid = cp->uid;

vtw_inshash_v6(ctl, vtw);
}

vp->valid = 0;
}

/*!\brief restart timer for vestigial time-wait entry
*/
void
vtw_restart(vestigial_inpcb_t *vp)
{
if (!vp || !vp->valid)
return;

if (vp->v4)
vtw_restart_v4(vp);
else
vtw_restart_v6(vp);
}

int
sysctl_tcp_vtw_enable(SYSCTLFN_ARGS)
{
int en, rc;
struct sysctlnode node;

node = *rnode;
en = *(int *)rnode->sysctl_data;
node.sysctl_data = &en;

rc = sysctl_lookup(SYSCTLFN_CALL(&node));
if (rc != 0 || newp == NULL)
return rc;

if (rnode->sysctl_data != &tcp4_vtw_enable &&
rnode->sysctl_data != &tcp6_vtw_enable)
rc = ENOENT;
else if ((en & 1) == 0)
rc = 0;
else if (rnode->sysctl_data == &tcp4_vtw_enable)
rc = vtw_control_init(AF_INET);
else /* rnode->sysctl_data == &tcp6_vtw_enable */
rc = vtw_control_init(AF_INET6);

if (rc == 0)
*(int *)rnode->sysctl_data = en;

return rc;
}

int
vtw_earlyinit(void)
{
int i, rc;

callout_init(&vtw_cs, 0);
callout_setfunc(&vtw_cs, vtw_tick, 0);

for (i = 0; i < VTW_NCLASS; ++i) {
vtw_tcpv4[i].is_v4 = 1;
vtw_tcpv6[i].is_v6 = 1;
}

if ((tcp4_vtw_enable & 1) != 0 &&
(rc = vtw_control_init(AF_INET)) != 0)
return rc;

if ((tcp6_vtw_enable & 1) != 0 &&
(rc = vtw_control_init(AF_INET6)) != 0)
return rc;

return 0;
}

#ifdef VTW_DEBUG
#include <sys/syscallargs.h>
#include <sys/sysctl.h>

/*!\brief add lalp, fafp entries for debug
*/
int
vtw_debug_add(int af, sin_either_t *la, sin_either_t *fa, int msl, int msl_class)
{
vtw_ctl_t *ctl;
vtw_t *vtw;

ctl = vtw_control(af, msl ? msl : class_to_msl(msl_class));
if (!ctl)
return 0;

vtw = vtw_alloc(ctl);

if (vtw) {
vtw->snd_nxt = 0;
vtw->rcv_nxt = 0;

switch (af) {
case AF_INET: {
vtw_v4_t *v4 = (void*)vtw;

v4->faddr = fa->sin_addr.v4.s_addr;
v4->laddr = la->sin_addr.v4.s_addr;
v4->fport = fa->sin_port;
v4->lport = la->sin_port;

vtw->reuse_port = 1;
vtw->reuse_addr = 1;
vtw->v6only = 0;
vtw->uid = 0;

vtw_inshash_v4(ctl, vtw);
break;
}

case AF_INET6: {
vtw_v6_t *v6 = (void*)vtw;

v6->faddr = fa->sin_addr.v6;
v6->laddr = la->sin_addr.v6;

v6->fport = fa->sin_port;
v6->lport = la->sin_port;

vtw->reuse_port = 1;
vtw->reuse_addr = 1;
vtw->v6only = 0;
vtw->uid = 0;

vtw_inshash_v6(ctl, vtw);
break;
}

default:
break;
}

return 1;
}

return 0;
}

static int vtw_syscall = 0;

static int
vtw_debug_process(vtw_sysargs_t *ap)
{
struct vestigial_inpcb vestige;
int rc = 0;

mutex_enter(softnet_lock);

switch (ap->op) {
case 0: // insert
vtw_debug_add(ap->la.sin_family
, &ap->la
, &ap->fa
, TCPTV_MSL
, 0);
break;

case 1: // lookup
case 2: // restart
switch (ap->la.sin_family) {
case AF_INET:
if (tcp_lookup_v4(ap->fa.sin_addr.v4, ap->fa.sin_port,
ap->la.sin_addr.v4, ap->la.sin_port,
&vestige)) {
if (ap->op == 2) {
vtw_restart(&vestige);
}
rc = 0;
} else
rc = ESRCH;
break;

case AF_INET6:
if (tcp_lookup_v6(&ap->fa.sin_addr.v6, ap->fa.sin_port,
&ap->la.sin_addr.v6, ap->la.sin_port,
&vestige)) {
if (ap->op == 2) {
vtw_restart(&vestige);
}
rc = 0;
} else
rc = ESRCH;
break;
default:
rc = EINVAL;
}
break;

default:
rc = EINVAL;
}

mutex_exit(softnet_lock);
return rc;
}

struct sys_vtw_args {
syscallarg(const vtw_sysargs_t *) req;
syscallarg(size_t) len;
};

static int
vtw_sys(struct lwp *l, const void *_, register_t *retval)
{
const struct sys_vtw_args *uap = _;
void *buf;
int rc;
size_t len = SCARG(uap, len);

if (len != sizeof (vtw_sysargs_t))
return EINVAL;

buf = kmem_alloc(len, KM_SLEEP);
rc = copyin(SCARG(uap, req), buf, len);
if (!rc) {
rc = vtw_debug_process(buf);
}
kmem_free(buf, len);

return rc;
}

static void
vtw_sanity_check(void)
{
vtw_ctl_t *ctl;
vtw_t *vtw;
int i;
int n;

for (i = 0; i < VTW_NCLASS; ++i) {
ctl = &vtw_tcpv4[i];

if (!ctl->base.v || ctl->nalloc)
continue;

for (n = 0, vtw = ctl->base.v; ; ) {
++n;
vtw = vtw_next(ctl, vtw);
if (vtw == ctl->base.v)
break;
}
db_trace(KTR_VTW
, (ctl, "sanity: class %x n %x nfree %x"
, i, n, ctl->nfree));

KASSERT(n == ctl->nfree);
}

for (i = 0; i < VTW_NCLASS; ++i) {
ctl = &vtw_tcpv6[i];

if (!ctl->base.v || ctl->nalloc)
continue;

for (n = 0, vtw = ctl->base.v; ; ) {
++n;
vtw = vtw_next(ctl, vtw);
if (vtw == ctl->base.v)
break;
}
db_trace(KTR_VTW
, (ctl, "sanity: class %x n %x nfree %x"
, i, n, ctl->nfree));
KASSERT(n == ctl->nfree);
}
}

/*!\brief Initialise debug support.
*/
static void
vtw_debug_init(void)
{
int i;

vtw_sanity_check();

if (vtw_syscall)
return;

for (i = 511; i; --i) {
if (sysent[i].sy_call == sys_nosys) {
sysent[i].sy_call = vtw_sys;
sysent[i].sy_narg = 2;
sysent[i].sy_argsize = sizeof (struct sys_vtw_args);
sysent[i].sy_flags = 0;

vtw_syscall = i;
break;
}
}
if (i) {
const struct sysctlnode *node;
uint32_t flags;

flags = sysctl_root.sysctl_flags;

sysctl_root.sysctl_flags |= CTLFLAG_READWRITE;
sysctl_root.sysctl_flags &= ~CTLFLAG_PERMANENT;

sysctl_createv(0, 0, 0, &node,
CTLFLAG_PERMANENT, CTLTYPE_NODE,
"koff",
SYSCTL_DESCR("Kernel Obscure Feature Finder"),
0, 0, 0, 0, CTL_CREATE, CTL_EOL);

if (!node) {
sysctl_createv(0, 0, 0, &node,
CTLFLAG_PERMANENT, CTLTYPE_NODE,
"koffka",
SYSCTL_DESCR("The Real(tm) Kernel"
" Obscure Feature Finder"),
0, 0, 0, 0, CTL_CREATE, CTL_EOL);
}
if (node) {
sysctl_createv(0, 0, 0, 0,
CTLFLAG_PERMANENT|CTLFLAG_READONLY,
CTLTYPE_INT, "vtw_debug_syscall",
SYSCTL_DESCR("vtw debug"
" system call number"),
0, 0, &vtw_syscall, 0, node->sysctl_num,
CTL_CREATE, CTL_EOL);
}
sysctl_root.sysctl_flags = flags;
}
}
#else /* !VTW_DEBUG */
static void
vtw_debug_init(void)
{
return;
}
#endif /* !VTW_DEBUG */