3 * Transmission Control Protocol, incoming traffic
5 * The input processing functions of the TCP layer.
7 * These functions are generally called in the order (ip_input() ->)
8 * tcp_input() -> * tcp_process() -> tcp_receive() (-> application).
13 * Copyright (c) 2001-2004 Swedish Institute of Computer Science.
14 * All rights reserved.
16 * Redistribution and use in source and binary forms, with or without modification,
17 * are permitted provided that the following conditions are met:
19 * 1. Redistributions of source code must retain the above copyright notice,
20 * this list of conditions and the following disclaimer.
21 * 2. Redistributions in binary form must reproduce the above copyright notice,
22 * this list of conditions and the following disclaimer in the documentation
23 * and/or other materials provided with the distribution.
24 * 3. The name of the author may not be used to endorse or promote products
25 * derived from this software without specific prior written permission.
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
28 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
29 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
30 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
31 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
32 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
35 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
38 * This file is part of the lwIP TCP/IP stack.
40 * Author: Adam Dunkels <adam@sics.se>
46 #if LWIP_TCP /* don't build if not configured for use in lwipopts.h */
48 #include "lwip/priv/tcp_priv.h"
50 #include "lwip/ip_addr.h"
51 #include "lwip/netif.h"
53 #include "lwip/memp.h"
54 #include "lwip/inet_chksum.h"
55 #include "lwip/stats.h"
57 #include "lwip/ip6_addr.h"
58 #if LWIP_ND6_TCP_REACHABILITY_HINTS
60 #endif /* LWIP_ND6_TCP_REACHABILITY_HINTS */
62 /** Initial CWND calculation as defined RFC 2581 */
63 #define LWIP_TCP_CALC_INITIAL_CWND(mss) LWIP_MIN((4U * (mss)), LWIP_MAX((2U * (mss)), 4380U));
65 /* These variables are global to all functions involved in the input
66 processing of TCP segments. They are set by the tcp_input()
68 static struct tcp_seg inseg;
69 static struct tcp_hdr *tcphdr;
70 static u16_t tcphdr_optlen;
71 static u16_t tcphdr_opt1len;
72 static u8_t* tcphdr_opt2;
73 static u16_t tcp_optidx;
74 static u32_t seqno, ackno;
75 static tcpwnd_size_t recv_acked;
79 static u8_t recv_flags;
80 static struct pbuf *recv_data;
82 struct tcp_pcb *tcp_input_pcb;
84 /* Forward declarations. */
85 static err_t tcp_process(struct tcp_pcb *pcb);
86 static void tcp_receive(struct tcp_pcb *pcb);
87 static void tcp_parseopt(struct tcp_pcb *pcb);
89 static void tcp_listen_input(struct tcp_pcb_listen *pcb, struct netif *inp);
90 static void tcp_timewait_input(struct tcp_pcb *pcb);
92 static int tcp_input_delayed_close(struct tcp_pcb *pcb);
95 * The initial input processing of TCP. It verifies the TCP header, demultiplexes
96 * the segment between the PCBs and passes it on to tcp_process(), which implements
97 * the TCP finite state machine. This function is called by the IP layer (in
100 * @param p received TCP segment to process (p->payload pointing to the TCP header)
101 * @param inp network interface on which this segment was received
104 tcp_input(struct pbuf *p, struct netif *inp)
106 struct tcp_pcb *pcb, *prev;
107 struct tcp_pcb_listen *lpcb;
109 struct tcp_pcb *lpcb_prev = NULL;
110 struct tcp_pcb_listen *lpcb_any = NULL;
111 #endif /* SO_REUSE */
115 LWIP_UNUSED_ARG(inp);
116 LWIP_ASSERT_CORE_LOCKED();
120 TCP_STATS_INC(tcp.recv);
121 MIB2_STATS_INC(mib2.tcpinsegs);
123 tcphdr = (struct tcp_hdr *)p->payload;
126 #if LWIP_IP_DEBUG_TARGET
127 if (debug_target_match(ip_current_is_v6(), ipX_current_src_addr(), ipX_current_dest_addr()))
130 tcp_debug_print(tcphdr);
131 #if LWIP_IP_DEBUG_TARGET
136 /* Check that TCP header fits in payload */
137 if (p->len < TCP_HLEN) {
138 /* drop short packets */
139 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: short packet (%"U16_F" bytes) discarded\n", p->tot_len));
140 TCP_STATS_INC(tcp.lenerr);
144 /* Don't even process incoming broadcasts/multicasts. */
145 if (ip_addr_isbroadcast(ip_current_dest_addr(), ip_current_netif()) ||
146 ip_addr_ismulticast(ip_current_dest_addr())) {
147 TCP_STATS_INC(tcp.proterr);
151 #if CHECKSUM_CHECK_TCP
152 IF__NETIF_CHECKSUM_ENABLED(inp, NETIF_CHECKSUM_CHECK_TCP) {
153 /* Verify TCP checksum. */
154 u16_t chksum = ip_chksum_pseudo(p, IP_PROTO_TCP, p->tot_len,
155 ip_current_src_addr(), ip_current_dest_addr());
157 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packet discarded due to failing checksum 0x%04"X16_F"\n",
159 tcp_debug_print(tcphdr);
160 TCP_STATS_INC(tcp.chkerr);
164 #endif /* CHECKSUM_CHECK_TCP */
166 /* sanity-check header length */
167 hdrlen_bytes = TCPH_HDRLEN(tcphdr) * 4;
168 if ((hdrlen_bytes < TCP_HLEN) || (hdrlen_bytes > p->tot_len)) {
169 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: invalid header length (%"U16_F")\n", (u16_t)hdrlen_bytes));
170 TCP_STATS_INC(tcp.lenerr);
174 /* Move the payload pointer in the pbuf so that it points to the
175 TCP data instead of the TCP header. */
176 tcphdr_optlen = hdrlen_bytes - TCP_HLEN;
178 if (p->len >= hdrlen_bytes) {
179 /* all options are in the first pbuf */
180 tcphdr_opt1len = tcphdr_optlen;
181 pbuf_header(p, -(s16_t)hdrlen_bytes); /* cannot fail */
184 /* TCP header fits into first pbuf, options don't - data is in the next pbuf */
185 /* there must be a next pbuf, due to hdrlen_bytes sanity check above */
186 LWIP_ASSERT("p->next != NULL", p->next != NULL);
188 /* advance over the TCP header (cannot fail) */
189 pbuf_header(p, -TCP_HLEN);
191 /* determine how long the first and second parts of the options are */
192 tcphdr_opt1len = p->len;
193 opt2len = tcphdr_optlen - tcphdr_opt1len;
195 /* options continue in the next pbuf: set p to zero length and hide the
196 options in the next pbuf (adjusting p->tot_len) */
197 pbuf_header(p, -(s16_t)tcphdr_opt1len);
199 /* check that the options fit in the second pbuf */
200 if (opt2len > p->next->len) {
201 /* drop short packets */
202 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: options overflow second pbuf (%"U16_F" bytes)\n", p->next->len));
203 TCP_STATS_INC(tcp.lenerr);
207 /* remember the pointer to the second part of the options */
208 tcphdr_opt2 = (u8_t*)p->next->payload;
210 /* advance p->next to point after the options, and manually
211 adjust p->tot_len to keep it consistent with the changed p->next */
212 pbuf_header(p->next, -(s16_t)opt2len);
213 p->tot_len -= opt2len;
215 LWIP_ASSERT("p->len == 0", p->len == 0);
216 LWIP_ASSERT("p->tot_len == p->next->tot_len", p->tot_len == p->next->tot_len);
219 /* Convert fields in TCP header to host byte order. */
220 tcphdr->src = lwip_ntohs(tcphdr->src);
221 tcphdr->dest = lwip_ntohs(tcphdr->dest);
222 seqno = tcphdr->seqno = lwip_ntohl(tcphdr->seqno);
223 ackno = tcphdr->ackno = lwip_ntohl(tcphdr->ackno);
224 tcphdr->wnd = lwip_ntohs(tcphdr->wnd);
226 flags = TCPH_FLAGS(tcphdr);
227 tcplen = p->tot_len + ((flags & (TCP_FIN | TCP_SYN)) ? 1 : 0);
229 /* Demultiplex an incoming segment. First, we check if it is destined
230 for an active connection. */
233 for (pcb = tcp_active_pcbs; pcb != NULL; pcb = pcb->next) {
234 LWIP_ASSERT("tcp_input: active pcb->state != CLOSED", pcb->state != CLOSED);
235 LWIP_ASSERT("tcp_input: active pcb->state != TIME-WAIT", pcb->state != TIME_WAIT);
236 LWIP_ASSERT("tcp_input: active pcb->state != LISTEN", pcb->state != LISTEN);
237 if (pcb->remote_port == tcphdr->src &&
238 pcb->local_port == tcphdr->dest &&
239 #if LWIP_MANAGEMENT_CHANNEL
240 (!inp->using_management_channel || ip_get_option(pcb,SOF_MANAGEMENT)) &&
242 ip_addr_cmp(&pcb->remote_ip, ip_current_src_addr()) &&
243 ip_addr_cmp(&pcb->local_ip, ip_current_dest_addr())) {
244 /* Move this PCB to the front of the list so that subsequent
245 lookups will be faster (we exploit locality in TCP segment
247 LWIP_ASSERT("tcp_input: pcb->next != pcb (before cache)", pcb->next != pcb);
249 prev->next = pcb->next;
250 pcb->next = tcp_active_pcbs;
251 tcp_active_pcbs = pcb;
253 TCP_STATS_INC(tcp.cachehit);
255 LWIP_ASSERT("tcp_input: pcb->next != pcb (after cache)", pcb->next != pcb);
262 /* If it did not go to an active connection, we check the connections
263 in the TIME-WAIT state. */
264 for (pcb = tcp_tw_pcbs; pcb != NULL; pcb = pcb->next) {
265 LWIP_ASSERT("tcp_input: TIME-WAIT pcb->state == TIME-WAIT", pcb->state == TIME_WAIT);
266 if (pcb->remote_port == tcphdr->src &&
267 pcb->local_port == tcphdr->dest &&
268 #if LWIP_MANAGEMENT_CHANNEL
269 (!inp->using_management_channel || ip_get_option(pcb,SOF_MANAGEMENT)) &&
271 ip_addr_cmp(&pcb->remote_ip, ip_current_src_addr()) &&
272 ip_addr_cmp(&pcb->local_ip, ip_current_dest_addr())) {
273 /* We don't really care enough to move this PCB to the front
274 of the list since we are not very likely to receive that
275 many segments for connections in TIME-WAIT. */
276 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for TIME_WAITing connection.\n"));
277 tcp_timewait_input(pcb);
283 /* Finally, if we still did not get a match, we check all PCBs that
284 are LISTENing for incoming connections. */
286 for (lpcb = tcp_listen_pcbs.listen_pcbs; lpcb != NULL; lpcb = lpcb->next) {
287 #if LWIP_MANAGEMENT_CHANNEL
288 if (inp->using_management_channel && !ip_get_option(lpcb,SOF_MANAGEMENT))
291 /* check if PCB is bound to specific netif */
292 if ((lpcb->netif_idx != NETIF_NO_INDEX) &&
293 (lpcb->netif_idx != netif_get_index(ip_data.current_input_netif))) {
297 if (lpcb->local_port == tcphdr->dest) {
298 if (IP_IS_ANY_TYPE_VAL(lpcb->local_ip)) {
299 /* found an ANY TYPE (IPv4/IPv6) match */
305 #endif /* SO_REUSE */
306 } else if (IP_ADDR_PCB_VERSION_MATCH_EXACT(lpcb, ip_current_dest_addr())) {
307 if (ip_addr_cmp(&lpcb->local_ip, ip_current_dest_addr())) {
308 /* found an exact match */
310 } else if (ip_addr_isany(&lpcb->local_ip)) {
311 /* found an ANY-match */
317 #endif /* SO_REUSE */
321 prev = (struct tcp_pcb *)lpcb;
324 /* first try specific local IP */
326 /* only pass to ANY if no specific local IP has been found */
330 #endif /* SO_REUSE */
332 /* Move this PCB to the front of the list so that subsequent
333 lookups will be faster (we exploit locality in TCP segment
336 ((struct tcp_pcb_listen *)prev)->next = lpcb->next;
337 /* our successor is the remainder of the listening list */
338 lpcb->next = tcp_listen_pcbs.listen_pcbs;
339 /* put this listening pcb at the head of the listening list */
340 tcp_listen_pcbs.listen_pcbs = lpcb;
342 TCP_STATS_INC(tcp.cachehit);
345 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: packed for LISTENing connection.\n"));
346 tcp_listen_input(lpcb, inp);
353 /* The incoming segment belongs to a connection. */
355 tcp_debug_print_state(pcb->state);
356 #endif /* TCP_INPUT_DEBUG */
358 /* Set up a tcp_seg structure. */
360 inseg.len = p->tot_len;
362 inseg.tcphdr = tcphdr;
368 if (flags & TCP_PSH) {
369 p->flags |= PBUF_FLAG_PUSH;
372 /* If there is data which was previously "refused" by upper layer */
373 if (pcb->refused_data != NULL) {
374 if ((tcp_process_refused_data(pcb) == ERR_ABRT) ||
375 ((pcb->refused_data != NULL) && (tcplen > 0))) {
376 /* pcb has been aborted or refused data is still refused and the new
377 segment contains data */
378 if (pcb->rcv_ann_wnd == 0) {
379 /* this is a zero-window probe, we respond to it with current RCV.NXT
380 and drop the data segment */
381 tcp_send_empty_ack(pcb);
383 TCP_STATS_INC(tcp.drop);
384 MIB2_STATS_INC(mib2.tcpinerrs);
389 err = tcp_process(pcb);
390 /* A return value of ERR_ABRT means that tcp_abort() was called
391 and that the pcb has been freed. If so, we don't do anything. */
392 if (err != ERR_ABRT) {
393 if (recv_flags & TF_RESET) {
394 /* TF_RESET means that the connection was reset by the other
395 end. We then call the error callback to inform the
396 application that the connection is dead before we
397 deallocate the PCB. */
398 TCP_EVENT_ERR(pcb->state, pcb->errf, pcb->callback_arg, ERR_RST);
399 tcp_pcb_remove(&tcp_active_pcbs, pcb);
400 memp_free(MEMP_TCP_PCB, pcb);
403 /* If the application has registered a "sent" function to be
404 called when new send buffer space is available, we call it
406 if (recv_acked > 0) {
409 /* recv_acked is u32_t but the sent callback only takes a u16_t,
410 so we might have to call it multiple times. */
411 u32_t acked = recv_acked;
413 acked16 = (u16_t)LWIP_MIN(acked, 0xffffu);
417 acked16 = recv_acked;
419 TCP_EVENT_SENT(pcb, (u16_t)acked16, err);
420 if (err == ERR_ABRT) {
426 if (tcp_input_delayed_close(pcb)) {
429 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
430 while (recv_data != NULL) {
431 struct pbuf *rest = NULL;
432 pbuf_split_64k(recv_data, &rest);
433 #else /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
434 if (recv_data != NULL) {
435 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
437 LWIP_ASSERT("pcb->refused_data == NULL", pcb->refused_data == NULL);
438 if (pcb->flags & TF_RXCLOSED) {
439 /* received data although already closed -> abort (send RST) to
440 notify the remote host that not all data has been processed */
441 pbuf_free(recv_data);
442 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
446 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
451 /* Notify application that data has been received. */
452 TCP_EVENT_RECV(pcb, recv_data, ERR_OK, err);
453 if (err == ERR_ABRT) {
454 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
458 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
462 /* If the upper layer can't receive this data, store it */
464 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
466 pbuf_cat(recv_data, rest);
468 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
469 pcb->refused_data = recv_data;
470 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_input: keep incoming packet, because pcb is \"full\"\n"));
471 #if TCP_QUEUE_OOSEQ && LWIP_WND_SCALE
474 /* Upper layer received the data, go on with the rest if > 64K */
476 #endif /* TCP_QUEUE_OOSEQ && LWIP_WND_SCALE */
480 /* If a FIN segment was received, we call the callback
481 function with a NULL buffer to indicate EOF. */
482 if (recv_flags & TF_GOT_FIN) {
483 if (pcb->refused_data != NULL) {
484 /* Delay this if we have refused data. */
485 pcb->refused_data->flags |= PBUF_FLAG_TCP_FIN;
487 /* correct rcv_wnd as the application won't call tcp_recved()
488 for the FIN's seqno */
489 if (pcb->rcv_wnd != TCP_WND_MAX(pcb)) {
492 TCP_EVENT_CLOSED(pcb, err);
493 if (err == ERR_ABRT) {
499 tcp_input_pcb = NULL;
500 if (tcp_input_delayed_close(pcb)) {
503 /* Try to send something out. */
507 tcp_debug_print_state(pcb->state);
508 #endif /* TCP_DEBUG */
509 #endif /* TCP_INPUT_DEBUG */
512 /* Jump target if pcb has been aborted in a callback (by calling tcp_abort()).
513 Below this line, 'pcb' may not be dereferenced! */
515 tcp_input_pcb = NULL;
518 /* give up our reference to inseg.p */
526 /* If no matching PCB was found, send a TCP RST (reset) to the
528 LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_input: no PCB match found, resetting.\n"));
529 if (!(TCPH_FLAGS(tcphdr) & TCP_RST)) {
530 TCP_STATS_INC(tcp.proterr);
531 TCP_STATS_INC(tcp.drop);
532 tcp_rst(ackno, seqno + tcplen, ip_current_dest_addr(),
533 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
538 LWIP_ASSERT("tcp_input: tcp_pcbs_sane()", tcp_pcbs_sane());
539 PERF_STOP("tcp_input");
542 TCP_STATS_INC(tcp.drop);
543 MIB2_STATS_INC(mib2.tcpinerrs);
547 /** Called from tcp_input to check for TF_CLOSED flag. This results in closing
548 * and deallocating a pcb at the correct place to ensure noone references it
550 * @returns 1 if the pcb has been closed and deallocated, 0 otherwise
553 tcp_input_delayed_close(struct tcp_pcb *pcb)
555 if (recv_flags & TF_CLOSED) {
556 /* The connection has been closed and we will deallocate the
558 if (!(pcb->flags & TF_RXCLOSED)) {
559 /* Connection closed although the application has only shut down the
560 tx side: call the PCB's err callback and indicate the closure to
561 ensure the application doesn't continue using the PCB. */
562 TCP_EVENT_ERR(pcb->state, pcb->errf, pcb->callback_arg, ERR_CLSD);
564 tcp_pcb_remove(&tcp_active_pcbs, pcb);
565 memp_free(MEMP_TCP_PCB, pcb);
572 * Called by tcp_input() when a segment arrives for a listening
573 * connection (from tcp_input()).
575 * @param pcb the tcp_pcb_listen for which a segment arrived
577 * @note the segment which arrived is saved in global variables, therefore only the pcb
578 * involved is passed as a parameter to this function
581 tcp_listen_input(struct tcp_pcb_listen *pcb, struct netif *inp)
583 struct tcp_pcb *npcb;
587 if (flags & TCP_RST) {
588 /* An incoming RST should be ignored. Return. */
592 /* In the LISTEN state, we check for incoming SYN segments,
593 creates a new PCB, and responds with a SYN|ACK. */
594 if (flags & TCP_ACK) {
595 /* For incoming segments with the ACK flag set, respond with a
597 LWIP_DEBUGF(TCP_RST_DEBUG, ("tcp_listen_input: ACK in LISTEN, sending reset\n"));
598 tcp_rst(ackno, seqno + tcplen, ip_current_dest_addr(),
599 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
600 } else if (flags & TCP_SYN) {
601 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection request %"U16_F" -> %"U16_F".\n", tcphdr->src, tcphdr->dest));
602 #if TCP_LISTEN_BACKLOG
603 if (pcb->accepts_pending >= pcb->backlog) {
604 LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: listen backlog exceeded for port %"U16_F"\n", tcphdr->dest));
607 #endif /* TCP_LISTEN_BACKLOG */
608 npcb = tcp_alloc(pcb->prio);
609 /* If a new PCB could not be created (probably due to lack of memory),
610 we don't do anything, but rely on the sender will retransmit the
611 SYN at a time when we have more memory available. */
614 LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: could not allocate PCB\n"));
615 TCP_STATS_INC(tcp.memerr);
616 TCP_EVENT_ACCEPT(pcb, NULL, pcb->callback_arg, ERR_MEM, err);
617 LWIP_UNUSED_ARG(err); /* err not useful here */
620 #if TCP_LISTEN_BACKLOG
621 pcb->accepts_pending++;
622 npcb->flags |= TF_BACKLOGPEND;
623 #endif /* TCP_LISTEN_BACKLOG */
624 /* Set up the new PCB. */
625 ip_addr_copy(npcb->local_ip, *ip_current_dest_addr());
626 ip_addr_copy(npcb->remote_ip, *ip_current_src_addr());
627 npcb->local_port = pcb->local_port;
628 npcb->remote_port = tcphdr->src;
629 npcb->state = SYN_RCVD;
630 npcb->rcv_nxt = seqno + 1;
631 npcb->rcv_ann_right_edge = npcb->rcv_nxt;
632 iss = tcp_next_iss(npcb);
637 npcb->snd_wl1 = seqno - 1;/* initialise to seqno-1 to force window update */
638 npcb->callback_arg = pcb->callback_arg;
639 #if LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG
640 npcb->listener = pcb;
641 #endif /* LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG */
642 /* inherit socket options */
643 npcb->so_options = pcb->so_options & SOF_INHERITED;
644 #if LWIP_MANAGEMENT_CHANNEL
645 if( inp->using_management_channel )
646 ip_set_option(npcb, SOF_MANAGEMENT);
649 /* Register the new PCB so that we can begin receiving segments
651 TCP_REG_ACTIVE(npcb);
653 /* Parse any options in the SYN. */
655 npcb->snd_wnd = tcphdr->wnd;
656 npcb->snd_wnd_max = npcb->snd_wnd;
658 #if TCP_CALCULATE_EFF_SEND_MSS
659 npcb->mss = tcp_eff_send_mss(npcb->mss, &npcb->local_ip, &npcb->remote_ip);
660 #endif /* TCP_CALCULATE_EFF_SEND_MSS */
662 MIB2_STATS_INC(mib2.tcppassiveopens);
664 /* Send a SYN|ACK together with the MSS option. */
665 rc = tcp_enqueue_flags(npcb, TCP_SYN | TCP_ACK);
667 tcp_abandon(npcb, 0);
676 * Called by tcp_input() when a segment arrives for a connection in
679 * @param pcb the tcp_pcb for which a segment arrived
681 * @note the segment which arrived is saved in global variables, therefore only the pcb
682 * involved is passed as a parameter to this function
685 tcp_timewait_input(struct tcp_pcb *pcb)
687 /* RFC 1337: in TIME_WAIT, ignore RST and ACK FINs + any 'acceptable' segments */
688 /* RFC 793 3.9 Event Processing - Segment Arrives:
689 * - first check sequence number - we skip that one in TIME_WAIT (always
690 * acceptable since we only send ACKs)
691 * - second check the RST bit (... return) */
692 if (flags & TCP_RST) {
695 /* - fourth, check the SYN bit, */
696 if (flags & TCP_SYN) {
697 /* If an incoming segment is not acceptable, an acknowledgment
698 should be sent in reply */
699 if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd)) {
700 /* If the SYN is in the window it is an error, send a reset */
701 tcp_rst(ackno, seqno + tcplen, ip_current_dest_addr(),
702 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
705 } else if (flags & TCP_FIN) {
706 /* - eighth, check the FIN bit: Remain in the TIME-WAIT state.
707 Restart the 2 MSL time-wait timeout.*/
708 pcb->tmr = tcp_ticks;
712 /* Acknowledge data, FIN or out-of-window SYN */
713 pcb->flags |= TF_ACK_NOW;
720 * Implements the TCP state machine. Called by tcp_input. In some
721 * states tcp_receive() is called to receive data. The tcp_seg
722 * argument will be freed by the caller (tcp_input()) unless the
723 * recv_data pointer in the pcb is set.
725 * @param pcb the tcp_pcb for which a segment arrived
727 * @note the segment which arrived is saved in global variables, therefore only the pcb
728 * involved is passed as a parameter to this function
731 tcp_process(struct tcp_pcb *pcb)
733 struct tcp_seg *rseg;
739 /* Process incoming RST segments. */
740 if (flags & TCP_RST) {
741 /* First, determine if the reset is acceptable. */
742 if (pcb->state == SYN_SENT) {
743 /* "In the SYN-SENT state (a RST received in response to an initial SYN),
744 the RST is acceptable if the ACK field acknowledges the SYN." */
745 if (ackno == pcb->snd_nxt) {
749 /* "In all states except SYN-SENT, all reset (RST) segments are validated
750 by checking their SEQ-fields." */
751 if (seqno == pcb->rcv_nxt) {
753 } else if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt,
754 pcb->rcv_nxt + pcb->rcv_wnd)) {
755 /* If the sequence number is inside the window, we only send an ACK
756 and wait for a re-send with matching sequence number.
757 This violates RFC 793, but is required to protection against
758 CVE-2004-0230 (RST spoofing attack). */
764 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: Connection RESET\n"));
765 LWIP_ASSERT("tcp_input: pcb->state != CLOSED", pcb->state != CLOSED);
766 recv_flags |= TF_RESET;
767 pcb->flags &= ~TF_ACK_DELAY;
770 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
771 seqno, pcb->rcv_nxt));
772 LWIP_DEBUGF(TCP_DEBUG, ("tcp_process: unacceptable reset seqno %"U32_F" rcv_nxt %"U32_F"\n",
773 seqno, pcb->rcv_nxt));
778 if ((flags & TCP_SYN) && (pcb->state != SYN_SENT && pcb->state != SYN_RCVD)) {
779 /* Cope with new connection attempt after remote end crashed */
784 if ((pcb->flags & TF_RXCLOSED) == 0) {
785 /* Update the PCB (in)activity timer unless rx is closed (see tcp_shutdown) */
786 pcb->tmr = tcp_ticks;
788 pcb->keep_cnt_sent = 0;
792 /* Do different things depending on the TCP state. */
793 switch (pcb->state) {
795 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("SYN-SENT: ackno %"U32_F" pcb->snd_nxt %"U32_F" unacked %"U32_F"\n", ackno,
796 pcb->snd_nxt, lwip_ntohl(pcb->unacked->tcphdr->seqno)));
797 /* received SYN ACK with expected sequence number? */
798 if ((flags & TCP_ACK) && (flags & TCP_SYN)
799 && (ackno == pcb->lastack + 1)) {
800 pcb->rcv_nxt = seqno + 1;
801 pcb->rcv_ann_right_edge = pcb->rcv_nxt;
802 pcb->lastack = ackno;
803 pcb->snd_wnd = tcphdr->wnd;
804 pcb->snd_wnd_max = pcb->snd_wnd;
805 pcb->snd_wl1 = seqno - 1; /* initialise to seqno - 1 to force window update */
806 pcb->state = ESTABLISHED;
808 #if TCP_CALCULATE_EFF_SEND_MSS
809 pcb->mss = tcp_eff_send_mss(pcb->mss, &pcb->local_ip, &pcb->remote_ip);
810 #endif /* TCP_CALCULATE_EFF_SEND_MSS */
812 pcb->cwnd = LWIP_TCP_CALC_INITIAL_CWND(pcb->mss);
813 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_process (SENT): cwnd %"TCPWNDSIZE_F
814 " ssthresh %"TCPWNDSIZE_F"\n",
815 pcb->cwnd, pcb->ssthresh));
816 LWIP_ASSERT("pcb->snd_queuelen > 0", (pcb->snd_queuelen > 0));
818 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_process: SYN-SENT --queuelen %"TCPWNDSIZE_F"\n", (tcpwnd_size_t)pcb->snd_queuelen));
821 /* might happen if tcp_output fails in tcp_rexmit_rto()
822 in which case the segment is on the unsent list */
824 LWIP_ASSERT("no segment to free", rseg != NULL);
825 pcb->unsent = rseg->next;
827 pcb->unacked = rseg->next;
831 /* If there's nothing left to acknowledge, stop the retransmit
832 timer, otherwise reset it to start again */
833 if (pcb->unacked == NULL) {
840 /* Call the user specified function to call when successfully
842 TCP_EVENT_CONNECTED(pcb, ERR_OK, err);
843 if (err == ERR_ABRT) {
848 /* received ACK? possibly a half-open connection */
849 else if (flags & TCP_ACK) {
850 /* send a RST to bring the other side in a non-synchronized state. */
851 tcp_rst(ackno, seqno + tcplen, ip_current_dest_addr(),
852 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
853 /* Resend SYN immediately (don't wait for rto timeout) to establish
854 connection faster, but do not send more SYNs than we otherwise would
855 have, or we might get caught in a loop on loopback interfaces. */
856 if (pcb->nrtx < TCP_SYNMAXRTX) {
863 if (flags & TCP_ACK) {
864 /* expected ACK number? */
865 if (TCP_SEQ_BETWEEN(ackno, pcb->lastack+1, pcb->snd_nxt)) {
866 pcb->state = ESTABLISHED;
867 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection established %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
868 #if LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG
869 #if LWIP_CALLBACK_API
870 LWIP_ASSERT("pcb->listener->accept != NULL",
871 (pcb->listener == NULL) || (pcb->listener->accept != NULL));
873 if (pcb->listener == NULL) {
874 /* listen pcb might be closed by now */
877 #endif /* LWIP_CALLBACK_API || TCP_LISTEN_BACKLOG */
879 tcp_backlog_accepted(pcb);
880 /* Call the accept function. */
881 TCP_EVENT_ACCEPT(pcb->listener, pcb, pcb->callback_arg, ERR_OK, err);
884 /* If the accept function returns with an error, we abort
886 /* Already aborted? */
887 if (err != ERR_ABRT) {
892 /* If there was any data contained within this ACK,
893 * we'd better pass it on to the application as well. */
896 /* Prevent ACK for SYN to generate a sent event */
897 if (recv_acked != 0) {
901 pcb->cwnd = LWIP_TCP_CALC_INITIAL_CWND(pcb->mss);
902 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_process (SYN_RCVD): cwnd %"TCPWNDSIZE_F
903 " ssthresh %"TCPWNDSIZE_F"\n",
904 pcb->cwnd, pcb->ssthresh));
906 if (recv_flags & TF_GOT_FIN) {
908 pcb->state = CLOSE_WAIT;
911 /* incorrect ACK number, send RST */
912 tcp_rst(ackno, seqno + tcplen, ip_current_dest_addr(),
913 ip_current_src_addr(), tcphdr->dest, tcphdr->src);
915 } else if ((flags & TCP_SYN) && (seqno == pcb->rcv_nxt - 1)) {
916 /* Looks like another copy of the SYN - retransmit our SYN-ACK */
924 if (recv_flags & TF_GOT_FIN) { /* passive close */
926 pcb->state = CLOSE_WAIT;
931 if (recv_flags & TF_GOT_FIN) {
932 if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt) &&
933 pcb->unsent == NULL) {
934 LWIP_DEBUGF(TCP_DEBUG,
935 ("TCP connection closed: FIN_WAIT_1 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
939 pcb->state = TIME_WAIT;
940 TCP_REG(&tcp_tw_pcbs, pcb);
943 pcb->state = CLOSING;
945 } else if ((flags & TCP_ACK) && (ackno == pcb->snd_nxt) &&
946 pcb->unsent == NULL) {
947 pcb->state = FIN_WAIT_2;
952 if (recv_flags & TF_GOT_FIN) {
953 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: FIN_WAIT_2 %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
957 pcb->state = TIME_WAIT;
958 TCP_REG(&tcp_tw_pcbs, pcb);
963 if ((flags & TCP_ACK) && ackno == pcb->snd_nxt && pcb->unsent == NULL) {
964 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: CLOSING %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
967 pcb->state = TIME_WAIT;
968 TCP_REG(&tcp_tw_pcbs, pcb);
973 if ((flags & TCP_ACK) && ackno == pcb->snd_nxt && pcb->unsent == NULL) {
974 LWIP_DEBUGF(TCP_DEBUG, ("TCP connection closed: LAST_ACK %"U16_F" -> %"U16_F".\n", inseg.tcphdr->src, inseg.tcphdr->dest));
975 /* bugfix #21699: don't set pcb->state to CLOSED here or we risk leaking segments */
976 recv_flags |= TF_CLOSED;
987 * Insert segment into the list (segments covered with new one will be deleted)
989 * Called from tcp_receive()
992 tcp_oos_insert_segment(struct tcp_seg *cseg, struct tcp_seg *next)
994 struct tcp_seg *old_seg;
996 if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
997 /* received segment overlaps all following segments */
1001 /* delete some following segments
1002 oos queue may have segments with FIN flag */
1004 TCP_SEQ_GEQ((seqno + cseg->len),
1005 (next->tcphdr->seqno + next->len))) {
1006 /* cseg with FIN already processed */
1007 if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
1008 TCPH_SET_FLAG(cseg->tcphdr, TCP_FIN);
1012 tcp_seg_free(old_seg);
1015 TCP_SEQ_GT(seqno + cseg->len, next->tcphdr->seqno)) {
1016 /* We need to trim the incoming segment. */
1017 cseg->len = (u16_t)(next->tcphdr->seqno - seqno);
1018 pbuf_realloc(cseg->p, cseg->len);
1023 #endif /* TCP_QUEUE_OOSEQ */
1026 * Called by tcp_process. Checks if the given segment is an ACK for outstanding
1027 * data, and if so frees the memory of the buffered data. Next, it places the
1028 * segment on any of the receive queues (pcb->recved or pcb->ooseq). If the segment
1029 * is buffered, the pbuf is referenced by pbuf_ref so that it will not be freed until
1030 * it has been removed from the buffer.
1032 * If the incoming segment constitutes an ACK for a segment that was used for RTT
1033 * estimation, the RTT is estimated here as well.
1035 * Called from tcp_process().
1038 tcp_receive(struct tcp_pcb *pcb)
1040 struct tcp_seg *next;
1042 struct tcp_seg *prev, *cseg;
1043 #endif /* TCP_QUEUE_OOSEQ */
1046 u32_t right_wnd_edge;
1048 int found_dupack = 0;
1049 #if TCP_OOSEQ_MAX_BYTES || TCP_OOSEQ_MAX_PBUFS
1052 #endif /* TCP_OOSEQ_MAX_BYTES || TCP_OOSEQ_MAX_PBUFS */
1054 LWIP_ASSERT("tcp_receive: wrong state", pcb->state >= ESTABLISHED);
1056 if (flags & TCP_ACK) {
1057 right_wnd_edge = pcb->snd_wnd + pcb->snd_wl2;
1059 /* Update window. */
1060 if (TCP_SEQ_LT(pcb->snd_wl1, seqno) ||
1061 (pcb->snd_wl1 == seqno && TCP_SEQ_LT(pcb->snd_wl2, ackno)) ||
1062 (pcb->snd_wl2 == ackno && (u32_t)SND_WND_SCALE(pcb, tcphdr->wnd) > pcb->snd_wnd)) {
1063 pcb->snd_wnd = SND_WND_SCALE(pcb, tcphdr->wnd);
1064 /* keep track of the biggest window announced by the remote host to calculate
1065 the maximum segment size */
1066 if (pcb->snd_wnd_max < pcb->snd_wnd) {
1067 pcb->snd_wnd_max = pcb->snd_wnd;
1069 pcb->snd_wl1 = seqno;
1070 pcb->snd_wl2 = ackno;
1071 if (pcb->snd_wnd == 0) {
1072 if (pcb->persist_backoff == 0) {
1073 /* start persist timer */
1074 pcb->persist_cnt = 0;
1075 pcb->persist_backoff = 1;
1077 } else if (pcb->persist_backoff > 0) {
1078 /* stop persist timer */
1079 pcb->persist_backoff = 0;
1081 LWIP_DEBUGF(TCP_WND_DEBUG, ("tcp_receive: window update %"TCPWNDSIZE_F"\n", pcb->snd_wnd));
1084 if (pcb->snd_wnd != (tcpwnd_size_t)SND_WND_SCALE(pcb, tcphdr->wnd)) {
1085 LWIP_DEBUGF(TCP_WND_DEBUG,
1086 ("tcp_receive: no window update lastack %"U32_F" ackno %"
1087 U32_F" wl1 %"U32_F" seqno %"U32_F" wl2 %"U32_F"\n",
1088 pcb->lastack, ackno, pcb->snd_wl1, seqno, pcb->snd_wl2));
1090 #endif /* TCP_WND_DEBUG */
1093 /* (From Stevens TCP/IP Illustrated Vol II, p970.) Its only a
1095 * 1) It doesn't ACK new data
1096 * 2) length of received packet is zero (i.e. no payload)
1097 * 3) the advertised window hasn't changed
1098 * 4) There is outstanding unacknowledged data (retransmission timer running)
1099 * 5) The ACK is == biggest ACK sequence number so far seen (snd_una)
1101 * If it passes all five, should process as a dupack:
1102 * a) dupacks < 3: do nothing
1103 * b) dupacks == 3: fast retransmit
1104 * c) dupacks > 3: increase cwnd
1106 * If it only passes 1-3, should reset dupack counter (and add to
1107 * stats, which we don't do in lwIP)
1109 * If it only passes 1, should reset dupack counter
1114 if (TCP_SEQ_LEQ(ackno, pcb->lastack)) {
1118 if (pcb->snd_wl2 + pcb->snd_wnd == right_wnd_edge) {
1120 if (pcb->rtime >= 0) {
1122 if (pcb->lastack == ackno) {
1124 if ((u8_t)(pcb->dupacks + 1) > pcb->dupacks) {
1127 if (pcb->dupacks > 3) {
1128 /* Inflate the congestion window, but not if it means that
1129 the value overflows. */
1130 if ((tcpwnd_size_t)(pcb->cwnd + pcb->mss) > pcb->cwnd) {
1131 pcb->cwnd += pcb->mss;
1133 } else if (pcb->dupacks == 3) {
1134 /* Do fast retransmit */
1135 tcp_rexmit_fast(pcb);
1141 /* If Clause (1) or more is true, but not a duplicate ack, reset
1142 * count of consecutive duplicate acks */
1143 if (!found_dupack) {
1146 } else if (TCP_SEQ_BETWEEN(ackno, pcb->lastack+1, pcb->snd_nxt)) {
1147 /* We come here when the ACK acknowledges new data. */
1149 /* Reset the "IN Fast Retransmit" flag, since we are no longer
1150 in fast retransmit. Also reset the congestion window to the
1151 slow start threshold. */
1152 if (pcb->flags & TF_INFR) {
1153 pcb->flags &= ~TF_INFR;
1154 pcb->cwnd = pcb->ssthresh;
1157 /* Reset the number of retransmissions. */
1160 /* Reset the retransmission time-out. */
1161 pcb->rto = (pcb->sa >> 3) + pcb->sv;
1163 /* Reset the fast retransmit variables. */
1165 pcb->lastack = ackno;
1167 /* Update the congestion control variables (cwnd and
1169 if (pcb->state >= ESTABLISHED) {
1170 if (pcb->cwnd < pcb->ssthresh) {
1171 if ((tcpwnd_size_t)(pcb->cwnd + pcb->mss) > pcb->cwnd) {
1172 pcb->cwnd += pcb->mss;
1174 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: slow start cwnd %"TCPWNDSIZE_F"\n", pcb->cwnd));
1176 tcpwnd_size_t new_cwnd = (pcb->cwnd + pcb->mss * pcb->mss / pcb->cwnd);
1177 if (new_cwnd > pcb->cwnd) {
1178 pcb->cwnd = new_cwnd;
1180 LWIP_DEBUGF(TCP_CWND_DEBUG, ("tcp_receive: congestion avoidance cwnd %"TCPWNDSIZE_F"\n", pcb->cwnd));
1183 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: ACK for %"U32_F", unacked->seqno %"U32_F":%"U32_F"\n",
1185 pcb->unacked != NULL?
1186 lwip_ntohl(pcb->unacked->tcphdr->seqno): 0,
1187 pcb->unacked != NULL?
1188 lwip_ntohl(pcb->unacked->tcphdr->seqno) + TCP_TCPLEN(pcb->unacked): 0));
1190 /* Remove segment from the unacknowledged list if the incoming
1191 ACK acknowledges them. */
1192 while (pcb->unacked != NULL &&
1193 TCP_SEQ_LEQ(lwip_ntohl(pcb->unacked->tcphdr->seqno) +
1194 TCP_TCPLEN(pcb->unacked), ackno)) {
1195 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: removing %"U32_F":%"U32_F" from pcb->unacked\n",
1196 lwip_ntohl(pcb->unacked->tcphdr->seqno),
1197 lwip_ntohl(pcb->unacked->tcphdr->seqno) +
1198 TCP_TCPLEN(pcb->unacked)));
1200 next = pcb->unacked;
1201 pcb->unacked = pcb->unacked->next;
1203 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_receive: queuelen %"TCPWNDSIZE_F" ... ", (tcpwnd_size_t)pcb->snd_queuelen));
1204 LWIP_ASSERT("pcb->snd_queuelen >= pbuf_clen(next->p)", (pcb->snd_queuelen >= pbuf_clen(next->p)));
1206 pcb->snd_queuelen -= pbuf_clen(next->p);
1207 recv_acked += next->len;
1210 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("%"TCPWNDSIZE_F" (after freeing unacked)\n", (tcpwnd_size_t)pcb->snd_queuelen));
1211 if (pcb->snd_queuelen != 0) {
1212 LWIP_ASSERT("tcp_receive: valid queue length", pcb->unacked != NULL ||
1213 pcb->unsent != NULL);
1217 /* If there's nothing left to acknowledge, stop the retransmit
1218 timer, otherwise reset it to start again */
1219 if (pcb->unacked == NULL) {
1227 #if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
1228 if (ip_current_is_v6()) {
1229 /* Inform neighbor reachability of forward progress. */
1230 nd6_reachability_hint(ip6_current_src_addr());
1232 #endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
1234 /* Out of sequence ACK, didn't really ack anything */
1235 tcp_send_empty_ack(pcb);
1238 /* We go through the ->unsent list to see if any of the segments
1239 on the list are acknowledged by the ACK. This may seem
1240 strange since an "unsent" segment shouldn't be acked. The
1241 rationale is that lwIP puts all outstanding segments on the
1242 ->unsent list after a retransmission, so these segments may
1243 in fact have been sent once. */
1244 while (pcb->unsent != NULL &&
1245 TCP_SEQ_BETWEEN(ackno, lwip_ntohl(pcb->unsent->tcphdr->seqno) +
1246 TCP_TCPLEN(pcb->unsent), pcb->snd_nxt)) {
1247 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: removing %"U32_F":%"U32_F" from pcb->unsent\n",
1248 lwip_ntohl(pcb->unsent->tcphdr->seqno), lwip_ntohl(pcb->unsent->tcphdr->seqno) +
1249 TCP_TCPLEN(pcb->unsent)));
1252 pcb->unsent = pcb->unsent->next;
1254 if (pcb->unsent == NULL) {
1255 pcb->unsent_oversize = 0;
1257 #endif /* TCP_OVERSIZE */
1258 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("tcp_receive: queuelen %"TCPWNDSIZE_F" ... ", (tcpwnd_size_t)pcb->snd_queuelen));
1259 LWIP_ASSERT("pcb->snd_queuelen >= pbuf_clen(next->p)", (pcb->snd_queuelen >= pbuf_clen(next->p)));
1260 /* Prevent ACK for FIN to generate a sent event */
1261 pcb->snd_queuelen -= pbuf_clen(next->p);
1262 recv_acked += next->len;
1264 LWIP_DEBUGF(TCP_QLEN_DEBUG, ("%"TCPWNDSIZE_F" (after freeing unsent)\n", (tcpwnd_size_t)pcb->snd_queuelen));
1265 if (pcb->snd_queuelen != 0) {
1266 LWIP_ASSERT("tcp_receive: valid queue length",
1267 pcb->unacked != NULL || pcb->unsent != NULL);
1270 pcb->snd_buf += recv_acked;
1271 /* End of ACK for new data processing. */
1273 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: pcb->rttest %"U32_F" rtseq %"U32_F" ackno %"U32_F"\n",
1274 pcb->rttest, pcb->rtseq, ackno));
1276 /* RTT estimation calculations. This is done by checking if the
1277 incoming segment acknowledges the segment we use to take a
1278 round-trip time measurement. */
1279 if (pcb->rttest && TCP_SEQ_LT(pcb->rtseq, ackno)) {
1280 /* diff between this shouldn't exceed 32K since this are tcp timer ticks
1281 and a round-trip shouldn't be that long... */
1282 m = (s16_t)(tcp_ticks - pcb->rttest);
1284 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: experienced rtt %"U16_F" ticks (%"U16_F" msec).\n",
1285 m, (u16_t)(m * TCP_SLOW_INTERVAL)));
1287 /* This is taken directly from VJs original code in his paper */
1288 m = m - (pcb->sa >> 3);
1293 m = m - (pcb->sv >> 2);
1295 pcb->rto = (pcb->sa >> 3) + pcb->sv;
1297 LWIP_DEBUGF(TCP_RTO_DEBUG, ("tcp_receive: RTO %"U16_F" (%"U16_F" milliseconds)\n",
1298 pcb->rto, (u16_t)(pcb->rto * TCP_SLOW_INTERVAL)));
1304 /* If the incoming segment contains data, we must process it
1305 further unless the pcb already received a FIN.
1306 (RFC 793, chapter 3.9, "SEGMENT ARRIVES" in states CLOSE-WAIT, CLOSING,
1307 LAST-ACK and TIME-WAIT: "Ignore the segment text.") */
1308 if ((tcplen > 0) && (pcb->state < CLOSE_WAIT)) {
1309 /* This code basically does three things:
1311 +) If the incoming segment contains data that is the next
1312 in-sequence data, this data is passed to the application. This
1313 might involve trimming the first edge of the data. The rcv_nxt
1314 variable and the advertised window are adjusted.
1316 +) If the incoming segment has data that is above the next
1317 sequence number expected (->rcv_nxt), the segment is placed on
1318 the ->ooseq queue. This is done by finding the appropriate
1319 place in the ->ooseq queue (which is ordered by sequence
1320 number) and trim the segment in both ends if needed. An
1321 immediate ACK is sent to indicate that we received an
1322 out-of-sequence segment.
1324 +) Finally, we check if the first segment on the ->ooseq queue
1325 now is in sequence (i.e., if rcv_nxt >= ooseq->seqno). If
1326 rcv_nxt > ooseq->seqno, we must trim the first edge of the
1327 segment on ->ooseq before we adjust rcv_nxt. The data in the
1328 segments that are now on sequence are chained onto the
1329 incoming segment so that we only need to call the application
1333 /* First, we check if we must trim the first edge. We have to do
1334 this if the sequence number of the incoming segment is less
1335 than rcv_nxt, and the sequence number plus the length of the
1336 segment is larger than rcv_nxt. */
1337 /* if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)) {
1338 if (TCP_SEQ_LT(pcb->rcv_nxt, seqno + tcplen)) {*/
1339 if (TCP_SEQ_BETWEEN(pcb->rcv_nxt, seqno + 1, seqno + tcplen - 1)) {
1340 /* Trimming the first edge is done by pushing the payload
1341 pointer in the pbuf downwards. This is somewhat tricky since
1342 we do not want to discard the full contents of the pbuf up to
1343 the new starting point of the data since we have to keep the
1344 TCP header which is present in the first pbuf in the chain.
1346 What is done is really quite a nasty hack: the first pbuf in
1347 the pbuf chain is pointed to by inseg.p. Since we need to be
1348 able to deallocate the whole pbuf, we cannot change this
1349 inseg.p pointer to point to any of the later pbufs in the
1350 chain. Instead, we point the ->payload pointer in the first
1351 pbuf to data in one of the later pbufs. We also set the
1352 inseg.data pointer to point to the right place. This way, the
1353 ->p pointer will still point to the first pbuf, but the
1354 ->p->payload pointer will point to data in another pbuf.
1356 After we are done with adjusting the pbuf pointers we must
1357 adjust the ->data pointer in the seg and the segment
1360 struct pbuf *p = inseg.p;
1361 off = pcb->rcv_nxt - seqno;
1362 LWIP_ASSERT("inseg.p != NULL", inseg.p);
1363 LWIP_ASSERT("insane offset!", (off < 0x7fff));
1364 if (inseg.p->len < off) {
1365 LWIP_ASSERT("pbuf too short!", (((s32_t)inseg.p->tot_len) >= off));
1366 new_tot_len = (u16_t)(inseg.p->tot_len - off);
1367 while (p->len < off) {
1369 /* KJM following line changed (with addition of new_tot_len var)
1371 inseg.p->tot_len -= p->len; */
1372 p->tot_len = new_tot_len;
1376 if (pbuf_header(p, (s16_t)-off)) {
1377 /* Do we need to cope with this failing? Assert for now */
1378 LWIP_ASSERT("pbuf_header failed", 0);
1381 if (pbuf_header(inseg.p, (s16_t)-off)) {
1382 /* Do we need to cope with this failing? Assert for now */
1383 LWIP_ASSERT("pbuf_header failed", 0);
1386 inseg.len -= (u16_t)(pcb->rcv_nxt - seqno);
1387 inseg.tcphdr->seqno = seqno = pcb->rcv_nxt;
1390 if (TCP_SEQ_LT(seqno, pcb->rcv_nxt)) {
1391 /* the whole segment is < rcv_nxt */
1392 /* must be a duplicate of a packet that has already been correctly handled */
1394 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: duplicate seqno %"U32_F"\n", seqno));
1399 /* The sequence number must be within the window (above rcv_nxt
1400 and below rcv_nxt + rcv_wnd) in order to be further
1402 if (TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt,
1403 pcb->rcv_nxt + pcb->rcv_wnd - 1)) {
1404 if (pcb->rcv_nxt == seqno) {
1405 /* The incoming segment is the next in sequence. We check if
1406 we have to trim the end of the segment and update rcv_nxt
1407 and pass the data to the application. */
1408 tcplen = TCP_TCPLEN(&inseg);
1410 if (tcplen > pcb->rcv_wnd) {
1411 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1412 ("tcp_receive: other end overran receive window"
1413 "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
1414 seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
1415 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1416 /* Must remove the FIN from the header as we're trimming
1417 * that byte of sequence-space from the packet */
1418 TCPH_FLAGS_SET(inseg.tcphdr, TCPH_FLAGS(inseg.tcphdr) & ~(unsigned int)TCP_FIN);
1420 /* Adjust length of segment to fit in the window. */
1421 TCPWND_CHECK16(pcb->rcv_wnd);
1422 inseg.len = (u16_t)pcb->rcv_wnd;
1423 if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
1426 pbuf_realloc(inseg.p, inseg.len);
1427 tcplen = TCP_TCPLEN(&inseg);
1428 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd\n",
1429 (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
1432 /* Received in-sequence data, adjust ooseq data if:
1433 - FIN has been received or
1434 - inseq overlaps with ooseq */
1435 if (pcb->ooseq != NULL) {
1436 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1437 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1438 ("tcp_receive: received in-order FIN, binning ooseq queue\n"));
1439 /* Received in-order FIN means anything that was received
1440 * out of order must now have been received in-order, so
1441 * bin the ooseq queue */
1442 while (pcb->ooseq != NULL) {
1443 struct tcp_seg *old_ooseq = pcb->ooseq;
1444 pcb->ooseq = pcb->ooseq->next;
1445 tcp_seg_free(old_ooseq);
1449 /* Remove all segments on ooseq that are covered by inseg already.
1450 * FIN is copied from ooseq to inseg if present. */
1452 TCP_SEQ_GEQ(seqno + tcplen,
1453 next->tcphdr->seqno + next->len)) {
1454 /* inseg cannot have FIN here (already processed above) */
1455 if ((TCPH_FLAGS(next->tcphdr) & TCP_FIN) != 0 &&
1456 (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) == 0) {
1457 TCPH_SET_FLAG(inseg.tcphdr, TCP_FIN);
1458 tcplen = TCP_TCPLEN(&inseg);
1464 /* Now trim right side of inseg if it overlaps with the first
1465 * segment on ooseq */
1467 TCP_SEQ_GT(seqno + tcplen,
1468 next->tcphdr->seqno)) {
1469 /* inseg cannot have FIN here (already processed above) */
1470 inseg.len = (u16_t)(next->tcphdr->seqno - seqno);
1471 if (TCPH_FLAGS(inseg.tcphdr) & TCP_SYN) {
1474 pbuf_realloc(inseg.p, inseg.len);
1475 tcplen = TCP_TCPLEN(&inseg);
1476 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to ooseq queue\n",
1477 (seqno + tcplen) == next->tcphdr->seqno);
1482 #endif /* TCP_QUEUE_OOSEQ */
1484 pcb->rcv_nxt = seqno + tcplen;
1486 /* Update the receiver's (our) window. */
1487 LWIP_ASSERT("tcp_receive: tcplen > rcv_wnd\n", pcb->rcv_wnd >= tcplen);
1488 pcb->rcv_wnd -= tcplen;
1490 tcp_update_rcv_ann_wnd(pcb);
1492 /* If there is data in the segment, we make preparations to
1493 pass this up to the application. The ->recv_data variable
1494 is used for holding the pbuf that goes to the
1495 application. The code for reassembling out-of-sequence data
1496 chains its data on this pbuf as well.
1498 If the segment was a FIN, we set the TF_GOT_FIN flag that will
1499 be used to indicate to the application that the remote side has
1500 closed its end of the connection. */
1501 if (inseg.p->tot_len > 0) {
1502 recv_data = inseg.p;
1503 /* Since this pbuf now is the responsibility of the
1504 application, we delete our reference to it so that we won't
1505 (mistakingly) deallocate it. */
1508 if (TCPH_FLAGS(inseg.tcphdr) & TCP_FIN) {
1509 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: received FIN.\n"));
1510 recv_flags |= TF_GOT_FIN;
1514 /* We now check if we have segments on the ->ooseq queue that
1515 are now in sequence. */
1516 while (pcb->ooseq != NULL &&
1517 pcb->ooseq->tcphdr->seqno == pcb->rcv_nxt) {
1520 seqno = pcb->ooseq->tcphdr->seqno;
1522 pcb->rcv_nxt += TCP_TCPLEN(cseg);
1523 LWIP_ASSERT("tcp_receive: ooseq tcplen > rcv_wnd\n",
1524 pcb->rcv_wnd >= TCP_TCPLEN(cseg));
1525 pcb->rcv_wnd -= TCP_TCPLEN(cseg);
1527 tcp_update_rcv_ann_wnd(pcb);
1529 if (cseg->p->tot_len > 0) {
1530 /* Chain this pbuf onto the pbuf that we will pass to
1532 /* With window scaling, this can overflow recv_data->tot_len, but
1533 that's not a problem since we explicitly fix that before passing
1534 recv_data to the application. */
1536 pbuf_cat(recv_data, cseg->p);
1538 recv_data = cseg->p;
1542 if (TCPH_FLAGS(cseg->tcphdr) & TCP_FIN) {
1543 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_receive: dequeued FIN.\n"));
1544 recv_flags |= TF_GOT_FIN;
1545 if (pcb->state == ESTABLISHED) { /* force passive close or we can move to active close */
1546 pcb->state = CLOSE_WAIT;
1550 pcb->ooseq = cseg->next;
1553 #endif /* TCP_QUEUE_OOSEQ */
1556 /* Acknowledge the segment(s). */
1559 #if LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS
1560 if (ip_current_is_v6()) {
1561 /* Inform neighbor reachability of forward progress. */
1562 nd6_reachability_hint(ip6_current_src_addr());
1564 #endif /* LWIP_IPV6 && LWIP_ND6_TCP_REACHABILITY_HINTS*/
1567 /* We get here if the incoming segment is out-of-sequence. */
1568 tcp_send_empty_ack(pcb);
1570 /* We queue the segment on the ->ooseq queue. */
1571 if (pcb->ooseq == NULL) {
1572 pcb->ooseq = tcp_seg_copy(&inseg);
1574 /* If the queue is not empty, we walk through the queue and
1575 try to find a place where the sequence number of the
1576 incoming segment is between the sequence numbers of the
1577 previous and the next segment on the ->ooseq queue. That is
1578 the place where we put the incoming segment. If needed, we
1579 trim the second edges of the previous and the incoming
1580 segment so that it will fit into the sequence.
1582 If the incoming segment has the same sequence number as a
1583 segment on the ->ooseq queue, we discard the segment that
1584 contains less data. */
1587 for (next = pcb->ooseq; next != NULL; next = next->next) {
1588 if (seqno == next->tcphdr->seqno) {
1589 /* The sequence number of the incoming segment is the
1590 same as the sequence number of the segment on
1591 ->ooseq. We check the lengths to see which one to
1593 if (inseg.len > next->len) {
1594 /* The incoming segment is larger than the old
1595 segment. We replace some segments with the new
1597 cseg = tcp_seg_copy(&inseg);
1604 tcp_oos_insert_segment(cseg, next);
1608 /* Either the lengths are the same or the incoming
1609 segment was smaller than the old one; in either
1610 case, we ditch the incoming segment. */
1615 if (TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {
1616 /* The sequence number of the incoming segment is lower
1617 than the sequence number of the first segment on the
1618 queue. We put the incoming segment first on the
1620 cseg = tcp_seg_copy(&inseg);
1623 tcp_oos_insert_segment(cseg, next);
1628 /*if (TCP_SEQ_LT(prev->tcphdr->seqno, seqno) &&
1629 TCP_SEQ_LT(seqno, next->tcphdr->seqno)) {*/
1630 if (TCP_SEQ_BETWEEN(seqno, prev->tcphdr->seqno+1, next->tcphdr->seqno-1)) {
1631 /* The sequence number of the incoming segment is in
1632 between the sequence numbers of the previous and
1633 the next segment on ->ooseq. We trim trim the previous
1634 segment, delete next segments that included in received segment
1635 and trim received, if needed. */
1636 cseg = tcp_seg_copy(&inseg);
1638 if (TCP_SEQ_GT(prev->tcphdr->seqno + prev->len, seqno)) {
1639 /* We need to trim the prev segment. */
1640 prev->len = (u16_t)(seqno - prev->tcphdr->seqno);
1641 pbuf_realloc(prev->p, prev->len);
1644 tcp_oos_insert_segment(cseg, next);
1649 /* If the "next" segment is the last segment on the
1650 ooseq queue, we add the incoming segment to the end
1652 if (next->next == NULL &&
1653 TCP_SEQ_GT(seqno, next->tcphdr->seqno)) {
1654 if (TCPH_FLAGS(next->tcphdr) & TCP_FIN) {
1655 /* segment "next" already contains all data */
1658 next->next = tcp_seg_copy(&inseg);
1659 if (next->next != NULL) {
1660 if (TCP_SEQ_GT(next->tcphdr->seqno + next->len, seqno)) {
1661 /* We need to trim the last segment. */
1662 next->len = (u16_t)(seqno - next->tcphdr->seqno);
1663 pbuf_realloc(next->p, next->len);
1665 /* check if the remote side overruns our receive window */
1666 if (TCP_SEQ_GT((u32_t)tcplen + seqno, pcb->rcv_nxt + (u32_t)pcb->rcv_wnd)) {
1667 LWIP_DEBUGF(TCP_INPUT_DEBUG,
1668 ("tcp_receive: other end overran receive window"
1669 "seqno %"U32_F" len %"U16_F" right edge %"U32_F"\n",
1670 seqno, tcplen, pcb->rcv_nxt + pcb->rcv_wnd));
1671 if (TCPH_FLAGS(next->next->tcphdr) & TCP_FIN) {
1672 /* Must remove the FIN from the header as we're trimming
1673 * that byte of sequence-space from the packet */
1674 TCPH_FLAGS_SET(next->next->tcphdr, TCPH_FLAGS(next->next->tcphdr) & ~TCP_FIN);
1676 /* Adjust length of segment to fit in the window. */
1677 next->next->len = (u16_t)(pcb->rcv_nxt + pcb->rcv_wnd - seqno);
1678 pbuf_realloc(next->next->p, next->next->len);
1679 tcplen = TCP_TCPLEN(next->next);
1680 LWIP_ASSERT("tcp_receive: segment not trimmed correctly to rcv_wnd\n",
1681 (seqno + tcplen) == (pcb->rcv_nxt + pcb->rcv_wnd));
1690 #if TCP_OOSEQ_MAX_BYTES || TCP_OOSEQ_MAX_PBUFS
1691 /* Check that the data on ooseq doesn't exceed one of the limits
1692 and throw away everything above that limit. */
1696 for (next = pcb->ooseq; next != NULL; prev = next, next = next->next) {
1697 struct pbuf *p = next->p;
1698 ooseq_blen += p->tot_len;
1699 ooseq_qlen += pbuf_clen(p);
1700 if ((ooseq_blen > TCP_OOSEQ_MAX_BYTES) ||
1701 (ooseq_qlen > TCP_OOSEQ_MAX_PBUFS)) {
1702 /* too much ooseq data, dump this and everything after it */
1703 tcp_segs_free(next);
1705 /* first ooseq segment is too much, dump the whole queue */
1708 /* just dump 'next' and everything after it */
1714 #endif /* TCP_OOSEQ_MAX_BYTES || TCP_OOSEQ_MAX_PBUFS */
1715 #endif /* TCP_QUEUE_OOSEQ */
1718 /* The incoming segment is not within the window. */
1719 tcp_send_empty_ack(pcb);
1722 /* Segments with length 0 is taken care of here. Segments that
1723 fall out of the window are ACKed. */
1724 if (!TCP_SEQ_BETWEEN(seqno, pcb->rcv_nxt, pcb->rcv_nxt + pcb->rcv_wnd - 1)) {
1731 tcp_getoptbyte(void)
1733 if ((tcphdr_opt2 == NULL) || (tcp_optidx < tcphdr_opt1len)) {
1734 u8_t* opts = (u8_t *)tcphdr + TCP_HLEN;
1735 return opts[tcp_optidx++];
1737 u8_t idx = (u8_t)(tcp_optidx++ - tcphdr_opt1len);
1738 return tcphdr_opt2[idx];
1743 * Parses the options contained in the incoming segment.
1745 * Called from tcp_listen_input() and tcp_process().
1746 * Currently, only the MSS option is supported!
1748 * @param pcb the tcp_pcb for which a segment arrived
1751 tcp_parseopt(struct tcp_pcb *pcb)
1755 #if LWIP_TCP_TIMESTAMPS
1759 /* Parse the TCP MSS option, if present. */
1760 if (tcphdr_optlen != 0) {
1761 for (tcp_optidx = 0; tcp_optidx < tcphdr_optlen; ) {
1762 u8_t opt = tcp_getoptbyte();
1764 case LWIP_TCP_OPT_EOL:
1765 /* End of options. */
1766 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: EOL\n"));
1768 case LWIP_TCP_OPT_NOP:
1770 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: NOP\n"));
1772 case LWIP_TCP_OPT_MSS:
1773 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: MSS\n"));
1774 if (tcp_getoptbyte() != LWIP_TCP_OPT_LEN_MSS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_MSS) > tcphdr_optlen) {
1776 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1779 /* An MSS option with the right option length. */
1780 mss = (tcp_getoptbyte() << 8);
1781 mss |= tcp_getoptbyte();
1782 /* Limit the mss to the configured TCP_MSS and prevent division by zero */
1783 pcb->mss = ((mss > TCP_MSS) || (mss == 0)) ? TCP_MSS : mss;
1786 case LWIP_TCP_OPT_WS:
1787 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: WND_SCALE\n"));
1788 if (tcp_getoptbyte() != LWIP_TCP_OPT_LEN_WS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_WS) > tcphdr_optlen) {
1790 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1793 /* An WND_SCALE option with the right option length. */
1794 data = tcp_getoptbyte();
1795 /* If syn was received with wnd scale option,
1796 activate wnd scale opt, but only if this is not a retransmission */
1797 if ((flags & TCP_SYN) && !(pcb->flags & TF_WND_SCALE)) {
1798 pcb->snd_scale = data;
1799 if (pcb->snd_scale > 14U) {
1800 pcb->snd_scale = 14U;
1802 pcb->rcv_scale = TCP_RCV_SCALE;
1803 pcb->flags |= TF_WND_SCALE;
1804 /* window scaling is enabled, we can use the full receive window */
1805 LWIP_ASSERT("window not at default value", pcb->rcv_wnd == TCPWND_MIN16(TCP_WND));
1806 LWIP_ASSERT("window not at default value", pcb->rcv_ann_wnd == TCPWND_MIN16(TCP_WND));
1807 pcb->rcv_wnd = pcb->rcv_ann_wnd = TCP_WND;
1811 #if LWIP_TCP_TIMESTAMPS
1812 case LWIP_TCP_OPT_TS:
1813 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: TS\n"));
1814 if (tcp_getoptbyte() != LWIP_TCP_OPT_LEN_TS || (tcp_optidx - 2 + LWIP_TCP_OPT_LEN_TS) > tcphdr_optlen) {
1816 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1819 /* TCP timestamp option with valid length */
1820 tsval = tcp_getoptbyte();
1821 tsval |= (tcp_getoptbyte() << 8);
1822 tsval |= (tcp_getoptbyte() << 16);
1823 tsval |= (tcp_getoptbyte() << 24);
1824 if (flags & TCP_SYN) {
1825 pcb->ts_recent = lwip_ntohl(tsval);
1826 /* Enable sending timestamps in every segment now that we know
1827 the remote host supports it. */
1828 pcb->flags |= TF_TIMESTAMP;
1829 } else if (TCP_SEQ_BETWEEN(pcb->ts_lastacksent, seqno, seqno+tcplen)) {
1830 pcb->ts_recent = lwip_ntohl(tsval);
1832 /* Advance to next option (6 bytes already read) */
1833 tcp_optidx += LWIP_TCP_OPT_LEN_TS - 6;
1837 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: other\n"));
1838 data = tcp_getoptbyte();
1840 LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
1841 /* If the length field is zero, the options are malformed
1842 and we don't process them further. */
1845 /* All other options have a length field, so that we easily
1846 can skip past them. */
1847 tcp_optidx += data - 2;
1854 tcp_trigger_input_pcb_close(void)
1856 recv_flags |= TF_CLOSED;
1859 #endif /* LWIP_TCP */