Subversion Repositories or1k

/*

 * INET         An implementation of the TCP/IP protocol suite for the LINUX

 *              operating system.  INET is implemented using the  BSD Socket

 *              interface as the means of communication with the user level.

 *

 *              Implementation of the Transmission Control Protocol(TCP).

 *

 * Version:     @(#)tcp.c       1.0.16  05/25/93

 *

 * Authors:     Ross Biro, <bir7@leland.Stanford.Edu>

 *              Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>

 *              Mark Evans, <evansmp@uhura.aston.ac.uk>

 *              Corey Minyard <wf-rch!minyard@relay.EU.net>

 *              Florian La Roche, <flla@stud.uni-sb.de>

 *              Charles Hedrick, <hedrick@klinzhai.rutgers.edu>

 *              Linus Torvalds, <torvalds@cs.helsinki.fi>

 *              Alan Cox, <gw4pts@gw4pts.ampr.org>

 *              Matthew Dillon, <dillon@apollo.west.oic.com>

 *              Arnt Gulbrandsen, <agulbra@nvg.unit.no>

 *              Jorge Cwik, <jorge@laser.satlink.net>

 *

 * Fixes:

 *              Alan Cox        :       Numerous verify_area() calls

 *              Alan Cox        :       Set the ACK bit on a reset

 *              Alan Cox        :       Stopped it crashing if it closed while

 *                                      sk->inuse=1 and was trying to connect

 *                                      (tcp_err()).

 *              Alan Cox        :       All icmp error handling was broken

 *                                      pointers passed where wrong and the

 *                                      socket was looked up backwards. Nobody

 *                                      tested any icmp error code obviously.

 *              Alan Cox        :       tcp_err() now handled properly. It

 *                                      wakes people on errors. select

 *                                      behaves and the icmp error race

 *                                      has gone by moving it into sock.c

 *              Alan Cox        :       tcp_send_reset() fixed to work for

 *                                      everything not just packets for

 *                                      unknown sockets.

 *              Alan Cox        :       tcp option processing.

 *              Alan Cox        :       Reset tweaked (still not 100%) [Had

 *                                      syn rule wrong]

 *              Herp Rosmanith  :       More reset fixes

 *              Alan Cox        :       No longer acks invalid rst frames.

 *                                      Acking any kind of RST is right out.

 *              Alan Cox        :       Sets an ignore me flag on an rst

 *                                      receive otherwise odd bits of prattle

 *                                      escape still

 *              Alan Cox        :       Fixed another acking RST frame bug.

 *                                      Should stop LAN workplace lockups.

 *              Alan Cox        :       Some tidyups using the new skb list

 *                                      facilities

 *              Alan Cox        :       sk->keepopen now seems to work

 *              Alan Cox        :       Pulls options out correctly on accepts

 *              Alan Cox        :       Fixed assorted sk->rqueue->next errors

 *              Alan Cox        :       PSH doesn't end a TCP read. Switched a

 *                                      bit to skb ops.

 *              Alan Cox        :       Tidied tcp_data to avoid a potential

 *                                      nasty.

 *              Alan Cox        :       Added some better commenting, as the

 *                                      tcp is hard to follow

 *              Alan Cox        :       Removed incorrect check for 20 * psh

 *      Michael O'Reilly        :       ack < copied bug fix.

 *      Johannes Stille         :       Misc tcp fixes (not all in yet).

 *              Alan Cox        :       FIN with no memory -> CRASH

 *              Alan Cox        :       Added socket option proto entries.

 *                                      Also added awareness of them to accept.

 *              Alan Cox        :       Added TCP options (SOL_TCP)

 *              Alan Cox        :       Switched wakeup calls to callbacks,

 *                                      so the kernel can layer network

 *                                      sockets.

 *              Alan Cox        :       Use ip_tos/ip_ttl settings.

 *              Alan Cox        :       Handle FIN (more) properly (we hope).

 *              Alan Cox        :       RST frames sent on unsynchronised

 *                                      state ack error.

 *              Alan Cox        :       Put in missing check for SYN bit.

 *              Alan Cox        :       Added tcp_select_window() aka NET2E

 *                                      window non shrink trick.

 *              Alan Cox        :       Added a couple of small NET2E timer

 *                                      fixes

 *              Charles Hedrick :       TCP fixes

 *              Toomas Tamm     :       TCP window fixes

 *              Alan Cox        :       Small URG fix to rlogin ^C ack fight

 *              Charles Hedrick :       Rewrote most of it to actually work

 *              Linus           :       Rewrote tcp_read() and URG handling

 *                                      completely

 *              Gerhard Koerting:       Fixed some missing timer handling

 *              Matthew Dillon  :       Reworked TCP machine states as per RFC

 *              Gerhard Koerting:       PC/TCP workarounds

 *              Adam Caldwell   :       Assorted timer/timing errors

 *              Matthew Dillon  :       Fixed another RST bug

 *              Alan Cox        :       Move to kernel side addressing changes.

 *              Alan Cox        :       Beginning work on TCP fastpathing

 *                                      (not yet usable)

 *              Arnt Gulbrandsen:       Turbocharged tcp_check() routine.

 *              Alan Cox        :       TCP fast path debugging

 *              Alan Cox        :       Window clamping

 *              Michael Riepe   :       Bug in tcp_check()

 *              Matt Dillon     :       More TCP improvements and RST bug fixes

 *              Matt Dillon     :       Yet more small nasties remove from the

 *                                      TCP code (Be very nice to this man if

 *                                      tcp finally works 100%) 8)

 *              Alan Cox        :       BSD accept semantics.

 *              Alan Cox        :       Reset on closedown bug.

 *      Peter De Schrijver      :       ENOTCONN check missing in tcp_sendto().

 *              Michael Pall    :       Handle select() after URG properly in

 *                                      all cases.

 *              Michael Pall    :       Undo the last fix in tcp_read_urg()

 *                                      (multi URG PUSH broke rlogin).

 *              Michael Pall    :       Fix the multi URG PUSH problem in

 *                                      tcp_readable(), select() after URG

 *                                      works now.

 *              Michael Pall    :       recv(...,MSG_OOB) never blocks in the

 *                                      BSD api.

 *              Alan Cox        :       Changed the semantics of sk->socket to

 *                                      fix a race and a signal problem with

 *                                      accept() and async I/O.

 *              Alan Cox        :       Relaxed the rules on tcp_sendto().

 *              Yury Shevchuk   :       Really fixed accept() blocking problem.

 *              Craig I. Hagan  :       Allow for BSD compatible TIME_WAIT for

 *                                      clients/servers which listen in on

 *                                      fixed ports.

 *              Alan Cox        :       Cleaned the above up and shrank it to

 *                                      a sensible code size.

 *              Alan Cox        :       Self connect lockup fix.

 *              Alan Cox        :       No connect to multicast.

 *              Ross Biro       :       Close unaccepted children on master

 *                                      socket close.

 *              Alan Cox        :       Reset tracing code.

 *              Alan Cox        :       Spurious resets on shutdown.

 *              Alan Cox        :       Giant 15 minute/60 second timer error

 *              Alan Cox        :       Small whoops in selecting before an

 *                                      accept.

 *              Alan Cox        :       Kept the state trace facility since

 *                                      it's handy for debugging.

 *              Alan Cox        :       More reset handler fixes.

 *              Alan Cox        :       Started rewriting the code based on

 *                                      the RFC's for other useful protocol

 *                                      references see: Comer, KA9Q NOS, and

 *                                      for a reference on the difference

 *                                      between specifications and how BSD

 *                                      works see the 4.4lite source.

 *              A.N.Kuznetsov   :       Don't time wait on completion of tidy

 *                                      close.

 *              Linus Torvalds  :       Fin/Shutdown & copied_seq changes.

 *              Linus Torvalds  :       Fixed BSD port reuse to work first syn

 *              Alan Cox        :       Reimplemented timers as per the RFC

 *                                      and using multiple timers for sanity.

 *              Alan Cox        :       Small bug fixes, and a lot of new

 *                                      comments.

 *              Alan Cox        :       Fixed dual reader crash by locking

 *                                      the buffers (much like datagram.c)

 *              Alan Cox        :       Fixed stuck sockets in probe. A probe

 *                                      now gets fed up of retrying without

 *                                      (even a no space) answer.

 *              Alan Cox        :       Extracted closing code better

 *              Alan Cox        :       Fixed the closing state machine to

 *                                      resemble the RFC.

 *              Alan Cox        :       More 'per spec' fixes.

 *              Jorge Cwik      :       Even faster checksumming.

 *              Alan Cox        :       tcp_data() doesn't ack illegal PSH

 *                                      only frames. At least one pc tcp stack

 *                                      generates them.

 *              Alan Cox        :       Cache last socket.

 *              Alan Cox        :       Per route irtt.

 *              Matt Day        :       Select() match BSD precisely on error

 *              Alan Cox        :       New buffers

 *              Marc Tamsky     :       Various sk->prot->retransmits and

 *                                      sk->retransmits misupdating fixed.

 *                                      Fixed tcp_write_timeout: stuck close,

 *                                      and TCP syn retries gets used now.

 *              Mark Yarvis     :       In tcp_read_wakeup(), don't send an

 *                                      ack if stat is TCP_CLOSED.

 *              Alan Cox        :       Look up device on a retransmit - routes may

 *                                      change. Doesn't yet cope with MSS shrink right

 *                                      but it's a start!

 *              Marc Tamsky     :       Closing in closing fixes.

 *              Mike Shaver     :       RFC1122 verifications.

 *              Alan Cox        :       rcv_saddr errors.

 *              Alan Cox        :       Block double connect().

 *              Alan Cox        :       Small hooks for enSKIP.

 *              Alexey Kuznetsov:       Path MTU discovery.

 *              Alan Cox        :       Support soft errors.

 *              Alan Cox        :       Fix MTU discovery pathological case

 *                                      when the remote claims no mtu!

 *              Marc Tamsky     :       TCP_CLOSE fix.

 *              Colin (G3TNE)   :       Send a reset on syn ack replies in

 *                                      window but wrong (fixes NT lpd problems)

 *              Pedro Roque     :       Better TCP window handling, delayed ack.

 *              Joerg Reuter    :       No modification of locked buffers in

 *                                      tcp_do_retransmit()

 *              Eric Schenk     :       Changed receiver side silly window

 *                                      avoidance algorithm to BSD style

 *                                      algorithm. This doubles throughput

 *                                      against machines running Solaris,

 *                                      and seems to result in general

 *                                      improvement.

 *              Eric Schenk     :       Changed receiver side silly window

 *                                      avoidance algorithm to BSD style

 *                                      algorithm. This doubles throughput

 *                                      against machines running Solaris,

 *                                      and seems to result in general

 *                                      improvement.

 *      Stefan Magdalinski      :       adjusted tcp_readable() to fix FIONREAD

 *      Willy Konynenberg       :       Transparent proxying support.

 *              Theodore Ts'o   :       Do secure TCP sequence numbers.

 *              David S. Miller :       New socket lookup architecture for ISS.

 *                                      This code is dedicated to John Dyson.

 *              Elliot Poger    :       Added support for SO_BINDTODEVICE.

 *

 * To Fix:

 *              Fast path the code. Two things here - fix the window calculation

 *              so it doesn't iterate over the queue, also spot packets with no funny

 *              options arriving in order and process directly.

 *

 *              Rewrite output state machine to use a single queue.

 *              Speed up input assembly algorithm.

 *              RFC1323 - PAWS and window scaling. PAWS is required for IPv6 so we

 *              could do with it working on IPv4

 *              User settable/learned rtt/max window/mtu

 *

 *              Change the fundamental structure to a single send queue maintained

 *              by TCP (removing the bogus ip stuff [thus fixing mtu drops on

 *              active routes too]). Cut the queue off in tcp_retransmit/

 *              tcp_transmit.

 *              Change the receive queue to assemble as it goes. This lets us

 *              dispose of most of tcp_sequence, half of tcp_ack and chunks of

 *              tcp_data/tcp_read as well as the window shrink crud.

 *              Separate out duplicated code - tcp_alloc_skb, tcp_build_ack

 *              tcp_queue_skb seem obvious routines to extract.

 *

 *              This program is free software; you can redistribute it and/or

 *              modify it under the terms of the GNU General Public License

 *              as published by the Free Software Foundation; either version

 *              2 of the License, or(at your option) any later version.

 *

 * Description of States:

 *

 *      TCP_SYN_SENT            sent a connection request, waiting for ack

 *

 *      TCP_SYN_RECV            received a connection request, sent ack,

 *                              waiting for final ack in three-way handshake.

 *

 *      TCP_ESTABLISHED         connection established

 *

 *      TCP_FIN_WAIT1           our side has shutdown, waiting to complete

 *                              transmission of remaining buffered data

 *

 *      TCP_FIN_WAIT2           all buffered data sent, waiting for remote

 *                              to shutdown

 *

 *      TCP_CLOSING             both sides have shutdown but we still have

 *                              data we have to finish sending

 *

 *      TCP_TIME_WAIT           timeout to catch resent junk before entering

 *                              closed, can only be entered from FIN_WAIT2

 *                              or CLOSING.  Required because the other end

 *                              may not have gotten our last ACK causing it

 *                              to retransmit the data packet (which we ignore)

 *

 *      TCP_CLOSE_WAIT          remote side has shutdown and is waiting for

 *                              us to finish writing our data and to shutdown

 *                              (we have to close() to move on to LAST_ACK)

 *

 *      TCP_LAST_ACK            out side has shutdown after remote has

 *                              shutdown.  There may still be data in our

 *                              buffer that we have to finish sending

 *

 *      TCP_CLOSE               socket is finished

 */

/*

 * RFC1122 status:

 * NOTE: I'm not going to be doing comments in the code for this one except

 * for violations and the like.  tcp.c is just too big... If I say something

 * "does?" or "doesn't?", it means I'm not sure, and will have to hash it out

 * with Alan. -- MS 950903

 *

 * Use of PSH (4.2.2.2)

 *   MAY aggregate data sent without the PSH flag. (does)

 *   MAY queue data received without the PSH flag. (does)

 *   SHOULD collapse successive PSH flags when it packetizes data. (doesn't)

 *   MAY implement PSH on send calls. (doesn't, thus:)

 *     MUST NOT buffer data indefinitely (doesn't [1 second])

 *     MUST set PSH on last segment (does)

 *   MAY pass received PSH to application layer (doesn't)

 *   SHOULD send maximum-sized segment whenever possible. (almost always does)

 *

 * Window Size (4.2.2.3, 4.2.2.16)

 *   MUST treat window size as an unsigned number (does)

 *   SHOULD treat window size as a 32-bit number (does not)

 *   MUST NOT shrink window once it is offered (does not normally)

 *

 * Urgent Pointer (4.2.2.4)

 * **MUST point urgent pointer to last byte of urgent data (not right

 *     after). (doesn't, to be like BSD)

 *   MUST inform application layer asynchronously of incoming urgent

 *     data. (does)

 *   MUST provide application with means of determining the amount of

 *     urgent data pending. (does)

 * **MUST support urgent data sequence of arbitrary length. (doesn't, but

 *   it's sort of tricky to fix, as urg_ptr is a 16-bit quantity)

 *      [Follows BSD 1 byte of urgent data]

 *

 * TCP Options (4.2.2.5)

 *   MUST be able to receive TCP options in any segment. (does)

 *   MUST ignore unsupported options (does)

 *

 * Maximum Segment Size Option (4.2.2.6)

 *   MUST implement both sending and receiving MSS. (does)

 *   SHOULD send an MSS with every SYN where receive MSS != 536 (MAY send

 *     it always). (does, even when MSS == 536, which is legal)

 *   MUST assume MSS == 536 if no MSS received at connection setup (does)

 *   MUST calculate "effective send MSS" correctly:

 *     min(physical_MTU, remote_MSS+20) - sizeof(tcphdr) - sizeof(ipopts)

 *     (does - but allows operator override)

 *

 * TCP Checksum (4.2.2.7)

 *   MUST generate and check TCP checksum. (does)

 *

 * Initial Sequence Number Selection (4.2.2.8)

 *   MUST use the RFC 793 clock selection mechanism.  (doesn't, but it's

 *     OK: RFC 793 specifies a 250KHz clock, while we use 1MHz, which is

 *     necessary for 10Mbps networks - and harder than BSD to spoof!)

 *

 * Simultaneous Open Attempts (4.2.2.10)

 *   MUST support simultaneous open attempts (does)

 *

 * Recovery from Old Duplicate SYN (4.2.2.11)

 *   MUST keep track of active vs. passive open (does)

 *

 * RST segment (4.2.2.12)

 *   SHOULD allow an RST segment to contain data (does, but doesn't do

 *     anything with it, which is standard)

 *

 * Closing a Connection (4.2.2.13)

 *   MUST inform application of whether connection was closed by RST or

 *     normal close. (does)

 *   MAY allow "half-duplex" close (treat connection as closed for the

 *     local app, even before handshake is done). (does)

 *   MUST linger in TIME_WAIT for 2 * MSL (does)

 *

 * Retransmission Timeout (4.2.2.15)

 *   MUST implement Jacobson's slow start and congestion avoidance

 *     stuff. (does)

 *

 * Probing Zero Windows (4.2.2.17)

 *   MUST support probing of zero windows. (does)

 *   MAY keep offered window closed indefinitely. (does)

 *   MUST allow remote window to stay closed indefinitely. (does)

 *

 * Passive Open Calls (4.2.2.18)

 *   MUST NOT let new passive open affect other connections. (doesn't)

 *   MUST support passive opens (LISTENs) concurrently. (does)

 *

 * Time to Live (4.2.2.19)

 *   MUST make TCP TTL configurable. (does - IP_TTL option)

 *

 * Event Processing (4.2.2.20)

 *   SHOULD queue out-of-order segments. (does)

 *   MUST aggregate ACK segments whenever possible. (does but badly)

 *

 * Retransmission Timeout Calculation (4.2.3.1)

 *   MUST implement Karn's algorithm and Jacobson's algorithm for RTO

 *     calculation. (does, or at least explains them in the comments 8*b)

 *  SHOULD initialize RTO to 0 and RTT to 3. (does)

 *

 * When to Send an ACK Segment (4.2.3.2)

 *   SHOULD implement delayed ACK. (does)

 *   MUST keep ACK delay < 0.5 sec. (does)

 *

 * When to Send a Window Update (4.2.3.3)

 *   MUST implement receiver-side SWS. (does)

 *

 * When to Send Data (4.2.3.4)

 *   MUST implement sender-side SWS. (does)

 *   SHOULD implement Nagle algorithm. (does)

 *

 * TCP Connection Failures (4.2.3.5)

 *  MUST handle excessive retransmissions "properly" (see the RFC). (does)

 *   SHOULD inform application layer of soft errors. (does)

 *

 * TCP Keep-Alives (4.2.3.6)

 *   MAY provide keep-alives. (does)

 *   MUST make keep-alives configurable on a per-connection basis. (does)

 *   MUST default to no keep-alives. (does)

 * **MUST make keep-alive interval configurable. (doesn't)

 * **MUST make default keep-alive interval > 2 hours. (doesn't)

 *   MUST NOT interpret failure to ACK keep-alive packet as dead

 *     connection. (doesn't)

 *   SHOULD send keep-alive with no data. (does)

 *

 * TCP Multihoming (4.2.3.7)

 *   MUST get source address from IP layer before sending first

 *     SYN. (does)

 *   MUST use same local address for all segments of a connection. (does)

 *

 * IP Options (4.2.3.8)

 *   MUST ignore unsupported IP options. (does)

 *   MAY support Time Stamp and Record Route. (does)

 *   MUST allow application to specify a source route. (does)

 *   MUST allow received Source Route option to set route for all future

 *     segments on this connection. (does not (security issues))

 *

 * ICMP messages (4.2.3.9)

 *   MUST act on ICMP errors. (does)

 *   MUST slow transmission upon receipt of a Source Quench. (does)

 *   MUST NOT abort connection upon receipt of soft Destination

 *     Unreachables (0, 1, 5), Time Exceededs and Parameter

 *     Problems. (doesn't)

 *   SHOULD report soft Destination Unreachables etc. to the

 *     application. (does)

 *   SHOULD abort connection upon receipt of hard Destination Unreachable

 *     messages (2, 3, 4). (does)

 *

 * Remote Address Validation (4.2.3.10)

 *   MUST reject as an error OPEN for invalid remote IP address. (does)

 *   MUST ignore SYN with invalid source address. (does)

 *   MUST silently discard incoming SYN for broadcast/multicast

 *     address. (does)

 *

 * Asynchronous Reports (4.2.4.1)

 * MUST provide mechanism for reporting soft errors to application

 *     layer. (does)

 *

 * Type of Service (4.2.4.2)

 *   MUST allow application layer to set Type of Service. (does IP_TOS)

 *

 * (Whew. -- MS 950903)

 **/

#include <linux/config.h>

#include <linux/types.h>

#include <linux/fcntl.h>

#include <linux/random.h>

#include <net/icmp.h>

#include <net/tcp.h>

#include <asm/segment.h>

unsigned long seq_offset;

struct tcp_mib  tcp_statistics;

/* This is for sockets with full identity only.  Sockets here will always

 * be without wildcards and will have the following invariant:

 *          TCP_ESTABLISHED <= sk->state < TCP_CLOSE

 */

struct sock *tcp_established_hash[TCP_HTABLE_SIZE];

/* All sockets in TCP_LISTEN state will be in here.  This is the only table

 * where wildcard'd TCP sockets can exist.  Hash function here is just local

 * port number.  XXX Fix or we'll lose with thousands of IP aliases...

 */

struct sock *tcp_listening_hash[TCP_LHTABLE_SIZE];

/* Ok, let's try this, I give up, we do need a local binding

 * TCP hash as well as the others for fast bind/connect.

 */

struct sock *tcp_bound_hash[TCP_BHTABLE_SIZE];

extern struct sock *tcp_v4_lookup(u32 saddr, u16 sport, u32 daddr, u16 dport);

static int tcp_v4_verify_bind(struct sock *sk, unsigned short snum)

{

        struct sock *sk2;

        int retval = 0, sk_reuse = sk->reuse;

        SOCKHASH_LOCK();

        sk2 = tcp_bound_hash[tcp_bhashfn(snum)];

        for(; sk2 != NULL; sk2 = sk2->bind_next) {

                if((sk2->num == snum) && (sk2 != sk)) {

                        unsigned char state = sk2->state;

                        int sk2_reuse = sk2->reuse;

                        /* Two sockets can be bound to the same port if they're

                         * bound to different interfaces... */

                        if (sk->bound_device != sk2->bound_device)

                                continue;

                        if(!sk2->rcv_saddr || !sk->rcv_saddr) {

                                if((!sk2_reuse)                 ||

                                   (!sk_reuse)                  ||

                                   (state == TCP_LISTEN)) {

                                        retval = 1;

                                        break;

                                }

                        } else if(sk2->rcv_saddr == sk->rcv_saddr) {

                                if((!sk_reuse)                  ||

                                   (!sk2_reuse)                 ||

                                   (state == TCP_LISTEN)) {

                                        retval = 1;

                                        break;

                                }

                        }

                }

        }

        SOCKHASH_UNLOCK();

        return retval;

}

static __inline__ int tcp_lport_inuse(int num)

{

        struct sock *sk = tcp_bound_hash[tcp_bhashfn(num)];

        for(; sk != NULL; sk = sk->bind_next) {

                if(sk->num == num)

                        return 1;

        }

        return 0;

}

/* Find a "good" local port, this is family independant.

 * There are several strategies working in unison here to

 * get the best possible performance.  The current socket

 * load is kept track of, if it is zero there is a strong

 * likely hood that there is a zero length chain we will

 * find with a small amount of searching, else the load is

 * what we shoot for when the chains all have at least

 * one entry.  The base helps us walk the chains in an

 * order such that a good chain is found as quickly as possible.  -DaveM

 */

unsigned short tcp_good_socknum(void)

{

        static int start = PROT_SOCK;

        static int binding_contour = 0;

        int best = 0;

        int size = 32767; /* a big num. */

        int retval = 0, i, end, bc;

        SOCKHASH_LOCK();

        i = tcp_bhashfn(start);

        end = i + TCP_BHTABLE_SIZE;

        bc = binding_contour;

        do {

                struct sock *sk = tcp_bound_hash[i&(TCP_BHTABLE_SIZE-1)];

                if(!sk) {

                        /* find the smallest value no smaller than start

                         * that has this hash value.

                         */

                        retval = tcp_bhashnext(start-1,i&(TCP_BHTABLE_SIZE-1));

                        /* Check for decreasing load. */

                        if (bc != 0)

                                binding_contour = 0;

                        goto done;

                } else {

                        int j = 0;

                        do { sk = sk->bind_next; } while (++j < size && sk);

                        if (j < size) {

                                best = i&(TCP_BHTABLE_SIZE-1);

                                size = j;

                                if (bc && size <= bc) {

                                        i = best;

                                        goto verify;

                                }

                        }

                }

        } while(++i != end);

        i = best;

        /* Socket load is increasing, adjust our load average. */

        binding_contour = size;

verify:

        if (size < binding_contour)

                binding_contour = size;

        retval = tcp_bhashnext(start-1,i);

        best = retval;  /* mark the starting point to avoid infinite loops */

        while(tcp_lport_inuse(retval)) {

                retval = tcp_bhashnext(retval,i);

                if (retval > 32767)     /* Upper bound */

                        retval = tcp_bhashnext(PROT_SOCK,i);

                if (retval == best) {

                        /* This hash chain is full. No answer. */

                        retval = 0;

                        break;

                }

        }

done:

        start = (retval + 1);

        if (start > 32767 || start < PROT_SOCK)

                start = PROT_SOCK;

        SOCKHASH_UNLOCK();

        return retval;

}

void tcp_v4_hash(struct sock *sk)

{

        unsigned char state;

        SOCKHASH_LOCK();

        state = sk->state;

        if(state != TCP_CLOSE || !sk->dead) {

                struct sock **skp;

                if(state == TCP_LISTEN)

                        skp = &tcp_listening_hash[tcp_sk_listen_hashfn(sk)];

                else

                        skp = &tcp_established_hash[tcp_sk_hashfn(sk)];

                if((sk->next = *skp) != NULL)

                        (*skp)->pprev = &sk->next;

                *skp = sk;

                sk->pprev = skp;

                tcp_sk_bindify(sk);

        }

        SOCKHASH_UNLOCK();

}

void tcp_v4_unhash(struct sock *sk)

{

        SOCKHASH_LOCK();

        if(sk->pprev) {

                if(sk->next)

                        sk->next->pprev = sk->pprev;

                *sk->pprev = sk->next;

                sk->pprev = NULL;

                tcp_sk_unbindify(sk);

        }

        SOCKHASH_UNLOCK();

}

void tcp_v4_rehash(struct sock *sk)

{

        unsigned char state;

        SOCKHASH_LOCK();

        state = sk->state;

        if(sk->pprev) {

                if(sk->next)

                        sk->next->pprev = sk->pprev;

                *sk->pprev = sk->next;

                sk->pprev = NULL;

                tcp_sk_unbindify(sk);

        }

        if(state != TCP_CLOSE || !sk->dead) {

                struct sock **skp;

                if(state == TCP_LISTEN)

                        skp = &tcp_listening_hash[tcp_sk_listen_hashfn(sk)];

                else

                        skp = &tcp_established_hash[tcp_sk_hashfn(sk)];

                if((sk->next = *skp) != NULL)

                        (*skp)->pprev = &sk->next;

                *skp = sk;

                sk->pprev = skp;

                tcp_sk_bindify(sk);

        }

        SOCKHASH_UNLOCK();

}

static void tcp_close(struct sock *sk, unsigned long timeout);

/*

 *      Find someone to 'accept'. Must be called with

 *      the socket locked or with interrupts disabled

 */

static struct sk_buff *tcp_find_established(struct sock *s)

{

        struct sk_buff *p=skb_peek(&s->receive_queue);

        if(p==NULL)

                return NULL;

        do

        {

                if(p->sk->state == TCP_ESTABLISHED || p->sk->state >= TCP_FIN_WAIT1)

                        return p;

                p=p->next;

        }

        while(p!=(struct sk_buff *)&s->receive_queue);

        return NULL;

}

/*

 *      This routine closes sockets which have been at least partially

 *      opened, but not yet accepted. Currently it is only called by

 *      tcp_close, and timeout mirrors the value there.

 */

static void tcp_close_pending (struct sock *sk)

{

        struct sk_buff *skb;

        while ((skb = skb_dequeue(&sk->receive_queue)) != NULL)

        {

                tcp_close(skb->sk, 0);

                kfree_skb(skb, FREE_READ);

        }

        return;

}

/*

 *      Enter the time wait state.

 */

void tcp_time_wait(struct sock *sk)

{

        tcp_set_state(sk,TCP_TIME_WAIT);

        sk->shutdown = SHUTDOWN_MASK;

        if (!sk->dead)

                sk->state_change(sk);

        tcp_reset_msl_timer(sk, TIME_CLOSE, TCP_TIMEWAIT_LEN);

}

/*

 * This routine is called by the ICMP module when it gets some

 * sort of error condition.  If err < 0 then the socket should

 * be closed and the error returned to the user.  If err > 0

 * it's just the icmp type << 8 | icmp code.  After adjustment

 * header points to the first 8 bytes of the tcp header.  We need

 * to find the appropriate port.

 */

void tcp_err(int type, int code, unsigned char *header, __u32 daddr,

        __u32 saddr, struct inet_protocol *protocol, int len)

{

        struct tcphdr *th = (struct tcphdr *)header;

        struct sock *sk;

        /*

         *      This one is _WRONG_. FIXME urgently.

         */

#ifndef CONFIG_NO_PATH_MTU_DISCOVERY

        struct iphdr *iph=(struct iphdr *)(header-sizeof(struct iphdr));

#endif

        th =(struct tcphdr *)header;

        if (len < 8)    /* NOT sizeof(struct tcphdr) */

                return;

        sk = tcp_v4_lookup(daddr, th->dest, saddr, th->source);

        if (sk == NULL)

                return;

        if (type == ICMP_SOURCE_QUENCH)

        {

                /* Current practice says these frames are bad, plus the drops

                   will account right anyway. If we act on this we stall doubly */

                return;

        }

        if (type == ICMP_PARAMETERPROB)

        {

                sk->err=EPROTO;

                sk->error_report(sk);

        }

#ifndef CONFIG_NO_PATH_MTU_DISCOVERY

        if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED)

        {

                struct rtable * rt;

                /*

                 * Ugly trick to pass MTU to protocol layer.

                 * Really we should add argument "info" to error handler.

                 */

                unsigned short new_mtu = ntohs(iph->id);

                if ((rt = sk->ip_route_cache) != NULL)

                        if (rt->rt_mtu > new_mtu)

                                rt->rt_mtu = new_mtu;

                /*

                 *      FIXME::

                 *      Not the nicest of fixes: Lose a MTU update if the socket is

                 *      locked this instant. Not the right answer but will be best

                 *      for the production fix. Make 2.1 work right!

                 */

                if (sk->mtu > new_mtu - sizeof(struct iphdr) - sizeof(struct tcphdr)

                        && new_mtu > sizeof(struct iphdr)+sizeof(struct tcphdr) && !sk->users)

                        sk->mtu = new_mtu - sizeof(struct iphdr) - sizeof(struct tcphdr);

                return;

        }

#endif

        /*

         * If we've already connected we will keep trying

         * until we time out, or the user gives up.

         */

        if(code<=NR_ICMP_UNREACH)

        {

                if(icmp_err_convert[code].fatal || sk->state == TCP_SYN_SENT || sk->state == TCP_SYN_RECV)

                {

                        sk->err = icmp_err_convert[code].errno;

                        if (sk->state == TCP_SYN_SENT || sk->state == TCP_SYN_RECV)

                        {

                                tcp_statistics.TcpAttemptFails++;