1
10
13
14
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
94
95
96
97
98
100
101
102
103
104
105
112
113
114
121
122
123
124
125
126
127
128
129
130
131
132
133
134
141
146
153
154
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
235
236
237
238
239
240
241
242
248
249
250
251
252
253
257
261
262
263
264
265
266
272
273
274
275
276
277
278
279
280
281
285
289
290
291
292
293
294
295
296
297
305
306
307
313
314
315
316
317
318
319
320
321
322
327
332
333
334
335
336
337
...
...
...
#define NX_SOURCE_CODE
#include "nx_api.h"
#include "nx_tcp.h"
#include "nx_ip.h"
#ifdef FEATURE_NX_IPV6
#include "nx_ipv6.h"
#endif
#ifdef NX_IPSEC_ENABLE
#include "nx_ipsec.h"
#endif
...
...
VOID _nx_tcp_packet_send_syn(NX_TCP_SOCKET *socket_ptr, ULONG tx_sequence)
{
#ifdef NX_IPSEC_ENABLE
ULONG data_offset = 0;
NXD_ADDRESS src_addr;
UINT ret;
NX_IPSEC_SA *cur_sa_ptr = NX_NULL;/* ... */
#endif
ULONG option_word_1;
ULONG option_word_2;
#ifdef NX_ENABLE_TCP_WINDOW_SCALING
UINT include_window_scaling = NX_FALSE;
UINT scale_factor;/* ... */
#endif
ULONG mss = 0;
#ifdef NX_IPSEC_ENABLE
#ifndef NX_DISABLE_IPV4
if (socket_ptr -> nx_tcp_socket_connect_ip.nxd_ip_version == NX_IP_VERSION_V4)
{
src_addr.nxd_ip_version = NX_IP_VERSION_V4;
src_addr.nxd_ip_address.v4 = socket_ptr -> nx_tcp_socket_connect_interface -> nx_interface_ip_address;
}if (socket_ptr -> nx_tcp_socket_connect_ip.nxd_ip_version == NX_IP_VERSION_V4) { ... }
/* ... */#endif
#ifdef FEATURE_NX_IPV6
if (socket_ptr -> nx_tcp_socket_connect_ip.nxd_ip_version == NX_IP_VERSION_V6)
{
src_addr.nxd_ip_version = NX_IP_VERSION_V6;
COPY_IPV6_ADDRESS(socket_ptr -> nx_tcp_socket_ipv6_addr -> nxd_ipv6_address, src_addr.nxd_ip_address.v6);
}if (socket_ptr -> nx_tcp_socket_connect_ip.nxd_ip_version == NX_IP_VERSION_V6) { ... }
/* ... */#endif
if (socket_ptr -> nx_tcp_socket_ip_ptr -> nx_ip_packet_egress_sa_lookup != NX_NULL)
{
ret = socket_ptr -> nx_tcp_socket_ip_ptr -> nx_ip_packet_egress_sa_lookup(socket_ptr -> nx_tcp_socket_ip_ptr,
&src_addr,
&socket_ptr -> nx_tcp_socket_connect_ip,
NX_PROTOCOL_TCP,
socket_ptr -> nx_tcp_socket_port,
socket_ptr -> nx_tcp_socket_connect_port,
&data_offset, (VOID *)&cur_sa_ptr, 0);
if (ret == NX_IPSEC_TRAFFIC_PROTECT)
{
socket_ptr -> nx_tcp_socket_egress_sa = cur_sa_ptr;
socket_ptr -> nx_tcp_socket_egress_sa_data_offset = data_offset;
}if (ret == NX_IPSEC_TRAFFIC_PROTECT) { ... }
else if (ret == NX_IPSEC_TRAFFIC_DROP || ret == NX_IPSEC_TRAFFIC_PENDING_IKEV2)
{
return;
}else if (ret == NX_IPSEC_TRAFFIC_DROP || ret == NX_IPSEC_TRAFFIC_PENDING_IKEV2) { ... }
else
{
socket_ptr -> nx_tcp_socket_egress_sa = NX_NULL;
socket_ptr -> nx_tcp_socket_egress_sa_data_offset = 0;
}else { ... }
...}
else
{
socket_ptr -> nx_tcp_socket_egress_sa = NX_NULL;
}else { ... }
/* ... */#endif
#ifndef NX_DISABLE_IPV4
if (socket_ptr -> nx_tcp_socket_connect_ip.nxd_ip_version == NX_IP_VERSION_V4)
{
mss = (ULONG)((socket_ptr -> nx_tcp_socket_connect_interface -> nx_interface_ip_mtu_size - sizeof(NX_IPV4_HEADER)) - sizeof(NX_TCP_HEADER));
#ifdef NX_IPSEC_ENABLE
if (cur_sa_ptr != NX_NULL)
{
if (cur_sa_ptr -> nx_ipsec_sa_protocol == NX_PROTOCOL_NEXT_HEADER_ENCAP_SECURITY)
{
mss = mss - sizeof(NX_IPSEC_ESP_HEADER) -
(cur_sa_ptr -> nx_ipsec_sa_encryption_method -> nx_crypto_block_size_in_bytes) -
((cur_sa_ptr -> nx_ipsec_sa_encryption_method -> nx_crypto_IV_size_in_bits) >> 3) -
((cur_sa_ptr -> nx_ipsec_sa_integrity_method -> nx_crypto_ICV_size_in_bits) >> 3);
}if (cur_sa_ptr -> nx_ipsec_sa_protocol == NX_PROTOCOL_NEXT_HEADER_ENCAP_SECURITY) { ... }
if (cur_sa_ptr -> nx_ipsec_sa_protocol == NX_PROTOCOL_NEXT_HEADER_AUTHENTICATION)
{
mss = mss - sizeof(NX_IPSEC_AUTHENTICATION_HEADER) -
(cur_sa_ptr -> nx_ipsec_sa_integrity_method -> nx_crypto_IV_size_in_bits >> 3) -
(cur_sa_ptr -> nx_ipsec_sa_integrity_method -> nx_crypto_ICV_size_in_bits >> 3);
}if (cur_sa_ptr -> nx_ipsec_sa_protocol == NX_PROTOCOL_NEXT_HEADER_AUTHENTICATION) { ... }
if (cur_sa_ptr -> nx_ipsec_sa_mode == NX_IPSEC_TUNNEL_MODE)
{
mss -= (sizeof(NX_IPV4_HEADER));
}if (cur_sa_ptr -> nx_ipsec_sa_mode == NX_IPSEC_TUNNEL_MODE) { ... }
}if (cur_sa_ptr != NX_NULL) { ... }
/* ... */#endif
}if (socket_ptr -> nx_tcp_socket_connect_ip.nxd_ip_version == NX_IP_VERSION_V4) { ... }
/* ... */#endif
#ifdef FEATURE_NX_IPV6
if (socket_ptr -> nx_tcp_socket_connect_ip.nxd_ip_version == NX_IP_VERSION_V6)
{
mss = (ULONG)((socket_ptr -> nx_tcp_socket_connect_interface -> nx_interface_ip_mtu_size - sizeof(NX_IPV6_HEADER)) - sizeof(NX_TCP_HEADER));
#ifdef NX_IPSEC_ENABLE
if (cur_sa_ptr != NX_NULL)
{
if (cur_sa_ptr -> nx_ipsec_sa_protocol == NX_PROTOCOL_NEXT_HEADER_ENCAP_SECURITY)
{
mss = mss - sizeof(NX_IPSEC_ESP_HEADER) -
(cur_sa_ptr -> nx_ipsec_sa_encryption_method -> nx_crypto_block_size_in_bytes) -
((cur_sa_ptr -> nx_ipsec_sa_encryption_method -> nx_crypto_IV_size_in_bits) >> 3) -
((cur_sa_ptr -> nx_ipsec_sa_integrity_method -> nx_crypto_ICV_size_in_bits) >> 3);
}if (cur_sa_ptr -> nx_ipsec_sa_protocol == NX_PROTOCOL_NEXT_HEADER_ENCAP_SECURITY) { ... }
if (cur_sa_ptr -> nx_ipsec_sa_protocol == NX_PROTOCOL_NEXT_HEADER_AUTHENTICATION)
{
mss = mss - sizeof(NX_IPSEC_AUTHENTICATION_HEADER) -
(cur_sa_ptr -> nx_ipsec_sa_integrity_method -> nx_crypto_IV_size_in_bits >> 3) -
(cur_sa_ptr -> nx_ipsec_sa_integrity_method -> nx_crypto_ICV_size_in_bits >> 3);
}if (cur_sa_ptr -> nx_ipsec_sa_protocol == NX_PROTOCOL_NEXT_HEADER_AUTHENTICATION) { ... }
if (cur_sa_ptr -> nx_ipsec_sa_mode == NX_IPSEC_TUNNEL_MODE)
{
mss -= (sizeof(NX_IPV6_HEADER));
}if (cur_sa_ptr -> nx_ipsec_sa_mode == NX_IPSEC_TUNNEL_MODE) { ... }
}if (cur_sa_ptr != NX_NULL) { ... }
/* ... */#endif
}if (socket_ptr -> nx_tcp_socket_connect_ip.nxd_ip_version == NX_IP_VERSION_V6) { ... }
/* ... */#endif
mss &= 0x0000FFFFUL;
if ((socket_ptr -> nx_tcp_socket_mss < mss) && socket_ptr -> nx_tcp_socket_mss)
{
mss = socket_ptr -> nx_tcp_socket_mss;
}if ((socket_ptr -> nx_tcp_socket_mss < mss) && socket_ptr -> nx_tcp_socket_mss) { ... }
if (socket_ptr -> nx_tcp_socket_state == NX_TCP_SYN_RECEIVED)
{
if (mss < socket_ptr -> nx_tcp_socket_peer_mss)
{
socket_ptr -> nx_tcp_socket_connect_mss = mss;
}if (mss < socket_ptr -> nx_tcp_socket_peer_mss) { ... }
else
{
socket_ptr -> nx_tcp_socket_connect_mss = socket_ptr -> nx_tcp_socket_peer_mss;
}else { ... }
socket_ptr -> nx_tcp_socket_connect_mss2 =
socket_ptr -> nx_tcp_socket_connect_mss * socket_ptr -> nx_tcp_socket_connect_mss;
}if (socket_ptr -> nx_tcp_socket_state == NX_TCP_SYN_RECEIVED) { ... }
else
{
socket_ptr -> nx_tcp_socket_connect_mss = mss;
}else { ... }
option_word_1 = NX_TCP_MSS_OPTION | mss;
option_word_2 = NX_TCP_OPTION_END;
#ifdef NX_ENABLE_TCP_WINDOW_SCALING
if (socket_ptr -> nx_tcp_socket_state == NX_TCP_SYN_SENT)
{
include_window_scaling = NX_TRUE;
}if (socket_ptr -> nx_tcp_socket_state == NX_TCP_SYN_SENT) { ... }
else if (socket_ptr -> nx_tcp_snd_win_scale_value != 0xFF)
{
include_window_scaling = NX_TRUE;
}else if (socket_ptr -> nx_tcp_snd_win_scale_value != 0xFF) { ... }
if (include_window_scaling)
{
option_word_2 = NX_TCP_RWIN_OPTION;
for (scale_factor = 0; scale_factor < 15; scale_factor++)
{
if ((socket_ptr -> nx_tcp_socket_rx_window_current >> scale_factor) < 65536)
{
break;
}if ((socket_ptr -> nx_tcp_socket_rx_window_current >> scale_factor) < 65536) { ... }
}for (scale_factor = 0; scale_factor < 15; scale_factor++) { ... }
if (scale_factor == 15)
{
scale_factor = 14;
socket_ptr -> nx_tcp_socket_rx_window_default = (1 << 30) - 1;
socket_ptr -> nx_tcp_socket_rx_window_current = (1 << 30) - 1;
}if (scale_factor == 15) { ... }
option_word_2 |= scale_factor << 8;
socket_ptr -> nx_tcp_rcv_win_scale_value = scale_factor;
}if (include_window_scaling) { ... }
/* ... */#endif
if (socket_ptr -> nx_tcp_socket_state == NX_TCP_SYN_SENT)
{
_nx_tcp_packet_send_control(socket_ptr, NX_TCP_SYN_BIT, tx_sequence,
0, option_word_1, option_word_2, NX_NULL);
}if (socket_ptr -> nx_tcp_socket_state == NX_TCP_SYN_SENT) { ... }
else
{
_nx_tcp_packet_send_control(socket_ptr, (NX_TCP_SYN_BIT | NX_TCP_ACK_BIT), tx_sequence,
socket_ptr -> nx_tcp_socket_rx_sequence, option_word_1, option_word_2, NX_NULL);
}else { ... }
socket_ptr -> nx_tcp_socket_tx_sequence_recover = tx_sequence;
socket_ptr -> nx_tcp_socket_previous_highest_ack = tx_sequence;
}{ ... }