服務端建立連接過程
一般情況下,建立一個TCP連接的過程爲:
客戶端發送SYN段,標識希望連接的服務器端口以及初始序號
服務端發送回一個包含服務器初始序號以及對客戶端SYN段確認的SYN+ACK段作爲應答,由於一個SYN佔用一個序號,因此確認序號設置爲客戶端初始序號加1
客戶端發送確認序號爲服務器初始序號加1的ACK段,對服務器SYN段進行確認。
對於服務端而言,從接收到客戶端的連接請求起,必須等到接收到客戶端對服務端SYN+ACK的確認,連接纔算完成。在這個過程中,不但存在TCP連接的中間狀態,而且還要等待用戶進程調用accept(),因此需要在服務端把信息都保存起來,直到用戶進程調用accept()爲止。
從圖中可以看到在TCP傳輸控制塊inet_connection_sock結構中有個request_sock_queue結構類型的成員icsk_accept_queue,用來保存正在建立連接和已經建立連接但未被accept的傳輸控制塊。在request_sock_queue結構中rskq_accept_head和rskq_accept_tail構成的鏈表中,保存了一個已經完成連接的連接請求塊;而在listen_sock結構實例的syn_table散列表中保存着兩個連接狀態中德爾連接請求塊,請求塊之間使用dl_next形成鏈表。
雖然每個TCP傳輸控制塊都有請求連接控制塊icsk_accept_queue,但在創建之初是不完整的,request_sock_queue結構中的listen_opt指針爲NULL,即還沒有爲保存SYN_RECV狀態的請求連接控制塊分配空間。
listen系統調用不僅使TCP進入LISTEN狀態,同時還爲保存SYN_RECV狀態的請求連接控制塊分配空間,其中syn_table散列表大小由listen系統調用的參數backlog控制。
bind的系統調用實現
bind系統調用通過套接口層的inet_bind()之後,便會調用傳輸層的函數,TCP中的傳輸層接口函數爲inet_csk_get_port()。
如果待綁定端口爲0,則自動爲套接口分配一個可用的端口
如果是指定端口號,則需要在已綁定的信息中查找,如果找到,則說明該端口號已經被使用且不能複用,則bind失敗;如果查找不到,則創建新的bind信息塊添加到散列表中完成對bind的操作。
/* Obtain a reference to a local port for the given sock,
* if snum is zero it means select any available local port.
*/
int inet_csk_get_port(struct sock *sk, unsigned short snum)
{
struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo;
struct inet_bind_hashbucket *head;
struct hlist_node *node;
struct inet_bind_bucket *tb;
int ret, attempts = 5;
struct net *net = sock_net(sk);
int smallest_size = -1, smallest_rover;
local_bh_disable();
if (!snum) {
int remaining, rover, low, high;
again:
inet_get_local_port_range(&low, &high);
remaining = (high - low) + 1;
smallest_rover = rover = net_random() % remaining + low;
smallest_size = -1;
do {
head = &hashinfo->bhash[inet_bhashfn(net, rover,
hashinfo->bhash_size)];
spin_lock(&head->lock);
inet_bind_bucket_for_each(tb, node, &head->chain)
if (ib_net(tb) == net && tb->port == rover) {
if (tb->fastreuse > 0 &&
sk->sk_reuse &&
sk->sk_state != TCP_LISTEN &&
(tb->num_owners < smallest_size || smallest_size == -1)) {
smallest_size = tb->num_owners;
smallest_rover = rover;
if (atomic_read(&hashinfo->bsockets) > (high - low) + 1) {
spin_unlock(&head->lock);
snum = smallest_rover;
goto have_snum;
}
}
goto next;
}
break;
next:
spin_unlock(&head->lock);
if (++rover > high)
rover = low;
} while (--remaining > 0);
/* Exhausted local port range during search? It is not
* possible for us to be holding one of the bind hash
* locks if this test triggers, because if 'remaining'
* drops to zero, we broke out of the do/while loop at
* the top level, not from the 'break;' statement.
*/
ret = 1;
if (remaining <= 0) {
if (smallest_size != -1) {
snum = smallest_rover;
goto have_snum;
}
goto fail;
}
/* OK, here is the one we will use. HEAD is
* non-NULL and we hold it's mutex.
*/
snum = rover;
} else {
have_snum:
head = &hashinfo->bhash[inet_bhashfn(net, snum,
hashinfo->bhash_size)];
spin_lock(&head->lock);
inet_bind_bucket_for_each(tb, node, &head->chain)
if (ib_net(tb) == net && tb->port == snum)
goto tb_found;
}
tb = NULL;
goto tb_not_found;
tb_found:
if (!hlist_empty(&tb->owners)) {
if (tb->fastreuse > 0 &&
sk->sk_reuse && sk->sk_state != TCP_LISTEN &&
smallest_size == -1) {
goto success;
} else {
ret = 1;
if (inet_csk(sk)->icsk_af_ops->bind_conflict(sk, tb)) {
if (sk->sk_reuse && sk->sk_state != TCP_LISTEN &&
smallest_size != -1 && --attempts >= 0) {
spin_unlock(&head->lock);
goto again;
}
goto fail_unlock;
}
}
}
tb_not_found:
ret = 1;
if (!tb && (tb = inet_bind_bucket_create(hashinfo->bind_bucket_cachep,
net, head, snum)) == NULL)
goto fail_unlock;
if (hlist_empty(&tb->owners)) {
if (sk->sk_reuse && sk->sk_state != TCP_LISTEN)
tb->fastreuse = 1;
else
tb->fastreuse = 0;
} else if (tb->fastreuse &&
(!sk->sk_reuse || sk->sk_state == TCP_LISTEN))
tb->fastreuse = 0;
success:
if (!inet_csk(sk)->icsk_bind_hash)
inet_bind_hash(sk, tb, snum);
WARN_ON(inet_csk(sk)->icsk_bind_hash != tb);
ret = 0;
fail_unlock:
spin_unlock(&head->lock);
fail:
local_bh_enable();
return ret;
}
listen的系統調用實現
inet_listen()函數爲listen系統調用套接口層的實現,該函數會做一些簡單的檢查,然後調用inet_csk_listen_start()函數實現偵聽。實現偵聽的過程:爲管理連接請求塊的散列表分配存儲空間,接着使TCP傳輸控制塊的狀態遷移到LISTEN狀態,然後將傳輸控制塊添加到偵聽散列表中。
int inet_csk_listen_start(struct sock *sk, const int nr_table_entries)
{
struct inet_sock *inet = inet_sk(sk);
struct inet_connection_sock *icsk = inet_csk(sk);
int rc = reqsk_queue_alloc(&icsk->icsk_accept_queue, nr_table_entries);
if (rc != 0)
return rc;
sk->sk_max_ack_backlog = 0;
sk->sk_ack_backlog = 0;
inet_csk_delack_init(sk);
/* There is race window here: we announce ourselves listening,
* but this transition is still not validated by get_port().
* It is OK, because this socket enters to hash table only
* after validation is complete.
*/
sk->sk_state = TCP_LISTEN;
if (!sk->sk_prot->get_port(sk, inet->num)) {
inet->sport = htons(inet->num);
sk_dst_reset(sk);
sk->sk_prot->hash(sk);
return 0;
}
sk->sk_state = TCP_CLOSE;
__reqsk_queue_destroy(&icsk->icsk_accept_queue);
return -EADDRINUSE;
}
accept的系統調用實現
inet_accept()爲accept系統調用的套接口層的函數實現
/*
* Accept a pending connection. The TCP layer now gives BSD semantics.
*/
int inet_accept(struct socket *sock, struct socket *newsock, int flags)
{
struct sock *sk1 = sock->sk;
int err = -EINVAL;
struct sock *sk2 = sk1->sk_prot->accept(sk1, flags, &err);
if (!sk2)
goto do_err;
lock_sock(sk2);
WARN_ON(!((1 << sk2->sk_state) &
(TCPF_ESTABLISHED | TCPF_CLOSE_WAIT | TCPF_CLOSE)));
sock_graft(sk2, newsock);
newsock->state = SS_CONNECTED;
err = 0;
release_sock(sk2);
do_err:
return err;
}
首先根據套接口獲取對應的傳輸控制塊,調用accept的傳輸層接口的函數inet_csk_accept()獲取已完成的連接的傳輸控制塊,稱之爲子傳輸控制塊。
如果accept成功,則需要調用sock_graft()把子套接口和傳輸控制塊關聯起來以便這兩者之間相互索引。最後設置子套接口狀態爲已連接的狀態SS_CONNECTED。
inet_csk_accept()爲accept系統調用的傳輸層實現。如果有完成連接的傳輸控制塊,則將其從連接請求容器中取出;如果沒有,則根據是否阻塞來決定返回或是等待新連接。
/*
* This will accept the next outstanding connection.
*/
struct sock *inet_csk_accept(struct sock *sk, int flags, int *err)
{
struct inet_connection_sock *icsk = inet_csk(sk);
struct sock *newsk;
int error;
lock_sock(sk);
/* We need to make sure that this socket is listening,
* and that it has something pending.
*/
error = -EINVAL;
if (sk->sk_state != TCP_LISTEN)
goto out_err;
/* Find already established connection */
if (reqsk_queue_empty(&icsk->icsk_accept_queue)) {
long timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
/* If this is a non blocking socket don't sleep */
error = -EAGAIN;
if (!timeo)
goto out_err;
error = inet_csk_wait_for_connect(sk, timeo);
if (error)
goto out_err;
}
newsk = reqsk_queue_get_child(&icsk->icsk_accept_queue, sk);
WARN_ON(newsk->sk_state == TCP_SYN_RECV);
out:
release_sock(sk);
return newsk;
out_err:
newsk = NULL;
*err = error;
goto out;
}