]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/netinet/tcp_output.c
projects / apple / xnu.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xnu-4570.41.2.tar.gz
[apple/xnu.git] / bsd / netinet / tcp_output.c
diff --git a/bsd/netinet/tcp_output.c b/bsd/netinet/tcp_output.c
index 8a9eeb9cf07bf4a5ca08dc405f66ce1dcde8a745..88ced34e95502914be7bce142bd80a5541377c1b 100644 (file)
--- a/bsd/netinet/tcp_output.c
+++ b/bsd/netinet/tcp_output.c
@@ -1,8 +1,8 @@
 /*
 /*
- * Copyright (c) 2000-2012 Apple Inc. All rights reserved.
+ * Copyright (c) 2000-2017 Apple Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
+ *
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
@@ -11,10 +11,10 @@
  * unlawful or unlicensed copies of an Apple operating system, or to
  * circumvent, violate, or enable the circumvention or violation of, any
  * terms of an Apple operating system software license agreement.
  * unlawful or unlicensed copies of an Apple operating system, or to
  * circumvent, violate, or enable the circumvention or violation of, any
  * terms of an Apple operating system software license agreement.
- * 
+ *
  * Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this file.
  * Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
+ *
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
@@ -22,7 +22,7 @@
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
- * 
+ *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
@@ -85,10 +85,12 @@
 #include <net/if_var.h>
 #include <net/if.h>
 #include <net/if_types.h>
 #include <net/if_var.h>
 #include <net/if.h>
 #include <net/if_types.h>
+#include <net/dlil.h>
 
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/in_var.h>
 
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/in_var.h>
+#include <netinet/in_tclass.h>
 #include <netinet/ip.h>
 #include <netinet/in_pcb.h>
 #include <netinet/ip_var.h>
 #include <netinet/ip.h>
 #include <netinet/in_pcb.h>
 #include <netinet/ip_var.h>
@@ -100,6 +102,7 @@
 #endif
 #include <netinet/tcp.h>
 #define        TCPOUTFLAGS
 #endif
 #include <netinet/tcp.h>
 #define        TCPOUTFLAGS
+#include <netinet/tcp_cache.h>
 #include <netinet/tcp_fsm.h>
 #include <netinet/tcp_seq.h>
 #include <netinet/tcp_timer.h>
 #include <netinet/tcp_fsm.h>
 #include <netinet/tcp_seq.h>
 #include <netinet/tcp_timer.h>
@@ -121,75 +124,159 @@
 #endif /* MAC_SOCKET */
 
 #include <netinet/lro_ext.h>
 #endif /* MAC_SOCKET */
 
 #include <netinet/lro_ext.h>
+#if MPTCP
+#include <netinet/mptcp_var.h>
+#include <netinet/mptcp.h>
+#include <netinet/mptcp_opt.h>
+#endif
+
+#include <corecrypto/ccaes.h>
 
 #define DBG_LAYER_BEG          NETDBG_CODE(DBG_NETTCP, 1)
 #define DBG_LAYER_END          NETDBG_CODE(DBG_NETTCP, 3)
 #define DBG_FNC_TCP_OUTPUT     NETDBG_CODE(DBG_NETTCP, (4 << 8) | 1)
 
 
 #define DBG_LAYER_BEG          NETDBG_CODE(DBG_NETTCP, 1)
 #define DBG_LAYER_END          NETDBG_CODE(DBG_NETTCP, 3)
 #define DBG_FNC_TCP_OUTPUT     NETDBG_CODE(DBG_NETTCP, (4 << 8) | 1)
 
-#ifdef notyet
-extern struct mbuf *m_copypack();
-#endif
-
-int path_mtu_discovery = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, path_mtu_discovery, CTLFLAG_RW | CTLFLAG_LOCKED,
-       &path_mtu_discovery, 1, "Enable Path MTU Discovery");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, path_mtu_discovery,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, path_mtu_discovery, 1,
+       "Enable Path MTU Discovery");
 
 
-int ss_fltsz = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, slowstart_flightsize, CTLFLAG_RW | CTLFLAG_LOCKED,
-       &ss_fltsz, 1, "Slow start flight size");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, slowstart_flightsize,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, ss_fltsz, 1,
+       "Slow start flight size");
 
 
-int ss_fltsz_local = 8; /* starts with eight segments max */
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, local_slowstart_flightsize, CTLFLAG_RW | CTLFLAG_LOCKED,
-       &ss_fltsz_local, 1, "Slow start flight size for local networks");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, local_slowstart_flightsize,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, ss_fltsz_local, 8,
+       "Slow start flight size for local networks");
 
 int    tcp_do_tso = 1;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, tso, CTLFLAG_RW | CTLFLAG_LOCKED,
 
 int    tcp_do_tso = 1;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, tso, CTLFLAG_RW | CTLFLAG_LOCKED,
-       &tcp_do_tso, 0, "Enable TCP Segmentation Offload");
+                  &tcp_do_tso, 0, "Enable TCP Segmentation Offload");
+
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, ecn_setup_percentage,
+    CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_ecn_setup_percentage, 100,
+    "Max ECN setup percentage");
+
+static int
+sysctl_change_ecn_setting SYSCTL_HANDLER_ARGS
+{
+#pragma unused(oidp, arg1, arg2)
+       int i, err = 0, changed = 0;
+       struct ifnet *ifp;
+
+       err = sysctl_io_number(req, tcp_ecn_outbound, sizeof(int32_t),
+           &i, &changed);
+       if (err != 0 || req->newptr == USER_ADDR_NULL)
+               return(err);
+
+       if (changed) {
+               if ((tcp_ecn_outbound == 0 || tcp_ecn_outbound == 1) &&
+                   (i == 0 || i == 1)) {
+                       tcp_ecn_outbound = i;
+                       SYSCTL_SKMEM_UPDATE_FIELD(tcp.ecn_initiate_out, tcp_ecn_outbound);
+                       return(err);
+               }
+               if (tcp_ecn_outbound == 2 && (i == 0 || i == 1)) {
+                       /*
+                        * Reset ECN enable flags on non-cellular
+                        * interfaces so that the system default will take
+                        * over
+                        */
+                       ifnet_head_lock_shared();
+                       TAILQ_FOREACH(ifp, &ifnet_head, if_link) {
+                               if (!IFNET_IS_CELLULAR(ifp)) {
+                                       ifnet_lock_exclusive(ifp);
+                                       ifp->if_eflags &= ~IFEF_ECN_DISABLE;
+                                       ifp->if_eflags &= ~IFEF_ECN_ENABLE;
+                                       ifnet_lock_done(ifp);
+                               }
+                       }
+                       ifnet_head_done();
+               } else {
+                       /*
+                        * Set ECN enable flags on non-cellular
+                        * interfaces
+                        */
+                       ifnet_head_lock_shared();
+                       TAILQ_FOREACH(ifp, &ifnet_head, if_link) {
+                               if (!IFNET_IS_CELLULAR(ifp)) {
+                                       ifnet_lock_exclusive(ifp);
+                                       ifp->if_eflags |= IFEF_ECN_ENABLE;
+                                       ifp->if_eflags &= ~IFEF_ECN_DISABLE;
+                                       ifnet_lock_done(ifp);
+                               }
+                       }
+                       ifnet_head_done();
+               }
+               tcp_ecn_outbound = i;
+               SYSCTL_SKMEM_UPDATE_FIELD(tcp.ecn_initiate_out, tcp_ecn_outbound);
+       }
+       /* Change the other one too as the work is done */
+       if (i == 2 || tcp_ecn_inbound == 2) {
+               tcp_ecn_inbound = i;
+               SYSCTL_SKMEM_UPDATE_FIELD(tcp.ecn_negotiate_in, tcp_ecn_inbound);
+       }
+       return (err);
+}
+
+int     tcp_ecn_outbound = 2;
+SYSCTL_PROC(_net_inet_tcp, OID_AUTO, ecn_initiate_out,
+    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_ecn_outbound, 0,
+    sysctl_change_ecn_setting, "IU",
+    "Initiate ECN for outbound connections");
+
+int     tcp_ecn_inbound = 2;
+SYSCTL_PROC(_net_inet_tcp, OID_AUTO, ecn_negotiate_in,
+    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_ecn_inbound, 0,
+    sysctl_change_ecn_setting, "IU",
+    "Initiate ECN for inbound connections");
 
 
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, packetchain,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_packet_chaining, 50,
+       "Enable TCP output packet chaining");
 
 
-int     tcp_ecn_outbound = 0;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, ecn_initiate_out, CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_ecn_outbound,
-        0, "Initiate ECN for outbound connections");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, socket_unlocked_on_output,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_output_unlocked, 1,
+       "Unlock TCP when sending packets down to IP");
 
 
-int     tcp_ecn_inbound = 0;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, ecn_negotiate_in, CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_ecn_inbound,
-        0, "Allow ECN negotiation for inbound connections");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, rfc3390,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_do_rfc3390, 1,
+       "Calculate intial slowstart cwnd depending on MSS");
 
 
-int    tcp_packet_chaining = 50;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, packetchain, CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_packet_chaining,
-        0, "Enable TCP output packet chaining");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, min_iaj_win,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_min_iaj_win, MIN_IAJ_WIN,
+       "Minimum recv win based on inter-packet arrival jitter");
 
 
-int    tcp_output_unlocked = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, socket_unlocked_on_output, CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_output_unlocked,
-        0, "Unlock TCP when sending packets down to IP");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, acc_iaj_react_limit,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_acc_iaj_react_limit,
+       ACC_IAJ_REACT_LIMIT, "Accumulated IAJ when receiver starts to react");
 
 
-int tcp_do_rfc3390 = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3390, CTLFLAG_RW | CTLFLAG_LOCKED,
-       &tcp_do_rfc3390, 1, "Calculate intial slowstart cwnd depending on MSS");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, doautosndbuf,
+       CTLFLAG_RW | CTLFLAG_LOCKED, uint32_t, tcp_do_autosendbuf, 1,
+       "Enable send socket buffer auto-tuning");
 
 
-int tcp_min_iaj_win = MIN_IAJ_WIN;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, min_iaj_win, CTLFLAG_RW | CTLFLAG_LOCKED,
-       &tcp_min_iaj_win, 1, "Minimum recv win based on inter-packet arrival jitter");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, autosndbufinc,
+       CTLFLAG_RW | CTLFLAG_LOCKED, uint32_t, tcp_autosndbuf_inc,
+       8 * 1024, "Increment in send socket bufffer size");
 
 
-int tcp_acc_iaj_react_limit = ACC_IAJ_REACT_LIMIT;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, acc_iaj_react_limit, CTLFLAG_RW | CTLFLAG_LOCKED,
-        &tcp_acc_iaj_react_limit, 1, "Accumulated IAJ when receiver starts to react");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, autosndbufmax,
+       CTLFLAG_RW | CTLFLAG_LOCKED, uint32_t, tcp_autosndbuf_max, 512 * 1024,
+       "Maximum send socket buffer size");
 
 
-uint32_t tcp_do_autosendbuf = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, doautosndbuf, CTLFLAG_RW | CTLFLAG_LOCKED,
-        &tcp_do_autosendbuf, 1, "Enable send socket buffer auto-tuning");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, ack_prioritize,
+       CTLFLAG_RW | CTLFLAG_LOCKED, uint32_t, tcp_prioritize_acks, 1,
+       "Prioritize pure acks");
 
 
-uint32_t tcp_autosndbuf_inc = 8 * 1024;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, autosndbufinc, CTLFLAG_RW | CTLFLAG_LOCKED,
-        &tcp_autosndbuf_inc, 1, "Increment in send socket bufffer size");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, rtt_recvbg,
+       CTLFLAG_RW | CTLFLAG_LOCKED, uint32_t, tcp_use_rtt_recvbg, 1,
+       "Use RTT for bg recv algorithm");
 
 
-uint32_t tcp_autosndbuf_max = 512 * 1024;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, autosndbufmax, CTLFLAG_RW | CTLFLAG_LOCKED,
-        &tcp_autosndbuf_max, 1, "Maximum send socket buffer size");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, recv_throttle_minwin,
+       CTLFLAG_RW | CTLFLAG_LOCKED, uint32_t, tcp_recv_throttle_minwin, 16 * 1024,
+       "Minimum recv win for throttling");
 
 
-uint32_t tcp_prioritize_acks = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, ack_prioritize, CTLFLAG_RW | CTLFLAG_LOCKED,
-        &tcp_prioritize_acks, 1, "Prioritize pure acks");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, enable_tlp,
+       CTLFLAG_RW | CTLFLAG_LOCKED,
+       int32_t, tcp_enable_tlp, 1, "Enable Tail loss probe");
 
 static int32_t packchain_newlist = 0;
 static int32_t packchain_looped = 0;
 
 static int32_t packchain_newlist = 0;
 static int32_t packchain_looped = 0;
@@ -202,38 +289,237 @@ extern int ipsec_bypass;
 
 extern int slowlink_wsize;     /* window correction for slow links */
 #if IPFIREWALL
 
 extern int slowlink_wsize;     /* window correction for slow links */
 #if IPFIREWALL
-extern int fw_enable;          /* firewall check for packet chaining */
-extern int fw_bypass;          /* firewall check: disable packet chaining if there is rules */
+extern int fw_enable;          /* firewall check for packet chaining */
+extern int fw_bypass;          /* firewall check: disable packet chaining if there is rules */
 #endif /* IPFIREWALL */
 
 #endif /* IPFIREWALL */
 
-extern vm_size_t       so_cache_zone_element_size;
-#if RANDOM_IP_ID
-extern int             ip_use_randomid;
-#endif /* RANDOM_IP_ID */
-extern u_int32_t dlil_filter_count;
+extern u_int32_t dlil_filter_disable_tso_count;
 extern u_int32_t kipf_count;
 extern u_int32_t kipf_count;
-extern int tcp_recv_bg;
-extern int maxseg_unacked;
 
 
-static int tcp_ip_output(struct socket *, struct tcpcb *, struct mbuf *, int,
-    struct mbuf *, int, int, int32_t, boolean_t);
-
-extern uint32_t get_base_rtt(struct tcpcb *tp);
+static int tcp_ip_output(struct socket *, struct tcpcb *, struct mbuf *,
+    int, struct mbuf *, int, int, boolean_t);
 static struct mbuf* tcp_send_lroacks(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th);
 static struct mbuf* tcp_send_lroacks(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th);
+static int tcp_recv_throttle(struct tcpcb *tp);
 
 
-static __inline__ u_int16_t
-get_socket_id(struct socket * s)
+static int32_t tcp_tfo_check(struct tcpcb *tp, int32_t len)
 {
 {
-       u_int16_t               val;
+       struct socket *so = tp->t_inpcb->inp_socket;
+       unsigned int optlen = 0;
+       unsigned int cookie_len;
+
+       if (tp->t_flags & TF_NOOPT)
+               goto fallback;
+
+       if ((so->so_flags1 & SOF1_DATA_AUTHENTICATED) &&
+           !(tp->t_flagsext & TF_FASTOPEN_HEUR))
+               return (len);
+
+       if (!tcp_heuristic_do_tfo(tp)) {
+               tp->t_tfo_stats |= TFO_S_HEURISTICS_DISABLE;
+               tcpstat.tcps_tfo_heuristics_disable++;
+               goto fallback;
+       }
+
+       if (so->so_flags1 & SOF1_DATA_AUTHENTICATED)
+               return (len);
+
+       optlen += TCPOLEN_MAXSEG;
+
+       if (tp->t_flags & TF_REQ_SCALE)
+               optlen += 4;
+
+#if MPTCP
+       if ((so->so_flags & SOF_MP_SUBFLOW) && mptcp_enable &&
+           tp->t_rxtshift <= mptcp_mpcap_retries)
+               optlen += sizeof(struct mptcp_mpcapable_opt_common) + sizeof(mptcp_key_t);
+#endif /* MPTCP */
+
+       if (tp->t_flags & TF_REQ_TSTMP)
+               optlen += TCPOLEN_TSTAMP_APPA;
 
 
-       if (so_cache_zone_element_size == 0) {
+       if (SACK_ENABLED(tp))
+               optlen += TCPOLEN_SACK_PERMITTED;
+
+       /* Now, decide whether to use TFO or not */
+
+       /* Don't even bother trying if there is no space at all... */
+       if (MAX_TCPOPTLEN - optlen < TCPOLEN_FASTOPEN_REQ)
+               goto fallback;
+
+       cookie_len = tcp_cache_get_cookie_len(tp);
+       if (cookie_len == 0)
+               /* No cookie, so we request one */
                return (0);
                return (0);
+
+       /* There is not enough space for the cookie, so we cannot do TFO */
+       if (MAX_TCPOPTLEN - optlen < cookie_len)
+               goto fallback;
+
+       /* Do not send SYN+data if there is more in the queue than MSS */
+       if (so->so_snd.sb_cc > (tp->t_maxopd - MAX_TCPOPTLEN))
+               goto fallback;
+
+       /* Ok, everything looks good. We can go on and do TFO */
+       return (len);
+
+fallback:
+       tp->t_flagsext &= ~TF_FASTOPEN;
+       return (0);
+}
+
+/* Returns the number of bytes written to the TCP option-space */
+static unsigned
+tcp_tfo_write_cookie_rep(struct tcpcb *tp, unsigned optlen, u_char *opt)
+{
+       u_char out[CCAES_BLOCK_SIZE];
+       unsigned ret = 0;
+       u_char *bp;
+
+       if ((MAX_TCPOPTLEN - optlen) <
+           (TCPOLEN_FASTOPEN_REQ + TFO_COOKIE_LEN_DEFAULT))
+               return (ret);
+
+       tcp_tfo_gen_cookie(tp->t_inpcb, out, sizeof(out));
+
+       bp = opt + optlen;
+
+       *bp++ = TCPOPT_FASTOPEN;
+       *bp++ = 2 + TFO_COOKIE_LEN_DEFAULT;
+       memcpy(bp, out, TFO_COOKIE_LEN_DEFAULT);
+       ret += 2 + TFO_COOKIE_LEN_DEFAULT;
+
+       tp->t_tfo_stats |= TFO_S_COOKIE_SENT;
+       tcpstat.tcps_tfo_cookie_sent++;
+
+       return (ret);
+}
+
+static unsigned
+tcp_tfo_write_cookie(struct tcpcb *tp, unsigned optlen, int32_t len,
+                    u_char *opt)
+{
+       u_int8_t tfo_len = MAX_TCPOPTLEN - optlen - TCPOLEN_FASTOPEN_REQ;
+       struct socket *so = tp->t_inpcb->inp_socket;
+       unsigned ret = 0;
+       int res;
+       u_char *bp;
+
+       if (so->so_flags1 & SOF1_DATA_AUTHENTICATED) {
+               /* If there is some data, let's track it */
+               if (len > 0) {
+                       tp->t_tfo_stats |= TFO_S_SYN_DATA_SENT;
+                       tcpstat.tcps_tfo_syn_data_sent++;
+               }
+
+               return (0);
+       }
+
+       bp = opt + optlen;
+
+       /*
+        * The cookie will be copied in the appropriate place within the
+        * TCP-option space. That way we avoid the need for an intermediate
+        * variable.
+        */
+       res = tcp_cache_get_cookie(tp, bp + TCPOLEN_FASTOPEN_REQ, &tfo_len);
+       if (res == 0) {
+               *bp++ = TCPOPT_FASTOPEN;
+               *bp++ = TCPOLEN_FASTOPEN_REQ;
+               ret += TCPOLEN_FASTOPEN_REQ;
+
+               tp->t_tfo_flags |= TFO_F_COOKIE_REQ;
+
+               tp->t_tfo_stats |= TFO_S_COOKIE_REQ;
+               tcpstat.tcps_tfo_cookie_req++;
+       } else {
+               *bp++ = TCPOPT_FASTOPEN;
+               *bp++ = TCPOLEN_FASTOPEN_REQ + tfo_len;
+
+               ret += TCPOLEN_FASTOPEN_REQ + tfo_len;
+
+               tp->t_tfo_flags |= TFO_F_COOKIE_SENT;
+
+               /* If there is some data, let's track it */
+               if (len > 0) {
+                       tp->t_tfo_stats |= TFO_S_SYN_DATA_SENT;
+                       tcpstat.tcps_tfo_syn_data_sent++;
+               }
+       }
+
+       return (ret);
+}
+
+static inline bool
+tcp_send_ecn_flags_on_syn(struct tcpcb *tp, struct socket *so)
+{
+       return(!((tp->ecn_flags & TE_SETUPSENT) ||
+           (so->so_flags & SOF_MP_SUBFLOW) ||
+           (tp->t_flagsext & TF_FASTOPEN)));
+}
+
+void
+tcp_set_ecn(struct tcpcb *tp, struct ifnet *ifp)
+{
+       boolean_t inbound;
+
+       /*
+        * Socket option has precedence
+        */
+       if (tp->ecn_flags & TE_ECN_MODE_ENABLE) {
+               tp->ecn_flags |= TE_ENABLE_ECN;
+               goto check_heuristic;
+       }
+
+       if (tp->ecn_flags & TE_ECN_MODE_DISABLE) {
+               tp->ecn_flags &= ~TE_ENABLE_ECN;
+               return;
+       }
+       /*
+        * Per interface setting comes next
+        */
+       if (ifp != NULL) {
+               if (ifp->if_eflags & IFEF_ECN_ENABLE) {
+                       tp->ecn_flags |= TE_ENABLE_ECN;
+                       goto check_heuristic;
+               }
+
+               if (ifp->if_eflags & IFEF_ECN_DISABLE) {
+                       tp->ecn_flags &= ~TE_ENABLE_ECN;
+                       return;
+               }
        }
        }
-       val = (u_int16_t)(((uintptr_t)s) / so_cache_zone_element_size);
-       if (val == 0) {
-               val = 0xffff;
+       /*
+        * System wide settings come last
+        */
+       inbound = (tp->t_inpcb->inp_socket->so_head != NULL);
+       if ((inbound && tcp_ecn_inbound == 1) ||
+           (!inbound && tcp_ecn_outbound == 1)) {
+               tp->ecn_flags |= TE_ENABLE_ECN;
+               goto check_heuristic;
+       } else {
+               tp->ecn_flags &= ~TE_ENABLE_ECN;
+       }
+
+       return;
+
+check_heuristic:
+       if (!tcp_heuristic_do_ecn(tp))
+               tp->ecn_flags &= ~TE_ENABLE_ECN;
+
+       /*
+        * If the interface setting, system-level setting and heuristics
+        * allow to enable ECN, randomly select 5% of connections to
+        * enable it
+        */
+       if ((tp->ecn_flags & (TE_ECN_MODE_ENABLE | TE_ECN_MODE_DISABLE
+           | TE_ENABLE_ECN)) == TE_ENABLE_ECN) {
+               /*
+                * Use the random value in iss for randomizing
+                * this selection
+                */
+               if ((tp->iss % 100) >= tcp_ecn_setup_percentage)
+                       tp->ecn_flags &= ~TE_ENABLE_ECN;
        }
        }
-       return (val);
 }
 
 /*
 }
 
 /*
@@ -265,44 +551,51 @@ get_socket_id(struct socket * s)
 int
 tcp_output(struct tcpcb *tp)
 {
 int
 tcp_output(struct tcpcb *tp)
 {
-       struct socket *so = tp->t_inpcb->inp_socket;
+       struct inpcb *inp = tp->t_inpcb;
+       struct socket *so = inp->inp_socket;
        int32_t len, recwin, sendwin, off;
        int flags, error;
        int32_t len, recwin, sendwin, off;
        int flags, error;
-       register struct mbuf *m;
+       struct mbuf *m;
        struct ip *ip = NULL;
        struct ip *ip = NULL;
-       register struct ipovly *ipov = NULL;
+       struct ipovly *ipov = NULL;
 #if INET6
        struct ip6_hdr *ip6 = NULL;
 #endif /* INET6 */
 #if INET6
        struct ip6_hdr *ip6 = NULL;
 #endif /* INET6 */
-       register struct tcphdr *th;
+       struct tcphdr *th;
        u_char opt[TCP_MAXOLEN];
        unsigned ipoptlen, optlen, hdrlen;
        int idle, sendalot, lost = 0;
        int i, sack_rxmit;
        int tso = 0;
        int sack_bytes_rxmt;
        u_char opt[TCP_MAXOLEN];
        unsigned ipoptlen, optlen, hdrlen;
        int idle, sendalot, lost = 0;
        int i, sack_rxmit;
        int tso = 0;
        int sack_bytes_rxmt;
+       tcp_seq old_snd_nxt = 0;
        struct sackhole *p;
        struct sackhole *p;
-#ifdef IPSEC
+#if IPSEC
        unsigned ipsec_optlen = 0;
        unsigned ipsec_optlen = 0;
-#endif
-       int    last_off = 0;
-       int    m_off;
+#endif /* IPSEC */
        int    idle_time = 0;
        int    idle_time = 0;
-       struct mbuf *m_lastm = NULL;
-       struct mbuf *m_head = NULL;
        struct mbuf *packetlist = NULL;
        struct mbuf *packetlist = NULL;
-       struct mbuf *tp_inp_options = tp->t_inpcb->inp_depend4.inp4_options;
+       struct mbuf *tp_inp_options = inp->inp_depend4.inp4_options;
 #if INET6
 #if INET6
-       int isipv6 = tp->t_inpcb->inp_vflag & INP_IPV6 ;
+       int isipv6 = inp->inp_vflag & INP_IPV6 ;
+#else
+       int isipv6 = 0;
 #endif
        short packchain_listadd = 0;
 #endif
        short packchain_listadd = 0;
-       u_int16_t       socket_id = get_socket_id(so);
        int so_options = so->so_options;
        struct rtentry *rt;
        int so_options = so->so_options;
        struct rtentry *rt;
-       u_int32_t basertt, svc_flags = 0;
+       u_int32_t svc_flags = 0, allocated_len;
        u_int32_t lro_ackmore = (tp->t_lropktlen != 0) ? 1 : 0;
        struct mbuf *mnext = NULL;
        int sackoptlen = 0;
        u_int32_t lro_ackmore = (tp->t_lropktlen != 0) ? 1 : 0;
        struct mbuf *mnext = NULL;
        int sackoptlen = 0;
+#if MPTCP
+       boolean_t mptcp_acknow;
+#endif /* MPTCP */
+       boolean_t cell = FALSE;
+       boolean_t wifi = FALSE;
+       boolean_t wired = FALSE;
+       boolean_t sack_rescue_rxt = FALSE;
+       int sotc = so->so_traffic_class;
 
        /*
         * Determine length of data that should be transmitted,
 
        /*
         * Determine length of data that should be transmitted,
@@ -317,11 +610,22 @@ tcp_output(struct tcpcb *tp)
         */
        idle_time = tcp_now - tp->t_rcvtime;
        if (idle && idle_time >= TCP_IDLETIMEOUT(tp)) {
         */
        idle_time = tcp_now - tp->t_rcvtime;
        if (idle && idle_time >= TCP_IDLETIMEOUT(tp)) {
-               if (CC_ALGO(tp)->after_idle != NULL) 
+               if (CC_ALGO(tp)->after_idle != NULL &&
+                   (tp->tcp_cc_index != TCP_CC_ALGO_CUBIC_INDEX ||
+                   idle_time >= TCP_CC_CWND_NONVALIDATED_PERIOD)) {
                        CC_ALGO(tp)->after_idle(tp);
                        CC_ALGO(tp)->after_idle(tp);
-               DTRACE_TCP5(cc, void, NULL, struct inpcb *, tp->t_inpcb,
-                       struct tcpcb *, tp, struct tcphdr *, NULL,
-                       int32_t, TCP_CC_IDLE_TIMEOUT);
+                       tcp_ccdbg_trace(tp, NULL, TCP_CC_IDLE_TIMEOUT);
+               }
+
+               /*
+                * Do some other tasks that need to be done after
+                * idle time
+                */
+               if (!SLIST_EMPTY(&tp->t_rxt_segments))
+                       tcp_rxtseg_clean(tp);
+
+               /* If stretch ack was auto-disabled, re-evaluate it */
+               tcp_cc_after_idle_stretchack(tp);
        }
        tp->t_flags &= ~TF_LASTIDLE;
        if (idle) {
        }
        tp->t_flags &= ~TF_LASTIDLE;
        if (idle) {
@@ -330,24 +634,40 @@ tcp_output(struct tcpcb *tp)
                        idle = 0;
                }
        }
                        idle = 0;
                }
        }
+#if MPTCP
+       if (tp->t_mpflags & TMPF_RESET) {
+               tcp_check_timer_state(tp);
+               /*
+                * Once a RST has been sent for an MPTCP subflow,
+                * the subflow socket stays around until deleted.
+                * No packets such as FINs must be sent after RST.
+                */
+               return (0);
+       }
+#endif /* MPTCP */
+
 again:
 again:
+#if MPTCP
+       mptcp_acknow = FALSE;
+#endif
+
        KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_START, 0,0,0,0,0);
 
 #if INET6
        if (isipv6) {
                KERNEL_DEBUG(DBG_LAYER_BEG,
        KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_START, 0,0,0,0,0);
 
 #if INET6
        if (isipv6) {
                KERNEL_DEBUG(DBG_LAYER_BEG,
-                    ((tp->t_inpcb->inp_fport << 16) | tp->t_inpcb->inp_lport),
-                    (((tp->t_inpcb->in6p_laddr.s6_addr16[0] & 0xffff) << 16) |
-                     (tp->t_inpcb->in6p_faddr.s6_addr16[0] & 0xffff)),
+                    ((inp->inp_fport << 16) | inp->inp_lport),
+                    (((inp->in6p_laddr.s6_addr16[0] & 0xffff) << 16) |
+                     (inp->in6p_faddr.s6_addr16[0] & 0xffff)),
                     sendalot,0,0);
        } else
 #endif
 
        {
                KERNEL_DEBUG(DBG_LAYER_BEG,
                     sendalot,0,0);
        } else
 #endif
 
        {
                KERNEL_DEBUG(DBG_LAYER_BEG,
-                    ((tp->t_inpcb->inp_fport << 16) | tp->t_inpcb->inp_lport),
-                    (((tp->t_inpcb->inp_laddr.s_addr & 0xffff) << 16) |
-                     (tp->t_inpcb->inp_faddr.s_addr & 0xffff)),
+                    ((inp->inp_fport << 16) | inp->inp_lport),
+                    (((inp->inp_laddr.s_addr & 0xffff) << 16) |
+                     (inp->inp_faddr.s_addr & 0xffff)),
                     sendalot,0,0);
        }
        /*
                     sendalot,0,0);
        }
        /*
@@ -356,9 +676,8 @@ again:
         * return error or silently do nothing (assuming the address will
         * come back before the TCP connection times out).
         */
         * return error or silently do nothing (assuming the address will
         * come back before the TCP connection times out).
         */
-       rt = tp->t_inpcb->inp_route.ro_rt;
-       if (rt != NULL && (!(rt->rt_flags & RTF_UP) ||
-           rt->generation_id != route_generation)) {
+       rt = inp->inp_route.ro_rt;
+       if (rt != NULL && ROUTE_UNUSABLE(&tp->t_inpcb->inp_route)) {
                struct ifnet *ifp;
                struct in_ifaddr *ia = NULL;
                struct in6_ifaddr *ia6 = NULL;
                struct ifnet *ifp;
                struct in_ifaddr *ia = NULL;
                struct in6_ifaddr *ia6 = NULL;
@@ -370,19 +689,20 @@ again:
                /* Disable TSO for the socket until we know more */
                tp->t_flags &= ~TF_TSO;
 
                /* Disable TSO for the socket until we know more */
                tp->t_flags &= ~TF_TSO;
 
+               soif2kcl(so, FALSE);
+
                if (isipv6) {
                if (isipv6) {
-                       ia6 = ifa_foraddr6(&tp->t_inpcb->in6p_laddr);
+                       ia6 = ifa_foraddr6(&inp->in6p_laddr);
                        if (ia6 != NULL)
                                found_srcaddr = 1;
                } else {
                        if (ia6 != NULL)
                                found_srcaddr = 1;
                } else {
-                       ia = ifa_foraddr(tp->t_inpcb->inp_laddr.s_addr);
+                       ia = ifa_foraddr(inp->inp_laddr.s_addr);
                        if (ia != NULL)
                                found_srcaddr = 1;
                }
 
                /* check that the source address is still valid */
                if (found_srcaddr == 0) {
                        if (ia != NULL)
                                found_srcaddr = 1;
                }
 
                /* check that the source address is still valid */
                if (found_srcaddr == 0) {
-
                        soevent(so,
                            (SO_FILT_HINT_LOCKED | SO_FILT_HINT_NOSRCADDR));
 
                        soevent(so,
                            (SO_FILT_HINT_LOCKED | SO_FILT_HINT_NOSRCADDR));
 
@@ -391,18 +711,18 @@ again:
                                return(EADDRNOTAVAIL);
                        }
 
                                return(EADDRNOTAVAIL);
                        }
 
-                       /* set Retransmit  timer if it wasn't set
+                       /* Set retransmit  timer if it wasn't set,
                         * reset Persist timer and shift register as the
                         * advertised peer window may not be valid anymore
                         */
 
                         * reset Persist timer and shift register as the
                         * advertised peer window may not be valid anymore
                         */
 
-                        if (!tp->t_timer[TCPT_REXMT]) {
-                                tp->t_timer[TCPT_REXMT] = OFFSET_FROM_START(tp, tp->t_rxtcur);
+                       if (!tp->t_timer[TCPT_REXMT]) {
+                               tp->t_timer[TCPT_REXMT] =
+                                   OFFSET_FROM_START(tp, tp->t_rxtcur);
                                if (tp->t_timer[TCPT_PERSIST]) {
                                        tp->t_timer[TCPT_PERSIST] = 0;
                                if (tp->t_timer[TCPT_PERSIST]) {
                                        tp->t_timer[TCPT_PERSIST] = 0;
-                                       tp->t_rxtshift = 0;
                                        tp->t_persist_stop = 0;
                                        tp->t_persist_stop = 0;
-                                       tp->rxt_start = 0;
+                                       TCP_RESET_REXMT_STATE(tp);
                                }
                        }
 
                                }
                        }
 
@@ -411,11 +731,10 @@ again:
                        TCP_PKTLIST_CLEAR(tp);
 
                        /* drop connection if source address isn't available */
                        TCP_PKTLIST_CLEAR(tp);
 
                        /* drop connection if source address isn't available */
-                       if (so->so_flags & SOF_NOADDRAVAIL) { 
+                       if (so->so_flags & SOF_NOADDRAVAIL) {
                                tcp_drop(tp, EADDRNOTAVAIL);
                                return(EADDRNOTAVAIL);
                                tcp_drop(tp, EADDRNOTAVAIL);
                                return(EADDRNOTAVAIL);
-                       }
-                       else {
+                       } else {
                                tcp_check_timer_state(tp);
                                return(0); /* silently ignore, keep data in socket: address may be back */
                        }
                                tcp_check_timer_state(tp);
                                return(0); /* silently ignore, keep data in socket: address may be back */
                        }
@@ -434,19 +753,22 @@ again:
                if ((ifp = rt->rt_ifp) != NULL) {
                        somultipages(so, (ifp->if_hwassist & IFNET_MULTIPAGES));
                        tcp_set_tso(tp, ifp);
                if ((ifp = rt->rt_ifp) != NULL) {
                        somultipages(so, (ifp->if_hwassist & IFNET_MULTIPAGES));
                        tcp_set_tso(tp, ifp);
+                       soif2kcl(so, (ifp->if_eflags & IFEF_2KCL));
+                       tcp_set_ecn(tp, ifp);
                }
                if (rt->rt_flags & RTF_UP)
                }
                if (rt->rt_flags & RTF_UP)
-                       rt->generation_id = route_generation;
+                       RT_GENID_SYNC(rt);
                /*
                 * See if we should do MTU discovery. Don't do it if:
                 *      1) it is disabled via the sysctl
                 *      2) the route isn't up
                /*
                 * See if we should do MTU discovery. Don't do it if:
                 *      1) it is disabled via the sysctl
                 *      2) the route isn't up
-                *      3) the MTU is locked (if it is, then discovery has been
-                *         disabled)
+                *      3) the MTU is locked (if it is, then discovery
+                *         has been disabled)
                 */
 
                 */
 
-               if (!path_mtu_discovery || ((rt != NULL) && 
-                   (!(rt->rt_flags & RTF_UP) || (rt->rt_rmx.rmx_locks & RTV_MTU)))) 
+               if (!path_mtu_discovery || ((rt != NULL) &&
+                   (!(rt->rt_flags & RTF_UP) ||
+                   (rt->rt_rmx.rmx_locks & RTV_MTU))))
                        tp->t_flags &= ~TF_PMTUD;
                else
                        tp->t_flags |= TF_PMTUD;
                        tp->t_flags &= ~TF_PMTUD;
                else
                        tp->t_flags |= TF_PMTUD;
@@ -454,12 +776,18 @@ again:
                RT_UNLOCK(rt);
        }
 
                RT_UNLOCK(rt);
        }
 
+       if (rt != NULL) {
+               cell = IFNET_IS_CELLULAR(rt->rt_ifp);
+               wifi = (!cell && IFNET_IS_WIFI(rt->rt_ifp));
+               wired = (!wifi && IFNET_IS_WIRED(rt->rt_ifp));
+       }
+
        /*
         * If we've recently taken a timeout, snd_max will be greater than
         * snd_nxt.  There may be SACK information that allows us to avoid
         * resending already delivered data.  Adjust snd_nxt accordingly.
         */
        /*
         * If we've recently taken a timeout, snd_max will be greater than
         * snd_nxt.  There may be SACK information that allows us to avoid
         * resending already delivered data.  Adjust snd_nxt accordingly.
         */
-       if (tp->sack_enable && SEQ_LT(tp->snd_nxt, tp->snd_max))
+       if (SACK_ENABLED(tp) && SEQ_LT(tp->snd_nxt, tp->snd_max))
                tcp_sack_adjust(tp);
        sendalot = 0;
        off = tp->snd_nxt - tp->snd_una;
                tcp_sack_adjust(tp);
        sendalot = 0;
        off = tp->snd_nxt - tp->snd_una;
@@ -470,11 +798,12 @@ again:
 
        flags = tcp_outflags[tp->t_state];
        /*
 
        flags = tcp_outflags[tp->t_state];
        /*
-        * Send any SACK-generated retransmissions.  If we're explicitly trying
-        * to send out new data (when sendalot is 1), bypass this function.
-        * If we retransmit in fast recovery mode, decrement snd_cwnd, since
-        * we're replacing a (future) new transmission with a retransmission
-        * now, and we previously incremented snd_cwnd in tcp_input().
+        * Send any SACK-generated retransmissions.  If we're explicitly
+        * trying to send out new data (when sendalot is 1), bypass this
+        * function. If we retransmit in fast recovery mode, decrement
+        * snd_cwnd, since we're replacing a (future) new transmission
+        * with a retransmission now, and we previously incremented
+        * snd_cwnd in tcp_input().
         */
        /*
         * Still in sack recovery , reset rxmit flag to zero.
         */
        /*
         * Still in sack recovery , reset rxmit flag to zero.
@@ -483,10 +812,10 @@ again:
        sack_bytes_rxmt = 0;
        len = 0;
        p = NULL;
        sack_bytes_rxmt = 0;
        len = 0;
        p = NULL;
-       if (tp->sack_enable && IN_FASTRECOVERY(tp) &&
+       if (SACK_ENABLED(tp) && IN_FASTRECOVERY(tp) &&
            (p = tcp_sack_output(tp, &sack_bytes_rxmt))) {
                int32_t cwin;
            (p = tcp_sack_output(tp, &sack_bytes_rxmt))) {
                int32_t cwin;
-               
+
                cwin = min(tp->snd_wnd, tp->snd_cwnd) - sack_bytes_rxmt;
                if (cwin < 0)
                        cwin = 0;
                cwin = min(tp->snd_wnd, tp->snd_cwnd) - sack_bytes_rxmt;
                if (cwin < 0)
                        cwin = 0;
@@ -514,20 +843,12 @@ again:
                        len = ((int32_t)min(cwin, p->end - p->rxmit));
                }
                if (len > 0) {
                        len = ((int32_t)min(cwin, p->end - p->rxmit));
                }
                if (len > 0) {
-                       off = p->rxmit - tp->snd_una; /* update off only if we really transmit SACK data */
+                       off = p->rxmit - tp->snd_una;
                        sack_rxmit = 1;
                        sendalot = 1;
                        tcpstat.tcps_sack_rexmits++;
                        tcpstat.tcps_sack_rexmit_bytes +=
                            min(len, tp->t_maxseg);
                        sack_rxmit = 1;
                        sendalot = 1;
                        tcpstat.tcps_sack_rexmits++;
                        tcpstat.tcps_sack_rexmit_bytes +=
                            min(len, tp->t_maxseg);
-                       if (nstat_collect) {
-                               nstat_route_tx(tp->t_inpcb->inp_route.ro_rt, 1, 
-                                       min(len, tp->t_maxseg), NSTAT_TX_FLAG_RETRANSMIT);
-                               locked_add_64(&tp->t_inpcb->inp_stat->txpackets, 1);
-                               locked_add_64(&tp->t_inpcb->inp_stat->txbytes, 
-                                       min(len, tp->t_maxseg));
-                               tp->t_stat.txretransmitbytes += min(len, tp->t_maxseg);
-                       }
                } else {
                        len = 0;
                }
                } else {
                        len = 0;
                }
@@ -548,7 +869,7 @@ after_sack_rexmit:
         * and timer expired, we will send what we can
         * and go to transmit state.
         */
         * and timer expired, we will send what we can
         * and go to transmit state.
         */
-       if (tp->t_force) {
+       if (tp->t_flagsext & TF_FORCE) {
                if (sendwin == 0) {
                        /*
                         * If we still have some data to send, then
                if (sendwin == 0) {
                        /*
                         * If we still have some data to send, then
@@ -571,9 +892,8 @@ after_sack_rexmit:
                        sendwin = 1;
                } else {
                        tp->t_timer[TCPT_PERSIST] = 0;
                        sendwin = 1;
                } else {
                        tp->t_timer[TCPT_PERSIST] = 0;
-                       tp->t_rxtshift = 0;
-                       tp->rxt_start = 0;
                        tp->t_persist_stop = 0;
                        tp->t_persist_stop = 0;
+                       TCP_RESET_REXMT_STATE(tp);
                }
        }
 
                }
        }
 
@@ -593,36 +913,63 @@ after_sack_rexmit:
         * in which case len is already set.
         */
        if (sack_rxmit == 0) {
         * in which case len is already set.
         */
        if (sack_rxmit == 0) {
-               if (sack_bytes_rxmt == 0)
+               if (sack_bytes_rxmt == 0) {
                        len = min(so->so_snd.sb_cc, sendwin) - off;
                        len = min(so->so_snd.sb_cc, sendwin) - off;
-               else {
+               else {
                        int32_t cwin;
 
                        int32_t cwin;
 
+                       cwin = tp->snd_cwnd -
+                           (tp->snd_nxt - tp->sack_newdata) -
+                           sack_bytes_rxmt;
+                       if (cwin < 0)
+                               cwin = 0;
                         /*
                         * We are inside of a SACK recovery episode and are
                         * sending new data, having retransmitted all the
                         * data possible in the scoreboard.
                         */
                         /*
                         * We are inside of a SACK recovery episode and are
                         * sending new data, having retransmitted all the
                         * data possible in the scoreboard.
                         */
-                       len = min(so->so_snd.sb_cc, tp->snd_wnd) 
+                       len = min(so->so_snd.sb_cc, tp->snd_wnd)
                               - off;
                        /*
                         * Don't remove this (len > 0) check !
                               - off;
                        /*
                         * Don't remove this (len > 0) check !
-                        * We explicitly check for len > 0 here (although it 
-                        * isn't really necessary), to work around a gcc 
+                        * We explicitly check for len > 0 here (although it
+                        * isn't really necessary), to work around a gcc
                         * optimization issue - to force gcc to compute
                         * len above. Without this check, the computation
                         * of len is bungled by the optimizer.
                         */
                        if (len > 0) {
                         * optimization issue - to force gcc to compute
                         * len above. Without this check, the computation
                         * of len is bungled by the optimizer.
                         */
                        if (len > 0) {
-                               cwin = tp->snd_cwnd - 
-                                       (tp->snd_nxt - tp->sack_newdata) -
-                                       sack_bytes_rxmt;
-                               if (cwin < 0)
-                                       cwin = 0;
                                len = imin(len, cwin);
                                len = imin(len, cwin);
-                       }
-                       else 
+                       } else {
                                len = 0;
                                len = 0;
+                       }
+                       /*
+                        * At this point SACK recovery can not send any
+                        * data from scoreboard or any new data. Check
+                        * if we can do a rescue retransmit towards the
+                        * tail end of recovery window.
+                        */
+                       if (len == 0 && cwin > 0 &&
+                           SEQ_LT(tp->snd_fack, tp->snd_recover) &&
+                           !(tp->t_flagsext & TF_RESCUE_RXT)) {
+                               len = min((tp->snd_recover - tp->snd_fack),
+                                   tp->t_maxseg);
+                               len = imin(len, cwin);
+                               old_snd_nxt = tp->snd_nxt;
+                               sack_rescue_rxt = TRUE;
+                               tp->snd_nxt = tp->snd_recover - len;
+                               /*
+                                * If FIN has been sent, snd_max
+                                * must have been advanced to cover it.
+                                */
+                               if ((tp->t_flags & TF_SENTFIN) &&
+                                   tp->snd_max == tp->snd_recover)
+                                       tp->snd_nxt--;
+
+                               off = tp->snd_nxt - tp->snd_una;
+                               sendalot = 0;
+                               tp->t_flagsext |= TF_RESCUE_RXT;
+                       }
                }
        }
 
                }
        }
 
@@ -632,10 +979,12 @@ after_sack_rexmit:
         * know that foreign host supports TAO, suppress sending segment.
         */
        if ((flags & TH_SYN) && SEQ_GT(tp->snd_nxt, tp->snd_una)) {
         * know that foreign host supports TAO, suppress sending segment.
         */
        if ((flags & TH_SYN) && SEQ_GT(tp->snd_nxt, tp->snd_una)) {
-               flags &= ~TH_SYN;
-               off--, len++;
+               if (tp->t_state != TCPS_SYN_RECEIVED || tfo_enabled(tp))
+                       flags &= ~TH_SYN;
+               off--;
+               len++;
                if (len > 0 && tp->t_state == TCPS_SYN_SENT) {
                if (len > 0 && tp->t_state == TCPS_SYN_SENT) {
-                       while (tp->t_inpcb->inp_sndinprog_cnt == 0 &&
+                       while (inp->inp_sndinprog_cnt == 0 &&
                                tp->t_pktlist_head != NULL) {
                                packetlist = tp->t_pktlist_head;
                                packchain_listadd = tp->t_lastchain;
                                tp->t_pktlist_head != NULL) {
                                packetlist = tp->t_pktlist_head;
                                packchain_listadd = tp->t_lastchain;
@@ -645,20 +994,15 @@ after_sack_rexmit:
                                error = tcp_ip_output(so, tp, packetlist,
                                    packchain_listadd, tp_inp_options,
                                    (so_options & SO_DONTROUTE),
                                error = tcp_ip_output(so, tp, packetlist,
                                    packchain_listadd, tp_inp_options,
                                    (so_options & SO_DONTROUTE),
-                                   (sack_rxmit | (sack_bytes_rxmt != 0)), 0,
-#ifdef INET6
+                                   (sack_rxmit || (sack_bytes_rxmt != 0)),
                                    isipv6);
                                    isipv6);
-#else
-                                   0);
-#endif
-
-
                        }
                        }
+
                        /*
                         * tcp was closed while we were in ip,
                        /*
                         * tcp was closed while we were in ip,
-                        * resume close 
+                        * resume close
                         */
                         */
-                       if (tp->t_inpcb->inp_sndinprog_cnt == 0 &&
+                       if (inp->inp_sndinprog_cnt == 0 &&
                                (tp->t_flags & TF_CLOSING)) {
                                tp->t_flags &= ~TF_CLOSING;
                                (void) tcp_close(tp);
                                (tp->t_flags & TF_CLOSING)) {
                                tp->t_flags &= ~TF_CLOSING;
                                (void) tcp_close(tp);
@@ -675,17 +1019,25 @@ after_sack_rexmit:
         * Be careful not to send data and/or FIN on SYN segments.
         * This measure is needed to prevent interoperability problems
         * with not fully conformant TCP implementations.
         * Be careful not to send data and/or FIN on SYN segments.
         * This measure is needed to prevent interoperability problems
         * with not fully conformant TCP implementations.
+        *
+        * In case of TFO, we handle the setting of the len in
+        * tcp_tfo_check. In case TFO is not enabled, never ever send
+        * SYN+data.
         */
         */
-       if ((flags & TH_SYN) && (tp->t_flags & TF_NOOPT)) {
+       if ((flags & TH_SYN) && !tfo_enabled(tp)) {
                len = 0;
                flags &= ~TH_FIN;
        }
 
                len = 0;
                flags &= ~TH_FIN;
        }
 
-       /* The check here used to be (len < 0). Some times len is zero when
-        * the congestion window is closed and we need to check if persist timer
-        * has to be set in that case. But don't set persist until connection 
-        * is established.
-        */  
+       if ((flags & TH_SYN) && tp->t_state <= TCPS_SYN_SENT && tfo_enabled(tp))
+               len = tcp_tfo_check(tp, len);
+
+       /*
+        * The check here used to be (len < 0). Some times len is zero
+        * when the congestion window is closed and we need to check
+        * if persist timer has to be set in that case. But don't set
+        * persist until connection is established.
+        */
        if (len <= 0 && !(flags & TH_SYN)) {
                /*
                 * If FIN has been sent but not acked,
        if (len <= 0 && !(flags & TH_SYN)) {
                /*
                 * If FIN has been sent but not acked,
@@ -700,50 +1052,35 @@ after_sack_rexmit:
                len = 0;
                if (sendwin == 0) {
                        tp->t_timer[TCPT_REXMT] = 0;
                len = 0;
                if (sendwin == 0) {
                        tp->t_timer[TCPT_REXMT] = 0;
-                       tp->t_rxtshift = 0;
-                       tp->rxt_start = 0;
+                       tp->t_timer[TCPT_PTO] = 0;
+                       TCP_RESET_REXMT_STATE(tp);
                        tp->snd_nxt = tp->snd_una;
                        tp->snd_nxt = tp->snd_una;
+                       off = 0;
                        if (tp->t_timer[TCPT_PERSIST] == 0)
                                tcp_setpersist(tp);
                }
        }
 
                        if (tp->t_timer[TCPT_PERSIST] == 0)
                                tcp_setpersist(tp);
                }
        }
 
-       /* Automatic sizing of send socket buffer. Increase the send socket buffer
-        * size if all of the following criteria are met
+       /*
+        * Automatic sizing of send socket buffer. Increase the send
+        * socket buffer size if all of the following criteria are met
         *      1. the receiver has enough buffer space for this data
         *      2. send buffer is filled to 7/8th with data (so we actually
         *         have data to make use of it);
         *      3. our send window (slow start and congestion controlled) is
         *         larger than sent but unacknowledged data in send buffer.
         */
         *      1. the receiver has enough buffer space for this data
         *      2. send buffer is filled to 7/8th with data (so we actually
         *         have data to make use of it);
         *      3. our send window (slow start and congestion controlled) is
         *         larger than sent but unacknowledged data in send buffer.
         */
-       basertt = get_base_rtt(tp);
        if (tcp_do_autosendbuf == 1 &&
        if (tcp_do_autosendbuf == 1 &&
-           !INP_WAIT_FOR_IF_FEEDBACK(tp->t_inpcb) && !IN_FASTRECOVERY(tp) &&
+           !INP_WAIT_FOR_IF_FEEDBACK(inp) && !IN_FASTRECOVERY(tp) &&
            (so->so_snd.sb_flags & (SB_AUTOSIZE | SB_TRIM)) == SB_AUTOSIZE &&
            tcp_cansbgrow(&so->so_snd)) {
                if ((tp->snd_wnd / 4 * 5) >= so->so_snd.sb_hiwat &&
            (so->so_snd.sb_flags & (SB_AUTOSIZE | SB_TRIM)) == SB_AUTOSIZE &&
            tcp_cansbgrow(&so->so_snd)) {
                if ((tp->snd_wnd / 4 * 5) >= so->so_snd.sb_hiwat &&
-                       so->so_snd.sb_cc >= (so->so_snd.sb_hiwat / 8 * 7) &&
-                       sendwin >= (so->so_snd.sb_cc - 
-                               (tp->snd_nxt - tp->snd_una))) {
-                       /* Also increase the send buffer only if the 
-                        * round-trip time is not increasing because we do
-                        * not want to contribute to latency by filling buffers.
-                        * We also do not want to hold onto application's
-                        * old data for too long. Interactive applications would
-                        * rather discard old data.
-                        */
-                       if (tp->t_rttcur <= 
-                               (basertt + 25)) {
-                               if (sbreserve(&so->so_snd, 
-                                       min(so->so_snd.sb_hiwat + tcp_autosndbuf_inc,
-                                       tcp_autosndbuf_max)) == 1) {
-                                       so->so_snd.sb_idealsize = so->so_snd.sb_hiwat;
-                               }
-                       } else {
-                               so->so_snd.sb_idealsize = 
-                                   max(tcp_sendspace, so->so_snd.sb_hiwat -
-                                       (2 * tcp_autosndbuf_inc));
-                               so->so_snd.sb_flags |= SB_TRIM;
+                   so->so_snd.sb_cc >= (so->so_snd.sb_hiwat / 8 * 7) &&
+                   sendwin >= (so->so_snd.sb_cc - (tp->snd_nxt - tp->snd_una))) {
+                       if (sbreserve(&so->so_snd,
+                           min(so->so_snd.sb_hiwat + tcp_autosndbuf_inc,
+                           tcp_autosndbuf_max)) == 1) {
+                               so->so_snd.sb_idealsize = so->so_snd.sb_hiwat;
                        }
                }
        }
                        }
                }
        }
@@ -753,9 +1090,10 @@ after_sack_rexmit:
         * Offloading (if supported by hardware) and ensure that FIN is removed
         * if the length no longer contains the last data byte.
         *
         * Offloading (if supported by hardware) and ensure that FIN is removed
         * if the length no longer contains the last data byte.
         *
-        * TSO may only be used if we are in a pure bulk sending state.  The
-        * presence of TCP-MD5, SACK retransmits, SACK advertizements, ipfw rules
-        * and IP options prevent using TSO.  With TSO the TCP header is the same
+        * TSO may only be used if we are in a pure bulk sending state.
+        * The presence of TCP-MD5, SACK retransmits, SACK advertizements,
+        * ipfw rules and IP options, as well as disabling hardware checksum
+        * offload prevent using TSO.  With TSO the TCP header is the same
         * (except for the sequence number) for all generated packets.  This
         * makes it impossible to transmit any options which vary per generated
         * segment or packet.
         * (except for the sequence number) for all generated packets.  This
         * makes it impossible to transmit any options which vary per generated
         * segment or packet.
@@ -772,16 +1110,14 @@ after_sack_rexmit:
        if (ipsec_bypass == 0)
                ipsec_optlen = ipsec_hdrsiz_tcp(tp);
 #endif
        if (ipsec_bypass == 0)
                ipsec_optlen = ipsec_hdrsiz_tcp(tp);
 #endif
-
        if (len > tp->t_maxseg) {
        if (len > tp->t_maxseg) {
-               if ((tp->t_flags & TF_TSO) && tcp_do_tso &&
-#if RANDOM_IP_ID
-                   ip_use_randomid &&
-#endif /* RANDOM_IP_ID */
-                   kipf_count == 0 && dlil_filter_count == 0 &&
-                   tp->rcv_numsacks == 0 && sack_rxmit == 0  && sack_bytes_rxmt == 0 &&
-                   tp->t_inpcb->inp_options == NULL &&
-                   tp->t_inpcb->in6p_options == NULL
+               if ((tp->t_flags & TF_TSO) && tcp_do_tso && hwcksum_tx &&
+                   ip_use_randomid && kipf_count == 0 &&
+                   dlil_filter_disable_tso_count == 0 &&
+                   tp->rcv_numsacks == 0 && sack_rxmit == 0  &&
+                   sack_bytes_rxmt == 0 &&
+                   inp->inp_options == NULL &&
+                   inp->in6p_options == NULL
 #if IPSEC
                    && ipsec_optlen == 0
 #endif
 #if IPSEC
                    && ipsec_optlen == 0
 #endif
@@ -797,6 +1133,77 @@ after_sack_rexmit:
                        tso = 0;
                }
        }
                        tso = 0;
                }
        }
+
+       /* Send one segment or less as a tail loss probe */
+       if (tp->t_flagsext & TF_SENT_TLPROBE) {
+               len = min(len, tp->t_maxseg);
+               sendalot = 0;
+               tso = 0;
+       }
+
+#if MPTCP
+       if ((so->so_flags & SOF_MP_SUBFLOW) &&
+           !(tp->t_mpflags & TMPF_TCP_FALLBACK)) {
+               int newlen = len;
+               if (tp->t_state >= TCPS_ESTABLISHED &&
+                   (tp->t_mpflags & TMPF_SND_MPPRIO ||
+                    tp->t_mpflags & TMPF_SND_REM_ADDR ||
+                    tp->t_mpflags & TMPF_SND_MPFAIL ||
+                    tp->t_mpflags & TMPF_SND_KEYS ||
+                    tp->t_mpflags & TMPF_SND_JACK)) {
+                       if (len > 0) {
+                               len = 0;
+                       }
+                       /*
+                        * On a new subflow, don't try to send again, because
+                        * we are still waiting for the fourth ack.
+                        */
+                       if (!(tp->t_mpflags & TMPF_PREESTABLISHED))
+                               sendalot = 1;
+                       mptcp_acknow = TRUE;
+               } else {
+                       mptcp_acknow = FALSE;
+               }
+               /*
+                * The contiguous bytes in the subflow socket buffer can be
+                * discontiguous at the MPTCP level. Since only one DSS
+                * option can be sent in one packet, reduce length to match
+                * the contiguous MPTCP level. Set sendalot to send remainder.
+                */
+               if (len > 0)
+                       newlen = mptcp_adj_sendlen(so, off);
+               if (newlen < len) {
+                       len = newlen;
+                       sendalot = 1;
+               }
+       }
+#endif /* MPTCP */
+
+       /*
+        * If the socket is capable of doing unordered send,
+        * pull the amount of data that can be sent from the
+        * unordered priority queues to the serial queue in
+        * the socket buffer. If bytes are not yet available
+        * in the highest priority message, we may not be able
+        * to send any new data.
+        */
+       if (so->so_flags & SOF_ENABLE_MSGS) {
+               if ((off + len) >
+                   so->so_msg_state->msg_serial_bytes) {
+                       sbpull_unordered_data(so, off, len);
+
+                       /* check if len needs to be modified */
+                       if ((off + len) >
+                           so->so_msg_state->msg_serial_bytes) {
+                               len = so->so_msg_state->msg_serial_bytes - off;
+                               if (len <= 0) {
+                                       len = 0;
+                                       tcpstat.tcps_msg_sndwaithipri++;
+                               }
+                       }
+               }
+       }
+
        if (sack_rxmit) {
                if (SEQ_LT(p->rxmit + len, tp->snd_una + so->so_snd.sb_cc))
                        flags &= ~TH_FIN;
        if (sack_rxmit) {
                if (SEQ_LT(p->rxmit + len, tp->snd_una + so->so_snd.sb_cc))
                        flags &= ~TH_FIN;
@@ -804,8 +1211,57 @@ after_sack_rexmit:
                if (SEQ_LT(tp->snd_nxt + len, tp->snd_una + so->so_snd.sb_cc))
                        flags &= ~TH_FIN;
        }
                if (SEQ_LT(tp->snd_nxt + len, tp->snd_una + so->so_snd.sb_cc))
                        flags &= ~TH_FIN;
        }
-
+       /*
+        * Compare available window to amount of window
+        * known to peer (as advertised window less
+        * next expected input).  If the difference is at least two
+        * max size segments, or at least 25% of the maximum possible
+        * window, then want to send a window update to peer.
+        * Skip this if the connection is in T/TCP half-open state.
+        */
        recwin = tcp_sbspace(tp);
        recwin = tcp_sbspace(tp);
+#if MPTCP
+       if (so->so_flags & SOF_MP_SUBFLOW) {
+               struct mptcb *mp_tp = tptomptp(tp);
+
+               if (mp_tp != NULL) {
+                       mpte_lock_assert_held(mp_tp->mpt_mpte);
+                       recwin = imin(recwin, mptcp_sbspace(mp_tp));
+               }
+       }
+#endif
+
+       if (recwin < (int32_t)(so->so_rcv.sb_hiwat / 4) &&
+           recwin < (int)tp->t_maxseg)
+               recwin = 0;
+
+#if TRAFFIC_MGT
+       if (tcp_recv_bg == 1 || IS_TCP_RECV_BG(so)) {
+               if (recwin > 0 && tcp_recv_throttle(tp)) {
+                       uint32_t min_iaj_win = tcp_min_iaj_win * tp->t_maxseg;
+                       uint32_t bg_rwintop = tp->rcv_adv;
+                       if (SEQ_LT(bg_rwintop, tp->rcv_nxt + min_iaj_win))
+                               bg_rwintop =  tp->rcv_nxt + min_iaj_win;
+                       recwin = imin((int32_t)(bg_rwintop - tp->rcv_nxt),
+                           recwin);
+                       if (recwin < 0)
+                               recwin = 0;
+               }
+       }
+#endif /* TRAFFIC_MGT */
+
+       if (recwin > (int32_t)(TCP_MAXWIN << tp->rcv_scale))
+               recwin = (int32_t)(TCP_MAXWIN << tp->rcv_scale);
+
+       /*
+        * MPTCP needs to be able to announce a smaller window than previously,
+        * because the other subflow may have filled up the available window-
+        * space. So we have to be able to go backwards and announce a smaller
+        * window.
+        */
+       if (!(so->so_flags & SOF_MPTCP_TRUE) &&
+           recwin < (int32_t)(tp->rcv_adv - tp->rcv_nxt))
+               recwin = (int32_t)(tp->rcv_adv - tp->rcv_nxt);
 
        /*
         * Sender silly window avoidance.   We transmit under the following
 
        /*
         * Sender silly window avoidance.   We transmit under the following
@@ -820,14 +1276,10 @@ after_sack_rexmit:
         *        data (receiver may be limited the window size)
         */
        if (len) {
         *        data (receiver may be limited the window size)
         */
        if (len) {
-               if (tp->t_force) {
-                       tp->t_flags &= ~TF_MAXSEGSNT;
+               if (tp->t_flagsext & TF_FORCE)
                        goto send;
                        goto send;
-               }
-               if (SEQ_LT(tp->snd_nxt, tp->snd_max)) {
-                       tp->t_flags &= ~TF_MAXSEGSNT;
+               if (SEQ_LT(tp->snd_nxt, tp->snd_max))
                        goto send;
                        goto send;
-               }
                if (sack_rxmit)
                        goto send;
 
                if (sack_rxmit)
                        goto send;
 
@@ -835,76 +1287,82 @@ after_sack_rexmit:
                 * Send new data on the connection only if it is
                 * not flow controlled
                 */
                 * Send new data on the connection only if it is
                 * not flow controlled
                 */
-               if (!INP_WAIT_FOR_IF_FEEDBACK(tp->t_inpcb) ||
+               if (!INP_WAIT_FOR_IF_FEEDBACK(inp) ||
                    tp->t_state != TCPS_ESTABLISHED) {
                    tp->t_state != TCPS_ESTABLISHED) {
-                       if (len >= tp->t_maxseg) {
-                               tp->t_flags |= TF_MAXSEGSNT;
+                       if (len >= tp->t_maxseg)
                                goto send;
                                goto send;
-                       }
+
                        if (!(tp->t_flags & TF_MORETOCOME) &&
                        if (!(tp->t_flags & TF_MORETOCOME) &&
-                           (idle || tp->t_flags & TF_NODELAY || tp->t_flags & TF_MAXSEGSNT) &&
+                           (idle || tp->t_flags & TF_NODELAY ||
+                           (tp->t_flags & TF_MAXSEGSNT) ||
+                           ALLOW_LIMITED_TRANSMIT(tp)) &&
                            (tp->t_flags & TF_NOPUSH) == 0 &&
                            (tp->t_flags & TF_NOPUSH) == 0 &&
-                           len + off >= so->so_snd.sb_cc) {
-                               tp->t_flags &= ~TF_MAXSEGSNT;
+                           (len + off >= so->so_snd.sb_cc ||
+                            /*
+                             * MPTCP needs to respect the DSS-mappings. So, it
+                             * may be sending data that *could* have been
+                             * coalesced, but cannot because of
+                             * mptcp_adj_sendlen().
+                             */
+                            so->so_flags & SOF_MP_SUBFLOW))
                                goto send;
                                goto send;
-                       }
-                       if (len >= tp->max_sndwnd / 2 && tp->max_sndwnd > 0) {
-                               tp->t_flags &= ~TF_MAXSEGSNT;
+                       if (len >= tp->max_sndwnd / 2 && tp->max_sndwnd > 0)
                                goto send;
                                goto send;
-                       }
                } else {
                        tcpstat.tcps_fcholdpacket++;
                }
        }
 
                } else {
                        tcpstat.tcps_fcholdpacket++;
                }
        }
 
-       /*
-        * Compare available window to amount of window
-        * known to peer (as advertised window less
-        * next expected input).  If the difference is at least two
-        * max size segments, or at least 25% of the maximum possible
-        * window, then want to send a window update to peer.
-        * Skip this if the connection is in T/TCP half-open state.
-        */
        if (recwin > 0 && !(tp->t_flags & TF_NEEDSYN)) {
                /*
                 * "adv" is the amount we can increase the window,
                 * taking into account that we are limited by
                 * TCP_MAXWIN << tp->rcv_scale.
                 */
        if (recwin > 0 && !(tp->t_flags & TF_NEEDSYN)) {
                /*
                 * "adv" is the amount we can increase the window,
                 * taking into account that we are limited by
                 * TCP_MAXWIN << tp->rcv_scale.
                 */
-               int32_t adv = imin(recwin, (int)TCP_MAXWIN << tp->rcv_scale) -
+               int32_t adv, oldwin = 0;
+               adv = imin(recwin, (int)TCP_MAXWIN << tp->rcv_scale) -
                        (tp->rcv_adv - tp->rcv_nxt);
 
                        (tp->rcv_adv - tp->rcv_nxt);
 
+               if (SEQ_GT(tp->rcv_adv, tp->rcv_nxt))
+                       oldwin = tp->rcv_adv - tp->rcv_nxt;
+
                if (adv >= (int32_t) (2 * tp->t_maxseg)) {
                if (adv >= (int32_t) (2 * tp->t_maxseg)) {
-                       /* Update only if the resulting scaled value of the window changed, or
-                        * if there is a change in the sequence since the last ack.
-                        * This avoids what appears as dupe ACKS (see rdar://5640997)
+                       /*
+                        * Update only if the resulting scaled value of
+                        * the window changed, or if there is a change in
+                        * the sequence since the last ack. This avoids
+                        * what appears as dupe ACKS (see rdar://5640997)
                         *
                         *
-                        * If streaming is detected avoid sending too many window updates.
-                        * We will depend on the delack timer to send a window update
-                        * when needed.
+                        * If streaming is detected avoid sending too many
+                        * window updates. We will depend on the delack
+                        * timer to send a window update when needed.
                         */
                         */
-                       if ((tp->t_flags & TF_STRETCHACK) == 0 &&
-                               (tp->last_ack_sent != tp->rcv_nxt || 
-                               ((recwin + adv) >> tp->rcv_scale) > recwin)) {
+                       if (!(tp->t_flags & TF_STRETCHACK) &&
+                               (tp->last_ack_sent != tp->rcv_nxt ||
+                               ((oldwin + adv) >> tp->rcv_scale) >
+                               (oldwin >> tp->rcv_scale))) {
                                goto send;
                        }
 
                                goto send;
                        }
 
-                       /* Make sure that the delayed ack timer is set if we
-                        * delayed sending a window update because of streaming
-                        * detection.
-                        */
-                       if ((tp->t_flags & TF_STRETCHACK) != 0 &&
-                               (tp->t_flags & TF_DELACK) == 0) { 
-                               tp->t_flags |= TF_DELACK;
-                               tp->t_timer[TCPT_DELACK] = OFFSET_FROM_START(tp, tcp_delack);
-                       }
                }
                }
-               if (4 * adv >= (int32_t) so->so_rcv.sb_hiwat) 
-                               goto send;
+               if (4 * adv >= (int32_t) so->so_rcv.sb_hiwat)
+                       goto send;
+
+               /*
+                * Make sure that the delayed ack timer is set if
+                * we delayed sending a window update because of
+                * streaming detection.
+                */
+               if ((tp->t_flags & TF_STRETCHACK) &&
+                   !(tp->t_flags & TF_DELACK)) {
+                       tp->t_flags |= TF_DELACK;
+                       tp->t_timer[TCPT_DELACK] =
+                               OFFSET_FROM_START(tp, tcp_delack);
+               }
        }
 
        /*
        }
 
        /*
-        * Send if we owe the peer an ACK, RST, SYN, or urgent data.  ACKNOW
+        * Send if we owe the peer an ACK, RST, SYN, or urgent data. ACKNOW
         * is also a catch-all for the retransmit timer timeout case.
         */
        if (tp->t_flags & TF_ACKNOW)
         * is also a catch-all for the retransmit timer timeout case.
         */
        if (tp->t_flags & TF_ACKNOW)
@@ -914,25 +1372,30 @@ after_sack_rexmit:
                goto send;
        if (SEQ_GT(tp->snd_up, tp->snd_una))
                goto send;
                goto send;
        if (SEQ_GT(tp->snd_up, tp->snd_una))
                goto send;
+#if MPTCP
+       if (mptcp_acknow)
+               goto send;
+#endif /* MPTCP */
        /*
         * If our state indicates that FIN should be sent
         * and we have not yet done so, then we need to send.
         */
        /*
         * If our state indicates that FIN should be sent
         * and we have not yet done so, then we need to send.
         */
-       if (flags & TH_FIN &&
-           ((tp->t_flags & TF_SENTFIN) == 0 || tp->snd_nxt == tp->snd_una))
+       if ((flags & TH_FIN) &&
+           (!(tp->t_flags & TF_SENTFIN) || tp->snd_nxt == tp->snd_una))
                goto send;
        /*
         * In SACK, it is possible for tcp_output to fail to send a segment
         * after the retransmission timer has been turned off.  Make sure
         * that the retransmission timer is set.
         */
                goto send;
        /*
         * In SACK, it is possible for tcp_output to fail to send a segment
         * after the retransmission timer has been turned off.  Make sure
         * that the retransmission timer is set.
         */
-       if (tp->sack_enable && (tp->t_state >= TCPS_ESTABLISHED) && 
+       if (SACK_ENABLED(tp) && (tp->t_state >= TCPS_ESTABLISHED) &&
            SEQ_GT(tp->snd_max, tp->snd_una) &&
            tp->t_timer[TCPT_REXMT] == 0 &&
            tp->t_timer[TCPT_PERSIST] == 0) {
            SEQ_GT(tp->snd_max, tp->snd_una) &&
            tp->t_timer[TCPT_REXMT] == 0 &&
            tp->t_timer[TCPT_PERSIST] == 0) {
-                       tp->t_timer[TCPT_REXMT] = OFFSET_FROM_START(tp, tp->t_rxtcur);
-                       goto just_return;
-       } 
+               tp->t_timer[TCPT_REXMT] = OFFSET_FROM_START(tp,
+                       tp->t_rxtcur);
+               goto just_return;
+       }
        /*
         * TCP window updates are not reliable, rather a polling protocol
         * using ``persist'' packets is used to insure receipt of window
        /*
         * TCP window updates are not reliable, rather a polling protocol
         * using ``persist'' packets is used to insure receipt of window
@@ -957,8 +1420,7 @@ after_sack_rexmit:
         */
        if (so->so_snd.sb_cc && tp->t_timer[TCPT_REXMT] == 0 &&
            tp->t_timer[TCPT_PERSIST] == 0) {
         */
        if (so->so_snd.sb_cc && tp->t_timer[TCPT_REXMT] == 0 &&
            tp->t_timer[TCPT_PERSIST] == 0) {
-               tp->t_rxtshift = 0;
-               tp->rxt_start = 0;
+               TCP_RESET_REXMT_STATE(tp);
                tcp_setpersist(tp);
        }
 just_return:
                tcp_setpersist(tp);
        }
 just_return:
@@ -966,24 +1428,20 @@ just_return:
         * If there is no reason to send a segment, just return.
         * but if there is some packets left in the packet list, send them now.
         */
         * If there is no reason to send a segment, just return.
         * but if there is some packets left in the packet list, send them now.
         */
-       while (tp->t_inpcb->inp_sndinprog_cnt == 0 &&
+       while (inp->inp_sndinprog_cnt == 0 &&
                tp->t_pktlist_head != NULL) {
                packetlist = tp->t_pktlist_head;
                packchain_listadd = tp->t_lastchain;
                packchain_sent++;
                TCP_PKTLIST_CLEAR(tp);
 
                tp->t_pktlist_head != NULL) {
                packetlist = tp->t_pktlist_head;
                packchain_listadd = tp->t_lastchain;
                packchain_sent++;
                TCP_PKTLIST_CLEAR(tp);
 
-               error = tcp_ip_output(so, tp, packetlist, packchain_listadd,
+               error = tcp_ip_output(so, tp, packetlist,
+                   packchain_listadd,
                    tp_inp_options, (so_options & SO_DONTROUTE),
                    tp_inp_options, (so_options & SO_DONTROUTE),
-                   (sack_rxmit | (sack_bytes_rxmt != 0)), recwin,
-#ifdef INET6
-                   isipv6);
-#else
-                   0);
-#endif
+                   (sack_rxmit || (sack_bytes_rxmt != 0)), isipv6);
        }
        /* tcp was closed while we were in ip; resume close */
        }
        /* tcp was closed while we were in ip; resume close */
-       if (tp->t_inpcb->inp_sndinprog_cnt == 0 &&
+       if (inp->inp_sndinprog_cnt == 0 &&
                (tp->t_flags & TF_CLOSING)) {
                tp->t_flags &= ~TF_CLOSING;
                (void) tcp_close(tp);
                (tp->t_flags & TF_CLOSING)) {
                tp->t_flags &= ~TF_CLOSING;
                (void) tcp_close(tp);
@@ -994,6 +1452,16 @@ just_return:
        return (0);
 
 send:
        return (0);
 
 send:
+       /*
+        * Set TF_MAXSEGSNT flag if the segment size is greater than
+        * the max segment size.
+        */
+       if (len > 0) {
+               if (len >= tp->t_maxseg)
+                       tp->t_flags |= TF_MAXSEGSNT;
+               else
+                       tp->t_flags &= ~TF_MAXSEGSNT;
+       }
        /*
         * Before ESTABLISHED, force sending of initial options
         * unless TCP set not to do any options.
        /*
         * Before ESTABLISHED, force sending of initial options
         * unless TCP set not to do any options.
@@ -1030,93 +1498,15 @@ send:
                                        tp->request_r_scale);
                                optlen += 4;
                        }
                                        tp->request_r_scale);
                                optlen += 4;
                        }
-               }
-               
-       }
-       
-       /*
-         RFC 3168 states that:
-          - If you ever sent an ECN-setup SYN/SYN-ACK you must be prepared
-          to handle the TCP ECE flag, even if you also later send a
-          non-ECN-setup SYN/SYN-ACK.
-          - If you ever send a non-ECN-setup SYN/SYN-ACK, you must not set
-          the ip ECT flag.
-          
-          It is not clear how the ECE flag would ever be set if you never
-          set the IP ECT flag on outbound packets. All the same, we use
-          the TE_SETUPSENT to indicate that we have committed to handling
-          the TCP ECE flag correctly. We use the TE_SENDIPECT to indicate
-          whether or not we should set the IP ECT flag on outbound packets.
-        */
-       /*
-        * For a SYN-ACK, send an ECN setup SYN-ACK
-        */
-       if (tcp_ecn_inbound && (flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) {
-               if ((tp->ecn_flags & TE_SETUPRECEIVED) != 0) {
-                       if ((tp->ecn_flags & TE_SETUPSENT) == 0) {
-                               /* Setting TH_ECE makes this an ECN-setup SYN-ACK */
-                               flags |= TH_ECE;
-                               
-                               /*
-                                * Record that we sent the ECN-setup and default to
-                                * setting IP ECT.
-                                */
-                               tp->ecn_flags |= (TE_SETUPSENT | TE_SENDIPECT);
-                       }
-                       else {
-                               /*
-                                * We sent an ECN-setup SYN-ACK but it was dropped.
-                                * Fallback to non-ECN-setup SYN-ACK and clear flag
-                                * that to indicate we should not send data with IP ECT set.
-                                *
-                                * Pretend we didn't receive an ECN-setup SYN.
-                                */
-                               tp->ecn_flags &= ~TE_SETUPRECEIVED;
+#if MPTCP
+                       if (mptcp_enable && (so->so_flags & SOF_MP_SUBFLOW)) {
+                               optlen = mptcp_setup_syn_opts(so, opt, optlen);
                        }
                        }
+#endif /* MPTCP */
                }
        }
                }
        }
-       else if (tcp_ecn_outbound && (flags & (TH_SYN | TH_ACK)) == TH_SYN) {
-               if ((tp->ecn_flags & TE_SETUPSENT) == 0) {
-                       /* Setting TH_ECE and TH_CWR makes this an ECN-setup SYN */
-                       flags |= (TH_ECE | TH_CWR);
-                       
-                       /*
-                        * Record that we sent the ECN-setup and default to
-                        * setting IP ECT.
-                        */
-                       tp->ecn_flags |= (TE_SETUPSENT | TE_SENDIPECT);
-               }
-               else {
-                       /*
-                        * We sent an ECN-setup SYN but it was dropped.
-                        * Fall back to no ECN and clear flag indicating
-                        * we should send data with IP ECT set.
-                        */
-                       tp->ecn_flags &= ~TE_SENDIPECT;
-               }
-       }
-       
-       /*
-        * Check if we should set the TCP CWR flag.
-        * CWR flag is sent when we reduced the congestion window because
-        * we received a TCP ECE or we performed a fast retransmit. We
-        * never set the CWR flag on retransmitted packets. We only set
-        * the CWR flag on data packets. Pure acks don't have this set.
-        */
-       if ((tp->ecn_flags & TE_SENDCWR) != 0 && len != 0 &&
-               !SEQ_LT(tp->snd_nxt, tp->snd_max) && !sack_rxmit) {
-               flags |= TH_CWR;
-               tp->ecn_flags &= ~TE_SENDCWR;
-       }
-       
-       /*
-        * Check if we should set the TCP ECE flag.
-        */
-       if ((tp->ecn_flags & TE_SENDECE) != 0 && len == 0) {
-               flags |= TH_ECE;
-       }
 
 
-       /*
+       /*
         * Send a timestamp and echo-reply if this is a SYN and our side
         * wants to use timestamps (TF_REQ_TSTMP is set) or both our side
         * and our peer have sent timestamps in our SYN's.
         * Send a timestamp and echo-reply if this is a SYN and our side
         * wants to use timestamps (TF_REQ_TSTMP is set) or both our side
         * and our peer have sent timestamps in our SYN's.
@@ -1138,8 +1528,8 @@ send:
        if (tp->rfbuf_ts == 0 && (so->so_rcv.sb_flags & SB_AUTOSIZE))
                tp->rfbuf_ts = tcp_now;
 
        if (tp->rfbuf_ts == 0 && (so->so_rcv.sb_flags & SB_AUTOSIZE))
                tp->rfbuf_ts = tcp_now;
 
-       if (tp->sack_enable && ((tp->t_flags & TF_NOOPT) == 0)) {
-               /* 
+       if (SACK_ENABLED(tp) && ((tp->t_flags & TF_NOOPT) == 0)) {
+               /*
                 * Tack on the SACK permitted option *last*.
                 * And do padding of options after tacking this on.
                 * This is because of MSS, TS, WinScale and Signatures are
                 * Tack on the SACK permitted option *last*.
                 * And do padding of options after tacking this on.
                 * This is because of MSS, TS, WinScale and Signatures are
@@ -1162,7 +1552,37 @@ send:
                        *bp++ = TCPOLEN_SACK_PERMITTED;
                        optlen += TCPOLEN_SACK_PERMITTED;
                }
                        *bp++ = TCPOLEN_SACK_PERMITTED;
                        optlen += TCPOLEN_SACK_PERMITTED;
                }
+       }
+#if MPTCP
+       if (so->so_flags & SOF_MP_SUBFLOW) {
+               /*
+                * Its important to piggyback acks with data as ack only packets
+                * may get lost and data packets that don't send Data ACKs
+                * still advance the subflow level ACK and therefore make it
+                * hard for the remote end to recover in low cwnd situations.
+                */
+               if (len != 0) {
+                       tp->t_mpflags |= (TMPF_SEND_DSN |
+                           TMPF_MPTCP_ACKNOW);
+               } else {
+                       tp->t_mpflags |= TMPF_MPTCP_ACKNOW;
+               }
+               optlen = mptcp_setup_opts(tp, off, &opt[0], optlen, flags,
+                   len, &mptcp_acknow);
+               tp->t_mpflags &= ~TMPF_SEND_DSN;
+       }
+#endif /* MPTCP */
+
+       if (tfo_enabled(tp) && !(tp->t_flags & TF_NOOPT) &&
+           (flags & (TH_SYN | TH_ACK)) == TH_SYN)
+               optlen += tcp_tfo_write_cookie(tp, optlen, len, opt);
+
+       if (tfo_enabled(tp) &&
+           (flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK) &&
+           (tp->t_tfo_flags & TFO_F_OFFER_COOKIE))
+               optlen += tcp_tfo_write_cookie_rep(tp, optlen, opt);
 
 
+       if (SACK_ENABLED(tp) && ((tp->t_flags & TF_NOOPT) == 0)) {
                /*
                 * Send SACKs if necessary.  This should be the last
                 * option processed.  Only as many SACKs are sent as
                /*
                 * Send SACKs if necessary.  This should be the last
                 * option processed.  Only as many SACKs are sent as
@@ -1177,14 +1597,16 @@ send:
                 * 10 bytes for SACK options 40 - (12 + 18).
                 */
                if (TCPS_HAVEESTABLISHED(tp->t_state) &&
                 * 10 bytes for SACK options 40 - (12 + 18).
                 */
                if (TCPS_HAVEESTABLISHED(tp->t_state) &&
-                   (tp->t_flags & TF_SACK_PERMIT) && tp->rcv_numsacks > 0 &&
+                   (tp->t_flags & TF_SACK_PERMIT) &&
+                   (tp->rcv_numsacks > 0 || TCP_SEND_DSACK_OPT(tp)) &&
                    MAX_TCPOPTLEN - optlen - 2 >= TCPOLEN_SACK) {
                        int nsack, padlen;
                        u_char *bp = (u_char *)opt + optlen;
                        u_int32_t *lp;
 
                        nsack = (MAX_TCPOPTLEN - optlen - 2) / TCPOLEN_SACK;
                    MAX_TCPOPTLEN - optlen - 2 >= TCPOLEN_SACK) {
                        int nsack, padlen;
                        u_char *bp = (u_char *)opt + optlen;
                        u_int32_t *lp;
 
                        nsack = (MAX_TCPOPTLEN - optlen - 2) / TCPOLEN_SACK;
-                       nsack = min(nsack, tp->rcv_numsacks);
+                       nsack = min(nsack, (tp->rcv_numsacks +
+                           (TCP_SEND_DSACK_OPT(tp) ? 1 : 0)));
                        sackoptlen = (2 + nsack * TCPOLEN_SACK);
 
                        /*
                        sackoptlen = (2 + nsack * TCPOLEN_SACK);
 
                        /*
@@ -1201,40 +1623,172 @@ send:
                        *bp++ = TCPOPT_SACK;
                        *bp++ = sackoptlen;
                        lp = (u_int32_t *)(void *)bp;
                        *bp++ = TCPOPT_SACK;
                        *bp++ = sackoptlen;
                        lp = (u_int32_t *)(void *)bp;
+
+                       /*
+                        * First block of SACK option should represent
+                        * DSACK. Prefer to send SACK information if there
+                        * is space for only one SACK block. This will
+                        * allow for faster recovery.
+                        */
+                       if (TCP_SEND_DSACK_OPT(tp) && nsack > 0 &&
+                           (tp->rcv_numsacks == 0 || nsack > 1)) {
+                               *lp++ = htonl(tp->t_dsack_lseq);
+                               *lp++ = htonl(tp->t_dsack_rseq);
+                               tcpstat.tcps_dsack_sent++;
+                               tp->t_dsack_sent++;
+                               nsack--;
+                       }
+                       VERIFY(nsack == 0 || tp->rcv_numsacks >= nsack);
                        for (i = 0; i < nsack; i++) {
                                struct sackblk sack = tp->sackblks[i];
                                *lp++ = htonl(sack.start);
                                *lp++ = htonl(sack.end);
                        }
                        for (i = 0; i < nsack; i++) {
                                struct sackblk sack = tp->sackblks[i];
                                *lp++ = htonl(sack.start);
                                *lp++ = htonl(sack.end);
                        }
-                       optlen += sackoptlen;
+                       optlen += sackoptlen;
+               }
+       }
+
+       /* Pad TCP options to a 4 byte boundary */
+       if (optlen < MAX_TCPOPTLEN && (optlen % sizeof(u_int32_t))) {
+               int pad = sizeof(u_int32_t) - (optlen % sizeof(u_int32_t));
+               u_char *bp = (u_char *)opt + optlen;
+
+               optlen += pad;
+               while (pad) {
+                       *bp++ = TCPOPT_EOL;
+                       pad--;
+               }
+       }
+
+       /*
+        * RFC 3168 states that:
+        * - If you ever sent an ECN-setup SYN/SYN-ACK you must be prepared
+        * to handle the TCP ECE flag, even if you also later send a
+        * non-ECN-setup SYN/SYN-ACK.
+        * - If you ever send a non-ECN-setup SYN/SYN-ACK, you must not set
+        * the ip ECT flag.
+        *
+        * It is not clear how the ECE flag would ever be set if you never
+        * set the IP ECT flag on outbound packets. All the same, we use
+        * the TE_SETUPSENT to indicate that we have committed to handling
+        * the TCP ECE flag correctly. We use the TE_SENDIPECT to indicate
+        * whether or not we should set the IP ECT flag on outbound packet
+        *
+        * For a SYN-ACK, send an ECN setup SYN-ACK
+        */
+       if ((flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK) &&
+           (tp->ecn_flags & TE_ENABLE_ECN)) {
+               if (tp->ecn_flags & TE_SETUPRECEIVED) {
+                       if (tcp_send_ecn_flags_on_syn(tp, so)) {
+                               /*
+                                * Setting TH_ECE makes this an ECN-setup
+                                * SYN-ACK
+                                */
+                               flags |= TH_ECE;
+
+                               /*
+                                * Record that we sent the ECN-setup and
+                                * default to setting IP ECT.
+                                */
+                               tp->ecn_flags |= (TE_SETUPSENT|TE_SENDIPECT);
+                               tcpstat.tcps_ecn_server_setup++;
+                               tcpstat.tcps_ecn_server_success++;
+                       } else {
+                               /*
+                                * We sent an ECN-setup SYN-ACK but it was
+                                * dropped. Fallback to non-ECN-setup
+                                * SYN-ACK and clear flag to indicate that
+                                * we should not send data with IP ECT set
+                                *
+                                * Pretend we didn't receive an
+                                * ECN-setup SYN.
+                                *
+                                * We already incremented the counter
+                                * assuming that the ECN setup will
+                                * succeed. Decrementing here
+                                * tcps_ecn_server_success to correct it.
+                                */
+                               if (tp->ecn_flags & TE_SETUPSENT) {
+                                       tcpstat.tcps_ecn_lost_synack++;
+                                       tcpstat.tcps_ecn_server_success--;
+                                       tp->ecn_flags |= TE_LOST_SYNACK;
+                               }
+
+                               tp->ecn_flags &=
+                                   ~(TE_SETUPRECEIVED | TE_SENDIPECT |
+                                   TE_SENDCWR);
+                       }
+               }
+       } else if ((flags & (TH_SYN | TH_ACK)) == TH_SYN &&
+           (tp->ecn_flags & TE_ENABLE_ECN)) {
+               if (tcp_send_ecn_flags_on_syn(tp, so)) {
+                       /*
+                        * Setting TH_ECE and TH_CWR makes this an
+                        * ECN-setup SYN
+                        */
+                       flags |= (TH_ECE | TH_CWR);
+                       tcpstat.tcps_ecn_client_setup++;
+                       tp->ecn_flags |= TE_CLIENT_SETUP;
+
+                       /*
+                        * Record that we sent the ECN-setup and default to
+                        * setting IP ECT.
+                        */
+                       tp->ecn_flags |= (TE_SETUPSENT | TE_SENDIPECT);
+               } else {
+                       /*
+                        * We sent an ECN-setup SYN but it was dropped.
+                        * Fall back to non-ECN and clear flag indicating
+                        * we should send data with IP ECT set.
+                        */
+                       if (tp->ecn_flags & TE_SETUPSENT) {
+                               tcpstat.tcps_ecn_lost_syn++;
+                               tp->ecn_flags |= TE_LOST_SYN;
+                       }
+                       tp->ecn_flags &= ~TE_SENDIPECT;
                }
        }
 
                }
        }
 
-       /* Pad TCP options to a 4 byte boundary */
-       if (optlen < MAX_TCPOPTLEN && (optlen % sizeof(u_int32_t))) {
-               int pad = sizeof(u_int32_t) - (optlen % sizeof(u_int32_t));
-               u_char *bp = (u_char *)opt + optlen;
+       /*
+        * Check if we should set the TCP CWR flag.
+        * CWR flag is sent when we reduced the congestion window because
+        * we received a TCP ECE or we performed a fast retransmit. We
+        * never set the CWR flag on retransmitted packets. We only set
+        * the CWR flag on data packets. Pure acks don't have this set.
+        */
+       if ((tp->ecn_flags & TE_SENDCWR) != 0 && len != 0 &&
+           !SEQ_LT(tp->snd_nxt, tp->snd_max) && !sack_rxmit) {
+               flags |= TH_CWR;
+               tp->ecn_flags &= ~TE_SENDCWR;
+       }
 
 
-               optlen += pad;
-               while (pad) {
-                       *bp++ = TCPOPT_EOL;
-                       pad--;
-               }
+       /*
+        * Check if we should set the TCP ECE flag.
+        */
+       if ((tp->ecn_flags & TE_SENDECE) != 0 && len == 0) {
+               flags |= TH_ECE;
+               tcpstat.tcps_ecn_sent_ece++;
        }
 
        }
 
+
        hdrlen += optlen;
 
        hdrlen += optlen;
 
+       /* Reset DSACK sequence numbers */
+       tp->t_dsack_lseq = 0;
+       tp->t_dsack_rseq = 0;
+
 #if INET6
        if (isipv6)
 #if INET6
        if (isipv6)
-               ipoptlen = ip6_optlen(tp->t_inpcb);
+               ipoptlen = ip6_optlen(inp);
        else
 #endif
        {
                if (tp_inp_options) {
                        ipoptlen = tp_inp_options->m_len -
                                offsetof(struct ipoption, ipopt_list);
        else
 #endif
        {
                if (tp_inp_options) {
                        ipoptlen = tp_inp_options->m_len -
                                offsetof(struct ipoption, ipopt_list);
-               } else
+               } else {
                        ipoptlen = 0;
                        ipoptlen = 0;
+               }
        }
 #if IPSEC
                ipoptlen += ipsec_optlen;
        }
 #if IPSEC
                ipoptlen += ipsec_optlen;
@@ -1255,94 +1809,100 @@ send:
         */
        if (len + optlen + ipoptlen > tp->t_maxopd) {
                /*
         */
        if (len + optlen + ipoptlen > tp->t_maxopd) {
                /*
-                * If there is still more to send, don't close the connection.
+                * If there is still more to send,
+                * don't close the connection.
                 */
                flags &= ~TH_FIN;
                if (tso) {
                        int32_t tso_maxlen;
 
                 */
                flags &= ~TH_FIN;
                if (tso) {
                        int32_t tso_maxlen;
 
-                       tso_maxlen = tp->tso_max_segment_size ? tp->tso_max_segment_size : TCP_MAXWIN;
+                       tso_maxlen = tp->tso_max_segment_size ?
+                               tp->tso_max_segment_size : TCP_MAXWIN;
 
                        if (len > tso_maxlen - hdrlen - optlen) {
                                len = tso_maxlen - hdrlen - optlen;
                                len = len - (len % (tp->t_maxopd - optlen));
                                sendalot = 1;
 
                        if (len > tso_maxlen - hdrlen - optlen) {
                                len = tso_maxlen - hdrlen - optlen;
                                len = len - (len % (tp->t_maxopd - optlen));
                                sendalot = 1;
-                       } else if (tp->t_flags & TF_NEEDFIN)
+                       } else if (tp->t_flags & TF_NEEDFIN) {
                                sendalot = 1;
                                sendalot = 1;
+                       }
                } else {
                        len = tp->t_maxopd - optlen - ipoptlen;
                        sendalot = 1;
                }
        }
 
                } else {
                        len = tp->t_maxopd - optlen - ipoptlen;
                        sendalot = 1;
                }
        }
 
-/*#ifdef DIAGNOSTIC*/
-#if INET6
        if (max_linkhdr + hdrlen > MCLBYTES)
                panic("tcphdr too big");
        if (max_linkhdr + hdrlen > MCLBYTES)
                panic("tcphdr too big");
-#else
-       if (max_linkhdr + hdrlen > MHLEN)
-               panic("tcphdr too big");
-#endif
-/*#endif*/
 
        /* Check if there is enough data in the send socket
 
        /* Check if there is enough data in the send socket
-        * buffer to start measuring b
+        * buffer to start measuring bandwidth
         */
        if ((tp->t_flagsext & TF_MEASURESNDBW) != 0 &&
                (tp->t_bwmeas != NULL) &&
         */
        if ((tp->t_flagsext & TF_MEASURESNDBW) != 0 &&
                (tp->t_bwmeas != NULL) &&
-               (tp->t_flagsext & TF_BWMEAS_INPROGRESS) == 0 &&
-               (so->so_snd.sb_cc - (tp->snd_max - tp->snd_una)) >= 
-                       tp->t_bwmeas->bw_minsize) {
-               tp->t_bwmeas->bw_size = min((so->so_snd.sb_cc - (tp->snd_max - tp->snd_una)),
-                       tp->t_bwmeas->bw_maxsize);
-               tp->t_flagsext |= TF_BWMEAS_INPROGRESS;
-               tp->t_bwmeas->bw_start = tp->snd_max;
-               tp->t_bwmeas->bw_ts = tcp_now;
-       }
-
-       VERIFY(tp->t_inpcb->inp_flowhash != 0);
-       
+               (tp->t_flagsext & TF_BWMEAS_INPROGRESS) == 0) {
+               tp->t_bwmeas->bw_size = min(min(
+                   (so->so_snd.sb_cc - (tp->snd_max - tp->snd_una)),
+                   tp->snd_cwnd), tp->snd_wnd);
+               if (tp->t_bwmeas->bw_minsize > 0 &&
+                   tp->t_bwmeas->bw_size < tp->t_bwmeas->bw_minsize)
+                       tp->t_bwmeas->bw_size = 0;
+               if (tp->t_bwmeas->bw_maxsize > 0)
+                       tp->t_bwmeas->bw_size = min(tp->t_bwmeas->bw_size,
+                           tp->t_bwmeas->bw_maxsize);
+               if (tp->t_bwmeas->bw_size > 0) {
+                       tp->t_flagsext |= TF_BWMEAS_INPROGRESS;
+                       tp->t_bwmeas->bw_start = tp->snd_max;
+                       tp->t_bwmeas->bw_ts = tcp_now;
+               }
+       }
+
+       VERIFY(inp->inp_flowhash != 0);
        /*
         * Grab a header mbuf, attaching a copy of data to
         * be transmitted, and initialize the header from
         * the template for sends on this connection.
         */
        if (len) {
        /*
         * Grab a header mbuf, attaching a copy of data to
         * be transmitted, and initialize the header from
         * the template for sends on this connection.
         */
        if (len) {
-               if (tp->t_force && len == 1)
+               tp->t_pmtud_lastseg_size = len + optlen + ipoptlen;
+               if ((tp->t_flagsext & TF_FORCE) && len == 1)
                        tcpstat.tcps_sndprobe++;
                else if (SEQ_LT(tp->snd_nxt, tp->snd_max) || sack_rxmit) {
                        tcpstat.tcps_sndrexmitpack++;
                        tcpstat.tcps_sndrexmitbyte += len;
                        if (nstat_collect) {
                        tcpstat.tcps_sndprobe++;
                else if (SEQ_LT(tp->snd_nxt, tp->snd_max) || sack_rxmit) {
                        tcpstat.tcps_sndrexmitpack++;
                        tcpstat.tcps_sndrexmitbyte += len;
                        if (nstat_collect) {
-                               nstat_route_tx(tp->t_inpcb->inp_route.ro_rt, 1, len, NSTAT_TX_FLAG_RETRANSMIT);
-                               locked_add_64(&tp->t_inpcb->inp_stat->txpackets, 1);
-                               locked_add_64(&tp->t_inpcb->inp_stat->txbytes, len);
+                               nstat_route_tx(inp->inp_route.ro_rt, 1,
+                                       len, NSTAT_TX_FLAG_RETRANSMIT);
+                               INP_ADD_STAT(inp, cell, wifi, wired,
+                                   txpackets, 1);
+                               INP_ADD_STAT(inp, cell, wifi, wired,
+                                   txbytes, len);
                                tp->t_stat.txretransmitbytes += len;
                                tp->t_stat.txretransmitbytes += len;
+                               tp->t_stat.rxmitpkts++;
                        }
                } else {
                        tcpstat.tcps_sndpack++;
                        tcpstat.tcps_sndbyte += len;
                        }
                } else {
                        tcpstat.tcps_sndpack++;
                        tcpstat.tcps_sndbyte += len;
+
                        if (nstat_collect) {
                        if (nstat_collect) {
-                               locked_add_64(&tp->t_inpcb->inp_stat->txpackets, 1);
-                               locked_add_64(&tp->t_inpcb->inp_stat->txbytes, len);
+                               INP_ADD_STAT(inp, cell, wifi, wired,
+                                   txpackets, 1);
+                               INP_ADD_STAT(inp, cell, wifi, wired,
+                                   txbytes, len);
                        }
                        }
+                       inp_decr_sndbytes_unsent(so, len);
                }
                }
-#ifdef notyet
-               if ((m = m_copypack(so->so_snd.sb_mb, off,
-                   (int)len, max_linkhdr + hdrlen)) == 0) {
-                       error = ENOBUFS;
-                       goto out;
+               inp_set_activity_bitmap(inp);
+#if MPTCP
+               if (tp->t_mpflags & TMPF_MPTCP_TRUE) {
+                       tcpstat.tcps_mp_sndpacks++;
+                       tcpstat.tcps_mp_sndbytes += len;
                }
                }
+#endif /* MPTCP */
                /*
                /*
-                * m_copypack left space for our hdr; use it.
-                */
-               m->m_len += hdrlen;
-               m->m_data -= hdrlen;
-#else
-               /*
-                * try to use the new interface that allocates all 
-                * the necessary mbuf hdrs under 1 mbuf lock and 
-                * avoids rescanning the socket mbuf list if 
+                * try to use the new interface that allocates all
+                * the necessary mbuf hdrs under 1 mbuf lock and
+                * avoids rescanning the socket mbuf list if
                 * certain conditions are met.  This routine can't
                 * be used in the following cases...
                 * 1) the protocol headers exceed the capacity of
                 * certain conditions are met.  This routine can't
                 * be used in the following cases...
                 * 1) the protocol headers exceed the capacity of
@@ -1352,11 +1912,13 @@ send:
                 * data area (no cluster attached)
                 */
                m = NULL;
                 * data area (no cluster attached)
                 */
                m = NULL;
-#if INET6
+
+               /* minimum length we are going to allocate */
+               allocated_len = MHLEN;
                if (MHLEN < hdrlen + max_linkhdr) {
                if (MHLEN < hdrlen + max_linkhdr) {
-                       MGETHDR(m, M_DONTWAIT, MT_HEADER);      /* MAC-OK */
+                       MGETHDR(m, M_DONTWAIT, MT_HEADER);
                        if (m == NULL) {
                        if (m == NULL) {
-                               error = ENOBUFS;
+                               error = ENOBUFS;
                                goto out;
                        }
                        MCLGET(m, M_DONTWAIT);
                                goto out;
                        }
                        MCLGET(m, M_DONTWAIT);
@@ -1367,13 +1929,14 @@ send:
                        }
                        m->m_data += max_linkhdr;
                        m->m_len = hdrlen;
                        }
                        m->m_data += max_linkhdr;
                        m->m_len = hdrlen;
+                       allocated_len = MCLBYTES;
                }
                }
-#endif
-               if (len <= MHLEN - hdrlen - max_linkhdr) {
+               if (len <= allocated_len - hdrlen - max_linkhdr) {
                        if (m == NULL) {
                        if (m == NULL) {
-                               MGETHDR(m, M_DONTWAIT, MT_HEADER);      /* MAC-OK */
+                               VERIFY(allocated_len <= MHLEN);
+                               MGETHDR(m, M_DONTWAIT, MT_HEADER);
                                if (m == NULL) {
                                if (m == NULL) {
-                                       error = ENOBUFS;
+                                       error = ENOBUFS;
                                        goto out;
                                }
                                m->m_data += max_linkhdr;
                                        goto out;
                                }
                                m->m_data += max_linkhdr;
@@ -1389,40 +1952,45 @@ send:
                            mtod(m, caddr_t) + hdrlen);
                        m->m_len += len;
                } else {
                            mtod(m, caddr_t) + hdrlen);
                        m->m_len += len;
                } else {
-                       if (m != NULL) {
-                               m->m_next = m_copy(so->so_snd.sb_mb, off, (int) len);
-                               if (m->m_next == 0) {
-                                       (void) m_free(m);
+                       uint32_t copymode;
+                       /*
+                        * Retain packet header metadata at the socket
+                        * buffer if this is is an MPTCP subflow,
+                        * otherwise move it.
+                        */
+                       copymode = M_COPYM_MOVE_HDR;
+#if MPTCP
+                       if (so->so_flags & SOF_MP_SUBFLOW) {
+                               copymode = M_COPYM_NOOP_HDR;
+                       }
+#endif /* MPTCP */
+                       if (m != NULL) {
+                               m->m_next = m_copym_mode(so->so_snd.sb_mb,
+                                   off, (int)len, M_DONTWAIT, copymode);
+                               if (m->m_next == NULL) {
+                                       (void) m_free(m);
                                        error = ENOBUFS;
                                        goto out;
                                }
                        } else {
                                        error = ENOBUFS;
                                        goto out;
                                }
                        } else {
-                               /*
-                                * determine whether the mbuf pointer and offset passed back by the 'last' call
-                                * to m_copym_with_hdrs are still valid... if the head of the socket chain has
-                                * changed (due to an incoming ACK for instance), or the offset into the chain we
-                                * just computed is different from the one last returned by m_copym_with_hdrs (perhaps
-                                * we're re-transmitting a packet sent earlier), than we can't pass the mbuf pointer and
-                                * offset into it as valid hints for m_copym_with_hdrs to use (if valid, these hints allow
-                                * m_copym_with_hdrs to avoid rescanning from the beginning of the socket buffer mbuf list.
-                                * setting the mbuf pointer to NULL is sufficient to disable the hint mechanism.
+                               /*
+                                * make sure we still have data left
+                                * to be sent at this point
                                 */
                                 */
-                               if (m_head != so->so_snd.sb_mb || sack_rxmit || last_off != off)
-                                       m_lastm = NULL;
-                               last_off = off + len;
-                               m_head = so->so_snd.sb_mb;
-       
-                               /* makes sure we still have data left to be sent at this point */
-                               if (m_head == NULL) {
+                               if (so->so_snd.sb_mb == NULL) {
                                        error = 0; /* should we return an error? */
                                        goto out;
                                }
                                        error = 0; /* should we return an error? */
                                        goto out;
                                }
-                               
+
                                /*
                                /*
-                                * m_copym_with_hdrs will always return the last mbuf pointer and the offset into it that
-                                * it acted on to fullfill the current request, whether a valid 'hint' was passed in or not
+                                * m_copym_with_hdrs will always return the
+                                * last mbuf pointer and the offset into it that
+                                * it acted on to fullfill the current request,
+                                * whether a valid 'hint' was passed in or not.
                                 */
                                 */
-                               if ((m = m_copym_with_hdrs(so->so_snd.sb_mb, off, len, M_DONTWAIT, &m_lastm, &m_off)) == NULL) {
+                               if ((m = m_copym_with_hdrs(so->so_snd.sb_mb,
+                                   off, len, M_DONTWAIT, NULL, NULL,
+                                   copymode)) == NULL) {
                                        error = ENOBUFS;
                                        goto out;
                                }
                                        error = ENOBUFS;
                                        goto out;
                                }
@@ -1430,14 +1998,15 @@ send:
                                m->m_len = hdrlen;
                        }
                }
                                m->m_len = hdrlen;
                        }
                }
-#endif
                /*
                 * If we're sending everything we've got, set PUSH.
                 * (This will keep happy those implementations which only
                 * give data to the user when a buffer fills or
                 * a PUSH comes in.)
                /*
                 * If we're sending everything we've got, set PUSH.
                 * (This will keep happy those implementations which only
                 * give data to the user when a buffer fills or
                 * a PUSH comes in.)
+                *
+                * On SYN-segments we should not add the PUSH-flag.
                 */
                 */
-               if (off + len == so->so_snd.sb_cc)
+               if (off + len == so->so_snd.sb_cc && !(flags & TH_SYN))
                        flags |= TH_PUSH;
        } else {
                if (tp->t_flags & TF_ACKNOW)
                        flags |= TH_PUSH;
        } else {
                if (tp->t_flags & TF_ACKNOW)
@@ -1454,18 +2023,20 @@ send:
                        error = ENOBUFS;
                        goto out;
                }
                        error = ENOBUFS;
                        goto out;
                }
-#if INET6
-               if (isipv6 && (MHLEN < hdrlen + max_linkhdr) &&
-                   MHLEN >= hdrlen) {
-                       MH_ALIGN(m, hdrlen);
-               } else
-#endif
-                       m->m_data += max_linkhdr;
+               if (MHLEN < (hdrlen + max_linkhdr)) {
+                       MCLGET(m, M_DONTWAIT);
+                       if ((m->m_flags & M_EXT) == 0) {
+                               m_freem(m);
+                               error = ENOBUFS;
+                               goto out;
+                       }
+               }
+               m->m_data += max_linkhdr;
                m->m_len = hdrlen;
        }
        m->m_pkthdr.rcvif = 0;
 #if CONFIG_MACF_NET
                m->m_len = hdrlen;
        }
        m->m_pkthdr.rcvif = 0;
 #if CONFIG_MACF_NET
-       mac_mbuf_label_associate_inpcb(tp->t_inpcb, m);
+       mac_mbuf_label_associate_inpcb(inp, m);
 #endif
 #if INET6
        if (isipv6) {
 #endif
 #if INET6
        if (isipv6) {
@@ -1477,6 +2048,10 @@ send:
                        ip6->ip6_flow |= htonl(IPTOS_ECN_ECT0 << 20);
                }
                svc_flags |= PKT_SCF_IPV6;
                        ip6->ip6_flow |= htonl(IPTOS_ECN_ECT0 << 20);
                }
                svc_flags |= PKT_SCF_IPV6;
+#if PF_ECN
+               m_pftag(m)->pftag_hdr = (void *)ip6;
+               m_pftag(m)->pftag_flags |= PF_TAG_HDR_INET6;
+#endif /* PF_ECN */
        } else
 #endif /* INET6 */
        {
        } else
 #endif /* INET6 */
        {
@@ -1486,9 +2061,14 @@ send:
                /* this picks up the pseudo header (w/o the length) */
                tcp_fillheaders(tp, ip, th);
                if ((tp->ecn_flags & TE_SENDIPECT) != 0 && len &&
                /* this picks up the pseudo header (w/o the length) */
                tcp_fillheaders(tp, ip, th);
                if ((tp->ecn_flags & TE_SENDIPECT) != 0 && len &&
-                       !SEQ_LT(tp->snd_nxt, tp->snd_max) && !sack_rxmit) {
-                       ip->ip_tos = IPTOS_ECN_ECT0;
+                   !SEQ_LT(tp->snd_nxt, tp->snd_max) &&
+                   !sack_rxmit && !(flags & TH_SYN)) {
+                       ip->ip_tos |= IPTOS_ECN_ECT0;
                }
                }
+#if PF_ECN
+               m_pftag(m)->pftag_hdr = (void *)ip;
+               m_pftag(m)->pftag_flags |= PF_TAG_HDR_INET;
+#endif /* PF_ECN */
        }
 
        /*
        }
 
        /*
@@ -1496,7 +2076,7 @@ send:
         * window for use in delaying messages about window sizes.
         * If resending a FIN, be sure not to use a new sequence number.
         */
         * window for use in delaying messages about window sizes.
         * If resending a FIN, be sure not to use a new sequence number.
         */
-       if (flags & TH_FIN && (tp->t_flags & TF_SENTFIN) &&
+       if ((flags & TH_FIN) && (tp->t_flags & TF_SENTFIN) &&
            tp->snd_nxt == tp->snd_max)
                tp->snd_nxt--;
        /*
            tp->snd_nxt == tp->snd_max)
                tp->snd_nxt--;
        /*
@@ -1511,55 +2091,51 @@ send:
         * right edge of the window, so use snd_nxt in that
         * case, since we know we aren't doing a retransmission.
         * (retransmit and persist are mutually exclusive...)
         * right edge of the window, so use snd_nxt in that
         * case, since we know we aren't doing a retransmission.
         * (retransmit and persist are mutually exclusive...)
+        *
+        * Note the state of this retransmit segment to detect spurious
+        * retransmissions.
         */
        if (sack_rxmit == 0) {
         */
        if (sack_rxmit == 0) {
-               if (len || (flags & (TH_SYN|TH_FIN)) || tp->t_timer[TCPT_PERSIST])
+               if (len || (flags & (TH_SYN|TH_FIN)) ||
+                   tp->t_timer[TCPT_PERSIST]) {
                        th->th_seq = htonl(tp->snd_nxt);
                        th->th_seq = htonl(tp->snd_nxt);
-               else
+                       if (len > 0) {
+                               m->m_pkthdr.tx_start_seq = tp->snd_nxt;
+                               m->m_pkthdr.pkt_flags |= PKTF_START_SEQ;
+                       }
+                       if (SEQ_LT(tp->snd_nxt, tp->snd_max)) {
+                               if (SACK_ENABLED(tp) && len > 1) {
+                                       tcp_rxtseg_insert(tp, tp->snd_nxt,
+                                           (tp->snd_nxt + len - 1));
+                               }
+                               if (len > 0)
+                                       m->m_pkthdr.pkt_flags |=
+                                           PKTF_TCP_REXMT;
+                       }
+               } else {
                        th->th_seq = htonl(tp->snd_max);
                        th->th_seq = htonl(tp->snd_max);
+               }
        } else {
                th->th_seq = htonl(p->rxmit);
        } else {
                th->th_seq = htonl(p->rxmit);
+               if (len > 0) {
+                       m->m_pkthdr.pkt_flags |=
+                           (PKTF_TCP_REXMT | PKTF_START_SEQ);
+                       m->m_pkthdr.tx_start_seq = p->rxmit;
+               }
+               tcp_rxtseg_insert(tp, p->rxmit, (p->rxmit + len - 1));
                p->rxmit += len;
                tp->sackhint.sack_bytes_rexmit += len;
        }
        th->th_ack = htonl(tp->rcv_nxt);
        tp->last_ack_sent = tp->rcv_nxt;
                p->rxmit += len;
                tp->sackhint.sack_bytes_rexmit += len;
        }
        th->th_ack = htonl(tp->rcv_nxt);
        tp->last_ack_sent = tp->rcv_nxt;
-
        if (optlen) {
                bcopy(opt, th + 1, optlen);
                th->th_off = (sizeof (struct tcphdr) + optlen) >> 2;
        }
        th->th_flags = flags;
        if (optlen) {
                bcopy(opt, th + 1, optlen);
                th->th_off = (sizeof (struct tcphdr) + optlen) >> 2;
        }
        th->th_flags = flags;
-       /*
-        * Calculate receive window.  Don't shrink window,
-        * but avoid silly window syndrome.
-        */
-       if (recwin < (int32_t)(so->so_rcv.sb_hiwat / 4) && recwin < (int)tp->t_maxseg)
-               recwin = 0;
-       if (recwin < (int32_t)(tp->rcv_adv - tp->rcv_nxt))
-               recwin = (int32_t)(tp->rcv_adv - tp->rcv_nxt);
-       if (tp->t_flags & TF_SLOWLINK && slowlink_wsize > 0) {
-               if (recwin > (int32_t)slowlink_wsize) 
-                       recwin = slowlink_wsize;
-       }
-
-#if TRAFFIC_MGT
-       if (tcp_recv_bg == 1  || IS_TCP_RECV_BG(so)) {
-               if (tp->acc_iaj > tcp_acc_iaj_react_limit) {
-                       uint32_t min_iaj_win = tcp_min_iaj_win * tp->t_maxseg;
-                       if (tp->iaj_rwintop == 0 ||
-                               SEQ_LT(tp->iaj_rwintop, tp->rcv_adv))
-                               tp->iaj_rwintop = tp->rcv_adv; 
-                       if (SEQ_LT(tp->iaj_rwintop, tp->rcv_nxt + min_iaj_win))
-                               tp->iaj_rwintop =  tp->rcv_nxt + min_iaj_win;
-                       recwin = min(tp->iaj_rwintop - tp->rcv_nxt, recwin);
-               }
-       }
-#endif /* TRAFFIC_MGT */
-
-       if (recwin > (int32_t)(TCP_MAXWIN << tp->rcv_scale))
-               recwin = (int32_t)(TCP_MAXWIN << tp->rcv_scale);
        th->th_win = htons((u_short) (recwin>>tp->rcv_scale));
        th->th_win = htons((u_short) (recwin>>tp->rcv_scale));
+       if (recwin > 0 && SEQ_LT(tp->rcv_adv, tp->rcv_nxt + recwin))
+               tp->rcv_adv = tp->rcv_nxt + recwin;
 
        /*
         * Adjust the RXWIN0SENT flag - indicate that we have advertised
 
        /*
         * Adjust the RXWIN0SENT flag - indicate that we have advertised
@@ -1576,7 +2152,7 @@ send:
        if (SEQ_GT(tp->snd_up, tp->snd_nxt)) {
                th->th_urp = htons((u_short)(tp->snd_up - tp->snd_nxt));
                th->th_flags |= TH_URG;
        if (SEQ_GT(tp->snd_up, tp->snd_nxt)) {
                th->th_urp = htons((u_short)(tp->snd_up - tp->snd_nxt));
                th->th_flags |= TH_URG;
-       } else
+       } else {
                /*
                 * If no urgent pointer to send, then we pull
                 * the urgent pointer to the left edge of the send window
                /*
                 * If no urgent pointer to send, then we pull
                 * the urgent pointer to the left edge of the send window
@@ -1584,12 +2160,24 @@ send:
                 * number wraparound.
                 */
                tp->snd_up = tp->snd_una;               /* drag it along */
                 * number wraparound.
                 */
                tp->snd_up = tp->snd_una;               /* drag it along */
+       }
 
        /*
         * Put TCP length in extended header, and then
         * checksum extended header and data.
         */
        m->m_pkthdr.len = hdrlen + len; /* in6_cksum() need this */
 
        /*
         * Put TCP length in extended header, and then
         * checksum extended header and data.
         */
        m->m_pkthdr.len = hdrlen + len; /* in6_cksum() need this */
+
+       /*
+        * If this is potentially the last packet on the stream, then mark
+        * it in order to enable some optimizations in the underlying
+        * layers
+        */
+       if (tp->t_state != TCPS_ESTABLISHED &&
+           (tp->t_state == TCPS_CLOSING || tp->t_state == TCPS_TIME_WAIT
+           || tp->t_state == TCPS_LAST_ACK || (th->th_flags & TH_RST)))
+               m->m_pkthdr.pkt_flags |= PKTF_LAST_PKT;
+
 #if INET6
        if (isipv6) {
                /*
 #if INET6
        if (isipv6) {
                /*
@@ -1599,7 +2187,7 @@ send:
                m->m_pkthdr.csum_flags = CSUM_TCPIPV6;
                m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
                if (len + optlen)
                m->m_pkthdr.csum_flags = CSUM_TCPIPV6;
                m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
                if (len + optlen)
-                       th->th_sum = in_addword(th->th_sum, 
+                       th->th_sum = in_addword(th->th_sum,
                                htons((u_short)(optlen + len)));
        }
        else
                                htons((u_short)(optlen + len)));
        }
        else
@@ -1608,7 +2196,7 @@ send:
                m->m_pkthdr.csum_flags = CSUM_TCP;
                m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
                if (len + optlen)
                m->m_pkthdr.csum_flags = CSUM_TCP;
                m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
                if (len + optlen)
-                       th->th_sum = in_addword(th->th_sum, 
+                       th->th_sum = in_addword(th->th_sum,
                                htons((u_short)(optlen + len)));
        }
 
                                htons((u_short)(optlen + len)));
        }
 
@@ -1618,22 +2206,23 @@ send:
         */
        if (tso) {
 #if INET6
         */
        if (tso) {
 #if INET6
-               if (isipv6) 
-                       m->m_pkthdr.csum_flags = CSUM_TSO_IPV6;
+               if (isipv6)
+                       m->m_pkthdr.csum_flags |= CSUM_TSO_IPV6;
                else
 #endif /* INET6 */
                else
 #endif /* INET6 */
-                       m->m_pkthdr.csum_flags = CSUM_TSO_IPV4;
+                       m->m_pkthdr.csum_flags |= CSUM_TSO_IPV4;
 
                m->m_pkthdr.tso_segsz = tp->t_maxopd - optlen;
 
                m->m_pkthdr.tso_segsz = tp->t_maxopd - optlen;
-       }
-       else
+       } else {
                m->m_pkthdr.tso_segsz = 0;
                m->m_pkthdr.tso_segsz = 0;
+       }
 
        /*
         * In transmit state, time the transmission and arrange for
         * the retransmit.  In persist state, just set snd_max.
         */
 
        /*
         * In transmit state, time the transmission and arrange for
         * the retransmit.  In persist state, just set snd_max.
         */
-       if (tp->t_force == 0 || tp->t_timer[TCPT_PERSIST] == 0) {
+       if (!(tp->t_flagsext & TF_FORCE)
+           || tp->t_timer[TCPT_PERSIST] == 0) {
                tcp_seq startseq = tp->snd_nxt;
 
                /*
                tcp_seq startseq = tp->snd_nxt;
 
                /*
@@ -1642,16 +2231,24 @@ send:
                if (flags & (TH_SYN|TH_FIN)) {
                        if (flags & TH_SYN)
                                tp->snd_nxt++;
                if (flags & (TH_SYN|TH_FIN)) {
                        if (flags & TH_SYN)
                                tp->snd_nxt++;
-                       if (flags & TH_FIN) {
+                       if ((flags & TH_FIN) &&
+                               !(tp->t_flags & TF_SENTFIN)) {
                                tp->snd_nxt++;
                                tp->t_flags |= TF_SENTFIN;
                        }
                }
                if (sack_rxmit)
                        goto timer;
                                tp->snd_nxt++;
                                tp->t_flags |= TF_SENTFIN;
                        }
                }
                if (sack_rxmit)
                        goto timer;
-               tp->snd_nxt += len;
+               if (sack_rescue_rxt == TRUE) {
+                       tp->snd_nxt = old_snd_nxt;
+                       sack_rescue_rxt = FALSE;
+                       tcpstat.tcps_pto_in_recovery++;
+               } else {
+                       tp->snd_nxt += len;
+               }
                if (SEQ_GT(tp->snd_nxt, tp->snd_max)) {
                        tp->snd_max = tp->snd_nxt;
                if (SEQ_GT(tp->snd_nxt, tp->snd_max)) {
                        tp->snd_max = tp->snd_nxt;
+                       tp->t_sndtime = tcp_now;
                        /*
                         * Time this transmission if not a retransmission and
                         * not currently timing anything.
                        /*
                         * Time this transmission if not a retransmission and
                         * not currently timing anything.
@@ -1660,28 +2257,76 @@ send:
                                tp->t_rtttime = tcp_now;
                                tp->t_rtseq = startseq;
                                tcpstat.tcps_segstimed++;
                                tp->t_rtttime = tcp_now;
                                tp->t_rtseq = startseq;
                                tcpstat.tcps_segstimed++;
+
+                               /* update variables related to pipe ack */
+                               tp->t_pipeack_lastuna = tp->snd_una;
                        }
                }
 
                /*
                 * Set retransmit timer if not currently set,
                 * and not doing an ack or a keep-alive probe.
                        }
                }
 
                /*
                 * Set retransmit timer if not currently set,
                 * and not doing an ack or a keep-alive probe.
-                * Initial value for retransmit timer is smoothed
-                * round-trip time + 2 * round-trip time variance.
-                * Initialize shift counter which is used for backoff
-                * of retransmit time.
                 */
 timer:
                if (tp->t_timer[TCPT_REXMT] == 0 &&
                    ((sack_rxmit && tp->snd_nxt != tp->snd_max) ||
                 */
 timer:
                if (tp->t_timer[TCPT_REXMT] == 0 &&
                    ((sack_rxmit && tp->snd_nxt != tp->snd_max) ||
-                       tp->snd_nxt != tp->snd_una)) {
+                       tp->snd_nxt != tp->snd_una || (flags & TH_FIN))) {
                        if (tp->t_timer[TCPT_PERSIST]) {
                                tp->t_timer[TCPT_PERSIST] = 0;
                        if (tp->t_timer[TCPT_PERSIST]) {
                                tp->t_timer[TCPT_PERSIST] = 0;
-                               tp->t_rxtshift = 0;
-                               tp->rxt_start = 0;
                                tp->t_persist_stop = 0;
                                tp->t_persist_stop = 0;
+                               TCP_RESET_REXMT_STATE(tp);
+                       }
+                       tp->t_timer[TCPT_REXMT] =
+                               OFFSET_FROM_START(tp, tp->t_rxtcur);
+               }
+
+               /*
+                * Set tail loss probe timeout if new data is being
+                * transmitted. This will be supported only when
+                * SACK option is enabled on a connection.
+                *
+                * Every time new data is sent PTO will get reset.
+                */
+               if (tcp_enable_tlp && tp->t_state == TCPS_ESTABLISHED &&
+                   SACK_ENABLED(tp) && !IN_FASTRECOVERY(tp)
+                   && tp->snd_nxt == tp->snd_max
+                   && SEQ_GT(tp->snd_nxt, tp->snd_una)
+                   && tp->t_rxtshift == 0
+                   && (tp->t_flagsext & (TF_SENT_TLPROBE|TF_PKTS_REORDERED)) == 0) {
+                       u_int32_t pto, srtt, new_rto = 0;
+
+                       /*
+                        * Using SRTT alone to set PTO can cause spurious
+                        * retransmissions on wireless networks where there
+                        * is a lot of variance in RTT. Taking variance
+                        * into account will avoid this.
+                        */
+                       srtt = tp->t_srtt >> TCP_RTT_SHIFT;
+                       pto = ((TCP_REXMTVAL(tp)) * 3) >> 1;
+                       pto = max (2 * srtt, pto);
+                       if ((tp->snd_max - tp->snd_una) == tp->t_maxseg)
+                               pto = max(pto,
+                                   (((3 * pto) >> 2) + tcp_delack * 2));
+                       else
+                               pto = max(10, pto);
+
+                       /* if RTO is less than PTO, choose RTO instead */
+                       if (tp->t_rxtcur < pto) {
+                               /*
+                                * Schedule PTO instead of RTO in favor of
+                                * fast recovery.
+                                */
+                               pto = tp->t_rxtcur;
+
+                               /* Reset the next RTO to be after PTO. */
+                               TCPT_RANGESET(new_rto,
+                                   (pto + TCP_REXMTVAL(tp)),
+                                   max(tp->t_rttmin, tp->t_rttcur + 2),
+                                   TCPTV_REXMTMAX, 0);
+                               tp->t_timer[TCPT_REXMT] =
+                                   OFFSET_FROM_START(tp, new_rto);
                        }
                        }
-                       tp->t_timer[TCPT_REXMT] = OFFSET_FROM_START(tp, tp->t_rxtcur);
+                       tp->t_timer[TCPT_PTO] = OFFSET_FROM_START(tp, pto);
                }
        } else {
                /*
                }
        } else {
                /*
@@ -1691,12 +2336,15 @@ timer:
                int xlen = len;
                if (flags & TH_SYN)
                        ++xlen;
                int xlen = len;
                if (flags & TH_SYN)
                        ++xlen;
-               if (flags & TH_FIN) {
+               if ((flags & TH_FIN) &&
+                       !(tp->t_flags & TF_SENTFIN)) {
                        ++xlen;
                        tp->t_flags |= TF_SENTFIN;
                }
                        ++xlen;
                        tp->t_flags |= TF_SENTFIN;
                }
-               if (SEQ_GT(tp->snd_nxt + xlen, tp->snd_max))
+               if (SEQ_GT(tp->snd_nxt + xlen, tp->snd_max)) {
                        tp->snd_max = tp->snd_nxt + len;
                        tp->snd_max = tp->snd_nxt + len;
+                       tp->t_sndtime = tcp_now;
+               }
        }
 
 #if TCPDEBUG
        }
 
 #if TCPDEBUG
@@ -1713,7 +2361,7 @@ timer:
         * to handle ttl and tos; we could keep them in
         * the template, but need a way to checksum without them.
         */
         * to handle ttl and tos; we could keep them in
         * the template, but need a way to checksum without them.
         */
-#ifdef INET6
+#if INET6
        /*
         * m->m_pkthdr.len should have been set before cksum calcuration,
         * because in6_cksum() need it.
        /*
         * m->m_pkthdr.len should have been set before cksum calcuration,
         * because in6_cksum() need it.
@@ -1725,28 +2373,25 @@ timer:
                 * Also, desired default hop limit might be changed via
                 * Neighbor Discovery.
                 */
                 * Also, desired default hop limit might be changed via
                 * Neighbor Discovery.
                 */
-               ip6->ip6_hlim = in6_selecthlim(tp->t_inpcb,
-                                              tp->t_inpcb->in6p_route.ro_rt ?
-                                              tp->t_inpcb->in6p_route.ro_rt->rt_ifp
-                                              : NULL);
+               ip6->ip6_hlim = in6_selecthlim(inp, inp->in6p_route.ro_rt ?
+                   inp->in6p_route.ro_rt->rt_ifp : NULL);
 
                /* TODO: IPv6 IP6TOS_ECT bit on */
                KERNEL_DEBUG(DBG_LAYER_BEG,
 
                /* TODO: IPv6 IP6TOS_ECT bit on */
                KERNEL_DEBUG(DBG_LAYER_BEG,
-                   ((tp->t_inpcb->inp_fport << 16) | tp->t_inpcb->inp_lport),
-                   (((tp->t_inpcb->in6p_laddr.s6_addr16[0] & 0xffff) << 16) |
-                   (tp->t_inpcb->in6p_faddr.s6_addr16[0] & 0xffff)),
+                   ((inp->inp_fport << 16) | inp->inp_lport),
+                   (((inp->in6p_laddr.s6_addr16[0] & 0xffff) << 16) |
+                   (inp->in6p_faddr.s6_addr16[0] & 0xffff)),
                    sendalot,0,0);
        } else
 #endif /* INET6 */
        {
                ip->ip_len = m->m_pkthdr.len;
                    sendalot,0,0);
        } else
 #endif /* INET6 */
        {
                ip->ip_len = m->m_pkthdr.len;
-               ip->ip_ttl = tp->t_inpcb->inp_ip_ttl;   /* XXX */
-               ip->ip_tos |= (tp->t_inpcb->inp_ip_tos & ~IPTOS_ECN_MASK);/* XXX */
+               ip->ip_ttl = inp->inp_ip_ttl;   /* XXX */
+               ip->ip_tos |= (inp->inp_ip_tos & ~IPTOS_ECN_MASK);/* XXX */
                KERNEL_DEBUG(DBG_LAYER_BEG,
                KERNEL_DEBUG(DBG_LAYER_BEG,
-                   ((tp->t_inpcb->inp_fport << 16) | tp->t_inpcb->inp_lport),
-                   (((tp->t_inpcb->inp_laddr.s_addr & 0xffff) << 16) |
-                   (tp->t_inpcb->inp_faddr.s_addr & 0xffff)),
-                   0,0,0);
+                   ((inp->inp_fport << 16) | inp->inp_lport),
+                   (((inp->inp_laddr.s_addr & 0xffff) << 16) |
+                   (inp->inp_faddr.s_addr & 0xffff)), 0,0,0);
        }
 
        /*
        }
 
        /*
@@ -1758,64 +2403,91 @@ timer:
         *      4) the MTU is not locked (if it is, then discovery has been
         *         disabled for that route)
         */
         *      4) the MTU is not locked (if it is, then discovery has been
         *         disabled for that route)
         */
-#ifdef INET6
+#if INET6
        if (!isipv6)
        if (!isipv6)
-#endif
+#endif /* INET6 */
                if (path_mtu_discovery && (tp->t_flags & TF_PMTUD))
                        ip->ip_off |= IP_DF;
 
                if (path_mtu_discovery && (tp->t_flags & TF_PMTUD))
                        ip->ip_off |= IP_DF;
 
+#if NECP
+       {
+               necp_kernel_policy_id policy_id;
+               u_int32_t route_rule_id;
+               if (!necp_socket_is_allowed_to_send_recv(inp, &policy_id, &route_rule_id)) {
+                       m_freem(m);
+                       error = EHOSTUNREACH;
+                       goto out;
+               }
+               necp_mark_packet_from_socket(m, inp, policy_id, route_rule_id);
+
+               if (net_qos_policy_restricted != 0) {
+                       necp_socket_update_qos_marking(inp, inp->inp_route.ro_rt,
+                           NULL, route_rule_id);
+               }
+       }
+#endif /* NECP */
+
 #if IPSEC
 #if IPSEC
-       if (ipsec_bypass == 0)
-               ipsec_setsocket(m, so);
+       if (inp->inp_sp != NULL)
+               ipsec_setsocket(m, so);
 #endif /*IPSEC*/
 
        /*
         * The socket is kept locked while sending out packets in ip_output, even if packet chaining is not active.
         */
        lost = 0;
 #endif /*IPSEC*/
 
        /*
         * The socket is kept locked while sending out packets in ip_output, even if packet chaining is not active.
         */
        lost = 0;
-       m->m_pkthdr.socket_id = socket_id;
 
        /*
         * Embed the flow hash in pkt hdr and mark the packet as
         * capable of flow controlling
         */
 
        /*
         * Embed the flow hash in pkt hdr and mark the packet as
         * capable of flow controlling
         */
-       m->m_pkthdr.m_flowhash = tp->t_inpcb->inp_flowhash;
-       m->m_pkthdr.m_fhflags |=
-           (PF_TAG_TCP | PF_TAG_FLOWHASH | PF_TAG_FLOWADV);
+       m->m_pkthdr.pkt_flowsrc = FLOWSRC_INPCB;
+       m->m_pkthdr.pkt_flowid = inp->inp_flowhash;
+       m->m_pkthdr.pkt_flags |= (PKTF_FLOW_ID | PKTF_FLOW_LOCALSRC | PKTF_FLOW_ADV);
+       m->m_pkthdr.pkt_proto = IPPROTO_TCP;
 
        m->m_nextpkt = NULL;
 
 
        m->m_nextpkt = NULL;
 
-       if (tp->t_inpcb->inp_last_outifp != NULL &&
-           tp->t_inpcb->inp_last_outifp != lo_ifp) {
+       if (inp->inp_last_outifp != NULL &&
+           !(inp->inp_last_outifp->if_flags & IFF_LOOPBACK)) {
                /* Hint to prioritize this packet if
                 * 1. if the packet has no data
                /* Hint to prioritize this packet if
                 * 1. if the packet has no data
-                * 2. the interface supports transmit-start model and did 
+                * 2. the interface supports transmit-start model and did
                 *    not disable ACK prioritization.
                 * 3. Only ACK flag is set.
                 * 4. there is no outstanding data on this connection.
                 */
                if (tcp_prioritize_acks != 0 && len == 0 &&
                 *    not disable ACK prioritization.
                 * 3. Only ACK flag is set.
                 * 4. there is no outstanding data on this connection.
                 */
                if (tcp_prioritize_acks != 0 && len == 0 &&
-                   (tp->t_inpcb->inp_last_outifp->if_eflags & 
-                       (IFEF_TXSTART | IFEF_NOACKPRI)) == IFEF_TXSTART &&
-                   th->th_flags == TH_ACK && tp->snd_una == tp->snd_max &&
-                   tp->t_timer[TCPT_REXMT] == 0) {
-                       svc_flags |= PKT_SCF_TCP_ACK;
+                   (inp->inp_last_outifp->if_eflags &
+                   (IFEF_TXSTART | IFEF_NOACKPRI)) == IFEF_TXSTART) {
+                       if (th->th_flags == TH_ACK &&
+                           tp->snd_una == tp->snd_max &&
+                           tp->t_timer[TCPT_REXMT] == 0)
+                               svc_flags |= PKT_SCF_TCP_ACK;
+                       if (th->th_flags & TH_SYN)
+                               svc_flags |= PKT_SCF_TCP_SYN;
                }
                }
-               set_packet_service_class(m, so, MBUF_SC_UNSPEC, svc_flags);
+               set_packet_service_class(m, so, sotc, svc_flags);
+       } else {
+               /*
+                * Optimization for loopback just set the mbuf
+                * service class
+                */
+               (void) m_set_service_class(m, so_tc2msc(sotc));
        }
 
        tp->t_pktlist_sentlen += len;
        tp->t_lastchain++;
 
        }
 
        tp->t_pktlist_sentlen += len;
        tp->t_lastchain++;
 
-#ifdef INET6
+#if INET6
        if (isipv6) {
        if (isipv6) {
-               DTRACE_TCP5(send, struct mbuf *, m, struct inpcb *, tp->t_inpcb,
+               DTRACE_TCP5(send, struct mbuf *, m, struct inpcb *, inp,
                        struct ip6 *, ip6, struct tcpcb *, tp, struct tcphdr *,
                        th);
        } else
                        struct ip6 *, ip6, struct tcpcb *, tp, struct tcphdr *,
                        th);
        } else
-#endif
+#endif /* INET6 */
        {
        {
-               DTRACE_TCP5(send, struct mbuf *, m, struct inpcb *, tp->t_inpcb,
+               DTRACE_TCP5(send, struct mbuf *, m, struct inpcb *, inp,
                        struct ip *, ip, struct tcpcb *, tp, struct tcphdr *, th);
        }
 
                        struct ip *, ip, struct tcpcb *, tp, struct tcphdr *, th);
        }
 
@@ -1830,7 +2502,7 @@ timer:
        if ((lro_ackmore) && (!sackoptlen) && (!tp->t_timer[TCPT_PERSIST]) &&
                        ((th->th_flags & TH_ACK) == TH_ACK) && (!len) &&
                        (tp->t_state == TCPS_ESTABLISHED)) {
        if ((lro_ackmore) && (!sackoptlen) && (!tp->t_timer[TCPT_PERSIST]) &&
                        ((th->th_flags & TH_ACK) == TH_ACK) && (!len) &&
                        (tp->t_state == TCPS_ESTABLISHED)) {
-               /* For a pure ACK, see if you need to send more of them */      
+               /* For a pure ACK, see if you need to send more of them */
                mnext = tcp_send_lroacks(tp, m, th);
                if (mnext) {
                        tp->t_pktlist_tail->m_nextpkt = mnext;
                mnext = tcp_send_lroacks(tp, m, th);
                if (mnext) {
                        tp->t_pktlist_tail->m_nextpkt = mnext;
@@ -1852,11 +2524,12 @@ timer:
        }
 
        if (sendalot == 0 || (tp->t_state != TCPS_ESTABLISHED) ||
        }
 
        if (sendalot == 0 || (tp->t_state != TCPS_ESTABLISHED) ||
-             (tp->snd_cwnd <= (tp->snd_wnd / 8)) ||
-             (tp->t_flags & (TH_PUSH | TF_ACKNOW)) || tp->t_force != 0 ||
-             tp->t_lastchain >= tcp_packet_chaining) {
+           (tp->snd_cwnd <= (tp->snd_wnd / 8)) ||
+           (tp->t_flags & TF_ACKNOW) ||
+           (tp->t_flagsext & TF_FORCE) ||
+           tp->t_lastchain >= tcp_packet_chaining) {
                error = 0;
                error = 0;
-               while (tp->t_inpcb->inp_sndinprog_cnt == 0 &&
+               while (inp->inp_sndinprog_cnt == 0 &&
                        tp->t_pktlist_head != NULL) {
                        packetlist = tp->t_pktlist_head;
                        packchain_listadd = tp->t_lastchain;
                        tp->t_pktlist_head != NULL) {
                        packetlist = tp->t_pktlist_head;
                        packchain_listadd = tp->t_lastchain;
@@ -1867,13 +2540,7 @@ timer:
                        error = tcp_ip_output(so, tp, packetlist,
                            packchain_listadd, tp_inp_options,
                            (so_options & SO_DONTROUTE),
                        error = tcp_ip_output(so, tp, packetlist,
                            packchain_listadd, tp_inp_options,
                            (so_options & SO_DONTROUTE),
-                           (sack_rxmit | (sack_bytes_rxmt != 0)), recwin,
-#ifdef INET6
-                           isipv6);
-#else
-                           0);
-#endif
-
+                           (sack_rxmit || (sack_bytes_rxmt != 0)), isipv6);
                        if (error) {
                                /*
                                 * Take into account the rest of unsent
                        if (error) {
                                /*
                                 * Take into account the rest of unsent
@@ -1888,7 +2555,7 @@ timer:
                        }
                }
                /* tcp was closed while we were in ip; resume close */
                        }
                }
                /* tcp was closed while we were in ip; resume close */
-               if (tp->t_inpcb->inp_sndinprog_cnt == 0 &&
+               if (inp->inp_sndinprog_cnt == 0 &&
                        (tp->t_flags & TF_CLOSING)) {
                        tp->t_flags &= ~TF_CLOSING;
                        (void) tcp_close(tp);
                        (tp->t_flags & TF_CLOSING)) {
                        tp->t_flags &= ~TF_CLOSING;
                        (void) tcp_close(tp);
@@ -1909,17 +2576,29 @@ timer:
                 * the recent call to ip_output_list() plus the amount of
                 * user data in the packet list for this tcp at the moment.
                 */
                 * the recent call to ip_output_list() plus the amount of
                 * user data in the packet list for this tcp at the moment.
                 */
-               if (tp->t_force == 0 || tp->t_timer[TCPT_PERSIST] == 0) {
+               if (!(tp->t_flagsext & TF_FORCE)
+                   || tp->t_timer[TCPT_PERSIST] == 0) {
                        /*
                         * No need to check for TH_FIN here because
                         * the TF_SENTFIN flag handles that case.
                         */
                        if ((flags & TH_SYN) == 0) {
                                if (sack_rxmit) {
                        /*
                         * No need to check for TH_FIN here because
                         * the TF_SENTFIN flag handles that case.
                         */
                        if ((flags & TH_SYN) == 0) {
                                if (sack_rxmit) {
-                                       p->rxmit -= lost;
+                                       if (SEQ_GT((p->rxmit - lost),
+                                           tp->snd_una)) {
+                                               p->rxmit -= lost;
+                                       } else {
+                                               lost = p->rxmit - tp->snd_una;
+                                               p->rxmit = tp->snd_una;
+                                       }
                                        tp->sackhint.sack_bytes_rexmit -= lost;
                                        tp->sackhint.sack_bytes_rexmit -= lost;
-                               } else
-                                       tp->snd_nxt -= lost;
+                               } else {
+                                       if (SEQ_GT((tp->snd_nxt - lost),
+                                               tp->snd_una))
+                                               tp->snd_nxt -= lost;
+                                       else
+                                               tp->snd_nxt = tp->snd_una;
+                               }
                        }
                }
 out:
                        }
                }
 out:
@@ -1929,19 +2608,17 @@ out:
 
                if (error == ENOBUFS) {
                        if (!tp->t_timer[TCPT_REXMT] &&
 
                if (error == ENOBUFS) {
                        if (!tp->t_timer[TCPT_REXMT] &&
-                               !tp->t_timer[TCPT_PERSIST])
-                               tp->t_timer[TCPT_REXMT] = 
+                           !tp->t_timer[TCPT_PERSIST] &&
+                           (SEQ_GT(tp->snd_max, tp->snd_una) ||
+                           so->so_snd.sb_cc > 0))
+                               tp->t_timer[TCPT_REXMT] =
                                        OFFSET_FROM_START(tp, tp->t_rxtcur);
                                        OFFSET_FROM_START(tp, tp->t_rxtcur);
-
                        tp->snd_cwnd = tp->t_maxseg;
                        tp->t_bytes_acked = 0;
                        tp->snd_cwnd = tp->t_maxseg;
                        tp->t_bytes_acked = 0;
-
                        tcp_check_timer_state(tp);
                        KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END, 0,0,0,0,0);
 
                        tcp_check_timer_state(tp);
                        KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END, 0,0,0,0,0);
 
-                       DTRACE_TCP5(cc, void, NULL, struct inpcb *, tp->t_inpcb,
-                               struct tcpcb *, tp, struct tcphdr *, NULL,
-                               int32_t, TCP_CC_OUTPUT_ERROR);
+                       tcp_ccdbg_trace(tp, NULL, TCP_CC_OUTPUT_ERROR);
                        return (0);
                }
                if (error == EMSGSIZE) {
                        return (0);
                }
                if (error == EMSGSIZE) {
@@ -1960,18 +2637,21 @@ out:
                        if (tso)
                                tp->t_flags &= ~TF_TSO;
 
                        if (tso)
                                tp->t_flags &= ~TF_TSO;
 
-                       tcp_mtudisc(tp->t_inpcb, 0);
+                       tcp_mtudisc(inp, 0);
                        tcp_check_timer_state(tp);
 
                        KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END, 0,0,0,0,0);
                        return 0;
                }
                        tcp_check_timer_state(tp);
 
                        KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END, 0,0,0,0,0);
                        return 0;
                }
-               if ((error == EHOSTUNREACH || error == ENETDOWN)
-                   && TCPS_HAVERCVDSYN(tp->t_state)) {
-                       tp->t_softerror = error;
-                       tcp_check_timer_state(tp);
-                       KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END, 0,0,0,0,0);
-                       return (0);
+               /*
+                * Unless this is due to interface restriction policy,
+                * treat EHOSTUNREACH/ENETDOWN as a soft error.
+                */
+               if ((error == EHOSTUNREACH || error == ENETDOWN) &&
+                   TCPS_HAVERCVDSYN(tp->t_state) &&
+                   !inp_restricted_send(inp, inp->inp_last_outifp)) {
+                               tp->t_softerror = error;
+                               error = 0;
                }
                tcp_check_timer_state(tp);
                KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END, 0,0,0,0,0);
                }
                tcp_check_timer_state(tp);
                KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END, 0,0,0,0,0);
@@ -1990,73 +2670,109 @@ out:
 
 static int
 tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
 
 static int
 tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
-    int cnt, struct mbuf *opt, int flags, int sack_in_progress, int recwin,
-    boolean_t isipv6)
+    int cnt, struct mbuf *opt, int flags, int sack_in_progress, boolean_t isipv6)
 {
        int error = 0;
        boolean_t chain;
        boolean_t unlocked = FALSE;
 {
        int error = 0;
        boolean_t chain;
        boolean_t unlocked = FALSE;
+       boolean_t ifdenied = FALSE;
        struct inpcb *inp = tp->t_inpcb;
        struct ip_out_args ipoa =
        struct inpcb *inp = tp->t_inpcb;
        struct ip_out_args ipoa =
-           { IFSCOPE_NONE, { 0 }, IPOAF_SELECT_SRCIF | IPOAF_BOUND_SRCADDR };
+           { IFSCOPE_NONE, { 0 }, IPOAF_SELECT_SRCIF|IPOAF_BOUND_SRCADDR, 0,
+           SO_TC_UNSPEC, _NET_SERVICE_TYPE_UNSPEC };
        struct route ro;
        struct ifnet *outif = NULL;
        struct route ro;
        struct ifnet *outif = NULL;
-#ifdef INET6
+#if INET6
        struct ip6_out_args ip6oa =
        struct ip6_out_args ip6oa =
-           { IFSCOPE_NONE, { 0 }, IP6OAF_SELECT_SRCIF | IP6OAF_BOUND_SRCADDR };
+           { IFSCOPE_NONE, { 0 }, IP6OAF_SELECT_SRCIF|IP6OAF_BOUND_SRCADDR, 0,
+           SO_TC_UNSPEC, _NET_SERVICE_TYPE_UNSPEC };
        struct route_in6 ro6;
        struct flowadv *adv =
            (isipv6 ? &ip6oa.ip6oa_flowadv : &ipoa.ipoa_flowadv);
        struct route_in6 ro6;
        struct flowadv *adv =
            (isipv6 ? &ip6oa.ip6oa_flowadv : &ipoa.ipoa_flowadv);
-#else
+#else /* INET6 */
        struct flowadv *adv = &ipoa.ipoa_flowadv;
 #endif /* !INET6 */
 
        /* If socket was bound to an ifindex, tell ip_output about it */
        if (inp->inp_flags & INP_BOUND_IF) {
        struct flowadv *adv = &ipoa.ipoa_flowadv;
 #endif /* !INET6 */
 
        /* If socket was bound to an ifindex, tell ip_output about it */
        if (inp->inp_flags & INP_BOUND_IF) {
-#ifdef INET6
+#if INET6
                if (isipv6) {
                        ip6oa.ip6oa_boundif = inp->inp_boundifp->if_index;
                        ip6oa.ip6oa_flags |= IP6OAF_BOUND_IF;
                } else
                if (isipv6) {
                        ip6oa.ip6oa_boundif = inp->inp_boundifp->if_index;
                        ip6oa.ip6oa_flags |= IP6OAF_BOUND_IF;
                } else
-#endif
+#endif /* INET6 */
                {
                        ipoa.ipoa_boundif = inp->inp_boundifp->if_index;
                        ipoa.ipoa_flags |= IPOAF_BOUND_IF;
                }
        }
 
                {
                        ipoa.ipoa_boundif = inp->inp_boundifp->if_index;
                        ipoa.ipoa_flags |= IPOAF_BOUND_IF;
                }
        }
 
-       if (inp->inp_flags & INP_NO_IFT_CELLULAR) {
-#ifdef INET6
+       if (INP_NO_CELLULAR(inp)) {
+#if INET6
                if (isipv6)
                        ip6oa.ip6oa_flags |=  IP6OAF_NO_CELLULAR;
                else
                if (isipv6)
                        ip6oa.ip6oa_flags |=  IP6OAF_NO_CELLULAR;
                else
-#endif
+#endif /* INET6 */
                        ipoa.ipoa_flags |=  IPOAF_NO_CELLULAR;
        }
                        ipoa.ipoa_flags |=  IPOAF_NO_CELLULAR;
        }
-#ifdef INET6
+       if (INP_NO_EXPENSIVE(inp)) {
+#if INET6
+               if (isipv6)
+                       ip6oa.ip6oa_flags |=  IP6OAF_NO_EXPENSIVE;
+               else
+#endif /* INET6 */
+                       ipoa.ipoa_flags |=  IPOAF_NO_EXPENSIVE;
+
+       }
+       if (INP_AWDL_UNRESTRICTED(inp)) {
+#if INET6
+               if (isipv6)
+                       ip6oa.ip6oa_flags |=  IP6OAF_AWDL_UNRESTRICTED;
+               else
+#endif /* INET6 */
+                       ipoa.ipoa_flags |=  IPOAF_AWDL_UNRESTRICTED;
+
+       }
+#if INET6
+       if (INP_INTCOPROC_ALLOWED(inp) && isipv6) {
+               ip6oa.ip6oa_flags |=  IP6OAF_INTCOPROC_ALLOWED;
+       }
+       if (isipv6) {
+               ip6oa.ip6oa_sotc = so->so_traffic_class;
+               ip6oa.ip6oa_netsvctype = so->so_netsvctype;
+       } else
+#endif /* INET6 */
+       {
+               ipoa.ipoa_sotc = so->so_traffic_class;
+               ipoa.ipoa_netsvctype = so->so_netsvctype;
+       }
+       if ((so->so_flags1 & SOF1_QOSMARKING_ALLOWED)) {
+#if INET6
+               if (isipv6)
+                       ip6oa.ip6oa_flags |= IP6OAF_QOSMARKING_ALLOWED;
+               else
+#endif /* INET6 */
+                       ipoa.ipoa_flags |= IPOAF_QOSMARKING_ALLOWED;
+       }
+#if INET6
        if (isipv6)
                flags |= IPV6_OUTARGS;
        else
        if (isipv6)
                flags |= IPV6_OUTARGS;
        else
-#endif
+#endif /* INET6 */
                flags |= IP_OUTARGS;
 
        /* Copy the cached route and take an extra reference */
                flags |= IP_OUTARGS;
 
        /* Copy the cached route and take an extra reference */
-#ifdef INET6
+#if INET6
        if (isipv6)
                in6p_route_copyout(inp, &ro6);
        else
        if (isipv6)
                in6p_route_copyout(inp, &ro6);
        else
-#endif
+#endif /* INET6 */
                inp_route_copyout(inp, &ro);
 
        /*
                inp_route_copyout(inp, &ro);
 
        /*
-        * Data sent (as far as we can tell).
-        * If this advertises a larger window than any other segment,
-        * then remember the size of the advertised window.
         * Make sure ACK/DELACK conditions are cleared before
         * we unlock the socket.
         */
         * Make sure ACK/DELACK conditions are cleared before
         * we unlock the socket.
         */
-       if (recwin > 0 && SEQ_GT(tp->rcv_nxt + recwin, tp->rcv_adv))
-               tp->rcv_adv = tp->rcv_nxt + recwin;
        tp->last_ack_sent = tp->rcv_nxt;
        tp->t_flags &= ~(TF_ACKNOW | TF_DELACK);
        tp->t_timer[TCPT_DELACK] = 0;
        tp->last_ack_sent = tp->rcv_nxt;
        tp->t_flags &= ~(TF_ACKNOW | TF_DELACK);
        tp->t_timer[TCPT_DELACK] = 0;
@@ -2076,12 +2792,12 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
         */
        if (tcp_output_unlocked && !so->so_upcallusecount &&
            (tp->t_state == TCPS_ESTABLISHED) && (sack_in_progress == 0) &&
         */
        if (tcp_output_unlocked && !so->so_upcallusecount &&
            (tp->t_state == TCPS_ESTABLISHED) && (sack_in_progress == 0) &&
-           ((tp->t_flags & TF_FASTRECOVERY) == 0)) {
+           !IN_FASTRECOVERY(tp) && !(so->so_flags & SOF_MP_SUBFLOW)) {
 
                unlocked = TRUE;
                socket_unlock(so, 0);
        }
 
                unlocked = TRUE;
                socket_unlock(so, 0);
        }
-       
+
        /*
         * Don't send down a chain of packets when:
         * - TCP chaining is disabled
        /*
         * Don't send down a chain of packets when:
         * - TCP chaining is disabled
@@ -2117,15 +2833,18 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
                         */
                        cnt = 0;
                }
                         */
                        cnt = 0;
                }
-#ifdef INET6
-               if (isipv6)
+#if INET6
+               if (isipv6) {
                        error = ip6_output_list(pkt, cnt,
                            inp->in6p_outputopts, &ro6, flags, NULL, NULL,
                            &ip6oa);
                        error = ip6_output_list(pkt, cnt,
                            inp->in6p_outputopts, &ro6, flags, NULL, NULL,
                            &ip6oa);
-               else
-#endif
+                       ifdenied = (ip6oa.ip6oa_retflags & IP6OARF_IFDENIED);
+               } else {
+#endif /* INET6 */
                        error = ip_output_list(pkt, cnt, opt, &ro, flags, NULL,
                            &ipoa);
                        error = ip_output_list(pkt, cnt, opt, &ro, flags, NULL,
                            &ipoa);
+                       ifdenied = (ipoa.ipoa_retflags & IPOARF_IFDENIED);
+               }
 
                if (chain || error) {
                        /*
 
                if (chain || error) {
                        /*
@@ -2143,28 +2862,29 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
        if (unlocked)
                socket_lock(so, 0);
 
        if (unlocked)
                socket_lock(so, 0);
 
-       /* 
+       /*
         * Enter flow controlled state if the connection is established
         * Enter flow controlled state if the connection is established
-        * and is not in recovery.
+        * and is not in recovery. Flow control is allowed only if there
+        * is outstanding data.
         *
         *
-        * A connection will enter suspended state even if it is in 
+        * A connection will enter suspended state even if it is in
         * recovery.
         */
        if (((adv->code == FADV_FLOW_CONTROLLED && !IN_FASTRECOVERY(tp)) ||
         * recovery.
         */
        if (((adv->code == FADV_FLOW_CONTROLLED && !IN_FASTRECOVERY(tp)) ||
-           adv->code == FADV_SUSPENDED) && 
+           adv->code == FADV_SUSPENDED) &&
            !(tp->t_flags & TF_CLOSING) &&
            !(tp->t_flags & TF_CLOSING) &&
-           tp->t_state == TCPS_ESTABLISHED) {
+           tp->t_state == TCPS_ESTABLISHED &&
+           SEQ_GT(tp->snd_max, tp->snd_una)) {
                int rc;
                rc = inp_set_fc_state(inp, adv->code);
 
                int rc;
                rc = inp_set_fc_state(inp, adv->code);
 
-               if (rc == 1) 
-                       DTRACE_TCP5(cc, void, NULL, struct inpcb *, inp,
-                           struct tcpcb *, tp, struct tcphdr *, NULL,
-                           int32_t, ((adv->code == FADV_FLOW_CONTROLLED) ?
+               if (rc == 1)
+                       tcp_ccdbg_trace(tp, NULL,
+                           ((adv->code == FADV_FLOW_CONTROLLED) ?
                            TCP_CC_FLOW_CONTROL : TCP_CC_SUSPEND));
        }
 
                            TCP_CC_FLOW_CONTROL : TCP_CC_SUSPEND));
        }
 
-       /* 
+       /*
         * When an interface queue gets suspended, some of the
         * packets are dropped. Return ENOBUFS, to update the
         * pcb state.
         * When an interface queue gets suspended, some of the
         * packets are dropped. Return ENOBUFS, to update the
         * pcb state.
@@ -2176,31 +2896,41 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
        if ( --inp->inp_sndinprog_cnt == 0)
                inp->inp_flags &= ~(INP_FC_FEEDBACK);
 
        if ( --inp->inp_sndinprog_cnt == 0)
                inp->inp_flags &= ~(INP_FC_FEEDBACK);
 
-#ifdef INET6
+#if INET6
        if (isipv6) {
        if (isipv6) {
-               if (ro6.ro_rt != NULL && (outif = ro6.ro_rt->rt_ifp) !=
-                   inp->in6p_last_outifp)
-                       inp->in6p_last_outifp = outif;
+               if (ro6.ro_rt != NULL)
+                       outif = ro6.ro_rt->rt_ifp;
        } else
        } else
-#endif
-               if (ro.ro_rt != NULL && (outif = ro.ro_rt->rt_ifp) !=
-                   inp->inp_last_outifp)
-                       inp->inp_last_outifp = outif;
+#endif /* INET6 */
+               if (ro.ro_rt != NULL)
+                       outif = ro.ro_rt->rt_ifp;
+
+       if (outif != NULL && outif != inp->inp_last_outifp &&
+           so->so_snd.sb_cc > 0) {
+               /* Update the send byte count */
+               if (so->so_snd.sb_flags & SB_SNDBYTE_CNT) {
+                       inp_decr_sndbytes_total(so, so->so_snd.sb_cc);
+                       inp_decr_sndbytes_allunsent(so, tp->snd_una);
+                       so->so_snd.sb_flags &= ~SB_SNDBYTE_CNT;
+               }
+               inp->inp_last_outifp = outif;
 
 
-       if ((inp->inp_flags & INP_NO_IFT_CELLULAR) && outif != NULL &&
-           outif->if_type == IFT_CELLULAR)
-               soevent(inp->inp_socket,
+       }
+
+       if (error != 0 && ifdenied &&
+           (INP_NO_CELLULAR(inp) || INP_NO_EXPENSIVE(inp)))
+               soevent(so,
                    (SO_FILT_HINT_LOCKED|SO_FILT_HINT_IFDENIED));
 
        /* Synchronize cached PCB route & options */
                    (SO_FILT_HINT_LOCKED|SO_FILT_HINT_IFDENIED));
 
        /* Synchronize cached PCB route & options */
-#ifdef INET6
+#if INET6
        if (isipv6)
                in6p_route_copyin(inp, &ro6);
        else
        if (isipv6)
                in6p_route_copyin(inp, &ro6);
        else
-#endif
+#endif /* INET6 */
                inp_route_copyin(inp, &ro);
 
                inp_route_copyin(inp, &ro);
 
-       if (tp->t_state < TCPS_ESTABLISHED && tp->t_rxtshift == 0 && 
+       if (tp->t_state < TCPS_ESTABLISHED && tp->t_rxtshift == 0 &&
                tp->t_inpcb->inp_route.ro_rt != NULL) {
                /* If we found the route and there is an rtt on it
                 * reset the retransmit timer
                tp->t_inpcb->inp_route.ro_rt != NULL) {
                /* If we found the route and there is an rtt on it
                 * reset the retransmit timer
@@ -2211,9 +2941,10 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
        return (error);
 }
 
        return (error);
 }
 
+int tcptv_persmin_val = TCPTV_PERSMIN;
+
 void
 void
-tcp_setpersist(tp)
-       register struct tcpcb *tp;
+tcp_setpersist(struct tcpcb *tp)
 {
        int t = ((tp->t_srtt >> 2) + tp->t_rttvar) >> 1;
 
 {
        int t = ((tp->t_srtt >> 2) + tp->t_rttvar) >> 1;
 
@@ -2234,7 +2965,7 @@ tcp_setpersist(tp)
         */
        TCPT_RANGESET(tp->t_timer[TCPT_PERSIST],
            t * tcp_backoff[tp->t_rxtshift],
         */
        TCPT_RANGESET(tp->t_timer[TCPT_PERSIST],
            t * tcp_backoff[tp->t_rxtshift],
-           TCPTV_PERSMIN, TCPTV_PERSMAX, 0);
+           tcptv_persmin_val, TCPTV_PERSMAX, 0);
        tp->t_timer[TCPT_PERSIST] = OFFSET_FROM_START(tp, tp->t_timer[TCPT_PERSIST]);
 
        if (tp->t_rxtshift < TCP_MAXRXTSHIFT)
        tp->t_timer[TCPT_PERSIST] = OFFSET_FROM_START(tp, tp->t_timer[TCPT_PERSIST]);
 
        if (tp->t_rxtshift < TCP_MAXRXTSHIFT)
@@ -2252,12 +2983,16 @@ tcp_send_lroacks(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th)
        int count = 0;
        tcp_seq org_ack = ntohl(th->th_ack);
        tcp_seq prev_ack = 0;
        int count = 0;
        tcp_seq org_ack = ntohl(th->th_ack);
        tcp_seq prev_ack = 0;
-       int tack_offset = 28; /* XXX IPv6 not supported */
+       int tack_offset = 28; /* IPv6 and IP options not supported */
+       int twin_offset = 34; /* IPv6 and IP options not supported */
        int ack_size = (tp->t_flags & TF_STRETCHACK) ?
                        (maxseg_unacked * tp->t_maxseg) : (tp->t_maxseg << 1);
        int segs_acked = (tp->t_flags & TF_STRETCHACK) ? maxseg_unacked : 2;
        struct mbuf *prev_ack_pkt = NULL;
        struct socket *so = tp->t_inpcb->inp_socket;
        int ack_size = (tp->t_flags & TF_STRETCHACK) ?
                        (maxseg_unacked * tp->t_maxseg) : (tp->t_maxseg << 1);
        int segs_acked = (tp->t_flags & TF_STRETCHACK) ? maxseg_unacked : 2;
        struct mbuf *prev_ack_pkt = NULL;
        struct socket *so = tp->t_inpcb->inp_socket;
+       unsigned short winsz = ntohs(th->th_win);
+       unsigned int scaled_win = winsz<<tp->rcv_scale;
+       tcp_seq win_rtedge = org_ack + scaled_win;
 
        count = tp->t_lropktlen/tp->t_maxseg;
 
 
        count = tp->t_lropktlen/tp->t_maxseg;
 
@@ -2266,6 +3001,17 @@ tcp_send_lroacks(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th)
                ack_chain = m_dup(m, M_DONTWAIT);
                if (ack_chain) {
                        th->th_ack = htonl(prev_ack);
                ack_chain = m_dup(m, M_DONTWAIT);
                if (ack_chain) {
                        th->th_ack = htonl(prev_ack);
+                       /* Keep adv window constant for duplicated ACK packets */
+                       scaled_win = win_rtedge - prev_ack;
+                       if (scaled_win > (int32_t)(TCP_MAXWIN << tp->rcv_scale))
+                               scaled_win = (int32_t)(TCP_MAXWIN << tp->rcv_scale);
+                       th->th_win = htons(scaled_win>>tp->rcv_scale);
+                       if (lrodebug == 5) {
+                               printf("%s: win = %d winsz = %d sc = %d"
+                                   " lro_len %d %d\n",
+                                   __func__, scaled_win>>tp->rcv_scale, winsz,
+                                   tp->rcv_scale, tp->t_lropktlen, count);
+                       }
                        tail = ack_chain;
                        count -= segs_acked; /* accounts for prev_ack packet */
                        count = (count <= segs_acked) ? 0 : count - segs_acked;
                        tail = ack_chain;
                        count -= segs_acked; /* accounts for prev_ack packet */
                        count = (count <= segs_acked) ? 0 : count - segs_acked;
@@ -2274,14 +3020,14 @@ tcp_send_lroacks(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th)
                } else {
                        return NULL;
                }
                } else {
                        return NULL;
                }
-       }       
+       }
        else {
                tp->t_lropktlen = 0;
                return NULL;
        }
 
        prev_ack_pkt = ack_chain;
        else {
                tp->t_lropktlen = 0;
                return NULL;
        }
 
        prev_ack_pkt = ack_chain;
-       
+
        while (count > 0) {
                if ((prev_ack + ack_size) < org_ack) {
                        prev_ack += ack_size;
        while (count > 0) {
                if ((prev_ack + ack_size) < org_ack) {
                        prev_ack += ack_size;
@@ -2294,6 +3040,17 @@ tcp_send_lroacks(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th)
                }
                mnext = m_dup(prev_ack_pkt, M_DONTWAIT);
                if (mnext) {
                }
                mnext = m_dup(prev_ack_pkt, M_DONTWAIT);
                if (mnext) {
+                       /* Keep adv window constant for duplicated ACK packets */
+                       scaled_win = win_rtedge - prev_ack;
+                       if (scaled_win > (int32_t)(TCP_MAXWIN << tp->rcv_scale))
+                               scaled_win = (int32_t)(TCP_MAXWIN << tp->rcv_scale);
+                       winsz = htons(scaled_win>>tp->rcv_scale);
+                       if (lrodebug == 5) {
+                               printf("%s: winsz = %d ack %x count %d\n",
+                                   __func__, scaled_win>>tp->rcv_scale,
+                                   prev_ack, count);
+                       }
+                       bcopy(&winsz, mtod(prev_ack_pkt, caddr_t) + twin_offset, 2);
                        HTONL(prev_ack);
                        bcopy(&prev_ack, mtod(prev_ack_pkt, caddr_t) + tack_offset, 4);
                        NTOHL(prev_ack);
                        HTONL(prev_ack);
                        bcopy(&prev_ack, mtod(prev_ack_pkt, caddr_t) + tack_offset, 4);
                        NTOHL(prev_ack);
@@ -2302,11 +3059,6 @@ tcp_send_lroacks(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th)
                        count -= segs_acked;
                        tcpstat.tcps_sndacks++;
                        so_tc_update_stats(m, so, m_get_service_class(m));
                        count -= segs_acked;
                        tcpstat.tcps_sndacks++;
                        so_tc_update_stats(m, so, m_get_service_class(m));
-                       if (lrodebug == 5) { 
-                               printf("%s: lropktlen = %d count = %d, th_ack = %x \n", 
-                                       __func__, tp->t_lropktlen, count, 
-                                       th->th_ack);
-                       }
                } else {
                        if (lrodebug == 5) {
                                printf("%s: failed to alloc mbuf.\n", __func__);
                } else {
                        if (lrodebug == 5) {
                                printf("%s: failed to alloc mbuf.\n", __func__);
@@ -2314,7 +3066,68 @@ tcp_send_lroacks(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th)
                        break;
                }
                prev_ack_pkt = mnext;
                        break;
                }
                prev_ack_pkt = mnext;
-       } 
+       }
        tp->t_lropktlen = 0;
        return ack_chain;
 }
        tp->t_lropktlen = 0;
        return ack_chain;
 }
+
+static int
+tcp_recv_throttle (struct tcpcb *tp)
+{
+       uint32_t base_rtt, newsize;
+       struct sockbuf *sbrcv = &tp->t_inpcb->inp_socket->so_rcv;
+
+       if (tcp_use_rtt_recvbg == 1 &&
+           TSTMP_SUPPORTED(tp)) {
+               /*
+                * Timestamps are supported on this connection. Use
+                * RTT to look for an increase in latency.
+                */
+
+               /*
+                * If the connection is already being throttled, leave it
+                * in that state until rtt comes closer to base rtt
+                */
+               if (tp->t_flagsext & TF_RECV_THROTTLE)
+                       return (1);
+
+               base_rtt = get_base_rtt(tp);
+
+               if (base_rtt != 0 && tp->t_rttcur != 0) {
+                       /*
+                        * if latency increased on a background flow,
+                        * return 1 to start throttling.
+                        */
+                       if (tp->t_rttcur > (base_rtt + target_qdelay)) {
+                               tp->t_flagsext |= TF_RECV_THROTTLE;
+                               if (tp->t_recv_throttle_ts == 0)
+                                       tp->t_recv_throttle_ts = tcp_now;
+                               /*
+                                * Reduce the recv socket buffer size to
+                                * minimize latecy.
+                                */
+                               if (sbrcv->sb_idealsize >
+                                   tcp_recv_throttle_minwin) {
+                                       newsize = sbrcv->sb_idealsize >> 1;
+                                       /* Set a minimum of 16 K */
+                                       newsize =
+                                           max(newsize,
+                                           tcp_recv_throttle_minwin);
+                                       sbrcv->sb_idealsize = newsize;
+                               }
+                               return (1);
+                       } else {
+                               return (0);
+                       }
+               }
+       }
+
+       /*
+        * Timestamps are not supported or there is no good RTT
+        * measurement. Use IPDV in this case.
+        */
+       if (tp->acc_iaj > tcp_acc_iaj_react_limit)
+               return (1);
+
+       return (0);
+}
mirror of XNU