]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/netinet/tcp_output.c
projects / apple / xnu.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xnu-6153.141.1.tar.gz
[apple/xnu.git] / bsd / netinet / tcp_output.c
diff --git a/bsd/netinet/tcp_output.c b/bsd/netinet/tcp_output.c
index 8c58a9bfc9d227423c7fefc694601e11a32175da..7c1988f1f9467987fc6e330ef940e511f3ae7205 100644 (file)
--- a/bsd/netinet/tcp_output.c
+++ b/bsd/netinet/tcp_output.c
@@ -1,8 +1,8 @@
 /*
 /*
- * Copyright (c) 2000-2013 Apple Inc. All rights reserved.
+ * Copyright (c) 2000-2019 Apple Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
+ *
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
@@ -11,10 +11,10 @@
  * unlawful or unlicensed copies of an Apple operating system, or to
  * circumvent, violate, or enable the circumvention or violation of, any
  * terms of an Apple operating system software license agreement.
  * unlawful or unlicensed copies of an Apple operating system, or to
  * circumvent, violate, or enable the circumvention or violation of, any
  * terms of an Apple operating system software license agreement.
- * 
+ *
  * Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this file.
  * Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
+ *
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
@@ -22,7 +22,7 @@
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
- * 
+ *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
@@ -90,6 +90,7 @@
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/in_var.h>
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/in_var.h>
+#include <netinet/in_tclass.h>
 #include <netinet/ip.h>
 #include <netinet/in_pcb.h>
 #include <netinet/ip_var.h>
 #include <netinet/ip.h>
 #include <netinet/in_pcb.h>
 #include <netinet/ip_var.h>
@@ -101,6 +102,7 @@
 #endif
 #include <netinet/tcp.h>
 #define        TCPOUTFLAGS
 #endif
 #include <netinet/tcp.h>
 #define        TCPOUTFLAGS
+#include <netinet/tcp_cache.h>
 #include <netinet/tcp_fsm.h>
 #include <netinet/tcp_seq.h>
 #include <netinet/tcp_timer.h>
 #include <netinet/tcp_fsm.h>
 #include <netinet/tcp_seq.h>
 #include <netinet/tcp_timer.h>
@@ -110,6 +112,7 @@
 #if TCPDEBUG
 #include <netinet/tcp_debug.h>
 #endif
 #if TCPDEBUG
 #include <netinet/tcp_debug.h>
 #endif
+#include <netinet/tcp_log.h>
 #include <sys/kdebug.h>
 #include <mach/sdt.h>
 
 #include <sys/kdebug.h>
 #include <mach/sdt.h>
 
@@ -128,81 +131,153 @@
 #include <netinet/mptcp_opt.h>
 #endif
 
 #include <netinet/mptcp_opt.h>
 #endif
 
+#include <corecrypto/ccaes.h>
+
 #define DBG_LAYER_BEG          NETDBG_CODE(DBG_NETTCP, 1)
 #define DBG_LAYER_END          NETDBG_CODE(DBG_NETTCP, 3)
 #define DBG_FNC_TCP_OUTPUT     NETDBG_CODE(DBG_NETTCP, (4 << 8) | 1)
 
 #define DBG_LAYER_BEG          NETDBG_CODE(DBG_NETTCP, 1)
 #define DBG_LAYER_END          NETDBG_CODE(DBG_NETTCP, 3)
 #define DBG_FNC_TCP_OUTPUT     NETDBG_CODE(DBG_NETTCP, (4 << 8) | 1)
 
-int path_mtu_discovery = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, path_mtu_discovery, CTLFLAG_RW | CTLFLAG_LOCKED,
-       &path_mtu_discovery, 1, "Enable Path MTU Discovery");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, path_mtu_discovery,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, path_mtu_discovery, 1,
+       "Enable Path MTU Discovery");
 
 
-int ss_fltsz = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, slowstart_flightsize, CTLFLAG_RW | CTLFLAG_LOCKED,
-       &ss_fltsz, 1, "Slow start flight size");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, slowstart_flightsize,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, ss_fltsz, 1,
+       "Slow start flight size");
 
 
-int ss_fltsz_local = 8; /* starts with eight segments max */
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, local_slowstart_flightsize, CTLFLAG_RW | CTLFLAG_LOCKED,
-       &ss_fltsz_local, 1, "Slow start flight size for local networks");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, local_slowstart_flightsize,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, ss_fltsz_local, 8,
+       "Slow start flight size for local networks");
 
 int    tcp_do_tso = 1;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, tso, CTLFLAG_RW | CTLFLAG_LOCKED,
 
 int    tcp_do_tso = 1;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, tso, CTLFLAG_RW | CTLFLAG_LOCKED,
-       &tcp_do_tso, 0, "Enable TCP Segmentation Offload");
+                  &tcp_do_tso, 0, "Enable TCP Segmentation Offload");
 
 
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, ecn_setup_percentage,
+    CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_ecn_setup_percentage, 100,
+    "Max ECN setup percentage");
 
 
-int     tcp_ecn_outbound = 0;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, ecn_initiate_out, CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_ecn_outbound,
-        0, "Initiate ECN for outbound connections");
+static int
+sysctl_change_ecn_setting SYSCTL_HANDLER_ARGS
+{
+#pragma unused(oidp, arg1, arg2)
+       int i, err = 0, changed = 0;
+       struct ifnet *ifp;
+
+       err = sysctl_io_number(req, tcp_ecn_outbound, sizeof(int32_t),
+           &i, &changed);
+       if (err != 0 || req->newptr == USER_ADDR_NULL)
+               return err;
+
+       if (changed) {
+               if ((tcp_ecn_outbound == 0 || tcp_ecn_outbound == 1) &&
+                   (i == 0 || i == 1)) {
+                       tcp_ecn_outbound = i;
+                       SYSCTL_SKMEM_UPDATE_FIELD(tcp.ecn_initiate_out, tcp_ecn_outbound);
+                       return err;
+               }
+               if (tcp_ecn_outbound == 2 && (i == 0 || i == 1)) {
+                       /*
+                        * Reset ECN enable flags on non-cellular
+                        * interfaces so that the system default will take
+                        * over
+                        */
+                       ifnet_head_lock_shared();
+                       TAILQ_FOREACH(ifp, &ifnet_head, if_link) {
+                               if (!IFNET_IS_CELLULAR(ifp)) {
+                                       ifnet_lock_exclusive(ifp);
+                                       ifp->if_eflags &= ~IFEF_ECN_DISABLE;
+                                       ifp->if_eflags &= ~IFEF_ECN_ENABLE;
+                                       ifnet_lock_done(ifp);
+                               }
+                       }
+                       ifnet_head_done();
+               } else {
+                       /*
+                        * Set ECN enable flags on non-cellular
+                        * interfaces
+                        */
+                       ifnet_head_lock_shared();
+                       TAILQ_FOREACH(ifp, &ifnet_head, if_link) {
+                               if (!IFNET_IS_CELLULAR(ifp)) {
+                                       ifnet_lock_exclusive(ifp);
+                                       ifp->if_eflags |= IFEF_ECN_ENABLE;
+                                       ifp->if_eflags &= ~IFEF_ECN_DISABLE;
+                                       ifnet_lock_done(ifp);
+                               }
+                       }
+                       ifnet_head_done();
+               }
+               tcp_ecn_outbound = i;
+               SYSCTL_SKMEM_UPDATE_FIELD(tcp.ecn_initiate_out, tcp_ecn_outbound);
+       }
+       /* Change the other one too as the work is done */
+       if (i == 2 || tcp_ecn_inbound == 2) {
+               tcp_ecn_inbound = i;
+               SYSCTL_SKMEM_UPDATE_FIELD(tcp.ecn_negotiate_in, tcp_ecn_inbound);
+       }
+       return err;
+}
 
 
-int     tcp_ecn_inbound = 0;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, ecn_negotiate_in, CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_ecn_inbound,
-        0, "Allow ECN negotiation for inbound connections");
+int     tcp_ecn_outbound = 2;
+SYSCTL_PROC(_net_inet_tcp, OID_AUTO, ecn_initiate_out,
+    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_ecn_outbound, 0,
+    sysctl_change_ecn_setting, "IU",
+    "Initiate ECN for outbound connections");
 
 
-int    tcp_packet_chaining = 50;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, packetchain, CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_packet_chaining,
-        0, "Enable TCP output packet chaining");
+int     tcp_ecn_inbound = 2;
+SYSCTL_PROC(_net_inet_tcp, OID_AUTO, ecn_negotiate_in,
+    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_ecn_inbound, 0,
+    sysctl_change_ecn_setting, "IU",
+    "Initiate ECN for inbound connections");
 
 
-int    tcp_output_unlocked = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, socket_unlocked_on_output, CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_output_unlocked,
-        0, "Unlock TCP when sending packets down to IP");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, packetchain,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_packet_chaining, 50,
+       "Enable TCP output packet chaining");
 
 
-int tcp_do_rfc3390 = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3390, CTLFLAG_RW | CTLFLAG_LOCKED,
-       &tcp_do_rfc3390, 1, "Calculate intial slowstart cwnd depending on MSS");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, socket_unlocked_on_output,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_output_unlocked, 1,
+       "Unlock TCP when sending packets down to IP");
 
 
-int tcp_min_iaj_win = MIN_IAJ_WIN;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, min_iaj_win, CTLFLAG_RW | CTLFLAG_LOCKED,
-       &tcp_min_iaj_win, 1, "Minimum recv win based on inter-packet arrival jitter");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, rfc3390,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_do_rfc3390, 1,
+       "Calculate intial slowstart cwnd depending on MSS");
 
 
-int tcp_acc_iaj_react_limit = ACC_IAJ_REACT_LIMIT;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, acc_iaj_react_limit, CTLFLAG_RW | CTLFLAG_LOCKED,
-        &tcp_acc_iaj_react_limit, 1, "Accumulated IAJ when receiver starts to react");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, min_iaj_win,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_min_iaj_win, MIN_IAJ_WIN,
+       "Minimum recv win based on inter-packet arrival jitter");
 
 
-uint32_t tcp_do_autosendbuf = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, doautosndbuf, CTLFLAG_RW | CTLFLAG_LOCKED,
-        &tcp_do_autosendbuf, 1, "Enable send socket buffer auto-tuning");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, acc_iaj_react_limit,
+       CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_acc_iaj_react_limit,
+       ACC_IAJ_REACT_LIMIT, "Accumulated IAJ when receiver starts to react");
 
 
-uint32_t tcp_autosndbuf_inc = 8 * 1024;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, autosndbufinc, CTLFLAG_RW | CTLFLAG_LOCKED,
-        &tcp_autosndbuf_inc, 1, "Increment in send socket bufffer size");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, doautosndbuf,
+       CTLFLAG_RW | CTLFLAG_LOCKED, uint32_t, tcp_do_autosendbuf, 1,
+       "Enable send socket buffer auto-tuning");
 
 
-uint32_t tcp_autosndbuf_max = 512 * 1024;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, autosndbufmax, CTLFLAG_RW | CTLFLAG_LOCKED,
-        &tcp_autosndbuf_max, 1, "Maximum send socket buffer size");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, autosndbufinc,
+       CTLFLAG_RW | CTLFLAG_LOCKED, uint32_t, tcp_autosndbuf_inc,
+       8 * 1024, "Increment in send socket bufffer size");
 
 
-uint32_t tcp_prioritize_acks = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, ack_prioritize, CTLFLAG_RW | CTLFLAG_LOCKED,
-        &tcp_prioritize_acks, 1, "Prioritize pure acks");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, autosndbufmax,
+       CTLFLAG_RW | CTLFLAG_LOCKED, uint32_t, tcp_autosndbuf_max, 512 * 1024,
+       "Maximum send socket buffer size");
 
 
-uint32_t tcp_use_rtt_recvbg = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, rtt_recvbg, 
-       CTLFLAG_RW | CTLFLAG_LOCKED,
-        &tcp_use_rtt_recvbg, 1, "Use RTT for bg recv algorithm");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, ack_prioritize,
+       CTLFLAG_RW | CTLFLAG_LOCKED, uint32_t, tcp_prioritize_acks, 1,
+       "Prioritize pure acks");
 
 
-uint32_t tcp_recv_throttle_minwin = 16 * 1024;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, recv_throttle_minwin, 
-       CTLFLAG_RW | CTLFLAG_LOCKED,
-        &tcp_recv_throttle_minwin, 1, "Minimum recv win for throttling");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, rtt_recvbg,
+       CTLFLAG_RW | CTLFLAG_LOCKED, uint32_t, tcp_use_rtt_recvbg, 1,
+       "Use RTT for bg recv algorithm");
 
 
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, recv_throttle_minwin,
+       CTLFLAG_RW | CTLFLAG_LOCKED, uint32_t, tcp_recv_throttle_minwin, 16 * 1024,
+       "Minimum recv win for throttling");
+
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, enable_tlp,
+       CTLFLAG_RW | CTLFLAG_LOCKED,
+       int32_t, tcp_enable_tlp, 1, "Enable Tail loss probe");
 
 static int32_t packchain_newlist = 0;
 static int32_t packchain_looped = 0;
 
 static int32_t packchain_newlist = 0;
 static int32_t packchain_looped = 0;
@@ -215,22 +290,237 @@ extern int ipsec_bypass;
 
 extern int slowlink_wsize;     /* window correction for slow links */
 #if IPFIREWALL
 
 extern int slowlink_wsize;     /* window correction for slow links */
 #if IPFIREWALL
-extern int fw_enable;          /* firewall check for packet chaining */
-extern int fw_bypass;          /* firewall check: disable packet chaining if there is rules */
+extern int fw_enable;          /* firewall check for packet chaining */
+extern int fw_bypass;          /* firewall check: disable packet chaining if there is rules */
 #endif /* IPFIREWALL */
 
 extern u_int32_t dlil_filter_disable_tso_count;
 extern u_int32_t kipf_count;
 #endif /* IPFIREWALL */
 
 extern u_int32_t dlil_filter_disable_tso_count;
 extern u_int32_t kipf_count;
-extern int tcp_recv_bg;
-extern int maxseg_unacked;
-
-static int tcp_ip_output(struct socket *, struct tcpcb *, struct mbuf *, int,
-    struct mbuf *, int, int, int32_t, boolean_t);
 
 
-extern uint32_t get_base_rtt(struct tcpcb *tp);
+static int tcp_ip_output(struct socket *, struct tcpcb *, struct mbuf *,
+    int, struct mbuf *, int, int, boolean_t);
 static struct mbuf* tcp_send_lroacks(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th);
 static int tcp_recv_throttle(struct tcpcb *tp);
 
 static struct mbuf* tcp_send_lroacks(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th);
 static int tcp_recv_throttle(struct tcpcb *tp);
 
+static int32_t tcp_tfo_check(struct tcpcb *tp, int32_t len)
+{
+       struct socket *so = tp->t_inpcb->inp_socket;
+       unsigned int optlen = 0;
+       unsigned int cookie_len;
+
+       if (tp->t_flags & TF_NOOPT)
+               goto fallback;
+
+       if (!(tp->t_flagsext & TF_FASTOPEN_FORCE_ENABLE) &&
+           !tcp_heuristic_do_tfo(tp)) {
+               tp->t_tfo_stats |= TFO_S_HEURISTICS_DISABLE;
+               tcpstat.tcps_tfo_heuristics_disable++;
+               goto fallback;
+       }
+
+       if (so->so_flags1 & SOF1_DATA_AUTHENTICATED)
+               return len;
+
+       optlen += TCPOLEN_MAXSEG;
+
+       if (tp->t_flags & TF_REQ_SCALE)
+               optlen += 4;
+
+#if MPTCP
+       if ((so->so_flags & SOF_MP_SUBFLOW) && mptcp_enable &&
+           (tp->t_rxtshift <= mptcp_mpcap_retries ||
+           (tptomptp(tp)->mpt_mpte->mpte_flags & MPTE_FORCE_ENABLE)))
+               optlen += sizeof(struct mptcp_mpcapable_opt_common) + sizeof(mptcp_key_t);
+#endif /* MPTCP */
+
+       if (tp->t_flags & TF_REQ_TSTMP)
+               optlen += TCPOLEN_TSTAMP_APPA;
+
+       if (SACK_ENABLED(tp))
+               optlen += TCPOLEN_SACK_PERMITTED;
+
+       /* Now, decide whether to use TFO or not */
+
+       /* Don't even bother trying if there is no space at all... */
+       if (MAX_TCPOPTLEN - optlen < TCPOLEN_FASTOPEN_REQ)
+               goto fallback;
+
+       cookie_len = tcp_cache_get_cookie_len(tp);
+       if (cookie_len == 0)
+               /* No cookie, so we request one */
+               return 0;
+
+       /* There is not enough space for the cookie, so we cannot do TFO */
+       if (MAX_TCPOPTLEN - optlen < cookie_len)
+               goto fallback;
+
+       /* Do not send SYN+data if there is more in the queue than MSS */
+       if (so->so_snd.sb_cc > (tp->t_maxopd - MAX_TCPOPTLEN))
+               goto fallback;
+
+       /* Ok, everything looks good. We can go on and do TFO */
+       return len;
+
+fallback:
+       tcp_disable_tfo(tp);
+       return 0;
+}
+
+/* Returns the number of bytes written to the TCP option-space */
+static unsigned
+tcp_tfo_write_cookie_rep(struct tcpcb *tp, unsigned optlen, u_char *opt)
+{
+       u_char out[CCAES_BLOCK_SIZE];
+       unsigned ret = 0;
+       u_char *bp;
+
+       if ((MAX_TCPOPTLEN - optlen) <
+           (TCPOLEN_FASTOPEN_REQ + TFO_COOKIE_LEN_DEFAULT))
+               return ret;
+
+       tcp_tfo_gen_cookie(tp->t_inpcb, out, sizeof(out));
+
+       bp = opt + optlen;
+
+       *bp++ = TCPOPT_FASTOPEN;
+       *bp++ = 2 + TFO_COOKIE_LEN_DEFAULT;
+       memcpy(bp, out, TFO_COOKIE_LEN_DEFAULT);
+       ret += 2 + TFO_COOKIE_LEN_DEFAULT;
+
+       tp->t_tfo_stats |= TFO_S_COOKIE_SENT;
+       tcpstat.tcps_tfo_cookie_sent++;
+
+       return ret;
+}
+
+static unsigned
+tcp_tfo_write_cookie(struct tcpcb *tp, unsigned optlen, int32_t len,
+                    u_char *opt)
+{
+       u_int8_t tfo_len = MAX_TCPOPTLEN - optlen - TCPOLEN_FASTOPEN_REQ;
+       struct socket *so = tp->t_inpcb->inp_socket;
+       unsigned ret = 0;
+       int res;
+       u_char *bp;
+
+       if (so->so_flags1 & SOF1_DATA_AUTHENTICATED) {
+               /* If there is some data, let's track it */
+               if (len > 0) {
+                       tp->t_tfo_stats |= TFO_S_SYN_DATA_SENT;
+                       tcpstat.tcps_tfo_syn_data_sent++;
+               }
+
+               return 0;
+       }
+
+       bp = opt + optlen;
+
+       /*
+        * The cookie will be copied in the appropriate place within the
+        * TCP-option space. That way we avoid the need for an intermediate
+        * variable.
+        */
+       res = tcp_cache_get_cookie(tp, bp + TCPOLEN_FASTOPEN_REQ, &tfo_len);
+       if (res == 0) {
+               *bp++ = TCPOPT_FASTOPEN;
+               *bp++ = TCPOLEN_FASTOPEN_REQ;
+               ret += TCPOLEN_FASTOPEN_REQ;
+
+               tp->t_tfo_flags |= TFO_F_COOKIE_REQ;
+
+               tp->t_tfo_stats |= TFO_S_COOKIE_REQ;
+               tcpstat.tcps_tfo_cookie_req++;
+       } else {
+               *bp++ = TCPOPT_FASTOPEN;
+               *bp++ = TCPOLEN_FASTOPEN_REQ + tfo_len;
+
+               ret += TCPOLEN_FASTOPEN_REQ + tfo_len;
+
+               tp->t_tfo_flags |= TFO_F_COOKIE_SENT;
+
+               /* If there is some data, let's track it */
+               if (len > 0) {
+                       tp->t_tfo_stats |= TFO_S_SYN_DATA_SENT;
+                       tcpstat.tcps_tfo_syn_data_sent++;
+               }
+       }
+
+       return ret;
+}
+
+static inline bool
+tcp_send_ecn_flags_on_syn(struct tcpcb *tp, struct socket *so)
+{
+       return !((tp->ecn_flags & TE_SETUPSENT ||
+           (so->so_flags & SOF_MP_SUBFLOW) ||
+           (tfo_enabled(tp))));
+}
+
+void
+tcp_set_ecn(struct tcpcb *tp, struct ifnet *ifp)
+{
+       boolean_t inbound;
+
+       /*
+        * Socket option has precedence
+        */
+       if (tp->ecn_flags & TE_ECN_MODE_ENABLE) {
+               tp->ecn_flags |= TE_ENABLE_ECN;
+               goto check_heuristic;
+       }
+
+       if (tp->ecn_flags & TE_ECN_MODE_DISABLE) {
+               tp->ecn_flags &= ~TE_ENABLE_ECN;
+               return;
+       }
+       /*
+        * Per interface setting comes next
+        */
+       if (ifp != NULL) {
+               if (ifp->if_eflags & IFEF_ECN_ENABLE) {
+                       tp->ecn_flags |= TE_ENABLE_ECN;
+                       goto check_heuristic;
+               }
+
+               if (ifp->if_eflags & IFEF_ECN_DISABLE) {
+                       tp->ecn_flags &= ~TE_ENABLE_ECN;
+                       return;
+               }
+       }
+       /*
+        * System wide settings come last
+        */
+       inbound = (tp->t_inpcb->inp_socket->so_head != NULL);
+       if ((inbound && tcp_ecn_inbound == 1) ||
+           (!inbound && tcp_ecn_outbound == 1)) {
+               tp->ecn_flags |= TE_ENABLE_ECN;
+               goto check_heuristic;
+       } else {
+               tp->ecn_flags &= ~TE_ENABLE_ECN;
+       }
+
+       return;
+
+check_heuristic:
+       if (!tcp_heuristic_do_ecn(tp))
+               tp->ecn_flags &= ~TE_ENABLE_ECN;
+
+       /*
+        * If the interface setting, system-level setting and heuristics
+        * allow to enable ECN, randomly select 5% of connections to
+        * enable it
+        */
+       if ((tp->ecn_flags & (TE_ECN_MODE_ENABLE | TE_ECN_MODE_DISABLE
+           | TE_ENABLE_ECN)) == TE_ENABLE_ECN) {
+               /*
+                * Use the random value in iss for randomizing
+                * this selection
+                */
+               if ((tp->iss % 100) >= tcp_ecn_setup_percentage)
+                       tp->ecn_flags &= ~TE_ENABLE_ECN;
+       }
+}
+
 /*
  * Tcp output routine: figure out what should be sent and send it.
  *
 /*
  * Tcp output routine: figure out what should be sent and send it.
  *
@@ -264,49 +554,47 @@ tcp_output(struct tcpcb *tp)
        struct socket *so = inp->inp_socket;
        int32_t len, recwin, sendwin, off;
        int flags, error;
        struct socket *so = inp->inp_socket;
        int32_t len, recwin, sendwin, off;
        int flags, error;
-       register struct mbuf *m;
+       struct mbuf *m;
        struct ip *ip = NULL;
        struct ip *ip = NULL;
-       register struct ipovly *ipov = NULL;
+       struct ipovly *ipov = NULL;
 #if INET6
        struct ip6_hdr *ip6 = NULL;
 #endif /* INET6 */
 #if INET6
        struct ip6_hdr *ip6 = NULL;
 #endif /* INET6 */
-       register struct tcphdr *th;
+       struct tcphdr *th;
        u_char opt[TCP_MAXOLEN];
        unsigned ipoptlen, optlen, hdrlen;
        int idle, sendalot, lost = 0;
        int i, sack_rxmit;
        int tso = 0;
        int sack_bytes_rxmt;
        u_char opt[TCP_MAXOLEN];
        unsigned ipoptlen, optlen, hdrlen;
        int idle, sendalot, lost = 0;
        int i, sack_rxmit;
        int tso = 0;
        int sack_bytes_rxmt;
+       tcp_seq old_snd_nxt = 0;
        struct sackhole *p;
 #if IPSEC
        unsigned ipsec_optlen = 0;
 #endif /* IPSEC */
        struct sackhole *p;
 #if IPSEC
        unsigned ipsec_optlen = 0;
 #endif /* IPSEC */
-       int    last_off = 0;
-       int    m_off = 0;
        int    idle_time = 0;
        int    idle_time = 0;
-       struct mbuf *m_lastm = NULL;
-       struct mbuf *m_head = NULL;
        struct mbuf *packetlist = NULL;
        struct mbuf *tp_inp_options = inp->inp_depend4.inp4_options;
 #if INET6
        int isipv6 = inp->inp_vflag & INP_IPV6 ;
        struct mbuf *packetlist = NULL;
        struct mbuf *tp_inp_options = inp->inp_depend4.inp4_options;
 #if INET6
        int isipv6 = inp->inp_vflag & INP_IPV6 ;
+#else
+       int isipv6 = 0;
 #endif
        short packchain_listadd = 0;
        int so_options = so->so_options;
        struct rtentry *rt;
 #endif
        short packchain_listadd = 0;
        int so_options = so->so_options;
        struct rtentry *rt;
-       u_int32_t basertt, svc_flags = 0, allocated_len;
+       u_int32_t svc_flags = 0, allocated_len;
        u_int32_t lro_ackmore = (tp->t_lropktlen != 0) ? 1 : 0;
        struct mbuf *mnext = NULL;
        int sackoptlen = 0;
 #if MPTCP
        u_int32_t lro_ackmore = (tp->t_lropktlen != 0) ? 1 : 0;
        struct mbuf *mnext = NULL;
        int sackoptlen = 0;
 #if MPTCP
-       unsigned int *dlenp = NULL;
-       u_int8_t *finp = NULL;
-       u_int32_t *sseqp = NULL;
-       u_int64_t dss_val = 0;
-       int mptcp_acknow = 0;
+       boolean_t mptcp_acknow;
 #endif /* MPTCP */
        boolean_t cell = FALSE;
        boolean_t wifi = FALSE;
 #endif /* MPTCP */
        boolean_t cell = FALSE;
        boolean_t wifi = FALSE;
+       boolean_t wired = FALSE;
+       boolean_t sack_rescue_rxt = FALSE;
+       int sotc = so->so_traffic_class;
 
        /*
         * Determine length of data that should be transmitted,
 
        /*
         * Determine length of data that should be transmitted,
@@ -321,11 +609,22 @@ tcp_output(struct tcpcb *tp)
         */
        idle_time = tcp_now - tp->t_rcvtime;
        if (idle && idle_time >= TCP_IDLETIMEOUT(tp)) {
         */
        idle_time = tcp_now - tp->t_rcvtime;
        if (idle && idle_time >= TCP_IDLETIMEOUT(tp)) {
-               if (CC_ALGO(tp)->after_idle != NULL) 
+               if (CC_ALGO(tp)->after_idle != NULL &&
+                   (tp->tcp_cc_index != TCP_CC_ALGO_CUBIC_INDEX ||
+                   idle_time >= TCP_CC_CWND_NONVALIDATED_PERIOD)) {
                        CC_ALGO(tp)->after_idle(tp);
                        CC_ALGO(tp)->after_idle(tp);
-               DTRACE_TCP5(cc, void, NULL, struct inpcb *, inp,
-                       struct tcpcb *, tp, struct tcphdr *, NULL,
-                       int32_t, TCP_CC_IDLE_TIMEOUT);
+                       tcp_ccdbg_trace(tp, NULL, TCP_CC_IDLE_TIMEOUT);
+               }
+
+               /*
+                * Do some other tasks that need to be done after
+                * idle time
+                */
+               if (!SLIST_EMPTY(&tp->t_rxt_segments))
+                       tcp_rxtseg_clean(tp);
+
+               /* If stretch ack was auto-disabled, re-evaluate it */
+               tcp_cc_after_idle_stretchack(tp);
        }
        tp->t_flags &= ~TF_LASTIDLE;
        if (idle) {
        }
        tp->t_flags &= ~TF_LASTIDLE;
        if (idle) {
@@ -334,19 +633,23 @@ tcp_output(struct tcpcb *tp)
                        idle = 0;
                }
        }
                        idle = 0;
                }
        }
-#if MPTCP 
+#if MPTCP
        if (tp->t_mpflags & TMPF_RESET) {
                tcp_check_timer_state(tp);
        if (tp->t_mpflags & TMPF_RESET) {
                tcp_check_timer_state(tp);
-               /* 
-                * Once a RST has been sent for an MPTCP subflow, 
+               /*
+                * Once a RST has been sent for an MPTCP subflow,
                 * the subflow socket stays around until deleted.
                 * No packets such as FINs must be sent after RST.
                 */
                 * the subflow socket stays around until deleted.
                 * No packets such as FINs must be sent after RST.
                 */
-               return (0);
+               return 0;
        }
 #endif /* MPTCP */
 
 again:
        }
 #endif /* MPTCP */
 
 again:
+#if MPTCP
+       mptcp_acknow = FALSE;
+#endif
+
        KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_START, 0,0,0,0,0);
 
 #if INET6
        KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_START, 0,0,0,0,0);
 
 #if INET6
@@ -385,6 +688,8 @@ again:
                /* Disable TSO for the socket until we know more */
                tp->t_flags &= ~TF_TSO;
 
                /* Disable TSO for the socket until we know more */
                tp->t_flags &= ~TF_TSO;
 
+               soif2kcl(so, FALSE);
+
                if (isipv6) {
                        ia6 = ifa_foraddr6(&inp->in6p_laddr);
                        if (ia6 != NULL)
                if (isipv6) {
                        ia6 = ifa_foraddr6(&inp->in6p_laddr);
                        if (ia6 != NULL)
@@ -402,21 +707,21 @@ again:
 
                        if (tp->t_state >= TCPS_CLOSE_WAIT) {
                                tcp_drop(tp, EADDRNOTAVAIL);
 
                        if (tp->t_state >= TCPS_CLOSE_WAIT) {
                                tcp_drop(tp, EADDRNOTAVAIL);
-                               return(EADDRNOTAVAIL);
+                               return EADDRNOTAVAIL;
                        }
 
                        }
 
-                       /* set Retransmit  timer if it wasn't set
+                       /*
+                        * Set retransmit  timer if it wasn't set,
                         * reset Persist timer and shift register as the
                         * advertised peer window may not be valid anymore
                         */
                         * reset Persist timer and shift register as the
                         * advertised peer window may not be valid anymore
                         */
-
-                       if (!tp->t_timer[TCPT_REXMT]) {
-                               tp->t_timer[TCPT_REXMT] = OFFSET_FROM_START(tp, tp->t_rxtcur);
-                               if (tp->t_timer[TCPT_PERSIST]) {
+                       if (tp->t_timer[TCPT_REXMT] == 0) {
+                               tp->t_timer[TCPT_REXMT] =
+                                   OFFSET_FROM_START(tp, tp->t_rxtcur);
+                               if (tp->t_timer[TCPT_PERSIST] != 0) {
                                        tp->t_timer[TCPT_PERSIST] = 0;
                                        tp->t_timer[TCPT_PERSIST] = 0;
-                                       tp->t_rxtshift = 0;
                                        tp->t_persist_stop = 0;
                                        tp->t_persist_stop = 0;
-                                       tp->t_rxtstart = 0;
+                                       TCP_RESET_REXMT_STATE(tp);
                                }
                        }
 
                                }
                        }
 
@@ -425,13 +730,12 @@ again:
                        TCP_PKTLIST_CLEAR(tp);
 
                        /* drop connection if source address isn't available */
                        TCP_PKTLIST_CLEAR(tp);
 
                        /* drop connection if source address isn't available */
-                       if (so->so_flags & SOF_NOADDRAVAIL) { 
+                       if (so->so_flags & SOF_NOADDRAVAIL) {
                                tcp_drop(tp, EADDRNOTAVAIL);
                                tcp_drop(tp, EADDRNOTAVAIL);
-                               return(EADDRNOTAVAIL);
-                       }
-                       else {
+                               return EADDRNOTAVAIL;
+                       } else {
                                tcp_check_timer_state(tp);
                                tcp_check_timer_state(tp);
-                               return(0); /* silently ignore, keep data in socket: address may be back */
+                               return 0; /* silently ignore, keep data in socket: address may be back */
                        }
                }
                if (ia != NULL)
                        }
                }
                if (ia != NULL)
@@ -448,6 +752,8 @@ again:
                if ((ifp = rt->rt_ifp) != NULL) {
                        somultipages(so, (ifp->if_hwassist & IFNET_MULTIPAGES));
                        tcp_set_tso(tp, ifp);
                if ((ifp = rt->rt_ifp) != NULL) {
                        somultipages(so, (ifp->if_hwassist & IFNET_MULTIPAGES));
                        tcp_set_tso(tp, ifp);
+                       soif2kcl(so, (ifp->if_eflags & IFEF_2KCL));
+                       tcp_set_ecn(tp, ifp);
                }
                if (rt->rt_flags & RTF_UP)
                        RT_GENID_SYNC(rt);
                }
                if (rt->rt_flags & RTF_UP)
                        RT_GENID_SYNC(rt);
@@ -455,12 +761,13 @@ again:
                 * See if we should do MTU discovery. Don't do it if:
                 *      1) it is disabled via the sysctl
                 *      2) the route isn't up
                 * See if we should do MTU discovery. Don't do it if:
                 *      1) it is disabled via the sysctl
                 *      2) the route isn't up
-                *      3) the MTU is locked (if it is, then discovery has been
-                *         disabled)
+                *      3) the MTU is locked (if it is, then discovery
+                *         has been disabled)
                 */
 
                 */
 
-               if (!path_mtu_discovery || ((rt != NULL) && 
-                   (!(rt->rt_flags & RTF_UP) || (rt->rt_rmx.rmx_locks & RTV_MTU)))) 
+               if (!path_mtu_discovery || ((rt != NULL) &&
+                   (!(rt->rt_flags & RTF_UP) ||
+                   (rt->rt_rmx.rmx_locks & RTV_MTU))))
                        tp->t_flags &= ~TF_PMTUD;
                else
                        tp->t_flags |= TF_PMTUD;
                        tp->t_flags &= ~TF_PMTUD;
                else
                        tp->t_flags |= TF_PMTUD;
@@ -471,6 +778,7 @@ again:
        if (rt != NULL) {
                cell = IFNET_IS_CELLULAR(rt->rt_ifp);
                wifi = (!cell && IFNET_IS_WIFI(rt->rt_ifp));
        if (rt != NULL) {
                cell = IFNET_IS_CELLULAR(rt->rt_ifp);
                wifi = (!cell && IFNET_IS_WIFI(rt->rt_ifp));
+               wired = (!wifi && IFNET_IS_WIRED(rt->rt_ifp));
        }
 
        /*
        }
 
        /*
@@ -489,11 +797,12 @@ again:
 
        flags = tcp_outflags[tp->t_state];
        /*
 
        flags = tcp_outflags[tp->t_state];
        /*
-        * Send any SACK-generated retransmissions.  If we're explicitly trying
-        * to send out new data (when sendalot is 1), bypass this function.
-        * If we retransmit in fast recovery mode, decrement snd_cwnd, since
-        * we're replacing a (future) new transmission with a retransmission
-        * now, and we previously incremented snd_cwnd in tcp_input().
+        * Send any SACK-generated retransmissions.  If we're explicitly
+        * trying to send out new data (when sendalot is 1), bypass this
+        * function. If we retransmit in fast recovery mode, decrement
+        * snd_cwnd, since we're replacing a (future) new transmission
+        * with a retransmission now, and we previously incremented
+        * snd_cwnd in tcp_input().
         */
        /*
         * Still in sack recovery , reset rxmit flag to zero.
         */
        /*
         * Still in sack recovery , reset rxmit flag to zero.
@@ -505,7 +814,7 @@ again:
        if (SACK_ENABLED(tp) && IN_FASTRECOVERY(tp) &&
            (p = tcp_sack_output(tp, &sack_bytes_rxmt))) {
                int32_t cwin;
        if (SACK_ENABLED(tp) && IN_FASTRECOVERY(tp) &&
            (p = tcp_sack_output(tp, &sack_bytes_rxmt))) {
                int32_t cwin;
-               
+
                cwin = min(tp->snd_wnd, tp->snd_cwnd) - sack_bytes_rxmt;
                if (cwin < 0)
                        cwin = 0;
                cwin = min(tp->snd_wnd, tp->snd_cwnd) - sack_bytes_rxmt;
                if (cwin < 0)
                        cwin = 0;
@@ -533,21 +842,12 @@ again:
                        len = ((int32_t)min(cwin, p->end - p->rxmit));
                }
                if (len > 0) {
                        len = ((int32_t)min(cwin, p->end - p->rxmit));
                }
                if (len > 0) {
-                       off = p->rxmit - tp->snd_una; /* update off only if we really transmit SACK data */
+                       off = p->rxmit - tp->snd_una;
                        sack_rxmit = 1;
                        sendalot = 1;
                        tcpstat.tcps_sack_rexmits++;
                        tcpstat.tcps_sack_rexmit_bytes +=
                            min(len, tp->t_maxseg);
                        sack_rxmit = 1;
                        sendalot = 1;
                        tcpstat.tcps_sack_rexmits++;
                        tcpstat.tcps_sack_rexmit_bytes +=
                            min(len, tp->t_maxseg);
-                       if (nstat_collect) {
-                               nstat_route_tx(inp->inp_route.ro_rt, 1,
-                                       min(len, tp->t_maxseg),
-                                       NSTAT_TX_FLAG_RETRANSMIT);
-                               INP_ADD_STAT(inp, cell, wifi, txpackets, 1);
-                               INP_ADD_STAT(inp, cell, wifi, txbytes,
-                                   min(len, tp->t_maxseg));
-                               tp->t_stat.txretransmitbytes += min(len, tp->t_maxseg);
-                       }
                } else {
                        len = 0;
                }
                } else {
                        len = 0;
                }
@@ -568,7 +868,7 @@ after_sack_rexmit:
         * and timer expired, we will send what we can
         * and go to transmit state.
         */
         * and timer expired, we will send what we can
         * and go to transmit state.
         */
-       if (tp->t_force) {
+       if (tp->t_flagsext & TF_FORCE) {
                if (sendwin == 0) {
                        /*
                         * If we still have some data to send, then
                if (sendwin == 0) {
                        /*
                         * If we still have some data to send, then
@@ -591,9 +891,8 @@ after_sack_rexmit:
                        sendwin = 1;
                } else {
                        tp->t_timer[TCPT_PERSIST] = 0;
                        sendwin = 1;
                } else {
                        tp->t_timer[TCPT_PERSIST] = 0;
-                       tp->t_rxtshift = 0;
-                       tp->t_rxtstart = 0;
                        tp->t_persist_stop = 0;
                        tp->t_persist_stop = 0;
+                       TCP_RESET_REXMT_STATE(tp);
                }
        }
 
                }
        }
 
@@ -613,36 +912,63 @@ after_sack_rexmit:
         * in which case len is already set.
         */
        if (sack_rxmit == 0) {
         * in which case len is already set.
         */
        if (sack_rxmit == 0) {
-               if (sack_bytes_rxmt == 0)
+               if (sack_bytes_rxmt == 0) {
                        len = min(so->so_snd.sb_cc, sendwin) - off;
                        len = min(so->so_snd.sb_cc, sendwin) - off;
-               else {
+               else {
                        int32_t cwin;
 
                        int32_t cwin;
 
+                       cwin = tp->snd_cwnd -
+                           (tp->snd_nxt - tp->sack_newdata) -
+                           sack_bytes_rxmt;
+                       if (cwin < 0)
+                               cwin = 0;
                         /*
                         * We are inside of a SACK recovery episode and are
                         * sending new data, having retransmitted all the
                         * data possible in the scoreboard.
                         */
                         /*
                         * We are inside of a SACK recovery episode and are
                         * sending new data, having retransmitted all the
                         * data possible in the scoreboard.
                         */
-                       len = min(so->so_snd.sb_cc, tp->snd_wnd) 
+                       len = min(so->so_snd.sb_cc, tp->snd_wnd)
                               - off;
                        /*
                         * Don't remove this (len > 0) check !
                               - off;
                        /*
                         * Don't remove this (len > 0) check !
-                        * We explicitly check for len > 0 here (although it 
-                        * isn't really necessary), to work around a gcc 
+                        * We explicitly check for len > 0 here (although it
+                        * isn't really necessary), to work around a gcc
                         * optimization issue - to force gcc to compute
                         * len above. Without this check, the computation
                         * of len is bungled by the optimizer.
                         */
                        if (len > 0) {
                         * optimization issue - to force gcc to compute
                         * len above. Without this check, the computation
                         * of len is bungled by the optimizer.
                         */
                        if (len > 0) {
-                               cwin = tp->snd_cwnd - 
-                                       (tp->snd_nxt - tp->sack_newdata) -
-                                       sack_bytes_rxmt;
-                               if (cwin < 0)
-                                       cwin = 0;
                                len = imin(len, cwin);
                                len = imin(len, cwin);
-                       }
-                       else 
+                       } else {
                                len = 0;
                                len = 0;
+                       }
+                       /*
+                        * At this point SACK recovery can not send any
+                        * data from scoreboard or any new data. Check
+                        * if we can do a rescue retransmit towards the
+                        * tail end of recovery window.
+                        */
+                       if (len == 0 && cwin > 0 &&
+                           SEQ_LT(tp->snd_fack, tp->snd_recover) &&
+                           !(tp->t_flagsext & TF_RESCUE_RXT)) {
+                               len = min((tp->snd_recover - tp->snd_fack),
+                                   tp->t_maxseg);
+                               len = imin(len, cwin);
+                               old_snd_nxt = tp->snd_nxt;
+                               sack_rescue_rxt = TRUE;
+                               tp->snd_nxt = tp->snd_recover - len;
+                               /*
+                                * If FIN has been sent, snd_max
+                                * must have been advanced to cover it.
+                                */
+                               if ((tp->t_flags & TF_SENTFIN) &&
+                                   tp->snd_max == tp->snd_recover)
+                                       tp->snd_nxt--;
+
+                               off = tp->snd_nxt - tp->snd_una;
+                               sendalot = 0;
+                               tp->t_flagsext |= TF_RESCUE_RXT;
+                       }
                }
        }
 
                }
        }
 
@@ -652,43 +978,47 @@ after_sack_rexmit:
         * know that foreign host supports TAO, suppress sending segment.
         */
        if ((flags & TH_SYN) && SEQ_GT(tp->snd_nxt, tp->snd_una)) {
         * know that foreign host supports TAO, suppress sending segment.
         */
        if ((flags & TH_SYN) && SEQ_GT(tp->snd_nxt, tp->snd_una)) {
-               if (tp->t_state != TCPS_SYN_RECEIVED)
-                       flags &= ~TH_SYN;
-               off--, len++;
-               if (len > 0 && tp->t_state == TCPS_SYN_SENT) {
-                       while (inp->inp_sndinprog_cnt == 0 &&
-                               tp->t_pktlist_head != NULL) {
-                               packetlist = tp->t_pktlist_head;
-                               packchain_listadd = tp->t_lastchain;
-                               packchain_sent++;
-                               TCP_PKTLIST_CLEAR(tp);
-
-                               error = tcp_ip_output(so, tp, packetlist,
-                                   packchain_listadd, tp_inp_options,
-                                   (so_options & SO_DONTROUTE),
-                                   (sack_rxmit | (sack_bytes_rxmt != 0)), 0,
-#if INET6
-                                   isipv6);
-#else /* INET6 */
-                                   0);
-#endif /* !INET6 */
+               if (tp->t_state == TCPS_SYN_RECEIVED && tfo_enabled(tp) && tp->snd_nxt == tp->snd_una + 1) {
+                       /* We are sending the SYN again! */
+                       off--;
+                       len++;
+               } else {
+                       if (tp->t_state != TCPS_SYN_RECEIVED || tfo_enabled(tp)) {
+                               flags &= ~TH_SYN;
+                       }
 
 
+                       off--;
+                       len++;
+                       if (len > 0 && tp->t_state == TCPS_SYN_SENT) {
+                               while (inp->inp_sndinprog_cnt == 0 &&
+                                       tp->t_pktlist_head != NULL) {
+                                       packetlist = tp->t_pktlist_head;
+                                       packchain_listadd = tp->t_lastchain;
+                                       packchain_sent++;
+                                       TCP_PKTLIST_CLEAR(tp);
+
+                                       error = tcp_ip_output(so, tp, packetlist,
+                                           packchain_listadd, tp_inp_options,
+                                           (so_options & SO_DONTROUTE),
+                                           (sack_rxmit || (sack_bytes_rxmt != 0)),
+                                           isipv6);
+                               }
 
 
+                               /*
+                                * tcp was closed while we were in ip,
+                                * resume close
+                                */
+                               if (inp->inp_sndinprog_cnt == 0 &&
+                                       (tp->t_flags & TF_CLOSING)) {
+                                       tp->t_flags &= ~TF_CLOSING;
+                                       (void) tcp_close(tp);
+                               } else {
+                                       tcp_check_timer_state(tp);
+                               }
+                               KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END,
+                                   0,0,0,0,0);
+                               return 0;
                        }
                        }
-                       /*
-                        * tcp was closed while we were in ip,
-                        * resume close 
-                        */
-                       if (inp->inp_sndinprog_cnt == 0 &&
-                               (tp->t_flags & TF_CLOSING)) {
-                               tp->t_flags &= ~TF_CLOSING;
-                               (void) tcp_close(tp);
-                       } else {
-                               tcp_check_timer_state(tp);
-                       }
-                       KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END,
-                           0,0,0,0,0);
-                       return(0);
                }
        }
 
                }
        }
 
@@ -696,17 +1026,31 @@ after_sack_rexmit:
         * Be careful not to send data and/or FIN on SYN segments.
         * This measure is needed to prevent interoperability problems
         * with not fully conformant TCP implementations.
         * Be careful not to send data and/or FIN on SYN segments.
         * This measure is needed to prevent interoperability problems
         * with not fully conformant TCP implementations.
+        *
+        * In case of TFO, we handle the setting of the len in
+        * tcp_tfo_check. In case TFO is not enabled, never ever send
+        * SYN+data.
         */
         */
-       if ((flags & TH_SYN) && (tp->t_flags & TF_NOOPT)) {
+       if ((flags & TH_SYN) && !tfo_enabled(tp)) {
                len = 0;
                flags &= ~TH_FIN;
        }
 
                len = 0;
                flags &= ~TH_FIN;
        }
 
-       /* The check here used to be (len < 0). Some times len is zero when
-        * the congestion window is closed and we need to check if persist timer
-        * has to be set in that case. But don't set persist until connection 
-        * is established.
-        */  
+       /*
+        * Don't send a RST with data.
+        */
+       if (flags & TH_RST)
+               len = 0;
+
+       if ((flags & TH_SYN) && tp->t_state <= TCPS_SYN_SENT && tfo_enabled(tp))
+               len = tcp_tfo_check(tp, len);
+
+       /*
+        * The check here used to be (len < 0). Some times len is zero
+        * when the congestion window is closed and we need to check
+        * if persist timer has to be set in that case. But don't set
+        * persist until connection is established.
+        */
        if (len <= 0 && !(flags & TH_SYN)) {
                /*
                 * If FIN has been sent but not acked,
        if (len <= 0 && !(flags & TH_SYN)) {
                /*
                 * If FIN has been sent but not acked,
@@ -721,50 +1065,35 @@ after_sack_rexmit:
                len = 0;
                if (sendwin == 0) {
                        tp->t_timer[TCPT_REXMT] = 0;
                len = 0;
                if (sendwin == 0) {
                        tp->t_timer[TCPT_REXMT] = 0;
-                       tp->t_rxtshift = 0;
-                       tp->t_rxtstart = 0;
+                       tp->t_timer[TCPT_PTO] = 0;
+                       TCP_RESET_REXMT_STATE(tp);
                        tp->snd_nxt = tp->snd_una;
                        tp->snd_nxt = tp->snd_una;
+                       off = 0;
                        if (tp->t_timer[TCPT_PERSIST] == 0)
                                tcp_setpersist(tp);
                }
        }
 
                        if (tp->t_timer[TCPT_PERSIST] == 0)
                                tcp_setpersist(tp);
                }
        }
 
-       /* Automatic sizing of send socket buffer. Increase the send socket buffer
-        * size if all of the following criteria are met
+       /*
+        * Automatic sizing of send socket buffer. Increase the send
+        * socket buffer size if all of the following criteria are met
         *      1. the receiver has enough buffer space for this data
         *      2. send buffer is filled to 7/8th with data (so we actually
         *         have data to make use of it);
         *      3. our send window (slow start and congestion controlled) is
         *         larger than sent but unacknowledged data in send buffer.
         */
         *      1. the receiver has enough buffer space for this data
         *      2. send buffer is filled to 7/8th with data (so we actually
         *         have data to make use of it);
         *      3. our send window (slow start and congestion controlled) is
         *         larger than sent but unacknowledged data in send buffer.
         */
-       basertt = get_base_rtt(tp);
        if (tcp_do_autosendbuf == 1 &&
            !INP_WAIT_FOR_IF_FEEDBACK(inp) && !IN_FASTRECOVERY(tp) &&
            (so->so_snd.sb_flags & (SB_AUTOSIZE | SB_TRIM)) == SB_AUTOSIZE &&
            tcp_cansbgrow(&so->so_snd)) {
                if ((tp->snd_wnd / 4 * 5) >= so->so_snd.sb_hiwat &&
        if (tcp_do_autosendbuf == 1 &&
            !INP_WAIT_FOR_IF_FEEDBACK(inp) && !IN_FASTRECOVERY(tp) &&
            (so->so_snd.sb_flags & (SB_AUTOSIZE | SB_TRIM)) == SB_AUTOSIZE &&
            tcp_cansbgrow(&so->so_snd)) {
                if ((tp->snd_wnd / 4 * 5) >= so->so_snd.sb_hiwat &&
-                       so->so_snd.sb_cc >= (so->so_snd.sb_hiwat / 8 * 7) &&
-                       sendwin >= (so->so_snd.sb_cc - 
-                               (tp->snd_nxt - tp->snd_una))) {
-                       /* Also increase the send buffer only if the 
-                        * round-trip time is not increasing because we do
-                        * not want to contribute to latency by filling buffers.
-                        * We also do not want to hold onto application's
-                        * old data for too long. Interactive applications would
-                        * rather discard old data.
-                        */
-                       if (tp->t_rttcur <= 
-                               (basertt + 25)) {
-                               if (sbreserve(&so->so_snd, 
-                                       min(so->so_snd.sb_hiwat + tcp_autosndbuf_inc,
-                                       tcp_autosndbuf_max)) == 1) {
-                                       so->so_snd.sb_idealsize = so->so_snd.sb_hiwat;
-                               }
-                       } else {
-                               so->so_snd.sb_idealsize = 
-                                   max(tcp_sendspace, so->so_snd.sb_hiwat -
-                                       (2 * tcp_autosndbuf_inc));
-                               so->so_snd.sb_flags |= SB_TRIM;
+                   so->so_snd.sb_cc >= (so->so_snd.sb_hiwat / 8 * 7) &&
+                   sendwin >= (so->so_snd.sb_cc - (tp->snd_nxt - tp->snd_una))) {
+                       if (sbreserve(&so->so_snd,
+                           min(so->so_snd.sb_hiwat + tcp_autosndbuf_inc,
+                           tcp_autosndbuf_max)) == 1) {
+                               so->so_snd.sb_idealsize = so->so_snd.sb_hiwat;
                        }
                }
        }
                        }
                }
        }
@@ -794,11 +1123,12 @@ after_sack_rexmit:
        if (ipsec_bypass == 0)
                ipsec_optlen = ipsec_hdrsiz_tcp(tp);
 #endif
        if (ipsec_bypass == 0)
                ipsec_optlen = ipsec_hdrsiz_tcp(tp);
 #endif
-
        if (len > tp->t_maxseg) {
                if ((tp->t_flags & TF_TSO) && tcp_do_tso && hwcksum_tx &&
        if (len > tp->t_maxseg) {
                if ((tp->t_flags & TF_TSO) && tcp_do_tso && hwcksum_tx &&
-                   ip_use_randomid && kipf_count == 0 && dlil_filter_disable_tso_count == 0 &&
-                   tp->rcv_numsacks == 0 && sack_rxmit == 0  && sack_bytes_rxmt == 0 &&
+                   ip_use_randomid && kipf_count == 0 &&
+                   dlil_filter_disable_tso_count == 0 &&
+                   tp->rcv_numsacks == 0 && sack_rxmit == 0  &&
+                   sack_bytes_rxmt == 0 &&
                    inp->inp_options == NULL &&
                    inp->in6p_options == NULL
 #if IPSEC
                    inp->inp_options == NULL &&
                    inp->in6p_options == NULL
 #if IPSEC
@@ -816,51 +1146,66 @@ after_sack_rexmit:
                        tso = 0;
                }
        }
                        tso = 0;
                }
        }
+
+       /* Send one segment or less as a tail loss probe */
+       if (tp->t_flagsext & TF_SENT_TLPROBE) {
+               len = min(len, tp->t_maxseg);
+               sendalot = 0;
+               tso = 0;
+       }
+
 #if MPTCP
 #if MPTCP
-       if (so->so_flags & SOF_MP_SUBFLOW) {
+       if (so->so_flags & SOF_MP_SUBFLOW && off < 0) {
+               os_log_error(mptcp_log_handle, "%s - %lx: offset is negative! len %d off %d\n",
+                   __func__, (unsigned long)VM_KERNEL_ADDRPERM(tp->t_mpsub->mpts_mpte),
+                   len, off);
+       }
+
+       if ((so->so_flags & SOF_MP_SUBFLOW) &&
+           !(tp->t_mpflags & TMPF_TCP_FALLBACK)) {
                int newlen = len;
                int newlen = len;
-               if ((tp->t_mpflags & TMPF_SND_MPPRIO) ||
-                   (tp->t_mpflags & TMPF_SND_REM_ADDR) ||
-                   (tp->t_mpflags & TMPF_SND_MPFAIL)) {
+               if (tp->t_state >= TCPS_ESTABLISHED &&
+                   (tp->t_mpflags & TMPF_SND_MPPRIO ||
+                    tp->t_mpflags & TMPF_SND_REM_ADDR ||
+                    tp->t_mpflags & TMPF_SND_MPFAIL ||
+                    tp->t_mpflags & TMPF_SND_KEYS ||
+                    tp->t_mpflags & TMPF_SND_JACK)) {
                        if (len > 0) {
                                len = 0;
                        }
                        if (len > 0) {
                                len = 0;
                        }
-                       sendalot = 1;
-                       mptcp_acknow = 1;
+                       /*
+                        * On a new subflow, don't try to send again, because
+                        * we are still waiting for the fourth ack.
+                        */
+                       if (!(tp->t_mpflags & TMPF_PREESTABLISHED))
+                               sendalot = 1;
+                       mptcp_acknow = TRUE;
                } else {
                } else {
-                       mptcp_acknow = 0;
+                       mptcp_acknow = FALSE;
                }
                /*
                 * The contiguous bytes in the subflow socket buffer can be
                }
                /*
                 * The contiguous bytes in the subflow socket buffer can be
-                * discontiguous at the MPTCP level. Since only one DSS 
+                * discontiguous at the MPTCP level. Since only one DSS
                 * option can be sent in one packet, reduce length to match
                 * the contiguous MPTCP level. Set sendalot to send remainder.
                 */
                 * option can be sent in one packet, reduce length to match
                 * the contiguous MPTCP level. Set sendalot to send remainder.
                 */
-               if (len > 0)
-                       newlen = mptcp_adj_sendlen(so, off, len);
+               if (len > 0 && off >= 0) {
+                       newlen = mptcp_adj_sendlen(so, off);
+               }
+
                if (newlen < len) {
                        len = newlen;
                if (newlen < len) {
                        len = newlen;
-                       sendalot = 1;
                }
        }
 #endif /* MPTCP */
                }
        }
 #endif /* MPTCP */
-       if (sack_rxmit) {
-               if (SEQ_LT(p->rxmit + len, tp->snd_una + so->so_snd.sb_cc))
-                       flags &= ~TH_FIN;
-       } else {
-               if (SEQ_LT(tp->snd_nxt + len, tp->snd_una + so->so_snd.sb_cc))
-                       flags &= ~TH_FIN;
-       }
-
-       recwin = tcp_sbspace(tp);
 
        /*
         * If the socket is capable of doing unordered send,
         * pull the amount of data that can be sent from the
         * unordered priority queues to the serial queue in
         * the socket buffer. If bytes are not yet available
 
        /*
         * If the socket is capable of doing unordered send,
         * pull the amount of data that can be sent from the
         * unordered priority queues to the serial queue in
         * the socket buffer. If bytes are not yet available
-        * in the highest priority message, we may not be able 
-        * to send any new data. 
+        * in the highest priority message, we may not be able
+        * to send any new data.
         */
        if (so->so_flags & SOF_ENABLE_MSGS) {
                if ((off + len) >
         */
        if (so->so_flags & SOF_ENABLE_MSGS) {
                if ((off + len) >
@@ -868,7 +1213,7 @@ after_sack_rexmit:
                        sbpull_unordered_data(so, off, len);
 
                        /* check if len needs to be modified */
                        sbpull_unordered_data(so, off, len);
 
                        /* check if len needs to be modified */
-                       if ((off + len) > 
+                       if ((off + len) >
                            so->so_msg_state->msg_serial_bytes) {
                                len = so->so_msg_state->msg_serial_bytes - off;
                                if (len <= 0) {
                            so->so_msg_state->msg_serial_bytes) {
                                len = so->so_msg_state->msg_serial_bytes - off;
                                if (len <= 0) {
@@ -879,6 +1224,68 @@ after_sack_rexmit:
                }
        }
 
                }
        }
 
+       if (sack_rxmit) {
+               if (SEQ_LT(p->rxmit + len, tp->snd_una + so->so_snd.sb_cc))
+                       flags &= ~TH_FIN;
+       } else {
+               if (SEQ_LT(tp->snd_nxt + len, tp->snd_una + so->so_snd.sb_cc))
+                       flags &= ~TH_FIN;
+       }
+       /*
+        * Compare available window to amount of window
+        * known to peer (as advertised window less
+        * next expected input).  If the difference is at least two
+        * max size segments, or at least 25% of the maximum possible
+        * window, then want to send a window update to peer.
+        */
+       recwin = tcp_sbspace(tp);
+
+       if (!(so->so_flags & SOF_MP_SUBFLOW)) {
+               if (recwin < (int32_t)(so->so_rcv.sb_hiwat / 4) &&
+                   recwin < (int)tp->t_maxseg) {
+                       recwin = 0;
+               }
+       } else {
+               struct mptcb *mp_tp = tptomptp(tp);
+               struct socket *mp_so = mptetoso(mp_tp->mpt_mpte);
+
+               if (recwin < (int32_t)(mp_so->so_rcv.sb_hiwat / 4) &&
+                   recwin < (int)tp->t_maxseg) {
+                       recwin = 0;
+               }
+       }
+
+#if TRAFFIC_MGT
+       if (tcp_recv_bg == 1 || IS_TCP_RECV_BG(so)) {
+               if (recwin > 0 && tcp_recv_throttle(tp)) {
+                       uint32_t min_iaj_win = tcp_min_iaj_win * tp->t_maxseg;
+                       uint32_t bg_rwintop = tp->rcv_adv;
+                       if (SEQ_LT(bg_rwintop, tp->rcv_nxt + min_iaj_win))
+                               bg_rwintop =  tp->rcv_nxt + min_iaj_win;
+                       recwin = imin((int32_t)(bg_rwintop - tp->rcv_nxt),
+                           recwin);
+                       if (recwin < 0)
+                               recwin = 0;
+               }
+       }
+#endif /* TRAFFIC_MGT */
+
+       if (recwin > (int32_t)(TCP_MAXWIN << tp->rcv_scale))
+               recwin = (int32_t)(TCP_MAXWIN << tp->rcv_scale);
+
+       if (!(so->so_flags & SOF_MP_SUBFLOW)) {
+               if (recwin < (int32_t)(tp->rcv_adv - tp->rcv_nxt)) {
+                       recwin = (int32_t)(tp->rcv_adv - tp->rcv_nxt);
+               }
+       } else {
+               struct mptcb *mp_tp = tptomptp(tp);
+
+               /* Don't remove what we announced at the MPTCP-layer */
+               if (recwin < (int32_t)(mp_tp->mpt_rcvadv - (uint32_t)mp_tp->mpt_rcvnxt)) {
+                       recwin = (int32_t)(mp_tp->mpt_rcvadv - (uint32_t)mp_tp->mpt_rcvnxt);
+               }
+       }
+
        /*
         * Sender silly window avoidance.   We transmit under the following
         * conditions when len is non-zero:
        /*
         * Sender silly window avoidance.   We transmit under the following
         * conditions when len is non-zero:
@@ -892,13 +1299,23 @@ after_sack_rexmit:
         *        data (receiver may be limited the window size)
         */
        if (len) {
         *        data (receiver may be limited the window size)
         */
        if (len) {
-               if (tp->t_force)
+               if (tp->t_flagsext & TF_FORCE)
                        goto send;
                if (SEQ_LT(tp->snd_nxt, tp->snd_max))
                        goto send;
                if (sack_rxmit)
                        goto send;
 
                        goto send;
                if (SEQ_LT(tp->snd_nxt, tp->snd_max))
                        goto send;
                if (sack_rxmit)
                        goto send;
 
+               /*
+                * If this here is the first segment after SYN/ACK and TFO
+                * is being used, then we always send it, regardless of Nagle,...
+                */
+               if (tp->t_state == TCPS_SYN_RECEIVED &&
+                   tfo_enabled(tp) &&
+                   (tp->t_tfo_flags & TFO_F_COOKIE_VALID) &&
+                   tp->snd_nxt == tp->iss + 1)
+                       goto send;
+
                /*
                 * Send new data on the connection only if it is
                 * not flow controlled
                /*
                 * Send new data on the connection only if it is
                 * not flow controlled
@@ -907,12 +1324,20 @@ after_sack_rexmit:
                    tp->t_state != TCPS_ESTABLISHED) {
                        if (len >= tp->t_maxseg)
                                goto send;
                    tp->t_state != TCPS_ESTABLISHED) {
                        if (len >= tp->t_maxseg)
                                goto send;
+
                        if (!(tp->t_flags & TF_MORETOCOME) &&
                        if (!(tp->t_flags & TF_MORETOCOME) &&
-                           (idle || tp->t_flags & TF_NODELAY || 
-                           tp->t_flags & TF_MAXSEGSNT ||
+                           (idle || tp->t_flags & TF_NODELAY ||
+                           (tp->t_flags & TF_MAXSEGSNT) ||
                            ALLOW_LIMITED_TRANSMIT(tp)) &&
                            (tp->t_flags & TF_NOPUSH) == 0 &&
                            ALLOW_LIMITED_TRANSMIT(tp)) &&
                            (tp->t_flags & TF_NOPUSH) == 0 &&
-                           len + off >= so->so_snd.sb_cc)
+                           (len + off >= so->so_snd.sb_cc ||
+                            /*
+                             * MPTCP needs to respect the DSS-mappings. So, it
+                             * may be sending data that *could* have been
+                             * coalesced, but cannot because of
+                             * mptcp_adj_sendlen().
+                             */
+                            so->so_flags & SOF_MP_SUBFLOW))
                                goto send;
                        if (len >= tp->max_sndwnd / 2 && tp->max_sndwnd > 0)
                                goto send;
                                goto send;
                        if (len >= tp->max_sndwnd / 2 && tp->max_sndwnd > 0)
                                goto send;
@@ -921,14 +1346,6 @@ after_sack_rexmit:
                }
        }
 
                }
        }
 
-       /*
-        * Compare available window to amount of window
-        * known to peer (as advertised window less
-        * next expected input).  If the difference is at least two
-        * max size segments, or at least 25% of the maximum possible
-        * window, then want to send a window update to peer.
-        * Skip this if the connection is in T/TCP half-open state.
-        */
        if (recwin > 0 && !(tp->t_flags & TF_NEEDSYN)) {
                /*
                 * "adv" is the amount we can increase the window,
        if (recwin > 0 && !(tp->t_flags & TF_NEEDSYN)) {
                /*
                 * "adv" is the amount we can increase the window,
@@ -943,38 +1360,42 @@ after_sack_rexmit:
                        oldwin = tp->rcv_adv - tp->rcv_nxt;
 
                if (adv >= (int32_t) (2 * tp->t_maxseg)) {
                        oldwin = tp->rcv_adv - tp->rcv_nxt;
 
                if (adv >= (int32_t) (2 * tp->t_maxseg)) {
-                       /* Update only if the resulting scaled value of the window changed, or
-                        * if there is a change in the sequence since the last ack.
-                        * This avoids what appears as dupe ACKS (see rdar://5640997)
+                       /*
+                        * Update only if the resulting scaled value of
+                        * the window changed, or if there is a change in
+                        * the sequence since the last ack. This avoids
+                        * what appears as dupe ACKS (see rdar://5640997)
                         *
                         *
-                        * If streaming is detected avoid sending too many window updates.
-                        * We will depend on the delack timer to send a window update
-                        * when needed.
+                        * If streaming is detected avoid sending too many
+                        * window updates. We will depend on the delack
+                        * timer to send a window update when needed.
                         */
                        if (!(tp->t_flags & TF_STRETCHACK) &&
                         */
                        if (!(tp->t_flags & TF_STRETCHACK) &&
-                               (tp->last_ack_sent != tp->rcv_nxt || 
+                               (tp->last_ack_sent != tp->rcv_nxt ||
                                ((oldwin + adv) >> tp->rcv_scale) >
                                (oldwin >> tp->rcv_scale))) {
                                goto send;
                        }
 
                                ((oldwin + adv) >> tp->rcv_scale) >
                                (oldwin >> tp->rcv_scale))) {
                                goto send;
                        }
 
-                       /* Make sure that the delayed ack timer is set if we
-                        * delayed sending a window update because of streaming
-                        * detection.
-                        */
-                       if ((tp->t_flags & TF_STRETCHACK) &&
-                               !(tp->t_flags & TF_DELACK)) { 
-                               tp->t_flags |= TF_DELACK;
-                               tp->t_timer[TCPT_DELACK] = 
-                                       OFFSET_FROM_START(tp, tcp_delack);
-                       }
                }
                }
-               if (4 * adv >= (int32_t) so->so_rcv.sb_hiwat) 
-                               goto send;
+               if (4 * adv >= (int32_t) so->so_rcv.sb_hiwat)
+                       goto send;
+
+               /*
+                * Make sure that the delayed ack timer is set if
+                * we delayed sending a window update because of
+                * streaming detection.
+                */
+               if ((tp->t_flags & TF_STRETCHACK) &&
+                   !(tp->t_flags & TF_DELACK)) {
+                       tp->t_flags |= TF_DELACK;
+                       tp->t_timer[TCPT_DELACK] =
+                               OFFSET_FROM_START(tp, tcp_delack);
+               }
        }
 
        /*
        }
 
        /*
-        * Send if we owe the peer an ACK, RST, SYN, or urgent data.  ACKNOW
+        * Send if we owe the peer an ACK, RST, SYN, or urgent data. ACKNOW
         * is also a catch-all for the retransmit timer timeout case.
         */
        if (tp->t_flags & TF_ACKNOW)
         * is also a catch-all for the retransmit timer timeout case.
         */
        if (tp->t_flags & TF_ACKNOW)
@@ -992,21 +1413,22 @@ after_sack_rexmit:
         * If our state indicates that FIN should be sent
         * and we have not yet done so, then we need to send.
         */
         * If our state indicates that FIN should be sent
         * and we have not yet done so, then we need to send.
         */
-       if (flags & TH_FIN &&
-           ((tp->t_flags & TF_SENTFIN) == 0 || tp->snd_nxt == tp->snd_una))
+       if ((flags & TH_FIN) &&
+           (!(tp->t_flags & TF_SENTFIN) || tp->snd_nxt == tp->snd_una))
                goto send;
        /*
         * In SACK, it is possible for tcp_output to fail to send a segment
         * after the retransmission timer has been turned off.  Make sure
         * that the retransmission timer is set.
         */
                goto send;
        /*
         * In SACK, it is possible for tcp_output to fail to send a segment
         * after the retransmission timer has been turned off.  Make sure
         * that the retransmission timer is set.
         */
-       if (SACK_ENABLED(tp) && (tp->t_state >= TCPS_ESTABLISHED) && 
+       if (SACK_ENABLED(tp) && (tp->t_state >= TCPS_ESTABLISHED) &&
            SEQ_GT(tp->snd_max, tp->snd_una) &&
            tp->t_timer[TCPT_REXMT] == 0 &&
            tp->t_timer[TCPT_PERSIST] == 0) {
            SEQ_GT(tp->snd_max, tp->snd_una) &&
            tp->t_timer[TCPT_REXMT] == 0 &&
            tp->t_timer[TCPT_PERSIST] == 0) {
-               tp->t_timer[TCPT_REXMT] = OFFSET_FROM_START(tp, tp->t_rxtcur);
+               tp->t_timer[TCPT_REXMT] = OFFSET_FROM_START(tp,
+                       tp->t_rxtcur);
                goto just_return;
                goto just_return;
-       } 
+       }
        /*
         * TCP window updates are not reliable, rather a polling protocol
         * using ``persist'' packets is used to insure receipt of window
        /*
         * TCP window updates are not reliable, rather a polling protocol
         * using ``persist'' packets is used to insure receipt of window
@@ -1031,8 +1453,7 @@ after_sack_rexmit:
         */
        if (so->so_snd.sb_cc && tp->t_timer[TCPT_REXMT] == 0 &&
            tp->t_timer[TCPT_PERSIST] == 0) {
         */
        if (so->so_snd.sb_cc && tp->t_timer[TCPT_REXMT] == 0 &&
            tp->t_timer[TCPT_PERSIST] == 0) {
-               tp->t_rxtshift = 0;
-               tp->t_rxtstart = 0;
+               TCP_RESET_REXMT_STATE(tp);
                tcp_setpersist(tp);
        }
 just_return:
                tcp_setpersist(tp);
        }
 just_return:
@@ -1047,14 +1468,10 @@ just_return:
                packchain_sent++;
                TCP_PKTLIST_CLEAR(tp);
 
                packchain_sent++;
                TCP_PKTLIST_CLEAR(tp);
 
-               error = tcp_ip_output(so, tp, packetlist, packchain_listadd,
+               error = tcp_ip_output(so, tp, packetlist,
+                   packchain_listadd,
                    tp_inp_options, (so_options & SO_DONTROUTE),
                    tp_inp_options, (so_options & SO_DONTROUTE),
-                   (sack_rxmit | (sack_bytes_rxmt != 0)), recwin,
-#if INET6
-                   isipv6);
-#else /* INET6 */
-                   0);
-#endif /* !INET6 */
+                   (sack_rxmit || (sack_bytes_rxmt != 0)), isipv6);
        }
        /* tcp was closed while we were in ip; resume close */
        if (inp->inp_sndinprog_cnt == 0 &&
        }
        /* tcp was closed while we were in ip; resume close */
        if (inp->inp_sndinprog_cnt == 0 &&
@@ -1065,10 +1482,10 @@ just_return:
                tcp_check_timer_state(tp);
        }
        KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END, 0,0,0,0,0);
                tcp_check_timer_state(tp);
        }
        KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END, 0,0,0,0,0);
-       return (0);
+       return 0;
 
 send:
 
 send:
-       /* 
+       /*
         * Set TF_MAXSEGSNT flag if the segment size is greater than
         * the max segment size.
         */
         * Set TF_MAXSEGSNT flag if the segment size is greater than
         * the max segment size.
         */
@@ -1103,109 +1520,26 @@ send:
                        mss = htons((u_short) tcp_mssopt(tp));
                        (void)memcpy(opt + 2, &mss, sizeof(mss));
                        optlen = TCPOLEN_MAXSEG;
                        mss = htons((u_short) tcp_mssopt(tp));
                        (void)memcpy(opt + 2, &mss, sizeof(mss));
                        optlen = TCPOLEN_MAXSEG;
-
-                       if ((tp->t_flags & TF_REQ_SCALE) &&
-                           ((flags & TH_ACK) == 0 ||
-                           (tp->t_flags & TF_RCVD_SCALE))) {
-                               *((u_int32_t *)(void *)(opt + optlen)) = htonl(
-                                       TCPOPT_NOP << 24 |
-                                       TCPOPT_WINDOW << 16 |
-                                       TCPOLEN_WINDOW << 8 |
-                                       tp->request_r_scale);
-                               optlen += 4;
-                       }
-#if MPTCP
-                       if (mptcp_enable) {
-                               optlen = mptcp_setup_syn_opts(so, flags, opt,
-                                   optlen);
-                       }
-#endif /* MPTCP */
-               }
-       }
-       
-       /*
-         RFC 3168 states that:
-          - If you ever sent an ECN-setup SYN/SYN-ACK you must be prepared
-          to handle the TCP ECE flag, even if you also later send a
-          non-ECN-setup SYN/SYN-ACK.
-          - If you ever send a non-ECN-setup SYN/SYN-ACK, you must not set
-          the ip ECT flag.
-          
-          It is not clear how the ECE flag would ever be set if you never
-          set the IP ECT flag on outbound packets. All the same, we use
-          the TE_SETUPSENT to indicate that we have committed to handling
-          the TCP ECE flag correctly. We use the TE_SENDIPECT to indicate
-          whether or not we should set the IP ECT flag on outbound packets.
-        */
-       /*
-        * For a SYN-ACK, send an ECN setup SYN-ACK
-        */
-       if (tcp_ecn_inbound && (flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) {
-               if ((tp->ecn_flags & TE_SETUPRECEIVED) != 0) {
-                       if ((tp->ecn_flags & TE_SETUPSENT) == 0) {
-                               /* Setting TH_ECE makes this an ECN-setup SYN-ACK */
-                               flags |= TH_ECE;
-                               
-                               /*
-                                * Record that we sent the ECN-setup and default to
-                                * setting IP ECT.
-                                */
-                               tp->ecn_flags |= (TE_SETUPSENT | TE_SENDIPECT);
-                       }
-                       else {
-                               /*
-                                * We sent an ECN-setup SYN-ACK but it was dropped.
-                                * Fallback to non-ECN-setup SYN-ACK and clear flag
-                                * that to indicate we should not send data with IP ECT set.
-                                *
-                                * Pretend we didn't receive an ECN-setup SYN.
-                                */
-                               tp->ecn_flags &= ~TE_SETUPRECEIVED;
-                       }
-               }
-       }
-       else if (tcp_ecn_outbound && (flags & (TH_SYN | TH_ACK)) == TH_SYN) {
-               if ((tp->ecn_flags & TE_SETUPSENT) == 0) {
-                       /* Setting TH_ECE and TH_CWR makes this an ECN-setup SYN */
-                       flags |= (TH_ECE | TH_CWR);
-                       
-                       /*
-                        * Record that we sent the ECN-setup and default to
-                        * setting IP ECT.
-                        */
-                       tp->ecn_flags |= (TE_SETUPSENT | TE_SENDIPECT);
-               }
-               else {
-                       /*
-                        * We sent an ECN-setup SYN but it was dropped.
-                        * Fall back to no ECN and clear flag indicating
-                        * we should send data with IP ECT set.
-                        */
-                       tp->ecn_flags &= ~TE_SENDIPECT;
+
+                       if ((tp->t_flags & TF_REQ_SCALE) &&
+                           ((flags & TH_ACK) == 0 ||
+                           (tp->t_flags & TF_RCVD_SCALE))) {
+                               *((u_int32_t *)(void *)(opt + optlen)) = htonl(
+                                       TCPOPT_NOP << 24 |
+                                       TCPOPT_WINDOW << 16 |
+                                       TCPOLEN_WINDOW << 8 |
+                                       tp->request_r_scale);
+                               optlen += 4;
+                       }
+#if MPTCP
+                       if (mptcp_enable && (so->so_flags & SOF_MP_SUBFLOW)) {
+                               optlen = mptcp_setup_syn_opts(so, opt, optlen);
+                       }
+#endif /* MPTCP */
                }
        }
                }
        }
-       
-       /*
-        * Check if we should set the TCP CWR flag.
-        * CWR flag is sent when we reduced the congestion window because
-        * we received a TCP ECE or we performed a fast retransmit. We
-        * never set the CWR flag on retransmitted packets. We only set
-        * the CWR flag on data packets. Pure acks don't have this set.
-        */
-       if ((tp->ecn_flags & TE_SENDCWR) != 0 && len != 0 &&
-               !SEQ_LT(tp->snd_nxt, tp->snd_max) && !sack_rxmit) {
-               flags |= TH_CWR;
-               tp->ecn_flags &= ~TE_SENDCWR;
-       }
-       
-       /*
-        * Check if we should set the TCP ECE flag.
-        */
-       if ((tp->ecn_flags & TE_SENDECE) != 0 && len == 0) {
-               flags |= TH_ECE;
-       }
 
 
-       /*
+       /*
         * Send a timestamp and echo-reply if this is a SYN and our side
         * wants to use timestamps (TF_REQ_TSTMP is set) or both our side
         * and our peer have sent timestamps in our SYN's.
         * Send a timestamp and echo-reply if this is a SYN and our side
         * wants to use timestamps (TF_REQ_TSTMP is set) or both our side
         * and our peer have sent timestamps in our SYN's.
@@ -1228,7 +1562,7 @@ send:
                tp->rfbuf_ts = tcp_now;
 
        if (SACK_ENABLED(tp) && ((tp->t_flags & TF_NOOPT) == 0)) {
                tp->rfbuf_ts = tcp_now;
 
        if (SACK_ENABLED(tp) && ((tp->t_flags & TF_NOOPT) == 0)) {
-               /* 
+               /*
                 * Tack on the SACK permitted option *last*.
                 * And do padding of options after tacking this on.
                 * This is because of MSS, TS, WinScale and Signatures are
                 * Tack on the SACK permitted option *last*.
                 * And do padding of options after tacking this on.
                 * This is because of MSS, TS, WinScale and Signatures are
@@ -1260,17 +1594,27 @@ send:
                 * still advance the subflow level ACK and therefore make it
                 * hard for the remote end to recover in low cwnd situations.
                 */
                 * still advance the subflow level ACK and therefore make it
                 * hard for the remote end to recover in low cwnd situations.
                 */
-               if (len != 0)
+               if (len != 0) {
                        tp->t_mpflags |= (TMPF_SEND_DSN |
                            TMPF_MPTCP_ACKNOW);
                        tp->t_mpflags |= (TMPF_SEND_DSN |
                            TMPF_MPTCP_ACKNOW);
-               else
+               } else {
                        tp->t_mpflags |= TMPF_MPTCP_ACKNOW;
                        tp->t_mpflags |= TMPF_MPTCP_ACKNOW;
+               }
                optlen = mptcp_setup_opts(tp, off, &opt[0], optlen, flags,
                optlen = mptcp_setup_opts(tp, off, &opt[0], optlen, flags,
-                   len, &dlenp, &finp, &dss_val, &sseqp);
+                   len, &mptcp_acknow);
                tp->t_mpflags &= ~TMPF_SEND_DSN;
        }
 #endif /* MPTCP */
 
                tp->t_mpflags &= ~TMPF_SEND_DSN;
        }
 #endif /* MPTCP */
 
+       if (tfo_enabled(tp) && !(tp->t_flags & TF_NOOPT) &&
+           (flags & (TH_SYN | TH_ACK)) == TH_SYN)
+               optlen += tcp_tfo_write_cookie(tp, optlen, len, opt);
+
+       if (tfo_enabled(tp) &&
+           (flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK) &&
+           (tp->t_tfo_flags & TFO_F_OFFER_COOKIE))
+               optlen += tcp_tfo_write_cookie_rep(tp, optlen, opt);
+
        if (SACK_ENABLED(tp) && ((tp->t_flags & TF_NOOPT) == 0)) {
                /*
                 * Send SACKs if necessary.  This should be the last
        if (SACK_ENABLED(tp) && ((tp->t_flags & TF_NOOPT) == 0)) {
                /*
                 * Send SACKs if necessary.  This should be the last
@@ -1286,14 +1630,16 @@ send:
                 * 10 bytes for SACK options 40 - (12 + 18).
                 */
                if (TCPS_HAVEESTABLISHED(tp->t_state) &&
                 * 10 bytes for SACK options 40 - (12 + 18).
                 */
                if (TCPS_HAVEESTABLISHED(tp->t_state) &&
-                   (tp->t_flags & TF_SACK_PERMIT) && tp->rcv_numsacks > 0 &&
+                   (tp->t_flags & TF_SACK_PERMIT) &&
+                   (tp->rcv_numsacks > 0 || TCP_SEND_DSACK_OPT(tp)) &&
                    MAX_TCPOPTLEN - optlen - 2 >= TCPOLEN_SACK) {
                        int nsack, padlen;
                        u_char *bp = (u_char *)opt + optlen;
                        u_int32_t *lp;
 
                        nsack = (MAX_TCPOPTLEN - optlen - 2) / TCPOLEN_SACK;
                    MAX_TCPOPTLEN - optlen - 2 >= TCPOLEN_SACK) {
                        int nsack, padlen;
                        u_char *bp = (u_char *)opt + optlen;
                        u_int32_t *lp;
 
                        nsack = (MAX_TCPOPTLEN - optlen - 2) / TCPOLEN_SACK;
-                       nsack = min(nsack, tp->rcv_numsacks);
+                       nsack = min(nsack, (tp->rcv_numsacks +
+                           (TCP_SEND_DSACK_OPT(tp) ? 1 : 0)));
                        sackoptlen = (2 + nsack * TCPOLEN_SACK);
 
                        /*
                        sackoptlen = (2 + nsack * TCPOLEN_SACK);
 
                        /*
@@ -1310,6 +1656,22 @@ send:
                        *bp++ = TCPOPT_SACK;
                        *bp++ = sackoptlen;
                        lp = (u_int32_t *)(void *)bp;
                        *bp++ = TCPOPT_SACK;
                        *bp++ = sackoptlen;
                        lp = (u_int32_t *)(void *)bp;
+
+                       /*
+                        * First block of SACK option should represent
+                        * DSACK. Prefer to send SACK information if there
+                        * is space for only one SACK block. This will
+                        * allow for faster recovery.
+                        */
+                       if (TCP_SEND_DSACK_OPT(tp) && nsack > 0 &&
+                           (tp->rcv_numsacks == 0 || nsack > 1)) {
+                               *lp++ = htonl(tp->t_dsack_lseq);
+                               *lp++ = htonl(tp->t_dsack_rseq);
+                               tcpstat.tcps_dsack_sent++;
+                               tp->t_dsack_sent++;
+                               nsack--;
+                       }
+                       VERIFY(nsack == 0 || tp->rcv_numsacks >= nsack);
                        for (i = 0; i < nsack; i++) {
                                struct sackblk sack = tp->sackblks[i];
                                *lp++ = htonl(sack.start);
                        for (i = 0; i < nsack; i++) {
                                struct sackblk sack = tp->sackblks[i];
                                *lp++ = htonl(sack.start);
@@ -1331,8 +1693,123 @@ send:
                }
        }
 
                }
        }
 
+       /*
+        * RFC 3168 states that:
+        * - If you ever sent an ECN-setup SYN/SYN-ACK you must be prepared
+        * to handle the TCP ECE flag, even if you also later send a
+        * non-ECN-setup SYN/SYN-ACK.
+        * - If you ever send a non-ECN-setup SYN/SYN-ACK, you must not set
+        * the ip ECT flag.
+        *
+        * It is not clear how the ECE flag would ever be set if you never
+        * set the IP ECT flag on outbound packets. All the same, we use
+        * the TE_SETUPSENT to indicate that we have committed to handling
+        * the TCP ECE flag correctly. We use the TE_SENDIPECT to indicate
+        * whether or not we should set the IP ECT flag on outbound packet
+        *
+        * For a SYN-ACK, send an ECN setup SYN-ACK
+        */
+       if ((flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK) &&
+           (tp->ecn_flags & TE_ENABLE_ECN)) {
+               if (tp->ecn_flags & TE_SETUPRECEIVED) {
+                       if (tcp_send_ecn_flags_on_syn(tp, so)) {
+                               /*
+                                * Setting TH_ECE makes this an ECN-setup
+                                * SYN-ACK
+                                */
+                               flags |= TH_ECE;
+
+                               /*
+                                * Record that we sent the ECN-setup and
+                                * default to setting IP ECT.
+                                */
+                               tp->ecn_flags |= (TE_SETUPSENT|TE_SENDIPECT);
+                               tcpstat.tcps_ecn_server_setup++;
+                               tcpstat.tcps_ecn_server_success++;
+                       } else {
+                               /*
+                                * We sent an ECN-setup SYN-ACK but it was
+                                * dropped. Fallback to non-ECN-setup
+                                * SYN-ACK and clear flag to indicate that
+                                * we should not send data with IP ECT set
+                                *
+                                * Pretend we didn't receive an
+                                * ECN-setup SYN.
+                                *
+                                * We already incremented the counter
+                                * assuming that the ECN setup will
+                                * succeed. Decrementing here
+                                * tcps_ecn_server_success to correct it.
+                                */
+                               if (tp->ecn_flags & TE_SETUPSENT) {
+                                       tcpstat.tcps_ecn_lost_synack++;
+                                       tcpstat.tcps_ecn_server_success--;
+                                       tp->ecn_flags |= TE_LOST_SYNACK;
+                               }
+
+                               tp->ecn_flags &=
+                                   ~(TE_SETUPRECEIVED | TE_SENDIPECT |
+                                   TE_SENDCWR);
+                       }
+               }
+       } else if ((flags & (TH_SYN | TH_ACK)) == TH_SYN &&
+           (tp->ecn_flags & TE_ENABLE_ECN)) {
+               if (tcp_send_ecn_flags_on_syn(tp, so)) {
+                       /*
+                        * Setting TH_ECE and TH_CWR makes this an
+                        * ECN-setup SYN
+                        */
+                       flags |= (TH_ECE | TH_CWR);
+                       tcpstat.tcps_ecn_client_setup++;
+                       tp->ecn_flags |= TE_CLIENT_SETUP;
+
+                       /*
+                        * Record that we sent the ECN-setup and default to
+                        * setting IP ECT.
+                        */
+                       tp->ecn_flags |= (TE_SETUPSENT | TE_SENDIPECT);
+               } else {
+                       /*
+                        * We sent an ECN-setup SYN but it was dropped.
+                        * Fall back to non-ECN and clear flag indicating
+                        * we should send data with IP ECT set.
+                        */
+                       if (tp->ecn_flags & TE_SETUPSENT) {
+                               tcpstat.tcps_ecn_lost_syn++;
+                               tp->ecn_flags |= TE_LOST_SYN;
+                       }
+                       tp->ecn_flags &= ~TE_SENDIPECT;
+               }
+       }
+
+       /*
+        * Check if we should set the TCP CWR flag.
+        * CWR flag is sent when we reduced the congestion window because
+        * we received a TCP ECE or we performed a fast retransmit. We
+        * never set the CWR flag on retransmitted packets. We only set
+        * the CWR flag on data packets. Pure acks don't have this set.
+        */
+       if ((tp->ecn_flags & TE_SENDCWR) != 0 && len != 0 &&
+           !SEQ_LT(tp->snd_nxt, tp->snd_max) && !sack_rxmit) {
+               flags |= TH_CWR;
+               tp->ecn_flags &= ~TE_SENDCWR;
+       }
+
+       /*
+        * Check if we should set the TCP ECE flag.
+        */
+       if ((tp->ecn_flags & TE_SENDECE) != 0 && len == 0) {
+               flags |= TH_ECE;
+               tcpstat.tcps_ecn_sent_ece++;
+       }
+
+
        hdrlen += optlen;
 
        hdrlen += optlen;
 
+       /* Reset DSACK sequence numbers */
+       tp->t_dsack_lseq = 0;
+       tp->t_dsack_rseq = 0;
+
 #if INET6
        if (isipv6)
                ipoptlen = ip6_optlen(inp);
 #if INET6
        if (isipv6)
                ipoptlen = ip6_optlen(inp);
@@ -1342,8 +1819,9 @@ send:
                if (tp_inp_options) {
                        ipoptlen = tp_inp_options->m_len -
                                offsetof(struct ipoption, ipopt_list);
                if (tp_inp_options) {
                        ipoptlen = tp_inp_options->m_len -
                                offsetof(struct ipoption, ipopt_list);
-               } else
+               } else {
                        ipoptlen = 0;
                        ipoptlen = 0;
+               }
        }
 #if IPSEC
                ipoptlen += ipsec_optlen;
        }
 #if IPSEC
                ipoptlen += ipsec_optlen;
@@ -1364,61 +1842,52 @@ send:
         */
        if (len + optlen + ipoptlen > tp->t_maxopd) {
                /*
         */
        if (len + optlen + ipoptlen > tp->t_maxopd) {
                /*
-                * If there is still more to send, don't close the connection.
+                * If there is still more to send,
+                * don't close the connection.
                 */
                flags &= ~TH_FIN;
                if (tso) {
                        int32_t tso_maxlen;
 
                 */
                flags &= ~TH_FIN;
                if (tso) {
                        int32_t tso_maxlen;
 
-                       tso_maxlen = tp->tso_max_segment_size ? tp->tso_max_segment_size : TCP_MAXWIN;
+                       tso_maxlen = tp->tso_max_segment_size ?
+                               tp->tso_max_segment_size : TCP_MAXWIN;
 
                        if (len > tso_maxlen - hdrlen - optlen) {
                                len = tso_maxlen - hdrlen - optlen;
                                len = len - (len % (tp->t_maxopd - optlen));
                                sendalot = 1;
 
                        if (len > tso_maxlen - hdrlen - optlen) {
                                len = tso_maxlen - hdrlen - optlen;
                                len = len - (len % (tp->t_maxopd - optlen));
                                sendalot = 1;
-                       } else if (tp->t_flags & TF_NEEDFIN)
+                       } else if (tp->t_flags & TF_NEEDFIN) {
                                sendalot = 1;
                                sendalot = 1;
+                       }
                } else {
                        len = tp->t_maxopd - optlen - ipoptlen;
                        sendalot = 1;
                }
        }
                } else {
                        len = tp->t_maxopd - optlen - ipoptlen;
                        sendalot = 1;
                }
        }
-#if MPTCP
-       /* Adjust the length in the DSS option, if it is lesser than len */
-       if (dlenp) {
-               /*
-                * To test this path without SACK, artificially
-                * decrement len with something like
-                * if (len > 10)
-                       len -= 10;
-                */
-               if (ntohs(*dlenp) > len) {
-                       *dlenp = htons(len);
-                       /* Unset the FIN flag, if len was adjusted */
-                       if (finp) {
-                               *finp &= ~MDSS_F;
-                       }
-                       sendalot = 1;
-               }
-       }
-#endif /* MPTCP */
 
        if (max_linkhdr + hdrlen > MCLBYTES)
                panic("tcphdr too big");
 
        /* Check if there is enough data in the send socket
 
        if (max_linkhdr + hdrlen > MCLBYTES)
                panic("tcphdr too big");
 
        /* Check if there is enough data in the send socket
-        * buffer to start measuring b
+        * buffer to start measuring bandwidth
         */
        if ((tp->t_flagsext & TF_MEASURESNDBW) != 0 &&
                (tp->t_bwmeas != NULL) &&
         */
        if ((tp->t_flagsext & TF_MEASURESNDBW) != 0 &&
                (tp->t_bwmeas != NULL) &&
-               (tp->t_flagsext & TF_BWMEAS_INPROGRESS) == 0 &&
-               (so->so_snd.sb_cc - (tp->snd_max - tp->snd_una)) >= 
-                       tp->t_bwmeas->bw_minsize) {
-               tp->t_bwmeas->bw_size = min((so->so_snd.sb_cc - (tp->snd_max - tp->snd_una)),
-                       tp->t_bwmeas->bw_maxsize);
-               tp->t_flagsext |= TF_BWMEAS_INPROGRESS;
-               tp->t_bwmeas->bw_start = tp->snd_max;
-               tp->t_bwmeas->bw_ts = tcp_now;
+               (tp->t_flagsext & TF_BWMEAS_INPROGRESS) == 0) {
+               tp->t_bwmeas->bw_size = min(min(
+                   (so->so_snd.sb_cc - (tp->snd_max - tp->snd_una)),
+                   tp->snd_cwnd), tp->snd_wnd);
+               if (tp->t_bwmeas->bw_minsize > 0 &&
+                   tp->t_bwmeas->bw_size < tp->t_bwmeas->bw_minsize)
+                       tp->t_bwmeas->bw_size = 0;
+               if (tp->t_bwmeas->bw_maxsize > 0)
+                       tp->t_bwmeas->bw_size = min(tp->t_bwmeas->bw_size,
+                           tp->t_bwmeas->bw_maxsize);
+               if (tp->t_bwmeas->bw_size > 0) {
+                       tp->t_flagsext |= TF_BWMEAS_INPROGRESS;
+                       tp->t_bwmeas->bw_start = tp->snd_max;
+                       tp->t_bwmeas->bw_ts = tcp_now;
+               }
        }
 
        VERIFY(inp->inp_flowhash != 0);
        }
 
        VERIFY(inp->inp_flowhash != 0);
@@ -1428,7 +1897,8 @@ send:
         * the template for sends on this connection.
         */
        if (len) {
         * the template for sends on this connection.
         */
        if (len) {
-               if (tp->t_force && len == 1)
+               tp->t_pmtud_lastseg_size = len + optlen + ipoptlen;
+               if ((tp->t_flagsext & TF_FORCE) && len == 1)
                        tcpstat.tcps_sndprobe++;
                else if (SEQ_LT(tp->snd_nxt, tp->snd_max) || sack_rxmit) {
                        tcpstat.tcps_sndrexmitpack++;
                        tcpstat.tcps_sndprobe++;
                else if (SEQ_LT(tp->snd_nxt, tp->snd_max) || sack_rxmit) {
                        tcpstat.tcps_sndrexmitpack++;
@@ -1436,19 +1906,26 @@ send:
                        if (nstat_collect) {
                                nstat_route_tx(inp->inp_route.ro_rt, 1,
                                        len, NSTAT_TX_FLAG_RETRANSMIT);
                        if (nstat_collect) {
                                nstat_route_tx(inp->inp_route.ro_rt, 1,
                                        len, NSTAT_TX_FLAG_RETRANSMIT);
-                               INP_ADD_STAT(inp, cell, wifi, txpackets, 1);
-                               INP_ADD_STAT(inp, cell, wifi, txbytes, len);
+                               INP_ADD_STAT(inp, cell, wifi, wired,
+                                   txpackets, 1);
+                               INP_ADD_STAT(inp, cell, wifi, wired,
+                                   txbytes, len);
                                tp->t_stat.txretransmitbytes += len;
                                tp->t_stat.txretransmitbytes += len;
+                               tp->t_stat.rxmitpkts++;
                        }
                } else {
                        tcpstat.tcps_sndpack++;
                        tcpstat.tcps_sndbyte += len;
                        }
                } else {
                        tcpstat.tcps_sndpack++;
                        tcpstat.tcps_sndbyte += len;
-                       
+
                        if (nstat_collect) {
                        if (nstat_collect) {
-                               INP_ADD_STAT(inp, cell, wifi, txpackets, 1);
-                               INP_ADD_STAT(inp, cell, wifi, txbytes, len);
+                               INP_ADD_STAT(inp, cell, wifi, wired,
+                                   txpackets, 1);
+                               INP_ADD_STAT(inp, cell, wifi, wired,
+                                   txbytes, len);
                        }
                        }
+                       inp_decr_sndbytes_unsent(so, len);
                }
                }
+               inp_set_activity_bitmap(inp);
 #if MPTCP
                if (tp->t_mpflags & TMPF_MPTCP_TRUE) {
                        tcpstat.tcps_mp_sndpacks++;
 #if MPTCP
                if (tp->t_mpflags & TMPF_MPTCP_TRUE) {
                        tcpstat.tcps_mp_sndpacks++;
@@ -1456,9 +1933,9 @@ send:
                }
 #endif /* MPTCP */
                /*
                }
 #endif /* MPTCP */
                /*
-                * try to use the new interface that allocates all 
-                * the necessary mbuf hdrs under 1 mbuf lock and 
-                * avoids rescanning the socket mbuf list if 
+                * try to use the new interface that allocates all
+                * the necessary mbuf hdrs under 1 mbuf lock and
+                * avoids rescanning the socket mbuf list if
                 * certain conditions are met.  This routine can't
                 * be used in the following cases...
                 * 1) the protocol headers exceed the capacity of
                 * certain conditions are met.  This routine can't
                 * be used in the following cases...
                 * 1) the protocol headers exceed the capacity of
@@ -1516,50 +1993,24 @@ send:
                         */
                        copymode = M_COPYM_MOVE_HDR;
 #if MPTCP
                         */
                        copymode = M_COPYM_MOVE_HDR;
 #if MPTCP
-                       if ((tp->t_mpflags & TMPF_MPTCP_TRUE) ||
-                           (tp->t_mpflags & TMPF_TCP_FALLBACK)) {
+                       if (so->so_flags & SOF_MP_SUBFLOW) {
                                copymode = M_COPYM_NOOP_HDR;
                        }
 #endif /* MPTCP */
                        if (m != NULL) {
                                copymode = M_COPYM_NOOP_HDR;
                        }
 #endif /* MPTCP */
                        if (m != NULL) {
-                               m->m_next = m_copym_mode(so->so_snd.sb_mb, off,
-                                   (int) len, M_DONTWAIT, copymode);
+                               m->m_next = m_copym_mode(so->so_snd.sb_mb,
+                                   off, (int)len, M_DONTWAIT, copymode);
                                if (m->m_next == NULL) {
                                        (void) m_free(m);
                                        error = ENOBUFS;
                                        goto out;
                                }
                        } else {
                                if (m->m_next == NULL) {
                                        (void) m_free(m);
                                        error = ENOBUFS;
                                        goto out;
                                }
                        } else {
-                               /*
-                                * determine whether the mbuf pointer and
-                                * offset passed back by the 'last' call to
-                                * m_copym_with_hdrs are still valid... if the
-                                * head of the socket chain has changed (due
-                                * to an incoming ACK for instance), or the
-                                * offset into the chain we just computed is
-                                * different from the one last returned by
-                                * m_copym_with_hdrs (perhaps we're re-
-                                * transmitting a packet sent earlier), then
-                                * we can't pass the mbuf pointer and offset
-                                * into it as valid hints for m_copym_with_hdrs
-                                * to use (if valid, these hints allow
-                                * m_copym_with_hdrs to avoid rescanning from
-                                * the beginning of the socket buffer mbuf list.
-                                *
-                                * Setting the mbuf pointer to NULL is
-                                * sufficient to disable the hint mechanism.
-                                */
-                               if (m_head != so->so_snd.sb_mb || sack_rxmit ||
-                                   last_off != off)
-                                       m_lastm = NULL;
-                               last_off = off + len;
-                               m_head = so->so_snd.sb_mb;
-
                                /*
                                 * make sure we still have data left
                                 * to be sent at this point
                                 */
                                /*
                                 * make sure we still have data left
                                 * to be sent at this point
                                 */
-                               if (m_head == NULL) {
+                               if (so->so_snd.sb_mb == NULL) {
                                        error = 0; /* should we return an error? */
                                        goto out;
                                }
                                        error = 0; /* should we return an error? */
                                        goto out;
                                }
@@ -1571,7 +2022,7 @@ send:
                                 * whether a valid 'hint' was passed in or not.
                                 */
                                if ((m = m_copym_with_hdrs(so->so_snd.sb_mb,
                                 * whether a valid 'hint' was passed in or not.
                                 */
                                if ((m = m_copym_with_hdrs(so->so_snd.sb_mb,
-                                   off, len, M_DONTWAIT, &m_lastm, &m_off,
+                                   off, len, M_DONTWAIT, NULL, NULL,
                                    copymode)) == NULL) {
                                        error = ENOBUFS;
                                        goto out;
                                    copymode)) == NULL) {
                                        error = ENOBUFS;
                                        goto out;
@@ -1585,8 +2036,10 @@ send:
                 * (This will keep happy those implementations which only
                 * give data to the user when a buffer fills or
                 * a PUSH comes in.)
                 * (This will keep happy those implementations which only
                 * give data to the user when a buffer fills or
                 * a PUSH comes in.)
+                *
+                * On SYN-segments we should not add the PUSH-flag.
                 */
                 */
-               if (off + len == so->so_snd.sb_cc)
+               if (off + len == so->so_snd.sb_cc && !(flags & TH_SYN))
                        flags |= TH_PUSH;
        } else {
                if (tp->t_flags & TF_ACKNOW)
                        flags |= TH_PUSH;
        } else {
                if (tp->t_flags & TF_ACKNOW)
@@ -1604,21 +2057,17 @@ send:
                        goto out;
                }
                if (MHLEN < (hdrlen + max_linkhdr)) {
                        goto out;
                }
                if (MHLEN < (hdrlen + max_linkhdr)) {
-                       MCLGET(m, M_DONTWAIT);
-                       if ((m->m_flags & M_EXT) == 0) {
-                               m_freem(m);
-                               error = ENOBUFS;
-                               goto out;
-                       }
+                       MCLGET(m, M_DONTWAIT);
+                       if ((m->m_flags & M_EXT) == 0) {
+                               m_freem(m);
+                               error = ENOBUFS;
+                               goto out;
+                       }
                }
                m->m_data += max_linkhdr;
                m->m_len = hdrlen;
        }
        m->m_pkthdr.rcvif = 0;
                }
                m->m_data += max_linkhdr;
                m->m_len = hdrlen;
        }
        m->m_pkthdr.rcvif = 0;
-#if MPTCP
-       /* Before opt is copied to the mbuf, set the csum field */
-       mptcp_output_csum(tp, m, len, hdrlen, dss_val, sseqp);
-#endif /* MPTCP */
 #if CONFIG_MACF_NET
        mac_mbuf_label_associate_inpcb(inp, m);
 #endif
 #if CONFIG_MACF_NET
        mac_mbuf_label_associate_inpcb(inp, m);
 #endif
@@ -1632,6 +2081,10 @@ send:
                        ip6->ip6_flow |= htonl(IPTOS_ECN_ECT0 << 20);
                }
                svc_flags |= PKT_SCF_IPV6;
                        ip6->ip6_flow |= htonl(IPTOS_ECN_ECT0 << 20);
                }
                svc_flags |= PKT_SCF_IPV6;
+#if PF_ECN
+               m_pftag(m)->pftag_hdr = (void *)ip6;
+               m_pftag(m)->pftag_flags |= PF_TAG_HDR_INET6;
+#endif /* PF_ECN */
        } else
 #endif /* INET6 */
        {
        } else
 #endif /* INET6 */
        {
@@ -1641,9 +2094,14 @@ send:
                /* this picks up the pseudo header (w/o the length) */
                tcp_fillheaders(tp, ip, th);
                if ((tp->ecn_flags & TE_SENDIPECT) != 0 && len &&
                /* this picks up the pseudo header (w/o the length) */
                tcp_fillheaders(tp, ip, th);
                if ((tp->ecn_flags & TE_SENDIPECT) != 0 && len &&
-                       !SEQ_LT(tp->snd_nxt, tp->snd_max) && !sack_rxmit) {
-                       ip->ip_tos = IPTOS_ECN_ECT0;
+                   !SEQ_LT(tp->snd_nxt, tp->snd_max) &&
+                   !sack_rxmit && !(flags & TH_SYN)) {
+                       ip->ip_tos |= IPTOS_ECN_ECT0;
                }
                }
+#if PF_ECN
+               m_pftag(m)->pftag_hdr = (void *)ip;
+               m_pftag(m)->pftag_flags |= PF_TAG_HDR_INET;
+#endif /* PF_ECN */
        }
 
        /*
        }
 
        /*
@@ -1651,7 +2109,7 @@ send:
         * window for use in delaying messages about window sizes.
         * If resending a FIN, be sure not to use a new sequence number.
         */
         * window for use in delaying messages about window sizes.
         * If resending a FIN, be sure not to use a new sequence number.
         */
-       if (flags & TH_FIN && (tp->t_flags & TF_SENTFIN) &&
+       if ((flags & TH_FIN) && (tp->t_flags & TF_SENTFIN) &&
            tp->snd_nxt == tp->snd_max)
                tp->snd_nxt--;
        /*
            tp->snd_nxt == tp->snd_max)
                tp->snd_nxt--;
        /*
@@ -1666,57 +2124,63 @@ send:
         * right edge of the window, so use snd_nxt in that
         * case, since we know we aren't doing a retransmission.
         * (retransmit and persist are mutually exclusive...)
         * right edge of the window, so use snd_nxt in that
         * case, since we know we aren't doing a retransmission.
         * (retransmit and persist are mutually exclusive...)
+        *
+        * Note the state of this retransmit segment to detect spurious
+        * retransmissions.
         */
        if (sack_rxmit == 0) {
         */
        if (sack_rxmit == 0) {
-               if (len || (flags & (TH_SYN|TH_FIN)) || tp->t_timer[TCPT_PERSIST])
+               if (len || (flags & (TH_SYN|TH_FIN)) ||
+                   tp->t_timer[TCPT_PERSIST]) {
                        th->th_seq = htonl(tp->snd_nxt);
                        th->th_seq = htonl(tp->snd_nxt);
-               else
+                       if (len > 0) {
+                               m->m_pkthdr.tx_start_seq = tp->snd_nxt;
+                               m->m_pkthdr.pkt_flags |= PKTF_START_SEQ;
+                       }
+                       if (SEQ_LT(tp->snd_nxt, tp->snd_max)) {
+                               if (SACK_ENABLED(tp) && len > 1) {
+                                       tcp_rxtseg_insert(tp, tp->snd_nxt,
+                                           (tp->snd_nxt + len - 1));
+                               }
+                               if (len > 0)
+                                       m->m_pkthdr.pkt_flags |=
+                                           PKTF_TCP_REXMT;
+                       }
+               } else {
                        th->th_seq = htonl(tp->snd_max);
                        th->th_seq = htonl(tp->snd_max);
+               }
        } else {
                th->th_seq = htonl(p->rxmit);
        } else {
                th->th_seq = htonl(p->rxmit);
+               if (len > 0) {
+                       m->m_pkthdr.pkt_flags |=
+                           (PKTF_TCP_REXMT | PKTF_START_SEQ);
+                       m->m_pkthdr.tx_start_seq = p->rxmit;
+               }
+               tcp_rxtseg_insert(tp, p->rxmit, (p->rxmit + len - 1));
                p->rxmit += len;
                tp->sackhint.sack_bytes_rexmit += len;
        }
        th->th_ack = htonl(tp->rcv_nxt);
        tp->last_ack_sent = tp->rcv_nxt;
                p->rxmit += len;
                tp->sackhint.sack_bytes_rexmit += len;
        }
        th->th_ack = htonl(tp->rcv_nxt);
        tp->last_ack_sent = tp->rcv_nxt;
-
        if (optlen) {
                bcopy(opt, th + 1, optlen);
                th->th_off = (sizeof (struct tcphdr) + optlen) >> 2;
        }
        th->th_flags = flags;
        if (optlen) {
                bcopy(opt, th + 1, optlen);
                th->th_off = (sizeof (struct tcphdr) + optlen) >> 2;
        }
        th->th_flags = flags;
-       /*
-        * Calculate receive window.  Don't shrink window,
-        * but avoid silly window syndrome.
-        */
-       if (recwin < (int32_t)(so->so_rcv.sb_hiwat / 4) && recwin < (int)tp->t_maxseg)
-               recwin = 0;
-       if (recwin < (int32_t)(tp->rcv_adv - tp->rcv_nxt))
-               recwin = (int32_t)(tp->rcv_adv - tp->rcv_nxt);
-       if (tp->t_flags & TF_SLOWLINK && slowlink_wsize > 0) {
-               if (recwin > (int32_t)slowlink_wsize) 
-                       recwin = slowlink_wsize;
-       }
+       th->th_win = htons((u_short) (recwin>>tp->rcv_scale));
+       if (!(so->so_flags & SOF_MP_SUBFLOW)) {
+               if (recwin > 0 && SEQ_LT(tp->rcv_adv, tp->rcv_nxt + recwin)) {
+                       tp->rcv_adv = tp->rcv_nxt + recwin;
+               }
+       } else {
+               struct mptcb *mp_tp = tptomptp(tp);
+               if (recwin > 0) {
+                       tp->rcv_adv = tp->rcv_nxt + recwin;
+               }
 
 
-#if TRAFFIC_MGT
-       if (tcp_recv_bg == 1  || IS_TCP_RECV_BG(so)) {
-               if (tcp_recv_throttle(tp)) {
-                       uint32_t min_iaj_win = 
-                               tcp_min_iaj_win * tp->t_maxseg;
-                       if (tp->iaj_rwintop == 0 ||
-                               SEQ_LT(tp->iaj_rwintop, tp->rcv_adv))
-                               tp->iaj_rwintop = tp->rcv_adv; 
-                       if (SEQ_LT(tp->iaj_rwintop, 
-                               tp->rcv_nxt + min_iaj_win))
-                               tp->iaj_rwintop =  tp->rcv_nxt + min_iaj_win;
-                       recwin = min(tp->iaj_rwintop - tp->rcv_nxt, recwin);
+               if (recwin > 0 && SEQ_LT(mp_tp->mpt_rcvadv, (uint32_t)mp_tp->mpt_rcvnxt + recwin)) {
+                       mp_tp->mpt_rcvadv = (uint32_t)mp_tp->mpt_rcvnxt + recwin;
                }
        }
                }
        }
-#endif /* TRAFFIC_MGT */
-
-       if (recwin > (int32_t)(TCP_MAXWIN << tp->rcv_scale))
-               recwin = (int32_t)(TCP_MAXWIN << tp->rcv_scale);
-       th->th_win = htons((u_short) (recwin>>tp->rcv_scale));
 
        /*
         * Adjust the RXWIN0SENT flag - indicate that we have advertised
 
        /*
         * Adjust the RXWIN0SENT flag - indicate that we have advertised
@@ -1730,6 +2194,7 @@ send:
                tp->t_flags |= TF_RXWIN0SENT;
        else
                tp->t_flags &= ~TF_RXWIN0SENT;
                tp->t_flags |= TF_RXWIN0SENT;
        else
                tp->t_flags &= ~TF_RXWIN0SENT;
+
        if (SEQ_GT(tp->snd_up, tp->snd_nxt)) {
                th->th_urp = htons((u_short)(tp->snd_up - tp->snd_nxt));
                th->th_flags |= TH_URG;
        if (SEQ_GT(tp->snd_up, tp->snd_nxt)) {
                th->th_urp = htons((u_short)(tp->snd_up - tp->snd_nxt));
                th->th_flags |= TH_URG;
@@ -1748,6 +2213,17 @@ send:
         * checksum extended header and data.
         */
        m->m_pkthdr.len = hdrlen + len; /* in6_cksum() need this */
         * checksum extended header and data.
         */
        m->m_pkthdr.len = hdrlen + len; /* in6_cksum() need this */
+
+       /*
+        * If this is potentially the last packet on the stream, then mark
+        * it in order to enable some optimizations in the underlying
+        * layers
+        */
+       if (tp->t_state != TCPS_ESTABLISHED &&
+           (tp->t_state == TCPS_CLOSING || tp->t_state == TCPS_TIME_WAIT
+           || tp->t_state == TCPS_LAST_ACK || (th->th_flags & TH_RST)))
+               m->m_pkthdr.pkt_flags |= PKTF_LAST_PKT;
+
 #if INET6
        if (isipv6) {
                /*
 #if INET6
        if (isipv6) {
                /*
@@ -1757,7 +2233,7 @@ send:
                m->m_pkthdr.csum_flags = CSUM_TCPIPV6;
                m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
                if (len + optlen)
                m->m_pkthdr.csum_flags = CSUM_TCPIPV6;
                m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
                if (len + optlen)
-                       th->th_sum = in_addword(th->th_sum, 
+                       th->th_sum = in_addword(th->th_sum,
                                htons((u_short)(optlen + len)));
        }
        else
                                htons((u_short)(optlen + len)));
        }
        else
@@ -1766,7 +2242,7 @@ send:
                m->m_pkthdr.csum_flags = CSUM_TCP;
                m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
                if (len + optlen)
                m->m_pkthdr.csum_flags = CSUM_TCP;
                m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
                if (len + optlen)
-                       th->th_sum = in_addword(th->th_sum, 
+                       th->th_sum = in_addword(th->th_sum,
                                htons((u_short)(optlen + len)));
        }
 
                                htons((u_short)(optlen + len)));
        }
 
@@ -1791,7 +2267,8 @@ send:
         * In transmit state, time the transmission and arrange for
         * the retransmit.  In persist state, just set snd_max.
         */
         * In transmit state, time the transmission and arrange for
         * the retransmit.  In persist state, just set snd_max.
         */
-       if (tp->t_force == 0 || tp->t_timer[TCPT_PERSIST] == 0) {
+       if (!(tp->t_flagsext & TF_FORCE)
+           || tp->t_timer[TCPT_PERSIST] == 0) {
                tcp_seq startseq = tp->snd_nxt;
 
                /*
                tcp_seq startseq = tp->snd_nxt;
 
                /*
@@ -1800,16 +2277,24 @@ send:
                if (flags & (TH_SYN|TH_FIN)) {
                        if (flags & TH_SYN)
                                tp->snd_nxt++;
                if (flags & (TH_SYN|TH_FIN)) {
                        if (flags & TH_SYN)
                                tp->snd_nxt++;
-                       if (flags & TH_FIN) {
+                       if ((flags & TH_FIN) &&
+                               !(tp->t_flags & TF_SENTFIN)) {
                                tp->snd_nxt++;
                                tp->t_flags |= TF_SENTFIN;
                        }
                }
                if (sack_rxmit)
                        goto timer;
                                tp->snd_nxt++;
                                tp->t_flags |= TF_SENTFIN;
                        }
                }
                if (sack_rxmit)
                        goto timer;
-               tp->snd_nxt += len;
+               if (sack_rescue_rxt == TRUE) {
+                       tp->snd_nxt = old_snd_nxt;
+                       sack_rescue_rxt = FALSE;
+                       tcpstat.tcps_pto_in_recovery++;
+               } else {
+                       tp->snd_nxt += len;
+               }
                if (SEQ_GT(tp->snd_nxt, tp->snd_max)) {
                        tp->snd_max = tp->snd_nxt;
                if (SEQ_GT(tp->snd_nxt, tp->snd_max)) {
                        tp->snd_max = tp->snd_nxt;
+                       tp->t_sndtime = tcp_now;
                        /*
                         * Time this transmission if not a retransmission and
                         * not currently timing anything.
                        /*
                         * Time this transmission if not a retransmission and
                         * not currently timing anything.
@@ -1818,28 +2303,64 @@ send:
                                tp->t_rtttime = tcp_now;
                                tp->t_rtseq = startseq;
                                tcpstat.tcps_segstimed++;
                                tp->t_rtttime = tcp_now;
                                tp->t_rtseq = startseq;
                                tcpstat.tcps_segstimed++;
+
+                               /* update variables related to pipe ack */
+                               tp->t_pipeack_lastuna = tp->snd_una;
                        }
                }
 
                /*
                 * Set retransmit timer if not currently set,
                 * and not doing an ack or a keep-alive probe.
                        }
                }
 
                /*
                 * Set retransmit timer if not currently set,
                 * and not doing an ack or a keep-alive probe.
-                * Initial value for retransmit timer is smoothed
-                * round-trip time + 2 * round-trip time variance.
-                * Initialize shift counter which is used for backoff
-                * of retransmit time.
                 */
 timer:
                if (tp->t_timer[TCPT_REXMT] == 0 &&
                    ((sack_rxmit && tp->snd_nxt != tp->snd_max) ||
                 */
 timer:
                if (tp->t_timer[TCPT_REXMT] == 0 &&
                    ((sack_rxmit && tp->snd_nxt != tp->snd_max) ||
-                       tp->snd_nxt != tp->snd_una)) {
+                       tp->snd_nxt != tp->snd_una || (flags & TH_FIN))) {
                        if (tp->t_timer[TCPT_PERSIST]) {
                                tp->t_timer[TCPT_PERSIST] = 0;
                        if (tp->t_timer[TCPT_PERSIST]) {
                                tp->t_timer[TCPT_PERSIST] = 0;
-                               tp->t_rxtshift = 0;
-                               tp->t_rxtstart = 0;
                                tp->t_persist_stop = 0;
                                tp->t_persist_stop = 0;
+                               TCP_RESET_REXMT_STATE(tp);
                        }
                        }
-                       tp->t_timer[TCPT_REXMT] = OFFSET_FROM_START(tp, tp->t_rxtcur);
+                       tp->t_timer[TCPT_REXMT] =
+                               OFFSET_FROM_START(tp, tp->t_rxtcur);
+               }
+
+               /*
+                * Set tail loss probe timeout if new data is being
+                * transmitted. This will be supported only when
+                * SACK option is enabled on a connection.
+                *
+                * Every time new data is sent PTO will get reset.
+                */
+               if (tcp_enable_tlp && len != 0 && tp->t_state == TCPS_ESTABLISHED &&
+                   SACK_ENABLED(tp) && !IN_FASTRECOVERY(tp) &&
+                   tp->snd_nxt == tp->snd_max &&
+                   SEQ_GT(tp->snd_nxt, tp->snd_una) &&
+                   tp->t_rxtshift == 0 &&
+                   (tp->t_flagsext & (TF_SENT_TLPROBE|TF_PKTS_REORDERED)) == 0) {
+                       u_int32_t pto, srtt;
+
+                       /*
+                        * Using SRTT alone to set PTO can cause spurious
+                        * retransmissions on wireless networks where there
+                        * is a lot of variance in RTT. Taking variance
+                        * into account will avoid this.
+                        */
+                       srtt = tp->t_srtt >> TCP_RTT_SHIFT;
+                       pto = ((TCP_REXMTVAL(tp)) * 3) >> 1;
+                       pto = max (2 * srtt, pto);
+                       if ((tp->snd_max - tp->snd_una) == tp->t_maxseg)
+                               pto = max(pto,
+                                   (((3 * pto) >> 2) + tcp_delack * 2));
+                       else
+                               pto = max(10, pto);
+
+                       /* if RTO is less than PTO, choose RTO instead */
+                       if (tp->t_rxtcur < pto)
+                               pto = tp->t_rxtcur;
+
+                       tp->t_timer[TCPT_PTO] = OFFSET_FROM_START(tp, pto);
                }
        } else {
                /*
                }
        } else {
                /*
@@ -1849,12 +2370,15 @@ timer:
                int xlen = len;
                if (flags & TH_SYN)
                        ++xlen;
                int xlen = len;
                if (flags & TH_SYN)
                        ++xlen;
-               if (flags & TH_FIN) {
+               if ((flags & TH_FIN) &&
+                       !(tp->t_flags & TF_SENTFIN)) {
                        ++xlen;
                        tp->t_flags |= TF_SENTFIN;
                }
                        ++xlen;
                        tp->t_flags |= TF_SENTFIN;
                }
-               if (SEQ_GT(tp->snd_nxt + xlen, tp->snd_max))
+               if (SEQ_GT(tp->snd_nxt + xlen, tp->snd_max)) {
                        tp->snd_max = tp->snd_nxt + len;
                        tp->snd_max = tp->snd_nxt + len;
+                       tp->t_sndtime = tcp_now;
+               }
        }
 
 #if TCPDEBUG
        }
 
 #if TCPDEBUG
@@ -1919,9 +2443,29 @@ timer:
                if (path_mtu_discovery && (tp->t_flags & TF_PMTUD))
                        ip->ip_off |= IP_DF;
 
                if (path_mtu_discovery && (tp->t_flags & TF_PMTUD))
                        ip->ip_off |= IP_DF;
 
+#if NECP
+       {
+               necp_kernel_policy_id policy_id;
+               necp_kernel_policy_id skip_policy_id;
+               u_int32_t route_rule_id;
+               if (!necp_socket_is_allowed_to_send_recv(inp, NULL, &policy_id, &route_rule_id, &skip_policy_id)) {
+                       TCP_LOG_DROP_NECP(isipv6 ? (void *)ip6 : (void *)ip, th, tp, true);
+                       m_freem(m);
+                       error = EHOSTUNREACH;
+                       goto out;
+               }
+               necp_mark_packet_from_socket(m, inp, policy_id, route_rule_id, skip_policy_id);
+
+               if (net_qos_policy_restricted != 0) {
+                       necp_socket_update_qos_marking(inp, inp->inp_route.ro_rt,
+                           NULL, route_rule_id);
+               }
+       }
+#endif /* NECP */
+
 #if IPSEC
 #if IPSEC
-       if (ipsec_bypass == 0)
-               ipsec_setsocket(m, so);
+       if (inp->inp_sp != NULL)
+               ipsec_setsocket(m, so);
 #endif /*IPSEC*/
 
        /*
 #endif /*IPSEC*/
 
        /*
@@ -1935,13 +2479,13 @@ timer:
         */
        m->m_pkthdr.pkt_flowsrc = FLOWSRC_INPCB;
        m->m_pkthdr.pkt_flowid = inp->inp_flowhash;
         */
        m->m_pkthdr.pkt_flowsrc = FLOWSRC_INPCB;
        m->m_pkthdr.pkt_flowid = inp->inp_flowhash;
-       m->m_pkthdr.pkt_flags |= PKTF_FLOW_ID | PKTF_FLOW_LOCALSRC;
-#if MPTCP
-       /* Disable flow advisory when using MPTCP. */
-       if (!(tp->t_mpflags & TMPF_MPTCP_TRUE))
-#endif /* MPTCP */
-               m->m_pkthdr.pkt_flags |= PKTF_FLOW_ADV;
+       m->m_pkthdr.pkt_flags |= (PKTF_FLOW_ID | PKTF_FLOW_LOCALSRC | PKTF_FLOW_ADV);
        m->m_pkthdr.pkt_proto = IPPROTO_TCP;
        m->m_pkthdr.pkt_proto = IPPROTO_TCP;
+       m->m_pkthdr.tx_tcp_pid = so->last_pid;
+       if (so->so_flags & SOF_DELEGATED)
+               m->m_pkthdr.tx_tcp_e_pid = so->e_pid;
+       else
+               m->m_pkthdr.tx_tcp_e_pid = 0;
 
        m->m_nextpkt = NULL;
 
 
        m->m_nextpkt = NULL;
 
@@ -1949,21 +2493,34 @@ timer:
            !(inp->inp_last_outifp->if_flags & IFF_LOOPBACK)) {
                /* Hint to prioritize this packet if
                 * 1. if the packet has no data
            !(inp->inp_last_outifp->if_flags & IFF_LOOPBACK)) {
                /* Hint to prioritize this packet if
                 * 1. if the packet has no data
-                * 2. the interface supports transmit-start model and did 
+                * 2. the interface supports transmit-start model and did
                 *    not disable ACK prioritization.
                 * 3. Only ACK flag is set.
                 * 4. there is no outstanding data on this connection.
                 */
                if (tcp_prioritize_acks != 0 && len == 0 &&
                 *    not disable ACK prioritization.
                 * 3. Only ACK flag is set.
                 * 4. there is no outstanding data on this connection.
                 */
                if (tcp_prioritize_acks != 0 && len == 0 &&
-                   (inp->inp_last_outifp->if_eflags & 
-                       (IFEF_TXSTART | IFEF_NOACKPRI)) == IFEF_TXSTART &&
-                   th->th_flags == TH_ACK && tp->snd_una == tp->snd_max &&
-                   tp->t_timer[TCPT_REXMT] == 0) {
-                       svc_flags |= PKT_SCF_TCP_ACK;
+                   (inp->inp_last_outifp->if_eflags &
+                   (IFEF_TXSTART | IFEF_NOACKPRI)) == IFEF_TXSTART) {
+                       if (th->th_flags == TH_ACK &&
+                           tp->snd_una == tp->snd_max &&
+                           tp->t_timer[TCPT_REXMT] == 0)
+                               svc_flags |= PKT_SCF_TCP_ACK;
+                       if (th->th_flags & TH_SYN)
+                               svc_flags |= PKT_SCF_TCP_SYN;
                }
                }
-               set_packet_service_class(m, so, MBUF_SC_UNSPEC, svc_flags);
+               set_packet_service_class(m, so, sotc, svc_flags);
+       } else {
+               /*
+                * Optimization for loopback just set the mbuf
+                * service class
+                */
+               (void) m_set_service_class(m, so_tc2msc(sotc));
        }
 
        }
 
+       TCP_LOG_TH_FLAGS(isipv6 ? (void *)ip6 : (void *)ip, th, tp, true,
+           inp->inp_last_outifp != NULL ? inp->inp_last_outifp :
+           inp->inp_boundifp);
+
        tp->t_pktlist_sentlen += len;
        tp->t_lastchain++;
 
        tp->t_pktlist_sentlen += len;
        tp->t_lastchain++;
 
@@ -1987,10 +2544,10 @@ timer:
                tp->t_pktlist_head = tp->t_pktlist_tail = m;
        }
 
                tp->t_pktlist_head = tp->t_pktlist_tail = m;
        }
 
-       if ((lro_ackmore) && (!sackoptlen) && (!tp->t_timer[TCPT_PERSIST]) &&
-                       ((th->th_flags & TH_ACK) == TH_ACK) && (!len) &&
-                       (tp->t_state == TCPS_ESTABLISHED)) {
-               /* For a pure ACK, see if you need to send more of them */      
+       if (lro_ackmore && !sackoptlen && tp->t_timer[TCPT_PERSIST] == 0 &&
+           (th->th_flags & TH_ACK) == TH_ACK && len == 0 &&
+           tp->t_state == TCPS_ESTABLISHED) {
+               /* For a pure ACK, see if you need to send more of them */
                mnext = tcp_send_lroacks(tp, m, th);
                if (mnext) {
                        tp->t_pktlist_tail->m_nextpkt = mnext;
                mnext = tcp_send_lroacks(tp, m, th);
                if (mnext) {
                        tp->t_pktlist_tail->m_nextpkt = mnext;
@@ -2012,16 +2569,11 @@ timer:
        }
 
        if (sendalot == 0 || (tp->t_state != TCPS_ESTABLISHED) ||
        }
 
        if (sendalot == 0 || (tp->t_state != TCPS_ESTABLISHED) ||
-             (tp->snd_cwnd <= (tp->snd_wnd / 8)) ||
-             (tp->t_flags & (TH_PUSH | TF_ACKNOW)) || tp->t_force != 0 ||
-             tp->t_lastchain >= tcp_packet_chaining) {
+           (tp->snd_cwnd <= (tp->snd_wnd / 8)) ||
+           (tp->t_flags & TF_ACKNOW) ||
+           (tp->t_flagsext & TF_FORCE) ||
+           tp->t_lastchain >= tcp_packet_chaining) {
                error = 0;
                error = 0;
-
-               /*
-                * Reset the stack memory of offset as the socket 
-                * may get unlocked
-                */
-               m_lastm = NULL;
                while (inp->inp_sndinprog_cnt == 0 &&
                        tp->t_pktlist_head != NULL) {
                        packetlist = tp->t_pktlist_head;
                while (inp->inp_sndinprog_cnt == 0 &&
                        tp->t_pktlist_head != NULL) {
                        packetlist = tp->t_pktlist_head;
@@ -2033,13 +2585,7 @@ timer:
                        error = tcp_ip_output(so, tp, packetlist,
                            packchain_listadd, tp_inp_options,
                            (so_options & SO_DONTROUTE),
                        error = tcp_ip_output(so, tp, packetlist,
                            packchain_listadd, tp_inp_options,
                            (so_options & SO_DONTROUTE),
-                           (sack_rxmit | (sack_bytes_rxmt != 0)), recwin,
-#if INET6
-                           isipv6);
-#else /* INET6 */
-                           0);
-#endif /* !INET6 */
-
+                           (sack_rxmit || (sack_bytes_rxmt != 0)), isipv6);
                        if (error) {
                                /*
                                 * Take into account the rest of unsent
                        if (error) {
                                /*
                                 * Take into account the rest of unsent
@@ -2058,7 +2604,7 @@ timer:
                        (tp->t_flags & TF_CLOSING)) {
                        tp->t_flags &= ~TF_CLOSING;
                        (void) tcp_close(tp);
                        (tp->t_flags & TF_CLOSING)) {
                        tp->t_flags &= ~TF_CLOSING;
                        (void) tcp_close(tp);
-                       return (0);
+                       return 0;
                }
        } else {
                error = 0;
                }
        } else {
                error = 0;
@@ -2075,7 +2621,8 @@ timer:
                 * the recent call to ip_output_list() plus the amount of
                 * user data in the packet list for this tcp at the moment.
                 */
                 * the recent call to ip_output_list() plus the amount of
                 * user data in the packet list for this tcp at the moment.
                 */
-               if (tp->t_force == 0 || tp->t_timer[TCPT_PERSIST] == 0) {
+               if (!(tp->t_flagsext & TF_FORCE)
+                   || tp->t_timer[TCPT_PERSIST] == 0) {
                        /*
                         * No need to check for TH_FIN here because
                         * the TF_SENTFIN flag handles that case.
                        /*
                         * No need to check for TH_FIN here because
                         * the TF_SENTFIN flag handles that case.
@@ -2105,21 +2652,24 @@ out:
                TCP_PKTLIST_CLEAR(tp);
 
                if (error == ENOBUFS) {
                TCP_PKTLIST_CLEAR(tp);
 
                if (error == ENOBUFS) {
-                       if (!tp->t_timer[TCPT_REXMT] &&
-                               !tp->t_timer[TCPT_PERSIST])
-                               tp->t_timer[TCPT_REXMT] = 
+                       /*
+                        * Set retransmit timer if not currently set
+                        * when we failed to send a segment that can be
+                        * retransmitted (i.e. not pure ack or rst)
+                        */
+                       if (tp->t_timer[TCPT_REXMT] == 0 &&
+                           tp->t_timer[TCPT_PERSIST] == 0 &&
+                           (len != 0 || (flags & (TH_SYN | TH_FIN)) != 0 ||
+                           so->so_snd.sb_cc > 0))
+                               tp->t_timer[TCPT_REXMT] =
                                        OFFSET_FROM_START(tp, tp->t_rxtcur);
                                        OFFSET_FROM_START(tp, tp->t_rxtcur);
-
                        tp->snd_cwnd = tp->t_maxseg;
                        tp->t_bytes_acked = 0;
                        tp->snd_cwnd = tp->t_maxseg;
                        tp->t_bytes_acked = 0;
-
                        tcp_check_timer_state(tp);
                        KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END, 0,0,0,0,0);
 
                        tcp_check_timer_state(tp);
                        KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END, 0,0,0,0,0);
 
-                       DTRACE_TCP5(cc, void, NULL, struct inpcb *, inp,
-                               struct tcpcb *, tp, struct tcphdr *, NULL,
-                               int32_t, TCP_CC_OUTPUT_ERROR);
-                       return (0);
+                       tcp_ccdbg_trace(tp, NULL, TCP_CC_OUTPUT_ERROR);
+                       return 0;
                }
                if (error == EMSGSIZE) {
                        /*
                }
                if (error == EMSGSIZE) {
                        /*
@@ -2149,18 +2699,13 @@ out:
                 */
                if ((error == EHOSTUNREACH || error == ENETDOWN) &&
                    TCPS_HAVERCVDSYN(tp->t_state) &&
                 */
                if ((error == EHOSTUNREACH || error == ENETDOWN) &&
                    TCPS_HAVERCVDSYN(tp->t_state) &&
-                   !((inp->inp_flags & INP_NO_IFT_CELLULAR) &&
-                   inp->inp_last_outifp != NULL &&
-                   IFNET_IS_CELLULAR(inp->inp_last_outifp))) {
-                       tp->t_softerror = error;
-                       tcp_check_timer_state(tp);
-                       KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END,
-                           0, 0, 0, 0, 0);
-                       return (0);
+                   !inp_restricted_send(inp, inp->inp_last_outifp)) {
+                               tp->t_softerror = error;
+                               error = 0;
                }
                tcp_check_timer_state(tp);
                KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END, 0,0,0,0,0);
                }
                tcp_check_timer_state(tp);
                KERNEL_DEBUG(DBG_FNC_TCP_OUTPUT | DBG_FUNC_END, 0,0,0,0,0);
-               return (error);
+               return error;
        }
 
        tcpstat.tcps_sndtotal++;
        }
 
        tcpstat.tcps_sndtotal++;
@@ -2170,27 +2715,38 @@ out:
                goto again;
 
        tcp_check_timer_state(tp);
                goto again;
 
        tcp_check_timer_state(tp);
-       return (0);
+
+       return 0;
 }
 
 static int
 tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
 }
 
 static int
 tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
-    int cnt, struct mbuf *opt, int flags, int sack_in_progress, int recwin,
-    boolean_t isipv6)
+    int cnt, struct mbuf *opt, int flags, int sack_in_progress, boolean_t isipv6)
 {
        int error = 0;
        boolean_t chain;
        boolean_t unlocked = FALSE;
        boolean_t ifdenied = FALSE;
        struct inpcb *inp = tp->t_inpcb;
 {
        int error = 0;
        boolean_t chain;
        boolean_t unlocked = FALSE;
        boolean_t ifdenied = FALSE;
        struct inpcb *inp = tp->t_inpcb;
-       struct ip_out_args ipoa =
-           { IFSCOPE_NONE, { 0 }, IPOAF_SELECT_SRCIF|IPOAF_BOUND_SRCADDR, 0 };
+       struct ip_out_args ipoa;
        struct route ro;
        struct ifnet *outif = NULL;
        struct route ro;
        struct ifnet *outif = NULL;
+
+       bzero(&ipoa, sizeof(ipoa));
+       ipoa.ipoa_boundif = IFSCOPE_NONE;
+       ipoa.ipoa_flags = IPOAF_SELECT_SRCIF | IPOAF_BOUND_SRCADDR;
+       ipoa.ipoa_sotc = SO_TC_UNSPEC;
+       ipoa.ipoa_netsvctype = _NET_SERVICE_TYPE_UNSPEC;
 #if INET6
 #if INET6
-       struct ip6_out_args ip6oa =
-           { IFSCOPE_NONE, { 0 }, IP6OAF_SELECT_SRCIF|IP6OAF_BOUND_SRCADDR, 0 };
+       struct ip6_out_args ip6oa;
        struct route_in6 ro6;
        struct route_in6 ro6;
+
+       bzero(&ip6oa, sizeof(ip6oa));
+       ip6oa.ip6oa_boundif = IFSCOPE_NONE;
+       ip6oa.ip6oa_flags = IP6OAF_SELECT_SRCIF | IP6OAF_BOUND_SRCADDR;
+       ip6oa.ip6oa_sotc = SO_TC_UNSPEC;
+       ip6oa.ip6oa_netsvctype = _NET_SERVICE_TYPE_UNSPEC;
+
        struct flowadv *adv =
            (isipv6 ? &ip6oa.ip6oa_flowadv : &ipoa.ipoa_flowadv);
 #else /* INET6 */
        struct flowadv *adv =
            (isipv6 ? &ip6oa.ip6oa_flowadv : &ipoa.ipoa_flowadv);
 #else /* INET6 */
@@ -2211,7 +2767,7 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
                }
        }
 
                }
        }
 
-       if (inp->inp_flags & INP_NO_IFT_CELLULAR) {
+       if (INP_NO_CELLULAR(inp)) {
 #if INET6
                if (isipv6)
                        ip6oa.ip6oa_flags |=  IP6OAF_NO_CELLULAR;
 #if INET6
                if (isipv6)
                        ip6oa.ip6oa_flags |=  IP6OAF_NO_CELLULAR;
@@ -2219,6 +2775,53 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
 #endif /* INET6 */
                        ipoa.ipoa_flags |=  IPOAF_NO_CELLULAR;
        }
 #endif /* INET6 */
                        ipoa.ipoa_flags |=  IPOAF_NO_CELLULAR;
        }
+       if (INP_NO_EXPENSIVE(inp)) {
+#if INET6
+               if (isipv6)
+                       ip6oa.ip6oa_flags |=  IP6OAF_NO_EXPENSIVE;
+               else
+#endif /* INET6 */
+                       ipoa.ipoa_flags |=  IPOAF_NO_EXPENSIVE;
+
+       }
+       if (INP_NO_CONSTRAINED(inp)) {
+#if INET6
+               if (isipv6)
+                       ip6oa.ip6oa_flags |=  IP6OAF_NO_CONSTRAINED;
+               else
+#endif /* INET6 */
+                       ipoa.ipoa_flags |=  IPOAF_NO_CONSTRAINED;
+       }
+       if (INP_AWDL_UNRESTRICTED(inp)) {
+#if INET6
+               if (isipv6)
+                       ip6oa.ip6oa_flags |=  IP6OAF_AWDL_UNRESTRICTED;
+               else
+#endif /* INET6 */
+                       ipoa.ipoa_flags |=  IPOAF_AWDL_UNRESTRICTED;
+
+       }
+#if INET6
+       if (INP_INTCOPROC_ALLOWED(inp) && isipv6) {
+               ip6oa.ip6oa_flags |=  IP6OAF_INTCOPROC_ALLOWED;
+       }
+       if (isipv6) {
+               ip6oa.ip6oa_sotc = so->so_traffic_class;
+               ip6oa.ip6oa_netsvctype = so->so_netsvctype;
+       } else
+#endif /* INET6 */
+       {
+               ipoa.ipoa_sotc = so->so_traffic_class;
+               ipoa.ipoa_netsvctype = so->so_netsvctype;
+       }
+       if ((so->so_flags1 & SOF1_QOSMARKING_ALLOWED)) {
+#if INET6
+               if (isipv6)
+                       ip6oa.ip6oa_flags |= IP6OAF_QOSMARKING_ALLOWED;
+               else
+#endif /* INET6 */
+                       ipoa.ipoa_flags |= IPOAF_QOSMARKING_ALLOWED;
+       }
 #if INET6
        if (isipv6)
                flags |= IPV6_OUTARGS;
 #if INET6
        if (isipv6)
                flags |= IPV6_OUTARGS;
@@ -2235,14 +2838,9 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
                inp_route_copyout(inp, &ro);
 
        /*
                inp_route_copyout(inp, &ro);
 
        /*
-        * Data sent (as far as we can tell).
-        * If this advertises a larger window than any other segment,
-        * then remember the size of the advertised window.
         * Make sure ACK/DELACK conditions are cleared before
         * we unlock the socket.
         */
         * Make sure ACK/DELACK conditions are cleared before
         * we unlock the socket.
         */
-       if (recwin > 0 && SEQ_GT(tp->rcv_nxt + recwin, tp->rcv_adv))
-               tp->rcv_adv = tp->rcv_nxt + recwin;
        tp->last_ack_sent = tp->rcv_nxt;
        tp->t_flags &= ~(TF_ACKNOW | TF_DELACK);
        tp->t_timer[TCPT_DELACK] = 0;
        tp->last_ack_sent = tp->rcv_nxt;
        tp->t_flags &= ~(TF_ACKNOW | TF_DELACK);
        tp->t_timer[TCPT_DELACK] = 0;
@@ -2262,12 +2860,12 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
         */
        if (tcp_output_unlocked && !so->so_upcallusecount &&
            (tp->t_state == TCPS_ESTABLISHED) && (sack_in_progress == 0) &&
         */
        if (tcp_output_unlocked && !so->so_upcallusecount &&
            (tp->t_state == TCPS_ESTABLISHED) && (sack_in_progress == 0) &&
-           ((tp->t_flags & TF_FASTRECOVERY) == 0)) {
+           !IN_FASTRECOVERY(tp) && !(so->so_flags & SOF_MP_SUBFLOW)) {
 
                unlocked = TRUE;
                socket_unlock(so, 0);
        }
 
                unlocked = TRUE;
                socket_unlock(so, 0);
        }
-       
+
        /*
         * Don't send down a chain of packets when:
         * - TCP chaining is disabled
        /*
         * Don't send down a chain of packets when:
         * - TCP chaining is disabled
@@ -2284,7 +2882,6 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
 #endif
                ; // I'm important, not extraneous
 
 #endif
                ; // I'm important, not extraneous
 
-
        while (pkt != NULL) {
                struct mbuf *npkt = pkt->m_nextpkt;
 
        while (pkt != NULL) {
                struct mbuf *npkt = pkt->m_nextpkt;
 
@@ -2293,7 +2890,7 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
                        /*
                         * If we are not chaining, make sure to set the packet
                         * list count to 0 so that IP takes the right path;
                        /*
                         * If we are not chaining, make sure to set the packet
                         * list count to 0 so that IP takes the right path;
-                        * this is important for cases such as IPSec where a
+                        * this is important for cases such as IPsec where a
                         * single mbuf might result in multiple mbufs as part
                         * of the encapsulation.  If a non-zero count is passed
                         * down to IP, the head of the chain might change and
                         * single mbuf might result in multiple mbufs as part
                         * of the encapsulation.  If a non-zero count is passed
                         * down to IP, the head of the chain might change and
@@ -2332,28 +2929,29 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
        if (unlocked)
                socket_lock(so, 0);
 
        if (unlocked)
                socket_lock(so, 0);
 
-       /* 
+       /*
         * Enter flow controlled state if the connection is established
         * Enter flow controlled state if the connection is established
-        * and is not in recovery.
+        * and is not in recovery. Flow control is allowed only if there
+        * is outstanding data.
         *
         *
-        * A connection will enter suspended state even if it is in 
+        * A connection will enter suspended state even if it is in
         * recovery.
         */
        if (((adv->code == FADV_FLOW_CONTROLLED && !IN_FASTRECOVERY(tp)) ||
         * recovery.
         */
        if (((adv->code == FADV_FLOW_CONTROLLED && !IN_FASTRECOVERY(tp)) ||
-           adv->code == FADV_SUSPENDED) && 
+           adv->code == FADV_SUSPENDED) &&
            !(tp->t_flags & TF_CLOSING) &&
            !(tp->t_flags & TF_CLOSING) &&
-           tp->t_state == TCPS_ESTABLISHED) {
+           tp->t_state == TCPS_ESTABLISHED &&
+           SEQ_GT(tp->snd_max, tp->snd_una)) {
                int rc;
                rc = inp_set_fc_state(inp, adv->code);
 
                int rc;
                rc = inp_set_fc_state(inp, adv->code);
 
-               if (rc == 1) 
-                       DTRACE_TCP5(cc, void, NULL, struct inpcb *, inp,
-                           struct tcpcb *, tp, struct tcphdr *, NULL,
-                           int32_t, ((adv->code == FADV_FLOW_CONTROLLED) ?
+               if (rc == 1)
+                       tcp_ccdbg_trace(tp, NULL,
+                           ((adv->code == FADV_FLOW_CONTROLLED) ?
                            TCP_CC_FLOW_CONTROL : TCP_CC_SUSPEND));
        }
 
                            TCP_CC_FLOW_CONTROL : TCP_CC_SUSPEND));
        }
 
-       /* 
+       /*
         * When an interface queue gets suspended, some of the
         * packets are dropped. Return ENOBUFS, to update the
         * pcb state.
         * When an interface queue gets suspended, some of the
         * packets are dropped. Return ENOBUFS, to update the
         * pcb state.
@@ -2362,22 +2960,44 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
                error = ENOBUFS;
 
        VERIFY(inp->inp_sndinprog_cnt > 0);
                error = ENOBUFS;
 
        VERIFY(inp->inp_sndinprog_cnt > 0);
-       if ( --inp->inp_sndinprog_cnt == 0)
+       if ( --inp->inp_sndinprog_cnt == 0) {
                inp->inp_flags &= ~(INP_FC_FEEDBACK);
                inp->inp_flags &= ~(INP_FC_FEEDBACK);
+               if (inp->inp_sndingprog_waiters > 0) {
+                       wakeup(&inp->inp_sndinprog_cnt);
+               }
+       }
 
 #if INET6
        if (isipv6) {
 
 #if INET6
        if (isipv6) {
-               if (ro6.ro_rt != NULL && (outif = ro6.ro_rt->rt_ifp) !=
-                   inp->in6p_last_outifp)
-                       inp->in6p_last_outifp = outif;
+               /*
+                * When an NECP IP tunnel policy forces the outbound interface,
+                * ip6_output_list() informs the transport layer what is the actual
+                * outgoing interface
+                */
+               if (ip6oa.ip6oa_flags & IP6OAF_BOUND_IF) {
+                       outif = ifindex2ifnet[ip6oa.ip6oa_boundif];
+               } else if (ro6.ro_rt != NULL) {
+                       outif = ro6.ro_rt->rt_ifp;
+               }
        } else
 #endif /* INET6 */
        } else
 #endif /* INET6 */
-               if (ro.ro_rt != NULL && (outif = ro.ro_rt->rt_ifp) !=
-                   inp->inp_last_outifp)
-                       inp->inp_last_outifp = outif;
+               if (ro.ro_rt != NULL)
+                       outif = ro.ro_rt->rt_ifp;
+
+       if (outif != NULL && outif != inp->inp_last_outifp) {
+               /* Update the send byte count */
+               if (so->so_snd.sb_cc > 0 && so->so_snd.sb_flags & SB_SNDBYTE_CNT) {
+                       inp_decr_sndbytes_total(so, so->so_snd.sb_cc);
+                       inp_decr_sndbytes_allunsent(so, tp->snd_una);
+                       so->so_snd.sb_flags &= ~SB_SNDBYTE_CNT;
+               }
+               inp->inp_last_outifp = outif;
 
 
-       if (error != 0 && ifdenied && (inp->inp_flags & INP_NO_IFT_CELLULAR))
-               soevent(inp->inp_socket,
+       }
+
+       if (error != 0 && ifdenied &&
+           (INP_NO_CELLULAR(inp) || INP_NO_EXPENSIVE(inp) || INP_NO_CONSTRAINED(inp)))
+               soevent(so,
                    (SO_FILT_HINT_LOCKED|SO_FILT_HINT_IFDENIED));
 
        /* Synchronize cached PCB route & options */
                    (SO_FILT_HINT_LOCKED|SO_FILT_HINT_IFDENIED));
 
        /* Synchronize cached PCB route & options */
@@ -2388,7 +3008,7 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
 #endif /* INET6 */
                inp_route_copyin(inp, &ro);
 
 #endif /* INET6 */
                inp_route_copyin(inp, &ro);
 
-       if (tp->t_state < TCPS_ESTABLISHED && tp->t_rxtshift == 0 && 
+       if (tp->t_state < TCPS_ESTABLISHED && tp->t_rxtshift == 0 &&
                tp->t_inpcb->inp_route.ro_rt != NULL) {
                /* If we found the route and there is an rtt on it
                 * reset the retransmit timer
                tp->t_inpcb->inp_route.ro_rt != NULL) {
                /* If we found the route and there is an rtt on it
                 * reset the retransmit timer
@@ -2396,12 +3016,13 @@ tcp_ip_output(struct socket *so, struct tcpcb *tp, struct mbuf *pkt,
                tcp_getrt_rtt(tp, tp->t_inpcb->in6p_route.ro_rt);
                tp->t_timer[TCPT_REXMT] = OFFSET_FROM_START(tp, tp->t_rxtcur);
        }
                tcp_getrt_rtt(tp, tp->t_inpcb->in6p_route.ro_rt);
                tp->t_timer[TCPT_REXMT] = OFFSET_FROM_START(tp, tp->t_rxtcur);
        }
-       return (error);
+       return error;
 }
 
 }
 
+int tcptv_persmin_val = TCPTV_PERSMIN;
+
 void
 void
-tcp_setpersist(tp)
-       register struct tcpcb *tp;
+tcp_setpersist(struct tcpcb *tp)
 {
        int t = ((tp->t_srtt >> 2) + tp->t_rttvar) >> 1;
 
 {
        int t = ((tp->t_srtt >> 2) + tp->t_rttvar) >> 1;
 
@@ -2411,9 +3032,9 @@ tcp_setpersist(tp)
         * see rdar://5805356
         */
 
         * see rdar://5805356
         */
 
-       if ((tp->t_persist_timeout != 0) &&
-                   (tp->t_timer[TCPT_PERSIST] == 0) &&
-                   (tp->t_persist_stop == 0)) {
+       if (tp->t_persist_timeout != 0 &&
+           tp->t_timer[TCPT_PERSIST] == 0 &&
+           tp->t_persist_stop == 0) {
                tp->t_persist_stop = tcp_now + tp->t_persist_timeout;
        }
 
                tp->t_persist_stop = tcp_now + tp->t_persist_timeout;
        }
 
@@ -2422,7 +3043,7 @@ tcp_setpersist(tp)
         */
        TCPT_RANGESET(tp->t_timer[TCPT_PERSIST],
            t * tcp_backoff[tp->t_rxtshift],
         */
        TCPT_RANGESET(tp->t_timer[TCPT_PERSIST],
            t * tcp_backoff[tp->t_rxtshift],
-           TCPTV_PERSMIN, TCPTV_PERSMAX, 0);
+           tcptv_persmin_val, TCPTV_PERSMAX, 0);
        tp->t_timer[TCPT_PERSIST] = OFFSET_FROM_START(tp, tp->t_timer[TCPT_PERSIST]);
 
        if (tp->t_rxtshift < TCP_MAXRXTSHIFT)
        tp->t_timer[TCPT_PERSIST] = OFFSET_FROM_START(tp, tp->t_timer[TCPT_PERSIST]);
 
        if (tp->t_rxtshift < TCP_MAXRXTSHIFT)
@@ -2440,8 +3061,8 @@ tcp_send_lroacks(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th)
        int count = 0;
        tcp_seq org_ack = ntohl(th->th_ack);
        tcp_seq prev_ack = 0;
        int count = 0;
        tcp_seq org_ack = ntohl(th->th_ack);
        tcp_seq prev_ack = 0;
-       int tack_offset = 28; /* XXX IPv6 and IP options not supported */
-       int twin_offset = 34; /* XXX IPv6 and IP options not supported */
+       int tack_offset = 28; /* IPv6 and IP options not supported */
+       int twin_offset = 34; /* IPv6 and IP options not supported */
        int ack_size = (tp->t_flags & TF_STRETCHACK) ?
                        (maxseg_unacked * tp->t_maxseg) : (tp->t_maxseg << 1);
        int segs_acked = (tp->t_flags & TF_STRETCHACK) ? maxseg_unacked : 2;
        int ack_size = (tp->t_flags & TF_STRETCHACK) ?
                        (maxseg_unacked * tp->t_maxseg) : (tp->t_maxseg << 1);
        int segs_acked = (tp->t_flags & TF_STRETCHACK) ? maxseg_unacked : 2;
@@ -2532,50 +3153,49 @@ static int
 tcp_recv_throttle (struct tcpcb *tp)
 {
        uint32_t base_rtt, newsize;
 tcp_recv_throttle (struct tcpcb *tp)
 {
        uint32_t base_rtt, newsize;
-       int32_t qdelay;
        struct sockbuf *sbrcv = &tp->t_inpcb->inp_socket->so_rcv;
 
        if (tcp_use_rtt_recvbg == 1 &&
            TSTMP_SUPPORTED(tp)) {
        struct sockbuf *sbrcv = &tp->t_inpcb->inp_socket->so_rcv;
 
        if (tcp_use_rtt_recvbg == 1 &&
            TSTMP_SUPPORTED(tp)) {
-               /* 
+               /*
                 * Timestamps are supported on this connection. Use
                 * RTT to look for an increase in latency.
                 */
 
                 * Timestamps are supported on this connection. Use
                 * RTT to look for an increase in latency.
                 */
 
-               /* 
+               /*
                 * If the connection is already being throttled, leave it
                 * in that state until rtt comes closer to base rtt
                 */
                if (tp->t_flagsext & TF_RECV_THROTTLE)
                 * If the connection is already being throttled, leave it
                 * in that state until rtt comes closer to base rtt
                 */
                if (tp->t_flagsext & TF_RECV_THROTTLE)
-                       return (1);
+                       return 1;
 
                base_rtt = get_base_rtt(tp);
 
                base_rtt = get_base_rtt(tp);
-               
+
                if (base_rtt != 0 && tp->t_rttcur != 0) {
                if (base_rtt != 0 && tp->t_rttcur != 0) {
-                       qdelay = tp->t_rttcur - base_rtt;
                        /*
                         * if latency increased on a background flow,
                         * return 1 to start throttling.
                         */
                        /*
                         * if latency increased on a background flow,
                         * return 1 to start throttling.
                         */
-                       if (qdelay > target_qdelay) {
+                       if (tp->t_rttcur > (base_rtt + target_qdelay)) {
                                tp->t_flagsext |= TF_RECV_THROTTLE;
                                tp->t_flagsext |= TF_RECV_THROTTLE;
-
+                               if (tp->t_recv_throttle_ts == 0)
+                                       tp->t_recv_throttle_ts = tcp_now;
                                /*
                                 * Reduce the recv socket buffer size to
                                 * minimize latecy.
                                 */
                                /*
                                 * Reduce the recv socket buffer size to
                                 * minimize latecy.
                                 */
-                               if (sbrcv->sb_idealsize > 
+                               if (sbrcv->sb_idealsize >
                                    tcp_recv_throttle_minwin) {
                                        newsize = sbrcv->sb_idealsize >> 1;
                                        /* Set a minimum of 16 K */
                                    tcp_recv_throttle_minwin) {
                                        newsize = sbrcv->sb_idealsize >> 1;
                                        /* Set a minimum of 16 K */
-                                       newsize = 
-                                           max(newsize, 
+                                       newsize =
+                                           max(newsize,
                                            tcp_recv_throttle_minwin);
                                        sbrcv->sb_idealsize = newsize;
                                }
                                            tcp_recv_throttle_minwin);
                                        sbrcv->sb_idealsize = newsize;
                                }
-                               return (1);
+                               return 1;
                        } else {
                        } else {
-                               return (0);
+                               return 0;
                        }
                }
        }
                        }
                }
        }
@@ -2585,7 +3205,7 @@ tcp_recv_throttle (struct tcpcb *tp)
         * measurement. Use IPDV in this case.
         */
        if (tp->acc_iaj > tcp_acc_iaj_react_limit)
         * measurement. Use IPDV in this case.
         */
        if (tp->acc_iaj > tcp_acc_iaj_react_limit)
-               return (1);
-       
-       return (0);
+               return 1;
+
+       return 0;
 }
 }
mirror of XNU