]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/netinet/tcp_subr.c
projects / apple / xnu.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xnu-3789.70.16.tar.gz
[apple/xnu.git] / bsd / netinet / tcp_subr.c
diff --git a/bsd/netinet/tcp_subr.c b/bsd/netinet/tcp_subr.c
index 65a171fed3df0d3e01c65efda38d85265d40217a..b2e18eb0580b8632b03669ccd2736db044d30d92 100644 (file)
--- a/bsd/netinet/tcp_subr.c
+++ b/bsd/netinet/tcp_subr.c
@@ -1,8 +1,8 @@
 /*
 /*
- * Copyright (c) 2000-2015 Apple Inc. All rights reserved.
+ * Copyright (c) 2000-2016 Apple Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
+ *
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
@@ -11,10 +11,10 @@
  * unlawful or unlicensed copies of an Apple operating system, or to
  * circumvent, violate, or enable the circumvention or violation of, any
  * terms of an Apple operating system software license agreement.
  * unlawful or unlicensed copies of an Apple operating system, or to
  * circumvent, violate, or enable the circumvention or violation of, any
  * terms of an Apple operating system software license agreement.
- * 
+ *
  * Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this file.
  * Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
+ *
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
@@ -22,7 +22,7 @@
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
- * 
+ *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
@@ -58,7 +58,6 @@
  * SUCH DAMAGE.
  *
  *     @(#)tcp_subr.c  8.2 (Berkeley) 5/24/95
  * SUCH DAMAGE.
  *
  *     @(#)tcp_subr.c  8.2 (Berkeley) 5/24/95
- * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.73.2.22 2001/08/22 00:59:12 silby Exp $
  */
 /*
  * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
  */
 /*
  * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
@@ -92,8 +91,8 @@
 #include <net/if.h>
 #include <net/content_filter.h>
 
 #include <net/if.h>
 #include <net/content_filter.h>
 
-#define tcp_minmssoverload fring
-#define _IP_VHL
+#define        tcp_minmssoverload fring
+#define        _IP_VHL
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
@@ -134,7 +133,7 @@
 #if INET6
 #include <netinet6/ipsec6.h>
 #endif
 #if INET6
 #include <netinet6/ipsec6.h>
 #endif
-#endif /*IPSEC*/
+#endif /* IPSEC */
 
 #if NECP
 #include <net/necp.h>
 
 #if NECP
 #include <net/necp.h>
@@ -154,7 +153,7 @@
 
 #include <netinet/lro_ext.h>
 
 
 #include <netinet/lro_ext.h>
 
-#define DBG_FNC_TCP_CLOSE      NETDBG_CODE(DBG_NETTCP, ((5 << 8) | 2))
+#define        DBG_FNC_TCP_CLOSE       NETDBG_CODE(DBG_NETTCP, ((5 << 8) | 2))
 
 extern int tcp_lq_overflow;
 
 
 extern int tcp_lq_overflow;
 
@@ -163,38 +162,39 @@ extern struct tcptailq tcp_tw_tailq;
 
 int    tcp_mssdflt = TCP_MSS;
 SYSCTL_INT(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt, CTLFLAG_RW | CTLFLAG_LOCKED,
 
 int    tcp_mssdflt = TCP_MSS;
 SYSCTL_INT(_net_inet_tcp, TCPCTL_MSSDFLT, mssdflt, CTLFLAG_RW | CTLFLAG_LOCKED,
-    &tcp_mssdflt , 0, "Default TCP Maximum Segment Size");
+       &tcp_mssdflt, 0, "Default TCP Maximum Segment Size");
 
 #if INET6
 int    tcp_v6mssdflt = TCP6_MSS;
 SYSCTL_INT(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt,
 
 #if INET6
 int    tcp_v6mssdflt = TCP6_MSS;
 SYSCTL_INT(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt,
-       CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_v6mssdflt , 0,
+       CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_v6mssdflt, 0,
        "Default TCP Maximum Segment Size for IPv6");
 #endif
 
 extern int tcp_do_autorcvbuf;
 
        "Default TCP Maximum Segment Size for IPv6");
 #endif
 
 extern int tcp_do_autorcvbuf;
 
-int tcp_sysctl_fastopenkey(struct sysctl_oid *, void *, int ,
+int tcp_sysctl_fastopenkey(struct sysctl_oid *, void *, int,
     struct sysctl_req *);
     struct sysctl_req *);
-SYSCTL_PROC(_net_inet_tcp, OID_AUTO, fastopen_key,
-    CTLTYPE_STRING | CTLFLAG_WR,
-    0 , 0, tcp_sysctl_fastopenkey, "S", "TCP Fastopen key");
+SYSCTL_PROC(_net_inet_tcp, OID_AUTO, fastopen_key, CTLTYPE_STRING | CTLFLAG_WR,
+       0, 0, tcp_sysctl_fastopenkey, "S", "TCP Fastopen key");
 
 /* Current count of half-open TFO connections */
 int    tcp_tfo_halfcnt = 0;
 
 /* Maximum of half-open TFO connection backlog */
 int    tcp_tfo_backlog = 10;
 
 /* Current count of half-open TFO connections */
 int    tcp_tfo_halfcnt = 0;
 
 /* Maximum of half-open TFO connection backlog */
 int    tcp_tfo_backlog = 10;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, fastopen_backlog, CTLFLAG_RW | CTLFLAG_LOCKED,
-    &tcp_tfo_backlog, 0, "Backlog queue for half-open TFO connections");
+SYSCTL_INT(_net_inet_tcp, OID_AUTO, fastopen_backlog,
+       CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_tfo_backlog, 0,
+       "Backlog queue for half-open TFO connections");
 
 int    tcp_fastopen = TCP_FASTOPEN_CLIENT | TCP_FASTOPEN_SERVER;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, fastopen, CTLFLAG_RW | CTLFLAG_LOCKED,
 
 int    tcp_fastopen = TCP_FASTOPEN_CLIENT | TCP_FASTOPEN_SERVER;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, fastopen, CTLFLAG_RW | CTLFLAG_LOCKED,
-    &tcp_fastopen, 0, "Enable TCP Fastopen (RFC 7413)");
+       &tcp_fastopen, 0, "Enable TCP Fastopen (RFC 7413)");
 
 int    tcp_tfo_fallback_min = 10;
 
 int    tcp_tfo_fallback_min = 10;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, fastopen_fallback_min, CTLFLAG_RW | CTLFLAG_LOCKED,
-    &tcp_tfo_fallback_min, 0, "Mininum number of trials without TFO when in fallback mode");
+SYSCTL_INT(_net_inet_tcp, OID_AUTO, fastopen_fallback_min,
+       CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_tfo_fallback_min, 0,
+       "Mininum number of trials without TFO when in fallback mode");
 
 /*
  * Minimum MSS we accept and use. This prevents DoS attacks where
 
 /*
  * Minimum MSS we accept and use. This prevents DoS attacks where
@@ -206,62 +206,64 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, fastopen_fallback_min, CTLFLAG_RW | CTLFLAG_
  */
 int    tcp_minmss = TCP_MINMSS;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, minmss, CTLFLAG_RW | CTLFLAG_LOCKED,
  */
 int    tcp_minmss = TCP_MINMSS;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, minmss, CTLFLAG_RW | CTLFLAG_LOCKED,
-    &tcp_minmss , 0, "Minmum TCP Maximum Segment Size");
+       &tcp_minmss, 0, "Minmum TCP Maximum Segment Size");
 int tcp_do_rfc1323 = 1;
 #if (DEVELOPMENT || DEBUG)
 SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323,
 int tcp_do_rfc1323 = 1;
 #if (DEVELOPMENT || DEBUG)
 SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323,
-    CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_do_rfc1323 , 0,
-    "Enable rfc1323 (high performance TCP) extensions");
+       CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_do_rfc1323, 0,
+       "Enable rfc1323 (high performance TCP) extensions");
 #endif /* (DEVELOPMENT || DEBUG) */
 
 // Not used
 static int     tcp_do_rfc1644 = 0;
 #endif /* (DEVELOPMENT || DEBUG) */
 
 // Not used
 static int     tcp_do_rfc1644 = 0;
-SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1644, rfc1644, CTLFLAG_RW | CTLFLAG_LOCKED,
-    &tcp_do_rfc1644 , 0, "Enable rfc1644 (TTCP) extensions");
+SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1644, rfc1644,
+       CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_do_rfc1644, 0,
+       "Enable rfc1644 (TTCP) extensions");
 
 static int     do_tcpdrain = 0;
 
 static int     do_tcpdrain = 0;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW | CTLFLAG_LOCKED, &do_tcpdrain, 0,
-     "Enable tcp_drain routine for extra help when low on mbufs");
+SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW | CTLFLAG_LOCKED,
+       &do_tcpdrain, 0,
+       "Enable tcp_drain routine for extra help when low on mbufs");
 
 
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD | CTLFLAG_LOCKED, 
-    &tcbinfo.ipi_count, 0, "Number of active PCBs");
+SYSCTL_INT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD | CTLFLAG_LOCKED,
+       &tcbinfo.ipi_count, 0, "Number of active PCBs");
 
 
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, tw_pcbcount, 
-    CTLFLAG_RD | CTLFLAG_LOCKED,
-    &tcbinfo.ipi_twcount, 0, "Number of pcbs in time-wait state");
+SYSCTL_INT(_net_inet_tcp, OID_AUTO, tw_pcbcount, CTLFLAG_RD | CTLFLAG_LOCKED,
+       &tcbinfo.ipi_twcount, 0, "Number of pcbs in time-wait state");
 
 static int     icmp_may_rst = 1;
 
 static int     icmp_may_rst = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_RW | CTLFLAG_LOCKED, &icmp_may_rst, 0, 
-    "Certain ICMP unreachable messages may abort connections in SYN_SENT");
+SYSCTL_INT(_net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_RW | CTLFLAG_LOCKED,
+       &icmp_may_rst, 0,
+       "Certain ICMP unreachable messages may abort connections in SYN_SENT");
 
 static int     tcp_strict_rfc1948 = 0;
 static int     tcp_isn_reseed_interval = 0;
 #if (DEVELOPMENT || DEBUG)
 
 static int     tcp_strict_rfc1948 = 0;
 static int     tcp_isn_reseed_interval = 0;
 #if (DEVELOPMENT || DEBUG)
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, strict_rfc1948,
-    CTLFLAG_RW | CTLFLAG_LOCKED,
-    &tcp_strict_rfc1948, 0, "Determines if RFC1948 is followed exactly");
+SYSCTL_INT(_net_inet_tcp, OID_AUTO, strict_rfc1948, CTLFLAG_RW | CTLFLAG_LOCKED,
+       &tcp_strict_rfc1948, 0, "Determines if RFC1948 is followed exactly");
 
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval,
 
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval,
-    CTLFLAG_RW | CTLFLAG_LOCKED,
-    &tcp_isn_reseed_interval, 0, "Seconds between reseeding of ISN secret");
+       CTLFLAG_RW | CTLFLAG_LOCKED,
+       &tcp_isn_reseed_interval, 0, "Seconds between reseeding of ISN secret");
 #endif /* (DEVELOPMENT || DEBUG) */
 
 int    tcp_TCPTV_MIN = 100;    /* 100ms minimum RTT */
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, rtt_min, CTLFLAG_RW | CTLFLAG_LOCKED,
 #endif /* (DEVELOPMENT || DEBUG) */
 
 int    tcp_TCPTV_MIN = 100;    /* 100ms minimum RTT */
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, rtt_min, CTLFLAG_RW | CTLFLAG_LOCKED,
-    &tcp_TCPTV_MIN, 0, "min rtt value allowed");
+       &tcp_TCPTV_MIN, 0, "min rtt value allowed");
 
 int tcp_rexmt_slop = TCPTV_REXMTSLOP;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, rexmt_slop, CTLFLAG_RW,
        &tcp_rexmt_slop, 0, "Slop added to retransmit timeout");
 
 __private_extern__ int tcp_use_randomport = 0;
 
 int tcp_rexmt_slop = TCPTV_REXMTSLOP;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, rexmt_slop, CTLFLAG_RW,
        &tcp_rexmt_slop, 0, "Slop added to retransmit timeout");
 
 __private_extern__ int tcp_use_randomport = 0;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, randomize_ports, CTLFLAG_RW | CTLFLAG_LOCKED,
-    &tcp_use_randomport, 0, "Randomize TCP port numbers");
+SYSCTL_INT(_net_inet_tcp, OID_AUTO, randomize_ports,
+       CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_use_randomport, 0,
+       "Randomize TCP port numbers");
 
 __private_extern__ int tcp_win_scale = 3;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, win_scale_factor,
 
 __private_extern__ int tcp_win_scale = 3;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, win_scale_factor,
-    CTLFLAG_RW | CTLFLAG_LOCKED,
-    &tcp_win_scale, 0, "Window scaling factor");
+       CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_win_scale, 0,
+       "Window scaling factor");
 
 static void    tcp_cleartaocache(void);
 static void    tcp_notify(struct inpcb *, int);
 
 static void    tcp_cleartaocache(void);
 static void    tcp_notify(struct inpcb *, int);
@@ -274,12 +276,10 @@ struct zone       *tcp_rxt_seg_zone;
 extern int slowlink_wsize;     /* window correction for slow links */
 extern int path_mtu_discovery;
 
 extern int slowlink_wsize;     /* window correction for slow links */
 extern int path_mtu_discovery;
 
-extern u_int32_t tcp_autorcvbuf_max;
-extern u_int32_t tcp_autorcvbuf_inc_shift;
 static void tcp_sbrcv_grow_rwin(struct tcpcb *tp, struct sockbuf *sb);
 
 static void tcp_sbrcv_grow_rwin(struct tcpcb *tp, struct sockbuf *sb);
 
-#define TCP_BWMEAS_BURST_MINSIZE 6
-#define TCP_BWMEAS_BURST_MAXSIZE 25
+#define        TCP_BWMEAS_BURST_MINSIZE 6
+#define        TCP_BWMEAS_BURST_MAXSIZE 25
 
 static uint32_t bwmeas_elm_size;
 
 
 static uint32_t bwmeas_elm_size;
 
@@ -290,12 +290,12 @@ static uint32_t bwmeas_elm_size;
  * variable net.inet.tcp.tcbhashsize
  */
 #ifndef TCBHASHSIZE
  * variable net.inet.tcp.tcbhashsize
  */
 #ifndef TCBHASHSIZE
-#define TCBHASHSIZE    CONFIG_TCBHASHSIZE
+#define        TCBHASHSIZE     CONFIG_TCBHASHSIZE
 #endif
 
 __private_extern__ int tcp_tcbhashsize = TCBHASHSIZE;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, tcbhashsize, CTLFLAG_RD | CTLFLAG_LOCKED,
 #endif
 
 __private_extern__ int tcp_tcbhashsize = TCBHASHSIZE;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, tcbhashsize, CTLFLAG_RD | CTLFLAG_LOCKED,
-     &tcp_tcbhashsize, 0, "Size of TCP control-block hashtable");
+       &tcp_tcbhashsize, 0, "Size of TCP control-block hashtable");
 
 /*
  * This is the actual shape of what we allocate using the zone
 
 /*
  * This is the actual shape of what we allocate using the zone
@@ -317,9 +317,9 @@ int  get_tcp_str_size(void);
 
 static void tcpcb_to_otcpcb(struct tcpcb *, struct otcpcb *);
 
 
 static void tcpcb_to_otcpcb(struct tcpcb *, struct otcpcb *);
 
-static lck_attr_t *tcp_uptime_mtx_attr = NULL;         /* mutex attributes */
-static lck_grp_t *tcp_uptime_mtx_grp = NULL;           /* mutex group definition */
-static lck_grp_attr_t *tcp_uptime_mtx_grp_attr = NULL; /* mutex group attributes */
+static lck_attr_t *tcp_uptime_mtx_attr = NULL;
+static lck_grp_t *tcp_uptime_mtx_grp = NULL;
+static lck_grp_attr_t *tcp_uptime_mtx_grp_attr = NULL;
 int tcp_notsent_lowat_check(struct socket *so);
 
 static aes_encrypt_ctx tfo_ctx; /* Crypto-context for TFO */
 int tcp_notsent_lowat_check(struct socket *so);
 
 static aes_encrypt_ctx tfo_ctx; /* Crypto-context for TFO */
@@ -352,7 +352,10 @@ tcp_sysctl_fastopenkey(__unused struct sysctl_oid *oidp, __unused void *arg1,
     __unused int arg2, struct sysctl_req *req)
 {
        int error = 0;
     __unused int arg2, struct sysctl_req *req)
 {
        int error = 0;
-       /* TFO-key is expressed as a string in hex format (+1 to account for \0 char) */
+       /*
+        * TFO-key is expressed as a string in hex format
+        * (+1 to account for \0 char)
+        */
        char keystring[TCP_FASTOPEN_KEYLEN * 2 + 1];
        u_int32_t key[TCP_FASTOPEN_KEYLEN / sizeof(u_int32_t)];
        int i;
        char keystring[TCP_FASTOPEN_KEYLEN * 2 + 1];
        u_int32_t key[TCP_FASTOPEN_KEYLEN / sizeof(u_int32_t)];
        int i;
@@ -363,7 +366,8 @@ tcp_sysctl_fastopenkey(__unused struct sysctl_oid *oidp, __unused void *arg1,
                goto exit;
        }
 
                goto exit;
        }
 
-       /* sysctl_io_string copies keystring into the oldptr of the sysctl_req.
+       /*
+        * sysctl_io_string copies keystring into the oldptr of the sysctl_req.
         * Make sure everything is zero, to avoid putting garbage in there or
         * leaking the stack.
         */
         * Make sure everything is zero, to avoid putting garbage in there or
         * leaking the stack.
         */
@@ -374,7 +378,10 @@ tcp_sysctl_fastopenkey(__unused struct sysctl_oid *oidp, __unused void *arg1,
                goto exit;
 
        for (i = 0; i < (TCP_FASTOPEN_KEYLEN / sizeof(u_int32_t)); i++) {
                goto exit;
 
        for (i = 0; i < (TCP_FASTOPEN_KEYLEN / sizeof(u_int32_t)); i++) {
-               /* We jump over the keystring in 8-character (4 byte in hex) steps */
+               /*
+                * We jump over the keystring in 8-character (4 byte in hex)
+                * steps
+                */
                if (sscanf(&keystring[i * 8], "%8x", &key[i]) != 1) {
                        error = EINVAL;
                        goto exit;
                if (sscanf(&keystring[i * 8], "%8x", &key[i]) != 1) {
                        error = EINVAL;
                        goto exit;
@@ -387,14 +394,16 @@ exit:
        return (error);
 }
 
        return (error);
 }
 
-int  get_inpcb_str_size(void)
+int
+get_inpcb_str_size(void)
 {
 {
-       return sizeof(struct inpcb);
+       return (sizeof(struct inpcb));
 }
 
 }
 
-int  get_tcp_str_size(void)
+int
+get_tcp_str_size(void)
 {
 {
-       return sizeof(struct tcpcb);
+       return (sizeof(struct tcpcb));
 }
 
 int    tcp_freeq(struct tcpcb *tp);
 }
 
 int    tcp_freeq(struct tcpcb *tp);
@@ -403,26 +412,27 @@ static int scale_to_powerof2(int size);
 
 /*
  * This helper routine returns one of the following scaled value of size:
 
 /*
  * This helper routine returns one of the following scaled value of size:
- * 1. Rounded down power of two value of size if the size value passed as 
+ * 1. Rounded down power of two value of size if the size value passed as
  *    argument is not a power of two and the rounded up value overflows.
  * OR
  *    argument is not a power of two and the rounded up value overflows.
  * OR
- * 2. Rounded up power of two value of size if the size value passed as 
- *    argument is not a power of two and the rounded up value does not overflow  
+ * 2. Rounded up power of two value of size if the size value passed as
+ *    argument is not a power of two and the rounded up value does not overflow
  * OR
  * 3. Same value as argument size if it is already a power of two.
  * OR
  * 3. Same value as argument size if it is already a power of two.
- */    
-static int scale_to_powerof2(int size) {
+ */
+static int
+scale_to_powerof2(int size) {
        /* Handle special case of size = 0 */
        int ret = size ? size : 1;
 
        if (!powerof2(ret)) {
        /* Handle special case of size = 0 */
        int ret = size ? size : 1;
 
        if (!powerof2(ret)) {
-               while(!powerof2(size)) {
-                       /* 
+               while (!powerof2(size)) {
+                       /*
                         * Clear out least significant
                         * set bit till size is left with
                         * its highest set bit at which point
                         * it is rounded down power of two.
                         * Clear out least significant
                         * set bit till size is left with
                         * its highest set bit at which point
                         * it is rounded down power of two.
-                        */ 
+                        */
                        size = size & (size -1);
                }
 
                        size = size & (size -1);
                }
 
@@ -434,11 +444,11 @@ static int scale_to_powerof2(int size) {
                }
        }
 
                }
        }
 
-       return ret;
+       return (ret);
 }
 
 static void
 }
 
 static void
-tcp_tfo_init()
+tcp_tfo_init(void)
 {
        u_char key[TCP_FASTOPEN_KEYLEN];
 
 {
        u_char key[TCP_FASTOPEN_KEYLEN];
 
@@ -454,7 +464,7 @@ tcp_init(struct protosw *pp, struct domain *dp)
 {
 #pragma unused(dp)
        static int tcp_initialized = 0;
 {
 #pragma unused(dp)
        static int tcp_initialized = 0;
-       vm_size_t       str_size;
+       vm_size_t str_size;
        struct inpcbinfo *pcbinfo;
 
        VERIFY((pp->pr_flags & (PR_INITIALIZED|PR_ATTACHED)) == PR_ATTACHED);
        struct inpcbinfo *pcbinfo;
 
        VERIFY((pp->pr_flags & (PR_INITIALIZED|PR_ATTACHED)) == PR_ATTACHED);
@@ -475,7 +485,9 @@ tcp_init(struct protosw *pp, struct domain *dp)
 
        microuptime(&tcp_uptime);
        read_random(&tcp_now, sizeof(tcp_now));
 
        microuptime(&tcp_uptime);
        read_random(&tcp_now, sizeof(tcp_now));
-       tcp_now = tcp_now & 0x3fffffff; /* Starts tcp internal clock at a random value */
+
+       /* Starts tcp internal clock at a random value */
+       tcp_now = tcp_now & 0x3fffffff;
 
        tcp_tfo_init();
 
 
        tcp_tfo_init();
 
@@ -487,7 +499,8 @@ tcp_init(struct protosw *pp, struct domain *dp)
         * allocate lock group attribute and group for tcp pcb mutexes
         */
        pcbinfo->ipi_lock_grp_attr = lck_grp_attr_alloc_init();
         * allocate lock group attribute and group for tcp pcb mutexes
         */
        pcbinfo->ipi_lock_grp_attr = lck_grp_attr_alloc_init();
-       pcbinfo->ipi_lock_grp = lck_grp_alloc_init("tcppcb", pcbinfo->ipi_lock_grp_attr);
+       pcbinfo->ipi_lock_grp = lck_grp_alloc_init("tcppcb",
+           pcbinfo->ipi_lock_grp_attr);
 
        /*
         * allocate the lock attribute for tcp pcb mutexes
 
        /*
         * allocate the lock attribute for tcp pcb mutexes
@@ -518,7 +531,8 @@ tcp_init(struct protosw *pp, struct domain *dp)
                                tcp_tcbhashsize);
        }
 
                                tcp_tcbhashsize);
        }
 
-       tcbinfo.ipi_hashbase = hashinit(tcp_tcbhashsize, M_PCB, &tcbinfo.ipi_hashmask);
+       tcbinfo.ipi_hashbase = hashinit(tcp_tcbhashsize, M_PCB,
+           &tcbinfo.ipi_hashmask);
        tcbinfo.ipi_porthashbase = hashinit(tcp_tcbhashsize, M_PCB,
                                        &tcbinfo.ipi_porthashmask);
        str_size = P2ROUNDUP(sizeof(struct inp_tp), sizeof(u_int64_t));
        tcbinfo.ipi_porthashbase = hashinit(tcp_tcbhashsize, M_PCB,
                                        &tcbinfo.ipi_porthashmask);
        str_size = P2ROUNDUP(sizeof(struct inp_tp), sizeof(u_int64_t));
@@ -531,7 +545,8 @@ tcp_init(struct protosw *pp, struct domain *dp)
        in_pcbinfo_attach(&tcbinfo);
 
        str_size = P2ROUNDUP(sizeof(struct sackhole), sizeof(u_int64_t));
        in_pcbinfo_attach(&tcbinfo);
 
        str_size = P2ROUNDUP(sizeof(struct sackhole), sizeof(u_int64_t));
-       sack_hole_zone = zinit(str_size, 120000*str_size, 8192, "sack_hole zone");
+       sack_hole_zone = zinit(str_size, 120000*str_size, 8192,
+           "sack_hole zone");
        zone_change(sack_hole_zone, Z_CALLERACCT, FALSE);
        zone_change(sack_hole_zone, Z_EXPAND, TRUE);
 
        zone_change(sack_hole_zone, Z_CALLERACCT, FALSE);
        zone_change(sack_hole_zone, Z_EXPAND, TRUE);
 
@@ -546,7 +561,8 @@ tcp_init(struct protosw *pp, struct domain *dp)
        zone_change(tcp_reass_zone, Z_EXPAND, TRUE);
 
        bwmeas_elm_size = P2ROUNDUP(sizeof(struct bwmeas), sizeof(u_int64_t));
        zone_change(tcp_reass_zone, Z_EXPAND, TRUE);
 
        bwmeas_elm_size = P2ROUNDUP(sizeof(struct bwmeas), sizeof(u_int64_t));
-       tcp_bwmeas_zone = zinit(bwmeas_elm_size, (100 * bwmeas_elm_size), 0, "tcp_bwmeas_zone");
+       tcp_bwmeas_zone = zinit(bwmeas_elm_size, (100 * bwmeas_elm_size), 0,
+           "tcp_bwmeas_zone");
        if (tcp_bwmeas_zone == NULL) {
                panic("%s: failed allocating tcp_bwmeas_zone", __func__);
                /* NOTREACHED */
        if (tcp_bwmeas_zone == NULL) {
                panic("%s: failed allocating tcp_bwmeas_zone", __func__);
                /* NOTREACHED */
@@ -566,9 +582,9 @@ tcp_init(struct protosw *pp, struct domain *dp)
        zone_change(tcp_rxt_seg_zone, Z_EXPAND, TRUE);
 
 #if INET6
        zone_change(tcp_rxt_seg_zone, Z_EXPAND, TRUE);
 
 #if INET6
-#define TCP_MINPROTOHDR (sizeof(struct ip6_hdr) + sizeof(struct tcphdr))
+#define        TCP_MINPROTOHDR (sizeof(struct ip6_hdr) + sizeof(struct tcphdr))
 #else /* INET6 */
 #else /* INET6 */
-#define TCP_MINPROTOHDR (sizeof(struct tcpiphdr))
+#define        TCP_MINPROTOHDR (sizeof(struct tcpiphdr))
 #endif /* INET6 */
        if (max_protohdr < TCP_MINPROTOHDR) {
                _max_protohdr = TCP_MINPROTOHDR;
 #endif /* INET6 */
        if (max_protohdr < TCP_MINPROTOHDR) {
                _max_protohdr = TCP_MINPROTOHDR;
@@ -584,25 +600,32 @@ tcp_init(struct protosw *pp, struct domain *dp)
        bzero(&tcp_timer_list, sizeof(tcp_timer_list));
        LIST_INIT(&tcp_timer_list.lhead);
        /*
        bzero(&tcp_timer_list, sizeof(tcp_timer_list));
        LIST_INIT(&tcp_timer_list.lhead);
        /*
-        * allocate lock group attribute, group and attribute for the tcp timer list
+        * allocate lock group attribute, group and attribute for
+        * the tcp timer list
         */
        tcp_timer_list.mtx_grp_attr = lck_grp_attr_alloc_init();
         */
        tcp_timer_list.mtx_grp_attr = lck_grp_attr_alloc_init();
-       tcp_timer_list.mtx_grp = lck_grp_alloc_init("tcptimerlist", tcp_timer_list.mtx_grp_attr);
+       tcp_timer_list.mtx_grp = lck_grp_alloc_init("tcptimerlist",
+           tcp_timer_list.mtx_grp_attr);
        tcp_timer_list.mtx_attr = lck_attr_alloc_init();
        tcp_timer_list.mtx_attr = lck_attr_alloc_init();
-       if ((tcp_timer_list.mtx = lck_mtx_alloc_init(tcp_timer_list.mtx_grp, tcp_timer_list.mtx_attr)) == NULL) {
+       if ((tcp_timer_list.mtx = lck_mtx_alloc_init(tcp_timer_list.mtx_grp,
+           tcp_timer_list.mtx_attr)) == NULL) {
                panic("failed to allocate memory for tcp_timer_list.mtx\n");
        };
                panic("failed to allocate memory for tcp_timer_list.mtx\n");
        };
-       if ((tcp_timer_list.call = thread_call_allocate(tcp_run_timerlist, NULL)) == NULL) {
+       tcp_timer_list.call = thread_call_allocate(tcp_run_timerlist, NULL);
+       if (tcp_timer_list.call == NULL) {
                panic("failed to allocate call entry 1 in tcp_init\n");
        }
 
        /*
                panic("failed to allocate call entry 1 in tcp_init\n");
        }
 
        /*
-        * allocate lock group attribute, group and attribute for tcp_uptime_lock
+        * allocate lock group attribute, group and attribute for
+        * tcp_uptime_lock
         */
        tcp_uptime_mtx_grp_attr = lck_grp_attr_alloc_init();
         */
        tcp_uptime_mtx_grp_attr = lck_grp_attr_alloc_init();
-       tcp_uptime_mtx_grp = lck_grp_alloc_init("tcpuptime", tcp_uptime_mtx_grp_attr);
+       tcp_uptime_mtx_grp = lck_grp_alloc_init("tcpuptime",
+           tcp_uptime_mtx_grp_attr);
        tcp_uptime_mtx_attr = lck_attr_alloc_init();
        tcp_uptime_mtx_attr = lck_attr_alloc_init();
-       tcp_uptime_lock = lck_spin_alloc_init(tcp_uptime_mtx_grp, tcp_uptime_mtx_attr);
+       tcp_uptime_lock = lck_spin_alloc_init(tcp_uptime_mtx_grp,
+           tcp_uptime_mtx_attr);
 
        /* Initialize TCP LRO data structures */
        tcp_lro_init();
 
        /* Initialize TCP LRO data structures */
        tcp_lro_init();
@@ -617,6 +640,12 @@ tcp_init(struct protosw *pp, struct domain *dp)
        if (nmbclusters > 30720) {
                tcp_autorcvbuf_max = 1024 * 1024;
                tcp_autosndbuf_max = 1024 * 1024;
        if (nmbclusters > 30720) {
                tcp_autorcvbuf_max = 1024 * 1024;
                tcp_autosndbuf_max = 1024 * 1024;
+
+               /*
+                * Receive buffer max for cellular interfaces supporting
+                * Carrier Aggregation is higher
+                */
+               tcp_autorcvbuf_max_ca = 2 * 1024 * 1024;
        }
 }
 
        }
 }
 
@@ -626,10 +655,7 @@ tcp_init(struct protosw *pp, struct domain *dp)
  * of the tcpcb each time to conserve mbufs.
  */
 void
  * of the tcpcb each time to conserve mbufs.
  */
 void
-tcp_fillheaders(tp, ip_ptr, tcp_ptr)
-       struct tcpcb *tp;
-       void *ip_ptr;
-       void *tcp_ptr;
+tcp_fillheaders(struct tcpcb *tp, void *ip_ptr, void *tcp_ptr)
 {
        struct inpcb *inp = tp->t_inpcb;
        struct tcphdr *tcp_hdr = (struct tcphdr *)tcp_ptr;
 {
        struct inpcb *inp = tp->t_inpcb;
        struct tcphdr *tcp_hdr = (struct tcphdr *)tcp_ptr;
@@ -643,8 +669,9 @@ tcp_fillheaders(tp, ip_ptr, tcp_ptr)
                        (inp->inp_flow & IPV6_FLOWINFO_MASK);
                ip6->ip6_vfc = (ip6->ip6_vfc & ~IPV6_VERSION_MASK) |
                        (IPV6_VERSION & IPV6_VERSION_MASK);
                        (inp->inp_flow & IPV6_FLOWINFO_MASK);
                ip6->ip6_vfc = (ip6->ip6_vfc & ~IPV6_VERSION_MASK) |
                        (IPV6_VERSION & IPV6_VERSION_MASK);
+               ip6->ip6_plen = htons(sizeof(struct tcphdr));
                ip6->ip6_nxt = IPPROTO_TCP;
                ip6->ip6_nxt = IPPROTO_TCP;
-               ip6->ip6_plen = sizeof(struct tcphdr);
+               ip6->ip6_hlim = 0;
                ip6->ip6_src = inp->in6p_laddr;
                ip6->ip6_dst = inp->in6p_faddr;
                tcp_hdr->th_sum = in6_pseudo(&inp->in6p_laddr, &inp->in6p_faddr,
                ip6->ip6_src = inp->in6p_laddr;
                ip6->ip6_dst = inp->in6p_faddr;
                tcp_hdr->th_sum = in6_pseudo(&inp->in6p_laddr, &inp->in6p_faddr,
@@ -652,20 +679,21 @@ tcp_fillheaders(tp, ip_ptr, tcp_ptr)
        } else
 #endif
        {
        } else
 #endif
        {
-       struct ip *ip = (struct ip *) ip_ptr;
-
-       ip->ip_vhl = IP_VHL_BORING;
-       ip->ip_tos = 0;
-       ip->ip_len = 0;
-       ip->ip_id = 0;
-       ip->ip_off = 0;
-       ip->ip_ttl = 0;
-       ip->ip_sum = 0;
-       ip->ip_p = IPPROTO_TCP;
-       ip->ip_src = inp->inp_laddr;
-       ip->ip_dst = inp->inp_faddr;
-       tcp_hdr->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
-               htons(sizeof(struct tcphdr) + IPPROTO_TCP));
+               struct ip *ip = (struct ip *) ip_ptr;
+
+               ip->ip_vhl = IP_VHL_BORING;
+               ip->ip_tos = 0;
+               ip->ip_len = 0;
+               ip->ip_id = 0;
+               ip->ip_off = 0;
+               ip->ip_ttl = 0;
+               ip->ip_sum = 0;
+               ip->ip_p = IPPROTO_TCP;
+               ip->ip_src = inp->inp_laddr;
+               ip->ip_dst = inp->inp_faddr;
+               tcp_hdr->th_sum =
+                   in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
+                   htons(sizeof(struct tcphdr) + IPPROTO_TCP));
        }
 
        tcp_hdr->th_sport = inp->inp_lport;
        }
 
        tcp_hdr->th_sport = inp->inp_lport;
@@ -685,8 +713,7 @@ tcp_fillheaders(tp, ip_ptr, tcp_ptr)
  * use for this function is in keepalives, which use tcp_respond.
  */
 struct tcptemp *
  * use for this function is in keepalives, which use tcp_respond.
  */
 struct tcptemp *
-tcp_maketemplate(tp)
-       struct tcpcb *tp;
+tcp_maketemplate(struct tcpcb *tp)
 {
        struct mbuf *m;
        struct tcptemp *n;
 {
        struct mbuf *m;
        struct tcptemp *n;
@@ -732,6 +759,7 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
        int isipv6;
 #endif /* INET6 */
        struct ifnet *outif;
        int isipv6;
 #endif /* INET6 */
        struct ifnet *outif;
+       int sotc = SO_TC_UNSPEC;
 
 #if INET6
        isipv6 = IP_VHL_V(((struct ip *)ipgen)->ip_vhl) == 6;
 
 #if INET6
        isipv6 = IP_VHL_V(((struct ip *)ipgen)->ip_vhl) == 6;
@@ -755,12 +783,12 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
 #if INET6
                if (isipv6) {
                        ro6 = &sro6;
 #if INET6
                if (isipv6) {
                        ro6 = &sro6;
-                       bzero(ro6, sizeof *ro6);
+                       bzero(ro6, sizeof(*ro6));
                } else
 #endif /* INET6 */
                {
                        ro = &sro;
                } else
 #endif /* INET6 */
                {
                        ro = &sro;
-                       bzero(ro, sizeof *ro);
+                       bzero(ro, sizeof(*ro));
                }
        }
        if (m == 0) {
                }
        }
        if (m == 0) {
@@ -773,8 +801,8 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
                if (isipv6) {
                        VERIFY((MHLEN - max_linkhdr) >=
                            (sizeof (*ip6) + sizeof (*nth)));
                if (isipv6) {
                        VERIFY((MHLEN - max_linkhdr) >=
                            (sizeof (*ip6) + sizeof (*nth)));
-                       bcopy((caddr_t)ip6, mtod(m, caddr_t), 
-                             sizeof(struct ip6_hdr));
+                       bcopy((caddr_t)ip6, mtod(m, caddr_t),
+                           sizeof(struct ip6_hdr));
                        ip6 = mtod(m, struct ip6_hdr *);
                        nth = (struct tcphdr *)(void *)(ip6 + 1);
                } else
                        ip6 = mtod(m, struct ip6_hdr *);
                        nth = (struct tcphdr *)(void *)(ip6 + 1);
                } else
@@ -799,7 +827,7 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
                m->m_data = (caddr_t)ipgen;
                /* m_len is set later */
                tlen = 0;
                m->m_data = (caddr_t)ipgen;
                /* m_len is set later */
                tlen = 0;
-#define xchg(a,b,type) { type t; t=a; a=b; b=t; }
+#define        xchg(a, b, type) { type t; t = a; a = b; b = t; }
 #if INET6
                if (isipv6) {
                        /* Expect 32-bit aligned IP on strict-align platforms */
 #if INET6
                if (isipv6) {
                        /* Expect 32-bit aligned IP on strict-align platforms */
@@ -808,12 +836,12 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
                        nth = (struct tcphdr *)(void *)(ip6 + 1);
                } else
 #endif /* INET6 */
                        nth = (struct tcphdr *)(void *)(ip6 + 1);
                } else
 #endif /* INET6 */
-             {
-               /* Expect 32-bit aligned IP on strict-align platforms */
-               IP_HDR_STRICT_ALIGNMENT_CHECK(ip);
-               xchg(ip->ip_dst.s_addr, ip->ip_src.s_addr, n_long);
-               nth = (struct tcphdr *)(void *)(ip + 1);
-             }
+               {
+                       /* Expect 32-bit aligned IP on strict-align platforms */
+                       IP_HDR_STRICT_ALIGNMENT_CHECK(ip);
+                       xchg(ip->ip_dst.s_addr, ip->ip_src.s_addr, n_long);
+                       nth = (struct tcphdr *)(void *)(ip + 1);
+               }
                if (th != nth) {
                        /*
                         * this is usually a case when an extension header
                if (th != nth) {
                        /*
                         * this is usually a case when an extension header
@@ -833,11 +861,11 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
                tlen += sizeof (struct ip6_hdr) + sizeof (struct tcphdr);
        } else
 #endif
                tlen += sizeof (struct ip6_hdr) + sizeof (struct tcphdr);
        } else
 #endif
-      {
-       tlen += sizeof (struct tcpiphdr);
-       ip->ip_len = tlen;
-       ip->ip_ttl = ip_defttl;
-      }
+       {
+               tlen += sizeof (struct tcpiphdr);
+               ip->ip_len = tlen;
+               ip->ip_ttl = ip_defttl;
+       }
        m->m_len = tlen;
        m->m_pkthdr.len = tlen;
        m->m_pkthdr.rcvif = 0;
        m->m_len = tlen;
        m->m_pkthdr.len = tlen;
        m->m_pkthdr.rcvif = 0;
@@ -875,9 +903,7 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
                m->m_pkthdr.csum_flags = CSUM_TCPIPV6;
                m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
                ip6->ip6_hlim = in6_selecthlim(tp ? tp->t_inpcb : NULL,
                m->m_pkthdr.csum_flags = CSUM_TCPIPV6;
                m->m_pkthdr.csum_data = offsetof(struct tcphdr, th_sum);
                ip6->ip6_hlim = in6_selecthlim(tp ? tp->t_inpcb : NULL,
-                                              ro6 && ro6->ro_rt ?
-                                              ro6->ro_rt->rt_ifp :
-                                              NULL);
+                   ro6 && ro6->ro_rt ? ro6->ro_rt->rt_ifp : NULL);
        } else
 #endif /* INET6 */
        {
        } else
 #endif /* INET6 */
        {
@@ -908,8 +934,9 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
                if (isipv6) {
                        svc_flags |= PKT_SCF_IPV6;
                }
                if (isipv6) {
                        svc_flags |= PKT_SCF_IPV6;
                }
+               sotc = tp->t_inpcb->inp_socket->so_traffic_class;
                set_packet_service_class(m, tp->t_inpcb->inp_socket,
                set_packet_service_class(m, tp->t_inpcb->inp_socket,
-                   MBUF_SC_UNSPEC, svc_flags);
+                   sotc, svc_flags);
 
                /* Embed flowhash and flow control flags */
                m->m_pkthdr.pkt_flowsrc = FLOWSRC_INPCB;
 
                /* Embed flowhash and flow control flags */
                m->m_pkthdr.pkt_flowsrc = FLOWSRC_INPCB;
@@ -926,7 +953,8 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
 #if INET6
        if (isipv6) {
                struct ip6_out_args ip6oa = { tra->ifscope, { 0 },
 #if INET6
        if (isipv6) {
                struct ip6_out_args ip6oa = { tra->ifscope, { 0 },
-                   IP6OAF_SELECT_SRCIF | IP6OAF_BOUND_SRCADDR, 0 };
+                   IP6OAF_SELECT_SRCIF | IP6OAF_BOUND_SRCADDR, 0,
+                   SO_TC_UNSPEC, _NET_SERVICE_TYPE_UNSPEC};
 
                if (tra->ifscope != IFSCOPE_NONE)
                        ip6oa.ip6oa_flags |= IP6OAF_BOUND_IF;
 
                if (tra->ifscope != IFSCOPE_NONE)
                        ip6oa.ip6oa_flags |= IP6OAF_BOUND_IF;
@@ -936,7 +964,14 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
                        ip6oa.ip6oa_flags |= IP6OAF_NO_EXPENSIVE;
                if (tra->awdl_unrestricted)
                        ip6oa.ip6oa_flags |= IP6OAF_AWDL_UNRESTRICTED;
                        ip6oa.ip6oa_flags |= IP6OAF_NO_EXPENSIVE;
                if (tra->awdl_unrestricted)
                        ip6oa.ip6oa_flags |= IP6OAF_AWDL_UNRESTRICTED;
-
+               if (tra->intcoproc_allowed)
+                       ip6oa.ip6oa_flags |= IP6OAF_INTCOPROC_ALLOWED;
+               ip6oa.ip6oa_sotc = sotc;
+               if (tp != NULL) {
+                       if ((tp->t_inpcb->inp_socket->so_flags1 & SOF1_QOSMARKING_ALLOWED))
+                               ip6oa.ip6oa_flags |= IP6OAF_QOSMARKING_ALLOWED;
+                       ip6oa.ip6oa_netsvctype = tp->t_inpcb->inp_socket->so_netsvctype;
+               }
                (void) ip6_output(m, NULL, ro6, IPV6_OUTARGS, NULL,
                    NULL, &ip6oa);
 
                (void) ip6_output(m, NULL, ro6, IPV6_OUTARGS, NULL,
                    NULL, &ip6oa);
 
@@ -951,7 +986,8 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
 #endif /* INET6 */
        {
                struct ip_out_args ipoa = { tra->ifscope, { 0 },
 #endif /* INET6 */
        {
                struct ip_out_args ipoa = { tra->ifscope, { 0 },
-                   IPOAF_SELECT_SRCIF | IPOAF_BOUND_SRCADDR, 0 };
+                   IPOAF_SELECT_SRCIF | IPOAF_BOUND_SRCADDR, 0,
+                   SO_TC_UNSPEC, _NET_SERVICE_TYPE_UNSPEC };
 
                if (tra->ifscope != IFSCOPE_NONE)
                        ipoa.ipoa_flags |= IPOAF_BOUND_IF;
 
                if (tra->ifscope != IFSCOPE_NONE)
                        ipoa.ipoa_flags |= IPOAF_BOUND_IF;
@@ -961,7 +997,12 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
                        ipoa.ipoa_flags |= IPOAF_NO_EXPENSIVE;
                if (tra->awdl_unrestricted)
                        ipoa.ipoa_flags |= IPOAF_AWDL_UNRESTRICTED;
                        ipoa.ipoa_flags |= IPOAF_NO_EXPENSIVE;
                if (tra->awdl_unrestricted)
                        ipoa.ipoa_flags |= IPOAF_AWDL_UNRESTRICTED;
-
+               ipoa.ipoa_sotc = sotc;
+               if (tp != NULL) {
+                       if ((tp->t_inpcb->inp_socket->so_flags1 & SOF1_QOSMARKING_ALLOWED))
+                               ipoa.ipoa_flags |= IPOAF_QOSMARKING_ALLOWED;
+                       ipoa.ipoa_netsvctype = tp->t_inpcb->inp_socket->so_netsvctype;
+               }
                if (ro != &sro) {
                        /* Copy the cached route and take an extra reference */
                        inp_route_copyout(tp->t_inpcb, &sro);
                if (ro != &sro) {
                        /* Copy the cached route and take an extra reference */
                        inp_route_copyout(tp->t_inpcb, &sro);
@@ -992,12 +1033,11 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m,
  * come from the zone allocator set up in tcp_init().
  */
 struct tcpcb *
  * come from the zone allocator set up in tcp_init().
  */
 struct tcpcb *
-tcp_newtcpcb(inp)
-       struct inpcb *inp;
+tcp_newtcpcb(struct inpcb *inp)
 {
        struct inp_tp *it;
 {
        struct inp_tp *it;
-       register struct tcpcb *tp;
-       register struct socket *so = inp->inp_socket;   
+       struct tcpcb *tp;
+       struct socket *so = inp->inp_socket;
 #if INET6
        int isipv6 = (inp->inp_vflag & INP_IPV6) != 0;
 #endif /* INET6 */
 #if INET6
        int isipv6 = (inp->inp_vflag & INP_IPV6) != 0;
 #endif /* INET6 */
@@ -1005,12 +1045,12 @@ tcp_newtcpcb(inp)
        calculate_tcp_clock();
 
        if ((so->so_flags1 & SOF1_CACHED_IN_SOCK_LAYER) == 0) {
        calculate_tcp_clock();
 
        if ((so->so_flags1 & SOF1_CACHED_IN_SOCK_LAYER) == 0) {
-            it = (struct inp_tp *)(void *)inp;
-            tp = &it->tcb;
+           it = (struct inp_tp *)(void *)inp;
+           tp = &it->tcb;
        } else {
        } else {
-            tp = (struct tcpcb *)(void *)inp->inp_saved_ppcb;
+           tp = (struct tcpcb *)(void *)inp->inp_saved_ppcb;
        }
        }
-       
+
        bzero((char *) tp, sizeof(struct tcpcb));
        LIST_INIT(&tp->t_segq);
        tp->t_maxseg = tp->t_maxopd =
        bzero((char *) tp, sizeof(struct tcpcb));
        LIST_INIT(&tp->t_segq);
        tp->t_maxseg = tp->t_maxopd =
@@ -1026,14 +1066,16 @@ tcp_newtcpcb(inp)
 
        TAILQ_INIT(&tp->snd_holes);
        SLIST_INIT(&tp->t_rxt_segments);
 
        TAILQ_INIT(&tp->snd_holes);
        SLIST_INIT(&tp->t_rxt_segments);
-       tp->t_inpcb = inp;      /* XXX */
+       SLIST_INIT(&tp->t_notify_ack);
+       tp->t_inpcb = inp;
        /*
         * Init srtt to TCPTV_SRTTBASE (0), so we can tell that we have no
         * rtt estimate.  Set rttvar so that srtt + 4 * rttvar gives
         * reasonable initial retransmit time.
         */
        tp->t_srtt = TCPTV_SRTTBASE;
        /*
         * Init srtt to TCPTV_SRTTBASE (0), so we can tell that we have no
         * rtt estimate.  Set rttvar so that srtt + 4 * rttvar gives
         * reasonable initial retransmit time.
         */
        tp->t_srtt = TCPTV_SRTTBASE;
-       tp->t_rttvar = ((TCPTV_RTOBASE - TCPTV_SRTTBASE) << TCP_RTTVAR_SHIFT) / 4;
+       tp->t_rttvar =
+           ((TCPTV_RTOBASE - TCPTV_SRTTBASE) << TCP_RTTVAR_SHIFT) / 4;
        tp->t_rttmin = tcp_TCPTV_MIN;
        tp->t_rxtcur = TCPTV_RTOBASE;
 
        tp->t_rttmin = tcp_TCPTV_MIN;
        tp->t_rxtcur = TCPTV_RTOBASE;
 
@@ -1078,9 +1120,7 @@ tcp_newtcpcb(inp)
  * then send a RST to peer.
  */
 struct tcpcb *
  * then send a RST to peer.
  */
 struct tcpcb *
-tcp_drop(tp, errno)
-       register struct tcpcb *tp;
-       int errno;
+tcp_drop(struct tcpcb *tp, int errno)
 {
        struct socket *so = tp->t_inpcb->inp_socket;
 #if CONFIG_DTRACE
 {
        struct socket *so = tp->t_inpcb->inp_socket;
 #if CONFIG_DTRACE
@@ -1102,7 +1142,7 @@ tcp_drop(tp, errno)
 }
 
 void
 }
 
 void
-tcp_getrt_rtt(struct tcpcb *tp, struct rtentry *rt) 
+tcp_getrt_rtt(struct tcpcb *tp, struct rtentry *rt)
 {
        u_int32_t rtt = rt->rt_rmx.rmx_rtt;
        int isnetlocal = (tp->t_flags & TF_LOCAL);
 {
        u_int32_t rtt = rt->rt_rmx.rmx_rtt;
        int isnetlocal = (tp->t_flags & TF_LOCAL);
@@ -1115,17 +1155,19 @@ tcp_getrt_rtt(struct tcpcb *tp, struct rtentry *rt)
                if (rt->rt_rmx.rmx_locks & RTV_RTT)
                        tp->t_rttmin = rtt / (RTM_RTTUNIT / TCP_RETRANSHZ);
                else
                if (rt->rt_rmx.rmx_locks & RTV_RTT)
                        tp->t_rttmin = rtt / (RTM_RTTUNIT / TCP_RETRANSHZ);
                else
-                       tp->t_rttmin = isnetlocal ? tcp_TCPTV_MIN : TCPTV_REXMTMIN;
-               tp->t_srtt = rtt / (RTM_RTTUNIT / (TCP_RETRANSHZ * TCP_RTT_SCALE));
+                       tp->t_rttmin = isnetlocal ? tcp_TCPTV_MIN :
+                           TCPTV_REXMTMIN;
+               tp->t_srtt =
+                   rtt / (RTM_RTTUNIT / (TCP_RETRANSHZ * TCP_RTT_SCALE));
                tcpstat.tcps_usedrtt++;
                if (rt->rt_rmx.rmx_rttvar) {
                        tp->t_rttvar = rt->rt_rmx.rmx_rttvar /
                tcpstat.tcps_usedrtt++;
                if (rt->rt_rmx.rmx_rttvar) {
                        tp->t_rttvar = rt->rt_rmx.rmx_rttvar /
-                               (RTM_RTTUNIT / (TCP_RETRANSHZ * TCP_RTTVAR_SCALE));
+                           (RTM_RTTUNIT / (TCP_RETRANSHZ * TCP_RTTVAR_SCALE));
                        tcpstat.tcps_usedrttvar++;
                } else {
                        /* default variation is +- 1 rtt */
                        tp->t_rttvar =
                        tcpstat.tcps_usedrttvar++;
                } else {
                        /* default variation is +- 1 rtt */
                        tp->t_rttvar =
-                               tp->t_srtt * TCP_RTTVAR_SCALE / TCP_RTT_SCALE;
+                           tp->t_srtt * TCP_RTTVAR_SCALE / TCP_RTT_SCALE;
                }
                TCPT_RANGESET(tp->t_rxtcur,
                        ((tp->t_srtt >> 2) + tp->t_rttvar) >> 1,
                }
                TCPT_RANGESET(tp->t_rxtcur,
                        ((tp->t_srtt >> 2) + tp->t_rttvar) >> 1,
@@ -1140,6 +1182,12 @@ tcp_update_ecn_perf_stats(struct tcpcb *tp,
 {
        u_int64_t curval, oldval;
        struct inpcb *inp = tp->t_inpcb;
 {
        u_int64_t curval, oldval;
        struct inpcb *inp = tp->t_inpcb;
+       stat->total_txpkts += inp->inp_stat->txpackets;
+       stat->total_rxpkts += inp->inp_stat->rxpackets;
+       stat->total_rxmitpkts += tp->t_stat.rxmitpkts;
+       stat->total_oopkts += tp->t_rcvoopack;
+       stat->total_reorderpkts += (tp->t_reordered_pkts + tp->t_pawsdrop +
+           tp->t_dsack_sent + tp->t_dsack_recvd);
 
        /* Average RTT */
        curval = (tp->t_srtt >> TCP_RTT_SHIFT);
 
        /* Average RTT */
        curval = (tp->t_srtt >> TCP_RTT_SHIFT);
@@ -1165,56 +1213,11 @@ tcp_update_ecn_perf_stats(struct tcpcb *tp,
                }
        }
 
                }
        }
 
-       /* Percentage of Out-of-order packets, shift by 10 for precision */
-       curval = (tp->t_rcvoopack << 10);
-       if (inp->inp_stat != NULL && inp->inp_stat->rxpackets > 0 &&
-           curval > 0) {
-               /* Compute percentage */
-               curval = (curval * 100)/inp->inp_stat->rxpackets;
-               if (stat->oo_percent == 0) {
-                       stat->oo_percent = curval;
-               } else {
-                       oldval = stat->oo_percent;
-                       stat->oo_percent =
-                           ((oldval << 4) - oldval + curval) >> 4;
-               }
-       }
-
        /* Total number of SACK recovery episodes */
        stat->sack_episodes += tp->t_sack_recovery_episode;
 
        /* Total number of SACK recovery episodes */
        stat->sack_episodes += tp->t_sack_recovery_episode;
 
-       /* Percentage of reordered packets, shift by 10 for precision */
-       curval = tp->t_reordered_pkts + tp->t_pawsdrop + tp->t_dsack_sent +
-           tp->t_dsack_recvd;
-       curval = curval << 10;
-       if (inp->inp_stat != NULL && (inp->inp_stat->rxpackets > 0 ||
-           inp->inp_stat->txpackets > 0) && curval > 0) {
-               /* Compute percentage */
-               curval = (curval * 100) /
-                   (inp->inp_stat->rxpackets + inp->inp_stat->txpackets);
-               if (stat->reorder_percent == 0) {
-                       stat->reorder_percent = curval;
-               } else {
-                       oldval = stat->reorder_percent;
-                       stat->reorder_percent =
-                           ((oldval << 4) - oldval + curval) >> 4;
-               }
-       }
-
-       /* Percentage of retransmit bytes, shift by 10 for precision */
-       curval = tp->t_stat.txretransmitbytes << 10;
-       if (inp->inp_stat != NULL && inp->inp_stat->txbytes > 0
-           && curval > 0) {
-               curval = (curval * 100) / inp->inp_stat->txbytes;
-               if (stat->rxmit_percent == 0) {
-                       stat->rxmit_percent = curval;
-               } else {
-                       oldval = stat->rxmit_percent;
-                       stat->rxmit_percent =
-                           ((oldval << 4) - oldval + curval) >> 4;
-               }
-       }
-       return;
+       if (inp->inp_socket->so_error == ECONNRESET)
+               stat->rst_drop++;
 }
 
 /*
 }
 
 /*
@@ -1224,8 +1227,7 @@ tcp_update_ecn_perf_stats(struct tcpcb *tp,
  *     wake up any sleepers
  */
 struct tcpcb *
  *     wake up any sleepers
  */
 struct tcpcb *
-tcp_close(tp)
-       register struct tcpcb *tp;
+tcp_close(struct tcpcb *tp)
 {
        struct inpcb *inp = tp->t_inpcb;
        struct socket *so = inp->inp_socket;
 {
        struct inpcb *inp = tp->t_inpcb;
        struct socket *so = inp->inp_socket;
@@ -1237,11 +1239,11 @@ tcp_close(tp)
        int dosavessthresh;
 
        /* tcp_close was called previously, bail */
        int dosavessthresh;
 
        /* tcp_close was called previously, bail */
-       if (inp->inp_ppcb == NULL) 
-               return(NULL);
+       if (inp->inp_ppcb == NULL)
+               return (NULL);
 
        tcp_canceltimers(tp);
 
        tcp_canceltimers(tp);
-       KERNEL_DEBUG(DBG_FNC_TCP_CLOSE | DBG_FUNC_START, tp,0,0,0,0);
+       KERNEL_DEBUG(DBG_FNC_TCP_CLOSE | DBG_FUNC_START, tp, 0, 0, 0, 0);
 
        /*
         * If another thread for this tcp is currently in ip (indicated by
 
        /*
         * If another thread for this tcp is currently in ip (indicated by
@@ -1285,7 +1287,7 @@ tcp_close(tp)
         * update anything that the user "locked".
         */
        if (tp->t_rttupdated >= 16) {
         * update anything that the user "locked".
         */
        if (tp->t_rttupdated >= 16) {
-               register u_int32_t i = 0;
+               u_int32_t i = 0;
 
 #if INET6
                if (isipv6) {
 
 #if INET6
                if (isipv6) {
@@ -1355,8 +1357,8 @@ tcp_close(tp)
                else
                        dosavessthresh = (i < so->so_snd.sb_hiwat / 2);
                if (((rt->rt_rmx.rmx_locks & RTV_SSTHRESH) == 0 &&
                else
                        dosavessthresh = (i < so->so_snd.sb_hiwat / 2);
                if (((rt->rt_rmx.rmx_locks & RTV_SSTHRESH) == 0 &&
-                    i != 0 && rt->rt_rmx.rmx_ssthresh != 0)
-                   || dosavessthresh) {
+                   i != 0 && rt->rt_rmx.rmx_ssthresh != 0) ||
+                   dosavessthresh) {
                        /*
                         * convert the limit from user data bytes to
                         * packets then to packet data bytes.
                        /*
                         * convert the limit from user data bytes to
                         * packets then to packet data bytes.
@@ -1366,14 +1368,10 @@ tcp_close(tp)
                                i = 2;
                        i *= (u_int32_t)(tp->t_maxseg +
 #if INET6
                                i = 2;
                        i *= (u_int32_t)(tp->t_maxseg +
 #if INET6
-                                     (isipv6 ? sizeof (struct ip6_hdr) +
-                                              sizeof (struct tcphdr) :
-#endif
-                                      sizeof (struct tcpiphdr)
-#if INET6
-                                      )
-#endif
-                                     );
+                           isipv6 ? sizeof (struct ip6_hdr) +
+                           sizeof (struct tcphdr) :
+#endif /* INET6 */
+                           sizeof (struct tcpiphdr));
                        if (rt->rt_rmx.rmx_ssthresh)
                                rt->rt_rmx.rmx_ssthresh =
                                    (rt->rt_rmx.rmx_ssthresh + i) / 2;
                        if (rt->rt_rmx.rmx_ssthresh)
                                rt->rt_rmx.rmx_ssthresh =
                                    (rt->rt_rmx.rmx_ssthresh + i) / 2;
@@ -1426,6 +1424,8 @@ no_valid_rt:
                                    ecn_peer_nosupport);
                        }
                }
                                    ecn_peer_nosupport);
                        }
                }
+       } else {
+               INP_INC_IFNET_STAT(inp, ecn_off_conn);
        }
        if (TCP_ECN_ENABLED(tp)) {
                if (tp->ecn_flags & TE_RECV_ECN_CE) {
        }
        if (TCP_ECN_ENABLED(tp)) {
                if (tp->ecn_flags & TE_RECV_ECN_CE) {
@@ -1452,36 +1452,29 @@ no_valid_rt:
                                INP_INC_IFNET_STAT(inp, ecn_conn_plnoce);
                        }
                }
                                INP_INC_IFNET_STAT(inp, ecn_conn_plnoce);
                        }
                }
-
        }
 
        /* Aggregate performance stats */
        }
 
        /* Aggregate performance stats */
-       if (inp->inp_last_outifp != NULL) {
+       if (inp->inp_last_outifp != NULL && !(tp->t_flags & TF_LOCAL)) {
                struct ifnet *ifp = inp->inp_last_outifp;
                ifnet_lock_shared(ifp);
                if ((ifp->if_refflags & (IFRF_ATTACHED | IFRF_DETACHING)) ==
                    IFRF_ATTACHED) {
                        if (inp->inp_vflag & INP_IPV6) {
                struct ifnet *ifp = inp->inp_last_outifp;
                ifnet_lock_shared(ifp);
                if ((ifp->if_refflags & (IFRF_ATTACHED | IFRF_DETACHING)) ==
                    IFRF_ATTACHED) {
                        if (inp->inp_vflag & INP_IPV6) {
+                               ifp->if_ipv6_stat->timestamp = net_uptime();
                                if (TCP_ECN_ENABLED(tp)) {
                                if (TCP_ECN_ENABLED(tp)) {
-                                       ifp->if_ipv6_stat->timestamp
-                                           = net_uptime();
                                        tcp_update_ecn_perf_stats(tp,
                                            &ifp->if_ipv6_stat->ecn_on);
                                } else {
                                        tcp_update_ecn_perf_stats(tp,
                                            &ifp->if_ipv6_stat->ecn_on);
                                } else {
-                                       ifp->if_ipv6_stat->timestamp
-                                           = net_uptime();
                                        tcp_update_ecn_perf_stats(tp,
                                            &ifp->if_ipv6_stat->ecn_off);
                                }
                        } else {
                                        tcp_update_ecn_perf_stats(tp,
                                            &ifp->if_ipv6_stat->ecn_off);
                                }
                        } else {
+                               ifp->if_ipv4_stat->timestamp = net_uptime();
                                if (TCP_ECN_ENABLED(tp)) {
                                if (TCP_ECN_ENABLED(tp)) {
-                                       ifp->if_ipv4_stat->timestamp
-                                           = net_uptime();
                                        tcp_update_ecn_perf_stats(tp,
                                            &ifp->if_ipv4_stat->ecn_on);
                                } else {
                                        tcp_update_ecn_perf_stats(tp,
                                            &ifp->if_ipv4_stat->ecn_on);
                                } else {
-                                       ifp->if_ipv4_stat->timestamp
-                                           = net_uptime();
                                        tcp_update_ecn_perf_stats(tp,
                                            &ifp->if_ipv4_stat->ecn_off);
                                }
                                        tcp_update_ecn_perf_stats(tp,
                                            &ifp->if_ipv4_stat->ecn_off);
                                }
@@ -1491,6 +1484,10 @@ no_valid_rt:
        }
 
        tcp_free_sackholes(tp);
        }
 
        tcp_free_sackholes(tp);
+       tcp_notify_ack_free(tp);
+
+       inp_decr_sndbytes_allunsent(so, tp->snd_una);
+
        if (tp->t_bwmeas != NULL) {
                tcp_bwmeas_free(tp);
        }
        if (tp->t_bwmeas != NULL) {
                tcp_bwmeas_free(tp);
        }
@@ -1515,13 +1512,14 @@ no_valid_rt:
 
        tp->t_state = TCPS_CLOSED;
 
 
        tp->t_state = TCPS_CLOSED;
 
-       /* Issue a wakeup before detach so that we don't miss
+       /*
+        * Issue a wakeup before detach so that we don't miss
         * a wakeup
         */
        sodisconnectwakeup(so);
 
         * a wakeup
         */
        sodisconnectwakeup(so);
 
-       /* 
-        * Clean up any LRO state 
+       /*
+        * Clean up any LRO state
         */
        if (tp->t_flagsext & TF_LRO_OFFLOADED) {
                tcp_lro_remove_state(inp->inp_laddr, inp->inp_faddr,
         */
        if (tp->t_flagsext & TF_LRO_OFFLOADED) {
                tcp_lro_remove_state(inp->inp_laddr, inp->inp_faddr,
@@ -1566,23 +1564,23 @@ no_valid_rt:
 #endif /* INET6 */
        in_pcbdetach(inp);
 
 #endif /* INET6 */
        in_pcbdetach(inp);
 
-       /* Call soisdisconnected after detach because it might unlock the socket */
+       /*
+        * Call soisdisconnected after detach because it might unlock the socket
+        */
        soisdisconnected(so);
        tcpstat.tcps_closed++;
        KERNEL_DEBUG(DBG_FNC_TCP_CLOSE | DBG_FUNC_END,
            tcpstat.tcps_closed, 0, 0, 0, 0);
        soisdisconnected(so);
        tcpstat.tcps_closed++;
        KERNEL_DEBUG(DBG_FNC_TCP_CLOSE | DBG_FUNC_END,
            tcpstat.tcps_closed, 0, 0, 0, 0);
-       return(NULL);
+       return (NULL);
 }
 
 int
 }
 
 int
-tcp_freeq(tp)
-       struct tcpcb *tp;
+tcp_freeq(struct tcpcb *tp)
 {
 {
-
-       register struct tseg_qent *q;
+       struct tseg_qent *q;
        int rv = 0;
 
        int rv = 0;
 
-       while((q = LIST_FIRST(&tp->t_segq)) != NULL) {
+       while ((q = LIST_FIRST(&tp->t_segq)) != NULL) {
                LIST_REMOVE(q, tqe_q);
                m_freem(q->tqe_m);
                zfree(tcp_reass_zone, q);
                LIST_REMOVE(q, tqe_q);
                m_freem(q->tqe_m);
                zfree(tcp_reass_zone, q);
@@ -1600,12 +1598,12 @@ tcp_freeq(tp)
  * Do it next time if the pcbinfo lock is in use
  */
 void
  * Do it next time if the pcbinfo lock is in use
  */
 void
-tcp_drain()
+tcp_drain(void)
 {
        struct inpcb *inp;
        struct tcpcb *tp;
 
 {
        struct inpcb *inp;
        struct tcpcb *tp;
 
-       if (!lck_rw_try_lock_exclusive(tcbinfo.ipi_lock)) 
+       if (!lck_rw_try_lock_exclusive(tcbinfo.ipi_lock))
                return;
 
        LIST_FOREACH(inp, tcbinfo.ipi_listhead, inp_list) {
                return;
 
        LIST_FOREACH(inp, tcbinfo.ipi_listhead, inp_list) {
@@ -1617,10 +1615,10 @@ tcp_drain()
                                /* lost a race, try the next one */
                                tcp_unlock(inp->inp_socket, 1, 0);
                                continue;
                                /* lost a race, try the next one */
                                tcp_unlock(inp->inp_socket, 1, 0);
                                continue;
-                       } 
+                       }
                        tp = intotcpcb(inp);
 
                        tp = intotcpcb(inp);
 
-                       if (do_tcpdrain)        
+                       if (do_tcpdrain)
                                tcp_freeq(tp);
 
                        so_drain_extended_bk_idle(inp->inp_socket);
                                tcp_freeq(tp);
 
                        so_drain_extended_bk_idle(inp->inp_socket);
@@ -1641,13 +1639,11 @@ tcp_drain()
  * reporting soft errors (yet - a kqueue filter may be added).
  */
 static void
  * reporting soft errors (yet - a kqueue filter may be added).
  */
 static void
-tcp_notify(inp, error)
-       struct inpcb *inp;
-       int error;
+tcp_notify(struct inpcb *inp, int error)
 {
        struct tcpcb *tp;
 
 {
        struct tcpcb *tp;
 
-       if (inp == NULL || (inp->inp_state == INPCB_STATE_DEAD)) 
+       if (inp == NULL || (inp->inp_state == INPCB_STATE_DEAD))
                return; /* pcb is gone already */
 
        tp = (struct tcpcb *)inp->inp_ppcb;
                return; /* pcb is gone already */
 
        tp = (struct tcpcb *)inp->inp_ppcb;
@@ -1660,8 +1656,8 @@ tcp_notify(inp, error)
         * can never complete.
         */
        if (tp->t_state == TCPS_ESTABLISHED &&
         * can never complete.
         */
        if (tp->t_state == TCPS_ESTABLISHED &&
-            (error == EHOSTUNREACH || error == ENETUNREACH ||
-             error == EHOSTDOWN)) {
+           (error == EHOSTUNREACH || error == ENETUNREACH ||
+           error == EHOSTDOWN)) {
                return;
        } else if (tp->t_state < TCPS_ESTABLISHED && tp->t_rxtshift > 3 &&
            tp->t_softerror)
                return;
        } else if (tp->t_state < TCPS_ESTABLISHED && tp->t_rxtshift > 3 &&
            tp->t_softerror)
@@ -1675,30 +1671,56 @@ tcp_notify(inp, error)
 #endif
 }
 
 #endif
 }
 
-struct bwmeas*
+struct bwmeas *
 tcp_bwmeas_alloc(struct tcpcb *tp)
 {
        struct bwmeas *elm;
        elm = zalloc(tcp_bwmeas_zone);
        if (elm == NULL)
 tcp_bwmeas_alloc(struct tcpcb *tp)
 {
        struct bwmeas *elm;
        elm = zalloc(tcp_bwmeas_zone);
        if (elm == NULL)
-               return(elm);
+               return (elm);
 
        bzero(elm, bwmeas_elm_size);
        elm->bw_minsizepkts = TCP_BWMEAS_BURST_MINSIZE;
        elm->bw_maxsizepkts = TCP_BWMEAS_BURST_MAXSIZE;
        elm->bw_minsize = elm->bw_minsizepkts * tp->t_maxseg;
        elm->bw_maxsize = elm->bw_maxsizepkts * tp->t_maxseg;
 
        bzero(elm, bwmeas_elm_size);
        elm->bw_minsizepkts = TCP_BWMEAS_BURST_MINSIZE;
        elm->bw_maxsizepkts = TCP_BWMEAS_BURST_MAXSIZE;
        elm->bw_minsize = elm->bw_minsizepkts * tp->t_maxseg;
        elm->bw_maxsize = elm->bw_maxsizepkts * tp->t_maxseg;
-       return(elm);
+       return (elm);
 }
 
 void
 }
 
 void
-tcp_bwmeas_free(struct tcpcbtp)
+tcp_bwmeas_free(struct tcpcb *tp)
 {
        zfree(tcp_bwmeas_zone, tp->t_bwmeas);
        tp->t_bwmeas = NULL;
        tp->t_flagsext &= ~(TF_MEASURESNDBW);
 }
 
 {
        zfree(tcp_bwmeas_zone, tp->t_bwmeas);
        tp->t_bwmeas = NULL;
        tp->t_flagsext &= ~(TF_MEASURESNDBW);
 }
 
+int
+get_tcp_inp_list(struct inpcb **inp_list, int n, inp_gen_t gencnt)
+{
+       struct tcpcb *tp;
+       struct inpcb *inp;
+       int i = 0;
+
+       LIST_FOREACH(inp, tcbinfo.ipi_listhead, inp_list) {
+               if (inp->inp_gencnt <= gencnt &&
+                   inp->inp_state != INPCB_STATE_DEAD)
+                       inp_list[i++] = inp;
+               if (i >= n)
+                       break;
+       }
+
+       TAILQ_FOREACH(tp, &tcp_tw_tailq, t_twentry) {
+               inp = tp->t_inpcb;
+               if (inp->inp_gencnt <= gencnt &&
+                       inp->inp_state != INPCB_STATE_DEAD)
+                       inp_list[i++] = inp;
+               if (i >= n)
+                       break;
+       }
+       return (i);
+}
+
 /*
  * tcpcb_to_otcpcb copies specific bits of a tcpcb to a otcpcb format.
  * The otcpcb data structure is passed to user space and must not change.
 /*
  * tcpcb_to_otcpcb copies specific bits of a tcpcb to a otcpcb format.
  * The otcpcb data structure is passed to user space and must not change.
@@ -1712,7 +1734,8 @@ tcpcb_to_otcpcb(struct tcpcb *tp, struct otcpcb *otp)
        otp->t_timer[TCPT_PERSIST_EXT] = tp->t_timer[TCPT_PERSIST];
        otp->t_timer[TCPT_KEEP_EXT] = tp->t_timer[TCPT_KEEP];
        otp->t_timer[TCPT_2MSL_EXT] = tp->t_timer[TCPT_2MSL];
        otp->t_timer[TCPT_PERSIST_EXT] = tp->t_timer[TCPT_PERSIST];
        otp->t_timer[TCPT_KEEP_EXT] = tp->t_timer[TCPT_KEEP];
        otp->t_timer[TCPT_2MSL_EXT] = tp->t_timer[TCPT_2MSL];
-       otp->t_inpcb = (_TCPCB_PTR(struct inpcb *))VM_KERNEL_ADDRPERM(tp->t_inpcb);
+       otp->t_inpcb =
+           (_TCPCB_PTR(struct inpcb *))VM_KERNEL_ADDRPERM(tp->t_inpcb);
        otp->t_state = tp->t_state;
        otp->t_flags = tp->t_flags;
        otp->t_force = (tp->t_flagsext & TF_FORCE) ? 1 : 0;
        otp->t_state = tp->t_state;
        otp->t_flags = tp->t_flags;
        otp->t_force = (tp->t_flagsext & TF_FORCE) ? 1 : 0;
@@ -1754,8 +1777,8 @@ tcpcb_to_otcpcb(struct tcpcb *tp, struct otcpcb *otp)
        otp->ts_recent = tp->ts_recent;
        otp->ts_recent_age = tp->ts_recent_age;
        otp->last_ack_sent = tp->last_ack_sent;
        otp->ts_recent = tp->ts_recent;
        otp->ts_recent_age = tp->ts_recent_age;
        otp->last_ack_sent = tp->last_ack_sent;
-       otp->cc_send = tp->cc_send;
-       otp->cc_recv = tp->cc_recv;
+       otp->cc_send = 0;
+       otp->cc_recv = 0;
        otp->snd_recover = tp->snd_recover;
        otp->snd_cwnd_prev = tp->snd_cwnd_prev;
        otp->snd_ssthresh_prev = tp->snd_ssthresh_prev;
        otp->snd_recover = tp->snd_recover;
        otp->snd_cwnd_prev = tp->snd_cwnd_prev;
        otp->snd_ssthresh_prev = tp->snd_ssthresh_prev;
@@ -1767,8 +1790,7 @@ tcp_pcblist SYSCTL_HANDLER_ARGS
 {
 #pragma unused(oidp, arg1, arg2)
        int error, i = 0, n;
 {
 #pragma unused(oidp, arg1, arg2)
        int error, i = 0, n;
-       struct inpcb *inp, **inp_list;
-       struct tcpcb *tp;
+       struct inpcb **inp_list;
        inp_gen_t gencnt;
        struct xinpgen xig;
 
        inp_gen_t gencnt;
        struct xinpgen xig;
 
@@ -1779,15 +1801,15 @@ tcp_pcblist SYSCTL_HANDLER_ARGS
        lck_rw_lock_shared(tcbinfo.ipi_lock);
        if (req->oldptr == USER_ADDR_NULL) {
                n = tcbinfo.ipi_count;
        lck_rw_lock_shared(tcbinfo.ipi_lock);
        if (req->oldptr == USER_ADDR_NULL) {
                n = tcbinfo.ipi_count;
-               req->oldidx = 2 * (sizeof xig)
+               req->oldidx = 2 * (sizeof(xig))
                        + (n + n/8) * sizeof(struct xtcpcb);
                lck_rw_done(tcbinfo.ipi_lock);
                        + (n + n/8) * sizeof(struct xtcpcb);
                lck_rw_done(tcbinfo.ipi_lock);
-               return 0;
+               return (0);
        }
 
        if (req->newptr != USER_ADDR_NULL) {
                lck_rw_done(tcbinfo.ipi_lock);
        }
 
        if (req->newptr != USER_ADDR_NULL) {
                lck_rw_done(tcbinfo.ipi_lock);
-               return EPERM;
+               return (EPERM);
        }
 
        /*
        }
 
        /*
@@ -1797,70 +1819,68 @@ tcp_pcblist SYSCTL_HANDLER_ARGS
        n = tcbinfo.ipi_count;
 
        bzero(&xig, sizeof(xig));
        n = tcbinfo.ipi_count;
 
        bzero(&xig, sizeof(xig));
-       xig.xig_len = sizeof xig;
+       xig.xig_len = sizeof(xig);
        xig.xig_count = n;
        xig.xig_gen = gencnt;
        xig.xig_sogen = so_gencnt;
        xig.xig_count = n;
        xig.xig_gen = gencnt;
        xig.xig_sogen = so_gencnt;
-       error = SYSCTL_OUT(req, &xig, sizeof xig);
+       error = SYSCTL_OUT(req, &xig, sizeof(xig));
        if (error) {
                lck_rw_done(tcbinfo.ipi_lock);
        if (error) {
                lck_rw_done(tcbinfo.ipi_lock);
-               return error;
+               return (error);
        }
        /*
         * We are done if there is no pcb
         */
        if (n == 0) {
                lck_rw_done(tcbinfo.ipi_lock);
        }
        /*
         * We are done if there is no pcb
         */
        if (n == 0) {
                lck_rw_done(tcbinfo.ipi_lock);
-               return 0; 
+               return (0);
        }
 
        }
 
-       inp_list = _MALLOC(n * sizeof *inp_list, M_TEMP, M_WAITOK);
+       inp_list = _MALLOC(n * sizeof (*inp_list), M_TEMP, M_WAITOK);
        if (inp_list == 0) {
                lck_rw_done(tcbinfo.ipi_lock);
        if (inp_list == 0) {
                lck_rw_done(tcbinfo.ipi_lock);
-               return ENOMEM;
-       }
-       
-       LIST_FOREACH(inp, tcbinfo.ipi_listhead, inp_list) {
-               if (inp->inp_gencnt <= gencnt && 
-                       inp->inp_state != INPCB_STATE_DEAD)
-                       inp_list[i++] = inp;
-               if (i >= n) break;
-       }
-
-       TAILQ_FOREACH(tp, &tcp_tw_tailq, t_twentry) {
-               inp = tp->t_inpcb;
-               if (inp->inp_gencnt <= gencnt && 
-                       inp->inp_state != INPCB_STATE_DEAD)
-                       inp_list[i++] = inp;
-               if (i >= n) break;
+               return (ENOMEM);
        }
 
        }
 
-       n = i;
+       n = get_tcp_inp_list(inp_list, n, gencnt);
 
        error = 0;
        for (i = 0; i < n; i++) {
 
        error = 0;
        for (i = 0; i < n; i++) {
+               struct xtcpcb xt;
+               caddr_t inp_ppcb;
+               struct inpcb *inp;
+
                inp = inp_list[i];
                inp = inp_list[i];
-               if (inp->inp_gencnt <= gencnt && 
-                       inp->inp_state != INPCB_STATE_DEAD) {
-                       struct xtcpcb xt;
-                       caddr_t inp_ppcb;
-
-                       bzero(&xt, sizeof(xt));
-                       xt.xt_len = sizeof xt;
-                       /* XXX should avoid extra copy */
-                       inpcb_to_compat(inp, &xt.xt_inp);
-                       inp_ppcb = inp->inp_ppcb;
-                       if (inp_ppcb != NULL) {
-                               tcpcb_to_otcpcb(
-                                   (struct tcpcb *)(void *)inp_ppcb,
-                                   &xt.xt_tp);
-                       } else {
-                               bzero((char *) &xt.xt_tp, sizeof xt.xt_tp);
-                       }
-                       if (inp->inp_socket)
-                               sotoxsocket(inp->inp_socket, &xt.xt_socket);
-                       error = SYSCTL_OUT(req, &xt, sizeof xt);
+
+               if (in_pcb_checkstate(inp, WNT_ACQUIRE, 0) == WNT_STOPUSING)
+                       continue;
+               tcp_lock(inp->inp_socket, 1, NULL);
+               if (in_pcb_checkstate(inp, WNT_RELEASE, 1) == WNT_STOPUSING) {
+                       tcp_unlock(inp->inp_socket, 1, NULL);
+                       continue;
                }
                }
+               if (inp->inp_gencnt > gencnt) {
+                       tcp_unlock(inp->inp_socket, 1, NULL);
+                       continue;
+               }
+
+               bzero(&xt, sizeof(xt));
+               xt.xt_len = sizeof(xt);
+               /* XXX should avoid extra copy */
+               inpcb_to_compat(inp, &xt.xt_inp);
+               inp_ppcb = inp->inp_ppcb;
+               if (inp_ppcb != NULL) {
+                       tcpcb_to_otcpcb((struct tcpcb *)(void *)inp_ppcb,
+                           &xt.xt_tp);
+               } else {
+                       bzero((char *) &xt.xt_tp, sizeof(xt.xt_tp));
+               }
+               if (inp->inp_socket)
+                       sotoxsocket(inp->inp_socket, &xt.xt_socket);
+
+               tcp_unlock(inp->inp_socket, 1, NULL);
+
+               error = SYSCTL_OUT(req, &xt, sizeof(xt));
        }
        if (!error) {
                /*
        }
        if (!error) {
                /*
@@ -1871,15 +1891,15 @@ tcp_pcblist SYSCTL_HANDLER_ARGS
                 * might be necessary to retry.
                 */
                bzero(&xig, sizeof(xig));
                 * might be necessary to retry.
                 */
                bzero(&xig, sizeof(xig));
-               xig.xig_len = sizeof xig;
+               xig.xig_len = sizeof(xig);
                xig.xig_gen = tcbinfo.ipi_gencnt;
                xig.xig_sogen = so_gencnt;
                xig.xig_count = tcbinfo.ipi_count;
                xig.xig_gen = tcbinfo.ipi_gencnt;
                xig.xig_sogen = so_gencnt;
                xig.xig_count = tcbinfo.ipi_count;
-               error = SYSCTL_OUT(req, &xig, sizeof xig);
+               error = SYSCTL_OUT(req, &xig, sizeof(xig));
        }
        FREE(inp_list, M_TEMP);
        lck_rw_done(tcbinfo.ipi_lock);
        }
        FREE(inp_list, M_TEMP);
        lck_rw_done(tcbinfo.ipi_lock);
-       return error;
+       return (error);
 }
 
 SYSCTL_PROC(_net_inet_tcp, TCPCTL_PCBLIST, pcblist,
 }
 
 SYSCTL_PROC(_net_inet_tcp, TCPCTL_PCBLIST, pcblist,
@@ -1890,59 +1910,59 @@ SYSCTL_PROC(_net_inet_tcp, TCPCTL_PCBLIST, pcblist,
 static void
 tcpcb_to_xtcpcb64(struct tcpcb *tp, struct xtcpcb64 *otp)
 {
 static void
 tcpcb_to_xtcpcb64(struct tcpcb *tp, struct xtcpcb64 *otp)
 {
-        otp->t_segq = (uint32_t)VM_KERNEL_ADDRPERM(tp->t_segq.lh_first);
-        otp->t_dupacks = tp->t_dupacks;
+       otp->t_segq = (uint32_t)VM_KERNEL_ADDRPERM(tp->t_segq.lh_first);
+       otp->t_dupacks = tp->t_dupacks;
        otp->t_timer[TCPT_REXMT_EXT] = tp->t_timer[TCPT_REXMT];
        otp->t_timer[TCPT_PERSIST_EXT] = tp->t_timer[TCPT_PERSIST];
        otp->t_timer[TCPT_KEEP_EXT] = tp->t_timer[TCPT_KEEP];
        otp->t_timer[TCPT_2MSL_EXT] = tp->t_timer[TCPT_2MSL];
        otp->t_timer[TCPT_REXMT_EXT] = tp->t_timer[TCPT_REXMT];
        otp->t_timer[TCPT_PERSIST_EXT] = tp->t_timer[TCPT_PERSIST];
        otp->t_timer[TCPT_KEEP_EXT] = tp->t_timer[TCPT_KEEP];
        otp->t_timer[TCPT_2MSL_EXT] = tp->t_timer[TCPT_2MSL];
-        otp->t_state = tp->t_state;
-        otp->t_flags = tp->t_flags;
-        otp->t_force = (tp->t_flagsext & TF_FORCE) ? 1 : 0;
-        otp->snd_una = tp->snd_una;
-        otp->snd_max = tp->snd_max;
-        otp->snd_nxt = tp->snd_nxt;
-        otp->snd_up = tp->snd_up;
-        otp->snd_wl1 = tp->snd_wl1;
-        otp->snd_wl2 = tp->snd_wl2;
-        otp->iss = tp->iss;
-        otp->irs = tp->irs;
-        otp->rcv_nxt = tp->rcv_nxt;
-        otp->rcv_adv = tp->rcv_adv;
-        otp->rcv_wnd = tp->rcv_wnd;
-        otp->rcv_up = tp->rcv_up;
-        otp->snd_wnd = tp->snd_wnd;
-        otp->snd_cwnd = tp->snd_cwnd;
-        otp->snd_ssthresh = tp->snd_ssthresh;
-        otp->t_maxopd = tp->t_maxopd;
-        otp->t_rcvtime = tp->t_rcvtime;
-        otp->t_starttime = tp->t_starttime;
-        otp->t_rtttime = tp->t_rtttime;
-        otp->t_rtseq = tp->t_rtseq;
-        otp->t_rxtcur = tp->t_rxtcur;
-        otp->t_maxseg = tp->t_maxseg;
-        otp->t_srtt = tp->t_srtt;
-        otp->t_rttvar = tp->t_rttvar;
-        otp->t_rxtshift = tp->t_rxtshift;
-        otp->t_rttmin = tp->t_rttmin;
-        otp->t_rttupdated = tp->t_rttupdated;
-        otp->max_sndwnd = tp->max_sndwnd;
-        otp->t_softerror = tp->t_softerror;
-        otp->t_oobflags = tp->t_oobflags;
-        otp->t_iobc = tp->t_iobc;
-        otp->snd_scale = tp->snd_scale;
-        otp->rcv_scale = tp->rcv_scale;
-        otp->request_r_scale = tp->request_r_scale;
-        otp->requested_s_scale = tp->requested_s_scale;
-        otp->ts_recent = tp->ts_recent;
-        otp->ts_recent_age = tp->ts_recent_age;
-        otp->last_ack_sent = tp->last_ack_sent;
-        otp->cc_send = tp->cc_send;
-        otp->cc_recv = tp->cc_recv;
-        otp->snd_recover = tp->snd_recover;
-        otp->snd_cwnd_prev = tp->snd_cwnd_prev;
-        otp->snd_ssthresh_prev = tp->snd_ssthresh_prev;
-        otp->t_badrxtwin = 0;
+       otp->t_state = tp->t_state;
+       otp->t_flags = tp->t_flags;
+       otp->t_force = (tp->t_flagsext & TF_FORCE) ? 1 : 0;
+       otp->snd_una = tp->snd_una;
+       otp->snd_max = tp->snd_max;
+       otp->snd_nxt = tp->snd_nxt;
+       otp->snd_up = tp->snd_up;
+       otp->snd_wl1 = tp->snd_wl1;
+       otp->snd_wl2 = tp->snd_wl2;
+       otp->iss = tp->iss;
+       otp->irs = tp->irs;
+       otp->rcv_nxt = tp->rcv_nxt;
+       otp->rcv_adv = tp->rcv_adv;
+       otp->rcv_wnd = tp->rcv_wnd;
+       otp->rcv_up = tp->rcv_up;
+       otp->snd_wnd = tp->snd_wnd;
+       otp->snd_cwnd = tp->snd_cwnd;
+       otp->snd_ssthresh = tp->snd_ssthresh;
+       otp->t_maxopd = tp->t_maxopd;
+       otp->t_rcvtime = tp->t_rcvtime;
+       otp->t_starttime = tp->t_starttime;
+       otp->t_rtttime = tp->t_rtttime;
+       otp->t_rtseq = tp->t_rtseq;
+       otp->t_rxtcur = tp->t_rxtcur;
+       otp->t_maxseg = tp->t_maxseg;
+       otp->t_srtt = tp->t_srtt;
+       otp->t_rttvar = tp->t_rttvar;
+       otp->t_rxtshift = tp->t_rxtshift;
+       otp->t_rttmin = tp->t_rttmin;
+       otp->t_rttupdated = tp->t_rttupdated;
+       otp->max_sndwnd = tp->max_sndwnd;
+       otp->t_softerror = tp->t_softerror;
+       otp->t_oobflags = tp->t_oobflags;
+       otp->t_iobc = tp->t_iobc;
+       otp->snd_scale = tp->snd_scale;
+       otp->rcv_scale = tp->rcv_scale;
+       otp->request_r_scale = tp->request_r_scale;
+       otp->requested_s_scale = tp->requested_s_scale;
+       otp->ts_recent = tp->ts_recent;
+       otp->ts_recent_age = tp->ts_recent_age;
+       otp->last_ack_sent = tp->last_ack_sent;
+       otp->cc_send = 0;
+       otp->cc_recv = 0;
+       otp->snd_recover = tp->snd_recover;
+       otp->snd_cwnd_prev = tp->snd_cwnd_prev;
+       otp->snd_ssthresh_prev = tp->snd_ssthresh_prev;
+       otp->t_badrxtwin = 0;
 }
 
 
 }
 
 
@@ -1950,95 +1970,97 @@ static int
 tcp_pcblist64 SYSCTL_HANDLER_ARGS
 {
 #pragma unused(oidp, arg1, arg2)
 tcp_pcblist64 SYSCTL_HANDLER_ARGS
 {
 #pragma unused(oidp, arg1, arg2)
-        int error, i = 0, n;
-        struct inpcb *inp, **inp_list;
-       struct tcpcb *tp;
-        inp_gen_t gencnt;
-        struct xinpgen xig;
-
-        /*
-         * The process of preparing the TCB list is too time-consuming and
-         * resource-intensive to repeat twice on every request.
-         */
-        lck_rw_lock_shared(tcbinfo.ipi_lock);
-        if (req->oldptr == USER_ADDR_NULL) {
-                n = tcbinfo.ipi_count;
-                req->oldidx = 2 * (sizeof xig)
-                        + (n + n/8) * sizeof(struct xtcpcb64);
-                lck_rw_done(tcbinfo.ipi_lock);
-                return 0;
-        }
-
-        if (req->newptr != USER_ADDR_NULL) {
-                lck_rw_done(tcbinfo.ipi_lock);
-                return EPERM;
-        }
-
-        /*
-         * OK, now we're committed to doing something.
-         */
-        gencnt = tcbinfo.ipi_gencnt;
-        n = tcbinfo.ipi_count;
-
-        bzero(&xig, sizeof(xig));
-        xig.xig_len = sizeof xig;
-        xig.xig_count = n;
-        xig.xig_gen = gencnt;
-        xig.xig_sogen = so_gencnt;
-        error = SYSCTL_OUT(req, &xig, sizeof xig);
-        if (error) {
-                lck_rw_done(tcbinfo.ipi_lock);
-                return error;
-        }
-        /*
-         * We are done if there is no pcb
-         */
-        if (n == 0) {
-                lck_rw_done(tcbinfo.ipi_lock);
-                return 0;
-        }
-
-        inp_list = _MALLOC(n * sizeof *inp_list, M_TEMP, M_WAITOK);
-        if (inp_list == 0) {
-                lck_rw_done(tcbinfo.ipi_lock);
-                return ENOMEM;
-        }
+       int error, i = 0, n;
+       struct inpcb **inp_list;
+       inp_gen_t gencnt;
+       struct xinpgen xig;
 
 
-       LIST_FOREACH(inp, tcbinfo.ipi_listhead, inp_list) {
-                if (inp->inp_gencnt <= gencnt && 
-                       inp->inp_state != INPCB_STATE_DEAD)
-                        inp_list[i++] = inp;
-               if (i >= n) break;
-        }
+       /*
+        * The process of preparing the TCB list is too time-consuming and
+        * resource-intensive to repeat twice on every request.
+        */
+       lck_rw_lock_shared(tcbinfo.ipi_lock);
+       if (req->oldptr == USER_ADDR_NULL) {
+               n = tcbinfo.ipi_count;
+               req->oldidx = 2 * (sizeof(xig))
+                       + (n + n/8) * sizeof(struct xtcpcb64);
+               lck_rw_done(tcbinfo.ipi_lock);
+               return (0);
+       }
 
 
-       TAILQ_FOREACH(tp, &tcp_tw_tailq, t_twentry) {
-               inp = tp->t_inpcb;
-               if (inp->inp_gencnt <= gencnt && 
-                       inp->inp_state != INPCB_STATE_DEAD)
-                       inp_list[i++] = inp;
-               if (i >= n) break;
-        }
-
-        n = i;
-
-        error = 0;
-        for (i = 0; i < n; i++) {
-                inp = inp_list[i];
-                if (inp->inp_gencnt <= gencnt && inp->inp_state != INPCB_STATE_DEAD) {
-                                       struct xtcpcb64 xt;
-                                       
-                                       bzero(&xt, sizeof(xt));
-                                       xt.xt_len = sizeof xt;
-                                       inpcb_to_xinpcb64(inp, &xt.xt_inpcb);
-                                       xt.xt_inpcb.inp_ppcb = (uint64_t)VM_KERNEL_ADDRPERM(inp->inp_ppcb);
-                                       if (inp->inp_ppcb != NULL)
-                                               tcpcb_to_xtcpcb64((struct tcpcb *)inp->inp_ppcb, &xt);
-                                       if (inp->inp_socket)
-                                               sotoxsocket64(inp->inp_socket, &xt.xt_inpcb.xi_socket);
-                                       error = SYSCTL_OUT(req, &xt, sizeof xt);
-                }
-        }
-        if (!error) {
+       if (req->newptr != USER_ADDR_NULL) {
+               lck_rw_done(tcbinfo.ipi_lock);
+               return (EPERM);
+       }
+
+       /*
+        * OK, now we're committed to doing something.
+        */
+       gencnt = tcbinfo.ipi_gencnt;
+       n = tcbinfo.ipi_count;
+
+       bzero(&xig, sizeof(xig));
+       xig.xig_len = sizeof(xig);
+       xig.xig_count = n;
+       xig.xig_gen = gencnt;
+       xig.xig_sogen = so_gencnt;
+       error = SYSCTL_OUT(req, &xig, sizeof(xig));
+       if (error) {
+               lck_rw_done(tcbinfo.ipi_lock);
+               return (error);
+       }
+       /*
+        * We are done if there is no pcb
+        */
+       if (n == 0) {
+               lck_rw_done(tcbinfo.ipi_lock);
+               return (0);
+       }
+
+       inp_list = _MALLOC(n * sizeof (*inp_list), M_TEMP, M_WAITOK);
+       if (inp_list == 0) {
+               lck_rw_done(tcbinfo.ipi_lock);
+               return (ENOMEM);
+       }
+
+       n = get_tcp_inp_list(inp_list, n, gencnt);
+
+       error = 0;
+       for (i = 0; i < n; i++) {
+               struct xtcpcb64 xt;
+               struct inpcb *inp;
+               
+               inp = inp_list[i];
+
+               if (in_pcb_checkstate(inp, WNT_ACQUIRE, 0) == WNT_STOPUSING)
+                       continue;
+               tcp_lock(inp->inp_socket, 1, NULL);
+               if (in_pcb_checkstate(inp, WNT_RELEASE, 1) == WNT_STOPUSING) {
+                       tcp_unlock(inp->inp_socket, 1, NULL);
+                       continue;
+               }
+               if (inp->inp_gencnt > gencnt) {
+                       tcp_unlock(inp->inp_socket, 1, NULL);
+                       continue;
+               }
+
+               bzero(&xt, sizeof(xt));
+               xt.xt_len = sizeof(xt);
+               inpcb_to_xinpcb64(inp, &xt.xt_inpcb);
+               xt.xt_inpcb.inp_ppcb =
+                   (uint64_t)VM_KERNEL_ADDRPERM(inp->inp_ppcb);
+               if (inp->inp_ppcb != NULL)
+                       tcpcb_to_xtcpcb64((struct tcpcb *)inp->inp_ppcb,
+                           &xt);
+               if (inp->inp_socket)
+                       sotoxsocket64(inp->inp_socket,
+                           &xt.xt_inpcb.xi_socket);
+
+               tcp_unlock(inp->inp_socket, 1, NULL);
+
+               error = SYSCTL_OUT(req, &xt, sizeof(xt));
+       }
+       if (!error) {
                        /*
                         * Give the user an updated idea of our state.
                         * If the generation differs from what we told
                        /*
                         * Give the user an updated idea of our state.
                         * If the generation differs from what we told
@@ -2047,20 +2069,20 @@ tcp_pcblist64 SYSCTL_HANDLER_ARGS
                         * might be necessary to retry.
                         */
                        bzero(&xig, sizeof(xig));
                         * might be necessary to retry.
                         */
                        bzero(&xig, sizeof(xig));
-                       xig.xig_len = sizeof xig;
+                       xig.xig_len = sizeof(xig);
                        xig.xig_gen = tcbinfo.ipi_gencnt;
                        xig.xig_sogen = so_gencnt;
                        xig.xig_count = tcbinfo.ipi_count;
                        xig.xig_gen = tcbinfo.ipi_gencnt;
                        xig.xig_sogen = so_gencnt;
                        xig.xig_count = tcbinfo.ipi_count;
-                       error = SYSCTL_OUT(req, &xig, sizeof xig);
-        }
-        FREE(inp_list, M_TEMP);
-        lck_rw_done(tcbinfo.ipi_lock);
-        return error;
+                       error = SYSCTL_OUT(req, &xig, sizeof(xig));
+       }
+       FREE(inp_list, M_TEMP);
+       lck_rw_done(tcbinfo.ipi_lock);
+       return (error);
 }
 
 SYSCTL_PROC(_net_inet_tcp, OID_AUTO, pcblist64,
            CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_LOCKED, 0, 0,
 }
 
 SYSCTL_PROC(_net_inet_tcp, OID_AUTO, pcblist64,
            CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_LOCKED, 0, 0,
-            tcp_pcblist64, "S,xtcpcb64", "List of active TCP connections");
+           tcp_pcblist64, "S,xtcpcb64", "List of active TCP connections");
 
 
 static int
 
 
 static int
@@ -2068,43 +2090,136 @@ tcp_pcblist_n SYSCTL_HANDLER_ARGS
 {
 #pragma unused(oidp, arg1, arg2)
        int error = 0;
 {
 #pragma unused(oidp, arg1, arg2)
        int error = 0;
-       
+
        error = get_pcblist_n(IPPROTO_TCP, req, &tcbinfo);
        error = get_pcblist_n(IPPROTO_TCP, req, &tcbinfo);
-       
-       return error;
+
+       return (error);
 }
 
 
 SYSCTL_PROC(_net_inet_tcp, OID_AUTO, pcblist_n,
            CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_LOCKED, 0, 0,
 }
 
 
 SYSCTL_PROC(_net_inet_tcp, OID_AUTO, pcblist_n,
            CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_LOCKED, 0, 0,
-            tcp_pcblist_n, "S,xtcpcb_n", "List of active TCP connections");
+           tcp_pcblist_n, "S,xtcpcb_n", "List of active TCP connections");
 
 
 __private_extern__ void
 tcp_get_ports_used(uint32_t ifindex, int protocol, uint32_t flags,
     bitstr_t *bitfield)
 {
 
 
 __private_extern__ void
 tcp_get_ports_used(uint32_t ifindex, int protocol, uint32_t flags,
     bitstr_t *bitfield)
 {
-       inpcb_get_ports_used(ifindex, protocol, flags, 
+       inpcb_get_ports_used(ifindex, protocol, flags,
                bitfield, &tcbinfo);
 }
 
 __private_extern__ uint32_t
 tcp_count_opportunistic(unsigned int ifindex, u_int32_t flags)
 {
                bitfield, &tcbinfo);
 }
 
 __private_extern__ uint32_t
 tcp_count_opportunistic(unsigned int ifindex, u_int32_t flags)
 {
-       return inpcb_count_opportunistic(ifindex, &tcbinfo, flags);
+       return (inpcb_count_opportunistic(ifindex, &tcbinfo, flags));
 }
 
 __private_extern__ uint32_t
 tcp_find_anypcb_byaddr(struct ifaddr *ifa)
 {
 }
 
 __private_extern__ uint32_t
 tcp_find_anypcb_byaddr(struct ifaddr *ifa)
 {
-       return inpcb_find_anypcb_byaddr(ifa, &tcbinfo);
+       return (inpcb_find_anypcb_byaddr(ifa, &tcbinfo));
+}
+
+static void
+tcp_handle_msgsize(struct ip *ip, struct inpcb *inp)
+{
+       struct rtentry *rt = NULL;
+       u_short ifscope = IFSCOPE_NONE;
+       int mtu;
+       struct sockaddr_in icmpsrc = {
+           sizeof (struct sockaddr_in),
+           AF_INET, 0, { 0 },
+           { 0, 0, 0, 0, 0, 0, 0, 0 } };
+       struct icmp *icp = NULL;
+
+       icp = (struct icmp *)(void *)
+           ((caddr_t)ip - offsetof(struct icmp, icmp_ip));
+
+       icmpsrc.sin_addr = icp->icmp_ip.ip_dst;
+
+       /*
+        * MTU discovery:
+        * If we got a needfrag and there is a host route to the
+        * original destination, and the MTU is not locked, then
+        * set the MTU in the route to the suggested new value
+        * (if given) and then notify as usual.  The ULPs will
+        * notice that the MTU has changed and adapt accordingly.
+        * If no new MTU was suggested, then we guess a new one
+        * less than the current value.  If the new MTU is
+        * unreasonably small (defined by sysctl tcp_minmss), then
+        * we reset the MTU to the interface value and enable the
+        * lock bit, indicating that we are no longer doing MTU
+        * discovery.
+        */
+       if (ROUTE_UNUSABLE(&(inp->inp_route)) == false)
+               rt = inp->inp_route.ro_rt;
+
+       /*
+        * icmp6_mtudisc_update scopes the routing lookup
+        * to the incoming interface (delivered from mbuf
+        * packet header.
+        * That is mostly ok but for asymmetric networks
+        * that may be an issue.
+        * Frag needed OR Packet too big really communicates
+        * MTU for the out data path.
+        * Take the interface scope from cached route or
+        * the last outgoing interface from inp
+        */
+       if (rt != NULL)
+               ifscope = (rt->rt_ifp != NULL) ?
+                   rt->rt_ifp->if_index : IFSCOPE_NONE;
+       else
+               ifscope = (inp->inp_last_outifp != NULL) ?
+                   inp->inp_last_outifp->if_index : IFSCOPE_NONE;
+
+       if ((rt == NULL) ||
+           !(rt->rt_flags & RTF_HOST) ||
+           (rt->rt_flags & (RTF_CLONING | RTF_PRCLONING))) {
+               rt = rtalloc1_scoped((struct sockaddr *)&icmpsrc, 0,
+                   RTF_CLONING | RTF_PRCLONING, ifscope);
+       } else if (rt) {
+               RT_LOCK(rt);
+               rtref(rt);
+               RT_UNLOCK(rt);
+       }
+
+       if (rt != NULL) {
+               RT_LOCK(rt);
+               if ((rt->rt_flags & RTF_HOST) &&
+                   !(rt->rt_rmx.rmx_locks & RTV_MTU)) {
+                       mtu = ntohs(icp->icmp_nextmtu);
+                       /*
+                        * XXX Stock BSD has changed the following
+                        * to compare with icp->icmp_ip.ip_len
+                        * to converge faster when sent packet
+                        * < route's MTU. We may want to adopt
+                        * that change.
+                        */
+                       if (mtu == 0)
+                               mtu = ip_next_mtu(rt->rt_rmx.
+                                   rmx_mtu, 1);
+#if DEBUG_MTUDISC
+                       printf("MTU for %s reduced to %d\n",
+                           inet_ntop(AF_INET,
+                           &icmpsrc.sin_addr, ipv4str,
+                           sizeof (ipv4str)), mtu);
+#endif
+                       if (mtu < max(296, (tcp_minmss +
+                           sizeof (struct tcpiphdr)))) {
+                               rt->rt_rmx.rmx_locks |= RTV_MTU;
+                       } else if (rt->rt_rmx.rmx_mtu > mtu) {
+                               rt->rt_rmx.rmx_mtu = mtu;
+                       }
+               }
+               RT_UNLOCK(rt);
+               rtfree(rt);
+       }
 }
 
 void
 }
 
 void
-tcp_ctlinput(cmd, sa, vip)
-       int cmd;
-       struct sockaddr *sa;
-       void *vip;
+tcp_ctlinput(int cmd, struct sockaddr *sa, void *vip)
 {
        tcp_seq icmp_tcp_seq;
        struct ip *ip = vip;
 {
        tcp_seq icmp_tcp_seq;
        struct ip *ip = vip;
@@ -2132,7 +2247,7 @@ tcp_ctlinput(cmd, sa, vip)
        } else if (cmd == PRC_HOSTDEAD)
                ip = 0;
        /* Source quench is deprecated */
        } else if (cmd == PRC_HOSTDEAD)
                ip = 0;
        /* Source quench is deprecated */
-       else if (cmd == PRC_QUENCH) 
+       else if (cmd == PRC_QUENCH)
                return;
        else if (inetctlerrmap[cmd] == 0)
                return;
                return;
        else if (inetctlerrmap[cmd] == 0)
                return;
@@ -2142,13 +2257,17 @@ tcp_ctlinput(cmd, sa, vip)
 
                icp = (struct icmp *)(void *)
                    ((caddr_t)ip - offsetof(struct icmp, icmp_ip));
 
                icp = (struct icmp *)(void *)
                    ((caddr_t)ip - offsetof(struct icmp, icmp_ip));
-               bcopy(((caddr_t)ip + (IP_VHL_HL(ip->ip_vhl) << 2)),
-                   &th, sizeof (th));
+               /*
+                * Only the first 8 bytes of TCP header will be returned.
+                */
+               bzero(&th, sizeof(th));
+               bcopy(((caddr_t)ip + (IP_VHL_HL(ip->ip_vhl) << 2)), &th, 8);
                inp = in_pcblookup_hash(&tcbinfo, faddr, th.th_dport,
                    ip->ip_src, th.th_sport, 0, NULL);
                if (inp != NULL && inp->inp_socket != NULL) {
                        tcp_lock(inp->inp_socket, 1, 0);
                inp = in_pcblookup_hash(&tcbinfo, faddr, th.th_dport,
                    ip->ip_src, th.th_sport, 0, NULL);
                if (inp != NULL && inp->inp_socket != NULL) {
                        tcp_lock(inp->inp_socket, 1, 0);
-                       if (in_pcb_checkstate(inp, WNT_RELEASE, 1) == WNT_STOPUSING) {
+                       if (in_pcb_checkstate(inp, WNT_RELEASE, 1) ==
+                           WNT_STOPUSING) {
                                tcp_unlock(inp->inp_socket, 1, 0);
                                return;
                        }
                                tcp_unlock(inp->inp_socket, 1, 0);
                                return;
                        }
@@ -2156,57 +2275,8 @@ tcp_ctlinput(cmd, sa, vip)
                        tp = intotcpcb(inp);
                        if (SEQ_GEQ(icmp_tcp_seq, tp->snd_una) &&
                            SEQ_LT(icmp_tcp_seq, tp->snd_max)) {
                        tp = intotcpcb(inp);
                        if (SEQ_GEQ(icmp_tcp_seq, tp->snd_una) &&
                            SEQ_LT(icmp_tcp_seq, tp->snd_max)) {
-                               if (cmd == PRC_MSGSIZE) {
-
-                                       /*
-                                        * MTU discovery:
-                                        * If we got a needfrag and there is a host route to the
-                                        * original destination, and the MTU is not locked, then
-                                        * set the MTU in the route to the suggested new value
-                                        * (if given) and then notify as usual.  The ULPs will
-                                        * notice that the MTU has changed and adapt accordingly.
-                                        * If no new MTU was suggested, then we guess a new one
-                                        * less than the current value.  If the new MTU is 
-                                        * unreasonably small (defined by sysctl tcp_minmss), then
-                                        * we reset the MTU to the interface value and enable the
-                                        * lock bit, indicating that we are no longer doing MTU
-                                        * discovery.
-                                        */
-                                       struct rtentry *rt;
-                                       int mtu;
-                                       struct sockaddr_in icmpsrc = { sizeof (struct sockaddr_in), AF_INET, 
-                                                                               0 , { 0 }, { 0,0,0,0,0,0,0,0 } };
-                                       icmpsrc.sin_addr = icp->icmp_ip.ip_dst;
-
-                                       rt = rtalloc1((struct sockaddr *)&icmpsrc, 0,
-                                           RTF_CLONING | RTF_PRCLONING);
-                                       if (rt != NULL) {
-                                               RT_LOCK(rt);
-                                               if ((rt->rt_flags & RTF_HOST) &&
-                                                   !(rt->rt_rmx.rmx_locks & RTV_MTU)) {
-                                                       mtu = ntohs(icp->icmp_nextmtu);
-                                                       if (!mtu)
-                                                               mtu = ip_next_mtu(rt->rt_rmx.
-                                                                   rmx_mtu, 1);
-#if DEBUG_MTUDISC
-                                                       printf("MTU for %s reduced to %d\n",
-                                                           inet_ntop(AF_INET,
-                                                           &icmpsrc.sin_addr, ipv4str,
-                                                           sizeof (ipv4str)), mtu);
-#endif
-                                                       if (mtu < max(296, (tcp_minmss +
-                                                           sizeof (struct tcpiphdr)))) {
-                                                               /* rt->rt_rmx.rmx_mtu =
-                                                                       rt->rt_ifp->if_mtu; */
-                                                               rt->rt_rmx.rmx_locks |= RTV_MTU;
-                                                       } else if (rt->rt_rmx.rmx_mtu > mtu) {
-                                                               rt->rt_rmx.rmx_mtu = mtu;
-                                                       }
-                                               }
-                                               RT_UNLOCK(rt);
-                                               rtfree(rt);
-                                       }
-                               }
+                               if (cmd == PRC_MSGSIZE)
+                                       tcp_handle_msgsize(ip, inp);
 
                                (*notify)(inp, inetctlerrmap[cmd]);
                        }
 
                                (*notify)(inp, inetctlerrmap[cmd]);
                        }
@@ -2218,10 +2288,7 @@ tcp_ctlinput(cmd, sa, vip)
 
 #if INET6
 void
 
 #if INET6
 void
-tcp6_ctlinput(cmd, sa, d)
-       int cmd;
-       struct sockaddr *sa;
-       void *d;
+tcp6_ctlinput(int cmd, struct sockaddr *sa, void *d)
 {
        struct tcphdr th;
        void (*notify)(struct inpcb *, int) = tcp_notify;
 {
        struct tcphdr th;
        void (*notify)(struct inpcb *, int) = tcp_notify;
@@ -2247,7 +2314,7 @@ tcp6_ctlinput(cmd, sa, d)
        else if (!PRC_IS_REDIRECT(cmd) && (inet6ctlerrmap[cmd] == 0))
                return;
        /* Source quench is deprecated */
        else if (!PRC_IS_REDIRECT(cmd) && (inet6ctlerrmap[cmd] == 0))
                return;
        /* Source quench is deprecated */
-       else if (cmd == PRC_QUENCH) 
+       else if (cmd == PRC_QUENCH)
                return;
 
        /* if the parameter is from icmp6, decode it. */
                return;
 
        /* if the parameter is from icmp6, decode it. */
@@ -2295,7 +2362,7 @@ tcp6_ctlinput(cmd, sa, d)
  * 1.  In SYN-ACK packets.
  * 2.  In SYN packets.
  *
  * 1.  In SYN-ACK packets.
  * 2.  In SYN packets.
  *
- * The ISNs in SYN-ACK packets have no monotonicity requirement, 
+ * The ISNs in SYN-ACK packets have no monotonicity requirement,
  * and should be as unpredictable as possible to avoid the possibility
  * of spoofing and/or connection hijacking.  To satisfy this
  * requirement, SYN-ACK ISNs are generated via the arc4random()
  * and should be as unpredictable as possible to avoid the possibility
  * of spoofing and/or connection hijacking.  To satisfy this
  * requirement, SYN-ACK ISNs are generated via the arc4random()
@@ -2331,11 +2398,10 @@ tcp6_ctlinput(cmd, sa, d)
  *
  */
 
  *
  */
 
-#define ISN_BYTES_PER_SECOND 1048576
+#define        ISN_BYTES_PER_SECOND 1048576
 
 tcp_seq
 
 tcp_seq
-tcp_new_isn(tp)
-       struct tcpcb *tp;
+tcp_new_isn(struct tcpcb *tp)
 {
        u_int32_t md5_buffer[4];
        tcp_seq new_isn;
 {
        u_int32_t md5_buffer[4];
        tcp_seq new_isn;
@@ -2345,19 +2411,19 @@ tcp_new_isn(tp)
        MD5_CTX isn_ctx;
 
        /* Use arc4random for SYN-ACKs when not in exact RFC1948 mode. */
        MD5_CTX isn_ctx;
 
        /* Use arc4random for SYN-ACKs when not in exact RFC1948 mode. */
-       if (((tp->t_state == TCPS_LISTEN) || (tp->t_state == TCPS_TIME_WAIT))
-          && tcp_strict_rfc1948 == 0)
+       if (((tp->t_state == TCPS_LISTEN) || (tp->t_state == TCPS_TIME_WAIT)) &&
+           tcp_strict_rfc1948 == 0)
 #ifdef __APPLE__
 #ifdef __APPLE__
-               return RandomULong();
+               return (RandomULong());
 #else
 #else
-               return arc4random();
+               return (arc4random());
 #endif
        getmicrotime(&timenow);
 
        /* Seed if this is the first use, reseed if requested. */
        if ((isn_last_reseed == 0) ||
            ((tcp_strict_rfc1948 == 0) && (tcp_isn_reseed_interval > 0) &&
 #endif
        getmicrotime(&timenow);
 
        /* Seed if this is the first use, reseed if requested. */
        if ((isn_last_reseed == 0) ||
            ((tcp_strict_rfc1948 == 0) && (tcp_isn_reseed_interval > 0) &&
-            (((u_int)isn_last_reseed + (u_int)tcp_isn_reseed_interval*hz)
+           (((u_int)isn_last_reseed + (u_int)tcp_isn_reseed_interval*hz)
                < (u_int)timenow.tv_sec))) {
 #ifdef __APPLE__
                read_random(&isn_secret, sizeof(isn_secret));
                < (u_int)timenow.tv_sec))) {
 #ifdef __APPLE__
                read_random(&isn_secret, sizeof(isn_secret));
@@ -2366,30 +2432,32 @@ tcp_new_isn(tp)
 #endif
                isn_last_reseed = timenow.tv_sec;
        }
 #endif
                isn_last_reseed = timenow.tv_sec;
        }
-               
+
        /* Compute the md5 hash and return the ISN. */
        MD5Init(&isn_ctx);
        /* Compute the md5 hash and return the ISN. */
        MD5Init(&isn_ctx);
-       MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_fport, sizeof(u_short));
-       MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_lport, sizeof(u_short));
+       MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_fport,
+           sizeof(u_short));
+       MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_lport,
+           sizeof(u_short));
 #if INET6
        if ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0) {
                MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_faddr,
 #if INET6
        if ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0) {
                MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_faddr,
-                         sizeof(struct in6_addr));
+                   sizeof(struct in6_addr));
                MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_laddr,
                MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_laddr,
-                         sizeof(struct in6_addr));
+                   sizeof(struct in6_addr));
        } else
 #endif
        {
                MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_faddr,
        } else
 #endif
        {
                MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_faddr,
-                         sizeof(struct in_addr));
+                   sizeof(struct in_addr));
                MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_laddr,
                MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_laddr,
-                         sizeof(struct in_addr));
+                   sizeof(struct in_addr));
        }
        MD5Update(&isn_ctx, (u_char *) &isn_secret, sizeof(isn_secret));
        MD5Final((u_char *) &md5_buffer, &isn_ctx);
        new_isn = (tcp_seq) md5_buffer[0];
        new_isn += timenow.tv_sec * (ISN_BYTES_PER_SECOND / hz);
        }
        MD5Update(&isn_ctx, (u_char *) &isn_secret, sizeof(isn_secret));
        MD5Final((u_char *) &md5_buffer, &isn_ctx);
        new_isn = (tcp_seq) md5_buffer[0];
        new_isn += timenow.tv_sec * (ISN_BYTES_PER_SECOND / hz);
-       return new_isn;
+       return (new_isn);
 }
 
 
 }
 
 
@@ -2399,9 +2467,7 @@ tcp_new_isn(tp)
  * is controlled by the icmp_may_rst sysctl.
  */
 void
  * is controlled by the icmp_may_rst sysctl.
  */
 void
-tcp_drop_syn_sent(inp, errno)
-       struct inpcb *inp;
-       int errno;
+tcp_drop_syn_sent(struct inpcb *inp, int errno)
 {
        struct tcpcb *tp = intotcpcb(inp);
 
 {
        struct tcpcb *tp = intotcpcb(inp);
 
@@ -2428,8 +2494,13 @@ tcp_mtudisc(
        int offered;
        int mss;
        u_int32_t mtu;
        int offered;
        int mss;
        u_int32_t mtu;
+       u_int32_t protoHdrOverhead = sizeof (struct tcpiphdr);
 #if INET6
        int isipv6 = (tp->t_inpcb->inp_vflag & INP_IPV6) != 0;
 #if INET6
        int isipv6 = (tp->t_inpcb->inp_vflag & INP_IPV6) != 0;
+
+       if (isipv6)
+               protoHdrOverhead = sizeof(struct ip6_hdr) +
+                   sizeof(struct tcphdr);
 #endif /* INET6 */
 
        if (tp) {
 #endif /* INET6 */
 
        if (tp) {
@@ -2438,7 +2509,7 @@ tcp_mtudisc(
                        rt = tcp_rtlookup6(inp, IFSCOPE_NONE);
                else
 #endif /* INET6 */
                        rt = tcp_rtlookup6(inp, IFSCOPE_NONE);
                else
 #endif /* INET6 */
-               rt = tcp_rtlookup(inp, IFSCOPE_NONE);
+                       rt = tcp_rtlookup(inp, IFSCOPE_NONE);
                if (!rt || !rt->rt_rmx.rmx_mtu) {
                        tp->t_maxopd = tp->t_maxseg =
 #if INET6
                if (!rt || !rt->rt_rmx.rmx_mtu) {
                        tp->t_maxopd = tp->t_maxseg =
 #if INET6
@@ -2462,17 +2533,7 @@ tcp_mtudisc(
                // Adjust MTU if necessary.
                mtu = necp_socket_get_effective_mtu(inp, mtu);
 #endif /* NECP */
                // Adjust MTU if necessary.
                mtu = necp_socket_get_effective_mtu(inp, mtu);
 #endif /* NECP */
-
-               mss = mtu -
-#if INET6
-                       (isipv6 ?
-                        sizeof(struct ip6_hdr) + sizeof(struct tcphdr) :
-#endif /* INET6 */
-                        sizeof(struct tcpiphdr)
-#if INET6
-                        )
-#endif /* INET6 */
-                       ;
+               mss = mtu - protoHdrOverhead;
 
                if (offered)
                        mss = min(mss, offered);
 
                if (offered)
                        mss = min(mss, offered);
@@ -2510,7 +2571,8 @@ tcp_mtudisc(
                tp->t_maxseg = mss;
 
                /*
                tp->t_maxseg = mss;
 
                /*
-                * Reset the slow-start flight size as it may depends on the new MSS
+                * Reset the slow-start flight size as it may depends on the
+                * new MSS
                 */
                if (CC_ALGO(tp)->cwnd_init != NULL)
                        CC_ALGO(tp)->cwnd_init(tp);
                 */
                if (CC_ALGO(tp)->cwnd_init != NULL)
                        CC_ALGO(tp)->cwnd_init(tp);
@@ -2529,9 +2591,7 @@ tcp_mtudisc(
  * hold the rtentry lock; the caller is responsible for unlocking.
  */
 struct rtentry *
  * hold the rtentry lock; the caller is responsible for unlocking.
  */
 struct rtentry *
-tcp_rtlookup(inp, input_ifscope)
-       struct inpcb *inp;
-       unsigned int input_ifscope;
+tcp_rtlookup(struct inpcb *inp, unsigned int input_ifscope)
 {
        struct route *ro;
        struct rtentry *rt;
 {
        struct route *ro;
        struct rtentry *rt;
@@ -2584,23 +2644,14 @@ tcp_rtlookup(inp, input_ifscope)
         *         disabled)
         */
 
         *         disabled)
         */
 
-        tp = intotcpcb(inp);
+       tp = intotcpcb(inp);
 
 
-       if (!path_mtu_discovery || ((rt != NULL) && 
-           (!(rt->rt_flags & RTF_UP) || (rt->rt_rmx.rmx_locks & RTV_MTU)))) 
+       if (!path_mtu_discovery || ((rt != NULL) &&
+           (!(rt->rt_flags & RTF_UP) || (rt->rt_rmx.rmx_locks & RTV_MTU))))
                tp->t_flags &= ~TF_PMTUD;
        else
                tp->t_flags |= TF_PMTUD;
 
                tp->t_flags &= ~TF_PMTUD;
        else
                tp->t_flags |= TF_PMTUD;
 
-#if CONFIG_IFEF_NOWINDOWSCALE
-       if (tcp_obey_ifef_nowindowscale &&
-           tp->t_state == TCPS_SYN_SENT && rt != NULL && rt->rt_ifp != NULL &&
-           (rt->rt_ifp->if_eflags & IFEF_NOWINDOWSCALE)) {
-               /* Window scaling is enabled on this interface */
-               tp->t_flags &= ~TF_REQ_SCALE;
-       }
-#endif
-
        if (rt != NULL && rt->rt_ifp != NULL) {
                somultipages(inp->inp_socket,
                    (rt->rt_ifp->if_hwassist & IFNET_MULTIPAGES));
        if (rt != NULL && rt->rt_ifp != NULL) {
                somultipages(inp->inp_socket,
                    (rt->rt_ifp->if_hwassist & IFNET_MULTIPAGES));
@@ -2608,6 +2659,8 @@ tcp_rtlookup(inp, input_ifscope)
                soif2kcl(inp->inp_socket,
                    (rt->rt_ifp->if_eflags & IFEF_2KCL));
                tcp_set_ecn(tp, rt->rt_ifp);
                soif2kcl(inp->inp_socket,
                    (rt->rt_ifp->if_eflags & IFEF_2KCL));
                tcp_set_ecn(tp, rt->rt_ifp);
+               if (inp->inp_last_outifp == NULL)
+                       inp->inp_last_outifp = rt->rt_ifp;
        }
 
        /* Note if the peer is local */
        }
 
        /* Note if the peer is local */
@@ -2617,18 +2670,16 @@ tcp_rtlookup(inp, input_ifscope)
                in_localaddr(inp->inp_faddr))) {
                tp->t_flags |= TF_LOCAL;
        }
                in_localaddr(inp->inp_faddr))) {
                tp->t_flags |= TF_LOCAL;
        }
-    
+
        /*
         * Caller needs to call RT_UNLOCK(rt).
         */
        /*
         * Caller needs to call RT_UNLOCK(rt).
         */
-       return rt;
+       return (rt);
 }
 
 #if INET6
 struct rtentry *
 }
 
 #if INET6
 struct rtentry *
-tcp_rtlookup6(inp, input_ifscope)
-       struct inpcb *inp;
-       unsigned int input_ifscope;
+tcp_rtlookup6(struct inpcb *inp, unsigned int input_ifscope)
 {
        struct route_in6 *ro6;
        struct rtentry *rt;
 {
        struct route_in6 *ro6;
        struct rtentry *rt;
@@ -2683,7 +2734,7 @@ tcp_rtlookup6(inp, input_ifscope)
         */
 
 
         */
 
 
-        tp = intotcpcb(inp);
+       tp = intotcpcb(inp);
 
        /*
         * Update MTU discovery determination. Don't do it if:
 
        /*
         * Update MTU discovery determination. Don't do it if:
@@ -2693,21 +2744,12 @@ tcp_rtlookup6(inp, input_ifscope)
         *         disabled)
         */
 
         *         disabled)
         */
 
-       if (!path_mtu_discovery || ((rt != NULL) && 
-           (!(rt->rt_flags & RTF_UP) || (rt->rt_rmx.rmx_locks & RTV_MTU)))) 
+       if (!path_mtu_discovery || ((rt != NULL) &&
+           (!(rt->rt_flags & RTF_UP) || (rt->rt_rmx.rmx_locks & RTV_MTU))))
                tp->t_flags &= ~TF_PMTUD;
        else
                tp->t_flags |= TF_PMTUD;
 
                tp->t_flags &= ~TF_PMTUD;
        else
                tp->t_flags |= TF_PMTUD;
 
-#if CONFIG_IFEF_NOWINDOWSCALE
-       if (tcp_obey_ifef_nowindowscale &&
-           tp->t_state == TCPS_SYN_SENT && rt != NULL && rt->rt_ifp != NULL &&
-           (rt->rt_ifp->if_eflags & IFEF_NOWINDOWSCALE)) {
-               /* Window scaling is not enabled on this interface */
-               tp->t_flags &= ~TF_REQ_SCALE;
-       }
-#endif
-
        if (rt != NULL && rt->rt_ifp != NULL) {
                somultipages(inp->inp_socket,
                    (rt->rt_ifp->if_hwassist & IFNET_MULTIPAGES));
        if (rt != NULL && rt->rt_ifp != NULL) {
                somultipages(inp->inp_socket,
                    (rt->rt_ifp->if_hwassist & IFNET_MULTIPAGES));
@@ -2715,6 +2757,8 @@ tcp_rtlookup6(inp, input_ifscope)
                soif2kcl(inp->inp_socket,
                    (rt->rt_ifp->if_eflags & IFEF_2KCL));
                tcp_set_ecn(tp, rt->rt_ifp);
                soif2kcl(inp->inp_socket,
                    (rt->rt_ifp->if_eflags & IFEF_2KCL));
                tcp_set_ecn(tp, rt->rt_ifp);
+               if (inp->inp_last_outifp == NULL)
+                       inp->inp_last_outifp = rt->rt_ifp;
        }
 
        /* Note if the peer is local */
        }
 
        /* Note if the peer is local */
@@ -2729,15 +2773,14 @@ tcp_rtlookup6(inp, input_ifscope)
        /*
         * Caller needs to call RT_UNLOCK(rt).
         */
        /*
         * Caller needs to call RT_UNLOCK(rt).
         */
-       return rt;
+       return (rt);
 }
 #endif /* INET6 */
 
 #if IPSEC
 /* compute ESP/AH header size for TCP, including outer IP header. */
 size_t
 }
 #endif /* INET6 */
 
 #if IPSEC
 /* compute ESP/AH header size for TCP, including outer IP header. */
 size_t
-ipsec_hdrsiz_tcp(tp)
-       struct tcpcb *tp;
+ipsec_hdrsiz_tcp(struct tcpcb *tp)
 {
        struct inpcb *inp;
        struct mbuf *m;
 {
        struct inpcb *inp;
        struct mbuf *m;
@@ -2749,10 +2792,10 @@ ipsec_hdrsiz_tcp(tp)
        struct tcphdr *th;
 
        if ((tp == NULL) || ((inp = tp->t_inpcb) == NULL))
        struct tcphdr *th;
 
        if ((tp == NULL) || ((inp = tp->t_inpcb) == NULL))
-               return 0;
+               return (0);
        MGETHDR(m, M_DONTWAIT, MT_DATA);        /* MAC-OK */
        if (!m)
        MGETHDR(m, M_DONTWAIT, MT_DATA);        /* MAC-OK */
        if (!m)
-               return 0;
+               return (0);
 
 #if INET6
        if ((inp->inp_vflag & INP_IPV6) != 0) {
 
 #if INET6
        if ((inp->inp_vflag & INP_IPV6) != 0) {
@@ -2764,17 +2807,17 @@ ipsec_hdrsiz_tcp(tp)
                hdrsiz = ipsec6_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
        } else
 #endif /* INET6 */
                hdrsiz = ipsec6_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
        } else
 #endif /* INET6 */
-      {
-       ip = mtod(m, struct ip *);
-       th = (struct tcphdr *)(ip + 1);
-       m->m_pkthdr.len = m->m_len = sizeof(struct tcpiphdr);
-       tcp_fillheaders(tp, ip, th);
-       hdrsiz = ipsec4_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
-      }
+       {
+               ip = mtod(m, struct ip *);
+               th = (struct tcphdr *)(ip + 1);
+               m->m_pkthdr.len = m->m_len = sizeof(struct tcpiphdr);
+               tcp_fillheaders(tp, ip, th);
+               hdrsiz = ipsec4_hdrsiz(m, IPSEC_DIR_OUTBOUND, inp);
+       }
        m_free(m);
        m_free(m);
-       return hdrsiz;
+       return (hdrsiz);
 }
 }
-#endif /*IPSEC*/
+#endif /* IPSEC */
 
 /*
  * Return a pointer to the cached information about the remote host.
 
 /*
  * Return a pointer to the cached information about the remote host.
@@ -2782,8 +2825,7 @@ ipsec_hdrsiz_tcp(tp)
  * the route metrics.
  */
 struct rmxp_tao *
  * the route metrics.
  */
 struct rmxp_tao *
-tcp_gettaocache(inp)
-       struct inpcb *inp;
+tcp_gettaocache(struct inpcb *inp)
 {
        struct rtentry *rt;
        struct rmxp_tao *taop;
 {
        struct rtentry *rt;
        struct rmxp_tao *taop;
@@ -2801,9 +2843,9 @@ tcp_gettaocache(inp)
                /* Route locked during lookup above */
                if (rt != NULL)
                        RT_UNLOCK(rt);
                /* Route locked during lookup above */
                if (rt != NULL)
                        RT_UNLOCK(rt);
-               return NULL;
+               return (NULL);
        }
        }
-       
+
        taop = rmx_taop(rt->rt_rmx);
        /* Route locked during lookup above */
        RT_UNLOCK(rt);
        taop = rmx_taop(rt->rt_rmx);
        /* Route locked during lookup above */
        RT_UNLOCK(rt);
@@ -2819,7 +2861,7 @@ tcp_gettaocache(inp)
  * nothing in the cache left over.
  */
 static void
  * nothing in the cache left over.
  */
 static void
-tcp_cleartaocache()
+tcp_cleartaocache(void)
 {
 }
 
 {
 }
 
@@ -2836,14 +2878,15 @@ tcp_lock(struct socket *so, int refcount, void *lr)
        if (so->so_pcb != NULL) {
                lck_mtx_lock(&((struct inpcb *)so->so_pcb)->inpcb_mtx);
        } else  {
        if (so->so_pcb != NULL) {
                lck_mtx_lock(&((struct inpcb *)so->so_pcb)->inpcb_mtx);
        } else  {
-               panic("tcp_lock: so=%p NO PCB! lr=%p lrh= %s\n", 
+               panic("tcp_lock: so=%p NO PCB! lr=%p lrh= %s\n",
                    so, lr_saved, solockhistory_nr(so));
                /* NOTREACHED */
        }
 
        if (so->so_usecount < 0) {
                panic("tcp_lock: so=%p so_pcb=%p lr=%p ref=%x lrh= %s\n",
                    so, lr_saved, solockhistory_nr(so));
                /* NOTREACHED */
        }
 
        if (so->so_usecount < 0) {
                panic("tcp_lock: so=%p so_pcb=%p lr=%p ref=%x lrh= %s\n",
-                   so, so->so_pcb, lr_saved, so->so_usecount, solockhistory_nr(so));
+                   so, so->so_pcb, lr_saved, so->so_usecount,
+                   solockhistory_nr(so));
                /* NOTREACHED */
        }
        if (refcount)
                /* NOTREACHED */
        }
        if (refcount)
@@ -2874,12 +2917,12 @@ tcp_unlock(struct socket *so, int refcount, void *lr)
                so->so_usecount--;
 
        if (so->so_usecount < 0) {
                so->so_usecount--;
 
        if (so->so_usecount < 0) {
-               panic("tcp_unlock: so=%p usecount=%x lrh= %s\n", 
+               panic("tcp_unlock: so=%p usecount=%x lrh= %s\n",
                    so, so->so_usecount, solockhistory_nr(so));
                /* NOTREACHED */
        }
        if (so->so_pcb == NULL) {
                    so, so->so_usecount, solockhistory_nr(so));
                /* NOTREACHED */
        }
        if (so->so_pcb == NULL) {
-               panic("tcp_unlock: so=%p NO PCB usecount=%x lr=%p lrh= %s\n", 
+               panic("tcp_unlock: so=%p NO PCB usecount=%x lr=%p lrh= %s\n",
                    so, so->so_usecount, lr_saved, solockhistory_nr(so));
                /* NOTREACHED */
        } else {
                    so, so->so_usecount, lr_saved, solockhistory_nr(so));
                /* NOTREACHED */
        } else {
@@ -2893,28 +2936,25 @@ tcp_unlock(struct socket *so, int refcount, void *lr)
 }
 
 lck_mtx_t *
 }
 
 lck_mtx_t *
-tcp_getlock(
-       struct socket *so,
-       __unused int locktype)
+tcp_getlock(struct socket *so, __unused int locktype)
 {
        struct inpcb *inp = sotoinpcb(so);
 
        if (so->so_pcb)  {
                if (so->so_usecount < 0)
 {
        struct inpcb *inp = sotoinpcb(so);
 
        if (so->so_pcb)  {
                if (so->so_usecount < 0)
-                       panic("tcp_getlock: so=%p usecount=%x lrh= %s\n", 
-                           so, so->so_usecount, solockhistory_nr(so)); 
-               return(&inp->inpcb_mtx);
-       }
-       else {
-               panic("tcp_getlock: so=%p NULL so_pcb %s\n", 
+                       panic("tcp_getlock: so=%p usecount=%x lrh= %s\n",
+                           so, so->so_usecount, solockhistory_nr(so));
+               return (&inp->inpcb_mtx);
+       } else {
+               panic("tcp_getlock: so=%p NULL so_pcb %s\n",
                    so, solockhistory_nr(so));
                return (so->so_proto->pr_domain->dom_mtx);
        }
 }
 
                    so, solockhistory_nr(so));
                return (so->so_proto->pr_domain->dom_mtx);
        }
 }
 
-/* 
+/*
  * Determine if we can grow the recieve socket buffer to avoid sending
  * Determine if we can grow the recieve socket buffer to avoid sending
- * a zero window update to the peer. We allow even socket buffers that 
+ * a zero window update to the peer. We allow even socket buffers that
  * have fixed size (set by the application) to grow if the resource
  * constraints are met. They will also be trimmed after the application
  * reads data.
  * have fixed size (set by the application) to grow if the resource
  * constraints are met. They will also be trimmed after the application
  * reads data.
@@ -2926,6 +2966,8 @@ tcp_sbrcv_grow_rwin(struct tcpcb *tp, struct sockbuf *sb)
        u_int32_t rcvbuf = sb->sb_hiwat;
        struct socket *so = tp->t_inpcb->inp_socket;
 
        u_int32_t rcvbuf = sb->sb_hiwat;
        struct socket *so = tp->t_inpcb->inp_socket;
 
+       if (tcp_recv_bg == 1 || IS_TCP_RECV_BG(so))
+               return;
        /*
         * If message delivery is enabled, do not count
         * unordered bytes in receive buffer towards hiwat
        /*
         * If message delivery is enabled, do not count
         * unordered bytes in receive buffer towards hiwat
@@ -2949,12 +2991,17 @@ tcp_sbrcv_grow_rwin(struct tcpcb *tp, struct sockbuf *sb)
 int32_t
 tcp_sbspace(struct tcpcb *tp)
 {
 int32_t
 tcp_sbspace(struct tcpcb *tp)
 {
-       struct sockbuf *sb = &tp->t_inpcb->inp_socket->so_rcv;
-       u_int32_t rcvbuf = sb->sb_hiwat;
-       int32_t space;
        struct socket *so = tp->t_inpcb->inp_socket;
        struct socket *so = tp->t_inpcb->inp_socket;
+       struct sockbuf *sb = &so->so_rcv;
+       u_int32_t rcvbuf;
+       int32_t space;
        int32_t pending = 0;
 
        int32_t pending = 0;
 
+       tcp_sbrcv_grow_rwin(tp, sb);
+
+       /* hiwat might have changed */
+       rcvbuf = sb->sb_hiwat;
+
        /*
         * If message delivery is enabled, do not count
         * unordered bytes in receive buffer towards hiwat mark.
        /*
         * If message delivery is enabled, do not count
         * unordered bytes in receive buffer towards hiwat mark.
@@ -2965,11 +3012,9 @@ tcp_sbspace(struct tcpcb *tp)
        if (so->so_flags & SOF_ENABLE_MSGS)
                rcvbuf = rcvbuf - so->so_msg_state->msg_uno_bytes;
 
        if (so->so_flags & SOF_ENABLE_MSGS)
                rcvbuf = rcvbuf - so->so_msg_state->msg_uno_bytes;
 
-       tcp_sbrcv_grow_rwin(tp, sb);
-
        space =  ((int32_t) imin((rcvbuf - sb->sb_cc),
                (sb->sb_mbmax - sb->sb_mbcnt)));
        space =  ((int32_t) imin((rcvbuf - sb->sb_cc),
                (sb->sb_mbmax - sb->sb_mbcnt)));
-       if (space < 0) 
+       if (space < 0)
                space = 0;
 
 #if CONTENT_FILTER
                space = 0;
 
 #if CONTENT_FILTER
@@ -2981,20 +3026,21 @@ tcp_sbspace(struct tcpcb *tp)
        else
                space -= pending;
 
        else
                space -= pending;
 
-       /* Avoid increasing window size if the current window
+       /*
+        * Avoid increasing window size if the current window
         * is already very low, we could be in "persist" mode and
         * we could break some apps (see rdar://5409343)
         */
 
         * is already very low, we could be in "persist" mode and
         * we could break some apps (see rdar://5409343)
         */
 
-       if (space < tp->t_maxseg) 
-               return space;
+       if (space < tp->t_maxseg)
+               return (space);
 
 
-       /* Clip window size for slower link */ 
+       /* Clip window size for slower link */
 
 
-       if (((tp->t_flags & TF_SLOWLINK) != 0) && slowlink_wsize > 0 )  
-               return imin(space, slowlink_wsize);
+       if (((tp->t_flags & TF_SLOWLINK) != 0) && slowlink_wsize > 0)
+               return (imin(space, slowlink_wsize));
 
 
-       return space;
+       return (space);
 }
 /*
  * Checks TCP Segment Offloading capability for a given connection
 }
 /*
  * Checks TCP Segment Offloading capability for a given connection
@@ -3023,20 +3069,20 @@ tcp_set_tso(struct tcpcb *tp, struct ifnet *ifp)
        if (isipv6) {
                if (ifp && (ifp->if_hwassist & IFNET_TSO_IPV6)) {
                        tp->t_flags |= TF_TSO;
        if (isipv6) {
                if (ifp && (ifp->if_hwassist & IFNET_TSO_IPV6)) {
                        tp->t_flags |= TF_TSO;
-                       if (ifp->if_tso_v6_mtu != 0) 
+                       if (ifp->if_tso_v6_mtu != 0)
                                tp->tso_max_segment_size = ifp->if_tso_v6_mtu;
                        else
                                tp->tso_max_segment_size = TCP_MAXWIN;
                } else
                                tp->t_flags &= ~TF_TSO;
 
                                tp->tso_max_segment_size = ifp->if_tso_v6_mtu;
                        else
                                tp->tso_max_segment_size = TCP_MAXWIN;
                } else
                                tp->t_flags &= ~TF_TSO;
 
-       } else 
+       } else
 #endif /* INET6 */
 
        {
                if (ifp && (ifp->if_hwassist & IFNET_TSO_IPV4)) {
                        tp->t_flags |= TF_TSO;
 #endif /* INET6 */
 
        {
                if (ifp && (ifp->if_hwassist & IFNET_TSO_IPV4)) {
                        tp->t_flags |= TF_TSO;
-                       if (ifp->if_tso_v4_mtu != 0) 
+                       if (ifp->if_tso_v4_mtu != 0)
                                tp->tso_max_segment_size = ifp->if_tso_v4_mtu;
                        else
                                tp->tso_max_segment_size = TCP_MAXWIN;
                                tp->tso_max_segment_size = ifp->if_tso_v4_mtu;
                        else
                                tp->tso_max_segment_size = TCP_MAXWIN;
@@ -3045,18 +3091,20 @@ tcp_set_tso(struct tcpcb *tp, struct ifnet *ifp)
        }
 }
 
        }
 }
 
-#define TIMEVAL_TO_TCPHZ(_tv_) ((_tv_).tv_sec * TCP_RETRANSHZ + (_tv_).tv_usec / TCP_RETRANSHZ_TO_USEC)
+#define        TIMEVAL_TO_TCPHZ(_tv_) ((_tv_).tv_sec * TCP_RETRANSHZ + \
+       (_tv_).tv_usec / TCP_RETRANSHZ_TO_USEC)
 
 
-/* Function to calculate the tcp clock. The tcp clock will get updated
+/*
+ * Function to calculate the tcp clock. The tcp clock will get updated
  * at the boundaries of the tcp layer. This is done at 3 places:
  * at the boundaries of the tcp layer. This is done at 3 places:
- * 1. Right before processing an input tcp packet 
+ * 1. Right before processing an input tcp packet
  * 2. Whenever a connection wants to access the network using tcp_usrreqs
  * 3. When a tcp timer fires or before tcp slow timeout
  *
  */
 
 void
  * 2. Whenever a connection wants to access the network using tcp_usrreqs
  * 3. When a tcp timer fires or before tcp slow timeout
  *
  */
 
 void
-calculate_tcp_clock()
+calculate_tcp_clock(void)
 {
        struct timeval tv = tcp_uptime;
        struct timeval interval = {0, TCP_RETRANSHZ_TO_USEC};
 {
        struct timeval tv = tcp_uptime;
        struct timeval interval = {0, TCP_RETRANSHZ_TO_USEC};
@@ -3093,18 +3141,20 @@ calculate_tcp_clock()
                        tcp_now += incr;
                }
 
                        tcp_now += incr;
                }
 
-                lck_spin_unlock(tcp_uptime_lock);
-        }
-        return;
+               lck_spin_unlock(tcp_uptime_lock);
+       }
 }
 
 }
 
-/* Compute receive window scaling that we are going to request 
- * for this connection based on  sb_hiwat. Try to leave some 
- * room to potentially increase the window size upto a maximum 
+/*
+ * Compute receive window scaling that we are going to request
+ * for this connection based on  sb_hiwat. Try to leave some
+ * room to potentially increase the window size upto a maximum
  * defined by the constant tcp_autorcvbuf_max.
  */
 void
  * defined by the constant tcp_autorcvbuf_max.
  */
 void
-tcp_set_max_rwinscale(struct tcpcb *tp, struct socket *so) {
+tcp_set_max_rwinscale(struct tcpcb *tp, struct socket *so,
+    u_int32_t rcvbuf_max)
+{
        u_int32_t maxsockbufsize;
        if (!tcp_do_rfc1323) {
                tp->request_r_scale = 0;
        u_int32_t maxsockbufsize;
        if (!tcp_do_rfc1323) {
                tp->request_r_scale = 0;
@@ -3113,7 +3163,7 @@ tcp_set_max_rwinscale(struct tcpcb *tp, struct socket *so) {
 
        tp->request_r_scale = max(tcp_win_scale, tp->request_r_scale);
        maxsockbufsize = ((so->so_rcv.sb_flags & SB_USRSIZE) != 0) ?
 
        tp->request_r_scale = max(tcp_win_scale, tp->request_r_scale);
        maxsockbufsize = ((so->so_rcv.sb_flags & SB_USRSIZE) != 0) ?
-               so->so_rcv.sb_hiwat : tcp_autorcvbuf_max;
+               so->so_rcv.sb_hiwat : rcvbuf_max;
 
        while (tp->request_r_scale < TCP_MAX_WINSHIFT &&
                (TCP_MAXWIN << tp->request_r_scale) < maxsockbufsize)
 
        while (tp->request_r_scale < TCP_MAX_WINSHIFT &&
                (TCP_MAXWIN << tp->request_r_scale) < maxsockbufsize)
@@ -3131,31 +3181,34 @@ tcp_notsent_lowat_check(struct socket *so) {
                tp = intotcpcb(inp);
        }
 
                tp = intotcpcb(inp);
        }
 
-       notsent = so->so_snd.sb_cc - 
+       notsent = so->so_snd.sb_cc -
                (tp->snd_nxt - tp->snd_una);
 
                (tp->snd_nxt - tp->snd_una);
 
-       /* When we send a FIN or SYN, not_sent can be negative.
-        * In that case also we need to send a write event to the 
+       /*
+        * When we send a FIN or SYN, not_sent can be negative.
+        * In that case also we need to send a write event to the
         * process if it is waiting. In the FIN case, it will
         * get an error from send because cantsendmore will be set.
         */
        if (notsent <= tp->t_notsent_lowat) {
         * process if it is waiting. In the FIN case, it will
         * get an error from send because cantsendmore will be set.
         */
        if (notsent <= tp->t_notsent_lowat) {
-               return(1);
+               return (1);
        }
 
        }
 
-       /* When Nagle's algorithm is not disabled, it is better
+       /*
+        * When Nagle's algorithm is not disabled, it is better
         * to wakeup the client until there is atleast one
         * maxseg of data to write.
         */
         * to wakeup the client until there is atleast one
         * maxseg of data to write.
         */
-       if ((tp->t_flags & TF_NODELAY) == 0 && 
+       if ((tp->t_flags & TF_NODELAY) == 0 &&
                notsent > 0 && notsent < tp->t_maxseg) {
                notsent > 0 && notsent < tp->t_maxseg) {
-               return(1);
+               return (1);
        }
        }
-       return(0);
+       return (0);
 }
 
 void
 }
 
 void
-tcp_rxtseg_insert(struct tcpcb *tp, tcp_seq start, tcp_seq end) {
+tcp_rxtseg_insert(struct tcpcb *tp, tcp_seq start, tcp_seq end)
+{
        struct tcp_rxt_seg *rxseg = NULL, *prev = NULL, *next = NULL;
        u_int32_t rxcount = 0;
 
        struct tcp_rxt_seg *rxseg = NULL, *prev = NULL, *next = NULL;
        u_int32_t rxcount = 0;
 
@@ -3223,7 +3276,6 @@ tcp_rxtseg_insert(struct tcpcb *tp, tcp_seq start, tcp_seq end) {
        } else {
                SLIST_INSERT_HEAD(&tp->t_rxt_segments, rxseg, rx_link);
        }
        } else {
                SLIST_INSERT_HEAD(&tp->t_rxt_segments, rxseg, rx_link);
        }
-       return;
 }
 
 struct tcp_rxt_seg *
 }
 
 struct tcp_rxt_seg *
@@ -3294,7 +3346,7 @@ tcp_rxtseg_dsack_for_tlp(struct tcpcb *tp)
 
        SLIST_FOREACH(rxseg, &tp->t_rxt_segments, rx_link) {
                if (rxseg->rx_count == 1 &&
 
        SLIST_FOREACH(rxseg, &tp->t_rxt_segments, rx_link) {
                if (rxseg->rx_count == 1 &&
-                   SLIST_NEXT(rxseg,rx_link) == NULL &&
+                   SLIST_NEXT(rxseg, rx_link) == NULL &&
                    (rxseg->rx_flags & TCP_RXT_DSACK_FOR_TLP)) {
                        dsack_for_tlp = TRUE;
                        break;
                    (rxseg->rx_flags & TCP_RXT_DSACK_FOR_TLP)) {
                        dsack_for_tlp = TRUE;
                        break;
@@ -3304,7 +3356,8 @@ tcp_rxtseg_dsack_for_tlp(struct tcpcb *tp)
 }
 
 u_int32_t
 }
 
 u_int32_t
-tcp_rxtseg_total_size(struct tcpcb *tp) {
+tcp_rxtseg_total_size(struct tcpcb *tp)
+{
        struct tcp_rxt_seg *rxseg;
        u_int32_t total_size = 0;
 
        struct tcp_rxt_seg *rxseg;
        u_int32_t total_size = 0;
 
@@ -3330,16 +3383,15 @@ tcp_get_connectivity_status(struct tcpcb *tp,
        }
        if (tp->t_rtimo_probes >= TCP_CONNECTIVITY_PROBES_MAX)
                connstatus->read_probe_failed = 1;
        }
        if (tp->t_rtimo_probes >= TCP_CONNECTIVITY_PROBES_MAX)
                connstatus->read_probe_failed = 1;
-       if (tp->t_inpcb != NULL && tp->t_inpcb->inp_last_outifp != NULL
-           && (tp->t_inpcb->inp_last_outifp->if_eflags & IFEF_PROBE_CONNECTIVITY))
+       if (tp->t_inpcb != NULL && tp->t_inpcb->inp_last_outifp != NULL &&
+           (tp->t_inpcb->inp_last_outifp->if_eflags & IFEF_PROBE_CONNECTIVITY))
                connstatus->probe_activated = 1;
                connstatus->probe_activated = 1;
-       return;
 }
 
 boolean_t
 tfo_enabled(const struct tcpcb *tp)
 {
 }
 
 boolean_t
 tfo_enabled(const struct tcpcb *tp)
 {
-       return !!(tp->t_flagsext & TF_FASTOPEN);
+       return ((tp->t_flagsext & TF_FASTOPEN)? TRUE : FALSE);
 }
 
 void
 }
 
 void
@@ -3348,3 +3400,423 @@ tcp_disable_tfo(struct tcpcb *tp)
        tp->t_flagsext &= ~TF_FASTOPEN;
 }
 
        tp->t_flagsext &= ~TF_FASTOPEN;
 }
 
+static struct mbuf *
+tcp_make_keepalive_frame(struct tcpcb *tp, struct ifnet *ifp,
+    boolean_t is_probe)
+{
+       struct inpcb *inp = tp->t_inpcb;
+       struct tcphdr *th;
+       u_int8_t *data;
+       int win = 0;
+       struct mbuf *m;
+
+       /*
+        * The code assumes the IP + TCP headers fit in an mbuf packet header
+        */
+       _CASSERT(sizeof(struct ip) + sizeof(struct tcphdr) <= _MHLEN);
+       _CASSERT(sizeof(struct ip6_hdr) + sizeof(struct tcphdr) <= _MHLEN);
+
+       MGETHDR(m, M_WAIT, MT_HEADER);
+       if (m == NULL) {
+               return (NULL);
+       }
+       m->m_pkthdr.pkt_proto = IPPROTO_TCP;
+
+       data = mbuf_datastart(m);
+
+       if (inp->inp_vflag & INP_IPV4) {
+               bzero(data, sizeof(struct ip) + sizeof(struct tcphdr));
+               th = (struct tcphdr *)(void *) (data + sizeof(struct ip));
+               m->m_len = sizeof(struct ip) + sizeof(struct tcphdr);
+               m->m_pkthdr.len = m->m_len;
+       } else {
+               VERIFY(inp->inp_vflag & INP_IPV6);
+
+               bzero(data, sizeof(struct ip6_hdr)
+                   + sizeof(struct tcphdr));
+               th = (struct tcphdr *)(void *)(data + sizeof(struct ip6_hdr));
+               m->m_len = sizeof(struct ip6_hdr) +
+                   sizeof(struct tcphdr);
+               m->m_pkthdr.len = m->m_len;
+       }
+
+       tcp_fillheaders(tp, data, th);
+
+       if (inp->inp_vflag & INP_IPV4) {
+               struct ip *ip;
+
+               ip = (__typeof__(ip))(void *)data;
+
+               ip->ip_id = ip_randomid();
+               ip->ip_len = htons(sizeof(struct ip) + sizeof(struct tcphdr));
+               ip->ip_ttl = inp->inp_ip_ttl;
+               ip->ip_tos |= (inp->inp_ip_tos & ~IPTOS_ECN_MASK);
+               ip->ip_sum = in_cksum_hdr(ip);
+       } else {
+               struct ip6_hdr *ip6;
+
+               ip6 = (__typeof__(ip6))(void *)data;
+
+               ip6->ip6_plen = htons(sizeof(struct tcphdr));
+               ip6->ip6_hlim = in6_selecthlim(inp, ifp);
+               ip6->ip6_flow = ip6->ip6_flow & ~IPV6_FLOW_ECN_MASK;
+
+               if (IN6_IS_SCOPE_EMBED(&ip6->ip6_src))
+                       ip6->ip6_src.s6_addr16[1] = 0;
+               if (IN6_IS_SCOPE_EMBED(&ip6->ip6_dst))
+                       ip6->ip6_dst.s6_addr16[1] = 0;
+       }
+       th->th_flags = TH_ACK;
+
+       win = tcp_sbspace(tp);
+       if (win > ((int32_t)TCP_MAXWIN << tp->rcv_scale))
+           win = (int32_t)TCP_MAXWIN << tp->rcv_scale;
+       th->th_win = htons((u_short) (win >> tp->rcv_scale));
+
+       if (is_probe) {
+               th->th_seq = htonl(tp->snd_una - 1);
+       } else {
+               th->th_seq = htonl(tp->snd_una);
+       }
+       th->th_ack = htonl(tp->rcv_nxt);
+
+       /* Force recompute TCP checksum to be the final value */
+       th->th_sum = 0;
+       if (inp->inp_vflag & INP_IPV4) {
+               th->th_sum = inet_cksum(m, IPPROTO_TCP,
+                   sizeof(struct ip), sizeof(struct tcphdr));
+       } else {
+               th->th_sum = inet6_cksum(m, IPPROTO_TCP,
+                   sizeof(struct ip6_hdr), sizeof(struct tcphdr));
+       }
+
+       return (m);
+}
+
+void
+tcp_fill_keepalive_offload_frames(ifnet_t ifp,
+    struct ifnet_keepalive_offload_frame *frames_array,
+    u_int32_t frames_array_count, size_t frame_data_offset,
+    u_int32_t *used_frames_count)
+{
+       struct inpcb *inp;
+       inp_gen_t gencnt;
+       u_int32_t frame_index = *used_frames_count;
+
+       if (ifp == NULL || frames_array == NULL ||
+           frames_array_count == 0 ||
+           frame_index >= frames_array_count ||
+           frame_data_offset >= IFNET_KEEPALIVE_OFFLOAD_FRAME_DATA_SIZE)
+               return;
+
+       /*
+        * This function is called outside the regular TCP processing
+        * so we need to update the TCP clock.
+        */
+       calculate_tcp_clock();
+
+       lck_rw_lock_shared(tcbinfo.ipi_lock);
+       gencnt = tcbinfo.ipi_gencnt;
+       LIST_FOREACH(inp, tcbinfo.ipi_listhead, inp_list) {
+               struct socket *so;
+               struct ifnet_keepalive_offload_frame *frame;
+               struct mbuf *m = NULL;
+               struct tcpcb *tp = intotcpcb(inp);
+
+               if (frame_index >= frames_array_count)
+                       break;
+
+               if (inp->inp_gencnt > gencnt ||
+                   inp->inp_state == INPCB_STATE_DEAD)
+                       continue;
+
+               if ((so = inp->inp_socket) == NULL ||
+                   (so->so_state & SS_DEFUNCT))
+                       continue;
+               /*
+                * check for keepalive offload flag without socket
+                * lock to avoid a deadlock
+                */
+               if (!(inp->inp_flags2 & INP2_KEEPALIVE_OFFLOAD)) {
+                       continue;
+               }
+
+               if (!(inp->inp_vflag & (INP_IPV4 | INP_IPV6))) {
+                       continue;
+               }
+               if (inp->inp_ppcb == NULL ||
+                   in_pcb_checkstate(inp, WNT_ACQUIRE, 0) == WNT_STOPUSING)
+                       continue;
+               tcp_lock(so, 1, 0);
+               /* Release the want count */
+               if (inp->inp_ppcb == NULL ||
+                   (in_pcb_checkstate(inp, WNT_RELEASE, 1) == WNT_STOPUSING)) {
+                       tcp_unlock(so, 1, 0);
+                       continue;
+               }
+               if ((inp->inp_vflag & INP_IPV4) &&
+                   (inp->inp_laddr.s_addr == INADDR_ANY ||
+                   inp->inp_faddr.s_addr == INADDR_ANY)) {
+                       tcp_unlock(so, 1, 0);
+                       continue;
+               }
+               if ((inp->inp_vflag & INP_IPV6) &&
+                   (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr) ||
+                   IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr))) {
+                       tcp_unlock(so, 1, 0);
+                       continue;
+               }
+               if (inp->inp_lport == 0 || inp->inp_fport == 0) {
+                       tcp_unlock(so, 1, 0);
+                       continue;
+               }
+               if (inp->inp_last_outifp == NULL ||
+                   inp->inp_last_outifp->if_index != ifp->if_index) {
+                       tcp_unlock(so, 1, 0);
+                       continue;
+               }
+               if ((inp->inp_vflag & INP_IPV4) && frame_data_offset +
+                   sizeof(struct ip) + sizeof(struct tcphdr) >
+                   IFNET_KEEPALIVE_OFFLOAD_FRAME_DATA_SIZE) {
+                       tcp_unlock(so, 1, 0);
+                       continue;
+               } else if (!(inp->inp_vflag & INP_IPV4) && frame_data_offset +
+                   sizeof(struct ip6_hdr) + sizeof(struct tcphdr) >
+                   IFNET_KEEPALIVE_OFFLOAD_FRAME_DATA_SIZE) {
+                       tcp_unlock(so, 1, 0);
+                       continue;
+               }
+               /*
+                * There is no point in waking up the device for connections
+                * that are not established. Long lived connection are meant
+                * for processes that will sent and receive data
+                */
+               if (tp->t_state != TCPS_ESTABLISHED) {
+                       tcp_unlock(so, 1, 0);
+                       continue;
+               }
+               /*
+                * This inp has all the information that is needed to
+                * generate an offload frame.
+                */
+               frame = &frames_array[frame_index];
+               frame->type = IFNET_KEEPALIVE_OFFLOAD_FRAME_TCP;
+               frame->ether_type = (inp->inp_vflag & INP_IPV4) ?
+                   IFNET_KEEPALIVE_OFFLOAD_FRAME_ETHERTYPE_IPV4 :
+                   IFNET_KEEPALIVE_OFFLOAD_FRAME_ETHERTYPE_IPV6;
+               frame->interval = tp->t_keepidle > 0 ? tp->t_keepidle :
+                   tcp_keepidle;
+               frame->keep_cnt = TCP_CONN_KEEPCNT(tp);
+               frame->keep_retry = TCP_CONN_KEEPINTVL(tp);
+               frame->local_port = ntohs(inp->inp_lport);
+               frame->remote_port = ntohs(inp->inp_fport);
+               frame->local_seq = tp->snd_nxt;
+               frame->remote_seq = tp->rcv_nxt;
+               if (inp->inp_vflag & INP_IPV4) {
+                       frame->length = frame_data_offset +
+                           sizeof(struct ip) + sizeof(struct tcphdr);
+                       frame->reply_length =  frame->length;
+
+                       frame->addr_length = sizeof(struct in_addr);
+                       bcopy(&inp->inp_laddr, frame->local_addr,
+                           sizeof(struct in_addr));
+                       bcopy(&inp->inp_faddr, frame->remote_addr,
+                           sizeof(struct in_addr));
+               } else {
+                       struct in6_addr *ip6;
+
+                       frame->length = frame_data_offset +
+                           sizeof(struct ip6_hdr) + sizeof(struct tcphdr);
+                       frame->reply_length =  frame->length;
+
+                       frame->addr_length = sizeof(struct in6_addr);
+                       ip6 = (struct in6_addr *)(void *)frame->local_addr;
+                       bcopy(&inp->in6p_laddr, ip6, sizeof(struct in6_addr));
+                       if (IN6_IS_SCOPE_EMBED(ip6))
+                               ip6->s6_addr16[1] = 0;
+
+                       ip6 = (struct in6_addr *)(void *)frame->remote_addr;
+                       bcopy(&inp->in6p_faddr, ip6, sizeof(struct in6_addr));
+                       if (IN6_IS_SCOPE_EMBED(ip6))
+                               ip6->s6_addr16[1] = 0;
+               }
+
+               /*
+                * First the probe
+                */
+               m = tcp_make_keepalive_frame(tp, ifp, TRUE);
+               if (m == NULL) {
+                       tcp_unlock(so, 1, 0);
+                       continue;
+               }
+               bcopy(m->m_data, frame->data + frame_data_offset,
+                   m->m_len);
+               m_freem(m);
+
+               /*
+                * Now the response packet to incoming probes
+                */
+               m = tcp_make_keepalive_frame(tp, ifp, FALSE);
+               if (m == NULL) {
+                       tcp_unlock(so, 1, 0);
+                       continue;
+               }
+               bcopy(m->m_data, frame->reply_data + frame_data_offset,
+                   m->m_len);
+               m_freem(m);
+
+               frame_index++;
+               tcp_unlock(so, 1, 0);
+       }
+       lck_rw_done(tcbinfo.ipi_lock);
+       *used_frames_count = frame_index;
+}
+
+errno_t
+tcp_notify_ack_id_valid(struct tcpcb *tp, struct socket *so,
+    u_int32_t notify_id)
+{
+       struct tcp_notify_ack_marker *elm;
+
+       if (so->so_snd.sb_cc == 0)
+               return (ENOBUFS);
+
+       SLIST_FOREACH(elm, &tp->t_notify_ack, notify_next) {
+               /* Duplicate id is not allowed */
+               if (elm->notify_id == notify_id)
+                       return (EINVAL);
+               /* Duplicate position is not allowed */
+               if (elm->notify_snd_una == tp->snd_una + so->so_snd.sb_cc)
+                       return (EINVAL);
+       }
+       return (0);
+}
+
+errno_t
+tcp_add_notify_ack_marker(struct tcpcb *tp, u_int32_t notify_id)
+{
+       struct tcp_notify_ack_marker *nm, *elm = NULL;
+       struct socket *so = tp->t_inpcb->inp_socket;
+
+       MALLOC(nm, struct tcp_notify_ack_marker *, sizeof (*nm),
+           M_TEMP, M_WAIT | M_ZERO);
+       if (nm == NULL)
+               return (ENOMEM);
+       nm->notify_id = notify_id;
+       nm->notify_snd_una = tp->snd_una + so->so_snd.sb_cc;
+
+       SLIST_FOREACH(elm, &tp->t_notify_ack, notify_next) {
+               if (SEQ_GT(nm->notify_snd_una, elm->notify_snd_una))
+                       break;
+       }
+
+       if (elm == NULL) {
+               VERIFY(SLIST_EMPTY(&tp->t_notify_ack));
+               SLIST_INSERT_HEAD(&tp->t_notify_ack, nm, notify_next);
+       } else {
+               SLIST_INSERT_AFTER(elm, nm, notify_next);
+       }
+       tp->t_notify_ack_count++;
+       return (0);
+}
+
+void
+tcp_notify_ack_free(struct tcpcb *tp)
+{
+       struct tcp_notify_ack_marker *elm, *next;
+       if (SLIST_EMPTY(&tp->t_notify_ack))
+               return;
+
+       SLIST_FOREACH_SAFE(elm, &tp->t_notify_ack, notify_next, next) {
+               SLIST_REMOVE(&tp->t_notify_ack, elm, tcp_notify_ack_marker,
+                   notify_next);
+               FREE(elm, M_TEMP);
+       }
+       SLIST_INIT(&tp->t_notify_ack);
+       tp->t_notify_ack_count = 0;
+}
+
+inline void
+tcp_notify_acknowledgement(struct tcpcb *tp, struct socket *so)
+{
+       struct tcp_notify_ack_marker *elm;
+
+       elm = SLIST_FIRST(&tp->t_notify_ack);
+       if (SEQ_GEQ(tp->snd_una, elm->notify_snd_una)) {
+               soevent(so, SO_FILT_HINT_LOCKED | SO_FILT_HINT_NOTIFY_ACK);
+       }
+}
+
+void
+tcp_get_notify_ack_count(struct tcpcb *tp,
+    struct tcp_notify_ack_complete *retid)
+{
+       struct tcp_notify_ack_marker *elm;
+       size_t  complete = 0;
+
+       SLIST_FOREACH(elm, &tp->t_notify_ack, notify_next) {
+               if (SEQ_GEQ(tp->snd_una, elm->notify_snd_una))
+                       complete++;
+               else
+                       break;
+       }
+       retid->notify_pending = tp->t_notify_ack_count - complete;
+       retid->notify_complete_count = min(TCP_MAX_NOTIFY_ACK, complete);
+}
+
+void
+tcp_get_notify_ack_ids(struct tcpcb *tp,
+    struct tcp_notify_ack_complete *retid)
+{
+       size_t i = 0;
+       struct tcp_notify_ack_marker *elm, *next;
+
+       SLIST_FOREACH_SAFE(elm, &tp->t_notify_ack, notify_next, next) {
+               if (i >= retid->notify_complete_count)
+                       break;
+               if (SEQ_GEQ(tp->snd_una, elm->notify_snd_una)) {
+                       retid->notify_complete_id[i++] = elm->notify_id;
+                       SLIST_REMOVE(&tp->t_notify_ack, elm,
+                           tcp_notify_ack_marker, notify_next);
+                       FREE(elm, M_TEMP);
+                       tp->t_notify_ack_count--;
+               } else {
+                       break;
+               }
+       }
+}
+
+bool
+tcp_notify_ack_active(struct socket *so)
+{
+       if ((SOCK_DOM(so) == PF_INET || SOCK_DOM(so) == PF_INET6) &&
+           SOCK_TYPE(so) == SOCK_STREAM) {
+               struct tcpcb *tp = intotcpcb(sotoinpcb(so));
+
+               if (!SLIST_EMPTY(&tp->t_notify_ack)) {
+                       struct tcp_notify_ack_marker *elm;
+                       elm = SLIST_FIRST(&tp->t_notify_ack);
+                       if (SEQ_GEQ(tp->snd_una, elm->notify_snd_una))
+                               return (true);
+               }
+       }
+       return (false);
+}
+
+inline int32_t
+inp_get_sndbytes_allunsent(struct socket *so, u_int32_t th_ack)
+{
+       struct inpcb *inp = sotoinpcb(so);
+       struct tcpcb *tp = intotcpcb(inp);
+
+       if ((so->so_snd.sb_flags & SB_SNDBYTE_CNT) &&
+           so->so_snd.sb_cc > 0) {
+               int32_t unsent, sent;
+               sent = tp->snd_max - th_ack;
+               if (tp->t_flags & TF_SENTFIN)
+                       sent--;
+               unsent = so->so_snd.sb_cc - sent;
+               return (unsent);
+       }
+       return (0);
+}
mirror of XNU