]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/netinet/tcp_input.c
projects / apple / xnu.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xnu-6153.11.26.tar.gz
[apple/xnu.git] / bsd / netinet / tcp_input.c
diff --git a/bsd/netinet/tcp_input.c b/bsd/netinet/tcp_input.c
index 1d65c4355d014eef26fc05f41964f588c56518e5..d7d04516aa2ea1c0d8d5e6dbd0456a103ed4cef0 100644 (file)
--- a/bsd/netinet/tcp_input.c
+++ b/bsd/netinet/tcp_input.c
@@ -1,8 +1,8 @@
 /*
 /*
- * Copyright (c) 2000-2015 Apple Inc. All rights reserved.
+ * Copyright (c) 2000-2019 Apple Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- * 
+ *
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
@@ -11,10 +11,10 @@
  * unlawful or unlicensed copies of an Apple operating system, or to
  * circumvent, violate, or enable the circumvention or violation of, any
  * terms of an Apple operating system software license agreement.
  * unlawful or unlicensed copies of an Apple operating system, or to
  * circumvent, violate, or enable the circumvention or violation of, any
  * terms of an Apple operating system software license agreement.
- * 
+ *
  * Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this file.
  * Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this file.
- * 
+ *
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
@@ -22,7 +22,7 @@
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
- * 
+ *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
@@ -73,14 +73,17 @@
 #include <sys/sysctl.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/sysctl.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
-#include <sys/proc.h>          /* for proc0 declaration */
+#include <sys/proc.h>           /* for proc0 declaration */
 #include <sys/protosw.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/syslog.h>
 #include <sys/mcache.h>
 #include <sys/protosw.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/syslog.h>
 #include <sys/mcache.h>
+#if !CONFIG_EMBEDDED
 #include <sys/kasl.h>
 #include <sys/kasl.h>
-#include <kern/cpu_number.h>   /* before tcp_seq.h, for tcp_random18() */
+#endif
+#include <sys/kauth.h>
+#include <kern/cpu_number.h>    /* before tcp_seq.h, for tcp_random18() */
 
 #include <machine/endian.h>
 
 
 #include <machine/endian.h>
 
@@ -88,14 +91,16 @@
 #include <net/if_types.h>
 #include <net/route.h>
 #include <net/ntstat.h>
 #include <net/if_types.h>
 #include <net/route.h>
 #include <net/ntstat.h>
+#include <net/content_filter.h>
 #include <net/dlil.h>
 #include <net/dlil.h>
+#include <net/multi_layer_pkt_log.h>
 
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
 
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
-#include <netinet/ip_icmp.h>    /* for ICMP_BANDLIM            */   
+#include <netinet/ip_icmp.h>    /* for ICMP_BANDLIM            */
 #include <netinet/in_var.h>
 #include <netinet/in_var.h>
-#include <netinet/icmp_var.h>  /* for ICMP_BANDLIM     */
+#include <netinet/icmp_var.h>   /* for ICMP_BANDLIM    */
 #include <netinet/in_pcb.h>
 #include <netinet/ip_var.h>
 #include <mach/sdt.h>
 #include <netinet/in_pcb.h>
 #include <netinet/ip_var.h>
 #include <mach/sdt.h>
@@ -124,6 +129,7 @@
 u_char tcp_saveipgen[40]; /* the size must be of max ip header, now IPv6 */
 struct tcphdr tcp_savetcp;
 #endif /* TCPDEBUG */
 u_char tcp_saveipgen[40]; /* the size must be of max ip header, now IPv6 */
 struct tcphdr tcp_savetcp;
 #endif /* TCPDEBUG */
+#include <netinet/tcp_log.h>
 
 #if IPSEC
 #include <netinet6/ipsec.h>
 
 #if IPSEC
 #include <netinet6/ipsec.h>
@@ -142,19 +148,21 @@ struct tcphdr tcp_savetcp;
 #if MPTCP
 #include <netinet/mptcp_var.h>
 #include <netinet/mptcp.h>
 #if MPTCP
 #include <netinet/mptcp_var.h>
 #include <netinet/mptcp.h>
-#include <netinet/mptcp_opt.h> 
+#include <netinet/mptcp_opt.h>
 #endif /* MPTCP */
 
 #include <corecrypto/ccaes.h>
 
 #endif /* MPTCP */
 
 #include <corecrypto/ccaes.h>
 
-#define DBG_LAYER_BEG          NETDBG_CODE(DBG_NETTCP, 0)
-#define DBG_LAYER_END          NETDBG_CODE(DBG_NETTCP, 2)
+#define DBG_LAYER_BEG           NETDBG_CODE(DBG_NETTCP, 0)
+#define DBG_LAYER_END           NETDBG_CODE(DBG_NETTCP, 2)
 #define DBG_FNC_TCP_INPUT       NETDBG_CODE(DBG_NETTCP, (3 << 8))
 #define DBG_FNC_TCP_NEWCONN     NETDBG_CODE(DBG_NETTCP, (7 << 8))
 
 #define DBG_FNC_TCP_INPUT       NETDBG_CODE(DBG_NETTCP, (3 << 8))
 #define DBG_FNC_TCP_NEWCONN     NETDBG_CODE(DBG_NETTCP, (7 << 8))
 
-tcp_cc tcp_ccgen;
+#define TCP_RTT_HISTORY_EXPIRE_TIME     (60 * TCP_RETRANSHZ)
+#define TCP_RECV_THROTTLE_WIN   (5 * TCP_RETRANSHZ)
+#define TCP_STRETCHACK_ENABLE_PKTCNT    2000
 
 
-struct tcpstat tcpstat;
+struct  tcpstat tcpstat;
 
 static int log_in_vain = 0;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain,
 
 static int log_in_vain = 0;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain,
@@ -166,28 +174,24 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, blackhole,
     CTLFLAG_RW | CTLFLAG_LOCKED, &blackhole, 0,
     "Do not send RST when dropping refused connections");
 
     CTLFLAG_RW | CTLFLAG_LOCKED, &blackhole, 0,
     "Do not send RST when dropping refused connections");
 
-int tcp_delack_enabled = 3;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, delayed_ack,
-    CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_delack_enabled, 0,
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, delayed_ack,
+    CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_delack_enabled, 3,
     "Delay ACK to try and piggyback it onto a data packet");
 
     "Delay ACK to try and piggyback it onto a data packet");
 
-int tcp_lq_overflow = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, tcp_lq_overflow,
-    CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_lq_overflow, 0,
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, tcp_lq_overflow,
+    CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_lq_overflow, 1,
     "Listen Queue Overflow");
 
     "Listen Queue Overflow");
 
-int tcp_recv_bg = 0;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, recvbg, CTLFLAG_RW | CTLFLAG_LOCKED,
-    &tcp_recv_bg, 0, "Receive background");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, recvbg, CTLFLAG_RW | CTLFLAG_LOCKED,
+    int, tcp_recv_bg, 0, "Receive background");
 
 #if TCP_DROP_SYNFIN
 
 #if TCP_DROP_SYNFIN
-static int drop_synfin = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, drop_synfin,
-    CTLFLAG_RW | CTLFLAG_LOCKED, &drop_synfin, 0,
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, drop_synfin,
+    CTLFLAG_RW | CTLFLAG_LOCKED, static int, drop_synfin, 1,
     "Drop TCP packets with SYN+FIN set");
 #endif
 
     "Drop TCP packets with SYN+FIN set");
 #endif
 
-SYSCTL_NODE(_net_inet_tcp, OID_AUTO, reass, CTLFLAG_RW|CTLFLAG_LOCKED, 0,
+SYSCTL_NODE(_net_inet_tcp, OID_AUTO, reass, CTLFLAG_RW | CTLFLAG_LOCKED, 0,
     "TCP Segment Reassembly Queue");
 
 static int tcp_reass_overflows = 0;
     "TCP Segment Reassembly Queue");
 
 static int tcp_reass_overflows = 0;
@@ -196,32 +200,27 @@ SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, overflows,
     "Global number of TCP Segment Reassembly Queue Overflows");
 
 
     "Global number of TCP Segment Reassembly Queue Overflows");
 
 
-__private_extern__ int slowlink_wsize = 8192;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, slowlink_wsize,
-    CTLFLAG_RW | CTLFLAG_LOCKED,
-    &slowlink_wsize, 0, "Maximum advertised window size for slowlink");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, slowlink_wsize, CTLFLAG_RW | CTLFLAG_LOCKED,
+    __private_extern__ int, slowlink_wsize, 8192,
+    "Maximum advertised window size for slowlink");
 
 
-int maxseg_unacked = 8;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, maxseg_unacked,
-    CTLFLAG_RW | CTLFLAG_LOCKED, &maxseg_unacked, 0,
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, maxseg_unacked,
+    CTLFLAG_RW | CTLFLAG_LOCKED, int, maxseg_unacked, 8,
     "Maximum number of outstanding segments left unacked");
 
     "Maximum number of outstanding segments left unacked");
 
-int tcp_do_rfc3465 = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3465, CTLFLAG_RW | CTLFLAG_LOCKED,
-    &tcp_do_rfc3465, 0, "");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, rfc3465, CTLFLAG_RW | CTLFLAG_LOCKED,
+    int, tcp_do_rfc3465, 1, "");
 
 
-int tcp_do_rfc3465_lim2 = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3465_lim2,
-    CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_do_rfc3465_lim2, 0,
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, rfc3465_lim2,
+    CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_do_rfc3465_lim2, 1,
     "Appropriate bytes counting w/ L=2*SMSS");
 
 int rtt_samples_per_slot = 20;
 
     "Appropriate bytes counting w/ L=2*SMSS");
 
 int rtt_samples_per_slot = 20;
 
-int tcp_allowed_iaj = ALLOWED_IAJ;
 int tcp_acc_iaj_high_thresh = ACC_IAJ_HIGH_THRESH;
 u_int32_t tcp_autorcvbuf_inc_shift = 3;
 int tcp_acc_iaj_high_thresh = ACC_IAJ_HIGH_THRESH;
 u_int32_t tcp_autorcvbuf_inc_shift = 3;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, recv_allowed_iaj,
-    CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_allowed_iaj, 0,
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, recv_allowed_iaj,
+    CTLFLAG_RW | CTLFLAG_LOCKED, int, tcp_allowed_iaj, ALLOWED_IAJ,
     "Allowed inter-packet arrival jiter");
 #if (DEVELOPMENT || DEBUG)
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, acc_iaj_high_thresh,
     "Allowed inter-packet arrival jiter");
 #if (DEVELOPMENT || DEBUG)
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, acc_iaj_high_thresh,
@@ -233,19 +232,21 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, autorcvbufincshift,
     "Shift for increment in receive socket buffer size");
 #endif /* (DEVELOPMENT || DEBUG) */
 
     "Shift for increment in receive socket buffer size");
 #endif /* (DEVELOPMENT || DEBUG) */
 
-u_int32_t tcp_do_autorcvbuf = 1;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, doautorcvbuf,
-    CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_do_autorcvbuf, 0,
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, doautorcvbuf,
+    CTLFLAG_RW | CTLFLAG_LOCKED, u_int32_t, tcp_do_autorcvbuf, 1,
     "Enable automatic socket buffer tuning");
 
     "Enable automatic socket buffer tuning");
 
-u_int32_t tcp_autorcvbuf_max = 512 * 1024;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, autorcvbufmax,
-    CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_autorcvbuf_max, 0,
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, autorcvbufmax,
+    CTLFLAG_RW | CTLFLAG_LOCKED, u_int32_t, tcp_autorcvbuf_max, 512 * 1024,
     "Maximum receive socket buffer size");
 
     "Maximum receive socket buffer size");
 
+#if CONFIG_EMBEDDED
+int sw_lro = 1;
+#else
 int sw_lro = 0;
 int sw_lro = 0;
+#endif  /* !CONFIG_EMBEDDED */
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, lro, CTLFLAG_RW | CTLFLAG_LOCKED,
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, lro, CTLFLAG_RW | CTLFLAG_LOCKED,
-        &sw_lro, 0, "Used to coalesce TCP packets");
+    &sw_lro, 0, "Used to coalesce TCP packets");
 
 int lrodebug = 0;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, lrodbg,
 
 int lrodebug = 0;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, lrodbg,
@@ -257,8 +258,6 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, lro_startcnt,
     CTLFLAG_RW | CTLFLAG_LOCKED, &lro_start, 0,
     "Segments for starting LRO computed as power of 2");
 
     CTLFLAG_RW | CTLFLAG_LOCKED, &lro_start, 0,
     "Segments for starting LRO computed as power of 2");
 
-extern int tcp_do_autosendbuf;
-
 int limited_txmt = 1;
 int early_rexmt = 1;
 int sack_ackadv = 1;
 int limited_txmt = 1;
 int early_rexmt = 1;
 int sack_ackadv = 1;
@@ -280,27 +279,32 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, sack_ackadv,
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, dsack_enable,
     CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_dsack_enable, 0,
     "use DSACK TCP option to report duplicate segments");
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, dsack_enable,
     CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_dsack_enable, 0,
     "use DSACK TCP option to report duplicate segments");
+
 #endif /* (DEVELOPMENT || DEBUG) */
 #endif /* (DEVELOPMENT || DEBUG) */
+int tcp_disable_access_to_stats = 1;
+SYSCTL_INT(_net_inet_tcp, OID_AUTO, disable_access_to_stats,
+    CTLFLAG_RW | CTLFLAG_LOCKED, &tcp_disable_access_to_stats, 0,
+    "Disable access to tcpstat");
 
 
-#if CONFIG_IFEF_NOWINDOWSCALE
-int tcp_obey_ifef_nowindowscale = 0;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, obey_ifef_nowindowscale,
-    CTLFLAG_RW | CTLFLAG_LOCKED,
-    &tcp_obey_ifef_nowindowscale, 0, "");
-#endif
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, challengeack_limit,
+    CTLFLAG_RW | CTLFLAG_LOCKED, uint32_t, tcp_challengeack_limit, 10,
+    "Maximum number of challenge ACKs per connection per second");
+
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, do_rfc5961,
+    CTLFLAG_RW | CTLFLAG_LOCKED, static int, tcp_do_rfc5961, 1,
+    "Enable/Disable full RFC 5961 compliance");
 
 
-extern int tcp_TCPTV_MIN;
 extern int tcp_acc_iaj_high;
 extern int tcp_acc_iaj_react_limit;
 
 int tcprexmtthresh = 3;
 
 u_int32_t tcp_now;
 extern int tcp_acc_iaj_high;
 extern int tcp_acc_iaj_react_limit;
 
 int tcprexmtthresh = 3;
 
 u_int32_t tcp_now;
-struct timeval tcp_uptime;     /* uptime when tcp_now was last updated */
-lck_spin_t *tcp_uptime_lock;   /* Used to sychronize updates to tcp_now */
+struct timeval tcp_uptime;      /* uptime when tcp_now was last updated */
+lck_spin_t *tcp_uptime_lock;    /* Used to sychronize updates to tcp_now */
 
 struct inpcbhead tcb;
 
 struct inpcbhead tcb;
-#define        tcb6    tcb  /* for KAME src sync over BSD*'s */
+#define tcb6    tcb  /* for KAME src sync over BSD*'s */
 struct inpcbinfo tcbinfo;
 
 static void tcp_dooptions(struct tcpcb *, u_char *, int, struct tcphdr *,
 struct inpcbinfo tcbinfo;
 
 static void tcp_dooptions(struct tcpcb *, u_char *, int, struct tcphdr *,
@@ -308,11 +312,9 @@ static void tcp_dooptions(struct tcpcb *, u_char *, int, struct tcphdr *,
 static void tcp_finalize_options(struct tcpcb *, struct tcpopt *, unsigned int);
 static void tcp_pulloutofband(struct socket *,
     struct tcphdr *, struct mbuf *, int);
 static void tcp_finalize_options(struct tcpcb *, struct tcpopt *, unsigned int);
 static void tcp_pulloutofband(struct socket *,
     struct tcphdr *, struct mbuf *, int);
-static int tcp_reass(struct tcpcb *, struct tcphdr *, int *, struct mbuf *,
-    struct ifnet *);
 static void tcp_xmit_timer(struct tcpcb *, int, u_int32_t, tcp_seq);
 static inline unsigned int tcp_maxmtu(struct rtentry *);
 static void tcp_xmit_timer(struct tcpcb *, int, u_int32_t, tcp_seq);
 static inline unsigned int tcp_maxmtu(struct rtentry *);
-static inline int tcp_stretch_ack_enable(struct tcpcb *tp);
+static inline int tcp_stretch_ack_enable(struct tcpcb *tp, int thflags);
 static inline void tcp_adaptive_rwtimo_check(struct tcpcb *, int);
 
 #if TRAFFIC_MGT
 static inline void tcp_adaptive_rwtimo_check(struct tcpcb *, int);
 
 #if TRAFFIC_MGT
@@ -326,47 +328,48 @@ static void compute_iaj_meat(struct tcpcb *tp, uint32_t cur_iaj);
 static inline unsigned int tcp_maxmtu6(struct rtentry *);
 #endif
 
 static inline unsigned int tcp_maxmtu6(struct rtentry *);
 #endif
 
-static void tcp_sbrcv_grow(struct tcpcb *tp, struct sockbuf *sb, 
-    struct tcpopt *to, u_int32_t tlen);
+unsigned int get_maxmtu(struct rtentry *);
 
 
+static void tcp_sbrcv_grow(struct tcpcb *tp, struct sockbuf *sb,
+    struct tcpopt *to, u_int32_t tlen, u_int32_t rcvbuf_max);
 void tcp_sbrcv_trim(struct tcpcb *tp, struct sockbuf *sb);
 static void tcp_sbsnd_trim(struct sockbuf *sbsnd);
 static inline void tcp_sbrcv_tstmp_check(struct tcpcb *tp);
 static inline void tcp_sbrcv_reserve(struct tcpcb *tp, struct sockbuf *sb,
 void tcp_sbrcv_trim(struct tcpcb *tp, struct sockbuf *sb);
 static void tcp_sbsnd_trim(struct sockbuf *sbsnd);
 static inline void tcp_sbrcv_tstmp_check(struct tcpcb *tp);
 static inline void tcp_sbrcv_reserve(struct tcpcb *tp, struct sockbuf *sb,
-    u_int32_t newsize, u_int32_t idealsize);
+    u_int32_t newsize, u_int32_t idealsize, u_int32_t rcvbuf_max);
 static void tcp_bad_rexmt_restore_state(struct tcpcb *tp, struct tcphdr *th);
 static void tcp_bad_rexmt_restore_state(struct tcpcb *tp, struct tcphdr *th);
-static void tcp_compute_rtt(struct tcpcb *tp, struct tcpopt *to, 
+static void tcp_compute_rtt(struct tcpcb *tp, struct tcpopt *to,
     struct tcphdr *th);
 static void tcp_early_rexmt_check(struct tcpcb *tp, struct tcphdr *th);
 static void tcp_bad_rexmt_check(struct tcpcb *tp, struct tcphdr *th,
     struct tcpopt *to);
 /*
     struct tcphdr *th);
 static void tcp_early_rexmt_check(struct tcpcb *tp, struct tcphdr *th);
 static void tcp_bad_rexmt_check(struct tcpcb *tp, struct tcphdr *th,
     struct tcpopt *to);
 /*
- * Constants used for resizing receive socket buffer 
- * when timestamps are not supported 
+ * Constants used for resizing receive socket buffer
+ * when timestamps are not supported
  */
 #define TCPTV_RCVNOTS_QUANTUM 100
 #define TCP_RCVNOTS_BYTELEVEL 204800
 
  */
 #define TCPTV_RCVNOTS_QUANTUM 100
 #define TCP_RCVNOTS_BYTELEVEL 204800
 
-/* 
- * Constants used for limiting early retransmits 
+/*
+ * Constants used for limiting early retransmits
  * to 10 per minute.
  */
 #define TCP_EARLY_REXMT_WIN (60 * TCP_RETRANSHZ) /* 60 seconds */
 #define TCP_EARLY_REXMT_LIMIT 10
 
  * to 10 per minute.
  */
 #define TCP_EARLY_REXMT_WIN (60 * TCP_RETRANSHZ) /* 60 seconds */
 #define TCP_EARLY_REXMT_LIMIT 10
 
-extern void ipfwsyslog( int level, const char *format,...);
+extern void ipfwsyslog( int level, const char *format, ...);
 extern int fw_verbose;
 
 #if IPFIREWALL
 extern void ipfw_stealth_stats_incr_tcp(void);
 
 #define log_in_vain_log( a ) {            \
 extern int fw_verbose;
 
 #if IPFIREWALL
 extern void ipfw_stealth_stats_incr_tcp(void);
 
 #define log_in_vain_log( a ) {            \
-        if ( (log_in_vain == 3 ) && (fw_verbose == 2)) {        /* Apple logging, log to ipfw.log */ \
-                ipfwsyslog a ;  \
-        } else if ( (log_in_vain == 4 ) && (fw_verbose == 2)) {   \
-                ipfw_stealth_stats_incr_tcp();                    \
-        }                       \
-        else log a ;            \
+       if ( (log_in_vain == 3 ) && (fw_verbose == 2)) {        /* Apple logging, log to ipfw.log */ \
+               ipfwsyslog a ;  \
+       } else if ( (log_in_vain == 4 ) && (fw_verbose == 2)) {   \
+               ipfw_stealth_stats_incr_tcp();                    \
+       }                       \
+       else log a ;            \
 }
 #else
 #define log_in_vain_log( a ) { log a; }
 }
 #else
 #define log_in_vain_log( a ) { log a; }
@@ -374,9 +377,8 @@ extern void ipfw_stealth_stats_incr_tcp(void);
 
 int tcp_rcvunackwin = TCPTV_UNACKWIN;
 int tcp_maxrcvidle = TCPTV_MAXRCVIDLE;
 
 int tcp_rcvunackwin = TCPTV_UNACKWIN;
 int tcp_maxrcvidle = TCPTV_MAXRCVIDLE;
-int tcp_rcvsspktcnt = TCP_RCV_SS_PKTCOUNT;
-SYSCTL_INT(_net_inet_tcp, OID_AUTO, rcvsspktcnt, CTLFLAG_RW | CTLFLAG_LOCKED,
-       &tcp_rcvsspktcnt, 0, "packets to be seen before receiver stretches acks");
+SYSCTL_SKMEM_TCP_INT(OID_AUTO, rcvsspktcnt, CTLFLAG_RW | CTLFLAG_LOCKED,
+    int, tcp_rcvsspktcnt, TCP_RCV_SS_PKTCOUNT, "packets to be seen before receiver stretches acks");
 
 #define DELAY_ACK(tp, th) \
        (CC_ALGO(tp)->delay_ack != NULL && CC_ALGO(tp)->delay_ack(tp, th))
 
 #define DELAY_ACK(tp, th) \
        (CC_ALGO(tp)->delay_ack != NULL && CC_ALGO(tp)->delay_ack(tp, th))
@@ -394,15 +396,15 @@ void
 reset_acc_iaj(struct tcpcb *tp)
 {
        tp->acc_iaj = 0;
 reset_acc_iaj(struct tcpcb *tp)
 {
        tp->acc_iaj = 0;
-       tp->iaj_rwintop = 0;
        CLEAR_IAJ_STATE(tp);
 }
 
 static inline void
 update_iaj_state(struct tcpcb *tp, uint32_t size, int rst_size)
 {
        CLEAR_IAJ_STATE(tp);
 }
 
 static inline void
 update_iaj_state(struct tcpcb *tp, uint32_t size, int rst_size)
 {
-       if (rst_size > 0)
+       if (rst_size > 0) {
                tp->iaj_size = 0;
                tp->iaj_size = 0;
+       }
        if (tp->iaj_size == 0 || size >= tp->iaj_size) {
                tp->iaj_size = size;
                tp->iaj_rcv_ts = tcp_now;
        if (tp->iaj_size == 0 || size >= tp->iaj_size) {
                tp->iaj_size = size;
                tp->iaj_rcv_ts = tcp_now;
@@ -410,15 +412,16 @@ update_iaj_state(struct tcpcb *tp, uint32_t size, int rst_size)
        }
 }
 
        }
 }
 
-/* For every 32 bit unsigned integer(v), this function will find the 
- * largest integer n such that (n*n <= v). This takes at most 16 iterations 
- * irrespective of the value of v and does not involve multiplications. 
+/* For every 32 bit unsigned integer(v), this function will find the
+ * largest integer n such that (n*n <= v). This takes at most 16 iterations
+ * irrespective of the value of v and does not involve multiplications.
  */
 static inline int
  */
 static inline int
-isqrt(unsigned int val) {
+isqrt(unsigned int val)
+{
        unsigned int sqrt_cache[11] = {0, 1, 4, 9, 16, 25, 36, 49, 64, 81, 100};
        unsigned int sqrt_cache[11] = {0, 1, 4, 9, 16, 25, 36, 49, 64, 81, 100};
-       unsigned int temp, g=0, b=0x8000, bshft=15;
-       if ( val <= 100) {
+       unsigned int temp, g = 0, b = 0x8000, bshft = 15;
+       if (val <= 100) {
                for (g = 0; g <= 10; ++g) {
                        if (sqrt_cache[g] > val) {
                                g--;
                for (g = 0; g <= 10; ++g) {
                        if (sqrt_cache[g] > val) {
                                g--;
@@ -435,20 +438,20 @@ isqrt(unsigned int val) {
                                val -= temp;
                        }
                        b >>= 1;
                                val -= temp;
                        }
                        b >>= 1;
-               } while ( b > 0 && val > 0);
-       }
-       return(g);
-} 
-
-/* 
-* With LRO, roughly estimate the inter arrival time between
-* each sub coalesced packet as an average. Count the delay
-* cur_iaj to be the delay between the last packet received
-* and the first packet of the LRO stream. Due to round off errors
-* cur_iaj may be the same as lro_delay_factor. Averaging has 
-* round off errors too. lro_delay_factor may be close to 0
-* in steady state leading to lower values fed to compute_iaj_meat.
-*/
+               } while (b > 0 && val > 0);
+       }
+       return g;
+}
+
+/*
+ * With LRO, roughly estimate the inter arrival time between
+ * each sub coalesced packet as an average. Count the delay
+ * cur_iaj to be the delay between the last packet received
+ * and the first packet of the LRO stream. Due to round off errors
+ * cur_iaj may be the same as lro_delay_factor. Averaging has
+ * round off errors too. lro_delay_factor may be close to 0
+ * in steady state leading to lower values fed to compute_iaj_meat.
+ */
 void
 compute_iaj(struct tcpcb *tp, int nlropkts, int lro_delay_factor)
 {
 void
 compute_iaj(struct tcpcb *tp, int nlropkts, int lro_delay_factor)
 {
@@ -460,25 +463,26 @@ compute_iaj(struct tcpcb *tp, int nlropkts, int lro_delay_factor)
        }
 
        compute_iaj_meat(tp, cur_iaj);
        }
 
        compute_iaj_meat(tp, cur_iaj);
-       
-       if (nlropkts <= 1)
+
+       if (nlropkts <= 1) {
                return;
                return;
+       }
 
        nlropkts--;
 
        nlropkts--;
-       
-       timediff = lro_delay_factor/nlropkts;
 
 
-       while (nlropkts > 0) 
-       {
-               compute_iaj_meat(tp, timediff); 
+       timediff = lro_delay_factor / nlropkts;
+
+       while (nlropkts > 0) {
+               compute_iaj_meat(tp, timediff);
                nlropkts--;
        }
 }
 
 static
                nlropkts--;
        }
 }
 
 static
-void compute_iaj_meat(struct tcpcb *tp, uint32_t cur_iaj)
+void
+compute_iaj_meat(struct tcpcb *tp, uint32_t cur_iaj)
 {
 {
-       /* When accumulated IAJ reaches MAX_ACC_IAJ in milliseconds, 
+       /* When accumulated IAJ reaches MAX_ACC_IAJ in milliseconds,
         * throttle the receive window to a minimum of MIN_IAJ_WIN packets
         */
 #define MAX_ACC_IAJ (tcp_acc_iaj_high_thresh + tcp_acc_iaj_react_limit)
         * throttle the receive window to a minimum of MIN_IAJ_WIN packets
         */
 #define MAX_ACC_IAJ (tcp_acc_iaj_high_thresh + tcp_acc_iaj_react_limit)
@@ -490,66 +494,103 @@ void compute_iaj_meat(struct tcpcb *tp, uint32_t cur_iaj)
        uint32_t mean, temp;
        int32_t cur_iaj_dev;
 
        uint32_t mean, temp;
        int32_t cur_iaj_dev;
 
-       cur_iaj_dev = (cur_iaj - tp->avg_iaj);  
-       
-       /* Allow a jitter of "allowed_iaj" milliseconds. Some connections 
-        * may have a constant jitter more than that. We detect this by 
+       cur_iaj_dev = (cur_iaj - tp->avg_iaj);
+
+       /* Allow a jitter of "allowed_iaj" milliseconds. Some connections
+        * may have a constant jitter more than that. We detect this by
         * using standard deviation.
         */
        allowed_iaj = tp->avg_iaj + tp->std_dev_iaj;
         * using standard deviation.
         */
        allowed_iaj = tp->avg_iaj + tp->std_dev_iaj;
-       if (allowed_iaj < tcp_allowed_iaj)
+       if (allowed_iaj < tcp_allowed_iaj) {
                allowed_iaj = tcp_allowed_iaj;
                allowed_iaj = tcp_allowed_iaj;
+       }
 
 
-       /* Initially when the connection starts, the senders congestion 
-        * window is small. During this period we avoid throttling a 
-        * connection because we do not have a good starting point for 
-        * allowed_iaj. IAJ_IGNORE_PKTCNT is used to quietly gloss over 
+       /* Initially when the connection starts, the senders congestion
+        * window is small. During this period we avoid throttling a
+        * connection because we do not have a good starting point for
+        * allowed_iaj. IAJ_IGNORE_PKTCNT is used to quietly gloss over
         * the first few packets.
         */
        if (tp->iaj_pktcnt > IAJ_IGNORE_PKTCNT) {
         * the first few packets.
         */
        if (tp->iaj_pktcnt > IAJ_IGNORE_PKTCNT) {
-               if ( cur_iaj <= allowed_iaj ) {
-                       if (tp->acc_iaj >= 2)
+               if (cur_iaj <= allowed_iaj) {
+                       if (tp->acc_iaj >= 2) {
                                acc_iaj = tp->acc_iaj - 2;
                                acc_iaj = tp->acc_iaj - 2;
-                       else
+                       } else {
                                acc_iaj = 0;
                                acc_iaj = 0;
-                               
+                       }
                } else {
                        acc_iaj = tp->acc_iaj + (cur_iaj - allowed_iaj);
                }
 
                } else {
                        acc_iaj = tp->acc_iaj + (cur_iaj - allowed_iaj);
                }
 
-               if (acc_iaj > MAX_ACC_IAJ)
+               if (acc_iaj > MAX_ACC_IAJ) {
                        acc_iaj = MAX_ACC_IAJ;
                        acc_iaj = MAX_ACC_IAJ;
+               }
                tp->acc_iaj = acc_iaj;
        }
 
        /* Compute weighted average where the history has a weight of
                tp->acc_iaj = acc_iaj;
        }
 
        /* Compute weighted average where the history has a weight of
-        * 15 out of 16 and the current value has a weight of 1 out of 16. 
+        * 15 out of 16 and the current value has a weight of 1 out of 16.
         * This will make the short-term measurements have more weight.
         *
         * This will make the short-term measurements have more weight.
         *
-        * The addition of 8 will help to round-up the value 
+        * The addition of 8 will help to round-up the value
         * instead of round-down
         */
         * instead of round-down
         */
-       tp->avg_iaj = (((tp->avg_iaj << IAJ_DIV_SHIFT) - tp->avg_iaj) 
-               + cur_iaj + IAJ_ROUNDUP_CONST) >> IAJ_DIV_SHIFT;
+       tp->avg_iaj = (((tp->avg_iaj << IAJ_DIV_SHIFT) - tp->avg_iaj)
+           + cur_iaj + IAJ_ROUNDUP_CONST) >> IAJ_DIV_SHIFT;
 
        /* Compute Root-mean-square of deviation where mean is a weighted
 
        /* Compute Root-mean-square of deviation where mean is a weighted
-        * average as described above. 
+        * average as described above.
         */
        temp = tp->std_dev_iaj * tp->std_dev_iaj;
         */
        temp = tp->std_dev_iaj * tp->std_dev_iaj;
-       mean = (((temp << IAJ_DIV_SHIFT) - temp) 
-               + (cur_iaj_dev * cur_iaj_dev) 
-               + IAJ_ROUNDUP_CONST) >> IAJ_DIV_SHIFT;
-       
+       mean = (((temp << IAJ_DIV_SHIFT) - temp)
+           + (cur_iaj_dev * cur_iaj_dev)
+           + IAJ_ROUNDUP_CONST) >> IAJ_DIV_SHIFT;
+
        tp->std_dev_iaj = isqrt(mean);
 
        tp->std_dev_iaj = isqrt(mean);
 
-       DTRACE_TCP3(iaj, struct tcpcb *, tp, uint32_t, cur_iaj, 
-               uint32_t, allowed_iaj);
+       DTRACE_TCP3(iaj, struct tcpcb *, tp, uint32_t, cur_iaj,
+           uint32_t, allowed_iaj);
 
        return;
 }
 #endif /* TRAFFIC_MGT */
 
 
        return;
 }
 #endif /* TRAFFIC_MGT */
 
-/* Check if enough amount of data has been acknowledged since 
+/*
+ * Perform rate limit check per connection per second
+ * tp->t_challengeack_last is the last_time diff was greater than 1sec
+ * tp->t_challengeack_count is the number of ACKs sent (within 1sec)
+ * Return TRUE if we shouldn't send the ACK due to rate limitation
+ * Return FALSE if it is still ok to send challenge ACK
+ */
+static boolean_t
+tcp_is_ack_ratelimited(struct tcpcb *tp)
+{
+       boolean_t ret = TRUE;
+       uint32_t now = tcp_now;
+       int32_t diff = 0;
+
+       diff = timer_diff(now, 0, tp->t_challengeack_last, 0);
+       /* If it is first time or diff > 1000ms,
+        * update the challengeack_last and reset the
+        * current count of ACKs
+        */
+       if (tp->t_challengeack_last == 0 || diff >= 1000) {
+               tp->t_challengeack_last = now;
+               tp->t_challengeack_count = 0;
+               ret = FALSE;
+       } else if (tp->t_challengeack_count < tcp_challengeack_limit) {
+               ret = FALSE;
+       }
+
+       /* Careful about wrap-around */
+       if (ret == FALSE && (tp->t_challengeack_count + 1 > 0)) {
+               tp->t_challengeack_count++;
+       }
+
+       return ret;
+}
+
+/* Check if enough amount of data has been acknowledged since
  * bw measurement was started
  */
 static void
  * bw measurement was started
  */
 static void
@@ -557,20 +598,37 @@ tcp_bwmeas_check(struct tcpcb *tp)
 {
        int32_t bw_meas_bytes;
        uint32_t bw, bytes, elapsed_time;
 {
        int32_t bw_meas_bytes;
        uint32_t bw, bytes, elapsed_time;
+
+       if (SEQ_LEQ(tp->snd_una, tp->t_bwmeas->bw_start)) {
+               return;
+       }
+
        bw_meas_bytes = tp->snd_una - tp->t_bwmeas->bw_start;
        bw_meas_bytes = tp->snd_una - tp->t_bwmeas->bw_start;
-       if ((tp->t_flagsext & TF_BWMEAS_INPROGRESS) != 0 &&
+       if ((tp->t_flagsext & TF_BWMEAS_INPROGRESS) &&
            bw_meas_bytes >= (int32_t)(tp->t_bwmeas->bw_size)) {
                bytes = bw_meas_bytes;
                elapsed_time = tcp_now - tp->t_bwmeas->bw_ts;
                if (elapsed_time > 0) {
                        bw = bytes / elapsed_time;
            bw_meas_bytes >= (int32_t)(tp->t_bwmeas->bw_size)) {
                bytes = bw_meas_bytes;
                elapsed_time = tcp_now - tp->t_bwmeas->bw_ts;
                if (elapsed_time > 0) {
                        bw = bytes / elapsed_time;
-                       if ( bw > 0) {
+                       if (bw > 0) {
                                if (tp->t_bwmeas->bw_sndbw > 0) {
                                if (tp->t_bwmeas->bw_sndbw > 0) {
-                                       tp->t_bwmeas->bw_sndbw = 
-                                           (((tp->t_bwmeas->bw_sndbw << 3) - tp->t_bwmeas->bw_sndbw) + bw) >> 3;
+                                       tp->t_bwmeas->bw_sndbw =
+                                           (((tp->t_bwmeas->bw_sndbw << 3)
+                                           - tp->t_bwmeas->bw_sndbw)
+                                           + bw) >> 3;
                                } else {
                                        tp->t_bwmeas->bw_sndbw = bw;
                                }
                                } else {
                                        tp->t_bwmeas->bw_sndbw = bw;
                                }
+
+                               /* Store the maximum value */
+                               if (tp->t_bwmeas->bw_sndbw_max == 0) {
+                                       tp->t_bwmeas->bw_sndbw_max =
+                                           tp->t_bwmeas->bw_sndbw;
+                               } else {
+                                       tp->t_bwmeas->bw_sndbw_max =
+                                           max(tp->t_bwmeas->bw_sndbw,
+                                           tp->t_bwmeas->bw_sndbw_max);
+                               }
                        }
                }
                tp->t_flagsext &= ~(TF_BWMEAS_INPROGRESS);
                        }
                }
                tp->t_flagsext &= ~(TF_BWMEAS_INPROGRESS);
@@ -579,7 +637,7 @@ tcp_bwmeas_check(struct tcpcb *tp)
 
 static int
 tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m,
 
 static int
 tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m,
-    struct ifnet *ifp)
+    struct ifnet *ifp, int *dowakeup)
 {
        struct tseg_qent *q;
        struct tseg_qent *p = NULL;
 {
        struct tseg_qent *q;
        struct tseg_qent *p = NULL;
@@ -588,7 +646,6 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m,
        struct inpcb *inp = tp->t_inpcb;
        struct socket *so = inp->inp_socket;
        int flags = 0;
        struct inpcb *inp = tp->t_inpcb;
        struct socket *so = inp->inp_socket;
        int flags = 0;
-       int dowakeup = 0;
        struct mbuf *oodata = NULL;
        int copy_oodata = 0;
        u_int16_t qlimit;
        struct mbuf *oodata = NULL;
        int copy_oodata = 0;
        u_int16_t qlimit;
@@ -601,20 +658,22 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m,
         * Call with th==0 after become established to
         * force pre-ESTABLISHED data up to user socket.
         */
         * Call with th==0 after become established to
         * force pre-ESTABLISHED data up to user socket.
         */
-       if (th == NULL)
+       if (th == NULL) {
                goto present;
                goto present;
-       
+       }
+
        /*
        /*
-        * If the reassembly queue already has entries or if we are going 
-        * to add a new one, then the connection has reached a loss state. 
+        * If the reassembly queue already has entries or if we are going
+        * to add a new one, then the connection has reached a loss state.
         * Reset the stretch-ack algorithm at this point.
         */
        tcp_reset_stretch_ack(tp);
 
 #if TRAFFIC_MGT
         * Reset the stretch-ack algorithm at this point.
         */
        tcp_reset_stretch_ack(tp);
 
 #if TRAFFIC_MGT
-       if (tp->acc_iaj > 0)
+       if (tp->acc_iaj > 0) {
                reset_acc_iaj(tp);
                reset_acc_iaj(tp);
-#endif /* TRAFFIC_MGT */       
+       }
+#endif /* TRAFFIC_MGT */
 
        /*
         * Limit the number of segments in the reassembly queue to prevent
 
        /*
         * Limit the number of segments in the reassembly queue to prevent
@@ -624,14 +683,14 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m,
         * process the missing segment.
         */
        qlimit = min(max(100, so->so_rcv.sb_hiwat >> 10),
         * process the missing segment.
         */
        qlimit = min(max(100, so->so_rcv.sb_hiwat >> 10),
-           tcp_autorcvbuf_max >> 10); 
+           (TCP_AUTORCVBUF_MAX(ifp) >> 10));
        if (th->th_seq != tp->rcv_nxt &&
            (tp->t_reassqlen + 1) >= qlimit) {
                tcp_reass_overflows++;
                tcpstat.tcps_rcvmemdrop++;
                m_freem(m);
                *tlenp = 0;
        if (th->th_seq != tp->rcv_nxt &&
            (tp->t_reassqlen + 1) >= qlimit) {
                tcp_reass_overflows++;
                tcpstat.tcps_rcvmemdrop++;
                m_freem(m);
                *tlenp = 0;
-               return (0);
+               return 0;
        }
 
        /* Allocate a new queue entry. If we can't, just drop the pkt. XXX */
        }
 
        /* Allocate a new queue entry. If we can't, just drop the pkt. XXX */
@@ -639,7 +698,7 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m,
        if (te == NULL) {
                tcpstat.tcps_rcvmemdrop++;
                m_freem(m);
        if (te == NULL) {
                tcpstat.tcps_rcvmemdrop++;
                m_freem(m);
-               return (0);
+               return 0;
        }
        tp->t_reassqlen++;
 
        }
        tp->t_reassqlen++;
 
@@ -647,8 +706,9 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m,
         * Find a segment which begins after this one does.
         */
        LIST_FOREACH(q, &tp->t_segq, tqe_q) {
         * Find a segment which begins after this one does.
         */
        LIST_FOREACH(q, &tp->t_segq, tqe_q) {
-               if (SEQ_GT(q->tqe_th->th_seq, th->th_seq))
+               if (SEQ_GT(q->tqe_th->th_seq, th->th_seq)) {
                        break;
                        break;
+               }
                p = q;
        }
 
                p = q;
        }
 
@@ -689,6 +749,7 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m,
                                        INP_ADD_STAT(inp, cell, wifi, wired,
                                            rxbytes, *tlenp);
                                        tp->t_stat.rxduplicatebytes += *tlenp;
                                        INP_ADD_STAT(inp, cell, wifi, wired,
                                            rxbytes, *tlenp);
                                        tp->t_stat.rxduplicatebytes += *tlenp;
+                                       inp_set_activity_bitmap(inp);
                                }
                                m_freem(m);
                                zfree(tcp_reass_zone, te);
                                }
                                m_freem(m);
                                zfree(tcp_reass_zone, te);
@@ -716,6 +777,7 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m,
                INP_ADD_STAT(inp, cell, wifi, wired, rxpackets, 1);
                INP_ADD_STAT(inp, cell, wifi, wired, rxbytes, *tlenp);
                tp->t_stat.rxoutoforderbytes += *tlenp;
                INP_ADD_STAT(inp, cell, wifi, wired, rxpackets, 1);
                INP_ADD_STAT(inp, cell, wifi, wired, rxbytes, *tlenp);
                tp->t_stat.rxoutoforderbytes += *tlenp;
+               inp_set_activity_bitmap(inp);
        }
 
        /*
        }
 
        /*
@@ -724,8 +786,9 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m,
         */
        while (q) {
                int i = (th->th_seq + *tlenp) - q->tqe_th->th_seq;
         */
        while (q) {
                int i = (th->th_seq + *tlenp) - q->tqe_th->th_seq;
-               if (i <= 0)
+               if (i <= 0) {
                        break;
                        break;
+               }
 
                /*
                 * Report only the first part of partial/non-contiguous
 
                /*
                 * Report only the first part of partial/non-contiguous
@@ -774,111 +837,134 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int *tlenp, struct mbuf *m,
                LIST_INSERT_AFTER(p, te, tqe_q);
        }
 
                LIST_INSERT_AFTER(p, te, tqe_q);
        }
 
-       /* 
+       /*
         * New out-of-order data exists, and is pointed to by
         * New out-of-order data exists, and is pointed to by
-        * queue entry te. Set copy_oodata to 1 so out-of-order data 
-        * can be copied off to sockbuf after in-order data 
+        * queue entry te. Set copy_oodata to 1 so out-of-order data
+        * can be copied off to sockbuf after in-order data
         * is copied off.
         */
         * is copied off.
         */
-       if (!(so->so_state & SS_CANTRCVMORE))
+       if (!(so->so_state & SS_CANTRCVMORE)) {
                copy_oodata = 1;
                copy_oodata = 1;
+       }
 
 present:
        /*
         * Present data to user, advancing rcv_nxt through
         * completed sequence space.
         */
 
 present:
        /*
         * Present data to user, advancing rcv_nxt through
         * completed sequence space.
         */
-       if (!TCPS_HAVEESTABLISHED(tp->t_state))
-               return (0);
+       if (!TCPS_HAVEESTABLISHED(tp->t_state)) {
+               return 0;
+       }
        q = LIST_FIRST(&tp->t_segq);
        if (!q || q->tqe_th->th_seq != tp->rcv_nxt) {
                /* Stop using LRO once out of order packets arrive */
                if (tp->t_flagsext & TF_LRO_OFFLOADED) {
                        tcp_lro_remove_state(inp->inp_laddr, inp->inp_faddr,
        q = LIST_FIRST(&tp->t_segq);
        if (!q || q->tqe_th->th_seq != tp->rcv_nxt) {
                /* Stop using LRO once out of order packets arrive */
                if (tp->t_flagsext & TF_LRO_OFFLOADED) {
                        tcp_lro_remove_state(inp->inp_laddr, inp->inp_faddr,
-                               th->th_dport, th->th_sport);
-                       tp->t_flagsext &= ~TF_LRO_OFFLOADED;    
+                           th->th_dport, th->th_sport);
+                       tp->t_flagsext &= ~TF_LRO_OFFLOADED;
                }
 
                /*
                }
 
                /*
-                * continue processing if out-of-order data 
+                * continue processing if out-of-order data
                 * can be delivered
                 */
                 * can be delivered
                 */
-               if (q && (so->so_flags & SOF_ENABLE_MSGS))
+               if (q && (so->so_flags & SOF_ENABLE_MSGS)) {
                        goto msg_unordered_delivery;
                        goto msg_unordered_delivery;
+               }
+
+               return 0;
+       }
 
 
-               return (0);
+       /*
+        * If there is already another thread doing reassembly for this
+        * connection, it is better to let it finish the job --
+        * (radar 16316196)
+        */
+       if (tp->t_flagsext & TF_REASS_INPROG) {
+               return 0;
        }
 
        }
 
+       tp->t_flagsext |= TF_REASS_INPROG;
        /* lost packet was recovered, so ooo data can be returned */
        tcpstat.tcps_recovered_pkts++;
 
        do {
                tp->rcv_nxt += q->tqe_len;
                flags = q->tqe_th->th_flags & TH_FIN;
        /* lost packet was recovered, so ooo data can be returned */
        tcpstat.tcps_recovered_pkts++;
 
        do {
                tp->rcv_nxt += q->tqe_len;
                flags = q->tqe_th->th_flags & TH_FIN;
-               nq = LIST_NEXT(q, tqe_q);
                LIST_REMOVE(q, tqe_q);
                if (so->so_state & SS_CANTRCVMORE) {
                        m_freem(q->tqe_m);
                } else {
                LIST_REMOVE(q, tqe_q);
                if (so->so_state & SS_CANTRCVMORE) {
                        m_freem(q->tqe_m);
                } else {
+                       /*
+                        * The mbuf may be freed after it has been added to the
+                        * receive socket buffer so we reinitialize th to point
+                        * to a safe copy of the TCP header
+                        */
+                       struct tcphdr saved_tcphdr = {};
+
                        so_recv_data_stat(so, q->tqe_m, 0); /* XXXX */
                        if (so->so_flags & SOF_ENABLE_MSGS) {
                        so_recv_data_stat(so, q->tqe_m, 0); /* XXXX */
                        if (so->so_flags & SOF_ENABLE_MSGS) {
-                               /* 
-                                * Append the inorder data as a message to the 
-                                * receive socket buffer. Also check to see if 
-                                * the data we are about to deliver is the same 
-                                * data that we wanted to pass up to the user 
-                                * out of order. If so, reset copy_oodata -- 
+                               /*
+                                * Append the inorder data as a message to the
+                                * receive socket buffer. Also check to see if
+                                * the data we are about to deliver is the same
+                                * data that we wanted to pass up to the user
+                                * out of order. If so, reset copy_oodata --
                                 * the received data filled a gap, and
                                 * is now in order!
                                 */
                                 * the received data filled a gap, and
                                 * is now in order!
                                 */
-                               if (q == te)
+                               if (q == te) {
                                        copy_oodata = 0;
                                        copy_oodata = 0;
+                               }
+                       }
+                       memcpy(&saved_tcphdr, th, sizeof(struct tcphdr));
+                       if (sbappendstream_rcvdemux(so, q->tqe_m,
+                           q->tqe_th->th_seq - (tp->irs + 1), 0)) {
+                               *dowakeup = 1;
                        }
                        }
-                       if (sbappendstream_rcvdemux(so, q->tqe_m, 
-                           q->tqe_th->th_seq - (tp->irs + 1), 0))
-                               dowakeup = 1;
-                       if (tp->t_flagsext & TF_LRO_OFFLOADED) {        
-                               tcp_update_lro_seq(tp->rcv_nxt, 
-                                inp->inp_laddr, inp->inp_faddr,
-                                th->th_dport, th->th_sport);
+                       th = &saved_tcphdr;
+
+                       if (tp->t_flagsext & TF_LRO_OFFLOADED) {
+                               tcp_update_lro_seq(tp->rcv_nxt,
+                                   inp->inp_laddr, inp->inp_faddr,
+                                   th->th_dport, th->th_sport);
                        }
                }
                zfree(tcp_reass_zone, q);
                tp->t_reassqlen--;
                        }
                }
                zfree(tcp_reass_zone, q);
                tp->t_reassqlen--;
-               q = nq;
+               q = LIST_FIRST(&tp->t_segq);
        } while (q && q->tqe_th->th_seq == tp->rcv_nxt);
        } while (q && q->tqe_th->th_seq == tp->rcv_nxt);
+       tp->t_flagsext &= ~TF_REASS_INPROG;
 
 #if INET6
        if ((inp->inp_vflag & INP_IPV6) != 0) {
 
 #if INET6
        if ((inp->inp_vflag & INP_IPV6) != 0) {
-       
                KERNEL_DEBUG(DBG_LAYER_BEG,
                KERNEL_DEBUG(DBG_LAYER_BEG,
-                    ((inp->inp_fport << 16) | inp->inp_lport),
-                    (((inp->in6p_laddr.s6_addr16[0] & 0xffff) << 16) |
-                     (inp->in6p_faddr.s6_addr16[0] & 0xffff)),
-                    0,0,0);
-       }
-       else
+                   ((inp->inp_fport << 16) | inp->inp_lport),
+                   (((inp->in6p_laddr.s6_addr16[0] & 0xffff) << 16) |
+                   (inp->in6p_faddr.s6_addr16[0] & 0xffff)),
+                   0, 0, 0);
+       } else
 #endif
        {
                KERNEL_DEBUG(DBG_LAYER_BEG,
 #endif
        {
                KERNEL_DEBUG(DBG_LAYER_BEG,
-                    ((inp->inp_fport << 16) | inp->inp_lport),
-                    (((inp->inp_laddr.s_addr & 0xffff) << 16) |
-                     (inp->inp_faddr.s_addr & 0xffff)),
-                    0,0,0);
+                   ((inp->inp_fport << 16) | inp->inp_lport),
+                   (((inp->inp_laddr.s_addr & 0xffff) << 16) |
+                   (inp->inp_faddr.s_addr & 0xffff)),
+                   0, 0, 0);
        }
 
 msg_unordered_delivery:
        /* Deliver out-of-order data as a message */
        if (te && (so->so_flags & SOF_ENABLE_MSGS) && copy_oodata && te->tqe_len) {
        }
 
 msg_unordered_delivery:
        /* Deliver out-of-order data as a message */
        if (te && (so->so_flags & SOF_ENABLE_MSGS) && copy_oodata && te->tqe_len) {
-               /* 
-                * make a copy of the mbuf to be delivered up to 
+               /*
+                * make a copy of the mbuf to be delivered up to
                 * the user, and add it to the sockbuf
                 */
                oodata = m_copym(te->tqe_m, 0, M_COPYALL, M_DONTWAIT);
                if (oodata != NULL) {
                 * the user, and add it to the sockbuf
                 */
                oodata = m_copym(te->tqe_m, 0, M_COPYALL, M_DONTWAIT);
                if (oodata != NULL) {
-                       if (sbappendmsgstream_rcv(&so->so_rcv, oodata, 
-                               te->tqe_th->th_seq - (tp->irs + 1), 1)) {
-                               dowakeup = 1;
+                       if (sbappendmsgstream_rcv(&so->so_rcv, oodata,
+                           te->tqe_th->th_seq - (tp->irs + 1), 1)) {
+                               *dowakeup = 1;
                                tcpstat.tcps_msg_unopkts++;
                        } else {
                                tcpstat.tcps_msg_unoappendfail++;
                                tcpstat.tcps_msg_unopkts++;
                        } else {
                                tcpstat.tcps_msg_unoappendfail++;
@@ -886,9 +972,7 @@ msg_unordered_delivery:
                }
        }
 
                }
        }
 
-       if (dowakeup)
-               sorwakeup(so); /* done with socket lock held */
-       return (flags);
+       return flags;
 }
 
 /*
 }
 
 /*
@@ -897,20 +981,22 @@ msg_unordered_delivery:
  */
 static void
 tcp_reduce_congestion_window(
  */
 static void
 tcp_reduce_congestion_window(
-       struct tcpcb    *tp)
+       struct tcpcb    *tp)
 {
        /*
         * If the current tcp cc module has
         * defined a hook for tasks to run
         * before entering FR, call it
         */
 {
        /*
         * If the current tcp cc module has
         * defined a hook for tasks to run
         * before entering FR, call it
         */
-       if (CC_ALGO(tp)->pre_fr != NULL)
+       if (CC_ALGO(tp)->pre_fr != NULL) {
                CC_ALGO(tp)->pre_fr(tp);
                CC_ALGO(tp)->pre_fr(tp);
+       }
        ENTER_FASTRECOVERY(tp);
        ENTER_FASTRECOVERY(tp);
-       if (tp->t_flags & TF_SENTFIN)
+       if (tp->t_flags & TF_SENTFIN) {
                tp->snd_recover = tp->snd_max - 1;
                tp->snd_recover = tp->snd_max - 1;
-       else
+       } else {
                tp->snd_recover = tp->snd_max;
                tp->snd_recover = tp->snd_max;
+       }
        tp->t_timer[TCPT_REXMT] = 0;
        tp->t_timer[TCPT_PTO] = 0;
        tp->t_rtttime = 0;
        tp->t_timer[TCPT_REXMT] = 0;
        tp->t_timer[TCPT_PTO] = 0;
        tp->t_rtttime = 0;
@@ -944,7 +1030,7 @@ tcp_adaptive_rwtimo_check(struct tcpcb *tp, int tlen)
            && tlen > 0 &&
            tp->t_state == TCPS_ESTABLISHED) {
                tp->t_timer[TCPT_KEEP] = OFFSET_FROM_START(tp,
            && tlen > 0 &&
            tp->t_state == TCPS_ESTABLISHED) {
                tp->t_timer[TCPT_KEEP] = OFFSET_FROM_START(tp,
-                       (TCP_REXMTVAL(tp) << 1));
+                   (TCP_REXMTVAL(tp) << 1));
                tp->t_flagsext |= TF_DETECT_READSTALL;
                tp->t_rtimo_probes = 0;
        }
                tp->t_flagsext |= TF_DETECT_READSTALL;
                tp->t_rtimo_probes = 0;
        }
@@ -953,8 +1039,8 @@ tcp_adaptive_rwtimo_check(struct tcpcb *tp, int tlen)
 inline void
 tcp_keepalive_reset(struct tcpcb *tp)
 {
 inline void
 tcp_keepalive_reset(struct tcpcb *tp)
 {
-       tp->t_timer[TCPT_KEEP] = OFFSET_FROM_START(tp, 
-               TCP_CONN_KEEPIDLE(tp));
+       tp->t_timer[TCPT_KEEP] = OFFSET_FROM_START(tp,
+           TCP_CONN_KEEPIDLE(tp));
        tp->t_flagsext &= ~(TF_DETECT_READSTALL);
        tp->t_rtimo_probes = 0;
 }
        tp->t_flagsext &= ~(TF_DETECT_READSTALL);
        tp->t_rtimo_probes = 0;
 }
@@ -968,7 +1054,7 @@ int
 tcp6_input(struct mbuf **mp, int *offp, int proto)
 {
 #pragma unused(proto)
 tcp6_input(struct mbuf **mp, int *offp, int proto)
 {
 #pragma unused(proto)
-       register struct mbuf *m = *mp;
+       struct mbuf *m = *mp;
        uint32_t ia6_flags;
        struct ifnet *ifp = m->m_pkthdr.rcvif;
 
        uint32_t ia6_flags;
        struct ifnet *ifp = m->m_pkthdr.rcvif;
 
@@ -992,17 +1078,17 @@ tcp6_input(struct mbuf **mp, int *offp, int proto)
 
                        IF_TCP_STATINC(ifp, icmp6unreach);
 
 
                        IF_TCP_STATINC(ifp, icmp6unreach);
 
-                       return (IPPROTO_DONE);
+                       return IPPROTO_DONE;
                }
        }
 
        tcp_input(m, *offp);
                }
        }
 
        tcp_input(m, *offp);
-       return (IPPROTO_DONE);
+       return IPPROTO_DONE;
 }
 #endif
 
 /* Depending on the usage of mbuf space in the system, this function
 }
 #endif
 
 /* Depending on the usage of mbuf space in the system, this function
- * will return true or false. This is used to determine if a socket 
+ * will return true or false. This is used to determine if a socket
  * buffer can take more memory from the system for auto-tuning or not.
  */
 u_int8_t
  * buffer can take more memory from the system for auto-tuning or not.
  */
 u_int8_t
@@ -1010,7 +1096,7 @@ tcp_cansbgrow(struct sockbuf *sb)
 {
        /* Calculate the host level space limit in terms of MSIZE buffers.
         * We can use a maximum of half of the available mbuf space for
 {
        /* Calculate the host level space limit in terms of MSIZE buffers.
         * We can use a maximum of half of the available mbuf space for
-        * socket buffers. 
+        * socket buffers.
         */
        u_int32_t mblim = ((nmbclusters >> 1) << (MCLSHIFT - MSIZESHIFT));
 
         */
        u_int32_t mblim = ((nmbclusters >> 1) << (MCLSHIFT - MSIZESHIFT));
 
@@ -1021,78 +1107,76 @@ tcp_cansbgrow(struct sockbuf *sb)
        u_int32_t sbspacelim = ((nmbclusters >> 4) << MCLSHIFT);
 
        if ((total_sbmb_cnt < mblim) &&
        u_int32_t sbspacelim = ((nmbclusters >> 4) << MCLSHIFT);
 
        if ((total_sbmb_cnt < mblim) &&
-               (sb->sb_hiwat < sbspacelim)) {
-               return(1);
+           (sb->sb_hiwat < sbspacelim)) {
+               return 1;
        } else {
                OSIncrementAtomic64(&sbmb_limreached);
        }
        } else {
                OSIncrementAtomic64(&sbmb_limreached);
        }
-       return(0);
+       return 0;
 }
 
 static void
 tcp_sbrcv_reserve(struct tcpcb *tp, struct sockbuf *sbrcv,
 }
 
 static void
 tcp_sbrcv_reserve(struct tcpcb *tp, struct sockbuf *sbrcv,
-       u_int32_t newsize, u_int32_t idealsize)
+    u_int32_t newsize, u_int32_t idealsize, u_int32_t rcvbuf_max)
 {
 {
-
        /* newsize should not exceed max */
        /* newsize should not exceed max */
-       newsize = min(newsize, tcp_autorcvbuf_max);
+       newsize = min(newsize, rcvbuf_max);
 
 
-       /* The receive window scale negotiated at the 
-        * beginning of the connection will also set a 
+       /* The receive window scale negotiated at the
+        * beginning of the connection will also set a
         * limit on the socket buffer size
         */
        newsize = min(newsize, TCP_MAXWIN << tp->rcv_scale);
 
        /* Set new socket buffer size */
        if (newsize > sbrcv->sb_hiwat &&
         * limit on the socket buffer size
         */
        newsize = min(newsize, TCP_MAXWIN << tp->rcv_scale);
 
        /* Set new socket buffer size */
        if (newsize > sbrcv->sb_hiwat &&
-               (sbreserve(sbrcv, newsize) == 1)) {
-               sbrcv->sb_idealsize = min(max(sbrcv->sb_idealsize, 
-                       (idealsize != 0) ? idealsize : newsize), 
-                       tcp_autorcvbuf_max);
+           (sbreserve(sbrcv, newsize) == 1)) {
+               sbrcv->sb_idealsize = min(max(sbrcv->sb_idealsize,
+                   (idealsize != 0) ? idealsize : newsize), rcvbuf_max);
 
 
-               /* Again check the limit set by the advertised 
-                * window scale 
+               /* Again check the limit set by the advertised
+                * window scale
                 */
                 */
-               sbrcv->sb_idealsize = min(sbrcv->sb_idealsize, 
-                       TCP_MAXWIN << tp->rcv_scale);
+               sbrcv->sb_idealsize = min(sbrcv->sb_idealsize,
+                   TCP_MAXWIN << tp->rcv_scale);
        }
 }
 
        }
 }
 
-/* 
+/*
  * This function is used to grow  a receive socket buffer. It
  * will take into account system-level memory usage and the
  * bandwidth available on the link to make a decision.
  */
 static void
  * This function is used to grow  a receive socket buffer. It
  * will take into account system-level memory usage and the
  * bandwidth available on the link to make a decision.
  */
 static void
-tcp_sbrcv_grow(struct tcpcb *tp, struct sockbuf *sbrcv, 
-       struct tcpopt *to, u_int32_t pktlen) 
+tcp_sbrcv_grow(struct tcpcb *tp, struct sockbuf *sbrcv,
+    struct tcpopt *to, u_int32_t pktlen, u_int32_t rcvbuf_max)
 {
        struct socket *so = sbrcv->sb_so;
 {
        struct socket *so = sbrcv->sb_so;
-       
+
        /*
         * Do not grow the receive socket buffer if
         * - auto resizing is disabled, globally or on this socket
         * - the high water mark already reached the maximum
        /*
         * Do not grow the receive socket buffer if
         * - auto resizing is disabled, globally or on this socket
         * - the high water mark already reached the maximum
-        * - the stream is in background and receive side is being 
+        * - the stream is in background and receive side is being
         * throttled
         * - if there are segments in reassembly queue indicating loss,
         * throttled
         * - if there are segments in reassembly queue indicating loss,
-        * do not need to increase recv window during recovery as more 
+        * do not need to increase recv window during recovery as more
         * data is not going to be sent. A duplicate ack sent during
         * recovery should not change the receive window
         */
        if (tcp_do_autorcvbuf == 0 ||
         * data is not going to be sent. A duplicate ack sent during
         * recovery should not change the receive window
         */
        if (tcp_do_autorcvbuf == 0 ||
-               (sbrcv->sb_flags & SB_AUTOSIZE) == 0 ||
-               tcp_cansbgrow(sbrcv) == 0 ||
-               sbrcv->sb_hiwat >= tcp_autorcvbuf_max ||
-               (tp->t_flagsext & TF_RECV_THROTTLE) ||
-               (so->so_flags1 & SOF1_EXTEND_BK_IDLE_WANTED) ||
-               !LIST_EMPTY(&tp->t_segq)) {
+           (sbrcv->sb_flags & SB_AUTOSIZE) == 0 ||
+           tcp_cansbgrow(sbrcv) == 0 ||
+           sbrcv->sb_hiwat >= rcvbuf_max ||
+           (tp->t_flagsext & TF_RECV_THROTTLE) ||
+           (so->so_flags1 & SOF1_EXTEND_BK_IDLE_WANTED) ||
+           !LIST_EMPTY(&tp->t_segq)) {
                /* Can not resize the socket buffer, just return */
                goto out;
        }
 
        if (TSTMP_GT(tcp_now,
                /* Can not resize the socket buffer, just return */
                goto out;
        }
 
        if (TSTMP_GT(tcp_now,
-               tp->rfbuf_ts + TCPTV_RCVBUFIDLE)) {
+           tp->rfbuf_ts + TCPTV_RCVBUFIDLE)) {
                /* If there has been an idle period in the
                 * connection, just restart the measurement
                 */
                /* If there has been an idle period in the
                 * connection, just restart the measurement
                 */
@@ -1106,11 +1190,12 @@ tcp_sbrcv_grow(struct tcpcb *tp, struct sockbuf *sbrcv,
                 * the receive socket buffer needs to grow, increase
                 * the high water mark.
                 */
                 * the receive socket buffer needs to grow, increase
                 * the high water mark.
                 */
-               if (TSTMP_GEQ(tcp_now, 
-                       tp->rfbuf_ts + TCPTV_RCVNOTS_QUANTUM)) {
-                       if (tp->rfbuf_cnt >= TCP_RCVNOTS_BYTELEVEL) {
+               if (TSTMP_GEQ(tcp_now,
+                   tp->rfbuf_ts + TCPTV_RCVNOTS_QUANTUM)) {
+                       if (tp->rfbuf_cnt + pktlen >= TCP_RCVNOTS_BYTELEVEL) {
                                tcp_sbrcv_reserve(tp, sbrcv,
                                tcp_sbrcv_reserve(tp, sbrcv,
-                                       tcp_autorcvbuf_max, 0);
+                                   tcp_autorcvbuf_max, 0,
+                                   tcp_autorcvbuf_max);
                        }
                        goto out;
                } else {
                        }
                        goto out;
                } else {
@@ -1128,18 +1213,19 @@ tcp_sbrcv_grow(struct tcpcb *tp, struct sockbuf *sbrcv,
                 * on the link.
                 */
                if (TSTMP_GEQ(to->to_tsecr, tp->rfbuf_ts)) {
                 * on the link.
                 */
                if (TSTMP_GEQ(to->to_tsecr, tp->rfbuf_ts)) {
-                       if (tp->rfbuf_cnt > (sbrcv->sb_hiwat -
-                               (sbrcv->sb_hiwat >> 1))) {
+                       if (tp->rfbuf_cnt + pktlen > (sbrcv->sb_hiwat -
+                           (sbrcv->sb_hiwat >> 1))) {
+                               tp->rfbuf_cnt += pktlen;
                                int32_t rcvbuf_inc, min_incr;
                                /*
                                 * Increment the receive window by a
                                 * multiple of maximum sized segments.
                                int32_t rcvbuf_inc, min_incr;
                                /*
                                 * Increment the receive window by a
                                 * multiple of maximum sized segments.
-                                * This will prevent a connection from 
+                                * This will prevent a connection from
                                 * sending smaller segments on wire if it
                                 * is limited by the receive window.
                                 *
                                 * Set the ideal size based on current
                                 * sending smaller segments on wire if it
                                 * is limited by the receive window.
                                 *
                                 * Set the ideal size based on current
-                                * bandwidth measurements. We set the 
+                                * bandwidth measurements. We set the
                                 * ideal size on receive socket buffer to
                                 * be twice the bandwidth delay product.
                                 */
                                 * ideal size on receive socket buffer to
                                 * be twice the bandwidth delay product.
                                 */
@@ -1151,14 +1237,28 @@ tcp_sbrcv_grow(struct tcpcb *tp, struct sockbuf *sbrcv,
                                 * at least
                                 */
                                min_incr = tp->t_maxseg << tcp_autorcvbuf_inc_shift;
                                 * at least
                                 */
                                min_incr = tp->t_maxseg << tcp_autorcvbuf_inc_shift;
-                               if (rcvbuf_inc < min_incr)
-                                   rcvbuf_inc = min_incr;
+                               if (rcvbuf_inc < min_incr) {
+                                       rcvbuf_inc = min_incr;
+                               }
 
 
-                               rcvbuf_inc = 
+                               rcvbuf_inc =
                                    (rcvbuf_inc / tp->t_maxseg) * tp->t_maxseg;
                                tcp_sbrcv_reserve(tp, sbrcv,
                                    (rcvbuf_inc / tp->t_maxseg) * tp->t_maxseg;
                                tcp_sbrcv_reserve(tp, sbrcv,
-                                       sbrcv->sb_hiwat + rcvbuf_inc, 
-                                       (tp->rfbuf_cnt * 2));
+                                   sbrcv->sb_hiwat + rcvbuf_inc,
+                                   (tp->rfbuf_cnt << 1), rcvbuf_max);
+                       }
+                       /* Measure instantaneous receive bandwidth */
+                       if (tp->t_bwmeas != NULL && tp->rfbuf_cnt > 0 &&
+                           TSTMP_GT(tcp_now, tp->rfbuf_ts)) {
+                               u_int32_t rcv_bw;
+                               rcv_bw = tp->rfbuf_cnt /
+                                   (int)(tcp_now - tp->rfbuf_ts);
+                               if (tp->t_bwmeas->bw_rcvbw_max == 0) {
+                                       tp->t_bwmeas->bw_rcvbw_max = rcv_bw;
+                               } else {
+                                       tp->t_bwmeas->bw_rcvbw_max = max(
+                                               tp->t_bwmeas->bw_rcvbw_max, rcv_bw);
+                               }
                        }
                        goto out;
                } else {
                        }
                        goto out;
                } else {
@@ -1175,13 +1275,14 @@ out:
 
 /* This function will trim the excess space added to the socket buffer
  * to help a slow-reading app. The ideal-size of a socket buffer depends
 
 /* This function will trim the excess space added to the socket buffer
  * to help a slow-reading app. The ideal-size of a socket buffer depends
- * on the link bandwidth or it is set by an application and we aim to 
+ * on the link bandwidth or it is set by an application and we aim to
  * reach that size.
  */
 void
  * reach that size.
  */
 void
-tcp_sbrcv_trim(struct tcpcb *tp, struct sockbuf *sbrcv) {
+tcp_sbrcv_trim(struct tcpcb *tp, struct sockbuf *sbrcv)
+{
        if (tcp_do_autorcvbuf == 1 && sbrcv->sb_idealsize > 0 &&
        if (tcp_do_autorcvbuf == 1 && sbrcv->sb_idealsize > 0 &&
-               sbrcv->sb_hiwat > sbrcv->sb_idealsize) {
+           sbrcv->sb_hiwat > sbrcv->sb_idealsize) {
                int32_t trim;
                /* compute the difference between ideal and current sizes */
                u_int32_t diff = sbrcv->sb_hiwat - sbrcv->sb_idealsize;
                int32_t trim;
                /* compute the difference between ideal and current sizes */
                u_int32_t diff = sbrcv->sb_hiwat - sbrcv->sb_idealsize;
@@ -1190,25 +1291,27 @@ tcp_sbrcv_trim(struct tcpcb *tp, struct sockbuf *sbrcv) {
                 * this connection.
                 */
                u_int32_t advwin = tp->rcv_adv - tp->rcv_nxt;
                 * this connection.
                 */
                u_int32_t advwin = tp->rcv_adv - tp->rcv_nxt;
-               
+
                /* How much can we trim the receive socket buffer?
                 * 1. it can not be trimmed beyond the max rcv win advertised
                /* How much can we trim the receive socket buffer?
                 * 1. it can not be trimmed beyond the max rcv win advertised
-                * 2. if possible, leave 1/16 of bandwidth*delay to 
+                * 2. if possible, leave 1/16 of bandwidth*delay to
                 * avoid closing the win completely
                 */
                u_int32_t leave = max(advwin, (sbrcv->sb_idealsize >> 4));
 
                /* Sometimes leave can be zero, in that case leave at least
                 * avoid closing the win completely
                 */
                u_int32_t leave = max(advwin, (sbrcv->sb_idealsize >> 4));
 
                /* Sometimes leave can be zero, in that case leave at least
-                * a few segments worth of space.
+                * a few segments worth of space.
                 */
                 */
-               if (leave == 0)
+               if (leave == 0) {
                        leave = tp->t_maxseg << tcp_autorcvbuf_inc_shift;
                        leave = tp->t_maxseg << tcp_autorcvbuf_inc_shift;
-               
+               }
+
                trim = sbrcv->sb_hiwat - (sbrcv->sb_cc + leave);
                trim = imin(trim, (int32_t)diff);
 
                trim = sbrcv->sb_hiwat - (sbrcv->sb_cc + leave);
                trim = imin(trim, (int32_t)diff);
 
-               if (trim > 0)
+               if (trim > 0) {
                        sbreserve(sbrcv, (sbrcv->sb_hiwat - trim));
                        sbreserve(sbrcv, (sbrcv->sb_hiwat - trim));
+               }
        }
 }
 
        }
 }
 
@@ -1219,12 +1322,13 @@ tcp_sbrcv_trim(struct tcpcb *tp, struct sockbuf *sbrcv) {
  * to hold more mbufs for that connection than what the cwnd will allow.
  */
 void
  * to hold more mbufs for that connection than what the cwnd will allow.
  */
 void
-tcp_sbsnd_trim(struct sockbuf *sbsnd) {
-       if (tcp_do_autosendbuf == 1 && 
-               ((sbsnd->sb_flags & (SB_AUTOSIZE | SB_TRIM)) == 
-                       (SB_AUTOSIZE | SB_TRIM)) &&
-               (sbsnd->sb_idealsize > 0) &&
-               (sbsnd->sb_hiwat > sbsnd->sb_idealsize)) {
+tcp_sbsnd_trim(struct sockbuf *sbsnd)
+{
+       if (tcp_do_autosendbuf == 1 &&
+           ((sbsnd->sb_flags & (SB_AUTOSIZE | SB_TRIM)) ==
+           (SB_AUTOSIZE | SB_TRIM)) &&
+           (sbsnd->sb_idealsize > 0) &&
+           (sbsnd->sb_hiwat > sbsnd->sb_idealsize)) {
                u_int32_t trim = 0;
                if (sbsnd->sb_cc <= sbsnd->sb_idealsize) {
                        trim = sbsnd->sb_hiwat - sbsnd->sb_idealsize;
                u_int32_t trim = 0;
                if (sbsnd->sb_cc <= sbsnd->sb_idealsize) {
                        trim = sbsnd->sb_hiwat - sbsnd->sb_idealsize;
@@ -1233,123 +1337,158 @@ tcp_sbsnd_trim(struct sockbuf *sbsnd) {
                }
                sbreserve(sbsnd, (sbsnd->sb_hiwat - trim));
        }
                }
                sbreserve(sbsnd, (sbsnd->sb_hiwat - trim));
        }
-       if (sbsnd->sb_hiwat <= sbsnd->sb_idealsize)
+       if (sbsnd->sb_hiwat <= sbsnd->sb_idealsize) {
                sbsnd->sb_flags &= ~(SB_TRIM);
                sbsnd->sb_flags &= ~(SB_TRIM);
+       }
 }
 
 }
 
-/* 
+/*
  * If timestamp option was not negotiated on this connection
  * and this connection is on the receiving side of a stream
  * then we can not measure the delay on the link accurately.
  * Instead of enabling automatic receive socket buffer
  * resizing, just give more space to the receive socket buffer.
  */
  * If timestamp option was not negotiated on this connection
  * and this connection is on the receiving side of a stream
  * then we can not measure the delay on the link accurately.
  * Instead of enabling automatic receive socket buffer
  * resizing, just give more space to the receive socket buffer.
  */
-static inline void 
-tcp_sbrcv_tstmp_check(struct tcpcb *tp) {
+static inline void
+tcp_sbrcv_tstmp_check(struct tcpcb *tp)
+{
        struct socket *so = tp->t_inpcb->inp_socket;
        u_int32_t newsize = 2 * tcp_recvspace;
        struct sockbuf *sbrcv = &so->so_rcv;
 
        if ((tp->t_flags & (TF_REQ_TSTMP | TF_RCVD_TSTMP)) !=
        struct socket *so = tp->t_inpcb->inp_socket;
        u_int32_t newsize = 2 * tcp_recvspace;
        struct sockbuf *sbrcv = &so->so_rcv;
 
        if ((tp->t_flags & (TF_REQ_TSTMP | TF_RCVD_TSTMP)) !=
-               (TF_REQ_TSTMP | TF_RCVD_TSTMP) &&
-               (sbrcv->sb_flags & SB_AUTOSIZE) != 0) {
-               tcp_sbrcv_reserve(tp, sbrcv, newsize, 0);
+           (TF_REQ_TSTMP | TF_RCVD_TSTMP) &&
+           (sbrcv->sb_flags & SB_AUTOSIZE) != 0) {
+               tcp_sbrcv_reserve(tp, sbrcv, newsize, 0, newsize);
        }
 }
 
        }
 }
 
-/* A receiver will evaluate the flow of packets on a connection 
- * to see if it can reduce ack traffic. The receiver will start 
+/* A receiver will evaluate the flow of packets on a connection
+ * to see if it can reduce ack traffic. The receiver will start
  * stretching acks if all of the following conditions are met:
  * 1. tcp_delack_enabled is set to 3
  * 2. If the bytes received in the last 100ms is greater than a threshold
  *      defined by maxseg_unacked
  * 3. If the connection has not been idle for tcp_maxrcvidle period.
  * stretching acks if all of the following conditions are met:
  * 1. tcp_delack_enabled is set to 3
  * 2. If the bytes received in the last 100ms is greater than a threshold
  *      defined by maxseg_unacked
  * 3. If the connection has not been idle for tcp_maxrcvidle period.
- * 4. If the connection has seen enough packets to let the slow-start 
+ * 4. If the connection has seen enough packets to let the slow-start
  *      finish after connection establishment or after some packet loss.
  *
  * The receiver will stop stretching acks if there is congestion/reordering
  *      finish after connection establishment or after some packet loss.
  *
  * The receiver will stop stretching acks if there is congestion/reordering
- * as indicated by packets on reassembly queue or an ECN. If the delayed-ack 
- * timer fires while stretching acks, it means that the packet flow has gone 
+ * as indicated by packets on reassembly queue or an ECN. If the delayed-ack
+ * timer fires while stretching acks, it means that the packet flow has gone
  * below the threshold defined by maxseg_unacked and the receiver will stop
  * below the threshold defined by maxseg_unacked and the receiver will stop
- * stretching acks. The receiver gets no indication when slow-start is completed 
- * or when the connection reaches an idle state. That is why we use 
- * tcp_rcvsspktcnt to cover slow-start and tcp_maxrcvidle to identify idle 
+ * stretching acks. The receiver gets no indication when slow-start is completed
+ * or when the connection reaches an idle state. That is why we use
+ * tcp_rcvsspktcnt to cover slow-start and tcp_maxrcvidle to identify idle
  * state.
  */
 static inline int
  * state.
  */
 static inline int
-tcp_stretch_ack_enable(struct tcpcb *tp)
+tcp_stretch_ack_enable(struct tcpcb *tp, int thflags)
 {
 {
-       if (!(tp->t_flagsext & (TF_NOSTRETCHACK|TF_DISABLE_STRETCHACK)) &&
-               tp->rcv_by_unackwin >= (maxseg_unacked * tp->t_maxseg) &&
-               TSTMP_GT(tp->rcv_unackwin + tcp_maxrcvidle, tcp_now) &&
-               (!(tp->t_flagsext & TF_RCVUNACK_WAITSS) ||
-               (tp->rcv_waitforss >= tcp_rcvsspktcnt))) {
-               return(1);
-       }
-                
-       return(0);
+       if (tp->rcv_by_unackwin >= (maxseg_unacked * tp->t_maxseg) &&
+           TSTMP_GEQ(tp->rcv_unackwin, tcp_now)) {
+               tp->t_flags |= TF_STREAMING_ON;
+       } else {
+               tp->t_flags &= ~TF_STREAMING_ON;
+       }
+
+       /* If there has been an idle time, reset streaming detection */
+       if (TSTMP_GT(tcp_now, tp->rcv_unackwin + tcp_maxrcvidle)) {
+               tp->t_flags &= ~TF_STREAMING_ON;
+       }
+
+       /*
+        * If there are flags other than TH_ACK set, reset streaming
+        * detection
+        */
+       if (thflags & ~TH_ACK) {
+               tp->t_flags &= ~TF_STREAMING_ON;
+       }
+
+       if (tp->t_flagsext & TF_DISABLE_STRETCHACK) {
+               if (tp->rcv_nostrack_pkts >= TCP_STRETCHACK_ENABLE_PKTCNT) {
+                       tp->t_flagsext &= ~TF_DISABLE_STRETCHACK;
+                       tp->rcv_nostrack_pkts = 0;
+                       tp->rcv_nostrack_ts = 0;
+               } else {
+                       tp->rcv_nostrack_pkts++;
+               }
+       }
+
+       if (!(tp->t_flagsext & (TF_NOSTRETCHACK | TF_DISABLE_STRETCHACK)) &&
+           (tp->t_flags & TF_STREAMING_ON) &&
+           (!(tp->t_flagsext & TF_RCVUNACK_WAITSS) ||
+           (tp->rcv_waitforss >= tcp_rcvsspktcnt))) {
+               return 1;
+       }
+
+       return 0;
 }
 
 /*
  * Reset the state related to stretch-ack algorithm. This will make
  * the receiver generate an ack every other packet. The receiver
 }
 
 /*
  * Reset the state related to stretch-ack algorithm. This will make
  * the receiver generate an ack every other packet. The receiver
- * will start re-evaluating the rate at which packets come to decide 
+ * will start re-evaluating the rate at which packets come to decide
  * if it can benefit by lowering the ack traffic.
  */
 void
 tcp_reset_stretch_ack(struct tcpcb *tp)
 {
  * if it can benefit by lowering the ack traffic.
  */
 void
 tcp_reset_stretch_ack(struct tcpcb *tp)
 {
-       tp->t_flags &= ~(TF_STRETCHACK);
+       tp->t_flags &= ~(TF_STRETCHACK | TF_STREAMING_ON);
        tp->rcv_by_unackwin = 0;
        tp->rcv_by_unackwin = 0;
+       tp->rcv_by_unackhalfwin = 0;
        tp->rcv_unackwin = tcp_now + tcp_rcvunackwin;
 
        /*
         * When there is packet loss or packet re-ordering or CWR due to
         * ECN, the sender's congestion window is reduced. In these states,
         * generate an ack for every other packet for some time to allow
        tp->rcv_unackwin = tcp_now + tcp_rcvunackwin;
 
        /*
         * When there is packet loss or packet re-ordering or CWR due to
         * ECN, the sender's congestion window is reduced. In these states,
         * generate an ack for every other packet for some time to allow
-        * the sender's congestion window to grow. 
+        * the sender's congestion window to grow.
         */
        tp->t_flagsext |= TF_RCVUNACK_WAITSS;
        tp->rcv_waitforss = 0;
 }
 
 /*
         */
        tp->t_flagsext |= TF_RCVUNACK_WAITSS;
        tp->rcv_waitforss = 0;
 }
 
 /*
- * The last packet was a retransmission, check if this ack 
+ * The last packet was a retransmission, check if this ack
  * indicates that the retransmission was spurious.
  * indicates that the retransmission was spurious.
- * 
+ *
  * If the connection supports timestamps, we could use it to
  * detect if the last retransmit was not needed. Otherwise,
  * If the connection supports timestamps, we could use it to
  * detect if the last retransmit was not needed. Otherwise,
- * we check if the ACK arrived within RTT/2 window, then it 
+ * we check if the ACK arrived within RTT/2 window, then it
  * was a mistake to do the retransmit in the first place.
  *
  * was a mistake to do the retransmit in the first place.
  *
- * This function will return 1 if it is a spurious retransmit, 
- * 0 otherwise. 
+ * This function will return 1 if it is a spurious retransmit,
+ * 0 otherwise.
  */
 int
  */
 int
-tcp_detect_bad_rexmt(struct tcpcb *tp, struct tcphdr *th, 
-       struct tcpopt *to, u_int32_t rxtime)
+tcp_detect_bad_rexmt(struct tcpcb *tp, struct tcphdr *th,
+    struct tcpopt *to, u_int32_t rxtime)
 {
        int32_t tdiff, bad_rexmt_win;
        bad_rexmt_win = (tp->t_srtt >> (TCP_RTT_SHIFT + 1));
 
        /* If the ack has ECN CE bit, then cwnd has to be adjusted */
 {
        int32_t tdiff, bad_rexmt_win;
        bad_rexmt_win = (tp->t_srtt >> (TCP_RTT_SHIFT + 1));
 
        /* If the ack has ECN CE bit, then cwnd has to be adjusted */
-       if (TCP_ECN_ENABLED(tp) && (th->th_flags & TH_ECE))
-               return (0);
+       if (TCP_ECN_ENABLED(tp) && (th->th_flags & TH_ECE)) {
+               return 0;
+       }
        if (TSTMP_SUPPORTED(tp)) {
                if (rxtime > 0 && (to->to_flags & TOF_TS)
        if (TSTMP_SUPPORTED(tp)) {
                if (rxtime > 0 && (to->to_flags & TOF_TS)
-                   && to->to_tsecr != 0 
-                   && TSTMP_LT(to->to_tsecr, rxtime))
-                   return (1);
+                   && to->to_tsecr != 0
+                   && TSTMP_LT(to->to_tsecr, rxtime)) {
+                       return 1;
+               }
        } else {
        } else {
-               if ((tp->t_rxtshift == 1 
+               if ((tp->t_rxtshift == 1
                    || (tp->t_flagsext & TF_SENT_TLPROBE))
                    && rxtime > 0) {
                        tdiff = (int32_t)(tcp_now - rxtime);
                    || (tp->t_flagsext & TF_SENT_TLPROBE))
                    && rxtime > 0) {
                        tdiff = (int32_t)(tcp_now - rxtime);
-                       if (tdiff < bad_rexmt_win)
-                               return(1);
+                       if (tdiff < bad_rexmt_win) {
+                               return 1;
+                       }
                }
        }
                }
        }
-       return(0);
+       return 0;
 }
 
 
 }
 
 
@@ -1372,16 +1511,17 @@ tcp_bad_rexmt_restore_state(struct tcpcb *tp, struct tcphdr *th)
                tp->snd_ssthresh = tp->snd_ssthresh_prev;
 
                /* Initialize cwnd to the initial window */
                tp->snd_ssthresh = tp->snd_ssthresh_prev;
 
                /* Initialize cwnd to the initial window */
-               if (CC_ALGO(tp)->cwnd_init != NULL)
+               if (CC_ALGO(tp)->cwnd_init != NULL) {
                        CC_ALGO(tp)->cwnd_init(tp);
                        CC_ALGO(tp)->cwnd_init(tp);
+               }
 
                tp->snd_cwnd = fsize + min(acked, tp->snd_cwnd);
 
                tp->snd_cwnd = fsize + min(acked, tp->snd_cwnd);
-               
        } else {
                tp->snd_cwnd = tp->snd_cwnd_prev;
                tp->snd_ssthresh = tp->snd_ssthresh_prev;
        } else {
                tp->snd_cwnd = tp->snd_cwnd_prev;
                tp->snd_ssthresh = tp->snd_ssthresh_prev;
-               if (tp->t_flags & TF_WASFRECOVERY)
+               if (tp->t_flags & TF_WASFRECOVERY) {
                        ENTER_FASTRECOVERY(tp);
                        ENTER_FASTRECOVERY(tp);
+               }
 
                /* Do not use the loss flight size in this case */
                tp->t_lossflightsize = 0;
 
                /* Do not use the loss flight size in this case */
                tp->t_lossflightsize = 0;
@@ -1389,14 +1529,12 @@ tcp_bad_rexmt_restore_state(struct tcpcb *tp, struct tcphdr *th)
        tp->snd_cwnd = max(tp->snd_cwnd, TCP_CC_CWND_INIT_BYTES);
        tp->snd_recover = tp->snd_recover_prev;
        tp->snd_nxt = tp->snd_max;
        tp->snd_cwnd = max(tp->snd_cwnd, TCP_CC_CWND_INIT_BYTES);
        tp->snd_recover = tp->snd_recover_prev;
        tp->snd_nxt = tp->snd_max;
-       tp->t_rxtshift = 0;
-       tp->t_rxtstart = 0;
 
        /* Fix send socket buffer to reflect the change in cwnd */
        tcp_bad_rexmt_fix_sndbuf(tp);
 
        /*
 
        /* Fix send socket buffer to reflect the change in cwnd */
        tcp_bad_rexmt_fix_sndbuf(tp);
 
        /*
-        * This RTT might reflect the extra delay induced 
+        * This RTT might reflect the extra delay induced
         * by the network. Skip using this sample for RTO
         * calculation and mark the connection so we can
         * recompute RTT when the next eligible sample is
         * by the network. Skip using this sample for RTO
         * calculation and mark the connection so we can
         * recompute RTT when the next eligible sample is
@@ -1442,7 +1580,7 @@ tcp_bad_rexmt_check(struct tcpcb *tp, struct tcphdr *th, struct tcpopt *to)
                }
 
                /*
                }
 
                /*
-                * The tail loss probe recovered the last packet and 
+                * The tail loss probe recovered the last packet and
                 * we need to adjust the congestion window to take
                 * this loss into account.
                 */
                 * we need to adjust the congestion window to take
                 * this loss into account.
                 */
@@ -1475,13 +1613,14 @@ out:
         */
        if (tp->t_rxtshift > 0 && (tp->t_flags & TF_BLACKHOLE) &&
            tp->t_pmtud_start_ts > 0 && TSTMP_SUPPORTED(tp)) {
         */
        if (tp->t_rxtshift > 0 && (tp->t_flags & TF_BLACKHOLE) &&
            tp->t_pmtud_start_ts > 0 && TSTMP_SUPPORTED(tp)) {
-               if ((to->to_flags & TOF_TS) && to->to_tsecr != 0 
+               if ((to->to_flags & TOF_TS) && to->to_tsecr != 0
                    && TSTMP_LT(to->to_tsecr, tp->t_pmtud_start_ts)) {
                        tcp_pmtud_revert_segment_size(tp);
                }
        }
                    && TSTMP_LT(to->to_tsecr, tp->t_pmtud_start_ts)) {
                        tcp_pmtud_revert_segment_size(tp);
                }
        }
-       if (tp->t_pmtud_start_ts > 0)
+       if (tp->t_pmtud_start_ts > 0) {
                tp->t_pmtud_start_ts = 0;
                tp->t_pmtud_start_ts = 0;
+       }
 }
 
 /*
 }
 
 /*
@@ -1497,7 +1636,7 @@ out:
  * packet reordering.
  */
 static void
  * packet reordering.
  */
 static void
-tcp_early_rexmt_check (struct tcpcb *tp, struct tcphdr *th)
+tcp_early_rexmt_check(struct tcpcb *tp, struct tcphdr *th)
 {
        u_int32_t obytes, snd_off;
        int32_t snd_len;
 {
        u_int32_t obytes, snd_off;
        int32_t snd_len;
@@ -1506,66 +1645,68 @@ tcp_early_rexmt_check (struct tcpcb *tp, struct tcphdr *th)
        if (early_rexmt && (SACK_ENABLED(tp) ||
            tp->t_early_rexmt_count < TCP_EARLY_REXMT_LIMIT) &&
            SEQ_GT(tp->snd_max, tp->snd_una) &&
        if (early_rexmt && (SACK_ENABLED(tp) ||
            tp->t_early_rexmt_count < TCP_EARLY_REXMT_LIMIT) &&
            SEQ_GT(tp->snd_max, tp->snd_una) &&
-           (tp->t_dupacks == 1 || 
-           (SACK_ENABLED(tp) && 
+           (tp->t_dupacks == 1 ||
+           (SACK_ENABLED(tp) &&
            !TAILQ_EMPTY(&tp->snd_holes)))) {
                /*
            !TAILQ_EMPTY(&tp->snd_holes)))) {
                /*
-                * If there are only a few outstanding 
+                * If there are only a few outstanding
                 * segments on the connection, we might need
                 * to lower the retransmit threshold. This
                 * segments on the connection, we might need
                 * to lower the retransmit threshold. This
-                * will allow us to do Early Retransmit as 
+                * will allow us to do Early Retransmit as
                 * described in RFC 5827.
                 */
                 * described in RFC 5827.
                 */
-               if (SACK_ENABLED(tp) && 
+               if (SACK_ENABLED(tp) &&
                    !TAILQ_EMPTY(&tp->snd_holes)) {
                        obytes = (tp->snd_max - tp->snd_fack) +
                    !TAILQ_EMPTY(&tp->snd_holes)) {
                        obytes = (tp->snd_max - tp->snd_fack) +
-                               tp->sackhint.sack_bytes_rexmit;
+                           tp->sackhint.sack_bytes_rexmit;
                } else {
                } else {
-                       obytes = (tp->snd_max - tp->snd_una);   
+                       obytes = (tp->snd_max - tp->snd_una);
                }
 
                /*
                }
 
                /*
-                * In order to lower retransmit threshold the 
+                * In order to lower retransmit threshold the
                 * following two conditions must be met.
                 * following two conditions must be met.
-                * 1. the amount of outstanding data is less 
+                * 1. the amount of outstanding data is less
                 * than 4*SMSS bytes
                 * than 4*SMSS bytes
-                * 2. there is no unsent data ready for 
-                * transmission or the advertised window 
+                * 2. there is no unsent data ready for
+                * transmission or the advertised window
                 * will limit sending new segments.
                 */
                snd_off = tp->snd_max - tp->snd_una;
                snd_len = min(so->so_snd.sb_cc, tp->snd_wnd) - snd_off;
                 * will limit sending new segments.
                 */
                snd_off = tp->snd_max - tp->snd_una;
                snd_len = min(so->so_snd.sb_cc, tp->snd_wnd) - snd_off;
-               if (obytes < (tp->t_maxseg << 2) && 
+               if (obytes < (tp->t_maxseg << 2) &&
                    snd_len <= 0) {
                        u_int32_t osegs;
 
                        osegs = obytes / tp->t_maxseg;
                    snd_len <= 0) {
                        u_int32_t osegs;
 
                        osegs = obytes / tp->t_maxseg;
-                       if ((osegs * tp->t_maxseg) < obytes)
+                       if ((osegs * tp->t_maxseg) < obytes) {
                                osegs++;
                                osegs++;
+                       }
 
 
-                       /* 
-                        * Since the connection might have already 
+                       /*
+                        * Since the connection might have already
                         * received some dupacks, we add them to
                         * to the outstanding segments count to get
                         * the correct retransmit threshold.
                         *
                         * received some dupacks, we add them to
                         * to the outstanding segments count to get
                         * the correct retransmit threshold.
                         *
-                        * By checking for early retransmit after 
+                        * By checking for early retransmit after
                         * receiving some duplicate acks when SACK
                         * receiving some duplicate acks when SACK
-                        * is supported, the connection will 
-                        * enter fast recovery even if multiple 
+                        * is supported, the connection will
+                        * enter fast recovery even if multiple
                         * segments are lost in the same window.
                         */
                        osegs += tp->t_dupacks;
                        if (osegs < 4) {
                         * segments are lost in the same window.
                         */
                        osegs += tp->t_dupacks;
                        if (osegs < 4) {
-                               tp->t_rexmtthresh = 
+                               tp->t_rexmtthresh =
                                    ((osegs - 1) > 1) ? (osegs - 1) : 1;
                                tp->t_rexmtthresh =
                                    min(tp->t_rexmtthresh, tcprexmtthresh);
                                tp->t_rexmtthresh =
                                    max(tp->t_rexmtthresh, tp->t_dupacks);
 
                                    ((osegs - 1) > 1) ? (osegs - 1) : 1;
                                tp->t_rexmtthresh =
                                    min(tp->t_rexmtthresh, tcprexmtthresh);
                                tp->t_rexmtthresh =
                                    max(tp->t_rexmtthresh, tp->t_dupacks);
 
-                               if (tp->t_early_rexmt_count == 0)
+                               if (tp->t_early_rexmt_count == 0) {
                                        tp->t_early_rexmt_win = tcp_now;
                                        tp->t_early_rexmt_win = tcp_now;
+                               }
 
                                if (tp->t_flagsext & TF_SENT_TLPROBE) {
                                        tcpstat.tcps_tlp_recovery++;
 
                                if (tp->t_flagsext & TF_SENT_TLPROBE) {
                                        tcpstat.tcps_tlp_recovery++;
@@ -1593,23 +1734,22 @@ tcp_early_rexmt_check (struct tcpcb *tp, struct tcphdr *th)
 }
 
 static boolean_t
 }
 
 static boolean_t
-tcp_tfo_syn(tp, to)
-       struct tcpcb *tp;
-       struct tcpopt *to;
+tcp_tfo_syn(struct tcpcb *tp, struct tcpopt *to)
 {
        u_char out[CCAES_BLOCK_SIZE];
        unsigned char len;
 
        if (!(to->to_flags & (TOF_TFO | TOF_TFOREQ)) ||
 {
        u_char out[CCAES_BLOCK_SIZE];
        unsigned char len;
 
        if (!(to->to_flags & (TOF_TFO | TOF_TFOREQ)) ||
-           !(tcp_fastopen & TCP_FASTOPEN_SERVER))
-               return (FALSE);
+           !(tcp_fastopen & TCP_FASTOPEN_SERVER)) {
+               return FALSE;
+       }
 
        if ((to->to_flags & TOF_TFOREQ)) {
                tp->t_tfo_flags |= TFO_F_OFFER_COOKIE;
 
                tp->t_tfo_stats |= TFO_S_COOKIEREQ_RECV;
                tcpstat.tcps_tfo_cookie_req_rcv++;
 
        if ((to->to_flags & TOF_TFOREQ)) {
                tp->t_tfo_flags |= TFO_F_OFFER_COOKIE;
 
                tp->t_tfo_stats |= TFO_S_COOKIEREQ_RECV;
                tcpstat.tcps_tfo_cookie_req_rcv++;
-               return (FALSE);
+               return FALSE;
        }
 
        /* Ok, then it must be an offered cookie. We need to check that ... */
        }
 
        /* Ok, then it must be an offered cookie. We need to check that ... */
@@ -1623,13 +1763,13 @@ tcp_tfo_syn(tp, to)
 
                tp->t_tfo_stats |= TFO_S_COOKIE_INVALID;
                tcpstat.tcps_tfo_cookie_invalid++;
 
                tp->t_tfo_stats |= TFO_S_COOKIE_INVALID;
                tcpstat.tcps_tfo_cookie_invalid++;
-               return (FALSE);
+               return FALSE;
        }
 
        if (OSIncrementAtomic(&tcp_tfo_halfcnt) >= tcp_tfo_backlog) {
                /* Need to decrement again as we just increased it... */
                OSDecrementAtomic(&tcp_tfo_halfcnt);
        }
 
        if (OSIncrementAtomic(&tcp_tfo_halfcnt) >= tcp_tfo_backlog) {
                /* Need to decrement again as we just increased it... */
                OSDecrementAtomic(&tcp_tfo_halfcnt);
-               return (FALSE);
+               return FALSE;
        }
 
        tp->t_tfo_flags |= TFO_F_COOKIE_VALID;
        }
 
        tp->t_tfo_flags |= TFO_F_COOKIE_VALID;
@@ -1637,13 +1777,11 @@ tcp_tfo_syn(tp, to)
        tp->t_tfo_stats |= TFO_S_SYNDATA_RCV;
        tcpstat.tcps_tfo_syn_data_rcv++;
 
        tp->t_tfo_stats |= TFO_S_SYNDATA_RCV;
        tcpstat.tcps_tfo_syn_data_rcv++;
 
-       return (TRUE);
+       return TRUE;
 }
 
 static void
 }
 
 static void
-tcp_tfo_synack(tp, to)
-       struct tcpcb *tp;
-       struct tcpopt *to;
+tcp_tfo_synack(struct tcpcb *tp, struct tcpopt *to)
 {
        if (to->to_flags & TOF_TFO) {
                unsigned char len = *to->to_tfo - TCPOLEN_FASTOPEN_REQ;
 {
        if (to->to_flags & TOF_TFO) {
                unsigned char len = *to->to_tfo - TCPOLEN_FASTOPEN_REQ;
@@ -1661,6 +1799,10 @@ tcp_tfo_synack(tp, to)
 
                tp->t_tfo_stats |= TFO_S_COOKIE_RCV;
                tcpstat.tcps_tfo_cookie_rcv++;
 
                tp->t_tfo_stats |= TFO_S_COOKIE_RCV;
                tcpstat.tcps_tfo_cookie_rcv++;
+               if (tp->t_tfo_flags & TFO_F_COOKIE_SENT) {
+                       tcpstat.tcps_tfo_cookie_wrong++;
+                       tp->t_tfo_stats |= TFO_S_COOKIE_WRONG;
+               }
        } else {
                /*
                 * Thus, no cookie in the response, but we either asked for one
        } else {
                /*
                 * Thus, no cookie in the response, but we either asked for one
@@ -1668,28 +1810,37 @@ tcp_tfo_synack(tp, to)
                 * rexmit the SYN. If that's the case, it's better to start
                 * backing of TFO-cookie requests.
                 */
                 * rexmit the SYN. If that's the case, it's better to start
                 * backing of TFO-cookie requests.
                 */
-               if (tp->t_tfo_flags & TFO_F_SYN_LOSS)
-                       tcp_heuristic_inc_loss(tp, 1, 0);
-               else
-                       tcp_heuristic_reset_loss(tp, 1, 0);
+               if (!(tp->t_flagsext & TF_FASTOPEN_FORCE_ENABLE) &&
+                   tp->t_tfo_flags & TFO_F_SYN_LOSS) {
+                       tp->t_tfo_stats |= TFO_S_SYN_LOSS;
+                       tcpstat.tcps_tfo_syn_loss++;
+
+                       tcp_heuristic_tfo_loss(tp);
+               } else {
+                       if (tp->t_tfo_flags & TFO_F_COOKIE_REQ) {
+                               tp->t_tfo_stats |= TFO_S_NO_COOKIE_RCV;
+                               tcpstat.tcps_tfo_no_cookie_rcv++;
+                       }
+
+                       tcp_heuristic_tfo_success(tp);
+               }
        }
 }
 
 static void
 tcp_tfo_rcv_probe(struct tcpcb *tp, int tlen)
 {
        }
 }
 
 static void
 tcp_tfo_rcv_probe(struct tcpcb *tp, int tlen)
 {
-       if (tlen == 0) {
-               tp->t_tfo_probe_state = TFO_PROBE_PROBING;
-
-               /*
-                * We send the probe out rather quickly (after one RTO). It does not
-                * really hurt that much, it's only one additional segment on the wire.
-                */
-               tp->t_timer[TCPT_KEEP] = OFFSET_FROM_START(tp, (TCP_REXMTVAL(tp)));
-       } else {
-               /* If SYN/ACK+data, don't probe. We got the data! */
-               tcp_heuristic_tfo_rcv_good(tp);
+       if (tlen != 0) {
+               return;
        }
        }
+
+       tp->t_tfo_probe_state = TFO_PROBE_PROBING;
+
+       /*
+        * We send the probe out rather quickly (after one RTO). It does not
+        * really hurt that much, it's only one additional segment on the wire.
+        */
+       tp->t_timer[TCPT_KEEP] = OFFSET_FROM_START(tp, (TCP_REXMTVAL(tp)));
 }
 
 static void
 }
 
 static void
@@ -1698,9 +1849,6 @@ tcp_tfo_rcv_data(struct tcpcb *tp)
        /* Transition from PROBING to NONE as data has been received */
        if (tp->t_tfo_probe_state >= TFO_PROBE_PROBING) {
                tp->t_tfo_probe_state = TFO_PROBE_NONE;
        /* Transition from PROBING to NONE as data has been received */
        if (tp->t_tfo_probe_state >= TFO_PROBE_PROBING) {
                tp->t_tfo_probe_state = TFO_PROBE_NONE;
-
-               /* Data has been received - we are good to go! */
-               tcp_heuristic_tfo_rcv_good(tp);
        }
 }
 
        }
 }
 
@@ -1721,30 +1869,73 @@ tcp_tfo_rcv_ack(struct tcpcb *tp, struct tcphdr *th)
        }
 }
 
        }
 }
 
+/*
+ * Update snd_wnd information.
+ */
+static inline bool
+tcp_update_window(struct tcpcb *tp, int thflags, struct tcphdr * th,
+    u_int32_t tiwin, int tlen)
+{
+       /* Don't look at the window if there is no ACK flag */
+       if ((thflags & TH_ACK) &&
+           (SEQ_LT(tp->snd_wl1, th->th_seq) ||
+           (tp->snd_wl1 == th->th_seq && (SEQ_LT(tp->snd_wl2, th->th_ack) ||
+           (tp->snd_wl2 == th->th_ack && tiwin > tp->snd_wnd))))) {
+               /* keep track of pure window updates */
+               if (tlen == 0 &&
+                   tp->snd_wl2 == th->th_ack && tiwin > tp->snd_wnd) {
+                       tcpstat.tcps_rcvwinupd++;
+               }
+               tp->snd_wnd = tiwin;
+               tp->snd_wl1 = th->th_seq;
+               tp->snd_wl2 = th->th_ack;
+               if (tp->snd_wnd > tp->max_sndwnd) {
+                       tp->max_sndwnd = tp->snd_wnd;
+               }
+
+               if (tp->t_inpcb->inp_socket->so_flags & SOF_MP_SUBFLOW) {
+                       mptcp_update_window_wakeup(tp);
+               }
+               return true;
+       }
+       return false;
+}
+
+static void
+tcp_handle_wakeup(struct socket *so, int read_wakeup, int write_wakeup)
+{
+       if (read_wakeup != 0) {
+               sorwakeup(so);
+       }
+       if (write_wakeup != 0) {
+               sowwakeup(so);
+       }
+}
+
 void
 void
-tcp_input(m, off0)
-       struct mbuf *m;
-       int off0;
+tcp_input(struct mbuf *m, int off0)
 {
 {
-       register struct tcphdr *th;
-       register struct ip *ip = NULL;
-       register struct inpcb *inp;
+       struct tcphdr *th;
+       struct ip *ip = NULL;
+       struct inpcb *inp;
        u_char *optp = NULL;
        int optlen = 0;
        int tlen, off;
        int drop_hdrlen;
        u_char *optp = NULL;
        int optlen = 0;
        int tlen, off;
        int drop_hdrlen;
-       register struct tcpcb *tp = 0;
-       register int thflags;
+       struct tcpcb *tp = 0;
+       int thflags;
        struct socket *so = 0;
        int todrop, acked, ourfinisacked, needoutput = 0;
        struct socket *so = 0;
        int todrop, acked, ourfinisacked, needoutput = 0;
+       int read_wakeup = 0;
+       int write_wakeup = 0;
        struct in_addr laddr;
 #if INET6
        struct in6_addr laddr6;
 #endif
        int dropsocket = 0;
        struct in_addr laddr;
 #if INET6
        struct in6_addr laddr6;
 #endif
        int dropsocket = 0;
-       int iss = 0, nosock = 0; 
+       int iss = 0, nosock = 0;
        u_int32_t tiwin, sack_bytes_acked = 0;
        u_int32_t tiwin, sack_bytes_acked = 0;
-       struct tcpopt to;               /* options in this segment */
+       struct tcpopt to;               /* options in this segment */
 #if TCPDEBUG
        short ostate = 0;
 #endif
 #if TCPDEBUG
        short ostate = 0;
 #endif
@@ -1767,9 +1958,25 @@ tcp_input(m, off0)
        boolean_t wired = (!wifi && IFNET_IS_WIRED(ifp));
        boolean_t recvd_dsack = FALSE;
        struct tcp_respond_args tra;
        boolean_t wired = (!wifi && IFNET_IS_WIRED(ifp));
        boolean_t recvd_dsack = FALSE;
        struct tcp_respond_args tra;
+       int prev_t_state;
+       boolean_t check_cfil = cfil_filter_present();
+       bool findpcb_iterated = false;
+       /*
+        * The mbuf may be freed after it has been added to the receive socket
+        * buffer or the reassembly queue, so we reinitialize th to point to a
+        * safe copy of the TCP header
+        */
+       struct tcphdr saved_tcphdr = {};
+       /*
+        * Save copy of the IPv4/IPv6 header.
+        * Note: use array of uint32_t to silence compiler warning when casting
+        * to a struct ip6_hdr pointer.
+        */
+#define MAX_IPWORDS ((sizeof(struct ip) + MAX_IPOPTLEN) / sizeof(uint32_t))
+       uint32_t saved_hdr[MAX_IPWORDS];
 
 
-#define TCP_INC_VAR(stat, npkts) do {                  \
-               stat += npkts;                          \
+#define TCP_INC_VAR(stat, npkts) do {                   \
+               stat += npkts;                          \
 } while (0)
 
        TCP_INC_VAR(tcpstat.tcps_rcvtotal, nlropkts);
 } while (0)
 
        TCP_INC_VAR(tcpstat.tcps_rcvtotal, nlropkts);
@@ -1782,8 +1989,8 @@ tcp_input(m, off0)
                fwd_tag = NULL;
        }
        if (fwd_tag != NULL) {
                fwd_tag = NULL;
        }
        if (fwd_tag != NULL) {
-               struct ip_fwd_tag *ipfwd_tag = 
-                       (struct ip_fwd_tag *)(fwd_tag+1);
+               struct ip_fwd_tag *ipfwd_tag =
+                   (struct ip_fwd_tag *)(fwd_tag + 1);
 
                next_hop = ipfwd_tag->next_hop;
                m_tag_delete(m, fwd_tag);
 
                next_hop = ipfwd_tag->next_hop;
                m_tag_delete(m, fwd_tag);
@@ -1795,9 +2002,9 @@ tcp_input(m, off0)
        int isipv6;
 #endif /* INET6 */
        int rstreason; /* For badport_bandlim accounting purposes */
        int isipv6;
 #endif /* INET6 */
        int rstreason; /* For badport_bandlim accounting purposes */
-       struct proc *proc0=current_proc();
+       struct proc *proc0 = current_proc();
 
 
-       KERNEL_DEBUG(DBG_FNC_TCP_INPUT | DBG_FUNC_START,0,0,0,0,0);
+       KERNEL_DEBUG(DBG_FNC_TCP_INPUT | DBG_FUNC_START, 0, 0, 0, 0, 0);
 
 #if INET6
        isipv6 = (mtod(m, struct ip *)->ip_v == 6) ? 1 : 0;
 
 #if INET6
        isipv6 = (mtod(m, struct ip *)->ip_v == 6) ? 1 : 0;
@@ -1806,9 +2013,9 @@ tcp_input(m, off0)
 
 #if INET6
        if (isipv6) {
 
 #if INET6
        if (isipv6) {
-               /* 
-                * Expect 32-bit aligned data pointer on 
-                * strict-align platforms 
+               /*
+                * Expect 32-bit aligned data pointer on
+                * strict-align platforms
                 */
                MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
 
                 */
                MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
 
@@ -1817,12 +2024,14 @@ tcp_input(m, off0)
                tlen = sizeof(*ip6) + ntohs(ip6->ip6_plen) - off0;
                th = (struct tcphdr *)(void *)((caddr_t)ip6 + off0);
 
                tlen = sizeof(*ip6) + ntohs(ip6->ip6_plen) - off0;
                th = (struct tcphdr *)(void *)((caddr_t)ip6 + off0);
 
-               if (tcp_input_checksum(AF_INET6, m, th, off0, tlen))
+               if (tcp_input_checksum(AF_INET6, m, th, off0, tlen)) {
+                       TCP_LOG_DROP_PKT(ip6, th, ifp, "IPv6 bad tcp checksum");
                        goto dropnosock;
                        goto dropnosock;
+               }
 
                KERNEL_DEBUG(DBG_LAYER_BEG, ((th->th_dport << 16) | th->th_sport),
 
                KERNEL_DEBUG(DBG_LAYER_BEG, ((th->th_dport << 16) | th->th_sport),
-                    (((ip6->ip6_src.s6_addr16[0]) << 16) | (ip6->ip6_dst.s6_addr16[0])),
-                    th->th_seq, th->th_ack, th->th_win);
+                   (((ip6->ip6_src.s6_addr16[0]) << 16) | (ip6->ip6_dst.s6_addr16[0])),
+                   th->th_seq, th->th_ack, th->th_win);
                /*
                 * Be proactive about unspecified IPv6 address in source.
                 * As we use all-zero to indicate unbounded/unconnected pcb,
                /*
                 * Be proactive about unspecified IPv6 address in source.
                 * As we use all-zero to indicate unbounded/unconnected pcb,
@@ -1834,78 +2043,83 @@ tcp_input(m, off0)
                if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
                        /* XXX stat */
                        IF_TCP_STATINC(ifp, unspecv6);
                if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
                        /* XXX stat */
                        IF_TCP_STATINC(ifp, unspecv6);
+                       TCP_LOG_DROP_PKT(ip6, th, ifp, "src IPv6 address unspecified");
                        goto dropnosock;
                }
                DTRACE_TCP5(receive, struct mbuf *, m, struct inpcb *, NULL,
                        goto dropnosock;
                }
                DTRACE_TCP5(receive, struct mbuf *, m, struct inpcb *, NULL,
-                       struct ip6_hdr *, ip6, struct tcpcb *, NULL, 
-                       struct tcphdr *, th);
+                   struct ip6_hdr *, ip6, struct tcpcb *, NULL,
+                   struct tcphdr *, th);
 
                ip_ecn = (ntohl(ip6->ip6_flow) >> 20) & IPTOS_ECN_MASK;
        } else
 #endif /* INET6 */
        {
 
                ip_ecn = (ntohl(ip6->ip6_flow) >> 20) & IPTOS_ECN_MASK;
        } else
 #endif /* INET6 */
        {
-       /*
-        * Get IP and TCP header together in first mbuf.
-        * Note: IP leaves IP header in first mbuf.
-        */
-       if (off0 > sizeof (struct ip)) {
-               ip_stripoptions(m, (struct mbuf *)0);
-               off0 = sizeof(struct ip);
-       }
-       if (m->m_len < sizeof (struct tcpiphdr)) {
-               if ((m = m_pullup(m, sizeof (struct tcpiphdr))) == 0) {
-                       tcpstat.tcps_rcvshort++;
-                       return;
+               /*
+                * Get IP and TCP header together in first mbuf.
+                * Note: IP leaves IP header in first mbuf.
+                */
+               if (off0 > sizeof(struct ip)) {
+                       ip_stripoptions(m);
+                       off0 = sizeof(struct ip);
+               }
+               if (m->m_len < sizeof(struct tcpiphdr)) {
+                       if ((m = m_pullup(m, sizeof(struct tcpiphdr))) == 0) {
+                               tcpstat.tcps_rcvshort++;
+                               return;
+                       }
                }
                }
-       }
 
 
-       /* Expect 32-bit aligned data pointer on strict-align platforms */
-       MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
+               /* Expect 32-bit aligned data pointer on strict-align platforms */
+               MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
 
 
-       ip = mtod(m, struct ip *);
-       th = (struct tcphdr *)(void *)((caddr_t)ip + off0);
-       tlen = ip->ip_len;
+               ip = mtod(m, struct ip *);
+               th = (struct tcphdr *)(void *)((caddr_t)ip + off0);
+               tlen = ip->ip_len;
 
 
-       if (tcp_input_checksum(AF_INET, m, th, off0, tlen))
-               goto dropnosock;
+               if (tcp_input_checksum(AF_INET, m, th, off0, tlen)) {
+                       TCP_LOG_DROP_PKT(ip, th, ifp, "IPv4 bad tcp checksum");
+                       goto dropnosock;
+               }
 
 #if INET6
 
 #if INET6
-       /* Re-initialization for later version check */
-       ip->ip_v = IPVERSION;
+               /* Re-initialization for later version check */
+               ip->ip_v = IPVERSION;
 #endif
 #endif
-       ip_ecn = (ip->ip_tos & IPTOS_ECN_MASK);
+               ip_ecn = (ip->ip_tos & IPTOS_ECN_MASK);
 
 
-       DTRACE_TCP5(receive, struct mbuf *, m, struct inpcb *, NULL,
-               struct ip *, ip, struct tcpcb *, NULL, struct tcphdr *, th);
-
-       KERNEL_DEBUG(DBG_LAYER_BEG, ((th->th_dport << 16) | th->th_sport),
-               (((ip->ip_src.s_addr & 0xffff) << 16) | (ip->ip_dst.s_addr & 0xffff)),
-                 th->th_seq, th->th_ack, th->th_win);
+               DTRACE_TCP5(receive, struct mbuf *, m, struct inpcb *, NULL,
+                   struct ip *, ip, struct tcpcb *, NULL, struct tcphdr *, th);
 
 
+               KERNEL_DEBUG(DBG_LAYER_BEG, ((th->th_dport << 16) | th->th_sport),
+                   (((ip->ip_src.s_addr & 0xffff) << 16) | (ip->ip_dst.s_addr & 0xffff)),
+                   th->th_seq, th->th_ack, th->th_win);
        }
 
        }
 
+#define TCP_LOG_HDR (isipv6 ? (void *)ip6 : (void *)ip)
+
        /*
         * Check that TCP offset makes sense,
        /*
         * Check that TCP offset makes sense,
-        * pull out TCP options and adjust length.              XXX
+        * pull out TCP options and adjust length.
         */
        off = th->th_off << 2;
         */
        off = th->th_off << 2;
-       if (off < sizeof (struct tcphdr) || off > tlen) {
+       if (off < sizeof(struct tcphdr) || off > tlen) {
                tcpstat.tcps_rcvbadoff++;
                IF_TCP_STATINC(ifp, badformat);
                tcpstat.tcps_rcvbadoff++;
                IF_TCP_STATINC(ifp, badformat);
+               TCP_LOG_DROP_PKT(TCP_LOG_HDR, th, ifp, "bad tcp offset");
                goto dropnosock;
        }
                goto dropnosock;
        }
-       tlen -= off;    /* tlen is used instead of ti->ti_len */
-       if (off > sizeof (struct tcphdr)) {
+       tlen -= off;    /* tlen is used instead of ti->ti_len */
+       if (off > sizeof(struct tcphdr)) {
 #if INET6
                if (isipv6) {
 #if INET6
                if (isipv6) {
-                       IP6_EXTHDR_CHECK(m, off0, off, return);
+                       IP6_EXTHDR_CHECK(m, off0, off, return );
                        ip6 = mtod(m, struct ip6_hdr *);
                        th = (struct tcphdr *)(void *)((caddr_t)ip6 + off0);
                } else
 #endif /* INET6 */
                {
                        if (m->m_len < sizeof(struct ip) + off) {
                        ip6 = mtod(m, struct ip6_hdr *);
                        th = (struct tcphdr *)(void *)((caddr_t)ip6 + off0);
                } else
 #endif /* INET6 */
                {
                        if (m->m_len < sizeof(struct ip) + off) {
-                               if ((m = m_pullup(m, sizeof (struct ip) + off)) == 0) {
+                               if ((m = m_pullup(m, sizeof(struct ip) + off)) == 0) {
                                        tcpstat.tcps_rcvshort++;
                                        return;
                                }
                                        tcpstat.tcps_rcvshort++;
                                        return;
                                }
@@ -1913,9 +2127,9 @@ tcp_input(m, off0)
                                th = (struct tcphdr *)(void *)((caddr_t)ip + off0);
                        }
                }
                                th = (struct tcphdr *)(void *)((caddr_t)ip + off0);
                        }
                }
-               optlen = off - sizeof (struct tcphdr);
+               optlen = off - sizeof(struct tcphdr);
                optp = (u_char *)(th + 1);
                optp = (u_char *)(th + 1);
-               /* 
+               /*
                 * Do quick retrieval of timestamp options ("options
                 * prediction?").  If timestamp is the only option and it's
                 * formatted as recommended in RFC 1323 appendix A, we
                 * Do quick retrieval of timestamp options ("options
                 * prediction?").  If timestamp is the only option and it's
                 * formatted as recommended in RFC 1323 appendix A, we
@@ -1923,14 +2137,14 @@ tcp_input(m, off0)
                 * tcp_dooptions(), etc.
                 */
                if ((optlen == TCPOLEN_TSTAMP_APPA ||
                 * tcp_dooptions(), etc.
                 */
                if ((optlen == TCPOLEN_TSTAMP_APPA ||
-                       (optlen > TCPOLEN_TSTAMP_APPA &&
-                       optp[TCPOLEN_TSTAMP_APPA] == TCPOPT_EOL)) &&
-                       *(u_int32_t *)(void *)optp == htonl(TCPOPT_TSTAMP_HDR) &&
-                       (th->th_flags & TH_SYN) == 0) {
+                   (optlen > TCPOLEN_TSTAMP_APPA &&
+                   optp[TCPOLEN_TSTAMP_APPA] == TCPOPT_EOL)) &&
+                   *(u_int32_t *)(void *)optp == htonl(TCPOPT_TSTAMP_HDR) &&
+                   (th->th_flags & TH_SYN) == 0) {
                        to.to_flags |= TOF_TS;
                        to.to_tsval = ntohl(*(u_int32_t *)(void *)(optp + 4));
                        to.to_tsecr = ntohl(*(u_int32_t *)(void *)(optp + 8));
                        to.to_flags |= TOF_TS;
                        to.to_tsval = ntohl(*(u_int32_t *)(void *)(optp + 4));
                        to.to_tsecr = ntohl(*(u_int32_t *)(void *)(optp + 8));
-                       optp = NULL;    /* we've parsed the options */
+                       optp = NULL;    /* we've parsed the options */
                }
        }
        thflags = th->th_flags;
                }
        }
        thflags = th->th_flags;
@@ -1943,8 +2157,9 @@ tcp_input(m, off0)
         *
         * This is a violation of the TCP specification.
         */
         *
         * This is a violation of the TCP specification.
         */
-       if (drop_synfin && (thflags & (TH_SYN|TH_FIN)) == (TH_SYN|TH_FIN)) {
+       if (drop_synfin && (thflags & (TH_SYN | TH_FIN)) == (TH_SYN | TH_FIN)) {
                IF_TCP_STATINC(ifp, synfin);
                IF_TCP_STATINC(ifp, synfin);
+               TCP_LOG_DROP_PKT(TCP_LOG_HDR, th, ifp, "drop SYN FIN");
                goto dropnosock;
        }
 #endif
                goto dropnosock;
        }
 #endif
@@ -1958,7 +2173,7 @@ tcp_input(m, off0)
         * parameters to be unchanged.
         */
        drop_hdrlen = off0 + off;
         * parameters to be unchanged.
         */
        drop_hdrlen = off0 + off;
-       
+
        /* Since this is an entry point for input processing of tcp packets, we
         * can update the tcp clock here.
         */
        /* Since this is an entry point for input processing of tcp packets, we
         * can update the tcp clock here.
         */
@@ -1971,20 +2186,21 @@ tcp_input(m, off0)
         * absence of a PCB, when scoped routing (and thus source interface
         * selection) are enabled.
         */
         * absence of a PCB, when scoped routing (and thus source interface
         * selection) are enabled.
         */
-       if ((m->m_pkthdr.pkt_flags & PKTF_LOOP) || m->m_pkthdr.rcvif == NULL)
+       if ((m->m_pkthdr.pkt_flags & PKTF_LOOP) || m->m_pkthdr.rcvif == NULL) {
                ifscope = IFSCOPE_NONE;
                ifscope = IFSCOPE_NONE;
-       else
+       } else {
                ifscope = m->m_pkthdr.rcvif->if_index;
                ifscope = m->m_pkthdr.rcvif->if_index;
+       }
 
 
-       /*
-        * Convert TCP protocol specific fields to host format.
-        */
+       /*
+        * Convert TCP protocol specific fields to host format.
+        */
 
 #if BYTE_ORDER != BIG_ENDIAN
 
 #if BYTE_ORDER != BIG_ENDIAN
-       NTOHL(th->th_seq);
-       NTOHL(th->th_ack);
-       NTOHS(th->th_win);
-       NTOHS(th->th_urp);
+       NTOHL(th->th_seq);
+       NTOHL(th->th_ack);
+       NTOHS(th->th_win);
+       NTOHS(th->th_urp);
 #endif
 
        /*
 #endif
 
        /*
@@ -2003,12 +2219,12 @@ findpcb:
            ) {
                /*
                 * Diverted. Pretend to be the destination.
            ) {
                /*
                 * Diverted. Pretend to be the destination.
-                * already got one like this? 
+                * already got one like this?
                 */
                inp = in_pcblookup_hash(&tcbinfo, ip->ip_src, th->th_sport,
                 */
                inp = in_pcblookup_hash(&tcbinfo, ip->ip_src, th->th_sport,
-                       ip->ip_dst, th->th_dport, 0, m->m_pkthdr.rcvif);
+                   ip->ip_dst, th->th_dport, 0, m->m_pkthdr.rcvif);
                if (!inp) {
                if (!inp) {
-                       /* 
+                       /*
                         * No, then it's new. Try find the ambushing socket
                         */
                        if (!next_hop->sin_port) {
                         * No, then it's new. Try find the ambushing socket
                         */
                        if (!next_hop->sin_port) {
@@ -2018,24 +2234,24 @@ findpcb:
                        } else {
                                inp = in_pcblookup_hash(&tcbinfo,
                                    ip->ip_src, th->th_sport,
                        } else {
                                inp = in_pcblookup_hash(&tcbinfo,
                                    ip->ip_src, th->th_sport,
-                                   next_hop->sin_addr,
+                                   next_hop->sin_addr,
                                    ntohs(next_hop->sin_port), 1,
                                    m->m_pkthdr.rcvif);
                        }
                }
        } else
                                    ntohs(next_hop->sin_port), 1,
                                    m->m_pkthdr.rcvif);
                        }
                }
        } else
-#endif /* IPFIREWALL_FORWARD */
-      {
+#endif  /* IPFIREWALL_FORWARD */
+       {
 #if INET6
 #if INET6
-       if (isipv6)
-               inp = in6_pcblookup_hash(&tcbinfo, &ip6->ip6_src, th->th_sport,
-                                        &ip6->ip6_dst, th->th_dport, 1,
-                                        m->m_pkthdr.rcvif);
-       else
+               if (isipv6) {
+                       inp = in6_pcblookup_hash(&tcbinfo, &ip6->ip6_src, th->th_sport,
+                           &ip6->ip6_dst, th->th_dport, 1,
+                           m->m_pkthdr.rcvif);
+               } else
 #endif /* INET6 */
 #endif /* INET6 */
-       inp = in_pcblookup_hash(&tcbinfo, ip->ip_src, th->th_sport,
-           ip->ip_dst, th->th_dport, 1, m->m_pkthdr.rcvif);
-      }
+               inp = in_pcblookup_hash(&tcbinfo, ip->ip_src, th->th_sport,
+                   ip->ip_dst, th->th_dport, 1, m->m_pkthdr.rcvif);
+       }
 
        /*
         * Use the interface scope information from the PCB for outbound
 
        /*
         * Use the interface scope information from the PCB for outbound
@@ -2043,8 +2259,9 @@ findpcb:
         * enabled, tcp_respond will use the scope of the interface where
         * the segment arrived on.
         */
         * enabled, tcp_respond will use the scope of the interface where
         * the segment arrived on.
         */
-       if (inp != NULL && (inp->inp_flags & INP_BOUND_IF))
+       if (inp != NULL && (inp->inp_flags & INP_BOUND_IF)) {
                ifscope = inp->inp_boundifp->if_index;
                ifscope = inp->inp_boundifp->if_index;
+       }
 
        /*
         * If the state is CLOSED (i.e., TCB does not exist) then
 
        /*
         * If the state is CLOSED (i.e., TCB does not exist) then
@@ -2072,56 +2289,63 @@ findpcb:
                        }
                        switch (log_in_vain) {
                        case 1:
                        }
                        switch (log_in_vain) {
                        case 1:
-                               if(thflags & TH_SYN)
+                               if (thflags & TH_SYN) {
                                        log(LOG_INFO,
                                        log(LOG_INFO,
-                                               "Connection attempt to TCP %s:%d from %s:%d\n",
-                                               dbuf, ntohs(th->th_dport),
-                                               sbuf,
-                                               ntohs(th->th_sport));
+                                           "Connection attempt to TCP %s:%d from %s:%d\n",
+                                           dbuf, ntohs(th->th_dport),
+                                           sbuf,
+                                           ntohs(th->th_sport));
+                               }
                                break;
                        case 2:
                                log(LOG_INFO,
                                break;
                        case 2:
                                log(LOG_INFO,
-                                       "Connection attempt to TCP %s:%d from %s:%d flags:0x%x\n",
-                                       dbuf, ntohs(th->th_dport), sbuf,
-                                       ntohs(th->th_sport), thflags);
+                                   "Connection attempt to TCP %s:%d from %s:%d flags:0x%x\n",
+                                   dbuf, ntohs(th->th_dport), sbuf,
+                                   ntohs(th->th_sport), thflags);
                                break;
                        case 3:
                        case 4:
                                if ((thflags & TH_SYN) && !(thflags & TH_ACK) &&
                                break;
                        case 3:
                        case 4:
                                if ((thflags & TH_SYN) && !(thflags & TH_ACK) &&
-                                       !(m->m_flags & (M_BCAST | M_MCAST)) &&
+                                   !(m->m_flags & (M_BCAST | M_MCAST)) &&
 #if INET6
 #if INET6
-                                       ((isipv6 && !IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &ip6->ip6_src)) ||
-                                        (!isipv6 && ip->ip_dst.s_addr != ip->ip_src.s_addr))
+                                   ((isipv6 && !IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &ip6->ip6_src)) ||
+                                   (!isipv6 && ip->ip_dst.s_addr != ip->ip_src.s_addr))
 #else
 #else
-                                       ip->ip_dst.s_addr != ip->ip_src.s_addr
+                                   ip->ip_dst.s_addr != ip->ip_src.s_addr
 #endif
 #endif
-                                        )
+                                   ) {
                                        log_in_vain_log((LOG_INFO,
                                        log_in_vain_log((LOG_INFO,
-                                               "Stealth Mode connection attempt to TCP %s:%d from %s:%d\n",
-                                               dbuf, ntohs(th->th_dport),
-                                               sbuf,
-                                               ntohs(th->th_sport)));
+                                           "Stealth Mode connection attempt to TCP %s:%d from %s:%d\n",
+                                           dbuf, ntohs(th->th_dport),
+                                           sbuf,
+                                           ntohs(th->th_sport)));
+                               }
                                break;
                        default:
                                break;
                        }
                }
                                break;
                        default:
                                break;
                        }
                }
-               if (blackhole) { 
-                       if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type != IFT_LOOP)
-                               
+               if (blackhole) {
+                       if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type != IFT_LOOP) {
                                switch (blackhole) {
                                case 1:
                                switch (blackhole) {
                                case 1:
-                                       if (thflags & TH_SYN)
+                                       if (thflags & TH_SYN) {
+                                               TCP_LOG_DROP_PKT(TCP_LOG_HDR, th, ifp, "blackhole 1 syn for closed port");
                                                goto dropnosock;
                                                goto dropnosock;
+                                       }
                                        break;
                                case 2:
                                        break;
                                case 2:
+                                       TCP_LOG_DROP_PKT(TCP_LOG_HDR, th, ifp, "blackhole 2 closed port");
                                        goto dropnosock;
                                default:
                                        goto dropnosock;
                                default:
+                                       TCP_LOG_DROP_PKT(TCP_LOG_HDR, th, ifp, "blackhole closed port");
                                        goto dropnosock;
                                }
                                        goto dropnosock;
                                }
+                       }
                }
                rstreason = BANDLIM_RST_CLOSEDPORT;
                IF_TCP_STATINC(ifp, noconnnolist);
                }
                rstreason = BANDLIM_RST_CLOSEDPORT;
                IF_TCP_STATINC(ifp, noconnnolist);
+               TCP_LOG_DROP_PKT(TCP_LOG_HDR, th, ifp, "closed port");
                goto dropwithresetnosock;
        }
        so = inp->inp_socket;
                goto dropwithresetnosock;
        }
        so = inp->inp_socket;
@@ -2135,91 +2359,172 @@ findpcb:
 #if TEMPDEBUG
                printf("tcp_input: no more socket for inp=%x. This shouldn't happen\n", inp);
 #endif
 #if TEMPDEBUG
                printf("tcp_input: no more socket for inp=%x. This shouldn't happen\n", inp);
 #endif
+               TCP_LOG_DROP_PKT(TCP_LOG_HDR, th, ifp, "inp_socket NULL");
                goto dropnosock;
        }
 
                goto dropnosock;
        }
 
-       tcp_lock(so, 1, 0);
+       socket_lock(so, 1);
        if (in_pcb_checkstate(inp, WNT_RELEASE, 1) == WNT_STOPUSING) {
        if (in_pcb_checkstate(inp, WNT_RELEASE, 1) == WNT_STOPUSING) {
-               tcp_unlock(so, 1, (void *)2);
-               inp = NULL;     // pretend we didn't find it
+               socket_unlock(so, 1);
+               inp = NULL;     // pretend we didn't find it
+               TCP_LOG_DROP_PKT(TCP_LOG_HDR, th, ifp, "inp state WNT_STOPUSING");
                goto dropnosock;
        }
 
                goto dropnosock;
        }
 
-#if NECP
-#if INET6
-       if (isipv6) {
-               if (!necp_socket_is_allowed_to_send_recv_v6(inp, th->th_dport,
-                                                           th->th_sport,
-                                                           &ip6->ip6_dst,
-                                                           &ip6->ip6_src,
-                                                           ifp, NULL, NULL)) {
-                       IF_TCP_STATINC(ifp, badformatipsec);
-                       goto drop;
+       if (!isipv6 && inp->inp_faddr.s_addr != INADDR_ANY) {
+               if (inp->inp_faddr.s_addr != ip->ip_src.s_addr ||
+                   inp->inp_laddr.s_addr != ip->ip_dst.s_addr ||
+                   inp->inp_fport != th->th_sport ||
+                   inp->inp_lport != th->th_dport) {
+                       os_log_error(OS_LOG_DEFAULT, "%s 5-tuple does not match: %u:%u %u:%u\n",
+                           __func__,
+                           ntohs(inp->inp_fport), ntohs(th->th_sport),
+                           ntohs(inp->inp_lport), ntohs(th->th_dport));
+                       if (findpcb_iterated) {
+                               goto drop;
+                       }
+                       findpcb_iterated = true;
+                       socket_unlock(so, 1);
+                       inp = NULL;
+                       goto findpcb;
                }
                }
-       } else
-#endif
-       {
-               if (!necp_socket_is_allowed_to_send_recv_v4(inp, th->th_dport,
-                                                           th->th_sport,
-                                                           &ip->ip_dst,
-                                                           &ip->ip_src,
-                                                           ifp, NULL, NULL)) {
-                       IF_TCP_STATINC(ifp, badformatipsec);
-                       goto drop;
+       } else if (isipv6 && !IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
+               if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, &ip6->ip6_src) ||
+                   !IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, &ip6->ip6_dst) ||
+                   inp->inp_fport != th->th_sport ||
+                   inp->inp_lport != th->th_dport) {
+                       os_log_error(OS_LOG_DEFAULT, "%s 5-tuple does not match: %u:%u %u:%u\n",
+                           __func__,
+                           ntohs(inp->inp_fport), ntohs(th->th_sport),
+                           ntohs(inp->inp_lport), ntohs(th->th_dport));
+                       if (findpcb_iterated) {
+                               goto drop;
+                       }
+                       findpcb_iterated = true;
+                       socket_unlock(so, 1);
+                       inp = NULL;
+                       goto findpcb;
                }
        }
                }
        }
-#endif /* NECP */
 
        tp = intotcpcb(inp);
 
        tp = intotcpcb(inp);
-       if (tp == 0) {
+       if (tp == NULL) {
                rstreason = BANDLIM_RST_CLOSEDPORT;
                IF_TCP_STATINC(ifp, noconnlist);
                rstreason = BANDLIM_RST_CLOSEDPORT;
                IF_TCP_STATINC(ifp, noconnlist);
+               TCP_LOG_DROP_PKT(TCP_LOG_HDR, th, ifp, "tp is NULL");
                goto dropwithreset;
        }
                goto dropwithreset;
        }
-       if (tp->t_state == TCPS_CLOSED)
+
+       TCP_LOG_TH_FLAGS(TCP_LOG_HDR, th, tp, false, ifp);
+
+       if (tp->t_state == TCPS_CLOSED) {
+               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "tp state TCPS_CLOSED");
+               goto drop;
+       }
+
+#if NECP
+       if (so->so_state & SS_ISCONNECTED) {
+               // Connected TCP sockets have a fully-bound local and remote,
+               // so the policy check doesn't need to override addresses
+               if (!necp_socket_is_allowed_to_send_recv(inp, ifp, NULL, NULL, NULL)) {
+                       TCP_LOG_DROP_NECP(TCP_LOG_HDR, th, intotcpcb(inp), false);
+                       IF_TCP_STATINC(ifp, badformat);
+                       goto drop;
+               }
+       } else {
+               /*
+                * If the proc_uuid_policy table has been updated since the last use
+                * of the listening socket (i.e., the proc_uuid_policy_table_gencount
+                * has been updated), the flags in the socket may be out of date.
+                * If INP2_WANT_APP_POLICY is stale, inbound packets may
+                * be dropped by NECP if the socket should now match a per-app
+                * exception policy.
+                * In order to avoid this refresh the proc_uuid_policy state to
+                * potentially recalculate the socket's flags before checking
+                * with NECP.
+                */
+               (void) inp_update_policy(inp);
+#if INET6
+               if (isipv6) {
+                       if (!necp_socket_is_allowed_to_send_recv_v6(inp,
+                           th->th_dport, th->th_sport, &ip6->ip6_dst,
+                           &ip6->ip6_src, ifp, NULL, NULL, NULL)) {
+                               TCP_LOG_DROP_NECP(TCP_LOG_HDR, th, intotcpcb(inp), false);
+                               IF_TCP_STATINC(ifp, badformat);
+                               goto drop;
+                       }
+               } else
+#endif
+               {
+                       if (!necp_socket_is_allowed_to_send_recv_v4(inp,
+                           th->th_dport, th->th_sport, &ip->ip_dst, &ip->ip_src,
+                           ifp, NULL, NULL, NULL)) {
+                               TCP_LOG_DROP_NECP(TCP_LOG_HDR, th, intotcpcb(inp), false);
+                               IF_TCP_STATINC(ifp, badformat);
+                               goto drop;
+                       }
+               }
+       }
+#endif /* NECP */
+
+       prev_t_state = tp->t_state;
+
+       /* If none of the FIN|SYN|RST|ACK flag is set, drop */
+       if (tcp_do_rfc5961 && (thflags & TH_ACCEPT) == 0) {
+               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "rfc5961 TH_ACCEPT == 0");
                goto drop;
                goto drop;
+       }
 
        /* Unscale the window into a 32-bit value. */
 
        /* Unscale the window into a 32-bit value. */
-       if ((thflags & TH_SYN) == 0)
+       if ((thflags & TH_SYN) == 0) {
                tiwin = th->th_win << tp->snd_scale;
                tiwin = th->th_win << tp->snd_scale;
-       else
+       } else {
                tiwin = th->th_win;
                tiwin = th->th_win;
+       }
+
 
 #if CONFIG_MACF_NET
 
 #if CONFIG_MACF_NET
-       if (mac_inpcb_check_deliver(inp, m, AF_INET, SOCK_STREAM))
+       if (mac_inpcb_check_deliver(inp, m, AF_INET, SOCK_STREAM)) {
+               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "mac_inpcb_check_deliver failed");
                goto drop;
                goto drop;
+       }
 #endif
 
        /* Avoid processing packets while closing a listen socket */
 #endif
 
        /* Avoid processing packets while closing a listen socket */
-       if (tp->t_state == TCPS_LISTEN && 
-               (so->so_options & SO_ACCEPTCONN) == 0) 
+       if (tp->t_state == TCPS_LISTEN &&
+           (so->so_options & SO_ACCEPTCONN) == 0) {
+               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "closing a listening socket");
                goto drop;
                goto drop;
+       }
 
 
-       if (so->so_options & (SO_DEBUG|SO_ACCEPTCONN)) {
+       if (so->so_options & (SO_DEBUG | SO_ACCEPTCONN)) {
 #if TCPDEBUG
                if (so->so_options & SO_DEBUG) {
                        ostate = tp->t_state;
 #if INET6
 #if TCPDEBUG
                if (so->so_options & SO_DEBUG) {
                        ostate = tp->t_state;
 #if INET6
-                       if (isipv6)
+                       if (isipv6) {
                                bcopy((char *)ip6, (char *)tcp_saveipgen,
                                bcopy((char *)ip6, (char *)tcp_saveipgen,
-                                     sizeof(*ip6));
-                       else
+                                   sizeof(*ip6));
+                       else
 #endif /* INET6 */
                        bcopy((char *)ip, (char *)tcp_saveipgen, sizeof(*ip));
                        tcp_savetcp = *th;
                }
 #endif
                if (so->so_options & SO_ACCEPTCONN) {
 #endif /* INET6 */
                        bcopy((char *)ip, (char *)tcp_saveipgen, sizeof(*ip));
                        tcp_savetcp = *th;
                }
 #endif
                if (so->so_options & SO_ACCEPTCONN) {
-                   register struct tcpcb *tp0 = tp;
+                       struct tcpcb *tp0 = tp;
                        struct socket *so2;
                        struct socket *oso;
                        struct sockaddr_storage from;
                        struct socket *so2;
                        struct socket *oso;
                        struct sockaddr_storage from;
+                       struct sockaddr_storage to2;
 #if INET6
                        struct inpcb *oinp = sotoinpcb(so);
 #endif /* INET6 */
                        struct ifnet *head_ifscope;
                        unsigned int head_nocell, head_recvanyif,
 #if INET6
                        struct inpcb *oinp = sotoinpcb(so);
 #endif /* INET6 */
                        struct ifnet *head_ifscope;
                        unsigned int head_nocell, head_recvanyif,
-                                    head_noexpensive, head_awdl_unrestricted;
+                           head_noexpensive, head_awdl_unrestricted,
+                           head_intcoproc_allowed, head_external_port,
+                           head_noconstrained;
 
                        /* Get listener's bound-to-interface, if any */
                        head_ifscope = (inp->inp_flags & INP_BOUND_IF) ?
 
                        /* Get listener's bound-to-interface, if any */
                        head_ifscope = (inp->inp_flags & INP_BOUND_IF) ?
@@ -2230,7 +2535,10 @@ findpcb:
                        head_recvanyif = (inp->inp_flags & INP_RECV_ANYIF);
                        /* Get listener's no-expensive information, if any */
                        head_noexpensive = INP_NO_EXPENSIVE(inp);
                        head_recvanyif = (inp->inp_flags & INP_RECV_ANYIF);
                        /* Get listener's no-expensive information, if any */
                        head_noexpensive = INP_NO_EXPENSIVE(inp);
+                       head_noconstrained = INP_NO_CONSTRAINED(inp);
                        head_awdl_unrestricted = INP_AWDL_UNRESTRICTED(inp);
                        head_awdl_unrestricted = INP_AWDL_UNRESTRICTED(inp);
+                       head_intcoproc_allowed = INP_INTCOPROC_ALLOWED(inp);
+                       head_external_port = (inp->inp_flags2 & INP2_EXTERNAL_PORT);
 
                        /*
                         * If the state is LISTEN then ignore segment if it contains an RST.
 
                        /*
                         * If the state is LISTEN then ignore segment if it contains an RST.
@@ -2238,13 +2546,15 @@ findpcb:
                         * If it does not contain a SYN then it is not interesting; drop it.
                         * If it is from this socket, drop it, it must be forged.
                         */
                         * If it does not contain a SYN then it is not interesting; drop it.
                         * If it is from this socket, drop it, it must be forged.
                         */
-                       if ((thflags & (TH_RST|TH_ACK|TH_SYN)) != TH_SYN) {
+                       if ((thflags & (TH_RST | TH_ACK | TH_SYN)) != TH_SYN) {
                                IF_TCP_STATINC(ifp, listbadsyn);
 
                                if (thflags & TH_RST) {
                                IF_TCP_STATINC(ifp, listbadsyn);
 
                                if (thflags & TH_RST) {
+                                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "SYN with RST");
                                        goto drop;
                                }
                                if (thflags & TH_ACK) {
                                        goto drop;
                                }
                                if (thflags & TH_ACK) {
+                                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "SYN with ACK");
                                        tp = NULL;
                                        tcpstat.tcps_badsyn++;
                                        rstreason = BANDLIM_RST_OPENPORT;
                                        tp = NULL;
                                        tcpstat.tcps_badsyn++;
                                        rstreason = BANDLIM_RST_OPENPORT;
@@ -2253,19 +2563,24 @@ findpcb:
 
                                /* We come here if there is no SYN set */
                                tcpstat.tcps_badsyn++;
 
                                /* We come here if there is no SYN set */
                                tcpstat.tcps_badsyn++;
+                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "bad SYN");
                                goto drop;
                        }
                                goto drop;
                        }
-                       KERNEL_DEBUG(DBG_FNC_TCP_NEWCONN | DBG_FUNC_START,0,0,0,0,0);
-                       if (th->th_dport == th->th_sport) {
+                       KERNEL_DEBUG(DBG_FNC_TCP_NEWCONN | DBG_FUNC_START, 0, 0, 0, 0, 0);
+                       if (th->th_dport == th->th_sport) {
 #if INET6
                                if (isipv6) {
                                        if (IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
 #if INET6
                                if (isipv6) {
                                        if (IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
-                                                       &ip6->ip6_src))
+                                           &ip6->ip6_src)) {
+                                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "bad tuple same port");
                                                goto drop;
                                                goto drop;
+                                       }
                                } else
 #endif /* INET6 */
                                } else
 #endif /* INET6 */
-                                       if (ip->ip_dst.s_addr == ip->ip_src.s_addr)
-                                               goto drop;
+                               if (ip->ip_dst.s_addr == ip->ip_src.s_addr) {
+                                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "bad tuple same IPv4 address");
+                                       goto drop;
+                               }
                        }
                        /*
                         * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN
                        }
                        /*
                         * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN
@@ -2275,20 +2590,26 @@ findpcb:
                         * Packets with a multicast source address should also
                         * be discarded.
                         */
                         * Packets with a multicast source address should also
                         * be discarded.
                         */
-                       if (m->m_flags & (M_BCAST|M_MCAST))
+                       if (m->m_flags & (M_BCAST | M_MCAST)) {
+                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "mbuf M_BCAST | M_MCAST");
                                goto drop;
                                goto drop;
+                       }
 #if INET6
                        if (isipv6) {
                                if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
 #if INET6
                        if (isipv6) {
                                if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
-                                       IN6_IS_ADDR_MULTICAST(&ip6->ip6_src))
+                                   IN6_IS_ADDR_MULTICAST(&ip6->ip6_src)) {
+                                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "IN6_IS_ADDR_MULTICAST");
                                        goto drop;
                                        goto drop;
+                               }
                        } else
 #endif
                        if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) ||
                        } else
 #endif
                        if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) ||
-                               IN_MULTICAST(ntohl(ip->ip_src.s_addr)) ||
-                               ip->ip_src.s_addr == htonl(INADDR_BROADCAST) ||
-                               in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
+                           IN_MULTICAST(ntohl(ip->ip_src.s_addr)) ||
+                           ip->ip_src.s_addr == htonl(INADDR_BROADCAST) ||
+                           in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif)) {
+                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "multicast or broadcast address");
                                goto drop;
                                goto drop;
+                       }
 
 
 #if INET6
 
 
 #if INET6
@@ -2316,33 +2637,52 @@ findpcb:
                                                tp = NULL;
                                                rstreason = BANDLIM_RST_OPENPORT;
                                                IF_TCP_STATINC(ifp, deprecate6);
                                                tp = NULL;
                                                rstreason = BANDLIM_RST_OPENPORT;
                                                IF_TCP_STATINC(ifp, deprecate6);
+                                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "deprecated IPv6 address");
                                                goto dropwithreset;
                                        }
                                }
                        }
 #endif
                                                goto dropwithreset;
                                        }
                                }
                        }
 #endif
-                       if (so->so_filt) {
+                       if (so->so_filt || check_cfil) {
 #if INET6
                                if (isipv6) {
 #if INET6
                                if (isipv6) {
-                                       struct sockaddr_in6     *sin6 = (struct sockaddr_in6*)&from;
-                                       
+                                       struct sockaddr_in6     *sin6 = (struct sockaddr_in6*)&from;
+
                                        sin6->sin6_len = sizeof(*sin6);
                                        sin6->sin6_family = AF_INET6;
                                        sin6->sin6_port = th->th_sport;
                                        sin6->sin6_flowinfo = 0;
                                        sin6->sin6_addr = ip6->ip6_src;
                                        sin6->sin6_scope_id = 0;
                                        sin6->sin6_len = sizeof(*sin6);
                                        sin6->sin6_family = AF_INET6;
                                        sin6->sin6_port = th->th_sport;
                                        sin6->sin6_flowinfo = 0;
                                        sin6->sin6_addr = ip6->ip6_src;
                                        sin6->sin6_scope_id = 0;
-                               }
-                               else
+
+                                       sin6 = (struct sockaddr_in6*)&to2;
+
+                                       sin6->sin6_len = sizeof(struct sockaddr_in6);
+                                       sin6->sin6_family = AF_INET6;
+                                       sin6->sin6_port = th->th_dport;
+                                       sin6->sin6_flowinfo = 0;
+                                       sin6->sin6_addr = ip6->ip6_dst;
+                                       sin6->sin6_scope_id = 0;
+                               } else
 #endif
                                {
                                        struct sockaddr_in *sin = (struct sockaddr_in*)&from;
 #endif
                                {
                                        struct sockaddr_in *sin = (struct sockaddr_in*)&from;
-                                       
+
                                        sin->sin_len = sizeof(*sin);
                                        sin->sin_family = AF_INET;
                                        sin->sin_port = th->th_sport;
                                        sin->sin_addr = ip->ip_src;
                                        sin->sin_len = sizeof(*sin);
                                        sin->sin_family = AF_INET;
                                        sin->sin_port = th->th_sport;
                                        sin->sin_addr = ip->ip_src;
+
+                                       sin = (struct sockaddr_in*)&to2;
+
+                                       sin->sin_len = sizeof(struct sockaddr_in);
+                                       sin->sin_family = AF_INET;
+                                       sin->sin_port = th->th_dport;
+                                       sin->sin_addr = ip->ip_dst;
                                }
                                }
+                       }
+
+                       if (so->so_filt) {
                                so2 = sonewconn(so, 0, (struct sockaddr*)&from);
                        } else {
                                so2 = sonewconn(so, 0, NULL);
                                so2 = sonewconn(so, 0, (struct sockaddr*)&from);
                        } else {
                                so2 = sonewconn(so, 0, NULL);
@@ -2350,13 +2690,16 @@ findpcb:
                        if (so2 == 0) {
                                tcpstat.tcps_listendrop++;
                                if (tcp_dropdropablreq(so)) {
                        if (so2 == 0) {
                                tcpstat.tcps_listendrop++;
                                if (tcp_dropdropablreq(so)) {
-                                       if (so->so_filt)
+                                       if (so->so_filt) {
                                                so2 = sonewconn(so, 0, (struct sockaddr*)&from);
                                                so2 = sonewconn(so, 0, (struct sockaddr*)&from);
-                                       else
+                                       } else {
                                                so2 = sonewconn(so, 0, NULL);
                                                so2 = sonewconn(so, 0, NULL);
+                                       }
                                }
                                }
-                               if (!so2) 
+                               if (!so2) {
+                                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, " listen drop");
                                        goto drop;
                                        goto drop;
+                               }
                        }
 
                        /* Point "inp" and "tp" in tandem to new socket */
                        }
 
                        /* Point "inp" and "tp" in tandem to new socket */
@@ -2364,10 +2707,10 @@ findpcb:
                        tp = intotcpcb(inp);
 
                        oso = so;
                        tp = intotcpcb(inp);
 
                        oso = so;
-                       tcp_unlock(so, 0, 0); /* Unlock but keep a reference on listener for now */
+                       socket_unlock(so, 0); /* Unlock but keep a reference on listener for now */
 
                        so = so2;
 
                        so = so2;
-                       tcp_lock(so, 1, 0);
+                       socket_lock(so, 1);
                        /*
                         * Mark socket as temporary until we're
                         * committed to keeping it.  The code at
                        /*
                         * Mark socket as temporary until we're
                         * committed to keeping it.  The code at
@@ -2395,29 +2738,43 @@ findpcb:
                        /*
                         * Inherit restrictions from listener.
                         */
                        /*
                         * Inherit restrictions from listener.
                         */
-                       if (head_nocell)
+                       if (head_nocell) {
                                inp_set_nocellular(inp);
                                inp_set_nocellular(inp);
-                       if (head_noexpensive)
+                       }
+                       if (head_noexpensive) {
                                inp_set_noexpensive(inp);
                                inp_set_noexpensive(inp);
-                       if (head_awdl_unrestricted)
+                       }
+                       if (head_noconstrained) {
+                               inp_set_noconstrained(inp);
+                       }
+                       if (head_awdl_unrestricted) {
                                inp_set_awdl_unrestricted(inp);
                                inp_set_awdl_unrestricted(inp);
+                       }
+                       if (head_intcoproc_allowed) {
+                               inp_set_intcoproc_allowed(inp);
+                       }
                        /*
                         * Inherit {IN,IN6}_RECV_ANYIF from listener.
                         */
                        /*
                         * Inherit {IN,IN6}_RECV_ANYIF from listener.
                         */
-                       if (head_recvanyif)
+                       if (head_recvanyif) {
                                inp->inp_flags |= INP_RECV_ANYIF;
                                inp->inp_flags |= INP_RECV_ANYIF;
-                       else
+                       } else {
                                inp->inp_flags &= ~INP_RECV_ANYIF;
                                inp->inp_flags &= ~INP_RECV_ANYIF;
+                       }
+
+                       if (head_external_port) {
+                               inp->inp_flags2 |= INP2_EXTERNAL_PORT;
+                       }
 #if INET6
 #if INET6
-                       if (isipv6)
+                       if (isipv6) {
                                inp->in6p_laddr = ip6->ip6_dst;
                                inp->in6p_laddr = ip6->ip6_dst;
-                       else {
+                       else {
                                inp->inp_vflag &= ~INP_IPV6;
                                inp->inp_vflag |= INP_IPV4;
 #endif /* INET6 */
                                inp->inp_vflag &= ~INP_IPV6;
                                inp->inp_vflag |= INP_IPV4;
 #endif /* INET6 */
-                               inp->inp_laddr = ip->ip_dst;
+                       inp->inp_laddr = ip->ip_dst;
 #if INET6
 #if INET6
-                       }
+               }
 #endif /* INET6 */
                        inp->inp_lport = th->th_dport;
                        if (in_pcbinshash(inp, 0) != 0) {
 #endif /* INET6 */
                        inp->inp_lport = th->th_dport;
                        if (in_pcbinshash(inp, 0) != 0) {
@@ -2426,122 +2783,147 @@ findpcb:
                                 * put the PCB on the hash lists.
                                 */
 #if INET6
                                 * put the PCB on the hash lists.
                                 */
 #if INET6
-                               if (isipv6)
+                               if (isipv6) {
                                        inp->in6p_laddr = in6addr_any;
                                        inp->in6p_laddr = in6addr_any;
-                               else
+                               else
 #endif /* INET6 */
 #endif /* INET6 */
-                                       inp->inp_laddr.s_addr = INADDR_ANY;
+                               inp->inp_laddr.s_addr = INADDR_ANY;
                                inp->inp_lport = 0;
                                inp->inp_lport = 0;
-                               tcp_lock(oso, 0, 0);    /* release ref on parent */
-                               tcp_unlock(oso, 1, 0);
+                               socket_lock(oso, 0);    /* release ref on parent */
+                               socket_unlock(oso, 1);
+                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, " in_pcbinshash failed");
                                goto drop;
                        }
 #if INET6
                        if (isipv6) {
                                goto drop;
                        }
 #if INET6
                        if (isipv6) {
-                               /*
-                                * Inherit socket options from the listening
-                                * socket.
-                                * Note that in6p_inputopts are not (even
-                                * should not be) copied, since it stores
+                               /*
+                                * Inherit socket options from the listening
+                                * socket.
+                                * Note that in6p_inputopts are not (even
+                                * should not be) copied, since it stores
                                 * previously received options and is used to
                                 * previously received options and is used to
-                                * detect if each new option is different than
-                                * the previous one and hence should be passed
-                                * to a user.
-                                * If we copied in6p_inputopts, a user would
-                                * not be able to receive options just after
-                                * calling the accept system call.
-                                */
+                                * detect if each new option is different than
+                                * the previous one and hence should be passed
+                                * to a user.
+                                * If we copied in6p_inputopts, a user would
+                                * not be able to receive options just after
+                                * calling the accept system call.
+                                */
                                inp->inp_flags |=
                                inp->inp_flags |=
-                                       oinp->inp_flags & INP_CONTROLOPTS;
-                               if (oinp->in6p_outputopts)
-                                       inp->in6p_outputopts =
-                                               ip6_copypktopts(oinp->in6p_outputopts,
-                                                               M_NOWAIT);
+                                   oinp->inp_flags & INP_CONTROLOPTS;
+                               if (oinp->in6p_outputopts) {
+                                       inp->in6p_outputopts =
+                                           ip6_copypktopts(oinp->in6p_outputopts,
+                                           M_NOWAIT);
+                               }
                        } else
 #endif /* INET6 */
                        {
                                inp->inp_options = ip_srcroute();
                                inp->inp_ip_tos = oinp->inp_ip_tos;
                        }
                        } else
 #endif /* INET6 */
                        {
                                inp->inp_options = ip_srcroute();
                                inp->inp_ip_tos = oinp->inp_ip_tos;
                        }
-                       tcp_lock(oso, 0, 0);
+                       socket_lock(oso, 0);
 #if IPSEC
                        /* copy old policy into new socket's */
 #if IPSEC
                        /* copy old policy into new socket's */
-                       if (sotoinpcb(oso)->inp_sp)
-                       {
+                       if (sotoinpcb(oso)->inp_sp) {
                                int error = 0;
                                /* Is it a security hole here to silently fail to copy the policy? */
                                int error = 0;
                                /* Is it a security hole here to silently fail to copy the policy? */
-                               if (inp->inp_sp != NULL)
+                               if (inp->inp_sp != NULL) {
                                        error = ipsec_init_policy(so, &inp->inp_sp);
                                        error = ipsec_init_policy(so, &inp->inp_sp);
-                               if (error != 0 || ipsec_copy_policy(sotoinpcb(oso)->inp_sp, inp->inp_sp))
+                               }
+                               if (error != 0 || ipsec_copy_policy(sotoinpcb(oso)->inp_sp, inp->inp_sp)) {
                                        printf("tcp_input: could not copy policy\n");
                                        printf("tcp_input: could not copy policy\n");
+                               }
                        }
 #endif
                        /* inherit states from the listener */
                        DTRACE_TCP4(state__change, void, NULL, struct inpcb *, inp,
                        }
 #endif
                        /* inherit states from the listener */
                        DTRACE_TCP4(state__change, void, NULL, struct inpcb *, inp,
-                               struct tcpcb *, tp, int32_t, TCPS_LISTEN);
+                           struct tcpcb *, tp, int32_t, TCPS_LISTEN);
                        tp->t_state = TCPS_LISTEN;
                        tp->t_state = TCPS_LISTEN;
-                       tp->t_flags |= tp0->t_flags & (TF_NOPUSH|TF_NOOPT|TF_NODELAY);
-                       tp->t_flagsext |= (tp0->t_flagsext & (TF_RXTFINDROP|TF_NOTIMEWAIT|TF_FASTOPEN));
+                       tp->t_flags |= tp0->t_flags & (TF_NOPUSH | TF_NOOPT | TF_NODELAY);
+                       tp->t_flagsext |= (tp0->t_flagsext & (TF_RXTFINDROP | TF_NOTIMEWAIT | TF_FASTOPEN));
                        tp->t_keepinit = tp0->t_keepinit;
                        tp->t_keepcnt = tp0->t_keepcnt;
                        tp->t_keepintvl = tp0->t_keepintvl;
                        tp->t_adaptive_wtimo = tp0->t_adaptive_wtimo;
                        tp->t_adaptive_rtimo = tp0->t_adaptive_rtimo;
                        tp->t_inpcb->inp_ip_ttl = tp0->t_inpcb->inp_ip_ttl;
                        tp->t_keepinit = tp0->t_keepinit;
                        tp->t_keepcnt = tp0->t_keepcnt;
                        tp->t_keepintvl = tp0->t_keepintvl;
                        tp->t_adaptive_wtimo = tp0->t_adaptive_wtimo;
                        tp->t_adaptive_rtimo = tp0->t_adaptive_rtimo;
                        tp->t_inpcb->inp_ip_ttl = tp0->t_inpcb->inp_ip_ttl;
-                       if ((so->so_flags & SOF_NOTSENT_LOWAT) != 0)
+                       if ((so->so_flags & SOF_NOTSENT_LOWAT) != 0) {
                                tp->t_notsent_lowat = tp0->t_notsent_lowat;
                                tp->t_notsent_lowat = tp0->t_notsent_lowat;
+                       }
+                       tp->t_inpcb->inp_flags2 |=
+                           tp0->t_inpcb->inp_flags2 & INP2_KEEPALIVE_OFFLOAD;
 
                        /* now drop the reference on the listener */
 
                        /* now drop the reference on the listener */
-                       tcp_unlock(oso, 1, 0);
+                       socket_unlock(oso, 1);
 
 
-                       tcp_set_max_rwinscale(tp, so);
+                       tcp_set_max_rwinscale(tp, so, ifp);
 
 
-                       KERNEL_DEBUG(DBG_FNC_TCP_NEWCONN | DBG_FUNC_END,0,0,0,0,0);
+#if CONTENT_FILTER
+                       if (check_cfil) {
+                               int error = cfil_sock_attach(so2, (struct sockaddr*)&to2, (struct sockaddr*)&from,
+                                   CFS_CONNECTION_DIR_IN);
+                               if (error != 0) {
+                                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, " cfil_sock_attach failed");
+                                       goto drop;
+                               }
+                       }
+#endif /* CONTENT_FILTER */
+
+                       KERNEL_DEBUG(DBG_FNC_TCP_NEWCONN | DBG_FUNC_END, 0, 0, 0, 0, 0);
                }
        }
                }
        }
-       lck_mtx_assert(&((struct inpcb *)so->so_pcb)->inpcb_mtx,
-               LCK_MTX_ASSERT_OWNED);
+       socket_lock_assert_owned(so);
+
+       if (net_mpklog_enabled && (m->m_pkthdr.rcvif->if_xflags & IFXF_MPK_LOG)) {
+               MPKL_TCP_INPUT(tcp_mpkl_log_object,
+                   ntohs(tp->t_inpcb->inp_lport), ntohs(tp->t_inpcb->inp_fport),
+                   th->th_seq, th->th_ack, tlen, thflags,
+                   so->last_pid, so->so_log_seqn++);
+       }
 
        if (tp->t_state == TCPS_ESTABLISHED && tlen > 0) {
 
        if (tp->t_state == TCPS_ESTABLISHED && tlen > 0) {
-               /* 
-                * Evaluate the rate of arrival of packets to see if the 
-                * receiver can reduce the ack traffic. The algorithm to 
-                * stretch acks will be enabled if the connection meets 
+               /*
+                * Evaluate the rate of arrival of packets to see if the
+                * receiver can reduce the ack traffic. The algorithm to
+                * stretch acks will be enabled if the connection meets
                 * certain criteria defined in tcp_stretch_ack_enable function.
                 */
                if ((tp->t_flagsext & TF_RCVUNACK_WAITSS) != 0) {
                        TCP_INC_VAR(tp->rcv_waitforss, nlropkts);
                }
                 * certain criteria defined in tcp_stretch_ack_enable function.
                 */
                if ((tp->t_flagsext & TF_RCVUNACK_WAITSS) != 0) {
                        TCP_INC_VAR(tp->rcv_waitforss, nlropkts);
                }
-               if (tcp_stretch_ack_enable(tp)) {
+               if (tcp_stretch_ack_enable(tp, thflags)) {
                        tp->t_flags |= TF_STRETCHACK;
                        tp->t_flagsext &= ~(TF_RCVUNACK_WAITSS);
                        tp->rcv_waitforss = 0;
                } else {
                        tp->t_flags &= ~(TF_STRETCHACK);
                }
                        tp->t_flags |= TF_STRETCHACK;
                        tp->t_flagsext &= ~(TF_RCVUNACK_WAITSS);
                        tp->rcv_waitforss = 0;
                } else {
                        tp->t_flags &= ~(TF_STRETCHACK);
                }
-               if (TSTMP_GT(tp->rcv_unackwin, tcp_now)) {
+               if (TSTMP_GT(tp->rcv_unackwin - (tcp_rcvunackwin >> 1), tcp_now)) {
+                       tp->rcv_by_unackhalfwin += (tlen + off);
                        tp->rcv_by_unackwin += (tlen + off);
                } else {
                        tp->rcv_unackwin = tcp_now + tcp_rcvunackwin;
                        tp->rcv_by_unackwin += (tlen + off);
                } else {
                        tp->rcv_unackwin = tcp_now + tcp_rcvunackwin;
-                       tp->rcv_by_unackwin = tlen + off;
+                       tp->rcv_by_unackwin = tp->rcv_by_unackhalfwin + tlen + off;
+                       tp->rcv_by_unackhalfwin = tlen + off;
                }
        }
 
                }
        }
 
-       /* 
+       /*
         * Keep track of how many bytes were received in the LRO packet
         */
         * Keep track of how many bytes were received in the LRO packet
         */
-       if ((pktf_sw_lro_pkt) && (nlropkts > 2))  {
+       if ((pktf_sw_lro_pkt) && (nlropkts > 2)) {
                tp->t_lropktlen += tlen;
        }
        /*
         * Explicit Congestion Notification - Flag that we need to send ECT if
                tp->t_lropktlen += tlen;
        }
        /*
         * Explicit Congestion Notification - Flag that we need to send ECT if
-        *      + The IP Congestion experienced flag was set.
-        *      + Socket is in established state
-        *      + We negotiated ECN in the TCP setup
-        *      + This isn't a pure ack (tlen > 0)
-        *      + The data is in the valid window
+        *      + The IP Congestion experienced flag was set.
+        *      + Socket is in established state
+        *      + We negotiated ECN in the TCP setup
+        *      + This isn't a pure ack (tlen > 0)
+        *      + The data is in the valid window
         *
         *
-        *      TE_SENDECE will be cleared when we receive a packet with TH_CWR set.
+        *      TE_SENDECE will be cleared when we receive a packet with TH_CWR set.
         */
        if (ip_ecn == IPTOS_ECN_CE && tp->t_state == TCPS_ESTABLISHED &&
            TCP_ECN_ENABLED(tp) && tlen > 0 &&
         */
        if (ip_ecn == IPTOS_ECN_CE && tp->t_state == TCPS_ESTABLISHED &&
            TCP_ECN_ENABLED(tp) && tlen > 0 &&
@@ -2564,8 +2946,8 @@ findpcb:
                tp->t_ecn_recv_cwr++;
        }
 
                tp->t_ecn_recv_cwr++;
        }
 
-       /* 
-        * If we received an  explicit notification of congestion in 
+       /*
+        * If we received an  explicit notification of congestion in
         * ip tos ecn bits or by the CWR bit in TCP header flags, reset
         * the ack-strteching state. We need to handle ECN notification if
         * an ECN setup SYN was sent even once.
         * ip tos ecn bits or by the CWR bit in TCP header flags, reset
         * the ack-strteching state. We need to handle ECN notification if
         * an ECN setup SYN was sent even once.
@@ -2592,7 +2974,7 @@ findpcb:
                        tcpstat.tcps_ecn_fallback_ce++;
                        tcp_heuristic_ecn_aggressive(tp);
                        tp->ecn_flags |= TE_CEHEURI_SET;
                        tcpstat.tcps_ecn_fallback_ce++;
                        tcp_heuristic_ecn_aggressive(tp);
                        tp->ecn_flags |= TE_CEHEURI_SET;
-                       INP_INC_IFNET_STAT(inp,ecn_fallback_ce);
+                       INP_INC_IFNET_STAT(inp, ecn_fallback_ce);
                } else {
                        /* We tracked the first ECN_MIN_CE_PROBES segments, we
                         * now know that the path is good.
                } else {
                        /* We tracked the first ECN_MIN_CE_PROBES segments, we
                         * now know that the path is good.
@@ -2601,17 +2983,17 @@ findpcb:
                }
        }
 
                }
        }
 
-       /* 
+       /*
         * Try to determine if we are receiving a packet after a long time.
         * Try to determine if we are receiving a packet after a long time.
-        * Use our own approximation of idletime to roughly measure remote 
+        * Use our own approximation of idletime to roughly measure remote
         * end's idle time. Since slowstart is used after an idle period
         * we want to avoid doing LRO if the remote end is not up to date
         * on initial window support and starts with 1 or 2 packets as its IW.
         */
         * end's idle time. Since slowstart is used after an idle period
         * we want to avoid doing LRO if the remote end is not up to date
         * on initial window support and starts with 1 or 2 packets as its IW.
         */
-        if (sw_lro && (tp->t_flagsext & TF_LRO_OFFLOADED) &&
-               ((tcp_now - tp->t_rcvtime) >= (TCP_IDLETIMEOUT(tp)))) {
+       if (sw_lro && (tp->t_flagsext & TF_LRO_OFFLOADED) &&
+           ((tcp_now - tp->t_rcvtime) >= (TCP_IDLETIMEOUT(tp)))) {
                turnoff_lro = 1;
                turnoff_lro = 1;
-        }
+       }
 
        /* Update rcvtime as a new segment was received on the connection */
        tp->t_rcvtime = tcp_now;
 
        /* Update rcvtime as a new segment was received on the connection */
        tp->t_rcvtime = tcp_now;
@@ -2620,32 +3002,39 @@ findpcb:
         * Segment received on connection.
         * Reset idle time and keep-alive timer.
         */
         * Segment received on connection.
         * Reset idle time and keep-alive timer.
         */
-       if (TCPS_HAVEESTABLISHED(tp->t_state))
+       if (TCPS_HAVEESTABLISHED(tp->t_state)) {
                tcp_keepalive_reset(tp);
 
                tcp_keepalive_reset(tp);
 
+               if (tp->t_mpsub) {
+                       mptcp_reset_keepalive(tp);
+               }
+       }
+
        /*
         * Process options if not in LISTEN state,
         * else do it below (after getting remote address).
         */
        if (tp->t_state != TCPS_LISTEN && optp) {
                tcp_dooptions(tp, optp, optlen, th, &to);
        /*
         * Process options if not in LISTEN state,
         * else do it below (after getting remote address).
         */
        if (tp->t_state != TCPS_LISTEN && optp) {
                tcp_dooptions(tp, optp, optlen, th, &to);
+       }
 #if MPTCP
 #if MPTCP
-               if (mptcp_input_preproc(tp, m, drop_hdrlen) != 0) {
-                       tp->t_flags |= TF_ACKNOW;
-                       (void) tcp_output(tp);
-                       tcp_check_timer_state(tp);
-                       tcp_unlock(so, 1, 0);
-                       KERNEL_DEBUG(DBG_FNC_TCP_INPUT |
-                           DBG_FUNC_END,0,0,0,0,0);
-                       return;
-               }
-#endif /* MPTCP */
+       if (tp->t_state != TCPS_LISTEN && (so->so_flags & SOF_MP_SUBFLOW) &&
+           mptcp_input_preproc(tp, m, th, drop_hdrlen) != 0) {
+               tp->t_flags |= TF_ACKNOW;
+               (void) tcp_output(tp);
+               tcp_check_timer_state(tp);
+               socket_unlock(so, 1);
+               KERNEL_DEBUG(DBG_FNC_TCP_INPUT |
+                   DBG_FUNC_END, 0, 0, 0, 0, 0);
+               return;
        }
        }
+#endif /* MPTCP */
        if (tp->t_state == TCPS_SYN_SENT && (thflags & TH_SYN)) {
                if (!(thflags & TH_ACK) ||
                    (SEQ_GT(th->th_ack, tp->iss) &&
        if (tp->t_state == TCPS_SYN_SENT && (thflags & TH_SYN)) {
                if (!(thflags & TH_ACK) ||
                    (SEQ_GT(th->th_ack, tp->iss) &&
-                   SEQ_LEQ(th->th_ack, tp->snd_max)))
+                   SEQ_LEQ(th->th_ack, tp->snd_max))) {
                        tcp_finalize_options(tp, &to, ifscope);
                        tcp_finalize_options(tp, &to, ifscope);
+               }
        }
 
 #if TRAFFIC_MGT
        }
 
 #if TRAFFIC_MGT
@@ -2661,12 +3050,11 @@ findpcb:
         * to queuing in edge/access routers.
         */
        if (tp->t_state == TCPS_ESTABLISHED &&
         * to queuing in edge/access routers.
         */
        if (tp->t_state == TCPS_ESTABLISHED &&
-           (thflags & (TH_SYN|TH_FIN|TH_RST|TH_URG|TH_ACK|TH_ECE|TH_PUSH)) == TH_ACK &&
-           ((tp->t_flags & (TF_NEEDSYN|TF_NEEDFIN)) == 0) &&
+           (thflags & (TH_SYN | TH_FIN | TH_RST | TH_URG | TH_ACK | TH_ECE | TH_PUSH)) == TH_ACK &&
+           ((tp->t_flags & (TF_NEEDSYN | TF_NEEDFIN)) == 0) &&
            ((to.to_flags & TOF_TS) == 0 ||
            ((to.to_flags & TOF_TS) == 0 ||
-            TSTMP_GEQ(to.to_tsval, tp->ts_recent)) &&
-           th->th_seq == tp->rcv_nxt &&
-           LIST_EMPTY(&tp->t_segq)) {
+           TSTMP_GEQ(to.to_tsval, tp->ts_recent)) &&
+           th->th_seq == tp->rcv_nxt && LIST_EMPTY(&tp->t_segq)) {
                int seg_size = tlen;
                if (tp->iaj_pktcnt <= IAJ_IGNORE_PKTCNT) {
                        TCP_INC_VAR(tp->iaj_pktcnt, nlropkts);
                int seg_size = tlen;
                if (tp->iaj_pktcnt <= IAJ_IGNORE_PKTCNT) {
                        TCP_INC_VAR(tp->iaj_pktcnt, nlropkts);
@@ -2675,8 +3063,8 @@ findpcb:
                if (m->m_pkthdr.pkt_flags & PKTF_SW_LRO_PKT) {
                        seg_size = m->m_pkthdr.lro_pktlen;
                }
                if (m->m_pkthdr.pkt_flags & PKTF_SW_LRO_PKT) {
                        seg_size = m->m_pkthdr.lro_pktlen;
                }
-               if ( tp->iaj_size == 0 || seg_size > tp->iaj_size ||
-                       (seg_size == tp->iaj_size && tp->iaj_rcv_ts == 0)) {
+               if (tp->iaj_size == 0 || seg_size > tp->iaj_size ||
+                   (seg_size == tp->iaj_size && tp->iaj_rcv_ts == 0)) {
                        /*
                         * State related to inter-arrival jitter is
                         * uninitialized or we are trying to find a good
                        /*
                         * State related to inter-arrival jitter is
                         * uninitialized or we are trying to find a good
@@ -2689,13 +3077,14 @@ findpcb:
                                 * Compute inter-arrival jitter taking
                                 * this packet as the second packet
                                 */
                                 * Compute inter-arrival jitter taking
                                 * this packet as the second packet
                                 */
-                               if (pktf_sw_lro_pkt)
+                               if (pktf_sw_lro_pkt) {
                                        compute_iaj(tp, nlropkts,
                                            m->m_pkthdr.lro_elapsed);
                                        compute_iaj(tp, nlropkts,
                                            m->m_pkthdr.lro_elapsed);
-                               else
+                               } else {
                                        compute_iaj(tp, 1, 0);
                                        compute_iaj(tp, 1, 0);
-                       } 
-                       if (seg_size  < tp->iaj_size) {
+                               }
+                       }
+                       if (seg_size < tp->iaj_size) {
                                /*
                                 * There is a smaller packet in the stream.
                                 * Some times the maximum size supported
                                /*
                                 * There is a smaller packet in the stream.
                                 * Some times the maximum size supported
@@ -2706,7 +3095,7 @@ findpcb:
                                 * iaj_size, we try to learn the iaj_size
                                 * again.
                                 */
                                 * iaj_size, we try to learn the iaj_size
                                 * again.
                                 */
-                               TCP_INC_VAR(tp->iaj_small_pkt, nlropkts); 
+                               TCP_INC_VAR(tp->iaj_small_pkt, nlropkts);
                                if (tp->iaj_small_pkt > RESET_IAJ_SIZE_THRESH) {
                                        update_iaj_state(tp, seg_size, 1);
                                } else {
                                if (tp->iaj_small_pkt > RESET_IAJ_SIZE_THRESH) {
                                        update_iaj_state(tp, seg_size, 1);
                                } else {
@@ -2739,14 +3128,13 @@ findpcb:
         * be TH_NEEDSYN.
         */
        if (tp->t_state == TCPS_ESTABLISHED &&
         * be TH_NEEDSYN.
         */
        if (tp->t_state == TCPS_ESTABLISHED &&
-           (thflags & (TH_SYN|TH_FIN|TH_RST|TH_URG|TH_ACK|TH_ECE|TH_CWR)) == TH_ACK &&
-           ((tp->t_flags & (TF_NEEDSYN|TF_NEEDFIN)) == 0) &&
+           (thflags & (TH_SYN | TH_FIN | TH_RST | TH_URG | TH_ACK | TH_ECE | TH_CWR)) == TH_ACK &&
+           ((tp->t_flags & (TF_NEEDSYN | TF_NEEDFIN)) == 0) &&
            ((to.to_flags & TOF_TS) == 0 ||
            ((to.to_flags & TOF_TS) == 0 ||
-            TSTMP_GEQ(to.to_tsval, tp->ts_recent)) &&
+           TSTMP_GEQ(to.to_tsval, tp->ts_recent)) &&
            th->th_seq == tp->rcv_nxt &&
            tiwin && tiwin == tp->snd_wnd &&
            tp->snd_nxt == tp->snd_max) {
            th->th_seq == tp->rcv_nxt &&
            tiwin && tiwin == tp->snd_wnd &&
            tp->snd_nxt == tp->snd_max) {
-
                /*
                 * If last ACK falls within this segment's sequence numbers,
                 * record the timestamp.
                /*
                 * If last ACK falls within this segment's sequence numbers,
                 * record the timestamp.
@@ -2754,7 +3142,7 @@ findpcb:
                 * proposal of the tcplw@cray.com list (Braden 1993/04/26).
                 */
                if ((to.to_flags & TOF_TS) != 0 &&
                 * proposal of the tcplw@cray.com list (Braden 1993/04/26).
                 */
                if ((to.to_flags & TOF_TS) != 0 &&
-                  SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
+                   SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
                        tp->ts_recent_age = tcp_now;
                        tp->ts_recent = to.to_tsval;
                }
                        tp->ts_recent_age = tcp_now;
                        tp->ts_recent = to.to_tsval;
                }
@@ -2763,8 +3151,8 @@ findpcb:
                        if (SEQ_GT(th->th_ack, tp->snd_una) &&
                            SEQ_LEQ(th->th_ack, tp->snd_max) &&
                            tp->snd_cwnd >= tp->snd_ssthresh &&
                        if (SEQ_GT(th->th_ack, tp->snd_una) &&
                            SEQ_LEQ(th->th_ack, tp->snd_max) &&
                            tp->snd_cwnd >= tp->snd_ssthresh &&
-                           (!IN_FASTRECOVERY(tp) && 
-                           ((!(SACK_ENABLED(tp)) && 
+                           (!IN_FASTRECOVERY(tp) &&
+                           ((!(SACK_ENABLED(tp)) &&
                            tp->t_dupacks < tp->t_rexmtthresh) ||
                            (SACK_ENABLED(tp) && to.to_nsacks == 0 &&
                            TAILQ_EMPTY(&tp->snd_holes))))) {
                            tp->t_dupacks < tp->t_rexmtthresh) ||
                            (SACK_ENABLED(tp) && to.to_nsacks == 0 &&
                            TAILQ_EMPTY(&tp->snd_holes))))) {
@@ -2773,7 +3161,7 @@ findpcb:
                                 */
                                ++tcpstat.tcps_predack;
 
                                 */
                                ++tcpstat.tcps_predack;
 
-                               tcp_bad_rexmt_check(tp, th, &to),
+                               tcp_bad_rexmt_check(tp, th, &to);
 
                                /* Recalculate the RTT */
                                tcp_compute_rtt(tp, &to, th);
 
                                /* Recalculate the RTT */
                                tcp_compute_rtt(tp, &to, th);
@@ -2782,15 +3170,16 @@ findpcb:
                                acked = BYTES_ACKED(th, tp);
                                tcpstat.tcps_rcvackpack++;
                                tcpstat.tcps_rcvackbyte += acked;
                                acked = BYTES_ACKED(th, tp);
                                tcpstat.tcps_rcvackpack++;
                                tcpstat.tcps_rcvackbyte += acked;
-                               
+
                                /*
                                 * Handle an ack that is in sequence during
                                 * congestion avoidance phase. The
                                 * calculations in this function
                                /*
                                 * Handle an ack that is in sequence during
                                 * congestion avoidance phase. The
                                 * calculations in this function
-                                * assume that snd_una is not updated yet. 
+                                * assume that snd_una is not updated yet.
                                 */
                                 */
-                               if (CC_ALGO(tp)->congestion_avd != NULL)
+                               if (CC_ALGO(tp)->congestion_avd != NULL) {
                                        CC_ALGO(tp)->congestion_avd(tp, th);
                                        CC_ALGO(tp)->congestion_avd(tp, th);
+                               }
                                tcp_ccdbg_trace(tp, th, TCP_CC_INSEQ_ACK_RCVD);
                                sbdrop(&so->so_snd, acked);
                                if (so->so_flags & SOF_ENABLE_MSGS) {
                                tcp_ccdbg_trace(tp, th, TCP_CC_INSEQ_ACK_RCVD);
                                sbdrop(&so->so_snd, acked);
                                if (so->so_flags & SOF_ENABLE_MSGS) {
@@ -2800,10 +3189,13 @@ findpcb:
                                tcp_sbsnd_trim(&so->so_snd);
 
                                if (SEQ_GT(tp->snd_una, tp->snd_recover) &&
                                tcp_sbsnd_trim(&so->so_snd);
 
                                if (SEQ_GT(tp->snd_una, tp->snd_recover) &&
-                                   SEQ_LEQ(th->th_ack, tp->snd_recover))
+                                   SEQ_LEQ(th->th_ack, tp->snd_recover)) {
                                        tp->snd_recover = th->th_ack - 1;
                                        tp->snd_recover = th->th_ack - 1;
+                               }
                                tp->snd_una = th->th_ack;
 
                                tp->snd_una = th->th_ack;
 
+                               TCP_RESET_REXMT_STATE(tp);
+
                                /*
                                 * pull snd_wl2 up to prevent seq wrap relative
                                 * to th_ack.
                                /*
                                 * pull snd_wl2 up to prevent seq wrap relative
                                 * to th_ack.
@@ -2836,13 +3228,20 @@ findpcb:
                                }
                                if (!SLIST_EMPTY(&tp->t_rxt_segments) &&
                                    !TCP_DSACK_SEQ_IN_WINDOW(tp,
                                }
                                if (!SLIST_EMPTY(&tp->t_rxt_segments) &&
                                    !TCP_DSACK_SEQ_IN_WINDOW(tp,
-                                   tp->t_dsack_lastuna, tp->snd_una))
+                                   tp->t_dsack_lastuna, tp->snd_una)) {
                                        tcp_rxtseg_clean(tp);
                                        tcp_rxtseg_clean(tp);
+                               }
 
                                if ((tp->t_flagsext & TF_MEASURESNDBW) != 0 &&
 
                                if ((tp->t_flagsext & TF_MEASURESNDBW) != 0 &&
-                                       tp->t_bwmeas != NULL)
+                                   tp->t_bwmeas != NULL) {
                                        tcp_bwmeas_check(tp);
                                        tcp_bwmeas_check(tp);
-                               sowwakeup(so); /* has to be done with socket lock held */
+                               }
+
+                               write_wakeup = 1;
+                               if (!SLIST_EMPTY(&tp->t_notify_ack)) {
+                                       tcp_notify_acknowledgement(tp, so);
+                               }
+
                                if ((so->so_snd.sb_cc) || (tp->t_flags & TF_ACKNOW)) {
                                        (void) tcp_output(tp);
                                }
                                if ((so->so_snd.sb_cc) || (tp->t_flags & TF_ACKNOW)) {
                                        (void) tcp_output(tp);
                                }
@@ -2850,8 +3249,11 @@ findpcb:
                                tcp_tfo_rcv_ack(tp, th);
 
                                tcp_check_timer_state(tp);
                                tcp_tfo_rcv_ack(tp, th);
 
                                tcp_check_timer_state(tp);
-                               tcp_unlock(so, 1, 0);
-                               KERNEL_DEBUG(DBG_FNC_TCP_INPUT | DBG_FUNC_END,0,0,0,0,0);
+
+                               tcp_handle_wakeup(so, read_wakeup, write_wakeup);
+
+                               socket_unlock(so, 1);
+                               KERNEL_DEBUG(DBG_FNC_TCP_INPUT | DBG_FUNC_END, 0, 0, 0, 0, 0);
                                return;
                        }
                } else if (th->th_ack == tp->snd_una &&
                                return;
                        }
                } else if (th->th_ack == tp->snd_una &&
@@ -2864,32 +3266,33 @@ findpcb:
                         */
 
                        /*
                         */
 
                        /*
-                        * If this is a connection in steady state, start
+                        * If this is a connection in steady state, start
                         * coalescing packets belonging to this flow.
                         */
                        if (turnoff_lro) {
                                tcp_lro_remove_state(tp->t_inpcb->inp_laddr,
                         * coalescing packets belonging to this flow.
                         */
                        if (turnoff_lro) {
                                tcp_lro_remove_state(tp->t_inpcb->inp_laddr,
-                                       tp->t_inpcb->inp_faddr,
-                                       tp->t_inpcb->inp_lport, 
-                                       tp->t_inpcb->inp_fport);
+                                   tp->t_inpcb->inp_faddr,
+                                   tp->t_inpcb->inp_lport,
+                                   tp->t_inpcb->inp_fport);
                                tp->t_flagsext &= ~TF_LRO_OFFLOADED;
                                tp->t_idleat = tp->rcv_nxt;
                        } else if (sw_lro && !pktf_sw_lro_pkt && !isipv6 &&
                                tp->t_flagsext &= ~TF_LRO_OFFLOADED;
                                tp->t_idleat = tp->rcv_nxt;
                        } else if (sw_lro && !pktf_sw_lro_pkt && !isipv6 &&
-                           (so->so_flags & SOF_USELRO) &&      
+                           (so->so_flags & SOF_USELRO) &&
                            !IFNET_IS_CELLULAR(m->m_pkthdr.rcvif) &&
                            !IFNET_IS_CELLULAR(m->m_pkthdr.rcvif) &&
-                           (m->m_pkthdr.rcvif->if_type != IFT_LOOP) &&
-                           ((th->th_seq - tp->irs) > 
+                           (m->m_pkthdr.rcvif->if_type != IFT_LOOP) &&
+                           ((th->th_seq - tp->irs) >
                            (tp->t_maxseg << lro_start)) &&
                            (tp->t_maxseg << lro_start)) &&
-                           ((tp->t_idleat == 0) || ((th->th_seq - 
-                            tp->t_idleat) > (tp->t_maxseg << lro_start)))) {
+                           ((tp->t_idleat == 0) || ((th->th_seq -
+                           tp->t_idleat) > (tp->t_maxseg << lro_start)))) {
                                tp->t_flagsext |= TF_LRO_OFFLOADED;
                                tcp_start_coalescing(ip, th, tlen);
                                tp->t_idleat = 0;
                        }
 
                        /* Clean receiver SACK report if present */
                                tp->t_flagsext |= TF_LRO_OFFLOADED;
                                tcp_start_coalescing(ip, th, tlen);
                                tp->t_idleat = 0;
                        }
 
                        /* Clean receiver SACK report if present */
-                       if (SACK_ENABLED(tp) && tp->rcv_numsacks)
+                       if (SACK_ENABLED(tp) && tp->rcv_numsacks) {
                                tcp_clean_sackreport(tp);
                                tcp_clean_sackreport(tp);
+                       }
                        ++tcpstat.tcps_preddat;
                        tp->rcv_nxt += tlen;
                        /*
                        ++tcpstat.tcps_preddat;
                        tp->rcv_nxt += tlen;
                        /*
@@ -2906,59 +3309,71 @@ findpcb:
                        tcpstat.tcps_rcvbyte += tlen;
                        if (nstat_collect) {
                                if (m->m_pkthdr.pkt_flags & PKTF_SW_LRO_PKT) {
                        tcpstat.tcps_rcvbyte += tlen;
                        if (nstat_collect) {
                                if (m->m_pkthdr.pkt_flags & PKTF_SW_LRO_PKT) {
-                                       INP_ADD_STAT(inp, cell, wifi, wired, 
+                                       INP_ADD_STAT(inp, cell, wifi, wired,
                                            rxpackets, m->m_pkthdr.lro_npkts);
                                } else {
                                        INP_ADD_STAT(inp, cell, wifi, wired,
                                            rxpackets, 1);
                                }
                                            rxpackets, m->m_pkthdr.lro_npkts);
                                } else {
                                        INP_ADD_STAT(inp, cell, wifi, wired,
                                            rxpackets, 1);
                                }
-                               INP_ADD_STAT(inp, cell, wifi, wired,rxbytes,
+                               INP_ADD_STAT(inp, cell, wifi, wired, rxbytes,
                                    tlen);
                                    tlen);
+                               inp_set_activity_bitmap(inp);
                        }
 
                        /*
                        }
 
                        /*
-                        * Calculate the RTT on the receiver only if the 
-                        * connection is in streaming mode and the last 
+                        * Calculate the RTT on the receiver only if the
+                        * connection is in streaming mode and the last
                         * packet was not an end-of-write
                         */
                         * packet was not an end-of-write
                         */
-                       if ((tp->t_flags & TF_STRETCHACK) &&
-                               !(tp->t_flagsext & TF_STREAMEOW))
+                       if (tp->t_flags & TF_STREAMING_ON) {
                                tcp_compute_rtt(tp, &to, th);
                                tcp_compute_rtt(tp, &to, th);
+                       }
+
+                       tcp_sbrcv_grow(tp, &so->so_rcv, &to, tlen,
+                           TCP_AUTORCVBUF_MAX(ifp));
 
 
-                       tcp_sbrcv_grow(tp, &so->so_rcv, &to, tlen);
-                       
                        /*
                         * Add data to socket buffer.
                         */
                        so_recv_data_stat(so, m, 0);
                        /*
                         * Add data to socket buffer.
                         */
                        so_recv_data_stat(so, m, 0);
-                       m_adj(m, drop_hdrlen);  /* delayed header drop */
-                       
+                       m_adj(m, drop_hdrlen);  /* delayed header drop */
+
                        /*
                        /*
-                        * If message delivery (SOF_ENABLE_MSGS) is enabled on  
+                        * If message delivery (SOF_ENABLE_MSGS) is enabled on
                         * this socket, deliver the packet received as an
                         * in-order message with sequence number attached to it.
                         */
                         * this socket, deliver the packet received as an
                         * in-order message with sequence number attached to it.
                         */
-                       if (sbappendstream_rcvdemux(so, m, 
+                       if (isipv6) {
+                               memcpy(&saved_hdr, ip6, sizeof(struct ip6_hdr));
+                               ip6 = (struct ip6_hdr *)&saved_hdr[0];
+                       } else {
+                               memcpy(&saved_hdr, ip, ip->ip_hl << 2);
+                               ip = (struct ip *)&saved_hdr[0];
+                       }
+                       memcpy(&saved_tcphdr, th, sizeof(struct tcphdr));
+                       if (sbappendstream_rcvdemux(so, m,
                            th->th_seq - (tp->irs + 1), 0)) {
                            th->th_seq - (tp->irs + 1), 0)) {
-                               sorwakeup(so);
-                       }           
+                               mptcp_handle_input(so);
+                               read_wakeup = 1;
+                       }
+                       th = &saved_tcphdr;
+
 #if INET6
                        if (isipv6) {
                                KERNEL_DEBUG(DBG_LAYER_END, ((th->th_dport << 16) | th->th_sport),
 #if INET6
                        if (isipv6) {
                                KERNEL_DEBUG(DBG_LAYER_END, ((th->th_dport << 16) | th->th_sport),
-                                       (((ip6->ip6_src.s6_addr16[0]) << 16) | (ip6->ip6_dst.s6_addr16[0])),
-                                       th->th_seq, th->th_ack, th->th_win); 
-                       }
-                       else
-#endif 
+                                   (((ip6->ip6_src.s6_addr16[0]) << 16) | (ip6->ip6_dst.s6_addr16[0])),
+                                   th->th_seq, th->th_ack, th->th_win);
+                       } else
+#endif
                        {
                                KERNEL_DEBUG(DBG_LAYER_END, ((th->th_dport << 16) | th->th_sport),
                        {
                                KERNEL_DEBUG(DBG_LAYER_END, ((th->th_dport << 16) | th->th_sport),
-                                       (((ip->ip_src.s_addr & 0xffff) << 16) | (ip->ip_dst.s_addr & 0xffff)),
-                                       th->th_seq, th->th_ack, th->th_win); 
+                                   (((ip->ip_src.s_addr & 0xffff) << 16) | (ip->ip_dst.s_addr & 0xffff)),
+                                   th->th_seq, th->th_ack, th->th_win);
                        }
                        TCP_INC_VAR(tp->t_unacksegs, nlropkts);
                        }
                        TCP_INC_VAR(tp->t_unacksegs, nlropkts);
-                       if (DELAY_ACK(tp, th))  {
+                       if (DELAY_ACK(tp, th)) {
                                if ((tp->t_flags & TF_DELACK) == 0) {
                                if ((tp->t_flags & TF_DELACK) == 0) {
-                                       tp->t_flags |= TF_DELACK;
+                                       tp->t_flags |= TF_DELACK;
                                        tp->t_timer[TCPT_DELACK] = OFFSET_FROM_START(tp, tcp_delack);
                                }
                        } else {
                                        tp->t_timer[TCPT_DELACK] = OFFSET_FROM_START(tp, tcp_delack);
                                }
                        } else {
@@ -2968,12 +3383,16 @@ findpcb:
 
                        tcp_adaptive_rwtimo_check(tp, tlen);
 
 
                        tcp_adaptive_rwtimo_check(tp, tlen);
 
-                       if (tlen > 0)
+                       if (tlen > 0) {
                                tcp_tfo_rcv_data(tp);
                                tcp_tfo_rcv_data(tp);
+                       }
 
                        tcp_check_timer_state(tp);
 
                        tcp_check_timer_state(tp);
-                       tcp_unlock(so, 1, 0);
-                       KERNEL_DEBUG(DBG_FNC_TCP_INPUT | DBG_FUNC_END,0,0,0,0,0);
+
+                       tcp_handle_wakeup(so, read_wakeup, write_wakeup);
+
+                       socket_unlock(so, 1);
+                       KERNEL_DEBUG(DBG_FNC_TCP_INPUT | DBG_FUNC_END, 0, 0, 0, 0, 0);
                        return;
                }
        }
                        return;
                }
        }
@@ -2984,14 +3403,14 @@ findpcb:
         * Receive window is amount of space in rcv queue,
         * but not less than advertised window.
         */
         * Receive window is amount of space in rcv queue,
         * but not less than advertised window.
         */
-       lck_mtx_assert(&((struct inpcb *)so->so_pcb)->inpcb_mtx,
-           LCK_MTX_ASSERT_OWNED);
+       socket_lock_assert_owned(so);
        win = tcp_sbspace(tp);
        win = tcp_sbspace(tp);
-       if (win < 0)
+       if (win < 0) {
                win = 0;
                win = 0;
-       else {  /* clip rcv window to 4K for modems */
-               if (tp->t_flags & TF_SLOWLINK && slowlink_wsize > 0)
+       } else { /* clip rcv window to 4K for modems */
+               if (tp->t_flags & TF_SLOWLINK && slowlink_wsize > 0) {
                        win = min(win, slowlink_wsize);
                        win = min(win, slowlink_wsize);
+               }
        }
        tp->rcv_wnd = imax(win, (int)(tp->rcv_adv - tp->rcv_nxt));
 #if MPTCP
        }
        tp->rcv_wnd = imax(win, (int)(tp->rcv_adv - tp->rcv_nxt));
 #if MPTCP
@@ -3001,17 +3420,16 @@ findpcb:
         */
        if ((tp->t_mpflags & TMPF_MPTCP_TRUE) &&
            (mp_tp = tptomptp(tp))) {
         */
        if ((tp->t_mpflags & TMPF_MPTCP_TRUE) &&
            (mp_tp = tptomptp(tp))) {
-               MPT_LOCK(mp_tp);
-               if (tp->rcv_wnd > mp_tp->mpt_rcvwnd) {
-                       tp->rcv_wnd = mp_tp->mpt_rcvwnd;
+               socket_lock_assert_owned(mptetoso(mp_tp->mpt_mpte));
+
+               if (tp->rcv_wnd > (int)(mp_tp->mpt_rcvadv - (uint32_t)mp_tp->mpt_rcvnxt)) {
+                       tp->rcv_wnd = mp_tp->mpt_rcvadv - (uint32_t)mp_tp->mpt_rcvnxt;
                        tcpstat.tcps_mp_reducedwin++;
                }
                        tcpstat.tcps_mp_reducedwin++;
                }
-               MPT_UNLOCK(mp_tp);
        }
 #endif /* MPTCP */
 
        switch (tp->t_state) {
        }
 #endif /* MPTCP */
 
        switch (tp->t_state) {
-
        /*
         * Initialize tp->rcv_nxt, and tp->irs, select an initial
         * tp->iss, and send a segment:
        /*
         * Initialize tp->rcv_nxt, and tp->irs, select an initial
         * tp->iss, and send a segment:
@@ -3022,56 +3440,66 @@ findpcb:
         * segment in this state.
         */
        case TCPS_LISTEN: {
         * segment in this state.
         */
        case TCPS_LISTEN: {
-               register struct sockaddr_in *sin;
+               struct sockaddr_in *sin;
 #if INET6
 #if INET6
-               register struct sockaddr_in6 *sin6;
+               struct sockaddr_in6 *sin6;
 #endif
 
 #endif
 
-               lck_mtx_assert(&((struct inpcb *)so->so_pcb)->inpcb_mtx,
-                   LCK_MTX_ASSERT_OWNED);
+               socket_lock_assert_owned(so);
+
+               /* Clear the logging flags inherited from the listening socket */
+               tp->t_log_flags = 0;
+               tp->t_flagsext &= ~TF_LOGGED_CONN_SUMMARY;
+
 #if INET6
                if (isipv6) {
                        MALLOC(sin6, struct sockaddr_in6 *, sizeof *sin6,
 #if INET6
                if (isipv6) {
                        MALLOC(sin6, struct sockaddr_in6 *, sizeof *sin6,
-                              M_SONAME, M_NOWAIT);
-                       if (sin6 == NULL)
+                           M_SONAME, M_NOWAIT);
+                       if (sin6 == NULL) {
+                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "LISTEN malloc M_SONAME failed");
                                goto drop;
                                goto drop;
+                       }
                        bzero(sin6, sizeof(*sin6));
                        sin6->sin6_family = AF_INET6;
                        sin6->sin6_len = sizeof(*sin6);
                        sin6->sin6_addr = ip6->ip6_src;
                        sin6->sin6_port = th->th_sport;
                        laddr6 = inp->in6p_laddr;
                        bzero(sin6, sizeof(*sin6));
                        sin6->sin6_family = AF_INET6;
                        sin6->sin6_len = sizeof(*sin6);
                        sin6->sin6_addr = ip6->ip6_src;
                        sin6->sin6_port = th->th_sport;
                        laddr6 = inp->in6p_laddr;
-                       if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr))
+                       if (IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
                                inp->in6p_laddr = ip6->ip6_dst;
                                inp->in6p_laddr = ip6->ip6_dst;
+                       }
                        if (in6_pcbconnect(inp, (struct sockaddr *)sin6,
                        if (in6_pcbconnect(inp, (struct sockaddr *)sin6,
-                                          proc0)) {
+                           proc0)) {
                                inp->in6p_laddr = laddr6;
                                FREE(sin6, M_SONAME);
                                inp->in6p_laddr = laddr6;
                                FREE(sin6, M_SONAME);
+                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, " LISTEN in6_pcbconnect failed");
                                goto drop;
                        }
                        FREE(sin6, M_SONAME);
                } else
 #endif
                                goto drop;
                        }
                        FREE(sin6, M_SONAME);
                } else
 #endif
-           {
-                       lck_mtx_assert(
-                           &((struct inpcb *)so->so_pcb)->inpcb_mtx,
-                           LCK_MTX_ASSERT_OWNED);
+               {
+                       socket_lock_assert_owned(so);
                        MALLOC(sin, struct sockaddr_in *, sizeof *sin, M_SONAME,
                        MALLOC(sin, struct sockaddr_in *, sizeof *sin, M_SONAME,
-                      M_NOWAIT);
-                       if (sin == NULL)
+                           M_NOWAIT);
+                       if (sin == NULL) {
+                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "LISTEN malloc M_SONAME failed");
                                goto drop;
                                goto drop;
+                       }
                        sin->sin_family = AF_INET;
                        sin->sin_len = sizeof(*sin);
                        sin->sin_addr = ip->ip_src;
                        sin->sin_port = th->th_sport;
                        bzero((caddr_t)sin->sin_zero, sizeof(sin->sin_zero));
                        laddr = inp->inp_laddr;
                        sin->sin_family = AF_INET;
                        sin->sin_len = sizeof(*sin);
                        sin->sin_addr = ip->ip_src;
                        sin->sin_port = th->th_sport;
                        bzero((caddr_t)sin->sin_zero, sizeof(sin->sin_zero));
                        laddr = inp->inp_laddr;
-                       if (inp->inp_laddr.s_addr == INADDR_ANY)
+                       if (inp->inp_laddr.s_addr == INADDR_ANY) {
                                inp->inp_laddr = ip->ip_dst;
                                inp->inp_laddr = ip->ip_dst;
+                       }
                        if (in_pcbconnect(inp, (struct sockaddr *)sin, proc0,
                            IFSCOPE_NONE, NULL)) {
                                inp->inp_laddr = laddr;
                                FREE(sin, M_SONAME);
                        if (in_pcbconnect(inp, (struct sockaddr *)sin, proc0,
                            IFSCOPE_NONE, NULL)) {
                                inp->inp_laddr = laddr;
                                FREE(sin, M_SONAME);
+                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, " LISTEN in_pcbconnect failed");
                                goto drop;
                        }
                        FREE(sin, M_SONAME);
                                goto drop;
                        }
                        FREE(sin, M_SONAME);
@@ -3080,14 +3508,15 @@ findpcb:
                tcp_dooptions(tp, optp, optlen, th, &to);
                tcp_finalize_options(tp, &to, ifscope);
 
                tcp_dooptions(tp, optp, optlen, th, &to);
                tcp_finalize_options(tp, &to, ifscope);
 
-               if (tfo_enabled(tp) && tcp_tfo_syn(tp, &to))
+               if (tfo_enabled(tp) && tcp_tfo_syn(tp, &to)) {
                        isconnected = TRUE;
                        isconnected = TRUE;
+               }
 
 
-               if (iss)
+               if (iss) {
                        tp->iss = iss;
                        tp->iss = iss;
-               else {
+               else {
                        tp->iss = tcp_new_isn(tp);
                        tp->iss = tcp_new_isn(tp);
-               }
+               }
                tp->irs = th->th_seq;
                tcp_sendseqinit(tp);
                tcp_rcvseqinit(tp);
                tp->irs = th->th_seq;
                tcp_sendseqinit(tp);
                tcp_rcvseqinit(tp);
@@ -3097,18 +3526,21 @@ findpcb:
                 *   set SND.WND = SEG.WND,
                 *   initialize CCsend and CCrecv.
                 */
                 *   set SND.WND = SEG.WND,
                 *   initialize CCsend and CCrecv.
                 */
-               tp->snd_wnd = tiwin;    /* initial send-window */
+               tp->snd_wnd = tiwin;    /* initial send-window */
+               tp->max_sndwnd = tp->snd_wnd;
                tp->t_flags |= TF_ACKNOW;
                tp->t_unacksegs = 0;
                DTRACE_TCP4(state__change, void, NULL, struct inpcb *, inp,
                tp->t_flags |= TF_ACKNOW;
                tp->t_unacksegs = 0;
                DTRACE_TCP4(state__change, void, NULL, struct inpcb *, inp,
-                       struct tcpcb *, tp, int32_t, TCPS_SYN_RECEIVED);
+                   struct tcpcb *, tp, int32_t, TCPS_SYN_RECEIVED);
                tp->t_state = TCPS_SYN_RECEIVED;
                tp->t_state = TCPS_SYN_RECEIVED;
-               tp->t_timer[TCPT_KEEP] = OFFSET_FROM_START(tp, 
-                       TCP_CONN_KEEPINIT(tp));
-               dropsocket = 0;         /* committed to socket */
+               tp->t_timer[TCPT_KEEP] = OFFSET_FROM_START(tp,
+                   TCP_CONN_KEEPINIT(tp));
+               tp->t_connect_time = tcp_now;
+               dropsocket = 0;         /* committed to socket */
 
 
-               if (inp->inp_flowhash == 0)
+               if (inp->inp_flowhash == 0) {
                        inp->inp_flowhash = inp_calc_flowhash(inp);
                        inp->inp_flowhash = inp_calc_flowhash(inp);
+               }
 #if INET6
                /* update flowinfo - RFC 6437 */
                if (inp->inp_flow == 0 &&
 #if INET6
                /* update flowinfo - RFC 6437 */
                if (inp->inp_flow == 0 &&
@@ -3127,15 +3559,13 @@ findpcb:
                        tp->ecn_flags |= (TE_SETUPRECEIVED | TE_SENDIPECT);
                }
 
                        tp->ecn_flags |= (TE_SETUPRECEIVED | TE_SENDIPECT);
                }
 
-#if CONFIG_IFEF_NOWINDOWSCALE
-               if (tcp_obey_ifef_nowindowscale && m->m_pkthdr.rcvif != NULL &&
-                   (m->m_pkthdr.rcvif->if_eflags & IFEF_NOWINDOWSCALE)) {
-                       /* Window scaling is not enabled on this interface */
-                       tp->t_flags &= ~TF_REQ_SCALE;
-               }
-#endif
+               /*
+                * The address and connection state are finalized
+                */
+               TCP_LOG_CONNECT(tp, false, 0);
+
                goto trimthenstep6;
                goto trimthenstep6;
-               }
+       }
 
        /*
         * If the state is SYN_RECEIVED and the seg contains an ACK,
 
        /*
         * If the state is SYN_RECEIVED and the seg contains an ACK,
@@ -3144,10 +3574,11 @@ findpcb:
        case TCPS_SYN_RECEIVED:
                if ((thflags & TH_ACK) &&
                    (SEQ_LEQ(th->th_ack, tp->snd_una) ||
        case TCPS_SYN_RECEIVED:
                if ((thflags & TH_ACK) &&
                    (SEQ_LEQ(th->th_ack, tp->snd_una) ||
-                    SEQ_GT(th->th_ack, tp->snd_max))) {
-                               rstreason = BANDLIM_RST_OPENPORT;
-                               IF_TCP_STATINC(ifp, ooopacket);
-                               goto dropwithreset;
+                   SEQ_GT(th->th_ack, tp->snd_max))) {
+                       rstreason = BANDLIM_RST_OPENPORT;
+                       IF_TCP_STATINC(ifp, ooopacket);
+                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "SYN_RECEIVED bad ACK");
+                       goto dropwithreset;
                }
 
                /*
                }
 
                /*
@@ -3158,8 +3589,9 @@ findpcb:
                 */
                if ((thflags & TH_SYN) &&
                    (tp->irs == th->th_seq) &&
                 */
                if ((thflags & TH_SYN) &&
                    (tp->irs == th->th_seq) &&
-                   !(to.to_flags & TOF_SCALE))
+                   !(to.to_flags & TOF_SCALE)) {
                        tp->t_flags &= ~TF_RCVD_SCALE;
                        tp->t_flags &= ~TF_RCVD_SCALE;
+               }
                break;
 
        /*
                break;
 
        /*
@@ -3177,59 +3609,74 @@ findpcb:
        case TCPS_SYN_SENT:
                if ((thflags & TH_ACK) &&
                    (SEQ_LEQ(th->th_ack, tp->iss) ||
        case TCPS_SYN_SENT:
                if ((thflags & TH_ACK) &&
                    (SEQ_LEQ(th->th_ack, tp->iss) ||
-                    SEQ_GT(th->th_ack, tp->snd_max))) {
+                   SEQ_GT(th->th_ack, tp->snd_max))) {
                        rstreason = BANDLIM_UNLIMITED;
                        IF_TCP_STATINC(ifp, ooopacket);
                        rstreason = BANDLIM_UNLIMITED;
                        IF_TCP_STATINC(ifp, ooopacket);
+                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "SYN_SENT bad ACK");
                        goto dropwithreset;
                }
                if (thflags & TH_RST) {
                        if ((thflags & TH_ACK) != 0) {
                        goto dropwithreset;
                }
                if (thflags & TH_RST) {
                        if ((thflags & TH_ACK) != 0) {
-#if MPTCP
-                               if ((so->so_flags & SOF_MPTCP_FASTJOIN) &&
-                                       SEQ_GT(th->th_ack, tp->iss+1)) {
-                                       so->so_flags &= ~SOF_MPTCP_FASTJOIN;
-                                       /* ignore the RST and retransmit SYN */
-                                       goto drop;
+                               if (tfo_enabled(tp) &&
+                                   !(tp->t_flagsext & TF_FASTOPEN_FORCE_ENABLE)) {
+                                       tcp_heuristic_tfo_rst(tp);
                                }
                                }
-#endif /* MPTCP */
-                               soevent(so, 
+                               if ((tp->ecn_flags & (TE_SETUPSENT | TE_RCVD_SYN_RST)) == TE_SETUPSENT) {
+                                       /*
+                                        * On local connections, send
+                                        * non-ECN syn one time before
+                                        * dropping the connection
+                                        */
+                                       if (tp->t_flags & TF_LOCAL) {
+                                               tp->ecn_flags |= TE_RCVD_SYN_RST;
+                                               goto drop;
+                                       } else {
+                                               tcp_heuristic_ecn_synrst(tp);
+                                       }
+                               }
+                               soevent(so,
                                    (SO_FILT_HINT_LOCKED |
                                    SO_FILT_HINT_CONNRESET));
                                tp = tcp_drop(tp, ECONNREFUSED);
                                postevent(so, 0, EV_RESET);
                        }
                                    (SO_FILT_HINT_LOCKED |
                                    SO_FILT_HINT_CONNRESET));
                                tp = tcp_drop(tp, ECONNREFUSED);
                                postevent(so, 0, EV_RESET);
                        }
+                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "SYN_SENT got RST");
                        goto drop;
                }
                        goto drop;
                }
-               if ((thflags & TH_SYN) == 0)
+               if ((thflags & TH_SYN) == 0) {
+                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "SYN_SENT no SYN");
                        goto drop;
                        goto drop;
-               tp->snd_wnd = th->th_win;       /* initial send window */
+               }
+               tp->snd_wnd = th->th_win;       /* initial send window */
+               tp->max_sndwnd = tp->snd_wnd;
 
                tp->irs = th->th_seq;
                tcp_rcvseqinit(tp);
                if (thflags & TH_ACK) {
                        tcpstat.tcps_connects++;
 
                tp->irs = th->th_seq;
                tcp_rcvseqinit(tp);
                if (thflags & TH_ACK) {
                        tcpstat.tcps_connects++;
-                       
+
                        if ((thflags & (TH_ECE | TH_CWR)) == (TH_ECE)) {
                                /* ECN-setup SYN-ACK */
                                tp->ecn_flags |= TE_SETUPRECEIVED;
                                if (TCP_ECN_ENABLED(tp)) {
                        if ((thflags & (TH_ECE | TH_CWR)) == (TH_ECE)) {
                                /* ECN-setup SYN-ACK */
                                tp->ecn_flags |= TE_SETUPRECEIVED;
                                if (TCP_ECN_ENABLED(tp)) {
-                                       tcp_heuristic_reset_loss(tp, 0, 1);
+                                       tcp_heuristic_ecn_success(tp);
                                        tcpstat.tcps_ecn_client_success++;
                                }
                        } else {
                                if (tp->ecn_flags & TE_SETUPSENT &&
                                    tp->t_rxtshift == 0) {
                                        tcpstat.tcps_ecn_client_success++;
                                }
                        } else {
                                if (tp->ecn_flags & TE_SETUPSENT &&
                                    tp->t_rxtshift == 0) {
-                                       tcp_heuristic_reset_loss(tp, 0, 1);
+                                       tcp_heuristic_ecn_success(tp);
                                        tcpstat.tcps_ecn_not_supported++;
                                }
                                if (tp->ecn_flags & TE_SETUPSENT &&
                                        tcpstat.tcps_ecn_not_supported++;
                                }
                                if (tp->ecn_flags & TE_SETUPSENT &&
-                                   tp->t_rxtshift > 0)
-                                       tcp_heuristic_inc_loss(tp, 0, 1);
+                                   tp->t_rxtshift > 0) {
+                                       tcp_heuristic_ecn_loss(tp);
+                               }
 
                                /* non-ECN-setup SYN-ACK */
                                tp->ecn_flags &= ~TE_SENDIPECT;
                        }
 
                                /* non-ECN-setup SYN-ACK */
                                tp->ecn_flags &= ~TE_SENDIPECT;
                        }
-                       
+
 #if CONFIG_MACF_NET && CONFIG_MACF_SOCKET
                        /* XXXMAC: recursive lock: SOCK_LOCK(so); */
                        mac_socketpeer_label_associate_mbuf(m, so);
 #if CONFIG_MACF_NET && CONFIG_MACF_SOCKET
                        /* XXXMAC: recursive lock: SOCK_LOCK(so); */
                        mac_socketpeer_label_associate_mbuf(m, so);
@@ -3242,9 +3689,10 @@ findpcb:
                        }
 
                        tp->rcv_adv += min(tp->rcv_wnd, TCP_MAXWIN << tp->rcv_scale);
                        }
 
                        tp->rcv_adv += min(tp->rcv_wnd, TCP_MAXWIN << tp->rcv_scale);
-                       tp->snd_una++;          /* SYN is acked */
-                       if (SEQ_LT(tp->snd_nxt, tp->snd_una))
+                       tp->snd_una++;          /* SYN is acked */
+                       if (SEQ_LT(tp->snd_nxt, tp->snd_una)) {
                                tp->snd_nxt = tp->snd_una;
                                tp->snd_nxt = tp->snd_una;
+                       }
 
                        /*
                         * We have sent more in the SYN than what is being
 
                        /*
                         * We have sent more in the SYN than what is being
@@ -3252,21 +3700,39 @@ findpcb:
                         * We should restart the sending from what the receiver
                         * has acknowledged immediately.
                         */
                         * We should restart the sending from what the receiver
                         * has acknowledged immediately.
                         */
-                       if (SEQ_GT(tp->snd_nxt, th->th_ack))
-                               tp->snd_nxt = th->th_ack;
+                       if (SEQ_GT(tp->snd_nxt, th->th_ack)) {
+                               /*
+                                * rdar://problem/33214601
+                                * There is a middlebox that acks all but one
+                                * byte and still drops the data.
+                                */
+                               if (!(tp->t_flagsext & TF_FASTOPEN_FORCE_ENABLE) &&
+                                   (tp->t_tfo_stats & TFO_S_SYN_DATA_SENT) &&
+                                   tp->snd_max == th->th_ack + 1 &&
+                                   tp->snd_max > tp->snd_una + 1) {
+                                       tcp_heuristic_tfo_middlebox(tp);
+
+                                       so->so_error = ENODATA;
+                                       soevent(so,
+                                           (SO_FILT_HINT_LOCKED | SO_FILT_HINT_MP_SUB_ERROR));
+
+                                       tp->t_tfo_stats |= TFO_S_ONE_BYTE_PROXY;
+                               }
+
+                               tp->snd_max = tp->snd_nxt = th->th_ack;
+                       }
 
                        /*
                         * If there's data, delay ACK; if there's also a FIN
                         * ACKNOW will be turned on later.
                         */
                        TCP_INC_VAR(tp->t_unacksegs, nlropkts);
 
                        /*
                         * If there's data, delay ACK; if there's also a FIN
                         * ACKNOW will be turned on later.
                         */
                        TCP_INC_VAR(tp->t_unacksegs, nlropkts);
-                       if (DELAY_ACK(tp, th) && tlen != 0 ) {
+                       if (DELAY_ACK(tp, th) && tlen != 0) {
                                if ((tp->t_flags & TF_DELACK) == 0) {
                                        tp->t_flags |= TF_DELACK;
                                        tp->t_timer[TCPT_DELACK] = OFFSET_FROM_START(tp, tcp_delack);
                                }
                                if ((tp->t_flags & TF_DELACK) == 0) {
                                        tp->t_flags |= TF_DELACK;
                                        tp->t_timer[TCPT_DELACK] = OFFSET_FROM_START(tp, tcp_delack);
                                }
-                       }
-                       else {
+                       } else {
                                tp->t_flags |= TF_ACKNOW;
                        }
                        /*
                                tp->t_flags |= TF_ACKNOW;
                        }
                        /*
@@ -3285,6 +3751,8 @@ findpcb:
                                tp->t_state = TCPS_FIN_WAIT_1;
                                tp->t_flags &= ~TF_NEEDFIN;
                                thflags &= ~TH_SYN;
                                tp->t_state = TCPS_FIN_WAIT_1;
                                tp->t_flags &= ~TF_NEEDFIN;
                                thflags &= ~TH_SYN;
+
+                               TCP_LOG_CONNECTION_SUMMARY(tp);
                        } else {
                                DTRACE_TCP4(state__change, void, NULL,
                                    struct inpcb *, inp, struct tcpcb *,
                        } else {
                                DTRACE_TCP4(state__change, void, NULL,
                                    struct inpcb *, inp, struct tcpcb *,
@@ -3293,9 +3761,16 @@ findpcb:
                                tp->t_timer[TCPT_KEEP] =
                                    OFFSET_FROM_START(tp,
                                    TCP_CONN_KEEPIDLE(tp));
                                tp->t_timer[TCPT_KEEP] =
                                    OFFSET_FROM_START(tp,
                                    TCP_CONN_KEEPIDLE(tp));
-                               if (nstat_collect)
+                               if (nstat_collect) {
                                        nstat_route_connect_success(
                                        nstat_route_connect_success(
-                                           tp->t_inpcb->inp_route.ro_rt);
+                                               inp->inp_route.ro_rt);
+                               }
+                               /*
+                                * The SYN is acknowledged but una is not
+                                * updated yet. So pass the value of
+                                * ack to compute sndbytes correctly
+                                */
+                               inp_count_sndbytes(inp, th->th_ack);
                        }
 #if MPTCP
                        /*
                        }
 #if MPTCP
                        /*
@@ -3305,31 +3780,30 @@ findpcb:
                        if ((!(tp->t_mpflags & TMPF_MPTCP_TRUE)) &&
                            (tp->t_mpflags & TMPF_SENT_JOIN)) {
                                isconnected = FALSE;
                        if ((!(tp->t_mpflags & TMPF_MPTCP_TRUE)) &&
                            (tp->t_mpflags & TMPF_SENT_JOIN)) {
                                isconnected = FALSE;
-                               /* Start data xmit if fastjoin */
-                               if (mptcp_fastjoin && (so->so_flags & SOF_MPTCP_FASTJOIN)) {
-                                       soevent(so, (SO_FILT_HINT_LOCKED | 
-                                           SO_FILT_HINT_MPFASTJ));
-                               }
                        } else
 #endif /* MPTCP */
                        } else
 #endif /* MPTCP */
-                               isconnected = TRUE;
+                       isconnected = TRUE;
 
 
-                       if (tp->t_tfo_flags & (TFO_F_COOKIE_REQ | TFO_F_COOKIE_SENT)) {
+                       if ((tp->t_tfo_flags & (TFO_F_COOKIE_REQ | TFO_F_COOKIE_SENT)) ||
+                           (tp->t_tfo_stats & TFO_S_SYN_DATA_SENT)) {
                                tcp_tfo_synack(tp, &to);
 
                                if ((tp->t_tfo_stats & TFO_S_SYN_DATA_SENT) &&
                                    SEQ_LT(tp->snd_una, th->th_ack)) {
                                        tp->t_tfo_stats |= TFO_S_SYN_DATA_ACKED;
                                        tcpstat.tcps_tfo_syn_data_acked++;
                                tcp_tfo_synack(tp, &to);
 
                                if ((tp->t_tfo_stats & TFO_S_SYN_DATA_SENT) &&
                                    SEQ_LT(tp->snd_una, th->th_ack)) {
                                        tp->t_tfo_stats |= TFO_S_SYN_DATA_ACKED;
                                        tcpstat.tcps_tfo_syn_data_acked++;
-
-                                       if (!(tp->t_tfo_flags & TFO_F_NO_RCVPROBING))
-                                               tcp_tfo_rcv_probe(tp, tlen);
+#if MPTCP
+                                       if (so->so_flags & SOF_MP_SUBFLOW) {
+                                               so->so_flags1 |= SOF1_TFO_REWIND;
+                                       }
+#endif
+                                       tcp_tfo_rcv_probe(tp, tlen);
                                }
                        }
                } else {
                        /*
                         *  Received initial SYN in SYN-SENT[*] state => simul-
                                }
                        }
                } else {
                        /*
                         *  Received initial SYN in SYN-SENT[*] state => simul-
-                        *  taneous open.  If segment contains CC option and there is
+                        *  taneous open.  If segment contains CC option and there is
                         *  a cached CC, apply TAO test; if it succeeds, connection is
                         *  half-synchronized.  Otherwise, do 3-way handshake:
                         *        SYN-SENT -> SYN-RECEIVED
                         *  a cached CC, apply TAO test; if it succeeds, connection is
                         *  half-synchronized.  Otherwise, do 3-way handshake:
                         *        SYN-SENT -> SYN-RECEIVED
@@ -3338,7 +3812,7 @@ findpcb:
                        tp->t_flags |= TF_ACKNOW;
                        tp->t_timer[TCPT_REXMT] = 0;
                        DTRACE_TCP4(state__change, void, NULL, struct inpcb *, inp,
                        tp->t_flags |= TF_ACKNOW;
                        tp->t_timer[TCPT_REXMT] = 0;
                        DTRACE_TCP4(state__change, void, NULL, struct inpcb *, inp,
-                               struct tcpcb *, tp, int32_t, TCPS_SYN_RECEIVED);
+                           struct tcpcb *, tp, int32_t, TCPS_SYN_RECEIVED);
                        tp->t_state = TCPS_SYN_RECEIVED;
 
                        /*
                        tp->t_state = TCPS_SYN_RECEIVED;
 
                        /*
@@ -3373,8 +3847,9 @@ trimthenstep6:
                 *  processing in the middle of step 5, ack processing.
                 *  Otherwise, goto step 6.
                 */
                 *  processing in the middle of step 5, ack processing.
                 *  Otherwise, goto step 6.
                 */
-               if (thflags & TH_ACK)
+               if (thflags & TH_ACK) {
                        goto process_ACK;
                        goto process_ACK;
+               }
                goto step6;
        /*
         * If the state is LAST_ACK or CLOSING or TIME_WAIT:
                goto step6;
        /*
         * If the state is LAST_ACK or CLOSING or TIME_WAIT:
@@ -3385,16 +3860,27 @@ trimthenstep6:
        case TCPS_LAST_ACK:
        case TCPS_CLOSING:
        case TCPS_TIME_WAIT:
        case TCPS_LAST_ACK:
        case TCPS_CLOSING:
        case TCPS_TIME_WAIT:
-               break;  /* continue normal processing */
+               break;  /* continue normal processing */
 
        /* Received a SYN while connection is already established.
         * This is a "half open connection and other anomalies" described
         * in RFC793 page 34, send an ACK so the remote reset the connection
 
        /* Received a SYN while connection is already established.
         * This is a "half open connection and other anomalies" described
         * in RFC793 page 34, send an ACK so the remote reset the connection
-        * or recovers by adjusting its sequence numberering 
+        * or recovers by adjusting its sequence numbering. Sending an ACK is
+        * in accordance with RFC 5961 Section 4.2
         */
        case TCPS_ESTABLISHED:
         */
        case TCPS_ESTABLISHED:
-               if (thflags & TH_SYN)
-                       goto dropafterack;
+               if (thflags & TH_SYN) {
+                       /* Drop the packet silently if we have reached the limit */
+                       if (tcp_do_rfc5961 && tcp_is_ack_ratelimited(tp)) {
+                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "ESTABLISHED rfc5961 rate limited");
+                               goto drop;
+                       } else {
+                               /* Send challenge ACK */
+                               tcpstat.tcps_synchallenge++;
+                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "ESTABLISHED rfc5961 challenge ACK");
+                               goto dropafterack;
+                       }
+               }
                break;
        }
 
                break;
        }
 
@@ -3432,6 +3918,11 @@ trimthenstep6:
         *   only accepting RSTs where the sequence number is equal to
         *   last_ack_sent.  In all other states (the states in which a
         *   RST is more likely), the more permissive check is used.
         *   only accepting RSTs where the sequence number is equal to
         *   last_ack_sent.  In all other states (the states in which a
         *   RST is more likely), the more permissive check is used.
+        * RFC 5961 Section 3.2: if the RST bit is set, sequence # is
+        *    within the receive window and last_ack_sent == seq,
+        *    then reset the connection. Otherwise if the seq doesn't
+        *    match last_ack_sent, TCP must send challenge ACK. Perform
+        *    rate limitation when sending the challenge ACK.
         * If we have multiple segments in flight, the intial reset
         * segment sequence numbers will be to the left of last_ack_sent,
         * but they will eventually catch up.
         * If we have multiple segments in flight, the intial reset
         * segment sequence numbers will be to the left of last_ack_sent,
         * but they will eventually catch up.
@@ -3464,50 +3955,74 @@ trimthenstep6:
         *                     there is already a RST in flight from the peer.
         *                     In that case, accept the RST for non-established
         *                     state if it's one off from last_ack_sent.
         *                     there is already a RST in flight from the peer.
         *                     In that case, accept the RST for non-established
         *                     state if it's one off from last_ack_sent.
-
+        *
         */
        if (thflags & TH_RST) {
                if ((SEQ_GEQ(th->th_seq, tp->last_ack_sent) &&
                    SEQ_LT(th->th_seq, tp->last_ack_sent + tp->rcv_wnd)) ||
         */
        if (thflags & TH_RST) {
                if ((SEQ_GEQ(th->th_seq, tp->last_ack_sent) &&
                    SEQ_LT(th->th_seq, tp->last_ack_sent + tp->rcv_wnd)) ||
-                   (tp->rcv_wnd == 0 && 
-                   ((tp->last_ack_sent == th->th_seq) || 
-                   ((tp->last_ack_sent -1) == th->th_seq)))) {
-                       switch (tp->t_state) {
-
-                       case TCPS_SYN_RECEIVED:
-                               IF_TCP_STATINC(ifp, rstinsynrcv);
-                               so->so_error = ECONNREFUSED;
-                               goto close;
-
-                       case TCPS_ESTABLISHED:
-                               if (tp->last_ack_sent != th->th_seq) {
-                                       tcpstat.tcps_badrst++;
-                                       goto drop;
-                               }
-                       case TCPS_FIN_WAIT_1:
-                       case TCPS_CLOSE_WAIT:
+                   (tp->rcv_wnd == 0 &&
+                   ((tp->last_ack_sent == th->th_seq) ||
+                   ((tp->last_ack_sent - 1) == th->th_seq)))) {
+                       if (tcp_do_rfc5961 == 0 || tp->last_ack_sent == th->th_seq) {
+                               switch (tp->t_state) {
+                               case TCPS_SYN_RECEIVED:
+                                       IF_TCP_STATINC(ifp, rstinsynrcv);
+                                       so->so_error = ECONNREFUSED;
+                                       goto close;
+
+                               case TCPS_ESTABLISHED:
+                                       if (tcp_do_rfc5961 == 0 && tp->last_ack_sent != th->th_seq) {
+                                               tcpstat.tcps_badrst++;
+                                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "ESTABLISHED rfc5961 bad RST");
+                                               goto drop;
+                                       }
+                                       if (TCP_ECN_ENABLED(tp) &&
+                                           tp->snd_una == tp->iss + 1 &&
+                                           SEQ_GT(tp->snd_max, tp->snd_una)) {
+                                               /*
+                                                * If the first data packet on an
+                                                * ECN connection, receives a RST
+                                                * increment the heuristic
+                                                */
+                                               tcp_heuristic_ecn_droprst(tp);
+                                       }
+                               case TCPS_FIN_WAIT_1:
+                               case TCPS_CLOSE_WAIT:
                                /*
                                /*
-                                 Drop through ...
-                               */
-                       case TCPS_FIN_WAIT_2:
-                               so->so_error = ECONNRESET;
-                       close:
-                               postevent(so, 0, EV_RESET);
-                               soevent(so,
-                                   (SO_FILT_HINT_LOCKED |
-                                   SO_FILT_HINT_CONNRESET));
-
-                               tcpstat.tcps_drops++;
-                               tp = tcp_close(tp);
-                               break;
+                                 Drop through ...
+                                */
+                               case TCPS_FIN_WAIT_2:
+                                       so->so_error = ECONNRESET;
+close:
+                                       postevent(so, 0, EV_RESET);
+                                       soevent(so,
+                                           (SO_FILT_HINT_LOCKED |
+                                           SO_FILT_HINT_CONNRESET));
+
+                                       tcpstat.tcps_drops++;
+                                       tp = tcp_close(tp);
+                                       break;
 
 
-                       case TCPS_CLOSING:
-                       case TCPS_LAST_ACK:
-                               tp = tcp_close(tp);
-                               break;
+                               case TCPS_CLOSING:
+                               case TCPS_LAST_ACK:
+                                       tp = tcp_close(tp);
+                                       break;
 
 
-                       case TCPS_TIME_WAIT:
-                               break;
+                               case TCPS_TIME_WAIT:
+                                       break;
+                               }
+                       } else if (tcp_do_rfc5961) {
+                               tcpstat.tcps_badrst++;
+                               /* Drop if we have reached the ACK limit */
+                               if (tcp_is_ack_ratelimited(tp)) {
+                                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "ESTABLISHED rfc5961 rate limited");
+                                       goto drop;
+                               } else {
+                                       /* Send challenge ACK */
+                                       tcpstat.tcps_rstchallenge++;
+                                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "ESTABLISHED rfc5961 challenge ACK");
+                                       goto dropafterack;
+                               }
                        }
                }
                goto drop;
                        }
                }
                goto drop;
@@ -3519,7 +4034,6 @@ trimthenstep6:
         */
        if ((to.to_flags & TOF_TS) != 0 && tp->ts_recent &&
            TSTMP_LT(to.to_tsval, tp->ts_recent)) {
         */
        if ((to.to_flags & TOF_TS) != 0 && tp->ts_recent &&
            TSTMP_LT(to.to_tsval, tp->ts_recent)) {
-
                /* Check to see if ts_recent is over 24 days old.  */
                if ((int)(tcp_now - tp->ts_recent_age) > TCP_PAWS_IDLE) {
                        /*
                /* Check to see if ts_recent is over 24 days old.  */
                if ((int)(tcp_now - tp->ts_recent_age) > TCP_PAWS_IDLE) {
                        /*
@@ -3556,16 +4070,18 @@ trimthenstep6:
                        }
 
                        if (nstat_collect) {
                        }
 
                        if (nstat_collect) {
-                               nstat_route_rx(tp->t_inpcb->inp_route.ro_rt, 
-                                       1, tlen, NSTAT_RX_FLAG_DUPLICATE);
+                               nstat_route_rx(tp->t_inpcb->inp_route.ro_rt,
+                                   1, tlen, NSTAT_RX_FLAG_DUPLICATE);
                                INP_ADD_STAT(inp, cell, wifi, wired,
                                    rxpackets, 1);
                                INP_ADD_STAT(inp, cell, wifi, wired,
                                    rxbytes, tlen);
                                tp->t_stat.rxduplicatebytes += tlen;
                                INP_ADD_STAT(inp, cell, wifi, wired,
                                    rxpackets, 1);
                                INP_ADD_STAT(inp, cell, wifi, wired,
                                    rxbytes, tlen);
                                tp->t_stat.rxduplicatebytes += tlen;
+                               inp_set_activity_bitmap(inp);
                        }
                        }
-                       if (tlen > 0)
+                       if (tlen > 0) {
                                goto dropafterack;
                                goto dropafterack;
+                       }
                        goto drop;
                }
        }
                        goto drop;
                }
        }
@@ -3580,22 +4096,33 @@ trimthenstep6:
        if (tp->t_state == TCPS_SYN_RECEIVED && SEQ_LT(th->th_seq, tp->irs)) {
                rstreason = BANDLIM_RST_OPENPORT;
                IF_TCP_STATINC(ifp, dospacket);
        if (tp->t_state == TCPS_SYN_RECEIVED && SEQ_LT(th->th_seq, tp->irs)) {
                rstreason = BANDLIM_RST_OPENPORT;
                IF_TCP_STATINC(ifp, dospacket);
+               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "SYN_RECEIVED bad SEQ");
                goto dropwithreset;
        }
 
                goto dropwithreset;
        }
 
+       /*
+        * Check if there is old data at the beginning of the window
+        * i.e. the sequence number is before rcv_nxt
+        */
        todrop = tp->rcv_nxt - th->th_seq;
        if (todrop > 0) {
        todrop = tp->rcv_nxt - th->th_seq;
        if (todrop > 0) {
+               boolean_t is_syn_set = FALSE;
+
                if (thflags & TH_SYN) {
                if (thflags & TH_SYN) {
+                       is_syn_set = TRUE;
                        thflags &= ~TH_SYN;
                        th->th_seq++;
                        thflags &= ~TH_SYN;
                        th->th_seq++;
-                       if (th->th_urp > 1)
+                       if (th->th_urp > 1) {
                                th->th_urp--;
                                th->th_urp--;
-                       else
+                       } else {
                                thflags &= ~TH_URG;
                                thflags &= ~TH_URG;
+                       }
                        todrop--;
                }
                /*
                 * Following if statement from Stevens, vol. 2, p. 960.
                        todrop--;
                }
                /*
                 * Following if statement from Stevens, vol. 2, p. 960.
+                * The amount of duplicate data is greater than or equal
+                * to the size of the segment - entire segment is duplicate
                 */
                if (todrop > tlen
                    || (todrop == tlen && (thflags & TH_FIN) == 0)) {
                 */
                if (todrop > tlen
                    || (todrop == tlen && (thflags & TH_FIN) == 0)) {
@@ -3609,16 +4136,27 @@ trimthenstep6:
                        /*
                         * Send an ACK to resynchronize and drop any data.
                         * But keep on processing for RST or ACK.
                        /*
                         * Send an ACK to resynchronize and drop any data.
                         * But keep on processing for RST or ACK.
+                        *
+                        * If the SYN bit was originally set, then only send
+                        * an ACK if we are not rate-limiting this connection.
                         */
                         */
-                       tp->t_flags |= TF_ACKNOW;
+                       if (tcp_do_rfc5961 && is_syn_set) {
+                               if (!tcp_is_ack_ratelimited(tp)) {
+                                       tcpstat.tcps_synchallenge++;
+                                       tp->t_flags |= TF_ACKNOW;
+                               }
+                       } else {
+                               tp->t_flags |= TF_ACKNOW;
+                       }
+
                        if (todrop == 1) {
                                /* This could be a keepalive */
                                soevent(so, SO_FILT_HINT_LOCKED |
                        if (todrop == 1) {
                                /* This could be a keepalive */
                                soevent(so, SO_FILT_HINT_LOCKED |
-                                       SO_FILT_HINT_KEEPALIVE);
+                                   SO_FILT_HINT_KEEPALIVE);
                        }
                        todrop = tlen;
                        tcpstat.tcps_rcvduppack++;
                        }
                        todrop = tlen;
                        tcpstat.tcps_rcvduppack++;
-                       tcpstat.tcps_rcvdupbyte += todrop; 
+                       tcpstat.tcps_rcvdupbyte += todrop;
                } else {
                        tcpstat.tcps_rcvpartduppack++;
                        tcpstat.tcps_rcvpartdupbyte += todrop;
                } else {
                        tcpstat.tcps_rcvpartduppack++;
                        tcpstat.tcps_rcvpartdupbyte += todrop;
@@ -3634,18 +4172,19 @@ trimthenstep6:
                        tp->t_flags |= TF_ACKNOW;
                }
                if (nstat_collect) {
                        tp->t_flags |= TF_ACKNOW;
                }
                if (nstat_collect) {
-                       nstat_route_rx(tp->t_inpcb->inp_route.ro_rt, 1, 
-                               todrop, NSTAT_RX_FLAG_DUPLICATE);
+                       nstat_route_rx(tp->t_inpcb->inp_route.ro_rt, 1,
+                           todrop, NSTAT_RX_FLAG_DUPLICATE);
                        INP_ADD_STAT(inp, cell, wifi, wired, rxpackets, 1);
                        INP_ADD_STAT(inp, cell, wifi, wired, rxbytes, todrop);
                        tp->t_stat.rxduplicatebytes += todrop;
                        INP_ADD_STAT(inp, cell, wifi, wired, rxpackets, 1);
                        INP_ADD_STAT(inp, cell, wifi, wired, rxbytes, todrop);
                        tp->t_stat.rxduplicatebytes += todrop;
+                       inp_set_activity_bitmap(inp);
                }
                }
-               drop_hdrlen += todrop;  /* drop from the top afterwards */
+               drop_hdrlen += todrop;  /* drop from the top afterwards */
                th->th_seq += todrop;
                tlen -= todrop;
                th->th_seq += todrop;
                tlen -= todrop;
-               if (th->th_urp > todrop)
+               if (th->th_urp > todrop) {
                        th->th_urp -= todrop;
                        th->th_urp -= todrop;
-               else {
+               else {
                        thflags &= ~TH_URG;
                        th->th_urp = 0;
                }
                        thflags &= ~TH_URG;
                        th->th_urp = 0;
                }
@@ -3657,26 +4196,43 @@ trimthenstep6:
         * Send also a RST when we received a data segment after we've
         * sent our FIN when the socket is defunct.
         * Note that an MPTCP subflow socket would have SS_NOFDREF set
         * Send also a RST when we received a data segment after we've
         * sent our FIN when the socket is defunct.
         * Note that an MPTCP subflow socket would have SS_NOFDREF set
-        * by default so check to make sure that we test for SOF_MP_SUBFLOW
-        * socket flag (which would be cleared when the socket is closed.)
+        * by default. So, if it's an MPTCP-subflow we rather check the
+        * MPTCP-level's socket state for SS_NOFDREF.
         */
         */
-       if (!(so->so_flags & SOF_MP_SUBFLOW) && tlen &&
-           (((so->so_state & SS_NOFDREF) &&
-           tp->t_state > TCPS_CLOSE_WAIT) ||
-           ((so->so_flags & SOF_DEFUNCT) &&
-           tp->t_state > TCPS_FIN_WAIT_1))) {
-               tp = tcp_close(tp);
-               tcpstat.tcps_rcvafterclose++;
-               rstreason = BANDLIM_UNLIMITED;
-               IF_TCP_STATINC(ifp, cleanup);
-               goto dropwithreset;
+       if (tlen) {
+               boolean_t close_it = FALSE;
+
+               if (!(so->so_flags & SOF_MP_SUBFLOW) && (so->so_state & SS_NOFDREF) &&
+                   tp->t_state > TCPS_CLOSE_WAIT) {
+                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "SS_NOFDREF");
+                       close_it = TRUE;
+               }
+
+               if ((so->so_flags & SOF_MP_SUBFLOW) && (mptetoso(tptomptp(tp)->mpt_mpte)->so_state & SS_NOFDREF) &&
+                   tp->t_state > TCPS_CLOSE_WAIT) {
+                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "SOF_MP_SUBFLOW SS_NOFDREF");
+                       close_it = TRUE;
+               }
+
+               if ((so->so_flags & SOF_DEFUNCT) && tp->t_state > TCPS_FIN_WAIT_1) {
+                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "SOF_DEFUNCT");
+                       close_it = TRUE;
+               }
+
+               if (close_it) {
+                       tp = tcp_close(tp);
+                       tcpstat.tcps_rcvafterclose++;
+                       rstreason = BANDLIM_UNLIMITED;
+                       IF_TCP_STATINC(ifp, cleanup);
+                       goto dropwithreset;
+               }
        }
 
        /*
         * If segment ends after window, drop trailing data
         * (and PUSH and FIN); if nothing left, just ACK.
         */
        }
 
        /*
         * If segment ends after window, drop trailing data
         * (and PUSH and FIN); if nothing left, just ACK.
         */
-       todrop = (th->th_seq+tlen) - (tp->rcv_nxt+tp->rcv_wnd);
+       todrop = (th->th_seq + tlen) - (tp->rcv_nxt + tp->rcv_wnd);
        if (todrop > 0) {
                tcpstat.tcps_rcvpackafterwin++;
                if (todrop >= tlen) {
        if (todrop > 0) {
                tcpstat.tcps_rcvpackafterwin++;
                if (todrop >= tlen) {
@@ -3692,7 +4248,7 @@ trimthenstep6:
                            SEQ_GT(th->th_seq, tp->rcv_nxt)) {
                                iss = tcp_new_isn(tp);
                                tp = tcp_close(tp);
                            SEQ_GT(th->th_seq, tp->rcv_nxt)) {
                                iss = tcp_new_isn(tp);
                                tp = tcp_close(tp);
-                               tcp_unlock(so, 1, 0);
+                               socket_unlock(so, 1);
                                goto findpcb;
                        }
                        /*
                                goto findpcb;
                        }
                        /*
@@ -3705,26 +4261,28 @@ trimthenstep6:
                        if (tp->rcv_wnd == 0 && th->th_seq == tp->rcv_nxt) {
                                tp->t_flags |= TF_ACKNOW;
                                tcpstat.tcps_rcvwinprobe++;
                        if (tp->rcv_wnd == 0 && th->th_seq == tp->rcv_nxt) {
                                tp->t_flags |= TF_ACKNOW;
                                tcpstat.tcps_rcvwinprobe++;
-                       } else
+                       } else {
                                goto dropafterack;
                                goto dropafterack;
-               } else
+                       }
+               } else {
                        tcpstat.tcps_rcvbyteafterwin += todrop;
                        tcpstat.tcps_rcvbyteafterwin += todrop;
+               }
                m_adj(m, -todrop);
                tlen -= todrop;
                m_adj(m, -todrop);
                tlen -= todrop;
-               thflags &= ~(TH_PUSH|TH_FIN);
+               thflags &= ~(TH_PUSH | TH_FIN);
        }
 
        /*
         * If last ACK falls within this segment's sequence numbers,
         * record its timestamp.
        }
 
        /*
         * If last ACK falls within this segment's sequence numbers,
         * record its timestamp.
-        * NOTE: 
+        * NOTE:
         * 1) That the test incorporates suggestions from the latest
         *    proposal of the tcplw@cray.com list (Braden 1993/04/26).
         * 2) That updating only on newer timestamps interferes with
         *    our earlier PAWS tests, so this check should be solely
         *    predicated on the sequence space of this segment.
         * 1) That the test incorporates suggestions from the latest
         *    proposal of the tcplw@cray.com list (Braden 1993/04/26).
         * 2) That updating only on newer timestamps interferes with
         *    our earlier PAWS tests, so this check should be solely
         *    predicated on the sequence space of this segment.
-        * 3) That we modify the segment boundary check to be 
-        *        Last.ACK.Sent <= SEG.SEQ + SEG.Len  
+        * 3) That we modify the segment boundary check to be
+        *        Last.ACK.Sent <= SEG.SEQ + SEG.Len
         *    instead of RFC1323's
         *        Last.ACK.Sent < SEG.SEQ + SEG.Len,
         *    This modified check allows us to overcome RFC1323's
         *    instead of RFC1323's
         *        Last.ACK.Sent < SEG.SEQ + SEG.Len,
         *    This modified check allows us to overcome RFC1323's
@@ -3735,21 +4293,40 @@ trimthenstep6:
        if ((to.to_flags & TOF_TS) != 0 &&
            SEQ_LEQ(th->th_seq, tp->last_ack_sent) &&
            SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen +
        if ((to.to_flags & TOF_TS) != 0 &&
            SEQ_LEQ(th->th_seq, tp->last_ack_sent) &&
            SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen +
-               ((thflags & (TH_SYN|TH_FIN)) != 0))) {
+           ((thflags & (TH_SYN | TH_FIN)) != 0))) {
                tp->ts_recent_age = tcp_now;
                tp->ts_recent = to.to_tsval;
        }
 
        /*
                tp->ts_recent_age = tcp_now;
                tp->ts_recent = to.to_tsval;
        }
 
        /*
-        * If a SYN is in the window, then this is an
+        * Stevens: If a SYN is in the window, then this is an
         * error and we send an RST and drop the connection.
         * error and we send an RST and drop the connection.
+        *
+        * RFC 5961 Section 4.2
+        * Send challenge ACK for any SYN in synchronized state
+        * Perform rate limitation in doing so.
         */
        if (thflags & TH_SYN) {
         */
        if (thflags & TH_SYN) {
-               tp = tcp_drop(tp, ECONNRESET);
-               rstreason = BANDLIM_UNLIMITED;
-               postevent(so, 0, EV_RESET);
-               IF_TCP_STATINC(ifp, synwindow);
-               goto dropwithreset;
+               if (tcp_do_rfc5961) {
+                       tcpstat.tcps_badsyn++;
+                       /* Drop if we have reached ACK limit */
+                       if (tcp_is_ack_ratelimited(tp)) {
+                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "rfc5961 bad SYN rate limited");
+                               goto drop;
+                       } else {
+                               /* Send challenge ACK */
+                               tcpstat.tcps_synchallenge++;
+                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "rfc5961 bad SYN challenge ack");
+                               goto dropafterack;
+                       }
+               } else {
+                       tp = tcp_drop(tp, ECONNRESET);
+                       rstreason = BANDLIM_UNLIMITED;
+                       postevent(so, 0, EV_RESET);
+                       IF_TCP_STATINC(ifp, synwindow);
+                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "bad SYN");
+                       goto dropwithreset;
+               }
        }
 
        /*
        }
 
        /*
@@ -3781,15 +4358,19 @@ trimthenstep6:
                                 * We need to make absolutely sure that we are
                                 * going to reply upon a duplicate SYN-segment.
                                 */
                                 * We need to make absolutely sure that we are
                                 * going to reply upon a duplicate SYN-segment.
                                 */
-                               if (th->th_flags & TH_SYN)
+                               if (th->th_flags & TH_SYN) {
                                        needoutput = 1;
                                        needoutput = 1;
+                               }
                        }
 
                        goto step6;
                        }
 
                        goto step6;
-               } else if (tp->t_flags & TF_ACKNOW)
+               } else if (tp->t_flags & TF_ACKNOW) {
+                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "bad ACK");
                        goto dropafterack;
                        goto dropafterack;
-               else
+               } else {
+                       TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "bad ACK");
                        goto drop;
                        goto drop;
+               }
        }
 
        /*
        }
 
        /*
@@ -3797,7 +4378,6 @@ trimthenstep6:
         */
 
        switch (tp->t_state) {
         */
 
        switch (tp->t_state) {
-
        /*
         * In SYN_RECEIVED state, the ack ACKs our SYN, so enter
         * ESTABLISHED state and continue processing.
        /*
         * In SYN_RECEIVED state, the ack ACKs our SYN, so enter
         * ESTABLISHED state and continue processing.
@@ -3812,6 +4392,7 @@ trimthenstep6:
                        tp->snd_scale = tp->requested_s_scale;
                        tp->rcv_scale = tp->request_r_scale;
                        tp->snd_wnd = th->th_win << tp->snd_scale;
                        tp->snd_scale = tp->requested_s_scale;
                        tp->rcv_scale = tp->request_r_scale;
                        tp->snd_wnd = th->th_win << tp->snd_scale;
+                       tp->max_sndwnd = tp->snd_wnd;
                        tiwin = tp->snd_wnd;
                }
                /*
                        tiwin = tp->snd_wnd;
                }
                /*
@@ -3827,24 +4408,43 @@ trimthenstep6:
                            struct tcpcb *, tp, int32_t, TCPS_FIN_WAIT_1);
                        tp->t_state = TCPS_FIN_WAIT_1;
                        tp->t_flags &= ~TF_NEEDFIN;
                            struct tcpcb *, tp, int32_t, TCPS_FIN_WAIT_1);
                        tp->t_state = TCPS_FIN_WAIT_1;
                        tp->t_flags &= ~TF_NEEDFIN;
+
+                       TCP_LOG_CONNECTION_SUMMARY(tp);
                } else {
                        DTRACE_TCP4(state__change, void, NULL,
                            struct inpcb *, inp,
                            struct tcpcb *, tp, int32_t, TCPS_ESTABLISHED);
                        tp->t_state = TCPS_ESTABLISHED;
                        tp->t_timer[TCPT_KEEP] = OFFSET_FROM_START(tp,
                } else {
                        DTRACE_TCP4(state__change, void, NULL,
                            struct inpcb *, inp,
                            struct tcpcb *, tp, int32_t, TCPS_ESTABLISHED);
                        tp->t_state = TCPS_ESTABLISHED;
                        tp->t_timer[TCPT_KEEP] = OFFSET_FROM_START(tp,
-                               TCP_CONN_KEEPIDLE(tp));
-                       if (nstat_collect)
+                           TCP_CONN_KEEPIDLE(tp));
+                       if (nstat_collect) {
                                nstat_route_connect_success(
                                nstat_route_connect_success(
-                                   tp->t_inpcb->inp_route.ro_rt);
+                                       tp->t_inpcb->inp_route.ro_rt);
+                       }
+                       /*
+                        * The SYN is acknowledged but una is not updated
+                        * yet. So pass the value of ack to compute
+                        * sndbytes correctly
+                        */
+                       inp_count_sndbytes(inp, th->th_ack);
                }
                /*
                 * If segment contains data or ACK, will call tcp_reass()
                 * later; if not, do so now to pass queued data to user.
                 */
                }
                /*
                 * If segment contains data or ACK, will call tcp_reass()
                 * later; if not, do so now to pass queued data to user.
                 */
-               if (tlen == 0 && (thflags & TH_FIN) == 0)
+               if (tlen == 0 && (thflags & TH_FIN) == 0) {
+                       if (isipv6) {
+                               memcpy(&saved_hdr, ip6, sizeof(struct ip6_hdr));
+                               ip6 = (struct ip6_hdr *)&saved_hdr[0];
+                       } else {
+                               memcpy(&saved_hdr, ip, ip->ip_hl << 2);
+                               ip = (struct ip *)&saved_hdr[0];
+                       }
+                       memcpy(&saved_tcphdr, th, sizeof(struct tcphdr));
                        (void) tcp_reass(tp, (struct tcphdr *)0, &tlen,
                        (void) tcp_reass(tp, (struct tcphdr *)0, &tlen,
-                           NULL, ifp);
+                           NULL, ifp, &read_wakeup);
+                       th = &saved_tcphdr;
+               }
                tp->snd_wl1 = th->th_seq - 1;
 
 #if MPTCP
                tp->snd_wl1 = th->th_seq - 1;
 
 #if MPTCP
@@ -3857,7 +4457,7 @@ trimthenstep6:
                        isconnected = FALSE;
                } else
 #endif /* MPTCP */
                        isconnected = FALSE;
                } else
 #endif /* MPTCP */
-                       isconnected = TRUE;
+               isconnected = TRUE;
                if ((tp->t_tfo_flags & TFO_F_COOKIE_VALID)) {
                        /* Done this when receiving the SYN */
                        isconnected = FALSE;
                if ((tp->t_tfo_flags & TFO_F_COOKIE_VALID)) {
                        /* Done this when receiving the SYN */
                        isconnected = FALSE;
@@ -3883,9 +4483,10 @@ trimthenstep6:
                 * handled by the label "dodata" right after step6.
                 */
                if (so->so_snd.sb_cc) {
                 * handled by the label "dodata" right after step6.
                 */
                if (so->so_snd.sb_cc) {
-                       tp->snd_una++;  /* SYN is acked */
-                       if (SEQ_LT(tp->snd_nxt, tp->snd_una))
+                       tp->snd_una++;  /* SYN is acked */
+                       if (SEQ_LT(tp->snd_nxt, tp->snd_una)) {
                                tp->snd_nxt = tp->snd_una;
                                tp->snd_nxt = tp->snd_una;
+                       }
 
                        /*
                         * No duplicate-ACK handling is needed. So, we
 
                        /*
                         * No duplicate-ACK handling is needed. So, we
@@ -3899,14 +4500,15 @@ trimthenstep6:
                         */
                        if (SACK_ENABLED(tp) &&
                            (to.to_nsacks > 0 ||
                         */
                        if (SACK_ENABLED(tp) &&
                            (to.to_nsacks > 0 ||
-                            !TAILQ_EMPTY(&tp->snd_holes)))
+                           !TAILQ_EMPTY(&tp->snd_holes))) {
                                tcp_sack_doack(tp, &to, th,
                                    &sack_bytes_acked);
                                tcp_sack_doack(tp, &to, th,
                                    &sack_bytes_acked);
+                       }
 
                        goto process_ACK;
                }
 
 
                        goto process_ACK;
                }
 
-               /* FALLTHROUGH */
+       /* FALLTHROUGH */
 
        /*
         * In ESTABLISHED state: drop duplicate ACKs; ACK out of range
 
        /*
         * In ESTABLISHED state: drop duplicate ACKs; ACK out of range
@@ -3925,7 +4527,20 @@ trimthenstep6:
        case TCPS_TIME_WAIT:
                if (SEQ_GT(th->th_ack, tp->snd_max)) {
                        tcpstat.tcps_rcvacktoomuch++;
        case TCPS_TIME_WAIT:
                if (SEQ_GT(th->th_ack, tp->snd_max)) {
                        tcpstat.tcps_rcvacktoomuch++;
-                       goto dropafterack;
+                       if (tcp_do_rfc5961 && tcp_is_ack_ratelimited(tp)) {
+                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "rfc5961 rcvacktoomuch");
+                               goto drop;
+                       } else {
+                               goto dropafterack;
+                       }
+               }
+               if (tcp_do_rfc5961 && SEQ_LT(th->th_ack, tp->snd_una - tp->max_sndwnd)) {
+                       if (tcp_is_ack_ratelimited(tp)) {
+                               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "rfc5961 bad ACK");
+                               goto drop;
+                       } else {
+                               goto dropafterack;
+                       }
                }
                if (SACK_ENABLED(tp) && to.to_nsacks > 0) {
                        recvd_dsack = tcp_sack_process_dsack(tp, &to, th);
                }
                if (SACK_ENABLED(tp) && to.to_nsacks > 0) {
                        recvd_dsack = tcp_sack_process_dsack(tp, &to, th);
@@ -3943,11 +4558,12 @@ trimthenstep6:
                }
 
                if (SACK_ENABLED(tp) &&
                }
 
                if (SACK_ENABLED(tp) &&
-                   (to.to_nsacks > 0 || !TAILQ_EMPTY(&tp->snd_holes)))
+                   (to.to_nsacks > 0 || !TAILQ_EMPTY(&tp->snd_holes))) {
                        tcp_sack_doack(tp, &to, th, &sack_bytes_acked);
                        tcp_sack_doack(tp, &to, th, &sack_bytes_acked);
+               }
 
 #if MPTCP
 
 #if MPTCP
-               if ((tp->t_mpuna) && (SEQ_GEQ(th->th_ack, tp->t_mpuna))) {
+               if (tp->t_mpuna && SEQ_GEQ(th->th_ack, tp->t_mpuna)) {
                        if (tp->t_mpflags & TMPF_PREESTABLISHED) {
                                /* MP TCP establishment succeeded */
                                tp->t_mpuna = 0;
                        if (tp->t_mpflags & TMPF_PREESTABLISHED) {
                                /* MP TCP establishment succeeded */
                                tp->t_mpuna = 0;
@@ -3957,11 +4573,6 @@ trimthenstep6:
                                                    ~TMPF_PREESTABLISHED;
                                                tp->t_mpflags |=
                                                    TMPF_MPTCP_TRUE;
                                                    ~TMPF_PREESTABLISHED;
                                                tp->t_mpflags |=
                                                    TMPF_MPTCP_TRUE;
-                                               so->so_flags |= SOF_MPTCP_TRUE;
-                                               mptcplog((LOG_DEBUG, "MPTCP "
-                                                   "Sockets: %s \n",__func__),
-                                                   MPTCP_SOCKET_DBG,
-                                                   MPTCP_LOGLVL_LOG);
 
                                                tp->t_timer[TCPT_JACK_RXMT] = 0;
                                                tp->t_mprxtshift = 0;
 
                                                tp->t_timer[TCPT_JACK_RXMT] = 0;
                                                tp->t_mprxtshift = 0;
@@ -3971,7 +4582,6 @@ trimthenstep6:
                                        }
                                } else {
                                        isconnected = TRUE;
                                        }
                                } else {
                                        isconnected = TRUE;
-                                       tp->t_mpflags &= ~TMPF_SENT_KEYS;
                                }
                        }
                }
                                }
                        }
                }
@@ -3982,23 +4592,26 @@ trimthenstep6:
                /*
                 * If we have outstanding data (other than
                 * a window probe), this is a completely
                /*
                 * If we have outstanding data (other than
                 * a window probe), this is a completely
-                * duplicate ack (ie, window info didn't
-                * change) and the ack is the biggest we've seen.
-                */ 
+                * duplicate ack and the ack is the biggest we've seen.
+                *
+                * Need to accommodate a change in window on duplicate acks
+                * to allow operating systems that update window during
+                * recovery with SACK
+                */
                if (SEQ_LEQ(th->th_ack, tp->snd_una)) {
                if (SEQ_LEQ(th->th_ack, tp->snd_una)) {
-                       if (tlen == 0 && tiwin == tp->snd_wnd) {
+                       if (tlen == 0 && (tiwin == tp->snd_wnd ||
+                           (to.to_nsacks > 0 && sack_bytes_acked > 0))) {
                                /*
                                 * If both ends send FIN at the same time,
                                 * then the ack will be a duplicate ack
                                 * but we have to process the FIN. Check
                                 * for this condition and process the FIN
                                 * instead of the dupack
                                /*
                                 * If both ends send FIN at the same time,
                                 * then the ack will be a duplicate ack
                                 * but we have to process the FIN. Check
                                 * for this condition and process the FIN
                                 * instead of the dupack
-                                */ 
+                                */
                                if ((thflags & TH_FIN) &&
                                if ((thflags & TH_FIN) &&
-                                   (tp->t_flags & TF_SENTFIN) &&
-                                   !TCPS_HAVERCVDFIN(tp->t_state) &&
-                                   (th->th_ack + 1) == tp->snd_max)
+                                   !TCPS_HAVERCVDFIN(tp->t_state)) {
                                        break;
                                        break;
+                               }
 process_dupack:
 #if MPTCP
                                /*
 process_dupack:
 #if MPTCP
                                /*
@@ -4012,7 +4625,7 @@ process_dupack:
                                if ((isconnected) && (tp->t_mpflags & TMPF_JOINED_FLOW)) {
                                        mptcplog((LOG_DEBUG, "MPTCP "
                                            "Sockets: bypass ack recovery\n"),
                                if ((isconnected) && (tp->t_mpflags & TMPF_JOINED_FLOW)) {
                                        mptcplog((LOG_DEBUG, "MPTCP "
                                            "Sockets: bypass ack recovery\n"),
-                                           MPTCP_SOCKET_DBG, 
+                                           MPTCP_SOCKET_DBG,
                                            MPTCP_LOGLVL_VERBOSE);
                                        break;
                                }
                                            MPTCP_LOGLVL_VERBOSE);
                                        break;
                                }
@@ -4024,8 +4637,9 @@ process_dupack:
                                 * so that we can process partial acks
                                 * correctly
                                 */
                                 * so that we can process partial acks
                                 * correctly
                                 */
-                               if (tp->ecn_flags & TE_INRECOVERY)
+                               if (tp->ecn_flags & TE_INRECOVERY) {
                                        tp->ecn_flags &= ~TE_INRECOVERY;
                                        tp->ecn_flags &= ~TE_INRECOVERY;
+                               }
 
                                tcpstat.tcps_rcvdupack++;
                                ++tp->t_dupacks;
 
                                tcpstat.tcps_rcvdupack++;
                                ++tp->t_dupacks;
@@ -4037,19 +4651,21 @@ process_dupack:
                                if (tp->t_early_rexmt_count > 0 &&
                                    TSTMP_GEQ(tcp_now,
                                    (tp->t_early_rexmt_win +
                                if (tp->t_early_rexmt_count > 0 &&
                                    TSTMP_GEQ(tcp_now,
                                    (tp->t_early_rexmt_win +
-                                   TCP_EARLY_REXMT_WIN)))
+                                   TCP_EARLY_REXMT_WIN))) {
                                        tp->t_early_rexmt_count = 0;
                                        tp->t_early_rexmt_count = 0;
+                               }
 
 
-                               /* 
+                               /*
                                 * Is early retransmit needed? We check for
                                 * this when the connection is waiting for
                                 * duplicate acks to enter fast recovery.
                                 */
                                 * Is early retransmit needed? We check for
                                 * this when the connection is waiting for
                                 * duplicate acks to enter fast recovery.
                                 */
-                               if (!IN_FASTRECOVERY(tp))
+                               if (!IN_FASTRECOVERY(tp)) {
                                        tcp_early_rexmt_check(tp, th);
                                        tcp_early_rexmt_check(tp, th);
+                               }
 
                                /*
 
                                /*
-                                * If we've seen exactly rexmt threshold 
+                                * If we've seen exactly rexmt threshold
                                 * of duplicate acks, assume a packet
                                 * has been dropped and retransmit it.
                                 * Kludge snd_nxt & the congestion
                                 * of duplicate acks, assume a packet
                                 * has been dropped and retransmit it.
                                 * Kludge snd_nxt & the congestion
@@ -4074,8 +4690,7 @@ process_dupack:
                                        tp->t_dupacks = 0;
                                        tp->t_rexmtthresh = tcprexmtthresh;
                                } else if (tp->t_dupacks > tp->t_rexmtthresh ||
                                        tp->t_dupacks = 0;
                                        tp->t_rexmtthresh = tcprexmtthresh;
                                } else if (tp->t_dupacks > tp->t_rexmtthresh ||
-                                       IN_FASTRECOVERY(tp)) {
-
+                                   IN_FASTRECOVERY(tp)) {
                                        /*
                                         * If this connection was seeing packet
                                         * reordering, then recovery might be
                                        /*
                                         * If this connection was seeing packet
                                         * reordering, then recovery might be
@@ -4083,9 +4698,9 @@ process_dupack:
                                         * reordering and loss
                                         */
                                        if (SACK_ENABLED(tp) && !IN_FASTRECOVERY(tp) &&
                                         * reordering and loss
                                         */
                                        if (SACK_ENABLED(tp) && !IN_FASTRECOVERY(tp) &&
-                                           (tp->t_flagsext & 
-                                           (TF_PKTS_REORDERED|TF_DELAY_RECOVERY)) ==
-                                           (TF_PKTS_REORDERED|TF_DELAY_RECOVERY)) {
+                                           (tp->t_flagsext &
+                                           (TF_PKTS_REORDERED | TF_DELAY_RECOVERY)) ==
+                                           (TF_PKTS_REORDERED | TF_DELAY_RECOVERY)) {
                                                /*
                                                 * Since the SACK information is already
                                                 * updated, this ACK will be dropped
                                                /*
                                                 * Since the SACK information is already
                                                 * updated, this ACK will be dropped
@@ -4093,29 +4708,38 @@ process_dupack:
                                                break;
                                        }
 
                                                break;
                                        }
 
-                                       if (SACK_ENABLED(tp) 
+                                       if (SACK_ENABLED(tp)
                                            && IN_FASTRECOVERY(tp)) {
                                                int awnd;
                                            && IN_FASTRECOVERY(tp)) {
                                                int awnd;
-                                               
+
                                                /*
                                                 * Compute the amount of data in flight first.
                                                /*
                                                 * Compute the amount of data in flight first.
-                                                * We can inject new data into the pipe iff 
-                                                * we have less than 1/2 the original window's  
+                                                * We can inject new data into the pipe iff
+                                                * we have less than 1/2 the original window's
                                                 * worth of data in flight.
                                                 */
                                                awnd = (tp->snd_nxt - tp->snd_fack) +
                                                 * worth of data in flight.
                                                 */
                                                awnd = (tp->snd_nxt - tp->snd_fack) +
-                                                       tp->sackhint.sack_bytes_rexmit;
+                                                   tp->sackhint.sack_bytes_rexmit;
                                                if (awnd < tp->snd_ssthresh) {
                                                        tp->snd_cwnd += tp->t_maxseg;
                                                if (awnd < tp->snd_ssthresh) {
                                                        tp->snd_cwnd += tp->t_maxseg;
-                                                       if (tp->snd_cwnd > tp->snd_ssthresh)
+                                                       if (tp->snd_cwnd > tp->snd_ssthresh) {
                                                                tp->snd_cwnd = tp->snd_ssthresh;
                                                                tp->snd_cwnd = tp->snd_ssthresh;
+                                                       }
                                                }
                                                }
-                                       } else
+                                       } else {
                                                tp->snd_cwnd += tp->t_maxseg;
                                                tp->snd_cwnd += tp->t_maxseg;
+                                       }
 
 
-                                       tcp_ccdbg_trace(tp, th, TCP_CC_IN_FASTRECOVERY);
+                                       /* Process any window updates */
+                                       if (tiwin > tp->snd_wnd) {
+                                               tcp_update_window(tp, thflags,
+                                                   th, tiwin, tlen);
+                                       }
+                                       tcp_ccdbg_trace(tp, th,
+                                           TCP_CC_IN_FASTRECOVERY);
 
                                        (void) tcp_output(tp);
 
                                        (void) tcp_output(tp);
+
                                        goto drop;
                                } else if (tp->t_dupacks == tp->t_rexmtthresh) {
                                        tcp_seq onxt = tp->snd_nxt;
                                        goto drop;
                                } else if (tp->t_dupacks == tp->t_rexmtthresh) {
                                        tcp_seq onxt = tp->snd_nxt;
@@ -4141,10 +4765,11 @@ process_dupack:
                                                        break;
                                                }
                                        }
                                                        break;
                                                }
                                        }
-                                       if (tp->t_flags & TF_SENTFIN)
+                                       if (tp->t_flags & TF_SENTFIN) {
                                                tp->snd_recover = tp->snd_max - 1;
                                                tp->snd_recover = tp->snd_max - 1;
-                                       else
+                                       } else {
                                                tp->snd_recover = tp->snd_max;
                                                tp->snd_recover = tp->snd_max;
+                                       }
                                        tp->t_timer[TCPT_PTO] = 0;
                                        tp->t_rtttime = 0;
 
                                        tp->t_timer[TCPT_PTO] = 0;
                                        tp->t_rtttime = 0;
 
@@ -4156,7 +4781,7 @@ process_dupack:
                                         */
                                        if (SACK_ENABLED(tp) &&
                                            (tp->t_flagsext &
                                         */
                                        if (SACK_ENABLED(tp) &&
                                            (tp->t_flagsext &
-                                           (TF_PKTS_REORDERED|TF_DELAY_RECOVERY))
+                                           (TF_PKTS_REORDERED | TF_DELAY_RECOVERY))
                                            == TF_PKTS_REORDERED &&
                                            !IN_FASTRECOVERY(tp) &&
                                            tp->t_reorderwin > 0 &&
                                            == TF_PKTS_REORDERED &&
                                            !IN_FASTRECOVERY(tp) &&
                                            tp->t_reorderwin > 0 &&
@@ -4174,16 +4799,18 @@ process_dupack:
 
                                        tcp_rexmt_save_state(tp);
                                        /*
 
                                        tcp_rexmt_save_state(tp);
                                        /*
-                                        * If the current tcp cc module has 
+                                        * If the current tcp cc module has
                                         * defined a hook for tasks to run
                                         * before entering FR, call it
                                         */
                                         * defined a hook for tasks to run
                                         * before entering FR, call it
                                         */
-                                       if (CC_ALGO(tp)->pre_fr != NULL)
+                                       if (CC_ALGO(tp)->pre_fr != NULL) {
                                                CC_ALGO(tp)->pre_fr(tp);
                                                CC_ALGO(tp)->pre_fr(tp);
+                                       }
                                        ENTER_FASTRECOVERY(tp);
                                        tp->t_timer[TCPT_REXMT] = 0;
                                        ENTER_FASTRECOVERY(tp);
                                        tp->t_timer[TCPT_REXMT] = 0;
-                                       if (TCP_ECN_ENABLED(tp))
+                                       if (TCP_ECN_ENABLED(tp)) {
                                                tp->ecn_flags |= TE_SENDCWR;
                                                tp->ecn_flags |= TE_SENDCWR;
+                                       }
 
                                        if (SACK_ENABLED(tp)) {
                                                tcpstat.tcps_sack_recovery_episode++;
 
                                        if (SACK_ENABLED(tp)) {
                                                tcpstat.tcps_sack_recovery_episode++;
@@ -4192,6 +4819,14 @@ process_dupack:
                                                tp->snd_cwnd = tp->t_maxseg;
                                                tp->t_flagsext &=
                                                    ~TF_CWND_NONVALIDATED;
                                                tp->snd_cwnd = tp->t_maxseg;
                                                tp->t_flagsext &=
                                                    ~TF_CWND_NONVALIDATED;
+
+                                               /* Process any window updates */
+                                               if (tiwin > tp->snd_wnd) {
+                                                       tcp_update_window(
+                                                               tp, thflags,
+                                                               th, tiwin, tlen);
+                                               }
+
                                                tcp_ccdbg_trace(tp, th,
                                                    TCP_CC_ENTER_FASTRECOVERY);
                                                (void) tcp_output(tp);
                                                tcp_ccdbg_trace(tp, th,
                                                    TCP_CC_ENTER_FASTRECOVERY);
                                                (void) tcp_output(tp);
@@ -4199,22 +4834,32 @@ process_dupack:
                                        }
                                        tp->snd_nxt = th->th_ack;
                                        tp->snd_cwnd = tp->t_maxseg;
                                        }
                                        tp->snd_nxt = th->th_ack;
                                        tp->snd_cwnd = tp->t_maxseg;
+
+                                       /* Process any window updates */
+                                       if (tiwin > tp->snd_wnd) {
+                                               tcp_update_window(tp,
+                                                   thflags,
+                                                   th, tiwin, tlen);
+                                       }
+
                                        (void) tcp_output(tp);
                                        if (tp->t_flagsext & TF_CWND_NONVALIDATED) {
                                                tcp_cc_adjust_nonvalidated_cwnd(tp);
                                        } else {
                                                tp->snd_cwnd = tp->snd_ssthresh +
                                        (void) tcp_output(tp);
                                        if (tp->t_flagsext & TF_CWND_NONVALIDATED) {
                                                tcp_cc_adjust_nonvalidated_cwnd(tp);
                                        } else {
                                                tp->snd_cwnd = tp->snd_ssthresh +
-                                                    tp->t_maxseg * tp->t_dupacks;
+                                                   tp->t_maxseg * tp->t_dupacks;
                                        }
                                        }
-                                       if (SEQ_GT(onxt, tp->snd_nxt))
+                                       if (SEQ_GT(onxt, tp->snd_nxt)) {
                                                tp->snd_nxt = onxt;
                                                tp->snd_nxt = onxt;
+                                       }
+
                                        tcp_ccdbg_trace(tp, th,
                                            TCP_CC_ENTER_FASTRECOVERY);
                                        goto drop;
                                        tcp_ccdbg_trace(tp, th,
                                            TCP_CC_ENTER_FASTRECOVERY);
                                        goto drop;
-                               } else if (limited_txmt && 
-                                       ALLOW_LIMITED_TRANSMIT(tp) &&
-                                       (!(SACK_ENABLED(tp)) || sack_bytes_acked > 0) && 
-                                       (so->so_snd.sb_cc - (tp->snd_max - tp->snd_una)) > 0) {
+                               } else if (limited_txmt &&
+                                   ALLOW_LIMITED_TRANSMIT(tp) &&
+                                   (!(SACK_ENABLED(tp)) || sack_bytes_acked > 0) &&
+                                   (so->so_snd.sb_cc - (tp->snd_max - tp->snd_una)) > 0) {
                                        u_int32_t incr = (tp->t_maxseg * tp->t_dupacks);
 
                                        /* Use Limited Transmit algorithm on the first two
                                        u_int32_t incr = (tp->t_maxseg * tp->t_dupacks);
 
                                        /* Use Limited Transmit algorithm on the first two
@@ -4225,13 +4870,10 @@ process_dupack:
                                        (void) tcp_output(tp);
 
                                        tcp_ccdbg_trace(tp, th, TCP_CC_LIMITED_TRANSMIT);
                                        (void) tcp_output(tp);
 
                                        tcp_ccdbg_trace(tp, th, TCP_CC_LIMITED_TRANSMIT);
-                                       
+
                                        /* Reset snd_cwnd back to normal */
                                        tp->snd_cwnd -= incr;
                                }
                                        /* Reset snd_cwnd back to normal */
                                        tp->snd_cwnd -= incr;
                                }
-                       } else {
-                               tp->t_dupacks = 0;
-                               tp->t_rexmtthresh = tcprexmtthresh;
                        }
                        break;
                }
                        }
                        break;
                }
@@ -4242,30 +4884,33 @@ process_dupack:
                if (IN_FASTRECOVERY(tp)) {
                        if (SEQ_LT(th->th_ack, tp->snd_recover)) {
                                /*
                if (IN_FASTRECOVERY(tp)) {
                        if (SEQ_LT(th->th_ack, tp->snd_recover)) {
                                /*
-                                * If we received an ECE and entered 
+                                * If we received an ECE and entered
                                 * recovery, the subsequent ACKs should
                                 * not be treated as partial acks.
                                 */
                                 * recovery, the subsequent ACKs should
                                 * not be treated as partial acks.
                                 */
-                               if (tp->ecn_flags & TE_INRECOVERY)
+                               if (tp->ecn_flags & TE_INRECOVERY) {
                                        goto process_ACK;
                                        goto process_ACK;
+                               }
 
 
-                               if (SACK_ENABLED(tp))
+                               if (SACK_ENABLED(tp)) {
                                        tcp_sack_partialack(tp, th);
                                        tcp_sack_partialack(tp, th);
-                               else
-                                       tcp_newreno_partial_ack(tp, th);                        
+                               } else {
+                                       tcp_newreno_partial_ack(tp, th);
+                               }
                                tcp_ccdbg_trace(tp, th, TCP_CC_PARTIAL_ACK);
                        } else {
                                EXIT_FASTRECOVERY(tp);
                                tcp_ccdbg_trace(tp, th, TCP_CC_PARTIAL_ACK);
                        } else {
                                EXIT_FASTRECOVERY(tp);
-                               if (CC_ALGO(tp)->post_fr != NULL)
+                               if (CC_ALGO(tp)->post_fr != NULL) {
                                        CC_ALGO(tp)->post_fr(tp, th);
                                        CC_ALGO(tp)->post_fr(tp, th);
+                               }
                                tp->t_pipeack = 0;
                                tcp_clear_pipeack_state(tp);
                                tcp_ccdbg_trace(tp, th,
                                    TCP_CC_EXIT_FASTRECOVERY);
                        }
                                tp->t_pipeack = 0;
                                tcp_clear_pipeack_state(tp);
                                tcp_ccdbg_trace(tp, th,
                                    TCP_CC_EXIT_FASTRECOVERY);
                        }
-               } else if ((tp->t_flagsext & 
-                       (TF_PKTS_REORDERED|TF_DELAY_RECOVERY))
-                       == (TF_PKTS_REORDERED|TF_DELAY_RECOVERY)) {
+               } else if ((tp->t_flagsext &
+                   (TF_PKTS_REORDERED | TF_DELAY_RECOVERY))
+                   == (TF_PKTS_REORDERED | TF_DELAY_RECOVERY)) {
                        /*
                         * If the ack acknowledges upto snd_recover or if
                         * it acknowledges all the snd holes, exit
                        /*
                         * If the ack acknowledges upto snd_recover or if
                         * it acknowledges all the snd holes, exit
@@ -4338,20 +4983,32 @@ process_ACK:
                 * If there is more data to be acked, restart retransmit
                 * timer, using current (possibly backed-off) value.
                 */
                 * If there is more data to be acked, restart retransmit
                 * timer, using current (possibly backed-off) value.
                 */
+               TCP_RESET_REXMT_STATE(tp);
+               TCPT_RANGESET(tp->t_rxtcur, TCP_REXMTVAL(tp),
+                   tp->t_rttmin, TCPTV_REXMTMAX,
+                   TCP_ADD_REXMTSLOP(tp));
                if (th->th_ack == tp->snd_max) {
                        tp->t_timer[TCPT_REXMT] = 0;
                        tp->t_timer[TCPT_PTO] = 0;
                        needoutput = 1;
                if (th->th_ack == tp->snd_max) {
                        tp->t_timer[TCPT_REXMT] = 0;
                        tp->t_timer[TCPT_PTO] = 0;
                        needoutput = 1;
-               } else if (tp->t_timer[TCPT_PERSIST] == 0)
+               } else if (tp->t_timer[TCPT_PERSIST] == 0) {
                        tp->t_timer[TCPT_REXMT] = OFFSET_FROM_START(tp,
                            tp->t_rxtcur);
                        tp->t_timer[TCPT_REXMT] = OFFSET_FROM_START(tp,
                            tp->t_rxtcur);
+               }
+
+               if ((prev_t_state == TCPS_SYN_SENT ||
+                   prev_t_state == TCPS_SYN_RECEIVED) &&
+                   tp->t_state == TCPS_ESTABLISHED) {
+                       TCP_LOG_RTT_INFO(tp);
+               }
 
                /*
                 * If no data (only SYN) was ACK'd, skip rest of ACK
                 * processing.
                 */
 
                /*
                 * If no data (only SYN) was ACK'd, skip rest of ACK
                 * processing.
                 */
-               if (acked == 0)
+               if (acked == 0) {
                        goto step6;
                        goto step6;
+               }
 
                /*
                 * When outgoing data has been acked (except the SYN+data), we
 
                /*
                 * When outgoing data has been acked (except the SYN+data), we
@@ -4359,8 +5016,9 @@ process_ACK:
                 */
                if ((tp->t_tfo_stats & TFO_S_SYN_DATA_SENT) &&
                    !(tp->t_tfo_flags & TFO_F_NO_SNDPROBING) &&
                 */
                if ((tp->t_tfo_stats & TFO_S_SYN_DATA_SENT) &&
                    !(tp->t_tfo_flags & TFO_F_NO_SNDPROBING) &&
-                   !(th->th_flags & TH_SYN))
-                       tcp_heuristic_tfo_snd_good(tp);
+                   !(th->th_flags & TH_SYN)) {
+                       tp->t_tfo_flags |= TFO_F_NO_SNDPROBING;
+               }
 
                /*
                 * If TH_ECE is received, make sure that ECN is enabled
 
                /*
                 * If TH_ECE is received, make sure that ECN is enabled
@@ -4374,7 +5032,7 @@ process_ACK:
                         */
                        if (!IN_FASTRECOVERY(tp)) {
                                tcp_reduce_congestion_window(tp);
                         */
                        if (!IN_FASTRECOVERY(tp)) {
                                tcp_reduce_congestion_window(tp);
-                               tp->ecn_flags |= (TE_INRECOVERY|TE_SENDCWR);
+                               tp->ecn_flags |= (TE_INRECOVERY | TE_SENDCWR);
                                /*
                                 * Also note that the connection received
                                 * ECE atleast once
                                /*
                                 * Also note that the connection received
                                 * ECE atleast once
@@ -4395,61 +5053,68 @@ process_ACK:
                 * not updated yet.
                 */
                if (!IN_FASTRECOVERY(tp)) {
                 * not updated yet.
                 */
                if (!IN_FASTRECOVERY(tp)) {
-                       if (CC_ALGO(tp)->ack_rcvd != NULL)
+                       if (CC_ALGO(tp)->ack_rcvd != NULL) {
                                CC_ALGO(tp)->ack_rcvd(tp, th);
                                CC_ALGO(tp)->ack_rcvd(tp, th);
+                       }
                        tcp_ccdbg_trace(tp, th, TCP_CC_ACK_RCVD);
                }
                if (acked > so->so_snd.sb_cc) {
                        tp->snd_wnd -= so->so_snd.sb_cc;
                        sbdrop(&so->so_snd, (int)so->so_snd.sb_cc);
                        if (so->so_flags & SOF_ENABLE_MSGS) {
                        tcp_ccdbg_trace(tp, th, TCP_CC_ACK_RCVD);
                }
                if (acked > so->so_snd.sb_cc) {
                        tp->snd_wnd -= so->so_snd.sb_cc;
                        sbdrop(&so->so_snd, (int)so->so_snd.sb_cc);
                        if (so->so_flags & SOF_ENABLE_MSGS) {
-                               so->so_msg_state->msg_serial_bytes -= 
-                                       (int)so->so_snd.sb_cc;
+                               so->so_msg_state->msg_serial_bytes -=
+                                   (int)so->so_snd.sb_cc;
                        }
                        ourfinisacked = 1;
                } else {
                        sbdrop(&so->so_snd, acked);
                        if (so->so_flags & SOF_ENABLE_MSGS) {
                        }
                        ourfinisacked = 1;
                } else {
                        sbdrop(&so->so_snd, acked);
                        if (so->so_flags & SOF_ENABLE_MSGS) {
-                               so->so_msg_state->msg_serial_bytes -= 
-                                       acked;
+                               so->so_msg_state->msg_serial_bytes -=
+                                   acked;
                        }
                        tcp_sbsnd_trim(&so->so_snd);
                        tp->snd_wnd -= acked;
                        ourfinisacked = 0;
                }
                /* detect una wraparound */
                        }
                        tcp_sbsnd_trim(&so->so_snd);
                        tp->snd_wnd -= acked;
                        ourfinisacked = 0;
                }
                /* detect una wraparound */
-               if ( !IN_FASTRECOVERY(tp) &&
+               if (!IN_FASTRECOVERY(tp) &&
                    SEQ_GT(tp->snd_una, tp->snd_recover) &&
                    SEQ_GT(tp->snd_una, tp->snd_recover) &&
-                   SEQ_LEQ(th->th_ack, tp->snd_recover))
+                   SEQ_LEQ(th->th_ack, tp->snd_recover)) {
                        tp->snd_recover = th->th_ack - 1;
                        tp->snd_recover = th->th_ack - 1;
+               }
 
                if (IN_FASTRECOVERY(tp) &&
 
                if (IN_FASTRECOVERY(tp) &&
-                   SEQ_GEQ(th->th_ack, tp->snd_recover))
+                   SEQ_GEQ(th->th_ack, tp->snd_recover)) {
                        EXIT_FASTRECOVERY(tp);
                        EXIT_FASTRECOVERY(tp);
+               }
 
                tp->snd_una = th->th_ack;
 
                tp->snd_una = th->th_ack;
+
                if (SACK_ENABLED(tp)) {
                if (SACK_ENABLED(tp)) {
-                       if (SEQ_GT(tp->snd_una, tp->snd_recover))
+                       if (SEQ_GT(tp->snd_una, tp->snd_recover)) {
                                tp->snd_recover = tp->snd_una;
                                tp->snd_recover = tp->snd_una;
+                       }
                }
                }
-               if (SEQ_LT(tp->snd_nxt, tp->snd_una))
+               if (SEQ_LT(tp->snd_nxt, tp->snd_una)) {
                        tp->snd_nxt = tp->snd_una;
                        tp->snd_nxt = tp->snd_una;
+               }
                if (!SLIST_EMPTY(&tp->t_rxt_segments) &&
                    !TCP_DSACK_SEQ_IN_WINDOW(tp, tp->t_dsack_lastuna,
                if (!SLIST_EMPTY(&tp->t_rxt_segments) &&
                    !TCP_DSACK_SEQ_IN_WINDOW(tp, tp->t_dsack_lastuna,
-                   tp->snd_una))
+                   tp->snd_una)) {
                        tcp_rxtseg_clean(tp);
                        tcp_rxtseg_clean(tp);
+               }
                if ((tp->t_flagsext & TF_MEASURESNDBW) != 0 &&
                if ((tp->t_flagsext & TF_MEASURESNDBW) != 0 &&
-                       tp->t_bwmeas != NULL)
+                   tp->t_bwmeas != NULL) {
                        tcp_bwmeas_check(tp);
                        tcp_bwmeas_check(tp);
+               }
 
 
-               /*
-                * sowwakeup must happen after snd_una, et al. are updated so that
-                * the sequence numbers are in sync with so_snd
-                */
-               sowwakeup(so);
+               write_wakeup = 1;
 
 
-               switch (tp->t_state) {
+               if (!SLIST_EMPTY(&tp->t_notify_ack)) {
+                       tcp_notify_acknowledgement(tp, so);
+               }
 
 
+               switch (tp->t_state) {
                /*
                 * In FIN_WAIT_1 STATE in addition to the processing
                 * for the ESTABLISHED state if our FIN is now acknowledged
                /*
                 * In FIN_WAIT_1 STATE in addition to the processing
                 * for the ESTABLISHED state if our FIN is now acknowledged
@@ -4466,23 +5131,22 @@ process_ACK:
                                 */
                                if (so->so_state & SS_CANTRCVMORE) {
                                        tp->t_timer[TCPT_2MSL] = OFFSET_FROM_START(tp,
                                 */
                                if (so->so_state & SS_CANTRCVMORE) {
                                        tp->t_timer[TCPT_2MSL] = OFFSET_FROM_START(tp,
-                                               TCP_CONN_MAXIDLE(tp));
+                                           TCP_CONN_MAXIDLE(tp));
                                        isconnected = FALSE;
                                        isdisconnected = TRUE;
                                }
                                        isconnected = FALSE;
                                        isdisconnected = TRUE;
                                }
-                               DTRACE_TCP4(state__change, void, NULL, 
-                                       struct inpcb *, inp,
-                                       struct tcpcb *, tp, 
-                                       int32_t, TCPS_FIN_WAIT_2);
+                               DTRACE_TCP4(state__change, void, NULL,
+                                   struct inpcb *, inp,
+                                   struct tcpcb *, tp,
+                                   int32_t, TCPS_FIN_WAIT_2);
                                tp->t_state = TCPS_FIN_WAIT_2;
                                tp->t_state = TCPS_FIN_WAIT_2;
-                               /* fall through and make sure we also recognize 
-                                * data ACKed with the FIN 
+                               /* fall through and make sure we also recognize
+                                * data ACKed with the FIN
                                 */
                        }
                                 */
                        }
-                       tp->t_flags |= TF_ACKNOW;
                        break;
 
                        break;
 
-               /*
+               /*
                 * In CLOSING STATE in addition to the processing for
                 * the ESTABLISHED state if the ACK acknowledges our FIN
                 * then enter the TIME-WAIT state, otherwise ignore
                 * In CLOSING STATE in addition to the processing for
                 * the ESTABLISHED state if the ACK acknowledges our FIN
                 * then enter the TIME-WAIT state, otherwise ignore
@@ -4490,10 +5154,10 @@ process_ACK:
                 */
                case TCPS_CLOSING:
                        if (ourfinisacked) {
                 */
                case TCPS_CLOSING:
                        if (ourfinisacked) {
-                               DTRACE_TCP4(state__change, void, NULL, 
-                                       struct inpcb *, inp,
-                                       struct tcpcb *, tp, 
-                                       int32_t, TCPS_TIME_WAIT);
+                               DTRACE_TCP4(state__change, void, NULL,
+                                   struct inpcb *, inp,
+                                   struct tcpcb *, tp,
+                                   int32_t, TCPS_TIME_WAIT);
                                tp->t_state = TCPS_TIME_WAIT;
                                tcp_canceltimers(tp);
                                if (tp->t_flagsext & TF_NOTIMEWAIT) {
                                tp->t_state = TCPS_TIME_WAIT;
                                tcp_canceltimers(tp);
                                if (tp->t_flagsext & TF_NOTIMEWAIT) {
@@ -4504,7 +5168,6 @@ process_ACK:
                                isconnected = FALSE;
                                isdisconnected = TRUE;
                        }
                                isconnected = FALSE;
                                isdisconnected = TRUE;
                        }
-                       tp->t_flags |= TF_ACKNOW;
                        break;
 
                /*
                        break;
 
                /*
@@ -4531,18 +5194,18 @@ process_ACK:
                }
 
                /*
                }
 
                /*
-                * If there is a SACK option on the ACK and we 
+                * If there is a SACK option on the ACK and we
                 * haven't seen any duplicate acks before, count
                 * it as a duplicate ack even if the cumulative
                 * ack is advanced. If the receiver delayed an
                 * ack and detected loss afterwards, then the ack
                 * haven't seen any duplicate acks before, count
                 * it as a duplicate ack even if the cumulative
                 * ack is advanced. If the receiver delayed an
                 * ack and detected loss afterwards, then the ack
-                * will advance cumulative ack and will also have 
+                * will advance cumulative ack and will also have
                 * a SACK option. So counting it as one duplicate
                 * ack is ok.
                 * a SACK option. So counting it as one duplicate
                 * ack is ok.
-                */ 
+                */
                if (sack_ackadv == 1 &&
                if (sack_ackadv == 1 &&
-                   tp->t_state == TCPS_ESTABLISHED && 
-                   SACK_ENABLED(tp) && sack_bytes_acked > 0 && 
+                   tp->t_state == TCPS_ESTABLISHED &&
+                   SACK_ENABLED(tp) && sack_bytes_acked > 0 &&
                    to.to_nsacks > 0 && tp->t_dupacks == 0 &&
                    SEQ_LEQ(th->th_ack, tp->snd_una) && tlen == 0 &&
                    !(tp->t_flagsext & TF_PKTS_REORDERED)) {
                    to.to_nsacks > 0 && tp->t_dupacks == 0 &&
                    SEQ_LEQ(th->th_ack, tp->snd_una) && tlen == 0 &&
                    !(tp->t_flagsext & TF_PKTS_REORDERED)) {
@@ -4551,24 +5214,11 @@ process_ACK:
                }
        }
 
                }
        }
 
-step6:
-       /*
-        * Update window information.
-        * Don't look at window if no ACK: TAC's send garbage on first SYN.
-        */
-       if ((thflags & TH_ACK) &&
-           (SEQ_LT(tp->snd_wl1, th->th_seq) ||
-           (tp->snd_wl1 == th->th_seq && (SEQ_LT(tp->snd_wl2, th->th_ack) ||
-            (tp->snd_wl2 == th->th_ack && tiwin > tp->snd_wnd))))) {
-               /* keep track of pure window updates */
-               if (tlen == 0 &&
-                   tp->snd_wl2 == th->th_ack && tiwin > tp->snd_wnd)
-                       tcpstat.tcps_rcvwinupd++;
-               tp->snd_wnd = tiwin;
-               tp->snd_wl1 = th->th_seq;
-               tp->snd_wl2 = th->th_ack;
-               if (tp->snd_wnd > tp->max_sndwnd)
-                       tp->max_sndwnd = tp->snd_wnd;
+step6:
+       /*
+        * Update window information.
+        */
+       if (tcp_update_window(tp, thflags, th, tiwin, tlen)) {
                needoutput = 1;
        }
 
                needoutput = 1;
        }
 
@@ -4584,9 +5234,9 @@ step6:
                 * actually wanting to send this much urgent data.
                 */
                if (th->th_urp + so->so_rcv.sb_cc > sb_max) {
                 * actually wanting to send this much urgent data.
                 */
                if (th->th_urp + so->so_rcv.sb_cc > sb_max) {
-                       th->th_urp = 0;                 /* XXX */
-                       thflags &= ~TH_URG;             /* XXX */
-                       goto dodata;                    /* XXX */
+                       th->th_urp = 0;                 /* XXX */
+                       thflags &= ~TH_URG;             /* XXX */
+                       goto dodata;                    /* XXX */
                }
                /*
                 * If this segment advances the known urgent pointer,
                }
                /*
                 * If this segment advances the known urgent pointer,
@@ -4602,7 +5252,7 @@ step6:
                 * of data past the urgent section as the original
                 * spec states (in one of two places).
                 */
                 * of data past the urgent section as the original
                 * spec states (in one of two places).
                 */
-               if (SEQ_GT(th->th_seq+th->th_urp, tp->rcv_up)) {
+               if (SEQ_GT(th->th_seq + th->th_urp, tp->rcv_up)) {
                        tp->rcv_up = th->th_seq + th->th_urp;
                        so->so_oobmark = so->so_rcv.sb_cc +
                            (tp->rcv_up - tp->rcv_nxt) - 1;
                        tp->rcv_up = th->th_seq + th->th_urp;
                        so->so_oobmark = so->so_rcv.sb_cc +
                            (tp->rcv_up - tp->rcv_nxt) - 1;
@@ -4621,19 +5271,21 @@ step6:
                 */
                if (th->th_urp <= (u_int32_t)tlen
 #if SO_OOBINLINE
                 */
                if (th->th_urp <= (u_int32_t)tlen
 #if SO_OOBINLINE
-                    && (so->so_options & SO_OOBINLINE) == 0
+                   && (so->so_options & SO_OOBINLINE) == 0
 #endif
 #endif
-                    )
+                   ) {
                        tcp_pulloutofband(so, th, m,
                        tcp_pulloutofband(so, th, m,
-                               drop_hdrlen);   /* hdr drop is delayed */
+                           drop_hdrlen);       /* hdr drop is delayed */
+               }
        } else {
                /*
                 * If no out of band data is expected,
                 * pull receive urgent pointer along
                 * with the receive window.
                 */
        } else {
                /*
                 * If no out of band data is expected,
                 * pull receive urgent pointer along
                 * with the receive window.
                 */
-               if (SEQ_GT(tp->rcv_nxt, tp->rcv_up))
+               if (SEQ_GT(tp->rcv_nxt, tp->rcv_up)) {
                        tp->rcv_up = tp->rcv_nxt;
                        tp->rcv_up = tp->rcv_nxt;
+               }
        }
 dodata:
 
        }
 dodata:
 
@@ -4647,14 +5299,15 @@ dodata:
                soisdisconnected(so);
        }
 
                soisdisconnected(so);
        }
 
-       /* Let's check the state of pcb just to make sure that it did not get closed 
+       /* Let's check the state of pcb just to make sure that it did not get closed
         * when we unlocked above
         */
        if (inp->inp_state == INPCB_STATE_DEAD) {
                /* Just drop the packet that we are processing and return */
         * when we unlocked above
         */
        if (inp->inp_state == INPCB_STATE_DEAD) {
                /* Just drop the packet that we are processing and return */
+               TCP_LOG_DROP_PCB(TCP_LOG_HDR, th, tp, false, "INPCB_STATE_DEAD");
                goto drop;
        }
                goto drop;
        }
-       
+
        /*
         * Process the segment text, merging it into the TCP sequencing queue,
         * and arranging for acknowledgment of receipt if necessary.
        /*
         * Process the segment text, merging it into the TCP sequencing queue,
         * and arranging for acknowledgment of receipt if necessary.
@@ -4669,11 +5322,11 @@ dodata:
        if ((tlen || (thflags & TH_FIN)) &&
            TCPS_HAVERCVDFIN(tp->t_state) == 0 &&
            (TCPS_HAVEESTABLISHED(tp->t_state) ||
        if ((tlen || (thflags & TH_FIN)) &&
            TCPS_HAVERCVDFIN(tp->t_state) == 0 &&
            (TCPS_HAVEESTABLISHED(tp->t_state) ||
-            (tp->t_state == TCPS_SYN_RECEIVED &&
-            (tp->t_tfo_flags & TFO_F_COOKIE_VALID)))) {
+           (tp->t_state == TCPS_SYN_RECEIVED &&
+           (tp->t_tfo_flags & TFO_F_COOKIE_VALID)))) {
                tcp_seq save_start = th->th_seq;
                tcp_seq save_end = th->th_seq + tlen;
                tcp_seq save_start = th->th_seq;
                tcp_seq save_end = th->th_seq + tlen;
-               m_adj(m, drop_hdrlen);  /* delayed header drop */
+               m_adj(m, drop_hdrlen);  /* delayed header drop */
                /*
                 * Insert segment which includes th into TCP reassembly queue
                 * with control block tp.  Set thflags to whether reassembly now
                /*
                 * Insert segment which includes th into TCP reassembly queue
                 * with control block tp.  Set thflags to whether reassembly now
@@ -4689,23 +5342,22 @@ dodata:
                if (th->th_seq == tp->rcv_nxt && LIST_EMPTY(&tp->t_segq)) {
                        TCP_INC_VAR(tp->t_unacksegs, nlropkts);
                        /*
                if (th->th_seq == tp->rcv_nxt && LIST_EMPTY(&tp->t_segq)) {
                        TCP_INC_VAR(tp->t_unacksegs, nlropkts);
                        /*
-                        * Calculate the RTT on the receiver only if the 
-                        * connection is in streaming mode and the last 
+                        * Calculate the RTT on the receiver only if the
+                        * connection is in streaming mode and the last
                         * packet was not an end-of-write
                         */
                         * packet was not an end-of-write
                         */
-                       if ((tp->t_flags & TF_STRETCHACK) &&
-                               !(tp->t_flagsext & TF_STREAMEOW))
+                       if (tp->t_flags & TF_STREAMING_ON) {
                                tcp_compute_rtt(tp, &to, th);
                                tcp_compute_rtt(tp, &to, th);
-                       
-                       if (DELAY_ACK(tp, th) && 
-                               ((tp->t_flags & TF_ACKNOW) == 0) ) {
+                       }
+
+                       if (DELAY_ACK(tp, th) &&
+                           ((tp->t_flags & TF_ACKNOW) == 0)) {
                                if ((tp->t_flags & TF_DELACK) == 0) {
                                        tp->t_flags |= TF_DELACK;
                                if ((tp->t_flags & TF_DELACK) == 0) {
                                        tp->t_flags |= TF_DELACK;
-                                       tp->t_timer[TCPT_DELACK] = 
-                                               OFFSET_FROM_START(tp, tcp_delack);
+                                       tp->t_timer[TCPT_DELACK] =
+                                           OFFSET_FROM_START(tp, tcp_delack);
                                }
                                }
-                       }         
-                       else {
+                       } else {
                                tp->t_flags |= TF_ACKNOW;
                        }
                        tp->rcv_nxt += tlen;
                                tp->t_flags |= TF_ACKNOW;
                        }
                        tp->rcv_nxt += tlen;
@@ -4714,7 +5366,7 @@ dodata:
                        tcpstat.tcps_rcvbyte += tlen;
                        if (nstat_collect) {
                                if (m->m_pkthdr.pkt_flags & PKTF_SW_LRO_PKT) {
                        tcpstat.tcps_rcvbyte += tlen;
                        if (nstat_collect) {
                                if (m->m_pkthdr.pkt_flags & PKTF_SW_LRO_PKT) {
-                                       INP_ADD_STAT(inp, cell, wifi, wired, 
+                                       INP_ADD_STAT(inp, cell, wifi, wired,
                                            rxpackets, m->m_pkthdr.lro_npkts);
                                } else {
                                        INP_ADD_STAT(inp, cell, wifi, wired,
                                            rxpackets, m->m_pkthdr.lro_npkts);
                                } else {
                                        INP_ADD_STAT(inp, cell, wifi, wired,
@@ -4722,46 +5374,76 @@ dodata:
                                }
                                INP_ADD_STAT(inp, cell, wifi, wired,
                                    rxbytes, tlen);
                                }
                                INP_ADD_STAT(inp, cell, wifi, wired,
                                    rxbytes, tlen);
+                               inp_set_activity_bitmap(inp);
                        }
                        }
-                       tcp_sbrcv_grow(tp, &so->so_rcv, &to, tlen);
+                       tcp_sbrcv_grow(tp, &so->so_rcv, &to, tlen,
+                           TCP_AUTORCVBUF_MAX(ifp));
                        so_recv_data_stat(so, m, drop_hdrlen);
                        so_recv_data_stat(so, m, drop_hdrlen);
-                       
+
+                       if (isipv6) {
+                               memcpy(&saved_hdr, ip6, sizeof(struct ip6_hdr));
+                               ip6 = (struct ip6_hdr *)&saved_hdr[0];
+                       } else {
+                               memcpy(&saved_hdr, ip, ip->ip_hl << 2);
+                               ip = (struct ip *)&saved_hdr[0];
+                       }
+                       memcpy(&saved_tcphdr, th, sizeof(struct tcphdr));
                        if (sbappendstream_rcvdemux(so, m,
                            th->th_seq - (tp->irs + 1), 0)) {
                        if (sbappendstream_rcvdemux(so, m,
                            th->th_seq - (tp->irs + 1), 0)) {
-                               sorwakeup(so);
+                               read_wakeup = 1;
                        }
                        }
+                       th = &saved_tcphdr;
                } else {
                } else {
-                       thflags = tcp_reass(tp, th, &tlen, m, ifp);
+                       if (isipv6) {
+                               memcpy(&saved_hdr, ip6, sizeof(struct ip6_hdr));
+                               ip6 = (struct ip6_hdr *)&saved_hdr[0];
+                       } else {
+                               memcpy(&saved_hdr, ip, ip->ip_hl << 2);
+                               ip = (struct ip *)&saved_hdr[0];
+                       }
+                       memcpy(&saved_tcphdr, th, sizeof(struct tcphdr));
+                       thflags = tcp_reass(tp, th, &tlen, m, ifp, &read_wakeup);
+                       th = &saved_tcphdr;
                        tp->t_flags |= TF_ACKNOW;
                }
 
                        tp->t_flags |= TF_ACKNOW;
                }
 
-               if (tlen > 0 && SACK_ENABLED(tp))
+               if ((tlen > 0 || (th->th_flags & TH_FIN)) && SACK_ENABLED(tp)) {
+                       if (th->th_flags & TH_FIN) {
+                               save_end++;
+                       }
                        tcp_update_sack_list(tp, save_start, save_end);
                        tcp_update_sack_list(tp, save_start, save_end);
+               }
 
                tcp_adaptive_rwtimo_check(tp, tlen);
 
 
                tcp_adaptive_rwtimo_check(tp, tlen);
 
-               if (tlen > 0)
+               if (tlen > 0) {
                        tcp_tfo_rcv_data(tp);
                        tcp_tfo_rcv_data(tp);
+               }
 
 
-               if (tp->t_flags & TF_DELACK) 
-               {
+               if (tp->t_flags & TF_DELACK) {
 #if INET6
                        if (isipv6) {
                                KERNEL_DEBUG(DBG_LAYER_END, ((th->th_dport << 16) | th->th_sport),
 #if INET6
                        if (isipv6) {
                                KERNEL_DEBUG(DBG_LAYER_END, ((th->th_dport << 16) | th->th_sport),
-                                       (((ip6->ip6_src.s6_addr16[0]) << 16) | (ip6->ip6_dst.s6_addr16[0])),
-                                       th->th_seq, th->th_ack, th->th_win); 
-                       }
-                       else
+                                   (((ip6->ip6_src.s6_addr16[0]) << 16) | (ip6->ip6_dst.s6_addr16[0])),
+                                   th->th_seq, th->th_ack, th->th_win);
+                       } else
 #endif
                        {
                                KERNEL_DEBUG(DBG_LAYER_END, ((th->th_dport << 16) | th->th_sport),
 #endif
                        {
                                KERNEL_DEBUG(DBG_LAYER_END, ((th->th_dport << 16) | th->th_sport),
-                                       (((ip->ip_src.s_addr & 0xffff) << 16) | (ip->ip_dst.s_addr & 0xffff)),
-                                       th->th_seq, th->th_ack, th->th_win); 
+                                   (((ip->ip_src.s_addr & 0xffff) << 16) | (ip->ip_dst.s_addr & 0xffff)),
+                                   th->th_seq, th->th_ack, th->th_win);
                        }
                        }
-                               
                }
        } else {
                }
        } else {
-               m_freem(m);
+               if ((so->so_flags & SOF_MP_SUBFLOW) && tlen == 0 &&
+                   (m->m_pkthdr.pkt_flags & PKTF_MPTCP_DFIN) &&
+                   (m->m_pkthdr.pkt_flags & PKTF_MPTCP)) {
+                       m_adj(m, drop_hdrlen);  /* delayed header drop */
+                       mptcp_input(tptomptp(tp)->mpt_mpte, m);
+                       tp->t_flags |= TF_ACKNOW;
+               } else {
+                       m_freem(m);
+               }
                thflags &= ~TH_FIN;
        }
 
                thflags &= ~TH_FIN;
        }
 
@@ -4792,8 +5474,7 @@ dodata:
                        tp->rcv_nxt++;
                }
                switch (tp->t_state) {
                        tp->rcv_nxt++;
                }
                switch (tp->t_state) {
-
-               /*
+               /*
                 * In SYN_RECEIVED and ESTABLISHED STATES
                 * enter the CLOSE_WAIT state.
                 */
                 * In SYN_RECEIVED and ESTABLISHED STATES
                 * enter the CLOSE_WAIT state.
                 */
@@ -4801,30 +5482,30 @@ dodata:
                        tp->t_starttime = tcp_now;
                case TCPS_ESTABLISHED:
                        DTRACE_TCP4(state__change, void, NULL, struct inpcb *, inp,
                        tp->t_starttime = tcp_now;
                case TCPS_ESTABLISHED:
                        DTRACE_TCP4(state__change, void, NULL, struct inpcb *, inp,
-                               struct tcpcb *, tp, int32_t, TCPS_CLOSE_WAIT);
+                           struct tcpcb *, tp, int32_t, TCPS_CLOSE_WAIT);
                        tp->t_state = TCPS_CLOSE_WAIT;
                        break;
 
                        tp->t_state = TCPS_CLOSE_WAIT;
                        break;
 
-               /*
+               /*
                 * If still in FIN_WAIT_1 STATE FIN has not been acked so
                 * enter the CLOSING state.
                 */
                case TCPS_FIN_WAIT_1:
                        DTRACE_TCP4(state__change, void, NULL, struct inpcb *, inp,
                 * If still in FIN_WAIT_1 STATE FIN has not been acked so
                 * enter the CLOSING state.
                 */
                case TCPS_FIN_WAIT_1:
                        DTRACE_TCP4(state__change, void, NULL, struct inpcb *, inp,
-                               struct tcpcb *, tp, int32_t, TCPS_CLOSING);
+                           struct tcpcb *, tp, int32_t, TCPS_CLOSING);
                        tp->t_state = TCPS_CLOSING;
                        break;
 
                        tp->t_state = TCPS_CLOSING;
                        break;
 
-               /*
+               /*
                 * In FIN_WAIT_2 state enter the TIME_WAIT state,
                 * starting the time-wait timer, turning off the other
                 * standard timers.
                 */
                case TCPS_FIN_WAIT_2:
                 * In FIN_WAIT_2 state enter the TIME_WAIT state,
                 * starting the time-wait timer, turning off the other
                 * standard timers.
                 */
                case TCPS_FIN_WAIT_2:
-                       DTRACE_TCP4(state__change, void, NULL, 
-                               struct inpcb *, inp,
-                               struct tcpcb *, tp, 
-                               int32_t, TCPS_TIME_WAIT);
+                       DTRACE_TCP4(state__change, void, NULL,
+                           struct inpcb *, inp,
+                           struct tcpcb *, tp,
+                           int32_t, TCPS_TIME_WAIT);
                        tp->t_state = TCPS_TIME_WAIT;
                        tcp_canceltimers(tp);
                        tp->t_flags |= TF_ACKNOW;
                        tp->t_state = TCPS_TIME_WAIT;
                        tcp_canceltimers(tp);
                        tp->t_flags |= TF_ACKNOW;
@@ -4845,11 +5526,16 @@ dodata:
                }
        }
 #if TCPDEBUG
                }
        }
 #if TCPDEBUG
-       if (so->so_options & SO_DEBUG)
+       if (so->so_options & SO_DEBUG) {
                tcp_trace(TA_INPUT, ostate, tp, (void *)tcp_saveipgen,
                tcp_trace(TA_INPUT, ostate, tp, (void *)tcp_saveipgen,
-                         &tcp_savetcp, 0);
+                   &tcp_savetcp, 0);
+       }
 #endif
 
 #endif
 
+       if (read_wakeup) {
+               mptcp_handle_input(so);
+       }
+
        /*
         * Return any desired output.
         */
        /*
         * Return any desired output.
         */
@@ -4859,9 +5545,10 @@ dodata:
 
        tcp_check_timer_state(tp);
 
 
        tcp_check_timer_state(tp);
 
-       
-       tcp_unlock(so, 1, 0);
-       KERNEL_DEBUG(DBG_FNC_TCP_INPUT | DBG_FUNC_END,0,0,0,0,0);
+       tcp_handle_wakeup(so, read_wakeup, write_wakeup);
+
+       socket_unlock(so, 1);
+       KERNEL_DEBUG(DBG_FNC_TCP_INPUT | DBG_FUNC_END, 0, 0, 0, 0, 0);
        return;
 
 dropafterack:
        return;
 
 dropafterack:
@@ -4882,23 +5569,27 @@ dropafterack:
         */
        if (tp->t_state == TCPS_SYN_RECEIVED && (thflags & TH_ACK) &&
            (SEQ_GT(tp->snd_una, th->th_ack) ||
         */
        if (tp->t_state == TCPS_SYN_RECEIVED && (thflags & TH_ACK) &&
            (SEQ_GT(tp->snd_una, th->th_ack) ||
-            SEQ_GT(th->th_ack, tp->snd_max)) ) {
+           SEQ_GT(th->th_ack, tp->snd_max))) {
                rstreason = BANDLIM_RST_OPENPORT;
                IF_TCP_STATINC(ifp, dospacket);
                goto dropwithreset;
        }
 #if TCPDEBUG
                rstreason = BANDLIM_RST_OPENPORT;
                IF_TCP_STATINC(ifp, dospacket);
                goto dropwithreset;
        }
 #if TCPDEBUG
-       if (so->so_options & SO_DEBUG)
+       if (so->so_options & SO_DEBUG) {
                tcp_trace(TA_DROP, ostate, tp, (void *)tcp_saveipgen,
                tcp_trace(TA_DROP, ostate, tp, (void *)tcp_saveipgen,
-                         &tcp_savetcp, 0);
+                   &tcp_savetcp, 0);
+       }
 #endif
        m_freem(m);
        tp->t_flags |= TF_ACKNOW;
 #endif
        m_freem(m);
        tp->t_flags |= TF_ACKNOW;
+
        (void) tcp_output(tp);
 
        (void) tcp_output(tp);
 
+       tcp_handle_wakeup(so, read_wakeup, write_wakeup);
+
        /* Don't need to check timer state as we should have done it during tcp_output */
        /* Don't need to check timer state as we should have done it during tcp_output */
-       tcp_unlock(so, 1, 0);
-       KERNEL_DEBUG(DBG_FNC_TCP_INPUT | DBG_FUNC_END,0,0,0,0,0);
+       socket_unlock(so, 1);
+       KERNEL_DEBUG(DBG_FNC_TCP_INPUT | DBG_FUNC_END, 0, 0, 0, 0, 0);
        return;
 dropwithresetnosock:
        nosock = 1;
        return;
 dropwithresetnosock:
        nosock = 1;
@@ -4908,57 +5599,66 @@ dropwithreset:
         * Make ACK acceptable to originator of segment.
         * Don't bother to respond if destination was broadcast/multicast.
         */
         * Make ACK acceptable to originator of segment.
         * Don't bother to respond if destination was broadcast/multicast.
         */
-       if ((thflags & TH_RST) || m->m_flags & (M_BCAST|M_MCAST))
+       if ((thflags & TH_RST) || m->m_flags & (M_BCAST | M_MCAST)) {
                goto drop;
                goto drop;
+       }
 #if INET6
        if (isipv6) {
                if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
 #if INET6
        if (isipv6) {
                if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
-                   IN6_IS_ADDR_MULTICAST(&ip6->ip6_src))
+                   IN6_IS_ADDR_MULTICAST(&ip6->ip6_src)) {
                        goto drop;
                        goto drop;
+               }
        } else
 #endif /* INET6 */
        if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) ||
            IN_MULTICAST(ntohl(ip->ip_src.s_addr)) ||
            ip->ip_src.s_addr == htonl(INADDR_BROADCAST) ||
        } else
 #endif /* INET6 */
        if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) ||
            IN_MULTICAST(ntohl(ip->ip_src.s_addr)) ||
            ip->ip_src.s_addr == htonl(INADDR_BROADCAST) ||
-           in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
+           in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif)) {
                goto drop;
                goto drop;
+       }
        /* IPv6 anycast check is done at tcp6_input() */
 
        /* IPv6 anycast check is done at tcp6_input() */
 
-       /* 
+       /*
         * Perform bandwidth limiting.
         */
 #if ICMP_BANDLIM
         * Perform bandwidth limiting.
         */
 #if ICMP_BANDLIM
-       if (badport_bandlim(rstreason) < 0)
+       if (badport_bandlim(rstreason) < 0) {
                goto drop;
                goto drop;
+       }
 #endif
 
 #if TCPDEBUG
 #endif
 
 #if TCPDEBUG
-       if (tp == 0 || (tp->t_inpcb->inp_socket->so_options & SO_DEBUG))
+       if (tp == 0 || (tp->t_inpcb->inp_socket->so_options & SO_DEBUG)) {
                tcp_trace(TA_DROP, ostate, tp, (void *)tcp_saveipgen,
                tcp_trace(TA_DROP, ostate, tp, (void *)tcp_saveipgen,
-                         &tcp_savetcp, 0);
+                   &tcp_savetcp, 0);
+       }
 #endif
        bzero(&tra, sizeof(tra));
        tra.ifscope = ifscope;
        tra.awdl_unrestricted = 1;
 #endif
        bzero(&tra, sizeof(tra));
        tra.ifscope = ifscope;
        tra.awdl_unrestricted = 1;
-       if (thflags & TH_ACK)
+       tra.intcoproc_allowed = 1;
+       if (thflags & TH_ACK) {
                /* mtod() below is safe as long as hdr dropping is delayed */
                tcp_respond(tp, mtod(m, void *), th, m, (tcp_seq)0, th->th_ack,
                    TH_RST, &tra);
                /* mtod() below is safe as long as hdr dropping is delayed */
                tcp_respond(tp, mtod(m, void *), th, m, (tcp_seq)0, th->th_ack,
                    TH_RST, &tra);
-       else {
-               if (thflags & TH_SYN)
+       else {
+               if (thflags & TH_SYN) {
                        tlen++;
                        tlen++;
+               }
                /* mtod() below is safe as long as hdr dropping is delayed */
                /* mtod() below is safe as long as hdr dropping is delayed */
-               tcp_respond(tp, mtod(m, void *), th, m, th->th_seq+tlen,
-                   (tcp_seq)0, TH_RST|TH_ACK, &tra);
+               tcp_respond(tp, mtod(m, void *), th, m, th->th_seq + tlen,
+                   (tcp_seq)0, TH_RST | TH_ACK, &tra);
        }
        /* destroy temporarily created socket */
        if (dropsocket) {
        }
        /* destroy temporarily created socket */
        if (dropsocket) {
-               (void) soabort(so); 
-               tcp_unlock(so, 1, 0);
+               (void) soabort(so);
+               socket_unlock(so, 1);
        } else if ((inp != NULL) && (nosock == 0)) {
        } else if ((inp != NULL) && (nosock == 0)) {
-               tcp_unlock(so, 1, 0);
+               tcp_handle_wakeup(so, read_wakeup, write_wakeup);
+
+               socket_unlock(so, 1);
        }
        }
-       KERNEL_DEBUG(DBG_FNC_TCP_INPUT | DBG_FUNC_END,0,0,0,0,0);
+       KERNEL_DEBUG(DBG_FNC_TCP_INPUT | DBG_FUNC_END, 0, 0, 0, 0, 0);
        return;
 dropnosock:
        nosock = 1;
        return;
 dropnosock:
        nosock = 1;
@@ -4967,20 +5667,22 @@ drop:
         * Drop space held by incoming segment and return.
         */
 #if TCPDEBUG
         * Drop space held by incoming segment and return.
         */
 #if TCPDEBUG
-       if (tp == 0 || (tp->t_inpcb->inp_socket->so_options & SO_DEBUG))
+       if (tp == 0 || (tp->t_inpcb->inp_socket->so_options & SO_DEBUG)) {
                tcp_trace(TA_DROP, ostate, tp, (void *)tcp_saveipgen,
                tcp_trace(TA_DROP, ostate, tp, (void *)tcp_saveipgen,
-                         &tcp_savetcp, 0);
+                   &tcp_savetcp, 0);
+       }
 #endif
        m_freem(m);
        /* destroy temporarily created socket */
        if (dropsocket) {
 #endif
        m_freem(m);
        /* destroy temporarily created socket */
        if (dropsocket) {
-               (void) soabort(so); 
-               tcp_unlock(so, 1, 0);
-       }
-       else if (nosock == 0) {
-               tcp_unlock(so, 1, 0);
+               (void) soabort(so);
+               socket_unlock(so, 1);
+       } else if (nosock == 0) {
+               tcp_handle_wakeup(so, read_wakeup, write_wakeup);
+
+               socket_unlock(so, 1);
        }
        }
-       KERNEL_DEBUG(DBG_FNC_TCP_INPUT | DBG_FUNC_END,0,0,0,0,0);
+       KERNEL_DEBUG(DBG_FNC_TCP_INPUT | DBG_FUNC_END, 0, 0, 0, 0, 0);
        return;
 }
 
        return;
 }
 
@@ -4996,27 +5698,31 @@ tcp_dooptions(struct tcpcb *tp, u_char *cp, int cnt, struct tcphdr *th,
 
        for (; cnt > 0; cnt -= optlen, cp += optlen) {
                opt = cp[0];
 
        for (; cnt > 0; cnt -= optlen, cp += optlen) {
                opt = cp[0];
-               if (opt == TCPOPT_EOL)
+               if (opt == TCPOPT_EOL) {
                        break;
                        break;
-               if (opt == TCPOPT_NOP)
+               }
+               if (opt == TCPOPT_NOP) {
                        optlen = 1;
                        optlen = 1;
-               else {
-                       if (cnt < 2)
+               else {
+                       if (cnt < 2) {
                                break;
                                break;
+                       }
                        optlen = cp[1];
                        optlen = cp[1];
-                       if (optlen < 2 || optlen > cnt)
+                       if (optlen < 2 || optlen > cnt) {
                                break;
                                break;
+                       }
                }
                switch (opt) {
                }
                switch (opt) {
-
                default:
                        continue;
 
                case TCPOPT_MAXSEG:
                default:
                        continue;
 
                case TCPOPT_MAXSEG:
-                       if (optlen != TCPOLEN_MAXSEG)
+                       if (optlen != TCPOLEN_MAXSEG) {
                                continue;
                                continue;
-                       if (!(th->th_flags & TH_SYN))
+                       }
+                       if (!(th->th_flags & TH_SYN)) {
                                continue;
                                continue;
+                       }
                        bcopy((char *) cp + 2, (char *) &mss, sizeof(mss));
                        NTOHS(mss);
                        to->to_mss = mss;
                        bcopy((char *) cp + 2, (char *) &mss, sizeof(mss));
                        NTOHS(mss);
                        to->to_mss = mss;
@@ -5024,17 +5730,20 @@ tcp_dooptions(struct tcpcb *tp, u_char *cp, int cnt, struct tcphdr *th,
                        break;
 
                case TCPOPT_WINDOW:
                        break;
 
                case TCPOPT_WINDOW:
-                       if (optlen != TCPOLEN_WINDOW)
+                       if (optlen != TCPOLEN_WINDOW) {
                                continue;
                                continue;
-                       if (!(th->th_flags & TH_SYN))
+                       }
+                       if (!(th->th_flags & TH_SYN)) {
                                continue;
                                continue;
+                       }
                        to->to_flags |= TOF_SCALE;
                        to->to_requested_s_scale = min(cp[2], TCP_MAX_WINSHIFT);
                        break;
 
                case TCPOPT_TIMESTAMP:
                        to->to_flags |= TOF_SCALE;
                        to->to_requested_s_scale = min(cp[2], TCP_MAX_WINSHIFT);
                        break;
 
                case TCPOPT_TIMESTAMP:
-                       if (optlen != TCPOLEN_TIMESTAMP)
+                       if (optlen != TCPOLEN_TIMESTAMP) {
                                continue;
                                continue;
+                       }
                        to->to_flags |= TOF_TS;
                        bcopy((char *)cp + 2,
                            (char *)&to->to_tsval, sizeof(to->to_tsval));
                        to->to_flags |= TOF_TS;
                        bcopy((char *)cp + 2,
                            (char *)&to->to_tsval, sizeof(to->to_tsval));
@@ -5044,19 +5753,23 @@ tcp_dooptions(struct tcpcb *tp, u_char *cp, int cnt, struct tcphdr *th,
                        NTOHL(to->to_tsecr);
                        /* Re-enable sending Timestamps if we received them */
                        if (!(tp->t_flags & TF_REQ_TSTMP) &&
                        NTOHL(to->to_tsecr);
                        /* Re-enable sending Timestamps if we received them */
                        if (!(tp->t_flags & TF_REQ_TSTMP) &&
-                           tcp_do_rfc1323 == 1)
+                           tcp_do_rfc1323 == 1) {
                                tp->t_flags |= TF_REQ_TSTMP;
                                tp->t_flags |= TF_REQ_TSTMP;
+                       }
                        break;
                case TCPOPT_SACK_PERMITTED:
                        if (!tcp_do_sack ||
                        break;
                case TCPOPT_SACK_PERMITTED:
                        if (!tcp_do_sack ||
-                           optlen != TCPOLEN_SACK_PERMITTED)
+                           optlen != TCPOLEN_SACK_PERMITTED) {
                                continue;
                                continue;
-                       if (th->th_flags & TH_SYN)
+                       }
+                       if (th->th_flags & TH_SYN) {
                                to->to_flags |= TOF_SACK;
                                to->to_flags |= TOF_SACK;
+                       }
                        break;
                case TCPOPT_SACK:
                        break;
                case TCPOPT_SACK:
-                       if (optlen <= 2 || (optlen - 2) % TCPOLEN_SACK != 0)
+                       if (optlen <= 2 || (optlen - 2) % TCPOLEN_SACK != 0) {
                                continue;
                                continue;
+                       }
                        to->to_nsacks = (optlen - 2) / TCPOLEN_SACK;
                        to->to_sacks = cp + 2;
                        tcpstat.tcps_sack_rcv_blocks++;
                        to->to_nsacks = (optlen - 2) / TCPOLEN_SACK;
                        to->to_sacks = cp + 2;
                        tcpstat.tcps_sack_rcv_blocks++;
@@ -5064,18 +5777,21 @@ tcp_dooptions(struct tcpcb *tp, u_char *cp, int cnt, struct tcphdr *th,
                        break;
                case TCPOPT_FASTOPEN:
                        if (optlen == TCPOLEN_FASTOPEN_REQ) {
                        break;
                case TCPOPT_FASTOPEN:
                        if (optlen == TCPOLEN_FASTOPEN_REQ) {
-                               if (tp->t_state != TCPS_LISTEN)
+                               if (tp->t_state != TCPS_LISTEN) {
                                        continue;
                                        continue;
+                               }
 
                                to->to_flags |= TOF_TFOREQ;
                        } else {
                                if (optlen < TCPOLEN_FASTOPEN_REQ ||
                                    (optlen - TCPOLEN_FASTOPEN_REQ) > TFO_COOKIE_LEN_MAX ||
 
                                to->to_flags |= TOF_TFOREQ;
                        } else {
                                if (optlen < TCPOLEN_FASTOPEN_REQ ||
                                    (optlen - TCPOLEN_FASTOPEN_REQ) > TFO_COOKIE_LEN_MAX ||
-                                   (optlen - TCPOLEN_FASTOPEN_REQ) < TFO_COOKIE_LEN_MIN)
+                                   (optlen - TCPOLEN_FASTOPEN_REQ) < TFO_COOKIE_LEN_MIN) {
                                        continue;
                                        continue;
+                               }
                                if (tp->t_state != TCPS_LISTEN &&
                                if (tp->t_state != TCPS_LISTEN &&
-                                   tp->t_state != TCPS_SYN_SENT)
+                                   tp->t_state != TCPS_SYN_SENT) {
                                        continue;
                                        continue;
+                               }
 
                                to->to_flags |= TOF_TFO;
                                to->to_tfo = cp + 1;
 
                                to->to_flags |= TOF_TFO;
                                to->to_tfo = cp + 1;
@@ -5098,23 +5814,25 @@ tcp_finalize_options(struct tcpcb *tp, struct tcpopt *to, unsigned int ifscope)
                tp->t_flags |= TF_RCVD_TSTMP;
                tp->ts_recent = to->to_tsval;
                tp->ts_recent_age = tcp_now;
                tp->t_flags |= TF_RCVD_TSTMP;
                tp->ts_recent = to->to_tsval;
                tp->ts_recent_age = tcp_now;
-
        }
        }
-       if (to->to_flags & TOF_MSS)
+       if (to->to_flags & TOF_MSS) {
                tcp_mss(tp, to->to_mss, ifscope);
                tcp_mss(tp, to->to_mss, ifscope);
+       }
        if (SACK_ENABLED(tp)) {
        if (SACK_ENABLED(tp)) {
-               if (!(to->to_flags & TOF_SACK))
+               if (!(to->to_flags & TOF_SACK)) {
                        tp->t_flagsext &= ~(TF_SACK_ENABLE);
                        tp->t_flagsext &= ~(TF_SACK_ENABLE);
-               else
+               } else {
                        tp->t_flags |= TF_SACK_PERMIT;
                        tp->t_flags |= TF_SACK_PERMIT;
+               }
        }
        if (to->to_flags & TOF_SCALE) {
                tp->t_flags |= TF_RCVD_SCALE;
                tp->requested_s_scale = to->to_requested_s_scale;
 
                /* Re-enable window scaling, if the option is received */
        }
        if (to->to_flags & TOF_SCALE) {
                tp->t_flags |= TF_RCVD_SCALE;
                tp->requested_s_scale = to->to_requested_s_scale;
 
                /* Re-enable window scaling, if the option is received */
-               if (tp->request_r_scale > 0)
+               if (tp->request_r_scale > 0) {
                        tp->t_flags |= TF_REQ_SCALE;
                        tp->t_flags |= TF_REQ_SCALE;
+               }
        }
 }
 
        }
 }
 
@@ -5123,13 +5841,11 @@ tcp_finalize_options(struct tcpcb *tp, struct tcpopt *to, unsigned int ifscope)
  * it doesn't appear in the user's data queue.
  * It is still reflected in the segment length for
  * sequencing purposes.
  * it doesn't appear in the user's data queue.
  * It is still reflected in the segment length for
  * sequencing purposes.
+ *
+ * @param off delayed to be droped hdrlen
  */
 static void
  */
 static void
-tcp_pulloutofband(so, th, m, off)
-       struct socket *so;
-       struct tcphdr *th;
-       register struct mbuf *m;
-       int off;                /* delayed to be droped hdrlen */
+tcp_pulloutofband(struct socket *so, struct tcphdr *th, struct mbuf *m, int off)
 {
        int cnt = off + th->th_urp - 1;
 
 {
        int cnt = off + th->th_urp - 1;
 
@@ -5140,30 +5856,27 @@ tcp_pulloutofband(so, th, m, off)
 
                        tp->t_iobc = *cp;
                        tp->t_oobflags |= TCPOOB_HAVEDATA;
 
                        tp->t_iobc = *cp;
                        tp->t_oobflags |= TCPOOB_HAVEDATA;
-                       bcopy(cp+1, cp, (unsigned)(m->m_len - cnt - 1));
+                       bcopy(cp + 1, cp, (unsigned)(m->m_len - cnt - 1));
                        m->m_len--;
                        m->m_len--;
-                       if (m->m_flags & M_PKTHDR)
+                       if (m->m_flags & M_PKTHDR) {
                                m->m_pkthdr.len--;
                                m->m_pkthdr.len--;
+                       }
                        return;
                }
                cnt -= m->m_len;
                m = m->m_next;
                        return;
                }
                cnt -= m->m_len;
                m = m->m_next;
-               if (m == 0)
+               if (m == 0) {
                        break;
                        break;
+               }
        }
        panic("tcp_pulloutofband");
 }
 
 uint32_t
        }
        panic("tcp_pulloutofband");
 }
 
 uint32_t
-get_base_rtt(struct tcpcb *tp) 
+get_base_rtt(struct tcpcb *tp)
 {
 {
-       uint32_t base_rtt = 0, i;
-       for (i = 0; i < N_RTT_BASE; ++i) {
-               if (tp->rtt_hist[i] != 0 &&
-                       (base_rtt == 0 || tp->rtt_hist[i] < base_rtt))
-                       base_rtt = tp->rtt_hist[i];
-       }
-       return base_rtt;
+       struct rtentry *rt = tp->t_inpcb->inp_route.ro_rt;
+       return (rt == NULL) ? 0 : rt->rtt_min;
 }
 
 /* Each value of RTT base represents the minimum RTT seen in a minute.
 }
 
 /* Each value of RTT base represents the minimum RTT seen in a minute.
@@ -5172,44 +5885,88 @@ get_base_rtt(struct tcpcb *tp)
 void
 update_base_rtt(struct tcpcb *tp, uint32_t rtt)
 {
 void
 update_base_rtt(struct tcpcb *tp, uint32_t rtt)
 {
-       int32_t i, qdelay;
-       u_int32_t base_rtt;
+       u_int32_t base_rtt, i;
+       struct rtentry *rt;
 
 
-       if (++tp->rtt_count >= rtt_samples_per_slot) {
+       if ((rt = tp->t_inpcb->inp_route.ro_rt) == NULL) {
+               return;
+       }
+       if (rt->rtt_expire_ts == 0) {
+               RT_LOCK_SPIN(rt);
+               if (rt->rtt_expire_ts != 0) {
+                       RT_UNLOCK(rt);
+                       goto update;
+               }
+               rt->rtt_expire_ts = tcp_now;
+               rt->rtt_index = 0;
+               rt->rtt_hist[0] = rtt;
+               rt->rtt_min = rtt;
+               RT_UNLOCK(rt);
+               return;
+       }
+update:
 #if TRAFFIC_MGT
 #if TRAFFIC_MGT
-               /*
-                * If the recv side is being throttled, check if the 
-                * current RTT is closer to the base RTT seen in 
-                * first (recent) two slots. If so, unthrottle the stream.
-                */
-               if (tp->t_flagsext & TF_RECV_THROTTLE) {
-                       base_rtt = min(tp->rtt_hist[0], tp->rtt_hist[1]);
-                       qdelay = tp->t_rttcur - base_rtt;
-                       if (qdelay < target_qdelay)
-                               tp->t_flagsext &= ~(TF_RECV_THROTTLE);
+       /*
+        * If the recv side is being throttled, check if the
+        * current RTT is closer to the base RTT seen in
+        * first (recent) two slots. If so, unthrottle the stream.
+        */
+       if ((tp->t_flagsext & TF_RECV_THROTTLE) &&
+           (int)(tcp_now - tp->t_recv_throttle_ts) >= TCP_RECV_THROTTLE_WIN) {
+               base_rtt = rt->rtt_min;
+               if (tp->t_rttcur <= (base_rtt + target_qdelay)) {
+                       tp->t_flagsext &= ~TF_RECV_THROTTLE;
+                       tp->t_recv_throttle_ts = 0;
                }
                }
+       }
 #endif /* TRAFFIC_MGT */
 #endif /* TRAFFIC_MGT */
-
-               for (i = (N_RTT_BASE-1); i > 0; --i) {
-                       tp->rtt_hist[i] = tp->rtt_hist[i-1];
+       if ((int)(tcp_now - rt->rtt_expire_ts) >=
+           TCP_RTT_HISTORY_EXPIRE_TIME) {
+               RT_LOCK_SPIN(rt);
+               /* check the condition again to avoid race */
+               if ((int)(tcp_now - rt->rtt_expire_ts) >=
+                   TCP_RTT_HISTORY_EXPIRE_TIME) {
+                       rt->rtt_index++;
+                       if (rt->rtt_index >= NRTT_HIST) {
+                               rt->rtt_index = 0;
+                       }
+                       rt->rtt_hist[rt->rtt_index] = rtt;
+                       rt->rtt_expire_ts = tcp_now;
+               } else {
+                       rt->rtt_hist[rt->rtt_index] =
+                           min(rt->rtt_hist[rt->rtt_index], rtt);
                }
                }
-               tp->rtt_hist[0] = rtt;
-               tp->rtt_count = 0;
+               /* forget the old value and update minimum */
+               rt->rtt_min = 0;
+               for (i = 0; i < NRTT_HIST; ++i) {
+                       if (rt->rtt_hist[i] != 0 &&
+                           (rt->rtt_min == 0 ||
+                           rt->rtt_hist[i] < rt->rtt_min)) {
+                               rt->rtt_min = rt->rtt_hist[i];
+                       }
+               }
+               RT_UNLOCK(rt);
        } else {
        } else {
-               tp->rtt_hist[0] = min(tp->rtt_hist[0], rtt);
+               rt->rtt_hist[rt->rtt_index] =
+                   min(rt->rtt_hist[rt->rtt_index], rtt);
+               if (rt->rtt_min == 0) {
+                       rt->rtt_min = rtt;
+               } else {
+                       rt->rtt_min = min(rt->rtt_min, rtt);
+               }
        }
 }
 
 /*
  * If we have a timestamp reply, update smoothed RTT. If no timestamp is
        }
 }
 
 /*
  * If we have a timestamp reply, update smoothed RTT. If no timestamp is
- * present but transmit timer is running and timed sequence number was 
- * acked, update smoothed RTT. 
+ * present but transmit timer is running and timed sequence number was
+ * acked, update smoothed RTT.
  *
  * If timestamps are supported, a receiver can update RTT even if
  * there is no outstanding data.
  *
  * Some boxes send broken timestamp replies during the SYN+ACK phase,
  *
  * If timestamps are supported, a receiver can update RTT even if
  * there is no outstanding data.
  *
  * Some boxes send broken timestamp replies during the SYN+ACK phase,
- * ignore timestamps of 0or we could calculate a huge RTT and blow up 
+ * ignore timestamps of 0or we could calculate a huge RTT and blow up
  * the retransmit timer.
  */
 static void
  * the retransmit timer.
  */
 static void
@@ -5234,31 +5991,46 @@ tcp_compute_rtt(struct tcpcb *tp, struct tcpopt *to, struct tcphdr *th)
                        /* Compute the max of the pipeack samples */
                        pipe_ack_val = tcp_get_max_pipeack(tp);
                        tp->t_pipeack = (pipe_ack_val >
                        /* Compute the max of the pipeack samples */
                        pipe_ack_val = tcp_get_max_pipeack(tp);
                        tp->t_pipeack = (pipe_ack_val >
-                                   TCP_CC_CWND_INIT_BYTES) ?
-                                   pipe_ack_val : 0;
+                           TCP_CC_CWND_INIT_BYTES) ?
+                           pipe_ack_val : 0;
                }
                /* start another measurement */
                tp->t_rtttime = 0;
        }
                }
                /* start another measurement */
                tp->t_rtttime = 0;
        }
-       if (((to->to_flags & TOF_TS) != 0) && 
-               (to->to_tsecr != 0) &&
-               TSTMP_GEQ(tcp_now, to->to_tsecr)) {
+       if (((to->to_flags & TOF_TS) != 0) &&
+           (to->to_tsecr != 0) &&
+           TSTMP_GEQ(tcp_now, to->to_tsecr)) {
                tcp_xmit_timer(tp, (tcp_now - to->to_tsecr),
                tcp_xmit_timer(tp, (tcp_now - to->to_tsecr),
-                       to->to_tsecr, th->th_ack);
+                   to->to_tsecr, th->th_ack);
        } else if (rtt > 0) {
                tcp_xmit_timer(tp, rtt, 0, th->th_ack);
        }
 }
 
 /*
        } else if (rtt > 0) {
                tcp_xmit_timer(tp, rtt, 0, th->th_ack);
        }
 }
 
 /*
- * Collect new round-trip time estimate
- * and update averages and current timeout.
+ * Collect new round-trip time estimate and update averages and
+ * current timeout.
  */
 static void
  */
 static void
-tcp_xmit_timer(register struct tcpcb *tp, int rtt, 
-       u_int32_t tsecr, tcp_seq th_ack)
+tcp_xmit_timer(struct tcpcb *tp, int rtt,
+    u_int32_t tsecr, tcp_seq th_ack)
 {
 {
-       register int delta;
+       int delta;
+       int old_srtt = tp->t_srtt;
+       int old_rttvar = tp->t_rttvar;
+       bool log_rtt = false;
+
+       /*
+        * On AWDL interface, the initial RTT measurement on SYN
+        * can be wrong due to peer caching. Avoid the first RTT
+        * measurement as it might skew up the RTO.
+        * <rdar://problem/28739046>
+        */
+       if (tp->t_inpcb->inp_last_outifp != NULL &&
+           (tp->t_inpcb->inp_last_outifp->if_eflags & IFEF_AWDL) &&
+           th_ack == tp->iss + 1) {
+               return;
+       }
 
        if (tp->t_flagsext & TF_RECOMPUTE_RTT) {
                if (SEQ_GT(th_ack, tp->snd_una) &&
 
        if (tp->t_flagsext & TF_RECOMPUTE_RTT) {
                if (SEQ_GT(th_ack, tp->snd_una) &&
@@ -5267,7 +6039,7 @@ tcp_xmit_timer(register struct tcpcb *tp, int rtt,
                    TSTMP_GEQ(tsecr, tp->t_badrexmt_time))) {
                        /*
                         * We received a new ACk after a
                    TSTMP_GEQ(tsecr, tp->t_badrexmt_time))) {
                        /*
                         * We received a new ACk after a
-                        * spurious timeout. Adapt retransmission 
+                        * spurious timeout. Adapt retransmission
                         * timer as described in rfc 4015.
                         */
                        tp->t_flagsext &= ~(TF_RECOMPUTE_RTT);
                         * timer as described in rfc 4015.
                         */
                        tp->t_flagsext &= ~(TF_RECOMPUTE_RTT);
@@ -5277,8 +6049,9 @@ tcp_xmit_timer(register struct tcpcb *tp, int rtt,
                        tp->t_rttvar = max(tp->t_rttvar_prev, (rtt >> 1));
                        tp->t_rttvar = tp->t_rttvar << TCP_RTTVAR_SHIFT;
 
                        tp->t_rttvar = max(tp->t_rttvar_prev, (rtt >> 1));
                        tp->t_rttvar = tp->t_rttvar << TCP_RTTVAR_SHIFT;
 
-                       if (tp->t_rttbest > (tp->t_srtt + tp->t_rttvar))
+                       if (tp->t_rttbest > (tp->t_srtt + tp->t_rttvar)) {
                                tp->t_rttbest = tp->t_srtt + tp->t_rttvar;
                                tp->t_rttbest = tp->t_srtt + tp->t_rttvar;
+                       }
 
                        goto compute_rto;
                } else {
 
                        goto compute_rto;
                } else {
@@ -5302,17 +6075,18 @@ tcp_xmit_timer(register struct tcpcb *tp, int rtt,
                 * an alpha of .875 (srtt = rtt/8 + srtt*7/8 in fixed
                 * point).
                 *
                 * an alpha of .875 (srtt = rtt/8 + srtt*7/8 in fixed
                 * point).
                 *
-                * Freebsd adjusts rtt to origin 0 by subtracting 1 
-                * from the provided rtt value. This was required because 
-                * of the way t_rtttime was initiailised to 1 before. 
+                * Freebsd adjusts rtt to origin 0 by subtracting 1
+                * from the provided rtt value. This was required because
+                * of the way t_rtttime was initiailised to 1 before.
                 * Since we changed t_rtttime to be based on
                 * tcp_now, this extra adjustment is not needed.
                 */
                delta = (rtt << TCP_DELTA_SHIFT)
                 * Since we changed t_rtttime to be based on
                 * tcp_now, this extra adjustment is not needed.
                 */
                delta = (rtt << TCP_DELTA_SHIFT)
-                       - (tp->t_srtt >> (TCP_RTT_SHIFT - TCP_DELTA_SHIFT));
+                   - (tp->t_srtt >> (TCP_RTT_SHIFT - TCP_DELTA_SHIFT));
 
 
-               if ((tp->t_srtt += delta) <= 0)
+               if ((tp->t_srtt += delta) <= 0) {
                        tp->t_srtt = 1;
                        tp->t_srtt = 1;
+               }
 
                /*
                 * We accumulate a smoothed rtt variance (actually, a
 
                /*
                 * We accumulate a smoothed rtt variance (actually, a
@@ -5324,14 +6098,17 @@ tcp_xmit_timer(register struct tcpcb *tp, int rtt,
                 * (rttvar = rttvar*3/4 + |delta| / 4).  This replaces
                 * rfc793's wired-in beta.
                 */
                 * (rttvar = rttvar*3/4 + |delta| / 4).  This replaces
                 * rfc793's wired-in beta.
                 */
-               if (delta < 0)
+               if (delta < 0) {
                        delta = -delta;
                        delta = -delta;
+               }
                delta -= tp->t_rttvar >> (TCP_RTTVAR_SHIFT - TCP_DELTA_SHIFT);
                delta -= tp->t_rttvar >> (TCP_RTTVAR_SHIFT - TCP_DELTA_SHIFT);
-               if ((tp->t_rttvar += delta) <= 0)
+               if ((tp->t_rttvar += delta) <= 0) {
                        tp->t_rttvar = 1;
                        tp->t_rttvar = 1;
-               if (tp->t_rttbest == 0  || 
-                       tp->t_rttbest > (tp->t_srtt + tp->t_rttvar))
+               }
+               if (tp->t_rttbest == 0 ||
+                   tp->t_rttbest > (tp->t_srtt + tp->t_rttvar)) {
                        tp->t_rttbest = tp->t_srtt + tp->t_rttvar;
                        tp->t_rttbest = tp->t_srtt + tp->t_rttvar;
+               }
        } else {
                /*
                 * No rtt measurement yet - use the unsmoothed rtt.
        } else {
                /*
                 * No rtt measurement yet - use the unsmoothed rtt.
@@ -5343,10 +6120,8 @@ tcp_xmit_timer(register struct tcpcb *tp, int rtt,
        }
 
 compute_rto:
        }
 
 compute_rto:
-       nstat_route_rtt(tp->t_inpcb->inp_route.ro_rt, tp->t_srtt, 
-               tp->t_rttvar);
-       tp->t_rxtshift = 0;
-       tp->t_rxtstart = 0;
+       nstat_route_rtt(tp->t_inpcb->inp_route.ro_rt, tp->t_srtt,
+           tp->t_rttvar);
 
        /*
         * the retransmit should happen at rtt + 4 * rttvar.
 
        /*
         * the retransmit should happen at rtt + 4 * rttvar.
@@ -5360,8 +6135,8 @@ compute_rto:
         * the minimum feasible timer (which is 2 ticks).
         */
        TCPT_RANGESET(tp->t_rxtcur, TCP_REXMTVAL(tp),
         * the minimum feasible timer (which is 2 ticks).
         */
        TCPT_RANGESET(tp->t_rxtcur, TCP_REXMTVAL(tp),
-               max(tp->t_rttmin, rtt + 2), TCPTV_REXMTMAX, 
-               TCP_ADD_REXMTSLOP(tp));
+           max(tp->t_rttmin, rtt + 2), TCPTV_REXMTMAX,
+           TCP_ADD_REXMTSLOP(tp));
 
        /*
         * We received an ack for a packet that wasn't retransmitted;
 
        /*
         * We received an ack for a packet that wasn't retransmitted;
@@ -5371,20 +6146,37 @@ compute_rto:
         * and the return path might not be symmetrical).
         */
        tp->t_softerror = 0;
         * and the return path might not be symmetrical).
         */
        tp->t_softerror = 0;
+
+       if (log_rtt) {
+               TCP_LOG_RTT_INFO(tp);
+       }
+
+       TCP_LOG_RTT_CHANGE(tp, old_srtt, old_rttvar);
 }
 
 static inline unsigned int
 tcp_maxmtu(struct rtentry *rt)
 {
        unsigned int maxmtu;
 }
 
 static inline unsigned int
 tcp_maxmtu(struct rtentry *rt)
 {
        unsigned int maxmtu;
+       int interface_mtu = 0;
 
        RT_LOCK_ASSERT_HELD(rt);
 
        RT_LOCK_ASSERT_HELD(rt);
-       if (rt->rt_rmx.rmx_mtu == 0)
-               maxmtu = rt->rt_ifp->if_mtu;
-       else
-               maxmtu = MIN(rt->rt_rmx.rmx_mtu, rt->rt_ifp->if_mtu);
+       interface_mtu = rt->rt_ifp->if_mtu;
+
+       if (rt_key(rt)->sa_family == AF_INET &&
+           INTF_ADJUST_MTU_FOR_CLAT46(rt->rt_ifp)) {
+               interface_mtu = IN6_LINKMTU(rt->rt_ifp);
+               /* Further adjust the size for CLAT46 expansion */
+               interface_mtu -= CLAT46_HDR_EXPANSION_OVERHD;
+       }
+
+       if (rt->rt_rmx.rmx_mtu == 0) {
+               maxmtu = interface_mtu;
+       } else {
+               maxmtu = MIN(rt->rt_rmx.rmx_mtu, interface_mtu);
+       }
 
 
-       return (maxmtu);
+       return maxmtu;
 }
 
 #if INET6
 }
 
 #if INET6
@@ -5395,21 +6187,45 @@ tcp_maxmtu6(struct rtentry *rt)
        struct nd_ifinfo *ndi = NULL;
 
        RT_LOCK_ASSERT_HELD(rt);
        struct nd_ifinfo *ndi = NULL;
 
        RT_LOCK_ASSERT_HELD(rt);
-       if ((ndi = ND_IFINFO(rt->rt_ifp)) != NULL && !ndi->initialized)
+       if ((ndi = ND_IFINFO(rt->rt_ifp)) != NULL && !ndi->initialized) {
                ndi = NULL;
                ndi = NULL;
-       if (ndi != NULL)
+       }
+       if (ndi != NULL) {
                lck_mtx_lock(&ndi->lock);
                lck_mtx_lock(&ndi->lock);
-       if (rt->rt_rmx.rmx_mtu == 0)
+       }
+       if (rt->rt_rmx.rmx_mtu == 0) {
                maxmtu = IN6_LINKMTU(rt->rt_ifp);
                maxmtu = IN6_LINKMTU(rt->rt_ifp);
-       else
+       } else {
                maxmtu = MIN(rt->rt_rmx.rmx_mtu, IN6_LINKMTU(rt->rt_ifp));
                maxmtu = MIN(rt->rt_rmx.rmx_mtu, IN6_LINKMTU(rt->rt_ifp));
-       if (ndi != NULL)
+       }
+       if (ndi != NULL) {
                lck_mtx_unlock(&ndi->lock);
                lck_mtx_unlock(&ndi->lock);
+       }
 
 
-       return (maxmtu);
+       return maxmtu;
 }
 #endif
 
 }
 #endif
 
+unsigned int
+get_maxmtu(struct rtentry *rt)
+{
+       unsigned int maxmtu = 0;
+
+       RT_LOCK_ASSERT_NOTHELD(rt);
+
+       RT_LOCK(rt);
+
+       if (rt_key(rt)->sa_family == AF_INET6) {
+               maxmtu = tcp_maxmtu6(rt);
+       } else {
+               maxmtu = tcp_maxmtu(rt);
+       }
+
+       RT_UNLOCK(rt);
+
+       return maxmtu;
+}
+
 /*
  * Determine a reasonable value for maxseg size.
  * If the route is known, check route for mtu.
 /*
  * Determine a reasonable value for maxseg size.
  * If the route is known, check route for mtu.
@@ -5421,8 +6237,8 @@ tcp_maxmtu6(struct rtentry *rt)
  * size (usually 512 or the default IP max size, but no more than the mtu
  * of the interface), as we can't discover anything about intervening
  * gateways or networks.  We also initialize the congestion/slow start
  * size (usually 512 or the default IP max size, but no more than the mtu
  * of the interface), as we can't discover anything about intervening
  * gateways or networks.  We also initialize the congestion/slow start
- * window. While looking at the routing entry, we also initialize 
- * other path-dependent parameters from pre-set or cached values 
+ * window. While looking at the routing entry, we also initialize
+ * other path-dependent parameters from pre-set or cached values
  * in the routing entry.
  *
  * Also take into account the space needed for options that we
  * in the routing entry.
  *
  * Also take into account the space needed for options that we
@@ -5436,14 +6252,11 @@ tcp_maxmtu6(struct rtentry *rt)
  *
  */
 void
  *
  */
 void
-tcp_mss(tp, offer, input_ifscope)
-       struct tcpcb *tp;
-       int offer;
-       unsigned int input_ifscope;
+tcp_mss(struct tcpcb *tp, int offer, unsigned int input_ifscope)
 {
 {
-       register struct rtentry *rt;
+       struct rtentry *rt;
        struct ifnet *ifp;
        struct ifnet *ifp;
-       register int rtt, mss;
+       int rtt, mss;
        u_int32_t bufsize;
        struct inpcb *inp;
        struct socket *so;
        u_int32_t bufsize;
        struct inpcb *inp;
        struct socket *so;
@@ -5457,10 +6270,19 @@ tcp_mss(tp, offer, input_ifscope)
 #endif
 
        inp = tp->t_inpcb;
 #endif
 
        inp = tp->t_inpcb;
+
+       so = inp->inp_socket;
+       /*
+        * Nothing left to send after the socket is defunct or TCP is in the closed state
+        */
+       if ((so->so_state & SS_DEFUNCT) || tp->t_state == TCPS_CLOSED) {
+               return;
+       }
+
 #if INET6
        isipv6 = ((inp->inp_vflag & INP_IPV6) != 0) ? 1 : 0;
 #if INET6
        isipv6 = ((inp->inp_vflag & INP_IPV6) != 0) ? 1 : 0;
-       min_protoh = isipv6 ? sizeof (struct ip6_hdr) + sizeof (struct tcphdr)
-                           : sizeof (struct tcpiphdr);
+       min_protoh = isipv6 ? sizeof(struct ip6_hdr) + sizeof(struct tcphdr)
+           : sizeof(struct tcpiphdr);
 #else
 #define min_protoh  (sizeof (struct tcpiphdr))
 #endif
 #else
 #define min_protoh  (sizeof (struct tcpiphdr))
 #endif
@@ -5468,8 +6290,7 @@ tcp_mss(tp, offer, input_ifscope)
 #if INET6
        if (isipv6) {
                rt = tcp_rtlookup6(inp, input_ifscope);
 #if INET6
        if (isipv6) {
                rt = tcp_rtlookup6(inp, input_ifscope);
-       }
-       else
+       } else
 #endif /* INET6 */
        {
                rt = tcp_rtlookup(inp, input_ifscope);
 #endif /* INET6 */
        {
                rt = tcp_rtlookup(inp, input_ifscope);
@@ -5479,9 +6300,9 @@ tcp_mss(tp, offer, input_ifscope)
        if (rt == NULL) {
                tp->t_maxopd = tp->t_maxseg =
 #if INET6
        if (rt == NULL) {
                tp->t_maxopd = tp->t_maxseg =
 #if INET6
-               isipv6 ? tcp_v6mssdflt :
+                   isipv6 ? tcp_v6mssdflt :
 #endif /* INET6 */
 #endif /* INET6 */
-               tcp_mssdflt;
+                   tcp_mssdflt;
                return;
        }
        ifp = rt->rt_ifp;
                return;
        }
        ifp = rt->rt_ifp;
@@ -5492,30 +6313,30 @@ tcp_mss(tp, offer, input_ifscope)
         * Excludes 9600bps as it is the default value adversized
         * by pseudo-devices over ppp.
         */
         * Excludes 9600bps as it is the default value adversized
         * by pseudo-devices over ppp.
         */
-       if (ifp->if_type == IFT_PPP && slowlink_wsize > 0 && 
+       if (ifp->if_type == IFT_PPP && slowlink_wsize > 0 &&
            ifp->if_baudrate > 9600 && ifp->if_baudrate <= 128000) {
                tp->t_flags |= TF_SLOWLINK;
        }
            ifp->if_baudrate > 9600 && ifp->if_baudrate <= 128000) {
                tp->t_flags |= TF_SLOWLINK;
        }
-       so = inp->inp_socket;
 
        taop = rmx_taop(rt->rt_rmx);
        /*
         * Offer == -1 means that we didn't receive SYN yet,
         * use cached value in that case;
         */
 
        taop = rmx_taop(rt->rt_rmx);
        /*
         * Offer == -1 means that we didn't receive SYN yet,
         * use cached value in that case;
         */
-       if (offer == -1)
+       if (offer == -1) {
                offer = taop->tao_mssopt;
                offer = taop->tao_mssopt;
+       }
        /*
         * Offer == 0 means that there was no MSS on the SYN segment,
         * in this case we use tcp_mssdflt.
         */
        /*
         * Offer == 0 means that there was no MSS on the SYN segment,
         * in this case we use tcp_mssdflt.
         */
-       if (offer == 0)
+       if (offer == 0) {
                offer =
 #if INET6
                offer =
 #if INET6
-                       isipv6 ? tcp_v6mssdflt :
+                   isipv6 ? tcp_v6mssdflt :
 #endif /* INET6 */
 #endif /* INET6 */
-                       tcp_mssdflt;
-       else {
+                   tcp_mssdflt;
+       else {
                /*
                 * Prevent DoS attack with too small MSS. Round up
                 * to at least minmss.
                /*
                 * Prevent DoS attack with too small MSS. Round up
                 * to at least minmss.
@@ -5558,12 +6379,14 @@ tcp_mss(tp, offer, input_ifscope)
        if (rt->rt_rmx.rmx_mtu == 0) {
 #if INET6
                if (isipv6) {
        if (rt->rt_rmx.rmx_mtu == 0) {
 #if INET6
                if (isipv6) {
-                       if (!isnetlocal)
+                       if (!isnetlocal) {
                                mss = min(mss, tcp_v6mssdflt);
                                mss = min(mss, tcp_v6mssdflt);
+                       }
                } else
 #endif /* INET6 */
                } else
 #endif /* INET6 */
-               if (!isnetlocal)
+               if (!isnetlocal) {
                        mss = min(mss, tcp_mssdflt);
                        mss = min(mss, tcp_mssdflt);
+               }
        }
 
        mss = min(mss, offer);
        }
 
        mss = min(mss, offer);
@@ -5580,16 +6403,17 @@ tcp_mss(tp, offer, input_ifscope)
         * origoffer==-1 indicates, that no segments were received yet.
         * In this case we just guess.
         */
         * origoffer==-1 indicates, that no segments were received yet.
         * In this case we just guess.
         */
-       if ((tp->t_flags & (TF_REQ_TSTMP|TF_NOOPT)) == TF_REQ_TSTMP &&
+       if ((tp->t_flags & (TF_REQ_TSTMP | TF_NOOPT)) == TF_REQ_TSTMP &&
            (origoffer == -1 ||
            (origoffer == -1 ||
-            (tp->t_flags & TF_RCVD_TSTMP) == TF_RCVD_TSTMP))
+           (tp->t_flags & TF_RCVD_TSTMP) == TF_RCVD_TSTMP)) {
                mss -= TCPOLEN_TSTAMP_APPA;
                mss -= TCPOLEN_TSTAMP_APPA;
+       }
 
 #if MPTCP
        mss -= mptcp_adj_mss(tp, FALSE);
 #endif /* MPTCP */
        tp->t_maxseg = mss;
 
 #if MPTCP
        mss -= mptcp_adj_mss(tp, FALSE);
 #endif /* MPTCP */
        tp->t_maxseg = mss;
-       
+
        /*
         * Calculate corrected value for sb_max; ensure to upgrade the
         * numerator for large sb_max values else it will overflow.
        /*
         * Calculate corrected value for sb_max; ensure to upgrade the
         * numerator for large sb_max values else it will overflow.
@@ -5607,26 +6431,36 @@ tcp_mss(tp, offer, input_ifscope)
        bufsize = rt->rt_rmx.rmx_sendpipe;
        if (bufsize < so->so_snd.sb_hiwat)
 #endif
        bufsize = rt->rt_rmx.rmx_sendpipe;
        if (bufsize < so->so_snd.sb_hiwat)
 #endif
-               bufsize = so->so_snd.sb_hiwat;
-       if (bufsize < mss)
+       bufsize = so->so_snd.sb_hiwat;
+       if (bufsize < mss) {
                mss = bufsize;
                mss = bufsize;
-       else {
+       else {
                bufsize = (((bufsize + (u_int64_t)mss - 1) / (u_int64_t)mss) * (u_int64_t)mss);
                bufsize = (((bufsize + (u_int64_t)mss - 1) / (u_int64_t)mss) * (u_int64_t)mss);
-               if (bufsize > sb_max_corrected)
+               if (bufsize > sb_max_corrected) {
                        bufsize = sb_max_corrected;
                        bufsize = sb_max_corrected;
+               }
                (void)sbreserve(&so->so_snd, bufsize);
        }
        tp->t_maxseg = mss;
 
                (void)sbreserve(&so->so_snd, bufsize);
        }
        tp->t_maxseg = mss;
 
+       ASSERT(tp->t_maxseg);
+
+       /*
+        * Update MSS using recommendation from link status report. This is
+        * temporary
+        */
+       tcp_update_mss_locked(so, ifp);
+
 #if RTV_RPIPE
        bufsize = rt->rt_rmx.rmx_recvpipe;
        if (bufsize < so->so_rcv.sb_hiwat)
 #endif
 #if RTV_RPIPE
        bufsize = rt->rt_rmx.rmx_recvpipe;
        if (bufsize < so->so_rcv.sb_hiwat)
 #endif
-               bufsize = so->so_rcv.sb_hiwat;
+       bufsize = so->so_rcv.sb_hiwat;
        if (bufsize > mss) {
                bufsize = (((bufsize + (u_int64_t)mss - 1) / (u_int64_t)mss) * (u_int64_t)mss);
        if (bufsize > mss) {
                bufsize = (((bufsize + (u_int64_t)mss - 1) / (u_int64_t)mss) * (u_int64_t)mss);
-               if (bufsize > sb_max_corrected)
+               if (bufsize > sb_max_corrected) {
                        bufsize = sb_max_corrected;
                        bufsize = sb_max_corrected;
+               }
                (void)sbreserve(&so->so_rcv, bufsize);
        }
 
                (void)sbreserve(&so->so_rcv, bufsize);
        }
 
@@ -5649,8 +6483,9 @@ tcp_mss(tp, offer, input_ifscope)
         * Set the slow-start flight size depending on whether this
         * is a local network or not.
         */
         * Set the slow-start flight size depending on whether this
         * is a local network or not.
         */
-       if (CC_ALGO(tp)->cwnd_init != NULL)
+       if (CC_ALGO(tp)->cwnd_init != NULL) {
                CC_ALGO(tp)->cwnd_init(tp);
                CC_ALGO(tp)->cwnd_init(tp);
+       }
 
        tcp_ccdbg_trace(tp, NULL, TCP_CC_CWND_INIT);
 
 
        tcp_ccdbg_trace(tp, NULL, TCP_CC_CWND_INIT);
 
@@ -5662,8 +6497,7 @@ tcp_mss(tp, offer, input_ifscope)
  * Determine the MSS option to send on an outgoing SYN.
  */
 int
  * Determine the MSS option to send on an outgoing SYN.
  */
 int
-tcp_mssopt(tp)
-       struct tcpcb *tp;
+tcp_mssopt(struct tcpcb *tp)
 {
        struct rtentry *rt;
        int mss;
 {
        struct rtentry *rt;
        int mss;
@@ -5674,24 +6508,24 @@ tcp_mssopt(tp)
 
 #if INET6
        isipv6 = ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0) ? 1 : 0;
 
 #if INET6
        isipv6 = ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0) ? 1 : 0;
-       min_protoh = isipv6 ? sizeof (struct ip6_hdr) + sizeof (struct tcphdr)
-                           : sizeof (struct tcpiphdr);
+       min_protoh = isipv6 ? sizeof(struct ip6_hdr) + sizeof(struct tcphdr)
+           : sizeof(struct tcpiphdr);
 #else
 #define min_protoh  (sizeof (struct tcpiphdr))
 #endif
 
 #if INET6
 #else
 #define min_protoh  (sizeof (struct tcpiphdr))
 #endif
 
 #if INET6
-       if (isipv6)
+       if (isipv6) {
                rt = tcp_rtlookup6(tp->t_inpcb, IFSCOPE_NONE);
                rt = tcp_rtlookup6(tp->t_inpcb, IFSCOPE_NONE);
-       else
+       else
 #endif /* INET6 */
        rt = tcp_rtlookup(tp->t_inpcb, IFSCOPE_NONE);
        if (rt == NULL) {
 #endif /* INET6 */
        rt = tcp_rtlookup(tp->t_inpcb, IFSCOPE_NONE);
        if (rt == NULL) {
-               return (
+               return
 #if INET6
 #if INET6
-                       isipv6 ? tcp_v6mssdflt :
+                       isipv6 ? tcp_v6mssdflt :
 #endif /* INET6 */
 #endif /* INET6 */
-                       tcp_mssdflt);
+                       tcp_mssdflt;
        }
        /*
         * Slower link window correction:
        }
        /*
         * Slower link window correction:
@@ -5699,7 +6533,7 @@ tcp_mssopt(tp)
         * believed to be on a serial modem (speed <128Kbps). Excludes 9600bps as
         * it is the default value adversized by pseudo-devices over ppp.
         */
         * believed to be on a serial modem (speed <128Kbps). Excludes 9600bps as
         * it is the default value adversized by pseudo-devices over ppp.
         */
-       if (rt->rt_ifp->if_type == IFT_PPP && slowlink_wsize > 0 && 
+       if (rt->rt_ifp->if_type == IFT_PPP && slowlink_wsize > 0 &&
            rt->rt_ifp->if_baudrate > 9600 && rt->rt_ifp->if_baudrate <= 128000) {
                tp->t_flags |= TF_SLOWLINK;
        }
            rt->rt_ifp->if_baudrate > 9600 && rt->rt_ifp->if_baudrate <= 128000) {
                tp->t_flags |= TF_SLOWLINK;
        }
@@ -5717,7 +6551,7 @@ tcp_mssopt(tp)
        mss = necp_socket_get_effective_mtu(tp->t_inpcb, mss);
 #endif /* NECP */
 
        mss = necp_socket_get_effective_mtu(tp->t_inpcb, mss);
 #endif /* NECP */
 
-       return (mss - min_protoh);
+       return mss - min_protoh;
 }
 
 /*
 }
 
 /*
@@ -5727,37 +6561,36 @@ tcp_mssopt(tp)
  * be started again.
  */
 static void
  * be started again.
  */
 static void
-tcp_newreno_partial_ack(tp, th)
-       struct tcpcb *tp;
-       struct tcphdr *th;
+tcp_newreno_partial_ack(struct tcpcb *tp, struct tcphdr *th)
 {
 {
-               tcp_seq onxt = tp->snd_nxt;
-               u_int32_t  ocwnd = tp->snd_cwnd;
-               tp->t_timer[TCPT_REXMT] = 0;
-               tp->t_timer[TCPT_PTO] = 0;
-               tp->t_rtttime = 0;
-               tp->snd_nxt = th->th_ack;
-               /*
-                * Set snd_cwnd to one segment beyond acknowledged offset
-                * (tp->snd_una has not yet been updated when this function 
-                *  is called)
-                */
-               tp->snd_cwnd = tp->t_maxseg + BYTES_ACKED(th, tp);
-               tp->t_flags |= TF_ACKNOW;
-               (void) tcp_output(tp);
-               tp->snd_cwnd = ocwnd;
-               if (SEQ_GT(onxt, tp->snd_nxt))
-                       tp->snd_nxt = onxt;
-               /*
-                * Partial window deflation.  Relies on fact that tp->snd_una
-                * not updated yet.
-                */
-               if (tp->snd_cwnd > BYTES_ACKED(th, tp))
-                       tp->snd_cwnd -= BYTES_ACKED(th, tp);
-               else
-                       tp->snd_cwnd = 0;
-               tp->snd_cwnd += tp->t_maxseg;
-
+       tcp_seq onxt = tp->snd_nxt;
+       u_int32_t  ocwnd = tp->snd_cwnd;
+       tp->t_timer[TCPT_REXMT] = 0;
+       tp->t_timer[TCPT_PTO] = 0;
+       tp->t_rtttime = 0;
+       tp->snd_nxt = th->th_ack;
+       /*
+        * Set snd_cwnd to one segment beyond acknowledged offset
+        * (tp->snd_una has not yet been updated when this function
+        *  is called)
+        */
+       tp->snd_cwnd = tp->t_maxseg + BYTES_ACKED(th, tp);
+       tp->t_flags |= TF_ACKNOW;
+       (void) tcp_output(tp);
+       tp->snd_cwnd = ocwnd;
+       if (SEQ_GT(onxt, tp->snd_nxt)) {
+               tp->snd_nxt = onxt;
+       }
+       /*
+        * Partial window deflation.  Relies on fact that tp->snd_una
+        * not updated yet.
+        */
+       if (tp->snd_cwnd > BYTES_ACKED(th, tp)) {
+               tp->snd_cwnd -= BYTES_ACKED(th, tp);
+       } else {
+               tp->snd_cwnd = 0;
+       }
+       tp->snd_cwnd += tp->t_maxseg;
 }
 
 /*
 }
 
 /*
@@ -5781,13 +6614,18 @@ tcp_dropdropablreq(struct socket *head)
        struct inpcb *inp = NULL;
        struct tcpcb *tp;
 
        struct inpcb *inp = NULL;
        struct tcpcb *tp;
 
-       if ((head->so_options & SO_ACCEPTCONN) == 0)
-               return (0);
+       if ((head->so_options & SO_ACCEPTCONN) == 0) {
+               return 0;
+       }
+
+       if (TAILQ_EMPTY(&head->so_incomp)) {
+               return 0;
+       }
 
 
-       if (TAILQ_EMPTY(&head->so_incomp))
-               return (0);
+       so_acquire_accept_list(head, NULL);
+       socket_unlock(head, 0);
 
 
-       /* 
+       /*
         * Check if there is any socket in the incomp queue
         * that is closed because of a reset from the peer and is
         * waiting to be garbage collected. If so, pick that as
         * Check if there is any socket in the incomp queue
         * that is closed because of a reset from the peer and is
         * waiting to be garbage collected. If so, pick that as
@@ -5798,15 +6636,15 @@ tcp_dropdropablreq(struct socket *head)
                tp = intotcpcb(inp);
                if (tp != NULL && tp->t_state == TCPS_CLOSED &&
                    so->so_head != NULL &&
                tp = intotcpcb(inp);
                if (tp != NULL && tp->t_state == TCPS_CLOSED &&
                    so->so_head != NULL &&
-                   (so->so_state & (SS_INCOMP|SS_CANTSENDMORE|SS_CANTRCVMORE)) ==
-                   (SS_INCOMP|SS_CANTSENDMORE|SS_CANTRCVMORE)) {
-                       /* 
-                        * The listen socket is already locked but we 
+                   (so->so_state & (SS_INCOMP | SS_CANTSENDMORE | SS_CANTRCVMORE)) ==
+                   (SS_INCOMP | SS_CANTSENDMORE | SS_CANTRCVMORE)) {
+                       /*
+                        * The listen socket is already locked but we
                         * can lock this socket here without lock ordering
                         * issues because it is in the incomp queue and
                         * is not visible to others.
                         */
                         * can lock this socket here without lock ordering
                         * issues because it is in the incomp queue and
                         * is not visible to others.
                         */
-                       if (lck_mtx_try_lock(&inp->inpcb_mtx)) {
+                       if (socket_try_lock(so)) {
                                so->so_usecount++;
                                goto found_victim;
                        } else {
                                so->so_usecount++;
                                goto found_victim;
                        } else {
@@ -5823,52 +6661,52 @@ tcp_dropdropablreq(struct socket *head)
                old_cnt = cur_cnt / i;
                cur_cnt = 0;
        }
                old_cnt = cur_cnt / i;
                cur_cnt = 0;
        }
-       
-       
+
        qlen = head->so_incqlen;
        qlen = head->so_incqlen;
-       if (rnd == 0)
+       if (rnd == 0) {
                rnd = RandomULong();
                rnd = RandomULong();
+       }
 
        if (++cur_cnt > qlen || old_cnt > qlen) {
                rnd = (314159 * rnd + 66329) & 0xffff;
                j = ((qlen + 1) * rnd) >> 16;
 
 
        if (++cur_cnt > qlen || old_cnt > qlen) {
                rnd = (314159 * rnd + 66329) & 0xffff;
                j = ((qlen + 1) * rnd) >> 16;
 
-               while (j-- && so)
+               while (j-- && so) {
                        so = TAILQ_NEXT(so, so_list);
                        so = TAILQ_NEXT(so, so_list);
+               }
        }
        /* Find a connection that is not already closing (or being served) */
        while (so) {
                inp = (struct inpcb *)so->so_pcb;
        }
        /* Find a connection that is not already closing (or being served) */
        while (so) {
                inp = (struct inpcb *)so->so_pcb;
-               
+
                sonext = TAILQ_NEXT(so, so_list);
 
                sonext = TAILQ_NEXT(so, so_list);
 
-               if (in_pcb_checkstate(inp, WNT_ACQUIRE, 0) 
-                       != WNT_STOPUSING) {
-                       /* 
+               if (in_pcb_checkstate(inp, WNT_ACQUIRE, 0) != WNT_STOPUSING) {
+                       /*
                         * Avoid the issue of a socket being accepted
                         * Avoid the issue of a socket being accepted
-                        * by one input thread and being dropped by 
-                        * another input thread. If we can't get a hold 
-                        * on this mutex, then grab the next socket in 
+                        * by one input thread and being dropped by
+                        * another input thread. If we can't get a hold
+                        * on this mutex, then grab the next socket in
                         * line.
                         */
                         * line.
                         */
-                       if (lck_mtx_try_lock(&inp->inpcb_mtx)) {
+                       if (socket_try_lock(so)) {
                                so->so_usecount++;
                                so->so_usecount++;
-                               if ((so->so_usecount == 2) && 
+                               if ((so->so_usecount == 2) &&
                                    (so->so_state & SS_INCOMP) &&
                                    (so->so_state & SS_INCOMP) &&
-                                   !(so->so_flags & SOF_INCOMP_INPROGRESS))  {
+                                   !(so->so_flags & SOF_INCOMP_INPROGRESS)) {
                                        break;
                                } else {
                                        break;
                                } else {
-                                       /* 
-                                        * don't use if being accepted or 
+                                       /*
+                                        * don't use if being accepted or
                                         * used in any other way
                                         */
                                        in_pcb_checkstate(inp, WNT_RELEASE, 1);
                                         * used in any other way
                                         */
                                        in_pcb_checkstate(inp, WNT_RELEASE, 1);
-                                       tcp_unlock(so, 1, 0);
+                                       socket_unlock(so, 1);
                                }
                        } else {
                                }
                        } else {
-                               /* 
-                                * do not try to lock the inp in 
-                                * in_pcb_checkstate because the lock 
+                               /*
+                                * do not try to lock the inp in
+                                * in_pcb_checkstate because the lock
                                 * is already held in some other thread.
                                 * Only drop the inp_wntcnt reference.
                                 */
                                 * is already held in some other thread.
                                 * Only drop the inp_wntcnt reference.
                                 */
@@ -5876,72 +6714,84 @@ tcp_dropdropablreq(struct socket *head)
                        }
                }
                so = sonext;
                        }
                }
                so = sonext;
-               
        }
        if (so == NULL) {
        }
        if (so == NULL) {
-               return (0);
+               socket_lock(head, 0);
+               so_release_accept_list(head);
+               return 0;
        }
 
        /* Makes sure socket is still in the right state to be discarded */
 
        if (in_pcb_checkstate(inp, WNT_RELEASE, 1) == WNT_STOPUSING) {
        }
 
        /* Makes sure socket is still in the right state to be discarded */
 
        if (in_pcb_checkstate(inp, WNT_RELEASE, 1) == WNT_STOPUSING) {
-               tcp_unlock(so, 1, 0);
-               return (0);
+               socket_unlock(so, 1);
+               socket_lock(head, 0);
+               so_release_accept_list(head);
+               return 0;
        }
 
 found_victim:
        if (so->so_usecount != 2 || !(so->so_state & SS_INCOMP)) {
                /* do not discard: that socket is being accepted */
        }
 
 found_victim:
        if (so->so_usecount != 2 || !(so->so_state & SS_INCOMP)) {
                /* do not discard: that socket is being accepted */
-               tcp_unlock(so, 1, 0);
-               return (0);
+               socket_unlock(so, 1);
+               socket_lock(head, 0);
+               so_release_accept_list(head);
+               return 0;
        }
 
        }
 
+       socket_lock(head, 0);
        TAILQ_REMOVE(&head->so_incomp, so, so_list);
        TAILQ_REMOVE(&head->so_incomp, so, so_list);
-       tcp_unlock(head, 0, 0);
-
-       lck_mtx_assert(&inp->inpcb_mtx, LCK_MTX_ASSERT_OWNED);
-       tp = sototcpcb(so);
+       head->so_incqlen--;
+       head->so_qlen--;
+       so->so_state &= ~SS_INCOMP;
        so->so_flags |= SOF_OVERFLOW;
        so->so_head = NULL;
        so->so_flags |= SOF_OVERFLOW;
        so->so_head = NULL;
+       so_release_accept_list(head);
+       socket_unlock(head, 0);
+
+       socket_lock_assert_owned(so);
+       tp = sototcpcb(so);
 
        tcp_close(tp);
        if (inp->inp_wantcnt > 0 && inp->inp_wantcnt != WNT_STOPUSING) {
 
        tcp_close(tp);
        if (inp->inp_wantcnt > 0 && inp->inp_wantcnt != WNT_STOPUSING) {
-               /* 
+               /*
                 * Some one has a wantcnt on this pcb. Since WNT_ACQUIRE
                 * doesn't require a lock, it could have happened while
                 * we are holding the lock. This pcb will have to
                 * be garbage collected later.
                 * Release the reference held for so_incomp queue
                 */
                 * Some one has a wantcnt on this pcb. Since WNT_ACQUIRE
                 * doesn't require a lock, it could have happened while
                 * we are holding the lock. This pcb will have to
                 * be garbage collected later.
                 * Release the reference held for so_incomp queue
                 */
+               VERIFY(so->so_usecount > 0);
                so->so_usecount--;
                so->so_usecount--;
-               tcp_unlock(so, 1, 0);
+               socket_unlock(so, 1);
        } else {
        } else {
-               /* 
-                * Unlock this socket and leave the reference on. 
-                * We need to acquire the pcbinfo lock in order to 
-                * fully dispose it off 
+               /*
+                * Unlock this socket and leave the reference on.
+                * We need to acquire the pcbinfo lock in order to
+                * fully dispose it off
                 */
                 */
-               tcp_unlock(so, 0, 0);
+               socket_unlock(so, 0);
 
                lck_rw_lock_exclusive(tcbinfo.ipi_lock);
 
 
                lck_rw_lock_exclusive(tcbinfo.ipi_lock);
 
-               tcp_lock(so, 0, 0);
+               socket_lock(so, 0);
                /* Release the reference held for so_incomp queue */
                /* Release the reference held for so_incomp queue */
+               VERIFY(so->so_usecount > 0);
                so->so_usecount--;
 
                so->so_usecount--;
 
-               if (so->so_usecount != 1 || 
-                   (inp->inp_wantcnt > 0 && 
+               if (so->so_usecount != 1 ||
+                   (inp->inp_wantcnt > 0 &&
                    inp->inp_wantcnt != WNT_STOPUSING)) {
                    inp->inp_wantcnt != WNT_STOPUSING)) {
-                       /* 
-                        * There is an extra wantcount or usecount 
-                        * that must have been added when the socket 
-                        * was unlocked. This socket will have to be 
+                       /*
+                        * There is an extra wantcount or usecount
+                        * that must have been added when the socket
+                        * was unlocked. This socket will have to be
                         * garbage collected later
                         */
                         * garbage collected later
                         */
-                       tcp_unlock(so, 1, 0);
+                       socket_unlock(so, 1);
                } else {
                } else {
-
                        /* Drop the reference held for this function */
                        /* Drop the reference held for this function */
+                       VERIFY(so->so_usecount > 0);
                        so->so_usecount--;
 
                        in_pcbdispose(inp);
                        so->so_usecount--;
 
                        in_pcbdispose(inp);
@@ -5950,10 +6800,8 @@ found_victim:
        }
        tcpstat.tcps_drops++;
 
        }
        tcpstat.tcps_drops++;
 
-       tcp_lock(head, 0, 0);
-       head->so_incqlen--;
-       head->so_qlen--;
-       return(1);
+       socket_lock(head, 0);
+       return 1;
 }
 
 /* Set background congestion control on a socket */
 }
 
 /* Set background congestion control on a socket */
@@ -5967,10 +6815,11 @@ tcp_set_background_cc(struct socket *so)
 void
 tcp_set_foreground_cc(struct socket *so)
 {
 void
 tcp_set_foreground_cc(struct socket *so)
 {
-       if (tcp_use_newreno)
+       if (tcp_use_newreno) {
                tcp_set_new_cc(so, TCP_CC_ALGO_NEWRENO_INDEX);
                tcp_set_new_cc(so, TCP_CC_ALGO_NEWRENO_INDEX);
-       else
+       } else {
                tcp_set_new_cc(so, TCP_CC_ALGO_CUBIC_INDEX);
                tcp_set_new_cc(so, TCP_CC_ALGO_CUBIC_INDEX);
+       }
 }
 
 static void
 }
 
 static void
@@ -5980,17 +6829,18 @@ tcp_set_new_cc(struct socket *so, uint16_t cc_index)
        struct tcpcb *tp = intotcpcb(inp);
        u_char old_cc_index = 0;
        if (tp->tcp_cc_index != cc_index) {
        struct tcpcb *tp = intotcpcb(inp);
        u_char old_cc_index = 0;
        if (tp->tcp_cc_index != cc_index) {
-
                old_cc_index = tp->tcp_cc_index;
 
                old_cc_index = tp->tcp_cc_index;
 
-               if (CC_ALGO(tp)->cleanup != NULL)
+               if (CC_ALGO(tp)->cleanup != NULL) {
                        CC_ALGO(tp)->cleanup(tp);
                        CC_ALGO(tp)->cleanup(tp);
+               }
                tp->tcp_cc_index = cc_index;
 
                tcp_cc_allocate_state(tp);
 
                tp->tcp_cc_index = cc_index;
 
                tcp_cc_allocate_state(tp);
 
-               if (CC_ALGO(tp)->switch_to != NULL)
+               if (CC_ALGO(tp)->switch_to != NULL) {
                        CC_ALGO(tp)->switch_to(tp, old_cc_index);
                        CC_ALGO(tp)->switch_to(tp, old_cc_index);
+               }
 
                tcp_ccdbg_trace(tp, NULL, TCP_CC_CHANGE_ALGO);
        }
 
                tcp_ccdbg_trace(tp, NULL, TCP_CC_CHANGE_ALGO);
        }
@@ -5999,8 +6849,9 @@ tcp_set_new_cc(struct socket *so, uint16_t cc_index)
 void
 tcp_set_recv_bg(struct socket *so)
 {
 void
 tcp_set_recv_bg(struct socket *so)
 {
-       if (!IS_TCP_RECV_BG(so))
-               so->so_traffic_mgt_flags |= TRAFFIC_MGT_TCP_RECVBG;
+       if (!IS_TCP_RECV_BG(so)) {
+               so->so_flags1 |= SOF1_TRAFFIC_MGT_TCP_RECVBG;
+       }
 
        /* Unset Large Receive Offload on background sockets */
        so_set_lro(so, SO_TC_BK);
 
        /* Unset Large Receive Offload on background sockets */
        so_set_lro(so, SO_TC_BK);
@@ -6009,11 +6860,12 @@ tcp_set_recv_bg(struct socket *so)
 void
 tcp_clear_recv_bg(struct socket *so)
 {
 void
 tcp_clear_recv_bg(struct socket *so)
 {
-       if (IS_TCP_RECV_BG(so))
-               so->so_traffic_mgt_flags &= ~(TRAFFIC_MGT_TCP_RECVBG);
+       if (IS_TCP_RECV_BG(so)) {
+               so->so_flags1 &= ~(SOF1_TRAFFIC_MGT_TCP_RECVBG);
+       }
 
 
-       /* 
-        * Set/unset use of Large Receive Offload depending on 
+       /*
+        * Set/unset use of Large Receive Offload depending on
         * the traffic class
         */
        so_set_lro(so, so->so_traffic_class);
         * the traffic class
         */
        so_set_lro(so, so->so_traffic_class);
@@ -6027,8 +6879,9 @@ inp_fc_unthrottle_tcp(struct inpcb *inp)
         * Back off the slow-start threshold and enter
         * congestion avoidance phase
         */
         * Back off the slow-start threshold and enter
         * congestion avoidance phase
         */
-       if (CC_ALGO(tp)->pre_fr != NULL)
+       if (CC_ALGO(tp)->pre_fr != NULL) {
                CC_ALGO(tp)->pre_fr(tp);
                CC_ALGO(tp)->pre_fr(tp);
+       }
 
        tp->snd_cwnd = tp->snd_ssthresh;
        tp->t_flagsext &= ~TF_CWND_NONVALIDATED;
 
        tp->snd_cwnd = tp->snd_ssthresh;
        tp->t_flagsext &= ~TF_CWND_NONVALIDATED;
@@ -6039,12 +6892,11 @@ inp_fc_unthrottle_tcp(struct inpcb *inp)
        tp->t_bytes_acked = 0;
 
        /* Reset retransmit shift as we know that the reason
        tp->t_bytes_acked = 0;
 
        /* Reset retransmit shift as we know that the reason
-        * for delay in sending a packet is due to flow 
+        * for delay in sending a packet is due to flow
         * control on the outgoing interface. There is no need
         * to backoff retransmit timer.
         */
         * control on the outgoing interface. There is no need
         * to backoff retransmit timer.
         */
-       tp->t_rxtshift = 0;
-       tp->t_rtttime = 0;
+       TCP_RESET_REXMT_STATE(tp);
 
        /*
         * Start the output stream again. Since we are
 
        /*
         * Start the output stream again. Since we are
@@ -6053,57 +6905,33 @@ inp_fc_unthrottle_tcp(struct inpcb *inp)
         */
        tcp_output(tp);
 }
         */
        tcp_output(tp);
 }
-    
+
 static int
 tcp_getstat SYSCTL_HANDLER_ARGS
 {
 #pragma unused(oidp, arg1, arg2)
 
        int error;
 static int
 tcp_getstat SYSCTL_HANDLER_ARGS
 {
 #pragma unused(oidp, arg1, arg2)
 
        int error;
+       struct tcpstat *stat;
+       stat = &tcpstat;
+#if !CONFIG_EMBEDDED
+       struct tcpstat zero_stat;
+
+       if (tcp_disable_access_to_stats &&
+           !kauth_cred_issuser(kauth_cred_get())) {
+               bzero(&zero_stat, sizeof(zero_stat));
+               stat = &zero_stat;
+       }
 
 
-       proc_t caller = PROC_NULL;
-       proc_t caller_parent = PROC_NULL;
-       char command_name[MAXCOMLEN + 1] = "";
-       char parent_name[MAXCOMLEN + 1] = "";
-
-       if ((caller = proc_self()) != PROC_NULL) {
-               /* get process name */
-               strlcpy(command_name, caller->p_comm, sizeof(command_name));
-
-               /* get parent process name if possible */
-               if ((caller_parent = proc_find(caller->p_ppid)) != PROC_NULL) {
-                       strlcpy(parent_name, caller_parent->p_comm,
-                           sizeof(parent_name));
-                       proc_rele(caller_parent);
-               }
-
-               if ((escape_str(command_name, strlen(command_name),
-                   sizeof(command_name)) == 0) &&
-                   (escape_str(parent_name, strlen(parent_name),
-                   sizeof(parent_name)) == 0)) {
-                       kern_asl_msg(LOG_DEBUG, "messagetracer",
-                           5,
-                           "com.apple.message.domain",
-                           "com.apple.kernel.tcpstat", /* 1 */
-                           "com.apple.message.signature",
-                           "tcpstat", /* 2 */
-                           "com.apple.message.signature2", command_name, /* 3 */
-                           "com.apple.message.signature3", parent_name, /* 4 */
-                           "com.apple.message.summarize", "YES", /* 5 */
-                           NULL);
-               }
-       }
-       if (caller != PROC_NULL)
-               proc_rele(caller);
+#endif /* !CONFIG_EMBEDDED */
 
        if (req->oldptr == 0) {
 
        if (req->oldptr == 0) {
-               req->oldlen= (size_t)sizeof(struct tcpstat);
+               req->oldlen = (size_t)sizeof(struct tcpstat);
        }
 
        }
 
-       error = SYSCTL_OUT(req, &tcpstat, MIN(sizeof (tcpstat), req->oldlen));
-
-        return (error);
+       error = SYSCTL_OUT(req, stat, MIN(sizeof(tcpstat), req->oldlen));
 
 
+       return error;
 }
 
 /*
 }
 
 /*
@@ -6119,8 +6947,12 @@ tcp_input_checksum(int af, struct mbuf *m, struct tcphdr *th, int off, int tlen)
                struct ip *ip = mtod(m, struct ip *);
                struct ipovly *ipov = (struct ipovly *)ip;
 
                struct ip *ip = mtod(m, struct ip *);
                struct ipovly *ipov = (struct ipovly *)ip;
 
-               if (m->m_pkthdr.pkt_flags & PKTF_SW_LRO_DID_CSUM)
-                       return (0);
+               if (m->m_pkthdr.pkt_flags & PKTF_SW_LRO_DID_CSUM) {
+                       return 0;
+               }
+
+               /* ip_stripoptions() must have been called before we get here */
+               ASSERT((ip->ip_hl << 2) == sizeof(*ip));
 
                if ((hwcksum_rx || (ifp->if_flags & IFF_LOOPBACK) ||
                    (m->m_pkthdr.pkt_flags & PKTF_LOOP)) &&
 
                if ((hwcksum_rx || (ifp->if_flags & IFF_LOOPBACK) ||
                    (m->m_pkthdr.pkt_flags & PKTF_LOOP)) &&
@@ -6128,33 +6960,59 @@ tcp_input_checksum(int af, struct mbuf *m, struct tcphdr *th, int off, int tlen)
                        if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR) {
                                th->th_sum = m->m_pkthdr.csum_rx_val;
                        } else {
                        if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR) {
                                th->th_sum = m->m_pkthdr.csum_rx_val;
                        } else {
-                               uint16_t sum = m->m_pkthdr.csum_rx_val;
-                               uint16_t start = m->m_pkthdr.csum_rx_start;
+                               uint32_t sum = m->m_pkthdr.csum_rx_val;
+                               uint32_t start = m->m_pkthdr.csum_rx_start;
+                               int32_t trailer = (m_pktlen(m) - (off + tlen));
 
                                /*
                                 * Perform 1's complement adjustment of octets
                                 * that got included/excluded in the hardware-
                                 * calculated checksum value.  Ignore cases
 
                                /*
                                 * Perform 1's complement adjustment of octets
                                 * that got included/excluded in the hardware-
                                 * calculated checksum value.  Ignore cases
-                                * where the value includes or excludes the IP
-                                * header span, as the sum for those octets
-                                * would already be 0xffff and thus no-op.
+                                * where the value already includes the entire
+                                * IP header span, as the sum for those octets
+                                * would already be 0 by the time we get here;
+                                * IP has already performed its header checksum
+                                * checks.  If we do need to adjust, restore
+                                * the original fields in the IP header when
+                                * computing the adjustment value.  Also take
+                                * care of any trailing bytes and subtract out
+                                * their partial sum.
                                 */
                                 */
+                               ASSERT(trailer >= 0);
                                if ((m->m_pkthdr.csum_flags & CSUM_PARTIAL) &&
                                if ((m->m_pkthdr.csum_flags & CSUM_PARTIAL) &&
-                                   start != 0 && (off - start) != off) {
-#if BYTE_ORDER != BIG_ENDIAN
+                                   ((start != 0 && start != off) || trailer)) {
+                                       uint32_t swbytes = (uint32_t)trailer;
+
                                        if (start < off) {
                                        if (start < off) {
+                                               ip->ip_len += sizeof(*ip);
+#if BYTE_ORDER != BIG_ENDIAN
                                                HTONS(ip->ip_len);
                                                HTONS(ip->ip_off);
                                                HTONS(ip->ip_len);
                                                HTONS(ip->ip_off);
+#endif /* BYTE_ORDER != BIG_ENDIAN */
                                        }
                                        }
-#endif
                                        /* callee folds in sum */
                                        /* callee folds in sum */
-                                       sum = m_adj_sum16(m, start, off, sum);
-#if BYTE_ORDER != BIG_ENDIAN
+                                       sum = m_adj_sum16(m, start, off,
+                                           tlen, sum);
+                                       if (off > start) {
+                                               swbytes += (off - start);
+                                       } else {
+                                               swbytes += (start - off);
+                                       }
+
                                        if (start < off) {
                                        if (start < off) {
+#if BYTE_ORDER != BIG_ENDIAN
                                                NTOHS(ip->ip_off);
                                                NTOHS(ip->ip_len);
                                                NTOHS(ip->ip_off);
                                                NTOHS(ip->ip_len);
+#endif /* BYTE_ORDER != BIG_ENDIAN */
+                                               ip->ip_len -= sizeof(*ip);
+                                       }
+
+                                       if (swbytes != 0) {
+                                               tcp_in_cksum_stats(swbytes);
+                                       }
+                                       if (trailer != 0) {
+                                               m_adj(m, -trailer);
                                        }
                                        }
-#endif
                                }
 
                                /* callee folds in sum */
                                }
 
                                /* callee folds in sum */
@@ -6168,16 +7026,16 @@ tcp_input_checksum(int af, struct mbuf *m, struct tcphdr *th, int off, int tlen)
                        int len;
                        char b[9];
 
                        int len;
                        char b[9];
 
-                       bcopy(ipov->ih_x1, b, sizeof (ipov->ih_x1));
-                       bzero(ipov->ih_x1, sizeof (ipov->ih_x1));
+                       bcopy(ipov->ih_x1, b, sizeof(ipov->ih_x1));
+                       bzero(ipov->ih_x1, sizeof(ipov->ih_x1));
                        ip_sum = ipov->ih_len;
                        ipov->ih_len = (u_short)tlen;
 #if BYTE_ORDER != BIG_ENDIAN
                        HTONS(ipov->ih_len);
 #endif
                        ip_sum = ipov->ih_len;
                        ipov->ih_len = (u_short)tlen;
 #if BYTE_ORDER != BIG_ENDIAN
                        HTONS(ipov->ih_len);
 #endif
-                       len = sizeof (struct ip) + tlen;
+                       len = sizeof(struct ip) + tlen;
                        th->th_sum = in_cksum(m, len);
                        th->th_sum = in_cksum(m, len);
-                       bcopy(b, ipov->ih_x1, sizeof (ipov->ih_x1));
+                       bcopy(b, ipov->ih_x1, sizeof(ipov->ih_x1));
                        ipov->ih_len = ip_sum;
 
                        tcp_in_cksum_stats(len);
                        ipov->ih_len = ip_sum;
 
                        tcp_in_cksum_stats(len);
@@ -6188,8 +7046,9 @@ tcp_input_checksum(int af, struct mbuf *m, struct tcphdr *th, int off, int tlen)
        case AF_INET6: {
                struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
 
        case AF_INET6: {
                struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
 
-               if (m->m_pkthdr.pkt_flags & PKTF_SW_LRO_DID_CSUM)
-                       return (0);
+               if (m->m_pkthdr.pkt_flags & PKTF_SW_LRO_DID_CSUM) {
+                       return 0;
+               }
 
                if ((hwcksum_rx || (ifp->if_flags & IFF_LOOPBACK) ||
                    (m->m_pkthdr.pkt_flags & PKTF_LOOP)) &&
 
                if ((hwcksum_rx || (ifp->if_flags & IFF_LOOPBACK) ||
                    (m->m_pkthdr.pkt_flags & PKTF_LOOP)) &&
@@ -6197,21 +7056,26 @@ tcp_input_checksum(int af, struct mbuf *m, struct tcphdr *th, int off, int tlen)
                        if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR) {
                                th->th_sum = m->m_pkthdr.csum_rx_val;
                        } else {
                        if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR) {
                                th->th_sum = m->m_pkthdr.csum_rx_val;
                        } else {
-                               uint16_t sum = m->m_pkthdr.csum_rx_val;
-                               uint16_t start = m->m_pkthdr.csum_rx_start;
+                               uint32_t sum = m->m_pkthdr.csum_rx_val;
+                               uint32_t start = m->m_pkthdr.csum_rx_start;
+                               int32_t trailer = (m_pktlen(m) - (off + tlen));
 
                                /*
                                 * Perform 1's complement adjustment of octets
                                 * that got included/excluded in the hardware-
 
                                /*
                                 * Perform 1's complement adjustment of octets
                                 * that got included/excluded in the hardware-
-                                * calculated checksum value.
+                                * calculated checksum value.  Also take care
+                                * of any trailing bytes and subtract out their
+                                * partial sum.
                                 */
                                 */
+                               ASSERT(trailer >= 0);
                                if ((m->m_pkthdr.csum_flags & CSUM_PARTIAL) &&
                                if ((m->m_pkthdr.csum_flags & CSUM_PARTIAL) &&
-                                   start != off) {
-                                       uint16_t s, d;
+                                   (start != off || trailer != 0)) {
+                                       uint16_t s = 0, d = 0;
+                                       uint32_t swbytes = (uint32_t)trailer;
 
                                        if (IN6_IS_SCOPE_EMBED(&ip6->ip6_src)) {
                                                s = ip6->ip6_src.s6_addr16[1];
 
                                        if (IN6_IS_SCOPE_EMBED(&ip6->ip6_src)) {
                                                s = ip6->ip6_src.s6_addr16[1];
-                                               ip6->ip6_src.s6_addr16[1] = 0 ;
+                                               ip6->ip6_src.s6_addr16[1] = 0;
                                        }
                                        if (IN6_IS_SCOPE_EMBED(&ip6->ip6_dst)) {
                                                d = ip6->ip6_dst.s6_addr16[1];
                                        }
                                        if (IN6_IS_SCOPE_EMBED(&ip6->ip6_dst)) {
                                                d = ip6->ip6_dst.s6_addr16[1];
@@ -6219,17 +7083,32 @@ tcp_input_checksum(int af, struct mbuf *m, struct tcphdr *th, int off, int tlen)
                                        }
 
                                        /* callee folds in sum */
                                        }
 
                                        /* callee folds in sum */
-                                       sum = m_adj_sum16(m, start, off, sum);
+                                       sum = m_adj_sum16(m, start, off,
+                                           tlen, sum);
+                                       if (off > start) {
+                                               swbytes += (off - start);
+                                       } else {
+                                               swbytes += (start - off);
+                                       }
 
 
-                                       if (IN6_IS_SCOPE_EMBED(&ip6->ip6_src))
+                                       if (IN6_IS_SCOPE_EMBED(&ip6->ip6_src)) {
                                                ip6->ip6_src.s6_addr16[1] = s;
                                                ip6->ip6_src.s6_addr16[1] = s;
-                                       if (IN6_IS_SCOPE_EMBED(&ip6->ip6_dst))
+                                       }
+                                       if (IN6_IS_SCOPE_EMBED(&ip6->ip6_dst)) {
                                                ip6->ip6_dst.s6_addr16[1] = d;
                                                ip6->ip6_dst.s6_addr16[1] = d;
+                                       }
+
+                                       if (swbytes != 0) {
+                                               tcp_in6_cksum_stats(swbytes);
+                                       }
+                                       if (trailer != 0) {
+                                               m_adj(m, -trailer);
+                                       }
                                }
 
                                th->th_sum = in6_pseudo(
                                }
 
                                th->th_sum = in6_pseudo(
-                                   &ip6->ip6_src, &ip6->ip6_dst,
-                                   sum + htonl(tlen + IPPROTO_TCP));
+                                       &ip6->ip6_src, &ip6->ip6_dst,
+                                       sum + htonl(tlen + IPPROTO_TCP));
                        }
                        th->th_sum ^= 0xffff;
                } else {
                        }
                        th->th_sum ^= 0xffff;
                } else {
@@ -6247,12 +7126,13 @@ tcp_input_checksum(int af, struct mbuf *m, struct tcphdr *th, int off, int tlen)
        if (th->th_sum != 0) {
                tcpstat.tcps_rcvbadsum++;
                IF_TCP_STATINC(ifp, badformat);
        if (th->th_sum != 0) {
                tcpstat.tcps_rcvbadsum++;
                IF_TCP_STATINC(ifp, badformat);
-               return (-1);
+               return -1;
        }
 
        }
 
-       return (0);
+       return 0;
 }
 
 }
 
+
 SYSCTL_PROC(_net_inet_tcp, TCPCTL_STATS, stats,
     CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_LOCKED, 0, 0, tcp_getstat,
     "S,tcpstat", "TCP statistics (struct tcpstat, netinet/tcp_var.h)");
 SYSCTL_PROC(_net_inet_tcp, TCPCTL_STATS, stats,
     CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_LOCKED, 0, 0, tcp_getstat,
     "S,tcpstat", "TCP statistics (struct tcpstat, netinet/tcp_var.h)");
@@ -6265,24 +7145,25 @@ sysctl_rexmtthresh SYSCTL_HANDLER_ARGS
        int error, val = tcprexmtthresh;
 
        error = sysctl_handle_int(oidp, &val, 0, req);
        int error, val = tcprexmtthresh;
 
        error = sysctl_handle_int(oidp, &val, 0, req);
-       if (error || !req->newptr)
-                return (error);
+       if (error || !req->newptr) {
+               return error;
+       }
 
        /*
         * Constrain the number of duplicate ACKs
 
        /*
         * Constrain the number of duplicate ACKs
-        * to consider for TCP fast retransmit 
+        * to consider for TCP fast retransmit
         * to either 2 or 3
         */
 
         * to either 2 or 3
         */
 
-        if (val < 2 || val > 3)
-               return (EINVAL);
+       if (val < 2 || val > 3) {
+               return EINVAL;
+       }
 
 
-        tcprexmtthresh = val;
+       tcprexmtthresh = val;
 
 
-       return (0);
+       return 0;
 }
 
 SYSCTL_PROC(_net_inet_tcp, OID_AUTO, rexmt_thresh, CTLTYPE_INT | CTLFLAG_RW |
 }
 
 SYSCTL_PROC(_net_inet_tcp, OID_AUTO, rexmt_thresh, CTLTYPE_INT | CTLFLAG_RW |
-       CTLFLAG_LOCKED, &tcprexmtthresh, 0, &sysctl_rexmtthresh, "I",
-       "Duplicate ACK Threshold for Fast Retransmit");
-
+    CTLFLAG_LOCKED, &tcprexmtthresh, 0, &sysctl_rexmtthresh, "I",
+    "Duplicate ACK Threshold for Fast Retransmit");
mirror of XNU