1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-29 12:03:03 +00:00
Commit Graph

3023 Commits

Author SHA1 Message Date
Randall Stewart
bf949ea2d4 - Change back to using prioity 0. Which means don't change the
prioity when running the thread. (this is for the sctp_interator thread).

MFC after:	1 week
2008-01-28 10:33:41 +00:00
Randall Stewart
257438fb6c - Fix a bug where the socket may have been closed which
could cause a crash in the auth code.
Obtained from:	Michael Tuexen
MFC after:	1 week
2008-01-28 10:31:12 +00:00
Randall Stewart
f36d98069e - Fixes a comparison wrap issue with sack gap ack blocks that
span the 32 bit roll over mark.
2008-01-28 10:25:43 +00:00
Robert Watson
bb5081a7eb Hide ipfw internal data structures behind IPFW_INTERNAL rather than
exposing them to all consumers of ip_fw.h.  These structures are
used in both ipfw(8) and ipfw(4), but not part of the user<->kernel
interface for other applications to use, rather, shared
implementation.

MFC after:	3 days
Reported by:	Paul Vixie <paul at vix dot com>
2008-01-25 14:38:27 +00:00
Bjoern A. Zeeb
79ba395267 Replace the last susers calls in netinet6/ with privilege checks.
Introduce a new privilege allowing to set certain IP header options
(hop-by-hop, routing headers).

Leave a few comments to be addressed later.

Reviewed by:	rwatson (older version, before addressing his comments)
2008-01-24 08:25:59 +00:00
Bjoern A. Zeeb
107d12440a Differentiate between addifaddr and delifaddr for the privilege check.
Reviewed by:	rwatson
MFC after:	2 weeks
2008-01-24 08:14:38 +00:00
Robert Watson
109058b094 tcp_usrreq.c:1.313 removed tcbinfo locking from tcp_usr_accept(), which
while in principle a good idea, opened us up to a race inherrent to
the syncache's direct insertion of incoming TCP connections into the
"completed connection" listen queue, as it transpires that the socket
is inserted before the inpcb is fully filled in by syncache_expand().
The bug manifested with the occasional returning of 0.0.0.0:0 in the
address returned by the accept() system call, which occurred if accept
managed to execute tcp_usr_accept() before syncache_expand() had copied
the endpoint addresses into inpcb connection state.

Re-add tcbinfo locking around the address copyout, which has the effect
of delaying the copy until syncache_expand() has finished running, as
it is run while the tcbinfo lock is held.  This is undesirable in that
it increases contention on tcbinfo further, but a more significant
change will be required to how the syncache inserts new sockets in
order to fix this and keep more granular locking here.  In particular,
either more state needs to be passed into sonewconn() so that
pru_attach() can fill in the fields *before* the socket is inserted, or
the socket needs to be inserted in the incomplete connection queue
until it is actually ready to be used.

Reported by:	glebius (and kris)
Tested by:	glebius
2008-01-23 21:15:51 +00:00
Robert Watson
1e8f5ffa35 In tcp_ctloutput(), don't hold the inpcb lock over sooptcopyin(), rather,
drop the lock and then re-acquire it, revalidating TCP connection state
assumptions when we do so.  This avoids a potential lock order reversal
(and potential deadlock, although none have been reported) due to the
inpcb lock being held over a page fault.

MFC after:	1 week
PR:		102752
Reviewed by:	bz
Reported by:	Václav Haisman <v dot haisman at sh dot cvut dot cz>
2008-01-18 12:19:50 +00:00
Julian Elischer
b6ae6984e8 Don't duplicate the whole of arpresolve to arpresolve 2 for the sake
of two compares against 0. The negative effect of cache flushing
is probably more than the gain by not doing the two compares (the
value is almost certainly in register or at worst, cache).
Note that the uses of m_freem() are in error cases and m_freem()
handles NULL anyhow. So fast-path really isn't changed much at all.
2007-12-31 23:48:06 +00:00
Oleg Bulyzhin
5254af0cf1 Workaround p->numbytes overflow, which can result in infinite loop inside
dummynet module (prerequisite is using queues with "fat" pipe).

PR:		kern/113548
2007-12-25 09:36:51 +00:00
Robert Watson
0bffde27b2 When IPSEC fails to allocate policy state for an inpcb, and MAC is in use,
free the MAC label on the inpcb before freeing the inpcb.

MFC after:	3 days
Submitted by:	tanyong <tanyong at ercist dot iscas dot ac dot cn>,
		zhouzhouyi
2007-12-22 10:06:11 +00:00
Ruslan Ermilov
9eb1b6aabb Fix bugs in the TCP syncache timeout code. including:
When system ticks are positive, for entries in the cache
bucket, syncache_timer() ran on every tick (doing nothing
useful) instead of the supposed 3, 6, 12, and 24 seconds
later (when it's time to retransmit SYN,ACK).

When ticks are negative, syncache_timer() was scheduled
for the too far future (up to ~25 days on systems with
HZ=1000), no SYN,ACK retransmits were attempted at all,
and syncache entries added in that period that correspond
to non-established connections stay there forever.

Only HEAD and RELENG_7 are affected.

Reviewed by:	silby, kmacy (earlier version)
Submitted by:	Maxim Dounin, ru
2007-12-19 16:56:28 +00:00
Kip Macy
d29a9a83fd Remove extraneous debug statements.
Noticed by: Andrey Chernov
2007-12-19 05:17:40 +00:00
Kip Macy
bc65987ade Incorporate TCP offload hooks in to core TCP code.
- Rename output routines tcp_gen_* -> tcp_output_*.
  - Rename notification routines that turn in to no-ops in the absence of TOE
    from tcp_gen_* -> tcp_offload_*.
  - Fix some minor comment nits.
  - Add a /* FALLTHROUGH */

Reviewed by: Sam Leffler, Robert Watson, and Mike Silbersack
2007-12-18 22:59:07 +00:00
Randall Stewart
83073fcba3 - sctp-iterator should run at PI_NET priority ...not 0.
MFC after:	1 week
2007-12-18 01:24:15 +00:00
Kip Macy
8b5709dfab incorporate feedback since initial commit
- rename tcp_ofld.[ch] to tcp_offload.[ch]
- document usage and locking conventions of the functions in the
  toe_usrreqs function vector
- document tcpcb, inpcb, and socket fields used by toe
- widen the listen interface into 2 functions
- rename DISABLE_TCP_OFFLOAD to TCP_OFFLOAD_DISABLE
- shrink conditional compilation to reduce the likelihood of bitrot
- replace sc->sc_toepcb checks in tcp_syncache.c with TOEPCB_ISSET
2007-12-17 07:56:27 +00:00
Kip Macy
29910a5a77 widen the routing event interface (arp update, redirect, and eventually pmtu change)
into separate functions

revert previous commit's changes to arpresolve and add a new interface
arpresolve2 which does arp resolution without an mbuf
2007-12-17 07:40:34 +00:00
Kip Macy
58505389d1 Don't panic in arpresolve if we're given a null mbuf. We could
insist that the caller just pass in an initialized mbuf even
if didn't have any data - but that seems rather contrived.
2007-12-17 04:19:25 +00:00
Kip Macy
bdca760906 Update tod_connect call to reflect updated interface 2007-12-16 07:37:48 +00:00
Kip Macy
b3e761e5c8 Move arp update upcall to always be called for ARP replies - previous invocation
would not always get called at the appropriate times
2007-12-16 06:42:33 +00:00
Kip Macy
a9420d282f Update the toedev's connect interface to reflect the fact that the inpcb
doesn't cache the rtentry in HEAD.
2007-12-16 05:30:21 +00:00
Kip Macy
ee939bbf7e Add socket option for setting and retrieving the congestion control algorithm.
The name used is to allow compatibility with Linux.
2007-12-16 03:30:07 +00:00
Kip Macy
9f117e1062 make naming prefixes consistent across tom_info 2007-12-15 20:20:08 +00:00
Kip Macy
0005682030 Fix error in previous commit - the style fix changed flag name without
changing references to the flag
2007-12-13 01:24:20 +00:00
Kip Macy
76b262c426 Fix style issues with initial TCP offload commit
Requested by: rwatson
Submitted by: rwatson
2007-12-12 23:31:49 +00:00
Kip Macy
8e7e854cd6 add interface for allowing consumers to register for ARP updates,
redirects, and path MTU changes

Reviewed by: silby
2007-12-12 20:53:25 +00:00
Kip Macy
284333d353 Add interface for tcp offload to syncache:
- make neccessary changes to release offload resources when a syncache
   entry is removed before connection establishment
 - disable checks for offloaded connection where insufficient information
   is available

Reviewed by: silby
2007-12-12 20:35:59 +00:00
Kip Macy
620721db82 Add driver independent interface to offload active established TCP connections
Reviewed by: silby
2007-12-12 20:21:39 +00:00
Kip Macy
4f1efccf29 Remove spurious timestamp check. RFC 1323 explicitly states that timestamps MAY
be transmitted if negotiated.
2007-12-12 06:11:50 +00:00
David Malone
71bd9b9cf9 If we are walking the IPv6 header chain and we hit an IPPROTO_NONE
header, then don't try to pullup anything, because there is no next
header if we hit IPPROTO_NONE. Set ulp to a non-NULL value so the
search for an upper layer header terinates.

This is based on Pekka's diagnosis, but I chose a simpler fix.

PR:		115261
Submitted by:	Pekka Savola <pekkas@netcore.fi>
Reviewed by:	mlaier
MFC after:	2 weeks
2007-12-09 15:35:09 +00:00
Kip Macy
2de2af32a0 Add padding for anticipated functionality
- vimage
 - TOE
 - multiq
 - host rtentry caching

Rename spare used by 80211 to if_llsoftc

Reviewed by: rwatson, gnn
MFC after: 1 day
2007-12-07 01:46:13 +00:00
Randall Stewart
41eee5558c - More fixes for lock misses on the transfer of data to
the sent_queue. Sometimes I wonder why any code
  ever works :-)
- Fix the pad of the last mbuf routine, It was working improperly
  on non-4 byte aligned chunks which could cause memory overruns.

MFC after:	1 week
2007-12-07 01:32:14 +00:00
Dag-Erling Smørgrav
6c7faee24f Simpler version of the previous commit. 2007-12-06 09:31:13 +00:00
Randall Stewart
9c04b2966d - optimize the initialization of the SB max variables.
- Missing lock when sending data and moving it to the
  outqueue.
- If a mbuf alloc fails during moving to outqueue the
  reassembly of the old mbuf chain was incorrect.
- some_taken becomes a counter in sctputil.c instead of a set to 1.
- Fix a panic to be only under invarients and have a proper recovery.
- msg_flags needed to be set.to the value collected not or'd.

MFC after:	1 week
2007-12-06 00:22:55 +00:00
Randall Stewart
2aedc03dad - More fixes for the non-blocking msg send, had the skip of the pre-block
test incorrect.
- Fix the initial buf calculation to be more friendly, calc is the same
  but we use different variable to make it easier amongst the different
  code versions.

MFC after:	1 week
2007-12-04 20:20:42 +00:00
Randall Stewart
0e81d2ed7a - Opps, signedness issue with one of the new var's (this is an issue
mainly in apple but with the right -Wall it could effect us too).

MFC after:	1 week
2007-12-04 14:47:39 +00:00
Randall Stewart
9f22f50039 - Found a problem in non-blocking sends. When
sending, once the locks are all unlocked to
  do the copy's in, its possible that other
  events could then raise the number of bytes
  outstanding pushing it so not all the message
  would fit. This would then cause us to send
  only part of the message. This fix makes it
  so we keep a "reserved" amount that can be
  kept in mind when making calculations to send.
- rcv msg args with a NULL/NULL for to/tolen will return an error incorrectly
  for the 1-2-1 model.
- We were not doing 0 len return correctly and not setting cantrcv more
  correctly. Previouly we "fixed" this area by taking out the socantrcv
  since we then could not get the data out. The correct rix is to still
  flag the socket but alow a by-pass route to continue to read until
  all data is consumed.

MFC after:	1 week
2007-12-04 14:41:48 +00:00
Yaroslav Tykhiy
3affb6fb19 For the sake of convenience, print the name of the network interface
IPv4 address duplication was detected on.

Idea by:	marck
2007-12-04 13:01:12 +00:00
Mike Silbersack
136286a141 Fix SACK negotiation that was broken in rev 1.105.
Before this fix, FreeBSD would negotiate SACK on outgoing
connections, but would always fail to negotiate it on incoming
connections.

Discovered by: James Healy and Lawrence Stewart
Submitted by: James Healy and Lawrence Stewart
MFC after: 3 days
2007-12-04 07:11:13 +00:00
Guido van Rooij
d23d475fb4 Consider the following situation:
1. A packet comes in that is to be forwarded
2. The destination of the packet is rewritten by some firewall code
3. The next link's MTU is too small
4. The packet has the DF bit set

Then the current code is such that instead of setting the next
link's MTU in the ICMP error, ip_next_mtu() is called and a guess
is sent as to which MTU is supposed to be tried next. This is because
in this case ip_forward() is called with srcrt set to 1. In that
case the ia pointer remains NULL but it is needed to get the MTU
of the interface the packet is to be sent out from.
Thus, we always set ia to the outgoing interface.

MFC after:	2 weeks
2007-12-02 13:00:47 +00:00
Bjoern A. Zeeb
ee763d0d9c Centralize and correct computation of TCP-MD5 signature offset within
the packet (tcp header options field).

Reviewed by:	tools/regression/netinet/tcpconnect
MFC after:	3 days
Tested by:	Nick Hilliard (see net@)
2007-11-30 23:46:51 +00:00
Bjoern A. Zeeb
beb8b626d1 Move call to tcp_signature_compute() after we adjusted the payload offset
in the tcp header. With relevant parts of the tcp header changing after
the 'signature' was computed, the signature becomes invalid.

Reviewed by:	tools/regression/netinet/tcpconnect
MFC after:	3 days
Tested by:	Nick Hilliard (see net@)
2007-11-30 23:41:51 +00:00
Bjoern A. Zeeb
4a411b9fcc Let opt be an array. Though &opt[0] == opt == &opt, &opt is highly
confusing and hard to understand so change it to just opt and
remove the extra cast no longer/not needed.

Discussed with: rwatson
MFC after:      3 days
2007-11-28 13:33:27 +00:00
Bjoern A. Zeeb
abebe6db7a Correctly get the authentication key for TCP-MD5 from the SA.
Submitted by:	Nick Hilliard on net@
MFC after:	8 weeks
2007-11-28 13:23:50 +00:00
Robert Watson
2b19cb1b87 More carefully handle various cases in sysctl_drop(), such as unlocking
the inpcb when there's an inpcb without associated timewait state, and
not unlocking when the inpcb has been freed.  This avoids a kernel panic
when tcpdrop(8) is run on a socket in the TIMEWAIT state.

MFC after:	3 days
Reported by:	Rako <rako29 at gmail dot com>
2007-11-24 18:43:59 +00:00
John Birrell
962e1ce30f Fix strict alias warnings. 2007-11-23 23:56:03 +00:00
Bjoern A. Zeeb
9ad0173df1 Make TSO work with IPSEC compiled into the kernel.
The lookup hurts a bit for connections but had been there anyway
if IPSEC was compiled in. So moving the lookup up a bit gives us
TSO support at not extra cost.

PR:		kern/115586
Tested by:	gallatin
Discussed with:	kmacy
MFC after:	2 months
2007-11-21 22:30:14 +00:00
Mike Silbersack
1b67beea13 Comment out the syncache's test which ensures that hosts which negotiate TCP
timestamps in the initial SYN packet actually use them in the rest of the
connection.  Unfortunately, during the 7.0 testing cycle users have already
found network devices that violate this constraint.

RFC 1323 states 'and may send a TSopt in other segments' rather than
'and MUST send', so we must allow it.

Discovered by: Rob Zietlow
Tracked down by: Kip Macy
PR: bin/118005
2007-11-20 06:56:04 +00:00
Oleg Bulyzhin
8d1e3aed2d - New sysctl variable: net.inet.ip.dummynet.io_fast
If it is set to zero value (default) dummynet module will try to emulate
  real link as close as possible (bandwidth & latency): packet will not leave
  pipe faster than it should be on real link with given bandwidth.
  (This is original behaviour of dummynet which was altered in previous commit)
  If it is set to non-zero value only bandwidth is enforced: packet's latency
  can be lower comparing to real link with given bandwidth.

- Document recently introduced dummynet(4) sysctl variables.

Requested by:	luigi, julian
MFC after:	3 month
2007-11-17 21:54:57 +00:00
Randall Stewart
81aca91ab6 - Fix a bug in sctp_calc_rwnd() which resulted in wrong rwnd predictions.
- Fix a signedness problem that shows up in some 64 bit platforms (macos).

MFC after:	1 week
2007-11-10 00:47:14 +00:00