1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-26 11:47:31 +00:00
Commit Graph

3015 Commits

Author SHA1 Message Date
Julian Elischer
b6ae6984e8 Don't duplicate the whole of arpresolve to arpresolve 2 for the sake
of two compares against 0. The negative effect of cache flushing
is probably more than the gain by not doing the two compares (the
value is almost certainly in register or at worst, cache).
Note that the uses of m_freem() are in error cases and m_freem()
handles NULL anyhow. So fast-path really isn't changed much at all.
2007-12-31 23:48:06 +00:00
Oleg Bulyzhin
5254af0cf1 Workaround p->numbytes overflow, which can result in infinite loop inside
dummynet module (prerequisite is using queues with "fat" pipe).

PR:		kern/113548
2007-12-25 09:36:51 +00:00
Robert Watson
0bffde27b2 When IPSEC fails to allocate policy state for an inpcb, and MAC is in use,
free the MAC label on the inpcb before freeing the inpcb.

MFC after:	3 days
Submitted by:	tanyong <tanyong at ercist dot iscas dot ac dot cn>,
		zhouzhouyi
2007-12-22 10:06:11 +00:00
Ruslan Ermilov
9eb1b6aabb Fix bugs in the TCP syncache timeout code. including:
When system ticks are positive, for entries in the cache
bucket, syncache_timer() ran on every tick (doing nothing
useful) instead of the supposed 3, 6, 12, and 24 seconds
later (when it's time to retransmit SYN,ACK).

When ticks are negative, syncache_timer() was scheduled
for the too far future (up to ~25 days on systems with
HZ=1000), no SYN,ACK retransmits were attempted at all,
and syncache entries added in that period that correspond
to non-established connections stay there forever.

Only HEAD and RELENG_7 are affected.

Reviewed by:	silby, kmacy (earlier version)
Submitted by:	Maxim Dounin, ru
2007-12-19 16:56:28 +00:00
Kip Macy
d29a9a83fd Remove extraneous debug statements.
Noticed by: Andrey Chernov
2007-12-19 05:17:40 +00:00
Kip Macy
bc65987ade Incorporate TCP offload hooks in to core TCP code.
- Rename output routines tcp_gen_* -> tcp_output_*.
  - Rename notification routines that turn in to no-ops in the absence of TOE
    from tcp_gen_* -> tcp_offload_*.
  - Fix some minor comment nits.
  - Add a /* FALLTHROUGH */

Reviewed by: Sam Leffler, Robert Watson, and Mike Silbersack
2007-12-18 22:59:07 +00:00
Randall Stewart
83073fcba3 - sctp-iterator should run at PI_NET priority ...not 0.
MFC after:	1 week
2007-12-18 01:24:15 +00:00
Kip Macy
8b5709dfab incorporate feedback since initial commit
- rename tcp_ofld.[ch] to tcp_offload.[ch]
- document usage and locking conventions of the functions in the
  toe_usrreqs function vector
- document tcpcb, inpcb, and socket fields used by toe
- widen the listen interface into 2 functions
- rename DISABLE_TCP_OFFLOAD to TCP_OFFLOAD_DISABLE
- shrink conditional compilation to reduce the likelihood of bitrot
- replace sc->sc_toepcb checks in tcp_syncache.c with TOEPCB_ISSET
2007-12-17 07:56:27 +00:00
Kip Macy
29910a5a77 widen the routing event interface (arp update, redirect, and eventually pmtu change)
into separate functions

revert previous commit's changes to arpresolve and add a new interface
arpresolve2 which does arp resolution without an mbuf
2007-12-17 07:40:34 +00:00
Kip Macy
58505389d1 Don't panic in arpresolve if we're given a null mbuf. We could
insist that the caller just pass in an initialized mbuf even
if didn't have any data - but that seems rather contrived.
2007-12-17 04:19:25 +00:00
Kip Macy
bdca760906 Update tod_connect call to reflect updated interface 2007-12-16 07:37:48 +00:00
Kip Macy
b3e761e5c8 Move arp update upcall to always be called for ARP replies - previous invocation
would not always get called at the appropriate times
2007-12-16 06:42:33 +00:00
Kip Macy
a9420d282f Update the toedev's connect interface to reflect the fact that the inpcb
doesn't cache the rtentry in HEAD.
2007-12-16 05:30:21 +00:00
Kip Macy
ee939bbf7e Add socket option for setting and retrieving the congestion control algorithm.
The name used is to allow compatibility with Linux.
2007-12-16 03:30:07 +00:00
Kip Macy
9f117e1062 make naming prefixes consistent across tom_info 2007-12-15 20:20:08 +00:00
Kip Macy
0005682030 Fix error in previous commit - the style fix changed flag name without
changing references to the flag
2007-12-13 01:24:20 +00:00
Kip Macy
76b262c426 Fix style issues with initial TCP offload commit
Requested by: rwatson
Submitted by: rwatson
2007-12-12 23:31:49 +00:00
Kip Macy
8e7e854cd6 add interface for allowing consumers to register for ARP updates,
redirects, and path MTU changes

Reviewed by: silby
2007-12-12 20:53:25 +00:00
Kip Macy
284333d353 Add interface for tcp offload to syncache:
- make neccessary changes to release offload resources when a syncache
   entry is removed before connection establishment
 - disable checks for offloaded connection where insufficient information
   is available

Reviewed by: silby
2007-12-12 20:35:59 +00:00
Kip Macy
620721db82 Add driver independent interface to offload active established TCP connections
Reviewed by: silby
2007-12-12 20:21:39 +00:00
Kip Macy
4f1efccf29 Remove spurious timestamp check. RFC 1323 explicitly states that timestamps MAY
be transmitted if negotiated.
2007-12-12 06:11:50 +00:00
David Malone
71bd9b9cf9 If we are walking the IPv6 header chain and we hit an IPPROTO_NONE
header, then don't try to pullup anything, because there is no next
header if we hit IPPROTO_NONE. Set ulp to a non-NULL value so the
search for an upper layer header terinates.

This is based on Pekka's diagnosis, but I chose a simpler fix.

PR:		115261
Submitted by:	Pekka Savola <pekkas@netcore.fi>
Reviewed by:	mlaier
MFC after:	2 weeks
2007-12-09 15:35:09 +00:00
Kip Macy
2de2af32a0 Add padding for anticipated functionality
- vimage
 - TOE
 - multiq
 - host rtentry caching

Rename spare used by 80211 to if_llsoftc

Reviewed by: rwatson, gnn
MFC after: 1 day
2007-12-07 01:46:13 +00:00
Randall Stewart
41eee5558c - More fixes for lock misses on the transfer of data to
the sent_queue. Sometimes I wonder why any code
  ever works :-)
- Fix the pad of the last mbuf routine, It was working improperly
  on non-4 byte aligned chunks which could cause memory overruns.

MFC after:	1 week
2007-12-07 01:32:14 +00:00
Dag-Erling Smørgrav
6c7faee24f Simpler version of the previous commit. 2007-12-06 09:31:13 +00:00
Randall Stewart
9c04b2966d - optimize the initialization of the SB max variables.
- Missing lock when sending data and moving it to the
  outqueue.
- If a mbuf alloc fails during moving to outqueue the
  reassembly of the old mbuf chain was incorrect.
- some_taken becomes a counter in sctputil.c instead of a set to 1.
- Fix a panic to be only under invarients and have a proper recovery.
- msg_flags needed to be set.to the value collected not or'd.

MFC after:	1 week
2007-12-06 00:22:55 +00:00
Randall Stewart
2aedc03dad - More fixes for the non-blocking msg send, had the skip of the pre-block
test incorrect.
- Fix the initial buf calculation to be more friendly, calc is the same
  but we use different variable to make it easier amongst the different
  code versions.

MFC after:	1 week
2007-12-04 20:20:42 +00:00
Randall Stewart
0e81d2ed7a - Opps, signedness issue with one of the new var's (this is an issue
mainly in apple but with the right -Wall it could effect us too).

MFC after:	1 week
2007-12-04 14:47:39 +00:00
Randall Stewart
9f22f50039 - Found a problem in non-blocking sends. When
sending, once the locks are all unlocked to
  do the copy's in, its possible that other
  events could then raise the number of bytes
  outstanding pushing it so not all the message
  would fit. This would then cause us to send
  only part of the message. This fix makes it
  so we keep a "reserved" amount that can be
  kept in mind when making calculations to send.
- rcv msg args with a NULL/NULL for to/tolen will return an error incorrectly
  for the 1-2-1 model.
- We were not doing 0 len return correctly and not setting cantrcv more
  correctly. Previouly we "fixed" this area by taking out the socantrcv
  since we then could not get the data out. The correct rix is to still
  flag the socket but alow a by-pass route to continue to read until
  all data is consumed.

MFC after:	1 week
2007-12-04 14:41:48 +00:00
Yaroslav Tykhiy
3affb6fb19 For the sake of convenience, print the name of the network interface
IPv4 address duplication was detected on.

Idea by:	marck
2007-12-04 13:01:12 +00:00
Mike Silbersack
136286a141 Fix SACK negotiation that was broken in rev 1.105.
Before this fix, FreeBSD would negotiate SACK on outgoing
connections, but would always fail to negotiate it on incoming
connections.

Discovered by: James Healy and Lawrence Stewart
Submitted by: James Healy and Lawrence Stewart
MFC after: 3 days
2007-12-04 07:11:13 +00:00
Guido van Rooij
d23d475fb4 Consider the following situation:
1. A packet comes in that is to be forwarded
2. The destination of the packet is rewritten by some firewall code
3. The next link's MTU is too small
4. The packet has the DF bit set

Then the current code is such that instead of setting the next
link's MTU in the ICMP error, ip_next_mtu() is called and a guess
is sent as to which MTU is supposed to be tried next. This is because
in this case ip_forward() is called with srcrt set to 1. In that
case the ia pointer remains NULL but it is needed to get the MTU
of the interface the packet is to be sent out from.
Thus, we always set ia to the outgoing interface.

MFC after:	2 weeks
2007-12-02 13:00:47 +00:00
Bjoern A. Zeeb
ee763d0d9c Centralize and correct computation of TCP-MD5 signature offset within
the packet (tcp header options field).

Reviewed by:	tools/regression/netinet/tcpconnect
MFC after:	3 days
Tested by:	Nick Hilliard (see net@)
2007-11-30 23:46:51 +00:00
Bjoern A. Zeeb
beb8b626d1 Move call to tcp_signature_compute() after we adjusted the payload offset
in the tcp header. With relevant parts of the tcp header changing after
the 'signature' was computed, the signature becomes invalid.

Reviewed by:	tools/regression/netinet/tcpconnect
MFC after:	3 days
Tested by:	Nick Hilliard (see net@)
2007-11-30 23:41:51 +00:00
Bjoern A. Zeeb
4a411b9fcc Let opt be an array. Though &opt[0] == opt == &opt, &opt is highly
confusing and hard to understand so change it to just opt and
remove the extra cast no longer/not needed.

Discussed with: rwatson
MFC after:      3 days
2007-11-28 13:33:27 +00:00
Bjoern A. Zeeb
abebe6db7a Correctly get the authentication key for TCP-MD5 from the SA.
Submitted by:	Nick Hilliard on net@
MFC after:	8 weeks
2007-11-28 13:23:50 +00:00
Robert Watson
2b19cb1b87 More carefully handle various cases in sysctl_drop(), such as unlocking
the inpcb when there's an inpcb without associated timewait state, and
not unlocking when the inpcb has been freed.  This avoids a kernel panic
when tcpdrop(8) is run on a socket in the TIMEWAIT state.

MFC after:	3 days
Reported by:	Rako <rako29 at gmail dot com>
2007-11-24 18:43:59 +00:00
John Birrell
962e1ce30f Fix strict alias warnings. 2007-11-23 23:56:03 +00:00
Bjoern A. Zeeb
9ad0173df1 Make TSO work with IPSEC compiled into the kernel.
The lookup hurts a bit for connections but had been there anyway
if IPSEC was compiled in. So moving the lookup up a bit gives us
TSO support at not extra cost.

PR:		kern/115586
Tested by:	gallatin
Discussed with:	kmacy
MFC after:	2 months
2007-11-21 22:30:14 +00:00
Mike Silbersack
1b67beea13 Comment out the syncache's test which ensures that hosts which negotiate TCP
timestamps in the initial SYN packet actually use them in the rest of the
connection.  Unfortunately, during the 7.0 testing cycle users have already
found network devices that violate this constraint.

RFC 1323 states 'and may send a TSopt in other segments' rather than
'and MUST send', so we must allow it.

Discovered by: Rob Zietlow
Tracked down by: Kip Macy
PR: bin/118005
2007-11-20 06:56:04 +00:00
Oleg Bulyzhin
8d1e3aed2d - New sysctl variable: net.inet.ip.dummynet.io_fast
If it is set to zero value (default) dummynet module will try to emulate
  real link as close as possible (bandwidth & latency): packet will not leave
  pipe faster than it should be on real link with given bandwidth.
  (This is original behaviour of dummynet which was altered in previous commit)
  If it is set to non-zero value only bandwidth is enforced: packet's latency
  can be lower comparing to real link with given bandwidth.

- Document recently introduced dummynet(4) sysctl variables.

Requested by:	luigi, julian
MFC after:	3 month
2007-11-17 21:54:57 +00:00
Randall Stewart
81aca91ab6 - Fix a bug in sctp_calc_rwnd() which resulted in wrong rwnd predictions.
- Fix a signedness problem that shows up in some 64 bit platforms (macos).

MFC after:	1 week
2007-11-10 00:47:14 +00:00
Oleg Bulyzhin
897c0f57d4 1) dummynet_io() declaration has changed.
2) Alter packet flow inside dummynet: allow certain packets to bypass
dummynet scheduler. Benefits are:

- lower latency: if packet flow does not exceed pipe bandwidth, packets
  will not be (up to tick) delayed (due to dummynet's scheduler granularity).
- lower overhead: if packet avoids dummynet scheduler it shouldn't reenter ip
  stack later. Such packets can be fastforwarded.
- recursion (which can lead to kernel stack exhaution) eliminated. This fix
  long existed panic, which can be triggered this way:
  	kldload dummynet
	sysctl net.inet.ip.fw.one_pass=0
	ipfw pipe 1 config bw 0
	for i in `jot 30`; do ipfw add 1 pipe 1 icmp from any to any; done
	ping -c 1 localhost

3) Three new sysctl nodes are added:
net.inet.ip.dummynet.io_pkt -		packets passed to dummynet
net.inet.ip.dummynet.io_pkt_fast - 	packets avoided dummynet scheduler
net.inet.ip.dummynet.io_pkt_drop -	packets dropped by dummynet

P.S. Above comments are true only for layer 3 packets. Layer 2 packet flow
     is not changed yet.

MFC after:	3 month
2007-11-06 23:01:42 +00:00
Oleg Bulyzhin
e793482352 style(9) cleanup.
MFC after:	3 month
2007-11-06 22:53:41 +00:00
Randall Stewart
fb8fb8f815 - Change the Time Wait of vtags value to match the cookie-life
- Select a tag gains ability to optionally save new tags
  off in the timewait system.
- When looking up associations do not give back a stcb that
  is in the about-to-be-freed state, and instead continue
  looking for other candiates.
- New function to query to see if value is in time-wait.
- Timewait had a time comparison error that caused very
  few vtags to actually stay in time-wait.
- When setting tags in time-wait, we now use the time
  requested NOT a fixed constant value.
- sstat now gets the proper associd when we do the query.
- When we process an association, we expect the tag chosen
  (if we have one from a cookie) to be in time-wait. Before
  we would NOT allow the assoc up by checking if its good.
  In theory this should have caused almost all assoc not
  to come up except for the time-comparison bug above (this
  bug was hidden by the time comparison bug :-D).
- Don't save tags for nonce values in the time-wait cache
  since these are used only during cookie collisions and do
  not matter if they are unique or not.
MFC after:	1 week
2007-10-30 14:09:24 +00:00
Robert Watson
a13e21f7bc Continue to move from generic network entry points in the TrustedBSD MAC
Framework by moving from mac_mbuf_create_netlayer() to more specific
entry points for specific network services:

- mac_netinet_firewall_reply() to be used when replying to in-bound TCP
  segments in pf and ipfw (etc).

- Rename mac_netinet_icmp_reply() to mac_netinet_icmp_replyinplace() and
  add mac_netinet_icmp_reply(), reflecting that in some cases we overwrite
  a label in place, but in others we apply the label to a new mbuf.

Obtained from:	TrustedBSD Project
2007-10-28 17:12:48 +00:00
Robert Watson
b9b0dac33b Move towards more explicit support for various network protocol stacks
in the TrustedBSD MAC Framework:

- Add mac_atalk.c and add explicit entry point mac_netatalk_aarp_send()
  for AARP packet labeling, rather than using a generic link layer
  entry point.

- Add mac_inet6.c and add explicit entry point mac_netinet6_nd6_send()
  for ND6 packet labeling, rather than using a generic link layer entry
  point.

- Add expliict entry point mac_netinet_arp_send() for ARP packet
  labeling, and mac_netinet_igmp_send() for IGMP packet labeling,
  rather than using a generic link layer entry point.

- Remove previous genering link layer entry point,
  mac_mbuf_create_linklayer() as it is no longer used.

- Add implementations of new entry points to various policies, largely
  by replicating the existing link layer entry point for them; remove
  old link layer entry point implementation.

- Make MAC_IFNET_LOCK(), MAC_IFNET_UNLOCK(), and mac_ifnet_mtx global
  to the MAC Framework rather than static to mac_net.c as it is now
  needed outside of mac_net.c.

Obtained from:	TrustedBSD Project
2007-10-28 15:55:23 +00:00
Robert Watson
8640764682 Rename 'mac_mbuf_create_from_firewall' to 'mac_netinet_firewall_send' as
we move towards netinet as a pseudo-object for the MAC Framework.

Rename 'mac_create_mbuf_linklayer' to 'mac_mbuf_create_linklayer' to
reflect general object-first ordering preference.

Sponsored by:	SPARTA (original patches against Mac OS X)
Obtained from:	TrustedBSD Project, Apple Computer
2007-10-26 13:18:38 +00:00
Robert Watson
02be6269c3 Normalize TCP syncache-related MAC Framework entry points to match most
other entry points in the form mac_<object>_method().

Discussed with:	csjp
Obtained from:	TrustedBSD Project
2007-10-25 14:37:37 +00:00
Robert Watson
30d239bc4c Merge first in a series of TrustedBSD MAC Framework KPI changes
from Mac OS X Leopard--rationalize naming for entry points to
the following general forms:

  mac_<object>_<method/action>
  mac_<object>_check_<method/action>

The previous naming scheme was inconsistent and mostly
reversed from the new scheme.  Also, make object types more
consistent and remove spaces from object types that contain
multiple parts ("posix_sem" -> "posixsem") to make mechanical
parsing easier.  Introduce a new "netinet" object type for
certain IPv4/IPv6-related methods.  Also simplify, slightly,
some entry point names.

All MAC policy modules will need to be recompiled, and modules
not updates as part of this commit will need to be modified to
conform to the new KPI.

Sponsored by:	SPARTA (original patches against Mac OS X)
Obtained from:	TrustedBSD Project, Apple Computer
2007-10-24 19:04:04 +00:00