src-test2/sys/netinet/udp_usrreq.c, branch release/3.3.0_cvs

This commit was manufactured by cvs2svn to create tag

1999-09-16T08:26:13Z

'RELENG_3_3_0_RELEASE'. This commit was manufactured to restore the state of the 3.3-RELEASE image. Releases prior to 5.3-RELEASE are omitting the secure/ and crypto/ subdirs.

$Id$ -> $FreeBSD$

1999-08-29T16:33:42Z

MFC:

1999-08-29T13:09:25Z

This is the pre-3.3 IPFW megamerge. This brings IPFW almost completely up to 4.0's. __FreeBSD_version is bumped by this commi. Changes include: - per-socket credentials stored - ability to get those credentials with sysctl - uid- and gid- based filtering in IPFW - dynamic logging in IPFW (rules can be set as logging for any number of packets, not just the default, and logging can be reset) Following this is a commit to pidentd to use 1 and 2.

Reviewed by: freebsd-current

1998-12-03T20:23:21Z

Add ICMP_BANDLIM option and 'net.inet.icmp.icmplim' sysctl. If option is specified in kernel config, icmplim defaults to 100 pps. Setting it to 0 will disable the feature. This feature limits ICMP error responses for packets sent to bad tcp or udp ports, which does a lot to help the machine handle network D.O.S. attacks. The kernel will report packet rates that exceed the limit at a rate of one kernel printf per second. There is one issue in regards to the 'tail end' of an attack... the kernel will not output the last report until some unrelated and valid icmp error packet is return at some point after the attack is over. This is a minor reporting issue only.

Re-implement tcp and ip fragment reassembly to not store pointers in the

1998-08-24T07:47:39Z

ip header which can't work on alpha since pointers are too big. Reviewed by: Garrett Wollman

Convert socket structures to be type-stable and add a version number.

1998-05-15T20:11:40Z

Define a parameter which indicates the maximum number of sockets in a system, and use this to size the zone allocators used for sockets and for certain PCBs. Convert PF_LOCAL PCB structures to be type-stable and add a version number. Define an external format for infomation about socket structures and use it in several places. Define a mechanism to get all PF_LOCAL and PF_INET PCB lists through sysctl(3) without blocking network interrupts for an unreasonable length of time. This probably still has some bugs and/or race conditions, but it seems to work well enough on my machines. It is now possible for `netstat' to get almost all of its information via the sysctl(3) interface rather than reading kmem (changes to follow).

Fixed style bugs (mostly) in previous commit.

1998-03-28T10:18:26Z

Use the zone allocator to allocate inpcbs and tcpcbs. Each protocol creates

1998-03-24T18:06:34Z

its own zone; this is used particularly by TCP which allocates both inpcb and tcpcb in a single allocation. (Some hackery ensures that the tcpcb is reasonably aligned.) Also keep track of the number of pcbs of each type allocated, and keep a generation count (instance version number) for future use.

Improved connection establishment performance by doing local port lookups via

1998-01-27T09:15:13Z

a hashed port list. In the new scheme, in_pcblookup() goes away and is replaced by a new routine, in_pcblookup_local() for doing the local port check. Note that this implementation is space inefficient in that the PCB struct is now too large to fit into 128 bytes. I might deal with this in the future by using the new zone allocator, but I wanted these changes to be extensively tested in their current form first. Also: 1) Fixed off-by-one errors in the port lookup loops in in_pcbbind(). 2) Got rid of some unneeded rehashing. Adding a new routine, in_pcbinshash() to do the initialial hash insertion. 3) Renamed in_pcblookuphash() to in_pcblookup_hash() for easier readability. 4) Added a new routine, in_pcbremlists() to remove the PCB from the various hash lists. 5) Added/deleted comments where appropriate. 6) Removed unnecessary splnet() locking. In general, the PCB functions should be called at splnet()...there are unfortunately a few exceptions, however. 7) Reorganized a few structs for better cache line behavior. 8) Killed my TCP_ACK_HACK kludge. It may come back in a different form in the future, however. These changes have been tested on wcarchive for more than a month. In tests done here, connection establishment overhead is reduced by more than 50 times, thus getting rid of one of the major networking scalability problems. Still to do: make tcp_fastimo/tcp_slowtimo scale well for systems with a large number of connections. tcp_fastimo is easy; tcp_slowtimo is difficult. WARNING: Anything that knows about inpcb and tcpcb structs will have to be recompiled; at the very least, this includes netstat(1).

Fix a couple of operator precedence bugs.

1998-01-25T17:25:41Z

PR: 5450 Submitted by: Sakari Jalovaara