summaryrefslogtreecommitdiff
path: root/sys/netinet/tcp_usrreq.c
Commit message (Collapse)AuthorAgeFilesLines
* Remove check for t_state == TCPS_TIME_WAIT and introduce the tw structure.Jonathan Lemon2003-03-081-13/+15
| | | | | | | Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=112010
* Hold the TCP protocol lock while modifying the connection hash table.Jeffrey Hsu2003-02-251-4/+4
| | | | Notes: svn path=/head/; revision=111459
* Unbreak the automatic remapping of an INADDR_ANY destination addressIan Dowse2002-10-241-5/+4
| | | | | | | | | | | | | | | | | | to the primary local IP address when doing a TCP connect(). The tcp_connect() code was relying on in_pcbconnect (actually in_pcbladdr) modifying the passed-in sockaddr, and I failed to notice this in the recent change that added in_pcbconnect_setup(). As a result, tcp_connect() was ending up using the unmodified sockaddr address instead of the munged version. There are two cases to handle: if in_pcbconnect_setup() succeeds, then the PCB has already been updated with the correct destination address as we pass it pointers to inp_faddr and inp_fport directly. If in_pcbconnect_setup() fails due to an existing but dead connection, then copy the destination address from the old connection. Notes: svn path=/head/; revision=105840
* Replace in_pcbladdr() with a more generic inner subroutine forIan Dowse2002-10-211-14/+12
| | | | | | | | | | | | | | | | | | in_pcbconnect() called in_pcbconnect_setup(). This version performs all of the functions of in_pcbconnect() except for the final committing of changes to the PCB. In the case of an EADDRINUSE error it can also provide to the caller the PCB of the duplicate connection, avoiding an extra in_pcblookup_hash() lookup in tcp_connect(). This change will allow the "temporary connect" hack in udp_output() to be removed and is part of the preparation for adding the IP_SENDSRCADDR control message. Discussed on: -net Approved by: re Notes: svn path=/head/; revision=105629
* Replace (ab)uses of "NULL" where "0" is really meant.Archie Cobbs2002-08-221-2/+2
| | | | Notes: svn path=/head/; revision=102291
* Create new functions in_sockaddr(), in6_sockaddr(), andDon Lewis2002-08-211-20/+43
| | | | | | | | | | | | | | | | | | | | in6_v4mapsin6_sockaddr() which allocate the appropriate sockaddr_in* structure and initialize it with the address and port information passed as arguments. Use calls to these new functions to replace code that is replicated multiple times in in_setsockaddr(), in_setpeeraddr(), in6_setsockaddr(), in6_setpeeraddr(), in6_mapped_sockaddr(), and in6_mapped_peeraddr(). Inline COMMON_END in tcp_usr_accept() so that we can call in_sockaddr() with temporary copies of the address and port after the PCB is unlocked. Fix the lock violation in tcp6_usr_accept() (caused by calling MALLOC() inside in6_mapped_peeraddr() while the PCB is locked) by changing the implementation of tcp6_usr_accept() to match tcp_usr_accept(). Reviewed by: suz Notes: svn path=/head/; revision=102218
* Implement TCP bandwidth delay product window limiting, similar to (butMatthew Dillon2002-08-171-0/+2
| | | | | | | | | | | | | | | not meant to duplicate) TCP/Vegas. Add four sysctls and default the implementation to 'off'. net.inet.tcp.inflight_enable enable algorithm (defaults to 0=off) net.inet.tcp.inflight_debug debugging (defaults to 1=on) net.inet.tcp.inflight_min minimum window limit net.inet.tcp.inflight_max maximum window limit MFC after: 1 week Notes: svn path=/head/; revision=102017
* Use a common way to release locks before exit.Maxim Konovalov2002-07-291-2/+4
| | | | | | | Reviewed by: hsu Notes: svn path=/head/; revision=100871
* make setsockopt(IPV6_V6ONLY, 0) actuall work for tcp6.Hajimu UMEMOTO2002-07-251-3/+3
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=100685
* cleanup usage of ip6_mapped_addr_on and ip6_v6only. now,Hajimu UMEMOTO2002-07-251-5/+3
| | | | | | | | | ip6_mapped_addr_on is unified into ip6_v6only. MFC after: 1 week Notes: svn path=/head/; revision=100683
* Because we're holding an exclusive write lock on the head, references toJeffrey Hsu2002-06-131-3/+0
| | | | | | | the new inp cannot leak out even though it has been placed on the head list. Notes: svn path=/head/; revision=98191
* Lock up inpcb.Jeffrey Hsu2002-06-101-37/+161
| | | | | | | Submitted by: Jennifer Yang <yangjihui@yahoo.com> Notes: svn path=/head/; revision=98102
* Back out my lats commit of locking down a socket, it conflicts with hsu's work.Seigo Tanimura2002-05-311-51/+12
| | | | | | | Requested by: hsu Notes: svn path=/head/; revision=97658
* Lock down a socket, milestone 1.Seigo Tanimura2002-05-201-12/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a socket buffer. The mutex in the receive buffer also protects the data in struct socket. o Determine the lock strategy for each members in struct socket. o Lock down the following members: - so_count - so_options - so_linger - so_state o Remove *_locked() socket APIs. Make the following socket APIs touching the members above now require a locked socket: - sodisconnect() - soisconnected() - soisconnecting() - soisdisconnected() - soisdisconnecting() - sofree() - soref() - sorele() - sorwakeup() - sotryfree() - sowakeup() - sowwakeup() Reviewed by: alfred Notes: svn path=/head/; revision=96972
* Fixed some style bugs in the removal of __P(()). Continuation linesBruce Evans2002-03-241-3/+3
| | | | | | | | were not outdented to preserve non-KNF lining up of code with parentheses. Switch to KNF formatting. Notes: svn path=/head/; revision=93085
* Remove __P.Alfred Perlstein2002-03-191-7/+7
| | | | Notes: svn path=/head/; revision=92723
* - Set inc_isipv6 in tcp6_usr_connect().Hajimu UMEMOTO2002-02-281-0/+1
| | | | | | | | | | - When making a pcb from a sync cache, do not forget to copy inc_isipv6. Obtained from: KAME MFC After: 1 week Notes: svn path=/head/; revision=91492
* Simple p_ucred -> td_ucred changes to start using the per-thread ucredJohn Baldwin2002-02-271-2/+2
| | | | | | | reference. Notes: svn path=/head/; revision=91406
* Introduce a syncache, which enables FreeBSD to withstand a SYN floodJonathan Lemon2001-11-221-2/+2
| | | | | | | | | | DoS in an improved fashion over the existing code. Reviewed by: silby (in a previous iteration) Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=86764
* KSE Milestone 2Julian Elischer2001-09-121-35/+35
| | | | | | | | | | | | | | | | | Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process. Sorry john! (your next MFC will be a doosie!) Reviewed by: peter@freebsd.org, dillon@freebsd.org X-MFC after: ha ha ha ha Notes: svn path=/head/; revision=83366
* Much delayed but now present: RFC 1948 style sequence numbersMike Silbersack2001-08-221-2/+2
| | | | | | | | | | | | | In order to ensure security and functionality, RFC 1948 style initial sequence number generation has been implemented. Barring any major crypographic breakthroughs, this algorithm should be unbreakable. In addition, the problems with TIME_WAIT recycling which affect our currently used algorithm are not present. Reviewed by: jesper Notes: svn path=/head/; revision=82122
* move ipsec security policy allocation into in_pcballoc, beforeHajimu UMEMOTO2001-07-261-12/+0
| | | | | | | | | | | making pcbs available to the outside world. otherwise, we will see inpcb without ipsec security policy attached (-> panic() in ipsec.c). Obtained from: KAME MFC after: 3 days Notes: svn path=/head/; revision=80406
* Bump net.inet.tcp.sendspace to 32k and net.inet.tcp.recvspace to 65k.David E. O'Brien2001-07-131-2/+2
| | | | | | | | | | | | | | | | This should help us in nieve benchmark "tests". It seems a wide number of people think 32k buffers would not cause major issues, and is in fact in use by many other OS's at this time. The receive buffers can be bumped higher as buffers are hardly used and several research papers indicate that receive buffers rarely use much space at all. Submitted by: Leo Bicknell <bicknell@ufp.org> <20010713101107.B9559@ussenterprise.ufp.org> Agreed to in principle by: dillon (at the 32k level) Notes: svn path=/head/; revision=79685
* Temporary feature: Runtime tuneable tcp initial sequence numberMike Silbersack2001-07-081-2/+2
| | | | | | | | | | | | | | | | | | | | | generation scheme. Users may now select between the currently used OpenBSD algorithm and the older random positive increment method. While the OpenBSD algorithm is more secure, it also breaks TIME_WAIT handling; this is causing trouble for an increasing number of folks. To switch between generation schemes, one sets the sysctl net.inet.tcp.tcp_seq_genscheme. 0 = random positive increments, 1 = the OpenBSD algorithm. 1 is still the default. Once a secure _and_ compatible algorithm is implemented, this sysctl will be removed. Reviewed by: jlemon Tested by: numerous subscribers of -net Notes: svn path=/head/; revision=79413
* Eliminate the allocation of a tcp template structure for eachMike Silbersack2001-06-231-12/+0
| | | | | | | | | | | | | | | connection. The information contained in a tcptemp can be reconstructed from a tcpcb when needed. Previously, tcp templates required the allocation of one mbuf per connection. On large systems, this change should free up a large number of mbufs. Reviewed by: bmilekic, jlemon, ru MFC after: 2 weeks Notes: svn path=/head/; revision=78642
* Sync with recent KAME.Hajimu UMEMOTO2001-06-111-5/+8
| | | | | | | | | | | | | | | | | | | | | This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks Notes: svn path=/head/; revision=78064
* Say goodbye to TCP_COMPAT_42Jesper Skriver2001-04-201-9/+0
| | | | | | | | Reviewed by: wollman Requested by: wollman Notes: svn path=/head/; revision=75733
* Randomize the TCP initial sequence numbers more thoroughly.Kris Kennaway2001-04-171-1/+10
| | | | | | | | Obtained from: OpenBSD Reviewed by: jesper, peter, -developers Notes: svn path=/head/; revision=75619
* Unbreak LINT.Jonathan Lemon2001-03-121-5/+17
| | | | | | | Pointed out by: phk Notes: svn path=/head/; revision=74134
* Push the test for a disconnected socket when accept()ing down to theJonathan Lemon2001-03-091-0/+8
| | | | | | | | protocol layer. Not all protocols behave identically. This fixes the brokenness observed with unix-domain sockets (and postfix) Notes: svn path=/head/; revision=74018
* o Move per-process jail pointer (p->pr_prison) to inside of the subjectRobert Watson2001-02-211-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | credential structure, ucred (cr->cr_prison). o Allow jail inheritence to be a function of credential inheritence. o Abstract prison structure reference counting behind pr_hold() and pr_free(), invoked by the similarly named credential reference management functions, removing this code from per-ABI fork/exit code. o Modify various jail() functions to use struct ucred arguments instead of struct proc arguments. o Introduce jailed() function to determine if a credential is jailed, rather than directly checking pointers all over the place. o Convert PRISON_CHECK() macro to prison_check() function. o Move jail() function prototypes to jail.h. o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the flag in the process flags field itself. o Eliminate that "const" qualifier from suser/p_can/etc to reflect mutex use. Notes: o Some further cleanup of the linux/jail code is still required. o It's now possible to consider resolving some of the process vs credential based permission checking confusion in the socket code. o Mutex protection of struct prison is still not present, and is required to protect the reference count plus some fields in the structure. Reviewed by: freebsd-arch Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=72786
* When turning off TCP_NOPUSH, call tcp_output to immediately flushJonathan Lemon2001-02-021-4/+14
| | | | | | | | | out any data pending in the buffer. Submitted by: Tony Finch <dot@dotat.at> Notes: svn path=/head/; revision=71937
* Support per socket based IPv4 mapped IPv6 addr enable/disable control.Yoshinobu Inoue2000-04-011-4/+3
| | | | | | | Submitted by: ume Notes: svn path=/head/; revision=58907
* tcp updates to support IPv6.Yoshinobu Inoue2000-01-091-1/+287
| | | | | | | | | | also a small patch to sys/nfs/nfs_socket.c, as max_hdr size change. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project Notes: svn path=/head/; revision=55679
* IPSEC support in the kernel.Yoshinobu Inoue1999-12-221-0/+12
| | | | | | | | | | | pr_input() routines prototype is also changed to support IPSEC and IPV6 chained protocol headers. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project Notes: svn path=/head/; revision=55009
* Always set INP_IPV4 flag for IPv4 pcb entries, because netstat needs itYoshinobu Inoue1999-12-131-3/+0
| | | | | | | | | | | | | | to print out protocol specific pcb info. A patch submitted by guido@gvr.org, and asmodai@wxs.nl also reported the problem. Thanks and sorry for your troubles. Submitted by: guido@gvr.org Reviewed by: shin Notes: svn path=/head/; revision=54526
* udp IPv6 support, IPv6/IPv4 tunneling support in kernel,Yoshinobu Inoue1999-12-071-1/+5
| | | | | | | | | | | | | packet divert at kernel for IPv6/IPv4 translater daemon This includes queue related patch submitted by jburkhol@home.com. Submitted by: queue related patch from jburkhol@home.com Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project Notes: svn path=/head/; revision=54263
* Fix a warning and a potential panic if TCPDEBUG is active. (tp isPeter Wemm1999-11-181-0/+2
| | | | | | | a wild pointer and used by TCPDEBUG2()) Notes: svn path=/head/; revision=53353
* Restructure TCP timeout handling:Jonathan Lemon1999-08-301-3/+4
| | | | | | | | | | | | | - eliminate the fast/slow timeout lists for TCP and instead use a callout entry for each timer. - increase the TCP timer granularity to HZ - implement "bad retransmit" recovery, as presented in "On Estimating End-to-End Network Path Properties", by Allman and Paxson. Submitted by: jlemon, wollmann Notes: svn path=/head/; revision=50673
* $Id$ -> $FreeBSD$Peter Wemm1999-08-281-1/+1
| | | | Notes: svn path=/head/; revision=50477
* Plug a mbuf leak in tcp_usr_send(). pru_send() routines are expectedPeter Wemm1999-06-041-7/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | to either enqueue or free their mbuf chains, but tcp_usr_send() was dropping them on the floor if the tcpcb/inpcb has been torn down in the middle of a send/write attempt. This has been responsible for a wide variety of mbuf leak patterns, ranging from slow gradual leakage to rather rapid exhaustion. This has been a problem since before 2.2 was branched and appears to have been fixed in rev 1.16 and lost in 1.23/1.28. Thanks to Jayanth Vijayaraghavan <jayanth@yahoo-inc.com> for checking (extensively) into this on a live production 2.2.x system and that it was the actual cause of the leak and looks like it fixes it. The machine in question was loosing (from memory) about 150 mbufs per hour under load and a change similar to this stopped it. (Don't blame Jayanth for this patch though) An alternative approach to this would be to recheck SS_CANTSENDMORE etc inside the splnet() right before calling pru_send() after all the potential sleeps, interrupts and delays have happened. However, this would mean exposing knowledge of the tcp stack's reset handling and removal of the pcb to the generic code. There are other things that call pru_send() directly though. Problem originally noted by: John Plevyak <jplevyak@inktomi.com> Notes: svn path=/head/; revision=47720
* Add sysctl descriptions to many SYSCTL_XXXsBill Fumerola1999-05-031-5/+5
| | | | | | | | | | PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style) Notes: svn path=/head/; revision=46381
* This Implements the mumbled about "Jail" feature.Poul-Henning Kamp1999-04-281-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/ Notes: svn path=/head/; revision=46155
* so_linger is in seconds, not in 1/HZAndrey A. Chernov1999-04-241-2/+2
| | | | | | | | PR: 11252 Submitted by: Martin Kammerhofer <dada@sbox.tu-graz.ac.at> Notes: svn path=/head/; revision=46016
* Add a flag, passed to pru_send routines, PRUS_MORETOCOME. ThisBill Fenner1999-01-201-2/+7
| | | | | | | | | | | | flag means that there is more data to be put into the socket buffer. Use it in TCP to reduce the interaction between mbuf sizes and the Nagle algorithm. Based on: "Justin C. Walker" <justin@apple.com>'s description of Apple's fix for this problem. Notes: svn path=/head/; revision=42902
* The "easy" fixes for compiling the kernel -Wunused: remove unreferenced staticArchie Cobbs1998-12-071-2/+1
| | | | | | | and local variables, goto labels, and functions declared but not defined. Notes: svn path=/head/; revision=41591
* Yow! Completely change the way socket options are handled, eliminatingGarrett Wollman1998-08-231-57/+60
| | | | | | | | | another specialized mbuf type in the process. Also clean up some of the cruft surrounding IPFW, multicast routing, RSVP, and other ill-explored corners. Notes: svn path=/head/; revision=38482
* Improved connection establishment performance by doing local port lookups viaDavid Greenman1998-01-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a hashed port list. In the new scheme, in_pcblookup() goes away and is replaced by a new routine, in_pcblookup_local() for doing the local port check. Note that this implementation is space inefficient in that the PCB struct is now too large to fit into 128 bytes. I might deal with this in the future by using the new zone allocator, but I wanted these changes to be extensively tested in their current form first. Also: 1) Fixed off-by-one errors in the port lookup loops in in_pcbbind(). 2) Got rid of some unneeded rehashing. Adding a new routine, in_pcbinshash() to do the initialial hash insertion. 3) Renamed in_pcblookuphash() to in_pcblookup_hash() for easier readability. 4) Added a new routine, in_pcbremlists() to remove the PCB from the various hash lists. 5) Added/deleted comments where appropriate. 6) Removed unnecessary splnet() locking. In general, the PCB functions should be called at splnet()...there are unfortunately a few exceptions, however. 7) Reorganized a few structs for better cache line behavior. 8) Killed my TCP_ACK_HACK kludge. It may come back in a different form in the future, however. These changes have been tested on wcarchive for more than a month. In tests done here, connection establishment overhead is reduced by more than 50 times, thus getting rid of one of the major networking scalability problems. Still to do: make tcp_fastimo/tcp_slowtimo scale well for systems with a large number of connections. tcp_fastimo is easy; tcp_slowtimo is difficult. WARNING: Anything that knows about inpcb and tcpcb structs will have to be recompiled; at the very least, this includes netstat(1). Notes: svn path=/head/; revision=32821
* Fixed a missing splx(s) bug in tcp_usr_send().David Greenman1997-12-181-2/+3
| | | | Notes: svn path=/head/; revision=31840
* Make TCPDEBUG a new-style option.Joerg Wunsch1997-09-161-1/+3
| | | | Notes: svn path=/head/; revision=29514
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-20 18:22:05 +0000