summaryrefslogtreecommitdiffstats
path: root/sys/netinet/tcp_input.c
Commit message (Collapse)AuthorAgeFilesLines
* Back out my lats commit of locking down a socket, it conflicts with hsu's work.tanimura2002-05-311-86/+16
| | | | Requested by: hsu
* Lock down a socket, milestone 1.tanimura2002-05-201-16/+86
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a socket buffer. The mutex in the receive buffer also protects the data in struct socket. o Determine the lock strategy for each members in struct socket. o Lock down the following members: - so_count - so_options - so_linger - so_state o Remove *_locked() socket APIs. Make the following socket APIs touching the members above now require a locked socket: - sodisconnect() - soisconnected() - soisconnecting() - soisdisconnected() - soisdisconnecting() - sofree() - soref() - sorele() - sorwakeup() - sotryfree() - sowakeup() - sowwakeup() Reviewed by: alfred
* Redo the sigio locking.alfred2002-05-011-6/+0
| | | | | | | | | | | Turn the sigio sx into a mutex. Sigio lock is really only needed to protect interrupts from dereferencing the sigio pointer in an object when the sigio itself is being destroyed. In order to do this in the most unintrusive manner change pgsigio's sigio * argument into a **, that way we can lock internally to the function.
* Revert the change of #includes in sys/filedesc.h and sys/socketvar.h.tanimura2002-04-301-6/+9
| | | | | | | | | | Requested by: bde Since locking sigio_lock is usually followed by calling pgsigio(), move the declaration of sigio_lock and the definitions of SIGIO_*() to sys/signalvar.h. While I am here, sort include files alphabetically, where possible.
* Add a global sx sigio_lock to protect the pointer to the sigio objecttanimura2002-04-271-1/+5
| | | | | | | | | | of a socket. This avoids lock order reversal caused by locking a process in pgsigio(). sowakeup() and the callers of it (sowwakeup, soisconnected, etc.) now require sigio_lock to be locked. Provide sowwakeup_locked(), soisconnected_locked(), and so on in case where we have to modify a socket and wake up a process atomically.
* just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.suz2002-04-191-0/+2
| | | | | | | (based on freebsd4-snap-20020128) Reviewed by: ume MFC after: 1 week
* Remove some ISN generation code which has been unused since thesilby2002-04-101-2/+0
| | | | | | syncache went in. MFC after: 3 days
* Fixed some style bugs in the removal of __P(()). Continuation linesbde2002-03-241-1/+1
| | | | | were not outdented to preserve non-KNF lining up of code with parentheses. Switch to KNF formatting.
* Remove __P.alfred2002-03-191-7/+7
|
* Change the wording of the inline comments from the previous commit.cjc2002-02-271-8/+3
| | | | Objection from: ru
* The TCP code did not do sufficient checks on whether incoming packetscjc2002-02-251-7/+13
| | | | | | | | | | | | | were destined for a broadcast IP address. All TCP packets with a broadcast destination must be ignored. The system only ignored packets that were _link-layer_ broadcasts or multicast. We need to check the IP address too since it is quite possible for a broadcast IP address to come in with a unicast link-layer address. Note that the check existed prior to CSRG revision 7.35, but was removed. This commit effectively backs out that nine-year-old change. PR: misc/35022
* o Move NTOHL() and associated macros into <sys/param.h>. These aremike2002-02-181-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the source tree to use the lowercase function variants. o Add missing license bits to sparc64's <machine/endian.h>. Approved by: jake o Clean up <machine/endian.h> files. o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>. o Remove prototypes for non-existent bswapXX() functions. o Include <machine/endian.h> in <arpa/inet.h> to define the POSIX-required ntohl() family of functions. o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>, and <sys/param.h>. o Prepend underscores to the ntohl() family to help deal with complexities associated with having MD (asm and inline) versions, and having to prevent exposure of these functions in other headers that happen to make use of endian-specific defines. o Create weak aliases to the canonical function name to help deal with third-party software forgetting to include an appropriate header. o Remove some now unneeded pollution from <sys/types.h>. o Add missing <arpa/inet.h> includes in userland. Tested on: alpha, i386 Reviewed by: bde, jake, tmm
* o Spelling fix in comment: tcp_ouput -> tcp_outputrwatson2002-01-041-1/+1
|
* Fix up tabs in comments.jlemon2001-12-131-4/+4
|
* Fix a bug with transmitter restart after receiving a 0 window. Thedillon2001-12-021-2/+7
| | | | | | | | | | | | | receiver was not sending an immediate ack with delayed acks turned on when the input buffer is drained, preventing the transmitter from restarting immediately. Propogate the TCP_NODELAY option to accept()ed sockets. (Helps tbench and is a good idea anyway). Some cleanup. Identify additonal issues in comments. MFC after: 1 day
* Introduce a syncache, which enables FreeBSD to withstand a SYN floodjlemon2001-11-221-470/+261
| | | | | | | DoS in an improved fashion over the existing code. Reviewed by: silby (in a previous iteration) Sponsored by: DARPA, NAI Labs
* Move initialization of snd_recover into tcp_sendseqinit().jlemon2001-11-211-1/+0
|
* KSE Milestone 2julian2001-09-121-2/+2
| | | | | | | | | | | | | | Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process. Sorry john! (your next MFC will be a doosie!) Reviewed by: peter@freebsd.org, dillon@freebsd.org X-MFC after: ha ha ha ha
* Patches from Keiichi SHIMA <keiichi@iij.ad.jp>julian2001-09-031-3/+3
| | | | | | to make ip use the standard protosw structure again. Obtained from: Well, KAME I guess.
* when newreno is turned on, if dupacks = 1 or dupacks = 2 andjayanth2001-08-291-0/+2
| | | | | | | | | new data is acknowledged, reset the dupacks to 0. The problem was spotted when a connection had its send buffer full because the congestion window was only 1 MSS and was not being incremented because dupacks was not reset to 0. Obtained from: Yahoo!
* Correct a typo in a comment: FIN_WAIT2 -> FIN_WAIT_2dd2001-08-231-1/+1
| | | | | PR: 29970 Submitted by: Joseph Mallett <jmallett@xMach.org>
* Much delayed but now present: RFC 1948 style sequence numberssilby2001-08-221-3/+2
| | | | | | | | | | In order to ensure security and functionality, RFC 1948 style initial sequence number generation has been implemented. Barring any major crypographic breakthroughs, this algorithm should be unbreakable. In addition, the problems with TIME_WAIT recycling which affect our currently used algorithm are not present. Reviewed by: jesper
* Temporary feature: Runtime tuneable tcp initial sequence numbersilby2001-07-081-2/+2
| | | | | | | | | | | | | | | | | | generation scheme. Users may now select between the currently used OpenBSD algorithm and the older random positive increment method. While the OpenBSD algorithm is more secure, it also breaks TIME_WAIT handling; this is causing trouble for an increasing number of folks. To switch between generation schemes, one sets the sysctl net.inet.tcp.tcp_seq_genscheme. 0 = random positive increments, 1 = the OpenBSD algorithm. 1 is still the default. Once a secure _and_ compatible algorithm is implemented, this sysctl will be removed. Reviewed by: jlemon Tested by: numerous subscribers of -net
* Add netstat(1) knob to reset net.inet.{ip|icmp|tcp|udp|igmp}.stats.ru2001-06-231-1/+1
| | | | | | For example, ``netstat -s -p ip -z'' will show and reset IP stats. PR: bin/17338
* Eliminate the allocation of a tcp template structure for eachsilby2001-06-231-6/+0
| | | | | | | | | | | | connection. The information contained in a tcptemp can be reconstructed from a tcpcb when needed. Previously, tcp templates required the allocation of one mbuf per connection. On large systems, this change should free up a large number of mbufs. Reviewed by: bmilekic, jlemon, ru MFC after: 2 weeks
* Sync with recent KAME.ume2001-06-111-30/+79
| | | | | | | | | | | | | | | | | | This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
* Silby's take one on increasing FreeBSD's resistance to SYN floods:jesper2001-06-061-1/+14
| | | | | | | | | | | | | | | | | | | One way we can reduce the amount of traffic we send in response to a SYN flood is to eliminate the RST we send when removing a connection from the listen queue. Since we are being flooded, we can assume that the majority of connections in the queue are bogus. Our RST is unwanted by these hosts, just as our SYN-ACK was. Genuine connection attempts will result in hosts responding to our SYN-ACK with an ACK packet. We will automatically return a RST response to their ACK when it gets to us if the connection has been dropped, so the early RST doesn't serve the genuine class of connections much. In summary, we can reduce the number of packets we send by a factor of two without any loss in functionality by ensuring that RST packets are not sent when dropping a connection from the listen queue. Submitted by: Mike Silbersack <silby@silby.com> Reviewed by: jesper MFC after: 2 weeks
* Inline TCP_REASS() in the single location where it's used,jesper2001-05-291-33/+30
| | | | | | | | just as OpenBSD and NetBSD has done. No functional difference. MFC after: 2 weeks
* properly delay acks in half-closed TCP connectionsjesper2001-05-291-1/+1
| | | | | | PR: 24962 Submitted by: Tony Finch <dot@dotat.at> MFC after: 2 weeks
* Say goodbye to TCP_COMPAT_42jesper2001-04-201-9/+0
| | | | | Reviewed by: wollman Requested by: wollman
* Randomize the TCP initial sequence numbers more thoroughly.kris2001-04-171-2/+11
| | | | | Obtained from: OpenBSD Reviewed by: jesper, peter, -developers
* Axe TCP_RESTRICT_RST. It was never a particularly good idea except for a fewdes2001-03-191-12/+1
| | | | | | | very specific scenarios, and now that we have had net.inet.tcp.blackhole for quite some time there is really no reason to use it any more. (last of three commits)
* Do not delay a new ack if there already is a delayed ack pending on thejlemon2001-02-251-5/+11
| | | | | | connection, but send it immediately. Prior to this change, it was possible to delay a delayed-ack for multiple times, resulting in degraded TCP behavior in certain corner cases.
* Clean up RST ratelimiting. Previously, ratelimiting occured before testsbmilekic2001-02-111-33/+48
| | | | | | | | | | | were performed to determine if the received packet should be reset. This created erroneous ratelimiting and false alarms in some cases. The code has now been reorganized so that the checks for validity come before the call to badport_bandlim. Additionally, a few changes in the symbolic names of the bandlim types have been made, as well as a clarification of exactly which type each RST case falls under. Submitted by: Mike Silbersack <silby@silby.com>
* Correct a comment.wollman2001-01-241-1/+1
|
* Change the following:bmilekic2000-12-151-2/+8
| | | | | | | | | | | | | | | | 1. ICMP ECHO and TSTAMP replies are now rate limited. 2. RSTs generated due to packets sent to open and unopen ports are now limited by seperate counters. 3. Each rate limiting queue now has its own description, as follows: Limiting icmp unreach response from 439 to 200 packets per second Limiting closed port RST response from 283 to 200 packets per second Limiting open port RST response from 18724 to 200 packets per second Limiting icmp ping response from 211 to 200 packets per second Limiting icmp tstamp response from 394 to 200 packets per second Submitted by: Mike Silbersack <silby@silby.com>
* Convert more malloc+bzero to malloc+M_ZERO.dwmalone2000-12-081-2/+1
| | | | | Submitted by: josh@zipperup.org Submitted by: Robert Drehmel <robd@gmx.net>
* tp->snd_recover is part of the New Reno recovery algorithm, and shouldjlemon2000-11-041-1/+6
| | | | | | | | | | | | | only be checked if the system is currently performing New Reno style fast recovery. However, this value was being checked regardless of the NR state, with the end result being that the congestion window was never opened. Change the logic to check t_dupack instead; the only code path that allows it to be nonzero at this point is NewReno, so if it is nonzero, we are in fast recovery mode and should not touch the congestion window. Tested by: phk
* When a connection is being dropped due to a listen queue overflow,jayanth2000-07-211-0/+8
| | | | | | | | | delete the cloned route that is associated with the connection. This does not exhaust the routing table memory when the system is under a SYN flood attack. The route entry is not deleted if there is any prior information cached in it. Reviewed by: Peter Wemm,asmodai
* be more cautious about tcp option length field. drop bogus ones earlier.itojun2000-07-091-1/+3
| | | | | not sure if there is a real threat or not, but it seems that there's possibility for overrun/underrun (like non-NOP option with optlen > cnt).
* sync with kame tree as of july00. tons of bug fixes/improvements.itojun2000-07-041-11/+7
| | | | | | | API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
* sysctl'ize ICMP_BANDLIM and ICMP_BANDLIM_SUPPRESS_OUTPUT.dan2000-05-221-4/+2
| | | | Suggested by: des/nbm
* snd_cwnd was updated twice in the tcp_newreno function.jayanth2000-05-181-1/+0
|
* Sigh, fix a rookie patch merge error.jayanth2000-05-171-3/+0
| | | | Also-missed-by: peter
* snd_una was being updated incorrectly, this resulted in the newrenojayanth2000-05-161-3/+8
| | | | | | | code retransmitting data from the wrong offset. As a footnote, the newreno code was partially derived from NetBSD and Tom Henderson <tomh@cs.berkeley.edu>
* Implement TCP NewReno, as documented in RFC 2582. This allowsjlemon2000-05-061-6/+73
| | | | | | | | better recovery for multiple packet losses in a single window. The algorithm can be toggled via the sysctl net.inet.tcp.newreno, which defaults to "on". Submitted by: Jayanth Vijayaraghavan <jayanth@yahoo-inc.com>
* ND6_HINT() should not be called unless the connection status issumikawa2000-04-171-1/+0
| | | | | | ESTABLISHED. Obtained from: KAME Project
* Support per socket based IPv4 mapped IPv6 addr enable/disable control.shin2000-04-011-1/+1
| | | | Submitted by: ume
* Add support for offloading IP/TCP/UDP checksums to NIC hardware whichjlemon2000-03-271-10/+22
| | | | supports them.
* IPv6 6to4 support.shin2000-03-111-1/+1
| | | | | | | | | | | | | | | | | | | | | Now most big problem of IPv6 is getting IPv6 address assignment. 6to4 solve the problem. 6to4 addr is defined like below, 2002: 4byte v4 addr : 2byte SLA ID : 8byte interface ID The most important point of the address format is that an IPv4 addr is embeded in it. So any user who has IPv4 addr can get IPv6 address block with 2byte subnet space. Also, the IPv4 addr is used for semi-automatic IPv6 over IPv4 tunneling. With 6to4, getting IPv6 addr become dramatically easy. The attached patch enable 6to4 extension, and confirmed to work, between "Richard Seaman, Jr." <dick@tar.com> and me. Approved by: jkh Reviewed by: itojun
OpenPOWER on IntegriCloud