| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
hz >> 1000 and thus getting outside the timestamp clock frequenceny of
1ms < x < 1s per tick as mandated by RFC1323, leading to connection
resets on idle connections.
Always use a granularity of 1ms using getmicrouptime() making all but
relevant callouts independent of hz.
Use getmicrouptime(), not getmicrotime() as the latter may make a jump
possibly breaking TCP nfsroot mounts having our timestamps move forward
for more than 24.8 days in a second without having been idle for that
long.
PR: kern/61404
Reviewed by: jhb, mav, rrs
Discussed with: silby, lstewart
Sponsored by: Sandvine Incorporated (originally in 2011)
MFC after: 6 weeks
|
| |
|
|
|
|
|
|
|
| |
to a deadlock of an association when an IPv6 socket was used to
communcate with IPv4 and an ICMPv4 fragmentation needed message
was received.
While there, simplify the code a bit.
MFC after: 3 days.
|
| |
|
|
| |
PR: 164696
|
| |
|
|
| |
Submitted by: sem
|
| |
|
|
|
|
| |
to integrate this fix in our code base, so it was removed in r227755.
MFC after: 3 days.
|
| |
|
|
|
|
|
| |
TCP_KEEPCNT, that allow to control initial timeout, idle time, idle
re-send interval and idle send count on a per-socket basis.
Reviewed by: andre, bz, lstewart
|
| |
|
|
|
|
|
|
|
|
| |
to cleanup routes from a single ifa.
o Implement carp_addroute()/carp_delroute() via above functions.
o Call carp_ifa_delroute() in the carp_detach() to avoid
junk routes left in routing table, in case if user
removes an address in a MASTER state. [1]
Reported by: az [1]
|
| |
|
|
| |
MFC after: 3 days
|
| | |
|
| |
|
|
|
|
| |
Reported by: bde (for ip_divert)
Reviewed by: bde
MFC after: 3 days
|
| |
|
|
|
|
|
|
| |
Properly sort the "carp" case in modules/Makefile after it was renamed.
Reported by: bde (most)
Reviewed by: bde
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
| |
comments to longer, also refining strange ones.
Properly use #ifdef rather than #if defined() where possible. Four
#if defined(PCBGROUP) occurances (netinet and netinet6) were ignored to
avoid conflicts with eventually upcoming changes for RSS.
Reported by: bde (most)
Reviewed by: bde
MFC after: 3 days
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
| |
While there, remove an old comment which does not apply anymore.
|
| |
|
|
|
|
|
| |
ioctl commands.
PR: 163524
Reviewed by: net
|
| | |
|
| |
|
|
|
|
|
| |
using SCTP_RECVINFO or SCTP_NXTINFO.
Reported by Clement Lecigne and forwarded to us by zi@.
MFC after: 3 days.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Make the pfsync.ko actually usable. Before this change loading it
didn't register protosw, so was a nop. However, a module /boot/kernel
did confused users.
o Rewrite the way we are joining multicast group:
- Move multicast initialization/destruction to separate functions.
- Don't allocate memory if we aren't going to join a multicast group.
- Use modern API for joining/leaving multicast group.
- Now the utterly wrong pfsync_ifdetach() isn't needed.
o Move module initialization from SYSINIT(9) to moduledata_t method.
o Refuse to unload module, unless asked forcibly.
o Improve a bit some FreeBSD porting code:
- Use separate malloc type.
- Simplify swi sheduling.
This change is probably wrong from VIMAGE viewpoint, however pfsync
wasn't VIMAGE-correct before this change, too.
Glanced at by: bz
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
in the ARP datagram generated by arprequest(). If caller doesn't
supply the address, then it is either picked from CARP or hardware
address of the interface is taken.
While here, make several minor fixes:
- Hold IF_ADDR_RLOCK(ifp) while traversing address list.
- Remove not true comment.
- Access internet address and mask via in_ifaddr fields,
rather than ifaddr.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
If set to 1, no ABORT is sent back in response to an incoming
INIT. If set to 2, no ABORT is sent back in response to
an out of the blue packet. If set to 0 (the default), ABORTs
are sent.
Discussed with rrs@.
MFC after: 1 month.
|
| |
|
|
|
| |
and there is no reason to make is configuarable.
Discussed with rrs@.
|
| |
|
|
|
|
|
| |
not accepting the connection. Also fix a crash, which
could happen when the user closed the socket.
MFC after: 1 month.
|
| |
|
|
|
|
| |
PR: 163623
Submitted by: Eugene Grosbein <eugen@eg.sd.rdtc.ru>
Approved by: bz
|
| |
|
|
| |
MFC after: 1 month.
|
| |
|
|
| |
MFC after: 5 days
|
| |
|
|
| |
Pointy hat to: jhb
|
| |
|
|
| |
X-MFC-with: 229665
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
than or equal to rcv_adv and fix tcp_twstart() to handle this case by
assuming the last window was zero rather than a negative value.
The code in tcp_input() already safely handled this case. It can happen
due to delayed ACKs along with a remote sender that sends data beyond
the window we previously advertised. If we have room in our socket buffer
for the extra data beyond the advertised window, we will accept it.
However, if the ACK for that segment is delayed, then we will not
effectively fixup rcv_adv to account for that extra data until the
next segment arrives and forces out an ACK. When that next segment
arrives, rcv_nxt will be beyond rcv_adv.
Tested by: pjd
MFC after: 1 week
|
| |
|
|
|
|
|
| |
either a read lock or write lock.
Reviewed by: bz
MFC after: 2 weeks
|
| | |
|
| |
|
|
|
|
|
|
|
| |
missing interface address list locking and grab a reference on the
matching interface address after dropping the lock while it is used to
avoid a potential use after free.
Reviewed by: bz
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
interface address rather than IPv6.
Submitted by: hrs
Reviewed by: bz
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reference on a group in the leaving state while iterating over the loop.
Instead, use the same approach used in igmp_ifdetach() and mld_ifdetach()
of placing the groups to free on pending release list and then releasing
the references after dropping the IF_ADDR_LOCK. This closes an ugly race
where the code was dropping the lock in the middle of iterating over the
list. It also fixes some additional potential use-after-free bugs since
the cancellation routine also applied other changes to the group after
dropping the reference. Now those changes are performed before the
reference is dropped and the group is potentially freed.
Prodded to fix by: glebius
Reviewed by: bz
MFC after: 1 week
|
| |
|
|
|
|
| |
do not modify the queues they iterate over.
Submitted by: glebius
|
| |
|
|
| |
(read: non-existent) here and should be fixed.
|
| |
|
|
|
|
|
|
|
|
| |
asychronous task. This avoids tearing down multicast state including
sending IGMP leave messages and reprogramming MAC filters while holding
the per-protocol global pcbinfo lock that is used in the receive path of
packet processing.
Reviewed by: rwatson
MFC after: 1 month
|
| |
|
|
|
|
|
|
| |
the INET6 code. This includes retiring the 'ndpr_next' and 'pfr_next'
macros.
Submitted by: pluknet (earlier version)
Reviewed by: pluknet
|
| | |
|
| |
|
|
|
|
| |
issues.
MFC after: 3 months.
|
| | |
|
| |
|
|
|
|
| |
with ifconfig(8) prior to r228571.
Requested by: brooks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
7.x, 8.x and 9.x with pf(4) imports: pfsync(4) should suppress CARP
preemption, while it is running its bulk update.
However, reimplement the feature in more elegant manner, that is
partially inspired by newer OpenBSD:
- Rename term "suppression" to "demotion", to match with OpenBSD.
- Keep a global demotion factor, that can be raised by several
conditions, for now these are:
- interface goes down
- carp(4) has problems with ip_output() or ip6_output()
- pfsync performs bulk update
- Unlike in OpenBSD the demotion factor isn't a counter, but
is actual value added to advskew. The adjustment values for
particular error conditions are also configurable, and their
defaults are maximum advskew value, so a single failure bumps
demotion to maximum. This is for POLA compatibility, and should
satisfy most users.
- Demotion factor is a writable sysctl, so user can do
foot shooting, if he desires to.
|
| |
|
|
|
|
| |
While there, fix some whitespace issues.
MFC after: 3 months.
|
| |
|
|
|
| |
and thus ifconfig(8) needs recompile, it is a good chance to make
parameter checks on SIOCAIFADDR arguments more strict.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
from scratch, copying needed functionality from the old implemenation
on demand, with a thorough review of all code. The main change is that
interface layer has been removed from the CARP. Now redundant addresses
are configured exactly on the interfaces, they run on.
The CARP configuration itself is, as before, configured and read via
SIOCSVH/SIOCGVH ioctls. A new prefix created with SIOCAIFADDR or
SIOCAIFADDR_IN6 may now be configured to a particular virtual host id,
which makes the prefix redundant.
ifconfig(8) semantics has been changed too: now one doesn't need
to clone carpXX interface, he/she should directly configure a vhid
on a Ethernet interface.
To supply vhid data from the kernel to an application the getifaddrs(8)
function had been changed to pass ifam_data with each address. [1]
The new implementation definitely closes all PRs related to carp(4)
being an interface, and may close several others. It also allows
to run a single redundant IP per interface.
Big thanks to Bjoern Zeeb for his help with inet6 part of patch, for
idea on using ifam_data and for several rounds of reviewing!
PR: kern/117000, kern/126945, kern/126714, kern/120130, kern/117448
Reviewed by: bz
Submitted by: bz [1]
|
| |
|
|
|
| |
should compare not only addresses, but their masks, too, when searching
for matching prefix.
|
| |
|
|
|
|
|
| |
out HEARTBEATs when requested by the user. The HEARTBEATs were only
queued, but not actually sent out.
MFC after: 2 months.
|
| |
|
|
| |
don't overwrite the mask with autoguessing based on classes.
|
