summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* MFC r317244:tuexen2017-08-131-1/+2
| | | | | | | | Represent "a syncache overflow hasn't happend yet" by using -(SYNCOOKIE_LIFETIME + 1) instead of INT64_MIN, since it is good enough and works when time_t is int32 or int64. Approved by: re (kib)
* MFC r317208:tuexen2017-08-092-5/+22
| | | | | | | | | | | | | | Syncoockies can be used in combination with the syncache. If the cache overflows, syncookies are used. This patch restricts the usage of syncookies in this case: accept syncookies only if there was an overflow of the syncache recently. This mitigates a problem reported in PR217637, where is syncookie was accepted without any recent drops. Thanks to glebius@ for suggesting an improvement. PR: 217637 Reviewed by: gnn, glebius Differential Revision: https://reviews.freebsd.org/D10272
* MFC r318255:ngie2017-07-181-1/+2
| | | | | | | | | | | Add missing braces around MCAST_EXCLUDE check when KTR support is compiled into the kernel This ensures that .iss_asm (the number of ASM listeners) isn't incorrectly decremented for MLD-layer source datagrams when inspecting im*s_st[1] (the second state in the structure). PR: 217509 [1]
* MFC r281437 (by mjg@):dchagin2017-07-151-4/+4
| | | | | | Replace struct filedesc argument in getsock_cap with struct thread This is is a step towards removal of spurious arguments.
* MFC r281436 (by mjg@):dchagin2017-07-151-1/+1
| | | | | | | | fd: remove filedesc argument from fdclose Just accept a thread instead. This makes it consistent with fdalloc. No functional changes.
* MFC r284613 (by tuexen@):dchagin2017-07-151-0/+8
| | | | | When using KTRACE, set a variable to the appropriate value and don't leave it initialized at NULL.
* MFC r272823:dchagin2017-07-151-0/+588
| | | | | | | | | | | | | | | | | | | | | | | Move the SCTP syscalls to netinet with the rest of the SCTP code. The syscalls themselves are tightly coupled with the network stack and therefore should not be in the generic socket code. The following four syscalls have been marked as NOSTD so they can be dynamically registered in sctp_syscalls_init() function: sys_sctp_peeloff sys_sctp_generic_sendmsg sys_sctp_generic_sendmsg_iov sys_sctp_generic_recvmsg The syscalls are also set up to be dynamically registered when COMPAT32 option is configured. As a side effect of moving the SCTP syscalls, getsock_cap needs to be made available outside of the uipc_syscalls.c source file. A proper prototype has been added to the sys/socketvar.h header file. API tests from the SCTP reference implementation have been run to ensure compatibility. (http://code.google.com/p/sctp-refimpl/source/checkout)
* MFC r318150:eugen2017-05-191-1/+3
| | | | | | | Fix translation of transit PPtP/GRE connections for ipfw nat/natd "global" case. PR: 218968 Approved by: ae, vsevolod (mentor)
* Revert the partial MFC of r313045 which broke dtracesmh2017-05-182-7/+8
| | | | | | | | | | | | This removes the mbuf to ipinfo_t translator and switches tcp_autorcvbuf to use the older mtod macro. This was originally merged to stable/10 as part of r317375. Reported by: markj Reviewed by: markj, hiren Sponsored by: Multiplay Differential Revision: https://reviews.freebsd.org/D10769
* Partial MFC r316676 and the required r313045smh2017-04-245-67/+85
| | | | | | | | | | | | | | | | | | MFC r316676: Use estimated RTT for receive buffer auto resizing instead of timestamps. This is a partial MFC as stable/10 doesn't include the TCP stack modularisation. MFC r313045: Add an mbuf to ipinfo_t translator to finish cleanup of mbuf passing to TCP probes. This is a partial MFC (missing debug__output & debug__drop changes) due to the massive amount of additional dtrace changes that would be required for a full MFC. Relnotes: Yes Sponsored by: Multiplay
* MFC r283291: don't use CALLOUT_MPSAFE with callout_init()avg2017-03-044-10/+10
| | | | | The main purpose of this MFC is to reduce conflicts for other merges. Parts of the original change have already "trickled down" via individual MFCs.
* MFC r292782: Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.cavg2017-02-271-1/+1
| | | | | | | cperciva's libmd implementation is 5-30% faster The same was done for SHA256 previously in r263218 Approved by: secteam
* MFC r313401vangyzen2017-02-101-4/+4
| | | | | | | | | | | | | Fix garbage IP addresses in UDP log_in_vain messages If multiple threads emit a UDP log_in_vain message concurrently, or indeed call inet_ntoa() for any other reason, the IP addresses could be garbage due to concurrent usage of a single string buffer inside inet_ntoa(). Use inet_ntoa_r() with two stack buffers instead. Relnotes: yes Sponsored by: Dell EMC
* MFC r312982:cy2017-02-061-2/+2
| | | | Correct comment grammar and make it easier to understand.
* Revert MFC of 310847 and 310864jpaetzel2017-01-201-110/+16
| | | | | Requested by glebius who had questions about the original head commit that I didn't see.
* MFC 310847 310864jpaetzel2017-01-191-16/+110
| | | | | | | | | | | | | | | | | | | | | | | | Harden CARP against network loops. If there is a loop in the network a CARP that is in MASTER state will see it's own broadcasts, which will then cause it to assume BACKUP state. When it assumes BACKUP it will stop sending advertisements. In that state it will no longer see advertisements and will assume MASTER... We can't catch all the cases where we are seeing our own CARP broadcast, but we can catch the obvious case. Unbreak ip_carp with WITHOUT_INET6 enabled by conditionalizing all IPv6 structs under the INET6 #ifdef. Similarly (even though it doesn't seem to affect the build), conditionalize all IPv4 structs under the INET #ifdef This also unbreaks the LINT-NOINET6 tinderbox target on amd64; I have not verified other MACHINE/TARGET pairs (e.g. armv6/arm). Submitted by: torek Obtained from: FreeNAS Pointyhat fix: ngie
* MFC r306577 r306652 306830vangyzen2016-11-303-0/+138
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add GARP retransmit capability A single gratuitous ARP (GARP) is always transmitted when an IPv4 address is added to an interface, and that is usually sufficient. However, in some circumstances, such as when a shared address is passed between cluster nodes, this single GARP may occasionally be dropped or lost. This can lead to neighbors on the network link working with a stale ARP cache and sending packets destined for that address to the node that previously owned the address, which may not respond. To avoid this situation, GARP retransmissions can be enabled by setting the net.link.ether.inet.garp_rexmit_count sysctl to a value greater than zero. The setting represents the maximum number of retransmissions. The interval between retransmissions is calculated using an exponential backoff algorithm, doubling each time, so the retransmission intervals are: {1, 2, 4, 8, 16, ...} (seconds). Due to the exponential backoff algorithm used for the interval between GARP retransmissions, the maximum number of retransmissions is limited to 16 for sanity. This limit corresponds to a maximum interval between retransmissions of 2^16 seconds ~= 18 hours. Increasing this limit is possible, but sending out GARPs spaced days apart would be of little use. Update arp(4) to document the net.link.ether.inet.garp_rexmit_count sysctl. Submitted by: dab Relnotes: yes Sponsored by: Dell EMC
* MFC r286227, r286443:jch2016-11-249-191/+280
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r286227: Decompose TCP INP_INFO lock to increase short-lived TCP connections scalability: - The existing TCP INP_INFO lock continues to protect the global inpcb list stability during full list traversal (e.g. tcp_pcblist()). - A new INP_LIST lock protects inpcb list actual modifications (inp allocation and free) and inpcb global counters. It allows to use TCP INP_INFO_RLOCK lock in critical paths (e.g. tcp_input()) and INP_INFO_WLOCK only in occasional operations that walk all connections. PR: 183659 Differential Revision: https://reviews.freebsd.org/D2599 Reviewed by: jhb, adrian Tested by: adrian, nitroboost-gmail.com Sponsored by: Verisign, Inc. r286443: Fix a kernel assertion issue introduced with r286227: Avoid too strict INP_INFO_RLOCK_ASSERT checks due to tcp_notify() being called from in6_pcbnotify(). Reported by: Larry Rosenman <ler@lerctr.org> Submitted by: markj, jch
* MFC r307966:jch2016-11-031-4/+0
| | | | | | | | | | | | | | | | Remove an extraneous call to soisconnected() in syncache_socket(), introduced with r261242. The useful and expected soisconnected() call is done in tcp_do_segment(). Has been found as part of unrelated PR:212920 investigation. Improve slightly (~2%) the maximum number of TCP accept per second. Tested by: kevin.bowling_kev009.com, jch Approved by: gnn, hiren MFC after: 1 week Sponsored by: Verisign, Inc Differential Revision: https://reviews.freebsd.org/D8072
* MFC r307551:jch2016-10-253-3/+42
| | | | | | | | | | | | | | | | | | Fix a double-free when an inp transitions to INP_TIMEWAIT state after having been dropped. This change enforces in_pcbdrop() logic in tcp_input(): "in_pcbdrop() is used by TCP to mark an inpcb as unused and avoid future packet delivery or event notification when a socket remains open but TCP has closed." PR: 203175 Reported by: Palle Girgensohn, Slawa Olhovchenkov Tested by: Slawa Olhovchenkov Reviewed by: Slawa Olhovchenkov Approved by: gnn, Slawa Olhovchenkov Differential Revision: https://reviews.freebsd.org/D8211 Sponsored by: Verisign, inc
* MFC r306766:jtl2016-10-131-1/+0
| | | | Remove declaration of un-defined function tcp_seq_subtract().
* MFC r306443:jch2016-10-091-1/+3
| | | | | | | | | | | | | | | | | Fix an issue with accept_filter introduced with r261242: As a side effect of r261242 when using accept_filter the first call to soisconnected() is done earlier in tcp_input() instead of tcp_do_segment() context. Restore the expected behaviour. Note: This call to soisconnected() seems to be extraneous in all cases (with or without accept_filter). Will be addressed in a separate commit. PR: 212920 Reported by: Alexey Tested by: Alexey, jch Sponsored by: Verisign, Inc.
* MFC r296454:jtl2016-10-071-14/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some cleanup in tcp_respond() in preparation for another change: - Reorder variables by size - Move initializer closer to where it is used - Remove unneeded variable MFC r296455: As reported on the transport@ and current@ mailing lists, the FreeBSD TCP stack is not compliant with RFC 7323, which requires that TCP stacks send a timestamp option on all packets (except, optionally, RSTs) after the session is established. This patch adds that support. It also adds a TCP signature option to the packet, if appropriate. MFC r300764 (by jhb@): Don't reuse the source mbuf in tcp_respond() if it is not writable. Not all mbufs passed up from device drivers are M_WRITABLE(). In particular, the Chelsio T4/T5 driver uses a feature called "buffer packing" to receive multiple frames in a single receive buffer. The mbufs to receive multiple frames in a single receive buffer. The mbufs for these frames all share the same external storage so are treated as read-only by the rest of the stack when multiple frames are in flight. Previously tcp_respond() would blindly overwrite read-only mbufs when INVARIANTS was disabled or panic with an assertion failure if INVARIANTS was enabled. Note that the new case is a bit of a mix of the two other cases in tcp_respond(). The TCP and IP headers must be copied explicitly into the new mbuf instead of being inherited (similar to the m == NULL case), but the addresses and ports must be swapped in the reply (similar to the m != NULL case).
* MFC r305389:dim2016-09-071-4/+4
| | | | | | | | | | | | | | | | | | | | With clang 3.9.0, compiling sys/netinet/igmp.c results in the following warning: sys/netinet/igmp.c:546:21: error: implicit conversion from 'int' to 'char' changes value from 148 to -108 [-Werror,-Wconstant-conversion] p->ipopt_list[0] = IPOPT_RA; /* Router Alert Option */ ~ ^~~~~~~~ sys/netinet/ip.h:153:19: note: expanded from macro 'IPOPT_RA' #define IPOPT_RA 148 /* router alert */ ^~~ This is because ipopt_list is an array of char, so IPOPT_RA is wrapped to a negative value. It would be nice to change ipopt_list to an array of u_char, but it changes the signature of the public struct ipoption, so add an explicit cast to suppress the warning. Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D7777
* MFC 304202sephe2016-09-011-1/+11
| | | | | | | | | tcp/lro: Make # of LRO entries tunable Reviewed by: hps, gallatin Obtained from: rrs, gallatin Sponsored by: Netflix (rrs, gallatin), Microsoft (sephe) Differential Revision: https://reviews.freebsd.org/D7499
* MFC 303766sephe2016-08-261-4/+32
| | | | | | | | | | | | | | | tcp/lro: If timestamps mismatch or it's a FIN, force flush. This keeps the segments/ACK/FIN delivery order. Before this patch, it was observed: if A sent FIN immediately after an ACK, B would deliver FIN first to the TCP stack, then the ACK. This out-of-order delivery causes one unnecessary ACK sent from B. Reviewed by: gallatin, hps Obtained from: rrs, gallatin Sponsored by: Netflix (rrs, gallatin), Microsoft (sephe) Differential Revision: https://reviews.freebsd.org/D7415
* MFC r286873:jch2016-07-271-4/+12
| | | | | | | Make clear that TIME_WAIT timeout expiration is managed solely by tcp_tw_2msl_scan(). Sponsored by: Verisign, Inc.
* MFC r271119, r272081:jch2016-07-273-27/+21
| | | | | | | | | | | | | | | | r271119: In tcp_input(), don't acquire the pcbinfo global write lock for SYN packets targeting a listening socket. Permit to reduce TCP input processing starvation in context of high SYN load (e.g. short-lived TCP connections or SYN flood). Submitted by: Julien Charbon <jcharbon@verisign.com> Reviewed by: adrian, hiren, jhb, Mike Bentkofsky r272081: Catch up with r271119.
* MFC r273014:jch2016-07-271-1/+3
| | | | | | | | | | A connection in TIME_WAIT state before calling close() actually did not received any RST packet. Do not set error to ECONNRESET in this case. Differential Revision: https://reviews.freebsd.org/D879 Reviewed by: rpaulo, adrian Approved by: jhb (mentor) Sponsored by: Verisign, Inc.
* MFC r261242:jch2016-07-182-10/+3
| | | | | | | | | | | | Decrease lock contention within the TCP accept case by removing the INP_INFO lock from tcp_usr_accept. As the PR/patch states this was following the advice already in the code. See the PR below for a full discussion of this change and its measured effects. PR: 183659 Submitted by: Julien Charbon Reviewed by: jhb
* MFC r292384:bdrewery2016-06-271-27/+27
| | | | | | Fix style issues around existing SDT probes. ** Changes to sys/netinet/in_kdtrace.c and sys/netinet/in_kdtrace.h skipped.
* MFC r297391:bdrewery2016-06-271-2/+0
| | | | Remove some NULL checks for M_WAITOK allocations.
* MFC 300981sephe2016-06-231-3/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | tcp: Don't prematurely drop receiving-only connections If the connection was persistent and receiving-only, several (12) sporadic device insufficient buffers would cause the connection be dropped prematurely: Upon ENOBUFS in tcp_output() for an ACK, retransmission timer is started. No one will stop this retransmission timer for receiving- only connection, so the retransmission timer promises to expire and t_rxtshift is promised to be increased. And t_rxtshift will not be reset to 0, since no RTT measurement will be done for receiving-only connection. If this receiving-only connection lived long enough (e.g. >350sec, given the RTO starts from 200ms), and it suffered 12 sporadic device insufficient buffers, i.e. t_rxtshift >= 12, this receiving-only connection would be dropped prematurely by the retransmission timer. We now assert that for data segments, SYNs or FINs either rexmit or persist timer was wired upon ENOBUFS. And don't set rexmit timer for other cases, i.e. ENOBUFS upon ACKs. Discussed with: lstewart, hiren, jtl, Mike Karels MFC after: 3 weeks Sponsored by: Microsoft OSTC Differential Revision: https://reviews.freebsd.org/D5872
* MFC 298696,298730sephe2016-06-211-1/+1
| | | | | | | | | | | | | | | 298696 tcp/lro: Fix typo. MFC after: 1 week Sponsored by: Microsoft OSTC 298730 tcp/lro: Fix more typo Noticed by: hiren MFC after: 1 week Sponsored by: Microsoft OSTC
* MFC r300240truckman2016-06-202-2/+2
| | | | | | | | | | | | | | | | | | | | Change net.inet.tcp.ecn.enable sysctl mib from a binary off/on control to a three way setting. 0 - Totally disable ECN. (no change) 1 - Enable ECN if incoming connections request it. Outgoing connections will request ECN. (no change from present != 0 setting) 2 - Enable ECN if incoming connections request it. Outgoing conections will not request ECN. Change the default value of net.inet.tcp.ecn.enable from 0 to 2. Linux version 2.4.20 and newer, Solaris, and Mac OS X 10.5 and newer have similar capabilities. The actual values above match Linux, and the default matches the current Linux default. Reviewed by: eadler Relnotes: yes Differential Revision: https://reviews.freebsd.org/D6386
* MFC 297265sephe2016-06-162-1/+2
| | | | | | | | | | | tcp/lro: Return TCP_LRO_NO_ENTRIES if we are short of LRO entries. So that callers could react accordingly. Reviewed by: gallatin (no objection) MFC after: 1 week Sponsored by: Microsoft OSTC Differential Revision: https://reviews.freebsd.org/D5695
* MFC r300779, r300781, r300783, r300784, r300949, r301162, r301180truckman2016-06-101-3/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r300779 | truckman | 2016-05-26 14:40:13 -0700 (Thu, 26 May 2016) | 64 lines Import Dummynet AQM version 0.2.1 (CoDel, FQ-CoDel, PIE and FQ-PIE). Centre for Advanced Internet Architectures Implementing AQM in FreeBSD * Overview <http://caia.swin.edu.au/freebsd/aqm/index.html> * Articles, Papers and Presentations <http://caia.swin.edu.au/freebsd/aqm/papers.html> * Patches and Tools <http://caia.swin.edu.au/freebsd/aqm/downloads.html> Overview Recent years have seen a resurgence of interest in better managing the depth of bottleneck queues in routers, switches and other places that get congested. Solutions include transport protocol enhancements at the end-hosts (such as delay-based or hybrid congestion control schemes) and active queue management (AQM) schemes applied within bottleneck queues. The notion of AQM has been around since at least the late 1990s (e.g. RFC 2309). In recent years the proliferation of oversized buffers in all sorts of network devices (aka bufferbloat) has stimulated keen community interest in four new AQM schemes -- CoDel, FQ-CoDel, PIE and FQ-PIE. The IETF AQM working group is looking to document these schemes, and independent implementations are a corner-stone of the IETF's process for confirming the clarity of publicly available protocol descriptions. While significant development work on all three schemes has occured in the Linux kernel, there is very little in FreeBSD. Project Goals This project began in late 2015, and aims to design and implement functionally-correct versions of CoDel, FQ-CoDel, PIE and FQ_PIE in FreeBSD (with code BSD-licensed as much as practical). We have chosen to do this as extensions to FreeBSD's ipfw/dummynet firewall and traffic shaper. Implementation of these AQM schemes in FreeBSD will: * Demonstrate whether the publicly available documentation is sufficient to enable independent, functionally equivalent implementations * Provide a broader suite of AQM options for sections the networking community that rely on FreeBSD platforms Program Members: * Rasool Al Saadi (developer) * Grenville Armitage (project lead) Acknowledgements: This project has been made possible in part by a gift from the Comcast Innovation Fund. Submitted by: Rasool Al-Saadi <ralsaadi@swin.edu.au> X-No objection: core MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D6388 [Remove some code that was added to the mq_append() inline function in HEAD by r258457, which was not merged to stable/10. The AQM patch moved mq_append() from ip_dn_io.c to the new file ip_dn_private.h, so we need to remove that copy of the r258457 changes.] ------------------------------------------------------------------------ r300781 | truckman | 2016-05-26 14:44:52 -0700 (Thu, 26 May 2016) | 7 lines Modify BOUND_VAR() macro to wrap all of its arguments in () and tweak its expression to work on powerpc and sparc64 (gcc compatibility). Correct a typo in a nearby comment. MFC after: 2 weeks (with r300779) ------------------------------------------------------------------------ r300783 | truckman | 2016-05-26 15:03:28 -0700 (Thu, 26 May 2016) | 4 lines Correct a typo in a comment. MFC after: 2 weeks (with r300779) ------------------------------------------------------------------------ r300784 | truckman | 2016-05-26 15:07:09 -0700 (Thu, 26 May 2016) | 5 lines Include the new AQM files when compiling a kernel with options DUMMYNET. Reported by: Nikolay Denev <nike_d AT cytexbg DOT com> MFC after: 2 weeks (with r300779) ------------------------------------------------------------------------ r300949 | truckman | 2016-05-29 00:23:56 -0700 (Sun, 29 May 2016) | 10 lines Cast some expressions that multiply a long long constant by a floating point constant to int64_t. This avoids the runtime conversion of the the other operand in a set of comparisons from int64_t to floating point and doing the comparisions in floating point. Suggested by: lidl Submitted by: Rasool Al-Saadi <ralsaadi@swin.edu.au> MFC after: 2 weeks (with r300779) ------------------------------------------------------------------------ r301162 | truckman | 2016-06-01 13:04:24 -0700 (Wed, 01 Jun 2016) | 9 lines Replace constant expressions that contain multiplications by fractional floating point values with integer divides. This will eliminate any chance that the compiler will generate code to evaluate the expression using floating point at runtime. Suggested by: bde Submitted by: Rasool Al-Saadi <ralsaadi@swin.edu.au> MFC after: 8 days (with r300779 and r300949) ------------------------------------------------------------------------ r301180 | truckman | 2016-06-01 17:42:15 -0700 (Wed, 01 Jun 2016) | 2 lines Belatedly bump .Dd date for Dummynet AQM import in r300779. Relnotes: yes
* MFC r266941, r266955truckman2016-06-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Needed for anticipated dummynet AQM MFC next week. r266941 | hiren | 2014-06-01 00:28:24 -0700 (Sun, 01 Jun 2014) | 9 lines ECN marking implenetation for dummynet. Changes include both DCTCP and RFC 3168 ECN marking methodology. DCTCP draft: http://tools.ietf.org/html/draft-bensley-tcpm-dctcp-00 Submitted by: Midori Kato (aoimidori27@gmail.com) Worked with: Lars Eggert (lars@netapp.com) Reviewed by: luigi, hiren r266955 | hiren | 2014-06-01 13:19:17 -0700 (Sun, 01 Jun 2014) | 5 lines DNOLD_IS_ECN introduced by r266941 is not required. DNOLD_* flags are for compat with old binaries. Suggested by: luigi Discussed with: hiren Relnotes: yes
* MFC r297985:loos2016-05-231-2/+1
| | | | | | | | | | Do not overwrite the dchg variable. It does not cause any real issues because the variable is overwritten only when the packet is forwarded (and the variable is not used anymore). Obtained from: pfSense Sponsored by: Rubicon Communications (Netgate)
* MFC r298769, r299315sephe2016-05-171-5/+18
| | | | | | | | | | | | | | | | | | | | | r298769 ============= tcp/syncache: Set flowid and hash type properly for SYN|ACK So the underlying drivers can use it to select the sending queue properly for SYN|ACK instead of rolling their own hash. Sponsored by: Microsoft OSTC Differential Revision: https://reviews.freebsd.org/D6120 r299315 ============= tcp/syncache: Add comment for syncache_respond Suggested by: hiren, hps Reviewed by: sbruno Sponsored by: Microsoft OSTC Differential Revision: https://reviews.freebsd.org/D6148
* MFC r298408:jtl2016-05-061-2/+11
| | | | | | Prevent underflows in tp->snd_wnd if the remote side ACKs more than tp->snd_wnd. This can happen, for example, when the remote side responds to a window probe by ACKing the one byte it contains.
* MFC r295549:tuexen2016-02-2510-81/+135
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Loopback addresses are 127.0.0.0/8, not 127.0.0.1/32. MFC r295668: Improve the teardown of the SCTP stack. MFC r295670: Whitespace changes. MFC r295708: Address a warning reported by D5245 / PVS. MFC r295709: Code cleanup which will silence a warning in PVS / D5245. MFC r295710: Add protection code for issues reported by PVS / D5245. MFC r295771: Fix reporting of mapped addressed in getpeername() and getsockname() for IPv6 SCTP sockets. This bugs were found because of an issue reported by PVS / D5245. MFC r295772: Add some protection code. MFC r295773: Add protection code. MFC r295805: Use the SCTP level pointer, not the interface level. MFC r295929: Don't leak an address in an error path. Approved by: re (marius)
* Revert 295285 which was an MFC of the tryforward work (r290383,295282,295283)gnn2016-02-223-18/+113
| | | | | | | In the IPFW+NAT+divergent MTU case there is a bug in sening ICMP MTU updates. Approved by: re (marius, gjb) Sponsored by: Rubicon Communications (Netgate)
* MFC r292601,292654:bz2016-02-081-1/+1
| | | | | | | | | | | | Since r256624 (head) we have been leaking routing table allocations on vnet enabled jail shutdown. Call the provided cleanup routines for IP versions 4 and 6 to plug these leaks. Sponsored by: The FreeBSD Foundation Reviewed by: gnn Differential Revision:https://reviews.freebsd.org/D4530 Approved by: re (gjb)
* MFC r294514:bz2016-02-071-4/+0
| | | | | | | | | | | | The variable is write once only and not used. Recover the vertical space. Sponsored by: The FreeBSD Foundation Obtained from: p4 CH=180830 Reviewed by: gnn, hiren Differential Revision:https://reviews.freebsd.org/D4898 Approved by: re (marius, gjb)
* MFC: r290383,295282,295283gnn2016-02-043-113/+18
| | | | | | | | | | | | Replace the fastforward path with tryforward which does not require a sysctl and will always be on. The former split between default and fast forwarding is removed by this commit while preserving the ability to use all network stack features. Differential Revision: https://reviews.freebsd.org/D4042 Reviewed by: ae, melifaro, olivier, rwatson Approved by: re (glebius) Sponsored by: Rubicon Communications (Netgate)
* MFC r294995:tuexen2016-02-035-73/+135
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Always look in the TCP pool. This fixes issues with a restarting peer when the listening 1-to-1 style socket is closed. MFC r295021: Remove debug output which was committed by accident. Thanks to Oliver Pinter for reporting. MFC r295069: Ignore peer addresses in a consistent way also when checking for new addresses during restart. If this is not done, restart doesn't work when the local socket is IPv4 only and the peer uses IPv4 and IPv6 addresses. MFC r295070: Don't change the remote UDP encapsulation port for SCTP packets containing an INIT chunk. MFC r295072: Don't allow a remote encapsulation port change during the SCTP restart procedure. MFC r295075: Update the path mtu when turning on/off UDP encapsulation for SCTP. MFC r295077: Add missing parentheses. This was reported by ccaughie via GitHub for the userland stack. Approved by: re (kib)
* MFC r294840hiren2016-01-284-2/+14
| | | | | | Persist timers TCPTV_PERSMIN and TCPTV_PERSMAX are hardcoded with 5 seconds and 60 seconds, respectively. Turn them into sysctls that can be tuned live. The default values of 5 seconds and 60 seconds have been retained.
* MFC r292603:bz2016-01-211-1/+1
| | | | | | | | | If bootverbose is enabled every vnet startup and virtual interface creation will print extra lines on the console. We are generally not interested in this (repeated) information for each VNET. Thus only print it for the default VNET. Virtual interfaces on the base system will remain printing information, but e.g. each loopback in each vnet will no longer cause a "bpf attached" line.
* MFC r294057:tuexen2016-01-171-2/+6
| | | | | | | | | | | | | | | | | | | | Fix a bug in INIT handling on accepted 1-to-1 style sockets when the listener is closed. This fix allows the following packetdrill test to pass: // Setup a connected, blocking 1-to-1 style socket +0.0 socket(..., SOCK_STREAM, IPPROTO_SCTP) = 3 // Check the handshake with en empty(!) cookie +0.0 bind(3, ..., ...) = 0 +0.0 listen(3, 1) = 0 +0.0 < sctp: INIT[flgs=0, tag=1, a_rwnd=1500, os=1, is=1, tsn=1] +0.0 > sctp: INIT_ACK[flgs=0, tag=2, a_rwnd=..., os=..., is=..., tsn=1, ...] +0.0 < sctp: COOKIE_ECHO[flgs=0, len=..., val=...] +0.0 > sctp: COOKIE_ACK[flgs=0] +0.0 accept(3, ..., ...) = 4 +0.0 close(3) = 0 // Inject an INIT chunk and expect an INIT-ACK +0.0 < sctp: INIT[flgs=0, tag=3, a_rwnd=1500, os=1, is=1, tsn=1] +0.0 > sctp: INIT_ACK[flgs=0, tag=..., a_rwnd=..., os=..., is=..., tsn=..., ...]
OpenPOWER on IntegriCloud