summaryrefslogtreecommitdiffstats
path: root/sys/netipx
Commit message (Collapse)AuthorAgeFilesLines
* Mark the IPX netisr as MPSAFE so that inbound IPX traffic is processedrwatson2005-01-091-1/+1
| | | | | | | without Giant, and can be directly dispatched in the ithread when net.isr.enable is turned on. MFC after: 4 weeks
* Recent changes have locked down most of the highly dynamic datarwatson2005-01-092-4/+0
| | | | | | | | | | | | | | structures in IPX/SPX -- primarily, sequence numbering, PCB lists, and PCBs for IPX raw sockets, IPX datagram sockets, and IPX/SPX. As such, remove remove NET_NEEDS_GIANT() for IPX, and remove the assertion of Giant in the ipxintr() IPX input path. Note that IPX/SPX is not fully MPSAFE, and that there are some problems with IPX/SPX locking that will require some further work. However, it is now safe enough to run in general without the Giant lock. MFC after: 4 weeks
* Use the IPX PCB list mutex and IPX PCB mutexes to lock down the SPXrwatson2005-01-092-39/+110
| | | | | | | | | | | | | | | | | | | | | | | | portion of IPX/SPX: - Protect IPX PCB lists with the IPX PCB list mutex, in particular when calling PCB and PCB list manipulation routines in ipx_pcb.c. - Protect both IPX PCB state and SPX PCB state using the IPX PCB mutex. - Generally annotate locking, as well as adding liberal use of lock assertions to document locking requirements. - Where possible, use unlocked reads when reading integer or smaller sized socket options on SPX sockets. - De-spl throughout. Notes: - spx_input() expects both the list mutex and PCB mutex to be held on entry, but will release both on return. Because sonewconn() is called from spx_input(), it may actually drop one PCB lock and acquire another during generation of a new connection, meaning the caller is not in a position to unlock the PCB mutex. MFC after: 3 weeks
* Clean up return handling for a number of SPX-related routines thatrwatson2005-01-091-22/+29
| | | | | | | | | | | | | | | | were derived from more complex TCP versions of the same: - spx_close(), spx_disconnect(), spx_drop(), and spx_usrclosed() all always free's the spxpcb invalidating the argument, so a return value is not required to indicate if it has. - Annotate that the cb arguments to each of these functions is invalidated via a comment. - When tearing down a pcb due to sonewconn() having failed, mark the cb as NULL; later, when deciding whether to store trace information due to SO_DEBUG, check that cb is not NULL before dereferencing or a NULL pointer dereference may occur. MFC after: 3 weeks
* Protect ipx_pexseq with the IPX PCB list mutex.rwatson2005-01-092-3/+12
| | | | | | | | When processing socket options against IPX PCBs, generally protect PCB fields using the IPX PCB mutex. Where possible, use unlocked reads on integer values to avoid locking overhead. MFC after: 3 weeks
* Acquire or assert the IPX PCB list lock or IPX PCB lock during variousrwatson2005-01-091-33/+72
| | | | | | | | | | protocol methods relating to IPX. Conditionally acquire the PCB list lock in the send operation only if the socket requires binding in order to use the requested address. Remove spl's generally no longer required during these accesses. MFC after: 3 weeks
* Assert or acquire the IPX PCB list lock or IPX PCB locks throughoutrwatson2005-01-091-1/+21
| | | | | | | | | the IPX-related PCB routines. In general, the list lock is required to iterate the PCB list, either for read or write; the PCB lock is required to access or modify a PCB. To change the binding of a PCB, both locks must be held. MFC after: 3 weeks
* Hold the IPX PCB mutex around calls to ipx_input() in the IPX inputrwatson2005-01-091-1/+8
| | | | | | path. MFC after: 3 weeks
* Hold the global IPX PCB list mutex in the IPX input path when walkingrwatson2005-01-091-0/+7
| | | | | | the IPX PCB list. MFC after: 3 weeks
* Introduce a global mutex, ipxpcb_list_mtx, to protect the globalrwatson2005-01-093-1/+24
| | | | | | | | | | | | IPX PCB lists. Add macros to initialize, destroy, lock, unlock, and assert the mutex. Initialize the mutex when IPX is started. Add per-IPX PCB mutexes, ipxp_mtx in struct ipxpcb, to protect per-PCB IPX/SPX state. Add macros to initialize, destroy, lock, unlock, and assert the mutex. Initialize the mutex when a new PCB is allocated; destroy it when the PCB is free'd. MFC after: 2 weeks
* In ipx_setsockaddr(), use M_WAITOK instead of M_NOWAIT so that therwatson2005-01-091-2/+2
| | | | | | | call always succeeds, avoiding causing the caller to return success even though the returned *sockaddr is NULL. MFC after: 2 weeks
* Eliminate jump to 'bad' label in order to clean up the ipx_input()rwatson2005-01-091-13/+14
| | | | | | return/unwind path for locking work. MFC after: 2 weeks
* /* -> /*- for license, minor formatting changesimp2005-01-0720-19/+22
|
* Garbage collect unused ipx_abort().rwatson2005-01-032-13/+2
| | | | | | Spell NULL right in a KASSERT() panic message. MFC after: 1 week
* Acquire the socket buffer receive lock in spx_rcvoob() to permitrwatson2005-01-021-0/+3
| | | | multiple reads of receive buffer state to be performed atomically.
* Increase the coverage scope of the receive socket buffer lock inrwatson2005-01-021-10/+9
| | | | | | spx_reass() to increase atomicity across multiple operations on the socket buffer when iterating over the SPX fragment reassembly list for the ipxpcb, as well a to reduce the number of locking operations.
* Explicitly lock the send socket buffer in spx_reass() to cover the droprwatson2005-01-021-2/+3
| | | | | | | | record loop for ACK'd data, rather than relying on lokcing in sbdroprecord() and sowwakeup(), reducing the number of lock operations as well as eliminating a possible race against the head of the send buffer mbuf chain. Use the _locked variants of sbdroprecord() and sowwakeup().
* Restructure ipx_input() return code to match similar code in netinet,rwatson2005-01-021-8/+6
| | | | avoiding a goto.
* Eliminate XXX comments regarding allocation failures when retrievingrwatson2005-01-022-5/+5
| | | | | | the peer address by using M_WAITOK in ipx_setpeeraddr() to prevent allocation failure. The socket reference used to reach these calls will prevent the ipxpcb from being released prematurely.
* Use KASSERT() in preference to if()panic().rwatson2005-01-022-6/+2
|
* Extern declaration of old 'ipxpcb' list head no longer required.rwatson2005-01-021-2/+0
|
* Trim trailing whitespace.rwatson2005-01-029-37/+37
|
* Document copyright updates in netipx README as other prior updates haverwatson2005-01-021-0/+1
| | | | been documented.
* Mark 'struct spx' and 'struct spxhdr' as __packed to prevent possiblerwatson2005-01-021-2/+2
| | | | | | alignment problems. MFC after: 3 days
* Improve handling of SPX session timeout, specifically, make sure torwatson2005-01-021-5/+8
| | | | | | | | | properly handle the case where a connection is disconnected. The queue(9)-enabled version of this code broke from the inner but not outer loop, and so potentially frobbed an ipxpcb flag after the ipxpcb was free'd, which might be picked up later by the malloc debugging code. Properly break from the loop context and avoid touching the cb/ipxpcb after free.
* Compare and assign pointers with NULL in preference to 0.rwatson2005-01-021-2/+2
|
* Don't cast NULL on return or when passing to another function.rwatson2005-01-021-14/+22
| | | | | Extend the annotation as to why spx_close() isn't called in spx_reass(), and mark this code more clearly as broken.
* Mark 'struct ipx', the IPX packet header, as __packed. Otherwise,rwatson2005-01-021-1/+1
| | | | | | | recent versions of gcc will insert an extra 16 bits of padding in the structure, corrupting all IPX packet output. MFC after: 3 days
* Use 'NULL' in preference to '0' for pointer comparisons.rwatson2005-01-021-3/+3
| | | | MFC after: 2 weeks
* Use RTFREE() to free route references rather than rtfree(), as rtfree()rwatson2005-01-022-2/+2
| | | | | | | | expects a locked route reference. This removes a panic that occurs when connected ipxpcb is closed and its route free'd, and may have been present since the route locking took place. MFC after: 2 weeks
* Prefer rtalloc_ign() API to rtalloc() API.rwatson2005-01-024-5/+5
|
* Move the definition of ipxpcb_lport_cache from ipx_input.c to ipx_pcb.c,rwatson2005-01-012-1/+1
| | | | the only source file where it is actually used.
* Marginally reformat copyright statements to remove an excess ','.rwatson2004-12-314-4/+4
|
* Add 'struct ipxpcb' forward declaration to ipx_var.h. I had this inrwatson2004-12-311-0/+1
| | | | | | | the netperf branch but for some reason didn't trigger a build failure locally when I merged to CVS and omitted it. Presumably driver error. Pointed out by: cperciva, tinderbox
* Use a global variable, ipxpcb_lport_cache, to cache the most recentlyrwatson2004-12-302-5/+6
| | | | used IPX port number, rather than using the global ipxpcb list head.
* Convert netipx to use queue(9) doubly-linked lists instead of home-brewrwatson2004-12-306-38/+45
| | | | linked lists for ipxpcb's.
* Garbage collect unused (and incompletely implemented) functions:rwatson2004-12-303-108/+0
| | | | | | | | - ipx_pcbnotify(), which is never called. - ipx_rtchange(), which is never called, is incomplete inplemented, and also #ifdef notdef. - spx_fixmtu(), which is never called, is incompletely implemented, and also #ifdef notdef.
* Constify ipx_zeronet, ipx_zerohost, ipx_broadnet, ipx_broadhost.rwatson2004-12-302-12/+11
| | | | | Remove 'allones' since the values of the broadcast network and host variables are set statically.
* Initialize struct pr_userreqs in new/sparse style and fill in commonphk2004-11-082-20/+52
| | | | | | default elements in net_init_domain(). This makes it possible to grep these structures and see any bogosities.
* Push acquisition of the accept mutex out of sofree() into the callerrwatson2004-10-182-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (sorele()/sotryfree()): - This permits the caller to acquire the accept mutex before the socket mutex, avoiding sofree() having to drop the socket mutex and re-order, which could lead to races permitting more than one thread to enter sofree() after a socket is ready to be free'd. - This also covers clearing of the so_pcb weak socket reference from the protocol to the socket, preventing races in clearing and evaluation of the reference such that sofree() might be called more than once on the same socket. This appears to close a race I was able to easily trigger by repeatedly opening and resetting TCP connections to a host, in which the tcp_close() code called as a result of the RST raced with the close() of the accepted socket in the user process resulting in simultaneous attempts to de-allocate the same socket. The new locking increases the overhead for operations that may potentially free the socket, so we will want to revise the synchronization strategy here as we normalize the reference counting model for sockets. The use of the accept mutex in freeing of sockets that are not listen sockets is primarily motivated by the potential need to remove the socket from the incomplete connection queue on its parent (listen) socket, so cleaning up the reference model here may allow us to substantially weaken the synchronization requirements. RELENG_5_3 candidate. MFC after: 3 days Reviewed by: dwhite Discussed with: gnn, dwhite, green Reported by: Marc UBM Bocklet <ubm at u-boot-man dot de> Reported by: Vlad <marchenko at gmail dot com>
* Mark Netgraph TTY, KAME IPSEC, and IPX/SPX as requiring Giant for correctrwatson2004-08-281-0/+6
| | | | | | | operation using NET_NEEDS_GIANT(). This will result in a boot-time restoration of Giant-enabled network operation, or run-time warning on dynamic load (applicable only to the Netgraph component). Additional components will likely need to be marked with this in the future.
* Avoid casts as lvalues. Declare local variable as u_char * instead ofkan2004-07-281-6/+6
| | | | declaring it as u_short * and casting it back to uchar * all over the place.
* Constify 'spx_backoff'.rwatson2004-07-121-1/+1
|
* Acquire the receive socket buffer lock when modifying out-of-bandrwatson2004-06-241-5/+4
| | | | data fields of the socket in SPX.
* Improve source-code compatibility with Linux applications using thebms2004-06-221-0/+3
| | | | | | | IPX stack. PR: kern/65217 Submitted by: Radim Kolar
* It's now the responsibility of the consumer of soabort() to remove arwatson2004-06-201-1/+12
| | | | | | | socket from its accept queue when aborting it during a new inbound connection. Update spx_input() to acquire the accept lock, assert the condition of the socket on its parent queue, and approriately disconnect it from the queue before calling soabort() on it.
* Grab the socket buffer send or receive mutex when performing arwatson2004-06-151-1/+6
| | | | | | read-modify-write on the sb_state field. This commit catches only the "easy" ones where it doesn't interact with as yet unmerged locking.
* The socket field so_state is used to hold a variety of socket relatedrwatson2004-06-141-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | flags relating to several aspects of socket functionality. This change breaks out several bits relating to send and receive operation into a new per-socket buffer field, sb_state, in order to facilitate locking. This is required because, in order to provide more granular locking of sockets, different state fields have different locking properties. The following fields are moved to sb_state: SS_CANTRCVMORE (so_state) SS_CANTSENDMORE (so_state) SS_RCVATMARK (so_state) Rename respectively to: SBS_CANTRCVMORE (so_rcv.sb_state) SBS_CANTSENDMORE (so_snd.sb_state) SBS_RCVATMARK (so_rcv.sb_state) This facilitates locking by isolating fields to be located with other identically locked fields, and permits greater granularity in socket locking by avoiding storing fields with different locking semantics in the same short (avoiding locking conflicts). In the future, we may wish to coallesce sb_state and sb_flags; for the time being I leave them separate and there is no additional memory overhead due to the packing/alignment of shorts in the socket buffer structure.
* Extend coverage of SOCK_LOCK(so) to include so_count, the socketrwatson2004-06-122-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | reference count: - Assert SOCK_LOCK(so) macros that directly manipulate so_count: soref(), sorele(). - Assert SOCK_LOCK(so) in macros/functions that rely on the state of so_count: sofree(), sotryfree(). - Acquire SOCK_LOCK(so) before calling these functions or macros in various contexts in the stack, both at the socket and protocol layers. - In some cases, perform soisdisconnected() before sotryfree(), as this could result in frobbing of a non-present socket if sotryfree() actually frees the socket. - Note that sofree()/sotryfree() will release the socket lock even if they don't free the socket. Submitted by: sam Sponsored by: FreeBSD Foundation Obtained from: BSD/OS
* Rename dup_sockaddr() to sodupsockaddr() for consistency with otherrwatson2004-03-012-3/+3
| | | | | | | | | | | | functions in kern_socket.c. Rename the "canwait" field to "mflags" and pass M_WAITOK and M_NOWAIT in from the caller context rather than "1" or "0". Correct mflags pass into mac_init_socket() from previous commit to not include M_ZERO. Submitted by: sam
OpenPOWER on IntegriCloud