summaryrefslogtreecommitdiffstats
path: root/sys/netipx
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright: parts of the netipx implementation are covered by arwatson2005-04-101-1/+1
| | | | | | 2005 copyright. MFC after: 3 days
* Compare (mbuf *) with NULL, not 0.rwatson2005-04-101-1/+1
| | | | MFC after: 3 days
* Marginally reformat my copyright statement to remove the spurious ','.rwatson2005-03-101-1/+1
|
* In the current world order, solisten() implements the state transition ofrwatson2005-02-211-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a socket from a regular socket to a listening socket able to accept new connections. As part of this state transition, solisten() calls into the protocol to update protocol-layer state. There were several bugs in this implementation that could result in a race wherein a TCP SYN received in the interval between the protocol state transition and the shortly following socket layer transition would result in a panic in the TCP code, as the socket would be in the TCPS_LISTEN state, but the socket would not have the SO_ACCEPTCONN flag set. This change does the following: - Pushes the socket state transition from the socket layer solisten() to to socket "library" routines called from the protocol. This permits the socket routines to be called while holding the protocol mutexes, preventing a race exposing the incomplete socket state transition to TCP after the TCP state transition has completed. The check for a socket layer state transition is performed by solisten_proto_check(), and the actual transition is performed by solisten_proto(). - Holds the socket lock for the duration of the socket state test and set, and over the protocol layer state transition, which is now possible as the socket lock is acquired by the protocol layer, rather than vice versa. This prevents additional state related races in the socket layer. This permits the dual transition of socket layer and protocol layer state to occur while holding locks for both layers, making the two changes atomic with respect to one another. Similar changes are likely require elsewhere in the socket/protocol code. Reported by: Peter Holm <peter@holm.cc> Review and fixes from: emax, Antoine Brodin <antoine.brodin@laposte.net> Philosophical head nod: gnn
* Mark the IPX netisr as MPSAFE so that inbound IPX traffic is processedrwatson2005-01-091-1/+1
| | | | | | | without Giant, and can be directly dispatched in the ithread when net.isr.enable is turned on. MFC after: 4 weeks
* Recent changes have locked down most of the highly dynamic datarwatson2005-01-092-4/+0
| | | | | | | | | | | | | | structures in IPX/SPX -- primarily, sequence numbering, PCB lists, and PCBs for IPX raw sockets, IPX datagram sockets, and IPX/SPX. As such, remove remove NET_NEEDS_GIANT() for IPX, and remove the assertion of Giant in the ipxintr() IPX input path. Note that IPX/SPX is not fully MPSAFE, and that there are some problems with IPX/SPX locking that will require some further work. However, it is now safe enough to run in general without the Giant lock. MFC after: 4 weeks
* Use the IPX PCB list mutex and IPX PCB mutexes to lock down the SPXrwatson2005-01-092-39/+110
| | | | | | | | | | | | | | | | | | | | | | | | portion of IPX/SPX: - Protect IPX PCB lists with the IPX PCB list mutex, in particular when calling PCB and PCB list manipulation routines in ipx_pcb.c. - Protect both IPX PCB state and SPX PCB state using the IPX PCB mutex. - Generally annotate locking, as well as adding liberal use of lock assertions to document locking requirements. - Where possible, use unlocked reads when reading integer or smaller sized socket options on SPX sockets. - De-spl throughout. Notes: - spx_input() expects both the list mutex and PCB mutex to be held on entry, but will release both on return. Because sonewconn() is called from spx_input(), it may actually drop one PCB lock and acquire another during generation of a new connection, meaning the caller is not in a position to unlock the PCB mutex. MFC after: 3 weeks
* Clean up return handling for a number of SPX-related routines thatrwatson2005-01-091-22/+29
| | | | | | | | | | | | | | | | were derived from more complex TCP versions of the same: - spx_close(), spx_disconnect(), spx_drop(), and spx_usrclosed() all always free's the spxpcb invalidating the argument, so a return value is not required to indicate if it has. - Annotate that the cb arguments to each of these functions is invalidated via a comment. - When tearing down a pcb due to sonewconn() having failed, mark the cb as NULL; later, when deciding whether to store trace information due to SO_DEBUG, check that cb is not NULL before dereferencing or a NULL pointer dereference may occur. MFC after: 3 weeks
* Protect ipx_pexseq with the IPX PCB list mutex.rwatson2005-01-092-3/+12
| | | | | | | | When processing socket options against IPX PCBs, generally protect PCB fields using the IPX PCB mutex. Where possible, use unlocked reads on integer values to avoid locking overhead. MFC after: 3 weeks
* Acquire or assert the IPX PCB list lock or IPX PCB lock during variousrwatson2005-01-091-33/+72
| | | | | | | | | | protocol methods relating to IPX. Conditionally acquire the PCB list lock in the send operation only if the socket requires binding in order to use the requested address. Remove spl's generally no longer required during these accesses. MFC after: 3 weeks
* Assert or acquire the IPX PCB list lock or IPX PCB locks throughoutrwatson2005-01-091-1/+21
| | | | | | | | | the IPX-related PCB routines. In general, the list lock is required to iterate the PCB list, either for read or write; the PCB lock is required to access or modify a PCB. To change the binding of a PCB, both locks must be held. MFC after: 3 weeks
* Hold the IPX PCB mutex around calls to ipx_input() in the IPX inputrwatson2005-01-091-1/+8
| | | | | | path. MFC after: 3 weeks
* Hold the global IPX PCB list mutex in the IPX input path when walkingrwatson2005-01-091-0/+7
| | | | | | the IPX PCB list. MFC after: 3 weeks
* Introduce a global mutex, ipxpcb_list_mtx, to protect the globalrwatson2005-01-093-1/+24
| | | | | | | | | | | | IPX PCB lists. Add macros to initialize, destroy, lock, unlock, and assert the mutex. Initialize the mutex when IPX is started. Add per-IPX PCB mutexes, ipxp_mtx in struct ipxpcb, to protect per-PCB IPX/SPX state. Add macros to initialize, destroy, lock, unlock, and assert the mutex. Initialize the mutex when a new PCB is allocated; destroy it when the PCB is free'd. MFC after: 2 weeks
* In ipx_setsockaddr(), use M_WAITOK instead of M_NOWAIT so that therwatson2005-01-091-2/+2
| | | | | | | call always succeeds, avoiding causing the caller to return success even though the returned *sockaddr is NULL. MFC after: 2 weeks
* Eliminate jump to 'bad' label in order to clean up the ipx_input()rwatson2005-01-091-13/+14
| | | | | | return/unwind path for locking work. MFC after: 2 weeks
* /* -> /*- for license, minor formatting changesimp2005-01-0720-19/+22
|
* Garbage collect unused ipx_abort().rwatson2005-01-032-13/+2
| | | | | | Spell NULL right in a KASSERT() panic message. MFC after: 1 week
* Acquire the socket buffer receive lock in spx_rcvoob() to permitrwatson2005-01-021-0/+3
| | | | multiple reads of receive buffer state to be performed atomically.
* Increase the coverage scope of the receive socket buffer lock inrwatson2005-01-021-10/+9
| | | | | | spx_reass() to increase atomicity across multiple operations on the socket buffer when iterating over the SPX fragment reassembly list for the ipxpcb, as well a to reduce the number of locking operations.
* Explicitly lock the send socket buffer in spx_reass() to cover the droprwatson2005-01-021-2/+3
| | | | | | | | record loop for ACK'd data, rather than relying on lokcing in sbdroprecord() and sowwakeup(), reducing the number of lock operations as well as eliminating a possible race against the head of the send buffer mbuf chain. Use the _locked variants of sbdroprecord() and sowwakeup().
* Restructure ipx_input() return code to match similar code in netinet,rwatson2005-01-021-8/+6
| | | | avoiding a goto.
* Eliminate XXX comments regarding allocation failures when retrievingrwatson2005-01-022-5/+5
| | | | | | the peer address by using M_WAITOK in ipx_setpeeraddr() to prevent allocation failure. The socket reference used to reach these calls will prevent the ipxpcb from being released prematurely.
* Use KASSERT() in preference to if()panic().rwatson2005-01-022-6/+2
|
* Extern declaration of old 'ipxpcb' list head no longer required.rwatson2005-01-021-2/+0
|
* Trim trailing whitespace.rwatson2005-01-029-37/+37
|
* Document copyright updates in netipx README as other prior updates haverwatson2005-01-021-0/+1
| | | | been documented.
* Mark 'struct spx' and 'struct spxhdr' as __packed to prevent possiblerwatson2005-01-021-2/+2
| | | | | | alignment problems. MFC after: 3 days
* Improve handling of SPX session timeout, specifically, make sure torwatson2005-01-021-5/+8
| | | | | | | | | properly handle the case where a connection is disconnected. The queue(9)-enabled version of this code broke from the inner but not outer loop, and so potentially frobbed an ipxpcb flag after the ipxpcb was free'd, which might be picked up later by the malloc debugging code. Properly break from the loop context and avoid touching the cb/ipxpcb after free.
* Compare and assign pointers with NULL in preference to 0.rwatson2005-01-021-2/+2
|
* Don't cast NULL on return or when passing to another function.rwatson2005-01-021-14/+22
| | | | | Extend the annotation as to why spx_close() isn't called in spx_reass(), and mark this code more clearly as broken.
* Mark 'struct ipx', the IPX packet header, as __packed. Otherwise,rwatson2005-01-021-1/+1
| | | | | | | recent versions of gcc will insert an extra 16 bits of padding in the structure, corrupting all IPX packet output. MFC after: 3 days
* Use 'NULL' in preference to '0' for pointer comparisons.rwatson2005-01-021-3/+3
| | | | MFC after: 2 weeks
* Use RTFREE() to free route references rather than rtfree(), as rtfree()rwatson2005-01-022-2/+2
| | | | | | | | expects a locked route reference. This removes a panic that occurs when connected ipxpcb is closed and its route free'd, and may have been present since the route locking took place. MFC after: 2 weeks
* Prefer rtalloc_ign() API to rtalloc() API.rwatson2005-01-024-5/+5
|
* Move the definition of ipxpcb_lport_cache from ipx_input.c to ipx_pcb.c,rwatson2005-01-012-1/+1
| | | | the only source file where it is actually used.
* Marginally reformat copyright statements to remove an excess ','.rwatson2004-12-314-4/+4
|
* Add 'struct ipxpcb' forward declaration to ipx_var.h. I had this inrwatson2004-12-311-0/+1
| | | | | | | the netperf branch but for some reason didn't trigger a build failure locally when I merged to CVS and omitted it. Presumably driver error. Pointed out by: cperciva, tinderbox
* Use a global variable, ipxpcb_lport_cache, to cache the most recentlyrwatson2004-12-302-5/+6
| | | | used IPX port number, rather than using the global ipxpcb list head.
* Convert netipx to use queue(9) doubly-linked lists instead of home-brewrwatson2004-12-306-38/+45
| | | | linked lists for ipxpcb's.
* Garbage collect unused (and incompletely implemented) functions:rwatson2004-12-303-108/+0
| | | | | | | | - ipx_pcbnotify(), which is never called. - ipx_rtchange(), which is never called, is incomplete inplemented, and also #ifdef notdef. - spx_fixmtu(), which is never called, is incompletely implemented, and also #ifdef notdef.
* Constify ipx_zeronet, ipx_zerohost, ipx_broadnet, ipx_broadhost.rwatson2004-12-302-12/+11
| | | | | Remove 'allones' since the values of the broadcast network and host variables are set statically.
* Initialize struct pr_userreqs in new/sparse style and fill in commonphk2004-11-082-20/+52
| | | | | | default elements in net_init_domain(). This makes it possible to grep these structures and see any bogosities.
* Push acquisition of the accept mutex out of sofree() into the callerrwatson2004-10-182-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (sorele()/sotryfree()): - This permits the caller to acquire the accept mutex before the socket mutex, avoiding sofree() having to drop the socket mutex and re-order, which could lead to races permitting more than one thread to enter sofree() after a socket is ready to be free'd. - This also covers clearing of the so_pcb weak socket reference from the protocol to the socket, preventing races in clearing and evaluation of the reference such that sofree() might be called more than once on the same socket. This appears to close a race I was able to easily trigger by repeatedly opening and resetting TCP connections to a host, in which the tcp_close() code called as a result of the RST raced with the close() of the accepted socket in the user process resulting in simultaneous attempts to de-allocate the same socket. The new locking increases the overhead for operations that may potentially free the socket, so we will want to revise the synchronization strategy here as we normalize the reference counting model for sockets. The use of the accept mutex in freeing of sockets that are not listen sockets is primarily motivated by the potential need to remove the socket from the incomplete connection queue on its parent (listen) socket, so cleaning up the reference model here may allow us to substantially weaken the synchronization requirements. RELENG_5_3 candidate. MFC after: 3 days Reviewed by: dwhite Discussed with: gnn, dwhite, green Reported by: Marc UBM Bocklet <ubm at u-boot-man dot de> Reported by: Vlad <marchenko at gmail dot com>
* Mark Netgraph TTY, KAME IPSEC, and IPX/SPX as requiring Giant for correctrwatson2004-08-281-0/+6
| | | | | | | operation using NET_NEEDS_GIANT(). This will result in a boot-time restoration of Giant-enabled network operation, or run-time warning on dynamic load (applicable only to the Netgraph component). Additional components will likely need to be marked with this in the future.
* Avoid casts as lvalues. Declare local variable as u_char * instead ofkan2004-07-281-6/+6
| | | | declaring it as u_short * and casting it back to uchar * all over the place.
* Constify 'spx_backoff'.rwatson2004-07-121-1/+1
|
* Acquire the receive socket buffer lock when modifying out-of-bandrwatson2004-06-241-5/+4
| | | | data fields of the socket in SPX.
* Improve source-code compatibility with Linux applications using thebms2004-06-221-0/+3
| | | | | | | IPX stack. PR: kern/65217 Submitted by: Radim Kolar
* It's now the responsibility of the consumer of soabort() to remove arwatson2004-06-201-1/+12
| | | | | | | socket from its accept queue when aborting it during a new inbound connection. Update spx_input() to acquire the accept lock, assert the condition of the socket on its parent queue, and approriately disconnect it from the queue before calling soabort() on it.
OpenPOWER on IntegriCloud