| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since revision 1.87 of ip_icmp.c icmp_mtudisc_clone() ignored reject
routes. Otherwise TCP would clone these routes for PMTU discovery.
They will not work, even after dynamic routing has found a better
route than the reject route.
With IPsec the use case is different. First you need a route, but
then the flow handles the packet without routing. Usually this
route should be a reject route to avoid sending unencrypted traffic
if the flow is missing. But IPsec needs this route for PMTU
discovery, so use it for that.
OK claudio@ tobhe@
|
| |
|
|
|
|
|
|
| |
was NULL and nothing was traced. So save the old tcpcb and use
that to retrieve some information. Note that otb may be freed and
must not be dereferenced. Use a heuristic for cases where the
address family is in the IP header but not provided in the PCB.
OK visa@
|
| |
|
|
|
|
| |
implemented as slow and fast protocol user requests. Replace that
with a proper timer debug implementation.
OK visa@
|
| |
|
|
|
|
| |
the delack timer had a different implementation. Use the same
mechanism for all TCP timer.
OK mpi@ visa@
|
| |
|
|
|
|
|
|
| |
pr_fasttimo. That is the reason why we have two timeout mechanisms
with complicated ticks calculation. Move the delay ACK timeout to
milliseconds and remove some ticks and hz mess from the others.
This makes it easier to see the actual values.
OK florian@ dhill@ dlg@
|
| |
|
|
|
|
|
|
|
|
|
| |
netlock, timers may still run after they have been disarmed. Deleting
the timeout is not sufficient to cancel them, but the code from 4.4
BSD is assuming this.
The solution is to add a flag for every timer to see whether it has
been armed or canceled. Remove the TF_DEAD check as tcp_canceltimers()
is called before the reaper timer is fired. Cancelation works
reliably now.
OK mpi@
|
| |
|
|
|
|
|
|
|
|
|
| |
it could run immediately and was not synchronized with the TCP
timeouts, although that was the intension when it was introduced
in revision 1.85. Convert the reaper to an ordinary TCP timeout
so it is scheduled on the same timeout thread after all timeouts
have finished. A net lock is not necessary as the process calling
tcp_close() will not access the tcpcb after arming the reaper
timeout.
OK mikeb@
|
| |
|
|
|
|
| |
calling tcp_close(), tcp_drop(), and tcp_disconnect(). Then no
freed memory can be used after closing a TCP connection.
OK mikeb@ mpi@
|
| |
|
|
|
|
| |
Direction suggested by mpi
OK mpi, visa
|
| |
|
|
|
|
|
|
|
| |
TCP_FACK was disabled by provos@ in June 1999.
TCP_FACK is an algorithm that decides that when something is lost, all
not SACKed packets until the most forward SACK are lost. It may be a
correct estimate, if network does not reorder packets.
OK visa@ mpi@ mikeb@
|
| |
|
|
| |
OK deraadt, mpi, visa, job
|
| |
|
|
| |
Tested by Hrvoje Popovski, ok bluhm@
|
| |
|
|
| |
ok visa@
|
| |
|
|
|
| |
No binary change.
OK mpi@
|
| |
|
|
| |
ok mpi@ bluhm@
|
| |
|
|
|
|
|
|
|
|
|
| |
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.
This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.
Inputs from and ok bluhm@, ok dlg@
|
| |
|
|
| |
This removes multipe recursive splsoftnet()/splx() dances.
|
| |
|
|
| |
This will allow to have a single lock/unlock dance per timer.
|
| | |
|
| |
|
|
| |
ok mpi@ millert@
|
| | |
|
| |
|
|
|
|
| |
to pass the destination address of the route to clone.
ok markus@, mikeb@
|
| |
|
|
|
|
|
|
|
|
|
| |
behaves as if SO_KEEPALIVE was set on all TCP sockets, forcing keepalives
to be sent every net.inet.tcp.keepidle half-seconds.
In conjunction with a keepidle value greatly reduced from the default,
this can be useful for keeping sessions open if you are stuck on a network
with short NAT or firewall timeouts.
Feedback from various people, ok henning@ claudio@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.
Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.
Written by claudio@, criticized^Wcritiqued by me
|
| |
|
|
|
|
|
|
| |
needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@
|
| |
|
|
|
|
|
|
|
| |
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
|
| |
|
|
| |
relying on the mbuf chain layout; with claudio@ and krw@; ok henning@
|
| |
|
|
| |
ok millert
|
| |
|
|
|
|
| |
MGET* macros were changed to function calls, there wasn't any
need for the pool declarations and the inclusion of pool.h
From: tbert <bret.lambert@gmail.com>
|
| |
|
|
|
|
|
| |
code and replace both with a RFC1948 based method, so TCP clients
now have monotonic ISN/timestamps. The server side uses completely
random ISN/timestamps and does time-wait recycling (on port reuse).
ok djm@, mcbride@; thanks to lots of testers
|
| | |
|
| |
|
|
|
|
|
| |
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
i.e. don't act on ICMP-need-frag immediately if adhoc checks on the
advertised mtu fail. the mtu update is delayed until a tcp retransmit
happens. initial patch by Fernando Gont, tested by many.
|
| | |
|
| |
|
|
|
|
| |
1) add a reaper for TCP and SYN cache states (cf. netbsd pr 20390)
2) additional check for TCP_TIMER_ISARMED(TCPT_REXMT) in tcp_timer_persist()
with mickey@; ok deraadt@
|
| | |
|
| |
|
|
| |
rescinded 22 July 1999. Proofed by myself and Theo.
|
| |
|
|
| |
ok jason@
|
| |
|
|
|
|
|
|
| |
this part of falling back to non-ecn on timeout slipped during
merge from KAME.
ok @art
report to bugs@ by Han Boetes and Otto Moerbeek
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
it consists of
- ECN support in TCP
- tunnel-egress and fragment reassembly rules in layer-3 not to lose
congestion info at tunnel-egress and fragment reassembly
to enable ECN in TCP, build a kernel with TCP_ECN, and then,
turn it on by "sysctl -w net.inet.tcp.ecn=1".
ok deraadt@
|
| |
|
|
| |
tcp connections during tcp_slowtimo. apdapted from thorpej@netbsd.org
|
| |
|
|
| |
adapated from netbsd. okay angelos@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
armin@wolfermann.org
- set the persist timer so that connections in CLOSING state timeout
- honor keep-alive timer in CLOSING state.
Fixes the problem in simulaneous close situation where connections
would never leave the CLOSING state and stay arround indefinitly.
|
| | |
|
| | |
|
bluhm
florian
job
mikeb
mpi
jca
naddy
sthen
guenther
claudio
markus
deraadt
henning
miod
espie
itojun
millert
tedu
kjc
provos
angelos