summaryrefslogtreecommitdiffstats
path: root/sys/netinet/tcp_usrreq.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* spellingjsg2021-03-101-2/+2
| | | | ok gnezdo@ semarie@ mpi@
* Enforce range with sysctl_int_bounded in tcp_sysctlgnezdo2021-01-091-18/+15
| | | | | | | One case uses the explicit range from the code and the other was inferred from reading the usage. OK millert@
* Replace sysctl_rdint with sysctl_bounded_args entries in net.inet*gnezdo2020-11-161-4/+3
|
* Move TCPCTL_ALWAYS_KEEPALIVE into tcpctl_varsgnezdo2020-11-021-8/+2
| | | | OK deraadt
* Style fixups from hurried commitsgnezdo2020-08-181-6/+6
| | | | | | Thanks kettenis@ for pointing out. ok kettenis@
* Convert tcp_sysctl to sysctl_bounded_argsgnezdo2020-08-181-31/+18
| | | | | | | This introduces bounds checks for many net.inet.tcp sysctl variables. Folded some fitting cases into the framework: tcp_do_sack, tcp_do_ecn. ok derradt@
* Move range check inside sysctl_int_arrgnezdo2020-08-011-9/+6
| | | | | | | Range violations are now consistently reported as EOPNOTSUPP. Previously they were mixed with ENOPROTOOPT. OK kn@
* Refuse to set 0 or a negative value for net.inet.tcp.synbucketlimit.mpi2020-06-181-1/+14
| | | | | | | | Prevent a panic in syn_cache_insert() found by syzbot. Reported-by: syzbot+aee24ad9b7bf5665912d@syzkaller.appspotmail.com ok sashan@, anton@, millert@
* Count the number of TCP SACK options that were dropped due to thebluhm2019-07-121-1/+2
| | | | | sack hole list length or pool limit. OK claudio@
* Fix a possible mbuf leak in tcp_usrreq(). Make the error handlingbluhm2019-02-061-13/+13
| | | | | more consistent to the other protocols' usrreq functions. OK visa@ claudio@
* The change of the sb_mbmax calculation in sbreserve() broke settingbluhm2018-11-041-3/+4
| | | | | | a fixed socket send buffer size for TCP. tcp_update_sndspace() could overwrite the value as the algorithms were not in sync. OK benno@ claudio@
* The output from tcp debug sockets was incomplete. After detach tpbluhm2018-06-111-10/+16
| | | | | | | | was NULL and nothing was traced. So save the old tcpcb and use that to retrieve some information. Note that otb may be freed and must not be dereferenced. Use a heuristic for cases where the address family is in the IP header but not provided in the PCB. OK visa@
* Push NET_LOCK down in the default ifioctl case.pirofti2018-04-241-3/+4
| | | | | | | For the PRU_CONTROL bit the NET_LOCK surrounds in[6]_control() and on the ENOTSUPP case we guard the driver if_ioctl functions. OK mpi@
* Remove tcp_acounts, some tcp_usrreq() counting from 1981. Alsobluhm2018-02-051-7/+1
| | | | | remove the #ifdef KPROF which seems to be unused since that year. OK mpi@
* Since tcp_attach() has moved to a separate protocol function, thebluhm2018-02-031-10/+8
| | | | | inp cannot be NULL. Remove the useless if in tcp_usrreq(). OK mpi@
* Bring back the PRU_ATTACH constant and description. Then trpt(8)bluhm2018-01-231-3/+3
| | | | | prints the ATTACH action for TCP debugging socketes correctly. OK bluhm@
* Bring back the detach messages in trpt(8) for tcp debugging. Theybluhm2018-01-221-15/+11
| | | | | | got lost with the pr_detach conversion. While there, remove some dead code. OK mpi@
* Change `so_state' and `so_error' to unsigned int such that they canmpi2018-01-091-2/+2
| | | | | | be atomically read from any context. ok bluhm@, visa@
* Simplify the reverse PCB lookup logic. The PF_TAG_TRANSLATE_LOCALHOSTbluhm2017-12-011-3/+3
| | | | | | | | security check prevents that the user accidentally configures redirect where a divert-to would be appropriate. Instead of spreading the logic into tcp and udp input, check the flag during PCB listen lookup. This also reduces parameters of in_pcblookup_listen(). OK visa@
* Fix typos in comments.nayden2017-11-301-3/+3
| | | | OK florian@
* Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare runningmpi2017-11-201-1/+2
| | | | | | pr_input handlers without KERNEL_LOCK(). ok visa@
* Move PRU_DETACH out of pr_usrreq into per proto pr_detachflorian2017-11-021-12/+49
| | | | | | functions to pave way for more fine grained locking. Suggested by, comments & OK mpi
* Remove the TCP_FACK option and associated #if{,n}def code.job2017-10-251-6/+1
| | | | | | | | | TCP_FACK was disabled by provos@ in June 1999. TCP_FACK is an algorithm that decides that when something is lost, all not SACKed packets until the most forward SACK are lost. It may be a correct estimate, if network does not reorder packets. OK visa@ mpi@ mikeb@
* Unconditionally enable TCP selective acknowledgements (SACK)mikeb2017-10-221-14/+4
| | | | OK deraadt, mpi, visa, job
* Reduces the scope of the NET_LOCK() in sysctl(2) path.mpi2017-10-091-52/+75
| | | | | | Exposes per-CPU counters to real parrallelism. ok visa@, bluhm@, jca@
* Replace NET_ASSERT_LOCKED() by soassertlocked() in *_usrreq().mpi2017-09-051-2/+2
| | | | | | Not all of them need the NET_LOCK(). ok bluhm@
* Change sosetopt() to no longer free the mbuf it receives and changempi2017-09-011-6/+2
| | | | | | all the callers to call m_freem(9). Support from deraadt@ and tedu@, ok visa@, bluhm@
* Convert hand rolled sockaddr checks to the nam2sin functions.bluhm2017-08-151-29/+21
| | | | | | Especially in tcp_usrreq() connect detect the correct address family based on the inp_flags instead of the sa_family user input. OK mpi@
* Assert that the corresponding socket is locked when manipulating socketmpi2017-06-261-8/+8
| | | | | | | | | | | | | | | | buffers. This is one step towards unlocking TCP input path. Note that all the functions asserting for the socket lock are not necessarilly MP-safe. All the fields of 'struct socket' aren't protected. Introduce a new kernel-only kqueue hint, NOTE_SUBMIT, to be able to tell when a filter needs to lock the underlying data structures. Logic and name taken from NetBSD. Tested by Hrvoje Popovski. ok claudio@, bluhm@, mikeb@
* Merge the content of <netinet/tcpip.h> and <netinet6/tcpipv6.h> inmpi2017-05-181-2/+1
| | | | | | | | | <netinet/tcp_debug.h>. The IPv6 variant was always included and the IPv4 version is not present on all systems. Most of the offending ports are already fixed, thanks to sthen@!
* Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().mpi2017-05-161-2/+2
| | | | ok visa@
* Do not check for mapped addresses in tcp_usrreq(PRU_CONNECT),bluhm2017-05-131-3/+2
| | | | | this is done in in6_pcbconnect(). OK mpi@
* Use the common switch(af) construct for address family specificbluhm2017-05-121-20/+27
| | | | | | | code in tcp_usrreq(PRU_CONNECT). Do not access sockaddr_in before checking the address family. Return EAFNOSUPPORT error in the default case. OK mikeb@
* When building counter memory in preparation to copy to userland, alwaysderaadt2017-04-051-1/+2
| | | | | | zero the buffers first. All the current objects appear to be safe, however future changes might introduce structure pads. Discussed with guenther, ok bluhm
* Fix tcp stats reportingjca2017-04-021-5/+3
| | | | | Return the sum of per-cpu counters instead of the current cpu's counters. Brainfart on my side. Analysis and fix by Andrei-Marius Radu.
* Move PRU_ATTACH out of the pr_usrreq functions into pr_attach.claudio2017-03-131-20/+10
| | | | | | | Attach is quite a different thing to the other PRU functions and this should make locking a bit simpler. This also removes the ugly hack on how proto was passed to the attach function. OK bluhm@ and mpi@ on a previous version
* percpu counters for TCP statsjca2017-02-091-25/+135
| | | | ok mpi@ bluhm@
* In sogetopt, preallocate an mbuf to avoid using sleeping mallocs withdhill2017-02-011-8/+5
| | | | | | | | the netlock held. This also changes the prototypes of the *ctloutput functions to take an mbuf instead of an mbuf pointer. help, guidance from bluhm@ and mpi@ ok bluhm@
* Remove NULL checks before m_free(9), it deals with it.mpi2017-01-101-3/+2
| | | | ok bluhm@, kettenis@
* Remove some recursives splsoftnet().mpi2017-01-031-5/+5
| | | | ok visa@, mikeb@
* Typo, "more then" -> "more than"jca2016-12-261-2/+2
|
* A NET_LOCK() was is missing in tcp_sysctl() which shows up as splbluhm2016-12-201-1/+3
| | | | | | | | | | softnet assert failures. It is better to place the lock into net_sysctl() where all the protocol sysctls are called via pr_sysctl. As calling sysctl(2) is in the slow path, doing fine grained locking has no benefit. Many sysctl cases copy out a struct. Having a lock around that keeps the struct consistent. Put assertions in the protocol sysctls that need it. OK mpi@
* Kill recursive splsoftnet()/splx() in tcp_ctloutput().mpi2016-12-201-6/+2
| | | | ok mikeb@, bluhm@
* Introduce the NET_LOCK() a rwlock used to serialize accesses to the partsmpi2016-12-191-2/+2
| | | | | | | | | | | of the network stack that are not yet ready to be executed in parallel or where new sleeping points are not possible. This first pass replace all the entry points leading to ip_output(). This is done to not introduce new sleeping points when trying to acquire ART's write lock, needed when a new L2 entry is created via the RT_RESOLVE. Inputs from and ok bluhm@, ok dlg@
* Enforce that pr_usrreq functions are called at IPL_SOFTNET.mpi2016-11-211-7/+3
| | | | | | | This will allow us to keep locking simple as soon as we trade splsoftnet() for a rwlock. ok bluhm@, claudio@
* ANSIfy netinet/; from David Hillnaddy2016-09-241-24/+10
|
* To tune the TCP SYN cache we need more information. Print thebluhm2016-07-201-1/+19
| | | | | relevant counters with netstat -s -p tcp. OK henning@
* Make the size for the syn cache hash array tunable. As we arebluhm2016-07-201-1/+22
| | | | | | | | swapping between two syn caches for random reseeding anyway, this feature can be added easily. When the cache is empty, there is an opportunity to change the hash size. This allows an admin under SYN flood attack to defend his machine. Suggested by claudio@; OK jung@ claudio@ jmc@
* Do not increase the size of the socket buffer under memory pressure.mpi2016-07-111-8/+10
| | | | From Simon Mages, ok beck@, claudio@, bluhm@
* Add net.inet.{tcp,udp}.rootonly sysctl, to mark which portsvgross2016-06-181-1/+7
| | | | | | cannot be bound to by non-root users. Ok millert@ bluhm@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.