Commit Graph

58 Commits

Author SHA1 Message Date
wollman
ce1a2d2262 The long-awaited mega-massive-network-code- cleanup. Part I.
This commit includes the following changes:
1) Old-style (pr_usrreq()) protocols are no longer supported, the compatibility
glue for them is deleted, and the kernel will panic on boot if any are compiled
in.

2) Certain protocol entry points are modified to take a process structure,
so they they can easily tell whether or not it is possible to sleep, and
also to access credentials.

3) SS_PRIV is no more, and with it goes the SO_PRIVSTATE setsockopt()
call.  Protocols should use the process pointer they are now passed.

4) The PF_LOCAL and PF_ROUTE families have been updated to use the new
style, as has the `raw' skeleton family.

5) PF_LOCAL sockets now obey the process's umask when creating a socket
in the filesystem.

As a result, LINT is now broken.  I'm hoping that some enterprising hacker
with a bit more time will either make the broken bits work (should be
easy for netipx) or dike them out.
1997-04-27 20:01:29 +00:00
peter
c8dcd04895 Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not
ready for it yet.
1997-02-22 09:48:43 +00:00
jkh
9c0cd3f9df Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
fenner
9fed233673 Re-enable the TCP SYN-attack protection code. I was the one who didn't
understand the socket state flag.

2.2 candidate.
1996-11-10 07:37:24 +00:00
pst
6f4828f709 Fix two bugs I accidently put into the syn code at the last minute
(yes I had tested the hell out of this).

I've also temporarily disabled the code so that it behaves as it previously
did (tail drop's the syns) pending discussion with fenner about some socket
state flags that I don't fully understand.

Submitted by:	fenner
1996-10-11 19:26:42 +00:00
dg
4dbfba8c59 Improved in_pcblookuphash() to support wildcarding, and changed relavent
callers of it to take advantage of this. This reduces new connection
request overhead in the face of a large number of PCBs in the system.
Thanks to David Filo <filo@yahoo.com> for suggesting this and providing
a sample implementation (which wasn't used, but showed that it could be
done).

Reviewed by:	wollman
1996-10-07 19:06:12 +00:00
pst
ac8a1f4a7b Increase robustness of FreeBSD against high-rate connection attempt
denial of service attacks.

Reviewed by:	bde,wollman,olah
Inspired by:	vjs@sgi.com
1996-10-07 04:32:42 +00:00
pst
a6c49cc328 I don't understand, I committed this fix (move a counter and fixed a typo)
this evening.

I think I'm going insane.
1996-09-21 06:39:20 +00:00
ache
dd543eebdf Syntax error: so_incom -> so_incomp 1996-09-21 06:30:06 +00:00
pst
3f3cd29c20 If the incomplete listen queue for a given socket is full,
drop the oldest entry in the queue.

There was a fair bit of discussion as to whether or not the
proper action is to drop a random entry in the queue.  It's
my conclusion that a random drop is better than a head drop,
however profiling this section of code (done by John Capo)
shows that a head-drop results in a significant performance
increase.

There are scenarios where a random drop is more appropriate.
If I find one in reality, I'll add the random drop code under
a conditional.

Obtained from: discussions and code done by Vernon Schryver (vjs@sgi.com).
1996-09-20 21:25:18 +00:00
pst
1fd59f43bb Make the misnamed tcp initial keepalive timer value (which is really the
time, in seconds, that state for non-established TCP sessions stays about)
a sysctl modifyable variable.

[part 1 of two commits, I just realized I can't play with the indices as
 I was typing this commit message.]
1996-09-13 23:51:44 +00:00
pst
99feb2769e Receipt of two SYN's are sufficient to set the t_timer[TCPT_KEEP]
to "keepidle".  this should not occur unless the connection has
been established via the 3-way handshake which requires an ACK

Submitted by:	jmb
Obtained from:	problem discussed in Stevens vol. 3
1996-09-13 18:47:03 +00:00
fenner
3e8710735e Back out my stupid braino; I was thinking strlen and not sizeof. 1996-05-02 05:54:14 +00:00
fenner
6629bc2137 Size temp var correctly; buf[4*sizeof "123"] is not long enough
to store "192.252.119.189\0".
1996-05-02 05:31:13 +00:00
ache
30d849a3a8 inet_ntoa buffer was evaluated twice in log_in_vain, fix it.
Thanx to: jdp
1996-04-27 18:19:12 +00:00
wollman
05f1ff2434 Delete #ifdef notdef blocks containing old method of srtt calculation.
Requested by: davidg
1996-04-26 18:32:58 +00:00
pst
ab8419ba56 Logging UDP and TCP connection attempts should not be enabled by default.
It's trivial to create a denial of service attack on a box so enabled.

These messages, if enabled at all, must be rate-limited. (!)
1996-04-09 07:01:53 +00:00
phk
3c1f21e576 Log TCP syn packets for ports we don't listen on.
Controlled by: sysctl net.inet.tcp.log_in_vain: 1

Log UDP syn packets for ports we don't listen on.
Controlled by: sysctl net.inet.udp.log_in_vain: 1

Suggested by:	Warren Toomey <wkt@cs.adfa.oz.au>
1996-04-04 10:46:44 +00:00
wollman
88e6047a31 Slight modification of RTO floor calculation. 1996-03-25 20:13:21 +00:00
wollman
60eacb32bc A number of performance-reducing flaws fixed based on comments
from Larry Peterson &co. at Arizona:

- Header prediction for ACKs did not exclude Fast Retransmit/Recovery.
- srtt calculation tended to get ``stuck'' and could never decrease
  when below 8.  It still can't, but the scaling factors are adjusted
  so that this artifact does not cause as bad an effect on the RTO
  value as it used to.

The paper also points out the incr/8 error that has been long since fixed,
and the problems with ACKing frequency resulting from the use of options
which I suspect to be fixed already as well (as part of the T/TCP work).

Obtained from:	Brakmo & Peterson, ``Performance Problems in BSD4.4 TCP''
1996-03-22 18:09:21 +00:00
dg
9fe925fda1 Move or add #include <queue.h> in preparation for upcoming struct socket
changes.
1996-03-11 15:13:58 +00:00
guido
5b8d532ec0 Add a counter for the number of times the listen queue was overflowed to
the tcpstat structure. (netstat -s)
Reviewed by:	wollman
Obtained from: Steves, TCP/IP Ill. vol.3, page 189
1996-02-26 21:47:13 +00:00
dg
2d80acc1d2 Fixed bug in Path MTU Discovery that caused the system to have to re-
discover the Path MTU for each connection if the connecting host didn't
offer an initial MSS.

Submitted by:	davidg & olah
1996-02-22 11:46:39 +00:00
olah
6aa32cba8b Fix a bug related to the interworking of T/TCP and window scaling:
when a connection enters the ESTBLS state using T/TCP, then window
scaling wasn't properly handled.  The fix is twofold.

1) When the 3WHS completes, make sure that we update our window
scaling state variables.

2) When setting the `virtual advertized window', then make sure
that we do not try to offer a window that is larger than the maximum
window without scaling (TCP_MAXWIN).

Reviewed by:	davidg
Reported by:	Jerry Chen <chen@Ipsilon.COM>
1996-01-31 08:22:24 +00:00
phk
50d195499f Another mega commit to staticize things. 1995-12-14 09:55:16 +00:00
phk
94db844d0f New style sysctl & staticize alot of stuff. 1995-11-14 20:34:56 +00:00
phk
73671e5b9f Start adding new style sysctl here too. 1995-11-09 20:23:09 +00:00
olah
b4b48f580d Cosmetic changes to processing of segments in the SYN_SENT state:
- remove a redundant condition;
- complete all validity checks on segment before calling
  soisconnected(so).

Reviewed by:	Richard Stevens, davidg, wollman
1995-11-03 22:31:54 +00:00
wollman
46b50770ba Routes can be asymmetric. Always offer to /accept/ an MSS of up to the
capacity of the link, even if the route's MTU indicates that we cannot
send that much in their direction.  (This might actually make it possible
to test Path MTU discovery in a useful variety of cases.)
1995-10-13 16:00:25 +00:00
wollman
57803d806c Finish 4.4-Lite-2 merge: randomize TCP initial sequence numbers
to make ISS-guessing spoofing attacks harder.
1995-10-03 16:54:17 +00:00
olah
fcc9755668 Remove a redundant `if' from tcp_reass().
Correct a typo in a comment (SEND_SYN -> NEEDSYN).

Reviewed by:	David Greenman
1995-07-31 10:24:22 +00:00
wollman
1f7e5cbf85 tcp_input.c - keep track of how many times a route contained a cached rtt
or ssthresh that we were able to use

tcp_var.h - declare tcpstat entries for above; declare tcp_{send,recv}space

in_rmx.c - fill in the MTU and pipe sizes with the defaults TCP would have
	used anyway in the absence of values here
1995-07-10 15:39:16 +00:00
wollman
847dfd231e Keep track of the number of samples through the srtt filter so that we
know better when to cache values in the route, rather than relying on a
heuristic involving sequence numbers that broke when tcp_sendspace
was increased to 16k.
1995-06-29 18:11:24 +00:00
rgrimes
b6f07b22b2 Remove trailing whitespace. 1995-05-30 08:16:23 +00:00
dg
d0deae3ce8 #ifdef'd my Nagel/ACK hack with "TCP_ACK_HACK", disabled by default. I'm
currently considering reducing the TCP fasttimo to 100ms to help improve
things, but this would be done as a seperate step at some point in the
future.
This was done because it was causing some sometimes serious performance
problems with T/TCP.
1995-05-11 01:41:06 +00:00
olah
39f3f478a7 Fix a misspelled constant in tcp_input.c.
On Tue, 09 May 1995 04:35:27 PDT, Richard Stevens wrote:
> In tcp_dooptions() under the case TCPOPT_CC there is an assignment
>
>       to->to_flag |= TCPOPT_CC;
>
> that should be
>
>       to->to_flag |= TOF_CC;
>
> I haven't thought through the ramifications of what's been happening ...
>
>       Rich Stevens

Submitted by:	rstevens@noao.edu (Richard Stevens)
1995-05-09 12:32:06 +00:00
dg
dea37698fd Changed in_pcblookuphash() to not automatically call in_pcblookup() if
the lookup fails. Updated callers to deal with this. Call in_pcblookuphash
instead of in_pcblookup() in in_pcbconnect; this improves performance of
UDP output by about 17% in the standard case.
1995-05-03 07:16:53 +00:00
dg
c9aa8e2bc6 Further satisfy my paranoia by making sure that the ACKNOW is only
set when ti_len is non-zero.
1995-04-10 17:37:46 +00:00
dg
29f8feab9e Fixed bug I introduced with my Nagel hack which caused tcp_input and
tcp_output to loop endlessly. This was freefall's problem during the past
day.
1995-04-10 17:16:10 +00:00
dg
0294ad93f7 Implemented PCB hashing. Includes new functions in_pcbinshash, in_pcbrehash,
and in_pcblookuphash.
1995-04-09 01:29:31 +00:00
olah
3b47571b11 Fix a bug in tcp_input reported by Rick Jones <raj@hpisrdq.cup.hp.com>.
If a goto findpcb occurred during the processing of a segment, the TCP and
IP headers were dropped twice from the mbuf which resulted in data acked
by TCP but not delivered to the user.
Reviewed by:	davidg
1995-04-05 10:32:14 +00:00
dg
c92c9bd457 Re-apply my "breakage" to the Nagel congestion avoidence. This version
differs slightly in the logic from the previous version; packets are now
acked immediately if the sender set PUSH.
1995-03-27 07:12:24 +00:00
bde
69e0f79830 Add and move declarations to fix all of the warnings from `gcc -Wimplicit'
(except in netccitt, netiso and netns) and most of the warnings from
`gcc -Wnested-externs'.  Fix all the bugs found.  There were no serious
ones.
1995-03-16 18:17:34 +00:00
wollman
b474b8388c Avoid deadlock situation described by Stevens using his suggested replacement
code.

Obtained from: Stevens, vol. 2, pp. 959-960
1995-02-16 01:39:19 +00:00
wollman
845b959893 Transaction TCP support now standard. Hack away! 1995-02-16 00:55:44 +00:00
phk
deaea2f54f YFfix. 1995-02-14 06:28:25 +00:00
wollman
cb726a0329 Get rid of some unneeded #ifdef TTCP lines. Also, get rid of some
bogus commons declared in header files.
1995-02-14 02:35:19 +00:00
wollman
2925618da1 Merge Transaction TCP, courtesy of Andras Olah <olah@cs.utwente.nl> and
Bob Braden <braden@isi.edu>.

NB: This has not had David's TCP ACK hack re-integrated.  It is not clear
what the correct solution to this problem is, if any.  If a better solution
doesn't pop up in response to this message, I'll put David's code back in
(or he's welcome to do so himself).
1995-02-09 23:13:27 +00:00
wollman
511e6450ed As suggested by Sally Floyd, don't add the ``small fraction of the window
size'' when doing congestion avoidance.

Submitted by:	Mark Andrews
1994-10-13 18:36:32 +00:00
phk
d338130948 GCC cleanup.
Reviewed by:
Submitted by:
Obtained from:
1994-10-02 17:48:58 +00:00