Commit Graph

5488 Commits

Author SHA1 Message Date
Pedro F. Giffuni
99d628d577 netinet: for pointers replace 0 with NULL.
These are mostly cosmetical, no functional change.

Found with devel/coccinelle.

Reviewed by:	ae. tuexen
2016-04-15 15:46:41 +00:00
Andrey V. Elsukov
2acdf79f53 Add External Actions KPI to ipfw(9).
It allows implementing loadable kernel modules with new actions and
without needing to modify kernel headers and ipfw(8). The module
registers its action handler and keyword string, that will be used
as action name. Using generic syntax user can add rules with this
action. Also ipfw(8) can be easily modified to extend basic syntax
for external actions, that become a part base system.
Sample modules will coming soon.

Obtained from:	Yandex LLC
Sponsored by:	Yandex LLC
2016-04-14 22:51:23 +00:00
Michael Tuexen
4d6b853ad6 Allow the handling of ICMP messages sent in response to SCTP packets
containing an INIT chunk. These need to be handled in case the peer
does not support SCTP and returns an ICMP messages indicating destination
unreachable, protocol unreachable.

MFC after:	1 week
2016-04-14 19:59:21 +00:00
Michael Tuexen
f77b842746 When delivering an ICMP packet to the ctlinput function, ensure that
the outer IP header, the ICMP header, the inner IP header and the
first n bytes are stored in contgous memory. The ctlinput functions
currently rely on this for n = 8. This fixes a bug in case the inner IP
header had options.
While there, remove the options from the outer header and provide a
way to increase n to allow improved ICMP handling for SCTP. This will
be added in another commit.

MFC after:	1 week
2016-04-14 19:51:29 +00:00
Luiz Otavio O Souza
de89d74b70 Do not overwrite the dchg variable.
It does not cause any real issues because the variable is overwritten
only when the packet is forwarded (and the variable is not used anymore).

Obtained from:	pfSense
MFC after:	2 weeks
Sponsored by:	Rubicon Communications (Netgate)
2016-04-14 18:57:30 +00:00
Michael Tuexen
08b9595770 Refactor the handling of ICMP/IPv4 packets for SCTP/IPv4.
This cleansup the code and prepares upcoming handling of ICMP/IPv4 packets
for SCTP/UDP/IPv4 packets. IPv6 changes will follow...

MFC after:	3 days
2016-04-12 21:40:54 +00:00
Michael Tuexen
cf4476eb39 When processing an ICMP packet containing an SCTP packet, it
is required to check the verification tag. However, this
requires the verification tag to be not 0. Enforce this.
For packets with a verification tag of 0, we need to
check it it contains an INIT chunk and use the initiate
tag for the validation. This will be a separate commit,
since it touches also other code.

MFC after: 1 week
2016-04-12 11:48:54 +00:00
Bjoern A. Zeeb
806929d514 Mfp: r296310,r296343
It looks like as with the safety belt of DELAY() fastened (*) we can
completely tear down and free all memory for TCP (after r281599).

(*) in theory a few ticks should be good enough to make sure the timers
are all really gone. Could we use a better matric here and check a
tcbcb count as an optimization?

PR:		164763
Reviewed by:	gnn, emaste
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5734
2016-04-09 12:05:23 +00:00
Bjoern A. Zeeb
8586a9635f Mfp: r296260
The tcp_inpcb (pcbinfo) zone should be safe to destroy.

PR:		164763
Reviewed by:	gnn
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5732
2016-04-09 11:27:47 +00:00
Bjoern A. Zeeb
f254aeda60 Mfp: r296259
We attach the "counter" to the tcpcbs. Thus don't free the
TCP Fastopen zone before the tcpcbs are gone, as otherwise
the zone won't be empty.
With that it should be safe to destroy the "tfo" zone without
leaking the memory.

PR:		164763
Reviewed by:	gnn
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5731
2016-04-09 10:58:08 +00:00
Bjoern A. Zeeb
dc95d65555 Mfp: r296309
While there is no dependency interaction, stopping the timer before
freeing the rest of the resources seems more natural and avoids it
being scheduled an extra time when it is no longer needed.

Reviewed by:	gnn, emaste
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5733
2016-04-09 10:51:07 +00:00
Bjoern A. Zeeb
e18b26d377 Mfp: r296345
No need to keep type stability on raw sockets zone.
We've also been running with a KASSERT since r222488 to make sure the
ipi_count is 0 on destroy.

PR:		164763
Reviewed by:	gnn
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5735
2016-04-09 10:44:57 +00:00
Bjoern A. Zeeb
4c86b2bc13 Mfp: r296346
No reason identified to keep UMA_ZONE_NOFREE here.

Reviewed by:	gnn
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5736
2016-04-09 10:39:54 +00:00
Randall Stewart
9d18771f69 A couple of minor changes that I missed that Michael had done, most noted
in these is the change to non-strict ordering for incoming data (this will
make pkt-drill test 14 fail but its expected).
2016-04-07 09:34:41 +00:00
Randall Stewart
44249214d3 This is work done by Michael Tuexen and myself at the IETF. This
adds the new I-Data (Interleaved Data) message. This allows a user
to be able to have complete freedom from Head Of Line blocking that
was previously there due to the in-ability to send multiple large
messages without the TSN's being in sequence. The code as been
tested with Michaels various packet drill scripts as well as
inter-networking between the IETF's location in Argentina and Germany.
2016-04-07 09:10:34 +00:00
Michael Tuexen
e2823e8570 Set the chunk id for ERROR chunks.
This is work with rrs@.
MFC after:	1 week
2016-04-01 20:38:15 +00:00
Sepherosa Ziehau
1ea448225c tcp/lro: Change SLIST to LIST, so that removing an entry is O(1)
This is kinda critical to the performance when the CPU is slow and
network bandwidth is high, e.g. in the hypervisor.

Reviewed by:	rrs, gallatin, Dexuan Cui <decui microsoft com>
Sponsored by:	Microsoft OSTC
Differential Revision:	https://reviews.freebsd.org/D5765
2016-04-01 06:43:05 +00:00
Sepherosa Ziehau
6dd38b8716 tcp/lro: Use tcp_lro_flush_all in device drivers to avoid code duplication
And factor out tcp_lro_rx_done, which deduplicates the same logic with
netinet/tcp_lro.c

Reviewed by:	gallatin (1st version), hps, zbb, np, Dexuan Cui <decui microsoft com>
Sponsored by:	Microsoft OSTC
Differential Revision:	https://reviews.freebsd.org/D5725
2016-04-01 06:28:33 +00:00
George V. Neville-Neil
ce223fb715 Unbreak the RSS/PCBGROUp build. 2016-03-31 00:53:23 +00:00
Edward Tomasz Napierala
35030a5dd4 Remove some NULL checks for M_WAITOK allocations.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-03-29 13:56:59 +00:00
Michael Tuexen
a08b29253d Don't allow the user to set a peer primary which is restricted
and not pending.

MFC after: 1 week
2016-03-28 19:32:13 +00:00
Michael Tuexen
76f8482a93 Restrict local addresses until they are acked by the peer.
MFC after: 1 week
2016-03-28 19:31:10 +00:00
Michael Tuexen
5114dccbd4 Trigger sending of queued ASCONF chunks if outstanding ones are ACKED.
MFC after:	1 week
2016-03-28 11:32:20 +00:00
Michael Tuexen
9a8e308861 Improve compilation on windows 64-bit (for the userland stack).
MFC after:	1 week
2016-03-27 10:04:25 +00:00
Sepherosa Ziehau
489f0c3c17 tcp/lro: Return TCP_LRO_NO_ENTRIES if we are short of LRO entries.
So that callers could react accordingly.

Reviewed by:	gallatin (no objection)
MFC after:	1 week
Sponsored by:	Microsoft OSTC
Differential Revision:	https://reviews.freebsd.org/D5695
2016-03-25 02:54:13 +00:00
Bjoern A. Zeeb
4f321dbd1c Fix compile errors after r297225:
- properly V_irtualise variable access unbreaking VIMAGE kernels.
- remove the volatile from the function return type to make architecture
  using gcc happy [-Wreturn-type]
  "type qualifiers ignored on function return type"
  I am not entirely happy with this solution putting the u_int there
  but it will do for now.
2016-03-24 11:40:10 +00:00
George V. Neville-Neil
84cc0778d0 FreeBSD previously provided route caching for TCP (and UDP). Re-add
route caching for TCP, with some improvements. In particular, invalidate
the route cache if a new route is added, which might be a better match.
The cache is automatically invalidated if the old route is deleted.

Submitted by:	Mike Karels
Reviewed by:	gnn
Differential Revision:	https://reviews.freebsd.org/D4306
2016-03-24 07:54:56 +00:00
Michael Tuexen
ed65436366 Add const to several constants. Thanks to Nicholas Nethercote for
providing the patch via
https://bugzilla.mozilla.org/show_bug.cgi?id=1255655

MFC after:	1 week
2016-03-23 13:28:04 +00:00
Jonathan T. Looney
5d20f97461 to_flags is currently a 64-bit integer; however, we only use 7 bits.
Furthermore, there is no reason this needs to be a 64-bit integer
for the forseeable future.

Also, there is an inconsistency between to_flags and the mask in
tcp_addoptions(). Before r195654, to_flags was a u_long and the mask in
tcp_addoptions() was a u_int. r195654 changed to_flags to be a u_int64_t
but left the mask in tcp_addoptions() as a u_int, meaning that these
variables will only be the same width on platforms with 64-bit integers.

Convert both to_flags and the mask in tcp_addoptions() to be explicitly
32-bit variables. This may save a few cycles on 32-bit platforms, and
avoids unnecessarily mixing types.

Differential Revision:	https://reviews.freebsd.org/D5584
Reviewed by:	hiren
MFC after:	2 weeks
Sponsored by:	Juniper Networks
2016-03-22 15:55:17 +00:00
Hans Petter Selasky
d4d32b9fec Fix kernel build after adding new sysctl asserts in r296933. 2016-03-16 10:42:24 +00:00
Gleb Smirnoff
bf840a1707 Redo r294869. The array of counters for TCP states doesn't belong to
struct tcpstat, because the structure can be zeroed out by netstat(1) -z,
and of course running connection counts shouldn't be touched.

Place running connection counts into separate array, and provide
separate read-only sysctl oid for it.
2016-03-15 00:15:10 +00:00
Gleb Smirnoff
2f06d2ab91 Comment fix: statistics are not read-only. 2016-03-14 18:06:59 +00:00
Bjoern A. Zeeb
19edab1711 Remove duplicate external declaration of tcprexmtthresh making
gcc compiles barf.
2016-03-13 21:26:18 +00:00
John Baldwin
47cedcbd72 Use SI_SUB_LAST instead of SI_SUB_SMP as the "catch-all" subsystem.
Reviewed by:	kib
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D5515
2016-03-11 23:18:06 +00:00
Michael Tuexen
1fabc43e9f Actually send a asconf chunk, not only queue one.
MFC after: 3 days
2016-03-10 00:27:10 +00:00
Randall Stewart
ec64c84ddc Fix a sneaky bug where we were missing an extern
to get the rxt threshold.. and thus created our own defaulted to 0 :-(

Sponsored by:	Netflix Inc
2016-03-08 00:16:34 +00:00
Jonathan T. Looney
737d4f6c93 As reported on the transport@ and current@ mailing lists, the FreeBSD TCP
stack is not compliant with RFC 7323, which requires that TCP stacks send
a timestamp option on all packets (except, optionally, RSTs) after the
session is established.

This patch adds that support. It also adds a TCP signature option to the
packet, if appropriate.

PR:		206047
Differential Revision:	https://reviews.freebsd.org/D4808
Reviewed by:	hiren
MFC after:	2 weeks
Sponsored by:	Juniper Networks
2016-03-07 15:00:34 +00:00
Jonathan T. Looney
9cbade8feb Some cleanup in tcp_respond() in preparation for another change:
- Reorder variables by size
- Move initializer closer to where it is used
- Remove unneeded variable

Differential Revision:	https://reviews.freebsd.org/D4808
Reviewed by:	hiren
MFC after:	2 weeks
Sponsored by:	Juniper Networks
2016-03-07 14:59:49 +00:00
George V. Neville-Neil
e79cb051d5 Fix dtrace probes (introduced in 287759): debug__input was used
for output and drop; connect didn't always fire a user probe
some probes were missing in fastpath

Submitted by:	Hannes Mehnert
Sponsored by:	REMS, EPSRC
Differential Revision:	https://reviews.freebsd.org/D5525
2016-03-03 17:46:38 +00:00
Bryan Drewery
6971a63795 Fix build after r29592. 2016-02-23 21:21:47 +00:00
Randall Stewart
6e0efc6a39 This fixes the fastpath code to have a better module initialization sequence when
included in loader.conf. It also fixes it so that no matter if some one incorrectly
specifies a load order, the lists and such will be initialized on demand at that
time so no one can make that mistake.

Reviewed by:	hiren
Differential Revision:	D5189
2016-02-23 17:53:39 +00:00
Michael Tuexen
64a3a6304e Use the SCTP level pointer, not the interface level.
MFC after:	3 days
2016-02-19 11:25:18 +00:00
Michael Tuexen
861f6d1196 Add protection code.
MFC after:	3 days
CID:		748858
2016-02-18 21:33:10 +00:00
Michael Tuexen
fdc4c9d067 Add some protection code.
CID:		1331893
MFC after:	3 days
2016-02-18 21:21:45 +00:00
Sepherosa Ziehau
7ae3d4bf54 tcp/lro: Allow drivers to set the TCP ACK/data segment aggregation limit
ACK aggregation limit is append count based, while the TCP data segment
aggregation limit is length based.  Unless the network driver sets these
two limits, it's an NO-OP.

Reviewed by:	adrian, gallatin (previous version), hselasky (previous version)
Approved by:	adrian (mentor)
MFC after:	1 week
Sponsored by:	Microsoft OSTC
Differential Revision:	https://reviews.freebsd.org/D5185
2016-02-18 04:58:34 +00:00
Michael Tuexen
828318e155 Add protection code for issues reported by PVS / D5245.
MFC after:	3 days
2016-02-17 18:12:38 +00:00
Michael Tuexen
815f806b82 Code cleanup which will silence a warning in PVS / D5245. 2016-02-17 18:04:22 +00:00
Michael Tuexen
7b0fd8f2af Address a warning reported by D5245 / PVS.
MFC after:	3 days
2016-02-17 17:52:46 +00:00
Michael Tuexen
467f0d55b4 Whitespace changes. 2016-02-16 20:33:18 +00:00
Michael Tuexen
2b1c7de4d8 Improve the teardown of the SCTP stack.
Obtained from:	bz@
MFC after: 1 week
2016-02-16 19:36:25 +00:00