3345 Commits

Author SHA1 Message Date
Marius Strobl
c89c8a1029 On architectures with strict alignment requirements compensate
the misalignment of the IP header that prepending the EtherIP
header might have caused.

PR:		131921
MFC after:	1 week
2009-03-07 19:08:58 +00:00
Randall Stewart
5171328bd6 Fixes for window probes:
1) WP should never be marked unless flight size is 0
 2) When recovering from wp if the peer ack's it we don't mark for retran
 3) When recovering, we must assure a timer is still running.
2009-03-06 11:03:52 +00:00
Randall Stewart
dfb11ef895 - PR-SCTP bug, where the CUM-ACK was not being updated
into the advance_peer_ack point so we would incorrectly
  send a wrong value in the FWD-TSN
- PR-SCTP bug, where an PR packet is used for a window
  probe which could incorrectly get the packet moved
  back into the send_queue, which will cause major issues and
  should not happen.
- Fix a trace to use the proper macro.
2009-03-04 20:54:42 +00:00
Bruce M Simpson
8b889dbb9e In ip_output(), do not acquire the IN_MULTI_LOCK(),
and do not attempt to perform a group lookup.
This is a socket layer lock, and the bottom half of IP
really has no business taking it.

Use the value of the in_mcast_loop sysctl to determine
if we should loop back by default, in the absence of
any multicast socket options. Because the check on
group membership is now deferred to the input path,
an m_copym() is now required.

This should increase multicast send performance where the
source has not requested loopback, although this has not been
benchmarked or measured.

It is also a necessary change for IN_MULTI_LOCK to become
non-recursive, which is required in order to implement IGMPv3
in a thread-safe way.
2009-03-04 03:45:34 +00:00
Bruce M Simpson
dd7fd7c07c Add sysctl net.inet.ip.mcast.loop. This controls whether or not
IPv4 multicast sends are looped back to senders by default
on a stack-wide basis, rather than relying on the socket option.
Note that the sysctl only applies to newly created multicast sockets.
2009-03-04 03:40:02 +00:00
Bruce M Simpson
346e3178ea Merge header file definitions used by the new IGMPv3 implementation.
This is a partial merge. Compatibility defines are retained for
the existing IGMPv2 implementation.
2009-03-04 03:22:03 +00:00
Bruce M Simpson
b554b6ca91 Add various defines/macros required by IGMPv3:
* MCAST_UNDEFINED state.
 * in_allhosts() macro (group is 224.0.0.1).
   This uses a const endian comparison.
 * IP_MAX_GROUP_SRC_FILTER, IP_MAX_SOCK_SRC_FILTER
   default resource limits.
2009-03-04 03:01:05 +00:00
Bruce M Simpson
f0dcb78326 Add function ip_checkrouteralert(), which will be used
by IGMPv3 to check for the IPv4 Router Alert [RFC2113]
option in a pulled-up IP mbuf chain.
2009-03-04 02:51:22 +00:00
Bjoern A. Zeeb
1263305f0c Start removing IPv6 Type 0 Routing header code.
RH0 was deprecated by RFC 5095.

While most of the code had been disabled by #if 0 already, leave a
bit of infrastructure for possible RH2 code and a log message under
BURN_BRIDGES in case a user still tries to send RH0 packets.

Reviewed by:	gnn (a bit back, earlier version)
2009-03-03 13:12:12 +00:00
Luigi Rizzo
ac6bb60e0a curr_time is a 64 bit variable so SYSCTL_LONG is not appropriate
as a handler.
The variable was exported only for debugging, but there is little reason
to do it now that the timekeeping is supported by various other variables.
For the time being just comment out the sysctl, but I think this
should go away.
2009-03-02 22:16:50 +00:00
Luigi Rizzo
0906f40fd8 fw_debug has been unused for ages, so remove it from the list
of sysctl_variables.
I would also remove it from the VNET record but I am unsure if
there is any ABI issue -- so for the time being just mark it as
unused in ip_fw.h, and then we will collect the garbage at some
appropriate time in the future.

MFC after:	3 days
2009-03-02 22:11:48 +00:00
Bjoern A. Zeeb
2bebb49117 Add size-guards evaluated at compile-time to the main struct vnet_*
which are not in a module of their own like gif.

Single kernel compiles and universe will fail if the size of the struct
changes. Th expected values are given in sys/vimage.h.
See the comments where how to handle this.

Requested by:	peter
2009-03-01 11:01:00 +00:00
Robert Watson
8e5057ed20 Remove unreachable code for generating RST segments from tcp_twcheck();
this code became stale when T/TCP support was removed.

Discussed with:	bz, sam
MFC after:	1 month
2009-02-28 22:58:52 +00:00
Randall Stewart
8aae94933f Fix the add stream feature of strm-reset to really work:
- Fix the copy, we can't do a blind copy but must transfer
   the data from the old to the new.
 - Fix the ACK processing so we properly stop retransmitting
   the thing.
 - Fix it so if we get a retran we will properly reply with
   the saved response without doing anything.

MFC after:	1 month
2009-02-27 20:54:45 +00:00
Bjoern A. Zeeb
33553d6e99 For all files including net/vnet.h directly include opt_route.h and
net/route.h.

Remove the hidden include of opt_route.h and net/route.h from net/vnet.h.

We need to make sure that both opt_route.h and net/route.h are included
before net/vnet.h because of the way MRT figures out the number of FIBs
from the kernel option. If we do not, we end up with the default number
of 1 when including net/vnet.h and array sizes are wrong.

This does not change the list of files which depend on opt_route.h
but we can identify them now more easily.
2009-02-27 14:12:05 +00:00
Roman Divacky
af83f5d77c Change the functions to ANSI in those cases where it breaks promotion
to int rule. See ISO C Standard: SS6.7.5.3:15.

Approved by:	kib (mentor)
Reviewed by:	warner
Tested by:	silence on -current
2009-02-24 18:09:31 +00:00
Robert Watson
ce2ae9ab4b In tcp_usr_shutdown() and tcp_usr_send(), I missed converting NULL
checks for the tcpcb, previously used to detect complete disconnection,
with INP_DROPPED checks.  Correct that, preventing shutdown() from
improperly generating a TCP segment with destination IP and port of
0.0.0.0:0.

PR:		kern/132050
Reported by:	david gueluy <david.gueluy at netasq.com>
MFC after:	3 weeks
2009-02-24 11:17:50 +00:00
Robert Watson
63d0295c2f In in_rtqkill(), assert the radix head lock, and pass RTF_RNH_LOCKED
to in_rtrequest(); the radix head lock is already acquired before
rnh_walktree is called in in_rtqtimo_one().  This avoids a recursive
acquisition that is no longer permitted in 8.x due to use of an rwlock
for the radix head lock.

Reported by:	dikshie <dikshie at gmail.com>
MFC after:	3 days
2009-02-23 22:57:55 +00:00
Randall Stewart
ea44232b3a Add the add-stream capability. Still needs more
testing..

MFC after:	1 month
2009-02-20 15:03:54 +00:00
Randall Stewart
186414058a Fix a bug. The sending was being restricted improperly by
the max_burst. It should only be gated by cwnd in the
lower level send.

Obtained from:	Michael Tuexen
MFC after:	1 week.
2009-02-20 14:33:45 +00:00
Luigi Rizzo
d8d42f3f4e correct some #include 2009-02-16 15:10:51 +00:00
Luigi Rizzo
35b78b7520 remove dependency on eventhandler.h, we only need a forward declaration 2009-02-16 15:08:41 +00:00
Luigi Rizzo
281c8daea2 remove dependency on net/if.h of this header 2009-02-16 15:07:40 +00:00
Luigi Rizzo
2eef235973 use a const format string in the log message so we can check the
arguments (if/when we enable those checks)
2009-02-16 12:09:52 +00:00
Luigi Rizzo
ada55ca0b7 remove unnecessary #include from vnet.h and vinet.h
Approved by:	Marko Zec
2009-02-15 00:28:28 +00:00
Randall Stewart
eef9e53e55 This commit fixes the issue with alias_sctp.c. No
longer do we require SCTP to be in the kernel for the
lib to be able to handle SCTP. We do this by moving
the CRC32c checksum into libkern/crc32.c and then adjusting
all routines to use the common methods. Note that this
will improve the performance of iSCSI since they were
using the old single 256 bit table lookup versus the
slicing 8 algorithm (which gives a 4x speed up in
CRC32c calculation :-D)

Reviewed by:rwatson, gnn, scottl, paolo
MFC after:	4 week? (assuming we MFC the alias_sctp changes)
2009-02-14 11:34:57 +00:00
Randall Stewart
c3b8c73cf1 Have the jail code use the error returned to pass not constant
errors.
Obtained from:	jamie@freebsd.org
2009-02-13 18:44:30 +00:00
Luigi Rizzo
8f2f943e8f remove unnecessary #include, and document some of the others 2009-02-13 15:37:14 +00:00
Luigi Rizzo
d685b6ee05 Use uint32_t instead of n_long and n_time, and uint16_t instead of n_short.
Add a note next to fields in network format.

The n_* types are not enough for compiler checks on endianness, and their
use often requires an otherwise unnecessary #include <netinet/in_systm.h>

The typedef in in_systm.h are still there.
2009-02-13 15:14:43 +00:00
Randall Stewart
4f6b49338e Move the new rwnd field down to the very end
of the xsctp structure. This is where all new
fields belong (not that we will be ABI compatiable
with 7.x anyway.. sigh).
2009-02-13 14:43:46 +00:00
Randall Stewart
11b14db397 Add padding to then end of the xsctp_xxx structures to
allow future changes to be able to maintain ABI compatibility
2009-02-09 17:37:17 +00:00
Randall Stewart
74246b2734 Fix minor spacing problem found by s9indent from last
commit.
2009-02-09 11:42:23 +00:00
Randall Stewart
a1f2f7a5a0 Fix INET only build breakage with SCTP - pointy hat to me :-) 2009-02-09 11:41:54 +00:00
Bjoern A. Zeeb
97aa4a517a Try to remove/assimilate as much of formerly IPv4/6 specific
(duplicate) code in sys/netipsec/ipsec.c and fold it into
common, INET/6 independent functions.

The file local functions ipsec4_setspidx_inpcb() and
ipsec6_setspidx_inpcb() were 1:1 identical after the change
in r186528. Rename to ipsec_setspidx_inpcb() and remove the
duplicate.

Public functions ipsec[46]_get_policy() were 1:1 identical.
Remove one copy and merge in the factored out code from
ipsec_get_policy() into the other. The public function left
is now called ipsec_get_policy() and callers were adapted.

Public functions ipsec[46]_set_policy() were 1:1 identical.
Rename file local ipsec_set_policy() function to
ipsec_set_policy_internal().
Remove one copy of the public functions, rename the other
to ipsec_set_policy() and adapt callers.

Public functions ipsec[46]_hdrsiz() were logically identical
(ignoring one questionable assert in the v6 version).
Rename the file local ipsec_hdrsiz() to ipsec_hdrsiz_internal(),
the public function to ipsec_hdrsiz(), remove the duplicate
copy and adapt the callers.
The v6 version had been unused anyway. Cleanup comments.

Public functions ipsec[46]_in_reject() were logically identical
apart from statistics. Move the common code into a file local
ipsec46_in_reject() leaving vimage+statistics in small AF specific
wrapper functions. Note: unfortunately we already have a public
ipsec_in_reject().

Reviewed by:	sam
Discussed with:	rwatson (renaming to *_internal)
MFC after:	26 days
X-MFC:		keep wrapper functions for public symbols?
2009-02-08 09:27:07 +00:00
Paolo Pisati
e13710afbd Silent LINT: add 2 stubs (update_crc32 and sctp_finalize_crc32) to fix LIBALIAS + SCTP_NO_CSUM case. 2009-02-08 03:03:55 +00:00
Paolo Pisati
37ce2656ec Add SCTP NAT support.
Submitted by: CAIA (http://caia.swin.edu.au)
2009-02-07 18:49:42 +00:00
Jamie Gritton
7c2f3cb964 Remove redundant calls of prison_local_ip4 in in_pcbbind_setup, and of
prison_local_ip6 in in6_pcbbind.

Approved by:	bz (mentor)
2009-02-05 14:25:53 +00:00
Jamie Gritton
b89e82dd87 Standardize the various prison_foo_ip[46] functions and prison_if to
return zero on success and an error code otherwise.  The possible errors
are EADDRNOTAVAIL if an address being checked for doesn't match the
prison, and EAFNOSUPPORT if the prison doesn't have any addresses in
that address family.  For most callers of these functions, use the
returned error code instead of e.g. a hard-coded EADDRNOTAVAIL or
EINVAL.

Always include a jailed() check in these functions, where a non-jailed
cred always returns success (and makes no changes).  Remove the explicit
jailed() checks that preceded many of the function calls.

Approved by:	bz (mentor)
2009-02-05 14:06:09 +00:00
Randall Stewart
be27fdd0c4 LOR fix - Lock only when calling the actual code that
is messing with the UDP tunnel. This means
          that if two users actually tried to change the
          tunnel port at the same time interesting things COULD
          result, but its probably very unlikely to happen :-)
2009-02-03 20:33:28 +00:00
Randall Stewart
a99b67833a - Cleanup checksum code.
- Prepare for CRC offloading, add MIB counters (RS/MT).
- Bugfix: Disable CRC computation for IPv6 addresses with local scope (MT).
- Bugfix: Handle close() with SO_LINGER correctly when notifications
          are generated during the close() call(MT).
- Bugfix: Generate DRY event when sender is dry during subscription.
          Only for 1-to-1 style sockets (RS/MT)
- Bugfix: Put vtags for the correct amount of time into time-wait (MT).
- Bugfix: Clear vtag entries correctly on expiration (MT).
- Bugfix: shutdown() indicates ENOTCONN when called for unconnected
          1-to-1 style sockets (MT).
- Bugfix: In sctp Auth code (PL).
- Add support for devices that support SCTP csum offload (igb).
- Add missing sctp_associd to mib sysctl xsctp_tcb structure (RS)
Obtained from:	With help from Peter Lei and Michael Tuexen
2009-02-03 11:04:03 +00:00
Randall Stewart
2f4afd2125 Adds support for SCTP checksum offload. This means
we, like TCP and UDP, move the checksum calculation
into the IP routines when there is no hardware support
we call into the normal SCTP checksum routine.

The next round of SCTP updates will use
this functionality. Of course the IGB driver needs
a few updates to support the new intel controller set
that actually does SCTP csum offload too.

Reviewed by:	gnn, rwatson, kmacy
2009-02-03 11:00:43 +00:00
Luigi Rizzo
6e152a7539 initialize a couple of variables, gcc 4.2.4-4 (linux) reports
some possible uninitialized uses and the warning does make sense.
2009-01-28 13:39:01 +00:00
Luigi Rizzo
36cb0db476 For some reason (probably dating ages ago) an #ifdef SYSCTL_NODE / #endif
section included a lot of stuff that did not belong there.
So split the block in multiple components each around the relevant stuff.

This said, I wonder if building a kernel where SYSCTL_NODE is not
defined is supported at all.

Submitted by:	Marta Carbone
2009-01-28 13:11:22 +00:00
Bjoern A. Zeeb
1cecba0fcd For consistency with prison_{local,remote,check}_ipN rename
prison_getipN to prison_get_ipN.

Submitted by:	jamie (as part of a larger patch)
MFC after:	1 week
2009-01-25 10:11:58 +00:00
Bjoern A. Zeeb
de4fbddd5b Add externs to fix build with VIMAGE_GLOBALS after r187289. 2009-01-22 10:29:09 +00:00
Sam Leffler
cbd1844537 remove too noisy DIAGNOSTIC code
Reviewed by:	qingli
2009-01-18 07:20:02 +00:00
Paolo Pisati
dd14bc5dca Silent userland warnings about missing prototypes.
Submitted by:	Roman Divacky <rdivacky@freebsd.org>
2009-01-15 19:35:23 +00:00
Lawrence Stewart
24cb0f2232 Add TCP Appropriate Byte Counting (RFC 3465) support to kernel.
The new behaviour is on by default, and can be disabled by setting the
net.inet.tcp.rfc3465 sysctl to 0 to obtain previous behaviour.

The patch changes struct tcpcb in sys/netinet/tcp_var.h which breaks
the ABI. Bump __FreeBSD_version to 800061 accordingly. User space tools
that rely on the size of struct tcpcb (e.g. sockstat) need to be recompiled.

Reviewed by:	rpaulo, gnn
Approved by:	gnn, kmacy (mentors)
Sponsored by:	FreeBSD Foundation
2009-01-15 06:44:22 +00:00
Robert Watson
87e0451806 Since we allow conditional allocation of labels on syncache entries,
remove historic assertion that labels are always present.
2009-01-11 20:01:43 +00:00
Bjoern A. Zeeb
813dd6ae5e Restrict arp, ndp and theoretically the FIB listing (if not
read with libkvm) to the addresses of a prison, when inside a
jail. [1]
As the patch from the PR was pre-'new-arp', add checks to the
llt_dump handlers as well.

While touching RTM_GET in route_output(), consistently use
curthread credentials rather than the creds from the socket
there. [2]

PR:		kern/68189
Submitted by:	Mark Delany <sxcg2-fuwxj@qmda.emu.st> [1]
Discussed with:	rwatson [2]
Reviewed by:	rwatson
MFC after:	4 weeks
2009-01-09 21:57:49 +00:00