Commit Graph

3835 Commits

Author SHA1 Message Date
ed
8c6bb486b8 Don't use struct timezone.
The timezone structure acquired by gettimeofday() is not used at all.
Just remove it.
2010-08-08 02:51:32 +00:00
tuexen
37e30c9a93 Fix a bug where endpoints bound to wildcard addresses where
using addresses not announced to the peer due to address
scoping.

MFC after: 3 weeks
2010-08-05 16:52:13 +00:00
tuexen
0d1656677f Cleanup code.
MFC after: 2 weeks
2010-08-01 08:06:59 +00:00
bz
b6078715a1 Document the mandatory argument to the arptimer() and
nd6_llinfo_timer() functions with a KASSERT().
Note: there is no need to return after panic.

In the legacy IP case, only assign the arg after the check,
in the IPv6 case, remove the extra checks for the table and
interface as they have to be there unless we freed and forgot
to cancel the timer.  It doesn't matter anyway as we would
panic on the NULL pointer deref immediately and the bug is
elsewhere.
This unifies the code of both address families to some extend.

Reviewed by:	rwatson
MFC after:	6 days
2010-07-31 21:33:18 +00:00
bz
f5ec1d3118 MFp4 @181628:
Free the rtentry after we diconnected it from the FIB and are counting
it as rttrash.  There might still be a chance we leak it from a different
code path but there is nothing we can do about this here.

Sponsored by:	ISPsystem (in February)
Reviewed by:	julian (in February)
MFC after:	2 weeks
2010-07-31 15:31:23 +00:00
andre
92e9dbc518 Fix a bug in syncache where the initial CWND for new incoming connections
was limited to one segment under the faulty assumption of a retransmit.
Due to this the opportunity to initialize the increased congestion window
according to RFC3390 was missed.

Support for RFC3465 introduced in r187289 uncovered the bug as the ACK
to SYN/ACK no longer caused snd_cwnd increase by MSS (actually, this
increase shouldn't happen as it's explicitly forbidden by RFC3390, but
it's another issue).  Snd_cwnd remains really small (1*MSS + 1) and this
causes really bad interaction with delayed acks on other side.

The variable name sc_rxmits is a bit misleading as it counts all transmits,
not just retransmits.

Submitted by:	Maxim Dounin <mdounin-at-mdounin-dot-ru>
MFC after:	10 days
2010-07-30 21:45:53 +00:00
rrs
9ce81bb370 Fix the comment block that has the nice
table to really have the nice table :-)

MFC after:	1 month
2010-07-29 12:01:59 +00:00
rrs
c9a735e2e7 PR SCTP Bugs. Basically a full sized frame of
PR SCTP FWD-TSN's would not be sent and thus
cause a stalled connection. Also the rwnd
Calculation was also off on the receiver side for
PR-SCTP.
MFC after:	1 month
2010-07-29 11:37:04 +00:00
glebius
e3569a1c39 Fix operation of "netgraph" action in conjunction with the
net.inet.ip.fw.one_pass sysctl.

The "ngtee" action is still broken.

PR:		kern/148885
Submitted by:	Nickolay Dudorov <nnd mail.nsk.ru>
2010-07-27 14:26:34 +00:00
tuexen
73cd4d05d7 Fix a bug where the length of a FORWARD-TSN chunk was set incorrectly in
the chunk. This resulted in malformed frames.
Remove a duplicate assignment.

MFC after: 2 weeks
2010-07-26 09:26:55 +00:00
rrs
88ff5f0e8c Make sure that we report chunks if a socket
still exists that were not sent. In either
case carefully remove the data if it does not
get taken by the reporting routines.

MFC after:	2 weeks
2010-07-26 09:22:52 +00:00
rrs
aaaecc4100 When counting the number of chunks in the
retransmission queue to validate the retran count, we
need to include the chunks in the control send queue
too. Otherwise the count will not match and you will get
the invarient warning if invarients are on.

MFC after:	2 weeks
2010-07-26 09:20:55 +00:00
lstewart
5ceb2800a8 - Move common code from the hook functions that fills in a packet node struct to
a separate inline function. This further reduces duplicate code that didn't
  have a good reason to stay as it was.

- Reorder the malloc of a pkt_node struct in the hook functions such that it
  only occurs if we managed to find a usable tcpcb associated with the packet.

- Make the inp_locally_locked variable's type consistent with the prototype of
  siftr_siftdata().

Sponsored by:	FreeBSD Foundation
2010-07-18 05:09:10 +00:00
imp
f3d5713b33 machine/cpu.h isn't appropriate for this file,so remove it 2010-07-16 06:32:38 +00:00
luigi
d4cce5f67b remove some conditional #ifdefs (no-op on FreeBSD);
run the timer routine on cpu 0.
2010-07-15 14:43:12 +00:00
luigi
a5495755be whitespace fixes 2010-07-15 14:37:59 +00:00
luigi
ac58b5a902 fix a comment and final empty line 2010-07-15 14:37:02 +00:00
lstewart
424aa3c6cc The SIFTR DPCPU statistics struct was not being zeroed between enable/disable
cycles so the values would accumulate rather than reset for each cycle.

Sponsored by:	FreeBSD Foundation
2010-07-13 08:23:46 +00:00
lstewart
42577db2a7 Catch up with the rename of DPCPU_SUM to DPCPU_VARSUM in r209978.
Sponsored by:	FreeBSD Foundation
2010-07-13 07:00:57 +00:00
glebius
f8bdee95a4 Improve last commit: use bpf_mtap2() to avoiding stack usage.
Prodded by:	julian
2010-07-09 11:27:33 +00:00
glebius
1794f86429 Since r209216 bpf(4) searches for mbuf_tags(9) and thus will not work with
a stub m_hdr instead of a full mbuf.

PR:		kern/148050
2010-07-08 13:07:40 +00:00
rrs
3df3564f93 This fixes a crash in SCTP. It was possible to have a
large number of packets queued to a crashing process.
In a specific case you may get 2 ABORT's back (from
say two packets in flight). If the aborts happened to
be processed at the same time its possible to have
one free the association while the other is trying
to report all the outbound packets. When this occured
it could lead to a crash.

MFC after:	3 days
2010-07-03 14:03:31 +00:00
lstewart
0020254d59 Import the Statistical Information For TCP Research (SIFTR) kernel module into
FreeBSD. SIFTR logs a range of statistics on active TCP connections to a log
file, providing the ability to make highly granular measurements of TCP
connection state. The tool is aimed at system administrators, developers and
researchers alike. Please take it for a spin and test it out - the man page
should have all the information required to get you going.

Many thanks go to the Cisco University Research Program Fund at Community
Foundation Silicon Valley and the FreeBSD Foundation. Their support of our work
at the Centre for Advanced Internet Architectures, Swinburne University of
Technology is greatly appreciated.

Sponsored by:	Cisco URP, FreeBSD Foundation
Reviewed by:	dwmalone, gnn, rpaulo
Tested by:	Many on freebsd-current@ and elsewhere over the years
MFC after:	1 month
2010-07-03 13:32:39 +00:00
rrs
11fb300be8 Fix a bug that WILL cause a panic. Basically
a read-lock is being called to check the vtag-timewait cache.
Then in two cases (where a vtag is bad i.e. in the time-wait
state) the write-unlock is called NOT the read-unlock. Under
conditions where lots of associations are coming and going
this will cause the system to panic at some point.

MFC after:	3 days
2010-07-02 09:53:26 +00:00
glebius
828edb743f After processing the O_SKIPTO opcode our cmd points to the next rule, and
"match" processing at the end of inner loop would look ahead into the next
rule, which is incorrect. Particularly, in the case when the next rule
started with F_NOT opcode it was skipped blindly.

To fix this, exit the inner loop with the continue operator forcibly and
explicitly.

PR:		kern/147798
2010-06-29 16:57:30 +00:00
tuexen
c7638bc895 Fix a bug I introduced in r209470.
MFC after: 3 days
2010-06-24 07:43:25 +00:00
tuexen
91e46c89d1 * Implement sctp_does_stcb_own_this_addr() correclty. It was taking the
wrong side into account.
* sctp_findassociation_ep_addr() must check the local address if available.
This fixes a bug where ABORT chunks were accepted even in the case where
the local was not owned by the endpoint.
Thanks to brucec for pointing out a bug in my first version of the fix.
MFC after: 3 days
2010-06-23 15:19:07 +00:00
tuexen
de5b3a7add Fix a rece condition in the shutdown handling.
The race condition resulted in a panic.

MFC after: 3 days
2010-06-18 09:01:44 +00:00
tuexen
9afd287a77 * Fix a bug where the length of the ASCONF-ACK was calculated wrong due
to using an uninitialized variable.
* Fix a bug where a NULL pointer was dereferenced when interfaces
  come and go at a high rate.
* Fix a bug where inps where not deregistered from iterators.
* Fix a race condition in freeing an association.
* Fix a refcount problem related to the iterator.
Each of the above bug results in a panic. It shows up when
interfaces come and go at a high rate.

Obtained from: rrs (partly)
MFC after: 3 days
2010-06-14 21:25:07 +00:00
rrs
cd4e0b719a 3 Fixes -
a) There was a case where a ICMP message could cause
   us to return leaving a stuck lock on an stcb.
b) The iterator needed some tweaks to fix its lock
   ordering.
c) The ITERATOR_LOCK is no longer needed in the freeing
   of a stcb. Now that the timer based one is gone we don't
   have a multiple resume situation. Add to that that there
   was somewhere a path out of the freeing of an assoc that
   did NOT release the iterator_lock.. it was time to clean
   this old code up and in the process fix the lock bug.

MFC after:	1 week
2010-06-11 03:54:00 +00:00
rrs
ad17d8ebf0 Found by Michael. In cases where we run
out of memory (no more inp space) we don't
propely NULL the INP on return.

Obtained from:	tuexen
MFC after:	3 Days
2010-06-09 22:05:29 +00:00
rrs
73f9a7ebf6 Fix serveral bugs all having to do with freeing an
sctp_inpcb:
1) Make sure not to remove the flag on the PCB until
   after the close() caller is back in control with the
   lock. Otherwise a quickly freeing assoc could kill the
   inpcb and cause a panic.

2) Make sure all calls to log_closing have not released
   the locks before calling the log function, we don't
   want the logging function to crash us due to a freed
   inpcb.

3) Make sure that when we get to the end, we release all
   locks (after removing them from view) and as long as
   we are NOT the inp-kill timer removing the inp, call
   the callout_drain() function so a racing timer won't
   later call in and cause a racing crash.
MFC after:	1 week
2010-06-09 16:42:42 +00:00
rrs
d1171df905 BUG:Turns out we need to use both bit maps
to calculate the cum-ack (we were not doing
it for the NR-Sack case). With this fix
NR-sack should now work correctly.
MFC after:	1 week
2010-06-09 16:39:18 +00:00
rrs
8bbbdc4764 2 Bugs:
1) Only use both mapping arrays when NR sack is off. This
   way we can hold off moving the cumack (not the best but
   workable) when NR-sack is on.

2) We must make sure to just return on the move of the
   bit to the NR array if the cum-ack as already went
   past the TSN. This prevents marking a bit behind the
   array and hitting the invariant code that panic's us.

MFC after:	1 week
2010-06-08 03:39:31 +00:00
rrs
79f1540a6e This fixes a BUG in the handling of the cum-ack calculation.
We were only paying attention to the nr-mapping-array. Which
seems to make sense on the surface, by definition things
up to the cum-ack should be deliverable thus in the nr-mapping-array.
However (there is always a gotcha) thats not true when it
comes to large messages. The stack may hold the message
while re-assembling it not not deliver it based on several
thresholds. If that happens (which it would for smaller
large messages) then the cum-ack is figured wrong. We
now properly use both arrays in the cum-ack calculation.

MFC after:	1 week.
2010-06-07 18:29:10 +00:00
rrs
259851f89c Opps... my bad.. we don't need a SOCK_UNLOCK() after
calling socantrcvmore_locked() since it will unlock
the lock for you.

MFC after:	1 week
2010-06-07 11:33:20 +00:00
rrs
de042002c0 Fix so we call socantrcvmore_locked so we
don't see a race where we unlock to call
the non-locked version and have the socket
go away.

MFC after:	1 week
2010-06-07 04:01:38 +00:00
rrs
3bcf4834bb 1) Optimize the cleanup and don't always depend on
the timer. This is done by considering the locks
   we will destroy and if they are contended we consider
   it the same as a reference count being up. Fixing this
   appears to cleanup another crash that was appearing with
   all the timers where the socket buf lock got corrupted.

2) Fix the sysctl code to take a lot more care when looking
   at INP's that are in the GONE or ALLGONE state.

MFC after:	1 week
2010-06-06 20:34:17 +00:00
rrs
6bf375889d Ok, yet another bug in killing off all the hundreds
of apitesters.. Basically we end up with attempting
to destroy a lock thats contended on. A cookie echo
arrives at the same time that the close is happening.
The close gets the lock but the cookie echo has already
passed the check for the gone flag and is then locked
waiting on the create lock.. when we go to destroy it
bam. For now we do the timer destroy for all calls
to close.. We can probably optimize this later so that
we check whats being contended on and if there is contention
then do the timer thing. but this is probably safest since
the inp has been removed from all lists and references and
only the timer can find it.. once the locks are released all
other places will instantly see the GONE flag and bail (thats
what the change in sctp_input is one place that was lacking
the bail code).

MFC after:	1 week
2010-06-06 19:24:32 +00:00
rrs
e9703449d0 1) Further enhance the INVARIANT lock validation (no locks) are
held by checking the create and inp locks as well.

2) Fix a bug in that when a socket is closed an INIT-ACK
   is returned, we do NOT unlock the locked_tcb unless its
   different (an unlikely scenario). If we blindly unlock as
   we were doing before we can end up unlocking the actual
   stcb thats about to be sent down to the free function which
   requires the lock be held.

MFC after:	1 week
2010-06-06 16:11:16 +00:00
rrs
aaa6b56e3f Fix a bug in the sctp_inpcb_free. Basically if the socket
was setup to do an abortive close an association that was
in the accept_queue could get stuck and never freed. Now
we properly start the kill timer on the socket and turn
off the flag (same thing we do for the graceful close method).
MFC after:	1 week
2010-06-06 16:09:12 +00:00
rrs
54047d0058 Fix a bug in sctp_abort_assoc(). DON'T call the sctp_inpcb_free
when the gone flag is set. You don't know what locks the
caller has set and there is already a kill timer running.

MFC after:	1 week
2010-06-06 16:07:40 +00:00
rrs
13d687dbf6 Hopefully this fixes a LOR by making
so we only hold the iterator lock during
updates to the iterators work.

MFC after:	1 week
2010-06-06 02:33:46 +00:00
rrs
923bc21fb4 Bruce's fix for some return's in
error legs.

MFC after:	1 week
2010-06-06 02:32:20 +00:00
rrs
28122090a3 Purge out a Windows def that somehow slipped
past the scrubber.

MFC after:	1 Week
2010-06-05 21:39:52 +00:00
rrs
246b12c936 Spacing issues
MFC after:	1 Week
2010-06-05 21:33:16 +00:00
rrs
c4f6e9b730 This change does the following:
1) Fix the alignment of a comment.
2) Fix a BUG where we were NOT paying attention
   to the RESEND marking on retransmitting control
   chunks.. and worse we were not decrementing the
   retran count that could cause us to loop forever.
3) Add in the valdiate_no_lock function on invariants
   so that we will really check all ways out to be sure
   a lock does not slip out locked.

MFC after:	1 week.
2010-06-05 21:27:43 +00:00
rrs
5a1c7d3374 Use the proper increment macro when increasing the
number on sent_queue_retran_cnt.

MFC after:	1 week
2010-06-05 21:22:58 +00:00
rrs
24eae4311a This does two changes:
1) Makes it so that the INVARIANT function validate nolocks is
   available anywhere.
2) Fixes a BUG where a close has been done on a collision socket
   and the cookie processing would return leaving a lock held.
MFC after:	1 week
2010-06-05 21:20:28 +00:00
rrs
7d3c46ab4c This fixes a bug in the close up of a socket that
had un-accepted assoc's. Basically the assoc (and inp)
would get stuck and never get cleaned up.

MFC after:	1 week
2010-06-05 21:17:23 +00:00