| Age | Commit message (Collapse) | Author |
|---|
|
code and replace both with a RFC1948 based method, so TCP clients
now have monotonic ISN/timestamps. The server side uses completely
random ISN/timestamps and does time-wait recycling (on port reuse).
ok djm@, mcbride@; thanks to lots of testers
|
|
not get build. the code looks at flags that used to be in mbuf tags, now
they are in the mbuf header, so we can check them unconditionally.
problem spotted by Daniel Roethlisberger <daniel@roe.ch>, ok ryan markus
|
|
we need a pointer to the inpcb to decide, which was not previously
passed to ip6_output, so this diff is a little bigger.
from itojun, ok ryan
|
|
|
|
ok reyk@
|
|
acked bytes and update the window accordingly
fix PR4278
OK henning@ markus@ claudio@
|
|
|
|
|
|
when sending the synack response. ok markus
|
|
this unbreaks TCP for high RTT (~3s); ok mcbride@
|
|
This is for RFC3682 aka the TTL security hack - sender sets TTL to 255,
receiver checks no router on the way (or, no more than expected) reduced
the TTL. carp uses that technique already.
modeled after FreeBSD implementation.
ok claudio djm deraadt
|
|
|
|
ok claudio, henning, brad, djm, tedu
|
|
data immediately. otherwise we would ignore RST for delayed acks;
ok deraadt, dhartmei
|
|
|
|
with both sack and md5 options in SYN.
|
|
in the data part for the data from the previously distinct tags.
look up the tag early and carry a pointer to it around.
makes the code easier and saves some tag lookups and thus helps performance,
as proven by tests run by Schberle Dniel <Schoeberle.Daniel@aamtech.hu>
Initially hacked up somewhere over the atlantic ocean in an A330
early testing reyk and moritz, "put it in" theo
|
|
cf FreeBSD-SA-05:15.tcp; ok claudio, mcbride
|
|
ok henning claudio fgsch krw
|
|
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
i.e. don't act on ICMP-need-frag immediately if adhoc checks on the
advertised mtu fail. the mtu update is delayed until a tcp retransmit
happens. initial patch by Fernando Gont, tested by many.
|
|
ok krw@ canacar@
|
|
|
|
|
|
1. set rcv_laststart/rcv_lastend after checking the tcp window
2. pass rcv_laststart and rcv_lastend on the stack (shrink tcp state)
ok henning, djm
|
|
- limit pool to tcp_sackhole_limit entries (sysctl-able)
- stop sack option processing on pool_get errors
- use SEQ_MIN/SEQ_MAX
ok henning, hshoexer, deraadt
|
|
while t_rtt was 1-based), update callers
2. define and use TCP_RTT_BASE_SHIFT instead of the hardcoded 2.
3. add missing shifts when t_srtt/t_rttvar are used.
4. update the comments: t_srtt uses 5 bits of fraction (not 3)
and t_rttvar uses 4 bits
5. remove obsolete/unused macros TCP_RTT_SCALE and TCP_RTTVAR_SCALE
6. make sure rttmin is not > TCPTV_REXMTMAX
parts from netbsd, ok mcbride, henning
|
|
- Ignore ts_ecr if it is 0, or the resulting rtt is out of range.
(use tp->t_rtttime instead)
- Initialise tcp_now to 1, to avoid the 500ms window where a valid ts_ecr
of 0 could be ignored.
- Convert out-of-range rtt values to valid ones in tcp_xmit_timer().
ok frantzen@ markus@
|
|
|
|
|
|
1) add a reaper for TCP and SYN cache states (cf. netbsd pr 20390)
2) additional check for TCP_TIMER_ISARMED(TCPT_REXMT) in tcp_timer_persist()
with mickey@; ok deraadt@
|
|
ok markus@ frantzen@
|
|
ok dhartmei markus claudio henning mcbride ...
|
|
2mss on the server side, and 1mss on the client.
|
|
|
|
mtod(m), since the previous IP6_EXTHDR_GET() only guarantees this part
to be continuous. Report from Andreas Bartelt. ok markus@, itojun@
|
|
|
|
|
|
fixes tcp corruption on rl(4); ok itojun, cedric
|
|
|
|
report and test by mpf@
|
|
This moves md5.c out of libkern and into sys/crypto where it belongs (as
requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it).
Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
|
table from these metrics. struct rt_msghdr used by the routing socket is not
affected and so most userland apps don't need to be changed.
some man page polishing by jmc@
OK henning@ markus@ theo@
|
|
interface MTU.
- break a tcp_output() -> tcp_mtudisc() -> tcp_output() infinite recursion
when the TCP mss ends up larger than the interface MTU (when the if_mtu is
smaller than the tcp header). connections will still stall
feedback from itojun@, claudio@ and provos and testing from beck@
|
|
|
|
ok markus
|
|
simplify some of the codepath by using IP6_EXTHDR_GET. markus ok
|
|
|
|
for tcps_rcvacktoomuch, too; drop very old ACKs; ok deraadt@
|
|
|
|
|
