Age | Commit message (Collapse) | Author |
|
move them to the corresponding header with an appropriate comment if
necessary.
ok guenther@
|
|
behaves as if SO_KEEPALIVE was set on all TCP sockets, forcing keepalives
to be sent every net.inet.tcp.keepidle half-seconds.
In conjunction with a keepidle value greatly reduced from the default,
this can be useful for keeping sessions open if you are stuck on a network
with short NAT or firewall timeouts.
Feedback from various people, ok henning@ claudio@
|
|
The data received on the source socket will automatically be sent
on the drain socket. This allows to write relay daemons with zero
data copy.
ok markus@
|
|
No binary change.
ok claudio@ henning@
|
|
Send buffer is scaled by not accounting unacknowledged on the wire
data against the buffer limit. Receive buffer scaling is done similar
to FreeBSD -- measure the delay * bandwith product and base the
buffer on that. The problem is that our RTT measurment is coarse
so it overshoots on low delay links. This does not matter that much
since the recvbuffer is almost always empty.
Add a back pressure mechanism to control the amount of memory
assigned to socketbuffers that kicks in when 80% of the cluster
pool is used.
Increases the download speed from 300kB/s to 4.4MB/s on ftp.eu.openbsd.org.
Based on work by markus@ and djm@.
OK dlg@, henning@, put it in deraadt@
|
|
This allows to run isakmpd/iked/ipsecctl in multiple rdomains
independently (with "route exec"); the kernel will pickup the rdomain
from the process context of the pfkey socket and load the flows and
SAs into the matching rdomain encap routing table. The network stack
also needs to pass the rdomain to the ipsec stack to lookup the
correct rdomain that belongs to an interface/mbuf/... You can now run
individual IPsec configs per rdomain or create IPsec VPNs between
multiple rdomains on the same machine ;). Note that a primary enc(4)
in addition to enc0 interface is required per rdomain, eg. enc1 rdomain 1.
Test by some people, mostly on existing "rdomain 0" setups. Was in
snaps for some days and people didn't complain.
ok claudio@ naddy@
|
|
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.
Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.
Written by claudio@, criticized^Wcritiqued by me
|
|
needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@
|
|
therefore. Inherit the rdomain through the syncache.
There are some interactions that need some more work (ctlinput) so this
can be improved but is good enough for now.
OK markus@
|
|
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
|
|
ok deraadt@ otto@
|
|
take a proc argument, theres no need for these, since
they are just wrappers.
OK claudio@
|
|
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.
OK markus@, blambert@.
"go ahead" deraadt@.
Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.
|
|
|
|
|
|
relying on the mbuf chain layout; with claudio@ and krw@; ok henning@
|
|
change netstat to use them instead of accessing kvm for it. more
protocols will be added later.
discussed with deraadt@ claudio@ gilles@
ok deraadt@
|
|
|
|
code and replace both with a RFC1948 based method, so TCP clients
now have monotonic ISN/timestamps. The server side uses completely
random ISN/timestamps and does time-wait recycling (on port reuse).
ok djm@, mcbride@; thanks to lots of testers
|
|
|
|
|
|
ok henning@
|
|
|
|
ok henning claudio fgsch krw
|
|
|
|
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
i.e. don't act on ICMP-need-frag immediately if adhoc checks on the
advertised mtu fail. the mtu update is delayed until a tcp retransmit
happens. initial patch by Fernando Gont, tested by many.
|
|
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html)
ok markus frantzen
|
|
|
|
1. set rcv_laststart/rcv_lastend after checking the tcp window
2. pass rcv_laststart and rcv_lastend on the stack (shrink tcp state)
ok henning, djm
|
|
- limit pool to tcp_sackhole_limit entries (sysctl-able)
- stop sack option processing on pool_get errors
- use SEQ_MIN/SEQ_MAX
ok henning, hshoexer, deraadt
|
|
while t_rtt was 1-based), update callers
2. define and use TCP_RTT_BASE_SHIFT instead of the hardcoded 2.
3. add missing shifts when t_srtt/t_rttvar are used.
4. update the comments: t_srtt uses 5 bits of fraction (not 3)
and t_rttvar uses 4 bits
5. remove obsolete/unused macros TCP_RTT_SCALE and TCP_RTTVAR_SCALE
6. make sure rttmin is not > TCPTV_REXMTMAX
parts from netbsd, ok mcbride, henning
|
|
- Ignore ts_ecr if it is 0, or the resulting rtt is out of range.
(use tp->t_rtttime instead)
- Initialise tcp_now to 1, to avoid the 500ms window where a valid ts_ecr
of 0 could be ignored.
- Convert out-of-range rtt values to valid ones in tcp_xmit_timer().
ok frantzen@ markus@
|
|
1) add a reaper for TCP and SYN cache states (cf. netbsd pr 20390)
2) additional check for TCP_TIMER_ISARMED(TCPT_REXMT) in tcp_timer_persist()
with mickey@; ok deraadt@
|
|
ok markus@ frantzen@
|
|
TF_LASTIDLE across invocations of tcp_output (from freebsd);
ok mcbride
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
and make it compile (does not work yet); ok deraadt@
|
|
|
|
http://www.kohala.com/start/borman.97jun06.txt; ok deraadt@, henning@
|
|
>use m_pulldown not m_pullup2. fix some bugs in IPv6 tcp_trace().
PR 3283 fixed (confirmed)
|