2009-05-27 21:41:03 +04:00
|
|
|
/* $NetBSD: tcp_var.h,v 1.160 2009/05/27 17:41:03 pooka Exp $ */
|
1999-07-01 12:12:45 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
|
|
|
* All rights reserved.
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
1999-07-01 12:12:45 +04:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the name of the project nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
1999-07-01 12:12:45 +04:00
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
1998-02-19 05:36:42 +03:00
|
|
|
|
2002-01-24 05:12:29 +03:00
|
|
|
/*
|
|
|
|
* @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
2002-01-24 05:12:29 +03:00
|
|
|
* NRL grants permission for redistribution and use in source and binary
|
|
|
|
* forms, with or without modification, of the software and documentation
|
|
|
|
* created at NRL provided that the following conditions are met:
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
2002-01-24 05:12:29 +03:00
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
* must display the following acknowledgements:
|
|
|
|
* This product includes software developed by the University of
|
|
|
|
* California, Berkeley and its contributors.
|
|
|
|
* This product includes software developed at the Information
|
|
|
|
* Technology Division, US Naval Research Laboratory.
|
|
|
|
* 4. Neither the name of the NRL nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
2002-01-24 05:12:29 +03:00
|
|
|
* THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
|
|
|
|
* IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
|
|
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
|
|
|
|
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
|
|
|
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
|
|
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
|
|
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
|
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
|
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
2002-01-24 05:12:29 +03:00
|
|
|
* The views and conclusions contained in the software and documentation
|
|
|
|
* are those of the authors and should not be interpreted as representing
|
|
|
|
* official policies, either expressed or implied, of the US Naval
|
|
|
|
* Research Laboratory (NRL).
|
|
|
|
*/
|
|
|
|
|
1998-02-19 05:36:42 +03:00
|
|
|
/*-
|
2005-03-02 13:20:18 +03:00
|
|
|
* Copyright (c) 1997, 1998, 1999, 2001, 2005 The NetBSD Foundation, Inc.
|
1998-02-19 05:36:42 +03:00
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* This code is derived from software contributed to The NetBSD Foundation
|
|
|
|
* by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
|
|
|
|
* NASA Ames Research Center.
|
2005-03-02 13:20:18 +03:00
|
|
|
* This code is derived from software contributed to The NetBSD Foundation
|
|
|
|
* by Charles M. Hannum.
|
1998-02-19 05:36:42 +03:00
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
|
|
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*/
|
1994-06-29 10:29:24 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
1998-01-05 13:31:44 +03:00
|
|
|
* Copyright (c) 1982, 1986, 1993, 1994, 1995
|
1994-05-13 10:02:48 +04:00
|
|
|
* The Regents of the University of California. All rights reserved.
|
1993-03-21 12:45:37 +03:00
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2003-08-07 20:26:28 +04:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
1993-03-21 12:45:37 +03:00
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
1998-01-05 13:31:44 +03:00
|
|
|
* @(#)tcp_var.h 8.4 (Berkeley) 5/24/95
|
1993-03-21 12:45:37 +03:00
|
|
|
*/
|
|
|
|
|
1998-02-10 04:26:19 +03:00
|
|
|
#ifndef _NETINET_TCP_VAR_H_
|
|
|
|
#define _NETINET_TCP_VAR_H_
|
|
|
|
|
2001-05-30 15:57:16 +04:00
|
|
|
#if defined(_KERNEL_OPT)
|
1999-07-10 03:41:16 +04:00
|
|
|
#include "opt_inet.h"
|
2003-06-23 15:00:59 +04:00
|
|
|
#include "opt_mbuftrace.h"
|
2006-10-16 22:13:56 +04:00
|
|
|
#include "rnd.h"
|
1999-07-31 22:41:15 +04:00
|
|
|
#endif
|
1999-07-10 03:41:16 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Kernel variables for tcp.
|
|
|
|
*/
|
|
|
|
|
2001-09-10 08:24:24 +04:00
|
|
|
#include <sys/callout.h>
|
|
|
|
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
#ifdef TCP_SIGNATURE
|
|
|
|
/*
|
|
|
|
* Defines which are needed by the xform_tcp module and tcp_[in|out]put
|
|
|
|
* for SADB verification and lookup.
|
|
|
|
*/
|
|
|
|
#define TCP_SIGLEN 16 /* length of computed digest in bytes */
|
|
|
|
#define TCP_KEYLEN_MIN 1 /* minimum length of TCP-MD5 key */
|
|
|
|
#define TCP_KEYLEN_MAX 80 /* maximum length of TCP-MD5 key */
|
|
|
|
/*
|
|
|
|
* Only a single SA per host may be specified at this time. An SPI is
|
|
|
|
* needed in order for the KEY_ALLOCSA() lookup to work.
|
|
|
|
*/
|
|
|
|
#define TCP_SIG_SPI 0x1000
|
|
|
|
#endif /* TCP_SIGNATURE */
|
|
|
|
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
/*
|
|
|
|
* SACK option block.
|
|
|
|
*/
|
|
|
|
struct sackblk {
|
|
|
|
tcp_seq left; /* Left edge of sack block. */
|
|
|
|
tcp_seq right; /* Right edge of sack block. */
|
|
|
|
};
|
|
|
|
|
|
|
|
TAILQ_HEAD(sackhead, sackhole);
|
|
|
|
struct sackhole {
|
|
|
|
tcp_seq start;
|
|
|
|
tcp_seq end;
|
|
|
|
tcp_seq rxmit;
|
|
|
|
|
|
|
|
TAILQ_ENTRY(sackhole) sackhole_q;
|
|
|
|
};
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Tcp control block, one per tcp; fields:
|
|
|
|
*/
|
|
|
|
struct tcpcb {
|
1999-07-01 12:12:45 +04:00
|
|
|
int t_family; /* address family on the wire */
|
1995-11-21 04:07:34 +03:00
|
|
|
struct ipqehead segq; /* sequencing queue */
|
2005-03-16 03:39:56 +03:00
|
|
|
int t_segqlen; /* length of the above */
|
2007-07-10 00:51:58 +04:00
|
|
|
callout_t t_timer[TCPT_NTIMERS];/* tcp timers */
|
1993-03-21 12:45:37 +03:00
|
|
|
short t_state; /* state of this connection */
|
|
|
|
short t_rxtshift; /* log(2) of rexmt exp. backoff */
|
2001-09-10 19:23:09 +04:00
|
|
|
uint32_t t_rxtcur; /* current retransmit value */
|
1993-03-21 12:45:37 +03:00
|
|
|
short t_dupacks; /* consecutive dup acks recd */
|
2005-01-27 06:39:36 +03:00
|
|
|
short t_partialacks; /* partials acks during fast rexmit */
|
1997-11-08 05:35:22 +03:00
|
|
|
u_short t_peermss; /* peer's maximum segment size */
|
1997-09-23 01:49:55 +04:00
|
|
|
u_short t_ourmss; /* our's maximum segment size */
|
1997-11-08 05:35:22 +03:00
|
|
|
u_short t_segsz; /* current segment size in use */
|
1993-03-21 12:45:37 +03:00
|
|
|
char t_force; /* 1 if forcing out a byte */
|
2001-05-27 02:02:57 +04:00
|
|
|
u_int t_flags;
|
1994-05-13 10:02:48 +04:00
|
|
|
#define TF_ACKNOW 0x0001 /* ack peer immediately */
|
|
|
|
#define TF_DELACK 0x0002 /* ack, but try to delay it */
|
|
|
|
#define TF_NODELAY 0x0004 /* don't delay packets to coalesce */
|
|
|
|
#define TF_NOOPT 0x0008 /* don't use tcp options */
|
|
|
|
#define TF_REQ_SCALE 0x0020 /* have/will request window scaling */
|
|
|
|
#define TF_RCVD_SCALE 0x0040 /* other side has requested scaling */
|
|
|
|
#define TF_REQ_TSTMP 0x0080 /* have/will request timestamps */
|
|
|
|
#define TF_RCVD_TSTMP 0x0100 /* a timestamp was received in SYN */
|
|
|
|
#define TF_SACK_PERMIT 0x0200 /* other side said I could SACK */
|
1998-04-01 02:49:09 +04:00
|
|
|
#define TF_SYN_REXMT 0x0400 /* rexmit timer fired on SYN */
|
1998-04-30 00:43:29 +04:00
|
|
|
#define TF_WILL_SACK 0x0800 /* try to use SACK */
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
#define TF_REASSEMBLING 0x1000 /* we're busy reassembling */
|
|
|
|
#define TF_DEAD 0x2000 /* dead and to-be-released */
|
2005-07-19 21:00:02 +04:00
|
|
|
#define TF_PMTUD_PEND 0x4000 /* Path MTU Discovery pending */
|
2006-09-05 04:29:35 +04:00
|
|
|
#define TF_ECN_PERMIT 0x10000 /* other side said is ECN-ready */
|
|
|
|
#define TF_ECN_SND_CWR 0x20000 /* ECN CWR in queue */
|
|
|
|
#define TF_ECN_SND_ECE 0x40000 /* ECN ECE in queue */
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
#define TF_SIGNATURE 0x400000 /* require MD5 digests (RFC2385) */
|
1998-04-30 00:43:29 +04:00
|
|
|
|
1994-05-13 10:02:48 +04:00
|
|
|
|
1999-07-01 12:12:45 +04:00
|
|
|
struct mbuf *t_template; /* skeletal packet for transmit */
|
1993-03-21 12:45:37 +03:00
|
|
|
struct inpcb *t_inpcb; /* back pointer to internet pcb */
|
1999-07-01 12:12:45 +04:00
|
|
|
struct in6pcb *t_in6pcb; /* back pointer to internet pcb */
|
2007-07-10 00:51:58 +04:00
|
|
|
callout_t t_delack_ch; /* delayed ACK callout */
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* The following fields are used as in the protocol specification.
|
2006-07-22 21:39:48 +04:00
|
|
|
* See RFC793, Dec. 1981, page 21.
|
1993-03-21 12:45:37 +03:00
|
|
|
*/
|
|
|
|
/* send sequence variables */
|
|
|
|
tcp_seq snd_una; /* send unacknowledged */
|
|
|
|
tcp_seq snd_nxt; /* send next */
|
|
|
|
tcp_seq snd_up; /* send urgent pointer */
|
|
|
|
tcp_seq snd_wl1; /* window update seg seq number */
|
|
|
|
tcp_seq snd_wl2; /* window update seg ack number */
|
|
|
|
tcp_seq iss; /* initial send sequence number */
|
1994-05-13 10:02:48 +04:00
|
|
|
u_long snd_wnd; /* send window */
|
1998-10-05 01:33:52 +04:00
|
|
|
tcp_seq snd_recover; /* for use in fast recovery */
|
2005-01-27 06:39:36 +03:00
|
|
|
tcp_seq snd_high; /* NewReno false fast rexmit seq */
|
1993-03-21 12:45:37 +03:00
|
|
|
/* receive sequence variables */
|
1994-05-13 10:02:48 +04:00
|
|
|
u_long rcv_wnd; /* receive window */
|
1993-03-21 12:45:37 +03:00
|
|
|
tcp_seq rcv_nxt; /* receive next */
|
|
|
|
tcp_seq rcv_up; /* receive urgent pointer */
|
|
|
|
tcp_seq irs; /* initial receive sequence number */
|
|
|
|
/*
|
|
|
|
* Additional variables for this implementation.
|
|
|
|
*/
|
|
|
|
/* receive variables */
|
|
|
|
tcp_seq rcv_adv; /* advertised window */
|
|
|
|
/* retransmit variables */
|
|
|
|
tcp_seq snd_max; /* highest sequence number sent;
|
|
|
|
* used to recognize retransmits
|
|
|
|
*/
|
|
|
|
/* congestion control (for slow start, source quench, retransmit after loss) */
|
1994-05-13 10:02:48 +04:00
|
|
|
u_long snd_cwnd; /* congestion-controlled window */
|
|
|
|
u_long snd_ssthresh; /* snd_cwnd size threshhold for
|
1993-03-21 12:45:37 +03:00
|
|
|
* for slow start exponential to
|
|
|
|
* linear switch
|
|
|
|
*/
|
2007-08-02 06:42:40 +04:00
|
|
|
/* auto-sizing variables */
|
|
|
|
u_int rfbuf_cnt; /* recv buffer autoscaling byte count */
|
|
|
|
uint32_t rfbuf_ts; /* recv buffer autoscaling timestamp */
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* transmit timing stuff. See below for scale of srtt and rttvar.
|
|
|
|
* "Variance" is actually smoothed difference.
|
|
|
|
*/
|
2001-09-10 19:23:09 +04:00
|
|
|
uint32_t t_rcvtime; /* time last segment received */
|
|
|
|
uint32_t t_rtttime; /* time we started measuring rtt */
|
1993-03-21 12:45:37 +03:00
|
|
|
tcp_seq t_rtseq; /* sequence number being timed */
|
2001-09-10 19:23:09 +04:00
|
|
|
int32_t t_srtt; /* smoothed round-trip time */
|
|
|
|
int32_t t_rttvar; /* variance in round-trip time */
|
|
|
|
uint32_t t_rttmin; /* minimum rtt allowed */
|
1994-05-13 10:02:48 +04:00
|
|
|
u_long max_sndwnd; /* largest window peer has offered */
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
/* out-of-band data */
|
|
|
|
char t_oobflags; /* have some */
|
|
|
|
char t_iobc; /* input character */
|
|
|
|
#define TCPOOB_HAVEDATA 0x01
|
|
|
|
#define TCPOOB_HADDATA 0x02
|
|
|
|
short t_softerror; /* possible error not yet reported */
|
1994-05-13 10:02:48 +04:00
|
|
|
|
|
|
|
/* RFC 1323 variables */
|
|
|
|
u_char snd_scale; /* window scaling for send window */
|
|
|
|
u_char rcv_scale; /* window scaling for recv window */
|
|
|
|
u_char request_r_scale; /* pending window scaling */
|
|
|
|
u_char requested_s_scale;
|
1995-04-13 10:35:38 +04:00
|
|
|
u_int32_t ts_recent; /* timestamp echo data */
|
1998-04-30 00:43:29 +04:00
|
|
|
u_int32_t ts_recent_age; /* when last updated */
|
Two changes, designed to make us even more resilient against TCP
ISS attacks (which we already fend off quite well).
1. First-cut implementation of RFC1948, Steve Bellovin's cryptographic
hash method of generating TCP ISS values. Note, this code is experimental
and disabled by default (experimental enough that I don't export the
variable via sysctl yet, either). There are a couple of issues I'd
like to discuss with Steve, so this code should only be used by people
who really know what they're doing.
2. Per a recent thread on Bugtraq, it's possible to determine a system's
uptime by snooping the RFC1323 TCP timestamp options sent by a host; in
4.4BSD, timestamps are created by incrementing the tcp_now variable
at 2 Hz; there's even a company out there that uses this to determine
web server uptime. According to Newsham's paper "The Problem With
Random Increments", while NetBSD's TCP ISS generation method is much
better than the "random increment" method used by FreeBSD and OpenBSD,
it is still theoretically possible to mount an attack against NetBSD's
method if the attacker knows how many times the tcp_iss_seq variable
has been incremented. By not leaking uptime information, we can make
that much harder to determine. So, we avoid the leak by giving each
TCP connection a timebase of 0.
2001-03-20 23:07:51 +03:00
|
|
|
u_int32_t ts_timebase; /* our timebase */
|
1994-05-13 10:02:48 +04:00
|
|
|
tcp_seq last_ack_sent;
|
|
|
|
|
2006-10-19 15:40:51 +04:00
|
|
|
/* RFC 3465 variables */
|
|
|
|
u_long t_bytes_acked; /* ABC "bytes_acked" parameter */
|
|
|
|
|
1998-04-30 00:43:29 +04:00
|
|
|
/* SACK stuff */
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
#define TCP_SACK_MAX 3
|
|
|
|
#define TCPSACK_NONE 0
|
|
|
|
#define TCPSACK_HAVED 1
|
|
|
|
u_char rcv_sack_flags; /* SACK flags. */
|
|
|
|
struct sackblk rcv_dsack_block; /* RX D-SACK block. */
|
|
|
|
struct ipqehead timeq; /* time sequenced queue. */
|
|
|
|
struct sackhead snd_holes; /* TX SACK holes. */
|
2005-04-05 05:07:17 +04:00
|
|
|
int snd_numholes; /* Number of TX SACK holes. */
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
tcp_seq rcv_lastsack; /* last seq number(+1) sack'd by rcv'r*/
|
|
|
|
tcp_seq sack_newdata; /* New data xmitted in this recovery
|
|
|
|
episode starts at this seq number*/
|
|
|
|
tcp_seq snd_fack; /* FACK TCP. Forward-most data held by
|
|
|
|
peer. */
|
1999-08-25 19:23:12 +04:00
|
|
|
|
|
|
|
/* pointer for syn cache entries*/
|
|
|
|
LIST_HEAD(, syn_cache) t_sc; /* list of entries by this tcb */
|
2003-06-29 22:58:26 +04:00
|
|
|
|
|
|
|
/* prediction of next mbuf when using large window sizes */
|
|
|
|
struct mbuf *t_lastm; /* last mbuf that data was sent from */
|
|
|
|
int t_inoff; /* data offset in previous mbuf */
|
|
|
|
int t_lastoff; /* last data address in mbuf chain */
|
|
|
|
int t_lastlen; /* last length read from mbuf chain */
|
2005-07-19 21:00:02 +04:00
|
|
|
|
|
|
|
/* Path-MTU discovery blackhole detection */
|
|
|
|
int t_mtudisc; /* perform mtudisc for this tcb */
|
|
|
|
/* Path-MTU Discovery Information */
|
|
|
|
u_int t_pmtud_mss_acked; /* MSS acked, lower bound for MTU */
|
|
|
|
u_int t_pmtud_mtu_sent; /* MTU used, upper bound for MTU */
|
|
|
|
tcp_seq t_pmtud_th_seq; /* TCP SEQ from ICMP payload */
|
|
|
|
u_int t_pmtud_nextmtu; /* Advertised Next-Hop MTU from ICMP */
|
|
|
|
u_short t_pmtud_ip_len; /* IP length from ICMP payload */
|
|
|
|
u_short t_pmtud_ip_hl; /* IP header length from ICMP payload */
|
2006-09-05 04:29:35 +04:00
|
|
|
|
|
|
|
uint8_t t_ecn_retries; /* # of ECN setup retries */
|
2006-10-09 20:27:07 +04:00
|
|
|
|
2008-02-29 10:39:17 +03:00
|
|
|
const struct tcp_congctl *t_congctl; /* per TCB congctl algorithm */
|
2007-06-20 19:29:17 +04:00
|
|
|
|
|
|
|
/* Keepalive per socket */
|
|
|
|
u_int t_keepinit;
|
|
|
|
u_int t_keepidle;
|
|
|
|
u_int t_keepintvl;
|
|
|
|
u_int t_keepcnt;
|
|
|
|
u_int t_maxidle; /* t_keepcnt * t_keepintvl */
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
};
|
|
|
|
|
2006-09-05 04:29:35 +04:00
|
|
|
/*
|
|
|
|
* Macros to aid ECN TCP.
|
|
|
|
*/
|
|
|
|
#define TCP_ECN_ALLOWED(tp) (tp->t_flags & TF_ECN_PERMIT)
|
|
|
|
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
/*
|
|
|
|
* Macros to aid SACK/FACK TCP.
|
|
|
|
*/
|
|
|
|
#define TCP_SACK_ENABLED(tp) (tp->t_flags & TF_WILL_SACK)
|
|
|
|
#define TCP_FACK_FASTRECOV(tp) \
|
|
|
|
(TCP_SACK_ENABLED(tp) && \
|
|
|
|
(SEQ_GT(tp->snd_fack, tp->snd_una + tcprexmtthresh * tp->t_segsz)))
|
|
|
|
|
1998-12-19 00:38:02 +03:00
|
|
|
#ifdef _KERNEL
|
|
|
|
/*
|
|
|
|
* TCP reassembly queue locks.
|
|
|
|
*/
|
2006-02-16 23:17:12 +03:00
|
|
|
static __inline int tcp_reass_lock_try (struct tcpcb *)
|
2007-12-25 21:33:32 +03:00
|
|
|
__unused;
|
2006-02-16 23:17:12 +03:00
|
|
|
static __inline void tcp_reass_unlock (struct tcpcb *)
|
2007-12-25 21:33:32 +03:00
|
|
|
__unused;
|
1998-12-19 00:38:02 +03:00
|
|
|
|
2006-02-16 23:17:12 +03:00
|
|
|
static __inline int
|
2008-02-27 22:41:51 +03:00
|
|
|
tcp_reass_lock_try(struct tcpcb *tp)
|
1998-12-19 00:38:02 +03:00
|
|
|
{
|
|
|
|
int s;
|
|
|
|
|
2001-04-14 03:29:55 +04:00
|
|
|
/*
|
|
|
|
* Use splvm() -- we're blocking things that would cause
|
|
|
|
* mbuf allocation.
|
|
|
|
*/
|
|
|
|
s = splvm();
|
1998-12-19 00:38:02 +03:00
|
|
|
if (tp->t_flags & TF_REASSEMBLING) {
|
|
|
|
splx(s);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
tp->t_flags |= TF_REASSEMBLING;
|
|
|
|
splx(s);
|
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
|
2006-02-16 23:17:12 +03:00
|
|
|
static __inline void
|
2008-02-27 22:41:51 +03:00
|
|
|
tcp_reass_unlock(struct tcpcb *tp)
|
1998-12-19 00:38:02 +03:00
|
|
|
{
|
|
|
|
int s;
|
|
|
|
|
2001-04-14 03:29:55 +04:00
|
|
|
s = splvm();
|
1998-12-19 00:38:02 +03:00
|
|
|
tp->t_flags &= ~TF_REASSEMBLING;
|
|
|
|
splx(s);
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef DIAGNOSTIC
|
|
|
|
#define TCP_REASS_LOCK(tp) \
|
|
|
|
do { \
|
|
|
|
if (tcp_reass_lock_try(tp) == 0) { \
|
|
|
|
printf("%s:%d: tcpcb %p reass already locked\n", \
|
|
|
|
__FILE__, __LINE__, tp); \
|
|
|
|
panic("tcp_reass_lock"); \
|
|
|
|
} \
|
2002-11-02 10:20:42 +03:00
|
|
|
} while (/*CONSTCOND*/ 0)
|
1998-12-19 00:38:02 +03:00
|
|
|
#define TCP_REASS_LOCK_CHECK(tp) \
|
|
|
|
do { \
|
|
|
|
if (((tp)->t_flags & TF_REASSEMBLING) == 0) { \
|
|
|
|
printf("%s:%d: tcpcb %p reass lock not held\n", \
|
|
|
|
__FILE__, __LINE__, tp); \
|
|
|
|
panic("tcp reass lock check"); \
|
|
|
|
} \
|
2002-11-02 10:20:42 +03:00
|
|
|
} while (/*CONSTCOND*/ 0)
|
1998-12-19 00:38:02 +03:00
|
|
|
#else
|
|
|
|
#define TCP_REASS_LOCK(tp) (void) tcp_reass_lock_try((tp))
|
|
|
|
#define TCP_REASS_LOCK_CHECK(tp) /* nothing */
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#define TCP_REASS_UNLOCK(tp) tcp_reass_unlock((tp))
|
|
|
|
#endif /* _KERNEL */
|
|
|
|
|
1997-12-31 06:31:23 +03:00
|
|
|
/*
|
|
|
|
* Queue for delayed ACK processing.
|
|
|
|
*/
|
|
|
|
#ifdef _KERNEL
|
2001-09-10 08:24:24 +04:00
|
|
|
extern int tcp_delack_ticks;
|
|
|
|
void tcp_delack(void *);
|
1997-12-31 06:31:23 +03:00
|
|
|
|
2001-09-10 08:24:24 +04:00
|
|
|
#define TCP_RESTART_DELACK(tp) \
|
|
|
|
callout_reset(&(tp)->t_delack_ch, tcp_delack_ticks, \
|
|
|
|
tcp_delack, tp)
|
|
|
|
|
|
|
|
#define TCP_SET_DELACK(tp) \
|
|
|
|
do { \
|
|
|
|
if (((tp)->t_flags & TF_DELACK) == 0) { \
|
|
|
|
(tp)->t_flags |= TF_DELACK; \
|
|
|
|
TCP_RESTART_DELACK(tp); \
|
|
|
|
} \
|
|
|
|
} while (/*CONSTCOND*/0)
|
|
|
|
|
|
|
|
#define TCP_CLEAR_DELACK(tp) \
|
|
|
|
do { \
|
|
|
|
if ((tp)->t_flags & TF_DELACK) { \
|
|
|
|
(tp)->t_flags &= ~TF_DELACK; \
|
|
|
|
callout_stop(&(tp)->t_delack_ch); \
|
|
|
|
} \
|
|
|
|
} while (/*CONSTCOND*/0)
|
1997-12-31 06:31:23 +03:00
|
|
|
#endif /* _KERNEL */
|
|
|
|
|
Two changes, designed to make us even more resilient against TCP
ISS attacks (which we already fend off quite well).
1. First-cut implementation of RFC1948, Steve Bellovin's cryptographic
hash method of generating TCP ISS values. Note, this code is experimental
and disabled by default (experimental enough that I don't export the
variable via sysctl yet, either). There are a couple of issues I'd
like to discuss with Steve, so this code should only be used by people
who really know what they're doing.
2. Per a recent thread on Bugtraq, it's possible to determine a system's
uptime by snooping the RFC1323 TCP timestamp options sent by a host; in
4.4BSD, timestamps are created by incrementing the tcp_now variable
at 2 Hz; there's even a company out there that uses this to determine
web server uptime. According to Newsham's paper "The Problem With
Random Increments", while NetBSD's TCP ISS generation method is much
better than the "random increment" method used by FreeBSD and OpenBSD,
it is still theoretically possible to mount an attack against NetBSD's
method if the attacker knows how many times the tcp_iss_seq variable
has been incremented. By not leaking uptime information, we can make
that much harder to determine. So, we avoid the leak by giving each
TCP connection a timebase of 0.
2001-03-20 23:07:51 +03:00
|
|
|
/*
|
|
|
|
* Compute the current timestamp for a connection.
|
|
|
|
*/
|
|
|
|
#define TCP_TIMESTAMP(tp) (tcp_now - (tp)->ts_timebase)
|
|
|
|
|
1997-07-24 01:26:40 +04:00
|
|
|
/*
|
|
|
|
* Handy way of passing around TCP option info.
|
|
|
|
*/
|
|
|
|
struct tcp_opt_info {
|
|
|
|
int ts_present;
|
|
|
|
u_int32_t ts_val;
|
|
|
|
u_int32_t ts_ecr;
|
|
|
|
u_int16_t maxseg;
|
|
|
|
};
|
|
|
|
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
#define TOF_SIGNATURE 0x0040 /* signature option present */
|
|
|
|
#define TOF_SIGLEN 0x0080 /* sigature length valid (RFC2385) */
|
|
|
|
|
1997-07-24 01:26:40 +04:00
|
|
|
/*
|
1998-04-03 11:54:01 +04:00
|
|
|
* Data for the TCP compressed state engine.
|
1997-07-24 01:26:40 +04:00
|
|
|
*/
|
1999-07-01 12:12:45 +04:00
|
|
|
union syn_cache_sa {
|
|
|
|
struct sockaddr sa;
|
|
|
|
struct sockaddr_in sin;
|
|
|
|
#if 1 /*def INET6*/
|
|
|
|
struct sockaddr_in6 sin6;
|
|
|
|
#endif
|
|
|
|
};
|
|
|
|
|
1997-07-24 01:26:40 +04:00
|
|
|
struct syn_cache {
|
2001-09-12 01:03:20 +04:00
|
|
|
TAILQ_ENTRY(syn_cache) sc_bucketq; /* link on bucket list */
|
2007-07-10 00:51:58 +04:00
|
|
|
callout_t sc_timer; /* rexmt timer */
|
Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.
The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing. Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.
Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously. Of course, all design oversights and bugs are
mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have
introduced routines for allocating, copying, and duplicating,
and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
struct sockaddr *sockaddr_copy(struct sockaddr *dst,
const struct sockaddr *src);
struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging
to the specified family, or NULL if the pool is exhausted. The
returned sockaddr has the right size for that family; sa_family
and sa_len fields are initialized to the family and sockaddr
length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
sockaddr_in). sockaddr_free() puts the given sockaddr back into
its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup()
and strcpy(), respectively. sockaddr_copy() KASSERTs that the
family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address
family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families
use struct route. I have changed the route cache, 'struct route',
so that it does not contain storage space for a sockaddr. Instead,
struct route points to a sockaddr coming from the pool the sockaddr
belongs to. I added a new method to struct route, rtcache_setdst(),
for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say,
rtcache_setdst() failed. I check the return value for NULL
everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route
caches, dom_rtcache. rtflushall(sa_family_t af) looks up the
domain indicated by 'af', walks the domain's list of route caches
and invalidates each one.
2007-05-03 00:40:22 +04:00
|
|
|
struct route sc_route;
|
1999-04-29 07:54:22 +04:00
|
|
|
long sc_win; /* advertised window */
|
|
|
|
int sc_bucketidx; /* our bucket index */
|
1998-04-03 12:02:45 +04:00
|
|
|
u_int32_t sc_hash;
|
1999-04-29 07:54:22 +04:00
|
|
|
u_int32_t sc_timestamp; /* timestamp from SYN */
|
Two changes, designed to make us even more resilient against TCP
ISS attacks (which we already fend off quite well).
1. First-cut implementation of RFC1948, Steve Bellovin's cryptographic
hash method of generating TCP ISS values. Note, this code is experimental
and disabled by default (experimental enough that I don't export the
variable via sysctl yet, either). There are a couple of issues I'd
like to discuss with Steve, so this code should only be used by people
who really know what they're doing.
2. Per a recent thread on Bugtraq, it's possible to determine a system's
uptime by snooping the RFC1323 TCP timestamp options sent by a host; in
4.4BSD, timestamps are created by incrementing the tcp_now variable
at 2 Hz; there's even a company out there that uses this to determine
web server uptime. According to Newsham's paper "The Problem With
Random Increments", while NetBSD's TCP ISS generation method is much
better than the "random increment" method used by FreeBSD and OpenBSD,
it is still theoretically possible to mount an attack against NetBSD's
method if the attacker knows how many times the tcp_iss_seq variable
has been incremented. By not leaking uptime information, we can make
that much harder to determine. So, we avoid the leak by giving each
TCP connection a timebase of 0.
2001-03-20 23:07:51 +03:00
|
|
|
u_int32_t sc_timebase; /* our local timebase */
|
1999-07-01 12:12:45 +04:00
|
|
|
union syn_cache_sa sc_src;
|
|
|
|
union syn_cache_sa sc_dst;
|
1997-07-24 01:26:40 +04:00
|
|
|
tcp_seq sc_irs;
|
|
|
|
tcp_seq sc_iss;
|
1999-04-29 07:54:22 +04:00
|
|
|
u_int sc_rxtcur; /* current rxt timeout */
|
|
|
|
u_int sc_rxttot; /* total time spend on queues */
|
|
|
|
u_short sc_rxtshift; /* for computing backoff */
|
1998-09-09 05:32:27 +04:00
|
|
|
u_short sc_flags;
|
1998-04-01 02:49:09 +04:00
|
|
|
|
1998-09-09 05:32:27 +04:00
|
|
|
#define SCF_UNREACH 0x0001 /* we've had an unreach error */
|
1998-04-03 12:02:45 +04:00
|
|
|
#define SCF_TIMESTAMP 0x0002 /* peer will do timestamps */
|
2003-07-20 20:35:07 +04:00
|
|
|
#define SCF_DEAD 0x0004 /* this entry to be released */
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
#define SCF_SACK_PERMIT 0x0008 /* peer will do SACK */
|
2006-09-05 04:29:35 +04:00
|
|
|
#define SCF_ECN_PERMIT 0x0010 /* peer will do ECN */
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
#define SCF_SIGNATURE 0x40 /* send MD5 digests */
|
1998-04-01 02:49:09 +04:00
|
|
|
|
1998-04-07 09:09:19 +04:00
|
|
|
struct mbuf *sc_ipopts; /* IP options */
|
1997-07-24 01:26:40 +04:00
|
|
|
u_int16_t sc_peermaxseg;
|
1997-09-23 01:49:55 +04:00
|
|
|
u_int16_t sc_ourmaxseg;
|
1997-07-24 01:26:40 +04:00
|
|
|
u_int8_t sc_request_r_scale : 4,
|
|
|
|
sc_requested_s_scale : 4;
|
1999-08-25 19:23:12 +04:00
|
|
|
|
|
|
|
struct tcpcb *sc_tp; /* tcb for listening socket */
|
|
|
|
LIST_ENTRY(syn_cache) sc_tpq; /* list of entries by same tp */
|
1997-07-24 01:26:40 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
struct syn_cache_head {
|
2001-09-12 01:03:20 +04:00
|
|
|
TAILQ_HEAD(, syn_cache) sch_bucket; /* bucket entries */
|
1998-05-07 05:37:27 +04:00
|
|
|
u_short sch_length; /* # entries in bucket */
|
1997-07-24 01:26:40 +04:00
|
|
|
};
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
#define intotcpcb(ip) ((struct tcpcb *)(ip)->inp_ppcb)
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
|
|
|
#define in6totcpcb(ip) ((struct tcpcb *)(ip)->in6p_ppcb)
|
|
|
|
#endif
|
|
|
|
#ifndef INET6
|
1993-03-21 12:45:37 +03:00
|
|
|
#define sototcpcb(so) (intotcpcb(sotoinpcb(so)))
|
1999-07-01 12:12:45 +04:00
|
|
|
#else
|
1999-08-12 20:04:52 +04:00
|
|
|
#define sototcpcb(so) (((so)->so_proto->pr_domain->dom_family == AF_INET) \
|
|
|
|
? intotcpcb(sotoinpcb(so)) \
|
|
|
|
: in6totcpcb(sotoin6pcb(so)))
|
1999-07-01 12:12:45 +04:00
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The smoothed round-trip time and estimated variance
|
|
|
|
* are stored as fixed point numbers scaled by the values below.
|
|
|
|
* For convenience, these scales are also used in smoothing the average
|
|
|
|
* (smoothed = (1/scale)sample + ((scale-1)/scale)smoothed).
|
|
|
|
* With these scales, srtt has 3 bits to the right of the binary point,
|
|
|
|
* and thus an "ALPHA" of 0.875. rttvar has 2 bits to the right of the
|
|
|
|
* binary point, and is smoothed with an ALPHA of 0.75.
|
|
|
|
*/
|
|
|
|
#define TCP_RTT_SHIFT 3 /* shift for srtt; 3 bits frac. */
|
|
|
|
#define TCP_RTTVAR_SHIFT 2 /* multiplier for rttvar; 2 bits */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The initial retransmission should happen at rtt + 4 * rttvar.
|
|
|
|
* Because of the way we do the smoothing, srtt and rttvar
|
|
|
|
* will each average +1/2 tick of bias. When we compute
|
|
|
|
* the retransmit timer, we want 1/2 tick of rounding and
|
|
|
|
* 1 extra tick because of +-1/2 tick uncertainty in the
|
|
|
|
* firing of the timer. The bias will give us exactly the
|
|
|
|
* 1.5 tick we need. But, because the bias is
|
|
|
|
* statistical, we have to test that we don't drop below
|
|
|
|
* the minimum feasible timer (which is 2 ticks).
|
1996-12-10 21:20:19 +03:00
|
|
|
* This macro assumes that the value of 1<<TCP_RTTVAR_SHIFT
|
1993-03-21 12:45:37 +03:00
|
|
|
* is the same as the multiplier for rttvar.
|
|
|
|
*/
|
|
|
|
#define TCP_REXMTVAL(tp) \
|
1995-06-12 00:39:22 +04:00
|
|
|
((((tp)->t_srtt >> TCP_RTT_SHIFT) + (tp)->t_rttvar) >> 2)
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1997-12-12 01:47:24 +03:00
|
|
|
/*
|
|
|
|
* Compute the initial window for slow start.
|
|
|
|
*/
|
1998-04-01 02:49:09 +04:00
|
|
|
#define TCP_INITIAL_WINDOW(iw, segsz) \
|
|
|
|
(((iw) == 0) ? (min(4 * (segsz), max(2 * (segsz), 4380))) : \
|
|
|
|
((segsz) * (iw)))
|
1997-12-12 01:47:24 +03:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* TCP statistics.
|
2008-04-08 05:03:58 +04:00
|
|
|
* Each counter is an unsigned 64-bit value.
|
|
|
|
*
|
|
|
|
* Many of these should be kept per connection, but that's inconvenient
|
|
|
|
* at the moment.
|
1993-03-21 12:45:37 +03:00
|
|
|
*/
|
2008-04-08 05:03:58 +04:00
|
|
|
#define TCP_STAT_CONNATTEMPT 0 /* connections initiated */
|
|
|
|
#define TCP_STAT_ACCEPTS 1 /* connections accepted */
|
|
|
|
#define TCP_STAT_CONNECTS 2 /* connections established */
|
|
|
|
#define TCP_STAT_DROPS 3 /* connections dropped */
|
|
|
|
#define TCP_STAT_CONNDROPS 4 /* embryonic connections dropped */
|
|
|
|
#define TCP_STAT_CLOSED 5 /* conn. closed (includes drops) */
|
|
|
|
#define TCP_STAT_SEGSTIMED 6 /* segs where we tried to get rtt */
|
|
|
|
#define TCP_STAT_RTTUPDATED 7 /* times we succeeded */
|
|
|
|
#define TCP_STAT_DELACK 8 /* delayed ACKs sent */
|
|
|
|
#define TCP_STAT_TIMEOUTDROP 9 /* conn. dropped in rxmt timeout */
|
|
|
|
#define TCP_STAT_REXMTTIMEO 10 /* retransmit timeouts */
|
|
|
|
#define TCP_STAT_PERSISTTIMEO 11 /* persist timeouts */
|
|
|
|
#define TCP_STAT_KEEPTIMEO 12 /* keepalive timeouts */
|
|
|
|
#define TCP_STAT_KEEPPROBE 13 /* keepalive probes sent */
|
|
|
|
#define TCP_STAT_KEEPDROPS 14 /* connections dropped in keepalive */
|
|
|
|
#define TCP_STAT_PERSISTDROPS 15 /* connections dropped in persist */
|
|
|
|
#define TCP_STAT_CONNSDRAINED 16 /* connections drained due to memory
|
1997-12-10 04:58:07 +03:00
|
|
|
shortage */
|
2008-04-08 05:03:58 +04:00
|
|
|
#define TCP_STAT_PMTUBLACKHOLE 17 /* PMTUD blackhole detected */
|
|
|
|
#define TCP_STAT_SNDTOTAL 18 /* total packets sent */
|
|
|
|
#define TCP_STAT_SNDPACK 19 /* data packlets sent */
|
|
|
|
#define TCP_STAT_SNDBYTE 20 /* data bytes sent */
|
|
|
|
#define TCP_STAT_SNDREXMITPACK 21 /* data packets retransmitted */
|
|
|
|
#define TCP_STAT_SNDREXMITBYTE 22 /* data bytes retransmitted */
|
|
|
|
#define TCP_STAT_SNDACKS 23 /* ACK-only packets sent */
|
|
|
|
#define TCP_STAT_SNDPROBE 24 /* window probes sent */
|
|
|
|
#define TCP_STAT_SNDURG 25 /* packets sent with URG only */
|
|
|
|
#define TCP_STAT_SNDWINUP 26 /* window update-only packets sent */
|
|
|
|
#define TCP_STAT_SNDCTRL 27 /* control (SYN|FIN|RST) packets sent */
|
|
|
|
#define TCP_STAT_RCVTOTAL 28 /* total packets received */
|
|
|
|
#define TCP_STAT_RCVPACK 29 /* packets received in sequence */
|
|
|
|
#define TCP_STAT_RCVBYTE 30 /* bytes received in sequence */
|
|
|
|
#define TCP_STAT_RCVBADSUM 31 /* packets received with cksum errs */
|
|
|
|
#define TCP_STAT_RCVBADOFF 32 /* packets received with bad offset */
|
|
|
|
#define TCP_STAT_RCVMEMDROP 33 /* packets dropped for lack of memory */
|
|
|
|
#define TCP_STAT_RCVSHORT 34 /* packets received too short */
|
|
|
|
#define TCP_STAT_RCVDUPPACK 35 /* duplicate-only packets received */
|
|
|
|
#define TCP_STAT_RCVDUPBYTE 36 /* duplicate-only bytes received */
|
|
|
|
#define TCP_STAT_RCVPARTDUPPACK 37 /* packets with some duplicate data */
|
|
|
|
#define TCP_STAT_RCVPARTDUPBYTE 38 /* dup. bytes in part-dup. packets */
|
|
|
|
#define TCP_STAT_RCVOOPACK 39 /* out-of-order packets received */
|
|
|
|
#define TCP_STAT_RCVOOBYTE 40 /* out-of-order bytes received */
|
|
|
|
#define TCP_STAT_RCVPACKAFTERWIN 41 /* packets with data after window */
|
|
|
|
#define TCP_STAT_RCVBYTEAFTERWIN 42 /* bytes received after window */
|
|
|
|
#define TCP_STAT_RCVAFTERCLOSE 43 /* packets received after "close" */
|
|
|
|
#define TCP_STAT_RCVWINPROBE 44 /* rcvd window probe packets */
|
|
|
|
#define TCP_STAT_RCVDUPACK 45 /* rcvd duplicate ACKs */
|
|
|
|
#define TCP_STAT_RCVACKTOOMUCH 46 /* rcvd ACKs for unsent data */
|
|
|
|
#define TCP_STAT_RCVACKPACK 47 /* rcvd ACK packets */
|
|
|
|
#define TCP_STAT_RCVACKBYTE 48 /* bytes ACKed by rcvd ACKs */
|
|
|
|
#define TCP_STAT_RCVWINUPD 49 /* rcvd window update packets */
|
|
|
|
#define TCP_STAT_PAWSDROP 50 /* segments dropped due to PAWS */
|
|
|
|
#define TCP_STAT_PREDACK 51 /* times hdr predict OK for ACKs */
|
|
|
|
#define TCP_STAT_PREDDAT 52 /* times hdr predict OK for data pkts */
|
|
|
|
#define TCP_STAT_PCBHASHMISS 53 /* input packets missing PCB hash */
|
|
|
|
#define TCP_STAT_NOPORT 54 /* no socket on port */
|
|
|
|
#define TCP_STAT_BADSYN 55 /* received ACK for which we have
|
1997-07-24 01:26:40 +04:00
|
|
|
no SYN in compressed state */
|
2008-04-08 05:03:58 +04:00
|
|
|
#define TCP_STAT_DELAYED_FREE 56 /* delayed pool_put() of tcpcb */
|
|
|
|
#define TCP_STAT_SC_ADDED 57 /* # of sc entries added */
|
|
|
|
#define TCP_STAT_SC_COMPLETED 58 /* # of sc connections completed */
|
|
|
|
#define TCP_STAT_SC_TIMED_OUT 59 /* # of sc entries timed out */
|
|
|
|
#define TCP_STAT_SC_OVERFLOWED 60 /* # of sc drops due to overflow */
|
|
|
|
#define TCP_STAT_SC_RESET 61 /* # of sc drops due to RST */
|
|
|
|
#define TCP_STAT_SC_UNREACH 62 /* # of sc drops due to ICMP unreach */
|
|
|
|
#define TCP_STAT_SC_BUCKETOVERFLOW 63 /* # of sc drops due to bucket ovflow */
|
|
|
|
#define TCP_STAT_SC_ABORTED 64 /* # of sc entries aborted (no mem) */
|
|
|
|
#define TCP_STAT_SC_DUPESYN 65 /* # of duplicate SYNs received */
|
|
|
|
#define TCP_STAT_SC_DROPPED 66 /* # of SYNs dropped (no route/mem) */
|
|
|
|
#define TCP_STAT_SC_COLLISIONS 67 /* # of sc hash collisions */
|
|
|
|
#define TCP_STAT_SC_RETRANSMITTED 68 /* # of sc retransmissions */
|
|
|
|
#define TCP_STAT_SC_DELAYED_FREE 69 /* # of delayed pool_put()s */
|
|
|
|
#define TCP_STAT_SELFQUENCH 70 /* # of ENOBUFS we get on output */
|
|
|
|
#define TCP_STAT_BADSIG 71 /* # of drops due to bad signature */
|
|
|
|
#define TCP_STAT_GOODSIG 72 /* # of packets with good signature */
|
|
|
|
#define TCP_STAT_ECN_SHS 73 /* # of successful ECN handshakes */
|
|
|
|
#define TCP_STAT_ECN_CE 74 /* # of packets with CE bit */
|
|
|
|
#define TCP_STAT_ECN_ECT 75 /* # of packets with ECT(0) bit */
|
|
|
|
|
|
|
|
#define TCP_NSTATS 76
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1995-09-30 10:02:00 +03:00
|
|
|
/*
|
|
|
|
* Names for TCP sysctl objects.
|
|
|
|
*/
|
1997-07-29 02:18:48 +04:00
|
|
|
#define TCPCTL_RFC1323 1 /* RFC1323 timestamps/scaling */
|
|
|
|
#define TCPCTL_SENDSPACE 2 /* default send buffer */
|
|
|
|
#define TCPCTL_RECVSPACE 3 /* default recv buffer */
|
|
|
|
#define TCPCTL_MSSDFLT 4 /* default seg size */
|
|
|
|
#define TCPCTL_SYN_CACHE_LIMIT 5 /* max size of comp. state engine */
|
|
|
|
#define TCPCTL_SYN_BUCKET_LIMIT 6 /* max size of hash bucket */
|
2001-09-12 01:03:20 +04:00
|
|
|
#if 0 /*obsoleted*/
|
1997-07-29 02:18:48 +04:00
|
|
|
#define TCPCTL_SYN_CACHE_INTER 7 /* interval of comp. state timer */
|
2001-09-12 01:03:20 +04:00
|
|
|
#endif
|
1997-12-12 01:47:24 +03:00
|
|
|
#define TCPCTL_INIT_WIN 8 /* initial window */
|
1998-04-14 01:18:19 +04:00
|
|
|
#define TCPCTL_MSS_IFMTU 9 /* mss from interface, not in_maxmtu */
|
1998-04-30 00:43:29 +04:00
|
|
|
#define TCPCTL_SACK 10 /* RFC2018 selective acknowledgement */
|
|
|
|
#define TCPCTL_WSCALE 11 /* RFC1323 window scaling */
|
|
|
|
#define TCPCTL_TSTAMP 12 /* RFC1323 timestamps */
|
1998-04-30 21:55:27 +04:00
|
|
|
#define TCPCTL_COMPAT_42 13 /* 4.2BSD TCP bug work-arounds */
|
1998-04-30 22:27:20 +04:00
|
|
|
#define TCPCTL_CWM 14 /* Congestion Window Monitoring */
|
|
|
|
#define TCPCTL_CWM_BURSTSIZE 15 /* burst size allowed by CWM */
|
1998-05-02 08:21:58 +04:00
|
|
|
#define TCPCTL_ACK_ON_PUSH 16 /* ACK immediately on PUSH */
|
1998-09-10 14:46:03 +04:00
|
|
|
#define TCPCTL_KEEPIDLE 17 /* keepalive idle time */
|
|
|
|
#define TCPCTL_KEEPINTVL 18 /* keepalive probe interval */
|
|
|
|
#define TCPCTL_KEEPCNT 19 /* keepalive count */
|
|
|
|
#define TCPCTL_SLOWHZ 20 /* PR_SLOWHZ (read-only) */
|
1998-10-06 04:20:44 +04:00
|
|
|
#define TCPCTL_NEWRENO 21 /* NewReno Congestion Control */
|
1999-05-24 00:33:50 +04:00
|
|
|
#define TCPCTL_LOG_REFUSED 22 /* Log refused connections */
|
2000-07-28 08:06:52 +04:00
|
|
|
#if 0 /*obsoleted*/
|
2000-02-15 22:54:11 +03:00
|
|
|
#define TCPCTL_RSTRATELIMIT 23 /* RST rate limit */
|
2000-07-28 08:06:52 +04:00
|
|
|
#endif
|
2000-07-27 15:34:06 +04:00
|
|
|
#define TCPCTL_RSTPPSLIMIT 24 /* RST pps limit */
|
2001-09-10 08:24:24 +04:00
|
|
|
#define TCPCTL_DELACK_TICKS 25 /* # ticks to delay ACK */
|
2003-03-01 07:40:27 +03:00
|
|
|
#define TCPCTL_INIT_WIN_LOCAL 26 /* initial window for local nets */
|
2003-04-20 00:58:35 +04:00
|
|
|
#define TCPCTL_IDENT 27 /* rfc 931 identd */
|
2004-04-20 20:52:12 +04:00
|
|
|
#define TCPCTL_ACKDROPRATELIMIT 28 /* SYN/RST -> ACK rate limit */
|
2004-12-15 07:25:19 +03:00
|
|
|
#define TCPCTL_LOOPBACKCKSUM 29 /* do TCP checksum on loopback */
|
2005-08-05 13:21:25 +04:00
|
|
|
#define TCPCTL_STATS 30 /* TCP statistics */
|
2005-09-06 06:41:14 +04:00
|
|
|
#define TCPCTL_DEBUG 31 /* TCP debug sockets */
|
|
|
|
#define TCPCTL_DEBX 32 /* # of tcp debug sockets */
|
2007-06-26 03:35:12 +04:00
|
|
|
#define TCPCTL_DROP 33 /* drop tcp connection */
|
|
|
|
#define TCPCTL_MAXID 34
|
1995-09-30 10:02:00 +03:00
|
|
|
|
|
|
|
#define TCPCTL_NAMES { \
|
|
|
|
{ 0, 0 }, \
|
|
|
|
{ "rfc1323", CTLTYPE_INT }, \
|
1997-07-29 02:18:48 +04:00
|
|
|
{ "sendspace", CTLTYPE_INT }, \
|
|
|
|
{ "recvspace", CTLTYPE_INT }, \
|
|
|
|
{ "mssdflt", CTLTYPE_INT }, \
|
|
|
|
{ "syn_cache_limit", CTLTYPE_INT }, \
|
|
|
|
{ "syn_bucket_limit", CTLTYPE_INT }, \
|
2001-09-12 01:03:20 +04:00
|
|
|
{ 0, 0 },\
|
1997-12-12 01:47:24 +03:00
|
|
|
{ "init_win", CTLTYPE_INT }, \
|
1998-04-14 01:18:19 +04:00
|
|
|
{ "mss_ifmtu", CTLTYPE_INT }, \
|
1998-04-30 00:43:29 +04:00
|
|
|
{ "sack", CTLTYPE_INT }, \
|
|
|
|
{ "win_scale", CTLTYPE_INT }, \
|
|
|
|
{ "timestamps", CTLTYPE_INT }, \
|
1998-04-30 21:55:27 +04:00
|
|
|
{ "compat_42", CTLTYPE_INT }, \
|
1998-04-30 22:27:20 +04:00
|
|
|
{ "cwm", CTLTYPE_INT }, \
|
|
|
|
{ "cwm_burstsize", CTLTYPE_INT }, \
|
1998-05-02 08:21:58 +04:00
|
|
|
{ "ack_on_push", CTLTYPE_INT }, \
|
1998-09-10 14:46:03 +04:00
|
|
|
{ "keepidle", CTLTYPE_INT }, \
|
|
|
|
{ "keepintvl", CTLTYPE_INT }, \
|
|
|
|
{ "keepcnt", CTLTYPE_INT }, \
|
|
|
|
{ "slowhz", CTLTYPE_INT }, \
|
2006-10-09 20:27:07 +04:00
|
|
|
{ 0, 0 }, \
|
1999-05-24 00:33:50 +04:00
|
|
|
{ "log_refused",CTLTYPE_INT }, \
|
2000-07-28 08:06:52 +04:00
|
|
|
{ 0, 0 }, \
|
2000-07-27 15:34:06 +04:00
|
|
|
{ "rstppslimit", CTLTYPE_INT }, \
|
2001-09-10 08:24:24 +04:00
|
|
|
{ "delack_ticks", CTLTYPE_INT }, \
|
2003-03-01 07:40:27 +03:00
|
|
|
{ "init_win_local", CTLTYPE_INT }, \
|
2003-04-20 00:58:35 +04:00
|
|
|
{ "ident", CTLTYPE_STRUCT }, \
|
2004-04-20 20:52:12 +04:00
|
|
|
{ "ackdropppslimit", CTLTYPE_INT }, \
|
2004-12-15 07:25:19 +03:00
|
|
|
{ "do_loopback_cksum", CTLTYPE_INT }, \
|
2005-08-05 13:21:25 +04:00
|
|
|
{ "stats", CTLTYPE_STRUCT }, \
|
2005-09-06 06:41:14 +04:00
|
|
|
{ "debug", CTLTYPE_STRUCT }, \
|
|
|
|
{ "debx", CTLTYPE_INT }, \
|
2007-06-26 03:35:12 +04:00
|
|
|
{ "drop", CTLTYPE_STRUCT }, \
|
1995-09-30 10:02:00 +03:00
|
|
|
}
|
|
|
|
|
1995-03-27 00:23:52 +04:00
|
|
|
#ifdef _KERNEL
|
2002-05-13 00:33:50 +04:00
|
|
|
extern struct inpcbtable tcbtable; /* head of queue of active tcpcb's */
|
|
|
|
extern u_int32_t tcp_now; /* for RFC 1323 timestamps */
|
1995-09-30 10:02:00 +03:00
|
|
|
extern int tcp_do_rfc1323; /* enabled/disabled? */
|
1998-04-30 00:43:29 +04:00
|
|
|
extern int tcp_do_sack; /* SACK enabled/disabled? */
|
|
|
|
extern int tcp_do_win_scale; /* RFC1323 window scaling enabled/disabled? */
|
|
|
|
extern int tcp_do_timestamps; /* RFC1323 timestamps enabled/disabled? */
|
1997-07-29 02:18:48 +04:00
|
|
|
extern int tcp_mssdflt; /* default seg size */
|
2007-08-02 06:42:40 +04:00
|
|
|
extern int tcp_minmss; /* minimal seg size */
|
1997-12-12 01:47:24 +03:00
|
|
|
extern int tcp_init_win; /* initial window */
|
2003-03-01 07:40:27 +03:00
|
|
|
extern int tcp_init_win_local; /* initial window for local nets */
|
1998-04-14 01:18:19 +04:00
|
|
|
extern int tcp_mss_ifmtu; /* take MSS from interface, not in_maxmtu */
|
1998-04-29 09:16:46 +04:00
|
|
|
extern int tcp_compat_42; /* work around ancient broken TCP peers */
|
1998-04-30 22:27:20 +04:00
|
|
|
extern int tcp_cwm; /* enable Congestion Window Monitoring */
|
|
|
|
extern int tcp_cwm_burstsize; /* burst size allowed by CWM */
|
1998-05-02 08:21:58 +04:00
|
|
|
extern int tcp_ack_on_push; /* ACK immediately on PUSH */
|
1997-07-29 02:18:48 +04:00
|
|
|
extern int tcp_syn_cache_limit; /* max entries for compressed state engine */
|
|
|
|
extern int tcp_syn_bucket_limit;/* max entries per hash bucket */
|
1999-05-24 00:33:50 +04:00
|
|
|
extern int tcp_log_refused; /* log refused connections */
|
2006-09-05 04:29:35 +04:00
|
|
|
extern int tcp_do_ecn; /* TCP ECN enabled/disabled? */
|
|
|
|
extern int tcp_ecn_maxretries; /* Max ECN setup retries */
|
2006-10-16 22:13:56 +04:00
|
|
|
#if NRND > 0
|
|
|
|
extern int tcp_do_rfc1948; /* ISS by cryptographic hash */
|
|
|
|
#endif
|
2005-04-05 05:07:17 +04:00
|
|
|
extern int tcp_sack_tp_maxholes; /* Max holes per connection. */
|
|
|
|
extern int tcp_sack_globalmaxholes; /* Max holes per system. */
|
|
|
|
extern int tcp_sack_globalholes; /* Number of holes present. */
|
2006-10-19 15:40:51 +04:00
|
|
|
extern int tcp_do_abc; /* RFC3465 ABC enabled/disabled? */
|
|
|
|
extern int tcp_abc_aggressive; /* 1: L=2*SMSS 0: L=1*SMSS */
|
1994-01-09 02:07:16 +03:00
|
|
|
|
2000-07-27 15:34:06 +04:00
|
|
|
extern int tcp_rst_ppslim;
|
2004-04-20 20:52:12 +04:00
|
|
|
extern int tcp_ackdrop_ppslim;
|
2000-02-15 22:54:11 +03:00
|
|
|
|
1997-07-29 02:18:48 +04:00
|
|
|
extern int tcp_syn_cache_size;
|
1998-05-07 05:37:27 +04:00
|
|
|
extern struct syn_cache_head tcp_syn_cache[];
|
1997-07-29 02:18:48 +04:00
|
|
|
extern u_long syn_cache_count;
|
1997-07-24 01:26:40 +04:00
|
|
|
|
2003-02-26 09:31:08 +03:00
|
|
|
#ifdef MBUFTRACE
|
|
|
|
extern struct mowner tcp_rx_mowner;
|
|
|
|
extern struct mowner tcp_tx_mowner;
|
2006-12-06 12:10:45 +03:00
|
|
|
extern struct mowner tcp_reass_mowner;
|
|
|
|
extern struct mowner tcp_sock_mowner;
|
|
|
|
extern struct mowner tcp_sock_rx_mowner;
|
|
|
|
extern struct mowner tcp_sock_tx_mowner;
|
2003-02-26 09:31:08 +03:00
|
|
|
extern struct mowner tcp_mowner;
|
|
|
|
#endif
|
|
|
|
|
2007-08-02 06:42:40 +04:00
|
|
|
extern int tcp_do_autorcvbuf;
|
|
|
|
extern int tcp_autorcvbuf_inc;
|
|
|
|
extern int tcp_autorcvbuf_max;
|
|
|
|
extern int tcp_do_autosndbuf;
|
|
|
|
extern int tcp_autosndbuf_inc;
|
|
|
|
extern int tcp_autosndbuf_max;
|
|
|
|
|
|
|
|
|
1998-04-30 00:43:29 +04:00
|
|
|
#define TCPCTL_VARIABLES { \
|
1998-09-10 14:46:03 +04:00
|
|
|
{ 0 }, \
|
|
|
|
{ 1, 0, &tcp_do_rfc1323 }, \
|
|
|
|
{ 1, 0, &tcp_sendspace }, \
|
|
|
|
{ 1, 0, &tcp_recvspace }, \
|
|
|
|
{ 1, 0, &tcp_mssdflt }, \
|
|
|
|
{ 1, 0, &tcp_syn_cache_limit }, \
|
|
|
|
{ 1, 0, &tcp_syn_bucket_limit }, \
|
2001-09-12 01:03:20 +04:00
|
|
|
{ 0 }, \
|
1998-09-10 14:46:03 +04:00
|
|
|
{ 1, 0, &tcp_init_win }, \
|
|
|
|
{ 1, 0, &tcp_mss_ifmtu }, \
|
|
|
|
{ 1, 0, &tcp_do_sack }, \
|
|
|
|
{ 1, 0, &tcp_do_win_scale }, \
|
|
|
|
{ 1, 0, &tcp_do_timestamps }, \
|
|
|
|
{ 1, 0, &tcp_compat_42 }, \
|
|
|
|
{ 1, 0, &tcp_cwm }, \
|
|
|
|
{ 1, 0, &tcp_cwm_burstsize }, \
|
|
|
|
{ 1, 0, &tcp_ack_on_push }, \
|
|
|
|
{ 1, 0, &tcp_keepidle }, \
|
|
|
|
{ 1, 0, &tcp_keepintvl }, \
|
|
|
|
{ 1, 0, &tcp_keepcnt }, \
|
|
|
|
{ 1, 1, 0, PR_SLOWHZ }, \
|
2006-10-09 20:27:07 +04:00
|
|
|
{ 0 }, \
|
1999-05-24 00:33:50 +04:00
|
|
|
{ 1, 0, &tcp_log_refused }, \
|
2000-08-16 02:13:02 +04:00
|
|
|
{ 0 }, \
|
2000-07-27 15:34:06 +04:00
|
|
|
{ 1, 0, &tcp_rst_ppslim }, \
|
2001-09-10 08:24:24 +04:00
|
|
|
{ 1, 0, &tcp_delack_ticks }, \
|
2003-03-01 07:40:27 +03:00
|
|
|
{ 1, 0, &tcp_init_win_local }, \
|
2004-04-20 20:52:12 +04:00
|
|
|
{ 1, 0, &tcp_ackdrop_ppslim }, \
|
1998-04-30 00:43:29 +04:00
|
|
|
}
|
|
|
|
|
2004-05-18 18:44:14 +04:00
|
|
|
struct secasvar;
|
|
|
|
|
2004-04-21 21:49:46 +04:00
|
|
|
int tcp_attach(struct socket *);
|
|
|
|
void tcp_canceltimers(struct tcpcb *);
|
1994-01-09 02:07:16 +03:00
|
|
|
struct tcpcb *
|
2004-04-21 21:49:46 +04:00
|
|
|
tcp_close(struct tcpcb *);
|
|
|
|
int tcp_isdead(struct tcpcb *);
|
2000-10-20 00:22:59 +04:00
|
|
|
#ifdef INET6
|
2008-04-24 15:38:36 +04:00
|
|
|
void *tcp6_ctlinput(int, const struct sockaddr *, void *);
|
1999-07-01 12:12:45 +04:00
|
|
|
#endif
|
KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous
parentheses in return statements.
Cosmetic: don't open-code TAILQ_FOREACH().
Cosmetic: change types of variables to avoid oodles of casts: in
in6_src.c, avoid casts by changing several route_in6 pointers
to struct route pointers. Remove unnecessary casts to caddr_t
elsewhere.
Pave the way for eliminating address family-specific route caches:
soon, struct route will not embed a sockaddr, but it will hold
a reference to an external sockaddr, instead. We will set the
destination sockaddr using rtcache_setdst(). (I created a stub
for it, but it isn't used anywhere, yet.) rtcache_free() will
free the sockaddr. I have extracted from rtcache_free() a helper
subroutine, rtcache_clear(). rtcache_clear() will "forget" a
cached route, but it will not forget the destination by releasing
the sockaddr. I use rtcache_clear() instead of rtcache_free()
in rtcache_update(), because rtcache_update() is not supposed
to forget the destination.
Constify:
1 Introduce const accessor for route->ro_dst, rtcache_getdst().
2 Constify the 'dst' argument to ifnet->if_output(). This
led me to constify a lot of code called by output routines.
3 Constify the sockaddr argument to protosw->pr_ctlinput. This
led me to constify a lot of code called by ctlinput routines.
4 Introduce const macros for converting from a generic sockaddr
to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
satocsin, et cetera.
2007-02-18 01:34:07 +03:00
|
|
|
void *tcp_ctlinput(int, const struct sockaddr *, void *);
|
2008-08-06 19:01:23 +04:00
|
|
|
int tcp_ctloutput(int, struct socket *, struct sockopt *);
|
1994-01-09 02:07:16 +03:00
|
|
|
struct tcpcb *
|
2004-04-21 21:49:46 +04:00
|
|
|
tcp_disconnect(struct tcpcb *);
|
1994-01-09 02:07:16 +03:00
|
|
|
struct tcpcb *
|
2004-04-21 21:49:46 +04:00
|
|
|
tcp_drop(struct tcpcb *, int);
|
2004-05-18 18:44:14 +04:00
|
|
|
#ifdef TCP_SIGNATURE
|
2007-03-04 08:59:00 +03:00
|
|
|
int tcp_signature_apply(void *, void *, u_int);
|
2004-05-18 18:44:14 +04:00
|
|
|
struct secasvar *tcp_signature_getsav(struct mbuf *, struct tcphdr *);
|
|
|
|
int tcp_signature(struct mbuf *, struct tcphdr *, int, struct secasvar *,
|
|
|
|
char *);
|
|
|
|
#endif
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp_drain(void);
|
|
|
|
void tcp_established(struct tcpcb *);
|
|
|
|
void tcp_init(void);
|
2000-10-20 00:22:59 +04:00
|
|
|
#ifdef INET6
|
2004-04-21 21:49:46 +04:00
|
|
|
int tcp6_input(struct mbuf **, int *, int);
|
1999-07-01 12:12:45 +04:00
|
|
|
#endif
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp_input(struct mbuf *, ...);
|
2005-07-19 21:00:02 +04:00
|
|
|
u_int tcp_hdrsz(struct tcpcb *);
|
2004-04-21 21:49:46 +04:00
|
|
|
u_long tcp_mss_to_advertise(const struct ifnet *, int);
|
|
|
|
void tcp_mss_from_peer(struct tcpcb *, int);
|
|
|
|
void tcp_tcpcb_template(void);
|
1994-01-09 02:07:16 +03:00
|
|
|
struct tcpcb *
|
2004-04-21 21:49:46 +04:00
|
|
|
tcp_newtcpcb(int, void *);
|
|
|
|
void tcp_notify(struct inpcb *, int);
|
2000-10-20 00:22:59 +04:00
|
|
|
#ifdef INET6
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp6_notify(struct in6pcb *, int);
|
1999-07-22 16:56:56 +04:00
|
|
|
#endif
|
2004-04-21 21:49:46 +04:00
|
|
|
u_int tcp_optlen(struct tcpcb *);
|
|
|
|
int tcp_output(struct tcpcb *);
|
|
|
|
void tcp_pulloutofband(struct socket *,
|
2004-04-19 01:00:35 +04:00
|
|
|
struct tcphdr *, struct mbuf *, int);
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp_quench(struct inpcb *, int);
|
2000-10-20 00:22:59 +04:00
|
|
|
#ifdef INET6
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp6_quench(struct in6pcb *, int);
|
1999-07-22 16:56:56 +04:00
|
|
|
#endif
|
2005-07-19 21:00:02 +04:00
|
|
|
void tcp_mtudisc(struct inpcb *, int);
|
2005-03-30 00:10:16 +04:00
|
|
|
|
2009-01-29 23:38:22 +03:00
|
|
|
void tcpipqent_init(void);
|
2005-03-30 00:10:16 +04:00
|
|
|
struct ipqent *tcpipqent_alloc(void);
|
|
|
|
void tcpipqent_free(struct ipqent *);
|
|
|
|
|
2004-04-21 21:49:46 +04:00
|
|
|
int tcp_respond(struct tcpcb *, struct mbuf *, struct mbuf *,
|
2004-04-19 01:00:35 +04:00
|
|
|
struct tcphdr *, tcp_seq, tcp_seq, int);
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp_rmx_rtt(struct tcpcb *);
|
|
|
|
void tcp_setpersist(struct tcpcb *);
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
#ifdef TCP_SIGNATURE
|
2004-04-26 07:54:28 +04:00
|
|
|
int tcp_signature_compute(struct mbuf *, struct tcphdr *, int, int,
|
|
|
|
int, u_char *, u_int);
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
#endif
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp_slowtimo(void);
|
1999-07-01 12:12:45 +04:00
|
|
|
struct mbuf *
|
2004-04-21 21:49:46 +04:00
|
|
|
tcp_template(struct tcpcb *);
|
2005-02-06 23:13:09 +03:00
|
|
|
void tcp_trace(short, short, struct tcpcb *, struct mbuf *, int);
|
1994-01-09 02:07:16 +03:00
|
|
|
struct tcpcb *
|
2004-04-21 21:49:46 +04:00
|
|
|
tcp_usrclosed(struct tcpcb *);
|
|
|
|
int tcp_usrreq(struct socket *,
|
2005-12-11 15:16:03 +03:00
|
|
|
int, struct mbuf *, struct mbuf *, struct mbuf *, struct lwp *);
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp_xmit_timer(struct tcpcb *, uint32_t);
|
|
|
|
tcp_seq tcp_new_iss(struct tcpcb *, tcp_seq);
|
|
|
|
tcp_seq tcp_new_iss1(void *, void *, u_int16_t, u_int16_t, size_t,
|
2004-04-19 01:00:35 +04:00
|
|
|
tcp_seq);
|
|
|
|
|
2009-05-27 21:41:03 +04:00
|
|
|
void tcp_sack_init(void);
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
void tcp_new_dsack(struct tcpcb *, tcp_seq, u_int32_t);
|
2006-10-21 14:08:54 +04:00
|
|
|
void tcp_sack_option(struct tcpcb *, const struct tcphdr *,
|
|
|
|
const u_char *, int);
|
|
|
|
void tcp_del_sackholes(struct tcpcb *, const struct tcphdr *);
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
void tcp_free_sackholes(struct tcpcb *);
|
|
|
|
void tcp_sack_adjust(struct tcpcb *tp);
|
|
|
|
struct sackhole *tcp_sack_output(struct tcpcb *tp, int *sack_bytes_rexmt);
|
2006-10-21 14:08:54 +04:00
|
|
|
void tcp_sack_newack(struct tcpcb *, const struct tcphdr *);
|
2005-03-16 03:39:56 +03:00
|
|
|
int tcp_sack_numblks(const struct tcpcb *);
|
|
|
|
#define TCP_SACK_OPTLEN(nblks) ((nblks) * 8 + 2 + 2)
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
|
2008-04-12 09:58:22 +04:00
|
|
|
void tcp_statinc(u_int);
|
|
|
|
void tcp_statadd(u_int, uint64_t);
|
|
|
|
|
2004-04-21 21:49:46 +04:00
|
|
|
int syn_cache_add(struct sockaddr *, struct sockaddr *,
|
1999-07-01 12:12:45 +04:00
|
|
|
struct tcphdr *, unsigned int, struct socket *,
|
2004-04-19 01:00:35 +04:00
|
|
|
struct mbuf *, u_char *, int, struct tcp_opt_info *);
|
2005-05-30 01:41:23 +04:00
|
|
|
void syn_cache_unreach(const struct sockaddr *, const struct sockaddr *,
|
2004-04-19 01:00:35 +04:00
|
|
|
struct tcphdr *);
|
2004-04-21 21:49:46 +04:00
|
|
|
struct socket *syn_cache_get(struct sockaddr *, struct sockaddr *,
|
1999-07-01 12:12:45 +04:00
|
|
|
struct tcphdr *, unsigned int, unsigned int,
|
2004-04-19 01:00:35 +04:00
|
|
|
struct socket *so, struct mbuf *);
|
2004-04-21 21:49:46 +04:00
|
|
|
void syn_cache_init(void);
|
|
|
|
void syn_cache_insert(struct syn_cache *, struct tcpcb *);
|
2005-05-30 01:41:23 +04:00
|
|
|
struct syn_cache *syn_cache_lookup(const struct sockaddr *, const struct sockaddr *,
|
2004-04-19 01:00:35 +04:00
|
|
|
struct syn_cache_head **);
|
2004-04-21 21:49:46 +04:00
|
|
|
void syn_cache_reset(struct sockaddr *, struct sockaddr *,
|
2004-04-19 01:00:35 +04:00
|
|
|
struct tcphdr *);
|
2004-04-21 21:49:46 +04:00
|
|
|
int syn_cache_respond(struct syn_cache *, struct mbuf *);
|
|
|
|
void syn_cache_timer(void *);
|
|
|
|
void syn_cache_cleanup(struct tcpcb *);
|
2004-04-19 01:00:35 +04:00
|
|
|
|
2004-12-21 08:51:31 +03:00
|
|
|
int tcp_input_checksum(int, struct mbuf *, const struct tcphdr *, int, int,
|
|
|
|
int);
|
1993-03-21 12:45:37 +03:00
|
|
|
#endif
|
1998-02-10 04:26:19 +03:00
|
|
|
|
2005-12-11 02:31:41 +03:00
|
|
|
#endif /* !_NETINET_TCP_VAR_H_ */
|