2005-12-24 23:45:08 +03:00
|
|
|
/* $NetBSD: tcp_var.h,v 1.133 2005/12/24 20:45:09 perry Exp $ */
|
1999-07-01 12:12:45 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
|
|
|
* All rights reserved.
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
1999-07-01 12:12:45 +04:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the name of the project nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
1999-07-01 12:12:45 +04:00
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
1998-02-19 05:36:42 +03:00
|
|
|
|
2002-01-24 05:12:29 +03:00
|
|
|
/*
|
|
|
|
* @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
2002-01-24 05:12:29 +03:00
|
|
|
* NRL grants permission for redistribution and use in source and binary
|
|
|
|
* forms, with or without modification, of the software and documentation
|
|
|
|
* created at NRL provided that the following conditions are met:
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
2002-01-24 05:12:29 +03:00
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
* must display the following acknowledgements:
|
|
|
|
* This product includes software developed by the University of
|
|
|
|
* California, Berkeley and its contributors.
|
|
|
|
* This product includes software developed at the Information
|
|
|
|
* Technology Division, US Naval Research Laboratory.
|
|
|
|
* 4. Neither the name of the NRL nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
2002-01-24 05:12:29 +03:00
|
|
|
* THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
|
|
|
|
* IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
|
|
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
|
|
|
|
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
|
|
|
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
|
|
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
|
|
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
|
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
|
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
2002-06-09 20:33:36 +04:00
|
|
|
*
|
2002-01-24 05:12:29 +03:00
|
|
|
* The views and conclusions contained in the software and documentation
|
|
|
|
* are those of the authors and should not be interpreted as representing
|
|
|
|
* official policies, either expressed or implied, of the US Naval
|
|
|
|
* Research Laboratory (NRL).
|
|
|
|
*/
|
|
|
|
|
1998-02-19 05:36:42 +03:00
|
|
|
/*-
|
2005-03-02 13:20:18 +03:00
|
|
|
* Copyright (c) 1997, 1998, 1999, 2001, 2005 The NetBSD Foundation, Inc.
|
1998-02-19 05:36:42 +03:00
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* This code is derived from software contributed to The NetBSD Foundation
|
|
|
|
* by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
|
|
|
|
* NASA Ames Research Center.
|
2005-03-02 13:20:18 +03:00
|
|
|
* This code is derived from software contributed to The NetBSD Foundation
|
|
|
|
* by Charles M. Hannum.
|
1998-02-19 05:36:42 +03:00
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
* must display the following acknowledgement:
|
|
|
|
* This product includes software developed by the NetBSD
|
|
|
|
* Foundation, Inc. and its contributors.
|
|
|
|
* 4. Neither the name of The NetBSD Foundation nor the names of its
|
|
|
|
* contributors may be used to endorse or promote products derived
|
|
|
|
* from this software without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
|
|
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*/
|
1994-06-29 10:29:24 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
1998-01-05 13:31:44 +03:00
|
|
|
* Copyright (c) 1982, 1986, 1993, 1994, 1995
|
1994-05-13 10:02:48 +04:00
|
|
|
* The Regents of the University of California. All rights reserved.
|
1993-03-21 12:45:37 +03:00
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2003-08-07 20:26:28 +04:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
1993-03-21 12:45:37 +03:00
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
1998-01-05 13:31:44 +03:00
|
|
|
* @(#)tcp_var.h 8.4 (Berkeley) 5/24/95
|
1993-03-21 12:45:37 +03:00
|
|
|
*/
|
|
|
|
|
1998-02-10 04:26:19 +03:00
|
|
|
#ifndef _NETINET_TCP_VAR_H_
|
|
|
|
#define _NETINET_TCP_VAR_H_
|
|
|
|
|
2001-05-30 15:57:16 +04:00
|
|
|
#if defined(_KERNEL_OPT)
|
1999-07-10 03:41:16 +04:00
|
|
|
#include "opt_inet.h"
|
2003-06-23 15:00:59 +04:00
|
|
|
#include "opt_mbuftrace.h"
|
1999-07-31 22:41:15 +04:00
|
|
|
#endif
|
1999-07-10 03:41:16 +04:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Kernel variables for tcp.
|
|
|
|
*/
|
|
|
|
|
2001-09-10 08:24:24 +04:00
|
|
|
#include <sys/callout.h>
|
|
|
|
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
#ifdef TCP_SIGNATURE
|
|
|
|
/*
|
|
|
|
* Defines which are needed by the xform_tcp module and tcp_[in|out]put
|
|
|
|
* for SADB verification and lookup.
|
|
|
|
*/
|
|
|
|
#define TCP_SIGLEN 16 /* length of computed digest in bytes */
|
|
|
|
#define TCP_KEYLEN_MIN 1 /* minimum length of TCP-MD5 key */
|
|
|
|
#define TCP_KEYLEN_MAX 80 /* maximum length of TCP-MD5 key */
|
|
|
|
/*
|
|
|
|
* Only a single SA per host may be specified at this time. An SPI is
|
|
|
|
* needed in order for the KEY_ALLOCSA() lookup to work.
|
|
|
|
*/
|
|
|
|
#define TCP_SIG_SPI 0x1000
|
|
|
|
#endif /* TCP_SIGNATURE */
|
|
|
|
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
/*
|
|
|
|
* SACK option block.
|
|
|
|
*/
|
|
|
|
struct sackblk {
|
|
|
|
tcp_seq left; /* Left edge of sack block. */
|
|
|
|
tcp_seq right; /* Right edge of sack block. */
|
|
|
|
};
|
|
|
|
|
|
|
|
TAILQ_HEAD(sackhead, sackhole);
|
|
|
|
struct sackhole {
|
|
|
|
tcp_seq start;
|
|
|
|
tcp_seq end;
|
|
|
|
tcp_seq rxmit;
|
|
|
|
|
|
|
|
TAILQ_ENTRY(sackhole) sackhole_q;
|
|
|
|
};
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* Tcp control block, one per tcp; fields:
|
|
|
|
*/
|
|
|
|
struct tcpcb {
|
1999-07-01 12:12:45 +04:00
|
|
|
int t_family; /* address family on the wire */
|
1995-11-21 04:07:34 +03:00
|
|
|
struct ipqehead segq; /* sequencing queue */
|
2005-03-16 03:39:56 +03:00
|
|
|
int t_segqlen; /* length of the above */
|
2001-09-11 02:14:26 +04:00
|
|
|
struct callout t_timer[TCPT_NTIMERS];/* tcp timers */
|
1993-03-21 12:45:37 +03:00
|
|
|
short t_state; /* state of this connection */
|
|
|
|
short t_rxtshift; /* log(2) of rexmt exp. backoff */
|
2001-09-10 19:23:09 +04:00
|
|
|
uint32_t t_rxtcur; /* current retransmit value */
|
1993-03-21 12:45:37 +03:00
|
|
|
short t_dupacks; /* consecutive dup acks recd */
|
2005-01-27 06:39:36 +03:00
|
|
|
short t_partialacks; /* partials acks during fast rexmit */
|
1997-11-08 05:35:22 +03:00
|
|
|
u_short t_peermss; /* peer's maximum segment size */
|
1997-09-23 01:49:55 +04:00
|
|
|
u_short t_ourmss; /* our's maximum segment size */
|
1997-11-08 05:35:22 +03:00
|
|
|
u_short t_segsz; /* current segment size in use */
|
1993-03-21 12:45:37 +03:00
|
|
|
char t_force; /* 1 if forcing out a byte */
|
2001-05-27 02:02:57 +04:00
|
|
|
u_int t_flags;
|
1994-05-13 10:02:48 +04:00
|
|
|
#define TF_ACKNOW 0x0001 /* ack peer immediately */
|
|
|
|
#define TF_DELACK 0x0002 /* ack, but try to delay it */
|
|
|
|
#define TF_NODELAY 0x0004 /* don't delay packets to coalesce */
|
|
|
|
#define TF_NOOPT 0x0008 /* don't use tcp options */
|
|
|
|
#define TF_REQ_SCALE 0x0020 /* have/will request window scaling */
|
|
|
|
#define TF_RCVD_SCALE 0x0040 /* other side has requested scaling */
|
|
|
|
#define TF_REQ_TSTMP 0x0080 /* have/will request timestamps */
|
|
|
|
#define TF_RCVD_TSTMP 0x0100 /* a timestamp was received in SYN */
|
|
|
|
#define TF_SACK_PERMIT 0x0200 /* other side said I could SACK */
|
1998-04-01 02:49:09 +04:00
|
|
|
#define TF_SYN_REXMT 0x0400 /* rexmit timer fired on SYN */
|
1998-04-30 00:43:29 +04:00
|
|
|
#define TF_WILL_SACK 0x0800 /* try to use SACK */
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
#define TF_REASSEMBLING 0x1000 /* we're busy reassembling */
|
|
|
|
#define TF_DEAD 0x2000 /* dead and to-be-released */
|
2005-07-19 21:00:02 +04:00
|
|
|
#define TF_PMTUD_PEND 0x4000 /* Path MTU Discovery pending */
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
#define TF_SIGNATURE 0x400000 /* require MD5 digests (RFC2385) */
|
1998-04-30 00:43:29 +04:00
|
|
|
|
1994-05-13 10:02:48 +04:00
|
|
|
|
1999-07-01 12:12:45 +04:00
|
|
|
struct mbuf *t_template; /* skeletal packet for transmit */
|
1993-03-21 12:45:37 +03:00
|
|
|
struct inpcb *t_inpcb; /* back pointer to internet pcb */
|
1999-07-01 12:12:45 +04:00
|
|
|
struct in6pcb *t_in6pcb; /* back pointer to internet pcb */
|
2001-09-10 08:24:24 +04:00
|
|
|
struct callout t_delack_ch; /* delayed ACK callout */
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* The following fields are used as in the protocol specification.
|
|
|
|
* See RFC783, Dec. 1981, page 21.
|
|
|
|
*/
|
|
|
|
/* send sequence variables */
|
|
|
|
tcp_seq snd_una; /* send unacknowledged */
|
|
|
|
tcp_seq snd_nxt; /* send next */
|
|
|
|
tcp_seq snd_up; /* send urgent pointer */
|
|
|
|
tcp_seq snd_wl1; /* window update seg seq number */
|
|
|
|
tcp_seq snd_wl2; /* window update seg ack number */
|
|
|
|
tcp_seq iss; /* initial send sequence number */
|
1994-05-13 10:02:48 +04:00
|
|
|
u_long snd_wnd; /* send window */
|
1998-10-05 01:33:52 +04:00
|
|
|
tcp_seq snd_recover; /* for use in fast recovery */
|
2005-01-27 06:39:36 +03:00
|
|
|
tcp_seq snd_high; /* NewReno false fast rexmit seq */
|
1993-03-21 12:45:37 +03:00
|
|
|
/* receive sequence variables */
|
1994-05-13 10:02:48 +04:00
|
|
|
u_long rcv_wnd; /* receive window */
|
1993-03-21 12:45:37 +03:00
|
|
|
tcp_seq rcv_nxt; /* receive next */
|
|
|
|
tcp_seq rcv_up; /* receive urgent pointer */
|
|
|
|
tcp_seq irs; /* initial receive sequence number */
|
|
|
|
/*
|
|
|
|
* Additional variables for this implementation.
|
|
|
|
*/
|
|
|
|
/* receive variables */
|
|
|
|
tcp_seq rcv_adv; /* advertised window */
|
|
|
|
/* retransmit variables */
|
|
|
|
tcp_seq snd_max; /* highest sequence number sent;
|
|
|
|
* used to recognize retransmits
|
|
|
|
*/
|
|
|
|
/* congestion control (for slow start, source quench, retransmit after loss) */
|
1994-05-13 10:02:48 +04:00
|
|
|
u_long snd_cwnd; /* congestion-controlled window */
|
|
|
|
u_long snd_ssthresh; /* snd_cwnd size threshhold for
|
1993-03-21 12:45:37 +03:00
|
|
|
* for slow start exponential to
|
|
|
|
* linear switch
|
|
|
|
*/
|
|
|
|
/*
|
|
|
|
* transmit timing stuff. See below for scale of srtt and rttvar.
|
|
|
|
* "Variance" is actually smoothed difference.
|
|
|
|
*/
|
2001-09-10 19:23:09 +04:00
|
|
|
uint32_t t_rcvtime; /* time last segment received */
|
|
|
|
uint32_t t_rtttime; /* time we started measuring rtt */
|
1993-03-21 12:45:37 +03:00
|
|
|
tcp_seq t_rtseq; /* sequence number being timed */
|
2001-09-10 19:23:09 +04:00
|
|
|
int32_t t_srtt; /* smoothed round-trip time */
|
|
|
|
int32_t t_rttvar; /* variance in round-trip time */
|
|
|
|
uint32_t t_rttmin; /* minimum rtt allowed */
|
1994-05-13 10:02:48 +04:00
|
|
|
u_long max_sndwnd; /* largest window peer has offered */
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
/* out-of-band data */
|
|
|
|
char t_oobflags; /* have some */
|
|
|
|
char t_iobc; /* input character */
|
|
|
|
#define TCPOOB_HAVEDATA 0x01
|
|
|
|
#define TCPOOB_HADDATA 0x02
|
|
|
|
short t_softerror; /* possible error not yet reported */
|
1994-05-13 10:02:48 +04:00
|
|
|
|
|
|
|
/* RFC 1323 variables */
|
|
|
|
u_char snd_scale; /* window scaling for send window */
|
|
|
|
u_char rcv_scale; /* window scaling for recv window */
|
|
|
|
u_char request_r_scale; /* pending window scaling */
|
|
|
|
u_char requested_s_scale;
|
1995-04-13 10:35:38 +04:00
|
|
|
u_int32_t ts_recent; /* timestamp echo data */
|
1998-04-30 00:43:29 +04:00
|
|
|
u_int32_t ts_recent_age; /* when last updated */
|
Two changes, designed to make us even more resilient against TCP
ISS attacks (which we already fend off quite well).
1. First-cut implementation of RFC1948, Steve Bellovin's cryptographic
hash method of generating TCP ISS values. Note, this code is experimental
and disabled by default (experimental enough that I don't export the
variable via sysctl yet, either). There are a couple of issues I'd
like to discuss with Steve, so this code should only be used by people
who really know what they're doing.
2. Per a recent thread on Bugtraq, it's possible to determine a system's
uptime by snooping the RFC1323 TCP timestamp options sent by a host; in
4.4BSD, timestamps are created by incrementing the tcp_now variable
at 2 Hz; there's even a company out there that uses this to determine
web server uptime. According to Newsham's paper "The Problem With
Random Increments", while NetBSD's TCP ISS generation method is much
better than the "random increment" method used by FreeBSD and OpenBSD,
it is still theoretically possible to mount an attack against NetBSD's
method if the attacker knows how many times the tcp_iss_seq variable
has been incremented. By not leaking uptime information, we can make
that much harder to determine. So, we avoid the leak by giving each
TCP connection a timebase of 0.
2001-03-20 23:07:51 +03:00
|
|
|
u_int32_t ts_timebase; /* our timebase */
|
1994-05-13 10:02:48 +04:00
|
|
|
tcp_seq last_ack_sent;
|
|
|
|
|
1998-04-30 00:43:29 +04:00
|
|
|
/* SACK stuff */
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
#define TCP_SACK_MAX 3
|
|
|
|
#define TCPSACK_NONE 0
|
|
|
|
#define TCPSACK_HAVED 1
|
|
|
|
u_char rcv_sack_flags; /* SACK flags. */
|
|
|
|
struct sackblk rcv_dsack_block; /* RX D-SACK block. */
|
|
|
|
struct ipqehead timeq; /* time sequenced queue. */
|
|
|
|
struct sackhead snd_holes; /* TX SACK holes. */
|
2005-04-05 05:07:17 +04:00
|
|
|
int snd_numholes; /* Number of TX SACK holes. */
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
tcp_seq rcv_lastsack; /* last seq number(+1) sack'd by rcv'r*/
|
|
|
|
tcp_seq sack_newdata; /* New data xmitted in this recovery
|
|
|
|
episode starts at this seq number*/
|
|
|
|
tcp_seq snd_fack; /* FACK TCP. Forward-most data held by
|
|
|
|
peer. */
|
1999-08-25 19:23:12 +04:00
|
|
|
|
|
|
|
/* pointer for syn cache entries*/
|
|
|
|
LIST_HEAD(, syn_cache) t_sc; /* list of entries by this tcb */
|
2003-06-29 22:58:26 +04:00
|
|
|
|
|
|
|
/* prediction of next mbuf when using large window sizes */
|
|
|
|
struct mbuf *t_lastm; /* last mbuf that data was sent from */
|
|
|
|
int t_inoff; /* data offset in previous mbuf */
|
|
|
|
int t_lastoff; /* last data address in mbuf chain */
|
|
|
|
int t_lastlen; /* last length read from mbuf chain */
|
2005-07-19 21:00:02 +04:00
|
|
|
|
|
|
|
/* Path-MTU discovery blackhole detection */
|
|
|
|
int t_mtudisc; /* perform mtudisc for this tcb */
|
|
|
|
/* Path-MTU Discovery Information */
|
|
|
|
u_int t_pmtud_mss_acked; /* MSS acked, lower bound for MTU */
|
|
|
|
u_int t_pmtud_mtu_sent; /* MTU used, upper bound for MTU */
|
|
|
|
tcp_seq t_pmtud_th_seq; /* TCP SEQ from ICMP payload */
|
|
|
|
u_int t_pmtud_nextmtu; /* Advertised Next-Hop MTU from ICMP */
|
|
|
|
u_short t_pmtud_ip_len; /* IP length from ICMP payload */
|
|
|
|
u_short t_pmtud_ip_hl; /* IP header length from ICMP payload */
|
1993-03-21 12:45:37 +03:00
|
|
|
};
|
|
|
|
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
/*
|
|
|
|
* Macros to aid SACK/FACK TCP.
|
|
|
|
*/
|
|
|
|
#define TCP_SACK_ENABLED(tp) (tp->t_flags & TF_WILL_SACK)
|
|
|
|
#define TCP_FACK_FASTRECOV(tp) \
|
|
|
|
(TCP_SACK_ENABLED(tp) && \
|
|
|
|
(SEQ_GT(tp->snd_fack, tp->snd_una + tcprexmtthresh * tp->t_segsz)))
|
|
|
|
|
1998-12-19 00:38:02 +03:00
|
|
|
#ifdef _KERNEL
|
|
|
|
/*
|
|
|
|
* TCP reassembly queue locks.
|
|
|
|
*/
|
2005-12-24 23:45:08 +03:00
|
|
|
static inline int tcp_reass_lock_try (struct tcpcb *)
|
1998-12-19 00:38:02 +03:00
|
|
|
__attribute__((__unused__));
|
2005-12-24 23:45:08 +03:00
|
|
|
static inline void tcp_reass_unlock (struct tcpcb *)
|
1998-12-19 00:38:02 +03:00
|
|
|
__attribute__((__unused__));
|
|
|
|
|
2005-12-24 23:45:08 +03:00
|
|
|
static inline int
|
1998-12-19 00:38:02 +03:00
|
|
|
tcp_reass_lock_try(tp)
|
|
|
|
struct tcpcb *tp;
|
|
|
|
{
|
|
|
|
int s;
|
|
|
|
|
2001-04-14 03:29:55 +04:00
|
|
|
/*
|
|
|
|
* Use splvm() -- we're blocking things that would cause
|
|
|
|
* mbuf allocation.
|
|
|
|
*/
|
|
|
|
s = splvm();
|
1998-12-19 00:38:02 +03:00
|
|
|
if (tp->t_flags & TF_REASSEMBLING) {
|
|
|
|
splx(s);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
tp->t_flags |= TF_REASSEMBLING;
|
|
|
|
splx(s);
|
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
|
2005-12-24 23:45:08 +03:00
|
|
|
static inline void
|
1998-12-19 00:38:02 +03:00
|
|
|
tcp_reass_unlock(tp)
|
|
|
|
struct tcpcb *tp;
|
|
|
|
{
|
|
|
|
int s;
|
|
|
|
|
2001-04-14 03:29:55 +04:00
|
|
|
s = splvm();
|
1998-12-19 00:38:02 +03:00
|
|
|
tp->t_flags &= ~TF_REASSEMBLING;
|
|
|
|
splx(s);
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef DIAGNOSTIC
|
|
|
|
#define TCP_REASS_LOCK(tp) \
|
|
|
|
do { \
|
|
|
|
if (tcp_reass_lock_try(tp) == 0) { \
|
|
|
|
printf("%s:%d: tcpcb %p reass already locked\n", \
|
|
|
|
__FILE__, __LINE__, tp); \
|
|
|
|
panic("tcp_reass_lock"); \
|
|
|
|
} \
|
2002-11-02 10:20:42 +03:00
|
|
|
} while (/*CONSTCOND*/ 0)
|
1998-12-19 00:38:02 +03:00
|
|
|
#define TCP_REASS_LOCK_CHECK(tp) \
|
|
|
|
do { \
|
|
|
|
if (((tp)->t_flags & TF_REASSEMBLING) == 0) { \
|
|
|
|
printf("%s:%d: tcpcb %p reass lock not held\n", \
|
|
|
|
__FILE__, __LINE__, tp); \
|
|
|
|
panic("tcp reass lock check"); \
|
|
|
|
} \
|
2002-11-02 10:20:42 +03:00
|
|
|
} while (/*CONSTCOND*/ 0)
|
1998-12-19 00:38:02 +03:00
|
|
|
#else
|
|
|
|
#define TCP_REASS_LOCK(tp) (void) tcp_reass_lock_try((tp))
|
|
|
|
#define TCP_REASS_LOCK_CHECK(tp) /* nothing */
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#define TCP_REASS_UNLOCK(tp) tcp_reass_unlock((tp))
|
|
|
|
#endif /* _KERNEL */
|
|
|
|
|
1997-12-31 06:31:23 +03:00
|
|
|
/*
|
|
|
|
* Queue for delayed ACK processing.
|
|
|
|
*/
|
|
|
|
#ifdef _KERNEL
|
2001-09-10 08:24:24 +04:00
|
|
|
extern int tcp_delack_ticks;
|
|
|
|
void tcp_delack(void *);
|
1997-12-31 06:31:23 +03:00
|
|
|
|
2001-09-10 08:24:24 +04:00
|
|
|
#define TCP_RESTART_DELACK(tp) \
|
|
|
|
callout_reset(&(tp)->t_delack_ch, tcp_delack_ticks, \
|
|
|
|
tcp_delack, tp)
|
|
|
|
|
|
|
|
#define TCP_SET_DELACK(tp) \
|
|
|
|
do { \
|
|
|
|
if (((tp)->t_flags & TF_DELACK) == 0) { \
|
|
|
|
(tp)->t_flags |= TF_DELACK; \
|
|
|
|
TCP_RESTART_DELACK(tp); \
|
|
|
|
} \
|
|
|
|
} while (/*CONSTCOND*/0)
|
|
|
|
|
|
|
|
#define TCP_CLEAR_DELACK(tp) \
|
|
|
|
do { \
|
|
|
|
if ((tp)->t_flags & TF_DELACK) { \
|
|
|
|
(tp)->t_flags &= ~TF_DELACK; \
|
|
|
|
callout_stop(&(tp)->t_delack_ch); \
|
|
|
|
} \
|
|
|
|
} while (/*CONSTCOND*/0)
|
1997-12-31 06:31:23 +03:00
|
|
|
#endif /* _KERNEL */
|
|
|
|
|
Two changes, designed to make us even more resilient against TCP
ISS attacks (which we already fend off quite well).
1. First-cut implementation of RFC1948, Steve Bellovin's cryptographic
hash method of generating TCP ISS values. Note, this code is experimental
and disabled by default (experimental enough that I don't export the
variable via sysctl yet, either). There are a couple of issues I'd
like to discuss with Steve, so this code should only be used by people
who really know what they're doing.
2. Per a recent thread on Bugtraq, it's possible to determine a system's
uptime by snooping the RFC1323 TCP timestamp options sent by a host; in
4.4BSD, timestamps are created by incrementing the tcp_now variable
at 2 Hz; there's even a company out there that uses this to determine
web server uptime. According to Newsham's paper "The Problem With
Random Increments", while NetBSD's TCP ISS generation method is much
better than the "random increment" method used by FreeBSD and OpenBSD,
it is still theoretically possible to mount an attack against NetBSD's
method if the attacker knows how many times the tcp_iss_seq variable
has been incremented. By not leaking uptime information, we can make
that much harder to determine. So, we avoid the leak by giving each
TCP connection a timebase of 0.
2001-03-20 23:07:51 +03:00
|
|
|
/*
|
|
|
|
* Compute the current timestamp for a connection.
|
|
|
|
*/
|
|
|
|
#define TCP_TIMESTAMP(tp) (tcp_now - (tp)->ts_timebase)
|
|
|
|
|
1997-07-24 01:26:40 +04:00
|
|
|
/*
|
|
|
|
* Handy way of passing around TCP option info.
|
|
|
|
*/
|
|
|
|
struct tcp_opt_info {
|
|
|
|
int ts_present;
|
|
|
|
u_int32_t ts_val;
|
|
|
|
u_int32_t ts_ecr;
|
|
|
|
u_int16_t maxseg;
|
|
|
|
};
|
|
|
|
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
#define TOF_SIGNATURE 0x0040 /* signature option present */
|
|
|
|
#define TOF_SIGLEN 0x0080 /* sigature length valid (RFC2385) */
|
|
|
|
|
1997-07-24 01:26:40 +04:00
|
|
|
/*
|
1998-04-03 11:54:01 +04:00
|
|
|
* Data for the TCP compressed state engine.
|
1997-07-24 01:26:40 +04:00
|
|
|
*/
|
1999-07-01 12:12:45 +04:00
|
|
|
union syn_cache_sa {
|
|
|
|
struct sockaddr sa;
|
|
|
|
struct sockaddr_in sin;
|
|
|
|
#if 1 /*def INET6*/
|
|
|
|
struct sockaddr_in6 sin6;
|
|
|
|
#endif
|
|
|
|
};
|
|
|
|
|
1997-07-24 01:26:40 +04:00
|
|
|
struct syn_cache {
|
2001-09-12 01:03:20 +04:00
|
|
|
TAILQ_ENTRY(syn_cache) sc_bucketq; /* link on bucket list */
|
|
|
|
struct callout sc_timer; /* rexmt timer */
|
1999-07-01 12:12:45 +04:00
|
|
|
union { /* cached route */
|
|
|
|
struct route route4;
|
|
|
|
#ifdef INET6
|
|
|
|
struct route_in6 route6;
|
|
|
|
#endif
|
|
|
|
} sc_route_u;
|
|
|
|
#define sc_route4 sc_route_u.route4
|
|
|
|
#ifdef INET6
|
|
|
|
#define sc_route6 sc_route_u.route6
|
|
|
|
#endif
|
1999-04-29 07:54:22 +04:00
|
|
|
long sc_win; /* advertised window */
|
|
|
|
int sc_bucketidx; /* our bucket index */
|
1998-04-03 12:02:45 +04:00
|
|
|
u_int32_t sc_hash;
|
1999-04-29 07:54:22 +04:00
|
|
|
u_int32_t sc_timestamp; /* timestamp from SYN */
|
Two changes, designed to make us even more resilient against TCP
ISS attacks (which we already fend off quite well).
1. First-cut implementation of RFC1948, Steve Bellovin's cryptographic
hash method of generating TCP ISS values. Note, this code is experimental
and disabled by default (experimental enough that I don't export the
variable via sysctl yet, either). There are a couple of issues I'd
like to discuss with Steve, so this code should only be used by people
who really know what they're doing.
2. Per a recent thread on Bugtraq, it's possible to determine a system's
uptime by snooping the RFC1323 TCP timestamp options sent by a host; in
4.4BSD, timestamps are created by incrementing the tcp_now variable
at 2 Hz; there's even a company out there that uses this to determine
web server uptime. According to Newsham's paper "The Problem With
Random Increments", while NetBSD's TCP ISS generation method is much
better than the "random increment" method used by FreeBSD and OpenBSD,
it is still theoretically possible to mount an attack against NetBSD's
method if the attacker knows how many times the tcp_iss_seq variable
has been incremented. By not leaking uptime information, we can make
that much harder to determine. So, we avoid the leak by giving each
TCP connection a timebase of 0.
2001-03-20 23:07:51 +03:00
|
|
|
u_int32_t sc_timebase; /* our local timebase */
|
1999-07-01 12:12:45 +04:00
|
|
|
union syn_cache_sa sc_src;
|
|
|
|
union syn_cache_sa sc_dst;
|
1997-07-24 01:26:40 +04:00
|
|
|
tcp_seq sc_irs;
|
|
|
|
tcp_seq sc_iss;
|
1999-04-29 07:54:22 +04:00
|
|
|
u_int sc_rxtcur; /* current rxt timeout */
|
|
|
|
u_int sc_rxttot; /* total time spend on queues */
|
|
|
|
u_short sc_rxtshift; /* for computing backoff */
|
1998-09-09 05:32:27 +04:00
|
|
|
u_short sc_flags;
|
1998-04-01 02:49:09 +04:00
|
|
|
|
1998-09-09 05:32:27 +04:00
|
|
|
#define SCF_UNREACH 0x0001 /* we've had an unreach error */
|
1998-04-03 12:02:45 +04:00
|
|
|
#define SCF_TIMESTAMP 0x0002 /* peer will do timestamps */
|
2003-07-20 20:35:07 +04:00
|
|
|
#define SCF_DEAD 0x0004 /* this entry to be released */
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
#define SCF_SACK_PERMIT 0x0008 /* peer will do SACK */
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
#define SCF_SIGNATURE 0x40 /* send MD5 digests */
|
1998-04-01 02:49:09 +04:00
|
|
|
|
1998-04-07 09:09:19 +04:00
|
|
|
struct mbuf *sc_ipopts; /* IP options */
|
1997-07-24 01:26:40 +04:00
|
|
|
u_int16_t sc_peermaxseg;
|
1997-09-23 01:49:55 +04:00
|
|
|
u_int16_t sc_ourmaxseg;
|
1997-07-24 01:26:40 +04:00
|
|
|
u_int8_t sc_request_r_scale : 4,
|
|
|
|
sc_requested_s_scale : 4;
|
1999-08-25 19:23:12 +04:00
|
|
|
|
|
|
|
struct tcpcb *sc_tp; /* tcb for listening socket */
|
|
|
|
LIST_ENTRY(syn_cache) sc_tpq; /* list of entries by same tp */
|
1997-07-24 01:26:40 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
struct syn_cache_head {
|
2001-09-12 01:03:20 +04:00
|
|
|
TAILQ_HEAD(, syn_cache) sch_bucket; /* bucket entries */
|
1998-05-07 05:37:27 +04:00
|
|
|
u_short sch_length; /* # entries in bucket */
|
1997-07-24 01:26:40 +04:00
|
|
|
};
|
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
#define intotcpcb(ip) ((struct tcpcb *)(ip)->inp_ppcb)
|
1999-07-01 12:12:45 +04:00
|
|
|
#ifdef INET6
|
|
|
|
#define in6totcpcb(ip) ((struct tcpcb *)(ip)->in6p_ppcb)
|
|
|
|
#endif
|
|
|
|
#ifndef INET6
|
1993-03-21 12:45:37 +03:00
|
|
|
#define sototcpcb(so) (intotcpcb(sotoinpcb(so)))
|
1999-07-01 12:12:45 +04:00
|
|
|
#else
|
1999-08-12 20:04:52 +04:00
|
|
|
#define sototcpcb(so) (((so)->so_proto->pr_domain->dom_family == AF_INET) \
|
|
|
|
? intotcpcb(sotoinpcb(so)) \
|
|
|
|
: in6totcpcb(sotoin6pcb(so)))
|
1999-07-01 12:12:45 +04:00
|
|
|
#endif
|
1993-03-21 12:45:37 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The smoothed round-trip time and estimated variance
|
|
|
|
* are stored as fixed point numbers scaled by the values below.
|
|
|
|
* For convenience, these scales are also used in smoothing the average
|
|
|
|
* (smoothed = (1/scale)sample + ((scale-1)/scale)smoothed).
|
|
|
|
* With these scales, srtt has 3 bits to the right of the binary point,
|
|
|
|
* and thus an "ALPHA" of 0.875. rttvar has 2 bits to the right of the
|
|
|
|
* binary point, and is smoothed with an ALPHA of 0.75.
|
|
|
|
*/
|
|
|
|
#define TCP_RTT_SHIFT 3 /* shift for srtt; 3 bits frac. */
|
|
|
|
#define TCP_RTTVAR_SHIFT 2 /* multiplier for rttvar; 2 bits */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The initial retransmission should happen at rtt + 4 * rttvar.
|
|
|
|
* Because of the way we do the smoothing, srtt and rttvar
|
|
|
|
* will each average +1/2 tick of bias. When we compute
|
|
|
|
* the retransmit timer, we want 1/2 tick of rounding and
|
|
|
|
* 1 extra tick because of +-1/2 tick uncertainty in the
|
|
|
|
* firing of the timer. The bias will give us exactly the
|
|
|
|
* 1.5 tick we need. But, because the bias is
|
|
|
|
* statistical, we have to test that we don't drop below
|
|
|
|
* the minimum feasible timer (which is 2 ticks).
|
1996-12-10 21:20:19 +03:00
|
|
|
* This macro assumes that the value of 1<<TCP_RTTVAR_SHIFT
|
1993-03-21 12:45:37 +03:00
|
|
|
* is the same as the multiplier for rttvar.
|
|
|
|
*/
|
|
|
|
#define TCP_REXMTVAL(tp) \
|
1995-06-12 00:39:22 +04:00
|
|
|
((((tp)->t_srtt >> TCP_RTT_SHIFT) + (tp)->t_rttvar) >> 2)
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1997-12-12 01:47:24 +03:00
|
|
|
/*
|
|
|
|
* Compute the initial window for slow start.
|
|
|
|
*/
|
1998-04-01 02:49:09 +04:00
|
|
|
#define TCP_INITIAL_WINDOW(iw, segsz) \
|
|
|
|
(((iw) == 0) ? (min(4 * (segsz), max(2 * (segsz), 4380))) : \
|
|
|
|
((segsz) * (iw)))
|
1997-12-12 01:47:24 +03:00
|
|
|
|
1993-03-21 12:45:37 +03:00
|
|
|
/*
|
|
|
|
* TCP statistics.
|
|
|
|
* Many of these should be kept per connection,
|
|
|
|
* but that's inconvenient at the moment.
|
|
|
|
*/
|
|
|
|
struct tcpstat {
|
1999-11-19 13:41:41 +03:00
|
|
|
u_quad_t tcps_connattempt; /* connections initiated */
|
|
|
|
u_quad_t tcps_accepts; /* connections accepted */
|
|
|
|
u_quad_t tcps_connects; /* connections established */
|
|
|
|
u_quad_t tcps_drops; /* connections dropped */
|
|
|
|
u_quad_t tcps_conndrops; /* embryonic connections dropped */
|
|
|
|
u_quad_t tcps_closed; /* conn. closed (includes drops) */
|
|
|
|
u_quad_t tcps_segstimed; /* segs where we tried to get rtt */
|
|
|
|
u_quad_t tcps_rttupdated; /* times we succeeded */
|
|
|
|
u_quad_t tcps_delack; /* delayed acks sent */
|
|
|
|
u_quad_t tcps_timeoutdrop; /* conn. dropped in rxmt timeout */
|
|
|
|
u_quad_t tcps_rexmttimeo; /* retransmit timeouts */
|
|
|
|
u_quad_t tcps_persisttimeo; /* persist timeouts */
|
|
|
|
u_quad_t tcps_keeptimeo; /* keepalive timeouts */
|
|
|
|
u_quad_t tcps_keepprobe; /* keepalive probes sent */
|
|
|
|
u_quad_t tcps_keepdrops; /* connections dropped in keepalive */
|
|
|
|
u_quad_t tcps_persistdrops; /* connections dropped in persist */
|
|
|
|
u_quad_t tcps_connsdrained; /* connections drained due to memory
|
1997-12-10 04:58:07 +03:00
|
|
|
shortage */
|
2002-05-26 20:05:43 +04:00
|
|
|
u_quad_t tcps_pmtublackhole; /* PMTUD blackhole detected */
|
1993-03-21 12:45:37 +03:00
|
|
|
|
1999-11-19 13:41:41 +03:00
|
|
|
u_quad_t tcps_sndtotal; /* total packets sent */
|
|
|
|
u_quad_t tcps_sndpack; /* data packets sent */
|
|
|
|
u_quad_t tcps_sndbyte; /* data bytes sent */
|
|
|
|
u_quad_t tcps_sndrexmitpack; /* data packets retransmitted */
|
|
|
|
u_quad_t tcps_sndrexmitbyte; /* data bytes retransmitted */
|
|
|
|
u_quad_t tcps_sndacks; /* ack-only packets sent */
|
|
|
|
u_quad_t tcps_sndprobe; /* window probes sent */
|
|
|
|
u_quad_t tcps_sndurg; /* packets sent with URG only */
|
|
|
|
u_quad_t tcps_sndwinup; /* window update-only packets sent */
|
|
|
|
u_quad_t tcps_sndctrl; /* control (SYN|FIN|RST) packets sent */
|
|
|
|
|
|
|
|
u_quad_t tcps_rcvtotal; /* total packets received */
|
|
|
|
u_quad_t tcps_rcvpack; /* packets received in sequence */
|
|
|
|
u_quad_t tcps_rcvbyte; /* bytes received in sequence */
|
|
|
|
u_quad_t tcps_rcvbadsum; /* packets received with ccksum errs */
|
|
|
|
u_quad_t tcps_rcvbadoff; /* packets received with bad offset */
|
|
|
|
u_quad_t tcps_rcvmemdrop; /* packets dropped for lack of memory */
|
|
|
|
u_quad_t tcps_rcvshort; /* packets received too short */
|
|
|
|
u_quad_t tcps_rcvduppack; /* duplicate-only packets received */
|
|
|
|
u_quad_t tcps_rcvdupbyte; /* duplicate-only bytes received */
|
|
|
|
u_quad_t tcps_rcvpartduppack; /* packets with some duplicate data */
|
|
|
|
u_quad_t tcps_rcvpartdupbyte; /* dup. bytes in part-dup. packets */
|
|
|
|
u_quad_t tcps_rcvoopack; /* out-of-order packets received */
|
|
|
|
u_quad_t tcps_rcvoobyte; /* out-of-order bytes received */
|
|
|
|
u_quad_t tcps_rcvpackafterwin; /* packets with data after window */
|
|
|
|
u_quad_t tcps_rcvbyteafterwin; /* bytes rcvd after window */
|
|
|
|
u_quad_t tcps_rcvafterclose; /* packets rcvd after "close" */
|
|
|
|
u_quad_t tcps_rcvwinprobe; /* rcvd window probe packets */
|
|
|
|
u_quad_t tcps_rcvdupack; /* rcvd duplicate acks */
|
|
|
|
u_quad_t tcps_rcvacktoomuch; /* rcvd acks for unsent data */
|
|
|
|
u_quad_t tcps_rcvackpack; /* rcvd ack packets */
|
|
|
|
u_quad_t tcps_rcvackbyte; /* bytes acked by rcvd acks */
|
|
|
|
u_quad_t tcps_rcvwinupd; /* rcvd window update packets */
|
|
|
|
u_quad_t tcps_pawsdrop; /* segments dropped due to PAWS */
|
|
|
|
u_quad_t tcps_predack; /* times hdr predict ok for acks */
|
|
|
|
u_quad_t tcps_preddat; /* times hdr predict ok for data pkts */
|
|
|
|
|
|
|
|
u_quad_t tcps_pcbhashmiss; /* input packets missing pcb hash */
|
|
|
|
u_quad_t tcps_noport; /* no socket on port */
|
|
|
|
u_quad_t tcps_badsyn; /* received ack for which we have
|
1997-07-24 01:26:40 +04:00
|
|
|
no SYN in compressed state */
|
2003-07-20 20:35:07 +04:00
|
|
|
u_quad_t tcps_delayed_free; /* delayed pool_put() of tcpcb */
|
1997-07-24 01:26:40 +04:00
|
|
|
|
|
|
|
/* These statistics deal with the SYN cache. */
|
1999-11-19 13:41:41 +03:00
|
|
|
u_quad_t tcps_sc_added; /* # of entries added */
|
|
|
|
u_quad_t tcps_sc_completed; /* # of connections completed */
|
|
|
|
u_quad_t tcps_sc_timed_out; /* # of entries timed out */
|
|
|
|
u_quad_t tcps_sc_overflowed; /* # dropped due to overflow */
|
|
|
|
u_quad_t tcps_sc_reset; /* # dropped due to RST */
|
|
|
|
u_quad_t tcps_sc_unreach; /* # dropped due to ICMP unreach */
|
|
|
|
u_quad_t tcps_sc_bucketoverflow;/* # dropped due to bucket overflow */
|
|
|
|
u_quad_t tcps_sc_aborted; /* # of entries aborted (no mem) */
|
|
|
|
u_quad_t tcps_sc_dupesyn; /* # of duplicate SYNs received */
|
|
|
|
u_quad_t tcps_sc_dropped; /* # of SYNs dropped (no route/mem) */
|
|
|
|
u_quad_t tcps_sc_collisions; /* # of hash collisions */
|
|
|
|
u_quad_t tcps_sc_retransmitted; /* # of retransmissions */
|
2003-07-20 20:35:07 +04:00
|
|
|
u_quad_t tcps_sc_delayed_free; /* # of delayed pool_put()s */
|
2001-07-31 04:57:45 +04:00
|
|
|
|
|
|
|
u_quad_t tcps_selfquench; /* # of ENOBUFS we get on output */
|
2004-05-18 18:44:14 +04:00
|
|
|
u_quad_t tcps_badsig; /* # of drops due to bad signature */
|
|
|
|
u_quad_t tcps_goodsig; /* # of packets with good signature */
|
1993-03-21 12:45:37 +03:00
|
|
|
};
|
|
|
|
|
1995-09-30 10:02:00 +03:00
|
|
|
/*
|
|
|
|
* Names for TCP sysctl objects.
|
|
|
|
*/
|
1997-07-29 02:18:48 +04:00
|
|
|
#define TCPCTL_RFC1323 1 /* RFC1323 timestamps/scaling */
|
|
|
|
#define TCPCTL_SENDSPACE 2 /* default send buffer */
|
|
|
|
#define TCPCTL_RECVSPACE 3 /* default recv buffer */
|
|
|
|
#define TCPCTL_MSSDFLT 4 /* default seg size */
|
|
|
|
#define TCPCTL_SYN_CACHE_LIMIT 5 /* max size of comp. state engine */
|
|
|
|
#define TCPCTL_SYN_BUCKET_LIMIT 6 /* max size of hash bucket */
|
2001-09-12 01:03:20 +04:00
|
|
|
#if 0 /*obsoleted*/
|
1997-07-29 02:18:48 +04:00
|
|
|
#define TCPCTL_SYN_CACHE_INTER 7 /* interval of comp. state timer */
|
2001-09-12 01:03:20 +04:00
|
|
|
#endif
|
1997-12-12 01:47:24 +03:00
|
|
|
#define TCPCTL_INIT_WIN 8 /* initial window */
|
1998-04-14 01:18:19 +04:00
|
|
|
#define TCPCTL_MSS_IFMTU 9 /* mss from interface, not in_maxmtu */
|
1998-04-30 00:43:29 +04:00
|
|
|
#define TCPCTL_SACK 10 /* RFC2018 selective acknowledgement */
|
|
|
|
#define TCPCTL_WSCALE 11 /* RFC1323 window scaling */
|
|
|
|
#define TCPCTL_TSTAMP 12 /* RFC1323 timestamps */
|
1998-04-30 21:55:27 +04:00
|
|
|
#define TCPCTL_COMPAT_42 13 /* 4.2BSD TCP bug work-arounds */
|
1998-04-30 22:27:20 +04:00
|
|
|
#define TCPCTL_CWM 14 /* Congestion Window Monitoring */
|
|
|
|
#define TCPCTL_CWM_BURSTSIZE 15 /* burst size allowed by CWM */
|
1998-05-02 08:21:58 +04:00
|
|
|
#define TCPCTL_ACK_ON_PUSH 16 /* ACK immediately on PUSH */
|
1998-09-10 14:46:03 +04:00
|
|
|
#define TCPCTL_KEEPIDLE 17 /* keepalive idle time */
|
|
|
|
#define TCPCTL_KEEPINTVL 18 /* keepalive probe interval */
|
|
|
|
#define TCPCTL_KEEPCNT 19 /* keepalive count */
|
|
|
|
#define TCPCTL_SLOWHZ 20 /* PR_SLOWHZ (read-only) */
|
1998-10-06 04:20:44 +04:00
|
|
|
#define TCPCTL_NEWRENO 21 /* NewReno Congestion Control */
|
1999-05-24 00:33:50 +04:00
|
|
|
#define TCPCTL_LOG_REFUSED 22 /* Log refused connections */
|
2000-07-28 08:06:52 +04:00
|
|
|
#if 0 /*obsoleted*/
|
2000-02-15 22:54:11 +03:00
|
|
|
#define TCPCTL_RSTRATELIMIT 23 /* RST rate limit */
|
2000-07-28 08:06:52 +04:00
|
|
|
#endif
|
2000-07-27 15:34:06 +04:00
|
|
|
#define TCPCTL_RSTPPSLIMIT 24 /* RST pps limit */
|
2001-09-10 08:24:24 +04:00
|
|
|
#define TCPCTL_DELACK_TICKS 25 /* # ticks to delay ACK */
|
2003-03-01 07:40:27 +03:00
|
|
|
#define TCPCTL_INIT_WIN_LOCAL 26 /* initial window for local nets */
|
2003-04-20 00:58:35 +04:00
|
|
|
#define TCPCTL_IDENT 27 /* rfc 931 identd */
|
2004-04-20 20:52:12 +04:00
|
|
|
#define TCPCTL_ACKDROPRATELIMIT 28 /* SYN/RST -> ACK rate limit */
|
2004-12-15 07:25:19 +03:00
|
|
|
#define TCPCTL_LOOPBACKCKSUM 29 /* do TCP checksum on loopback */
|
2005-08-05 13:21:25 +04:00
|
|
|
#define TCPCTL_STATS 30 /* TCP statistics */
|
2005-09-06 06:41:14 +04:00
|
|
|
#define TCPCTL_DEBUG 31 /* TCP debug sockets */
|
|
|
|
#define TCPCTL_DEBX 32 /* # of tcp debug sockets */
|
|
|
|
#define TCPCTL_MAXID 33
|
1995-09-30 10:02:00 +03:00
|
|
|
|
|
|
|
#define TCPCTL_NAMES { \
|
|
|
|
{ 0, 0 }, \
|
|
|
|
{ "rfc1323", CTLTYPE_INT }, \
|
1997-07-29 02:18:48 +04:00
|
|
|
{ "sendspace", CTLTYPE_INT }, \
|
|
|
|
{ "recvspace", CTLTYPE_INT }, \
|
|
|
|
{ "mssdflt", CTLTYPE_INT }, \
|
|
|
|
{ "syn_cache_limit", CTLTYPE_INT }, \
|
|
|
|
{ "syn_bucket_limit", CTLTYPE_INT }, \
|
2001-09-12 01:03:20 +04:00
|
|
|
{ 0, 0 },\
|
1997-12-12 01:47:24 +03:00
|
|
|
{ "init_win", CTLTYPE_INT }, \
|
1998-04-14 01:18:19 +04:00
|
|
|
{ "mss_ifmtu", CTLTYPE_INT }, \
|
1998-04-30 00:43:29 +04:00
|
|
|
{ "sack", CTLTYPE_INT }, \
|
|
|
|
{ "win_scale", CTLTYPE_INT }, \
|
|
|
|
{ "timestamps", CTLTYPE_INT }, \
|
1998-04-30 21:55:27 +04:00
|
|
|
{ "compat_42", CTLTYPE_INT }, \
|
1998-04-30 22:27:20 +04:00
|
|
|
{ "cwm", CTLTYPE_INT }, \
|
|
|
|
{ "cwm_burstsize", CTLTYPE_INT }, \
|
1998-05-02 08:21:58 +04:00
|
|
|
{ "ack_on_push", CTLTYPE_INT }, \
|
1998-09-10 14:46:03 +04:00
|
|
|
{ "keepidle", CTLTYPE_INT }, \
|
|
|
|
{ "keepintvl", CTLTYPE_INT }, \
|
|
|
|
{ "keepcnt", CTLTYPE_INT }, \
|
|
|
|
{ "slowhz", CTLTYPE_INT }, \
|
1998-10-06 04:20:44 +04:00
|
|
|
{ "newreno", CTLTYPE_INT }, \
|
1999-05-24 00:33:50 +04:00
|
|
|
{ "log_refused",CTLTYPE_INT }, \
|
2000-07-28 08:06:52 +04:00
|
|
|
{ 0, 0 }, \
|
2000-07-27 15:34:06 +04:00
|
|
|
{ "rstppslimit", CTLTYPE_INT }, \
|
2001-09-10 08:24:24 +04:00
|
|
|
{ "delack_ticks", CTLTYPE_INT }, \
|
2003-03-01 07:40:27 +03:00
|
|
|
{ "init_win_local", CTLTYPE_INT }, \
|
2003-04-20 00:58:35 +04:00
|
|
|
{ "ident", CTLTYPE_STRUCT }, \
|
2004-04-20 20:52:12 +04:00
|
|
|
{ "ackdropppslimit", CTLTYPE_INT }, \
|
2004-12-15 07:25:19 +03:00
|
|
|
{ "do_loopback_cksum", CTLTYPE_INT }, \
|
2005-08-05 13:21:25 +04:00
|
|
|
{ "stats", CTLTYPE_STRUCT }, \
|
2005-09-06 06:41:14 +04:00
|
|
|
{ "debug", CTLTYPE_STRUCT }, \
|
|
|
|
{ "debx", CTLTYPE_INT }, \
|
1995-09-30 10:02:00 +03:00
|
|
|
}
|
|
|
|
|
1995-03-27 00:23:52 +04:00
|
|
|
#ifdef _KERNEL
|
2002-05-13 00:33:50 +04:00
|
|
|
extern struct inpcbtable tcbtable; /* head of queue of active tcpcb's */
|
|
|
|
extern struct tcpstat tcpstat; /* tcp statistics */
|
|
|
|
extern u_int32_t tcp_now; /* for RFC 1323 timestamps */
|
1995-09-30 10:02:00 +03:00
|
|
|
extern int tcp_do_rfc1323; /* enabled/disabled? */
|
1998-04-30 00:43:29 +04:00
|
|
|
extern int tcp_do_sack; /* SACK enabled/disabled? */
|
|
|
|
extern int tcp_do_win_scale; /* RFC1323 window scaling enabled/disabled? */
|
|
|
|
extern int tcp_do_timestamps; /* RFC1323 timestamps enabled/disabled? */
|
1998-10-06 04:20:44 +04:00
|
|
|
extern int tcp_do_newreno; /* Use the New Reno algorithms */
|
1997-07-29 02:18:48 +04:00
|
|
|
extern int tcp_mssdflt; /* default seg size */
|
1997-12-12 01:47:24 +03:00
|
|
|
extern int tcp_init_win; /* initial window */
|
2003-03-01 07:40:27 +03:00
|
|
|
extern int tcp_init_win_local; /* initial window for local nets */
|
1998-04-14 01:18:19 +04:00
|
|
|
extern int tcp_mss_ifmtu; /* take MSS from interface, not in_maxmtu */
|
1998-04-29 09:16:46 +04:00
|
|
|
extern int tcp_compat_42; /* work around ancient broken TCP peers */
|
1998-04-30 22:27:20 +04:00
|
|
|
extern int tcp_cwm; /* enable Congestion Window Monitoring */
|
|
|
|
extern int tcp_cwm_burstsize; /* burst size allowed by CWM */
|
1998-05-02 08:21:58 +04:00
|
|
|
extern int tcp_ack_on_push; /* ACK immediately on PUSH */
|
1997-07-29 02:18:48 +04:00
|
|
|
extern int tcp_syn_cache_limit; /* max entries for compressed state engine */
|
|
|
|
extern int tcp_syn_bucket_limit;/* max entries per hash bucket */
|
1999-05-24 00:33:50 +04:00
|
|
|
extern int tcp_log_refused; /* log refused connections */
|
2005-04-05 05:07:17 +04:00
|
|
|
extern int tcp_sack_tp_maxholes; /* Max holes per connection. */
|
|
|
|
extern int tcp_sack_globalmaxholes; /* Max holes per system. */
|
|
|
|
extern int tcp_sack_globalholes; /* Number of holes present. */
|
1994-01-09 02:07:16 +03:00
|
|
|
|
2000-07-27 15:34:06 +04:00
|
|
|
extern int tcp_rst_ppslim;
|
2004-04-20 20:52:12 +04:00
|
|
|
extern int tcp_ackdrop_ppslim;
|
2000-02-15 22:54:11 +03:00
|
|
|
|
1997-07-29 02:18:48 +04:00
|
|
|
extern int tcp_syn_cache_size;
|
1998-05-07 05:37:27 +04:00
|
|
|
extern struct syn_cache_head tcp_syn_cache[];
|
1997-07-29 02:18:48 +04:00
|
|
|
extern u_long syn_cache_count;
|
1997-07-24 01:26:40 +04:00
|
|
|
|
2003-02-26 09:31:08 +03:00
|
|
|
#ifdef MBUFTRACE
|
|
|
|
extern struct mowner tcp_rx_mowner;
|
|
|
|
extern struct mowner tcp_tx_mowner;
|
|
|
|
extern struct mowner tcp_mowner;
|
|
|
|
#endif
|
|
|
|
|
1998-04-30 00:43:29 +04:00
|
|
|
#define TCPCTL_VARIABLES { \
|
1998-09-10 14:46:03 +04:00
|
|
|
{ 0 }, \
|
|
|
|
{ 1, 0, &tcp_do_rfc1323 }, \
|
|
|
|
{ 1, 0, &tcp_sendspace }, \
|
|
|
|
{ 1, 0, &tcp_recvspace }, \
|
|
|
|
{ 1, 0, &tcp_mssdflt }, \
|
|
|
|
{ 1, 0, &tcp_syn_cache_limit }, \
|
|
|
|
{ 1, 0, &tcp_syn_bucket_limit }, \
|
2001-09-12 01:03:20 +04:00
|
|
|
{ 0 }, \
|
1998-09-10 14:46:03 +04:00
|
|
|
{ 1, 0, &tcp_init_win }, \
|
|
|
|
{ 1, 0, &tcp_mss_ifmtu }, \
|
|
|
|
{ 1, 0, &tcp_do_sack }, \
|
|
|
|
{ 1, 0, &tcp_do_win_scale }, \
|
|
|
|
{ 1, 0, &tcp_do_timestamps }, \
|
|
|
|
{ 1, 0, &tcp_compat_42 }, \
|
|
|
|
{ 1, 0, &tcp_cwm }, \
|
|
|
|
{ 1, 0, &tcp_cwm_burstsize }, \
|
|
|
|
{ 1, 0, &tcp_ack_on_push }, \
|
|
|
|
{ 1, 0, &tcp_keepidle }, \
|
|
|
|
{ 1, 0, &tcp_keepintvl }, \
|
|
|
|
{ 1, 0, &tcp_keepcnt }, \
|
|
|
|
{ 1, 1, 0, PR_SLOWHZ }, \
|
1998-10-06 04:20:44 +04:00
|
|
|
{ 1, 0, &tcp_do_newreno }, \
|
1999-05-24 00:33:50 +04:00
|
|
|
{ 1, 0, &tcp_log_refused }, \
|
2000-08-16 02:13:02 +04:00
|
|
|
{ 0 }, \
|
2000-07-27 15:34:06 +04:00
|
|
|
{ 1, 0, &tcp_rst_ppslim }, \
|
2001-09-10 08:24:24 +04:00
|
|
|
{ 1, 0, &tcp_delack_ticks }, \
|
2003-03-01 07:40:27 +03:00
|
|
|
{ 1, 0, &tcp_init_win_local }, \
|
2004-04-20 20:52:12 +04:00
|
|
|
{ 1, 0, &tcp_ackdrop_ppslim }, \
|
1998-04-30 00:43:29 +04:00
|
|
|
}
|
|
|
|
|
Changes to allow the IPv4 and IPv6 layers to align headers themseves,
as necessary:
* Implement a new mbuf utility routine, m_copyup(), is is like
m_pullup(), except that it always prepends and copies, rather
than only doing so if the desired length is larger than m->m_len.
m_copyup() also allows an offset into the destination mbuf, which
allows space for packet headers, in the forwarding case.
* Add *_HDR_ALIGNED_P() macros for IP, IPv6, ICMP, and IGMP. These
macros expand to 1 if __NO_STRICT_ALIGNMENT is defined, so that
architectures which do not have strict alignment constraints don't
pay for the test or visit the new align-if-needed path.
* Use the new macros to check if a header needs to be aligned, or to
assert that it already is, as appropriate.
Note: This code is still somewhat experimental. However, the new
code path won't be visited if individual device drivers continue
to guarantee that packets are delivered to layer 3 already properly
aligned (which are rules that are already in use).
2002-07-01 02:40:32 +04:00
|
|
|
#ifdef __NO_STRICT_ALIGNMENT
|
|
|
|
#define TCP_HDR_ALIGNED_P(th) 1
|
|
|
|
#else
|
2004-04-21 21:49:46 +04:00
|
|
|
#define TCP_HDR_ALIGNED_P(th) ((((vaddr_t)(th)) & 3) == 0)
|
Changes to allow the IPv4 and IPv6 layers to align headers themseves,
as necessary:
* Implement a new mbuf utility routine, m_copyup(), is is like
m_pullup(), except that it always prepends and copies, rather
than only doing so if the desired length is larger than m->m_len.
m_copyup() also allows an offset into the destination mbuf, which
allows space for packet headers, in the forwarding case.
* Add *_HDR_ALIGNED_P() macros for IP, IPv6, ICMP, and IGMP. These
macros expand to 1 if __NO_STRICT_ALIGNMENT is defined, so that
architectures which do not have strict alignment constraints don't
pay for the test or visit the new align-if-needed path.
* Use the new macros to check if a header needs to be aligned, or to
assert that it already is, as appropriate.
Note: This code is still somewhat experimental. However, the new
code path won't be visited if individual device drivers continue
to guarantee that packets are delivered to layer 3 already properly
aligned (which are rules that are already in use).
2002-07-01 02:40:32 +04:00
|
|
|
#endif
|
|
|
|
|
2004-05-18 18:44:14 +04:00
|
|
|
struct secasvar;
|
|
|
|
|
2004-04-21 21:49:46 +04:00
|
|
|
int tcp_attach(struct socket *);
|
|
|
|
void tcp_canceltimers(struct tcpcb *);
|
|
|
|
int tcp_timers_invoking(struct tcpcb*);
|
1994-01-09 02:07:16 +03:00
|
|
|
struct tcpcb *
|
2004-04-21 21:49:46 +04:00
|
|
|
tcp_close(struct tcpcb *);
|
|
|
|
int tcp_isdead(struct tcpcb *);
|
2000-10-20 00:22:59 +04:00
|
|
|
#ifdef INET6
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp6_ctlinput(int, struct sockaddr *, void *);
|
1999-07-01 12:12:45 +04:00
|
|
|
#endif
|
2004-04-21 21:49:46 +04:00
|
|
|
void *tcp_ctlinput(int, struct sockaddr *, void *);
|
|
|
|
int tcp_ctloutput(int, struct socket *, int, int, struct mbuf **);
|
1994-01-09 02:07:16 +03:00
|
|
|
struct tcpcb *
|
2004-04-21 21:49:46 +04:00
|
|
|
tcp_disconnect(struct tcpcb *);
|
1994-01-09 02:07:16 +03:00
|
|
|
struct tcpcb *
|
2004-04-21 21:49:46 +04:00
|
|
|
tcp_drop(struct tcpcb *, int);
|
2004-05-18 18:44:14 +04:00
|
|
|
#ifdef TCP_SIGNATURE
|
|
|
|
int tcp_signature_apply(void *, caddr_t, u_int);
|
|
|
|
struct secasvar *tcp_signature_getsav(struct mbuf *, struct tcphdr *);
|
|
|
|
int tcp_signature(struct mbuf *, struct tcphdr *, int, struct secasvar *,
|
|
|
|
char *);
|
|
|
|
#endif
|
|
|
|
int tcp_dooptions(struct tcpcb *, u_char *, int, struct tcphdr *,
|
|
|
|
struct mbuf *, int, struct tcp_opt_info *);
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp_drain(void);
|
|
|
|
void tcp_established(struct tcpcb *);
|
|
|
|
void tcp_init(void);
|
2000-10-20 00:22:59 +04:00
|
|
|
#ifdef INET6
|
2004-04-21 21:49:46 +04:00
|
|
|
int tcp6_input(struct mbuf **, int *, int);
|
1999-07-01 12:12:45 +04:00
|
|
|
#endif
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp_input(struct mbuf *, ...);
|
2005-07-19 21:00:02 +04:00
|
|
|
u_int tcp_hdrsz(struct tcpcb *);
|
2004-04-21 21:49:46 +04:00
|
|
|
u_long tcp_mss_to_advertise(const struct ifnet *, int);
|
|
|
|
void tcp_mss_from_peer(struct tcpcb *, int);
|
|
|
|
void tcp_tcpcb_template(void);
|
1994-01-09 02:07:16 +03:00
|
|
|
struct tcpcb *
|
2004-04-21 21:49:46 +04:00
|
|
|
tcp_newtcpcb(int, void *);
|
|
|
|
void tcp_notify(struct inpcb *, int);
|
2000-10-20 00:22:59 +04:00
|
|
|
#ifdef INET6
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp6_notify(struct in6pcb *, int);
|
1999-07-22 16:56:56 +04:00
|
|
|
#endif
|
2004-04-21 21:49:46 +04:00
|
|
|
u_int tcp_optlen(struct tcpcb *);
|
|
|
|
int tcp_output(struct tcpcb *);
|
|
|
|
void tcp_pulloutofband(struct socket *,
|
2004-04-19 01:00:35 +04:00
|
|
|
struct tcphdr *, struct mbuf *, int);
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp_quench(struct inpcb *, int);
|
2000-10-20 00:22:59 +04:00
|
|
|
#ifdef INET6
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp6_quench(struct in6pcb *, int);
|
1999-07-22 16:56:56 +04:00
|
|
|
#endif
|
2005-07-19 21:00:02 +04:00
|
|
|
void tcp_mtudisc(struct inpcb *, int);
|
2005-03-30 00:10:16 +04:00
|
|
|
|
|
|
|
struct ipqent *tcpipqent_alloc(void);
|
|
|
|
void tcpipqent_free(struct ipqent *);
|
|
|
|
|
2004-04-21 21:49:46 +04:00
|
|
|
int tcp_reass(struct tcpcb *, struct tcphdr *, struct mbuf *, int *);
|
|
|
|
int tcp_respond(struct tcpcb *, struct mbuf *, struct mbuf *,
|
2004-04-19 01:00:35 +04:00
|
|
|
struct tcphdr *, tcp_seq, tcp_seq, int);
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp_rmx_rtt(struct tcpcb *);
|
|
|
|
void tcp_setpersist(struct tcpcb *);
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
#ifdef TCP_SIGNATURE
|
2004-04-26 07:54:28 +04:00
|
|
|
int tcp_signature_compute(struct mbuf *, struct tcphdr *, int, int,
|
|
|
|
int, u_char *, u_int);
|
Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
2004-04-26 02:25:03 +04:00
|
|
|
#endif
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp_slowtimo(void);
|
1999-07-01 12:12:45 +04:00
|
|
|
struct mbuf *
|
2004-04-21 21:49:46 +04:00
|
|
|
tcp_template(struct tcpcb *);
|
2005-02-06 23:13:09 +03:00
|
|
|
void tcp_trace(short, short, struct tcpcb *, struct mbuf *, int);
|
1994-01-09 02:07:16 +03:00
|
|
|
struct tcpcb *
|
2004-04-21 21:49:46 +04:00
|
|
|
tcp_usrclosed(struct tcpcb *);
|
|
|
|
int tcp_usrreq(struct socket *,
|
2005-12-11 15:16:03 +03:00
|
|
|
int, struct mbuf *, struct mbuf *, struct mbuf *, struct lwp *);
|
2004-04-21 21:49:46 +04:00
|
|
|
void tcp_xmit_timer(struct tcpcb *, uint32_t);
|
|
|
|
tcp_seq tcp_new_iss(struct tcpcb *, tcp_seq);
|
|
|
|
tcp_seq tcp_new_iss1(void *, void *, u_int16_t, u_int16_t, size_t,
|
2004-04-19 01:00:35 +04:00
|
|
|
tcp_seq);
|
|
|
|
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
void tcp_new_dsack(struct tcpcb *, tcp_seq, u_int32_t);
|
|
|
|
void tcp_sack_option(struct tcpcb *, struct tcphdr *, u_char *, int);
|
|
|
|
void tcp_del_sackholes(struct tcpcb *, struct tcphdr *);
|
|
|
|
void tcp_free_sackholes(struct tcpcb *);
|
|
|
|
void tcp_sack_adjust(struct tcpcb *tp);
|
|
|
|
struct sackhole *tcp_sack_output(struct tcpcb *tp, int *sack_bytes_rexmt);
|
|
|
|
void tcp_sack_newack(struct tcpcb *, struct tcphdr *);
|
2005-03-16 03:39:56 +03:00
|
|
|
int tcp_sack_numblks(const struct tcpcb *);
|
|
|
|
#define TCP_SACK_OPTLEN(nblks) ((nblks) * 8 + 2 + 2)
|
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz
Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.
The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.
There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.
After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.
2005-02-28 19:20:59 +03:00
|
|
|
|
2004-04-21 21:49:46 +04:00
|
|
|
int syn_cache_add(struct sockaddr *, struct sockaddr *,
|
1999-07-01 12:12:45 +04:00
|
|
|
struct tcphdr *, unsigned int, struct socket *,
|
2004-04-19 01:00:35 +04:00
|
|
|
struct mbuf *, u_char *, int, struct tcp_opt_info *);
|
2005-05-30 01:41:23 +04:00
|
|
|
void syn_cache_unreach(const struct sockaddr *, const struct sockaddr *,
|
2004-04-19 01:00:35 +04:00
|
|
|
struct tcphdr *);
|
2004-04-21 21:49:46 +04:00
|
|
|
struct socket *syn_cache_get(struct sockaddr *, struct sockaddr *,
|
1999-07-01 12:12:45 +04:00
|
|
|
struct tcphdr *, unsigned int, unsigned int,
|
2004-04-19 01:00:35 +04:00
|
|
|
struct socket *so, struct mbuf *);
|
2004-04-21 21:49:46 +04:00
|
|
|
void syn_cache_init(void);
|
|
|
|
void syn_cache_insert(struct syn_cache *, struct tcpcb *);
|
2005-05-30 01:41:23 +04:00
|
|
|
struct syn_cache *syn_cache_lookup(const struct sockaddr *, const struct sockaddr *,
|
2004-04-19 01:00:35 +04:00
|
|
|
struct syn_cache_head **);
|
2004-04-21 21:49:46 +04:00
|
|
|
void syn_cache_reset(struct sockaddr *, struct sockaddr *,
|
2004-04-19 01:00:35 +04:00
|
|
|
struct tcphdr *);
|
2004-04-21 21:49:46 +04:00
|
|
|
int syn_cache_respond(struct syn_cache *, struct mbuf *);
|
|
|
|
void syn_cache_timer(void *);
|
|
|
|
void syn_cache_cleanup(struct tcpcb *);
|
2004-04-19 01:00:35 +04:00
|
|
|
|
2005-01-27 06:39:36 +03:00
|
|
|
void tcp_reno_newack(struct tcpcb *, struct tcphdr *);
|
|
|
|
void tcp_newreno_newack(struct tcpcb *, struct tcphdr *);
|
2004-12-21 08:51:31 +03:00
|
|
|
|
|
|
|
int tcp_input_checksum(int, struct mbuf *, const struct tcphdr *, int, int,
|
|
|
|
int);
|
1993-03-21 12:45:37 +03:00
|
|
|
#endif
|
1998-02-10 04:26:19 +03:00
|
|
|
|
2005-12-11 02:31:41 +03:00
|
|
|
#endif /* !_NETINET_TCP_VAR_H_ */
|