ts_rtt is 1 plus the RTT, so that 0 can mean invalid measurement.
However, the code failed to subtract the 1 back out before use. With
this change, TCP from Massachusetts to France now typically has 1s RTO
values, rather than 1.5s.
This bug was found and fixed by Bev Schwartz of BBN. This material is
based upon work supported by the Defense Advanced Research Projects
Agency and Space and Naval Warfare Systems Center, Pacific, under
Contract No. N66001-09-C-2073. Approved for Public Release,
Distribution Unlimited
sun2 port to proceed beyond trying and failing to build Heimdal.
This is done by:
1) Stop pretending that libipc is a separate library, and instead
build it as part of libkrb5. The version map for libkrb5 needed
to be updated to expose the required symbols from libipc.
2) The lexer in libhx509 needs to use its own prefix, so that the
resulting library can be statically linked with a lexer which
uses the default prefix. This was hidden because libhx509's
version map file (which is only used for the shared libs) hid
away the lexer symbols. Some defines needed tweaking as well
to restore buildability.
3) Excplicitly mention all the required libraries in LDADD+= and
make sure DPADD is set to correspond. This allows static linking;
earlier this relied on shared library dependencies to have all the
libs pulled in. In the process, convert to single-line LDADD+=
and DPADD+= settings. Use Makefile.inc for the common libraries
to the extent possible.
Successfully built from scratch for i386 and sun2 several times,
and for lots of other ports as well.
Discussed with elric@ and christos@.
that actually changed since last time. This gives a noticeable speedup on
slower hardware with dumb framebuffers.
For now this works with VCONS_DRAW_INTR and VCONS_DONT_READ only.
For this to fit, an API change in cryptosoft was adopted from OpenBSD
(addition of a "Setkey" method to hashes) which was done for GCM/GMAC
support there, so it might be useful in the future anyway.
tested against KAME IPSEC
AFAICT, FAST_IPSEC now supports as much as KAME.
implementation thing) from the abstract xform descriptor to
the cryptosoft implementation part -- for sanity, and now clients
of opencrypto don't depend on headers of cipher implementations anymore
instead of arc4random(). AES-CTR is sensitive against IV recurrence
(with the same key / nonce), and a random number doesn't give that
guarantee.
This needs a little API change in cryptosoft -- I've suggested it to
Open/FreeBSD, might change it depending on feedback.
Thanks to Steven Bellovin for hints.
