Commit Graph

1256 Commits

Author SHA1 Message Date
jonathan 626b230d59 Add new field ipq_nfrags to struct ipq. Maintain count of fragments
(fragments, not fragmented packets) in each queue entry.
Use ipq_nfrags to maintain a count of total fragments in reassembly queue.
2003-12-08 02:23:27 +00:00
jonathan 27171efb6d KNF: s/unsigned/u_int/, in a couple of places I missed. 2003-12-07 01:18:26 +00:00
jonathan c56097abb8 Replace the single global IP reassembly list/listhead, with a
hashtable of list-heads. Independently re-invented, then reworked to
match similar code in FreeBSD.
2003-12-06 23:56:10 +00:00
atatat 13f8d2ce5f Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al.  Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.

Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded.  Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.

All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.

PS - I'm sorry, but there's a distinct lack of documentation at the
moment.  I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 19:38:21 +00:00
christos 0aac876eae fix unused variable warnings when LARGE_NAT is defined. 2003-12-04 15:32:01 +00:00
scw 7ef39665ff ipflow (IP fast forwarding) is not compatible with FAST_IPSEC either.
XXX: The decision whether or not to fast forward should be made
XXX: dynamically. Using the current approach seriously reduces
XXX: routing performance on gateways with IPsec enabled.
2003-12-04 10:02:35 +00:00
itojun a748550c99 always compile ip_id.c 2003-11-26 21:26:56 +00:00
itojun 326cfe57d2 define RANDOM_IP_ID by default (unifdef -DRANDOM_IP_ID).
one use remains in sys/netipsec, which is kept for freebsd source code compat.
2003-11-26 21:15:47 +00:00
itojun 0864b4939d "seed2" was ruining non-repeating property, so remove it. discussed on tech-net 2003-11-25 18:13:55 +00:00
itojun f51095cf7c knf 2003-11-25 14:44:13 +00:00
scw fd11abcb03 For FAST_IPSEC, ipfilter gets to see wire-format IPsec-encapsulated packets
only. Decapsulated packets bypass ipfilter. This mimics current behaviour
for Kame IPsec.
2003-11-24 20:54:59 +00:00
yamt bba8d5af45 comments on tcp_outflags. 2003-11-20 16:21:48 +00:00
fvdl f2fdecfc92 Correct number of arguments to sysctl_rdint. 2003-11-19 22:40:55 +00:00
jonathan b6e73d53fb Footwork for fast-ipsec and IPv6: when compiling sys/netinet/tcp_input.c
for both FAST_IPSEC and INET6, include <netipsec/ipsec6.h>.
2003-11-19 20:47:00 +00:00
jonathan 130f3bfc26 Patch back support for (badly) randomized IP ids, by request:
* Include "opt_inet.h" everywhere IP-ids are generated with ip_newid(),
  so the RANDOM_IP_ID option is visible. Also in ip_id(), to ensure
  the prototype for ip_randomid() is made visible.

* Add new sysctl to enable randomized IP-ids, provided the kernel was
  configured with RANDOM_IP_ID. (The sysctl defaults to zero, and is
  a read-only zero if RANDOM_IP_ID is not configured).

Note that the implementation of randomized IP ids is still defective,
and should not be enabled at all (even if configured) without
very careful deliberation. Caveat emptor.
2003-11-19 18:39:34 +00:00
jonathan de80d1419e Diff to netinet/ip_input.c (restore ip_id, initialize) for ip_id fix:
Revert the (default) ip_id algorithm to the pre-randomid algorithm,
due to demonstrated low-period repeated IDs from the randomized IP_id
code.  Consensus is that the low-period repetition (much less than
2^15) is not suitable for general-purpose use.

Allocators of new IPv4 IDs should now call the function ip_newid().
Randomized IP_ids is now a config-time option, "options RANDOM_IP_ID".
ip_newid() can use ip_random-id()_IP_ID if and only if configured
with RANDOM_IP_ID. A sysctl knob should be  provided.

This API may be reworked in the near future to support linear ip_id
counters per (src,dst) IP-address pair.
2003-11-17 22:34:16 +00:00
jonathan 995c532c33 Revert the (default) ip_id algorithm to the pre-randomid algorithm,
due to demonstrated low-period repeated IDs from the randomized IP_id
code.  Consensus is that the low-period repetition (much less than
2^15) is not suitable for general-purpose use.

Allocators of new IPv4 IDs should now call the function ip_newid().
Randomized IP_ids is now a config-time option, "options RANDOM_IP_ID".
ip_newid() can use ip_random-id()_IP_ID if and only if configured
with RANDOM_IP_ID. A sysctl knob should be  provided.

This API may be reworked in the near future to support linear ip_id
counters per (src,dst) IP-address pair.
2003-11-17 21:34:27 +00:00
jonathan fa24e6f3f8 Add m_tag_delete_nonpesrsistent(), for deleting all packet tags on
mbuf chains which are recycled (e.g., ICMP reflection, loopback
interface).  A consensus was reached that such recycled packets should
behave (more-or-less) the same way if a new chain had been allocated
and the contents copied to that chain.

Some packet tags may in future be marked as "persistent" (e.g., for
mandatory access controls) and should persist across such deletion.
NetBSD as yet hos no persistent tags, so m_tag_delete_nonpersistent()
just deletes all tags. This should not be relied upon.
2003-11-13 01:48:12 +00:00
itojun d46ad3421a KNF 2003-11-12 15:00:05 +00:00
ragge 4a9b211e76 Remove the FAST_MBSEARCH ifdef, send packet prediction is now default. 2003-11-12 10:48:04 +00:00
jonathan 79bf8521a5 Change global head-of-local-IP-address list from in_ifaddr to
in_ifaddrhead. Recent changes in struct names caused a namespace
collision in fast-ipsec, which are most cleanly fixed by using
"in_ifaddrhead" as the listhead name.
2003-11-11 20:25:26 +00:00
jonathan b86d07f435 Allocate sysctl oid for ipv4 sysctl node "ifq", define symbolic name, and
bump IPCTL_MAXID. (Should have been committed with other ifq sysctl changes).
2003-11-10 20:50:29 +00:00
jonathan 88ba77e705 Make per-protocol network input queue stats visible to userland via
sysctl. Add a protocol-independent sysctl handler to show the per-protocol
"struct ifq' statistics. Add IP(v4) specific call to the handler.
Other protocols can show their per-protocol input statistics by
allocating a sysclt node and calling sysctl_ifq() with their own struct ifq *.

As posted to tech-kern plus improvements/cleanup suggested by Andrew Brown.
2003-11-10 20:03:29 +00:00
simonb a2facef339 Remove some assigned-to but otherwise unused variables. 2003-10-30 01:43:08 +00:00
mycroft d7f0f6de8f Do the previous differently. 2003-10-28 20:27:22 +00:00
provos 57755c156a use a hash table to bind to local ports; suggested by markus friedl
approved: fvdl@
2003-10-28 17:18:37 +00:00
thorpej db71356cd1 - Change callout_setfunc() to require that the callout handle is already
initialized.  Update the txp(4) to compensate.
- Statically initialize the TCP timer callout handles in the tcpcb
  template.  We still use callout_setfunc(), but that call is now much
  less expensive.  Add a comment that the compiler is likely to unroll
  the loop (so don't sweat that it's there).
2003-10-27 16:52:01 +00:00
itojun 3fef2ba893 make it compilable with TCP_DEBUG defined 2003-10-27 07:43:01 +00:00
christos 2017bf9a94 Fix uninitialized variable warning 2003-10-25 18:31:59 +00:00
christos 649137925e initialize off 2003-10-25 08:13:28 +00:00
ragge da20a11a23 Fix the bug in the tcp transmit prediction code.
During testing the prediction counters show a hit-rate on about 85% for
packets sent on a local LAN, and better than 99% for intercontinental
high-speed bulk traffic (!).
2003-10-24 10:25:40 +00:00
enami 935b3c7ad5 Make this file compile again when TCP_OUTPUT_COUNTERS defined. 2003-10-24 03:12:53 +00:00
mycroft 5a8b331f54 Remove all the code to maintain ia_inpcbs. This information was only used to
close sockets on address changes, which was deemed to be a bad idea and was
summarily removed, so there is no point in wasting effort on maintaining it
any more.
2003-10-23 20:55:08 +00:00
thorpej e8a98ee63e Oops, FAST_MBSEARCH counters were swapped; fix it. Pointed out by yamt@. 2003-10-23 17:02:23 +00:00
thorpej 9e4220c00a Oops, a little to aggressive in the previous patch; TCP_TIMER_INIT()
still needs to be in tcp_newtcpcb(), for now.  Pointed out by enami.
2003-10-22 05:55:54 +00:00
thorpej 31923baa46 Rather than zeroing a tcpcb structure and filling in all the fields
individually, create a tcpcb template pre-initialized (and pre-zero'd)
with the static and mostly-static tcpcb parameters.  The template is
now copied into the new tcpcb, which zeros and initializes most of the
tcpcb in one pass.  The template is kept up-to-date as TCP sysctl
variables are changed.

Combined with the previous sb_max change, TCP socket creation is now
25% faster.
2003-10-22 02:45:57 +00:00
thorpej 861856caa0 Add event counters that measure FAST_MBSEARCH. 2003-10-21 21:17:20 +00:00
enami e51f5c64e5 Fix indent. 2003-10-18 13:05:45 +00:00
enami bae9643b84 Increment stats when packet is dropped since there is no room
to put all fragments in the interfaces's send queue.  Some large
UDP packets are dropped here and administrator may want to bump ifqmaxlen.
2003-10-17 20:31:12 +00:00
itojun 5e7b0c710b more correction to ip_fragment; free mbuf correctly if ENOBUFS is raised
during fragmenting.
2003-10-14 06:36:48 +00:00
itojun 00af50df1b avoid mbuf leak on ip_fragment(); obey 4.4bsd mbuf passing rule (mbuf passed
to a function must be freed by the called function on error).
pointed out by enami
2003-10-14 03:38:49 +00:00
mycroft f2fc15d4b5 There is also no reason to use arc4random() here. 2003-10-07 21:24:56 +00:00
itojun 98d5598feb when dropping M_PKTHDR, need to free m_tag associated with it. 2003-10-03 20:56:11 +00:00
itojun 899b67c09a correct ip_fragment() wrt ip->ip_off handling.
do not send out incomplete fragment due to ENOBUFS (behavior change from 4.4BSD)
2003-10-01 23:54:40 +00:00
tls b911732f2a Increase default socket-buffer sizes from 16K to 32K. This increases
throughput significantly in a wide variety of test cases, including
local gigabit ethernet with both jumbo and standard frames,
transcontinental (U.S.) connections with e2e bandwidths ranging from
10Mbit/sec to 155Mbit/sec, and on a variety of test connections
between the NetBSD Project public servers and machines in Australia.

The impact of this change is less dramatic for high-delay connections
when Path MTU is in use but still measurable.

For optimal performance on local gigabit networks, a higher socket
buffer size (at least 64K) will still yield a substantial improvement
in performance, but 32K gets us most of the way there in my test
cases, with only a cost of _doubling_ memory use per socket rather
than _quadrupling_ it.

N.B. Windows NT, at least since Win2k SP2, uses a default socket buffer
     size (or their analogue thereof) of 64K, which is a useful data
     point.
2003-09-29 21:39:35 +00:00
mycroft ca96c7c4ec Remove some code that breaks AH tunnels completely. The comment describing
the purpose of this code appears to be on crack -- it's talking about
end-to-end authentication, but the purpose of an AH tunnel is NOT end-to-end
authentication; it's authentication of the tunnel endpoints.

NB: This does not fix the fact that IPsec leaks "packet tags."
2003-09-28 04:45:14 +00:00
mycroft 3114965161 Fix glaring errors in recent changes. 2003-09-25 00:59:31 +00:00
itojun 8d9a724638 on arplookup() failure, nuke cloned route - otherwise outsider could use massive
number of bogus ARPs for DoS attack.  FreeBSD-SA-03:14.arp
2003-09-24 06:52:47 +00:00
jonathan 5923dedaeb Fast-ipsec can call ip_output() with a null 'struct socket *so'
argument.  So check so is non-NULL before doing the pointer-chasing
dance to find the PCB. (Unless and until we rework fast-ipsec and
KAME, to pass a struct in_pcbhdr * instead of the struct socket *).
2003-09-19 00:27:56 +00:00
itojun a3931fc5ab exp is reserved name under posix 2003-09-16 00:31:55 +00:00