tcp_subr.c (205251) | tcp_subr.c (207369) |
---|---|
1/*- 2 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 16 unchanged lines hidden (view full) --- 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95 30 */ 31 32#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 16 unchanged lines hidden (view full) --- 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95 30 */ 31 32#include <sys/cdefs.h> |
33__FBSDID("$FreeBSD: head/sys/netinet/tcp_subr.c 205251 2010-03-17 18:28:27Z bz $"); | 33__FBSDID("$FreeBSD: head/sys/netinet/tcp_subr.c 207369 2010-04-29 11:52:42Z bz $"); |
34 35#include "opt_compat.h" 36#include "opt_inet.h" 37#include "opt_inet6.h" 38#include "opt_ipsec.h" 39#include "opt_tcpdebug.h" 40 41#include <sys/param.h> --- 64 unchanged lines hidden (view full) --- 106#include <sys/syslog.h> 107#endif /*IPSEC*/ 108 109#include <machine/in_cksum.h> 110#include <sys/md5.h> 111 112#include <security/mac/mac_framework.h> 113 | 34 35#include "opt_compat.h" 36#include "opt_inet.h" 37#include "opt_inet6.h" 38#include "opt_ipsec.h" 39#include "opt_tcpdebug.h" 40 41#include <sys/param.h> --- 64 unchanged lines hidden (view full) --- 106#include <sys/syslog.h> 107#endif /*IPSEC*/ 108 109#include <machine/in_cksum.h> 110#include <sys/md5.h> 111 112#include <security/mac/mac_framework.h> 113 |
114VNET_DEFINE(int, tcp_mssdflt); | 114VNET_DEFINE(int, tcp_mssdflt) = TCP_MSS; |
115#ifdef INET6 | 115#ifdef INET6 |
116VNET_DEFINE(int, tcp_v6mssdflt); | 116VNET_DEFINE(int, tcp_v6mssdflt) = TCP6_MSS; |
117#endif | 117#endif |
118VNET_DEFINE(int, tcp_minmss); 119VNET_DEFINE(int, tcp_do_rfc1323); | |
120 | 118 |
121static VNET_DEFINE(int, icmp_may_rst); 122static VNET_DEFINE(int, tcp_isn_reseed_interval); 123static VNET_DEFINE(int, tcp_inflight_enable); 124static VNET_DEFINE(int, tcp_inflight_rttthresh); 125static VNET_DEFINE(int, tcp_inflight_min); 126static VNET_DEFINE(int, tcp_inflight_max); 127static VNET_DEFINE(int, tcp_inflight_stab); 128 129#define V_icmp_may_rst VNET(icmp_may_rst) 130#define V_tcp_isn_reseed_interval VNET(tcp_isn_reseed_interval) 131#define V_tcp_inflight_enable VNET(tcp_inflight_enable) 132#define V_tcp_inflight_rttthresh VNET(tcp_inflight_rttthresh) 133#define V_tcp_inflight_min VNET(tcp_inflight_min) 134#define V_tcp_inflight_max VNET(tcp_inflight_max) 135#define V_tcp_inflight_stab VNET(tcp_inflight_stab) 136 | |
137static int 138sysctl_net_inet_tcp_mss_check(SYSCTL_HANDLER_ARGS) 139{ 140 int error, new; 141 142 new = V_tcp_mssdflt; 143 error = sysctl_handle_int(oidp, &new, 0, req); 144 if (error == 0 && req->newptr) { --- 44 unchanged lines hidden (view full) --- 189/* 190 * Minimum MSS we accept and use. This prevents DoS attacks where 191 * we are forced to a ridiculous low MSS like 20 and send hundreds 192 * of packets instead of one. The effect scales with the available 193 * bandwidth and quickly saturates the CPU and network interface 194 * with packet generation and sending. Set to zero to disable MINMSS 195 * checking. This setting prevents us from sending too small packets. 196 */ | 119static int 120sysctl_net_inet_tcp_mss_check(SYSCTL_HANDLER_ARGS) 121{ 122 int error, new; 123 124 new = V_tcp_mssdflt; 125 error = sysctl_handle_int(oidp, &new, 0, req); 126 if (error == 0 && req->newptr) { --- 44 unchanged lines hidden (view full) --- 171/* 172 * Minimum MSS we accept and use. This prevents DoS attacks where 173 * we are forced to a ridiculous low MSS like 20 and send hundreds 174 * of packets instead of one. The effect scales with the available 175 * bandwidth and quickly saturates the CPU and network interface 176 * with packet generation and sending. Set to zero to disable MINMSS 177 * checking. This setting prevents us from sending too small packets. 178 */ |
179VNET_DEFINE(int, tcp_minmss) = TCP_MINMSS; |
|
197SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, minmss, CTLFLAG_RW, 198 &VNET_NAME(tcp_minmss), 0, 199 "Minmum TCP Maximum Segment Size"); 200 | 180SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, minmss, CTLFLAG_RW, 181 &VNET_NAME(tcp_minmss), 0, 182 "Minmum TCP Maximum Segment Size"); 183 |
184VNET_DEFINE(int, tcp_do_rfc1323) = 1; |
|
201SYSCTL_VNET_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_RW, 202 &VNET_NAME(tcp_do_rfc1323), 0, 203 "Enable rfc1323 (high performance TCP) extensions"); 204 205static int tcp_log_debug = 0; 206SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_debug, CTLFLAG_RW, 207 &tcp_log_debug, 0, "Log errors caused by incoming TCP segments"); 208 209static int tcp_tcbhashsize = 0; 210SYSCTL_INT(_net_inet_tcp, OID_AUTO, tcbhashsize, CTLFLAG_RDTUN, 211 &tcp_tcbhashsize, 0, "Size of TCP control-block hashtable"); 212 213static int do_tcpdrain = 1; 214SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, &do_tcpdrain, 0, 215 "Enable tcp_drain routine for extra help when low on mbufs"); 216 217SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD, 218 &VNET_NAME(tcbinfo.ipi_count), 0, "Number of active PCBs"); 219 | 185SYSCTL_VNET_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_RW, 186 &VNET_NAME(tcp_do_rfc1323), 0, 187 "Enable rfc1323 (high performance TCP) extensions"); 188 189static int tcp_log_debug = 0; 190SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_debug, CTLFLAG_RW, 191 &tcp_log_debug, 0, "Log errors caused by incoming TCP segments"); 192 193static int tcp_tcbhashsize = 0; 194SYSCTL_INT(_net_inet_tcp, OID_AUTO, tcbhashsize, CTLFLAG_RDTUN, 195 &tcp_tcbhashsize, 0, "Size of TCP control-block hashtable"); 196 197static int do_tcpdrain = 1; 198SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, &do_tcpdrain, 0, 199 "Enable tcp_drain routine for extra help when low on mbufs"); 200 201SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD, 202 &VNET_NAME(tcbinfo.ipi_count), 0, "Number of active PCBs"); 203 |
204static VNET_DEFINE(int, icmp_may_rst) = 1; 205#define V_icmp_may_rst VNET(icmp_may_rst) |
|
220SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_RW, 221 &VNET_NAME(icmp_may_rst), 0, 222 "Certain ICMP unreachable messages may abort connections in SYN_SENT"); 223 | 206SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, icmp_may_rst, CTLFLAG_RW, 207 &VNET_NAME(icmp_may_rst), 0, 208 "Certain ICMP unreachable messages may abort connections in SYN_SENT"); 209 |
210static VNET_DEFINE(int, tcp_isn_reseed_interval) = 0; 211#define V_tcp_isn_reseed_interval VNET(tcp_isn_reseed_interval) |
|
224SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_RW, 225 &VNET_NAME(tcp_isn_reseed_interval), 0, 226 "Seconds between reseeding of ISN secret"); 227 228/* 229 * TCP bandwidth limiting sysctls. Note that the default lower bound of 230 * 1024 exists only for debugging. A good production default would be 231 * something like 6100. 232 */ 233SYSCTL_NODE(_net_inet_tcp, OID_AUTO, inflight, CTLFLAG_RW, 0, 234 "TCP inflight data limiting"); 235 | 212SYSCTL_VNET_INT(_net_inet_tcp, OID_AUTO, isn_reseed_interval, CTLFLAG_RW, 213 &VNET_NAME(tcp_isn_reseed_interval), 0, 214 "Seconds between reseeding of ISN secret"); 215 216/* 217 * TCP bandwidth limiting sysctls. Note that the default lower bound of 218 * 1024 exists only for debugging. A good production default would be 219 * something like 6100. 220 */ 221SYSCTL_NODE(_net_inet_tcp, OID_AUTO, inflight, CTLFLAG_RW, 0, 222 "TCP inflight data limiting"); 223 |
224static VNET_DEFINE(int, tcp_inflight_enable) = 1; 225#define V_tcp_inflight_enable VNET(tcp_inflight_enable) |
|
236SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, enable, CTLFLAG_RW, 237 &VNET_NAME(tcp_inflight_enable), 0, 238 "Enable automatic TCP inflight data limiting"); 239 240static int tcp_inflight_debug = 0; 241SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, debug, CTLFLAG_RW, 242 &tcp_inflight_debug, 0, 243 "Debug TCP inflight calculations"); 244 | 226SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, enable, CTLFLAG_RW, 227 &VNET_NAME(tcp_inflight_enable), 0, 228 "Enable automatic TCP inflight data limiting"); 229 230static int tcp_inflight_debug = 0; 231SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, debug, CTLFLAG_RW, 232 &tcp_inflight_debug, 0, 233 "Debug TCP inflight calculations"); 234 |
235static VNET_DEFINE(int, tcp_inflight_rttthresh); 236#define V_tcp_inflight_rttthresh VNET(tcp_inflight_rttthresh) |
|
245SYSCTL_VNET_PROC(_net_inet_tcp_inflight, OID_AUTO, rttthresh, 246 CTLTYPE_INT|CTLFLAG_RW, &VNET_NAME(tcp_inflight_rttthresh), 0, 247 vnet_sysctl_msec_to_ticks, "I", 248 "RTT threshold below which inflight will deactivate itself"); 249 | 237SYSCTL_VNET_PROC(_net_inet_tcp_inflight, OID_AUTO, rttthresh, 238 CTLTYPE_INT|CTLFLAG_RW, &VNET_NAME(tcp_inflight_rttthresh), 0, 239 vnet_sysctl_msec_to_ticks, "I", 240 "RTT threshold below which inflight will deactivate itself"); 241 |
242static VNET_DEFINE(int, tcp_inflight_min) = 6144; 243#define V_tcp_inflight_min VNET(tcp_inflight_min) |
|
250SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, min, CTLFLAG_RW, 251 &VNET_NAME(tcp_inflight_min), 0, 252 "Lower-bound for TCP inflight window"); 253 | 244SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, min, CTLFLAG_RW, 245 &VNET_NAME(tcp_inflight_min), 0, 246 "Lower-bound for TCP inflight window"); 247 |
248static VNET_DEFINE(int, tcp_inflight_max) = TCP_MAXWIN << TCP_MAX_WINSHIFT; 249#define V_tcp_inflight_max VNET(tcp_inflight_max) |
|
254SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, max, CTLFLAG_RW, 255 &VNET_NAME(tcp_inflight_max), 0, 256 "Upper-bound for TCP inflight window"); 257 | 250SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, max, CTLFLAG_RW, 251 &VNET_NAME(tcp_inflight_max), 0, 252 "Upper-bound for TCP inflight window"); 253 |
254static VNET_DEFINE(int, tcp_inflight_stab) = 20; 255#define V_tcp_inflight_stab VNET(tcp_inflight_stab) |
|
258SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, stab, CTLFLAG_RW, 259 &VNET_NAME(tcp_inflight_stab), 0, 260 "Inflight Algorithm Stabilization 20 = 2 packets"); 261 262#ifdef TCP_SORECEIVE_STREAM 263static int tcp_soreceive_stream = 0; 264SYSCTL_INT(_net_inet_tcp, OID_AUTO, soreceive_stream, CTLFLAG_RDTUN, 265 &tcp_soreceive_stream, 0, "Using soreceive_stream for TCP sockets"); --- 58 unchanged lines hidden (view full) --- 324 return (0); 325} 326 327void 328tcp_init(void) 329{ 330 int hashsize; 331 | 256SYSCTL_VNET_INT(_net_inet_tcp_inflight, OID_AUTO, stab, CTLFLAG_RW, 257 &VNET_NAME(tcp_inflight_stab), 0, 258 "Inflight Algorithm Stabilization 20 = 2 packets"); 259 260#ifdef TCP_SORECEIVE_STREAM 261static int tcp_soreceive_stream = 0; 262SYSCTL_INT(_net_inet_tcp, OID_AUTO, soreceive_stream, CTLFLAG_RDTUN, 263 &tcp_soreceive_stream, 0, "Using soreceive_stream for TCP sockets"); --- 58 unchanged lines hidden (view full) --- 322 return (0); 323} 324 325void 326tcp_init(void) 327{ 328 int hashsize; 329 |
332 V_blackhole = 0; 333 V_tcp_delack_enabled = 1; 334 V_drop_synfin = 0; 335 V_tcp_do_rfc3042 = 1; 336 V_tcp_do_rfc3390 = 1; 337 V_tcp_do_ecn = 0; 338 V_tcp_ecn_maxretries = 1; 339 V_tcp_insecure_rst = 0; 340 V_tcp_do_autorcvbuf = 1; 341 V_tcp_autorcvbuf_inc = 16*1024; 342 V_tcp_autorcvbuf_max = 256*1024; 343 V_tcp_do_rfc3465 = 1; 344 V_tcp_abc_l_var = 2; 345 346 V_tcp_mssdflt = TCP_MSS; 347#ifdef INET6 348 V_tcp_v6mssdflt = TCP6_MSS; 349#endif 350 V_tcp_minmss = TCP_MINMSS; 351 V_tcp_do_rfc1323 = 1; 352 V_icmp_may_rst = 1; 353 V_tcp_isn_reseed_interval = 0; 354 V_tcp_inflight_enable = 1; 355 V_tcp_inflight_min = 6144; 356 V_tcp_inflight_max = TCP_MAXWIN << TCP_MAX_WINSHIFT; 357 V_tcp_inflight_stab = 20; 358 359 V_path_mtu_discovery = 1; 360 V_ss_fltsz = 1; 361 V_ss_fltsz_local = 4; 362 V_tcp_do_newreno = 1; 363 V_tcp_do_tso = 1; 364 V_tcp_do_autosndbuf = 1; 365 V_tcp_autosndbuf_inc = 8*1024; 366 V_tcp_autosndbuf_max = 256*1024; 367 368 V_nolocaltimewait = 0; 369 370 V_tcp_do_sack = 1; 371 V_tcp_sack_maxholes = 128; 372 V_tcp_sack_globalmaxholes = 65536; 373 V_tcp_sack_globalholes = 0; 374 375 V_tcp_inflight_rttthresh = TCPTV_INFLIGHT_RTTTHRESH; 376 377 TUNABLE_INT_FETCH("net.inet.tcp.sack.enable", &V_tcp_do_sack); 378 | |
379 hashsize = TCBHASHSIZE; 380 TUNABLE_INT_FETCH("net.inet.tcp.tcbhashsize", &hashsize); 381 if (!powerof2(hashsize)) { 382 printf("WARNING: TCB hash size not a power of 2\n"); 383 hashsize = 512; /* safe default */ 384 } 385 in_pcbinfo_init(&V_tcbinfo, "tcp", &V_tcb, hashsize, hashsize, 386 "tcp_inpcb", tcp_inpcb_init, NULL, UMA_ZONE_NOFREE); 387 | 330 hashsize = TCBHASHSIZE; 331 TUNABLE_INT_FETCH("net.inet.tcp.tcbhashsize", &hashsize); 332 if (!powerof2(hashsize)) { 333 printf("WARNING: TCB hash size not a power of 2\n"); 334 hashsize = 512; /* safe default */ 335 } 336 in_pcbinfo_init(&V_tcbinfo, "tcp", &V_tcb, hashsize, hashsize, 337 "tcp_inpcb", tcp_inpcb_init, NULL, UMA_ZONE_NOFREE); 338 |
339 V_tcp_inflight_rttthresh = TCPTV_INFLIGHT_RTTTHRESH; 340 |
|
388 /* 389 * These have to be type stable for the benefit of the timers. 390 */ 391 V_tcpcb_zone = uma_zcreate("tcpcb", sizeof(struct tcpcb_mem), 392 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); 393 uma_zone_set_max(V_tcpcb_zone, maxsockets); | 341 /* 342 * These have to be type stable for the benefit of the timers. 343 */ 344 V_tcpcb_zone = uma_zcreate("tcpcb", sizeof(struct tcpcb_mem), 345 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); 346 uma_zone_set_max(V_tcpcb_zone, maxsockets); |
347 |
|
394 tcp_tw_init(); 395 syncache_init(); 396 tcp_hc_init(); 397 tcp_reass_init(); | 348 tcp_tw_init(); 349 syncache_init(); 350 tcp_hc_init(); 351 tcp_reass_init(); |
352 353 TUNABLE_INT_FETCH("net.inet.tcp.sack.enable", &V_tcp_do_sack); |
|
398 V_sack_hole_zone = uma_zcreate("sackhole", sizeof(struct sackhole), 399 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); 400 401 /* Skip initialization of globals for non-default instances. */ 402 if (!IS_DEFAULT_VNET(curvnet)) 403 return; 404 405 /* XXX virtualize those bellow? */ --- 1957 unchanged lines hidden --- | 354 V_sack_hole_zone = uma_zcreate("sackhole", sizeof(struct sackhole), 355 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE); 356 357 /* Skip initialization of globals for non-default instances. */ 358 if (!IS_DEFAULT_VNET(curvnet)) 359 return; 360 361 /* XXX virtualize those bellow? */ --- 1957 unchanged lines hidden --- |