Use struct ipsec_level within inpcb.

Instead of passing around u_char[4], introduce struct ipsec_level
that contains 4 ipsec levels. This provides better type safety.
The embedding struct inpcb is globally visible for netstat(1), so
put struct ipsec_level outside of #ifdef _KERNEL.

OK deraadt@ mvs@

Split single TCP inpcb table into IPv4 and IPv6 parts.

With two separate TCP hash tables, each one becomes smaller. When
we remove the exclusive net lock from TCP, contention on internet
PCB table mutex will be reduced. UDP has been split earlier into
IPv4 and IPv6. Replace branch conditions based on INP_IPV6 with
assertions.

OK mvs@

Merge struct route and struct route_in6.

Use a common struct route for both inet and inet6. Unfortunately
struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has
to be exposed from net/route.h. Struct route has to be bsd visible
for userland as netstat kvm code inspects inp_route. Internet PCB
and TCP SYN cache can use a plain struct route now. All specific
sockaddr types for inet and inet6 are embeded there.

OK claudio@

Remove include netinet6/ip6_var.h from netinet/in_pcb.h.

OK mvs@

Use more specific sockaddr type for inpcb notify.

in_pcbnotifyall() is an IPv4 only function. All callers check that
sockaddr dst is in fact a sockaddr_in. Pass the more spcific type
and remove the runtime check at beginning of in_pcbnotifyall().
Use const sockaddr_in in in_pcbnotifyall() and const sockaddr_in6
in6_pcbnotify() as dst parameter.

OK millert@

Declare address parameter in TCP SYN cache const.

tcp6_ctlinput() casted a constant sockaddr_sin6 to non-const sockaddr.
sa6_src may be &sa6_any which lives in read-only data section.
Better pass down the const addresses to syn_cache_lookup(). They
are needed for hash lookup and are not modified.

OK mvs@

Fix white spaces in TCP.

Document inp_socket as immutable and remove NULL checks.

Struct inpcb field inp_socket is initialized in in_pcballoc(). It
is not NULL and never changed.

OK mvs@

Remove inp parameter from ip_output().

ip_output() received inp as parameter. This is only used to lookup
the IPsec level of the socket. Reasoning about MP locking is much
easier if only relevant data is passed around. Convert ip_output()
to receive constant inp_seclevel as argument and mark it as protected
by net lock.

OK mvs@

Convert tcp_now() time counter to 64 bit.

After changing tcp now tick to milliseconds, 32 bits will wrap
around after 49 days of uptime. That may be a problem in some
places of our stack. Better use a 64 bit counter.

As timestamp option is 32 bit in TCP protocol, use the lower 32 bit
there. There are casts to 32 bits that should behave correctly.

Start with random 63 bit offset to avoid uptime leakage. 2^63
milliseconds result in 2.9*10^8 years of possible uptime.

OK yasuoka@

Implement TCP send offloading, for now in software only. This is
meant as a fallback if network hardware does not support TSO. Driver
support is still work in progress. TCP output generates large
packets. In IP output the packet is chopped to TCP maximum segment
size. This reduces the CPU cycles used by pf. The regular output
could be assisted by hardware later, but pf route-to and IPsec needs
the software fallback in general.
For performance comparison or to workaround possible bugs, sysctl
net.inet.tcp.tso=0 disables the feature. netstat -s -p tcp shows
TSO counter with chopped and generated packets.
based on work from jan@
tested by jmc@ jan@ Hrvoje Popovski
OK jan@ claudio@

Modify TCP receive buffer size auto scaling to use the smoothed RTT
(SRTT) instead of the timestamp option. Since the timestamp option is
disabled on some OSs (eg. Windows) or dropped by some
firewalls/routers, in such a case the window size had been fixed at
16KB, this limits throughput at very low on high latency networks.
Also replace "tcp_now" from 2HZ tick counter to binuptime in
milliseconds to calculate the SRTT better.

tested by krw matthieu jmatthew dlg djm stu stsp
ok claudio

System calls should not fail due to temporary memory shortage in
malloc(9) or pool_get(9).
Pass down a wait flag to pru_attach(). During syscall socket(2)
it is ok to wait, this logic was missing for internet pcb. Pfkey
and route sockets were already waiting.
sonewconn() must not wait when called during TCP 3-way handshake.
This logic has been preserved. Unix domain stream socket connect(2)
can wait until the other side has created the socket to accept.
OK mvs@

Initialize TCP mutex forgotten in previous commit.
found by Hrvoje Popovski with witness; OK mvs@

Use a mutex to update tcp_maxidle, tcp_iss, and tcp_now. This
removes pressure from the exclusive netlock in tcp_slowtimo().
Reading is done atomically. Ensure that the tcp_now value is read
only once per function to provide consistent time.
OK yasuoka@

Refactor internet PCB lookup function. Rename in_pcbhashlookup()
so the public API is in_pcblookup() and in_pcblookup_listen(). For
internal use introduce in_pcbhash_insert() and in_pcbhash_lookup()
to avoid code duplication. Routing domain is unsigned, change the
type to u_int.
OK mvs@

To make protocol input functions MP safe, internet PCB need protection.
Use their reference counter in more places.
The in_pcb lookup functions hold the PCBs in hash tables protected
by table->inpt_mtx mutex. Whenever a result is returned, increment
the ref count before releasing the mutex. Then the inp can be used
as long as neccessary. Unref it at the end of all functions that
call in_pcb lookup.
As a shortcut, pf may also hold a reference to the PCB. When
pf_inp_lookup() returns it, it also incements the ref count and the
caller can handle it like the inp from table lookup.
OK sashan@

The return value of in6_pcbnotify() is never used. Make it a void
function.
OK gnezdo@ mvs@ florian@ sashan@

spelling
ok jmc@ reads ok tb@

Do not call ip_deliver() recursively from IPsec. As there is no
crypto task anymore, it is possible to return the next protocol.
Then ip_deliver() will walk the header chain in its loop.
IPsec bridge(4) tested by jan@
OK mvs@ tobhe@ jan@

There is an m_pullup() down in AH input. As it may free or change
the mbuf, the callers must be careful. Although there is no bug,
use the common pattern to handle this. Pass down an mbuf pointer
mp and let m_pullup() update the pointer in all callers.
It looks like the tcp signature functions should not be called.
Avoid an mbuf leak and return an error.
OK mvs@

The function ipip_output() was registered as .xf_output() xform
function. But was is never called via this pointer. It would have
immediatley crashed as mp is always NULL when called via .xf_output().
Do not set .xf_output to ipip_output. This allows to pass only the
parameters which are actually needed and the control flow is clearer.
OK mpi@

Resend the TCP packet only if the MTU locked flag appears at the
route and was not there before. This should prevent a recursion
in path MTU discovery with TCP over IPsec.
reported and tested Matthias Schmidt; tested and OK tobhe@

The xformsw array never changes. Declare struct xformsw constant
and map data read only.
OK deraadt@ mvs@ mpi@

For path MTU discovery tcp_mtudisc() should resend a TCP packet by
calling tcp_output() if the TCP maximum segment size changes. But
that did not work, as the new value was compared before tcp_mss()
had a chance to modify it. Move the comparison and change it from
not equal to greater than. It makes only sense to resend a packet
immediately if it becomes smaller and is more likely to fit.
OK sashan@ tobhe@

we don't have to cast to caddr_t when calling m_copydata anymore.

the first cut of this diff was made with coccinelle using this spatch:

@rule@
type caddr_t;
expression m, off, len, cp;
@@
-m_copydata(m, off, len, (caddr_t)cp)
+m_copydata(m, off, len, cp)

i had fix it's opinionated idea of formatting by hand though, so
i'm not sure it was worth it.

ok deraadt@ bluhm@

netinet: tcp_close(): delay reaper timeout by one tick

Zero-tick timeouts rely on implicit behavior in the timeout layer that
inhibits optimizations in softclock().

bluhm@ says waiting a tick for the reaper shouldn't break anything.

ok bluhm@

Revert the inpcb table mutex commit. It triggers a witness panic
in raw IP delivery and UDP broadcast loops. There inpcbtable_mtx
is held and sorwakeup() is called within the loop. As sowakeup()
grabs the kernel lock, we have a lock ordering problem.
found by Hrvoje Popovski; OK deraadt@ mpi@

As a step towards per inpcb or socket locks, remove the net lock
for netstat -a. Introduce a global mutex that protects the tables
and hashes for the internet PCBs. To detect detached PCB, set its
inp_socket field to NULL. This has to be protected by a per PCB
mutex. The protocol pointer has to be protected by the mutex as
netstat uses it.
Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify()
before the table mutex to avoid lock ordering problems in the notify
functions.
OK visa@

Use mbuf (not cluster) always for t_template of tcpcb.

ok bluhm

Historically there were slow and fast tcp timeouts. That is why
the delack timer had a different implementation. Use the same
mechanism for all TCP timer.
OK mpi@ visa@

Use memcpy on freshly allocated memory and add the free size.

OK millert@

Refactor tcp_mtudisc() like NetBSD did. Do the route lookup only
if the tcpcb exits.
OK mpi@

The TCP reaper timeout was still imlemented as soft timeout. So
it could run immediately and was not synchronized with the TCP
timeouts, although that was the intension when it was introduced
in revision 1.85. Convert the reaper to an ordinary TCP timeout
so it is scheduled on the same timeout thread after all timeouts
have finished. A net lock is not necessary as the process calling
tcp_close() will not access the tcpcb after arming the reaper
timeout.
OK mikeb@

Initialize tcp_secret in tcp_init

The initialization of a secret SHA256 context for generating TCP
initial sequence numbers is moved out of tcp_set_iss_tsm used to
set up ISN for new connections and into tcp_init, sparing the
need for a global flag.

OK deraadt, visa, mpi

Unconditionally enable TCP selective acknowledgements (SACK)

OK deraadt, mpi, visa, job

Assert that the corresponding socket is locked when manipulating socket
buffers.

This is one step towards unlocking TCP input path. Note that all the
functions asserting for the socket lock are not necessarilly MP-safe.
All the fields of 'struct socket' aren't protected.

Introduce a new kernel-only kqueue hint, NOTE_SUBMIT, to be able to
tell when a filter needs to lock the underlying data structures. Logic
and name taken from NetBSD.

Tested by Hrvoje Popovski.

ok claudio@, bluhm@, mikeb@

Merge the content of <netinet/tcpip.h> and <netinet6/tcpipv6.h> in
<netinet/tcp_debug.h>.

The IPv6 variant was always included and the IPv4 version is not
present on all systems.

Most of the offending ports are already fixed, thanks to sthen@!

Convert diagnostic panic to compile time assert in tcp6_ctlinput().
No binary change.
OK mpi@

Introduce sstosa() for converting sockaddr_storage with a type safe
inline function instead of casting it to sockaddr. While there,
use inline instead of __inline for all these conversions. Some
struct sockaddr casts can be avoided completely.
OK dhill@ mpi@

Use the rt_rmx defines that hide the struct rt_kmetrics indirection.
No binary change.
OK mpi@

percpu counters for TCP stats

ok mpi@ bluhm@

Reduce the difference between struct protosw and ip6protosw. The
IPv4 pr_ctlinput functions did return a void pointer that was always
NULL and never used. Make all functions void like in the IPv6 case.
OK mpi@

Remove NULL checks before m_free(9), it deals with it.

ok bluhm@, kettenis@

No need for splsoftnet()/splx() dance around a pool_put() if the pool
has IPL_SOFTNET as ipl.

ok mikeb@, kettenis@

ANSIfy netinet/; from David Hill

all pools have their ipl set via pool_setipl, so fold it into pool_init.

the ioff argument to pool_init() is unused and has been for many
years, so this replaces it with an ipl argument. because the ipl
will be set on init we no longer need pool_setipl.

most of these changes have been done with coccinelle using the spatch
below. cocci sucks at formatting code though, so i fixed that by hand.

the manpage and subr_pool.c bits i did myself.

ok tedu@ jmatthew@

@ipl@
expression pp;
expression ipl;
expression s, a, o, f, m, p;
@@
-pool_init(pp, s, a, o, f, m, p);
-pool_setipl(pp, ipl);
+pool_init(pp, s, a, ipl, f, m, p);

pool_setipl for various netinet and netinet6 bits

thank you to everyone who helped reviewed these diffs

ok mpi@

Reduce the factor of the limits derived form NMBCLUSTERS. We want
the additional clusters in the socket buffer and not elsewhere.
OK claudio@

Use 'sc_route{4,6}' directly instead of casting them to 'struct route *'.

This is another little step towards deprecating 'struct route{,_in6}'.

ok florian@

Sync no-argument function declaration and definition by adding (void).
ok mpi@ millert@

Ignore Router Advertisment's current hop limit.

Appart from the usual inet6 axe murdering exercise to keep you fit, this
allows us to get rid of a lot of layer violation due to the use of per-
ifp variables to store the current hop limit.

Imputs from bluhm@, ok phessler@, florian@, bluhm@

add a comment above the rfc1948 code that mentions the rfc so it's easy to find

Kill yet another argument to functions in IPv6. This time ip6_output's
ifpp - XXX: just for statistics
ifpp is always NULL in all callers so that statistic confirms ifpp is
dying
OK mpi@

Replace sockaddr casts with the proper satosin(), ... calls.
From David Hill; OK mpi@; tested kspillner@; tweaks bluhm@

The syn cache is completely implemented in tcp_input.c. So all its
global variables should also live there.
OK markus@

Rename the syn cache counter into tcp_syn_cache_count to have the
same prefix for all variables. Convert the counter type to int,
the limit is also int. Before searching the cache, check that it
is not empty. Do not access the counter outside of the syn cache
from tcp_ctlinput(), let the syn_cache_lookup() function handle it.
OK dlg@

Expand ancient NTOHL/NTOHS/HTONS/HTONL macros.

ok guenther@, henning@

Store a unique ID, an interface index, rather than a pointer to the
receiving interface in the packet header of every mbuf.

The interface pointer should now be retrieved when necessary with
if_get(). If a NULL pointer is returned by if_get(), the interface
has probably been destroy/removed and the mbuf should be freed.

Such mechanism will simplify garbage collection of mbufs and limit
problems with dangling ifp pointers.

Tested by jmatthew@ and krw@, discussed with many.

ok mikeb@, bluhm@, dlg@

test mbuf pointers against NULL not 0
ok krw@ miod@

Include the timestamp TCP option in keep alive packets as well.

According to RFC 7323 "once TSopt has been successfully negotiated,
... [it] MUST be sent in every non-<RST> segment for the duration
of the connection." Which means that keep alives which are just
ACK packets must include that too.

Pointed out and tested by Lauri Tirkkonen <lotheac at iki ! fi>, thanks!
ok mpi

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

unifdef INET in net code as a precursor to removing the pretend option.
long live the one true internet.
ok henning mikeb

move arc4random prototype to systm.h. more appropriate for most code
to include that than rdnvar.h. ok deraadt dlg

remove now unnecessary casts from hash update calls.

Let's just call a rdomain a rdomain.

ok dlg@

mix the rtable into the hash for tcp sequence number generation.

ok tedu@ claudio@

Remove "pl" suffix on pool names.

ok dlg@, uebayasi@, mikeb@

use sha512 instead of md5 for tcp isn. ok deraadt

Fewer <netinet/in_systm.h> !

Resize the pcb hashtable automatically. The table size will be doubled
when the number of the hash entries reaches 75% of the table size.

ok dlg henning, 'commit in' claudio

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

ip_output() using varargs always struck me as bizarre, esp since it's only
ever used to pass on uint32 (for ipsec). stop that madness and just pass
the uint32, 0 in all cases but the two that pass the ipsec flowinfo.
ok deraadt reyk guenther

we'll do fine without casting NULL to struct foo * / void *
ok gcc & md5 (alas, no binary change)

tcp_respond: let the stack worry about the cksum instead of doing it
manually, ok naddy (in january)

"struct pkthdr" holds a routing table ID, not a routing domain one.
Avoid the confusion by using an appropriate name for the variable.

Note that since routing domain IDs are a subset of the set of routing
table IDs, the following idiom is correct:

rtableid = rdomain

But to get the routing domain ID corresponding to a given routing table
ID, you must call rtable_l2(9).

claudio@ likes it, ok mikeb@

Remove the number of in6_var.h inclusions by moving some functions and
global variables to in6.h.

ok deraadt@

Remove the number of in_var.h inclusions by moving some functions and
global variables to in.h.

ok mikeb@, deraadt@

Sprinkle a lot more IPv6 routing domains support in the kernel.

Mostly mechanical, setting and passing the rdomain and rtable correctly.
Not yet enabled.

Lots of help and hints from claudio and bluhm

OK claudio@, bluhm@

Put a large chunk of the IPv6 rdomain support in-tree.

Still some important missing pieces, and this is not yet enabled.

OK bluhm@

make in_proto_cksum_out not rely on the pseudo header checksum to be
already there, just compute it - it's dirt cheap. since that happens
very late in ip_output, the rest of the stack doesn't have to care about
checksums at all any more, if something needs to be checksummed, just
set the flag on the pkthdr mbuf to indicate so.
stop pre-computing the pseudo header checksum and incrementally updating it
in the tcp and udp stacks.
ok lteo florian

Pass the routing domain to IPv6 pr_ctlinput() like in IPv4.
OK claudio@

The function rip6_ctlinput() claims that sa6_src is constant to
allow the assingment of &sa6_any. But rip6_ctlinput() could not
guarantee that as it casted away the const attribute when it passes
the pointer to in6_pcbnotify(). Replace sockaddr with const
sockaddr_in6 in the in6_pcbnotify() parameters. This reduces the
number of casts. Also adjust in6_pcbhashlookup() to handle the
const attribute correctly.
Input and OK claudio@

Remove various external variable declaration from sources files and
move them to the corresponding header with an appropriate comment if
necessary.

ok guenther@

Use macros sotoinpcb() and intotcpcb() instead of casts. Use NULL
instead of 0 for pointers. No binary change.
OK mpi@

code that calls timeout functions should include timeout.h
slipped by on i386, but the zaurus doesn't automagically pick it up.
spotted by patrick

no need for a lot of code to include proc.h

change the malloc(9) flags from M_DONTWAIT to M_NOWAIT; OK millert@

Increase TCP's initial window to 10 * MSS or 14600 bytes as proposed in
draft-ietf-tcpm-initcwnd. net.inet.tcp.rfc3390 defaults to 2 now which
uses the 10*MSS, setting it back to 1 brings back the old default of 4*MSS.
OK sperreault@, henning@, sthen@, markus@

for key material that is being being discarded, convert bzero() to
explicit_bzero() where required
ok markus mikeb

Fix the naming of interfaces and variables for rdomains and rtables
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.

Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.

Written by claudio@, criticized^Wcritiqued by me

Replace pool_get() + bzero() with pool_get(..., PR_ZERO).

With input from oga@ and krw@

ok oga@ krw@ thib@ markus@ mk@

Extend the protosw pr_ctlinput function to include the rdomain. This is
needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@

rtables are stacked on rdomains (it is possible to have multiple routing
tables on top of a rdomain) but until now our code was a crazy mix so that
it was impossible to correctly use rtables in that case. Additionally pf(4)
only knows about rtables and not about rdomains. This is especially bad when
tracking (possibly conflicting) states in various domains.
This diff fixes all or most of these issues. It adds a lookup function to
get the rdomain id based on a rtable id. Makes pf understand rdomains and
allows pf to move packets between rdomains (it is similar to NAT).
Because pf states now track the rdomain id as well it is necessary to modify
the pfsync wire format. So old and new systems will not sync up.
A lot of help by dlg@, tested by sthen@, jsg@ and probably more
OK dlg@, mpf@, deraadt@

sockets created via a listening socket lose the rdomain and fail to work
therefore. Inherit the rdomain through the syncache.
There are some interactions that need some more work (ctlinput) so this
can be improved but is good enough for now.
OK markus@

Initial support for routing domains. This allows to bind interfaces to
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@

rename arc4random_bytes => arc4random_buf to match libc's nicer name;
ok deraadt@

remove tcp_drain code since it's not longer used; ok henning, feedback thib

remove old unused TCP isn code; ok henning, dhartmei, mcbride

when creating a response, use the correct TCP header instead of
relying on the mbuf chain layout; with claudio@ and krw@; ok henning@

TCP_COMPAT_42 was last used in 1997. Kill it.
ok millert

arc4random_bytes() is the preferred interface for generating nonces;
"looks ok" markus@

since the
MGET* macros were changed to function calls, there wasn't any
need for the pool declarations and the inclusion of pool.h
From: tbert <bret.lambert@gmail.com>

branches: 1.98.2;
merge tcp_set_iss() and tcp_set_tsm(); ok mcbride, djm (on earlier version)

Drop the current random timestamps and the current ISN generation
code and replace both with a RFC1948 based method, so TCP clients
now have monotonic ISN/timestamps. The server side uses completely
random ISN/timestamps and does time-wait recycling (on port reuse).
ok djm@, mcbride@; thanks to lots of testers

apply the "skip ipsec if there are no flows" speedup diff to IPv6 too.
we need a pointer to the inpcb to decide, which was not previously
passed to ip6_output, so this diff is a little bigger.
from itojun, ok ryan

tcp_iss usage is ifdef TCP_COMPAT_42, so the variable decl can be too

variables used by #ifdef code should be inside #ifdef too

branches: 1.93.4;
With the exception of two other small uncommited diffs this moves
the remainder of the network stack from splimp to splnet.

ok miod@

Enable RFC3390 by default and remove a few compile time options which
can be changed via sysctl's.

ok markus@

change the TCP reass queue from LIST to TAILQ;
ok henning claudio fgsch krw

implement PMTU checks from
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
i.e. don't act on ICMP-need-frag immediately if adhoc checks on the
advertised mtu fail. the mtu update is delayed until a tcp retransmit
happens. initial patch by Fernando Gont, tested by many.

Ignore ICMP Source Quench messages meant for TCP connections. (Details in
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html)
ok markus frantzen

- check th_ack against snd_una/max; from Raja Mukerji via hugh@
- limit pool to tcp_sackhole_limit entries (sysctl-able)
- stop sack option processing on pool_get errors
- use SEQ_MIN/SEQ_MAX
ok henning, hshoexer, deraadt

1. tcp_xmit_timer(): remove extra rtt decrement (t_rtttime is 0-based
while t_rtt was 1-based), update callers
2. define and use TCP_RTT_BASE_SHIFT instead of the hardcoded 2.
3. add missing shifts when t_srtt/t_rttvar are used.
4. update the comments: t_srtt uses 5 bits of fraction (not 3)
and t_rttvar uses 4 bits
5. remove obsolete/unused macros TCP_RTT_SCALE and TCP_RTTVAR_SCALE
6. make sure rttmin is not > TCPTV_REXMTMAX
parts from netbsd, ok mcbride, henning

Make sure bogus values don't make their way into tcp_xmit_timer() calculations.
- Ignore ts_ecr if it is 0, or the resulting rtt is out of range.
(use tp->t_rtttime instead)
- Initialise tcp_now to 1, to avoid the 500ms window where a valid ts_ecr
of 0 could be ignored.
- Convert out-of-range rtt values to valid ones in tcp_xmit_timer().

ok frantzen@ markus@

fix for race between invocation for timer and network input
1) add a reaper for TCP and SYN cache states (cf. netbsd pr 20390)
2) additional check for TCP_TIMER_ISARMED(TCPT_REXMT) in tcp_timer_persist()
with mickey@; ok deraadt@

Modulate tcp_now by a random amount on a per-connection basis.

ok markus@ frantzen@

branches: 1.83.2;
verify th_seq in icmp errors; report Fernando Gont; ok mcbride@, dhartmei@

First step towards more sane time handling in the kernel -- this changes
things such that code that only need a second-resolution uptime or wall
time, and used to get that from time.tv_secs or mono_time.tv_secs now get
this from separate time_t globals time_second and time_uptime.

ok art@ niklas@ nordin@

factor out md5 code; ok+tests henning@, djm@, hshoexer@

Replace RSA-derived md5 code with code derived from Colin Plumb's PD version.
This moves md5.c out of libkern and into sys/crypto where it belongs (as
requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it).
Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@

The tcp specific routing metrics are almost never used so reduce the routing
table from these metrics. struct rt_msghdr used by the routing socket is not
affected and so most userland apps don't need to be changed.
some man page polishing by jmc@
OK henning@ markus@ theo@

- allow the user to force the TCP mss below the fail-safe 216 with a low
interface MTU.
- break a tcp_output() -> tcp_mtudisc() -> tcp_output() infinite recursion
when the TCP mss ends up larger than the interface MTU (when the if_mtu is
smaller than the tcp header). connections will still stall
feedback from itojun@, claudio@ and provos and testing from beck@

branches: 1.77.2;
limit total number of queued out-of-order packets to NMBCLUSTERS/2; ok mcbride

implement tcp_drain() similar to ip_drain(); ok mcbride@

!sack_disable -> sack_enable; ok deraadt@

support for RFC3390 (Increasing TCP's Initial Window); ok deraadt, itojun

don't restrict tcp signature keys to ascii; ok mcbride

import netbsd's version of David Borman's syncache code
http://www.kohala.com/start/borman.97jun06.txt; ok deraadt@, henning@

de-register. deraadt ok

add in(6)_pcblookup_listen() and replace all calls to in_pcblookup()
with either in(6)_pcbhashlookup() or in(6)_pcblookup_listen();
in_pcblookup is now only used by bind(2); speeds up pcb lookup for
listening sockets; from Claudio Jeker

use random number generator to generate IPv6 fragment ID/flowlabel.
cleanup IPv6 flowlabel handling. deraadt ok

branches: 1.68.2;
do not flip ip_len/ip_off in netinet stack. deraadt ok.
(please test, especially PF portion)

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)

branches: 1.65.4;
Fix a problem where passing NULL as a pointer with varargs does not promote
NULL to full 64 bits on a 64 bit address system. Soultion is to add a
(void *) cast before NULL. This makes a 64 bit MIPS kernel work and will
probably help future 64 bit ports as well.

OK from art@

whitespace

avoid is_ipv6 construct. a step towards IPv4-less kernel

bring in ECN support from KAME.
it consists of
- ECN support in TCP
- tunnel-egress and fragment reassembly rules in layer-3 not to lose
congestion info at tunnel-egress and fragment reassembly

to enable ECN in TCP, build a kernel with TCP_ECN, and then,
turn it on by "sysctl -w net.inet.tcp.ecn=1".

ok deraadt@

First round of __P removal in sys

use timeout(9) to schedule TCP timers. this avoid traversing all
tcp connections during tcp_slowtimo. apdapted from thorpej@netbsd.org

disable immediate ack on TH_PUSH. make behaviour sysctl tuneable.
from netbsd; also fix a bug where setting TF_ACKNOW didn't actually
result in an ack.

remove tcp_fasttimo and convert delayed acks to the timeout(9) API instead.
adapated from netbsd. okay angelos@

allocate tcp reassembly queue via pool; based on netbsd; okay art@ angelos@

Pool deals fairly well with physical memory shortage, but it doesn't deal
well (not at all) with shortages of the vm_map where the pages are mapped
(usually kmem_map).

Try to deal with it:
- group all information the backend allocator for a pool in a separate
struct. The pool will only have a pointer to that struct.
- change the pool_init API to reflect that.
- link all pools allocating from the same allocator on a linked list.
- Since an allocator is responsible to wait for physical memory it will
only fail (waitok) when it runs out of its backing vm_map, carefully
drain pools using the same allocator so that va space is freed.
(see comments in code for caveats and details).
- change pool_reclaim to return if it actually succeeded to free some
memory, use that information to make draining easier and more efficient.
- get rid of PR_URGENT, noone uses it.

allocate sackholes with pool

change tcpcb allocation to pool

use macros to manage tcp timers; based on netbsd

branches: 1.52.4;
repair IPv6 TCP. th_sum has to be initialized to 0 on template.
(older code had "th_sum = 0" at the bottom of the function, which was
removed during TCP hardware checksumming change)

zero tcp checksum field before calculating new value.
Fixes problem with bad checksums on keepalives
OK provos@

Pointer arithmetic fixes work better when you get the casting right.

Appease gcc by not using void pointers in arithmetic operations.

Always defer output TCP checksumming until ip_output() (or hardware,
if it exists). Cuts down on code a bit, and we don't need to look at
the routing entry at TCP. Based on NetBSD. UDP case to follow.

Add comment on why checksum deferral is not useful in tcp_respond()

Cut down on include files.

repair copyright notices for NRL & cmetz; cmetz

use faster arc4random() in tcp_rndiss_next; niels ok

Match IPSEC output prototypes.

Fix tcp_signature_tdb_input decl; kernel compiles again if TCP_SIGNATURE
option is used. Note that this does not work.

Move offsetof define into sys/param.h

provide a random start for tcp timestamps; niels@ ok

pull in new pcb notification code from kame. better handling of scope address.

correct ipv6 path mtu discovery.

more random tcp sequence numbers. okay deraadt@, angelos@

nuke #ifdef TCP6 (no longer supported).
validate ICMPv6 too big messages (pmtud) based on pcb. we accept
certain amount of non-validated ones, as IPv6 mandates ICMPv6 (so even for
traffic from unconnected pcb, we need pmtud).
sync with kame

validate mbuf chain length on *_ctlinput. remote node may be able to
transmit a truncated icmp6 packet and panic the system. sync with kame.

verify payload of the icmp need fragment message at the tcp layer. okay itojun@

on expiry of pmtu route, retry higher mtu. okay angelos@

correctly calculate mss

Path MTU discovery based on NetBSD but with the decision to use the DF
flag delayed to ip_output(). That halves the code and reduces most of
the route lookups. okay deraadt@

forgot to reset rscale

compute correct window scale when recvpipe option is set in route; based
on diff from "Pete Kazmier" <pete@kazmier.com>

more cleanup for IPv4 mapped address support. there seem to be some
inconsistency in corner cases (from NRL I believe).
todd (fries) and I have seen panic, with the following call chain:
ip6_input -> tcp_input -> tcp_respond -> ip_input -> bang!

more cleanups should be done, to decrease complexity.
for example, INP_IPV6_MAPPED should be nuked.

Make the definition of tcpstat in tcp_var.h extern.

correctly handle ctlinput messages for IPv6.

Fix function to comply with prototype. Kind of moot, as tcp signatures
don't work yet anyhow, so there's no point compiling them in.

ensure tcp window size does not overflow (16bit unsigned after window scale).
FreeBSD PR: 16914

branches: 1.23.2;
fix _input/_output proto changes for tcp_signature; angelos@ ok

enable SACK again

bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

Get rid of unnecessary third argument in *_output routines of IPsec.

Disable SACK for now, it has problems, deraadt@

Added support for TCP MD5 option (RFC 2385).

Removed bogus ifdef/define lines that resulted from an over-aggressive M-x.

Fixed a #ifdef defined()... typo that turned into a compilation failure.

Significant cleanups in the way TCP is made to handle multiple network
protocols.

"struct tcpiphdr" is now gone from much of the code, as are separate pointers
for ti and ti6. The result is fewer variables, which is generally a good thing.

Simple if(is_ipv6) ... else ... tests are gone in favor of a
switch(protocol family), which allows future new protocols to be added easily.
This also makes it possible for someone so inclined to re-implement TUBA (TCP
over CLNP?) and do it right instead of the kluged way it was done in 4.4.

The TCP header template is now referenced through a mbuf rather than done
through a data pointer and dtom()ed as needed. This is partly because dtom() is
evil and partly because max_linkhdr + IPv6 + TCP + MSS/TS/SACK opts won't fit
inside a packet header mbuf, so we need to grab a cluster for that (which the
code now does, if needed).

inet6 indent

netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetz

NewReno, SACK and FACK support for TCP, adapted from code for BSDI
by Hari Balakrishnan (hari@lcs.mit.edu), Tom Henderson (tomh@cs.berkeley.edu)
and Venkat Padmanabhan (padmanab@cs.berkeley.edu) as part of the
Daedalus research group at the University of California,
(http://daedalus.cs.berkeley.edu). [I was able to do this on time spent
at the Center for Information Technology Integration (citi.umich.edu)]

- fix three bugs pointed out in Stevens, i.a. updating timestamps correctly
- fix a 4.4bsd-lite2 bug, when tcp options are present the maximum segment
size is not updated correctly, so that fast recovery forces out a segment
which is split in two segments by tcp_output(), the fix is adpated from
FreeBSD, the effective mss is recorded after option negotiation in 3way
handshake.
[I was able to fix this on time spent at Center for Information Technology
Integration (citi.umich.edu)]

first step to the setsockopt/getsockopt interface as described in
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal
userland key management applications when security services are requested.
this is only for outgoing connections at the moment, incoming packets
are not yet checked against the selected socket policy.

indent

use arc4random()

Remove random() prototype, as it's not needed. Besides it was wrong for the alpha :-)

Make TCP ISS increment by random amounts

remove unnecessary "XXX it should be sysctl()'ed"

fix NetBSD PR#854.
allow to overwrite rfc1323 option in config file.

From NetBSD: 960217 merge

from netbsd:
make netinet work on systems where pointers and longs are 64 bits
(like the alpha). Biggest problem: IP headers were overlayed with
structure which included pointers, and which therefore didn't overlay
properly on 64-bit machines. Solution: instead of threading pointers
through IP header overlays, add a "queue element" structure to do
the threading, and point it at the ip headers.

branches: 1.1.1;
Initial revision

Split single TCP inpcb table into IPv4 and IPv6 parts.

With two separate TCP hash tables, each one becomes smaller. When
we remove the exclusive net lock from TCP, contention on internet
PCB table mutex will be reduced. UDP has been split earlier into
IPv4 and IPv6. Replace branch conditions based on INP_IPV6 with
assertions.

OK mvs@

Merge struct route and struct route_in6.

Use a common struct route for both inet and inet6. Unfortunately
struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has
to be exposed from net/route.h. Struct route has to be bsd visible
for userland as netstat kvm code inspects inp_route. Internet PCB
and TCP SYN cache can use a plain struct route now. All specific
sockaddr types for inet and inet6 are embeded there.

OK claudio@

Remove include netinet6/ip6_var.h from netinet/in_pcb.h.

OK mvs@

Use more specific sockaddr type for inpcb notify.

in_pcbnotifyall() is an IPv4 only function. All callers check that
sockaddr dst is in fact a sockaddr_in. Pass the more spcific type
and remove the runtime check at beginning of in_pcbnotifyall().
Use const sockaddr_in in in_pcbnotifyall() and const sockaddr_in6
in6_pcbnotify() as dst parameter.

OK millert@

Declare address parameter in TCP SYN cache const.

tcp6_ctlinput() casted a constant sockaddr_sin6 to non-const sockaddr.
sa6_src may be &sa6_any which lives in read-only data section.
Better pass down the const addresses to syn_cache_lookup(). They
are needed for hash lookup and are not modified.

OK mvs@

Fix white spaces in TCP.

Document inp_socket as immutable and remove NULL checks.

Struct inpcb field inp_socket is initialized in in_pcballoc(). It
is not NULL and never changed.

OK mvs@

Remove inp parameter from ip_output().

ip_output() received inp as parameter. This is only used to lookup
the IPsec level of the socket. Reasoning about MP locking is much
easier if only relevant data is passed around. Convert ip_output()
to receive constant inp_seclevel as argument and mark it as protected
by net lock.

OK mvs@

Convert tcp_now() time counter to 64 bit.

After changing tcp now tick to milliseconds, 32 bits will wrap
around after 49 days of uptime. That may be a problem in some
places of our stack. Better use a 64 bit counter.

As timestamp option is 32 bit in TCP protocol, use the lower 32 bit
there. There are casts to 32 bits that should behave correctly.

Start with random 63 bit offset to avoid uptime leakage. 2^63
milliseconds result in 2.9*10^8 years of possible uptime.

OK yasuoka@

Implement TCP send offloading, for now in software only. This is
meant as a fallback if network hardware does not support TSO. Driver
support is still work in progress. TCP output generates large
packets. In IP output the packet is chopped to TCP maximum segment
size. This reduces the CPU cycles used by pf. The regular output
could be assisted by hardware later, but pf route-to and IPsec needs
the software fallback in general.
For performance comparison or to workaround possible bugs, sysctl
net.inet.tcp.tso=0 disables the feature. netstat -s -p tcp shows
TSO counter with chopped and generated packets.
based on work from jan@
tested by jmc@ jan@ Hrvoje Popovski
OK jan@ claudio@

Modify TCP receive buffer size auto scaling to use the smoothed RTT
(SRTT) instead of the timestamp option. Since the timestamp option is
disabled on some OSs (eg. Windows) or dropped by some
firewalls/routers, in such a case the window size had been fixed at
16KB, this limits throughput at very low on high latency networks.
Also replace "tcp_now" from 2HZ tick counter to binuptime in
milliseconds to calculate the SRTT better.

tested by krw matthieu jmatthew dlg djm stu stsp
ok claudio

System calls should not fail due to temporary memory shortage in
malloc(9) or pool_get(9).
Pass down a wait flag to pru_attach(). During syscall socket(2)
it is ok to wait, this logic was missing for internet pcb. Pfkey
and route sockets were already waiting.
sonewconn() must not wait when called during TCP 3-way handshake.
This logic has been preserved. Unix domain stream socket connect(2)
can wait until the other side has created the socket to accept.
OK mvs@

Initialize TCP mutex forgotten in previous commit.
found by Hrvoje Popovski with witness; OK mvs@

Use a mutex to update tcp_maxidle, tcp_iss, and tcp_now. This
removes pressure from the exclusive netlock in tcp_slowtimo().
Reading is done atomically. Ensure that the tcp_now value is read
only once per function to provide consistent time.
OK yasuoka@

Refactor internet PCB lookup function. Rename in_pcbhashlookup()
so the public API is in_pcblookup() and in_pcblookup_listen(). For
internal use introduce in_pcbhash_insert() and in_pcbhash_lookup()
to avoid code duplication. Routing domain is unsigned, change the
type to u_int.
OK mvs@

To make protocol input functions MP safe, internet PCB need protection.
Use their reference counter in more places.
The in_pcb lookup functions hold the PCBs in hash tables protected
by table->inpt_mtx mutex. Whenever a result is returned, increment
the ref count before releasing the mutex. Then the inp can be used
as long as neccessary. Unref it at the end of all functions that
call in_pcb lookup.
As a shortcut, pf may also hold a reference to the PCB. When
pf_inp_lookup() returns it, it also incements the ref count and the
caller can handle it like the inp from table lookup.
OK sashan@

The return value of in6_pcbnotify() is never used. Make it a void
function.
OK gnezdo@ mvs@ florian@ sashan@

spelling
ok jmc@ reads ok tb@

Do not call ip_deliver() recursively from IPsec. As there is no
crypto task anymore, it is possible to return the next protocol.
Then ip_deliver() will walk the header chain in its loop.
IPsec bridge(4) tested by jan@
OK mvs@ tobhe@ jan@

There is an m_pullup() down in AH input. As it may free or change
the mbuf, the callers must be careful. Although there is no bug,
use the common pattern to handle this. Pass down an mbuf pointer
mp and let m_pullup() update the pointer in all callers.
It looks like the tcp signature functions should not be called.
Avoid an mbuf leak and return an error.
OK mvs@

The function ipip_output() was registered as .xf_output() xform
function. But was is never called via this pointer. It would have
immediatley crashed as mp is always NULL when called via .xf_output().
Do not set .xf_output to ipip_output. This allows to pass only the
parameters which are actually needed and the control flow is clearer.
OK mpi@

Resend the TCP packet only if the MTU locked flag appears at the
route and was not there before. This should prevent a recursion
in path MTU discovery with TCP over IPsec.
reported and tested Matthias Schmidt; tested and OK tobhe@

The xformsw array never changes. Declare struct xformsw constant
and map data read only.
OK deraadt@ mvs@ mpi@

For path MTU discovery tcp_mtudisc() should resend a TCP packet by
calling tcp_output() if the TCP maximum segment size changes. But
that did not work, as the new value was compared before tcp_mss()
had a chance to modify it. Move the comparison and change it from
not equal to greater than. It makes only sense to resend a packet
immediately if it becomes smaller and is more likely to fit.
OK sashan@ tobhe@

we don't have to cast to caddr_t when calling m_copydata anymore.

the first cut of this diff was made with coccinelle using this spatch:

@rule@
type caddr_t;
expression m, off, len, cp;
@@
-m_copydata(m, off, len, (caddr_t)cp)
+m_copydata(m, off, len, cp)

i had fix it's opinionated idea of formatting by hand though, so
i'm not sure it was worth it.

ok deraadt@ bluhm@

netinet: tcp_close(): delay reaper timeout by one tick

Zero-tick timeouts rely on implicit behavior in the timeout layer that
inhibits optimizations in softclock().

bluhm@ says waiting a tick for the reaper shouldn't break anything.

ok bluhm@

Revert the inpcb table mutex commit. It triggers a witness panic
in raw IP delivery and UDP broadcast loops. There inpcbtable_mtx
is held and sorwakeup() is called within the loop. As sowakeup()
grabs the kernel lock, we have a lock ordering problem.
found by Hrvoje Popovski; OK deraadt@ mpi@

As a step towards per inpcb or socket locks, remove the net lock
for netstat -a. Introduce a global mutex that protects the tables
and hashes for the internet PCBs. To detect detached PCB, set its
inp_socket field to NULL. This has to be protected by a per PCB
mutex. The protocol pointer has to be protected by the mutex as
netstat uses it.
Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify()
before the table mutex to avoid lock ordering problems in the notify
functions.
OK visa@

Use mbuf (not cluster) always for t_template of tcpcb.

ok bluhm

Historically there were slow and fast tcp timeouts. That is why
the delack timer had a different implementation. Use the same
mechanism for all TCP timer.
OK mpi@ visa@

Use memcpy on freshly allocated memory and add the free size.

OK millert@

Refactor tcp_mtudisc() like NetBSD did. Do the route lookup only
if the tcpcb exits.
OK mpi@

The TCP reaper timeout was still imlemented as soft timeout. So
it could run immediately and was not synchronized with the TCP
timeouts, although that was the intension when it was introduced
in revision 1.85. Convert the reaper to an ordinary TCP timeout
so it is scheduled on the same timeout thread after all timeouts
have finished. A net lock is not necessary as the process calling
tcp_close() will not access the tcpcb after arming the reaper
timeout.
OK mikeb@

Initialize tcp_secret in tcp_init

The initialization of a secret SHA256 context for generating TCP
initial sequence numbers is moved out of tcp_set_iss_tsm used to
set up ISN for new connections and into tcp_init, sparing the
need for a global flag.

OK deraadt, visa, mpi

Unconditionally enable TCP selective acknowledgements (SACK)

OK deraadt, mpi, visa, job

Assert that the corresponding socket is locked when manipulating socket
buffers.

This is one step towards unlocking TCP input path. Note that all the
functions asserting for the socket lock are not necessarilly MP-safe.
All the fields of 'struct socket' aren't protected.

Introduce a new kernel-only kqueue hint, NOTE_SUBMIT, to be able to
tell when a filter needs to lock the underlying data structures. Logic
and name taken from NetBSD.

Tested by Hrvoje Popovski.

ok claudio@, bluhm@, mikeb@

Merge the content of <netinet/tcpip.h> and <netinet6/tcpipv6.h> in
<netinet/tcp_debug.h>.

The IPv6 variant was always included and the IPv4 version is not
present on all systems.

Most of the offending ports are already fixed, thanks to sthen@!

Convert diagnostic panic to compile time assert in tcp6_ctlinput().
No binary change.
OK mpi@

Introduce sstosa() for converting sockaddr_storage with a type safe
inline function instead of casting it to sockaddr. While there,
use inline instead of __inline for all these conversions. Some
struct sockaddr casts can be avoided completely.
OK dhill@ mpi@

Use the rt_rmx defines that hide the struct rt_kmetrics indirection.
No binary change.
OK mpi@

percpu counters for TCP stats

ok mpi@ bluhm@

Reduce the difference between struct protosw and ip6protosw. The
IPv4 pr_ctlinput functions did return a void pointer that was always
NULL and never used. Make all functions void like in the IPv6 case.
OK mpi@

Remove NULL checks before m_free(9), it deals with it.

ok bluhm@, kettenis@

No need for splsoftnet()/splx() dance around a pool_put() if the pool
has IPL_SOFTNET as ipl.

ok mikeb@, kettenis@

ANSIfy netinet/; from David Hill

all pools have their ipl set via pool_setipl, so fold it into pool_init.

the ioff argument to pool_init() is unused and has been for many
years, so this replaces it with an ipl argument. because the ipl
will be set on init we no longer need pool_setipl.

most of these changes have been done with coccinelle using the spatch
below. cocci sucks at formatting code though, so i fixed that by hand.

the manpage and subr_pool.c bits i did myself.

ok tedu@ jmatthew@

@ipl@
expression pp;
expression ipl;
expression s, a, o, f, m, p;
@@
-pool_init(pp, s, a, o, f, m, p);
-pool_setipl(pp, ipl);
+pool_init(pp, s, a, ipl, f, m, p);

pool_setipl for various netinet and netinet6 bits

thank you to everyone who helped reviewed these diffs

ok mpi@

Reduce the factor of the limits derived form NMBCLUSTERS. We want
the additional clusters in the socket buffer and not elsewhere.
OK claudio@

Use 'sc_route{4,6}' directly instead of casting them to 'struct route *'.

This is another little step towards deprecating 'struct route{,_in6}'.

ok florian@

Sync no-argument function declaration and definition by adding (void).
ok mpi@ millert@

Ignore Router Advertisment's current hop limit.

Appart from the usual inet6 axe murdering exercise to keep you fit, this
allows us to get rid of a lot of layer violation due to the use of per-
ifp variables to store the current hop limit.

Imputs from bluhm@, ok phessler@, florian@, bluhm@

add a comment above the rfc1948 code that mentions the rfc so it's easy to find

Kill yet another argument to functions in IPv6. This time ip6_output's
ifpp - XXX: just for statistics
ifpp is always NULL in all callers so that statistic confirms ifpp is
dying
OK mpi@

Replace sockaddr casts with the proper satosin(), ... calls.
From David Hill; OK mpi@; tested kspillner@; tweaks bluhm@

The syn cache is completely implemented in tcp_input.c. So all its
global variables should also live there.
OK markus@

Rename the syn cache counter into tcp_syn_cache_count to have the
same prefix for all variables. Convert the counter type to int,
the limit is also int. Before searching the cache, check that it
is not empty. Do not access the counter outside of the syn cache
from tcp_ctlinput(), let the syn_cache_lookup() function handle it.
OK dlg@

Expand ancient NTOHL/NTOHS/HTONS/HTONL macros.

ok guenther@, henning@

Store a unique ID, an interface index, rather than a pointer to the
receiving interface in the packet header of every mbuf.

The interface pointer should now be retrieved when necessary with
if_get(). If a NULL pointer is returned by if_get(), the interface
has probably been destroy/removed and the mbuf should be freed.

Such mechanism will simplify garbage collection of mbufs and limit
problems with dangling ifp pointers.

Tested by jmatthew@ and krw@, discussed with many.

ok mikeb@, bluhm@, dlg@

test mbuf pointers against NULL not 0
ok krw@ miod@

Include the timestamp TCP option in keep alive packets as well.

According to RFC 7323 "once TSopt has been successfully negotiated,
... [it] MUST be sent in every non-<RST> segment for the duration
of the connection." Which means that keep alives which are just
ACK packets must include that too.

Pointed out and tested by Lauri Tirkkonen <lotheac at iki ! fi>, thanks!
ok mpi

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

unifdef INET in net code as a precursor to removing the pretend option.
long live the one true internet.
ok henning mikeb

move arc4random prototype to systm.h. more appropriate for most code
to include that than rdnvar.h. ok deraadt dlg

remove now unnecessary casts from hash update calls.

Let's just call a rdomain a rdomain.

ok dlg@

mix the rtable into the hash for tcp sequence number generation.

ok tedu@ claudio@

Remove "pl" suffix on pool names.

ok dlg@, uebayasi@, mikeb@

use sha512 instead of md5 for tcp isn. ok deraadt

Fewer <netinet/in_systm.h> !

Resize the pcb hashtable automatically. The table size will be doubled
when the number of the hash entries reaches 75% of the table size.

ok dlg henning, 'commit in' claudio

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

ip_output() using varargs always struck me as bizarre, esp since it's only
ever used to pass on uint32 (for ipsec). stop that madness and just pass
the uint32, 0 in all cases but the two that pass the ipsec flowinfo.
ok deraadt reyk guenther

we'll do fine without casting NULL to struct foo * / void *
ok gcc & md5 (alas, no binary change)

tcp_respond: let the stack worry about the cksum instead of doing it
manually, ok naddy (in january)

"struct pkthdr" holds a routing table ID, not a routing domain one.
Avoid the confusion by using an appropriate name for the variable.

Note that since routing domain IDs are a subset of the set of routing
table IDs, the following idiom is correct:

rtableid = rdomain

But to get the routing domain ID corresponding to a given routing table
ID, you must call rtable_l2(9).

claudio@ likes it, ok mikeb@

Remove the number of in6_var.h inclusions by moving some functions and
global variables to in6.h.

ok deraadt@

Remove the number of in_var.h inclusions by moving some functions and
global variables to in.h.

ok mikeb@, deraadt@

Sprinkle a lot more IPv6 routing domains support in the kernel.

Mostly mechanical, setting and passing the rdomain and rtable correctly.
Not yet enabled.

Lots of help and hints from claudio and bluhm

OK claudio@, bluhm@

Put a large chunk of the IPv6 rdomain support in-tree.

Still some important missing pieces, and this is not yet enabled.

OK bluhm@

make in_proto_cksum_out not rely on the pseudo header checksum to be
already there, just compute it - it's dirt cheap. since that happens
very late in ip_output, the rest of the stack doesn't have to care about
checksums at all any more, if something needs to be checksummed, just
set the flag on the pkthdr mbuf to indicate so.
stop pre-computing the pseudo header checksum and incrementally updating it
in the tcp and udp stacks.
ok lteo florian

Pass the routing domain to IPv6 pr_ctlinput() like in IPv4.
OK claudio@

The function rip6_ctlinput() claims that sa6_src is constant to
allow the assingment of &sa6_any. But rip6_ctlinput() could not
guarantee that as it casted away the const attribute when it passes
the pointer to in6_pcbnotify(). Replace sockaddr with const
sockaddr_in6 in the in6_pcbnotify() parameters. This reduces the
number of casts. Also adjust in6_pcbhashlookup() to handle the
const attribute correctly.
Input and OK claudio@

Remove various external variable declaration from sources files and
move them to the corresponding header with an appropriate comment if
necessary.

ok guenther@

Use macros sotoinpcb() and intotcpcb() instead of casts. Use NULL
instead of 0 for pointers. No binary change.
OK mpi@

code that calls timeout functions should include timeout.h
slipped by on i386, but the zaurus doesn't automagically pick it up.
spotted by patrick

no need for a lot of code to include proc.h

change the malloc(9) flags from M_DONTWAIT to M_NOWAIT; OK millert@

Increase TCP's initial window to 10 * MSS or 14600 bytes as proposed in
draft-ietf-tcpm-initcwnd. net.inet.tcp.rfc3390 defaults to 2 now which
uses the 10*MSS, setting it back to 1 brings back the old default of 4*MSS.
OK sperreault@, henning@, sthen@, markus@

for key material that is being being discarded, convert bzero() to
explicit_bzero() where required
ok markus mikeb

Fix the naming of interfaces and variables for rdomains and rtables
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.

Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.

Written by claudio@, criticized^Wcritiqued by me

Replace pool_get() + bzero() with pool_get(..., PR_ZERO).

With input from oga@ and krw@

ok oga@ krw@ thib@ markus@ mk@

Extend the protosw pr_ctlinput function to include the rdomain. This is
needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@

rtables are stacked on rdomains (it is possible to have multiple routing
tables on top of a rdomain) but until now our code was a crazy mix so that
it was impossible to correctly use rtables in that case. Additionally pf(4)
only knows about rtables and not about rdomains. This is especially bad when
tracking (possibly conflicting) states in various domains.
This diff fixes all or most of these issues. It adds a lookup function to
get the rdomain id based on a rtable id. Makes pf understand rdomains and
allows pf to move packets between rdomains (it is similar to NAT).
Because pf states now track the rdomain id as well it is necessary to modify
the pfsync wire format. So old and new systems will not sync up.
A lot of help by dlg@, tested by sthen@, jsg@ and probably more
OK dlg@, mpf@, deraadt@

sockets created via a listening socket lose the rdomain and fail to work
therefore. Inherit the rdomain through the syncache.
There are some interactions that need some more work (ctlinput) so this
can be improved but is good enough for now.
OK markus@

Initial support for routing domains. This allows to bind interfaces to
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@

rename arc4random_bytes => arc4random_buf to match libc's nicer name;
ok deraadt@

remove tcp_drain code since it's not longer used; ok henning, feedback thib

remove old unused TCP isn code; ok henning, dhartmei, mcbride

when creating a response, use the correct TCP header instead of
relying on the mbuf chain layout; with claudio@ and krw@; ok henning@

TCP_COMPAT_42 was last used in 1997. Kill it.
ok millert

arc4random_bytes() is the preferred interface for generating nonces;
"looks ok" markus@

since the
MGET* macros were changed to function calls, there wasn't any
need for the pool declarations and the inclusion of pool.h
From: tbert <bret.lambert@gmail.com>

branches: 1.98.2;
merge tcp_set_iss() and tcp_set_tsm(); ok mcbride, djm (on earlier version)

Drop the current random timestamps and the current ISN generation
code and replace both with a RFC1948 based method, so TCP clients
now have monotonic ISN/timestamps. The server side uses completely
random ISN/timestamps and does time-wait recycling (on port reuse).
ok djm@, mcbride@; thanks to lots of testers

apply the "skip ipsec if there are no flows" speedup diff to IPv6 too.
we need a pointer to the inpcb to decide, which was not previously
passed to ip6_output, so this diff is a little bigger.
from itojun, ok ryan

tcp_iss usage is ifdef TCP_COMPAT_42, so the variable decl can be too

variables used by #ifdef code should be inside #ifdef too

branches: 1.93.4;
With the exception of two other small uncommited diffs this moves
the remainder of the network stack from splimp to splnet.

ok miod@

Enable RFC3390 by default and remove a few compile time options which
can be changed via sysctl's.

ok markus@

change the TCP reass queue from LIST to TAILQ;
ok henning claudio fgsch krw

implement PMTU checks from
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
i.e. don't act on ICMP-need-frag immediately if adhoc checks on the
advertised mtu fail. the mtu update is delayed until a tcp retransmit
happens. initial patch by Fernando Gont, tested by many.

Ignore ICMP Source Quench messages meant for TCP connections. (Details in
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html)
ok markus frantzen

- check th_ack against snd_una/max; from Raja Mukerji via hugh@
- limit pool to tcp_sackhole_limit entries (sysctl-able)
- stop sack option processing on pool_get errors
- use SEQ_MIN/SEQ_MAX
ok henning, hshoexer, deraadt

1. tcp_xmit_timer(): remove extra rtt decrement (t_rtttime is 0-based
while t_rtt was 1-based), update callers
2. define and use TCP_RTT_BASE_SHIFT instead of the hardcoded 2.
3. add missing shifts when t_srtt/t_rttvar are used.
4. update the comments: t_srtt uses 5 bits of fraction (not 3)
and t_rttvar uses 4 bits
5. remove obsolete/unused macros TCP_RTT_SCALE and TCP_RTTVAR_SCALE
6. make sure rttmin is not > TCPTV_REXMTMAX
parts from netbsd, ok mcbride, henning

Make sure bogus values don't make their way into tcp_xmit_timer() calculations.
- Ignore ts_ecr if it is 0, or the resulting rtt is out of range.
(use tp->t_rtttime instead)
- Initialise tcp_now to 1, to avoid the 500ms window where a valid ts_ecr
of 0 could be ignored.
- Convert out-of-range rtt values to valid ones in tcp_xmit_timer().

ok frantzen@ markus@

fix for race between invocation for timer and network input
1) add a reaper for TCP and SYN cache states (cf. netbsd pr 20390)
2) additional check for TCP_TIMER_ISARMED(TCPT_REXMT) in tcp_timer_persist()
with mickey@; ok deraadt@

Modulate tcp_now by a random amount on a per-connection basis.

ok markus@ frantzen@

branches: 1.83.2;
verify th_seq in icmp errors; report Fernando Gont; ok mcbride@, dhartmei@

First step towards more sane time handling in the kernel -- this changes
things such that code that only need a second-resolution uptime or wall
time, and used to get that from time.tv_secs or mono_time.tv_secs now get
this from separate time_t globals time_second and time_uptime.

ok art@ niklas@ nordin@

factor out md5 code; ok+tests henning@, djm@, hshoexer@

Replace RSA-derived md5 code with code derived from Colin Plumb's PD version.
This moves md5.c out of libkern and into sys/crypto where it belongs (as
requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it).
Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@

The tcp specific routing metrics are almost never used so reduce the routing
table from these metrics. struct rt_msghdr used by the routing socket is not
affected and so most userland apps don't need to be changed.
some man page polishing by jmc@
OK henning@ markus@ theo@

- allow the user to force the TCP mss below the fail-safe 216 with a low
interface MTU.
- break a tcp_output() -> tcp_mtudisc() -> tcp_output() infinite recursion
when the TCP mss ends up larger than the interface MTU (when the if_mtu is
smaller than the tcp header). connections will still stall
feedback from itojun@, claudio@ and provos and testing from beck@

branches: 1.77.2;
limit total number of queued out-of-order packets to NMBCLUSTERS/2; ok mcbride

implement tcp_drain() similar to ip_drain(); ok mcbride@

!sack_disable -> sack_enable; ok deraadt@

support for RFC3390 (Increasing TCP's Initial Window); ok deraadt, itojun

don't restrict tcp signature keys to ascii; ok mcbride

import netbsd's version of David Borman's syncache code
http://www.kohala.com/start/borman.97jun06.txt; ok deraadt@, henning@

de-register. deraadt ok

add in(6)_pcblookup_listen() and replace all calls to in_pcblookup()
with either in(6)_pcbhashlookup() or in(6)_pcblookup_listen();
in_pcblookup is now only used by bind(2); speeds up pcb lookup for
listening sockets; from Claudio Jeker

use random number generator to generate IPv6 fragment ID/flowlabel.
cleanup IPv6 flowlabel handling. deraadt ok

branches: 1.68.2;
do not flip ip_len/ip_off in netinet stack. deraadt ok.
(please test, especially PF portion)

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)

branches: 1.65.4;
Fix a problem where passing NULL as a pointer with varargs does not promote
NULL to full 64 bits on a 64 bit address system. Soultion is to add a
(void *) cast before NULL. This makes a 64 bit MIPS kernel work and will
probably help future 64 bit ports as well.

OK from art@

whitespace

avoid is_ipv6 construct. a step towards IPv4-less kernel

bring in ECN support from KAME.
it consists of
- ECN support in TCP
- tunnel-egress and fragment reassembly rules in layer-3 not to lose
congestion info at tunnel-egress and fragment reassembly

to enable ECN in TCP, build a kernel with TCP_ECN, and then,
turn it on by "sysctl -w net.inet.tcp.ecn=1".

ok deraadt@

First round of __P removal in sys

use timeout(9) to schedule TCP timers. this avoid traversing all
tcp connections during tcp_slowtimo. apdapted from thorpej@netbsd.org

disable immediate ack on TH_PUSH. make behaviour sysctl tuneable.
from netbsd; also fix a bug where setting TF_ACKNOW didn't actually
result in an ack.

remove tcp_fasttimo and convert delayed acks to the timeout(9) API instead.
adapated from netbsd. okay angelos@

allocate tcp reassembly queue via pool; based on netbsd; okay art@ angelos@

Pool deals fairly well with physical memory shortage, but it doesn't deal
well (not at all) with shortages of the vm_map where the pages are mapped
(usually kmem_map).

Try to deal with it:
- group all information the backend allocator for a pool in a separate
struct. The pool will only have a pointer to that struct.
- change the pool_init API to reflect that.
- link all pools allocating from the same allocator on a linked list.
- Since an allocator is responsible to wait for physical memory it will
only fail (waitok) when it runs out of its backing vm_map, carefully
drain pools using the same allocator so that va space is freed.
(see comments in code for caveats and details).
- change pool_reclaim to return if it actually succeeded to free some
memory, use that information to make draining easier and more efficient.
- get rid of PR_URGENT, noone uses it.

allocate sackholes with pool

change tcpcb allocation to pool

use macros to manage tcp timers; based on netbsd

branches: 1.52.4;
repair IPv6 TCP. th_sum has to be initialized to 0 on template.
(older code had "th_sum = 0" at the bottom of the function, which was
removed during TCP hardware checksumming change)

zero tcp checksum field before calculating new value.
Fixes problem with bad checksums on keepalives
OK provos@

Pointer arithmetic fixes work better when you get the casting right.

Appease gcc by not using void pointers in arithmetic operations.

Always defer output TCP checksumming until ip_output() (or hardware,
if it exists). Cuts down on code a bit, and we don't need to look at
the routing entry at TCP. Based on NetBSD. UDP case to follow.

Add comment on why checksum deferral is not useful in tcp_respond()

Cut down on include files.

repair copyright notices for NRL & cmetz; cmetz

use faster arc4random() in tcp_rndiss_next; niels ok

Match IPSEC output prototypes.

Fix tcp_signature_tdb_input decl; kernel compiles again if TCP_SIGNATURE
option is used. Note that this does not work.

Move offsetof define into sys/param.h

provide a random start for tcp timestamps; niels@ ok

pull in new pcb notification code from kame. better handling of scope address.

correct ipv6 path mtu discovery.

more random tcp sequence numbers. okay deraadt@, angelos@

nuke #ifdef TCP6 (no longer supported).
validate ICMPv6 too big messages (pmtud) based on pcb. we accept
certain amount of non-validated ones, as IPv6 mandates ICMPv6 (so even for
traffic from unconnected pcb, we need pmtud).
sync with kame

validate mbuf chain length on *_ctlinput. remote node may be able to
transmit a truncated icmp6 packet and panic the system. sync with kame.

verify payload of the icmp need fragment message at the tcp layer. okay itojun@

on expiry of pmtu route, retry higher mtu. okay angelos@

correctly calculate mss

Path MTU discovery based on NetBSD but with the decision to use the DF
flag delayed to ip_output(). That halves the code and reduces most of
the route lookups. okay deraadt@

forgot to reset rscale

compute correct window scale when recvpipe option is set in route; based
on diff from "Pete Kazmier" <pete@kazmier.com>

more cleanup for IPv4 mapped address support. there seem to be some
inconsistency in corner cases (from NRL I believe).
todd (fries) and I have seen panic, with the following call chain:
ip6_input -> tcp_input -> tcp_respond -> ip_input -> bang!

more cleanups should be done, to decrease complexity.
for example, INP_IPV6_MAPPED should be nuked.

Make the definition of tcpstat in tcp_var.h extern.

correctly handle ctlinput messages for IPv6.

Fix function to comply with prototype. Kind of moot, as tcp signatures
don't work yet anyhow, so there's no point compiling them in.

ensure tcp window size does not overflow (16bit unsigned after window scale).
FreeBSD PR: 16914

branches: 1.23.2;
fix _input/_output proto changes for tcp_signature; angelos@ ok

enable SACK again

bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

Get rid of unnecessary third argument in *_output routines of IPsec.

Disable SACK for now, it has problems, deraadt@

Added support for TCP MD5 option (RFC 2385).

Removed bogus ifdef/define lines that resulted from an over-aggressive M-x.

Fixed a #ifdef defined()... typo that turned into a compilation failure.

Significant cleanups in the way TCP is made to handle multiple network
protocols.

"struct tcpiphdr" is now gone from much of the code, as are separate pointers
for ti and ti6. The result is fewer variables, which is generally a good thing.

Simple if(is_ipv6) ... else ... tests are gone in favor of a
switch(protocol family), which allows future new protocols to be added easily.
This also makes it possible for someone so inclined to re-implement TUBA (TCP
over CLNP?) and do it right instead of the kluged way it was done in 4.4.

The TCP header template is now referenced through a mbuf rather than done
through a data pointer and dtom()ed as needed. This is partly because dtom() is
evil and partly because max_linkhdr + IPv6 + TCP + MSS/TS/SACK opts won't fit
inside a packet header mbuf, so we need to grab a cluster for that (which the
code now does, if needed).

inet6 indent

netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetz

NewReno, SACK and FACK support for TCP, adapted from code for BSDI
by Hari Balakrishnan (hari@lcs.mit.edu), Tom Henderson (tomh@cs.berkeley.edu)
and Venkat Padmanabhan (padmanab@cs.berkeley.edu) as part of the
Daedalus research group at the University of California,
(http://daedalus.cs.berkeley.edu). [I was able to do this on time spent
at the Center for Information Technology Integration (citi.umich.edu)]

- fix three bugs pointed out in Stevens, i.a. updating timestamps correctly
- fix a 4.4bsd-lite2 bug, when tcp options are present the maximum segment
size is not updated correctly, so that fast recovery forces out a segment
which is split in two segments by tcp_output(), the fix is adpated from
FreeBSD, the effective mss is recorded after option negotiation in 3way
handshake.
[I was able to fix this on time spent at Center for Information Technology
Integration (citi.umich.edu)]

first step to the setsockopt/getsockopt interface as described in
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal
userland key management applications when security services are requested.
this is only for outgoing connections at the moment, incoming packets
are not yet checked against the selected socket policy.

indent

use arc4random()

Remove random() prototype, as it's not needed. Besides it was wrong for the alpha :-)

Make TCP ISS increment by random amounts

remove unnecessary "XXX it should be sysctl()'ed"

fix NetBSD PR#854.
allow to overwrite rfc1323 option in config file.

From NetBSD: 960217 merge

from netbsd:
make netinet work on systems where pointers and longs are 64 bits
(like the alpha). Biggest problem: IP headers were overlayed with
structure which included pointers, and which therefore didn't overlay
properly on 64-bit machines. Solution: instead of threading pointers
through IP header overlays, add a "queue element" structure to do
the threading, and point it at the ip headers.

branches: 1.1.1;
Initial revision

Merge struct route and struct route_in6.

Use a common struct route for both inet and inet6. Unfortunately
struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has
to be exposed from net/route.h. Struct route has to be bsd visible
for userland as netstat kvm code inspects inp_route. Internet PCB
and TCP SYN cache can use a plain struct route now. All specific
sockaddr types for inet and inet6 are embeded there.

OK claudio@

Remove include netinet6/ip6_var.h from netinet/in_pcb.h.

OK mvs@

Use more specific sockaddr type for inpcb notify.

in_pcbnotifyall() is an IPv4 only function. All callers check that
sockaddr dst is in fact a sockaddr_in. Pass the more spcific type
and remove the runtime check at beginning of in_pcbnotifyall().
Use const sockaddr_in in in_pcbnotifyall() and const sockaddr_in6
in6_pcbnotify() as dst parameter.

OK millert@

Declare address parameter in TCP SYN cache const.

tcp6_ctlinput() casted a constant sockaddr_sin6 to non-const sockaddr.
sa6_src may be &sa6_any which lives in read-only data section.
Better pass down the const addresses to syn_cache_lookup(). They
are needed for hash lookup and are not modified.

OK mvs@

Fix white spaces in TCP.

Document inp_socket as immutable and remove NULL checks.

Struct inpcb field inp_socket is initialized in in_pcballoc(). It
is not NULL and never changed.

OK mvs@

Remove inp parameter from ip_output().

ip_output() received inp as parameter. This is only used to lookup
the IPsec level of the socket. Reasoning about MP locking is much
easier if only relevant data is passed around. Convert ip_output()
to receive constant inp_seclevel as argument and mark it as protected
by net lock.

OK mvs@

Convert tcp_now() time counter to 64 bit.

After changing tcp now tick to milliseconds, 32 bits will wrap
around after 49 days of uptime. That may be a problem in some
places of our stack. Better use a 64 bit counter.

As timestamp option is 32 bit in TCP protocol, use the lower 32 bit
there. There are casts to 32 bits that should behave correctly.

Start with random 63 bit offset to avoid uptime leakage. 2^63
milliseconds result in 2.9*10^8 years of possible uptime.

OK yasuoka@

Implement TCP send offloading, for now in software only. This is
meant as a fallback if network hardware does not support TSO. Driver
support is still work in progress. TCP output generates large
packets. In IP output the packet is chopped to TCP maximum segment
size. This reduces the CPU cycles used by pf. The regular output
could be assisted by hardware later, but pf route-to and IPsec needs
the software fallback in general.
For performance comparison or to workaround possible bugs, sysctl
net.inet.tcp.tso=0 disables the feature. netstat -s -p tcp shows
TSO counter with chopped and generated packets.
based on work from jan@
tested by jmc@ jan@ Hrvoje Popovski
OK jan@ claudio@

Modify TCP receive buffer size auto scaling to use the smoothed RTT
(SRTT) instead of the timestamp option. Since the timestamp option is
disabled on some OSs (eg. Windows) or dropped by some
firewalls/routers, in such a case the window size had been fixed at
16KB, this limits throughput at very low on high latency networks.
Also replace "tcp_now" from 2HZ tick counter to binuptime in
milliseconds to calculate the SRTT better.

tested by krw matthieu jmatthew dlg djm stu stsp
ok claudio

System calls should not fail due to temporary memory shortage in
malloc(9) or pool_get(9).
Pass down a wait flag to pru_attach(). During syscall socket(2)
it is ok to wait, this logic was missing for internet pcb. Pfkey
and route sockets were already waiting.
sonewconn() must not wait when called during TCP 3-way handshake.
This logic has been preserved. Unix domain stream socket connect(2)
can wait until the other side has created the socket to accept.
OK mvs@

Initialize TCP mutex forgotten in previous commit.
found by Hrvoje Popovski with witness; OK mvs@

Use a mutex to update tcp_maxidle, tcp_iss, and tcp_now. This
removes pressure from the exclusive netlock in tcp_slowtimo().
Reading is done atomically. Ensure that the tcp_now value is read
only once per function to provide consistent time.
OK yasuoka@