aboutsummaryrefslogtreecommitdiff
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* [udp] fix possible mbuf and lock leak in udp_input().Andrey V. Elsukov2021-02-111-5/+8
| | | | | | | | | | | | | | In error case we can leave `inp' locked, also we need to free mbuf chain `m' in the same case. Release the lock and use `badunlocked' label to exit with freed mbuf. Also modify UDP error statistic to match the IPv6 code. Remove redundant INP_RUNLOCK() from the `if (last == NULL)' block, there are no ways to reach this point with locked `inp'. Obtained from: Yandex LLC MFC after: 3 days Sponsored by: Yandex LLC
* Revert "SO_RERROR indicates that receive buffer overflows should be handled ↵Alexander V. Chernikov2021-02-084-4/+5
| | | | | | | | as errors." Wrong version of the change was pushed inadvertenly. This reverts commit 4a01b854ca5c2e5124958363b3326708b913af71.
* SO_RERROR indicates that receive buffer overflows should be handled as errors.Alexander V. Chernikov2021-02-084-5/+4
| | | | | | | | | | | | Historically receive buffer overflows have been ignored and programs could not tell if they missed messages or messages had been truncated because of overflows. Since programs historically do not expect to get receive overflow errors, this behavior is not the default. This is really really important for programs that use route(4) to keep in sync with the system. If we loose a message then we need to reload the full system state, otherwise the behaviour from that point is undefined and can lead to chasing bogus bug reports.
* Allow setting alias port ranges in libalias and ipfw. This will allow a systemNeel Chauhan2021-02-024-3/+34
| | | | | | | | | to be a true RFC 6598 NAT444 setup, where each network segment (e.g. user, subnet) can have their own dedicated port aliasing ranges. Reviewed by: donner, kp Approved by: 0mp (mentor), donner, kp Differential Revision: https://reviews.freebsd.org/D23450
* Fix LINT kernel builds after 1a714ff20419 .Hans Petter Selasky2021-02-012-30/+8
| | | | | | | MFC after: 1 week Discussed with: rrs@ Differential Revision: https://reviews.freebsd.org/D28357 Sponsored by: Mellanox Technologies // NVIDIA Networking
* sctp: small cleanup, no functional change intended.Michael Tuexen2021-02-011-4/+2
| | | | MFC after: 3 days
* sctp: improve input validationMichael Tuexen2021-01-311-38/+62
| | | | | | | | | Improve the handling of INIT chunks in specific szenarios and report and appropriate error cause. Thanks to Anatoly Korniltsev for reporting the issue for the userland stack. MFC after: 3 days
* sctp: fix a locking issue for old unordered dataMichael Tuexen2021-01-311-1/+1
| | | | | | | Thanks to Anatoly Korniltsev for reporting the issue for the userland stack. MFC after: 3 days
* Catch up with 6edfd179c86: mechanically rename IFCAP_NOMAP to IFCAP_MEXTPG.Gleb Smirnoff2021-01-291-1/+1
| | | | | | | | | Originally IFCAP_NOMAP meant that the mbuf has external storage pointer that points to unmapped address. Then, this was extended to array of such pointers. Then, such mbufs were augmented with header/trailer. Basically, extended mbufs are extended, and set of features is subject to change. The new name should be generic enough to avoid further renaming.
* This pulls over all the changes that are in the netflixRandall Stewart2021-01-286-216/+421
| | | | | | | | | tree that fix the ratelimit code. There were several bugs in tcp_ratelimit itself and we needed further work to support the multiple tag format coming for the joint TLS and Ratelimit dances. Sponsored by: Netflix Inc. Differential Revision: https://reviews.freebsd.org/D28357
* Add missing decrement of active ratelimit connections.Hans Petter Selasky2021-01-261-0/+3
| | | | | | Reviewed by: rrs@ MFC after: 1 week Sponsored by: Mellanox Technologies // NVIDIA Networking
* Don't allow allocating a new send tag on an INP which is being torn down.Hans Petter Selasky2021-01-261-1/+6
| | | | | | | | This fixes a potential send tag leak. Reviewed by: rrs@ MFC after: 1 week Sponsored by: Mellanox Technologies // NVIDIA Networking
* TCP PRR: Patch div/0 in tcp_prr_partialackRichard Scheffenegger2021-01-261-3/+5
| | | | | | | | | | | | | | With clearing of recover_fs in bc7ee8e5bc555, div/0 was observed while processing partial_acks. Suspect that rewind of an erraneous RTO may be causing this - with the above change, recover_fs would no longer retained at the last calculated value, and reset. But CC_RTO_ERR can reenable IN_RECOVERY(), without setting this again. Adding a safety net prior to the division in that function, which I missed in D28114.
* Adjust line length in tcp_prr_partialackRichard Scheffenegger2021-01-261-5/+8
| | | | | | | | | | | | | | | Summary: Wrap lines before column 80 in new prr code checked in recently. No functional changes. Reviewers: tuexen, rrs, jtl, mm, kbowling, #transport Reviewed By: tuexen, mm, #transport Subscribers: imp, melifaro Differential Revision: https://reviews.freebsd.org/D28329
* sctp: fix PR-SCTP stats when adding addtional streamsMichael Tuexen2021-01-231-0/+9
| | | | MFC after: 1 week
* sctp: improve consistencyMichael Tuexen2021-01-234-29/+29
| | | | | | No functional change intended. MFC: 1 week
* Further refactor IPv4 interface route creation.Alexander V. Chernikov2021-01-213-113/+130
| | | | | | | | | | | | | | * Fix bug with /32 aliases introduced in 81728a538d24. * Explicitly document business logic for IPv4 ifa routes. * Remove remnants of rtinit() * Deduplicate ifa->route prefix code by moving it into ia_getrtprefix() * Deduplicate conditional check for ifa_maintain_loopback_route() by moving into ia_need_loopback_route() * Remove now-unused flags argument from in_addprefix(). Reviewed by: donner PR: 252883 Differential Revision: https://reviews.freebsd.org/D28246
* Address panic with PRR due to missed initialization of recover_fsRichard Scheffenegger2021-01-202-8/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: When using the base stack in conjunction with RACK, it appears that infrequently, ++tp->t_dupacks is instantly larger than tcprexmtthresh. This leaves the recover flightsize (sackhint.recover_fs) uninitialized, leading to a div/0 panic. Address this by properly initializing the variable just prior to first use, if it is not properly initialized. In order to prevent stale information from a prior recovery to negatively impact the PRR calculations in this event, also clear recover_fs once loss recovery is finished. Finally, improve the readability of the initialization of recover_fs when t_dupacks == tcprexmtthresh by adjusting the indentation and using the max(1, snd_nxt - snd_una) macro. Reviewers: rrs, kbowling, tuexen, jtl, #transport, gnn!, jmg, manu, #manpages Reviewed By: rrs, kbowling, #transport Subscribers: bdrewery, andrew, rpokala, ae, emaste, bz, bcran, #linuxkpi, imp, melifaro Differential Revision: https://reviews.freebsd.org/D28114
* Require uint32_t alignment for ipfw_insnAlex Richardson2021-01-191-1/+1
| | | | | | | | | There are many casts of this struct to uint32_t, so we also need to ensure that it is sufficiently aligned to safely perform this cast on architectures that don't allow unaligned accesses. This fixes lots of -Wcast-align warnings. Reviewed By: ae Differential Revision: https://reviews.freebsd.org/D27879
* libalias: Fix remaining compiler warningsAlex Richardson2021-01-192-7/+10
| | | | | | | This fixes some sign-compare warnings and adds a missing static to a variable declaration. Differential Revision: https://reviews.freebsd.org/D27883
* libalias: Fix -Wcast-align compiler warningsAlex Richardson2021-01-196-73/+69
| | | | | | | | | | This fixes -Wcast-align warnings caused by the underaligned `struct ip`. This also silences them in the public functions by changing the function signature from char * to void *. This is source and binary compatible and avoids the -Wcast-align warning. Reviewed By: ae, gbe (manpages) Differential Revision: https://reviews.freebsd.org/D27882
* Fix IPv4 fib bsearch4() lookup array construction.Alexander V. Chernikov2021-01-171-0/+12
| | | | | Current code didn't properly handle the case with nested prefixes like 10.0.0.0/24 && 10.0.0.0/25.
* Split rtinit() into multiple functions.Alexander V. Chernikov2021-01-163-7/+131
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rtinit[1]() is a function used to add or remove interface address prefix routes, similar to ifa_maintain_loopback_route(). It was intended to be family-agnostic. There is a problem with this approach in reality. 1) IPv6 code does not use it for the ifa routes. There is a separate layer, nd6_prelist_(), providing interface for maintaining interface routes. Its part, responsible for the actual route table interaction, mimics rtenty() code. 2) rtinit tries to combine multiple actions in the same function: constructing proper route attributes and handling iterations over multiple fibs, for the non-zero net.add_addr_allfibs use case. It notably increases the code complexity. 3) dstaddr handling. flags parameter re-uses RTF_ flags. As there is no special flag for p2p connections, host routes and p2p routes are handled in the same way. Additionally, mapping IFA flags to RTF flags makes the interface pretty messy. It make rtinit() to clash with ifa_mainain_loopback_route() for IPV4 interface aliases. 4) rtinit() is the last customer passing non-masked prefixes to rib_action(), complicating rib_action() implementation. 5) rtinit() coupled ifa announce/withdrawal notifications, producing "false positive" ifa messages in certain corner cases. To address all these points, the following has been done: * rtinit() has been split into multiple functions: - Route attribute construction were moved to the per-address-family functions, dealing with (2), (3) and (4). - funnction providing net.add_addr_allfibs handling and route rtsock notificaions is the new routing table inteface. - rtsock ifa notificaion has been moved out as well. resulting set of funcion are only responsible for the actual route notifications. Side effects: * /32 alias does not result in interface routes (/32 route and "host" route) * RTF_PINNED is now set for IPv6 prefixes corresponding to the interface addresses Differential revision: https://reviews.freebsd.org/D28186
* tcp: add sysctl to tolerate TCP segments missing timestampsMichael Tuexen2021-01-147-15/+38
| | | | | | | | | | | | | | | | When timestamp support has been negotiated, TCP segements received without a timestamp should be discarded. However, there are broken TCP implementations (for example, stacks used by Omniswitch 63xx and 64xx models), which send TCP segments without timestamps although they negotiated timestamp support. This patch adds a sysctl variable which tolerates such TCP segments and allows to interoperate with broken stacks. Reviewed by: jtl@, rscheff@ Differential Revision: https://reviews.freebsd.org/D28142 Sponsored by: Netflix, Inc. PR: 252449 MFC after: 1 week
* tcp: fix handling of TCP RST segments missing timestampsMichael Tuexen2021-01-143-10/+21
| | | | | | | | | | | A TCP RST segment should be processed even it is missing TCP timestamps. Reported by: dmgk@, kevans@ Reviewed by: rscheff@, dmgk@ Sponsored by: Netflix, Inc. MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D28143
* Convert remaining cap_rights_init users to cap_rights_init_oneMateusz Guzik2021-01-121-2/+2
| | | | | | | | | | | | | semantic patch: @@ expression rights, r; @@ - cap_rights_init(&rights, r) + cap_rights_init_one(&rights, r)
* Use rn_match instead of doing indirect calls in fib_algo.Alexander V. Chernikov2021-01-111-2/+2
| | | | | | | | | Relevant inet/inet6 code has the control over deciding what the RIB lookup function currently is. With that in mind, explicitly set it to the current value (rn_match) in the datapath lookups. This avoids cost on indirect call. Differential Revision: https://reviews.freebsd.org/D28066
* Bump amount of queued packets in for unresolved ARP/NDP entries to 16.Alexander V. Chernikov2021-01-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently default behaviour is to keep only 1 packet per unresolved entry. Ability to queue more than one packet was added 10 years ago, in r215207, though the default value was kep intact. Things have changed since that time. Systems tend to initiate multiple connections at once for a variety of reasons. For example, recent kern/252278 bug report describe happy-eyeball DNS behaviour sending multiple requests to the DNS server. The primary driver for upper value for the queue length determination is memory consumption. Remote actors should not be able to easily exhaust local memory by sending packets to unresolved arp/ND entries. For now, bump value to 16 packets, to match Darwin implementation. The proper approach would be to switch the limit to calculate memory consumption instead of packet count and limit based on memory. We should MFC this with a variation of D22447. Reviewers: #manpages, #network, bz, emaste Reviewed By: emaste, gbe(doc), jilles(doc) MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D28068
* igmp: Avoid leaking mbuf when source validation failsMark Johnston2021-01-081-0/+1
| | | | | | PR: 252504 Submitted by: Panagiotis Tsolakos <panagiotis.tsolakos@gmail.com> MFC after: 3 days
* Refactor rt_addrmsg() and rt_routemsg().Alexander V. Chernikov2021-01-071-21/+25
| | | | | | | | | | | | | | Summary: * Refactor rt_addrmsg(): make V_rt_add_addr_allfibs decision locally. * Fix rt_routemsg() and multipath by accepting nexthop instead of interface pointer. * Refactor rtsock_routemsg(): avoid accessing rtentry fields directly. * Simplify in_addprefix() by moving prefix search to a separate function. Reviewers: #network Subscribers: imp, ae, bz Differential Revision: https://reviews.freebsd.org/D28011
* sctp: improve handling of aborted associationsMichael Tuexen2021-01-011-9/+8
| | | | | Don't clear a flag, when the structure already has been freed. Reported by: syzbot+07667d16c96779c737b4@syzkaller.appspotmail.com
* Fix default route handling in radix4_lockless algo.Alexander V. Chernikov2020-12-261-3/+4
| | | | | | Improve nexthop debugging. Reported by: Florian Smeets <flo at smeets.xyz>
* Add modular fib lookup framework.Alexander V. Chernikov2020-12-252-0/+802
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change introduces framework that allows to dynamically attach or detach longest prefix match (lpm) lookup algorithms to speed up datapath route tables lookups. Framework takes care of handling initial synchronisation, route subscription, nhop/nhop groups reference and indexing, dataplane attachments and fib instance algorithm setup/teardown. Framework features automatic algorithm selection, allowing for picking the best matching algorithm on-the-fly based on the amount of routes in the routing table. Currently framework code is guarded under FIB_ALGO config option. An idea is to enable it by default in the next couple of weeks. The following algorithms are provided by default: IPv4: * bsearch4 (lockless binary search in a special IP array), tailored for small-fib (<16 routes) * radix4_lockless (lockless immutable radix, re-created on every rtable change), tailored for small-fib (<1000 routes) * radix4 (base system radix backend) * dpdk_lpm4 (DPDK DIR24-8-based lookups), lockless datastrucure, optimized for large-fib (D27412) IPv6: * radix6_lockless (lockless immutable radix, re-created on every rtable change), tailed for small-fib (<1000 routes) * radix6 (base system radix backend) * dpdk_lpm6 (DPDK DIR24-8-based lookups), lockless datastrucure, optimized for large-fib (D27412) Performance changes: Micro benchmarks (I7-7660U, single-core lookups, 2048k dst, code in D27604): IPv4: 8 routes: radix4: ~20mpps radix4_lockless: ~24.8mpps bsearch4: ~69mpps dpdk_lpm4: ~67 mpps 700k routes: radix4_lockless: 3.3mpps dpdk_lpm4: 46mpps IPv6: 8 routes: radix6_lockless: ~20mpps dpdk_lpm6: ~70mpps 100k routes: radix6_lockless: 13.9mpps dpdk_lpm6: 57mpps Forwarding benchmarks: + 10-15% IPv4 forwarding performance (small-fib, bsearch4) + 25% IPv4 forwarding performance (full-view, dpdk_lpm4) + 20% IPv6 forwarding performance (full-view, dpdk_lpm6) Control: Framwork adds the following runtime sysctls: List algos * net.route.algo.inet.algo_list: bsearch4, radix4_lockless, radix4 * net.route.algo.inet6.algo_list: radix6_lockless, radix6, dpdk_lpm6 Debug level (7=LOG_DEBUG, per-route) net.route.algo.debug_level: 5 Algo selection (currently only for fib 0): net.route.algo.inet.algo: bsearch4 net.route.algo.inet6.algo: radix6_lockless Support for manually changing algos in non-default fib will be added soon. Some sysctl names will be changed in the near future. Differential Revision: https://reviews.freebsd.org/D27401
* Improve input validation for parameters in ASCONF and ASCONF-ACK chunksMichael Tuexen2020-12-231-2/+2
| | | | | Thanks to Tolya Korniltsev for drawing my attention to this part of the code by reporting an issue for the userland stack.
* Filter TCP connections to SO_REUSEPORT_LB listen sockets by NUMA domainAndrew Gallatin2020-12-194-21/+108
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to efficiently serve web traffic on a NUMA machine, one must avoid as many NUMA domain crossings as possible. With SO_REUSEPORT_LB, a number of workers can share a listen socket. However, even if a worker sets affinity to a core or set of cores on a NUMA domain, it will receive connections associated with all NUMA domains in the system. This will lead to cross-domain traffic when the server writes to the socket or calls sendfile(), and memory is allocated on the server's local NUMA node, but transmitted on the NUMA node associated with the TCP connection. Similarly, when the server reads from the socket, he will likely be reading memory allocated on the NUMA domain associated with the TCP connection. This change provides a new socket ioctl, TCP_REUSPORT_LB_NUMA. A server can now tell the kernel to filter traffic so that only incoming connections associated with the desired NUMA domain are given to the server. (Of course, in the case where there are no servers sharing the listen socket on some domain, then as a fallback, traffic will be hashed as normal to all servers sharing the listen socket regardless of domain). This allows a server to deal only with traffic that is local to its NUMA domain, and avoids cross-domain traffic in most cases. This patch, and a corresponding small patch to nginx to use TCP_REUSPORT_LB_NUMA allows us to serve 190Gb/s of kTLS encrypted https media content from dual-socket Xeons with only 13% (as measured by pcm.x) cross domain traffic on the memory controller. Reviewed by: jhb, bz (earlier version), bcr (man page) Tested by: gonzo Sponsored by: Netfix Differential Revision: https://reviews.freebsd.org/D21636 Notes: svn path=/head/; revision=368819
* Harden the handling of outgoing streams in case of an restart or INITMichael Tuexen2020-12-131-3/+6
| | | | | | | | | | | collision. This avouds an out-of-bounce access in case the peer can break the cookie signature. Thanks to Felix Wilhelm from Google for reporting the issue. MFC after: 1 week Notes: svn path=/head/; revision=368622
* Clean up more resouces of an existing SCTP association in case ofMichael Tuexen2020-12-121-1/+56
| | | | | | | | | | | | | | a restart. This fixes a use-after-free scenario, which was reported by Felix Wilhelm from Google in case a peer is able to modify the cookie. However, this can also be triggered by an assciation restart under some specific conditions. MFC after: 1 week Notes: svn path=/head/; revision=368593
* Add TCP feature Proportional Rate Reduction (PRR) - RFC6937Richard Scheffenegger2020-12-042-7/+131
| | | | | | | | | | | | | | | | | PRR improves loss recovery and avoids RTOs in a wide range of scenarios (ACK thinning) over regular SACK loss recovery. PRR is disabled by default, enable by net.inet.tcp.do_prr = 1. Performance may be impeded by token bucket rate policers at the bottleneck, where net.inet.tcp.do_prr_conservate = 1 should be enabled in addition. Submitted by: Aris Angelogiannopoulos Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D18892 Notes: svn path=/head/; revision=368327
* Remove RADIX_MPATH config option.Alexander V. Chernikov2020-11-291-4/+0
| | | | | | | | | | | | ROUTE_MPATH is the new config option controlling new multipath routing implementation. Remove the last pieces of RADIX_MPATH-related code and the config option. Reviewed by: glebius Differential Revision: https://reviews.freebsd.org/D27244 Notes: svn path=/head/; revision=368164
* Refactor fib4/fib6 functions.Alexander V. Chernikov2020-11-292-43/+84
| | | | | | | | | | | | | | | | | No functional changes. * Make lookup path of fib<4|6>_lookup_debugnet() separate functions (fib<46>_lookup_rt()). These will be used in the control plane code requiring unlocked radix operations and actual prefix pointer. * Make lookup part of fib<4|6>_check_urpf() separate functions. This change simplifies the switch to alternative lookup implementations, which helps algorithmic lookups introduction. * While here, use static initializers for IPv4/IPv6 keys Differential Revision: https://reviews.freebsd.org/D27405 Notes: svn path=/head/; revision=368147
* Fix two occurences of a typo in a comment introduced in r367530.Michael Tuexen2020-11-232-2/+2
| | | | | | | | | Reported by: lstewart@ MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D27148 Notes: svn path=/head/; revision=367946
* Refactor rib iterator functions.Alexander V. Chernikov2020-11-221-1/+1
| | | | | | | | | | | | | | | * Make rib_walk() order of arguments consistent with the rest of RIB api * Add rib_walk_ext() allowing to exec callback before/after iteration. * Rename rt_foreach_fib_walk_del -> rib_foreach_table_walk_del * Rename rt_forach_fib_walk -> rib_foreach_table_walk * Move rib_foreach_table_walk{_del} to route/route_helpers.c * Slightly refactor rib_foreach_table_walk{_del} to make the implementation consistent and prepare for upcoming iterator optimizations. Differential Revision: https://reviews.freebsd.org/D27219 Notes: svn path=/head/; revision=367941
* Fix an issue I introuced in r367530: tcp_twcheck() can be calledMichael Tuexen2020-11-201-10/+13
| | | | | | | | | | | | | with to == NULL for SYN segments. So don't assume tp != NULL. Thanks to jhb@ for reporting and suggesting a fix. PR: 250499 MFC after: 1 week XMFC-with: r367530 Sponsored by: Netflix, Inc. Notes: svn path=/head/; revision=367891
* ip_fastfwd: style(9) tidy for r367628Ed Maste2020-11-132-5/+6
| | | | | | | | Discussed with: gnn MFC with: r367628 Notes: svn path=/head/; revision=367645
* Followup pointed out by ae@George V. Neville-Neil2020-11-131-1/+5
| | | | Notes: svn path=/head/; revision=367635
* An earlier commit effectively turned out the fast forwading pathGeorge V. Neville-Neil2020-11-123-5/+64
| | | | | | | | | | | | due to its lack of support for ICMP redirects. The following commit adds redirects to the fastforward path, again allowing for decent forwarding performance in the kernel. Reviewed by: ae, melifaro Sponsored by: Rubicon Communications, LLC (d/b/a "Netgate") Notes: svn path=/head/; revision=367628
* RFC 7323 specifies that:Michael Tuexen2020-11-095-46/+98
| | | | | | | | | | | | | | | | | * TCP segments without timestamps should be dropped when support for the timestamp option has been negotiated. * TCP segments with timestamps should be processed normally if support for the timestamp option has not been negotiated. This patch enforces the above. PR: 250499 Reviewed by: gnn, rrs MFC after: 1 week Sponsored by: Netflix, Inc Differential Revision: https://reviews.freebsd.org/D27148 Notes: svn path=/head/; revision=367530
* Fix a potential use-after-free bug introduced inMichael Tuexen2020-11-091-3/+3
| | | | | | | | | | https://svnweb.freebsd.org/changeset/base/363046 Thanks to Taylor Brandstetter for finding this issue using fuzz testing and reporting it in https://github.com/sctplab/usrsctp/issues/547 Notes: svn path=/head/; revision=367520
* igmp: convert igmpstat to use PCPU countersMitchell Horne2020-11-082-21/+31
| | | | | | | | | | | | | | | | | | | | Currently there is no locking done to protect this structure. It is likely okay due to the low-volume nature of IGMP, but allows for the possibility of underflow. This appears to be one of the only holdouts of the conversion to counter(9) which was done for most protocol stat structures around 2013. This also updates the visibility of this stats structure so that it can be consumed from elsewhere in the kernel, consistent with the vast majority of VNET_PCPUSTAT structures. Reviewed by: kp Sponsored by: NetApp, Inc. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D27023 Notes: svn path=/head/; revision=367493
* Prevent premature SACK block transmission during loss recoveryRichard Scheffenegger2020-11-086-31/+74
| | | | | | | | | | | | | | | | Under specific conditions, a window update can be sent with outdated SACK information. Some clients react to this by subsequently delaying loss recovery, making TCP perform very poorly. Reported by: chengc_netapp.com Reviewed by: rrs, jtl MFC after: 2 weeks Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D24237 Notes: svn path=/head/; revision=367492
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 20:05:22 +0000