From owner-cvs-src@FreeBSD.ORG Mon May 28 11:03:53 2007 Return-Path: X-Original-To: cvs-src@FreeBSD.org Delivered-To: cvs-src@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AF85816A4FD; Mon, 28 May 2007 11:03:53 +0000 (UTC) (envelope-from andre@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id A161E13C448; Mon, 28 May 2007 11:03:53 +0000 (UTC) (envelope-from andre@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.8/8.13.8) with ESMTP id l4SB3rL0051681; Mon, 28 May 2007 11:03:53 GMT (envelope-from andre@repoman.freebsd.org) Received: (from andre@localhost) by repoman.freebsd.org (8.13.8/8.13.8/Submit) id l4SB3r37051675; Mon, 28 May 2007 11:03:53 GMT (envelope-from andre) Message-Id: <200705281103.l4SB3r37051675@repoman.freebsd.org> From: Andre Oppermann Date: Mon, 28 May 2007 11:03:53 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: src/sys/netinet tcp_input.c tcp_syncache.c tcp_var.h X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2007 11:03:53 -0000 andre 2007-05-28 11:03:53 UTC FreeBSD src repository Modified files: sys/netinet tcp_input.c tcp_syncache.c tcp_var.h Log: Refactor and rewrite in parts the SYN handling code on listen sockets in tcp_input(): o tighten the checks on allowed TCP flags to be RFC793 and tcp-secure conform o log check failures to syslog at LOG_DEBUG level o rearrange the code flow to be easier to follow o add KASSERTs to validate assumptions of the code flow Add sysctl net.inet.tcp.syncache.rst_on_sock_fail defaulting to enable that controls the behavior on socket creation failure for a otherwise successful 3-way handshake. The socket creation can fail due to global memory shortage, listen queue limits and file descriptor limits. The sysctl allows to chose between two options to deal with this. One is to send a reset to the other endpoint to notify it about the failure (default). The other one is to ignore and treat the failure as a transient error and have the other endpoint retransmit for another try. Reviewed by: rwatson (in general) Revision Changes Path 1.353 +120 -45 src/sys/netinet/tcp_input.c 1.119 +4 -0 src/sys/netinet/tcp_syncache.c 1.152 +2 -1 src/sys/netinet/tcp_var.h