RFCs recommend to keep TCP connections for a certain time even after they
finished a close handshake, AFAIK, in order to be able to recognize astray
packets when they arrive later. This seems overambitious especially when in
the context of the router where session quota is pretty limited. Therefore,
this commit drops this final timeout and drops closed connections immediately.
Ref #4729
The previous value of 60 seconds was never observed in real-time scenarios and
UDP, for instance always used a timeout of 30 seconds without causing issues.
Note that this applies only to TCP connections in a state other than
ESTABLISHED, i.e., while it is still safe to early-drop the connection.
Ref #4729
The TCP connection state "ESTABLISHED" (in the router "OPEN") is a privileged
one for peers because it lasts very long without any peer interaction (in the
NIC router it's only 10 minutes, but RFCs recommend not less than 2 hours and
4 minutes). Furthermore, TCP connections in this state are normally not
available for early-drop on resource exhaustion. This means that this state
binds resources to a connection potentially for a long time without the option
of regaining them under stress. Therefore, this state should be entered with
care.
Up to now, the router marked a TCP connection with this state as soon as it had
seen one matching packet in both directions, which is rather quick. However,
implementing a very precise tracking of the exact TCP states of both peers and
only marking the connection "ESTABLISHED" when both peers are "ESTABLISHED" is
a difficult task with lots of corner cases.
That said, this commit implements a compromise. The router now has two flags
for each peer of a TCP connection - FIN sent and FIN acked - and sets them
according to the observed TCP flags. The "ESTABLISHED" state is entered only
when FIN acked is set for both peers (without having observed an RST or FIN
flag meanwhile).
Ref #4729
The Reference and Const_reference utility were introduced in order to express
that something is a reference (no null value) but can be changed dynamically
(not possible with built-in C++ references). However, the idea of preventing
every possibility for null pointer faults, with which the router was built
initially, has not prevailed and using pointers instead of the utility saves
logic and makes the code more readable to other C++ developers.
Ref #4729
The deinitialization method of Domain used to rely on Domain::with_dhcp_server
in order to dissolve and destroy a present DHCP server. However, this method
skipped calling its functor argument also when there was a DHCP server but an
invalid one. This commt replaces the with_dhcp_server with a pointer null-check
in order to fix the leak.
Ref #4729
Re-implements an emergency freeing of resources on exhaustion of session quota.
In contrast to the past one, the new algorithm is executed directly where the
exhaustion occurs. Instead of interupting the packet handling and restart it
from the beginning after the freeing action, packet handling is now continued
at the point of exhaustion (if enough resources could be freed). Furthermore,
the new algorithm frees only 100 objects (instead of 1024) at a max as we found
this to better match real-life observations. And finally, the router now drops
ICMP first, then UDP, then TCP - as this better reflects priorities - and
refrains from dropping TCP connections in the ESTABLISHED state. If the router
cannot free a sufficient amount of resources, the packet that caused the
exhaustion is dropped with a warning (verbose_packet_drop="yes").
Ref #4729
Remove the use of C++ exception as much as possible from the router as C++
exception handling can be resource intensive and can make code hard to
understand.
This also removes the garbage collection that the router used to do when a
session ran out of quota. This is motivated by the fact that the garbage
collection was rather simple and removed connection states regardless of their
current state, thereby causing broken connections. The change is part of this
commit as the approach to integrating garbage collection relied strongly on
exception handling.
The user story behind removing garbage collection: The router emergency-dropped
an established TCP connection (with NAPT) and on the next matching packet
re-created it with a different NAPT port, thereby breaking the connection. With
this commit, existing connections are prioritized over new ones during resource
exhaustion and the packets that attempt to create a new connection in such a
state are dropped with a warning in the log (verbose_packet_drop="yes").
Note that the state resolves itself with time as existing connections time out
or are closed by peers.
Ref #4729
Reserved memory regions must be excluded from the corresponding DMA
allocators irrespective of whether the device is in use. Otherwise, an
early allocation of DMA buffers may use the reserved memory regions of a
late acquired device.
Fixes#5232
This exception got introduced as a mere convenience for implementers of
'Child_policy' but required a special case in the base library.
Following the goal of eliminating exceptions from the base system,
this patch removes it by making a server_id_space mandatory.
Issue #5245
as setup by firmware after boot. The information will/can be used by the
platform driver to re-program bridges after a system suspend/resume cycle.
Issue #5241
- Replace 'typedef' by 'using'
- Avoid plain pointers
- Import Genode namespace into Gui::
- Use enum class
- Use Attr struct for passing multiple attributes
- Turn testnit into proper Genode::Component
- Use distinct types for top-level and child views
- Remove dependency from timer
- Use util/geometry.h
- Move header to base/include to make it applicable for base types
like 'Affinity' down the road.
- Represent 'Rect' as typle of point and area, which is the most
common form of initialization, creates in valid 'Rect' by default.
- Turn Point, Area, and Rect into compound types, making x, y, w, h, at,
area accessible without a method call
- 'Rect::Compound' function for constructing a 'Rect' from two points,
replacing a former constructor
- Use result type 'Rect::Cut_remainder' instead of out parameters.
Fixes#5239
This patch turns 'Color' from a class to a POD type by replacing
the constructors by the named create functions 'rgb', 'clamped_rgb',
and 'clamped_rgba'. It thereby enables the initialization of Color
values using { .r = ... } syntax and makes the type usable in const
expressions.
It also narrows the type for color components and alpha values to
uint8_t. So possible integer overflows of computed values are detected
by -Wconversion.
As 'Color::rgb(0, 0, 0)' is repeatedly used as a default value, the
patch adds the 'Color::black()' function.
Fixes#5238
This enables the combination of the nic_uplink component with any driver
pkg featuring a runtime file. This is already the case of the pc_nic
driver.
This is a preparatory step for issue #4420.
When having a maximized terminal window, a suspend was causing an
invalid mode change at nitpicker. This triggered a huge resource request
in nitpicker because the RAM-quota check was rendered ineffective by a
wrap-around during unsigned multiplication.
Issue genodelabs/genode#5180Fixesgenodelabs/genode#5201
The test reverts the platform drivers' config at the end of the test
to an empty state. However, this state should still contain a default
policy (analogyously to the initial state). Otherwise, the platform
session of the test program will (sometimes) become invalid just before
successfully finishing the test.
The original use cases of the loader have long been covered by the
dynamic init. The only substantial client of the loader remained to be
the qpluginwidget. However, the qpluginwidget was supported only by the
Arora web browser. But the blending of plugins with websites ultimately
remained a tech demo, and Arora has been replaced by Falkon.
Fixes#5229
Default disabled initialization prevents follow-up errors if one
capability is already enabled on boot, but platform_drv decides to
enable the other one. The PCI spec explicitly states that "Behavior is
undefined if both MSI and MSI-X are enabled simultaneously".
Fixes#5228
- no need to explicitly switch off vga anymore
- use vPID for VMs which improves TLB usage if multiple vCPUs on same
pCPU is used, which happens to happen on Sculpt.
- support for mwait by nova kernel, which is off by default
Issue #5206
During resume the waiting for Cmd::St takes ~2s on a T460p with Intel
AHCI SSD attached. According to the Serial ATA AHCI Spec. wakeup can take
seconds, e.g. chapter 8.2 Power State Mappings of the Serial ATA AHCI spec
(1.3.1).
Issue #5203
Restore the reporting in situations where all capture sessions are gone.
This fixes the webcam package that disables the USB webcam driver when
nitpicker report no active displays.
Issue #5187
This patch retains the buffer size of the last capture client as mode as
long as no capture client exists. This avoids intermediate mode changes
in situations like suspend/resume where the display driver is restarted.
Issue #5187
This patch disables latency warnings by default. The warnings can be
enabled by setting the 'warning_rate_ms` value to the desired
maximum rate.
Fixes#5186
Issue #5174
