silby's FreeBSD to-do list: - Figure out why FreeBSD 7 is dropping TCP connections, seemingly at random. - Requested by Peter Wemm: Redo TCP timer backoff FreeBSD 5.0+ no longer round up the RTT when calculating retransmit times. Therefore, a link with a 1ms RTT will exhaust all of its retransmissions in less than 10 seconds - a major problem if you just unplug a cable for a few seconds. - Redo IP fragmentation reassembly to allow superfragged packets in Right now we limit all packets to 16 frags, but to do a 64K ping packet, that's not enough frags. We could increase that limit without increasing the DoS attacks possible if we have multiple buckets that frags go into, so that we can allow more of the 1-4 fragment packets and fewer of the more fragmented packets. Requested by: rwatson - More reliable port randomization Port randomization still causes ports to be reused too quickly, even with the rate limiting patches. Using an array of all ephemeral ports and storing timestamps of when the port can be used next will allow randomization to be used all the time without the worry of quick port reuse. - Fix quick port reuse problems It is currently unclear why quick port reuse causes problems, it shouldn't. Yet I have been sent tcpdump output showing that it happens. - Improve our use of syncookies We generate a syncookie for each and every syn packet. We should do what the Yahoo guys suggest and only use syncookies when the syncache fills up, and stop purging the syncache. - Randomized IP IDs - Randomized TCP Timestamps Start from: http://people.freebsd.org/~ssouhlal/testing/tcp-timestamps-20050605.diff - Working WPA support for the wi driver (better ieee80211 integration) - Auto firmware loading for iwi (in cooperation with Damien Bergamini) - use the mb_init_mbuf/etc routines to bzero memory when it's transferred to the mbuf UMA zones. This would remove the possibility of information leakage from short frames. This shouldn't slow down anything as long as the bzero is in the init and not the ctor routines. - Add some debugging features based off of kdb_backtrace that will catalog the different callers of a function over time, and allow you to do different things based on the caller. Uses of this include: - Who freed a mbuf that met criteria X (something which I would have found useful in recent debugging.) - Simulate a malloc failure exactly once for each of the callers of malloc. Right now, random failures don't do much good, because they hit the most common callers quite often, and some callers never. - Many more... - port memguard to uma zones. - write a quick stress test that starts a webserver on localhost, then goes nuts with http_load connecting to it; then start something which chews up memory, causing a memory shortage to ensure that the uma_reclaim routines don't cause any problems. - socket buffers: Is the M_EOR flag used anywhere anymore? If not, the socket buffer code could be simplified in a few places, perhaps leading to speedups... Suggested by: phk - In 5.4, if you don't have a /dev directory in your root filesystem, init doesn't say anything, leading to a confused user. Some error should be printed.