2 * \addtogroup rxrpc-spec RX RPC Specification
6 * \mainpage AFS-3 Programmer's Reference: Specification for the Rx Remote
7 * Procedure Call Facility
9 * AFS-3 Programmer's Reference:
11 * Specification for the Rx Remote Procedure Call Facility
12 * \author Edward R. Zayas
13 * Transarc Corporation
15 * \date 28 August 1991 10:11 .cCopyright 1991 Transarc Corporation All Rights
18 * \page chap1 Chapter 1 -- Overview of the Rx RPC system
20 * \section sec1-1 Section 1.1: Introduction to Rx
23 * The Rx package provides a high-performance, multi-threaded, and secure
25 * remote procedure calls (RPCs) may be performed between programs executing
27 * network of computers. The Rx protocol is adaptive, conforming itself to
29 * network communication media. It allows user applications to define and
31 * security modules, allowing them to execute the precise end-to-end
32 * authentication algorithms
33 * required to suit their needs and goals. Although pervasive throughout the
35 * file system, all of its agents, and many of its standard application
36 * programs, Rx is entirely
37 * separable from AFS and does not depend on any of its features. In fact, Rx
38 * can be used to build applications engaging in RPC-style communication under
39 * a variety of unix-style file systems. There are in-kernel and user-space
40 * implementations of the Rx facility, with both sharing the same interface.
42 * This document provides a comprehensive and detailed treatment of the Rx RPC
45 * \section sec1-2 Section 1.2: Basic Concepts
48 * The Rx design operates on the set of basic concepts described in this
51 * \subsection sec1-2-1 Section 1.2.1: Security
54 * The Rx architecture provides for tight integration between the RPC mechanism
55 * and methods for making this communication medium secure. As elaborated in
56 * Section 5.3.1.3 and illustrated by the built-in rxkad security system
57 * described in Chapter 3, Rx defines the format for a generic security module,
58 * and then allows application programmers to define and activate
59 * instantiations of these modules. Rx itself knows nothing about the internal
60 * details of any particular security model, or the module-specific state it
61 * requires. It does, however, know when to call the generic security
62 * operations, and so can easily execute the security algorithm defined. Rx
63 * does maintain basic state per connection on behalf of any given security
66 * \subsection sec1-2-2 Section 1.2.2: Services
69 * An Rx-based server exports services, or specific RPC interfaces that
70 * accomplish certain tasks. Services are identified by (host-address,
71 * UDP-port, serviceID) triples. An Rx service is installed and initialized on
72 * a given host through the use of the rx NewService() routine (See Section
73 * 5.6.3). Incoming calls are stamped with the Rx service type, and must match
74 * an installed service to be accepted. Internally, Rx services also carry
75 * string names which identify them, which is useful for remote debugging and
76 * statistics-gathering programs. The use of a service ID allows a single
77 * server process to export multiple, independently-specified Rx RPC services.
79 * Each Rx service contains one or more security classes, as implemented by
80 * individual security objects. These security objects implement end-to-end
81 * security protocols. Individual peer-to-peer connections established on
82 * behalf of an Rx service will select exactly one of the supported security
83 * objects to define the authentication procedures followed by all calls
84 * associated with the connection. Applications are not limited to using only
85 * the core set of built-in security objects offered by Rx. They are free to
86 * define their own security objects in order to execute the specific protocols
89 * It is possible to specify both the minimum and maximum number of lightweight
90 * processes available to handle simultaneous calls directed to an Rx service.
91 * In addition, certain procedures may be registered with the service and
92 * called at specific times in the course of handling an RPC request.
94 * \subsection sec1-2-3 Section 1.2.3: Connections
97 * An Rx connection represents an authenticated communication path, allowing a
98 * sequence of multiple asynchronous conversations (calls). Each connection is
99 * identified by a connection ID. The low-order bits of the connection ID are
100 * reserved so that they may be stamped with the index of a particular call
101 * channel. With up to RX MAXCALLS concurrent calls (set to 4 in this
102 * implementation), the bottom two bits are set aside for this purpose. The
103 * connection ID is not sufficient to uniquely identify an Rx connection by
104 * itself. Should a client crash and restart, it may reuse a connection ID,
105 * causing inconsistent results. Included with the connection ID is the epoch,
106 * or start time for the client side of the connection. After a crash, the next
107 * incarnation of the client will choose a different epoch value. This will
108 * differentiate the new incarnation from the orphaned connection record on the
111 * Each connection is associated with a parent service, which defines a set of
112 * supported security models. At creation time, an Rx connection selects the
113 * particular security protocol it will implement, referencing the associated
114 * service. The connection structure maintains state for each individual call
115 * simultaneously handled.
117 * \subsection sec1-2-4 Section 1.2.4: Peers
120 * For each connection, Rx maintains information describing the entity, or
121 * peer, on the other side of the wire. A peer is identified by a (host,
122 * UDP-port) pair, with an IP address used to identify the host. Included in
123 * the information kept on this remote communication endpoint are such network
124 * parameters as the maximum packet size supported by the host, current
125 * readings on round trip time and retransmission delays, and packet skew (see
126 * Section 1.2.7). There are also congestion control fields, including
127 * retransmission statistics and descriptions of the maximum number of packets
128 * that may be sent to the peer without pausing. Peer structures are shared
129 * between connections whenever possible, and, hence, are reference-counted. A
130 * peer object may be garbage-collected if it is not actively referenced by any
131 * connection structure and a sufficient period of time has lapsed since the
132 * reference count dropped to zero.
134 * \subsection sec1-2-5 Section 1.2.5: Calls
137 * An Rx call represents an individual RPC being executed on a given
138 * connection. As described above, each connection may have up to RX MAXCALLS
139 * calls active at any one instant. The information contained in each call
140 * structure is specific to the given call.
142 * "Permanent" call state, such as the call number, is maintained in the
143 * connection structure itself.
145 * \subsection sec1-2-6 Section 1.2.6: Quotas
148 * Each attached server thread must be able to make progress to avoid system
149 * deadlock. The Rx facility ensures that it can always handle the arrival of
150 * the next unacknowledged data packet for an attached call with its system of
151 * packet quotas. A certain number of packets are reserved per server thread
152 * for this purpose, allowing the server threads to queue up an entire window
153 * full of data for an active call and still have packet buffers left over to
154 * be able to read its input without blocking.
156 * \subsection sec1-2-7 Section 1.2.7: Packet Skew
159 * If a packet is received n packets later than expected (based on packet
160 * serial numbers), then we define it to have a skew of n. The maximum skew
161 * values allow us to decide when a packet hasn't been received yet because it
162 * is out of order, as opposed to when it is likely to have been dropped.
164 * \subsection sec1-2-8 Section 1.2.8: Multicasting
167 * The rx multi.c module provides for multicast abilities, sending an RPC to
168 * several targets simultaneously. While true multicasting is not achieved, it
169 * is simulated by a rapid succession of packet transmissions and a collection
170 * algorithm for the replies. A client program, though, may be programmed as if
171 * multicasting were truly taking place. Thus, Rx is poised to take full
172 * advantage of a system supporting true multicasting with minimal disruption
173 * to the existing client code base.
175 * \section sec1-3 Section 1.3: Scope
178 * This paper is a member of a documentation suite providing specifications as
179 * to the operation and interfaces offered by the various AFS servers and
180 * agents. Rx is an integral part of the AFS environment, as it provides the
181 * high-performance, secure pathway by which these system components
182 * communicate across the network. Although AFS is dependent on Rx's services,
183 * the reverse is not true. Rx is a fully independent RPC package, standing on
184 * its own and usable in other environments.
186 * The intent of this work is to provide readers with a sufficiently detailed
187 * description of Rx that they may proceed to write their own applications on
188 * top of it. In fact, code for a sample Rx server and client are provided.
190 * One topic related to Rx will not be covered by this document, namely the
191 * Rxgen stub generator. Rather, rxgen is addressed in a separate document.
193 * \section sec1-4 Section 1.4: Document Layout
196 * After this introduction, Chapter 2 will introduce and describe various
197 * facilities and tools that support Rx. In particular, the threading and
198 * locking packages used by Rx will be examined, along with a set of timer and
199 * preemption tools. Chapter 3 proceeds to examine the details of one of the
200 * built-in security modules offered by Rx. Based on the Kerberos system
201 * developed by MIT's Project Athena, this rxkad module allows secure, ecrypted
202 * communication between the server and client ends of the RPC. Chapter 5 then
203 * provides the full Rx programming interface, and Chapter 6 illustrates the
204 * use of this programming interface by providing a fully-operational
205 * programming example employing Rx. This rxdemo suite is examined in detail,
206 * ranging all the way from a step-by-step analysis of the human-authored
207 * files, and the Rxgen-generated files upon which they are based, to the
208 * workings of the associated Makefile. Output from the example rxdemo server
209 * and client is also provided.
211 * \section sec1-5 Section 1.5: Related Documents
214 * Titles for the full suite of AFS specification documents are listed below.
215 * All of the servers and agents making up the AFS computing environment,
216 * whether running in the unix kernel or in user space, utilize an Rx RPC
217 * interface through which they export their services.
219 * \li AFS-3 Programmer's Reference: Architectural Overview: This paper
220 * provides an architectual overview of the AFS distributed file system,
221 * describing the full set of servers and agents in a coherent way,
222 * illustrating their relationships to each other and examining their
224 * \li AFS-3 Programmer's Reference: file Server/Cache Manager Interface: This
225 * document describes the workings and interfaces of the two primary AFS
226 * agents, the file Server and Cache Manager. The file Server provides a
227 * centralized disk repository for sets of files, regulating access to them.
228 * End users sitting on client machines rely on the Cache Manager agent,
229 * running in their kernel, to act as their agent in accessing the data stored
230 * on file Server machines, making those files appear as if they were really
232 * \li AFS-3 Programmer's Reference:Volume Server/Volume Location Server
233 * Interface: This document describes the services through which "containers"
234 * of related user data are located and managed.
235 * \li AFS-3 Programmer's Reference: Protection Server Interface: This paper
236 * describes the server responsible for mapping printable user names to and
237 * from their internal AFS identifiers. The Protection Server also allows users
238 * to create, destroy, and manipulate "groups" of users, which are suitable for
239 * placement on access control lists (ACLs).
240 * \li AFS-3 Programmer's Reference: BOS Server Interface: This paper
241 * explicates the "nanny" service which assists in the administrability of the
244 * In addition to these papers, the AFS 3.1 product is delivered with its own
245 * user, system administrator, installation, and command reference documents.
247 * \page chap2 Chapter 2 -- The LWP Lightweight Process Package
249 * \section sec2-1 Section 2.1: Introduction
251 * This chapter describes a package allowing multiple threads of control to
252 * coexist and cooperate within one unix process. Each such thread of control
253 * is also referred to as a lightweight process, in contrast to the traditional
254 * unix (heavyweight) process. Except for the limitations of a fixed stack size
255 * and non-preemptive scheduling, these lightweight processes possess all the
256 * properties usually associated with full-fledged processes in typical
257 * operating systems. For the purposes of this document, the terms lightweight
258 * process, LWP, and thread are completely interchangeable, and they appear
259 * intermixed in this chapter. Included in this lightweight process facility
260 * are various sub-packages, including services for locking, I/O control,
261 * timers, fast time determination, and preemption.
263 * The Rx facility is not the only client of the LWP package. Other LWP clients
264 * within AFS include the file Server, Protection Server, BOS Server, Volume
265 * Server, Volume Location Server, and the Authentication Server, along with
266 * many of the AFS application programs.
268 * \section sec2-2 Section 2.2: Description
270 * \subsection Section 2.2.1: sec2-2-1 LWP Overview
273 * The LWP package implements primitive functions that provide the basic
274 * facilities required to enable procedures written in C to execute
275 * concurrently and asynchronously. The LWP package is meant to be
276 * general-purpose (note the applications mentioned above), with a heavy
277 * emphasis on simplicity. Interprocess communication facilities can be built
278 * on top of this basic mechanism and in fact, many different IPC mechanisms
279 * could be implemented.
281 * In order to set up the threading support environment, a one-time invocation
282 * of the LWP InitializeProcessSupport() function must precede the use of the
283 * facilities described here. This initialization function carves an initial
284 * process out of the currently executing C procedure and returns its thread
285 * ID. For symmetry, an LWP TerminateProcessSupport() function may be used
286 * explicitly to release any storage allocated by its counterpart. If this
287 * function is used, it must be issued from the thread created by the original
288 * LWP InitializeProcessSupport() invocation.
290 * When any of the lightweight process functions completes, an integer value is
291 * returned to indicate whether an error condition was encountered. By
292 * convention, a return value of zero indicates that the operation succeeded.
294 * Macros, typedefs, and manifest constants for error codes needed by the
295 * threading mechanism are exported by the lwp.h include file. A lightweight
296 * process is identified by an object of type PROCESS, which is defined in the
299 * The process model supported by the LWP operations is based on a
300 * non-preemptive priority dispatching scheme. A priority is an integer in the
301 * range [0..LWP MAX PRIORITY], where 0 is the lowest priority. Once a given
302 * thread is selected and dispatched, it remains in control until it
303 * voluntarily relinquishes its claim on the CPU. Control may be relinquished
304 * by either explicit means (LWP_DispatchProcess()) or implicit means (through
305 * the use of certain other LWP operations with this side effect). In general,
306 * all LWP operations that may cause a higher-priority process to become ready
307 * for dispatching preempt the process requesting the service. When this
308 * occurs, the dispatcher mechanism takes over and automatically schedules the
309 * highest-priority runnable process. Routines in this category, where the
310 * scheduler is guaranteed to be invoked in the absence of errors, are:
311 * \li LWP_WaitProcess()
312 * \li LWP_MwaitProcess()
313 * \li LWP_SignalProcess()
314 * \li LWP_DispatchProcess()
315 * \li LWP_DestroyProcess()
317 * The following functions are guaranteed not to cause preemption, and so may
318 * be issued with no fear of losing control to another thread:
319 * \li LWP_InitializeProcessSupport()
320 * \li LWP_NoYieldSignal()
321 * \li LWP_CurrentProcess()
322 * \li LWP_ActiveProcess()
323 * \li LWP_StackUsed()
327 * The symbol LWP NORMAL PRIORITY, whose value is (LWP MAX PRIORITY-2),
328 * provides a reasonable default value to use for process priorities.
330 * The lwp debug global variable can be set to activate or deactivate debugging
331 * messages tracing the flow of control within the LWP routines. To activate
332 * debugging messages, set lwp debug to a non-zero value. To deactivate, reset
333 * it to zero. All debugging output from the LWP routines is sent to stdout.
335 * The LWP package checks for stack overflows at each context switch. The
336 * variable that controls the action of the package when an overflow occurs is
337 * lwp overflowAction. If it is set to LWP SOMESSAGE, then a message will be
338 * printed on stderr announcing the overflow. If lwp overflowAction is set to
339 * LWP SOABORT, the abort() LWP routine will be called. finally, if lwp
340 * overflowAction is set to LWP SOQUIET, the LWP facility will ignore the
341 * errors. By default, the LWP SOABORT setting is used.
343 * Here is a sketch of a simple program (using some psuedocode) demonstrating
344 * the high-level use of the LWP facility. The opening #include line brings in
345 * the exported LWP definitions. Following this, a routine is defined to wait
346 * on a "queue" object until something is deposited in it, calling the
347 * scheduler as soon as something arrives. Please note that various LWP
348 * routines are introduced here. Their definitions will appear later, in
352 * #include <afs/lwp.h>
353 * static read_process(id)
355 * { /* Just relinquish control for now */
356 * LWP_DispatchProcess();
359 * /* Wait until there is something in the queue */
360 * while (empty(q)) LWP_WaitProcess(q);
361 * /* Process the newly-arrived queue entry */
362 * LWP_DispatchProcess();
368 * The next routine, write process(), sits in a loop, putting messages on the
369 * shared queue and signalling the reader, which is waiting for activity on the
370 * queue. Signalling a thread is accomplished via the LWP SignalProcess()
374 * static write_process()
376 * /* Loop, writing data to the shared queue. */
377 * for (mesg = messages; *mesg != 0; mesg++)
380 * LWP_SignalProcess(q);
386 * finally, here is the main routine for this demo pseudocode. It starts by
387 * calling the LWP initialization routine. Next, it creates some number of
388 * reader threads with calls to LWP CreateProcess() in addition to the single
389 * writer thread. When all threads terminate, they will signal the main routine
390 * on the done variable. Once signalled, the main routine will reap all the
391 * threads with the help of the LWP DestroyProcess() function.
398 * PROCESS *id; /* Initial thread ID */
399 * /* Set up the LWP package, create the initial thread ID. */
400 * LWP_InitializeProcessSupport(0, &id);
401 * /* Create a set of reader threads. */
402 * for (i = 0; i < nreaders; i++)
403 * LWP_CreateProcess(read_process, STACK_SIZE, 0, i, "Reader",
406 * /* Create a single writer thread. */
407 * LWP_CreateProcess(write_process, STACK_SIZE, 1, 0, "Writer", &writer);
408 * /* Wait for all the above threads to terminate. */
409 * for (i = 0; i <= nreaders; i++)
410 * LWP_WaitProcess(&done);
412 * /* All threads are done. Destroy them all. */
413 * for (i = nreaders-1; i >= 0; i--)
414 * LWP_DestroyProcess(readers[i]);
418 * \subsection sec2-2-2 Section 2.2.2: Locking
420 * The LWP locking facility exports a number of routines and macros that allow
421 * a C programmer using LWP threading to place read and write locks on shared
422 * data structures. This locking facility was also written with simplicity in
425 * In order to invoke the locking mechanism, an object of type struct Lock must
426 * be associated with the object. After being initialized with a call to
427 * LockInit(), the lock object is used in invocations of various macros,
428 * including ObtainReadLock(), ObtainWriteLock(), ReleaseReadLock(),
429 * ReleaseWriteLock(), ObtainSharedLock(), ReleaseSharedLock(), and
432 * Lock semantics specify that any number of readers may hold a lock in the
433 * absence of a writer. Only a single writer may acquire a lock at any given
434 * time. The lock package guarantees fairness, legislating that each reader and
435 * writer will eventually obtain a given lock. However, this fairness is only
436 * guaranteed if the priorities of the competing processes are identical. Note
437 * that ordering is not guaranteed by this package.
439 * Shared locks are read locks that can be "boosted" into write locks. These
440 * shared locks have an unusual locking matrix. Unboosted shared locks are
441 * compatible with read locks, yet incompatible with write locks and other
442 * shared locks. In essence, a thread holding a shared lock on an object has
443 * effectively read-locked it, and has the option to promote it to a write lock
444 * without allowing any other writer to enter the critical region during the
445 * boost operation itself.
447 * It is illegal for a process to request a particular lock more than once
448 * without first releasing it. Failure to obey this restriction will cause
449 * deadlock. This restriction is not enforced by the LWP code.
451 * Here is a simple pseudocode fragment serving as an example of the available
452 * locking operations. It defines a struct Vnode object, which contains a lock
453 * object. The get vnode() routine will look up a struct Vnode object by name,
454 * and then either read-lock or write-lock it.
456 * As with the high-level LWP example above, the locking routines introduced
457 * here will be fully defined later, in Section 2.3.2.
460 * #include <afs/lock.h>
464 * struct Lock lock; Used to lock this vnode
470 * struct Vnode *get_vnode(name, how) char *name;
476 * ObtainReadLock(&v->lock);
478 * ObtainWriteLock(&v->lock);
483 * \subsection sec2-2-3 Section 2.2.3: IOMGR
486 * The IOMGR facility associated with the LWP service allows threads to wait on
487 * various unix events. The exported IOMGR Select() routine allows a thread to
488 * wait on the same set of events as the unix select() call. The parameters to
489 * these two routines are identical. IOMGR Select() puts the calling LWP to
490 * sleep until no threads are active. At this point, the built-in IOMGR thread,
491 * which runs at the lowest priority, wakes up and coalesces all of the select
492 * requests together. It then performs a single select() and wakes up all
493 * threads affected by the result.
495 * The IOMGR Signal() routine allows an LWP to wait on the delivery of a unix
496 * signal. The IOMGR thread installs a signal handler to catch all deliveries
497 * of the unix signal. This signal handler posts information about the signal
498 * delivery to a global data structure. The next time that the IOMGR thread
499 * runs, it delivers the signal to any waiting LWP.
501 * Here is a pseudocode example of the use of the IOMGR facility, providing the
502 * blueprint for an implemention a thread-level socket listener.
505 * void rpc_SocketListener()
507 * int ReadfdMask, WritefdMask, ExceptfdMask, rc;
508 * struct timeval *tvp;
511 * ExceptfdMask = ReadfdMask = (1 << rpc_RequestSocket);
514 * rc = IOMGR_Select(8*sizeof(int), &ReadfdMask, &WritefdMask,
515 * &ExceptfdMask, tvp);
519 * case 0: /* Timeout */ continue;
520 * /* Main while loop */
522 * case -1: /* Error */
523 * SystemError("IOMGR_Select");
526 * case 1: /* RPC packet arrived! */ ...
530 * default: Should never occur
536 * \subsection sec2-2-4 Section 2.2.4: Timer
538 * The timer package exports a number of routines that assist in manipulating
539 * lists of objects of type struct TM Elem. These struct TM Elem timers are
540 * assigned a timeout value by the user and inserted in a package-maintained
541 * list. The time remaining to each timer's timeout is kept up to date by the
542 * package under user control. There are routines to remove a timer from its
543 * list, to return an expired timer from a list, and to return the next timer
546 * A timer is commonly used by inserting a field of type struct TM Elem into a
547 * structure. After setting the desired timeout value, the structure is
548 * inserted into a list by means of its timer field.
550 * Here is a simple pseudocode example of how the timer package may be used.
551 * After calling the package initialization function, TM Init(), the pseudocode
552 * spins in a loop. first, it updates all the timers via TM Rescan() calls.
553 * Then, it pulls out the first expired timer object with TM GetExpired() (if
554 * any), and processes it.
557 * static struct TM_Elem *requests;
559 * TM_Init(&requests); /* Initialize timer list */ ...
561 * TM_Rescan(requests); /* Update the timers */
562 * expired = TM_GetExpired(requests);
565 * . . . process expired element . . .
569 * \subsection sec2-2-5 Section 2.2.5: Fast Time
572 * The fast time routines allows a caller to determine the current time of day
573 * without incurring the expense of a kernel call. It works by mapping the page
574 * of the kernel that holds the time-of-day variable and examining it directly.
575 * Currently, this package only works on Suns. The routines may be called on
576 * other architectures, but they will run more slowly.
578 * The initialization routine for this package is fairly expensive, since it
579 * does a lookup of a kernel symbol via nlist(). If the client application
580 * program only runs for only a short time, it may wish to call FT Init() with
581 * the notReally parameter set to TRUE in order to prevent the lookup from
582 * taking place. This is useful if you are using another package that uses the
583 * fast time facility.
585 * \subsection sec2-2-6 Section 2.2.6: Preemption
588 * The preemption package provides a mechanism by which control can pass
589 * between lightweight processes without the need for explicit calls to LWP
590 * DispatchProcess(). This effect is achieved by periodically interrupting the
591 * normal flow of control to check if other (higher priority) procesess are
594 * The package makes use of the BSD interval timer facilities, and so will
595 * cause programs that make their own use of these facilities to malfunction.
596 * In particular, use of alarm(3) or explicit handling of SIGALRM is
597 * disallowed. Also, calls to sleep(3) may return prematurely.
599 * Care should be taken that routines are re-entrant where necessary. In
600 * particular, note that stdio(3) is not re-entrant in general, and hence
601 * multiple threads performing I/O on the same fiLE structure may function
604 * An example pseudocode routine illustrating the use of this preemption
605 * facility appears below.
608 * #include <sys/time.h>
609 * #include "preempt.h"
610 * ... struct timeval tv;
611 * LWP_InitializeProcessSupport( ... );
614 * PRE_InitPreempt(&tv);
615 * PRE_PreemptMe(); ...
616 * PRE_BeginCritical(); ...
617 * PRE_EndCritical(); ...
621 * \section sec2-3 Section 2.3: Interface Specifications
623 * \subsection sec2-3-1 Section 2.3.1: LWP
626 * This section covers the calling interfaces to the LWP package. Please note
627 * that LWP macros (e.g., ActiveProcess) are also included here, rather than
628 * being relegated to a different section.
630 * \subsubsection sec2-3-1-1 Section 2.3.1.1: LWP_InitializeProcessSupport
631 * _ Initialize the LWP package
634 * int LWP_InitializeProcessSupport(IN int priority; OUT PROCESS *pid)
636 * This function initializes the LWP package. In addition, it turns the current
637 * thread of control into the initial process with the specified priority. The
638 * process ID of this initial thread is returned in the pid parameter. This
639 * routine must be called before any other routine in the LWP library. The
640 * scheduler will NOT be invoked as a result of calling
641 * LWP_InitializeProcessSupport().
643 * LWP EBADPRI The given priority is invalid, either negative or too large.
645 * \subsubsection sec2-3-1-2 Section 2.3.1.2: LWP_TerminateProcessSupport
646 * _ End process support, perform cleanup
649 * int LWP_TerminateProcessSupport()
651 * This routine terminates the LWP threading support and cleans up after it by
652 * freeing any auxiliary storage used. This routine must be called from within
653 * the process that invoked LWP InitializeProcessSupport(). After LWP
654 * TerminateProcessSupport() has been called, it is acceptable to call LWP
655 * InitializeProcessSupport() again in order to restart LWP process support.
657 * ---Always succeeds, or performs an abort().
659 * \subsubsection sec2-3-1-3 Section 2.3.1.3: LWP_CreateProcess _ Create a
663 * int LWP_CreateProcess(IN int (*ep)(); IN int stacksize; IN int priority; IN
664 * char *parm; IN char *name; OUT PROCESS *pid)
666 * This function is used to create a new lightweight process with a given
667 * printable name. The ep argument identifies the function to be used as the
668 * body of the thread. The argument to be passed to this function is contained
669 * in parm. The new thread's stack size in bytes is specified in stacksize, and
670 * its execution priority in priority. The pid parameter is used to return the
671 * process ID of the new thread.
673 * If the thread is successfully created, it will be marked as runnable. The
674 * scheduler is called before the LWP CreateProcess() call completes, so the
675 * new thread may indeed begin its execution before the completion. Note that
676 * the new thread is guaranteed NOT to run before the call completes if the
677 * specified priority is lower than the caller's. On the other hand, if the new
678 * thread's priority is higher than the caller's, then it is guaranteed to run
679 * before the creation call completes.
681 * LWP EBADPRI The given priority is invalid, either negative or too large.
682 * \n LWP NOMEM Could not allocate memory to satisfy the creation request.
684 * \subsubsection sec2-3-1-4 Section: 2.3.1.4: LWP_DestroyProcess _ Create
688 * int LWP_DestroyProcess(IN PROCESS pid)
690 * This routine destroys the thread identified by pid. It will be terminated
691 * immediately, and its internal storage will be reclaimed. A thread is allowed
692 * to destroy itself. In this case, of course, it will only get to see the
693 * return code if the operation fails. Note that a thread may also destroy
694 * itself by returning from the parent C routine.
696 * The scheduler is called by this operation, which may cause an arbitrary
697 * number of threads to execute before the caller regains the processor.
699 * LWP EINIT The LWP package has not been initialized.
701 * \subsubsection sec2-3-1-5 Section 2.3.1.5: WaitProcess _ Wait on an
705 * int LWP WaitProcess(IN char *event)
707 * This routine puts the thread making the call to sleep until another LWP
708 * calls the LWP SignalProcess() or LWP NoYieldSignal() routine with the
709 * specified event. Note that signalled events are not queued. If a signal
710 * occurs and no thread is awakened, the signal is lost. The scheduler is
711 * invoked by the LWP WaitProcess() routine.
713 * LWP EINIT The LWP package has not been initialized.
714 * \n LWP EBADEVENT The given event pointer is null.
716 * \subsubsection sec2-3-1-6 Section 2.3.1.6: MwaitProcess _ Wait on a set
720 * int LWP MwaitProcess(IN int wcount; IN char *evlist[])
722 * This function allows a thread to wait for wcount signals on any of the items
723 * in the given evlist. Any number of signals of a particular event are only
724 * counted once. The evlist is a null-terminated list of events to wait for.
725 * The scheduler will be invoked.
727 * LWP EINIT The LWP package has not been initialized.
728 * \n LWP EBADCOUNT An illegal number of events has been supplied.
730 * \subsubsection sec2-3-1-7 Section 2.3.1.7: SignalProcess _ Signal an
734 * int LWP SignalProcess(IN char *event)
736 * This routine causes the given event to be signalled. All threads waiting for
737 * this event (exclusively) will be marked as runnable, and the scheduler will
738 * be invoked. Note that threads waiting on multiple events via LWP
739 * MwaitProcess() may not be marked as runnable. Signals are not queued.
740 * Therefore, if no thread is waiting for the signalled event, the signal will
743 * LWP EINIT The LWP package has not been initialized. LWP EBADEVENT A null
744 * event pointer has been provided. LWP ENOWAIT No thread was waiting on the
747 * \subsubsection sec2-3-1-8 Section 2.3.1.8: NoYieldSignal _ Signal an
748 * event without invoking scheduler
751 * int LWP NoYieldSignal(IN char *event)
753 * This function is identical to LWP SignalProcess() except that the scheduler
754 * will not be invoked. Thus, control will remain with the signalling process.
756 * LWP EINIT The LWP package has not been initialized. LWP EBADEVENT A null
757 * event pointer has been provided. LWP ENOWAIT No thread was waiting on the
760 * \subsubsection sec2-3-1-9 Section 2.3.1.9: DispatchProcess _ Yield
761 * control to the scheduler
764 * int LWP DispatchProcess()
766 * This routine causes the calling thread to yield voluntarily to the LWP
767 * scheduler. If no other thread of appropriate priority is marked as runnable,
768 * the caller will continue its execution.
770 * LWP EINIT The LWP package has not been initialized.
772 * \subsubsection sec2-3-1-10 Section 2.3.1.10: CurrentProcess _ Get the
773 * current thread's ID
776 * int LWP CurrentProcess(IN PROCESS *pid)
778 * This call places the current lightweight process ID in the pid parameter.
780 * LWP EINIT The LWP package has not been initialized.
782 * \subsubsection sec2-3-1-11 Section 2.3.1.11: ActiveProcess _ Get the
783 * current thread's ID (macro)
786 * int LWP ActiveProcess()
788 * This macro's value is the current lightweight process ID. It generates a
789 * value identical to that acquired by calling the LWP CurrentProcess()
790 * function described above if the LWP package has been initialized. If no such
791 * initialization has been done, it will return a value of zero.
793 * \subsubsection sec2-3-1-12 Section: 2.3.1.12: StackUsed _ Calculate
797 * int LWP StackUsed(IN PROCESS pid; OUT int *max; OUT int *used)
799 * This function returns the amount of stack space allocated to the thread
800 * whose identifier is pid, and the amount actually used so far. This is
801 * possible if the global variable lwp stackUseEnabled was TRUE when the thread
802 * was created (it is set this way by default). If so, the thread's stack area
803 * was initialized with a special pattern. The memory still stamped with this
804 * pattern can be determined, and thus the amount of stack used can be
805 * calculated. The max parameter is always set to the thread's stack allocation
806 * value, and used is set to the computed stack usage if lwp stackUseEnabled
807 * was set when the process was created, or else zero.
809 * LWP NO STACK Stack usage was not enabled at thread creation time.
811 * \subsubsection sec2-3-1-13 Section 2.3.1.13: NewRock _ Establish
812 * thread-specific storage
815 * int LWP NewRock (IN int tag; IN char **value)
817 * This function establishes a "rock", or thread-specific information,
818 * associating it with the calling LWP. The tag is intended to be any unique
819 * integer value, and the value is a pointer to a character array containing
822 * Users of the LWP package must coordinate their choice of tag values. Note
823 * that a tag's value cannot be changed. Thus, to obtain a mutable data
824 * structure, another level of indirection is required. Up to MAXROCKS (4)
825 * rocks may be associated with any given thread.
827 * ENOROCKS A rock with the given tag field already exists. All of the MAXROCKS
831 * \subsubsection sec2-3-1-14 Section: 2.3.1.14: GetRock _ Retrieve
832 * thread-specific storage
835 * int LWP GetRock(IN int tag; OUT **value)
837 * This routine recovers the thread-specific information associated with the
838 * calling process and the given tag, if any. Such a rock had to be established
839 * through a LWP NewRock() call. The rock's value is deposited into value.
841 * LWP EBADROCK A rock has not been associated with the given tag for this
844 * \subsection sec2-3-2 Section 2.3.2: Locking
847 * This section covers the calling interfaces to the locking package. Many of
848 * the user-callable routines are actually implemented as macros.
850 * \subsubsection sec2-3-2-1 Section 2.3.2.1: Lock Init _ Initialize lock
854 * void Lock Init(IN struct Lock *lock)
856 * This function must be called on the given lock object before any other
857 * operations can be performed on it.
859 * ---No value is returned.
861 * \subsubsection sec2-3-2-2 Section 2.3.2.2: ObtainReadLock _ Acquire a
865 * void ObtainReadLock(IN struct Lock *lock)
867 * This macro obtains a read lock on the specified lock object. Since this is a
868 * macro and not a function call, results are not predictable if the value of
869 * the lock parameter is a side-effect producing expression, as it will be
870 * evaluated multiple times in the course of the macro interpretation.
871 * Read locks are incompatible with write, shared, and boosted shared locks.
873 * ---No value is returned.
875 * \subsubsection sec2-3-2-3 Section 2.3.2.3: ObtainWriteLock _ Acquire a
879 * void ObtainWriteLock(IN struct Lock *lock)
881 * This macro obtains a write lock on the specified lock object. Since this is
882 * a macro and not a function call, results are not predictable if the value of
883 * the lock parameter is a side-effect producing expression, as it will be
884 * evaluated multiple times in the course of the macro interpretation.
886 * Write locks are incompatible with all other locks.
888 * ---No value is returned.
890 * \subsubsection sec2-3-2-4 Section 2.3.2.4: ObtainSharedLock _ Acquire a
894 * void ObtainSharedLock(IN struct Lock *lock)
896 * This macro obtains a shared lock on the specified lock object. Since this is
897 * a macro and not a function call, results are not predictable if the value of
898 * the lock parameter is a side-effect producing expression, as it will be
899 * evaluated multiple times in the course of the macro interpretation.
901 * Shared locks are incompatible with write and boosted shared locks, but are
902 * compatible with read locks.
904 * ---No value is returned.
906 * \subsubsection sec2-3-2-5 Section 2.3.2.5: ReleaseReadLock _ Release
910 * void ReleaseReadLock(IN struct Lock *lock)
912 * This macro releases the specified lock. The lock must have been previously
913 * read-locked. Since this is a macro and not a function call, results are not
914 * predictable if the value of the lock parameter is a side-effect producing
915 * expression, as it will be evaluated multiple times in the course of the
916 * macro interpretation. The results are also unpredictable if the lock was not
917 * previously read-locked by the thread calling ReleaseReadLock().
919 * ---No value is returned.
921 * \subsubsection sec2-3-2-6 Section 2.3.2.6: ReleaseWriteLock _ Release
925 * void ReleaseWriteLock(IN struct Lock *lock)
927 * This macro releases the specified lock. The lock must have been previously
928 * write-locked. Since this is a macro and not a function call, results are not
929 * predictable if the value of the lock parameter is a side-effect producing
930 * expression, as it will be evaluated multiple times in the course of the
931 * macro interpretation. The results are also unpredictable if the lock was not
932 * previously write-locked by the thread calling ReleaseWriteLock().
934 * ---No value is returned.
936 * \subsubsection sec2-3-2-7 Section 2.3.2.7: ReleaseSharedLock _ Release
940 * void ReleaseSharedLock(IN struct Lock *lock)
942 * This macro releases the specified lock. The lock must have been previously
943 * share-locked. Since this is a macro and not a function call, results are not
944 * predictalbe if the value of the lock parameter is a side-effect producing
945 * expression, as it will be evaluated multiple times in the course of the
946 * macro interpretation. The results are also unpredictable if the lock was not
947 * previously share-locked by the thread calling ReleaseSharedLock().
949 * ---No value is returned.
951 * \subsubsection sec2-3-2-8 Section 2.3.2.8: CheckLock _ Determine state
955 * void CheckLock(IN struct Lock *lock)
957 * This macro produces an integer that specifies the status of the indicated
958 * lock. The value will be -1 if the lock is write-locked, 0 if unlocked, or
959 * otherwise a positive integer that indicates the number of readers (threads
960 * holding read locks). Since this is a macro and not a function call, results
961 * are not predictable if the value of the lock parameter is a side-effect
962 * producing expression, as it will be evaluated multiple times in the course
963 * of the macro interpretation.
965 * ---No value is returned.
967 * \subsubsection sec2-3-2-9 Section 2.3.2.9: BoostLock _ Boost a shared
971 * void BoostLock(IN struct Lock *lock)
973 * This macro promotes ("boosts") a shared lock into a write lock. Such a boost
974 * operation guarantees that no other writer can get into the critical section
975 * in the process. Since this is a macro and not a function call, results are
976 * not predictable if the value of the lock parameter is a side-effect
977 * producing expression, as it will be evaluated multiple times in the course
978 * of the macro interpretation.
980 * ---No value is returned.
982 * \subsubsection sec2-3-2-10 Section 2.3.2.10: UnboostLock _ Unboost a
986 * void UnboostLock(IN struct Lock *lock)
988 * This macro demotes a boosted shared lock back down into a regular shared
989 * lock. Such an unboost operation guarantees that no other writer can get into
990 * the critical section in the process. Since this is a macro and not a
991 * function call, results are not predictable if the value of the lock
992 * parameter is a side-effect producing expression, as it will be evaluated
993 * multiple times in the course of the macro interpretation.
995 * ---No value is returned.
997 * \subsection sec2-3-3 Section 2.3.3: IOMGR
1000 * This section covers the calling interfaces to the I/O management package.
1002 * \subsubsection sec2-3-3-1 Section: 2.3.3.1: IOMGR Initialize _
1003 * Initialize the package
1006 * int IOMGR Initialize()
1008 * This function initializes the IOMGR package. Its main task is to create the
1009 * IOMGR thread itself, which runs at the lowest possible priority (0). The
1010 * remainder of the lightweight processes must be running at priority 1 or
1011 * greater (up to a maximum of LWP MAX PRIORITY (4)) for the IOMGR package to
1012 * function correctly.
1014 * -1 The LWP and/or timer package haven't been initialized.
1015 * \n <misc> Any errors that may be returned by the LWP CreateProcess()
1018 * \subsubsection sec2-3-3-2 Section 2.3.3.2: IOMGR finalize _ Clean up
1019 * the IOMGR facility
1022 * int IOMGR finalize()
1024 * This routine cleans up after the IOMGR package when it is no longer needed.
1025 * It releases all storage and destroys the IOMGR thread itself.
1027 * <misc> Any errors that may be returned by the LWP DestroyProcess() routine.
1029 * \subsubsection sec2-3-3-3 Section 2.3.3.3: IOMGR Select _ Perform a
1030 * thread-level select()
1033 * int IOMGR Select (IN int numfds; IN int *rfds; IN int *wfds; IN int *xfds;
1034 * IN truct timeval *timeout)
1036 * This routine performs an LWP version of unix select() operation. The
1037 * parameters have the same meanings as with the unix call. However, the return
1038 * values will be simplified (see below). If this is a polling select (i.e.,
1039 * the value of timeout is null), it is done and the IOMGR Select() function
1040 * returns to the user with the results. Otherwise, the calling thread is put
1041 * to sleep. If at some point the IOMGR thread is the only runnable process, it
1042 * will awaken and collect all select requests. The IOMGR will then perform a
1043 * single select and awaken the appropriate processes. This will force a return
1044 * from the affected IOMGR Select() calls.
1046 * -1 An error occurred.
1047 * \n 0 A timeout occurred.
1048 * \n 1 Some number of file descriptors are ready.
1050 * \subsubsection sec2-3-3-4 Section 2.3.3.4: IOMGR Signal _ Associate
1051 * unix and LWP signals
1054 * int IOMGR Signal(IN int signo; IN char *event)
1056 * This function associates an LWP signal with a unix signal. After this call,
1057 * when the given unix signal signo is delivered to the (heavyweight unix)
1058 * process, the IOMGR thread will deliver an LWP signal to the event via LWP
1059 * NoYieldSignal(). This wakes up any lightweight processes waiting on the
1060 * event. Multiple deliveries of the signal may be coalesced into one LWP
1061 * wakeup. The call to LWP NoYieldSignal() will happen synchronously. It is
1062 * safe for an LWP to check for some condition and then go to sleep waiting for
1063 * a unix signal without having to worry about delivery of the signal happening
1064 * between the check and the call to LWP WaitProcess().
1066 * LWP EBADSIG The signo value is out of range.
1067 * \n LWP EBADEVENT The event pointer is null.
1069 * \subsubsection sec2-3-3-5 Section 2.3.3.5: IOMGR CancelSignal _ Cancel
1070 * unix and LWP signal association
1073 * int IOMGR CancelSignal(IN int signo)
1075 * This routine cancels the association between a unix signal and an LWP event.
1076 * After calling this function, the unix signal signo will be handled however
1077 * it was handled before the corresponding call to IOMGR Signal().
1079 * LWP EBADSIG The signo value is out of range.
1081 * \subsubsection sec2-3-3-6 Section 2.3.3.6: IOMGR Sleep _ Sleep for a
1085 * void IOMGR Sleep(IN unsigned seconds)
1087 * This function calls IOMGR Select() with zero file descriptors and a timeout
1088 * structure set up to cause the thread to sleep for the given number of
1091 * ---No value is returned.
1093 * \subsection sec2-3-4 Section 2.3.4: Timer
1096 * This section covers the calling interface to the timer package associated
1097 * with the LWP facility.
1099 * \subsubsection sec2-3-4-1 Section 2.3.4.1: TM Init _ Initialize a timer
1103 * int TM Init(IN struct TM Elem **list)
1105 * This function causes the specified timer list to be initialized. TM Init()
1106 * must be called before any other timer operations are applied to the list.
1108 * -1 A null timer list could not be produced.
1110 * \subsubsection sec2-3-4-2 Section 2.3.4.2: TM final _ Clean up a timer
1114 * int TM final(IN struct TM Elem **list)
1116 * This routine is called when the given empty timer list is no longer needed.
1117 * All storage associated with the list is released.
1119 * -1 The list parameter is invalid.
1121 * \subsubsection sec2-3-4-3 Section 2.3.4.3: TM Insert _ Insert an object
1125 * void TM Insert(IN struct TM Elem **list; IN struct TM Elem *elem)
1127 * This routine enters an new element, elem, into the list denoted by list.
1128 * Before the new element is queued, its TimeLeft field (the amount of time
1129 * before the object comes due) is set to the value stored in its TotalTime
1130 * field. In order to keep TimeLeft fields current, the TM Rescan() function
1133 * ---No return value is generated.
1135 * \subsubsection sec2-3-4-4 Section 2.3.4.4: TM Rescan _ Update all
1136 * timers in the list
1139 * int TM Rescan(IN struct TM Elem *list)
1141 * This function updates the TimeLeft fields of all timers on the given list.
1142 * This is done by checking the time-of-day clock. Note: this is the only
1143 * routine other than TM Init() that updates the TimeLeft field in the elements
1146 * Instead of returning a value indicating success or failure, TM Rescan()
1147 * returns the number of entries that were discovered to have timed out.
1149 * ---Instead of error codes, the number of entries that were discovered to
1150 * have timed out is returned.
1152 * \subsubsection sec2-3-4-5 Section 2.3.4.5: TM GetExpired _ Returns an
1156 * struct TM Elem *TM GetExpired(IN struct TM Elem *list)
1158 * This routine searches the specified timer list and returns a pointer to an
1159 * expired timer element from that list. An expired timer is one whose TimeLeft
1160 * field is less than or equal to zero. If there are no expired timers, a null
1161 * element pointer is returned.
1163 * ---Instead of error codes, an expired timer pointer is returned, or a null
1164 * timer pointer if there are no expired timer objects.
1166 * \subsubsection sec2-3-4-6 Section 2.3.4.6: TM GetEarliest _ Returns
1167 * earliest unexpired timer
1170 * struct TM Elem *TM GetEarliest(IN struct TM Elem *list)
1172 * This function returns a pointer to the timer element that will be next to
1173 * expire on the given list. This is defined to be the timer element with the
1174 * smallest (positive) TimeLeft field. If there are no timers on the list, or
1175 * if they are all expired, this function will return a null pointer.
1177 * ---Instead of error codes, a pointer to the next timer element to expireis
1178 * returned, or a null timer object pointer if they are all expired.
1180 * \subsubsection sec2-3-4-7 Section 2.3.4.7: TM eql _ Test for equality
1184 * bool TM eql(IN struct timemval *t1; IN struct timemval *t2)
1186 * This function compares the given timestamps, t1 and t2, for equality. Note
1187 * that the function return value, bool, has been set via typedef to be
1188 * equivalent to unsigned char.
1190 * 0 If the two timestamps differ.
1191 * \n 1 If the two timestamps are identical.
1193 * \subsection sec2-3-5 Section 2.3.5: Fast Time
1195 * This section covers the calling interface to the fast time package
1196 * associated with the LWP facility.
1198 * \subsubsection sec2-3-5-1 Section 2.3.5.1: FT Init _ Initialize the
1202 * int FT Init(IN int printErrors; IN int notReally)
1204 * This routine initializes the fast time package, mapping in the kernel page
1205 * containing the time-of-day variable. The printErrors argument, if non-zero,
1206 * will cause any errors in initalization to be printed to stderr. The
1207 * notReally parameter specifies whether initialization is really to be done.
1208 * Other calls in this package will do auto-initialization, and hence the
1209 * option is offered here.
1211 * -1 Indicates that future calls to FT GetTimeOfDay() will still work, but
1212 * will not be able to access the information directly, having to make a
1213 * kernel call every time.
1215 * \subsubsection sec2-3-5-2 Section 2.3.5.2: FT GetTimeOfDay _ Initialize
1216 * the fast time package
1219 * int FT GetTimeOfDay(IN struct timeval *tv; IN struct timezone *tz)
1221 * This routine is meant to mimic the parameters and behavior of the unix
1222 * gettimeofday() function. However, as implemented, it simply calls
1223 * gettimeofday() and then does some bound-checking to make sure the value is
1226 * <misc> Whatever value was returned by gettimeofday() internally.
1228 * \subsection sec2-3-6 Section 2.3.6: Preemption
1230 * This section covers the calling interface to the preemption package
1231 * associated with the LWP facility.
1233 * \subsubsection sec2-3-6-1 Section 2.3.6.1: PRE InitPreempt _ Initialize
1234 * the preemption package
1237 * int PRE InitPreempt(IN struct timeval *slice)
1239 * This function must be called to initialize the preemption package. It must
1240 * appear sometime after the call to LWP InitializeProcessSupport() and
1241 * sometime before the first call to any other preemption routine. The slice
1242 * argument specifies the time slice size to use. If the slice pointer is set
1243 * to null in the call, then the default time slice, DEFAULTSLICE (10
1244 * milliseconds), will be used. This routine uses the unix interval timer and
1245 * handling of the unix alarm signal, SIGALRM, to implement this timeslicing.
1247 * LWP EINIT The LWP package hasn't been initialized.
1248 * \n LWP ESYSTEM Operations on the signal vector or the interval timer have
1251 * \subsubsection sec2-3-6-2 Section 2.3.6.2: PRE EndPreempt _ finalize
1252 * the preemption package
1255 * int PRE EndPreempt()
1257 * This routine finalizes use of the preemption package. No further preemptions
1258 * will be made. Note that it is not necessary to make this call before exit.
1259 * PRE EndPreempt() is provided only for those applications that wish to
1260 * continue after turning off preemption.
1262 * LWP EINIT The LWP package hasn't been initialized.
1263 * \n LWP ESYSTEM Operations on the signal vector or the interval timer have
1266 * \subsubsection sec2-3-6-3 Section 2.3.6.3: PRE PreemptMe _ Mark thread
1270 * int PRE PreemptMe()
1272 * This macro is used to signify the current thread as a candidate for
1273 * preemption. The LWP InitializeProcessSupport() routine must have been called
1274 * before PRE PreemptMe().
1276 * ---No return code is generated.
1278 * \subsubsection sec2-3-6-4 Section 2.3.6.4: PRE BeginCritical _ Enter
1279 * thread critical section
1282 * int PRE BeginCritical()
1284 * This macro places the current thread in a critical section. Upon return, and
1285 * for as long as the thread is in the critical section, involuntary
1286 * preemptions of this LWP will no longer occur.
1288 * ---No return code is generated.
1290 * \subsubsection sec2-3-6-5 Section 2.3.6.5: PRE EndCritical _ Exit
1291 * thread critical section
1294 * int PRE EndCritical()
1296 * This macro causes the executing thread to leave a critical section
1297 * previously entered via PRE BeginCritical(). If involuntary preemptions were
1298 * possible before the matching PRE BeginCritical(), they are once again
1301 * ---No return code is generated.
1303 * \page chap3 Chapter 3 -- Rxkad
1306 * \section sec3-1 Section 3.1: Introduction
1309 * The rxkad security module is offered as one of the built-in Rx
1310 * authentication models. It is based on the Kerberos system developed by MIT's
1311 * Project Athena. Readers wishing detailed information regarding Kerberos
1312 * design and implementation are directed to [2]. This chapter is devoted to
1313 * defining how Kerberos authentication services are made available as Rx
1314 * components, and assumes the reader has some familiarity with Kerberos.
1315 * Included are descriptions of how client-side and server-side Rx security
1316 * objects (struct rx securityClass; see Section 5.3.1.1) implementing this
1317 * protocol may be generated by an Rx application. Also, a description appears
1318 * of the set of routines available in the associated struct rx securityOps
1319 * structures, as covered in Section 5.3.1.2. It is strongly recommended that
1320 * the reader become familiar with this section on struct rx securityOps before
1323 * \section sec3-2 Section 3.2: Definitions
1326 * An important set of definitions related to the rxkad security package is
1327 * provided by the rxkad.h include file. Determined here are various values for
1328 * ticket lifetimes, along with structures for encryption keys and Kerberos
1329 * principals. Declarations for the two routines required to generate the
1330 * different rxkad security objects also appear here. The two functions are
1331 * named rxkad NewServerSecurityObject() and rxkad NewClientSecurityObject().
1332 * In addition, type field values, encryption levels, security index
1333 * operations, and statistics structures may be found in this file.
1334 * \section sec3-3 Section 3.3: Exported Objects
1336 * To be usable as an Rx security module, the rxkad facility exports routines
1337 * to create server-side and client-side security objects. The server
1338 * authentication object is incorporated into the server code when calling rx
1339 * NewService(). The client authentication object is incorporated into the
1340 * client code every time a connection is established via rx NewConnection().
1341 * Also, in order to implement these security objects, the rxkad module must
1342 * provide definitions for some subset of the generic security operations as
1343 * defined in the appropriate struct rx securityOps variable.
1345 * \subsection sec3-3-1 Section 3.3.1: Server-Side Mechanisms
1347 * \subsubsection sec3-3-1-1 Section 3.3.1.1: Security Operations
1350 * The server side of the rxkad module fills in all but two of the possible
1351 * routines associated with an Rx security object, as described in Section
1355 * static struct rx_securityOps rxkad_server_ops = {
1357 * rxkad_NewConnection,
1358 * rxkad_PreparePacket, /* Once per packet creation */
1359 * 0, /* Send packet (once per retrans) */
1360 * rxkad_CheckAuthentication,
1361 * rxkad_CreateChallenge,
1362 * rxkad_GetChallenge,
1364 * rxkad_CheckResponse, /* Check data packet */
1365 * rxkad_DestroyConnection,
1371 * The rxkad service does not need to take any special action each time a
1372 * packet belonging to a call in an rxkad Rx connection is physically
1373 * transmitted. Thus, a routine is not supplied for the op SendPacket()
1374 * function slot. Similarly, no preparatory work needs to be done previous to
1375 * the reception of a response packet from a security challenge, so the op
1376 * GetResponse() function slot is also empty.
1378 * \subsubsection sec3-3-1-2 Section 3.3.1.2: Security Object
1381 * The exported routine used to generate an rxkad-specific server-side security
1382 * class object is named rxdad NewServerSecurityObject(). It is declared with
1383 * four parameters, as follows:
1386 * struct rx_securityClass *
1387 * rxkad_NewServerSecurityObject(a_level, a_getKeyRockP, a_getKeyP, a_userOKP)
1388 * rxkad_level a_level; /* Minimum level */
1389 * char *a_getKeyRockP; /* Rock for get_key implementor */
1390 * int (*a_getKeyP)(); /* Passed kvno & addr(key) to fill */
1391 * int (*a_userOKP)(); /* Passed name, inst, cell => bool */
1395 * The first argument specifies the desired level of encryption, and may take
1396 * on the following values (as defined in rxkad.h):
1397 * \li rxkad clear: Specifies that packets are to be sent entirely in the
1398 * clear, without any encryption whatsoever.
1399 * \li rxkad auth: Specifies that packet sequence numbers are to be encrypted.
1400 * \li rxkad crypt: Specifies that the entire data packet is to be encrypted.
1403 * The second and third parameters represent, respectively, a pointer to a
1404 * private data area, sometimes called a "rock", and a procedure reference that
1405 * is called with the key version number accompanying the Kerberos ticket and
1406 * returns a pointer to the server's decryption key. The fourth argument, if
1407 * not null, is a pointer to a function that will be called for every new
1408 * connection with the client's name, instance, and cell. This routine should
1409 * return zero if the user is not acceptable to the server.
1411 * \subsection sec3-3-2 Section 3.3.2: Client-Side Mechanisms
1413 * \subsubsection sec3-3-2-1 Section 3.3.2.1: Security Operations
1416 * The client side of the rxkad module fills in relatively few of the routines
1417 * associated with an Rx security object, as demonstrated below. The general Rx
1418 * security object, of which this is an instance, is described in detail in
1422 * static struct rx_securityOps rxkad_client_ops = {
1424 * rxkad_NewConnection, /* Every new connection */
1425 * rxkad_PreparePacket, /* Once per packet creation */
1426 * 0, /* Send packet (once per retrans) */
1430 * rxkad_GetResponse, /* Respond to challenge packet */
1432 * rxkad_CheckPacket, /* Check data packet */
1433 * rxkad_DestroyConnection,
1442 * As expected, routines are defined for use when someone destroys a security
1443 * object (rxkad Close()) and when an Rx connection using the rxkad model
1444 * creates a new connection (rxkad NewConnection()) or deletes an existing one
1445 * (rxkad DestroyConnection()). Security-specific operations must also be
1446 * performed in behalf of rxkad when packets are created (rxkad
1447 * PreparePacket()) and received (rxkad CheckPacket()). finally, the client
1448 * side of an rxkad security object must also be capable of constructing
1449 * responses to security challenges from the server (rxkad GetResponse()) and
1450 * be willing to reveal statistics on its own operation (rxkad GetStats()).
1452 * \subsubsection sec3-3-2-2 Section 3.3.2.2: Security Object
1455 * The exported routine used to generate an rxkad-specific client-side security
1456 * class object is named rxkad NewClientSecurityObject(). It is declared with
1457 * five parameters, specified below:
1460 * struct rx_securityClass * rxkad_NewClientSecurityObject(
1467 * rxkad_level a_level;
1468 * struct ktc_encryptionKey *a_sessionKeyP;
1475 * The first parameter, a level, specifies the level of encryption desired for
1476 * this security object, with legal choices being identical to those defined
1477 * for the server-side security object described in Section 3.3.1.2. The second
1478 * parameter, a sessionKeyP, provides the session key to use. The ktc
1479 * encryptionKey structure is defined in the rxkad.h include file, and consists
1480 * of an array of 8 characters. The third parameter, a kvno, provides the key
1481 * version number associated with a sessionKeyP. The fourth argument, a
1482 * ticketLen, communicates the length in bytes of the data stored in the fifth
1483 * parameter, a ticketP, which points to the Kerberos ticket to use for the
1484 * principal for which the security object will operate.
1486 * \page chap4 Chapter 4 -- Rx Support Packages
1488 * \section sec4-1 Section 4.1: Introduction
1490 * This chapter documents three packages defined directly in support of the Rx
1492 * \li rx queue: Doubly-linked queue package.
1493 * \li rx clock: Clock package, using the 4.3BSD interval timer.
1494 * \li rx event: Future events package.
1496 * References to constants, structures, and functions defined by these support
1497 * packages will appear in the following API chapter.
1499 * \section sec4-2 Section 4.2: The rx queue Package
1502 * This package provides a doubly-linked queue structure, along with a full
1503 * suite of related operations. The main concern behind the coding of this
1504 * facility was efficiency. All functions are implemented as macros, and it is
1505 * suggested that only simple expressions be used for all parameters.
1507 * The rx queue facility is defined by the rx queue.h include file. Some macros
1508 * visible in this file are intended for rx queue internal use only. An
1509 * understanding of these "hidden" macros is important, so they will also be
1510 * described by this document.
1512 * \subsection sec4-2-1 Section 4.2.1: struct queue
1515 * The queue structure provides the linkage information required to maintain a
1516 * queue of objects. The queue structure is prepended to any user-defined data
1517 * type which is to be organized in this fashion.
1519 * \li struct queue *prev - Pointer to the previous queue header.
1520 * \li struct queue *next - Pointer to the next queue header.
1522 * Note that a null Rx queue consists of a single struct queue object whose
1523 * next and previous pointers refer to itself.
1525 * \subsection sec4-2-2 Section 4.2.2: Internal Operations
1528 * This section describes the internal operations defined for Rx queues. They
1529 * will be referenced by the external operations documented in Section 4.2.3.
1531 * \subsection sec4-2-2-1 Section 4.2.2.1: Q(): Coerce type to a queue
1535 * \#define _Q(x) ((struct queue *)(x))
1537 * This operation coerces the user structure named by x to a queue element. Any
1538 * user structure using the rx queue package must have a struct queue as its
1541 * \subsubsection sec4-2-2-2 Section 4.2.2.2: QA(): Add a queue element
1542 * before/after another element
1545 * \#define _QA(q,i,a,b) (((i->a=q->a)->b=i)->b=q, q->a=i)
1547 * This operation adds the queue element referenced by i either before or after
1548 * a queue element represented by q. If the (a, b) argument pair corresponds to
1549 * an element's (next, prev) fields, the new element at i will be linked after
1550 * q. If the (a, b) argument pair corresponds to an element's (prev, next)
1551 * fields, the new element at i will be linked before q.
1553 * \subsubsection sec4-2-2-3 QR(): Remove a queue element
1556 * \#define _QR(i) ((_Q(i)->prev->next=_Q(i)->next)->prev=_Q(i)->prev)
1558 * This operation removes the queue element referenced by i from its queue. The
1559 * prev and next fields within queue element i itself is not updated to reflect
1560 * the fact that it is no longer part of the queue.
1562 * \subsubsection sec4-2-2-4 QS(): Splice two queues together
1565 * \#define _QS(q1,q2,a,b) if (queue_IsEmpty(q2)); else
1566 * ((((q2->a->b=q1)->a->b=q2->b)->a=q1->a, q1->a=q2->a), queue_Init(q2))
1568 * This operation takes the queues identified by q1 and q2 and splices them
1569 * together into a single queue. The order in which the two queues are appended
1570 * is determined by the a and b arguments. If the (a, b) argument pair
1571 * corresponds to q1's (next, prev) fields, then q2 is appended to q1. If the
1572 * (a, b) argument pair corresponds to q1's (prev, next) fields, then q is
1575 * This internal QS() routine uses two exported queue operations, namely queue
1576 * Init() and queue IsEmpty(), defined in Sections 4.2.3.1 and 4.2.3.16
1577 * respectively below.
1579 * \subsection sec4-2-3 Section 4.2.3: External Operations
1581 * \subsubsection sec4-2-3-1 Section 4.2.3.1: queue Init(): Initialize a
1585 * \#define queue_Init(q) (_Q(q))->prev = (_Q(q))->next = (_Q(q))
1587 * The queue header referred to by the q argument is initialized so that it
1588 * describes a null (empty) queue. A queue head is simply a queue element.
1590 * \subsubsection sec4-2-3-2 Section 4.2.3.2: queue Prepend(): Put element
1591 * at the head of a queue
1594 * \#define queue_Prepend(q,i) _QA(_Q(q),_Q(i),next,prev)
1596 * Place queue element i at the head of the queue denoted by q. The new queue
1597 * element, i, should not currently be on any queue.
1599 * \subsubsection sec4-2-3-3 Section 4.2.3.3: queue Append(): Put an
1600 * element a the tail of a queue
1603 * \#define queue_Append(q,i) _QA(_Q(q),_Q(i),prev,next)
1605 * Place queue element i at the tail of the queue denoted by q. The new queue
1606 * element, i, should not currently be on any queue.
1608 * \subsection sec4-2-3-4 Section 4.2.3.4: queue InsertBefore(): Insert a
1609 * queue element before another element
1612 * \#define queue_InsertBefore(i1,i2) _QA(_Q(i1),_Q(i2),prev,next)
1614 * Insert queue element i2 before element i1 in i1's queue. The new queue
1615 * element, i2, should not currently be on any queue.
1617 * \subsubsection sec4-2-3-5 Section 4.2.3.5: queue InsertAfter(): Insert
1618 * a queue element after another element
1621 * \#define queue_InsertAfter(i1,i2) _QA(_Q(i1),_Q(i2),next,prev)
1623 * Insert queue element i2 after element i1 in i1's queue. The new queue
1624 * element, i2, should not currently be on any queue.
1626 * \subsubsection sec4-2-3-6 Section: 4.2.3.6: queue SplicePrepend():
1627 * Splice one queue before another
1630 * \#define queue_SplicePrepend(q1,q2) _QS(_Q(q1),_Q(q2),next,prev)
1632 * Splice the members of the queue located at q2 to the beginning of the queue
1633 * located at q1, reinitializing queue q2.
1635 * \subsubsection sec4-2-3-7 Section 4.2.3.7: queue SpliceAppend(): Splice
1636 * one queue after another
1639 * \#define queue_SpliceAppend(q1,q2) _QS(_Q(q1),_Q(q2),prev,next)
1641 * Splice the members of the queue located at q2 to the end of the queue
1642 * located at q1, reinitializing queue q2. Note that the implementation of
1643 * queue SpliceAppend() is identical to that of queue SplicePrepend() except
1644 * for the order of the next and prev arguments to the internal queue splicer,
1647 * \subsubsection sec4-2-3-8 Section 4.2.3.8: queue Replace(): Replace the
1648 * contents of a queue with that of another
1651 * \#define queue_Replace(q1,q2) (*_Q(q1) = *_Q(q2),
1652 * \n _Q(q1)->next->prev = _Q(q1)->prev->next = _Q(q1),
1653 * \n queue_Init(q2))
1655 * Replace the contents of the queue located at q1 with the contents of the
1656 * queue located at q2. The prev and next fields from q2 are copied into the
1657 * queue object referenced by q1, and the appropriate element pointers are
1658 * reassigned. After the replacement has occurred, the queue header at q2 is
1661 * \subsubsection sec4-2-3-9 Section 4.2.3.9: queue Remove(): Remove an
1662 * element from its queue
1665 * \#define queue_Remove(i) (_QR(i), _Q(i)->next = 0)
1667 * This function removes the queue element located at i from its queue. The
1668 * next field for the removed entry is zeroed. Note that multiple removals of
1669 * the same queue item are not supported.
1671 * \subsubsection sec4-2-3-10 Section 4.2.3.10: queue MoveAppend(): Move
1672 * an element from its queue to the end of another queue
1675 * \#define queue_MoveAppend(q,i) (_QR(i), queue_Append(q,i))
1677 * This macro removes the queue element located at i from its current queue.
1678 * Once removed, the element at i is appended to the end of the queue located
1681 * \subsubsection sec4-2-3-11 Section 4.2.3.11: queue MovePrepend(): Move
1682 * an element from its queue to the head of another queue
1685 * \#define queue_MovePrepend(q,i) (_QR(i), queue_Prepend(q,i))
1687 * This macro removes the queue element located at i from its current queue.
1688 * Once removed, the element at i is inserted at the head fo the queue located
1691 * \subsubsection sec4-2-3-12 Section 4.2.3.12: queue first(): Return the
1692 * first element of a queue, coerced to a particular type
1695 * \#define queue_first(q,s) ((struct s *)_Q(q)->next)
1697 * Return a pointer to the first element of the queue located at q. The
1698 * returned pointer value is coerced to conform to the given s structure. Note
1699 * that a properly coerced pointer to the queue head is returned if q is empty.
1701 * \subsubsection sec4-2-3-13 Section 4.2.3.13: queue Last(): Return the
1702 * last element of a queue, coerced to a particular type
1705 * \#define queue_Last(q,s) ((struct s *)_Q(q)->prev)
1707 * Return a pointer to the last element of the queue located at q. The returned
1708 * pointer value is coerced to conform to the given s structure. Note that a
1709 * properly coerced pointer to the queue head is returned if q is empty.
1711 * \subsubsection sec4-2-3-14 Section 4.2.3.14: queue Next(): Return the
1712 * next element of a queue, coerced to a particular type
1715 * \#define queue_Next(i,s) ((struct s *)_Q(i)->next)
1717 * Return a pointer to the queue element occuring after the element located at
1718 * i. The returned pointer value is coerced to conform to the given s
1719 * structure. Note that a properly coerced pointer to the queue head is
1720 * returned if item i is the last in its queue.
1722 * \subsubsection sec4-2-3-15 Section 4.2.3.15: queue Prev(): Return the
1723 * next element of a queue, coerced to a particular type
1726 * \#define queue_Prev(i,s) ((struct s *)_Q(i)->prev)
1728 * Return a pointer to the queue element occuring before the element located at
1729 * i. The returned pointer value is coerced to conform to the given s
1730 * structure. Note that a properly coerced pointer to the queue head is
1731 * returned if item i is the first in its queue.
1733 * \subsubsection sec4-2-3-16 Section 4.2.3.16: queue IsEmpty(): Is the
1734 * given queue empty?
1737 * \#define queue_IsEmpty(q) (_Q(q)->next == _Q(q))
1739 * Return a non-zero value if the queue located at q does not have any elements
1740 * in it. In this case, the queue consists solely of the queue header at q
1741 * whose next and prev fields reference itself.
1743 * \subsubsection sec4-2-3-17 Section 4.2.3.17: queue IsNotEmpty(): Is the
1744 * given queue not empty?
1747 * \#define queue_IsNotEmpty(q) (_Q(q)->next != _Q(q))
1749 * Return a non-zero value if the queue located at q has at least one element
1750 * in it other than the queue header itself.
1752 * \subsubsection sec4-2-3-18 Section 4.2.3.18: queue IsOnQueue(): Is an
1753 * element currently queued?
1756 * \#define queue_IsOnQueue(i) (_Q(i)->next != 0)
1758 * This macro returns a non-zero value if the queue item located at i is
1759 * currently a member of a queue. This is determined by examining its next
1760 * field. If it is non-null, the element is considered to be queued. Note that
1761 * any element operated on by queue Remove() (Section 4.2.3.9) will have had
1762 * its next field zeroed. Hence, it would cause a non-zero return from this
1765 * \subsubsection sec4-2-3-19 Section 4.2.3.19: queue Isfirst(): Is an
1766 * element the first on a queue?
1769 * \#define queue_Isfirst(q,i) (_Q(q)->first == _Q(i))
1771 * This macro returns a non-zero value if the queue item located at i is the
1772 * first element in the queue denoted by q.
1774 * \subsubsection sec4-2-3-20 Section 4.2.3.20: queue IsLast(): Is an
1775 * element the last on a queue?
1778 * \#define queue_IsLast(q,i) (_Q(q)->prev == _Q(i))
1780 * This macro returns a non-zero value if the queue item located at i is the
1781 * last element in the queue denoted by q.
1783 * \subsubsection sec4-2-3-21 Section 4.2.3.21: queue IsEnd(): Is an
1784 * element the end of a queue?
1787 * \#define queue_IsEnd(q,i) (_Q(q) == _Q(i))
1789 * This macro returns a non-zero value if the queue item located at i is the
1790 * end of the queue located at q. Basically, it determines whether a queue
1791 * element in question is also the queue header structure itself, and thus does
1792 * not represent an actual queue element. This function is useful for
1793 * terminating an iterative sweep through a queue, identifying when the search
1794 * has wrapped to the queue header.
1796 * \subsubsection sec4-2-3-22 Section 4.2.3.22: queue Scan(): for loop
1797 * test for scanning a queue in a forward direction
1800 * \#define queue_Scan(q, qe, next, s)
1801 * \n (qe) = queue_first(q, s), next = queue_Next(qe, s);
1802 * \n !queue_IsEnd(q, qe);
1803 * \n (qe) = (next), next = queue_Next(qe, s)
1805 * This macro may be used as the body of a for loop test intended to scan
1806 * through each element in the queue located at q. The qe argument is used as
1807 * the for loop variable. The next argument is used to store the next value for
1808 * qe in the upcoming loop iteration. The s argument provides the name of the
1809 * structure to which each queue element is to be coerced. Thus, the values
1810 * provided for the qe and next arguments must be of type (struct s *).
1812 * An example of how queue Scan() may be used appears in the code fragment
1813 * below. It declares a structure named mystruct, which is suitable for
1814 * queueing. This queueable structure is composed of the queue pointers
1815 * themselves followed by an integer value. The actual queue header is kept in
1816 * demoQueue, and the currItemP and nextItemP variables are used to step
1817 * through the demoQueue. The queue Scan() macro is used in the for loop to
1818 * generate references in currItemP to each queue element in turn for each
1819 * iteration. The loop is used to increment every queued structure's myval
1827 * struct queue demoQueue;
1828 * struct mystruct *currItemP, *nextItemP;
1830 * for (queue_Scan(&demoQueue, currItemP, nextItemP, mystruct)) {
1831 * currItemP->myval++;
1836 * Note that extra initializers can be added before the body of the queue
1837 * Scan() invocation above, and extra expressions can be added afterwards.
1839 * \subsubsection sec4-2-3-23 Section 4.2.3.23: queue ScanBackwards(): for
1840 * loop test for scanning a queue in a reverse direction
1843 * #define queue_ScanBackwards(q, qe, prev, s)
1844 * \n (qe) = queue_Last(q, s), prev = queue_Prev(qe, s);
1845 * \n !queue_IsEnd(q, qe);
1846 * \n (qe) = prev, prev = queue_Prev(qe, s)
1848 * This macro is identical to the queue Scan() macro described above in Section
1849 * 4.2.3.22 except for the fact that the given queue is scanned backwards,
1850 * starting at the last item in the queue.
1852 * \section sec4-3 Section 4.3: The rx clock Package
1855 * This package maintains a clock which is independent of the time of day. It
1856 * uses the unix 4.3BSD interval timer (e.g., getitimer(), setitimer()) in
1857 * TIMER REAL mode. Its definition and interface may be found in the rx clock.h
1860 * \subsection sec4-3-1 Section 4.3.1: struct clock
1863 * This structure is used to represent a clock value as understood by this
1864 * package. It consists of two fields, storing the number of seconds and
1865 * microseconds that have elapsed since the associated clock Init() routine has
1869 * \n long sec -Seconds since call to clock Init().
1870 * \n long usec -Microseconds since call to clock Init().
1872 * \subsection sec4-3-2 Section 4.3.12: clock nUpdates
1875 * The integer-valued clock nUpdates is a variable exported by the rx clock
1876 * facility. It records the number of times the clock value is actually
1877 * updated. It is bumped each time the clock UpdateTime() routine is called, as
1878 * described in Section 4.3.3.2.
1880 * \subsection sec4-3-3 Section 4.3.3: Operations
1882 * \subsubsection sec4-3-3-1 Section 4.3.3.1: clock Init(): Initialize the
1886 * This routine uses the unix setitimer() call to initialize the unix interval
1887 * timer. If the setitimer() call fails, an error message will appear on
1888 * stderr, and an exit(1) will be executed.
1890 * \subsubsection sec4-3-3-2 Section 4.3.3.2: clock UpdateTime(): Compute
1894 * The clock UpdateTime() function calls the unix getitimer() routine in order
1895 * to update the current time. The exported clock nUpdates variable is
1896 * incremented each time the clock UpdateTime() routine is called.
1898 * \subsubsection sec4-3-3-3 Section 4.3.3.3: clock GetTime(): Return the
1899 * current clock time
1902 * This macro updates the current time if necessary, and returns the current
1903 * time into the cv argument, which is declared to be of type (struct clock *).
1904 * 4.3.3.4 clock Sec(): Get the current clock time, truncated to seconds
1905 * This macro returns the long value of the sec field of the current time. The
1906 * recorded time is updated if necessary before the above value is returned.
1908 * \subsubsection sec4-3-3-5 Section 4.3.3.5: clock ElapsedTime(): Measure
1909 * milliseconds between two given clock values
1912 * This macro returns the elapsed time in milliseconds between the two clock
1913 * structure pointers provided as arguments, cv1 and cv2.
1915 * \subsubsection sec4-3-3-6 Section 4.3.3.6: clock Advance(): Advance the
1916 * recorded clock time by a specified clock value
1919 * This macro takes a single (struct clock *) pointer argument, cv, and adds
1920 * this clock value to the internal clock value maintined by the package.
1922 * \subsubsection sec4-3-3-7 Section 4.3.3.7: clock Gt(): Is a clock value
1923 * greater than another?
1926 * This macro takes two parameters of type (struct clock *), a and b. It
1927 * returns a nonzero value if the a parameter points to a clock value which is
1928 * later than the one pointed to by b.
1930 * \subsubsection sec4-3-3-8 Section 4.3.3.8: clock Ge(): Is a clock value
1931 * greater than or equal to another?
1934 * This macro takes two parameters of type (struct clock *), a and b. It
1935 * returns a nonzero value if the a parameter points to a clock value which is
1936 * greater than or equal to the one pointed to by b.
1938 * \subsubsection sec4-3-3-9 Section 4.3.3.9: clock Gt(): Are two clock
1942 * This macro takes two parameters of type (struct clock *), a and b. It
1943 * returns a non-zero value if the clock values pointed to by a and b are
1946 * \subsubsection sec4.3.3.10 Section 4.3.3.10: clock Le(): Is a clock
1947 * value less than or equal to another?
1950 * This macro takes two parameters of type (struct clock *), a and b. It
1951 * returns a nonzero value if the a parameter points to a clock value which is
1952 * less than or equal to the one pointed to by b.
1954 * \subsubsection sec4-3-3-11 Section 4.3.3.11: clock Lt(): Is a clock
1955 * value less than another?
1958 * This macro takes two parameters of type (struct clock *), a and b. It
1959 * returns a nonzero value if the a parameter points to a clock value which is
1960 * less than the one pointed to by b.
1962 * \subsubsection sec4-3-3-12 Section 4.3.3.12: clock IsZero(): Is a clock
1966 * This macro takes a single parameter of type (struct clock *), c. It returns
1967 * a non-zero value if the c parameter points to a clock value which is equal
1970 * \subsubsection sec4-3-3-13 Section 4.3.3.13: clock Zero(): Set a clock
1974 * This macro takes a single parameter of type (struct clock *), c. It sets the
1975 * given clock value to zero.
1976 * \subsubsection sec4-3-3-14 Section 4.3.3.14: clock Add(): Add two clock
1979 * This macro takes two parameters of type (struct clock *), c1 and c2. It adds
1980 * the value of the time in c2 to c1. Both clock values must be positive.
1982 * \subsubsection sec4-3-3-15 Section 4.3.3.15: clock Sub(): Subtract two
1986 * This macro takes two parameters of type (struct clock *), c1 and c2. It
1987 * subtracts the value of the time in c2 from c1. The time pointed to by c2
1988 * should be less than the time pointed to by c1.
1990 * \subsubsection sec4-3-3-16 Section 4.3.3.16: clock Float(): Convert a
1991 * clock time into floating point
1994 * This macro takes a single parameter of type (struct clock *), c. It
1995 * expresses the given clock value as a floating point number.
1997 * \section sec4-4 Section 4.4: The rx event Package
2000 * This package maintains an event facility. An event is defined to be
2001 * something that happens at or after a specified clock time, unless cancelled
2002 * prematurely. The clock times used are those provided by the rx clock
2003 * facility described in Section 4.3 above. A user routine associated with an
2004 * event is called with the appropriate arguments when that event occurs. There
2005 * are some restrictions on user routines associated with such events. first,
2006 * this user-supplied routine should not cause process preemption. Also, the
2007 * event passed to the user routine is still resident on the event queue at the
2008 * time of invocation. The user must not remove this event explicitly (via an
2009 * event Cancel(), see below). Rather, the user routine may remove or schedule
2010 * any other event at this time.
2012 * The events recorded by this package are kept queued in order of expiration
2013 * time, so that the first entry in the queue corresponds to the event which is
2014 * the first to expire. This interface is defined by the rx event.h include
2017 * \subsection sec4-4-1 Section 4.4.1: struct rxevent
2020 * This structure defines the format of an Rx event record.
2023 * \n struct queue junk -The queue to which this event belongs.
2024 * \n struct clock eventTime -The clock time recording when this event comes
2026 * \n int (*func)() -The user-supplied function to call upon expiration.
2027 * \n char *arg -The first argument to the (*func)() function above.
2028 * \n char *arg1 -The second argument to the (*func)() function above.
2030 * \subsection sec4-4-2 Section 4.4.2: Operations
2033 * This section covers the interface routines provided for the Rx event
2036 * \subsubsection sec4-4-2-1 Section 4.4.2.1: rxevent Init(): Initialize
2040 * The rxevent Init() routine takes two arguments. The first, nEvents, is an
2041 * integer-valued parameter which specifies the number of event structures to
2042 * allocate at one time. This specifies the appropriate granularity of memory
2043 * allocation by the event package. The second parameter, scheduler, is a
2044 * pointer to an integer-valued function. This function is to be called when an
2045 * event is posted (added to the set of events managed by the package) that is
2046 * scheduled to expire before any other existing event.
2048 * This routine sets up future event allocation block sizes, initializes the
2049 * queues used to manage active and free event structures, and recalls that an
2050 * initialization has occurred. Thus, this function may be safely called
2053 * \subsubsection sec4-4-2-2 Section 4.4.2.2: rxevent Post(): Schedule an
2057 * This function constructs a new event based on the information included in
2058 * its parameters and then schedules it. The rxevent Post() routine takes four
2059 * parameters. The first is named when, and is of type (struct clock *). It
2060 * specifies the clock time at which the event is to occur. The second
2061 * parameter is named func and is a pointer to the integer-valued function to
2062 * associate with the event that will be created. When the event comes due,
2063 * this function will be executed by the event package. The next two arguments
2064 * to rxevent Post() are named arg and arg1, and are both of type (char *).
2065 * They serve as the two arguments thath will be supplied to the func routine
2066 * when the event comes due.
2068 * If the given event is set to take place before any other event currently
2069 * posted, the scheduler routine established when the rxevent Init() routine
2070 * was called will be executed. This gives the application a chance to react to
2071 * this new event in a reasonable way. One might expect that this scheduler
2072 * routine will alter sleep times used by the application to make sure that it
2073 * executes in time to handle the new event.
2075 * \subsubsection sec4-4-2-3 Section 4.4.2.3: rxevent Cancel 1(): Cancel
2076 * an event (internal use)
2079 * This routine removes an event from the set managed by this package. It takes
2080 * a single parameter named ev of type (struct rxevent *). The ev argument
2081 * identifies the pending event to be cancelled.
2083 * The rxevent Cancel 1() routine should never be called directly. Rather, it
2084 * should be accessed through the rxevent Cancel() macro, described in Section
2087 * \subsubsection sec4-4-2-4 Section 4.4.2.4: rxevent Cancel(): Cancel an
2088 * event (external use)
2091 * This macro is the proper way to call the rxevent Cancel 1() routine
2092 * described in Section 4.4.2.3 above. Like rxevent Cancel 1(), it takes a
2093 * single argument. This event ptr argument is of type (struct rxevent *), and
2094 * identi#es the pending event to be cancelled. This macro #rst checks to see
2095 * if event ptr is null. If not, it calls rxevent Cancel 1() to perform the
2096 * real work. The event ptr argument is zeroed after the cancellation operation
2099 * \subsubsection sec4-4-2-5 Section 4.4.2.4: rxevent RaiseEvents():
2100 * Initialize the event package
2103 * This function processes all events that have expired relative to the current
2104 * clock time maintained by the event package. Each qualifying event is removed
2105 * from the queue in order, and its user-supplied routine (func()) is executed
2106 * with the associated arguments.
2108 * The rxevent RaiseEvents() routine takes a single output parameter named
2109 * next, defined to be of type (struct clock *). Upon completion of rxevent
2110 * RaiseEvents(), the relative time to the next event due to expire is placed
2111 * in next. This knowledge may be used to calculate the amount of sleep time
2112 * before more event processing is needed. If there is no recorded event which
2113 * is still pending at this point, rxevent RaiseEvents() returns a zeroed clock
2116 * \subsubsection sec4-4-2-6 Section 4.4.2.6: rxevent TimeToNextEvent():
2117 * Get amount of time until the next event expires
2120 * This function returns the time between the current clock value as maintained
2121 * by the event package and the the next event's expiration time. This
2122 * information is placed in the single output argument,interval, defined to be
2123 * of type (struct clock *). The rxevent TimeToNextEvent() function returns
2124 * integer-valued quantities. If there are no scheduled events, a zero is
2125 * returned. If there are one or more scheduled events, a 1 is returned. If
2126 * zero is returned, the interval argument is not updated.
2128 * \page chap5 Chapter 5 -- Programming Interface
2130 * \section sec5-1 Section 5.1: Introduction
2133 * This chapter documents the API for the Rx facility. Included are
2134 * descriptions of all the constants, structures, exported variables, macros,
2135 * and interface functions available to the application programmer. This
2136 * interface is identical regardless of whether the application lives within
2137 * the unix kernel or above it.
2139 * This chapter actually provides more information than what may be strictly
2140 * considered the Rx API. Many objects that were intended to be opaque and for
2141 * Rx internal use only are also described here. The reason driving the
2142 * inclusion of this "extra" information is that such exported Rx interface
2143 * files as rx.h make these objects visible to application programmers. It is
2144 * prefereable to describe these objects here than to ignore them and leave
2145 * application programmers wondering as to their meaning.
2147 * An example application illustrating the use of this interface, showcasing
2148 * code from both server and client sides, appears in the following chapter.
2150 * \section sec5-2 Section 5.2: Constants
2153 * This section covers the basic constant definitions of interest to the Rx
2154 * application programmer. Each subsection is devoted to describing the
2155 * constants falling into the following categories:
2156 * \li Configuration quantities
2157 * \li Waiting options
2158 * \li Connection ID operations
2159 * \li Connection flags
2160 * \li Connection types
2164 * \li Packet header flags
2167 * \li Packet classes
2168 * \li Conditions prompting ack packets
2171 * \li Debugging values
2173 * An attempt has been made to relate these constant definitions to the objects
2174 * or routines that utilize them.
2176 * \subsection sec5-2-1 Section 5.2.1: Configuration Quantities
2179 * These definitions provide some basic Rx configuration parameters, including
2180 * the number of simultaneous calls that may be handled on a single connection,
2181 * lightweight thread parameters, and timeouts for various operations.
2188 * Default idle dead time for connections, in seconds.
2195 * The maximum number of Rx services that may be installed within one
2199 * RX PROCESS MAXCALLS
2203 * The maximum number of asynchronous calls active simultaneously on any given
2204 * Rx connection. This value must be set to a power of two.
2207 * RX DEFAULT STACK SIZE
2211 * Default lightweight thread stack size, measured in bytes. This value may be
2212 * overridden by calling the rx_SetStackSize() macro.
2215 * RX PROCESS PRIORITY
2217 * LWP NORMAL PRIORITY
2219 * This is the priority under which an Rx thread should run. There should not
2220 * generally be any reason to change this setting.
2223 * RX CHALLENGE TIMEOUT
2227 * The number of seconds before another authentication request packet is
2235 * Maximum number of individual acknowledgements that may be carried in an Rx
2236 * acknowledgement packet.
2238 * \subsection sec5-2-2 Section 5.2.2: Waiting Options
2241 * These definitions provide readable values indicating whether an operation
2242 * should block when packet buffer resources are not available.
2249 * Wait until the associated operation completes.
2256 * Don't wait if the associated operation would block.
2258 * \subsection sec5-2-3 Section 5.2.3: Connection ID Operations
2261 * These values assist in extracting the call channel number from a connection
2262 * identifier. A call channel is the index of a particular asynchronous call
2263 * structure within a single Rx connection.
2270 * Number of bits to right-shift to isolate a connection ID. Must be set to
2271 * the log (base two) of RX MAXCALLS.
2278 * Mask used to isolate a call channel from a connection ID field.
2285 * Mask used to isolate the connection ID from its field, masking out the call
2286 * channel information.
2288 * \subsection sec5-2-4 Section 5.2.4: Connection Flags
2291 * The values defined here appear in the flags field of Rx connections, as
2292 * defined by the rx connection structure described in Section 5.3.2.2.
2295 * RX CONN MAKECALL WAITING
2299 * rx MakeCall() is waiting for a channel.
2302 * RX CONN DESTROY ME
2306 * Destroy this (client) connection after its last call completes.
2309 * RX CONN USING PACKET CKSUM
2313 * This packet is using security-related check-summing (a non-zero header,
2314 * spare field has been seen.)
2316 * \subsection sec5-2-5 Section 5.2.5: Connection Types
2319 * Rx stores different information in its connection structures, depending on
2320 * whether the given connection represents the server side (the one providing
2321 * the service) or the client side (the one requesting the service) of the
2322 * protocol. The type field within the connection structure (described in
2323 * Section 5.3.2.2) takes on the following values to differentiate the two
2324 * types of connections, and identifies the fields that are active within the
2325 * connection structure.
2328 * RX CLIENT CONNECTION
2332 * This is a client-side connection.
2339 * This is a server-side connection.
2341 * \subsection sec5-2-6 Section 5.2.6: Call States
2344 * An Rx call on a particular connection may be in one of several states at any
2345 * instant in time. The following definitions identify the range of states that
2346 * a call may assume.
2353 * The call structure has never been used, and is thus still completely
2361 * A call is not yet in progress, but packets have arrived for it anyway. This
2362 * only applies to calls within server-side connections.
2369 * This call is fully active, having an attached lightweight thread operating
2377 * The call structure is "dallying" after its lightweight thread has completed
2378 * its most recent call. This is a "hot-standby" condition, where the call
2379 * structure preserves state from the previous call and thus optimizes the
2380 * arrival of further, related calls.
2382 * \subsection sec5-2-7 Section 5.2.7: Call Flags:
2385 * These values are used within the flags field of a variable declared to be of
2386 * type struct rx call, as described in Section 5.3.2.4. They provide
2387 * additional information as to the state of the given Rx call, such as the
2388 * type of event for which it is waiting (if any) and whether or not all
2389 * incoming packets have been received in support of the call.
2392 * RX CALL READER WAIT
2396 * Reader is waiting for next packet.
2399 * RX CALL WAIT WINDOW ALLOC
2403 * Sender is waiting for a window so that it can allocate buffers.
2406 * RX CALL WAIT WINDOW SEND
2410 * Sender is waiting for a window so that it can send buffers.
2413 * RX CALL WAIT PACKETS
2417 * Sender is waiting for packet buffers.
2420 * RX CALL RECEIVE DONE
2424 * The call is waiting for a lightweight thread to be assigned to the operation
2425 * it has just received.
2428 * RX CALL RECEIVE DONE
2432 * All packets have been received on this call.
2439 * The receive queue has been cleared when in precall state.
2441 * \subsection sec5-2-8 Section 5.2.8: Call Modes
2444 * These values define the modes of an Rx call when it is in the RX STATE
2445 * ACTIVE state, having a lightweight thread assigned to it.
2452 * We are sending or ready to send.
2459 * We are receiving or ready to receive.
2466 * Something went wrong in the current conversation.
2473 * The server side has flushed (or the client side has read) the last reply
2476 * \subsection sec5-2-9 Section 5.2.9: Packet Header Flags
2479 * Rx packets carry a flag field in their headers, providing additional
2480 * information regarding the packet's contents. The Rx packet header's flag
2481 * field's bits may take the following values:
2484 * RX CLIENT INITIATED
2488 * Signifies that a packet has been sent/received from the client side of the
2496 * The Rx calls' peer entity requests an acknowledgement.
2503 * This is the final packet from this side of the call.
2510 * There are more packets following this, i.e., the next sequence number seen
2511 * by the receiver should be greater than this one, rather than a
2512 * retransmission of an earlier sequence number.
2517 * (RX CLIENT INITIATED | RX LAST PACKET)
2519 * This flag is preset once per Rx packet. It doesn't change on retransmission
2522 * \subsection sec5-3-10 Section 5.2.10: Packet Sizes
2525 * These values provide sizing information on the various regions within Rx
2526 * packets. These packet sections include the IP/UDP headers and bodies as well
2527 * Rx header and bodies. Also covered are such values as different maximum
2528 * packet sizes depending on whether they are targeted to peers on the same
2529 * local network or a more far-flung network. Note that the MTU term appearing
2530 * below is an abbreviation for Maximum Transmission Unit.
2537 * The number of bytes taken up by IP/UDP headers.
2540 * RX MAX PACKET SIZE
2542 * (1500 - RX IPUDP SIZE)
2544 * This is the Ethernet MTU minus IP and UDP header sizes.
2549 * sizeof (struct rx header)
2551 * The number of bytes in an Rx packet header.
2554 * RX MAX PACKET DATA SIZE
2556 * (RX MAX PACKET SIZE RX - HEADER SIZE)
2558 * Maximum size in bytes of the user data in a packet.
2561 * RX LOCAL PACKET SIZE
2563 * RX MAX PACKET SIZE
2565 * Packet size in bytes to use when being sent to a host on the same net.
2568 * RX REMOTE PACKET SIZE
2570 * (576 - RX IPUDP SIZE)
2572 * Packet size in bytes to use when being sent to a host on a different net.
2574 * \subsection sec5-2-11 Section 5.2.11: Packet Types
2577 * The following values are used in the packetType field within a struct rx
2578 * packet, and define the different roles assumed by Rx packets. These roles
2579 * include user data packets, different flavors of acknowledgements, busies,
2580 * aborts, authentication challenges and responses, and debugging vehicles.
2583 * RX PACKET TYPE DATA
2587 * A user data packet.
2590 * RX PACKET TYPE ACK
2594 * Acknowledgement packet.
2597 * RX PACKET TYPE BUSY
2601 * Busy packet. The server-side entity cannot accept the call at the moment,
2602 * but the requestor is encouraged to try again later.
2605 * RX PACKET TYPE ABORT
2609 * Abort packet. No response is needed for this packet type.
2612 * RX PACKET TYPE ACKALL
2616 * Acknowledges receipt of all packets on a call.
2619 * RX PACKET TYPE CHALLENGE
2623 * Challenge the client's identity, requesting credentials.
2626 * RX PACKET TYPE RESPONSE
2630 * Response to a RX PACKET TYPE CHALLENGE authentication challenge packet.
2633 * RX PACKET TYPE DEBUG
2637 * Request for debugging information.
2644 * The number of Rx packet types defined above. Note that it also includes
2645 * packet type 0 (which is unused) in the count.
2648 * The RX PACKET TYPES definition provides a mapping of the above values to
2649 * human-readable string names, and is exported by the rx packetTypes variable
2650 * catalogued in Section 5.4.9.
2665 * \subsection sec5-2-12 Section 5.2.12: Packet Classes
2668 * These definitions are used internally to manage alloction of Rx packet
2669 * buffers according to quota classifications. Each packet belongs to one of
2670 * the following classes, and its buffer is derived from the corresponding
2674 * RX PACKET CLASS RECEIVE
2678 * Receive packet for user data.
2681 * RX PACKET CLASS SEND
2685 * Send packet for user data.
2688 * RX PACKET CLASS SPECIAL
2692 * A special packet that does not hold user data, such as an acknowledgement or
2693 * authentication challenge.
2696 * RX N PACKET CLASSES
2700 * The number of Rx packet classes defined above.
2702 * \subsection sec5-2-13 Section 5.2.13: Conditions Prompting Ack Packets
2705 * Rx acknowledgement packets are constructed and sent by the protocol
2706 * according to the following reasons. These values appear in the Rx packet
2707 * header of the ack packet itself.
2714 * The peer has explicitly requested an ack on this packet.
2721 * A duplicate packet has been received.
2724 * RX ACK OUT OF SEQUENCE
2728 * A packet has arrived out of sequence.
2731 * RX ACK EXCEEDS WINDOW
2735 * A packet sequence number higher than maximum value allowed by the call's
2736 * window has been received.
2743 * No packet buffer space is available.
2750 * Acknowledgement for keep-alive purposes.
2753 * RX ACK PING RESPONSE
2757 * Response to a RX ACK PING packet.
2764 * An ack generated due to a period of inactivity after normal packet
2767 * \subsection 5-2-14 Section 5.2.14: Acknowledgement Types
2770 * These are the set of values placed into the acks array in an Rx
2771 * acknowledgement packet, whose data format is defined by struct rx ackPacket.
2772 * These definitions are used to convey positive or negative acknowledgements
2773 * for a given range of packets.
2780 * Receiver doesn't currently have the associated packet; it may never hae been
2781 * received, or received and then later dropped before processing.
2788 * Receiver has the associated packet queued, although it may later decide to
2791 * \subsection sec5-2-15 Section 5.2.15: Error Codes
2794 * Rx employs error codes ranging from -1 to -64. The Rxgen stub generator may
2795 * use other error codes less than -64. User programs calling on Rx, on the
2796 * other hand, are expected to return positive error codes. A return value of
2797 * zero is interpreted as an indication that the given operation completed
2805 * A connection has been inactive past Rx's tolerance levels and has been shut
2809 * RX INVALID OPERATION
2813 * An invalid operation has been attempted, including such protocol errors as
2814 * having a client-side call send data after having received the beginning of a
2815 * reply from its server-side peer.
2822 * The (optional) timeout value placed on this call has been exceeded (see
2823 * Sections 5.5.3.4 and 5.6.5).
2830 * Unexpected end of data on a read operation.
2837 * An unspecified low-level Rx protocol error has occurred.
2844 * A generic user abort code, used when no more specific error code needs to be
2845 * communicated. For example, Rx clients employing the multicast feature (see
2846 * Section 1.2.8) take advantage of this error code.
2848 * \subsection sec5-2-16 Section 5.2.16: Debugging Values
2851 * Rx provides a set of data collections that convey information about its
2852 * internal status and performance. The following values have been defined in
2853 * support of this debugging and statistics-collection feature.
2855 * \subsubsection sec5-3-16-1 Section 5.2.16.1: Version Information
2858 * Various versions of the Rx debugging/statistics interface are in existance,
2859 * each defining different data collections and handling certain bugs. Each Rx
2860 * facility is stamped with a version number of its debugging/statistics
2861 * interface, allowing its clients to tailor their requests to the precise data
2862 * collections that are supported by a particular Rx entity, and to properly
2863 * interpret the data formats received through this interface. All existing Rx
2864 * implementations should be at revision M.
2867 * RX DEBUGI VERSION MINIMUM
2871 * The earliest version of Rx statistics available.
2878 * The latest version of Rx statistics available.
2881 * RX DEBUGI VERSION W SECSTATS
2885 * Identifies the earliest version in which statistics concerning Rx security
2886 * objects is available.
2889 * RX DEBUGI VERSION W GETALLCONN
2893 * The first version that supports getting information about all current Rx
2894 * connections, as specified y the RX DEBUGI GETALLCONN debugging request
2895 * packet opcode described below.
2898 * RX DEBUGI VERSION W RXSTATS
2902 * The first version that supports getting all the Rx statistics in one
2903 * operation, as specified by the RX DEBUGI RXSTATS debugging request packet
2904 * opcode described below.
2907 * RX DEBUGI VERSION W UNALIGNED CONN
2911 * There was an alignment problem discovered when returning Rx connection
2912 * information in older versions of this debugging/statistics interface. This
2913 * identifies the last version that exhibited this alignment problem.
2915 * \subsubsection sec5-2-16-2 Section 5.2.16.2: Opcodes
2918 * When requesting debugging/statistics information, the caller specifies one
2919 * of the following supported data collections:
2922 * RX DEBUGI GETSTATS
2926 * Get basic Rx statistics.
2933 * Get information on all Rx connections considered "interesting" (as defined
2934 * below), and no others.
2937 * RX DEBUGI GETALLCONN
2941 * Get information on all existing Rx connection structures, even
2942 * "uninteresting" ones.
2949 * Get all available Rx stats.
2952 * An Rx connection is considered "interesting" if it is waiting for a call
2953 * channel to free up or if it has been marked for destruction. If neither is
2954 * true, a connection is still considered interesting if any of its call
2955 * channels is actively handling a call or in its preparatory pre-call state.
2956 * Failing all the above conditions, a connection is still tagged as
2957 * interesting if any of its call channels is in either of the RX MODE SENDING
2958 * or RX MODE RECEIVING modes, which are not allowed when the call is not
2961 * \subsubsection sec5-2-16-3 Section 5.2.16.3: Queuing
2964 * These two queueing-related values indicate whether packets are present on
2965 * the incoming and outgoing packet queues for a given Rx call. These values
2966 * are only used in support of debugging and statistics-gathering operations.
2973 * Packets available in in queue.
2980 * Packets available in out queue.
2982 * \section sec5-3 Section 5.3: Structures
2985 * This section describes the major exported Rx data structures of interest to
2986 * application programmers. The following categories are utilized for the
2987 * purpose of organizing the structure descriptions:
2988 * \li Security objects
2989 * \li Protocol objects
2990 * \li Packet formats
2991 * \li Debugging and statistics
2994 * Please note that many fields described in this section are declared to be
2995 * VOID. This is defined to be char, and is used to get around some compiler
2997 * \subsection sec5-3-1 Section 5.3.1: Security Objects
3000 * As explained in Section 1.2.1, Rx provides a modular, extensible security
3001 * model. This allows Rx applications to either use one of the built-in
3002 * security/authentication protocol packages or write and plug in one of their
3003 * own. This section examines the various structural components used by Rx to
3004 * support generic security and authentication modules.
3006 * \subsubsection sec5-3-1-1 Section 5.3.1.1: struct rx securityOps
3009 * As previously described, each Rx security object must export a fixed set of
3010 * interface functions, providing the full set of operations defined on the
3011 * object. The rx securityOps structure defines the array of functions
3012 * comprising this interface. The Rx facility calls these routines at the
3013 * appropriate times, without knowing the specifics of how any particular
3014 * security object implements the operation.
3016 * A complete description of these interface functions, including information
3017 * regarding their exact purpose, parameters, and calling conventions, may be
3018 * found in Section 5.5.7.
3021 * \li int (*op Close)() - React to the disposal of a security object.
3022 * \li int (*op NewConnection)() - Invoked each time a new Rx connection
3023 * utilizing the associated security object is created.
3024 * \li int (*op PreparePacket)() - Invoked each time an outgoing Rx packet is
3025 * created and sent on a connection using the given security object.
3026 * \li int (*op SendPacket)() - Called each time a packet belonging to a call
3027 * in a connection using the security object is physically transmitted.
3028 * \li int (*op CheckAuthentication)() - This function is executed each time it
3029 * is necessary to check whether authenticated calls are being perfomed on a
3030 * connection using the associated security object.
3031 * \li int (*op CreateChallenge)() - Invoked each time a server-side challenge
3032 * event is created by Rx, namely when the identity of the principal associated
3033 * with the peer process must be determined.
3034 * \li int (*op GetChallenge)() - Called each time a client-side packet is
3035 * constructed in response to an authentication challenge.
3036 * \li int (*op GetResponse)() - Executed each time a response to a challenge
3037 * event must be received on the server side of a connection.
3038 * \li int (*op CheckResponse)() - Invoked each time a response to an
3039 * authentication has been received, validating the response and pulling out
3040 * the required authentication information.
3041 * \li int (*op CheckPacket) () - Invoked each time an Rx packet has been
3042 * received, making sure that the packet is properly formatted and that it
3043 * hasn't been altered.
3044 * \li int (*op DestroyConnection)() - Called each time an Rx connection
3045 * employing the given security object is destroyed.
3046 * \li int (*op GetStats)() - Executed each time a request for statistics on
3047 * the given security object has been received.
3048 * \li int (*op Spare1)()-int (*op Spare3)() - Three spare function slots,
3049 * reserved for future use.
3051 * \subsubsection sec5-3-1-2 Section 5.2.1.2: struct rx securityClass
3054 * Variables of type struct rx securityClass are used to represent
3055 * instantiations of a particular security model employed by Rx. It consists of
3056 * a pointer to the set of interface operations implementing the given security
3057 * object, along with a pointer to private storage as necessary to support its
3058 * operations. These security objects are also reference-counted, tracking the
3059 * number of Rx connections in existance that use the given security object. If
3060 * the reference count drops to zero, the security module may garbage-collect
3061 * the space taken by the unused security object.
3064 * \li struct rx securityOps *ops - Pointer to the array of interface functions
3065 * for the security object.
3066 * \li VOID *privateData - Pointer to a region of storage used by the security
3067 * object to support its operations.
3068 * \li int refCount - A reference count on the security object, tracking the
3069 * number of Rx connections employing this model.
3071 * \subsubsection sec5-3-1-3 Section 5.3.1.3: struct rx
3072 * securityObjectStats
3075 * This structure is used to report characteristics for an instantiation of a
3076 * security object on a particular Rx connection, as well as performance
3077 * figures for that object. It is used by the debugging portions of the Rx
3078 * package. Every security object defines and manages fields such as level and
3079 * flags differently.
3082 * \li char type - The type of security object being implemented. Existing
3084 * \li 0: The null security package.
3085 * \li 1: An obsolete Kerberos-like security object.
3086 * \li 2: The rxkad discipline (see Chapter 3).
3087 * \li char level - The level at which encryption is utilized.
3088 * \li char sparec[10] - Used solely for alignment purposes.
3089 * \li long flags - Status flags regarding aspects of the connection relating
3090 * to the security object.
3091 * \li u long expires - Absolute time when the authentication information
3092 * cached by the given connection expires. A value of zero indicates that the
3093 * associated authentication information is valid for all time.
3094 * \li u long packetsReceived - Number of packets received on this particular
3095 * connection, and thus the number of incoming packets handled by the
3096 * associated security object.
3097 * \li u long packetsSent - Number of packets sent on this particular
3098 * connection, and thus the number of outgoing packets handled by the
3099 * associated security object.
3100 * \li u long bytesReceived - Overall number of "payload" bytes received (i.e.,
3101 * packet bytes not associated with IP headers, UDP headers, and the security
3102 * module's own header and trailer regions) on this connection.
3103 * \li u long bytesSent - Overall number of "payload" bytes sent (i.e., packet
3104 * bytes not associated with IP headers, UDP headers, and the security module's
3105 * own header and trailer regions) on this connection.
3106 * \li short spares[4] - Several shortword spares, reserved for future use.
3107 * \li long sparel[8] - Several longword spares, reserved for future use.
3109 * \subsection sec5-3-2 Section 5.3.2: Protocol Objects
3112 * The structures describing the main abstractions and entities provided by Rx,
3113 * namely services, peers, connections and calls are covered in this section.
3115 * \subsubsection sec5-3-2-1 Section 5.3.2.1: struct rx service
3118 * An Rx-based server exports services, or specific RPC interfaces that
3119 * accomplish certain tasks. Services are identified by (host-address,
3120 * UDP-port, serviceID) triples. An Rx service is installed and initialized on
3121 * a given host through the use of the rx NewService() routine (See Section
3122 * 5.6.3). Incoming calls are stamped with the Rx service type, and must match
3123 * an installed service to be accepted. Internally, Rx services also carry
3124 * string names for purposes of identification. These strings are useful to
3125 * remote debugging and statistics-gathering programs. The use of a service ID
3126 * allows a single server process to export multiple, independently-specified
3129 * Each Rx service contains one or more security classes, as implemented by
3130 * individual security objects. These security objects implement end-to-end
3131 * security protocols. Individual peer-to-peer connections established on
3132 * behalf of an Rx service will select exactly one of the supported security
3133 * objects to define the authentication procedures followed by all calls
3134 * associated with the connection. Applications are not limited to using only
3135 * the core set of built-in security objects offered by Rx. They are free to
3136 * define their own security objects in order to execute the specific protocols
3139 * It is possible to specify both the minimum and maximum number of lightweight
3140 * processes available to handle simultaneous calls directed to an Rx service.
3141 * In addition, certain procedures may be registered with the service and
3142 * called at set times in the course of handling an RPC request.
3145 * \li u short serviceId - The associated service number.
3146 * \li u short servicePort - The chosen UDP port for this service.
3147 * \li char *serviceName - The human-readable service name, expressed as a
3149 * \li string. osi socket socket - The socket structure or file descriptor used
3151 * \li u short nSecurityObjects - The number of entries in the array of
3152 * supported security objects.
3153 * \li struct rx securityClass **securityObjects - The array of pointers to the
3155 * vice's security class objects.
3156 * \li long (*executeRequestProc)() - A pointer to the routine to call when an
3157 * RPC request is received for this service.
3158 * \li VOID (*destroyConnProc)() - A pointer to the routine to call when one of
3159 * the server-side connections associated with this service is destroyed.
3160 * \li VOID (*newConnProc)() - A pointer to the routine to call when a
3161 * server-side connection associated with this service is created.
3162 * \li VOID (*beforeProc)() - A pointer to the routine to call before an
3163 * individual RPC call on one of this service's connections is executed.
3164 * \li VOID (*afterProc)() - A pointer to the routine to call after an
3165 * individual RPC call on one of this service's connections is executed.
3166 * \li short nRequestsRunning - The number of simultaneous RPC calls currently
3167 * in progress for this service.
3168 * \li short maxProcs - This field has two meanings. first, maxProcs limits the
3169 * total number of requests that may execute in parallel for any one service.
3170 * It also guarantees that this many requests may be handled in parallel if
3171 * there are no active calls for any other service.
3172 * \li short minProcs - The minimum number of lightweight threads (hence
3173 * requests) guaranteed to be simultaneously executable.
3174 * \li short connDeadTime - The number of seconds until a client of this
3175 * service will be declared to be dead, if it is not responding to the RPC
3177 * \li short idleDeadTime - The number of seconds a server-side connection for
3178 * this service will wait for packet I/O to resume after a quiescent period
3179 * before the connection is marked as dead.
3181 * \subsubsection sec5-3-2-2 Section 5.3.2.2: struct rx connection
3184 * An Rx connection represents an authenticated communication path, allowing
3185 * multiple asynchronous conversations (calls). Each connection is identified
3186 * by a connection ID. The low-order bits of the connection ID are reserved so
3187 * they may be stamped with the index of a particular call channel. With up to
3188 * RX MAXCALLS concurrent calls (set to 4 in this implementation), the bottom
3189 * two bits are set aside for this purpose. The connection ID is not sufficient
3190 * by itself to uniquely identify an Rx connection. Should a client crash and
3191 * restart, it may reuse a connection ID, causing inconsistent results. In
3192 * addition to the connection ID, the epoch, or start time for the client side
3193 * of the connection, is used to identify a connection. Should the above
3194 * scenario occur, a different epoch value will be chosen by the client,
3195 * differentiating this incarnation from the orphaned connection record on the
3198 * Each connection is associated with a parent service, which defines a set of
3199 * supported security models. At creation time, an Rx connection selects the
3200 * particular security protocol it will implement, referencing the associated
3201 * service. The connection structure maintains state about the individual calls
3202 * being simultaneously handled.
3205 * \li struct rx connection *next - Used for internal queueing.
3206 * \li struct rx peer *peer - Pointer to the connection's peer information (see
3208 * \li u long epoch - Process start time of the client side of the connection.
3209 * \li u long cid - Connection identifier. The call channel (i.e., the index
3210 * into the connection's array of call structures) may appear in the bottom
3212 * \li VOID *rock - Pointer to an arbitrary region of memory in support of the
3213 * connection's operation. The contents of this area are opaque to the Rx
3214 * facility in general, but are understood by any special routines used by this
3216 * \li struct rx call *call[RX MAXCALLS] - Pointer to the call channel
3217 * structures, describing up to RX MAXCALLS concurrent calls on this
3219 * \li u long callNumber[RX MAXCALLS] - The set of current call numbers on each
3220 * of the call channels.
3221 * \li int timeout - Obsolete; no longer used.
3222 * \li u char flags - Various states of the connection; see Section 5.2.4 for
3223 * individual bit definitions.
3224 * \li u char type - Whether the connection is a server-side or client-side
3225 * one. See Section 5.2.5 for individual bit definitions.
3226 * \li u short serviceId - The service ID that should be stamped on requests.
3227 * This field is only used by client-side instances of connection structures.
3228 * \li struct rx service *service - A pointer to the service structure
3229 * associated with this connection. This field is only used by server-side
3230 * instances of connection structures.
3231 * \li u long serial - Serial number of the next outgoing packet associated
3232 * with this connection.
3233 * \li u long lastSerial - Serial number of the last packet received in
3234 * association with this connection. This field is used in computing packet
3236 * \li u short secondsUntilDead - Maximum numer of seconds of silence that
3237 * should be tolerated from the connection's peer before calls will be
3238 * terminated with an RX CALL DEAD error.
3239 * \li u char secondsUntilPing - The number of seconds between "pings"
3240 * (keep-alive probes) when at least one call is active on this connection.
3241 * \li u char securityIndex - The index of the security object being used by
3242 * this connection. This number selects a slot in the security class array
3243 * maintained by the service associated with the connection.
3244 * \li long error - Records the latest error code for calls occurring on this
3246 * \li struct rx securityClass *securityObject - A pointer to the security
3247 * object used by this connection. This should coincide with the slot value
3248 * chosen by the securityIndex field described above.
3249 * \li VOID *securityData - A pointer to a region dedicated to hosting any
3250 * storage required by the security object being used by this connection.
3251 * \li u short securityHeaderSize - The length in bytes of the portion of the
3252 * packet header before the user's data that contains the security module's
3254 * \li u short securityMaxTrailerSize - The length in bytes of the packet
3255 * trailer, appearing after the user's data, as mandated by the connection's
3257 * \li struct rxevent *challengeEvent -Pointer to an event that is scheduled
3258 * when the server side of the connection is challenging the client to
3259 * authenticate itself.
3260 * \li int lastSendTime - The last time a packet was sent on this connection.
3261 * \li long maxSerial - The largest serial number seen on incoming packets.
3262 * \li u short hardDeadTime - The maximum number of seconds that any call on
3263 * this connection may execute. This serves to throttle runaway calls.
3265 * \subsubsection sec5-3-2-3 Section 5.3.2.3: struct rx peer
3268 * For each connection, Rx maintains information describing the entity, or
3269 * peer, on the other side of the wire. A peer is identified by a (host,
3270 * UDP-port) pair. Included in the information kept on this remote
3271 * communication endpoint are such network parameters as the maximum packet
3272 * size supported by the host, current readings on round trip time to
3273 * retransmission delays, and packet skew (see Section 1.2.7). There are also
3274 * congestion control fields, ranging from descriptions of the maximum number
3275 * of packets that may be sent to the peer without pausing and retransmission
3276 * statistics. Peer structures are shared between connections whenever
3277 * possible, and hence are reference-counted. A peer object may be
3278 * garbage-collected if it is not actively referenced by any connection
3279 * structure and a sufficient period of time has lapsed since the reference
3280 * count dropped to zero.
3283 * \li struct rx peer *next - Use to access internal lists.
3284 * \li u long host - Remote IP address, in network byte order
3285 * \li u short port - Remote UDP port, in network byte order
3286 * \li short packetSize - Maximum packet size for this host, if known.
3287 * \li u long idleWhen - When the refCount reference count field (see below)
3289 * \li short refCount - Reference count for this structure
3290 * \li u char burstSize - Reinitialization size for the burst field (below).
3291 * \li u char burst - Number of packets that can be transmitted immediately
3293 * \li struct clock burstWait - Time delay until new burst aimed at this peer
3295 * \li struct queue congestionQueue - Queue of RPC call descriptors that are
3296 * waiting for a non-zero burst value.
3297 * \li int rtt - Round trip time to the peer, measured in milliseconds.
3298 * \li struct clock timeout - Current retransmission delay to the peer.
3299 * \li int nSent - Total number of distinct data packets sent, not including
3301 * \li int reSends - Total number of retransmissions for this peer since the
3302 * peer structure instance was created.
3303 * \li u long inPacketSkew - Maximum skew on incoming packets (see Section
3305 * \li u long outPacketSkew - Peer-reported maximum skew on outgoing packets
3306 * (see Section 1.2.7).
3308 * \subsubsection sec5-3-2-4 Section 5.3.2.4: struct rx call
3311 * This structure records the state of an active call proceeding on a given Rx
3312 * connection. As described above, each connection may have up to RX MAXCALLS
3313 * calls active at any one instant, and thus each connection maintains an array
3314 * of RX MAXCALLS rx call structures. The information contained here is
3315 * specific to the given call; "permanent" call state, such as the call number,
3316 * is maintained in the connection structure itself.
3319 * \li struct queue queue item header - Queueing information for this
3321 * \li struct queue tq - Queue of outgoing ("transmit") packets.
3322 * \li struct queue rq - Queue of incoming ("receive") packets.
3323 * \li char *bufPtr - Pointer to the next byte to fill or read in the call's
3324 * current packet, depending on whether it is being transmitted or received.
3325 * \li u short nLeft - Number of bytes left to read in the first packet in the
3326 * reception queue (see field rq).
3327 * \li u short nFree - Number of bytes still free in the last packet in the
3328 * transmission queue (see field tq).
3329 * \li struct rx packet *currentPacket - Pointer to the current packet being
3330 * assembled or read.
3331 * \li struct rx connection *conn - Pointer to the parent connection for this
3333 * \li u long *callNumber - Pointer to call number field within the call's
3335 * \li u char channel - Index within the parent connection's call array that
3336 * describes this call.
3337 * \li u char dummy1, dummy2 - These are spare fields, reserved for future use.
3338 * \li u char state - Current call state. The associated bit definitions appear
3340 * \li u char mode - Current mode of a call that is in RX STATE ACTIVE state.
3341 * The associated bit definitions appear in Section 5.2.8.
3342 * \li u char flags - Flags pertaining to the state of the given call. The
3343 * associated bit definitions appear in Section 5.2.7.
3344 * \li u char localStatus - Local user status information, sent out of band.
3345 * This field is currently not in use, set to zero.
3346 * \li u char remoteStatus - Remote user status information, received out of
3347 * band. This field is currently not in use, set to zero.
3348 * \li long error - Error condition for this call.
3349 * \li u long timeout - High level timeout for this call
3350 * \li u long rnext - Next packet sequence number expected to be received.
3351 * \li u long rprev - Sequence number of the previous packet received. This
3352 * number is used to decide the proper sequence number for the next packet to
3353 * arrive, and may be used to generate a negative acknowledgement.
3354 * \li u long rwind - Width of the packet receive window for this call. The
3355 * peer must not send packets with sequence numbers greater than or equal to
3357 * \li u long tfirst - Sequence number of the first unacknowledged transmit
3358 * packet for this call.
3359 * \li u long tnext - Next sequence number to use for an outgoing packet.
3360 * \li u long twind - Width of the packet transmit window for this call. Rx
3361 * cannot assign a sequence number to an outgoing packet greater than or equal
3362 * to tfirst + twind.
3363 * \li struct rxevent *resendEvent - Pointer to a pending retransmission event,
3365 * \li struct rxevent *timeoutEvent - Pointer to a pending timeout event, if
3367 * \li struct rxevent *keepAliveEvent - Pointer to a pending keep-alive event,
3368 * if this is an active call.
3369 * \li struct rxevent *delayedAckEvent - Pointer to a pending delayed
3370 * acknowledgement packet event, if any. Transmission of a delayed
3371 * acknowledgement packet is scheduled after all outgoing packets for a call
3372 * have been sent. If neither a reply nor a new call are received by the time
3373 * the delayedAckEvent activates, the ack packet will be sent.
3374 * \li int lastSendTime - Last time a packet was sent for this call.
3375 * \li int lastReceiveTime - Last time a packet was received for this call.
3376 * \li VOID (*arrivalProc)() - Pointer to the procedure to call when reply is
3378 * \li VOID *arrivalProcHandle - Pointer to the handle to pass to the
3379 * arrivalProc as its first argument.
3380 * \li VOID *arrivalProcArg - Pointer to an additional argument to pass to the
3381 * given arrivalProc.
3382 * \li u long lastAcked - Sequence number of the last packet "hard-acked" by
3383 * the receiver. A packet is considered to be hard-acked if an acknowledgement
3384 * is generated after the reader has processed it. The Rx facility may
3385 * sometimes "soft-ack" a windowfull of packets before they have been picked up
3387 * \li u long startTime - The time this call started running.
3388 * \li u long startWait - The time that a server began waiting for input data
3391 * \subsection sec5-3-3 Section 5.3.3: Packet Formats
3394 * The following sections cover the different data formats employed by the
3395 * suite of Rx packet types, as enumerated in Section 5.2.11. A description of
3396 * the most commonly-employed Rx packet header appears first, immediately
3397 * followed by a description of the generic packet container and descriptor.
3398 * The formats for Rx acknowledgement packets and debugging/statistics packets
3399 * are also examined.
3401 * \subsubsection sec5-3-3-1 Section 5.3.3.1: struct rx header
3404 * Every Rx packet has its own header region, physically located after the
3405 * leading IP/UDP headers. This header contains connection, call, security, and
3406 * sequencing information. Along with a type identifier, these fields allow the
3407 * receiver to properly interpret the packet. In addition, every client relates
3408 * its "epoch", or Rx incarnation date, in each packet. This assists in
3409 * identifying protocol problems arising from reuse of connection identifiers
3410 * due to a client restart. Also included in the header is a byte of
3411 * user-defined status information, allowing out-of-band channel of
3412 * communication for the higher-level application using Rx as a transport
3416 * \li u long epoch - Birth time of the client Rx facility.
3417 * \li u long cid - Connection identifier, as defined by the client. The last
3418 * RX CIDSHIFT bits in the cid field identify which of the server-side RX
3419 * MAXCALLS call channels is to receive the packet.
3420 * \li u long callNumber - The current call number on the chosen call channel.
3421 * \li u long seq - Sequence number of this packet. Sequence numbers start with
3422 * 0 for each new Rx call.
3423 * \li u long serial - This packet's serial number. A new serial number is
3424 * stamped on each packet transmitted (or retransmitted).
3425 * \li u char type - What type of Rx packet this is; see Section 5.2.11 for the
3426 * list of legal definitions.
3427 * \li u char flags - Flags describing this packet; see Section 5.2.9 for the
3428 * list of legal settings.
3429 * \li u char userStatus - User-defined status information, uninterpreted by
3430 * the Rx facility itself. This field may be easily set or retrieved from Rx
3431 * packets via calls to the rx GetLocalStatus(), rx SetLocalStatus(), rx
3432 * GetRemoteStatus(), and rx SetRemoteStatus() macros.
3433 * \li u char securityIndex - Index in the associated server-side service class
3434 * of the security object used by this call.
3435 * \li u short serviceId - The server-provided service ID to which this packet
3437 * \li u short spare - This field was originally a true spare, but is now used
3438 * by the built-in rxkad security module for packet header checksums. See the
3439 * descriptions of the related rx IsUsingPktChecksum(), rx GetPacketCksum(),
3440 * and rx SetPacketCksum() macros.
3442 * \subsubsection sec5-3-3-2 Section 5.3.3.2: struct rx packet
3445 * This structure is used to describe an Rx packet, and includes the wire
3446 * version of the packet contents, where all fields exist in network byte
3447 * order. It also includes acknowledgement, length, type, and queueing
3451 * \li struct queue queueItemHeader - field used for internal queueing.
3452 * \li u char acked - If non-zero, this field indicates that this packet has
3453 * been tentatively (soft-) acknowledged. Thus, the packet has been accepted by
3454 * the rx peer entity on the other side of the connection, but has not yet
3455 * necessarily been passed to the true reader. The sender is not free to throw
3456 * the packet away, as it might still get dropped by the peer before it is
3457 * delivered to its destination process.
3458 * \li short length - Length in bytes of the user data section.
3459 * \li u char packetType - The type of Rx packet described by this record. The
3460 * set of legal choices is available in Section 5.2.11.
3461 * \li struct clock retryTime - The time when this packet should be
3462 * retransmitted next.
3463 * \li struct clock timeSent - The last time this packet was transmitted.
3464 * \li struct rx header header - A copy of the internal Rx packet header.
3465 * \li wire - The text of the packet as it appears on the wire. This structure
3466 * has the following sub-fields:
3467 * \li u long head[RX HEADER SIZE/sizeof(long)] The wire-level contents of
3468 * IP, UDP, and Rx headers.
3469 * \li u long data[RX MAX PACKET DATA SIZE/sizeof(long)] The wire form of
3470 * the packet's "payload", namely the user data it carries.
3472 * \subsubsection sec5-3-3-3 Section 5.3.3.3: struct rx ackPacket
3475 * This is the format for the data portion of an Rx acknowledgement packet,
3476 * used to inform a peer entity performing packet transmissions that a subset
3477 * of its packets has been properly received.
3480 * \li u short bufferSpace - Number of packet buffers available. Specifically,
3481 * the number of packet buffers that the ack packet's sender is willing to
3482 * provide for data on this or subsequent calls. This number does not have to
3483 * fully accurate; it is acceptable for the sender to provide an estimate.
3484 * \li u short maxSkew - The maximum difference seen between the serial number
3485 * of the packet being acknowledged and highest packet yet received. This is an
3486 * indication of the degree to which packets are arriving out of order at the
3488 * \li u long firstPacket - The serial number of the first packet in the list
3489 * of acknowledged packets, as represented by the acks field below.
3490 * \li u long previousPacket - The previous packet serial number received.
3491 * \li u long serial - The serial number of the packet prompted the
3493 * \li u char reason - The reason given for the acknowledgement; legal values
3494 * for this field are described in Section 5.2.13.
3495 * \li u char nAcks - Number of acknowledgements active in the acks array
3496 * immediately following.
3497 * \li u char acks[RX MAXACKS] - Up to RX MAXACKS packet acknowledgements. The
3498 * legal values for each slot in the acks array are described in Section
3499 * 5.2.14. Basically, these fields indicate either positive or negative
3503 * All packets with serial numbers prior to firstPacket are implicitly
3504 * acknowledged by this packet, indicating that they have been fully processed
3505 * by the receiver. Thus, the sender need no longer be concerned about them,
3506 * and may release all of the resources that they occupy. Packets with serial
3507 * numbers firstPacket + nAcks and higher are not acknowledged by this ack
3508 * packet. Packets with serial numbers in the range [firstPacket, firstPacket +
3509 * nAcks) are explicitly acknowledged, yet their sender-side resources must not
3510 * yet be released, as there is yet no guarantee that the receiver will not
3511 * throw them away before they can be processed there.
3513 * There are some details of importance to be noted. For one, receiving a
3514 * positive acknowlegement via the acks array does not imply that the
3515 * associated packet is immune from being dropped before it is read and
3516 * processed by the receiving entity. It does, however, imply that the sender
3517 * should stop retransmitting the packet until further notice. Also, arrival of
3518 * an ack packet should prompt the transmitter to immediately retransmit all
3519 * packets it holds that have not been explicitly acknowledged and that were
3520 * last transmitted with a serial number less than the highest serial number
3521 * acknowledged by the acks array.
3522 * Note: The fields in this structure are always kept in wire format, namely in
3523 * network byte order.
3525 * \subsection sec5-3-4 Section 5.3.4: Debugging and Statistics
3528 * The following structures are defined in support of the debugging and
3529 * statistics-gathering interfaces provided by Rx.
3531 * \subsubsection sec5-3-4-1 Section 5.3.4.1: struct rx stats
3534 * This structure maintains Rx statistics, and is gathered by such tools as the
3535 * rxdebug program. It must be possible for all of the fields placed in this
3536 * structure to be successfully converted from their on-wire network byte
3537 * orderings to the host-specific ordering.
3540 * \li int packetRequests - Number of packet allocation requests processed.
3541 * \li int noPackets[RX N PACKET CLASSES] - Number of failed packet requests,
3542 * organized per allocation class.
3543 * \li int socketGreedy - Whether the SO GREEDY setting succeeded for the Rx
3545 * \li int bogusPacketOnRead - Number of inappropriately short packets
3547 * \li int bogusHost - Contains the host address from the last bogus packet
3549 * \li int noPacketOnRead - Number of attempts to read a packet off the wire
3550 * when there was actually no packet there.
3551 * \li int noPacketBuffersOnRead - Number of dropped data packets due to lack
3552 * of packet buffers.
3553 * \li int selects - Number of selects waiting for a packet arrival or a
3555 * \li int sendSelects - Number of selects forced when sending packets.
3556 * \li int packetsRead[RX N PACKET TYPES] - Total number of packets read,
3557 * classified by type.
3558 * \li int dataPacketsRead - Number of unique data packets read off the wire.
3559 * \li int ackPacketsRead - Number of ack packets read.
3560 * \li int dupPacketsRead - Number of duplicate data packets read.
3561 * \li int spuriousPacketsRead - Number of inappropriate data packets.
3562 * \li int packetsSent[RX N PACKET TYPES] - Number of packet transmissions,
3563 * broken down by packet type.
3564 * \li int ackPacketsSent - Number of ack packets sent.
3565 * \li int pingPacketsSent - Number of ping packets sent.
3566 * \li int abortPacketsSent - Number of abort packets sent.
3567 * \li int busyPacketsSent - Number of busy packets sent.
3568 * \li int dataPacketsSent - Number of unique data packets sent.
3569 * \li int dataPacketsReSent - Number of retransmissions.
3570 * \li int dataPacketsPushed - Number of retransmissions pushed early by a
3571 * negative acknowledgement.
3572 * \li int ignoreAckedPacket - Number of packets not retransmitted because they
3573 * have already been acked.
3574 * \li int struct clock totalRtt - Total round trip time measured for packets,
3575 * used to compute average time figure.
3576 * \li struct clock minRtt - Minimum round trip time measured for packets.
3577 * struct clock maxRtt - Maximum round trip time measured
git://git.openafs.org / openafs.git / blob