1 /*! \mainpage AFS-3 Programmer's Reference: Specification for the Rx Remote
2 * Procedure Call Facility
4 * AFS-3 Programmer's Reference:
6 * Specification for the Rx Remote Procedure Call Facility
7 * \author Edward R. Zayas
10 * \date 28 August 1991 10:11 .cCopyright 1991 Transarc Corporation All Rights
13 * \page chap1 Chapter 1 -- Overview of the Rx RPC system
15 * \section sec1-1 Section 1.1: Introduction to Rx
18 * The Rx package provides a high-performance, multi-threaded, and secure
20 * remote procedure calls (RPCs) may be performed between programs executing
22 * network of computers. The Rx protocol is adaptive, conforming itself to
24 * network communication media. It allows user applications to define and
26 * security modules, allowing them to execute the precise end-to-end
27 * authentication algorithms
28 * required to suit their needs and goals. Although pervasive throughout the
30 * file system, all of its agents, and many of its standard application
31 * programs, Rx is entirely
32 * separable from AFS and does not depend on any of its features. In fact, Rx
33 * can be used to build applications engaging in RPC-style communication under
34 * a variety of unix-style file systems. There are in-kernel and user-space
35 * implementations of the Rx facility, with both sharing the same interface.
37 * This document provides a comprehensive and detailed treatment of the Rx RPC
40 * \section sec1-2 Section 1.2: Basic Concepts
43 * The Rx design operates on the set of basic concepts described in this
46 * \subsection sec1-2-1 Section 1.2.1: Security
49 * The Rx architecture provides for tight integration between the RPC mechanism
50 * and methods for making this communication medium secure. As elaborated in
51 * Section 5.3.1.3 and illustrated by the built-in rxkad security system
52 * described in Chapter 3, Rx defines the format for a generic security module,
53 * and then allows application programmers to define and activate
54 * instantiations of these modules. Rx itself knows nothing about the internal
55 * details of any particular security model, or the module-specific state it
56 * requires. It does, however, know when to call the generic security
57 * operations, and so can easily execute the security algorithm defined. Rx
58 * does maintain basic state per connection on behalf of any given security
61 * \subsection sec1-2-2 Section 1.2.2: Services
64 * An Rx-based server exports services, or specific RPC interfaces that
65 * accomplish certain tasks. Services are identified by (host-address,
66 * UDP-port, serviceID) triples. An Rx service is installed and initialized on
67 * a given host through the use of the rx NewService() routine (See Section
68 * 5.6.3). Incoming calls are stamped with the Rx service type, and must match
69 * an installed service to be accepted. Internally, Rx services also carry
70 * string names which identify them, which is useful for remote debugging and
71 * statistics-gathering programs. The use of a service ID allows a single
72 * server process to export multiple, independently-specified Rx RPC services.
74 * Each Rx service contains one or more security classes, as implemented by
75 * individual security objects. These security objects implement end-to-end
76 * security protocols. Individual peer-to-peer connections established on
77 * behalf of an Rx service will select exactly one of the supported security
78 * objects to define the authentication procedures followed by all calls
79 * associated with the connection. Applications are not limited to using only
80 * the core set of built-in security objects offered by Rx. They are free to
81 * define their own security objects in order to execute the specific protocols
84 * It is possible to specify both the minimum and maximum number of lightweight
85 * processes available to handle simultaneous calls directed to an Rx service.
86 * In addition, certain procedures may be registered with the service and
87 * called at specific times in the course of handling an RPC request.
89 * \subsection sec1-2-3 Section 1.2.3: Connections
92 * An Rx connection represents an authenticated communication path, allowing a
93 * sequence of multiple asynchronous conversations (calls). Each connection is
94 * identified by a connection ID. The low-order bits of the connection ID are
95 * reserved so that they may be stamped with the index of a particular call
96 * channel. With up to RX MAXCALLS concurrent calls (set to 4 in this
97 * implementation), the bottom two bits are set aside for this purpose. The
98 * connection ID is not sufficient to uniquely identify an Rx connection by
99 * itself. Should a client crash and restart, it may reuse a connection ID,
100 * causing inconsistent results. Included with the connection ID is the epoch,
101 * or start time for the client side of the connection. After a crash, the next
102 * incarnation of the client will choose a different epoch value. This will
103 * differentiate the new incarnation from the orphaned connection record on the
106 * Each connection is associated with a parent service, which defines a set of
107 * supported security models. At creation time, an Rx connection selects the
108 * particular security protocol it will implement, referencing the associated
109 * service. The connection structure maintains state for each individual call
110 * simultaneously handled.
112 * \subsection sec1-2-4 Section 1.2.4: Peers
115 * For each connection, Rx maintains information describing the entity, or
116 * peer, on the other side of the wire. A peer is identified by a (host,
117 * UDP-port) pair, with an IP address used to identify the host. Included in
118 * the information kept on this remote communication endpoint are such network
119 * parameters as the maximum packet size supported by the host, current
120 * readings on round trip time and retransmission delays, and packet skew (see
121 * Section 1.2.7). There are also congestion control fields, including
122 * retransmission statistics and descriptions of the maximum number of packets
123 * that may be sent to the peer without pausing. Peer structures are shared
124 * between connections whenever possible, and, hence, are reference-counted. A
125 * peer object may be garbage-collected if it is not actively referenced by any
126 * connection structure and a sufficient period of time has lapsed since the
127 * reference count dropped to zero.
129 * \subsection sec1-2-5 Section 1.2.5: Calls
132 * An Rx call represents an individual RPC being executed on a given
133 * connection. As described above, each connection may have up to RX MAXCALLS
134 * calls active at any one instant. The information contained in each call
135 * structure is specific to the given call.
137 * "Permanent" call state, such as the call number, is maintained in the
138 * connection structure itself.
140 * \subsection sec1-2-6 Section 1.2.6: Quotas
143 * Each attached server thread must be able to make progress to avoid system
144 * deadlock. The Rx facility ensures that it can always handle the arrival of
145 * the next unacknowledged data packet for an attached call with its system of
146 * packet quotas. A certain number of packets are reserved per server thread
147 * for this purpose, allowing the server threads to queue up an entire window
148 * full of data for an active call and still have packet buffers left over to
149 * be able to read its input without blocking.
151 * \subsection sec1-2-7 Section 1.2.7: Packet Skew
154 * If a packet is received n packets later than expected (based on packet
155 * serial numbers), then we define it to have a skew of n. The maximum skew
156 * values allow us to decide when a packet hasn't been received yet because it
157 * is out of order, as opposed to when it is likely to have been dropped.
159 * \subsection sec1-2-8 Section 1.2.8: Multicasting
162 * The rx multi.c module provides for multicast abilities, sending an RPC to
163 * several targets simultaneously. While true multicasting is not achieved, it
164 * is simulated by a rapid succession of packet transmissions and a collection
165 * algorithm for the replies. A client program, though, may be programmed as if
166 * multicasting were truly taking place. Thus, Rx is poised to take full
167 * advantage of a system supporting true multicasting with minimal disruption
168 * to the existing client code base.
170 * \section sec1-3 Section 1.3: Scope
173 * This paper is a member of a documentation suite providing specifications as
174 * to the operation and interfaces offered by the various AFS servers and
175 * agents. Rx is an integral part of the AFS environment, as it provides the
176 * high-performance, secure pathway by which these system components
177 * communicate across the network. Although AFS is dependent on Rx's services,
178 * the reverse is not true. Rx is a fully independent RPC package, standing on
179 * its own and usable in other environments.
181 * The intent of this work is to provide readers with a sufficiently detailed
182 * description of Rx that they may proceed to write their own applications on
183 * top of it. In fact, code for a sample Rx server and client are provided.
185 * One topic related to Rx will not be covered by this document, namely the
186 * Rxgen stub generator. Rather, rxgen is addressed in a separate document.
188 * \section sec1-4 Section 1.4: Document Layout
191 * After this introduction, Chapter 2 will introduce and describe various
192 * facilities and tools that support Rx. In particular, the threading and
193 * locking packages used by Rx will be examined, along with a set of timer and
194 * preemption tools. Chapter 3 proceeds to examine the details of one of the
195 * built-in security modules offered by Rx. Based on the Kerberos system
196 * developed by MIT's Project Athena, this rxkad module allows secure, ecrypted
197 * communication between the server and client ends of the RPC. Chapter 5 then
198 * provides the full Rx programming interface, and Chapter 6 illustrates the
199 * use of this programming interface by providing a fully-operational
200 * programming example employing Rx. This rxdemo suite is examined in detail,
201 * ranging all the way from a step-by-step analysis of the human-authored
202 * files, and the Rxgen-generated files upon which they are based, to the
203 * workings of the associated Makefile. Output from the example rxdemo server
204 * and client is also provided.
206 * \section sec1-5 Section 1.5: Related Documents
209 * Titles for the full suite of AFS specification documents are listed below.
210 * All of the servers and agents making up the AFS computing environment,
211 * whether running in the unix kernel or in user space, utilize an Rx RPC
212 * interface through which they export their services.
214 * \li AFS-3 Programmer's Reference: Architectural Overview: This paper
215 * provides an architectual overview of the AFS distributed file system,
216 * describing the full set of servers and agents in a coherent way,
217 * illustrating their relationships to each other and examining their
219 * \li AFS-3 Programmer's Reference: file Server/Cache Manager Interface: This
220 * document describes the workings and interfaces of the two primary AFS
221 * agents, the file Server and Cache Manager. The file Server provides a
222 * centralized disk repository for sets of files, regulating access to them.
223 * End users sitting on client machines rely on the Cache Manager agent,
224 * running in their kernel, to act as their agent in accessing the data stored
225 * on file Server machines, making those files appear as if they were really
227 * \li AFS-3 Programmer's Reference:Volume Server/Volume Location Server
228 * Interface: This document describes the services through which "containers"
229 * of related user data are located and managed.
230 * \li AFS-3 Programmer's Reference: Protection Server Interface: This paper
231 * describes the server responsible for mapping printable user names to and
232 * from their internal AFS identifiers. The Protection Server also allows users
233 * to create, destroy, and manipulate "groups" of users, which are suitable for
234 * placement on access control lists (ACLs).
235 * \li AFS-3 Programmer's Reference: BOS Server Interface: This paper
236 * explicates the "nanny" service which assists in the administrability of the
239 * In addition to these papers, the AFS 3.1 product is delivered with its own
240 * user, system administrator, installation, and command reference documents.
242 * \page chap2 Chapter 2 -- The LWP Lightweight Process Package
244 * \section sec2-1 Section 2.1: Introduction
246 * This chapter describes a package allowing multiple threads of control to
247 * coexist and cooperate within one unix process. Each such thread of control
248 * is also referred to as a lightweight process, in contrast to the traditional
249 * unix (heavyweight) process. Except for the limitations of a fixed stack size
250 * and non-preemptive scheduling, these lightweight processes possess all the
251 * properties usually associated with full-fledged processes in typical
252 * operating systems. For the purposes of this document, the terms lightweight
253 * process, LWP, and thread are completely interchangeable, and they appear
254 * intermixed in this chapter. Included in this lightweight process facility
255 * are various sub-packages, including services for locking, I/O control,
256 * timers, fast time determination, and preemption.
258 * The Rx facility is not the only client of the LWP package. Other LWP clients
259 * within AFS include the file Server, Protection Server, BOS Server, Volume
260 * Server, Volume Location Server, and the Authentication Server, along with
261 * many of the AFS application programs.
263 * \section sec2-2 Section 2.2: Description
265 * \subsection Section 2.2.1: sec2-2-1 LWP Overview
268 * The LWP package implements primitive functions that provide the basic
269 * facilities required to enable procedures written in C to execute
270 * concurrently and asynchronously. The LWP package is meant to be
271 * general-purpose (note the applications mentioned above), with a heavy
272 * emphasis on simplicity. Interprocess communication facilities can be built
273 * on top of this basic mechanism and in fact, many different IPC mechanisms
274 * could be implemented.
276 * In order to set up the threading support environment, a one-time invocation
277 * of the LWP InitializeProcessSupport() function must precede the use of the
278 * facilities described here. This initialization function carves an initial
279 * process out of the currently executing C procedure and returns its thread
280 * ID. For symmetry, an LWP TerminateProcessSupport() function may be used
281 * explicitly to release any storage allocated by its counterpart. If this
282 * function is used, it must be issued from the thread created by the original
283 * LWP InitializeProcessSupport() invocation.
285 * When any of the lightweight process functions completes, an integer value is
286 * returned to indicate whether an error condition was encountered. By
287 * convention, a return value of zero indicates that the operation succeeded.
289 * Macros, typedefs, and manifest constants for error codes needed by the
290 * threading mechanism are exported by the lwp.h include file. A lightweight
291 * process is identified by an object of type PROCESS, which is defined in the
294 * The process model supported by the LWP operations is based on a
295 * non-preemptive priority dispatching scheme. A priority is an integer in the
296 * range [0..LWP MAX PRIORITY], where 0 is the lowest priority. Once a given
297 * thread is selected and dispatched, it remains in control until it
298 * voluntarily relinquishes its claim on the CPU. Control may be relinquished
299 * by either explicit means (LWP_DispatchProcess()) or implicit means (through
300 * the use of certain other LWP operations with this side effect). In general,
301 * all LWP operations that may cause a higher-priority process to become ready
302 * for dispatching preempt the process requesting the service. When this
303 * occurs, the dispatcher mechanism takes over and automatically schedules the
304 * highest-priority runnable process. Routines in this category, where the
305 * scheduler is guaranteed to be invoked in the absence of errors, are:
306 * \li LWP_WaitProcess()
307 * \li LWP_MwaitProcess()
308 * \li LWP_SignalProcess()
309 * \li LWP_DispatchProcess()
310 * \li LWP_DestroyProcess()
312 * The following functions are guaranteed not to cause preemption, and so may
313 * be issued with no fear of losing control to another thread:
314 * \li LWP_InitializeProcessSupport()
315 * \li LWP_NoYieldSignal()
316 * \li LWP_CurrentProcess()
317 * \li LWP_ActiveProcess()
318 * \li LWP_StackUsed()
322 * The symbol LWP NORMAL PRIORITY, whose value is (LWP MAX PRIORITY-2),
323 * provides a reasonable default value to use for process priorities.
325 * The lwp debug global variable can be set to activate or deactivate debugging
326 * messages tracing the flow of control within the LWP routines. To activate
327 * debugging messages, set lwp debug to a non-zero value. To deactivate, reset
328 * it to zero. All debugging output from the LWP routines is sent to stdout.
330 * The LWP package checks for stack overflows at each context switch. The
331 * variable that controls the action of the package when an overflow occurs is
332 * lwp overflowAction. If it is set to LWP SOMESSAGE, then a message will be
333 * printed on stderr announcing the overflow. If lwp overflowAction is set to
334 * LWP SOABORT, the abort() LWP routine will be called. finally, if lwp
335 * overflowAction is set to LWP SOQUIET, the LWP facility will ignore the
336 * errors. By default, the LWP SOABORT setting is used.
338 * Here is a sketch of a simple program (using some psuedocode) demonstrating
339 * the high-level use of the LWP facility. The opening #include line brings in
340 * the exported LWP definitions. Following this, a routine is defined to wait
341 * on a "queue" object until something is deposited in it, calling the
342 * scheduler as soon as something arrives. Please note that various LWP
343 * routines are introduced here. Their definitions will appear later, in
347 * #include <afs/lwp.h>
348 * static read_process(id)
350 * { /* Just relinquish control for now */
351 * LWP_DispatchProcess();
354 * /* Wait until there is something in the queue */
355 * while (empty(q)) LWP_WaitProcess(q);
356 * /* Process the newly-arrived queue entry */
357 * LWP_DispatchProcess();
363 * The next routine, write process(), sits in a loop, putting messages on the
364 * shared queue and signalling the reader, which is waiting for activity on the
365 * queue. Signalling a thread is accomplished via the LWP SignalProcess()
369 * static write_process()
371 * /* Loop, writing data to the shared queue. */
372 * for (mesg = messages; *mesg != 0; mesg++)
375 * LWP_SignalProcess(q);
381 * finally, here is the main routine for this demo pseudocode. It starts by
382 * calling the LWP initialization routine. Next, it creates some number of
383 * reader threads with calls to LWP CreateProcess() in addition to the single
384 * writer thread. When all threads terminate, they will signal the main routine
385 * on the done variable. Once signalled, the main routine will reap all the
386 * threads with the help of the LWP DestroyProcess() function.
393 * PROCESS *id; /* Initial thread ID */
394 * /* Set up the LWP package, create the initial thread ID. */
395 * LWP_InitializeProcessSupport(0, &id);
396 * /* Create a set of reader threads. */
397 * for (i = 0; i < nreaders; i++)
398 * LWP_CreateProcess(read_process, STACK_SIZE, 0, i, "Reader",
401 * /* Create a single writer thread. */
402 * LWP_CreateProcess(write_process, STACK_SIZE, 1, 0, "Writer", &writer);
403 * /* Wait for all the above threads to terminate. */
404 * for (i = 0; i <= nreaders; i++)
405 * LWP_WaitProcess(&done);
407 * /* All threads are done. Destroy them all. */
408 * for (i = nreaders-1; i >= 0; i--)
409 * LWP_DestroyProcess(readers[i]);
413 * \subsection sec2-2-2 Section 2.2.2: Locking
415 * The LWP locking facility exports a number of routines and macros that allow
416 * a C programmer using LWP threading to place read and write locks on shared
417 * data structures. This locking facility was also written with simplicity in
420 * In order to invoke the locking mechanism, an object of type struct Lock must
421 * be associated with the object. After being initialized with a call to
422 * LockInit(), the lock object is used in invocations of various macros,
423 * including ObtainReadLock(), ObtainWriteLock(), ReleaseReadLock(),
424 * ReleaseWriteLock(), ObtainSharedLock(), ReleaseSharedLock(), and
427 * Lock semantics specify that any number of readers may hold a lock in the
428 * absence of a writer. Only a single writer may acquire a lock at any given
429 * time. The lock package guarantees fairness, legislating that each reader and
430 * writer will eventually obtain a given lock. However, this fairness is only
431 * guaranteed if the priorities of the competing processes are identical. Note
432 * that ordering is not guaranteed by this package.
434 * Shared locks are read locks that can be "boosted" into write locks. These
435 * shared locks have an unusual locking matrix. Unboosted shared locks are
436 * compatible with read locks, yet incompatible with write locks and other
437 * shared locks. In essence, a thread holding a shared lock on an object has
438 * effectively read-locked it, and has the option to promote it to a write lock
439 * without allowing any other writer to enter the critical region during the
440 * boost operation itself.
442 * It is illegal for a process to request a particular lock more than once
443 * without first releasing it. Failure to obey this restriction will cause
444 * deadlock. This restriction is not enforced by the LWP code.
446 * Here is a simple pseudocode fragment serving as an example of the available
447 * locking operations. It defines a struct Vnode object, which contains a lock
448 * object. The get vnode() routine will look up a struct Vnode object by name,
449 * and then either read-lock or write-lock it.
451 * As with the high-level LWP example above, the locking routines introduced
452 * here will be fully defined later, in Section 2.3.2.
455 * #include <afs/lock.h>
459 * struct Lock lock; Used to lock this vnode
465 * struct Vnode *get_vnode(name, how) char *name;
471 * ObtainReadLock(&v->lock);
473 * ObtainWriteLock(&v->lock);
478 * \subsection sec2-2-3 Section 2.2.3: IOMGR
481 * The IOMGR facility associated with the LWP service allows threads to wait on
482 * various unix events. The exported IOMGR Select() routine allows a thread to
483 * wait on the same set of events as the unix select() call. The parameters to
484 * these two routines are identical. IOMGR Select() puts the calling LWP to
485 * sleep until no threads are active. At this point, the built-in IOMGR thread,
486 * which runs at the lowest priority, wakes up and coalesces all of the select
487 * requests together. It then performs a single select() and wakes up all
488 * threads affected by the result.
490 * The IOMGR Signal() routine allows an LWP to wait on the delivery of a unix
491 * signal. The IOMGR thread installs a signal handler to catch all deliveries
492 * of the unix signal. This signal handler posts information about the signal
493 * delivery to a global data structure. The next time that the IOMGR thread
494 * runs, it delivers the signal to any waiting LWP.
496 * Here is a pseudocode example of the use of the IOMGR facility, providing the
497 * blueprint for an implemention a thread-level socket listener.
500 * void rpc_SocketListener()
502 * int ReadfdMask, WritefdMask, ExceptfdMask, rc;
503 * struct timeval *tvp;
506 * ExceptfdMask = ReadfdMask = (1 << rpc_RequestSocket);
509 * rc = IOMGR_Select(8*sizeof(int), &ReadfdMask, &WritefdMask,
510 * &ExceptfdMask, tvp);
514 * case 0: /* Timeout */ continue;
515 * /* Main while loop */
517 * case -1: /* Error */
518 * SystemError("IOMGR_Select");
521 * case 1: /* RPC packet arrived! */ ...
525 * default: Should never occur
531 * \subsection sec2-2-4 Section 2.2.4: Timer
533 * The timer package exports a number of routines that assist in manipulating
534 * lists of objects of type struct TM Elem. These struct TM Elem timers are
535 * assigned a timeout value by the user and inserted in a package-maintained
536 * list. The time remaining to each timer's timeout is kept up to date by the
537 * package under user control. There are routines to remove a timer from its
538 * list, to return an expired timer from a list, and to return the next timer
541 * A timer is commonly used by inserting a field of type struct TM Elem into a
542 * structure. After setting the desired timeout value, the structure is
543 * inserted into a list by means of its timer field.
545 * Here is a simple pseudocode example of how the timer package may be used.
546 * After calling the package initialization function, TM Init(), the pseudocode
547 * spins in a loop. first, it updates all the timers via TM Rescan() calls.
548 * Then, it pulls out the first expired timer object with TM GetExpired() (if
549 * any), and processes it.
552 * static struct TM_Elem *requests;
554 * TM_Init(&requests); /* Initialize timer list */ ...
556 * TM_Rescan(requests); /* Update the timers */
557 * expired = TM_GetExpired(requests);
560 * . . . process expired element . . .
564 * \subsection sec2-2-5 Section 2.2.5: Fast Time
567 * The fast time routines allows a caller to determine the current time of day
568 * without incurring the expense of a kernel call. It works by mapping the page
569 * of the kernel that holds the time-of-day variable and examining it directly.
570 * Currently, this package only works on Suns. The routines may be called on
571 * other architectures, but they will run more slowly.
573 * The initialization routine for this package is fairly expensive, since it
574 * does a lookup of a kernel symbol via nlist(). If the client application
575 * program only runs for only a short time, it may wish to call FT Init() with
576 * the notReally parameter set to TRUE in order to prevent the lookup from
577 * taking place. This is useful if you are using another package that uses the
578 * fast time facility.
580 * \subsection sec2-2-6 Section 2.2.6: Preemption
583 * The preemption package provides a mechanism by which control can pass
584 * between lightweight processes without the need for explicit calls to LWP
585 * DispatchProcess(). This effect is achieved by periodically interrupting the
586 * normal flow of control to check if other (higher priority) procesess are
589 * The package makes use of the BSD interval timer facilities, and so will
590 * cause programs that make their own use of these facilities to malfunction.
591 * In particular, use of alarm(3) or explicit handling of SIGALRM is
592 * disallowed. Also, calls to sleep(3) may return prematurely.
594 * Care should be taken that routines are re-entrant where necessary. In
595 * particular, note that stdio(3) is not re-entrant in general, and hence
596 * multiple threads performing I/O on the same fiLE structure may function
599 * An example pseudocode routine illustrating the use of this preemption
600 * facility appears below.
603 * #include <sys/time.h>
604 * #include "preempt.h"
605 * ... struct timeval tv;
606 * LWP_InitializeProcessSupport( ... );
609 * PRE_InitPreempt(&tv);
610 * PRE_PreemptMe(); ...
611 * PRE_BeginCritical(); ...
612 * PRE_EndCritical(); ...
616 * \section sec2-3 Section 2.3: Interface Specifications
618 * \subsection sec2-3-1 Section 2.3.1: LWP
621 * This section covers the calling interfaces to the LWP package. Please note
622 * that LWP macros (e.g., ActiveProcess) are also included here, rather than
623 * being relegated to a different section.
625 * \subsubsection sec2-3-1-1 Section 2.3.1.1: LWP_InitializeProcessSupport
626 * _ Initialize the LWP package
629 * int LWP_InitializeProcessSupport(IN int priority; OUT PROCESS *pid)
631 * This function initializes the LWP package. In addition, it turns the current
632 * thread of control into the initial process with the specified priority. The
633 * process ID of this initial thread is returned in the pid parameter. This
634 * routine must be called before any other routine in the LWP library. The
635 * scheduler will NOT be invoked as a result of calling
636 * LWP_InitializeProcessSupport().
638 * LWP EBADPRI The given priority is invalid, either negative or too large.
640 * \subsubsection sec2-3-1-2 Section 2.3.1.2: LWP_TerminateProcessSupport
641 * _ End process support, perform cleanup
644 * int LWP_TerminateProcessSupport()
646 * This routine terminates the LWP threading support and cleans up after it by
647 * freeing any auxiliary storage used. This routine must be called from within
648 * the process that invoked LWP InitializeProcessSupport(). After LWP
649 * TerminateProcessSupport() has been called, it is acceptable to call LWP
650 * InitializeProcessSupport() again in order to restart LWP process support.
652 * ---Always succeeds, or performs an abort().
654 * \subsubsection sec2-3-1-3 Section 2.3.1.3: LWP_CreateProcess _ Create a
658 * int LWP_CreateProcess(IN int (*ep)(); IN int stacksize; IN int priority; IN
659 * char *parm; IN char *name; OUT PROCESS *pid)
661 * This function is used to create a new lightweight process with a given
662 * printable name. The ep argument identifies the function to be used as the
663 * body of the thread. The argument to be passed to this function is contained
664 * in parm. The new thread's stack size in bytes is specified in stacksize, and
665 * its execution priority in priority. The pid parameter is used to return the
666 * process ID of the new thread.
668 * If the thread is successfully created, it will be marked as runnable. The
669 * scheduler is called before the LWP CreateProcess() call completes, so the
670 * new thread may indeed begin its execution before the completion. Note that
671 * the new thread is guaranteed NOT to run before the call completes if the
672 * specified priority is lower than the caller's. On the other hand, if the new
673 * thread's priority is higher than the caller's, then it is guaranteed to run
674 * before the creation call completes.
676 * LWP EBADPRI The given priority is invalid, either negative or too large.
677 * \n LWP NOMEM Could not allocate memory to satisfy the creation request.
679 * \subsubsection sec2-3-1-4 Section: 2.3.1.4: LWP_DestroyProcess _ Create
683 * int LWP_DestroyProcess(IN PROCESS pid)
685 * This routine destroys the thread identified by pid. It will be terminated
686 * immediately, and its internal storage will be reclaimed. A thread is allowed
687 * to destroy itself. In this case, of course, it will only get to see the
688 * return code if the operation fails. Note that a thread may also destroy
689 * itself by returning from the parent C routine.
691 * The scheduler is called by this operation, which may cause an arbitrary
692 * number of threads to execute before the caller regains the processor.
694 * LWP EINIT The LWP package has not been initialized.
696 * \subsubsection sec2-3-1-5 Section 2.3.1.5: WaitProcess _ Wait on an
700 * int LWP WaitProcess(IN char *event)
702 * This routine puts the thread making the call to sleep until another LWP
703 * calls the LWP SignalProcess() or LWP NoYieldSignal() routine with the
704 * specified event. Note that signalled events are not queued. If a signal
705 * occurs and no thread is awakened, the signal is lost. The scheduler is
706 * invoked by the LWP WaitProcess() routine.
708 * LWP EINIT The LWP package has not been initialized.
709 * \n LWP EBADEVENT The given event pointer is null.
711 * \subsubsection sec2-3-1-6 Section 2.3.1.6: MwaitProcess _ Wait on a set
715 * int LWP MwaitProcess(IN int wcount; IN char *evlist[])
717 * This function allows a thread to wait for wcount signals on any of the items
718 * in the given evlist. Any number of signals of a particular event are only
719 * counted once. The evlist is a null-terminated list of events to wait for.
720 * The scheduler will be invoked.
722 * LWP EINIT The LWP package has not been initialized.
723 * \n LWP EBADCOUNT An illegal number of events has been supplied.
725 * \subsubsection sec2-3-1-7 Section 2.3.1.7: SignalProcess _ Signal an
729 * int LWP SignalProcess(IN char *event)
731 * This routine causes the given event to be signalled. All threads waiting for
732 * this event (exclusively) will be marked as runnable, and the scheduler will
733 * be invoked. Note that threads waiting on multiple events via LWP
734 * MwaitProcess() may not be marked as runnable. Signals are not queued.
735 * Therefore, if no thread is waiting for the signalled event, the signal will
738 * LWP EINIT The LWP package has not been initialized. LWP EBADEVENT A null
739 * event pointer has been provided. LWP ENOWAIT No thread was waiting on the
742 * \subsubsection sec2-3-1-8 Section 2.3.1.8: NoYieldSignal _ Signal an
743 * event without invoking scheduler
746 * int LWP NoYieldSignal(IN char *event)
748 * This function is identical to LWP SignalProcess() except that the scheduler
749 * will not be invoked. Thus, control will remain with the signalling process.
751 * LWP EINIT The LWP package has not been initialized. LWP EBADEVENT A null
752 * event pointer has been provided. LWP ENOWAIT No thread was waiting on the
755 * \subsubsection sec2-3-1-9 Section 2.3.1.9: DispatchProcess _ Yield
756 * control to the scheduler
759 * int LWP DispatchProcess()
761 * This routine causes the calling thread to yield voluntarily to the LWP
762 * scheduler. If no other thread of appropriate priority is marked as runnable,
763 * the caller will continue its execution.
765 * LWP EINIT The LWP package has not been initialized.
767 * \subsubsection sec2-3-1-10 Section 2.3.1.10: CurrentProcess _ Get the
768 * current thread's ID
771 * int LWP CurrentProcess(IN PROCESS *pid)
773 * This call places the current lightweight process ID in the pid parameter.
775 * LWP EINIT The LWP package has not been initialized.
777 * \subsubsection sec2-3-1-11 Section 2.3.1.11: ActiveProcess _ Get the
778 * current thread's ID (macro)
781 * int LWP ActiveProcess()
783 * This macro's value is the current lightweight process ID. It generates a
784 * value identical to that acquired by calling the LWP CurrentProcess()
785 * function described above if the LWP package has been initialized. If no such
786 * initialization has been done, it will return a value of zero.
788 * \subsubsection sec2-3-1-12 Section: 2.3.1.12: StackUsed _ Calculate
792 * int LWP StackUsed(IN PROCESS pid; OUT int *max; OUT int *used)
794 * This function returns the amount of stack space allocated to the thread
795 * whose identifier is pid, and the amount actually used so far. This is
796 * possible if the global variable lwp stackUseEnabled was TRUE when the thread
797 * was created (it is set this way by default). If so, the thread's stack area
798 * was initialized with a special pattern. The memory still stamped with this
799 * pattern can be determined, and thus the amount of stack used can be
800 * calculated. The max parameter is always set to the thread's stack allocation
801 * value, and used is set to the computed stack usage if lwp stackUseEnabled
802 * was set when the process was created, or else zero.
804 * LWP NO STACK Stack usage was not enabled at thread creation time.
806 * \subsubsection sec2-3-1-13 Section 2.3.1.13: NewRock _ Establish
807 * thread-specific storage
810 * int LWP NewRock (IN int tag; IN char **value)
812 * This function establishes a "rock", or thread-specific information,
813 * associating it with the calling LWP. The tag is intended to be any unique
814 * integer value, and the value is a pointer to a character array containing
817 * Users of the LWP package must coordinate their choice of tag values. Note
818 * that a tag's value cannot be changed. Thus, to obtain a mutable data
819 * structure, another level of indirection is required. Up to MAXROCKS (4)
820 * rocks may be associated with any given thread.
822 * ENOROCKS A rock with the given tag field already exists. All of the MAXROCKS
826 * \subsubsection sec2-3-1-14 Section: 2.3.1.14: GetRock _ Retrieve
827 * thread-specific storage
830 * int LWP GetRock(IN int tag; OUT **value)
832 * This routine recovers the thread-specific information associated with the
833 * calling process and the given tag, if any. Such a rock had to be established
834 * through a LWP NewRock() call. The rock's value is deposited into value.
836 * LWP EBADROCK A rock has not been associated with the given tag for this
839 * \subsection sec2-3-2 Section 2.3.2: Locking
842 * This section covers the calling interfaces to the locking package. Many of
843 * the user-callable routines are actually implemented as macros.
845 * \subsubsection sec2-3-2-1 Section 2.3.2.1: Lock Init _ Initialize lock
849 * void Lock Init(IN struct Lock *lock)
851 * This function must be called on the given lock object before any other
852 * operations can be performed on it.
854 * ---No value is returned.
856 * \subsubsection sec2-3-2-2 Section 2.3.2.2: ObtainReadLock _ Acquire a
860 * void ObtainReadLock(IN struct Lock *lock)
862 * This macro obtains a read lock on the specified lock object. Since this is a
863 * macro and not a function call, results are not predictable if the value of
864 * the lock parameter is a side-effect producing expression, as it will be
865 * evaluated multiple times in the course of the macro interpretation.
866 * Read locks are incompatible with write, shared, and boosted shared locks.
868 * ---No value is returned.
870 * \subsubsection sec2-3-2-3 Section 2.3.2.3: ObtainWriteLock _ Acquire a
874 * void ObtainWriteLock(IN struct Lock *lock)
876 * This macro obtains a write lock on the specified lock object. Since this is
877 * a macro and not a function call, results are not predictable if the value of
878 * the lock parameter is a side-effect producing expression, as it will be
879 * evaluated multiple times in the course of the macro interpretation.
881 * Write locks are incompatible with all other locks.
883 * ---No value is returned.
885 * \subsubsection sec2-3-2-4 Section 2.3.2.4: ObtainSharedLock _ Acquire a
889 * void ObtainSharedLock(IN struct Lock *lock)
891 * This macro obtains a shared lock on the specified lock object. Since this is
892 * a macro and not a function call, results are not predictable if the value of
893 * the lock parameter is a side-effect producing expression, as it will be
894 * evaluated multiple times in the course of the macro interpretation.
896 * Shared locks are incompatible with write and boosted shared locks, but are
897 * compatible with read locks.
899 * ---No value is returned.
901 * \subsubsection sec2-3-2-5 Section 2.3.2.5: ReleaseReadLock _ Release
905 * void ReleaseReadLock(IN struct Lock *lock)
907 * This macro releases the specified lock. The lock must have been previously
908 * read-locked. Since this is a macro and not a function call, results are not
909 * predictable if the value of the lock parameter is a side-effect producing
910 * expression, as it will be evaluated multiple times in the course of the
911 * macro interpretation. The results are also unpredictable if the lock was not
912 * previously read-locked by the thread calling ReleaseReadLock().
914 * ---No value is returned.
916 * \subsubsection sec2-3-2-6 Section 2.3.2.6: ReleaseWriteLock _ Release
920 * void ReleaseWriteLock(IN struct Lock *lock)
922 * This macro releases the specified lock. The lock must have been previously
923 * write-locked. Since this is a macro and not a function call, results are not
924 * predictable if the value of the lock parameter is a side-effect producing
925 * expression, as it will be evaluated multiple times in the course of the
926 * macro interpretation. The results are also unpredictable if the lock was not
927 * previously write-locked by the thread calling ReleaseWriteLock().
929 * ---No value is returned.
931 * \subsubsection sec2-3-2-7 Section 2.3.2.7: ReleaseSharedLock _ Release
935 * void ReleaseSharedLock(IN struct Lock *lock)
937 * This macro releases the specified lock. The lock must have been previously
938 * share-locked. Since this is a macro and not a function call, results are not
939 * predictalbe if the value of the lock parameter is a side-effect producing
940 * expression, as it will be evaluated multiple times in the course of the
941 * macro interpretation. The results are also unpredictable if the lock was not
942 * previously share-locked by the thread calling ReleaseSharedLock().
944 * ---No value is returned.
946 * \subsubsection sec2-3-2-8 Section 2.3.2.8: CheckLock _ Determine state
950 * void CheckLock(IN struct Lock *lock)
952 * This macro produces an integer that specifies the status of the indicated
953 * lock. The value will be -1 if the lock is write-locked, 0 if unlocked, or
954 * otherwise a positive integer that indicates the number of readers (threads
955 * holding read locks). Since this is a macro and not a function call, results
956 * are not predictable if the value of the lock parameter is a side-effect
957 * producing expression, as it will be evaluated multiple times in the course
958 * of the macro interpretation.
960 * ---No value is returned.
962 * \subsubsection sec2-3-2-9 Section 2.3.2.9: BoostLock _ Boost a shared
966 * void BoostLock(IN struct Lock *lock)
968 * This macro promotes ("boosts") a shared lock into a write lock. Such a boost
969 * operation guarantees that no other writer can get into the critical section
970 * in the process. Since this is a macro and not a function call, results are
971 * not predictable if the value of the lock parameter is a side-effect
972 * producing expression, as it will be evaluated multiple times in the course
973 * of the macro interpretation.
975 * ---No value is returned.
977 * \subsubsection sec2-3-2-10 Section 2.3.2.10: UnboostLock _ Unboost a
981 * void UnboostLock(IN struct Lock *lock)
983 * This macro demotes a boosted shared lock back down into a regular shared
984 * lock. Such an unboost operation guarantees that no other writer can get into
985 * the critical section in the process. Since this is a macro and not a
986 * function call, results are not predictable if the value of the lock
987 * parameter is a side-effect producing expression, as it will be evaluated
988 * multiple times in the course of the macro interpretation.
990 * ---No value is returned.
992 * \subsection sec2-3-3 Section 2.3.3: IOMGR
995 * This section covers the calling interfaces to the I/O management package.
997 * \subsubsection sec2-3-3-1 Section: 2.3.3.1: IOMGR Initialize _
998 * Initialize the package
1001 * int IOMGR Initialize()
1003 * This function initializes the IOMGR package. Its main task is to create the
1004 * IOMGR thread itself, which runs at the lowest possible priority (0). The
1005 * remainder of the lightweight processes must be running at priority 1 or
1006 * greater (up to a maximum of LWP MAX PRIORITY (4)) for the IOMGR package to
1007 * function correctly.
1009 * -1 The LWP and/or timer package haven't been initialized.
1010 * \n <misc> Any errors that may be returned by the LWP CreateProcess()
1013 * \subsubsection sec2-3-3-2 Section 2.3.3.2: IOMGR finalize _ Clean up
1014 * the IOMGR facility
1017 * int IOMGR finalize()
1019 * This routine cleans up after the IOMGR package when it is no longer needed.
1020 * It releases all storage and destroys the IOMGR thread itself.
1022 * <misc> Any errors that may be returned by the LWP DestroyProcess() routine.
1024 * \subsubsection sec2-3-3-3 Section 2.3.3.3: IOMGR Select _ Perform a
1025 * thread-level select()
1028 * int IOMGR Select (IN int numfds; IN int *rfds; IN int *wfds; IN int *xfds;
1029 * IN truct timeval *timeout)
1031 * This routine performs an LWP version of unix select() operation. The
1032 * parameters have the same meanings as with the unix call. However, the return
1033 * values will be simplified (see below). If this is a polling select (i.e.,
1034 * the value of timeout is null), it is done and the IOMGR Select() function
1035 * returns to the user with the results. Otherwise, the calling thread is put
1036 * to sleep. If at some point the IOMGR thread is the only runnable process, it
1037 * will awaken and collect all select requests. The IOMGR will then perform a
1038 * single select and awaken the appropriate processes. This will force a return
1039 * from the affected IOMGR Select() calls.
1041 * -1 An error occurred.
1042 * \n 0 A timeout occurred.
1043 * \n 1 Some number of file descriptors are ready.
1045 * \subsubsection sec2-3-3-4 Section 2.3.3.4: IOMGR Signal _ Associate
1046 * unix and LWP signals
1049 * int IOMGR Signal(IN int signo; IN char *event)
1051 * This function associates an LWP signal with a unix signal. After this call,
1052 * when the given unix signal signo is delivered to the (heavyweight unix)
1053 * process, the IOMGR thread will deliver an LWP signal to the event via LWP
1054 * NoYieldSignal(). This wakes up any lightweight processes waiting on the
1055 * event. Multiple deliveries of the signal may be coalesced into one LWP
1056 * wakeup. The call to LWP NoYieldSignal() will happen synchronously. It is
1057 * safe for an LWP to check for some condition and then go to sleep waiting for
1058 * a unix signal without having to worry about delivery of the signal happening
1059 * between the check and the call to LWP WaitProcess().
1061 * LWP EBADSIG The signo value is out of range.
1062 * \n LWP EBADEVENT The event pointer is null.
1064 * \subsubsection sec2-3-3-5 Section 2.3.3.5: IOMGR CancelSignal _ Cancel
1065 * unix and LWP signal association
1068 * int IOMGR CancelSignal(IN int signo)
1070 * This routine cancels the association between a unix signal and an LWP event.
1071 * After calling this function, the unix signal signo will be handled however
1072 * it was handled before the corresponding call to IOMGR Signal().
1074 * LWP EBADSIG The signo value is out of range.
1076 * \subsubsection sec2-3-3-6 Section 2.3.3.6: IOMGR Sleep _ Sleep for a
1080 * void IOMGR Sleep(IN unsigned seconds)
1082 * This function calls IOMGR Select() with zero file descriptors and a timeout
1083 * structure set up to cause the thread to sleep for the given number of
1086 * ---No value is returned.
1088 * \subsection sec2-3-4 Section 2.3.4: Timer
1091 * This section covers the calling interface to the timer package associated
1092 * with the LWP facility.
1094 * \subsubsection sec2-3-4-1 Section 2.3.4.1: TM Init _ Initialize a timer
1098 * int TM Init(IN struct TM Elem **list)
1100 * This function causes the specified timer list to be initialized. TM Init()
1101 * must be called before any other timer operations are applied to the list.
1103 * -1 A null timer list could not be produced.
1105 * \subsubsection sec2-3-4-2 Section 2.3.4.2: TM final _ Clean up a timer
1109 * int TM final(IN struct TM Elem **list)
1111 * This routine is called when the given empty timer list is no longer needed.
1112 * All storage associated with the list is released.
1114 * -1 The list parameter is invalid.
1116 * \subsubsection sec2-3-4-3 Section 2.3.4.3: TM Insert _ Insert an object
1120 * void TM Insert(IN struct TM Elem **list; IN struct TM Elem *elem)
1122 * This routine enters an new element, elem, into the list denoted by list.
1123 * Before the new element is queued, its TimeLeft field (the amount of time
1124 * before the object comes due) is set to the value stored in its TotalTime
1125 * field. In order to keep TimeLeft fields current, the TM Rescan() function
1128 * ---No return value is generated.
1130 * \subsubsection sec2-3-4-4 Section 2.3.4.4: TM Rescan _ Update all
1131 * timers in the list
1134 * int TM Rescan(IN struct TM Elem *list)
1136 * This function updates the TimeLeft fields of all timers on the given list.
1137 * This is done by checking the time-of-day clock. Note: this is the only
1138 * routine other than TM Init() that updates the TimeLeft field in the elements
1141 * Instead of returning a value indicating success or failure, TM Rescan()
1142 * returns the number of entries that were discovered to have timed out.
1144 * ---Instead of error codes, the number of entries that were discovered to
1145 * have timed out is returned.
1147 * \subsubsection sec2-3-4-5 Section 2.3.4.5: TM GetExpired _ Returns an
1151 * struct TM Elem *TM GetExpired(IN struct TM Elem *list)
1153 * This routine searches the specified timer list and returns a pointer to an
1154 * expired timer element from that list. An expired timer is one whose TimeLeft
1155 * field is less than or equal to zero. If there are no expired timers, a null
1156 * element pointer is returned.
1158 * ---Instead of error codes, an expired timer pointer is returned, or a null
1159 * timer pointer if there are no expired timer objects.
1161 * \subsubsection sec2-3-4-6 Section 2.3.4.6: TM GetEarliest _ Returns
1162 * earliest unexpired timer
1165 * struct TM Elem *TM GetEarliest(IN struct TM Elem *list)
1167 * This function returns a pointer to the timer element that will be next to
1168 * expire on the given list. This is defined to be the timer element with the
1169 * smallest (positive) TimeLeft field. If there are no timers on the list, or
1170 * if they are all expired, this function will return a null pointer.
1172 * ---Instead of error codes, a pointer to the next timer element to expireis
1173 * returned, or a null timer object pointer if they are all expired.
1175 * \subsubsection sec2-3-4-7 Section 2.3.4.7: TM eql _ Test for equality
1179 * bool TM eql(IN struct timemval *t1; IN struct timemval *t2)
1181 * This function compares the given timestamps, t1 and t2, for equality. Note
1182 * that the function return value, bool, has been set via typedef to be
1183 * equivalent to unsigned char.
1185 * 0 If the two timestamps differ.
1186 * \n 1 If the two timestamps are identical.
1188 * \subsection sec2-3-5 Section 2.3.5: Fast Time
1190 * This section covers the calling interface to the fast time package
1191 * associated with the LWP facility.
1193 * \subsubsection sec2-3-5-1 Section 2.3.5.1: FT Init _ Initialize the
1197 * int FT Init(IN int printErrors; IN int notReally)
1199 * This routine initializes the fast time package, mapping in the kernel page
1200 * containing the time-of-day variable. The printErrors argument, if non-zero,
1201 * will cause any errors in initalization to be printed to stderr. The
1202 * notReally parameter specifies whether initialization is really to be done.
1203 * Other calls in this package will do auto-initialization, and hence the
1204 * option is offered here.
1206 * -1 Indicates that future calls to FT GetTimeOfDay() will still work, but
1207 * will not be able to access the information directly, having to make a
1208 * kernel call every time.
1210 * \subsubsection sec2-3-5-2 Section 2.3.5.2: FT GetTimeOfDay _ Initialize
1211 * the fast time package
1214 * int FT GetTimeOfDay(IN struct timeval *tv; IN struct timezone *tz)
1216 * This routine is meant to mimic the parameters and behavior of the unix
1217 * gettimeofday() function. However, as implemented, it simply calls
1218 * gettimeofday() and then does some bound-checking to make sure the value is
1221 * <misc> Whatever value was returned by gettimeofday() internally.
1223 * \subsection sec2-3-6 Section 2.3.6: Preemption
1225 * This section covers the calling interface to the preemption package
1226 * associated with the LWP facility.
1228 * \subsubsection sec2-3-6-1 Section 2.3.6.1: PRE InitPreempt _ Initialize
1229 * the preemption package
1232 * int PRE InitPreempt(IN struct timeval *slice)
1234 * This function must be called to initialize the preemption package. It must
1235 * appear sometime after the call to LWP InitializeProcessSupport() and
1236 * sometime before the first call to any other preemption routine. The slice
1237 * argument specifies the time slice size to use. If the slice pointer is set
1238 * to null in the call, then the default time slice, DEFAULTSLICE (10
1239 * milliseconds), will be used. This routine uses the unix interval timer and
1240 * handling of the unix alarm signal, SIGALRM, to implement this timeslicing.
1242 * LWP EINIT The LWP package hasn't been initialized.
1243 * \n LWP ESYSTEM Operations on the signal vector or the interval timer have
1246 * \subsubsection sec2-3-6-2 Section 2.3.6.2: PRE EndPreempt _ finalize
1247 * the preemption package
1250 * int PRE EndPreempt()
1252 * This routine finalizes use of the preemption package. No further preemptions
1253 * will be made. Note that it is not necessary to make this call before exit.
1254 * PRE EndPreempt() is provided only for those applications that wish to
1255 * continue after turning off preemption.
1257 * LWP EINIT The LWP package hasn't been initialized.
1258 * \n LWP ESYSTEM Operations on the signal vector or the interval timer have
1261 * \subsubsection sec2-3-6-3 Section 2.3.6.3: PRE PreemptMe _ Mark thread
1265 * int PRE PreemptMe()
1267 * This macro is used to signify the current thread as a candidate for
1268 * preemption. The LWP InitializeProcessSupport() routine must have been called
1269 * before PRE PreemptMe().
1271 * ---No return code is generated.
1273 * \subsubsection sec2-3-6-4 Section 2.3.6.4: PRE BeginCritical _ Enter
1274 * thread critical section
1277 * int PRE BeginCritical()
1279 * This macro places the current thread in a critical section. Upon return, and
1280 * for as long as the thread is in the critical section, involuntary
1281 * preemptions of this LWP will no longer occur.
1283 * ---No return code is generated.
1285 * \subsubsection sec2-3-6-5 Section 2.3.6.5: PRE EndCritical _ Exit
1286 * thread critical section
1289 * int PRE EndCritical()
1291 * This macro causes the executing thread to leave a critical section
1292 * previously entered via PRE BeginCritical(). If involuntary preemptions were
1293 * possible before the matching PRE BeginCritical(), they are once again
1296 * ---No return code is generated.
1298 * \page chap3 Chapter 3 -- Rxkad
1301 * \section sec3-1 Section 3.1: Introduction
1304 * The rxkad security module is offered as one of the built-in Rx
1305 * authentication models. It is based on the Kerberos system developed by MIT's
1306 * Project Athena. Readers wishing detailed information regarding Kerberos
1307 * design and implementation are directed to [2]. This chapter is devoted to
1308 * defining how Kerberos authentication services are made available as Rx
1309 * components, and assumes the reader has some familiarity with Kerberos.
1310 * Included are descriptions of how client-side and server-side Rx security
1311 * objects (struct rx securityClass; see Section 5.3.1.1) implementing this
1312 * protocol may be generated by an Rx application. Also, a description appears
1313 * of the set of routines available in the associated struct rx securityOps
1314 * structures, as covered in Section 5.3.1.2. It is strongly recommended that
1315 * the reader become familiar with this section on struct rx securityOps before
1318 * \section sec3-2 Section 3.2: Definitions
1321 * An important set of definitions related to the rxkad security package is
1322 * provided by the rxkad.h include file. Determined here are various values for
1323 * ticket lifetimes, along with structures for encryption keys and Kerberos
1324 * principals. Declarations for the two routines required to generate the
1325 * different rxkad security objects also appear here. The two functions are
1326 * named rxkad NewServerSecurityObject() and rxkad NewClientSecurityObject().
1327 * In addition, type field values, encryption levels, security index
1328 * operations, and statistics structures may be found in this file.
1329 * \section sec3-3 Section 3.3: Exported Objects
1331 * To be usable as an Rx security module, the rxkad facility exports routines
1332 * to create server-side and client-side security objects. The server
1333 * authentication object is incorporated into the server code when calling rx
1334 * NewService(). The client authentication object is incorporated into the
1335 * client code every time a connection is established via rx NewConnection().
1336 * Also, in order to implement these security objects, the rxkad module must
1337 * provide definitions for some subset of the generic security operations as
1338 * defined in the appropriate struct rx securityOps variable.
1340 * \subsection sec3-3-1 Section 3.3.1: Server-Side Mechanisms
1342 * \subsubsection sec3-3-1-1 Section 3.3.1.1: Security Operations
1345 * The server side of the rxkad module fills in all but two of the possible
1346 * routines associated with an Rx security object, as described in Section
1350 * static struct rx_securityOps rxkad_server_ops = {
1352 * rxkad_NewConnection,
1353 * rxkad_PreparePacket, /* Once per packet creation */
1354 * 0, /* Send packet (once per retrans) */
1355 * rxkad_CheckAuthentication,
1356 * rxkad_CreateChallenge,
1357 * rxkad_GetChallenge,
1359 * rxkad_CheckResponse, /* Check data packet */
1360 * rxkad_DestroyConnection,
1366 * The rxkad service does not need to take any special action each time a
1367 * packet belonging to a call in an rxkad Rx connection is physically
1368 * transmitted. Thus, a routine is not supplied for the op SendPacket()
1369 * function slot. Similarly, no preparatory work needs to be done previous to
1370 * the reception of a response packet from a security challenge, so the op
1371 * GetResponse() function slot is also empty.
1373 * \subsubsection sec3-3-1-2 Section 3.3.1.2: Security Object
1376 * The exported routine used to generate an rxkad-specific server-side security
1377 * class object is named rxdad NewServerSecurityObject(). It is declared with
1378 * four parameters, as follows:
1381 * struct rx_securityClass *
1382 * rxkad_NewServerSecurityObject(a_level, a_getKeyRockP, a_getKeyP, a_userOKP)
1383 * rxkad_level a_level; /* Minimum level */
1384 * char *a_getKeyRockP; /* Rock for get_key implementor */
1385 * int (*a_getKeyP)(); /* Passed kvno & addr(key) to fill */
1386 * int (*a_userOKP)(); /* Passed name, inst, cell => bool */
1390 * The first argument specifies the desired level of encryption, and may take
1391 * on the following values (as defined in rxkad.h):
1392 * \li rxkad clear: Specifies that packets are to be sent entirely in the
1393 * clear, without any encryption whatsoever.
1394 * \li rxkad auth: Specifies that packet sequence numbers are to be encrypted.
1395 * \li rxkad crypt: Specifies that the entire data packet is to be encrypted.
1398 * The second and third parameters represent, respectively, a pointer to a
1399 * private data area, sometimes called a "rock", and a procedure reference that
1400 * is called with the key version number accompanying the Kerberos ticket and
1401 * returns a pointer to the server's decryption key. The fourth argument, if
1402 * not null, is a pointer to a function that will be called for every new
1403 * connection with the client's name, instance, and cell. This routine should
1404 * return zero if the user is not acceptable to the server.
1406 * \subsection sec3-3-2 Section 3.3.2: Client-Side Mechanisms
1408 * \subsubsection sec3-3-2-1 Section 3.3.2.1: Security Operations
1411 * The client side of the rxkad module fills in relatively few of the routines
1412 * associated with an Rx security object, as demonstrated below. The general Rx
1413 * security object, of which this is an instance, is described in detail in
1417 * static struct rx_securityOps rxkad_client_ops = {
1419 * rxkad_NewConnection, /* Every new connection */
1420 * rxkad_PreparePacket, /* Once per packet creation */
1421 * 0, /* Send packet (once per retrans) */
1425 * rxkad_GetResponse, /* Respond to challenge packet */
1427 * rxkad_CheckPacket, /* Check data packet */
1428 * rxkad_DestroyConnection,
1437 * As expected, routines are defined for use when someone destroys a security
1438 * object (rxkad Close()) and when an Rx connection using the rxkad model
1439 * creates a new connection (rxkad NewConnection()) or deletes an existing one
1440 * (rxkad DestroyConnection()). Security-specific operations must also be
1441 * performed in behalf of rxkad when packets are created (rxkad
1442 * PreparePacket()) and received (rxkad CheckPacket()). finally, the client
1443 * side of an rxkad security object must also be capable of constructing
1444 * responses to security challenges from the server (rxkad GetResponse()) and
1445 * be willing to reveal statistics on its own operation (rxkad GetStats()).
1447 * \subsubsection sec3-3-2-2 Section 3.3.2.2: Security Object
1450 * The exported routine used to generate an rxkad-specific client-side security
1451 * class object is named rxkad NewClientSecurityObject(). It is declared with
1452 * five parameters, specified below:
1455 * struct rx_securityClass * rxkad_NewClientSecurityObject(
1462 * rxkad_level a_level;
1463 * struct ktc_encryptionKey *a_sessionKeyP;
1470 * The first parameter, a level, specifies the level of encryption desired for
1471 * this security object, with legal choices being identical to those defined
1472 * for the server-side security object described in Section 3.3.1.2. The second
1473 * parameter, a sessionKeyP, provides the session key to use. The ktc
1474 * encryptionKey structure is defined in the rxkad.h include file, and consists
1475 * of an array of 8 characters. The third parameter, a kvno, provides the key
1476 * version number associated with a sessionKeyP. The fourth argument, a
1477 * ticketLen, communicates the length in bytes of the data stored in the fifth
1478 * parameter, a ticketP, which points to the Kerberos ticket to use for the
1479 * principal for which the security object will operate.
1481 * \page chap4 Chapter 4 -- Rx Support Packages
1483 * \section sec4-1 Section 4.1: Introduction
1485 * This chapter documents three packages defined directly in support of the Rx
1487 * \li rx queue: Doubly-linked queue package.
1488 * \li rx clock: Clock package, using the 4.3BSD interval timer.
1489 * \li rx event: Future events package.
1491 * References to constants, structures, and functions defined by these support
1492 * packages will appear in the following API chapter.
1494 * \section sec4-2 Section 4.2: The rx queue Package
1497 * This package provides a doubly-linked queue structure, along with a full
1498 * suite of related operations. The main concern behind the coding of this
1499 * facility was efficiency. All functions are implemented as macros, and it is
1500 * suggested that only simple expressions be used for all parameters.
1502 * The rx queue facility is defined by the rx queue.h include file. Some macros
1503 * visible in this file are intended for rx queue internal use only. An
1504 * understanding of these "hidden" macros is important, so they will also be
1505 * described by this document.
1507 * \subsection sec4-2-1 Section 4.2.1: struct queue
1510 * The queue structure provides the linkage information required to maintain a
1511 * queue of objects. The queue structure is prepended to any user-defined data
1512 * type which is to be organized in this fashion.
1514 * \li struct queue *prev - Pointer to the previous queue header.
1515 * \li struct queue *next - Pointer to the next queue header.
1517 * Note that a null Rx queue consists of a single struct queue object whose
1518 * next and previous pointers refer to itself.
1520 * \subsection sec4-2-2 Section 4.2.2: Internal Operations
1523 * This section describes the internal operations defined for Rx queues. They
1524 * will be referenced by the external operations documented in Section 4.2.3.
1526 * \subsection sec4-2-2-1 Section 4.2.2.1: Q(): Coerce type to a queue
1530 * \#define _Q(x) ((struct queue *)(x))
1532 * This operation coerces the user structure named by x to a queue element. Any
1533 * user structure using the rx queue package must have a struct queue as its
1536 * \subsubsection sec4-2-2-2 Section 4.2.2.2: QA(): Add a queue element
1537 * before/after another element
1540 * \#define _QA(q,i,a,b) (((i->a=q->a)->b=i)->b=q, q->a=i)
1542 * This operation adds the queue element referenced by i either before or after
1543 * a queue element represented by q. If the (a, b) argument pair corresponds to
1544 * an element's (next, prev) fields, the new element at i will be linked after
1545 * q. If the (a, b) argument pair corresponds to an element's (prev, next)
1546 * fields, the new element at i will be linked before q.
1548 * \subsubsection sec4-2-2-3 QR(): Remove a queue element
1551 * \#define _QR(i) ((_Q(i)->prev->next=_Q(i)->next)->prev=_Q(i)->prev)
1553 * This operation removes the queue element referenced by i from its queue. The
1554 * prev and next fields within queue element i itself is not updated to reflect
1555 * the fact that it is no longer part of the queue.
1557 * \subsubsection sec4-2-2-4 QS(): Splice two queues together
1560 * \#define _QS(q1,q2,a,b) if (queue_IsEmpty(q2)); else
1561 * ((((q2->a->b=q1)->a->b=q2->b)->a=q1->a, q1->a=q2->a), queue_Init(q2))
1563 * This operation takes the queues identified by q1 and q2 and splices them
1564 * together into a single queue. The order in which the two queues are appended
1565 * is determined by the a and b arguments. If the (a, b) argument pair
1566 * corresponds to q1's (next, prev) fields, then q2 is appended to q1. If the
1567 * (a, b) argument pair corresponds to q1's (prev, next) fields, then q is
1570 * This internal QS() routine uses two exported queue operations, namely queue
1571 * Init() and queue IsEmpty(), defined in Sections 4.2.3.1 and 4.2.3.16
1572 * respectively below.
1574 * \subsection sec4-2-3 Section 4.2.3: External Operations
1576 * \subsubsection sec4-2-3-1 Section 4.2.3.1: queue Init(): Initialize a
1580 * \#define queue_Init(q) (_Q(q))->prev = (_Q(q))->next = (_Q(q))
1582 * The queue header referred to by the q argument is initialized so that it
1583 * describes a null (empty) queue. A queue head is simply a queue element.
1585 * \subsubsection sec4-2-3-2 Section 4.2.3.2: queue Prepend(): Put element
1586 * at the head of a queue
1589 * \#define queue_Prepend(q,i) _QA(_Q(q),_Q(i),next,prev)
1591 * Place queue element i at the head of the queue denoted by q. The new queue
1592 * element, i, should not currently be on any queue.
1594 * \subsubsection sec4-2-3-3 Section 4.2.3.3: queue Append(): Put an
1595 * element a the tail of a queue
1598 * \#define queue_Append(q,i) _QA(_Q(q),_Q(i),prev,next)
1600 * Place queue element i at the tail of the queue denoted by q. The new queue
1601 * element, i, should not currently be on any queue.
1603 * \subsection sec4-2-3-4 Section 4.2.3.4: queue InsertBefore(): Insert a
1604 * queue element before another element
1607 * \#define queue_InsertBefore(i1,i2) _QA(_Q(i1),_Q(i2),prev,next)
1609 * Insert queue element i2 before element i1 in i1's queue. The new queue
1610 * element, i2, should not currently be on any queue.
1612 * \subsubsection sec4-2-3-5 Section 4.2.3.5: queue InsertAfter(): Insert
1613 * a queue element after another element
1616 * \#define queue_InsertAfter(i1,i2) _QA(_Q(i1),_Q(i2),next,prev)
1618 * Insert queue element i2 after element i1 in i1's queue. The new queue
1619 * element, i2, should not currently be on any queue.
1621 * \subsubsection sec4-2-3-6 Section: 4.2.3.6: queue SplicePrepend():
1622 * Splice one queue before another
1625 * \#define queue_SplicePrepend(q1,q2) _QS(_Q(q1),_Q(q2),next,prev)
1627 * Splice the members of the queue located at q2 to the beginning of the queue
1628 * located at q1, reinitializing queue q2.
1630 * \subsubsection sec4-2-3-7 Section 4.2.3.7: queue SpliceAppend(): Splice
1631 * one queue after another
1634 * \#define queue_SpliceAppend(q1,q2) _QS(_Q(q1),_Q(q2),prev,next)
1636 * Splice the members of the queue located at q2 to the end of the queue
1637 * located at q1, reinitializing queue q2. Note that the implementation of
1638 * queue SpliceAppend() is identical to that of queue SplicePrepend() except
1639 * for the order of the next and prev arguments to the internal queue splicer,
1642 * \subsubsection sec4-2-3-8 Section 4.2.3.8: queue Replace(): Replace the
1643 * contents of a queue with that of another
1646 * \#define queue_Replace(q1,q2) (*_Q(q1) = *_Q(q2),
1647 * \n _Q(q1)->next->prev = _Q(q1)->prev->next = _Q(q1),
1648 * \n queue_Init(q2))
1650 * Replace the contents of the queue located at q1 with the contents of the
1651 * queue located at q2. The prev and next fields from q2 are copied into the
1652 * queue object referenced by q1, and the appropriate element pointers are
1653 * reassigned. After the replacement has occurred, the queue header at q2 is
1656 * \subsubsection sec4-2-3-9 Section 4.2.3.9: queue Remove(): Remove an
1657 * element from its queue
1660 * \#define queue_Remove(i) (_QR(i), _Q(i)->next = 0)
1662 * This function removes the queue element located at i from its queue. The
1663 * next field for the removed entry is zeroed. Note that multiple removals of
1664 * the same queue item are not supported.
1666 * \subsubsection sec4-2-3-10 Section 4.2.3.10: queue MoveAppend(): Move
1667 * an element from its queue to the end of another queue
1670 * \#define queue_MoveAppend(q,i) (_QR(i), queue_Append(q,i))
1672 * This macro removes the queue element located at i from its current queue.
1673 * Once removed, the element at i is appended to the end of the queue located
1676 * \subsubsection sec4-2-3-11 Section 4.2.3.11: queue MovePrepend(): Move
1677 * an element from its queue to the head of another queue
1680 * \#define queue_MovePrepend(q,i) (_QR(i), queue_Prepend(q,i))
1682 * This macro removes the queue element located at i from its current queue.
1683 * Once removed, the element at i is inserted at the head fo the queue located
1686 * \subsubsection sec4-2-3-12 Section 4.2.3.12: queue first(): Return the
1687 * first element of a queue, coerced to a particular type
1690 * \#define queue_first(q,s) ((struct s *)_Q(q)->next)
1692 * Return a pointer to the first element of the queue located at q. The
1693 * returned pointer value is coerced to conform to the given s structure. Note
1694 * that a properly coerced pointer to the queue head is returned if q is empty.
1696 * \subsubsection sec4-2-3-13 Section 4.2.3.13: queue Last(): Return the
1697 * last element of a queue, coerced to a particular type
1700 * \#define queue_Last(q,s) ((struct s *)_Q(q)->prev)
1702 * Return a pointer to the last element of the queue located at q. The returned
1703 * pointer value is coerced to conform to the given s structure. Note that a
1704 * properly coerced pointer to the queue head is returned if q is empty.
1706 * \subsubsection sec4-2-3-14 Section 4.2.3.14: queue Next(): Return the
1707 * next element of a queue, coerced to a particular type
1710 * \#define queue_Next(i,s) ((struct s *)_Q(i)->next)
1712 * Return a pointer to the queue element occuring after the element located at
1713 * i. The returned pointer value is coerced to conform to the given s
1714 * structure. Note that a properly coerced pointer to the queue head is
1715 * returned if item i is the last in its queue.
1717 * \subsubsection sec4-2-3-15 Section 4.2.3.15: queue Prev(): Return the
1718 * next element of a queue, coerced to a particular type
1721 * \#define queue_Prev(i,s) ((struct s *)_Q(i)->prev)
1723 * Return a pointer to the queue element occuring before the element located at
1724 * i. The returned pointer value is coerced to conform to the given s
1725 * structure. Note that a properly coerced pointer to the queue head is
1726 * returned if item i is the first in its queue.
1728 * \subsubsection sec4-2-3-16 Section 4.2.3.16: queue IsEmpty(): Is the
1729 * given queue empty?
1732 * \#define queue_IsEmpty(q) (_Q(q)->next == _Q(q))
1734 * Return a non-zero value if the queue located at q does not have any elements
1735 * in it. In this case, the queue consists solely of the queue header at q
1736 * whose next and prev fields reference itself.
1738 * \subsubsection sec4-2-3-17 Section 4.2.3.17: queue IsNotEmpty(): Is the
1739 * given queue not empty?
1742 * \#define queue_IsNotEmpty(q) (_Q(q)->next != _Q(q))
1744 * Return a non-zero value if the queue located at q has at least one element
1745 * in it other than the queue header itself.
1747 * \subsubsection sec4-2-3-18 Section 4.2.3.18: queue IsOnQueue(): Is an
1748 * element currently queued?
1751 * \#define queue_IsOnQueue(i) (_Q(i)->next != 0)
1753 * This macro returns a non-zero value if the queue item located at i is
1754 * currently a member of a queue. This is determined by examining its next
1755 * field. If it is non-null, the element is considered to be queued. Note that
1756 * any element operated on by queue Remove() (Section 4.2.3.9) will have had
1757 * its next field zeroed. Hence, it would cause a non-zero return from this
1760 * \subsubsection sec4-2-3-19 Section 4.2.3.19: queue Isfirst(): Is an
1761 * element the first on a queue?
1764 * \#define queue_Isfirst(q,i) (_Q(q)->first == _Q(i))
1766 * This macro returns a non-zero value if the queue item located at i is the
1767 * first element in the queue denoted by q.
1769 * \subsubsection sec4-2-3-20 Section 4.2.3.20: queue IsLast(): Is an
1770 * element the last on a queue?
1773 * \#define queue_IsLast(q,i) (_Q(q)->prev == _Q(i))
1775 * This macro returns a non-zero value if the queue item located at i is the
1776 * last element in the queue denoted by q.
1778 * \subsubsection sec4-2-3-21 Section 4.2.3.21: queue IsEnd(): Is an
1779 * element the end of a queue?
1782 * \#define queue_IsEnd(q,i) (_Q(q) == _Q(i))
1784 * This macro returns a non-zero value if the queue item located at i is the
1785 * end of the queue located at q. Basically, it determines whether a queue
1786 * element in question is also the queue header structure itself, and thus does
1787 * not represent an actual queue element. This function is useful for
1788 * terminating an iterative sweep through a queue, identifying when the search
1789 * has wrapped to the queue header.
1791 * \subsubsection sec4-2-3-22 Section 4.2.3.22: queue Scan(): for loop
1792 * test for scanning a queue in a forward direction
1795 * \#define queue_Scan(q, qe, next, s)
1796 * \n (qe) = queue_first(q, s), next = queue_Next(qe, s);
1797 * \n !queue_IsEnd(q, qe);
1798 * \n (qe) = (next), next = queue_Next(qe, s)
1800 * This macro may be used as the body of a for loop test intended to scan
1801 * through each element in the queue located at q. The qe argument is used as
1802 * the for loop variable. The next argument is used to store the next value for
1803 * qe in the upcoming loop iteration. The s argument provides the name of the
1804 * structure to which each queue element is to be coerced. Thus, the values
1805 * provided for the qe and next arguments must be of type (struct s *).
1807 * An example of how queue Scan() may be used appears in the code fragment
1808 * below. It declares a structure named mystruct, which is suitable for
1809 * queueing. This queueable structure is composed of the queue pointers
1810 * themselves followed by an integer value. The actual queue header is kept in
1811 * demoQueue, and the currItemP and nextItemP variables are used to step
1812 * through the demoQueue. The queue Scan() macro is used in the for loop to
1813 * generate references in currItemP to each queue element in turn for each
1814 * iteration. The loop is used to increment every queued structure's myval
1822 * struct queue demoQueue;
1823 * struct mystruct *currItemP, *nextItemP;
1825 * for (queue_Scan(&demoQueue, currItemP, nextItemP, mystruct)) {
1826 * currItemP->myval++;
1831 * Note that extra initializers can be added before the body of the queue
1832 * Scan() invocation above, and extra expressions can be added afterwards.
1834 * \subsubsection sec4-2-3-23 Section 4.2.3.23: queue ScanBackwards(): for
1835 * loop test for scanning a queue in a reverse direction
1838 * #define queue_ScanBackwards(q, qe, prev, s)
1839 * \n (qe) = queue_Last(q, s), prev = queue_Prev(qe, s);
1840 * \n !queue_IsEnd(q, qe);
1841 * \n (qe) = prev, prev = queue_Prev(qe, s)
1843 * This macro is identical to the queue Scan() macro described above in Section
1844 * 4.2.3.22 except for the fact that the given queue is scanned backwards,
1845 * starting at the last item in the queue.
1847 * \section sec4-3 Section 4.3: The rx clock Package
1850 * This package maintains a clock which is independent of the time of day. It
1851 * uses the unix 4.3BSD interval timer (e.g., getitimer(), setitimer()) in
1852 * TIMER REAL mode. Its definition and interface may be found in the rx clock.h
1855 * \subsection sec4-3-1 Section 4.3.1: struct clock
1858 * This structure is used to represent a clock value as understood by this
1859 * package. It consists of two fields, storing the number of seconds and
1860 * microseconds that have elapsed since the associated clock Init() routine has
1864 * \n long sec -Seconds since call to clock Init().
1865 * \n long usec -Microseconds since call to clock Init().
1867 * \subsection sec4-3-2 Section 4.3.12: clock nUpdates
1870 * The integer-valued clock nUpdates is a variable exported by the rx clock
1871 * facility. It records the number of times the clock value is actually
1872 * updated. It is bumped each time the clock UpdateTime() routine is called, as
1873 * described in Section 4.3.3.2.
1875 * \subsection sec4-3-3 Section 4.3.3: Operations
1877 * \subsubsection sec4-3-3-1 Section 4.3.3.1: clock Init(): Initialize the
1881 * This routine uses the unix setitimer() call to initialize the unix interval
1882 * timer. If the setitimer() call fails, an error message will appear on
1883 * stderr, and an exit(1) will be executed.
1885 * \subsubsection sec4-3-3-2 Section 4.3.3.2: clock UpdateTime(): Compute
1889 * The clock UpdateTime() function calls the unix getitimer() routine in order
1890 * to update the current time. The exported clock nUpdates variable is
1891 * incremented each time the clock UpdateTime() routine is called.
1893 * \subsubsection sec4-3-3-3 Section 4.3.3.3: clock GetTime(): Return the
1894 * current clock time
1897 * This macro updates the current time if necessary, and returns the current
1898 * time into the cv argument, which is declared to be of type (struct clock *).
1899 * 4.3.3.4 clock Sec(): Get the current clock time, truncated to seconds
1900 * This macro returns the long value of the sec field of the current time. The
1901 * recorded time is updated if necessary before the above value is returned.
1903 * \subsubsection sec4-3-3-5 Section 4.3.3.5: clock ElapsedTime(): Measure
1904 * milliseconds between two given clock values
1907 * This macro returns the elapsed time in milliseconds between the two clock
1908 * structure pointers provided as arguments, cv1 and cv2.
1910 * \subsubsection sec4-3-3-6 Section 4.3.3.6: clock Advance(): Advance the
1911 * recorded clock time by a specified clock value
1914 * This macro takes a single (struct clock *) pointer argument, cv, and adds
1915 * this clock value to the internal clock value maintined by the package.
1917 * \subsubsection sec4-3-3-7 Section 4.3.3.7: clock Gt(): Is a clock value
1918 * greater than another?
1921 * This macro takes two parameters of type (struct clock *), a and b. It
1922 * returns a nonzero value if the a parameter points to a clock value which is
1923 * later than the one pointed to by b.
1925 * \subsubsection sec4-3-3-8 Section 4.3.3.8: clock Ge(): Is a clock value
1926 * greater than or equal to another?
1929 * This macro takes two parameters of type (struct clock *), a and b. It
1930 * returns a nonzero value if the a parameter points to a clock value which is
1931 * greater than or equal to the one pointed to by b.
1933 * \subsubsection sec4-3-3-9 Section 4.3.3.9: clock Gt(): Are two clock
1937 * This macro takes two parameters of type (struct clock *), a and b. It
1938 * returns a non-zero value if the clock values pointed to by a and b are
1941 * \subsubsection sec4.3.3.10 Section 4.3.3.10: clock Le(): Is a clock
1942 * value less than or equal to another?
1945 * This macro takes two parameters of type (struct clock *), a and b. It
1946 * returns a nonzero value if the a parameter points to a clock value which is
1947 * less than or equal to the one pointed to by b.
1949 * \subsubsection sec4-3-3-11 Section 4.3.3.11: clock Lt(): Is a clock
1950 * value less than another?
1953 * This macro takes two parameters of type (struct clock *), a and b. It
1954 * returns a nonzero value if the a parameter points to a clock value which is
1955 * less than the one pointed to by b.
1957 * \subsubsection sec4-3-3-12 Section 4.3.3.12: clock IsZero(): Is a clock
1961 * This macro takes a single parameter of type (struct clock *), c. It returns
1962 * a non-zero value if the c parameter points to a clock value which is equal
1965 * \subsubsection sec4-3-3-13 Section 4.3.3.13: clock Zero(): Set a clock
1969 * This macro takes a single parameter of type (struct clock *), c. It sets the
1970 * given clock value to zero.
1971 * \subsubsection sec4-3-3-14 Section 4.3.3.14: clock Add(): Add two clock
1974 * This macro takes two parameters of type (struct clock *), c1 and c2. It adds
1975 * the value of the time in c2 to c1. Both clock values must be positive.
1977 * \subsubsection sec4-3-3-15 Section 4.3.3.15: clock Sub(): Subtract two
1981 * This macro takes two parameters of type (struct clock *), c1 and c2. It
1982 * subtracts the value of the time in c2 from c1. The time pointed to by c2
1983 * should be less than the time pointed to by c1.
1985 * \subsubsection sec4-3-3-16 Section 4.3.3.16: clock Float(): Convert a
1986 * clock time into floating point
1989 * This macro takes a single parameter of type (struct clock *), c. It
1990 * expresses the given clock value as a floating point number.
1992 * \section sec4-4 Section 4.4: The rx event Package
1995 * This package maintains an event facility. An event is defined to be
1996 * something that happens at or after a specified clock time, unless cancelled
1997 * prematurely. The clock times used are those provided by the rx clock
1998 * facility described in Section 4.3 above. A user routine associated with an
1999 * event is called with the appropriate arguments when that event occurs. There
2000 * are some restrictions on user routines associated with such events. first,
2001 * this user-supplied routine should not cause process preemption. Also, the
2002 * event passed to the user routine is still resident on the event queue at the
2003 * time of invocation. The user must not remove this event explicitly (via an
2004 * event Cancel(), see below). Rather, the user routine may remove or schedule
2005 * any other event at this time.
2007 * The events recorded by this package are kept queued in order of expiration
2008 * time, so that the first entry in the queue corresponds to the event which is
2009 * the first to expire. This interface is defined by the rx event.h include
2012 * \subsection sec4-4-1 Section 4.4.1: struct rxevent
2015 * This structure defines the format of an Rx event record.
2018 * \n struct queue junk -The queue to which this event belongs.
2019 * \n struct clock eventTime -The clock time recording when this event comes
2021 * \n int (*func)() -The user-supplied function to call upon expiration.
2022 * \n char *arg -The first argument to the (*func)() function above.
2023 * \n char *arg1 -The second argument to the (*func)() function above.
2025 * \subsection sec4-4-2 Section 4.4.2: Operations
2028 * This section covers the interface routines provided for the Rx event
2031 * \subsubsection sec4-4-2-1 Section 4.4.2.1: rxevent Init(): Initialize
2035 * The rxevent Init() routine takes two arguments. The first, nEvents, is an
2036 * integer-valued parameter which specifies the number of event structures to
2037 * allocate at one time. This specifies the appropriate granularity of memory
2038 * allocation by the event package. The second parameter, scheduler, is a
2039 * pointer to an integer-valued function. This function is to be called when an
2040 * event is posted (added to the set of events managed by the package) that is
2041 * scheduled to expire before any other existing event.
2043 * This routine sets up future event allocation block sizes, initializes the
2044 * queues used to manage active and free event structures, and recalls that an
2045 * initialization has occurred. Thus, this function may be safely called
2048 * \subsubsection sec4-4-2-2 Section 4.4.2.2: rxevent Post(): Schedule an
2052 * This function constructs a new event based on the information included in
2053 * its parameters and then schedules it. The rxevent Post() routine takes four
2054 * parameters. The first is named when, and is of type (struct clock *). It
2055 * specifies the clock time at which the event is to occur. The second
2056 * parameter is named func and is a pointer to the integer-valued function to
2057 * associate with the event that will be created. When the event comes due,
2058 * this function will be executed by the event package. The next two arguments
2059 * to rxevent Post() are named arg and arg1, and are both of type (char *).
2060 * They serve as the two arguments thath will be supplied to the func routine
2061 * when the event comes due.
2063 * If the given event is set to take place before any other event currently
2064 * posted, the scheduler routine established when the rxevent Init() routine
2065 * was called will be executed. This gives the application a chance to react to
2066 * this new event in a reasonable way. One might expect that this scheduler
2067 * routine will alter sleep times used by the application to make sure that it
2068 * executes in time to handle the new event.
2070 * \subsubsection sec4-4-2-3 Section 4.4.2.3: rxevent Cancel 1(): Cancel
2071 * an event (internal use)
2074 * This routine removes an event from the set managed by this package. It takes
2075 * a single parameter named ev of type (struct rxevent *). The ev argument
2076 * identifies the pending event to be cancelled.
2078 * The rxevent Cancel 1() routine should never be called directly. Rather, it
2079 * should be accessed through the rxevent Cancel() macro, described in Section
2082 * \subsubsection sec4-4-2-4 Section 4.4.2.4: rxevent Cancel(): Cancel an
2083 * event (external use)
2086 * This macro is the proper way to call the rxevent Cancel 1() routine
2087 * described in Section 4.4.2.3 above. Like rxevent Cancel 1(), it takes a
2088 * single argument. This event ptr argument is of type (struct rxevent *), and
2089 * identi#es the pending event to be cancelled. This macro #rst checks to see
2090 * if event ptr is null. If not, it calls rxevent Cancel 1() to perform the
2091 * real work. The event ptr argument is zeroed after the cancellation operation
2094 * \subsubsection sec4-4-2-5 Section 4.4.2.4: rxevent RaiseEvents():
2095 * Initialize the event package
2098 * This function processes all events that have expired relative to the current
2099 * clock time maintained by the event package. Each qualifying event is removed
2100 * from the queue in order, and its user-supplied routine (func()) is executed
2101 * with the associated arguments.
2103 * The rxevent RaiseEvents() routine takes a single output parameter named
2104 * next, defined to be of type (struct clock *). Upon completion of rxevent
2105 * RaiseEvents(), the relative time to the next event due to expire is placed
2106 * in next. This knowledge may be used to calculate the amount of sleep time
2107 * before more event processing is needed. If there is no recorded event which
2108 * is still pending at this point, rxevent RaiseEvents() returns a zeroed clock
2111 * \subsubsection sec4-4-2-6 Section 4.4.2.6: rxevent TimeToNextEvent():
2112 * Get amount of time until the next event expires
2115 * This function returns the time between the current clock value as maintained
2116 * by the event package and the the next event's expiration time. This
2117 * information is placed in the single output argument,interval, defined to be
2118 * of type (struct clock *). The rxevent TimeToNextEvent() function returns
2119 * integer-valued quantities. If there are no scheduled events, a zero is
2120 * returned. If there are one or more scheduled events, a 1 is returned. If
2121 * zero is returned, the interval argument is not updated.
2123 * \page chap5 Chapter 5 -- Programming Interface
2125 * \section sec5-1 Section 5.1: Introduction
2128 * This chapter documents the API for the Rx facility. Included are
2129 * descriptions of all the constants, structures, exported variables, macros,
2130 * and interface functions available to the application programmer. This
2131 * interface is identical regardless of whether the application lives within
2132 * the unix kernel or above it.
2134 * This chapter actually provides more information than what may be strictly
2135 * considered the Rx API. Many objects that were intended to be opaque and for
2136 * Rx internal use only are also described here. The reason driving the
2137 * inclusion of this "extra" information is that such exported Rx interface
2138 * files as rx.h make these objects visible to application programmers. It is
2139 * prefereable to describe these objects here than to ignore them and leave
2140 * application programmers wondering as to their meaning.
2142 * An example application illustrating the use of this interface, showcasing
2143 * code from both server and client sides, appears in the following chapter.
2145 * \section sec5-2 Section 5.2: Constants
2148 * This section covers the basic constant definitions of interest to the Rx
2149 * application programmer. Each subsection is devoted to describing the
2150 * constants falling into the following categories:
2151 * \li Configuration quantities
2152 * \li Waiting options
2153 * \li Connection ID operations
2154 * \li Connection flags
2155 * \li Connection types
2159 * \li Packet header flags
2162 * \li Packet classes
2163 * \li Conditions prompting ack packets
2166 * \li Debugging values
2168 * An attempt has been made to relate these constant definitions to the objects
2169 * or routines that utilize them.
2171 * \subsection sec5-2-1 Section 5.2.1: Configuration Quantities
2174 * These definitions provide some basic Rx configuration parameters, including
2175 * the number of simultaneous calls that may be handled on a single connection,
2176 * lightweight thread parameters, and timeouts for various operations.
2183 * Default idle dead time for connections, in seconds.
2190 * The maximum number of Rx services that may be installed within one
2194 * RX PROCESS MAXCALLS
2198 * The maximum number of asynchronous calls active simultaneously on any given
2199 * Rx connection. This value must be set to a power of two.
2202 * RX DEFAULT STACK SIZE
2206 * Default lightweight thread stack size, measured in bytes. This value may be
2207 * overridden by calling the rx_SetStackSize() macro.
2210 * RX PROCESS PRIORITY
2212 * LWP NORMAL PRIORITY
2214 * This is the priority under which an Rx thread should run. There should not
2215 * generally be any reason to change this setting.
2218 * RX CHALLENGE TIMEOUT
2222 * The number of seconds before another authentication request packet is
2230 * Maximum number of individual acknowledgements that may be carried in an Rx
2231 * acknowledgement packet.
2233 * \subsection sec5-2-2 Section 5.2.2: Waiting Options
2236 * These definitions provide readable values indicating whether an operation
2237 * should block when packet buffer resources are not available.
2244 * Wait until the associated operation completes.
2251 * Don't wait if the associated operation would block.
2253 * \subsection sec5-2-3 Section 5.2.3: Connection ID Operations
2256 * These values assist in extracting the call channel number from a connection
2257 * identifier. A call channel is the index of a particular asynchronous call
2258 * structure within a single Rx connection.
2265 * Number of bits to right-shift to isolate a connection ID. Must be set to
2266 * the log (base two) of RX MAXCALLS.
2273 * Mask used to isolate a call channel from a connection ID field.
2280 * Mask used to isolate the connection ID from its field, masking out the call
2281 * channel information.
2283 * \subsection sec5-2-4 Section 5.2.4: Connection Flags
2286 * The values defined here appear in the flags field of Rx connections, as
2287 * defined by the rx connection structure described in Section 5.3.2.2.
2290 * RX CONN MAKECALL WAITING
2294 * rx MakeCall() is waiting for a channel.
2297 * RX CONN DESTROY ME
2301 * Destroy this (client) connection after its last call completes.
2304 * RX CONN USING PACKET CKSUM
2308 * This packet is using security-related check-summing (a non-zero header,
2309 * spare field has been seen.)
2311 * \subsection sec5-2-5 Section 5.2.5: Connection Types
2314 * Rx stores different information in its connection structures, depending on
2315 * whether the given connection represents the server side (the one providing
2316 * the service) or the client side (the one requesting the service) of the
2317 * protocol. The type field within the connection structure (described in
2318 * Section 5.3.2.2) takes on the following values to differentiate the two
2319 * types of connections, and identifies the fields that are active within the
2320 * connection structure.
2323 * RX CLIENT CONNECTION
2327 * This is a client-side connection.
2334 * This is a server-side connection.
2336 * \subsection sec5-2-6 Section 5.2.6: Call States
2339 * An Rx call on a particular connection may be in one of several states at any
2340 * instant in time. The following definitions identify the range of states that
2341 * a call may assume.
2348 * The call structure has never been used, and is thus still completely
2356 * A call is not yet in progress, but packets have arrived for it anyway. This
2357 * only applies to calls within server-side connections.
2364 * This call is fully active, having an attached lightweight thread operating
2372 * The call structure is "dallying" after its lightweight thread has completed
2373 * its most recent call. This is a "hot-standby" condition, where the call
2374 * structure preserves state from the previous call and thus optimizes the
2375 * arrival of further, related calls.
2377 * \subsection sec5-2-7 Section 5.2.7: Call Flags:
2380 * These values are used within the flags field of a variable declared to be of
2381 * type struct rx call, as described in Section 5.3.2.4. They provide
2382 * additional information as to the state of the given Rx call, such as the
2383 * type of event for which it is waiting (if any) and whether or not all
2384 * incoming packets have been received in support of the call.
2387 * RX CALL READER WAIT
2391 * Reader is waiting for next packet.
2394 * RX CALL WAIT WINDOW ALLOC
2398 * Sender is waiting for a window so that it can allocate buffers.
2401 * RX CALL WAIT WINDOW SEND
2405 * Sender is waiting for a window so that it can send buffers.
2408 * RX CALL WAIT PACKETS
2412 * Sender is waiting for packet buffers.
2415 * RX CALL RECEIVE DONE
2419 * The call is waiting for a lightweight thread to be assigned to the operation
2420 * it has just received.
2423 * RX CALL RECEIVE DONE
2427 * All packets have been received on this call.
2434 * The receive queue has been cleared when in precall state.
2436 * \subsection sec5-2-8 Section 5.2.8: Call Modes
2439 * These values define the modes of an Rx call when it is in the RX STATE
2440 * ACTIVE state, having a lightweight thread assigned to it.
2447 * We are sending or ready to send.
2454 * We are receiving or ready to receive.
2461 * Something went wrong in the current conversation.
2468 * The server side has flushed (or the client side has read) the last reply
2471 * \subsection sec5-2-9 Section 5.2.9: Packet Header Flags
2474 * Rx packets carry a flag field in their headers, providing additional
2475 * information regarding the packet's contents. The Rx packet header's flag
2476 * field's bits may take the following values:
2479 * RX CLIENT INITIATED
2483 * Signifies that a packet has been sent/received from the client side of the
2491 * The Rx calls' peer entity requests an acknowledgement.
2498 * This is the final packet from this side of the call.
2505 * There are more packets following this, i.e., the next sequence number seen
2506 * by the receiver should be greater than this one, rather than a
2507 * retransmission of an earlier sequence number.
2512 * (RX CLIENT INITIATED | RX LAST PACKET)
2514 * This flag is preset once per Rx packet. It doesn't change on retransmission
2517 * \subsection sec5-3-10 Section 5.2.10: Packet Sizes
2520 * These values provide sizing information on the various regions within Rx
2521 * packets. These packet sections include the IP/UDP headers and bodies as well
2522 * Rx header and bodies. Also covered are such values as different maximum
2523 * packet sizes depending on whether they are targeted to peers on the same
2524 * local network or a more far-flung network. Note that the MTU term appearing
2525 * below is an abbreviation for Maximum Transmission Unit.
2532 * The number of bytes taken up by IP/UDP headers.
2535 * RX MAX PACKET SIZE
2537 * (1500 - RX IPUDP SIZE)
2539 * This is the Ethernet MTU minus IP and UDP header sizes.
2544 * sizeof (struct rx header)
2546 * The number of bytes in an Rx packet header.
2549 * RX MAX PACKET DATA SIZE
2551 * (RX MAX PACKET SIZE RX - HEADER SIZE)
2553 * Maximum size in bytes of the user data in a packet.
2556 * RX LOCAL PACKET SIZE
2558 * RX MAX PACKET SIZE
2560 * Packet size in bytes to use when being sent to a host on the same net.
2563 * RX REMOTE PACKET SIZE
2565 * (576 - RX IPUDP SIZE)
2567 * Packet size in bytes to use when being sent to a host on a different net.
2569 * \subsection sec5-2-11 Section 5.2.11: Packet Types
2572 * The following values are used in the packetType field within a struct rx
2573 * packet, and define the different roles assumed by Rx packets. These roles
2574 * include user data packets, different flavors of acknowledgements, busies,
2575 * aborts, authentication challenges and responses, and debugging vehicles.
2578 * RX PACKET TYPE DATA
2582 * A user data packet.
2585 * RX PACKET TYPE ACK
2589 * Acknowledgement packet.
2592 * RX PACKET TYPE BUSY
2596 * Busy packet. The server-side entity cannot accept the call at the moment,
2597 * but the requestor is encouraged to try again later.
2600 * RX PACKET TYPE ABORT
2604 * Abort packet. No response is needed for this packet type.
2607 * RX PACKET TYPE ACKALL
2611 * Acknowledges receipt of all packets on a call.
2614 * RX PACKET TYPE CHALLENGE
2618 * Challenge the client's identity, requesting credentials.
2621 * RX PACKET TYPE RESPONSE
2625 * Response to a RX PACKET TYPE CHALLENGE authentication challenge packet.
2628 * RX PACKET TYPE DEBUG
2632 * Request for debugging information.
2639 * The number of Rx packet types defined above. Note that it also includes
2640 * packet type 0 (which is unused) in the count.
2643 * The RX PACKET TYPES definition provides a mapping of the above values to
2644 * human-readable string names, and is exported by the rx packetTypes variable
2645 * catalogued in Section 5.4.9.
2660 * \subsection sec5-2-12 Section 5.2.12: Packet Classes
2663 * These definitions are used internally to manage alloction of Rx packet
2664 * buffers according to quota classifications. Each packet belongs to one of
2665 * the following classes, and its buffer is derived from the corresponding
2669 * RX PACKET CLASS RECEIVE
2673 * Receive packet for user data.
2676 * RX PACKET CLASS SEND
2680 * Send packet for user data.
2683 * RX PACKET CLASS SPECIAL
2687 * A special packet that does not hold user data, such as an acknowledgement or
2688 * authentication challenge.
2691 * RX N PACKET CLASSES
2695 * The number of Rx packet classes defined above.
2697 * \subsection sec5-2-13 Section 5.2.13: Conditions Prompting Ack Packets
2700 * Rx acknowledgement packets are constructed and sent by the protocol
2701 * according to the following reasons. These values appear in the Rx packet
2702 * header of the ack packet itself.
2709 * The peer has explicitly requested an ack on this packet.
2716 * A duplicate packet has been received.
2719 * RX ACK OUT OF SEQUENCE
2723 * A packet has arrived out of sequence.
2726 * RX ACK EXCEEDS WINDOW
2730 * A packet sequence number higher than maximum value allowed by the call's
2731 * window has been received.
2738 * No packet buffer space is available.
2745 * Acknowledgement for keep-alive purposes.
2748 * RX ACK PING RESPONSE
2752 * Response to a RX ACK PING packet.
2759 * An ack generated due to a period of inactivity after normal packet
2762 * \subsection 5-2-14 Section 5.2.14: Acknowledgement Types
2765 * These are the set of values placed into the acks array in an Rx
2766 * acknowledgement packet, whose data format is defined by struct rx ackPacket.
2767 * These definitions are used to convey positive or negative acknowledgements
2768 * for a given range of packets.
2775 * Receiver doesn't currently have the associated packet; it may never hae been
2776 * received, or received and then later dropped before processing.
2783 * Receiver has the associated packet queued, although it may later decide to
2786 * \subsection sec5-2-15 Section 5.2.15: Error Codes
2789 * Rx employs error codes ranging from -1 to -64. The Rxgen stub generator may
2790 * use other error codes less than -64. User programs calling on Rx, on the
2791 * other hand, are expected to return positive error codes. A return value of
2792 * zero is interpreted as an indication that the given operation completed
2800 * A connection has been inactive past Rx's tolerance levels and has been shut
2804 * RX INVALID OPERATION
2808 * An invalid operation has been attempted, including such protocol errors as
2809 * having a client-side call send data after having received the beginning of a
2810 * reply from its server-side peer.
2817 * The (optional) timeout value placed on this call has been exceeded (see
2818 * Sections 5.5.3.4 and 5.6.5).
2825 * Unexpected end of data on a read operation.
2832 * An unspecified low-level Rx protocol error has occurred.
2839 * A generic user abort code, used when no more specific error code needs to be
2840 * communicated. For example, Rx clients employing the multicast feature (see
2841 * Section 1.2.8) take advantage of this error code.
2843 * \subsection sec5-2-16 Section 5.2.16: Debugging Values
2846 * Rx provides a set of data collections that convey information about its
2847 * internal status and performance. The following values have been defined in
2848 * support of this debugging and statistics-collection feature.
2850 * \subsubsection sec5-3-16-1 Section 5.2.16.1: Version Information
2853 * Various versions of the Rx debugging/statistics interface are in existance,
2854 * each defining different data collections and handling certain bugs. Each Rx
2855 * facility is stamped with a version number of its debugging/statistics
2856 * interface, allowing its clients to tailor their requests to the precise data
2857 * collections that are supported by a particular Rx entity, and to properly
2858 * interpret the data formats received through this interface. All existing Rx
2859 * implementations should be at revision M.
2862 * RX DEBUGI VERSION MINIMUM
2866 * The earliest version of Rx statistics available.
2873 * The latest version of Rx statistics available.
2876 * RX DEBUGI VERSION W SECSTATS
2880 * Identifies the earliest version in which statistics concerning Rx security
2881 * objects is available.
2884 * RX DEBUGI VERSION W GETALLCONN
2888 * The first version that supports getting information about all current Rx
2889 * connections, as specified y the RX DEBUGI GETALLCONN debugging request
2890 * packet opcode described below.
2893 * RX DEBUGI VERSION W RXSTATS
2897 * The first version that supports getting all the Rx statistics in one
2898 * operation, as specified by the RX DEBUGI RXSTATS debugging request packet
2899 * opcode described below.
2902 * RX DEBUGI VERSION W UNALIGNED CONN
2906 * There was an alignment problem discovered when returning Rx connection
2907 * information in older versions of this debugging/statistics interface. This
2908 * identifies the last version that exhibited this alignment problem.
2910 * \subsubsection sec5-2-16-2 Section 5.2.16.2: Opcodes
2913 * When requesting debugging/statistics information, the caller specifies one
2914 * of the following supported data collections:
2917 * RX DEBUGI GETSTATS
2921 * Get basic Rx statistics.
2928 * Get information on all Rx connections considered "interesting" (as defined
2929 * below), and no others.
2932 * RX DEBUGI GETALLCONN
2936 * Get information on all existing Rx connection structures, even
2937 * "uninteresting" ones.
2944 * Get all available Rx stats.
2947 * An Rx connection is considered "interesting" if it is waiting for a call
2948 * channel to free up or if it has been marked for destruction. If neither is
2949 * true, a connection is still considered interesting if any of its call
2950 * channels is actively handling a call or in its preparatory pre-call state.
2951 * Failing all the above conditions, a connection is still tagged as
2952 * interesting if any of its call channels is in either of the RX MODE SENDING
2953 * or RX MODE RECEIVING modes, which are not allowed when the call is not
2956 * \subsubsection sec5-2-16-3 Section 5.2.16.3: Queuing
2959 * These two queueing-related values indicate whether packets are present on
2960 * the incoming and outgoing packet queues for a given Rx call. These values
2961 * are only used in support of debugging and statistics-gathering operations.
2968 * Packets available in in queue.
2975 * Packets available in out queue.
2977 * \section sec5-3 Section 5.3: Structures
2980 * This section describes the major exported Rx data structures of interest to
2981 * application programmers. The following categories are utilized for the
2982 * purpose of organizing the structure descriptions:
2983 * \li Security objects
2984 * \li Protocol objects
2985 * \li Packet formats
2986 * \li Debugging and statistics
2989 * Please note that many fields described in this section are declared to be
2990 * VOID. This is defined to be char, and is used to get around some compiler
2992 * \subsection sec5-3-1 Section 5.3.1: Security Objects
2995 * As explained in Section 1.2.1, Rx provides a modular, extensible security
2996 * model. This allows Rx applications to either use one of the built-in
2997 * security/authentication protocol packages or write and plug in one of their
2998 * own. This section examines the various structural components used by Rx to
2999 * support generic security and authentication modules.
3001 * \subsubsection sec5-3-1-1 Section 5.3.1.1: struct rx securityOps
3004 * As previously described, each Rx security object must export a fixed set of
3005 * interface functions, providing the full set of operations defined on the
3006 * object. The rx securityOps structure defines the array of functions
3007 * comprising this interface. The Rx facility calls these routines at the
3008 * appropriate times, without knowing the specifics of how any particular
3009 * security object implements the operation.
3011 * A complete description of these interface functions, including information
3012 * regarding their exact purpose, parameters, and calling conventions, may be
3013 * found in Section 5.5.7.
3016 * \li int (*op Close)() - React to the disposal of a security object.
3017 * \li int (*op NewConnection)() - Invoked each time a new Rx connection
3018 * utilizing the associated security object is created.
3019 * \li int (*op PreparePacket)() - Invoked each time an outgoing Rx packet is
3020 * created and sent on a connection using the given security object.
3021 * \li int (*op SendPacket)() - Called each time a packet belonging to a call
3022 * in a connection using the security object is physically transmitted.
3023 * \li int (*op CheckAuthentication)() - This function is executed each time it
3024 * is necessary to check whether authenticated calls are being perfomed on a
3025 * connection using the associated security object.
3026 * \li int (*op CreateChallenge)() - Invoked each time a server-side challenge
3027 * event is created by Rx, namely when the identity of the principal associated
3028 * with the peer process must be determined.
3029 * \li int (*op GetChallenge)() - Called each time a client-side packet is
3030 * constructed in response to an authentication challenge.
3031 * \li int (*op GetResponse)() - Executed each time a response to a challenge
3032 * event must be received on the server side of a connection.
3033 * \li int (*op CheckResponse)() - Invoked each time a response to an
3034 * authentication has been received, validating the response and pulling out
3035 * the required authentication information.
3036 * \li int (*op CheckPacket) () - Invoked each time an Rx packet has been
3037 * received, making sure that the packet is properly formatted and that it
3038 * hasn't been altered.
3039 * \li int (*op DestroyConnection)() - Called each time an Rx connection
3040 * employing the given security object is destroyed.
3041 * \li int (*op GetStats)() - Executed each time a request for statistics on
3042 * the given security object has been received.
3043 * \li int (*op Spare1)()-int (*op Spare3)() - Three spare function slots,
3044 * reserved for future use.
3046 * \subsubsection sec5-3-1-2 Section 5.2.1.2: struct rx securityClass
3049 * Variables of type struct rx securityClass are used to represent
3050 * instantiations of a particular security model employed by Rx. It consists of
3051 * a pointer to the set of interface operations implementing the given security
3052 * object, along with a pointer to private storage as necessary to support its
3053 * operations. These security objects are also reference-counted, tracking the
3054 * number of Rx connections in existance that use the given security object. If
3055 * the reference count drops to zero, the security module may garbage-collect
3056 * the space taken by the unused security object.
3059 * \li struct rx securityOps *ops - Pointer to the array of interface functions
3060 * for the security object.
3061 * \li VOID *privateData - Pointer to a region of storage used by the security
3062 * object to support its operations.
3063 * \li int refCount - A reference count on the security object, tracking the
3064 * number of Rx connections employing this model.
3066 * \subsubsection sec5-3-1-3 Section 5.3.1.3: struct rx
3067 * securityObjectStats
3070 * This structure is used to report characteristics for an instantiation of a
3071 * security object on a particular Rx connection, as well as performance
3072 * figures for that object. It is used by the debugging portions of the Rx
3073 * package. Every security object defines and manages fields such as level and
3074 * flags differently.
3077 * \li char type - The type of security object being implemented. Existing
3079 * \li 0: The null security package.
3080 * \li 1: An obsolete Kerberos-like security object.
3081 * \li 2: The rxkad discipline (see Chapter 3).
3082 * \li char level - The level at which encryption is utilized.
3083 * \li char sparec[10] - Used solely for alignment purposes.
3084 * \li long flags - Status flags regarding aspects of the connection relating
3085 * to the security object.
3086 * \li u long expires - Absolute time when the authentication information
3087 * cached by the given connection expires. A value of zero indicates that the
3088 * associated authentication information is valid for all time.
3089 * \li u long packetsReceived - Number of packets received on this particular
3090 * connection, and thus the number of incoming packets handled by the
3091 * associated security object.
3092 * \li u long packetsSent - Number of packets sent on this particular
3093 * connection, and thus the number of outgoing packets handled by the
3094 * associated security object.
3095 * \li u long bytesReceived - Overall number of "payload" bytes received (i.e.,
3096 * packet bytes not associated with IP headers, UDP headers, and the security
3097 * module's own header and trailer regions) on this connection.
3098 * \li u long bytesSent - Overall number of "payload" bytes sent (i.e., packet
3099 * bytes not associated with IP headers, UDP headers, and the security module's
3100 * own header and trailer regions) on this connection.
3101 * \li short spares[4] - Several shortword spares, reserved for future use.
3102 * \li long sparel[8] - Several longword spares, reserved for future use.
3104 * \subsection sec5-3-2 Section 5.3.2: Protocol Objects
3107 * The structures describing the main abstractions and entities provided by Rx,
3108 * namely services, peers, connections and calls are covered in this section.
3110 * \subsubsection sec5-3-2-1 Section 5.3.2.1: struct rx service
3113 * An Rx-based server exports services, or specific RPC interfaces that
3114 * accomplish certain tasks. Services are identified by (host-address,
3115 * UDP-port, serviceID) triples. An Rx service is installed and initialized on
3116 * a given host through the use of the rx NewService() routine (See Section
3117 * 5.6.3). Incoming calls are stamped with the Rx service type, and must match
3118 * an installed service to be accepted. Internally, Rx services also carry
3119 * string names for purposes of identification. These strings are useful to
3120 * remote debugging and statistics-gathering programs. The use of a service ID
3121 * allows a single server process to export multiple, independently-specified
3124 * Each Rx service contains one or more security classes, as implemented by
3125 * individual security objects. These security objects implement end-to-end
3126 * security protocols. Individual peer-to-peer connections established on
3127 * behalf of an Rx service will select exactly one of the supported security
3128 * objects to define the authentication procedures followed by all calls
3129 * associated with the connection. Applications are not limited to using only
3130 * the core set of built-in security objects offered by Rx. They are free to
3131 * define their own security objects in order to execute the specific protocols
3134 * It is possible to specify both the minimum and maximum number of lightweight
3135 * processes available to handle simultaneous calls directed to an Rx service.
3136 * In addition, certain procedures may be registered with the service and
3137 * called at set times in the course of handling an RPC request.
3140 * \li u short serviceId - The associated service number.
3141 * \li u short servicePort - The chosen UDP port for this service.
3142 * \li char *serviceName - The human-readable service name, expressed as a
3144 * \li string. osi socket socket - The socket structure or file descriptor used
3146 * \li u short nSecurityObjects - The number of entries in the array of
3147 * supported security objects.
3148 * \li struct rx securityClass **securityObjects - The array of pointers to the
3150 * vice's security class objects.
3151 * \li long (*executeRequestProc)() - A pointer to the routine to call when an
3152 * RPC request is received for this service.
3153 * \li VOID (*destroyConnProc)() - A pointer to the routine to call when one of
3154 * the server-side connections associated with this service is destroyed.
3155 * \li VOID (*newConnProc)() - A pointer to the routine to call when a
3156 * server-side connection associated with this service is created.
3157 * \li VOID (*beforeProc)() - A pointer to the routine to call before an
3158 * individual RPC call on one of this service's connections is executed.
3159 * \li VOID (*afterProc)() - A pointer to the routine to call after an
3160 * individual RPC call on one of this service's connections is executed.
3161 * \li short nRequestsRunning - The number of simultaneous RPC calls currently
3162 * in progress for this service.
3163 * \li short maxProcs - This field has two meanings. first, maxProcs limits the
3164 * total number of requests that may execute in parallel for any one service.
3165 * It also guarantees that this many requests may be handled in parallel if
3166 * there are no active calls for any other service.
3167 * \li short minProcs - The minimum number of lightweight threads (hence
3168 * requests) guaranteed to be simultaneously executable.
3169 * \li short connDeadTime - The number of seconds until a client of this
3170 * service will be declared to be dead, if it is not responding to the RPC
3172 * \li short idleDeadTime - The number of seconds a server-side connection for
3173 * this service will wait for packet I/O to resume after a quiescent period
3174 * before the connection is marked as dead.
3176 * \subsubsection sec5-3-2-2 Section 5.3.2.2: struct rx connection
3179 * An Rx connection represents an authenticated communication path, allowing
3180 * multiple asynchronous conversations (calls). Each connection is identified
3181 * by a connection ID. The low-order bits of the connection ID are reserved so
3182 * they may be stamped with the index of a particular call channel. With up to
3183 * RX MAXCALLS concurrent calls (set to 4 in this implementation), the bottom
3184 * two bits are set aside for this purpose. The connection ID is not sufficient
3185 * by itself to uniquely identify an Rx connection. Should a client crash and
3186 * restart, it may reuse a connection ID, causing inconsistent results. In
3187 * addition to the connection ID, the epoch, or start time for the client side
3188 * of the connection, is used to identify a connection. Should the above
3189 * scenario occur, a different epoch value will be chosen by the client,
3190 * differentiating this incarnation from the orphaned connection record on the
3193 * Each connection is associated with a parent service, which defines a set of
3194 * supported security models. At creation time, an Rx connection selects the
3195 * particular security protocol it will implement, referencing the associated
3196 * service. The connection structure maintains state about the individual calls
3197 * being simultaneously handled.
3200 * \li struct rx connection *next - Used for internal queueing.
3201 * \li struct rx peer *peer - Pointer to the connection's peer information (see
3203 * \li u long epoch - Process start time of the client side of the connection.
3204 * \li u long cid - Connection identifier. The call channel (i.e., the index
3205 * into the connection's array of call structures) may appear in the bottom
3207 * \li VOID *rock - Pointer to an arbitrary region of memory in support of the
3208 * connection's operation. The contents of this area are opaque to the Rx
3209 * facility in general, but are understood by any special routines used by this
3211 * \li struct rx call *call[RX MAXCALLS] - Pointer to the call channel
3212 * structures, describing up to RX MAXCALLS concurrent calls on this
3214 * \li u long callNumber[RX MAXCALLS] - The set of current call numbers on each
3215 * of the call channels.
3216 * \li int timeout - Obsolete; no longer used.
3217 * \li u char flags - Various states of the connection; see Section 5.2.4 for
3218 * individual bit definitions.
3219 * \li u char type - Whether the connection is a server-side or client-side
3220 * one. See Section 5.2.5 for individual bit definitions.
3221 * \li u short serviceId - The service ID that should be stamped on requests.
3222 * This field is only used by client-side instances of connection structures.
3223 * \li struct rx service *service - A pointer to the service structure
3224 * associated with this connection. This field is only used by server-side
3225 * instances of connection structures.
3226 * \li u long serial - Serial number of the next outgoing packet associated
3227 * with this connection.
3228 * \li u long lastSerial - Serial number of the last packet received in
3229 * association with this connection. This field is used in computing packet
3231 * \li u short secondsUntilDead - Maximum numer of seconds of silence that
3232 * should be tolerated from the connection's peer before calls will be
3233 * terminated with an RX CALL DEAD error.
3234 * \li u char secondsUntilPing - The number of seconds between "pings"
3235 * (keep-alive probes) when at least one call is active on this connection.
3236 * \li u char securityIndex - The index of the security object being used by
3237 * this connection. This number selects a slot in the security class array
3238 * maintained by the service associated with the connection.
3239 * \li long error - Records the latest error code for calls occurring on this
3241 * \li struct rx securityClass *securityObject - A pointer to the security
3242 * object used by this connection. This should coincide with the slot value
3243 * chosen by the securityIndex field described above.
3244 * \li VOID *securityData - A pointer to a region dedicated to hosting any
3245 * storage required by the security object being used by this connection.
3246 * \li u short securityHeaderSize - The length in bytes of the portion of the
3247 * packet header before the user's data that contains the security module's
3249 * \li u short securityMaxTrailerSize - The length in bytes of the packet
3250 * trailer, appearing after the user's data, as mandated by the connection's
3252 * \li struct rxevent *challengeEvent -Pointer to an event that is scheduled
3253 * when the server side of the connection is challenging the client to
3254 * authenticate itself.
3255 * \li int lastSendTime - The last time a packet was sent on this connection.
3256 * \li long maxSerial - The largest serial number seen on incoming packets.
3257 * \li u short hardDeadTime - The maximum number of seconds that any call on
3258 * this connection may execute. This serves to throttle runaway calls.
3260 * \subsubsection sec5-3-2-3 Section 5.3.2.3: struct rx peer
3263 * For each connection, Rx maintains information describing the entity, or
3264 * peer, on the other side of the wire. A peer is identified by a (host,
3265 * UDP-port) pair. Included in the information kept on this remote
3266 * communication endpoint are such network parameters as the maximum packet
3267 * size supported by the host, current readings on round trip time to
3268 * retransmission delays, and packet skew (see Section 1.2.7). There are also
3269 * congestion control fields, ranging from descriptions of the maximum number
3270 * of packets that may be sent to the peer without pausing and retransmission
3271 * statistics. Peer structures are shared between connections whenever
3272 * possible, and hence are reference-counted. A peer object may be
3273 * garbage-collected if it is not actively referenced by any connection
3274 * structure and a sufficient period of time has lapsed since the reference
3275 * count dropped to zero.
3278 * \li struct rx peer *next - Use to access internal lists.
3279 * \li u long host - Remote IP address, in network byte order
3280 * \li u short port - Remote UDP port, in network byte order
3281 * \li short packetSize - Maximum packet size for this host, if known.
3282 * \li u long idleWhen - When the refCount reference count field (see below)
3284 * \li short refCount - Reference count for this structure
3285 * \li u char burstSize - Reinitialization size for the burst field (below).
3286 * \li u char burst - Number of packets that can be transmitted immediately
3288 * \li struct clock burstWait - Time delay until new burst aimed at this peer
3290 * \li struct queue congestionQueue - Queue of RPC call descriptors that are
3291 * waiting for a non-zero burst value.
3292 * \li int rtt - Round trip time to the peer, measured in milliseconds.
3293 * \li struct clock timeout - Current retransmission delay to the peer.
3294 * \li int nSent - Total number of distinct data packets sent, not including
3296 * \li int reSends - Total number of retransmissions for this peer since the
3297 * peer structure instance was created.
3298 * \li u long inPacketSkew - Maximum skew on incoming packets (see Section
3300 * \li u long outPacketSkew - Peer-reported maximum skew on outgoing packets
3301 * (see Section 1.2.7).
3303 * \subsubsection sec5-3-2-4 Section 5.3.2.4: struct rx call
3306 * This structure records the state of an active call proceeding on a given Rx
3307 * connection. As described above, each connection may have up to RX MAXCALLS
3308 * calls active at any one instant, and thus each connection maintains an array
3309 * of RX MAXCALLS rx call structures. The information contained here is
3310 * specific to the given call; "permanent" call state, such as the call number,
3311 * is maintained in the connection structure itself.
3314 * \li struct queue queue item header - Queueing information for this
3316 * \li struct queue tq - Queue of outgoing ("transmit") packets.
3317 * \li struct queue rq - Queue of incoming ("receive") packets.
3318 * \li char *bufPtr - Pointer to the next byte to fill or read in the call's
3319 * current packet, depending on whether it is being transmitted or received.
3320 * \li u short nLeft - Number of bytes left to read in the first packet in the
3321 * reception queue (see field rq).
3322 * \li u short nFree - Number of bytes still free in the last packet in the
3323 * transmission queue (see field tq).
3324 * \li struct rx packet *currentPacket - Pointer to the current packet being
3325 * assembled or read.
3326 * \li struct rx connection *conn - Pointer to the parent connection for this
3328 * \li u long *callNumber - Pointer to call number field within the call's
3330 * \li u char channel - Index within the parent connection's call array that
3331 * describes this call.
3332 * \li u char dummy1, dummy2 - These are spare fields, reserved for future use.
3333 * \li u char state - Current call state. The associated bit definitions appear
3335 * \li u char mode - Current mode of a call that is in RX STATE ACTIVE state.
3336 * The associated bit definitions appear in Section 5.2.8.
3337 * \li u char flags - Flags pertaining to the state of the given call. The
3338 * associated bit definitions appear in Section 5.2.7.
3339 * \li u char localStatus - Local user status information, sent out of band.
3340 * This field is currently not in use, set to zero.
3341 * \li u char remoteStatus - Remote user status information, received out of
3342 * band. This field is currently not in use, set to zero.
3343 * \li long error - Error condition for this call.
3344 * \li u long timeout - High level timeout for this call
3345 * \li u long rnext - Next packet sequence number expected to be received.
3346 * \li u long rprev - Sequence number of the previous packet received. This
3347 * number is used to decide the proper sequence number for the next packet to
3348 * arrive, and may be used to generate a negative acknowledgement.
3349 * \li u long rwind - Width of the packet receive window for this call. The
3350 * peer must not send packets with sequence numbers greater than or equal to
3352 * \li u long tfirst - Sequence number of the first unacknowledged transmit
3353 * packet for this call.
3354 * \li u long tnext - Next sequence number to use for an outgoing packet.
3355 * \li u long twind - Width of the packet transmit window for this call. Rx
3356 * cannot assign a sequence number to an outgoing packet greater than or equal
3357 * to tfirst + twind.
3358 * \li struct rxevent *resendEvent - Pointer to a pending retransmission event,
3360 * \li struct rxevent *timeoutEvent - Pointer to a pending timeout event, if
3362 * \li struct rxevent *keepAliveEvent - Pointer to a pending keep-alive event,
3363 * if this is an active call.
3364 * \li struct rxevent *delayedAckEvent - Pointer to a pending delayed
3365 * acknowledgement packet event, if any. Transmission of a delayed
3366 * acknowledgement packet is scheduled after all outgoing packets for a call
3367 * have been sent. If neither a reply nor a new call are received by the time
3368 * the delayedAckEvent activates, the ack packet will be sent.
3369 * \li int lastSendTime - Last time a packet was sent for this call.
3370 * \li int lastReceiveTime - Last time a packet was received for this call.
3371 * \li VOID (*arrivalProc)() - Pointer to the procedure to call when reply is
3373 * \li VOID *arrivalProcHandle - Pointer to the handle to pass to the
3374 * arrivalProc as its first argument.
3375 * \li VOID *arrivalProcArg - Pointer to an additional argument to pass to the
3376 * given arrivalProc.
3377 * \li u long lastAcked - Sequence number of the last packet "hard-acked" by
3378 * the receiver. A packet is considered to be hard-acked if an acknowledgement
3379 * is generated after the reader has processed it. The Rx facility may
3380 * sometimes "soft-ack" a windowfull of packets before they have been picked up
3382 * \li u long startTime - The time this call started running.
3383 * \li u long startWait - The time that a server began waiting for input data
3386 * \subsection sec5-3-3 Section 5.3.3: Packet Formats
3389 * The following sections cover the different data formats employed by the
3390 * suite of Rx packet types, as enumerated in Section 5.2.11. A description of
3391 * the most commonly-employed Rx packet header appears first, immediately
3392 * followed by a description of the generic packet container and descriptor.
3393 * The formats for Rx acknowledgement packets and debugging/statistics packets
3394 * are also examined.
3396 * \subsubsection sec5-3-3-1 Section 5.3.3.1: struct rx header
3399 * Every Rx packet has its own header region, physically located after the
3400 * leading IP/UDP headers. This header contains connection, call, security, and
3401 * sequencing information. Along with a type identifier, these fields allow the
3402 * receiver to properly interpret the packet. In addition, every client relates
3403 * its "epoch", or Rx incarnation date, in each packet. This assists in
3404 * identifying protocol problems arising from reuse of connection identifiers
3405 * due to a client restart. Also included in the header is a byte of
3406 * user-defined status information, allowing out-of-band channel of
3407 * communication for the higher-level application using Rx as a transport
3411 * \li u long epoch - Birth time of the client Rx facility.
3412 * \li u long cid - Connection identifier, as defined by the client. The last
3413 * RX CIDSHIFT bits in the cid field identify which of the server-side RX
3414 * MAXCALLS call channels is to receive the packet.
3415 * \li u long callNumber - The current call number on the chosen call channel.
3416 * \li u long seq - Sequence number of this packet. Sequence numbers start with
3417 * 0 for each new Rx call.
3418 * \li u long serial - This packet's serial number. A new serial number is
3419 * stamped on each packet transmitted (or retransmitted).
3420 * \li u char type - What type of Rx packet this is; see Section 5.2.11 for the
3421 * list of legal definitions.
3422 * \li u char flags - Flags describing this packet; see Section 5.2.9 for the
3423 * list of legal settings.
3424 * \li u char userStatus - User-defined status information, uninterpreted by
3425 * the Rx facility itself. This field may be easily set or retrieved from Rx
3426 * packets via calls to the rx GetLocalStatus(), rx SetLocalStatus(), rx
3427 * GetRemoteStatus(), and rx SetRemoteStatus() macros.
3428 * \li u char securityIndex - Index in the associated server-side service class
3429 * of the security object used by this call.
3430 * \li u short serviceId - The server-provided service ID to which this packet
3432 * \li u short spare - This field was originally a true spare, but is now used
3433 * by the built-in rxkad security module for packet header checksums. See the
3434 * descriptions of the related rx IsUsingPktChecksum(), rx GetPacketCksum(),
3435 * and rx SetPacketCksum() macros.
3437 * \subsubsection sec5-3-3-2 Section 5.3.3.2: struct rx packet
3440 * This structure is used to describe an Rx packet, and includes the wire
3441 * version of the packet contents, where all fields exist in network byte
3442 * order. It also includes acknowledgement, length, type, and queueing
3446 * \li struct queue queueItemHeader - field used for internal queueing.
3447 * \li u char acked - If non-zero, this field indicates that this packet has
3448 * been tentatively (soft-) acknowledged. Thus, the packet has been accepted by
3449 * the rx peer entity on the other side of the connection, but has not yet
3450 * necessarily been passed to the true reader. The sender is not free to throw
3451 * the packet away, as it might still get dropped by the peer before it is
3452 * delivered to its destination process.
3453 * \li short length - Length in bytes of the user data section.
3454 * \li u char packetType - The type of Rx packet described by this record. The
3455 * set of legal choices is available in Section 5.2.11.
3456 * \li struct clock retryTime - The time when this packet should be
3457 * retransmitted next.
3458 * \li struct clock timeSent - The last time this packet was transmitted.
3459 * \li struct rx header header - A copy of the internal Rx packet header.
3460 * \li wire - The text of the packet as it appears on the wire. This structure
3461 * has the following sub-fields:
3462 * \li u long head[RX HEADER SIZE/sizeof(long)] The wire-level contents of
3463 * IP, UDP, and Rx headers.
3464 * \li u long data[RX MAX PACKET DATA SIZE/sizeof(long)] The wire form of
3465 * the packet's "payload", namely the user data it carries.
3467 * \subsubsection sec5-3-3-3 Section 5.3.3.3: struct rx ackPacket
3470 * This is the format for the data portion of an Rx acknowledgement packet,
3471 * used to inform a peer entity performing packet transmissions that a subset
3472 * of its packets has been properly received.
3475 * \li u short bufferSpace - Number of packet buffers available. Specifically,
3476 * the number of packet buffers that the ack packet's sender is willing to
3477 * provide for data on this or subsequent calls. This number does not have to
3478 * fully accurate; it is acceptable for the sender to provide an estimate.
3479 * \li u short maxSkew - The maximum difference seen between the serial number
3480 * of the packet being acknowledged and highest packet yet received. This is an
3481 * indication of the degree to which packets are arriving out of order at the
3483 * \li u long firstPacket - The serial number of the first packet in the list
3484 * of acknowledged packets, as represented by the acks field below.
3485 * \li u long previousPacket - The previous packet serial number received.
3486 * \li u long serial - The serial number of the packet prompted the
3488 * \li u char reason - The reason given for the acknowledgement; legal values
3489 * for this field are described in Section 5.2.13.
3490 * \li u char nAcks - Number of acknowledgements active in the acks array
3491 * immediately following.
3492 * \li u char acks[RX MAXACKS] - Up to RX MAXACKS packet acknowledgements. The
3493 * legal values for each slot in the acks array are described in Section
3494 * 5.2.14. Basically, these fields indicate either positive or negative
3498 * All packets with serial numbers prior to firstPacket are implicitly
3499 * acknowledged by this packet, indicating that they have been fully processed
3500 * by the receiver. Thus, the sender need no longer be concerned about them,
3501 * and may release all of the resources that they occupy. Packets with serial
3502 * numbers firstPacket + nAcks and higher are not acknowledged by this ack
3503 * packet. Packets with serial numbers in the range [firstPacket, firstPacket +
3504 * nAcks) are explicitly acknowledged, yet their sender-side resources must not
3505 * yet be released, as there is yet no guarantee that the receiver will not
3506 * throw them away before they can be processed there.
3508 * There are some details of importance to be noted. For one, receiving a
3509 * positive acknowlegement via the acks array does not imply that the
3510 * associated packet is immune from being dropped before it is read and
3511 * processed by the receiving entity. It does, however, imply that the sender
3512 * should stop retransmitting the packet until further notice. Also, arrival of
3513 * an ack packet should prompt the transmitter to immediately retransmit all
3514 * packets it holds that have not been explicitly acknowledged and that were
3515 * last transmitted with a serial number less than the highest serial number
3516 * acknowledged by the acks array.
3517 * Note: The fields in this structure are always kept in wire format, namely in
3518 * network byte order.
3520 * \subsection sec5-3-4 Section 5.3.4: Debugging and Statistics
3523 * The following structures are defined in support of the debugging and
3524 * statistics-gathering interfaces provided by Rx.
3526 * \subsubsection sec5-3-4-1 Section 5.3.4.1: struct rx stats
3529 * This structure maintains Rx statistics, and is gathered by such tools as the
3530 * rxdebug program. It must be possible for all of the fields placed in this
3531 * structure to be successfully converted from their on-wire network byte
3532 * orderings to the host-specific ordering.
3535 * \li int packetRequests - Number of packet allocation requests processed.
3536 * \li int noPackets[RX N PACKET CLASSES] - Number of failed packet requests,
3537 * organized per allocation class.
3538 * \li int socketGreedy - Whether the SO GREEDY setting succeeded for the Rx
3540 * \li int bogusPacketOnRead - Number of inappropriately short packets
3542 * \li int bogusHost - Contains the host address from the last bogus packet
3544 * \li int noPacketOnRead - Number of attempts to read a packet off the wire
3545 * when there was actually no packet there.
3546 * \li int noPacketBuffersOnRead - Number of dropped data packets due to lack
3547 * of packet buffers.
3548 * \li int selects - Number of selects waiting for a packet arrival or a
3550 * \li int sendSelects - Number of selects forced when sending packets.
3551 * \li int packetsRead[RX N PACKET TYPES] - Total number of packets read,
3552 * classified by type.
3553 * \li int dataPacketsRead - Number of unique data packets read off the wire.
3554 * \li int ackPacketsRead - Number of ack packets read.
3555 * \li int dupPacketsRead - Number of duplicate data packets read.
3556 * \li int spuriousPacketsRead - Number of inappropriate data packets.
3557 * \li int packetsSent[RX N PACKET TYPES] - Number of packet transmissions,
3558 * broken down by packet type.
3559 * \li int ackPacketsSent - Number of ack packets sent.
3560 * \li int pingPacketsSent - Number of ping packets sent.
3561 * \li int abortPacketsSent - Number of abort packets sent.
3562 * \li int busyPacketsSent - Number of busy packets sent.
3563 * \li int dataPacketsSent - Number of unique data packets sent.
3564 * \li int dataPacketsReSent - Number of retransmissions.
3565 * \li int dataPacketsPushed - Number of retransmissions pushed early by a
3566 * negative acknowledgement.
3567 * \li int ignoreAckedPacket - Number of packets not retransmitted because they
3568 * have already been acked.
3569 * \li int struct clock totalRtt - Total round trip time measured for packets,
3570 * used to compute average time figure.
3571 * \li struct clock minRtt - Minimum round trip time measured for packets.
3572 * struct clock maxRtt - Maximum round trip time measured for packets.
git://git.openafs.org / openafs.git / blob