| #
2976dea7 |
| 03-Mar-2024 |
Aaron LI <aly@aaronly.me> |
sys: Minor fixes to some comments
|
| #
cf3a56ce |
| 03-Mar-2024 |
Aaron LI <aly@aaronly.me> |
sys: Minor code cleanups
No functional changes.
|
| #
f9be6a1c |
| 03-Mar-2024 |
Aaron LI <aly@aaronly.me> |
stf(4): Set ND6 flags to disable auto link-local and DAD
Clear the 'ND6_IFF_AUTO_LINKLOCAL' flag and set the 'ND6_IFF_NO_DAD'
flag for the stf(4) interface after if_attach(). In this way, the
quirk
stf(4): Set ND6 flags to disable auto link-local and DAD
Clear the 'ND6_IFF_AUTO_LINKLOCAL' flag and set the 'ND6_IFF_NO_DAD'
flag for the stf(4) interface after if_attach(). In this way, the
quirks in in6_ifattach() is removed.
show more ...
|
| #
575185c0 |
| 03-Mar-2024 |
Aaron LI <aly@aaronly.me> |
netinet6: Improve in6if_do_dad() by checking IFF_MULTICAST
DAD requires multicast support.
Obtained from FreeBSD.
|
| #
e8e97246 |
| 02-Mar-2024 |
Aaron LI <aly@aaronly.me> |
netinet6: Add per-interface flag ND6_IFF_NO_DAD flag to disable DAD
An interface that has no link-local address should also have DAD
disabled. So this flag is generally set for an interface that ha
netinet6: Add per-interface flag ND6_IFF_NO_DAD flag to disable DAD
An interface that has no link-local address should also have DAD
disabled. So this flag is generally set for an interface that has the
ND6_IFF_AUTO_LINKLOCAL flag cleared.
Derived from FreeBSD.
show more ...
|
| #
171a554a |
| 01-Mar-2024 |
Aaron LI <aly@aaronly.me> |
netinet6: Remove nonexistent IFT_DUMMY from in6if_do_dad()
Meanwhile, fix typos in the comment.
|
| #
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restrictions
are inherited by sub-processes recursively. Once set, restrictions cannot
be removed.
Basic restrictions that mimic an unadorned jail can be enabled without
creating a jail, but generally speaking real security also requires
creating a chrooted filesystem topology, and a jail is still needed
to really segregate processes from each other. If you do so, however,
you can (for example) disable mount/umount and most global root-only
features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with
a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to
improve jailess security in the near future, and to optimize the
priv_check code.
show more ...
|
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3 |
|
| #
2886f92e |
| 10-Nov-2019 |
Roy Marples <roy@marples.name> |
inet6: Support the ioctl SIOCSIFINFO_IN6
This allows setting hop limit, reachable and retransmit times,
as well as link mtu for the interface.
It's analogous to the SIOCGIFINFO_IN6 ioctl.
Taken fro
inet6: Support the ioctl SIOCSIFINFO_IN6
This allows setting hop limit, reachable and retransmit times,
as well as link mtu for the interface.
It's analogous to the SIOCGIFINFO_IN6 ioctl.
Taken from NetBSD.
show more ...
|
| #
759dab29 |
| 10-Sep-2019 |
Roy Marples <roy@marples.name> |
inet: hookup in6_if_down with rt_purgecloned
|
| #
bb060a4b |
| 20-Aug-2019 |
Roy Marples <roy@marples.name> |
route: Remove ref counting around rt_newaddrmsg().
Doesn't seem to be needed anymore.
As proposed by sephe.
|
| #
83989241 |
| 16-Aug-2019 |
Roy Marples <roy@marples.name> |
inet6: Take route reference before announcing address
This mirrors the behaviour in rtinit_rtrequest_callback.
|
| #
5785f5fb |
| 16-Aug-2019 |
Roy Marples <roy@marples.name> |
inet6: emit RTM_NEWADDR messages on address flag changes.
We no longer emit RTM_NEWADDR right away when adding a new address
and starting DAD. Instead the result of the DAD will be emitted.
Some mi
inet6: emit RTM_NEWADDR messages on address flag changes.
We no longer emit RTM_NEWADDR right away when adding a new address
and starting DAD. Instead the result of the DAD will be emitted.
Some minor fixes from NetBSD are also brought in, such as
starting DAD when addresses are no longer detached and the
tentative state not being added when address lifetime is
extended.
Taken-from: NetBSD
Reviewed-by: sephe
show more ...
|
|
Revision tags: v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc, v5.0.2 |
|
| #
06937ef9 |
| 25-Nov-2017 |
Sascha Wildner <saw@online.de> |
Remove faith(4) and faithd(8) from the tree.
FreeBSD did that 3 years ago (r274331). Quoting from their commit msg:
-----8<-----
It looks like industry have chosen different (and more traditional)
Remove faith(4) and faithd(8) from the tree.
FreeBSD did that 3 years ago (r274331). Quoting from their commit msg:
-----8<-----
It looks like industry have chosen different (and more traditional)
stateless/stateful NAT64 as translation mechanism. Last non-trivial
commits to both faith(4) and faithd(8) happened more than 12 years
ago, so I assume it is time to drop RFC3142 in FreeBSD.
----->8-----
Some more info here:
https://lists.freebsd.org/pipermail/freebsd-net/2014-October/040224.html
Discussed-with: sephe
show more ...
|
|
Revision tags: v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1 |
|
| #
5204e13c |
| 07-Aug-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
netisr: Simplify assertion related bits
|
|
Revision tags: v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2, v4.4.1, v4.4.0, v4.5.0, v4.4.0rc |
|
| #
cb3deea5 |
| 13-Aug-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inet6: Change scope to zone and use in6_clearscope() whenever possible
Obtained-from: KAME via FreeBSD
|
| #
304e70d2 |
| 09-Aug-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inet6: Fix linkmtu handling
While I'm here, minor white space cleanup and remove unused code.
Obtained-from: KAME via FreeBSD
|
|
Revision tags: v4.2.4 |
|
| #
b51cd13b |
| 03-Aug-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inet6: Nuke duplicated function and unused function
Obtained-from: KAME via FreeBSD
|
| #
471bee20 |
| 31-Jul-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
net: Factor out ASSERT_IN_NETISR and ASSERT_IS_NETISR
|
|
Revision tags: v4.3.1 |
|
| #
c1e12ca9 |
| 28-Jul-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
mcast: Use M_INTWAIT for multicast addresses allocation
|
| #
52fbd92a |
| 28-Jul-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
ifaddr: Use M_INTWAIT for ifaddr allocation
Suggested-by: dillon@
|
| #
f88a4ba1 |
| 27-Jul-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inet6: No need to explicitly avoid calling ioctl(SIOCSADDR)
Rearrange the code a little bit.
|
| #
70e5139b |
| 27-Jul-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inet6: Use M_WAITOK on SIOCAIFADDR_IN6 path.
Addition:
- Use M_ZERO, instead of calling bzero().
- Avoid M_ZERO, if the allocated memory is to be completely over-
written.
- Remove unapplied comme
inet6: Use M_WAITOK on SIOCAIFADDR_IN6 path.
Addition:
- Use M_ZERO, instead of calling bzero().
- Avoid M_ZERO, if the allocated memory is to be completely over-
written.
- Remove unapplied comment.
show more ...
|
|
Revision tags: v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5, v4.0.4 |
|
| #
eecf6c3c |
| 11-Feb-2015 |
John Marino <draco@marino.st> |
kern: Fix [-Werror=logical-not-parenthesis]
Since the whole point of this error is that logic order can be
ambiguous, I'm not 100% sure confident in these fixes, but they are
required to get the ker
kern: Fix [-Werror=logical-not-parenthesis]
Since the whole point of this error is that logic order can be
ambiguous, I'm not 100% sure confident in these fixes, but they are
required to get the kernel to build with gcc 5.0.
show more ...
|
| #
b4051e25 |
| 22-Jan-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
ifnet: Make ifnet and ifindex2ifnet MPSAFE
- Accessing to these two global variables from non-netisr threads uses
ifnet lock. This kind of accessing is from
- Accessing to ifindex2ifnet from neti
ifnet: Make ifnet and ifindex2ifnet MPSAFE
- Accessing to these two global variables from non-netisr threads uses
ifnet lock. This kind of accessing is from
- Accessing to ifindex2ifnet from netisrs are lockless MPSAFE.
- Netisrs no longer access ifnet, instead they access ifnet array as of
this commit, which is lockless MPSAFE.
Rules for accessing ifnet and ifindex2ifnet is commented near the
declaration of the related global variables/functions in net/if_var.h.
show more ...
|
|
Revision tags: v4.0.3 |
|
| #
20c14016 |
| 09-Jan-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
inet6: Dispatch nd6_setmtu0 to netisr0 to run
This function now access ifnet global variable in netisr.
|