#
5d846453 |
| 16-Oct-2002 |
Sam Leffler <sam@FreeBSD.org> |
Replace aux mbufs with packet tags:
o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module nu
Replace aux mbufs with packet tags:
o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module number cookie o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and use this in defining openbsd-compatible m_tag_find and m_tag_get routines o rewrite KAME use of aux mbufs in terms of packet tags o eliminate the most heavily used aux mbufs by adding an additional struct inpcb parameter to ip_output and ip6_output to allow the IPsec code to locate the security policy to apply to outbound packets o bump __FreeBSD_version so code can be conditionalized o fixup ipfilter's call to ip_output based on __FreeBSD_version
Reviewed by: julian, luigi (silent), -arch, -net, darren Approved by: julian, silence from everyone else Obtained from: openbsd (mostly) MFC after: 1 month
show more ...
|
Revision tags: vendor/tzdata/tzdata2002d, vendor/gdb/5.2.1, vendor/ncurses/5.2-20020907-ac-fix, vendor/binutils/2.13.20021011, vendor/groff/1.18.1, vendor/gcc/3.2-20021009, release/4.7.0_cvs, vendor/acpica/20021002, vendor/expat/1.95.5, vendor/heimdal/cvs-20020930, vendor/isc-dhcp/3.0.1rc9, vendor/gcc/3.2-20020916, vendor/heimdal/cvs-20020916, vendor/file/3.39, vendor/misc-GNU/cvs/1.11.2, vendor/gcc/3.2-20020901, vendor/binutils/2.12.20020720, vendor/heimdal/cvs-20020829, vendor/acpica/20020815, vendor/sendmail/8.12.6, vendor/ipfilter/3.4.29, vendor/ipfilter-sys/3-4-29, release/4.6.2_cvs, release/4.6.2, vendor/openssl/0.9.6g, vendor/openssl/0.9.6f, vendor/openssl/0.9.6e-asn1-patch |
|
#
d3990b06 |
| 31-Jul-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Introduce support for Mandatory Access Control and extensible kernel access control.
Invoke the MAC framework to label mbuf created using divert sockets. These labels may later be used for access co
Introduce support for Mandatory Access Control and extensible kernel access control.
Invoke the MAC framework to label mbuf created using divert sockets. These labels may later be used for access control on delivery to another socket, or to an interface.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI LAbs
show more ...
|
Revision tags: vendor/acpica/20020725, vendor/openssl/0.9.6e, vendor/openssl/0.9.6d, vendor/traceroute/1.4.a12, vendor/tcsh/6.12, vendor/misc-GNU/texinfo/4.2, vendor/smbfs/1.4.5, release/4.6.1, vendor/NetBSD/xlint/2002-07-19, vendor/acpica/20020611, vendor/binutils/2.12.20020622, vendor/NetBSD/d20020701, release/4.6.0, vendor/bind/8.3.3, vendor/openpam/CITRONELLA, vendor/acpica/20020404, vendor/openssh/3.4p1, vendor/gdb/anoncvs_gdb_5_2_branch_20020627, vendor/openssh/3.3p1, vendor/sendmail/8.12.5, vendor/openssh/3.3 |
|
#
a5924d61 |
| 23-Jun-2002 |
Luigi Rizzo <luigi@FreeBSD.org> |
fix a typo in a comment
|
#
2b25acc1 |
| 22-Jun-2002 |
Luigi Rizzo <luigi@FreeBSD.org> |
Remove (almost all) global variables that were used to hold packet forwarding state ("annotations") during ip processing. The code is considerably cleaner now.
The variables removed by this change a
Remove (almost all) global variables that were used to hold packet forwarding state ("annotations") during ip processing. The code is considerably cleaner now.
The variables removed by this change are:
ip_divert_cookie used by divert sockets ip_fw_fwd_addr used for transparent ip redirection last_pkt used by dynamic pipes in dummynet
Removal of the first two has been done by carrying the annotations into volatile structs prepended to the mbuf chains, and adding appropriate code to add/remove annotations in the routines which make use of them, i.e. ip_input(), ip_output(), tcp_input(), bdg_forward(), ether_demux(), ether_output_frame(), div_output().
On passing, remove a bug in divert handling of fragmented packet. Now it is the fragment at offset 0 which sets the divert status of the whole packet, whereas formerly it was the last incoming fragment to decide.
Removal of last_pkt required a change in the interface of ip_fw_chk() and dummynet_io(). On passing, use the same mechanism for dummynet annotations and for divert/forward annotations.
option IPFIREWALL_FORWARD is effectively useless, the code to implement it is very small and is now in by default to avoid the obfuscation of conditionally compiled code.
NOTES: * there is at least one global variable left, sro_fwd, in ip_output(). I am not sure if/how this can be removed.
* I have deliberately avoided gratuitous style changes in this commit to avoid cluttering the diffs. Minor stule cleanup will likely be necessary
* this commit only focused on the IP layer. I am sure there is a number of global variables used in the TCP and maybe UDP stack.
* despite the number of files touched, there are absolutely no API's or data structures changed by this commit (except the interfaces of ip_fw_chk() and dummynet_io(), which are internal anyways), so an MFC is quite safe and unintrusive (and desirable, given the improved readability of the code).
MFC after: 10 days
show more ...
|
Revision tags: vendor/NetBSD/head_20020621, vendor/libpcap/0.7.1, vendor/tcpdump/3.7.1, vendor/ncurses/5.2-20020615, vendor/NetBSD/lukemftp/1.6.BETA2, vendor/tnftp/1.6.BETA2, vendor/sendmail/8.12.4 |
|
#
7a9378e7 |
| 11-Jun-2002 |
Jeffrey Hsu <hsu@FreeBSD.org> |
Remember to initialize the control block head mutex.
|
#
3d9baf34 |
| 11-Jun-2002 |
Jeffrey Hsu <hsu@FreeBSD.org> |
Fix typo.
Submitted by: Kyunghwan Kim <redjade@atropos.snu.ac.kr>
|
#
f76fcf6d |
| 10-Jun-2002 |
Jeffrey Hsu <hsu@FreeBSD.org> |
Lock up inpcb.
Submitted by: Jennifer Yang <yangjihui@yahoo.com>
|
Revision tags: vendor/misc-GNU/sort/2.0.21, vendor/ipfilter/3.4.28, vendor/ipfilter-sys/3-4-28, vendor/NetBSD/D20020605 |
|
#
4cc20ab1 |
| 31-May-2002 |
Seigo Tanimura <tanimura@FreeBSD.org> |
Back out my lats commit of locking down a socket, it conflicts with hsu's work.
Requested by: hsu
|
Revision tags: vendor/gcc/3.1-20020509, vendor/openpam/CINQUEFOIL, vendor/ncurses/5.2-20020518 |
|
#
243917fe |
| 20-May-2002 |
Seigo Tanimura <tanimura@FreeBSD.org> |
Lock down a socket, milestone 1.
o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a socket buffer. The mutex in the receive buffer also protects the data in struct socket.
o
Lock down a socket, milestone 1.
o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a socket buffer. The mutex in the receive buffer also protects the data in struct socket.
o Determine the lock strategy for each members in struct socket.
o Lock down the following members:
- so_count - so_options - so_linger - so_state
o Remove *_locked() socket APIs. Make the following socket APIs touching the members above now require a locked socket:
- sodisconnect() - soisconnected() - soisconnecting() - soisdisconnected() - soisdisconnecting() - sofree() - soref() - sorele() - sorwakeup() - sotryfree() - sowakeup() - sowwakeup()
Reviewed by: alfred
show more ...
|
Revision tags: vendor/bind/8.3.2.t1b, vendor/openpam/CINNAMON, vendor/OpenBSD/cvs_20020426 |
|
#
960ed29c |
| 30-Apr-2002 |
Seigo Tanimura <tanimura@FreeBSD.org> |
Revert the change of #includes in sys/filedesc.h and sys/socketvar.h.
Requested by: bde
Since locking sigio_lock is usually followed by calling pgsigio(), move the declaration of sigio_lock and the
Revert the change of #includes in sys/filedesc.h and sys/socketvar.h.
Requested by: bde
Since locking sigio_lock is usually followed by calling pgsigio(), move the declaration of sigio_lock and the definitions of SIGIO_*() to sys/signalvar.h.
While I am here, sort include files alphabetically, where possible.
show more ...
|
Revision tags: vendor/ipfilter/3.4.27, vendor/ipfilter-sys/3-4-27, vendor/NetBSD/lukemftp/1.5.FIXES, vendor/tnftp/1.5.FIXES, vendor/ipfilter/3.4.26, vendor/ipfilter-sys/3-4-26, vendor/smbfs/1.4.4, vendor/sendmail/8.12.3-20020420, vendor/sendmail/8.12.3, vendor/OpenBSD/cvs_20020419, vendor/pam_modules/0.5, vendor/openpam/CINERARIA, vendor/binutils/2.12.20020410 |
|
#
ad278afd |
| 09-Apr-2002 |
John Baldwin <jhb@FreeBSD.org> |
Change the first argument of prison_xinpcb() to be a thread pointer instead of a proc pointer so that prison_xinpcb() can use td_ucred.
|
Revision tags: vendor/openpam/CINCHONA, vendor/NetBSD/sort/20020406, vendor/tzdata/tzdata2002c, vendor/pam_modules/0.4 |
|
#
44731cab |
| 01-Apr-2002 |
John Baldwin <jhb@FreeBSD.org> |
Change the suser() API to take advantage of td_ucred as well as do a general cleanup of the API. The entire API now consists of two functions similar to the pre-KSE API. The suser() function takes
Change the suser() API to take advantage of td_ucred as well as do a general cleanup of the API. The entire API now consists of two functions similar to the pre-KSE API. The suser() function takes a thread pointer as its only argument. The td_ucred member of this thread must be valid so the only valid thread pointers are curthread and a few kernel threads such as thread0. The suser_cred() function takes a pointer to a struct ucred as its first argument and an integer flag as its second argument. The flag is currently only used for the PRISON_ROOT flag.
Discussed on: smp@
show more ...
|
Revision tags: vendor/isc-dhcp/3.0.1rc8, vendor/misc-GNU/texinfo/4.1, vendor/NetBSD/v_2002_03_22, vendor/opie/2.4, vendor/OpenBSD/moduli5_1_3, vendor/OpenBSD/moduli_1_1, vendor/binutils/2.12.20020320 |
|
#
69c2d429 |
| 20-Mar-2002 |
Jeff Roberson <jeff@FreeBSD.org> |
Switch vm_zone.h with uma.h. Change over to uma interfaces.
|
Revision tags: vendor/ipfilter/3.4.25, vendor/ipfilter-sys/3-4-25, vendor/openssh/3.1, vendor/perl5/5.006.01, vendor/one-true-awk/20020210, vendor/acpica/20020308, vendor/openpam/CENTAURY, vendor/NetBSD/lukemftpd/1.2-beta1, vendor/zlib/1.1.4, vendor/openpam/CELANDINE, vendor/NetBSD/xlint/2002-03-03, vendor/acpica/20020217, vendor/openpam/CANTALOUPE, vendor/openpam/CALIOPSIS, vendor/openpam/CALAMITE, vendor/binutils/2.12.20020221, vendor/heimdal/cvs-20020217, vendor/isc-dhcp/3.0.1rc6, vendor/one-true-awk/20020101 |
|
#
fd8e4ebc |
| 18-Feb-2002 |
Mike Barcroft <mike@FreeBSD.org> |
o Move NTOHL() and associated macros into <sys/param.h>. These are deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the
o Move NTOHL() and associated macros into <sys/param.h>. These are deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the source tree to use the lowercase function variants. o Add missing license bits to sparc64's <machine/endian.h>. Approved by: jake o Clean up <machine/endian.h> files. o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>. o Remove prototypes for non-existent bswapXX() functions. o Include <machine/endian.h> in <arpa/inet.h> to define the POSIX-required ntohl() family of functions. o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>, and <sys/param.h>. o Prepend underscores to the ntohl() family to help deal with complexities associated with having MD (asm and inline) versions, and having to prevent exposure of these functions in other headers that happen to make use of endian-specific defines. o Create weak aliases to the canonical function name to help deal with third-party software forgetting to include an appropriate header. o Remove some now unneeded pollution from <sys/types.h>. o Add missing <arpa/inet.h> includes in userland.
Tested on: alpha, i386 Reviewed by: bde, jake, tmm
show more ...
|
Revision tags: vendor/sendmail/8.12.2, release/4.5.0_cvs, release/4.4.0_cvs, vendor/bind/8.3.1, vendor/gcc/cvs-20020201-0820, vendor/bzip2/1.0.2, vendor/binutils/anoncvs_20020127, vendor/openssl/0.9.6c, vendor/top/3.5beta12, vendor/heimdal/0.3f-patch, vendor/ncurses/5.2-20020112a, vendor/less/v371, vendor/smbfs/1.4.3, vendor/smbfs/1.4.2, vendor/gcc/3.0.2, vendor/smbfs/1.4.1 |
|
#
6e551fb6 |
| 10-Dec-2001 |
David E. O'Brien <obrien@FreeBSD.org> |
Update to C99, s/__FUNCTION__/__func__/, also don't use ANSI string concatenation.
|
Revision tags: vendor/acpica/20011120, vendor/lomac/2.2.0, vendor/lomac/2.0.0, vendor/tzdata/tzdata2001d |
|
#
ce178806 |
| 08-Nov-2001 |
Robert Watson <rwatson@FreeBSD.org> |
o Replace reference to 'struct proc' with 'struct thread' in 'struct sysctl_req', which describes in-progress sysctl requests. This permits sysctl handlers to have access to the current thread,
o Replace reference to 'struct proc' with 'struct thread' in 'struct sysctl_req', which describes in-progress sysctl requests. This permits sysctl handlers to have access to the current thread, permitting work on implementing td->td_ucred, migration of suser() to using struct thread to derive the appropriate ucred, and allowing struct thread to be passed down to other code, such as network code where td is not currently available (and curproc is used).
o Note: netncp and netsmb are not updated to reflect this change, as they are not currently KSE-adapted.
Reviewed by: julian Obtained from: TrustedBSD Project
show more ...
|
Revision tags: vendor/misc-GNU/awk/3.1.0-fixed, vendor/misc-GNU/awk/3.1.0, vendor/binutils/2.11.20011031, vendor/acpica/20011018, vendor/one-true-awk/20001115, vendor/binutils/2.11.20010719, vendor/file/3.37, vendor/acpica/20010920 |
|
#
b40ce416 |
| 12-Sep-2001 |
Julian Elischer <julian@FreeBSD.org> |
KSE Milestone 2 Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is fu
KSE Milestone 2 Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process.
Sorry john! (your next MFC will be a doosie!)
Reviewed by: peter@freebsd.org, dillon@freebsd.org
X-MFC after: ha ha ha ha
show more ...
|
Revision tags: vendor/acpica/20010831, vendor/tcsh/6.11 |
|
#
f0ffb944 |
| 03-Sep-2001 |
Julian Elischer <julian@FreeBSD.org> |
Patches from Keiichi SHIMA <keiichi@iij.ad.jp> to make ip use the standard protosw structure again.
Obtained from: Well, KAME I guess.
|
Revision tags: vendor/amd/6.0.7, vendor/ntp/4.1.0, vendor/acpica/20010816, vendor/bind/8.2.5.string-patch, vendor/sendmail/8.11.6, vendor/misc-GNU/cvs/1.11.1p1, vendor/bind/8.2.4.hmac-md5-patch, vendor/sendmail/8.11.5, vendor/bind/8.2.4, vendor/file/3.36, vendor/ipfilter/3.4.20, vendor/ipfilter-sys/3-4-20 |
|
#
13cf67f3 |
| 26-Jul-2001 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
move ipsec security policy allocation into in_pcballoc, before making pcbs available to the outside world. otherwise, we will see inpcb without ipsec security policy attached (-> panic() in ipsec.c)
move ipsec security policy allocation into in_pcballoc, before making pcbs available to the outside world. otherwise, we will see inpcb without ipsec security policy attached (-> panic() in ipsec.c).
Obtained from: KAME MFC after: 3 days
show more ...
|
Revision tags: vendor/tcp_wrappers/7.6-2001-06-01, vendor/tcpdump/3.6.3, vendor/acpica/20010717, vendor/openssl/0.9.6b, vendor/NetBSD/lukemftp/1.5, vendor/tnftp/1.5, vendor/NetBSD/lukemftpd/1.1, vendor/groff/1.17.2, vendor/acpica/20010615, vendor/binutils/2.11.2, vendor/NetBSD/head_20010615, vendor/bzip2/1.0.1, vendor/heimdal/0.3f, vendor/acpica/20010518, vendor/sendmail/8.11.4, vendor/binutils/2.11.0, vendor/openssl/0.9.6a, vendor/ncurses/5.2-20010512, vendor/openssh/2.9, vendor/libpam/0.75, vendor/file/3.35, release/4.3.0_cvs, release/4.3.0, vendor/groff/1.17, vendor/libreadline/4.2, vendor/tzdata/tzdata2001b, vendor/tcpdump/3.6.2, vendor/libpcap/0.6.2, vendor/ee/1.4.1, vendor/file/3.34, vendor/gcc/2.95.3-with_sjlj_fix, vendor/gcc/2.95.3, vendor/opie/2.32.2001.03.04, vendor/tcsh/6.10-2001-01-28, vendor/sendmail/8.11.3, vendor/misc-GNU/bc/1.0.6, vendor/openssl/0.9.6-2001-02-10, vendor/bind/8.2.3, vendor/heimdal/0.3e, vendor/ipfilter/3.4.16, vendor/ipfilter-sys/v3-4-16 |
|
#
fc2ffbe6 |
| 04-Feb-2001 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Mechanical change to use <sys/queue.h> macro API instead of fondling implementation details.
Created with: sed(1) Reviewed by: md5(1)
|
Revision tags: vendor/acpica/20010125, vendor/sendmail/8.11.2, vendor/kerberosIV/1.0.5, vendor/acpica/20001215, vendor/gcc/cvs-20000711-1732, vendor/kerberosIV/1.0-tfutil, vendor/kerberosIV/1.0-kdc_reply, vendor/kerberosIV/1.0-extra, vendor/acpica/20001201, vendor/groff/1.16.1, vendor/openssh/2.3.0, vendor/acpica/20001115, vendor/tcsh/6.10, vendor/file/3.33, vendor/binutils/2.10.1, vendor/binutils/2.10.0, release/4.2.0, vendor/openssh/20001110, vendor/openssl/0.9.6, vendor/bind/8.2.3-aa-patch, vendor/file/3.32, vendor/tcsh/6.09.01-20001031, vendor/isc-dhcp/2.0pl5_v3_fixes, vendor/isc-dhcp/FBSD_ISC_DHCP_2_0_PL5_+_V3_FIXES, vendor/isc-dhcp/FBSD_ISC_DHCP_2_0_PL5, vendor/isc-dhcp/2.0pl5, vendor/bind/8.2.3.t6b |
|
#
cf9fa8e7 |
| 29-Oct-2000 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Move suser() and suser_xxx() prototypes and a related #define from <sys/proc.h> to <sys/systm.h>.
Correctly document the #includes needed in the manpage.
Add one now needed #include of <sys/systm.h
Move suser() and suser_xxx() prototypes and a related #define from <sys/proc.h> to <sys/systm.h>.
Correctly document the #includes needed in the manpage.
Add one now needed #include of <sys/systm.h>. Remove the consequent 48 unused #includes of <sys/proc.h>.
show more ...
|
Revision tags: vendor/ipfilter/3.4.13, vendor/ipfilter-sys/v3-4-13, vendor/acpica/20001020, vendor/ipfilter/3.4.12, vendor/ipfilter-sys/v3-4-12, vendor/tzdata/tzdata2000g, vendor/gperf/2.7.2, vendor/ncurses/5.1-20001009, vendor/misc-GNU/cvs/1.11, vendor/sendmail/8.11.1, release/4.1.1_cvs |
|
#
e30177e0 |
| 14-Sep-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
Follow BSD/OS and NetBSD, keep the ip_id field in network order all the time.
Requested by: wollman
|
Revision tags: vendor/openssh/2.2.0-2000-09-09 |
|
#
04287599 |
| 01-Sep-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
Fixed broken ICMP error generation, unified conversion of IP header fields between host and network byte order. The details:
o icmp_error() now does not add IP header length. This fixes the proble
Fixed broken ICMP error generation, unified conversion of IP header fields between host and network byte order. The details:
o icmp_error() now does not add IP header length. This fixes the problem when icmp_error() is called from ip_forward(). In this case the ip_len of the original IP datagram returned with ICMP error was wrong.
o icmp_error() expects all three fields, ip_len, ip_id and ip_off in host byte order, so DTRT and convert these fields back to network byte order before sending a message. This fixes the problem described in PR 16240 and PR 20877 (ip_id field was returned in host byte order).
o ip_ttl decrement operation in ip_forward() was moved down to make sure that it does not corrupt the copy of original IP datagram passed later to icmp_error().
o A copy of original IP datagram in ip_forward() was made a read-write, independent copy. This fixes the problem I first reported to Garrett Wollman and Bill Fenner and later put in audit trail of PR 16240: ip_output() (not always) converts fields of original datagram to network byte order, but because copy (mcopy) and its original (m) most likely share the same mbuf cluster, ip_output()'s manipulations on original also corrupted the copy.
o ip_output() now expects all three fields, ip_len, ip_off and (what is significant) ip_id in host byte order. It was a headache for years that ip_id was handled differently. The only compatibility issue here is the raw IP socket interface with IP_HDRINCL socket option set and a non-zero ip_id field, but ip.4 manual page was unclear on whether in this case ip_id field should be in host or network byte order.
show more ...
|
#
3e065e76 |
| 30-Aug-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
Fixed the bug that div_bind() always returned zero even if there was an error (broken in rev 1.9).
|
Revision tags: vendor/bind/8.2.3.t5b-20000823, vendor/perl5/5.006.00.01, vendor/misc-GNU/awk/3.0.6, vendor/heimdal/0.2p-patch-2000-08-12, vendor/ipfilter/3.4.9, vendor/kerberosIV/1.0-patch-2000-08-12, vendor/ipfilter-sys/v3-4-9, vendor/sendmail/8.11.0, vendor/tzdata/tzdata2000f, vendor/SGI/vjs_20000806, vendor/isc-dhcp/2.0-fix_20000803 |
|
#
cec335f9 |
| 03-Aug-2000 |
Ruslan Ermilov <ru@FreeBSD.org> |
Make netstat(1) to be aware of divert(4) sockets.
|