d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43d8b117e4
freebsd-dev/sys/netinet
History
Brooks Davis 838d985825 Rework the credential code to support larger values of NGROUPS and 
NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024
and 1023 respectively.  (Previously they were equal, but under a close
reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it
is the number of supplemental groups, not total number of groups.)

The bulk of the change consists of converting the struct ucred member
cr_groups from a static array to a pointer.  Do the equivalent in
kinfo_proc.

Introduce new interfaces crcopysafe() and crsetgroups() for duplicating
a process credential before modifying it and for setting group lists
respectively.  Both interfaces take care for the details of allocating
groups array. crsetgroups() takes care of truncating the group list
to the current maximum (NGROUPS) if necessary.  In the future,
crsetgroups() may be responsible for insuring invariants such as sorting
the supplemental groups to allow groupmember() to be implemented as a
binary search.

Because we can not change struct xucred without breaking application
ABIs, we leave it alone and introduce a new XU_NGROUPS value which is
always 16 and is to be used or NGRPS as appropriate for things such as
NFS which need to use no more than 16 groups.  When feasible, truncate
the group list rather than generating an error.

Minor changes:
  - Reduce the number of hand rolled versions of groupmember().
  - Do not assign to both cr_gid and cr_groups[0].
  - Modify ipfw to cache ucreds instead of part of their contents since
    they are immutable once referenced by more than one entity.

Submitted by:	Isilon Systems (initial implementation)
X-MFC after:	never
PR:		bin/113398 kern/133867
2009-06-19 17:10:35 +00:00
..
ipfw Rework the credential code to support larger values of NGROUPS and 2009-06-19 17:10:35 +00:00
libalias What's the point of adjusting a checksum if we are going to toss the 2009-04-11 15:26:31 +00:00
accf_data.c Rework socket upcalls to close some races with setup/teardown of upcalls. 2009-06-01 21:17:03 +00:00
accf_dns.c Rework socket upcalls to close some races with setup/teardown of upcalls. 2009-06-01 21:17:03 +00:00
accf_http.c Rework socket upcalls to close some races with setup/teardown of upcalls. 2009-06-01 21:17:03 +00:00
icmp6.h Add MLDv2 prototypes and defines. 2009-04-29 10:20:17 +00:00
icmp_var.h Update stats in struct icmpstat and icmp6stat using four new 2009-04-12 13:22:33 +00:00
if_atm.c
if_atm.h
if_ether.c After r193232 rt_tables in vnet.h are no longer indirectly dependent on 2009-06-08 19:57:35 +00:00
if_ether.h
igmp_var.h Update stats in struct igmpstat using two new macros: 2009-04-12 13:41:13 +00:00
igmp.c After r193232 rt_tables in vnet.h are no longer indirectly dependent on 2009-06-08 19:57:35 +00:00
igmp.h These are no longer referenced in the tree, so can be safely removed. 2009-06-10 18:12:15 +00:00
in_cksum.c
in_gif.c Fix and add a workaround on an issue of EtherIP packet with reversed 2009-06-07 23:00:40 +00:00
in_gif.h
in_mcast.c After r193232 rt_tables in vnet.h are no longer indirectly dependent on 2009-06-08 19:57:35 +00:00
in_pcb.c Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC 2009-06-05 14:55:22 +00:00
in_pcb.h - Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistent 2009-06-01 10:30:00 +00:00
in_proto.c Add the explicit include of vimage.h to another five .c files still 2009-06-17 12:44:11 +00:00
in_rmx.c After r193232 rt_tables in vnet.h are no longer indirectly dependent on 2009-06-08 19:57:35 +00:00
in_systm.h
in_var.h Remove bogus comment. 2009-05-09 18:50:01 +00:00
in.c After r193232 rt_tables in vnet.h are no longer indirectly dependent on 2009-06-08 19:57:35 +00:00
in.h - Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistent 2009-06-01 10:30:00 +00:00
ip6.h Start removing IPv6 Type 0 Routing header code. 2009-03-03 13:12:12 +00:00
ip_carp.c Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit: 2009-04-29 19:19:13 +00:00
ip_carp.h Update stats in struct carpstats using two new macros: CARPSTATS_ADD() 2009-04-12 14:19:37 +00:00
ip_divert.c Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC 2009-06-05 14:55:22 +00:00
ip_divert.h
ip_dummynet.h Close long existed race with net.inet.ip.fw.one_pass = 0: 2009-06-09 21:27:11 +00:00
ip_ecn.c
ip_ecn.h
ip_encap.c
ip_encap.h
ip_fastfwd.c Change if_output to take a struct route as its fourth argument in order 2009-04-16 20:30:28 +00:00
ip_fw.h Close long existed race with net.inet.ip.fw.one_pass = 0: 2009-06-09 21:27:11 +00:00
ip_gre.c
ip_gre.h
ip_icmp.c Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC 2009-06-05 14:55:22 +00:00
ip_icmp.h
ip_id.c
ip_input.c Move the kernel option FLOWTABLE chacking from the header file to the 2009-06-12 20:46:36 +00:00
ip_ipsec.c Only four out of nine arguments for ip_ipsec_output() are actually used. 2009-06-05 23:53:17 +00:00
ip_ipsec.h Only four out of nine arguments for ip_ipsec_output() are actually used. 2009-06-05 23:53:17 +00:00
ip_mroute.c Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC 2009-06-05 14:55:22 +00:00
ip_mroute.h Bracket struct mfc and struct rtdetq with #ifdef _KERNEL. 2009-04-21 12:47:09 +00:00
ip_options.c Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC 2009-06-05 14:55:22 +00:00
ip_options.h Add function ip_checkrouteralert(), which will be used 2009-03-04 02:51:22 +00:00
ip_output.c Move the kernel option FLOWTABLE chacking from the header file to the 2009-06-12 20:46:36 +00:00
ip_var.h Add the explicit include of vimage.h to another five .c files still 2009-06-17 12:44:11 +00:00
ip.h
pim_var.h Update stats in struct pimstat using two new macros: PIMSTAT_ADD() 2009-04-12 14:06:26 +00:00
pim.h
raw_ip.c After r193232 rt_tables in vnet.h are no longer indirectly dependent on 2009-06-08 19:57:35 +00:00
sctp_asconf.c
sctp_asconf.h
sctp_auth.c
sctp_auth.h
sctp_bsd_addr.c Add missing address lock when we look at the ifa list 2009-04-14 19:20:27 +00:00
sctp_bsd_addr.h
sctp_cc_functions.c
sctp_cc_functions.h
sctp_constants.h Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
sctp_crc32.c repository sync to multi-OS repo ... spaceing change 2009-05-07 16:43:49 +00:00
sctp_crc32.h
sctp_header.h
sctp_indata.c Changes to the NR-Sack code so that: 2009-06-17 12:34:56 +00:00
sctp_indata.h
sctp_input.c Changes to the NR-Sack code so that: 2009-06-17 12:34:56 +00:00
sctp_input.h
sctp_lock_bsd.h
sctp_os_bsd.h After r193232 rt_tables in vnet.h are no longer indirectly dependent on 2009-06-08 19:57:35 +00:00
sctp_os.h
sctp_output.c Changes to the NR-Sack code so that: 2009-06-17 12:34:56 +00:00
sctp_output.h
sctp_pcb.c Adds missing sysctl to manage the vtag_time_wait time. This will 2009-05-30 11:14:41 +00:00
sctp_pcb.h
sctp_peeloff.c
sctp_peeloff.h
sctp_structs.h add an llentry to struct route{_in6} to allow it to be passed around with 2009-04-15 20:34:19 +00:00
sctp_sysctl.c Adds missing sysctl to manage the vtag_time_wait time. This will 2009-05-30 11:14:41 +00:00
sctp_sysctl.h Adds missing sysctl to manage the vtag_time_wait time. This will 2009-05-30 11:14:41 +00:00
sctp_timer.c Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
sctp_timer.h
sctp_uio.h Make sctp_uio user to kernel structure match the 2009-05-30 10:50:40 +00:00
sctp_usrreq.c Many bug fixes (from the IETF hack-fest): 2009-04-04 11:43:32 +00:00
sctp_var.h Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
sctp.h Changes to the NR-Sack code so that: 2009-06-17 12:34:56 +00:00
sctputil.c Fix a small memory leak from the nr-sack code - the mapping array 2009-05-30 10:56:27 +00:00
sctputil.h Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
tcp_debug.c Remove the "The option TCPDEBUG requires option INET." requirement. 2009-06-10 10:39:41 +00:00
tcp_debug.h
tcp_fsm.h
tcp_hostcache.c Introduce an infrastructure for dismantling vnet instances. 2009-06-08 17:15:40 +00:00
tcp_hostcache.h
tcp_input.c Fix edge cases with ticks wrapping from INT_MAX to INT_MIN in the handling 2009-06-16 19:00:12 +00:00
tcp_lro.c
tcp_lro.h
tcp_offload.c
tcp_offload.h
tcp_output.c Trim extra sets of ()'s. 2009-06-16 19:00:48 +00:00
tcp_reass.c Remove comment about moving tcp_reass() to its own file named tcp_reass.c, 2009-05-25 14:51:47 +00:00
tcp_sack.c Update stats in struct tcpstat using two new macros, TCPSTAT_ADD() and 2009-04-11 22:07:19 +00:00
tcp_seq.h
tcp_subr.c Add explicit includes for jail.h to the files that need them and 2009-06-17 15:01:01 +00:00
tcp_syncache.c Introduce an infrastructure for dismantling vnet instances. 2009-06-08 17:15:40 +00:00
tcp_syncache.h Introduce an infrastructure for dismantling vnet instances. 2009-06-08 17:15:40 +00:00
tcp_timer.c Trim extra sets of ()'s. 2009-06-16 19:00:48 +00:00
tcp_timer.h
tcp_timewait.c Introduce an infrastructure for dismantling vnet instances. 2009-06-08 17:15:40 +00:00
tcp_usrreq.c - Change members of tcpcb that cache values of ticks from int to u_int: 2009-06-16 18:58:50 +00:00
tcp_var.h - Change members of tcpcb that cache values of ticks from int to u_int: 2009-06-16 18:58:50 +00:00
tcp.h
tcpip.h
toedev.h
udp_usrreq.c Added support for NAT-Traversal (RFC 3948) in IPsec stack. 2009-06-12 15:44:35 +00:00
udp_var.h Added support for NAT-Traversal (RFC 3948) in IPsec stack. 2009-06-12 15:44:35 +00:00
udp.h Added support for NAT-Traversal (RFC 3948) in IPsec stack. 2009-06-12 15:44:35 +00:00
vinet.h Implement UDP control block support. 2009-05-23 16:51:13 +00:00