freebsd-dev/sys/netinet
Brooks Davis 838d985825 Rework the credential code to support larger values of NGROUPS and
NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024
and 1023 respectively.  (Previously they were equal, but under a close
reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it
is the number of supplemental groups, not total number of groups.)

The bulk of the change consists of converting the struct ucred member
cr_groups from a static array to a pointer.  Do the equivalent in
kinfo_proc.

Introduce new interfaces crcopysafe() and crsetgroups() for duplicating
a process credential before modifying it and for setting group lists
respectively.  Both interfaces take care for the details of allocating
groups array. crsetgroups() takes care of truncating the group list
to the current maximum (NGROUPS) if necessary.  In the future,
crsetgroups() may be responsible for insuring invariants such as sorting
the supplemental groups to allow groupmember() to be implemented as a
binary search.

Because we can not change struct xucred without breaking application
ABIs, we leave it alone and introduce a new XU_NGROUPS value which is
always 16 and is to be used or NGRPS as appropriate for things such as
NFS which need to use no more than 16 groups.  When feasible, truncate
the group list rather than generating an error.

Minor changes:
  - Reduce the number of hand rolled versions of groupmember().
  - Do not assign to both cr_gid and cr_groups[0].
  - Modify ipfw to cache ucreds instead of part of their contents since
    they are immutable once referenced by more than one entity.

Submitted by:	Isilon Systems (initial implementation)
X-MFC after:	never
PR:		bin/113398 kern/133867
2009-06-19 17:10:35 +00:00
..
ipfw Rework the credential code to support larger values of NGROUPS and 2009-06-19 17:10:35 +00:00
libalias What's the point of adjusting a checksum if we are going to toss the 2009-04-11 15:26:31 +00:00
accf_data.c Rework socket upcalls to close some races with setup/teardown of upcalls. 2009-06-01 21:17:03 +00:00
accf_dns.c Rework socket upcalls to close some races with setup/teardown of upcalls. 2009-06-01 21:17:03 +00:00
accf_http.c Rework socket upcalls to close some races with setup/teardown of upcalls. 2009-06-01 21:17:03 +00:00
icmp6.h Add MLDv2 prototypes and defines. 2009-04-29 10:20:17 +00:00
icmp_var.h Update stats in struct icmpstat and icmp6stat using four new 2009-04-12 13:22:33 +00:00
if_atm.c This main goals of this project are: 2008-12-15 06:10:57 +00:00
if_atm.h
if_ether.c After r193232 rt_tables in vnet.h are no longer indirectly dependent on 2009-06-08 19:57:35 +00:00
if_ether.h remove dependency on net/if.h of this header 2009-02-16 15:07:40 +00:00
igmp_var.h Update stats in struct igmpstat using two new macros: 2009-04-12 13:41:13 +00:00
igmp.c After r193232 rt_tables in vnet.h are no longer indirectly dependent on 2009-06-08 19:57:35 +00:00
igmp.h These are no longer referenced in the tree, so can be safely removed. 2009-06-10 18:12:15 +00:00
in_cksum.c Add FBSDID to all files in netinet so that people can more 2007-10-07 20:44:24 +00:00
in_gif.c Fix and add a workaround on an issue of EtherIP packet with reversed 2009-06-07 23:00:40 +00:00
in_gif.h
in_mcast.c After r193232 rt_tables in vnet.h are no longer indirectly dependent on 2009-06-08 19:57:35 +00:00
in_pcb.c Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC 2009-06-05 14:55:22 +00:00
in_pcb.h - Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistent 2009-06-01 10:30:00 +00:00
in_proto.c Add the explicit include of vimage.h to another five .c files still 2009-06-17 12:44:11 +00:00
in_rmx.c After r193232 rt_tables in vnet.h are no longer indirectly dependent on 2009-06-08 19:57:35 +00:00
in_systm.h Use uint32_t instead of n_long and n_time, and uint16_t instead of n_short. 2009-02-13 15:14:43 +00:00
in_var.h Remove bogus comment. 2009-05-09 18:50:01 +00:00
in.c After r193232 rt_tables in vnet.h are no longer indirectly dependent on 2009-06-08 19:57:35 +00:00
in.h - Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistent 2009-06-01 10:30:00 +00:00
ip6.h Start removing IPv6 Type 0 Routing header code. 2009-03-03 13:12:12 +00:00
ip_carp.c Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit: 2009-04-29 19:19:13 +00:00
ip_carp.h Update stats in struct carpstats using two new macros: CARPSTATS_ADD() 2009-04-12 14:19:37 +00:00
ip_divert.c Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC 2009-06-05 14:55:22 +00:00
ip_divert.h
ip_dummynet.h Close long existed race with net.inet.ip.fw.one_pass = 0: 2009-06-09 21:27:11 +00:00
ip_ecn.c Add FBSDID to all files in netinet so that people can more 2007-10-07 20:44:24 +00:00
ip_ecn.h
ip_encap.c Add FBSDID to all files in netinet so that people can more 2007-10-07 20:44:24 +00:00
ip_encap.h
ip_fastfwd.c Change if_output to take a struct route as its fourth argument in order 2009-04-16 20:30:28 +00:00
ip_fw.h Close long existed race with net.inet.ip.fw.one_pass = 0: 2009-06-09 21:27:11 +00:00
ip_gre.c Enqueue de-capsulated packet instead of performing direct dispatch. It's 2008-07-04 21:01:30 +00:00
ip_gre.h
ip_icmp.c Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC 2009-06-05 14:55:22 +00:00
ip_icmp.h Use uint32_t instead of n_long and n_time, and uint16_t instead of n_short. 2009-02-13 15:14:43 +00:00
ip_id.c Rather than using hidden includes (with cicular dependencies), 2008-12-02 21:37:28 +00:00
ip_input.c Move the kernel option FLOWTABLE chacking from the header file to the 2009-06-12 20:46:36 +00:00
ip_ipsec.c Only four out of nine arguments for ip_ipsec_output() are actually used. 2009-06-05 23:53:17 +00:00
ip_ipsec.h Only four out of nine arguments for ip_ipsec_output() are actually used. 2009-06-05 23:53:17 +00:00
ip_mroute.c Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC 2009-06-05 14:55:22 +00:00
ip_mroute.h Bracket struct mfc and struct rtdetq with #ifdef _KERNEL. 2009-04-21 12:47:09 +00:00
ip_options.c Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC 2009-06-05 14:55:22 +00:00
ip_options.h Add function ip_checkrouteralert(), which will be used 2009-03-04 02:51:22 +00:00
ip_output.c Move the kernel option FLOWTABLE chacking from the header file to the 2009-06-12 20:46:36 +00:00
ip_var.h Add the explicit include of vimage.h to another five .c files still 2009-06-17 12:44:11 +00:00
ip.h Use uint32_t instead of n_long and n_time, and uint16_t instead of n_short. 2009-02-13 15:14:43 +00:00
pim_var.h Update stats in struct pimstat using two new macros: PIMSTAT_ADD() 2009-04-12 14:06:26 +00:00
pim.h
raw_ip.c After r193232 rt_tables in vnet.h are no longer indirectly dependent on 2009-06-08 19:57:35 +00:00
sctp_asconf.c Code from the hack-session known as the IETF (and a 2008-12-06 13:19:54 +00:00
sctp_asconf.h Code from the hack-session known as the IETF (and a 2008-12-06 13:19:54 +00:00
sctp_auth.c - Cleanup checksum code. 2009-02-03 11:04:03 +00:00
sctp_auth.h Code from the hack-session known as the IETF (and a 2008-12-06 13:19:54 +00:00
sctp_bsd_addr.c Add missing address lock when we look at the ifa list 2009-04-14 19:20:27 +00:00
sctp_bsd_addr.h 1) Adds the rest of the VIMAGE change macros 2008-07-09 16:45:30 +00:00
sctp_cc_functions.c - Macro-izes the packed declaration in all headers. 2008-06-14 07:58:05 +00:00
sctp_cc_functions.h 1) Adds the rest of the VIMAGE change macros 2008-07-09 16:45:30 +00:00
sctp_constants.h Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
sctp_crc32.c repository sync to multi-OS repo ... spaceing change 2009-05-07 16:43:49 +00:00
sctp_crc32.h This commit fixes the issue with alias_sctp.c. No 2009-02-14 11:34:57 +00:00
sctp_header.h Add the add-stream capability. Still needs more 2009-02-20 15:03:54 +00:00
sctp_indata.c Changes to the NR-Sack code so that: 2009-06-17 12:34:56 +00:00
sctp_indata.h Code from the hack-session known as the IETF (and a 2008-12-06 13:19:54 +00:00
sctp_input.c Changes to the NR-Sack code so that: 2009-06-17 12:34:56 +00:00
sctp_input.h 1) Adds the rest of the VIMAGE change macros 2008-07-09 16:45:30 +00:00
sctp_lock_bsd.h - Make strict-sacks be the default. 2008-08-28 09:44:07 +00:00
sctp_os_bsd.h After r193232 rt_tables in vnet.h are no longer indirectly dependent on 2009-06-08 19:57:35 +00:00
sctp_os.h - Fix address add handling to clear cached routes and source addresses 2007-08-24 00:53:53 +00:00
sctp_output.c Changes to the NR-Sack code so that: 2009-06-17 12:34:56 +00:00
sctp_output.h Fix the add stream feature of strm-reset to really work: 2009-02-27 20:54:45 +00:00
sctp_pcb.c Adds missing sysctl to manage the vtag_time_wait time. This will 2009-05-30 11:14:41 +00:00
sctp_pcb.h - Cleanup checksum code. 2009-02-03 11:04:03 +00:00
sctp_peeloff.c - Macro-izes the packed declaration in all headers. 2008-06-14 07:58:05 +00:00
sctp_peeloff.h - Copyright change, cisco's silly tool wants it to say: 2007-05-08 17:01:12 +00:00
sctp_structs.h add an llentry to struct route{_in6} to allow it to be passed around with 2009-04-15 20:34:19 +00:00
sctp_sysctl.c Adds missing sysctl to manage the vtag_time_wait time. This will 2009-05-30 11:14:41 +00:00
sctp_sysctl.h Adds missing sysctl to manage the vtag_time_wait time. This will 2009-05-30 11:14:41 +00:00
sctp_timer.c Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
sctp_timer.h Invariants changes that make more sense. 2008-10-27 13:53:31 +00:00
sctp_uio.h Make sctp_uio user to kernel structure match the 2009-05-30 10:50:40 +00:00
sctp_usrreq.c Many bug fixes (from the IETF hack-fest): 2009-04-04 11:43:32 +00:00
sctp_var.h Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
sctp.h Changes to the NR-Sack code so that: 2009-06-17 12:34:56 +00:00
sctputil.c Fix a small memory leak from the nr-sack code - the mapping array 2009-05-30 10:56:27 +00:00
sctputil.h Fixes several PR-SCTP releated bugs. 2009-03-14 13:42:13 +00:00
tcp_debug.c Remove the "The option TCPDEBUG requires option INET." requirement. 2009-06-10 10:39:41 +00:00
tcp_debug.h Use uint32_t instead of n_long and n_time, and uint16_t instead of n_short. 2009-02-13 15:14:43 +00:00
tcp_fsm.h Make tcpstates[] static, and make sure TCPSTATES is defined before 2007-07-30 11:06:42 +00:00
tcp_hostcache.c Introduce an infrastructure for dismantling vnet instances. 2009-06-08 17:15:40 +00:00
tcp_hostcache.h Add an essential .h file that skipped from the last commit (r185419). 2008-11-28 23:39:25 +00:00
tcp_input.c Fix edge cases with ticks wrapping from INT_MAX to INT_MIN in the handling 2009-06-16 19:00:12 +00:00
tcp_lro.c Don't calculate checksum if it has already been validated 2008-08-24 02:31:09 +00:00
tcp_lro.h Add generic TCP LOR into netinet 2008-06-11 22:12:50 +00:00
tcp_offload.c Rather than using hidden includes (with cicular dependencies), 2008-12-02 21:37:28 +00:00
tcp_offload.h - Switch to INP_WLOCK macro from inp_wlock 2008-07-21 21:22:56 +00:00
tcp_output.c Trim extra sets of ()'s. 2009-06-16 19:00:48 +00:00
tcp_reass.c Remove comment about moving tcp_reass() to its own file named tcp_reass.c, 2009-05-25 14:51:47 +00:00
tcp_sack.c Update stats in struct tcpstat using two new macros, TCPSTAT_ADD() and 2009-04-11 22:07:19 +00:00
tcp_seq.h
tcp_subr.c Add explicit includes for jail.h to the files that need them and 2009-06-17 15:01:01 +00:00
tcp_syncache.c Introduce an infrastructure for dismantling vnet instances. 2009-06-08 17:15:40 +00:00
tcp_syncache.h Introduce an infrastructure for dismantling vnet instances. 2009-06-08 17:15:40 +00:00
tcp_timer.c Trim extra sets of ()'s. 2009-06-16 19:00:48 +00:00
tcp_timer.h Two changes: 2007-09-24 05:26:24 +00:00
tcp_timewait.c Introduce an infrastructure for dismantling vnet instances. 2009-06-08 17:15:40 +00:00
tcp_usrreq.c - Change members of tcpcb that cache values of ticks from int to u_int: 2009-06-16 18:58:50 +00:00
tcp_var.h - Change members of tcpcb that cache values of ticks from int to u_int: 2009-06-16 18:58:50 +00:00
tcp.h add rcv_nxt, snd_nxt, and toe offload id to FreeBSD-specific 2008-05-05 20:13:31 +00:00
tcpip.h
toedev.h Don't check if an interface can do tcp offload if there are no offload devices registered on the system. 2008-09-01 05:30:22 +00:00
udp_usrreq.c Added support for NAT-Traversal (RFC 3948) in IPsec stack. 2009-06-12 15:44:35 +00:00
udp_var.h Added support for NAT-Traversal (RFC 3948) in IPsec stack. 2009-06-12 15:44:35 +00:00
udp.h Added support for NAT-Traversal (RFC 3948) in IPsec stack. 2009-06-12 15:44:35 +00:00
vinet.h Implement UDP control block support. 2009-05-23 16:51:13 +00:00