for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.
These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.
Reviewed by: Bruce Evans <bde@zeta.org.au>
Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by: Mike Spengler <mks@networkcs.com>
by bde, a few other tweaks to get the patch to apply cleanly again and
some improvements to the comments.
This change closes some fairly minor security holes associated with
F_SETOWN, fixes a few bugs, and removes some limitations that F_SETOWN
had on tty devices. For more details, see the description on the PR.
Because this patch increases the size of the proc and pgrp structures,
it is necessary to re-install the includes and recompile libkvm,
the vinum lkm, fstat, gcore, gdb, ipfilter, ps, top, and w.
PR: kern/7899
Reviewed by: bde, elvind
to convert the timeval into a tick count.
Suggested by: bde
Reviewed by: bde
Handle hz > 1000 in BIOCGRTIMEOUT.
Pointed out by: bde
Reviewed by: bde
Obtained from: OpenBSD
FreeBSD repository version of this file and the isdn4bsd version,
adopt those changes from the i4b version that make this file
BSD-version independent. I attempted to avoid uglifying this file too
much, thus deviated a little from the i4b version (and hope they will
adopt the changes, too).
The diffs mostly concentrate on:
. #include differences between the systems
. different callout handling between FreeBSD vs. Net/OpenBSD
. interface naming (Net/OpenBSD store the ASCII name including the
unit # in struct ifnet, FreeBSD only the name)
. use of random() in FreeBSD vs. time-based pseudo-randomization in
Net/OpenBSD (for loopback detection ad CHAP challenges -- i
assume at least OpenBSD could also benefit from random(), but that's
the way i've got this file)
. interface address list elements are named a little differently
between FreeBSD and Net/OpenBSD
I attempted to segregate those compat fixes from other code fixes and
enhancements.
Obtained from: The isdn4bsd project
another specialized mbuf type in the process. Also clean up some
of the cruft surrounding IPFW, multicast routing, RSVP, and other
ill-explored corners.
ioctl() routine at the end of if_delmulti() so that interfaces with
hardware multicast filtering can update their filters in a timely
manner.
If the interface doesn't support hardware multicast filtering, then
reception of multicast frames is done using 'promiscious mode' or
'capture all multicast frames' mode and software filtering in the
kernel. In this case, it doesn't matter if if_delmulti() ever does
an SCIODELMULTI on the interface or not: if MULTICAST support is
enabled, then we join the 'all hosts' group when the interface is
configured, and remain in it until the interface is brought down.
Without hardware filtering, joining one group means joining all
groups, so it makes no difference if we call the SIOCDELMULTI
routine.
If the interface does support hardware multicast filtering, then
by not reprogramming the hardware filter in if_delmulti(), we have
to wait until somebody calls if_setmulti(), during which time the
interface is receiving frames for multicast groups in which we are
no longer interested.
several new features are added:
- support vc/vp shaping
- support pvc shadow interface
code cleanup:
- remove WMAYBE related code. ENI WMAYBE DMA doen't work.
- remove updating if_lastchange for every packet.
- BPF related code is moved to midway.c as it should be.
(bpfwrite should work if atm_pseudohdr and LLC/SNAP are
prepended.)
- BPF link type is changed to DLT_ATM_RFC1483.
BPF now understands only LLC/SNAP!! (because bpf can't
handle variable link header length.)
It is recommended to use LLC/SNAP instead of NULL
encapsulation for various reasons. (BPF, IPv6,
interoperability, etc.)
the code has been used for months in ALTQ and KAME IPv6.
OKed by phk long time ago.
respectively. Most of the longs should probably have been
u_longs, but this changes is just to prevent warnings about
casts between pointers and integers of different sizes, not
to fix poorly chosen types.
sizeof(struct bpf_hdr) > 20. 20 is normal on 32-bit systems with
32-bit alignment, but we still assume that the last 2 bytes of the
struct are unnecessary padding on such systems. On systems with
64-bit longs, struct timeval is bloated to 16 bytes, so bpf headers
certainly don't fit in 18 bytes.
Remove lots'o'hacks.
looutput is now static.
Other callers who want to use loopback to allow shortcutting
should call the special entrypoint for this, if_simloop(), which is
specifically designed for this purpose. Using looutput for this purpose
was problematic, particularly with bpf and trying to keep track
of whether one should be using the charateristics of the loopback interface
or the interface (e.g. if_ethersubr.c) that was requesting the loopback.
There was a whole class of errors due to this mis-use each of which had
hacks to cover them up.
Consists largly of hack removal :-)
FreeBSD/alpha. The most significant item is to change the command
argument to ioctl functions from int to u_long. This change brings us
inline with various other BSD versions. Driver writers may like to
use (__FreeBSD_version == 300003) to detect this change.
The prototype FreeBSD/alpha machdep will follow in a couple of days
time.
NetBSD, ported to FreeBSD by Pierre Beyssac <pb@fasterix.freenix.org> and
minorly tweaked by me.
This is a standard part of FreeBSD, but must be enabled with:
"sysctl -w net.inet.ip.fastforwarding=1" ...and of course forwarding must
also be enabled. This should probably be modified to use the zone
allocator for speed and space efficiency. The current algorithm also
appears to lose if the number of active paths exceeds IPFLOW_MAX (256),
in which case it wastes lots of time trying to figure out which cache
entry to drop.
* Figure out UTC relative to boottime. Four new functions provide
time relative to boottime.
* move "runtime" into struct proc. This helps fix the calcru()
problem in SMP.
* kill mono_time.
* add timespec{add|sub|cmp} macros to time.h. (XXX: These may change!)
* nanosleep, select & poll takes long sleeps one day at a time
Reviewed by: bde
Tested by: ache and others
"time" wasn't a atomic variable, so splfoo() protection were needed
around any access to it, unless you just wanted the seconds part.
Most uses of time.tv_sec now uses the new variable time_second instead.
gettime() changed to getmicrotime(0.
Remove a couple of unneeded splfoo() protections, the new getmicrotime()
is atomic, (until Bruce sets a breakpoint in it).
A couple of places needed random data, so use read_random() instead
of mucking about with time which isn't random.
Add a new nfs_curusec() function.
Mark a couple of bogosities involving the now disappeard time variable.
Update ffs_update() to avoid the weird "== &time" checks, by fixing the
one remaining call that passwd &time as args.
Change profiling in ncr.c to use ticks instead of time. Resolution is
the same.
Add new function "tvtohz()" to avoid the bogus "splfoo(), add time, call
hzto() which subtracts time" sequences.
Reviewed by: bde
24 (which is magnalink!) rather than the correct 26.
Initial attempt at a compatability kludge that will negotiate for either
but will prefer to use the correct deflate compression type.
to #include <sys/time.h> first. I've lost count of the number of times
I've had to patch this in porting code. The problem is the
"struct timeval ifi_lastchange" in the mib stats. (most other systems don't
have this, until 4.4bsd anyway).
work reliably yet (I've had panics), but it does seem to occasionally
be able to transmit and receive syntactically-correct packets.
Also fixes one of if_ethersubr.c's legion style bugs, and removes
the hostcache code from standard kernels---the code that depends on it
is not going to happen any time soon, I'm afraid.
The differences Terrys patch and this patch are:
* Remove a lot of un-needed comments.
* Don't put l_hotchar at the front of stuct linesw, there is no need to.
* Use the #defines for the hotchar in the SLIP and PPP line disciplines
since pkh made tunctl static in revision 1.17 these are already
guaranteed to be zero'd and tunattach will only be called once.
Pointed out by: Bruce Evans and Bill Fenner
This introduce an xxxFS_BOOT for each of the rootable filesystems.
(Presently not required, but encouraged to allow a smooth move of option *FS
to opt_dontuse.h later.)
LFS is temporarily disabled, and will be re-enabled tomorrow.
it contains an address. This can replace all the myriad (wrong) ways
in which this task is performed in the current system. As an added
bonus, since it's a macro, then third-party software vendors have an easy
way to tell whether it's there or not. (This will become necessary
when sizeof(struct sockaddr) is increaased, and also when additional
fields are added to struct ifreq.)
- don't declare `struct arpcom' except in the kernel, so that there is no
dependency on <net/if.h> except in the kernel. This may break something
else.
- spell ETHER_ADDR_LEN as 6 again, so that there is no dependency on
<net/ethernet.h> even in the kernel.
This will not make any of object files that LINT create change; there
might be differences with INET disabled, but hardly anything compiled
before without INET anyway. Now the 'obvious' things will give a
proper error if compiled without inet - ipx_ip, ipfw, tcp_debug. The
only thing that _should_ work (but can't be made to compile reasonably
easily) is sppp :-(
This commit move struct arpcom from <netinet/if_ether.h> to
<net/if_arp.h>.
In sppp_chap_input:
1) in the CHAP_CHALLENGE case don't output the peer's name if it is not
what we expected (DEBUG) since it will be printed out in the course
of events anyway.
2) in the CHAP_SUCCESS case test whether the peer is required to
authenticate himself [(sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO))],
otherwise the state machine may never switch into the network state.
I saw this case against 2 different ISPs; they never bothered to
authenticate themselves to me.
In sppp_pap_input:
in the PAP_ACK case do the same as in 2) above for the same reason.
The #ifdef IPXIP in netipx/ipx_if.h is OK (used from ipx_usrreq.c and
ifconfig.c only).
I also fixed a typo IPXTUNNEL -> IPTUNNEL (and #ifdef'ed out the code
inside, as it never could have compiled - doh.)
Fixed nonblocking mode. It was per-device instead of per-file. This
also fixes clobbering of bd_rtout by overloading it to hold a wrong
version of the blocking flag. I hope nothing depends on the bugs.
Testing in if_ppp.c is good enough.
Added comments about bogus #includes and #defines.
Removed unused #includes.
Don't depend on gcc's misfeature of rewriting short args in old-style
function definitions to match wrong prototypes. I just changed the
function definition to match the prototype, since this is easy to
verify automatically (it causes no changes in the object code), but
it breaks K&R1 support and doesn't fix the pessimal type.
Use gettime() instead of microtime() to set if_lastchange for i/o's.
microtime() is probably too expensive. However, setting if_lastchange
for i/o's may be wrong.
volatile to use outside of splclock(). microtime() is probably too
expensive to use for every i/o. However, setting ifi_lastchange for
every i/o is just wrong according to the comment about ifi_lastchange
in <net/if.h>. It is set then for atm, fddi and the latest version
of ppp.)
Some of these changes are a bit rough and will become
more polished later. the changes to if_ethersubr should largely be moved
to within the appletalk code, but that will happen later.
A few of these were related to network-byteorder problems,
and more were related to loopback failures.
Distribute all but the most fundamental malloc types. This time I also
remembered the trick to making things static: Put "static" in front of
them.
A couple of finer points by: bde
Introduce the SIOC[SG]IFGENERIC hooks that can be used to pass an
arbritrary ioctl subcommand into an interface driver. Surprisingly
enough, there was no provision for this already present (except of the
option of abusing SIOC[SG]IFMEDIA for this).
The idea is that an interface driver can establish ioctl subcommands
of its own that can't be meaningfully interpreted by the upper layer
interface ioctl function. Something like this is required to
implement a clean solution of passing down things like CHAP secrets or
PPP options to the /sys/net/if_sppp* files. (Yes, my CHAP is now
finally working with it, but i gotta update my kernel to the new
callout interface before being able to commit _that_.)
Reviewed by: peter [long ago, actually]
by a protocol, to detirmine if an address matches the net this address
is part of. This is needed by protocols for which netmasks
"just don't work", for example appletalk.
Also add the code in appletalk to make use of this new feature.
Thsi fixes one of the longest standing bugs in appletalk.
The inability to talk to machines to which the path is via a router
which is on a different net, but the same netrange, as your interface.
Protocols that do not supply this function (e.g. IP) should not be affected.
2.3.0 -> 2.3.1 changes, but I seem to recall that there are certain
"issues" with 2.3.1 (I'm not sure if it's just pppd or the whole lot, I
am not quite that far). The present pppd seems to work with it just fine
for the time being.
Among the changes are that zlib (aka LZ77 aka deflate aka gzip) compression
is implemented as well as the original compress(1) LZW style.
socket addresses in mbufs. (Socket buffers are the one exception.) A number
of kernel APIs needed to get fixed in order to make this happen. Also,
fix three protocol families which kept PCBs in mbufs to not malloc them
instead. Delete some old compatibility cruft while we're at it, and add
some new routines in the in_cksum family.
returning ICMP_TIMXCEED)
use CISCO_UNICAST instead of CISCO_MULTICAST to send normal packets.
this is needed for packets to get processed by a cisco router,
but doesn't matter if a packet is just forwarded.
Reviewed by:itojun@itojun.org
than max_failures attempts, we are going to REJ it, to prevent endless
NAK loops.
(This is actually part of a larger local set of modifications i'm
running with, but the remainder (PAP & CHAP) ain't ready for prime-
time yet.)
1/ is compatible with the old route(1) in case needed.
2/ actually fixes the problem while vetting bad user input.
note: I have already fixed route(1) so the problem shouldn't occur.
if it does. use 0.0.0.0/0 instead of the word 'default' :)
We need to accept at least one sockaddr with zero length, in order
to be able to set the default route.
Suggested by: Phone conversation with Julian (sleep well!)
Route(1) has a bug that sends a bad message to the kernel. The kernel
trusts it and crashes. Add some sanity checks so that
we don't trust the user quite as much any more.
(also add a comment in if_ethersubr.c)