Commit Graph

70 Commits

Author SHA1 Message Date
Bruce M Simpson
e9077dd658 Fix devfs cloning for non-superusers when net.link.tap.user_open is non-zero.
Note: 'ifconfig tapX create' still requires PRIV_NET_IFCREATE privilege.

Reviewed by:	rwatson
2007-02-05 11:29:08 +00:00
Bruce M Simpson
cd83bbd2aa Implement ifnet cloning for tun(4)/tap(4).
Make devfs cloning a sysctl/tunable which defaults to on.

If devfs cloning is enabled, only the super-user may create
tun(4)/tap(4)/vmnet(4) instances. Devfs cloning is still enabled by
default; it may be disabled from the loader or via sysctl with
"net.link.tap.devfs_cloning" and "net.link.tun.devfs_cloning".

Disabling its use affects potentially all tun(4)/tap(4) consumers
including OpenSSH, OpenVPN and VMware.

PR:		105228 (potentially also 90413, 105570)
Submitted by:	Landon Fuller
Tested by:	Andrej Tobola
Approved by:	core (rwatson)
MFC after:	4 weeks
2007-02-04 16:32:46 +00:00
Bruce M Simpson
7059a5e0bd Drop unicast Ethernet frames not destined for the configured address
of a tap(4) instance, if IFF_PROMISC is not set.

In tap(4), we should emulate the effect IFF_PROMISC would have on
hardware, otherwise we risk introducing layer 2 loops if tap(4) is
used with bridges. This means not even bpf(4) gets to see them.

This patch has been tested in a variety of situations. Multicast and
broadcast frames are correctly allowed through. I have observed this
behaviour causing problems with multiple QEMU instances hosted on
the same FreeBSD machine.

The checks in in ether_demux() [if_ethersubr.c, rev 1.222, line 638]
are insufficient to prevent this bug from occurring, as ifp->if_vlantrunk
will always be NULL for the non-vlan case.

MFC after:	3 weeks
PR:		86429
Submitted by:	Pieter de Boer (with changes)
2007-02-03 02:57:45 +00:00
Bruce M Simpson
217f71d80c Use int instead of u_int for the 'extra' argument to the
clone_create() KPI.
This fixes a signedness bug in unit number comparisons.

Submitted by:	imp, Landon Fuller
PR:		kern/105228
MFC after:	2 weeks
2007-02-02 22:27:45 +00:00
Robert Watson
acd3428b7d Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges.  These may
require some future tweaking.

Sponsored by:           nCircle Network Security, Inc.
Obtained from:          TrustedBSD Project
Discussed on:           arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                        Alex Lyashkov <umka at sevcity dot net>,
                        Skip Ford <skip dot ford at verizon dot net>,
                        Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:42:10 +00:00
Christian S.J. Peron
82f4b374d5 Currently, we initialize "error" to zero when it's declared, then
we never initialize it to anything else. However, in the case that
m_uiotombuf fails, we return error (effectively reporting success).

This appears to be a relic of an older revision of this file, where
"error" used to be doing something useful. (See revision 1.1, where
error is used in a loop with uiomove() instead of using m_uiotomubf).

So instead on unconditionally reporting success in the case there is
a failure in m_uiotombuf, explicitly return ENOBUFS. While we are
here, garbage collect the error variable since it's no longer required.

MFC after:	2 weeks
2006-11-04 20:54:37 +00:00
Andre Oppermann
5e20f43d31 Rename m_getm() to m_getm2() and rewrite it to allocate up to page sized
mbuf clusters.  Add a flags parameter to accept M_PKTHDR and M_EOR mbuf
chain flags.  Provide compatibility macro for m_getm() calling m_getm2()
with M_PKTHDR set.

Rewrite m_uiotombuf() to use m_getm2() for mbuf allocation and do the
uiomove() in a tight loop over the mbuf chain.  Add a flags parameter to
accept mbuf flags to be passed to m_getm2().  Adjust all callers for the
extra parameter.

Sponsored by:	TCP/IP Optimization Fundraise 2005
MFC after:	3 month
2006-11-02 17:37:22 +00:00
Ruslan Ermilov
9fddcc6661 Fix our ioctl(2) implementation when the argument is "int". New
ioctls passing integer arguments should use the _IOWINT() macro.
This fixes a lot of ioctl's not working on sparc64, most notable
being keyboard/syscons ioctls.

Full ABI compatibility is provided, with the bonus of fixing the
handling of old ioctls on sparc64.

Reviewed by:	bde (with contributions)
Tested by:	emax, marius
MFC after:	1 week
2006-09-27 19:57:02 +00:00
Brooks Davis
6a51be11da Drop a pointless cast of ifp->if_softc to (struct tap_softc *). 2006-07-15 02:13:05 +00:00
Marius Strobl
fa67ebf9bb Revert the (int *) -> (intptr_t *) conversion done as part of rev. 1.59
for IOCTLs where casting data to intptr_t * isn't the right thing to do
as _IO() isn't used for them but _IOR(..., int)/_IOW(..., int) are (i.e.
for all IOCTLs except VMIO_SIOCSIFFLAGS), fixing tap(4) on big-endian
LP64 machines.

PR:		sparc64/98084
OK'ed by:	emax
MFC after:	1 week
2006-05-30 20:08:12 +00:00
Maksim Yevmenkin
7a9adfdd85 Do not call knlist_destroy() in tapclose(). Instead call it when device is
actually destroyed. Also move call to knlist_init() into tapcreate(). This
should fix panic described in kern/95357.

PR:			kern/95357
No response from:	freebsd-current@
MFC after:		3 days
2006-05-17 17:05:02 +00:00
Maksim Yevmenkin
a9e17e2e05 Add kqueue(2) support on if_tap(4) interfaces. While I'm here, replace
K&R style function declarations with ANSI style. Also fix endian bugs
accessing ioctl arguments that are passed by value.

PR:		kern/93897
Submitted by:	Vilmos Nebehaj < vili at huwico dot hu >
MFC after:	1 week
2006-03-16 18:22:01 +00:00
Ruslan Ermilov
4a0d6638b3 - Store pointer to the link-level address right in "struct ifnet"
rather than in ifindex_table[]; all (except one) accesses are
  through ifp anyway.  IF_LLADDR() works faster, and all (except
  one) ifaddr_byindex() users were converted to use ifp->if_addr.

- Stop storing a (pointer to) Ethernet address in "struct arpcom",
  and drop the IFP2ENADDR() macro; all users have been converted
  to use IF_LLADDR() instead.
2005-11-11 16:04:59 +00:00
Robert Watson
13f4c340ae Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and
IFF_DRV_RUNNING, as well as the move from ifnet.if_flags to
ifnet.if_drv_flags.  Device drivers are now responsible for
synchronizing access to these flags, as they are in if_drv_flags.  This
helps prevent races between the network stack and device driver in
maintaining the interface flags field.

Many __FreeBSD__ and __FreeBSD_version checks maintained and continued;
some less so.

Reviewed by:	pjd, bz
MFC after:	7 days
2005-08-09 10:20:02 +00:00
Robert Watson
6a113b3de7 Merge the dev_clone and dev_clone_cred event handlers into a single
event handler, dev_clone, which accepts a credential argument.
Implementors of the event can ignore it if they're not interested,
and most do.  This avoids having multiple event handler types and
fall-back/precedence logic in devfs.

This changes the kernel API for /dev cloning, and may affect third
party packages containg cloning kernel modules.

Requested by:	phk
MFC after:	3 days
2005-08-08 19:55:32 +00:00
Brooks Davis
fc74a9f93a Stop embedding struct ifnet at the top of driver softcs. Instead the
struct ifnet or the layer 2 common structure it was embedded in have
been replaced with a struct ifnet pointer to be filled by a call to the
new function, if_alloc(). The layer 2 common structure is also allocated
via if_alloc() based on the interface type. It is hung off the new
struct ifnet member, if_l2com.

This change removes the size of these structures from the kernel ABI and
will allow us to better manage them as interfaces come and go.

Other changes of note:
 - Struct arpcom is no longer referenced in normal interface code.
   Instead the Ethernet address is accessed via the IFP2ENADDR() macro.
   To enforce this ac_enaddr has been renamed to _ac_enaddr.
 - The second argument to ether_ifattach is now always the mac address
   from driver private storage rather than sometimes being ac_enaddr.

Reviewed by:	sobomax, sam
2005-06-10 16:49:24 +00:00
Peter Edwards
45778b37b2 Separate out address-detaching part of if_detach into if_purgeaddrs,
so if_tap doesn't need to rely on locally-rolled code to do same.

The observable symptom of if_tap's bzero'ing the address details
was a crash in "ifconfig tap0" after an if_tap device was closed.

Reported By: Matti Saarinen (mjsaarin at cc dot helsinki dot fi)
2005-05-25 13:52:03 +00:00
Maksim Yevmenkin
75ae257016 Change m_uiotombuf so it will accept offset at which data should be copied
to the mbuf. Offset cannot exceed MHLEN bytes. This is currently used to
fix Ethernet header alignment problem on alpha and sparc64. Also change all
users of m_uiotombuf to pass proper offset.

Reviewed by:	jmg, sam
Tested by:	Sten Spans "sten AT blinkenlights DOT nl"
MFC after:	1 week
2005-05-04 18:55:03 +00:00
Matthew N. Dodd
b137ea624b Provide a sysctl (net.link.tap.user_open) to allow unpriviliged
acces to tap(4) device nodes based on file system permission.

Duplicate the 'debug.if_tap_debug' sysctl under the
'net.link.tap' hierarchy.
2005-04-13 00:30:19 +00:00
Poul-Henning Kamp
f4f6abcb4e Explicitly hold a reference to the cdev we have just cloned. This
closes the race where the cdev was reclaimed before it ever made it
back to devfs lookup.
2005-03-31 12:19:44 +00:00
Warner Losh
c398230b64 /* -> /*- for license, minor formatting changes 2005-01-07 01:45:51 +00:00
Poul-Henning Kamp
9eaed5e66e Don't include filedesc.h
Include fcntl.h
Include selinfo.h (don't rely on vnode.h to do so)
Check O_NONBLOCK instead of IO_NDELAY
Don't include vnode.h
2004-12-22 17:38:43 +00:00
Gleb Smirnoff
411f23b06e Utilize m_uiotombuf() in device write method, instead of home-grown
implementation. This also gives a performance improvement, because
m_uiotombuf() utilizes clusters.

Approved by:	julian (mentor)
MFC after:	1 month
2004-10-31 17:39:46 +00:00
Robert Watson
6874bcf242 Destroy global tapmtx when the if_tap module is unloaded.
RELENG_5 candidated.
2004-09-17 03:55:50 +00:00
Maksim Yevmenkin
285b72aa78 Set IFF_RUNNING flag on the interface as soon as the control device is opened. 2004-08-11 00:12:27 +00:00
Poul-Henning Kamp
f3732fd15b Second half of the dev_t cleanup.
The big lines are:
	NODEV -> NULL
	NOUDEV -> NODEV
	udev_t -> dev_t
	udev2dev() -> findcdev()

Various minor adjustments including handling of userland access to kernel
space struct cdev etc.
2004-06-17 17:16:53 +00:00
Poul-Henning Kamp
89c9c53da0 Do the dreaded s/dev_t/struct cdev */
Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
Poul-Henning Kamp
5dba30f15a add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
Robert Watson
78592d56ef Correct a bug introduced with the recent clone API chang: when the clone
event handler for if_tap fails, make sure to clean up clone state to
prevent a clone memory leak.
2004-03-18 14:18:51 +00:00
Robert Watson
b4f5ef7eac sAdd a comment indicating why there continues to be a race condition in
the tap driver, even with Giant over the cdev operation vector, due to
a non-atomic test-and-set of the si_drv1 field in the dev_t.  This bug
exists with Giant under high memory pressure, as malloc() may sleep
in tapcreate(), but is less likely to occur.  The resolution will
probably be to cover si_drv1 using the global tapmtx since no softc is
available, but I need to think about this problem more generally
across a range of drivers using si_drv1 in combination with SI_CHEAPCLONE
to defer expensive allocation to open().

Correct what appears to be a bug in the original if_tap implementation,
in which tapopen() will panic if a tap device instance is opened more
than once due to an incorrect assertion -- only triggered if INVARIANTS
is compiled in (i.e., when built into a kernel).  Return EBUSY instead.

Expand mtx_lock() coverage using tp->tap_mtx to include tp->ether_addr.
2004-03-18 09:55:11 +00:00
Robert Watson
7c924a5287 Add tap_mtx to tap_softc in order to protect per-softc variables
(tap_pid, tap_flags).  if_tap should now be entirely MPSAFE.

Committed from:			Bamboo house by ocean in Taiwan
Tropical paradise provided by:	Chia-liang Kao <clkao@clkao.org>
2004-03-17 01:09:59 +00:00
Robert Watson
5e71a73b7b Lock down global variables in if_tap (primarily, the tap softc list);
add tapmtx, which protects globale variables.

Notes:

- The EBUSY check in MOD_UNLOAD may be subject to a race.  Moving the
  event handler unregister inside the mutex grab may prevent that race.

- Locking of global variables safely is now possible because tapclones
  is only modified when the module is loading or unloading, thanks to
  phk's recent chang to clone_setup().

- softc locking to follow.
2004-03-15 01:52:00 +00:00
Poul-Henning Kamp
9397290e76 Add clone_setup() function rather than rely on lazy initialization.
Requested by:	rwatson
2004-03-11 12:58:55 +00:00
Poul-Henning Kamp
4f81134a23 Fix handling of tap/vmnet flag in relation to cloning and properly enforce
largest supported unit number for this device driver.

Reported by:	Kaho Toshikazu <kaho@easy.es.tuat.ac.jp>
2004-03-10 08:02:29 +00:00
Bruce Evans
63a97efcbb Don't set d_flags twice. The second setting clobbered D_NOGIANT. 2004-02-24 04:35:44 +00:00
Poul-Henning Kamp
dc08ffec87 Device megapatch 4/6:
Introduce d_version field in struct cdevsw, this must always be
initialized to D_VERSION.

Flip sense of D_NOGIANT flag to D_NEEDGIANT, this involves removing
four D_NOGIANT flags and adding 145 D_NEEDGIANT flags.
2004-02-21 21:10:55 +00:00
Poul-Henning Kamp
b0b0334878 Device megapatch 2/6:
This commit adds a couple of functions for pseudodrivers to use for
implementing cloning in a manner we will be able to lock down (shortly).

Basically what happens is that pseudo drivers get a way to ask for
"give me the dev_t with this unit number" or alternatively "give
me a dev_t with the lowest guaranteed free unit number" (there is
unfortunately a lot of non-POLA in the exact numeric value of this
number, just live with it for now)

Managing the unit number space this way removes the need to use
rman(9) to do so in the drivers this greatly simplifies the code in
the drivers because even using rman(9) they still needed to manage
their dev_t's anyway.

I have taken the if_tun, if_tap, snp and nmdm drivers through the
mill, partly because they (ab)used makedev(), but mostly because
together they represent three different problems for device-cloning:

if_tun and snp is the plain case: just give me a device.

if_tap has two kinds of devices, with a flag for device type.

nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
Seigo Tanimura
512824f8f7 - Implement selwakeuppri() which allows raising the priority of a
thread being waken up.  The thread waken up can run at a priority as
  high as after tsleep().

- Replace selwakeup()s with selwakeuppri()s and pass appropriate
  priorities.

- Add cv_broadcastpri() which raises the priority of the broadcast
  threads.  Used by selwakeuppri() if collision occurs.

Not objected in:	-arch, -current
2003-11-09 09:17:26 +00:00
Brooks Davis
9bf40ede4a Replace the if_name and if_unit members of struct ifnet with new members
if_xname, if_dname, and if_dunit. if_xname is the name of the interface
and if_dname/unit are the driver name and instance.

This change paves the way for interface renaming and enhanced pseudo
device creation and configuration symantics.

Approved By:	re (in principle)
Reviewed By:	njl, imp
Tested On:	i386, amd64, sparc64
Obtained From:	NetBSD (if_xname)
2003-10-31 18:32:15 +00:00
Poul-Henning Kamp
7ac40f5f59 Gigacommit to improve device-driver source compatibility between
branches:

Initialize struct cdevsw using C99 sparse initializtion and remove
all initializations to default values.

This patch is automatically generated and has been tested by compiling
LINT with all the fields in struct cdevsw in reverse order on alpha,
sparc64 and i386.

Approved by:    re(scottl)
2003-03-03 12:15:54 +00:00
Dag-Erling Smørgrav
521f364b80 More low-hanging fruit: kill caddr_t in calls to wakeup(9) / [mt]sleep(9). 2003-03-02 16:54:40 +00:00
Dag-Erling Smørgrav
8994a245e0 Clean up whitespace, s/register //, refrain from strong urge to ANSIfy. 2003-03-02 15:56:49 +00:00
Dag-Erling Smørgrav
c952458814 uiomove-related caddr_t -> void * (just the low-hanging fruit) 2003-03-02 15:50:23 +00:00
Warner Losh
a163d034fa Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
Poul-Henning Kamp
6ec82c07ac NODEVFS cleanup: unifdef 2003-01-30 13:13:11 +00:00
Alfred Perlstein
44956c9863 Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
Poul-Henning Kamp
7e760e148a Originally when DEVFS was added, a global variable "devfs_present"
was used to control code which were conditional on DEVFS' precense
since this avoided the need for large-scale source pollution with
#include "opt_geom.h"

Now that we approach making DEVFS standard, replace these tests
with an #ifdef to facilitate mechanical removal once DEVFS becomes
non-optional.

No functional change by this commit.
2003-01-19 11:03:07 +00:00
Sam Leffler
6fc32a2495 network interface and link layer changes:
o on input don't strip the Ethernet header from packets
o input packet handling is now done with if_input
o track changes to ether_ifattach/ether_ifdetach API
o track changes to bpf tapping
o call ether_ioctl for default handling of ioctl's
o use constants from net/ethernet.h where possible

Reviewed by:	many
Approved by:	re
2002-11-15 00:00:15 +00:00
Poul-Henning Kamp
08b29601a0 Be consistent about functions being static.
Spotted by:	FlexeLint
2002-10-16 10:45:53 +00:00
Don Lewis
91e97a8266 In an SMP environment post-Giant it is no longer safe to blindly
dereference the struct sigio pointer without any locking.  Change
fgetown() to take a reference to the pointer instead of a copy of the
pointer and call SIGIO_LOCK() before copying the pointer and
dereferencing it.

Reviewed by:	rwatson
2002-10-03 02:13:00 +00:00