Commit Graph

1637 Commits

Author SHA1 Message Date
Robert Watson
a8e93fb7ec In bpf_setf(), protect against races between multiple user threads
attempting to change the BPF filter on a BPF descriptor at the same
time: retrieve the old filter pointer under the same locked region
as setting the new pointer.

MFC after:	3 days
2005-02-28 14:04:09 +00:00
Robert Watson
d1a67300e2 Update a comment describing bpf_iflist to indicate that the BPF interface
structures correspond to specific link layers, so the same network
interface may appear more than once.

MFC after:	3 days
2005-02-28 12:35:52 +00:00
Gleb Smirnoff
e8c34a71eb Remove carp_softc.sc_ifp member in favor of union pointers in struct ifnet.
Obtained from:	OpenBSD
2005-02-26 13:55:07 +00:00
Brooks Davis
bc9d299133 Change the definition of struct if_data's member ifi_epoch from wall
clock time to uptime because wall clock time may go backwards.

This is a change in the API which will impact SNMP agents who are using
ifi_epoch to set RFC2233's ifCounterDiscontinuityTime.  None are know to
exist today.  This will not impact applications that are using the
<index, epoch> tuple to verify interface uniqueness except that it
eliminates a race which could lead to a false assumption of uniqueness.

Because this is a behavior change, bump __FreeBSD_version.

Discussed with:	re (jhb, scottl)
MFC after:	3 days
Pointed out by:	pkh (way back at EuroBSDCon)
Pointy hat:	brooks
2005-02-25 19:46:41 +00:00
Maxim Konovalov
a6d008350d o Move ifcr_count sanity check up and reject negative values before we
panic at kmem_alloc() via malloc(9).

PR:		kern/77748
Submitted by:	Wojciech A. Koszek
OK'ed by:	brooks
Security:	local DoS, a sample code in the PR.
MFC after:	3 days
2005-02-24 13:14:41 +00:00
Gleb Smirnoff
58996b1337 Fix long lines in comment introduced in previous commit. 2005-02-24 10:15:50 +00:00
Sam Leffler
89bc9a3171 the rt parameter to ifa_rtrequest callbacks should always be non-null;
eliminate grauitous ptr checks that follow ptr deref's

Noticed by:	Coverity Prevent analysis tool
2005-02-24 01:34:01 +00:00
Sam Leffler
8d78bea456 eliminate dead code and collapse the remainder
Noticed by:	Coverity Prevent analysis tool
Reviewed by:	rwatson
2005-02-23 22:50:19 +00:00
Gleb Smirnoff
8b25904e36 Typo in comment. 2005-02-22 15:29:29 +00:00
Robert Watson
7e2041e0c4 When prepending an LCC SNAP header to an atalk outgoing ethernet packet,
allocate the additional mbuf (if needed) using a non-sleeping memory
allocation.

MFC after:	7 days
2005-02-22 15:03:25 +00:00
Gleb Smirnoff
4d96314f88 - In if_link_state_change() extract function body from if-block, to improve
readability.
- Call carp_carpdev_state() from if_link_state_change() if interface has
  associated CARP interface.

Sponsored by:	Rambler
2005-02-22 14:21:59 +00:00
Gleb Smirnoff
a97719482d Add CARP (Common Address Redundancy Protocol), which allows multiple
hosts to share an IP address, providing high availability and load
balancing.

Original work on CARP done by Michael Shalayeff, with many
additions by Marco Pfatschbacher and Ryan McBride.

FreeBSD port done solely by Max Laier.

Patch by:	mlaier
Obtained from:	OpenBSD (mickey, mcbride)
2005-02-22 13:04:05 +00:00
Ruslan Ermilov
6ee20ab521 Allocate the M_VLANTAG m_pkthdr flag, and use it to indicate that
a packet has VLAN mbuf tag attached.  This is faster to check than
m_tag_locate(), and allows us to use the tags in non-vlan(4) VLAN
producers.

The first argument to VLAN_OUTPUT_TAG() is now unused but retained
for backward compatibility.

While here, embellish a fix in rev. 1.174 of if_ethersubr.c -- it
now checks for packets with VLAN (mbuf) tags, and it should now
be possible to bridge(4) on vlan(4)'s whose parent interfaces
support VLAN decapsulation in hardware.

Reviewed by:	sam
2005-02-18 22:31:19 +00:00
Gleb Smirnoff
eb46c866bb Check for non-NULL ac_netgraph field in interface arpcom, instead of
checking global presence of ng_ether(4).

Reviewed by:	ru
2005-02-14 11:58:54 +00:00
Ruslan Ermilov
6c23e6cc5a If no vlan(4) interfaces are configured for the interface, and the
driver did VLAN decapsulation in hardware, we were passing a frame
as if it came for the parent (non-VLAN) interface.  Stop this from
happening.

Reminded by:	glebius
Security:	This could pose a security risk in some setups
2005-02-14 08:29:42 +00:00
Xin LI
b0b4b28bf1 Validate ifc->ifc_len before submitting its incarnation to sbuf_new,
which will finally lead to kernel panic.

Security:	This prevents a local (root-launched) DoS
Submitted by:	Wojciech A. Koszek [dunstan at freebsd czest pl]
PR:		77421
MFC After:	1 week
2005-02-12 17:51:12 +00:00
Poul-Henning Kamp
c711aea6ca Make a bunch of malloc types static.
Found by:	src/tools/tools/kernxref
2005-02-10 12:02:37 +00:00
Gleb Smirnoff
8b02df2485 Log changes of link state.
Reviewed by:	rwatson
2005-01-30 12:57:47 +00:00
Robert Watson
31c436a2a9 Acquire the raw_cb mutex around LIST_REMOVE() of a raw socket control
block from the global raw socket list.

Submitted by:	Roselyn Lee <rosel at verniernetworks dot com>
MFC after:	1 week
2005-01-24 22:56:09 +00:00
Yaroslav Tykhiy
cab574d841 Fix spelling in a comment. 2005-01-24 15:48:00 +00:00
Yaroslav Tykhiy
c6e6ca3e7b Reduce the global name space pollution.
The cloner structure isn't referenced by name outside this file.
2005-01-23 23:10:33 +00:00
Gleb Smirnoff
28935658c4 - Reduce number of arguments passed to dummynet_io(), we already have cookie
in struct ip_fw_args itself.
- Remove redundant &= 0xffff from dummynet_io().
2005-01-16 11:13:18 +00:00
Gleb Smirnoff
c31d24c37c Remove ip_fw.h and ip_dummynet.h from includes. 2005-01-15 22:04:17 +00:00
Gleb Smirnoff
6c69a7c30b o Clean up interface between ip_fw_chk() and its callers:
- ip_fw_chk() returns action as function return value. Field retval is
  removed from args structure. Action is not flag any more. It is one
  of integer constants.
- Any action-specific cookies are returned either in new "cookie" field
  in args structure (dummynet, future netgraph glue), or in mbuf tag
  attached to packet (divert, tee, some future action).

o Convert parsing of return value from ip_fw_chk() in ipfw_check_{in,out}()
  to a switch structure, so that the functions are more readable, and a future
  actions can be added with less modifications.

Approved by:	andre
MFC after:	2 months
2005-01-14 09:00:46 +00:00
Giorgos Keramidas
2ccfeeaef4 Fix a typo in a comment that may be confusing if one doesn't really
check what the code does.  Separators are spaces, commas or tabs;
not '*' characters (as one may assume by reading the old comment).
2005-01-11 10:47:51 +00:00
Hajimu UMEMOTO
529ed56f83 don't see NBPFILTER. 2005-01-11 07:17:33 +00:00
Hajimu UMEMOTO
2d106a00c9 remove HAVE_OLD_BPF part. 2005-01-11 07:14:37 +00:00
Hajimu UMEMOTO
4b9a5e9f07 we are not OLD_BPF system. 2005-01-11 07:08:15 +00:00
Hajimu UMEMOTO
9b1a707635 fix typo. 2005-01-11 07:05:56 +00:00
Gleb Smirnoff
1c7899c74e This change adds reliability for Ethernet trunks built with ng_one2many:
- Introduce another ng_ether(4) callback ng_ether_link_state_p, which
  is called from if_link_state_change(), every time link is changed.
- In ng_ether_link_state() send netgraph control message notifying
  of link state change to a node connected to "lower" hook.

Reviewed by:	sam
MFC after:	2 weeks
2005-01-08 12:42:03 +00:00
Warner Losh
c398230b64 /* -> /*- for license, minor formatting changes 2005-01-07 01:45:51 +00:00
Roman Kurakin
d676cb6fad Add FR support to sppp (MFCronyx).
Silence on: net@, current@, hackers@.
No objections: joerg

Requested by: by many (mostly Cronyx) users for a long long time.
MFC after:	10 days

PR:		kern/21771, kern/66348
2004-12-28 00:07:57 +00:00
Pawel Jakub Dawidek
77fc70c1ef Fix mbuf leak.
Submitted by:	Johnny Eriksson <bygg@cafax.se>
MFC after:	5 days
2004-12-27 15:53:44 +00:00
Poul-Henning Kamp
f62f3a1121 Include fcntl.h
Include selinfo.h (don't rely on vnode.h to do so)
Check O_NONBLOCK instead of IO_NELAY
Don't include vnode.h
2004-12-22 17:39:21 +00:00
Poul-Henning Kamp
9eaed5e66e Don't include filedesc.h
Include fcntl.h
Include selinfo.h (don't rely on vnode.h to do so)
Check O_NONBLOCK instead of IO_NDELAY
Don't include vnode.h
2004-12-22 17:38:43 +00:00
Poul-Henning Kamp
e76eee5562 Include fcntl.h
Check O_NONBLOCK instead of IO_NDELAY
Include uio.h
Don't include vnode.h
Don't include filedesc.h
2004-12-22 17:37:57 +00:00
Poul-Henning Kamp
27d7317dda Check O_NONBLOCK instead of IO_NDELAY.
Don't include <sys/vnode.h>
2004-12-22 17:32:53 +00:00
John-Mark Gurney
86c9a45388 don't try to recurse on the bpf lock.. kqueue already locks the bpf lock
now...

Submitted by:	Ed Maste of Sandvine Inc.
MFC after:	1 week
2004-12-17 03:21:46 +00:00
Roman Kurakin
1fd90fb4a0 Kill double inclusion for <netinet/in.h> and <netinet/in_systm.h>. 2004-12-14 18:18:54 +00:00
Roman Kurakin
e42ddbdf64 Make sppp MPSAFE.
MPSAFE could be turned off by IFF_NEEDSGIANT.

Silence on: net@, current@, hackers@.
No objections: joerg
2004-12-12 14:54:15 +00:00
Sam Leffler
94f5c9cfc0 Cleanup link state change notification:
o add new if_link_state_change routine that deals with link state changes
o change mii to use if_link_state_change
2004-12-08 05:45:59 +00:00
Sam Leffler
3518d22073 Don't require a device to be marked up when issuing BIOCSETIF. 2004-12-08 05:40:02 +00:00
Max Laier
69fb23b73d Implement the check I was talking about in the previous message already.
Introduce domain_init_status to keep track of the init status of the domains
list (surprise). 0 = uninitialized, 1 = initialized/unpopulated, 2 =
initialized/done. Higher values can be used to support late addition of
domains which right now "works", but is potential dangerous. I choose to
only give a warning when doing so.

Use domain_init_status with if_attachdomain[1]() to ensure that we have a
complete domains list when we init the if_afdata array. Store the current
value of domain_init_status in if_afdata_initialized. This way we can update
if_afdata after a new protocol has been added (once that is allowed).

Submitted by:	se (with changes)
Reviewed by:	julian, glebius, se
PR:		kern/73321	(partly)
2004-11-30 22:38:37 +00:00
Robert Watson
6237419d5c Assign if_broadcastaddr to NULL not 0 in if_attach().
Printf() a warning if if_attachdomain() is called more than once on an
  interface to generate some noise on mailing lists when this occurs.

Fix up style in if_start(), where spaces crept in instead of tabs at
some point.

MFC after:	1 week
MFC note:	Not the printf().
2004-11-23 23:31:33 +00:00
John-Mark Gurney
1f48dc25d7 sync comment on IFF_OACTIVE with reality.. IFF_OACTIVE is set when the
hardware cannot take anymore packets, and so will supress the calling of
the device's if_start method...

Submitted by:	bde
2004-11-17 18:32:44 +00:00
Max Laier
0b39ef4db1 Remove the #if 0 wrapping around !ALTQ stuff that can't be used due to ABI
stability anyway.
2004-11-09 21:29:28 +00:00
Poul-Henning Kamp
756d52a195 Initialize struct pr_userreqs in new/sparse style and fill in common
default elements in net_init_domain().

This makes it possible to grep these structures and see any bogosities.
2004-11-08 14:44:54 +00:00
Olivier Houchard
943efa1bd1 Don't abuse tp->t_sc in sl(4) either. 2004-11-07 14:36:47 +00:00
Olivier Houchard
7358f4bb52 Don't abuse tp->t_sc, as it is now used by tty drivers.
This fixes the panic that occurs when using ppp(4)

Reported and tested by:	Yann Berthier (yb at sainte-barbe dot org)
2004-11-07 14:35:53 +00:00
Gleb Smirnoff
411f23b06e Utilize m_uiotombuf() in device write method, instead of home-grown
implementation. This also gives a performance improvement, because
m_uiotombuf() utilizes clusters.

Approved by:	julian (mentor)
MFC after:	1 month
2004-10-31 17:39:46 +00:00