of the additional checks in rev.1.12 was wrong. The others are a
bit inconsistent and are probably unnecessarily pessimal. Checking
for overflow of addition, if necessary at all, should be done in
bpf_validate().
PR: 12484
This doesn't change the size or alignment of the structure on either i386
or Alpha, and thus should be binary-compatible (modulo problems with old
applications and routes with more than 2^15 references).
Reviewed by: peter
This caused a panic in rtfreee() called with a root node from the
routing socket code (when processing a RTM_GET message looking for
the default route while there is none).
Since no existing code seems to have any use getting the root node
from rn_match(), it seems cleaner never to return it rather than
check for this condition at the caller's.
PR: kern/12265
This is inteded for to allow ifconfig to print various unstructured
information from an interface.
The data is returned from the kernel in ASCII form, see the comment in
if.h for some technicalities.
Canonical cut&paste example to be found in if_tun.c
Initial use:
Now tun* interfaces tell the PID of the process which opened them.
Future uses could be (volounteers welcome!):
Have ppp/slip interfaces tell which tty they use.
Make sync interfaces return their media state: red/yellow/blue
alarm, timeslot assignment and so on.
Make ethernets warn about missing heartbeats and/or cables
This means that the driver will add/delete routes when it knows it is
up/down, rather than have the generic code belive it is up if configured.
This is probably most useful for serial lines, although many PHY chips
could probably tell us if we're connected to the cable/hub as well.
The cdevsw_add() function now finds the major number(s) in the
struct cdevsw passed to it. cdevsw_add_generic() is no longer
needed, cdevsw_add() does the same thing.
cdevsw_add() will print an message if the d_maj field looks bogus.
Remove nblkdev and nchrdev variables. Most places they were used
bogusly. Instead check a dev_t for validity by seeing if devsw()
or bdevsw() returns NULL.
Move bdevsw() and devsw() functions to kern/kern_conf.c
Bump __FreeBSD_version to 400006
This commit removes:
72 bogus makedev() calls
26 bogus SYSINIT functions
if_xe.c bogusly accessed cdevsw[], author/maintainer please fix.
I4b and vinum not changed. Patches emailed to authors. LINT
probably broken until they catch up.
Reformat and initialize correctly all "struct cdevsw".
Initialize the d_maj and d_bmaj fields.
The d_reset field was not removed, although it is never used.
I used a program to do most of this, so all the files now use the
same consistent format. Please keep it that way.
Vinum and i4b not modified, patches emailed to respective authors.
Submitted by: adrian@freebsd.org
Change reference count in struct ifaddr to a u_int, to be able
to handle more than 2^16 routes to the same interface.
Fix suggested by Andrew Bangs <andrewb@demon.net> in PR kern/10570.
Tested by <adrian@freebsd.org> and me under -current.
o fix DDB support
- include "opt_ddb.h"
- fix Debugger() arg
pointed out by bde
o back out pvc shadow interface support
- it is currently not used
- to make it easier to merge another implementation
o misc minor cleanup
Made a new (inline) function devsw(dev_t dev) and substituted it.
Changed to the BDEV variant to this format as well: bdevsw(dev_t dev)
DEVFS will eventually benefit from this change too.
routines. The descriptor contains parameters which could be used
within those routines (eg. ip_output() ).
On passing, add IPPROTO_PGM entry to netinet/in.h
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
that doesn't have it. This is achieved by having minimal do-nothing stubs
enabled when there are no bpfilter devices configured.
Driver modules should be built with BPF enabled for maximum
convenience (but can be built without it for maximum performance).
1:
s/suser/suser_xxx/
2:
Add new function: suser(struct proc *), prototyped in <sys/proc.h>.
3:
s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/
The remaining suser_xxx() calls will be scrutinized and dealt with
later.
There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.
More changes to the suser() API will come along with the "jail" code.
able to expand the zeros, ones etc masks on the fly. It seems a good
number of domains don't set the rn_maxkey variable anyway, and because
this is a domain itself, there is no guarantee we've been called after
a protocol that actually has set it (ie: inet), so start with a maxkey
of a relatively sane size as a base point until it can adapt on the fly.
it used to be that way. I'm not sure that it's needed, but it does
walk the ifp list..
Incidently, there's nothing to sanity check the ifq_maxlen on loaded
interfaces..
- unifdef -DCOMPAT_IPFW (this was on by default already)
- remove traces of in-kernel ip_nat package, it was never committed.
- Make IPFW and DUMMYNET initialize themselves rather than depend on
compiled-in hooks in ip_init(). This means they initialize the same
way both in-kernel and as kld modules. (IPFW initializes now :-)
i386 platform boots, it is no longer ISA-centric, and is fully dynamic.
Most old drivers compile and run without modification via 'compatability
shims' to enable a smoother transition. eisa, isapnp and pccard* are
not yet using the new resource manager. Once fully converted, all drivers
will be loadable, including PCI and ISA.
(Some other changes appear to have snuck in, including a port of Soren's
ATA driver to the Alpha. Soren, back this out if you need to.)
This is a checkpoint of work-in-progress, but is quite functional.
The bulk of the work was done over the last few years by Doug Rabson and
Garrett Wollman.
Approved by: core
- add support for devices that do vlan tag insertion/deletion in firmware
- add multicast support
- add vlan_unconfig() to complement vlan_config()
- update ifconfig(8) to configure vlan interfaces (vlan tag and
parent device)
Also fix a small bug in ifconfig; sometimes sa_family is overwritten
by ioctls.
Reviewed by: wollman
Move the Olicom token ring driver to the officially sanctionned location of
/sys/contrib. Also fix some brokenness in the generic token ring support.
Be warned that if_dl.h has been changed and SOME programs might
like recompilation.
type may become necessary soon. :)
Also add a couple of additional macros that NetBSD has which we don't.
Nothing in FreeBSD uses these (yet) so adding them in shouldn't hurt
anything.
This is for various Olicom cards. An IBM driver is following.
This patch also adds support to tcpdump to decode packets on tokenring.
Congratulations to the proud father.. (below)
Submitted by: Larry Lile <lile@stdio.com>
in the first place.
Use 3sec timeout as recommended.
Reorder some debug messages.
Label som of the 0x%x in debug messages
Make sppp_print_bytes() use %*D and handle zero length.
If we don't have MAGIC numbers, don't yell loopback if 0 == 0
before they got changed. This can help eliminate much of the
gymnastics drivers do in their ioctl routines to figure this out.
Remove commented out IFF_NOTRAILERS
This makes it possible to change the sysctl tree at runtime.
* Change KLD to find and register any sysctl nodes contained in the loaded
file and to unregister them when the file is unloaded.
Reviewed by: Archie Cobbs <archie@whistle.com>,
Peter Wemm <peter@netplex.com.au> (well they looked at it anyway)
Drivers should be updated if they get flagged by this message.
(The reason this is important is because we do not have a way
to catch this mistake for interfaces added after ifinit() runs.)
changes to the VM system to support the new swapper, VM bug
fixes, several VM optimizations, and some additional revamping of the
VM code. The specific bug fixes will be documented with additional
forced commits. This commit is somewhat rough in regards to code
cleanup issues.
Reviewed by: "John S. Dyson" <root@dyson.iquest.net>, "David Greenman" <dg@root.com>
XXX It probably makes sense to have a flag for bsd.kern.mk to avoid these
rules.
XXX IO_NDELAY seems to be the main reason for it, when used in a cdevsw
read or write "flag" context. Perhaps a redundant declaration
somewhere like sys/conf.h might help remove the need for vnode.h in
these device drivers in the first place.
Not tested on the if_sr, if_cx and if_ar drivers, but
expected to work just the same as it used to.
Any users of these drivers (or even better: donors
of hardware for them) please contact phk@freebsd.org
so we can test the next batch of changes to if_sppp.
for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.
These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.
Reviewed by: Bruce Evans <bde@zeta.org.au>
Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by: Mike Spengler <mks@networkcs.com>
by bde, a few other tweaks to get the patch to apply cleanly again and
some improvements to the comments.
This change closes some fairly minor security holes associated with
F_SETOWN, fixes a few bugs, and removes some limitations that F_SETOWN
had on tty devices. For more details, see the description on the PR.
Because this patch increases the size of the proc and pgrp structures,
it is necessary to re-install the includes and recompile libkvm,
the vinum lkm, fstat, gcore, gdb, ipfilter, ps, top, and w.
PR: kern/7899
Reviewed by: bde, elvind
to convert the timeval into a tick count.
Suggested by: bde
Reviewed by: bde
Handle hz > 1000 in BIOCGRTIMEOUT.
Pointed out by: bde
Reviewed by: bde
Obtained from: OpenBSD
FreeBSD repository version of this file and the isdn4bsd version,
adopt those changes from the i4b version that make this file
BSD-version independent. I attempted to avoid uglifying this file too
much, thus deviated a little from the i4b version (and hope they will
adopt the changes, too).
The diffs mostly concentrate on:
. #include differences between the systems
. different callout handling between FreeBSD vs. Net/OpenBSD
. interface naming (Net/OpenBSD store the ASCII name including the
unit # in struct ifnet, FreeBSD only the name)
. use of random() in FreeBSD vs. time-based pseudo-randomization in
Net/OpenBSD (for loopback detection ad CHAP challenges -- i
assume at least OpenBSD could also benefit from random(), but that's
the way i've got this file)
. interface address list elements are named a little differently
between FreeBSD and Net/OpenBSD
I attempted to segregate those compat fixes from other code fixes and
enhancements.
Obtained from: The isdn4bsd project
another specialized mbuf type in the process. Also clean up some
of the cruft surrounding IPFW, multicast routing, RSVP, and other
ill-explored corners.
ioctl() routine at the end of if_delmulti() so that interfaces with
hardware multicast filtering can update their filters in a timely
manner.
If the interface doesn't support hardware multicast filtering, then
reception of multicast frames is done using 'promiscious mode' or
'capture all multicast frames' mode and software filtering in the
kernel. In this case, it doesn't matter if if_delmulti() ever does
an SCIODELMULTI on the interface or not: if MULTICAST support is
enabled, then we join the 'all hosts' group when the interface is
configured, and remain in it until the interface is brought down.
Without hardware filtering, joining one group means joining all
groups, so it makes no difference if we call the SIOCDELMULTI
routine.
If the interface does support hardware multicast filtering, then
by not reprogramming the hardware filter in if_delmulti(), we have
to wait until somebody calls if_setmulti(), during which time the
interface is receiving frames for multicast groups in which we are
no longer interested.
several new features are added:
- support vc/vp shaping
- support pvc shadow interface
code cleanup:
- remove WMAYBE related code. ENI WMAYBE DMA doen't work.
- remove updating if_lastchange for every packet.
- BPF related code is moved to midway.c as it should be.
(bpfwrite should work if atm_pseudohdr and LLC/SNAP are
prepended.)
- BPF link type is changed to DLT_ATM_RFC1483.
BPF now understands only LLC/SNAP!! (because bpf can't
handle variable link header length.)
It is recommended to use LLC/SNAP instead of NULL
encapsulation for various reasons. (BPF, IPv6,
interoperability, etc.)
the code has been used for months in ALTQ and KAME IPv6.
OKed by phk long time ago.
respectively. Most of the longs should probably have been
u_longs, but this changes is just to prevent warnings about
casts between pointers and integers of different sizes, not
to fix poorly chosen types.
sizeof(struct bpf_hdr) > 20. 20 is normal on 32-bit systems with
32-bit alignment, but we still assume that the last 2 bytes of the
struct are unnecessary padding on such systems. On systems with
64-bit longs, struct timeval is bloated to 16 bytes, so bpf headers
certainly don't fit in 18 bytes.