Commit Graph

513 Commits

Author SHA1 Message Date
Luoqi Chen
cb64988f42 Postpone route_init() until all domains are attached. 1999-04-29 03:22:19 +00:00
Poul-Henning Kamp
75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
Mike Smith
f8dc47162a Allow loadable interface drivers with BPF support to be loaded into a kernel
that doesn't have it.  This is achieved by having minimal do-nothing stubs
enabled when there are no bpfilter devices configured.

Driver modules should be built with BPF enabled for maximum
convenience (but can be built without it for maximum performance).
1999-04-28 01:18:13 +00:00
Poul-Henning Kamp
f711d546d2 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
Peter Wemm
e306e8ea66 Temporary hack. The radix code shouldn't need this, it should be
able to expand the zeros, ones etc masks on the fly.  It seems a good
number of domains don't set the rn_maxkey variable anyway, and because
this is a domain itself, there is no guarantee we've been called after
a protocol that actually has set it (ie: inet), so start with a maxkey
of a relatively sane size as a base point until it can adapt on the fly.
1999-04-26 09:05:31 +00:00
Peter Wemm
8ba5bdae2a Protect the ifinit() function's internals with splimp() for safety since
it used to be that way. I'm not sure that it's needed, but it does
walk the ifp list..

Incidently, there's nothing to sanity check the ifq_maxlen on loaded
interfaces..
1999-04-26 09:02:40 +00:00
Peter Wemm
61a6c2e81d Minor seatbelt tweak. The init code used to be splimp() protected,
maintain that in case.
1999-04-26 09:00:47 +00:00
Peter Wemm
2ef43b0971 Make NETISR_SET use a SYSINIT() rather than a linker set. 1999-04-26 08:52:16 +00:00
Peter Wemm
2cbbaa27c7 Fix my breakage of BRIDGE compiling option without IPFIREWALL..
(Note that if you have bridge compiled in and then kldload ipfw, bridge
 won't automatically use it - knowledge of ipfw/dummynet is compiled in)
1999-04-21 18:23:00 +00:00
Peter Wemm
66e55756b5 Tidy up some stray / unused stuff in the IPFW package and friends.
- unifdef -DCOMPAT_IPFW  (this was on by default already)
- remove traces of in-kernel ip_nat package, it was never committed.
- Make IPFW and DUMMYNET initialize themselves rather than depend on
  compiled-in hooks in ip_init().  This means they initialize the same
  way both in-kernel and as kld modules.  (IPFW initializes now :-)
1999-04-20 13:32:06 +00:00
Peter Wemm
6182fdbda8 Bring the 'new-bus' to the i386. This extensively changes the way the
i386 platform boots, it is no longer ISA-centric, and is fully dynamic.
Most old drivers compile and run without modification via 'compatability
shims' to enable a smoother transition.  eisa, isapnp and pccard* are
not yet using the new resource manager.  Once fully converted, all drivers
will be loadable, including PCI and ISA.

(Some other changes appear to have snuck in, including a port of Soren's
 ATA driver to the Alpha.  Soren, back this out if you need to.)

This is a checkpoint of work-in-progress, but is quite functional.

The bulk of the work was done over the last few years by Doug Rabson and
Garrett Wollman.

Approved by:	core
1999-04-16 21:22:55 +00:00
Eivind Eklund
d108ff0b76 Break long lines that I introduced in a previous commit. 1999-04-11 02:52:31 +00:00
Bill Paul
4a408dcb9e Add missing SYSCTL_DECL(_net_link); required by newer sysctl implementation.
Noticed by: Matthew Dodd <winter@jurai.net>
1999-04-07 23:26:43 +00:00
John Polstra
182d6068cd Add a missing declaration that broke the compilation of this file. 1999-04-03 22:36:56 +00:00
Nick Sayer
cd965a7436 Merge from RELENG_2_2, per luigi. Fixes the ntoh?() issue for the
firewall code when called from the bridge code.

PR:		10818
Submitted by:	nsayer
Obtained from:	luigi
1999-03-30 23:45:14 +00:00
Poul-Henning Kamp
da3b4fb7ee rganize the various modes (CISCO/AUTO/DEMAND/LEASED) a little bit better,
centralize the code.

Remember to call TLF/TLS on the hardware in CISCO mode.
1999-03-30 13:28:26 +00:00
Dag-Erling Smørgrav
b56fecc80b Implement TUNSIFMODE and TUNSLMODE.
Submitted by:	Alfred Perlstein <bright@cygnus.rush.net>
1999-03-24 21:20:12 +00:00
Bill Paul
97ed1257f9 Grrr... botched remote commit. Let's try this again: vlan updates,
take two.
1999-03-15 01:22:01 +00:00
Bill Paul
f731f10490 Updates for vlan stuff:
- add support for devices that do vlan tag insertion/deletion in firmware
- add multicast support
- add vlan_unconfig() to complement vlan_config()
- update ifconfig(8) to configure vlan interfaces (vlan tag and
  parent device)

Also fix a small bug in ifconfig; sometimes sa_family is overwritten
by ioctls.

Reviewed by: wollman
1999-03-15 01:17:26 +00:00
Julian Elischer
fda82fc2b9 Submitted by: Larry Lile
Move the Olicom token ring driver to the officially sanctionned location of
/sys/contrib. Also fix some brokenness in the generic token ring support.

Be warned that if_dl.h has been changed and SOME programs might
like recompilation.
1999-03-10 10:11:43 +00:00
Bill Paul
6b3cb5936d Also add 1000baseSX, 1000baseLX, 1000baseCX and 1000baseTX media types. At
this point I don't know if there are any actual gigabit ethernet devices
that support media other than 1000baseSX (multi-mode fiber) but who knows.
1999-03-07 04:39:25 +00:00
Bill Paul
27ab138fcc Add 1000baseFX, 10baseSTP and 10baseFL media types. The 1000baseFX
type may become necessary soon. :)

Also add a couple of additional macros that NetBSD has which we don't.
Nothing in FreeBSD uses these (yet) so adding them in shouldn't hurt
anything.
1999-03-06 17:17:57 +00:00
KATO Takenori
69d66c1e4e The fe driver supports bridging, so added it to lists. 1999-02-25 10:48:31 +00:00
Poul-Henning Kamp
81f7312bfa Misplaces brace puts important code into debug section.
Reviewed by:	phk
Submitted by:	Stefan Bethke <stefan.bethke@hanse.de>
1999-02-23 15:08:44 +00:00
Dmitrij Tejblum
eff128828c Set ifq_maxlen. 1999-02-20 21:03:53 +00:00
Julian Elischer
722012cc0c World, I'd like you to meet the first FreeBSD token Ring driver.
This  is for various Olicom cards. An IBM driver is following.
This patch also adds support to tcpdump to decode packets on tokenring.
Congratulations to the proud father.. (below)

Submitted by:	Larry Lile <lile@stdio.com>
1999-02-20 11:18:00 +00:00
Poul-Henning Kamp
f19dd898a1 Remove all the #ifdef notyet stuff, it is probably never going to happen
in the first place.

Use 3sec timeout as recommended.

Reorder some debug messages.

Label som of the 0x%x in debug messages

Make sppp_print_bytes() use %*D and handle zero length.

If we don't have MAGIC numbers, don't yell loopback if 0 == 0
1999-02-19 13:45:09 +00:00
Poul-Henning Kamp
4add131ea8 Since ifru_flags is a short, we can fit in a copy of the flags
before they got changed.  This can help eliminate much of the
gymnastics drivers do in their ioctl routines to figure this out.

Remove commented out IFF_NOTRAILERS
1999-02-19 13:41:35 +00:00
Doug Rabson
ce02431ffa * Change sysctl from using linker_set to construct its tree using SLISTs.
This makes it possible to change the sysctl tree at runtime.

* Change KLD to find and register any sysctl nodes contained in the loaded
  file and to unregister them when the file is unloaded.

Reviewed by: Archie Cobbs <archie@whistle.com>,
	Peter Wemm <peter@netplex.com.au> (well they looked at it anyway)
1999-02-16 10:49:55 +00:00
Matthew Dillon
f7f62e7b56 Get rid of IFF_BROADCAST from default IFF_ slip options. This accidently
snuck in during the big -Wall commit and wasn't supposed to be in there.
1999-02-02 00:28:29 +00:00
Poul-Henning Kamp
e0ea20bcca Print a message if the driver didn't initialize ifq_maxlen.
Drivers should be updated if they get flagged by this message.

(The reason this is important is because we do not have a way
to catch this mistake for interfaces added after ifinit() runs.)
1999-02-01 20:03:27 +00:00
Julian Elischer
4c8e8c05fd Slight cleanups. There were 2 ways of getting the arpcom from the ifp.
Both equally bogus. Make it a macro so that we can pretend it's not
bogus and maybe make it less so some time in the future.
1999-01-31 08:17:16 +00:00
Matthew Dillon
831a80b0d5 Fix warnings in preparation for adding -Wall -Wcast-qual to the
kernel compile
1999-01-27 22:42:27 +00:00
Matthew Dillon
1c7c3c6a86 This is a rather large commit that encompasses the new swapper,
changes to the VM system to support the new swapper, VM bug
    fixes, several VM optimizations, and some additional revamping of the
    VM code.  The specific bug fixes will be documented with additional
    forced commits.  This commit is somewhat rough in regards to code
    cleanup issues.

Reviewed by:	"John S. Dyson" <root@dyson.iquest.net>, "David Greenman" <dg@root.com>
1999-01-21 08:29:12 +00:00
Peter Wemm
8e203b83a7 Undo #undef KERNEL hack for vnode.h to avoid vnode_if.h.
XXX It probably makes sense to have a flag for bsd.kern.mk to avoid these
    rules.
XXX IO_NDELAY seems to be the main reason for it, when used in a cdevsw
    read or write "flag" context.  Perhaps a redundant declaration
    somewhere like sys/conf.h might help remove the need for vnode.h in
    these device drivers in the first place.
1999-01-17 20:53:48 +00:00
Eivind Eklund
1db59ce607 Remove unused variable & clean up a couple of style issues. 1999-01-12 12:07:00 +00:00
Luigi Rizzo
4182413928 Remove one unused variable. 1998-12-31 07:52:49 +00:00
Poul-Henning Kamp
57814d04d4 Update sppp support to i4b level. This includes the new spppcontrol
program to set PPP options like authentication with.
1998-12-27 21:30:44 +00:00
Poul-Henning Kamp
cee7234916 More isdn4bsd convergence: cleanup log messages. 1998-12-26 13:14:45 +00:00
Poul-Henning Kamp
b2648215c6 Converge further on the isdn4bsd version of this file. 1998-12-26 12:43:26 +00:00
Poul-Henning Kamp
54f8640b04 clean up more timeout/untimeout portability stuff.
make sure flags and stuff are set sensibly.
1998-12-26 12:14:31 +00:00
Poul-Henning Kamp
177bc2bd34 Add two fields for the lower layers convenience. 1998-12-20 19:06:22 +00:00
Poul-Henning Kamp
11749a2453 Straigthen out the use of the tls and tlf callbacks.
Not tested on the if_sr, if_cx and if_ar drivers, but
expected to work just the same as it used to.

Any users of these drivers (or even better: donors
of hardware for them) please contact phk@freebsd.org
so we can test the next batch of changes to if_sppp.
1998-12-16 18:42:38 +00:00
Poul-Henning Kamp
e8c2601dbf Generalize the if_up() and if_down() functions under the names
if_route() and if_unroute().

This is first step towards sanitizing IFF_UP and IFF_RUNNING
1998-12-16 18:30:43 +00:00
Luigi Rizzo
fb5fbe465a Bridging support. Wait for LINT to be updated before trying it. 1998-12-14 17:58:05 +00:00
Eivind Eklund
537ad9741c Make the use of 'disc' vs 'ds' as prefix consistent by making all 'disc'.
This fix the conflict of having two functions called 'dsioctl()'.
1998-12-14 01:59:16 +00:00
Poul-Henning Kamp
48672719c3 (almost) null commit, recording message for previous commit:
s/_NET_IF_HDLC_H_/_NET_IF_SPPP_H_/

Unfold almost correct and hideous beyond reason, boolean expression,
making it more correct at the same time.
1998-12-11 21:42:57 +00:00
Poul-Henning Kamp
34d528017b *** empty log message *** 1998-12-11 21:40:13 +00:00
Archie Cobbs
f1d19042b0 The "easy" fixes for compiling the kernel -Wunused: remove unreferenced static
and local variables, goto labels, and functions declared but not defined.
1998-12-07 21:58:50 +00:00
Eivind Eklund
f865e453e5 Propagate unsignedness to all variants of 'k', and reorganize the
conditionals to be fully resistent against overflow in unsigned
computations.

Potential problem pointed out by:	bde
Reviewed by:				bde
1998-12-07 16:31:15 +00:00