range on them, leaving process credentials as the only kernel
objects with label ranges in the Biba and MLS policies. We
weren't using the range in any access control decisions, so this
lets us garbage collect effectively unused code.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
collapse the two cases more cleanly: rather than wrapping an access
check around open, simply provide the open implementation for the
access vector entry. No functional change.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
we just break out some of the tests better. Minor change in that
we now better support incremental update of labels.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
in_pcbconnect() called in_pcbconnect_setup(). This version performs
all of the functions of in_pcbconnect() except for the final
committing of changes to the PCB. In the case of an EADDRINUSE error
it can also provide to the caller the PCB of the duplicate connection,
avoiding an extra in_pcblookup_hash() lookup in tcp_connect().
This change will allow the "temporary connect" hack in udp_output()
to be removed and is part of the preparation for adding the
IP_SENDSRCADDR control message.
Discussed on: -net
Approved by: re
and save/restore during a context switch.
The USER_SR could be overwritten when the current thread was switched
out with a faulting copyin/copyout.
Approved by: Benno
instead of the default biba/high, mls/low, making it easier to use
ptys with these policies. This isn't the final solution, but does
help.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
pointer to a dumperinfo instead of di. A brainfart, surely. This
bug went unnoticed for all this time because the pointer is only
used by buf_write() when it can write a completely filled buffer
to the dump device. This depends on the number of memory chunks
that needs to be dumped. This has apparently been low enough that
it has never happened up until this point.
contents. The code was subtracting two unsigned ints, stored the
result in a log and expected it to be the same as of a signed
subtraction; this does only work on platforms where int and long
have the same size (due to overflows).
Instead, cast to long before the subtraction; the numbers are
guaranteed to be small enough so that there will be no overflows
because of that.
Remove the never completed _IP_VHL version, it has not caught on
anywhere and it would make us incompatible with other BSD netstacks
to retain this version.
Add a CTASSERT protecting sizeof(struct ip) == 20.
Don't let the size of struct ipq depend on the IPDIVERT option.
This is a functional no-op commit.
Approved by: re
creation by GCC-2.6.3. Casting pointers to unsigned char
to volatile pointers to unsigned char seemed to produce
better results on the ia32 architecture with old versions
of GCC.
The current FreeBSD system compiler GCC-3.2.1 emits
better sign extension code for non-volatile variables:
volatile char c;
int i = c;
is compiled to:
...
movb -1(%ebp), %al
movbsl %al, %eax
movl %eax, -8(%ebp)
...
char c;
int i = c;
is compiled to:
...
movbsl -1(%ebp), %eax
movl %eax, -8(%ebp)
...
The same holds for zero-extension of dereferenced pointers
to volatile unsigned char.
When compiled on alpha or sparc64, the code produced for the
two examples above does not differ.
labeling checks and operations as with other network interfaces.
Eventually, if it proves desirable, we might want to offer special
casing of this or other tunnel interfaces where we have an existing
label of interest, rather than treating it as though it's an
entirely fresh mbuf in the incoming/outgoing encapsulation directions.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
transmission checks; when it is received, label the packet appropriately.
Although we don't have a local FDDI setup to test this with, the
labeling and checks are identical to other interface classes.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
appropriate interface transmission checks and delivery labeling. While
we don't have a local ATM configuration, this code is almost identical
to all other interface classes.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
_POSIX_MAC_PRESENT based on available mount flags, if the services are
available.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
called in_pcbbind_setup() that does everything except commit the
changes to the PCB. There should be no functional change here, but
in_pcbbind_setup() will be used by the soon-to-appear IP_SENDSRCADDR
control message implementation to check or allocate the source
address and port.
Discussed on: -net
Approved by: re
mutex-friendly vm_page_sleep_if_busy().
- Introduce page queue locking in pmap_page_lookup() and
pmap_release_free_page().
- Simplify the invalidation of the pmap's ptphint in
pmap_release_free_page(). (MFi386 pmap.c revision 1.362.)
