Commit Graph

228 Commits

Author SHA1 Message Date
Robert Watson
a52526165e Include kernel.h to get NET_NEEDS_GIANT() definition, which for some
reason compiled fine here.  I may be running with other include file
changes locally.

MFC after:	3 days
2006-03-24 20:08:48 +00:00
Robert Watson
b8e00b4cf4 Clean up and style(9) SPX code prior to significant functional changes
being committed:

- Wrap comments more evenly on right border.
- Clean up braces.

Also, along similar lines:

- Assert some pointers are non-NULL before dereferencing them.
- Remove one assertion that looks, on face value, poor.

MFC after:	1 month
2006-03-24 13:58:23 +00:00
Robert Watson
ba8cc9aa46 Protect spx_iss using its own mutex, spx_mtx, rather than piggy-backing
on the global IPX mutex, which is not held at all necessary strategic
points.

MFC after:	1 month
2006-03-24 00:26:25 +00:00
Robert Watson
0850baa938 Move definition of spxrexmtthresh to top of file with other global
variables.

MFC after:	1 month
2006-03-24 00:22:25 +00:00
Robert Watson
8dba0c89c1 Canonicalize, update copyright.
Remove 'register'.
Use ANSI prototypes, not K&R.

MFC after:	1 month
2006-03-24 00:15:58 +00:00
Robert Watson
5ca770c90c Update copyright to 2006, comment on my contribution to this code in the
style of previous contributors.

MFC after:	1 month
2006-03-24 00:02:15 +00:00
Robert Watson
6252bd331d Comment that raw output filter code for IPX should run in a netisr so as
to avoid recursing the socket code, as this input path can run in the
call stack of an output path.

MFC after:	1 month
2006-03-24 00:00:23 +00:00
Robert Watson
48d699a78f When the kernel is compiled with options IPXIP, run the network stack
with Giant, as there is current unsafety in the IPX tunneled over IP
code.  There have been no reports of trouble, but there probably would
be if anyone were running this code at high speed on SMP systems.

MFC after:	3 days
2006-03-23 23:07:56 +00:00
Robert Watson
ddd14ad4fb Move spx_savesi from being a global variable to an automatically allocated
variable on the spx_input() stack.  It's not very large, and this will
avoid parallelism issues when spx_input() runs in more than one thread at
a time.

MFC after:	1 month
2006-03-23 19:58:12 +00:00
Robert Watson
7d01b89631 Admit to ourselves that we don't actually implement pr_ctlinput() for
IPX or SPX, as the code in the implementing functions is essentially
a no-op.  Replace with a comment indicating we don't implement these
currently.
2006-03-23 19:50:00 +00:00
Robert Watson
71c47d1480 In spx_attach() and spx_detach(), there is no need to check whether the
ipxpcb is NULL or not: in attach it will be, and on detach it won't be.
If for any reason these invariants don't hold true, panicking is a good
idea.

Noticed by:	Coverity Prevent analysis tool
MFC after:	3 days
2006-01-14 00:05:44 +00:00
Robert Watson
bfcff7c78e Remove dead code associated with 'mcopy' in ipx_forward(): at no point
are the contents of the forwarded mbuf ever copied into mcopy, so there's
no need to have mcopy, conditionally look at mcopy, or conditionally free
it.

Noticed by:	Coverity Prevent analysis tool
MFC after:	3 days
2006-01-13 23:47:55 +00:00
Andre Oppermann
71590103f4 Include ip_options.h for IPX-IP encapsulation.
Noticed by:	Tinderbox
Sponsored by:   TCP/IP Optimization Fundraise 2005
2005-11-20 16:17:12 +00:00
Ruslan Ermilov
303989a2f3 Use sparse initializers for "struct domain" and "struct protosw",
so they are easier to follow for the human being.
2005-11-09 13:29:16 +00:00
Andre Oppermann
34333b16cd Retire MT_HEADER mbuf type and change its users to use MT_DATA.
Having an additional MT_HEADER mbuf type is superfluous and redundant
as nothing depends on it.  It only adds a layer of confusion.  The
distinction between header mbuf's and data mbuf's is solely done
through the m->m_flags M_PKTHDR flag.

Non-native code is not changed in this commit.  For compatibility
MT_HEADER is mapped to MT_DATA.

Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-11-02 13:46:32 +00:00
Robert Watson
d374e81efd Push the assignment of a new or updated so_qlimit from solisten()
following the protocol pru_listen() call to solisten_proto(), so
that it occurs under the socket lock acquisition that also sets
SO_ACCEPTCONN.  This requires passing the new backlog parameter
to the protocol, which also allows the protocol to be aware of
changes in queue limit should it wish to do something about the
new queue limit.  This continues a move towards the socket layer
acting as a library for the protocol.

Bump __FreeBSD_version due to a change in the in-kernel protocol
interface.  This change has been tested with IPv4 and UNIX domain
sockets, but not other protocols.
2005-10-30 19:44:40 +00:00
David E. O'Brien
5b1c0294e4 Forward declaring static variables as extern is invalid ISO-C. Now that
GCC can properly handle forward static declarations, do this properly.
2005-09-07 10:06:14 +00:00
Brooks Davis
fc74a9f93a Stop embedding struct ifnet at the top of driver softcs. Instead the
struct ifnet or the layer 2 common structure it was embedded in have
been replaced with a struct ifnet pointer to be filled by a call to the
new function, if_alloc(). The layer 2 common structure is also allocated
via if_alloc() based on the interface type. It is hung off the new
struct ifnet member, if_l2com.

This change removes the size of these structures from the kernel ABI and
will allow us to better manage them as interfaces come and go.

Other changes of note:
 - Struct arpcom is no longer referenced in normal interface code.
   Instead the Ethernet address is accessed via the IFP2ENADDR() macro.
   To enforce this ac_enaddr has been renamed to _ac_enaddr.
 - The second argument to ether_ifattach is now always the mac address
   from driver private storage rather than sometimes being ac_enaddr.

Reviewed by:	sobomax, sam
2005-06-10 16:49:24 +00:00
Robert Watson
886f89afda Back out ipx.h:1.18, which introduced a Linux API compatibility field in
the ipx_net data structure.  Doing so introduced a stronger alignment
requirement for the address structure, which in turn propagated into
other dependent data structures, which turns out not to be suported by
the available IPX source code.  As a result, a number of user space
applications, such as IPX routing components, failed to operate
correctly.

RELENG_5_3 candidate?

PRs:		74059, 80266
Pointy hat to:	bms
Fix by:		bde
Tested by:	Keith White <Keith dot White at site dot uottawa dot ca>
MFC after:	1 week
Suffering:	great
2005-05-27 12:25:42 +00:00
Robert Watson
313bcc9cb8 Update copyright: parts of the netipx implementation are covered by a
2005 copyright.

MFC after:	3 days
2005-04-10 18:05:46 +00:00
Robert Watson
e1968df17f Compare (mbuf *) with NULL, not 0.
MFC after:	3 days
2005-04-10 18:05:02 +00:00
Robert Watson
47605579c9 Marginally reformat my copyright statement to remove the spurious ','. 2005-03-10 14:19:31 +00:00
Robert Watson
0daccb9c94 In the current world order, solisten() implements the state transition of
a socket from a regular socket to a listening socket able to accept new
connections.  As part of this state transition, solisten() calls into the
protocol to update protocol-layer state.  There were several bugs in this
implementation that could result in a race wherein a TCP SYN received
in the interval between the protocol state transition and the shortly
following socket layer transition would result in a panic in the TCP code,
as the socket would be in the TCPS_LISTEN state, but the socket would not
have the SO_ACCEPTCONN flag set.

This change does the following:

- Pushes the socket state transition from the socket layer solisten() to
  to socket "library" routines called from the protocol.  This permits
  the socket routines to be called while holding the protocol mutexes,
  preventing a race exposing the incomplete socket state transition to TCP
  after the TCP state transition has completed.  The check for a socket
  layer state transition is performed by solisten_proto_check(), and the
  actual transition is performed by solisten_proto().

- Holds the socket lock for the duration of the socket state test and set,
  and over the protocol layer state transition, which is now possible as
  the socket lock is acquired by the protocol layer, rather than vice
  versa.  This prevents additional state related races in the socket
  layer.

This permits the dual transition of socket layer and protocol layer state
to occur while holding locks for both layers, making the two changes
atomic with respect to one another.  Similar changes are likely require
elsewhere in the socket/protocol code.

Reported by:		Peter Holm <peter@holm.cc>
Review and fixes from:	emax, Antoine Brodin <antoine.brodin@laposte.net>
Philosophical head nod:	gnn
2005-02-21 21:58:17 +00:00
Robert Watson
66d165347d Mark the IPX netisr as MPSAFE so that inbound IPX traffic is processed
without Giant, and can be directly dispatched in the ithread when
net.isr.enable is turned on.

MFC after:	4 weeks
2005-01-09 07:34:55 +00:00
Robert Watson
e926c0ae48 Recent changes have locked down most of the highly dynamic data
structures in IPX/SPX -- primarily, sequence numbering, PCB lists,
and PCBs for IPX raw sockets, IPX datagram sockets, and IPX/SPX.
As such, remove remove NET_NEEDS_GIANT() for IPX, and remove the
assertion of Giant in the ipxintr() IPX input path.

Note that IPX/SPX is not fully MPSAFE, and that there are some
problems with IPX/SPX locking that will require some further work.
However, it is now safe enough to run in general without the Giant
lock.

MFC after:	4 weeks
2005-01-09 05:34:37 +00:00
Robert Watson
2082ca5d57 Use the IPX PCB list mutex and IPX PCB mutexes to lock down the SPX
portion of IPX/SPX:

- Protect IPX PCB lists with the IPX PCB list mutex, in particular
  when calling PCB and PCB list manipulation routines in ipx_pcb.c.
- Protect both IPX PCB state and SPX PCB state using the IPX PCB
  mutex.
- Generally annotate locking, as well as adding liberal use of lock
  assertions to document locking requirements.
- Where possible, use unlocked reads when reading integer or smaller
  sized socket options on SPX sockets.
- De-spl throughout.

Notes:

- spx_input() expects both the list mutex and PCB mutex to be held
  on entry, but will release both on return.  Because sonewconn() is
  called from spx_input(), it may actually drop one PCB lock and
  acquire another during generation of a new connection, meaning the
  caller is not in a position to unlock the PCB mutex.

MFC after:	3 weeks
2005-01-09 05:31:16 +00:00
Robert Watson
2375a5a16a Clean up return handling for a number of SPX-related routines that
were derived from more complex TCP versions of the same:

- spx_close(), spx_disconnect(), spx_drop(), and spx_usrclosed() all
  always free's the spxpcb invalidating the argument, so a return
  value is not required to indicate if it has.
- Annotate that the cb arguments to each of these functions is
  invalidated via a comment.
- When tearing down a pcb due to sonewconn() having failed, mark the
  cb as NULL; later, when deciding whether to store trace information
  due to SO_DEBUG, check that cb is not NULL before dereferencing or
  a NULL pointer dereference may occur.

MFC after:	3 weeks
2005-01-09 05:25:02 +00:00
Robert Watson
971365a711 Protect ipx_pexseq with the IPX PCB list mutex.
When processing socket options against IPX PCBs, generally protect
PCB fields using the IPX PCB mutex.  Where possible, use unlocked
reads on integer values to avoid locking overhead.

MFC after:	3 weeks
2005-01-09 05:15:59 +00:00
Robert Watson
0caa61a005 Acquire or assert the IPX PCB list lock or IPX PCB lock during various
protocol methods relating to IPX.  Conditionally acquire the PCB list
lock in the send operation only if the socket requires binding in order
to use the requested address.

Remove spl's generally no longer required during these accesses.

MFC after:	3 weeks
2005-01-09 05:13:14 +00:00
Robert Watson
0c3833b6ba Assert or acquire the IPX PCB list lock or IPX PCB locks throughout
the IPX-related PCB routines.  In general, the list lock is required
to iterate the PCB list, either for read or write; the PCB lock is
required to access or modify a PCB.  To change the binding of a PCB,
both locks must be held.

MFC after:	3 weeks
2005-01-09 05:10:43 +00:00
Robert Watson
31f1a840d9 Hold the IPX PCB mutex around calls to ipx_input() in the IPX input
path.

MFC after:	3 weeks
2005-01-09 05:08:47 +00:00
Robert Watson
992e1a5842 Hold the global IPX PCB list mutex in the IPX input path when walking
the IPX PCB list.

MFC after:	3 weeks
2005-01-09 05:06:19 +00:00
Robert Watson
c2b563b532 Introduce a global mutex, ipxpcb_list_mtx, to protect the global
IPX PCB lists.  Add macros to initialize, destroy, lock, unlock,
and assert the mutex.  Initialize the mutex when IPX is started.

Add per-IPX PCB mutexes, ipxp_mtx in struct ipxpcb, to protect
per-PCB IPX/SPX state.  Add macros to initialize, destroy, lock,
unlock, and assert the mutex.  Initialize the mutex when a new
PCB is allocated; destroy it when the PCB is free'd.

MFC after:	2 weeks
2005-01-09 05:00:41 +00:00
Robert Watson
9d98ffa087 In ipx_setsockaddr(), use M_WAITOK instead of M_NOWAIT so that the
call always succeeds, avoiding causing the caller to return success
even though the returned *sockaddr is NULL.

MFC after:	2 weeks
2005-01-09 04:47:42 +00:00
Robert Watson
f7bca2686a Eliminate jump to 'bad' label in order to clean up the ipx_input()
return/unwind path for locking work.

MFC after:	2 weeks
2005-01-09 04:39:16 +00:00
Warner Losh
c398230b64 /* -> /*- for license, minor formatting changes 2005-01-07 01:45:51 +00:00
Robert Watson
62f6bcfbef Garbage collect unused ipx_abort().
Spell NULL right in a KASSERT() panic message.

MFC after:	1 week
2005-01-03 12:54:31 +00:00
Robert Watson
66685810b9 Acquire the socket buffer receive lock in spx_rcvoob() to permit
multiple reads of receive buffer state to be performed atomically.
2005-01-02 15:38:47 +00:00
Robert Watson
19e2d43969 Increase the coverage scope of the receive socket buffer lock in
spx_reass() to increase atomicity across multiple operations on the
socket buffer when iterating over the SPX fragment reassembly list
for the ipxpcb, as well a to reduce the number of locking operations.
2005-01-02 15:36:16 +00:00
Robert Watson
97270cf1b6 Explicitly lock the send socket buffer in spx_reass() to cover the drop
record loop for ACK'd data, rather than relying on lokcing in
sbdroprecord() and sowwakeup(), reducing the number of lock operations
as well as eliminating a possible race against the head of the send
buffer mbuf chain.  Use the _locked variants of sbdroprecord() and
sowwakeup().
2005-01-02 15:33:13 +00:00
Robert Watson
0cdc892230 Restructure ipx_input() return code to match similar code in netinet,
avoiding a goto.
2005-01-02 15:29:29 +00:00
Robert Watson
944731d517 Eliminate XXX comments regarding allocation failures when retrieving
the peer address by using M_WAITOK in ipx_setpeeraddr() to prevent
allocation failure.  The socket reference used to reach these calls
will prevent the ipxpcb from being released prematurely.
2005-01-02 15:25:59 +00:00
Robert Watson
360fb9f83a Use KASSERT() in preference to if()panic(). 2005-01-02 15:19:24 +00:00
Robert Watson
43ae56438e Extern declaration of old 'ipxpcb' list head no longer required. 2005-01-02 15:16:35 +00:00
Robert Watson
928944eeb5 Trim trailing whitespace. 2005-01-02 15:13:59 +00:00
Robert Watson
9e7c226533 Document copyright updates in netipx README as other prior updates have
been documented.
2005-01-02 15:10:02 +00:00
Robert Watson
a3acf5d5a0 Mark 'struct spx' and 'struct spxhdr' as __packed to prevent possible
alignment problems.

MFC after:	3 days
2005-01-02 15:06:47 +00:00
Robert Watson
14fad7b9d6 Improve handling of SPX session timeout, specifically, make sure to
properly handle the case where a connection is disconnected.  The
queue(9)-enabled version of this code broke from the inner but not
outer loop, and so potentially frobbed an ipxpcb flag after the ipxpcb
was free'd, which might be picked up later by the malloc debugging
code.  Properly break from the loop context and avoid touching the
cb/ipxpcb after free.
2005-01-02 14:46:18 +00:00
Robert Watson
16b47e3540 Compare and assign pointers with NULL in preference to 0. 2005-01-02 14:07:05 +00:00
Robert Watson
521a8487f5 Don't cast NULL on return or when passing to another function.
Extend the annotation as to why spx_close() isn't called in spx_reass(),
and mark this code more clearly as broken.
2005-01-02 14:03:47 +00:00
Robert Watson
2fbe8bd709 Mark 'struct ipx', the IPX packet header, as __packed. Otherwise,
recent versions of gcc will insert an extra 16 bits of padding in
the structure, corrupting all IPX packet output.

MFC after:	3 days
2005-01-02 02:30:27 +00:00
Robert Watson
21275ec3db Use 'NULL' in preference to '0' for pointer comparisons.
MFC after:	2 weeks
2005-01-02 01:51:18 +00:00
Robert Watson
6c56a18747 Use RTFREE() to free route references rather than rtfree(), as rtfree()
expects a locked route reference.  This removes a panic that occurs
when connected ipxpcb is closed and its route free'd, and may have been
present since the route locking took place.

MFC after:	2 weeks
2005-01-02 01:47:56 +00:00
Robert Watson
c2b8a29d33 Prefer rtalloc_ign() API to rtalloc() API. 2005-01-02 01:39:38 +00:00
Robert Watson
86c788d323 Move the definition of ipxpcb_lport_cache from ipx_input.c to ipx_pcb.c,
the only source file where it is actually used.
2005-01-01 22:04:03 +00:00
Robert Watson
96979ee67d Marginally reformat copyright statements to remove an excess ','. 2004-12-31 17:05:37 +00:00
Robert Watson
502c374fea Add 'struct ipxpcb' forward declaration to ipx_var.h. I had this in
the netperf branch but for some reason didn't trigger a build failure
locally when I merged to CVS and omitted it.  Presumably driver error.

Pointed out by:	cperciva, tinderbox
2004-12-31 11:54:39 +00:00
Robert Watson
08e044cb89 Use a global variable, ipxpcb_lport_cache, to cache the most recently
used IPX port number, rather than using the global ipxpcb list head.
2004-12-30 17:54:53 +00:00
Robert Watson
80a4dabe7d Convert netipx to use queue(9) doubly-linked lists instead of home-brew
linked lists for ipxpcb's.
2004-12-30 17:49:40 +00:00
Robert Watson
ffeb1a497a Garbage collect unused (and incompletely implemented) functions:
- ipx_pcbnotify(), which is never called.
- ipx_rtchange(), which is never called, is incomplete inplemented, and
  also #ifdef notdef.
- spx_fixmtu(), which is never called, is incompletely implemented, and
  also #ifdef notdef.
2004-12-30 17:21:07 +00:00
Robert Watson
05b4b08b61 Constify ipx_zeronet, ipx_zerohost, ipx_broadnet, ipx_broadhost.
Remove 'allones' since the values of the broadcast network and
host variables are set statically.
2004-12-30 16:56:07 +00:00
Poul-Henning Kamp
756d52a195 Initialize struct pr_userreqs in new/sparse style and fill in common
default elements in net_init_domain().

This makes it possible to grep these structures and see any bogosities.
2004-11-08 14:44:54 +00:00
Robert Watson
81158452be Push acquisition of the accept mutex out of sofree() into the caller
(sorele()/sotryfree()):

- This permits the caller to acquire the accept mutex before the socket
  mutex, avoiding sofree() having to drop the socket mutex and re-order,
  which could lead to races permitting more than one thread to enter
  sofree() after a socket is ready to be free'd.

- This also covers clearing of the so_pcb weak socket reference from
  the protocol to the socket, preventing races in clearing and
  evaluation of the reference such that sofree() might be called more
  than once on the same socket.

This appears to close a race I was able to easily trigger by repeatedly
opening and resetting TCP connections to a host, in which the
tcp_close() code called as a result of the RST raced with the close()
of the accepted socket in the user process resulting in simultaneous
attempts to de-allocate the same socket.  The new locking increases
the overhead for operations that may potentially free the socket, so we
will want to revise the synchronization strategy here as we normalize
the reference counting model for sockets.  The use of the accept mutex
in freeing of sockets that are not listen sockets is primarily
motivated by the potential need to remove the socket from the
incomplete connection queue on its parent (listen) socket, so cleaning
up the reference model here may allow us to substantially weaken the
synchronization requirements.

RELENG_5_3 candidate.

MFC after:	3 days
Reviewed by:	dwhite
Discussed with:	gnn, dwhite, green
Reported by:	Marc UBM Bocklet <ubm at u-boot-man dot de>
Reported by:	Vlad <marchenko at gmail dot com>
2004-10-18 22:19:43 +00:00
Robert Watson
98f6a62499 Mark Netgraph TTY, KAME IPSEC, and IPX/SPX as requiring Giant for correct
operation using NET_NEEDS_GIANT().  This will result in a boot-time
restoration of Giant-enabled network operation, or run-time warning on
dynamic load (applicable only to the Netgraph component).  Additional
components will likely need to be marked with this in the future.
2004-08-28 15:24:53 +00:00
Alexander Kabaev
766f8c9247 Avoid casts as lvalues. Declare local variable as u_char * instead of
declaring it as u_short * and casting it back to uchar * all over the place.
2004-07-28 06:58:23 +00:00
Robert Watson
ab89ee6253 Constify 'spx_backoff'. 2004-07-12 19:35:29 +00:00
Robert Watson
613a4366cb Acquire the receive socket buffer lock when modifying out-of-band
data fields of the socket in SPX.
2004-06-24 04:29:53 +00:00
Bruce M Simpson
100ecbae22 Improve source-code compatibility with Linux applications using the
IPX stack.

PR:		kern/65217
Submitted by:	Radim Kolar
2004-06-22 21:46:49 +00:00
Robert Watson
cce9682e55 It's now the responsibility of the consumer of soabort() to remove a
socket from its accept queue when aborting it during a new inbound
connection.  Update spx_input() to acquire the accept lock, assert
the condition of the socket on its parent queue, and approriately
disconnect it from the queue before calling soabort() on it.
2004-06-20 21:47:12 +00:00
Robert Watson
7721f5d760 Grab the socket buffer send or receive mutex when performing a
read-modify-write on the sb_state field.  This commit catches only
the "easy" ones where it doesn't interact with as yet unmerged
locking.
2004-06-15 03:51:44 +00:00
Robert Watson
c0b99ffa02 The socket field so_state is used to hold a variety of socket related
flags relating to several aspects of socket functionality.  This change
breaks out several bits relating to send and receive operation into a
new per-socket buffer field, sb_state, in order to facilitate locking.
This is required because, in order to provide more granular locking of
sockets, different state fields have different locking properties.  The
following fields are moved to sb_state:

  SS_CANTRCVMORE            (so_state)
  SS_CANTSENDMORE           (so_state)
  SS_RCVATMARK              (so_state)

Rename respectively to:

  SBS_CANTRCVMORE           (so_rcv.sb_state)
  SBS_CANTSENDMORE          (so_snd.sb_state)
  SBS_RCVATMARK             (so_rcv.sb_state)

This facilitates locking by isolating fields to be located with other
identically locked fields, and permits greater granularity in socket
locking by avoiding storing fields with different locking semantics in
the same short (avoiding locking conflicts).  In the future, we may
wish to coallesce sb_state and sb_flags; for the time being I leave
them separate and there is no additional memory overhead due to the
packing/alignment of shorts in the socket buffer structure.
2004-06-14 18:16:22 +00:00
Robert Watson
395a08c904 Extend coverage of SOCK_LOCK(so) to include so_count, the socket
reference count:

- Assert SOCK_LOCK(so) macros that directly manipulate so_count:
  soref(), sorele().

- Assert SOCK_LOCK(so) in macros/functions that rely on the state of
  so_count: sofree(), sotryfree().

- Acquire SOCK_LOCK(so) before calling these functions or macros in
  various contexts in the stack, both at the socket and protocol
  layers.

- In some cases, perform soisdisconnected() before sotryfree(), as
  this could result in frobbing of a non-present socket if
  sotryfree() actually frees the socket.

- Note that sofree()/sotryfree() will release the socket lock even if
  they don't free the socket.

Submitted by:	sam
Sponsored by:	FreeBSD Foundation
Obtained from:	BSD/OS
2004-06-12 20:47:32 +00:00
Robert Watson
746e5bf09b Rename dup_sockaddr() to sodupsockaddr() for consistency with other
functions in kern_socket.c.

Rename the "canwait" field to "mflags" and pass M_WAITOK and M_NOWAIT
in from the caller context rather than "1" or "0".

Correct mflags pass into mac_init_socket() from previous commit to not
include M_ZERO.

Submitted by:	sam
2004-03-01 03:14:23 +00:00
Robert Watson
a557af222b Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
Sam Leffler
7902224c6b o add a flags parameter to netisr_register that is used to specify
whether or not the isr needs to hold Giant when running; Giant-less
  operation is also controlled by the setting of debug_mpsafenet
o mark all netisr's except NETISR_IP as needing Giant
o add a GIANT_REQUIRED assertion to the top of netisr's that need Giant
o pickup Giant (when debug_mpsafenet is 1) inside ip_input before
  calling up with a packet
o change netisr handling so swi_net runs w/o Giant; instead we grab
  Giant before invoking handlers based on whether the handler needs Giant
o change netisr handling so that netisr's that are marked MPSAFE may
  have multiple instances active at a time
o add netisr statistics for packets dropped because the isr is inactive

Supported by:	FreeBSD Foundation
2003-11-08 22:28:40 +00:00
Brooks Davis
9bf40ede4a Replace the if_name and if_unit members of struct ifnet with new members
if_xname, if_dname, and if_dunit. if_xname is the name of the interface
and if_dname/unit are the driver name and instance.

This change paves the way for interface renaming and enhanced pseudo
device creation and configuration symantics.

Approved By:	re (in principle)
Reviewed By:	njl, imp
Tested On:	i386, amd64, sparc64
Obtained From:	NetBSD (if_xname)
2003-10-31 18:32:15 +00:00
Ruslan Ermilov
78f94aa951 Fix a bunch of off-by-one errors in the range checking code. 2003-09-11 21:40:21 +00:00
David E. O'Brien
ab0de15baf Use __FBSDID(). 2003-06-11 05:37:42 +00:00
Tim J. Robbins
74c69254e6 Remove unimplemented IP-in-IPX encapsulation support (options IPTUNNEL). 2003-03-08 06:58:22 +00:00
Jonathan Lemon
1cafed3941 Update netisr handling; Each SWI now registers its queue, and all queue
drain routines are done by swi_net, which allows for better queue control
at some future point.  Packets may also be directly dispatched to a netisr
instead of queued, this may be of interest at some installations, but
currently defaults to off.

Reviewed by: hsu, silby, jayanth, sam
Sponsored by: DARPA, NAI Labs
2003-03-04 23:19:55 +00:00
Tim J. Robbins
93997ef1c9 Allocate struct ipx_ifaddrs with an initial reference count of 1, not 0.
The wrong reference count was causing them to get freed too early and
have their contents scrambled.
2003-02-25 15:10:23 +00:00
Warner Losh
a163d034fa Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
Max Khon
4abe79362a add forgotten IFA_LOCK_INIT 2003-01-23 23:36:45 +00:00
Alfred Perlstein
44956c9863 Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
Jens Schweikhardt
9d5abbddbf Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
John Baldwin
2274e4f83a Fix a sizeof(int) != sizeof(void *) warning. 2002-11-08 21:16:27 +00:00
Sam Leffler
5d84645305 Replace aux mbufs with packet tags:
o instead of a list of mbufs use a list of m_tag structures a la openbsd
o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit
  ABI/module number cookie
o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and
  use this in defining openbsd-compatible m_tag_find and m_tag_get routines
o rewrite KAME use of aux mbufs in terms of packet tags
o eliminate the most heavily used aux mbufs by adding an additional struct
  inpcb parameter to ip_output and ip6_output to allow the IPsec code to
  locate the security policy to apply to outbound packets
o bump __FreeBSD_version so code can be conditionalized
o fixup ipfilter's call to ip_output based on __FreeBSD_version

Reviewed by:	julian, luigi (silent), -arch, -net, darren
Approved by:	julian, silence from everyone else
Obtained from:	openbsd (mostly)
MFC after:	1 month
2002-10-16 01:54:46 +00:00
Philippe Charnier
93b0017f88 Replace various spelling with FALLTHROUGH which is lint()able 2002-08-25 13:23:09 +00:00
David Malone
53d4d67c98 Make spxnames a const char * to quieten some warnings in netstat. 2002-07-27 23:15:08 +00:00
Seigo Tanimura
4cc20ab1f0 Back out my lats commit of locking down a socket, it conflicts with hsu's work.
Requested by:	hsu
2002-05-31 11:52:35 +00:00
Seigo Tanimura
243917fe3b Lock down a socket, milestone 1.
o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a
  socket buffer. The mutex in the receive buffer also protects the data
  in struct socket.

o Determine the lock strategy for each members in struct socket.

o Lock down the following members:

  - so_count
  - so_options
  - so_linger
  - so_state

o Remove *_locked() socket APIs.  Make the following socket APIs
  touching the members above now require a locked socket:

 - sodisconnect()
 - soisconnected()
 - soisconnecting()
 - soisdisconnected()
 - soisdisconnecting()
 - sofree()
 - soref()
 - sorele()
 - sorwakeup()
 - sotryfree()
 - sowakeup()
 - sowwakeup()

Reviewed by:	alfred
2002-05-20 05:41:09 +00:00
Seigo Tanimura
960ed29c4b Revert the change of #includes in sys/filedesc.h and sys/socketvar.h.
Requested by:	bde

Since locking sigio_lock is usually followed by calling pgsigio(),
move the declaration of sigio_lock and the definitions of SIGIO_*() to
sys/signalvar.h.

While I am here, sort include files alphabetically, where possible.
2002-04-30 01:54:54 +00:00
John Baldwin
6008862bc2 Change callers of mtx_init() to pass in an appropriate lock type name. In
most cases NULL is passed, but in some cases such as network driver locks
(which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.

Tested on:	i386, alpha, sparc64
2002-04-04 21:03:38 +00:00
John Baldwin
44731cab3b Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@
2002-04-01 21:31:13 +00:00
Alfred Perlstein
96abb1618a Remove __P. 2002-03-20 02:39:27 +00:00
Julian Elischer
079b7badea Pre-KSE/M3 commit.
this is a low-functionality change that changes the kernel to access the main
thread of a process via the linked list of threads rather than
assuming that it is embedded in the process. It IS still embeded there
but remove all teh code that assumes that in preparation for the next commit
which will actually move it out.

Reviewed by: peter@freebsd.org, gallatin@cs.duke.edu, benno rice,
2002-02-07 20:58:47 +00:00
Mike Smith
bedbd47e6a Initialise the intrq_present fields at runtime, not link time. This allows
us to load protocols at runtime, and avoids the use of common variables.

Also fix the ip6_intrq assignment so that it works at all.
2002-01-08 10:34:03 +00:00
Matthew Dillon
b1e4abd246 Give struct socket structures a ref counting interface similar to
vnodes.  This will hopefully serve as a base from which we can
expand the MP code.  We currently do not attempt to obtain any
mutex or SX locks, but the door is open to add them when we nail
down exactly how that part of it is going to work.
2001-11-17 03:07:11 +00:00
Peter Wemm
a95dbcd2df FreeBSD/vax is quite some time away. 2001-11-03 08:24:00 +00:00
Julian Elischer
b40ce4165d KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00