383 Commits

Author SHA1 Message Date
ru
5395e1e157 Netgraph node type for IEEE 802.1Q VLAN tagging. 2004-03-01 17:22:16 +00:00
rwatson
b0b5f961bd Rename dup_sockaddr() to sodupsockaddr() for consistency with other
functions in kern_socket.c.

Rename the "canwait" field to "mflags" and pass M_WAITOK and M_NOWAIT
in from the caller context rather than "1" or "0".

Correct mflags pass into mac_init_socket() from previous commit to not
include M_ZERO.

Submitted by:	sam
2004-03-01 03:14:23 +00:00
phk
92d93444db Unconst. Somebody didn't compile LINT. 2004-02-24 22:16:40 +00:00
cperciva
b646484505 Check that a pointer is non-NULL before dereferencing it, not after.
Reported by:	"Ted Unangst" <tedu@coverity.com>
Approved by:	rwatson (mentor)
2004-02-24 18:01:43 +00:00
phk
ad925439e0 Device megapatch 4/6:
Introduce d_version field in struct cdevsw, this must always be
initialized to D_VERSION.

Flip sense of D_NOGIANT flag to D_NEEDGIANT, this involves removing
four D_NOGIANT flags and adding 145 D_NEEDGIANT flags.
2004-02-21 21:10:55 +00:00
phk
df397dedea Device megapatch 1/6:
Free approx 86 major numbers with a mostly automatically generated patch.

A number of strategic drivers have been left behind by caution, and a few
because they still (ab)use their major number.
2004-02-21 19:42:58 +00:00
pjd
4a0eb3ce03 Backout previous change, it breaks build and it is not needed
layering violation. As pointed out, there is much better way to do this.
Sorry guys, I need to find a better way to force reviews.

Requested by:	harti, julian, scottl (mentor)
Pointy hat to:	pjd
2004-02-20 08:26:27 +00:00
pjd
112dc996de Add new failure detection algorithm.
It works as follows:
In every 'interval' seconds defined links are checked.
If they are non-active they will not be used by to data transfer.

No response from:	julian, archie
Silent on:		net@
Approved by:		scottl (mentor)
2004-02-19 17:04:23 +00:00
pjd
eb34e2938a Export private structure owned by ng_ether(4) module outside.
It'll is required by new failure detection algorithm for ng_one2many(4).

No response from:	julian, archie
Silent on:		net@
Approved by:		scottl (mentor)
2004-02-19 16:58:01 +00:00
harti
b7d9a76d45 Use the official ng_timeout function to trigger sending. This means,
that we can get rid of of all the spl*() calls, because ng_timeout
handles the locking issues.
2004-01-30 15:34:57 +00:00
ru
d99bfe83a8 Correct the description of the net.graph.recvspace sysctl. 2004-01-27 22:02:01 +00:00
harti
a7d7d54498 Don't confuse NULL and 0, use 0 where an integer is expected. 2004-01-27 10:46:33 +00:00
harti
8ca13640ae Style: add __FBSDID, relocate some { that were on the wrong line,
correct some indendation, change __FUNCTION__ to __func__ and remove
a local KASSERT definition.
2004-01-27 10:45:37 +00:00
harti
5e802bbf2a Replace deprecated NG_NODELEN with the new NG_NODESIZ. There is one
problem here still to be solved: the sockaddr_hci has still a 16 byte
field for the node name. The code currently does not correctly use the
length field in the sockaddr to handle the address length, so
node names get truncated to 15 characters when put into a sockaddr_hci.
2004-01-26 15:19:43 +00:00
harti
7ce7ecdff6 Get rid of the old *LEN constants in favour of the new *SIZ constants
that also include the trailing \0 byte.
2004-01-26 14:57:49 +00:00
harti
c4f8c33a9a Define the new command NGM_SOURCE_START_NOW to allow generation of
traffic for non-ethernet hooks. This commit should have been packaged
with the commit to ng_source.c.
2004-01-26 14:54:39 +00:00
harti
10f9fcc036 Make ng_source to work with non-ethernet interfaces. We do this by
introducing a START_NOW command. This command does not send
and GET_IFINDEX message downstream (to wait for the response from
the ETHERNET node), but directly starts the sending process. This allows
one to generate traffic as input for any hook on any node.
2004-01-26 14:53:16 +00:00
harti
d5c0563652 Declare a function to silence a warning. 2004-01-26 14:48:21 +00:00
harti
0890739279 Should use the non-locking versions of the ifqueue macros to
fiddle around with private queues, because their mutex is not
needed. All this processing should be protected by the netgraph
locking.
2004-01-26 14:46:35 +00:00
harti
cc7ffd1cab Replace a call to bzero() with an M_ZERO flag. Replace the MALLOC() with
malloc().
2004-01-26 14:44:36 +00:00
harti
2d831aa28a The version in the type description must be the ABI version, not
the netgraph version.

Correct the return type of a function: it wants to return an error
code, so it cannot be void.
2004-01-26 14:14:09 +00:00
harti
14cb10664f Get rid of the deprecated *LEN constants in favour of the new
*SIZ constants that include the trailing \0 byte.
2004-01-26 14:05:31 +00:00
harti
33024724e6 Get rid of the deprecated *LEN constants and use the new *SIZ
(that include the trailing \0) constants instead.
2004-01-26 12:24:07 +00:00
ru
9942270d48 Allow the socket buffer sizes to be controlled via sysctl(8).
MFC after:	3 days
2004-01-23 14:35:44 +00:00
phk
c6b7068a7d Simplify timing gymnastics a bit. 2004-01-21 19:20:57 +00:00
green
5597367666 Add an "ethernet" hook to the rfc1490 netgraph module. It will send
and receive FCS-less RFC1490-"bridged" Ethernet packets that are
currently just ignored.
2004-01-14 00:39:28 +00:00
green
73049104d9 Also, don't crash in the netgraph disconnect node if the interface is
detached from the other direction.
2004-01-09 02:03:24 +00:00
green
ae72c2e86b Don't try to ifpromisc() on an interface that's deleted already. 2004-01-09 00:41:45 +00:00
sam
c165a87f8d o eliminate widespread on-stack mbuf use for bpf by introducing
a new bpf_mtap2 routine that does the right thing for an mbuf
  and a variable-length chunk of data that should be prepended.
o while we're sweeping the drivers, use u_int32_t uniformly when
  when prepending the address family (several places were assuming
  sizeof(int) was 4)
o return M_ASSERTVALID to BPF_MTAP* now that all stack-allocated
  mbufs have been eliminated; this may better be moved to the bpf
  routines

Reviewed by:	arch@ and several others
2003-12-28 03:56:00 +00:00
alfred
fc379f67bb NULL -> 0 where appropriate. 2003-12-24 18:51:01 +00:00
yar
127f4e3f65 The default value of net.graph.nonstandard_pppoe is changed to -1,
which means "always stay in the standard mode of PPPoE operation
regardless of any junk floating around."

As the referenced PR stated clearly, the old default setting of 0
was extremely dangerous because it opened a possibility for a
spurious frame not only to put down a single PPPoE node running
FreeBSD, but to plague *every* FreeBSD node in a PPPoE network in
such a way that those nodes would keep poisoning each other until
rebooted simultaneously.

PR:		kern/47920
Reviewed by:	Gleb Smirnoff <glebius <at> cell.sick.ru>
MFC after:	1 week
2003-12-19 16:03:28 +00:00
ru
3c75dd4b07 Fixed panic on hook disconnection that previous revision has introduced. 2003-12-19 15:09:12 +00:00
ru
2adf24aa2c Fixed compilation on 64-bit platforms. 2003-12-19 09:34:37 +00:00
yar
431cb9e4dc There are two modes of ng_pppoe operation, standard and
nonstandard.  They differ in the values of certain fields in
the PPPoE frame.  Previously, ng_pppoe would start in standard
mode, yet switch to nonstandard one upon reception of a single
nonstandard frame.  After having done so, ng_pppoe would be unable
to interact with standard PPPoE peers.  Thus, a DoS condition
existed that could be triggered by a buggy peer or malicious party.

Since few people have expressed their displeasure WRT this problem,
the default operation of ng_pppoe is left untouched for now.  However,
a new value for the sysctl net.graph.nonstandard_pppoe is introduced,
-1, which will force ng_pppoe stay in standard mode regardless of any
bogus frames floating around.

PR:		kern/47920
Submitted by:	Gleb Smirnoff <glebius <at> cell.sick.ru>
MFC after:	1 week
2003-12-18 16:38:35 +00:00
ru
797609fced Removed an outdated comment.
Submitted by:	archie
2003-12-18 09:16:40 +00:00
ru
0fa7b537cd Use the (now standard) Ethernet address parse type. 2003-12-17 13:03:32 +00:00
ru
1df4525959 Made the Ethernet address parse type standard.
OK'ed by:	archie
2003-12-17 12:40:34 +00:00
ru
6c49c65d27 Replaced two bzero() calls with the M_ZERO flag to malloc().
Reviewed by:	julian
2003-12-17 11:48:18 +00:00
ru
5496301304 MFS: Make struct arpcom the first entry in softc. (There are at least
two functions in sys/net/if.c that assume that softc starts with arpcom.)
This makes setting of ethernet address via ifconfig(8) work as expected.
2003-12-15 11:28:15 +00:00
truckman
79971791cf Pass MTX_DEF instead of 0 as the last argument to mtx_init().
Submitted by:	Gavin Atkinson <gavin+freebsdc@ury.york.ac.uk>
2003-12-15 01:36:54 +00:00
truckman
27358f2607 The last argument to mtx_init() should be MTX_DEF, not 0. This is not a
functional change since MTX_DEF happens to be defined as 0.
2003-12-08 01:18:04 +00:00
archie
7328a76791 Lower the maximum ACK timeout for GRE packets from 10 to 1 second.
In practice it seems that in situations of high packet loss the ACK
timeout seems to hit this maximum (perhaps inappropriately, but the
estimation algorithm is not perfect, so apparently it happens). In
any case, 10 seconds is way too high a value so lower to 1 second.

MFC after:	3 days
2003-11-18 20:43:23 +00:00
rwatson
9c969b771a Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
ru
832e732357 Fixed two memory leaks.
Reviewed by:	harti
2003-11-17 19:13:44 +00:00
ru
6e59ab8e66 Check the correct set of interface flags and fix a memory leak.
Reviewed by:	harti
2003-11-17 19:13:01 +00:00
emax
644a1d7482 Change double include protection style in headers to match
the rest of Netgraph code.

Reviewed by: imp, ru
Approved by: imp (mentor)
2003-11-14 03:45:29 +00:00
harti
650f540b8d Make the defines that prevent multiple includes look like the
others in netgraph.
2003-11-13 13:00:56 +00:00
harti
8bf197b04d Bump the netgraph header version to 6 for the change of the name
length definitions.

Reminded by: jdp
2003-11-12 17:03:40 +00:00
harti
62ca2026d2 Double length of node names, hook names, command strings and types. Add
defines for these constants that include the trailing NUL byte. These
new constants have SIZ in their name instead of LEN. As soon as all
consumers in the tree are converted to use the new defines the old
defines will be put under BURN_BRIDGES.

Reviewed by:	archie, julian, ru
Approved by:	re (in principle)
2003-11-12 09:10:11 +00:00
ru
e57672a655 MFS: Change interface name from "nge" to "ngeth" to avoid conflict
with nge(4).
2003-11-11 16:12:05 +00:00