Commit Graph

86 Commits

Author SHA1 Message Date
mav
97bb9372d9 Remove unused variable.
Found with:     Coverity Prevent(tm)
CID:            3682
2008-11-22 16:55:55 +00:00
mav
dd8463bf88 Improve apply callback error reporting:
Before this patch callback returned result of the last finished call chain.
Now it returns last nonzero result from all call chain results in this request.

As soon as this improvement gives reliable error reporting, it is now possible
to remove dirty workaround in ng_socket, made to return ENOBUFS error statuses
of request-response operations. That workaround was responsible for returning
ENOBUFS errors to completely unrelated requests working at the same time
on socket.
2008-03-11 21:58:48 +00:00
jeff
ce18638805 Remove explicit locking of struct file.
- Introduce a finit() which is used to initailize the fields of struct file
   in such a way that the ops vector is only valid after the data, type,
   and flags are valid.
 - Protect f_flag and f_count with atomic operations.
 - Remove the global list of all files and associated accounting.
 - Rewrite the unp garbage collection such that it no longer requires
   the global list of all files and instead uses a list of all unp sockets.
 - Mark sockets in the accept queue so we don't incorrectly gc them.

Tested by:	kris, pho
2007-12-30 01:42:15 +00:00
mav
5aea982161 Implement new apply callback mechanism to handle item forwarding.
When item forwarded refence counter is incremented, when item
processed, counter decremented. When counter reaches zero,
apply handler is getting called.
Now it allows to report right connect() call status from user-level
at the right time.
2007-10-19 15:04:17 +00:00
rwatson
47d37a80be Reduce network stack oddness: implement .pru_sockaddr and .pru_peeraddr
protocol entry points using functions named proto_getsockaddr and
proto_getpeeraddr rather than proto_setsockaddr and proto_setpeeraddr.
While it's true that sockaddrs are allocated and set, the net effect is
to retrieve (get) the socket address or peer address from a socket, not
set it, so align names to that intent.
2007-05-11 10:20:51 +00:00
rwatson
10d0d9cf47 Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges.  These may
require some future tweaking.

Sponsored by:           nCircle Network Security, Inc.
Obtained from:          TrustedBSD Project
Discussed on:           arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                        Alex Lyashkov <umka at sevcity dot net>,
                        Skip Ford <skip dot ford at verizon dot net>,
                        Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:42:10 +00:00
glebius
4e5d9f4895 Check pointer before dereferencing.
Reported by:	Coverity
CID:		1556
2006-10-18 07:47:07 +00:00
glebius
898bb51431 Some clenaup of ngs_rcvmsg():
- Inline ship_msg() into ngs_rcvmsg().
  - Plug memory leak in case if no control socket present.
  - Remove malloc() and allocate the sockaddr on stack.
  - style(9).
2006-10-17 16:52:09 +00:00
glebius
0ce8903dc6 Some cleanup and small changes:
- Use malloc() and free() instead of MALLOC() and FREE() macros.
  - Do not check malloc results if M_WAITOK was used.
  - Remove linked list of all netgraph sockets. It isn't needed.
  - Use ng_findhook() instead of searching the list ourselves.
  - Use NG_WAITOK in syscalls.
  - Remove unneeded includes.
  - style(9)
2006-10-17 12:21:48 +00:00
rwatson
720efebbba Change semantics of socket close and detach. Add a new protocol switch
function, pru_close, to notify protocols that the file descriptor or
other consumer of a socket is closing the socket.  pru_abort is now a
notification of close also, and no longer detaches.  pru_detach is no
longer used to notify of close, and will be called during socket
tear-down by sofree() when all references to a socket evaporate after
an earlier call to abort or close the socket.  This means detach is now
an unconditional teardown of a socket, whereas previously sockets could
persist after detach of the protocol retained a reference.

This faciliates sharing mutexes between layers of the network stack as
the mutex is required during the checking and removal of references at
the head of sofree().  With this change, pru_detach can now assume that
the mutex will no longer be required by the socket layer after
completion, whereas before this was not necessarily true.

Reviewed by:	gnn
2006-07-21 17:11:15 +00:00
jhb
9af5dd68e4 Use kern_kldload() and kern_kldunload() to load and unload modules when
we intend for the user to be able to unload them later via kldunload(2)
instead of calling linker_load_module() and then directly adjusting the
ref count on the linker file structure.  This makes the resulting
consumer code simpler and cleaner and better hides the linker internals
making it possible to sanely lock the linker.
2006-06-13 21:36:23 +00:00
glebius
8102032dd4 Remove unneeded check.
Coverity ID:	445
2006-05-16 11:49:26 +00:00
glebius
9b4bb59e8c Do not leak kernel memory in case if userland has been compiled
against older NG_VERSION.

Coverity ID:	1131
2006-05-16 09:32:58 +00:00
rwatson
d2dc014de0 Correct assertion in ng_detach().
Submitted by:	tegge
MFC after:	3 months
2006-04-06 02:54:42 +00:00
rwatson
5479e5d692 Chance protocol switch method pru_detach() so that it returns void
rather than an error.  Detaches do not "fail", they other occur or
the protocol flags SS_PROTOREF to take ownership of the socket.

soclose() no longer looks at so_pcb to see if it's NULL, relying
entirely on the protocol to decide whether it's time to free the
socket or not using SS_PROTOREF.  so_pcb is now entirely owned and
managed by the protocol code.  Likewise, no longer test so_pcb in
other socket functions, such as soreceive(), which have no business
digging into protocol internals.

Protocol detach routines no longer try to free the socket on detach,
this is performed in the socket code if the protocol permits it.

In rts_detach(), no longer test for rp != NULL in detach, and
likewise in other protocols that don't permit a NULL so_pcb, reduce
the incidence of testing for it during detach.

netinet and netinet6 are not fully updated to this change, which
will be in an upcoming commit.  In their current state they may leak
memory or panic.

MFC after:	3 months
2006-04-01 15:42:02 +00:00
ru
dcace5669d Use sparse initializers for "struct domain" and "struct protosw",
so they are easier to follow for the human being.
2005-11-09 13:29:16 +00:00
glebius
62e84272e8 Fix several races between socket closure and node/hook
destruction:
  - Backout 1.62, since it doesn't fix all possible
    problems.
  - Upon node creation, put an additional reference on node.
  - Add a mutex and refcounter to struct ngsock. Netgraph node,
    control socket and data socket all count as references.
  - Introduce ng_socket_free_priv() which removes one reference
    from ngsock, and frees it when all references has gone.
  - No direct pointers between pcbs and node, all pointing
    is done via struct ngsock and protected with mutex.
2005-11-02 15:34:42 +00:00
glebius
67f869b35c When message can't fit into socket receive buffer return ENOBUFS
to userland program instead of letting it wait until end of days.

PR:	kern/85907
2005-09-12 14:11:11 +00:00
obrien
dd4ae2e4bd Fix missing '=' in structure initialization. 2005-07-23 19:28:51 +00:00
glebius
fcbdfd0eb4 In the splnet times, netgraph was functional and synchronous. Nowadays,
an item may be queued and processed later. While this is OK for mbufs,
this is a problem for control messages.

In the framework:
- Add optional callback function pointer to an item. When item gets
  applied the callback is executed from ng_apply_item().
- Add new flag NG_PROGRESS. If this flag is supplied, then return
  EINPROGRESS instead of 0 in case if item failed to deliver
  synchronously and was queued.
- Honor NG_PROGRESS in ng_snd_item().

In ng_socket:
- When userland sends control message add callback to the item.
- If ng_snd_item() returns EINPROGRESS, then sleep.

This change fixes possible races in ngctl(8) scripts.

Reviewed by:	julian
Approved by:	re (scottl)
2005-07-05 17:35:20 +00:00
bz
d98e11da23 Fix use of uninitialized variable len in ngd_send.
Note: len gets intialized to 0 for sap == NULL case only to
make compiler on amd64 happy. This has nothing todo with the
former uninitialized use of len in sap != NULL case.

Reviewed by:	glebius
Approved by:	pjd (mentor)
2005-05-28 13:15:44 +00:00
glebius
54d1472c80 Remove local error variable, which leads to hiding error from return
value.

PR:		kern/81371
Submitted by:	Wojciech A. Koszek
MFC after:	1 week
2005-05-23 13:49:49 +00:00
glebius
22196abfb6 - Unwind NG_SEND_MSG_PATH() macro and merge it with already unwinded
version under TRACE_MESSAGES.
- Pass NG_WAITOK flag to ng_package_data() in unwinded macro.
2005-05-17 12:18:13 +00:00
glebius
206ba6ee3b - Fix build with TRACE_MESSAGES on.
- Reformat code under TRACE_MESSAGES to make it more readable.
- Move linker hackery out of #ifdef.
- Break long lines in linker hackery block.
2005-05-16 18:50:26 +00:00
glebius
30c28c4860 Close race between node being shutdown and socket being detached. To
do this, obtain netgraph locking in detach method via ng_send_fn1().

Reviewed by:	julian
MFC after:	2 weeks
2005-05-16 17:25:49 +00:00
glebius
697612a8ec Catch up with new ng_package_data(). Use NG_WAITOK on userland
path.
2005-05-16 17:09:35 +00:00
ru
690fdeacb3 Create a per-module mutex on MOD_LOAD, and destroy it on MOD_UNLOAD.
(This fixes witness_destroy() panic after module unload.)

OK'ed by:	rwatson, julian
2005-02-05 08:28:36 +00:00
glebius
93f2cf1fa1 Do check that version of a message from userland matches ours.
MFC after:	3 days
2005-02-04 21:38:42 +00:00
glebius
c207fe4548 - Fix build with TRACE_MESSAGES defined
- Remove extra parenthesis
2005-02-04 16:08:20 +00:00
imp
a50ffc2912 /* -> /*- for license, minor formatting changes 2005-01-07 01:45:51 +00:00
mlaier
ea0fd1c083 Move ng_socket and ng_btsocket initialization to SI_SUB_PROTO_DOMAIN as they
call net_add_domain(). Calling this function too early (or late) breaks
assertations about the global domains list.
Actually it should be forbidden to call net_add_domain() outside of
SI_SUB_PROTO_DOMAIN completely as there are many places where we traverse
the domains list unprotected, but for now we allow late calls (mostly to
support netgraph). In order to really fix this we have to lock the domains
list in all places or find another way to ensure that we can safely walk the
list while another thread might be adding a new domain.

Spotted by:	se
Reviewed by:	julian, glebius
PR:		kern/73321	(partly)
2004-11-30 22:28:50 +00:00
phk
027fce30f5 Initialize struct pr_userreqs in new/sparse style and fill in common
default elements in net_init_domain().

This makes it possible to grep these structures and see any bogosities.
2004-11-08 14:44:54 +00:00
rwatson
831d60452c Acquire Giant arounds calls into the linker from Netgraph sockets.
We now no longer hold Giant in send(), so it isn't inheritted by the
linker, which calls into VFS.

Reported by:	glebius
Discussed with:	glebius, bz
2004-08-30 14:41:25 +00:00
glebius
900350dd1b Fix a stupid error in my previous commit, which broke operation
of many nodes.

Pointy hat to:	glebius
2004-07-31 21:32:55 +00:00
glebius
1a302abfe1 When making a peer of unknown type framework tries to load module
using linker_load_module(). This works OK if NGM_MKPEER message came
from userland and we have process associated with thread. But when
NGM_MKPEER was queued because target node was busy, linker_load_module()
is called from netisr thread leading to panic.
To workaround that we do not load modules by framework, instead ng_socket
loads module (if this is required) before sending NGM_MKPEER.
However, the race condition between return from NgSendMsg() and actual
creation of node still exist and needs to be solved.

PR:		kern/62789
Approved by:	julian
2004-07-27 20:30:56 +00:00
rwatson
b8ecdf1b3c Introduce a global mtx 'ngsocketlist_mtx' to protect the global
ng_socket list during insert/delete.
2004-07-12 04:45:46 +00:00
marcel
fdfd8c5336 Update for the KDB framework:
o  Call kdb_enter() instead of Debugger().
o  Change comments accordingly.
2004-07-10 21:45:58 +00:00
julian
c85e63d425 Switch to using C99 sparse initialisers for the type methods array.
Should make no binary difference.

Submitted by:	Gleb Smirnoff <glebius@cell.sick.ru>
Reviewed by:	Harti Brandt <harti@freebsd.org>
MFC after:	1 week
2004-05-29 00:51:19 +00:00
ru
d99bfe83a8 Correct the description of the net.graph.recvspace sysctl. 2004-01-27 22:02:01 +00:00
harti
14cb10664f Get rid of the deprecated *LEN constants in favour of the new
*SIZ constants that include the trailing \0 byte.
2004-01-26 14:05:31 +00:00
ru
9942270d48 Allow the socket buffer sizes to be controlled via sysctl(8).
MFC after:	3 days
2004-01-23 14:35:44 +00:00
rwatson
9c969b771a Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
imp
cf874b345d Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
alfred
bf8e8a6e8f Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
dillon
ccd5574cc6 Bow to the whining masses and change a union back into void *. Retain
removal of unnecessary casts and throw in some minor cleanups to see if
anyone complains, just for the hell of it.
2003-01-13 00:33:17 +00:00
dillon
ddf9ef103e Change struct file f_data to un_data, a union of the correct struct
pointer types, and remove a huge number of casts from code using it.

Change struct xfile xf_data to xun_data (ABI is still compatible).

If we need to add a #define for f_data and xf_data we can, but I don't
think it will be necessary.  There are no operational changes in this
commit.
2003-01-12 01:37:13 +00:00
schweikh
d3367c5f5d Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
archie
d8ca8557f2 Don't use "NULL" when "0" is really meant. 2002-08-22 00:30:03 +00:00
archie
d14167a565 Const'ify variables to make it clear we're not writing to the mbuf data.
Reviewed by:	julian, brian
MFC after:	1 week
2002-06-05 23:35:31 +00:00
tanimura
e6fa9b9e92 Back out my lats commit of locking down a socket, it conflicts with hsu's work.
Requested by:	hsu
2002-05-31 11:52:35 +00:00