94 Commits

Author SHA1 Message Date
rwatson
7a94e47d73 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke a MAC framework entry point to authorize reception of an
incoming mbuf by the BPF descriptor, permitting MAC policies to
limit the visibility of packets delivered to particular BPF
descriptors.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:11:32 +00:00
rwatson
21c15b4271 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument BPF so that MAC labels are properly maintained on BPF
descriptors.  MAC framework entry points are invoked at BPF
instantiation and allocation, permitting the MAC framework to
derive the BPF descriptor label from the credential authorizing
the device open.  Also enter the MAC framework to label mbufs
created using the BPF device.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:09:38 +00:00
alfred
d1e340364b Make funsetown() take a 'struct sigio **' so that the locking can
be done internally.

Ensure that no one can fsetown() to a dying process/pgrp.  We need
to check the process for P_WEXIT to see if it's exiting.  Process
groups are already safe because there is no such thing as a pgrp
zombie, therefore the proctree lock completely protects the pgrp
from having sigio structures associated with it after it runs
funsetownlst.

Add sigio lock to witness list under proctree and allproc, but over
proc and pgrp.

Seigo Tanimura helped with this.
2002-05-06 19:31:28 +00:00
alfred
798c53d495 Redo the sigio locking.
Turn the sigio sx into a mutex.

Sigio lock is really only needed to protect interrupts from dereferencing
the sigio pointer in an object when the sigio itself is being destroyed.

In order to do this in the most unintrusive manner change pgsigio's
sigio * argument into a **, that way we can lock internally to the
function.
2002-05-01 20:44:46 +00:00
jhb
db9aa81e23 Change callers of mtx_init() to pass in an appropriate lock type name. In
most cases NULL is passed, but in some cases such as network driver locks
(which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.

Tested on:	i386, alpha, sparc64
2002-04-04 21:03:38 +00:00
luigi
f7c71ab2f2 Replace (deprecated ?) FREE() macro with direct calls to free() 2002-04-04 06:03:17 +00:00
alfred
c9985516e4 Remove __P. 2002-03-19 21:54:18 +00:00
alfred
bc5f1abaf3 Missed this file for select SMP fixes associated with rev 1.93 of
kern/sys_generic.c
2002-03-14 04:47:08 +00:00
jdp
69c3d327d1 Make bpf's read timeout feature work more correctly with
select/poll, and therefore with pthreads.  I doubt there is any way
to make this 100% semantically identical to the way it behaves in
unthreaded programs with blocking reads, but the solution here
should do the right thing for all reasonable usage patterns.

The basic idea is to schedule a callout for the read timeout when a
select/poll is done.  When the callout fires, it ends the select if
it is still in progress, or marks the state as "timed out" if the
select has already ended for some other reason.  Additional logic in
bpfread then does the right thing in the case where the timeout has
fired.

Note, I co-opted the bd_state member of the bpf_d structure.  It has
been present in the structure since the initial import of 4.4-lite,
but as far as I can tell it has never been used.

PR:		kern/22063 and bin/31649
MFC after:	3 days
2001-12-14 22:17:54 +00:00
arr
adfbc8c55a - M_ZERO already sets bif_dlist to zero; there is no need to
do it again.
2001-11-18 03:41:20 +00:00
ru
a078359b24 Record the fact that revision 1.39 corresponded to CSRG revision 8.4,
and first hunk of revision 1.76 corresponded to CSRG revision 8.3.
2001-10-17 10:18:42 +00:00
jhb
a410ffa472 Malloc mutexes pre-zero'd as random garbage (including 0xdeadcode) my
trigget the check to make sure we don't initalize a mutex twice.
2001-10-10 20:43:50 +00:00
jhb
69b2d3f3db Use the passed in thread to selrecord() instead of curthread. 2001-09-21 22:46:54 +00:00
julian
5596676e6c KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
dd
000badbe72 Correct the comment about bpfattach() to match reality.
PR:		29967
Submitted by:	Joseph Mallett <jmallett@xMach.org>
2001-08-23 22:38:08 +00:00
gad
08f68aa797 Fix bpf devices so select() recognizes that they are always writable.
PR:		9355
Submitted by:	Bruce Evans <bde@zeta.org.au>
Reviewed by:	Garrett Rooney <rooneg@electricjellyfish.net>  (see pr :-)
2001-04-04 23:27:35 +00:00
phk
c47745e977 Send the remains (such as I have located) of "block major numbers" to
the bit-bucket.
2001-03-26 12:41:29 +00:00
rwatson
b8eb67e3be o Remove unnecessary jail() check in bpfopen() -- we limit device access
in jail using /dev namespace limits and mknod() limits, not by explicit
  checks in the device open code.
2001-02-21 05:34:34 +00:00
jlemon
21e5f66dd3 Add mutexes to the entire bpf subsystem to make it MPSAFE.
Previously reviewed by: jhb, bde
2001-02-16 17:10:28 +00:00
peter
45d023e517 Supply a stub bpf_validate() (always returning false - the script is not
valid) if BPF is missing.
The netgraph_bpf node forced bpf to be present, reflect that in the
options.
Stop doing a 'count bpf' - we provide stubs.
Since a handful of drivers still refer to "bpf.h", provide a more accurate
indication that the API is present always. (eg: netinet6)
2001-01-29 13:26:14 +00:00
bmilekic
552eacf1e7 Small fix for bpf compat:
Make malloc() use M_NOWAIT istead of M_DONTWAIT and in the
bpf_compat case, define M_NOWAIT to be M_DONTWAIT.
2000-12-27 22:20:13 +00:00
bmilekic
4b6a7bddad * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT.
This is because calls with M_WAIT (now M_TRYWAIT) may not wait
  forever when nothing is available for allocation, and may end up
  returning NULL. Hopefully we now communicate more of the right thing
  to developers and make it very clear that it's necessary to check whether
  calls with M_(TRY)WAIT also resulted in a failed allocation.
  M_TRYWAIT basically means "try harder, block if necessary, but don't
  necessarily wait forever." The time spent blocking is tunable with
  the kern.ipc.mbuf_wait sysctl.
  M_WAIT is now deprecated but still defined for the next little while.

* Fix a typo in a comment in mbuf.h

* Fix some code that was actually passing the mbuf subsystem's M_WAIT to
  malloc(). Made it pass M_WAITOK instead. If we were ever to redefine the
  value of the M_WAIT flag, this could have became a big problem.
2000-12-21 21:44:31 +00:00
jdp
9173a75686 Fix bug: a read() on a bpf device which was in non-blocking mode
and had no data available returned 0.  Now it returns -1 with errno
set to EWOULDBLOCK (== EAGAIN) as it should.  This fix makes the bpf
device usable in threaded programs.

Reviewed by:	bde
2000-12-17 20:50:22 +00:00
dwmalone
dd75d1d73b Convert more malloc+bzero to malloc+M_ZERO.
Submitted by:	josh@zipperup.org
Submitted by:	Robert Drehmel <robd@gmx.net>
2000-12-08 21:51:06 +00:00
phk
c3f2ee9700 Staticize some malloc M_ instances. 2000-12-08 20:09:00 +00:00
jhb
33bdacce8c Fix an order of operations buglet. ! has higher precedence than &. This
should fix the warnings about bpf not calling make_dev().
2000-11-03 00:51:41 +00:00
phk
92d8c67651 Don't make_dev() in bpfopen() unless we need to. 2000-10-09 14:19:09 +00:00
phk
6023f97970 Rename lminor() to dev2unit(). This function gives a linear unit number
which hides the 'hole' in the minor bits.

Introduce unit2minor() to do the reverse operation.

Fix some some make_dev() calls which didn't use UID_* or GID_* macros.

Kill the v_hashchain alias macro, it hides the real relationship.

Introduce experimental SI_CHEAPCLONE flag set it on cloned bpfs.
2000-09-19 10:28:44 +00:00
brian
3e00aea6f8 Call bpfattach() correctly from if_ppp.c
Submitted by:	Andy Adams <ala@merit.edu>
PR:		18506
2000-09-16 14:17:15 +00:00
phk
e47f61e183 Avoid the modules madness I inadvertently introduced by making the
cloning infrastructure standard in kern_conf.  Modules are now
the same with or without devfs support.

If you need to detect if devfs is present, in modules or elsewhere,
check the integer variable "devfs_present".

This happily removes an ugly hack from kern/vfs_conf.c.

This forces a rename of the eventhandler and the standard clone
helper function.

Include <sys/eventhandler.h> in <sys/conf.h>: it's a helper #include
like <sys/queue.h>

Remove all #includes of opt_devfs.h they no longer matter.
2000-09-02 19:17:34 +00:00
phk
b648921acc Remove all traces of Julians DEVFS (incl from kern/subr_diskslice.c)
Remove old DEVFS support fields from dev_t.

  Make uid, gid & mode members of dev_t and set them in make_dev().

  Use correct uid, gid & mode in make_dev in disk minilayer.

  Add support for registering alias names for a dev_t using the
  new function make_dev_alias().  These will show up as symlinks
  in DEVFS.

  Use makedev() rather than make_dev() for MFSs magic devices to prevent
  DEVFS from noticing this abuse.

  Add a field for DEVFS inode number in dev_t.

  Add new DEVFS in fs/devfs.

  Add devfs cloning to:
        disk minilayer (ie: ad(4), sd(4), cd(4) etc etc)
        md(4), tun(4), bpf(4), fd(4)

  If DEVFS add -d flag to /sbin/inits args to make it mount devfs.

  Add commented out DEVFS to GENERIC
2000-08-20 21:34:39 +00:00
phk
2e5551ad87 Don't panic if ifpromisc() returnes ENXIO, it's probably just an pccard
which have been pulled.
2000-06-01 21:57:13 +00:00
wpaul
63e31a38dc Add a bpfdetach() stub routine to bpf.c. Without this, you'll get an
unresolved symbol error if you try to load a network driver into a kernel
which doesn't have bpf enabled.

Forgotten by: rwatson
Found by: peter
2000-04-27 15:11:41 +00:00
rwatson
5b7df33ce0 The advent of if_detach, allowing interface removal at runtime, makes it
possible for a panic to occur if BPF is in use on the interface at the
time of the call to if_detach.  This happens because BPF maintains pointers
to the struct ifnet describing the interface, which is freed by if_detach.

To correct this problem, a new call, bpfdetach, is introduced.  bpfdetach
locates BPF descriptor references to the interface, and NULLs them.  Other
BPF code is modified so that discovery of a NULL interface results in
ENXIO (already implemented for some calls).  Processes blocked on a BPF
call will also be woken up so that they can receive ENXIO.

Interface drivers that invoke bpfattach and if_detach must be modified to
also call bpfattach(ifp) before calling if_detach(ifp).  This is relevant
for buses that support hot removal, such as pccard and usb.  Patches to
all effected devices will not be committed, only to if_wi.c, due to
testing limitations.  To reproduce the crash, load up tcpdump on you
favorite pccard ethernet card, and then eject the card.  As some pccard
drivers do not invoke if_detach(ifp), this bug will not manifest itself
for those drivers.

Reviewed by:	wes
2000-03-19 05:42:34 +00:00
rwatson
7432002de6 Introduce a new bd_seesent flag to the BPF descriptor, indicating whether or
not the current BPF device should report locally generated packets or not.
This allows sniffing applications to see only packets that are not generated
locally, which can be useful for debugging bridging problems, or other
situations where MAC addresses are not sufficient to identify locally
sourced packets.  Default to true for this flag, so as to provide existing
behavior by default.

Introduce two new ioctls, BIOCGSEESENT and BIOCSSEESENT, which may be used
to manipulate this flag from userland, given appropriate privilege.

Modify bpf.4 to document these two new ioctl arguments.

Reviewed by:	asmodai
2000-03-18 06:30:42 +00:00
phk
d462c28c31 |The hard limit for the BPF buffer size is 32KB, which appears too low
|for high speed networks (even at 100Mbit/s this corresponds to 1/300th
|of a second). The default buffer size is 4KB, but libpcap and ipfilter
|both override this (using the BIOCSBLEN ioctl) and allocate 32KB.
|
|The following patch adds an sysctl for bpf_maxbufsize, similar to the
|one for bpf_bufsize that you added back in December 1995. I choose to
|make the default for this limit 512KB (the value suggested by NFR).

Submitted by:	se
Reviewed by:	phk
2000-01-15 19:46:12 +00:00
julian
bee374df84 Make the stub routines have the same prototypes as the real bpf
routines.
1999-12-03 09:59:02 +00:00
archie
fcbe1d0da9 Fix bug in BIOCGETIF ioctl() where it would return a bogus interface
name if the interface unit number was greater than 9.
1999-11-03 21:32:28 +00:00
msmith
010a32d645 Implement pseudo_AF_HDRCMPLT, which controls the state of the 'header
completion' flag.  If set, the interface output routine will assume that
the packet already has a valid link-level source address.  This defaults
to off (the address is overwritten)

PR:		kern/10680
Submitted by:	"Christopher N . Harrell" <cnh@mindspring.net>
Obtained from:	NetBSD
1999-10-15 05:07:00 +00:00
phk
e9e0512210 Remove five now unused fields from struct cdevsw. They should never
have been there in the first place.  A GENERIC kernel shrinks almost 1k.

Add a slightly different safetybelt under nostop for tty drivers.

Add some missing FreeBSD tags
1999-09-25 18:24:47 +00:00
peter
3b842d34e8 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
phk
682e4187a9 Give BPF the "almost-clone" update. If you need more of them, make
more entries in /dev and be happy you don't need to recompile your
kernel.
1999-08-15 09:38:21 +00:00
des
3c4a5a075d Rename bpfilter to bpf. 1999-07-06 19:23:32 +00:00
phk
6a5dc97620 Simplify cdevsw registration.
The cdevsw_add() function now finds the major number(s) in the
struct cdevsw passed to it.  cdevsw_add_generic() is no longer
needed, cdevsw_add() does the same thing.

cdevsw_add() will print an message if the d_maj field looks bogus.

Remove nblkdev and nchrdev variables.  Most places they were used
bogusly.  Instead check a dev_t for validity by seeing if devsw()
or bdevsw() returns NULL.

Move bdevsw() and devsw() functions to kern/kern_conf.c

Bump __FreeBSD_version to 400006

This commit removes:
        72 bogus makedev() calls
        26 bogus SYSINIT functions

if_xe.c bogusly accessed cdevsw[], author/maintainer please fix.

I4b and vinum not changed.  Patches emailed to authors.  LINT
probably broken until they catch up.
1999-05-31 11:29:30 +00:00
phk
7e4a9dced9 This commit should be a extensive NO-OP:
Reformat and initialize correctly all "struct cdevsw".

        Initialize the d_maj and d_bmaj fields.

        The d_reset field was not removed, although it is never used.

I used a program to do most of this, so all the files now use the
same consistent format.  Please keep it that way.

Vinum and i4b not modified, patches emailed to respective authors.
1999-05-30 16:53:49 +00:00
phk
ca21a25f17 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
msmith
ae853b3a11 Allow loadable interface drivers with BPF support to be loaded into a kernel
that doesn't have it.  This is achieved by having minimal do-nothing stubs
enabled when there are no bpfilter devices configured.

Driver modules should be built with BPF enabled for maximum
convenience (but can be built without it for maximum performance).
1999-04-28 01:18:13 +00:00
dillon
dbf5cd2b57 Fix warnings in preparation for adding -Wall -Wcast-qual to the
kernel compile
1999-01-27 22:42:27 +00:00
archie
60d13c7a9d The "easy" fixes for compiling the kernel -Wunused: remove unreferenced static
and local variables, goto labels, and functions declared but not defined.
1998-12-07 21:58:50 +00:00
truckman
de184682fa Installed the second patch attached to kern/7899 with some changes suggested
by bde, a few other tweaks to get the patch to apply cleanly again and
some improvements to the comments.

This change closes some fairly minor security holes associated with
F_SETOWN, fixes a few bugs, and removes some limitations that F_SETOWN
had on tty devices.  For more details, see the description on the PR.

Because this patch increases the size of the proc and pgrp structures,
it is necessary to re-install the includes and recompile libkvm,
the vinum lkm, fstat, gcore, gdb, ipfilter, ps, top, and w.

PR:		kern/7899
Reviewed by:	bde, elvind
1998-11-11 10:04:13 +00:00