521 Commits

Author SHA1 Message Date
kjc
2193f1d434 clean up en atm driver
o fix DDB support
   - include "opt_ddb.h"
   - fix Debugger() arg
   pointed out by bde

 o back out pvc shadow interface support
   - it is currently not used
   - to make it easier to merge another implementation

 o misc minor cleanup
1999-05-08 14:23:40 +00:00
phk
31167e1a82 Fix some disordering I introduced with the jail code. 1999-05-08 07:00:04 +00:00
phk
500e41bd71 I got tired of seeing all the cdevsw[major(foo)] all over the place.
Made a new (inline) function devsw(dev_t dev) and substituted it.

Changed to the BDEV variant to this format as well: bdevsw(dev_t dev)

DEVFS will eventually benefit from this change too.
1999-05-08 06:40:31 +00:00
peter
73556bfee1 Add sufficient braces to keep egcs happy about potentially ambiguous
if/else nesting.
1999-05-06 18:13:11 +00:00
luigi
2085d1a050 Free the dummynet descriptor in ip_dummynet, not in the called
routines. The descriptor contains parameters which could be used
within those routines (eg. ip_output() ).

On passing, add IPPROTO_PGM entry to netinet/in.h
1999-05-04 16:20:33 +00:00
luoqi
ef1528cdb7 Postpone route_init() until all domains are attached. 1999-04-29 03:22:19 +00:00
phk
ca21a25f17 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
msmith
ae853b3a11 Allow loadable interface drivers with BPF support to be loaded into a kernel
that doesn't have it.  This is achieved by having minimal do-nothing stubs
enabled when there are no bpfilter devices configured.

Driver modules should be built with BPF enabled for maximum
convenience (but can be built without it for maximum performance).
1999-04-28 01:18:13 +00:00
phk
16e3fbd2c1 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
peter
c73393db8c Temporary hack. The radix code shouldn't need this, it should be
able to expand the zeros, ones etc masks on the fly.  It seems a good
number of domains don't set the rn_maxkey variable anyway, and because
this is a domain itself, there is no guarantee we've been called after
a protocol that actually has set it (ie: inet), so start with a maxkey
of a relatively sane size as a base point until it can adapt on the fly.
1999-04-26 09:05:31 +00:00
peter
e29be9ada8 Protect the ifinit() function's internals with splimp() for safety since
it used to be that way. I'm not sure that it's needed, but it does
walk the ifp list..

Incidently, there's nothing to sanity check the ifq_maxlen on loaded
interfaces..
1999-04-26 09:02:40 +00:00
peter
0f064f4579 Minor seatbelt tweak. The init code used to be splimp() protected,
maintain that in case.
1999-04-26 09:00:47 +00:00
peter
74790d1b53 Make NETISR_SET use a SYSINIT() rather than a linker set. 1999-04-26 08:52:16 +00:00
peter
2e6c779420 Fix my breakage of BRIDGE compiling option without IPFIREWALL..
(Note that if you have bridge compiled in and then kldload ipfw, bridge
 won't automatically use it - knowledge of ipfw/dummynet is compiled in)
1999-04-21 18:23:00 +00:00
peter
f9bc841320 Tidy up some stray / unused stuff in the IPFW package and friends.
- unifdef -DCOMPAT_IPFW  (this was on by default already)
- remove traces of in-kernel ip_nat package, it was never committed.
- Make IPFW and DUMMYNET initialize themselves rather than depend on
  compiled-in hooks in ip_init().  This means they initialize the same
  way both in-kernel and as kld modules.  (IPFW initializes now :-)
1999-04-20 13:32:06 +00:00
peter
087d4857e5 Bring the 'new-bus' to the i386. This extensively changes the way the
i386 platform boots, it is no longer ISA-centric, and is fully dynamic.
Most old drivers compile and run without modification via 'compatability
shims' to enable a smoother transition.  eisa, isapnp and pccard* are
not yet using the new resource manager.  Once fully converted, all drivers
will be loadable, including PCI and ISA.

(Some other changes appear to have snuck in, including a port of Soren's
 ATA driver to the Alpha.  Soren, back this out if you need to.)

This is a checkpoint of work-in-progress, but is quite functional.

The bulk of the work was done over the last few years by Doug Rabson and
Garrett Wollman.

Approved by:	core
1999-04-16 21:22:55 +00:00
eivind
72a054a986 Break long lines that I introduced in a previous commit. 1999-04-11 02:52:31 +00:00
wpaul
3832a25f93 Add missing SYSCTL_DECL(_net_link); required by newer sysctl implementation.
Noticed by: Matthew Dodd <winter@jurai.net>
1999-04-07 23:26:43 +00:00
jdp
de18b529c8 Add a missing declaration that broke the compilation of this file. 1999-04-03 22:36:56 +00:00
nsayer
e8d255dd82 Merge from RELENG_2_2, per luigi. Fixes the ntoh?() issue for the
firewall code when called from the bridge code.

PR:		10818
Submitted by:	nsayer
Obtained from:	luigi
1999-03-30 23:45:14 +00:00
phk
c5a96ac8db rganize the various modes (CISCO/AUTO/DEMAND/LEASED) a little bit better,
centralize the code.

Remember to call TLF/TLS on the hardware in CISCO mode.
1999-03-30 13:28:26 +00:00
des
c42abfb1fe Implement TUNSIFMODE and TUNSLMODE.
Submitted by:	Alfred Perlstein <bright@cygnus.rush.net>
1999-03-24 21:20:12 +00:00
wpaul
a1b49dc152 Grrr... botched remote commit. Let's try this again: vlan updates,
take two.
1999-03-15 01:22:01 +00:00
wpaul
4d1fbb5a8a Updates for vlan stuff:
- add support for devices that do vlan tag insertion/deletion in firmware
- add multicast support
- add vlan_unconfig() to complement vlan_config()
- update ifconfig(8) to configure vlan interfaces (vlan tag and
  parent device)

Also fix a small bug in ifconfig; sometimes sa_family is overwritten
by ioctls.

Reviewed by: wollman
1999-03-15 01:17:26 +00:00
julian
6eb9a9adf9 Submitted by: Larry Lile
Move the Olicom token ring driver to the officially sanctionned location of
/sys/contrib. Also fix some brokenness in the generic token ring support.

Be warned that if_dl.h has been changed and SOME programs might
like recompilation.
1999-03-10 10:11:43 +00:00
wpaul
8071fca048 Also add 1000baseSX, 1000baseLX, 1000baseCX and 1000baseTX media types. At
this point I don't know if there are any actual gigabit ethernet devices
that support media other than 1000baseSX (multi-mode fiber) but who knows.
1999-03-07 04:39:25 +00:00
wpaul
d0af2b19f2 Add 1000baseFX, 10baseSTP and 10baseFL media types. The 1000baseFX
type may become necessary soon. :)

Also add a couple of additional macros that NetBSD has which we don't.
Nothing in FreeBSD uses these (yet) so adding them in shouldn't hurt
anything.
1999-03-06 17:17:57 +00:00
kato
3793091474 The fe driver supports bridging, so added it to lists. 1999-02-25 10:48:31 +00:00
phk
86fc22785e Misplaces brace puts important code into debug section.
Reviewed by:	phk
Submitted by:	Stefan Bethke <stefan.bethke@hanse.de>
1999-02-23 15:08:44 +00:00
dt
44b6b4855a Set ifq_maxlen. 1999-02-20 21:03:53 +00:00
julian
16c8d9e8d0 World, I'd like you to meet the first FreeBSD token Ring driver.
This  is for various Olicom cards. An IBM driver is following.
This patch also adds support to tcpdump to decode packets on tokenring.
Congratulations to the proud father.. (below)

Submitted by:	Larry Lile <lile@stdio.com>
1999-02-20 11:18:00 +00:00
phk
34a83c5869 Remove all the #ifdef notyet stuff, it is probably never going to happen
in the first place.

Use 3sec timeout as recommended.

Reorder some debug messages.

Label som of the 0x%x in debug messages

Make sppp_print_bytes() use %*D and handle zero length.

If we don't have MAGIC numbers, don't yell loopback if 0 == 0
1999-02-19 13:45:09 +00:00
phk
79b9e4e725 Since ifru_flags is a short, we can fit in a copy of the flags
before they got changed.  This can help eliminate much of the
gymnastics drivers do in their ioctl routines to figure this out.

Remove commented out IFF_NOTRAILERS
1999-02-19 13:41:35 +00:00
dfr
22ceb237f0 * Change sysctl from using linker_set to construct its tree using SLISTs.
This makes it possible to change the sysctl tree at runtime.

* Change KLD to find and register any sysctl nodes contained in the loaded
  file and to unregister them when the file is unloaded.

Reviewed by: Archie Cobbs <archie@whistle.com>,
	Peter Wemm <peter@netplex.com.au> (well they looked at it anyway)
1999-02-16 10:49:55 +00:00
dillon
ff5479f510 Get rid of IFF_BROADCAST from default IFF_ slip options. This accidently
snuck in during the big -Wall commit and wasn't supposed to be in there.
1999-02-02 00:28:29 +00:00
phk
fe7fd0a505 Print a message if the driver didn't initialize ifq_maxlen.
Drivers should be updated if they get flagged by this message.

(The reason this is important is because we do not have a way
to catch this mistake for interfaces added after ifinit() runs.)
1999-02-01 20:03:27 +00:00
julian
489a3c24ad Slight cleanups. There were 2 ways of getting the arpcom from the ifp.
Both equally bogus. Make it a macro so that we can pretend it's not
bogus and maybe make it less so some time in the future.
1999-01-31 08:17:16 +00:00
dillon
dbf5cd2b57 Fix warnings in preparation for adding -Wall -Wcast-qual to the
kernel compile
1999-01-27 22:42:27 +00:00
dillon
df24433bbe This is a rather large commit that encompasses the new swapper,
changes to the VM system to support the new swapper, VM bug
    fixes, several VM optimizations, and some additional revamping of the
    VM code.  The specific bug fixes will be documented with additional
    forced commits.  This commit is somewhat rough in regards to code
    cleanup issues.

Reviewed by:	"John S. Dyson" <root@dyson.iquest.net>, "David Greenman" <dg@root.com>
1999-01-21 08:29:12 +00:00
peter
a33b0a11f4 Undo #undef KERNEL hack for vnode.h to avoid vnode_if.h.
XXX It probably makes sense to have a flag for bsd.kern.mk to avoid these
    rules.
XXX IO_NDELAY seems to be the main reason for it, when used in a cdevsw
    read or write "flag" context.  Perhaps a redundant declaration
    somewhere like sys/conf.h might help remove the need for vnode.h in
    these device drivers in the first place.
1999-01-17 20:53:48 +00:00
eivind
05f01766df Remove unused variable & clean up a couple of style issues. 1999-01-12 12:07:00 +00:00
luigi
3711d7ec1d Remove one unused variable. 1998-12-31 07:52:49 +00:00
phk
d47a7a8e1a Update sppp support to i4b level. This includes the new spppcontrol
program to set PPP options like authentication with.
1998-12-27 21:30:44 +00:00
phk
824f31bd96 More isdn4bsd convergence: cleanup log messages. 1998-12-26 13:14:45 +00:00
phk
7b748a7ecc Converge further on the isdn4bsd version of this file. 1998-12-26 12:43:26 +00:00
phk
f6d05aad4c clean up more timeout/untimeout portability stuff.
make sure flags and stuff are set sensibly.
1998-12-26 12:14:31 +00:00
phk
543701a9e5 Add two fields for the lower layers convenience. 1998-12-20 19:06:22 +00:00
phk
4674dad527 Straigthen out the use of the tls and tlf callbacks.
Not tested on the if_sr, if_cx and if_ar drivers, but
expected to work just the same as it used to.

Any users of these drivers (or even better: donors
of hardware for them) please contact phk@freebsd.org
so we can test the next batch of changes to if_sppp.
1998-12-16 18:42:38 +00:00
phk
38464a3bbc Generalize the if_up() and if_down() functions under the names
if_route() and if_unroute().

This is first step towards sanitizing IFF_UP and IFF_RUNNING
1998-12-16 18:30:43 +00:00
luigi
78f32fa7e0 Bridging support. Wait for LINT to be updated before trying it. 1998-12-14 17:58:05 +00:00