Commit Graph

94 Commits

Author SHA1 Message Date
Robert Watson
ec272d8708 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke a MAC framework entry point to authorize reception of an
incoming mbuf by the BPF descriptor, permitting MAC policies to
limit the visibility of packets delivered to particular BPF
descriptors.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:11:32 +00:00
Robert Watson
82f4445d4c Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument BPF so that MAC labels are properly maintained on BPF
descriptors.  MAC framework entry points are invoked at BPF
instantiation and allocation, permitting the MAC framework to
derive the BPF descriptor label from the credential authorizing
the device open.  Also enter the MAC framework to label mbufs
created using the BPF device.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:09:38 +00:00
Alfred Perlstein
e649887b1e Make funsetown() take a 'struct sigio **' so that the locking can
be done internally.

Ensure that no one can fsetown() to a dying process/pgrp.  We need
to check the process for P_WEXIT to see if it's exiting.  Process
groups are already safe because there is no such thing as a pgrp
zombie, therefore the proctree lock completely protects the pgrp
from having sigio structures associated with it after it runs
funsetownlst.

Add sigio lock to witness list under proctree and allproc, but over
proc and pgrp.

Seigo Tanimura helped with this.
2002-05-06 19:31:28 +00:00
Alfred Perlstein
f132072368 Redo the sigio locking.
Turn the sigio sx into a mutex.

Sigio lock is really only needed to protect interrupts from dereferencing
the sigio pointer in an object when the sigio itself is being destroyed.

In order to do this in the most unintrusive manner change pgsigio's
sigio * argument into a **, that way we can lock internally to the
function.
2002-05-01 20:44:46 +00:00
John Baldwin
6008862bc2 Change callers of mtx_init() to pass in an appropriate lock type name. In
most cases NULL is passed, but in some cases such as network driver locks
(which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.

Tested on:	i386, alpha, sparc64
2002-04-04 21:03:38 +00:00
Luigi Rizzo
d722be5487 Replace (deprecated ?) FREE() macro with direct calls to free() 2002-04-04 06:03:17 +00:00
Alfred Perlstein
929ddbbb89 Remove __P. 2002-03-19 21:54:18 +00:00
Alfred Perlstein
d16160657d Missed this file for select SMP fixes associated with rev 1.93 of
kern/sys_generic.c
2002-03-14 04:47:08 +00:00
John Polstra
81bda851db Make bpf's read timeout feature work more correctly with
select/poll, and therefore with pthreads.  I doubt there is any way
to make this 100% semantically identical to the way it behaves in
unthreaded programs with blocking reads, but the solution here
should do the right thing for all reasonable usage patterns.

The basic idea is to schedule a callout for the read timeout when a
select/poll is done.  When the callout fires, it ends the select if
it is still in progress, or marks the state as "timed out" if the
select has already ended for some other reason.  Additional logic in
bpfread then does the right thing in the case where the timeout has
fired.

Note, I co-opted the bd_state member of the bpf_d structure.  It has
been present in the structure since the initial import of 4.4-lite,
but as far as I can tell it has never been used.

PR:		kern/22063 and bin/31649
MFC after:	3 days
2001-12-14 22:17:54 +00:00
Andrew R. Reiter
0f6db47fb3 - M_ZERO already sets bif_dlist to zero; there is no need to
do it again.
2001-11-18 03:41:20 +00:00
Ruslan Ermilov
4f252c4dd5 Record the fact that revision 1.39 corresponded to CSRG revision 8.4,
and first hunk of revision 1.76 corresponded to CSRG revision 8.3.
2001-10-17 10:18:42 +00:00
John Baldwin
6a40eccec3 Malloc mutexes pre-zero'd as random garbage (including 0xdeadcode) my
trigget the check to make sure we don't initalize a mutex twice.
2001-10-10 20:43:50 +00:00
John Baldwin
ed01445d8f Use the passed in thread to selrecord() instead of curthread. 2001-09-21 22:46:54 +00:00
Julian Elischer
b40ce4165d KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
Dima Dorfman
98ec4706ee Correct the comment about bpfattach() to match reality.
PR:		29967
Submitted by:	Joseph Mallett <jmallett@xMach.org>
2001-08-23 22:38:08 +00:00
Garance A Drosehn
0832fc6494 Fix bpf devices so select() recognizes that they are always writable.
PR:		9355
Submitted by:	Bruce Evans <bde@zeta.org.au>
Reviewed by:	Garrett Rooney <rooneg@electricjellyfish.net>  (see pr :-)
2001-04-04 23:27:35 +00:00
Poul-Henning Kamp
f83880518b Send the remains (such as I have located) of "block major numbers" to
the bit-bucket.
2001-03-26 12:41:29 +00:00
Robert Watson
5be30b375e o Remove unnecessary jail() check in bpfopen() -- we limit device access
in jail using /dev namespace limits and mknod() limits, not by explicit
  checks in the device open code.
2001-02-21 05:34:34 +00:00
Jonathan Lemon
e7bb21b3df Add mutexes to the entire bpf subsystem to make it MPSAFE.
Previously reviewed by: jhb, bde
2001-02-16 17:10:28 +00:00
Peter Wemm
5bb5f2c942 Supply a stub bpf_validate() (always returning false - the script is not
valid) if BPF is missing.
The netgraph_bpf node forced bpf to be present, reflect that in the
options.
Stop doing a 'count bpf' - we provide stubs.
Since a handful of drivers still refer to "bpf.h", provide a more accurate
indication that the API is present always. (eg: netinet6)
2001-01-29 13:26:14 +00:00
Bosko Milekic
e3b4e866a5 Small fix for bpf compat:
Make malloc() use M_NOWAIT istead of M_DONTWAIT and in the
bpf_compat case, define M_NOWAIT to be M_DONTWAIT.
2000-12-27 22:20:13 +00:00
Bosko Milekic
2a0c503e7a * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT.
This is because calls with M_WAIT (now M_TRYWAIT) may not wait
  forever when nothing is available for allocation, and may end up
  returning NULL. Hopefully we now communicate more of the right thing
  to developers and make it very clear that it's necessary to check whether
  calls with M_(TRY)WAIT also resulted in a failed allocation.
  M_TRYWAIT basically means "try harder, block if necessary, but don't
  necessarily wait forever." The time spent blocking is tunable with
  the kern.ipc.mbuf_wait sysctl.
  M_WAIT is now deprecated but still defined for the next little while.

* Fix a typo in a comment in mbuf.h

* Fix some code that was actually passing the mbuf subsystem's M_WAIT to
  malloc(). Made it pass M_WAITOK instead. If we were ever to redefine the
  value of the M_WAIT flag, this could have became a big problem.
2000-12-21 21:44:31 +00:00
John Polstra
fba3cfdef2 Fix bug: a read() on a bpf device which was in non-blocking mode
and had no data available returned 0.  Now it returns -1 with errno
set to EWOULDBLOCK (== EAGAIN) as it should.  This fix makes the bpf
device usable in threaded programs.

Reviewed by:	bde
2000-12-17 20:50:22 +00:00
David Malone
7cc0979fd6 Convert more malloc+bzero to malloc+M_ZERO.
Submitted by:	josh@zipperup.org
Submitted by:	Robert Drehmel <robd@gmx.net>
2000-12-08 21:51:06 +00:00
Poul-Henning Kamp
959b7375ed Staticize some malloc M_ instances. 2000-12-08 20:09:00 +00:00
John Baldwin
d1d74c2886 Fix an order of operations buglet. ! has higher precedence than &. This
should fix the warnings about bpf not calling make_dev().
2000-11-03 00:51:41 +00:00
Poul-Henning Kamp
6ab7b8286d Don't make_dev() in bpfopen() unless we need to. 2000-10-09 14:19:09 +00:00
Poul-Henning Kamp
b0d17ba69e Rename lminor() to dev2unit(). This function gives a linear unit number
which hides the 'hole' in the minor bits.

Introduce unit2minor() to do the reverse operation.

Fix some some make_dev() calls which didn't use UID_* or GID_* macros.

Kill the v_hashchain alias macro, it hides the real relationship.

Introduce experimental SI_CHEAPCLONE flag set it on cloned bpfs.
2000-09-19 10:28:44 +00:00
Brian Somers
30fa52a6fa Call bpfattach() correctly from if_ppp.c
Submitted by:	Andy Adams <ala@merit.edu>
PR:		18506
2000-09-16 14:17:15 +00:00
Poul-Henning Kamp
db90128160 Avoid the modules madness I inadvertently introduced by making the
cloning infrastructure standard in kern_conf.  Modules are now
the same with or without devfs support.

If you need to detect if devfs is present, in modules or elsewhere,
check the integer variable "devfs_present".

This happily removes an ugly hack from kern/vfs_conf.c.

This forces a rename of the eventhandler and the standard clone
helper function.

Include <sys/eventhandler.h> in <sys/conf.h>: it's a helper #include
like <sys/queue.h>

Remove all #includes of opt_devfs.h they no longer matter.
2000-09-02 19:17:34 +00:00
Poul-Henning Kamp
3f54a085a6 Remove all traces of Julians DEVFS (incl from kern/subr_diskslice.c)
Remove old DEVFS support fields from dev_t.

  Make uid, gid & mode members of dev_t and set them in make_dev().

  Use correct uid, gid & mode in make_dev in disk minilayer.

  Add support for registering alias names for a dev_t using the
  new function make_dev_alias().  These will show up as symlinks
  in DEVFS.

  Use makedev() rather than make_dev() for MFSs magic devices to prevent
  DEVFS from noticing this abuse.

  Add a field for DEVFS inode number in dev_t.

  Add new DEVFS in fs/devfs.

  Add devfs cloning to:
        disk minilayer (ie: ad(4), sd(4), cd(4) etc etc)
        md(4), tun(4), bpf(4), fd(4)

  If DEVFS add -d flag to /sbin/inits args to make it mount devfs.

  Add commented out DEVFS to GENERIC
2000-08-20 21:34:39 +00:00
Poul-Henning Kamp
6e891d64ed Don't panic if ifpromisc() returnes ENXIO, it's probably just an pccard
which have been pulled.
2000-06-01 21:57:13 +00:00
Bill Paul
da626c171a Add a bpfdetach() stub routine to bpf.c. Without this, you'll get an
unresolved symbol error if you try to load a network driver into a kernel
which doesn't have bpf enabled.

Forgotten by: rwatson
Found by: peter
2000-04-27 15:11:41 +00:00
Robert Watson
de5d99354f The advent of if_detach, allowing interface removal at runtime, makes it
possible for a panic to occur if BPF is in use on the interface at the
time of the call to if_detach.  This happens because BPF maintains pointers
to the struct ifnet describing the interface, which is freed by if_detach.

To correct this problem, a new call, bpfdetach, is introduced.  bpfdetach
locates BPF descriptor references to the interface, and NULLs them.  Other
BPF code is modified so that discovery of a NULL interface results in
ENXIO (already implemented for some calls).  Processes blocked on a BPF
call will also be woken up so that they can receive ENXIO.

Interface drivers that invoke bpfattach and if_detach must be modified to
also call bpfattach(ifp) before calling if_detach(ifp).  This is relevant
for buses that support hot removal, such as pccard and usb.  Patches to
all effected devices will not be committed, only to if_wi.c, due to
testing limitations.  To reproduce the crash, load up tcpdump on you
favorite pccard ethernet card, and then eject the card.  As some pccard
drivers do not invoke if_detach(ifp), this bug will not manifest itself
for those drivers.

Reviewed by:	wes
2000-03-19 05:42:34 +00:00
Robert Watson
8ed3828c3b Introduce a new bd_seesent flag to the BPF descriptor, indicating whether or
not the current BPF device should report locally generated packets or not.
This allows sniffing applications to see only packets that are not generated
locally, which can be useful for debugging bridging problems, or other
situations where MAC addresses are not sufficient to identify locally
sourced packets.  Default to true for this flag, so as to provide existing
behavior by default.

Introduce two new ioctls, BIOCGSEESENT and BIOCSSEESENT, which may be used
to manipulate this flag from userland, given appropriate privilege.

Modify bpf.4 to document these two new ioctl arguments.

Reviewed by:	asmodai
2000-03-18 06:30:42 +00:00
Poul-Henning Kamp
eba2a1aeb9 |The hard limit for the BPF buffer size is 32KB, which appears too low
|for high speed networks (even at 100Mbit/s this corresponds to 1/300th
|of a second). The default buffer size is 4KB, but libpcap and ipfilter
|both override this (using the BIOCSBLEN ioctl) and allocate 32KB.
|
|The following patch adds an sysctl for bpf_maxbufsize, similar to the
|one for bpf_bufsize that you added back in December 1995. I choose to
|make the default for this limit 512KB (the value suggested by NFR).

Submitted by:	se
Reviewed by:	phk
2000-01-15 19:46:12 +00:00
Julian Elischer
1f8ffa4bca Make the stub routines have the same prototypes as the real bpf
routines.
1999-12-03 09:59:02 +00:00
Archie Cobbs
1dd0feaaab Fix bug in BIOCGETIF ioctl() where it would return a bogus interface
name if the interface unit number was greater than 9.
1999-11-03 21:32:28 +00:00
Mike Smith
114ae644b5 Implement pseudo_AF_HDRCMPLT, which controls the state of the 'header
completion' flag.  If set, the interface output routine will assume that
the packet already has a valid link-level source address.  This defaults
to off (the address is overwritten)

PR:		kern/10680
Submitted by:	"Christopher N . Harrell" <cnh@mindspring.net>
Obtained from:	NetBSD
1999-10-15 05:07:00 +00:00
Poul-Henning Kamp
d6a0e38a1b Remove five now unused fields from struct cdevsw. They should never
have been there in the first place.  A GENERIC kernel shrinks almost 1k.

Add a slightly different safetybelt under nostop for tty drivers.

Add some missing FreeBSD tags
1999-09-25 18:24:47 +00:00
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Poul-Henning Kamp
bd3a53203f Give BPF the "almost-clone" update. If you need more of them, make
more entries in /dev and be happy you don't need to recompile your
kernel.
1999-08-15 09:38:21 +00:00
Dag-Erling Smørgrav
6b5ca0d83e Rename bpfilter to bpf. 1999-07-06 19:23:32 +00:00
Poul-Henning Kamp
2447bec829 Simplify cdevsw registration.
The cdevsw_add() function now finds the major number(s) in the
struct cdevsw passed to it.  cdevsw_add_generic() is no longer
needed, cdevsw_add() does the same thing.

cdevsw_add() will print an message if the d_maj field looks bogus.

Remove nblkdev and nchrdev variables.  Most places they were used
bogusly.  Instead check a dev_t for validity by seeing if devsw()
or bdevsw() returns NULL.

Move bdevsw() and devsw() functions to kern/kern_conf.c

Bump __FreeBSD_version to 400006

This commit removes:
        72 bogus makedev() calls
        26 bogus SYSINIT functions

if_xe.c bogusly accessed cdevsw[], author/maintainer please fix.

I4b and vinum not changed.  Patches emailed to authors.  LINT
probably broken until they catch up.
1999-05-31 11:29:30 +00:00
Poul-Henning Kamp
4e2f199e0c This commit should be a extensive NO-OP:
Reformat and initialize correctly all "struct cdevsw".

        Initialize the d_maj and d_bmaj fields.

        The d_reset field was not removed, although it is never used.

I used a program to do most of this, so all the files now use the
same consistent format.  Please keep it that way.

Vinum and i4b not modified, patches emailed to respective authors.
1999-05-30 16:53:49 +00:00
Poul-Henning Kamp
75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
Mike Smith
f8dc47162a Allow loadable interface drivers with BPF support to be loaded into a kernel
that doesn't have it.  This is achieved by having minimal do-nothing stubs
enabled when there are no bpfilter devices configured.

Driver modules should be built with BPF enabled for maximum
convenience (but can be built without it for maximum performance).
1999-04-28 01:18:13 +00:00
Matthew Dillon
831a80b0d5 Fix warnings in preparation for adding -Wall -Wcast-qual to the
kernel compile
1999-01-27 22:42:27 +00:00
Archie Cobbs
f1d19042b0 The "easy" fixes for compiling the kernel -Wunused: remove unreferenced static
and local variables, goto labels, and functions declared but not defined.
1998-12-07 21:58:50 +00:00
Don Lewis
831d27a9f5 Installed the second patch attached to kern/7899 with some changes suggested
by bde, a few other tweaks to get the patch to apply cleanly again and
some improvements to the comments.

This change closes some fairly minor security holes associated with
F_SETOWN, fixes a few bugs, and removes some limitations that F_SETOWN
had on tty devices.  For more details, see the description on the PR.

Because this patch increases the size of the proc and pgrp structures,
it is necessary to re-install the includes and recompile libkvm,
the vinum lkm, fstat, gcore, gdb, ipfilter, ps, top, and w.

PR:		kern/7899
Reviewed by:	bde, elvind
1998-11-11 10:04:13 +00:00