Commit Graph

80 Commits

Author SHA1 Message Date
rwatson
7408d5f6aa Introduce support for Mandatory Access Control and extensible
kernel access control.

Add MAC support for if_ppp.  Label packets as they are removed from
the raw PPP mbuf queue.  Preserve the mbuf MAC label across various
PPP data-munging and reconstitution operations.  Perform access
control checks on mbufs to be transmitted via the interface.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 21:13:47 +00:00
jhb
db9aa81e23 Change callers of mtx_init() to pass in an appropriate lock type name. In
most cases NULL is passed, but in some cases such as network driver locks
(which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.

Tested on:	i386, alpha, sparc64
2002-04-04 21:03:38 +00:00
luigi
f7c71ab2f2 Replace (deprecated ?) FREE() macro with direct calls to free() 2002-04-04 06:03:17 +00:00
jhb
dc2e474f79 Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@
2002-04-01 21:31:13 +00:00
alfred
c9985516e4 Remove __P. 2002-03-19 21:54:18 +00:00
maxim
3b8079c727 Remove duplicated and wrong sc->sc_last_recv setting. It unbreaks
active-filter in pppd(8).

PR:			kern/12281
Submitted by:		Tim Moore <moore@bricoworks.com>
Not objected by:	peter
Reviewed by:		ru
Approved by:		ru
MFC after:		1 week
2002-03-05 10:12:04 +00:00
dillon
b3ddc72561 Get rid of the twisted MFREE() macro entirely.
Reviewed by:	dg, bmilekic
MFC after:	3 days
2002-02-05 02:00:56 +00:00
msmith
e814937e0b Staticise private interface lists. 2002-01-08 10:30:09 +00:00
julian
5596676e6c KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
kris
bd6f9cb9b6 Fix some signed/unsigned integer confusion, and add bounds checking of
arguments to some functions.

Obtained from:	NetBSD
Reviewed by:	peter
MFC after:	2 weeks
2001-09-10 11:28:07 +00:00
peter
65ffeedc02 Quieten gcc. 2001-01-31 08:27:09 +00:00
peter
6be84866ea Exterminate the use of PSEUDO_SET() with extreme prejudice. 2001-01-31 07:58:58 +00:00
jlemon
954e1d2ccd Lock down the network interface queues. The queue mutex must be obtained
before adding/removing packets from the queue.  Also, the if_obytes and
if_omcasts fields should only be manipulated under protection of the mutex.

IF_ENQUEUE, IF_PREPEND, and IF_DEQUEUE perform all necessary locking on
the queue.  An IF_LOCK macro is provided, as well as the old (mutex-less)
versions of the macros in the form _IF_ENQUEUE, _IF_QFULL, for code which
needs them, but their use is discouraged.

Two new macros are introduced: IF_DRAIN() to drain a queue, and IF_HANDOFF,
which takes care of locking/enqueue, and also statistics updating/start
if necessary.
2000-11-25 07:35:38 +00:00
peter
d15f4a9e26 Remove some #if NFOO > 0 that are always true because of config rules. 2000-01-29 16:56:24 +00:00
peter
08f3dd5401 Minor tidy up of PPP_FILTER and NBPF stuff. Don't generate bpf.h in the
module and don't #include "bpf.h".
1999-09-26 18:44:29 +00:00
phk
d612df1de6 Remove NBPF conditionality of bpf calls in most of our network drivers.
This means that we will not have to have a bpf and a non-bpf version
of our driver modules.

This does not open any security hole, because the bpf core isn't loadable

The drivers left unchanged are the "cross platform" drivers where the respective
maintainers are urged to DTRT, whatever that may be.

Add a couple of missing FreeBSD tags.
1999-09-25 12:06:01 +00:00
peter
3b842d34e8 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
brian
292c37a981 Back out redundant checks
Pointed out by: bde
1999-08-06 16:46:29 +00:00
brian
29c67703e3 Define IF_MAXMTU and IF_MINMTU and don't allow MTUs with
out-of-range values.

``comparison is always 0'' warnings are silly !

Ok'd by:	wollman, dg
Advised by:	bde
1999-08-06 13:53:03 +00:00
des
3c4a5a075d Rename bpfilter to bpf. 1999-07-06 19:23:32 +00:00
phk
16e3fbd2c1 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
peter
30f088ad7b Merge ppp changes from 2.3.3 -> 2.3.5. I have spotted some more
problems, which I'll have a go at shortly.
1998-06-20 16:28:04 +00:00
dfr
1d5f38ac22 This commit fixes various 64bit portability problems required for
FreeBSD/alpha.  The most significant item is to change the command
argument to ioctl functions from int to u_long.  This change brings us
inline with various other BSD versions.  Driver writers may like to
use (__FreeBSD_version == 300003) to detect this change.

The prototype FreeBSD/alpha machdep will follow in a couple of days
time.
1998-06-07 17:13:14 +00:00
dg
5f8a4130d8 Added fast IP forwarding code by Matt Thomas <matt@3am-software.com> via
NetBSD, ported to FreeBSD by Pierre Beyssac <pb@fasterix.freenix.org> and
minorly tweaked by me.
This is a standard part of FreeBSD, but must be enabled with:
"sysctl -w net.inet.ip.fastforwarding=1" ...and of course forwarding must
also be enabled. This should probably be modified to use the zone
allocator for speed and space efficiency. The current algorithm also
appears to lose if the number of active paths exceeds IPFLOW_MAX (256),
in which case it wastes lots of time trying to figure out which cache
entry to drop.
1998-05-19 14:04:36 +00:00
phk
45ced96af0 Use getmicrotime() for if_lastchange, 10msec is plenty precision. 1998-04-06 11:43:12 +00:00
phk
9b703b1455 Eradicate the variable "time" from the kernel, using various measures.
"time" wasn't a atomic variable, so splfoo() protection were needed
around any access to it, unless you just wanted the seconds part.

Most uses of time.tv_sec now uses the new variable time_second instead.

gettime() changed to getmicrotime(0.

Remove a couple of unneeded splfoo() protections, the new getmicrotime()
is atomic, (until Bruce sets a breakpoint in it).

A couple of places needed random data, so use read_random() instead
of mucking about with time which isn't random.

Add a new nfs_curusec() function.

Mark a couple of bogosities involving the now disappeard time variable.

Update ffs_update() to avoid the weird "== &time" checks, by fixing the
one remaining call that passwd &time as args.

Change profiling in ncr.c to use ticks instead of time.  Resolution is
the same.

Add new function "tvtohz()" to avoid the bogus "splfoo(), add time, call
hzto() which subtracts time" sequences.

Reviewed by:	bde
1998-03-30 09:56:58 +00:00
peter
4712969737 ppp-2.3.x ships with a bad compression number for deflate. It uses number
24 (which is magnalink!) rather than the correct 26.

Initial attempt at a compatability kludge that will negotiate for either
but will prefer to use the correct deflate compression type.
1998-03-22 06:51:57 +00:00
eivind
bcae2312af Make INET a proper option.
This will not make any of object files that LINT create change; there
might be differences with INET disabled, but hardly anything compiled
before without INET anyway.  Now the 'obvious' things will give a
proper error if compiled without inet - ipx_ip, ipfw, tcp_debug.  The
only thing that _should_ work (but can't be made to compile reasonably
easily) is sppp :-(

This commit move struct arpcom from <netinet/if_ether.h> to
<net/if_arp.h>.
1998-01-08 23:42:31 +00:00
eivind
3452c23db8 Throw options IPX, IPXIP and IPTUNNEL into opt_ipx.h.
The #ifdef IPXIP in netipx/ipx_if.h is OK (used from ipx_usrreq.c and
ifconfig.c only).

I also fixed a typo IPXTUNNEL -> IPTUNNEL (and #ifdef'ed out the code
inside, as it never could have compiled - doh.)
1997-12-15 20:31:25 +00:00
bde
e868842f11 Use ENOIOCTL instead of -1 (= ERESTART) for tty ioctls that are
not handled at a particular level.  This fixes mainly restarting
of interrupted TIOCDRAINs and TIOCSETA{W,F}s.
1997-12-06 13:25:01 +00:00
bde
1c02ba3261 Cleaned up PPP_FILTER/NBPFILTER ifdefs.
Use gettime() instead of microtime() to set if_lastchange for i/o's.
microtime() is probably too expensive.  However, setting if_lastchange
for i/o's may be wrong.
1997-11-18 13:52:41 +00:00
peter
188c833307 Convert PPP_FILTER to an option, like PPP_BSDCOMP and PPP_DEFLATE.
It requires bpf, I'll note this in LINT.
1997-10-18 01:20:28 +00:00
peter
1cd3ef3a0e Better fix for the bpf dependency that doesn't have such a large impact
on the code and pppd in userland.  PPP_FILTER is meant to be an option (or
negatable option).
1997-10-18 00:56:23 +00:00
peter
78e8c3f4e1 Back out the `PPP_FILTER => NBPFILTER' changes 1997-10-18 00:46:10 +00:00
brian
da95061e5c PPP_FILTER => NBPFILTER 1997-10-17 00:12:38 +00:00
peter
7beb53731f Try out PPP_FILTER 1997-10-10 11:57:43 +00:00
peter
06ac8bc3a1 Some fixes from Bruce:
- don't access time (a volatile) via struct copy.
  - merge botches
  - note risk of CCOUNT accessing *tp outside spltty().

Submitted by:  bde
1997-08-22 11:34:08 +00:00
peter
3825bb86c6 Use two NetBSD-style options (PPP_DEFLATE and PPP_BSDCOMP) to control
whether or not to compile the two ppp compression methods.
1997-08-19 17:05:26 +00:00
peter
3970ef2701 Update kernel parts of pppd from 2.2.0 to 2.3.0. I've yet to look at the
2.3.0 -> 2.3.1 changes, but I seem to recall that there are certain
"issues" with 2.3.1 (I'm not sure if it's just pppd or the whole lot, I
am not quite that far).  The present pppd seems to work with it just fine
for the time being.

Among the changes are that zlib (aka LZ77 aka deflate aka gzip) compression
is implemented as well as the original compress(1) LZW style.
1997-08-19 14:10:50 +00:00
peter
e194f5cbd7 Bruce mentioned to me that Paul Traina had noticed that the ppp_tty
interrupt mask hackery wasn't happening when being modloaded via the
if_ppp lkm.  It seems that the lkm system doesn't particularly like having
two sets of load/unload/etc routines. :-]  This really should be fixed
by having a seperate if_ppp and ppp_tty lkm, but that requires that ppp_tty
is loaded after if_ppp, and needs to be able to link with symbols in
if_ppp.  This gets messy, it is a better task for the in-kernel linker.
(if_ppp is generic, ppp_tty is a tty-specific bottom end for if_ppp, it's
 not _too_ hard to have another "provider" (such as a hdlc sync card)
 connected to if_ppp)
1997-05-31 10:13:46 +00:00
bde
a0d9474a34 Don't include <sys/ioctl.h> in the kernel. Stage 4: include
<sys/ttycom.h> and sometimes <sys/filio.h> instead of <sys/ioctl.h>
in miscellaneous files.  Most of these files have nothing to do
with ttys but need to include <sys/ttycom.h> to get the definitions
of TIOC[SG]PGRP which are (ab)used to convert F[SG]ETOWN fcntls into
ioctls.
1997-03-24 11:52:29 +00:00
peter
94b6d72794 Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not
ready for it yet.
1997-02-22 09:48:43 +00:00
wollman
4cd908d387 Don't try to do anything with the `ifr' parameter for SIOCADDMULTI
and SIOCDELMULTI; it is guaranteed to be null in the new system.
1997-01-17 19:38:16 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
peter
3fbdf15981 Don't dereference sc->sc_setmtu if it's NULL (such as when it's not running)
as discussed on current. (bde pointed out the cause of the problem)

Reported by: dev@fgate.flevel.co.uk
1996-07-21 17:14:06 +00:00
gpalmer
bd9a6a7bd8 Since the updates to ifnet.if_lastchange are so rare (relatively
speaking), go for the extra accuracy and call microtime() to get
the current time.

Pointed Out By:		bde
1996-06-12 19:24:03 +00:00
gpalmer
3d25650dd7 Change the use if ifnet.if_lastchange to be more in line with
SNMP requirements. Update description of ifnet.if_lastchange in if.h
to indicate this.
1996-06-10 23:07:36 +00:00
bde
6eb67292b0 Eliminated sloppy common-style declarations. Now there are no duplicated
common labels for LINT.  There are still some common declarations for the
!KERNEL case in tcp_debug.h and spx_debug.h.  trpt depends on the ones in
tcp_debug.h.
1996-04-13 12:45:57 +00:00
bde
d75a1370e4 Removed never-used #includes of <machine/cpu.h>. Many were apparently
copied from bad examples.
1996-04-07 17:39:28 +00:00
wollman
25ee6cca2a Clean up Ethernet drivers:
- fill in and use ifp->if_softc
	- use if_bpf rather than private cookie variables
	- change bpf interface to take advantage of this
	- call ether_ifattach() directly from Ethernet drivers
	- delete kludge in if_attach() that did this indirectly
1996-02-06 18:51:28 +00:00