Commit Graph

55189 Commits

Author SHA1 Message Date
Andre Oppermann
936cd18dad Add socketoption IP_MINTTL. May be used to set the minimum acceptable
TTL a packet must have when received on a socket.  All packets with a
lower TTL are silently dropped.  Works on already connected/connecting
and listening sockets for RAW/UDP/TCP.

This option is only really useful when set to 255 preventing packets
from outside the directly connected networks reaching local listeners
on sockets.

Allows userland implementation of 'The Generalized TTL Security Mechanism
(GTSM)' according to RFC3682.  Examples of such use include the Cisco IOS
BGP implementation command "neighbor ttl-security".

MFC after:	2 weeks
Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-08-22 16:13:08 +00:00
Andre Oppermann
6b773dff30 Always quote the entire TCP header when responding and allocate an mbuf
cluster if needed.

Fixes the TCP issues raised in I-D draft-gont-icmp-payload-00.txt.

This aids in-the-wild debugging a lot and allows the receiver to do
more elaborate checks on the validity of the response.

MFC after:	2 weeks
Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-08-22 14:12:18 +00:00
Andre Oppermann
d56ea155bd Handle pure layer 2 broad- and multicasts properly and simplify related
checks.

PR:		kern/85052
Submitted by:	Dmitrij Tejblum <tejblum at yandex-team.ru>
MFC after:	3 days
2005-08-22 12:06:26 +00:00
Søren Schmidt
971846e49c Fix problem on Promise "mio" controllers and 48bit mode caused by last commit 2005-08-22 11:38:53 +00:00
Alan Cox
2c15852e1e Change pmap_extract() and pmap_extract_and_hold() to use PG_FRAME rather
than ~PDRMASK to extract the physical address of a superpage from a PDE.
The use of ~PDRMASK is problematic if the PDE has PG_NX set.  Specifically,
the PG_NX bit will be included in the physical address if ~PDRMASK is used.

Reviewed by:	peter
2005-08-22 07:23:51 +00:00
Hajimu UMEMOTO
b1a6f1d8a2 SADB_UPDATE did not return an error when key length is invalid.
Obtained from:	KAME
2005-08-22 07:05:14 +00:00
Joseph Koshy
d4d6be499f Turn off sampling modes on the AMD64 till the time I can track down
the reason for the double fault seen when sampling under load.

MFC after:	3 days
2005-08-22 02:59:51 +00:00
Warner Losh
fa949fc86d if_ral_pccard does not depend on pccard module directly, but rather
depends, like all other pccard drivers, indirectly through kobj on
pccard.  Therefore, it is not appropriate to force pccard to be loaded
when if_ral.ko is loaded.  This makes it possible to load if_ral w/o
loading pccard.ko on, eg, pci only systems.
2005-08-22 00:20:28 +00:00
Suleiman Souhlal
93373c422f Set the mountpoint path in the superblock (fs_fsmnt) at mount-time
so that it appears in the various messages (not cleanly unmounted,
filesystem full, etc). This has been broken since rev 1.261.
2005-08-21 22:06:41 +00:00
Gleb Smirnoff
03b25f5ddc In ng_callout() assert that supplied arguments are non-NULL. 2005-08-21 19:48:51 +00:00
Pawel Jakub Dawidek
1ec75877dc Stop callout before freeing memory, so it won't panic from softclock.
Reported by:	Jonatan B <onatan@gmail.com>
MFC after:	3 days
2005-08-21 19:16:27 +00:00
Pawel Jakub Dawidek
e5cd9375e4 Before freeing memory, assert that there is no pending callout.
MFC after:	3 days
2005-08-21 19:15:14 +00:00
Tor Egge
15da51f73c Don't set the COMPLETE flag in an inodedep structure before the related
inode has been written.
2005-08-21 18:19:06 +00:00
Pawel Jakub Dawidek
dd549194ae By default, when doing crypto work in software, start as many threads
as we have active CPUs and bind each thread to its own CPU.

MFC after:	3 days
2005-08-21 18:12:51 +00:00
Pawel Jakub Dawidek
b8db9f58da Remove stale comment (we now always start worker thread).
MFC after:	3 days
2005-08-21 18:06:35 +00:00
Pawel Jakub Dawidek
4e4aa37e75 mp_ncpus is always (properly) initialized, even on UP kernels, so just use it. 2005-08-21 18:03:31 +00:00
Andre Oppermann
bb10780f9f Commit correct version of the change and note the name of the new
sysctl: net.inet.icmp.quotelen and defaults to 8 bytes.

Pointy hat to:	andre
2005-08-21 15:18:00 +00:00
Andre Oppermann
e875dfb826 Add a sysctl to change to length of the quotation of the original
packet in an ICMP reply.  The minimum of 8 bytes is internally
enforced.  The maximum quotation is the remaining space in the
reply mbuf.

This option is added in response to the issues raised in I-D
draft-gont-icmp-payload-00.txt.

MFC after:	2 weeks
Spnsored by:	TCP/IP Optimizations Fundraise 2005
2005-08-21 15:09:07 +00:00
Damien Bergamini
30feefb1d2 Fix basic rates set for 802.11a/g operating modes. This can significantly
improve transfer rates in 802.11a/g.  Fix IFS settings in ral(4) too.

MFC after:	6 days
2005-08-21 14:16:20 +00:00
Andre Oppermann
a0866c8d4e Add an option to have ICMP replies to non-local packets generated with
the IP address the packet came through in.  This is useful for routers
to show in traceroutes the actual path a packet has taken instead of
the possibly different return path.

The new sysctl is named net.inet.icmp.reply_from_interface and defaults
to off.

MFC after:	2 weeks
2005-08-21 12:29:39 +00:00
Damien Bergamini
fb533d55c6 Enhanced WME (802.11e) support. 2005-08-21 09:52:18 +00:00
Alan Cox
8b78b3dc58 Introduce pmap_pml4e_to_pdpe() and pmap_pdpe_to_pde() and use them to avoid
recomputation of the pml4e and pdpe in pmap_copy(), pmap_protect(), and
pmap_remove().
2005-08-20 18:37:34 +00:00
Robert Watson
6cd8dee3c5 Silence "busy" warnings when unmounting devfs at system shutdown. This
is a workaround for non-symetric teardown of the file systems at
shutdown with respect to the mount order at boot.  The proper long term
fix is to properly detach devfs from the root mount before unmounting
each, and should be implemented, but since the problem is non-harmful,
this temporary band-aid will prevent false positive bug reports and
unnecessary error output for 6.0-RELEASE.

MFC after:	3 days
Tested by:	pav, pjd
2005-08-20 17:12:47 +00:00
Pawel Jakub Dawidek
b866c830d9 Back-out the change from revision 1.14 and allow for '/' in labels again.
Convinced by:	green, Gavin Atkinson, dougb, gordon
MFC after:	1 day
2005-08-20 17:05:47 +00:00
Damien Bergamini
ec01dc2bbc Add some necessary bits for upcoming 802.11e support:
o management of multiple tx rings (up to 4)
o setting of WME IE in association requests

Some features are still missing though, like the possibility to override
the default cwmin/cwmax/asfn values of each tx queues.
2005-08-20 16:49:03 +00:00
Stefan Farfeleder
a1f85d7f83 Move MINSIGSTKSZ from <machine/signal.h> to <machine/_limits.h> and rename
it to __MINSIGSTKSZ.  Define MINSIGSTKSZ in <sys/signal.h>.

This is done in order to use MINSIGSTKSZ for the macro PTHREAD_STACK_MIN
in <pthread.h> (soon <limits.h>) without having to include the whole
<sys/signal.h> header.

Discussed with:		bde
2005-08-20 16:44:41 +00:00
Damien Bergamini
d599e39db8 Remove IEEE80211_C_WPA from capabilities flags. WPA support is not fully
implemented in ipw.

MFC after:	1 week
2005-08-20 15:03:41 +00:00
Damien Bergamini
4ab4bbc6fe Export adapter's internal statistics sysctl even if IPW_DEBUG is not defined.
MFC after:	1 week
2005-08-20 14:41:16 +00:00
Damien Bergamini
94a7a9a24d Export adapter's internal statistics sysctl even if IWI_DEBUG is not defined.
MFC after:	1 week
2005-08-20 14:34:54 +00:00
Damien Bergamini
e0454c269b Don't automatically start scanning in if_init() if IEEE80211_ROAMING_MANUAL
flag is set.

MFC after:	1 week
2005-08-20 14:28:37 +00:00
Stefan Farfeleder
017261026e Remove a stale occurrence of 'alpha' in a comment. 2005-08-20 13:11:17 +00:00
Poul-Henning Kamp
1d45c50ec3 Properly un-giant-trick the cdevsw in fini_cdevsw()
Tripped over by:	Huang wen hui <huang@gddsn.org.cn>
2005-08-20 12:13:51 +00:00
Pawel Jakub Dawidek
efd9ac0dfc Add a __packed keyword to g_eli_metadata struct definition, so
sizeof(struct g_eli_metadata) will return the exact number of bytes needed
for storing it on the disk.
Without this change GELI was unusable on amd64 (and probably other 64-bit
archs), because sizeof(struct g_eli_metadata) was greater than 512 bytes
and geli(8) was failing on assertion.

Reported by:	Michael Reifenberger <mike@Reifenberger.com>
MFC after:	3 days
2005-08-20 10:43:03 +00:00
David Xu
86ef8e2671 Add missing brackets.
Noticed by: stefanf@
2005-08-19 22:30:13 +00:00
Pawel Jakub Dawidek
7a5c26fcbd Allow to change number of iterations for PKCS#5v2. It can only be used
when there is only one key set.

MFC after:	3 days
2005-08-19 22:19:25 +00:00
Pawel Jakub Dawidek
fcd46203c5 - Add a missing period.
- Fix number of spaces.

MFC after:	3 days
2005-08-19 22:16:26 +00:00
Pawel Jakub Dawidek
a95452ee8d Avoid code duplication and implement bitcount32() function in systm.h only.
Reviewed by:	cperciva
MFC after:	3 days
2005-08-19 22:10:19 +00:00
David Xu
8c6d7a8db8 Fix a LOR between sched_lock and sleep queue lock. 2005-08-19 13:35:34 +00:00
David Xu
f8ec133ed0 Move up code for testing KEF_HOLD to avoid ke_cpu being changed unexpectly
for PRI_ITHD and PRI_REALTIME threads.
2005-08-19 11:51:41 +00:00
Alan Cox
eb3d4a39fd Correct a performance bug in revision 1.462. The effect of the bug is to
execute the outer loop in procedures such as pmap_protect() many more times
than necessary.

Reviewed by:	tegge
2005-08-19 07:25:40 +00:00
Colin Percival
4f9dc74288 Pad the strings sccs[], version[], and osrelease[] up to a minimum of
128 bytes, 256 bytes, and 32 bytes respectively.  This makes it much
easier to identify when two kernels are identical apart from a version
number bump (as often happens on security branches).

Discussed on:	freebsd-arch, in May 2005
2005-08-19 01:49:15 +00:00
Christian S.J. Peron
4ddfb5312a Add missing braces around bpf_filter which were missed when I
merged the bpfstat code.

Pointed out by:	iedowse
Pointy hat to:	csjp
MFC after:	3 days
2005-08-18 22:30:52 +00:00
Andrew Thompson
23e7643185 Mark the callouts as MPSAFE as if_bridge has been giant-free since day 1.
Use the SMP friendly callout_init_mtx() while we are here.

Approved by:	mlaier (mentor)
MFC after:	3 days
2005-08-18 20:17:00 +00:00
John Baldwin
997452064e Various fixups to locking:
- Remove a lot of superfluous locking during attach.  There is no need
  to lock access to the driver until some other thread has a way of getting
  to it.  For ethernet drivers the other ways include registering an
  interrupt handler via bus_setup_intr(), calling ether_ifattach() to hook
  into the network stack, and kicking off a callout-driven timer via
  callout_reset().
- Use callout_* rather than timeout/untimeout.
- Break out of xl_rxeof() if IFF_DRV_RUNNING is clear after ifp->if_input
  returns to handle the case where the interface was stopped while we were
  passing a packet up the stack.  Don't call xl_rxeof() in xl_rxeof_task()
  unless IFF_DRV_RUNNING is set.  With these fixes in place, any
  outstanding task will gracefully terminate as soon as it gets a chance to
  run after the interface has been stopped via xl_stop().  As a result,
  taskqueue_drain() is no longer required in xl_stop().  The task is still
  drained in detach() however to make sure that detach() can safely destroy
  the driver mutex at the end of the function.
- Lock the driver lock in the ifmedia callouts and don't lock across
  ifmedia_ioctl() in xl_ioctl().

Note: glebius came up with most of (3) as well independently.  I took a
rather roundabout way of arriving at the same conclusion.

MFC after:	3 days
2005-08-18 19:24:30 +00:00
John Baldwin
c8b27aca43 Fixup locking and mark MPSAFE:
- Add locked versions of start and init.  The SRM_MEDIA code in dc_init()
  stayed in dc_init() instead of moving to dc_init_locked() to make the
  locking saner.
- Use callout_init_mtx().
- Fixup locking in detach and ioctl.
- Lock the driver in the ifmedia callouts.
- Don't recurse on the driver lock.
- De-spl.

MFC after:	3 days
2005-08-18 19:10:07 +00:00
Brooks Davis
dc7c539e33 When we started calling if_findindex() from if_alloc() with an empty
struct ifnet most of if_findindex() become a complex no-op.  Remove it
and replace it with a corrected version of the four line for loop it
devolved to plus some error handling.  This should probably be replaced
with subr_unit at some point.

Switch from checking ifaddr_byindex to ifnet_byindex when looking for
empty indexes.  Since we're doing this from if_alloc/if_free, we can
only be sure that ifnet_byindex will be correct.  This fixes panics when
loading the ef(4) module.  The panics were caused by the fact that
if_alloc was called four time before if_attach was called and thus
ifaddr_byindex was not set and the same unit was allocated again.  This
in turn caused the first if_attach to fail because the ifp was not the
one in ifnet_byindex(ifp->if_index).

Reported by:	"Wojciech A. Koszek" <dunstan at freebsd dot czest dot pl>
PR:		kern/84987
MFC After:	1 day
2005-08-18 18:36:40 +00:00
John Baldwin
2a3e25a07f Fixup locking for sf(4) and mark MPSAFE:
- Add locked variants of start, init, and ifmedia_upd.
- Use callout_* instead of timeout/untimeout.
- Don't recurse on the driver lock.
- Fixup locking in ioctl.
- Lock the driver lock in the ifmedia handlers rather than across
  ifmedia_ioctl().

Tested by:	brueffer
MFC after:	3 days
2005-08-18 17:09:16 +00:00
Hajimu UMEMOTO
1fea6ce7dd - don't forget to save freqency when priority is raised.
- nuke redundant variable initialization.
2005-08-18 16:41:25 +00:00
Hajimu UMEMOTO
5f36393468 don't forget to update curr_priority. even when frequency is
not changed, priority may be changed.
2005-08-18 16:08:56 +00:00
Yaroslav Tykhiy
252b6fe8b2 Define the target for opt_compat.h only if KERNBUILDDIR
is not defined, so that the module will get the
compatibility options from the current kernel configuration
if built with the latter, not with the world.
[Some other modules seem in need of fixing WRT this, too.]

Add more compatibility options found in GENERIC to the default
opt_compat.h.  While not all of them are used in the procfs code,
we can't tell for sure if the system .h files don't need them either,
so let's stay on the safe side.

Submitted by:	kensmith
Reviewed by:	ru
2005-08-18 14:50:08 +00:00