Commit Graph

52 Commits

Author SHA1 Message Date
Poul-Henning Kamp
cb40a67f2b Fix some disordering I introduced with the jail code. 1999-05-08 07:00:04 +00:00
Poul-Henning Kamp
75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
Poul-Henning Kamp
4add131ea8 Since ifru_flags is a short, we can fit in a copy of the flags
before they got changed.  This can help eliminate much of the
gymnastics drivers do in their ioctl routines to figure this out.

Remove commented out IFF_NOTRAILERS
1999-02-19 13:41:35 +00:00
Peter Wemm
09410d0f8b On most other systems "out there", <net/if.h> does not require the caller
to #include <sys/time.h> first.  I've lost count of the number of times
I've had to patch this in porting code.  The problem is the
"struct timeval ifi_lastchange" in the mib stats.  (most other systems don't
have this, until 4.4bsd anyway).
1998-03-21 13:36:20 +00:00
Garrett Wollman
906f09bca4 Add a macro to accurately calculate the length of a struct ifreq when
it contains an address.  This can replace all the myriad (wrong) ways
in which this task is performed in the current system.  As an added
bonus, since it's a macro, then third-party software vendors have an easy
way to tell whether it's there or not.  (This will become necessary
when sizeof(struct sockaddr) is increaased, and also when additional
fields are added to struct ifreq.)
1998-01-13 02:56:21 +00:00
Poul-Henning Kamp
a1c995b626 Last major round (Unless Bruce thinks of somthing :-) of malloc changes.
Distribute all but the most fundamental malloc types.  This time I also
remembered the trick to making things static:  Put "static" in front of
them.

A couple of finer points by:	bde
1997-10-12 20:26:33 +00:00
Peter Wemm
a912e453bc add SIOC{S,G}IFMEDIA ioctl support 1997-05-03 21:07:13 +00:00
Peter Wemm
6875d25465 Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not
ready for it yet.
1997-02-22 09:48:43 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Garrett Wollman
477180fbc8 Use the new if_multiaddrs list for multicast addresses rather than the
previous hackery involving struct in_ifaddr and arpcom.  Get rid of the
abominable multi_kludge.  Update all network interfaces to use the
new machanism.  Distressingly few Ethernet drivers program the multicast
filter properly (assuming the hardware has one, which it usually does).
1997-01-13 21:26:53 +00:00
Garrett Wollman
19ff91c6b0 Separate kernel-internal data structures from exposed user interface
to interfaces.  (Amazing nobody had done this!)

More commits to fix up user-land to follow.
1997-01-03 19:50:26 +00:00
Garrett Wollman
59562606b9 Convert the interface address and IP interface address structures
to TAILQs.  Fix places which referenced these for no good reason
that I can see (the references remain, but were fixed to compile
again; they are still questionable).
1996-12-13 21:29:07 +00:00
Garrett Wollman
294121822b Use queue macros for the list of interfaces. Next stop: ifaddrs! 1996-12-11 20:38:25 +00:00
Garrett Wollman
4963f4cd96 Include <net/if_arp.h> in the one header that requires it,
<netinet/if_ether.h>, rather than in <net/if.h>, most of whose callers
have no need of it.

Pointed-out-by:	bde
1996-12-11 17:46:33 +00:00
Garrett Wollman
662f33aaf6 Finally, after six years, remove the ``quick hack for SNMP'' that was
``going away soon''.
1996-12-10 18:03:51 +00:00
David Greenman
fb5831565c 1) Implement SIOCSIFMTU in ether_ioctl(), and change ether_ioctl's return
type to be int so that errors can be returned.
2) Use the new SIOCSIFMTU ether_ioctl support in the few drivers that are
   using ether_ioctl().
3) In if_fxp.c: treat if_bpf as a token, not as a pointer. Don't bother
   testing for FXP_NTXSEG being reached in fxp_start()...just check for
   non-NULL 'm'. Change fxp_ioctl() to use ether_ioctl().
1996-12-10 07:29:50 +00:00
Bill Fenner
a73356a1be Fix comments, which appear to have been mangled long ago and far away. 1996-10-21 23:05:57 +00:00
Bruce Evans
4458ac71b1 Removed nested include if <sys/socket.h> from <net/if.h> and
<net/if_arp.h> and fixed the things that depended on it.  The nested
include just allowed unportable programs to compile and made my
simple #include checking program report that networking code doesn't
need to include <sys/socket.h>.
1996-10-12 19:49:43 +00:00
Julian Elischer
aba926bda4 correct a field comment that someone must have accidentally spammed
as it's still used for what the original BSD4.4 comment says it's for.
1996-08-26 23:17:17 +00:00
Poul-Henning Kamp
30106f6a8c Add a callback pointer to the interfaces "init" routine.
Add ether_ioctl() which can take care of the SIOC[SG]IFADDR cases for
most (ethernet) drivers.
1996-08-04 10:54:13 +00:00
Garrett Wollman
bbd17bf8e1 Add better support for retrieving management information from network
interfaces.  This creates two new tables in the net.link.generic branch
of the MIB; one contains (essentially) `ifdata' structures, and the other
contains a blob provided by the interface (and presumably used to
implement link-layer-specific MIB variables).  A number of things
have been moved around in the `ifnet' and `ifdata' structures, so
NEW VERSIONS OF ifconfig(8) AND routed(8) ARE REQUIRED.  (A simple
recompile is all that's necessary.)

I have a sample program which uses this interface for those interested
in making use of it.
1996-07-30 19:17:07 +00:00
Garrett Wollman
f12c3c93de Fix a spelling error I forgot to bring over from my personal version
of the last (IF_ENQ_DROP) commit.
1996-07-23 14:44:46 +00:00
Garrett Wollman
6f86639187 Add a new, better mechanism for sticking packets onto ifqueues.
The old system had the misfeature that the only policy it could implement
was tail-drop; the new IF_ENQ_DROP macro/function makes it possible
to implement more sophisticated queueing policies on a system-wide
basis.  No code actually uses this yet (although on my machine
I have converted the ethernet and (polled) loopback to use it).
1996-07-22 20:06:01 +00:00
Gary Palmer
e39a0280cb Change the use if ifnet.if_lastchange to be more in line with
SNMP requirements. Update description of ifnet.if_lastchange in if.h
to indicate this.
1996-06-10 23:07:36 +00:00
Garrett Wollman
9b44ff2214 Clean up Ethernet drivers:
- fill in and use ifp->if_softc
	- use if_bpf rather than private cookie variables
	- change bpf interface to take advantage of this
	- call ether_ifattach() directly from Ethernet drivers
	- delete kludge in if_attach() that did this indirectly
1996-02-06 18:51:28 +00:00
Garrett Wollman
7c399a896a Delete the if_private[] array in struct ifnet; this turned out to be
of limited utility.  In their place, add bunch of pointers
which will eventually be needed by the polled-interrupt scheme we're working
here.  (It will probably be a while before the code is written and
committed here.)  At the same time, a `void *if_softc' field
was added to the beginning of the structure to make certain driver
writers happier.

The practical upshot of all this is that you need to
recompile utilities such as netstat which manipulate struct ifnet.
1996-01-26 22:09:54 +00:00
Poul-Henning Kamp
18b7be4064 The last part of the ether_sprint -> %6D change.
Sorry for the delay.
(%D is for hexdumping.)
1996-01-26 09:29:29 +00:00
Poul-Henning Kamp
3bda9f9bd5 Staticize, clean lint. 1995-12-09 20:47:15 +00:00
David Greenman
4a5f1499b0 all:
Removed ifnet.if_init and ifnet.if_reset as they are generally unused.
Change the parameter passed to if_watchdog to be a ifnet * rather than
a unit number. All of this is an attempt to move toward not needing an
array of softc pointers (which is usually static in size) to point to
the driver softc.

if_ed.c:
Changed some of the argument passing to some functions to make a little
more sense.

if_ep.c, if_vx.c:
Killed completely bogus use of if_timer. It was being set in such a way
that the interface was being reset once per second (blech!).
1995-12-05 02:01:59 +00:00
Garrett Wollman
233b60cec4 Say goodbye to IFF_NOTRAILERS. Support for trailers was officially
dropped for 4.4, but for some reason this flag lived on.  (Until
today, that is.)
1995-10-13 19:48:06 +00:00
Garrett Wollman
a5d3a8f99b Add a few hooks (in the form of an array of four void *'s) to allow
various bits of software to save some data in the ifnet structure without
having to constantly change the declaration thereof.
1995-08-31 15:21:31 +00:00
Bruce Evans
b6f5c0b824 Fix several sysinit functions that had the wrong type and unnecessarily
external linkage.

Remove useless comments saying that SYSINIT() does system initialization.
1995-08-30 00:33:22 +00:00
Bruce Evans
bf25be48a5 Make everything except the unsupported network sources compile cleanly
with -Wnested-externs.
1995-08-16 16:14:28 +00:00
Joerg Wunsch
6f64074e6b Move some struct definitions outside of struct's, so their scopes for
C++ will match the scopes for C.

Submitted by:	Warner Losh
1995-07-09 08:12:27 +00:00
Rodney W. Grimes
9b2e535452 Remove trailing whitespace. 1995-05-30 08:16:23 +00:00
Paul Traina
f5fea3ddc9 Cleanup loopback interface support.
Reviewed by:	wollman
1995-04-26 18:10:58 +00:00
Bruce Evans
b5e8ce9f12 Add and move declarations to fix all of the warnings from `gcc -Wimplicit'
(except in netccitt, netiso and netns) and most of the warnings from
`gcc -Wnested-externs'.  Fix all the bugs found.  There were no serious
ones.
1995-03-16 18:17:34 +00:00
David Greenman
73c2ab4621 Moved declaration of ifnet pointer out of the header file and into the
.c file where it belongs. Bezeroed some uninitialized malloc data.
1994-12-30 06:46:21 +00:00
David Greenman
511cdd1649 Removed bogus semicolon at end of a #define line. 1994-12-22 07:20:03 +00:00
Garrett Wollman
074c4a4e2e Add generic part of generic multiple-physical-interface support (the
successor of IFF_ALTPHYS).
1994-12-21 22:57:05 +00:00
Garrett Wollman
b30cbe4a6b Add a #define for if_rawoutput(), which isn't used now, but eventually will
be.
1994-12-21 18:03:41 +00:00
Garrett Wollman
995add1a12 Add support for two separate cloning flags, one set by the lower layers,
and one set by the protocol family.  Also add another parameter to
rtalloc1() to allow for any interface flags to be ignored; currently
this is only useful for RTF_PRCLONING.  Get rid of rt_prflags and re-unite
with rt_flags.  Add T/TCP ``route metrics''.

NB: YOU MUST RECOMPILE `route' AND OTHER RELATED PROGRAMS AS A RESULT OF
THIS CHANGE.

This also adds a new interface parameter, `ifi_physical', which will
eventually replace IFF_ALTPHYS as the mechanism for specifying the
particular physical connection desired on a multiple-connection card.

NB: YOU MUST RECOMPILE `ifconfig' AND OTHER RELATED PROGRAMS AS A RESULT OF
THIS CHANGE.
1994-12-13 22:31:49 +00:00
Poul-Henning Kamp
6c4b1b79b1 #include <socket.h> -> <sys/socket.h> 1994-11-16 02:16:18 +00:00
Bruce Evans
df708ff192 Include <sys/socket.h> for declaration of struct sockaddr. This helps
genassym compile when KERNEL is not defined.

Uniformize idempotency ifdef.
1994-11-15 14:41:38 +00:00
Bruce Evans
67df6ed30c if.h:
Declare a complete prototype for the function pointer *ifa_rtrequest.

radix.h:
Declare a complete prototype for the function pointer *rnh_walktree
and for the function rn_walktree.

Uniformize idempotency ifdef.
1994-11-14 14:06:06 +00:00
Garrett Wollman
37be1da83f Define IFF_ALTPHYS to be IFF_LINK2. Gross, but effective. (There aren't any
more bits left in if_flags and I don't want to make it a long this late in
the release cycle.)
1994-10-01 19:44:38 +00:00
Paul Richards
cea1da3be2 Make idempotent.
Submitted by:	Paul
1994-08-21 05:11:48 +00:00
Garrett Wollman
f23b4c91c4 Fix up some sloppy coding practices:
- Delete redundant declarations.
- Add -Wredundant-declarations to Makefile.i386 so they don't come back.
- Delete sloppy COMMON-style declarations of uninitialized data in
  header files.
- Add a few prototypes.
- Clean up warnings resulting from the above.

NB: ioconf.c will still generate a redundant-declaration warning, which
is unavoidable unless somebody volunteers to make `config' smarter.
1994-08-18 22:36:09 +00:00
David Greenman
a7028af7f0 Added ioctl support for SIOCGIFMTU and SIOCSIFMTU. These set the per-
interface MTU.
1994-08-08 10:49:26 +00:00
David Greenman
3c4dd3568f Added $Id$ 1994-08-02 07:55:43 +00:00