Commit Graph

804 Commits

Author SHA1 Message Date
Robert Watson
acd3428b7d Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges.  These may
require some future tweaking.

Sponsored by:           nCircle Network Security, Inc.
Obtained from:          TrustedBSD Project
Discussed on:           arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                        Alex Lyashkov <umka at sevcity dot net>,
                        Skip Ford <skip dot ford at verizon dot net>,
                        Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:42:10 +00:00
Andre Oppermann
5e20f43d31 Rename m_getm() to m_getm2() and rewrite it to allocate up to page sized
mbuf clusters.  Add a flags parameter to accept M_PKTHDR and M_EOR mbuf
chain flags.  Provide compatibility macro for m_getm() calling m_getm2()
with M_PKTHDR set.

Rewrite m_uiotombuf() to use m_getm2() for mbuf allocation and do the
uiomove() in a tight loop over the mbuf chain.  Add a flags parameter to
accept mbuf flags to be passed to m_getm2().  Adjust all callers for the
extra parameter.

Sponsored by:	TCP/IP Optimization Fundraise 2005
MFC after:	3 month
2006-11-02 17:37:22 +00:00
Gleb Smirnoff
e4c185db7a Check pointer before dereferencing.
Reported by:	Coverity
CID:		1556
2006-10-18 07:47:07 +00:00
Gleb Smirnoff
237af4af3f Some clenaup of ngs_rcvmsg():
- Inline ship_msg() into ngs_rcvmsg().
  - Plug memory leak in case if no control socket present.
  - Remove malloc() and allocate the sockaddr on stack.
  - style(9).
2006-10-17 16:52:09 +00:00
Gleb Smirnoff
dcaf468dcb Some cleanup and small changes:
- Use malloc() and free() instead of MALLOC() and FREE() macros.
  - Do not check malloc results if M_WAITOK was used.
  - Remove linked list of all netgraph sockets. It isn't needed.
  - Use ng_findhook() instead of searching the list ourselves.
  - Use NG_WAITOK in syscalls.
  - Remove unneeded includes.
  - style(9)
2006-10-17 12:21:48 +00:00
Gleb Smirnoff
81ba27c8d9 Make the sg_len and sg_family members of the sockaddr_ng the same type
as the corresponding values in sockaddr are.
2006-10-17 11:03:55 +00:00
Gleb Smirnoff
bb964e745b Make ng_ID_t fixed size, so that its maximum value is platform independent.
This will be important in future.
2006-10-17 11:01:20 +00:00
Gleb Smirnoff
c6964951c6 - ng_address_ID() has already freed the message, don't do double free.
- Get error from ng_address_ID().

Reported by:	Coverity via pjd
2006-10-17 10:59:39 +00:00
Gleb Smirnoff
b0dc008358 Fix result of some mechanical change that I did some time ago, when
writing this node.
2006-10-13 09:11:12 +00:00
Gleb Smirnoff
7801dc7cb3 Recognize 802.1q frames in Ethernet input and process them.
PR:		kern/101162
Submitted by:	CoolDavid (Tseng Guo-Fu) <cooldavid cdpa.nsysu.edu.tw>
2006-10-11 15:27:13 +00:00
Gleb Smirnoff
cf3254aac8 Do not leak hooks in ng_bypass().
Submitted by:	Alexander Motin <mav alkar.net>
2006-10-11 14:33:08 +00:00
Gleb Smirnoff
11e685579f Make it buildable. 2006-10-11 13:28:37 +00:00
Gleb Smirnoff
3b9c299730 Unbreak a short one.
Submitted by:	maxim
2006-10-11 12:39:21 +00:00
Gleb Smirnoff
006725ba9e Break long line. 2006-10-11 12:32:53 +00:00
Gleb Smirnoff
96a0326e14 Use hash functions with better distribution. Tested on live traffic.
Submitted by:	Alexander Motin <mav alkar.net>
2006-10-11 12:31:14 +00:00
Gleb Smirnoff
b7e405bd4a Use bitcount32() from sys/systm.h instead of my own. 2006-10-11 10:47:44 +00:00
Alexander Leidinger
63272d3036 Don't use data after free.
Found by:	Coverity Prevent
CID:		536
Submitted by:	harti (via vs)
2006-09-30 12:37:43 +00:00
Andre Oppermann
78ba57b9e1 Move ethernet VLAN tags from mtags to its own mbuf packet header field
m_pkthdr.ether_vlan.  The presence of the M_VLANTAG flag on the mbuf
signifies the presence and validity of its content.

Drivers that support hardware VLAN tag stripping fill in the received
VLAN tag (containing both vlan and priority information) into the
ether_vtag mbuf packet header field:

	m->m_pkthdr.ether_vtag = vlan_id;	/* ntohs()? */
	m->m_flags |= M_VLANTAG;

to mark the packet m with the specified VLAN tag.

On output the driver should check the mbuf for the M_VLANTAG flag to
see if a VLAN tag is present and valid:

	if (m->m_flags & M_VLANTAG) {
		... = m->m_pkthdr.ether_vtag;	/* htons()? */
		... pass tag to hardware ...
	}

VLAN tags are stored in host byte order.  Byte swapping may be necessary.

(Note: This driver conversion was mechanic and did not add or remove any
byte swapping in the drivers.)

Remove zone_mtag_vlan UMA zone and MTAG_VLAN definition.  No more tag
memory allocation have to be done.

Reviewed by:	thompsa, yar
Sponsored by:	TCP/IP Optimization Fundraise 2005
2006-09-17 13:33:30 +00:00
Ruslan Ermilov
85fcf1ba07 Fix input byte counting. Now the sum of the ipackets/ibytes counters
of individual interfaces should match the ipackets/ibytes counter of
the aggregate (FEC) interface.

PR:		kern/82189
Submitted by:	Stikheev Andrew <sand AT zunet DOT ru>
MFC after:	3 days
2006-09-15 20:17:45 +00:00
Ruslan Ermilov
7f01dc25c4 Make it possible to set a larger MTU by attempting to set MTUs on all
trunk ports first.  If that succeeds, and we're inside our own bounds,
so be it.

Still not ideal -- adding a port after changing an MTU doesn't change
port's MTU, but a step in the right direction.

PR:		kern/95417
Submitted by:	Vladimir Ivanov <wawa AT yandex-team DOT ru>
MFC after:	3 days

I've slightly edited a patch to make the conditional logic positive
and remove (what I think was) a redundant ng_fec_init() call.
2006-09-15 16:06:27 +00:00
Ruslan Ermilov
3d82b87057 SIOCSIFFLAGS doesn't require an argument in kernel land; instead, flags
are supposed to be set directly in ifnet already.  This change fixes a
panic when ng_eiface node is attached to ng_fec node and the latter is
shut down (ng_fec sets flags and then calls SIOCSIFFLAGS with a NULL
argument).

MFC after:	3 days
2006-09-15 15:53:09 +00:00
Maksim Yevmenkin
0ff5b678c3 s/USBDEVNAME/device_get_nameunit/g
s/USBBASEDEVICE/device_t/g
2006-09-07 23:38:09 +00:00
Matt Jacob
d8c1647f2f more usb fallout changes 2006-09-07 06:18:34 +00:00
Maksim Yevmenkin
7c3808562a - Catch up with ongoing rwatson's socket work;
- Fix a couple of LORs and panics;

- Temporarily remove the code that tries to cleanup sockets that stuck
  on accepting queues (both complete and incomplete). I'm taking an ostrich
  approach here until I find a better way to deal with sockets that were
  disconnected before accepting (i.e. while socket was on complete or
  incomplete accept queue).
2006-08-25 17:53:13 +00:00
Ruslan Ermilov
a819085b87 Fix another fallout from the IF_LLADDR() type change.
Spotted by:	mwlucas
2006-08-24 19:50:00 +00:00
Maksim Yevmenkin
231e95561a Define mtu as u_int16_t not as int. This should fix problem with rfcomm
on sparc64.

Reported by:	Andrew Belashov <bel at orel dot ru>
Tested by:	Andrew Belashov <bel at orel dot ru>
MFC after:	3 days
2006-08-24 16:51:02 +00:00
Gleb Smirnoff
f366efa96f Some perfectionizm against last revision.
Submitted by:	ru
2006-08-10 11:07:11 +00:00
Gleb Smirnoff
b1ba28df1d Fix ng_pppoe(4) after turning off "autosrc feature" on ng_ether(4).
- Store the Ethernet header in node softc.
- Initialize header with dst addr and ethertype in node
  constructor method.
- In node connect method send NGM_ETHER_GET_ENADDR message
  downwards.
- If received reply from ng_ether(4) store the src addr
  in softc.
- Add NGM_PPPOE_SETENDADDR message that allows user to
  override the address with whatever he/she wants.
2006-08-09 09:56:58 +00:00
Gleb Smirnoff
2e87c3cc4d - Use log(9) instead of printf(9).
- Print node ID, where possible.
- Prepend log messages with function name, or at least with "ng_pppoe".

Reviewed by:	julian
Tested by:	Joao Barros <joao.barros gmail.com>
2006-08-07 08:05:10 +00:00
Gleb Smirnoff
447a8026ec Turn off by default "feature" that overwrites MAC address
on output frames.

Many people were confused with not working CARP, ng_bridge(4)
and other subsystems, because ng_ether(4) overwritten source
MAC address.
2006-08-04 13:36:27 +00:00
Andrew Thompson
9674cf0e27 Remove the dependency of bridgestp.h on if_bridgevar.h by moving a couple of
private structures to if_bridge.c.
2006-07-27 21:01:48 +00:00
Tai-hwa Liang
87909ba75c Fixing compilation bustage: net/if_bridgevar.h depends on net/bridgestp.h. 2006-07-27 06:15:37 +00:00
Robert Watson
b0668f7151 soreceive_generic(), and sopoll_generic(). Add new functions sosend(),
soreceive(), and sopoll(), which are wrappers for pru_sosend,
pru_soreceive, and pru_sopoll, and are now used univerally by socket
consumers rather than either directly invoking the old so*() functions
or directly invoking the protocol switch method (about an even split
prior to this commit).

This completes an architectural change that was begun in 1996 to permit
protocols to provide substitute implementations, as now used by UDP.
Consumers now uniformly invoke sosend(), soreceive(), and sopoll() to
perform these operations on sockets -- in particular, distributed file
systems and socket system calls.

Architectural head nod:	sam, gnn, wollman
2006-07-24 15:20:08 +00:00
Robert Watson
a152f8a361 Change semantics of socket close and detach. Add a new protocol switch
function, pru_close, to notify protocols that the file descriptor or
other consumer of a socket is closing the socket.  pru_abort is now a
notification of close also, and no longer detaches.  pru_detach is no
longer used to notify of close, and will be called during socket
tear-down by sofree() when all references to a socket evaporate after
an earlier call to abort or close the socket.  This means detach is now
an unconditional teardown of a socket, whereas previously sockets could
persist after detach of the protocol retained a reference.

This faciliates sharing mutexes between layers of the network stack as
the mutex is required during the checking and removal of references at
the head of sofree().  With this change, pru_detach can now assume that
the mutex will no longer be required by the socket layer after
completion, whereas before this was not necessarily true.

Reviewed by:	gnn
2006-07-21 17:11:15 +00:00
Maksim Yevmenkin
df280cb596 Replace inb() and outb() with bus_space_read_1() and bus_space_write_1()
Submitted by:	marius
MFC after:	1 week
2006-07-05 17:18:47 +00:00
Gleb Smirnoff
d473c9d543 A netgraph node that can do different manipulations with
mbuf_tags(9) on packets.

Submitted by:		Vadim Goncharov <vadimnuclight tpu.ru>
mdoc(7) reviewed by:	ru
2006-06-27 12:45:28 +00:00
John Baldwin
edd32c2da2 Use kern_kldload() and kern_kldunload() to load and unload modules when
we intend for the user to be able to unload them later via kldunload(2)
instead of calling linker_load_module() and then directly adjusting the
ref count on the linker file structure.  This makes the resulting
consumer code simpler and cleaner and better hides the linker internals
making it possible to sanely lock the linker.
2006-06-13 21:36:23 +00:00
Gleb Smirnoff
b96baf0a65 When counting nodes second time, use the same criteria as for
the first time.

PR:		kern/98529
Submitted by:	Michael Heyman
2006-06-07 12:42:15 +00:00
Gleb Smirnoff
27e216594b Use NET_CALLOUT_MPSAFE for netgraph callout initializer. 2006-06-06 08:05:27 +00:00
Sam Leffler
ff046a6c6b add missed calls to bpf_peers_present 2006-06-02 23:14:40 +00:00
John Baldwin
b1e30c4c4e Conditionally acquire Giant in netgraph callouts to honor mpsafenet=0.
Reported by:	sekes <gexlie at gmail dot com>
MFC after:	1 week
2006-06-02 20:35:39 +00:00
Diomidis Spinellis
809f920d59 Replace the array initialization using the gcc-specific format
[constant] value
with the C99 format
[constant] = value
2006-06-02 09:08:51 +00:00
Maksim Yevmenkin
c4e3f62cc1 Add new SIOC_HCI_RAW_NODE_LIST_NAMES ioctl. User-space applications can
use this ioctl to obtain the list of HCI nodes. User-space application
is expected to preallocate 'ng_btsocket_hci_raw_node_list_names' structure
and set limit in 'num_nodes' field. The 'nodes' field should be allocated
as well and it should have space for at least 'num_nodes' elements.

The SIOC_HCI_RAW_NODE_LIST_NAMES should be issued on bound raw HCI socket.
It does not really really matter what HCI name the socket is bound to, as
long as it is not empty.

MFC after:	1 week
2006-05-17 00:13:07 +00:00
Gleb Smirnoff
441bc021a2 Remove unneeded check.
Coverity ID:	445
2006-05-16 11:49:26 +00:00
Gleb Smirnoff
00570db37b Do not leak kernel memory in case if userland has been compiled
against older NG_VERSION.

Coverity ID:	1131
2006-05-16 09:32:58 +00:00
Maxim Konovalov
7edf55d7ff o Replace disappeared URLs to Cisco docs by new ones, style.
No functional changes.
2006-04-25 20:01:50 +00:00
Maxim Konovalov
f17f823163 o Set to zero engine_type, engine_id and pad (cisco calls it
sampling_interval) fields in netflow v5 header.  We do not use
them but some netflow tools show garbage.

PR:		kern/96296
Submitted by:	David Duchscher
Approved by:	glebius
MFC after:	1 week
2006-04-25 19:56:53 +00:00
Robert Watson
c0a1b804a7 Correct assertion in ng_detach().
Submitted by:	tegge
MFC after:	3 months
2006-04-06 02:54:42 +00:00
Robert Watson
bc725eafc7 Chance protocol switch method pru_detach() so that it returns void
rather than an error.  Detaches do not "fail", they other occur or
the protocol flags SS_PROTOREF to take ownership of the socket.

soclose() no longer looks at so_pcb to see if it's NULL, relying
entirely on the protocol to decide whether it's time to free the
socket or not using SS_PROTOREF.  so_pcb is now entirely owned and
managed by the protocol code.  Likewise, no longer test so_pcb in
other socket functions, such as soreceive(), which have no business
digging into protocol internals.

Protocol detach routines no longer try to free the socket on detach,
this is performed in the socket code if the protocol permits it.

In rts_detach(), no longer test for rp != NULL in detach, and
likewise in other protocols that don't permit a NULL so_pcb, reduce
the incidence of testing for it during detach.

netinet and netinet6 are not fully updated to this change, which
will be in an upcoming commit.  In their current state they may leak
memory or panic.

MFC after:	3 months
2006-04-01 15:42:02 +00:00
Robert Watson
ac45e92ff2 Change protocol switch pru_abort() API so that it returns void rather
than an int, as an error here is not meaningful.  Modify soabort() to
unconditionally free the socket on the return of pru_abort(), and
modify most protocols to no longer conditionally free the socket,
since the caller will do this.

This commit likely leaves parts of netinet and netinet6 in a situation
where they may panic or leak memory, as they have not are not fully
updated by this commit.  This will be corrected shortly in followup
commits to these components.

MFC after:      3 months
2006-04-01 15:15:05 +00:00