Revert the (int *) -> (intptr_t *) conversion done as part of rev. 1.59
(MFC'ed in rev. 1.55.2.3) for IOCTLs where casting data to intptr_t *
isn't the right thing to do, fixing tap(4) on big-endian LP64 machines.
Add kqueue(2) support on if_tap(4) interfaces. While I'm here, replace
K&R style function declarations with ANSI style. Also fix endian bugs
accessing ioctl arguments that are passed by value.
Do not call knlist_destroy() in tapclose(). Instead call it when device is
actually destroyed. Also move call to knlist_init() into tapcreate(). This
should fix panic described in kern/95357.
PR: kern/93897, kern/95357
Submitted by: Vilmos Nebehaj < vili at huwico dot hu >
date: 2006/03/03 09:12:21; author: thompsa; state: Exp; lines: +22 -7
Since we are using random ethernet addresses for the bridge, it is possible
that we might have address collisions, so make sure that this hardware address
isn't already in use on another bridge.
Slightly re-worked bpf(4) code associated with bridging: if we have a
destination interface as a member of our bridge or this is a unicast packet,
push it through the bpf(4) machinery.
For broadcast or multicast packets, don't bother with the bpf(4) because it will
be re-injected into ether_input. We do this before we pass the packets through
the pfil(9) framework, as it is possible that pfil(9) will drop the packet or
possibly modify it, making it very difficult to debug firewall issues on the
bridge.
Further, implemented IFF_MONITOR for bridge interfaces. This does much the same
thing that it does for regular network interfaces: it pushes the packet to any
bpf(4) peers and then returns. This bypasses all of the bridge machinery,
saving mutex acquisitions, list traversals, and other operations performed by
the bridging code.
This change to the bridging code is useful in situations where individuals use a
bridge to multiplex RX/TX signals from two interfaces, as is required by some
network taps for de-multiplexing links and transmitting the RX/TX signals
out through two separate interfaces. This behaviour is quite common for network
taps monitoring links, especially for certain manufacturers.
Unbreak byte counters when network interfaces are in monitor mode by
re-organizing the monitor return logic. We perform interface monitoring
checks after we have determined if the CRC is still on the packet, if
it is, m_adj() is called which will adjust the packet length. This
ensures that we are not including CRC lengths in the byte counters for
each packet.
Pickup locks for the BPF interface structure. It's quite possible that
bpf(4) descriptors can be added and removed on this interface while we
are processing stats.
- Fill in the correct rtm_index for RTM_ADD and RTM_CHANGE messages.
- Allow RTM_CHANGE to change a number of route flags as specified by
RTF_FMASK.
- The unused rtm_use field in struct rt_msghdr is redesignated as
rtm_fmask field to communicate route flag changes in RTM_CHANGE
messages from userland. The use count of a route was moved to
rtm_rmx a long time ago. For source code compatibility reasons
a define of rtm_use to rtm_fmask is provided.
Approved by: re
- Introduce ifmedia_baudrate(), which returns correct baudrate of the
given media status. [1]
- Utilize ifmedia_baudrate() in miibus_statchg() to update ifp->if_baudrate.
Obtained from: NetBSD [1]
Approved by: re (scottl)
Properly initialize args structure before passing it to ipfw_chk(): having
uninitialized args.inp is unhealthy for uid/gid/jail ipfw rules.
PR: kern/92589
Approved by: re (scottl)
Connect zlib to the build.
This patch fixes a problem, which exists if you have IPSEC in your kernel
and want to have crypto support loaded as KLD. By moving zlib to separate
module and adding MODULE_DEPEND directives, it is possible to use such
configuration without complication. Otherwise, since IPSEC is linked with
zlib (just like crypto.ko) you'll get following error:
interface zlib.1 already present in the KLD 'kernel'!
Approved by: cognet (mentor)
Approved by: re (scottl)
Check the right ifnet pointer to see if if_alloc() failed or not in
ef_clone(); we were testing the original ifnet, not the one allocated.
When aborting ef_clone() due to if_alloc() failing, free the allocated
efnet structure rather than leaking it.
Noticed by: Coverity Prevent analysis tool
Approved by: re (scottl)
When freeing the chain of if_ef devices on an aborted load, use
SLIST_FOREACH_SAFE() rather than SLIST_FOREACH(), as elements are
freed on each iteration of the loop. This prevents use-after-free.
Noticed by: Coverity Prevent analysis tool
Approved by: re (scottl)
Set IFF_BROADCAST and IFF_MULTICAST on vlan interfaces from the
beginning and simply refuse to attach to a parent without either
flag. Our network stack doesn't like those flags changing and
there is no need in them doing so.
Approved by: re (scottl)
rev. 1.39 sys/net/if_gre.c
rev. 1.21 sys/netinet/ip_gre.c rev. 1.4 sys/netinet/ip_gre.h
rev. 1.12 sys/netipsec/keysock.c rev. 1.3 sys/netipsec/keysock.h
rev. 1.32 sys/netkey/keysock.c rev. 1.9 sys/netkey/keysock.h
Fix stack corruptions on amd64.
Vararg functions have a different calling convention than regular
functions on amd64. Casting a varag function to a regular one to
match the function pointer declaration will hide the varargs from
the caller and we will end up with an incorrectly setup stack.
Entirely remove the varargs from these functions and change the
functions to match the declaration of the function pointers.
Remove the now unnecessary casts.
Lots of explanations and help from: peter
PR: amd64/89261
MFC 1.88:
Improve handling flags that must be propagated
to the parent interface, such as IFF_PROMISC and
IFF_ALLMULTI. In addition, vlan(4) gains ability
to migrate from one parent to another w/o losing
its own flags.
PR: kern/81978
them to userland. [1]
MFC rev. 1.16 of sys/contrib/pf/net/pf_norm.c: Correct an error in pf
handling of IP packet fragments which could result in a kernel panic.
[2]
Security: FreeBSD-SA-06:06.kmem [1]
Security: FreeBSD-SA-06:07.pf [2]
1.17: convert from network byte order to host byte order not to reverse.
1.19: Get rid of the bogus IFP2FC() macro and use IFP2FWC().
1.20: Fix ip_fastforward() return handling.
PR: kern/91307 (1.19)
Found by: Coverity Prevent(tm) (1.20)
- Use VLAN_TAG_VALUE() not only to read a dot1q tag
value from an m_tag, but also to set it. This reduces
complex code duplication and improves its readability.
- Fix VLAN_INPUT_TAG() macro, so that it doesn't touch mtag in
case if memory allocation failed.
- Remove fourth argument from VLAN_INPUT_TAG(), that was used
incorrectly in almost all drivers. Indicate failure with
mbuf value of NULL.
- Do not raise IFF_DRV_OACTIVE flag in vlan_start, because this
can lead to stalled interface
- Explain this fact in a comment.
Reviewed by: rwatson, thompsa, yar
