Commit Graph

116 Commits

Author SHA1 Message Date
Jonathan Lemon
016da741b2 Add two fields to the ifnet structure indicating what extra capabilities
a network device has, and which ones are enabled.
2001-09-18 17:41:42 +00:00
Julian Elischer
b40ce4165d KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
Jonathan Lemon
a8637146f1 Fix another shortcircuit return() statement that I missed. 2001-09-07 05:39:47 +00:00
Jonathan Lemon
2defe5cdd7 Fix sense of comparison in space test. Also eliminate a compile
warning and remove a previously existing off-by-one error.
2001-09-07 05:32:54 +00:00
Jonathan Lemon
f9132cebdc Wrap array accesses in macros, which also happen to be lvalues:
ifnet_addrs[i - 1]  -> ifaddr_byindex(i)
        ifindex2ifnet[i]    -> ifnet_byindex(i)

This is intended to ease the conversion to SMPng.
2001-09-06 02:40:43 +00:00
Jonathan Lemon
0b59d917d8 Cosmetic cleanups and rearrangement for code to come. There should be
no functional change in this commit.
2001-09-06 00:44:45 +00:00
Brooks Davis
30aad87d72 Add kernel infrastructure for network device cloning.
Reviewed by:	ru, ume
Obtained from:	NetBSD
MFC after:	1 week
2001-07-02 20:49:25 +00:00
Hajimu UMEMOTO
3384154590 Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
2001-06-11 12:39:29 +00:00
Bill Fenner
4f3c11a654 Better handling of ioctl(SIOCSIFFLAGS) failing in ifpromisc():
- Don't print the "promiscuous mode (enabled|disabled)" on failure
- Restore the reference count on failure
2001-04-27 22:20:22 +00:00
Yaroslav Tykhiy
b7bffa713d Change the type of the VLAN interface from IFT_PROPVIRTUAL,
which was a temporary hack, to IFT_L2VLAN, which is the type
assigned by IANA.
2001-04-04 15:10:58 +00:00
Brian Somers
2c514a3101 If ifpromisc() fails the SIOCSIFFLAGS ioctl, put ifp->if_flags
back the way we found them.
2001-04-02 21:49:40 +00:00
John Baldwin
5e980e229f Use mtx_initiaalized() rather than violating the internals of the mutex
structure.
2001-03-28 09:04:25 +00:00
Yaroslav Tykhiy
ccb7cc8ddd Don't bypass notifying a corresponding interface
when leaving a link-layer multicast group.

PR:		kern/22176
Reviewed by:	wollman
2001-03-27 13:15:57 +00:00
Robert Watson
91421ba234 o Move per-process jail pointer (p->pr_prison) to inside of the subject
credential structure, ucred (cr->cr_prison).
o Allow jail inheritence to be a function of credential inheritence.
o Abstract prison structure reference counting behind pr_hold() and
  pr_free(), invoked by the similarly named credential reference
  management functions, removing this code from per-ABI fork/exit code.
o Modify various jail() functions to use struct ucred arguments instead
  of struct proc arguments.
o Introduce jailed() function to determine if a credential is jailed,
  rather than directly checking pointers all over the place.
o Convert PRISON_CHECK() macro to prison_check() function.
o Move jail() function prototypes to jail.h.
o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the
  flag in the process flags field itself.
o Eliminate that "const" qualifier from suser/p_can/etc to reflect
  mutex use.

Notes:

o Some further cleanup of the linux/jail code is still required.
o It's now possible to consider resolving some of the process vs
  credential based permission checking confusion in the socket code.
o Mutex protection of struct prison is still not present, and is
  required to protect the reference count plus some fields in the
  structure.

Reviewed by:	freebsd-arch
Obtained from:	TrustedBSD Project
2001-02-21 06:39:57 +00:00
Poul-Henning Kamp
6817526d14 Convert if_multiaddrs from LIST to TAILQ so that it can be traversed
backwards in the three drivers which want to do that.

Reviewed by:    mikeh
2001-02-06 10:12:15 +00:00
Poul-Henning Kamp
37d4006626 Another round of the <sys/queue.h> FOREACH transmogriffer.
Created with:   sed(1)
Reviewed by:    md5(1)
2001-02-04 16:08:18 +00:00
Poul-Henning Kamp
fc2ffbe604 Mechanical change to use <sys/queue.h> macro API instead of
fondling implementation details.

Created with: sed(1)
Reviewed by: md5(1)
2001-02-04 13:13:25 +00:00
Poul-Henning Kamp
22f2982675 Use <sys/queue.h> macro api rather than fondle its implementation detals.
Created with:	/usr/bin/sed
Reviewed by:	/sbin/md5
2001-02-03 11:46:35 +00:00
Jason Evans
62b119cabd Revert mutex initialization check to look at mtx_description.
Pointed out by:	jlemon, jhb
2001-01-30 22:28:03 +00:00
Jason Evans
0cde2e34af Move most of sys/mutex.h into kern/kern_mutex.c, thereby making the mutex
inline functions non-inlined.  Hide parts of the mutex implementation that
should not be exposed.

Make sure that WITNESS code is not executed during boot until the mutexes
are fully initialized by SI_SUB_MUTEX (the original motivation for this
commit).

Submitted by:	peter
2001-01-21 22:34:43 +00:00
David Malone
7cc0979fd6 Convert more malloc+bzero to malloc+M_ZERO.
Submitted by:	josh@zipperup.org
Submitted by:	Robert Drehmel <robd@gmx.net>
2000-12-08 21:51:06 +00:00
Jonathan Lemon
df5e198723 Lock down the network interface queues. The queue mutex must be obtained
before adding/removing packets from the queue.  Also, the if_obytes and
if_omcasts fields should only be manipulated under protection of the mutex.

IF_ENQUEUE, IF_PREPEND, and IF_DEQUEUE perform all necessary locking on
the queue.  An IF_LOCK macro is provided, as well as the old (mutex-less)
versions of the macros in the form _IF_ENQUEUE, _IF_QFULL, for code which
needs them, but their use is discouraged.

Two new macros are introduced: IF_DRAIN() to drain a queue, and IF_HANDOFF,
which takes care of locking/enqueue, and also statistics updating/start
if necessary.
2000-11-25 07:35:38 +00:00
Poul-Henning Kamp
db7e3af111 Remove unneeded #include <machine/clock.h> 2000-10-15 14:19:01 +00:00
Jun-ichiro itojun Hagino
41b3e8e5bf make sure we have root priv on SIOCSIFPHY*. from thorpej@netbsd 2000-10-04 23:16:29 +00:00
Archie Cobbs
66ce51cec7 Export the functionality of SIOCSIFLLADDR with if_setlladdr()
and add some more rigorous sanity checking in the process.

Reviewed by:	freebsd-net
2000-08-15 00:48:38 +00:00
Jun-ichiro itojun Hagino
978ee2ed92 improve route/nd cache cleanup on interface removal.
CAVEAT: haven't really tested it yet, please report
2000-07-16 01:46:42 +00:00
Archie Cobbs
c38d75f43d Previous commit didn't work; this time really fix it. 2000-06-30 16:38:24 +00:00
Archie Cobbs
6ec86086e7 Fix kernel build breakage when 'device ether' was not included. 2000-06-29 19:14:28 +00:00
Archie Cobbs
e1e1452d61 Make the ng_ether(4) node type dynamically loadable like the rest.
This means 'options NETGRAPH' is no longer necessary in order to get
netgraph-enabled Ethernet interfaces. This supports loading/unloading
the ng_ether.ko and attaching/detaching the Ethernet interface in any
order.

Add two new hooks 'upper' and 'lower' to allow access to the protocol
demux engine and the raw device, respectively. This enables bridging
to be defined as a netgraph node, if so desired.

Reviewed by:	freebsd-net@freebsd.org
2000-06-26 23:34:54 +00:00
Bill Paul
b106252c19 Implement SIOCSIFLLADDR, which allows you to change the link-level
address on an interface. This basically allows you to do what my
little setmac module/utility does via ifconfig. This involves the
following changes:

socket.h: define SIOCSIFLLADDR
if.c: add support for SIOCSIFLLADDR, which resets the values in
      the arpcom struct and sockaddr_dl for the specified interface.
      Note that if the interface is already up, we need to down/up
      it in order to program the underlying hardware's receive filter.
ifconfig.c: add lladdr command
ifconfig.8: document lladdr command

You can now force the MAC address on any ethernet interface to be
whatever you want. (The change is not sticky across reboots of course:
we don't actually reprogram the EEPROM or anything.) Actually, you
can reprogram the MAC address on other kinds of interfaces too; this
shouldn't be ethernet-specific (though at the moment it's limited to
6 bytes of address data).

Nobody ran up to me and said "this is the politically correct way to
do this!" so I don't want to hear any complaints from people who think
I could have done it more elegantly. Consider yourselves lucky I didn't
do it by having ifconfig tread all over /dev/kmem.
2000-06-16 20:14:43 +00:00
Guido van Rooij
d91a068efb IOCGIFCONF once and for all. Sometimes the ifc_len variable
would be returned with a wrong value.
While we're here, get rid of unnecessary panic call.

PR:		17311, 12996, 14457
Submitted by:	Patrick Bihan-Faou <patrick@mindstep.com>,
		Kris Kennaway <kris@FreeBSD.org>
2000-04-21 17:48:48 +00:00
Guido van Rooij
b3f1e629e9 This fixes a problem where the SIOCGIFCONF ioctl goes wrong. This
is triggered when qmail is used with INET6 enabled.  The bug
manifests itself in that the space variable can become negative
and that in the comparison in the guards of the 2 loops, this was
not noticed because sizeof() returns an unsigned and thus the signed
variable gets promoted to unsigned. I decided not to make space
unsigned because I think we should guard against this from happening.
Thus panic() in case space becomes negative.

Approved by:	jkh
2000-02-28 19:30:25 +00:00
Yoshinobu Inoue
3411310dfb Add workaround for fxp issue at interface initialization with IPv6.
Some LAN card chip for fxp is known to cause problem at
  interface initialization with IPv6 enabled. It happens at
  some delicate timing.
  And also, just adding some DELAY before IPv6 address
  autoconfiguration is known to avoid the problem.

  Complete fix is changing the driver not to use interrupt at
  multicast filter initialization, but trying such change in
  this stage will be dangerous.

  So I add some DELAY() only inside #ifdef INET6 part,
  as temporal workaround only for 4.0.

Approbed by: jkh

Noticed by: Mattias Pantzare <pantzer@ludd.luth.se>

Obtained from: openbsd-tech mailing list
2000-02-01 15:49:37 +00:00
Ruslan Ermilov
48f71763a8 Notify user processes about interface's MTU change.
Reviewed by:	wollman, freebsd-net
2000-01-24 08:53:39 +00:00
Yoshinobu Inoue
0d0f9d1ed6 Prevent kernel panic at ifconfig up after Note PC resume.
Submitted by: imp, kuriyama
Reviewed by: imp
1999-12-30 18:29:55 +00:00
Warner Losh
5500d3bedf Two more fixes to if_detach. These are generic to all interfaces and
do not pollute the interface further.

o Run if_detach at splnet().
o Creatively swipe the relevant parts of the netatm atm_nif_detach
  which will delete the relevant references to the interface going
  away.
1999-12-17 06:46:07 +00:00
Boris Popov
8b7805e44e Allow ifunit() routine to understand names like ed0f2. Also
fix a bug caused by using bcmp() instead of strcmp().

Reviewed by:	Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
1999-12-13 15:57:11 +00:00
Warner Losh
aa6be122fd Add some gross ad-hock hacks to increase stability of if_detach:
o be more careful about clearing addresses (this isn't a kludge)
o For AF_INET interfaces, call SIOCDIFFADDR to remove last(?) bit
  of cruft.

Special cases for AF_INET shouldn't be here, but I didn't see a good
generic way of doing this.  If I missed something, please let me know.

This gross hack makes pccard ejection stable for ethernet cards.

Submitted by: Atushi Onoe-san
1999-12-10 16:31:25 +00:00
Yoshinobu Inoue
cfa1ca9dfa udp IPv6 support, IPv6/IPv4 tunneling support in kernel,
packet divert at kernel for IPv6/IPv4 translater daemon

This includes queue related patch submitted by jburkhol@home.com.

Submitted by: queue related patch from jburkhol@home.com
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
1999-12-07 17:39:16 +00:00
Yoshinobu Inoue
82cd038d51 KAME netinet6 basic part(no IPsec,no V6 Multicast Forwarding, no UDP/TCP
for IPv6 yet)

With this patch, you can assigne IPv6 addr automatically, and can reply to
IPv6 ping.

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
1999-11-22 02:45:11 +00:00
Sheldon Hearn
cd9e4cab46 For every "promiscuous mode enabled" message printed for an interface,
print a matching "disabled" message when we drop out of promiscuous
mode for that interface.

Discussed on the freebsd-hackers mailing list.
1999-08-30 11:55:30 +00:00
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Brian Somers
aab3beeede Define IF_MAXMTU and IF_MINMTU and don't allow MTUs with
out-of-range values.

``comparison is always 0'' warnings are silly !

Ok'd by:	wollman, dg
Advised by:	bde
1999-08-06 13:53:03 +00:00
Poul-Henning Kamp
413dd0ba39 Add a new interface ioctl, to return "aux status".
This is inteded for to allow ifconfig to print various unstructured
information from an interface.

The data is returned from the kernel in ASCII form, see the comment in
if.h for some technicalities.

Canonical cut&paste example to be found in if_tun.c

Initial use:
        Now tun* interfaces tell the PID of the process which opened them.

Future uses could be (volounteers welcome!):
        Have ppp/slip interfaces tell which tty they use.
        Make sync interfaces return their media state: red/yellow/blue
        alarm, timeslot assignment and so on.
        Make ethernets warn about missing heartbeats and/or cables
1999-06-19 18:42:31 +00:00
Poul-Henning Kamp
2f55ead758 typo in previous commit 1999-06-06 09:28:01 +00:00
Poul-Henning Kamp
cf4b937128 Introduce IFF_SMART bit.
This means that the driver will add/delete routes when it knows it is
up/down, rather than have the generic code belive it is up if configured.

This is probably most useful for serial lines, although many PHY chips
could probably tell us if we're connected to the cable/hub as well.
1999-06-06 09:17:51 +00:00
Poul-Henning Kamp
75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
Poul-Henning Kamp
f711d546d2 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
Peter Wemm
8ba5bdae2a Protect the ifinit() function's internals with splimp() for safety since
it used to be that way. I'm not sure that it's needed, but it does
walk the ifp list..

Incidently, there's nothing to sanity check the ifq_maxlen on loaded
interfaces..
1999-04-26 09:02:40 +00:00
Peter Wemm
6182fdbda8 Bring the 'new-bus' to the i386. This extensively changes the way the
i386 platform boots, it is no longer ISA-centric, and is fully dynamic.
Most old drivers compile and run without modification via 'compatability
shims' to enable a smoother transition.  eisa, isapnp and pccard* are
not yet using the new resource manager.  Once fully converted, all drivers
will be loadable, including PCI and ISA.

(Some other changes appear to have snuck in, including a port of Soren's
 ATA driver to the Alpha.  Soren, back this out if you need to.)

This is a checkpoint of work-in-progress, but is quite functional.

The bulk of the work was done over the last few years by Doug Rabson and
Garrett Wollman.

Approved by:	core
1999-04-16 21:22:55 +00:00