Sweep kernel replacing suser(9) calls with priv(9) calls, assigning

specific privilege names to a broad range of privileges. These may require some future tweaking. Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
author: rwatson <rwatson@FreeBSD.org> 2006-11-06 13:42:10 +0000
committer: rwatson <rwatson@FreeBSD.org> 2006-11-06 13:42:10 +0000
commit: 10d0d9cf473dc5f0ce1bf263ead445ffe7819154 (patch)
tree: b9dd284620eeaddbff089cef10e4b1afb7918279 /sys/net
parent: 7288104e2094825a9c98b9923f039817a76e2983 (diff)
download: FreeBSD-src-10d0d9cf473dc5f0ce1bf263ead445ffe7819154.zip
FreeBSD-src-10d0d9cf473dc5f0ce1bf263ead445ffe7819154.tar.gz
11 files changed, 141 insertions, 47 deletions
diff --git a/sys/net/bpf.c b/sys/net/bpf.c
index 571d730..3389e1f 100644
--- a/sys/net/bpf.c
+++ b/sys/net/bpf.c
@@ -48,6 +48,7 @@
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/time.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/signalvar.h>
 #include <sys/filio.h>
@@ -1724,7 +1725,7 @@ bpf_stats_sysctl(SYSCTL_HANDLER_ARGS)
 	 * if the users who opened the devices were able to retrieve
 	 * the statistics for them, too.
 	 */
-	error = suser(req->td);
+	error = priv_check(req->td, PRIV_NET_BPF);
 	if (error)
 		return (error);
 	if (req->oldptr == NULL)
diff --git a/sys/net/if.c b/sys/net/if.c
index ba981d4..ad32a44 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -44,6 +44,7 @@
 #include <sys/bus.h>
 #include <sys/mbuf.h>
 #include <sys/systm.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
@@ -1489,7 +1490,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 		break;
 
 	case SIOCSIFFLAGS:
-		error = suser(td);
+		error = priv_check(td, PRIV_NET_SETIFFLAGS);
 		if (error)
 			return (error);
 		/*
@@ -1532,7 +1533,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 		break;
 
 	case SIOCSIFCAP:
-		error = suser(td);
+		error = priv_check(td, PRIV_NET_SETIFCAP);
 		if (error)
 			return (error);
 		if (ifp->if_ioctl == NULL)
@@ -1553,8 +1554,8 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 #endif
 
 	case SIOCSIFNAME:
-		error = suser(td);
-		if (error != 0)
+		error = priv_check(td, PRIV_NET_SETIFNAME);
+		if (error)
 			return (error);
 		error = copyinstr(ifr->ifr_data, new_name, IFNAMSIZ, NULL);
 		if (error != 0)
@@ -1600,7 +1601,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 		break;
 
 	case SIOCSIFMETRIC:
-		error = suser(td);
+		error = priv_check(td, PRIV_NET_SETIFMETRIC);
 		if (error)
 			return (error);
 		ifp->if_metric = ifr->ifr_metric;
@@ -1608,7 +1609,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 		break;
 
 	case SIOCSIFPHYS:
-		error = suser(td);
+		error = priv_check(td, PRIV_NET_SETIFPHYS);
 		if (error)
 			return (error);
 		if (ifp->if_ioctl == NULL)
@@ -1624,7 +1625,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 	{
 		u_long oldmtu = ifp->if_mtu;
 
-		error = suser(td);
+		error = priv_check(td, PRIV_NET_SETIFMTU);
 		if (error)
 			return (error);
 		if (ifr->ifr_mtu < IF_MINMTU || ifr->ifr_mtu > IF_MAXMTU)
@@ -1651,7 +1652,10 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 
 	case SIOCADDMULTI:
 	case SIOCDELMULTI:
-		error = suser(td);
+		if (cmd == SIOCADDMULTI)
+			error = priv_check(td, PRIV_NET_ADDMULTI);
+		else
+			error = priv_check(td, PRIV_NET_DELMULTI);
 		if (error)
 			return (error);
 
@@ -1681,7 +1685,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 	case SIOCSLIFPHYADDR:
 	case SIOCSIFMEDIA:
 	case SIOCSIFGENERIC:
-		error = suser(td);
+		error = priv_check(td, PRIV_NET_HWIOCTL);
 		if (error)
 			return (error);
 		if (ifp->if_ioctl == NULL)
@@ -1710,7 +1714,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 		break;
 
 	case SIOCSIFLLADDR:
-		error = suser(td);
+		error = priv_check(td, PRIV_NET_SETLLADDR);
 		if (error)
 			return (error);
 		error = if_setlladdr(ifp,
@@ -1721,7 +1725,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 	{
 		struct ifgroupreq *ifgr = (struct ifgroupreq *)ifr;
 
-		error = suser(td);
+		error = priv_check(td, PRIV_NET_ADDIFGROUP);
 		if (error)
 			return (error);
 		if ((error = if_addgroup(ifp, ifgr->ifgr_group)))
@@ -1738,7 +1742,7 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 	{
 		struct ifgroupreq *ifgr = (struct ifgroupreq *)ifr;
 
-		error = suser(td);
+		error = priv_check(td, PRIV_NET_DELIFGROUP);
 		if (error)
 			return (error);
 		if ((error = if_delgroup(ifp, ifgr->ifgr_group)))
@@ -1777,12 +1781,14 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct thread *td)
 	switch (cmd) {
 	case SIOCIFCREATE:
 	case SIOCIFCREATE2:
-		if ((error = suser(td)) != 0)
+		error = priv_check(td, PRIV_NET_IFCREATE);
+		if (error)
 			return (error);
 		return (if_clone_create(ifr->ifr_name, sizeof(ifr->ifr_name),
 			cmd == SIOCIFCREATE2 ? ifr->ifr_data : NULL));
 	case SIOCIFDESTROY:
-		if ((error = suser(td)) != 0)
+		error = priv_check(td, PRIV_NET_IFDESTROY);
+		if (error)
 			return (error);
 		return if_clone_destroy(ifr->ifr_name);
 
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index 35bbfa4..83866ee 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -101,6 +101,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/sysctl.h>
 #include <vm/uma.h>
 #include <sys/module.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/lock.h>
 #include <sys/mutex.h>
@@ -694,7 +695,7 @@ bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		}
 
 		if (bc->bc_flags & BC_F_SUSER) {
-			error = suser(td);
+			error = priv_check(td, PRIV_NET_BRIDGE);
 			if (error)
 				break;
 		}
diff --git a/sys/net/if_gre.c b/sys/net/if_gre.c
index 2aa7b52..ebd0226 100644
--- a/sys/net/if_gre.c
+++ b/sys/net/if_gre.c
@@ -57,6 +57,7 @@
 #include <sys/malloc.h>
 #include <sys/module.h>
 #include <sys/mbuf.h>
+#include <sys/priv.h>
 #include <sys/protosw.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
@@ -452,7 +453,11 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 	case SIOCSIFDSTADDR:
 		break;
 	case SIOCSIFFLAGS:
-		if ((error = suser(curthread)) != 0)
+		/*
+		 * XXXRW: Isn't this suser() redundant to the ifnet layer
+		 * check?
+		 */
+		if ((error = priv_check(curthread, PRIV_NET_SETIFFLAGS)) != 0)
 			break;
 		if ((ifr->ifr_flags & IFF_LINK0) != 0)
 			sc->g_proto = IPPROTO_GRE;
@@ -464,7 +469,11 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 			sc->wccp_ver = WCCP_V1;
 		goto recompute;
 	case SIOCSIFMTU:
-		if ((error = suser(curthread)) != 0)
+		/*
+		 * XXXRW: Isn't this suser() redundant to the ifnet layer
+		 * check?
+		 */
+		if ((error = priv_check(curthread, PRIV_NET_SETIFMTU)) != 0)
 			break;
 		if (ifr->ifr_mtu < 576) {
 			error = EINVAL;
@@ -476,8 +485,36 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		ifr->ifr_mtu = GRE2IFP(sc)->if_mtu;
 		break;
 	case SIOCADDMULTI:
+		/*
+		 * XXXRW: Isn't this suser() redundant to the ifnet layer
+		 * check?
+		 */
+		if ((error = priv_check(curthread, PRIV_NET_ADDMULTI)) != 0)
+			break;
+		if (ifr == 0) {
+			error = EAFNOSUPPORT;
+			break;
+		}
+		switch (ifr->ifr_addr.sa_family) {
+#ifdef INET
+		case AF_INET:
+			break;
+#endif
+#ifdef INET6
+		case AF_INET6:
+			break;
+#endif
+		default:
+			error = EAFNOSUPPORT;
+			break;
+		}
+		break;
 	case SIOCDELMULTI:
-		if ((error = suser(curthread)) != 0)
+		/*
+		 * XXXRW: Isn't this suser() redundant to the ifnet layer
+		 * check?
+		 */
+		if ((error = priv_check(curthread, PRIV_NET_DELIFGROUP)) != 0)
 			break;
 		if (ifr == 0) {
 			error = EAFNOSUPPORT;
@@ -498,7 +535,11 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		}
 		break;
 	case GRESPROTO:
-		if ((error = suser(curthread)) != 0)
+		/*
+		 * XXXRW: Isn't this suser() redundant to the ifnet layer
+		 * check?
+		 */
+		if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0)
 			break;
 		sc->g_proto = ifr->ifr_flags;
 		switch (sc->g_proto) {
@@ -518,8 +559,9 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		break;
 	case GRESADDRS:
 	case GRESADDRD:
-		if ((error = suser(curthread)) != 0)
-			break;
+		error = priv_check(curthread, PRIV_NET_GRE);
+		if (error)
+			return (error);
 		/*
 		 * set tunnel endpoints, compute a less specific route
 		 * to the remote end and mark if as up
@@ -584,7 +626,11 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		ifr->ifr_addr = *sa;
 		break;
 	case SIOCSIFPHYADDR:
-		if ((error = suser(curthread)) != 0)
+		/*
+		 * XXXRW: Isn't this suser() redundant to the ifnet layer
+		 * check?
+		 */
+		if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
 			break;
 		if (aifr->ifra_addr.sin_family != AF_INET ||
 		    aifr->ifra_dstaddr.sin_family != AF_INET) {
@@ -600,7 +646,11 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		sc->g_dst = aifr->ifra_dstaddr.sin_addr;
 		goto recompute;
 	case SIOCSLIFPHYADDR:
-		if ((error = suser(curthread)) != 0)
+		/*
+		 * XXXRW: Isn't this suser() redundant to the ifnet layer
+		 * check?
+		 */
+		if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
 			break;
 		if (lifr->addr.ss_family != AF_INET ||
 		    lifr->dstaddr.ss_family != AF_INET) {
@@ -617,7 +667,11 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		    (satosin(&lifr->dstaddr))->sin_addr;
 		goto recompute;
 	case SIOCDIFPHYADDR:
-		if ((error = suser(curthread)) != 0)
+		/*
+		 * XXXRW: Isn't this suser() redundant to the ifnet layer
+		 * check?
+		 */
+		if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
 			break;
 		sc->g_src.s_addr = INADDR_ANY;
 		sc->g_dst.s_addr = INADDR_ANY;
diff --git a/sys/net/if_ppp.c b/sys/net/if_ppp.c
index 87f9a41..d01ed8f 100644
--- a/sys/net/if_ppp.c
+++ b/sys/net/if_ppp.c
@@ -87,6 +87,7 @@
 
 #include <sys/param.h>
 #include <sys/systm.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
@@ -451,7 +452,8 @@ pppioctl(sc, cmd, data, flag, td)
 	break;
 
     case PPPIOCSFLAGS:
-	if ((error = suser(td)) != 0)
+	error = priv_check(td, PRIV_NET_PPP);
+	if (error)
 	    break;
 	flags = *(int *)data & SC_MASK;
 	s = splsoftnet();
@@ -465,8 +467,9 @@ pppioctl(sc, cmd, data, flag, td)
 	break;
 
     case PPPIOCSMRU:
-	if ((error = suser(td)) != 0)
-	    return (error);
+	error = priv_check(td, PRIV_NET_PPP);
+	if (error)
+		return (error);
 	mru = *(int *)data;
 	if (mru >= PPP_MRU && mru <= PPP_MAXMRU)
 	    sc->sc_mru = mru;
@@ -478,7 +481,8 @@ pppioctl(sc, cmd, data, flag, td)
 
 #ifdef VJC
     case PPPIOCSMAXCID:
-	if ((error = suser(td)) != 0)
+	error = priv_check(td, PRIV_NET_PPP);
+	if (error)
 	    break;
 	if (sc->sc_comp) {
 	    s = splsoftnet();
@@ -489,14 +493,16 @@ pppioctl(sc, cmd, data, flag, td)
 #endif
 
     case PPPIOCXFERUNIT:
-	if ((error = suser(td)) != 0)
+	error = priv_check(td, PRIV_NET_PPP);
+	if (error)
 	    break;
 	sc->sc_xfer = p->p_pid;
 	break;
 
 #ifdef PPP_COMPRESS
     case PPPIOCSCOMPRESS:
-	if ((error = suser(td)) != 0)
+	error = priv_check(td, PRIV_NET_PPP);
+	if (error)
 	    break;
 	odp = (struct ppp_option_data *) data;
 	nb = odp->length;
@@ -569,7 +575,8 @@ pppioctl(sc, cmd, data, flag, td)
 	if (cmd == PPPIOCGNPMODE) {
 	    npi->mode = sc->sc_npmode[npx];
 	} else {
-	    if ((error = suser(td)) != 0)
+	    error = priv_check(td, PRIV_NET_PPP);
+	    if (error)
 		break;
 	    if (npi->mode != sc->sc_npmode[npx]) {
 		s = splsoftnet();
@@ -695,6 +702,10 @@ pppsioctl(ifp, cmd, data)
 	break;
 
     case SIOCSIFMTU:
+	/*
+	 * XXXRW: Isn't this suser() check redundant to the one at the ifnet
+	 * layer?
+	 */
 	if ((error = suser(td)) != 0)
 	    break;
 	if (ifr->ifr_mtu > PPP_MAXMTU)
diff --git a/sys/net/if_sl.c b/sys/net/if_sl.c
index d33e081..3e33970 100644
--- a/sys/net/if_sl.c
+++ b/sys/net/if_sl.c
@@ -68,6 +68,7 @@
 #include <sys/systm.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
@@ -366,7 +367,7 @@ slopen(struct cdev *dev, register struct tty *tp)
 	register struct sl_softc *sc;
 	int s, error;
 
-	error = suser(curthread);
+	error = priv_check(curthread, PRIV_NET_SLIP);
 	if (error)
 		return (error);
 
diff --git a/sys/net/if_tap.c b/sys/net/if_tap.c
index 05b39d0..ddb14cd 100644
--- a/sys/net/if_tap.c
+++ b/sys/net/if_tap.c
@@ -47,6 +47,7 @@
 #include <sys/mbuf.h>
 #include <sys/module.h>
 #include <sys/poll.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/selinfo.h>
 #include <sys/signalvar.h>
@@ -373,10 +374,13 @@ tapopen(struct cdev *dev, int flag, int mode, struct thread *td)
 {
 	struct tap_softc	*tp = NULL;
 	struct ifnet		*ifp = NULL;
-	int			 s;
+	int			 error, s;
 
-	if (tapuopen == 0 && suser(td) != 0)
-		return (EPERM);
+	if (tapuopen == 0) {
+		error = priv_check(td, PRIV_NET_TAP);
+		if (error)
+			return (error);
+	}
 
 	if ((dev2unit(dev) & CLONE_UNITMASK) > TAPMAXUNIT)
 		return (ENXIO);
diff --git a/sys/net/if_tun.c b/sys/net/if_tun.c
index 610c4b5..b313b18 100644
--- a/sys/net/if_tun.c
+++ b/sys/net/if_tun.c
@@ -23,6 +23,7 @@
 #include "opt_mac.h"
 
 #include <sys/param.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/systm.h>
 #include <sys/mbuf.h>
@@ -597,9 +598,11 @@ tunioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td
 		tunp = (struct tuninfo *)data;
 		if (tunp->mtu < IF_MINMTU)
 			return (EINVAL);
-		if (TUN2IFP(tp)->if_mtu != tunp->mtu
-		&& (error = suser(td)) != 0)
-			return (error);
+		if (TUN2IFP(tp)->if_mtu != tunp->mtu) {
+			error = priv_check(td, PRIV_NET_SETIFMTU);
+			if (error)
+				return (error);
+		}
 		TUN2IFP(tp)->if_mtu = tunp->mtu;
 		TUN2IFP(tp)->if_type = tunp->type;
 		TUN2IFP(tp)->if_baudrate = tunp->baudrate;
diff --git a/sys/net/ppp_tty.c b/sys/net/ppp_tty.c
index a90bfc8..6e79985 100644
--- a/sys/net/ppp_tty.c
+++ b/sys/net/ppp_tty.c
@@ -79,6 +79,7 @@
 
 #include <sys/param.h>
 #include <sys/systm.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
@@ -179,7 +180,8 @@ pppopen(dev, tp)
     register struct ppp_softc *sc;
     int error, s;
 
-    if ((error = suser(td)) != 0)
+    error = priv_check(td, PRIV_NET_PPP);
+    if (error)
 	return (error);
 
     s = spltty();
@@ -423,7 +425,8 @@ ppptioctl(tp, cmd, data, flag, td)
     error = 0;
     switch (cmd) {
     case PPPIOCSASYNCMAP:
-	if ((error = suser(td)) != 0)
+	error = priv_check(td, PRIV_NET_PPP);
+	if (error)
 	    break;
 	sc->sc_asyncmap[0] = *(u_int *)data;
 	break;
@@ -433,7 +436,8 @@ ppptioctl(tp, cmd, data, flag, td)
 	break;
 
     case PPPIOCSRASYNCMAP:
-	if ((error = suser(td)) != 0)
+	error = priv_check(td, PRIV_NET_PPP);
+	if (error)
 	    break;
 	sc->sc_rasyncmap = *(u_int *)data;
 	break;
@@ -443,7 +447,8 @@ ppptioctl(tp, cmd, data, flag, td)
 	break;
 
     case PPPIOCSXASYNCMAP:
-	if ((error = suser(td)) != 0)
+	error = priv_check(td, PRIV_NET_PPP);
+	if (error)
 	    break;
 	s = spltty();
 	bcopy(data, sc->sc_asyncmap, sizeof(sc->sc_asyncmap));
diff --git a/sys/net/raw_usrreq.c b/sys/net/raw_usrreq.c
index b584860..22f3e7b 100644
--- a/sys/net/raw_usrreq.c
+++ b/sys/net/raw_usrreq.c
@@ -36,6 +36,7 @@
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/mutex.h>
+#include <sys/priv.h>
 #include <sys/protosw.h>
 #include <sys/signalvar.h>
 #include <sys/socket.h>
@@ -171,8 +172,11 @@ raw_uattach(struct socket *so, int proto, struct thread *td)
 	 */
 	KASSERT(sotorawcb(so) != NULL, ("raw_uattach: so_pcb == NULL"));
 
-	if (td && (error = suser(td)) != 0)
-		return error;
+	if (td != NULL) {
+		error = priv_check(td, PRIV_NET_RAW);
+		if (error)
+			return error;
+	}
 	return raw_attach(so, proto);
 }
 
diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c
index c4eebf7..c13f4ec 100644
--- a/sys/net/rtsock.c
+++ b/sys/net/rtsock.c
@@ -36,6 +36,7 @@
 #include <sys/jail.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
+#include <sys/priv.h>
 #include <sys/proc.h>
 #include <sys/protosw.h>
 #include <sys/signalvar.h>
@@ -372,8 +373,11 @@ route_output(struct mbuf *m, struct socket *so)
 	 * Verify that the caller has the appropriate privilege; RTM_GET
 	 * is the only operation the non-superuser is allowed.
 	 */
-	if (rtm->rtm_type != RTM_GET && (error = suser(curthread)) != 0)
-		senderr(error);
+	if (rtm->rtm_type != RTM_GET) {
+		error = priv_check(curthread, PRIV_NET_ROUTE);
+		if (error)
+			senderr(error);
+	}
 
 	switch (rtm->rtm_type) {
 		struct rtentry *saved_nrt;
author	rwatson <rwatson@FreeBSD.org>	2006-11-06 13:42:10 +0000
committer	rwatson <rwatson@FreeBSD.org>	2006-11-06 13:42:10 +0000
commit	10d0d9cf473dc5f0ce1bf263ead445ffe7819154 (patch)
tree	b9dd284620eeaddbff089cef10e4b1afb7918279 /sys/net
parent	7288104e2094825a9c98b9923f039817a76e2983 (diff)
download	FreeBSD-src-10d0d9cf473dc5f0ce1bf263ead445ffe7819154.zip FreeBSD-src-10d0d9cf473dc5f0ce1bf263ead445ffe7819154.tar.gz