summaryrefslogtreecommitdiffstats
path: root/sys/net/bpfdesc.h
Commit message (Collapse)AuthorAgeFilesLines
* Modify the MAC Framework so that instead of embedding a (struct label)rwatson2003-11-121-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | in various kernel objects to represent security data, we embed a (struct label *) pointer, which now references labels allocated using a UMA zone (mac_label.c). This allows the size and shape of struct label to be varied without changing the size and shape of these kernel objects, which become part of the frozen ABI with 5-STABLE. This opens the door for boot-time selection of the number of label slots, and hence changes to the bound on the number of simultaneous labeled policies at boot-time instead of compile-time. This also makes it easier to embed label references in new objects as required for locking/caching with fine-grained network stack locking, such as inpcb structures. This change also moves us further in the direction of hiding the structure of kernel objects from MAC policy modules, not to mention dramatically reducing the number of '&' symbols appearing in both the MAC Framework and MAC policy modules, and improving readability. While this results in minimal performance change with MAC enabled, it will observably shrink the size of a number of critical kernel data structures for the !MAC case, and should have a small (but measurable) performance benefit (i.e., struct vnode, struct socket) do to memory conservation and reduced cost of zeroing memory. NOTE: Users of MAC must recompile their kernel and all MAC modules as a result of this change. Because this is an API change, third party MAC modules will also need to be updated to make less use of the '&' symbol. Suggestions from: bmilekic Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* add support for using kqueue to watch bpf sockets.jmg2003-08-051-0/+6
| | | | | Submitted by: Brian Buchanan of nCircle, Inc. Tested on: i386 and sparc64
* o add support for multiple link types per interface (e.g. 802.11 and Ethernet)sam2002-11-141-0/+1
| | | | | | | | | | o introduce BPF_TAP and BPF_MTAP macros to hide implementation details and ease code portability o use m_getcl where appropriate Reviewed by: many Approved by: re Obtained from: NetBSD (multiple link type support)
* Move to nested include of _label.h instead of mac.h, reducing namespacerwatson2002-08-141-1/+1
| | | | | | | | pollution. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs Suggested by: bde
* Introduce support for Mandatory Access Control and extensiblerwatson2002-07-301-0/+2
| | | | | | | | | | | | | kernel access control. Label BPF descriptor objects, permitting security features to be maintained on those objects. bd_label will be used to authorize data flow from network interfaces to user processes. BPF labels are protected using the same synchronization model as other mutable data in the BPF descriptor. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Make bpf's read timeout feature work more correctly withjdp2001-12-141-0/+7
| | | | | | | | | | | | | | | | | | | | | select/poll, and therefore with pthreads. I doubt there is any way to make this 100% semantically identical to the way it behaves in unthreaded programs with blocking reads, but the solution here should do the right thing for all reasonable usage patterns. The basic idea is to schedule a callout for the read timeout when a select/poll is done. When the callout fires, it ends the select if it is still in progress, or marks the state as "timed out" if the select has already ended for some other reason. Additional logic in bpfread then does the right thing in the case where the timeout has fired. Note, I co-opted the bd_state member of the bpf_d structure. It has been present in the structure since the initial import of 4.4-lite, but as far as I can tell it has never been used. PR: kern/22063 and bin/31649 MFC after: 3 days
* KSE Milestone 2julian2001-09-121-1/+1
| | | | | | | | | | | | | | Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process. Sorry john! (your next MFC will be a doosie!) Reviewed by: peter@freebsd.org, dillon@freebsd.org X-MFC after: ha ha ha ha
* Add mutexes to the entire bpf subsystem to make it MPSAFE.jlemon2001-02-161-0/+8
| | | | Previously reviewed by: jhb, bde
* select() DKI is now in <sys/selinfo.h>.wollman2001-01-091-1/+1
|
* Introduce a new bd_seesent flag to the BPF descriptor, indicating whether orrwatson2000-03-181-0/+1
| | | | | | | | | | | | | | | | not the current BPF device should report locally generated packets or not. This allows sniffing applications to see only packets that are not generated locally, which can be useful for debugging bridging problems, or other situations where MAC addresses are not sufficient to identify locally sourced packets. Default to true for this flag, so as to provide existing behavior by default. Introduce two new ioctls, BIOCGSEESENT and BIOCSSEESENT, which may be used to manipulate this flag from userland, given appropriate privilege. Modify bpf.4 to document these two new ioctl arguments. Reviewed by: asmodai
* Implement pseudo_AF_HDRCMPLT, which controls the state of the 'headermsmith1999-10-151-0/+1
| | | | | | | | | | completion' flag. If set, the interface output routine will assume that the packet already has a valid link-level source address. This defaults to off (the address is overwritten) PR: kern/10680 Submitted by: "Christopher N . Harrell" <cnh@mindspring.net> Obtained from: NetBSD
* $Id$ -> $FreeBSD$peter1999-08-281-1/+1
|
* I got another batch of suggestions for cosmetic changes from bde.truckman1998-11-111-2/+2
|
* Installed the second patch attached to kern/7899 with some changes suggestedtruckman1998-11-111-2/+2
| | | | | | | | | | | | | | | | by bde, a few other tweaks to get the patch to apply cleanly again and some improvements to the comments. This change closes some fairly minor security holes associated with F_SETOWN, fixes a few bugs, and removes some limitations that F_SETOWN had on tty devices. For more details, see the description on the PR. Because this patch increases the size of the proc and pgrp structures, it is necessary to re-install the includes and recompile libkvm, the vinum lkm, fstat, gcore, gdb, ipfilter, ps, top, and w. PR: kern/7899 Reviewed by: bde, elvind
* Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are notpeter1997-02-221-1/+1
| | | | ready for it yet.
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-141-1/+1
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Clean up Ethernet drivers:wollman1996-02-061-2/+1
| | | | | | | | - fill in and use ifp->if_softc - use if_bpf rather than private cookie variables - change bpf interface to take advantage of this - call ether_ifattach() directly from Ethernet drivers - delete kludge in if_attach() that did this indirectly
* Fix a bunch of spelling errors in the comment fields ofmpp1996-01-301-2/+2
| | | | a bunch of system include files.
* Another mega commit to staticize things.phk1995-12-141-5/+1
|
* Give the BPF the ability to generate signals when a packet is available.pst1995-06-151-1/+4
| | | | | Reviewed by: pst & wollman Submitted by: grossman@cygnus.com
* Make idempotent.paul1994-08-211-1/+6
| | | | Submitted by: Paul
* Added $Id$dg1994-08-021-1/+1
|
* The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch.rgrimes1994-05-251-0/+2
| | | | | Reviewed by: Rodney W. Grimes Submitted by: John Dyson and David Greenman
* BSD 4.4 Lite Kernel Sourcesrgrimes1994-05-241-0/+98
OpenPOWER on IntegriCloud