| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
Note that it is not critical because bpf_filter(9) returns zero
when it encounters invalid code at run time.
MFC after: 1 month
|
| |
|
|
|
|
|
| |
A badly written filter was able to reference invalid addresses,
even cause kernel crash.
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
Previously it may have contained unnecessary (even sensitive) data from
the previous allocation.
As a (good) side effect, scratch memory may be used to store the previous
filter state(s) safely because it is allocated and freed with filter itself.
However, use it carefully because bpf_filter(9) does not have this behavior.
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
if_ethersubr.c. CTASSERT is implemented using a dummy typedef, which if
used in a header file may conflict with another CTASSERT in a source file
using that header.
I'll make a note of this in CTASSERT's man page.
Approved by: imp
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
| |
We have constified 'struct bpf_insn *' for bpf_filter(9) and bpf_validate(9)
since r1.19 but they conflict with pcap.h from libpcap.
|
| | |
|
| | |
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
|
|
|
| |
Remove all the OtherBSD ifdefs. They are very out of date at this
point. OtherBSD doesn't use this file verbatim, and they don't have
FreeBSD ifdefs in their code.
Reviewed by: bms@, joerg@
|
| |
|
|
|
|
|
| |
ifa_ifwithnet() look more similar by comparing the pointer to NULL
in both cases.
MFC after: 3 months
|
| | |
|
| | |
|
| |
|
|
| |
a few days ago.
|
| |
|
|
| |
- Update copyrights and fix style(9).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
|
| |
|
|
|
|
| |
support TSO, this can always be disabled manually if undesirable.
Pointed out by: gallatin
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Right now the bpf(4) driver uses the cloning API to generate /dev/bpf%u.
When an application such as tcpdump needs a BPF, it opens /dev/bpf0,
/dev/bpf1, etc. until it opens the first available device node. We used
this approach, because our devfs implementation didn't allow
per-descriptor data.
Now that we can, make it use devfs_get_cdevpriv() to obtain the private
data. To remain compatible with the existing implementation, add a
symlink from /dev/bpf0 to /dev/bpf. I've already changed libpcap to
compile with HAVE_CLONING_BPF, which makes it use /dev/bpf. There may be
other applications in the base system (dhclient) that use the loop to
obtain a valid bpf.
Discussed on: src-committers
Approved by: csjp
|
| |
|
|
|
|
|
| |
and processing IPSec traffic.
Approved by: gnn (mentor)
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
IFM_1000_T instead of the reverse. It is possible FreeBSD doesn't
even support 1000baseTX.
This changes ifconfig(8) output.
Requested by: gavin@ and bms@
See also: http://docs.freebsd.org/cgi/mid.cgi?20050307191901.H32508
|
| |
|
|
|
| |
MFC after: 1 month
X-MFC-to: stable/7, stable/6 has it right
|
| |
|
|
|
|
|
| |
There is no way for the caller to tell us which direction this packet is
going. With the bpf_mtap{2} routines, we can check the interface pointer.
MFC after: 2 weeks
|
| | |
|
| |
|
|
|
|
|
| |
support for bpf(4) due to hacks in the Y! tree for a truss32 binary
(since superseded by native support for 32-bit binaries in truss itself).
MFC after: 1 week
|
| |
|
|
|
|
| |
(Other more specific related options will follow)
This allows one to set multiple p2p links to the same place
and select which to use by having each in different FIBS.
|
| |
|
|
| |
Reviewed by: csjp
|
| |
|
|
|
|
|
|
|
|
| |
This MAY be combined by a clever person with the 'key' code recently
added, however a cursary glance suggest that it would be safer to just keep
the patches as it is unlikely that the two modes would be used together
and the separate patch has been extensively tested.
Obtained from: here and there
MFC after: 1 week
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
| |
is able to detect it and do hardware filtering.
|
| |
|
|
|
|
|
|
|
| |
it's non-NULL, as all callers can and should already do the required
checking. Update comments a bit more to talk about rawcb allocation
for consumers.
Reviewed by: bz
MFC after: 3 weeks
|
| |
|
|
|
|
|
|
| |
expose default send and receive socket buffer sizes using sysctls
so that they can be administered centrally.
Reviewed by: bz
MFC after: 3 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
socket support. These utility routines are used only for routing and
pfkey sockets, neither of which have a notion of address, so were
required to mock up fake socket addresses to avoid connection
requirements for applications that did not specify their own fake
addresses (most of them).
Quite a bit of the removed code is #ifdef notdef, since raw sockets
don't support bind() or connect() in practice. Removing this
simplifies the raw socket implementation, and removes two (commented
out) uses of dtom(9).
Fake addresses passed to sendto(2) by applications are ignored for
compatibility reasons, but this is now done in a more consistent way
(and with a comment). Possibly, EINVAL could be returned here in
the future if it is determined that no applications depend on the
semantic inconsistency of specifying a destination address for a
protocol without address support, but this will require some amount
of careful surveying.
NB: This does not affect netinet, netinet6, or other wire protocol
raw sockets, which provide their own independent infrastructure with
control block address support specific to the protocol.
MFC after: 3 weeks
Reviewed by: bz
|
| |
|
|
|
|
|
|
|
|
|
|
| |
just like BIOCSETF but it doesn't drop all the packets buffered on
the discriptor and reset the statistics.
Also, when setting the write filter, don't drop packets waiting to
be read or reset the statistics.
PR: 118486
Submitted by: Matthew Luckie <mluckie@cs.waikato.ac.nz>
MFC after: 1 month
|
| |
|
|
|
|
|
|
| |
is reclaimed by the kernel. This fixes a bug resulted in the kernel
over writing packet data while user-space was still processing it when
zerocopy is enabled. (Or a panic if invariants was enabled).
Discussed with: rwatson
|
| |
|
|
|
|
|
|
|
|
|
| |
- the protosw entries are used directly
- the usrreq functions are library routines, generally wrapped by
consumers rather than being used directly
- the usrreq structure entries are likewise typically wrapped
Remove the rather incorrect #if 0'd pr_input_t prototype for raw_input.
MFC after: 3 days
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dispatched without Giant, and add NETISR_FORCEQUEUE, which allows specific
netisr handlers to always be dispatched via a queue (deferred). Mark the
usb and if_ppp netisr handlers as NETISR_FORCEQUEUE, and explicitly
acquire Giant in those handlers.
Previously, any netisr handler not marked NETISR_MPSAFE would necessarily
run deferred and with Giant acquired. This change removes Giant
scaffolding from the netisr infrastructure, but NETISR_FORCEQUEUE allows
non-MPSAFE handlers to continue to force deferred dispatch so as to avoid
lock order reversals between their acqusition of Giant and any calling
context.
It is likely we will be able to remove NETISR_FORCEQUEUE once
IFF_NEEDSGIANT is removed, as non-MPSAFE usb and if_ppp drivers will no
longer be supported.
Reviewed by: bz
MFC after: 1 month
X-MFC note: We can't remove NETISR_MPSAFE from stable/7 for KPI reasons,
but the rest can go back.
|
| |
|
|
|
|
|
| |
disabled if one (or more) of the member interfaces does not support it. Always
turn off LRO since we can not bridge a combined frame.
Tested by: Stefan Lambrev
|
| |
|
|
|
|
|
|
|
| |
locally configured. This is more in line with the behaviour of other popular
bridging implementations and makes bridges more predictable after reboots for
example.
Reviewed by: thompsa
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
Now that the pseudo-interface cloner has an internal list of instances,
there is no need to create a softc. The softc only contains a pointer to
the ifp, which means there is no valid reason to keep it. While there,
remove the corresponding malloc-pool.
Approved by: philip (mentor)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
unsynchronized. While races were extremely rare, we've now had a
couple of reports of panics in environments involving large numbers of
IPSEC tunnels being added very quickly on an active system.
- Add accessor functions ifnet_byindex(), ifaddr_byindex(),
ifdev_byindex() to replace existing accessor macros. These functions
now acquire the ifnet lock before derefencing the table.
- Add IFNET_WLOCK_ASSERT().
- Add static accessor functions ifnet_setbyindex(), ifdev_setbyindex(),
which set values in the table either asserting of acquiring the ifnet
lock.
- Use accessor functions throughout if.c to modify and read
ifindex_table.
- Rework ifnet attach/detach to lock around ifindex_table modification.
Note that these changes simply close races around use of ifindex_table,
and make no attempt to solve the probem of disappearing ifnets. Further
refinement of this work, including with respect to ifindex_table
resizing, is still required.
In a future change, the ifnet lock should be converted from a mutex to an
rwlock in order to reduce contention.
Reviewed and tested by: brooks
|
| |
|
|
|
|
| |
some situations. (i.e. in vimage)
MFC after: 1 week
|
| |
|
|
|
| |
PR: kern/114714
Submitted by: Cristian KLEIN
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Except for the case where we use the cloner library (clone_create() and
friends), there is no reason to enforce a unique device minor number
policy. There are various drivers in the source tree that allocate unr
pools and such to provide minor numbers, without using them themselves.
Because we still need to support unique device minor numbers for the
cloner library, introduce a new flag called D_NEEDMINOR. All cdevsw's
that are used in combination with the cloner library should be marked
with this flag to make the cloning work.
This means drivers can now freely use si_drv0 to store their own flags
and state, making it effectively the same as si_drv1 and si_drv2. We
still keep the minor() and dev2unit() routines around to make drivers
happy.
The NTFS code also used the minor number in its hash table. We should
not do this anymore. If the si_drv0 field would be changed, it would no
longer end up in the same list.
Approved by: philip (mentor)
|
| |
|
|
|
|
|
|
| |
through the multipath entries. The hash value was a signed integer
and was always giving a -1 value.
PR: 123991
Submitted by: Barrett Lyon
|
| |
|
|
|
|
|
|
|
|
|
| |
- verified that the ifp->if_snd.ifq_mtx was initalized for
all attached interfaces. This was pointless because it was
initalized for all interfaces in if_attach() so I've removed it.
- Checked that ifp->if_snd.ifq_maxlen is initalized and set it to
ifqmaxlen if unset. This makes more sense in if_attach() so
I moved it there.
- The first call of if_slowtimo(). Delete if_check() and call
if_slowtimo() directly from the SYSINIT().
|
| |
|
|
| |
MFC after: 3 days
|
