| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
firewall logging on and off when at elevated securelevel(8). It would
be nice to be able to only lock these at securelevel >= 3, like rules
are, but there is no such functionality at present. I don't see reason
to be adding features to securelevel(8) with MAC being merged into 5.0.
PR: kern/39396
Reviewed by: luigi
MFC after: 1 week
|
|
|
|
|
| |
Obtained from: KAME
MFC after: 2 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
called <machine/_types.h>.
o <machine/ansi.h> will continue to live so it can define MD clock
macros, which are only MD because of gratuitous differences between
architectures.
o Change all headers to make use of this. This mainly involves
changing:
#ifdef _BSD_FOO_T_
typedef _BSD_FOO_T_ foo_t;
#undef _BSD_FOO_T_
#endif
to:
#ifndef _FOO_T_DECLARED
typedef __foo_t foo_t;
#define _FOO_T_DECLARED
#endif
Concept by: bde
Reviewed by: jake, obrien
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in6_v4mapsin6_sockaddr() which allocate the appropriate sockaddr_in*
structure and initialize it with the address and port information passed
as arguments. Use calls to these new functions to replace code that is
replicated multiple times in in_setsockaddr(), in_setpeeraddr(),
in6_setsockaddr(), in6_setpeeraddr(), in6_mapped_sockaddr(), and
in6_mapped_peeraddr(). Inline COMMON_END in tcp_usr_accept() so that
we can call in_sockaddr() with temporary copies of the address and port
after the PCB is unlocked.
Fix the lock violation in tcp6_usr_accept() (caused by calling MALLOC()
inside in6_mapped_peeraddr() while the PCB is locked) by changing
the implementation of tcp6_usr_accept() to match tcp_usr_accept().
Reviewed by: suz
|
|
|
|
|
|
|
|
| |
TCP/UDP port seperated by a colon. This is for the log_in_vain facility.
Pointed out by: Edward J. M. Brocklesby
Reviewed by: ume
MFC after: 2 weeks
|
|
|
|
|
|
|
| |
breaking application ABI use unused ifreq.ifru_flags[1] for upper 16 bits in
SIOCSIFFLAGS and SIOCGIFFLAGS ioctl's.
Reviewed by: -hackers, -net
|
|
|
|
|
|
|
|
|
|
| |
kernel access control.
When generating nd6 output on an interface, label the packet
appropriately.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
| |
Reported by: Martin Laabs <martin@martin.erfurt.thur.de>
Obtained from: KAME
MFC after: 1 week
|
|
|
|
|
|
| |
ip6_mapped_addr_on is unified into ip6_v6only.
MFC after: 1 week
|
|
|
|
| |
Requested by: many people
|
|
|
|
|
|
| |
of IN6P_IPV6_V6ONLY
Reviewed by: Keiichi SHIMA <keiichi@iij.ad.jp>
|
|
|
|
|
| |
Obtained from: KAME
MFC after: 1 week
|
|
|
|
| |
break compatibility with POSIX.1-2001.
|
|
|
|
|
| |
Obtained from: KAME
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
| |
using a udp6 socket without bind(2)ing.
- fbsd4/430 reported from the FreeBSD team.
- this fix is different from the fix reported in the above PR. i think
this better, but we need some test.
Obtained from: KAME
MFC after: 3 weeks
|
|
|
|
|
|
|
|
| |
indication of whether this happenned so the calling function
knows whether or not to unlock the pcb.
Submitted by: Jennifer Yang (yangjihui@yahoo.com)
Bug reported by: Sid Carter (sidcarter@symonds.net)
|
|
|
|
| |
get kernel compiled with INET6 to boot.
|
|
|
|
| |
Submitted by: Jennifer Yang <yangjihui@yahoo.com>
|
|
|
|
|
|
| |
__FreeBSD_version here.
Submitted by: rwatson
|
|
|
|
| |
Requested by: hsu
|
|
|
|
|
|
|
|
|
|
| |
o Use POSIX spelling for types, where possible.
o Define size_t in the __BSD_VISIBLE case (this isn't really needed
for standards conformance, but follows the tradition of not
requiring <sys/types.h> as a prerequisite).
o Use _BYTE_ORDER and friends instead of BYTE_ORDER and friends, since
there may not be enough pollution in order for the latter to work.
o Add an XXX note about the missing IPPROTO_IPV6 macro.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a
socket buffer. The mutex in the receive buffer also protects the data
in struct socket.
o Determine the lock strategy for each members in struct socket.
o Lock down the following members:
- so_count
- so_options
- so_linger
- so_state
o Remove *_locked() socket APIs. Make the following socket APIs
touching the members above now require a locked socket:
- sodisconnect()
- soisconnected()
- soisconnecting()
- soisdisconnected()
- soisdisconnecting()
- sofree()
- soref()
- sorele()
- sorwakeup()
- sotryfree()
- sowakeup()
- sowwakeup()
Reviewed by: alfred
|
|
|
|
|
|
|
| |
Reported by: quak@mydiax.ch
Obtained from: KAME
MFC after: 2 days
and approved by re
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Used mld_xxx and MLD_xxx instead of mld6_xxx and MLD6_xxx according
to the official defintions in rfc2292bis
(macro definitions for backward compatibility were provided)
- Changed the first member of mld_hdr{} from mld_hdr to mld_icmp6_hdr
to avoid name space conflict in C++
This change makes ports/net/pchar compilable again under -CURRENT.
Obtained from: KAME
|
|
|
|
|
|
|
|
|
|
| |
Requested by: bde
Since locking sigio_lock is usually followed by calling pgsigio(),
move the declaration of sigio_lock and the definitions of SIGIO_*() to
sys/signalvar.h.
While I am here, sort include files alphabetically, where possible.
|
|
|
|
|
| |
Obtained from: KAME
MFC after: 3 days
|
|
|
|
|
|
|
| |
(based on freebsd4-snap-20020128)
Reviewed by: ume
MFC after: 1 week
|
|
|
|
|
| |
INET6_ADDRSTRLEN. Doing this helps expose bogus redefinitions in 3rd
party software.
|
| |
|
|
|
|
|
|
|
| |
most cases NULL is passed, but in some cases such as network driver locks
(which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.
Tested on: i386, alpha, sparc64
|
|
|
|
|
|
|
|
|
|
|
|
| |
general cleanup of the API. The entire API now consists of two functions
similar to the pre-KSE API. The suser() function takes a thread pointer
as its only argument. The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0. The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.
Discussed on: smp@
|
|
|
|
|
|
|
| |
entry that has the LLINFO flag but is not a neighbor cache entry.
Obtained from: KAME
MFC after: 1 week
|
|
|
|
|
|
| |
Submitted by: Keiichi SHIMA <keiichi@iij.ad.jp> (KAME)
Reviewed by: JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp> (KAME)
MFC after: 1 week
|
|
|
|
|
| |
Obtained from: KAME
MFC after: 1 week
|
|
|
|
|
|
|
|
| |
{esp6, ah6}_ctlinput. Previous ones were uninitialized
auto variables, which were completely bogus.
Obtained from: KAME
MFC after: 1 week
|
|
|
|
|
| |
Obtained from: KAME
MFC after: 1 week
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
for POSIX.1-2001 conformance.
o Add magic to <netinet/in.h> and <netinet6/in6.h> to prevent
redefining INET_ADDRSTRLEN and INET6_ADDRSTRLEN.
o Add a note about missing typedefs in <arpa/inet.h>.
|
|
|
|
|
|
|
| |
- style: added spaces after /* and before */
Obtained from: KAME
MFC after: 2 weeks
|
|
|
|
| |
MFC after: 2 weeks
|
|
|
|
|
|
|
| |
- Sync des/blowfish to more recent openssl.
Obtained from: KAME/NetBSD
MFC after: 2 weeks
|
|
|
|
|
|
|
|
|
|
| |
is not a neighbor. see comments for the detailed reason.
- Rejected the process of nd6_rtrequest() when the request is RESOLVE and
the interface does not need neighbor caches.
Obtained from: KAME
MFC After: 1 week
|
|
|
|
| |
-Wuninitialized warning.
|
|
|
|
|
|
|
|
|
|
|
|
| |
spares (the size of the field was changed from u_short to u_int to
reflect what it really ends up being). Accordingly, change users of
xucred to set and check this field as appropriate. In the kernel,
this is being done inside the new cru2x() routine which takes a
`struct ucred' and fills out a `struct xucred' according to the
former. This also has the pleasant sideaffect of removing some
duplicate code.
Reviewed by: rwatson
|
|
|
|
| |
Hairy Eyeball At: peter
|