#
603724d3 |
| 18-Aug-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Commit step 1 of the vimage project, (network stack) virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course of the next few weeks.
Mark all uses of g
Commit step 1 of the vimage project, (network stack) virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course of the next few weeks.
Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch
show more ...
|
#
2209e8f1 |
| 30-Jul-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Adopt the slightly weaker consistency locking approach used in IPv4 raw sockets for IPv6 raw sockets: separately lock the inpcb for determining the destination address for a connect()'d raw socket at
Adopt the slightly weaker consistency locking approach used in IPv4 raw sockets for IPv6 raw sockets: separately lock the inpcb for determining the destination address for a connect()'d raw socket at the rip6_send() layer, and then re-acquire the inpcb lock in the rip6_output() layer to query other options on the socket. Previously, the global raw IP socket lock was used, which while correct and marginally more consistent, could add significantly to global raw IP socket lock contention.
MFC after: 1 week
show more ...
|
#
2f1ff0cd |
| 29-Jul-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Since we fail IPv6 raw socket allocation if inp->in6p_icmp6filt can't be allocated, there's no need to conditionize use and freeing of it later.
MFC after: 1 week
|
#
6c5bbf5c |
| 28-Jul-2008 |
Alexander Motin <mav@FreeBSD.org> |
Move inpcb lock higher to protect some nonbinding fields reading. It fixes nothing at this time, but decided to be more correct.
|
#
b11e21ae |
| 27-Jul-2008 |
Alexander Motin <mav@FreeBSD.org> |
According to in_pcb.h protocol binding information has double locking. It allows access it while list travercing holding only global pcbinfo lock.
|
#
f2f877d3 |
| 08-Jul-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Change the parameters to in6_selectsrc(): - pass in the inp instead of both in6p_moptions and laddr. - pass in cred for upcoming prison checks.
Reviewed by: rwatson
|
#
0ae76120 |
| 05-Jul-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Improve approximation of style(9) in raw socket code.
|
#
9ad11dd8 |
| 21-Apr-2008 |
Robert Watson <rwatson@FreeBSD.org> |
With IPv4 raw sockets, read lock rather than write lock the inpcb when receiving or transmitting.
With IPv6 raw sockets, read lock rather than write lock the inpcb when receiving. Unfortunately, IP
With IPv4 raw sockets, read lock rather than write lock the inpcb when receiving or transmitting.
With IPv6 raw sockets, read lock rather than write lock the inpcb when receiving. Unfortunately, IPv6 source address selection appears to require a write lock on the inpcb for the time being.
MFC after: 3 months
show more ...
|
#
8501a69c |
| 17-Apr-2008 |
Robert Watson <rwatson@FreeBSD.org> |
Convert pcbinfo and inpcb mutexes to rwlocks, and modify macros to explicitly select write locking for all use of the inpcb mutex. Update some pcbinfo lock assertions to assert locked rather than wri
Convert pcbinfo and inpcb mutexes to rwlocks, and modify macros to explicitly select write locking for all use of the inpcb mutex. Update some pcbinfo lock assertions to assert locked rather than write-locked, although in practice almost all uses of the pcbinfo rwlock main exclusive, and all instances of inpcb lock acquisition are exclusive.
This change should introduce (ideally) little functional change. However, it lays the groundwork for significantly increased parallelism in the TCP/IP code.
MFC after: 3 months Tested by: kris (superset of committered patch)
show more ...
|
Revision tags: release/7.0.0_cvs, release/7.0.0 |
|
#
79ba3952 |
| 24-Jan-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Replace the last susers calls in netinet6/ with privilege checks.
Introduce a new privilege allowing to set certain IP header options (hop-by-hop, routing headers).
Leave a few comments to be addre
Replace the last susers calls in netinet6/ with privilege checks.
Introduce a new privilege allowing to set certain IP header options (hop-by-hop, routing headers).
Leave a few comments to be addressed later.
Reviewed by: rwatson (older version, before addressing his comments)
show more ...
|
Revision tags: release/6.3.0_cvs, release/6.3.0 |
|
#
9233d8f3 |
| 08-Jan-2008 |
David E. O'Brien <obrien@FreeBSD.org> |
un-__P()
|
#
b48287a3 |
| 10-Dec-2007 |
David E. O'Brien <obrien@FreeBSD.org> |
Clean up VCS Ids.
|
#
2a463222 |
| 05-Jul-2007 |
Xin LI <delphij@FreeBSD.org> |
Space cleanup
Approved by: re (rwatson)
|
#
1272577e |
| 05-Jul-2007 |
Xin LI <delphij@FreeBSD.org> |
ANSIfy[1] plus some style cleanup nearby.
Discussed with: gnn, rwatson Submitted by: Karl Sj?dahl - dunceor <dunceor gmail com> [1] Approved by: re (rwatson)
|
#
b2630c29 |
| 03-Jul-2007 |
George V. Neville-Neil <gnn@FreeBSD.org> |
Commit the change from FAST_IPSEC to IPSEC. The FAST_IPSEC option is now deprecated, as well as the KAME IPsec code. What was FAST_IPSEC is now IPSEC.
Approved by: re Sponsored by: Secure Computing
|
#
2cb64cb2 |
| 01-Jul-2007 |
George V. Neville-Neil <gnn@FreeBSD.org> |
Commit IPv6 support for FAST_IPSEC to the tree. This commit includes only the kernel files, the rest of the files will follow in a second commit.
Reviewed by: bz Approved by: re Supported by:
Commit IPv6 support for FAST_IPSEC to the tree. This commit includes only the kernel files, the rest of the files will follow in a second commit.
Reviewed by: bz Approved by: re Supported by: Secure Computing
show more ...
|
#
c2259ba4 |
| 14-Jun-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Include priv.h to pick up suser(9) definitions, missed in an earlier commit.
Warnings spotted by: kris
|
#
32f9753c |
| 12-Jun-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in some cases, move to priv_check() if it was an operation on a thread and no other flags were present.
Eliminate caller-side jai
Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in some cases, move to priv_check() if it was an operation on a thread and no other flags were present.
Eliminate caller-side jail exception checking (also now-unused); jail privilege exception code now goes solely in kern_jail.c.
We can't yet eliminate suser() due to some cases in the KAME code where a privilege check is performed and then used in many different deferred paths. Do, however, move those prototypes to priv.h.
Reviewed by: csjp Obtained from: TrustedBSD Project
show more ...
|
#
54d642bb |
| 11-May-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Reduce network stack oddness: implement .pru_sockaddr and .pru_peeraddr protocol entry points using functions named proto_getsockaddr and proto_getpeeraddr rather than proto_setsockaddr and proto_set
Reduce network stack oddness: implement .pru_sockaddr and .pru_peeraddr protocol entry points using functions named proto_getsockaddr and proto_getpeeraddr rather than proto_setsockaddr and proto_setpeeraddr. While it's true that sockaddrs are allocated and set, the net effect is to retrieve (get) the socket address or peer address from a socket, not set it, so align names to that intent.
show more ...
|
#
1291e2a0 |
| 24-Feb-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Fix tinderbox. ip6_mrouter should be defined in raw_ip6.c as it is tested to determine if the userland socket is open; this, in turn, is used to determine if the module has been loaded.
Tested with:
Fix tinderbox. ip6_mrouter should be defined in raw_ip6.c as it is tested to determine if the userland socket is open; this, in turn, is used to determine if the module has been loaded.
Tested with: LINT
show more ...
|
#
6be2e366 |
| 24-Feb-2007 |
Bruce M Simpson <bms@FreeBSD.org> |
Make IPv6 multicast forwarding dynamically loadable from a GENERIC kernel. It is built in the same module as IPv4 multicast forwarding, i.e. ip_mroute.ko, if and only if IPv6 support is enabled for l
Make IPv6 multicast forwarding dynamically loadable from a GENERIC kernel. It is built in the same module as IPv4 multicast forwarding, i.e. ip_mroute.ko, if and only if IPv6 support is enabled for loadable modules. Export IPv6 forwarding structs to userland netstat(1) via sysctl(9).
show more ...
|
Revision tags: release/6.2.0_cvs, release/6.2.0 |
|
#
a152f8a3 |
| 21-Jul-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Change semantics of socket close and detach. Add a new protocol switch function, pru_close, to notify protocols that the file descriptor or other consumer of a socket is closing the socket. pru_abo
Change semantics of socket close and detach. Add a new protocol switch function, pru_close, to notify protocols that the file descriptor or other consumer of a socket is closing the socket. pru_abort is now a notification of close also, and no longer detaches. pru_detach is no longer used to notify of close, and will be called during socket tear-down by sofree() when all references to a socket evaporate after an earlier call to abort or close the socket. This means detach is now an unconditional teardown of a socket, whereas previously sockets could persist after detach of the protocol retained a reference.
This faciliates sharing mutexes between layers of the network stack as the mutex is required during the checking and removal of references at the head of sofree(). With this change, pru_detach can now assume that the mutex will no longer be required by the socket layer after completion, whereas before this was not necessarily true.
Reviewed by: gnn
show more ...
|
#
d915b280 |
| 19-Jul-2006 |
Stephan Uphoff <ups@FreeBSD.org> |
Fix race conditions on enumerating pcb lists by moving the initialization ( and where appropriate the destruction) of the pcb mutex to the init/finit functions of the pcb zones. This allows locking o
Fix race conditions on enumerating pcb lists by moving the initialization ( and where appropriate the destruction) of the pcb mutex to the init/finit functions of the pcb zones. This allows locking of the pcb entries and race condition free comparison of the generation count. Rearrange locking a bit to avoid extra locking operation to update the generation count in in_pcballoc(). (in_pcballoc now returns the pcb locked)
I am planning to convert pcb list handling from a type safe to a reference count model soon. ( As this allows really freeing the PCBs)
Reviewed by: rwatson@, mohans@ MFC after: 1 week
show more ...
|
#
1e0acb68 |
| 25-Jun-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Use suser_cred() instead of a direct comparison of cr_uid with 0 in rip6_output().
MFC after: 1 week
|
Revision tags: release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0 |
|
#
ff7425ce |
| 12-Apr-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Don't use spl around call to in_pcballoc() in IPv6 raw socket support; all necessary synchronization appears present.
MFC after: 3 months
|