Age | Commit message (Expand) | Author |
2017-07-19 | Move KTRPOINT call up. The lenght variable i is getting aligned and so | Claudio Jeker |
2017-07-12 | Do not call fo_ioctl() in syscall that do, or will, take the socket | Martin Pieuchot |
2017-07-03 | Do not grab the socket lock in doaccept() twice. Pass NOTE_SUBMIT | Alexander Bluhm |
2017-03-27 | Reorder FREF() and FRELE() in a way that the the global variable | Alexander Bluhm |
2017-02-14 | Wrap the NET_LOCK() into a per-socket solock() that does nothing for | Martin Pieuchot |
2017-02-11 | Add a flags argument to falloc() that lets it optionally set the | Philip Guenther |
2017-01-26 | Allocate the mbuf before the netlock. While here, move the setting of | David Hill |
2017-01-25 | Allocate and connect sockets first, then upon success create file | Theo de Raadt |
2017-01-25 | Enable the NET_LOCK(), take 2. | Martin Pieuchot |
2017-01-24 | In accept(2) and accept4(2) allocate a new file descriptor before | Martin Pieuchot |
2016-12-29 | Change NET_LOCK()/NET_UNLOCK() to be simple wrappers around | Martin Pieuchot |
2016-12-19 | Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts | Martin Pieuchot |
2016-11-29 | m_free() and m_freem() test for NULL. Simplify callers which had their own | Jonathan Gray |
2016-11-28 | Remove NULL checks before m_free{m,}(). | Martin Pieuchot |
2016-11-21 | Enforce that pr_usrreq functions are called at IPL_SOFTNET. | Martin Pieuchot |
2016-11-09 | Do not call splsoftnet() recursively, this won't work with a lock. | Martin Pieuchot |
2016-10-23 | unbreak by fixing obvious pastos | Christian Weisgerber |
2016-10-23 | handle non-INET6 kernels in some way | Theo de Raadt |
2016-10-23 | dns hijacking must be af specific. move it into the port check function, | Ted Unangst |
2016-10-08 | Add ktracing of the fds returned by pipe() and socketpair() | Philip Guenther |
2016-10-07 | introduce a sysctl to hijack dns sockets. when set to a port number, | Ted Unangst |
2016-08-09 | When interrupted, connect() should leave the socket connecting in the | Philip Guenther |
2016-05-18 | Remove unnecessary cast of buflen to u_int in sockargs(). This was | Todd C. Miller |
2016-01-08 | On the recvmsg() side, cmsgs are in mbuf chains, not a contiguous buffer. | Philip Guenther |
2015-12-05 | remove stale lint annotations | Ted Unangst |
2015-11-21 | remove completely pledge_socket() from listen(2) and accept(2). | Sebastien Marie |
2015-11-20 | Neuter the pledge domain checking for listen, getpeername, and getsockname | Theo de Raadt |
2015-11-20 | Exempt accept(2) from the pledge_socket() check part of the "domain" | Theo de Raadt |
2015-11-19 | corrects leaks refs to files introduced by my previous commit for pledge_socket. | Sebastien Marie |
2015-11-18 | check domain and state of socket against pledge promise. | Sebastien Marie |
2015-11-08 | pull initialization up before poosible goto bad, from Mark Latimer | Ted Unangst |
2015-11-01 | refactor pledge_*_check and pledge_fail functions | Sebastien Marie |
2015-10-28 | more accurate pledge_fail() error and code for sys_socket | Sebastien Marie |
2015-10-28 | The short-lived dnssocket/dnsconnect calls are being required because we | Theo de Raadt |
2015-10-26 | dns check needs to be done on the kernel address after copyin | Ted Unangst |
2015-10-25 | Fold "malloc" into "stdio" and -- recognizing that no program so far has | Theo de Raadt |
2015-10-25 | pledge_sockopt_check is shared between setsockopt/getsockopt. nicm | Theo de Raadt |
2015-10-20 | At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on | Theo de Raadt |
2015-10-20 | Always allow the setsockopt & getsockopt system calls... however, in the | Theo de Raadt |
2015-10-18 | Instead of fragile CMSG parsing, control pledge "sendfd" and "recvfd" | Theo de Raadt |
2015-10-18 | Add two new system calls: dnssocket() and dnsconnect(). This creates a | Theo de Raadt |
2015-10-16 | delete pledge_bind_check() function and remove pledge_bind_check() call from ... | Sebastien Marie |
2015-10-09 | Rename tame() to pledge(). This fairly interface has evolved to be more | Theo de Raadt |
2015-10-06 | Rework the tame cmsg handler to make it work both ways. While on recv one | Claudio Jeker |
2015-09-29 | Save a lot of people grief. tame()'d CMSG reception is busted and it | Theo de Raadt |
2015-09-11 | Convert _TM_ flags to TAME_ flags, collapsing the entire mapping | Theo de Raadt |
2015-09-11 | Only include <sys/tame.h> in the .c files that need it | Philip Guenther |
2015-08-22 | Move to tame(int flags, char *paths[]) API/ABI. | Theo de Raadt |
2015-07-28 | Add ktracing of structs iovec, msghdr, and cmsghdr for {,p}{read,write}v(), | Philip Guenther |
2015-07-27 | tame check of msghdr should be done after checking for copyin failure | Philip Guenther |