| Age | Commit message (Collapse) | Author |
|---|
|
magic constant to panic() calls.
ok benno@ henning@ tb@
|
|
now unused 'ifra' from in_ioctl().
Discussed with mpi and visa
|
|
to its own function and merge the two switches in in_ioctl_change_ifaddr().
Finally: each ioctl has its own case and privilege check.
ok visa
As an aside, an audit of the ports tree has shown that we should continue
to support the legacy ioctls SIOCSIF{,BRD,DST}ADDR, SIOCSIFNETMASK despite
the fact that they have been deprecated for the better part of two decades
and FreeBSD dropped support 7 years ago. Too many ports still rely on them.
Thanks to sthen and visa for their help with that.
|
|
|
|
Some more code shuffling to get rid of one switch in in_ioctl().
This way there is one case for each of SIOCSIFBRDADDR, SIOCSIFDSTADDR
and SIOCSIFNETMASK, starting with a privilege check before any global
data is modified.
ok visa
|
|
|
|
and in_ioctl_change_ifaddr(). This way there is one case per ioctl
starting with a privilege check before any global data is modified.
The code paths are now straightforward. Some code duplication between
SIOCSIFADDR and SIOCAIFADDR, but that can be addressed later.
tested by hrvoje
ok visa
|
|
handling of SIOCAIFADDR, SIOCDIFADDR, SIOCSIFADDR into a separate
function, analogously to what was done in in6_ioctl().
tested by hrvoje
ok visa
|
|
two big switches in this function. Error out early in the default case
without grabbing the NET_LOCK() and move SIOCSIFNETMASK a bit up. This
will reduce the noise in an upcoming diff.
ok visa
|
|
that only needs the read lock.
ok visa, mpi
|
|
protected: mrt_ioctl() and in_ioctl(). The former has no other callers
and only needs a read lock. The latter will need refactoring to reduce
the lock's scope further. In a first step, establish a single exit point
and protect most of the function body with the NET_LOCK() while removing
the NET_LOCK() from a handful of callers.
suggested by & ok mpi, ok visa
|
|
Found the hard way.
|
|
For the PRU_CONTROL bit the NET_LOCK surrounds in[6]_control() and
on the ENOTSUPP case we guard the driver if_ioctl functions.
OK mpi@
|
|
This needs to go back to the drawing board.
|
|
|
|
as loopback interfaces for each rdomain (including lo0). This is done when
the interface is brought up. This is now also done by default (either on
attach of lo0 or when creating the rdomain).
OK mpi@
|
|
Instead return EOPNOTSUPP and call it from ifioctl(). This will help
getting per-driver ioctl routines outside of need the NET_LOCK().
While here always return ENXIO when ``ifp'' is NULL.
ok visa@, florian@
|
|
if_attach() enforces it is properly defined.
|
|
ok florian@, claudio@, bluhm@
|
|
ok florian@, claudio@, visa@, bluhm@
|
|
in common checks for unix, inet, inet6 instead of partial checks
here and there. Some checks are already done at a higher layer,
but better be paranoid with user input.
OK claudio@ millert@
|
|
currently protected by the NET_LOCK().
They are not accessed in the hot path, so protecting them with a
mutex could be an option. However since we're now going to run
with a NET_LOCK() for some time, assert that it is held.
IPsec is not yet ready to run without KERNEL_LOCK(), so assert it
is held, even in the forwarding path.
Tested by sthen@, ok visa@, claudio@, bluhm@
|
|
ok visa@
|
|
inline function instead of casting it to sockaddr. While there,
use inline instead of __inline for all these conversions. Some
struct sockaddr casts can be avoided completely.
OK dhill@ mpi@
|
|
calculate the prefixlen using the address before sending the RTM_NEWADDR
message.
ok claudio@
|
|
This is most likely to be the cause of the deadlock seen by port builders
since it's the only changed that happened after a2k17.
Instead bring back pirofti@ original hack to release the NET_LOCK() inside
iwm(4) and iwn(4).
This fixes some splassert reported by bluhm@
Deadlock reported by naddy@ and rpe@ and ajacoutot@ confirmed the deadlock
has been introduced post a2k17.
Tested by and ok tb@
|
|
This prevents a deadlock with the X server and some wireless drivers.
The real fix is to take unix domain socket code out of the NET_LOCK().
Issue reported by pirofti@ and ajacoutot@
ok tb@, stsp@, pirofti@
|
|
|
|
it is called at IPL_SOFTNET.
|
|
added to the interface address list, but the local route is missing.
This inconsistency could result in a "ifa == rt->rt_ifa" assertion
panic later. So in case of a route add error, remove the interface
address to get a consistent state again.
OK stsp@ mpi@
|
|
|
|
This is done to stop using stale ifa attached to routes, which is
the easiest way to make rtisvalid(9) MP-safe.
sthen@ and henning@ like it, ok claudio@
|
|
in{,6}_ioctl() that do not deal with sockets.
This will allow to automagically configure interface addresses in
the kernel without too many layer violations.
Required by upcoming umb(4).
|
|
work in the forwarding path.
Tested by Hrvoje Popovski, ok dlg@
|
|
an interface joined a specific multicast group.
ok phessler@, visa@, dlg@
|
|
route entry in ART.
rt_plen() now represents the prefix length of a route entry and should
be used instead.
For now use a "struct sockaddr_in6" to represent the mask when needed,
this should be then replaced by the prefix length and RTA_NETMASK only
used for compatibility with userland.
ok claudio@
|
|
As a bonus this removes a "#if NCARP > 0", say yeah!
|
|
stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
|
ok mpi@
|
|
everywhere to avoid passing around pointers to uninitialized stack
memory. While there, fix the call to in6_recoverscope() in
fill_drlist().
OK deraadt@ mpi@
|
|
Recent changes to support multiple interface routes broke the
assumption made by all our userland routing daemons concerning
interface routes. Historically such routes had a "gateway"
sockaddr of type AF_LINK. But to be able to support multiple
interface routes as any other multipath routes, they now have
a unique "gateway" sockaddr containing their corresponding IP
address.
This self-describing flag should avoid ambiguity when dealing
with interface routes.
Issue reported by <mxb AT alumni DOT chalmers DOT se> and benno@
ok claudio@, benno@
|
|
there's no need to flag every address as IFA_ROUTE.
|
|
|
|
of RTF_CLONING and RTF_BROASCAST routes to not create MPATH conflicts
when IP address aliases are used.
This change makes it possible to have multiple RTF_CLONING routes with
the same priority. Note that any of the existing RTF_CLONING route
might be used by the kernel to create a RTF_CLONED route which should
not be a problem with aliases since they are attached to the same ifp.
This unbreak address aliases since the kernel supports multiple connected
routes for a subnet.
Found the hardway by djm@, ok claudio@
|
|
Use the existing multipath code. Switch away from using the ifa address
when making the cloning route and instead put a dummy sockaddr_dl route
in. With this it is possible to use the same network on multiple interfaces
at the same time. So if wireless and ethernet share the same network
the system will use the wired connection as long as there is link.
Still missing is builtin proxy-arp for the other interface IPs to allow
hitless failover.
OK mpi@
|
|
ok claudio@, mikeb@, bluhm@
|
|
ioctl(2)s are an exception to this rule. This makes clear that ifa
cannot be used initialized as found by jsg@ with gcc/clang.
ok krw@, bluhm@, jca@
|
|
long live the one true internet.
ok henning mikeb
|
|
of your system, put it on a diet and kill the superfluous logic.
ok mikeb@
|
|
error code on failure (unchecked for the moment).
ok mikeb@, jmc@
|
