| Age | Commit message (Collapse) | Author |
|---|
|
in common checks for unix, inet, inet6 instead of partial checks
here and there. Some checks are already done at a higher layer,
but better be paranoid with user input.
OK claudio@ millert@
|
|
of src/dst ip/port is unique for TCP. But if the socket is not
bound, the automatic bind by connect happens after the check. If
the socket has the SO_REUSEADDR flag, in_pcbbind() may select an
existing local port. Then we had two colliding TCP PCBs. This
resulted in a packet storm of ACK packets on loopback. The softnet
task was constantly holding the netlock and has a high priority,
so the system hung.
Do the in_pcbhashlookup() again after in_pcbbind(). This creates
sporadic "connect: Address already in use" errors instead of a hang.
bug report and testing Olivier Antoine; OK mpi@
|
|
try to remove a route from the table if it is and invalid cache.
This is a step towards decoupling code dealing with userland and kernel
inserted routes.
ok bluhm@
|
|
aren't protected by the NET_LOCK().
While here change lock assertions in rt_{set,put}gwroute(), the NET_LOCK()
is enough.
Tested by Hrvoje Popovski.
ok jmatthew@, claudio@
|
|
need netlock. Remove the obsolete splnet.
OK mpi@
|
|
ones, into the IPv4 hash. They cannot be used before bind(2) anyway
and then they are rehashed and rehooked, so this was not noticed.
Nevertheless put IPv6 PCBs into the IPv6 hash from the beginning.
OK jca@ mpi@
|
|
ok bluhm@
|
|
them all in net/rtsock.c.
This allows to easily spot which functions are doing a copyout(9)
when dealing with the routing midlayer.
ok phessler@, bluhm@, dhill@, krw@, claudio@
|
|
splsoftnet() if the function does a splsoftassert(IPL_SOFTNET)
anyway.
|
|
the ioff argument to pool_init() is unused and has been for many
years, so this replaces it with an ipl argument. because the ipl
will be set on init we no longer need pool_setipl.
most of these changes have been done with coccinelle using the spatch
below. cocci sucks at formatting code though, so i fixed that by hand.
the manpage and subr_pool.c bits i did myself.
ok tedu@ jmatthew@
@ipl@
expression pp;
expression ipl;
expression s, a, o, f, m, p;
@@
-pool_init(pp, s, a, o, f, m, p);
-pool_setipl(pp, ipl);
+pool_init(pp, s, a, ipl, f, m, p);
|
|
thank you to everyone who helped reviewed these diffs
ok mpi@
|
|
|
|
Reported by Heiko on bugs@.
ok stsp@, claudio@
|
|
convert in_selectsrc() prototype to match.
Ok bluhm@ mpi@.
|
|
This should theoretically be a no-op because we're freeing the PCB
right after, but it helps us debug a reference count problem found
by otto@.
ok mikeb@
|
|
addresses set on p2p interfaces.
Found the hardway by naddy@
|
|
corresponding to a route.
ok florian@ on a previous version, input and ok bluhm@
|
|
cannot be bound to by non-root users.
Ok millert@ bluhm@
|
|
restoring pre-1.190 behaviour. ok millert@ mpi@
|
|
Found by David Hill <dhill@mindcry.org> with clang.
|
|
|
|
ok mpi@
|
|
to get rid of the now useless foreign address and ports parameters.
ok mpi@
|
|
INPLOOKUP_IPV6 when applicable. Bug introduced in revision 1.197 by
yours truly.
Ok bluhm@
|
|
Kill old comments while at it.
Ok mpi@ bluhm@
|
|
as needed.
Ok bluhm@
|
|
From Florian Riehm, ok bluhm@
|
|
in6_pcbbind() into in_pcbbind().
Ok jca@ mpi@
|
|
ok jca@
|
|
regression observed on avahi.
ok benno@
|
|
route entry in ART.
rt_plen() now represents the prefix length of a route entry and should
be used instead.
For now use a "struct sockaddr_in6" to represent the mask when needed,
this should be then replaced by the prefix length and RTA_NETMASK only
used for compatibility with userland.
ok claudio@
|
|
required.
ok bluhm@ mpi@.
|
|
pf_inp_...() lookup, link and unlink functions as an interface.
Locking can be added to them later. Remove the first linking at
the beginning of tcp_input() and udp_input() as it is not necessary.
It will be done later anyway. That code was a relict, from the
time before I had added the second linking.
Input from mikeb@ and sashan@; OK sashan@
|
|
collide with the statekey to inp unlinking.
OK sashan@ mpi@
|
|
ok sthen@
|
|
OK mpi@, bluhm@
|
|
OK mpi@
|
|
function to take an interface index.
discussed with mpi@; OK claudio@
|
|
ok claudio@
|
|
socket(). Without pledge, all other socket behaviours become permitted,
except this one case: connect/send* only works to *:53. In pledge mode,
a very few are further restricted. Some backwards compatibility for
the dnssocket/dnsconnect calls will remain in the tree temporarily so
that people can build through the transition.
ok tedu guenther semarie
|
|
While here add a missing ``rtableid'' check in in_selectsrc().
ok bluhm@
|
|
ok mpi@
|
|
SS_DNS tagged socket which has limited functionality (for example, you
cannot accept on them...) The libc resolver will switch to using these,
therefore pledge can identify a DNS transaction better.
ok tedu guenther kettenis beck and others
|
|
strict than anticipated. It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.
|
|
in in_pcbbind() and in6_pcbsetport()
ok claudio@, with input from David Hill
|
|
layer because the strings select the right options. Mechanical
conversion.
ok guenther
|
|
Ok mpi@
|
|
ok deraadt@ miod@
|
|
ok mpi@
|
|
From David Hill; OK mpi@; tested kspillner@; tweaks bluhm@
|
