summaryrefslogtreecommitdiff
path: root/sys/netinet/in_pcb.c
AgeCommit message (Collapse)Author
2016-10-06Remove redundant comments that say a function must be called atAlexander Bluhm
splsoftnet() if the function does a splsoftassert(IPL_SOFTNET) anyway.
2016-09-15all pools have their ipl set via pool_setipl, so fold it into pool_init.David Gwynne
the ioff argument to pool_init() is unused and has been for many years, so this replaces it with an ipl argument. because the ipl will be set on init we no longer need pool_setipl. most of these changes have been done with coccinelle using the spatch below. cocci sucks at formatting code though, so i fixed that by hand. the manpage and subr_pool.c bits i did myself. ok tedu@ jmatthew@ @ipl@ expression pp; expression ipl; expression s, a, o, f, m, p; @@ -pool_init(pp, s, a, o, f, m, p); -pool_setipl(pp, ipl); +pool_init(pp, s, a, ipl, f, m, p);
2016-09-06pool_setipl for various netinet and netinet6 bitsDavid Gwynne
thank you to everyone who helped reviewed these diffs ok mpi@
2016-08-04Commit in6_selectsrc() split again, with missing assignment fixed.Vincent Gross
2016-07-22Revert in_selectsrc() refactoring, it breaks IPv6.Martin Pieuchot
Reported by Heiko on bugs@. ok stsp@, claudio@
2016-07-20Split in6_selectsrc() into a low-level part and a pcb-level part, andVincent Gross
convert in_selectsrc() prototype to match. Ok bluhm@ mpi@.
2016-07-19NULLify a route pointer after calling rtfree(9).Martin Pieuchot
This should theoretically be a no-op because we're freeing the PCB right after, but it helps us debug a reference count problem found by otto@. ok mikeb@
2016-07-05Do not use ``rt_addr'' in in{6,}_selectsrc() it doesn't work with magicMartin Pieuchot
addresses set on p2p interfaces. Found the hardway by naddy@
2016-06-30Use ``rt_addr'' rather than ``rt_ifa'' to get the source addressMartin Pieuchot
corresponding to a route. ok florian@ on a previous version, input and ok bluhm@
2016-06-18Add net.inet.{tcp,udp}.rootonly sysctl, to mark which portsVincent Gross
cannot be bound to by non-root users. Ok millert@ bluhm@
2016-04-19Use the correct byte-order when checking against baddynamic ports,Stuart Henderson
restoring pre-1.190 behaviour. ok millert@ mpi@
2016-04-13Remove extra parenthesis around comparison.Vincent Gross
Found by David Hill <dhill@mindcry.org> with clang.
2016-04-12Unbreak tree. Put 'laddr6' declaration inside #ifdef INET6/#endif.Kenneth R Westerback
2016-04-11Simplify in_pcblookup_local() logic.Vincent Gross
ok mpi@
2016-04-11Rename in_pcblookup() to in_pcblookup_local() and change its prototypeVincent Gross
to get rid of the now useless foreign address and ports parameters. ok mpi@
2016-04-08We must always check if the socket is already bound, and always setVincent Gross
INPLOOKUP_IPV6 when applicable. Bug introduced in revision 1.197 by yours truly. Ok bluhm@
2016-04-05Move reserved port checks from in(6)_pcbaddrisavail() to in_pcbbind().Vincent Gross
Kill old comments while at it. Ok mpi@ bluhm@
2016-04-05Move inp_laddr assignment after in_pcbpickport(), extend in_pcbpickport()Vincent Gross
as needed. Ok bluhm@
2016-03-26Always include the route priority in routing messages.Martin Pieuchot
From Florian Riehm, ok bluhm@
2016-03-23Merge in_pcbbind() and in6_pcbbind(), and change every call toVincent Gross
in6_pcbbind() into in_pcbbind(). Ok jca@ mpi@
2016-03-23Extract in_pcbaddrisavail() from in_pcbbind().Vincent Gross
ok jca@
2015-12-18Fix SO_REUSE* flags effects when binding multicast addresses. NoVincent Gross
regression observed on avahi. ok benno@
2015-12-03Get rid of rt_mask() and stop allocating a "struct sockaddr" for everyMartin Pieuchot
route entry in ART. rt_plen() now represents the prefix length of a route entry and should be used instead. For now use a "struct sockaddr_in6" to represent the mask when needed, this should be then replaced by the prefix length and RTA_NETMASK only used for compatibility with userland. ok claudio@
2015-12-03Remove broadcast matching from ifa_ifwithaddr(), use in_broadcast() whereVincent Gross
required. ok bluhm@ mpi@.
2015-12-03To avoid that the stack manipules the pf statekeys directly, introduceAlexander Bluhm
pf_inp_...() lookup, link and unlink functions as an interface. Locking can be added to them later. Remove the first linking at the beginning of tcp_input() and udp_input() as it is not necessary. It will be done later anyway. That code was a relict, from the time before I had added the second linking. Input from mikeb@ and sashan@; OK sashan@
2015-12-03Rename pf_unlink_state() to pf_remove_state() so the name does notAlexander Bluhm
collide with the statekey to inp unlinking. OK sashan@ mpi@
2015-12-02Move port picking away from in_pcbbind()Vincent Gross
ok sthen@
2015-12-02- hide PF internals to pf_unlink_divert_state() from in_pcb.cAlexandr Nedvedicky
OK mpi@, bluhm@
2015-10-30Rename rtrequest1() to rtrequest().Alexander Bluhm
OK mpi@
2015-10-25Instead of doing the the if_get() dance for rt_missmsg(), change theAlexander Bluhm
function to take an interface index. discussed with mpi@; OK claudio@
2015-10-23``rt_ifp'' cannot be NULL.Martin Pieuchot
ok claudio@
2015-10-20At guenther's suggestion replace dnssocket() with a SOCK_DNS flag onTheo de Raadt
socket(). Without pledge, all other socket behaviours become permitted, except this one case: connect/send* only works to *:53. In pledge mode, a very few are further restricted. Some backwards compatibility for the dnssocket/dnsconnect calls will remain in the tree temporarily so that people can build through the transition. ok tedu guenther semarie
2015-10-19Stop checking for RTF_UP directly, call rtisvalid(9) instead.Martin Pieuchot
While here add a missing ``rtableid'' check in in_selectsrc(). ok bluhm@
2015-10-19deduplicate in[6]_pcbbind() port scan loop.Vincent Gross
ok mpi@
2015-10-18Add two new system calls: dnssocket() and dnsconnect(). This creates aTheo de Raadt
SS_DNS tagged socket which has limited functionality (for example, you cannot accept on them...) The libc resolver will switch to using these, therefore pledge can identify a DNS transaction better. ok tedu guenther kettenis beck and others
2015-10-09Rename tame() to pledge(). This fairly interface has evolved to be moreTheo de Raadt
strict than anticipated. It allows a programmer to pledge/promise/covenant that their program will operate within an easily defined subset of the Unix environment, or it pays the price.
2015-09-22Remove inpt_lastport from struct inpcbtable, use local variablesVincent Gross
in in_pcbbind() and in6_pcbsetport() ok claudio@, with input from David Hill
2015-09-11Convert _TM_ flags to TAME_ flags, collapsing the entire mappingTheo de Raadt
layer because the strings select the right options. Mechanical conversion. ok guenther
2015-09-11Stricter checks on sockaddr content when binding PF_INET sockets.Vincent Gross
Ok mpi@
2015-09-11Only include <sys/tame.h> in the .c files that need itPhilip Guenther
ok deraadt@ miod@
2015-09-09if_put after you if_getDavid Gwynne
ok mpi@
2015-09-01Replace sockaddr casts with the proper satosin(), ... calls.Alexander Bluhm
From David Hill; OK mpi@; tested kspillner@; tweaks bluhm@
2015-08-22Move to tame(int flags, char *paths[]) API/ABI.Theo de Raadt
The pathlist is a whitelist of dirs and files; anything else returns ENOENT. Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which permits explicit change operations against "struct stat" fields. Some other TAME_ flags are refined slightly. Not cranking libc now, since nothing commited in base uses this and the timing is uncomfortable for others. Discussed with many; thanks for a few bug fixes from semarie, doug, guenther. ok guenther
2015-08-19Convert all calls to rtrequest1() and the following error checkAlexander Bluhm
into a common pattern. In the man page clarify the usage of the returned route. OK mpi@ mikeb@ jmc@
2015-07-19tame(2) is a subsystem which restricts programs into a "reduced featureTheo de Raadt
operating model". This is the kernel component; various changes should proceed in-tree for a while before userland programs start using it. ok miod, discussions and help from many
2015-07-15m_freem() can handle NULL, do not check for this condition beforehands.Theo de Raadt
ok stsp mpi
2015-04-16remove unfinished/unused support for socket-attached ipsec-policiesMarkus Friedl
ok mikeb
2015-04-14Remove support for storing credentials and auth information in the kernel.Mike Belopuhov
This code is largely unfinished and is not used for anything. The change leaves identities as only objects referenced by ipsec_ref structure and their handling requires some changes to support more advanced matching of IPsec connections. No objections from reyk and hshoexer, with and OK markus.
2015-02-10bzero -> memset and unify sizeof() usage (no space).Claudio Jeker
Requested by reyk@, dlg@ and OK mpi@, henning@
2015-02-10Nuke sin_zero before passing it on down into the ifa_ifwithaddr() thatClaudio Jeker
way garbage in the pad bytes does not perturb the outcome. This fixes regress/sys/kern/bind. OK mpi@, phessler@, reyk@