Home | History | Annotate | Download | only in kern
History log of /src/sys/kern/uipc_domain.c
RevisionDateAuthorComments
 1.112  07-Dec-2024  riastradh sys/kern/uipc_*.c: Fix leading whitespace issues.

Nix stray spaces before tab indentation.
 1.111  06-Dec-2024  riastradh sys/kern/sys_socket.c, uipc_*.c: Sprinkle SET_ERROR dtrace probes.

PR kern/58378: Kernel error code origination lacks dtrace probes
 1.110  06-Dec-2024  riastradh sys/kern/sys_socket.c, uipc_*.c: Sort includes.

No functional change intended.
 1.109  30-Mar-2023  riastradh sockaddr_alloc(9): Avoid uninitialized buffer in sockaddr_checklen.

Manifests only under DIAGNOSTIC because the DIAGNOSTIC check itself
uses an uninitialized buffer.

Reported-by: syzbot+54b120643dfd6edc2318@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=afb5b6e5da6e806aeb7fddcf1d03c3262f6fc765
 1.108  06-Nov-2020  christos branches: 1.108.18;
PR/55777: Ruslan Nikolaev: Move the unp_sysctl_create to uipc_usrreq.c to
facilitate splitting rump modules and does not require a dummy function.
 1.107  17-Oct-2020  mlelstv branches: 1.107.2;
validate unix socker buffer size and truncate path to prevent overflow.
 1.106  27-Dec-2018  maxv branches: 1.106.4;
Fix apparent race.

We're doing a LIST_FOREACH, but unlock filelist_lock in the middle of the
loop and drop the reference to fp. We then read fp->...le_next, but it
may have been freed by another thread.

This is difficult to trigger and observe, probably only KASAN can see
problems of this kind.

Switch to LIST_FOREACH_SAFE, and re-fetch np after re-locking.

May fix PR/53674.
 1.105  24-Nov-2018  maxv Fix kernel pointer leaks in sysctl_unpcblist.
 1.104  03-Sep-2018  riastradh Rename min/max -> uimin/uimax for better honesty.

These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.

HOWEVER! Some subsystems have

#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))

even though our standard name for that is MIN/MAX. Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.

To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.

I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:

cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))

It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.

Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate. But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all. (Who knows, maybe in some cases integer
truncation is actually intended!)
 1.103  05-May-2018  christos branches: 1.103.2;
bump PIPSIZ from 4 to 8K like FreeBSD and provide the same sysctls
 1.102  28-Feb-2018  mrg branches: 1.102.2;
in sockaddr_getsize_by_family() print the p_comm, pid and lid
for unknown address family. helps location where missing
af settings are.
 1.101  10-Jan-2018  ozaki-r Don't start callouts for domains before attaching domains on rump kernels

On rump kernels, the callouts for domains, pffasttimo and pfslowtimo, started
before domains were attached. Normally the callouts were dispatched after
domain attaches (initializations) finished, however, under load the callouts
could be executed prior to the attaches, resulting in that the callouts accessed
unallocated or uninitialized resources.
 1.100  09-Sep-2017  joerg Fix a race between sysctl_unpcblist and closef.
 1.99  05-Jul-2017  christos don't print diagnostic for AF_LINK
 1.98  02-Jul-2017  christos don't warn about AF_LINK sockets with sa_len less than the size of the sockaddr
 1.97  01-Jul-2017  christos put the code that returns the sizeof the socket by family in one place.
 1.96  02-Dec-2014  christos branches: 1.96.10;
- add diagnostic check for sa_len
- use new socket pretty printers to format sockaddr's
 1.95  05-Sep-2014  matt branches: 1.95.2;
Try not to use f_data, use f_{vnode,socket,pipe,mqueue,kqueue,ksem} to get
a correctly typed pointer.
 1.94  22-Aug-2014  pooka Change the meaning of the boolean parameter to domaininit().
was: attach route domain if found from domains link set
now: attach any domain which is found from domains link set

No functional change to monolithic kernel. In a rump kernel, which
attaches networking domains "modularly", prevents domains from
accidentally leaking in via the link set in static linked scenarios.

Problem reported by cube, Tom Bousso, and the voices in my head.
 1.93  23-Apr-2014  pooka domains are attached by module(-like) constructors, so no need to
play link_set games with them.
 1.92  17-Apr-2014  christos CID/1203196: Don't confuse coverity with out of bounds access
 1.91  02-Apr-2014  seanb branches: 1.91.2;
len argument to strlcpy() was incorrect when copying
out AF_LOCAL sockets in sysctl helper. The entire
buffer wasn't available since sun_path member is not
at offset 0 in struct sockaddr_un.
 1.90  25-Feb-2014  pooka Ensure that the top level sysctl nodes (kern, vfs, net, ...) exist before
the sysctl link sets are processed, and remove redundancy.

Shaves >13kB off of an amd64 GENERIC, not to mention >1k duplicate
lines of code.
 1.89  15-Sep-2013  martin Remove unused variables
 1.88  31-Jan-2013  joerg branches: 1.88.2;
Add sockaddr_format to ease debugging code dealing with socket
addresses.
 1.87  27-Oct-2011  seanb branches: 1.87.2; 1.87.12;
Use PR_SLOWHZ, PR_FASTHZ defines in a couple spots.
 1.86  29-May-2011  manu Add SOCK_SEQPACKET to PL_LOCAL sockets. Based on patch from Jesse Off,
submitted 8 years ago:
http://mail-index.netbsd.org/tech-kern/2003/04/14/0006.html
 1.85  03-Oct-2009  elad branches: 1.85.4; 1.85.6;
KAUTH_GENERIC_CANSEE -> KAUTH_REQ_NETWORK_SOCKET_CANSEE.

Not quite the same semantics but it's okay. Once our sockets have
credentials (and they will) it's all the same.
 1.84  11-Sep-2009  dyoung Make ifconfig(8) set and display preference numbers for IPv6
addresses. Make the kernel support SIOC[SG]IFADDRPREF for IPv6
interface addresses.

In in6ifa_ifpforlinklocal(), consult preference numbers before
making an otherwise arbitrary choice of in6_ifaddr. Otherwise,
preference numbers are *not* consulted by the kernel, but that will
be rather easy for somebody with a little bit of free time to fix.

Please note that setting the preference number for a link-local
IPv6 address does not work right, yet, but that ought to be fixed
soon.

In support of the changes above,

1 Add a method to struct domain for "externalizing" a sockaddr, and
provide an implementation for IPv6. Expect more work in this area: it
may be more proper to say that the IPv6 implementation "internalizes"
a sockaddr. Add sockaddr_externalize().

2 Add a subroutine, sofamily(), that returns a struct socket's address
family or AF_UNSPEC.

3 Make a lot of IPv4-specific code generic, and move it from
sys/netinet/ to sys/net/ for re-use by IPv6 parts of the kernel and
ifconfig(8).
 1.83  08-Sep-2009  dyoung Delete whitespace at ends of lines.
 1.82  27-May-2009  pooka Make domaininit() take an argument which determines if it should
add the special PF_ROUTE domain or not (if available).
 1.81  28-Apr-2009  dyoung Cosmetic: remove unnecessary parentheses.
 1.80  28-Apr-2009  dyoung Extract sockaddr_any_by_family() from sockaddr_any() for looking up a
wildcard ("any") address by protocol family instead of by sockaddr.
 1.79  15-Mar-2009  cegger ansify function definitions
 1.78  11-Mar-2009  mrg like KERN_FILE2: *do* update "needed" when there is no count. we want
userland to know what sort of size to provide..

while here, slightly normalise the previous to init_sysctl.c.
 1.77  07-Dec-2008  pooka branches: 1.77.2;
Move some sysctl node creations away from linksets and into the
constructors for subsystems.

XXX: CTLFLAG_PERMANENT is non-sensible.
 1.76  24-Apr-2008  ad branches: 1.76.2; 1.76.8; 1.76.10; 1.76.12;
Merge the socket locking patch:

- Socket layer becomes MP safe.
- Unix protocols become MP safe.
- Allows protocol processing interrupts to safely block on locks.
- Fixes a number of race conditions.

With much feedback from matt@ and plunky@.
 1.75  21-Mar-2008  ad branches: 1.75.2;
Catch up with descriptor handling changes. See kern_descrip.c revision
1.173 for details.
 1.74  07-Jan-2008  ad branches: 1.74.6;
Patch up sysctl locking:

- Lock processes, credentials, filehead etc correctly.
- Acquire a read hold on sysctl_treelock if only doing a query.
- Don't wire down the output buffer. It doesn't work correctly and the code
regularly does long term sleeps with it held - it's not worth it.
- Don't hold locks other than sysctl_lock while doing copyout().
- Drop sysctl_lock while doing copyout / allocating memory in a few places.
- Don't take kernel_lock for sysctl.
- Fix a number of bugs spotted along the way
 1.73  05-Jan-2008  dsl Use FILE_LOCK() and FILE_UNLOCK()
 1.72  28-Dec-2007  ad Pull up 1.71.8.1.
 1.71  19-Sep-2007  dyoung branches: 1.71.6; 1.71.8; 1.71.12;
1) Introduce a new socket option, (SOL_SOCKET, SO_NOHEADER), that
tells a socket that it should both add a protocol header to tx'd
datagrams and remove the header from rx'd datagrams:

int onoff = 1, s = socket(...);
setsockopt(s, SOL_SOCKET, SO_NOHEADER, &onoff);

2) Add an implementation of (SOL_SOCKET, SO_NOHEADER) for raw IPv4
sockets.

3) Reorganize the protocols' pr_ctloutput implementations a bit.
Consistently return ENOPROTOOPT when an option is unsupported,
and EINVAL if a supported option's arguments are incorrect.
Reorganize the flow of code so that it's more clear how/when
options are passed down the stack until they are handled.

Shorten some pr_ctloutput staircases for readability.

4) Extract common mbuf code into subroutines, add new sockaddr
methods, and introduce a new subroutine, fsocreate(), for reuse
later; use it first in sys_socket():

struct mbuf *m_getsombuf(struct socket *so)

Create an mbuf and make its owner the socket `so'.

struct mbuf *m_intopt(struct socket *so, int val)

Create an mbuf, make its owner the socket `so', put the
int `val' into it, and set its length to sizeof(int).


int fsocreate(..., int *fd)

Create a socket, a la socreate(9), put the socket into the
given LWP's descriptor table, return the descriptor at `fd'
on success.

void *sockaddr_addr(struct sockaddr *sa, socklen_t *slenp)
const void *sockaddr_const_addr(const struct sockaddr *sa, socklen_t *slenp)

Extract a pointer to the address part of a sockaddr. Write
the length of the address part at `slenp', if `slenp' is
not NULL.

socklen_t sockaddr_getlen(const struct sockaddr *sa)

Return the length of a sockaddr. This just evaluates to
sa->sa_len. I only add this for consistency with code that
appears in a portable userland library that I am going to
import.

const struct sockaddr *sockaddr_any(const struct sockaddr *sa)

Return the "don't care" sockaddr in the same family as
`sa'. This is the address a client should sobind(9) if it
does not care the source address and, if applicable, the
port et cetera that it uses.

const void *sockaddr_anyaddr(const struct sockaddr *sa, socklen_t *slenp)

Return the "don't care" sockaddr in the same family as
`sa'. This is the address a client should sobind(9) if it
does not care the source address and, if applicable, the
port et cetera that it uses.
 1.70  01-Sep-2007  dyoung In sockaddr_copy(), stop caring about the destination sockaddr's
family and length, it doesn't matter in the post-pool(9) sockaddr
regime.
 1.69  30-Aug-2007  dyoung Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool
and dom_sa_len members from struct domain. Pools of fixed-size
objects are too rigid for sockaddr_dls, whose size can vary over
a wide range.

Return sockaddr_dl to its "historical" size. Now that I'm using
malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create
a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl
is useless.

Avoid using sizeof(struct sockaddr_dl) in the kernel.

Introduce sockaddr_dl_alloc() for allocating & initializing an
arbitrary sockaddr_dl on the heap.

Add an argument, the sockaddr length, to sockaddr_alloc(),
sockaddr_copy(), and sockaddr_dl_setaddr().

Constify: LLADDR() -> CLLADDR().

Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(),
instead. Used properly, sockaddr_dl_setaddr() will not overrun
the end of the sockaddr.
 1.68  07-Aug-2007  dyoung branches: 1.68.2; 1.68.4;
Lengthen sockaddr_dl so that a 16-byte FireWire address will fit
into sdl_data[].

Move the macro satocsdl() to net/if_dl.h, and introduce satosdl().

Add some helpers for initializing sockaddr_dl (sockaddr_dl_init),
for finding out the length to put in a sockaddr_dl's sdl_len member
(sockaddr_dl_measure), and for setting the link-layer address in
a sockaddr_dl to a new value (sockaddr_dl_setaddr).

Make sockaddr_copy() panic if the caller tries to copy a sockaddr
to a destination where it will not fit.
 1.67  19-Jul-2007  dyoung branches: 1.67.4;
Take steps to hide the radix_node implementation of the forwarding table
from the forwarding table's users:

Introduce rt_walktree() for walking the routing table and
applying a function to each rtentry. Replace most
rn_walktree() calls with it.

Use rt_getkey()/rt_setkey() to get/set a route's destination.
Keep a pointer to the sockaddr key in the rtentry, so that
rtentry users do not have to grovel in the radix_node for
the key.

Add a RTM_GET method to rtrequest. Use that instead of
radix_node lookups in, e.g., carp(4).

Add sys/net/link_proto.c, which supplies sockaddr routines for
link-layer socket addresses (sockaddr_dl).

Cosmetic:

Constify. KNF. Stop open-coding LIST_FOREACH, TAILQ_FOREACH,
et cetera. Use NULL instead of 0 for null pointers. Use
__arraycount(). Reduce gratuitous parenthesization.

Stop using variadic arguments for rip6_output(), it is
unnecessary.

Remove the unnecessary rtentry member rt_genmask and the
code to maintain it, since nothing actually used it.

Make rt_maskedcopy() easier to read by using meaningful variable
names.

Extract a subroutine intern_netmask() for looking up a netmask in
the masks table.

Start converting backslash-ridden IPv6 macros in
sys/netinet6/in6_var.h into inline subroutines that one
can read without special eyeglasses.

One functional change: when the kernel serves an RTM_GET, RTM_LOCK,
or RTM_CHANGE request, it applies the netmask (if supplied) to a
destination before searching for it in the forwarding table.

I have changed sys/netinet/ip_carp.c, carp_setroute(), to remove
the unlawful radix_node knowledge.

Apart from the changes to carp(4), netiso, ATM, and strip(4), I
have run the changes on three nodes in my wireless routing testbed,
which involves IPv4 + IPv6 dynamic routing acrobatics, and it's
working beautifully so far.
 1.66  09-Jul-2007  ad branches: 1.66.2;
Merge some of the less invasive changes from the vmlocking branch:

- kthread, callout, devsw API changes
- select()/poll() improvements
- miscellaneous MT safety improvements
 1.65  06-May-2007  dyoung In AppleTalk, IPv4, and IPv6 routing domains, help sockaddr_cmp()
avoid an indirect function call by comparing the family, length,
and bytes [dom->dom_sa_cmpofs, dom->dom_sa_cmpofs + dom->dom_sa_cmplen),
corresponding to the the sockaddrs' "address" members.

For ISO, actually use sockaddr_iso_cmp, for a change. Thanks to
yamt@ for pointing out my error.
 1.64  02-May-2007  dyoung Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.

The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing. Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.

Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously. Of course, all design oversights and bugs are
mine.

DETAILS

1 I added to each address family a pool of sockaddrs. I have
introduced routines for allocating, copying, and duplicating,
and freeing sockaddrs:

struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
struct sockaddr *sockaddr_copy(struct sockaddr *dst,
const struct sockaddr *src);
struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
void sockaddr_free(struct sockaddr *sa);

sockaddr_alloc() returns either a sockaddr from the pool belonging
to the specified family, or NULL if the pool is exhausted. The
returned sockaddr has the right size for that family; sa_family
and sa_len fields are initialized to the family and sockaddr
length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
sockaddr_in). sockaddr_free() puts the given sockaddr back into
its family's pool.

sockaddr_dup() and sockaddr_copy() work analogously to strdup()
and strcpy(), respectively. sockaddr_copy() KASSERTs that the
family of the destination and source sockaddrs are alike.

The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
passed directly to pool_get(9).

2 I added routines for initializing sockaddrs in each address
family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
etc. They are fairly self-explanatory.

3 structs route_in6 and route_iso are no more. All protocol families
use struct route. I have changed the route cache, 'struct route',
so that it does not contain storage space for a sockaddr. Instead,
struct route points to a sockaddr coming from the pool the sockaddr
belongs to. I added a new method to struct route, rtcache_setdst(),
for setting the cache destination:

int rtcache_setdst(struct route *, const struct sockaddr *);

rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
available to create the sockaddr storage.

It is now possible for rtcache_getdst() to return NULL if, say,
rtcache_setdst() failed. I check the return value for NULL
everywhere in the kernel.

4 Each routing domain (struct domain) has a list of live route
caches, dom_rtcache. rtflushall(sa_family_t af) looks up the
domain indicated by 'af', walks the domain's list of route caches
and invalidates each one.
 1.63  17-Feb-2007  dyoung branches: 1.63.4; 1.63.6;
KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous
parentheses in return statements.

Cosmetic: don't open-code TAILQ_FOREACH().

Cosmetic: change types of variables to avoid oodles of casts: in
in6_src.c, avoid casts by changing several route_in6 pointers
to struct route pointers. Remove unnecessary casts to caddr_t
elsewhere.

Pave the way for eliminating address family-specific route caches:
soon, struct route will not embed a sockaddr, but it will hold
a reference to an external sockaddr, instead. We will set the
destination sockaddr using rtcache_setdst(). (I created a stub
for it, but it isn't used anywhere, yet.) rtcache_free() will
free the sockaddr. I have extracted from rtcache_free() a helper
subroutine, rtcache_clear(). rtcache_clear() will "forget" a
cached route, but it will not forget the destination by releasing
the sockaddr. I use rtcache_clear() instead of rtcache_free()
in rtcache_update(), because rtcache_update() is not supposed
to forget the destination.

Constify:

1 Introduce const accessor for route->ro_dst, rtcache_getdst().

2 Constify the 'dst' argument to ifnet->if_output(). This
led me to constify a lot of code called by output routines.

3 Constify the sockaddr argument to protosw->pr_ctlinput. This
led me to constify a lot of code called by ctlinput routines.

4 Introduce const macros for converting from a generic sockaddr
to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
satocsin, et cetera.
 1.62  01-Nov-2006  yamt branches: 1.62.4;
remove some __unused from function parameters.
 1.61  12-Oct-2006  christos - sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386
 1.60  23-Jul-2006  ad branches: 1.60.6;
Use the LWP cached credentials where sane.
 1.59  16-Jul-2006  elad CURTAIN() -> KAUTH_GENERIC_CANSEE.
 1.58  13-Jun-2006  yamt sysctl_unpcblist: don't abuse kauth_authorize_process for non-process object.
 1.57  14-May-2006  elad branches: 1.57.2;
integrate kauth.
 1.56  15-Apr-2006  christos Coverity CID 716: Fix query size vs return results initialization.
 1.55  08-Dec-2005  thorpej branches: 1.55.4; 1.55.6; 1.55.8; 1.55.10; 1.55.12;
Use ANSI function decls in one more place.
 1.54  07-Sep-2005  elad Use ``l'' and not ``curlwp''. Thanks to Peter Postma for catching this.
 1.53  07-Sep-2005  elad Implement curtain for AF_LOCAL PCB lists.
 1.52  09-Jun-2005  atatat branches: 1.52.2;
Properly fix the constipated lossage wrt -Wcast-qual and the sysctl
code. I know it's not the prettiest code, but it seems to work rather
well in spite of itself.
 1.51  29-May-2005  christos - add const.
- remove unnecessary casts.
- add __UNCONST casts and mark them with XXXUNCONST as necessary.
 1.50  09-Mar-2005  atatat Add the following nodes to the sysctl tree:

net.local.stream.pcblist
net.local.dgram.pcblist
net.inet.tcp.pcblist
net.inet.udp.pcblist
net.inet.raw.pcblist
net.inet6.tcp6.pcblist
net.inet6.udp6.pcblist
net.inet6.raw6.pcblist

which allow retrieval of the pcbs in use for those protocols. The
struct involved is 32/64 bit clean and incorporates parts of struct
inpcb, struct unpcb, a bit of struct tcpcb, and two socket addresses.
 1.49  23-Jan-2005  matt branches: 1.49.2;
Change initialzie of domains to use link sets. Switch to using STAILQ.
Add a convenience macro DOMAIN_FOREACH to interate through the domain.
 1.48  25-May-2004  atatat branches: 1.48.4;
Sysctl descriptions under net subtree (net.key not done)
 1.47  22-Apr-2004  matt Constify protosw arrays. This can reduce the kernel .data section by
over 4K (if all the network protocols) are loaded.
 1.46  24-Mar-2004  atatat branches: 1.46.2;
Tango on sysctl_createv() and flags. The flags have all been renamed,
and sysctl_createv() now uses more arguments.
 1.45  23-Mar-2004  junyoung Nuke __P().
 1.44  04-Dec-2003  atatat Dynamic sysctl.

Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.

Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.

All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.

PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
 1.43  07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.
 1.42  06-Aug-2003  jonathan (FAST_IPSEC): attach PFKEY socket domain when either (KAME) IPSEC or
FAST_IPSEC is configured. Likewise for sysctl.
 1.41  29-Jun-2003  fvdl branches: 1.41.2;
Back out the lwp/ktrace changes. They contained a lot of colateral damage,
and need to be examined and discussed more.
 1.40  28-Jun-2003  darrenr Pass lwp pointers throughtout the kernel, as required, so that the lwpid can
be inserted into ktrace records. The general change has been to replace
"struct proc *" with "struct lwp *" in various function prototypes, pass
the lwp through and use l_proc to get the process pointer when needed.

Bump the kernel rev up to 1.6V
 1.39  23-Jun-2003  martin Make sure to include opt_foo.h if a defflag option FOO is used.
 1.38  26-Feb-2003  matt Add MBUFTRACE kernel option.
Do a little mbuf rework while here. Change all uses of MGET*(*, M_WAIT, *)
to m_get*(M_WAIT, *). These are not performance critical and making them
call m_get saves considerable space. Add m_clget analogue of MCLGET and
make corresponding change for M_WAIT uses.
Modify netinet, gem, fxp, tulip, nfs to support MBUFTRACE.
Begin to change netstat to use sysctl.
 1.37  12-May-2002  matt Make domains extern.
 1.36  12-Nov-2001  lukem add RCSIDs
 1.35  29-Oct-2001  simonb Don't need to include <uvm/uvm_extern.h> just to include <sys/sysctl.h>
anymore.
 1.34  11-Feb-2001  itojun branches: 1.34.2; 1.34.4; 1.34.8;
add pfctlinput2() (pfctlinput() with args).
 1.33  02-Oct-2000  itojun attach ARP domain only if INET is compiled into the kernel.
 1.32  27-Jun-2000  mrg remove include of <vm/vm.h>
 1.31  30-Mar-2000  augustss Get rid of register declarations.
 1.30  23-Mar-2000  thorpej New callout mechanism with two major improvements over the old
timeout()/untimeout() API:
- Clients supply callout handle storage, thus eliminating problems of
resource allocation.
- Insertion and removal of callouts is constant time, important as
this facility is used quite a lot in the kernel.

The old timeout()/untimeout() API has been removed from the kernel.
 1.29  06-Feb-2000  thorpej Implement pffinddomain(), and use it as appropriate.
 1.28  05-Aug-1999  sommerfeld branches: 1.28.2;
Implement arp_drain(), which frees packets tied up in the arp cache if
mbufs are in short supply.
Create a (trivial) protocol domain for arp so that the drain routine will
be called from m_reclaim()
 1.27  09-Jul-1999  thorpej defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).
 1.26  01-Jul-1999  itojun IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.
 1.25  14-Jan-1999  thorpej branches: 1.25.4; 1.25.6;
Garbage-collect some straggling netimp stuff.
 1.24  05-Jul-1998  jonathan branches: 1.24.4;
defopt NATM.
 1.23  05-Jul-1998  jonathan defopt NS, NSIP.
 1.22  05-Jul-1998  jonathan defopt ISO TPIP.
 1.21  05-Jul-1998  jonathan defopt CCITT.
 1.20  05-Jul-1998  jonathan defopt INET, NETATALK.
 1.19  06-May-1998  thorpej Add monotonically increasing "current time" stamps for pfslowtimo() and
pffasttimo().
 1.18  01-Mar-1998  fvdl Merge with Lite2 + local changes
 1.17  04-Apr-1997  christos Add netatalk domain.
 1.16  14-Aug-1996  explorer formatting fix only
 1.15  04-Jul-1996  chuck add native mode atm protocol layer
 1.14  09-Feb-1996  christos More proto fixes
 1.13  04-Feb-1996  christos First pass at prototyping
 1.12  29-Jun-1994  cgd New RCS ID's, take two. they're more aesthecially pleasant, and use 'NetBSD'
 1.11  13-May-1994  mycroft Update to 4.4-Lite networking code, with a few local changes.
 1.10  07-May-1994  cgd stub for sysctl
 1.9  05-May-1994  mycroft Remove now-bogus casts.
 1.8  05-May-1994  cgd lots of changes: prototype migration, move lots of variables, definitions,
and structure elements around. kill some unnecessary type and macro
definitions. standardize clock handling. More changes than you'd want.
 1.7  29-Apr-1994  cgd change timeout/untimeout/wakeup/sleep/tsleep args to void *
 1.6  14-Jan-1994  deraadt prevent an explicit splimp->splnet lowering. (which blows up on
machines with a levelled-spl system that check for lowering)
de-ansify two function definitions.
 1.5  18-Dec-1993  mycroft Canonicalize all #includes.
 1.4  27-Jun-1993  andrew branches: 1.4.4;
ANSIfications - removed all implicit function return types and argument
definitions. Ensured that all files include "systm.h" to gain access to
general prototypes. Casts where necessary.
 1.3  20-May-1993  cgd add $Id$ strings, and clean up file headers where necessary
 1.2  10-Apr-1993  glass fixed to be compliant, subservient, and to take advantage of the newly
hacked config(8)
 1.1  21-Mar-1993  cgd branches: 1.1.1;
Initial revision
 1.1.1.3  01-Mar-1998  fvdl Import 4.4BSD-Lite2
 1.1.1.2  01-Mar-1998  fvdl Import 4.4BSD-Lite for reference
 1.1.1.1  21-Mar-1993  cgd initial import of 386bsd-0.1 sources
 1.4.4.1  14-Nov-1993  mycroft Canonicalize all #includes.
 1.24.4.1  09-Nov-1998  chs initial snapshot. lots left to do.
 1.25.6.2  30-Nov-1999  itojun bring in latest KAME (as of 19991130, KAME/NetBSD141) into kame branch
just for reference purposes.
This commit includes 1.4 -> 1.4.1 sync for kame branch.

The branch does not compile at all (due to the lack of ALTQ and some other
source code). Please do not try to modify the branch, this is just for
referenre purposes.

synchronization to latest KAME will take place on HEAD branch soon.
 1.25.6.1  28-Jun-1999  itojun KAME/NetBSD 1.4 SNAP kit, dated 19990628.

NOTE: this branch (kame) is used just for refernce. this may not compile
due to multiple reasons.
 1.25.4.2  02-Aug-1999  thorpej Update from trunk.
 1.25.4.1  01-Jul-1999  thorpej Sync w/ -current.
 1.28.2.2  11-Feb-2001  bouyer Sync with HEAD.
 1.28.2.1  20-Nov-2000  bouyer Update thorpej_scsipi to -current as of a month ago
 1.34.8.1  12-Nov-2001  thorpej Sync the thorpej-mips-cache branch with -current.
 1.34.4.2  23-Jun-2002  jdolecek catch up with -current on kqueue branch
 1.34.4.1  10-Jan-2002  thorpej Sync kqueue branch with -current.
 1.34.2.2  20-Jun-2002  nathanw Catch up to -current.
 1.34.2.1  14-Nov-2001  nathanw Catch up to -current.
 1.41.2.8  11-Dec-2005  christos Sync with head.
 1.41.2.7  10-Nov-2005  skrll Sync with HEAD. Here we go again...
 1.41.2.6  01-Apr-2005  skrll Sync with HEAD.
 1.41.2.5  24-Jan-2005  skrll Sync with HEAD.
 1.41.2.4  21-Sep-2004  skrll Fix the sync with head I botched.
 1.41.2.3  18-Sep-2004  skrll Sync with HEAD.
 1.41.2.2  03-Aug-2004  skrll Sync with HEAD
 1.41.2.1  02-Jul-2003  darrenr Apply the aborted ktrace-lwp changes to a specific branch. This is just for
others to review, I'm concerned that patch fuziness may have resulted in some
errant code being generated but I'll look at that later by comparing the diff
from the base to the branch with the file I attempt to apply to it. This will,
at the very least, put the changes in a better context for others to review
them and attempt to tinker with removing passing of 'struct lwp' through
the kernel.
 1.46.2.1  28-May-2004  tron Pull up revision 1.48 (requested by atatat in ticket #391):
Sysctl descriptions under net subtree (net.key not done)
 1.48.4.1  29-Apr-2005  kent sync with -current
 1.49.2.1  19-Mar-2005  yamt sync with head. xen and whitespace. xen part is not finished.
 1.52.2.7  24-Mar-2008  yamt sync with head.
 1.52.2.6  21-Jan-2008  yamt sync with head
 1.52.2.5  27-Oct-2007  yamt sync with head.
 1.52.2.4  03-Sep-2007  yamt sync with head.
 1.52.2.3  26-Feb-2007  yamt sync with head.
 1.52.2.2  30-Dec-2006  yamt sync with head.
 1.52.2.1  21-Jun-2006  yamt sync with head.
 1.55.12.1  24-May-2006  tron Merge 2006-05-24 NetBSD-current into the "peter-altq" branch.
 1.55.10.4  06-May-2006  christos - Move kauth_cred_t declaration to <sys/types.h>
- Cleanup struct ucred; forward declarations that are unused.
- Don't include <sys/kauth.h> in any header, but include it in the c files
that need it.

Approved by core.
 1.55.10.3  19-Apr-2006  elad sync with head.
 1.55.10.2  13-Apr-2006  elad Deprecate use of CURTAIN() where it's easy -- now it's done via kauth(9),
process scope, CANSEE.
 1.55.10.1  08-Mar-2006  elad Adapt to kernel authorization KPI.
 1.55.8.3  11-Aug-2006  yamt sync with head
 1.55.8.2  26-Jun-2006  yamt sync with head.
 1.55.8.1  24-May-2006  yamt sync with head.
 1.55.6.2  01-Jun-2006  kardel Sync with head.
 1.55.6.1  22-Apr-2006  simonb Sync with head.
 1.55.4.1  09-Sep-2006  rpaulo sync with head
 1.57.2.1  19-Jun-2006  chap Sync with head.
 1.60.6.2  10-Dec-2006  yamt sync with head.
 1.60.6.1  22-Oct-2006  yamt sync with head
 1.62.4.2  07-May-2007  yamt sync with head.
 1.62.4.1  27-Feb-2007  yamt - sync with head.
- move sched_changepri back to kern_synch.c as it doesn't know PPQ anymore.
 1.63.6.1  11-Jul-2007  mjf Sync with head.
 1.63.4.4  09-Oct-2007  ad Sync with head.
 1.63.4.3  20-Aug-2007  ad Sync with HEAD.
 1.63.4.2  01-Jul-2007  ad Adapt to callout API change.
 1.63.4.1  08-Jun-2007  ad Sync with head.
 1.66.2.2  03-Sep-2007  skrll Sync with HEAD.
 1.66.2.1  15-Aug-2007  skrll Sync with HEAD.
 1.67.4.3  02-Oct-2007  joerg Sync with HEAD.
 1.67.4.2  03-Sep-2007  jmcneill Sync with HEAD.
 1.67.4.1  09-Aug-2007  jmcneill Sync with HEAD.
 1.68.4.2  07-Aug-2007  dyoung Lengthen sockaddr_dl so that a 16-byte FireWire address will fit
into sdl_data[].

Move the macro satocsdl() to net/if_dl.h, and introduce satosdl().

Add some helpers for initializing sockaddr_dl (sockaddr_dl_init),
for finding out the length to put in a sockaddr_dl's sdl_len member
(sockaddr_dl_measure), and for setting the link-layer address in
a sockaddr_dl to a new value (sockaddr_dl_setaddr).

Make sockaddr_copy() panic if the caller tries to copy a sockaddr
to a destination where it will not fit.
 1.68.4.1  07-Aug-2007  dyoung file uipc_domain.c was added on branch matt-mips64 on 2007-08-07 04:06:21 +0000
 1.68.2.2  09-Jan-2008  matt sync with HEAD
 1.68.2.1  06-Nov-2007  matt sync with HEAD
 1.71.12.2  08-Jan-2008  bouyer Sync with HEAD
 1.71.12.1  02-Jan-2008  bouyer Sync with HEAD
 1.71.8.1  28-Dec-2007  ad sysctl_unpcblist: add necessary locking. Reported by Matthias Drochner.
 1.71.6.1  18-Feb-2008  mjf Sync with HEAD.
 1.74.6.3  17-Jan-2009  mjf Sync with HEAD.
 1.74.6.2  02-Jun-2008  mjf Sync with HEAD.
 1.74.6.1  03-Apr-2008  mjf Sync with HEAD.
 1.75.2.1  18-May-2008  yamt sync with head.
 1.76.12.2  19-Jun-2011  bouyer Fix fallout from ticket 1633. Patch from plunky@, confirmed by manu@
(ticket author).
 1.76.12.1  18-Jun-2011  bouyer Pull up following revision(s) (requested by manu in ticket #1633):
sys/kern/uipc_domain.c: revision 1.86
sys/kern/uipc_usrreq.c: revision 1.134
sys/kern/uipc_proto.c: revision 1.22
Add SOCK_SEQPACKET to PL_LOCAL sockets. Based on patch from Jesse Off,
submitted 8 years ago:
http://mail-index.netbsd.org/tech-kern/2003/04/14/0006.html
 1.76.10.2  28-Apr-2009  skrll Sync with HEAD.
 1.76.10.1  19-Jan-2009  skrll Sync with HEAD.
 1.76.8.1  13-Dec-2008  haad Update haad-dm branch to haad-dm-base2.
 1.76.2.4  11-Mar-2010  yamt sync with head
 1.76.2.3  16-Sep-2009  yamt sync with head
 1.76.2.2  20-Jun-2009  yamt sync with head
 1.76.2.1  04-May-2009  yamt sync with head.
 1.77.2.2  23-Jul-2009  jym Sync with HEAD.
 1.77.2.1  13-May-2009  jym Sync with HEAD.

Commit is split, to avoid a "too many arguments" protocol error.
 1.85.6.1  06-Jun-2011  jruoho Sync with HEAD.
 1.85.4.1  31-May-2011  rmind sync with head
 1.87.12.3  03-Dec-2017  jdolecek update from HEAD
 1.87.12.2  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.87.12.1  25-Feb-2013  tls resync with head
 1.87.2.1  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.88.2.1  18-May-2014  rmind sync with head
 1.91.2.1  10-Aug-2014  tls Rebase.
 1.95.2.2  28-Aug-2017  skrll Sync with HEAD
 1.95.2.1  06-Apr-2015  skrll Sync with HEAD
 1.96.10.3  31-Jul-2023  martin Pull up following revision(s) (requested by riastradh in ticket #1867):

sys/kern/uipc_domain.c: revision 1.109

sockaddr_alloc(9): Avoid uninitialized buffer in sockaddr_checklen.

Manifests only under DIAGNOSTIC because the DIAGNOSTIC check itself
uses an uninitialized buffer.
 1.96.10.2  16-Jan-2018  martin Pull up following revision(s) (requested by ozaki-r in ticket #498):
sys/kern/uipc_domain.c: revision 1.101
sys/sys/domain.h: revision 1.34
sys/rump/librump/rumpnet/rump_net.c: revision 1.21
Don't start callouts for domains before attaching domains on rump kernels
On rump kernels, the callouts for domains, pffasttimo and pfslowtimo, started
before domains were attached. Normally the callouts were dispatched after
domain attaches (initializations) finished, however, under load the callouts
could be executed prior to the attaches, resulting in that the callouts accessed
unallocated or uninitialized resources.
 1.96.10.1  25-Jul-2017  snj Pull up following revision(s) (requested by ozaki-r in ticket #140):
sys/kern/uipc_domain.c: 1.97-1.99
sys/net/rtsock.c: 1.225-1.227
sys/sys/socket.h: 1.123
Restore the original length of a sockaddr for netmask
route(8) passes a sockaddr for netmask that is truncated with its
prefixlen. However the kernel basically doesn't expect such format
and may read beyond the data. So restore the original length of the
the data at the beginning of the kernel for the rest components.
Failures of ATF tests such as route_flags_blackhole6 should
be fixed.
--
Avoid DIAGNOSTIC warning with previous fix and simplify it (don't require
memory alloc/free).
--
put the code that returns the sizeof the socket by family in one place.
--
don't warn about AF_LINK sockets with sa_len less than the size of the sockaddr
--
don't print diagnostic for AF_LINK
 1.102.2.4  18-Jan-2019  pgoyette Synch with HEAD
 1.102.2.3  26-Nov-2018  pgoyette Sync with HEAD, resolve a couple of conflicts
 1.102.2.2  06-Sep-2018  pgoyette Sync with HEAD

Resolve a couple of conflicts (result of the uimin/uimax changes)
 1.102.2.1  21-May-2018  pgoyette Sync with HEAD
 1.103.2.1  10-Jun-2019  christos Sync with HEAD
 1.106.4.1  31-Jul-2023  martin Pull up following revision(s) (requested by riastradh in ticket #1685):

sys/kern/uipc_domain.c: revision 1.109

sockaddr_alloc(9): Avoid uninitialized buffer in sockaddr_checklen.

Manifests only under DIAGNOSTIC because the DIAGNOSTIC check itself
uses an uninitialized buffer.
 1.107.2.1  14-Dec-2020  thorpej Sync w/ HEAD.
 1.108.18.1  31-Jul-2023  martin Pull up following revision(s) (requested by riastradh in ticket #277):

sys/kern/uipc_domain.c: revision 1.109

sockaddr_alloc(9): Avoid uninitialized buffer in sockaddr_checklen.

Manifests only under DIAGNOSTIC because the DIAGNOSTIC check itself
uses an uninitialized buffer.

RSS XML Feed