summaryrefslogtreecommitdiffstats
path: root/sys (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add TIOCCBRK and TIOCSDTR to the whitelist for pledge ioctl.doug2015-10-161-1/+3
| | | | | | cu(1) uses these. ok deraadt@
* When using a pf rule with both nat-to and rdr-to, it could happenbluhm2015-10-151-3/+6
| | | | | | | that the nated source port was reused as destination port. Do not initialize nport at the beginning of the function, but where it is needed. OK sashan@
* No need to create links for xxboot now that MI installboot is the preferredmiod2015-10-151-4/+1
| | | | way to install boot blocks.
* Add TIOCFLUSH to "tty" in support of tcflush()deraadt2015-10-151-1/+2
|
* Exposing FIOASYNC in pledge "ioctl" is a mistake; remove it, cannot find safe uses of itderaadt2015-10-151-2/+1
|
* Let the rx path of cnmac run without the kernel lock. To avoid the needvisa2015-10-151-31/+11
| | | | | | of a mutex, the path no longer cleans up the queue of tx requests. ok mpi@
* Fix previous. The port number is not included in sc_src and it isyasuoka2015-10-151-5/+3
| | | | | | checked already at beginning of the loop. ok reyk
* in6_pcbconnect() returns EADDRNOTAVAIL whenvgross2015-10-151-3/+4
| | | | | | | all the ports in the range portfirst .. portlast are in use. ok millert@, mpi@
* FIOCLEX & FIONCLEX should be in base ioctl setderaadt2015-10-151-3/+3
|
* avoid using a var uninitialisedjsg2015-10-151-1/+2
| | | | ok jung@
* FALTHROUGH->FALLTHROUGH in comment, ok deraadt a few days agosthen2015-10-141-2/+2
|
* Add a dummy "flock" request that will allow file locking. It ismillert2015-10-141-3/+3
| | | | | not currently enforced but we want the kernel to be able to parse it for an upcoming diff in the next few days.
* When pledged with "fattr", allow chown to supplimentary groups. Thisderaadt2015-10-143-18/+20
| | | | | came out of a discussion regarding "sort foo -o foo". ok semarie
* Init a variable in the recently added carp_vhe_match() function clangjsg2015-10-141-2/+2
| | | | | | and mpi believe could be used uninitialised. ok mpi@
* Reset the RTF_CONNECTED flag when cloning an entry.mpi2015-10-141-5/+4
| | | | | | | While here check for RTF_CLONED insted of RTM_RESOLVE when adding an entry. Found while debugging naddy@'s NFS vs em(4) vs rtisvalid(9) issue.
* Rewrite the logic around the dymanic array of routing tables to helpmpi2015-10-144-91/+131
| | | | | | | | | | | | | | | turning rtable_get(9) MP-safe. Use only one per-AF array, as suggested by claudio@, pointing to an array of pointers to the routing table heads. Routing tables are now allocated/initialized per-AF. This will let us allocate routing table on-demand instead of always having an AF_INET, AF_MPLS and AF_INET table as soon as a new rtableID is used. This also get rid of the "void ***" madness. ok dlg@, jmatthew@
* pledge "tty" can allow ioctl TIOCEXCL on a ttyderaadt2015-10-141-1/+2
|
* sendmsg() is allowed to pass cmsg's which are not CMSG_RIGHTS - lastderaadt2015-10-141-4/+4
| | | | refactoring inverted the checks; spotted by sthen in ping6.
* Prevent a NULL-pointer dereference when closing a ugen(4) nodempi2015-10-131-4/+2
| | | | | | in case the kernel failed to change the interface of a device. Found the hardway by okan
* 3 more headers required for one stinking inet6 ioctl..deraadt2015-10-131-1/+4
|
* - pf_insert_src_node(): global argument (arg6) is useless, functionsashan2015-10-134-31/+20
| | | | | | | | | | | always gets pointer to rule. - pf_remove_src_node(): function should always remove matching src node, regardless the sn->rule.ptr being NULL or valid rule - sn->rule.ptr is never NULL, spotted by mpi and Richard Procter _von_ gmail.com OK mpi@, OK mikeb@
* Allow ioctl SIOCGNBRINFO_IN6 in case of "route", for use by ndp.deraadt2015-10-131-1/+2
|
* NET_RT_FLAGS must also accept a proto selection.deraadt2015-10-131-2/+3
|
* allow getsockopt IP_RECVDSTPORT & IPV6_RECVDSTPORT for an "inet" pledgederaadt2015-10-131-1/+3
|
* Make use of rtisvalid(9) to check if local route entries match existingmpi2015-10-132-10/+6
| | | | | | configured addressses. ok mikeb@
* Simplify arptfree() to no longer look at the route entry's refcounter.mpi2015-10-131-17/+8
| | | | | | | | ARP entries with an expired timeout are now removed from the tree even if they are cached somehwere else. This also reduces differences with NDP. ok bluhm@
* Use rtisivalid(9) to check if the given (cached) route can be used.mpi2015-10-132-11/+9
| | | | | | | | | | | | | | | | | | Note that after calling rtalloc(9) we only check if a route has been returned or not and do not check for its validity. This cannot be improved without a massive refactoring. The kernel currently *do* use !RTF_UP route due to a mismatch between the value of ifp->if_link_state and the IFF_UP|IFF_RUNNING code. I'd explain the RTF_UP flag as follow: . If a cached route entry w/o RTF_UP is passed to ip{6,}_output(), . call rtalloc(9) to see if a better entry is present in the tree. This is enough to support MPATH and route cache invalidation. ok bluhm@
* Make sure RTF_LOCAL route entries are UP when added to the tree.mpi2015-10-131-1/+2
| | | | | | | | | | | | | | | This is required to maintain the original BSD behavior of locally configured addresses being always reacheable. Some interfaces are^w^W^Wem(4) is special and generally has a DOWN link state when configured by netstart(8). As a result all the route entries cloned/added before its link state goes to UP are also marked as DOWN. Note that this problem was not present when local addresses were attached to lo0. ok mikeb@
* Initialize va_filerev in vattr_null() to avoid leaking stack garbage;guenther2015-10-131-9/+23
| | | | | | | | | | | | | problem pointed out by Martin Natano (natano (at) natano.net) Also, stop chaining assignments (foo = bar = baz) in vattr_null(). The exact meaning of those depends on the order of the sizes-and- signednesses of the lvalues, making them fragile: a statement here mixed *six* types, but managed to get them in a safe order. Delete a 20+ year old XXX comment that was almost certainly bemoaning a bug from when they were in an unsafe order. ok deraadt@ miod@
* Add some newer DT_* and DF_* constantsguenther2015-10-131-1/+17
| | | | ok kettenis@ miod@
* Pledge "fattr" request should allow fchflags().doug2015-10-131-1/+2
| | | | "add it" deraadt@
* pledge "proc" request should allow setsid()deraadt2015-10-121-1/+2
|
* Remove the "cmsg" attribute, as promised. Use "sendfd" or "recvfd",deraadt2015-10-121-2/+1
| | | | | depending on what you need. inet/inet6 cmsg's come through unmolested -- that is something to consider later.
* the pattr argument to IFQ_ENQUEUE is unused, so let's get rid of it.dlg2015-10-124-10/+9
| | | | | | also the comment above IFQ_ENQUEUE that says the pattr argument is unused. ok mpi@
* Unify link state change notification.mpi2015-10-121-41/+21
| | | | ok mikeb@
* dont need to do suser checks in ioctl paths cos if.c does them for us.dlg2015-10-121-12/+1
| | | | ok mikeb@ mpi@
* protect SIOCSLIFPHYTTL, SIOCSVNETID so only root can call them, anddlg2015-10-121-1/+5
| | | | | | | return EPNOTSUPP for SIOCGLIFPHYTTL and SIOCGVNETID. all so drivers dont have to do these checks themselves. ok mikeb@ mpi@
* Introduce bridge_ifinput() to handle some repeated logic beforereyk2015-10-121-18/+19
| | | | | | | | | | | if_input() and to have a counterpart for bridge_ifenqueue() that helps to understand the traffic/code flow in bridge better. The bridge currently only puts a single packet on the input mbuf list, and changing will need to undo part of this commit, but it still makes sense to have a well-defined call for the ports receive path. No functional change. OK mpi@
* Always initialise the index into iwm's tx queue array, fixing astsp2015-10-121-3/+2
| | | | | | potential crash. This must have somehow been working by magic. Fruther cleanup of QoS support in this driver is very much needed. ok mpi@
* pledge_ioctl_check() will do the killing if neccessary; if it returns,deraadt2015-10-111-2/+2
| | | | | that is an errno to pass up to the calling system call instead. test case is "who < /dev/null", via ttyname().
* add a missed check for PLEDGE_RPATH when reading a file.semarie2015-10-111-1/+6
| | | | ok deraadt@
* sigaltstack is directly used by setjmp on some architectures. it onlyderaadt2015-10-111-1/+2
| | | | refers to the process itself. pledge should allow it.
* put TIOCSWINSZ in the right block "tty", not in "ioctl". this happenedderaadt2015-10-111-13/+13
| | | | | because the "route' tests were placed between the two, creating confusion. fix that while here.
* In pledge "tty", allow TIOCSWINSZ. stty(1) is the obvious silly use.deraadt2015-10-111-1/+2
| | | | | | | The more important use will be tmux(1) and other active window size controlling programs. There seems little risk in exposing this small tty setting alongside the tcsetattr() family. ok millert
* Add a symbolic name for the special '-1' value of iwm's sc_wantresp.stsp2015-10-112-6/+9
| | | | ok phessler
* __get_tcb() is needed for errno access in threaded programs on some archs.guenther2015-10-111-1/+2
| | | | | | Make it always available. ok deraadt@
* Always set the timeout at least one tick in the future for EVFILT_TIMERguenther2015-10-111-16/+16
| | | | | | | to avoid looping in softclock() based on diff by sthen@ ok sthen@
* For pledge, sigsuspend() should is affecting the behaviour a process itself,deraadt2015-10-101-2/+2
| | | | | so we should allow it for 'self'. ok djm
* pid 0 also implies self, so allow that for the pledge case. Found inderaadt2015-10-101-2/+3
| | | | a refactoring being done for the bc/dc relationship with otto.
* In iwm(4), set mbuf pointers to NULL after freeing mbufs.stsp2015-10-101-1/+3
| | | | ok phessler mpi zhuk
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.