Various minor whitespace cleanupsAccumulated along the way.
sockbuf: Improve sbcreatecontrol() parameter types to save casts- Change 'caddr_t p' to 'const void *p' to save casts for the callers. The 'const' qualifier is also added meanwhile.- Change 'int
sockbuf: Improve sbcreatecontrol() parameter types to save casts- Change 'caddr_t p' to 'const void *p' to save casts for the callers. The 'const' qualifier is also added meanwhile.- Change 'int size' to 'size_t size', given that callers generally pass this parameter as sizeof().- Update all relevant callers.For the reference, OpenBSD also did this for sbcreatecontrol().
show more ...
kernel - Add per-process capability-based restrictions* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed. Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)* Add sys/caps.h* Add the "setcaps" userland utility and manual page.* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
kernel - Fix event preset* Enable all events was not enabling all events. Fix the memset().Dragonfly-bugs: 3004 (dcb)
kernel: Use <sys/bitstring.h> instead of <bitstring.h>.
kernel: Move us to using M_NOWAIT and M_WAITOK for mbuf functions.The main reason is that our having to use the MB_WAIT and MB_DONTWAITflags was a recurring issue when porting drivers from FreeBSD
kernel: Move us to using M_NOWAIT and M_WAITOK for mbuf functions.The main reason is that our having to use the MB_WAIT and MB_DONTWAITflags was a recurring issue when porting drivers from FreeBSD becauseit tended to get forgotten and the code would compile anyway with thewrong constants. And since MB_WAIT and MB_DONTWAIT ended up as ocflagsfor an objcache_get() or objcache_reclaimlist call (which use M_WAITOKand M_NOWAIT), it was just one big converting back and forth with somesanitization in between.This commit allows M_* again for the mbuf functions and keeps thesanitizing as it was before: when M_WAITOK is among the passed flags,objcache functions will be called with M_WAITOK and when it is absent,they will be called with M_NOWAIT. All other flags are scrubbed by theMB_OCFLAG() macro which does the same as the former MBTOM().Approved-by: dillon
kernel/netgraph7: Port the kernel part of the netgraph7 bluetooth stack.It still needs more testing/debugging, along with the userland part.In-discussion-with: nant
kernel/netgraph7: Use kprintf etc. directly instead of defining printf.While here, remove some commented out code from dragonfly.hIn-discussion-with: nant
tcp: Implement asynchronous pru_connectThis is mainly used to improve TCP nonblocking connect(2) performance.Before this commit the user space thread uses nonblocking connect(2)will have to wait
tcp: Implement asynchronous pru_connectThis is mainly used to improve TCP nonblocking connect(2) performance.Before this commit the user space thread uses nonblocking connect(2)will have to wait for the netisr completes the SYN output. This couldbe performance hit for nonblocking connect(2). First, the user spacethread is put into sleep, even if the connect(2) is nonblocking.Second, it does not make too much sense for nonblocking connect(2) towait for the SYN output.TCP's asynchronous pru_connect implementation will set ISCONNECTINGbefore dispatching netmsg to netisr0. The errors like EADDRNOTAVAIL,i.e. out of local port space, will be notified through kevent(2) orgetsockopt(2) SOL_SOCKET/SO_ERROR.NFS and other kernel code still use old synchronized pru_connect. Thiscommit only affects connect(2) syscall.Sysctl node kern.ipc.soconnect_async is added to enable and disableasynchronous pru_connect. It is enabled by default.The performance measurement (i7-2600 w/ bnx(4)), usingtools/tools/netrate/accept_connect/kq_connect_client: kq_connect_client -4 SERVADDR -p SERVPORT -i 8 -c 32 -l 30 (8 processes, each creates 32 connections simultaniously, run 30 secs)16 runs average: asynchronous pru_connect synchronized pru_connect 220979.89 conns/s 189106.88 conns/sThis commit gives ~16% performance improvement for nonblocking connect(2)
kernel: Remove newlines from the panic messages that have one.panic() itself will add a newline.
kernel/netgraph7: Replace usage of MALLOC/FREE with kmalloc/kfree here too.Requested-by: Nuno Antunes
kernel: Use NELEM() where we can.
network - MP socket free & abort interactions, so_state* Add so_refs and ref-count the socket structure to deal with MP races on sofree().* Ref the socket structure for all soabort() operations
network - MP socket free & abort interactions, so_state* Add so_refs and ref-count the socket structure to deal with MP races on sofree().* Ref the socket structure for all soabort() operations (they are usually asynchronous). The netmsg_pru_abort() handler will sofree() the ref after calling the protocol stack's abort function.* Use atomic ops to set and clear bits in so_state, because it is modified by both the fronttend and the backend.* Remove numerous critical sections that are no longer effective.* Protect the accept queues with so_rcv.ssb_token.* Protect after-the-fact calls to soisdisconnected() with a soreference() to avoid use-after-free cases.* Wrap unix domain, mroute, div, raw, and key sockets/protocols with their own private tokens.
Fix the way <sys/ioccom.h> is included throughout our tree.The original intention was to include it only in header files whichdefine ioctl codes and not in .c or .h files which include headerstha
Fix the way <sys/ioccom.h> is included throughout our tree.The original intention was to include it only in header files whichdefine ioctl codes and not in .c or .h files which include headersthat define ioctl codes.Adjust the tree to follow this idea.Pointed-out-by: Guy Harris <guy@alum.mit.edu>Dragonfly-bug: <http://bugs.dragonflybsd.org/issue1334>
Replace all casts of NULL to something with NULL.
Netgraph port from FreeBSD - initial porting work* Use relative #include's as appropriate so the code doesn't dig into the original netgraph/ directory.* Move FBSDID's and add DragonFly ids.*
Netgraph port from FreeBSD - initial porting work* Use relative #include's as appropriate so the code doesn't dig into the original netgraph/ directory.* Move FBSDID's and add DragonFly ids.* Fix improper uses of M_NOWAIT.* Fix uses of M_NOWAIT which should be MB_DONTWAIT and vise-versa (also forward to Julian).* Add a dragonfly.h compatibility header.* NOTE: m_tag_alloc() in DFly takes MB_ flags.
Vendor import of netgraph from FreeBSD-current 20080626