Merge branch 'master' of ssh://crater.dragonflybsd.org/repository/git/dragonfly into devel

Merge branch 'master' of git://chlamydia.fs.ei.tum.de/dragonfly

Merge branches 'master' and 'suser_to_priv'

Conflicts:

sys/netinet/ip_carp.c
sys/platform/pc64/amd64/machdep.c

suser_* to priv_* conversion

- If we receive redirect or host dead ICMP message due to packets sent on
TCP sockets, we need to go through all CPUs to check per-cpu TCP inpcbs.
- If we receive redirect ICMP message due to packe

- If we receive redirect or host dead ICMP message due to packets sent on
TCP sockets, we need to go through all CPUs to check per-cpu TCP inpcbs.
- If we receive redirect ICMP message due to packets sent on UDP sockets,
we need to go through all CPUs to free UDP inpcbs' cached route entry.

Reported-by: pavalos@
Tested-by: pavalos@

show more ...

Add following three network protocol threads running mode:
1) BGL (default)
2) Adaptive BGL. Protocol threads run without BGL by default. BGL will be
held if the received msg does not have MSGF_

Add following three network protocol threads running mode:
1) BGL (default)
2) Adaptive BGL. Protocol threads run without BGL by default. BGL will be
held if the received msg does not have MSGF_MPSAFE turned on the ms_flags
field
3) No BGL (experimental)

The code on the main path is done by dillon@

Following three sysctls and tunables are added to adjust the "mode":
net.netisr.mpsafe_thread
net.inet.tcp.mpsafe_thread
net.inet.udp.mpsafe_thread

They have same set of values,
0 (default) -- BGL
1 -- Adaptive BGL
2 -- No BGL



NETISR_FLAG_MPSAFE is added (netisr.ni_flags), so that:
- netisr_queue() and schednetisr() could set MSGF_MPSAFE during msg
initialization
- netisr_run() (called by ether_input_oncpu()) could hold BGL based on this flag
before calling netisr's handler



PR_MPSAFE is added (protosw.pr_flags), so that tranport_processing_oncpu() could
hold BGL before calling protocol's input handler



Kernel API changes:
- The thread parameter to netmsg_service_loop() must be supplied (running mode)
and it must have the type of "int *"
- netisr_register() takes additional flags parameter to indicate whether its
handler is MPSAFE (NETISR_FLAG_MPSAFE) or not

Reviewed-by: dillon@

show more ...

- Fix function parameters order bug:
udp_addrcpu() expects faddr,fport,laddr,lport not faddr,laddr,fport,lport
- Add IP_DEBUGROUTE flag to let ip_output() know that we have confidence in
the inp'

- Fix function parameters order bug:
udp_addrcpu() expects faddr,fport,laddr,lport not faddr,laddr,fport,lport
- Add IP_DEBUGROUTE flag to let ip_output() know that we have confidence in
the inp's route cache. Currently UDP output sets this flag, since after
the above fix, UDP inp's route cache would only be used on its owner CPU
- Rename remote_free_panic to route_assert_owner_access, and expose it as
global variable. Keep net.route.remote_free_panic as an alias to
net.route.assert_owner_access

Dragonfly-bug: <http://bugs.dragonflybsd.org/issue1134>

show more ...

Don't do following optimization in udp_disconnect():
Conditionally free cached pcb route entry by predicting new laddr.

During soclose() on a connected UDP socket, this optimization will cause
cache

Don't do following optimization in udp_disconnect():
Conditionally free cached pcb route entry by predicting new laddr.

During soclose() on a connected UDP socket, this optimization will cause
cached pcb route entry being freed on wrong CPU, since f{port,addr} have
been changed.

Fix comment in udp_connect().

show more ...

Fix bugs concerning cached route entry in UDP inpcb.

For an unconnected and unbound UDP socket, first sending calls in_pcbladdr()
to fix the local port, which may change the target CPU of the next s

Fix bugs concerning cached route entry in UDP inpcb.

For an unconnected and unbound UDP socket, first sending calls in_pcbladdr()
to fix the local port, which may change the target CPU of the next sending.
in_pcbladdr() has a side effect to allocate the route entry cached in inpcb.
If the target CPU after in_pcbladdr() is no longer the current CPU, then
the route entry will be accessed/freed on non-owner CPU during later sending.
Similarly, connect/disconnect a UDP socket may change the target CPU too; the
target CPU may no longer the owner of the cached route entry.

So, for the first sending happens on an unconnected and unbound UDP socket,
the target CPU of next sending is compared with the current CPU. If they
are different, then cached route entry will be freed, so next time a packet
sent on this socket, a new route entry owned by the correct CPU will be
cached. Same target CPU check is applied to UDP socket connect/disconnect.

Originally UDP PRU_CONNECT always happens on CPU0, which will cause problem if
following conditions are met:
- Dst of the cached route entry is different from the dst to be connected
- Cached route entry is not allocated on CPU0
This could happen if two datagram are sent on an unbounded and unconnected UDP
socket, then later connectting this UDP socket will cause cached route entry
being freed on different CPU. To solve this problem, PRU_CONNECT is dispatched
according to existing [lf]{addr,port} pairs.

If in_pcbladdr() fails after altering the cached route entry, the cached route
entry is freed to make sure that freeing this cached route entry happens on
its owner CPU.

Reported-by: y0netan1@
Tested-by: y0netan1@

show more ...

Give the sockbuf structure its own header file and supporting source file.
Move all sockbuf-specific functions from kern/uipc_socket2.c into the new
kern/uipc_sockbuf.c and move all the sockbuf-speci

Give the sockbuf structure its own header file and supporting source file.
Move all sockbuf-specific functions from kern/uipc_socket2.c into the new
kern/uipc_sockbuf.c and move all the sockbuf-specific structures from
sys/socketvar.h to sys/sockbuf.h.

Change the sockbuf structure to only contain those fields required to
properly management a chain of mbufs. Create a signalsockbuf structure
to hold the remaining fields (e.g. selinfo, mbmax, etc).

Change the so_rcv and so_snd structures in the struct socket from
a sockbuf to a signalsockbuf.

Remove the recently added sorecv_direct structure which was being used
to provide a direct mbuf path to consumers for socket I/O. Use the newly
revamped sockbuf base structure instead. This gives mbuf consumers
direct access to the sockbuf API functions for use outside of a struct
socket. This will also allow new API functions to be added to the sockbuf
interface to ease the job of parsing data out of chained mbufs.

show more ...

Convert all pr_usrreqs structure initializations to the .name = data format.

Add IP_MINTTL socket option - used to set the minimum acceptable TTL a
packet must have when received on a socket. All packets with a lower TTL
are silently dropped. Works on already connected/conn

Add IP_MINTTL socket option - used to set the minimum acceptable TTL a
packet must have when received on a socket. All packets with a lower TTL
are silently dropped. Works on already connected/connecting and listening
sockets for RAW/UDP/TCP.

Add IP_RECVTTL socket option support - When set, userland receives the
incoming packet's TTL as ancillary data with recvmsg(2) call.

Allows the implementation of security mechanisms described in RFC3682 (GTSM).

Obtained-from: FreeBSD.
Submitted-by: Hasso Tepper <hasso@estpak.ee>

show more ...

Remove weird license clause which has expired.

Fix collision with variable named 'errno'.

Made jails IPv6 aware and support more than one IP address.

Based-on: Pawel Jakub Dawidek mijail patches.
Reviewed-by: Simon 'corecode' Schubert, Thomas E. Spanjaard, et al.

* Remove (void) casts for discarded return values.

* Put function types on separate lines.

* Ansify function definitions.

* Remove __P.

In-collaboration-with: Alexey Slynko <slynko@tronet.ru>

Remove spl*() calls from netinet, replacing them with critical sections.
A slight rearrangement of COMMON_START() in tcp_usrreq.c was necessary to
ensure that the inp is loaded after entering the cr

Remove spl*() calls from netinet, replacing them with critical sections.
A slight rearrangement of COMMON_START() in tcp_usrreq.c was necessary to
ensure that the inp is loaded after entering the critical section.

show more ...

Now that 'so_pcb' is properly declared as a 'void *', remove a layer of
indirection and directly use 'so->so_pcb' in place of 'sotoinpcb(so)'.

If dhclient fails, an interface could be left with an IP address of 0.0.0.0.
Ignore attempts to send UDP packets sent this partially configured interface
rather than panic'ing.

Reported by: many inc

If dhclient fails, an interface could be left with an IP address of 0.0.0.0.
Ignore attempts to send UDP packets sent this partially configured interface
rather than panic'ing.

Reported by: many including dillon, eirikn, drhodus
Tested by: drhodus

show more ...

Cosmetic cleanups.

Forced commit to say the previous commit wasn't really a buffer overflow
after all, but the code is more uniform this way, so leave it like this,
except for ipsec.c where we use the standard libkern

Forced commit to say the previous commit wasn't really a buffer overflow
after all, but the code is more uniform this way, so leave it like this,
except for ipsec.c where we use the standard libkern inet_ntoa() instead of
defining a private copy.

show more ...

Fix buffer overflow bug involving inet_ntoa().

Clean up the routing and networking code before I parallelize routing.

Replace div_pcblist / rip_pcblist / udp_pcblist with in_pcblist_global.
This is a slight change of semantic for rip sockets, which have now a
jail check too.

Update includes now that the Fast IPSec code has moved to netproto/ipsec.

Submitted by: Pawel Biernacki <kaktus@dragonflybsd.pl>