kernel: Remove unnecessary casts for updated mbuf(9) functions

kernel: Replace the deprecated m_copy() with m_copym()

kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restricti

kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restrictions
are inherited by sub-processes recursively. Once set, restrictions cannot
be removed.

Basic restrictions that mimic an unadorned jail can be enabled without
creating a jail, but generally speaking real security also requires
creating a chrooted filesystem topology, and a jail is still needed
to really segregate processes from each other. If you do so, however,
you can (for example) disable mount/umount and most global root-only
features.

* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)

* Add sys/caps.h

* Add the "setcaps" userland utility and manual page.

* Remove priv.9 and the priv_check infrastructure, replacing it with
a newly designed caps infrastructure.

* The intention is to add path restriction lists and similar features to
improve jailess security in the near future, and to optimize the
priv_check code.

show more ...

jail - add jail.defaults.allow_listen_override (3)

* Normalize the nominal jail IP conversions to the system call
interface whenever it is convenient. Remove conversions that
were previously in

jail - add jail.defaults.allow_listen_override (3)

* Normalize the nominal jail IP conversions to the system call
interface whenever it is convenient. Remove conversions that
were previously in the udp and tcp connect and send code.

* Also do jail IP conversions in bind(), connect(), extconnect(),
sendto(), sendmsg(), recvfrom(), recvmsg().

* Refactor in_pcbladdr_find() to improve jail bindings, try to find
the correct interface IP to bind to. When a route is utilized,
iterate available interface IPs to locate a jail-acceptable IP
on the same interface.

show more ...

<net/if_var.h>: Remove last explicit dependency on <sys/malloc.h>.

These kernel sources pass M_NOWAIT flag to m_copym() and friends.
Mark that it was for M_NOWAIT visibility.

socket: introduce SO_RERROR to detect receive buffer overflow

kernel receive buffers are initially of a limited size and
generally the network protocols that use them don't care
if a packet gets los

socket: introduce SO_RERROR to detect receive buffer overflow

kernel receive buffers are initially of a limited size and
generally the network protocols that use them don't care
if a packet gets lost.

However some users do care about lost messages even if not
baked into the protocol - such as consumers of route(4) to
track state.

POSIX states that read(2) can return an error of ENOBUFS so
return this error code when an overflow is detected.
Guard this with socket option SO_RERROR so that existing
applications which do not care can carry on not caring by
default.

Taken-from: NetBSD
Reviewed-by: sephe

show more ...

Move jail staffs from <net/if.h> and <netinet/in.h> to <sys/jail.h>

* <net/if.h>: Move out prison_if() function prototype to <sys/jail.h>

* <netinet/in.h>: Move out prison_replace_wildcards() and p

Move jail staffs from <net/if.h> and <netinet/in.h> to <sys/jail.h>

* <net/if.h>: Move out prison_if() function prototype to <sys/jail.h>

* <netinet/in.h>: Move out prison_replace_wildcards() and prison_remote_ip()
function prototypes to <sys/jail.h>

* Include <sys/jail.h> header for those files in need of it

Obtained-from: FreeBSD (r72786)

show more ...

Remove IPsec and related code from the system.

It was unmaintained ever since we inherited it from FreeBSD 4.8.

In fact, we had two implementations from that time: IPSEC and FAST_IPSEC.
FAST_IPSEC

Remove IPsec and related code from the system.

It was unmaintained ever since we inherited it from FreeBSD 4.8.

In fact, we had two implementations from that time: IPSEC and FAST_IPSEC.
FAST_IPSEC is the implementation to which FreeBSD has moved since, but
it didn't even build in DragonFly.

Fixes for dports have been committed to DeltaPorts.

Requested-by: dillon
Dports-testing-and-fixing: zrj

show more ...

Remove faith(4) and faithd(8) from the tree.

FreeBSD did that 3 years ago (r274331). Quoting from their commit msg:

-----8<-----
It looks like industry have chosen different (and more traditional)

Remove faith(4) and faithd(8) from the tree.

FreeBSD did that 3 years ago (r274331). Quoting from their commit msg:

-----8<-----
It looks like industry have chosen different (and more traditional)
stateless/stateful NAT64 as translation mechanism. Last non-trivial
commits to both faith(4) and faithd(8) happened more than 12 years
ago, so I assume it is time to drop RFC3142 in FreeBSD.
----->8-----

Some more info here:

https://lists.freebsd.org/pipermail/freebsd-net/2014-October/040224.html

Discussed-with: sephe

show more ...

inpcb: Simplify inpcb marker interface

inet/inet6: Remove the v4-mapped address support

This greatly simplies the code (even the IPv4 code) and avoids all kinds
of possible port theft.

INPCB:
- Nuke IN6P_IPV6_V6ONLY, which is always on

inet/inet6: Remove the v4-mapped address support

This greatly simplies the code (even the IPv4 code) and avoids all kinds
of possible port theft.

INPCB:
- Nuke IN6P_IPV6_V6ONLY, which is always on after this commit.
- Change inp_vflag into inp_af (AF_INET or AF_INET6), since the socket
is either IPv6 or IPv4, but never both. Set inpcb.inp_af in
in_pcballoc() instead of in every pru_attach methods. Add INP_ISIPV4()
and INP_ISIPV6() macros to check inpcb family (socket family and
inpcb.inp_af are same).
- Nuke the convoluted code in in_pcbbind() and in6_pcbbind() which is used
to allow wildcard binding to accepting IPv4 connections on IPv6 wildcard
bound sockets.
- Nuke the code in in_pcblookup_pkthash() to match IPv4 faddr with IPv6
wildcard bound socket.
- Nuke in6_mapped_{peeraddr,sockaddr,savefaddr}(); use in6_{setpeeraddr,
setsockaddr,savefaddr}() directly.
- Nuke v4-mapped address convertion functions.
- Don't allow binding to v4-mapped address in in6_pcbind().
- Don't allow connecting to v4-mapped address in in6_pcbconnect().

TCP:
- Nuke the code in tcp_output() which takes care of the IP header TTL
setting for v4-mapped IPv6 socket.
- Don't allow binding to v4-mapped address (through in6_pcbbind()).
- Don't allow connecting to v4-mapped address and nuke the related code
(PRUC_NAMALLOC etc.).
- Nuke the code (PRUC_FALLBACK etc.) to fallback to IPv4 connection if
IPv6 connection fails, which is wrong.
- Nuke the code for v4-mapped IPv6 socket in tcp6_soport().

UDP:
- Nuke the code for v4-mapped IPv6 socket in udp_input() and udp_append().
- Don't allow binding to v4-mapped address (through in6_pcbbind()).
- Don't allow connecting to v4-mapped address.
- Don't allow sending datagrams to v4-mapped address and nuke the related
code in udp6_output().
- Nuke the code for v4-mapped IPv6 socket in udp6_disconnect()

RIP:
- Don't allow sending packets to v4-mapped address.
- Don't allow binding to v4-mapped address.
- Don't allow connecting to v4-mapped address.

Misc fixup:
- Don't force rip pru_attach method to return 0. If in_pcballoc() fails,
just return the error code.

show more ...

inet6: Don't allow setting net.inet6.ip6.v6only to 0

inpcb: Define inp_notify_t

udp: Make udp pcbinfo and portinfo per-cpu; greatly improve performance

MAJOR CHANGES:

- Add token to protect pcbinfo's inpcb list and wildcard hash table.
Currently only udp per-cpu pcbinfo sets

udp: Make udp pcbinfo and portinfo per-cpu; greatly improve performance

MAJOR CHANGES:

- Add token to protect pcbinfo's inpcb list and wildcard hash table.
Currently only udp per-cpu pcbinfo sets this token. udp serializer
and netisr barrier are nuked.

o udp inpcb list:

Under most cases, udp inpcb list is operated in its owner netisr.
However, it is also accessed and modified (no effiective udp inpcb
will be unlinked though) in netisr0 to adjust multicast options if
one interface is to be detached. So protecting udp inpcb list
accessing and modification w/ token is necessary.

At udp inpcb detach time, the udp inpcb is first removed from the
udp inpcb list, then a message will go through all netisrs, which
makes sure that no netisrs are using or can find this udp inpcb
from the udp inpcb list. After all these, this udp inpcb is
destroyed in its owner netisr.

In netisrs, it is MP safe to find a udp inpcb from udp inpcb list,
then release the token and process the found udp inpcb.

In other threads, it is MP safe to find a udp inpcb from udp inpcb
list, then release the token and process the found udp inpcb in
non-blocking fashion.

See also the usage of inpcb marker.

o udp wildcard hash table:

On input path, udp wildcard hash table is searched in its owner
netisr. In order to ease implicit binding (bind during send),
connect after binding, and disconnect, udp inpcb are inserted
into and removed from other udp pcbinfos' wildcard hash table in
its owner netisr. Thus the udp wildcard hash table must be
protected w/ token.

At udp inpcb detach time, a message will go through all netisrs,
and this udp inpcb will be removed from the udp wildcard hash
table belonging to the current netisr. This makes sure that once
the current netisr runs the message handler, this udp inpcb will
not be used and be found in the current netisr. When the message
reaches the last netisr, this udp inpcb is redispatched to its
owner netisr to be destroyed.

In netisrs, it is MP safe to find a udp inpcb from udp wildcard
hash table, then release the token and process the found udp inpcb,
e.g. use udp inpcb found by in_pcblookuphash().

In other threads, it is MP safe to find a udp inpcb from udp
wildcard hash table, then release the token and process the found
udp inpcb in non-blocking fashion.

See also the usage of inpcb container marker.

o udp connect hash table:

It is lockless MP safe, and only accessed and modified in its owner
netisr.

- During inpcb iteration through inpcb list, use inpcb marker when
calling functions, which may block, e.g. in_pcbpurgeif0(), so the
inpcb iteration will not stop prematurely, if the inpcb being
processed is removed from the inpcb list.

- Use udp inpcb wildcard table and udp inpcb connect hash table to
dispatch input multicast and broadcast udp datagrams. Using udp inpcb
list could be time consume, since we need to check udp inpcb lists on
all cpus; and secondly, once udp inpcb has a local port, it will be in
either udp wildcard hash table or udp connect hash table.

Since the socket buffer operation on input path may block, inpcb
container marker is used when iterating inpcbs from udp inpcb wildcard
hash table. in_pcblookup_pkthash() is adjusted to skip inpcb
container marker.

- udp socket so_port is no longer fixed to netisr0 msgport
o Initial udp socket so_port is the current cpu's netisr msgport.
o Bound but unconnected udp socket so_port is selected according to
local port hash.
o Connected udp socket so_port is selected according to the udp hash,
i.e. laddr/faddr toeplitz hash (exception: multicast laddr or
multicast faddr, is hashed to netisr0).
o Multicast socket options are forced to be handled in netisr0, since
udp socket so_port may not be netisr0 msgport.

- In order to support asynchronized udp inpcb detach:
o EJUSTRETURN from pru_detach method now means protocol will call
sodiscard() and sofree() for soclose(). udp pru_detach method
returns EJUSTRETURN as of this commit.
o SS_ISCLOSING socket state is set before calling pru_detach method,
so protocol could avoid certain expensive, unnecessary or
disallowed operation in pru_disconnect or pru_detach method, e.g.
udp pru_disconnect method avoids putting udp inpcb back to udp
wildcard hash table, if SS_ISCLOSING is set.

MISC CHANGES:

- pcbinfo's cpu id must be set now; -1 is disallowed.
- udp pru_abort method should never be called; it panicks now.
- Restore traditional BSD behaviour, if unbound udp socket connect
fails: if local port of the udp socket has been selected, its inpcb
should be in wildcard hash table, i.e. the udp inpcb should be visible
on udp datagrams input path.
- Make sure multicast stuffs are adjusted only in netisr0 for inet6, if
one interface is about to be detached.

PERFORMANCE IMPROVEMENT:

For 'kq_connect_client -u' test, this commit gives 400% performance
improvement (31Kconns/s -> 160Kconns/s).

show more ...

net: Remove unnecessary sosetport() in various pru_attachs

The so_port is set before the pru_attach is called; there is no need
to do it again.

Correct BSD License clause numbering from 1-2-4 to 1-2-3.

Apparently everyone's doing it:
http://svnweb.freebsd.org/base?view=revision&revision=251069

Submitted-by: "Eitan Adler" <lists at eitanadl

Correct BSD License clause numbering from 1-2-4 to 1-2-3.

Apparently everyone's doing it:
http://svnweb.freebsd.org/base?view=revision&revision=251069

Submitted-by: "Eitan Adler" <lists at eitanadler.com>

show more ...

Remove advertising clause from all that isn't contrib or userland bin.

By: Eitan Adler <lists@eitanadler.com>

netisr: Inline netisr_cpuport() and netisr_curport()

These two functions do nothing more than just return pointer to the
element in the array.

Per our header file naming convention, put these two f

netisr: Inline netisr_cpuport() and netisr_curport()

These two functions do nothing more than just return pointer to the
element in the array.

Per our header file naming convention, put these two functions in
net/netisr2.h

show more ...

netisr: Function renaming; no functional changes

This cleans up code for keeping input packets' hash instead of masking
the hash with ncpus2_mask. netisr_hashport(), which maps packet hash
to netis

netisr: Function renaming; no functional changes

This cleans up code for keeping input packets' hash instead of masking
the hash with ncpus2_mask. netisr_hashport(), which maps packet hash
to netisr port, will be added soon.

show more ...

udp: Make stats per-cpu

merge

udp6: Remove pcb from wildcard table before calling in_pcbconnect

DragonFly-bug: http://bugs.dragonflybsd.org/issues/2485

Merge branches 'hammer2' and 'master' of ssh://crater.dragonflybsd.org/repository/git/dragonfly into hammer2

netisr: rename cpu_portfn() to netisr_portfn().

No functional change.

Searched and replaced with:
find sys/ -type f -exec sed -i "" 's/cpu_portfn/netisr_portfn/g' '{}' \;

kernel: Use NULL for pointers.