PERFORCE change 151847 for review
Marko Zec
zec at FreeBSD.org
Fri Oct 24 13:22:18 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=151847
Change 151847 by zec at zec_tpx32 on 2008/10/24 13:21:57
Reduce diff against head by actually introducing a bit of
whitespace junk here and removing other bits there. More
importantly, do not initialize global variables at instatiation
(for nooptions VIMAGE builds only) in a prep for merging this
further down the pipeline vimage-commi2 -> head.
Affected files ...
.. //depot/projects/vimage/src/sys/contrib/altq/altq/altq_subr.c#9 edit
.. //depot/projects/vimage/src/sys/dev/ata/chipsets/ata-acard.c#2 edit
.. //depot/projects/vimage/src/sys/net/if.c#45 edit
.. //depot/projects/vimage/src/sys/netinet/icmp_var.h#5 edit
.. //depot/projects/vimage/src/sys/netinet/if_ether.c#27 edit
.. //depot/projects/vimage/src/sys/netinet/in_pcb.c#37 edit
.. //depot/projects/vimage/src/sys/netinet/in_var.h#11 edit
.. //depot/projects/vimage/src/sys/netinet/ip_divert.c#17 edit
.. //depot/projects/vimage/src/sys/netinet/ip_fw2.c#53 edit
.. //depot/projects/vimage/src/sys/netinet/ip_icmp.c#21 edit
.. //depot/projects/vimage/src/sys/netinet/ip_input.c#38 edit
.. //depot/projects/vimage/src/sys/netinet/ip_ipsec.c#16 edit
.. //depot/projects/vimage/src/sys/netinet/tcp_input.c#40 edit
.. //depot/projects/vimage/src/sys/netinet/tcp_subr.c#55 edit
.. //depot/projects/vimage/src/sys/netinet/tcp_syncache.c#43 edit
.. //depot/projects/vimage/src/sys/netinet/tcp_syncache.h#18 edit
.. //depot/projects/vimage/src/sys/netinet/udp_usrreq.c#37 edit
.. //depot/projects/vimage/src/sys/netinet6/icmp6.c#32 edit
.. //depot/projects/vimage/src/sys/netinet6/nd6_nbr.c#25 edit
.. //depot/projects/vimage/src/sys/netinet6/vinet6.h#24 edit
.. //depot/projects/vimage/src/sys/netipsec/key.c#27 edit
.. //depot/projects/vimage/src/sys/netipsec/keysock.c#16 edit
.. //depot/projects/vimage/src/sys/netipsec/keysock.h#3 edit
.. //depot/projects/vimage/src/sys/netipsec/vipsec.h#16 edit
.. //depot/projects/vimage/src/sys/netipsec/xform_ah.c#18 edit
.. //depot/projects/vimage/src/sys/netipsec/xform_esp.c#18 edit
.. //depot/projects/vimage/src/sys/netipsec/xform_ipcomp.c#15 edit
.. //depot/projects/vimage/src/sys/netipsec/xform_ipip.c#19 edit
.. //depot/projects/vimage/src/sys/netipsec/xform_tcp.c#3 edit
.. //depot/projects/vimage/src/sys/security/mac/mac_framework.h#13 edit
.. //depot/projects/vimage/src/sys/security/mac/mac_inet.c#11 edit
.. //depot/projects/vimage/src/sys/security/mac/mac_policy.h#14 integrate
.. //depot/projects/vimage/src/sys/security/mac_partition/mac_partition.c#8 integrate
.. //depot/projects/vimage/src/sys/sys/vimage.h#69 edit
Differences ...
==== //depot/projects/vimage/src/sys/contrib/altq/altq/altq_subr.c#9 (text+ko) ====
@@ -447,6 +447,7 @@
tbr_timeout(arg)
void *arg;
{
+ VNET_ITERATOR_DECL(vnet_iter);
struct ifnet *ifp;
int active, s;
@@ -459,17 +460,23 @@
#if defined(__FreeBSD__) && (__FreeBSD_version >= 500000)
IFNET_RLOCK();
#endif
- VNET_ITERLOOP_BEGIN();
- INIT_VNET_NET(curvnet);
- for (ifp = TAILQ_FIRST(&V_ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_list)) {
- /* read from if_snd unlocked */
- if (!TBR_IS_ENABLED(&ifp->if_snd))
- continue;
- active++;
- if (!IFQ_IS_EMPTY(&ifp->if_snd) && ifp->if_start != NULL)
- (*ifp->if_start)(ifp);
+ VNET_LIST_RLOCK();
+ VNET_FOREACH(vnet_iter) {
+ CURVNET_SET(vnet_iter);
+ INIT_VNET_NET(vnet_iter);
+ for (ifp = TAILQ_FIRST(&V_ifnet); ifp;
+ ifp = TAILQ_NEXT(ifp, if_list)) {
+ /* read from if_snd unlocked */
+ if (!TBR_IS_ENABLED(&ifp->if_snd))
+ continue;
+ active++;
+ if (!IFQ_IS_EMPTY(&ifp->if_snd) &&
+ ifp->if_start != NULL)
+ (*ifp->if_start)(ifp);
+ }
+ CURVNET_RESTORE();
}
- VNET_ITERLOOP_END()
+ VNET_LIST_RUNLOCK();
#if defined(__FreeBSD__) && (__FreeBSD_version >= 500000)
IFNET_RUNLOCK();
#endif
==== //depot/projects/vimage/src/sys/dev/ata/chipsets/ata-acard.c#2 (text+ko) ====
==== //depot/projects/vimage/src/sys/net/if.c#45 (text+ko) ====
==== //depot/projects/vimage/src/sys/netinet/icmp_var.h#5 (text+ko) ====
==== //depot/projects/vimage/src/sys/netinet/if_ether.c#27 (text+ko) ====
@@ -887,6 +887,10 @@
(*ifp->if_output)(ifp, hold, rt_key(rt), rt);
} /* end of FIB loop */
reply:
+
+ /*
+ * Decide if we have to respond to something.
+ */
if (op != ARPOP_REQUEST)
goto drop;
if (itaddr.s_addr == myaddr.s_addr) {
==== //depot/projects/vimage/src/sys/netinet/in_pcb.c#37 (text+ko) ====
@@ -120,13 +120,10 @@
static int
sysctl_net_ipport_check(SYSCTL_HANDLER_ARGS)
{
-#ifdef VIMAGE
INIT_VNET_INET(curvnet);
- SYSCTL_RESOLVE_V_ARG1();
-#endif
int error;
- error = sysctl_handle_int(oidp, arg1, arg2, req);
+ error = sysctl_handle_int(oidp, oidp->oid_arg1, oidp->oid_arg2, req);
if (error == 0) {
RANGECHK(V_ipport_lowfirstauto, 1, IPPORT_RESERVED - 1);
RANGECHK(V_ipport_lowlastauto, 1, IPPORT_RESERVED - 1);
==== //depot/projects/vimage/src/sys/netinet/in_var.h#11 (text+ko) ====
@@ -101,16 +101,16 @@
#define IPREASS_HASH(x,y) \
(((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK)
-/*
- * Macro for finding the internet address structure (in_ifaddr)
- * corresponding to one of our IP addresses (in_addr).
- */
-#define INADDR_NHASH_LOG2 9
+#define INADDR_NHASH_LOG2 9
#define INADDR_NHASH (1 << INADDR_NHASH_LOG2)
#define INADDR_HASHVAL(x) fnv_32_buf((&(x)), sizeof(x), FNV1_32_INIT)
#define INADDR_HASH(x) \
(&V_in_ifaddrhashtbl[INADDR_HASHVAL(x) & V_in_ifaddrhmask])
+/*
+ * Macro for finding the internet address structure (in_ifaddr)
+ * corresponding to one of our IP addresses (in_addr).
+ */
#define INADDR_TO_IFADDR(addr, ia) \
/* struct in_addr addr; */ \
/* struct in_ifaddr *ia; */ \
==== //depot/projects/vimage/src/sys/netinet/ip_divert.c#17 (text+ko) ====
@@ -152,7 +152,7 @@
div_init(void)
{
INIT_VNET_INET(curvnet);
-
+
#ifdef VIMAGE
if (IS_DEFAULT_VNET(curvnet)) {
#endif
@@ -304,7 +304,7 @@
m_freem(m);
V_ipstat.ips_noproto++;
V_ipstat.ips_delivered--;
- }
+ }
}
/*
@@ -318,7 +318,7 @@
div_output(struct socket *so, struct mbuf *m, struct sockaddr_in *sin,
struct mbuf *control)
{
- INIT_VNET_INET(so->so_vnet);
+ INIT_VNET_INET(curvnet);
struct m_tag *mtag;
struct divert_tag *dt;
int error = 0;
@@ -576,11 +576,11 @@
void
div_ctlinput(int cmd, struct sockaddr *sa, void *vip)
{
- struct in_addr faddr;
+ struct in_addr faddr;
faddr = ((struct sockaddr_in *)sa)->sin_addr;
if (sa->sa_family != AF_INET || faddr.s_addr == INADDR_ANY)
- return;
+ return;
if (PRC_IS_REDIRECT(cmd))
return;
}
@@ -768,9 +768,9 @@
}
static moduledata_t ipdivertmod = {
- "ipdivert",
- div_modevent,
- 0
+ "ipdivert",
+ div_modevent,
+ 0
};
DECLARE_MODULE(ipdivert, ipdivertmod, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY);
==== //depot/projects/vimage/src/sys/netinet/ip_fw2.c#53 (text+ko) ====
@@ -642,7 +642,6 @@
return 1;
}
-
static __inline int
hash_packet6(struct ipfw_flow_id *id)
{
==== //depot/projects/vimage/src/sys/netinet/ip_icmp.c#21 (text+ko) ====
@@ -78,17 +78,17 @@
*/
#ifndef VIMAGE
-struct icmpstat icmpstat;
-static int icmpmaskrepl = 0;
-static u_int icmpmaskfake = 0;
-static int drop_redirect = 0;
-static int log_redirect = 0;
-static int icmplim = 200;
-static int icmplim_output = 1;
-static char reply_src[IFNAMSIZ];
-static int icmp_rfi = 0;
-static int icmp_quotelen = 8;
-static int icmpbmcastecho = 0;
+struct icmpstat icmpstat;
+static int icmpmaskrepl;
+static u_int icmpmaskfake;
+static int drop_redirect;
+static int log_redirect;
+static int icmplim;
+static int icmplim_output;
+static char reply_src[IFNAMSIZ];
+static int icmp_rfi;
+static int icmp_quotelen;
+static int icmpbmcastecho;
#endif
SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_STATS, stats,
==== //depot/projects/vimage/src/sys/netinet/ip_input.c#38 (text+ko) ====
@@ -240,8 +240,7 @@
int i;
TAILQ_INIT(&V_in_ifaddrhead);
- V_in_ifaddrhashtbl = hashinit(INADDR_NHASH, M_IFADDR,
- &V_in_ifaddrhmask);
+ V_in_ifaddrhashtbl = hashinit(INADDR_NHASH, M_IFADDR, &V_in_ifaddrhmask);
/* Initialize IP reassembly queue. */
for (i = 0; i < IPREASS_NHASH; i++)
==== //depot/projects/vimage/src/sys/netinet/ip_ipsec.c#16 (text+ko) ====
@@ -144,7 +144,6 @@
#ifdef IPSEC
INIT_VNET_IPSEC(curvnet);
struct ip *ip = mtod(m, struct ip *);
- INIT_VNET_IPSEC(curvnet);
struct m_tag *mtag;
struct tdb_ident *tdbi;
struct secpolicy *sp;
==== //depot/projects/vimage/src/sys/netinet/tcp_input.c#40 (text+ko) ====
@@ -142,10 +142,8 @@
"Enable RFC 3390 (Increasing TCP's Initial Congestion Window)");
SYSCTL_NODE(_net_inet_tcp, OID_AUTO, ecn, CTLFLAG_RW, 0, "TCP ECN");
-
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_ecn, OID_AUTO, enable,
CTLFLAG_RW, tcp_do_ecn, 0, "TCP ECN support");
-
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_ecn, OID_AUTO, maxretries,
CTLFLAG_RW, tcp_ecn_maxretries, 0, "Max retries before giving up on ECN");
==== //depot/projects/vimage/src/sys/netinet/tcp_subr.c#55 (text+ko) ====
@@ -292,6 +292,7 @@
static void
tcp_zone_change(void *tag)
{
+
uma_zone_set_max(tcp_ipi_zone, maxsockets);
uma_zone_set_max(tcpcb_zone, maxsockets);
tcp_tw_zone_change();
@@ -1616,10 +1617,10 @@
struct inpcb *
tcp_drop_syn_sent(struct inpcb *inp, int errno)
{
- struct tcpcb *tp;
#ifdef INVARIANTS
INIT_VNET_INET(inp->inp_vnet);
#endif
+ struct tcpcb *tp;
INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
INP_WLOCK_ASSERT(inp);
@@ -1992,6 +1993,7 @@
tcp_signature_compute(struct mbuf *m, int _unused, int len, int optlen,
u_char *buf, u_int direction)
{
+ INIT_VNET_IPSEC(curvnet);
union sockaddr_union dst;
struct ippseudo ippseudo;
MD5_CTX ctx;
==== //depot/projects/vimage/src/sys/netinet/tcp_syncache.c#43 (text+ko) ====
@@ -98,12 +98,6 @@
#include <security/mac/mac_framework.h>
-#ifdef TCP_OFFLOAD_DISABLE
-#define TOEPCB_ISSET(sc) (0)
-#else
-#define TOEPCB_ISSET(sc) ((sc)->sc_toepcb != NULL)
-#endif
-
static int tcp_syncookies = 1;
SYSCTL_INT(_net_inet_tcp, OID_AUTO, syncookies, CTLFLAG_RW,
&tcp_syncookies, 0,
@@ -114,6 +108,12 @@
&tcp_syncookiesonly, 0,
"Use only TCP SYN cookies");
+#ifdef TCP_OFFLOAD_DISABLE
+#define TOEPCB_ISSET(sc) (0)
+#else
+#define TOEPCB_ISSET(sc) ((sc)->sc_toepcb != NULL)
+#endif
+
static void syncache_drop(struct syncache *, struct syncache_head *);
static void syncache_free(struct syncache *);
static void syncache_insert(struct syncache *, struct syncache_head *);
==== //depot/projects/vimage/src/sys/netinet/tcp_syncache.h#18 (text+ko) ====
@@ -1,6 +1,6 @@
/*-
* Copyright (c) 1982, 1986, 1993, 1994, 1995
- * The Regents of the University of California. All rights reserved.
+ * The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -52,8 +52,7 @@
void syncache_chkrst(struct in_conninfo *, struct tcphdr *);
void syncache_badack(struct in_conninfo *);
int syncache_pcbcount(void);
-int syncache_pcblist(struct sysctl_req *req, int max_pcbs,
- int *pcbs_exported);
+int syncache_pcblist(struct sysctl_req *req, int max_pcbs, int *pcbs_exported);
struct syncache {
TAILQ_ENTRY(syncache) sc_hash;
@@ -87,7 +86,7 @@
#ifndef TCP_OFFLOAD_DISABLE
struct toe_usrreqs *sc_tu; /* TOE operations */
void *sc_toepcb; /* TOE protocol block */
-#endif
+#endif
#ifdef MAC
struct label *sc_label; /* MAC label reference */
#endif
==== //depot/projects/vimage/src/sys/netinet/udp_usrreq.c#37 (text+ko) ====
@@ -154,6 +154,7 @@
static void
udp_zone_change(void *tag)
{
+
uma_zone_set_max(udp_ipi_zone, maxsockets);
}
==== //depot/projects/vimage/src/sys/netinet6/icmp6.c#32 (text+ko) ====
@@ -116,9 +116,7 @@
extern struct inpcbhead ripcb;
extern int icmp6errppslim;
static int icmp6errpps_count;
-#endif /* !VIMAGE */
static struct timeval icmp6errppslim_last;
-#ifndef VIMAGE
extern int icmp6_nodeinfo;
#endif /* !VIMAGE */
@@ -141,8 +139,8 @@
icmp6_init(void)
{
INIT_VNET_INET6(curvnet);
+
V_icmp6errpps_count = 0;
-
mld6_init();
}
@@ -2814,7 +2812,7 @@
ret = 0; /* okay to send */
/* PPS limit */
- if (!ppsratecheck(&icmp6errppslim_last, &V_icmp6errpps_count,
+ if (!ppsratecheck(&V_icmp6errppslim_last, &V_icmp6errpps_count,
V_icmp6errppslim)) {
/* The packet is subject to rate limit */
ret++;
==== //depot/projects/vimage/src/sys/netinet6/nd6_nbr.c#25 (text+ko) ====
@@ -88,7 +88,7 @@
#ifndef VIMAGE
int dad_ignore_ns; /* ignore NS in DAD - specwise incorrect*/
-int dad_maxtry; /* max # of *tries* to transmit DAD packet */
+int dad_maxtry; /* max # of *tries* to transmit DAD packet */
#endif /* !VIMAGE */
/*
@@ -1246,11 +1246,14 @@
nd6_dad_timer(struct dadq *dp)
{
CURVNET_SET(dp->dad_vnet);
- INIT_VNET_INET6(dp->dad_vnet);
+ INIT_VNET_INET6(curvnet);
+ int s;
struct ifaddr *ifa = dp->dad_ifa;
struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
char ip6buf[INET6_ADDRSTRLEN];
+ s = splnet(); /* XXX */
+
/* Sanity check */
if (ia == NULL) {
log(LOG_ERR, "nd6_dad_timer: called with null parameter\n");
@@ -1337,6 +1340,7 @@
}
done:
+ splx(s);
CURVNET_RESTORE();
}
==== //depot/projects/vimage/src/sys/netinet6/vinet6.h#24 (text+ko) ====
@@ -84,7 +84,7 @@
TAILQ_HEAD(, dadq) _dadq;
int _dad_init;
int _icmp6errpps_count;
- int _icmp6errppslim_last;
+ struct timeval _icmp6errppslim_last;
int _ip6_forwarding;
int _ip6_sendredirects;
int _ip6_defhlim;
==== //depot/projects/vimage/src/sys/netipsec/key.c#27 (text+ko) ====
@@ -151,6 +151,7 @@
#define SAHTREE_LOCK() mtx_lock(&sahtree_lock)
#define SAHTREE_UNLOCK() mtx_unlock(&sahtree_lock)
#define SAHTREE_LOCK_ASSERT() mtx_assert(&sahtree_lock, MA_OWNED)
+
/* registed list */
#ifndef VIMAGE
static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
@@ -203,6 +204,7 @@
SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
};
#endif
+
static const int minsize[] = {
sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
sizeof(struct sadb_sa), /* SADB_EXT_SA */
@@ -247,11 +249,13 @@
0, /* SADB_X_EXT_POLICY */
sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
};
+
#ifndef VIMAGE
static int ipsec_esp_keymin = 256;
static int ipsec_esp_auth = 0;
static int ipsec_ah_keymin = 128;
#endif
+
#ifdef SYSCTL_DECL
SYSCTL_DECL(_net_key);
#endif
@@ -2353,7 +2357,6 @@
struct mbuf *m;
const struct sadb_msghdr *mhp;
{
- printf("\n---> key_spdflush()..\n");
INIT_VNET_IPSEC(curvnet);
struct sadb_msg *newmsg;
struct secpolicy *sp;
==== //depot/projects/vimage/src/sys/netipsec/keysock.c#16 (text+ko) ====
==== //depot/projects/vimage/src/sys/netipsec/keysock.h#3 (text+ko) ====
@@ -57,12 +57,14 @@
/* others */
u_quad_t sockerr; /* # of socket related errors */
};
+
#ifdef VIMAGE
struct key_cb {
int key_count;
int any_count;
};
#endif
+
#define KEY_SENDUP_ONE 0
#define KEY_SENDUP_ALL 1
#define KEY_SENDUP_REGISTERED 2
==== //depot/projects/vimage/src/sys/netipsec/vipsec.h#16 (text+ko) ====
@@ -115,7 +115,9 @@
};
#endif
-/* Symbol translation macros */
+/*
+ * Symbol translation macros
+ */
#define INIT_VNET_IPSEC(vnet) \
INIT_FROM_VNET(vnet, VNET_MOD_IPSEC, struct vnet_ipsec, vnet_ipsec)
==== //depot/projects/vimage/src/sys/netipsec/xform_ah.c#18 (text+ko) ====
@@ -89,8 +89,8 @@
((sav->flags & SADB_X_EXT_OLD) ? 16 : AH_HMAC_HASHLEN)
#ifndef VIMAGE
-int ah_enable = 1; /* control flow of packets with AH */
-int ah_cleartos = 1; /* clear ip_tos when doing AH calc */
+int ah_enable; /* control flow of packets with AH */
+int ah_cleartos; /* clear ip_tos when doing AH calc */
struct ahstat ahstat;
#endif
==== //depot/projects/vimage/src/sys/netipsec/xform_esp.c#18 (text+ko) ====
@@ -77,8 +77,9 @@
#include <opencrypto/xform.h>
#ifndef VIMAGE
-int esp_enable = 1;
+int esp_enable;
struct espstat espstat;
+static int esp_max_ivlen; /* max iv length over all algorithms */
#endif
SYSCTL_DECL(_net_inet_esp);
@@ -87,9 +88,6 @@
SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_esp, IPSECCTL_STATS,
stats, CTLFLAG_RD, espstat, espstat, "");
-#ifndef VIMAGE
-static int esp_max_ivlen; /* max iv length over all algorithms */
-#endif
static int esp_input_cb(struct cryptop *op);
static int esp_output_cb(struct cryptop *crp);
==== //depot/projects/vimage/src/sys/netipsec/xform_ipcomp.c#15 (text+ko) ====
@@ -68,7 +68,7 @@
#include <opencrypto/xform.h>
#ifndef VIMAGE
-int ipcomp_enable = 0;
+int ipcomp_enable;
struct ipcompstat ipcompstat;
#endif
==== //depot/projects/vimage/src/sys/netipsec/xform_ipip.c#19 (text+ko) ====
@@ -92,7 +92,7 @@
* net.inet.ipip.allow value. Zero means drop them, all else is acceptance.
*/
#ifndef VIMAGE
-int ipip_allow = 0;
+int ipip_allow;
struct ipipstat ipipstat;
#endif
@@ -718,10 +718,10 @@
/* attach to encapsulation framework */
/* XXX save return cookie for detach on module remove */
(void) encap_attach_func(AF_INET, -1,
- ipe4_encapcheck, &ipe4_protosw, NULL);
+ ipe4_encapcheck, &ipe4_protosw, NULL);
#ifdef INET6
(void) encap_attach_func(AF_INET6, -1,
- ipe4_encapcheck, (struct protosw *)&ipe6_protosw, NULL);
+ ipe4_encapcheck, (struct protosw *)&ipe6_protosw, NULL);
#endif
return 0;
==== //depot/projects/vimage/src/sys/netipsec/xform_tcp.c#3 (text+ko) ====
@@ -82,6 +82,7 @@
static int
tcpsignature_init(struct secasvar *sav, struct xformsw *xsp)
{
+ INIT_VNET_IPSEC(curvnet);
int keylen;
if (sav->spi != htonl(TCP_SIG_SPI)) {
==== //depot/projects/vimage/src/sys/security/mac/mac_framework.h#13 (text+ko) ====
@@ -35,7 +35,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac/mac_framework.h,v 1.101 2008/08/23 15:26:36 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac/mac_framework.h,v 1.102 2008/10/17 12:54:28 bz Exp $
*/
/*
@@ -131,6 +131,7 @@
struct ifnet *ifp);
int mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *m);
+int mac_inpcb_check_visible(struct ucred *cred, struct inpcb *inp);
void mac_inpcb_create(struct socket *so, struct inpcb *inp);
void mac_inpcb_create_mbuf(struct inpcb *inp, struct mbuf *m);
void mac_inpcb_destroy(struct inpcb *);
==== //depot/projects/vimage/src/sys/security/mac/mac_inet.c#11 (text+ko) ====
@@ -40,7 +40,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/security/mac/mac_inet.c,v 1.21 2008/08/23 15:26:36 rwatson Exp $");
+__FBSDID("$FreeBSD: src/sys/security/mac/mac_inet.c,v 1.22 2008/10/17 12:54:28 bz Exp $");
#include "opt_mac.h"
@@ -313,6 +313,18 @@
return (error);
}
+int
+mac_inpcb_check_visible(struct ucred *cred, struct inpcb *inp)
+{
+ int error;
+
+ INP_LOCK_ASSERT(inp);
+
+ MAC_CHECK(inpcb_check_visible, cred, inp, inp->inp_label);
+
+ return (error);
+}
+
void
mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp)
{
==== //depot/projects/vimage/src/sys/security/mac/mac_policy.h#14 (text+ko) ====
@@ -36,7 +36,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac/mac_policy.h,v 1.111 2008/08/23 15:26:36 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac/mac_policy.h,v 1.112 2008/10/17 12:54:28 bz Exp $
*/
/*
* Kernel interface for MAC policy modules.
@@ -187,6 +187,8 @@
typedef int (*mpo_inpcb_check_deliver_t)(struct inpcb *inp,
struct label *inplabel, struct mbuf *m,
struct label *mlabel);
+typedef int (*mpo_inpcb_check_visible_t)(struct ucred *cred,
+ struct inpcb *inp, struct label *inplabel);
typedef void (*mpo_inpcb_create_t)(struct socket *so,
struct label *solabel, struct inpcb *inp,
struct label *inplabel);
@@ -689,6 +691,7 @@
mpo_ifnet_relabel_t mpo_ifnet_relabel;
mpo_inpcb_check_deliver_t mpo_inpcb_check_deliver;
+ mpo_inpcb_check_visible_t mpo_inpcb_check_visible;
mpo_inpcb_create_t mpo_inpcb_create;
mpo_inpcb_create_mbuf_t mpo_inpcb_create_mbuf;
mpo_inpcb_destroy_label_t mpo_inpcb_destroy_label;
==== //depot/projects/vimage/src/sys/security/mac_partition/mac_partition.c#8 (text+ko) ====
@@ -36,7 +36,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_partition/mac_partition.c,v 1.24 2008/08/23 15:26:36 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_partition/mac_partition.c,v 1.25 2008/10/17 08:58:33 bz Exp $
*/
/*
@@ -51,6 +51,7 @@
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/sbuf.h>
+#include <sys/socketvar.h>
#include <sys/systm.h>
#include <sys/sysctl.h>
@@ -248,7 +249,7 @@
{
int error;
- error = label_on_label(cred->cr_label, solabel);
+ error = label_on_label(cred->cr_label, so->so_cred->cr_label);
return (error ? ENOENT : 0);
}
==== //depot/projects/vimage/src/sys/sys/vimage.h#69 (text+ko) ====
@@ -383,33 +383,6 @@
char _domainname[MAXHOSTNAMELEN];
int _morphing_symlinks;
-
-#if 0
- long _cp_time[CPUSTATES];
-
- struct loadavg _averunnable; /* from kern/kern_synch.c */
- int _sched_tdcnt; /* from kern/sched_4bsd.c */
- int _tdq_sysload[32]; /* XXX MAXCPUS from kern/sched_ule.c (SMP) */
-
- u_int proc_limit; /* max. number of processes */
-
- struct msgbuf *msgbufp;
- int msgbuftrigger;
- int msg_seqn;
-
- pid_t log_open_pid;
- int log_sc_state;
- struct selinfo log_sc_selp;
- struct sigio *log_sc_sigio;
- struct callout log_sc_callout;
-
- struct timeval boottime;
- long boottdelta_sec;
-
- char chroot[MAXPATHLEN]; /* assigned/inherited from parent */
-
- int big_brother; /* manage procs in all child vprocgs */
-#endif
};
struct vcpu {
@@ -420,16 +393,6 @@
u_int _acc_statcalls; /* statclocks since last avg update*/
u_int _avg1_fixp; /* "fast" avg in 16:16 bit fixedpoint */
u_int _avg2_fixp; /* "slow" avg in 16:16 bit fixedpoint */
-
-#if 0
- u_int cpu_min; /* Guaranteed CPU share */
- u_int cpu_max; /* Maximum average CPU usage */
- u_int intr_limit; /* Limit on CPU usage in intr ctx */
- u_int cpu_weight; /* Prop. share scheduling priority */
- u_int cpu_elimit; /* Dynamic soft CPU usage limit */
- u_int schedstamp; /* Prop. share scheduler tmp var */
- u_int forcedmin; /* Prop. share scheduler tmp var */
-#endif
};
#endif /* VIMAGE */
More information about the p4-projects
mailing list